From 90e55d6b775b34ee53c7307cc94248610b8e831f Mon Sep 17 00:00:00 2001 From: Lukas Frank Date: Mon, 11 Dec 2023 13:05:58 +0100 Subject: [PATCH] Added `Volume` encryption support to `broker` and `poollet` --- api/storage/v1alpha1/common.go | 3 +- .../server/machine_volume_attach.go | 63 ++- .../server/machine_volume_attach_test.go | 86 ++++ iri/apis/machine/v1alpha1/api.pb.go | 411 +++++++++++++----- iri/apis/machine/v1alpha1/api.proto | 1 + .../controllers/machine_controller_volume.go | 29 +- 6 files changed, 465 insertions(+), 128 deletions(-) diff --git a/api/storage/v1alpha1/common.go b/api/storage/v1alpha1/common.go index e1c04ec64..d2af7480f 100644 --- a/api/storage/v1alpha1/common.go +++ b/api/storage/v1alpha1/common.go @@ -24,7 +24,8 @@ const ( // BucketPoolUserNamePrefix is the prefix all bucket pool users should have. BucketPoolUserNamePrefix = "storage.ironcore.dev:system:bucketpool:" - SecretTypeVolumeAuth = corev1.SecretType("storage.ironcore.dev/volume-auth") + SecretTypeVolumeAuth = corev1.SecretType("storage.ironcore.dev/volume-auth") + SecretTypeVolumeEncryption = corev1.SecretType("storage.ironcore.dev/volume-encryption") ) // VolumePoolCommonName constructs the common name for a certificate of a volume pool user. diff --git a/broker/machinebroker/server/machine_volume_attach.go b/broker/machinebroker/server/machine_volume_attach.go index 30d3f51e7..c86a1236d 100644 --- a/broker/machinebroker/server/machine_volume_attach.go +++ b/broker/machinebroker/server/machine_volume_attach.go @@ -33,10 +33,11 @@ type IronCoreVolumeEmptyDiskConfig struct { } type IronCoreVolumeRemoteConfig struct { - Driver string - Handle string - Attributes map[string]string - SecretData map[string][]byte + Driver string + Handle string + Attributes map[string]string + SecretData map[string][]byte + EncryptionData map[string][]byte } func (s *Server) getIronCoreVolumeConfig(volume *iri.Volume) (*IronCoreVolumeConfig, error) { @@ -55,10 +56,11 @@ func (s *Server) getIronCoreVolumeConfig(volume *iri.Volume) (*IronCoreVolumeCon } case volume.Connection != nil: remote = &IronCoreVolumeRemoteConfig{ - Driver: volume.Connection.Driver, - Handle: volume.Connection.Handle, - Attributes: volume.Connection.Attributes, - SecretData: volume.Connection.SecretData, + Driver: volume.Connection.Driver, + Handle: volume.Connection.Handle, + Attributes: volume.Connection.Attributes, + SecretData: volume.Connection.SecretData, + EncryptionData: volume.Connection.EncryptionData, } default: return nil, fmt.Errorf("unrecognized volume %#v", volume) @@ -82,8 +84,32 @@ func (s *Server) createIronCoreVolume( var ironcoreVolumeSrc computev1alpha1.VolumeSource switch { case cfg.Remote != nil: - log.V(1).Info("Creating ironcore volume") + + log.V(1).Info("Creating ironcore encryption secret") remote := cfg.Remote + var ( + encryptionSecret *corev1.Secret + ) + if encryptionData := remote.EncryptionData; encryptionData != nil { + log.V(1).Info("Creating ironcore encryption secret") + encryptionSecret = &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: s.cluster.Namespace(), + Name: s.cluster.IDGen().Generate(), + Labels: map[string]string{ + machinebrokerv1alpha1.ManagerLabel: machinebrokerv1alpha1.MachineBrokerManager, + }, + }, + Type: storagev1alpha1.SecretTypeVolumeEncryption, + Data: encryptionData, + } + if err := s.cluster.Client().Create(ctx, encryptionSecret); err != nil { + return nil, nil, fmt.Errorf("error creating ironcore encryption secret: %w", err) + } + c.Add(cleaner.CleanupObject(s.cluster.Client(), encryptionSecret)) + } + + log.V(1).Info("Creating ironcore volume") ironcoreVolume := &storagev1alpha1.Volume{ ObjectMeta: metav1.ObjectMeta{ Namespace: s.cluster.Namespace(), @@ -100,11 +126,30 @@ func (s *Server) createIronCoreVolume( ClaimRef: s.optionalLocalUIDReference(optIronCoreMachine), }, } + if encryptionSecret != nil { + ironcoreVolume.Spec.Encryption = &storagev1alpha1.VolumeEncryption{ + SecretRef: corev1.LocalObjectReference{Name: encryptionSecret.Name}, + } + } if err := s.cluster.Client().Create(ctx, ironcoreVolume); err != nil { return nil, nil, fmt.Errorf("error creating ironcore volume: %w", err) } c.Add(cleaner.CleanupObject(s.cluster.Client(), ironcoreVolume)) + if encryptionSecret != nil { + log.V(1).Info("Patching owner ref of ironcore encryption secret") + baseEncryptionSecret := encryptionSecret.DeepCopy() + encryptionSecret.ObjectMeta.OwnerReferences = []metav1.OwnerReference{ + metautils.MakeControllerRef( + storagev1alpha1.SchemeGroupVersion.WithKind("Volume"), + ironcoreVolume, + ), + } + if err := s.cluster.Client().Patch(ctx, encryptionSecret, client.MergeFrom(baseEncryptionSecret)); err != nil { + return nil, nil, fmt.Errorf("error patching ironcore volume status: %w", err) + } + } + var ( secretRef *corev1.LocalObjectReference accessSecret *corev1.Secret diff --git a/broker/machinebroker/server/machine_volume_attach_test.go b/broker/machinebroker/server/machine_volume_attach_test.go index 15f839745..619ce3292 100644 --- a/broker/machinebroker/server/machine_volume_attach_test.go +++ b/broker/machinebroker/server/machine_volume_attach_test.go @@ -13,6 +13,7 @@ import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "sigs.k8s.io/controller-runtime/pkg/client" + . "sigs.k8s.io/controller-runtime/pkg/envtest/komega" ) var _ = Describe("AttachVolume", func() { @@ -99,4 +100,89 @@ var _ = Describe("AttachVolume", func() { Expect(secret.Type).To(Equal(storagev1alpha1.SecretTypeVolumeAuth)) Expect(secret.Data).To(Equal(map[string][]byte{"key": []byte("supersecret")})) }) + + It("should correctly attach an encrypted volume", func(ctx SpecContext) { + By("creating a machine") + createMachineRes, err := srv.CreateMachine(ctx, &iri.CreateMachineRequest{ + Machine: &iri.Machine{ + Spec: &iri.MachineSpec{ + Power: iri.Power_POWER_ON, + Image: &iri.ImageSpec{ + Image: "example.org/foo:latest", + }, + Class: machineClass.Name, + }, + }, + }) + Expect(err).NotTo(HaveOccurred()) + machineID := createMachineRes.Machine.Metadata.Id + + By("attaching a volume") + Expect(srv.AttachVolume(ctx, &iri.AttachVolumeRequest{ + MachineId: machineID, + Volume: &iri.Volume{ + Name: "my-volume", + Device: "oda", + Connection: &iri.VolumeConnection{ + Driver: "ceph", + Handle: "mycephvolume", + Attributes: map[string]string{ + "foo": "bar", + }, + SecretData: map[string][]byte{ + "key": []byte("supersecret"), + }, + EncryptionData: map[string][]byte{ + "encryption": []byte("supersecret2"), + }, + }, + }, + })).Error().ShouldNot(HaveOccurred()) + + By("getting the ironcore machine") + ironcoreMachine := &computev1alpha1.Machine{} + ironcoreMachineKey := client.ObjectKey{Namespace: ns.Name, Name: machineID} + Expect(k8sClient.Get(ctx, ironcoreMachineKey, ironcoreMachine)).To(Succeed()) + + By("inspecting the ironcore machine's volumes") + Expect(ironcoreMachine.Spec.Volumes).To(ConsistOf(MatchAllFields(Fields{ + "Name": Equal("my-volume"), + "Device": PointTo(Equal("oda")), + "VolumeSource": MatchFields(IgnoreExtras, Fields{ + "VolumeRef": PointTo(MatchAllFields(Fields{ + "Name": Not(BeEmpty()), + })), + }), + }))) + + By("getting the corresponding ironcore volume") + volume := &storagev1alpha1.Volume{} + volumeName := ironcoreMachine.Spec.Volumes[0].VolumeRef.Name + volumeKey := client.ObjectKey{Namespace: ns.Name, Name: volumeName} + Expect(k8sClient.Get(ctx, volumeKey, volume)).To(Succeed()) + + By("inspecting the ironcore volume") + Expect(volume).To(SatisfyAll( + HaveField("Spec.Encryption.SecretRef.Name", Not(BeEmpty())), + HaveField("Status.Access.SecretRef.Name", Not(BeEmpty())), + HaveField("Status.Access.Driver", Equal("ceph")), + HaveField("Status.Access.Handle", Equal("mycephvolume")), + HaveField("Status.Access.VolumeAttributes", Equal(map[string]string{ + "foo": "bar", + })), + )) + + By("fetching the corresponding ironcore volume encryption secret") + secret := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: volume.Spec.Encryption.SecretRef.Name, + Namespace: ns.Name, + }, + } + Expect(Object(secret)()).To(SatisfyAll( + HaveField("Type", Equal(storagev1alpha1.SecretTypeVolumeEncryption)), + HaveField("Data", Equal(map[string][]byte{"encryption": []byte("supersecret2")})), + Satisfy(func(o *corev1.Secret) bool { return metav1.IsControlledBy(o, volume) }), + )) + }) }) diff --git a/iri/apis/machine/v1alpha1/api.pb.go b/iri/apis/machine/v1alpha1/api.pb.go index 0442c24cd..4507f5bab 100644 --- a/iri/apis/machine/v1alpha1/api.pb.go +++ b/iri/apis/machine/v1alpha1/api.pb.go @@ -469,6 +469,7 @@ type VolumeConnection struct { Handle string `protobuf:"bytes,2,opt,name=handle,proto3" json:"handle,omitempty"` Attributes map[string]string `protobuf:"bytes,3,rep,name=attributes,proto3" json:"attributes,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` SecretData map[string][]byte `protobuf:"bytes,4,rep,name=secret_data,json=secretData,proto3" json:"secret_data,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + EncryptionData map[string][]byte `protobuf:"bytes,5,rep,name=encryption_data,json=encryptionData,proto3" json:"encryption_data,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_sizecache int32 `json:"-"` } @@ -533,6 +534,13 @@ func (m *VolumeConnection) GetSecretData() map[string][]byte { return nil } +func (m *VolumeConnection) GetEncryptionData() map[string][]byte { + if m != nil { + return m.EncryptionData + } + return nil +} + type Volume struct { Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` Device string `protobuf:"bytes,2,opt,name=device,proto3" json:"device,omitempty"` @@ -2152,6 +2160,7 @@ func init() { proto.RegisterType((*EmptyDisk)(nil), "machine.v1alpha1.EmptyDisk") proto.RegisterType((*VolumeConnection)(nil), "machine.v1alpha1.VolumeConnection") proto.RegisterMapType((map[string]string)(nil), "machine.v1alpha1.VolumeConnection.AttributesEntry") + proto.RegisterMapType((map[string][]byte)(nil), "machine.v1alpha1.VolumeConnection.EncryptionDataEntry") proto.RegisterMapType((map[string][]byte)(nil), "machine.v1alpha1.VolumeConnection.SecretDataEntry") proto.RegisterType((*Volume)(nil), "machine.v1alpha1.Volume") proto.RegisterType((*NetworkInterface)(nil), "machine.v1alpha1.NetworkInterface") @@ -2192,120 +2201,122 @@ func init() { func init() { proto.RegisterFile("api.proto", fileDescriptor_00212fb1f9d3bf1c) } var fileDescriptor_00212fb1f9d3bf1c = []byte{ - // 1796 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xcc, 0x58, 0xcd, 0x72, 0xdb, 0xd6, - 0x15, 0x16, 0x28, 0x89, 0x12, 0x0f, 0x29, 0x8a, 0xbe, 0xfa, 0x31, 0x0d, 0x97, 0x34, 0x8d, 0xba, - 0xb6, 0x47, 0xb5, 0x49, 0x8b, 0xae, 0x6b, 0xd7, 0x33, 0xee, 0x94, 0x22, 0x29, 0x9b, 0x63, 0x91, - 0x52, 0xa1, 0x1f, 0xb7, 0x9d, 0x76, 0x30, 0x20, 0x78, 0x25, 0xa1, 0x02, 0x01, 0x1a, 0x00, 0xe9, - 0xaa, 0xde, 0xb4, 0x93, 0x07, 0x48, 0x9e, 0x22, 0xeb, 0x64, 0x26, 0xcb, 0x3c, 0x80, 0x97, 0xde, - 0x25, 0xcb, 0x58, 0x99, 0xc9, 0x4c, 0xf2, 0x14, 0x99, 0x8b, 0x7b, 0x01, 0x81, 0x24, 0xc0, 0x1f, - 0x67, 0x93, 0x1d, 0xef, 0xc1, 0xf9, 0xfd, 0xee, 0x39, 0xe7, 0xbb, 0x12, 0xc4, 0xe4, 0x8e, 0x9a, - 0xef, 0x98, 0x86, 0x6d, 0xa0, 0x54, 0x5b, 0x56, 0x4e, 0x55, 0x1d, 0xe7, 0x7b, 0x9b, 0xb2, 0xd6, - 0x39, 0x95, 0x37, 0xf9, 0xfb, 0x27, 0xaa, 0x7d, 0xda, 0x6d, 0xe6, 0x15, 0xa3, 0x5d, 0x38, 0x31, - 0x4e, 0x8c, 0x82, 0xa3, 0xd8, 0xec, 0x1e, 0x3b, 0x27, 0xe7, 0xe0, 0xfc, 0xa2, 0x0e, 0xf8, 0x92, - 0x4f, 0x5d, 0x35, 0x0d, 0x5d, 0x31, 0x4c, 0x7c, 0xbf, 0x85, 0x7b, 0xde, 0xa1, 0xa0, 0x9a, 0x6a, - 0x41, 0xee, 0xa8, 0x56, 0xa1, 0x8d, 0x6d, 0xb9, 0xe0, 0xc6, 0x29, 0x78, 0x39, 0x08, 0xdf, 0x44, - 0x00, 0x8e, 0x0c, 0xad, 0xdb, 0xc6, 0xfb, 0x1d, 0xac, 0xa0, 0x75, 0x88, 0xb6, 0x4c, 0xb5, 0x87, - 0xcd, 0x34, 0x97, 0xe3, 0xee, 0xc6, 0x44, 0x76, 0x22, 0xf2, 0x53, 0x59, 0x6f, 0x69, 0x38, 0x1d, - 0xa1, 0x72, 0x7a, 0x42, 0x3b, 0x00, 0xb2, 0x6d, 0x9b, 0x6a, 0xb3, 0x6b, 0x63, 0x2b, 0x3d, 0x9b, - 0x9b, 0xbd, 0x1b, 0x2f, 0xde, 0xcb, 0x0f, 0xd6, 0x95, 0xbf, 0x8c, 0x90, 0x2f, 0x79, 0xea, 0x55, - 0xdd, 0x36, 0xcf, 0x45, 0x9f, 0x3d, 0xaa, 0x43, 0xdc, 0xc2, 0x8a, 0x89, 0x6d, 0xa9, 0x25, 0xdb, - 0x72, 0x7a, 0x6e, 0x02, 0x77, 0xfb, 0x8e, 0x7e, 0x45, 0xb6, 0x65, 0xe6, 0xce, 0xf2, 0x04, 0xfc, - 0x33, 0x58, 0x1e, 0x88, 0x86, 0x52, 0x30, 0x7b, 0x86, 0xcf, 0x59, 0x71, 0xe4, 0x27, 0x5a, 0x85, - 0xf9, 0x9e, 0xac, 0x75, 0xdd, 0xc2, 0xe8, 0xe1, 0x69, 0xe4, 0x09, 0x47, 0xcc, 0x07, 0xbc, 0x8f, - 0x33, 0x4f, 0xf8, 0xcc, 0x85, 0xaf, 0x39, 0x58, 0xaa, 0xd3, 0xcc, 0xb7, 0x55, 0xcd, 0xc6, 0x26, - 0x4a, 0x42, 0x44, 0x6d, 0x31, 0xe3, 0x88, 0xda, 0x42, 0x7f, 0x87, 0xa4, 0x26, 0x37, 0xb1, 0x26, - 0x59, 0x58, 0xc3, 0x8a, 0x6d, 0x98, 0xe9, 0x88, 0x53, 0x71, 0x71, 0xb8, 0xe2, 0x3e, 0x47, 0xf9, - 0x1d, 0x62, 0xb5, 0xcf, 0x8c, 0x68, 0xdd, 0x4b, 0x9a, 0x5f, 0xc6, 0xff, 0x05, 0xd0, 0xb0, 0xd2, - 0x34, 0xd5, 0x0b, 0xff, 0x84, 0x34, 0x0b, 0x5a, 0xd6, 0x64, 0xcb, 0x2a, 0xcb, 0x1d, 0xb9, 0xa9, - 0x6a, 0xaa, 0xad, 0x62, 0x0b, 0x65, 0x00, 0x94, 0x4e, 0x57, 0x6a, 0xab, 0x9a, 0xa6, 0x5a, 0x8e, - 0xbb, 0x59, 0x31, 0xa6, 0x74, 0xba, 0x75, 0x47, 0x80, 0x6e, 0x42, 0xa2, 0x8d, 0xdb, 0x86, 0x79, - 0x2e, 0x35, 0xcf, 0x49, 0x5b, 0x44, 0x1c, 0x85, 0x38, 0x95, 0x6d, 0x11, 0x91, 0xf0, 0x05, 0x07, - 0x0b, 0xcc, 0x3d, 0xfa, 0x13, 0x2c, 0x92, 0xee, 0x74, 0xae, 0x9c, 0xf8, 0x8a, 0x17, 0x33, 0x79, - 0x22, 0xb8, 0xac, 0x7e, 0xb7, 0xf9, 0x6f, 0xac, 0xd8, 0x75, 0xa6, 0x24, 0x7a, 0xea, 0x68, 0x13, - 0xe6, 0xac, 0x0e, 0x56, 0x9c, 0x08, 0x8e, 0x59, 0x08, 0x6e, 0xa4, 0x55, 0x44, 0x47, 0x15, 0x3d, - 0x86, 0xa8, 0x65, 0xcb, 0x76, 0x97, 0x74, 0x2b, 0x31, 0xba, 0x11, 0x6e, 0xe4, 0xa8, 0x89, 0x4c, - 0x5d, 0xb8, 0x09, 0xb1, 0x5a, 0x5b, 0x3e, 0xa1, 0x73, 0xb2, 0x0a, 0xf3, 0x2a, 0x39, 0x30, 0x2c, - 0xe9, 0x41, 0xd8, 0x80, 0x58, 0xb5, 0xdd, 0xb1, 0xcf, 0x2b, 0xaa, 0x75, 0x46, 0x40, 0xb2, 0xd4, - 0xff, 0x62, 0x86, 0x01, 0x03, 0x89, 0x48, 0x28, 0x02, 0x3f, 0x46, 0x20, 0x45, 0xfb, 0xb8, 0x6c, - 0xe8, 0x3a, 0x56, 0x6c, 0xd5, 0xd0, 0xa7, 0x1e, 0x3f, 0x31, 0x60, 0xfc, 0x8a, 0x61, 0xf3, 0x72, - 0x19, 0x67, 0xe4, 0x10, 0xee, 0x07, 0x0d, 0xe1, 0x24, 0x4e, 0x7f, 0xbd, 0xa3, 0xf8, 0x15, 0x07, - 0x51, 0x9a, 0x2e, 0x42, 0x30, 0xa7, 0xcb, 0x6d, 0xf7, 0xde, 0x9c, 0xdf, 0x0e, 0xea, 0xb8, 0xa7, - 0x2a, 0x1e, 0xba, 0xf4, 0x84, 0x9e, 0x02, 0x60, 0x72, 0x9d, 0x52, 0x4b, 0xb5, 0xce, 0xd2, 0x73, - 0x4e, 0xbb, 0x5c, 0x1f, 0x06, 0xc2, 0xbb, 0x72, 0x31, 0x86, 0xbd, 0xdb, 0xdf, 0x02, 0x50, 0x3c, - 0x68, 0xd2, 0xf3, 0x8e, 0xad, 0x30, 0x1e, 0x44, 0xd1, 0x67, 0x25, 0xfc, 0xc4, 0x41, 0xaa, 0x81, - 0xed, 0x37, 0x86, 0x79, 0x56, 0xd3, 0x6d, 0x6c, 0x1e, 0xcb, 0x4a, 0x70, 0x01, 0x19, 0x00, 0x9d, - 0xea, 0x49, 0x6a, 0x8b, 0x15, 0x11, 0x63, 0x92, 0x5a, 0x8b, 0x40, 0xa5, 0x76, 0x68, 0x7b, 0xc4, - 0x44, 0xf2, 0x73, 0xa0, 0x6f, 0x42, 0xaf, 0x78, 0x30, 0xf8, 0xa8, 0xbe, 0xf9, 0x85, 0x57, 0x2c, - 0x7c, 0x19, 0x81, 0xb8, 0x6f, 0x5a, 0xd1, 0x7d, 0x98, 0xef, 0x18, 0x6f, 0xd8, 0x24, 0x24, 0x8b, - 0x57, 0x87, 0xb3, 0xdb, 0x23, 0x9f, 0x45, 0xaa, 0x85, 0x36, 0xdd, 0x81, 0x8c, 0x84, 0x5d, 0x93, - 0x37, 0xbc, 0x6c, 0x5a, 0x49, 0x2e, 0x0a, 0x59, 0x6d, 0xce, 0x22, 0x88, 0x89, 0xf4, 0x80, 0x7e, - 0x0b, 0x4b, 0xea, 0x89, 0xae, 0x92, 0x0b, 0x70, 0x07, 0x80, 0x74, 0x53, 0xc2, 0x15, 0x92, 0x0e, - 0x44, 0x45, 0x58, 0xe8, 0x39, 0x37, 0x67, 0xa5, 0xe7, 0x1d, 0xf0, 0xd2, 0x61, 0x57, 0x2b, 0xba, - 0x8a, 0xe8, 0xaf, 0x80, 0xbc, 0x4b, 0x72, 0x01, 0xb5, 0xd2, 0x51, 0xc7, 0x5c, 0x18, 0x8f, 0xbd, - 0x78, 0x45, 0x1f, 0x90, 0x58, 0xc2, 0xe7, 0x11, 0x8f, 0x62, 0xe8, 0xb2, 0x42, 0x05, 0x58, 0x31, - 0x9a, 0x16, 0x36, 0x7b, 0xb8, 0x25, 0x9d, 0x60, 0x1d, 0x9b, 0xb2, 0xd3, 0x7f, 0x74, 0xfb, 0x20, - 0xf7, 0xd3, 0x73, 0xef, 0x0b, 0xfa, 0x03, 0xcc, 0x93, 0xfd, 0x46, 0x71, 0x4b, 0x16, 0xb3, 0x23, - 0xb7, 0x21, 0x16, 0xa9, 0x32, 0xba, 0x0e, 0x31, 0x07, 0x43, 0xc9, 0xc4, 0xc7, 0x0c, 0xbe, 0x45, - 0x47, 0x20, 0xe2, 0x63, 0xf4, 0xe4, 0x12, 0x1c, 0xda, 0x59, 0xd9, 0x50, 0x06, 0xa7, 0x1b, 0xd6, - 0x83, 0xe8, 0x55, 0x20, 0x44, 0x14, 0xe1, 0xbb, 0xe3, 0x21, 0x62, 0xee, 0x02, 0x80, 0x32, 0x20, - 0xe1, 0x8f, 0x18, 0xb6, 0x05, 0x02, 0x77, 0xec, 0x43, 0x17, 0xa1, 0x59, 0x07, 0xa1, 0xcc, 0xa8, - 0x62, 0x5c, 0x80, 0x84, 0x4f, 0x38, 0x58, 0x0f, 0x4e, 0x6f, 0xaa, 0xd8, 0xcf, 0xfa, 0x63, 0xdf, - 0x99, 0x0c, 0x03, 0x2f, 0x0b, 0x13, 0x12, 0x7e, 0x0e, 0x0f, 0x0c, 0xdd, 0x80, 0x84, 0xe2, 0xe3, - 0x76, 0x36, 0x3f, 0x1b, 0xa1, 0x7d, 0x30, 0xf4, 0x1a, 0x10, 0xfb, 0xec, 0x85, 0x2e, 0x20, 0xbf, - 0x26, 0x2b, 0xba, 0x0c, 0x4b, 0xcc, 0xa1, 0x44, 0x67, 0x8e, 0x12, 0x7d, 0x76, 0x74, 0x18, 0x31, - 0xd1, 0xf6, 0xa7, 0xcf, 0xc3, 0xe2, 0xeb, 0xae, 0xac, 0xdb, 0xaa, 0x7d, 0xce, 0xde, 0x14, 0xde, - 0x59, 0xd8, 0x80, 0xe4, 0x11, 0x36, 0x2d, 0xb2, 0x42, 0xf1, 0xeb, 0x2e, 0xb6, 0x6c, 0x94, 0x86, - 0x85, 0x1e, 0x95, 0xb0, 0x7a, 0xdd, 0xa3, 0xf0, 0x2f, 0x58, 0xf6, 0x74, 0xad, 0x8e, 0xa1, 0x5b, - 0x98, 0x3c, 0x59, 0xcc, 0xae, 0x6e, 0xab, 0x6d, 0x2c, 0xf9, 0x10, 0x8a, 0x33, 0x59, 0x83, 0x00, - 0x75, 0x07, 0x96, 0x5d, 0x15, 0xd7, 0x2f, 0xbd, 0xac, 0x24, 0x13, 0x33, 0x9f, 0x42, 0x03, 0x56, - 0x76, 0x54, 0xcb, 0x66, 0x85, 0x58, 0x6e, 0x3e, 0x8f, 0x21, 0x7a, 0xec, 0x3c, 0xdf, 0x58, 0xed, - 0x37, 0xc6, 0xbc, 0xf2, 0x44, 0xa6, 0x2e, 0xd4, 0x61, 0xb5, 0xdf, 0x1f, 0xcb, 0xf9, 0x11, 0x2c, - 0x32, 0x0f, 0x04, 0x4e, 0x32, 0x23, 0xd7, 0x42, 0x5d, 0x8a, 0x9e, 0xaa, 0xf0, 0x12, 0x56, 0xcb, - 0x26, 0x96, 0x6d, 0xec, 0x7e, 0x62, 0xf9, 0x3d, 0x84, 0x05, 0xa6, 0xc3, 0x12, 0x1c, 0xe1, 0xcd, - 0xd5, 0x14, 0x76, 0x60, 0x6d, 0xc0, 0x19, 0x4b, 0xee, 0xa3, 0xbc, 0x3d, 0x82, 0xd5, 0x0a, 0xd6, - 0xf0, 0x50, 0x6a, 0x19, 0x00, 0xb7, 0x7b, 0xbc, 0x07, 0x74, 0x8c, 0x49, 0x6a, 0x2d, 0xe1, 0x2a, - 0xac, 0x0d, 0x98, 0xd1, 0x24, 0x84, 0x1f, 0x38, 0xb8, 0x71, 0xd8, 0x69, 0x5d, 0xa6, 0x57, 0xd2, - 0x75, 0xc3, 0x76, 0x16, 0x9f, 0x35, 0x99, 0x6f, 0xd4, 0x82, 0xb8, 0x7c, 0x69, 0xc4, 0x1e, 0xe8, - 0x5b, 0xc3, 0xb5, 0x8c, 0x09, 0x93, 0xf7, 0x89, 0x28, 0x75, 0xfa, 0xdd, 0xf2, 0x7f, 0x86, 0xd4, - 0xa0, 0xc2, 0x54, 0xe4, 0x29, 0x40, 0x2e, 0x3c, 0x01, 0x06, 0x86, 0x0a, 0xd7, 0xfa, 0x74, 0x28, - 0x7d, 0x4e, 0x86, 0x82, 0x47, 0xc6, 0x91, 0x49, 0xc8, 0x58, 0xf8, 0x0d, 0xf0, 0x41, 0xa1, 0x58, - 0x22, 0xc7, 0xb0, 0x52, 0xb2, 0x6d, 0x59, 0x39, 0x65, 0x0c, 0x39, 0x59, 0x0a, 0x0f, 0x20, 0x4a, - 0x69, 0x82, 0x6d, 0xa8, 0x70, 0xc6, 0x65, 0x7a, 0xc2, 0x3a, 0xac, 0xf6, 0xc7, 0x61, 0xf1, 0x5f, - 0xc0, 0x4a, 0x05, 0x4f, 0x1d, 0xdf, 0xdd, 0x9d, 0x91, 0xcb, 0xdd, 0x49, 0x22, 0xf4, 0x7b, 0x62, - 0x11, 0x3e, 0xe5, 0x20, 0x43, 0x43, 0x0f, 0xb1, 0xf8, 0x64, 0xc1, 0x76, 0xe1, 0xca, 0x10, 0x11, - 0xb2, 0xba, 0x27, 0x79, 0x2a, 0xa4, 0x06, 0x19, 0x50, 0xc8, 0x41, 0x36, 0x2c, 0x21, 0x96, 0xb3, - 0x08, 0x19, 0x5a, 0xcb, 0x47, 0xa6, 0x1c, 0x84, 0x4f, 0x0e, 0xb2, 0x61, 0x3e, 0x59, 0xd4, 0x65, - 0x58, 0x62, 0xac, 0x4d, 0xa3, 0x08, 0xa7, 0x90, 0x74, 0x05, 0x6c, 0x93, 0x1c, 0xc1, 0x6a, 0x1f, - 0x75, 0x48, 0xec, 0xcf, 0x37, 0xba, 0xf2, 0x6e, 0x8d, 0x66, 0x10, 0xe6, 0x0b, 0xb5, 0x87, 0x64, - 0xc2, 0x3d, 0x88, 0x57, 0xff, 0x83, 0x95, 0x09, 0x77, 0x4c, 0x0e, 0x12, 0x54, 0x9b, 0x65, 0x95, - 0x82, 0xd9, 0xae, 0xa9, 0xb9, 0xd3, 0xd9, 0x35, 0xb5, 0x8d, 0x5b, 0x30, 0xef, 0xf4, 0x39, 0x4a, - 0xc0, 0xe2, 0xde, 0xee, 0xab, 0xaa, 0x28, 0xed, 0x36, 0x52, 0x33, 0x68, 0x09, 0x62, 0xec, 0xb4, - 0xbd, 0x9d, 0xe2, 0x36, 0xfe, 0x08, 0x71, 0xdf, 0x73, 0x01, 0x21, 0x48, 0x1e, 0xed, 0xee, 0x1c, - 0xd6, 0xab, 0xd2, 0x5e, 0xb5, 0x51, 0xa9, 0x35, 0x9e, 0xa7, 0x66, 0xd0, 0x0a, 0x2c, 0x33, 0x59, - 0xe9, 0xe0, 0xa0, 0x54, 0x7e, 0x51, 0xad, 0xa4, 0xb8, 0x8d, 0x23, 0x58, 0x0b, 0xa4, 0x7a, 0x94, - 0x81, 0x6b, 0x8d, 0xea, 0xc1, 0xab, 0x5d, 0xf1, 0xa5, 0x54, 0x6b, 0x1c, 0x54, 0xc5, 0xed, 0x52, - 0xd9, 0xef, 0x2c, 0x0b, 0xfc, 0xf0, 0x67, 0x9f, 0xdf, 0x13, 0xef, 0x89, 0x40, 0xdd, 0xad, 0xc0, - 0x72, 0xbd, 0x54, 0x7e, 0x51, 0x6b, 0x0c, 0x64, 0xe4, 0x0a, 0xc5, 0xc3, 0x46, 0x83, 0x08, 0x39, - 0xb4, 0x06, 0x57, 0x5c, 0xe1, 0xfe, 0xe1, 0x3e, 0x51, 0xae, 0x56, 0x52, 0x11, 0xb4, 0x0e, 0xc8, - 0x15, 0x1f, 0x54, 0xc5, 0x7a, 0xad, 0x51, 0x3a, 0xa8, 0x56, 0x52, 0xb3, 0xc5, 0xf7, 0x31, 0x48, - 0xba, 0xfb, 0x99, 0xf2, 0x25, 0xda, 0x83, 0x05, 0xc6, 0x99, 0x28, 0x17, 0x30, 0xcd, 0x7d, 0x74, - 0xce, 0xdf, 0x1c, 0xa1, 0xc1, 0x9a, 0x69, 0x06, 0x49, 0x90, 0xf0, 0x53, 0x25, 0xfa, 0xdd, 0xb0, - 0x51, 0x00, 0x35, 0xf3, 0xb7, 0xc7, 0xa9, 0x79, 0x01, 0x9a, 0xb0, 0xd4, 0xc7, 0x77, 0x28, 0xc0, - 0x34, 0x88, 0x5d, 0xf9, 0x3b, 0x63, 0xf5, 0xfc, 0x31, 0xfa, 0xe8, 0x2c, 0x28, 0x46, 0x10, 0x4d, - 0x06, 0xc5, 0x08, 0xe6, 0xc5, 0x19, 0xf4, 0x7f, 0x0e, 0xd2, 0x61, 0x8c, 0x81, 0x36, 0xa7, 0xa6, - 0x37, 0xbe, 0x38, 0x8d, 0x09, 0x1b, 0x21, 0x03, 0xd0, 0x30, 0x4b, 0xa0, 0xdf, 0x8f, 0xf1, 0xe4, - 0xa7, 0x2d, 0xfe, 0xde, 0x64, 0xca, 0x2c, 0xa0, 0x04, 0x09, 0x3f, 0x21, 0x04, 0x75, 0x47, 0x00, - 0x31, 0x05, 0x75, 0x47, 0x20, 0xaf, 0x38, 0xed, 0xe7, 0xe7, 0x83, 0xa0, 0x00, 0x01, 0xcc, 0xc3, - 0xdf, 0x1e, 0xa7, 0xe6, 0x05, 0x78, 0x0b, 0xeb, 0xc1, 0x6b, 0x1c, 0x15, 0xc2, 0x92, 0x0c, 0x59, - 0xe7, 0xfc, 0x83, 0xc9, 0x0d, 0x18, 0x7c, 0x6f, 0x61, 0x3d, 0x78, 0x9b, 0x07, 0x05, 0x1f, 0xc9, - 0x25, 0x41, 0xc1, 0x47, 0x13, 0x05, 0x7a, 0x09, 0x51, 0xf6, 0xa7, 0x44, 0xc0, 0xbb, 0xb9, 0x8f, - 0x42, 0xf8, 0x5c, 0xb8, 0x02, 0x73, 0x56, 0x85, 0x39, 0xb2, 0xcc, 0x51, 0xc0, 0xdf, 0x72, 0x3e, - 0x4a, 0xe0, 0xb3, 0x61, 0x9f, 0xa9, 0x9b, 0xad, 0xbf, 0xbd, 0xfb, 0x90, 0xe5, 0xbe, 0xfd, 0x90, - 0x9d, 0xf9, 0xdf, 0x45, 0x96, 0x7b, 0x77, 0x91, 0xe5, 0xde, 0x5f, 0x64, 0xb9, 0xef, 0x2e, 0xb2, - 0xdc, 0x67, 0xdf, 0x67, 0x67, 0xfe, 0xf1, 0x74, 0x8a, 0x7f, 0xce, 0xd3, 0x30, 0xde, 0xff, 0xe7, - 0x9b, 0x51, 0xe7, 0x9f, 0xf3, 0x0f, 0x7f, 0x0e, 0x00, 0x00, 0xff, 0xff, 0xaa, 0xa7, 0xaf, 0x56, - 0x2d, 0x18, 0x00, 0x00, + // 1832 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xc4, 0x59, 0xdd, 0x73, 0xdb, 0x58, + 0x15, 0x8f, 0x9c, 0xc4, 0x89, 0x8f, 0x1d, 0xc7, 0xbd, 0x49, 0xb3, 0xae, 0x16, 0xbb, 0xae, 0x58, + 0xb6, 0x9d, 0xd0, 0xda, 0x1b, 0x97, 0xfd, 0xa0, 0x33, 0xcb, 0xe0, 0xda, 0xee, 0xd6, 0xd3, 0xd8, + 0x29, 0x4a, 0x9a, 0x02, 0x03, 0xa3, 0x91, 0xe5, 0x9b, 0x44, 0x54, 0x96, 0xbc, 0x92, 0xec, 0x25, + 0xec, 0x0b, 0x0c, 0xcf, 0x0c, 0xfc, 0x15, 0x3c, 0xc3, 0x0c, 0x8f, 0xfc, 0x01, 0xfb, 0xb8, 0x6f, + 0xf0, 0xc8, 0x86, 0x19, 0x1e, 0xf8, 0x2b, 0x98, 0xfb, 0x21, 0x59, 0xb6, 0xaf, 0xfc, 0x51, 0x1e, + 0xf6, 0xcd, 0xf7, 0xe8, 0x9c, 0xdf, 0xf9, 0xd0, 0x39, 0xe7, 0x77, 0x35, 0x86, 0x94, 0x3e, 0x30, + 0xcb, 0x03, 0xd7, 0xf1, 0x1d, 0x94, 0xeb, 0xeb, 0xc6, 0x95, 0x69, 0xe3, 0xf2, 0xe8, 0x48, 0xb7, + 0x06, 0x57, 0xfa, 0x91, 0xfc, 0xe8, 0xd2, 0xf4, 0xaf, 0x86, 0xdd, 0xb2, 0xe1, 0xf4, 0x2b, 0x97, + 0xce, 0xa5, 0x53, 0xa1, 0x8a, 0xdd, 0xe1, 0x05, 0x3d, 0xd1, 0x03, 0xfd, 0xc5, 0x00, 0xe4, 0x5a, + 0x44, 0xdd, 0x74, 0x1d, 0xdb, 0x70, 0x5c, 0xfc, 0xa8, 0x87, 0x47, 0xe1, 0xa1, 0x62, 0xba, 0x66, + 0x45, 0x1f, 0x98, 0x5e, 0xa5, 0x8f, 0x7d, 0xbd, 0x12, 0xf8, 0xa9, 0x84, 0x31, 0x28, 0xff, 0x48, + 0x00, 0x9c, 0x3b, 0xd6, 0xb0, 0x8f, 0x4f, 0x07, 0xd8, 0x40, 0x07, 0x90, 0xec, 0xb9, 0xe6, 0x08, + 0xbb, 0x79, 0xa9, 0x24, 0x3d, 0x48, 0xa9, 0xfc, 0x44, 0xe4, 0x57, 0xba, 0xdd, 0xb3, 0x70, 0x3e, + 0xc1, 0xe4, 0xec, 0x84, 0x8e, 0x01, 0x74, 0xdf, 0x77, 0xcd, 0xee, 0xd0, 0xc7, 0x5e, 0x7e, 0xbd, + 0xb4, 0xfe, 0x20, 0x5d, 0x7d, 0x58, 0x9e, 0xce, 0xab, 0x3c, 0xf6, 0x50, 0xae, 0x85, 0xea, 0x4d, + 0xdb, 0x77, 0xaf, 0xd5, 0x88, 0x3d, 0x6a, 0x43, 0xda, 0xc3, 0x86, 0x8b, 0x7d, 0xad, 0xa7, 0xfb, + 0x7a, 0x7e, 0x63, 0x09, 0xb8, 0x53, 0xaa, 0xdf, 0xd0, 0x7d, 0x9d, 0xc3, 0x79, 0xa1, 0x40, 0xfe, + 0x14, 0x76, 0xa7, 0xbc, 0xa1, 0x1c, 0xac, 0xbf, 0xc1, 0xd7, 0x3c, 0x39, 0xf2, 0x13, 0xed, 0xc3, + 0xe6, 0x48, 0xb7, 0x86, 0x41, 0x62, 0xec, 0xf0, 0x24, 0xf1, 0x89, 0x44, 0xcc, 0xa7, 0xd0, 0x17, + 0x99, 0x67, 0x22, 0xe6, 0xca, 0xdf, 0x25, 0xd8, 0x69, 0xb3, 0xc8, 0x9f, 0x99, 0x96, 0x8f, 0x5d, + 0x94, 0x85, 0x84, 0xd9, 0xe3, 0xc6, 0x09, 0xb3, 0x87, 0x7e, 0x06, 0x59, 0x4b, 0xef, 0x62, 0x4b, + 0xf3, 0xb0, 0x85, 0x0d, 0xdf, 0x71, 0xf3, 0x09, 0x9a, 0x71, 0x75, 0x36, 0xe3, 0x09, 0xa0, 0xf2, + 0x31, 0xb1, 0x3a, 0xe5, 0x46, 0x2c, 0xef, 0x1d, 0x2b, 0x2a, 0x93, 0x7f, 0x0c, 0x68, 0x56, 0x69, + 0x95, 0xec, 0x95, 0x5f, 0x40, 0x9e, 0x3b, 0xad, 0x5b, 0xba, 0xe7, 0xd5, 0xf5, 0x81, 0xde, 0x35, + 0x2d, 0xd3, 0x37, 0xb1, 0x87, 0x0a, 0x00, 0xc6, 0x60, 0xa8, 0xf5, 0x4d, 0xcb, 0x32, 0x3d, 0x0a, + 0xb7, 0xae, 0xa6, 0x8c, 0xc1, 0xb0, 0x4d, 0x05, 0xe8, 0x1e, 0x64, 0xfa, 0xb8, 0xef, 0xb8, 0xd7, + 0x5a, 0xf7, 0x9a, 0xb4, 0x45, 0x82, 0x2a, 0xa4, 0x99, 0xec, 0x29, 0x11, 0x29, 0x7f, 0x91, 0x60, + 0x8b, 0xc3, 0xa3, 0x1f, 0xc2, 0x36, 0xe9, 0x4e, 0xfa, 0xca, 0x09, 0x56, 0xba, 0x5a, 0x28, 0x13, + 0xc1, 0x38, 0xfb, 0x93, 0xee, 0xaf, 0xb0, 0xe1, 0xb7, 0xb9, 0x92, 0x1a, 0xaa, 0xa3, 0x23, 0xd8, + 0xf0, 0x06, 0xd8, 0xa0, 0x1e, 0xa8, 0x59, 0x4c, 0xdd, 0x48, 0xab, 0xa8, 0x54, 0x15, 0x7d, 0x0c, + 0x49, 0xcf, 0xd7, 0xfd, 0x21, 0xe9, 0x56, 0x62, 0x74, 0x37, 0xde, 0x88, 0xaa, 0xa9, 0x5c, 0x5d, + 0xb9, 0x07, 0xa9, 0x56, 0x5f, 0xbf, 0x64, 0x73, 0xb2, 0x0f, 0x9b, 0x26, 0x39, 0xf0, 0x5a, 0xb2, + 0x83, 0x72, 0x08, 0xa9, 0x66, 0x7f, 0xe0, 0x5f, 0x37, 0x4c, 0xef, 0x0d, 0x29, 0x92, 0x67, 0xfe, + 0x06, 0xf3, 0x1a, 0xf0, 0x22, 0x11, 0x09, 0xab, 0xc0, 0x1f, 0x36, 0x20, 0xc7, 0xfa, 0xb8, 0xee, + 0xd8, 0x36, 0x36, 0x7c, 0xd3, 0xb1, 0x57, 0x1e, 0x3f, 0x55, 0x30, 0x7e, 0xd5, 0xb8, 0x79, 0x19, + 0xfb, 0x99, 0x3b, 0x84, 0xa7, 0xa2, 0x21, 0x5c, 0x06, 0x74, 0xce, 0x28, 0x22, 0x0d, 0x76, 0xb1, + 0x6d, 0xb8, 0xd7, 0x03, 0xa2, 0xc9, 0x80, 0x37, 0x29, 0xf0, 0x47, 0x4b, 0x00, 0x37, 0x43, 0xcb, + 0x31, 0x78, 0x16, 0x4f, 0x08, 0xbf, 0xdd, 0x59, 0x97, 0x6b, 0xb0, 0x27, 0x08, 0x72, 0xa5, 0x75, + 0xf1, 0x37, 0x09, 0x92, 0x2c, 0x73, 0x84, 0x60, 0xc3, 0xd6, 0xfb, 0x41, 0x6f, 0xd1, 0xdf, 0xb4, + 0x33, 0xf0, 0xc8, 0x34, 0xc2, 0x0e, 0x60, 0x27, 0xf4, 0x04, 0x00, 0x93, 0x96, 0xd3, 0x7a, 0xa6, + 0xf7, 0x26, 0xbf, 0x41, 0x5b, 0xfa, 0xdd, 0xd9, 0x9a, 0x86, 0x6d, 0xa9, 0xa6, 0x70, 0xd8, 0xa1, + 0x4f, 0x01, 0x8c, 0xb0, 0xca, 0xf9, 0x4d, 0x6a, 0xab, 0x2c, 0x7e, 0x1f, 0x6a, 0xc4, 0x4a, 0xf9, + 0xaf, 0x04, 0xb9, 0x0e, 0xf6, 0xbf, 0x70, 0xdc, 0x37, 0x2d, 0xdb, 0xc7, 0xee, 0x85, 0x6e, 0x88, + 0x13, 0x28, 0x00, 0xd8, 0x4c, 0x4f, 0x33, 0x7b, 0x3c, 0x89, 0x14, 0x97, 0xb4, 0x7a, 0xa4, 0x54, + 0xe6, 0x80, 0xb5, 0x70, 0x4a, 0x25, 0x3f, 0xa7, 0x7a, 0x3b, 0xb6, 0x0d, 0xa7, 0x9d, 0xcf, 0xeb, + 0xed, 0xff, 0xb3, 0x4b, 0x94, 0xbf, 0x26, 0x20, 0x1d, 0xd9, 0x28, 0xe8, 0x11, 0x6c, 0x0e, 0x9c, + 0x2f, 0xf8, 0xb4, 0x66, 0xab, 0xef, 0xcc, 0x46, 0xf7, 0x92, 0x3c, 0x56, 0x99, 0x16, 0x3a, 0x0a, + 0x96, 0x46, 0x22, 0xee, 0x35, 0x85, 0x0b, 0x86, 0x6f, 0x14, 0x12, 0x8b, 0x41, 0xd6, 0x2f, 0x5d, + 0x56, 0x29, 0x95, 0x1d, 0xd0, 0x77, 0x61, 0xc7, 0xbc, 0xb4, 0xcd, 0xf1, 0x2c, 0x6d, 0xd0, 0x6e, + 0xca, 0x04, 0x42, 0x3a, 0x72, 0x55, 0xd8, 0x1a, 0xd1, 0x37, 0xe7, 0xf1, 0x51, 0xcb, 0xc7, 0xbd, + 0x5a, 0x35, 0x50, 0x44, 0x3f, 0x01, 0x14, 0xbe, 0xa4, 0xa0, 0xa0, 0x5e, 0x3e, 0x49, 0xcd, 0x95, + 0xc5, 0xb5, 0x57, 0x6f, 0xd9, 0x53, 0x12, 0x4f, 0xf9, 0x73, 0x22, 0xa4, 0x41, 0xb6, 0x50, 0x51, + 0x05, 0xf6, 0x9c, 0xae, 0x87, 0xdd, 0x11, 0xee, 0x69, 0x97, 0xd8, 0xc6, 0xae, 0x4e, 0xfb, 0x8f, + 0x6d, 0x48, 0x14, 0x3c, 0xfa, 0x2c, 0x7c, 0x82, 0x7e, 0x00, 0x9b, 0x64, 0x07, 0xb3, 0xba, 0x65, + 0xab, 0xc5, 0xb9, 0x1b, 0x1b, 0xab, 0x4c, 0x19, 0xbd, 0x0b, 0x29, 0x5a, 0x43, 0xcd, 0xc5, 0x17, + 0xbc, 0x7c, 0xdb, 0x54, 0xa0, 0xe2, 0x0b, 0xf4, 0xc9, 0xb8, 0x38, 0xac, 0xb3, 0x8a, 0xb1, 0xb7, + 0x0c, 0xc6, 0x02, 0x61, 0x89, 0x5e, 0x0b, 0x4b, 0xc4, 0x2a, 0xfc, 0x60, 0x71, 0x89, 0x38, 0x9c, + 0xa0, 0x50, 0x0e, 0x64, 0xa2, 0x1e, 0xe3, 0xb6, 0x80, 0x90, 0x07, 0x1e, 0x07, 0x15, 0x5a, 0xa7, + 0x15, 0x2a, 0xcc, 0x4b, 0x26, 0x28, 0x90, 0xf2, 0x7b, 0x09, 0x0e, 0xc4, 0xe1, 0xad, 0xe4, 0xfb, + 0xd3, 0x49, 0xdf, 0xf7, 0x97, 0xab, 0x41, 0x18, 0x85, 0x0b, 0x99, 0xe8, 0x3d, 0x43, 0xe8, 0xba, + 0x03, 0x19, 0x23, 0x72, 0xff, 0xe0, 0xf3, 0x73, 0x18, 0xdb, 0x07, 0x33, 0x37, 0x16, 0x75, 0xc2, + 0x5e, 0x19, 0x02, 0x8a, 0x6a, 0xf2, 0xa4, 0xeb, 0xb0, 0xc3, 0x01, 0x35, 0x36, 0x73, 0xec, 0x32, + 0x52, 0x9c, 0xef, 0x46, 0xcd, 0xf4, 0xa3, 0xe1, 0xcb, 0xb0, 0xfd, 0xf9, 0x50, 0xb7, 0x7d, 0xd3, + 0xbf, 0xe6, 0xf7, 0x9e, 0xf0, 0xac, 0x1c, 0x42, 0xf6, 0x1c, 0xbb, 0x1e, 0x59, 0xa1, 0xf8, 0xf3, + 0x21, 0xf6, 0x7c, 0x94, 0x87, 0xad, 0x11, 0x93, 0xf0, 0x7c, 0x83, 0xa3, 0xf2, 0x4b, 0xd8, 0x0d, + 0x75, 0xbd, 0x81, 0x63, 0x7b, 0x98, 0x5c, 0xab, 0xdc, 0xa1, 0xed, 0x9b, 0x7d, 0xac, 0x45, 0x2a, + 0x94, 0xe6, 0xb2, 0x0e, 0x29, 0xd4, 0x7d, 0xd8, 0x0d, 0x54, 0x02, 0x5c, 0xf6, 0xb2, 0xb2, 0x5c, + 0xcc, 0x31, 0x95, 0x0e, 0xec, 0x1d, 0x9b, 0x9e, 0xcf, 0x13, 0xf1, 0x82, 0x78, 0x3e, 0x86, 0xe4, + 0x05, 0xbd, 0x62, 0xf2, 0xdc, 0xef, 0x2e, 0xb8, 0x89, 0xaa, 0x5c, 0x5d, 0x69, 0xc3, 0xfe, 0x24, + 0x1e, 0x8f, 0xf9, 0x43, 0xd8, 0xe6, 0x08, 0xa4, 0x9c, 0x64, 0x46, 0xee, 0xc4, 0x42, 0xaa, 0xa1, + 0xaa, 0xf2, 0x02, 0xf6, 0xeb, 0x2e, 0xd6, 0x7d, 0x1c, 0x3c, 0xe2, 0xf1, 0x3d, 0x86, 0x2d, 0xae, + 0xc3, 0x03, 0x9c, 0x83, 0x16, 0x68, 0x2a, 0xc7, 0x70, 0x7b, 0x0a, 0x8c, 0x07, 0xf7, 0x56, 0x68, + 0x1f, 0xc2, 0x7e, 0x03, 0x5b, 0x78, 0x26, 0xb4, 0x02, 0x40, 0xd0, 0x3d, 0xe1, 0x25, 0x3f, 0xc5, + 0x25, 0xad, 0x9e, 0xf2, 0x0e, 0xdc, 0x9e, 0x32, 0x63, 0x41, 0x28, 0xff, 0x91, 0xe0, 0xee, 0xab, + 0x41, 0x6f, 0x1c, 0x5e, 0xcd, 0xb6, 0x1d, 0x9f, 0x2e, 0x3e, 0x6f, 0x39, 0x6c, 0xd4, 0x83, 0xb4, + 0x3e, 0x36, 0xe2, 0x1f, 0x11, 0x4f, 0x67, 0x73, 0x59, 0xe0, 0xa6, 0x1c, 0x11, 0x31, 0xea, 0x8c, + 0xc2, 0xca, 0x3f, 0x82, 0xdc, 0xb4, 0xc2, 0x4a, 0xe4, 0xa9, 0x40, 0x29, 0x3e, 0x00, 0x5e, 0x0c, + 0x13, 0xee, 0x4c, 0xe8, 0x30, 0xfa, 0x5c, 0xae, 0x0a, 0x21, 0x19, 0x27, 0x96, 0x21, 0x63, 0xe5, + 0x3b, 0x20, 0x8b, 0x5c, 0xf1, 0x40, 0x2e, 0x60, 0xaf, 0xe6, 0xfb, 0xba, 0x71, 0xc5, 0x19, 0x72, + 0xb9, 0x10, 0x3e, 0x80, 0x24, 0xa3, 0x09, 0xbe, 0xa1, 0xe2, 0x19, 0x97, 0xeb, 0x29, 0x07, 0xb0, + 0x3f, 0xe9, 0x87, 0xfb, 0x7f, 0x0e, 0x7b, 0x0d, 0xbc, 0xb2, 0xff, 0x60, 0x77, 0x26, 0xc6, 0xbb, + 0x93, 0x78, 0x98, 0x44, 0xe2, 0x1e, 0xfe, 0x28, 0x41, 0x81, 0xb9, 0x9e, 0x61, 0xf1, 0xe5, 0x9c, + 0x9d, 0xc0, 0xad, 0x19, 0x22, 0xe4, 0x79, 0x2f, 0x73, 0x55, 0xc8, 0x4d, 0x33, 0xa0, 0x52, 0x82, + 0x62, 0x5c, 0x40, 0x3c, 0x66, 0x15, 0x0a, 0x2c, 0x97, 0xb7, 0x0c, 0x59, 0x54, 0x9f, 0x12, 0x14, + 0xe3, 0x30, 0xb9, 0xd7, 0x5d, 0xd8, 0xe1, 0xac, 0xcd, 0xbc, 0x28, 0x57, 0x90, 0x0d, 0x04, 0x7c, + 0x93, 0x9c, 0xc3, 0xfe, 0x04, 0x75, 0x68, 0xfc, 0x13, 0x93, 0xad, 0xbc, 0xf7, 0xe6, 0x33, 0x08, + 0xc7, 0x42, 0xfd, 0x19, 0x99, 0xf2, 0x10, 0xd2, 0xcd, 0x5f, 0x63, 0x63, 0xc9, 0x1d, 0x53, 0x82, + 0x0c, 0xd3, 0xe6, 0x51, 0xe5, 0x60, 0x7d, 0xe8, 0x5a, 0xc1, 0x74, 0x0e, 0x5d, 0xeb, 0xf0, 0x3d, + 0xd8, 0xa4, 0x7d, 0x8e, 0x32, 0xb0, 0xfd, 0xf2, 0xe4, 0x75, 0x53, 0xd5, 0x4e, 0x3a, 0xb9, 0x35, + 0xb4, 0x03, 0x29, 0x7e, 0x7a, 0xf6, 0x2c, 0x27, 0x1d, 0x7e, 0x04, 0xe9, 0xc8, 0x75, 0x01, 0x21, + 0xc8, 0x9e, 0x9f, 0x1c, 0xbf, 0x6a, 0x37, 0xb5, 0x97, 0xcd, 0x4e, 0xa3, 0xd5, 0xf9, 0x2c, 0xb7, + 0x86, 0xf6, 0x60, 0x97, 0xcb, 0x6a, 0x67, 0x67, 0xb5, 0xfa, 0xf3, 0x66, 0x23, 0x27, 0x1d, 0x9e, + 0xc3, 0x6d, 0x21, 0xd5, 0xa3, 0x02, 0xdc, 0xe9, 0x34, 0xcf, 0x5e, 0x9f, 0xa8, 0x2f, 0xb4, 0x56, + 0xe7, 0xac, 0xa9, 0x3e, 0xab, 0xd5, 0xa3, 0x60, 0x45, 0x90, 0x67, 0x1f, 0x47, 0x70, 0x2f, 0xc3, + 0x2b, 0x02, 0x83, 0xdb, 0x83, 0xdd, 0x76, 0xad, 0xfe, 0xbc, 0xd5, 0x99, 0x8a, 0x28, 0x10, 0xaa, + 0xaf, 0x3a, 0x1d, 0x22, 0x94, 0xd0, 0x6d, 0xb8, 0x15, 0x08, 0x4f, 0x5f, 0x9d, 0x12, 0xe5, 0x66, + 0x23, 0x97, 0x40, 0x07, 0x80, 0x02, 0xf1, 0x59, 0x53, 0x6d, 0xb7, 0x3a, 0xb5, 0xb3, 0x66, 0x23, + 0xb7, 0x5e, 0xfd, 0x3a, 0x05, 0xd9, 0x60, 0x3f, 0x33, 0xbe, 0x44, 0x2f, 0x61, 0x8b, 0x73, 0x26, + 0x2a, 0x09, 0xa6, 0x79, 0x82, 0xce, 0xe5, 0x7b, 0x73, 0x34, 0x78, 0x33, 0xad, 0x21, 0x0d, 0x32, + 0x51, 0xaa, 0x44, 0xdf, 0x9b, 0x35, 0x12, 0x50, 0xb3, 0xfc, 0xfe, 0x22, 0xb5, 0xd0, 0x41, 0x17, + 0x76, 0x26, 0xf8, 0x0e, 0x09, 0x4c, 0x45, 0xec, 0x2a, 0xdf, 0x5f, 0xa8, 0x17, 0xf5, 0x31, 0x41, + 0x67, 0x22, 0x1f, 0x22, 0x9a, 0x14, 0xf9, 0x10, 0xf3, 0xe2, 0x1a, 0xfa, 0x9d, 0x04, 0xf9, 0x38, + 0xc6, 0x40, 0x47, 0x2b, 0xd3, 0x9b, 0x5c, 0x5d, 0xc5, 0x84, 0x8f, 0x90, 0x03, 0x68, 0x96, 0x25, + 0xd0, 0xf7, 0x17, 0x20, 0x45, 0x69, 0x4b, 0x7e, 0xb8, 0x9c, 0x32, 0x77, 0xa8, 0x41, 0x26, 0x4a, + 0x08, 0xa2, 0xee, 0x10, 0x10, 0x93, 0xa8, 0x3b, 0x84, 0xbc, 0x42, 0xdb, 0x2f, 0xca, 0x07, 0x22, + 0x07, 0x02, 0xe6, 0x91, 0xdf, 0x5f, 0xa4, 0x16, 0x3a, 0xf8, 0x12, 0x0e, 0xc4, 0x6b, 0x1c, 0x55, + 0xe2, 0x82, 0x8c, 0x59, 0xe7, 0xf2, 0x07, 0xcb, 0x1b, 0xf0, 0xf2, 0x7d, 0x09, 0x07, 0xe2, 0x6d, + 0x2e, 0x72, 0x3e, 0x97, 0x4b, 0x44, 0xce, 0xe7, 0x13, 0x05, 0x7a, 0x01, 0x49, 0xfe, 0x29, 0x21, + 0xb8, 0x37, 0x4f, 0x50, 0x88, 0x5c, 0x8a, 0x57, 0xe0, 0x60, 0x4d, 0xd8, 0x20, 0xcb, 0x1c, 0x09, + 0xbe, 0xe5, 0x22, 0x94, 0x20, 0x17, 0xe3, 0x1e, 0x33, 0x98, 0xa7, 0x3f, 0xfd, 0xea, 0x9b, 0xa2, + 0xf4, 0xcf, 0x6f, 0x8a, 0x6b, 0xbf, 0xbd, 0x29, 0x4a, 0x5f, 0xdd, 0x14, 0xa5, 0xaf, 0x6f, 0x8a, + 0xd2, 0xbf, 0x6e, 0x8a, 0xd2, 0x9f, 0xfe, 0x5d, 0x5c, 0xfb, 0xf9, 0x93, 0x15, 0xfe, 0x40, 0x60, + 0x6e, 0xc2, 0xff, 0x10, 0xba, 0x49, 0xfa, 0x07, 0xc2, 0xe3, 0xff, 0x05, 0x00, 0x00, 0xff, 0xff, + 0xd7, 0x93, 0x87, 0xc8, 0xd1, 0x18, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -3080,6 +3091,27 @@ func (m *VolumeConnection) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + if len(m.EncryptionData) > 0 { + for k := range m.EncryptionData { + v := m.EncryptionData[k] + baseI := i + if len(v) > 0 { + i -= len(v) + copy(dAtA[i:], v) + i = encodeVarintApi(dAtA, i, uint64(len(v))) + i-- + dAtA[i] = 0x12 + } + i -= len(k) + copy(dAtA[i:], k) + i = encodeVarintApi(dAtA, i, uint64(len(k))) + i-- + dAtA[i] = 0xa + i = encodeVarintApi(dAtA, i, uint64(baseI-i)) + i-- + dAtA[i] = 0x2a + } + } if len(m.SecretData) > 0 { for k := range m.SecretData { v := m.SecretData[k] @@ -4505,6 +4537,18 @@ func (m *VolumeConnection) Size() (n int) { n += mapEntrySize + 1 + sovApi(uint64(mapEntrySize)) } } + if len(m.EncryptionData) > 0 { + for k, v := range m.EncryptionData { + _ = k + _ = v + l = 0 + if len(v) > 0 { + l = 1 + len(v) + sovApi(uint64(len(v))) + } + mapEntrySize := 1 + len(k) + sovApi(uint64(len(k))) + l + n += mapEntrySize + 1 + sovApi(uint64(mapEntrySize)) + } + } return n } @@ -5146,11 +5190,22 @@ func (this *VolumeConnection) String() string { mapStringForSecretData += fmt.Sprintf("%v: %v,", k, this.SecretData[k]) } mapStringForSecretData += "}" + keysForEncryptionData := make([]string, 0, len(this.EncryptionData)) + for k, _ := range this.EncryptionData { + keysForEncryptionData = append(keysForEncryptionData, k) + } + github_com_gogo_protobuf_sortkeys.Strings(keysForEncryptionData) + mapStringForEncryptionData := "map[string][]byte{" + for _, k := range keysForEncryptionData { + mapStringForEncryptionData += fmt.Sprintf("%v: %v,", k, this.EncryptionData[k]) + } + mapStringForEncryptionData += "}" s := strings.Join([]string{`&VolumeConnection{`, `Driver:` + fmt.Sprintf("%v", this.Driver) + `,`, `Handle:` + fmt.Sprintf("%v", this.Handle) + `,`, `Attributes:` + mapStringForAttributes + `,`, `SecretData:` + mapStringForSecretData + `,`, + `EncryptionData:` + mapStringForEncryptionData + `,`, `}`, }, "") return s @@ -6876,6 +6931,134 @@ func (m *VolumeConnection) Unmarshal(dAtA []byte) error { } m.SecretData[mapkey] = mapvalue iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field EncryptionData", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApi + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthApi + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthApi + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.EncryptionData == nil { + m.EncryptionData = make(map[string][]byte) + } + var mapkey string + mapvalue := []byte{} + for iNdEx < postIndex { + entryPreIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApi + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + if fieldNum == 1 { + var stringLenmapkey uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApi + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapkey |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapkey := int(stringLenmapkey) + if intStringLenmapkey < 0 { + return ErrInvalidLengthApi + } + postStringIndexmapkey := iNdEx + intStringLenmapkey + if postStringIndexmapkey < 0 { + return ErrInvalidLengthApi + } + if postStringIndexmapkey > l { + return io.ErrUnexpectedEOF + } + mapkey = string(dAtA[iNdEx:postStringIndexmapkey]) + iNdEx = postStringIndexmapkey + } else if fieldNum == 2 { + var mapbyteLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApi + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + mapbyteLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intMapbyteLen := int(mapbyteLen) + if intMapbyteLen < 0 { + return ErrInvalidLengthApi + } + postbytesIndex := iNdEx + intMapbyteLen + if postbytesIndex < 0 { + return ErrInvalidLengthApi + } + if postbytesIndex > l { + return io.ErrUnexpectedEOF + } + mapvalue = make([]byte, mapbyteLen) + copy(mapvalue, dAtA[iNdEx:postbytesIndex]) + iNdEx = postbytesIndex + } else { + iNdEx = entryPreIndex + skippy, err := skipApi(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthApi + } + if (iNdEx + skippy) > postIndex { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + m.EncryptionData[mapkey] = mapvalue + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipApi(dAtA[iNdEx:]) diff --git a/iri/apis/machine/v1alpha1/api.proto b/iri/apis/machine/v1alpha1/api.proto index dc8bf5020..05ec5757b 100644 --- a/iri/apis/machine/v1alpha1/api.proto +++ b/iri/apis/machine/v1alpha1/api.proto @@ -68,6 +68,7 @@ message VolumeConnection { string handle = 2; map attributes = 3; map secret_data = 4; + map encryption_data = 5; } message Volume { diff --git a/poollet/machinepoollet/controllers/machine_controller_volume.go b/poollet/machinepoollet/controllers/machine_controller_volume.go index efc23fa06..b36ccd08e 100644 --- a/poollet/machinepoollet/controllers/machine_controller_volume.go +++ b/poollet/machinepoollet/controllers/machine_controller_volume.go @@ -142,14 +142,35 @@ func (r *MachineReconciler) prepareRemoteIRIVolume( secretData = secret.Data } + var encryptionData map[string][]byte + if encryption := volume.Spec.Encryption; encryption != nil { + secret := &corev1.Secret{} + secretKey := client.ObjectKey{Namespace: volume.Namespace, Name: encryption.SecretRef.Name} + if err := r.Get(ctx, secretKey, secret); err != nil { + if !apierrors.IsNotFound(err) { + return nil, false, fmt.Errorf("error getting volume encryption secret %s: %w", secretKey.Name, err) + } + + r.Eventf(machine, corev1.EventTypeNormal, events.VolumeNotReady, + "Volume %s encryption secret %s not found", + volume.Name, + secretKey.Name, + ) + return nil, false, nil + } + + encryptionData = secret.Data + } + return &iri.Volume{ Name: machineVolume.Name, Device: *machineVolume.Device, Connection: &iri.VolumeConnection{ - Driver: access.Driver, - Handle: access.Handle, - Attributes: access.VolumeAttributes, - SecretData: secretData, + Driver: access.Driver, + Handle: access.Handle, + Attributes: access.VolumeAttributes, + SecretData: secretData, + EncryptionData: encryptionData, }, }, true, nil }