From 84b118c07c4f6e9796f74c32c54887a12c7d8971 Mon Sep 17 00:00:00 2001 From: Krzysztof Ostrowski Date: Wed, 28 Aug 2024 18:10:27 +0200 Subject: [PATCH] go mod vendor: changed due to Go bump in go.mod --- .../audit/testdata/allrequestbodies.yaml | 42 ------ .../audit-policies-cm-scenario-1.yaml | 131 ------------------ .../apiserver/audit/testdata/default.yaml | 45 ------ .../apiserver/audit/testdata/multipleCr.yaml | 76 ---------- .../apiserver/audit/testdata/none.yaml | 31 ----- .../apiserver/audit/testdata/oauth.yaml | 61 -------- .../audit/testdata/writerequestbodies.yaml | 54 -------- 7 files changed, 440 deletions(-) delete mode 100644 vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/allrequestbodies.yaml delete mode 100644 vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/audit-policies-cm-scenario-1.yaml delete mode 100644 vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/default.yaml delete mode 100644 vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/multipleCr.yaml delete mode 100644 vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/none.yaml delete mode 100644 vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/oauth.yaml delete mode 100644 vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/writerequestbodies.yaml diff --git a/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/allrequestbodies.yaml b/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/allrequestbodies.yaml deleted file mode 100644 index 78036a99b9..0000000000 --- a/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/allrequestbodies.yaml +++ /dev/null @@ -1,42 +0,0 @@ -apiVersion: audit.k8s.io/v1 -kind: Policy -metadata: - name: policy -# drop managed fields from audit, this is at global scope. -omitManagedFields: true -# Don't generate audit events for all requests in RequestReceived stage. -omitStages: -- "RequestReceived" -rules: -# Don't log requests for events -- level: None - resources: - - group: "" - resources: ["events"] -# Don't log authenticated requests to certain non-resource URL paths. -- level: None - userGroups: ["system:authenticated", "system:unauthenticated"] - nonResourceURLs: - - "/api*" # Wildcard matching. - - "/version" - - "/healthz" - - "/readyz" -# Don't log requests by "system:apiserver" on apirequestcounts -- level: None - users: ["system:apiserver"] - resources: - - group: "apiserver.openshift.io" - resources: ["apirequestcounts", "apirequestcounts/*"] - namespaces: [""] -# exclude resources where the body is security-sensitive -- level: Metadata - resources: - - group: "route.openshift.io" - resources: ["routes","routes/status"] - - resources: ["secrets", "serviceaccounts/token"] - - group: "authentication.k8s.io" - resources: ["tokenreviews", "tokenrequests"] - - group: "oauth.openshift.io" - resources: ["oauthclients", "tokenreviews"] -# catch-all rule to log all other requests with request and response payloads -- level: RequestResponse diff --git a/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/audit-policies-cm-scenario-1.yaml b/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/audit-policies-cm-scenario-1.yaml deleted file mode 100644 index 34b94c15e9..0000000000 --- a/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/audit-policies-cm-scenario-1.yaml +++ /dev/null @@ -1,131 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: audit - namespace: ScenarioOne -data: - default.yaml: | - apiVersion: audit.k8s.io/v1 - kind: Policy - metadata: - name: policy - # drop managed fields from audit, this is at global scope. - omitManagedFields: true - # Don't generate audit events for all requests in RequestReceived stage. - omitStages: - - "RequestReceived" - rules: - # Don't log requests for events - - level: None - resources: - - group: "" - resources: ["events"] - # Don't log authenticated requests to certain non-resource URL paths. - - level: None - userGroups: ["system:authenticated", "system:unauthenticated"] - nonResourceURLs: - - "/api*" # Wildcard matching. - - "/version" - - "/healthz" - - "/readyz" - # Log the full Identity API resource object so that the audit trail - # allows us to match the username with the IDP identity. - - level: RequestResponse - verbs: ["create", "update", "patch", "delete"] - resources: - - group: "user.openshift.io" - resources: ["identities"] - - group: "oauth.openshift.io" - resources: ["oauthaccesstokens", "oauthauthorizetokens"] - # A catch-all rule to log all other requests at the Metadata level. - - level: Metadata - # Long-running requests like watches that fall under this rule will not - # generate an audit event in RequestReceived. - omitStages: - - "RequestReceived" - - writerequestbodies.yaml: | - apiVersion: audit.k8s.io/v1 - kind: Policy - metadata: - name: policy - # drop managed fields from audit, this is at global scope. - omitManagedFields: true - # Don't generate audit events for all requests in RequestReceived stage. - omitStages: - - "RequestReceived" - rules: - # Don't log requests for events - - level: None - resources: - - group: "" - resources: ["events"] - # Don't log authenticated requests to certain non-resource URL paths. - - level: None - userGroups: ["system:authenticated", "system:unauthenticated"] - nonResourceURLs: - - "/api*" # Wildcard matching. - - "/version" - - "/healthz" - - "/readyz" - # exclude resources where the body is security-sensitive - - level: Metadata - resources: - - group: "route.openshift.io" - resources: ["routes", "routes/status"] - - resources: ["secrets"] - - level: Metadata - resources: - - group: "oauth.openshift.io" - resources: ["oauthclients"] - # log request and response payloads for all write requests - - level: RequestResponse - verbs: - - update - - patch - - create - - delete - - deletecollection - # catch-all rule to log all other requests at the Metadata level. - - level: Metadata - # Long-running requests like watches that fall under this rule will not - # generate an audit event in RequestReceived. - omitStages: - - RequestReceived - - allrequestbodies.yaml: | - apiVersion: audit.k8s.io/v1 - kind: Policy - metadata: - name: policy - # drop managed fields from audit, this is at global scope. - omitManagedFields: true - # Don't generate audit events for all requests in RequestReceived stage. - omitStages: - - "RequestReceived" - rules: - # Don't log requests for events - - level: None - resources: - - group: "" - resources: ["events"] - # Don't log authenticated requests to certain non-resource URL paths. - - level: None - userGroups: ["system:authenticated", "system:unauthenticated"] - nonResourceURLs: - - "/api*" # Wildcard matching. - - "/version" - - "/healthz" - - "/readyz" - # exclude resources where the body is security-sensitive - - level: Metadata - resources: - - group: "route.openshift.io" - resources: ["routes", "routes/status"] - - resources: ["secrets"] - - level: Metadata - resources: - - group: "oauth.openshift.io" - resources: ["oauthclients"] - # catch-all rule to log all other requests with request and response payloads - - level: RequestResponse diff --git a/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/default.yaml b/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/default.yaml deleted file mode 100644 index 0e7d9aa34b..0000000000 --- a/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/default.yaml +++ /dev/null @@ -1,45 +0,0 @@ - apiVersion: audit.k8s.io/v1 - kind: Policy - metadata: - name: policy - # drop managed fields from audit, this is at global scope. - omitManagedFields: true - # Don't generate audit events for all requests in RequestReceived stage. - omitStages: - - "RequestReceived" - rules: - # Don't log requests for events - - level: None - resources: - - group: "" - resources: ["events"] - # Don't log authenticated requests to certain non-resource URL paths. - - level: None - userGroups: ["system:authenticated", "system:unauthenticated"] - nonResourceURLs: - - "/api*" # Wildcard matching. - - "/version" - - "/healthz" - - "/readyz" - # Don't log requests by "system:apiserver" on apirequestcounts - - level: None - users: ["system:apiserver"] - resources: - - group: "apiserver.openshift.io" - resources: ["apirequestcounts", "apirequestcounts/*"] - namespaces: [""] - # Log the full Identity API resource object so that the audit trail - # allows us to match the username with the IDP identity. - - level: RequestResponse - verbs: ["create", "update", "patch", "delete"] - resources: - - group: "user.openshift.io" - resources: ["identities"] - - group: "oauth.openshift.io" - resources: ["oauthaccesstokens", "oauthauthorizetokens"] - # A catch-all rule to log all other requests at the Metadata level. - - level: Metadata - # Long-running requests like watches that fall under this rule will not - # generate an audit event in RequestReceived. - omitStages: - - "RequestReceived" diff --git a/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/multipleCr.yaml b/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/multipleCr.yaml deleted file mode 100644 index 0c91cfe2a4..0000000000 --- a/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/multipleCr.yaml +++ /dev/null @@ -1,76 +0,0 @@ -apiVersion: audit.k8s.io/v1 -kind: Policy -metadata: - name: policy -# drop managed fields from audit, this is at global scope. -omitManagedFields: true -# Don't generate audit events for all requests in RequestReceived stage. -omitStages: - - "RequestReceived" -rules: -# Don't log requests for events -- level: None - resources: - - group: "" - resources: ["events"] -# Don't log authenticated requests to certain non-resource URL paths. -- level: None - userGroups: ["system:authenticated", "system:unauthenticated"] - nonResourceURLs: - - "/api*" # Wildcard matching. - - "/version" - - "/healthz" - - "/readyz" -# Don't log requests by "system:apiserver" on apirequestcounts -- level: None - users: ["system:apiserver"] - resources: - - group: "apiserver.openshift.io" - resources: ["apirequestcounts", "apirequestcounts/*"] - namespaces: [""] -# exclude resources where the body is security-sensitive -- level: Metadata - resources: - - group: "route.openshift.io" - resources: ["routes", "routes/status"] - - resources: ["secrets", "serviceaccounts/token"] - - group: "authentication.k8s.io" - resources: ["tokenreviews", "tokenrequests"] - - group: "oauth.openshift.io" - resources: ["oauthclients", "tokenreviews"] - userGroups: - - system:authenticated:oauth -# log request and response payloads for all write requests -- level: RequestResponse - verbs: - - update - - patch - - create - - delete - - deletecollection - userGroups: - - system:authenticated:oauth -# catch-all rule to log all other requests at the Metadata level. -- level: Metadata -# Long-running requests like watches that fall under this rule will not -# generate an audit event in RequestReceived. - omitStages: - - RequestReceived - userGroups: - - system:authenticated:oauth -#- level: None -- level: Metadata - resources: - - group: "route.openshift.io" - resources: ["routes", "routes/status"] - - resources: ["secrets", serviceaccounts/token] - - group: "authentication.k8s.io" - resources: ["tokenreviews", "tokenrequests"] - - group: "oauth.openshift.io" - resources: ["oauthclients", "tokenreviews"] - userGroups: - - system:authenticated -- level: RequestResponse - userGroups: - - system:authenticated -- level: None diff --git a/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/none.yaml b/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/none.yaml deleted file mode 100644 index 762da0a5f8..0000000000 --- a/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/none.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: audit.k8s.io/v1 -kind: Policy -metadata: - name: policy -# drop managed fields from audit, this is at global scope. -omitManagedFields: true -# Don't generate audit events for all requests in RequestReceived stage. -omitStages: -- "RequestReceived" -rules: -# Don't log requests for events -- level: None - resources: - - group: "" - resources: ["events"] -# Don't log authenticated requests to certain non-resource URL paths. -- level: None - userGroups: ["system:authenticated", "system:unauthenticated"] - nonResourceURLs: - - "/api*" # Wildcard matching. - - "/version" - - "/healthz" - - "/readyz" -# Don't log requests by "system:apiserver" on apirequestcounts -- level: None - users: ["system:apiserver"] - resources: - - group: "apiserver.openshift.io" - resources: ["apirequestcounts", "apirequestcounts/*"] - namespaces: [""] -- level: None diff --git a/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/oauth.yaml b/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/oauth.yaml deleted file mode 100644 index 2172fc263f..0000000000 --- a/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/oauth.yaml +++ /dev/null @@ -1,61 +0,0 @@ -apiVersion: audit.k8s.io/v1 -kind: Policy -metadata: - name: policy -# drop managed fields from audit, this is at global scope. -omitManagedFields: true -# Don't generate audit events for all requests in RequestReceived stage. -omitStages: -- "RequestReceived" -rules: -# Don't log requests for events -- level: None - resources: - - group: "" - resources: ["events"] -# Don't log authenticated requests to certain non-resource URL paths. -- level: None - userGroups: ["system:authenticated", "system:unauthenticated"] - nonResourceURLs: - - "/api*" # Wildcard matching. - - "/version" - - "/healthz" - - "/readyz" -# Don't log requests by "system:apiserver" on apirequestcounts -- level: None - users: ["system:apiserver"] - resources: - - group: "apiserver.openshift.io" - resources: ["apirequestcounts", "apirequestcounts/*"] - namespaces: [""] -# exclude resources where the body is security-sensitive -- level: Metadata - resources: - - group: "route.openshift.io" - resources: ["routes", "routes/status"] - - resources: ["secrets", "serviceaccounts/token"] - - group: "authentication.k8s.io" - resources: ["tokenreviews", "tokenrequests"] - - group: "oauth.openshift.io" - resources: ["oauthclients", "tokenreviews"] - userGroups: - - system:authenticated:oauth -# log request and response payloads for all write requests -- level: RequestResponse - verbs: - - update - - patch - - create - - delete - - deletecollection - userGroups: - - system:authenticated:oauth -# catch-all rule to log all other requests at the Metadata level. -- level: Metadata - # Long-running requests like watches that fall under this rule will not - # generate an audit event in RequestReceived. - omitStages: - - RequestReceived - userGroups: - - system:authenticated:oauth -- level: None diff --git a/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/writerequestbodies.yaml b/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/writerequestbodies.yaml deleted file mode 100644 index 84083f9cfd..0000000000 --- a/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/writerequestbodies.yaml +++ /dev/null @@ -1,54 +0,0 @@ -apiVersion: audit.k8s.io/v1 -kind: Policy -metadata: - name: policy -# drop managed fields from audit, this is at global scope. -omitManagedFields: true -# Don't generate audit events for all requests in RequestReceived stage. -omitStages: -- "RequestReceived" -rules: -# Don't log requests for events -- level: None - resources: - - group: "" - resources: ["events"] -# Don't log authenticated requests to certain non-resource URL paths. -- level: None - userGroups: ["system:authenticated", "system:unauthenticated"] - nonResourceURLs: - - "/api*" # Wildcard matching. - - "/version" - - "/healthz" - - "/readyz" -# Don't log requests by "system:apiserver" on apirequestcounts -- level: None - users: ["system:apiserver"] - resources: - - group: "apiserver.openshift.io" - resources: ["apirequestcounts", "apirequestcounts/*"] - namespaces: [""] -# exclude resources where the body is security-sensitive -- level: Metadata - resources: - - group: "route.openshift.io" - resources: ["routes", "routes/status"] - - resources: ["secrets", "serviceaccounts/token"] - - group: "authentication.k8s.io" - resources: ["tokenreviews", "tokenrequests"] - - group: "oauth.openshift.io" - resources: ["oauthclients", "tokenreviews"] -# log request and response payloads for all write requests -- level: RequestResponse - verbs: - - update - - patch - - create - - delete - - deletecollection -# catch-all rule to log all other requests at the Metadata level. -- level: Metadata - # Long-running requests like watches that fall under this rule will not - # generate an audit event in RequestReceived. - omitStages: - - RequestReceived