From db3da8221ebc6875a96763621e13f754505a864e Mon Sep 17 00:00:00 2001 From: Jianfei Hu Date: Wed, 27 Jun 2018 09:32:11 -0700 Subject: [PATCH] Remove node agent service, residue from flexvolume driver. (#6651) * Remove node agent service, residue from flexvolume driver. * Update Makefile. --- Makefile | 2 +- security/proto/nodeagent_service.pb.go | 1090 ----------------- security/proto/nodeagent_service.proto | 56 - .../proto/nodeagent_service.proto_descriptor | Bin 12860 -> 0 bytes security/{cmd => tools}/generate_cert/main.go | 0 security/{cmd => tools}/generate_csr/main.go | 0 6 files changed, 1 insertion(+), 1147 deletions(-) delete mode 100644 security/proto/nodeagent_service.pb.go delete mode 100644 security/proto/nodeagent_service.proto delete mode 100644 security/proto/nodeagent_service.proto_descriptor rename security/{cmd => tools}/generate_cert/main.go (100%) rename security/{cmd => tools}/generate_csr/main.go (100%) diff --git a/Makefile b/Makefile index 50029cfae35a..167530c57afd 100644 --- a/Makefile +++ b/Makefile @@ -247,7 +247,7 @@ depend.diff: $(ISTIO_OUT) git diff HEAD --exit-code -- Gopkg.lock vendor > $(ISTIO_OUT)/dep.diff ${GEN_CERT}: - GOOS=$(GOOS_LOCAL) && GOARCH=$(GOARCH_LOCAL) && CGO_ENABLED=1 bin/gobuild.sh $@ ./security/cmd/generate_cert + GOOS=$(GOOS_LOCAL) && GOARCH=$(GOARCH_LOCAL) && CGO_ENABLED=1 bin/gobuild.sh $@ ./security/tools/generate_cert #----------------------------------------------------------------------------- # Target: precommit diff --git a/security/proto/nodeagent_service.pb.go b/security/proto/nodeagent_service.pb.go deleted file mode 100644 index 7b93588f11ed..000000000000 --- a/security/proto/nodeagent_service.pb.go +++ /dev/null @@ -1,1090 +0,0 @@ -// Code generated by protoc-gen-gogo. DO NOT EDIT. -// source: security/proto/nodeagent_service.proto - -/* - Package istio_v1_auth is a generated protocol buffer package. - - It is generated from these files: - security/proto/nodeagent_service.proto - - It has these top-level messages: - NodeAgentMgmtResponse - WorkloadInfo -*/ -package istio_v1_auth - -import proto "github.com/gogo/protobuf/proto" -import fmt "fmt" -import math "math" -import google_rpc "github.com/gogo/googleapis/google/rpc" - -import strings "strings" -import reflect "reflect" - -import context "golang.org/x/net/context" -import grpc "google.golang.org/grpc" - -import io "io" - -// Reference imports to suppress errors if they are not otherwise used. -var _ = proto.Marshal -var _ = fmt.Errorf -var _ = math.Inf - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the proto package it is being compiled against. -// A compilation error at this line likely means your copy of the -// proto package needs to be updated. -const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package - -type NodeAgentMgmtResponse struct { - Status *google_rpc.Status `protobuf:"bytes,1,opt,name=status" json:"status,omitempty"` -} - -func (m *NodeAgentMgmtResponse) Reset() { *m = NodeAgentMgmtResponse{} } -func (*NodeAgentMgmtResponse) ProtoMessage() {} -func (*NodeAgentMgmtResponse) Descriptor() ([]byte, []int) { - return fileDescriptorNodeagentService, []int{0} -} - -func (m *NodeAgentMgmtResponse) GetStatus() *google_rpc.Status { - if m != nil { - return m.Status - } - return nil -} - -type WorkloadInfo struct { - // WorkloadAttributes are the properties of the workload that a caller, - // Flexvolume driver knows off. - // Node agent can use them to verify the credentials of the workload. - Attrs *WorkloadInfo_WorkloadAttributes `protobuf:"bytes,1,opt,name=attrs" json:"attrs,omitempty"` - // workloadpath is where the caller has hosted a volume specific for - // the workload. The node agent will use this directory to communicate with the - // specific workload. - Workloadpath string `protobuf:"bytes,2,opt,name=workloadpath,proto3" json:"workloadpath,omitempty"` -} - -func (m *WorkloadInfo) Reset() { *m = WorkloadInfo{} } -func (*WorkloadInfo) ProtoMessage() {} -func (*WorkloadInfo) Descriptor() ([]byte, []int) { return fileDescriptorNodeagentService, []int{1} } - -func (m *WorkloadInfo) GetAttrs() *WorkloadInfo_WorkloadAttributes { - if m != nil { - return m.Attrs - } - return nil -} - -func (m *WorkloadInfo) GetWorkloadpath() string { - if m != nil { - return m.Workloadpath - } - return "" -} - -type WorkloadInfo_WorkloadAttributes struct { - // uid: Unique Id of the Workload. - // During delete the uid is mandatory. - Uid string `protobuf:"bytes,1,opt,name=uid,proto3" json:"uid,omitempty"` - // workload identifier aka name. - Workload string `protobuf:"bytes,2,opt,name=workload,proto3" json:"workload,omitempty"` - // namespace of the workload. - Namespace string `protobuf:"bytes,3,opt,name=namespace,proto3" json:"namespace,omitempty"` - // service account of the workload. - Serviceaccount string `protobuf:"bytes,4,opt,name=serviceaccount,proto3" json:"serviceaccount,omitempty"` -} - -func (m *WorkloadInfo_WorkloadAttributes) Reset() { *m = WorkloadInfo_WorkloadAttributes{} } -func (*WorkloadInfo_WorkloadAttributes) ProtoMessage() {} -func (*WorkloadInfo_WorkloadAttributes) Descriptor() ([]byte, []int) { - return fileDescriptorNodeagentService, []int{1, 0} -} - -func (m *WorkloadInfo_WorkloadAttributes) GetUid() string { - if m != nil { - return m.Uid - } - return "" -} - -func (m *WorkloadInfo_WorkloadAttributes) GetWorkload() string { - if m != nil { - return m.Workload - } - return "" -} - -func (m *WorkloadInfo_WorkloadAttributes) GetNamespace() string { - if m != nil { - return m.Namespace - } - return "" -} - -func (m *WorkloadInfo_WorkloadAttributes) GetServiceaccount() string { - if m != nil { - return m.Serviceaccount - } - return "" -} - -func init() { - proto.RegisterType((*NodeAgentMgmtResponse)(nil), "istio.v1.auth.NodeAgentMgmtResponse") - proto.RegisterType((*WorkloadInfo)(nil), "istio.v1.auth.WorkloadInfo") - proto.RegisterType((*WorkloadInfo_WorkloadAttributes)(nil), "istio.v1.auth.WorkloadInfo.WorkloadAttributes") -} -func (this *NodeAgentMgmtResponse) Equal(that interface{}) bool { - if that == nil { - return this == nil - } - - that1, ok := that.(*NodeAgentMgmtResponse) - if !ok { - that2, ok := that.(NodeAgentMgmtResponse) - if ok { - that1 = &that2 - } else { - return false - } - } - if that1 == nil { - return this == nil - } else if this == nil { - return false - } - if !this.Status.Equal(that1.Status) { - return false - } - return true -} -func (this *WorkloadInfo) Equal(that interface{}) bool { - if that == nil { - return this == nil - } - - that1, ok := that.(*WorkloadInfo) - if !ok { - that2, ok := that.(WorkloadInfo) - if ok { - that1 = &that2 - } else { - return false - } - } - if that1 == nil { - return this == nil - } else if this == nil { - return false - } - if !this.Attrs.Equal(that1.Attrs) { - return false - } - if this.Workloadpath != that1.Workloadpath { - return false - } - return true -} -func (this *WorkloadInfo_WorkloadAttributes) Equal(that interface{}) bool { - if that == nil { - return this == nil - } - - that1, ok := that.(*WorkloadInfo_WorkloadAttributes) - if !ok { - that2, ok := that.(WorkloadInfo_WorkloadAttributes) - if ok { - that1 = &that2 - } else { - return false - } - } - if that1 == nil { - return this == nil - } else if this == nil { - return false - } - if this.Uid != that1.Uid { - return false - } - if this.Workload != that1.Workload { - return false - } - if this.Namespace != that1.Namespace { - return false - } - if this.Serviceaccount != that1.Serviceaccount { - return false - } - return true -} -func (this *NodeAgentMgmtResponse) GoString() string { - if this == nil { - return "nil" - } - s := make([]string, 0, 5) - s = append(s, "&istio_v1_auth.NodeAgentMgmtResponse{") - if this.Status != nil { - s = append(s, "Status: "+fmt.Sprintf("%#v", this.Status)+",\n") - } - s = append(s, "}") - return strings.Join(s, "") -} -func (this *WorkloadInfo) GoString() string { - if this == nil { - return "nil" - } - s := make([]string, 0, 6) - s = append(s, "&istio_v1_auth.WorkloadInfo{") - if this.Attrs != nil { - s = append(s, "Attrs: "+fmt.Sprintf("%#v", this.Attrs)+",\n") - } - s = append(s, "Workloadpath: "+fmt.Sprintf("%#v", this.Workloadpath)+",\n") - s = append(s, "}") - return strings.Join(s, "") -} -func (this *WorkloadInfo_WorkloadAttributes) GoString() string { - if this == nil { - return "nil" - } - s := make([]string, 0, 8) - s = append(s, "&istio_v1_auth.WorkloadInfo_WorkloadAttributes{") - s = append(s, "Uid: "+fmt.Sprintf("%#v", this.Uid)+",\n") - s = append(s, "Workload: "+fmt.Sprintf("%#v", this.Workload)+",\n") - s = append(s, "Namespace: "+fmt.Sprintf("%#v", this.Namespace)+",\n") - s = append(s, "Serviceaccount: "+fmt.Sprintf("%#v", this.Serviceaccount)+",\n") - s = append(s, "}") - return strings.Join(s, "") -} -func valueToGoStringNodeagentService(v interface{}, typ string) string { - rv := reflect.ValueOf(v) - if rv.IsNil() { - return "nil" - } - pv := reflect.Indirect(rv).Interface() - return fmt.Sprintf("func(v %v) *%v { return &v } ( %#v )", typ, typ, pv) -} - -// Reference imports to suppress errors if they are not otherwise used. -var _ context.Context -var _ grpc.ClientConn - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the grpc package it is being compiled against. -const _ = grpc.SupportPackageIsVersion4 - -// Client API for NodeAgentService service - -type NodeAgentServiceClient interface { - // WorkloadAdded is used to notify Node Agent about a workload getting - WorkloadAdded(ctx context.Context, in *WorkloadInfo, opts ...grpc.CallOption) (*NodeAgentMgmtResponse, error) - // WorkloadDeleted is used to notify Node Agent about a workload getting - // added on a node. - WorkloadDeleted(ctx context.Context, in *WorkloadInfo, opts ...grpc.CallOption) (*NodeAgentMgmtResponse, error) -} - -type nodeAgentServiceClient struct { - cc *grpc.ClientConn -} - -func NewNodeAgentServiceClient(cc *grpc.ClientConn) NodeAgentServiceClient { - return &nodeAgentServiceClient{cc} -} - -func (c *nodeAgentServiceClient) WorkloadAdded(ctx context.Context, in *WorkloadInfo, opts ...grpc.CallOption) (*NodeAgentMgmtResponse, error) { - out := new(NodeAgentMgmtResponse) - err := grpc.Invoke(ctx, "/istio.v1.auth.NodeAgentService/WorkloadAdded", in, out, c.cc, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *nodeAgentServiceClient) WorkloadDeleted(ctx context.Context, in *WorkloadInfo, opts ...grpc.CallOption) (*NodeAgentMgmtResponse, error) { - out := new(NodeAgentMgmtResponse) - err := grpc.Invoke(ctx, "/istio.v1.auth.NodeAgentService/WorkloadDeleted", in, out, c.cc, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -// Server API for NodeAgentService service - -type NodeAgentServiceServer interface { - // WorkloadAdded is used to notify Node Agent about a workload getting - WorkloadAdded(context.Context, *WorkloadInfo) (*NodeAgentMgmtResponse, error) - // WorkloadDeleted is used to notify Node Agent about a workload getting - // added on a node. - WorkloadDeleted(context.Context, *WorkloadInfo) (*NodeAgentMgmtResponse, error) -} - -func RegisterNodeAgentServiceServer(s *grpc.Server, srv NodeAgentServiceServer) { - s.RegisterService(&_NodeAgentService_serviceDesc, srv) -} - -func _NodeAgentService_WorkloadAdded_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(WorkloadInfo) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(NodeAgentServiceServer).WorkloadAdded(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/istio.v1.auth.NodeAgentService/WorkloadAdded", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(NodeAgentServiceServer).WorkloadAdded(ctx, req.(*WorkloadInfo)) - } - return interceptor(ctx, in, info, handler) -} - -func _NodeAgentService_WorkloadDeleted_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(WorkloadInfo) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(NodeAgentServiceServer).WorkloadDeleted(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/istio.v1.auth.NodeAgentService/WorkloadDeleted", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(NodeAgentServiceServer).WorkloadDeleted(ctx, req.(*WorkloadInfo)) - } - return interceptor(ctx, in, info, handler) -} - -var _NodeAgentService_serviceDesc = grpc.ServiceDesc{ - ServiceName: "istio.v1.auth.NodeAgentService", - HandlerType: (*NodeAgentServiceServer)(nil), - Methods: []grpc.MethodDesc{ - { - MethodName: "WorkloadAdded", - Handler: _NodeAgentService_WorkloadAdded_Handler, - }, - { - MethodName: "WorkloadDeleted", - Handler: _NodeAgentService_WorkloadDeleted_Handler, - }, - }, - Streams: []grpc.StreamDesc{}, - Metadata: "security/proto/nodeagent_service.proto", -} - -func (m *NodeAgentMgmtResponse) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *NodeAgentMgmtResponse) MarshalTo(dAtA []byte) (int, error) { - var i int - _ = i - var l int - _ = l - if m.Status != nil { - dAtA[i] = 0xa - i++ - i = encodeVarintNodeagentService(dAtA, i, uint64(m.Status.Size())) - n1, err := m.Status.MarshalTo(dAtA[i:]) - if err != nil { - return 0, err - } - i += n1 - } - return i, nil -} - -func (m *WorkloadInfo) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *WorkloadInfo) MarshalTo(dAtA []byte) (int, error) { - var i int - _ = i - var l int - _ = l - if m.Attrs != nil { - dAtA[i] = 0xa - i++ - i = encodeVarintNodeagentService(dAtA, i, uint64(m.Attrs.Size())) - n2, err := m.Attrs.MarshalTo(dAtA[i:]) - if err != nil { - return 0, err - } - i += n2 - } - if len(m.Workloadpath) > 0 { - dAtA[i] = 0x12 - i++ - i = encodeVarintNodeagentService(dAtA, i, uint64(len(m.Workloadpath))) - i += copy(dAtA[i:], m.Workloadpath) - } - return i, nil -} - -func (m *WorkloadInfo_WorkloadAttributes) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *WorkloadInfo_WorkloadAttributes) MarshalTo(dAtA []byte) (int, error) { - var i int - _ = i - var l int - _ = l - if len(m.Uid) > 0 { - dAtA[i] = 0xa - i++ - i = encodeVarintNodeagentService(dAtA, i, uint64(len(m.Uid))) - i += copy(dAtA[i:], m.Uid) - } - if len(m.Workload) > 0 { - dAtA[i] = 0x12 - i++ - i = encodeVarintNodeagentService(dAtA, i, uint64(len(m.Workload))) - i += copy(dAtA[i:], m.Workload) - } - if len(m.Namespace) > 0 { - dAtA[i] = 0x1a - i++ - i = encodeVarintNodeagentService(dAtA, i, uint64(len(m.Namespace))) - i += copy(dAtA[i:], m.Namespace) - } - if len(m.Serviceaccount) > 0 { - dAtA[i] = 0x22 - i++ - i = encodeVarintNodeagentService(dAtA, i, uint64(len(m.Serviceaccount))) - i += copy(dAtA[i:], m.Serviceaccount) - } - return i, nil -} - -func encodeVarintNodeagentService(dAtA []byte, offset int, v uint64) int { - for v >= 1<<7 { - dAtA[offset] = uint8(v&0x7f | 0x80) - v >>= 7 - offset++ - } - dAtA[offset] = uint8(v) - return offset + 1 -} -func (m *NodeAgentMgmtResponse) Size() (n int) { - var l int - _ = l - if m.Status != nil { - l = m.Status.Size() - n += 1 + l + sovNodeagentService(uint64(l)) - } - return n -} - -func (m *WorkloadInfo) Size() (n int) { - var l int - _ = l - if m.Attrs != nil { - l = m.Attrs.Size() - n += 1 + l + sovNodeagentService(uint64(l)) - } - l = len(m.Workloadpath) - if l > 0 { - n += 1 + l + sovNodeagentService(uint64(l)) - } - return n -} - -func (m *WorkloadInfo_WorkloadAttributes) Size() (n int) { - var l int - _ = l - l = len(m.Uid) - if l > 0 { - n += 1 + l + sovNodeagentService(uint64(l)) - } - l = len(m.Workload) - if l > 0 { - n += 1 + l + sovNodeagentService(uint64(l)) - } - l = len(m.Namespace) - if l > 0 { - n += 1 + l + sovNodeagentService(uint64(l)) - } - l = len(m.Serviceaccount) - if l > 0 { - n += 1 + l + sovNodeagentService(uint64(l)) - } - return n -} - -func sovNodeagentService(x uint64) (n int) { - for { - n++ - x >>= 7 - if x == 0 { - break - } - } - return n -} -func sozNodeagentService(x uint64) (n int) { - return sovNodeagentService(uint64((x << 1) ^ uint64((int64(x) >> 63)))) -} -func (this *NodeAgentMgmtResponse) String() string { - if this == nil { - return "nil" - } - s := strings.Join([]string{`&NodeAgentMgmtResponse{`, - `Status:` + strings.Replace(fmt.Sprintf("%v", this.Status), "Status", "google_rpc.Status", 1) + `,`, - `}`, - }, "") - return s -} -func (this *WorkloadInfo) String() string { - if this == nil { - return "nil" - } - s := strings.Join([]string{`&WorkloadInfo{`, - `Attrs:` + strings.Replace(fmt.Sprintf("%v", this.Attrs), "WorkloadInfo_WorkloadAttributes", "WorkloadInfo_WorkloadAttributes", 1) + `,`, - `Workloadpath:` + fmt.Sprintf("%v", this.Workloadpath) + `,`, - `}`, - }, "") - return s -} -func (this *WorkloadInfo_WorkloadAttributes) String() string { - if this == nil { - return "nil" - } - s := strings.Join([]string{`&WorkloadInfo_WorkloadAttributes{`, - `Uid:` + fmt.Sprintf("%v", this.Uid) + `,`, - `Workload:` + fmt.Sprintf("%v", this.Workload) + `,`, - `Namespace:` + fmt.Sprintf("%v", this.Namespace) + `,`, - `Serviceaccount:` + fmt.Sprintf("%v", this.Serviceaccount) + `,`, - `}`, - }, "") - return s -} -func valueToStringNodeagentService(v interface{}) string { - rv := reflect.ValueOf(v) - if rv.IsNil() { - return "nil" - } - pv := reflect.Indirect(rv).Interface() - return fmt.Sprintf("*%v", pv) -} -func (m *NodeAgentMgmtResponse) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNodeagentService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: NodeAgentMgmtResponse: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: NodeAgentMgmtResponse: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Status", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNodeagentService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= (int(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthNodeagentService - } - postIndex := iNdEx + msglen - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.Status == nil { - m.Status = &google_rpc.Status{} - } - if err := m.Status.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipNodeagentService(dAtA[iNdEx:]) - if err != nil { - return err - } - if skippy < 0 { - return ErrInvalidLengthNodeagentService - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *WorkloadInfo) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNodeagentService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: WorkloadInfo: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: WorkloadInfo: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Attrs", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNodeagentService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= (int(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthNodeagentService - } - postIndex := iNdEx + msglen - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.Attrs == nil { - m.Attrs = &WorkloadInfo_WorkloadAttributes{} - } - if err := m.Attrs.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Workloadpath", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNodeagentService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthNodeagentService - } - postIndex := iNdEx + intStringLen - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Workloadpath = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipNodeagentService(dAtA[iNdEx:]) - if err != nil { - return err - } - if skippy < 0 { - return ErrInvalidLengthNodeagentService - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *WorkloadInfo_WorkloadAttributes) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNodeagentService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: WorkloadAttributes: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: WorkloadAttributes: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Uid", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNodeagentService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthNodeagentService - } - postIndex := iNdEx + intStringLen - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Uid = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Workload", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNodeagentService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthNodeagentService - } - postIndex := iNdEx + intStringLen - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Workload = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNodeagentService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthNodeagentService - } - postIndex := iNdEx + intStringLen - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Namespace = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Serviceaccount", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowNodeagentService - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthNodeagentService - } - postIndex := iNdEx + intStringLen - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Serviceaccount = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipNodeagentService(dAtA[iNdEx:]) - if err != nil { - return err - } - if skippy < 0 { - return ErrInvalidLengthNodeagentService - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func skipNodeagentService(dAtA []byte) (n int, err error) { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowNodeagentService - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - wireType := int(wire & 0x7) - switch wireType { - case 0: - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowNodeagentService - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - iNdEx++ - if dAtA[iNdEx-1] < 0x80 { - break - } - } - return iNdEx, nil - case 1: - iNdEx += 8 - return iNdEx, nil - case 2: - var length int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowNodeagentService - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - length |= (int(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - iNdEx += length - if length < 0 { - return 0, ErrInvalidLengthNodeagentService - } - return iNdEx, nil - case 3: - for { - var innerWire uint64 - var start int = iNdEx - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowNodeagentService - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - innerWire |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - innerWireType := int(innerWire & 0x7) - if innerWireType == 4 { - break - } - next, err := skipNodeagentService(dAtA[start:]) - if err != nil { - return 0, err - } - iNdEx = start + next - } - return iNdEx, nil - case 4: - return iNdEx, nil - case 5: - iNdEx += 4 - return iNdEx, nil - default: - return 0, fmt.Errorf("proto: illegal wireType %d", wireType) - } - } - panic("unreachable") -} - -var ( - ErrInvalidLengthNodeagentService = fmt.Errorf("proto: negative length found during unmarshaling") - ErrIntOverflowNodeagentService = fmt.Errorf("proto: integer overflow") -) - -func init() { - proto.RegisterFile("security/proto/nodeagent_service.proto", fileDescriptorNodeagentService) -} - -var fileDescriptorNodeagentService = []byte{ - // 388 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x52, 0xbf, 0x6e, 0xda, 0x40, - 0x18, 0xf7, 0x41, 0x8b, 0xca, 0x15, 0x5a, 0x74, 0x52, 0x55, 0xcb, 0xad, 0x4e, 0x08, 0x55, 0x08, - 0x75, 0x38, 0x0b, 0x3a, 0x76, 0xa2, 0x65, 0xe9, 0xd0, 0x0e, 0xa6, 0x52, 0xa4, 0x2c, 0xe8, 0xb0, - 0x2f, 0xc6, 0x0a, 0xf8, 0xac, 0xbb, 0xcf, 0x44, 0xd9, 0x22, 0x65, 0xc9, 0x98, 0xc7, 0xc8, 0x43, - 0xe4, 0x01, 0x32, 0x32, 0x66, 0x0c, 0xce, 0x92, 0x91, 0x47, 0x88, 0xb0, 0x8d, 0x13, 0x48, 0x94, - 0x29, 0x9b, 0xbf, 0xdf, 0x3f, 0x7f, 0xfa, 0xdd, 0x87, 0xdb, 0x5a, 0xb8, 0xb1, 0x0a, 0xe0, 0xd8, - 0x8e, 0x94, 0x04, 0x69, 0x87, 0xd2, 0x13, 0xdc, 0x17, 0x21, 0x8c, 0xb4, 0x50, 0xf3, 0xc0, 0x15, - 0x2c, 0xc5, 0x49, 0x3d, 0xd0, 0x10, 0x48, 0x36, 0xef, 0x32, 0x1e, 0xc3, 0xc4, 0xfa, 0xec, 0x4b, - 0xe9, 0x4f, 0x85, 0xad, 0x22, 0xd7, 0xd6, 0xc0, 0x21, 0xd6, 0x99, 0xae, 0xf5, 0x1b, 0x7f, 0xfa, - 0x27, 0x3d, 0xd1, 0x5f, 0x47, 0xfc, 0xf5, 0x67, 0xe0, 0x08, 0x1d, 0xc9, 0x50, 0x0b, 0xf2, 0x1d, - 0x57, 0x32, 0xa1, 0x89, 0x9a, 0xa8, 0xf3, 0xbe, 0x47, 0x58, 0x16, 0xc1, 0x54, 0xe4, 0xb2, 0x61, - 0xca, 0x38, 0xb9, 0xa2, 0x75, 0x5a, 0xc2, 0xb5, 0x3d, 0xa9, 0x0e, 0xa7, 0x92, 0x7b, 0x7f, 0xc2, - 0x03, 0x49, 0x06, 0xf8, 0x2d, 0x07, 0x50, 0x1b, 0x2f, 0x63, 0x5b, 0xdb, 0xb0, 0xc7, 0xda, 0x62, - 0xe8, 0x03, 0xa8, 0x60, 0x1c, 0x83, 0xd0, 0x4e, 0x66, 0x26, 0x2d, 0x5c, 0x3b, 0xca, 0xc9, 0x88, - 0xc3, 0xc4, 0x2c, 0x35, 0x51, 0xa7, 0xea, 0x6c, 0x61, 0xd6, 0x19, 0xc2, 0xe4, 0x69, 0x02, 0x69, - 0xe0, 0x72, 0x1c, 0x78, 0xe9, 0xef, 0xab, 0xce, 0xfa, 0x93, 0x58, 0xf8, 0xdd, 0xc6, 0x98, 0x07, - 0x15, 0x33, 0xf9, 0x8a, 0xab, 0x21, 0x9f, 0x09, 0x1d, 0x71, 0x57, 0x98, 0xe5, 0x94, 0x7c, 0x00, - 0x48, 0x1b, 0x7f, 0xc8, 0xbb, 0xe5, 0xae, 0x2b, 0xe3, 0x10, 0xcc, 0x37, 0xa9, 0x64, 0x07, 0xed, - 0x5d, 0x22, 0xdc, 0x28, 0xba, 0x1c, 0x66, 0x1c, 0x71, 0x70, 0xbd, 0x58, 0xcf, 0xf3, 0x84, 0x47, - 0xbe, 0xbc, 0xd0, 0x85, 0xf5, 0x6d, 0x87, 0x7c, 0xfe, 0x69, 0xfe, 0xe3, 0x8f, 0x1b, 0xd7, 0x40, - 0x4c, 0x05, 0xbc, 0x4a, 0xea, 0xaf, 0x9f, 0x8b, 0x25, 0x35, 0xae, 0x97, 0xd4, 0x58, 0x2d, 0x29, - 0x3a, 0x49, 0x28, 0xba, 0x48, 0x28, 0xba, 0x4a, 0x28, 0x5a, 0x24, 0x14, 0xdd, 0x24, 0x14, 0xdd, - 0x25, 0xd4, 0x58, 0x25, 0x14, 0x9d, 0xdf, 0x52, 0x63, 0x3f, 0xbb, 0xaf, 0xd1, 0xbc, 0x3b, 0x5a, - 0x47, 0x8e, 0x2b, 0xe9, 0x35, 0xfd, 0xb8, 0x0f, 0x00, 0x00, 0xff, 0xff, 0xde, 0x77, 0x5a, 0xa8, - 0x9f, 0x02, 0x00, 0x00, -} diff --git a/security/proto/nodeagent_service.proto b/security/proto/nodeagent_service.proto deleted file mode 100644 index 68025c27a48a..000000000000 --- a/security/proto/nodeagent_service.proto +++ /dev/null @@ -1,56 +0,0 @@ -// Copyright 2018 Istio Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; -import "google/rpc/status.proto"; - -package istio.v1.auth; - -option go_package="istio_v1_auth"; - -// Node agent related services -service NodeAgentService { - // WorkloadAdded is used to notify Node Agent about a workload getting - rpc WorkloadAdded(WorkloadInfo) returns (NodeAgentMgmtResponse); - // WorkloadDeleted is used to notify Node Agent about a workload getting - // added on a node. - rpc WorkloadDeleted(WorkloadInfo) returns (NodeAgentMgmtResponse); -} - -message NodeAgentMgmtResponse { - google.rpc.Status status = 1; -} - -message WorkloadInfo { - message WorkloadAttributes { - // uid: Unique Id of the Workload. - // During delete the uid is mandatory. - string uid = 1; - // workload identifier aka name. - string workload = 2; - // namespace of the workload. - string namespace = 3; - // service account of the workload. - string serviceaccount = 4; - } - - // WorkloadAttributes are the properties of the workload that a caller, - // Flexvolume driver knows off. - // Node agent can use them to verify the credentials of the workload. - WorkloadAttributes attrs = 1; - // workloadpath is where the caller has hosted a volume specific for - // the workload. The node agent will use this directory to communicate with the - // specific workload. - string workloadpath = 2; -} diff --git a/security/proto/nodeagent_service.proto_descriptor b/security/proto/nodeagent_service.proto_descriptor deleted file mode 100644 index 735b2c5699e0de68bf027b01ec536d4e6af69b7a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 12860 zcmeHNOK%%lb`~F!=xev_reA9Mb(`*%C0VB0nxJRkP6tCtw9Ot_lu62p-DtE*WJxNx zSjDL#rREG~l}(ldOnyOt0KsIJ1X)dxWZzk4cG(S(MgBq-`Mz^+6)CwNlgDzjuzBm= zI_KPT&-1&bezUCJI}F1^-(BfP;UL@}9;`UQs3L>nB{OA4m@0p)a@Al|d`}eyqrUs) zF!JXzI0`$qx^r1PztA*;wT8OV344_@$Ty*fg8p8p*FPc$GYnb9PI@IH|iWY!J(@U!l>sAlwJ?}qsTiv8tB!JKKhY; zLDz#$MeC~XYnh967v>~h0*FARqun$Jb?yym#O9=50qEmz85&rNaTu_^@%q)(qSb3heOEO3%lNd*KtT; zSv!%d!MW!R25wj5$d0`(ehiMB0si6cd_O$#f1#ISc)5YjvtRz zEeC{2r6|ZZum;m#ZzjT9%pW)+=56)9q%h)zXcou0P-2tb-cJH>+Fidabpr>s#xa zI~(<_r^^}?^j4#-^k)5ey^VG4#(4-@x>nz;w_gdvC-wFgnLTMV zm9FaTYO`Hm-`T7-_4ZD4yV0s??rfvpTHmbJpVu}j;18a<_OiCs)~#pN&CSyrRl2de zRcliE$!+Sj8lv$o#mhQ`0vp*#q2X3wdTwEdad<| z-fU3)PxMZ!20=Ee?W(W_4X6wA*udIOt1gPGZ?$X9=FWDz-q>2iDepov*m@Q3Zit2( zTih*erPgS^B3bG|PGDK@KC9t54tmRIt4f8mU>xi1$z@;&Tfsq(_o=sPPdDpNYg_9z z%F`g3-FmCGhy$xbwx^^?HSboz6ovxEv`EN>BjWD~(}j|8p1S@-S2tdQ$VRdn7SO6& zbHPiko%Lr{=P>_*%4CZKe+zDQv7gg(NfG6a~zmOIZ*s?_NJwnBSj7k zMGQfaW4jm>KfJSGDb7!oEya8>$AMXt2gUi>lBJj@MGg%`3_+1&yBNaE-+tdxyg&86 zr8r&8abOlrgW~A|N9zcip&y z62Ofm?z7}!PGAn0plN9^6mQ$240&~5SR>jq%OkW8`~5INq7QZ7>AYDP2K-M$YApp= zoMbfCIEq|Qclh1_#l2QoPSTk5T!_{Kh>2=`%5x`*j~u@mj3$|<(w`-kP{OWG)7c4nV@kpYnp^xtR=xkJ z4m^KsOk-=(Jef9JKzu843+sbjy+300C0$eMpeG*s1x$3^183+DSh*>EU);yEKTh9^ zD{K-DhQ42s3D$=9wKEYE7%=EsbU$M?QnVYd4E&L_4xA*Bk^bor;po6)jmVH9wWf1` za#aYxAP4&X%Kfy+l|^8&4E06YwJu$TMk@PGB*J~QGOGNni~xq+j6Byjlu_)nj4g8x zo}=_XOl*1&Jm0l0 zn#A>ObaUw5(!j%x4uSr_i{inTqMT3lBm0ilc9sW_Os-D)JRCTsR2GrTk9C<6+HNv6 zmeWF2j2LCqaptcq0&L-MK;VxJ+dmo4Qh+m)=1tmn-6Wv1>NSc&6LEsp`{5h*-eQtR zuv15O&=rO~d;X^noSh(2-RXzMlF-SdY?yhVIS0DKi7CA&wvim!QRpK9@w_HDF{LF5 zi;0iZ_N0{|lOC!@xIoKhv+?I+^@+DuHipP_Xm`H&{0js+ql^FXNt`A%aTu}_p5&v- z>Z8@Toa!1blgqOJ85Pc}-_5FgehTGD{+F5T_0qr1qEmrWuE2K;ARy*+aulN9V^0W& z`u6%kO%@Oml-@2%nCqTED`0|C70)07K`q9eBNvXnM_6NT+58{l2UZ86o#nYAmW@#b z2ny@BwFIM;Kr8Tl(>=pX`h9;y^)AuKQbHO=mBi4L7at;VqWLDgvLsPg0$1!FvLR3E zBnS^Ar|$q6vB-oCHnI;1hgA1CB8nDmktM#r00V|0?UBaHw;9IXq7)Qu=tc;{XrB>R zV8FCN-Eo3201)Fdg7)+R{I#;Ieb*72E?3If4#faAqMc61?W3$B#U+#y`dPcZt)JG~ z8i9n$$Ck`qOrUl2TjttEM1ZN1qKTjoVgep<269r+sh}f>wn%;es8Cb*!3I-J5 z5ENpj2(b$syY|EI&9D!DjghZnz3&ifFrtwmq!a2#4qzXM+r!zp$X|T~M>+Bk`mn-) zrgI#6UDgbI*O0F8Fe4Y50!n08k^nq#-;|_*>(bjp>Q|1FC>set3?@39mfqeUsW61$KBpjgZtc~MQ%%k#x)xcTTEv?Vg07Pl`X z!wiS#*!;D_h)UJdGO#TYpVX3a46O4nB9NGc&JkF1%5}9y%Yx0i3byhU1Er@kV z_+;|M8BqRZ=DKB^fmnDjn+%0>ArU$Qv3`}g{OeU2*71@XxqiAd|2H;Ki z(1KwD!ag}UsW>8NC5#SNe6x*sWfQQ`R;%_9!s3OUz(+Dgl=$h;i?B(QxD4+IE&CAA zcTSiqoWls7Oh<;O1Q+3c%P9&ufs&rmQX&|3o5HAA0N;mqCOG0+wN-DSqS>vtpAq;O zgNGJB+o%()5`>EY(N6%tp=LAytos$C3cNnj^jQ?jP*%$|xi4YQf`Mm}y0MQtf}yDh z5p4p75`o(VC`B+05Tbk!@Vk@}@x-}XlJGNwCS5KR)j5^T0g5QjmMwg7b*g0H3q0n) zAQA+YuBI>$>jN1Y_yR*z51h7(0bg9biu)LWs;;FF3l?!;77mgiW4jnKUcZw7OE;$OkAWo)%pw9yH&Uod zfF%wMMFT8xY!`##jqCGv*K;Wh1Yn5+vxvabTnYmTu*9LEXn-Y-?P5@z0}S-9R|E#i zH{koFf4(AB$exK4dnVDKuk!-5FAkF1p;Q2pYk4)}`b;QrQ=&7l3OWXj3U@ZR1VRm? z7^Dv)r`Mw`xxuj)g#q&i?s~kS;}4~J08HN2)$O`im_|I30U&CjEZJut+4b{7OntGC zTtpqh(ue!fyB#8uElScgb%2$P?&Zebq2x@aT2^KcbxX1seU>rD;5mq2h~=p0D1I+Q z&cR%Sisqqy;=5mY+?gAM!^0!K*K=Jg2;gLHhwzbPbI`u08}OTB&ppAQ4bMt7nbhSh zYXx2#93gP%zUOwJT4XNX)IGM+GbsoxKv_&dk2pZ-jOJ|`nB1^jT#ZXM7DU0YXKSbM zfXXxXi_lbM9rV9=>j5ei+?RL*iO8meOM4HLeTFsppqNB$i?D~FqPb0#Xx%m+6LR1H z>~-P81E)hHs0D|(GD9tE7mEQMxqctYP8Y{|Npgyu$&ze+iCuz!>@Jy7Man%E*)&U( zrGicJ%q*X?GQk#%$jiEqZ8GeQ-%Dgc4ClltEhB^?=vfw2k6qM3Pz?s=48lHJt5iw$ zd_Kg%kPcP8U9P> zMCHx`O5BLnjfC0*=j1$-ds6mF_w;6x0eZ-FIIeHAW2n=p&_skYt*@=b3=4@9iE%+* z90byRK*Nun$OD)|N=|10NCzn%1-nsCMeiQrrjC`w9X=9HN&rH49GF zoC?8Kv+W-G0Ei^7oqdOPj3W`R0*Gu*p@B_DJh9m7e?pV8qi+b4QcA0)ID%2mqnS=i9!?_soqX;;&u`M zo!c>$8BAbuLnaZ};Jocb16(zj1!#T5!{OG)DAG)vrF`hPhY@aZPc7yI6=Q6`VnH^Z z2?%rAmaOC8O1cMrh%SAc910|sa$Po%rdYB(OaUokv&lhT*bSpM2k0zQQLA)GNsuSW z6rrOYnoN&32vA}lJF1~VmfwsIwk~C->AY>`bXTJ(I2i6e;E;y*nlk_qeuZHwF{>wQ z{i5l8S;FcSpoJJs^2BV^f*UN0-*T^U0GFuIg;RD0uzB1I;VK3VGr1=kL$4f&&sr66 zdq(JZxc@L&W#q2Lqo8wy8Xz3P7S4ztFzq8;0f3d`g7bdka>ECNrF+LQ;v<3yX=nn- z8|cf7wGmAkv(o9_5;D?$18k!2+kFmWW~y&;GP8}%@bHjlLF*LPr{Kmm1aSaT$c_P` zp=6>*L8K(dq{{9PUok=?;W-t+K-s_)1W=VoY}1z%D6!iaqSqMVvm5W&>5Q;@2OzC< z-xhCc6fUZ+h1+s3vhS95r6942VZZ^JEQnaD5E#kns^Rx28lVr`z~_tk7um*TmY3}Q zaY6Y4U9}ydI)72Pkc?1pzqoW+{b$DZ`ni|cYo&kB01ZqdOj0cvLrRLEw*gf$)3CY)&tWF5`7J9nD~L{!TIn zkze1PPeu^=_2N>BmVA9p%}>}WE{;|LSROjeVDP04>J~hC2RX(IE60y2&Tw#4`ZkcI zysoZofkc%go*(uGO&hn1OKQd#x47a@i_-&gTH_gjMw4aRpq)MpO0yw9hmHs@ViV3+fh2mwE8+u*) zZ6SXaORA6%vxL%d@s>JAj5bEm=K>7k_lV;M#d&qn>K0XeI1C1Jd0BGi>FRGX>T;^f zmPxV2rg|q8k9SYSo8O^}(g$ZIQ*x({rmZd|G&fw|MX3FMpt^SHwXvBmj~{(WoB8aw zmko&Z!;Jc;F^Ki|XF#kU={hY^X%w=$*Mn(hNgkr^p+ zefcuQdNS-3H)%7(!mbzQR8!?=1Sp%!u9a$1iZbd{<+d1+UdlFvadcYV!N|~+kZBuE zM<=lbAHfV*S4wy%O>mf-5!{I*LP}RPh2{w1eeS`J)q!xw!kgKR6245cG0*xoGtK{k zKd}bXOzepvcGspKaAj7!Idjd*Kxpsgbnaf#XI?Y z1`ucdUiM*5C}4!Sd+L_jQ8Sz)m^oj#QF@{g(;ov<_E3-OI`(PqpcCBzoy83;t4@Gw zh>()V@d}lRs}-O_VKjnSUQ)A$Eb55)!o52*FY^GE#5`)gbPPG>FBQjQ>}CGibycx) zVS1r(t8{m42&n9Fg@e0kpxSS621qay3|Y7=6z1i7KVityWnqFLm9lVYVjc_^N;lO5 z%Mjw?k$Dxn=Vcq3-&XMLP34HGW)-n+) z*!RQXXfi#9a4eA!haG&7^ZL@NR+}QVOYQW+Ut63ViOk&Tg*90o(QtWv3 z_8s+iX2+QOI9n?HRVFnexuu55o=C|l63BKm8)4k*v&#Z5VRn^XJD|ZHX!-zJ0+QHmxlatcGdWQMk?@+Z3T`I Tw{%Wo4YteZ^6}hzNjdx9s~mgw diff --git a/security/cmd/generate_cert/main.go b/security/tools/generate_cert/main.go similarity index 100% rename from security/cmd/generate_cert/main.go rename to security/tools/generate_cert/main.go diff --git a/security/cmd/generate_csr/main.go b/security/tools/generate_csr/main.go similarity index 100% rename from security/cmd/generate_csr/main.go rename to security/tools/generate_csr/main.go