From 9750f4a7727a4e9761a887a4b7ec1e4ec49342b0 Mon Sep 17 00:00:00 2001 From: Yoko Hyakuna Date: Tue, 9 Jan 2018 15:06:00 -0800 Subject: [PATCH 001/178] WIP - New Vault guides --- website/source/guides/architecture.html.md | 28 ++ website/source/guides/generate-root.html.md | 143 +++++++-- website/source/guides/static-secrets.html.md | 318 +++++++++++++++++++ website/source/layouts/guides.erb | 10 + 4 files changed, 473 insertions(+), 26 deletions(-) create mode 100644 website/source/guides/architecture.html.md create mode 100644 website/source/guides/static-secrets.html.md diff --git a/website/source/guides/architecture.html.md b/website/source/guides/architecture.html.md new file mode 100644 index 000000000000..c63feaa92c41 --- /dev/null +++ b/website/source/guides/architecture.html.md @@ -0,0 +1,28 @@ +--- +layout: "guides" +page_title: "Vault Architecture - Guides" +sidebar_current: "guides-vault-architecture" +description: |- + In production environments, the availability of the Vault server is critical + since any downtime may affect the system that is leveraging Vault. Vault is + designed to support a highly available deploy to ensure a machine or process + failure is minimally disruptive. The understanding of the Vault architecture + can help deciding on the Vault backends for your organization's requirements. +--- + +# Vault Architecture + +Vault documentation explained the components. + +This guide demonstrates regenerating a root token using a one-time-password (OTP). + +## Steps to Regenerate Root Tokens + +1. Make sure that the Vault server is unsealed +2. Generate a one-time-password (OTP) to share +3. Each unseal key holder runs `generate-root` with the OTP +4. Decode the generated root token + +### Step 1: Make sure that the Vault server is unsealed + +First, verify the status: diff --git a/website/source/guides/generate-root.html.md b/website/source/guides/generate-root.html.md index 311524d4476e..b83a2fcb9a41 100644 --- a/website/source/guides/generate-root.html.md +++ b/website/source/guides/generate-root.html.md @@ -8,41 +8,132 @@ description: |- # Generate Root Tokens Using Unseal Keys -It is generally considered a best practice to not persist -[root tokens][root-tokens]. Instead a root token should be generated using -Vault's `generate-root` command only when absolutely necessary. This guide -demonstrates regenerating a root token. +In a production Vault installation, the initial [root token][root-tokens] should only be used +for initial configuration. -1. Unseal the vault using the existing quorum of unseal keys. You do not need to - be authenticated. +The following command creates a token for an admin: - ```shell - $ vault unseal - # ... - ``` +```shell +vault token-create -metadata "name=ADMIN_NAME" -display-name="ADMIN_USER_NAME" \ +-orphan -no-default-policy +``` -2. Generate a one-time password: +After a subset of administrators have sudo access, +almost all operations can be performed. However, for some system critical +operations, a root token may still be required. - ```shell - $ vault generate-root -genotp - ``` +It is generally considered a best practice to not persist [root +tokens][root-tokens]. Instead a root token should be generated using Vault's +`generate-root` command only when absolutely necessary. A quorum of unseal key +holders can generate a new root token. This enforces that there +is no single person has complete access to the system. -3. Get the encoded root token: +This guide demonstrates regenerating a root token using a one-time-password (OTP). - ```shell - $ vault generate-root -otp="" - ``` +## Steps to Regenerate Root Tokens - This will require a quorum of unseal keys. This will then output an encoded - root token. +1. Make sure that the Vault server is unsealed +2. Generate a one-time-password (OTP) to share +3. Each unseal key holder runs `generate-root` with the OTP +4. Decode the generated root token -4. Decode the encoded root token: +### Step 1: Make sure that the Vault server is unsealed - ```shell - $ vault generate-root -otp="" -decode="" - ``` +First, verify the status: -Please see `vault generate-root -help` for information on the alternate -technique using a PGP key. +```shell +$ vault status +``` +The output should indicate that the Vault is unsealed (`Sealed: false`). + +If the status indicates that the Vault server is sealed, unseal the vault using +the existing quorum of unseal keys. You do not need to be authenticated. + +```shell +$ vault unseal +# ... +``` + +### Step 2: Generate a one-time-password (OTP) + +Generate a one-time password: + +```shell +$ vault generate-root -genotp +``` + +This generates the OTP to generate a new root token. The output would look like: + +```shell +$ vault generate-root -genotp +OTP: +G07n16yukWxyn7nQbG0aw== +``` + +### Step 3: Each unseal key holder runs generate-root + +Each unseal key holder runs the `generate-root` command with generated OTP: + +```shell +$ vault generate-root -otp="" +``` + +Example: + +```shell +$ vault generate-root -otp="+G07n16yukWxyn7nQbG0aw==" +Root generation operation nonce: abe86476-c6c5-9ca9-426e-bb6eba7fc987 +Key (will be hidden): +Nonce: abe86476-c6c5-9ca9-426e-bb6eba7fc987 +Started: true +Generate Root Progress: 1 +Required Keys: 3 +Complete: false +``` + +When the root key generation completes, an encoded new root token will be +provided. + +The output would look like: + +```shell +$ vault generate-root -otp="+G07n16yukWxyn7nQbG0aw==" +Root generation operation nonce: abe86476-c6c5-9ca9-426e-bb6eba7fc987 +Key (will be hidden): +Nonce: abe86476-c6c5-9ca9-426e-bb6eba7fc987 +Started: true +Generate Root Progress: 3 +Required Keys: 3 +Complete: true + +Encoded root token: O7gIhugL3oHKeVmxpKGcYA== +``` + +### Step 4: Decode the generated root tokens + +Run the `generate-root` command as follow: + +```shell +$ vault generate-root -otp="" -decode="" +``` + +Example: + +```shell +$ vault generate-root -otp="+G07n16yukWxyn7nQbG0aw==" -decode="O7gIhugL3oHKeVmxpKGcYA==" +Root token: c3d53319-b6b9-64c4-7bb3-2756e510280b +``` + +## Additional References + +Instead of using a shared OTP, you can pass a file on a disk containing a public +PGP key. + +Example: + +```shell +$ vault generate-root -pgp-key="keyname.asc" +``` + +Please see `vault generate-root -help` for more information about using PGP. [root-tokens]: /docs/concepts/tokens.html#root-tokens diff --git a/website/source/guides/static-secrets.html.md b/website/source/guides/static-secrets.html.md new file mode 100644 index 000000000000..1eb0f22850d4 --- /dev/null +++ b/website/source/guides/static-secrets.html.md @@ -0,0 +1,318 @@ +--- +layout: "guides" +page_title: "Securing Secrets - Guides" +sidebar_current: "guides-foundation-static-secrets" +description: |- + Vault supports generating new unseal keys as well as rotating the underlying + encryption keys. This guide covers rekeying and rotating Vault's encryption + keys. +--- + +# Securing secrets + +Vault can be used to store any secrets in a secure manner. The secrets may be +SSL certificates and keys for your organization's domain, credentials to connect +to a corporate database server, etc. Storing such sensitive information in a +plaintext is not desirable. This guide demonstrates the use case of Vault as a +Secret Storage. + + +## Reference Material + +- [Key/Value Secret Backend](/docs/secrets/kv/index.html) +- [Key/Value Secret Backend API](/apikey/secret/kv/index.html) +- [Client libraries](/apikey/libraries.html) for Vault API for commonly used languages + +## Estimated Time to Complete + +10 minutes + +## Challenge + +Consider the following situations: + +- Developers use a single admin account to access a third-party app + (e.g. Splunk) and anyone who knows the user ID and password can log in as an + admin +- SSH keys to connect to remote machines are shared and stored as a plaintext +- API keys to invoke external system APIs are stored as a plaintext +- An app integrates with LDAP, and its configuration information is in a + plaintext + +Organizations often seek an uniform solution to store any sensitive information +securely. + +## Solution + +Leverage Vault as a centralized secret storage to secure any sensitive +information. Vault encrypts these secrets prior to writing them to persistent +storage, so gaining access to the raw storage isn't enough to access your +secrets. + +## Prerequisites + +To perform the tasks described in this guide, you need to have a Vault +environment. You can follow the [Getting Started][getting-started] guide to +[install Vault][install-vault]. Alternatively, if you are familiar with +[Vagrant](https://www.vagrantup.com/), you can spin up a +[HashiStack](https://github.com/hashicorp/vault-guides/tree/master/provision/hashistack/vagrant) +virtual machine. + +Make sure that your Vault server has been [initialized and unsealed][initialize]. + +**NOTE:** The Vault server can be running in a [dev +mode](/intro/getting-started/dev-server.html) to perform the tasks described in +this guide. + +[getting-started]: /intro/getting-started/install.html +[install-vault]: /intro/getting-started/install.html +[initialize]: /intro/getting-started/deploy.html + + +## Steps + +This guide demonstrates the basic steps to store secrets using Vault. The +scenario here is to store the following secrets: + +- API key (Google API) +- Root certificate of a production database (MySQL) + +To store your API key within the configured physical storage for Vault, use the +key/value secret backend via **`secret/`** prefixed. + +-> Key/Value secret backend passes through any operation back to the configured +storage backend for Vault. For example, if your Vault server is configured with +Consul as its storage backend, a "read" operation turns into a read from Consul +at the same path. + + + +You will perform the following: + +1. [Store the Google API key](#step1) +2. [Store the root certificate for MySQL](#step2) +3. [Retrieve the secrets](#step3) + +### Step 1: Store the Google API key + +#### CLI command + +```shell +vault write secret/ =VALUE> +``` + +The `` can be anything you want it to be, and your organization should +decide on the naming convention that makes most sense. + +**Example:** + +```shell +vault write secret/eng/apikey/Google key=AAaaBBccDDeeOTXzSMT1234BB_Z8JzG7JkSVxI +Success! Data written to: secret/eng/apikey/Google +``` + +> In this example, the path +> convention is **`secret//apikey/`**. Therefore, `secret/eng/apikey/Googl`. +> The key is "key" and its value is "AAaaBBccDDeeOTXzSMT1234BB_Z8JzG7JkSVxI". +> If you have an API key for New Relic owned by the DevOps team, the path may +> look like `secret/devops/apikey/New_Relic`. + +#### API call using cURL + +To perform the same task using the Vault API, pass the token in the request header. + +**Example:** + +```shell +curl $VAULT_ADDR/v1/secret/eng/apikey/Google -X POST \ + -H "X-Vault-Token: $VAULT_TOKEN" --data '{"key": "AAaaBBccDDeeOTXzSMT1234BB_Z8JzG7JkSVxI"}' +``` + + +### Step 2: Store the root certificate for MySQL + +#### CLI command + +The command is basically the same as the Google API key example. + +**Example:** + +```shell +vault write secret/prod/cert/mysql cert=@root_cert.pem +``` + +**NOTE:** Any value begins with "@" is loaded from a file. + +This example reads the root certificate from a PEM file from the disk, and store it under +`secret/prod/cert/mysql` path. + +> The path convention here is **`secret//cert/`**. This path +> has an environment flag (`prod`) to indicate that this is a root certificate +> for MySQL in production. If there is a root certificate for a PostgreSQL +> running in staging, you may store it in `secret/staging/cert/postgres`. + + +#### API call using cURL + +To perform the same task using the Vault API, pass the token in the request header. + +**Example:** + +```shell +curl $VAULT_ADDR/v1/secret/eng/apikey/Google -X POST \ + -H "X-Vault-Token: $VAULT_TOKEN" --data @root_cert.pem +``` + + + +### Step 3: Retrieve the secrets + +Retrieving the secret from Vault is simple. + +#### CLI command + +```shell +vault read secret/ +``` + +**Example:** + +```shell +vault read secret/eng/apikey/Google +Key Value +--- ----- +refresh_interval 768h0m0s +key AAaaBBccDDeeOTXzSMT1234BB_Z8JzG7JkSVxI +``` + +To return the key value alone, pass `-field=key` as an argument. + +```shell +vault read -field=key secret/eng/apikey/Google +AAaaBBccDDeeOTXzSMT1234BB_Z8JzG7JkSVxI +``` + +#### Root certificate example: + +```shell +vault read -field=cert secret/prod/cert/mysql +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA6E2Uq0XqreZISgVMUu9pnoMsq+OoK1PI54rsA9vtDE6wiRk0GWhf5vD4DGf1 +... +``` + +#### API call using cURL + +**Example:** + +```shell +curl $VAULT_ADDR/v1/secret/eng/apikey/Google -X GET -H "X-Vault-Token: $VAULT_TOKEN" | jq + +{ +"request_id": "5a2005ac-1149-2275-cab3-76cee71bf524", +"lease_id": "", +"renewable": false, +"lease_duration": 2764800, +"data": { + "key": "AAaaBBccDDeeOTXzSMT1234BB_Z8JzG7JkSVxI" +}, +"wrap_info": null, +"warnings": null, +"auth": null +} +``` + +**NOTE:** This example uses `jq` to parse the JSON output. + +Retrieve the key value with `jq`: + +```shell +curl $VAULT_ADDR/v1/secret/eng/apikey/Google -X GET \ + -H "X-Vault-Token: $VAULT_TOKEN" | jq ".data.key" +``` + +#### Root certificate example: + +```shell +curl $VAULT_ADDR/v1/secret/prod/cert/mysql -X GET \ + -H "X-Vault-Token: $VAULT_TOKEN" | jq ".data.cert" +``` + +## Reference Content + +### Q: How do I enter my secrets without appearing in history? + +As a precaution, you may wish to avoid passing your secret as a part of the CLI +command so that the secret won't appear in the history file. Here are a few +techniques you can use. + +#### Option 1: Use a dash "-" + +An easy technique is to use a dash "-" and then press Enter. This allows you to +enter the secret in a new line. After entering the secret, press **`Ctrl+d`** to +end the pipe and write the secret to the Vault. + +```shell +vault write secret/eng/apikey/Google key=- + +AAaaBBccDDeeOTXzSMT1234BB_Z8JzG7JkSVxI + +``` + +#### Option 2: Read the secret from a file + +Using the Google API key example, you can create a file containing the key (apikey.txt): + +```text +{ + "key": "AAaaBBccDDeeOTXzSMT1234BB_Z8JzG7JkSVxI" +} +``` + +The CLI command would look like: + +```shell +vault write secret/eng/apikey/Google @apikey.txt +``` + +#### Option 3: Disable all vault command history + +Sometimes, you may not even want the vault command itself to appear in history +at all. The Option 1 and Option 2 prevents the secret to appear in the history; +however, the vault command, `vault write secret/eng/apikey/Google` will appear +in history. + +In bash: + +```shell +export HISTIGNORE="&:vault" +``` + +**NOTE:** This prevents the use of the Up arrow key for command history as well. + + +### Q: How do I save multiple values? + +The two examples introduced in this guide only had a single key-value pair. You can pass multiple values in the command. + +```shell +vault write secret/dev/config/mongodb url=foo.example.com:35533 db_name=users \ + username=admin password=pa$$w0rd +``` + +Or, read the secret from a file: + +```shell +$ vault write secret/dev/config/mongodb @mongodb.txt + +$ cat mongodb.txt +{ + "url": "foo.example.com:35533", + "db_name": "users", + "username": "admin", + "password": "pa$$w0rd" +} +``` + + +## Next steps diff --git a/website/source/layouts/guides.erb b/website/source/layouts/guides.erb index 0d6834553e92..00ac032dafc5 100644 --- a/website/source/layouts/guides.erb +++ b/website/source/layouts/guides.erb @@ -1,6 +1,16 @@ <% wrap_layout :inner do %> <% content_for :sidebar do %>
    + + > + Authentication + + + > + Securing Secrets + + + > Production Hardening From f52f0e26b261d0f2f1b0e01cbc945c78eb2bd9d3 Mon Sep 17 00:00:00 2001 From: Yoko Hyakuna Date: Tue, 9 Jan 2018 15:12:08 -0800 Subject: [PATCH 002/178] WIP - New Vault guides --- website/source/guides/authentication.html.md | 293 +++++++++++++++++++ 1 file changed, 293 insertions(+) create mode 100644 website/source/guides/authentication.html.md diff --git a/website/source/guides/authentication.html.md b/website/source/guides/authentication.html.md new file mode 100644 index 000000000000..d9bc0b915874 --- /dev/null +++ b/website/source/guides/authentication.html.md @@ -0,0 +1,293 @@ +--- +layout: "guides" +page_title: "Authentication - Guides" +sidebar_current: "guides-foundation-authentication" +description: |- + Authentication is a process in Vault by which user or machine-supplied + information is verified to create a token with pre-configured policy. +--- + +# Authentication + +Before a client can interact with Vault, it must authenticate against an [**auth +backend**][auth-backend] to acquire a token. This token has policies attached so +that the behavior of the client can be governed. + +Since tokens are the core method for authentication within Vault, there is a +**token** auth backend (often refer as **_token store_**). This is a special +auth backend responsible for creating and storing tokens. + +### Auth Backends + +Auth backends performs authentication to verify the user or machine-supplied +information. Some of the supported auth backends are targeted towards users +while others are targeted toward machines or apps. For example, +[**LDAP**](/docs/auth/ldap.html) auth backend enables user authentication using +an existing LDAP server while [**AppRole**](/docs/auth/approle.html) auth +backend is recommended for machines or apps. + +[![Vault Shamir Secret Sharing Algorithm](/assets/images/vault-auth-workflow.svg)](/assets/images/vault-auth-workflow.svg) + +[Getting Started](/intro/getting-started/authentication.html) guide walks you +through how to enable GitHub auth backend for user authentication. + +This guide focuses on generating tokens for machines or apps by enabling +[**AppRole**](/docs/auth/approle.html) auth backend. Think of a scenario where a +DevOps team wants to configure Jenkins to read secrets from Vault so that it can +inject the secrets to app's environment variables at deployment time. In this +scenario, you want to enable AppRole auth backend so that the Jenkins server can +obtains a Vault token with appropriate policies allowing to retrieve secrets. + + +## Reference Material + +- [Getting Started](/intro/getting-started/authentication.html) +- [Auth Backends](docs/auth/index.html) +- [GitHub Auth APIs](/api/auth/github/index.html) + + +## Estimated Time to Complete + +10 minutes + +## Prerequisites + +To perform the tasks described in this guide, you need to have a Vault +environment. You can follow the [Getting Started][getting-started] guide to +[install Vault][install-vault]. Alternatively, if you are familiar with +[Vagrant](https://www.vagrantup.com/), you can spin up a +[HashiStack](https://github.com/hashicorp/vault-guides/tree/master/provision/hashistack/vagrant) +virtual machine. + +Make sure that your Vault server has been [initialized and unsealed][initialize]. + +[getting-started]: /intro/getting-started/install.html +[install-vault]: /intro/getting-started/install.html +[initialize]: /intro/getting-started/deploy.html + +## Steps + +Vault supports a number of authentication backends, and most auth backends must +be enabled first. The workflow is: + +1. [Enable AppRole auth backend](#step1) +2. [Create a role with policy attached](#step2) +3. [Get Role ID and Secret ID](#step3) +4. [Acquire token using Role ID & Secret ID](#step4) + + +### Step 1: Enable AppRole auth backend + +[AppRole](/docs/auth/approle.html) is an authentication mechanism within Vault +to allow machines or apps to acquire a token to interact with Vault. It uses +**Role ID** and **Secret ID** for login. + +#### CLI command + +```shell +vault auth-enable approle +``` + +#### API call using cURL + +To enable the AppRole auth backend via API: + +```text +curl -X POST -H "X-Vault-Token: $VAULT_TOKEN" --data '{"type": "approle"}' \ + $VAULT_ADDR/v1/sys/auth/approle +``` + + +### Step 2: Create a role with policy attached + +When you enabled AppRole auth backend, it gets mounted at the +**`/auth/approle`** path. In this example, you are going to create a role for +Jenkins server. + +#### CLI command + +To create a role for machines or apps, run: + +```plaintext +vault write auth/approle/role/ [args] +``` + +There are a number of [parameters](/api/auth/approle/index.html) that you can +set. Most importantly, you want to set policies for the role. You are going to +create a role operates in **pull** mode in this example. + +**Example:** + +The following example creates a role named `jenkins` with `dev-pol` and +`devops-pol` policies attached. + +```plaintext +$ vault write auth/approle/role/jenkins policies="dev-pol,devops-pol" + +$ vault read auth/approle/role/jenkins + + Key Value + --- ----- + bind_secret_id true + bound_cidr_list + period 0 + policies [dev-pol devops-pol] + secret_id_num_uses 0 + secret_id_ttl 0 + token_max_ttl 0 + token_num_uses 0 + token_ttl 0 +``` + +**NOTE:** If desired, the token use limits, TTL and settings can be specified +during the role creation. + +#### API call using cURL + +**Example:** + +```text +curl -X POST -H "X-Vault-Token:$VAULT_TOKEN" -d '{"policies":"dev-pol,devops-pol"}' \ + $VAULT_ADDR/v1/auth/approle/role/jenkins +``` + + +### Step 3: Get Role ID and Secret ID + +Since the example created `jenkins` role which operates in pull mode, Vault will +generate the Secret ID. Similarly to tokens, you can set properties such as +usage-limit, TTLs and expirations on the secret IDs. + +#### CLI command + +Now, you need to fetch the Role ID and Secret ID of a role. + +**Example:** + +```shell +$ vault read auth/approle/role/jenkins/role-id + Key Value + --- ----- + role_id 675a50e7-cfe0-be76-e35f-49ec009731ea + +$ vault write -f auth/approle/role/jenkins/secret-id + Key Value + --- ----- + secret_id ed0a642f-2acf-c2da-232f-1b21300d5f29 + secret_id_accessor a240a31f-270a-4765-64bd-94ba1f65703c +``` + +To list existing Secret IDs after creation: + +```text +vault list auth/approle/role/jenkins/secret-id +``` + +#### API call using cURL + +**Example:** + +```text +$ curl -X GET -H "X-Vault-Token:$VAULT_TOKEN" $VAULT_ADDR/v1/auth/approle/role/jenkins/role-id | jq + +$ curl -X POST -H "X-Vault-Token:$VAULT_TOKEN" $VAULT_ADDR/v1/auth/approle/role/jenkins/secret-id | jq +``` + +To list existing secret IDs after creation: + +```text +curl -X LIST -H "X-Vault-Token: $VAULT_TOKEN" $VAULT_ADDR/v1/auth/approle/role/jenkins/secret-id | jq +``` + + +### Step 4: Acquire token using Role ID & Secret ID + +To get a Vault token for the `jenkins` role, you need to pass the role ID and +secret ID you obtained previously. + +#### CLI command + +**Example:** + +```text +vault write auth/approle/login role_id="675a50e7-cfe0-be76-e35f-49ec009731ea" \ + secret_id="ed0a642f-2acf-c2da-232f-1b21300d5f29" + + Key Value + --- ----- + token eeaf890e-4b0f-a687-4190-c75b1d6d70bc + token_accessor fcee5d4e-7281-8bb0-2901-e743c52e0502 + token_duration 768h0m0s + token_renewable true + token_policies [dev-pol devops-pol] + token_meta_role_name "jenkins" +``` + +#### API call using cURL + +Notice that the following API call passes the role ID and secret ID in the +request payload. Upon a successful login, a token will be returned. + +**Example:** + +```plaintext +$ cat jenkins.json + { + "role_id": "675a50e7-cfe0-be76-e35f-49ec009731ea", + "secret_id": "ed0a642f-2acf-c2da-232f-1b21300d5f29" + } + +$ curl -X POST -d @jenkins.json $VAULT_ADDR/v1/auth/approle/login | jq +``` + + +## Reference Content + +To keep the Secret ID confidential, use [**response wrapping**](/docs/concepts/response-wrapping.html) so that the only +expected client can unwrap the Secret ID. + +In the previous step, you executed the following command to retrieve the Secret ID: + +```text +vault write -f auth/approle/role/jenkins/secret-id +``` + +Instead, use response wrapping: + +```text +vault write -wrap-ttl=60s -f auth/approle/role/jenkins/secret-id + +Key Value +--- ----- +wrapping_token: 9bbe23b7-5f8c-2aec-83dc-e97e94a2e632 +wrapping_accessor: cb5bdc8f-0cdb-35ff-0e68-9de57a79c3bf +wrapping_token_ttl: 1m0s +wrapping_token_creation_time: 2018-01-08 21:29:38.826611 -0800 PST +wrapping_token_creation_path: auth/approle/role/jenkins/secret-id +``` + +The client app uses this `wrapping_token` to unwrap and obtain the Secret ID. + +```text +VAULT_TOKEN=9bbe23b7-5f8c-2aec-83dc-e97e94a2e632 vault unwrap + +Key Value +--- ----- +secret_id 575f23e4-01ad-25f7-2661-9c9bdbb1cf81 +secret_id_accessor 7d8a40b7-a6fd-a634-579b-b7d673ff86fb +``` + +To retrieve the Secret ID alone, you can use `jq` as follow: + +```text +VAULT_TOKEN=2577044d-cf86-a065-e28f-e2a14ea6eaf7 vault unwrap -format=json | jq -r ".data.secret_id" + +b07d7a47-1d0d-741d-20b4-ae0de7c6d964 +``` + + +## Next steps + + + +[auth-backend]: /docs/auth/index.html From d89048c08675039998221f6edafa5d3d5a98ffe3 Mon Sep 17 00:00:00 2001 From: Yoko Hyakuna Date: Wed, 10 Jan 2018 11:14:59 -0800 Subject: [PATCH 003/178] WIP - New Vault guides --- .../assets/images/vault-approle-workflow.png | Bin 0 -> 53140 bytes website/source/guides/authentication.html.md | 52 ++-- website/source/guides/cubbyhole.html.md | 263 ++++++++++++++++++ website/source/layouts/guides.erb | 5 +- 4 files changed, 302 insertions(+), 18 deletions(-) create mode 100644 website/source/assets/images/vault-approle-workflow.png create mode 100644 website/source/guides/cubbyhole.html.md diff --git a/website/source/assets/images/vault-approle-workflow.png b/website/source/assets/images/vault-approle-workflow.png new file mode 100644 index 0000000000000000000000000000000000000000..b59d962f76765fca45be559a36ab26a7045a35ee GIT binary patch literal 53140 zcmdSBg;&(w`aTRe$N)+U2+}a1v~)K}qjZ z?I-_!AoTy=+rIiN)caZDdQgk+&BfgAFMWsL`~dEMZkgt;FjU)ob1fu%I4Ff!PI16VGAoSxzE@S|@gLS!eXq~D zCo<3@UYzbCOpA)Ev5bArUQBDmmCDDu%?%nQRCF9%USI4`h~CAfx;Y#0HF)B^UAJN| zKV_BuPSBwA(SP4ECS25{SJf@|Dr(|X1RpAKb`qH`zT?9I|BSFbNlr!`ny;4IzDKY( zk(M+bPYyQw-VEmcxG@ZQwb&IrX5`7L#5eP%Q&TIT5sz(c1x(X8U{b-j^K>zKF6bgd zBCsul{3Yo!+&pS1{c`}%YxdvA#Ri|)N8JYr_G=cxnL|np>(7nrCO><~{Fhe|Q~^E$ z`_7)+!cODKtSzl$rQ?$#V?*zwQ3N=#JB(>=X5(H5eJPvKYs+7Lu%)~-H|uNq!CGS= z{-oicUq~vNQsh}&SGv!6k20Cq*%INH`0@H^k-X5^b&_QorbE-2MT;x8Q@y5^Zs!T& zApdE0!}Ww^x=03RicMj`^pZmxCgUNmiENLkRl1g;^Jv*>Rz#ltkCWSXr_G~9h%G)k z|KeClb^2=kh)i*^cdxGP@ti5n>0UQgy)Mk&R(Vi{dbzf4C9Phbki$3lo~RGlSZf`} zR`mAAKUfy0b|31$?qNvTyg`IgeVx0X_kmDV_*LA_sh@1**Fh80*8=T#xPoRIJw4|Z z`oR*c-PUpw+a_&GDVna&H~e7m#nZ?n>*^M~gwwCAm4lKmaU$`4>76Y^uunITIB88@ z&IjU#@QfL7v4C6RvwAY;yK|>b%dvYpe#{JOEAxtLK-ftK7~|DBiC~n=w9Aye4^<<$ z3)eog?kjgASgYYw0mKQmH~T->g?zWoOFXMh@*+cGc2+T(izr;iGc$S~U;VzmTFs7@ zta&+Okj+2mb&#v+bFo!(eTBvR8LyUoen6ypNP#(6hFF(=CVKAYu&UVBi5NL&&+;{} z)8ALFaobi7KG$a}j&t58=x(p)mNw*Ed>cvrp9A$Tgqg&t$7@01Wgp;kIv&*#Rpn-oE@s7ftVSK!34Wp=yREY345+3m!8QT@m)$j4Yu8)*OcUEX-Oj z7We@6a(O$w9b$dE82Dfed_c>rDI`oeC~jCqsIQrCxG$(0ZnEOdg8V57N!;YYwN?eP_$&?n?;bEBAVVJ?Q zKErGR0jhG)fAqai#-m>cK1sVjpL<^Jb`Yw%O(~6^2*Q${$94qGbU=n{6<;HQNj&uX zg?1XAgWXf*kH$<6!_1Pe_J+NM<=sEFecq;HhW5w`>4d##~sEh>?X!9EAvmTU=xp$3Tv~kO?RZsINO@rT-?8^+L zOy)3MxqJ{YXhTLQ2BEQ2A>3CgN>DkT7~tk+8|iXdB0N?RJ$p`~2aMXVG{PI70ROg< zdOR(PZW7Q@soV66bn91`vhaLpw~f79Szm^T>h#(sYL zitwL%O-48Pl_IInM?*o%@9o=5#7VtM`j~p9f_}i%u%v7ihMIiM)ncxDaK%H%oTiZN>Oxk+Nx-EU!xFXKh)I zJ}hzh;AGr9+C;DLkb^dPh;K5$dR0@~@b~9&RAc!P)F$6xti1Pdf7v*#@mGBuYrU*_ ztyohp>+LyOTciD*r*RJ?vxMNAuQMrKX+l&>OKibh@QJix&uQX#_q(S>1M^i^d--B#6%uuuIZsnqb_j4bgpt}$;h%Tfp0qdtW!cvc##Adht z2V-hSC0=>SrYO|NAawcz#mHzvtS2ts&-j2F<7zxRj7*}CGpuXdY2OC}Xc7$=crSZ9 zhP z(;;4PE|*RlfqcQ8@pca@jT_kO5_QBS%ze7>u$I$D4nvM8>RgE|g zA*jSUM#BhK_*>Z)-UrlEyWwdbjHs(RAJha0RqvvcaVl|e-s>1)HRkk%MGrlJbdZJ( zq3N7H7f@+(f3cq`;-*R^yDe+lA4s5YnN*uZy?sww zDsxRsXUL>MQszj{b?f zVmUNW$KlX%gDp{<8{p!YXz224j(I%{mH?%Hnx7$xb^Qd6Z}z>1N|MBv2v&Xio%3n; zGzT&E_yWz!$*iZt$z3Uw#ptW~pU+GsqXr0lcU$b=;R!^A%WxlnxOW^KzC9MqAwA-vQsrJ_xJ3hjrw}? zATNF-aicm z-*qN`^k6t={0Ax+m2L?ljYosLtVP_8o|k*#T5o|#GZV&ZEo!oc&)%>b;47ygox=2K zO5a0jL^j3BbMlsC3t?26RfL7h^3zA=8ttTyXVJpBi~3v)0S&;C8(hxtIa9i4jJ3Y+);ejF)k_1|&1f-mq{+-%WG0 zY~S=9su-%UfG6j-2&IL;z@G9cOU23ZM|R_{4OQA+QxEn++W%c5S<|;Vpl?S&1 zZNM|OudB3Tj9Zbx`B?_TcHev^6$GK%Gza7dBj}8&jseCFLoX^dYL6dSw%Jz9ye0VI z983`-P^TJJtw1!Uv&wu@%*xWCe68>u^%)+#YzJQ?%u3!S$n7d+^YTUv&awKFTbapW zpXX$uq<(uHUqnFcgw8oGmRA4CmPB|osVUcm;kGBO83E16CB~JWo*%8H&7_5@OxtyJ z#{5>M(YC5jpn-Xooy87r)~jS$K2FrZvt9kLUL~&NG%{FO*1JoXfY=&?-A~#XIfwrW zPYKXSIrAd<)6aR;8M-Ya5%+wQ$g)GQ)obCE_tROpjo|C}(t+L)tX4G8khZ-M`8U!^ z8)kll-1M7)d9as1ic_eG;rp3Ai*8C|X5yHHj{<+MA3T9u1>^^IES{zpSN+l}pduin zAk-7V7YysmuA`m2t2AzP>q?3|bm9d~g>Yq>V|l7=YmmxVtO)iJxY%beA=i_FeJi}JxSi1N8z*TG2%7vXj-6Tup*UETXIiev+hS`mTG4`Y1 zz1xb0sS%#{;|vKKDvU7{6A{a;hYUuEFrg){`N{0C?3w9ia2SJTvzStq-O>V`Bykr6 ztkhRa^{b(B@m3oweWA8KKSQz*x$ia;M<-ijJwJ;1Y{1W7+iU*U(P$yTv{7d5;H{{( zGzL6Z!eJX5T3A}pjNH7kR{-i`>?r0<^Usw% zk`)*AJaUl{suQz{4c{~T{G99O6U3A(2RWDP=cNMYlE(yZWij`v1`AHpJPGVShW`V$ za1)?fACs-wB-WL}ISBA>bJbfd>n*DjYlbI{5UTKe)D?Z-Xn-h z>l?zj-h^HaY>LvYe_%SbA|%qc9?L7tr_TOj~DGwqniE=F#78;0Hji@G&*?Fp`UNcccUx|?KaW$^sy@g!`!ksTcYF~4 z1%3&tqeCwNEQE;HHp0BQ+VO2i!)C$DOR`ADO0Dux-2*T~Xc#P+iKTWvV07w9)#p6u zn~h(rmjFOQ6c&{f7Pu6ZcjBK8_+AqtOW_5VUq*j7Ra4bOSieWHuqpoIpmQ-EZRbU5ky4$*Lk>F@T96@lVbR%})(0pBk596+@5!)AXxu z3f5}>i+wOJtkS0QLR;JAkFG`}31D7VI5Rt}X_aWkZS&wx;2LxXlNgQf+*P@_JQxTi zF><4^N4-!M-s|wWLZWFLHEMaS|9CjwXPLQxD zCJdgT$wkfWSoVz-+UR|LXib6(+iJc#)(594W&rOmt}jlf+; zKOw;Md-Z1wocit^&wB2Z0SM3aYsTTlPP0%%!`-VJa(u7bcS!L7YU|zn5`Y5gwV-M? zT)hD3LE+1VZrUCI7?7-zW8YegHXc7ZP4~UVytzJUZU-N?5%AfNxa`69lkptd=OcxwpBG|RN`KM zQIU@;dP>dGe7SE5z}@1<;Vf=XW}U|j5deX}0yDD}hf5MVgWs;!lWU?_SZXG^mL9o> zelc#;f4|1Q?stN}Jm?*5->vlJm`_H6QD@28<@Sf^$2DE3H_Q+bZXURIR+R+*R{*{m z92k_}CUK|bXRqJ1!HVTk{?)CR!}8q=Bm`PxWhw`t?XJlCi`W9tHE0Z!ljXR~ zF>@#t<>VeVk5z@{dLW8kqkZ*6o~U5lFm~4+7Ewy~rI^7P7Hbam7q5EC}o$QS_kcea|$Up@2)N?Dr-{?)V_z0=f41bQlafP zd^oI1b^0R#prN5sI07AvZNLImj*EDkEf;!jStjUOV1k(|^6xYpOb4;m&??DOd2Vu& zu<7(AgNMC#eN{mY>0ZlAVY916glt!IJ+~Xx)IRcVK3``}A1wLu{ZWBC4K7`;{HJ7_ zM|?@WT7ots`Mcnm^$9WYT$6BC=xw<1Gj_7?AS+L4ux5!Su|&j}Jgl8VyH&blgrm zJ#x-zft4)nXUIu)QMGNaeM;Y+j6U^lI%tW#-VK*`C^c$CW9~1{Xf=C<8Ukg7MCEsL1_dbXT$%i`0tF-ynbGO$gdsi3Sm!k~c8Fs92+Pcs14V5=1-eO)co)iFnfqc2ad*#C?l`4%Ni=+^H5x*v#)KpY#VqQ!+5UiMDtg5nUe z7{9wNk7Niq`p8v7mcT7#-G94W|BjTiZKHOpdTNM$r|IJ5oXdU>0Qx~IWsIIUATtT>Xv zq9k#AiFZcU`wzm5Thb9U(Q#Q#kYdLOj7{ZhbkZe5-jR}$j>0cPSAfnYbx>+tH(Cb~ zaGA^7;i+u;$HOu0%-UXg*lm*!CwtWMr(;H4S7AnmB`u#F1AodV5>$PcLXf*0B@BK#3Og>JUA18dM9j*ui zN5q5O@2txQv2c!^xv4^j?Xfk>NtMo3pw2&CRDYkM9@luG1K)=_klIxnquf=Q_zgPeyUB+w%YfDb+l-TNQd-ht|mO!Aetk{C)?_u<2&LHE_6;6&mcYcwKdG`Hhf+9l`3# z(lksO2E*e!Gored^V_hGAX;+{O1id*MqMmm&A8fW`}MP)E?Rh~dyzlnL!m9~!NsXL z8>Mx8r1A7kHFf;U#k-3YtSB%!D(^Q)RD}D!x%mB*Z%Cft)WbPQaQ59pvFA0W~ zV3z6LE^QS}Rc2@}&GO1;OVw2b7)*t&3g8)u@X;W#X1G`jZ4Il1W~>2d_4Jf?Q*I3G zPOso!w3DWl@3Qc0*-LtU=_Gb(WM};N=2=BGXMg*5Vg|xx624it>~z9evV#huqb5pd z*_YgB5Y*v3`n=31pt)Gr(aRdnPkY1mbX-c@Ox)5>*3m>Vg`xqU1>S1}Fkd75K>QV6 zdu20Gw5GeLArjI4F>NR^S4vI2^aC|}xS4)eO5}+z7ZK*ksU2wWoGH>u<@Olq%n*6u zfEa7TA@AcESL5`}?l9CN4nK7~DCs8t8x^6g%8p)y7oIY1zdK>D$U)4$1WD!?ci5~J zY&B0rA$p!hnhFm>8fi`5#<%sG=6-OnR~uz2{s)0;(2P^;ZJnYD@!~Ch`khNecUjpp zNMzDJnMo|&`t9Q?9&beI%meBBFo=`GzUro|+FFNP&AwyoK(&;p4FuoC^ zTs>SFQe;1}7e3Ve;HPcdMj3Y(;uf_sz|H$`z%9USj+Q!Qx$jJ!{URNtpH1X(*ux6v zyg|z62c0Cw^dkeDM8gYpE#G*uaX}MC&a7xF>`V;C-gKH(LxLLRc}r9(&Cd&0*<+K0$GuC!H|QmM z#lnQz`u04=ZaK`LJ6erR(%@1F;D4R>OVw-y~&iA(dIQ&{w1!a|G7C+f5KS*h>UkMs+c!gBH6gSZt+-^$P}sJ1Z1*`k54 zx_NnvMU(h9G!E=W3s^e5)ag=ihk3xH!s1mmi`FxCbH0OE$>0^#15)AxD@N}Zmv4V( zMX>F!pka58$b0H^$XZ1(Xpd)82s`NT_w{GGS+piE>YhH2iCyt!+5EvvjE(5!O6k;a zqj^*GR$K&`uy>3;4|uox+#)b6DdyfQX@ucIjyuTwl&dK3wAC>`BPQy=cywC;LaKED z-_1fdH_3w+ycH9F&6s`1LwMfoq1Jc=nKUKdUaGM4;4c~fC{2mmQkC!Pm|vzwV+x@u z5}}xp?>EYtMxVQ#?tZ7jZDUgETI{_u*vv)PQ`=+w^ZDz@q}9_EuQsERZ~J90oJlev z{s}Hw42y8dT#+_PGINp*yr(6o=&Vzb-siyZ@ z=E+y+Jk1lO?4RCwnqirew4Uc}PUCMcJg*C}E~wNVmwK}Dz)ILERKXNY$*%9gw0o

    Y9MDbCAOX?v7MWb33?!2yJcE43t2h!#BAGmR4_WWE;M>M9FY#frT$o1r$_l) zj^@LT0Piyxx3)W7HH|6LK3hBT!`K9 z#SsGmoD6I(Us^(cy+hMZo9b0w@F~9$c9?GqU>%qONoGqlf@exuS0E%W@S@t4bZ70vsrj zxCzl@AbTpNlyX#NW8F2?X+%d;+XG|XZDmi#-0s(R7ml9r5xWJ>r6^MdSjXP-f4fV= zJxmhqVm(=7BKd`?$DsxC#MdDX)i<|~Xqy77DZBVga!Afgq=F&s7I98whVLaW6R-T< z2``NT#lc#-@`q=>^>&67-VQ}gM(969oqUZcitA^iR%Sa?HDd&9557+>P5Q1>O`Ip_ z_f-U0lA6aUFL*~T>UK7IfR5A!Tz+Kfn5c_`P#o?0B2qmy^jq`N!$@;}bNW_OyS-8G zFUlE?V(x_eGnQ%P@!s}`pD8V;#Ob;A)^V7YX_Q!VzRQq_Hm6SFwPb0kWr6SfKS;mx zlc(351|6_)Waf{)imtXuSDazpy}KwnFp+@O{YvFBr@}j!a0>G!ak}~GZ$fBz1|Q_^ zkMoLQ7q>;Zm)PC@2i--Gm;d4+|>#|#Y7THm-Wce&rQgA=y&5vN``o<~!`26hd6 z4|ST2WHNpM#+NN3d?LIFgSzY<%gr7aNLG7VbDP+{jm}nW5(`O5SDj(P*W1re9Pu-vysjFm6Dy1==9@ z`{ly6`tDU;{lK~8vNxfAf|;8;&mx?|JL_g19nfMZP zHYY5jjrMVX3Q_d}Ji%d;eRChBs%M;QSaEXQ zC82jWIsAgjn|bl@4qV#$d2HV;0b_}cUBGoYheSxkN}gIk-qk)!6k)^pVkafkjrD+x z2rH1{7VIf6zD*dLRz61oAGzz8TWn=22JC6om%umM;zs#w)fMbTR)?XZT3X4v)?8dN zVi>rpT9Wr$-19pmeZP&$A^clVKJGMF?61yo;^$Ik#U>PXV90-t)|7H;bM?R5%34C* zwNp__?AN8OiXcJv7+>CyI#a`<3DcP44(J1)`?$(&EprH?kcj zMqjw$zar_QY-2phQrLiy3Jp@i2dp-PY@-Wl{NATg)D-2JGT1=%=(z$9_xRalpYoVP zwMeWY;Je+NxvZaFY?@v&5^$`%H5VIr+4aqh(kP56((isZb5sNw+g$nG8?37MuWO24 z3D1k{tjphD@!u{c`RVNb`@XCo8MpUYmq(PTk#w^T%F@|Ds{fgi?aG3VLW#Icvs<3! z%EL_(67-6ztWxP)7Ak&a7(1J0!sdb(`Yox40&QpW{lawm;r0&4q>Uv0dUU(Zza#Z* z-IJywbWxangND1M@zf=*zYVw3^Aq>7;w$K2GRvmmM@N+25nnPlmyB|}-*=BQQQB`Y z9)sW(H5xuysFi4Ui$bksRCms>-NY^TIlP50xDambR1EtE7y2Uwm5mdqBymb@v`#7z zjN2Np?V$bWvvjE5J__4&~XR?bBAF7*qsh}mVO zC-xFwUJ>77%AuX7q!EGQsuPR3wK(CHbNC4md9O4fYT8_hV7#9R=&1LFzL;<}HRk&6 zwpS)ySG@IeXCA}c;ysZxhzVv5_9QyCdNy@1m5o#BHm&;k+-YtY140ZllY)ISrf8$7eWlPq_3;@XGUt+$X}?OgRSPe)N4(+_zRH zAb`vkX>S#CYK}UTWoVhQI54$&!0(g9d|CEht0X|44lV8M6H8J z!L<%s4>#AdAzLZ@GOBk9lxWh7738gS7|HWX5)5`joBq;Y9-=~@wE6HpWci-SciXBb z4}JbHA-#X2t8N0q+q**DRkEk?iayEc>rVlF>! zH*%Y$VVYC&M9h=sXi3ckW$UU87HW^XhLW|*BA5%x61@q-qnSdrb>QE zmb^tIoTS&zQ3dL0nBRfI%Aa9*3xYS@9wfJ-FdzRd@LLYQO8XS$!nJ~N*uwn?Oyya& zoU3V}a!0Yrjso50t<03$s{RK6ve;^MFf(kJlnl|9@*_U)c6dld7eIpdoZ6FR zr!LWKMEP9du(B5Sr75qO|TyEwjpRwI8W1*Lh;pbd|_7l}y z%lmfG0}7=h*Ga#l$5NCxI$VWM+?U5`lXh$bWJG@Bb`$RQL9}p52$FR>9CEab{K=h_REHCC1S5#_jN$sqx zrtFy_?zqx0u+$GaL9xrZ;N-*bO~AjO%#=!0g1%A_EPeCf2A|@CxEogQy|C3PP%mR; z$A+R1D(b&e>{S}1dydb*d@a)&+D%KhXl@GWlY%iNtYP~GgihPH14Ea9 zzUw<3c{5K)E8kAu#}J7!50HtXpk%6ymfYrm%}Sj>d z6krTw4K&{*-$Kv?&v#P)$Vk<wSlZ*~J1gZjsjtiw576JL$n7Z5B`k6E?UtWQvDL>{EWlkt1gJqj7mpr-Wv17*@iyCcMxtw%vZ!D9&eAC49-bVv4_{C?D;feRMgD6vUiUXnDrei8C&7=4(=g`q zx3vFTHMGltOmQ*0Yd?fj~(6+Z4x)U zRqTUpNp!-eld>tC<&nV~;yG$YXHl#02@l8n95mJPHv+`4YSJ}MoGf41B7U#^-cRL& zHTLBUFNcV1pF0*Gb(=@O#coW-VoTeVf^41`Wb;MAMI&9jW{FW{mPLW~!q4gf!DmDe z6~?dRu^?SGbk&-kkZ~{XcgbOaa}zCeUO#xpi8n(AKh&D!ZxfJ=LCtLr)M7_-}GS;rGlmJ^!_wTe^XQU842VU zsvw72rALDc;LnVCsR%P*)^V`+V$v&)B1mNQI#K>bxUVnx+Wlgijx|B`_O=*j*$MSqM! zHg!QGSFIvh{u=>o35LP#m<@&8 z1I#ByV`pRHtjM;ie?PTaMO#|%fOGSQe!o1YaOB^!5|&*?ARC%k34vvHGt>kbzdvIE z`n>%_e`a_DqvQ97pMtzkW@=7vRet)@zZEycTYXm4_?G6?D{f>-U|U80w;TK60}4$i zD`rKg`am)K{VM3PVb*U|r(7KT_A&lGkox1bRWLrCteej1vtPwuCuLEJ(|$ACPDxDu zZ82xCK}P_`A*Ht}#P!gBxq1eEnFJ?HGqii=TMg=BCpvX8c&Gxi`bgs4gEsH=>WwK`zRU zPS-h>9+Bp`y_Yj!*Zw8P_vSinSFoPlIhMl%w8WJAJ2~UoI&F@SvJPZ_LG!D-U^;To zG=fkTdCV_BvrIeYKyz5$#%R0<2Dgboe)fhJ6+#g78QHY-KA!kA+&5h$Q_puaq8h)^@rDgx@FbkfIbS|yxgA+SPw&q$wv}dcR@dMRJ|sAJ0hqt>#4OI(w6gm z&~gmLvnzWa|Ip|)s9<;mO+%8dKV59oK;j%ljU`$T7dlWj_5A034}LB`wG=fiB@4>y zB-ZbxDGXomE1?+L{YxtNM=5{3Qxq#%$1udlM=$HP-go-F=YS4Y{{}aglqX&B=NqxQ@)8M%| zUVcx&QW*0gAsdiRoR)Wvg;IJj?T+c40TykW^{0=&CSTsWY630MG}W>!#?hX?RE@#} zzh3^LiUIe*@+$J~RX1u&GjUpsZ;7psq4Oe?n|@zTh2kiC`RRBxsvQazTP^<)8VuT&#^b=~ z4d2`Czql_pU-Su@`U3K~@Xz44k$j)lh&PAB`kU*UXPrf)WqtAG5?3}7{E z#qcbW7}mQSiL>oF9Xo@To}$kH-Mh<6vDUkg-2fDI7}cn)LPuPipC zsp%0O4B`KEYqpS(O#PS&D^f+{pUj9?ux$Vw#0FDMX-9F&SgdlZ!_l`YIwkeJQyTRh397#A*3~sz{0dGA? z0W6u6tqUOD2_k=4o5|8P8>`56pLgPUoW;t>?LSXK#s9`Y&DC!}d;Z6;Xa^r6{lx=D zM!jXwOG>D*$+EG?wyq}9K^JS(*}cV5-S4I(XZ&-03p6fKCDi|qcdkbV=F1~_ZuB?R zp#_7eHhBiWS}dyB>mnzam6-dx!EePw0LAOhoyL1$l^~5WK(jhIKU^EGdzU{{A!jUN zeN=deR-pUm;sk?>qlu7t8u#boJjHxcuYLM`v52wQ$W-)P_V0rP0F|sS$?8u`eJjpL zpyNEMc?+LYQFkz0nI944UbH!st2lq5gH*4aR!`U-3q>Kuy%=ixy)G(W=#Q-bmL;@T zq?pwHJK7#}$yb4g65~kc@6QU*j2UunD>bGU&-(#yLG;0^4t!If%fWdOSOMW_aQ@yWH`>2;`lIkB|my;Gr1}1Ns!OZ7u5g? zNHqew^(WT>OQiwAWWzrOO{?Y%b}qWXC6@^VdBs|wu!|^MM`{c&tF!<^NoXK9NRuaK^M)(I(s1IVb)w+ll7-mKB~9L*+=-x)=Mf86Ue(!Ji;ey04B zK&C+7Kfj!EXuey~$E%+b#eCF{R23q9b2~6Vax3-R?=S1Oh>w9#u;J4bU>LLm!d=oy z{cAf7qsG^2njeu<9pr~R@0#Er(-T3OgFi9md|(LmaJ}nJ8IZ;XA?2l=SIm3A$!tF( zCL0w}nbXV{!WeOY`|i8YX3DY@uKrMJb%f`VJIc(UIr=9_e+uu7s*`dn&=rUQj zYC5t#12#hQXPN>xt?c{HLG-{MP8!+9rQf` zwZn9oX}j>)gH~-OY}QJ(aUgza1A0Szq{MEj@W_~<%9BuuLqg&Xy%M`C;u1+&QZtfQ zvv&Ev?*eFi9jA5m$Chr8!Rv-c3m2FG*@qU8-8=xw;`?miZ#airpXs0ydJ6 zcmCb;`U#U*_XDR|Rg0(bHjIDW;8z;pR$j8@3jWFYZsg{-YUW&6X953*d=|*s=J-MS z|5cY7RVP8m43h-U=G|DbZOK}Uz>lqZ*H(0rAY@)zS{ACN*&m=4?Z+LwfB9nI3ZyTg zASwtue#BS8Up}}hp9At#I#YIR)xW8v1hQ@P9=rG@F!T{Ve~=Z@3GaWSLxAcU>N@Lg zDPAO}3v{FHNU1e1@Bqnt*r`AoZGiWvW``2ZurBzkq^r4pr3W+wwDmEO>_Ru7UdGbA zPi*9dDElc(e(%!A_^&%0VF&)}$kTq53z+|HYH^PsWUbT^k0iHvM)oWsWlJvOrlEsH z+NI*NwH^=S4`+(Fxh_#%K@&Wy(xcoSZkaW)G5ksObiJr_VHs8$h=GeUP52-4eJ2NQ z!=j-R(w}AEK!pK!h|(@N>^jldXH6s-ti>>*2IQilAQqS6cuX{4gW+v`j`v^c0-Hn% z!zaB6_V-LZ6f!=}`Q9{6>{&^Y7&uChT<%S1{LNdf9-#fkW&Xv_GOCU|F(zhzaBF#x zD&9$Tqc<>t>9-P5$@suq^>x)!n@)|%34*G6|7rUrCRKsQJ}WvLrSv|ZP@IG zednR=!7-NDDymnhDgUkzZ6R^OQe(eU7vD0rHa^tmZm?YSZW;}+roi&O`l6E~n zVO>iceS&PHU+hzOtY)GXv*)F;+`-E{dM|~8`GciG37G<43LXEaGRPN0x{RIVLOF0D zd6fKuR>0}irA!w$ov$N6ILBOi)~BwWb_XnDr)7YVvHwTToC9)~k2&tv5UjdU5u z{Ip8P8$616?%7jX(|H`OA|~r=Z@{r^g-z;;Q|mD|`I~n~-31DA6&?5A@rH^@Dze)= zfc1#<$>%g6J2LTf zvj%mKP^%-TJ;RPQip~EnRWJ!GRiz0<5Ez=cIo^}l4#r+&Ekyn8yXeIxp%HL4e(uY_ zn^GBpC?Vb<4N1ggOfBQg_>hr^tYxTq36;5@V%ikh-Ge^c>M7DL(NY0~a#LUsC!HY| z+x6^sNI9tgu-<_z9|!6Oq}ORF9y3ho17fP$ZM31yc+|o|BBX(V+==;t&naS?FnEqo z00D)UgOGuw&kv!C!+sDP3i_0efQ;0j$%Eq4L}iE!i6M6?NNdxIc94$63$}$pW^;Lk zBe+VfiaB)1< zT{IO~=F2YKgO9~ua6ow)&%^BC1oB0+XgA$=dW{WttKV7ehTu?;fiDLsaJ)Ji!=TOd z0l^vp(&{(OO@M6-d;bdou%(9@!PUq@0iZi*z^#8oG5iEpn9q);6PM+ZC00A ztOB>{z9j7%^L=?7vHx7oen#r_#{TBpHsA|B#NQFP0p>qi07cy%a1G2mouHUoNfv>% z0ypRI?)Wor%DWpnv=b2ijH@W#>NO&3YMUt?rS??}3H?(~U@S9?@pGsJ(x-I0cs|}s zVX0tg;RVkw{)Va#{s1v};aB(wWCH7nC}a_U3&`;P@gElt?m6z9&qXmtMJ=$4_KE>f z@+kfVD5l3pN9>FlI%RPl+mpfdSK!2GaH;TL$PfAS3#>rUY8ya)YYJ$&&dp7v?$v4M zpPT+T+G3zj(Pq|G*aF+Ps(}V5v?Z!mn2B@EzP`9+l5Gco;mRWnu5KC;g|P?(C%&If zt*^<`@avmb>gwAm9xTXY7Ww@FZGh#!T}O9uxJK9nidXJW^m?L|C4i);E#hMQ$58wW z>4AGIY+$kZ0CtcE&*YgP;LxAQA=$=AC}*=z(n$jC4XjjpTmxXbKV5OfdO$vq?LlV2 zs%sj2Z(XG*5qB2|6UdPCjT1%sj2|Exthdbpmqc``{~}(~V08vycTxaA+1Jec|A_hu zps3#OZ@@)Ly1SR|5Tv^n3F(p+C8R{ULmJ7Y8%07&O6d-1P)g~NZjgAN_4|A0Kf~zg zIKtg~?{m)i)Nw>S{&XnJ44|u#r_+rE-}4sl60}C0)NdD-RYvg7Sz+dn!FYxk7d@F| zCChYJf?k1=|F*)cRV;{3LB3%908u7D@=GyK)?wxfZmyoc2817UJx%}j|5GC_3I}Cs z8GNrZxg~_t1&zit?}H*;BZP1QB!SGkMJ~q^`JFLs>0SsaeSK^6ui!XqYXr_GL3kNdP+BMd>fU><4F5Kk|9Tlep<1E3PN9Urg#A25>9dFQKoVdx|sm=#{` zd|8ho;ClmJi+c#pys%~_+2=&%>w+JQ6*R+X>Hb^buG>2=2k9DV5^zoiq@tQDvu zKU%EL;E54-tIxRp=b4k8lugXr=M`|5V}$!Z0_gSU?mUJc6q#q8h#N-o( zkH94r)Qp(Xn_KF3;NXW~It0&kbD)xef1T#GxsdJ8yKx7`<77sl9p- z4Kc2qMir?xzeD}3tyAv>$RlYg-9kpA!b@a|RG+dZN7o5CFk`ek1LY+x(FDMQjE6@) z-+&L}rXlL#-N(W>%p&m)+@w03>&0Y913PH=?C`*;O0gzemdP;o4)P0p=FXrw^=eN6 zzN07NU;?(7F?@jyda?%l%R}-`{ntR|%!5G#EmM2N=o}Sw+9DSV zZvWz!o&w95bmg}=BA6^_YH$Bh9f0}xUdFJp1UwSE2P~NmHPSSE(8}t(J*&>Bs}1na z_9zs0wAg5ohix$qq=0oN^?(WWm13Fx0lvu5XCH9xniRJ5QrLSMB?5nrP_pcNMAgFA zx33>JL7&r7oB($j8=@YzDtEo!%W@mRK;$C@0Sm`}=fVGy!=_M!z>%{MCORxQUYW0A zRr3ymc`gXiV|ZR@qx!T9x`RX(EP%TOAPgp1%K)G~kYV;zD2#}-bCTJTM=wGcd6q%v zFtn(Us|E}F1G!Ko*>CZVZ&x{_53Rr!{z->Os^U&o=k0)0Mv8$}TrJ9{x`zY{Br#+t z^{uCjX1T>noI3}!A@W*G-PyJyb<+{A`;-WH-G%&-r+xA5tWhramlzvBm2NI^0)Q+o z0_2j$QKIoGvOnU@mlu;hZPO-Uc&m6K4I3=*2yz1oC=>9ERdx(X95nx_{F8}}cLGp` z4gZQ!W+*R$^8i!xK-fKjzG>ByI&ZCyJdMv{1CGFu(AXZ)sFlF-1wYqz@3WQjxR zVr(GahY$B2+XRGvCJy5f1{Gp5W65T2T>|Br$BBPDubH*Ge3ieYZ!s^V| zt+Nlx^QuL`{3B5Vy)*0z$3B@3@I3?fEvF`tLc}=_>pe_3a$f~F`cxJi5-woj7#z9A zwxDs<=nAZg68)fhg|W0rtnM)6SFbp>Lk}|r!7@Sm+ELb6!A?z+(R3yRr(0kcd9#d@ zYf={_e_{eCvc>p>-_~ryDz$!-KL6%)A@KIR+KVb}VHj(NfOMm5XJ9$;vTj9w@UZa! zhkg$Ymu7bk;_Fra(=wX3hv=D3D1pk)LXUWr4FEpvZ|;Et2nX(-PTGK*<*P1NN;x`G zh{T*Ec(6CYXK6zh=z&|S3aNHY1F19B`+jG5hrqcfMcT-lshISOT#KJCz1KbSH?5KX zFldL}p5pq;kHC)4vO!yeXy(~2Z1n#d`cn|V+q#WbA?O7ekP8m+zYuUyAnW6Zt|cIh zXkMY}1!gM^A){1DPoVxOoOT3uq+uT2TN&~<@?^#4D^~!Byz;rTsP_V||KArk82FgF z>~ctZG$`JpSV86|Di{x_rT1o|^{A5hV3J_utuu7Ec8V9q_5kL$~n zHp1TKobL|sQY~ zf(`(?2u3&j*UV>cef&ywRwY!8;gKc7Iq1S61wI7t3N&Q`;a~t>%-TbE1iny)#`S3= z_%9g?dh8k;XdpaKZ1l>Pe!#d$`blqoNE-b3onE3}eC)h2&?l8qzdyN!8ep~Mj&R!z zM?4~5v4Xsp85dun9a_PQmMwB^Z>TE%{pQ7m%;rD*TN{DvvnPI10>z67V&KKHEK+t1 znWp>sp!F@2aqm4B809GS+T?{ z2BU2R@al2I&`8XE#%}dTgh;iwrRm^<0ZNyyrt+UdaDG|wf5$KIUKSUf9Pui&Gp zE+)9IPiRcv!pS?vI95Z3w>$c5IY_0C2a6XOkzg(MXJDeS8Rd$Udc}$GKzzX8o~?ZW z2P4ty22LBnO)*h08T11rmcEY}OY!DzthY8H^kEJvbua0$%cp-0VhiH)e66o@iyuV6 z5O`04f`>0O-uQ@Cav`KF0g|bl3OC~8`&?8K3fYD`@ym3x;L>({%;yO8XuaA{>)Itm zJ_Mb@ndvx<`BTLsI=puN9x zYE~IU#bm?3Tud&=qwj`MKL0AV-&jbb>rD+TuW9x(Dv*G21ya=D?QdY_x)W2P96d-m z_}56}IiVYzmS=F1IEhwAC%}KJsnkd@_UrcyXsvaO!Y!~zrn~<=1;*Ui} zqqa_F1CH@emEmE5YSh5)xMq8BOl4`tKWtJQ`VY6euUxZwA%EGhP(^U+sdCpSmwr?6J2?lx{2NCEmWOa%J6p3d1X)m z9HtWaU6Pd=dk%a+-}26$c=Zqj7P64|jgCf0D;kf{(1m6g8g+&)2E&*T_0Dh13?7hn z@WNu9W9Di0M^^~EJ5BcM3w*s>$xkLjWq)BVd@~HwP|#nz9gkH|u0wjf)c{uE)$9U1^*kHLrB+F*uT;5!4Hx?oO&1OiPNlvwWFffu8; zz6e0C7(6Y)8lF#SM1yIm+=lsbp2s2KTwdW7L7ulTry3O0v2bf~d!HMK``rP>P=p2zp*#Z07rKLo@ zeu34RUgS?781wHi(UAzk#GGN4&@~ZFw*6dW0NM!mckO@_$uOv_=!SfAS6I*{WHNUA zq8qG1Y5P2dH47~u6LgVt>hfF!w!trF0D`@+7NhG;nYCy#3@wUOe@YlVvk8T#lJYpN zfYUz5V5G8+hstVPX7b>yQ|65SqWqbl$KVdMB?!;1ZQCje63A0d)>TgeoqcHLOb)*b!VWLgRB7<284H_1&4y zs072?0eJ)q5x!wRCo0wh%qLtiYiV?C*;MQKdbM)&=YHBiamys*$CdmVO8zaI=z1 z)YbYrGwyfF>NL#HR4uaP7%}i=oSpPiK2Sj@)j3Cn}qu~S&>jzEe^b9ZMOOKJp<7kH9x>n<_ombL=q z&4x(?n9uggM+#>ndtCo|EszcD3$&mZV3c3F zt4UoDmnm}+6<*XIIW~qyb2opqA44cxPC4z)5asN?;zb{sU}Va~={TIH?S`NJ-7}Dx zIpNY9I=$BZ02g-nOb^_Mk2EN;m9rd9+ZA#vMK~njFIZ5ZurL6Z&iEY-mk;RIg9pre zR3nUb2052rINqu2(2Ibt;v2>&z>k=Ax2_*@vth)dQ3Q<8WudQcc1c#(`?Ti{pO ze;0N^Z)%3-Sg%sFiDwL^57i8+>-&*U_tUC@-+Ua;XcfvL4pM#3<^pub<0QbWQ^__D z#y*tQe&C1ROhtj7;&UyWoZATbto`x@Otv`MbB`FAdE0G*PW|V8DZ=lp5A62TrD1>% z9p*Q!)!=SBPenvB7!0PGC-s|0t5;tA1ru{{ar{yBd%j-nuMk4nc^}OGh^JzDO$pbx z^F|Ec&E`E{zQ*4|N3MHuxsd)+H~2m?R`TwJ%DW_>84{>gd8+j3^^fZEouuBN`UFM# z=W(@U&D6BAf+(}W0rah*!WO4b-gVD@(8%o$o!)iw{!Irt6jGR^JlLBtE1v#y8Qbyt z7{E6i2Kb`9O*lpJd3h~e8aVg!4(t%)VHJdZynDEZkP`=pos=55&3&ck6}uN5_>d>v zd=sC41^}1@U`qCVegak1sbm2*podx-%5*lhCBXUR$T+r@A+bJdKYv@$qL7!5{*&Fy z6#!{0i1F-+mkcZaZz2u(VWu*IFeHqo4jTAJKKwf3b0}e(gAeaLLmG|OZU5ht&%CpB ztl3VfDF;4|_K#3F4XQlHGZOkPN~TY;-p9(6oOll~;Iu8;kqjIV1yRxS8V|o6{Y;4> z7ADAn#q+J|wH&%HU zL2$l%Q9^HEJ9nsYLw=i~?uH!c-AV3!D0neN;XLM5%J6M}$n$)>REdXr0~LV@+owUz z-(T~*{^%Yoi|0>U%bC*4%sUAa@M6a?rm`ar=JJOO(f`=-pUby`0CmJ4aCyCvrO>uF zpcpMTIC=?$tam@!xZlkDzA0SZyz@y?(qd=elFzam{eFaD_hIzZpHgZVS@d-BX^ONa z2p{>DSvVnVERT*z;mG`W{L3|_neCN|#;3u5;4iq^!I@&Q%wZ9=K5d~$BnWRbm87qy z<(*n(Qx#vA{y3i;LkC}pRx!Kqk;@53sMAiXA zc9h~H_?E<_cA$C|myc`+WU{0hB!A!4_vS%SM<*&=Ow#*|QB&hjCgJT~13)h(1G2pL z#$Z~Mpi@0B(wbK?Pc~4Fa%xSEygG&&pu%~o?f+iVIMV;Xb9`QmNrJZ_2LFj-NDyME z4pNe7vcj8S#o7}(pW2?pqw7!xDgM~4ex;YB&}pV_CM?v9i2)BE{vHjeP(IQeykmzH z@oLQ#jHC*alYux7X87emr&{yj z`_I^OGs)61H7`4oO*F*-ZAk#D<04b#2b27Du%@18Et0k*_mW&1R}5;5V+@yVMFJkO z;PnIB3yw`6Xf~qH#43#Wa+AKnNB_ZGvTfD1Ug1r&bRhyMEz~yxDi|{np|9-dRda|W zTyO0oFb7E(%RKawQ5C5ePUrp$35%s2UwbF)3bkF6BFn3BBgn=suVD z+RE)zEU?QBsy97UPsN<}0HO}64T{CE7i-MQhQyTtRFB76v{+j-7xn2UNrKJX1wj9w4(IZa3p>E=&uVNJ9IQC$E^OFE~HD7M)0?hL2Rq<9OhDJWnjneD}-nde8r4G_%Id@`oOi+7D zhx(qS+jhIn0;ozUr!4-PZ;AS&dTmBoQnbo4Mp@8hIIN$ z{e+BjC3~};VUt$08J*oKIA^nw;b(XhdR-b)8&+_TIEdqUNxblNZ94kG{5tHHPF7%X zz>%Ag&UbVFmX5m1mz0WzPGZ5r=}nH!v5z4(e9uPBqfKdc+5BHZ*K@FV9&i3?bXgV8 zBSbbEG%U$@^~u~eTM{Qp?hs+;UMSwM-#x&92-=O&(f-*=``7T*rAsq2?YL&iW&Bfj zoXI0`QEy`$>dX1O2no5z--X;al*b#hUB{L(2jRk4?W>>Ym8s{c%@fY|aB$3}>dXrH zLo6*a6>ebYrEzW49M^ysD*HTQE`GZX zaiziO40yl8@|){SA@X!86sENwkhrdi5gad_p@^+r>QlPxj|}qfrL(%XT(qCXIav|t z!lu+FcbQ2t77EA5pQ6-v+hxL>5ZT8NLiJ#a?g1RzthK3C0YW~Ap)ZoId>$3#aIp(F z`7ic!2?DD!_ZXx${hQTyi365TMGICLmZ+WEkug?L@qO4XS=^{G781EqWqTV49pS-- zELJ!&CWlzIF@`QZ#1f-+FCcGa`@17}HXaq>o?;Ptx?UlGPa*`j?~?V&i3bRK_7gwK zWGe@%OaYKL8xdtR04SLQLNe$>7y-IbV&+VqiF&NX7_P+WSb;{6CISm)W>U-ne(#pO z%WeE1+yIiBQ@DFAdmBi6huTieTEA)CA_VeaJ4WO>pPM+MpxW3a%-xaK)Lbp=>2AnT zJ(M@ogIa)9@%gdK7l+r5`X}6h;7!4!)vv?wu2!M~AJ-OqWhfiaen2Yf<`l=TW z2jZ~45Yj4b)6(GjeIWlhSIN3s_@YKf`NaLBhIRj5#I`OcjDXlsU}DU^7~L0;dNd-d zKnzhi#YVXyj&8j1ARP}(yN9kMftW!yZN_q|w;>`vd`&?;{hk|Fe=vOn}sCFl!j6 zZ89K56;mF%U{pe$G4Lj(r$iuvrC#P@^jk+8bPyzbn16C@o1&|SanoZdFks&57nCOk zd0T)WN0t#&0rVyefQ^@LeuJ(z`05Z$+XZaQMt%hW#x8+c9~0h z&`=G&WuKHfp+A%6+K{3^Z?@U^a7R^TQbaRl1Cpo?&3R&SAvs$AgdpfQuZ5XuK$EAd z9;kwklJb%~xMHPQQy~O@7hZ)|F)>`gK8Geii2{_YbJ6bu?V z!=bXq^)4I6tAxp*|DPzN$+(B{)~b_IeZS!OTJ|ei`U8H|5_Pu6zPD)gl~g!*4kY2} zZ>7fs_R^JhnPqub^@&RG(Z4&0;m!U?EJ4F!Shu2h@2zG!?A=~?-`i{mw3Qjl-!EgF4$G_`Fkbr!_;h?om`7ep|xA5_kQly>Wg-xG>a_4lfwHVgND4So@qmc!Pfv zc-!yxrQ;zb6L?=WJxCEr^dBFf!0lHAlqAI&b}~q$`1X?S&$*~!b6o&-?{2`aip=u7 zJYCML2VAKzrO!l&>S_29`lLF88wqBw>>=r7P7{wH#xJW#sHMDU37%(oe>zh@Uy)=3 z-ep*Ibuu)s&JkD{B;yp5{NY{Xgj3~)zD_=;hLD|X>6=*oO}lP>|B#{PomO-mW@O43 zUt+3BI@eJPC_;#S{fggf-GKfvZF2jLV2ScN_ga7v5MhQCJEEu7iAYd${1T2thm+bw zE6kq|yGGlkEiSA{lx>y6k}jgMyb$WBsz40&^KmrLWzRv)QDW`y_>P378l>aI1-YoIqVtHG=lIoAFJ#CH|g!b=DM~_$|gjtUV}L7;kUA4Wt0NX9kRS z1VDd=0VEZniG;u`s^iQlGnDJ%Vk*|+y5;o{RlNg!>QgAk_kRhAUzt(Ly)$`J5Q4YL zy_)5IH^20IRZB^4nlClQt7>P|93#RqN9`DPxZ_NTQlp8ae=#MRj#&Y?RigAsU^3tK zgRMgPD*6HfnHp<^ylYgU!|xR`UOKYNigA>010kttb_EY{X{a7wm2sgo)yE(4G^`m> z;1z{>M;6Tel3iN?%MUufxI$jhn_{C5JroRp)(H>1Q95L;3$kMXZwq6>;u_Jg4pT*o6yP@045e@ zcxJDxrR7P_kv~Gz;Zke%PdFI(GV344Icxv9MZ67K5)Ny(oCRQvc)=myQ)wSx{Q;vw zI%3&}I!SE5m$Ekrj9ulim490+4;w!(ve5H3=$pFD5L5@1;S7dY6sp3vG_L*h>Yuup zl8!Qx397q$?1m5U9~$y9y7J4?tm>X0LX}vr$j$G*;5W6b z@%dLk(~q+}=QDZ2u@9pI+CR7FM~YjuApiJ1Z*9RE2nS;?eXUvy-x3Gs!8(1QEmnXy zL>%+(b&)u4(g@TFHQJn$J6*+cEgE@btW;3RC)8aamN$k4i692{9g<( zMmJHEi-$&b<0EXvJX92F^e<9!BcVIZ!wOTre3BRY+ln{RQM5&y6@@ zRM2f4*<#$_^)KQJO+hTnUd$Vd%19&y&GZFJHtL1CMPHzZ4`U9!LKB|V+sC!z;%igt zBF&XEczNg`O9+fVXY!!wi8cHFo>A!-8oYjMzM>*)fmO5g{>)C~%y0*Ckc%p6S6^T{ zKC*2M?wgQ8V1IJz1|5C17bo13p*_FD%2!5O&Z@W5K<{hs9XfYRDOku56S3*XY`G3} zSW8%r!_=G#GKBYEzoC7p!k_d>%xnXU%eEQ3)M%{S*6InC{Uwv72L;yr7NIPAhI(DH z-B0!=>2QrR6_)I^R^Ov0>upv7EV@-K1uNq-c9bs&K0DT|1sC=w(Cw|{hdqkD#0=92 z2>hFYpy1=AYVoI%^c_?E428_0R6J*|oIIwRn6uCwik{Fp%W}S5aEWM$Pgt(5N*sYK zfq^J8^CqRf_7=D-Ue}n?{u}U#AO?b#F%~8TOKD2&EGSazBqYOR`bT9PI%Jd=voB~r zC)Ej|Q8@>qJ+&C$0WB`4yFv8)Q5U0uF4f!dJ1(G1-&ceC&}}MWkv*u*TZ|5RhKFS6 zYsFV(+~D-9eqnX!Hoet==-I_&oGh&@YbtH=Q$nr%){p)OtAPbi+B-==;km<+%8D;- z5X+S$o0gU%BNDq${?uPj~nK#m73NLqUu&``XKT6PxsHsu# z^)}jZ)5iC466T84*=w0c|NgR>@}w%9F7J_yfn}ZMh{U4%Br}k%Sr~DRqFlQHa=2vP zGo)P=qK)at!m8&{e$F#^8UKP1*~UB`nkam1LMMr`Dlw-8+O+>;b~TG3crl*sj1D%p zbO@=XZKC0`{y2{y73@~G%TLxJUk}aWa9`+E8fV;e3oo(AQQ|hRx}@F@#IqzwbEb}t zHXybNxg@nsJpZThVkHeKM+(=BXb&C3|1NQrBZw8_Rb*;cO80YFEu!steZv06gIXeX zUHU2#tk(#k*D(;>dwqcqOezj7Zss1%L+6gc5~vi+(5sOEfJ%D1kBe@=yF$z)zyhi( z4~}`^8(fS6xw`dBhw5*iF|-t|q%&%=O^BnVF@W5kgB}LJ@K`Wdpj%V`Ps@6Vyg1R( zEFHu8;d0kx%C>g3#dO2lgJ1q}Km&gHNf3n`g@TY)Hogx{0DsMhJ(cb!3pM;e(=*UY zF*Ns4*#NA>c}D4Ln$Uqm=~KUdiu!drXMiL$wTJgWHp1-I&>4Cxb%~I$vPol!|1uuN z4nhjp>jIP-2rZI(gy$4+BINwAr`^j2$a07BtrpTIg+-{1s*)D%RBF+nnr;(wGw5np>p5;3ZDj@)0rm8SK{ zN$DAMr%PNgC*Jp2Q`q!#z1Z1^`Y&sw%AKa?v4qU9aP+Cp>cy{bH3%_>+*#6U{yoDF zks-MVG1@F>r^S)QtaOF@Ow}A2t~Y_uC7rXTpCM;Izt|5n11N}wdn4MV`f0iNAs-W$ zdNryeo&Rq>Q&cNqZe)YRB?e8^J?ng7uuN=5U39=j`L9L%0Q>tQT0l(6&(MVRzw~(l z_80t^)tBBR1)Qg}5d`HS9#bH(4UNam+3u`B$6EOGf_5s@zudy&u-AYgy#f!_IugaE=6iDmxXgT3Qn4x>SE9(C8|lLm7O8KmZp5Hz1|&556M zYy5gi6hXoDj({&ZceGpJeO93(6R6Pj&Vv|4*BmJ=@s-Ojfirv>afS<-#tPS=_Pu~n zjTxESo&!Ns>KkV#xyd?vYJw#hZ@?0=Af(XO=8XJQxMF&Og^d2CU*p<)UdcaduO=Ti|PVD04*op&0hE+qFI zKIyx-ocs>Nm^mWUWe;I;#!>s}6}1uvqK{Ka<=486LQZP)`b=!Yi1nQB<&V<}1{j$i zU@U^7Tg{V-2z<@OMfU^nxR2}Nn;$)&+0Rw4(I;%3?^sW{nzstL%NY_rAyk9_lf%}} z?-xcm<_17)@|G>u+7$!oqYzq^tjOLlb#afqPz&2P+^=M#%FVt;N)w{M75`- z9Ldx#1!I+zRjA{zcA=5*!#$myU^bQ(1O(4S*A(5N{~l5d9Sy`|ne@D_!7vskNK$$N9Qi)h8=le!Qt1t?w!c-eYe1T7) zg9ka5^n&t&kiHp1!gM4eVD8;;W}|mB6yJ>o6Zc4H#-MAyw@WB@0N+-&F1z3PpLt=- z4#L}K{fKGYYlbPizsn)M)JmDLYZItfr8?${1lU0<@Dvz@*zaw0Z5IVmx% z+u+oqYx-tXVt`oYo6z9ZaKR{1_yKTXY+R{eL?AxvKG)*oV7BQdt*=}m()Rl2bIuf9 z*oExO3qLsxwmDgSNRnG&v|SGGQ6D2?mBw;4eljF`XWaPS_|UHbDD!kB-Tb+=6l_cFCu+-+_zu6)1Nf@_4w53unJDcd(8jjhw!2|U5 zz(=tLtY4?;4Ziyr!|d;8;1FVi^Of^&0+XQ}ALW6x$(B4_r8tl?wbrwx9IRU0UrFMi z;dU|}xd5m2%wNU561Zv7Pn^3Cqf9Z8vX4-MjyVs2lr)=suQBe|KTq5jymrQwP{OB& z1pJ{scvulw%)x5n7pmpH2IC)pMChZX3ije9J4jb0EUT&*W`o^=%{~%_5-PU3n9GuP z2!UI)#F2C3s!|!51^ek0(3XC#wXaF6xdG_iC@0GRsb8-{lY~WmI*Qca64DF zcR8JVj7Mh=J))S3kN!cyEyn8Ch@He$(bU;3R~@?KXQHyru`i|tTmwYU!wXc^rAz|e zS=dMfUr%=2xKOtIlU&&|1+I_~mw4VV)voxbS2C(zqR&FDv^hcMlY(=)5=J5Q%C&QK zpL))j7rvN2W_}#|#fgZa-!NZaBgzHnBCS0lIHalrfS^5-Ma{xB%RqDmA43U2{Mat4 z`UM&u3YMNMFux~L>E8Mv4+7z(2hB?Rh4W3FIyDkH6woOuBUSTn{pqz>Go5YV~29EKAkA801Z=Ptur>Sn%cPlLA88C zza=#)@||^rjTCF@Z095BkGHV9PVXX=7c;ezk+_~TQ6L`Q-F6x=xe{U=j_g*@B$EqX z|I?vk6PR=2Sso?=@d$$`cwPJwMWL_gJ17SUMx(DoeIzbicM3fI%zS@tfTl*zWYR&Q zD13}(wf}XA%(JrRQ6Z;w&3lK5ui*qTR}kiey$Kq|s~N7IV+=wl6JSykXt8cQ`7Bf< zIy`YytDk?FZAMp~ElWK4ZZ1A@xP%sOufP^6*mo2z`zW`Zwm8p(+R+s|8#pn{c-V5> zOcVi*OUsjCyqo^xRIBe%#+2eUcsm51A04h-m(a4>c0c1ilD>Ck3s1-HLemabVot1E zs&1VE{Yx%y8RtJp65oyjnbSSlqhO!a#jnwxVc{*CTgXJR#=E`Vs9rzn*VsfU39Q9y zm64tv-43gv*h}ic#Qerpm>Wq5^U0q^%l9#ze1xl{63Q#b+O378T>14hv4f;&p=AFF?8wbTmA>aaoSMcKKU5)!F$;!zPT-f*w> zd<2?vOc|>wZpmx%uo(MCX~~TNn0d7^rPQ4(xJR!C2`R_X1XtOQuDzrDKUO z@ufFw8Vrx5YZ9F_0JGxRSXL;P!Tt_m?{ioUVQnAZvXHE)xGW7^B(_uFQS@^i8ZBqJ zmk}_%$wss4U)yS|Z@0xWR#$t)-yFcEB3)?chl zXmZM8CH`rI zju%k***%9dj>pKwJa*l=1w|>@oatwToN$Qdn9(KE5JrXp#A@6hxV0_S8VF&SZLh#n zTf8>X+9B;xw#sNR7F7So0R6*F>>Iotlfzw~%TE1oV>htHiYIACjez8eZSOFYPHU!% z6JT%FE)K zVn-A1!=9dlRnU*~4@I4_`GT+rv!+~`-(y>eaAtwFj28T!GdoD5r z01Hx5O~8s^Glney6A!qvK?@^MH(exRNBMU)@*laHp!@AEG}X4LE=%-W2HqxpvjJzu zu(*bn&bFJ}nY{p7F)mk5U~&s)j-?ZcOBLmdbu(k^fJOvc?lt#Jlq|O>$0-sosng(%-W>T zYnKg;RNyqUK8wL5PTElaeyH*sF4!}~hB?Z*a^Bw`Y0UCVP)jq%Q}|dshCAn*)wq>* z@;5AlC#BgD-DGFL@C6mts(DMWkl+9fS2-N+u~f07N;XpY1EsV19K3lCtSqN8ypP4A z0`z2^b5~0O#Z0q;%H*Z$M(^>>Jx+jm@e~bnGmNx0oE6qh(2ZtN?X~=n;vym?%|1xK z`~9>3p9NqjXTt5(xDuCC-+WYM<7Z+x;a4E6RY&q0*nEC{uR~3@H~U{8Qw_%9BYHQc z%DZGX>FU8$ARZr0X^}OhN>5VmL7 zKZUHhCka1t6v0rnwgw3ny`J)d{?JPcMhmP_!(R8J^rvvtu=#;F_Lte9IO!gK%k@1T zxU=deuFSu-EZ%|c2QA<|ao^IM>82@ul4InMh6V{*yqxcwbI&3)(Pe!aZLD01dI6`A z@V@-g{y+$mL`qfUuuAy_4WnX+WMa*e3dl-*XF2O{1shzOs^@L~IXGgr>oI$O{&)Lq z2&A`V$h)jU*NmB-M6Qz`?!L2miz(`z%xglNo)V1ZGYfrh zoGa;PBD0YW+og}3QjDdTb|@CHe|z09hyi-1C5#nlJ8pu`RSJJCEg)Bj59ClaWE9?h ze?-->)#&d`eaO)7-ADcQR2y}Cy4WO}$t+m%a48Cxxjcq*$fI^yrZ*(yVB)AmyghQg zF!mJk&?#ek*k=6+bPxCv5Kn2%KR>;-fwHA6x~$HW^U2y(kWeLFK1}2M+B3h3v-fJ5 zBx)k!FRO}0fu*7HU+fCPmgiMV3iKY-pVLkSc>PIRo+~fNp2IkOVR65J?a?KrrbS?k zr5k0P!t9%Jk>dIOF6SqkKgk|CdMMiGgHd1iM-cL<`*AI}z)X4RSHGAJ=3UaJpLCciGVelS>4$p#AFdjtquUYD<<3rDO3zrE)a~Y ztO-gr7AGU#^Zy=6I+P}KkiqicuAHt~-{axX?pZZn;#M@jmdiv!qsK~n8t||_Ia+h@ z>Bd*Go*Qv0E4`nDk_?_2V517oS0taOZ!tM#JN$W6Q(g1EKYWw1Piq(cS2jLUWdS7i zaGhjr8piUg_G($uGIOQljeJZjHX@h#9n`aj~+v{w7TusBN|1iqxYrtq2vAX@Uy6}fNJGIJ}|5AB0 z|3EYYJ^k~fi<9!!o^Xqsd-meV(V$|H4_T6YZ_K)YTZh5m*lda0dpm!JFIlsVk+GPa zvY8wPQUS8|YxVA(g$CB_lOx}Olor7j8t%eFwv=`>H4cS?)f4KnRbY}yK`^Ana}{$H zbci|{I=UovH-=c(RC5uUNyiqx{XpPpPcvKUt@J0)h~d=t+tCqE#eXd9y8NZ9H4sfd zsd{A>kOWmfeq?=`!fDf(c+4C7GTX(Fp7~8Ps3~XN%Hlx6F!{Yo@2FJk$A8@eI}9o8 z-Ooc`SxZt*Z-Z`2;TJh-p;CEyYbVMKqK}-SJmjlmk=2Rq3D5_7b(6KxurW|=wogEQ2^?cZ@jWBDBn?*TlDlGE_}tV50)YcxV+JTpr#k~1Mu0YB1E)nAi?BhaVb^xwPS3W)mYJ=0nJno3E)genFDr7CI)WF7-SbYl zZzwOFmbi7X=Mj{9t;#Y`@b72&>^9kJ1GPWAg>OOnjctulC$UYAp+NAMTX7Ee+0oGw zy+@$AOYl#XyorPaz9bQdSy4(Hfk2rfm^*UT%ZL;#S6fg2g;X+(HDj226-bM$`zjv? z=OOWVsibcClE_$Yc%Ey25H_}8N7drjRr)c62uoaDni%zwrRiT8sMbuR&s}P60($o= zI36xtrvumw^X57AD3v7<#s}7Q1AIm#dc|&8{_y26el>DTRXLScNr?9+w*gLvdeK-X z2q5DtT=G9=oPnlsxAk>?&H|D^TYMW%_Bw9ir%F5Fi@)qH!{QG8r{4Ya5rVHS zAngKQ`>PW^GVeuAd|Ixkn)G4XY(WV|49Vm~W*@8zGq%k2EMk^1>w6YuU7y zEX6siF~;*pcp_@b=f2{_XFVwr!$;P3YfK5Z2_2rLVbSJ8Tn(pwD?5Q+`r2g3JM?B? zwGc)nMV5fs<&S6H<{+`~tl5sJKBDtSrz6B-BMHI|37E`1b%3_ss)g22usT@}t@$j- zu_kHe`e1Qq!sPRKRsTB;HJaMKH05Fja-n z3A?)IESSqQ$kMcUbKp(87_(%BKU;j>N_h|&_ByYhKkWJxHJ$8g;c`RhhM#Ak{3!xy zRZjLD*=k{tQXxUqllzm-rI7IgA!Tr3bV(yQgq`sbnWWXe#Y8KEBFnq4+XIo$aIV#6 zEaWIND!TE|!2qWg`j3lGr#7#brM=bD`pYIJVQn#MmN#J8#EW zG41T{1C?$LUtMyf^-lYklqg0!t-Z?>*TeysQjT04MzD>SIzMThe?;wy(Ge%VIgI8) zxB*#q&1qRNu~D%|eeSc8vptp+Yg>0} zj^9`>N1v^wBo7?rN7y7fn2Qtf%?dnd7~=kFJ;>hec=q36hG0qjQCQtPJ+)cQX5{;o{eNtV`X7fA@s>o)xP=n|561JAAK59J~3=Yk;9C$ zAnpy63-)s*`wZwbuPs&Sd3&v7MI=vDOu7sn_Egb#V8TD!TFA|B{LQImAzZf(h_T{; zW@>5H_VHiMjUBJxNk=FfUl?WT;zsFy*c~q&NMiZHHvB!FESfMi!#)4$%y$-Azti`l zJ4M7w{5nUg_ItrY9ibS6iNMv~ze=(ii>}uwRkX-3^gXI>VxhbGSdm=NF5zC&Z83(; zU-iEB!30o2;E@sY}NkMbp(&LS)lmzH9 zTP4X=$<;JR@+IkI(2^F{80nB<=LQ9>j#yW5=WN*1A2etWa94?Y>kK&31D|T>kWS>x zyc7>|-!-$Z+mR_}Pmy>M9xuRlX7$9+pAOPq2~u1zBo~I~66g~z`4h`|yX2^2fyrkw z;1YgPNYI5?0BdmWDG*nf0Vx5p52XnZoHxvg#+}&RflVv@TMI`=k#H!U8O-ToVz@D+va~T|9{xkW8|FQvxGM;!H-Ftl&-A4 zMI3i`^IoBX={G~uJ%_A4-10)Rk&KZ)Tsp{_((-z;I%Hqw zh@3~2MM)v!QJT>mSpf-kF zKq(i&-~9VxmkT^Xo@sF3dbmp2>s{T-O(J1=mTKm`9ZKODb9Rhjg~jP)Jyt{=>K$kR zQ9+WEInze}W#9Ob8|>O7FOCoO3?)+^P}O`Eb=%M@Y_&@h9y`P8D6*A@l&sr{JJZ?Y z)G<02tS}-w_URT>G!i25~oOHkj}(5 zJmFZ?@o)e{g``)XyGXcZJJawsC-YWzVdnl)YtS zlU<06%82Yxws?-S?)(1T-OuxSdR>3$b#aaJ{Ep*$9G~O;NjH0?aB;djSm)AQQscecS%d8uL@R;};gitQM$`h6vwO9Id2DJeDbdQc!Bw#)2?rx4P(ohe>;!EO}3!Hls8Rf6QMI=kod z%C-p>RjbCtJq}(bBYxbu-jIeu>184`r6_Wv!_sTKxx|MGefsvI z9G<&4o9DYGItmF=^RX^H8?;9ZBR~45vA-@7!faht^X601l3_>2>{!RgclP;<>~WsjrN0Aoo7$J@E9ny zYF_b>iWSVe{rqM(bF%KxQwKJlhmn@y42DCWx)d2inEB}P@EQ1zhKvi0Ruye4z0jGJ z-%4e3XmRJx22$&Xepbj|(?sT3qK35CZXiVp8;e(>QHhAt?XpX=l}~ z0tQuHQ-YxAl!E+4hn!J08X7W=9>MD;mb0JsS`xKc`6Qn8#ay`v$#oUpdg&z`?7MM| zI}^Q4k937y*B_s$k>wJP)p~_RU)$o)z}m=JxnBQGM62v37@1ykb{<+;uK0T-!jUYo8CsIR7!z^0VfE0D z3wLwHkdd-ko$%U8zRN|C#*eyr!5K$!>CR8S&lT$=Dk3}|UHk7f3t9n8T`Y%=827+u zC+C68T}@KeA&d~gH%o;k9m~`LLOrx^AH{H9nllPZKjXZHMROBZfn~jJ z${s83nO7_1F5;1W8 z$Zp$C4pgwB&W_yhAO))l@t~6STmK?OJQszP}L~Fa&CK>(AE!Ml7wI4$@K8c6zezezP z$f>-0`+vKjHp?j~g%k-EYjTHd=qpHQ@I~+q*lQ-Wbit6s~ z5fQHTWWUbC62I8DLqi>A2LA3ppU`Um`2K8dmE3tTCG2HF3|6q%%m7um&jB8>^QM&F z;kA4Im}SA-QVfy)`og`X#DAY=A+pGxz-j;)uw4h(*A6#WYwl4T;^9{1R0IhMb^5)V z4dH*}ys4{z8?MhL(lT@?=iBL>pvu&0j#U#jC(m0MZ&Iq6Dm8pK@^#{Zs=Dc;Q{v)i zm$`}U+S_TW{GQC{#c84j(jG$={M>!jW~%o24$X$WHl?PyyU|sZYW}mq#N_dvmG?h? zI_%w7CTGm^McL*w>7MRmb&xg@wi9_L@LH`a=O?0&`~8p*LpLGt1?Aq6^%gT>+YSGu zN>!?G9x9CS*p$x~*4Dc}kgt43ILw*1B7>fs=l-a{Ca#ipg-r;w=zQ|qi+n;1a*N~@ zPm>)_tm^BqNbihGJIwe?xm$*@eNWBH`GM9Y$8F+gP zRrH^)4wehN%|h`so*pwxFM*_5m1Q3vTcfsxumEt?O;wT6%{Y!qj)?jy`7k%()QqwGXCZV-!D$>q9r zIxq{7*sCxf)<1P7v}iL7#?5907i1mH4cBVIIaAW?utWCxerD;D8HaR0bCwO7ofXp$`Rjw`?|F- zN)*~Q$!5QBn52|vtCCgTd!1-u4FInS!e$$CJ-3_^G6i3 z#+A_iBIW}a6JcX&GjIcr5O;f*qt;nF)Vm_4dsu2zk^ZYA9uh%ilWMCz_8R|CX3VL% z#etgozGxO)>fk8Bm1mkOepI2^hB#Vdn& zvB>&<9Our2=;2GU5ReUfxSlslSE@zIk=Edy8T3Q*w+v-EknBD*_Qqs}xOUP+vBg z$cru8(Z%_eJMW8|jy>*P;<nYYB3 z@P(I)y=t% z-X&u4CT1y(QKsy-!_Tkdgf{LeT>(n+4mXkVXg+)GWxKb4P0uwM*jCAg_T}hw^(QMnXk)hkp z_>g|>{_JtDJ1UGhb+K2}?sA$bmu^fov}^`Dnb{5DV_!RRQalXkWj6CNyZ5r&zdKU( z4V5XNj=VFpQb9j(u&OH8J6U+UMM;VEv7IKC14jOb)$0|}Qq;e(rN~+!@f~}5w)=y? z7dGxG{!RboPmT5cKnv@1m1AvK|D zU}}yLE*D(=ljEP9tO28N{AgIavV+?iw1L&u5kDu1MQ^0HGj`;yzGeT~2UoVMJ^ z*ZyWST(%s&bMA%w&Q0$tY1f;8j+YmNjn+iBNS&l!oc^iNGx>Qz$J-BG3jjo&czah{J_B-8f7;z(rw?FH-B& z`3>pt@Zib+#21`K+ZD-uKyGZ=8CNuqq0{3Iu!x+eR5tQv?odQREnOQ)jo1G|Ak*6! zwsIlkD?dQe8C@$p(&k#P`^^gOpHeSSJz?I{_smgQrX{PmY*0m4aqx>=|9f>yWF(AR zVP?q5sK4|H`jopzUfhn4d05i2jwHXtit#dUr#g4r3~2J*t4OO>P1C$-_Cu{3;`UWa z;cmvB*KRYxTKUsHRMMHM25cA%`}C*6r$QPoV(0Zu*FnjOxdmNUO@uFyR$iOpl>dFt zAB%>POD?Xx(@d+9?K#t5AKVDnLabae>|T-mwK4qK9!PIKghL1$OF|gOJalkX*WVZ& zYXz*c83UI;i;&4`aLkVlVA@tf7l50~V6EuoCk$M{Tr9#O>wbAL1|y}}N_C1$kWyLe zB07ZhrO^}FDKdvU4NxJDvUwVJLexB;%*`$JWV-JaOTG8o9fe@I9=-0j8pSiJQ^R`> zXOk6on>sPm9Vv3wGt3pEM48rO@LnQFgk;aq-v1@{V0(D$hR*7hV12>UT`uA4E7E0a z3{$K;hzAA}N{obiEP`g&hD~Sjx|JJD(Brog0$KA2*+UtLm!-^Su~sJOH!TyEaJun0 zHQ7a_MS7x4JkT?)IrA#m#_;+^$Gpk3` z6y0qlmiKN^bN3iUaGJ3OkIc+rBFIc+9sl*P5Ia?9j}mxMGRiYo4i|AW{`0L?oYbqf zX)IS5!m#Dl9OVn^m4=!fv8wWLV?k@y1)zOP2EGP%k06`jv@r;cy(p!$@U3i;r7jh( z@}v_T#r~9u-E_p^|1R~`k`^QX@gdjO*D2UiL*klNJ{!4#l9Sc8z2mfNihm_K;DDjc zf2!PI)>OvOiNjw`&TUa<;ze&VmnRFQ@QcP9qD@vr%cqQT7~2+L4>kb8)QzeKMK2E} z4Lz;+gHfXE=(^zp8oJ}@+=l-2D9rFlL!o)#In+SUkAKV%7Pii!3D}1)2q3a;CyMME5@y_j& zk>4J6zsHkb6IRUApf4AZWB|gBWlgPuqxz&j?qv%SmYY`^s#Jdz*DYV-D%u`PN<8_| zL9Xw{qNozS08_<6bH9^Qew9Euj-UQ25_SgBR*i zHUJ!K6&&?O^yfd-?2MITy(u3nA9x=9+q~uP1RVV8N- zgrNQxEBt;=ZRf$cf3Hx#wk}*0NMA5A)oJ7Y4r~98Z%LKM4?$bVcZE9s>Xk;jx+o=M z<|Bz22a}0P%cu#(+cnlBH~*;^{`0z5AQ)2MDy$q*xN7r(`&$p#5op^dgKnv+&m}|H z^|D*NQ6X&0=95Tz2cT9KE&WxN!<}&c5<&bf3cU|^Fz!D;|4*h7z9{m@etahU+3Kx* zZ(ztQ}qf7uju+5uZ z^@bbT*nI8c2Z(tmRp?j)+mtQ=$0l=QC z{ztw6!M4k_)99ZuwM8#}w7_^uYlb#7`Whu4NnV@*N%7r6F;;)zEJfdg)5v)J=*fRR z?ValnH$}?wC2&_r|U2F$K42o$OyqWT~Xu9dJxbR<;qk+X7= z{Cj%&U1ENC%L1s8_NVbR#2StV#814&D7n#<)2|jOcQ4gX;Wx zCS{RLt^JcwPDsKyN0Y(@&0aMuwjC?Jx4<4(%K_EyY7jn{B+ZBK_IjmmpSpct+k$KC z_3+B#zw&p#7TawigrBvu=glf(7@S$u3snq#i(5k%f( z^*|Z7M?7j^2u!Ye&|M^dem}q4&K)>z6HsTm51h8}nW0xxj=k=yy6QXj>DOnZmK1U2 zHBkS#(~NJ`(c9N!Tj;$5`;NXWUT~O$4(ux#$L~hG)#qGHZ|xXKnDn*oL(@>LhVp1{ zN_Nnh%O)RD@dJRVSSc}V3mylgd`88Q6o0FF)?cgn-_!PGJQ{-@DiC!jb~)1x2l0x~ z%OYq~A5nZ+v8%jtM=PQ6oWRsus4H2z&Y^N}B;!ZwnH+G$DuFEf>O|aa!=N7W`L+;e z>^x*Hk(zM+4omEAZGA20=Q7R}*)Y4TP0`DPdR&*s z{(I%th_frHyLIx{qJ&w-Ph2N$1qk@51?+U!=rp4<$Iiv{mPzrD#d^m}$SH6U283j- zg1M1J%I%Zw5?@me*92t)%GZ?$)b=M}>mJNU7Cugpk+45(KM;Vm_5BhR1}Pkb@1{e& zoUa$`6^s$0BPXU`*9zTmLHSg9ph~KI+R&{}~!uSOx~}a7vES z9#4>F4>^L;+H0;)2v@yL8=S8S2<{HRr|S|sSY*2Y4J6uCh#d78U^xQMm(JFF1o7$` zm?rRSJ&w8lEJck>V8F;l)ApBcnFo7%K{=`)IbWpoCslGDc(t7q_<%&j0Dfg#dTo`n z35#+wGNqTS$`@9I9cECct;5PF_oKCXfA96nED{}Pq(~LLXM^JUep}rQV)9O`CGOG# zotMS;duKbf?u8V7f@$=HvDtu9d>c7a-8|Q;yRx7oD|^o_0ohl6Li5H|=z-nq(}ZRP z8$@{1`fR_tXvC59IgFG+>j%(Nup{%W6DXjTz_#EudNk8^Y|qx!=mjhGcJ@Z+dcsv! zyhHGC5Hz2ClFlU33`-o>quh&ThT#9Qvk;mto7#Q~mGnGEkdx;Fbe6o#x~;p;&WWTr z23h&|6rPlLwVrx){>lm_uyyAMy}mjcGNeaMCUkb?MZ9;?kJxi-qF(cm!>-ekHw4*m- z>tVlIgB_+C#CO8O?GO*b8Xj7;FcVVVyjgm=9QgeoAW*hJeR}z{`Jt0$Rs$@~!RbU= zIZz3)L8_-+k&o!bKfR$)7Rt6FJ_zF-G&$8Hz&EgsU3~j7`&6o+itcCRNPu{?y&i`P zzZzMKzu(9NdwsP|NNRTM@5u7#5gImK*%xFB_90jp_l8kC3C%@XPT_PnPy#pajWfRO z!Hz*K0ZybGvNjX2|9!Nf>T@%^H+?ZIF-G#L?VO9;!pF*NnyaYsRL6?3`-_J^4)ClV zU0cq-7Or=2xc4f?r^A`r!~AX3RzxHPPwPdM%++Osc##?*H_R=j(-{ zTJsu`6BZ(J98&pasFO1jykWsQft7K4g}*r2hwJG8dw{>xsI+|NL zVCA*@1mS%mI~!hQnKpxF55*Ck+qB=hw!GP8(u&G#H^V67>?u&3F$LHgd+kwr<*MJh zn?Qkf=CWmuC@=n;n19?m_k@&m5^Xk)$oJIJIv*yQL8CNshQ>{s@nb+FvA~8Vt zQDbjiHljjn-OqRwZ!Slzuy!e1G6b%~uHI*LvgzIKbv}R3^p-5!R>WKSi3u32IMMPy z&Q%=SAJ-nM9syBb`Q+SXfEkFTq76Q~dC6o=_T*Pf^D z!U}$OrLy4@>iPB)tBnjy#?xYE>`1{qimCZw2A&4qm9GFLxwg$gJ*M`tYWVbh4th=E z(lft$@+kt+S&}%HZPYFYNi0_Kh8$8ATeBLm=HeX<2iz)*Wxdicr_quvbjjA)b8E~O z&!)^H+otRr(!Dqr-Eu*&8ZlO-VAeYRd~)b3mZG9#tQrb#7Mgc??XlZE!tzR0!$!#y z6jCm*o{A+eH1My-B4Z&H-5GS3nqd~!^mc?sH61{Hil&qIsXnQ_G4ypop;{(7PLPM0 z-@Bg$CCSi6(IsZkjK<{@uqCalMH)?%hnNRcfK5^-r&fCcQ8L!&+WULly$X@EWOb0W ztRM0(FfyT@?DOfm7M8t{D_5axBT(FXBC;A*)~=21YsI}8=??+vMz#yruy!d<75Ugn_;jFRV>RdHd~tn>Le`>}}8Hv15l<)wFo3&c;noq>KlygwL1mL0R3)y@6~A zx2vzrzR`ZlFpgm#$k)7+m=QU?_@iwo%}Q@tAA**kE7~znEFU z?0x<%d4;jo^PrrNd*3;HqDVYj6wjTS9>^Ul%irZ4$8+85wWB_Me1v>Tq^-Je zhqe$(-pQvWO|$SK-`a?me-efH(Az>EH*Tc5ef$Wm%t^B^bSx~DJl7OO`+bQ8Do4upU8%&OVk{rB1_WU;$ezMa;t1( z=w#Qb=O52*rMsL`?rIpqmm(&OX2&`FLW6|CJIGOD#XizB&sNMyq}D?=tc(7HYt(ZJ z^DC>EV#NFE2_#JNvtoW&AVNpRGyVZi+vd>1^Vl;}-8w6MxFqfFPMXukgvJ?dc0YsI ztyAncB0-X)hmxBOpd>mvnAL9n$U}Eqm%M{%OlVq=@qU6#0;)K* z@=CjSS+>Ki&VhlH zmab#-G#%dAF|v0De_YKwp!w)OqxYsP;U&G*FAL`$$%ltr#@Ly2N_9MJ{oi>-{WPO} z5i^CvrXe^r_?!mBqd1UPA=)pt}ozhfr}4V)XJ-gNyD;FQWfP?F>HkT+09@NloJ znO|1*St`v1;d!XjtZB&@ot(=6qdz(JWHl%q((SE|MOQ+DxrvKb_&2YX%J5NVif6bdVjjv zPb_wf_>qve5`R`Uvo|*)p}YxAduzxLKQ!AlEtT?*r@(qwcog5d7_POkBkN7iv=s_NDhOU&L%F54*#) z(|vcZNnDd6_mCckt%uETq2UQ}yj~Me);PU)R~os|>2r#-J=8b^;ZhUIJoWd&%Z;P1 zmqp>QXvmV*OC?siHPn7HB5K>_#lfLg@O^+8)jRyn=20*AS20cp>WhMlxFlGQjf?rq z8)tW@D2-yj=yInvZ!4yQTTUW-R$2clc0{en&**w?4XNV0qzga9R2SyTWLG!?67tob zPg<^;!(|Qmj5M$}IZWhnp*FfT&Qedl9{sg4TcMhtl6|5au%I?)0#}7-X6;4C zZJ|pB4jam0m~{B8NnRnIY*JP~V}3Bt8KpJ)RzLSfRR_&ujS(#$6LHCs^~BV6aO!FD zmhBNLhB=d5uJwFEQ+`h4nwv~#S(av?eMU!7;#}JuVmj6#))tZJHzuhnM)by>h2*<_ z&iKq27*Qdn95{mxe1;E)GF0ApglDhbl6q*&@S3pZcJYgpwaA~(cl)m%(I0l4Xr7r- zIXjxd^Bn=Ud}#l0ceIymK=g7GgHU)DOMA+3?LCAAN0sY$2|Wo`*;BI`Sv zK_p!XIl1(c%c^fvv9RRLbcwn|vBH{iZLFCUgvbU!J@)P}ka4goia&WJD~z1fVs!4Y zksp&ZySMQW6D|3o@IjOK=H8re#N6v!9NmuLrg1)w9HsLg?9DsYw12e`a)zM|iuUv% zrp7*+kt`_|QJWi_OPbWz$k;s35e@A!zE!|7xMT1(WSgC{Hp8(0O?13M35htLfvlf& zPA?1IgD_=W%JZVn2$<2B&vb-P^PRTgkihc~TgmMQqpo+D(+=6ayP8cDg}D+rBC)He zB=k2m_lZjhA9YAj%RFik=JTvnp)t@djWqp!Vf^eUAICKj3Dqm(uIidYlU;)wy3h?E zO2#f45n9d-b*P$YBGiBZ&1j|K3ydk;vbtHl8b}GdZwQ8Sqmvvwde2gaQU3UXlP+o4 zBWd|S?5|PA1>YWLOE`W~6&%uNW)8r>JqUmSN7E0AXj+Z|Dyr-I9g>|*< zhfTKoY}{l-BW<7%j!? z*1fuT%R;E@SJO(qGy0~Gq|jp|X`nAMoFXXQJx4i7QIe_sHFn(>M7}9vdrXb8iN0pC z=bctT!+S60eNGR-jgKUL8q#R45`_-$67g3~XXUDO7lk=fh~zeZA+}rA^ihRejB1No z8=6>=*ZDfmm3IOY60s3Hfl=dPV|A6OVrMz7XgV9HXU%im)!}F}jm4zZQW(Z|+$z#v zo`1|fU>kW(dViXNy5~t+fqtxbxO#)0V^MM=9=UAXRE+oeVpfgqS8=UbD-lkQ2hOJ3 zC116CWPQc^cxYv0H`OVSSk{*@{l`InBmR)>(ywf6LO5EL`DP_n9(j+MsPWXpJbZ!+ zJH1~RGRfmvRCW%p#&;_%o?j8Vcgdv^$$iu(69-K>2y;GrQ+`(|%?irG*#_w2IJ(tR zt<9-6ncLV&5znxC44ndB%it@aYE&)vBf3dgf`uz z>eZdO6CN#vBk?g$FKb$!#bVAxK7h z-4MFa&v(jO|As#N{R+w?h$DCrn4asc`~ckcizVY*UvZhBD9L?O`(IUf2&k>n(DHEd z+pa-fQ3piOc|YF&80RSb&M7-?eY5{rtEwgE|C9qzN6Wv5zO=aoB%dz|`e2NsyW|O{ zChOhik?##>ti&XHA&I<%>AIK`G6B{?>AMo!L4Tx6E6vd11km;%1lS53-jKF`j+A14 zRm7pbZu<=UDedlY=8K~9m#lJv8`VwkqrJ_l8~UQ)vD5aBHwg`m;FA1xN%eok41`D| zHROsU;2|S@AL{o};P_IERMo7Vge-nJAO7=q7VpkHQ%W@ofh^gB zF1h|XBqa{Ef`mxnuOHIG!$r9mRr1*jiK1q-2iq%m(|^3T{^LThlK27L?ES5sAqBdQ zZu7@w3wHu|V+%7rE=G58T+N5faUVjF!v*sT~YATh7 zL%1X3K+I@UN^0o*UeLk$cbe&+6gB*i9eXB8-^ZOAXjSj{Y>n6w)LEcU`n|i}2>YL( z?~14m@Gs%=w|^zH{~5#*>`aJl_at0rV~DgX5nts*TJP`pyWl%mQ_^%i0l-p2 z5Ieelr|K=MN@%1}t(5!YVnMqmI%K12&39om5rBNbj@^c-$n<1?&=^&KrJuX8&WnHcH`IXLfg;bDjc<|!Ble$F?fBF z+!m^yw<<&IfdpOudRXxKfkkn5kvarRRY=J)S(lT9jl7UT4$Lc>4i0nj?J-7?!*y(%vU@}{>7uP;P>a~eY zGGtoqW*N?-afDJusZi2D@S2zNe}48k?6;muRG>XTs_#IwtY`$N%vGxq)HVOJh~ID0 zq*pCgy#)3M(f(=Iv2(vj*4@Xj)tpvft*f>NZGRzM z|27ycCyN&i-Segq8dX@=Pb+FxkJq2lBJ(Hi91c$)<++$0CC) z4x8`{e`ad+A8!ty#qT8xEdI+XvDaAttK^76p4sfH{BxlWl?cK*LJB|bTPDBs2qOU# z<3$OL6GC^FU;Ob&D?QMmK%a#0adtq{Yo^(N+ zhaw8LzDM2}XLtTn<^xyLk| z0=4JY3|AY#1Mn3Z0a>jEHm`1IOtgyNtk%@+Z)&4;LJI7b!_QvnEa36=8Gt;hj`P)* zxYTV&?-Xc`vjsTNl~EPkLs&t^RzZRykWdMNwGRj$tKjIX_z91$6nN6#Lj*%bipiI& zw|dwQT>*s=A_~2^2vu?%eA?_(L^cEadAew-mtPhfh?4~<6Lfe|Gxo~KTnC(6 zRtgb6*GVWi*;yBs1$#p?HzgUhO{t`1LRWU#zZwO8?=#u&&iFgVpTX$Sm()@)1IydM zT>`Pa3&W$ZNM)XhViAG@R2(2UnOhi>j@It`D*8W34iv2K^I$m3RiUR^7Y9-g;Zy+V z#lv)AhCekhYXqHn%NR9ycbRFGE;GaT@g*jG(N~_G%`EAldca{ z-<_da9|JuDVut#NQ(6f^k2r7z^XtYE#J&3>)D?6flM5DJSLOXzEVkh093CLu?PmIw z@V@33Tgn%^-W&@K0227{szZl?-;a4jV8f>a2JmqPIZ6NrU0>_m4&TJr>LkLY?N_cxv8pZW9KzRi|Q zElhjI`5ly5>;a_&(9Qe6uL9wS+ot^RWER|`nbSN@@x_;hHmip!0BK^VzV_UzE>l-RexSpaSV7ZJeLiWM8l9*bhq;oH87pg(~xVeA2KDq<^B zd}bYJfn*%vqZQ^VcO@JGIIEBHj>+mxtNydjzn#SNk)+4E|;_LEAANA!xC+Ou1=9GCPFptJ7Cw5QUD ze`~U$+*COPHWLV%Kb(A2n)qeuH?PSrRw1S|*6JV1$8tDd4=zZer#Oakc+O`RdjA#s z|FxpxGClNnny`GXCC6(7(#(zAww^@WkKrL1jgOU5SUtv*8gy538e-2^s50cT;EtF70N zG8r#`9<|$lY-v`H(Zc(Y^TFj9D17jcHo`LALGog{nu1xo2j&BnN=mDv0%=U2DWXe? zVdg7d{#F>GgW4+b{n-nh=2nlaBbZ5!BF-Kk&C#FO*Yw=JDbx{Ps!Bn-tCql3X!YZK z4(bdug`U@@45GXe(ZcHr%nl{?-GiOxkmsP4##a!j8&6JN#8xIHu2U`d`yeul!Oj4X z8p(Tyf9%VCR4fu(aj@=wKF>@1VtOEKs1oq1wTY3D@wZe%Ri~x)(e)oWmj%Nub9d%2 zEIfe)kgA7jg>X`qhL%!1w}Y$B`PoNNsEoR*_!EC*me1#fQ&dfUnTpl+t*=}OIvZ3z zpr72Na$_~(5dRV*T?n<{%xow*!SxxLTeMe{iS4*ni!?jW?#tD-isc@G$fXkU{}a(7 zTXH2im;|H}dbOdl-Rms9OMEyMY`Vgeft@GhJd~c z{PSS@dmKS!%O+B$e}u_Ql(!1Iz<06EFFb`Is!#l!ZM=19D^jBuptZa=~QBWQs&0J>+6d_^yn VE9Jh*e2xbHStep 3: Get Role ID and Secret ID -Since the example created `jenkins` role which operates in pull mode, Vault will -generate the Secret ID. Similarly to tokens, you can set properties such as -usage-limit, TTLs and expirations on the secret IDs. +Since the example created a `jenkins` role which operates in pull mode, Vault +will generate the Secret ID. Similarly to tokens, you can set properties such as +usage-limit, TTLs, and expirations on the secret IDs. #### CLI command @@ -203,7 +216,7 @@ curl -X LIST -H "X-Vault-Token: $VAULT_TOKEN" $VAULT_ADDR/v1/auth/approle/role/j ### Step 4: Acquire token using Role ID & Secret ID To get a Vault token for the `jenkins` role, you need to pass the role ID and -secret ID you obtained previously. +secret ID you obtained previously to the client (in this case, Jenkins). #### CLI command @@ -240,13 +253,18 @@ $ cat jenkins.json $ curl -X POST -d @jenkins.json $VAULT_ADDR/v1/auth/approle/login | jq ``` +-> Once the client acquired the token, the future requests can be made using +that token. + ## Reference Content -To keep the Secret ID confidential, use [**response wrapping**](/docs/concepts/response-wrapping.html) so that the only -expected client can unwrap the Secret ID. +To keep the Secret ID confidential, use [**response +wrapping**](/docs/concepts/response-wrapping.html) so that the only expected +client can unwrap the Secret ID. -In the previous step, you executed the following command to retrieve the Secret ID: +In the previous step, you executed the following command to retrieve the Secret +ID: ```text vault write -f auth/approle/role/jenkins/secret-id diff --git a/website/source/guides/cubbyhole.html.md b/website/source/guides/cubbyhole.html.md new file mode 100644 index 000000000000..61299213b3f0 --- /dev/null +++ b/website/source/guides/cubbyhole.html.md @@ -0,0 +1,263 @@ +--- +layout: "guides" +page_title: "Cubbyhole Response Wrapping - Guides" +sidebar_current: "guides-cubbyhole" +description: |- + Vault provides a capability to wrap Vault response and store it in a + "cubbyhole" where the holder of the one-time use wrapping token can unwrap to + uncover the secret. +--- + +# Cubbyhole + +The term _cubbyhole_ comes from an Americnaism where you get a "locker" or "safe +place" to store your belongings or valuables. In Vault, cubbyhole is your +"locker". All secrets are namespaced under **your token**. If that token +expires or is revoked, all the secrets in its cubbyhole are revoked as well. + +It is not possible to reach into another token's cubbyhole even as the root +user. This is the key difference between the cubbyhole and the key/value secret +backend. The secrets in the key/value backends are accessible to any token for as +long as its policy allows it. + + +## Reference Material + +- [Cubbyhole](/docs/secrets/cubbyhole/index.html) +- [Response Wrapping](/docs/concepts/response-wrapping.html) + +## Estimated Time to Complete + +10 minutes + +## Challenge + +In order to tightly manage the secrets, you set the scope of who can do what +using the [Vault policy](/docs/concepts/policies.html) and attach that to +tokens, roles, entities, etc. + +How to securely distribute the initial token to a machine or app? + +## Solution + +Use Vault's **cubbyhole response wrapping** where the initial token is stored in +the cubbyhole backend. The wrapped secret can be unwrap using the single use +wrapping token. Even the user or the system created the initial token won't see +the original value. The wrapping token is short-lived and can be revoked just +like any other tokens so that the risk of unauthorized access can be minimized. + +## Prerequisites + +To perform the tasks described in this guide, you need to have a Vault +environment. You can follow the [Getting Started][getting-started] guide to +[install Vault][install-vault]. Alternatively, if you are familiar with +[Vagrant](https://www.vagrantup.com/), you can spin up a +[HashiStack](https://github.com/hashicorp/vault-guides/tree/master/provision/hashistack/vagrant) +virtual machine. + +Make sure that your Vault server has been [initialized and unsealed][initialize]. + +[getting-started]: /intro/getting-started/install.html +[install-vault]: /intro/getting-started/install.html +[initialize]: /intro/getting-started/deploy.html + +## Steps + +To distribute the initial token to an app using cubbyhole response wrapping, you +perform the following tasks: + +1. Create and wrap a token +2. Unwrap the secret + +### Step 1: Create and wrap a token + +When the response to `vault token-create` request is wrapped, Vault inserts the +generated token it into the cubbyhole of a single-use token, returning that +single-use wrapping token. Retrieving the secret requires an unwrap operation +against this wrapping token. + +#### CLI command + +```shell +vault token-create -policy= -wrap-ttl= +``` + +Where the `` is a numeric string indicating the TTL of the response. + +**Example:** + +```shell +vault token-create -policy=app-policy -wrap-ttl=60s + +Key Value +--- ----- +wrapping_token: 9ac59985-094f-a2de-aed8-bf688e436fbc +wrapping_token_ttl: 1m0s +wrapping_token_creation_time: 2018-01-10 00:47:54.970185208 +0000 UTC +wrapping_token_creation_path: auth/token/create +wrapped_accessor: 195763a9-3f26-1fcf-6a1a-ee0a11e76cb1 +``` + +#### API call using cURL + +Response wrapping is per-request and is triggered by providing to Vault the +desired TTL for a response-wrapping token for that request. This is set using +the **`X-Vault-Wrap-TTL`** header in the request and can be either an integer +number of seconds or a string duration. + +**Example:** + +```text +curl -X POST -H "X-Vault-Token: $VAULT_TOKEN" -H "X-Vault-Wrap-TTL: 60s" \ + -d '{"policies":["app-policy"]}' $VAULT_ADDR/v1/auth/token/create | jq + +{ + "request_id": "", + "lease_id": "", + "renewable": false, + "lease_duration": 0, + "data": null, + "wrap_info": { + "token": "e095129f-123a-4fef-c007-1f6a487cfa78", + "ttl": 60, + "creation_time": "2018-01-10T01:43:38.025351336Z", + "creation_path": "auth/token/create", + "wrapped_accessor": "44e8253c-65b4-1690-1bf1-7902a7a6b2aa" + }, + "warnings": null, + "auth": null +} +``` + +### Step 2: Unwrap the secret + +The client uses the wrapping token to unwrap the secret. + +**NOTE:** +If a client has been expecting delivery of a response-wrapping token and none +arrives, this may be due to an attacker intercepting the token and then +preventing it from traveling further. This should cause an alert to trigger an +immediate investigation. + +#### CLI command + +```text +vault unwrap +``` +Or + +```text +VAULT_TOKEN= vault unwrap +``` + +**Example:** + +```shell +$ vault unwrap 9ac59985-094f-a2de-aed8-bf688e436fbc + +Key Value +--- ----- +token 7bb915b2-8a44-48b0-a71d-72b590252016 +token_accessor 195763a9-3f26-1fcf-6a1a-ee0a11e76cb1 +token_duration 768h0m0s +token_renewable true +token_policies [app-policy default] +``` + +#### API call using cURL + +To enable the AppRole auth backend via API: + +```text +curl -X POST -H "X-Vault-Token: $WRAPPING_TOKEN" $VAULT_ADDR/v1/sys/wrapping/unwrap | jq + +{ + "request_id": "d704435d-c1cf-b8a3-52f6-ec50bc8246c4", + "lease_id": "", + "renewable": false, + "lease_duration": 0, + "data": null, + "wrap_info": null, + "warnings": null, + "auth": { + "client_token": "af5f7682-aa55-fa37-5039-ee116df56600", + "accessor": "19b5407e-b304-7cde-e946-54942325d3c1", + "policies": [ + "app-policy", + "default" + ], + "metadata": null, + "lease_duration": 2764800, + "renewable": true + } +} +``` + + +## Reference Content + +Similar to the key/value secret backend, the cubbyhole backend is mounted at the +**`cubbyhole/`** prefix by default. The secrets you store in the `cubbyhole/` path +are tied to your token and only accessible by you. + +To test the cubbyhole secret backend, perform the following steps. + +First, create `tester` policy which grants permissions on the path under `cubbyhole/private/` prefix. + +```text +$ vault policy-write tester tester.hcl + +$ cat tester.hcl +path "cubbyhole/private/*" { + capabilities = ["create", "read", "update", "delete", "list"] +} +``` + +Create a token attached to the `tester` policy, and then authenticate using the +token. + +```text +$ vault token-create -policy=tester +Key Value +--- ----- +token 2ba26888-b531-1626-3598-01ea4aa383bb +token_accessor 28cbd05c-31a3-0aaa-4dca-838a9aafe4cb +token_duration 768h0m0s +token_renewable true +token_policies [default tester] + +$ unset VAULT_TOKEN + +$ vault auth 2ba26888-b531-1626-3598-01ea4aa383bb +Successfully authenticated! You are now logged in. +token: 2ba26888-b531-1626-3598-01ea4aa383bb +token_duration: 2764651 +token_policies: [default tester] +``` + +You should be able to write secrets under `cubbyhole/private/` path, and read it +back. + +```text +$ vault write cubbyhole/private/access-token token="123456789abcdefg87654321" +Success! Data written to: cubbyhole/private/access-token + +$ vault read cubbyhole/private/access-token +Key Value +--- ----- +token 123456789abcdefg87654321 +``` + +Now, try to access the secret using the root token, you shouldn't be able to +read. + +```text +VAULT_TOKEN= vault read cubbyhole/private/access-token + +No value found at cubbyhole/private/access-token +``` + +Also, refer to [Cubbyhole Secret Backend HTTP API](/api/secret/cubbyhole/index.html). + + +## Next steps diff --git a/website/source/layouts/guides.erb b/website/source/layouts/guides.erb index 00ac032dafc5..51fd1d2b58eb 100644 --- a/website/source/layouts/guides.erb +++ b/website/source/layouts/guides.erb @@ -3,13 +3,16 @@

      > - Authentication + Authenticatication - AppRole > Securing Secrets + > + Cubbyhole Response Wrapping + > Production Hardening From 90442ef13925c4876c9b78f12458f8ee238403e7 Mon Sep 17 00:00:00 2001 From: Yoko Hyakuna Date: Wed, 10 Jan 2018 17:28:00 -0800 Subject: [PATCH 004/178] WIP - New Vault guides --- .../assets/images/vault-dynamic-secrets.png | Bin 0 -> 58337 bytes website/source/guides/dynamic-secrets.html.md | 299 ++++++++++++++++++ website/source/layouts/guides.erb | 4 + 3 files changed, 303 insertions(+) create mode 100644 website/source/assets/images/vault-dynamic-secrets.png create mode 100644 website/source/guides/dynamic-secrets.html.md diff --git a/website/source/assets/images/vault-dynamic-secrets.png b/website/source/assets/images/vault-dynamic-secrets.png new file mode 100644 index 0000000000000000000000000000000000000000..c169285053821e3a8d4c7b2f3b354b1e71371046 GIT binary patch literal 58337 zcmeFZWm{ugw*`p1yHh~n?hZv!NENQZ-QC^Y-6_0qcPF^JyIWzwU7Fk7&%N(Cx4VBq ze@U{RWbdrZHP_g4jxkok>Jq6A0o%bt2ksfC};(FbvhI*?1xQHm6Sp*hOv-4 zW~s4wJ zU+zDz{dpqj|K&UX{}cZ|gR|o(B!r*+&zQTJz)7dEfIA+Ji^$4ODlM5-sz&V)w4z4V2uY*0}Rq!}r&?vGnr=Kal|8o!TmW z>1<|v@zupxV6DjwH0RSH=iANd>ruk!>qg6;Q(RX2S16)ZyFHNVl~yw5&PQv8EPm9# z;`k1)#oq)yak?m$#iyUvxhpHedvWq}T(<$s{_jBHbxRngh1aX~m2c{D%*x#5(P;Fr z=MO~{*;(w@=f39Ui6LPU3CUIm7-6}rFe&&Ei#zxul$}b~t%0VuB@zio%EffAzgSdq znPK$YO7ph?M`KS@lsM0s@%F_J`j?)fH7~<^>g&0`IVyB((L7~!-ZKTg>IO(=ET4_| z87txcbNzfS)XOc(8sim)ev`HC6{NH-H%go47(0s>11Hd04)pjg?einRp0d{Mb&Jy6 z!U_TtlLAkOymWMY9qCmVX{BX%4^AT*=a3~t)i77p_COg2bnA;KqB15FbNH)5iIqsb z0rlB5u~#Tr?budaBlW(2``xy0YU|B*(GFw))A|$dT7y|yr|xDGKPN$%_vRx>I><@% zUohbh`y~!LQaII0B-+N-@LRAH-s779QTr7wgj6P2o0HXA9r~#&v0*HfyIPkS&SYwn zL}i;Zn!6CusS7D!FO~6kuw#r%$wCe9C@-P@QPCZb`vqGJJP-M2hkde>U0x#8tw8#js~X3>Rtgxn5zz2U+$HU!DJ;Kw`V#!k2d|& zl*%wE>CkppN++{51QYS+dqo?qf$N2G`#W)R25a}TI|8zn1k-T6i7bKXHc>~nRXp4x zUA|h>Q!dbV0}rm)1sr`DLJG27A~q-E=?e3MUazaADZRb>IXHMr1Xt>t-pBDELN%Zb zB)P#}T-jwEb99J|Mt+^?-(G=-_ErZA(nYJ);IE6*HLea4i6)f_ivtjU?G@C3?x^nP`<);BQgl8d=Mb44`Pd15x=5L{JTa7%vjk4dz#T*Mi@eWQ}rY=TS}nvcYA zNbrNLqMr5_y<#M(IMEs|e!A|soO0p@SgO@p(T)H^eG7ABQ)*Z|c_yzwQFQq(Y5k?@ z?2XuSeit&vB{baFi|&pm@fznV(RvSr0)exQ8iaOt9cLJEJ7!QISEWYx?p8|IN=X>h z=UV^A9UvP50ulx(m&BU zLzobb``D~!5~INxOYPId%3AoIZ&Fnx2g7siRE%qGaWD_&l3ZeYon>>g+6q5f?dO>o z!bSlV(wr8HUr|jpXVX?^T^*atoJrPsvVNbB|FkrhP$^fTwynOt-5||eXiy-|jLVCM z=3P}o=b$n&9RuKC`)ag^%1p_2$a-fk?DEJjWHgp`v4=-7Spj#+Mul5Vxd{6GTaJXAd;|F)7I86FiOwsfCD z;JB-<}Mi~H6eh46xOP00mf+1&1 z?s)+!!KYuSD@6|-S;F}}6joHpTQ;aI+>wxE><_{TQku^;?l%yAtNSta(pwa4)HgM0 zJX&(6!OK^+RHpAOi7)1|ZhWFVm4l=w!ukFC2+&KNQ`_=PvVIAqc*^{^%;U=8p5(II zk*jzwyZ`qsV2ZXB4jAB(y?=*JTY|;pHyr&> zl>V$#wrkPV>Wxs?7zC$z=1Fa^0~N{>1Wg#V$^dWNwL|^sJs2Hdv- zaVQkiWVd^BgU3OS+oHv2Z>?3TRX~4}6j7nf=}S(laM-2y3tE>C(`fyEMwTXccOW^qVc$6GvV#ClBChR_(8X!bB_mwTukJKCYKqXg zo5nXp`Xvj_ntemCkYAlds_(aiijCRJHB!Qhfv|luonpjJXDir0Sz&A6E;%_#jm7n^ zRv}9kI=Ejq80K37P>*t9mhJXw+JpD6&X9)=2Y}yQ^+~xd)>YyP`^)|P9p=dpx9R}l zNNeBD;Dq}-9`tW|bL{u#O|oMfYwoKeuDfEEy&1k&?oD@DhjFk3M+T#FSuHI2-mjbg z$!I5MsbOn?>EC0g6%f}qD+wk$bxgW34^gSuusa(@_gbaLQ-}|3G2WJbG+{8Y4pEp> z)dw+|3_HGQ1k%|(lt#J8ARKCKy@hOq>`qUrl$@D_-`hs@=ZV6ydY?r~MlXk6>3&3P z+mLQ==e;evZlh88tiuu(`9$8eS05vONac{fen@Q>s{b2#NMgW@2laMFtuJj?rK%5Y z&-^wgGIx55#CRMiL@URa=ZWqM&($b&AfMd+IRTACOgk0_ue4bO-`t!HWiIb4GI3of75qH(uS2_;?Y zYWMImma!I*{v;cVrxye3{=tc!(OwjI;AT)}J!6HH;I!WT>t`GMb90X7`!^v2W#8nMs$E z8|r;dxI{CFjD7nzb0Z7?*~v*3&Ru9|6HVS>-NuQy#8mI{Jd6vZq-1z)jH;mlvRq?1 zWn)gS=tVsJ34*?%1uS@O%qM{$ zz)1erPKMmMjjo7clh{NE{(Gjt&Nys2X^LndPAL;B?wuihT5(G7(Vrc@F^vOKpusV4Ky7! zQJX3qJK%=3LHL!sx*FG;=6t0NbTU1_Ul-fgYTXg1XzTM5B=oBo4ci$_Se`GNup=h&EvN!~KF_N?z9 zpPOZPu|^he!1*{ zLS7S&iw;E3u|oooGaH^?6qIZ=@e(xtjc7p(Mfagga9u6f+1`Xh=?F{sAi$be zcAFTPWayZhm|H5B&ZD=COfwnM+eo;RoEZOpTZsASxFf3rXCJH%&xLoB^t8MCqge-K zme$b{!V)vImy5v-`8&SXKqIz_8W*&6!g9rU~lY^0o1<@ zgUaisvJ!EpIJXc88uy-qqcm$>fl5Oj5_RaSu9l%WFtR-{eWtZe8#s>(ry-*e@dInU zO#_LSSC1oR&%1gJ$W>vFr^T#3>wng8#BAuD*7hcn$Tc7;dUBC^zW82sj|oGivs%{J zy(9eYLg`Q{;G%mm?OWp_J_Rs!&m5Ztb(C;Rm*Ae-mcKH^R`i2Ut;)<)g`f_0Z4uuT zCj}aGu*h15h9?RI-$DMGbQcJ8_ZlXTv^l>nAL5+nzR};BY01zhpZ2>Uj4ItGm>U29&$qcEx6_2_w$RhN z+v7655b&z64}#hyHu416a+u}fN+Qm>#S(QCM~_Dq&u=&t7E`01nI_vW+5qL)3Hl&d znTSJe2ftJ+LpN%;Hu>NZ`uGXre$8`%whSQ&O=MkiXWuwQxqH=oYjIA^OpV;XHT!CU z@mmHls4FkL|;W zOv#@=^;eo&?C$00R8Ab6oc3?Vn&HPj{>;AC@nxah98C?maqZ)vqxbM{X>gd&LKR5F zil?(RYZY%)m(J}F*7&Qu3%{4LcWi7#8iU?6guOUH&_V08Wx88(reDmTc%w|SLCP(ytP8Wde%eUWT-_>s-k}V4oh%fIE z8PPY}Q7hcJ-9SYXaBlW^UB2zG1c0l7*&N(_&nY1mDPV|-WixrYYc6f|@#b4)o<)QB zuvA39RHsI+jUL!6`IO#3w&U?T5LH=3py7p{<;_`;kE1kDXG3#ud@)(g`H~GLmK0V@ zz*r8sqahwyyGux*wnq21l`GbEJdPHwd;#KI17`O+9j@W@gXFoP3S4svENHPb2wy6- zXLjHd>rd8C)Z+PFf%3-&TzbRhZ`OkaWOV-H7m7xIS=@xCnDBV%I zXOsg4%B^Grkqu}KqGn-wN=Jtz-p@L1v|33Op^9>ld}J70V%aROz5p@-BhhbF|MI#< zr4AQWD$hmJ+qAmgdtYDte|)H1wlqSh;`DbBAYi}1MZx`8p_ z9cuLV92Prs*?*?iD<(vNcywipRTYj`yJI zTHj2)shr9-z~uwG2WYuer8eLjIw~5!oGs=<0RbS_dKKVg#OaOVudu=u_Pr^MKlXfm@?JVy!8HniKpPclL9~fMHFJbVu!_L#g|HO=nA2W>TDL)_u)HAfv z6+aJ*jZM@TUGIs`dFd{O@YLC!_B=+NUIp|wh*{R~zkZ=pwhe$64apbNw&f(&ux)4>*+G_lY@gmrDah}e8?Vj$X>sZ`QcF3I&(WmBoz z!q<+n>6UhvU|7E#I0ms8uXh!^mJ)bSL<|^UEIp$2oX10E)C-9dgU$Z#(m5dN}b#c$5Z4*srLq=tMNPYtoroZ zK+0+P0r$KoVFc8YQIqMfx9OCT|N5aGRSbD%5eg`;m~!4UrElem0PWShE@}8+PH<_m z7ixzmKkE4$XKnwp{P6$y3ce7*r>W>WE26M9rBIQ-LGh=SzTSMUsFeRjK|ukJ)c{K9 z{n60bKF^F*PEIZ;D5!)0octA+(h=k-W-Sr=bHS_xe z@MFVy$@hGm7b|L7gr<7u`goSkJ`R{7GiIY6xYaf$xDQ;O$CSCLZA z{&&fn@IWGkHYUV>P`Qt`=x%6@AH~tb>FlQS#6AZl-`AR~7oY=vCDWC*KO^@N=-pSW z9Dhz>t{iufdkezy0FaPLGm=Qj$Ny7Qh0sL2EzeODv7nhrTP_0sqlLYPOesd^- zeuCYj3m<{(kNez}YXSMEsP2Og1yH5c;|C6TxoTOxv*EfW_KA7(ZclD35aMSZ7rN-L z$ro=DP`<_`8ZH~AHu~UWN0OI-K}w4c1ZepG_{sn0JP4qH4`}};Kc*jiPDo5#IHj-d zfN*qNIMS%)6MEXmytDcUg2&w6-p;jvOQKUjP%4%cd$`z$JV=K9%qkM*Pg0$fS+`XC zpD--I4RsINs=n9xsp@LLtGwW$r19J2$Hx=Kk0P32TFdMfB%TAXEOX(uuw&|HTF3>?iMxS5D}Fa z-#=FqK_Zn*Tk*E<$vo}t*$QSPF0(k$=dC6>y2Sf_#gqo^)s^WTnZoy3>U&0k?cq5gsy zy+cExzGa4+MUKs;Pp&!j39J{sZ>%mSufENsAKy=t(*0)op7mcV3S&F&mZc=FESlfd z>JN4)s@wk{up2NNEc^MZwLMAx9Py=>4f+5E%OL!d+4eWh0izXPzd)azo4eYJ6(;}V z0*B@Qag^h$S{;$u)gJu#=!QfpMD$;f(du}_@)EmJmI2&l%>A-&vfh1c+a-}5ELdl& z)B6}cr)OfV8~3_gUEK5${uj}dT%{QIa_T}eR8IHk2(&>UDHqmTQ95ULt+-yvz)PFdltm+rCJjDEb z-|m*KCiy|#lam)!3#U$P-!;J^{DBGu;yVYax*_T5E5yba%-MtfmzX77H1L4QK|SV= z4nrGfiLN1R{Yh^&PF4~B-mdykZmSB0mEdfgsxF-xrerY0f`Iwm&M+ZTRPJgMJYfqr z{ij{t>~*EX1x&ol(XmID9R=lkr)h4hT>tRWzd%#GOI8%$&9GQj<|2ePR~t14`X@tf z_RgCu`qu8iA&W+hv_7m=YNzqO_3_`nuFH}+_cP~9k(VFaH;lah(x8B{-&k9U&xQ#J z-aD(Wf4L8k`!?Hb{K9&j$`&jqID9#+2F~9+13%u|+vM%4{XuKZa@sV@ou1q}ZdcG= zm+!DNN=4(^k^2YuUzk(l5;KCdAe9z!JUmQdGCl?m_Lg0aAyymAf*Q-0^1SRYA3fFf z<~Q%uy3A1%6zjJ&CSkSPTt&_4F&oEAtqE)YUMloce-)7+a8oIZi6PePUi|^WV5Yie zz+un|NejYS=2_lb&WJp5e+xj#UhO31T)Pj6tpvw8ixF$rvCVH#x6hMGB?#s8WgHwG zTZ&7u3j7Itg;8RcYB--q&RE7=cG<^RO^v;+yw0L+?A5KaSv_@*h1|w@UoQ8eLaj?jyAXL>~3s;hCNgpSG z3c0+hjz&4pv=e+D$d39$sMcjfE34B21Nq6JR2dlG9xv`p24`3BFsOGx@UeS3olWC} zw3@3;N@$^w@Iz(|V!baA1X{ac@ z1b0YRsMVo`#^eMJ&O=a*lhY;&q8{t&duRJTkCX}hFFD-}0j`Enz+$dw0yvB5vLQhs z9`%Kgkg)8NCSugBeeHS+3k&K%)2%uXNYlE@V zGYJw38wFSJ&EZq9%}#@%oYgFSh$U19zu+>HS`guU7uS%V7_^oDZgO$nSLA(ag7ISi zCDq}eR3z{jOMWF(hm>7(!u8FPf{5g|Qk_5;<%OZd8;g=931LTDeC-pJli5FI8eI+x8Oro6betCaezUyi zql>{tkV+X{yFshRaul#7Pa(3ei4HexX8Wg%cLx^p1sd-{UbfPpnCw1Aw(y`EtZjWU z)x{>GQBYNKC&h{xlB6N2mpI#6&cma>+N}*DKhA z{o~+OPaH45erw+trC^c=goWeO;7l4p>Oc=Jq%ZU!v^K1v0E$p&b~pd-T&#%|%sipu z^{9d*4(}XCH+_AzVl=t~*8Oo*EjCjqNI$#* zciR(Ne{rm>Dh`vS??0b{%juKW896&UOGBS2wmeT`u?_lO#c(*S?kvDNsctm-x`0_nf7P&q=8Sk zfD5JcTMegq<*&I}Lxq!@0c$CD@NPfx*GULV7XfI`wFKYgFA-g(Oqk1BmVB^N<|w^Xeu2=Nxqjg03G6J(q282Q-qs5F~gM6{UP590ZCQ1@&2 zmrU+brgGlwL3v^wgM;-E#%>?=?I2)|hEYnQm3JlScS0G$W$I1v2QMM>?7*cMLq{Ni z^V<(?Jjt$x=+X2*jjjh|S}CNYtY4s}O3_Jd3#EWMp=7sk^<{+>i)gc*3~MZW??9Zl zTiPigeWd`-5I$RpWgK_w3)i3Fey7nrAKm5lw9(6erQ?-Y*~bshw(lKKWFr5pyW#vz zGrM~NVXvN!a>`R4J?~Bm+b-xeo6ZDb3zs3}wH~xTeJ-{gS0N{DQ;UoD*~TPP@sDZ& zi=*&BCJq0?cP6lMz!23yFJ%d3RDFWoodx-s_GleXYA_*gHDu$uzIj2jX55$yERs6* zR&@nM)V&sDtst;}{Hu}KIU1HCX^5B3+VnU?p?b8RaYyLil#He2eypMp4OMV%zt%$D z9PlOB(FGC9^Qf)Vif?|>>nMa$^hWN&3! zeM?OYeAa%+Gi|4`xR(S-bXnwb>JeZ6{`&PRbvI`VHPS3bH{q0>13e<5s%C5}79XoIH*j7HrDBx1zboTnmTMky@jMoEv z#j2opJRj>9K0&Dj0fSoww6{DW?$hwtm?$r)uv;5nX>B7!fPS#F5miyyRH2n^C;cE! zQ^~GPC?$HhytME&j!-?9h-4#L8XQoeG00UFG@1%l=qDT_G`M^`lK!BA|j8g7dh zCyG}c#2uX{`NgUV8mZvrEmLTcXz1ex<#OE{Tox1VL>n+|v)uM+dv@FV^US%-wDy3{8^^vUCH(c$j;y;s300>1+LBZ;BrnZ3KTdC1l zW3fOtU#fJJ4JqV){k7|H7ja?L_vQYa)%)2At8v?Rsuwk0lHtOvLA*?_9LErUV|W+| z-IA(6;|`wz8NIH4Hg0@3BP3Xhl1Qf$O|%OyT8i7IcUV3!s9a&X&5cHp9WgQj%D8&~ z>q?eX4Lo=IKCik%X3Q9l!I18{f#BAgDv>1>9uck~CdA6>fi%Ag4C1=^MS zYe2W$@aTTvh8}#5TrRz{Qi?40W0F>ccZesikvx<(B^GfeK@X`rZwEpgsoPP#Uc!_E;U@D# zKV^Rpb#4(|TKPEQGVY?{wTw-?y;*Bi-ZS|zwdF&8x|{8MbIasCDbka6c)J7gVi)*x zMAAbrNX;;}KLQ&Olii2FUptgpf4;%|(na|&8geQy;r?#g|51e3v^)9hQ2+P6i=ifz zBwV!#=*6$oTQp*Bc{{2s+pO&6P;M_zp-MKz@2}R z?;*4xBDr)n=#6$)VDVLVOAAj;gzzJe-^rR!PXM&pX2+9Z(I2=a=w5V@)MW7L8l5z* zT@^IM#E5Uz`t--fqbg9wgWCnDIzu~H+(^XN;Oo{=wN8srR)U$pzN#?!2zfxiMH@P3 zQ~24gd@5o(WvJK7M8`p&eKa7%hxv62r)PQEK$VJ)6BJ5I`e5vTizA0B*NG17mA#2p zD%4}xY{R6M%kI8!lv+mKbwl#m!XH|c`4+=O=wg%1;`)xIW|1U@xTvtL?O~bf(2<^1 zs9K;O2;qv@e3&Novd&;8O>}vX#9N{|m~fP1Ufam8w3!8fIt3EWx|50j4HxfQXQ#N@ z^t9a$FbCT_D0ie~Je0)`-upR#OViNdsH-@9c;$R9j3>T@(sK&}N=%_R%TEr%jcO=T zRYM^YaKUU4z_O)k`3N^o<7M_mMoTK5ybZWfhWe|jdrZSpP#8LsgA}4f zPX0xbecu*>;$ zzmS#*XOJC?b?v^n$u0Jco2~JOUZcjzlz*dT4X+5WX7|iE;I@x@`O9bxMyy*2jAW6Ywvg)M?fGw?!4kznVH(Z)cXv2a~t zBf+@dffcHDFYofumE$ZYxWpysI_h_{$DF ztN=dPuySOD{o*nf;xJtC>zhbK5&<5i?X%8nuEB>7+%p{}j4l*vq^0(NTK6IKsCRdg zHqNUb=WzsS9G+hZ28ly}rsi6m=z&vI6Jp5Ov1>2KxM&f-V!FF8WNK@r0BVOtdY~dk zIB!p+F3=3z+rL9p=>jKpUd9!G=29HC@~|mIhb1RRp-HC-ErSGLHeJXp$BmPA_BY?^sbusF zLF4@E*yxzVv6&<4aAq@zq`(c-CabSC>T^^q+#W5J3;Qj2YRQQE1*n_|uJy@6M`_FX z+NU@*YzLiALcqYvxZbHgg`jWP)oiZgey!f-JcP$~jASsh>bxZjx!`o}ZKWA#oZkua zGURw0qrh`G<%T(a%yCU93=SfRAZKpdFNhZq+e3u|Jg zu5??R@Z*=r<1?}&#V1~NPtmLU7H6@T4$8?Z%20RntG0j5I~yG%$rp-7j{B zN&tWO<#XH%vT+A+#SHxr7;B~AwVK$tB4DY2&5lcbd1?BLCi-L6+O$LxTLM);}Sj)L=Fj6-%1-rA7yCDK$jxBDFS< zTZrfh+iPr@g69u7okt56(iN#T@~1W3w!-zTfUB_PpZqQw1SJ|CkKGq6L$9$^W@a)K zQs>uxc&%2i^eGlxT#e-FyO4@^VgdpUvnOqZ6;&LJ7$V*P;tFvq+v;W~AJ2m`DwO|X zKrNuA6Bvi-L*Ck4&dah}y9BER5I^nURv4e+jj7}2pQV4m^oIgOy&9+6U=+S9-d`n# zK6=&1zTRGh5$P;GY^hYH;N5JHO@OceY1gM%P*(KWDSd%rIZ_vzVB^*ehN?sTLO{HJsji|!Ve_0j+5$Dg7CoBC_L)ghan3!+r z)&rb5`Ovv=rxA1?=R4!+?DDc;^cpaqGMCcSKkIAoq+?!@#&WG?&)w0g_oHWlb;~9GsfQdKK4aUC(pQwDk11x4}PuJ_kI7 z^eF`8q?abdAb|fvZG6EDi;XpPHEqS?w7}BR(weV-M?pc6_o=9?%!B)g=w>c^c`&8r z4eGx6@wva^$ehcV;hz)e4iOPo{d+3)k^@7Ys1mz*;gaM28aP7@ai#T|YEsbR8}~8D zFh=w5s#WTn0x0z|34K_$7XW$~I7<9*Yakwz?N7SuyIQ->if!7IP+nUU_WkzpE{dLW z7e?11#aaBo&{u=5OF_>1!o(XPLAuTYyP`T0>NVhGcBl}o zf7SSoa2d9I9!b*Q^%Z4dQW&2QL#L?M8}n~lEFX<`zY_7{IxY#gel;pK*j=JvwSC*< zPsk1lQ))jn+-aj69`|(WT&cAJFPhQ`Tqjo{S*wLH6pssJ|Iefd>h_KDQw_E6+v-cATqD`)R*{1*V&Uv;w;wn=HDxin)Lgdz`rPxP zZxAgKD4}oH-iE4k2!F`I%^4bAJ3^sSsmtf`Rp`wCra^3QN2#5n>vfC8ZIuu=yz`}U zaXL*9fG0TXv(edDOf5F~DlF(oCW!veoOz&(%gT!W{hMgP_y>%V(%i>y^zJYv z{#v&Is{TLV;h|iHy+0tA+mr_owZE&gjQ11`AlBG#=^GtbY#*wiZ+PB^lsEniS2kqI z>disK*>P}!V6ZwWze(`Qewre$-S7D6O zWVPXcT6<;31i-Jp^#m6;2h?s)1@pL3psSnXvRt%-T9ILIee$@8vd(u7HBs8MjE{5! z!{%OU^q$1~2dKZW)8jH_3mvak!U|;F@M0qgeGoYAU>!2+L`W&rvT!x}QB2)MdVBP2 zRvcsWSqEniNF;pucTOpZ=ym&n&lkyLdfpp9UheFlpUZT0b;a%veM+FOZ*PA;(ec45 zH5yJ)Pwz`DwZG?~X9@;tW!5kMF6?2rFPXC!SjwDXZ5{7|sAQp3D89jJw7&)D7yg9g zErhESjWl0LIdRgS#*pa{WIgCzs6VjM4zIi)^6?hblXLF;sHgjkd0Hbjh1Fp@L#(UUg#9$tfN- zo&U?Y4_FL1ZODI)&XC{GSTOI#RazjTr}F(VO%NYT{jfHiu9_89(3l7$XGbp4I{0R> zR)(JLKqzvjQwSxVfbE=d^1_3OR9WiNC$3ze0fwK6r;z?jg_ccw>v$F<3>foNMak#- zB&*B0@V;H)yIX{~o&t`Vq=(1*gBlj^_Z5m7_%^pxFN&Av+DjDVvFlj4zhbiUBN&NK z@ZIJ8U~0R4X@*a!a$*7ICC`Z`q{a$!TC7H81T82WEph+h7b`j_IcG@cNs`W@pRFZ) z{hjsA`cy@K%~u?2@QE;Vq2L5rW9I4<|5;X8BB$==gQ4nEnfwQMzSl$b_Vy}2c*l;a zkdARpTQu6axV%rXB3mq??z9sW*k_&8SaL!k4t9V?`@^WuP(QuCfl5}KX;fuMk@?ws z>uCFCe5RMwYJK2fTu^8RE#@k&c(CHbR|xM5T=ya*yL>RRGC2DGpaXaBs+{#F%i&hi z@k`cj1Ye)}sA=}}A{%{uB5^+5Hy4-mZpQnlX0u(;WuZ=eF9jwB-;TXIVqSs8@QCR^+cT@|2VsKvW( z73clTnF*7TJYsNpdb&-e;OE+QOCl>`+KBNve-mlt9iFAV=F&6k<-dQm(mM)&0!E4M zMNl1I?kX=sHT8F8jqP-|?^+i5_@`9A`Dx>Jh1i~voe4QY>b|uRkv`ZWYs=#JxV6&` zRz*&^+QkLrm`ny~%hNY@be6)D`x3^e2Kw~Iuv1JkO~acM4c2fl2ij7-`EgBH_I&Xm zJ(;%(r&mbT->So0JX;CPn>aOa?htMQyA#zf3g(iA5UmIfn(tOnMupQ1R37w?SYkhrEJ?7f0u-7sHQpN$>_E&m%dTf;1;tElIhhFdPN!`!eQ=Dnnuog@vYv&50QpPu-o#uNaNifevT^Be z0_KlS%A^B>sHMNq3r6d{a`+IFem%A`Iu&Qo?jm9RN!gM=EZcL~SYGS0r*T=EY5LVj z|Mex1^|4ZyB(A3qIg)LU^{f)W;_g?4JEA|5zz`2QQu~C(y0YjM zS&{V3_vO{vX{D|T-A)63ITQ}JA5evmurQHp^U_m4^4coI^T!512ITJCBk?xsVbaFl zjzJAP_oTZrriBpr`&?e%i@P(+Aw5~sM=cBWb$+**WK4A(&F|9=oaMa;t<$sf{PJE@ zbua*inCOL`d4+caF|Y!p%2kzwJDGTbj~{5hY{q zG4iN+pi3BH#nn}u#0-~IEb2dBFt5@8V~nf&BnSV1hs{K~8GsU9)-yMTcrcbK5&ND) zm&I(Be>rNZ=H@(r4FWz>vBgx1jScFTY-{4%dOcCtn5>rv_tIsTW|CJQu`hs3>+5+- z)t=U%=1UG^+so#3BJN91>tKo_&w^K>*)Djo<%_Kr29=RXnnxI7b(){QKGrOJe0lV zy;7opq$Rt6KV@&|?@gS`DQMDrY%oV4pfEFqLgwN1O}_=S4N4%po(IncjfDMbd1-fZ zd%&sKaMyWi-kAwmN3u$1hn1kH5?b{DX=rk}RJ|h;qMmo1lNPq)#Qo0>#ch1DZjUSm zt!o=k9Yy_EY)&sR$9U&)#61L?VZXR6S4dtlN)^=+ScLg2M2F3`qWW&nVw9drrvoPD zJAx2zHYk82@#R&j;nk-hEtk>~_jq}Gj{>pdTOMbJqxAFh-xQXq054e=m{$$d-bL%R z8uuHjvvuqkLy5kbCVh9KT5#cmu}=T{lrVGU1|6oHtmJUNCR;tt+H235Dun?F4kARf z^#A@ZfCEGmrml}m$ck0Mz#h`K*mUnu?iUW2a_ppO7&$ykY$sAKgdw@Co}%QNX@+6w z&z6Xci=;#G`@1Rs$>O-c+Me5qXAX%sOsA%@XeJD=NZXr? zjEowMg*{&9d{#r}FFMGaOwU7y*>V1rQa(d3x<0YL+ut_m^Ey%%>X-Eq$6Ey9Js_4` zs`s8qLM(rZeH_rsN+^IU9qI}Os0jQe6~edcEMhTQsHDam*PARe9qd?T{2#f`Ed~Bk zhYhjFqen*=rF>S_u3@5Y5P1#Jdp<{?3)8+M+_(hcZeU20DVM{*5Y-UmFUd*9|CbI$ zs}srq`!4^5_|FOObc|#J2u)k@+vdQaTKxE>yICygs3Pe!ELQHj+C%Eq;+Xezt0V5b zQ$6&CCAY5bTc9_=J~{sr6;n3Qh2FOdrnfTel|NFEg_Sv&aH*=NJ|DGA`AYP2OU{n= zCSu`ZWL7-5FZJxkkK4jX3;!TX(;D|Bii0rXM1fA z0cm7}gV}+g;Z{@~EAi}66fclHNqE(Y$zJ^JbvQ(j4fQP?J#tc5P4tyN*Dx`|ctgwH z{^8e|fDiTr4YjzJKuFWehgiHfYbXl)9cgHuXRa1ZbB4Uv&Am@c7)R0 z6nTz>enav*_Hwfcj_gA{WsvR^U*0PAu1@DcM@*Lpn_a#%u>sliFdqxiI80yyy^xUvExB;cyM4li|rG^k0HvQ`Cbg;xAMIMlB`@e>JiDP{&D!VNCHtHYo=o1GqXZdO#O9C>obZ~I>M%P|FP`Rw5 zS_SE{uzuMBY}$DM8My|qvUS9Z17C-?eZhPev_#mpayky2O+@#8{o!g;3VSv$$BNZk zk&vDRXZHZS*sll5I+aojgmc=}R0~x0&|>|DJ-8Mf2P=ol7&xde9P)op!ndu$velcB zmX*h6!7Q-vNCu1=-QI3N`*IZmLO=)z0U;m+o(TdPElgN=UH#i6^o`yH3*W~0`F}5= zQ=e}5a^mNxcX=l&vj6yHOIE_Mc1tvCiCFs0V|DgrGbf;DR5&sdqp)hldbm|@iO_&DYJFNZT4&6Q3lqn^i|unA(6skp zyxcAj?iIbU_}dTA_wsg}+p`OY&YXo=nezFfGO;ayG-MR2?ce^)-}aOp@4R&6lwc&F zVsHbvn0<@htwYeNbt~lFybQ+%eK6&t{%q?n8`*65F1J7?*I1!f(`I;e>@Nroy}|wV zM#PE3IGd=!(k2D@^V)MFLMFF#=1uc%%x8liq( zxN_nM&L?THc*7?6I~pUK&*-OTW*064D1ttB0Xao>?ag>2>HNvR(6>)t7#Z5)=jlK2 z7_*VZHW705s|;u!R1w3b%|hGmnb5_Y!j3(MSs}mVETxc$*Oz}x~%x6xL?S;PX4}SY4GPG zsgjE&^?m=>!V+8m7){2;PW1VZq2yp+iMC!$R@07d`;$CuP07@ ze{4OirqBKHef|}8ryb{03hVl)T^VuC1Od9p5P=?);m=f>Klev>Cxx3nP88ceC z=K|>xFH(=zq2$OeI1EiKDWF;~1vltU$FHUp)<=11^uIox$kRh{d16RDl>(@G^m=vNq?ZG{No#0Krp88O;p9eToR#{`Y1y80Y8|_mO(c6WL$dJ-q>dfhkb_o3vnCarmq*L zYw68#i%6Gnp1QWEL-xkTWN2=sA4{X&boNFrWkepNkl+9c4Qoto+qNPv7hBSrl%_db zPO0_ooBchpDG;v9h${Nkq|lm`^zFVij#LLYx+HqNVJ)grryjN8c5C=}s_hOQw@@vA ze%mavHwW2z1#tassBY~V^wOXo)U@k|wvvyVHJMr2Q~ORGsiM0r8CzDQHTxp;V=D5Q z5qpOGJnYD%lpVEb)0P@H2&J&juTV@TJE=*FqF#+E@ItmZg|%u=b^ZAs#x&{|z3Z60 zYo;(~Em>H*Q}dQBDWqmK8aHRVTKnkNTeHg)8!G2uO9mcw>C(+C8vjO5)y++{(1z5i zNgZ{(9r}GkS-Nz3uX9WCaI@n$BdSy-kmtJ=tv!6PNKf^*t+^+7em&Y2U)uTm9i(!2$=Y#K&vUWQ8hH>dNlJRl}J>9f9SAIes#MlG8+qiWR} z(#|t+M7nrt>1a=FdXH1&}^(C4qVQ2SwFZbYV~tjOC{=@)3&Og)dw+n13;DGgaUcv7?GO)1DfE_24f}bC8l9V+O0y?@ zPCdJIrH-9C(VIiY(V1xd_wADCT{yIv-g&Jrb?(@ay7zpEW-i=8g-!u;QfcDX!>Qj3 zeW){kx9ixcGrjfhH*`8Ov9PMV>~xwx<_qfHwF`Ca-h=+yvR6$zvu`U6>eGulcI-@V zzB`8gm@$Pu`s@q3seA#+PNH$252abFcIxZNOjMs|7d&%p)TwZK{jCpZ|J7S<=`-s; zPw!nzZ@to+I&|njUApz4;nP>C3CFhoMels{8AYe)3bX5U8MI{9kJO`E7tY_2diL&1 zV<%0e1l3hv9_?JekoxxOL7kZ6&~ZP}ie>X@7|St9`mbBO4v|5NXBIF2^^a5OW~N>) zTJqg!8vfm%RM28p(lz?xgF&=v=Pfss5qmb%TQBxe84me)I4RP>(JhN<$j6^kOq$*e zWlGFh8a8Agb?VrO`VD-W=FOT(Lxy}phokiJ&!NqWIR6(E%ijF*(&K2#x1Uq59^F+2 zJ$t`G3s>#Yf1fWL`SWq3sJKXY!UTT*yx#*0|2a3$Q$-J3`sCLY^m(_2WbYkH5vj^c zolS#U`cS#rJ!sQ{>11JGODpzVQ%5qQR{)tg`qH+OG3s;l*=^)&XG)=MzfhkS{_;P9 zxex8Rn5sT2AH%y3R;NdM<7jr#eOCr8&Bv|!m*x{;7bXSPfyJKoZryi)&%g^iWa z_wRNg8=pG7h>=4%Ik$^HdBkUtXwMu)F#kV$R{KHvA-ENH zFF!>}aS9ZQ777K56pFiRad&qq?gWVtx656U_s`qQC6^Gage1Ve_PCWN^S<5O?!1}# z#**zm`&6i-P752$Iv4R^b}s&G{f?tT|91{AVV0CLbm88!f=nZtc`>uXW!b+xX(*K& z+m|pST?t#d@1n4u@lPt7(76ILbSurSho~0@5<+h>S5nj)4OyO6EtMt2#WGsy6H0Pi z7;9P5juoxkMEJ2FCQ~-GZxd$aTa^XHWXvTsMa5#{G8P*`DSxYtnUsAuYL(E>g;mp; z3?^*hrc*3FQAL?iqFE3Bg3PH*APX1Z$TDth2y0f%niZ?wO!zT5vvdm6g*n@MJxnba zVVV%n6Yv+bgIWv9 zZ^b6v*r^*&nKJS|b1~Cr)!GkA|3RKPs11|Ym1MWWl*08sG=D5%;>b?i3{_w6G|bZl zqm9XZ8!@wj{_Nb{=fX94{rCd2GB#k1`^*=rsge>{Vxk%ce&Epj(VUx=Z9aFOex0LO zeFqa(ym}`V7O%cHlu1b}nNL;`Dk%SrJO9ZNV_&cuUgpfktpd9xun7Z4Hu5fKm(5D^d&$O!~Qc3UPs%iZjQmi(QT;S0=Dm=aw4_6y|=!HMS z-Fx?-kQ!2Ky)K@-ip)F=8Q$X}U%m~~>MG}%tCZ{}}1fTX?czlwvk(^wD5)dDs2m>=Ka;Z1s;;9SOr=H>E?F~Z% znwy>}idHF(L~`L*3U$=urVz1-Fs?3*YsSY_#}7&MWJE_2h4pI}ll#_VD9D9fZm7;D z8WH>qy7nI6nPu+Wxr{jIL@I@Zm`eBlvks>&TtQTvLf|3bSrmgG zh0_?iC}w4Vdw1{P-qR3R*;pYgIvNQizYg6qR_@O5@mAj}IuyUI&o4BU6qN#&zE!bh z{bB_8x+4B{h|tE~%MXv~n%tw0iMb_oLc$Oc9;?3I#Ma9BDblaEI<`RQPxB9FZ8f5l zGTsH9hyfR{BDb~DbbXRvtFNsd&C`H#ye7nx3tLhWY;CMzNFtH59CbnQcq)AggDC-P zLv@IWl$cw2dKRJZG%(6|OdI+W4nLJ+#~-frYYnuW?irhy0>Wn2O87FobDsK&vm(<0hLhd1Gbd5r;xj_uTSy*#s=hCAnb|% zhzN)XhzN)XhzNZB2xwU8zy6tuGZYc{IuXdKv3;Gh{DNo2b6WCPeg$chegO?p%6S0R zu3QeeUjjnlfUXUy1NS!y8PnB?L`W4$mXOluB5;war_QLR1Tk8i03QMgS-#V&X{YSa z9HiAGVKePZb2!sC*;v!+ys09kytRLxDn*977mlKGKmb?wkgQ0eIBN+_?alQn9U^$+ zvS=td-jJ0z0XF_Q8N>dZPw5be9E8|d!-;Uww@#^aS+kpqGCCL&f9a2f>km@of()rC z3LsMhYQQu!!Kk%vD z0RL;T1xtP(jrA6g6fT)8ZRy0s#58bNhNd{i{-D>Ncz2P*uYAZ1(# zqf+bq=~LmD@N_PEX?is$!I9I>?&&|_&}a;*wt@G6;zkW)kk}h!?aQR9)QJ7CffZv}onM}OCp9-YdUPK_DBEbK~dA{?k z&!W5(SC`(mxJ+UZ5fBmhauLWzmH2We^HoaD6+bFwhNQU}*rIdW>KMFW9-eGZMybFy z@N+XlWP}k+^^*{r$kXZBl9xa#S&@SUJE@?A66Kztqm#Tk{M_!wso@4?uyBQSizSTt?$ z51HMQAhq?y`t7UXWJK0wYQVi242{jRj7`u;jnQw$LbM$G3vORIi{Gh_@%=}jRr97~ zjpu$BQcPXE0ac4Sf!yP1VL=xjBa0v zUH~YcD_s*EvW`2uzA4umf@V38fm$j;sBi1E^DAcmf~{xoVc58d2q<8Uf6wp2xXFt$ zC=>_({PPcaj@%*a_#G#fuL%La5`L&(uRbl%X-HPT zrrC*e5fKm(*u8r<{QUg#)$cb~{+~U22509Fdv1zXQA9vQApapCD*yT5np{7*4ZBW< zpkwzgaJEvreQU&udHom((ZnKeMegQQ8aDkOCjWf^58_fWy>oj(o#z%=vcV!E{x#L` zLIFQ3Y(IGp*B?irgoinzo?XYa&@dRfs4usmdXjP(A4`@`N?~!~)DaxI`WkvR?tF+3 zE);+*C}eL_9C=5A^2jx>v`SnDdAA{wD=AVq7L?-9(-0WhdBD|3t!yPFDj+3GSLPyt zlv0MgxEqC+@eCe@sl@1h5RuUtZ2ug?I5O{k|9xL{X;Tp_F&ex7&<9bdq<59wTpp2| zJ6}xcJ8&E-dK)7;=rW}G6pE~{}G*A z`XeGfGi49wu=g$qlp)X&dU_o`}2tNNLVq}%+tM4t% z^_FOE3Jz6cgljbDhJM@wN~pU&{7j1oniOyE#Z2e%_b zVM$>IMA$171>I9JN)PxU#ZZsx(KQXGFoy!>Hh6gDD9+tWfPOj6V!(&=l6!Ud0@$NR zk7!Y8Y`(G_z$xDGZBGr9D!Q3YSC+xE@efcmxz2;Dpjh40tE_W zGP2||5k+xC1VjYhfqIGK7#l1UmFUb(| z2Q(AT+n88GqIis!HOf*Pe=Ku6fx$}t}!nPST|#lV;p z;(O=Ot#xbY8k=G2j9Kuu%dALADbAfC8l#4E$KNs?d_QU$8dPu<;^-5V8Lnfgynh-_ z-M<92+jhj<&ZKnvl}Ftgeh3MAfHRk)DGkV8R4!(x5rMuXDCyq-k!vQSHl-eML?q5% zx<>O!hDvbH25j6*!p6n~e-7$|`#bz``N$F6dG!iDRWjx$H!()Ut?lUAstqJ27MMM6 zF3J@x24me&bne&`<=mt=a*U@Wj3tGgyM2?aq{J%_jsZPe!_U(hH!tqPrQ1;$IIgwe z#%}FV64us6m_DEb?rbZEONVLP;7}B+o-8P}``6A!pOH&YrfNA#nfMf&wq8KMcLRh4 zovHz~VJ};VCUpH8)~SV*s9>C@1)V;Nc3^Om^1}FxC~-@Xb~q+nJ8bPB5G9f!ShFV=z1~iKfRYcXiT6? zN~FIvT0GE5OMjq=)Sn{F#j$+x(sW(tply@tC{7C{$4^{BOrjG0rRWbM9~LQbL9}Ys z3Y#`>#+A#L#RY(Tc#ZyxNL=v`pm3J0QdFx`7cMpyaPlmUdX#^hf=PeO zL8}_Rf)UouqYx=(DUjP(qC}ZW81vg7XkFJI&hBMV#lM(f5l*CbUe#;B-_KKko0H-t zQ|qcV>%iGY?c(iD7HjgKrd*tfFmWt|T7gwyZjffqO}j`|u4Ij-L(z%^$V^O7qjoJg zSzC}&l>qPRHBmk-Z@q+aY$nr7ZM7P8=)5^Ri&aFGVucVJAAzXY1Q?mwBCvG}G^k!4 zMm!)}s}w3;2Cf!>GCm3BHclA!>qIoHP!OIaDxi#)6ZDL1;P2~&__#PIRH>-exEpx@ z)PSc~F;ps7Mu^^aFX%-UWF=Y46JX-xMT#)3Y>r&!f0 zC|%GIIuwsCAs2sR$_txFO0um>QF2wEg8n@kQ+&FF#V*ciD?u3>jhL8dq8u=Wf6YKrkn6$L zj1mlL6$#~p<%(-Gk@zK2z`9@QKunoD7JeRNsW-4dqlOJAr$7>3$HmaXg&qo(E{`@H zo1u`i4LrO{qei*HbUhSAuBU*hl@p3ptcg+{c4W~{fJ?z*q$rnB$NlR_QME}Uc-WaE zGVC?gSHYn`A+&1K7G;YT6k_u2+&y4J%6&A+V`yfEnssOq!@@*MTJ@rdp{Y6aQdJ;_ z1^AY#gXy#WLj7`NNuZiVikE{a@j*lq$AOt+Q4AsSK2Hy4RIO19_U6VYU9AbpZjD4` zw6F-~>}HRebYIz;8xcuh5{lQUgVH`OFmv`naW7{m6cH#~vOKESXn+b{ZiF|-oX^!B zb=tQ=ok}HPK!gZMi3xBcGQ;W>N(uLbE_Wv&j)*cftHaOT7PgeT*2lw^a_K6eC$~n2 zL8H*EX$`n~c+nz62|@Nu6U_%ZW^@f=>ApWfd3MD(&3te{azF$_Lqm)hF#?q3AyQ}8@j%cIg8U25fBj&5%^{hc<|r>TDEM7>({S~ z*8ea3s&n3x3Kc3~-THNKb`oQ5zwpZ`iZ3GYSrAYt6vR!Gg4oztf%NsW43f_~<-e6i zl%2_d!umKdD&H52h=7QI8iC9vR1p;s0TBTa0TF?(3IPuf543ID7I*L7B@dOvuWD}J z+GO~PY}amG;b5=k0m=9CC))y7LbN$VxV_=c)Uf$}CSRq17Y=Ws)WLV?`sky2<8~-t z#4*?Asfv%ng^O3<>{FV&8cjdjxTzF6`S{Tjm=Ia8Z5A)I>;{dCc!hJ9&cdfOg%Mh+ zxt6l4m*0-@zq5V&_Tk{cgV?xnqoDNjMSySBC^M8?^qgZa=tvea8Syf>!oj>egP zx20!vkx*c(si7&P#DDTZg|gkGr0RVUZsPGoNIQP~c>MnR@50o$vd=BtojZ4irKKfI zh-c|rO$C}tTv{BTB+8O>^ypE+8)EC$t@!P?->_xN7OY*n79~oQ_@G-ttRy1vwILuX z|6kh`73U)&AR-_lkOcv532N4?nef6RTK}_v^9Ahkc-69H%c4%*IzsxdTo*Yt0poiA zfUBtmP{1Pw22!5%^FxY+lzpI5lh#-`>F4wY=QoW*`If)p;I*Jk%756a=LnCEgVewX zZf-7WqS5qLDR>nWgy@7M=u2fVHZ_HrsR^YSmC~Yu3eiLiD>pKRjAY{_MMc>=h@8{N z#1wiuYH5>`;wVS?DIR3u_z<0w5_DlBXrsQ=7lr`q*F-UQEro(pMO4dg~J zx3VN9H6vS2=*u94$HYS>Hzq8c1rpL^l>!NIkqDu5qrsGkCOjsVyf1WMN*(}Y?0lm{ zguO&qL>%~hHDg-@!hImTp)sO0w#!Br+Ho=pj1dHNqn!p>JpoX9sSRXRe z1RI;0!Gwr-x1Bi#BYSm7LuyJgqNAedeu*JcTNRNBTc-7qAu6{VYnLcW`x_b_1wFd& zjOf0zvb0FQr?l(k=5`d#p-r1Mf~&tVWnLOGWQbtVHYNGQqDDZo@WFB7pEGC9V8DO@ zICt(G>JTw7UjV34qlO5Vh`_gp04Mwti->@TfQW#Iz}Jlcxk0kYlP5E|T+T^e#m^Un z0lnO_<;$0o;XEZzZqn@w#t8SzpKJEB-YxuDiKag?7m1O&{m{k)eK;?cp;2sP3;==oxu3jO;tv- znWK6zGZPbLm4-##R{hwEC?&ghd>M1GwPyM{5~gQh#BA*BSkapOS#;Kmk&?g`PZ`P_ zP1SgrnHaMYRU5I>_d^&28>z3 z64L;h&E~v#*d<~!jh<6_xgSxt^BtcIx*9TkB_e;#Z#A!-=J3h?;M&-Nl3w}_87%3 z-@L=tPy3aT&7AfBZMD#D-k{FH{n}^L6n6H)Wp;eeCRWUp78M4L6VAW7dx$|-&L*r) zTTGy%M;G*Fasxef{%Is*DRHc8pc|7odb5Q)j%)3S(7N<;M7f&5xy=qrvMsi=aa^rTkbN7DsIxh1H!h>_0 zg+3|<_GE{SpJ6AD>}Ll~T@qxxwr4^5??;)y*6d19B>S^Z8#*Rs6Xq^scWz%}!+JEN zeKWT0$}7^L6Iknt1)0>j1Y5V~FgtbpFq<)|E8PP|Y}SrjLZ83)Xd$$pIBx~DzsiPw z&)b``f3B$S`?=lud9cF1mD#|tli1>UzcX7I*!N>*vt&gqJG^r{YgerVGcqZ`)@E?Bco8Z1d*L>`AD4QA%i#2mk#2_um2*$hRm^U?w#4g>I5`pCoX5PVEo4sb}pO9nsn^QLUQ;yA0Kj$b#7Ue{r%6$ z|0vnVHcMek#`R%8^q=rS*1C`FU9A7*AfU1SQ~bE_;`1dazu&ry-0Ht##fn^CEEMi) zMI>uqwK&st_G7nR#?qlw*0o-7QvUmW(6ftM{!8iWuxhQlv*RaDvSXyE9N4#wb*bS` zil08)e&wk!%$D)pnM`WHu7xVn|CriTD8OoV9VYDe?i9%M3pHZVnrBc-IIHgs)?&bT z;ry$+hZ*#Z*>CGErnf(~urD(60D=e0K;o>!y6*yWcAnnP?< zxBARLUV%N2QG>X&S8HZrTA77q*7?)xU)edA=^C1`UDvn;Jaf6WdjZp-#gHL?EMp4p zu0YE|t!o!$R+W3CS4<4L$ZRDBZ2YQoj45BRD$Za{hfGU9|NPc|TCg!mQ~p(~WuOnU zuGTaCe8RKy%tk^BIxEiz$NuWtggi3>*y9LcK*kh7tcnX*mtWQ1AH351?oFAsRZSL| zR)rsnd3c_A(4xecIS2Ue8zuDiK9a+j&Do<~gvhM?$CC2z%!;)hns1(+j~+b|yelYU z2HUY?#~bqz4}2H`adC0X-=BVmXhCVvpg|wjNUS9y@RcBt?_&O=qoc8X`*w=4d(9Un z=ul3&c@2{Z3{NV#}o(P?0OrI&l5jq%2 zv1rpwEPv{Wp+kRse;2t@Ly0Z(=Of0<7hT#^PaiSr;VtYxeE@?9+ngwOuAIl=a}h*@ zloP#W^r4Ci$Ie~H;od-*aqzQlrQq_hbvVH)Qe>o9zGVb7vH$DVt%Df*pa1U!O{{-l zU|=4^`ZKJZHx8?hUB~35$KYWuLqbA4l2cN_+3({iZKN^9f$P49{a)WdhLc-YqT$}n z^qQTF_?S4P5L5m46X&32aTnnt#Jx^MvPuuX_UQ^^8JXadmDqRY5nLP;!g)R7Jdh9% zKx#7WO6j9ig7~~Xyb$S^Dp4O-cW*)Gpeta+0r33tIV2`1h+{wjiK`8Y7I(vf@!#X> zg*~WW#UCwOcS4Z@w!#=mN%UJy?;|Q2_iZJGQrB(Wx(#<92T??W6!&+Z26W`m$r3-# z+gm#ngsW~czOPdXdt0?d`5Lv*u|*TunHV5Gg2qXbU}VouFx1yUsxlFWF9o4+p(Mdo zM}j0upO{KK2g$~RK`2u|5lpfD zx^$hXp1EO$w48`dC;~ooVUrn>pPo){A0PPyVJs1f5Y7#tE;>5;Fp{hLNL3^W^Cwmb z&1q!Ji4MK>l`0v>cW=h2D-Y;ClprkV2Fb5OOFtR?q<07z{0jJB_qr)4{rD8>)vkv+ z&0C>*i9%YVX4KA&t(h}tA~rS_EnBuk!-frWW5};^46aAanKK6g0RdRDWQmXkfD({Rze0_5!P0V`-{lp4|O9Wud zZ!Rcbt`tmVz`n(QVCd{w*wnH)`Zufc?%tKJF>3T5P@0y-kwc47wvZ#e04Nblgg$=t=b{Ppm!>A$@vZ+C4}lIzqoXX(UwI=RVK2l!%@TAWh8~Tt1JCVz0S{ z0B8Q^W7&l2Y@9-VPxMn*l;Wkt(!E3q4sZ}M2{8{^yv4S zlz;ke(X%I9%4$6qiKH(Zd%#=A&ieZ*D2c>quSW!d6dnfma+T4uYCSmHkd`R7!s0!9 z5U^k_PM*Gsi6e$!_S{W4asCi|96ltSUNWW)`X0mPZ-!gZl5n*!!2O4hi3l$Rr}XE07|n96lziU=SYKWeMS!UU}e3lIN*H058@%lp1* zbwr5nQ7g4FQnI-!|M4X|rI>mV7DLh$c%f5?K+veGrw2)D3QVmFp=Zw`s8E^|e}UDX zx5*eiGpQaQL(`tfBxz;G%tqbbpSMph?Bf=F(%WTh?E7mx8vi&B)~+6KcX38s@Lgdp zSs4@g0ta7d8vFN3IF((D)2B~k;q=j%HfJ7PtCRT7-#w$#T-*u|4;L8xDQ-O%NBug7 zDpjf!8Z>A?i*{SFZQC}G2f)`kQE^rx0$C8q7s~(2l`AoN^k_VJ@`QeWC8$}mCd!p7 zC#-4~DpV+4WQxlH#ajs$D{^-d77A9aT7_SK{S^ZT4kYH<{H@&hRj3QU3hC2<&+uO` zZ}nz8d6}`YopCnvR#H?5o)Nok$+jI)tz^NplZGJjob-yxe8y>$tzj$WsfG!1cL?NSt~+ZyG(Tygfu4s6=G z53gerVdLnH&fUAfH_h@QbVUDzKe~#gD>mRxq6%@3Phc#ixv_OCg#UGFL$40}KZa)y zu3^>5>$rUH5#eBjcHR1*Tv7E4M11&DEMBw>*Y7@sj?4)DRhpnv+wAjI>(C2mQus40 zm^KM7o&+ILC4q0*O6bw04Ovhm2)T6`i`Q?#OJagfBzdeHJN$_U=82pjTlqw(v&Z{{Mrswc65i_Q-Z@{AWKXW|bJL zO>z7}45a=URu>JP;`g_QfN1^yGOjtd`t#>t-dO!PMmlKLb0|vJC+2hsS(@qBH8mw3 zi)a0TP^mlmcIX6OXDh@L+j|@_@S9s()9+$7zcHk=8(Uh#)5DGWbi>TQ7UFWns_5Ob zJ5KG}OwT7N49rL^)m35K++`?Y@n#>yJ;QZFQhL&^9c^TC@JdrErNq*&DG?C~5Snql zlIrW|C!u7$W>`G2pQcKtZwp5+3?4HRT%|g)WH@T|`U8*1>YT3p)4Pc@U4TqY={GzA zhfnT8@#a6_?8ZMKr!n{c)dx+7Eft=jS!&Z01wXogAx^5 z;O6aTd8YjH6m}jS9>Q-!7E#6Bk3@j$8$EjT5S0Jbt5=K4|3~5{R{wGl$aCd??AWmw zGiHo{VEy{_F>>TclrLXCTNg)SHAT^)MTNR|?%ctYDO0d)*)sh6^UpYW@+1~5S_C^g zyD#Qyyn1+@QUj@AtmT^bHsOhRPrZnrlKlgUTU7dWZ;E;APs6`z9hf5&3+K(j=A*Z< zcf}N#8z`~%kBL})?M!uA=KmsgJ;V)vfCctrVI^(9YmaQ}XiKM6fL@%JfRdQFK$kJb&qXd$Rz zL3iA{@h>hth{2J6=0Xx5j2NIHt_Tn-Y{yi5Df;Zu}0Zre4o-6;cFYja2 zufL(3ev)*qcf5B$8ZP>0y)c>ZRV=JaaUDpm2~MMy-M|{Y4&G|2rCW7ztDF3aDAk z2`i=y!}@LeaP;VQc#v{`Z2Jlfow*fqxfFVozu1kG`+pzKL!6Tr=JcwA7iV_kJF==J z85Tg*3Po}2+9h0!ibYxSI1r1707pQy{^$SufLr~$cI}#n&ooL8*)+ogOoQ01gX?hK zpeja=`bjvnYD8c3o4XEsuHHd;cl83LrY_g`NQb0Q0lsvsF7{rPFlWL@)a^AMgQhOW z@-g4T+us+-$xA4-Y#c`QYy#cnIGjIw2?a~mMeVBIur-h)>DDnUUcLcEY-BjFYYWal z2I{A+_w$!{U1c2hFJA)VU{72;z7H$bZU-|WRzMO!VqydDQuf%mdO7Np^g<~wJ3M=I z2RH8|;fDd8Ayd4&%h+g6pn>T zqkw~%dP4kP9r8M(>lOaw4lZB3h}Ui8R!@DYr~XD-91Y<<+MT$oEkUVq65x^quRU8bbaf{Nuz zWJ-%zqIPvCe_xFueTQPy&<=>Wc?z?(?}St79|W&ME;3hkxgzErbnAS7Oq_YN+R59FZ>`Jz8 z4G|F$ftZ*Wh^Z34zH2PbC>sRmhcnO0FTec4A05n$((6o{mO%vbF#_%1zn{6dxCs4J zs8Hd{VeO=JKHoR=W>Qm6cA5x>-d7S|-e3i6<*e3^3$m^H>f&Z*NmzCqwS);|_rxZ@ za7;JC#ggs4z)6Y}tXpwUX6F*Xb{;s-qT=G&qf@JyHKk#iw^Pj)o0=NOI(WOYfI7qJ zIZ12&0?mCY8{M)nD;!WuAb8rda2$i4E&J!(bG00*Sk}E_0p?eushR*PA&3=pvtjiH zEKZm6#f7!Zme`^f?ma6UyRv>BBU=P>DOHtiJ#dB*_W>K;v=FoK@n`pA)nr6>_pN3o zdJ?vHPX>E4Z!E}_9K~9AIkMo)!LZV z?5rk@N>&j|v`RzD#Mt?D(`bCK)yHqKq!*W&wXrU1^V0(L^`Q32$tt0r=tt+6qlJu3 z+HjTyU*5|s4JE96>;5cWASqI^0d-xNwO>{CBu%IrJC-mxF@CQ;d|eQ3#-Nr=X63^E z-ngHIMMbl?S2vlRjTvh;YK?Gy%go_)-A&n!vk!#*l;lL#E6|>msNJ0I0A-CC^_e-P@w2cnV^TUdedQ6MUC{OY ztV~gNBC(S(6C*?B>ROmt(zC1m& zc@+NSA}d|QjTsr4QrbH^He;9iw^-;n?Vq&^rZ9WCjG38RFmqE^R=H9Db98fOS6{q| z%cbqpnVprHFjsR*Z)j-Z!X_@>CiIl5c+DmaXv3`Zq-rcEZJ@rjBb&4CRN6?%Z1%X` zl-ACWWHDz28}?%{S_F5zQff*P`)lGrW^blP@|ZKZzKoR&XwDAbOM7lpou&OcFlUE) z>{Xn4j%l5zf2FG8*`K3-VD_eZ%-FI?WGZvBmN7XIC&~>?Sc66lnJ2xw&80MfyoBDr z%39Q`n5n&Up%U!WBXwql1wXWAZeC4USlUA@B`%27DQ?O7{x&yV=97OT0k=FQ9PVZYk(c-q9ul`Av; zn|th7TI$cQcDCZgLSa*B`Vu6k(}VQxJUY|%sl#J4p?KVh^#}UVFMuAf^W#^@+=_lixhZC4%&b-xVT+WFO$K%Ou1)MA_5%=UK zuF(p8Y(g^hWx9CE$%3?sAQ#0#3igyNa*`Q=6;X=5`)MMMepbUC*G zS%ji!#hCmwAtwS6uTJ~`06+jqL_t&}L&7svh_looPgAmH_cGkjXH&)Ut%9os(L)WB08G(3P2H?oeWk z-&P&LU?MJ)8JknqKPd)HS&7d5Cn7vHf#UKFU}A0wEAndM#kp8596NmpFN0r``@S4@ zbhu@CS0t(UnhpK@n%H9A{-YR9Ay6{85p3=3p-;cXkrdiyYOc1@dXu~Mf%CQT^kpzv zp>+x(lGB%yN0qCi`gusFE!|2Bux4;ywK#?!~oC`2xWo~LrqA^>QyMyOM>>tI}}*Msn=MOcTFe?$EYcQg}v z!O^GJ7c%XokCB>^!Q4yh{prWm8(H@=ALWj5g>Bp*C6~FC^Vh(lTTQ&YaT-fDo`ZEj z4;t&k3twh1;69E*VUW>7_1>ius9mFm;NF))nGli~#dT&&m_)=+ZykyuNx_#Pcp+Cm zt%^Fd&2RY8eY+8n5}EpFKPfIAHl=HEqTy@{xfW!21d<{y%rR{>d(Yx;e942>H zIS~W$zG4U@J({rPr&E5@X_X%~GXV_0SUd}*H|4N?cD7FL;$rS0h$7{Ho7+Qr(@ z6>nP#H#D_GLHYt|65#z5DWmLUoSXEuP z1u95~bV+xElys+bH*8WslpQu)`+0)%k=pg z;fTR$(7_DpY~UMg{CvjF(?s=d9K{!K{qTodo&0za842h<*)L)5tQw16zGR`9pzzrUvv-kv?29aXK4$>o zEzLm?iK&^D$Ngc!=UiU9BZ-NL>3`qo{5TKkFjIwCu>6f^&KLY1uaTyrBc_S5^xGCE zMfY=Q`iE93IbnMOK5i8^~O^*kPRL+npT*d@#OdYVs)^kub`cb%p0x+f73M?oKE0vn<3o^y$3 zlU<~q9_lg9&d$)2A(DsSmnO8vnM~nL7( zeSM|)2kWwx(s)FB&8643wqP>KS!v~h-w`Xfc{mIBJmCun;;tvfo^=R@N8Bz$`{5RyeuI zlUa1F#qU6yD#NTlKc#4$`m^DSVoxff`n2`<66U>B3fM2St4n*dKG4fxK)< z$tGuC28;jW z7^3%KH>!!Yre0xe!Y3=iiJ2@(7<@hzzTyW!VE1GY zfWZ%L^Tq{LD-rp1@Yvfz8v?X;(l!$W!?Uz5>6D{UU-g23mcDFtebK_tI4YHuct|)7 z(n&)lfiL0}nSG6jSavrzo7@9&3nucA#E|w!v@ks8h_D&!9FsnF>=Lu6A?v8l*#@N4 zy3)Y>j@vv(zaq7KigwZ#q!(ho+%(qPM>#+L_;VQZAVR(^={MH+PiX~-~Z(`6qN@*`}A z>3i{D6-iT~`V~^MJWpe4(M6EBu1f}|S(~mI_YvGv&di|)HfEGts`(3^DhQwtKZ^du zUF{kvLFaqE(~?@%)r%0Lr?AP8n3B4lcxr(=L%n-vuj*NAt*KMAZE(&np)VW~RCkc8 zn=)B6^$mN&DhnH@FJci_!YF}Vo1+b_>Upl$74-|{T1&lKtjL3)J#?>{yoo@S^v@;@ zD$PAaH@DAR9`Am_NQRNTcR31b{5h}=YDHOewG2+x819;>L1GaILGRayu@E8J{-YQi zg)4>~|4hcl+?y2vA{ahF_q$OjQNs@umesQPUNg24a_RSI6Cx==#sPhDa$>nqO>I_v zgty2(hkGkT3w_T$3vvAOu=$v%Y^hE^?0I@}R!`;^b*lE2{9g^@YaQbmGg%gYkgSaY zCku;W$n`EgSAkL{OZ3;Rt9dU`V}NlI(DiVs(I$I)d&yJcPrENX6&X!sgu@9e;>Gny zDvR9|XV=%_ZMx3un>I?az{-vj*?719g!8Dw$utJ_byiJXc^>0>U` zi*XTXt(}QzD>gSlIOcLVGMTiX(sL$FEGTm?a<1B-Ok0e>Pi%@56@gmue=H8GCAA&z z*i-ARk>$c5OuL7YNA6N|`n`DR9#7w`;=q1!>HNPmQS;nYhDmf`qJOqfRvL2ss`yNH zafT{llwwj#77asfb@B1t$rkP^$u&a~4M_kK?gxikCf(n`)r=S^q-`({i8taR3#tNx z#17%mVjZ|atso@g=%Mv>gZDVY@!v^e6uG`$5fjl#8VcBx%Am?CGi5RGIeim_@w080 zkafB?{;W{t*BhJ1n2_rf_;9y5rc(s^qt@A9sI9{@coi*Cf?t0^{lRNX8T;BrI-g-? z-N;;lDn4@UGc~0W3Sx||PG_#RyL!bI8kXP}MJmO#(#e@wBG|A5zXnu$xS}mOm2xKU zUpZ1kIlbap=ojouyzW^lN$-l(s;IWMa-zE{f}==(X=L$EWI%=ODB^Td6Jg!MPH*zUG952Tkip=F0pvH zC5#+Mq1xRHs!SwNNCc8wTiF}+96*@%5-&0s;5GrA3Pu*}L^G}fE)5g|ftreEd zN-I5+zx8A&*go!G$r%C+RoWGV@&K$lvpEoz3p8DIN8zr%=qDB|)>&_M`n{d6u|PYR zEqnaL9v;a-*=dV+EdS=|$ge3^*>lh%t=XFZs+_cwEWSz3Ug@9sHT-T^EkBEltC-%ia#yK51m+R`;p)zk%Q&VLmR-l|+ z)9HSUdAtwk?`r=5qg!j~_g(@ZmUKO3mA`mmWZ5Oz3}*nc(9$KEWfv7$Ic5~lyx-q6 zi09jL;JxX>F~dcsE98cOAx?>xdj`)f=>Zo1KY$ zAL>})7<-OFpB*%ztGHhmEKSOnaeVn24AgY^!%|VINhn5Ly}UFY@`DLB_mgUowWgcq z@WG;+tNJMw%Gv(WecCA>wZ#Oj z+C-g3Cwy9y72HTlsATiNN2l6G+3&jlj@4S_eoUvfZ$$#e0UqjQNx#xawCjM)enVo| zx%^X73jd~cl!*kn0>HQ`IuuJ?hlaeA_B$b%)^0nKaY(@FGr$S(VKA2c2P>!JpCn*C zk%xt8Z=V3JC}RtYr2YGzOiAeR5T7qOH$slPZrGK6o2{@+?|p}{z4+|Ox0)q&cD;87ZES82SQWZzj4j!T=S?XoH$G44Jsif z%_JQ=(VyMicV3;yloC3AnOtgK`zZeDl(Qy`L5*z?2y_had&oB;=X@3}q;=mLC(j-MPT#K6oC)|p zI~2qW?cw2J2@ovKmK%fvjOY0s_~1IMKbxWUfvsO=eii8#U(o73-*5B-b`5MG1gMM- z2@S<4C%tuBn@hkece7)Cli@C%yJpGAMB0*$BczbIIKbuo<%iX2p)K-*?PqgMN5#w0 zC5whp9I2dOdEq2OTDi>qfx3qYp@P31JB?WpNVIptwxpSd{@wQxsMkXD;O_HU+vDTg z$ZTF#ClQF{&FW3r-`f^kpyZ=OM}5lcvK|=Wk@O)3_ER@kp}Qqg#ei_CryuFqqGnBnw<4v|L(^BYiSkTC)}Jq{T1t)?w=q*B zLanwy$oKW}qIhKq&g@cgZ|BGTcYAl1sL9r?Ee^Y+=sJ!n=u>z^#!F7KUR#Q_mlL>m4DI_8Sd-lK$o97IT z)!(5%A*14$q%U2db@e zi*tEzMV}ps+$0%NZx&ZmzbSxHy+?1Cepvsp23yy!a%;|dEF4>xr;xcNf@=>gcoT#M z&;uq~B%7>&F`Cs@E-j@Q5yu2dh%;7T9$a`|+5Ap84OH zql>p9ytajCUm(=#vM6m)e+-toI;PA}z8YN0q3gt}NUW8J`Z5jyfl@qGQiC=RuDQP( zO{%}t>9bXfVdS|I70bu%`ZSh)4XI&YpjDI<4s=ej^6(fQ%-z$y*qcn&G1E~FWWanA`M+mvNt{e8 z0sM}&!J!l&kPgRX76UkUW8!ArU;H_&XPMSvgA2okhu@^nCEXsZ%veskBdDwTr{|NA zvtZ0D-t=E|y!fV{Kb9(?JSIkpx3puS$7G?Ao^~tu2CcbU^5g|FdVk!8{5~Y6udx_W~N9VWC`IUCIBFXpuSc-(>2QS;%LS=RHi( zT@ksKlQ||rDl0#%v)gU^thRgmJCvw=t*bx-A?zT(Z9QXxGVPCWr<@@@jcXa)4Gazl z4MhaVF;Xct!N=~GeS|*GcZGm{hwc%Mdfuf+b*B?CWOlI}q5J=9Bvk08@+YlgRms5- zucLW3`4m1_wLYoDQ3&!9UUu?NX6;`{=jZ3++??L7OG-SCr^Ri_O%G5( zKk%;*+r0GE5c{t759R3VPd67s>t2Pn0~}Pj$i+Ow`EVAo3bHtRlSZ(9+-4`~1r!O` zRz$l5jX0ew^R8dE52tNsu=4CC+z zH(yWqshF>0m!0Z7&@|LulIo`TYPMujMjs9fgNxJH&BNAC2Fv(0O4M;w(YzTH1tKQ^ zfP2^y$Y2bmV?6J@n)y_1gB^?Sm#c~Ra^}>{u|7R?B7g$9$@-neV>&jDzt+SA-E2MV zF!pTYot!Zlw|oWo^XYq{4$^R!YX+k~!-9J+n{V87>8d{eA)R;Mc#k=Rpjo8Ndv!QR zYV*;d$izR;+Wv7u4uJ3P?wm)dYd`d5Vg5qNb-+gR%=R|;#sDt-N0*Wy*tfU}IVb`@ z0=k}kxy23Lai^>o>q6iIXPsD$V%vCiy>K5SKb-Pwk%{5Ptrdq#i!*m?qZ>k$dHdEd z2zKlwt*?|9`TWeC2PHyYrCE&Q>Tn9?L5E-F@Z{wFIr;MTivX%x)Lf3EEoX&>A-)m@ zR#4wm;pTjYYfRd&x0Fb%Rx_SF?-Ll~b@2b$eQN<2Yl)^OqJ231t(6hr$}EtPq|NoN zp&c*AAtZaMp|Vm$M5HrV6Yuapm2D9v-F9bkU;9k$5 zqqbY?IzZOIX3~q$b)5;xx_gA&E}sL0*kV9WAxusOz)O-N9Yq3yc~F@!Ru(}*zJF9} zuT(eT+&Su_FSbozLam;JJT39b-|K|&FoK*;9w|TH?EetGy>jMZXR4ts{J6qt5!p`P)06(a*iM{6Xzp#25s!#;|AserEJypf<7AVr+S7 zye_RDS&DyYLK1ay#ed@7-EJw?+EfyT8AwkQD^AE?6z2q--yT^d3%K%bfP!5(KuYpp*#nThibonju#uh;M+)PkTyy};D zeQPwcVrogc7l0a0lYKf*P_)p<+nWCEY-8UPrfsXdE9W8;QN~_cVvQ1gy!XYCQNZG5 zj2S?qlN?A;e=(u2EGuLyzSQ$~;a$u$;`1pCjSBEIVi499aACC<=$Zh~Llt$zUb=Hr%x{ZpE)cu+5oLp_}Z zis@mIgxpA{=gT7>SwE=(FksrEz-?MXg}IQp-&K9(r&m!?@!w8iJOP}G0W{&KvmoD7 z{?1K4ey2TOi?Iy9xF-c#WV?3eUzYMO-V7OS5qW8HvT3}PI43LDDqVBOZzXmZ>^19n z965^R6-(Y07tL4G(nOHJ*=`~Lh9=reS@2qCGrib$YWt5no4e0Xj}-5qY*yxLy-BZ} zrl09RtA1Kl?DNhWNDo}}0R+f%JtGCgLALH;=7cYPaWTy+56+%vRQ>p#tZ5R&!g!T; znaY1g(5!FLy~OX~o6bgt0zu|Re!@Ftk`1T7jF$W{8u4<%uK{XJ4Rg{D=A0f}#s1EO zS|(S6Cm%*PPQgdNNd&?<`ut33G4>9>PtTL81VuGKYO|iC+dSZ~D#El|zF~cxB$Lg? z^Z93gc)f>Sei%!EI8Hr`g&M=ZBcd}48v6Al3_d6N+v1ED?@=x>SF9$jeY9<5$|WnP zwdY<6skNH=4r{E4xwpRV2b8Y+>veEla}J)3`w@EEY^7dg#-Tt`c|%tJQ{_MnECh8^ zpZ;&Nb59r!QVc3B?v zL&2bR7)7sZdmuj69d7ta?CG?xI={5kQDL=`uB6cYmr=|9(Hv&~g{|?H{r#*WeTb5J zv^-oUlU5i5Vm}G>`5b6!T`bIFW8_eohSAu>Janp1@jOD&4Tk_N{SH9_R$3*`5AlkM z9swCKAnb5BOk$XfEP#so8<+39{XI+!@-daP&)%D2Qo*hMKLT;OL4sYO$%WB*{p0W< zEtdc}dhS^}|H~7+kEMzM4*(`euyqos-2A=0NJ|L z=NzAwf;7%c>ZT7Srcz{l-<-~P31`z?zY0pwHA?hLmpKm{BfPp}qH#ss7E=7paT_n*5SDYC;| zpr4q~k!&9>Op8vy@foGw=5H8KsY3qYgE9i@+IKa8Flk@a-htn67clAP>%aZ%)c-w2 zcrFC6RXz118+r6RRg>3rZCo#P4!(bv7!eLXm+i9oN4xzLg$7cwLMu0P?P%aI0;uF_8)gg2xzHqqhA&9v%5q}s$5nkV8UFA#QMZbq`^ zA4Y$QWA<-x0z-v=u$P7vWd!@47usY>#I zKE}ODhbj2BG6X<3EpD21<0~>&bWpaME)ZTceAgXDuvz7HPyrx+Al5)qqu|W@g2xGs z!hqEm!hE%Y0Ei2Qxl)L}{jSx0W1wMftF^?=KwS?Sr`1a}1LUbOXg{-I`&;!U^V&ed zCs~Et%xAsY2e3;>AJo77igN=|gY9 z16r-`q7b&4FUCx{?sp-_>F`F_l6V7<{Wh&hgzO+}gmf~Q(8(5cD~6nqZ8Z!P5lPsD z&)Fd%NMRI{KsUE!9%Eb5xHVZ|w3r9`YAfnb{n!?&PJ;tNK^I$>ozdU6+(Yf|mn)Vu zsuw^<#TnpYGtPP<(TQcE3EjOhgH^?9E3%qBp2&qa^w_87w4OylWXI3gaZuD%5gCzY z)MWR!&%pfpBeASUMI3I0ade~*gE_De@~MfHe4FtA+KM10#O*U~yGL7x{%k7sA>jz! zgOr_}Lw~!5BOCZW)9qw5>O-xCCq6BxH!E9-l7rFqhO8pL1&(vOWl%A=%GA4bp&1cX zUp}D;4vT(nTK?A1H}$rEx)*<_;gpP?8J=Xe3D*NFu7w8jbnn|*FX@t6`vkwSd)$$m z5f>`u*)-fCZG`Wm-9f;nqE&fWQRn9IoAJ(VMb`=R;E{nMWDG68_JR;?^0xs5dOGVt z%VOT-OgMdv(-yR@n(6RZaV6oxD*6I5eaj2%wtS|LK?;J~?O#{X^Oijse%rR^o2B7A zw&#`2UYKN&J_=FmoRO{q?}5UOzn46Zvds_aVdMfWEJeOct)B1c9EJ3$Xz!j@h_ znyvUlf~K2n(!1l%d5es$Rp~#t`v7Ame;UzOd&|wJdGCi`In#xO`DD6q+j6p>SXDFF znTQRHOl|xwrC$Q7A_J=5`sYR_n59u_A>glj5`%!C_zo0{ zRvQmBA^uq zSK^kT&r(S=OS*03k~Yw7b8t*XGf`Ik8m@_{qs<_mCLI7nkjRZk&FxC1F;qL=={k`H z70G95YPVyaqcanJgs4zj-%3nS}BL{&zA>#8B*z=zsf%mW`aLbxe0Oca@bTEz8 z<+J0~>Zw;7xfkJ5rbpH}hgLIt!Zc}{D$p307RDKAfJCxCODag%xOOj!VfnXSFqIRr z=Rt7ptb1y6jbScl9A-S7-^$&Y&t)$#sJ#GxvJQ1o(n(Zr!SLI{%0S0cVQquug~&82 zifC_cI>uxp&W&M9;74LYoPA`A4^T9AV3^tKHOTQ#B|f)% zKQb&4s`%1~(^lU=0HFo=O2|I<+j!ea7^AYWj8L#N^ik8LQz8*#c1fBCW>)7P#ZCtX zvMe%R5K8w8oCZ2{Jb$NO5>TWDemP#r%@yh`@Bdrr(u2D!D<2qITf4Nhlp|gulJBL* zn{wvf1Jk$~Im}A=#%Q?|7U5u=;HT@6baU-W1Gzc>ldzuyq&Es!F<954e&xKAMqLAFT{sMa|yL#ig^{xM0vlIDH~0?@Gna0L2LS}dt3jqaBP)p95^Sva47 zSZfzh?S(A~G6<919$d|Ip;Ok1RcQmf-mb2d>=60bm=t;oan$7b16z?src}faen{e- z!;`XzYe0z3mYR;c=~C6m=HdDAprm3W5YLb<4sj0Y?RWle7zQ#Z%KPrT_hHwwf){hN za$qN?+KnhBmFG|QtQBn{R#9Ir%4{5| z4u~leeibmgE z0s#b-NCz2E_yQYt$LoHv<$%^Y2Uxh{XwGpo3fSCl7Kwcg;fih3{*5l5rX!^@j#1xm)?x*Q(h4kVHGRGuwDPZV(WO6{!bOQQK2rBGJDY3BG`S8p2 z&={*b#KJ7HFkM$h$0d$Hj6(*+qWOeU@Td+U?8Vp$lJ2XjaQYrfHD4a zJG1nInM#MpH3Kkm&?j3(h8C4&ak(v9iLN(RaIt?HzAg1X#;m**W*G*4aZMvK3r^h< zbliy$ErsMobbMUrf|*95dy{HNwoh%p^E)LgnPrPa1Z=&Ruc|gtD7$s3r1zS1(&4>5 zKUaBDuv%!_sRlF1m7~;Hj3tUnosMg@(WKgC&2w*MbcP}V@=rM(QTZq?3FJdi+s57W z7HCD(W*aQiZ^8ujvl|EpBxp3vq+mp)BgVr*wb4W1(MZ%2XQxJRbmm4zIyyMV2Z@aV zPSq@-sT+SFOu(SP#nJ=ws^)I~XXn|}e~<|3N~HKGi)&yfs;Ab@u>3&`Q8S zFYUrXru0vx*HKPj0BjmWBp9Br^B?5X`7{v!DDXR|2>3Oucpw`zI~AXVxIM{tX2D$5 zA7%PP)8k{^KLQ@!Kvues@;c|E4Az_YL?)eBJd6j?Z3pjv=far`(A&OHZ{hHJWyKTk ze@Dod#UX9AR9H0?-o3eUEwsyV$h#^DJy14W&#R@Te6}8D(%E0w}FCwj8kNsKmU| zU-!^gpv`#T2XXSpZ>gAQM%M>3mUHFAbc%S#@B3f(_!)CN`~nQ*Cd`%0!wQsQt{KI1 z)|6jfUczSRsHyYWol+hL|Lxfa7|RQ%@lH{=su!(f(G?5n!2@9+8gz5rq2!|<35co# z$zUP(}&lIE6uf`hSI97MW-5BmkG;;Srgrr0E!2c6{rw?iI$I%iNAKlogdKgZu4N zmq$gY@5A`4=6ZGhbGhzwPfri>Rd(%l6VX5U(2OA?E87iE>Xp^IHXL8BUCV)dJX{BO z%`bwwe@Wm-D!LH&sMj(dHq1h{p5NnHj7-%`k1cvJ~9vpmh!$43Hz z`-6f0K8BWR>~baky7BPr)V)A98XCCT?aa?P?5T{+fTlRWUBU4^=p7h1oT=_@e@S)q zANzOvn-RCRw&?h4qI19(Tc6C?lS-d!w=(PFw}ET#`+~S9c|Qkk7?#TUD5tzo`@0O- zvQ8KVVW_?b$o!k9+6`JFeiwOGze`LkEF9$Mnm9)&5zZm`;r3=)PT0rC>p74;5O&=T zR7v+LaJUk4-x`c*4TWB$UW?>j@r{gB@DoziNfj8M`w0FulS%o6*XaBd`0r|ef77>| zv-bjixi54m6Aykj{Bapg@JczRI<4zz$UiIeRozbAO+aAU-{{+dA z437`heIR6azc8a#3@d2S)F9%I3Vl7y_lhw%+1$(UuRj1Tt~$)1#Y+`b)c)Vw4pq_U z^!%jRkPrmG0}b<5XIvWHd;tt9BRlBY?k|7Rc!y611Cj9<*t+QkNxz*-#}$;`5kBGC zy_FXsSKdhkFUF-L>gej~cF)XcoHqFRqs7`5W^Wy~^)N*PXO=LM8>!uX6BlaSOZ#pG6!Ogqr}8>q#JV7Vu|;qN)O{qrCI+b+QpK zuem!Q3cmr=0?6J53khM{%6q*9>P8dnd6q3`l#3DLn=U#WcNLuuXHkjyU3zUho(o*v zmKtoOfwYEb%+p*2sKWLBbv{ruS&?tY>J*n?|)xLC|(B|b&an2E?kgYkZ5HrjBpgoQeK(u6CV3BQSGL2)Gy*%At z4qE{7l&r)}SvlGv59gBx*F+-t`SEsOp~m7G_r8Nlv%bFm?COdMvoEvs8GAYEm;JEK37c^zqX#xl`#V-7br146NAO|JGPBwZ|unM^l)*!_NqW&KV7 z9UF>pTR60Q&= zel9q?rKoB2S&btiex9Jt&9leWQd+9p=vPtITTHgH7T4p|sNXsFIlwJfyL)^do}-r5 zYA8Su{I{Ei5bLbNS{xE%2~F%UF5PBC|9)!9D;0;dU=95I7%9ivqO=33%ih zh8nz+y#s)KAvz0Qto~$fGI&05s+amTyPgYcd#aG>p;HsAaN+d_(8$g-B4ICDAn!n6 zfi{8AZWss>&e|SwzB$k{H`l7!;eFJ3=%9cj?q!s*g z)D$=$BD8)0&KJGh)9ukhZv6gKVbn#sNsS#~tY&SX8*PKeZo5ZEQO5)>BQo+2l=Q6< z@Sp44PGcFwNs*&|vEMYE;om(5V1@knAtff}&mJm*)RB;YV@a5swMI5wriPbCr@1YG z>$Z4f3+O2x=L7W=?Uj)@TAgQp*OQ2|*>(34!QmR=<&XblQYqrNY=vtG>EeVjp(3>?_zj;06uuz&Wa!~t*VbPc}enmWNfIZWO5Y3gz1c|5H5N>&tY}N3y-!%!5Y|F0jF$$Gf|85I~NOj^kY7w9?Yj=HUzg%9A*E-^D*+j^pq9ddmR!_MqAZ|4Th}R>C`EgxbTySzKmJtCt7KZuZX-Q?`BX96OX}gUOeL;$e z>Hm(HFAL}(A%m^uqj}GL|3bL}yE z3Py(D>r{aP^?sRg%coiJ#d9W?bz+wnIoVs)dMcg8 z^3`y!x>Ap6nyCMr3;DGbgmG1`i)T>H=SX1C{aY6Yhw6)_h800KtJJ-0?_UcCkToV9 zXkgxeeN6v?y_`S;6@*4w&Y^6x{T}Bw5mB8Ky8i*60k-bq_BObo!8LRPAgGr!sFyI- zMJl>zYi+I7XHL#fEF1Q;#Uo+^o4#5`@u*NUw;c@4!qGF}-Vlth*Q`IKL-l~zR~9sS z*55CKNty94fW<}M@m2!@K^hl4c^yBWDhqE!nE95xBXjZz69Em4)pr2|x?lB^n-R3xGwmw4`bCX%?^kuV?De%RP<8nDAbh6Q4gI?GOfZ&Q zb3lvqIDm6EJZXMH3k;%*u-A8?Br7bb$r6d_&1znE)zDk&8B>v%Pf7cq-WzBAH+LP# z&_HI{%Y(O~_WRdO%>VgcYdv;AS)v81n^9nCMe0vqnK=LFg|?Scp>l=ana<{WJ;qkbw`QMG}dl- zj)2mgV7^!^e%5X^qBn_iY*3pqxacaU>eufr5Ps<%{a&kz$aiy!`}_G!nyO&;^rPyp zF#V8!r&V|*Z~F{M)gXc=6HrrOk|L}^5FBfn zWy1e4Kj>i84a(JQ7@iD$2`92&LGx;&QdeBMi(PWT^Hg2()u)s(*mLV zqAtlRNixP0CJ(MJetx7CJ)W#W9;+sluEYV63U5nSuF$?Lt~4Y+mRs6bL321_HTmzg zOJe^@4oZ@85m!C4d}^{&UEz|G2G?3mW40?My1VzKYbWFPba$ildmL)nmz{IHzD#ET zmeDq(i=Z0jzgMFR@_l~~20TL9CVZW3=i=&z2f|NUfk9>bn~$gM-GZ#wxo$$L zZQ!Sr-HG|B9hL`9{pA{5#+!7h9DToI2d&4b$mWpT0SbFs4tPVK>j|pHM5fGuLoJrI zyOi+3-@m(422FXa5)hK!zu37}cjgaHeXu|CjS3E@;OFPSiK#BNj!d<4td^4cLcwC# z1m)pVZYY3kd>H!Pg_j4+`>xLVajk#bvC)keX}_DuIPz!DP}fs=8a5HH9Xhuyb=TzZ z`#&}-4%cFD=!n+iF50!^LG~;f~V&PUKnPmyU+TVov(|tS?hH&i#s<)|<0G z-=JPrRFr;>{&45cLw`Ie%r?iews$U*H<%vf{q#P|URfc9(e8SZ*X$>M)@M}i{I9ZC zsQMwH0eYycjr_Z_9rn*iW=Sd?8LaY1^l>Ull=cT#ux8ybE;sLr3>vaalRTB!F-W8x+m(j$vTEX>ywNau&y9y}TuyvLtt`I(^}Z%D7!#$!~Cd^6?X~h_5ptt_#VT|lExE8MW}W+{p+ptp}(4N3VnmU5yW^o_PMgU zPTIHC)~C8`$w9xWzrJX5KV-@QHpKPWXkJ$GWoO2b$7KU$vO02YlQcxi&&S;Wb77yS z(w5X@GtOvtBSH<{bbFJ^qLj07Ir=(^@j7x{j}bi^)$4S2tZO?Q&uCNqt)|o`_R33Y zi2>T~9=$}wD=Ar%+E(!Hw)RvEz9Xu%xrizU2mEx!W}pW%MdjI{(OuI{wL+^q@oxFx zBW9*=1XETJ*nsn0o`s(D@Son|++cfp1~{OF$Ii}K+$aF9GG_DD`2hqaI*b|2=YRU< z)$2i#T|0~E5o53ygVUzootM3i(FC)Z4Wip0&N2tEPj;NipHG@HODHE5p2%IHRR~eb z8#B0MM$Hywl4qO{F#Pt13!AT9K5F}k8_u`#r+acm(#^dY5sN4EoTD9Ufp=kJ27@@T zt~kY^xE&)5n+s8U}%1Na=lknEMAjyN~Nm{I%TGp zY9k+Ch?Vt^uo6#A1ZjSYbGsJJ?tUV%awZH_Qtb516zWOyva|@jjYySsXqwO6f2ZW! z+!{mQ3t?<*ltr|nG<>>UgL5c zSQ1e8;bYSAutk&Ml;MVyYJsZTZO~X?M`3QIlO2vBNqKkgykzV7dDMk&J^n&X%GvRa zzf2RO%R@~74$ZS+28%;{E7Q3X#BP1@#VRJvyJ7rqPt_>$_so{EtwW~P)-MRs@bKre z10D2Q6~qhFBsS`5GLmX{4{nH9YFHEB#`P$88Ku1-v)abC*7>!j=HD0>_``QsGC|6X zPcE0g4bLszqPt6_P?gAcWh7)u3^#hWm&B+*SZ{URkR2U4cn#Io_x7mLybr=wqpXFn zRQvA*bHqnPpiI@)PuA(v(uw-MFL1h$;|g#o^UPUMNui!l6Mg;LJEXU7GRNu|Sn;#1 z(k1?O;ICwIYGY`_ZrLC6m=vZ0p(W7Gl1yV`6S5W_t-B4=*T1cORX>Nqet)wT!Vt1? zxxZHU+cyns?Qm#89R@`#CSg?Mbz?o!+)v}+fzZ9ktA5m;MyL4AkZPIeX!|+nLrpEN zVyv9y?z#WTh977LkprH)>RkKeZYPR_?ueL35|x#8eaDPdUY@A8kznL|Z%Lj~urr=b zdAbD3Gt-t?=t5j3)~srIcuTNXfx!1%SK{-zQ2$Z~>y_1x$w1lPnV>6@l}yfZNtms2 z&f&2^AlHwNfK`MGWBEw^|2gVpT+ABs$sa^jW*L57oNjDT_&}arW6}*|7&++Jyb+Ry z!4TZ;26wG0(=neaFhtaTeK=ATSu+9hb`Fc{z${#a_z=0IvWwzJZGI^X8_%-FJWK-? zn6w3mzqV4W>@A5VC%cDYseHP4)Tr8-qVJYx*v~AzlS>0!_TImV40inr6J<~m9T0`l zIAUjyaNnjnH}Jh7_34%HDl)QZDjhpcRHVCFT3Za&ADc(fg~v5(LXq1jzH$g zV=*^-V^bh;rj_V&u4!2Ia}{A=h&GFWF-?ZIcTD%oaAXda_Nma4+-w!rrPfz$Zd<8P zF1Z~9X{-?Pid}{jE!K3LxJT*1(C<4YkL{)#y+czQic+E(tL;J(!wG@K`RImc1XsLfTwJ1t2nV#@osuec55$ z(A^iDl?xIV;)gIE@cu6zJa<)j?}G43dk2gG6V*VOa7=@MW+C|Z1VpxhKpoin3$Q!%XR^*vCsKoPaqxd zXUEev-+*u|)jy}Ar{z&O-@*$JY?iU7@F2RsI^t?kZGJr2_Qm#Tx4N;l#||KFN|_w5 z7M`Dpqps7-#ZB~RuX>aSi_?q5~h`y9n6Im8|20@jZzfc z*(t)quRTP)tg01n-N>bB&uG9BO$p=hn~Ck)5MSw&$@?#!^AwDX$o-o2cOp_g;Ozz4 zaT)<4F2cJmI<>{)Ptav=qlXshh!bb)&n|AH<34v)eq?=UHr?HboMnFBGcbZx?$GqK zwl4n0k&%kpI{b{n}LZb zv>s`+n7JH#76yW2{ssxfMSBS;YOegZM@D=)JrCJrQnK zz8*=FooyFyrk}?MTXj2Or=q-wZpCAN!lb{1+P&vzuy%41+D<9Gx&DDxKlYqtkH!6Q zCa9x?Qa*xNMVLp1#k9hwq6_@y4W;WV7JybS7X>dL>W_B{=e=trXXWdD&8Y9Y$EI|w zC}?T1K5AZ{E!{jPUu-DjkC@+DDAJl3b+lV*jKTjge8In&79oh*fGh9IBU@KwDo>fu zTIy6O+TM-yZAKlZ>6L3PGaFeY?jH<^lc$XPPy`0mmL4)6&UIJP!jnnQcD#>cB4wmB z%PS=JI+MFI*;(3qk%7^zvn9XGw{3SC@Ga(g&-pIkXE5?h8L}^rp7h?M&$N)@ zE99>cQsk)X>jy}n{V!~_T59_USOK+6nChHEC*(c9;b?Yn?UJ4dxol9h_``Ex|Hsc) zgkktT2EIt}z6jjVX>IkwN`>Ej^!iH}hw|Ia1LmEs^x9ws>uDK7(&vBqJ*WU6-WHJa z2YfL^o6vs?iaa}ATQjl~da&)p9#b-iSjU>ozeo z6)GBraI@z$1*)&aZB|eU@gjd~e%E)zZK!O5U}j<7O}B&uW`2ZbelaYjGqm3wqu`<@ zMx5X&|@Ys3i>FJcZ9aTRh6n>*XH% z>*FEq_h7E>yUB>4$BQPXwr*NUDC?K@Bt4%)-$~47uBx%Cyg#`qm^U z2%64J{_W;h$ETNT3(Kl={smFW-i%0z#dN3rfy^-6>|-NZdm;g69IL`v%9&bRDYU%+ z;!OE|pf)JrVV!=k@}ty90hFY!%_KGS4@RwA(;6uRG~2+Ca>4VbPSc1jhwSnZRn3|QVepneC5fd&U}MZ zd&MWsi9#iEX8N~?#VJLf-q%KaGcrqsgr&x$RD9i)nWb5v(dGxk-IPB-Zxy0@>-K+? z`5ik(bPN|w_}C?}Q$kNkd8?z|A^xxk#HnQ@W|NP4h$HV$Pt(KZk zr2hE$n|YLs_S1H0^@(sJ->)xbgyebl9Qcp5jkj4+?^W;OUww7Jx)%4PfS{2G-~)Xo z38IaEqL)&P-%rM=SMRx;EE6O!cY|NfBG-2I1D4Sp*&7rM1mPS<>zlVoKkJl3MCu{1|-{oU6 zB~YnZRiPmdqHbv^|2nZPct33D1CYca)7xC+)YAr&&{879d)-WVT-_bx9j)AxCNe!> z9&#UbmYc#)EDJY`{W^-wYztqn7?r5`csx;L?46vaADfgHn^M8?OH$50{`og%(NYl? zoXfXt7#?+=WIf9H0TRu3FP20`KQ133oy9#Z6J#40cb;=%EiTNJCL@ZRVM>94R)W*l z^uwk1rej8~e}TrsOz-)|4bN8EhSru;%O4dhp0W%TDV4Y7tXj-hNl5mIoE|?1zi}yy zQwii@d;eh;>rqIGBXJ*^m(Ur_+FNr^$>)v1dc(<)OFh&G9~~8x#xvOFdJ!XP6!&qD z5Q9d?oH0(I0QV!pRki3WwYy5n`cRTNMeae#r(Z`|52!zdz6+(l-<@ly6@AOPEg&hnU?h)I2RMVxspW zYKHe$%2J=z002FUntPZUaITD?%|$xNhQT}OR0N{jnB1ne0NR*UrSrK6R+Cm`n}(00 zg%U~s0=KL*CSp6M&(VO3SC#_>6!4hm$I0P?<5_EN_0018-epij*L9&VJ_z$Er$3nwUQK z2lzy_cG>@l^}mo+JdWS6*>h6+3qIEu?7;_+#$;VDPZQGuHq9g^ef5;x(V4w=^NffA zXw-ZRR@&Oi8lI6+4yN7*1=QLA8({d1Z3~{nt}!Hdhb70T&6n4sBV`BnS-ym2#J&3r z<0vq#tKyq`-SKY zIczq6OdP#T7L9t1ZMojms zY&V^ZtO6h=ZY&OBEI|kQ)+YTK2d@D(D%rqAzm=Y9RSZ1RsH4B07gp zamhPppqCQC{wqpK(ZemoM_Y+(Ku-Xrfnxp7mFL_T957Tsb3<@djc^X@k)*o+)pi^Q zL@}caq1ZaIqv15h#y!!2FpCq#?cpsGh*O0HeWX|Kt>>oiH|e9LkEB$lS@FgPy2#vr zj{72e^$AY0y{jCTknZ>`A%PHI@!f;hNdhr_6sYQ#xKm*r2qh(DIK57L(%`{ro2M%$ zknt+yssX@791cI(@1A!vl4fULJ>Fb9bS0QV)~8s(-?cc3&G=HuA8#a4zAmC%XMnK| zcN7^Zq7$bqh9Lh>VP_fE^>AE~dZMk{nw}`G2~+%TZ2@Z7j?47_ zUcBTH12X}CeWgz4v$Lh|j(XnYuG+)U+{zxE`O3Kuc4@}QuQc|6!BenWmzp4=qSrxQ zE#q<6c1HHcnNQLoE3(mUFq8^1e5P|;Hej={O#^X99_iy;tj={nS6DKo9dbU{_mT<@FB zY|z57A55lB$pen|cNXl8G}Z+saRH`3ALD@LS1^wE$j!3Ej*{=6_rg zHVD-HtdA_6W$}{Jv8wNx6`GIAEf;dlEq=WC{f%9^6zDn1@|9zGlRQ2oCG65yJYlx0 z+D9`yYZ4V*u>n@70z=wkSjBZN%cJWH~2i{Eko(i_u z-!>3(m>TP(O7_om^o2anQC=O~vfJH=N2APRIOoq7M}B*lBDaSSyfytynmb}_y(+ua z3{88B_r2Ihd8ri|=JqF$tSLMeKA9FYzE_j^BWfIceN=m{Y@)wKQ`g)KopFiuWW5V5 zOa5J^+-FJMlfMUR1A9WUT0u)E^S?TW`bkwAtGbst&;&z#yWiWBdu%@Lgb>=x&3Wr9wGM`-1=8qc>XF8CohL;>Wx=) zJwpnmaXI$rjhH}>VRFmF4vq|T6ddi#zYn`MGFulMvXzbrK*Ovbf)*3)Q*Bz}G%2G` z0z$DJANw-+aBBAe*HUh46!vgACK@*h-l|BC*yVQt^D&m~i2_fGN!=$Y{asyc(zdux zaw*7y33YxkCVZYP5Bt?N>AluU1`V_Cs- znft9xjk1{GyHb*vM@ASwn?Lq+=}uM+G{fAP$k7{$Mxp@ z-Il-er6j+$+hX^O!3Pd*c@7S9Jv|xo_Je$7V;agWcBNke{SSqU`(8@U_mZt|H3yzG zO&%YJuFHCXcJCDkx01{cX!p?4&l2SCBFPMoQAvwJy1YdfxG#D;;!c&sLQV(y+Mpiq zEMMD2_OlN5y6FZCZN{d*$qzBURcyIka;a1JyX$RvXYYJvPtjMV4CjS1qCENtE>X68 zp(yj9zUCVN-P!k+zT&}c+08=5&>RBd8K_I&KU@`Xo*|Q8R7iT=~mBt8#AhVOUUcy*0Y3B9$ML_ z_uRK|C~v=@W|8*8%M?9j=cLQeahdG88{j_T&n~#Z9)`58B27tGo>mPBIgn&-v|pJ}PaHGoeP_YdF{i^-MxNHT-1` z0=bosdeoABBh(xeJd@z;d8Eh`EXe!5|s;e zu>@OBt%-{vAubD!9C^8)HNb)rf@r-?c6oOh@JZG6aknkbs>%W&VEh0ek`A%u-mFiK z=zO6t;5u1IQWohh1r}Gn!!=7AuMT})M3)j807Kve6(iXJKb>2%q2s%mx;h$^MDg+L z;CIJZ0+1D!zksNeos%=*)!n0wcSU!6xEq=)f7bi!S>*AFoMhz$t1=wC8;jbe5#WS5 zIwwSfrmE``+20U5LuOq)Uq2vcP?lDM``gtH1OVj0q5y-skb0fAnigNDWqV%QTLI5e zsi!qsIvUjK0R}}TG3JGTMP$Ir1KhOJ*)%358JRf`FPp(TMMVi)ZH>P5$JrYzbs9I< z%}tAo@9-`Uj-(Ve7P0{9llW3|xmBGsgkNgLyxEb#ZxJh5O(G(7c11yje(fM;12N)T zqpOW2@d)cXoNzGs=&egR43C8NubJx+?L=YRte_!^*&G%YdW8R_uv!8{YJWDQq1}b3 zrd?VayuT_c4P6}=NbizC!?^vFb8`YjJ=4X%!HPu+rWA{W3X!jJv~ZY+4#LCWEx2!h+Zg zP%>m1OYk5+(oA;NM!Z}yHR}U2^L{W4mn7Db>*UgD^`YQM_v~9OhyP zAq8h7JLSm^^&ds1hY>2Nsw(Oz!NGUm-Jqr}Vl5DeA$sJE6F^tE-t;CHmJiGjTAlG0 z*?Wk?=#18PmexEo&E<=u3I}wb<1O=yFRBeLkCTf5Pyz$Np54^rKu=VdeGa*A@X>#K zB0p+uMEdG?zz@_?a+Z4&% z<#Wj|v(+~wP#p?84d>FCVTbo-9p9TlNs_ci%-L|O9A;k*Y|d*lK=T`M1qUm9tvNA5 z6%6^Tfno4~n3fq9>FY0*tjP;G%FzH}Rh-e{p!r1lX>u+GS7M}kzby>-BahF@%5v3G z2v@{#-86Ope>sprq8UAGYKTr+U9$I^z^`+ET8<4)!EP{ubz6)Y#HGg`s3{a+Kd& z1y0UYK1j4t*xMgtehODzetp9N0Cr}H5KoVkj0#HE0o0xhr8*b?mMw;KU%xE z|CNIU)Q6m}wt*4bU2?;80idhbu+syhVPM30flp?TFqk7wGErFdriA#-umVO&2l#5Z z+4c47aP4DN=3=Q_qDL|~D%8_Ig})B;yjywXcz%oIAS6bn8VsFx_0?#(Y1uQIn6dvr zFyxA+_~--zVzEU5P%WFNXx*%e&M#Jj3tp^(LJluH3s1=?CMTSXlum#pRY09ei0*y3 zZJ24feGj-5tT1mNPJR|f?KV*n)8Ic`$xAjB_lfN}AZ7kL-N4TixMU0!mlis&CJxBx z)icMzuf154@MNz%6g4Q9=*}mmhxaug?(w6F+l?%ft~L_lL}NgyXDiWyf`arS_Mlt0 zZhhi%V4(qat@s=@Uh}d7md%u~%VQ=%n+{Tg5wg_2HFUbJY-DmW1#0q;AeNjt0Ro{` zyldp>Xz)GS?rSXX4xrQ4b?$}@{C>icC5VIn2<0!{e|BBXogf6!#}4!=&6&;UgpD6} z&IJpC0kc7tm&BfCxFaY?4sa)3lJg;jA&p-1ZF={FbaQGXpt z)piwCPH#%))zVJ!mWOD!))M_jHJOGs1FKh-V1K{d0dTo?-n7u5+eVPj#K%PQsy%39 zuxnnhfHw0~RF}FRY0go@J42Q;ez#VYgwn>M#IG-_`oeca$BdH@VcGTh_U9d%WPe zf?WP#Yw?rOk^vA$<dotWQ=QVh*zqTnVDB>D#RS9H>Q;qR|QuV-P`cz(~a*a584np(fH!# zI<=IvA+9aGAuVI0(gUTU2nu2xsyBa=1gXy`cu>ca&Y2g2P`}MpJU=^o%i7wSkepnl zJ@`o8N0~IEZ!W@EJ5}x+2mwtxo@fjOq;leUflEY{6ZMYA>!SoKReHwpVJwW|uF-(6 zOkNFG0k_hCtK}>?RkICF#l^gkbX6~gJ+Q?I=9Z8A+=m2w4&t@L1qJjP0Qt9Ase$S# zxAKcwE}pW1_&?AblT%Ym1|y$w0gf0$3C!$Ae1pyH7?34EUZRUu((3@C3-6B@B&Jo5 z4pKclJUjr3s2XRT-gw|*4S;(KYilO1BF~Sv^rP4_Te@&*508$N;hA7oJz^7Q9HTf) zS6{P6s9ohJBM-|A&8?f42n2~|m__dX`4daSZ(LIyUL5Wkh^6&DgeYb8a%<`{;BZV) zUOwVW(*^(hurJ1{A2|UfGx^in8|r+;gel+v&Ov$sY>d?PlDk|EY*fsqmoYv8BmN!C za+B&K1k|S;pLynYz4d&G(>89S3{#wyyPEdJIWQ>v;r7hLd!f;lP2EV;*7kNegB6P) zP-RH2&IDLTeBA@gd9rduMz~_CBlLP$@wNd~R8&AZwN`}OUMd-fPc!94$(M!g#k#~{ z1aMbmH--{p$8=HlIkFuR%wQKm!~=?oijvnaAhXj4W_VzA4EVk3t-rGU>ksRB5Y`}U zJUqoIt`4&Gf(TQN@~NMOTA%^Jhl>l3#U=mHa;J>r^@R$M(4jn#F&TM>8`tl@564+K zulCx6#l^*mmUVWZkT4s8)ax^G41+QWKy1~MCvnfOy2Zyv(4hxVY2nq@?SL@T^;~Vg z^S{hIa>G>f=FHHG>uPofIKbVB>U`@EbpHnWbUE2C8l4adhX!0H3=}yc63Dw3Ta7^G zb$TpsBRVS3Tbt;GlPJ!sQ~B$b&y9Gpx+8m%cm33-dyxQY&+`jCBzsQEz`$@KZaKa& zbOW_Z!fJv+ZF6omQ-xDKr(jW-t+Y_n9*q86Dl}d1flC0lq+u7?xyLRvrv#SM-9mc_ z*)OFpF49FDQ#3@C-4$^vzO(eRR_x;qJra}Too?tyQ`7sw3k7jAU&pyjRCHWLQF9F> zbcG-6fXKt#6uR~9Q#X%kxyB*)C~}GDlYq_|`xu^fT^sTg7)lQCO9#jgpwBZunqLB% zYN;-?%;+*PQ2a;EIB^o_2o~LT3KKfjte2#3VSzM@b9rB;GY%F#J)$@e!Ett8UA?1t zl1riswrKmG=7X?3!J0;gaKHFbK|o$e=hBygn*bZ9zS zTG|tV%u3WrVj}-lI z(ykqu=ROOaf_Ev7zD)RqE4K*Pxw?}YrsBB`^_YG>vbl9H5X+0gD=EAQ+ykA|V!Kb& z`pjKn6kBLva{sZE?kD4;;a^hvTz0UyCNH;dovrI`!o+-DQjY@m z9-=Dl$B`@Uz9jW3tBN$jCAM}*Tj|Z7iubdlhjBlWHO^&IQUpo~v=VI{+@mejc}E=C z6dD(!Bc>bdyc~_+vtDUJE-?hR+$}TWYr~|^!cs<+RwBO-4r(Z!zoWzo|ek3y$vpaAg--o!+3n zll;aF{>mc&iH&Wg6UYYYWkX(m0T7xm4<>g+y=$ca{3yjNnE#02u@<2#IwC2c0@md_ z;sp?qZa+U-yHZP}obyH?)P8}~nn{-0tto%lEMEv{es45j_^|M2mg(14H;{#ew+#TP zx@8sUyu7>t2W-_-q2=6fgBWmJnb2V|-!RqtXgzYAKXdWLIzTmEkodZPNb&Rnk*wzw zmr%vm_SMxv%5f3t*=AvFnYqr%iVn_S5*u;#(umBXn|ib8xR=&;VG-auO6GKkP4*B_ z#Gg#qNypWa5P>V678p~t(L3F1JtB zsLRH!%2lPcgwy&yf_EIE>3DtU(Mvo^^@NH}hh`V`XKd!O(rPLQf{|5GED~w68rz=o z<}f}S9j@$C*B=_q$VL@;vioKy_pHz7U-dnE65VNDb$YqBn<_Ae|6q2N7#D*o{e6dN z4b=ghYn$&(0Y$xdF%0NjF)LvPhO@Ae9FH_NEGS_OpgAGF)|~9bMBK;=-DJL%5X#IH zW=g7gpZk#M5JbLnpFBX)V7uV-XcTez_n@~H@m<8hVfFp^LT%RlCr@|8&0@FC`}b=n z58)a`@cF49uPv6-vkw+r?V{gOi<#!;F07Hs*%=y3Bx(r=+ikcXx-JX3VH9KX^FTXJ zNa|<)o7V9;<$s}p)wdnsXvMq|4G__Q?}0w$&OSA<6^KG>ch^;6jFKWWEB}~6QC<#C z4qe~dTtHz7$6gN03EgtL4|8)Q49T}QFbK|vdwF@0GT);H zG&A@v+1J+pi51%;K~A4i^psT@In)nH1zfnGqY_{S^1*w~1L~2pmDq!KsnJo?uWh-w z$xQc!)M8*F*r5Q_YcsE8#`4cj-$rbl@2;*Iy$6qP=+5BOjl-}QuSxZv_p!xD+{U~p zc}(zJOn9Tq@LYeDQ3RL_j$;My;*(%@&=62!QGU`+yOaiR^sDQgKOmiO!zn8(%aZc3 z$DR+Dlas3eB%he58LO}gFTy6Ep5+@jQgYr#)Vn{Hnw;q}eU)outitEXUEDR?f1{*l znw#(w^IaBUDjrpw3q#YSJ?N9`p%_qOf7+G9J1JB$Mu%M@BY~lK2;z1%r~ut2qZ0S+ zt*v@K)Sce3S>h_e9~GzbB##8)AW}78LdWfL9L9`_fb`20C#M6wf+GxU0w*UY=^OPk z0rky49v(P20G>u`1dcYtuOCm*1P&64_F7w8`LVI4HimTZ|7#f_Q}t8}m8g2ZMa%09 z0-^~QP1ss~I18}hB+$mkC|j=5yjs5SXhh(mXdJtwum98QCj``f{P4@c!9jkrA!zIW zKFS0v72c3JdtQm{{#*R~_bGYk4cmOQui_Bd^&!-MdH=Ue;`x7HUWLv6^!xfh>0ONx gS997xY$qDK#^UMI-<|n4v4EetvW`;KL))nT1Cb*69{>OV literal 0 HcmV?d00001 diff --git a/website/source/guides/dynamic-secrets.html.md b/website/source/guides/dynamic-secrets.html.md new file mode 100644 index 000000000000..b18f5e1f80cb --- /dev/null +++ b/website/source/guides/dynamic-secrets.html.md @@ -0,0 +1,299 @@ +--- +layout: "guides" +page_title: "Secret as a Service - Guides" +sidebar_current: "guides-dynamic-secrets" +description: |- + Vault can dynamically generate secrets on-demand for some systems. +--- + +# Secret as a Service: Dynamic Secrets + +Vault can generate secrets on-demand for some systems. For example, when an app +needs to access an Amazon S3 bucket, it asks Vault for AWS credentials. Vault +will generate an AWS credential granting permissions to access the S3 bucket. In +addition, Vault will automatically revoke this credential after the TTL is +expired. + +The [Getting Started](/intro/getting-started/dynamic-secrets.html) guide walks +you through the generation of dynamic AWS credentials. + +## Reference Material + +- [Getting Started - Dynamic Secrets](/intro/getting-started/dynamic-secrets.html) +- [Database Backends](/docs/secrets/databases/index.html) +- [Role API](/api/secret/databases/index.html#create-role) + +## Estimated Time to Complete + +10 minutes + +## Challenge + +Data protection is a top priority which means that the database credential +rotation is a critical part of the effort. Each role has a different set of +permissions granted to access the database. When the system is constantly under +attack by hackers, continuous credential rotation becomes necessary and needs to +be automated. + + +## Solution + +The application asks Vault for database credential rather than setting them as +environment variables. The administrator specifies the TTL for database +credentials to enforce the validity of the secret. + +![Dynamic Secret Workflow](assets/images/vault-dynamic-secrets.png) + +## Prerequisites + +To perform the tasks described in this guide, you need to have a Vault +environment. You can follow the [Getting Started][getting-started] guide to +[install Vault][install-vault]. Alternatively, if you are familiar with +[Vagrant](https://www.vagrantup.com/), you can spin up a +[HashiStack](https://github.com/hashicorp/vault-guides/tree/master/provision/hashistack/vagrant) +virtual machine. + +Make sure that your Vault server has been [initialized and unsealed][initialize]. + +[getting-started]: /intro/getting-started/install.html +[install-vault]: /intro/getting-started/install.html +[initialize]: /intro/getting-started/deploy.html + +## Steps + +In this guide, you are going to configure PostgreSQL secret backend, and create +a read-only database role. The Vault generated PostgreSQL credentials will only +have read permission. + +1. [Mount the database secret backend](#step1) +2. [Configure the PostgreSQL backend](#step2) +3. [Create a role](#step3) +4. [Generate PostgreSQL credentials](#step4) + + +### Step 1: Mount the database secret backend + +As most of the secret backends, the [database backend](/docs/secrets/databases/index.html) +must be mounted. + +#### CLI command + +```shell +vault mount database +``` + +#### API call using cURL + +```text +$ curl -X POST -H "X-Vault-Token: $VAULT_TOKEN" -d @postgres.json \ + $VAULT_ADDR/v1/sys/mounts/database + +$ cat postgres.json + +{ + "type": "database", + "description": "Database secret backend" +} +``` + + +### Step 2: Configure the PostgreSQL backend + +The PostgreSQL backend needs to be configured with valid credentials. It is very +common to give Vault the **root** credentials and let Vault manage the auditing +and lifecycle credentials; it's much better than having one person manage the +credentials. + +#### CLI command + +**Example:** + +```shell +vault write database/config/postgresql plugin_name=postgresql-database-plugin \ + allowed_roles=readonly connection_url=postgresql://root:rootpassword@localhost:5432/myapp +``` + +#### API call using cURL + +**Example:** + +```text +$ curl -X POST -H "X-Vault-Token: $VAULT_TOKEN" -d @postgres-config.json \ + $VAULT_ADDR/v1/database/config/postgresql + +$ cat postgres-config.json +{ + "plugin_name": "postgresql-database-plugin", + "allowed_roles": "readonly", + "connection_url": "postgresql://root:rootpassword@localhost:5432/myapp" +} +``` + +### Step 3: Create a role + +In Step 2, you configured the PostgreSQL backend by passing **`readonly`** role +as an allowed member. The next step is to define this `readonly` role. A role is +a logical name that maps to a policy used to generate credentials. + +-> Vault does not know what kind of PostgreSQL users you want to create. So, +supply the information in SQL to create desired users. + +**Example:** `readonly.sql` + +```plaintext +CREATE ROLE "{{name}}" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}'; +GRANT SELECT ON ALL TABLES IN SCHEMA public TO "{{name}}"; +``` + +The values within the `{{}}` will be filled in by Vault. Notice that +**`VALID_UNTIL`** clause. This tells PostgreSQL to revoke the credentials even +if Vault is offline or unable to communicate with it. + + +#### CLI command + +**Example:** + +```plaintext +vault write database/roles/readonly db_name=postgresql creation_statements=@readonly.SQL \ + default_ttl=1h max_ttl=24h +``` + +The above command creates a role named, `readonly` with default TTL of 1 +hour, and max TTL of the credential is set to 24 hours. The `readonly.sql` +statement is passed as the role creation statement. + +#### API call using cURL + +**Example:** + +```text +$ curl -X POST -H "X-Vault-Token: $VAULT_TOKEN" -d @role-payload.json \ + $VAULT_ADDR/v1/database/roles/readonly + +$ cat role-payload.JSON + +{ + "db_name": "postgres", + "creation_statements": "CREATE ROLE '{{name}}' WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}'; + GRANT SELECT ON ALL TABLES IN SCHEMA public TO '{{name}}';", + "default_ttl": "1h", + "max_ttl": "24h" +} +``` + +The `db_name`, `creation_statements`, `default_ttl`, and `max_ttl` are set in the `role-payload.json`. + + +### Step 4: Generate PostgreSQL credentials + +To generate a new set of PostgreSQL credentials, simply **read** from the `readonly` role endpoint. + +**NOTE:** Typically, an administrator performs [Step 1](#step1) through +[Step3](step3). In order for the client app to get the database credentials +from Vault, the client's policy must include the following: + +```text +path "database/creds/readonly" { + capabilities = ["read"] +} +``` + +#### CLI command + +```shell +vault read database/creds/readonly + +Key Value +--- ----- +lease_id database/creds/readonly/4b5c6e82-df88-0dec-c0cb-f07eee8f0329 +lease_duration 1h0m0s +lease_renewable true +password A1a-4urzp0wu92r5s1q0 +username v-token-readonly-9x3qrw452wwz4w6421xt-1515625519 +``` + +#### API call using cURL + +```plaintext +curl -X GET -H "X-Vault-Token: $VAULT_TOKEN" $VAULT_ADDR/v1/database/creds/readonly | jq + +{ + "request_id": "e0e5a6c1-5e69-5cf3-c9d2-020af192de36", + "lease_id": "database/creds/readonly/7aa462ab-98cb-fdcb-b226-f0a0d37644cc", + "renewable": true, + "lease_duration": 3600, + "data": { + "password": "A1a-2680ut032xqt16tq", + "username": "v-token-readonly-6s4su6z93472x0r2787t-1515625742" + }, + "wrap_info": null, + "warnings": null, + "auth": null +} +``` + +### Validation + +(1) Generate a new set of credentials. + +```plaintext +vault read database/creds/readonly + +Key Value +--- ----- +lease_id database/creds/readonly/3e8174da-6ca0-143b-aa8c-4c238aa02809 +lease_duration 1h0m0s +lease_renewable true +password A1a-w2xv2zsq4r5ru940 +username v-token-readonly-48rt0t36sxp4wy81x8x1-1515627434 +``` + +The generated username is `v-token-readonly-48rt0t36sxp4wy81x8x1-1515627434`. + +(2) Connect to the postgres as an admin user, and run the following psql commands. + +```plaintext +$ psql -U postgres + +postgres > \du + List of roles + Role name | Attributes | Member of +--------------------------------------------------+------------------------------------------------------------+----------- + postgres | Superuser, Create role, Create DB, Replication, Bypass RLS | {} + v-token-readonly-48rt0t36sxp4wy81x8x1-1515627434 | Password valid until 2018-01-11 00:37:14+00 | {} + +postgres > \q + ``` + +The `\du` command lists all users. You should be able to verify that the username generated by Vault exists. + +(3) Renew the lease for this credential by passing its **`lease_id`**. + +```plaintext +vault renew database/creds/readonly/3e8174da-6ca0-143b-aa8c-4c238aa02809 + +Key Value +--- ----- +lease_id database/creds/readonly/3e8174da-6ca0-143b-aa8c-4c238aa02809 +lease_duration 1h0m0s +lease_renewable true +``` + +The lease duration is back to 1 hour. + +(4) Revoke the generated credentials. + +```plaintext +vault revoke database/creds/readonly/3e8174da-6ca0-143b-aa8c-4c238aa02809 +``` + +**NOTE:** If you run the command with **`-prefix=true`** flag, it revokes all +secrets under `database/creds/readonly`. + +Now, when you check the list of users in PostgreSQL, none of the Vault generated +user name exists. + + + +## Next steps diff --git a/website/source/layouts/guides.erb b/website/source/layouts/guides.erb index 51fd1d2b58eb..ff770387e4ee 100644 --- a/website/source/layouts/guides.erb +++ b/website/source/layouts/guides.erb @@ -10,6 +10,10 @@ Securing Secrets + > + Secret as a Service + + > Cubbyhole Response Wrapping From 246202746aeb45d0b1be3765a66a790f9dc6c206 Mon Sep 17 00:00:00 2001 From: Yoko Hyakuna Date: Tue, 16 Jan 2018 17:16:20 -0800 Subject: [PATCH 005/178] WIP - new guides --- website/source/guides/dynamic-secrets.html.md | 24 +- website/source/guides/lease.html.md | 704 ++++++++++++++++++ website/source/guides/static-secrets.html.md | 14 +- website/source/layouts/guides.erb | 4 + 4 files changed, 735 insertions(+), 11 deletions(-) create mode 100644 website/source/guides/lease.html.md diff --git a/website/source/guides/dynamic-secrets.html.md b/website/source/guides/dynamic-secrets.html.md index b18f5e1f80cb..41f753f50a8e 100644 --- a/website/source/guides/dynamic-secrets.html.md +++ b/website/source/guides/dynamic-secrets.html.md @@ -39,11 +39,17 @@ be automated. ## Solution The application asks Vault for database credential rather than setting them as -environment variables. The administrator specifies the TTL for database -credentials to enforce the validity of the secret. +environment variables. The administrator specifies the TTL of the database +credentials to enforce its validity so that they are automatically revoked when +they are no longer used. ![Dynamic Secret Workflow](assets/images/vault-dynamic-secrets.png) +Each app instance can get unique credentials that they don't have to share. By +making those credentials to be short-lived, you reduced the change of the secret +to being compromised. If an app was compromised, the credentials used by the app +can be revoked rather than changing more global set of credentials. + ## Prerequisites To perform the tasks described in this guide, you need to have a Vault @@ -70,6 +76,7 @@ have read permission. 3. [Create a role](#step3) 4. [Generate PostgreSQL credentials](#step4) +Be sure to follow the [Validation](#validation) to test the outcomes. ### Step 1: Mount the database secret backend @@ -213,6 +220,11 @@ password A1a-4urzp0wu92r5s1q0 username v-token-readonly-9x3qrw452wwz4w6421xt-1515625519 ``` +**NOTE:** Re-run the command and notice that Vault returns a different set of +credentials each time. This means that each app instance can acquire a unique +set of credentials. + + #### API call using cURL ```plaintext @@ -280,8 +292,6 @@ lease_duration 1h0m0s lease_renewable true ``` -The lease duration is back to 1 hour. - (4) Revoke the generated credentials. ```plaintext @@ -295,5 +305,9 @@ Now, when you check the list of users in PostgreSQL, none of the Vault generated user name exists. - ## Next steps + +This guide discussed how to generate credentials on-demand so that the access +credentials no longer need to be written to disk. Next, learn about the +[Tokens and Leases](/guides/lease.html) so that you can control the lifecycle of +those credentials. diff --git a/website/source/guides/lease.html.md b/website/source/guides/lease.html.md new file mode 100644 index 000000000000..600e80c4397b --- /dev/null +++ b/website/source/guides/lease.html.md @@ -0,0 +1,704 @@ +--- +layout: "guides" +page_title: "Tokens and Leases - Guides" +sidebar_current: "guides-lease" +description: |- + Tokens are the core method for authentication within Vault. For every + authentication token and dynamic secret, Vault creates a lease + containing information such as a duration, renewability, and more. + Understanding the lifecycle of lease means understanding the lifecycle of + tokens on some sense. +--- + +# Tokens and Leases + +Almost everything in Vault has an associated lease, and when the lease is +expired, the secret is revoked. Tokens are not an exception. Every non-root +token has a time-to-live (TTL) associated with it. When a token expires and it's +not renewed, the token automatically gets revoked. + +## Lease Hierarchy + +When a new token or secret is created, it is a child of the creator. If the +parent is revoked or expires, so do all its children regardless of their own +leases. A child may be a token, secret, or authentication created by a parent. A +parent is almost always a **token**. + +Suppose a hierarchy exists with respective TTL as follow: + + b519c6aa... (3h) + 6a2cf3e7... (4h) + 1d3fd4b2... (1h) + 794b6f2f... (2h) + +In this scenario, the lease ID of `1d3fd4b2..` will expire in an hour. If a +token or secret with a lease is not renewed before the lease expires, it will be +revoked by the Vault server. When it's revoked, it takes its child +(`794b6f2f...`) although the child has one more hour before it expires. Then, +two hours later, `b519c6aa...` will be revoked and takes its child +(`6a2cf3e7...`) with it. + + +## Reference Material + +- The [Validation](/guides/dynamic-secrets.html#validation) section of the +[Secret as a Service](/guides/dynamic-secrets.html) guide demonstrated lease +renewal and revocation +- [Tokens documentation](/docs/concepts/tokens.html) +- [Token Auth Backend HTTP API](/api/auth/token/index.html) +- [Lease, Renew, and Revoke](/docs/concepts/lease.html) + +## Estimated Time to Complete + +10 minutes + +## Challenge + +Consider the following scenarios: + +- Currently, there is no **break glass** procedure available +- Credentials for externals systems (e.g. AWS, MySQL) are shared +- Need a temporal access to database in a specific scenario + +## Solution + +Vault has built-in support for secret revocation. Vault can revoke not only +single secret, but also a tree of secrets. For example, Vault can revoke all +secrets read by a specific user or all secrets of a specific type. Revocation +assists in key rolling as well as locking down systems in the case of an +intrusion. This also allows for organizations to plan and train for various +"break glass" procedures. + +## Prerequisites + +To perform the tasks described in this guide, you need to have a Vault +environment. You can follow the [Getting Started][getting-started] guide to +[install Vault][install-vault]. Alternatively, if you are familiar with +[Vagrant](https://www.vagrantup.com/), you can spin up a +[HashiStack](https://github.com/hashicorp/vault-guides/tree/master/provision/hashistack/vagrant) +virtual machine. + +Make sure that your Vault server has been [initialized and unsealed][initialize]. + +[getting-started]: /intro/getting-started/install.html +[install-vault]: /intro/getting-started/install.html +[initialize]: /intro/getting-started/deploy.html + +## Steps + +Tokens are the core methods for authentication within Vault. Tokens can be used +directly or dynamically generated by the auth backends. Regardless, the clients +need valid tokens to interact with Vault. + +This guide demonstrates the lifecycle of tokens. + +1. [Read token backend configuration](#step1) +2. [Create short-live tokens](#step2) +3. [Create tokens with use limit](#step3) +4. [Periodic tokens](#step4) +5. [Orphan tokens](#step5) +6. [Revoke tokens](#step6) + + +### Step 1: Read token backend configuration + +When you create leases with no specific TTL values, the default value applies +to the lease. + +```shell +vault auth -methods + +Path Type Accessor Default TTL Max TTL Replication Behavior Description +approle/ approle auth_approle_53f0fb08 system system replicated +github/ github auth_github_b770f4c8 system system replicated +token/ token auth_token_2ad69043 system system replicated token based credentials +userpass/ userpass auth_userpass_d326d2f9 system system replicated +``` + +The system max TTL is **32 days**, but you can override it to be longer or +shorter in Vault's configuration file. + +Another option is to tune the mount configuration to override the system +defaults by calling the **`/sys/mounts//tune`** endpoint (e.g. +`/sys/mounts/database/tune`). For the auth backend system configuration, call +**`/sys/auth//tune`** endpoint. See the [Reference Content](#reference) +for more detail. + +#### CLI command + +Read the default TTL settings for **token** auth backend: + +```shell +vault read sys/auth/token/tune + +Key Value +--- ----- +default_lease_ttl 2764800 +force_no_cache false +max_lease_ttl 2764800 +``` + +#### API call using cURL + +Read the default TTL settings for **token** auth backend: + +```plaintext +$ curl -X GET -H "X-Vault-Token: $VAULT_TOKEN" $VAULT_ADDR/v1/sys/auth/token/tune | jq +{ + "default_lease_ttl": 2764800, + "max_lease_ttl": 2764800, + "force_no_cache": false, + "request_id": "630fd49d-f704-540f-0641-41516087654f", + "lease_id": "", + "renewable": false, + "lease_duration": 0, + "data": { + "default_lease_ttl": 2764800, + "force_no_cache": false, + "max_lease_ttl": 2764800 + }, + "wrap_info": null, + "warnings": null, + "auth": null +} +``` + +-> **NOTE:** The returned TTL value is in seconds (2764800 seconds = 32 days). + +### Step 2: Create short-live tokens + +Create a new token with TTL of 30 seconds. + +#### CLI command + +```shell +$ vault token-create -ttl=30s +Key Value +--- ----- +token 7544266f-3ec9-81a6-d504-e258b89de862 +token_accessor 59aae2f1-2e97-6ebb-f925-8a97cf5a9942 +token_duration 30s +token_renewable true +token_policies [root] + +$ VAULT_TOKEN=3b2b1285-844b-4b40-6afa-623f39c1b738 vault token-lookup +Key Value +--- ----- +accessor 2b2b5b83-7f22-fecd-03f0-4e25bf64da11 +creation_time 1515702047 +creation_ttl 30 +display_name token +expire_time 2018-01-11T20:21:17.900969673Z +explicit_max_ttl 0 +id 3b2b1285-844b-4b40-6afa-623f39c1b738 +issue_time 2018-01-11T20:20:47.90096937Z +meta +num_uses 0 +orphan false +path auth/token/create +policies [root] +renewable true +ttl 8 +``` + +**NOTE:** The `vault token-lookup` command returns the token's properties. +In this example, it shows that this token has 8 more seconds before it expires. + +When you execute a vault command using the new token immediately following its +creation, it should work. Wait for 30 seconds and try again. It returns +**`Code: 403. Errors:`** which indicates a forbidden API call due to expired +token usage. + + +You can **renew** the token's TTL as long as the token has not expired, yet. + +```shell +vault token-renew +``` + +If you want to renew and extend the token's TTL, pass the desired extension: + +```shell +vault token-renew +``` + +The extension value can be an integer number of seconds (e.g. 3600) or a string +duration (e.g. "1h"). + + +#### API call using cURL + +```plaintext +curl -X POST -H "X-Vault-Token: $VAULT_TOKEN" -d '{"ttl": "30s"}' \ + $VAULT_ADDR/v1/auth/token/create | jq + +{ + ... + "auth": { + "client_token": "f7d88963-1aba-64d7-11a0-9282ae7681d0", + "accessor": "c0a40d94-b814-e46f-7e56-ee18fccdf1b6", + "policies": [ + "root" + ], + "metadata": null, + "lease_duration": 30, + "renewable": true + } +} +``` + +#### Verification + +```plaintext +curl -X GET -H "X-Vault-Token: f7d88963-1aba-64d7-11a0-9282ae7681d0" \ + $VAULT_ADDR/v1/auth/token/lookup-self | jq + +{ + ... + "data": { + "accessor": "a54fea3f-6c09-d288-ede5-53288569f988", + "creation_time": 1515702669, + "creation_ttl": 30, + ... + "renewable": true, + "ttl": 14 + }, + ... +} +``` + +When you invoke the API using the new token immediately following its +creation, it should work. Wait for 30 seconds and try again. It returns +**`Code: 403. Errors:`** which indicates a forbidden API call due to expired +token usage. + +#### Renew the token: + +```plaintext +$ curl -X POST -H "X-Vault-Token: $VAULT_TOKEN" $VAULT_ADDR/v1/auth/token/renew/ | jq + +$ curl -X POST -H "X-Vault-Token: $VAULT_TOKEN" -d '{"increment": "3600"}' \ + $VAULT_ADDR/v1/auth/token/renew/ | jq +``` + +-> **NOTE:** Tokens can be renewed as long as its life hasn't reached its max +TTL. For example, if the token's TTL is 1 hour and max TTL is 24 hours, you can +renew the token up to 24 hours from its creation time. Once 24 hours past from +the token's creation time, it gets revoked by Vault. For a long running +processes, this may introduce complexity. In such case, use [periodic tokens](#step4). + + +### Step 3: Create tokens with use limit + +In addition to TTL and max TTL, tokens may be limited to a number of uses. Use +limit tokens expire at the end of their last use regardless of their remaining +TTLs. On the same note, use limit tokens expire at the end of their TTLs +regardless of their remaining uses. + +To create tokens with use limit, simply set the number of use when you +create them. + +#### CLI command + +Create a token with `-use-limit` property argument. + +**Example:** + +```shell +vault token-create -policy=default -use-limit=2 + +Key Value +--- ----- +token bd39178e-176e-cc91-3930-94f7b0194de5 +token_accessor a230f5ab-b59f-db0b-855d-36ea4319b58e +token_duration 768h0m0s +token_renewable true +token_policies [default] +``` + +This creates a token with _default_ policy with use limit of 2. + +#### Verification + +```shell +$ VAULT_TOKEN=bd39178e-176e-cc91-3930-94f7b0194de5 vault token-lookup + +Key Value +--- ----- +accessor a230f5ab-b59f-db0b-855d-36ea4319b58e +creation_time 1515710251 +creation_ttl 2764800 +display_name token +expire_time 2018-02-12T22:37:31.715486503Z +explicit_max_ttl 0 +id bd39178e-176e-cc91-3930-94f7b0194de5 +issue_time 2018-01-11T22:37:31.715486221Z +meta +num_uses 1 +orphan false +path auth/token/create +policies [default] +renewable true +ttl 2764769 + + +$ VAULT_TOKEN=bd39178e-176e-cc91-3930-94f7b0194de5 vault write cubbyhole/token \ + value=bd39178e-176e-cc91-3930-94f7b0194de5 + +Success! Data written to: cubbyhole/token + + +$ VAULT_TOKEN=bd39178e-176e-cc91-3930-94f7b0194de5 vault read cubbyhole/token +Error reading cubbyhole/token: Error making API request. + +URL: GET http://127.0.0.1:8200/v1/cubbyhole/token +Code: 403. Errors: + +* permission denied +``` + +First command read the token properties, and then wrote a value to cubbyhole +secret backend. This exhausted the use limit of 2 for this token. Therefore, +the attempt to read the secret from cubbyhole failed. + + +#### API call using cURL + +Set the `num_uses` property in the request payload. + +```plaintext +curl -X POST -H "X-Vault-Token: $VAULT_TOKEN" -d '{ "policies": ["default"], "num_uses":2 }' \ + $VAULT_ADDR/v1/auth/token/create | jq + +{ + "request_id": "0e98ff80-2825-7f50-6522-b6f95d596ef4", + "lease_id": "", + "renewable": false, + "lease_duration": 0, + "data": null, + "wrap_info": null, + "warnings": null, + "auth": { + "client_token": "d9c2f2e5-6b8a-4021-476c-ebd3f166d668", + "accessor": "4dd5ef0d-8515-c3ae-ea49-016c3e9eb968", + "policies": [ + "default" + ], + "metadata": null, + "lease_duration": 2764800, + "renewable": true + } +} +``` + +This creates a token with _default_ policy with use limit of 2. + +#### Verification + +```plaintext +$ curl -X GET -H "X-Vault-Token: d9c2f2e5-6b8a-4021-476c-ebd3f166d668" \ + $VAULT_ADDR/v1/auth/token/lookup-self | jq +{ + "request_id": "77be1321-c0ca-e099-6f92-4ad87133b044", + "lease_id": "", + "renewable": false, + "lease_duration": 0, + "data": { + "accessor": "4dd5ef0d-8515-c3ae-ea49-016c3e9eb968", + "creation_time": 1515711922, + "creation_ttl": 2764800, + "display_name": "token", + "expire_time": "2018-02-12T23:05:22.746137253Z", + "explicit_max_ttl": 0, + "id": "d9c2f2e5-6b8a-4021-476c-ebd3f166d668", + "issue_time": "2018-01-11T23:05:22.746136892Z", + "meta": null, + "num_uses": 1, + ... +} + +$ curl -X POST -H "X-Vault-Token: d9c2f2e5-6b8a-4021-476c-ebd3f166d668" \ + -d '{ "value": "d9c2f2e5-6b8a-4021-476c-ebd3f166d668" }' $VAULT_ADDR/v1/cubbyhole/token + + +$ curl -X GET -H "X-Vault-Token: d9c2f2e5-6b8a-4021-476c-ebd3f166d668" $VAULT_ADDR/v1/cubbyhole/token | jq + +{ + "errors": [ + "permission denied" + ] +} +``` + +First command read the token properties, and then wrote a value to cubbyhole +secret backend. This exhausted the use limit of 2 for this token. Therefore, +the attempt to read the secret from cubbyhole failed. + + + +### Step 4: Periodic tokens + +Root or sudo users have the ability to generate **periodic tokens**. Periodic +tokens have a TTL, but no max TTL; therefore, it may live for an infinite +duration of time so long as they are renewed within their TTL. This is useful +for long-running services that cannot handle regenerating a token. + +#### CLI command + +First, create a token role with a specific `period`. When you set `period`, tokens +created for this role will have no max TTL. Instead, the `period` becomes the +token renewal period. This value can be an integer value in seconds (e.g. +2764800) or a string duration (e.g. 72h). + +```shell +vault write auth/token/roles/ allowed_policies="" period= +``` + +**Example:** + +```shell +vault write auth/token/roles/zabbix allowed_policies="zabbix-pol, default" period="24h" +``` + +Now, generate a token: + +```shell +vault token-create -role=zabbix + +Key Value +--- ----- +token de91ebba-20ad-18ba-fa43-08e1932de301 +token_accessor 1f8abad0-c1db-9399-15ee-dd4b6230386c +token_duration 24h0m0s +token_renewable true +token_policies [default zabbix-pol] +``` + + +#### API call using cURL + +First, create a token role by setting `period`. When you set `period`, tokens +created for this role will have no max TTL. Instead, the `period` becomes the +token renewal period. This value can be an integer value in seconds (e.g. +2764800) or a string duration (e.g. 72h). + +**Example:** + +```plaintext +$ curl -X POST -H "X-Vault-Token: $VAULT_TOKEN" -d @token-role.json \ + $VAULT_ADDR/v1/auth/token/roles/zabbix + +$ cat token-role.json + +{ + "allowed_policies": [ + "default", + "zabbix-pol" + ], + "period": "24h" +} +``` + +This creates a token role named `zabbix` with `default` and `zabbix-pol` +policies attached. Also, its renewal period is set to 24 hours. + +Now, generate a token: + +```plaintext +curl -X POST -H "X-Vault-Token: $VAULT_TOKEN" $VAULT_ADDR/v1/auth/token/create/zabbix | jq + +{ + ... + "auth": { + "client_token": "a59c0d41-8df7-ba8e-477e-9bfb394f28a0", + "accessor": "c2023006-ce8d-532b-136f-330223ccf464", + "policies": [ + "default", + "zabbix-pol" + ], + "metadata": null, + "lease_duration": 86400, + "renewable": true, + "entity_id": "" + } +``` + +-> Generated tokens are renewable indefinitely for as long as it gets renewed +before its lease duration expires. The token renew command was covered in +[Step 2](#step2). + + +#### Periodic Tokens with AppRole + +It probably makes better sense to create **AppRole** periodic tokens since we +are talking about long-running apps need to be able to renew its token +indefinitely. To create AppRole periodic tokens, create your AppRole role with +`period` specified. + +**Example:** + +```plaintext +vault write auth/approle/role/jenkins policies="dev-pol,devops-pol" period="72h" +``` + +Or + +```plaintext +$ curl -X POST -H "X-Vault-Token:$VAULT_TOKEN" -d @payload.json \ + $VAULT_ADDR/v1/auth/approle/role/jenkins + +$ cat payload.json +{ + "allowed_policies": [ + "dev-pol", + "devops-pol" + ], + "period": "72h" +} +``` + +For more details about AppRole, refer to [Authentication - AppRole guide](/guides/authentication.html). + + + +### Step 5: Orphan tokens + +Root or sudo users have the ability to generate **orphan** tokens. Orphan tokens +are **not** children of their parent; therefore, it does not expire when their +parent does. + +**NOTE:** Orphan tokens still expire when their own max TTL is reached. + +#### CLI command + +```shell +vault token-create -orphan +``` + +#### API call using cURL + +```plaintext +$ curl -X POST -H "X-Vault-Token:$VAULT_TOKEN" -d '{ "no_parent": true }' \ + $VAULT_ADDR/v1/auth/token/create-orphan | jq +``` + + +### Step 6: Revoke tokens + +Revoking a token and all its children. + +#### CLI command + +To revoke a specific token: + +```shell +vault token-revoke +``` + +To revoke all tokens under a specific path: + +```shell +vault token-revoke -prefix +``` + +**Example:** + +```shell +# Revoke a specific token +$ vault token-revoke eeaf890e-4b0f-a687-4190-c75b1d6d70bc + +# Revoke all secrets for database auth backend +$ vault token-revoke -prefix database/creds + +# Revoke all tokens +$ vault token-revoke -prefix auth/token/create +``` + + +#### API call using cURL + +To revoke a specific token, call `/auth/token/revoke` endpoint. If you want to revoke tokens/secrets under a specific path, call `/sys/leases/revoke-prefix/`. + + +**Example:** + +```shell + +# Revoke a specific token +$ curl -X POST -H "X-Vault-Token:$VAULT_TOKEN" -d '{ "token": "eeaf890e-4b0f-a687-4190-c75b1d6d70bc" }' \ + $VAULT_ADDR/v1/auth/token/revoke + +# Revoke all secrets for database auth backend +$ curl -X POST -H "X-Vault-Token:$VAULT_TOKEN" $VAULT_ADDR/v1/sys/leases/revoke-prefix/database/creds + +# Revoke all tokens +$ curl -X POST -H "X-Vault-Token:$VAULT_TOKEN" $VAULT_ADDR/v1/sys/leases/revoke-prefix/auth/token/create +``` + + +## Reference Content + +It is important to understand the lease configuration to avoid having your +secret leases expiring earlier than you expected. + +#### 1. Determine the TTLs specific to the mount + +```shell +$ vault mounts + +Path Type Accessor Plugin Default TTL Max TTL Force No Cache Replication Behavior Seal Wrap Description +cubbyhole/ cubbyhole cubbyhole_36021b8e n/a n/a n/a false local false per-token private secret storage +database/ database database_e21b9b4f n/a system system false replicated false +identity/ identity identity_035fe03b n/a n/a n/a false replicated false identity store +pki/ pki pki_9ae09eb3 n/a system system false replicated false +secret/ kv kv_2e59ba96 n/a system system false replicated false key/value secret storage +ssh/ ssh ssh_ea06b9bb n/a system system false replicated false +sys/ system system_f5b5ecac n/a n/a n/a false replicated false system endpoints used for control, policy and debugging +transit/ transit transit_07fc2df9 n/a system system false replicated false +``` + +#### 2. Tune the system TTLs + +Override the global defaults by specifying `default_lease_ttl` and +`max_lease_ttl` to meet your requirements. + +**Example:** + +```shell +$ vault write sys/mounts/database/tune default_lease_ttl="8640" +``` + +Or + +```plaintext +$ curl -X POST -H "X-Vault-Token:$VAULT_TOKEN" -d `{ "max_lease_ttl": 129600}`\ + $VAULT_ADDR/v1/sys/mounts/database/tune +``` + +#### 3. Check the role specific TTLs + +Depending on the backend, there may be more specific TTLs configured (e.g. +roles, groups, users) as you have done so in [Step 4](#step4). + +```shell +$ vault read auth/token/roles/zabbix + +Key Value +--- ----- +allowed_policies [default zabbix-pol] +disallowed_policies [] +explicit_max_ttl 0 +name zabbix +orphan false +path_suffix +period 86400 +renewable true +``` + + + + + + + +## Next steps diff --git a/website/source/guides/static-secrets.html.md b/website/source/guides/static-secrets.html.md index 1eb0f22850d4..2941fc4ef5f3 100644 --- a/website/source/guides/static-secrets.html.md +++ b/website/source/guides/static-secrets.html.md @@ -1,14 +1,14 @@ --- layout: "guides" -page_title: "Securing Secrets - Guides" -sidebar_current: "guides-foundation-static-secrets" +page_title: "Static Secrets - Guides" +sidebar_current: "guides-static-secrets" description: |- Vault supports generating new unseal keys as well as rotating the underlying encryption keys. This guide covers rekeying and rotating Vault's encryption keys. --- -# Securing secrets +# Static Secrets Vault can be used to store any secrets in a secure manner. The secrets may be SSL certificates and keys for your organization's domain, credentials to connect @@ -45,9 +45,11 @@ securely. ## Solution Leverage Vault as a centralized secret storage to secure any sensitive -information. Vault encrypts these secrets prior to writing them to persistent -storage, so gaining access to the raw storage isn't enough to access your -secrets. +information. Vault encrypts these secrets using 256-bit AES in GCM mode with a +randomly generated nonce prior to writing them to its persistent storage. The +storage backend never sees the unencrypted value, so gaining access to the raw +storage isn't enough to access your secrets. + ## Prerequisites diff --git a/website/source/layouts/guides.erb b/website/source/layouts/guides.erb index ff770387e4ee..d165f9d7efcc 100644 --- a/website/source/layouts/guides.erb +++ b/website/source/layouts/guides.erb @@ -14,6 +14,10 @@ Secret as a Service + > + Tokens and Leases + + > Cubbyhole Response Wrapping From 93601bb7868eb3ea43d2cb0fd359a900af7dc257 Mon Sep 17 00:00:00 2001 From: Yoko Hyakuna Date: Wed, 17 Jan 2018 17:39:21 -0800 Subject: [PATCH 006/178] WIP - new guides --- .../source/assets/images/vault-approle.png | Bin 0 -> 75023 bytes .../assets/images/vault-dynamic-secrets.png | Bin 58337 -> 35895 bytes website/source/guides/architecture.html.md | 28 -- website/source/guides/authentication.html.md | 70 ++-- website/source/guides/cubbyhole.html.md | 33 +- website/source/guides/dynamic-secrets.html.md | 63 ++- website/source/guides/lease.html.md | 29 +- website/source/guides/policies.html.md | 362 ++++++++++++++++++ website/source/guides/static-secrets.html.md | 75 +++- website/source/layouts/guides.erb | 11 +- 10 files changed, 567 insertions(+), 104 deletions(-) create mode 100644 website/source/assets/images/vault-approle.png delete mode 100644 website/source/guides/architecture.html.md create mode 100644 website/source/guides/policies.html.md diff --git a/website/source/assets/images/vault-approle.png b/website/source/assets/images/vault-approle.png new file mode 100644 index 0000000000000000000000000000000000000000..9298e7fbd67314e17f1812fad0fa0410aae804c0 GIT binary patch literal 75023 zcmZ_0byys2lRZpe5+Jx+aCf)h?!n!ITX47F?(XjH!8O1DgG+FCcZYBCyw_g)>~FvQ z3wnC!nXbO?s#E8jB23|%1j1+B&kzt02vU-wN)QlGBM=ZD*kC?^U%4?KaRUGN;HV@a z3{gG)#D;?adqJaXr{mw;U0hwV-ACQ(RR+RDdWbiW z?O?b7Umy`bg#7&1;U_<$kbr+3|39apk?lkuAu!J}{;#(TpqRL#{r_C|Ki7f#Ad%SF zW2cY*|9=qKrjp24r0|2qC(cObgB3iW@Tyb$g|F=1p{QU4#e z`|o$>pPc>ASp4gx8}UYHJr?#^#s78RUld*L{~gDF{Vf-u101zQIQaXy|10XzRPCPs z=OfXB;mSYx82o(nzwY-x56}-8+V6jUEkU3-5jC~c-PtNF^V4FzdxNNi#Augy-BVbc z#wrB`g`}NAZD3G{l(~7SsHmvqEiQYZI4E7ILXEymr7T{hOiQi>Lxux6MDzLfcwsac z0gsHFT&%CZzsP#AUa908ewkWTI^g5SZ#9XTnRHeQ)k(3j$QHAuaf?q@!q(Q6)=P~* zotD8Uyl0vC{jPxlQOypwx`Ba#(4pM+Uj!p zbvoBj#A3a!z-d-KtIZkSu<pV=w5aKLW*TkYo$J*= z7~1aJ^LfhS^**5!cD>gG-~BL}Ja1e>jz{<1lGW8X&-rlo`d9!Hn-U;BiM09jH_E@@XL1sDjs zy?bskV=^-+S5Ce{Yhhs_ejRp)b_K^XPCOb+W`<@QnmKJESKxa~yF4~Vx7g&ELcDmr z4@$5%8j^nej8O!Fwb^-rV~8av$t2kwN#UW`e7zcF+)Yx~i|g`!9zoz-AyO?@L22yJ zZu!BEyYd->=B31il8kJ)C`Hebt$TYYX5xP3;lXY0>74bj>-A2%TQqH(R3ds7HdbS? z)3e16Dc6r7G#7>7t5fL|V)x6{=ybI%k7G`*re3QOfkMuxqv$Y*lW3DtMleQY9vw_>+(M-?iiS{Ctgs1l z$m;B2>pg8Ne{7?}f<|MlW0(cjx@;<5@H)kcUmi=?tk#5|GS?&+@a%$AYVIX$)AxOCT5;dcqCgm`4Dw%Hy7_U8%!TbIVkO;6>24gD>W&7yp^C&5;5nZWMvfz zbErRwh)B`({BHbsgm86V>1%vAa$7I)nzp@#S~t(3)gKuNui1D(sQEAfiNkY;)v63s z%bAg%n43J<5!jcV23=7_7l! ziD+dVxT|a!k6-Kbd_Wqc2#g^BF>}s1Ay`SkA9f`v# zK3}DsB9hoS^XnYZ&j>onEbSu8)+)tycs)G%(u)Rpxr{ z7=0vxv$vcs?Lyrla2P*aE&NtxDgD+LX^NAdTy4=I)(|&sLQ*KZsHD{5;%qTfUza(v zZ@k!QR#U0bsfbCZMa;TKpX`j6Ki9~i>aQvje&;b4j&b!z1Zi}dT*l<0X#tzn;7tY6wmiNTQlH%M2@ISUDr7&l7LT(s1k!#EpdYXS$56yyz|TZ%11cN;a~RK@Z99D z;EZKl4T7c2jMZ+2RNTY;{)F&>koo(7kSNY6TQVTl%qx6~!N_#N7}zkuZ$&}Z;T_3+ zx04``i)Qf>1}hzmJRI>%#t33G-H`kt)OzA0(4}DGHR7PZ4;}v>wJDvRtU7c%3*W#maI_C+=*- zJay30@?b!?r!pj�qI36L}ZP98CrIgZw?HwRkcyp9?_dY+N6 zPegMnHeAMeO9V*Mt0-~3q?M4DLwu-kD3h%FYi=B`dX~;gOgTZ zj~_MAs7$q*{$Kl)3jj`90QDz5;F!Uj7XSUpOuhM(aD&$jPPs+LyWjKfZi-$aZS^l5 z8rlys@)NP2adnQLXc=RX^u0yTI_!VWR;jL@?5C2mH9u0^Ija>Ln-t5KdW0JnmtnG! z>rE?fk?~QhO`{r-ksHR44V}gn{#k8XrBxjXmRVO`8a?i}O}W?qr5_A`K-pxe!V18P zx--7jCGfZgu{aLG8x`A((pW5CkMm53x|xR2`Rf|GL=Iwa@tTciX71(Ei^I&CKv~qu zq9tINTTKxe^?{V6H$-sRddv-No-)Tex-|0P9|Pgh(2v38jE#EQSqYG1K%(nn=27Nu3Mrpx;38Xv*XHf)X=;PhC`?YKA6e%?iS zJSWg-81U8M90XM~QAT+*{jGNp{a#Q^l`k@^3UzyIj14#@sq9}_yznfbSspYlS4j|O zV;U}*{zFsvXh6-m$f&}@K|JQ}YT9#slUWA&b_lQMo%OcoSnI>F7CoaV zj zPY7h(rUHjP$5mZc4MOACu#bve;t`t4Hcj#K*n=@5qF4{gt_ZWe=f8Ha9Sq>h2T4@^ z;q&h2YT_Qi!I6gpCjzo_nPB=urw2$Y?W;-o%hffbaG`Fi`9;}OFsS$ z-%1&Np=eemRijM0_-Zn48Q6N}f}kfFKYn;(X_soer)UDbSB;(sfLqp4Lo^&yB8<`HHoHL z4S0;k?)9U{By#7lRR7xgED}FuAmTB_#%k!Vkj$w#_>zt!)JZgt$Hwy2iViJlDW{e5 zbi=XjlMx=TTP-tiFmnafWVv`nw&K($+@%0!gHe!}<@IBYQpbhio-EeTF$2^~93w4(;&+=XmB_ zxf#dGT=H>Q`D8lsVNK~+aC}m+2??Z{9~**fx9@ejO)=cBqG=1=`?ao)Bm^X-E!!$} z+r`g1Zq?imo79U6nzuEOUwl!l(yf7;So&UuvJI!U(}E5*xwJm-SbkI@f>rJuJ|q3X z2x!R_{&YEBSHS5uXR8EqTr1mrSz}At-q4ue9r+WVqs;+gJ6@s-f0epAAp>|^!MP{7d3G=2*8NP+YF>^LW^QFE zB$OcE7mLbB{QC^^Ki+F!e|3RLGzMpiRx*7)b=QA2 zebVTVzL7aZjQsZfGw?VpHA2dF(NwIjJO}G zZ8)GyFz7cQCL0yWvswFPUmz+jo?g08D8d@K$ohQAJZRRc)nuvE>EVn>NCE@`gN?PL zSPCC{p$XARY(=yt=A_VRlOweVP40|nzTr;^zCWLLJM<%P?!JOA5`LH=#W0xNco{=JsMBsM6cOnF}}4Naq#!HZDJH>wg0*k0KT)MCdn z`4#{t(n?!_`WMo36dYD65_%plE*2}b)nVo~>`9_EvYSw{jm(&v0CO$-7f1ivZ3>Y zmYi<+rAA8x`{&~b_SiewCdiSEmF6@cS&lsnD2}%yLRy%Rey}y6o%s=Up;D9enp%>NxXkMc_3B1~<~2)X z;Kcv)Xz=AF#!IH=(oysBk82q(=I3$H%`zwBGv3ui2rM9ZqAzkqKO+@l*ao#{Z?_rI zFFyPy+@7jZO=d;Qzc30pq~B?I*_YQ>$tGot?REFX-4vYn`NwOl()0cMdhw=2ZPn!# zwE_u71<+Ni_qXIXtjy}AJt%SC%Am|2V^xl%z&4k9%Yp#mK60{-#K1tYFX#s47eA*R zW(m0qRor2fZCIRF>P;#dZD(Yka@Mu`R3bv%&mq|@d~`wHov#*fHHZw9wg8`pO=w2} zU1SJ^H}Vvn@1ab+zbk>wu8U{wA{!dwJr;>EyA{Vvd;k3$dK4uLo*ED96+xb(Nwk!T zxN{EyNNewHP3@N4?JHwTmRdMVidwMOASR#tq!J0lz%}_`NZSjG30xr4MYsD zX$W%J!+enkGiF}Ax;6`H|H}K}=zgk4``k(aV!c6^zWA)Bk)M7_&#{Ni%);}`KG>>N z$J;2$BwEGElDGGA@1%{G7E_!ctvFLjVX`kEuGOr{NlGRY`ecy#%4Su`ybnmZBQ!hv zAm3ZQE($AF*hl-&(@oLE7ng&)@IzMWF6iw`(;1J zA>ip({abB9p9BQGZ3HI$X91&>0`Tf50&|-gf4NN<7)St?p(adnm%-pNa7yH7(KqZu z7A7-ll)tE6a03OqsB0+3-1xY#(71p*nC$wC%h9Y9L)Q)o8Ui-LMpvqLz4!jN#U`tk zVk7EoHeGr5hC|LMeFuk*@`v)1iS z#(~6@&)?CE&+_LS&MdM{%Oo02KzqMZR~?kv#T~YHJB##A%f%DE;H6Mqr&K1{4!x1X zC0EbU9BYkAZ-HSSaf9ht;#$c)cfP|a@Snadw-m)rw6zq)b(b3ujRs(%eL1SA8H3K> z8@`%qzjzR+f7?xv=RXVuAHi4eY{U40SwtZ8c_*b*n3QGl7gK+txyj-F1wBqtkIZS2 zFzdid^_<G_}vQb zaJXK1I95#(Qx~cgHNQ65km$d&iSZNiNyRHqvkj~G)6JKzMN?rdk=x;LgO{FIAb25) z0UBusiS0Uw6`HLzxnFN)f+W-0!Tjl3x_;%-s8$Y`{A9E8!K?^x9pM5*3jtEeUUvFp zOit6;gUJe{z;tf%iqG@uwCaMKsoXM9x!5xB__o|ejij`OR;u%7SPrDhqp+2&Wo1d6#7w5L z4QVU!goYg*p7&U&%$E_<_0GQRC&)AAmR!)%>oBhi8yS1*{Ps`lBPb=*Lyx4YRGnB+ zB9a?O+_OJa=)LM zsyF_vWr41$oZVrTdn3@&o=B^$1r=0e=9@TNd~`2N4tzd#EM<1P^K;6=hEcpe+m zW;j{~0dBRLox-eV$m=uzkyHHQ0|o1*sS2EzT5NO1g^RJfF--|7)T(Gu+P>wWf%9DM z4)ITlYjBlJ7GO^u?QRn>Ym{2E!N*ngzRC3<9?~ zL5qd1tg&oX_2NSoMP%Sg@}iWK6o=36-BD3<2*x>zeUi*>Q=>-NC#z-^h3_wulcR;B zu%OxQMS;3;@{FIS!KvzW`r@B-r?ubG+f_*I&XdI6=@P-3!KX^ul*>)xo+fwIh4vpa z#ZfvQheaVNK*P-68ouDHrIaW9F)Td%D;e|(%6#>lRIYfGLuFp7by##XM}kb|Pi+)5 zxgEuJ7aKIV9v;$49<@phLpRX`3b_uX-RG=>n`>wK3vm8y673YwWQgS0ev3;@bu$QS z_0smTCO5c>g9wWh$>6Y|i3~!Nh^A2lKfWf}9Dd#6Z&@@Ev%V(xXRB>z`u>`k*(nf! zwBcB=(vbq*uZ!lQF#emeu88|e?T+B}9|M7}x=^iKq+X+UwVR?((6}NswXpX*(_L$rDtclRd;(pA zY5jX*?~`?nW{cw1EOeV~%-wW>@@N1k_cceY(35zy$x0=z7{PM1up4V6U9}>j(M$c$ z2LMqbvTP_?VXyXgC)k?J{t&!)okYNzpu+c)eFPTL=T7(CWnbG(2Iy)cU5Grej^6KZDswE;P^XTLqTxcYHPIFUN$ zfq>jF-~ILJc5u$-=3vSc(%pst*FrdxWgMLOxf}qNv!#Y?>9V2B{fC7I z$hk2)FG39DzFeZre9{jN&uRm?UDWrxtcnJ!D3+t88x?5A3KEl zDsGbO?7_-3Dgw`+1nQ`xxp*P0+jyp^?5yJSLVuV6|2mCaGRbSoE%qD-+>HwF3h}Fu z>edc&j|gV539Eb}1?R78*HKYXN&oOcdP6aUzQ|vwivH4-7W0*hLeEgI0iLm{%#}G^ zw(jNu+=KIo3GsW94*Apq= z3$7u*Sk9H>gUT^7>WRn9mwn$J%^v^uu~$35=@wgk_oK3so$B_p5m(f_;ZPP+j1@bc z#sX2Mye>_wT!H74hM*8O&cpet4EQfxlc`4UU>2=7Zr%62(|XbbBUN#06D-xFWDSyW zLah3P2r>)ie*Yal_yRjqlGUbH3NBJV^~X(8bd$H2F&q(#G3nhA zRpZs*TME0B?hoB!kw(pTlWc!bOp6!vvNGoxJ4`{@8r_ir1n4=W`jd!nfAdr z%UjDoKH6M_qL3PoBvOlu%!5g&)~#^box+4~^-^P3MglJv0Txgc^F`80EW1LVx}MK? zL=dU4rtOw(TGBlC`rsJZXq9W6DKn0`bT4Nt?!U@H0|d3dRZmay2Q0ULDA#br4`W2Evvjy&3iaA* zVUvRh8CPVT%`RoQE1}HF2~Wr-zO@D z?tVWaeb7|1T(0hn2MPlpLn+y0Nk-L@gJ?N`9pqN<+{FkO?0+;Y*n7nbIwYWrf6M8) zZGIHFQRoOPFUD8aZH!Nj6jC^p(f2%MH|m4qHnx*Hfex+37;K8+y$Wr#U0;)hXPwst zORip*zp=!b0a9YM$zI!0obY9aIuU9S%yc{Hz3nZG^!I3J*^veIVgp#Nv!#lrE5|m% zui&O1o6u;O+a?#DjyY|Es21(f(H4aXi<4?eng{t#XoYx5?IOvHSa@wT=yGk)UXTL<=9=4G(8i$*MOsJV%PBh%_7R`_xP{1wD`d`7Ea{-&6 zZwL0_`j{P8~C zJu7R1`72KT@6OwK?P3v$InWq7R*RFxX)Tg+s+^I{JeYtJ)2P58G=)UIu>1O#ArGg7 zG*4peesMqpcDc=8{3*krP=BBZX#EFQnIr!x_#n0Jy>BDZIH_>aJA~S8^qO80i|Nq! zt4s|@>Q|k z?e`#WSQ90kjz1}_r08M2Qo9;E&h7Gge5U_ABhM9`sJs3Nf0#O?dL|%hdfB$y=0z7r zBp)ScM~GL$`J;nOE^Rg35E1C1C!bIJIns0_d@hqkJjiK_BJ`Mu46mwS&dH%_N~_^_ z2Ufk@*TzAZeNAG1Btl3HMTWhCSRJ-ib7Yh&lUgJpO2Xw&p#l2i17SBM#b=S zkg1iz%P$xGNEx0yErTBusaX4O!KzwXeVRKlYKCoN=L${ox)1IU-Ac(?h_rsY%6%Oa}i3-p`VwSqR(iZ_mGD93Ju2YtpUEf~oRju$* zQ43ACHsh;(<_`7z(ynT}Hk1Xef4OvISWk*b<{}CZ=EQZWFOoREc z@x!~(l0gCMGKU>QAd(!Lvys3K5+vw;1yCP>Y_mkuOjBXYO|dR}kSo?C?9JQ|Y_~xv zt8Hz-H2q1K$vz}E|8XCeiTbBnCWjCK6uFMkg@~fWjqydbQc?Kglis%A+y`YV3h`gX z)^)SaSL-M}T3c<$)vOZ}V84oCwxVzA&RgPx%q!s?vu6+xQaHpP$cEKa8${)^LbdXX z_tyiAo2z(`ZuaQJU(n|TIB6T{(8vUQ`tXSrzI-wm%*=pMN(@AudbZmQ^P?hZc{-4q zoJ>6NxVXd&+dtiwo{j!P8%du?B2~&L>y~quyF2+sDX>XntNIz|AZMv5;1ciEzK>31 z%rQfu{|emG|5B+`5T}q;|6UdNsNi@?2hsz&A@}xD{UJToVo$CwA~m`B)eRyODy89I zA}_Iq(J)LK^kBcP?G|P$Lo$-|g@hg0UwNWgW;6JdHaM`DuCi>jCYs`%EV#VwavTu= z8hZB7@O4cTj%96Zwbs;2x=9p!3+)!vZKlf@d>gkN1$_8St*=wNC2HMi&ENI-Y!xBr zNv0iv5YF-)+t6h!guEEMvy2+w>7;NZ^ANkxAX;^|1!tjXb?H=zJQ`Plo1{N00LQjQ z_&tFU0N)F#J%mj$ep@h-=C1r`0EgX2Joo^|3omH5E6_ETbUEi z$e3VqRRy2H;trTy;e`a;wJN_#_|6Ch-PmeA)di>H;7A)!E3q#**K!ZqpU1eK*3Uw7 zDSKy-_VpJ!1l4oz4Dopg$ysr;m#)MkrcYNG+&JtF0yRad~9=44gJJ1%3=7b zkwj6`d37YDrF_m3Gw-TDeWZ)zsM}!np~Dr=A5)S>1c~!PW=%kXp3>Pvp&K4U9^& zsqBJX%B7|RQW1#w$TpXjNfOoQ(zex?Rt_jfC5_2R@ACZFQU zwOUnS5kv}-w59QZ)K%05$BGlh)2F4|3^~Ag;DE9F`|-N*!kPx!ScDgA;;-%kt1h1c zdsAtDJKcu|Qmff@0wfh}x;Qe17+r!Sdefm_tofI>b9^}K-V()g!An)^oLIjd>%JUaT;)x z5-Aa2?jaTr5*8Qd5h3c1M-z%yD8BCNS;1RRjA^ipb7<1rAmx3|*m$M|KZhXdN*P#dIiuppz`Q_3d2!~UxN!E+aGF?yZ;e~E;5DNEcaB9OM zj9wI+d^geXZTqS?4)1vWnw&O^SQ)uKOTcnfwHfQ*fj*y4L7ukVq(;7P%IfD|DL*M%x=*Ga=+{3X7Z^w*EcU#TupUWk}TcVdZ@W&@-Y_)pAMA{2bb3LUNb zH_>C(X%{TO;sr>x2C&C8F8}kOjv~a-uwC(kKSgp|) z*v{z*kQ?X)Td1J(u~SOGakmSEVfsbXL#T*1RnNuk0Km3mVwT##{txMj+{1XYSdtUR zDDbZ1uY%@B@fg3sl-&2IH4?du zme|ry2xP(w_}@l{<3ZZ4(kXW!G3Q>1S(xDuGCX{5BUsXVB1PHNtvW5Hst7yi6m|Ae zSI0Z8sQJCkL_Iugx}fr;#sOwe zqY~DO$CbN5Y~+1x(*-;9Ds8Sms5ue1WN_yz@&+iDU+_+4lfO5s0>_MEc{OF$Ei?+kk?qFg{9)}MhHue+>DslIZnXo}XW4K!wSTn!1_%~- zi{4XwcFW=S{;Z;=qLRogNBIXEvpCZV$h;&x%sT4yXt}O<&}6l6CYhnMvyY`_utQSg z#!MG0MR;bLZPsp_?#d3AMa9ZGfa^3?i@~mFk}F9jcyd2QbIsC_x6+As+Vxj6kRbf< z2?CH$q}0h?^7W~SCXL+yA}D#SDno~*Ca1y~CGEZHMUS26x#DBVy{(g=a4IMTuxSM*0ESDA8dW6(GC&r(xCMK9Od zO*(#`Bhr9Io9`D2_3_)yGNtYntAHzGr&zVqoNc#GgyFPM(6&^ov2Gk%^hA2gDBhbs z)n-p*l|LoQiApCU^y2=O&RI%MkGG&aol4!=mPO=>)G9dmExkaLOh${XjJC6_dG3xQ zjs`cCj+hw;xb+vwsnohJI*RC&0j{6vwwpZEQo01LD%2-Liw9RQ>ZO_JWtxK#@h!(2%uVD&PoU?|X6c_#xm`HB9X-$8&r9@6bdpQ+ zeM`C`ZHU`ASDg}wM*tZ8FWC7~V+2b*_An4O2G)_&pV5@Bgz2 z(_v|>etoID=3weZ^J;FnbLd`YS-g48=5o!p8!Zt|ctUHe3$v8Yez?hRL%Z&Av1)Z9 z`C4=SbA=kr9k?|I8HTd-`qZ=?(OfS-BYpVkNIH_Z>ACuHO4_}0=b56Ky51^~g^mb$ zlW<3HjW8_^OVIf%gnv##fddHxUkWMwaZUH2=WB|`;Qb#{g<2<_5^mvhQemc z`=vwC_joax!f#11?$==%WIC`Daqv_AP7tYu=_@VbFLVO0%%kRUWoX8jAluL|$Q5nG*LnImKs;}ce#gF=nRw+!C zqF?5f?7(A0gwRvnbWEQCNmMlb)z+j~DxKh)`n2nwrrBu11h4AOw%B<)Kn^vWfGq|- z9goA>oDHP5*yn7(O_48GuqjrsUoi)EnrCRvU`JKpyD5K4=oKBJ=p?TL^Xe>1mbMMw zL#ZB()J}O^2Cu>$iB8Ouh%daX(JenD%2DGcu!zkFf}Nf;i91C;}4{LnC1@^*sGmgRpS?+O8vT1bRiG5`rCO zF%fusC@>H^F0@1L!H8|@qm)Z`3VqhfLo@ku95%jCXC%>J-tH|3S3>=`e+Bj`jK&g+ zjGf?cqEk@)l|%ft!XSF>s=JL>>UBhOnLO4&y z<9g0c0o=vjr~qCr&Ef6lm8>Oe!X=xl94Ji}Edx>U8swXQ=+WwT`E;iXt1}heNg4#u z6=bdbat^T$Ujw7dc5()ODVoHX#IKgYt3sq&4T)%?oC1bXJ2|RWFBfp6WQtO~ntVLK zhI`$r;>FG2No7n(p=Lmi_obz&&nW5Acu>WzBKhPiOTezPd|Tu!3oAP9@QsNj3y<|f z0(T)pciS&;Be{(Nw*Nvo&Rvs?1o5Bto}l(sY7&{LIs}Z2KTRHD6>d+^6Sl1X2VSSz z8X}76K$(U|NMA@?W^uQ$PSn-aQE+{3*ay3E$8au$B)NkL;Tm?wc35X*_058MiE&{~ zvm&HZQOx{NK|lW@BqAmlvhw1iRgrzH*n{+EESW4eDr%Ua)jr4(H^Ys zqq8h&vWTA9QWpjf@RcgG#6VBOk#9s*<^gyM736Zq3rak~MqV}!McsXkjk!iePBzPF zB~FQAqnyK`ifFqn)YpY-QPK_zO<2+}LTz_7`<{~+3OZE%sqx46c6`|RyLz;}s1=h@ zs;AAC);rJVT?u>TRbSX1jsm{93jCw4^-PK8PKL2i5W~2vd3Au~!}Ie}TZmGP4Lr8~ zb|_S9FdH(n4QBF>-=L+%h#xTOc`>XQud;ec$hasd1|Qr|mP09zvelS+RKbghBOVHCs?K^l~imDV$tM@&t>&;{R`y*pZxUM?|`$^%2ALI z&ONO{#M6|z1um!ib=Dk~M0C6nQ~BB8_R;BZR$M9Z#)oMO8i)N(UY9|7flclE!^HHQ zrAMcnp2v;2#Y|)L>_X`@tx9``OI3PkaYb0ErKaoYV#=w!4h$$SroeVY-z?MBa0e~_ zEgOoFOBJ(9gYg=(D(-yfjh-HNF2Pa$xbPO_x1Afw#i;u%DJDaLLB&K2V+b)hGW8VPf9%=09$Wa2UT=<-8zutteb}S<_S%0)%c6ygovk zn3i+#&8ErSoxfcR1?0nm9#}~eD@XaALqkI|^5B-oJ-852mGvh8T_pLk^}7J!7Qtk< zCIZVmZDxq+(w?6@y4FEHY9kO}P92J*p*ROj+D7J@N7iWYi0XJ9)Goi3OK>9Zr91#E z+oTzyw&jq`tO1IAGuT4agX8;@Ha8tya(M381%1-Ki0cC{gAFjz8pm;O&*PbbiYm~0Gd&yw4;U+%vdHGw$r_aAsB2pGrcagCE9?c=K9&{R`W zL^ccnsAyPS-5Wy$V6{-mm9`jwRZ=CTcqNTqsJ@r~BSy>%*{ zIz>vFt-VeysSxuWoP!X|~Zu zQwZ)Q8D+yLGC*uK=!H}!gR=d!@t+b91A(guspQVcjWVny!s0EL90@D%RrFTD@>}Kj^IY;f7I=ud5b*A4{G3r~fKgY*3pKh6MWgeV;z>9_+ zfOvBkqyqKHR;|BxnlaS?E6MBic42S=d3^^gs@0T+JMaFL+Jk;Vybgk8Rc#pV-5jwW z#`B)t_paw(I`2JwDWh7N7oRix-p0v@-e$c1gQ0{B&eu9kLB{?MCNz&$6{dYDW`R^; zAchz@9fjgTs@niu@gx1GKsWMW^MJ?fq_}E^p|tqaM3P%8b!Cu4U?G*z*-~|@Q;!oj zNAC^Z1AE4sXc))-86yc30x$AzQ{a4-C%I;rGxzHcxf+`;^Q7a_t&Z;a-RX2L$)>yO{fUIQbuX)gUsd3K5KPTk z!aO)qap#Xra@X5EBMH11%wv%L0TsmXdx*MY?ikNA8M&kHjIlb)^|+jVc1V}`I~#+J z2Dtb@F+6YE{fenz18M96j3@6K!0oerqKEuYk4S+^NXV#MEX%BIr5Cl%vVXeVGErzq zKNLqQk zQ7l~I?tT?|jYnxj#7H{$STXOkklk7DJj76@rdqI<(Io`?y$nVdlBUmGJ4`eR^Den! zT+#7_%_!f7g_^-vxSx!yzJvG?N2<>BxW=*=Upf|A&n}(8zDXLBPL~!oOsdVrCipI7 z(TwUfB}&^RwRAxhedy{d)CLdiPrpa%wt@L|>15w|%}@j9fXAzdi6Z%R))my8x1X-h ze}NN;$lp50K6HWuLNK`~2;(-)jQToQd{VKuQ^~Apwr>{CiTKUPoO^LJ%%ycSN!re-3Ejff`z6Qlxe(<&|HqaXj_n5~_}CaH1l~Jdz;cnP&8$^*t2mfHrv#6oDhj6G51`5K zn1`H!*=r+T2pnW|-D0q65Cg$KBHHr?)=B{lLxNK2;x)So8G_LX2?>ro)^{T5XlQ8H zvS^_J=5aOPaWj&r>MV60C5bnxvT}N2_I?sXt0h!e+53InI5*WQ(p3fohSPyA6caXADbl zW}&gqQSsTQrFM1%l8pQ{mmye|1#@sK0k_H1@=*Pc9J|S=^7;jro~vt$x-H9`N6KfN z9*vHyTVG!Im0D$E9d_v~bh?Y#D)mJcaK};GuiENF>u@jw=xwCrW=t~s5-+SI&m#-D zfYN4HlkG{+G`NMwtRW#mBS*LI>CQQ%eSJ=?6;G(u$FdFR$$h5HJTAXen-Z+*NwNHR z!J`!`a+l9i&uW8l%5Rw@oGTp-!{5~(DwYnW3U+7Y1(M8iyyxj)4;ba7R)=^HO)wKk z=|T?vqC772zmF!|VyUsr9ipc5PD``dI!y05_8?{W1dL~Y@PC$ea%yCD6#&cFg*vScT_G~F=Sj5cxU_y?YrF<{3?v*? z)m42FO!w;Vf-Unvt|+e&K^ElcGUbv?SawNfsE?lzQoU{0Iu=uv?@tz$4{9n8oog+* z!NLj&*d$N_9v2?s4Y}c_qc)MNDWi?M2M;mfgj(XE+0V;~U+d|RZC*2y-|fe>!WSXU zqE;#X&XY$^rJ}uvZ+4D|-*LM<$m2Hi9GI7eoF4YD2N)i907iZNfOLayY2Y<_iFejU(=5E6q6?Qg%N9EOa zCCVtZ>NO&?Bs%@6n)bpHGMTKSq}_T)56Rm2x@YJA`dVp6{!(p`CkS zz0nY&J6O)x0q-{sMtoV6N4;X%G*VF8pX_e8%kK?=i1@f#PWq2vKgTXJyYhD;BmxN; zrXWg4_f$kC#D#DJ@E2gQoTWNkX}zAZ45q!OBL1nC2FpS6r(sOT5bkZ5uEN-eQX~Hh z8d?EV1A8zPnv@54hM~CTielvNa4k3i2&0?RNVL@Q79OOCFi~ z?$Lat*co9wIPjqK+bR3Oqc55qp197o21@aTy^f z7{*e&WOJ_BZ!S!vY@#G~Fb z^`*Z0rHETvT2@mO%xBJa6-KKq6XBVEWNbfS+1_{Ox~)ZFo!a8&?m{*YoGy_kJe(>B z@p`r~Ajx5Qpay#(0#XD+PhZ9HL$l@Acj;f6p(tdb9#1on+@YmI9ppNowL=7xuJy0z zyWae0?eM3E8b*0ua@h9o7X4jOS@<$t9+1Q1Dm@jMp7r4KJoPk4+*=679{}8e%pgQ>B+>L2p1)%~;{T?(w7&f^sXO4ZEg9 z?i`nzf?Kf=#+M` z0Li`I_)V$H+Cq7suG3dz%cAKiV?wu4dQdLgEV=#jG^}635_^J75?RiCQB)!=p2c*? zfhUjL^NcK??RN5MxqEcdSzAo#g1e%L0>X>{AI5!I`2Po1L8-n=jGnW4^(vXFlm7#* zx+-AM(C=dN8zREK^wLZ6srr1Nv4Ko==+MDvAM*kpb4Y^k5ZQXh3=K}Ag7z5FjTV)ez~e=7 z8zkqpzo>CRyT(iBXcP9LZnrD1@DRXt0JHn?pKMCu5%0X%U{?He7; zm849aE16sNDKV@d;iq+#$U#?%r&cwSUDm!>NqFWZ$xKR;Qs?%Q;Koss{M!Uc|K}e` zTe4AtYgUpnx8EWmr{-?Wk`=R0^LSY@l~jeF)J5xkh9rGET4xFNN#p}}C@ED9;+l<; zg!%5&d6F4TT`Ed=uWk}~^#JkIsCuAj>c5)$>v&22eS)MdUMpEU)zrLvgalP7E5UVZ zNN8KdaLAP!j7xo8*KLx7x87C1(F_SHT}H}0e!n`C>box~RT753A{p_!H2{+ml3Q++ zpe7B3wkCe~o@A+}(4$e7OW%FFcq(fo=G}WF;kj27gJg*~?NkX>3#6p)z88-YwNiK9 zl&!#5jcCf4pCtL0-z9C)M)7F*p`Dvbss5Kp=xGOAETxS8MUqGVZ1D3`h?LOAbtQfC z#sh6ELEjcHS}gPD>EwbEwQ&7tYo*+N{+g^N!AVRy)@qWoxB!#d2mjtciawk`!%ID-DKLM!Q!g6Y>&T-$B=@?xGlu3nErTk_oDI(IuBi zgu1yDwtVu*CnhEa0UU8}8!}{w>Bm`t!7ek(wZh^Ecc9;Y|6Q=|gJ9l&|NVyqs%5o= zue1-sO|E?T@C=t%D)ojm z+V?VTJs#w~`|dMV2v=WywFFWrP@J$V5~56ld-dvNZcc7emW*1rZk@dL+H2-J=D8g^ zb~NB)S_tVyyF~iMrYB%o26&YKKpFBN@s8}%|VFpOV9@%5@wSybH@ao;vPN+5Ol(Cf;yxNQ9KqK_Zf|aHZybz9dJlG{4QCLur zEwwm`R$Zo^qkW(u%K8qCd49O*CxetgM_w~1nko#I~!FHYWts6>{s9HJ!pkp;PB}Y@9qJ()b)`yP?z4B>Ybf$n@AC%=l4?5JyE}BD3;6g9S$k% z6aZH&;!ZF|z*>*73M3dza1}(rir*-8Pyp1bRm+S$7)NZ_u)&Z$JJw)a!*~Mnbka#D znK3K`5O+AnSBzbKh1eJnaK4RGv6CJ%t-?ghOAm) z{6|1F#(Xcl@PgfKw&2P+;Lc=%6(#`~GxA=bwMRNrQVM`O*&V&ErKFx5M2Scf-LLryc83=tP;026D!X3^ysit?*zn z@a17*W{De?PJ)||PeFvv0aC?HO2_8yPr^;h1Ia@V;r2C&EJ*&xQW`pUH12fXm_nn~ zr?Z75()rmnSm{WZZ6k<9%a$!oXTS_24?q5v;L6K{j)*m6>HL_q;Kku9m|gRsY&s?K z;2xl3Lg>8jyz@@;vZ3=P4FTAAiTv`*FFAGc&6nSFbeP-^A3i)MSQ*5e&Xl~EN#w=F z{lSZm4xhTyxiMM5gH318EH4Bf^3MbU9ecB8&HNSV_8mn8c#&Oj!3E|T@iHoG@r`=T z?69|R&$5qu8KM8;H}{kk?rrZh_CB}A3u{a8K3>rFnJuh*i!>h{OvgR*f+5Ku=+OmX z!kRRf4Apd`@6yQDS*c3uo>a~9nG)Qw&7oBTchz{tJ^!K^Zj(p38-_|q=M&8S*x}Dg zijrh#O=$JH656S~r2Vr<(xNv=()<~c_`lDj^h0-P!Rl|Q11k>$V=|d%lF8ldY-FPT}=;e;z?`X_CGtTGI5xU6QeNpN?o#BzE|7h9r|$SdDrT+OeIa zEl`d1zndg+&NM0Y;Rq$Ux2q<3s*+^LXm((zprA4mQlqA1DiKeQ-)0K*C>hCNW_k~L zbd6h28X969blZDT3nHB-RkymNkKU~2+?=**e@~kaq|e46NcX4hSf4{*GB)XRrVUA( z@R!7X{+21$;|Y_99^G|knk4B2LPlDW?0aIkg!emJ%L-9~t|VVcGHvyE!X>0~Exo3@ zG}7~aV6$sdBL4DToH=ubdDa=Z^iZv4x&7-Vr>TZGML)DNFX6l@`nnscCfmbRBf3g| z$Hgbf2jBcI)90^{PHmc~NpqxZQxZ9G`aiN&wX~I#gr3-;m1KEzNX9kY-{<62PQj05 z_g|W^X6;dpZ;C8jzTRkit5>ZcM5=})(|6I=o!GXCJahjb*|RrZLc@Yh@Uc)erN{TU zMwN;>0UfNG@L*HC(rk%OOfsbU_bKy@-!i0m_&rxjotjlmkguJ4W6k=~^|V=PJW(Ja zSu^!juB{|}gFex*I_^LV7zm=wr28$m++v6j6ZdEg!NHoB@|_PvY3R_QMuUtphj-KL z*|SX?9>_CeS;i<3JjN9^;40%Q%3vR^Grq!jl~rLNd-mOe!h(R7XuB;@<{0B!(!Kxw z`$ofw;sb&VsfX}!4q}NrN&}Q4jQx05kq%PMI0#aX$+xIasE04p@7iL%tAf%Hi6uG$dr)3VDJX69$$jgEjmCH&4cgShhh3nY3pt zLOdXpF$nht_#7`{u?3UKlP8<|6U&O+CQ*(BTndFKW3s|b5DzS!86*lq#taz`p09Aj z0=Dl!)i<5L-&?nCH8Vt<>pLjr<|bbr0>}_%8<>CK@5lprya}^nOeFN`)ys6Ew*6ce zd$SWM8%;427<3@`Tyo7YIiWMglqD)E$_yO9msvMVP|!eQvf?XrHj5T5GA|YU(V3OA zFC8XO=;XK-ycpNPoVNp?-LfyD$`IKbI(gAg%KKDknO_hef zERi=3k_?TAyXS)blC*55WF*H+(&*o%j6b5RgT&Nd|B%G#6HOMORcc6?d)3TYB`YpL zk|s?s-yxD!zWPQ&)XX_;?4Po|-x=znn=UESr>Ku)Hc>VS_x}lR(N0RA(_caw*OtBi z_n@Tj-D-$qM)Y!F1q!U#931$ZT(8gT)obiv!`uapG}h0w6@AepG#P; zo|3gUMs{Cuxg;;0pD(dAg%p!NE0?d3)hky?u#Qn86qK%+Iz-w}?pQZDKW(yY2I-pX zpIenIzZjGzoAh^x_6>`apz@(FG5v~`5g8dFH(q_AbZ+0$SSZ+j#O8HGTP6A)y)K4) zXXy3RYZ?(Arl#I2<%u`GmQy;nRxNe|6J)Gfl?qZ_tsKI2J>kEwOczC_di-EmDn>C>&9q^6|F4An3vCZ|dpEwh?VIDkt* zgmeV{YOC7hbsG49J`g`;EY!lZA1F*AZwM&3^RWckmO-D+e#S1=Dvo1J{q9%kBJQZNDAhvjrPo z2#EJXP3J&IM+Xj02ptPEk(kq94nyaPfITlNNT~12#3ax^oNKQ+-}zXf!(h7YWPi_zLCl0=oI;o6T$>CObBNmUF;Fj*b(OjF6x0+#u!Nu@ZiDrXHL70 zr`f=q#+Q&UTt9rpAhzBEfg`Ct_c87qd~y@+D<+Qe5=b)>LxC17aKNBMYm*hEES-tZ zOo_=RRZ1Wu2An5Sxts*+C%kVDLzKZXeeVV~2a66yBqmnkUU*4)OSV?8%yqX&P=oB} zJ4^eptn|3-A-yI|8vm;V&7Gm9%Kxf%Rd?vfJ9FpW{VFZ}ymEZ21#@=BW~Ll4{3Qf~p-bg)}vJ$@de?hag<# z%0x=pGNp{Rn7W1PyBFItAV;W=`=E<@>AN;e?jHW3>`;^P_=IFr2h6jPL6`KB zYcD@tZ=-P8`0oyxwLmRAG_THzWrPmh(oCxS|1ip9NEt97q%diivkf9`6~(T#TWR`1trdi@*|(F$?20@?qTLZ@lZf&yMr_W$s&N z-*bJ>Vf@s!YgeOyK!b|aAl92KN0{4~k9PAxGmFKa9c!Y zW+Swn2b!CghuY4zQ8y+Q5H!!s#?j%?AzBjQ+sQR)(j?ao(`2N7Y-en@c0VRMh;N6) zY$YE$D_^0r;{jwgmgSD%bz?721{`XJI2hVZiK*|TSk zNnK&&dDQYq)nT$?Y{ZO*vIj-xw+^OrB;(NGv_}bC>bS|0IBlXy7E-2$l)mkzoKx`i zwVJ;y#eUE8Pv;z?6iUrhjkemD=Il3L^qNW;C3{Gk5Ap;!wbvoy~X-(oKB8m-pRAgmFTG2;IbLnElkq;BEw$P z|IiBV_oy1l|8o zvL@x;-v3x-s=0h>a)JrO6&9wN|4QZLj%)i#)hgxXvr&J@Hl4VMi%Zh7RjW!V2mY8c z=>tR5Px<6dEsP0vv}%;om2{hE-CFOmks3GV)DCjp`kw9pCw{-<;?{Trs-;NROZ(I{G z?qfB&3-K1QN)N&ck1l#6Hvv%>9Yo zZ`0916Ri((V`hBNs57u9*aYiYLs&V759AV4QqJW=XTtwP z_PE{87V?ZA5T?@JW=|Zm={ZiPXzLCEqSN#x;S1`0&oZr!@I890L)FIxr!m|`*W&tw|`?JzZBaBcHqf{vF*VF>O5 zym*+1Eb*dPA0*yCy}uunDEkLdo`ahR3MFhMM+Pordk)sgLhq8w9HQKU2pFUe6jLA=KXzt zI*<12dINeNDfoA-*CC|WYr-J3dMyd5R!i&ejgx9d)vs1>{DaG}bwI+DC<3wmq2FCt+fAs$~7&=nY2-Y?#W11E4x^E?A5QNmiih$dfVj^uH^jc zi+ib=bz_+}cbWXXV7V^&v{kjlNhUIPdV01AuE}5X%Fs!JnAim4du-mddLUTIb4NY@ zstZmtBsvl|6io~1CUSPFKDSNP?7E5G7X|fCw(S8C>?#`T^Ss5BpRKiIg1oq{asuha zRS3f9E#PI%cfI%XopC9#Td*2}#93qL4PUW2s0VSB$AAkH|lH@gJ=bqpk6k!|mIYzTg zd%aDyaS^300|pE*R*IAZVdgzf8ww)0a`M3i3qNiwBq8Ixr>$jULGn3P(l9Q<@__rE z>kqd;sR91PI=bhcdrG`w@;?z}Oi1vJz+oR@ph@t8;zW>rZ$1XG5JLvNkj7!dhM9pd z+Ep$p4@gN7>nDO~m_OlxM|k+HFx!PME;Dfq@(HlOBnN)HJnVLGk3TOrv~Ooym}Jv- z(zb5iTgrv3_zJVI_%QcWVnZE?plETh`LWyq#{yY*-+H;P9DGfpAa+gOe(1t}GFu zx|~wE>>yT}3qHz~KmSsK+bc0P^hWy?G@RI9tLf{(gfFMqLi^&;fu;m0F;)rEzPQSl zUrW#l&Gi=pS+BZK6&++)$%@amxG}%cZs#Eowk#z-S&7LyArLMpzx<(-2a0DQiKkrl z#0)hqeaYog?zI=SK>Y;~hQXxkpfX&wpsUs#V2@l=HO2LyI8&mOxjS!D(?Y6hp=GmT z`LgWz1Nz+6R+Ham`_-`o@Y0AVheeWY<-n0ET1vk((oaXd?laV+7=Pb&8#Nf54$^tA znfG9DXs)FNDgOWN*drComoY)OeBXJtJiE=pFIlzNEICEg>a%-wmRJAxgPh!Qu&zi{P)ik?S^-41E zqSK64x^8Sksazlt_K?>pMo_`nv-BK1#m zZSz!iD`pEdARZ>O-j-zt&N%XK`Qe#Y2@ql48%*Z1EvP^Qks(8d9MspNq_9?a-g#N= zsNH7?p1-l0?}P&HIL2h*htAgPAU&<&+X}Jeb zqJjw%9G`vmnNdhG!9oOdg6vxN&XUwF>RMo;jK2hglYt@wO?*n3b+V+TxHp^*gXMuR z1sFVduo(>F_ll;5nY@x949ux7*T8pH6_ZhB%jhg^*n96baTC+_n{K+vbRhU}BjiWN z$@MKPtragDK9_jqAwm9dQQy+^s%?8}m4{PqzjsSz9#;@c@*?FnsnM+n1hdk zmK}(6o(dHutY#BQ+BZvyt46rK>pqFR{u=e&-7N8=bPeDAg@(6mduZ_rd6ts1(nGJ8 z`2W2pssC=!NY;Nz(ih)Jsq3!P@YfYI+HxaF-?v92-e}b6r(cp%SL%Aj>gkw~yi+ok zE|-YDXY2aECmou1A@8A`p_Lm-a{PSB)HPuDJ@ukQ>ck`@IU`ByqP~0)XZ4d%U8gyy z@&R+qq>;Z!NbP3?!knngSRUwuC6|)Wt9XaOJ+ix?7QVY z3GLoqlE(ZjDXaggj*`ylf^_#a!%VrIA{z0!HlS#T?FYF=Zp}}3ee1jp_XZOtCtdSsg=_zrVRk}_@ zd*s41PBKe2z3~1h*{1>U&Og12G5b!{a`8Q`7g)vhWhcT|f9E#4C3bj5{bpn|nt z1OxlOn=Z|%o9PG5L=;>$NSDLfCnLw|v#G8Y&2-Z0v@BYBXj^hJ$m0uVHC4naYPq}h zx<4UP{z^w2@3+7@ft2x+5^SefEqjrEwf_^T(_W5L+4 zVMAkW$=H?PVPN2Eed(Ro@${YGaZIfIKYQl^AXRn!|1-0Fm!)?>cL6DailAbNiYAsA zQ;eFTG0_y0sIeyh#Kh!h)R-7eGa3_1qA_YLv0`taSOEbM0j2le7Pimq|NFViT^_^C z_GJt2=rFVI-FM4*_uY5Cr(N(OG2<8(z+OBT$nfM4YHw68pv;81>Z+@3;>3w=d`v!E z4ca3Sql@b#nkSM$;f~A$$)~Lo4>?-};5Lr6i_FxxBm;Wca}PHVz`svmh2@#W3y{GF zVSuqiexc-nC$59*0n+e+a(EB0h~U27P%RMUdGQdhKn7qEBe95+B^&D)*{xa7Sik|f zXrGv4wJ9w8o_suLEX3o-k2m6_(RflH@g>wx-$}B>%Z9$Ea(8O$_d4v~t{mXSO9pHN z5voG@PyXAs=>s8bQ+N066}toF zBw&PV>P7xq|Gnd)NN%R(UwNUGUh>`QzC3=9ZPN#;=}TFa1IpP)9a94)E4Qw&jo1Fd zl>wshp?r{{1NX6Leh*oXSI8PzWu>1?t2s^iq~!bOzkMP9xBvFX^__G6mo4ibf3~tE zbFF;sd|R(Qeu*-L=kPK^fGYb3=UKFCXUjhNSSxz*e->3eMbG`$s`P>U7~CIi{GVdI zD?j@1BiGAxJ$nbpqMTRBcuiYECEkUm4FdzVij6XYRs(mnTu>)D- zH5Rg0b4_E2xmKu|)Lowq;ung^nKM7I7Vt_H;d4NrhVbnn0!h)F$Y?3_7dpsh`pp4}ho|=iS*8oL;8sO9S32+N2!R^=+ z?Lv4GLR?3^$dI@ur!sI+1`j@DeQ%AX4|pH)K1xRL04pvQWdKod+_cBeGae|@FW>KA zT^#p)_Qz?TF_A0^nKD)TzC7Rl8azjnU4#6ICoJy4?CQdJxi2UW5`i)OOzacN3oQSP z8KnhYoEU%@e=42^`?oj!<~agyk>HE%xd<`9Lk_QG46Wdf_Coan%ItTH+cE_BXs;mI z-xNUGJ@?$>9vI>bPyzrT>(W;F>s#xahZ7AAivjxr<67bgOENCVEGm8>B0ihUfh3pU z8gBsuVEdH&Xu*iz#)XvQlw-lbLX9?$1>6H=+D}|KeEY#~w7q1q27IGwWFaS!+6gC| z;1*%_BBZY@EWG#t@hn^bp&$j@WAXJa*z}c{6)fzy&+|7gir^SYV#dqF1La^{z758b z?6^N4ezz?Sptb$l*S_Yg%HAWQu{})o5)2;mb0e|-;C!Ksf7X1tRM+|Q_5DVmB0L07 zkakDniyo}%Zu2`p+2?)5y02ShTW`5ddlfINITMLwTc=Nrx2}Kwy+yj`*Bp2CP?v-j zPdVTHmSx|0mz6H~P*%&?R($*2+8_A}%emlO>#=p4ZMo%-R=IMKFRnF9Uc#LRShSa~ zcSrvc>U9^?()XGQ{SW$-tPY*e`QdriW1EsE-SQ_{U>Ex(zVxf=BN>JvsQn* zb+#_QyVfd~FSoLf-mUI`M9INU7;hQ92dh7~S6`RdCqJMz@{Js@ZtWU3!aVi$@Ey)} z6#~iHNxfNn3Ha-)Di0DEUaI;@{`UIY)9v)n9`7*+Si_1(MV+vVRm-F|uVeRju#FW9par`i64_OUS|2iyJy z{gt>qQ(#9HR%N-)m6e(7*M6U605ZTF*YBRX_d#$$W^7!x?|*!vZ7(agLS<7wtt#pi zC`lmy&Oz1k3tn~CKSMQt=galGT)<|ItbZ**B!FV~4-6=PAD<~1*JHquH$eEdv2-F| zA%}Rv@IZ(VIa9Ds^F9D1W0_72(ec+HUm+`9cG+dl=uuEm;0zWR7%(JIhbKTQ?*-bW zp8&nW!a@f+csF@M=HlIip@ep^e3Ewq0|l1oRD=wLwVK^fFgV~&%)1CfL~U-x7%9LB zjC---gHw$gMFe4T-cs-TfjkT7L>3GZaw6}1KxyJN!E(XhC@F|RPIe96S;+e2PXB+}u5dF!pW>OEl-s%mq8@<6fJvB0pn)s`rrt#zIU z6&Ge6a2|dZs>Fo^V9dizSuDhUQAJUZDB!b55Sz*3%VNpBMjJ@oEP5O%1 z7f~L~Czf4aFf7m>a08BMix&xXq0LKl7iWQHp-ya%1)nifr;o`Y;TQGcTExN?>^uET zRTtM$A1^XrS6$-@&$liIn9C?y*i*5w#Pd!a2u93pmOzd%ukgrVt>eXqFoNKO&;g-H z!)pVN8lF9rO(bnW@ZeeV0u7q#rYIAshXje_f2d8UY3%r0`nuSPm5QC+?wW~e{fH(A zKb(lKTCe!lxfWMEB#Ee^g$0&AVyH}50o|=E$dy`;-1bA_NxFnhY1dr6@il8LzLng; zf)aY>)3jE3im$46Z;r3sU=hVdNBhe?xQE;b0W@jC;F6=w7rfLcs$fBtr@4H8hr#W`M9EH`~^ z=ahuVH2v<3kL`-g@Clz4{PSzgUr$h}DFHEf8e3DVB zy0~s{d)X%APkTCs@`go~mjy{(8bd75Xw7j2@`Rv=A_?yc2n7n>8+b8z0hH$nEi?iP z#I|$iop+vF;C&g6W1VUW5#xg!V0#3~j5}?gofei%wv-B$k!cafc4?Dz+Pmln@`ws~oLA#TDtf`LgdbLwrq>nvF*{AfWg(BTLS;jF( z?N(y9{_IwwZ5$xXsD$mqv<`F==+&WMm#66?HH%YLuugB2f*Ymg-umwLircyv%Y7ph zEu@eGZG{7bO5S(heNKi$zQXW8W^6nv@HR*UsBNX+bpmDL0eLX7x}nMHNCe=*wHT{1 z`v@Zdhb|Ny=?;fu>1Z54P{N&`1(n#B#u8w*Hb6`00bUBV5jg;6&YW3Wkw%?E!4%BM z*{Djwi`q8_nu;*m_vrU{?^ntTf@eM=m*W8fd0FhAEVpPJ&h@L=35eNQDDd29x~)vB zvK0cRli!_TCx7}#S#SjnWz_~O`}pEu2LM30Lx1nOChWuR|NAHr+e00#tohzSOYRF#&ufev-tE&wW)uUPIZvH;kD z@rX-Zg)J^w=JDp@1oa;okJ`!FTlqg3F`M+(`!;*d0z2fOVKPoAwl^b3uFVxmt;%@C zuqD$kF8qpJcHNyWF;}l1UG1o`Bb+;QHH59Zr+{T*jeGa(YR4WvO6yv=z_#4&Wi18> z<9>}L8CPtq%eYr#jrJhfdD(0)w!i%IDVz4;d^s?ryE(f>|CUL^kg1OBv^&?`pJXK% zOJ`Z%yUWtQT*`|r%Du8~-P&YDJM=Na(8wTMSXfx+I0+$QJD#=%IO^e)_7FRNZwiMy^Oq>@QPxeXV!*3G*1(UZlXZr}9WaT7TNJx7(2ck;al{@}3 zmVfp)EdQbl6}w!kPJ8cWRue~$d+G+|(qLTy)b*-%^0jgjZ8fp(+AgQ=bb-+$)Ly2Z z{dID`p77#ig@DNQS|Br;u6T8QQn}z)YOn466f^#_?D`HHrlYei7^Z=<{#6gkb#bt?zFO zOusCba*p_8_3zQHC21{3wRBZQ{HCwmuf2^3XJe<3`h?OA8#c_vCZq5TDda#~<^c1V z4D)RLiPtj550Vm(A3xq6eDJ|G5k62WP{w+~2g1725s73~-g?v6n8%LDmvBrW2ih_R z2nAv5i25X!Ys@%EEJ30P5~29meYP_oX&wSgOAw(TyeL?cLfX4Ikbc5Z*5joYto!}< zS?(`>pg_%rfuFsbdkq_XOhB113V}n{Tyf^HPe9Ez7?AMo_V+)q7w9Bu( z)1G+o9cTH);@g}AI8N8RT%c{BeskNy_J4nRz&3B$CcY_eT(>@!-LFtxWrHiTjk3@G zK3-w}N{iVxoo|Y&CtbG!H*R@giz3Fp*CB-*2szNPIDjmNT!%Lw+nGUZCH42e|J@~0 zZLQJPx{7)io7U=F*lx&ykOLtHQgHzH=#CQ4%UG}`d+(N1V-Amp90)nkyd1#wn2gt8 zFu?Un_v`|3T3t}Y6ny9V8o`3ai0a96o^k?AG+O3j?1z);tSG6LO$cIDoMB z?6c3ht&$Eq?65ro_^`r~jE}9J*we2$3BfQ~c2Ot1>RfXYZGG-@pL2U7HdUat;xen8 z_JPHea4hTe&&g*oC|)*aufw`R4s;9-;2}cBYiCi`kg|5bV@2aO+W-N=fV~Y`I-ZTh zZ9+U|OXS+^z&S47T0a4o5v^$ziUYpq!KZD^sG(L^I6!*`%hH{hEBEFiCE`xqr+JPuf4^68+&POYIw9I^K>xbcB*}Wx5#ShIqtOyI4nUdr7HHpS{$cc z_O)sHyF}}wMx?%H_1Vw5j{USn^A$3p?&Tjyjs;nL7thw1ao>*EbMZ>c5fi>0Nwe-M z)6h+e5`l7QsXPEe3OUeDIIv~Q7AGGOJ5C6f_hM})-EZ-3vOORBe)EA>grQw_*=0sj zx?n=p7Vk)k211~mf-&LYkOLtH>dyfH9$5=kEo)1P+WkIb966}ALRXKFEsCh4M=|f{r6owV{^4bJ?tj%r7wM{aW4c3o$-ZBt^BPiR<2|i zC9l3_70VY`=6=Jh_i3kuK)E?@R9IJs4yx!o346w1i9XkKTlDB5J1S&Aag z$h2r~zI7gZf<<$3ZQIk;h_y+mWXSXsV@%dB1<)JG+?ljD_&1k;)kQyx;t zf%d`yay^mB8M$Kc;K5EdB5@~1g^rs4sXq6H&|VUD-EhMVHgBHRzKjgFukz1+_A|$) z`qZ%}%Crbj{^+BR+_qAAd3ko~si*F-jp5nKind89j-@Hg__rsfP}oMufocwP>eR`_ z?=D`v*!Vo~zyl8a?Z5y2_LnU4N^+^!j^t#%agf$f1L*Yp1RjE8Avqf%_oH^_^X= zgkDQmt+Q?0OYF19jkUhoGHTL$vu(o5@7Zf_ePBZi``c%Z9&LvmJk;%t+$lH5xl|K- zT&8T&B_-wB3wfI@UcT1eoF+ML`aD~?W`nHR>bGK(alhV$1n!F$%(9Zjb2OHr*5!~B z-2Tszv~4_hLk=qHI4@)0r&i9;#7HxT^vW1FmyLJou+sGS3I z=g!@&09M{<)26x4jW^!twzlBKKoTwh?znN|nyk=b?{hY)#{%43`zoX9+!N0|+tZzO z)>+o8SFhc8S93rXsMw6zR`S}*R`JFZE1mYXbFJ2HRlicx>%T+jjFGLyK|^ z6T=^S3kM<+Nb|n+Em=G37j_Vpg)}n@rBaatZl!vVnv(CD=Ma#*UjIC&njV##^;&^s z+@{k3jQQOxr~e=ak~6yY684J<^vc94ubWOI4zqYgnH4Yk&{>Cx34ZGN*KOkDsWw`! z*oTZ7rY)hm*}y*CtXGdNmYXdLu9R&V8EH28y^ri~_djb(1ajF68LKbWU$(zuKV-I5 z`e5#2n=^lzb;`@Nefo5_e!aVEYpE>f@lzyly+KO26{|Nouw1U~pkj)jb}s1x$x(+? zt7j2$*0@hcHKr=HpQbUEESYQRUHe+z-~*itxjJTf2OO?Ka^0RkLyCZyWvGsi#fv}c z>Yqn4Y_O`Y4_L-Yym&J9Hn8pxHJ647Nv;hum*52QK2cckha5;YQ#TVTN zyn=TbfSC^pbX>KY9F7%iunqkFLP?hWRjN*_VkrjD? zKq1>LMFoVT8CjM)aG2!|A0x2b!5-Vk?C2s%#KmbWZ zK~!0}z=2>~!+Z4VV{0~-*q`qBue0jrDE9#1xRdre?%t)7b&^` zRe7nBxkqi5#(i_N(tZ+6w?XP;ZD5)83{VbV`3)iCr6P7OdGpOTTV!{FRBeXGLk`r& z0kZ15JP5TEDlad$B}0!1A zP;S#BZeZuGzyA6LUJ(`#Ik0zffJ}uCJ@n9SgJ(g+!FWr*>05!7g*VZiB>vgqE);-%_`O}t#P|X zki_PaQ83JU{O{5Bz=p7oAqQHO15ts;Tv?%cZUB}g`W5$xte!pdZr1a3-2;MsuPS*} znJUE1I$dtYB)rO%rIl|XQ8lENXfTlkVyjd>d;c+3rnuj@KJ4>+_~D1!rB_^Tixw@m zxgX83l`B_jo!cM}nvJ$idkW8(J5N^Ntu|0rsjsGG+K8&C%@J6iseUZfsFnlR)fU5Y zmSO$KQDUvb3ih!`mwW+dZSkaarc2k()=L)Vg5KS1)R z^`=#9S#O!DXS%G=_oqkfr%L&SAexLFo;@BY`@d^*PwmsEkBfWsWy9}~1Fg*gKq48O zmo8npTUYRiR#1RdvvrC?(A99fUv;euCf;C+N^yBDF!>!woH3f zV0nYHaAR3st?TwxHMLol$v{q^iQn2fTZ)a4LJqVS4xr2;krzZ3=P_f(IJpSJ0hZ&o zZc%M4pQlWj;^L5>e)?%w1)+Ao`qi&o?yAPt*&5e{K)E%z9<~{Bpo4J$felcM`}4^s zpX@RglH6-g64@h9KmBxj@4ffhyj2;+!8zxg)8uWmqWyYW=4mIokCiB=BBmU#i#vgKMX!2%P>R|i_}P`7#xeDqsfw+QDzbm1A*5If|0 z{Ks)J{{vUNS_NTz_2X#GN#7eM8XNn{nxh5MX06Q%&tsTIfxz|j&*FoY(y#W~h|8?Y z(D$a~n$FiNDcRG*e16zonexvdz&n^eg=J&BnT^7|+ln96Vgv)WaO*FoQJ-%+=d5) zj}GEL%-SY?`Z%djD-Kl$6$x5r45lK)~l9D7{3&S$x;OT ztG4$D|2s7=HzmIi7+q>y=@Ho54VoKpv242s6w`;#{+oD9H&tw@9$*0QDd?i;O6SUn zkR7M-{ke@JJe2=+x_s)^NP)D>&}!I|BiR9LrBF@a4J4J-?_COC1z498+lj$%O_gw? zMhkuR$L0kr?mht*fCA@T>LUpv`W3T_PV+TZFg@-?#4QZ$F`jv#xlw}cW5Fl0{hT&u z_5x4Gw{mOZ&d*U=3!C^>&D`GXS)|}ut6f)H%ab?v$&w8ipK7R z<~#5|kyo)iFZvtK1h7Uf=yudZz&v?4aDfD!?u5hScEq?A`@KOMs#%USjyKMGE2*Q! z;!4r{vd?q&bhYlEYd!&mx=iB%PX5NEuJ;zne47r7jI?0pFw2i0M~|RR-v;zl*5!$b zY_WqauNwjGB^%z2c2SK-vNg=3d2`w$5^QLI%EzzM_e7vt$er%;{!i9|2gRY97FEVjK}W$cRrS7rbv8n>Y?M~2z2^95?i9V(QyYtoApdFdC?{i! z!mk0AQ6&#`ST=6ubHJ0t8A{T<<%)}FE{SaCVr{FrNrVAHq!gD@_L-EAdY+j}b%F;c z6$pck_BmV6c2JI~(nCPKThjQ^=DQldO1}dp!(B;FHXB*iQ4J+w`XK|FU__|rb}dBwe;uk-gn6Ro?LTVhw_Kkt&Eixf`68K`8OG9j$pL~p~oC^UI6)-?!#8SjXIF)tt zJq`3dh;01({!%g6t*veB^JWdbFvlnpSye<0lw4deSfs_cNI%Nnuf#UcOG$Ig#sASg z$|b2+Xm^i*3fpsuYWWs7-$6Ox2DEm4DIX?QcC#O6b;k6N77$x4JE%3AXU`%RjDPBAmv1lD}q{1KlkQ3Bz++-T|m1>|Fq zeQNcbrJmB?{NKj96sl76QLAX)A-~_GdEVQC!s&erZ~%w%%ezt}(_fQA4Q_6F=80&3 z*jI9-$F9zy;`t&bOH4eY^hsv1P;{$uRr3*h5&dP=Z-pVWzCGwHP0>?4?OIuHi*60< zykq_yyrg0=#4V-QH>}r(>W03^flHLM&D09k4a4sY*tZ%C(YW-8I8Do?b@XglzBwjx z>+X#g#A)|bNY64g^3-tVByX?y8d~xm#qG;aNH|E=;^{c5zelf`Lcyw!0Qk(qF4=%K z<{800;@( zBqlfTT-td!e#9Yt;Y+Ug`yFBbzY1TvVSI3XRlXnSf-Mj3D2!|Lyyp^wPwjN(=63Z1 zJ1@pXoCZqAT0;4o3!ITBGp~8Hjn?19e|=LD*C;Td*3<|l6@}8>E;Lvz-(4;|gL2hR zos{`0SHh}6%E|gl&m+g|Ro_#xY|@wSF{m(p*=63*nHrie!ZXj{&jVz_J{ znhj?Xmz1uo>t$3)3Va+M+e`FN*nJNv-5Q{pH6GRafn5uY8b>}r zBLYikXEm(w8RR~h^U4`7R+_HvXbLe3yn3R7KZug;LI8Q|)!pa&&Swul$=QQ^PyL@d zxrVH+5AY;A0dL!!=ZD>xiEQRNa({B^A5PDsCQnoGO8Z8hFQIPY=8gj62&x1ap;lLE zR;qmsifB4WTQ18jGe>7Icu8o|EOYP-n+|Mj&b)Cp^Ir zh>HH%VIZ2U0Uk^^sF^^IP4(^%Jh+pDb0-k)I9-Hi*K9()K7N#&2zZ!`3*0hS;%V8- zUtX~Pi|9C|V*lt8bib(LHZyeu4!uiPI#d@5e7F(#2Bc7$Vk^$vFy?g1>VzZLT_?y6 zAS`z$Ilo{-LLx@#fkAMQ6LyQmsb4qrk}n6<>r*Vu*Q>Rj|4Ph}iQ*5JH&wMcx7`T( z+s_6l8r-)Pci|CIuR5Y%@%A`9;;<-v>EUwZSvr>UFCCW7LcT-M$Jt(-P0O6HeruUf(o=wtlKN$e)lL zcGkYVRzm(=ny9P&CZ?E9=9!Waa-EbNPVl+=Jf;ll_)BAy?Ug#>&Ctjp=jbtCuJNem z+s3l4BLaisA{1C{GX~hH7T}s9juxy(zF1c6?x$-}xmMuj>R%{&={ym=5GXy^o?Kp* z1M&7s?zbM>Q=>Q)({ydoKyRBW6qUya0!|BiKs0@ zN}|J}4W}j{e@pqMCkXy9BA|NbV3YCn_0z$J+vmsgmoS#+3O>RxlCEu4-+?R+={(^m zu%i?oQs7gHfwNoS0~VRr37qiyyB+W$R;y@CKvEQK^?v305Dt5Fe{6&MY!k2c>t~H? zc>?|_jdRhA8p+fyzKEk&t*ejDf>AUTl+QPV5=+?*9qYFjyNk)X#&(vli;BlgM5Jlm znj_?7+#ef3aLON6m#FutsmaHJ4tP?k(~B94>eFwjm=@~Kl)%8lx$25e>~bU*RKo}b z1Y(UxVF2Fk25G15m}Xs0xk8`hRO$e0;?<{4ILIkLa2B91RdqT1#h-6upZl<(p4&k~Hd55ylD5paEAar!O^-5X03 z9t_7%QVHimE)eS)nz?k`79sxW5M9xyM181Tk%Brv-J+B0Ng?w@`QothH8Dr|0BEzf z?YiB}tKZ|TNASkQ@n6e)e1||i=e22OQv1Y5?}0OiZ;*L+V5=EIm=rCGp-nH?v1
      }e$#i7%7qX88o6jz6;PiFQ5;8YmloPxEu`Z6)L* zwY)v_U|tnI1oM7!p{kC%r>yqVqx+LAn;w&TH^7=S^c=3b9>TX>Nx5xQw#CZtxGRDT ztg4OX9pU@C*-qoc90a8cI0E(r!b-mF5_plpHPUFh{WM>8K-Oih^bGXj>A1=F=){Hf zo*K7MuSkJ1=25V!BBzMr5I85`DUWU> zIxF}OR7*jb;3!oO`~V9hC)R4ud@NcsOk>gPXY6uR4grjmE6Fflliks2hl`z$4LTmS z$&gbt8;<39KcRVpv~tPSlh$7Rvbj1Kdp(W2FKIgiauq{OOOYM5mQJy_TcQ44&QEW{ z3a%g4gNlb9_`jqst3A>5v%DQ*iuO$kF}y!s+)4VFW|ph9a{A0;Pu>evYS!mlALdz< z&vrgrB(7#UG9_T@=-3AiaDYvcn>ZPk`%M%3-+dfGJ=m#Y&|Wi&`*V5Yx@6~mWzn}JO1BT0Bl{-!5g!2T;8i;L43tjlU6U z?b)MVH7x}gatnROvxGd#bRW~DnVOq+_%3!5C+E&Ej)Ol~!|O;pg8u?uMtLH5R5`nB zBUM%C8m6k=k#K4*o-}*xzDqq);%WcGB!rQIJcooXcnar$hy1GY>^Ja6RCOo|Z?LUx;9EKGdkz0vb6FDS z>o0tl{ng|jrXqMH%dy~@h=@q264g*2{j)9h0vuC&NU?hJLF2&M;a_owQ~qxTKkxWh zu`3X1?B@+SGBs;)URC=Hj;Hy2X*Z5g9r~ceOHv)Q0+GZoWM8lN=8?ATVPxgf~+Pv9ka!mE{oSJ zGuQESA?2=Wc^?B@vIu--j~IY;n*EU$Ko5V}s@0|5Pn&%Z{ErV#m@aSWgL256k zA9IuH{5fo7(jy^fb)LI*gHPmu!)C$2rNioa#s$PqdGs>T3Df`M&!x1khhvdTE@FBje5^;o3O?+LK83~V1G*#BqyNI~& zUMp`Ue>Gb_d+EmXLlL18zZ4HkF5xkr%rk!qVpu9LQ=4Ly(O#*UM>}n#1wCElw9e^< z;(LGCcncK@>~$XDG3i(eJc}|B8buD~u*&w{h%_oi_ynJMX&z|wQfICp>2VJ(L*ngg zdLrmGB7MfE#TSxz{HrQbcGC&(3YVb-P5;V`T4D7{BGjx5nb~jz@RwG1dNXa{7(JGc zl8TXNJ`Pk6ug8wwtXya(&4LmwU*aR&X9e|00tbt|48&q!N=>zxbbl!pGQdQGg)M!+#9ls(MVoGuj_A znm$_`_13?UXT@?2SB2s#1;nS(u)3=)#rwy(Ox+j=-2rUxqfzgK-oaF=$(?2{Y&RM1|~R4>{ftCQG=w% zaj%ZebIKb&f5KA8F50e7!)ep)bj}kIXTrIl1J6j!n{lCDy`)G?9D<1>O;xdN!%?=~ zS-PZ*-As>I5mL?x7nt=p{y?`#v}%CiUJ0Q&wgThTXDk0EJ&PD;_UfXSiMRpkjnkCf zbT8zSxLny(KMYri%Ribi*XR%1=6VW#6T>t6OA8FRd&D6K z6dem9D)GKw6Nuyce2oDH)`;;2!4s`TMfQIdEWI0|G#67ebOD`oT$Z~CGa(*q!&5$x|RM3J)E8z-f?X$5m z620VxAOb}asOA)#-V}p6?O$qoFrN|kMAS@WqSQtvestIR?7K`X zsc;wF&D&&G7b+!(DqkZ*mfCe)G9Csj{p7BTiW@A*h4&?!El*tZ?9?e-Z`@$pL!0F` z-KG?u{&+mC`t!M7oz%<%^Qx+3JwHZif&Y_GUal#%`O_AC0 zuG(UKBP2e=3h^@nWDA*MX$8;R`)}eWtUMG46z2sr>TEzEn&1x`x!+Cjkd&-`e7fi( zTRcTqrw^|Y);18(_7r7Trh*TIBwgU3N*u`jIT{l{^lr1ejI^d|3jljb4>nl}u(*6Y zatU(yhkm-@gA{>3+Mw~1>aC@TL!Tu)b~TqY9iMuYboSW_3)kE(==AWnodvLt9o zP~GBJHJs+AME3M-)NlR%A|f>7NfbplnGb)V1sNaT@$La^6`|f|@N&3{v}z zb-PUDaUVMmPw#Xpbpn^>JBu=rl0WQ5srWVM4QMDjAA>$Kfs!3 zXEBUd|B>(yLsrYoEKlriuK=g+&L;X6)f?p%B6E9k3X+l9DcQeElukVkZ)^B}+#Lys zR3nJJpf+DVonStge1m`iZ+2Ffd?}%Xc#-Z2kIin$*3@T9%$g`Dl^0+?2e(toPP-hN zDT&m`U5azT+gDYmh~s*V5j2QJ{Opu345k^eA?Rp!fdz z%(>BDNnFVotpjlba1yenr8Iz@ihL@gj|-YwZXNh+=vS{wI_(fflI{LpeTVk-pSNF? zBkD%VR{Zw!ip5zWDzCe@S}q?MuP#s#>m3LHQl#v&P&;N@bsMml=Pom1DC6^whf508XRJMr3v_iC! zfcJQcRknF_gY2Yrx%5fj>cTbw=6s3t(caxCO56zZFU{WfJ{`2zNlbdg2tWjUeLrzV zm2T~XG*IY_$>Y8*_cS{~q$-kZ5FRza=pPRm9h9DtZcB~E>09oXzBhP1-18OHZFi7B zTxl^q-O4tv4{c(u7C#mX$QMOm)uH!}{jHEAIw^30X3otw z`-(x5T)M<<$!$=W2_2*Q>OJT;wf7n@b(QfHn& z0Fg>)`Z=9yip;=;RBe3TJ8e@KO2TV*f&He4cit+rT?mh6*et4uM+G;uQEy1hvgro; z7i4=HXm4%aY3B$Zk0Mn%jJXiuKxI#}>S?6SzV!2>^|2uW`Z>A?Nt{;DPruwah?-O# zZA(?!($C~OXF9OSDMB@uW(_!2$&6}k8G1o?RfzStGYeq*vZ5KpKhcC4uA0IkE2tGnEw4t~Yw;(o%f>~Lui0ra#GzhY0kZ_H5B&yc^}YA@aSq;sR18cXb_LoDhPV;Y zp3zK$M_+j1mU#Oiz4zH@ZvihYn7J z4%A`F3k2SjcdEnto7oJUd;$?R5l@;yr+WELtE5D4A-+lC*;NQrfleNSsZI{7V`30k zcHLnDm;zpxxI@d&3LBns`+5UCeE0{WiX!|B_6QT+1!7y# zR=z)V2*b@Wtw3c<7F4Lhy7&%`5C91Rb)k9UqCm(85atD-JI5Vr_Y{CwwVO`c+r|Rp z1+b8f(q-dH%d5%r7SHM9RVfGA#iebDef*ch58)?1L01Jq32%Qj)5`C-WTPL`U?AX@ zhMX`B9L^$-$V58OJp90ciJPEq?@^3sjo)?=Gw7##tf7n6P7&^dhGCgls|IXVjF8CL zE=;Nr?tVESC6P451xCaN-Lf2zeh&=I%Ka@Z?DFfZYsMrho`}d6kbxFk_qP&mD`b@& zQj(R5;=44%XClK+QMyr~ zAvsGy`xnk-Px{AV*SNZxoGT!YswPw7i@y4?Wg58X)(Q$2B59lL@HcqgA?rz|T2p>8w(S$@G%9dsIH^U8Is?b0LlGNQhV<=h;HPuClzZ9Am}RG=ra!xDgL=jTWV8RPs2spn7e95)yZV&YLGpbL`u%!A)H_soG9W(e* zkPA&Jy;0xT1o%Av0(Y-=`vMA^#EMIMQwwRb2PrQUK|w1)Z&=h?ss<#zxurS+Rs;`e z-8N$cTfE&w%lu=}bk&}3Zoi}=rdTa(7`w*p$ppYEEC%BmQE7gzOq%6Yq$e`tveLD# z?PCfZ7g-Fl8hcUG>U1@kU+71%rEBZQLdzYgl9M+%TRL1~?qFgihK*xWmgp)6g7O3V z`n1d*lIe}p=d*L4F0H@C%V zT^xp_)36HMVpGs>f2i2;jaO_Sjmr6}lbkUa<5ryJ)jvY?G|WK=RfKKH7aK{v9SOck z!B)9_Z3x?Yyb%G}^|)wZp6W~K>69|lw}gjm$KbUXvAkw~c=IC0iS>LI047yy03556 z%)zp0JvD1wrcDOG8bC)=7w~SVFM6$a^fzV!L>)pw!%1g*W03K?&SG*C@m2R!aDNZt zcFSFO{2DT{3G6w>l<-Gxe4m@KDH=*0>7SNFE^_f=dfcS;Z6IyfIS?4{fz}9u(1qfO zKN-74^U}Mz2LVRV*qYAFeH1>R<%4i<0BZwEYH<5}Zl--(N5y;bn@z6U7*hp4E+WBy zapJTQKbKR2B1&{r2(z+u0xwSBXkob=0p2=8c30knk8f&gU^fB7e1-W~pbizh=uDj}U^8dJHeO zo@h|8=Hn zv67TECL$-9QJt5YMyTCk65n7kGNF zXWI8mq~b33aHCA3blCOu>+*Z1LZ%dsY;W;t^tJOTHkXB+j3 z`Uefg&Vx_c6!2EWBX!XCMvwHbxj#ON=~HvwD((>fH{(Hvdi54npNf^C>RbcyFn{CsbS43gp{Wb zdBSg<9nCa&_tB+7whNKfqW@~vje1>xnC`)QJ(v$Iv#AE?Km4GW#mY|`s&R+^=g*t* zGlW*qx9ZbGtCXt{Sdf=nLQn+u`=99NLxY^f2!bmJ-QZtRfh)Hy!HOtBSb6vG5H&C7 zG*HDF3ye6Bg`M+(KXP?UdtWw^p@$-WXKTXQ=J0I82$mHx*nl!R11)Ro$F$C?#=}4$hRTt3l)H z*y;>KI@xSgXt6iEINvr@>y`-^{#gwBRXg$cwi2)% z>`N3cay3auUy15l=!PT5E0K)VnT33rkAKr)RXuL>`tM1gn3c%(;@YN!4F?HNUHTiF z1?F50 z+?y*nSIpbDJOeB>ASRj%S^eXWj*QMq=Cu21#3MBUFx}3YTD2RFmv?YHq91%z5hv*p zlNuO~OK#431HW=i7V4z^P0tLKB%$v_MxCY2HFf$hJvQ1Fk(Xjx9L zK|_i2A!f|uw(i+_rc#gKL4sGGOyiWtQge-sF7!{QS}xH zEavod$!=Y&y}*5~o7f)CO5u;IhKnIJvOz}#4e@fR zc_(Um9dNp09=M#3&39b8hQvs%xa2&jE2+AQy`KtN^Lz%t2hv`Ml=Q zUzY5;lA2F0(Ux;>>_$$x9BkFvqnY^So+;U)&dY+mwQEFmhx*eVgBfbJKB#G-X|eZf zQ=R^9)E{j;u4XQW&wiP0%Vu!t=zJ&lKUmo-bo};Ju?*Dyn{QOf5itL=b$B7CDp9&h zmJj6h&a@7j+%3Lc;)u&{dt3LCT6lawF=fBNFR|>tRhAnz|J?y#)eVZ$9dLa5v0H8! zWO*6Sl+_UO!;fOM?t`%gv1gTG!*$69*^EH$^0-n9I^YY#a@ZQW#`tx8YwmSR2F1qlmxLq8<1P9cFE zx*CmIMjb%^^i_Ep?Tb`5CJ>oRFolFq#=?p=gMF56%rva|vfHZq&{cPkPeGZkV#QEZ0`4jnMkUO?ak#mXE+y3${&ET6VDEW#JxX|uw&Ew%Pg9H) z41WU&b-ZtMK+;_bY@UcF&V$dq!w`^)O_gb-nY%(9(l9~Zcu%hVEJb9PsOX+;@mu$h z+@Mje#-_WHX+i`t?p$Ng^&d@7_9`<#?O_v}l=79*P166b)a`53h%i zP6g-@k)L800%{>UJ4W$oh^Gl>8&s0Q=IV6Mhj`E7qwHq*O=%2B44--(B-^hy&|r(yfedvQhFva1 z!oNOt1ZF>8slbmKw^L}MQgA2;M5`AC$N^aQ7)PiNY=&P(+mIbFwJ}!$`+Sih>tusr zG`fd<&Bh?m9*hm9TCwRfI300|ft(}dMSF@nA@p^KR?Rxlf{xiR)F!1KC7&8VJ7MMO zv_^KWx4|a!{K#)O=rR80GkwY(Nb@hl0aCUyqtHKEQbA{!dqY1WWzC9v?7Pz&+6s!3 zZ+&1iD`Ev2J(dTtHHtNCTY1L2NZB0m_*ukMucT3LgS<>M_K{Npvw)5Hon-|Bs1mEC z&w!X)rH`P6-j?X2wNqdI==aTowZPkVYWc1o>Cduv^e#?l2FAS~?!#NEP%fTYhInnxEoM@CP9j^_WE-JFA1@LD03$`#_yR$Owp__gQdmLS} zA-Jmo(n#p0RbPD((%>@XD`5CP8gbg(7`WjW9dmZ5J;uTN?2SMYIvUh?8aD_}C8RAc zu#2gpKB-V8NK6`6&!9bb<9?&lF61tl+~-b3f-q75zbd$g*$S_yik{Ff7B2~n5)jsx zfY=cd8ZRSi_Ivr80N?>ljTId)UkoUUFR<ermXa#p7gZ1{zeQ?csr2pT1{S^T zH2FTnbj)zeMHQ_NEu+u5m&1EBQ#NhOD_)HtSM>Jf4r<{&-mXiiNCGzg8??FHz$K$} zR0v`=BAOLO5BCUTXyAxj+|a9N(`Z-RvyU4B`$&5lI6(4#z&wLgZ%aW6!(u~OloZI9wtY+TgVjz2Es`3Er3+8!W z=}v&|7}ZsGKbZ7)NZ2dd;QR>O+50qINHXe3(;!08+-DqE&88Rw-jV$>W zz3SK9&Zhr5Ssn@NJzzF_4b%AmItfjVjs&M)e)Ag5&>2PD=D@y+x??wg5wgls=6zy)DHE$<&=vi%dD zO<`5Z=8k{2Jb~TRzwf_*-OG1&H-m@n<=(1F4T_)*&6@yjX+L+RZgEp`vB9!OC^&0p z0lM5=9=i?tPv7r?%IKC+A#O-r<-Dki74_81iF2MzveS>tI&I6=Vh=ov*F$G8@Ybs+ zRyWt;W+BBzy5>QF}_|~STLL^a^1;+OM%^a zInI>jVZK&*^}Gg8x-&-Zc*@kU_Ts>}@~PE&EC{h_B=w2S_CB?)_R=chKV@tR<42W+ z!sFApm-}D%B^MnItFH9MKCCWfm_$*T_e>^IA;^_(;7;~~!wCVUBQ|7s^mM_Y5)47( zdfP)Fi5P{Pf+d;C(lU;jNXqeEuWkzR$5hxPP&Kfie*hefdt3#;db=(~YQIW@#CH?M z!QB;YX@HiH-4s}D7;wwY%Iew^j;fyY*#*r7ASNCe${%tt`CvhnhfRcc%1vfQ*XA(iZGL_?nFW!OOy&38ddfxPPaz@Bdc>Z>-SQ+DgbuOLJ> zHZxNE0I-y_j}Py5Z{pmTn($r|yp9#`!3^}ve@06^g#=FHa@zf&_(WAKssrY99MkTy z{jC@VPV<>q%BA*>tfySVgqQ}tcD|F9NV^72l(3M|V!{S9Wo*ApbciF#-Fyt7EPhV1 zSYaY~TodQhsjxYA&C&Rk)pxMCzuM%Bz!=f(%q^XZik07_a78JgE5c=jD;eXHX)l%+ zu!DRNFMN>0up{IVb{TRzYzQ3k&g}({iF6TNgbNR5nm?{J=R#TbyU!KHAY9qtg{|97 zFTQ+|9Y@ze zl10ZFV7(!Trjhd*MfVfvjsP69V`S#nk<_?RH2in zufkAh?&Kf;$gZyQV_aFD_$DEa(Nz?mK!2TfjbcPP72nLf+>wy*H`jxeReTiYgags&^o5)x@yBYQXuA z++mLsuY|D8{DnN}oQ@wCRqfMe9ull?i1dd&f8eP+VbG?=ASNMgCR!3c5g-JxZ5b*# zp_GI~4Z>+>&P)~5w=_-y0~;+b8wPkoX+u%P!T3D>E?@I2Hp86A@APVj5Z#=9 zWqugBDYvK0c$f3aZ;y*2(h7*}pMVeG$Nzz{XcPE$iyEd)lMDEqp;~G)d7bE&vHx_( zcXURvP98<*cW?(TD%q55l2f0{mf{lyC?oBf@O3a|5Z3>4GeMP%+!d4`h7|<|BWx1> zuyjJ1Kpfv^C*;h*_;g;eZl%zqKrg@Jn>}dh@V@G}ZxtfW`GfW5G(xI7rOESm&C}H<`WT&1;NHehzjn;P! ziH8#0IJKX-N!Mm50iSm*J12fbqUo9#lZ^30_ZznaP={z0@X*{C~l%GzE0yHpq=G9SdJT6ReJ8uS`VmV^+4&;Of&(b%gtw4v95{D#~k<&!hKR3vd(Y~ zwah%-!TAVo@!~m~%g>kq&fpB6e6apSNPFVuV&l6)bU&2>wNrLl2yaiZMgx1W!3c{} z@ntpMMOi6}6RN9(?3#aFTjzhK0aGuW+)%6%A0deQJOwO)O;fM(don;41aL)W5Fly% zXc+G%Ap)P=%XE#M=_k~;HZO6VWYQr7B43LQIeb+ZLbw^=PYP9W?Cuuih2OLKn19|S z)L2{tjNpXszHdC(*`p$%3C)Ag-3iEn&8Yn7P+e8!q{4o$YDwP$&@h7IieO~MtM4c! zhok!WUeQk*igkaa>YB~W#`-nWSe3mjT$Pi=Z=#tmLxc`!YDCszVV~DhbCurMW4mxO z`Mkhh&Q$GWko?ytBlbgG!~5i0edpU6;_7#>gr){>yz!`s$Z|;0khI{b41Oj>6tobF{iH2;r3&^!v={? zkUYWG9atzdsvf7{cZpP$G*cCp`vCzpzUJT%4uq0ehlYuYPs zzaLY9B@@Wn#GYX2m;eS;1dpq~E1vHDWFscQJog3s;Kzg-92tGBi1Kzbw|$T~TWL7j z=$Etl0P?RvEBsLs#trgF77TqkH&O;Vg5#;CzTiV(YahE$j0kTQ2sd(&aR6Hi@qjNy zb*XOhLBm!}09Ngm0U(W^(n{D7mRqI&C4&%`AAXJngYLA4??KrbQD{qBdW6$}=GR1q1 z<25?oikUxaU>%81ei8v0$Y__6LHPW@hdi%^SfaSUNhDL$=RaF+HKuW%3$Fh2vyw5f zmT2GKO-Tv7|WCZc;YyX;&zOoFl5A%Xu*o<(Pe=Nc% zJ$GItdJ>?&PaQvKApC~2OF)tp|CC@?b_t&wwW)9Y2?Y&NNCvIdFwP-GV&|SP@I()1 z4cHaXbBP=FK^|^JqDKXJ$e)Ky6;}5}VepV8>@Y=cN%oeTs}XwG5I+cl1@R#bLL(7F$zBd9Swn!Go+UWlMVCZ33=%N`p?r$Of2RvSH13 z_--^|ld9Lmfn_^tTosVv1IO8Hx4?C$*E}@NdO>p7Qg~i3MTe}u{~&3W9zOAY?P`=B zinPCZpsPPWC0vBvdnor+^|&%Pjzh<{bYYG&+l(KDR+r+#1_sx@1#(zeO5W?5=C3)c zKjXRf2Tspejtt$-ZOUTk6!bB1!zky1jlXs$a1zNJ%90vc zHm>*{I2V3j&ObDe^j0R}_&ag$Vocri`y5C)`vKg~QutN4tbF{`aMTqLCSP;Ykz&UM z<=>Lr6q3YZUFVh?%@9z(c5;d~3nCx*+#C1G#zaSBGHB$U z%c$m8MoolDyu(F$O_Di(7|OnG$5y&iP3%BYALd#llTgAWfLCcvJ)-5V*F~N9@-1rf zou%3MaP2>!Ou6FmoHJ(0$1>zJr5Wonfs~ZFBHW^do;Yhz&g{M3_m$0bcM+D)!rz$T>le$e8Mn>kb&xV#Y+0U$PV)IPZj-Any{7Qhgq+)U^OKPpGhJGe(c z7Y8rlYbqCAsbl@nI3XQ>HXTD7^Ok$`%5r9bVQelR^Pa8 ze&g#S7_u;1>fiuqFb}5k-34JsUnAe@gm-U}Yce)Q6@vHo4S$xgkA@|~hwvamMV^8# zi{=Im_EBszz3+x!a}3EZ%ZSANuq$I}P92Q;XNLJRAN$ULci4f%z;T(+>WCdY`!lsc z1DqVm0-EK`jc+??I@>&2T)odW^6XE(@^Ko384UBOS6uvMQSIJL0(;JsCXcr$ORGgQ zhO-;^|M%s!TslWo_zqKgVS!s=7$t6$rW{g9?v9g+)KJTcLu@s$Kn3Bt_WxVNQA$>L zpJ6ciG3#A@clAhL&0YD(!uhM-j{i7PZ*k(g@7>WgQlIw-3|gJbo$&VVTNBj4(<$l< zVTgY0*6CxjjQ>iB*2)ty>e$${$%mVejDgKy{NcKdnh%2lV^u#1++>mCKORq3*O*%s z=>*sluIXRoNdwhxEe{Mbbk53ga~n(Zl>;J%Ysxwwg#&a`wT%#}{wbV!;UIamvq0Rw zn@15wy7dWE3K+0h0grY*qM) z{|N$1m$TN;a%gdOO)W8f$gUZDWv)DN;zR$zkv5->dtU5vM#n{3t)+)YZKX~R@VU^& zWw${p=k{Cp{d^XmrC=TF>_Gpi;fta|m5peNhfYYFhv@fdHnoZ`tL(i5oMvfUE^QKU zfI0f#N;L>WUh7vpP)rvoyGgo*w6v==j*8yZMltL} z9#4gIbIU74JR-kn<0Db|Cyu_WjC$ z9))Km4$fN3`z2hx%gCrQ+;7V9?QS7GMgbL=qd#^44giC*Iza?V+P%iXjz&S_M(ZG; z_v+KJmt!J9$1;=B`7QAB$g-xLg{uR31# zn}hQ@I5}7rVRnO2J|4R*0Sc<|r-Adtsl!eI%9s2iPmhuS@B9Wci>M4^F~9jpmaLzA zt;gxgtfP}71kdM~JPQI$>V68Va`wAP{}Fv&%X~wc>n*_U@~<&}gnNK?^noTrf^R&x z%pBHVc5p1!OEh}z`0N1O3;6Ai!1wltC6lLf(ieiz(TjPJ_}78lh|X=s>caqXUykR3 z9d-+aGK}nv_1w#RImx_AsZNE3k8l|VwoHIV;ZXx&O_E`MKH&h~2Ejd( z^M>eixT2?!?d@&;_9+xt*UA8+T=Q0flH*d7+hqrN*{fq0|IHEN;BDX93L_Fm!i#N* zjwziNFO~RX9b(~xedoH09sWTn_`QgH^Lt~EN0}wE_48%~YAV}@=+RG(GYER&vm?QV z#z)jgqrr08JYB8tls+X}*|z>L7P|*^20lVl%>&OO=&l;&Ca7WU23`lSg7Dg<1k?EP zWWG0bA=Ue)S%^a{Pem&jN3VJ+==@=}j&F+ET`=KkhY-*5jnE5BIX3a;%EDc+dbE2> zGH1F)Kc-D{pP|f`W0%h7&0pNGR~?4Fll=mEi@C%^hc=H%ufN^ty-DRUaQ50K>rK9c zs29N97!O5MK|N<|7b4Lj8)&;E3Yq5ziOdTyE`vJR{=f7m1iZByM#sK)N(Z7^wFd(Y^gED>mpw^>d>xywrx}WH=RXQ`zi6cXGxTFt|4jo z!sIRdbu_yYc<*$b?@;1=K@jkNe7$v4Rp0jo3J6k4Bi&Mpq;w-CNQlzi-O}Bil2XzN zm+tP66zOhIx;x&!-%siLz46AlL*WnZIcJ}}*P3gtn9#Xtfs37$CkEZ3y(ByzzOdua zQRT3@xMT+6KocxN9Iv%r(phYkKYN$(RLer1OktF})n4!|GW%39>i0PX|Elm)RPUHt zL|&_Ni1yP{6D0X=lsnKJqee#k6vcFZ38coT6E)4G6B)`>rM_TCIlKQGY4zw{9)a%OPJ($+Mzf$f9z+V~&aw2BsS+ILi zRT6u(fT!o@vRRE2ov*bp2qCHL$gi!Pa@YrxU8=T=8-^~5(ZM(n0Sz-+L-&c^gip?; zu#ediIM33XKzX{;@*_gaIl-yQhRn6=h40(#M-+&k!XEH(=4W`;kMhW-^Knz_yuvq- z{`v|_10ki5%uS#FfK*v}!YAQrTu8?4j`40Fk(CVrqn{=2lP5E;Y178&tckBk)nfhT zb}m|i%y|2W?rkbGPd{eNoSf%RI}Z9J+bKTel3Lwf@w1hA$n_wwY=wpjAVibR2;T7@ zIHM5XJ+DMv>B+caH3PAC+NG!l>{ly^a*I^QkaE@y|2Hts9OT67@mH!9Bym_k#$?OL zlsj!rq51XRgn4+5Is$L`e!6?#x3dhl{VM2O1xHxJxz7H+z8y%3M_2L1xA>uF;f0(8 zouj7%PD6=d^>f{9@dFGmJdCl*8f9H%xxH&<5(ZN&`x^FDk>WlMW*tl|48XRx^iG8z zkw*QX&2ax=H2BGospZBl0#8c%7*Rv$Ld*l%=Kkh*c(TShyPu*2Gqin=CO_3Kw1W}< zh>+484E`J0DOn6?Bqp~);bg$gj6sIecu7HAxNW4+g2(DNNn8DH@#@B*lSX&_wME8i zZf7ZlSNdAX+Q0bM{DZ9F; zsrpjE__HBu=IP5wyYN#)bgXpa^ag|BDl+qxt1dR_%bC{flEs!@v%(gE)63?ALA3|e z)x)-1QsUkQT4&#`+8hM5Dl*NZwOgE3Y0qd?1>5y^gB~CSa?V}wHXN1rTNE=qxw|Vr zx6Q>e#x!Q2m)UPhTe7Yh`Nd5&t(>b-Tv1u{{=E)M0hdRs!>3p`!wylgVe0r^^UIs1m~=gqG)RT|m^c=TRa^eBf=#h(@-C-^sL)|8Wbh15d|kwq zdJ@=!kn!v2=S7qVB*FY%K`*2Dp%w^c$ z-J5UVEC|J*;|#TQ&=yr7XDBvtfN?SCzX9zR+h=@KX#0sRH@Tojy~U16fa4J@BU+;2 z%Y0~m)I2II#+ye^53M_i;6twN&uUuguF8za8;3Ily*M#=+|Deh9Fy@LiIkM=n;2%C zh^9egaIh8X6$>99Sggi0dv0}D>4^MrVK&>DPa_|f+Y!_J>0*(6@BbPu0{ zKzeWx7M`s#(n9DyP;Undx%5F2VeUnJq!iyG7|9h4dPMK-l3SONC&17N0G3`~1TaBV zq0QhHAsTWcI@(^hr?SrLs)q9^0v`41Y$|vvoX#75{$XsV$Kk6_0(E32Y|{_P-;!+; zhoU-1NxwWrXi}o-GrTTt*efqAuJ1F1NqcD;t8V@CJj(NgD*u9xp5C@tw-R=QL+ioV zH^PpKFG1B`?t7`CKCG+MST!Dsqk z^>qye4Rf<6A_p+B2*!!x*}j)I#~G>@1qc@>+RdY@HW<9g>e@X&I5*BZ$sm)q>- zU#!(EdiEc#F&91H3ZkmrM0L)f5ThD4et$UIDR0jpw|kH#`C#2>p-$R(^)jX80P+}a zjZgZ2g#pp24^)y44=nn}@llovxgUSypq z)k&Tpdb74|sIUiTQ+*_{l7mrz`wm+oV1)+z2oII?VIS2LoDFOil4m+-%-)>#z>Hp7zCyP=tuD#1)C$5?Cl>_-LRl2h6AZi2 zSrP(J@p#DPNW8sf(wTLA`LA~>7;~GRCmoU56W5w+7{w6+dU%NF>~ zru5lQZ8OLx60i4L7SkSJpcB6AtqQPK>@@N;tm?;ub(s_n zZbP#3G=7akR-FOJA>AW|x=)z1-w0&}*iSPbeJ&ofBg@^zpyQozO7cP*Z#d~rv8vvF zi!yv8G@Sz*u%pfJ*`mB2h$R;-0RYneq z!^9_^3v7$VqM1sr8s-k>Swc^e8#Mt9Y zNfElbG;UE<)hV|^!9>9bP!Lp9bE#lm_7v9rl|u z)T=br1(u^*vZSY2H%~X@Uq1A_Vj@;nsYu?&A*L+R=6kwSKj_!YT-@vE9C1L)1x68d zV@N&iDV5o77hbAlldX{;yUu=Ge`rK&rmT)k>-c(ojgeOC&Bg`YZKRblZ8>HR=-NM_ zPc3cihSaiP7=C&s>42VzM$HrEq-Ogo7fX7YqWf3#d7%>Ijav{N7~!pXH{ueXE6O*w zu}p=Yn`A%mDtl$`qG0li)wsr*6{)yw+T%$W(r$_|+v$yK(Y^u?K^bG-0=8QUI7$pQ zICrMYJ%x+g7d!N<_t_?Tfwc!t{#^)#43sS8{$YZ%wV7))*m&LY7@4&=5~1cAPs&m; zM4!hk`37{+;#jTyP^Y)~N>gB9;5L`UTHSjlLZmW6`Oyk-G9rBA1Yv~iY|vtmMS_&` z)S0d|ifkfb0Oi`|jf%~Mg5Kl&9P8&5w^f?(vi>j`Z=2C;Z}bpy$nP-B0=R#$FP`E) zSGq7s7Jh2KL*TKWBqaiai2|3h{WvDaPtu4N{rmzmqH$r##djUwX@i$?^93f2 z6!j*BLii8T$-3UN_Nt$GDON}5mm(=6^_~c}QO5E{)CZI+G?Q24l^tgTXQOAnGB70} zu8+4G$Q7SAjpJsf^2QUl`OFQ-Mz1ut%=42+<;shbyG@!W+D~i3M>3cmlcp^?gv8!m zBq0+tZnU4*0yWD!dpWc<533y<$eMnd#B}1`GPf39@WOjMu1Ct2cKpYs%_YZqh1a7G z>f@T+ZaT`B+Fl7FvW2iL@qYKBB!_!T-TFa_^_BmkU~>ijZacs0d*0#vZtA#f7}E2V z1N|7q*b6x0_2{OJ9e^EYva(ze@rcP6wFpw|addz8G<%d9jD{!R_ ze-sLn!P3ZFN_a%&{e5}AH%QiHT$!(`0VJ?CM5jWq`#O_?2(4Hhzj)#tQ(xZ=%`B)ow#0ahBt zRs~4HeCc{vdstXVQF^*$ES1o)b$lAQee5xw!6RpDfHC1`NBvB0crRLn??Z&*kjNdA z^ji5`Naqep19d(GG#$*NPNqX5*%f{&MD25uk`G91uv>nAvcml1S*l`6%)a5cmaBDI z@9ohMJ14wGi_P_;6+w*}?&<-QC(L;XH-MHqE&f@XUm=*4L2lwYl}J$M+eA``vY_C8 zmTde+hzTe2n(e$xH4Yo=qs3-I#9iClJ)*w(^z}Yc;|%BE2rD1~3jZ=@;IlEd#^NfuW*~u&Ct*7`#WZ!!P{(VV!$ylj~`pnQ{{?9PJzL zed1%)gjr3TKO6P8kaAns`dLwSD(@_WUMu zIb{_pWF!QF*=Ln9@S^1V$V-}Cel{q=GGIo}uHW&BOVFm-#pBKMST_ef_a*NBSNgtI zdO1WqA53N{->+mYvAZ_9x_CY1Hh(L^ZQNL{NMtL;jOR)0T%S7Mju=W?!simw$nvJe zYsQ`A{1q08oWoBxcll{qH@;tOt|^LcnGrk1QBHpN(`d&8bnt|zZ_Qi^aJYwhuLzpD z>xUw!VLx0PE&JwC!j+M?8Ykeq>U@B-=T-KTv*oJw$7_uTe8L#b(;lC@o#M71AIDu< z89OxjP)*kMn!}7rBdy_9k1&Ds`)21hWTqdv&}Mf3Z3 zy04q4j^eaugXc$=cK|alXkt?m7B6}5b>U)Y`Nu+mLrUd-W(nk8R0v*A+?zg5cMJ2E zu8YZ=Cqxq#=;+>;M1Ew_25qlUUlFKMeP>Y}UnTXw^;-zBpq(fImR%^dE?iWZdWF8Y zeNGhXr|(T+4kI%4ZIp3_fJbA)A#|WQ=Yn&#oT-Qurj>xL_M@26WIj2UowA-r!w2Ti z?UygUi*4ZL@TX5jBVJx@mz?h&iUyN&!*{i*JyHD;MSDXsG1fKjOC+fA6>}M$hX=s* z+d&7D=jEPAT!GZN`C(57R3svae~}^ir|6yOlcnPawLf^E0SR&Z*4`*;m!UwpDIR#G z7AEu($wt4&Dam1Nlbz6`>s1PpLh(C_4CY1E=ES)#M;*bzXp8%$MsrAVlw-%)F4wy? z`MEV6hOyg&U3l8594$oKeCUlyvcfm8#nu}6wH(p;$#*7E9(zsaT8pF}RHd)nYTMWl zld!rmCp`5#&ki`Zqdm<4eY&6+zWsbs*fYH2PFKdGcv5t;JAm-~5CkDtWk*^Dx*5H< z7DG2UwA9$*O_P~6=Zw-3K{%y>*T_PnNNCy)7QeNaE6%|tA9 zm`B63$M=u3q#oCT{L(AS1a*<`G(HuaP`4rLavn}$%^e;dn9sW=iu56GiaL>S?+6@= z?igJ^<&26U($;&lEwjjc%ka?lfj~@3Z6sernqhUh4bUx`SXQi z`*^us=Yljht^Jc%-xq;JWTEt4PueDA`IyukvaqDqwohjt?xaIEjEjc+ToF{9nq#PDW za&o@c?6am(&C{e(MytY0?-Cv8YO(c5HoBjjo6Z=Zv2czNRQdHf58r<02h{i3$*7!L zKL%%$N)%;O29e|y3Mb5fgDC!Lxg^;f9~;^nZ|#T@rjH6{@Xbw6!SKz_W@ZrS(V`sX zQN=;pT0_JvjtBuu+FgCC^Xod%XEeo+HBzRc_ARe^uQ}&z{3zbPPVtAyZGy)7_fwRj z9qi=Bgdt z5s=V^U&YJCOt~7`D)F0xDb`GU_rAkqgO5*{N(etsJ@p1l=T0u9!|#bo?<~1&sXUS! zxvIn6dm|cKC#Pi@f-R;>eHrp}jzLdM$UrZmi>D6}#R_iGjP_y$;XT?(;C!jN=Ekku{tyS9-WIDsO6hbY{;<$Mdh=Jy5_#6eR zc@U9Qvq}uYA&F}HW233=2x`tul_k~pP_HHpql=d(D|(hX?LaZMEQ~L$6kslvB!abN zII#!)B02CH&1oJAX5sFqBGW5iY zN5nHVvyMz@hRC^nDu;dS5S4MBgr&|3dF!ZV0;z_StrO!Z&39it0ee4i)wTCGlWJWhW1!bPIoOJ~TBVS|^<=7~jfVcHPiXdvIo zXHmN|L52c)I2T!OQ^jBd6#IBpO4QMaJeiaY{^EAWVxMIS_Iiqn*m>9FU9#O>tiBN% z$eEZBJXj|135EBm(9BV8gd7ws(Zr;*cF?=+EM2W9l#UNB7b*0FY7>batqAFlRX4{FH$5NypO1@iE%GjEnDRIgm`BHSzb`7xKElLat>-7-^H$?$w*Z^=YD^^%=x1JI>yPtR2Yo*M^!|pZH@9m8}P|bi6SG z&YJwnBT*T3qrtP?G8JbqycPDw=KFj+99DBb^O<+%n|c(MR<5M%61L0N`_ynZ34){@ zYYB!cRux`>XXd79C0_f*xB-(Z5k)Gnq+|jg<2Ipc>>?bFZ`Aj$l#~s@@1;Vp7Cbuw z(`@%152k8TU))=MQb^aU82QMciq9;;-bjCaa8Tept~Iwdk3s9lkbr~FYH0%V5zxy4+fsXi82`a4|7_E@-@^ z*-6RVhrd~2s$MYa>(b;Q+lB>8;QX?RkTl{!FxUG49g^AehJPI(!Kfeuc#a{nP_s4s ztXnk^?iv5_=D!~zSSW^4zRBqEwpSPKM2)tf`bw6f*UPI{*WV3uRo3Agviy)89ZYIa z^?or_RqN*BGAU1oDt_>-vk;^Gq!}$oD>Cn8)n=EX(-lgqb{PA*dQR1;bOxh?%C+mY z>sa}AO3Fe`&JU~I6_iTL)gNpVRch?!+~$|8cwLU=cxQjupPNH+@B+ulp zhte_&KQ+oeGGw|_(qzs4;F^(28@y!nFtqpZE735MpCHAYzaHpP zCeia*P}MFUYJB+`RK=~u|K@4j>cOk86e0g^Bt|$HIWx2S+u22~HuvNR$ApBDq0n-x zT^>QfNyNJqoB5l?4)r;{wIW$Asx0jOTIvyr6j_^NzZ&kCM)ym*!qraGlfD=ot;%73 zYttVp^(m@W!SwW2#UFt7hUTXNvufRWS5C`I@5N$hoFeM&`~ZhfTarCdH3TAoGUfaN ztMAa&=q2O72U$eS`?9G>t>&!X+r0R2Vx5J|)8JUsYM(Qr&Xsay@rn+fl;vI}Rc(;9EZl{Nfoa9X zs@pYWwv%XXrZ3$wM|Ek1^!>=rR#`r^iTv?6pT3wou?g{y_?I3J$6Ee7I@CgIDt1&A(cw@^d z6k}^>)w5Et8!fjv+|GAv(o&9v$uKN-XR3N~RKH1kcZJm<&EXgeGe&OLurZTeeanp< zRB1%s>5|zCJl(b&&6C0E^L~rzLn-TxXg*CpU6hzsouw)v!u{#Pc=bP5_C_-J2qSFI zlQ#X0DW(Ao;qBPqhUK@Md4Ju8aH3XiVER75jwSIf#P@OCd%f5BAF+3YI{8F2O1}}v zs3levD)XLivrp`-eFT)B9CUe6P+^bIzx-?2zz?1Dus_Nx`Ky|0cJ^lKMxWHW=Z-LR zdF1R;9mn~t(^6AY7fJiu6{)d%q_6Wcnhg6Qp#E4GMFpnGSK533jPQI(dL0QC+0X;) zFXssTmwX60b>!Eh#8Iwqh^K0`HoEU6!nPfHb2WY-9JimkE(+kq%+8Aj`8t=#mt`$h z%ZqU9jHtn*F!)%`R!=)HTD5~=vB`#=TX1gPb@;XZc8s4*@&4Jfu$aNrK49kIc)|Ox zzD8ADVNa%uH5;-f_!e+&zTj|SEkt?a-m%f$uM(JJ%F zsku6PyXhZ?PS2M`ZGzo3yO9n181YOV`Gn^t>u4bvZqQZiw))&M28?B{azY4!jkA?l zg3e{uYI41dlU?nOs6Zp(xmkOQ<@74z()($gexwFT=s%_*SZD}IXPuhUl%+;iR<^pX zVsiuHLp&yq#3o08nHsm|U(TkVzcarXz#@{oq$jN*R5m|UAfqX2CrK9XXZ2nYEIJwT z&WA%ZV6>hzfZ`2{i-TnjKxc(*rgmTYNWCpN_N%|b`S0n7u}tW213A= zCL~j}M3dH$R}P89r#XGs*Y;rOl;>N6*6=6p{`Bj`P4~s^iK2@2p?TNMArh@OAkyfS zdb*XsD*eUv9sEi#4CBNDM6{F3nU;$cRDH9czB2d^io6LS)&K1_p*c*G(c(0As~?@~ zDzepJVtDP(O7kLNKhO>+3qmvdLfPqxNh#hiJJU^1e*1|xDR=W9_OE2>>Fy}eeJTVr2!NQ49;l-e4P zkQ?i9|9hLMSX|>`IlJG>vNP1VjL(SGo6HntQ+mtq!0lOHPZU{AuWSk>K2z*78-wTu zp^=rxhENx|MUhS%R*pW6t;qSpDMs#z1Rb?L(cxjeJ@!>!v?@Vz=&lY>5dzQ0f7>_i z)biC9s=WC<+(Xp$aYY(sa|@o^FQAiEb8~W1zt<|Hs&7mTrdZ5xDOOwd8%aC(CW}ND zZ;co5Zrl0pF19RI^M=KRg12{ry_7jw;&p3I#H`~TWpSI(pfpyX`1}r$RDvpQ+krUk z(PI#3{)4$AB|fkI%2%yBTDOeqx4el;)UK8jB-KA9;;5XkRGT%;PqTWVR$Y3ucdPK4 zQLoB=67(?e*|g@m%$QzlEEPXs>~nbL)!_IVwrT8_n9eO+N z*cXRAWV?V{s{smLGhjR{#O-|VkbjAbB+cJ0H68!4^nZ85O4)j| z+SvJoNy`GeJIZNqBxLACef_x8NNI?XG)$=-Zr`;-d|!N#NLQ%m0tWuSz@R}yp9mmi%D{)$EHjlH*VA}r@x1?p(LnC?^iK^U?QsAtAAl+kzrx2mN& zi)V#x6ZH<}Et>ZL!gP}PK#MH}vQDEZUNz3L)6c!PlOu1_youBhwqFc9`)`i`6HNj8 zgIy;5<#h9{Yv^FoVVb4Gap=d7PWbdXbP{~Un%(;6?Y!EEcozQFG^>xYroQRZMrwwB zi49SzQ!q52-on{F57V9!6TD8Y5jQSx-~e`e4I7qE2x{C?fOZ@|sF|9`m&OB1sYw?6bnogQ~MnaH}f<{EIS4proYh=33oyR z<&~(`&JgTfkZ3G-J>8lHRlX*m#vr0a_{n$7*K~N_vGaAo{r+wBgp}Y*G4k{BuGZzZ zC4Oe6m+eNpImnhxE17|uYYbSFlFv`pCV;iW??>Qa8J6Z~3jx)Z~A z>_6WG-oRs6Q6_sFb~zR+*^q~na4sS`#~XtjU}%5GCq7{68+OY3k8(8G?OwtnuV=gb zWctr%{uQ|eOTz&b+A1Qe+O~Xepb(rIWkr(s;03%N57v)T4B}uk;s3VyUndXcIV_xm zrcE0H9Cok8S>%y{+0#mBZRK9Wz5o%s zS={)Sw^Y}UzZkto0+)HFGXCZN{GE)><#pNe{Z=~OgJ*Ho3b?fA#SBi5rloS7cs=z8IO?HFL=lZ|2-vtFDV6$&Cl-?Zfh|T z5U=|?N1*9A3*MkHkbQa4DWSoPE>k>-aNKA*_ODxm{t&GX7lck$JvKI0i7?XLepb4{ zP7QHMi;iyXD+$AWo>0BPE`7MtHTp#R?Y*I-4mf~X#GtfoalvJigclrLHb{QNr5tz- z_rpHo|LmT>uHYgC6VqV5C?Ng%^=tKN>qV=905M3BcFO{X^@4?ZwFOJ{{#@OtuKX#;n;`XZa%eBxyPT_QC-{WmEf zXqw-nj6p;d%l>2ynw7pdTrGN=Esk)=96FFh9Tzt6b;9RAOa{=R5gd|wCkv{G^V!a{ zrz-GrFM#NY^(!HLlE_Moj;A+icMh&vF-k@YtNW$?Etq3Ks=gAGUd=+KCqRXAX~GM2 z!Ysm(aOZ9m&A2{nIX>MefvYc%N%^J%(MSpq5fPTwXlv2WFc(ANm{lIX{qy`S3BqIa z054PpzI7^<+uq`6?c3RI&7x}|i)j$0W?_FE{pyS6)2;D}nJRO2@P89EKCF7PyNfkK z9-7FL=XN1j)Q#SGkLRjP(NRyqzPa(mB@8grEuraj){Di50 z>{nuG7~4jNZKZ2ayaR$gfn$+JBcY$grj#HmBkH!ZRp!RDX&+*>Z6d_sS06@rnaqNl z#|jA3hUGvah}n1n6zE!OGQH_ho{AC^sVmLUCCT{hzJxL zs_w+ys#K(=3S@GMz!GcW>r(@<%MYKpB0rQwa$t0a*oYG&zKzl`N@ql!F!pEhy@ON? z9r+#&unnIi?5aevsS)3Sti!Ce*R^`X*^K!vy4QtY{0nssHO;T{bePfdkytA1&;Kxy zF0XZZB1r_|zk{v=YxP>2%;gF77Ece}^EvxlP}H(*2v)t3YpB2ZIO~N*RhjQbJ3XZ2VY&);AOg6!qG7*zwm0SmByVQDVIS!6!=ENf z0F!%+l=JDofCivN9}|pL*056dU%81pALRrNV+z4vn=5NN#Ah7OeinXE_%^%yEo@yD zOJt)3wlo`Nt=Gje;x!P{-YKeCI7+bFV7Wg^Y^i)+T-%Na|6Fon9rRE*XGXbQ_r_2) z1qd=Fe=VBA0+0T}`jqC6N1vu?O!9_@kXWLBg3a_7Dm-9*-vAT*kWDh+AISIn!V zDm}%RhNxD!Yb|pwx{o4aHh{rKmc7vw2;vs3h?l^QAGFm6+sJ%ojrWxi5~Zl6yWZ!VTgL2Nd#yxI4Au>`$7Ss8-`4bhb`pmb4tUxMsBa51V1VQhKohJU zYd=LCznBJf@EOgOW`OzuvM)PO__%m~cW!ISy?LVnrnw2MoP!b8a=c);{%GVYCKLgm ztoUCIOBqZgKEH2JOmZRb=alLnz3^ZI$IC&7K!Dm)d$o`;kIVJMSrVtYWob{Or>4 z!y{t60Fh_ZKQwg3XhC}L+sD<7Qe=@pUasR#Xhf5dRajcr*7JDBom6tiKI%t8q;ah029`@LrptS4j&|8sg<7$5uR%ao1Csd9 z7rV0}v!SN`Dtz4UwX9HJ z0~iIW%zepCd`j{F4y%vF8^ZYKW75L+cFk6rzME}uDgp1*=?S_X3+<}lNIh7@Q~K;B zd62oowq%^V?zmkJB0J+QL_{aud8aa7tjRmMYue-c3hbn%)aMcJf8R;L806^tAfs*3 z;J90^tmV>`z@VxZghuiVOJbN$$2X}7w0$W7H?s}wZZq+Dl;E9-$JI&Mq?X$t6#EF$ za#K)HXm@AH>O&v>Y+yY5k4HCn?OpdRxROTZ)5VEAD9WzPl}gcMX&z450C32DUp;c~Swsl0hk94g?0X z`ceEFqwnTHm~jROvdd!(7ps$c6AVckvcL|pRe6WFKVX1-DH6u%B@igA0y zNllN_@rkeRXw4TI>*DF&X6cZ~Kg^!5v(JY%?{GNosO%dxd)~Tcuw4!D?pFd9#<*1C z1INhzXJJ1JAZ(^ZzIs)x@Bz6uOXI_EQ>4ak&j(1Qr!+LKVbAOxIIS0U#E2&hk5E5a zC+R4I)#Jz##jErcG9qQR8Uj)qIZ)v-0Tb25W{=&oS?hDtGChYkA8BODq0^HjW;_A$ zw*w4$xZ>m%tt_}0aXzhh$G@C16fFA)EdjVD@Ocva#ah5Rpz)g|X$(gK@U%>JXKQM} z@9JPxU!;$|-d$*#MZJUSx{=c*Id2M}6Q zrMewEQC>IMcy%#K>&$$RqTqLss^GU9(|TVG7d@`eazm6fl0xFF~ZfVxW$OEtP zcy9*x+4}?GHjKfs+>+Ao%E7n&p9EATS49`09u`D+mk8S&sHSNE(QPbd50VchzmtLA z1|-q-n6yf48IJMBGg(3V&7mrwwR}O`y<98zK}M$%z>Ud;t`ww6;+9aP99j??qzB(U z`IoqX?lgCrQk^z9vO^c(>KsR9I7yrq7}{|Q8K0>8Kf^5F97tXbpjp8^H)d#I7<-JW zhr<#UpEx%NLBk_kD<+E6-C_p# z%owH{Gh!~HI-5Zjp@Z5LkdXkgl!!Gu%uR;Jl(7cN;~zJjFPK9G)>xR5xxYQ5j3xj8 zZ=lzt;g1zw!}b9+Ij&AR@HD0$F_O6Hg>fpnAG?C}tN!pyp+#J>1nBgr`(S1Un{+Zi zS=HgsE9sq#$>L~4(@QFgS*!yNe?e`&RQFYfS~xB*lGOy#uT&hnXWF38=FSIpg@bk- z#6{IzVR%HC5CU5C$57=SrY&gYQkR?T%)9w4iO);4TF+fK-$*e0c3R|nk>OdSm?4sF zpXNKz;Nq`TLdziOc761wN`{c(;MFCO!8s#_Vn~OEz9@%>K1&`yLz_xUvi6&l0T;C6 zRLr(axrymAe6oF&pBaa1mE;A$g|}SmcU9GcEh;X%@ejR7M!=VES>QQBMV_f~GE^6- z@|%77?2Uosdnp=3G?!IjhWIws6Zw=tLIq=}>=`$|r^dv7{Wc?0EWs+EcA84b1l((( zRyV9v& zP^?dm zD@-T>zI?MM+7KJC&3{4wCgk_U8q-&&+nbspn6AN%s7#IDQF|J9Xh~-&_m5|-TP#6m zQdQcAAFsi2sCg4qXF1D3mV+8*O9!+x%U~ZoQ~`dX$mMuLw_<`anhL-S?)KciKU^J# z2V5<21`w=*iZf1wmMaTr7&q(&g_7z4D7aaI-tJqloX0IddWXYojBZu8O@?#c0QCIX z1!hx3;9?d7lV+w8b$#+n{{V=l+e6+Yvl8rOM^HvM?&*o%fc{%4fHMc!J(Q|E)( z2co`uyumbHr~lG#Zl~lH)^t1nHYpC_Z$C#=#{TM;SITXBi1LQu`0d~1< zTnDk3%4D%-k$z7kg4x{>c)3jo$u7Ox9;fkxsobN0%QQ~ZbWG0Bp38g{1n0oVa)I=Q$8SvY0Au%a^QQPf&-5h77FkgH;?G-cAFIY0bnCAYcHDT?sG&1=A2fGzLln zMxa`oDz8wnaHFVJbl9kE9l(fhQi+VaT_0S_2w(eicU_ulPKsqBJ-X5kc zIqolshDu2~64k&(ncmo|(p=_WVZec&?77_f09K=1QItFZylef}>K=b^Q$ie|8Xl@5 zd3~I5Zvj}Lij}S~9$Ki{%hpVNf*Py~ikHET45LD)OY9|E5dL#kgnp(K{6a^J zp5O)Y$TBJAg7@E|%0P$lLTGAI($91LnET%Rxe{%`1~8&vXOMG|FD9?D1R8d2V3XR- z#X0_6&GQcy308)yRj$yPe?hnIyf=-o&h>K0S7PaBsU3p#4Pn_IDBv&Wv_=mWkFV=% z_n*7a8X4nFAswD-eAv-LYqAVJd zPGBrv#PJOe@gHn4-2r^B+yE=6_e%i{uETEOyd1N=rW#Wy_OUK>2cX@4dNaez3TkH& zNu66aKN=O6haz>xdi&ckm=^v?yub{MCh9ss`=2e|-!4uxxj8+5n?jrHI1Z{a32pCfbRd9@@P=u#0u%0D9>j<0*X zIeZ?|e0{oY?Dz0-`PuF)UhQh%@yC*f#}VK;nlqJq{(C)84w)aWmYNCJCoPXtMK_=# zVzD`trj#p%yZt@WFAel5P82FL6#@f=_vz5g=kbd3{oQS~$p|G8n^Cw^l~$v3nP55~ zGG`(<7fhfcVIDc=KlHx_3wZ+SZHVb;>rX7iO5y$GX{q8>U9XA`W-^(_NlX)XnrhvS zhaHa_0H-pMCquOTBR8yub+SZzF*Y{#=B_fPIqgmTV8vj#AUiv|Wn0syB@L+i(Z;xi zQVYLI)M~6Oq10I#kZ}%FVFY%2hRY;K%sy^3`lnbpk|bRZQf2+0j&%pC)pwv#v(s9f z(iRkeR0A}=AA1WNyK|z2KfRLC6G%Uj{F(IxBspVSqsi4_QAtEZ#4#vl)iqd6qd>Vx zZT-cPN|-U2A^_n8MQ{&dEvL)73V`{Z?|~u<<5b%~c9ZX|4bl1g7(PwFrFlL2wK%#+ zi6H~`iGWO|9yqVx538N94v1~eKuSUd7}z4f#Pn2p|1>oHkrQ&dH$RK|7S0os!fj(9 zd133#5|gMs06O7~1Hq#p$?k%wSz#nY_7uv#ia&b>sbv6B_}T4pbA*t@d&F&KIQ$yZ zPIDC~gO8*Q>DZnusR8idl6}^3XKER5A=?u;A@_p(QCZ$WROjv?jtv!KrK!Z=#b6I` zq^Y5qjsFktv6SZy@;@`s_zut$gYpdd)(>q7JGVeI?qS0)qgrQ|JKPp-L#@Ek9>-oh zt*a}*ypqHY#~p0o&&s%jGXbcd6V$9^Ljd14>oRF@uqzH|DFF_6Ir#l^X*ooWtoZ8w7%z`27cm zC=czCx ziY(Ttu1?4-u_CX}eIFH|l@b!U6h$`k`onw$W5L3kY2m^%9mlAmi0C$!MNVj9)S85s zQA9f}Hco{rH~q07f2Wq-BTLdr;Fb{L{o`T&$E#pdVQ74ogT(vRaQ2YQHKQ*4WMA=> z1%$)r4B?1>OTYk`_4zxd4kI(;k2P@`7-c2cYLxl5h6j4ZFYB_FTN{o4e+)nTH?xtf z0J*xCE=LATNl_KjnXV}&^T4G>pyN+~y(8ja!IR`G3}uj0X(JSVI}x9eFv*L4fDsE@ z_BbDUUbEW_;oXJ>Z^$#!VlYta%_0@W@8EU*h zMkN6xZU(|66u59VM65QU^xz%f&+$zQ8SB=t0K=!RD_}sPo{A;!`h|<1g)reaFDo=c z^BtrH8&)HEE#~VTIE)7HK~C(jE}{Vh+Byn+>uZkye47BpFZ^yB$;LYXUX(&dL4fSQ zPkZ*w9FlQdpGIrj35oYx;4b!b|c_oj2D z;`E!-DtjP_Any=c8;nlo179%R?=f_$A55f?)klX3U~wCw|uxlN5jl z0Z-DuHBn@q#^X>9?e88ExVCt%^d>V-&rV_Nbsj*nY+~7*zuQew@@6C*%>{sk(RWS( zzxcmOGWb@?eP)q5^T}dIP-d(O*v3W^8bn)wm?M^S%5XBmv2}-I0TtK9qJImdlXrmB z@ELb3fih@wgaF#e5m+`gKrur^0#NL#B1@t)Vn`zV?PB;(d2D_=j6S|nOMpTUC#3!% z4owbdd1E~avs5v`>|WEg0)Y*?<;+-^$y~*BdR*LEVrQr5bJg;kG9!VP#j`#3i$)Vh zfODttSH%uULCBPi+X8IZB@0BO?gy0B(kz6MO@8)mgcM*%|5yg#-~|deR}G3CfENpgHC@Yec6quKuRn?KCKi^CcJVtr2UMIr}uJR@@ z=Pu@ZKXRp;lEj!R;C&*HHrNwZN)MdGsa4!Dha1t%;n}^YTwNl#inUujKT#7Ep8Y>< zU3oZEeH)IZj8~S)R+da7A>@scp={Zrs7SVG$d*v4u?tCLOHFAZr3G(8#x`WjE^ArF zPPP_nwxK3`&(R;R`M$5K%XRt3Ip=qNzvsE1`@Wy&KrWt0|4?)*=z&I4cxGM|FQ7|r z6=9)B=3R$jLG2sDlOM@MiSc8k!V&st$fETj6KY-)fs%DK*z1zR%s81& z<{w2%8)%13Gh~+rCRDbDp-+mRz+I4gLs+-%kV-vut2e+jf6G*;Dm!7oCy8J?q7(?^ zFGL1J5&UY_lxeqHn0+%HxQI@e&f(!oBhPr=0a1R!bLZms)*2P!gm>Fh6es9tixZ$( z&IMPXr`k&b{6JNH%RSF;;REafgqkFT;|L&4)Gp3jqGs;_d<<+kgEZFt`~MOv3c`v@ zlK*T(BJg~)Y$xL+8GL}JqEk~2%sX!NaEGqKm{0|lk{y9d1jew~>bF+aIIl^x3<%=gTC-kC_C>2e7_o|%c&S@ z;iGTcRBmJ`u&JrA__&RE-wC3$nudWJ?S@%&_X!-p(Hry_JsnNpJ9TtS zWs!pN^m?$+7F8|5&>I6+cZhsMxE;ptMhIC&K(%yqNF>cc7;*tTNkRCZl$U?0-t@0C z5aSPb7L|vWJv@5MS>)f9K(O>i)|cMp>F)q^n1LF=0C6Fpp&w9cF7(5^FFY!)OPM;w zlUpPhN*swXkM!Y=ABV)W^bTa3=Y(jkwC8nDUiXlpNa)Uhx0M6!(%tePGZg}nuw`6v z;d1NLKxru_3|bM8vmDvv)otXvll3w{1-y}QRG7rN*MeoWz-ZLsyy4nzP|}nn2}Wf` z%L0j$ixBhhp|9z_tTbcIk3{epG;_z0o5u%M=u{$*EM3rs@2}>N7kB2Tw*w@+5*rwa zp+K%vmImzD{3F1PFW4J0fQYfv5qoA(eR1pi~Y?~Av&T= zfk5ZCvr)J#xi`zfP|R7TMefNW6+kJ%Y$e57L%ji9RTwBS)oion3o7Cq`xz&RM9P(v}W2YVB@a_X-`3mT{x;|-At;K#Lu`^^SMr(5Q2(Ot*os=LQ> z#_IPLHVEx^{@nNM#tDcnCEWkq%+wXRr4aDzs#urr`yiG;UIsz|t7R$8kw9j=a3pLC z1%RlJE3s4lO5&pheD-7KrvHP?Mq{81yEB5MF_Lu&ityjCd(3WNr@Gfo5 zQsO-nk>d-y>1G71FhS*siom+46O228H7DIT;ogyvC|K2?`V=dP z6AtlVVW(cuUNd$;$mlQj{oeA52x-x&4xF=hX%Jc%eba$X`5yOP-~-C|552hCMUNW0 z@B}?_5aAlucO9%n%qyC3LCjme(7(+bW(5WU8I%2%{_qu%rNxjFTp1k~&s#z55MVli z_x$2rui)MRu8euc`2{ie-nQs14X1N2oGz`0EvMLfKedze7yq8~OC?ITH4Y(mkd*A_ z6egIgp~N0~&ZaE60V<>r-({H3qdPSW2W*KJt}Kez!(Y|3lt#&GzE}G>!V9e8JxJ~Q zizaW}bn7p|Pfq`^17v|D+Bb04I!EN%%+pqXdC$R6(VLrMR%XJm1du8Bq=GG;x?=UvCLm>6w!Fu zHX}$d)>mvM>e}P0r+^R3Hn_j13v7G-V)>V$I&ODa05;JPF-8k}6n)YgbmZEf8~~-R z+Ak%6QRIv9K<_=sGuA(N4W#EKQ`0zs3oRzg@Kt#AG36Fw8wVy_0bY#MMzcAl2*<<8 zYJS&Pbu#BgsN@`CUGzWZmG5w`U;31(Nkr+Rnq!tyV_0`_Lr@}$@B0o_Mj%uH&~!=E zV;yNGH9LI2?L_og+#6w+S3KkB-suuX6JiHhRV#b%Uh>nCBjYncvhrY!#{3ilJ50|E z9u5uQX(2qJ;do?N*{3#oE1M;ziLKk4NJd=31uf~2X&GmG)WFqtjE!nv!{w3YXms^q zY=Vo!;^s*Or(Zy6=1H5pHV0^z^-sp4HZ}w89CO7wk&9E8DVEq7o`ZS=TyBR7$NqVf zHSrK@9sYeH{JfBXfkBq)RDOk3Ip3S$3Y<$RL}qPyO7V zdV$yKOwx_*GC94eb0TkrqHrvYCu4Bd2cQ>cT^^k|hLw=0;`TtMGr3>3iRBOe4Hgy| z2~(RJr~OV!KEv0Y)FX2-WxBO<^4C_#f`TuzUs2Y(<^J4`b|M_*Hq4ui%&UbgSco=+ z7HpziH1sR1{hfb*V#gr0y@)XvWqPJRSY;Q2RlZ+zA+Nu6oyQ3Bcl&TxA`dXP|6nF8 z{=h0^@wr#mukC@BM@SYjEn|92S2DV@0UxV+ZR|X3N!79kSEvkVC2?>{y!HTmeNtYW z&hi*3ECQ%%BU=7u0#xUKUxt0Ir0TzPDTW}TeChqlOzibeXd{Xr4yfP)?Les-bm^PO z!xPjiRMgfzeX!P%XWlbI1!@lO$N_^drsl8aMZO&zUID*lRZvgjx^erO1MU5e>VN4O842ahcknrga1{`a@aS%f}- z`VLKJTOe8jZGZi>d=^Ft+9ZU9W$qStM3hs+4Ksaj2BF%Nd}c>ZG){Y#Z4wk|-(g<_ zPLEbomc17SM5_0iI1lhqgG*j9Qw2@9^W+uLz-X2P@oGGK?JYbKXG7cU0JiF zz8*N4%gm=p>Ia>(fG)p6YFi1gz5ND7P?Y+?jO!Tok!vkSCA;LPy>^J#m)r!VnJg$$ zdN*?ljZ{fY+rlS1&0gqoGGIjF1+ejD*@A1bKRN2zYZ5eF`~q$c%HBnqb?6e*>CWLl zAPROPW}9(}XypDlDu#vACU5~9tN@z#f8hhCLMc7u@0vJaaUBw;sqJ-)QMisIPA= z^3XSK-tvQ+lcyQH2py;q-^32>c5uu8A(z&ECSX}`RwkJ%x&qesvrR5^WK6z^^TLxz zBtH2}OktO_Lmi0%wf|BPW_(BN@JVqXF#L1YcMgg zeP|VJETbXc#L7b7hAWfO;hISA`T$~q*wolVD8q`qudlz&`6i<`vcs%9OQ zrG;$V8AvC31{Y1%J$KLBjA{*zPvuh&*hj5UbD7f^%e^Ur#6zmh!!+Jwa<*<;RSuiJjS>0lHuz{mm zA<~?y2a!TDd-l1`N~Fk_-G`eorvHp^ae_?HUxm-vUcg_BXltn3}mvwY$P(wf+fnG429U$~*@1RlBkJmC%d|Xg%^I02X6k`AyQy)FQG|afyqjh_eBe?pg z9=7tn6grNC$w8Z;b}@E_BCv>Wn04OZ(gbxA|y#9+F^Kg~#R0 zoLUSKF}zTh*E$lR#nOAx16|opJqTN~K{A@(C+Wuc0XGb4%Skn;(g$`FJi+AVTi&9F zTSnh`EoWWhLPY{Pj2M5p31c4>?tEqM9M6V$_ueebB2su7>x{CctZHMq*>@>Z!-j9Q z)K_q|lbDW9xCR}44pV(QLG8GyuAjIajSYXIRu^s-ix0Aom#=>Px# literal 0 HcmV?d00001 diff --git a/website/source/assets/images/vault-dynamic-secrets.png b/website/source/assets/images/vault-dynamic-secrets.png index c169285053821e3a8d4c7b2f3b354b1e71371046..2e064fca194e737ec3d087a59a11030a23deef1a 100644 GIT binary patch literal 35895 zcmd43^;?u*yEjZT^bFlGgLDijC7l8yf^>I>NH+|f3R2SD4T5wdA>FM45&{y^@LYcH zd%ySI&$Iu4*B=}>4z5_|TIadW^@)jk`9c8?n-Uud2?C8a}Nju_&;~b z4Fr53yS-A7Mymcwy@!M(iKHYerRjxyn1!B3EjKgtk<8N*2ft^Hp{32&<#ID+^9c9{ zrtew%B^TOu8*`!E^{pb$xxVdF+b19G3o*|&(V3akOQ~5<-a&`kx=rO_X#3wEyQK7qkpS5RQc^%6g3Z|G3+~?v2h%hx&it z3Aism7Bbmz23kAW!T<6k91C%b|Lye%QMeKXu)MhE|F8G{`y{eqKivQKone!VXa@B5 zgeOLo|8p?^{Kl1dP5wV4@Xv3#N}v|WdB)8So&RO92J~k<|4VcvlfW*)l}g>db^ps? zTO@bPbDw~(9&V5O+$Nrp1>EeFgwO3xNIc@!w4Xk|`dN@bskPH~+)1_W^*s)3?x2(Y ztTngm@jHg-NmbizKU`ebx95%@q9PGObCwJS2M z2(uMe6TdFZXepwAf^%s?!Ps`{Mj3%c8#(@emf#zHXXxUhu(6??EYI~Id5$Ocq5j2} z`xjaD<$E>uH62+DJ{e&KBNud;2}^>Aq(l@i@hU zmfN_1_SLr-?!z~Ku6r=)5DK*3jDCNXtW7`f730KkHtUePjqxq7^B3*6v{USmx*Z36DTkklbEv0WyrKGPM>x_S;VCk z)48``%6j`sK#9scmPe$J^&EA)Cs!)8@y@m+OK^;5h?94gJ_V((?Ipl#^b}&Ro5Y!U^T=E7IWrH*G#W(QB9p<5tB+Q-6nfQsako$oT$Y# z?Y5{)Wg0Jpi;7WwVf@sfmRaeUO`;bxJOLJt^xI- z{2hkEO;D$<*H)Oa9eWR&qu}>wp3$pcGbL)69A4Zumq6N960o> zfb|%c($l8kPl2<2Uia)c=Rf&5X@Q0)b1R3StT=u$Bpwut-kjQ|mLrcbdrux_8`~=; z&l5UwdbrUQNX)6R3QSHu2u+=Q>~I~33mtR1#e1P~{+a#(GGl`S89fMLJwNm%SRHz5 z%NSc-Y-k!ra`>wKpt_BJ?VSQGMc7nKlB%FCwS8sXxf;2nD)U%pibB9D88Uk|P$+e2 z_sAeu{CKuCA9-wzumXqj{TPFbY2GEG9T@?KVTG-+XZ6Z}k+$(=9ErIVY-FvQkGjr8;qo|WVut>Ll zV=b(6Olnj`#lW2uXX1vuyvR=b$rkVSRk$SHZT}6hwD+Ig1h>nQ$JBqxy{c(D`mBz) ztPI#A8yp2{IL(5A+jz?$rTx##D5ea>(RCn43P76~255}_3&lABJ_FGK@5WPDGJf*6 zu>@p^?06BBVw$^$;t599D}m*Z;-Ei==CqBU`O5n}F91#bF0ZH_ss0i!W8l60p#XFn zP50e4%Y8m-w#Np@hghi1AW)r+He4ZA1t48Lg(c!T3w1QJfk^M5PQo6;nIEHLv?tvE zZLPfl)oL7T!qDtk6MN8(Yy0qjXS#h=mp`lH_RK1yMw#qRn;^f zou4;#o^KihPlq2e&8FuLlt9M#RdQ@t4__g8{Zh?kzo zw2Vu_52jRxO!Q1bU8H7{?BUgAl1zF8<5U<_(!(gIQ*VAcr#X#$qm<^lCfDH3ptVd? z0%d=6sE^v=UZ(X=3EWgphi?`tfJ6@}8~D3W3B+E`s0#|MxSdn=!WO&7WI*@leL&%; z>bj1ATe;_D6V@_9bu!>sJ0L~DlzPl0?pZ2RMv}2Fsdur>K&>Sqg?y%;T9=&~=?4<% zMW6;I&&Hgfp-T^Xy5#dURhRsP9&j**R4gx8QI@@M+qr2@D}(IOW63f#55^j&Il5eN?i#*D@;DdX-Uzt;m67o$s+ouAP;RvHyAeu=O*&(K z7X%*ymuvX&%=#k#p-ggc2jri%k-O-=VCXK>bEDn36uq&XYFzDoN?;06u}-%nCAsRl z|Fbf@gYMpphqT`DTHEk7dK-{A`Z*+==}tcqxwuuV(r?NBThqddwi=-#l&bY)tX+0A zm&tjD@6XlugbLkUkfDt5FZ1{(W99PRd_>}7{j#}Oy@(219RWuY#}|vhwmI7lncr5U3(vu^=4oXq?c~U_!cEuXgT9C_JrXM4d~Haf9c1R zDm|R@FuhN^lgh^$*$-i*?lA#s(4VNuT&C(DVOWMdy|ZzCUbGF`ksFOvC~i}K&{Xhj zCAxZY0(z6dy<>mEshlQ3Df$j|a#kaXlq!A<2NgswgrrvFDPpO{*oDI-8;y|Zo;|=@ z2Ub78uuJK-Pq8p!g_kv>;r;`MnrOBHQN%rhkr=O57*W#2pWl+xp=}4t%23Jb%$~}1 z&)TOc5Yqpclp&aV_y(Pr;@UTt74_PPELIYR8Z2=NSa$r(k0F*Ai|kS3k3de+z8MAi zk!zC~dF5p^@V?+tD5R!}Nz;1usQPqG^K4TWBHm;$O);2K5-9Tj9U>&{p_}3sRZHA@ z>}j4;S~ehi1gEs8G0=qJ0yTk>e;>uv^|_6gG!4O8uz>~WT@^*iE1(nk4TET*dMYF+ zCv)E@Msa$i#vVd!)SJ}gzLUzLCSR`r-KQ^GZH~`=*;f16*O^@}(qI(2ax+9w&lDc~ z8WaqwMYujSX7g(!PtCtqM;?PCF}s8-_APR3Yg=xAm-z5LO?O`nL2=-FLsEbCtx}~= z+BxM)K?JQc85{&It_p0u{5?d6IR!0;hi%3X81Dn=D3c|7kY+WvB`Te4Q-N|HoU=To zK)1FfZjN$C&U_W7tN)V-VFjz683MJj7JUczq`n26u`jZ94 zprJz3lIn~21Cm}D7B)y8YKTQ{d{Y!DNeJplj*?W6mEkwC8R#aDgIQjFFel?Mu9b~J zT@qrSOVtwhF0u$=+m7ZgT+iPaHul?}E+p~)isEh^UC@yas2xpA`PEB5(+-=R){ z6QNcg7q1n?PF;#@p}5DnDe+Www+R{4?jDaKq~zTR0JXuj!l)}#^BdYcT648x4- z)nj<#_NynhoND|SHn;r~%INRjxXPPHdgs_0b4V=5{292xt0Ik%Em)J>46V#g8O+}1 zvqVHyMk0kOJz1 zp|Or(L56?YBk;yn%BP|UI|xnR!)PW!Q-Wx`Xn1HM{LcnXPLr56&ERPq$R%VLuAD3h z^^s>-c0}lb^4@#45(k8xa=wid4{^xUrCfh}UR$?&H}ju^c}8e=*B_H{)~;X5VZVcI z`_7d@a9H}ny{WsVe8`o+_;ZI~jP_U38b}SQ*>I0R_|6%FLkrLJEHYHA6Rl>lb{XW5 zXsZZ%mQY6Ac11`nty;!rnk~S09YKJ{?{%{If zM6QC+tuj|DLf@{p#P|nY2D^cU6ohgVH_o0uejYFH|T%p9Fh@D4+m3uzqNTc(i) z57#kbIHEIjDZ=D#YH`X4fvQ5!08E2eG=wRR+Sz3BJ-2jtQ#xL-|K*x?Qy}39qhc-A zIJQ*y%U@t~@HjOJg*1(M>?sd2hb7mShFCY1Cr|PVY1K_KI1u>0q0J}WES^WXP3c?QVBudDxJk^EQu{a$?F--lM^GW5ibB)7#wd@O-PxISn$FN9 zv^@|g&4vi8gn+^2Ow6h-g2qE1u>SZJf2qI+*W(N^M5AE=3KCzM!DdIiU=irftiiCl-y?GR~eC<L361yvgRVp8uNr8)mUPuLBk*H_9v0-|x=P8H8LDPWMpvrC9=D5H0@ar64uk zMUUEMn-8&;%L=o7VtDWBp6hr)3Y)lMiQ=We!EDOU$^A}B{05UidP^PWIOHezC-Kwx zwYwDi?{|i72c8YOaAWnTA)e>kp6c_5QmQ8TZ953Y)epPpzYj@5!<~94!8a&yjeHW>!V3Kl3h)SQ$-X)I4k768$sy?M5gLI4X(oiP?=MX3kHdidLN?vjW7R6 zWIeiI)6#sn{EOF6dX+{yF_oE+<^g^Ip_PxuAWBk?^(E6!_C?XM%Ar;Y&Sis*bVJ6@z@Y3=-p+FG^{(XcNS}gFP}8O)f6*FMA}Aq(S2e;I48a_ZS5T$ zB|82o=WFLiE*rH{x?n*TDo2PEb}9EV`f%;`C-@hi@rNmoF|;qCkzQ!V;GIP$vb%oS zaekdN%xQ@%I7~%pWfaB9q3JmwR-a+G zS1?wFl8Ve8`@XWUjXVo89<9{FkKpF;8}Liis?yA@B1$d@7cp$?XtI1VLUzA^ZpKwo z9K8HwT3teg+E$~EN6|a2{ayCwU>tu$f>HKQ?vsM!?l8f$=Go~tIqj2nJTLZ)2cgK4 zESO0>cZ)xC*BKhKXR~hqIN0rD(f)9DrE zS@!zhumqDznv|CnV}mR=0w4WxW(O-?+M~S?+Cn26w8Jak-TfOL$r$J+Qw--aj}hlT zA$iUK@5ALoWO*!?X%coV6obx>)}VeA z-n;O59rHOh(TSmdO;GLtgk0WX&OByes^Xsq2f<#V1p_c7J9XgQZ@HtJZ4ViwUyB6^ z;`=DNZSI*13y`0tpuYgzR$c_{^z}Y)c*isL`z;3?sU$u>!v*JF7vd6rxb=a@wmFl6! z1*&}@2EW3(hv)*SUp%{*bpcR_@Cor-j*2^S^Vlg^h)Ukj4R9{(b?&-PY4U$3M~dZp zSf`-le=&!OqA&0RMOUEoBFK7ik6g^F7GKE2VF~>w*Es+yho>3`2#*1hoTQ}i`YyZ{ir54anZmZAGx?YC%lHUi!emV)!h zi=0a&Rr+>X%3c7P(``bWuVGL*fM1CH?uSpw61`siz?JwKS9b_At<0sKgKLhe|!7u6T3#;UhzjQN2jy135f{y>K5sz#}9XB z6Y$evScDRDmgYj~??I{>b=BW*_7O;KH_P@lH1d?Tg+Uk=)vY_&u`^oqS2gKY8La2W z8xjDLCyrM!{p@nJAR{kMaJlsG5`)$Wcvt)rOrWm|=-byD4f!f|HdZ^z)rJ5l26hJk zU&u4=3P66SEg|Y%GW1*{!56HiZ{FLp>7X(1jurEv>Is5?h)+g(3sm|r6BkT7I~BLE{th%Zn8^!#hC^BL7fY5N~HC(0<58-_5lC`Jj3wjGE2&JQ$O9 zGVW@s*>W2TN;iAWiqkBW5>u_;5fWL#SGF|0KW=%F%vL>D2Lrp%pAADws z#1R*V!10j)$o|i#s8!QBm35D|8;^|v7o{_Q=?$u1Iyr?YbfCfnu~S7I>n!(?0O!(* z-xwFA_8n)kiHzmk=9|C-%nKK+TQ(~{0HbTS!v+rbTauE+71f{FDnG6Juob>0d^=je z;ZZkqxe*vRhi!5h2*7g~q{94Yf1Arxrl`N<(q`oZ&LeQI@*vNz!n+93qZSyjF4?#0 zN4eO2p{0#cKqY9l>v>rP8-r8ir91%4Mjt@$sM~s|Dn9}|)Pd7_cQ7iIUWDDRh>9`` z*eKg;iTx=ych=VvM}7pwUcFe%hhJ3>=N-*IQQ*nKKwSiai*VtPo_*{kU$wLc0GXHe zj9i-aJsW@8_xHG*7*|$3+tpxgny>q~c<*Fc??d}$m_eY5=|DV1!T~oy=v$;a&sj}# zZ*0fo-L8bYzAq@HarTvRS=UQF1vFlMqdAAjmD~3_3;P>&v&%py|617xz|mXaT7`XS zYTTcHLf3RcovmN&c5tMYuMo07y`)XVclUn2824==lmLR+to6O1A0Nhc1*FQ0Cev%V zj3^#w><}3VySIMciNmP|Z@%Drtm9%gdamjN5ME#0)Adp!Y@%O!_EkmPl*^=tp%9D3 z3kxy?7P*-xC@Bmm4eh8i3duAGS$%gg(&BDwl3?otS7l5cDw^@LCqODEnT{1a}*d75=aF!oQmCnllN7w|pHx+}!`=bo| zYV}9v{nT}4nzsDLgw&YM0kK+x6_Zm1-;pzwRh7dsR(8swlAHiN^c#S>G!V$;xbwzi zbZ-Ipi#{Cg_FSvN&FHcxR#IV+g62lgeJ9H)ONo&Wt5@NHIHo>!EO#VQ5L_xo_Q8!*IYikB0%_gl>$j`uutom=6+h0le zhITevZ)h$Xx34LKW&w?aD$1E27O22qZ*y=nH@{UMV;J=@Vyb0{Z&uILD}WEFqp-_D zzU6~7m(F-8e}n+DmI8<AK=wb3eAk`f-&Jt-n}Mbh~N5)MQB-eJ8sD>#zxy;Fc>yZ@FTg+}Mw@q`*E@|Z!XL%LbL(G!b^g1|`oRj6)Mi`08 zsDJ}dZ`xo_D5gHCI%x+>Y?#>-92ep<)d5}73=Y*i?)uQe?IVDOSI_ix7aK;aYQZLY z_Y4}6@h6?5Qk}GyMfzj2F?lpcoJz>MddsP(P1LXTU^!g}{y2_Jy%bQ#jXv5BmW**0 z6-i`o-^l@P*}{;_LZ*2C^vSo3 zcmXVqq-_S=&T6T#ZPutsu%!l^cNeR#{45cKuzf%5yu)nz&E3f29#X8gOZ{=i0;W1j zjPn71Vq_=(>-W87_IdVYqov$wZ*>lxZvb|i{A`GNbomKNc{TU9k2Js*sn)@b67)5q zzO~pJj;VoRZ^;1dKy=5~|1S3C;l}Qx9YB=5JUz^Se^(d$LQFOPOus}fXlxq3&@lgA z!q$?HV>%UlP>7}#siihAT5D~{Ef00D4LCuD{@fQC5aAA~6-VLH!cWu9w#}MuXN_qJ z?o1kIFs#@NWjxJfN>UwSk$(3L+Ut}YH^ed}dqI0qvX;y(U05AcSogpLv8VFyyJFz{ zE~C=_b}b(`=XPE*MQ;*Ynya6MENlr^Q+<(lE>u0yF~L?t_NdHieu(~%RGnU*o@>vw z9YtTFTg!BYKjjSm{!To?I0Q44EHo!k)v9Ac0;1_YR!>UR!@Q)E8izSRzFzb}F@E#q z11jyz!sV%Ncx${snzw?A@u&~jEu@&}!v{l97N{C%Nrt~Mik_=`92VFx<;%Xe_n{fB z3X&C>=~1@UR0c?Z-!HkH>e|!5X~|%e0Vm_6;F80jeUw2)BmjR@?c&1!=-8|)Te_*s zWQM?CQjQD@w+FGRnB)&kb%}jf3*ews@i6;VIsxsDjMh5fVoLRi3siZ<0cF*tvczO> zQwiWOGV>`)g7$JINtlNm)F+kLvVO!O-m04o33Umhhl%$C%Ycm-0R72@7^Yzarx#+skZl*R- z$YAsU`A&!uIWpZC11S!iL8cZ?FfLQ7x5Z?x)Ci)xHhM#So)N*%vlm6^$Iv!-H)xf{vtIcG zUJu_FG*%|owbV4-;iMT8rc!h$FY3pjJo}7gF?IlN-z$E9HM*x~lh)9AQe7)$WpQ~m zPL1Wpy)0{4sY4V4Ib%Es8=nAGG{4h1q^ORuk~=WD?-iKWfFaNXS<^qoc}?^z3WBzh zN=puhJ@wRXqI?*1bc7p;deFC0uj$MT;Nq?L#_Hw2%>45lg92-Jb#vmPQX}8GK8MWe zXi#_({u0vH23Jy0Ij~4Mkk&>iiNJmvPg^^}Qa(p1mO&eB0EV>sR74x7B`SpQaY2COJ4K=J zW_bGw6E>KzZMu+gk9E{ew}%nfa4?I%%_k0--YV<=Tvo~USTRG^Po>2BQ&Tm@kZp&u z)Ptu^+Oi#J)+;gy+yv7>vt!CeZv?6mv+m@z8uII9zk?BbuZMj6y2_uVkDX6x4j6H8 zYo1a=KVQu2W8&OKUz0Pjf~|1ndGl;^-rTLhDY{p2iDc4Mcoht1kMB%(g7!%?h#pRv zY|~yu)V_rBUU_L!WI*a>#hjV8et<+=m~Ch#urx=j5FZ_^8Pz$Y%B&=-F1fdyHM@) zK=v$Sok!W)nQJ9PVx`Jh-F4{6Z4f-K!M-w1J{)qf)i&PeA#rapZt=D8I{jp4Moq$B zu%yIx=6I~>hpNA;XpoLt9NgBt)9RU09jcnjQSS5os67#@Q#9M!H#)nKxtJK0uD02m z>$)pF1hJsER%y|bGYtD&2Oz6=S3`XpL1gwqzpN@>VjRH8L#fO`W`*Q-E_cohc!C?{wvvI(&Oo?y{qEwl1*|>EpCihBmX#W6= zHa!!)q4?~KU!+NR6VEqRN7oA!|}`|$~S&}mBhbC;d!+Q zS!3Q{UTl=Pa-YO_NMrPhe-l?qfMWf;P|4L)jA3kd1!Ly>EF}p3HL@kLqf5gc*1g(m zWezJ1e0H3wczAQ4_v{}@>KjZ^C zOPV}_9f{)z2Qd;90nHaih30G0n{wa=JiY4OsJqy%I^RmyM&v=d981`|iAyk84C1u7 zsPg4zy80cNE#$|kchP~s#kQy3g0y3kec^HJiEXWjb&)KVMtUqrJ+L9z)-LDTB_70)uawP{)}ZE>f79e%m&;4kinW z%D^I0P|EK6{q9SKAq_tP8qMY^mWS7Ko(ioO&m>&0ewb(>c$vUU>g{6AYjqh*wC8A6Y(QH77ISXoOW+Q(E04k?5Zo z$V|%J&Je8@%!4Nfv%^XnS+;fKpz;A(*kGF!SC9-3Cv0MY+$)WB+G|<6^_<O+(V$~TIyOR{h)JnPQgL(WFU zKe&6Rmad#?W-rM4yOhGpWeA>W?wU3VRSFbk@6wth|ALTmpv{_T)AWS+P>ia&Ie~J#HvelH0sm6uM{ouh+xuD>%e?*Wj>O(t?=`6$8Zx;J z8gJS!GsIwwQY6c(J+4jPdOncV99QkYNW;NlTDPJJe#8=8fA3c_oT3;M#}~{2Ob+}q z+l1;Fpn@^PbKlV?6*AUIW_foyNImh9Cb3m-J*!^cNH3fckyGK=a4s>(_Av#Rj-Z_w zNq+OpZPD#WN8_=z;0vLVOfnQwW@JPK3VUq-=fBlm0lu zFvb@(8P3Xlz$Q(hB0@EvtVYGN!Y=z^HmM2kaI)RB%2f6v!%Zz=zQcYj(pPUw*+Guf zeu5WaDvcn}#kG5qANj|-Z2>%o>4paiNESGlq>9nrT6=+US?(dc>O<0_Y-E1UmInPg z-C$ma!u9!{^A*eQ1MRU*_stLba`X*6IiDhx4vsfsU`Wniy~3YzMTj^te>js3vn5Yd z8G&P}XljCy!=o^&kdlmrx$(F;Q83%I7O6h!rl3hq%Ee)|Pa&F-h)_v!$?2sFc^McA zYrB_BijC3;c(Ce|rYU}#g;KQ19G=6!^qurxVD=vE9c^#M}$rDM`~dISo!AB>IdetxQ0aa7>IMVCU~wHYUF|eWH{e zHnN@j3`1bT6uXa$Hoyas#wjqlB#b6=gI*bHsyM3BwL2<5EZ-NDJKk$4jpuJK8nt)! zXN}2Oi(OZnMv& z+n^`e0TB992p)ch*470}wb%|qTIz5zk5+%IIA516Ol{W1j9=v+ImFkNNk8_&i)?>+ zKRV!}*sz>ZPVUV1D{~@{#B++DvAyk@UoZi)CR~I`2)3k|r`4FW#6qkL%~gAnxdm*i z3&qFW;M-})^|aEUr)kD8v^V`2ZoFsU&hAQQu)WwtKS5LzVw`Trcs?e%CoF1UHNL$L zS8}vltp9W3DG_yJoK~U$qAAt;y-Wb&5-y8BJe+K)bPW6tC##*;HVQBN7H zbeQz(eL!?>sro0`$kFQ2d?8Jc8yK|>^` zqDv^Vwb@bLNBP$GfTJdrekhs>=BItN5m}~Z;*X}%z#!!#gSD((obTkhDKay1+b zbk>scawj?&!lo*)=J`*?~v?sRbIAC_;a?64oAVKh2 z6)dD7CWl%PY9oYk8VF32IKm#Sv-fdQcxMwL29c30D8~l(G@9`NgSj)Fp>Fa!UCtc_MPlG+an7Im7*xsm;y$dQ1IUcQfs> zCZAR)qjP*?6=0Cqx70-5OOdY1Exse0I%G?TS^XaaI=teN2;HiL-<0*itwV z$Y+7T7)iWGMk?avg+{XV@X{FBFb9%+!%C|5h8G`T-J*l!K{cEa;SBGPjL4*Yd#g!A zaZdBg1dI3@f}gYXenriIdgRgL8~2fZQg4fIR5r3%GaTs~t|k!mYSxd4B5Tt-JlA|B z;lXYRoi-%)SnP&Wk?%OLs*CGUdsxCRBtwU}@*$T?uF~fH{;BbNv+jcct#pZE+cEDgsZKP%*K3? z@X+|pT1eA~%t^z9y@#*+-k@vRiC=h@X2@>Y!tu)`x@d;C-!PgVORAVx_8ZHoQL+#B z#WhnFW?V9cOHT?psQnzpbj&=MmniziP&mk8X@X`>@BZ*uHY5!?(Ov%Jc4=t-aU0fr z5@7Pp_MR=K!ES?``JAMzZiCh(ASs419=zB%oN1OWX7UweHF*< ztPTp`XCjw%;kk3xFN!)=nQ6}WCw8OWun?$NxWNNOZ{y^{1TZ-i6)0?S(r%}o{}xqC z9`zX(>GO+mh8(Ccn8g8CNGucA%FWnXTv)^@E||3C1n^pi@*OmQgrd!t3C>9_$*BhB zxA`SH8^Yf)yWzX%(p0j?63vqjBH!ypcH^s3+$+-62AG!Hplu-0^`!O65(c0=fGRZt zC8qhBzu;7rfz+18M@I*r`P<$j)5+WqC-ImeAYy-CZBK?-_fG@1JeNGK=>cu!%!^B9{BJ)Bdn z#TBsM1@AzEbOo3uUsMGnsnA#%d~g_Rk{|!5jWaee_Ev&qI71u8y#)FB@K;#TBwnpa zf2+0-&3?x(`rB;2u$R0ITZm{uhP>ddM^t3A1;bbr?+{m*#yy0-U*tY|5dZG_D?YLR zX0Oiu?@L1J;5XoI%#y|Ux55*?8OsdagCtYu2ILjE8ZM*yWSS|VB_4mBd$~=J(iq8b z4c47#uzDeA@THnG`WOW*2stg40V&_kvz!~{TVU?jNwn-uQDoT5(foY(zvGyfL`q^n z@Rsbrg09t`Kz?Qzf1fXv>I%5;HNhG&WwNePXRitSNBhtulgoud!5~=|I;chNM$u4L zW!Mz)HA?YKra3a?bY*NW{KcNOT^N$!%HrUgQUA zSur#NQLSfxu8_8rQ*NHV&iN>@_m39ifZ^qt+b|Dhe=@)q6Mu`&#fqWt&_Er)?V2oi!9 zOn$-&B}bL5MT-Y9bopfy=Dkj^uHF535p}Eso1n4R674Yfml7s;1X9{6Ik@yvwkcRB zr~DlvJiJs|w(Pqf;n%}jP(WN|MC$fG?^wam-5M-g4hzxci?Z>$A}51ZQmN3(oO}~w z50N2(e*ME294q4=gYMRA9CLP>q0|`WhO`!vo8GZ$Df(B~JNX$jyJ`Uub&gc@T^xP- z9+cMx(3Q6D5QcL4yFdOuA_#UeVR}@xsT|%M)2$X3S=!19(fbTGCCu58T0AjB2v#jI z?oPINR4!$0ZvX3^y`Wi5dh=jEz}3~%>M^KZu)>9TVEYd3a&wH3`QHN!1b3&#(ks4* zlR=tMZZxO$Zgx%c{gLhU(XSp zQ&(-DpwWDkyUS0_uKv^9zojkGXm)Ig_kfWwSfW(7tv0jv#ajgs^3=Z-Xq(1pCr|9> z@9vyAeFmR4nrDhyeMB_b2?PWcjq%&Rj^F+MPh1NiSLZWos6E#{lyiT_QY)9Q+rtlv zvCnh;&G%ns*DEsQMhmo28&ZbC6YWTcqh{Z~T(|$PlP@>#ccc)5X2}x`I-h+EYMKBP zKS3ND@Y;X?y@3PEjYt31*(S@8s_9Dt?AvZJ zKe)uj4firqOLY&0dlnd?9(8clr*#nnfZpAT;qJ8YQr+(i{D>#6R4n}QuV#Al7BKa! z5vK-)qx=j5gk6#evO!H-0P=?*2y0Wa3liBG^u59VLb=ux8qqJqk~y>8|$<6j%*c}-=^uPlA38tQQW)aQ6 z>iTQvLy-ozWgfSm#oLurI)1(aOfP#*Y=nZCiT@={!;K5F{UZK&cb4aT^MQ*Y$OCty z&Td|UKNMv4*F_-&T#N1G^sOT9rM~Kep3ZvFc8Q^Jbs%g3S4{b@e(IbX}lAed$Kxj_Sr}48FGM`_nKR-15_0Z4z)cP zpTkKj4uNSeL@}i6ZAS|A5N^O#=mN}4 zgt-3=v7On9QAMj{^N;t+<@~qzmm3k7v|hP+C=@YAp#4ir$p;-rE zWJctZV?B)Y^z+gObf(9Uv+`6zP3qVkjlK~~oXmjek-kJR5Z0v{|EONr2Zx;0=+>SbA5u3ddob7ug z+!0aJ1NbNfG)1^_mG%L9V2|%bi(*H`T)cV?AT!gYi0At%1Oui7FE3F-@L>vQij{U6 z4F8>7llR~>*FlPvV)elLi`4lK!hels*ngQZq4PUE!ZI# zoph3Kcs=0O(NOcRa0d=JaOWEEbk_mHU5VXx3sRqvn&StOXrxFrwD%&o7~%xl2Ci}~ zfEpv&wD#?X079vltOH<*MO=peKw~%v|61V$j7{IkFUtM2m)#@`Dg0}UrDSVU_g|tg zIz;Sx_KErq9s^}lQUR?v^UX-m9<(hX4tj?IdafP`S5u1GaFE{KOOSXN&fj}OFw-Hu z*RlY>|8HU^<2gUAzWLMeO-=d-tnoBrq90Iil^^|H!YrFx6j(5rVSqZfHMQ-aP$1QIe|#ok zUHsSP?miT@)@z;PuQl4kov)57|In@GVLJuguF*z85+^>?DJXunUs_Nvw|HuzKFB}) zb)gj);%p;2-xMIE<2wZGXTitvpr}K7YC!s#9+dzXx^@9texbpU{KxqMpkFfkg!+K{ zS1L#E^MpwX5ZSe3BT|CibO)4VdA!n?d!v#A=lhlpDEFiUqCic@owwDNW!E!DG@h$G ze~rd=_!(;)ztN2$%M)&CtR$yYfLYpimMMLWxG@0`r?^K^->1MP?;(=P&AqA*1OCiCrxO5VEi8_<8Kz{lng9GOJLjLK$xsT3_7M;r;*3S<^mp9sSD4;k zENENeR*U~qbcYPPkgqy^S|cX#%lQN7R6m=AG95+2;wO2nGHjV%8_qX%L(^fa^x#_G zR=|))rZjhLDJ>KTxU_v9LViW2_+aN*9(P=76-OiA0QxIT6`xW}CT@`4U-P%uk9P{m zx^M~6Q$`^S6pl_8kTwv9jGJP}6QUcSF!3?O?>Yf8yu&*>1h?PQNfp8i90r`OX6cYb zt3QvA!>HpMfas$=2L@+6I;Nq@oegctl*s3EQ#W09w>J*>gZGh7Yjk74uk} zwrpw8m(`#5%h^uUjWyS{L5W2p7ryb5o{~t$^?${LqWnd+j-^c=l`mz$V`;G8>_;QT z#(C}c8UF<8S9mud{Vc=A@)`ubcR*oR-i)JmFWc$-lU$ocY84kFt_ShU{Gi-G!sdFe z?Z{2=fRg%XB05{NU@6yj@`xtsaLZ1Hz1=g}3X*~TTFuiJ$5BZg%?g?1qN>U$5V8EL z8aav}b$(rSeAPI!X(G#@eRm$=u~Wzv6IaLiwEA7|d4^47K0@c~Q4B$53a8-bC4s5L zy(Yk>F5WgsHYF<;6+$Y9G;;uLmy7Zs9k{HL`Fuw(rD7XkhC{t4QBi{?AC+$!`*+7R z`Yy~f8dd+DdH`2ogrPa(Lz;v9l(hWRyrr%(eb8TLwd~a3zQAwOSi&sM>^CEMg)TLArV$_GnBev5jcy(MHDc91^qFF@3}RhaZ*`nc(4 z$lDqU+H1Ae!k|o)CyGa;fxlUYd0@D;0cygoeLE9c5M-p4nlM7mX@>W&7=AhL3KV7{ARFu*7K1_@_q%(9$ zw;)~8HGrfbNW;(wC@tOHB@7^~2-2mLNSCA_0tO|hl(aP88T8)!`~I$3EEhApbKdiw zv-h+2e)eTOmdH#9A{qFX5Qaq^TSOk%CAA7YRS`8^}EJLvTwP9SHCHwlCKB)m@P z;Ow0mpCYTIY3*lfa4;Q*)h*{wM=WsIJ578qOer>RV!!COi5E3oW~hqWDN zV76!;Nkh1fmC_V*k+`l|t~*l9T|(IB54$V|ZL<$FRu2J$ligQ3OK*8d7dB72>it_4 z>H#GYqdm=*Lv8L{U+hQpD4n6An+!%eb5Z{CD|nt_O*y}_rH?Kzz3Fs&fh{*YCxn$o zqoO-(h!&yB&(t~{em;*dWYXaBPr<3vYA5l8lW52%#qQ^?ByloGbE4F;wUtiN2crC- zNt~`87@zjk884!zqUtyC;H$Y)*Dm=WeC6x}G@)5=X{&~m+EBh|PM*SIQx3uKvwC*s zj#a2#8%(k^FFa;f9-l|(KD=%D*Xa;#7p=Jyo$56K5o;VGS_3|<)p}o&ly@11wpqRu z%g0wC#sbtMv;!?fvL#C6+>nCP-@Rf3qK!{7Sle*!GP1Hq)B=v&UAS;eEugDB4#g1cX#69E|eo%Q9U=Sm!;nqR^D%HkBMahwx$q%*3&>@&0mOqVO^E z{lctU$^(nX>D!sh)bR#)`5dO$>4`soaLGMw^KVFK*;Y2~+5eErNe(#U)rnG&nRd5t zaA|i`#iIK1e#A=XzeJ z|MpO1{-G(w*x28=XMr9f7Ky(?c=!4!Ti;kb^YiiSm~zeco%f%F#FHCq<47!!l=uML zJ-r9va}0OYe1gzTw`kyBR5%S`c)bvc9|`umdDbClQ zR!=@HX;zQmJcAwSe>SnBo3y#KW_4C^0_OeMb_Z;G~0w()|<75?t-{S^NkRn$gpF#&T}P4BT4pwhoV z+!k7lJh=%tzrHt+#K>||#sT;touCTjfhL>XgmN+yi?j{#9WyL_4zC5vndirr*-t>H z{57HywJE@%PcYZ!*`boLd)|l18M?OBi zc)cD3DG>mwE1r*z>lB?A^PnmAD1cst&CfJo`?K7o2=4~pqnFI%UttS3TYz@Y$F?_g z&fV!Zb$ibI`u#giJOE4nVeJ{)&0m|QZ%%5&6%`HZQ#&%B`u>QKtPxr`>+^-p@%#51 zb>1na+uW19iB^63Nd$$Zg&2?<=)f~E1fNL9eAoDHWJw^DYh75*88fX^d>GRK>viHC zvP7N7=ri55h*X)9Murz3;S?;D{nQfTyGMB_WhBGO>+;+l_qEr{J*KVw3vuvU7nA{S&+rtVU|}-=iABFzu$ZhB2_8s3?q?F z$WxK{&Vi|+&~Ewd<-toQrb4P6QyjPFkG>QKDPl}cF@j8(@jb{kN0%Kb zPYz;e(Y>2cba?GOHj}!8j{^jBDn3nBiE}VjX-@TdR$A5@Jy4TDu^#3mO{Vq=uFF&D)JLjech8Z>nMcNEl6%NjYohKv z@-HBXm2Fir+#s+kde^-ii~qDraJ#CgBHE<-dQ9U3rF-O2g~WBTo-yOrs`dxl9oRQY zf0I%ZJ6+E9a;Hma&TVj5uA6ff63RJ-T^bg)&B9p;jYNgy?Pc{1kk=A|4IB(tp7%?_ z--&oV~TDA5$%;Mz@gUV^NJY#kQeicG^~=?y{1`fnrT6Fd>C|yUuLbo&b7piD>B3ij zRKpm(4S)J=F&hX(>xBArJ#T;^4>^8RleOq=8!^gpX{Z>Yf_EQ8!&Y_O$At)2t9sXB z%2*%%%Fxz$`SkEN=oe!I1=x@s+82xWDKUo!X1Cq{<;d(cATGb*j=W!MiX(eq3``RJ z_ZzA8c#;=$!p%t~$`BA=+3ZMh<+QK@Z53?GUykQ7eFQwv)|T*3%EW;nAUMcI;YFhR zEuv!z?+%jN)J%JBpI!Czp*Opt>hSqm5v$`9|MA2{iRpoZ%CG!;Cx5el9FUsur46ek zb_NQD9ERx1x*@KFSMt3p_qmgizEOB^K^QZZq7%>&p$_j-|FU5wDDw*!6v--OHAccI6rml;F3kmi89MOed0b@ zOcLSnULbm-yxz3-s+>#gaobMhE1p_TbRrsU**M}cjOvWW)}flc;V;|F4KLn&6v$Vu zJyS7X%UgLc_|mbTOYZ&T-^3Rs1mKlY>Heeq#kz)WB8hNi`T!vpeb;h)D~9{8BMHjV z_|`zo9>)|{5XOg4S@L2SZ330^oGI00mrY24Y;+I&i?Ge+c$k?o_-1<{thc@gubMLm zl7Q}~$TbqWDjnY3)uomsp5YvM&klWnl7=r6`ZaH*%l zW#7WRoPctd`+Ti0_U2!RHjayhZaO=O&h_6N46$E^ct`+N?moj$%W1M)>)EN#Hd)+m zHEdBX^5LmJV2xfReLCq#zVTE!$fc}`+7pX|$V>OX&tSZmeVf%C&o?~QvEQHNDkVKG z3HiR!&+vn4eS#gWU^K7*#OA!cfpD0xVvq!$Rl#goWc>C%lo!QK{5m(9^_k$ut?)GZ zPAR_5HW2ZC6s;Qf5#9WzS^e&6j!cy-z>?E8HyM5AM2gHFFbsKCje3M~&7H4)dzel4 z_(SPQ({F>~u@ANipF63&jh4P+0_N5_~$GcdZ9iZ_wSRpd5qG zXjF&LF%z`4p=f>d$MO8vT&)rF+VRzpw5dZtV}m)*Cy*!057z4esiSfMT(*6uX-`ou z&g8d%#}~rEHVy>azI~mm+ROq;tu6w=;evU3-=B2$%d2zd_`oU-a zv94Ebwjfzl;h+oM66%DIObLxyW)%wDZ(d}F zb(%&A{3|ZkKy$xT#9eA+Ajq-CVlQqf-}Ib%6cYdyDDfcN|CT-)gc55+tJAw{dR#9JhKw(4OPntqEB6kVW~ z=&HN-s`b)y+EAI9-0K={gEfVTi(JR60<&QyaHwiv$Pq%`Wrsi?+Xt2hJlbV9LujUuNdtRO=_hDSD$@ySGD zI^*l=)4w^V#{lYy7)@^D^|zvlID+TV-Vt?ljl<_<=Fh+z_SBB04r6~ zP69Op*{opD3}tsscnLqd6!dmzT($$fQ3UBPo4;1O4r=h+ge#iC3kY4}jCujpK)n|3 zc*A0TXIp^re9{&}j{fdF9UUD6z8gvs37!9^rb3p19|LemXNBe$s>wIij4v@)v zTZCT3K&2EEJGwxLgkIms;e|S1`5(iCujIpQ!ho^QhWWequeE#(0gJpXxZvL7Y@jD8 zKi?j(ZmMp&_hi$+bn##qScrl|C;H zX8^V86Hqa`C$ofb8uu)XzT}_*dbUH6LnK$@TY!=(Sb&CRT+m$ZBL?zDajXur>p=eP z5eh(|95We+z-ahiAXz{TMOhqzP&KN4^v*3OAV_9o7k5KoAMCO8^LX|%3d~^@bfYc0 zOZ(EVwnvm=;BN5pn}0rPNZA6&JrYuwdfYR17(@U=)UoB-Xjl6*N%IFMKu7y7z@=O# zcl%ou9#UH9!sjL61zM}xgUX<_yF=~|*m1hO{XX&heUuM(FF*@!*=+Ik_cVClQYp}- zFv1!EpkkPzZYOHWAjt9`xu60ys5+1jKmwl*?Wc8D&)jwR-d$OAvv_3V`4-50CpfiV zmCwIogn&Ubgvr{5Qs!s?b7`)}^US3SxBI@X1{vsxB>o138qUr15K{Yv=vH83X>hgl zh~Vo79QbTn|ElBKfXXP&h2Ti%Bp)JeThnoi=#+co11J~-@w0DL687LdZjzlh_ zIxhywOt&Yzp9`g~;Nj0KsDCP0wSl(KERBnYMIU3s5n0@Zq7lfIp%$C?WwxhXrT@Ar_bt%O-%P9ND4`yD5z98Kpj< zZ7|-CXYPrnhhxN0f6&&C>qdodWg7 z^mGt~4Ku?!<`>$ZGt_1_KfAABJ$Upj?@CW3Brg)fNT6%sjX>c|w81iNjx`hg>kH&D z=w8!7wETY-M&XFm5Q%?JmZc1Mxdesj)q-CBMF1f_T5y3vjN496vqX0^;-`6|&K8?U zvVC)Og-%Sc?xuV5(ya?zSlLbIW;pUyK-Ci7$zOHpeHaAY^2`US$5FiPM@1_}lB+1I z$bLFMZlJ-@y0W%P_7`S+gfUoOfPz{<#tlV}?+Xqu6QM3nxLuU1xu7y>MJeWDfdV=1 zJ8WD#jx!hXy<0a#zqqU=_t~-D-*kVPevg9(i;~FWOpmy$Y3>K!$Ij}1E-f6b*ij}Z z_G7+*y728fkXk6$d%ymdoS??U2TIqkELTCvoA8r)(A$%=MVg4;*}CHlTt}LK4v@eV z4+IQ6(fF(qnw?5r7wfj$^KUsN%7%iF21s)-_yc~y;K$WK&rJjOoj)JYW+?#9U@>6k zxB0^T1Solw+4|h7s0qyuS{AuqWn&}^g&j-~m2YkM5Y_itRuQkL+xe9I0TVRVA#R1% z0zlV6yMPjLnY5J!D7)I-_f!PFkhAOJsvr$6Ujn5C)x$-!zjMel9gLTyqix^#&pr~z z0xg%eVxU~z4dflkK&p;?B-nreK(R!lQoTH@U+mizpyGcx=lEXwi!YE#)z&a;#xnUu z?a`(dz^A3iASiF#1gg1FS9%W&bcYoIEwZ*MAlG#zuPr+QUy!}$KWHSUwmMgv{iNFN zC-BKqq#G$__(^}3b{v)F&*%k1%}qXko#i)9;jz|io>ew_`7!}5(u z?uD~v7%*|SA1#@R%sVy7+NQGV+#+uLr|c~I2T`EcV9osj6t|52;CwdztLzd6?+8!A z@L^qocr_yw{kcD}?1HlH_=!jJI1`ojjU}6O<9w!BkESm!A@N6NK)W_F&%_j8kbL(P zB%!;6Ce=x5%>NUW+VeohQy10H5Lvj=(!QS#h_>)estXEN5}DQfyMUs%@%aGU%W^B>9&;w^7LWcN5oMvWFMbcn6$%*RgcbbQC1$rv%F3Zy$xq zb_-jh3zR4{I!CK1i@h%>4|n+kbjc%ua*XLsyw>b|ncrwk1jgwHSOH?7*j|<|x9QHC z%glH*k?1O--U_>3V+P8-A?{MTb3kIG#RF#?1TS8hbH+lAu z96pA?fh$ObXPc%234=RmiIdsT5Dl(l_dG(jSWZA6QPW^BydO{5BSsVh=y`G8`m~+~Hqp`dxZl`;Un&~yc|lrt zliSj$Id^|VbUyrLp6{!rA44PalOO3ZkLrMVFDYr4d8XUzZSxH5KcACXye?GXpkd?F zylTfWuS3;VANJigE`20ghd9aI<1B09a}vAO ztJG;$LH${eBtPAgFRrdmXjoc5#kvZyfBIg_$T}#&dCFmbc*R&>`>}5wudvwv_84zJ4*6~2n#K){_NqavWG^D z;zshv(&E=&l^jnq39hj)4lM)9k3rl<#^2{_5T4rkY_-xSV9z(ejbbM4GV@rLm&1bBNoyke_ivT+&Pb7&x3+!?LL~E z;`zW5$UIHXH}0C&*ZmjRNJ60PEIDo~tX228)X(My@AEs0OtVyE9WYEbBmnV|kOR2< z@>Akzp7WCfU5c>wfYV4cMW{6ZfSahe+bt@e%ty}_rL!@iBhWEJDic3Y9_T`|LGl6) z4FkDMf&4NOl<$cQ8aKeBK(0J}pzlaEdNk|vBll@OrGT{xT0f@S?LE&+e;n%Q^noOP zrJoKa6k<)UNjvE+h+4jSeRgO?BV(5js_cX|)Y)UpV4G>1;Ydd^2zRkK=0-CNy-nZN zU8<0nW2X7I2%!3)khXo2y&yRPv4995kg4kagl1C=y)$SzW53M+L~2|N0J!N!Lnl-Y z=c^a2S|>Q7@b0;-iANQg9r;3vjGNrsqW~ROx6vP00-b7K@~1oI{&awE@(@o&W@qbZ z8vEJJc3ZS&$l)R~>ZYw8K^=dgomppV2)v{*{zkOcto;qzzE*U63;z6;-)K7}Vj(P& zF0V1UFXn{K=X**l^V|~9Y&Rl5IR<>MUq`+B)Y6%|iVg*5rHw(`3!O#}j&x40jYyJP z!~TE?dPB5BQi}hnlqRS_LMCH>@rz8?J6&n3Kp<&7(H-NidS*w%q}?bh0#ZihS=e4p zb#WAEJyR)y1XT*l;N3banc*JwY;XjCoH^Y@@-?;!Npwf{9fsPhr=~Pyb4Q8QR3h)% zSn7;n-i&vcA&C1cVs3G4TGxMr;y1mwIGSpOj+C>*FoqiqG=!eJ`1e~p`J^L5h0 zikvOQr{tO<`a6}QEl3cM-m3rw@B0zC4$;_RPBS?Eq4bwM7bJ`mi~Woei&S37KOHwr z1gGK#J}#F&y);k+@*0T}eAz+t03QAf$T6{!h;>eid>O13oRr-zPK2I15x}lJt?fFB zf>~%u?kJM=%$(%|)bBZr?2F^WsyZr900&TTF_g$tozVsK_F)Fd1pqMhspHtt;Vmq5 zd(tv2n177zn%IsRCI1%HI{mUmeGkXg>m2AdYwwZO+Kg4jjG2pK5*SjQ@!|xO zx#p9Kw&7V}__w7{{M)GW)%SqsQ1Qz;v$)&ya`CUn9XEjVV9EcmGGt#r;hd&Qa5f-R zBVp6|bQdXG%$M_Ulvmv}Qw=tvONt|jw@0t!PNF18tTZz?{Rj_+V>UwRDhQ*0%tJDX z5QhrKZl`{fqqOl9h1m)NRtlVysS2y>$nH~brt#^?m8yG8pF%aRLjKe45x`FrimfT$ zEXjj;rglGA_L$V5Q2IIU2*5>|H1EBi`%lC#z4b-x>Yt-(QeHwSXB*|sOG&ConqSAWUfwdmjVsJ8`;msL~4RrglmpwNRCN+$D96 zO`k1rI70osG$70Y*A;1UOi4C%pPM1v25MgGro$(WG-f%*U56xW!q*ACRcgdrpXVy)D{lpE=Ro?5} z!j{0)NsjL=NQ{H5TYO?-^|Fk;*OFsOk6N~Vm{7Sjqs*EY7^+rD_na0n6y+{O)Z_SY2| zbkoEeh)`yQu04>^XAqw~P0q zF{wZI-5b-R#v#`(3VUJ5d!HHPGqUMp3tk)>wc<&ZWRBlOdNRv9Wk4$F=BRJcJiuQI zXM=p<>sN4;-zI2?f392{QG(56L6uFrt-Owq344zYC06}PTnF*aE_n@Z0+p5XsA)~q zDUoVVwU()5NBkXaiiR}%8oqaeSZZ_5sJVkPb|V!bwFdf;BzQLKoEjA(kW)B(P2&>F20|zxjlG8$? z1AT}$il&98(7Bg%x)1i7_O@1uVZ{?a&Zynp3Fmdw+s8K^XfR?#P%))ZV$(H>zFt*- zg;4(jwer!$&)ak=FrvG-YCZtDrgK;_1C|_?L>aE%TO;KQT`eikw{_Ki?R=wWwTV@L z%sX@x6RC2ZvRzx1VGxGIK}sGc=8LS0$w%_fp&AyoaEfELorXCGYV8L-2u0oBxUHuM zO#Tvts^~xR&22&EWxN!kCsE;JF21=CmPL=H#o6WYJ6>>9n~@*{CT9aOJ+}^`zhOsN zdJ0Sm4bQ-s7E+3+}IVG!b?Adrr`gCZ1s>)eQ` zoY&Ne&%+G+)Ne47zEgCh`O_17cjR6tEJ%zLhqE*2122Mu2nZy1DD#ZqXVQvb@M#Fk zW4zZjdUN(x=bgAYLA_Eq#y59$fyHt)I1MTEFy4JhD7qKbr_2$7EITvWq@$rYqvA(+ zivr2z{2|}T;~)9ezv1#!UH;5vT!d8EsE|>$v7T=FR_2XYjLixv7sQ*|xrDRV7OyQu z*e+RgSrU8wD++?#%YvW@uerdk^P${Sn&nU;Ta`ovYgE#A6VrF|L}L=pJlh^(`Q zoO#qDEat_gec5=$FyOATHWE9S^{!bv%brG-V0RAjVT-QWO8Y`wg3XI=)4mVmiz$ez zmQ=r!p$x@_K6?R`OO!k+mYEGN2x1_i{WafkS*q6JqiJ-)J0E4DggFxAsc0^$d!Hs#h&q9$Reh03_-rxqk%s`$~M<}83&i|4|LeE$Exru1}wJbig#MD zoWR1e2BX5*o5w8V{raq}t*Hfd58QI)#yrENm~rlm6)uU?o&Hkm3Qx%w!h2CK`Cous z3oYPhs56o({n}_1!G}~xYvi>dH6WQ?=-Iz*DuXYT|IYT;L@*<)qluYT)*b>S4k0IW z=bCmtRm);+PfMz-*2huTYYFV;CLRZsi0RPMF;rS@YaR~KU?%5z;Y zE~7=k2x-35$0oy@N8hQK!%5~IAG}#V)(V$_Xh8bXVcf9NJCk=y#%7*`dI#egwcU-r z^9R0o4Kvn#|HEq_Haub@Q%z7`LDLqlp$uoD7Oze3;zn4-Q>`d8QL+e?7z8 zW(=*fZ}oXumUN)N#YgT(w<)uHv);;kry-#?uWa?s^y7F=CN<)p?5uqR?nzlBOken< z)pN2-lwz#llFdm)Y`g?7er-zZ;wg;v6s4?wx` z{s=!?H|lLF9o7S^h37{1ssv^DzH!7Iv&#IKn74o7?2g%)*HHF4$^ULDh7nmz->oI> zTgc5~#pZkLT4l27+WGf}>FXq~xk$wk{CG&Ks#Ne{uk(9w8+U?-CaEwoeRQZQ=0xo7 z_d*V?FB{Z0Zm&@u-d-AB%KL^NXkx_WNiin^*Ir_j{ep@t{YxQ@`$JHtHg@#FY9ki| zTBt9pqE&Ii3@}Vg48_kRxZc7bbE62Cyi*ZVw^NE)p(p|GtfOV(!0@gYp@CC|v?*y1 zOe2xDLVVaObtP#CR1U|z^STa_qO6Iwp6e>VjV*AnZfi$ErCMxB_!Nc{_p=r2>Mezj zqU_m=_!MS^+o3=t>-5j>`Ncb(-S)TIFcb?SFtKqILvw>uoG#Y9iP=iK-GAMP`B3UZ zLJ)QmH<+`kdg|cLU!)1KDbV1I!Og-kgxPBI?y33>Y8CA&#i&q+-(?zzEfnNm?$z# z<*-dWp*nmKW7%~xc2HxxC{=cj&Lw_&@hgfbxHQg|!g z>I4Fsdk`H$J}WEL@Yfvep@X`Y{;ZEjyI56d+c=y_I^|qNq{pzF1|k(8_!ArsW>X1{ z2qtZN4AMFIJAHS&C+xgl-);iup44sfJJZ{3#G0FWjbOcm`6sqhOx}IV&h~=(Sr68G z)3eKv)s9$K6&OY6>bA5tj#X#@UHp^2*c22O;u~*h+BR*7zV+U7>vyyDPXlAw^iC;E zp!V30iaZAE;Ee3CC5E->%-H)<46@1gH;Xx}>lRof8L%2~Oi~8QeA|nlM!v84>g4XM zDjvl$o!R|{EXQNWJ#%n^h(LVcJT>ih`ZA+JksSuZga>CViU(-wnhVYc z{f4rUd&I}YLQ3JcZ)wgOj~e1&^T&J?=-n_l{Y1PYtwSyVZ*u*{X0V+#q?pk@&fdy| zCUE}EGwQ-%do-q$NUw)GnRck052e(kT+%8n+wX6`LqssI(WqPA<-3G3LUmq*C+}0C zuA!Rli!Dg2v{2p^b-rspSPHB>+aJU{Ar3NnnOi)e!*htwqluy$zABgUN+PhpW3 zT?rf{i{XLSACn~WrVc!7dkNJ^J|aOB#qTC+%M?9L6Sa!Ju*42NqxuaULAX5&O*Ec+ zPd`&YPQF@MLJlq&6 z_>Yd@*tvTM_x0#YAd`&_-|cC!8mCe_Ay3OWADZBo-@-+Z^U?VqsFg_9l?x(l@X?Iv{1^ZWq&CPotYI;rXc?F+WfhaGeNJkhGUUE ziF~?}WVen|gI4ab{j?Km!Cp@xpj&pJHo2Eu_r5Gm>UuH9sy4jvrFMJ7n%c#&0QWoj z{O=m`-y7o{jD`@Cc!&sy<`#2u@&j>5+Fdiwz+dhWC!BB1f3_lR=6KZhf;MyUYcxNe z_EWHO6{@5dZ-sNbDK)QJ$#xVd@vur~RHxEacNgINs2-iAos~V6tcogw$!897ur!CK zyT#~`zCfJ5lU~0xK7BLh`0mH5Sij%5-`V1atswnrDt+2}y!FFy412G~Zmas3c`sN_ zAdYtav($9xhSDSb0Je2}M9jQ-U(%_j_6@c6%nPb+maV|NIEv&i{YMkO)l4pKtn?ylzChR%{zNE4_uXIDsCZLhj|A;T<3;ejC*-6YS~)7R zE`wB%@N>GkO;b6~(>fM*UUpK$Zel$+CLD$d=b**f*s~bR46yR)BVka#b50h~MTc`p zZS&yF47D+LyuP8O`dXQ_MP~TT4|^VpEp{V{b0;3miOFq2KU5KG?WOhJLSE17soqAr zG0i2hhLNfn(QjGV25L$rdrfI#)2{Bjf9ft-%T@BlO^bi?ZrN9+&Eia1Xgxi@CbH%A zpx^WKz1xTN7>ejvhoC|A3Zk)kOJb3`N6GPew0q&krqtM>Wh}Qg0+#zTD^8y0H?>=k z{%K1+=yi`FNA`rnSR>Oater8Y_FP3-Kh3!Y9wPpl%+83%9)DlVX{Z{$C2hU_t( zHFwM%OB*t#m*qD8v^lBT{f#%ze9QJrUaMF;^7`d@N1p!aZpY@E?-$m+?JRDcIu$i; za)Bs8_k&(M>pv6p0Rc-X1DWYP92IAuhu=wU6tWy(N3_obk)OZmQBF<}a8Izh7|_*D zLIvJu#bRPWzkHZv6%|jt__h9=0vXf@umSV-|^Lxz$SkI8Lq_4`vt z@TIjT#9X4is#DZ}(sQPsqi1QMKNq8Zq6YCoBnQ%lCycgDf{UIV=Fhym0Yh<+zwLBK(K&Ur2o;Y30oA;DlG*!pJKVaq)X9LqH+qb~ zxJ7lF$A_~naU~*q3%%Gvys^xJXQZM=mEaVzA1qzy$m9(YUDlb;+IXMy%hn|S9;1Lz zEUq|*dz!E42rmSBCu!WxpA1!FFTB{iFrqljKi1y(CXu;76PNMTc-4dfZg-aa7{;iI z%nC7-fGRPP2+@Zm`gV|P5+TAG zu0}a3wLb!Py-O!|c}YYtkVZ>ZP7v;0{LT1#mr{>Ehb_(d<0oe7*m^O+&}i_Im4huf zzaZRma!P+id!yg@?zhpCOGO144m`Fu<3eG;Tb)jJ#9f*hbKE4s)a* zEb`m`i7X1a>y)mkAn+Kq9YokAxK=grthQ&7%K=b=_8Q9WK07VZ;BlSHYpIzCl2J)! zC7x*hdwYfO8u5Vm5zqAH9cRmXR_=r=O>h6*+B0!Xn!b6%IB!k_MnVN%D1l=NphwPIXh<3KhzB?|HGB+Dg&077Qho#H`STR&L-q+n1+43*Jp; zwJW~$cfDLwFVL?v8Vv{^FqDMjBRH)dmRuKPYYkhF=_qt3jx8cd}mzwv5gecHf7=~$g zz|`QXAJJw-Y-I@lAbj=9ko$}b_=c|}IY)HSU;7~%W1^xa^`^A{QG*_dYTQ7q-mClK zo7r6GA%PdeN9cfj#zQUjJu>ue6JiKHxMgT2P+>=G<*>~xUqu-!0vPm2D` zeP);)Yq?2to#C5Dxe&uwQtBfQ{$7g{({LcQXyV%6fpoEe&!u@*@a0GMk%#Ovxd33! z9ftpcg0S+?i8wi8!|8+G{NG!%Q?wY%lPb|G*MG#DRbgcpt|J=PK}9mt;#qFk?Dm3F zzXG+s4)Vc#axltNi2L`m4{E%^QA9WK`ir&zOT`m8=AirPKBu6|f^5C}56yb#&m!(1 zuibjuMKk*0`f5$kWuWM4Ujofn+E;qz87uZuzWaRO%Y*?l!ZKsi;~r!*9X!HZPPwnV zS2odQ8j3zOAu>8Pja|#jZ>ZtPMn$21KT|RfCS+uH<-NwvQg1GX@mt@<_X2iohQk&JrXnx<29c`h6rJ z&2SB}dl($u@$hi-v)!F1TTXQ(*8Pb$1=%&9iG9}9y=1ar8Q5pNdeU&Qm$u{TTbBmzAiTLV^v9>&L%`{?@!Cl<=ycdN`{G7B_AD~?d|>ev{umaZs1X6@O!$#(5mIh??-d5ogHmQvY$GP0FoLXGa}xF{7vFbiEO|x6iCzCe35A; zP>e{xYgKGYpc3pu^P8)P0+;&|1i@M0u~`yNs%We}zS2Yb1*qJ>I%Zy(41222`PXwn zA>L}HtzMh*l!gkxTs^x5aS`sZ5qMa;>#nf(EE>80S{3w94lc-am8m1B+BZHYuOsI%LM?Vj{Wx{2pJVQCd=}klPg8-M zaF;>8n;*?zN11_X_^|Hd*!aI`aM6UxqF7q?SaT>(8`eISQ{1wxF#)EBbG9;TEg(7| zXxM{4lRa7%iwNEfDrrn_<_6Q)H9*%9qR}>5~D#F%T_L%e>uwR~fE7;|FRJ z|GjNlh?`chq!mkqrhW|rBf{lejXQeh#aSi>2L7z7qTKybz}@dJ>nD5HOe(dHii7^f9+t+sx)=7i-G7u`8=xqiaTgEo@nNrrJ~ zBl-6ga>g9&S*{R8R3aaNrz+8lr?h0}mcp9BrjgzB%=Uc-4?ZvB-Jz$qC~ggOA$-nc z!~4YDSH&{>^Q8P*v=7&(D+Lp1L^ZhvV2)(B^a+#|#SXW=erA1FLd^KadXQMq;R6fB z9G&C*LTA{>&xzu0f1BvnJjSn^XzdNAO0@E~nD|7TX81NJ5``V73C0c>&!MFC4`qC? zV)mB{$>RR{|Ns7!4S{o*Sui^={Ack0y9;&jcm)>6W3If^fByjZKw3=Px=^dil>hr& zuAB-9ctc&xgXwCUUP0TxE9087Y-q)Tfg{WR`H~Pytnk43TB|60ReJYXy>p;IVEbb< zH%lHI)llvWS7F7%^UJ@hrRI)yQ2${ufZr?T-f?CD5DJn3zw>yBWcsXSrM5{ zRv}AZ!|LVsLD@3j^+yvOQwOmca4`yn;N43WGZB{J5)Bh^*Cj<0&-Urg*M5Jt3|rJM zz}e!>bR<=Vu4A52EsQJBo}hBwM^xE0|9ei)=|f6u9A@iYV8h5X!GRa`K7g7&4Ein} z0^JhZJ-`r*NIv{M|Je6%!$JCVLvRnA#FT~J?OvO6SpbPdI3H~TlAgF|muBuA@yt$O zBPHa7A5L)yx~~q`Yyu0u)MxlEFu*|6W{9-=hRw9D-M>YDlNj_0fOcUJw0 zt6+4V=ax^wq3Z9B0d08%oP?7bk%|wppz(mypxjjpj|WWdq%4`BKm+uV%~^m+I>3KA z7Ia|+XwSLZ+0xG`z&hOb{bp48pDB@rGr3$GU%oqqJh=nW0_Iku-ge{*9&UPwO6SO< z-S2}X#%~_2f+hGQgx@|`1xkf21b$$4L`9$QFD3z}lO-31BQA&T8Zt?ilftT44o3b!dYb7_5EsX70>*nnB``b+eMp6Sz@^6C9 za}5iC?{cGp55K}599x>)VH74{T5Z($u;Xaoyvn3`0X!|jiW$5L3*1Ldi;*2TD=wRr zFL+AL-uj|J;&$L=C(bJLHeeXLv;z-$qe8;6;|NGJmg&5}x+P@#v~lVhpoeGCB*g-{ z{&nZiuLUx1^uLqo{aG1p^n4Nu@T6*x?mbOKiTlesalPv{M5$)A*$`vJ-*HjR3Z z>rO%ihUZ?MuwzEGn{wac@sTA@&=!^9&dRHbxH4lI<-7#4>JY*qVuLrjV455hW#yzk zs0KJz{@1}NMPm51SBSZtW<$3_$ogXwTmp<=JMnKgbYVqG6r7(=FLeE^)G>&^o6dps z{j+uRn{J);U=7c75r86{3vg;D7dx>E z(D$}&i6Xg$@%8AX=>YQD=^W+t5+D^-+ZwlXG)(KJTQh~k?WtQWw(RPc$@#MX;x)i{ zq1*@gh5G+B(#eq!7=n;mh|j7oo`2eH`O7yL&W2tQgA0ri_~cSfio8DIa zCH5b2a~N&=5eD_fN(|zp$M7HKE|wgDiEphr*dVOe7yt3P$!pU{(Br4} zr<;q%=!mZ3+6b;l59#7M3BKcQL^DI^?dI>q<|~O4;>2q~OFc1~EK7&cO(Ci#;y%02 z9pgIo9OGUuU!V~hfX;~W?y-0^nm}T;bjDBq#`B}C87J=Hd`p=Dwq`ZEPF#AgzUTZz zA<($wC(^O(e~&FLn1V0hWZ%^<71}WIO79l?-GTK8a1zuqkBPXcR45i>crRE_&bQwg zetEm0rU28cFqlyC=`phYia7$#bh1dK6<@;gcA=jZIIJ5%@pt2jD-v4b!);&E7x z!LeheVnN)l6HC2B>nsaUztw^63{xaGx61=FADfC&OU(_qnm$Z#_{MvEujL8yxI$iV zB3XOAh%d4)8|KP4uvxzoux8)^a2{E%UD?yWu_pNW9F7@|`ELAF0Qh``aY7~xVgqcX zVz^SpeS=ciZHXsa9#z4h-O^2;_CywX9NMwRL==*mlCoHYL9Ck0KuTJHjK5bXe@&rB z&V=b#SOG;kI9IBdfJ&eT0LM?Twy-XE2wHzb{L|gg2<_;T=vHPcMs4U-;pDk-PK zdJ`@<0v|yI@G?4IsAaYsFP=o9PQV@~bS&3>ndnGzj?M1@6x$Tb-42>vm-|LvBuA%1 zXyoqKKJq>mKPIZB1u|JViS$+J5aQ0dpZOH}ZGcxdqh!buMZ4*PfW8&XDyBE@pJH;! zJCDmqG18rO`acl&EiMB_4a1^Y)QjlQa)#UfP&S(H-BUG>;=@sILimP@l;XbJI8BF% z1Jvt<1>KnhBOG^5tl4YYLmqdX-*6;ue&bXFQy^7hx?cANUld`oRa1l%t_zWrU+nQ* zjilW7Ylf*niMf?FI(-3&?CV7hfLl$;2PWMKDI76V$Yc3!i+g)p87vV9S>jbXHCil! zoddu&X?EFF*VC>>|KHw@fam zP5%>5{EI3Qa6zQ8)BWkg{~p8DJ9wGF5W~gYPe1>=qyGNKK^@qU1p4-j+y8&ar`-g$ zAYSG>#Q!r;6)P}MhqLWQkN;x2zjxNf${?rTbSC`&4wRbYNT$o~_GP`D;Rpu!r>dl> KSS4=}`u_n59VmAI literal 58337 zcmeFZWm{ugw*`p1yHh~n?hZv!NENQZ-QC^Y-6_0qcPF^JyIWzwU7Fk7&%N(Cx4VBq ze@U{RWbdrZHP_g4jxkok>Jq6A0o%bt2ksfC};(FbvhI*?1xQHm6Sp*hOv-4 zW~s4wJ zU+zDz{dpqj|K&UX{}cZ|gR|o(B!r*+&zQTJz)7dEfIA+Ji^$4ODlM5-sz&V)w4z4V2uY*0}Rq!}r&?vGnr=Kal|8o!TmW z>1<|v@zupxV6DjwH0RSH=iANd>ruk!>qg6;Q(RX2S16)ZyFHNVl~yw5&PQv8EPm9# z;`k1)#oq)yak?m$#iyUvxhpHedvWq}T(<$s{_jBHbxRngh1aX~m2c{D%*x#5(P;Fr z=MO~{*;(w@=f39Ui6LPU3CUIm7-6}rFe&&Ei#zxul$}b~t%0VuB@zio%EffAzgSdq znPK$YO7ph?M`KS@lsM0s@%F_J`j?)fH7~<^>g&0`IVyB((L7~!-ZKTg>IO(=ET4_| z87txcbNzfS)XOc(8sim)ev`HC6{NH-H%go47(0s>11Hd04)pjg?einRp0d{Mb&Jy6 z!U_TtlLAkOymWMY9qCmVX{BX%4^AT*=a3~t)i77p_COg2bnA;KqB15FbNH)5iIqsb z0rlB5u~#Tr?budaBlW(2``xy0YU|B*(GFw))A|$dT7y|yr|xDGKPN$%_vRx>I><@% zUohbh`y~!LQaII0B-+N-@LRAH-s779QTr7wgj6P2o0HXA9r~#&v0*HfyIPkS&SYwn zL}i;Zn!6CusS7D!FO~6kuw#r%$wCe9C@-P@QPCZb`vqGJJP-M2hkde>U0x#8tw8#js~X3>Rtgxn5zz2U+$HU!DJ;Kw`V#!k2d|& zl*%wE>CkppN++{51QYS+dqo?qf$N2G`#W)R25a}TI|8zn1k-T6i7bKXHc>~nRXp4x zUA|h>Q!dbV0}rm)1sr`DLJG27A~q-E=?e3MUazaADZRb>IXHMr1Xt>t-pBDELN%Zb zB)P#}T-jwEb99J|Mt+^?-(G=-_ErZA(nYJ);IE6*HLea4i6)f_ivtjU?G@C3?x^nP`<);BQgl8d=Mb44`Pd15x=5L{JTa7%vjk4dz#T*Mi@eWQ}rY=TS}nvcYA zNbrNLqMr5_y<#M(IMEs|e!A|soO0p@SgO@p(T)H^eG7ABQ)*Z|c_yzwQFQq(Y5k?@ z?2XuSeit&vB{baFi|&pm@fznV(RvSr0)exQ8iaOt9cLJEJ7!QISEWYx?p8|IN=X>h z=UV^A9UvP50ulx(m&BU zLzobb``D~!5~INxOYPId%3AoIZ&Fnx2g7siRE%qGaWD_&l3ZeYon>>g+6q5f?dO>o z!bSlV(wr8HUr|jpXVX?^T^*atoJrPsvVNbB|FkrhP$^fTwynOt-5||eXiy-|jLVCM z=3P}o=b$n&9RuKC`)ag^%1p_2$a-fk?DEJjWHgp`v4=-7Spj#+Mul5Vxd{6GTaJXAd;|F)7I86FiOwsfCD z;JB-<}Mi~H6eh46xOP00mf+1&1 z?s)+!!KYuSD@6|-S;F}}6joHpTQ;aI+>wxE><_{TQku^;?l%yAtNSta(pwa4)HgM0 zJX&(6!OK^+RHpAOi7)1|ZhWFVm4l=w!ukFC2+&KNQ`_=PvVIAqc*^{^%;U=8p5(II zk*jzwyZ`qsV2ZXB4jAB(y?=*JTY|;pHyr&> zl>V$#wrkPV>Wxs?7zC$z=1Fa^0~N{>1Wg#V$^dWNwL|^sJs2Hdv- zaVQkiWVd^BgU3OS+oHv2Z>?3TRX~4}6j7nf=}S(laM-2y3tE>C(`fyEMwTXccOW^qVc$6GvV#ClBChR_(8X!bB_mwTukJKCYKqXg zo5nXp`Xvj_ntemCkYAlds_(aiijCRJHB!Qhfv|luonpjJXDir0Sz&A6E;%_#jm7n^ zRv}9kI=Ejq80K37P>*t9mhJXw+JpD6&X9)=2Y}yQ^+~xd)>YyP`^)|P9p=dpx9R}l zNNeBD;Dq}-9`tW|bL{u#O|oMfYwoKeuDfEEy&1k&?oD@DhjFk3M+T#FSuHI2-mjbg z$!I5MsbOn?>EC0g6%f}qD+wk$bxgW34^gSuusa(@_gbaLQ-}|3G2WJbG+{8Y4pEp> z)dw+|3_HGQ1k%|(lt#J8ARKCKy@hOq>`qUrl$@D_-`hs@=ZV6ydY?r~MlXk6>3&3P z+mLQ==e;evZlh88tiuu(`9$8eS05vONac{fen@Q>s{b2#NMgW@2laMFtuJj?rK%5Y z&-^wgGIx55#CRMiL@URa=ZWqM&($b&AfMd+IRTACOgk0_ue4bO-`t!HWiIb4GI3of75qH(uS2_;?Y zYWMImma!I*{v;cVrxye3{=tc!(OwjI;AT)}J!6HH;I!WT>t`GMb90X7`!^v2W#8nMs$E z8|r;dxI{CFjD7nzb0Z7?*~v*3&Ru9|6HVS>-NuQy#8mI{Jd6vZq-1z)jH;mlvRq?1 zWn)gS=tVsJ34*?%1uS@O%qM{$ zz)1erPKMmMjjo7clh{NE{(Gjt&Nys2X^LndPAL;B?wuihT5(G7(Vrc@F^vOKpusV4Ky7! zQJX3qJK%=3LHL!sx*FG;=6t0NbTU1_Ul-fgYTXg1XzTM5B=oBo4ci$_Se`GNup=h&EvN!~KF_N?z9 zpPOZPu|^he!1*{ zLS7S&iw;E3u|oooGaH^?6qIZ=@e(xtjc7p(Mfagga9u6f+1`Xh=?F{sAi$be zcAFTPWayZhm|H5B&ZD=COfwnM+eo;RoEZOpTZsASxFf3rXCJH%&xLoB^t8MCqge-K zme$b{!V)vImy5v-`8&SXKqIz_8W*&6!g9rU~lY^0o1<@ zgUaisvJ!EpIJXc88uy-qqcm$>fl5Oj5_RaSu9l%WFtR-{eWtZe8#s>(ry-*e@dInU zO#_LSSC1oR&%1gJ$W>vFr^T#3>wng8#BAuD*7hcn$Tc7;dUBC^zW82sj|oGivs%{J zy(9eYLg`Q{;G%mm?OWp_J_Rs!&m5Ztb(C;Rm*Ae-mcKH^R`i2Ut;)<)g`f_0Z4uuT zCj}aGu*h15h9?RI-$DMGbQcJ8_ZlXTv^l>nAL5+nzR};BY01zhpZ2>Uj4ItGm>U29&$qcEx6_2_w$RhN z+v7655b&z64}#hyHu416a+u}fN+Qm>#S(QCM~_Dq&u=&t7E`01nI_vW+5qL)3Hl&d znTSJe2ftJ+LpN%;Hu>NZ`uGXre$8`%whSQ&O=MkiXWuwQxqH=oYjIA^OpV;XHT!CU z@mmHls4FkL|;W zOv#@=^;eo&?C$00R8Ab6oc3?Vn&HPj{>;AC@nxah98C?maqZ)vqxbM{X>gd&LKR5F zil?(RYZY%)m(J}F*7&Qu3%{4LcWi7#8iU?6guOUH&_V08Wx88(reDmTc%w|SLCP(ytP8Wde%eUWT-_>s-k}V4oh%fIE z8PPY}Q7hcJ-9SYXaBlW^UB2zG1c0l7*&N(_&nY1mDPV|-WixrYYc6f|@#b4)o<)QB zuvA39RHsI+jUL!6`IO#3w&U?T5LH=3py7p{<;_`;kE1kDXG3#ud@)(g`H~GLmK0V@ zz*r8sqahwyyGux*wnq21l`GbEJdPHwd;#KI17`O+9j@W@gXFoP3S4svENHPb2wy6- zXLjHd>rd8C)Z+PFf%3-&TzbRhZ`OkaWOV-H7m7xIS=@xCnDBV%I zXOsg4%B^Grkqu}KqGn-wN=Jtz-p@L1v|33Op^9>ld}J70V%aROz5p@-BhhbF|MI#< zr4AQWD$hmJ+qAmgdtYDte|)H1wlqSh;`DbBAYi}1MZx`8p_ z9cuLV92Prs*?*?iD<(vNcywipRTYj`yJI zTHj2)shr9-z~uwG2WYuer8eLjIw~5!oGs=<0RbS_dKKVg#OaOVudu=u_Pr^MKlXfm@?JVy!8HniKpPclL9~fMHFJbVu!_L#g|HO=nA2W>TDL)_u)HAfv z6+aJ*jZM@TUGIs`dFd{O@YLC!_B=+NUIp|wh*{R~zkZ=pwhe$64apbNw&f(&ux)4>*+G_lY@gmrDah}e8?Vj$X>sZ`QcF3I&(WmBoz z!q<+n>6UhvU|7E#I0ms8uXh!^mJ)bSL<|^UEIp$2oX10E)C-9dgU$Z#(m5dN}b#c$5Z4*srLq=tMNPYtoroZ zK+0+P0r$KoVFc8YQIqMfx9OCT|N5aGRSbD%5eg`;m~!4UrElem0PWShE@}8+PH<_m z7ixzmKkE4$XKnwp{P6$y3ce7*r>W>WE26M9rBIQ-LGh=SzTSMUsFeRjK|ukJ)c{K9 z{n60bKF^F*PEIZ;D5!)0octA+(h=k-W-Sr=bHS_xe z@MFVy$@hGm7b|L7gr<7u`goSkJ`R{7GiIY6xYaf$xDQ;O$CSCLZA z{&&fn@IWGkHYUV>P`Qt`=x%6@AH~tb>FlQS#6AZl-`AR~7oY=vCDWC*KO^@N=-pSW z9Dhz>t{iufdkezy0FaPLGm=Qj$Ny7Qh0sL2EzeODv7nhrTP_0sqlLYPOesd^- zeuCYj3m<{(kNez}YXSMEsP2Og1yH5c;|C6TxoTOxv*EfW_KA7(ZclD35aMSZ7rN-L z$ro=DP`<_`8ZH~AHu~UWN0OI-K}w4c1ZepG_{sn0JP4qH4`}};Kc*jiPDo5#IHj-d zfN*qNIMS%)6MEXmytDcUg2&w6-p;jvOQKUjP%4%cd$`z$JV=K9%qkM*Pg0$fS+`XC zpD--I4RsINs=n9xsp@LLtGwW$r19J2$Hx=Kk0P32TFdMfB%TAXEOX(uuw&|HTF3>?iMxS5D}Fa z-#=FqK_Zn*Tk*E<$vo}t*$QSPF0(k$=dC6>y2Sf_#gqo^)s^WTnZoy3>U&0k?cq5gsy zy+cExzGa4+MUKs;Pp&!j39J{sZ>%mSufENsAKy=t(*0)op7mcV3S&F&mZc=FESlfd z>JN4)s@wk{up2NNEc^MZwLMAx9Py=>4f+5E%OL!d+4eWh0izXPzd)azo4eYJ6(;}V z0*B@Qag^h$S{;$u)gJu#=!QfpMD$;f(du}_@)EmJmI2&l%>A-&vfh1c+a-}5ELdl& z)B6}cr)OfV8~3_gUEK5${uj}dT%{QIa_T}eR8IHk2(&>UDHqmTQ95ULt+-yvz)PFdltm+rCJjDEb z-|m*KCiy|#lam)!3#U$P-!;J^{DBGu;yVYax*_T5E5yba%-MtfmzX77H1L4QK|SV= z4nrGfiLN1R{Yh^&PF4~B-mdykZmSB0mEdfgsxF-xrerY0f`Iwm&M+ZTRPJgMJYfqr z{ij{t>~*EX1x&ol(XmID9R=lkr)h4hT>tRWzd%#GOI8%$&9GQj<|2ePR~t14`X@tf z_RgCu`qu8iA&W+hv_7m=YNzqO_3_`nuFH}+_cP~9k(VFaH;lah(x8B{-&k9U&xQ#J z-aD(Wf4L8k`!?Hb{K9&j$`&jqID9#+2F~9+13%u|+vM%4{XuKZa@sV@ou1q}ZdcG= zm+!DNN=4(^k^2YuUzk(l5;KCdAe9z!JUmQdGCl?m_Lg0aAyymAf*Q-0^1SRYA3fFf z<~Q%uy3A1%6zjJ&CSkSPTt&_4F&oEAtqE)YUMloce-)7+a8oIZi6PePUi|^WV5Yie zz+un|NejYS=2_lb&WJp5e+xj#UhO31T)Pj6tpvw8ixF$rvCVH#x6hMGB?#s8WgHwG zTZ&7u3j7Itg;8RcYB--q&RE7=cG<^RO^v;+yw0L+?A5KaSv_@*h1|w@UoQ8eLaj?jyAXL>~3s;hCNgpSG z3c0+hjz&4pv=e+D$d39$sMcjfE34B21Nq6JR2dlG9xv`p24`3BFsOGx@UeS3olWC} zw3@3;N@$^w@Iz(|V!baA1X{ac@ z1b0YRsMVo`#^eMJ&O=a*lhY;&q8{t&duRJTkCX}hFFD-}0j`Enz+$dw0yvB5vLQhs z9`%Kgkg)8NCSugBeeHS+3k&K%)2%uXNYlE@V zGYJw38wFSJ&EZq9%}#@%oYgFSh$U19zu+>HS`guU7uS%V7_^oDZgO$nSLA(ag7ISi zCDq}eR3z{jOMWF(hm>7(!u8FPf{5g|Qk_5;<%OZd8;g=931LTDeC-pJli5FI8eI+x8Oro6betCaezUyi zql>{tkV+X{yFshRaul#7Pa(3ei4HexX8Wg%cLx^p1sd-{UbfPpnCw1Aw(y`EtZjWU z)x{>GQBYNKC&h{xlB6N2mpI#6&cma>+N}*DKhA z{o~+OPaH45erw+trC^c=goWeO;7l4p>Oc=Jq%ZU!v^K1v0E$p&b~pd-T&#%|%sipu z^{9d*4(}XCH+_AzVl=t~*8Oo*EjCjqNI$#* zciR(Ne{rm>Dh`vS??0b{%juKW896&UOGBS2wmeT`u?_lO#c(*S?kvDNsctm-x`0_nf7P&q=8Sk zfD5JcTMegq<*&I}Lxq!@0c$CD@NPfx*GULV7XfI`wFKYgFA-g(Oqk1BmVB^N<|w^Xeu2=Nxqjg03G6J(q282Q-qs5F~gM6{UP590ZCQ1@&2 zmrU+brgGlwL3v^wgM;-E#%>?=?I2)|hEYnQm3JlScS0G$W$I1v2QMM>?7*cMLq{Ni z^V<(?Jjt$x=+X2*jjjh|S}CNYtY4s}O3_Jd3#EWMp=7sk^<{+>i)gc*3~MZW??9Zl zTiPigeWd`-5I$RpWgK_w3)i3Fey7nrAKm5lw9(6erQ?-Y*~bshw(lKKWFr5pyW#vz zGrM~NVXvN!a>`R4J?~Bm+b-xeo6ZDb3zs3}wH~xTeJ-{gS0N{DQ;UoD*~TPP@sDZ& zi=*&BCJq0?cP6lMz!23yFJ%d3RDFWoodx-s_GleXYA_*gHDu$uzIj2jX55$yERs6* zR&@nM)V&sDtst;}{Hu}KIU1HCX^5B3+VnU?p?b8RaYyLil#He2eypMp4OMV%zt%$D z9PlOB(FGC9^Qf)Vif?|>>nMa$^hWN&3! zeM?OYeAa%+Gi|4`xR(S-bXnwb>JeZ6{`&PRbvI`VHPS3bH{q0>13e<5s%C5}79XoIH*j7HrDBx1zboTnmTMky@jMoEv z#j2opJRj>9K0&Dj0fSoww6{DW?$hwtm?$r)uv;5nX>B7!fPS#F5miyyRH2n^C;cE! zQ^~GPC?$HhytME&j!-?9h-4#L8XQoeG00UFG@1%l=qDT_G`M^`lK!BA|j8g7dh zCyG}c#2uX{`NgUV8mZvrEmLTcXz1ex<#OE{Tox1VL>n+|v)uM+dv@FV^US%-wDy3{8^^vUCH(c$j;y;s300>1+LBZ;BrnZ3KTdC1l zW3fOtU#fJJ4JqV){k7|H7ja?L_vQYa)%)2At8v?Rsuwk0lHtOvLA*?_9LErUV|W+| z-IA(6;|`wz8NIH4Hg0@3BP3Xhl1Qf$O|%OyT8i7IcUV3!s9a&X&5cHp9WgQj%D8&~ z>q?eX4Lo=IKCik%X3Q9l!I18{f#BAgDv>1>9uck~CdA6>fi%Ag4C1=^MS zYe2W$@aTTvh8}#5TrRz{Qi?40W0F>ccZesikvx<(B^GfeK@X`rZwEpgsoPP#Uc!_E;U@D# zKV^Rpb#4(|TKPEQGVY?{wTw-?y;*Bi-ZS|zwdF&8x|{8MbIasCDbka6c)J7gVi)*x zMAAbrNX;;}KLQ&Olii2FUptgpf4;%|(na|&8geQy;r?#g|51e3v^)9hQ2+P6i=ifz zBwV!#=*6$oTQp*Bc{{2s+pO&6P;M_zp-MKz@2}R z?;*4xBDr)n=#6$)VDVLVOAAj;gzzJe-^rR!PXM&pX2+9Z(I2=a=w5V@)MW7L8l5z* zT@^IM#E5Uz`t--fqbg9wgWCnDIzu~H+(^XN;Oo{=wN8srR)U$pzN#?!2zfxiMH@P3 zQ~24gd@5o(WvJK7M8`p&eKa7%hxv62r)PQEK$VJ)6BJ5I`e5vTizA0B*NG17mA#2p zD%4}xY{R6M%kI8!lv+mKbwl#m!XH|c`4+=O=wg%1;`)xIW|1U@xTvtL?O~bf(2<^1 zs9K;O2;qv@e3&Novd&;8O>}vX#9N{|m~fP1Ufam8w3!8fIt3EWx|50j4HxfQXQ#N@ z^t9a$FbCT_D0ie~Je0)`-upR#OViNdsH-@9c;$R9j3>T@(sK&}N=%_R%TEr%jcO=T zRYM^YaKUU4z_O)k`3N^o<7M_mMoTK5ybZWfhWe|jdrZSpP#8LsgA}4f zPX0xbecu*>;$ zzmS#*XOJC?b?v^n$u0Jco2~JOUZcjzlz*dT4X+5WX7|iE;I@x@`O9bxMyy*2jAW6Ywvg)M?fGw?!4kznVH(Z)cXv2a~t zBf+@dffcHDFYofumE$ZYxWpysI_h_{$DF ztN=dPuySOD{o*nf;xJtC>zhbK5&<5i?X%8nuEB>7+%p{}j4l*vq^0(NTK6IKsCRdg zHqNUb=WzsS9G+hZ28ly}rsi6m=z&vI6Jp5Ov1>2KxM&f-V!FF8WNK@r0BVOtdY~dk zIB!p+F3=3z+rL9p=>jKpUd9!G=29HC@~|mIhb1RRp-HC-ErSGLHeJXp$BmPA_BY?^sbusF zLF4@E*yxzVv6&<4aAq@zq`(c-CabSC>T^^q+#W5J3;Qj2YRQQE1*n_|uJy@6M`_FX z+NU@*YzLiALcqYvxZbHgg`jWP)oiZgey!f-JcP$~jASsh>bxZjx!`o}ZKWA#oZkua zGURw0qrh`G<%T(a%yCU93=SfRAZKpdFNhZq+e3u|Jg zu5??R@Z*=r<1?}&#V1~NPtmLU7H6@T4$8?Z%20RntG0j5I~yG%$rp-7j{B zN&tWO<#XH%vT+A+#SHxr7;B~AwVK$tB4DY2&5lcbd1?BLCi-L6+O$LxTLM);}Sj)L=Fj6-%1-rA7yCDK$jxBDFS< zTZrfh+iPr@g69u7okt56(iN#T@~1W3w!-zTfUB_PpZqQw1SJ|CkKGq6L$9$^W@a)K zQs>uxc&%2i^eGlxT#e-FyO4@^VgdpUvnOqZ6;&LJ7$V*P;tFvq+v;W~AJ2m`DwO|X zKrNuA6Bvi-L*Ck4&dah}y9BER5I^nURv4e+jj7}2pQV4m^oIgOy&9+6U=+S9-d`n# zK6=&1zTRGh5$P;GY^hYH;N5JHO@OceY1gM%P*(KWDSd%rIZ_vzVB^*ehN?sTLO{HJsji|!Ve_0j+5$Dg7CoBC_L)ghan3!+r z)&rb5`Ovv=rxA1?=R4!+?DDc;^cpaqGMCcSKkIAoq+?!@#&WG?&)w0g_oHWlb;~9GsfQdKK4aUC(pQwDk11x4}PuJ_kI7 z^eF`8q?abdAb|fvZG6EDi;XpPHEqS?w7}BR(weV-M?pc6_o=9?%!B)g=w>c^c`&8r z4eGx6@wva^$ehcV;hz)e4iOPo{d+3)k^@7Ys1mz*;gaM28aP7@ai#T|YEsbR8}~8D zFh=w5s#WTn0x0z|34K_$7XW$~I7<9*Yakwz?N7SuyIQ->if!7IP+nUU_WkzpE{dLW z7e?11#aaBo&{u=5OF_>1!o(XPLAuTYyP`T0>NVhGcBl}o zf7SSoa2d9I9!b*Q^%Z4dQW&2QL#L?M8}n~lEFX<`zY_7{IxY#gel;pK*j=JvwSC*< zPsk1lQ))jn+-aj69`|(WT&cAJFPhQ`Tqjo{S*wLH6pssJ|Iefd>h_KDQw_E6+v-cATqD`)R*{1*V&Uv;w;wn=HDxin)Lgdz`rPxP zZxAgKD4}oH-iE4k2!F`I%^4bAJ3^sSsmtf`Rp`wCra^3QN2#5n>vfC8ZIuu=yz`}U zaXL*9fG0TXv(edDOf5F~DlF(oCW!veoOz&(%gT!W{hMgP_y>%V(%i>y^zJYv z{#v&Is{TLV;h|iHy+0tA+mr_owZE&gjQ11`AlBG#=^GtbY#*wiZ+PB^lsEniS2kqI z>disK*>P}!V6ZwWze(`Qewre$-S7D6O zWVPXcT6<;31i-Jp^#m6;2h?s)1@pL3psSnXvRt%-T9ILIee$@8vd(u7HBs8MjE{5! z!{%OU^q$1~2dKZW)8jH_3mvak!U|;F@M0qgeGoYAU>!2+L`W&rvT!x}QB2)MdVBP2 zRvcsWSqEniNF;pucTOpZ=ym&n&lkyLdfpp9UheFlpUZT0b;a%veM+FOZ*PA;(ec45 zH5yJ)Pwz`DwZG?~X9@;tW!5kMF6?2rFPXC!SjwDXZ5{7|sAQp3D89jJw7&)D7yg9g zErhESjWl0LIdRgS#*pa{WIgCzs6VjM4zIi)^6?hblXLF;sHgjkd0Hbjh1Fp@L#(UUg#9$tfN- zo&U?Y4_FL1ZODI)&XC{GSTOI#RazjTr}F(VO%NYT{jfHiu9_89(3l7$XGbp4I{0R> zR)(JLKqzvjQwSxVfbE=d^1_3OR9WiNC$3ze0fwK6r;z?jg_ccw>v$F<3>foNMak#- zB&*B0@V;H)yIX{~o&t`Vq=(1*gBlj^_Z5m7_%^pxFN&Av+DjDVvFlj4zhbiUBN&NK z@ZIJ8U~0R4X@*a!a$*7ICC`Z`q{a$!TC7H81T82WEph+h7b`j_IcG@cNs`W@pRFZ) z{hjsA`cy@K%~u?2@QE;Vq2L5rW9I4<|5;X8BB$==gQ4nEnfwQMzSl$b_Vy}2c*l;a zkdARpTQu6axV%rXB3mq??z9sW*k_&8SaL!k4t9V?`@^WuP(QuCfl5}KX;fuMk@?ws z>uCFCe5RMwYJK2fTu^8RE#@k&c(CHbR|xM5T=ya*yL>RRGC2DGpaXaBs+{#F%i&hi z@k`cj1Ye)}sA=}}A{%{uB5^+5Hy4-mZpQnlX0u(;WuZ=eF9jwB-;TXIVqSs8@QCR^+cT@|2VsKvW( z73clTnF*7TJYsNpdb&-e;OE+QOCl>`+KBNve-mlt9iFAV=F&6k<-dQm(mM)&0!E4M zMNl1I?kX=sHT8F8jqP-|?^+i5_@`9A`Dx>Jh1i~voe4QY>b|uRkv`ZWYs=#JxV6&` zRz*&^+QkLrm`ny~%hNY@be6)D`x3^e2Kw~Iuv1JkO~acM4c2fl2ij7-`EgBH_I&Xm zJ(;%(r&mbT->So0JX;CPn>aOa?htMQyA#zf3g(iA5UmIfn(tOnMupQ1R37w?SYkhrEJ?7f0u-7sHQpN$>_E&m%dTf;1;tElIhhFdPN!`!eQ=Dnnuog@vYv&50QpPu-o#uNaNifevT^Be z0_KlS%A^B>sHMNq3r6d{a`+IFem%A`Iu&Qo?jm9RN!gM=EZcL~SYGS0r*T=EY5LVj z|Mex1^|4ZyB(A3qIg)LU^{f)W;_g?4JEA|5zz`2QQu~C(y0YjM zS&{V3_vO{vX{D|T-A)63ITQ}JA5evmurQHp^U_m4^4coI^T!512ITJCBk?xsVbaFl zjzJAP_oTZrriBpr`&?e%i@P(+Aw5~sM=cBWb$+**WK4A(&F|9=oaMa;t<$sf{PJE@ zbua*inCOL`d4+caF|Y!p%2kzwJDGTbj~{5hY{q zG4iN+pi3BH#nn}u#0-~IEb2dBFt5@8V~nf&BnSV1hs{K~8GsU9)-yMTcrcbK5&ND) zm&I(Be>rNZ=H@(r4FWz>vBgx1jScFTY-{4%dOcCtn5>rv_tIsTW|CJQu`hs3>+5+- z)t=U%=1UG^+so#3BJN91>tKo_&w^K>*)Djo<%_Kr29=RXnnxI7b(){QKGrOJe0lV zy;7opq$Rt6KV@&|?@gS`DQMDrY%oV4pfEFqLgwN1O}_=S4N4%po(IncjfDMbd1-fZ zd%&sKaMyWi-kAwmN3u$1hn1kH5?b{DX=rk}RJ|h;qMmo1lNPq)#Qo0>#ch1DZjUSm zt!o=k9Yy_EY)&sR$9U&)#61L?VZXR6S4dtlN)^=+ScLg2M2F3`qWW&nVw9drrvoPD zJAx2zHYk82@#R&j;nk-hEtk>~_jq}Gj{>pdTOMbJqxAFh-xQXq054e=m{$$d-bL%R z8uuHjvvuqkLy5kbCVh9KT5#cmu}=T{lrVGU1|6oHtmJUNCR;tt+H235Dun?F4kARf z^#A@ZfCEGmrml}m$ck0Mz#h`K*mUnu?iUW2a_ppO7&$ykY$sAKgdw@Co}%QNX@+6w z&z6Xci=;#G`@1Rs$>O-c+Me5qXAX%sOsA%@XeJD=NZXr? zjEowMg*{&9d{#r}FFMGaOwU7y*>V1rQa(d3x<0YL+ut_m^Ey%%>X-Eq$6Ey9Js_4` zs`s8qLM(rZeH_rsN+^IU9qI}Os0jQe6~edcEMhTQsHDam*PARe9qd?T{2#f`Ed~Bk zhYhjFqen*=rF>S_u3@5Y5P1#Jdp<{?3)8+M+_(hcZeU20DVM{*5Y-UmFUd*9|CbI$ zs}srq`!4^5_|FOObc|#J2u)k@+vdQaTKxE>yICygs3Pe!ELQHj+C%Eq;+Xezt0V5b zQ$6&CCAY5bTc9_=J~{sr6;n3Qh2FOdrnfTel|NFEg_Sv&aH*=NJ|DGA`AYP2OU{n= zCSu`ZWL7-5FZJxkkK4jX3;!TX(;D|Bii0rXM1fA z0cm7}gV}+g;Z{@~EAi}66fclHNqE(Y$zJ^JbvQ(j4fQP?J#tc5P4tyN*Dx`|ctgwH z{^8e|fDiTr4YjzJKuFWehgiHfYbXl)9cgHuXRa1ZbB4Uv&Am@c7)R0 z6nTz>enav*_Hwfcj_gA{WsvR^U*0PAu1@DcM@*Lpn_a#%u>sliFdqxiI80yyy^xUvExB;cyM4li|rG^k0HvQ`Cbg;xAMIMlB`@e>JiDP{&D!VNCHtHYo=o1GqXZdO#O9C>obZ~I>M%P|FP`Rw5 zS_SE{uzuMBY}$DM8My|qvUS9Z17C-?eZhPev_#mpayky2O+@#8{o!g;3VSv$$BNZk zk&vDRXZHZS*sll5I+aojgmc=}R0~x0&|>|DJ-8Mf2P=ol7&xde9P)op!ndu$velcB zmX*h6!7Q-vNCu1=-QI3N`*IZmLO=)z0U;m+o(TdPElgN=UH#i6^o`yH3*W~0`F}5= zQ=e}5a^mNxcX=l&vj6yHOIE_Mc1tvCiCFs0V|DgrGbf;DR5&sdqp)hldbm|@iO_&DYJFNZT4&6Q3lqn^i|unA(6skp zyxcAj?iIbU_}dTA_wsg}+p`OY&YXo=nezFfGO;ayG-MR2?ce^)-}aOp@4R&6lwc&F zVsHbvn0<@htwYeNbt~lFybQ+%eK6&t{%q?n8`*65F1J7?*I1!f(`I;e>@Nroy}|wV zM#PE3IGd=!(k2D@^V)MFLMFF#=1uc%%x8liq( zxN_nM&L?THc*7?6I~pUK&*-OTW*064D1ttB0Xao>?ag>2>HNvR(6>)t7#Z5)=jlK2 z7_*VZHW705s|;u!R1w3b%|hGmnb5_Y!j3(MSs}mVETxc$*Oz}x~%x6xL?S;PX4}SY4GPG zsgjE&^?m=>!V+8m7){2;PW1VZq2yp+iMC!$R@07d`;$CuP07@ ze{4OirqBKHef|}8ryb{03hVl)T^VuC1Od9p5P=?);m=f>Klev>Cxx3nP88ceC z=K|>xFH(=zq2$OeI1EiKDWF;~1vltU$FHUp)<=11^uIox$kRh{d16RDl>(@G^m=vNq?ZG{No#0Krp88O;p9eToR#{`Y1y80Y8|_mO(c6WL$dJ-q>dfhkb_o3vnCarmq*L zYw68#i%6Gnp1QWEL-xkTWN2=sA4{X&boNFrWkepNkl+9c4Qoto+qNPv7hBSrl%_db zPO0_ooBchpDG;v9h${Nkq|lm`^zFVij#LLYx+HqNVJ)grryjN8c5C=}s_hOQw@@vA ze%mavHwW2z1#tassBY~V^wOXo)U@k|wvvyVHJMr2Q~ORGsiM0r8CzDQHTxp;V=D5Q z5qpOGJnYD%lpVEb)0P@H2&J&juTV@TJE=*FqF#+E@ItmZg|%u=b^ZAs#x&{|z3Z60 zYo;(~Em>H*Q}dQBDWqmK8aHRVTKnkNTeHg)8!G2uO9mcw>C(+C8vjO5)y++{(1z5i zNgZ{(9r}GkS-Nz3uX9WCaI@n$BdSy-kmtJ=tv!6PNKf^*t+^+7em&Y2U)uTm9i(!2$=Y#K&vUWQ8hH>dNlJRl}J>9f9SAIes#MlG8+qiWR} z(#|t+M7nrt>1a=FdXH1&}^(C4qVQ2SwFZbYV~tjOC{=@)3&Og)dw+n13;DGgaUcv7?GO)1DfE_24f}bC8l9V+O0y?@ zPCdJIrH-9C(VIiY(V1xd_wADCT{yIv-g&Jrb?(@ay7zpEW-i=8g-!u;QfcDX!>Qj3 zeW){kx9ixcGrjfhH*`8Ov9PMV>~xwx<_qfHwF`Ca-h=+yvR6$zvu`U6>eGulcI-@V zzB`8gm@$Pu`s@q3seA#+PNH$252abFcIxZNOjMs|7d&%p)TwZK{jCpZ|J7S<=`-s; zPw!nzZ@to+I&|njUApz4;nP>C3CFhoMels{8AYe)3bX5U8MI{9kJO`E7tY_2diL&1 zV<%0e1l3hv9_?JekoxxOL7kZ6&~ZP}ie>X@7|St9`mbBO4v|5NXBIF2^^a5OW~N>) zTJqg!8vfm%RM28p(lz?xgF&=v=Pfss5qmb%TQBxe84me)I4RP>(JhN<$j6^kOq$*e zWlGFh8a8Agb?VrO`VD-W=FOT(Lxy}phokiJ&!NqWIR6(E%ijF*(&K2#x1Uq59^F+2 zJ$t`G3s>#Yf1fWL`SWq3sJKXY!UTT*yx#*0|2a3$Q$-J3`sCLY^m(_2WbYkH5vj^c zolS#U`cS#rJ!sQ{>11JGODpzVQ%5qQR{)tg`qH+OG3s;l*=^)&XG)=MzfhkS{_;P9 zxex8Rn5sT2AH%y3R;NdM<7jr#eOCr8&Bv|!m*x{;7bXSPfyJKoZryi)&%g^iWa z_wRNg8=pG7h>=4%Ik$^HdBkUtXwMu)F#kV$R{KHvA-ENH zFF!>}aS9ZQ777K56pFiRad&qq?gWVtx656U_s`qQC6^Gage1Ve_PCWN^S<5O?!1}# z#**zm`&6i-P752$Iv4R^b}s&G{f?tT|91{AVV0CLbm88!f=nZtc`>uXW!b+xX(*K& z+m|pST?t#d@1n4u@lPt7(76ILbSurSho~0@5<+h>S5nj)4OyO6EtMt2#WGsy6H0Pi z7;9P5juoxkMEJ2FCQ~-GZxd$aTa^XHWXvTsMa5#{G8P*`DSxYtnUsAuYL(E>g;mp; z3?^*hrc*3FQAL?iqFE3Bg3PH*APX1Z$TDth2y0f%niZ?wO!zT5vvdm6g*n@MJxnba zVVV%n6Yv+bgIWv9 zZ^b6v*r^*&nKJS|b1~Cr)!GkA|3RKPs11|Ym1MWWl*08sG=D5%;>b?i3{_w6G|bZl zqm9XZ8!@wj{_Nb{=fX94{rCd2GB#k1`^*=rsge>{Vxk%ce&Epj(VUx=Z9aFOex0LO zeFqa(ym}`V7O%cHlu1b}nNL;`Dk%SrJO9ZNV_&cuUgpfktpd9xun7Z4Hu5fKm(5D^d&$O!~Qc3UPs%iZjQmi(QT;S0=Dm=aw4_6y|=!HMS z-Fx?-kQ!2Ky)K@-ip)F=8Q$X}U%m~~>MG}%tCZ{}}1fTX?czlwvk(^wD5)dDs2m>=Ka;Z1s;;9SOr=H>E?F~Z% znwy>}idHF(L~`L*3U$=urVz1-Fs?3*YsSY_#}7&MWJE_2h4pI}ll#_VD9D9fZm7;D z8WH>qy7nI6nPu+Wxr{jIL@I@Zm`eBlvks>&TtQTvLf|3bSrmgG zh0_?iC}w4Vdw1{P-qR3R*;pYgIvNQizYg6qR_@O5@mAj}IuyUI&o4BU6qN#&zE!bh z{bB_8x+4B{h|tE~%MXv~n%tw0iMb_oLc$Oc9;?3I#Ma9BDblaEI<`RQPxB9FZ8f5l zGTsH9hyfR{BDb~DbbXRvtFNsd&C`H#ye7nx3tLhWY;CMzNFtH59CbnQcq)AggDC-P zLv@IWl$cw2dKRJZG%(6|OdI+W4nLJ+#~-frYYnuW?irhy0>Wn2O87FobDsK&vm(<0hLhd1Gbd5r;xj_uTSy*#s=hCAnb|% zhzN)XhzN)XhzNZB2xwU8zy6tuGZYc{IuXdKv3;Gh{DNo2b6WCPeg$chegO?p%6S0R zu3QeeUjjnlfUXUy1NS!y8PnB?L`W4$mXOluB5;war_QLR1Tk8i03QMgS-#V&X{YSa z9HiAGVKePZb2!sC*;v!+ys09kytRLxDn*977mlKGKmb?wkgQ0eIBN+_?alQn9U^$+ zvS=td-jJ0z0XF_Q8N>dZPw5be9E8|d!-;Uww@#^aS+kpqGCCL&f9a2f>km@of()rC z3LsMhYQQu!!Kk%vD z0RL;T1xtP(jrA6g6fT)8ZRy0s#58bNhNd{i{-D>Ncz2P*uYAZ1(# zqf+bq=~LmD@N_PEX?is$!I9I>?&&|_&}a;*wt@G6;zkW)kk}h!?aQR9)QJ7CffZv}onM}OCp9-YdUPK_DBEbK~dA{?k z&!W5(SC`(mxJ+UZ5fBmhauLWzmH2We^HoaD6+bFwhNQU}*rIdW>KMFW9-eGZMybFy z@N+XlWP}k+^^*{r$kXZBl9xa#S&@SUJE@?A66Kztqm#Tk{M_!wso@4?uyBQSizSTt?$ z51HMQAhq?y`t7UXWJK0wYQVi242{jRj7`u;jnQw$LbM$G3vORIi{Gh_@%=}jRr97~ zjpu$BQcPXE0ac4Sf!yP1VL=xjBa0v zUH~YcD_s*EvW`2uzA4umf@V38fm$j;sBi1E^DAcmf~{xoVc58d2q<8Uf6wp2xXFt$ zC=>_({PPcaj@%*a_#G#fuL%La5`L&(uRbl%X-HPT zrrC*e5fKm(*u8r<{QUg#)$cb~{+~U22509Fdv1zXQA9vQApapCD*yT5np{7*4ZBW< zpkwzgaJEvreQU&udHom((ZnKeMegQQ8aDkOCjWf^58_fWy>oj(o#z%=vcV!E{x#L` zLIFQ3Y(IGp*B?irgoinzo?XYa&@dRfs4usmdXjP(A4`@`N?~!~)DaxI`WkvR?tF+3 zE);+*C}eL_9C=5A^2jx>v`SnDdAA{wD=AVq7L?-9(-0WhdBD|3t!yPFDj+3GSLPyt zlv0MgxEqC+@eCe@sl@1h5RuUtZ2ug?I5O{k|9xL{X;Tp_F&ex7&<9bdq<59wTpp2| zJ6}xcJ8&E-dK)7;=rW}G6pE~{}G*A z`XeGfGi49wu=g$qlp)X&dU_o`}2tNNLVq}%+tM4t% z^_FOE3Jz6cgljbDhJM@wN~pU&{7j1oniOyE#Z2e%_b zVM$>IMA$171>I9JN)PxU#ZZsx(KQXGFoy!>Hh6gDD9+tWfPOj6V!(&=l6!Ud0@$NR zk7!Y8Y`(G_z$xDGZBGr9D!Q3YSC+xE@efcmxz2;Dpjh40tE_W zGP2||5k+xC1VjYhfqIGK7#l1UmFUb(| z2Q(AT+n88GqIis!HOf*Pe=Ku6fx$}t}!nPST|#lV;p z;(O=Ot#xbY8k=G2j9Kuu%dALADbAfC8l#4E$KNs?d_QU$8dPu<;^-5V8Lnfgynh-_ z-M<92+jhj<&ZKnvl}Ftgeh3MAfHRk)DGkV8R4!(x5rMuXDCyq-k!vQSHl-eML?q5% zx<>O!hDvbH25j6*!p6n~e-7$|`#bz``N$F6dG!iDRWjx$H!()Ut?lUAstqJ27MMM6 zF3J@x24me&bne&`<=mt=a*U@Wj3tGgyM2?aq{J%_jsZPe!_U(hH!tqPrQ1;$IIgwe z#%}FV64us6m_DEb?rbZEONVLP;7}B+o-8P}``6A!pOH&YrfNA#nfMf&wq8KMcLRh4 zovHz~VJ};VCUpH8)~SV*s9>C@1)V;Nc3^Om^1}FxC~-@Xb~q+nJ8bPB5G9f!ShFV=z1~iKfRYcXiT6? zN~FIvT0GE5OMjq=)Sn{F#j$+x(sW(tply@tC{7C{$4^{BOrjG0rRWbM9~LQbL9}Ys z3Y#`>#+A#L#RY(Tc#ZyxNL=v`pm3J0QdFx`7cMpyaPlmUdX#^hf=PeO zL8}_Rf)UouqYx=(DUjP(qC}ZW81vg7XkFJI&hBMV#lM(f5l*CbUe#;B-_KKko0H-t zQ|qcV>%iGY?c(iD7HjgKrd*tfFmWt|T7gwyZjffqO}j`|u4Ij-L(z%^$V^O7qjoJg zSzC}&l>qPRHBmk-Z@q+aY$nr7ZM7P8=)5^Ri&aFGVucVJAAzXY1Q?mwBCvG}G^k!4 zMm!)}s}w3;2Cf!>GCm3BHclA!>qIoHP!OIaDxi#)6ZDL1;P2~&__#PIRH>-exEpx@ z)PSc~F;ps7Mu^^aFX%-UWF=Y46JX-xMT#)3Y>r&!f0 zC|%GIIuwsCAs2sR$_txFO0um>QF2wEg8n@kQ+&FF#V*ciD?u3>jhL8dq8u=Wf6YKrkn6$L zj1mlL6$#~p<%(-Gk@zK2z`9@QKunoD7JeRNsW-4dqlOJAr$7>3$HmaXg&qo(E{`@H zo1u`i4LrO{qei*HbUhSAuBU*hl@p3ptcg+{c4W~{fJ?z*q$rnB$NlR_QME}Uc-WaE zGVC?gSHYn`A+&1K7G;YT6k_u2+&y4J%6&A+V`yfEnssOq!@@*MTJ@rdp{Y6aQdJ;_ z1^AY#gXy#WLj7`NNuZiVikE{a@j*lq$AOt+Q4AsSK2Hy4RIO19_U6VYU9AbpZjD4` zw6F-~>}HRebYIz;8xcuh5{lQUgVH`OFmv`naW7{m6cH#~vOKESXn+b{ZiF|-oX^!B zb=tQ=ok}HPK!gZMi3xBcGQ;W>N(uLbE_Wv&j)*cftHaOT7PgeT*2lw^a_K6eC$~n2 zL8H*EX$`n~c+nz62|@Nu6U_%ZW^@f=>ApWfd3MD(&3te{azF$_Lqm)hF#?q3AyQ}8@j%cIg8U25fBj&5%^{hc<|r>TDEM7>({S~ z*8ea3s&n3x3Kc3~-THNKb`oQ5zwpZ`iZ3GYSrAYt6vR!Gg4oztf%NsW43f_~<-e6i zl%2_d!umKdD&H52h=7QI8iC9vR1p;s0TBTa0TF?(3IPuf543ID7I*L7B@dOvuWD}J z+GO~PY}amG;b5=k0m=9CC))y7LbN$VxV_=c)Uf$}CSRq17Y=Ws)WLV?`sky2<8~-t z#4*?Asfv%ng^O3<>{FV&8cjdjxTzF6`S{Tjm=Ia8Z5A)I>;{dCc!hJ9&cdfOg%Mh+ zxt6l4m*0-@zq5V&_Tk{cgV?xnqoDNjMSySBC^M8?^qgZa=tvea8Syf>!oj>egP zx20!vkx*c(si7&P#DDTZg|gkGr0RVUZsPGoNIQP~c>MnR@50o$vd=BtojZ4irKKfI zh-c|rO$C}tTv{BTB+8O>^ypE+8)EC$t@!P?->_xN7OY*n79~oQ_@G-ttRy1vwILuX z|6kh`73U)&AR-_lkOcv532N4?nef6RTK}_v^9Ahkc-69H%c4%*IzsxdTo*Yt0poiA zfUBtmP{1Pw22!5%^FxY+lzpI5lh#-`>F4wY=QoW*`If)p;I*Jk%756a=LnCEgVewX zZf-7WqS5qLDR>nWgy@7M=u2fVHZ_HrsR^YSmC~Yu3eiLiD>pKRjAY{_MMc>=h@8{N z#1wiuYH5>`;wVS?DIR3u_z<0w5_DlBXrsQ=7lr`q*F-UQEro(pMO4dg~J zx3VN9H6vS2=*u94$HYS>Hzq8c1rpL^l>!NIkqDu5qrsGkCOjsVyf1WMN*(}Y?0lm{ zguO&qL>%~hHDg-@!hImTp)sO0w#!Br+Ho=pj1dHNqn!p>JpoX9sSRXRe z1RI;0!Gwr-x1Bi#BYSm7LuyJgqNAedeu*JcTNRNBTc-7qAu6{VYnLcW`x_b_1wFd& zjOf0zvb0FQr?l(k=5`d#p-r1Mf~&tVWnLOGWQbtVHYNGQqDDZo@WFB7pEGC9V8DO@ zICt(G>JTw7UjV34qlO5Vh`_gp04Mwti->@TfQW#Iz}Jlcxk0kYlP5E|T+T^e#m^Un z0lnO_<;$0o;XEZzZqn@w#t8SzpKJEB-YxuDiKag?7m1O&{m{k)eK;?cp;2sP3;==oxu3jO;tv- znWK6zGZPbLm4-##R{hwEC?&ghd>M1GwPyM{5~gQh#BA*BSkapOS#;Kmk&?g`PZ`P_ zP1SgrnHaMYRU5I>_d^&28>z3 z64L;h&E~v#*d<~!jh<6_xgSxt^BtcIx*9TkB_e;#Z#A!-=J3h?;M&-Nl3w}_87%3 z-@L=tPy3aT&7AfBZMD#D-k{FH{n}^L6n6H)Wp;eeCRWUp78M4L6VAW7dx$|-&L*r) zTTGy%M;G*Fasxef{%Is*DRHc8pc|7odb5Q)j%)3S(7N<;M7f&5xy=qrvMsi=aa^rTkbN7DsIxh1H!h>_0 zg+3|<_GE{SpJ6AD>}Ll~T@qxxwr4^5??;)y*6d19B>S^Z8#*Rs6Xq^scWz%}!+JEN zeKWT0$}7^L6Iknt1)0>j1Y5V~FgtbpFq<)|E8PP|Y}SrjLZ83)Xd$$pIBx~DzsiPw z&)b``f3B$S`?=lud9cF1mD#|tli1>UzcX7I*!N>*vt&gqJG^r{YgerVGcqZ`)@E?Bco8Z1d*L>`AD4QA%i#2mk#2_um2*$hRm^U?w#4g>I5`pCoX5PVEo4sb}pO9nsn^QLUQ;yA0Kj$b#7Ue{r%6$ z|0vnVHcMek#`R%8^q=rS*1C`FU9A7*AfU1SQ~bE_;`1dazu&ry-0Ht##fn^CEEMi) zMI>uqwK&st_G7nR#?qlw*0o-7QvUmW(6ftM{!8iWuxhQlv*RaDvSXyE9N4#wb*bS` zil08)e&wk!%$D)pnM`WHu7xVn|CriTD8OoV9VYDe?i9%M3pHZVnrBc-IIHgs)?&bT z;ry$+hZ*#Z*>CGErnf(~urD(60D=e0K;o>!y6*yWcAnnP?< zxBARLUV%N2QG>X&S8HZrTA77q*7?)xU)edA=^C1`UDvn;Jaf6WdjZp-#gHL?EMp4p zu0YE|t!o!$R+W3CS4<4L$ZRDBZ2YQoj45BRD$Za{hfGU9|NPc|TCg!mQ~p(~WuOnU zuGTaCe8RKy%tk^BIxEiz$NuWtggi3>*y9LcK*kh7tcnX*mtWQ1AH351?oFAsRZSL| zR)rsnd3c_A(4xecIS2Ue8zuDiK9a+j&Do<~gvhM?$CC2z%!;)hns1(+j~+b|yelYU z2HUY?#~bqz4}2H`adC0X-=BVmXhCVvpg|wjNUS9y@RcBt?_&O=qoc8X`*w=4d(9Un z=ul3&c@2{Z3{NV#}o(P?0OrI&l5jq%2 zv1rpwEPv{Wp+kRse;2t@Ly0Z(=Of0<7hT#^PaiSr;VtYxeE@?9+ngwOuAIl=a}h*@ zloP#W^r4Ci$Ie~H;od-*aqzQlrQq_hbvVH)Qe>o9zGVb7vH$DVt%Df*pa1U!O{{-l zU|=4^`ZKJZHx8?hUB~35$KYWuLqbA4l2cN_+3({iZKN^9f$P49{a)WdhLc-YqT$}n z^qQTF_?S4P5L5m46X&32aTnnt#Jx^MvPuuX_UQ^^8JXadmDqRY5nLP;!g)R7Jdh9% zKx#7WO6j9ig7~~Xyb$S^Dp4O-cW*)Gpeta+0r33tIV2`1h+{wjiK`8Y7I(vf@!#X> zg*~WW#UCwOcS4Z@w!#=mN%UJy?;|Q2_iZJGQrB(Wx(#<92T??W6!&+Z26W`m$r3-# z+gm#ngsW~czOPdXdt0?d`5Lv*u|*TunHV5Gg2qXbU}VouFx1yUsxlFWF9o4+p(Mdo zM}j0upO{KK2g$~RK`2u|5lpfD zx^$hXp1EO$w48`dC;~ooVUrn>pPo){A0PPyVJs1f5Y7#tE;>5;Fp{hLNL3^W^Cwmb z&1q!Ji4MK>l`0v>cW=h2D-Y;ClprkV2Fb5OOFtR?q<07z{0jJB_qr)4{rD8>)vkv+ z&0C>*i9%YVX4KA&t(h}tA~rS_EnBuk!-frWW5};^46aAanKK6g0RdRDWQmXkfD({Rze0_5!P0V`-{lp4|O9Wud zZ!Rcbt`tmVz`n(QVCd{w*wnH)`Zufc?%tKJF>3T5P@0y-kwc47wvZ#e04Nblgg$=t=b{Ppm!>A$@vZ+C4}lIzqoXX(UwI=RVK2l!%@TAWh8~Tt1JCVz0S{ z0B8Q^W7&l2Y@9-VPxMn*l;Wkt(!E3q4sZ}M2{8{^yv4S zlz;ke(X%I9%4$6qiKH(Zd%#=A&ieZ*D2c>quSW!d6dnfma+T4uYCSmHkd`R7!s0!9 z5U^k_PM*Gsi6e$!_S{W4asCi|96ltSUNWW)`X0mPZ-!gZl5n*!!2O4hi3l$Rr}XE07|n96lziU=SYKWeMS!UU}e3lIN*H058@%lp1* zbwr5nQ7g4FQnI-!|M4X|rI>mV7DLh$c%f5?K+veGrw2)D3QVmFp=Zw`s8E^|e}UDX zx5*eiGpQaQL(`tfBxz;G%tqbbpSMph?Bf=F(%WTh?E7mx8vi&B)~+6KcX38s@Lgdp zSs4@g0ta7d8vFN3IF((D)2B~k;q=j%HfJ7PtCRT7-#w$#T-*u|4;L8xDQ-O%NBug7 zDpjf!8Z>A?i*{SFZQC}G2f)`kQE^rx0$C8q7s~(2l`AoN^k_VJ@`QeWC8$}mCd!p7 zC#-4~DpV+4WQxlH#ajs$D{^-d77A9aT7_SK{S^ZT4kYH<{H@&hRj3QU3hC2<&+uO` zZ}nz8d6}`YopCnvR#H?5o)Nok$+jI)tz^NplZGJjob-yxe8y>$tzj$WsfG!1cL?NSt~+ZyG(Tygfu4s6=G z53gerVdLnH&fUAfH_h@QbVUDzKe~#gD>mRxq6%@3Phc#ixv_OCg#UGFL$40}KZa)y zu3^>5>$rUH5#eBjcHR1*Tv7E4M11&DEMBw>*Y7@sj?4)DRhpnv+wAjI>(C2mQus40 zm^KM7o&+ILC4q0*O6bw04Ovhm2)T6`i`Q?#OJagfBzdeHJN$_U=82pjTlqw(v&Z{{Mrswc65i_Q-Z@{AWKXW|bJL zO>z7}45a=URu>JP;`g_QfN1^yGOjtd`t#>t-dO!PMmlKLb0|vJC+2hsS(@qBH8mw3 zi)a0TP^mlmcIX6OXDh@L+j|@_@S9s()9+$7zcHk=8(Uh#)5DGWbi>TQ7UFWns_5Ob zJ5KG}OwT7N49rL^)m35K++`?Y@n#>yJ;QZFQhL&^9c^TC@JdrErNq*&DG?C~5Snql zlIrW|C!u7$W>`G2pQcKtZwp5+3?4HRT%|g)WH@T|`U8*1>YT3p)4Pc@U4TqY={GzA zhfnT8@#a6_?8ZMKr!n{c)dx+7Eft=jS!&Z01wXogAx^5 z;O6aTd8YjH6m}jS9>Q-!7E#6Bk3@j$8$EjT5S0Jbt5=K4|3~5{R{wGl$aCd??AWmw zGiHo{VEy{_F>>TclrLXCTNg)SHAT^)MTNR|?%ctYDO0d)*)sh6^UpYW@+1~5S_C^g zyD#Qyyn1+@QUj@AtmT^bHsOhRPrZnrlKlgUTU7dWZ;E;APs6`z9hf5&3+K(j=A*Z< zcf}N#8z`~%kBL})?M!uA=KmsgJ;V)vfCctrVI^(9YmaQ}XiKM6fL@%JfRdQFK$kJb&qXd$Rz zL3iA{@h>hth{2J6=0Xx5j2NIHt_Tn-Y{yi5Df;Zu}0Zre4o-6;cFYja2 zufL(3ev)*qcf5B$8ZP>0y)c>ZRV=JaaUDpm2~MMy-M|{Y4&G|2rCW7ztDF3aDAk z2`i=y!}@LeaP;VQc#v{`Z2Jlfow*fqxfFVozu1kG`+pzKL!6Tr=JcwA7iV_kJF==J z85Tg*3Po}2+9h0!ibYxSI1r1707pQy{^$SufLr~$cI}#n&ooL8*)+ogOoQ01gX?hK zpeja=`bjvnYD8c3o4XEsuHHd;cl83LrY_g`NQb0Q0lsvsF7{rPFlWL@)a^AMgQhOW z@-g4T+us+-$xA4-Y#c`QYy#cnIGjIw2?a~mMeVBIur-h)>DDnUUcLcEY-BjFYYWal z2I{A+_w$!{U1c2hFJA)VU{72;z7H$bZU-|WRzMO!VqydDQuf%mdO7Np^g<~wJ3M=I z2RH8|;fDd8Ayd4&%h+g6pn>T zqkw~%dP4kP9r8M(>lOaw4lZB3h}Ui8R!@DYr~XD-91Y<<+MT$oEkUVq65x^quRU8bbaf{Nuz zWJ-%zqIPvCe_xFueTQPy&<=>Wc?z?(?}St79|W&ME;3hkxgzErbnAS7Oq_YN+R59FZ>`Jz8 z4G|F$ftZ*Wh^Z34zH2PbC>sRmhcnO0FTec4A05n$((6o{mO%vbF#_%1zn{6dxCs4J zs8Hd{VeO=JKHoR=W>Qm6cA5x>-d7S|-e3i6<*e3^3$m^H>f&Z*NmzCqwS);|_rxZ@ za7;JC#ggs4z)6Y}tXpwUX6F*Xb{;s-qT=G&qf@JyHKk#iw^Pj)o0=NOI(WOYfI7qJ zIZ12&0?mCY8{M)nD;!WuAb8rda2$i4E&J!(bG00*Sk}E_0p?eushR*PA&3=pvtjiH zEKZm6#f7!Zme`^f?ma6UyRv>BBU=P>DOHtiJ#dB*_W>K;v=FoK@n`pA)nr6>_pN3o zdJ?vHPX>E4Z!E}_9K~9AIkMo)!LZV z?5rk@N>&j|v`RzD#Mt?D(`bCK)yHqKq!*W&wXrU1^V0(L^`Q32$tt0r=tt+6qlJu3 z+HjTyU*5|s4JE96>;5cWASqI^0d-xNwO>{CBu%IrJC-mxF@CQ;d|eQ3#-Nr=X63^E z-ngHIMMbl?S2vlRjTvh;YK?Gy%go_)-A&n!vk!#*l;lL#E6|>msNJ0I0A-CC^_e-P@w2cnV^TUdedQ6MUC{OY ztV~gNBC(S(6C*?B>ROmt(zC1m& zc@+NSA}d|QjTsr4QrbH^He;9iw^-;n?Vq&^rZ9WCjG38RFmqE^R=H9Db98fOS6{q| z%cbqpnVprHFjsR*Z)j-Z!X_@>CiIl5c+DmaXv3`Zq-rcEZJ@rjBb&4CRN6?%Z1%X` zl-ACWWHDz28}?%{S_F5zQff*P`)lGrW^blP@|ZKZzKoR&XwDAbOM7lpou&OcFlUE) z>{Xn4j%l5zf2FG8*`K3-VD_eZ%-FI?WGZvBmN7XIC&~>?Sc66lnJ2xw&80MfyoBDr z%39Q`n5n&Up%U!WBXwql1wXWAZeC4USlUA@B`%27DQ?O7{x&yV=97OT0k=FQ9PVZYk(c-q9ul`Av; zn|th7TI$cQcDCZgLSa*B`Vu6k(}VQxJUY|%sl#J4p?KVh^#}UVFMuAf^W#^@+=_lixhZC4%&b-xVT+WFO$K%Ou1)MA_5%=UK zuF(p8Y(g^hWx9CE$%3?sAQ#0#3igyNa*`Q=6;X=5`)MMMepbUC*G zS%ji!#hCmwAtwS6uTJ~`06+jqL_t&}L&7svh_looPgAmH_cGkjXH&)Ut%9os(L)WB08G(3P2H?oeWk z-&P&LU?MJ)8JknqKPd)HS&7d5Cn7vHf#UKFU}A0wEAndM#kp8596NmpFN0r``@S4@ zbhu@CS0t(UnhpK@n%H9A{-YR9Ay6{85p3=3p-;cXkrdiyYOc1@dXu~Mf%CQT^kpzv zp>+x(lGB%yN0qCi`gusFE!|2Bux4;ywK#?!~oC`2xWo~LrqA^>QyMyOM>>tI}}*Msn=MOcTFe?$EYcQg}v z!O^GJ7c%XokCB>^!Q4yh{prWm8(H@=ALWj5g>Bp*C6~FC^Vh(lTTQ&YaT-fDo`ZEj z4;t&k3twh1;69E*VUW>7_1>ius9mFm;NF))nGli~#dT&&m_)=+ZykyuNx_#Pcp+Cm zt%^Fd&2RY8eY+8n5}EpFKPfIAHl=HEqTy@{xfW!21d<{y%rR{>d(Yx;e942>H zIS~W$zG4U@J({rPr&E5@X_X%~GXV_0SUd}*H|4N?cD7FL;$rS0h$7{Ho7+Qr(@ z6>nP#H#D_GLHYt|65#z5DWmLUoSXEuP z1u95~bV+xElys+bH*8WslpQu)`+0)%k=pg z;fTR$(7_DpY~UMg{CvjF(?s=d9K{!K{qTodo&0za842h<*)L)5tQw16zGR`9pzzrUvv-kv?29aXK4$>o zEzLm?iK&^D$Ngc!=UiU9BZ-NL>3`qo{5TKkFjIwCu>6f^&KLY1uaTyrBc_S5^xGCE zMfY=Q`iE93IbnMOK5i8^~O^*kPRL+npT*d@#OdYVs)^kub`cb%p0x+f73M?oKE0vn<3o^y$3 zlU<~q9_lg9&d$)2A(DsSmnO8vnM~nL7( zeSM|)2kWwx(s)FB&8643wqP>KS!v~h-w`Xfc{mIBJmCun;;tvfo^=R@N8Bz$`{5RyeuI zlUa1F#qU6yD#NTlKc#4$`m^DSVoxff`n2`<66U>B3fM2St4n*dKG4fxK)< z$tGuC28;jW z7^3%KH>!!Yre0xe!Y3=iiJ2@(7<@hzzTyW!VE1GY zfWZ%L^Tq{LD-rp1@Yvfz8v?X;(l!$W!?Uz5>6D{UU-g23mcDFtebK_tI4YHuct|)7 z(n&)lfiL0}nSG6jSavrzo7@9&3nucA#E|w!v@ks8h_D&!9FsnF>=Lu6A?v8l*#@N4 zy3)Y>j@vv(zaq7KigwZ#q!(ho+%(qPM>#+L_;VQZAVR(^={MH+PiX~-~Z(`6qN@*`}A z>3i{D6-iT~`V~^MJWpe4(M6EBu1f}|S(~mI_YvGv&di|)HfEGts`(3^DhQwtKZ^du zUF{kvLFaqE(~?@%)r%0Lr?AP8n3B4lcxr(=L%n-vuj*NAt*KMAZE(&np)VW~RCkc8 zn=)B6^$mN&DhnH@FJci_!YF}Vo1+b_>Upl$74-|{T1&lKtjL3)J#?>{yoo@S^v@;@ zD$PAaH@DAR9`Am_NQRNTcR31b{5h}=YDHOewG2+x819;>L1GaILGRayu@E8J{-YQi zg)4>~|4hcl+?y2vA{ahF_q$OjQNs@umesQPUNg24a_RSI6Cx==#sPhDa$>nqO>I_v zgty2(hkGkT3w_T$3vvAOu=$v%Y^hE^?0I@}R!`;^b*lE2{9g^@YaQbmGg%gYkgSaY zCku;W$n`EgSAkL{OZ3;Rt9dU`V}NlI(DiVs(I$I)d&yJcPrENX6&X!sgu@9e;>Gny zDvR9|XV=%_ZMx3un>I?az{-vj*?719g!8Dw$utJ_byiJXc^>0>U` zi*XTXt(}QzD>gSlIOcLVGMTiX(sL$FEGTm?a<1B-Ok0e>Pi%@56@gmue=H8GCAA&z z*i-ARk>$c5OuL7YNA6N|`n`DR9#7w`;=q1!>HNPmQS;nYhDmf`qJOqfRvL2ss`yNH zafT{llwwj#77asfb@B1t$rkP^$u&a~4M_kK?gxikCf(n`)r=S^q-`({i8taR3#tNx z#17%mVjZ|atso@g=%Mv>gZDVY@!v^e6uG`$5fjl#8VcBx%Am?CGi5RGIeim_@w080 zkafB?{;W{t*BhJ1n2_rf_;9y5rc(s^qt@A9sI9{@coi*Cf?t0^{lRNX8T;BrI-g-? z-N;;lDn4@UGc~0W3Sx||PG_#RyL!bI8kXP}MJmO#(#e@wBG|A5zXnu$xS}mOm2xKU zUpZ1kIlbap=ojouyzW^lN$-l(s;IWMa-zE{f}==(X=L$EWI%=ODB^Td6Jg!MPH*zUG952Tkip=F0pvH zC5#+Mq1xRHs!SwNNCc8wTiF}+96*@%5-&0s;5GrA3Pu*}L^G}fE)5g|ftreEd zN-I5+zx8A&*go!G$r%C+RoWGV@&K$lvpEoz3p8DIN8zr%=qDB|)>&_M`n{d6u|PYR zEqnaL9v;a-*=dV+EdS=|$ge3^*>lh%t=XFZs+_cwEWSz3Ug@9sHT-T^EkBEltC-%ia#yK51m+R`;p)zk%Q&VLmR-l|+ z)9HSUdAtwk?`r=5qg!j~_g(@ZmUKO3mA`mmWZ5Oz3}*nc(9$KEWfv7$Ic5~lyx-q6 zi09jL;JxX>F~dcsE98cOAx?>xdj`)f=>Zo1KY$ zAL>})7<-OFpB*%ztGHhmEKSOnaeVn24AgY^!%|VINhn5Ly}UFY@`DLB_mgUowWgcq z@WG;+tNJMw%Gv(WecCA>wZ#Oj z+C-g3Cwy9y72HTlsATiNN2l6G+3&jlj@4S_eoUvfZ$$#e0UqjQNx#xawCjM)enVo| zx%^X73jd~cl!*kn0>HQ`IuuJ?hlaeA_B$b%)^0nKaY(@FGr$S(VKA2c2P>!JpCn*C zk%xt8Z=V3JC}RtYr2YGzOiAeR5T7qOH$slPZrGK6o2{@+?|p}{z4+|Ox0)q&cD;87ZES82SQWZzj4j!T=S?XoH$G44Jsif z%_JQ=(VyMicV3;yloC3AnOtgK`zZeDl(Qy`L5*z?2y_had&oB;=X@3}q;=mLC(j-MPT#K6oC)|p zI~2qW?cw2J2@ovKmK%fvjOY0s_~1IMKbxWUfvsO=eii8#U(o73-*5B-b`5MG1gMM- z2@S<4C%tuBn@hkece7)Cli@C%yJpGAMB0*$BczbIIKbuo<%iX2p)K-*?PqgMN5#w0 zC5whp9I2dOdEq2OTDi>qfx3qYp@P31JB?WpNVIptwxpSd{@wQxsMkXD;O_HU+vDTg z$ZTF#ClQF{&FW3r-`f^kpyZ=OM}5lcvK|=Wk@O)3_ER@kp}Qqg#ei_CryuFqqGnBnw<4v|L(^BYiSkTC)}Jq{T1t)?w=q*B zLanwy$oKW}qIhKq&g@cgZ|BGTcYAl1sL9r?Ee^Y+=sJ!n=u>z^#!F7KUR#Q_mlL>m4DI_8Sd-lK$o97IT z)!(5%A*14$q%U2db@e zi*tEzMV}ps+$0%NZx&ZmzbSxHy+?1Cepvsp23yy!a%;|dEF4>xr;xcNf@=>gcoT#M z&;uq~B%7>&F`Cs@E-j@Q5yu2dh%;7T9$a`|+5Ap84OH zql>p9ytajCUm(=#vM6m)e+-toI;PA}z8YN0q3gt}NUW8J`Z5jyfl@qGQiC=RuDQP( zO{%}t>9bXfVdS|I70bu%`ZSh)4XI&YpjDI<4s=ej^6(fQ%-z$y*qcn&G1E~FWWanA`M+mvNt{e8 z0sM}&!J!l&kPgRX76UkUW8!ArU;H_&XPMSvgA2okhu@^nCEXsZ%veskBdDwTr{|NA zvtZ0D-t=E|y!fV{Kb9(?JSIkpx3puS$7G?Ao^~tu2CcbU^5g|FdVk!8{5~Y6udx_W~N9VWC`IUCIBFXpuSc-(>2QS;%LS=RHi( zT@ksKlQ||rDl0#%v)gU^thRgmJCvw=t*bx-A?zT(Z9QXxGVPCWr<@@@jcXa)4Gazl z4MhaVF;Xct!N=~GeS|*GcZGm{hwc%Mdfuf+b*B?CWOlI}q5J=9Bvk08@+YlgRms5- zucLW3`4m1_wLYoDQ3&!9UUu?NX6;`{=jZ3++??L7OG-SCr^Ri_O%G5( zKk%;*+r0GE5c{t759R3VPd67s>t2Pn0~}Pj$i+Ow`EVAo3bHtRlSZ(9+-4`~1r!O` zRz$l5jX0ew^R8dE52tNsu=4CC+z zH(yWqshF>0m!0Z7&@|LulIo`TYPMujMjs9fgNxJH&BNAC2Fv(0O4M;w(YzTH1tKQ^ zfP2^y$Y2bmV?6J@n)y_1gB^?Sm#c~Ra^}>{u|7R?B7g$9$@-neV>&jDzt+SA-E2MV zF!pTYot!Zlw|oWo^XYq{4$^R!YX+k~!-9J+n{V87>8d{eA)R;Mc#k=Rpjo8Ndv!QR zYV*;d$izR;+Wv7u4uJ3P?wm)dYd`d5Vg5qNb-+gR%=R|;#sDt-N0*Wy*tfU}IVb`@ z0=k}kxy23Lai^>o>q6iIXPsD$V%vCiy>K5SKb-Pwk%{5Ptrdq#i!*m?qZ>k$dHdEd z2zKlwt*?|9`TWeC2PHyYrCE&Q>Tn9?L5E-F@Z{wFIr;MTivX%x)Lf3EEoX&>A-)m@ zR#4wm;pTjYYfRd&x0Fb%Rx_SF?-Ll~b@2b$eQN<2Yl)^OqJ231t(6hr$}EtPq|NoN zp&c*AAtZaMp|Vm$M5HrV6Yuapm2D9v-F9bkU;9k$5 zqqbY?IzZOIX3~q$b)5;xx_gA&E}sL0*kV9WAxusOz)O-N9Yq3yc~F@!Ru(}*zJF9} zuT(eT+&Su_FSbozLam;JJT39b-|K|&FoK*;9w|TH?EetGy>jMZXR4ts{J6qt5!p`P)06(a*iM{6Xzp#25s!#;|AserEJypf<7AVr+S7 zye_RDS&DyYLK1ay#ed@7-EJw?+EfyT8AwkQD^AE?6z2q--yT^d3%K%bfP!5(KuYpp*#nThibonju#uh;M+)PkTyy};D zeQPwcVrogc7l0a0lYKf*P_)p<+nWCEY-8UPrfsXdE9W8;QN~_cVvQ1gy!XYCQNZG5 zj2S?qlN?A;e=(u2EGuLyzSQ$~;a$u$;`1pCjSBEIVi499aACC<=$Zh~Llt$zUb=Hr%x{ZpE)cu+5oLp_}Z zis@mIgxpA{=gT7>SwE=(FksrEz-?MXg}IQp-&K9(r&m!?@!w8iJOP}G0W{&KvmoD7 z{?1K4ey2TOi?Iy9xF-c#WV?3eUzYMO-V7OS5qW8HvT3}PI43LDDqVBOZzXmZ>^19n z965^R6-(Y07tL4G(nOHJ*=`~Lh9=reS@2qCGrib$YWt5no4e0Xj}-5qY*yxLy-BZ} zrl09RtA1Kl?DNhWNDo}}0R+f%JtGCgLALH;=7cYPaWTy+56+%vRQ>p#tZ5R&!g!T; znaY1g(5!FLy~OX~o6bgt0zu|Re!@Ftk`1T7jF$W{8u4<%uK{XJ4Rg{D=A0f}#s1EO zS|(S6Cm%*PPQgdNNd&?<`ut33G4>9>PtTL81VuGKYO|iC+dSZ~D#El|zF~cxB$Lg? z^Z93gc)f>Sei%!EI8Hr`g&M=ZBcd}48v6Al3_d6N+v1ED?@=x>SF9$jeY9<5$|WnP zwdY<6skNH=4r{E4xwpRV2b8Y+>veEla}J)3`w@EEY^7dg#-Tt`c|%tJQ{_MnECh8^ zpZ;&Nb59r!QVc3B?v zL&2bR7)7sZdmuj69d7ta?CG?xI={5kQDL=`uB6cYmr=|9(Hv&~g{|?H{r#*WeTb5J zv^-oUlU5i5Vm}G>`5b6!T`bIFW8_eohSAu>Janp1@jOD&4Tk_N{SH9_R$3*`5AlkM z9swCKAnb5BOk$XfEP#so8<+39{XI+!@-daP&)%D2Qo*hMKLT;OL4sYO$%WB*{p0W< zEtdc}dhS^}|H~7+kEMzM4*(`euyqos-2A=0NJ|L z=NzAwf;7%c>ZT7Srcz{l-<-~P31`z?zY0pwHA?hLmpKm{BfPp}qH#ss7E=7paT_n*5SDYC;| zpr4q~k!&9>Op8vy@foGw=5H8KsY3qYgE9i@+IKa8Flk@a-htn67clAP>%aZ%)c-w2 zcrFC6RXz118+r6RRg>3rZCo#P4!(bv7!eLXm+i9oN4xzLg$7cwLMu0P?P%aI0;uF_8)gg2xzHqqhA&9v%5q}s$5nkV8UFA#QMZbq`^ zA4Y$QWA<-x0z-v=u$P7vWd!@47usY>#I zKE}ODhbj2BG6X<3EpD21<0~>&bWpaME)ZTceAgXDuvz7HPyrx+Al5)qqu|W@g2xGs z!hqEm!hE%Y0Ei2Qxl)L}{jSx0W1wMftF^?=KwS?Sr`1a}1LUbOXg{-I`&;!U^V&ed zCs~Et%xAsY2e3;>AJo77igN=|gY9 z16r-`q7b&4FUCx{?sp-_>F`F_l6V7<{Wh&hgzO+}gmf~Q(8(5cD~6nqZ8Z!P5lPsD z&)Fd%NMRI{KsUE!9%Eb5xHVZ|w3r9`YAfnb{n!?&PJ;tNK^I$>ozdU6+(Yf|mn)Vu zsuw^<#TnpYGtPP<(TQcE3EjOhgH^?9E3%qBp2&qa^w_87w4OylWXI3gaZuD%5gCzY z)MWR!&%pfpBeASUMI3I0ade~*gE_De@~MfHe4FtA+KM10#O*U~yGL7x{%k7sA>jz! zgOr_}Lw~!5BOCZW)9qw5>O-xCCq6BxH!E9-l7rFqhO8pL1&(vOWl%A=%GA4bp&1cX zUp}D;4vT(nTK?A1H}$rEx)*<_;gpP?8J=Xe3D*NFu7w8jbnn|*FX@t6`vkwSd)$$m z5f>`u*)-fCZG`Wm-9f;nqE&fWQRn9IoAJ(VMb`=R;E{nMWDG68_JR;?^0xs5dOGVt z%VOT-OgMdv(-yR@n(6RZaV6oxD*6I5eaj2%wtS|LK?;J~?O#{X^Oijse%rR^o2B7A zw&#`2UYKN&J_=FmoRO{q?}5UOzn46Zvds_aVdMfWEJeOct)B1c9EJ3$Xz!j@h_ znyvUlf~K2n(!1l%d5es$Rp~#t`v7Ame;UzOd&|wJdGCi`In#xO`DD6q+j6p>SXDFF znTQRHOl|xwrC$Q7A_J=5`sYR_n59u_A>glj5`%!C_zo0{ zRvQmBA^uq zSK^kT&r(S=OS*03k~Yw7b8t*XGf`Ik8m@_{qs<_mCLI7nkjRZk&FxC1F;qL=={k`H z70G95YPVyaqcanJgs4zj-%3nS}BL{&zA>#8B*z=zsf%mW`aLbxe0Oca@bTEz8 z<+J0~>Zw;7xfkJ5rbpH}hgLIt!Zc}{D$p307RDKAfJCxCODag%xOOj!VfnXSFqIRr z=Rt7ptb1y6jbScl9A-S7-^$&Y&t)$#sJ#GxvJQ1o(n(Zr!SLI{%0S0cVQquug~&82 zifC_cI>uxp&W&M9;74LYoPA`A4^T9AV3^tKHOTQ#B|f)% zKQb&4s`%1~(^lU=0HFo=O2|I<+j!ea7^AYWj8L#N^ik8LQz8*#c1fBCW>)7P#ZCtX zvMe%R5K8w8oCZ2{Jb$NO5>TWDemP#r%@yh`@Bdrr(u2D!D<2qITf4Nhlp|gulJBL* zn{wvf1Jk$~Im}A=#%Q?|7U5u=;HT@6baU-W1Gzc>ldzuyq&Es!F<954e&xKAMqLAFT{sMa|yL#ig^{xM0vlIDH~0?@Gna0L2LS}dt3jqaBP)p95^Sva47 zSZfzh?S(A~G6<919$d|Ip;Ok1RcQmf-mb2d>=60bm=t;oan$7b16z?src}faen{e- z!;`XzYe0z3mYR;c=~C6m=HdDAprm3W5YLb<4sj0Y?RWle7zQ#Z%KPrT_hHwwf){hN za$qN?+KnhBmFG|QtQBn{R#9Ir%4{5| z4u~leeibmgE z0s#b-NCz2E_yQYt$LoHv<$%^Y2Uxh{XwGpo3fSCl7Kwcg;fih3{*5l5rX!^@j#1xm)?x*Q(h4kVHGRGuwDPZV(WO6{!bOQQK2rBGJDY3BG`S8p2 z&={*b#KJ7HFkM$h$0d$Hj6(*+qWOeU@Td+U?8Vp$lJ2XjaQYrfHD4a zJG1nInM#MpH3Kkm&?j3(h8C4&ak(v9iLN(RaIt?HzAg1X#;m**W*G*4aZMvK3r^h< zbliy$ErsMobbMUrf|*95dy{HNwoh%p^E)LgnPrPa1Z=&Ruc|gtD7$s3r1zS1(&4>5 zKUaBDuv%!_sRlF1m7~;Hj3tUnosMg@(WKgC&2w*MbcP}V@=rM(QTZq?3FJdi+s57W z7HCD(W*aQiZ^8ujvl|EpBxp3vq+mp)BgVr*wb4W1(MZ%2XQxJRbmm4zIyyMV2Z@aV zPSq@-sT+SFOu(SP#nJ=ws^)I~XXn|}e~<|3N~HKGi)&yfs;Ab@u>3&`Q8S zFYUrXru0vx*HKPj0BjmWBp9Br^B?5X`7{v!DDXR|2>3Oucpw`zI~AXVxIM{tX2D$5 zA7%PP)8k{^KLQ@!Kvues@;c|E4Az_YL?)eBJd6j?Z3pjv=far`(A&OHZ{hHJWyKTk ze@Dod#UX9AR9H0?-o3eUEwsyV$h#^DJy14W&#R@Te6}8D(%E0w}FCwj8kNsKmU| zU-!^gpv`#T2XXSpZ>gAQM%M>3mUHFAbc%S#@B3f(_!)CN`~nQ*Cd`%0!wQsQt{KI1 z)|6jfUczSRsHyYWol+hL|Lxfa7|RQ%@lH{=su!(f(G?5n!2@9+8gz5rq2!|<35co# z$zUP(}&lIE6uf`hSI97MW-5BmkG;;Srgrr0E!2c6{rw?iI$I%iNAKlogdKgZu4N zmq$gY@5A`4=6ZGhbGhzwPfri>Rd(%l6VX5U(2OA?E87iE>Xp^IHXL8BUCV)dJX{BO z%`bwwe@Wm-D!LH&sMj(dHq1h{p5NnHj7-%`k1cvJ~9vpmh!$43Hz z`-6f0K8BWR>~baky7BPr)V)A98XCCT?aa?P?5T{+fTlRWUBU4^=p7h1oT=_@e@S)q zANzOvn-RCRw&?h4qI19(Tc6C?lS-d!w=(PFw}ET#`+~S9c|Qkk7?#TUD5tzo`@0O- zvQ8KVVW_?b$o!k9+6`JFeiwOGze`LkEF9$Mnm9)&5zZm`;r3=)PT0rC>p74;5O&=T zR7v+LaJUk4-x`c*4TWB$UW?>j@r{gB@DoziNfj8M`w0FulS%o6*XaBd`0r|ef77>| zv-bjixi54m6Aykj{Bapg@JczRI<4zz$UiIeRozbAO+aAU-{{+dA z437`heIR6azc8a#3@d2S)F9%I3Vl7y_lhw%+1$(UuRj1Tt~$)1#Y+`b)c)Vw4pq_U z^!%jRkPrmG0}b<5XIvWHd;tt9BRlBY?k|7Rc!y611Cj9<*t+QkNxz*-#}$;`5kBGC zy_FXsSKdhkFUF-L>gej~cF)XcoHqFRqs7`5W^Wy~^)N*PXO=LM8>!uX6BlaSOZ#pG6!Ogqr}8>q#JV7Vu|;qN)O{qrCI+b+QpK zuem!Q3cmr=0?6J53khM{%6q*9>P8dnd6q3`l#3DLn=U#WcNLuuXHkjyU3zUho(o*v zmKtoOfwYEb%+p*2sKWLBbv{ruS&?tY>J*n?|)xLC|(B|b&an2E?kgYkZ5HrjBpgoQeK(u6CV3BQSGL2)Gy*%At z4qE{7l&r)}SvlGv59gBx*F+-t`SEsOp~m7G_r8Nlv%bFm?COdMvoEvs8GAYEm;JEK37c^zqX#xl`#V-7br146NAO|JGPBwZ|unM^l)*!_NqW&KV7 z9UF>pTR60Q&= zel9q?rKoB2S&btiex9Jt&9leWQd+9p=vPtITTHgH7T4p|sNXsFIlwJfyL)^do}-r5 zYA8Su{I{Ei5bLbNS{xE%2~F%UF5PBC|9)!9D;0;dU=95I7%9ivqO=33%ih zh8nz+y#s)KAvz0Qto~$fGI&05s+amTyPgYcd#aG>p;HsAaN+d_(8$g-B4ICDAn!n6 zfi{8AZWss>&e|SwzB$k{H`l7!;eFJ3=%9cj?q!s*g z)D$=$BD8)0&KJGh)9ukhZv6gKVbn#sNsS#~tY&SX8*PKeZo5ZEQO5)>BQo+2l=Q6< z@Sp44PGcFwNs*&|vEMYE;om(5V1@knAtff}&mJm*)RB;YV@a5swMI5wriPbCr@1YG z>$Z4f3+O2x=L7W=?Uj)@TAgQp*OQ2|*>(34!QmR=<&XblQYqrNY=vtG>EeVjp(3>?_zj;06uuz&Wa!~t*VbPc}enmWNfIZWO5Y3gz1c|5H5N>&tY}N3y-!%!5Y|F0jF$$Gf|85I~NOj^kY7w9?Yj=HUzg%9A*E-^D*+j^pq9ddmR!_MqAZ|4Th}R>C`EgxbTySzKmJtCt7KZuZX-Q?`BX96OX}gUOeL;$e z>Hm(HFAL}(A%m^uqj}GL|3bL}yE z3Py(D>r{aP^?sRg%coiJ#d9W?bz+wnIoVs)dMcg8 z^3`y!x>Ap6nyCMr3;DGbgmG1`i)T>H=SX1C{aY6Yhw6)_h800KtJJ-0?_UcCkToV9 zXkgxeeN6v?y_`S;6@*4w&Y^6x{T}Bw5mB8Ky8i*60k-bq_BObo!8LRPAgGr!sFyI- zMJl>zYi+I7XHL#fEF1Q;#Uo+^o4#5`@u*NUw;c@4!qGF}-Vlth*Q`IKL-l~zR~9sS z*55CKNty94fW<}M@m2!@K^hl4c^yBWDhqE!nE95xBXjZz69Em4)pr2|x?lB^n-R3xGwmw4`bCX%?^kuV?De%RP<8nDAbh6Q4gI?GOfZ&Q zb3lvqIDm6EJZXMH3k;%*u-A8?Br7bb$r6d_&1znE)zDk&8B>v%Pf7cq-WzBAH+LP# z&_HI{%Y(O~_WRdO%>VgcYdv;AS)v81n^9nCMe0vqnK=LFg|?Scp>l=ana<{WJ;qkbw`QMG}dl- zj)2mgV7^!^e%5X^qBn_iY*3pqxacaU>eufr5Ps<%{a&kz$aiy!`}_G!nyO&;^rPyp zF#V8!r&V|*Z~F{M)gXc=6HrrOk|L}^5FBfn zWy1e4Kj>i84a(JQ7@iD$2`92&LGx;&QdeBMi(PWT^Hg2()u)s(*mLV zqAtlRNixP0CJ(MJetx7CJ)W#W9;+sluEYV63U5nSuF$?Lt~4Y+mRs6bL321_HTmzg zOJe^@4oZ@85m!C4d}^{&UEz|G2G?3mW40?My1VzKYbWFPba$ildmL)nmz{IHzD#ET zmeDq(i=Z0jzgMFR@_l~~20TL9CVZW3=i=&z2f|NUfk9>bn~$gM-GZ#wxo$$L zZQ!Sr-HG|B9hL`9{pA{5#+!7h9DToI2d&4b$mWpT0SbFs4tPVK>j|pHM5fGuLoJrI zyOi+3-@m(422FXa5)hK!zu37}cjgaHeXu|CjS3E@;OFPSiK#BNj!d<4td^4cLcwC# z1m)pVZYY3kd>H!Pg_j4+`>xLVajk#bvC)keX}_DuIPz!DP}fs=8a5HH9Xhuyb=TzZ z`#&}-4%cFD=!n+iF50!^LG~;f~V&PUKnPmyU+TVov(|tS?hH&i#s<)|<0G z-=JPrRFr;>{&45cLw`Ie%r?iews$U*H<%vf{q#P|URfc9(e8SZ*X$>M)@M}i{I9ZC zsQMwH0eYycjr_Z_9rn*iW=Sd?8LaY1^l>Ull=cT#ux8ybE;sLr3>vaalRTB!F-W8x+m(j$vTEX>ywNau&y9y}TuyvLtt`I(^}Z%D7!#$!~Cd^6?X~h_5ptt_#VT|lExE8MW}W+{p+ptp}(4N3VnmU5yW^o_PMgU zPTIHC)~C8`$w9xWzrJX5KV-@QHpKPWXkJ$GWoO2b$7KU$vO02YlQcxi&&S;Wb77yS z(w5X@GtOvtBSH<{bbFJ^qLj07Ir=(^@j7x{j}bi^)$4S2tZO?Q&uCNqt)|o`_R33Y zi2>T~9=$}wD=Ar%+E(!Hw)RvEz9Xu%xrizU2mEx!W}pW%MdjI{(OuI{wL+^q@oxFx zBW9*=1XETJ*nsn0o`s(D@Son|++cfp1~{OF$Ii}K+$aF9GG_DD`2hqaI*b|2=YRU< z)$2i#T|0~E5o53ygVUzootM3i(FC)Z4Wip0&N2tEPj;NipHG@HODHE5p2%IHRR~eb z8#B0MM$Hywl4qO{F#Pt13!AT9K5F}k8_u`#r+acm(#^dY5sN4EoTD9Ufp=kJ27@@T zt~kY^xE&)5n+s8U}%1Na=lknEMAjyN~Nm{I%TGp zY9k+Ch?Vt^uo6#A1ZjSYbGsJJ?tUV%awZH_Qtb516zWOyva|@jjYySsXqwO6f2ZW! z+!{mQ3t?<*ltr|nG<>>UgL5c zSQ1e8;bYSAutk&Ml;MVyYJsZTZO~X?M`3QIlO2vBNqKkgykzV7dDMk&J^n&X%GvRa zzf2RO%R@~74$ZS+28%;{E7Q3X#BP1@#VRJvyJ7rqPt_>$_so{EtwW~P)-MRs@bKre z10D2Q6~qhFBsS`5GLmX{4{nH9YFHEB#`P$88Ku1-v)abC*7>!j=HD0>_``QsGC|6X zPcE0g4bLszqPt6_P?gAcWh7)u3^#hWm&B+*SZ{URkR2U4cn#Io_x7mLybr=wqpXFn zRQvA*bHqnPpiI@)PuA(v(uw-MFL1h$;|g#o^UPUMNui!l6Mg;LJEXU7GRNu|Sn;#1 z(k1?O;ICwIYGY`_ZrLC6m=vZ0p(W7Gl1yV`6S5W_t-B4=*T1cORX>Nqet)wT!Vt1? zxxZHU+cyns?Qm#89R@`#CSg?Mbz?o!+)v}+fzZ9ktA5m;MyL4AkZPIeX!|+nLrpEN zVyv9y?z#WTh977LkprH)>RkKeZYPR_?ueL35|x#8eaDPdUY@A8kznL|Z%Lj~urr=b zdAbD3Gt-t?=t5j3)~srIcuTNXfx!1%SK{-zQ2$Z~>y_1x$w1lPnV>6@l}yfZNtms2 z&f&2^AlHwNfK`MGWBEw^|2gVpT+ABs$sa^jW*L57oNjDT_&}arW6}*|7&++Jyb+Ry z!4TZ;26wG0(=neaFhtaTeK=ATSu+9hb`Fc{z${#a_z=0IvWwzJZGI^X8_%-FJWK-? zn6w3mzqV4W>@A5VC%cDYseHP4)Tr8-qVJYx*v~AzlS>0!_TImV40inr6J<~m9T0`l zIAUjyaNnjnH}Jh7_34%HDl)QZDjhpcRHVCFT3Za&ADc(fg~v5(LXq1jzH$g zV=*^-V^bh;rj_V&u4!2Ia}{A=h&GFWF-?ZIcTD%oaAXda_Nma4+-w!rrPfz$Zd<8P zF1Z~9X{-?Pid}{jE!K3LxJT*1(C<4YkL{)#y+czQic+E(tL;J(!wG@K`RImc1XsLfTwJ1t2nV#@osuec55$ z(A^iDl?xIV;)gIE@cu6zJa<)j?}G43dk2gG6V*VOa7=@MW+C|Z1VpxhKpoin3$Q!%XR^*vCsKoPaqxd zXUEev-+*u|)jy}Ar{z&O-@*$JY?iU7@F2RsI^t?kZGJr2_Qm#Tx4N;l#||KFN|_w5 z7M`Dpqps7-#ZB~RuX>aSi_?q5~h`y9n6Im8|20@jZzfc z*(t)quRTP)tg01n-N>bB&uG9BO$p=hn~Ck)5MSw&$@?#!^AwDX$o-o2cOp_g;Ozz4 zaT)<4F2cJmI<>{)Ptav=qlXshh!bb)&n|AH<34v)eq?=UHr?HboMnFBGcbZx?$GqK zwl4n0k&%kpI{b{n}LZb zv>s`+n7JH#76yW2{ssxfMSBS;YOegZM@D=)JrCJrQnK zz8*=FooyFyrk}?MTXj2Or=q-wZpCAN!lb{1+P&vzuy%41+D<9Gx&DDxKlYqtkH!6Q zCa9x?Qa*xNMVLp1#k9hwq6_@y4W;WV7JybS7X>dL>W_B{=e=trXXWdD&8Y9Y$EI|w zC}?T1K5AZ{E!{jPUu-DjkC@+DDAJl3b+lV*jKTjge8In&79oh*fGh9IBU@KwDo>fu zTIy6O+TM-yZAKlZ>6L3PGaFeY?jH<^lc$XPPy`0mmL4)6&UIJP!jnnQcD#>cB4wmB z%PS=JI+MFI*;(3qk%7^zvn9XGw{3SC@Ga(g&-pIkXE5?h8L}^rp7h?M&$N)@ zE99>cQsk)X>jy}n{V!~_T59_USOK+6nChHEC*(c9;b?Yn?UJ4dxol9h_``Ex|Hsc) zgkktT2EIt}z6jjVX>IkwN`>Ej^!iH}hw|Ia1LmEs^x9ws>uDK7(&vBqJ*WU6-WHJa z2YfL^o6vs?iaa}ATQjl~da&)p9#b-iSjU>ozeo z6)GBraI@z$1*)&aZB|eU@gjd~e%E)zZK!O5U}j<7O}B&uW`2ZbelaYjGqm3wqu`<@ zMx5X&|@Ys3i>FJcZ9aTRh6n>*XH% z>*FEq_h7E>yUB>4$BQPXwr*NUDC?K@Bt4%)-$~47uBx%Cyg#`qm^U z2%64J{_W;h$ETNT3(Kl={smFW-i%0z#dN3rfy^-6>|-NZdm;g69IL`v%9&bRDYU%+ z;!OE|pf)JrVV!=k@}ty90hFY!%_KGS4@RwA(;6uRG~2+Ca>4VbPSc1jhwSnZRn3|QVepneC5fd&U}MZ zd&MWsi9#iEX8N~?#VJLf-q%KaGcrqsgr&x$RD9i)nWb5v(dGxk-IPB-Zxy0@>-K+? z`5ik(bPN|w_}C?}Q$kNkd8?z|A^xxk#HnQ@W|NP4h$HV$Pt(KZk zr2hE$n|YLs_S1H0^@(sJ->)xbgyebl9Qcp5jkj4+?^W;OUww7Jx)%4PfS{2G-~)Xo z38IaEqL)&P-%rM=SMRx;EE6O!cY|NfBG-2I1D4Sp*&7rM1mPS<>zlVoKkJl3MCu{1|-{oU6 zB~YnZRiPmdqHbv^|2nZPct33D1CYca)7xC+)YAr&&{879d)-WVT-_bx9j)AxCNe!> z9&#UbmYc#)EDJY`{W^-wYztqn7?r5`csx;L?46vaADfgHn^M8?OH$50{`og%(NYl? zoXfXt7#?+=WIf9H0TRu3FP20`KQ133oy9#Z6J#40cb;=%EiTNJCL@ZRVM>94R)W*l z^uwk1rej8~e}TrsOz-)|4bN8EhSru;%O4dhp0W%TDV4Y7tXj-hNl5mIoE|?1zi}yy zQwii@d;eh;>rqIGBXJ*^m(Ur_+FNr^$>)v1dc(<)OFh&G9~~8x#xvOFdJ!XP6!&qD z5Q9d?oH0(I0QV!pRki3WwYy5n`cRTNMeae#r(Z`|52!zdz6+(l-<@ly6@AOPEg&hnU?h)I2RMVxspW zYKHe$%2J=z002FUntPZUaITD?%|$xNhQT}OR0N{jnB1ne0NR*UrSrK6R+Cm`n}(00 zg%U~s0=KL*CSp6M&(VO3SC#_>6!4hm$I0P?<5_EN_0018-epij*L9&VJ_z$Er$3nwUQK z2lzy_cG>@l^}mo+JdWS6*>h6+3qIEu?7;_+#$;VDPZQGuHq9g^ef5;x(V4w=^NffA zXw-ZRR@&Oi8lI6+4yN7*1=QLA8({d1Z3~{nt}!Hdhb70T&6n4sBV`BnS-ym2#J&3r z<0vq#tKyq`-SKY zIczq6OdP#T7L9t1ZMojms zY&V^ZtO6h=ZY&OBEI|kQ)+YTK2d@D(D%rqAzm=Y9RSZ1RsH4B07gp zamhPppqCQC{wqpK(ZemoM_Y+(Ku-Xrfnxp7mFL_T957Tsb3<@djc^X@k)*o+)pi^Q zL@}caq1ZaIqv15h#y!!2FpCq#?cpsGh*O0HeWX|Kt>>oiH|e9LkEB$lS@FgPy2#vr zj{72e^$AY0y{jCTknZ>`A%PHI@!f;hNdhr_6sYQ#xKm*r2qh(DIK57L(%`{ro2M%$ zknt+yssX@791cI(@1A!vl4fULJ>Fb9bS0QV)~8s(-?cc3&G=HuA8#a4zAmC%XMnK| zcN7^Zq7$bqh9Lh>VP_fE^>AE~dZMk{nw}`G2~+%TZ2@Z7j?47_ zUcBTH12X}CeWgz4v$Lh|j(XnYuG+)U+{zxE`O3Kuc4@}QuQc|6!BenWmzp4=qSrxQ zE#q<6c1HHcnNQLoE3(mUFq8^1e5P|;Hej={O#^X99_iy;tj={nS6DKo9dbU{_mT<@FB zY|z57A55lB$pen|cNXl8G}Z+saRH`3ALD@LS1^wE$j!3Ej*{=6_rg zHVD-HtdA_6W$}{Jv8wNx6`GIAEf;dlEq=WC{f%9^6zDn1@|9zGlRQ2oCG65yJYlx0 z+D9`yYZ4V*u>n@70z=wkSjBZN%cJWH~2i{Eko(i_u z-!>3(m>TP(O7_om^o2anQC=O~vfJH=N2APRIOoq7M}B*lBDaSSyfytynmb}_y(+ua z3{88B_r2Ihd8ri|=JqF$tSLMeKA9FYzE_j^BWfIceN=m{Y@)wKQ`g)KopFiuWW5V5 zOa5J^+-FJMlfMUR1A9WUT0u)E^S?TW`bkwAtGbst&;&z#yWiWBdu%@Lgb>=x&3Wr9wGM`-1=8qc>XF8CohL;>Wx=) zJwpnmaXI$rjhH}>VRFmF4vq|T6ddi#zYn`MGFulMvXzbrK*Ovbf)*3)Q*Bz}G%2G` z0z$DJANw-+aBBAe*HUh46!vgACK@*h-l|BC*yVQt^D&m~i2_fGN!=$Y{asyc(zdux zaw*7y33YxkCVZYP5Bt?N>AluU1`V_Cs- znft9xjk1{GyHb*vM@ASwn?Lq+=}uM+G{fAP$k7{$Mxp@ z-Il-er6j+$+hX^O!3Pd*c@7S9Jv|xo_Je$7V;agWcBNke{SSqU`(8@U_mZt|H3yzG zO&%YJuFHCXcJCDkx01{cX!p?4&l2SCBFPMoQAvwJy1YdfxG#D;;!c&sLQV(y+Mpiq zEMMD2_OlN5y6FZCZN{d*$qzBURcyIka;a1JyX$RvXYYJvPtjMV4CjS1qCENtE>X68 zp(yj9zUCVN-P!k+zT&}c+08=5&>RBd8K_I&KU@`Xo*|Q8R7iT=~mBt8#AhVOUUcy*0Y3B9$ML_ z_uRK|C~v=@W|8*8%M?9j=cLQeahdG88{j_T&n~#Z9)`58B27tGo>mPBIgn&-v|pJ}PaHGoeP_YdF{i^-MxNHT-1` z0=bosdeoABBh(xeJd@z;d8Eh`EXe!5|s;e zu>@OBt%-{vAubD!9C^8)HNb)rf@r-?c6oOh@JZG6aknkbs>%W&VEh0ek`A%u-mFiK z=zO6t;5u1IQWohh1r}Gn!!=7AuMT})M3)j807Kve6(iXJKb>2%q2s%mx;h$^MDg+L z;CIJZ0+1D!zksNeos%=*)!n0wcSU!6xEq=)f7bi!S>*AFoMhz$t1=wC8;jbe5#WS5 zIwwSfrmE``+20U5LuOq)Uq2vcP?lDM``gtH1OVj0q5y-skb0fAnigNDWqV%QTLI5e zsi!qsIvUjK0R}}TG3JGTMP$Ir1KhOJ*)%358JRf`FPp(TMMVi)ZH>P5$JrYzbs9I< z%}tAo@9-`Uj-(Ve7P0{9llW3|xmBGsgkNgLyxEb#ZxJh5O(G(7c11yje(fM;12N)T zqpOW2@d)cXoNzGs=&egR43C8NubJx+?L=YRte_!^*&G%YdW8R_uv!8{YJWDQq1}b3 zrd?VayuT_c4P6}=NbizC!?^vFb8`YjJ=4X%!HPu+rWA{W3X!jJv~ZY+4#LCWEx2!h+Zg zP%>m1OYk5+(oA;NM!Z}yHR}U2^L{W4mn7Db>*UgD^`YQM_v~9OhyP zAq8h7JLSm^^&ds1hY>2Nsw(Oz!NGUm-Jqr}Vl5DeA$sJE6F^tE-t;CHmJiGjTAlG0 z*?Wk?=#18PmexEo&E<=u3I}wb<1O=yFRBeLkCTf5Pyz$Np54^rKu=VdeGa*A@X>#K zB0p+uMEdG?zz@_?a+Z4&% z<#Wj|v(+~wP#p?84d>FCVTbo-9p9TlNs_ci%-L|O9A;k*Y|d*lK=T`M1qUm9tvNA5 z6%6^Tfno4~n3fq9>FY0*tjP;G%FzH}Rh-e{p!r1lX>u+GS7M}kzby>-BahF@%5v3G z2v@{#-86Ope>sprq8UAGYKTr+U9$I^z^`+ET8<4)!EP{ubz6)Y#HGg`s3{a+Kd& z1y0UYK1j4t*xMgtehODzetp9N0Cr}H5KoVkj0#HE0o0xhr8*b?mMw;KU%xE z|CNIU)Q6m}wt*4bU2?;80idhbu+syhVPM30flp?TFqk7wGErFdriA#-umVO&2l#5Z z+4c47aP4DN=3=Q_qDL|~D%8_Ig})B;yjywXcz%oIAS6bn8VsFx_0?#(Y1uQIn6dvr zFyxA+_~--zVzEU5P%WFNXx*%e&M#Jj3tp^(LJluH3s1=?CMTSXlum#pRY09ei0*y3 zZJ24feGj-5tT1mNPJR|f?KV*n)8Ic`$xAjB_lfN}AZ7kL-N4TixMU0!mlis&CJxBx z)icMzuf154@MNz%6g4Q9=*}mmhxaug?(w6F+l?%ft~L_lL}NgyXDiWyf`arS_Mlt0 zZhhi%V4(qat@s=@Uh}d7md%u~%VQ=%n+{Tg5wg_2HFUbJY-DmW1#0q;AeNjt0Ro{` zyldp>Xz)GS?rSXX4xrQ4b?$}@{C>icC5VIn2<0!{e|BBXogf6!#}4!=&6&;UgpD6} z&IJpC0kc7tm&BfCxFaY?4sa)3lJg;jA&p-1ZF={FbaQGXpt z)piwCPH#%))zVJ!mWOD!))M_jHJOGs1FKh-V1K{d0dTo?-n7u5+eVPj#K%PQsy%39 zuxnnhfHw0~RF}FRY0go@J42Q;ez#VYgwn>M#IG-_`oeca$BdH@VcGTh_U9d%WPe zf?WP#Yw?rOk^vA$<dotWQ=QVh*zqTnVDB>D#RS9H>Q;qR|QuV-P`cz(~a*a584np(fH!# zI<=IvA+9aGAuVI0(gUTU2nu2xsyBa=1gXy`cu>ca&Y2g2P`}MpJU=^o%i7wSkepnl zJ@`o8N0~IEZ!W@EJ5}x+2mwtxo@fjOq;leUflEY{6ZMYA>!SoKReHwpVJwW|uF-(6 zOkNFG0k_hCtK}>?RkICF#l^gkbX6~gJ+Q?I=9Z8A+=m2w4&t@L1qJjP0Qt9Ase$S# zxAKcwE}pW1_&?AblT%Ym1|y$w0gf0$3C!$Ae1pyH7?34EUZRUu((3@C3-6B@B&Jo5 z4pKclJUjr3s2XRT-gw|*4S;(KYilO1BF~Sv^rP4_Te@&*508$N;hA7oJz^7Q9HTf) zS6{P6s9ohJBM-|A&8?f42n2~|m__dX`4daSZ(LIyUL5Wkh^6&DgeYb8a%<`{;BZV) zUOwVW(*^(hurJ1{A2|UfGx^in8|r+;gel+v&Ov$sY>d?PlDk|EY*fsqmoYv8BmN!C za+B&K1k|S;pLynYz4d&G(>89S3{#wyyPEdJIWQ>v;r7hLd!f;lP2EV;*7kNegB6P) zP-RH2&IDLTeBA@gd9rduMz~_CBlLP$@wNd~R8&AZwN`}OUMd-fPc!94$(M!g#k#~{ z1aMbmH--{p$8=HlIkFuR%wQKm!~=?oijvnaAhXj4W_VzA4EVk3t-rGU>ksRB5Y`}U zJUqoIt`4&Gf(TQN@~NMOTA%^Jhl>l3#U=mHa;J>r^@R$M(4jn#F&TM>8`tl@564+K zulCx6#l^*mmUVWZkT4s8)ax^G41+QWKy1~MCvnfOy2Zyv(4hxVY2nq@?SL@T^;~Vg z^S{hIa>G>f=FHHG>uPofIKbVB>U`@EbpHnWbUE2C8l4adhX!0H3=}yc63Dw3Ta7^G zb$TpsBRVS3Tbt;GlPJ!sQ~B$b&y9Gpx+8m%cm33-dyxQY&+`jCBzsQEz`$@KZaKa& zbOW_Z!fJv+ZF6omQ-xDKr(jW-t+Y_n9*q86Dl}d1flC0lq+u7?xyLRvrv#SM-9mc_ z*)OFpF49FDQ#3@C-4$^vzO(eRR_x;qJra}Too?tyQ`7sw3k7jAU&pyjRCHWLQF9F> zbcG-6fXKt#6uR~9Q#X%kxyB*)C~}GDlYq_|`xu^fT^sTg7)lQCO9#jgpwBZunqLB% zYN;-?%;+*PQ2a;EIB^o_2o~LT3KKfjte2#3VSzM@b9rB;GY%F#J)$@e!Ett8UA?1t zl1riswrKmG=7X?3!J0;gaKHFbK|o$e=hBygn*bZ9zS zTG|tV%u3WrVj}-lI z(ykqu=ROOaf_Ev7zD)RqE4K*Pxw?}YrsBB`^_YG>vbl9H5X+0gD=EAQ+ykA|V!Kb& z`pjKn6kBLva{sZE?kD4;;a^hvTz0UyCNH;dovrI`!o+-DQjY@m z9-=Dl$B`@Uz9jW3tBN$jCAM}*Tj|Z7iubdlhjBlWHO^&IQUpo~v=VI{+@mejc}E=C z6dD(!Bc>bdyc~_+vtDUJE-?hR+$}TWYr~|^!cs<+RwBO-4r(Z!zoWzo|ek3y$vpaAg--o!+3n zll;aF{>mc&iH&Wg6UYYYWkX(m0T7xm4<>g+y=$ca{3yjNnE#02u@<2#IwC2c0@md_ z;sp?qZa+U-yHZP}obyH?)P8}~nn{-0tto%lEMEv{es45j_^|M2mg(14H;{#ew+#TP zx@8sUyu7>t2W-_-q2=6fgBWmJnb2V|-!RqtXgzYAKXdWLIzTmEkodZPNb&Rnk*wzw zmr%vm_SMxv%5f3t*=AvFnYqr%iVn_S5*u;#(umBXn|ib8xR=&;VG-auO6GKkP4*B_ z#Gg#qNypWa5P>V678p~t(L3F1JtB zsLRH!%2lPcgwy&yf_EIE>3DtU(Mvo^^@NH}hh`V`XKd!O(rPLQf{|5GED~w68rz=o z<}f}S9j@$C*B=_q$VL@;vioKy_pHz7U-dnE65VNDb$YqBn<_Ae|6q2N7#D*o{e6dN z4b=ghYn$&(0Y$xdF%0NjF)LvPhO@Ae9FH_NEGS_OpgAGF)|~9bMBK;=-DJL%5X#IH zW=g7gpZk#M5JbLnpFBX)V7uV-XcTez_n@~H@m<8hVfFp^LT%RlCr@|8&0@FC`}b=n z58)a`@cF49uPv6-vkw+r?V{gOi<#!;F07Hs*%=y3Bx(r=+ikcXx-JX3VH9KX^FTXJ zNa|<)o7V9;<$s}p)wdnsXvMq|4G__Q?}0w$&OSA<6^KG>ch^;6jFKWWEB}~6QC<#C z4qe~dTtHz7$6gN03EgtL4|8)Q49T}QFbK|vdwF@0GT);H zG&A@v+1J+pi51%;K~A4i^psT@In)nH1zfnGqY_{S^1*w~1L~2pmDq!KsnJo?uWh-w z$xQc!)M8*F*r5Q_YcsE8#`4cj-$rbl@2;*Iy$6qP=+5BOjl-}QuSxZv_p!xD+{U~p zc}(zJOn9Tq@LYeDQ3RL_j$;My;*(%@&=62!QGU`+yOaiR^sDQgKOmiO!zn8(%aZc3 z$DR+Dlas3eB%he58LO}gFTy6Ep5+@jQgYr#)Vn{Hnw;q}eU)outitEXUEDR?f1{*l znw#(w^IaBUDjrpw3q#YSJ?N9`p%_qOf7+G9J1JB$Mu%M@BY~lK2;z1%r~ut2qZ0S+ zt*v@K)Sce3S>h_e9~GzbB##8)AW}78LdWfL9L9`_fb`20C#M6wf+GxU0w*UY=^OPk z0rky49v(P20G>u`1dcYtuOCm*1P&64_F7w8`LVI4HimTZ|7#f_Q}t8}m8g2ZMa%09 z0-^~QP1ss~I18}hB+$mkC|j=5yjs5SXhh(mXdJtwum98QCj``f{P4@c!9jkrA!zIW zKFS0v72c3JdtQm{{#*R~_bGYk4cmOQui_Bd^&!-MdH=Ue;`x7HUWLv6^!xfh>0ONx gS997xY$qDK#^UMI-<|n4v4EetvW`;KL))nT1Cb*69{>OV diff --git a/website/source/guides/architecture.html.md b/website/source/guides/architecture.html.md deleted file mode 100644 index c63feaa92c41..000000000000 --- a/website/source/guides/architecture.html.md +++ /dev/null @@ -1,28 +0,0 @@ ---- -layout: "guides" -page_title: "Vault Architecture - Guides" -sidebar_current: "guides-vault-architecture" -description: |- - In production environments, the availability of the Vault server is critical - since any downtime may affect the system that is leveraging Vault. Vault is - designed to support a highly available deploy to ensure a machine or process - failure is minimally disruptive. The understanding of the Vault architecture - can help deciding on the Vault backends for your organization's requirements. ---- - -# Vault Architecture - -Vault documentation explained the components. - -This guide demonstrates regenerating a root token using a one-time-password (OTP). - -## Steps to Regenerate Root Tokens - -1. Make sure that the Vault server is unsealed -2. Generate a one-time-password (OTP) to share -3. Each unseal key holder runs `generate-root` with the OTP -4. Decode the generated root token - -### Step 1: Make sure that the Vault server is unsealed - -First, verify the status: diff --git a/website/source/guides/authentication.html.md b/website/source/guides/authentication.html.md index 5eaf3b73531f..aff22a8ac480 100644 --- a/website/source/guides/authentication.html.md +++ b/website/source/guides/authentication.html.md @@ -1,6 +1,6 @@ --- layout: "guides" -page_title: "Authentication using AppRole - Guides" +page_title: "AppRole Pull Authentication - Guides" sidebar_current: "guides-authentication" description: |- Authentication is a process in Vault by which user or machine-supplied @@ -10,7 +10,7 @@ description: |- # Authentication Before a client can interact with Vault, it must authenticate against an [**auth -backend**][auth-backend] to acquire a token. This token has policies attached so +backend**](/docs/auth/index.html) to acquire a token. This token has policies attached so that the behavior of the client can be governed. Since tokens are the core method for authentication within Vault, there is a @@ -48,30 +48,37 @@ This guide focuses on generating tokens for machines or apps by enabling Think of a scenario where a DevOps team wants to configure Jenkins to read secrets from Vault so that it can inject the secrets to app's environment -variables at deployment time. +variables at deployment time. For example, Jenkins configures +`WORDPRESS_DB_HOST`, `WORDPRESS_DB_USER`, `WORDPRESS_DB_PASSWORD`, and +`WORDPRESS_DB_NAME` environment variables when deploying WordPress. + +To retrieve database connection information from Vault, Jenkins must +authenticate with Vault first. + +![Vault communication](/assets/images/vault-approle.png) + +As a user, you can authenticate with Vault using your LDAP credentials, and +Vault would generate a token once it's verified. How can an app programmatically +request a token so that it can interact with Vault? -How to generate a token for the Jenkins server use? ## Solution -Needless to say, you don't want to pass your token to the Jenkins server. Enable -**AppRole** auth backend so that the Jenkins server can obtains a Vault token -with appropriate policies attached. +Enable **AppRole** auth backend so that the Jenkins +server can obtain a Vault token with appropriate policies attached. ## Prerequisites To perform the tasks described in this guide, you need to have a Vault -environment. You can follow the [Getting Started][getting-started] guide to -[install Vault][install-vault]. Alternatively, if you are familiar with -[Vagrant](https://www.vagrantup.com/), you can spin up a -[HashiStack](https://github.com/hashicorp/vault-guides/tree/master/provision/hashistack/vagrant) -virtual machine. +environment. Refer to the [Getting +Started](/intro/getting-started/install.html) guide to install Vault. + +Make sure that your Vault server has been [initialized and +unsealed](/intro/getting-started/deploy.html). -Make sure that your Vault server has been [initialized and unsealed][initialize]. +Complete the [policies](/guides/policies.html) guide so that you have policies +to work with. -[getting-started]: /intro/getting-started/install.html -[install-vault]: /intro/getting-started/install.html -[initialize]: /intro/getting-started/deploy.html ## Steps @@ -79,14 +86,14 @@ Vault supports a number of authentication backends, and most auth backends must be enabled first including AppRole. The overall workflow is: -[![AppRole auth backend workflow](assets/images/vault-approle-workflow.png)](assets/images/vault-approle-workflow.png) +![AppRole auth backend workflow](assets/images/vault-approle-workflow.png) In this guide, you are going to perform the following steps: 1. [Enable AppRole auth backend](#step1) 2. [Create a role with policy attached](#step2) 3. [Get Role ID and Secret ID](#step3) -4. [Acquire token using Role ID & Secret ID](#step4) +4. [Login with Role ID & Secret ID](#step4) ### Step 1: Enable AppRole auth backend @@ -103,7 +110,20 @@ vault auth-enable approle #### API call using cURL -To enable the AppRole auth backend via API: +Before begin, create the following environment variables for your convenience: + +- **VAULT_ADDR** is set to your Vault server address +- **VAULT_TOKEN** is set to your Vault token + +**Example:** + +```plaintext +$ export VAULT_ADDR=http://127.0.0.1:8201 + +$ export VAULT_TOKEN=0c4d13ba-9f5b-475e-faf2-8f39b28263a5 +``` + +Now, enable the AppRole auth backend via API: ```text curl -X POST -H "X-Vault-Token: $VAULT_TOKEN" --data '{"type": "approle"}' \ @@ -117,6 +137,9 @@ When you enabled AppRole auth backend, it gets mounted at the **`/auth/approle`** path. In this example, you are going to create a role for Jenkins server. +-> Policies created in the [policies](/guides/policies.html) guide are +referenced in this step. + #### CLI command To create a role for machines or apps, run: @@ -213,7 +236,7 @@ curl -X LIST -H "X-Vault-Token: $VAULT_TOKEN" $VAULT_ADDR/v1/auth/approle/role/j ``` -### Step 4: Acquire token using Role ID & Secret ID +### Step 4: Login with Role ID & Secret ID To get a Vault token for the `jenkins` role, you need to pass the role ID and secret ID you obtained previously to the client (in this case, Jenkins). @@ -257,7 +280,7 @@ $ curl -X POST -d @jenkins.json $VAULT_ADDR/v1/auth/approle/login | jq that token. -## Reference Content +## Advanced Features To keep the Secret ID confidential, use [**response wrapping**](/docs/concepts/response-wrapping.html) so that the only expected @@ -306,6 +329,5 @@ b07d7a47-1d0d-741d-20b4-ae0de7c6d964 ## Next steps - - -[auth-backend]: /docs/auth/index.html +To learn more about response wrapping, go to [Cubbyhole Response +Wrapping](/guides/cubbyhole.html) guide. diff --git a/website/source/guides/cubbyhole.html.md b/website/source/guides/cubbyhole.html.md index 61299213b3f0..6825dc012bab 100644 --- a/website/source/guides/cubbyhole.html.md +++ b/website/source/guides/cubbyhole.html.md @@ -49,17 +49,12 @@ like any other tokens so that the risk of unauthorized access can be minimized. ## Prerequisites To perform the tasks described in this guide, you need to have a Vault -environment. You can follow the [Getting Started][getting-started] guide to -[install Vault][install-vault]. Alternatively, if you are familiar with -[Vagrant](https://www.vagrantup.com/), you can spin up a -[HashiStack](https://github.com/hashicorp/vault-guides/tree/master/provision/hashistack/vagrant) -virtual machine. +environment. Refer to the [Getting +Started](/intro/getting-started/install.html) guide to install Vault. -Make sure that your Vault server has been [initialized and unsealed][initialize]. +Make sure that your Vault server has been [initialized and +unsealed](/intro/getting-started/deploy.html). -[getting-started]: /intro/getting-started/install.html -[install-vault]: /intro/getting-started/install.html -[initialize]: /intro/getting-started/deploy.html ## Steps @@ -100,6 +95,19 @@ wrapped_accessor: 195763a9-3f26-1fcf-6a1a-ee0a11e76cb1 #### API call using cURL +Before begin, create the following environment variables for your convenience: + +- **VAULT_ADDR** is set to your Vault server address +- **VAULT_TOKEN** is set to your Vault token + +**Example:** + +```plaintext +$ export VAULT_ADDR=http://127.0.0.1:8201 + +$ export VAULT_TOKEN=0c4d13ba-9f5b-475e-faf2-8f39b28263a5 +``` + Response wrapping is per-request and is triggered by providing to Vault the desired TTL for a response-wrapping token for that request. This is set using the **`X-Vault-Wrap-TTL`** header in the request and can be either an integer @@ -150,10 +158,13 @@ Or VAULT_TOKEN= vault unwrap ``` +In this scenario, the wrapped secret is a Vault token. Therefore, it probably +makes better sense to use the second option. + **Example:** ```shell -$ vault unwrap 9ac59985-094f-a2de-aed8-bf688e436fbc +$ VAULT_TOKEN=9ac59985-094f-a2de-aed8-bf688e436fbc vault unwrap Key Value --- ----- @@ -194,7 +205,7 @@ curl -X POST -H "X-Vault-Token: $WRAPPING_TOKEN" $VAULT_ADDR/v1/sys/wrapping/unw ``` -## Reference Content +## Additional Discussion Similar to the key/value secret backend, the cubbyhole backend is mounted at the **`cubbyhole/`** prefix by default. The secrets you store in the `cubbyhole/` path diff --git a/website/source/guides/dynamic-secrets.html.md b/website/source/guides/dynamic-secrets.html.md index 41f753f50a8e..2ab6a27217f2 100644 --- a/website/source/guides/dynamic-secrets.html.md +++ b/website/source/guides/dynamic-secrets.html.md @@ -53,17 +53,33 @@ can be revoked rather than changing more global set of credentials. ## Prerequisites To perform the tasks described in this guide, you need to have a Vault -environment. You can follow the [Getting Started][getting-started] guide to -[install Vault][install-vault]. Alternatively, if you are familiar with -[Vagrant](https://www.vagrantup.com/), you can spin up a -[HashiStack](https://github.com/hashicorp/vault-guides/tree/master/provision/hashistack/vagrant) -virtual machine. +environment. Refer to the [Getting +Started](/intro/getting-started/install.html) guide to install Vault. + +Make sure that your Vault server has been [initialized and +unsealed](/intro/getting-started/deploy.html). + + +#### PostgreSQL + +This guide assumes that you have [PostgreSQL +installed](https://www.postgresql.org/download/), and have a database named +`myapp` created. + +**Example on Ubuntu:** + +```shell +# Install PostgreSQL +$ sudo apt-get install -y postgresql postgresql-contrib + +# Switch to postgres user +$ su - postgres + +# Create myapp database +$ psql -U postgres -c 'CREATE DATABASE myapp;' +``` -Make sure that your Vault server has been [initialized and unsealed][initialize]. -[getting-started]: /intro/getting-started/install.html -[install-vault]: /intro/getting-started/install.html -[initialize]: /intro/getting-started/deploy.html ## Steps @@ -91,6 +107,21 @@ vault mount database #### API call using cURL +Before begin, create the following environment variables for your convenience: + +- **VAULT_ADDR** is set to your Vault server address +- **VAULT_TOKEN** is set to your Vault token + +**Example:** + +```plaintext +$ export VAULT_ADDR=http://127.0.0.1:8201 + +$ export VAULT_TOKEN=0c4d13ba-9f5b-475e-faf2-8f39b28263a5 +``` + +Now, mount the `database` backend using API: + ```text $ curl -X POST -H "X-Vault-Token: $VAULT_TOKEN" -d @postgres.json \ $VAULT_ADDR/v1/sys/mounts/database @@ -111,6 +142,17 @@ common to give Vault the **root** credentials and let Vault manage the auditing and lifecycle credentials; it's much better than having one person manage the credentials. + +The following command configures the database secret backend using +`postgresql-database-plugin` where the database connection URL is +`postgresql://root:rootpassword@localhost:5432/myapp`. The allowed role is +`readonly` which you will create in [Step 3](#step3). + +**NOTE:** If your +database connection URL is different from this example, be sure to replace the +command with correct URL to match your environment. + + #### CLI command **Example:** @@ -120,6 +162,7 @@ vault write database/config/postgresql plugin_name=postgresql-database-plugin \ allowed_roles=readonly connection_url=postgresql://root:rootpassword@localhost:5432/myapp ``` + #### API call using cURL **Example:** @@ -162,7 +205,7 @@ if Vault is offline or unable to communicate with it. **Example:** ```plaintext -vault write database/roles/readonly db_name=postgresql creation_statements=@readonly.SQL \ +vault write database/roles/readonly db_name=postgresql creation_statements=@readonly.sql \ default_ttl=1h max_ttl=24h ``` diff --git a/website/source/guides/lease.html.md b/website/source/guides/lease.html.md index 600e80c4397b..875b9d819894 100644 --- a/website/source/guides/lease.html.md +++ b/website/source/guides/lease.html.md @@ -72,17 +72,11 @@ intrusion. This also allows for organizations to plan and train for various ## Prerequisites To perform the tasks described in this guide, you need to have a Vault -environment. You can follow the [Getting Started][getting-started] guide to -[install Vault][install-vault]. Alternatively, if you are familiar with -[Vagrant](https://www.vagrantup.com/), you can spin up a -[HashiStack](https://github.com/hashicorp/vault-guides/tree/master/provision/hashistack/vagrant) -virtual machine. +environment. Refer to the [Getting +Started](/intro/getting-started/install.html) guide to install Vault. -Make sure that your Vault server has been [initialized and unsealed][initialize]. - -[getting-started]: /intro/getting-started/install.html -[install-vault]: /intro/getting-started/install.html -[initialize]: /intro/getting-started/deploy.html +Make sure that your Vault server has been [initialized and +unsealed](/intro/getting-started/deploy.html). ## Steps @@ -140,6 +134,19 @@ max_lease_ttl 2764800 #### API call using cURL +Before begin, create the following environment variables for your convenience: + +- **VAULT_ADDR** is set to your Vault server address +- **VAULT_TOKEN** is set to your Vault token + +**Example:** + +```plaintext +$ export VAULT_ADDR=http://127.0.0.1:8201 + +$ export VAULT_TOKEN=0c4d13ba-9f5b-475e-faf2-8f39b28263a5 +``` + Read the default TTL settings for **token** auth backend: ```plaintext @@ -636,7 +643,7 @@ $ curl -X POST -H "X-Vault-Token:$VAULT_TOKEN" $VAULT_ADDR/v1/sys/leases/revoke- ``` -## Reference Content +## Advanced Features It is important to understand the lease configuration to avoid having your secret leases expiring earlier than you expected. diff --git a/website/source/guides/policies.html.md b/website/source/guides/policies.html.md new file mode 100644 index 000000000000..4d28be37f965 --- /dev/null +++ b/website/source/guides/policies.html.md @@ -0,0 +1,362 @@ +--- +layout: "guides" +page_title: "Policies - Guides" +sidebar_current: "guides-governance" +description: |- + Policies in Vault control what a user can access. +--- + +# Policies + +Use policy to govern the behavior of clients by specifying the access privilege +(_authorization_). + +When you first initialize Vault, the +[**`root`**](/docs/concepts/policies.html#root-policy) policy gets created by +default. The `root` policy is a special policy that gives superuser access to +_everything_ in Vault. This allows the superuser to set up initial policies, +tokens, etc. + +In addition, there is another build-in policy, +[**`default`**](/docs/concepts/policies.html#default-policy) gets created. The +`default` policy is attached to all tokens and provides common permissions. + +Everything in Vault is path based, and write policies to grant or forbid access +to certain paths and operations in Vault. Empty policy grants **no permission** +in the system. + + +### HashiCorp Configuration Language (HCL) + +Policies written in [HCL](https://github.com/hashicorp/hcl) format are often +referred as **_ACL Policy_**. [Sentinel](https://www.hashicorp.com/sentinel) is +another framework for policy which is available in [Vault +Enterprise](/docs/enterprise/index.html). Since Sentinel is an enterprise-only +feature, this guide focuses on writing ACL policies. + +**NOTE:** HCL is JSON compatible; therefore, JSON can be used as completely +valid input. + +## Reference Material + +- [Policies](/docs/concepts/policies.html#default-policy) documentation +- [Policy API](/api/system/policy.html) documentation +- [Getting Started guide](/intro/getting-started/policies.html) on policies + +## Estimated Time to Complete + +10 minutes + +## Challenge + +Since Vault centrally secure, store, and access control secrets across distributed +infrastructure and applications, it is critical to control permissions before +any user or machine can gain access. + + +## Solution + +Restrict the use of root policy, and write fine-grained policies to practice +**least privileged**. For example, if an app gets AWS credentials from Vault, +write policy grants to `read` from AWS secret backend but not to `delete`, etc. + +Policies are attached to tokens and roles to enforce client permissions on +Vault. + + +## Prerequisites + +To perform the tasks described in this guide, you need to have a Vault +environment. Refer to the [Getting +Started](/intro/getting-started/install.html) guide to install Vault. + +Make sure that your Vault server has been [initialized and +unsealed](/intro/getting-started/deploy.html). + +## Steps + +This guide demonstrates basic policy authoring and management tasks. + +1. [Write ACL policies](#step1) +2. [View existing policies](#step2) +3. [Check capabilities of a token](#step3) + + +### Step 1: Write ACL policies + +ACL policies are defined for each path: + +```plaintext +path "" { + capabilities = [ "" ] +} +``` + +-> The path can have a wildcard ("`*`") specifying at the end to allow for +namespacing. For example, "`secret/training_*`" grants permissions on any +path starts with "`secret/training_`" (e.g. `secret/training_vault`). + +Define one or more capabilities on each path to control operations that are +permitted. + +| Capability | Associated HTTP verbs | +| --------------- |------------------------| +| create | POST/PUT | +| read | GET | +| update | POST/PUT | +| delete | DELETE | +| list | LIST + + +#### Policy requirements + +First step in writing policies is to gather policy requirements. As an exercise, +assume that the following are the policy requirements defined for `developers` +and `devops`. + +Developers must be able to: + +- Perform all operations on `secret/apps/*` path +- Obtain AWS credentials for `devops` role +- Obtain database credentials for `devops` role + +DevOps must be able to: + +- View and manage leases +- Mount and manage secret backends + +#### Example policy for Developers + +`dev-pol.hcl` + +```shell +# Full permissions on secret/apps/* path +path "secret/apps/*" { + capabilities = ["create", "read", "update", "delete", "list"] +} + +# Read new credentials from aws secret backend +path "aws/creds/devops" { + capabilities = ["read"] +} + +# Read new credentials from database secret backend +path "database/creds/devops" { + capabilities = ["read"] +} +``` + +#### Example policy for DevOps + +`devops-pol.hcl` + +```shell +# Permissions to manage leases +path "sys/leases/*" { + capabilities = ["create", "read", "update", "delete", "list"] +} + +# Permissions to create and manage secret backends +path "sys/mounts/*" { + capabilities = ["create", "read", "update", "delete", "list"] +} + +# Move already mounted backend to a new endpoint +path "sys/remount/*" { + capabilities = ["create", "update"] +} +``` + +Once the ACL policies are written, create policies. + +#### CLI command + +Create new ACL policies: + +```shell +$ vault write dev-pol dev-pol.hcl + +$ vault write devops-pol devops-pol.hcl +``` + +**NOTE:** To update an existing policy, simply re-run the same command by +passing your modified policy (`*.hcl`). + +#### API call using cURL + +Before begin, create the following environment variables for your convenience: + +- **VAULT_ADDR** is set to your Vault server address +- **VAULT_TOKEN** is set to your Vault token + +**Example:** + +```plaintext +$ export VAULT_ADDR=http://127.0.0.1:8201 + +$ export VAULT_TOKEN=0c4d13ba-9f5b-475e-faf2-8f39b28263a5 +``` + +Now, create new ACL policies using API: + +```shell +# Create dev-pol policy +$ curl -X PUT -H "X-Vault-Token: $VAULT_TOKEN" -d @dev-payload.json \ + $VAULT_ADDR/v1/sys/policies/acl/dev-pol + +$ cat dev-payload.json +{ + "policy": "path \"secret/apps/*\" { capabilities = [\"create\", \"read\", \"update\" ... }" +} + +# Create devops-pol policy +$ curl -X PUT -H "X-Vault-Token: $VAULT_TOKEN" -d @devops-payload.json \ + $VAULT_ADDR/v1/sys/policies/acl/devops-pol + +$ cat devops-payload.json +{ + "policy": "path \"sys/leases/*\" { capabilities = [\"create\", \"read\", \"update\" ... }" +} +``` + +**NOTE:** To update an existing policy, simply re-run the same command by +passing your modified policy in the request payload (`*.json`). + + + +### Step 2: View existing policies + +Make sure that you see the policies you created in [Step 1](#step1). + +#### CLI command + +The following command lists existing policies: + +```shell +vault policies +``` + +To view a specific policy: + +```shell +vault read sys/policy/ +``` + +**Example:** + +```shell +vault read sys/policy/default + +Key Value +--- ----- +name default +rules # Allow tokens to look up their own properties +path "auth/token/lookup-self" { + capabilities = ["read"] +} + +# Allow tokens to renew themselves +path "auth/token/renew-self" { + capabilities = ["update"] +} + +# Allow tokens to revoke themselves +path "auth/token/revoke-self" { + capabilities = ["update"] +} +... +``` + + +#### API call using cURL + +To list existing ACL policies, use the `/sys/policy` endpoint. + +```plaintext +curl -X LIST -H "X-Vault-Token: $VAULT_TOKEN" $VAULT_ADDR/v1/sys/policy | jq +``` + +-> NOTE: You can also use `/sys/policies` endpoint which is used to manage +ACL, RGP, and EGP policies in Vault (RGP and EGP policies are enterprise-only +features). To list policies, invoke `/sys/policies/acl` endpoint. + +To read a specific policy, the endpoint path should be +`/sys/policy/`. + +**Example:** + +```plaintext +curl -X GET -H "X-Vault-Token: $VAULT_TOKEN" $VAULT_ADDR/v1/sys/policy/default | jq + +{ + "name": "default", + "rules": "\n# Allow tokens to look up their own properties\npath \"auth/token/lookup-self\" ...", + "request_id": "1379d18d-e5e3-dbd2-8f3a-0e446c016a23", + "lease_id": "", + "renewable": false, + "lease_duration": 0, + ... +``` + + +### Step 3: Check capabilities of a token + +Use the `/sys/capabilities` endpoint to fetch the capabilities of a token on a +given path. This helps to verify what operations are granted based on the +policies attached to the token. + +#### CLI command + +The command is: + +```shell +vault capabilities +``` + +**Example:** + +```plaintext +vault capabilities a59c0d41-8df7-ba8e-477e-9bfb394f28a0 secret/apps + +Capabilities: [create delete list read update] +``` + +In the absence of token, it returns capabilities of current token invoking this +command. + +```shell +vault capabilities secret/apps +``` + +#### API call using cURL + +Use the `sys/capabilities` endpoint. + +**Example:** + +```plaintext +$ curl -X POST -H "X-Vault-Token: $VAULT_TOKEN" -d @payload.json \ + $VAULT_ADDR/v1/sys/capabilities + +$ cat payload.json +{ + "token": "a59c0d41-8df7-ba8e-477e-9bfb394f28a0", + "path": "secret/apps" +} +``` + +To check current token's capabilities permitted on a path, use +`sys/capabilities-self` endpoint. + +```plaintext +curl -X POST -H "X-Vault-Token: $VAULT_TOKEN" -d '{"path":"secret/apps"}' \ + $VAULT_ADDR/v1/sys/capabilities-self +``` + + + +## Next steps + +In this guide, you learned how to write policies based on given policy +requirements. Next, [AppRole Pull Authentication](/guides/authentication.html) +guide demonstrates how to associate policies to a role. diff --git a/website/source/guides/static-secrets.html.md b/website/source/guides/static-secrets.html.md index 2941fc4ef5f3..460efe4b56ef 100644 --- a/website/source/guides/static-secrets.html.md +++ b/website/source/guides/static-secrets.html.md @@ -48,27 +48,17 @@ Leverage Vault as a centralized secret storage to secure any sensitive information. Vault encrypts these secrets using 256-bit AES in GCM mode with a randomly generated nonce prior to writing them to its persistent storage. The storage backend never sees the unencrypted value, so gaining access to the raw -storage isn't enough to access your secrets. +storage isn't enough to access your secrets. ## Prerequisites To perform the tasks described in this guide, you need to have a Vault -environment. You can follow the [Getting Started][getting-started] guide to -[install Vault][install-vault]. Alternatively, if you are familiar with -[Vagrant](https://www.vagrantup.com/), you can spin up a -[HashiStack](https://github.com/hashicorp/vault-guides/tree/master/provision/hashistack/vagrant) -virtual machine. +environment. Refer to the [Getting +Started](/intro/getting-started/install.html) guide to install Vault. -Make sure that your Vault server has been [initialized and unsealed][initialize]. - -**NOTE:** The Vault server can be running in a [dev -mode](/intro/getting-started/dev-server.html) to perform the tasks described in -this guide. - -[getting-started]: /intro/getting-started/install.html -[install-vault]: /intro/getting-started/install.html -[initialize]: /intro/getting-started/deploy.html +Make sure that your Vault server has been [initialized and +unsealed](/intro/getting-started/deploy.html). ## Steps @@ -121,6 +111,19 @@ Success! Data written to: secret/eng/apikey/Google #### API call using cURL +Before begin, create the following environment variables for your convenience: + +- **VAULT_ADDR** is set to your Vault server address +- **VAULT_TOKEN** is set to your Vault token + +**Example:** + +```plaintext +$ export VAULT_ADDR=http://127.0.0.1:8201 + +$ export VAULT_TOKEN=0c4d13ba-9f5b-475e-faf2-8f39b28263a5 +``` + To perform the same task using the Vault API, pass the token in the request header. **Example:** @@ -131,8 +134,44 @@ curl $VAULT_ADDR/v1/secret/eng/apikey/Google -X POST \ ``` + ### Step 2: Store the root certificate for MySQL +For the purpose of this guide, generate a new self-sign certificate using [OpenSSL](https://www.openssl.org/source/). + +```shell +openssl req -x509 -sha256 -nodes -newkey rsa:2048 -keyout selfsigned.key -out cert.pem +``` + +Generated `cert.pem` file: + +```plaintext +-----BEGIN CERTIFICATE----- +MIIDSjCCAjICCQC47CQCg4u0kDANBgkqhkiG9w0BAQsFADBnMQswCQYDVQQGEwJV +UzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xFDASBgNVBAMM +C2V4YW1wbGUuY29tMR0wGwYJKoZIhvcNAQkBFg5tZUBleGFtcGxlLmNvbTAeFw0x +ODAxMTcwMTMzNThaFw0xODAyMTYwMTMzNThaMGcxCzAJBgNVBAYTAlVTMQswCQYD +VQQIDAJDQTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEUMBIGA1UEAwwLZXhhbXBs +ZS5jb20xHTAbBgkqhkiG9w0BCQEWDm1lQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1cPTXpnOeUXU4tgblNLSS2rcA7eIqzc6gnMY +Sh76WxOaN8VncyJw89/28QYOSYeWRn4fYywbPhHpFmrY6+1gW/8y0+Yoj7TL2Mvs +5m1ZH9eOS6kcnnX/lr+HCfJpTHokKk/Vxr0/p6agkdZq0OYMPAmiuw1M4afd5abm +8s5R99b4DgQyNvRYJp+JMddz2cM8t2AKQH4rq2NEf/GBHqHpHKmaxTyX5Rh7zg/g +WJQ/DjxUVLpbRy+soiUJTZzamrO0iu9fcww+1Q4TZsMWizA4ChQFI7uegKkZ2Alv +SNItsv01FQH3IB7pNWuna3IXXY789R0Qp0Ha5ScryVc9syg4cQIDAQABMA0GCSqG +SIb3DQEBCwUAA4IBAQBtUcuwL0rS/uhk4v53ALF+ryRoLF93wT+O9KOvK15Pi1dX +oZ9yxu5GOGi59womsrDs1vNrBuIQNVQ69dbUYu1LkhgQGDUWQb8JpCp++WHWTIeP +YTJ5C/Q1B3rXeQrVWPvO0bMCig+/G5DGtzZmKWMQGHhfOvSwrkA58YAwjC+rqexl +skA+hQ2JiU4bzIxvlPLBOUA/p+TgUKtdzPY3lxyDO2p7+8ZD56B0PoW87zNJYRcu +VdSr7er8UkUr5nVjcw/6MJeptmx6QaiHgTUSFf2HjFfzsBa/IY1VGr/8bOII+IFN +iYQTLBNG0/q/PZGeMX/RHxmCzZz/7wE0CDPMLbyf +-----END CERTIFICATE----- +``` + +**NOTE:** If you don't have OpenSSL, simply copy the above certificate and +save it as `cert.pem`. + + #### CLI command The command is basically the same as the Google API key example. @@ -140,7 +179,7 @@ The command is basically the same as the Google API key example. **Example:** ```shell -vault write secret/prod/cert/mysql cert=@root_cert.pem +vault write secret/prod/cert/mysql cert=@cert.pem ``` **NOTE:** Any value begins with "@" is loaded from a file. @@ -162,7 +201,7 @@ To perform the same task using the Vault API, pass the token in the request head ```shell curl $VAULT_ADDR/v1/secret/eng/apikey/Google -X POST \ - -H "X-Vault-Token: $VAULT_TOKEN" --data @root_cert.pem + -H "X-Vault-Token: $VAULT_TOKEN" --data @cert.pem ``` @@ -240,7 +279,7 @@ curl $VAULT_ADDR/v1/secret/prod/cert/mysql -X GET \ -H "X-Vault-Token: $VAULT_TOKEN" | jq ".data.cert" ``` -## Reference Content +## Additional Discussion ### Q: How do I enter my secrets without appearing in history? diff --git a/website/source/layouts/guides.erb b/website/source/layouts/guides.erb index d165f9d7efcc..e22b7f9e0ea3 100644 --- a/website/source/layouts/guides.erb +++ b/website/source/layouts/guides.erb @@ -2,12 +2,17 @@ <% content_for :sidebar do %>
        + + > + Policies + + > - Authenticatication - AppRole + AppRole Pull Authentication > - Securing Secrets + Static Secrets > @@ -22,6 +27,8 @@ Cubbyhole Response Wrapping + + > Production Hardening From 8c261067a68b9f82ef09f8329b9e8a5e06077b74 Mon Sep 17 00:00:00 2001 From: Yoko Hyakuna Date: Thu, 18 Jan 2018 17:40:35 -0800 Subject: [PATCH 007/178] WIP - Added personas --- .../source/assets/images/vault-approle.png | Bin 75023 -> 79550 bytes website/source/guides/authentication.html.md | 308 ++++++++++++++++-- website/source/guides/dynamic-secrets.html.md | 182 +++++++++-- 3 files changed, 428 insertions(+), 62 deletions(-) diff --git a/website/source/assets/images/vault-approle.png b/website/source/assets/images/vault-approle.png index 9298e7fbd67314e17f1812fad0fa0410aae804c0..89a51c48a5f75cf9a069e71f72b935131bb6834e 100644 GIT binary patch literal 79550 zcmZ_0b9kIx+c%mfY0%he8r!yQn~jZ0nlx@~PVC0EZQC{)+uGCn{hs5w-@W(uSB|-m zSvt>k{;(!gQC)!tL^!!}jModf)MF>(A z_vpNWX$kve{o}!F0LK++a_N^XBj;v&=K5i?@_pYO-SV|9$5_4>H1VDxcCr{_ofRbCc5w#Ubypi0`gq_y6*~WOXal z|MzSEzQ0u@))l*xdq3A2#qe?6jnTJf(>|85+p!!QC?9_Ro2YqOI{V&dY6c^d4K znwmJZ8tpP{ma2qyTu)=pTI>ez@oQKd3j>0Kq*R^jL`B7=>*!0>OR48e)PTqHr82UC zUzCfL$*43cbeSY}x>7sc@2s?{jRJoe=k2I;c)As<(ze)v6vf+#btb^R4FXOM!Gbq={E zOghARv6$`-k2PjDT0lR_dUgQ0fF$EjUO~Y~FOmQ)fzNBT&2kOd3&1a(-Eu}W2my~A z0gru5KP!ttr_nA!uhm5=gZszznpd~q=b2Is29dtbk9Uuwm3r$bV|~vnF}Jt7#eB!z zf$NLTj|1sUe|%oMHO}UT4G+`nyUA-!8{FHi!I?_$dWmFa2*%muD+nWP$~&|1MD@k7M0l{Qrgy zr#78RQZ7ELi#anP19pxjJ_tJ(zD2%eirI$Uk6v&`Ue zLMU~1cGk4_`L0HuEf)BmLD?IGm=K0REnT`$zMtN4C|O9a2RXhIOKITqR?qve<}}ml zYTtanVx8}2H8x$s-2KbU#fR-MG&B@&)sH2ksu~}G%|xs)GzFGxE7tLLznY!LNkr6b z)B6Q%2QijGDMvKZw6+(q9uu3@BBo5cURvL6AH#CKB%zsqXLr|hIF1Z(T0Ll%)LVZ! z#xgmCrochb;f zS$QBFLz^PCT7{?RHjmjDwm*IV%J^lsw5VtRQFga%q<=!>6YF86$#9%F&D)>cXk4J} zM+e$_CSf=h1N)0Z)a=a6wOm-U-N9rQL*u4*>(k>X!fVtppY~1^KF`QdEQwRHn$!8D zz=tOe@6W0=msQ&taXMIJo=?U}zNRgkh`u{Ppw9Q7MKs@Y|2HK#^pRBkoHoLFo>gEz zO)@aq4@+1vm`t7!_IvY7p$RAxYEK0$4D0O&+|%Vrlii_JXzEKRQ5U=Kth>y*D~g*1 zk&=^B;cQUp?79s3iP7w371xe2tNRR6km3e1?+bOA$)=Id7Ahne1S2HzoIeX3dCy3p zW`l<#p>t2aV64KIl}lPS5w{L*-gCIm^Y045}<<^T|v) zfsfbP+lx&DTsEt{&2?n$iA7M9lpS(S+w}VIGIR%H6Wp>)^0Gh^9dJrsa2=)_KZgV@ z$L+L@IIrS^_alH(boeTc)7g*zZarHeVubAM>OqvBUfx$P;^ECd|ME)?u&SbE4Ob`Z zE#ZwXh&-0gQfZaCP~nytKUPclBZghhsJ(l8OWUdF0k6HSoG)D@ zW~C7t843I>qdx58ggM+-Tx+^qQg8Jwjrx0uX^`@y67hXk`v-6o3O+^#T9=-QiK$`8 zsFhZyp^PX>CW)Ty(;(mk=Aat_8ZrK&<7EO_c&tR=aSOujW}E{->2x|bST=)O&3k$n zPBw?ARU`=z^V+&jlkpz_q zca&El*s>%-f^tkFlgD983XgfkI@uzb_mrev!L>{KI>Vyh8dR_#llb2><9V$+`|mWv zj4TMjwf91>x47NA--*N0XZ6e4(s>gRe+6%RH_P~)RTPm~tyEmC`SKK)zo|tbW&4Kc zF+Mb;ieT@KELc<5A7jC9kwHZe7s1{vd!#&*?Tt@1v~IFnP|oahZuI2Xr}^Z1{53RM zK@s6c(G``KmOsB-8oSyzpW|ZB&%iG;F}-He)ZQHAL$iB2%8joTdP1&-onB zT>rb=x`-6Vkh>yWi&A^_*$lIJD^fd-tZH=S)$yXklJYSTdH8Xe zO?t|%cECAEwwK801av)hYBZ`sS9_XD0mss|j~zb1+5TY>R7=>*pR%I)NA^v?E+Jca zW=CPF(IbM&w(Ex5phYMw^N$g#LTo1s*4mG^2LqSrM?{>y#)Y_HDBR*!ua|pf>jhdg zi!Z2Q>=<(VREaP_fi8>ZS$fGAaCymZRCqh#&D<+ykl?TL8U{E9=EvU&7QUy-J=J+_ zw7CtKFJW?BH^zzsWw#guo?#;b@7-qdqyYUG8p(fl;w1tsk6r&3ho?eamSGQu+Z|m0 z&23xAl+2I^V<{vT?Qc;L_$=C9+^*Pk#=(gAs!l&ESZx67#+8aM)I=;kXi#PQO_{8$noJ&vB02#nMu%;*xnUZ|s8%nNjSBm1AI))$aH zs=pl6=j+|H0IV9>uX|cIhi{j|NtNrfSQ02VTrc>pL&T}h%TP+fa|Jc+o3^2vuSaN1 zr*p)ZoepH5q`aDlavu>D(mAK|3WP_)V%#lKKwvv@zDtO zCFxqTaoJl7Kf74)ac+)Ski(V2Nf`}8|EL@+;tL$JF+dr{19{IxHrbi$Z{#nV$b(y)^*LudUYc)1~TqM zC8Fj0ia;ZoFrq_?2!`f8)aKnNo``$5rOWSTdYw)$I1U!MS?I>#2(dv$Xeg<5GBH1+ zkj!fIO4aFrMzFS=@6({ljM=xBma4&Pq?`ei$}XldnKW8OvK^2e@|qkRe&qjaliWgH zg7byl9T=q`@S)wE)4%{OBU(+kt7p~b=`>d0E>Y{MS7?{x4j(ZKLC}n+bqbbPpdV>u zwW-MS6$7Ugb27#-$$C?ex9ia7;eib7F^~kNkPssosHfPJ#We=Px!Z zb;GRF;<^J#csC}V&ZTOlW}Y#n8kKg5Y9*>n0Z)R@q9de3?6~H6cIz#G)Pn$W1hn@a z3+M76%rgetDo|!2nvPK;Rz-_1{oWfy4u-XQPnK+m)-_5XlwPNBiv+M8?|L&eERfRy zp_oGh+YX+bHY`#*F(xrkCJ8?ZbsBg1Zz9fqB)nW)>fFOM3w#DV$U)?(yr>VjvgwF~x^SvNm=*6bkWXj< zE^)VC2~&!-XBinp>3JH1ZI)`}yx+ZY;#wqA%0CtAdvA-m9j6rL>popSQ60xz+zjB^ zC$k#{>FTe-3-v1`tIAmTgkDD&T1Buwh()#`IF>2?_6r3c@7Uuc|H1~|EVet++$(_t z&;sEyG{W&yv&C8+c%loaIsX~E86_7NrxwiZ(9H7 zo-yUp;~!gG&C-VK-}M2>U0OI&SFLjSNC@b8 z{$W%q(&rr=Sq)rbL6IrMDBIteJ^v`movCVn^LZ||IXnDq`F*2acnc==4pi|a|5Az3 zm!vv4wNQjL3hZPQ-eOT^y29Z%YKo`PnMlR~ehU@UOGFoe4E^$UJFAdp%;-vPItzO7 zYn>3X{L1(7!sSpxt#?7Kd%;q<2D7oUV24ca=cDT$I0o#t;#G!|#YzsL`b>{=u3B8% zTC#aQkNbEXyJj*E*RigvTr&a~M$7c%rr-RDqE+5U`AHE9^?XD6z%5kDIs{u+#&N(_ z2MD-sIS3JoGFW|81dZMQA{@{e!SUE_VtkYI$>CUY9AsrbH-GrPsJ{I4dk!%h>BRkN zxxzXwRVIq&*XFPdE+xN2WY6cCRA;fFIioyVqqA$8XH88e6A~`YlCI~rg+-=>GEHVO z{%p(qrz6R9J5Fuo9eFmGW5Zi!yxR%2uB#U*c(d5DxCYQKtTEz^*~-r=&B-$|GE&XjFQ2@H^@q-KjcGX1fJH`VrmdI%+bWmc?m%RX?JB#7 z186)MY**@*tqnZjaWDJBvC_cwMa#c283jx~ubjC^rQEV43+_yJ9nM!84z~P2^c4vN zA)DYYZW@*UB19y3!7r@lcFeOpNAfsZuETtp6$LB~FpI>0?iDeW(8;ox07eVOYfQFz zo3FxdSVwMC#6@hnub5|K?Y_^@?$ej-4n@_fapt8ci}a9?)rsQBVPVj3muP)u0;I1! z^sUyYglYv@@$>vRqps|{E7-C>$#X!_Y=^9Te8=`F!G@`erS8c)+7ISSGGOk)B*q+LpWk330qQy-Q8Y zw0Pv;B-+B}FqxvsvZ0oGyga#4Gr(1IVUaqcaF418=Z|X>x10LKNGd>gV|T(I3BzP4 zI}sV#jUB(ln+YC;OSS<992Ex&L|+p8Plqa=d0F2V1^&gPA;N+K=Xl+lp{A)T$r}*n zNgqHAL|pT+H7v?NAvzMfh|dqLc5Tz3lJ^{%&HK;D8`0NmVJb zTqV?sPnD=H=W(J4a~S#j9r-;Xkp~T3+}}{Cx2IFRB~MA?-$@@HBf&&}6zxP%IiCni1_wSpY<2s81_ESX zGB_cloc|JMGm}*(S^rumVo_inDe5w9G7y*uIM=zbQ=*I%p7gmnIcz=lVmDg9JIW=S z;@U~IBc7_? z;#tqn(Q5VnJ(4w}P6hUA!vynV`%*boL*vb(^VuX$wE2sVS^mC7IkMx5*XY7qE7*5^^1~=c6w}rYISAW z&C-lX`sG~Vjs5*NojZ^jqVV%leP=wVtZXsQNQL=-o(a1n<4J>e1j+&)qaA_!35}hs zgYoli-S|<~#C)xFanu;2c+4Go^#k<@O;FqO(9XilY!ZNF)b9YPEIVbp8d)M+FcM(n zCX<1<+LXkI;(s*e}D4B{}q5l`}cHC2| zqY<|2=aG^Bo!c``}0b6&@YiQw*GRU7&WwDJ*2cXEaT? zVr?pMJKQOWxHy&l8-l@P@9_+t!AB+NgGn~%CZB&Q+$~1ou0SA9gnW>7n8=o-;4j~$ ztF!2&S$Uo_$v^Vd=MX~5EmjkX<^%d=3c1#vOhSer>~?(vqNRw#62#lxf9(5wv}(XQ zny2uZroP_ZFsATXSLBfvV)ww{G(4CUplWnzP-=+JZE1&^xlidkjaBTix*g6Em@fF` z&lKtZaNC&}-SgYf%hx?pPKBZp5jct~cyBLmp_LT2!HZ8j;L;m*Y>Iovqd%iN%-HCM zToYDlvz#UODAM@{pZNA-`t}N|d@Vc>xw^WtVve`cM<L}&dvR>$r5ce)6`_eT?w zZYBi`1}w4@*sK@OI}yKrqN@P0^145_0}r&^A)N<*bQ3u&kuVxR!xJ$u?O~4p*-tW{ zFJG-oq*5sy4uJi@KBJz__m=`l*Dy)Z>u_t=GVJG&EkM9l)S2A55T`hE_0^V7t0wva!~z3|bjIWeW*jU@%*=?*}^eQZfjy zF89mk1cI>8E-=P#ptehb3WL9tz6VB)*Ne;F8bqFYezXCw)3H+ZUF4n=6`Dy%bgRW` zzQj~Z`%zk2K|v!tA|H2~Px^SV@?tgaVR4&8e5fpiW&io4a&hP~;hKMoaT#J1-9Zne zN(={1^nG;{i(=n?8g)Ybwp^ygQVincI*2$)^ODi-LFhSovd(grRZuitia&~h7>kPm z%?^{^ME0Y_`N#-d)xnYHpJ9at$LDsAQIY2o<9~nL-I?AZDN5j#P~g21J=$o0L7Agj z#0c)%j_d+ePGfug5X?}wnqxLgO-cpwX?C*3%?wUJRRl%Jip?1^Vloxz+h!>XixAj> zdKM-r`I8OtmT#N7GcIWihc2>8mBHAHW!g%(ihs6Jw-5gEm0ka3~S`HE~MvSBR5_`ELJMPX_HE=oXXnTVYSY8evHe(398P5&g zp6_Td^M2kP&yz=uK5Y8f`=yhUTIf4bKz$tX@%|=9eC73H#MTM4P7(RQ6KFIN;pm$L z-=9wyhztsWIU-`_7D6%yq0_L-0DwC8P>ZOcUuY|w^aqo!szQ8I4 zD-PFIsZUWH?HG@^bgUY#bS8h!-<1i~`UPn?Cg?}$C$x1<(*X{n9cdBkeN`KOgesPQzYEkhtW-j?Tw-RHf}mcg$s><5;fHH7vRbQEz?m~Koiq2 zpA$rxJ)O5+j0J}#Q)K?^Nnc%aph8t{GwcR;d)yA*Kg{xBkHxlx*WS86TTKH>WU|ez zS@<;%HHV})f~buW*#(DpTJy2w@BF%8AT=gh*J+&XU>~S6xaR&>yPP7KlJXzDB<$hN zV}v#i?kEh_fOEh7^PROnSffUJ!SG`i7=KISO zvOmmjCOTVI6qSLtm0D@tq&b;)kKPKK3f(DTu^JiqW&n0h>TmCn*lm;-+7H2rn1S^; z^m#k`aG4mZ1Y=p0J+TUd#?*qKFG=Oxf`QphzkHzm&b#sb=X=E2c%r`SL}}Jrso`+g z=^_I6{7dORBxWnt$fXF`L-d|y_%7OR?%f;NtXE_!+ODNjI4zCXsSdD5Cd(0hQhYbJ zvHxMKyAjr0nqKugz1wvQxw<5ZiaGq$(>E_mc1*7Il7C+7>J^(kcD`PRS4#>K@mS7~ zx;-Bij_*lVwZLVdBYor5Ja2#4IMs@{$6p!E#)BTlF;A~nh-9eMNYVv_et%^IiE=&$ zj0lkl_v7_O85DPhZ-A4(#Z51mFTiv(C72D(Xl#v($`g`WwaCyj^r{~4 zm#suc03RNfs&Q&uHjvnNLJNq!Zvzo2eq;yDhnd#lbFiuCEE@w6Dd@(@gb(NItDdLw$rPO+*7V>l zN*GRN>f`-o(j?u`(+5-}9axrFjjm+n8+h16gQ%g*rxrSwG`$~+G9lz%I3VHB@G9sP zgy^9RWXHD&C{L=)0{z!Ok^tAxqmWu=wEy%kqm{@P%h>|C{Xi`J7=Ewkz1^W)YbDm>yXgQ@6ZWgGC!gLb3!F&Vs_dznM@DTkV_Z1X-ncIO)Q^G z$5gf2y~Fv#Z@xWGCq-7Lif|Di2Z@SG57%JqcYZE48E7*t!AE3yqc>=%i>Jn+OJlc- zYqI?;qIo@??s?GzhSRA&M1TgCeESZlYDGCTiK z)JbR35b9@$WmdoRn~a!`(AJw7+`KDkH#;81^50WX>I zcO@o8)b|~Ken1paUY6H=3fJJHs7TEM zfDw}y9Z?j?8aWMbfe*n$>0&ewmhbquICS61MrBlsXO#6;1x)rjZVb+QM5}$ z<572-Ag<5WH1LpI@B;pN0a#Zw>bzsbB=Ps45g34o$yzxneSOJD{G}GAju#>_R{eX) z3j`5L%ls-NSSsWznghkFE($OX71Jev$m~cnyqDjM!XW9yIPn#a&%N&IQ&64q1xP@! zLKkUMsE!jQv~5Cfu$&!;7a^EZ-Q|fGNHHerq0CpL-;NrBMl%Vx-{Lqy;tvR=+O-+D zj4@j2#>Tsb`$Tb;%!ip}Lf)D}S>@&HO!(fBjPdz)a#LN06o@d?eF>+7DRT^l_0ew4 z_P8~~W;Ds9?e^?W*fILfee?2GT$stcNW7OWg^D%L*EwW*CSgN;jx)jZK$tk>O@*%f zy5=-F%=7FgNLVglwb3CSiTiZIw{@}ht8v{u%@dU02VMh$XMcTyhzK40gmsMQ42sAv z7@z9;lOvuCm;<%9m9#lo1}M@U{Cb}#`93OE#iF~+?(n=1jtcj9@UvGA@kaal`fL!s z>zDV`AQEdc71(sJj=Cib-p5oq%p)f)u$x-i%20CIF6%-VL}n4;vD=QaTxuj+B`=mo zCs;ZqN`^Gh75#ahl9bICk#(b}v!+rpr%UV~U6d-a%9Rqpz{e*mKC(<@;i9uZ3AQ53 z!)8%st&}AvPUi^07(L@@7(HFCm4oyNiNT2H{mbJ{cWIB4$_x}Fi{HQxpw1M05oQX= z8Tvwsr(!}(g{DyGd^EFM(C9sDD2cVVY`*~i$!fKsoalRe_pu zySjW5i6~Ye)@}5SvL^V(mTxoHA{g*>3;aCK=Q?Y*#|i@SJd$IBaqaM|aWfI5z@w|H zNjNua6n$oSUtAN2=6|+8EKLKa=pR$%d)fm+DblBdt`#W~H(h1_`svi`1T<{v2|W5I z++L9hyS|{A-1mDu)>l0?h9t3e7+G-rlQ{#U1y2_=-CnmP_B_b?Lb7Zazg6d18qi(M z38oCqPb;A)6BWp2YOi@E>~CV`aJ$D5mA~JcT@)F_?-m<4 z#KXSc4F;ste3wa&E9u(KDKz2g@m$KP(WW}0S1HMZe>x*znF>HpQdEvu_z_f)Pfdx? z)L9PwoWbtsO&Hou%0@PC@j=M%{W~j0pbq%XL~-(#muTF@n+&Os)$sM>sVY^XZU_`c zEkwr1#DI$#7fI~>i&CU_cE|;sGQBc?%Iqh^zI@pf<^$wadJj)S0{^@Ia}P$D5N^K| zuGrsa&JPWgPe-PqIoxzJ>1Tn_4Fe{%(F!L0dwyphv`sbgr0 zYQlPsEZ;%b_34J-kkI4y`0YaLCKGit4G!4jbVqcFf9J^_X!ZYFuLz4}gJ@f`pn63b zt}r-?kwy=tZ~a)mPTXUOt3cMQW)Uw~AEx)@)MH8LG4+qc3Y47bh@g`Duuo1~6cQo{ zR6CtI!oynq*V185M9N%I!-LVXk*sH?=St`%)Uj4;*$uj`N6XBQgVooAo5wB%2o1LP zSg^ifsy96g(g5=b1NzO6XIJE!iCF1pW>vV<6lxqPSY;Y=ZFd(tvfcsNSf-DO8RnjO zPi?O}wGE#`J-3rPjxf<&GwQL!POn(837x95G8!9V(I;KF$BLbo2u$2s%ewkxOPx4L z4*z?NuS$pqr~VGcx*tp2R4d*T)U3&jS`LePt|{6|T_{snwpX## zqG_OOi2EGP4{@AggCnWzW$ZXQXUbI;8o@=H8~XjjiN3F zkS{Z&(D^|lqhZT=1J^1~pW!rCf@S|I$CwdRL+ud)qMN9o|6n{zNfGSi;$oBa3ZMcW@tM3Nm z{^04xa5u@XBY}q{1KiKw^68Zg^ROEti&_03IJ@=3gt0Bqx{-)J&_BWc6Z63o;1=Nu zJZE*iwT}IDYVbxde*in76qvK$n#_10!;rvRoiA?-Qfs5W-L(eLFm;nY&c!&mO@+sm zNasyqvwTaA7<7QfSc>LjuofL%fci7BZsw=+yW7Jm%067%n0{GcpdoA?BdSN`tiCSMelTtvF*Ae{+~G(gb*hG=qqr zZy^NCD@cxuG^>s7gTK}-ID-onk=umZiiMRBNLuqesxtryBH z$J9fO@F`=^^W-zQ&5k~>iXMr#aQN3aHa%-?)|#d}OP|gci!SP`u`9Ot43N>#`m0Vp zZ|srFr6pV25*}UJ%OK45WLU=DX@cD^L-AH~#hK|0M0L zz>xr)Sl%QC1Mf$+D(r?3Ux-Ovto2sxOy0#kqd+i|?a%Y_Ue8w)W`?Q7q8ENsk|H6a zG&eV@<6XZnt{+Z93?f}*Fua5Q2=hFp<|$>Mv1VOylc~$8?y6MkLjZfI*w%sdcny++ z3vy(7*GWE{9G8UPX$^Ks!3J-_#JwbWQ3tFQDz$M}7m=IIGB>aaz{?m#5f={INT5}M zk?Kj);9M$zNSQ2$c)y2#-6RZZ^4V+&lIuJf3UFRbfo;pkKd{DI7EhjgO!pfML+88JE@a}N|WF+(8o8RA6gcSw8w(ULi-v#LQSWsRq zlQNQe_nKP>mMt21jPJdktu|H?6(^t5tCS0nmNDi#9Zm#Y<{)@&`9i}}71+i&OOk!+ z`I*&VG2LSU^tk;)G@i!6fy)rWFbqiQ_ygEnvS;WNd5&R_%3%(jrIHM z(?CG06p);J=C1ob4K|pjvQ3#WaKJsHPE8iv!2sDbO;sHdiKIwVzvl(X$a7i@3+F*D zsy+`Tl65cBV#T|hdy!qJ+2;LE+c9T)1JHF*s+$m5g?~WTH9`zFSyJ#1I7xr9EAr1@ zcvVGGR2-ZfNU{XBOdNbj5Pyv%UE9H6)3GUM&UsCS6A1nUP>LWk0ith@$SEXEihyw;;2tzvU>IsVoqz0^HTMBZD;XE8TGDnS?tNH*+6BH+ev(G$>KI6Cx z@yBY^2ioSTslts)#A`2kF4xnIx%+RG64JHe^?6!v+TwU??Zz@soz^eIAp(WisOx1) z_($_koLn8IBxq6|hZUq!tC3O~Y;;+r1N%A&@b(*RQr~95OfBHjKw_c@QQjI+KXO3C zBP+7RK-8m6oPJ0H-}Pm0jTrQ39(zyLBGe)A((K)$LDssBWMY={GC~=g?&QT9YvcPJ zWMq!l-Y6LXohT|DRbR$4QDs@Ko<9^q-22;$`NJnUX0Kn5IoZUFbe|lm=W@Jf^5Z_R zVQrAkLkK)CeTmADRgQl}h!9Gd_L}%5bQzzyC%$()F0Nke-OJ5%w3P&4E)sMa;>uy- z`BX9JWa>RXnCE18wj&#nb6#SI5#AxYSHYr#)9s6g75jHQku7mI)EaDcyzhQ__V_+v zN&Tnc+xh;LY~5lqLN;a&Me5+L5L~UasE@xTkOBcMItTr@03o1^Vln+jhgSMlPY==e zP2^XI56E{oHnG{{BhlJU2W|o1G3Cqct^R-J-f(THbIRA3y8n7UbIgf)PEHm_;|@WKa!$j z)39AH$QYZ~Ev%;z8^w!WPc{X3B8#v%UEE}Hbh9_pZ3w2RaE=B04JphaSSYeDmX(4q*Uu1rSyPCW)EM0W+`p7WKh zX40fq?`mnd#OypD^-@^9I@YlCgxR);?JdBnSkGKrpiKB));g|>;_9XObJTvCGyWWY z3qcM67LK{BH|^G({u7VFD-UobY-wQg%gu85|2Y5I1f`t`I^Xgg1SlO@vf)24T{v-|k+3q|PPU4xEqh z89!z-vys;~9{AJ1*F>aTVbJBzUTuP>Z6QG9pFN8O)AXTPH&=%>ZtpEyzF5@XC;Wph z+Xwj)3IP}Utg(~M6WYMRthMvPr4!^#PjR<21~Iyk>IA?GK_}~0AI7pXc61xV5x0iC z&>y-q>Bg;5ZyIHq-|KGDcYEM(#R5#o*@CPL1*lt=vP3u4Oir)Cwu{ybTW1A5Hg)}=>R#zaapyeu*dZEK_PJ_*-M*~CNY;l{YbCkk&_tTvh&xh&>G z3rn2%k`g7D%Fu6-$0H=JdNdCLcMY=X>^cp{h60X@@>B*y;)xZy^sBqB((}^$+wst} zf4Flb0oW5jDJ&zIqSW@P;%QXtE|(G4>4ymTHQ?&$6hOURtBOUQZ8W2jx(gAZ1VQAKFsU|+~gWnK@F^*NAR=MCfaYl3)}_IZ$P!j*Y1z~VSyNPSuu~aVC*LLqfG@jyJf1ZW%+1; zPqb#ODMMH=q^8{Sx&6$-v~v7+Z>RhUdHKoveA(ROea#KEK(w|DwGCQ0H_!SY^Ok`{ zn8nmXJkg~N(2w1GSTLIZeYd5?svq}h>n6)&#OFp1{a}F(ck~yWd=k{%$G$%5o%(hb-a*jg@t?;dE*r( zwrG;GI%7<$Ntplbd&CtHE*B4L(^JvT-jU;1nQ^5R{GK?y;yzBHL)0KD zrhC=V*ZnPqyiluU`sUl2SJwWs-GBT^Ul4pjTik*!E?{iXUSH9o`~ky8q}5p67dGgB z22ea(BKjM7@&L$C5MK8Ck$QRU09gx$VVdEJhU5{ew)-!7onq%{9v~&C{&FeQBLF*F z`_~?;*}r8BRb4>4z*oMKmlIbz!9Dtjs?z!QpMuPW*lgDvPbw-5fu%v5YNdbBP^sFP zfBdOStF6&2_N~rN`tHtieu_&yIp+kBg&Em!-?)v_jJgI2qFBzdYY`9O!Es<=QBB~vC&98u}*)9BCGF4OgS z=V`4+D$airyhxB>;+euHReL!JBV*&pb+1q8%?4tIi_u#OzsLvw%KZ*MNfh}D+Wva4 zUsyw_|9soxF&)o#Xf{M1m=PZh2HS-W6hJ?D(qv&iF%ELm9M{Ip7H6xsDdbIz*HaZv z3kf=|>k|uXDm}Ci{pHwyQrSUnNmU$I5%9n{PT?8ujv#SL-e(wBv}YF?w+v4fMK)J> zAEBQ?M$N6fV69k=n=m?};)t>Y|-Oc}5$Nn8$jOqPHL16fgfcW7$Ok?mrrW;C9NC1C7 zVh-xpwP}6BlABfgPJB_R7avNlT}jwLWIlMHd;;MaHdit2Gy%kK#Gk=^@0hl z9L=*7#_Su|)Hq9P-L`o39$jILrMRfLaVG2Cne$e?QeJG#n;$bY@HnYZse@xft z^x&TdzA+J;ZnU>ro`ICBLT@G=xW@gCna-yJJT!iMw4seuoArOpGoHwV=8j7F*h98G zV+sI~SBTbiMnL+9=Epnck>SZ{gP(TX^(Q(3zoXq||f05Zmyubj~Oh`-11neRSr6A|ZpaEt8U=aBq+4NZv3r=w!$#z1{zK;KI;- z!QtxqA!1Cn1d3tdQ&*8TJ_JGPXNT~`Sjl|p-n#21+g(iQEJ0lR6pbs!Uxy@gBp4?7 zVTNnwD@f+o;u1t^>05(K&TSTS6K4Y3hnOal%!OUx>k*A zMAibSg0HVPljPo?3Kn=@D6K(6ce94BpiZ)9A5tsjTM}H+Q3W>W^qkOET4iUf6dDD! z5*$!+fE|@AVTh(q$E9Sr&g`A7Gdr3|nz+}Q*|xSof2GMZ4cS-Qi}tpeP+3`ugaDW$ zsS!U1^T1Kkz)41CoAu;tt0&eB9~u&W8JCJkO(Mq}ht@Yr2850+KT`SV;4_&S3uN}1 zV3v}VWuBA`9EF+eS4-W*&e|E_E*8v@Cr5kr>y^?NzwwMi-8D!SRm|F%6nIm0&sZB3 z&AY!i>G$~{ z#;mWN!u9&~xl*@T`J3mZkUs;8bGUySNPcJbxVLcwN$=}~9lsQoz~x*%9(SWh$&z%H zO|%!l&xNCQRvPW?Y2`XzuSdV0z&%5oxaTtMDy)R6NcIZP`J`;g8#pee z3xLSh>XnIEL9dh#8wQWk7(PC0uAma2izvov&o$C!1`REP za;Nv3KP}heHpo{J;Q5>DJcj3@O@-U#6x(x<#E_0lkqF)wc5gVVMZ1yBZcZ{JOlPhK z%x}vo(r*swlNQKYM}#A`UeVjkulz>4SX2N{emqy~Bq-O93(@EcGR@;pT?MZSfsT{` zwga(nZJ8ETzr!xA-r9B_{~{Ezdk}NLfj?iVr&-z#Y>BFKO|qg_AU?%{mddPERL`0= zkk0Z-o%?z5v@^BWzLLyq-BHF>+ZoT*8LjG5>o9AZU#?BU(}7oDLXA|Dw`fr$&K=$S zYy>+!)czFfOx9cKu18pG&4C>@>oAdpTG9*%*Jc;EZ99E53;7v}n?tRJ_BFPbom#ku zT0I_+l*NEy*QzZ%uW+Y0GDoEnQLj@ZACaJ1M-LOhUT!v>GoN}oHZ zkO((%PK6;8l&ss0aH5d}HCk#86nl1QLNVe7mYDGIl86%DJ&%aWq>F=7`!HC#CB~$2 zDo?J?sGUTzb82@Il)9zl-nz@qn$t=My>r;F|2A0yT7`}4TkWiy3dQ4{py^8t?JZb#9iQu7`cATe&vnpx$%<)nh7*t&uN z(br!%TTqIL&i89ONcRTpCuoeUH9PI+gww|nI4|4@LVq;hA)f7m+&E^e{N|Z%1t49E zuldYfw5;(xqK)y@PdxLrNOTkGB?psSi2wNyiHg9dU$4Sn@X`hbI^QimIxMD%kLF90 zbbrjNL8mV+=tH}>ks3;~?tkNRADa3tGCtbE`0U&ROMxAZImAG4PE*$>yH%!+@Okew zUPT_I!ZfWAJ0c|>B-zB_gChYg;_u~??&WyRX#SwbB&iIn}B_9{UAvI??wD~G}1p#xf`0hPO#C(n-kk%OnT<#JV!Ngk;c z%Uk={Ge*g$TFrJbC#sL93!5kLTnqapREqM{d7wJ3=V+YQ4s&1ee@Vi};Ao6yM#L6A7og7`aI~L%x(LXB{Ks#;w>EO*JOE>AZH~w=mm0!o+Ow1p&6{%vXbyDG*U%?i6 zW=hP7tZoH)_De-*Xi7D2;|h5_2oR+4w!wlSoP1go$s%`N>hg{)bK&T66gH%6qPcRV z4361VIA>PSWc|6f$si}yw?Wf z9AC-lPBdn$^)<{4$lakSaVDnjD>ZASf+91BeIh;-Fln`N?X0Ik?pw6|AQ=yt$P$d2 zP0PI1@YyDKMsjC1-{vN6vrI`=0(MwR%uM%FN!<*_xu@XrKF{q=_Qq{ z>e7q@_aR#d-$aHEPt59zA-P0k=O$&I>QRU|uA5+;K;? zRu$7t{2Cz%H{X17j(Y45e09+fqnTpxe*gXV8^7I#4I2t&S<+95z%aPuNx;dV6XUQ%v57rYD>BbvxG(m;ld+$AAHkH{%OA;D4ZfuUT zFA|m;Ra*oew3TZCQzY8UK!1M)-|DyCdduK%b7MdK^wSa@9WA%sdTaLN0OqaFKKrbx z3`w=wOpW~r-Ituos0DQZSX-|*o?t4rUk;4h7)@Y-vy zHI@+I6L?M7ef>-PfC=`5;Mez>{RJ@ zYJ2sY&d_J)-pBF0i_rTZLruu7hBav6MX-`dJ+#H6#?6r4-H(@YWlEYhL+BIrUAlDD zMwvQ$vHUi6x-43;&dhUlYTHyUJgb{@@7Pkx>Ldnz3|A6~*>r}NDXZ6Qmd$Yq(oL^r zwIt8ge46f=i3MHu(21bG6c>DpiJS3{jxWyFcU55t&wVC3E2{Z^ZepMNxot0w>#^Wt z9O`o27ss=AXxhv;)sB-6O$&;q)IDwDrReKg@0uSo6@NO_mfx)bT-S-n_XX#s2ys71R$gA&!@5c(0SoVcTSW-+o36Mk} zI8xd`$|0rGrcEE6PN_{kfPo}D zw=&b$Z<5&8K9uOTEu`E<=j^px{Exp%(!}Xf@s4XHyhb(I_4i~+7(PnUmadlct#J}o zrj$ge7Ps7mXG@6=t+S6$S+GRnKK@clo!CXn^f@Jay^iQ*+q<7hhNfSsc<&$yRk9mQ z2&xqO;(LPcEdHcvE7!=zJ0CR~sfhY@rNWH^f@+O3wr!UkUks7tnR6v={bunr$7@8L z8d9=LdntGEITES_(Mrm^MH2Vv*HZeVZc@5;FS{BCM~Qv=Q^}0mA(igE$(ZTJKL3uS zu3o3wN(~6Me3iE4F>Q+{kqzsswo)fObugbT`aNBv3Mc+CP7=pWl(ZFVOdBfRdA&q6 zZ<4*+{(QkSd&dvM#oL)EF*gpBh?>S7l5-_2hFHR?)Yfye?UfHCGc{StUeH&?1(L29 zg;lL26>qy%qEr))ghc84K|g+pYSA={;H$Yk*HWg>Uq4pMj;LK-%A9k$PM{R(a7E_p zJB;@;Pl#wGX8j~w%I9YIZ5A_uYB;mlqne@Jv+6O za5ck*EF!!g!&URTT?39yo3%u0R;w&c8>q>$UZaOXcqB&aIce6gmJA;~Rc?CdZE2$4 z({OXxl_HB*td(_}w&~=4qLkHV!%3Z5$?4tOYQI`Z`LdYzx?yhKW1FOKDgoV{>Jjj zPPY5^oMd;`|R?x4?%iZ|CrXwkw`4W(JH4?K0_ zO3U7d?>Z6S>BHSqLXy2+wQio8v3UAG%3h}rVNXekr;%o}*Xe|S!9gb$%sPE|>licL zQzGc;4e#l!s`;(tD*KqgFM(}R^6h~q=R%25_U=l2J=&!+=Gp7?!R)DK+0zGvS!e6l z2bibC(NnUuSN-}BH~rNYgQtYtqhG42HRrTbr%v9!+G;DN4Ig~)fw^|Lew3hQV{G?P zvhArh*W)^~q9oi?t+uBx47g7CIQBABVm;1qrYR5hLs6I~yL)Ozi z>emOo*-a;oJbh4^Ys})hV#NwiNv5X};ngKF+3d%4s4sm_UtXRPV6#pMs3}V$#hd$3 zC!)-`SJG?N>%hV6XaA{7gr|9hy>jKsc~@V3wK?~8TR|*0Z`thW+%$Do>cc1 zlxgTC{5IAe>c#*3yEj{+y$v_tm%WZJnW<^svNk7s3nJ@z8dW%Z+pbA7ym=wjy|n{x zHS02yQ?&fP-omOaz4;Nfy#*!edy8we^A=Ta>8-u&W-Tb|9?ULa_m`AK%e+OETY5_x zclMTd=ZPt+<1H-L#GKcKF-^^HHfmrm zJ*KjL%6SW8nt3Tpvfcwp)8}}L>vh;&CgqmZPX+UP4bDp?t*4@Xs+jf5+McHS?|HvvH){8nt*?II%@3=Q-A|2JZnh--H`kjVT2srZ z?5*h0&)f0C2t99E&#}NV3gY+k&phkZu2$WvTc?h9M!g2!_BzLUUY!9O_e)b;AttnIaKevJ3ReK&Z^#}D>W7X9j_>L+pjaBuXNFL+m+ z-&^ae;l1|6JzmC|30~s7VTJxlS}?-nvrF6HuP=Gw2yg7yFL@_+Z0j|tU*BuqxRKYg zNfT{KKHXZ_@*E&k0*(PQ}Rm^0M-L;G{(1!roX&hXYw z{MuVG_EWF(@vXf^wd#03)obi+*#~ZZOgHI%-_~#JHB$WQ)vE2aJf?Y}jrY{*&{JY- z#y`9#HBhV9p+g5xiJ7^a9(dpZGuBfgX`bskiEhTMyaU+JKfY6?h#3dz9E|Dwq7&%mSo+4ekar@OD3SEwi^hYH65*{{-8&IIUA_S<^37)|qA(*wiaCY-rB-V7jUo zqT-h&%qlQ@q&I?@NgFn7m@!dew#%B5+I@3dqM<|Mr)0`#)i8gx!mJM(JsqSQ^WOYw zRP6Elvt-tYy66Kzdl0m5n44m@jJ6gDoY_Q!OWT$Bo0&Va(?R^B&)~`jp?v#2w_*d^ zgcg`Kq2*>aa(~3uZ?)3F>Q{1RW-|%AX3q(;hiC)2KG<%L4^}tYLd@mSXk(7g3?ehI z2P#~nh+g?QieMJe3b|$pq=Y8f3bU-t3Nk}zg|;)xi4}uBuC4ToGE2R`iIrTASg@+vx1wKrui>8o1VH;i@_ zjj9zT8j`wXsl*JrTEfa@MX|1Q|E+??GqhZmNiN#MoxhEdwHIC`ajF3>t$x4SdA(pm z)wnUZ$ukaZ_fc2J*Fq^R9$cO7-d{RWEx?wdZY&sqgBu2TJnvnW`;~lklpQZ8vjW zX2vIIdq>E&cRrOQwNAl#II7VxQtqltB(y@7<~7%Y12^dPxApN?Bze{hz2EhmDE^VE z-A7xTv2l~=8f4QLbbe5t&X%l`h3$6N-6Ue zO3M622DcpT&^~N?>oeJM-&1CFrl;EGQ+h~v^(=R&@ETR6;{CVDj?cf7oqvs%#J?s; zsV2O>VDOb9bY*cHEQ4{`?wHvldr3&SxL)&8&M|~%7 z%>}%hg4L7nb+#-mmwqLwg~gnOE2U1&%2HJ|`cWD&TIYVUpLOk9Hj!uVxk9$7RX~Jl z*%$nQ}yP!y#BFQGtCEGOOIKhml0adsjA(>s<5C%Nw2YnV;sl00;?#VEi9T@EYJ{K?a*vu;fU2)pfFxVgKEc&Z0DVg zn-rE<_Fc@mK_Ja7q!wj*@yvpQ3 zPMbJK1<@v3uU!VKpSmn5wr%B{g~0Q2_LD=dL0&2c@<6ay*`=+UC6g1p@HjVq;ku?ye;e4&y+rg#?hhXN z_^w;QHx9uZ3KKB;!9B>miUg(=;@f^)>+ zpdf{F4;En02b{S+G5tdDImb+&{p@pwmnsu8HYf>`BMhjxKG?_N!}VH_LcL62^z7Ah zzl+6mc&n1)gkMG(Gh)))@XXTtKSX`7!*u|yCt;r@L#{BP^$WzQ)T!Mie$+@~`Ye_d`*+IYyXiL*B>uJp zc`niaau=K>H3z?$qr}K#8cF){K&loenlczS`T*N|}DWb;4n*tUd2)NuE1T(qcEsu5lC99K3Eo zi?qu+DUk5vZ;~_xavmyC4eF`scGiSgW?Z}^O_-u(tEqFz5>ji3n&KbVT;g^Abr)Ty zcCe|kYr>=~QmlJf;XFmRZDZOIUa5j?zVB%@%T^Z%#W+KWU=GpyX4BnIDk*5B3eOQc0>jako^sX`t-*><5Ya=qpM5XS{y?krM4YN`;%Rkh15h zf3lkN9;_^0v{)ACKsrpHk0rEAClFk1x9n1a%ZOu7Pwkeym+aSAFYlW}BjowaG+C{e zHYthzo4eeY7F(ZNSY>I&_WA++ zCe2(VkG}S$oYPa)13nVPR#&*S<{v9fk! z)@RJ$GiAoSWlExVYO^!tj;s5sN%e8&oiy>kMUt45A}u4Mq^kBQ=ZG!$4zgcWZF4KV zCYR|^p^C}aKgY_IS6wXy9kYSwHsev2e0bjah4%yNAXfe{0+Zo9_wD-oO=P~QH?s=@Uu3UaMBih9~o_Z+@;Wrc9 z5P8NIe)D6qgZ`r~j%CSv-x46ZwEOv&jBl5#>lKp(mJqYu5_0-rNik(JR)*O6v!pO7 zk5Y+o4HLhV#Wc$_>W=AAbNo+^A@BsfULVT1GUy z1tHvA5H+;I%tk?wAp->8vNt64{Pgora_1d)8f_dm635vat03BOAZ5@_2oxGZFgqOD z6s#Z2@G)D+O9q_%FPdQc=XV_sR%Qj6!9~l7Z`9dFFs~s*@u@Lfu8)tl!vE3 z&=z%aO&0Vy<(yEix!!#p3;b<2LGbVu=jB2GEWc0|VgqN{GPpOVvZLxC8&9|5t)`B3#Xy(-f%LLbhs1}qkFd!m+pjd1;_h`{Ac6L9zo!?AA1oMaY z?_-ZUm?aZI41&s+E5F~x;0qkpprIr}f*-rf_@t7SCt>LCy1t2&$cscmRCREyHgLwz zbH5v~j|0#|8sR$U*_a0@&b25aHS0?uFy&LO`v=*uS6lRY-dl8ViWb~2=6$qp0+YEt zUbYV&qT2S)Ra2TZ=~A*?M=7uV%4L;gTTQ*c*!+G^-x907w~1zVNMY&TJteGcY4eHh z*hZ4(%+hW8d|Dsm-a&JRFYv4HD_PQWq35~6?boW$a79yIy80Jqrf3>1&Wk=nb`BdQ zyZ-uDQdg{20o)i&2P-qOG-@~g_F}~{Mujwy4zWzz#-v2_9rfP)xfzz}PtyOb; zrTWhI(coMMPL4Nb}|?Nh$#^8Zhpin6Y%ebssi_d>zIbjun0)%q|DgNrKuS|>@ zCN+w?1RDYDvrnI@qq+L!WncKr?r<|Pd%%amtR)xwET{lCa>LsToEfG+{`kWTe7RW} z;Bw+1vNjs=!B!2yW`>A*m?2}Jjd_i|iO|qJaQ_3QP0Tid2@ea17QvtL5{Q|7NaVF| zez)_0BH#cI15CJSH*G=_hh{78P?yAG(h&{8_sJ@*XRs+u^0Per$DrNNIDs-{vsPp{LIH$LrJWsP zg)NH7{>sj=|H_72|4+$~nxa;$Dpg;4M9N*-Z+B{>{Vgr${!DP}5$(UfeLg(AG$>k5 zK|^nd?v(#@16uexQf|Qcdv@AQV7b1%T}iU(p+}XbKnyX5j?(YxO31UUQ1%?8-}Ib> zUhE*)D+TkmWMmz3m?)gKK<$UqhgE)hkz!wd=P? zng#?5SHhgG?JifQgq+dico}qAZ;3X6&_ZPLtVNoic)OI+>!F#JwWl;n%v-o(HT0TP z);_G&PlCRy=c=n+VUXgyTa&*%c&|W;Q5M&paj^WZIl~K ztU?Nm&^?US;K@HQxpc&{uvU?S1%Ls%Q9KyXoe+yDD6^0BmvrHs;W(sM0 zK??U4_YeLnymSjfm~f#?GvL>2hJg$B8qYNbHE7&<$uTQ!UyQt1G4Z00MCGhkub%PY zWQT6e&y=FJPm)-ON zgakKPCLsV2m{S-e@L8V%vAPV?N3q_c}?W1B+jlVeN*#iy^zT?INjx~0mX7?W3Ez9+8 zW!&~zsxuCo=v=KEyRNZw>$C+QpG3XqtfEuhHcV0o=)W?7VtN$dZevw7IEQUKP4CdD zx_Y{R_GTG~Z%?SQ7pk!c*4T!PSgh*!#T?@HsIHP{MjZ0<4C_au#Cf@H>mQlAD{YtF zn;-uAZ;JKpW7mE8;|}D0>Vlbe)Zt_7h1ZwZOK&XImP?zQ^%uZfB}EE-hqxE>V4-58 zxt`8u}Z&hLACg2VfTRpKu@APWJ8QDzY&=@IkgG zb{w8ufBp3i3}Og;uMu()vLD&c8Tag9f?@(g2|UKjlX&y)MvWt>eZ652U}?n-6C!3n z8Kb)t7~a>^`Y*r(Zk@PbqP@dfhGmc!4qte-g=#JF!Z8?_Kmf4HqTRrC8eutCAN=ld zZG`~lBtZ%j8o1|Qc;2-M%^GgK_~`?RngY7i1=!)G=GhR>jganRF@pDkACyId=G(+X zLGq?B(I%|leybz)(dW;(@EF9buiadmbc&$Myil%rDGaw6!giF-86d!+-%srjRolxqK0BE+T^%SxO+?rxutC4N$$Ee3Qi9}USWB>-zrNEpf8(0i*M-|CAqXHH zmzvp@xYx%xk#WqCmiN-5R`}NktWYk$yZxOKyqT7g5n8hEaa?Ym4ev*P<_ zTfrTFwbBK|W!G5xB)Lw1;ZntAYm2CsCMpXwnmG+6DlyT+s*2zK5m5Kiu3J~56-ZiO0KnT>kfN& z^=4c8?s_XI+9S_;B~R0w#yH5y%CNx$dfO)jrm63+u_N3E_vIa9nOZ!`UG3BfaViJz!8&egY41lwC|KPjdDkbOz4T2fzAW#N5W))v-i5_OSN zrzOhg)dGDGz>H*0o{$5O<-!z{WjF_bhGKzkFB`c6`UissGDrBhKOg+242B=9uE>D9 z3U&og*Z)S2VGTrK-I9LSR}kk102c*69-bJUa9u_|YK*uBB|YV1xm)|VVT^dey_tD- z%>~8&{>Wf#n}wGpG8|Uu=J3^Df2e&kUNKl9v!Iwjegz*Q3n7nQCPS9@qU{cSZxR&a zW{P$N(8WsyxWp>e5@GsaG6F3UmNUQ%E~Efs1X{ox0Hn1<06z%YU(E=zw& zzJLn}ZQ?vhnY0a$6ZHK(`2MV7Y`H&szd`x=`SoMKPsHwo{=vQGkAM85o7lNObu%eJ z+#}qM#*Vv-V*KM@IzSxSC|s$Tg#G?}^qpslb_!yDIlwd^CfHs;J>wS*B+rX;0AnH*ShWKN~Ig=g$onsyp$Lm{+<{xl~XUrsyRt*<^t~1;78Z6+ir>m1)1(TxARfPGB)h{f< z2a;fi`rGH~%dJ>#s+6K<_Y+SkjEpoJuB2bXhxE4-r%rU00dyTGR!nrY z6d(>z35#;lC;(w@rjOy$y7xW$a z#*z=PX>U->`id+-5>ynQ^a<-$OY)c?i{Pz=HyajHWH9(e>?-mhU?G+=d$7ELAfF%; zPd+0AdvAo&eBJKILRvwQ`l47_itec``}*t!^lf^^dxE$(V?# z3#}tBHXy_klLUZ19H)UbY2GXIl#F7r15orS2xR>Ad;=y=oq4LQUbWh_iN5nflb9^n zCQ{C$onzvlO-zzZuKXPa11tboo=G~!0>k}10oExWwy0rwX2NP}qVx6mZ+OGj2Uz-o zF)nDLuuj7>;(=)|6CXSc0u>e$z&?rMILG3_;=`ii!6v{Si#|#U#tGJCcuu{+g$->O zb+-n%z$fC%xd&khwAW9}wBs73x&Ne|0b_;x=jG+O$v8O4W65MZcndc?;(4OE#Io&` zG-Pp}Cl_a8b5O`|96s>8{bW8v0GYaiJf%LoApqI54+40z@bhkCv)Z5-IpohwoALt?htBA~~1N$&3q+HyjJdfWO3K(o(RFIUFq zkGlBng4<;AR3_@uD-|m7yFc5oM`p!LG8ON>336BM^~FnU%a^|?gJ6OcKlq3hJ*Wh6 zx*#DTRfgPB%RXhMWx>-Jgta(j#8B(04A|R#^m8T8(iTtubF*chcD&o_sOROMur1&C zF6hk)Zu^7Vnu}^`YjG$pQ5JD!D{ccQ)zTb}8!r63RjgU6 z(^u1lr1#h%PZ!feH1wPx8Fq(L; zKh_!gk0%tKTF6ncWU26R{>DJEO_pNZpnbjx#uoAufH^2T`1a$?h4K@{HR~#U1jr&o zp|}nbG6S*;AAUo~p4xl3K{y<3;rWmRiQn`OInu|!dL?+UZhj-n;9g7!5Y|)pK>JaA zd*eg+8tNyW6lFDvcQ12rU0z?+y*#Kt^E)hNj40gVBR)!foam z;NFgG2XI3!mC`?r&_A^nJr(oNO7RbIDUM? zF~I(|{eJW<+x!J>>vhFf9Qa7oRxa7v-Ung0HefYRKYW5^f8cCw&GWDT)3RavEc^Xu$uj<^+IUS}8z)V$e&79?!2Y|o_t}?% z#RZ5nUBagwKl-Hr*yU=A6kQSohtCKA^ca0`mBc&V;0_J{Na~p*V0W1kZhhE+`dz=( zKEWAT^?UO+EUmx%JwiOBT(8f6(rO9{ol9}$rmb$PD{))(DaqPtr`v#E{;=U*zA@_R zedT3xpMOws&#SCt-fL>pqt^4Xk6Q1mJ|j@2c+}tiQI_N_LQBNX>m5i|mf}If1Z2}_ zLLJ4Z*PV!Wys7KHmlRmwAfYIv-EA~oRyzli6v}I&) zdfVSDCZRJF&o@_Y7l0cQ>cj&%`>*OAzi=b=uBgQDVugw*;y_zCfY89p?zdrxRTmR8 z3u<@)h*dT^){q0l@?u%{E?o`JHvcbTU-%$!F!k|GhzKt9xUd8I(f-buF~fNhP%}z1 zydj9&#$^gOcjAcFQ?RIO4dI(+k`Her9RVcO~)tb7i1ej{}>~`^`$%A8C zb1PS`x3VSg2t=g|L@O(9-Y~1)u5EwzmMHnwP|53cLVAs2jZ5df>0EYG^M zSdFW;?a($m!(Ch|?W~o6T)A$ebJu2DodzVnkwB|r&3d&f%hJay@zb!_ZhF41(l_3= zYJtEMS+Ci;hwCaIZ$HY_+yXs@}1yu8k7jJQ3GgPFvQh zE$WMF%RX0fT(oiZO_ZB%@_>e}hq#Q_XlokkcX8Fe!WMk9hjERp*(u_Am~e}(+Pu|S z@Z?&f=ORU1pxwTF)s`JrA;8aGzzG7Y)Ri`NRQ)rfTy15QRj%ED$q-*x_e_18tF~;j znqs-y>c1pe@Pir0abGT9wnBU_(w0j-9IxR+azD9yt1SoAE9}LB+n^U-zrwFRT3?ED72Gh*x%oO&z&>ZzA7tMq2_@8;_)Mv zWdmj5EKaDl-TE|yrv9qde`DjDD?of*b%m8_+znFS?z!y-%O5eg&I(&zQn!Utj9Xy6 zef8~k?CU?i%Vm7N=JOwMuF-KsxEM9?Y9`vEch=f>elg3Itk@uytA~14NmzyD9-XRK zV7}ARQk*vzbvrj|xl?Clrr8bO_@o`9y^P5`4KZgi2Yy#T`(OWl*=3;qW@4%-$9l83 zVT#pI_%5Tm{ZnJ|7V)Y|An+JjR{!$1dz?}^)-{LfF+eZ?jxZwfgEU60ZMblg&!($e z412=cV?>d_Z)g)gJR$zX&gz!Wpc^aKG2- z@{Q(^d8skQLsNHWQpN=>NNC-ev>^l#T(D4Fcwv*d0nI(`>=3}1m~~vXg2c6LA>x$~ zeA*Kb(;i%+>uglA>N*8q zxO}X?spIf*d3Nm=FSP%?<6pLBgZi&6&Z-1@`Rv_y5$@K0{=<5lEoIpUPM>a*#*T2{ z-PaAsetqEzoAdHQ=Qce;ZJ!QM4p@?X*_M2Bd6NDaECm7pnK`&v7QQ0Q!&q3~iv*Zx z4)NTAVPnm?CMpwgpd&dzNB|*&$Z%}6N*<-l6!wVq7^p^TrLUJqe)? zE#dh~E_O8!AOjn#_}c3f!jwW9>~qT~dQxqS)b0iq763 zZ;BV@EwD3Z9_Nx(kq9m!S=ps4>*9ff_orR#8GQN2&$Oj0H`w*Rxz|~7&p-V*xzplu z-8=&Po_O>m8#i*Oy|a3wvPHk6?@bEVuaw7prNDWO^-#9yY<>DEjv2S@38RPF$l-%5 zSv+FvB?!0aP1|O%}oQQhVT{%FQ0s#1)d+u@gi;y^yz+q&-gBQcV!KRp? z7%t8NUBrRT;Q-1k;%!OPMyymv z5Y}Jj0%D2~FdzgB;*iMV8BBiHp7$q~3FTvUR{JCnYR|SsbwwOFR5{>wgTS(>4i2kL zbO5YUzw34G(9Np7SnRb|!mRAT6E7P>B zk$~QGxiqGx>mv}(wrl`p;+H)jW=ScP>@~fb%#+Hn%NY7mK*Q zhg1{21++Kl*#L^S$+G`mBfOSKfR&e**JRg8@QMX4R=$xYFOCXC9OwiN5Tnj6Cb)pJ zB`mwTu!9ZTs1i#~BHeIu-cD#%{Vh<&9YEW*Z*$psIYEZJLy<;}9#tRc-IQhMQ0#xy zr-%dHjRROy*#aWCr(=8f0XJ=8htXtWk>kP?+Y0DhMRES2Zmbd01@zKODH>D&06+jqL_t&pF1PP2 zwAuf8-t7sjrpOIB)e=((&4}HKN`cqm${Ky`7o|i~obNC0_@}L2zr|SyalVL&b! ztg#R$3XEqcmKZl__9VvYTdR!ZWpb@9SHd;+EA~o4_=Vf_gHO$~+0VS@_y^}`?Td2z zepYVb2$pr+jCt#39i+Yt-3zyNeiP<`rTD!@B;_QQG+v_9AV09Qkx({Xmg!*G=y$|{ zgUJDm9K;#pt&8U_h7RJ4$pX)Ir6>Ro2E_!$yOlJ>ZyxTqV>uX&>&Sbu?GcHOAhzd; zDB?iGfv(R1l3Sr+WRJv-Aheid9w!Ed?2>%g>WVCze#?pWzAr%B?Mtk!fg*}H5OJV$ zI8d!D&xAq%@(_fwL0$sJ#1r$gqX@954UbGt+xzZQYyY0}iY;EYQc3-EhW21B7Ep~x zSZ`dnOlxsd)@ zN&JG*nTP`s2f7po$b8sQ$?*^lVJnyBp0 zsp)D?{I)Pxopth5`;jt2uUNCuuD;<;d-&;BfT(rx$?e#QM9ovl+RJ#AEYd%}?E(A2 zukNt|8BYMdDZK_*`rwhSt$_WVYS)c5RrVKIjY-_avDOmFwt_bENLFhtC!^~k4s>k} zuzeHR)BWx&faE*wxTD@c+gYuT35vP7ca`a^hD7&?I1q6l;y`ma(6?`2`|yW9e866U z&AGO#m0_<-Kyi=AO5D{RP1K%4oC7GjN&v+Id`bFb$dwr)G8X{bo&+!i-oC4UZxj^% zxvbRh3N(5F40q&bo`2PzdTyTE0*-qpq-DFLTl|hi$Y@n^rT)Na)9nXWU8KEyEA2Zs z{>5&+d$w)Y7Fy1#+s2Ndw42i5Kk3@84##9(dYz?J8i%S>vhbT)_eLn zmYFw6%~W}{t3aRIYbxy)^>w$7wiXzpL`Vtf1>EzB#f<1!#DRzd-IfDOmo0U%@K}i1 zJDUBmaiRY6pa0zHa$d|tTiuqkQNtq+L>%aJ4zSlZF-*rCbBtwYcYLBK1U0fyldbu| z2On(L{?-YB2TqH4mT<1U2|!FT!?xC4t3)|vZ!fi~jhij|Tx~ITkoW#;Z$3r!MI2~v z4%7$~lQ@qpjR0-9>Vm)8BXhEED>F2mFhf=h7 zTio5-&g@xx?e#;bl?xP$FWz5@GBRqP-1(rJ+cfczOMsMs z%kpvnrmSXijh-MC>vQ<=C8OZAULiUQe|~}ZrJ()8xR8QAx90J4K`TYw#>Q*YJ&lnS zVUBpOvWRWa{ytu^T4EW2XA2-?skiBGT@L}s&=T|ADqHk^th7Nt#U8YxQ#FHt(U`5V zVKuxYO1|TYAuRbe-STyg=1RkHar?x+S+fxJ(Vw1r$-AVQb&qut{_PAE(%^bVN}<*l zc-{lkqq?+`>I}M%byP;UI-hR5w?2p?7e0j|AnP-nI+ngO{h-LRFn)hphz)VcqE;9< z?hTwaE>r(k{onSX!RXrpu(36@pizpgLZdq@GC0k{s(o?f#D#3_kPPe>XHwA@qNAd= z>&o`RA&g&R&r&}7?X4B*4y}8ilz;cwp>|n#JjmHN9`1Bq`^4hw5STocWku&^RCDd2 zt+)J8o#H!R?0#gdzy5j{6#;iajFBKR(qDwq4BIiC{2%Y~H``v4T!ArI)?Tuejw*Cr9j9D@rr6i==X@XH$ zIaz0L>SMpCe`>fBaV??DJKT?Zlb18R%A%JlTAeiBuklvhTvkh1 zl+Zk(<#r1yVgf_Q(_CfCD*T^Mu{GQi0=@m?W)fWrr|t3|1lyniH)n<7uf?poHGQEq zMlSvM_gNP{gV#4Vn9Tai_;^42p*VNr?-`{z;Pd9JhGD4hp#5t!0c*`VPST{{^XZe$ zR`AHu;XXFvIxU&RpTQ4}wsXvo|MDIbiZL0*pxhM0fkUXhZ`m2_s3HV~pR8qj)LKnC zHrmRy4D!K zjH8!Y4FzVn#C(#)DY?H)k&k4yKH~lNdD0-e)JKC+$Hh|^%b3-|d2?GTJ1FgVwktiO z3zVWsbz#{TlUr&Bu{iyX?o}E-tL)K)O*v}t=!ZR%w&(Nz=h}K7wy|`?U9b{9DLO|V zLu%73>OErCra!;l0-7o*fpJ)Enc=fv+v+-b-cuHB@^=EC?=@zHLef*$Yp$S*%CoY_ zbOE{G{L}uvPD+hd?SV@Ws1+X{c5j)zS%>XkDgMgK_KCvj9)Ide7_0DFTbyND4SG>a zkGyt=!=7D=&eJ7w4bi0P{3#yYmV6CGIC&#zG?r z%#KBLH7Nd8U7I^&-1fG(1{W-^ojawt&_KUMA8?dWHld?Mgq0Sl;}~mn@(7EJNKydG?L*Oziu{X z*-EE15=JwMDpdrFxmIpx_rczA>1(UwTQElb$?SS!#Yan8jBjFyRUKa~_09{$rcbML zKJ?=e??p#PlYeIE-D|`E*O$CvTpo{*KZ!8uyaaTe69iO=HOVtT4lUEAKj{x#UZo_i zs9cn9a?cy3*fX3LGkTl^tBkD zRK2bi=yPj(K5soqPIrm=7!F+|5=5e()gnt>1eG$s*dd0NOhR(Lb-_gtPwe^IZ%bKp&CU_jDhAzvcd9ialp(ppNT$a$7^#-&4 zr~yaPtY~NvAVFr0LABQARm*D7GMUyy6>v!*PPga6Q+#KjYAeU~!G7AWe+zX= z#)d_K)?mn3Lng&igGImhO5LBSP#+{zmL0eJ+AlK&7Hg=gr~zM%w}X1tFaVRrw-uU5 zJTn9l{y!~vD{4^~mU1&eq|*$8-|GyKFfa2K zU-iFU1f~QD*K=7NkbVD6H~g{9dMg^^k^xnwlg{sjCU3gp2MxP%#cV8$`7%(2<+j)^ zpSOk8$i}8v6pB}4jmpxR!~RHi$bpein`LyK8ox#?N7@3n2kjtw9u{yZ3v2hys5DSK z%?|z2sJ4ww7I{uQ^YzP4ZhuSBbXWv6wYAp+&AzPdvQAdK6YBnncwmFNhmWPqi|3#Lrzk`S{rqAhumW4c+@<#hamt{Z zI}i8wKpQ3^8j;ES!=U&v%BS~FWQVY1RR0L52w7~>pa*T1Pe{;zX>=~tb>Y(lO=E7D z;xAQh$$mHE{NzKOP$b(Kc;h)+L5N^qR{K#Hw%>41PUZ~yFqH&1f97m5xk3?%!h}?2 zmeA~;{na3$8hvYxrAzY0Q&|eHzqC$sZ0@uXlbM1utYNIh9Gt>4)A6cgzs1@sJ61~? z&gyF5qYdp{j@lN=U&`sUG~0S@At`$0+i-uHwo{z>nV*ez0rNAr-}<3ctk72H9LGp^ zgstK)ISk*{#P6}-T~!|G14kj`eWb@gvDFrQ`cX1Kyl*7*Uela$mH=EEbL3<5ay(xJnekFCu9d!fr zCvSWL@$)YXl}n*3!W3S7{Yq)V-Wjy z95d5FKK%Nub5G3Bs#0!-z_Q>_)$V50VB4%OEVn`!)A8RWC1Mx`?~B-{LI78`7=ogoM`eCZn5R71bECr#^;mWZ2CO(I_|FTa7RheASeC2 z!sD>QV=)9!NPhkn3tEd86P?Tk+l5*(Wj{pyn+rQ#!7Y}#OB%7)&v#-}8CJRh~7hICA$8L-*j>FT0BB zQMT5xer1nvKiS+SVUhfzSZMjoff#`p)Q9>iu=&o&2<*uU)){;~57RaV=2>$FQ-Oi;DK&*Z8 zx1$#%T3D%hv20e!reopMA-EAHSCsv2af@%Sh-q2bwz6Emal#cx!@h_s!Vw5Vwv_RQh!CCZ&oTc2HxP0j(z7Y;lHUG0M-kG`v+ zGY7ORGv6AfNu1eci(x%uV=lNyK2;QdF+Sw>#r`+BroW*3wel?`WoAYF8Qo=tR}&dz zRqQXwyt8t|hV&}UYTp$Sx>B#=aJ->{JOb5#rj!IEkd`L>-)iCFV|A=3NqPEGoSIozvg&uPotvj_F zj1DdCKQ%@ROwnNE{w1064^S8b9xl`1Azb!;6hNB?So>tB?p@Q7zEN38=1_ zz;D-boCAB{*cn(dnbjO9_!~-pj|}6xH7R%Rl=IUXa=6Q)h0KVZwUuuKdc?#*x4OU- z4#s~N((k?K`~oVX6~fSBVU0lHlw+El3A%^Gf3-qHqabe)q-9DpLJ$#gh`aQ?d&7P@q``m^iR4f);I<}7Wz zzj?H0*DE(rM-sSVM0K6ZSMR@{FQ*o*{kJY{;eu1zTEP3aEN-i~A9vL(|1P(B&)_H@ zBnk)hJ?JQ893lm#<^(vt^*QUBf}0js%W+QcQPwO2yJ68kw)GA_BKKoDeIdq-z@6a& z=|7`d#S5vgurWQidXUfe&n53^RrKlN*Pv5Uh{26uX~*ys1{(C+;xaDcel|e4=!t%URTSo`({{^`>j4sdzi~7$q%<# zzpQi8HDyo6qr={qtlDm}!+%q$;vBuJ-2MxO)>><_rhXJ6m#&I-o11yRAR>bCpO!~@ zHd58qMq}ewe5i;M0f!h3x6$*mogSXs1nhaJDWLmY;a>u|3Z8h4kA?Em{;!+1D* z2j^)yh9ziH;JPJA`1~!jwsdeAIAWU#ETV>%{c0F!>WLj=V~XbN<6JPU=u+l7V!c3) zQalMb9h#NDNNM*X*A@z-0*P?Xt3mke23jSc>3%J>7Fo`Q08>MN&fW|~2)HKVbUspg zP&YJD|Ho|9pYdktPX zn&)g!*uR;R|77=BeAH(7^UbhOI`q~m7PP0iJ=fP~L0SS91o@j(Khe%Me>!uCm)?86 zzwr2sw01`x;|Eoa!^oPToZhT|)S4?@hX2VXYZrbC*VorArYdIqg7l1^Xg#3dDM9Cz z#ECd)go$O~-qXPS&*-(JdCGo|*Iq)O#ZSAj&fs(2LV5$h`uiKCRR;ewp9K0)3IqZ; zzHzKcVcfrFY^!JssC++wnv{3$dr;X0BpX@kn4o5g{v{6fPqRW8GUlCoKEjJ4!ix|m zjKRefK7NM5|1dlZ+j?NxTsPY+Zs*|9Y79)bL3nXZdQRF=b#L@CmOt(=Q~GoPEmkWC z%}BWV`W|JvpX}&3F55Qq?KJ3sKfo^pZ8DEmBla=^0UH>9&s$MD72KUVa5aEYd$#EQJzrQFkMtat z{vO-^KF|8&R1ql)@EPMO{X$3p6+4zj7A6o7-CkoC<_|sl0wFkvmp!y!Vp&r-B*<*> zaPfAIJtjpVbxoC4Ilc{7NA^#*h2joAdQyMo-{&g*<`NZ1SfdqS#O{AGsEC~*=#`XbpJlH+>d9Qy569&B(Hk5|AFvEHHGWrF{4zP7ZmZE$rsT+ z`@{kr5o1o(C)%^-f3CE&vKnM2fDkQoLR&hH=5A$ojOw31@jxT(%+bOKB|O_KhH+BY zFj(`#AQT|>D5?l*{TS|WNa--;cU>xRe4$NE|6fUpg3deD%6g{eM~m}erCE$0-a z{g2C?P#JEe-Kr6tl5ce&p3=W-eQm7K@6C$hj#Ho2A%i`>aKU}S&}uBTjCd?LOK$As zzsNIv%%M*t*@MEhtV(OqyGr3IVm;8pha3?|IFj`c4Ez1V)OBvGlf;!p;CA?JyY>Og zUV}kJdkA;Edm_8la%JjS1R3%N4+J{PySlZ8`G%A4y}OBJ_S#D8DGqTcbH_ZA2EZ;J z_e~oI%sW?y(0ibkE9-b3*~S+Q(?(>TgCigDJFA2)d#BfX(h)%7V_Ug5^Up+9X?^yy zgI|8$u#BUwM&*mg6p_e$@choawG)+7gtiY#?WMC5v0MxcMM_Yh?DwSg*a#YEO)MZl zW+G~yMe9h^D;?#^Nfrftn<%5m&kn_?6Y{XS7T)wXp0t8jsPRmb*E@V$eUCMAYC2!` z*wH88QpBJB#S3-cq+4a%II}$r!eNSRN*ro;KFxWnqNN!?G3dBHL{(>!vyV%Ye)BM@ z26TQm85@0NDU0LKia!|PFo)kMyZ*z<>PRvR`4IT+@qly|J;LPAh5!5W271?dmdE-L z*Q&$1BAVt}PyA&B&bB`^hSdQIX1Kdkh3HykSwh+3&1KzR(my*7nt8tCd(NwRx<0v!NsiviMON0n=sYTKxTSQZk` z^}cu&|6;LoJ&WvoXTtj}()uhC4AvB>azs{CLxU36ugqhuMZtIZ_L_U?fuJ;{M*)_%}e z;n(q3MUuSBQq~ZnK~|J$(lzAl?@Q6-g4d_DG&5U_;_an=`z8H z&q!3SF9+fmAs{{kE81_sO6UR7`AL+}*r$3tOL)Pi+8Qo}ungab$U&~vEO{^e(k3>b z2^xv`Uz5eo-wslGW8ULGXlwq>UL3JXvHJ#BMdV+$=XT^PgU}=4&Rz`n#35gGUmJhh zB;%pjaozir%{LmuTPkBZ{z$xIX?8Ofmr1B))Snbr3RcNFHh z#%~>FY>)Sioo8kLJYKihgpc}uk`?u{z;9C24QxlDVyYEzis$8;cNlm0G_QS|QM$_( zVrzFAh z^(>FRx~}a3Y9?0TxDd{cK^Lzef`LN;!X{ z;AE8l^O4bV9@tIeG*9+w@i0&Qc<|qc=@4qGBHU}2$ij%iZfmI#*0iG(VhbCT-$9#_ zCPJ~*aBdu(oNS!*+2@`}jG-4h+=l$Bt5$rGw6iMvZW0>zQAc9aPGiHieTbL)4)H02hncXa6vomSVgdlDIn=VY?%)SWa$iMZ0kk=hC2q>*o^`$-} zDk?e?{^@o`rEydo>=mq_HVq&7!O0V2%QP5%5m!q9FXIvtCw%U#WrbOg;SKR6kM-rQ ze0nUY_WCfi;p}UGIc0@z9RrD-+dBEnwh>pb&r)HdOnj~&SP8mmtvbgS%gniidbWFo)QLZrabl!PDwFPgM zco{C;>*To7DE}_m>s$7C%MBaMq0RikA#Qoe1%PF}Ww?P=-y(ys%}f)FTJHMntw4RH zlK}H%Sn5&!Nnbs0gu#f^>TO_MY*D*xlB-_hy;U?p_e7s0JD>S~4h!flCt9FOWQpk; zWX(gEPyk>G{zqbS*m)VsE&yq{FR5j{%kB*sY2Gll`tsO9WXxvKuDwLQiQM+J;zWK&NfhM+eVZ+bE_nL4qAg9 z-S@Nm{p(+Ox~cBKj;NY9+v?&9v7_nvoKV#T^TytK%H^?W#qxe2{(b~P&qT!q|MG=? z<|+wWsi z@Nur&n$iT2ok*M8ss_SDUG;;>(y<8cGq}lT_Z_}UcL|Ed-$Iq_k&;i>P!XMru#Nr0QQjnRr+yN|zD6(ka4+Vi*bdKd)>U{3IeQQwkYVMZ7_9e>qa|7m{Ea zX^X2#x@Khb#MDt4(!?=PAQEr-TiYpc!+18RBrYqNe;UCpqbsT1$Fl@ z^TLUnTpVs4xSt!9j{a#}H6rt+Y7MswDw1_Ssr{WKXLfVYY-ZJ_e6qA`_5Eoje(&iU z;}gc^0y$sUF!FZEZol96Ibq4?Zj;RWNgvvsa8#&Mxnrfb(e{t;_(8*Axv;}T*7(U% zVf4sSQ-5CXu7cIpme0|}ByLZAspG-d<;@Wht!`{UQ-*s#fqsiL2@TQAmSxWp; z>u;d{3`-GkXCr~iaQ!;=0DsnMM!vZjR{6A`0dfUcdJ)-DmQPfLlEhn0uJaU4hwOPL$zX<$YQ z9Uld3`edDNPl*TEi+Oo@Ic{hh{45^D4H|;_AG8@ls52$jV@Wu=UY$+RaE2ZHo@R1{ z0;4^}4f3=qjm}odgZFwm+viB4qb{KIvX}iCiX9YF^aT&lgpM56^aK4r{DZc+;Ah%8 zY>)80Uk4MfFkOAj-m2Y?P`YXJ{^KfzkzWpalj)eq^wJr@b%4U*>53$MS-xP@K2dQ0`;x(g%rd>M{-%YqeDfZ%#HEOB0q$hw}?2j-KKNIkfP&s{X+}Nna$Fw`LwuB;x z>9>d;8GOh)#6?gC5Let)86MeE*!3M#jl6Aw&!&kOcA>uV2}A7-k2Uwyj9MLG>ZhQZ zU@M`or$pLuoUoUW+_XnRG0#cbeetB?zJzc$&j&t)P8BiBuq%Uz9K%XXxokk9BrG1} zpVhUP>R4JCXw^m&ycSxwIqfrCVyWo$h4ZrU`O$9LM>|mh*%(Jn&06&nZ{U3TMGY2x< zF5`tnu%%-FApybpn^2AYrf`*?#19}yMS3PEgng3Cpd;BL;~mod@aoOE-@Gybr~&T^U1`Qks-n^-w-JZtB2VK zisySKX%p^#GkujzqjMx3B?!5WJm6923fCDvmtYJnurYX*ovh_X?jmHt%jI5~S_Z=p z##h3@V|3w593h8(po-=Uf<>0v>M`hD-8n$*k!RdVmP|7Df%~Qk`y&AberX4`VvM*u z3v-A;0*B>2+sy%VEs+GyGXZ`xciGL>k-Pe`{n}-YP<5DW-KL;}*UWGszD0zE!WzJH zlQUW9oZe>kd7}Tt3raU@fdmPTP6l=u`mseVe2shNdiyo+x05bSSsnK*<2P2TV<4KA z@0iVG@>6gPmnzMJbZUsZ%WSkQ=J(IHT1Q}@=mJ+E{2-!xRYTr~e2jUgO*p$}q@wiwvGC z-U?^DU3AAZOIp9p97{{pJOLL%X$F6Q``oTjR3C;u6XnIQP#BmiWosch_Q?xojK2=^ z3Zox0K7(UvAj_r0@{p9}G$bgC?;_HF=~UKg^jduB>+SU0=rzjY-?oWqywc2!pCp3m8Puf03tV}7WbxUeBFx*ch8t{3_ z60t7@%V-c!50!tOr;gN&w%-3&RF}r6lg}TP!N<$pxf9lzU^luNdD^);j&&!)idx~& zsw`lfzf&@tnZ7}a2@ol>570xpjM#JR2|+%0+75Hcx;gjF49A)m>E9MYGo z|JPsaZN>Pa5_utbGfurPKHkLZVF!kD(AS3-79>O3b9dEd<6rg^6&<;{tkNw;+qHji zAPm@400?+?H1&QbJg!WGM8kUvX%q!H1r(o?z=iK&SfWHxi|Np+4RNrKCj_8eWkB%g zauEB-5MyBew!x>F$COf0?Gw47gydsi&o5L3aTfux5dhFA&3(+a4v0Pd`hFGqwEKh~5FQ60j{}KC$t517_<}X7{)7GCjXNwvW4YX|UVfmEblkC8;BbcJEaD3jY zrh27~%f9bT8+?vB7xU3hqw+p?{F>i$aQrG8@M^z!iS61}-T@eur*2l7F40$NJOlI5 zC=9KbAP4=?Bo4h_m{em<1Gr^@{ARtoJaIg(j7 zuhk^Hf1SIc4`<(SHdjof+l$b>XGoUrtsxFY=4k6ke;o5 zbahAOGJOA|(*eZ|}Y%YnaYmv~9JerDr^CEcuxZ(!oHlwZ_QI`2M z3D8Dt(MQasd6EHv5%4(;Ce#HvfQ_~`k%R2xi~y{Fs;$baL33YlAoaW;fC3VfiiDK3 z7hHv{2qfs34>rptm%?FlYJ%^THQ28z0o1t^TZ&L+dMcp1Q-3x~hq=5l!1B!Tx+k`h zr12sQaSpYFotpIgO;Lu@bh6DC-e1dU8BqE+>;0+?4Ml&ICR+;LG?6pngx;qolvA-o z`JG%0a|1x#W}GDXBOsI^#X0IX&FAXnkG@C|F}}w;y5W_*E&a8Y860I6+`w;DMGscJ zqD6?9h^yEzg0mk*o2(H-H%!1S+fEM=5GZ;u+eAg|$|9Wq$FnJX@Zj2yG*Yk5NcO#S z?tzDiv5{})Fe;c4J27zU4h^|GLQfN|U00hv5?=e%1I>ssV+WGk6sn%9&pX{UTN`zu z&!*6pq)SE23i#cx@}{ASdEDpbDq8HE%~C`I8g93cK1%egL((3EKguG3jESZ)mM10? zB#07^>e=sudDtUFo-O=RPkyCj484OLtl)O;T%m`89B0O^E`Rv}y(rq)9#$5{`Q14n zk6uxa!djia!alEz>Ms{2zC(bqEFWppe8#R{^aY^kj~nyNaI*Hxjz@ll?yoQAgUCdPR)$Th8aWy`iK{7+P4e0V)^Th4WvAo1 zXeNPX%?AtabUMDHex=#WbQSV=LrUt`%v~M^(*mEz&Po@z#rTYgt2Y)A_XGEQT-6iL z4reACsSgaS=U}JmYlwumvot`^p|-e%N`v!xk0e>z{*yA0ZU|i8bH)c$Pltl1A$OW= zFFCcqa?h^~>E~H#>Ac?H(t&c69d3Glv6dbR#ZEjZ|JdF7W+p&_=k^1{^x z^Pl304Jj|ya-IJ(TK*^d2?fB7BlIH)2haqdbj5u{Y*a5pg1U8_ML7^=ji~I5(?@n% zkg!wh9M4+d2$Tab9kcp=)fAbEnovtqnVarpuOjk;fUE{}Rk=7$s4!H{H+`CO!Djww z0sS({nQWU`p=2iE`CO+d$INzx{!@zP>2PRpJUV?akpWl{4JHoeSEkrug+Ads6xg2+ z!TLk2dfP1X6z3PAWIWFw|j zuhFm1ef>GkBXI1q)0hvG3PbiK%BzAgNVK zg(WC0PIrUgX-Jr)VZRx*l^+dk#K zfZq+8>g;wFY=os~IumAA_40h^&6r&o`faic#=~BEbsWr?HEw6M5SMm1GR5w}K`SQP zW*O5Mq|B6&+m~|ZE_SCwvFSYSDZ>xfySsJbWjj(ZnzvpM*jcpW(fPav+rBlPCakvc{`r-m5A( zK7%cl(fY4HL!UnCvJ}#PU^)3F{rOiBN*rF-32n~i*_>^ynLSIChmc)42@S+X_sbkT zdV^=9?Nigap+?=>88~yEc5vi=M4hx!?16qNorhyX9r)XBw2tnJUW-BNC~LJ(rP43g z-{`+w;^6vBN8QRjvqZoCMyC{=NCElkzxWPJq^PsAi0eniyEk}D8a0Y@$cLga0Yq|+ z08^f?C+zy&1MVq_{(XVI>iV{LPO-b(YAJV$hEr)Wy(snS)vHb>bXqwHtj<~cy0ZVX zSwqLqHYI8$IfLk~j1|9RW4SsP%N$;7T872=DQ>H>eR*(xBbTUD z0D_Q~Ac2~IA#fjZm&&En{|F!mW;5ZMfO?wXpFSAPMt5NW<+i}oJXd6GRDlVR z{lEm&A%?GMIvhyry>6Ao2Sf+e6V!|}K4xcyLgxUP_#Kee`Rh5<%J+ptI-`Kf-X zfCvvfA=by9&Rd1{&OTTC5&@pJl)~sv%?Np{WD81>90GB9IA5}&h+f(4m zoTeZ5SEBgaSkNZ<#~9pwNrQ-1?mV7gohmHfVA38>B9*?jx156)1f4Lr?!ab7y+4CE z&m$r5@F#8B`^`G?NidQNHpXl(O5$EBRgOKFL*OP3tA3g!rAwBfTAjULZZRFtV$atx z9-d^Ulq0tL@be@!N6#L=n(XlE#;J`F-NfBZ1jBV!bT59Vy)DGgAK$7K1cT3R();330AvBQoA2nWFsEz6^^;d>_!?OdMsaC-w7e zPgc;qEHfywLP1i-2Vm$$!+hWQW*-%>{?k=c*{prJq1(PsCZWyEN?HD&SjXy-vAD66Oj`_lkeCo+%{WY@%aoIG13R@0)bXxc4u%x24ZLv?6`C5M# zO;}+Ojo1OUH7M~ycLpm}U-NfM;qQM-A$kuvJU**Gu^BZjQutmYw;SiDjE-7R7_ z7Qd-jrc-GtU5~VCz~xzAP#kZzn;73vj@>C~0y2CKG23k4^ER6z7r~^;0C18YDXKZ8 zMu)cg;in>sLad5T@1ti3SIDz>cj87Lh{kirj9kmwL~wK66E}oO#Hjb6*WZmjTV?84 zi5O&fITimg;6oQto*-jD|A}##m2`U>|0PEE1Pf~wM_8b^W!~n^rqg@Hqg|xkt{$Mm zBa}WY5!`17=dizIcDJsyx+o^)6->%^S8s9paMHTm2%+z8?Qgwo@F2xrT_SB3#pgL& z8`z&E{F19mkxxef7c!Y^0o1v2eB|uOTv#MB&E&=)PNhJ4x;pH9y))(4PD)e4wu1%W z^=J6YUa3p{I1!EXF=JSV-#54rJ3HAI-CqMAc89O7_O{3vXGq)aqD+8ypTm9wq=*l9 z%zZ`2a$+RgSR+!=a2y~vMwgy#8%c%ix1s_I*j(LY_y!vMLrT96Q4bk;TR5;da%EYkR;9Sm78C z(@#_?aAy$bt}#hjTfHZI*Yq+<%Ky8qfjGU1h@4juO@(+=4;Mp$$+_qw~Lcj_uC&jj~0v}%jMew=tLgf!Z0VrSwy6U2)>cnu(%%54Ar zhfGwx9;|^)8zMYfi{BiNZ|)l&^YS@K(NECc(W#xb|F{>xgt(wwguP78LL*eXJI(4| z7eNP3YH5Lx@Y_h|2W`Q!+DAPBmq#=lSmL|?8tsTN@W5RYkzbv0V4B=5$2iSQKNn-5 zo#(|M1}ujZx7L>~A&0GuvSL%Ih+x@1?Vm4*d9kPU2I7iQlmonXJKKm41Np>uNIk6# z;^#-~n;2Ue&H#{j3@dxcpU-BQ8i+55s+Sp7xMlGTt{C|Q01OXl5t5**p8(2i{$JK(%b;-RGHQ`GVjxn zVpZld?QOhq^ov2C4S<@sO0DK94v4QcmfD8vr<5yla83rq*o5lK&0%1e<>~@(H2a?CJR^sWN>QrV zRarWFaWFU$JF_{sK19elr_kS2kJb|Az^ejaxLQGt_ct3*J0=_A!Vzx{{}l`xibvm0 zb;kmGmlDx@*_#w)6E zs5w4a8X7T(S`1&_4``HwEo|?PCx7~qdhVj7MyOrpCim+P3-F@NGPy$w&B~qr_N!~RNdro!l!Wdqm(nrqF!&Zp}kgdxPD*%c=JaJRcRB-S*04JlvVpM zV>{C3@ry)z2jnBy1v}xx$JFf9liROCMZ7VbkPdET%%ljvPf!mibgp_waLQhFj3(+M zYBUUL!~5nw$*j7E&(GF3@`wfa+}vteRb&+MI*L&S0GcEW%wH2izLeEnl9xg`-;aVe)J#0g#dpp1=7e+*EwW4AU(3nA(>rd z2!~b^_cGa-BZl9XEFDj)Q!Za%X5Z4y^TJZsX(ouwl`Yyh2&H3G@B+q$JtOjTHXkoD z*`IGM(Lw*-)~`Ayec!$AwVCP`O3?M^?)``N!AfxY)u8+q&jcJja_ZctB!ePcg=9-z zmwp@HaApdvTmfFCMf{=#k`j%s#HFP~jj1m@j$hH&r2vgzE4R1d*&wHD=F#WRKVt>_ z3ig!M@#+$7=VpgO^(I*rd0W^#UMxt3yxUm)p54L9^5Ory-)q7wT3zbwv;*_^Rcd7J z>{Pnh^q(GHwX#wyhee-xfqh@fIDu3Z1RT)$K}Gy{Ti7%~A1AFA_ouOx(2NvK+cH3e z*E{Y1>xNjlN<5+kF?T#Pes!^`w)kfXW4mpi(d@@UK1AtVur*^uv8QnD!09ghqsVR$2%4-w^Gl+r}m*kUt=r0cc8K4#E@* zE)ic?->6DTuUj#liuo947pZ#}1hX(GtSpK|mx&0#hKq4NK{mx8 z{1oz`j1r&~5=nJ=ZTa{~0IrI5m8OjM6B5O2JeJfWm5WN*JU|xM&EZ0BgxK^XDWV^e zksB)Hi5@hki9?JPfu=;kjuY)!4zx7+n=fm&sz%422Ws*a3@bBDj1?VLYNO# zxryZbFKmqqqC$Tt2H?%(IVrMhUtWnfuy$sHB@9fwFh{<%Q_=!@H;KB1EshfN9VbjP zZze94IaSo=aj5|@`~&zSX#g}X0p)XUx2A-7kv3M-26_%}hd@59q{4d%~rPhJttk<|g=(e^?YHLd;ZaH0MM)3wF$@z(K-_!~21d|tW#W`A+Uzoj1`mgqRC z-fC#aeC-MSK3TOW&aSnzdB*chwAz z#wmlm*8HWid*esTu5dU0=vqigx!krnWjVKh(zQp;y;9u&5=4YBs^Uy|yf5<*&w>vw zHkdiKRaOK7t}vYF+TuA3==d93>h-LtR=;59QX5QFF#}!djW2@(Li)4e`I-b;Q851b zA6k|5Z+H+&q6LB|LPI%?p_w2dwYji8sgRAj{ObD$*S8ESB8AP%gWwH-9WY)e1Riz^ z8TBj3)}|H9J`A0Fzb3+*x1U5BmP&m8MU?30)$;Br&wXswAj9YCY(iM-9IF0p(z8hX zn=yB!CsXa++)@Th&yMjuO}As|qk#WI)>no_6}DSb3W(An-5@oDbfj~Qk^bw78kd#xtM>;e?wx{zeW>6Q5%RU)Go z<^iZW6AKgQ-*Mh8tOwN9O)aI)a)69uRz4GVp1jzB78D&gIysWQdp(19kcohMhWb%$ zBleD4qbbk@$*&JF#b5qAEscB>*DS|uPa1KcOPC*Gze6FNJXaR`yS~m7f!W}dI|red zrx7SxFRB{8D4~2MJ2-IW81=#W!e_xR@0b8CNtyZlpiLxdMT@eBlZ$b!t5qMsudK4}r zjp}truZXTW&j}76y-L7Mqn8 z?PX_%29Ax0w+vd26C09XUKMcci|<1qqw9!elUgMK&C=SrL&8VYY126L&NC=)lK0#a zQyRnzuFPMoR=&LenG}f_JL>O-p#PHvz#q}em8W&b^M}P{H7dHle%D&=ug*1j>;foBS~e25G9q5hARh0c&GGmJ)B}O!X4;%$pb)NSutrb6 zPE$qY4=v-oMwMRn0cA~F@!bk)qcD2|=+30N{G;wx-RFU)FeaR9XV4XF$gPiui}M1SM&#KPBYLb{@dEJh;23tUQRs?gM zANDt5=F|<8HKjZpQT7h0K!-ZX6)s2Waz>aD!~BA{>=yPG<)?hx)Zk=YseUP=`CoT< zsHR`6cHnJs)R}%5=+}%`x!P2wRV`_J)V7OS@toFRQq@p8Y2|j#aLiChwbQ2V)3J3` zCgym;J>ar0bCU40xi+a&v^(Gv@>-0XHLM7%Wn!@%#nO9j?pEjfxd zl&8n)(i?tl$K{YqJGg$IAJV;mBZluld*|480O`ha+-W;26sdmms_(Wy{7OYm@^4PI z-533bmQ=v>eS?vo{>hagjWG@Eh?dL>-0B5hd;H1CHsPT3?t zdsEvPD6aW+j;);?EDTNXz>E>y$8kXFUY@AZcY@PeY7kTsk5SiUcoguEhI6Rcbe)x-v}JpHps=kjk71*v)tDW zEL|>u%%lpjnBCrLxnUJ6))Z%^LySj^hdwSDCM0@&OS$~^9km<nMAGNxRY;t zC^`Mf>B9Ky`SC1qI~3vwzFv!^+-i%uz@Y#@G)vbm!2_7v5{{iR9Shg0V#e~09eOU) z>Z47mLcnevu-QOIXVCTETBN`!|4%XARGvFt!vX82g zCm5^XblQJ?aU$jQ>pe=NG3iewe_pd74YRM(Q|u(Ge5cLL2ze&Q*waMdA1);QKoN2I zUH7-#6zexw@(Sx6+ue$F1<$)_qg!wXs(G+oy)3t@rUregJZ6ul+F2Iuvi5_iRpEH4 z?_u*?q;1vu94@Vlm|6wUl^S70mX<$k+9I_Q{>Ii!Hw|h$^UCm&sDdu!uMXT|>eS`p zYI%Ix9Rd!Cm{!z&z5Q%!BiVqTz%0*zP%m_^Wo&2I#ifh$gTu_EDABrhf2qMTsMPSf z4v$5jg8D<^(Ngu|t3)V7W#Fy6oU3l?N14LtlpmhW2;W=}tOnriZ< zxa}7pPw~pGj=E7z#QH!FB<2QON>p&L%?avP$^cu*(j7Qd@%a|`yVxan@2{Eo0qZj> z!i^mNgb3<~A)*ADGWK4CD0H#V;?vd*QtE>9ZY>#Za?gP_U}R*KIdVR;sunK4fI15u z>)Ly-2DnoTA4H!VIr#SE7tgPdo+50^xG2xkeD$bUSlv#k=el4RayI_*mDcPgp19^?SWza; zdFNJ>&T6fLTO8gXBIXclFADP@9>Tcnf}I>Oy>5(NWyuSF>&W^8>hjjWQVkX+*Xipk z4PDjkG9%^nnBtPxQEaotc92f`G2R}~>~o){^+Vf@wQk)r;=KTTHlOqOs+j9w(R-Vy z_EYSUA%QJ+UW-+V^jupYtpKDL+5tuhJ)vN_s{CSPM=X1tQFw8-0bWHdw#7J4YMW}4 zNL}BdzsySi=qc4lulP}+j-IAzys9hSofWUjTg6-#Y^^#E5N*XG@(pG@zwro$sD0R0 zOy^!e_YhkGx$PM&*jWTR6u9o!k_0Hm+fIK!EUMlvc;)_T7yhgDi==d_Qn{_LyOnf{N~rimKFIG13; ziYJdMEwo?zPB8 zY{_`7q?$utZ`=)bd}Ds@p@tY`Kf!ij_zeE*VdS3u!snH-A7<9wUq^jyE97klz1KAG z$X{~bhyf{20`<;$3bj98k%YFphY;=R!|O$RHvyW*(|ht6MC0OU<{sP6HqMrR%g9T~ zh$#L~W-XtUHLmaMKv+blsbk)~w78pY|9}#aERej-W4SlIsF^kJkkYCibVa$cM5Idx z!KId#wf!0+3NR$#rXkqq-sD6M9lGgXUm#IocKZUU18uw2Ln@lkGKe|gxTU~7G!?~j zjUC02rm0IUlf`KDgDpA~F0=Uh)dR(@HZ@klP22~!=-Q4~3=3xJRl6ERZ@i1Q5cHq^ z9AzSZ{-nMT+J@_SqMwEfhKI*OlEjn(m(EF5&ek40mzf=vl=(ziYgZ=MQc%5OWTXhp z4M%zPF;C{C1xe<1%xSgTC?lB0G+yDHtYvsJ$!W~z%l7iaa=EPwz9oI#q&`B0vm8C& z5GdC@S@8Mj{cDYcm2Ie78Cf;K#OOXTl4mH+%pz$lslkt?6r=iR+XzCtiM$AXzsVTa zC7|hfc2~mZX$_N6nrhkww1Z-H*3W}Oh@hEog=df2rS2TX^kVvFpHVB>Et$!0aw-*Z zRF#R?_;|tL?A1|eA3d1R*2$FPhgE>A=nMnD-%B!)2K$3Fw{|48CC#Z9hs&Zsk=$i{v=4(Bo2UhIY>yAGkkt**t%|JW;l0NO<`c1}$%+;~$ z#dhBao(SshVP6V8Wfx{}aSbF}+=t0mxk!90=5pp|pT}EKRCbzA&YV+VI5;ol<=LVk z2y1>%I?yl_n1oko0Qq(wusLvST7LJd_F{}6y5k|$r0P#47&1)y$waV zH*x*C%RcNtq`atzK{(YSUoO!H9UqnpHoU$;W;mWc>Pj|pya+#|1&@8;v0Z@v2HHUn zu?vq+#knqg5r(RCXO&69>e&Petq4pMV)kZ6tqW`#s_Hr`Q`dqI0Sb|$e(DEzf<4#K zD!lmurBq{+4>8k!Or2A>~2MAosmB5{cV985KCGkRn~fEG}9L7hx0m0NLSG-TdcLNpLMD2Tt*F!!qK4AOQXVJIQBVs)HZ=Z z!Ph_s@*TE)Ccn!dxKPlt^?JeDr;~dSm$6Q;Zx`E93X;QN>A37tvO#-c*-u)zoG^1+i4uH+v(=IL&uU8uy#8wx(LN=}-L9EzJMgeM>Lt z_r#T z0f_qEU{;Y{E$>Ds|G8EhG>&v@{kg35Sf@dy4(y4=yRTBT9ouUk#Ev-ZCf28+ zpOsSirxVTJJv4nfMI!)R^3<4ajFi5k8_zV})DxVR{K1Cu%_s?NFxZ~%7E(ALlLOx9 z6;6V(b?drr$W57r8;`=nIQyz?UF}k6=qcxwtG|p~&rM(MO+MX~7`FK)5vvZraJxNS z6D~jt$kBL2{gy)#aD5PHXd6EyqX;_<1KHK*60>ank;I(%HO`&WhmFmntv*>8y&~pO3WuIMOcaayEgc%nCh49l-RJ5;1oEn-3Uil>K_KXuaNK2vQwC-P@(jyHz6aCBG3J2XyT&~mkijU%WF)53G?CR*38EL^jm;v5=2p`mDL{KF z>6TvRC?Q)rK!W0TBvx4GWgK(x!Or(>4q`70&y=V{d5D<*%A4bH0QOuK<2qxkbXiGs zkm)qaSB2ddn9%3J#uDz-4gi3yeKHA#g39RD0I{96J`1dYj5g>%zwN~gFMafs9D2ZZ zS=lin==Vq|&x*~8uTTd!KiWBs`Po&h6s&8Bbacx@(rDLLO%xxY=0^_)N2OcZIe-Ocn3Ou6@0x~kaQ1pQomciDxGMf!bEX+YUt=W%w8Kz zZ@J$u;hyp^UiIKJ?nWU;z?zBLIRLn2;!3>!xGj712?HF5?&t$IBP}m>aGTActr!jq zA-8KS9?pAKWQDPGQ-I*mSXjd32X7*tEw6{w-E7}I@|!$}j?x3#qDiG$9{Vmh+eCZK-W6EG*j%DN+1t zkR<)RBESBW;pScw{HF%GYpI6wcCPxNTBmIXVQdJd^vVg;*g-Tn=$mcGt=FK z^e@)i)^jL1&$`WQJ?Veg@6szO0QkR5(bK(NY&-cSZ2Q&=PVqlM-p9DhabaNw2%&O1 zG^pCSV(huEMul+B_}pjdZmt+MD4t*S65HRZ#5@vIR)J8&*Hfv;YcfNl@pM3zD z4Ud3k@3S&bn2PH4*7L(jy@dX?)PByg&&`tSqHXk&ky{7jwyr}CHxbZ-j{tWLicP!%k;T197G-WUE!udA>lQi0+6HTE)XE%p zFhXg)g0fEV5P+^@rJ_4$V9@9J#GkjoPquh*9|sm@`!*6Z{sq>bBv(#iC>uM7<*f<# zfR$Z%Ud!u4uuPu1$e&k3`j+(|z`bW3D|DTLb;i6KOT+hrB&wF!{x2_ z0BhIvywH8qapS>jc5EWq5B*Z7e;eAL3sNz$M|q+j7zq|-z6P=A*4-*3sJVv1iR->hEyz?n2rj42$3gj zNKf!J0s4aDO%}1Nu?=)j0)qWcnS!@$045sOjSSD{xG9q@7$w{lvta604csojPJ5)a zjGtBmgLk8w=ht6;dv-8<_2je8!Mm;#a4PkAVh%kS%`Vu3D5^F(U8|d;2ja!|$4f8i zt$DcShh6Hld7h0t_LpCyHYLPxH>jjYFqJFN1y4m+kRRwM-&jTeQpG#0k99raWFAg1S@@@(Ksy4^v^_)-c z`@>y~gM{s&-FV&P=WNkVgoJE-Cu>>VuHD=KlZC?@y8%I!jSlU}0>u^?$%^w+n~{Ak zjg|#_j3&&Y4C&jWjcZ9isGe#<+%s?CxXjD$ls`9Ze>~2HpjZtk&Q^Tq--6ODMr|{? zEG~OiNYujnXbRzX$`h3M87}mO`0i&7{jM+&F}pI-SN#6?oM3gm?a#(6Su^v0yF*F6 zV_@9q?ua2hYHQUK1-BB@CURb}qUTA=%{>~Laa_7QQRjEzidH1m z#|E54m>$@Pu$%rM%kTM47>D%461ECf3#|}5@27qeWbV5Rx(Z>o;q2`SNeW!m^1&(= ztTf~6`B1{`FPe%- zuj1h_0vm63?WjcvQyX;2#Lv8`i19*Knj!CZsUtO%O}vYK=aMCXE?5xJTfeI@tbVo zL$1`N@e88m;?5Bth{^VC~?UhL+B#e_gNN6f%%Mcy9)cVs*f{q9(3v z|DLO}>Wda9o^;AYCR*x(z|+-3bm3K^-IO%#n1w6Y-1$Q2ak(NxvsiCnf2z!6vhdGg zwaEpWydsh$g*Ad+n8%z#mj#}OGFe0Pih=t(5>K?=GOeLb{%L++saad>#i zUE@%~?oMpjb4sjPGJd8ImsUgrE-9+>| z&40t971e2-l09wxR({j*E2`VC7odR;u5aRE%tE6+S9~z9Z%qPj60FsFm)zHE+Am~G;O6&y+q3MO`Q&y64MtM8ec0WXguV~K>_|ofcQy+(md_akNbCoWppAO@ z>>L)SEdz&4syrG_Q2Scv2wxBy&(m*B%x;LhU&c=Em?1MYGtD`rE|m9u-FW9**FW9} zazU_0&KZ2NtP_3^IX$*qH+|ks?XR9-{inIX$yGb@y{ooYCMDO&2}zojd~?$4hiMnr4FXm;V$M|p=hdpn{YN6AhU_xRpXd z%WEJ5pXlNi0le{cK81YV{a)NpOIh5{M#3-rWEcM^iDXISK>CEbF;>g(0tvMvc9D0n z9AJkP=@~r!fR!u@anVYM=<4DaS<$j{?Bt%|Wth^3OT;sF+1DdfC6eXq zloff%YJ+1LV{Bmh$0)PkC)mTwt0yGwty#0C1&nvRO2AL`Wl&fg)aByzI*UbI_-@=tod2fLm7ANqWSc@t(fK}@zaqf3y`iU7TvgrPT` z;Y=EHcxsPLCJszA`A}VHH`Y!`3!EEb!P5eD=NmRb(e8zz$Jc#97vkhQd%uS~T!L3H z0M5LU$88UCGXD#oNPPvj`-dOJ>P}hA^vPk6X{jGtn4*X4Ej>a!WQKaIK~is( zKW$ICXL6WDa?P_uHjElg{ge`pzJ6bIOAm|P>FFHeN>>?VBXbqI!iZRB{!G7r=uow? zc-w#?$=#|46U9agEBOKq=n}`XJc@zQHQikH#lpLpL6~wx)`NnWTwND;`Z(<3!5%cr zY>)15kv9g9dx=8@*~NoTX$}Aui&FyCkE0uMWK5LOzR{XK;i44&Jv+QNHCNO-&tnoa zN>lSb=3TB4&x7`?8BA3INm@IscG0q*@kW8v5Ji+XLW6AvYt=q0RDY*#3|6KLMMZtl zpo$_c5`N?mU3tIxG9XG|V8DUC4d4fUYSuSMX`_UVX@C{%5n>_aPQHj0WTUSI;+x8{s#*ou#WBW|OxpHd<{R zBHgcY-_Gtag22l_)~F@LaO?O5Owqp$W3_%nGMB}Qx7x1gQ*!=dOW3pqeQ3SS@@8pg z_y!)6#=Rh%X-(PMdepR}C{h(&yFHo-c3?_amAlp2TJVdv7!&=W!n|w2IFHO_OPtXk zf4_u7Vs5)wjoa6Zz6~?m#V?B$grZ~AQ)%2S>5506qWoN&jwE1?5cGh{)Tb(2eX6a0 zsLUw4X$oi{titWfjqmfAUt%_!r8O+jskOS3p^KfktHkw`EU!; zYej{rjPTeRe$;1{obriGDKQw|$6#Q9z52}#YxfC2{Nn4j7A?5q@Eo~}JVZT<`UIw= zN9Vm4Cuy)#>P?j zI(b^Q7E*Z2)|c_9bp`oKwVns6$jn4S`7`_*3XhQm{pD9LB+QZ-LAro+E(tzlIqm^H z$=J7?=2GuSP~h6h2#cm$r_wvs>)ZFk?$T;p0V9%TL8|(jlcl=jKl=6_f$e{kNX&V^ z6pdCXuxvD3Yj$uF{9~ zDAwf-GU{H3>l9kmX5_Cv4~Qk$w6YGwql%9hJgQoF6}cZ)kUo4xVL~EUiq33nP~OPm z97~jrXx7dXL0GL6HlH;#UE%XMVZG&R?hk_+VMo4jlkXkly>V3|?CqSSkn8+R>kF)H zGn0l^fhJZsJ^Z>=MEVv27A$tXp{?^ceT9hNS5K5v@?H|MV}-b=V^GG@-Am2>ReZv) z$!J8fbwJDw9w$%I**2Rs+@Ujoa>>oi5LTGUttiJ*%Y=BfzA{LLhueW$Z}018DJ;xyRX%V$gC%eOF|=uA z-tb@0e`DNLh?cy`#h1**$>?Z~UDoimr)j_WB)_gOX#~ln9;XTPnafoBYyHe~LrjpEU zL*E{PCMqAdBSbzZeBef6nl*cE5I1WE8K>l~qc-t?v20Ed=|`H9DcS*+dFCXYYKGcJKCRd} z2}rdm8Ld16=tcKgygt{2IHr$U$kpWlefA~Knm1MhA@wspkZsIclgHLWCil3-I#_9I z`?KEics|5!IYIO1lJ0Vd_m|nQ;!_BL0aV%#%E^({k6(v&(Ydmgc-PI~kPsHdb0yj! zW@;0s978p`6M^$4*}Qj5jS&KZN}DbVLbq&i8c1msf6+$DzrYbOt^0}hNg;71^_k%} z60~R|c*t5Q`5WMd$D1`ts-t&8wF`P`Ipl3 zd8^BKGZ^K*^vBt|ZK>pX0t1nXD5yJ>qwvMxAGOjb;H3Z#6==ja>- zK!@K;sUC!fp`R0K)6#>q?nu1D?hCarR|C++V^1V{k1-jlRCZeU^X*jyr)9Aoy9j z8}j4dx|4PHVPf)0AaJM0P}%DVrFR=tBQ8EoI2{8ZO3fo3E+3K&cx1BGYt5Mzo;4jl z_tU1j`O?LCkHbsX%6=;#yz!zJEt2eJ%}sf58I^`rPqJ~4{(eC5TiVc(QYSp_(@qXO z;5zsl=w12YI1XGzI~MN}m0jqeb#bL6V)oNqt*3qc{NXiq7S@6d`O@igx4TSN@kniw zHSG)*>nF)2 zK$K=rggMLi;|C;2E-uF^9@R)XFG^KP4y6p%4QWb{krV9c|_^a&MHpEpkq zCZt5UnT0%1<%_M&&;SoX8Wcn4nI6yK*4@}%MH*SFTh+=pWjM|8!H_&?r6=Zn;W+AP z3zO^{0vhIe!CI-;6Sw;3O%kg;{Hzt|J3`Is?r^;cI(4X&lo{#bO@O{sv%GV7>6Ui@ zZBq2CUWUZRdS6JwGn7L5x-W#M2GZMg7vl74Cx6`ihx^0;{ro9L*aMp2kVoXGqBz7C zWg3MCLGK4vZH9G&N4Ve^d$yC71r5qZM`vUrllM!5(LbAFKeDPN!9P9;8p=1F=tIBe z+dH}xP1b8SMpZg-%qun}egR>S-t3vuN18XTAd7RHFQg8YIo5bqIeGQsWjw@w1f^;a z-Vl$3(;j9f&ONnzXAgitDQ7X{Jj?nk1P}3%7a3bA*Vl_Dw@zZ7o}ngP88mKPy1gs2 zQze=!9_yTS#nZ()EShOW(E>BhH(qx}3(lI`M})~+K5>6+vyQCNHJ#fi|7QDIa8`ZW zyl#%U7aHDeRNi%cCx3k6)O8fHTbFz{E5zKW<#$&)$<})YM;t^j%TC1J`*x>dVS;tJ zFnm@%K4iQaISoBN|Catdj?Kx5xm+4dT-mm(CkMlEcq4`JS0u+b zQ%ju!vpbjtyp(@Q-S^hIMQh{Lh1`t3A@4qK%X<0P2+i}EH{o3s7PZ1U8Id8h;n*1K z=wo|wP%yLiskgs(Din2V55*_6cLa|o(+%bkrfe6W%fX`q^Z%P=OoiXSl-{;%rI^3! zBVe6zzYXLN;V8l*@akr{>aQ?&QO8W|DIR=6;0g_|TL zfs`cI4lyX>apsOi8fYGG@0-*IdBavO(zgZs?)9827bfPme@l~Jok?a$Yx7jMMYc^_ z^#sP$@|=?lTxa|QYIx1VPOktEysmxgmOZ-rX|F`9gI-~VV`MC4>>;xJ$y}vLi`LE> zipdtqRXZYv=_{OW4)B=6D};<&7Komp-fHKVM>XI(WWCr>VQNLXU8bYP&HN1G+@T+u zYwemC5@6qnH@mBQ*nZ!Kq_u)NNs~NfHD8rqH{fHx!4mm22XjkGicd49!CY*>O5WDz z8TEy?Uvd*3AZ4<@^N9v00hxmjO>;Z7$MxTA)EPCwTi^Ad-w&92Sd^V+$jhGC_>V3p zy<0;)ulD)NF=PrOsY< z>gvH=x^0Ix3>BY!r)?Uxw&^3NP#@Cpa_&&nhWOsh7;0>+brK(}5BXAA$AyZSPGcC} zyB;lsOg~z0#?ZeH)HTtH*x2YCh@nYHLkSn{z-}+0<$zHi3YA=lYmFkd?@9(3X#?fQ zfRaz9L&YmVX>8gRWmV?Dc8=iTt1x*bbBQl6hE(#$^#KoyjFQ~3+2IW%Dx6N8(oM`& zcx=?%Z{G=ZGjYx!vPqu`n)5%Em@sf1=zg4E!fG@d)N#qZVHn* zvpGIExbDY-nrbQyCxMTL2|)#8FW?0zn-?!S4@~OO!98|DdSyIza~3X3XXHm#nXbE2 z9X>a@Ixlu&0tC2fLuJ!kW{>=8i$G^%-zZP!p_PU@cdxdVM%)_5R9Z$+zmR=3GU^=c zvad>aDs8@-(e*A1awn_42cSM5;KtsO$z3?OjynZCA~HCJ*0^fJEVbf`;{7S!P$hKd z>QP(54kp<)N!P>)*z~}*5*Adye(GZWFcLlp748%?(Bwtq1TArPUjd}_M=R3LLCB0* zIdLqPcrDreF7D(r8!2xk4ALaQ2EQzcu`uEP^~@>$5I6%XrZ12ro6^C)A1OFd+3%6a z8@9~Fm(1QE@DU!c^VslV^;sy>7x0wpn6{1nnSRE+`o`C`MjZ|g>s?AEHf^S~d5~Ld zFiT+NN{p-P;VsB)w(AgzcbO~=_0qcRWMVbf-oUjle;@;-`8?O8boU|cL&+@lTgNX` zZ`YlZQ=-%QT@Gfe`D+ifs5K8BzJbEDM0P6ipD=~mVl|&4M8P!v1i0&XstWy7F)I`} zEP{tI&S2rgimpeF*XnC-eL#>>cunvWUrzNJ2&v z_wpA`y#{t~@G}ryGlNW?8YV zTb~>F;?Ei4#rmlvUbZ=*6h*G^SK8H7N0yRPuE4 zqOpH4(Zfq`B6hHIsJ5mVw(=Vn6aIOrqiOuAgl)#iF470qiWc)rqqGrYzP}`qzUj$2 z73DiFLb!sYxlBb5IN>vgR>;78v^kp5M@~nZ;5@Bh_A4hca*@Z=pfPapEE59W?3dto z>>a`4FX~P8YEVr&_0!ni5j{}Z@im4(Cf(yc7GNGYThOf0m}8@Y2zh9Kh*OVYmd#{X z2bOU65iDuNdMkP9vU)c4x6uMnl-(ATaQ}Zjn*r_Qu_B|5B>Q$BGIiIbyQJsxB32sn zxJta0Vc(7w7EKok#_Bd}hgkBhY~{;7IwkAYHbq<|ZCC)R4n3wnTwiLR1P;fT1Nv`j z&4*#cM#jFAnLk$QOcL8rm0bJ$qj-x`(v9uny-0sAf*kJTp}&`OO)~G_>_1rAA6PX2 zc4Ha!@_1=cGY3@&NuJG*I$ZWg#8vVK88uTVhDRJGlm_)fo}(~DUI2_p?ECqmw1No( zI=ELWyhu*sE7pnGy4T7TMsAuMUoie!FDdDV5YgWFk>_xxURwdqQR2feFeZ_dIvSF* zbCf~sW(uJHrg3RC|D3t$x=t-wr7w^6->o8wtYpwO9M|OV1a>)x!8Z(uns5M(#In-`&>b&sDqBtD$!>Rv zjY^|{lj069INX$|yj(9m<4gvQTbO(1fB)wAuW{+8g=g+6)vdjr94O4PvTuD3_1WKd z7)^bO%5NeTHFisQw^-AwuI-Ry;)K8UJyMB66Jor*9-c6ub7b{GV6lR>DOl5KX=J7G z>R_EQ^7o!rZi}f~Io@F64bM=rA-Ew82Uw>HvpIQfF*t-+Y)J0ykkRaLR~|iTFFvP zZ_izW!q`B5<|1e3T;Hu-{j~Lrr}g`?*fZ;aHf@iL-79TarV3~aMu62}Ihxp5P{I&B z9q!&uT9y$HT!H>5-9d1)DHa{Mq}Jpa$&OV95L=TG0D~kYb@4BI^w%V1qpV`fFq2NE zg2?QmOAZ8J(}#HqSjSDy!J=G}DL-FWXWi!}f4sySl#Dgz8+{$Y=z!{W@0>3fqS&MhrJq@%4SO2vK6y&HXV^)&=r?rQe2;iSuZ`?x$-u({;V;(4q((D5{GYkWS_7GO7H1_aYo zxDjT33(FUa`nTB)7d6JA&^Z2qj(m3rfijvXel@?K{ps3=cj7pyR8>>M3Bc#RpMfg% zW_xfq%Al5$UjQoAFM?q|TY(pR^$ia7QqD2q9cUoC^{f8B*YSr84sV{dCezMf%(!os zuuz%F2yV~lC%pm%%QjZ4_~V)G=lsYL51m>ab#i->le6xt&(nYb_NNzpvxWwOwvX~| zL<>0)ePYwXDgC5{|w5U6>#3gM$nqoxEV;jA=iq*q;*l9MDbaBFC zyL@Q)B%;KumRls=BPV<|L$WifhyeN!*Ub)MUT4e8_tz*1vK{oC;Bd4 z!E}iV2y-X%<@uPZqF9xjv@5A`zyJz%Ukf;4E2zx??c+?LGP(6)U1ARj7b)=qx#|wr{A$j`&9~j&f8eHaP`cyVb?sZs z{t8c!`dt3LzTJq`t+kq7ht_u==;ZRA3BQj4*5IG+*AFDDU!RKNNdd?jPB)HiElw{^ z>+@j5`sBJeMeV2JSf)H0wUM-1o2^0h-sXvc{8E5^U87A5@nGg>Q>N$ro<^JR6Es>Z z^Y4)*haW6{+G6#qBrtIAAah@ZZ(5IJIxoL4o=T7ev){A1y!+3Hdt%{c<|P302Y97( zxjj*bi>NDe5l;`g`^PrF?>xG-d=ug`iED9sxU6PQ%NC~OTlW{N56A76Y}%f#tF5L> zc6LD1$$)PHP#|OpEhg(yJ+1*lGj*V2!Cd@w(P!km?&a9+{~QnCkZi`m<)`wK!3L(W z6zc~P=ofQC&@SfG4o6%M=Zvf~@jS1Jr<3BcjLe3Ac3#5ze$3xy=y-Gdpd!mpDEhlxCKdO$_~`Z7e4h0 zTDdA;)c*+av9#2!U)WD%vKh#IQTJt9ZpdMMjSc=n-++?EM} zN`(#SU4knB)>#C|-H%MdSG+G2OVkRLIt~Q`Zm4edke*LDo&W6!1jI}H0F0nUksRJ4 z)F|lbCe_@gJB(asgHG|#UxZ{A+t8(Mrc_s3ioh@0;d+ppm~&4_!F~bS0U(2o1z-=P zi?EflPeU(fZ`OO{Z5EU#Z62X#Ww>fpwkwrO+)ZYGvv^YJ?SQ)MVQv)2F@JJp4c$T2A%~|9Nz> zp8BPFEWpsAD}$T7ieVTA`qvq!`o@dYkFxX-PHh9+=ymS_iVfbYNUU-wuL*4$0FM0Q zwKJ+e#E^|!Kr`b)m3*b0u{Ow@-*mecow=8^`TVn7#W><9wU}Sbrxt*B`#1gmYh&J} zA@wu*{CT=r%>MIe-ULX?arpH~In_uxeJZ}xD}saLmXVbd`y_iDTz>%3=Ikp}jrh0m z26pEmUB#CXq6g1M_lNz1@}nmEwp#Tv(}@Kx>&z|pWUu$B#g@OzwU>_X(nalFV0GB+ z8puM_m$cLWtnO3ah+KUVxKAQq^ULJV z)N${WDlinf@ctd2V!}%v1N+Yh-%2lwfJN^!Q>HHGU&CC=(|xhvascDEX0{#Dknb?o zE1m+CfaQv-X=sU)c7OxOceB60+>$mtFT$8H(dzBdfe*|_AX0A( zu{mH0a@-PpujkE60a7C=hwl;ZX(HCU?;xBX|Gj^KtO^#q9CJv@XM;+ThltWHubapw zXNS~L)jl0rB*`D+sDfwRIIaM_y%*D&&<$*Z+yU?Y2evm{B!ki^hDz7p8~mS7fCWM~ zRtYe#xU2{z89e>dnubRQ=xwK+Xs&<~6<#?abNA2Rgw>d9*0cYyMF0Auf(K!xkpuxM zuj#72B^^s;`yc;n4*qFouS42jCi9*EjKuXh5@8Dfkvj%4+voOH=R(_RN($ACHzX|B{~5)< z#u7;P_g?;+@AVFB9us~T2G&V)T;iSTL&Ae|#68rd;{S|6Dz*KuIJY#Z%lBIQmE{j# zNf^ZR;K-AhdtSh4H~l9i@$b1hM6p?FoPIv}^E_tYv4!^lfQ|pbhwWNotu2iG?cJz! z%D&wH9f+g+=iX>SR{(>*2(0cAkPE3*%H-dwLo02=K-v^;!8olc`uDZ{@9lkv7Cb^x*B*d)RFH00#k1_* zWi?%#ID1^PB#im(;ZnGLvf%#=pX!?~!o~JTH5zO4I6jMxDY?&O8~|Jws@J!8@}{AX z2Mc$8()|CvLmCh(@;rwQa5$FeHBiApwMm|DEjscPtrYWuAiQ=;&e1U?RT@B0l!e zygV8aT!Ym3goO8o9%J9*OvhA6&B6B85BmVkEKv&&MWOP%+fqi(ZlC5vw3Fpz>YW6~_E0kCGb*rLpZxR{GJ zE3He);X5Dm<+QD=iW5Ql3xGC}IRMN($FXahF43$f;m{#Iil0AN3Y{S=#Xkmg3x!W@;~fVB93Ej%t0 z0*V&WDRA+$+&=9UX4?#YXW(|)R@ivz3_)wbNq(%sUR!=9d8udmMP|8-mAnK z`d4Mhda@t}@K*-W`FAO-fqZXlrW8dofL4f4kV}%f12WRJUMDTH&wv)#yuRB~ei%}m zVKLREK`s=<=Pgm>|9XqfV7M*sibLZwsoTFO*WRzB)@b<5r%47$?bRA1sHP+#jot%<}Im>Mt%Z90{`%C_mK#`Y8+j zanx^SVE}x>v{8uKwQ}5bcf2Ew%X*t$FCA?DrIVCDeC9NgcO*ho>NAetaPTU6dB+w} zNAx>sim^1VA)v}Gz&cm?x!PWm1JvC;dA&E;r&DitB*kaKsC0Bt-gdo}^o#HDZ+{Fj ze9zu(s$9s&Jw^+1cyEI?}0rhRw5wNcA-l^%;k6M2DE(D=WMW56Sw{|nddaIEV=rt-NO z%gJbkUZAb87C46Ue??wb5^i7RL|}rfV$P^{HTm5REJvr)P3|5q###hie}0HL1k|)@ z|Ate5KYj=_wb?%M5n>DsmbF~#5DR-lpMd`Tn)hRZ@9EPmGpWQybD`nhm_(ufYgDGBk}2>^~g*$+#c|6xl0 zk$p0DmCg8DOqqj%Hy}n`p{{pZ$+`ge%lm_Qya}zRZi7|6VkXCQC_3qW>FN}}@YZ*= zLje1(kirWCWX0y60oABQS^7-VzarDhR7tzp^0Fjtl3>}#DVO2@Y3-zv;ATF>e_8_f zk#bv2y<-g?F!ctMrXTLxrCe7%-fDS%XdE+mTJ}1b2P~mk6h6y2xECmqOT?A!$kQFC z+cgdt_&vFJ9ai=|rd&AOF64z{zB4FVjzszNM&f^2{Bt?~!x7+e&#uSJcA3$3?b*`Q zN|tEC9U^LD7+^4XH1Iy_(I`|R^*SG*_n~6P4mnf#@lL0^P&xZpzs19y-Sg5S`$(WX zyS9#r2uV)k>M*xM@8^H*FJOxUQjq%R6sqW$yQi*t5}^k<`ce55Uy=N8g#f?8r>dAy zy?Cy|sLKY}$8jaN5jQ7*r1}@WBH+$d2!zUbGd>8T0I{(7FS38dO#h6WC=5|lg5GKx zGv_0|e0?gLj?J())hhZ%%e1s{ ztDYcWfzNJ9TyX#AtoQiCZAH;3Wmo_wy`~FYVEE%lwa59N! zAPo{CA~7Icf+9o5mPSAnm6V}DN*GE&38h14lnz1Z@LTWR=XV|E>~lW<@KW)bdE

        MTqAnOmQ;gPuCHRfnC8w&g#0-gz?%~rSbaU`>RwD=UmwM8H`<2( zogqLT-yP?HLQ@JqEhdFMTEGASFK6|LK4?Yd06qSX6H*Nrq4b?5>$682&*>bAYmMxG zW4>e++VSMH6+-5%M7HY~N0H|!Lx>Rni*>(yc*GbI)q1VfsxA*XTw{B*>cjo}S|F4( zS3mDAe}-={=LvJ~W!_YP;x^XSPsmQ<7POPjy@TTs9n8IRjVm03T}Gj)tdtNX^P%;4 zJyd7i;jDD}_fn;OLEIdACeHa~{6yQPEkU9ADBZ&J^Js(!F%Lx|8!=Trz`uOtWJoYs zfMt%k@3JbprtkE#5Tot21&W<+3+-Z&(aP2cMypz%b>SbPcR~*7aC{dYIO<<9{G2Ej zU=##NAa(o{&4*Jc%VAq}7iHqBjo-REu-miPr>dl@yNF)am4kHt*rptM*WAGiZQPL{ zL^1Cf`rRMC(U+z`Q@9G3?!RS6aMeA_NE$avZ(-Xmb)7Yv=!AYODxDCS`>L&T$J0%ruK!1Lg-|69!fv>GS*KB008@Zx$(*zxi zII-8@Al!i{xwXNd;j*=BDr9X}O;k{1|FJDe4vL+tfFx{;xe0i}+`uqF% zNR{iK#I#k=T2;JwcYw+Z1x+F~KZ2rDQ46JgzE|^tB6!&@IHoZS@TZfY~>_O)w zXAd;fq&jFArr8}*puCTNP+t-x8S%JRvH5e7xiNM{!FB3G*~<40O&ud3?41#+MwHW($YY$(2nlt)PdNKlJrWP6Xb(R*eeK?K_cPQ% zdc&N70^=!yqsC#?T@%3$4B>M88AHHEwGvh5&e1##-M*l|5XpRjX|X+mHBYerD?q93 zB)hoKr*M>>`zJkhpgdh`R87u<$A_%DhQ?M<#(n-rXaiM|7UnC&mW^Y*&?QlO zCFOj(r;R^?dEm}a!drkxD&SN(15m6jqYj;Lo$PF1KlW+DZ~ZBpTIuD_^6>ES6~nrp z-aEsE8&vQ(Q5o4$D*FNi$2)Re{~2fzD)U*aYt7X!VETEdC@U_ONmLfd470p{O(d&K zKZPESKjAj%ndO$_Op--^7_nPG&?r{Z<{5A`%tz}L>OFs4A;2AD7)_(1Rr=z^i_Tpx zT+<`6+gVQepK#J|OsabM+ql#i<|IN(lGM$~(4-d==1#Cm8vwG{{q(|)_Uz5_wCse- zV@*tK?(g?r>SQ=_t4EarIg;!gpSr2?L#SfZ5+@AjLI$k&|MFYB&U%spUP3e8>XYK% z-0oit?+6K$EPgIG!mYo0>a$qo-x+TYP=O;kEr)n>~-x*$Ymry@a1lKRb@%+aKZy735`XJ)`h*@V7;7t>Lz z$wCH24e4H!jK;;*p`6yPeT~Y2ZAXsE$|A?&EEH6X7xSlkHX4Vy_Py#C+54wqAIT8vZfa?n{QrLy16)g(>7R5O2oLl^CN%xDXf+< zkL^HE%y&A9a}s~ffsFPF>?Gbd9n4PCgO({I^5CJtq{M~4cpY%Nu|zd*$SbZTIrQ}g zc@sWMav}}b7X;z1N)7$T##Jd~Dzuj()1TE7Q4^5B5)bGP)slZU;6A4G#Kt*lLhhGZ#z35lyjvQ@+v68Ojc^ev8RqzhE~=clp<6$A#WuTUakr zc1X5nj7WO^u-FEF*g`bnSqR(8sae?d!%?WMJ3c$ht$sAcqiZ>vN0y;#5*#QmxWMZlyr?s(Quu5Dn8%wal<8I^c>J;V!C@+tgAoThN- zy7T9NAV_`xAuS*cuTOzCG#c*rIT28=Q7tsDeAZ*^=kaZT4dU zF5L&Dmn>CD&f@Q${`g2rSR=CXHcpTQfI!uNasZrNJP%gMh$^t{@g8k?VY!#OVderBg`<3}$9ut1H01Wf>Y#F{H z?_e0g(lCQzYs^ASOl%(dk&1QXcRwxG|Mve~lnHsc-dIOmh2sKgoXHRW_OS7f$5{(N z;QhaH1Nu(-w)ZAQM8SWfWTAe$w5xyE&-Kl8%33lwRGj) z?)tc%D(N7m@*|E{)7S3{yqqDC`W<|$oXz`_O%5qo_r=j6WU__9TlAr5w|tlc@FTQz z#npFKlhhKh196cUNI)hPS&SXi1-rPr*)LvLUkuv(IW+<=|C<%sOI1*uGwtEILgR`; zzyu#XRapk|4f_N(uUEO)IO*}_(4CqR1Ly5bZ*~B`7Pm)K5^uT(9Q0f+;gIJrTGTUe zRjm?_k2F4S=?VYE->CFXEPYd_RffYzc^M#BA4RPhp1V|kUX;!|eB|yiTKNJ#l4ZWk z`Mzbo{Js4VP=zCe^mV;v!8o$}<5b$AH=zPY)A?zt4JGNcD7%yr!3#HC^_au7#uH25 z3FvBhggXMQ(~=v(P+(M$dn3oB`F*0ul2u&J!w6MI&Zy4`p}sYkudFie3^p-PKfv?n zzq21GC@X_9e4eCIQru;@i;hwH1joCA18>YH23XWiazAp#b46~bP3t6`Q_PZ@eDx-I z^NKcC>ml;AF6*x{`L$^&a$(K34StX~nFF%LqH~ zI9l1GgE1DY$8@Kie)(no64qI0I5_DX5eZ>+v8hsa$zFMb=2e8I*c*fASdMFxb|5O&v5Ao| z4%iDe8DNsB-WlX3Q)kewvothoy0%i8#W5D7`Ff+92CP zIU+e*L5l?U8`wglZ7?5&Ys-g-q&d2QWa}0E_#>2T^Wugc3&UleEJ;yWZID%kSJ-0@ z3+%g8-K%8R3r&W$)|Z^1+?C-6DFg}SLr`rB+x1TcWne6;Zq zgY#rBM!y^NFodZQ-#XWWvPuv!*I**W2mLVfC#vlZjTes89 z^=5~gdNs%QZ^nGkhx~E&M(*{-rlA^}5+ReKZq(K^_comRZjZ>)Y;xX%4i#gQ1vnm- zYqWtu96(g5o|IAUOL9;M;XPQa6AeNooA)#)Gmt19lpCDXIfB%30FoEGe18uD?pOqDc>oR!E22mvHszUgzN{(@0LN}Q2(Fi%tt(1vrk9}p%j5eSWF<+nSN zzBZ#F2-h&6CX=jc=wzvb{nP3X&!RrSQY0KR82h(}0!jc1+TmuTu$56QmGEBru~zDH(ATe{t;+bkH(PUiVdkNC{h^`8jdq?c71{FyJ`}{{o@6D4 z^&f!ok&-}d-hC)+)qIz6$#)i*URGZ;U(!5*0KlJybC>pqzc8tTDm>US;B-;R)<@B@ z0eim8GVb}u*-@kQw_n&AM5ajOLjpqCy8-Es4E<(;=>j1fH-ENX&*C`W9%IKEO!D&e z%4QGP=}8baofT>XUHw~CjDC`4b127SU^7eJ*NBR!4KOVXa{p538jBT<-|2> zPPAE%h91C{BT6BHazy{MWS_$5&Ti!>1s~Nfzh{_Hnx~a4hB}d~)t{4nRfyLs@h#x| zxQRoB-LZ?^oWcyTX$c9paWdi#!=>#Mx5lqs&IQf9F6}BL>zc~e?9@#hDp6$JC(rrU zG6x1>Ax?ICaJV#MtwBJzLLF^Pw$wyyuJXPm4jYO2po&1k1RV4{+IsX_iKkPfTN3E7 zGlW>|mqPbOmt9Bu#TB{^ht1;e<(|uyBI(#g{QHO-iG$9 z1&sOZA5KFx&2N@$Z_PLOO_qQ{<_V`}H@fKxj!Dtm=roSm$%vyOyxXYEltCK7Bq5e+e{jDgRt) zzI~4vEK>>^JaN~lC*Ha=U(VRQ$Vtf){gCfvGLMCGruCB)vXi7ps>#gv+s~*m3Ma^7 z8gl)%*HEJUFtA~P*8ICgiDk*r}qJ`QKp=34vs~lhcU8 zVHGXcZ>)thc_Kh~<$C(*SWKbu+YgAsh$z-I@jIn`+9hD6=k4XZlTWUtz?)37(bU&X z6kON?)gqaOBnC{Z!s$iIk=Z}SkvXiR*_!m`Mmd$N%f&Vw^G%fUr3itCpm_@l@r8(r zvUgAsEu+t>)586BACA3-g%gkR?6&D(}N(z>5x~;{8WKFi7URgB#}3X#5Srx8pQ_& zctFZSnj*E%6j@0j;5O0+G&_J2%O#&8}maY3(uob#TO=g z`z{s2bLMB3a?V5~E>wD@if@B-8<#SykT&0wOc7aKUrQ4(2PH0qXqh$e`9qTE&V-Grz9!@$erS5=+N84 zMYkRz!Vvh%2xE1SGkmt;Gk06{fj(F%HL!bqi*-kk3(O5#YULEohcn_4a5b-^uuY6@ zO=viTs7Snk39W&ivuSN&)e^BB^u)WqQjpsqnF?nR13~sKNR6eC2RF$R=fdL87-fgW z?@043DRFQoQ0LAtYLhNqTK}Fo9qms&jxjfRb~E4LmUWcc6YfX!LPk%Lj~(kVEjKaD zGs!7tz2B{9MhbxMGuUVr3kFnsx?~dB1NBAJAby4SgyayF#s$1c!F%!(LCf#QEtwR%PVP;{pU!)HsU@Wo=fj5+k6g!?n3Pf1LRInC&~r){ zUh~@n$oH{#k-8s3Ri*Pp@6?gu!ht!~wB?!;y&3^h5{$VZu7)cKJAZW#Q{9UDb@;4^ zVTK{JAJS$?liec~SGrJX#O?Wz;`|$Ali|k1n+u99$II61O?$y)V)(<~i;hyQA?s@Le7Q-nCm?-0X9z?SKYBzfs z0CW-FZLyIrOqc3^*CD)rvMbg0IMewesMiiJx3Vv3DySB2gRushHT>^RrMX6l(9u`K-k@0B&$<3ZbkhcNiIl7-9wHq+Qc!q;sdA@Qu9 z7QOtW`Zmr!{|Wx1S>HHuaB=hnx4J`S9XI@t_f1T1{gL>+7fZe}--tZStFk&>X{ zOT~wWH;tNa#Xu1!7^zpfw{eDCI(bCETj)HAONQ|IU&C0Uxb!Vjp^fT_oMnC?b{K+Y ztf3EsXliP?^H(Jwd?Sg7Q8XLORs9EOUU3+wm1ovM(-(B}bL zlqQSYZW*;hohwS@pxgKOn@rHxK{1qjqxdvckNqtWnuN8shAW7_9A>sLaEAH7{J9&) zmYK);3r*)tlhJN!4~kKd18#Huo4r~+Blkwiy9T3ruY8g~EUg}XE$>+_i|f4soAFBs z&tsik=z^9mrkm5@!qsiLQ1%#jmA-uXRhlIk9{vZ?!6shO!%Qu38QFKeubyFvl5m3= z8P!~PWwYBBQV|11Yd}BW0Nbh$weey&%F#3N_M>}L&4{LgZo~alt3dQogc@*5N*QD| z+5f7J4L}6t@Ov$^d1dwkA3mDFoUHt2m=zVQ4T+#zp5*x7-1Yx{chNqeDXdXS^>*s1 zN4kg3-nTz>#AFoOkUTyfr==vAU!!;usWtiUuHN*4Ql9w0)bV}-qR;DNEmhf-O+cDv zr)Qz@UckD1Vvh((h(CMZIi643@Cs=d7ewN$jhs7LMD#l5&_TgwjHSx-tq|79v1G`g z-#g3DwlJG7Ix?aU;@z(~2XH@$Of7*bIRcCwsiY*2_+FTi5lH}j@18tmqTOh^Mw%O< zX+mOLNHBK9idwZ8OrLcn)Yi0zmU)So-ocXL;vw3YEa$osMVmHr5`){Jzpq@mvf4k2 zIEBJ*#98z}P5v$vHOmoYy_Gic%#AaBS0g@G2K?Tu)9QOfPAhgq^4l0^-5aE|_fgqd z9w0iZY4s4j$(Mp2U|yA=WOgJzND;MCn=JR{CJBXyE!88h7`dNoWU5e;CE!6@+906j z@=GGTklD4^hBx(l)zKG#^p#|=pAH*306q1B`OT%Ed3bfWM6<~ub{>DW-(S|WB9`Iu z7Q{6JfR3X&enAW8LaaJlyNQmI3P%rYasDm-*US4cjU=+!jF=XFqF_l)N>z+oJ**e8!Fy_>HAj9J@%D{n>PUShtv}R1en(SO zY4gRO+Qn6_Q{EImetc~z@ZDS)4`RWlCOHk2Ll!?}xLyesGXJssV$G0E*nD9_uWpAa z{I9%8MV3{0f2KFtm@_C8bcS@Pxe^QaZ2jj{o=62#ce-`hyS z!jv!#={-bV+?=|XXC+G?eW%i-L}(~4N1bKpl%RoyNbRpUkAV}}$y|xtgD?TLi2TK= zwF9LAL<@&1FpXBB=&_3NEhHoZq4%34JcNM6dfR8+u2}w!VF{lrn-f)Wr7kit7xkwE zx+&J-TU+efEBW1aAUJl`SxEJ)07_&_Re`Pc%5AS(&vnyhpfZUCRnk0gjz=B2u?lk|_Nmrr zt_Q(MVj3WuOjuEp5vCv8OU$WV7|lI$g5?gll_NdgEcU(n$d*@nXQ)woF`zh-O=7r} znNWDe99D4&*wa5J`h<->ur|j`{RT^ln*JODphZxKBO|L2D*M7NZsy9#XwF6So2UqN zHQbS&npU+fWm3EfN4wvQdrOX!8?lbgrK>`&JC}6qGk7xBg+Cb{r|mcwT1`dZ^q0zW zOOEcA``Ib(cafje1-O2Rv1tclEERb9U!v8~^aF;uuONXMc$L^gt@Kx6=S6DVuZNy> z&_PgRyhf`d`?W*GW}qHsWc`ojqr~w8yh$5cy*y*@m(*&++Uqa9;BEc1^D=L5CG~-2 z*w570Tg0Lam-YdATPEH#=Zp_aYCEFI1z0hlLVEm}N%*Wiay#Gs&;IW}qq#v>tbBH( z^`AddeF{NI@AsqgDB{J1NOqNolFe-7_D?LL`w7Y5t2&nmM3?p#6u~e#mJLF zr^UVcot1DHktiA<-Dx9&sOH-f#WtF7mc%TV?l0sscRyYtDp?AAB}L3ZbHinMh+{ff z2@i}Qgw=iUmKg*6`vaxds4?8|eNv4#h<&;-?4+PqI3VW6r!pRs)o&L@Dn3?Ar~3=rAagFdkBH}OB}qsydOi#+~)KVllDB+P&!@N=L5`J zVy0N_m8k^|kmMXHqFhiSf-x!_^rZdyhE~8}mJ_~09ARvftiB~-2GuMO2Hs;;BVL>tp!gI z0(14ymv;}vL(nh)$LM3aoWr}ILu+s`TdPBp0l&91%#T#eLwCivQ^#JCwEO%W#AJ_! zL7LyJn~rZImWGZY`aY0_9N{EmH-oP5MZ}qdxHl(mPA`F)JNCRDDh7kK>*MzD-o~wV z224FnZ<}MB_7=hGI=Q?$(`OsKYg3qifvboT7GDTETUdlt zbQrz>xgN$hhu3yTp3ImpK|GdomNquE&}H9El}Uy;G?_@~=9b~A9YK>_&N`(jnw6># zepX}}`NF4bI%N>-HoTx73ME^wmfwEhaoF@S2*pl{p|(^yErsgf9_A6lHrA@u2u!o0 z%j8|f!o`)vbaXX;wXBq1Q;~i8I&1*5PRea z9Wph|sb1g`D~`?O`c_*;~A zf*)ryEML6c$>6kk{O5D?44=h|PTyfp>g%V@jpY8Kg`W-F&~AG$$M*S!&9RC6=xloG zU62$vz9U0x{u(2V3~DuYY*It)Rgr9R!${ps)hUU6^YX>hYta}RpJ5njkPlEq5;|N& zin#}-C8aR$=`0qCCm<&=3^~*!ycGJurgtSs9 zjBkJDnq#CTgtH!_Kx;E$-{KCcSL>9>^_vL3i!HEh4jT_jGu^ecd^!WokKKb&Ye4#O zop);;$E4+vI_LT>q5AkAmSJ}9A1#PZXFwcWpZVuPuP6J4OQwwt|Ly@}-pv~Dcv+vd zd-9~?Q>D~S5zX$fbIm;Qd{^Y*Q2FPrbbC>w699;2x1Uo!66^zQJ8mYus}e)I2#W0P zocZr!1QMS>ZCE&Qwys2AUYd_$L!(=ay0BdDl~)Q4LR($DYm9VAvmmso)Amdd#ow3% zq9RzsdU=TuGMAm0v_hIHoyVjK~q0x*`Jv9uM0*vKh9$BG|EsRLPX=u zB^+2FZf@>&djP~;hukyIGkc}z%j4x+W$7>zPbUT;HCubmetc)$1vXDszXp$d#R*#F z$UJw%pLNb3#4@oCVeA-pv@DHePaYXAxWOsf9^YFlz2D*mbQuO`fF`|lgPY)lR^J2O zQ4@duS4mTq6hVo_^bgPR8n0XNodXz zwB2~Fc3fWO7k&PR&SMhcR;%<|c&Rr3$dU6(sY!SDUPheck}Jk)JC8)Ay;1nj{sqjQr ze(A>afDBf+G*v$0D2@~Dhr_kJH;o!GUyU8Bnp+pSa_cwn6yPPS<9wp5{5q~ET<{ZQ zgkn(ShoHcb3t$yDFAUuStj1Vf63eYVyt_WJ6n#*!7U-vZ zbagAwSEV*e7OCz;-z-TqAoHCXpk#wts^RmX097DteC-v4NfFYki!Ki4(%t1m%a4O( zQ~3ber{Um{!6!M_=0n=$JvqH$4{saQ;^xx9k(XT9`{}5f7FP;&2IdA%0NwcMsAGSA zGW$u<$|qJ_v8NWhc=~4{FC&6k>+wH(lCAZD0j~rxUYJD+&uIVmr(bQLE;*OEe7~&x zg5Y??9CLH_?4GBa z^MAYw`0M}o%fNEBMfm*gpBG}S4$MwQ+K7*6Ya^eon@_$Y-&Gcjm!J4U-~jy6P}No` IRI&*Af7_WwX8-^I literal 75023 zcmZ_0byys2lRZpe5+Jx+aCf)h?!n!ITX47F?(XjH!8O1DgG+FCcZYBCyw_g)>~FvQ z3wnC!nXbO?s#E8jB23|%1j1+B&kzt02vU-wN)QlGBM=ZD*kC?^U%4?KaRUGN;HV@a z3{gG)#D;?adqJaXr{mw;U0hwV-ACQ(RR+RDdWbiW z?O?b7Umy`bg#7&1;U_<$kbr+3|39apk?lkuAu!J}{;#(TpqRL#{r_C|Ki7f#Ad%SF zW2cY*|9=qKrjp24r0|2qC(cObgB3iW@Tyb$g|F=1p{QU4#e z`|o$>pPc>ASp4gx8}UYHJr?#^#s78RUld*L{~gDF{Vf-u101zQIQaXy|10XzRPCPs z=OfXB;mSYx82o(nzwY-x56}-8+V6jUEkU3-5jC~c-PtNF^V4FzdxNNi#Augy-BVbc z#wrB`g`}NAZD3G{l(~7SsHmvqEiQYZI4E7ILXEymr7T{hOiQi>Lxux6MDzLfcwsac z0gsHFT&%CZzsP#AUa908ewkWTI^g5SZ#9XTnRHeQ)k(3j$QHAuaf?q@!q(Q6)=P~* zotD8Uyl0vC{jPxlQOypwx`Ba#(4pM+Uj!p zbvoBj#A3a!z-d-KtIZkSu<pV=w5aKLW*TkYo$J*= z7~1aJ^LfhS^**5!cD>gG-~BL}Ja1e>jz{<1lGW8X&-rlo`d9!Hn-U;BiM09jH_E@@XL1sDjs zy?bskV=^-+S5Ce{Yhhs_ejRp)b_K^XPCOb+W`<@QnmKJESKxa~yF4~Vx7g&ELcDmr z4@$5%8j^nej8O!Fwb^-rV~8av$t2kwN#UW`e7zcF+)Yx~i|g`!9zoz-AyO?@L22yJ zZu!BEyYd->=B31il8kJ)C`Hebt$TYYX5xP3;lXY0>74bj>-A2%TQqH(R3ds7HdbS? z)3e16Dc6r7G#7>7t5fL|V)x6{=ybI%k7G`*re3QOfkMuxqv$Y*lW3DtMleQY9vw_>+(M-?iiS{Ctgs1l z$m;B2>pg8Ne{7?}f<|MlW0(cjx@;<5@H)kcUmi=?tk#5|GS?&+@a%$AYVIX$)AxOCT5;dcqCgm`4Dw%Hy7_U8%!TbIVkO;6>24gD>W&7yp^C&5;5nZWMvfz zbErRwh)B`({BHbsgm86V>1%vAa$7I)nzp@#S~t(3)gKuNui1D(sQEAfiNkY;)v63s z%bAg%n43J<5!jcV23=7_7l! ziD+dVxT|a!k6-Kbd_Wqc2#g^BF>}s1Ay`SkA9f`v# zK3}DsB9hoS^XnYZ&j>onEbSu8)+)tycs)G%(u)Rpxr{ z7=0vxv$vcs?Lyrla2P*aE&NtxDgD+LX^NAdTy4=I)(|&sLQ*KZsHD{5;%qTfUza(v zZ@k!QR#U0bsfbCZMa;TKpX`j6Ki9~i>aQvje&;b4j&b!z1Zi}dT*l<0X#tzn;7tY6wmiNTQlH%M2@ISUDr7&l7LT(s1k!#EpdYXS$56yyz|TZ%11cN;a~RK@Z99D z;EZKl4T7c2jMZ+2RNTY;{)F&>koo(7kSNY6TQVTl%qx6~!N_#N7}zkuZ$&}Z;T_3+ zx04``i)Qf>1}hzmJRI>%#t33G-H`kt)OzA0(4}DGHR7PZ4;}v>wJDvRtU7c%3*W#maI_C+=*- zJay30@?b!?r!pj�qI36L}ZP98CrIgZw?HwRkcyp9?_dY+N6 zPegMnHeAMeO9V*Mt0-~3q?M4DLwu-kD3h%FYi=B`dX~;gOgTZ zj~_MAs7$q*{$Kl)3jj`90QDz5;F!Uj7XSUpOuhM(aD&$jPPs+LyWjKfZi-$aZS^l5 z8rlys@)NP2adnQLXc=RX^u0yTI_!VWR;jL@?5C2mH9u0^Ija>Ln-t5KdW0JnmtnG! z>rE?fk?~QhO`{r-ksHR44V}gn{#k8XrBxjXmRVO`8a?i}O}W?qr5_A`K-pxe!V18P zx--7jCGfZgu{aLG8x`A((pW5CkMm53x|xR2`Rf|GL=Iwa@tTciX71(Ei^I&CKv~qu zq9tINTTKxe^?{V6H$-sRddv-No-)Tex-|0P9|Pgh(2v38jE#EQSqYG1K%(nn=27Nu3Mrpx;38Xv*XHf)X=;PhC`?YKA6e%?iS zJSWg-81U8M90XM~QAT+*{jGNp{a#Q^l`k@^3UzyIj14#@sq9}_yznfbSspYlS4j|O zV;U}*{zFsvXh6-m$f&}@K|JQ}YT9#slUWA&b_lQMo%OcoSnI>F7CoaV zj zPY7h(rUHjP$5mZc4MOACu#bve;t`t4Hcj#K*n=@5qF4{gt_ZWe=f8Ha9Sq>h2T4@^ z;q&h2YT_Qi!I6gpCjzo_nPB=urw2$Y?W;-o%hffbaG`Fi`9;}OFsS$ z-%1&Np=eemRijM0_-Zn48Q6N}f}kfFKYn;(X_soer)UDbSB;(sfLqp4Lo^&yB8<`HHoHL z4S0;k?)9U{By#7lRR7xgED}FuAmTB_#%k!Vkj$w#_>zt!)JZgt$Hwy2iViJlDW{e5 zbi=XjlMx=TTP-tiFmnafWVv`nw&K($+@%0!gHe!}<@IBYQpbhio-EeTF$2^~93w4(;&+=XmB_ zxf#dGT=H>Q`D8lsVNK~+aC}m+2??Z{9~**fx9@ejO)=cBqG=1=`?ao)Bm^X-E!!$} z+r`g1Zq?imo79U6nzuEOUwl!l(yf7;So&UuvJI!U(}E5*xwJm-SbkI@f>rJuJ|q3X z2x!R_{&YEBSHS5uXR8EqTr1mrSz}At-q4ue9r+WVqs;+gJ6@s-f0epAAp>|^!MP{7d3G=2*8NP+YF>^LW^QFE zB$OcE7mLbB{QC^^Ki+F!e|3RLGzMpiRx*7)b=QA2 zebVTVzL7aZjQsZfGw?VpHA2dF(NwIjJO}G zZ8)GyFz7cQCL0yWvswFPUmz+jo?g08D8d@K$ohQAJZRRc)nuvE>EVn>NCE@`gN?PL zSPCC{p$XARY(=yt=A_VRlOweVP40|nzTr;^zCWLLJM<%P?!JOA5`LH=#W0xNco{=JsMBsM6cOnF}}4Naq#!HZDJH>wg0*k0KT)MCdn z`4#{t(n?!_`WMo36dYD65_%plE*2}b)nVo~>`9_EvYSw{jm(&v0CO$-7f1ivZ3>Y zmYi<+rAA8x`{&~b_SiewCdiSEmF6@cS&lsnD2}%yLRy%Rey}y6o%s=Up;D9enp%>NxXkMc_3B1~<~2)X z;Kcv)Xz=AF#!IH=(oysBk82q(=I3$H%`zwBGv3ui2rM9ZqAzkqKO+@l*ao#{Z?_rI zFFyPy+@7jZO=d;Qzc30pq~B?I*_YQ>$tGot?REFX-4vYn`NwOl()0cMdhw=2ZPn!# zwE_u71<+Ni_qXIXtjy}AJt%SC%Am|2V^xl%z&4k9%Yp#mK60{-#K1tYFX#s47eA*R zW(m0qRor2fZCIRF>P;#dZD(Yka@Mu`R3bv%&mq|@d~`wHov#*fHHZw9wg8`pO=w2} zU1SJ^H}Vvn@1ab+zbk>wu8U{wA{!dwJr;>EyA{Vvd;k3$dK4uLo*ED96+xb(Nwk!T zxN{EyNNewHP3@N4?JHwTmRdMVidwMOASR#tq!J0lz%}_`NZSjG30xr4MYsD zX$W%J!+enkGiF}Ax;6`H|H}K}=zgk4``k(aV!c6^zWA)Bk)M7_&#{Ni%);}`KG>>N z$J;2$BwEGElDGGA@1%{G7E_!ctvFLjVX`kEuGOr{NlGRY`ecy#%4Su`ybnmZBQ!hv zAm3ZQE($AF*hl-&(@oLE7ng&)@IzMWF6iw`(;1J zA>ip({abB9p9BQGZ3HI$X91&>0`Tf50&|-gf4NN<7)St?p(adnm%-pNa7yH7(KqZu z7A7-ll)tE6a03OqsB0+3-1xY#(71p*nC$wC%h9Y9L)Q)o8Ui-LMpvqLz4!jN#U`tk zVk7EoHeGr5hC|LMeFuk*@`v)1iS z#(~6@&)?CE&+_LS&MdM{%Oo02KzqMZR~?kv#T~YHJB##A%f%DE;H6Mqr&K1{4!x1X zC0EbU9BYkAZ-HSSaf9ht;#$c)cfP|a@Snadw-m)rw6zq)b(b3ujRs(%eL1SA8H3K> z8@`%qzjzR+f7?xv=RXVuAHi4eY{U40SwtZ8c_*b*n3QGl7gK+txyj-F1wBqtkIZS2 zFzdid^_<G_}vQb zaJXK1I95#(Qx~cgHNQ65km$d&iSZNiNyRHqvkj~G)6JKzMN?rdk=x;LgO{FIAb25) z0UBusiS0Uw6`HLzxnFN)f+W-0!Tjl3x_;%-s8$Y`{A9E8!K?^x9pM5*3jtEeUUvFp zOit6;gUJe{z;tf%iqG@uwCaMKsoXM9x!5xB__o|ejij`OR;u%7SPrDhqp+2&Wo1d6#7w5L z4QVU!goYg*p7&U&%$E_<_0GQRC&)AAmR!)%>oBhi8yS1*{Ps`lBPb=*Lyx4YRGnB+ zB9a?O+_OJa=)LM zsyF_vWr41$oZVrTdn3@&o=B^$1r=0e=9@TNd~`2N4tzd#EM<1P^K;6=hEcpe+m zW;j{~0dBRLox-eV$m=uzkyHHQ0|o1*sS2EzT5NO1g^RJfF--|7)T(Gu+P>wWf%9DM z4)ITlYjBlJ7GO^u?QRn>Ym{2E!N*ngzRC3<9?~ zL5qd1tg&oX_2NSoMP%Sg@}iWK6o=36-BD3<2*x>zeUi*>Q=>-NC#z-^h3_wulcR;B zu%OxQMS;3;@{FIS!KvzW`r@B-r?ubG+f_*I&XdI6=@P-3!KX^ul*>)xo+fwIh4vpa z#ZfvQheaVNK*P-68ouDHrIaW9F)Td%D;e|(%6#>lRIYfGLuFp7by##XM}kb|Pi+)5 zxgEuJ7aKIV9v;$49<@phLpRX`3b_uX-RG=>n`>wK3vm8y673YwWQgS0ev3;@bu$QS z_0smTCO5c>g9wWh$>6Y|i3~!Nh^A2lKfWf}9Dd#6Z&@@Ev%V(xXRB>z`u>`k*(nf! zwBcB=(vbq*uZ!lQF#emeu88|e?T+B}9|M7}x=^iKq+X+UwVR?((6}NswXpX*(_L$rDtclRd;(pA zY5jX*?~`?nW{cw1EOeV~%-wW>@@N1k_cceY(35zy$x0=z7{PM1up4V6U9}>j(M$c$ z2LMqbvTP_?VXyXgC)k?J{t&!)okYNzpu+c)eFPTL=T7(CWnbG(2Iy)cU5Grej^6KZDswE;P^XTLqTxcYHPIFUN$ zfq>jF-~ILJc5u$-=3vSc(%pst*FrdxWgMLOxf}qNv!#Y?>9V2B{fC7I z$hk2)FG39DzFeZre9{jN&uRm?UDWrxtcnJ!D3+t88x?5A3KEl zDsGbO?7_-3Dgw`+1nQ`xxp*P0+jyp^?5yJSLVuV6|2mCaGRbSoE%qD-+>HwF3h}Fu z>edc&j|gV539Eb}1?R78*HKYXN&oOcdP6aUzQ|vwivH4-7W0*hLeEgI0iLm{%#}G^ zw(jNu+=KIo3GsW94*Apq= z3$7u*Sk9H>gUT^7>WRn9mwn$J%^v^uu~$35=@wgk_oK3so$B_p5m(f_;ZPP+j1@bc z#sX2Mye>_wT!H74hM*8O&cpet4EQfxlc`4UU>2=7Zr%62(|XbbBUN#06D-xFWDSyW zLah3P2r>)ie*Yal_yRjqlGUbH3NBJV^~X(8bd$H2F&q(#G3nhA zRpZs*TME0B?hoB!kw(pTlWc!bOp6!vvNGoxJ4`{@8r_ir1n4=W`jd!nfAdr z%UjDoKH6M_qL3PoBvOlu%!5g&)~#^box+4~^-^P3MglJv0Txgc^F`80EW1LVx}MK? zL=dU4rtOw(TGBlC`rsJZXq9W6DKn0`bT4Nt?!U@H0|d3dRZmay2Q0ULDA#br4`W2Evvjy&3iaA* zVUvRh8CPVT%`RoQE1}HF2~Wr-zO@D z?tVWaeb7|1T(0hn2MPlpLn+y0Nk-L@gJ?N`9pqN<+{FkO?0+;Y*n7nbIwYWrf6M8) zZGIHFQRoOPFUD8aZH!Nj6jC^p(f2%MH|m4qHnx*Hfex+37;K8+y$Wr#U0;)hXPwst zORip*zp=!b0a9YM$zI!0obY9aIuU9S%yc{Hz3nZG^!I3J*^veIVgp#Nv!#lrE5|m% zui&O1o6u;O+a?#DjyY|Es21(f(H4aXi<4?eng{t#XoYx5?IOvHSa@wT=yGk)UXTL<=9=4G(8i$*MOsJV%PBh%_7R`_xP{1wD`d`7Ea{-&6 zZwL0_`j{P8~C zJu7R1`72KT@6OwK?P3v$InWq7R*RFxX)Tg+s+^I{JeYtJ)2P58G=)UIu>1O#ArGg7 zG*4peesMqpcDc=8{3*krP=BBZX#EFQnIr!x_#n0Jy>BDZIH_>aJA~S8^qO80i|Nq! zt4s|@>Q|k z?e`#WSQ90kjz1}_r08M2Qo9;E&h7Gge5U_ABhM9`sJs3Nf0#O?dL|%hdfB$y=0z7r zBp)ScM~GL$`J;nOE^Rg35E1C1C!bIJIns0_d@hqkJjiK_BJ`Mu46mwS&dH%_N~_^_ z2Ufk@*TzAZeNAG1Btl3HMTWhCSRJ-ib7Yh&lUgJpO2Xw&p#l2i17SBM#b=S zkg1iz%P$xGNEx0yErTBusaX4O!KzwXeVRKlYKCoN=L${ox)1IU-Ac(?h_rsY%6%Oa}i3-p`VwSqR(iZ_mGD93Ju2YtpUEf~oRju$* zQ43ACHsh;(<_`7z(ynT}Hk1Xef4OvISWk*b<{}CZ=EQZWFOoREc z@x!~(l0gCMGKU>QAd(!Lvys3K5+vw;1yCP>Y_mkuOjBXYO|dR}kSo?C?9JQ|Y_~xv zt8Hz-H2q1K$vz}E|8XCeiTbBnCWjCK6uFMkg@~fWjqydbQc?Kglis%A+y`YV3h`gX z)^)SaSL-M}T3c<$)vOZ}V84oCwxVzA&RgPx%q!s?vu6+xQaHpP$cEKa8${)^LbdXX z_tyiAo2z(`ZuaQJU(n|TIB6T{(8vUQ`tXSrzI-wm%*=pMN(@AudbZmQ^P?hZc{-4q zoJ>6NxVXd&+dtiwo{j!P8%du?B2~&L>y~quyF2+sDX>XntNIz|AZMv5;1ciEzK>31 z%rQfu{|emG|5B+`5T}q;|6UdNsNi@?2hsz&A@}xD{UJToVo$CwA~m`B)eRyODy89I zA}_Iq(J)LK^kBcP?G|P$Lo$-|g@hg0UwNWgW;6JdHaM`DuCi>jCYs`%EV#VwavTu= z8hZB7@O4cTj%96Zwbs;2x=9p!3+)!vZKlf@d>gkN1$_8St*=wNC2HMi&ENI-Y!xBr zNv0iv5YF-)+t6h!guEEMvy2+w>7;NZ^ANkxAX;^|1!tjXb?H=zJQ`Plo1{N00LQjQ z_&tFU0N)F#J%mj$ep@h-=C1r`0EgX2Joo^|3omH5E6_ETbUEi z$e3VqRRy2H;trTy;e`a;wJN_#_|6Ch-PmeA)di>H;7A)!E3q#**K!ZqpU1eK*3Uw7 zDSKy-_VpJ!1l4oz4Dopg$ysr;m#)MkrcYNG+&JtF0yRad~9=44gJJ1%3=7b zkwj6`d37YDrF_m3Gw-TDeWZ)zsM}!np~Dr=A5)S>1c~!PW=%kXp3>Pvp&K4U9^& zsqBJX%B7|RQW1#w$TpXjNfOoQ(zex?Rt_jfC5_2R@ACZFQU zwOUnS5kv}-w59QZ)K%05$BGlh)2F4|3^~Ag;DE9F`|-N*!kPx!ScDgA;;-%kt1h1c zdsAtDJKcu|Qmff@0wfh}x;Qe17+r!Sdefm_tofI>b9^}K-V()g!An)^oLIjd>%JUaT;)x z5-Aa2?jaTr5*8Qd5h3c1M-z%yD8BCNS;1RRjA^ipb7<1rAmx3|*m$M|KZhXdN*P#dIiuppz`Q_3d2!~UxN!E+aGF?yZ;e~E;5DNEcaB9OM zj9wI+d^geXZTqS?4)1vWnw&O^SQ)uKOTcnfwHfQ*fj*y4L7ukVq(;7P%IfD|DL*M%x=*Ga=+{3X7Z^w*EcU#TupUWk}TcVdZ@W&@-Y_)pAMA{2bb3LUNb zH_>C(X%{TO;sr>x2C&C8F8}kOjv~a-uwC(kKSgp|) z*v{z*kQ?X)Td1J(u~SOGakmSEVfsbXL#T*1RnNuk0Km3mVwT##{txMj+{1XYSdtUR zDDbZ1uY%@B@fg3sl-&2IH4?du zme|ry2xP(w_}@l{<3ZZ4(kXW!G3Q>1S(xDuGCX{5BUsXVB1PHNtvW5Hst7yi6m|Ae zSI0Z8sQJCkL_Iugx}fr;#sOwe zqY~DO$CbN5Y~+1x(*-;9Ds8Sms5ue1WN_yz@&+iDU+_+4lfO5s0>_MEc{OF$Ei?+kk?qFg{9)}MhHue+>DslIZnXo}XW4K!wSTn!1_%~- zi{4XwcFW=S{;Z;=qLRogNBIXEvpCZV$h;&x%sT4yXt}O<&}6l6CYhnMvyY`_utQSg z#!MG0MR;bLZPsp_?#d3AMa9ZGfa^3?i@~mFk}F9jcyd2QbIsC_x6+As+Vxj6kRbf< z2?CH$q}0h?^7W~SCXL+yA}D#SDno~*Ca1y~CGEZHMUS26x#DBVy{(g=a4IMTuxSM*0ESDA8dW6(GC&r(xCMK9Od zO*(#`Bhr9Io9`D2_3_)yGNtYntAHzGr&zVqoNc#GgyFPM(6&^ov2Gk%^hA2gDBhbs z)n-p*l|LoQiApCU^y2=O&RI%MkGG&aol4!=mPO=>)G9dmExkaLOh${XjJC6_dG3xQ zjs`cCj+hw;xb+vwsnohJI*RC&0j{6vwwpZEQo01LD%2-Liw9RQ>ZO_JWtxK#@h!(2%uVD&PoU?|X6c_#xm`HB9X-$8&r9@6bdpQ+ zeM`C`ZHU`ASDg}wM*tZ8FWC7~V+2b*_An4O2G)_&pV5@Bgz2 z(_v|>etoID=3weZ^J;FnbLd`YS-g48=5o!p8!Zt|ctUHe3$v8Yez?hRL%Z&Av1)Z9 z`C4=SbA=kr9k?|I8HTd-`qZ=?(OfS-BYpVkNIH_Z>ACuHO4_}0=b56Ky51^~g^mb$ zlW<3HjW8_^OVIf%gnv##fddHxUkWMwaZUH2=WB|`;Qb#{g<2<_5^mvhQemc z`=vwC_joax!f#11?$==%WIC`Daqv_AP7tYu=_@VbFLVO0%%kRUWoX8jAluL|$Q5nG*LnImKs;}ce#gF=nRw+!C zqF?5f?7(A0gwRvnbWEQCNmMlb)z+j~DxKh)`n2nwrrBu11h4AOw%B<)Kn^vWfGq|- z9goA>oDHP5*yn7(O_48GuqjrsUoi)EnrCRvU`JKpyD5K4=oKBJ=p?TL^Xe>1mbMMw zL#ZB()J}O^2Cu>$iB8Ouh%daX(JenD%2DGcu!zkFf}Nf;i91C;}4{LnC1@^*sGmgRpS?+O8vT1bRiG5`rCO zF%fusC@>H^F0@1L!H8|@qm)Z`3VqhfLo@ku95%jCXC%>J-tH|3S3>=`e+Bj`jK&g+ zjGf?cqEk@)l|%ft!XSF>s=JL>>UBhOnLO4&y z<9g0c0o=vjr~qCr&Ef6lm8>Oe!X=xl94Ji}Edx>U8swXQ=+WwT`E;iXt1}heNg4#u z6=bdbat^T$Ujw7dc5()ODVoHX#IKgYt3sq&4T)%?oC1bXJ2|RWFBfp6WQtO~ntVLK zhI`$r;>FG2No7n(p=Lmi_obz&&nW5Acu>WzBKhPiOTezPd|Tu!3oAP9@QsNj3y<|f z0(T)pciS&;Be{(Nw*Nvo&Rvs?1o5Bto}l(sY7&{LIs}Z2KTRHD6>d+^6Sl1X2VSSz z8X}76K$(U|NMA@?W^uQ$PSn-aQE+{3*ay3E$8au$B)NkL;Tm?wc35X*_058MiE&{~ zvm&HZQOx{NK|lW@BqAmlvhw1iRgrzH*n{+EESW4eDr%Ua)jr4(H^Ys zqq8h&vWTA9QWpjf@RcgG#6VBOk#9s*<^gyM736Zq3rak~MqV}!McsXkjk!iePBzPF zB~FQAqnyK`ifFqn)YpY-QPK_zO<2+}LTz_7`<{~+3OZE%sqx46c6`|RyLz;}s1=h@ zs;AAC);rJVT?u>TRbSX1jsm{93jCw4^-PK8PKL2i5W~2vd3Au~!}Ie}TZmGP4Lr8~ zb|_S9FdH(n4QBF>-=L+%h#xTOc`>XQud;ec$hasd1|Qr|mP09zvelS+RKbghBOVHCs?K^l~imDV$tM@&t>&;{R`y*pZxUM?|`$^%2ALI z&ONO{#M6|z1um!ib=Dk~M0C6nQ~BB8_R;BZR$M9Z#)oMO8i)N(UY9|7flclE!^HHQ zrAMcnp2v;2#Y|)L>_X`@tx9``OI3PkaYb0ErKaoYV#=w!4h$$SroeVY-z?MBa0e~_ zEgOoFOBJ(9gYg=(D(-yfjh-HNF2Pa$xbPO_x1Afw#i;u%DJDaLLB&K2V+b)hGW8VPf9%=09$Wa2UT=<-8zutteb}S<_S%0)%c6ygovk zn3i+#&8ErSoxfcR1?0nm9#}~eD@XaALqkI|^5B-oJ-852mGvh8T_pLk^}7J!7Qtk< zCIZVmZDxq+(w?6@y4FEHY9kO}P92J*p*ROj+D7J@N7iWYi0XJ9)Goi3OK>9Zr91#E z+oTzyw&jq`tO1IAGuT4agX8;@Ha8tya(M381%1-Ki0cC{gAFjz8pm;O&*PbbiYm~0Gd&yw4;U+%vdHGw$r_aAsB2pGrcagCE9?c=K9&{R`W zL^ccnsAyPS-5Wy$V6{-mm9`jwRZ=CTcqNTqsJ@r~BSy>%*{ zIz>vFt-VeysSxuWoP!X|~Zu zQwZ)Q8D+yLGC*uK=!H}!gR=d!@t+b91A(guspQVcjWVny!s0EL90@D%RrFTD@>}Kj^IY;f7I=ud5b*A4{G3r~fKgY*3pKh6MWgeV;z>9_+ zfOvBkqyqKHR;|BxnlaS?E6MBic42S=d3^^gs@0T+JMaFL+Jk;Vybgk8Rc#pV-5jwW z#`B)t_paw(I`2JwDWh7N7oRix-p0v@-e$c1gQ0{B&eu9kLB{?MCNz&$6{dYDW`R^; zAchz@9fjgTs@niu@gx1GKsWMW^MJ?fq_}E^p|tqaM3P%8b!Cu4U?G*z*-~|@Q;!oj zNAC^Z1AE4sXc))-86yc30x$AzQ{a4-C%I;rGxzHcxf+`;^Q7a_t&Z;a-RX2L$)>yO{fUIQbuX)gUsd3K5KPTk z!aO)qap#Xra@X5EBMH11%wv%L0TsmXdx*MY?ikNA8M&kHjIlb)^|+jVc1V}`I~#+J z2Dtb@F+6YE{fenz18M96j3@6K!0oerqKEuYk4S+^NXV#MEX%BIr5Cl%vVXeVGErzq zKNLqQk zQ7l~I?tT?|jYnxj#7H{$STXOkklk7DJj76@rdqI<(Io`?y$nVdlBUmGJ4`eR^Den! zT+#7_%_!f7g_^-vxSx!yzJvG?N2<>BxW=*=Upf|A&n}(8zDXLBPL~!oOsdVrCipI7 z(TwUfB}&^RwRAxhedy{d)CLdiPrpa%wt@L|>15w|%}@j9fXAzdi6Z%R))my8x1X-h ze}NN;$lp50K6HWuLNK`~2;(-)jQToQd{VKuQ^~Apwr>{CiTKUPoO^LJ%%ycSN!re-3Ejff`z6Qlxe(<&|HqaXj_n5~_}CaH1l~Jdz;cnP&8$^*t2mfHrv#6oDhj6G51`5K zn1`H!*=r+T2pnW|-D0q65Cg$KBHHr?)=B{lLxNK2;x)So8G_LX2?>ro)^{T5XlQ8H zvS^_J=5aOPaWj&r>MV60C5bnxvT}N2_I?sXt0h!e+53InI5*WQ(p3fohSPyA6caXADbl zW}&gqQSsTQrFM1%l8pQ{mmye|1#@sK0k_H1@=*Pc9J|S=^7;jro~vt$x-H9`N6KfN z9*vHyTVG!Im0D$E9d_v~bh?Y#D)mJcaK};GuiENF>u@jw=xwCrW=t~s5-+SI&m#-D zfYN4HlkG{+G`NMwtRW#mBS*LI>CQQ%eSJ=?6;G(u$FdFR$$h5HJTAXen-Z+*NwNHR z!J`!`a+l9i&uW8l%5Rw@oGTp-!{5~(DwYnW3U+7Y1(M8iyyxj)4;ba7R)=^HO)wKk z=|T?vqC772zmF!|VyUsr9ipc5PD``dI!y05_8?{W1dL~Y@PC$ea%yCD6#&cFg*vScT_G~F=Sj5cxU_y?YrF<{3?v*? z)m42FO!w;Vf-Unvt|+e&K^ElcGUbv?SawNfsE?lzQoU{0Iu=uv?@tz$4{9n8oog+* z!NLj&*d$N_9v2?s4Y}c_qc)MNDWi?M2M;mfgj(XE+0V;~U+d|RZC*2y-|fe>!WSXU zqE;#X&XY$^rJ}uvZ+4D|-*LM<$m2Hi9GI7eoF4YD2N)i907iZNfOLayY2Y<_iFejU(=5E6q6?Qg%N9EOa zCCVtZ>NO&?Bs%@6n)bpHGMTKSq}_T)56Rm2x@YJA`dVp6{!(p`CkS zz0nY&J6O)x0q-{sMtoV6N4;X%G*VF8pX_e8%kK?=i1@f#PWq2vKgTXJyYhD;BmxN; zrXWg4_f$kC#D#DJ@E2gQoTWNkX}zAZ45q!OBL1nC2FpS6r(sOT5bkZ5uEN-eQX~Hh z8d?EV1A8zPnv@54hM~CTielvNa4k3i2&0?RNVL@Q79OOCFi~ z?$Lat*co9wIPjqK+bR3Oqc55qp197o21@aTy^f z7{*e&WOJ_BZ!S!vY@#G~Fb z^`*Z0rHETvT2@mO%xBJa6-KKq6XBVEWNbfS+1_{Ox~)ZFo!a8&?m{*YoGy_kJe(>B z@p`r~Ajx5Qpay#(0#XD+PhZ9HL$l@Acj;f6p(tdb9#1on+@YmI9ppNowL=7xuJy0z zyWae0?eM3E8b*0ua@h9o7X4jOS@<$t9+1Q1Dm@jMp7r4KJoPk4+*=679{}8e%pgQ>B+>L2p1)%~;{T?(w7&f^sXO4ZEg9 z?i`nzf?Kf=#+M` z0Li`I_)V$H+Cq7suG3dz%cAKiV?wu4dQdLgEV=#jG^}635_^J75?RiCQB)!=p2c*? zfhUjL^NcK??RN5MxqEcdSzAo#g1e%L0>X>{AI5!I`2Po1L8-n=jGnW4^(vXFlm7#* zx+-AM(C=dN8zREK^wLZ6srr1Nv4Ko==+MDvAM*kpb4Y^k5ZQXh3=K}Ag7z5FjTV)ez~e=7 z8zkqpzo>CRyT(iBXcP9LZnrD1@DRXt0JHn?pKMCu5%0X%U{?He7; zm849aE16sNDKV@d;iq+#$U#?%r&cwSUDm!>NqFWZ$xKR;Qs?%Q;Koss{M!Uc|K}e` zTe4AtYgUpnx8EWmr{-?Wk`=R0^LSY@l~jeF)J5xkh9rGET4xFNN#p}}C@ED9;+l<; zg!%5&d6F4TT`Ed=uWk}~^#JkIsCuAj>c5)$>v&22eS)MdUMpEU)zrLvgalP7E5UVZ zNN8KdaLAP!j7xo8*KLx7x87C1(F_SHT}H}0e!n`C>box~RT753A{p_!H2{+ml3Q++ zpe7B3wkCe~o@A+}(4$e7OW%FFcq(fo=G}WF;kj27gJg*~?NkX>3#6p)z88-YwNiK9 zl&!#5jcCf4pCtL0-z9C)M)7F*p`Dvbss5Kp=xGOAETxS8MUqGVZ1D3`h?LOAbtQfC z#sh6ELEjcHS}gPD>EwbEwQ&7tYo*+N{+g^N!AVRy)@qWoxB!#d2mjtciawk`!%ID-DKLM!Q!g6Y>&T-$B=@?xGlu3nErTk_oDI(IuBi zgu1yDwtVu*CnhEa0UU8}8!}{w>Bm`t!7ek(wZh^Ecc9;Y|6Q=|gJ9l&|NVyqs%5o= zue1-sO|E?T@C=t%D)ojm z+V?VTJs#w~`|dMV2v=WywFFWrP@J$V5~56ld-dvNZcc7emW*1rZk@dL+H2-J=D8g^ zb~NB)S_tVyyF~iMrYB%o26&YKKpFBN@s8}%|VFpOV9@%5@wSybH@ao;vPN+5Ol(Cf;yxNQ9KqK_Zf|aHZybz9dJlG{4QCLur zEwwm`R$Zo^qkW(u%K8qCd49O*CxetgM_w~1nko#I~!FHYWts6>{s9HJ!pkp;PB}Y@9qJ()b)`yP?z4B>Ybf$n@AC%=l4?5JyE}BD3;6g9S$k% z6aZH&;!ZF|z*>*73M3dza1}(rir*-8Pyp1bRm+S$7)NZ_u)&Z$JJw)a!*~Mnbka#D znK3K`5O+AnSBzbKh1eJnaK4RGv6CJ%t-?ghOAm) z{6|1F#(Xcl@PgfKw&2P+;Lc=%6(#`~GxA=bwMRNrQVM`O*&V&ErKFx5M2Scf-LLryc83=tP;026D!X3^ysit?*zn z@a17*W{De?PJ)||PeFvv0aC?HO2_8yPr^;h1Ia@V;r2C&EJ*&xQW`pUH12fXm_nn~ zr?Z75()rmnSm{WZZ6k<9%a$!oXTS_24?q5v;L6K{j)*m6>HL_q;Kku9m|gRsY&s?K z;2xl3Lg>8jyz@@;vZ3=P4FTAAiTv`*FFAGc&6nSFbeP-^A3i)MSQ*5e&Xl~EN#w=F z{lSZm4xhTyxiMM5gH318EH4Bf^3MbU9ecB8&HNSV_8mn8c#&Oj!3E|T@iHoG@r`=T z?69|R&$5qu8KM8;H}{kk?rrZh_CB}A3u{a8K3>rFnJuh*i!>h{OvgR*f+5Ku=+OmX z!kRRf4Apd`@6yQDS*c3uo>a~9nG)Qw&7oBTchz{tJ^!K^Zj(p38-_|q=M&8S*x}Dg zijrh#O=$JH656S~r2Vr<(xNv=()<~c_`lDj^h0-P!Rl|Q11k>$V=|d%lF8ldY-FPT}=;e;z?`X_CGtTGI5xU6QeNpN?o#BzE|7h9r|$SdDrT+OeIa zEl`d1zndg+&NM0Y;Rq$Ux2q<3s*+^LXm((zprA4mQlqA1DiKeQ-)0K*C>hCNW_k~L zbd6h28X969blZDT3nHB-RkymNkKU~2+?=**e@~kaq|e46NcX4hSf4{*GB)XRrVUA( z@R!7X{+21$;|Y_99^G|knk4B2LPlDW?0aIkg!emJ%L-9~t|VVcGHvyE!X>0~Exo3@ zG}7~aV6$sdBL4DToH=ubdDa=Z^iZv4x&7-Vr>TZGML)DNFX6l@`nnscCfmbRBf3g| z$Hgbf2jBcI)90^{PHmc~NpqxZQxZ9G`aiN&wX~I#gr3-;m1KEzNX9kY-{<62PQj05 z_g|W^X6;dpZ;C8jzTRkit5>ZcM5=})(|6I=o!GXCJahjb*|RrZLc@Yh@Uc)erN{TU zMwN;>0UfNG@L*HC(rk%OOfsbU_bKy@-!i0m_&rxjotjlmkguJ4W6k=~^|V=PJW(Ja zSu^!juB{|}gFex*I_^LV7zm=wr28$m++v6j6ZdEg!NHoB@|_PvY3R_QMuUtphj-KL z*|SX?9>_CeS;i<3JjN9^;40%Q%3vR^Grq!jl~rLNd-mOe!h(R7XuB;@<{0B!(!Kxw z`$ofw;sb&VsfX}!4q}NrN&}Q4jQx05kq%PMI0#aX$+xIasE04p@7iL%tAf%Hi6uG$dr)3VDJX69$$jgEjmCH&4cgShhh3nY3pt zLOdXpF$nht_#7`{u?3UKlP8<|6U&O+CQ*(BTndFKW3s|b5DzS!86*lq#taz`p09Aj z0=Dl!)i<5L-&?nCH8Vt<>pLjr<|bbr0>}_%8<>CK@5lprya}^nOeFN`)ys6Ew*6ce zd$SWM8%;427<3@`Tyo7YIiWMglqD)E$_yO9msvMVP|!eQvf?XrHj5T5GA|YU(V3OA zFC8XO=;XK-ycpNPoVNp?-LfyD$`IKbI(gAg%KKDknO_hef zERi=3k_?TAyXS)blC*55WF*H+(&*o%j6b5RgT&Nd|B%G#6HOMORcc6?d)3TYB`YpL zk|s?s-yxD!zWPQ&)XX_;?4Po|-x=znn=UESr>Ku)Hc>VS_x}lR(N0RA(_caw*OtBi z_n@Tj-D-$qM)Y!F1q!U#931$ZT(8gT)obiv!`uapG}h0w6@AepG#P; zo|3gUMs{Cuxg;;0pD(dAg%p!NE0?d3)hky?u#Qn86qK%+Iz-w}?pQZDKW(yY2I-pX zpIenIzZjGzoAh^x_6>`apz@(FG5v~`5g8dFH(q_AbZ+0$SSZ+j#O8HGTP6A)y)K4) zXXy3RYZ?(Arl#I2<%u`GmQy;nRxNe|6J)Gfl?qZ_tsKI2J>kEwOczC_di-EmDn>C>&9q^6|F4An3vCZ|dpEwh?VIDkt* zgmeV{YOC7hbsG49J`g`;EY!lZA1F*AZwM&3^RWckmO-D+e#S1=Dvo1J{q9%kBJQZNDAhvjrPo z2#EJXP3J&IM+Xj02ptPEk(kq94nyaPfITlNNT~12#3ax^oNKQ+-}zXf!(h7YWPi_zLCl0=oI;o6T$>CObBNmUF;Fj*b(OjF6x0+#u!Nu@ZiDrXHL70 zr`f=q#+Q&UTt9rpAhzBEfg`Ct_c87qd~y@+D<+Qe5=b)>LxC17aKNBMYm*hEES-tZ zOo_=RRZ1Wu2An5Sxts*+C%kVDLzKZXeeVV~2a66yBqmnkUU*4)OSV?8%yqX&P=oB} zJ4^eptn|3-A-yI|8vm;V&7Gm9%Kxf%Rd?vfJ9FpW{VFZ}ymEZ21#@=BW~Ll4{3Qf~p-bg)}vJ$@de?hag<# z%0x=pGNp{Rn7W1PyBFItAV;W=`=E<@>AN;e?jHW3>`;^P_=IFr2h6jPL6`KB zYcD@tZ=-P8`0oyxwLmRAG_THzWrPmh(oCxS|1ip9NEt97q%diivkf9`6~(T#TWR`1trdi@*|(F$?20@?qTLZ@lZf&yMr_W$s&N z-*bJ>Vf@s!YgeOyK!b|aAl92KN0{4~k9PAxGmFKa9c!Y zW+Swn2b!CghuY4zQ8y+Q5H!!s#?j%?AzBjQ+sQR)(j?ao(`2N7Y-en@c0VRMh;N6) zY$YE$D_^0r;{jwgmgSD%bz?721{`XJI2hVZiK*|TSk zNnK&&dDQYq)nT$?Y{ZO*vIj-xw+^OrB;(NGv_}bC>bS|0IBlXy7E-2$l)mkzoKx`i zwVJ;y#eUE8Pv;z?6iUrhjkemD=Il3L^qNW;C3{Gk5Ap;!wbvoy~X-(oKB8m-pRAgmFTG2;IbLnElkq;BEw$P z|IiBV_oy1l|8o zvL@x;-v3x-s=0h>a)JrO6&9wN|4QZLj%)i#)hgxXvr&J@Hl4VMi%Zh7RjW!V2mY8c z=>tR5Px<6dEsP0vv}%;om2{hE-CFOmks3GV)DCjp`kw9pCw{-<;?{Trs-;NROZ(I{G z?qfB&3-K1QN)N&ck1l#6Hvv%>9Yo zZ`0916Ri((V`hBNs57u9*aYiYLs&V759AV4QqJW=XTtwP z_PE{87V?ZA5T?@JW=|Zm={ZiPXzLCEqSN#x;S1`0&oZr!@I890L)FIxr!m|`*W&tw|`?JzZBaBcHqf{vF*VF>O5 zym*+1Eb*dPA0*yCy}uunDEkLdo`ahR3MFhMM+Pordk)sgLhq8w9HQKU2pFUe6jLA=KXzt zI*<12dINeNDfoA-*CC|WYr-J3dMyd5R!i&ejgx9d)vs1>{DaG}bwI+DC<3wmq2FCt+fAs$~7&=nY2-Y?#W11E4x^E?A5QNmiih$dfVj^uH^jc zi+ib=bz_+}cbWXXV7V^&v{kjlNhUIPdV01AuE}5X%Fs!JnAim4du-mddLUTIb4NY@ zstZmtBsvl|6io~1CUSPFKDSNP?7E5G7X|fCw(S8C>?#`T^Ss5BpRKiIg1oq{asuha zRS3f9E#PI%cfI%XopC9#Td*2}#93qL4PUW2s0VSB$AAkH|lH@gJ=bqpk6k!|mIYzTg zd%aDyaS^300|pE*R*IAZVdgzf8ww)0a`M3i3qNiwBq8Ixr>$jULGn3P(l9Q<@__rE z>kqd;sR91PI=bhcdrG`w@;?z}Oi1vJz+oR@ph@t8;zW>rZ$1XG5JLvNkj7!dhM9pd z+Ep$p4@gN7>nDO~m_OlxM|k+HFx!PME;Dfq@(HlOBnN)HJnVLGk3TOrv~Ooym}Jv- z(zb5iTgrv3_zJVI_%QcWVnZE?plETh`LWyq#{yY*-+H;P9DGfpAa+gOe(1t}GFu zx|~wE>>yT}3qHz~KmSsK+bc0P^hWy?G@RI9tLf{(gfFMqLi^&;fu;m0F;)rEzPQSl zUrW#l&Gi=pS+BZK6&++)$%@amxG}%cZs#Eowk#z-S&7LyArLMpzx<(-2a0DQiKkrl z#0)hqeaYog?zI=SK>Y;~hQXxkpfX&wpsUs#V2@l=HO2LyI8&mOxjS!D(?Y6hp=GmT z`LgWz1Nz+6R+Ham`_-`o@Y0AVheeWY<-n0ET1vk((oaXd?laV+7=Pb&8#Nf54$^tA znfG9DXs)FNDgOWN*drComoY)OeBXJtJiE=pFIlzNEICEg>a%-wmRJAxgPh!Qu&zi{P)ik?S^-41E zqSK64x^8Sksazlt_K?>pMo_`nv-BK1#m zZSz!iD`pEdARZ>O-j-zt&N%XK`Qe#Y2@ql48%*Z1EvP^Qks(8d9MspNq_9?a-g#N= zsNH7?p1-l0?}P&HIL2h*htAgPAU&<&+X}Jeb zqJjw%9G`vmnNdhG!9oOdg6vxN&XUwF>RMo;jK2hglYt@wO?*n3b+V+TxHp^*gXMuR z1sFVduo(>F_ll;5nY@x949ux7*T8pH6_ZhB%jhg^*n96baTC+_n{K+vbRhU}BjiWN z$@MKPtragDK9_jqAwm9dQQy+^s%?8}m4{PqzjsSz9#;@c@*?FnsnM+n1hdk zmK}(6o(dHutY#BQ+BZvyt46rK>pqFR{u=e&-7N8=bPeDAg@(6mduZ_rd6ts1(nGJ8 z`2W2pssC=!NY;Nz(ih)Jsq3!P@YfYI+HxaF-?v92-e}b6r(cp%SL%Aj>gkw~yi+ok zE|-YDXY2aECmou1A@8A`p_Lm-a{PSB)HPuDJ@ukQ>ck`@IU`ByqP~0)XZ4d%U8gyy z@&R+qq>;Z!NbP3?!knngSRUwuC6|)Wt9XaOJ+ix?7QVY z3GLoqlE(ZjDXaggj*`ylf^_#a!%VrIA{z0!HlS#T?FYF=Zp}}3ee1jp_XZOtCtdSsg=_zrVRk}_@ zd*s41PBKe2z3~1h*{1>U&Og12G5b!{a`8Q`7g)vhWhcT|f9E#4C3bj5{bpn|nt z1OxlOn=Z|%o9PG5L=;>$NSDLfCnLw|v#G8Y&2-Z0v@BYBXj^hJ$m0uVHC4naYPq}h zx<4UP{z^w2@3+7@ft2x+5^SefEqjrEwf_^T(_W5L+4 zVMAkW$=H?PVPN2Eed(Ro@${YGaZIfIKYQl^AXRn!|1-0Fm!)?>cL6DailAbNiYAsA zQ;eFTG0_y0sIeyh#Kh!h)R-7eGa3_1qA_YLv0`taSOEbM0j2le7Pimq|NFViT^_^C z_GJt2=rFVI-FM4*_uY5Cr(N(OG2<8(z+OBT$nfM4YHw68pv;81>Z+@3;>3w=d`v!E z4ca3Sql@b#nkSM$;f~A$$)~Lo4>?-};5Lr6i_FxxBm;Wca}PHVz`svmh2@#W3y{GF zVSuqiexc-nC$59*0n+e+a(EB0h~U27P%RMUdGQdhKn7qEBe95+B^&D)*{xa7Sik|f zXrGv4wJ9w8o_suLEX3o-k2m6_(RflH@g>wx-$}B>%Z9$Ea(8O$_d4v~t{mXSO9pHN z5voG@PyXAs=>s8bQ+N066}toF zBw&PV>P7xq|Gnd)NN%R(UwNUGUh>`QzC3=9ZPN#;=}TFa1IpP)9a94)E4Qw&jo1Fd zl>wshp?r{{1NX6Leh*oXSI8PzWu>1?t2s^iq~!bOzkMP9xBvFX^__G6mo4ibf3~tE zbFF;sd|R(Qeu*-L=kPK^fGYb3=UKFCXUjhNSSxz*e->3eMbG`$s`P>U7~CIi{GVdI zD?j@1BiGAxJ$nbpqMTRBcuiYECEkUm4FdzVij6XYRs(mnTu>)D- zH5Rg0b4_E2xmKu|)Lowq;ung^nKM7I7Vt_H;d4NrhVbnn0!h)F$Y?3_7dpsh`pp4}ho|=iS*8oL;8sO9S32+N2!R^=+ z?Lv4GLR?3^$dI@ur!sI+1`j@DeQ%AX4|pH)K1xRL04pvQWdKod+_cBeGae|@FW>KA zT^#p)_Qz?TF_A0^nKD)TzC7Rl8azjnU4#6ICoJy4?CQdJxi2UW5`i)OOzacN3oQSP z8KnhYoEU%@e=42^`?oj!<~agyk>HE%xd<`9Lk_QG46Wdf_Coan%ItTH+cE_BXs;mI z-xNUGJ@?$>9vI>bPyzrT>(W;F>s#xahZ7AAivjxr<67bgOENCVEGm8>B0ihUfh3pU z8gBsuVEdH&Xu*iz#)XvQlw-lbLX9?$1>6H=+D}|KeEY#~w7q1q27IGwWFaS!+6gC| z;1*%_BBZY@EWG#t@hn^bp&$j@WAXJa*z}c{6)fzy&+|7gir^SYV#dqF1La^{z758b z?6^N4ezz?Sptb$l*S_Yg%HAWQu{})o5)2;mb0e|-;C!Ksf7X1tRM+|Q_5DVmB0L07 zkakDniyo}%Zu2`p+2?)5y02ShTW`5ddlfINITMLwTc=Nrx2}Kwy+yj`*Bp2CP?v-j zPdVTHmSx|0mz6H~P*%&?R($*2+8_A}%emlO>#=p4ZMo%-R=IMKFRnF9Uc#LRShSa~ zcSrvc>U9^?()XGQ{SW$-tPY*e`QdriW1EsE-SQ_{U>Ex(zVxf=BN>JvsQn* zb+#_QyVfd~FSoLf-mUI`M9INU7;hQ92dh7~S6`RdCqJMz@{Js@ZtWU3!aVi$@Ey)} z6#~iHNxfNn3Ha-)Di0DEUaI;@{`UIY)9v)n9`7*+Si_1(MV+vVRm-F|uVeRju#FW9par`i64_OUS|2iyJy z{gt>qQ(#9HR%N-)m6e(7*M6U605ZTF*YBRX_d#$$W^7!x?|*!vZ7(agLS<7wtt#pi zC`lmy&Oz1k3tn~CKSMQt=galGT)<|ItbZ**B!FV~4-6=PAD<~1*JHquH$eEdv2-F| zA%}Rv@IZ(VIa9Ds^F9D1W0_72(ec+HUm+`9cG+dl=uuEm;0zWR7%(JIhbKTQ?*-bW zp8&nW!a@f+csF@M=HlIip@ep^e3Ewq0|l1oRD=wLwVK^fFgV~&%)1CfL~U-x7%9LB zjC---gHw$gMFe4T-cs-TfjkT7L>3GZaw6}1KxyJN!E(XhC@F|RPIe96S;+e2PXB+}u5dF!pW>OEl-s%mq8@<6fJvB0pn)s`rrt#zIU z6&Ge6a2|dZs>Fo^V9dizSuDhUQAJUZDB!b55Sz*3%VNpBMjJ@oEP5O%1 z7f~L~Czf4aFf7m>a08BMix&xXq0LKl7iWQHp-ya%1)nifr;o`Y;TQGcTExN?>^uET zRTtM$A1^XrS6$-@&$liIn9C?y*i*5w#Pd!a2u93pmOzd%ukgrVt>eXqFoNKO&;g-H z!)pVN8lF9rO(bnW@ZeeV0u7q#rYIAshXje_f2d8UY3%r0`nuSPm5QC+?wW~e{fH(A zKb(lKTCe!lxfWMEB#Ee^g$0&AVyH}50o|=E$dy`;-1bA_NxFnhY1dr6@il8LzLng; zf)aY>)3jE3im$46Z;r3sU=hVdNBhe?xQE;b0W@jC;F6=w7rfLcs$fBtr@4H8hr#W`M9EH`~^ z=ahuVH2v<3kL`-g@Clz4{PSzgUr$h}DFHEf8e3DVB zy0~s{d)X%APkTCs@`go~mjy{(8bd75Xw7j2@`Rv=A_?yc2n7n>8+b8z0hH$nEi?iP z#I|$iop+vF;C&g6W1VUW5#xg!V0#3~j5}?gofei%wv-B$k!cafc4?Dz+Pmln@`ws~oLA#TDtf`LgdbLwrq>nvF*{AfWg(BTLS;jF( z?N(y9{_IwwZ5$xXsD$mqv<`F==+&WMm#66?HH%YLuugB2f*Ymg-umwLircyv%Y7ph zEu@eGZG{7bO5S(heNKi$zQXW8W^6nv@HR*UsBNX+bpmDL0eLX7x}nMHNCe=*wHT{1 z`v@Zdhb|Ny=?;fu>1Z54P{N&`1(n#B#u8w*Hb6`00bUBV5jg;6&YW3Wkw%?E!4%BM z*{Djwi`q8_nu;*m_vrU{?^ntTf@eM=m*W8fd0FhAEVpPJ&h@L=35eNQDDd29x~)vB zvK0cRli!_TCx7}#S#SjnWz_~O`}pEu2LM30Lx1nOChWuR|NAHr+e00#tohzSOYRF#&ufev-tE&wW)uUPIZvH;kD z@rX-Zg)J^w=JDp@1oa;okJ`!FTlqg3F`M+(`!;*d0z2fOVKPoAwl^b3uFVxmt;%@C zuqD$kF8qpJcHNyWF;}l1UG1o`Bb+;QHH59Zr+{T*jeGa(YR4WvO6yv=z_#4&Wi18> z<9>}L8CPtq%eYr#jrJhfdD(0)w!i%IDVz4;d^s?ryE(f>|CUL^kg1OBv^&?`pJXK% zOJ`Z%yUWtQT*`|r%Du8~-P&YDJM=Na(8wTMSXfx+I0+$QJD#=%IO^e)_7FRNZwiMy^Oq>@QPxeXV!*3G*1(UZlXZr}9WaT7TNJx7(2ck;al{@}3 zmVfp)EdQbl6}w!kPJ8cWRue~$d+G+|(qLTy)b*-%^0jgjZ8fp(+AgQ=bb-+$)Ly2Z z{dID`p77#ig@DNQS|Br;u6T8QQn}z)YOn466f^#_?D`HHrlYei7^Z=<{#6gkb#bt?zFO zOusCba*p_8_3zQHC21{3wRBZQ{HCwmuf2^3XJe<3`h?OA8#c_vCZq5TDda#~<^c1V z4D)RLiPtj550Vm(A3xq6eDJ|G5k62WP{w+~2g1725s73~-g?v6n8%LDmvBrW2ih_R z2nAv5i25X!Ys@%EEJ30P5~29meYP_oX&wSgOAw(TyeL?cLfX4Ikbc5Z*5joYto!}< zS?(`>pg_%rfuFsbdkq_XOhB113V}n{Tyf^HPe9Ez7?AMo_V+)q7w9Bu( z)1G+o9cTH);@g}AI8N8RT%c{BeskNy_J4nRz&3B$CcY_eT(>@!-LFtxWrHiTjk3@G zK3-w}N{iVxoo|Y&CtbG!H*R@giz3Fp*CB-*2szNPIDjmNT!%Lw+nGUZCH42e|J@~0 zZLQJPx{7)io7U=F*lx&ykOLtHQgHzH=#CQ4%UG}`d+(N1V-Amp90)nkyd1#wn2gt8 zFu?Un_v`|3T3t}Y6ny9V8o`3ai0a96o^k?AG+O3j?1z);tSG6LO$cIDoMB z?6c3ht&$Eq?65ro_^`r~jE}9J*we2$3BfQ~c2Ot1>RfXYZGG-@pL2U7HdUat;xen8 z_JPHea4hTe&&g*oC|)*aufw`R4s;9-;2}cBYiCi`kg|5bV@2aO+W-N=fV~Y`I-ZTh zZ9+U|OXS+^z&S47T0a4o5v^$ziUYpq!KZD^sG(L^I6!*`%hH{hEBEFiCE`xqr+JPuf4^68+&POYIw9I^K>xbcB*}Wx5#ShIqtOyI4nUdr7HHpS{$cc z_O)sHyF}}wMx?%H_1Vw5j{USn^A$3p?&Tjyjs;nL7thw1ao>*EbMZ>c5fi>0Nwe-M z)6h+e5`l7QsXPEe3OUeDIIv~Q7AGGOJ5C6f_hM})-EZ-3vOORBe)EA>grQw_*=0sj zx?n=p7Vk)k211~mf-&LYkOLtH>dyfH9$5=kEo)1P+WkIb966}ALRXKFEsCh4M=|f{r6owV{^4bJ?tj%r7wM{aW4c3o$-ZBt^BPiR<2|i zC9l3_70VY`=6=Jh_i3kuK)E?@R9IJs4yx!o346w1i9XkKTlDB5J1S&Aag z$h2r~zI7gZf<<$3ZQIk;h_y+mWXSXsV@%dB1<)JG+?ljD_&1k;)kQyx;t zf%d`yay^mB8M$Kc;K5EdB5@~1g^rs4sXq6H&|VUD-EhMVHgBHRzKjgFukz1+_A|$) z`qZ%}%Crbj{^+BR+_qAAd3ko~si*F-jp5nKind89j-@Hg__rsfP}oMufocwP>eR`_ z?=D`v*!Vo~zyl8a?Z5y2_LnU4N^+^!j^t#%agf$f1L*Yp1RjE8Avqf%_oH^_^X= zgkDQmt+Q?0OYF19jkUhoGHTL$vu(o5@7Zf_ePBZi``c%Z9&LvmJk;%t+$lH5xl|K- zT&8T&B_-wB3wfI@UcT1eoF+ML`aD~?W`nHR>bGK(alhV$1n!F$%(9Zjb2OHr*5!~B z-2Tszv~4_hLk=qHI4@)0r&i9;#7HxT^vW1FmyLJou+sGS3I z=g!@&09M{<)26x4jW^!twzlBKKoTwh?znN|nyk=b?{hY)#{%43`zoX9+!N0|+tZzO z)>+o8SFhc8S93rXsMw6zR`S}*R`JFZE1mYXbFJ2HRlicx>%T+jjFGLyK|^ z6T=^S3kM<+Nb|n+Em=G37j_Vpg)}n@rBaatZl!vVnv(CD=Ma#*UjIC&njV##^;&^s z+@{k3jQQOxr~e=ak~6yY684J<^vc94ubWOI4zqYgnH4Yk&{>Cx34ZGN*KOkDsWw`! z*oTZ7rY)hm*}y*CtXGdNmYXdLu9R&V8EH28y^ri~_djb(1ajF68LKbWU$(zuKV-I5 z`e5#2n=^lzb;`@Nefo5_e!aVEYpE>f@lzyly+KO26{|Nouw1U~pkj)jb}s1x$x(+? zt7j2$*0@hcHKr=HpQbUEESYQRUHe+z-~*itxjJTf2OO?Ka^0RkLyCZyWvGsi#fv}c z>Yqn4Y_O`Y4_L-Yym&J9Hn8pxHJ647Nv;hum*52QK2cckha5;YQ#TVTN zyn=TbfSC^pbX>KY9F7%iunqkFLP?hWRjN*_VkrjD? zKq1>LMFoVT8CjM)aG2!|A0x2b!5-Vk?C2s%#KmbWZ zK~!0}z=2>~!+Z4VV{0~-*q`qBue0jrDE9#1xRdre?%t)7b&^` zRe7nBxkqi5#(i_N(tZ+6w?XP;ZD5)83{VbV`3)iCr6P7OdGpOTTV!{FRBeXGLk`r& z0kZ15JP5TEDlad$B}0!1A zP;S#BZeZuGzyA6LUJ(`#Ik0zffJ}uCJ@n9SgJ(g+!FWr*>05!7g*VZiB>vgqE);-%_`O}t#P|X zki_PaQ83JU{O{5Bz=p7oAqQHO15ts;Tv?%cZUB}g`W5$xte!pdZr1a3-2;MsuPS*} znJUE1I$dtYB)rO%rIl|XQ8lENXfTlkVyjd>d;c+3rnuj@KJ4>+_~D1!rB_^Tixw@m zxgX83l`B_jo!cM}nvJ$idkW8(J5N^Ntu|0rsjsGG+K8&C%@J6iseUZfsFnlR)fU5Y zmSO$KQDUvb3ih!`mwW+dZSkaarc2k()=L)Vg5KS1)R z^`=#9S#O!DXS%G=_oqkfr%L&SAexLFo;@BY`@d^*PwmsEkBfWsWy9}~1Fg*gKq48O zmo8npTUYRiR#1RdvvrC?(A99fUv;euCf;C+N^yBDF!>!woH3f zV0nYHaAR3st?TwxHMLol$v{q^iQn2fTZ)a4LJqVS4xr2;krzZ3=P_f(IJpSJ0hZ&o zZc%M4pQlWj;^L5>e)?%w1)+Ao`qi&o?yAPt*&5e{K)E%z9<~{Bpo4J$felcM`}4^s zpX@RglH6-g64@h9KmBxj@4ffhyj2;+!8zxg)8uWmqWyYW=4mIokCiB=BBmU#i#vgKMX!2%P>R|i_}P`7#xeDqsfw+QDzbm1A*5If|0 z{Ks)J{{vUNS_NTz_2X#GN#7eM8XNn{nxh5MX06Q%&tsTIfxz|j&*FoY(y#W~h|8?Y z(D$a~n$FiNDcRG*e16zonexvdz&n^eg=J&BnT^7|+ln96Vgv)WaO*FoQJ-%+=d5) zj}GEL%-SY?`Z%djD-Kl$6$x5r45lK)~l9D7{3&S$x;OT ztG4$D|2s7=HzmIi7+q>y=@Ho54VoKpv242s6w`;#{+oD9H&tw@9$*0QDd?i;O6SUn zkR7M-{ke@JJe2=+x_s)^NP)D>&}!I|BiR9LrBF@a4J4J-?_COC1z498+lj$%O_gw? zMhkuR$L0kr?mht*fCA@T>LUpv`W3T_PV+TZFg@-?#4QZ$F`jv#xlw}cW5Fl0{hT&u z_5x4Gw{mOZ&d*U=3!C^>&D`GXS)|}ut6f)H%ab?v$&w8ipK7R z<~#5|kyo)iFZvtK1h7Uf=yudZz&v?4aDfD!?u5hScEq?A`@KOMs#%USjyKMGE2*Q! z;!4r{vd?q&bhYlEYd!&mx=iB%PX5NEuJ;zne47r7jI?0pFw2i0M~|RR-v;zl*5!$b zY_WqauNwjGB^%z2c2SK-vNg=3d2`w$5^QLI%EzzM_e7vt$er%;{!i9|2gRY97FEVjK}W$cRrS7rbv8n>Y?M~2z2^95?i9V(QyYtoApdFdC?{i! z!mk0AQ6&#`ST=6ubHJ0t8A{T<<%)}FE{SaCVr{FrNrVAHq!gD@_L-EAdY+j}b%F;c z6$pck_BmV6c2JI~(nCPKThjQ^=DQldO1}dp!(B;FHXB*iQ4J+w`XK|FU__|rb}dBwe;uk-gn6Ro?LTVhw_Kkt&Eixf`68K`8OG9j$pL~p~oC^UI6)-?!#8SjXIF)tt zJq`3dh;01({!%g6t*veB^JWdbFvlnpSye<0lw4deSfs_cNI%Nnuf#UcOG$Ig#sASg z$|b2+Xm^i*3fpsuYWWs7-$6Ox2DEm4DIX?QcC#O6b;k6N77$x4JE%3AXU`%RjDPBAmv1lD}q{1KlkQ3Bz++-T|m1>|Fq zeQNcbrJmB?{NKj96sl76QLAX)A-~_GdEVQC!s&erZ~%w%%ezt}(_fQA4Q_6F=80&3 z*jI9-$F9zy;`t&bOH4eY^hsv1P;{$uRr3*h5&dP=Z-pVWzCGwHP0>?4?OIuHi*60< zykq_yyrg0=#4V-QH>}r(>W03^flHLM&D09k4a4sY*tZ%C(YW-8I8Do?b@XglzBwjx z>+X#g#A)|bNY64g^3-tVByX?y8d~xm#qG;aNH|E=;^{c5zelf`Lcyw!0Qk(qF4=%K z<{800;@( zBqlfTT-td!e#9Yt;Y+Ug`yFBbzY1TvVSI3XRlXnSf-Mj3D2!|Lyyp^wPwjN(=63Z1 zJ1@pXoCZqAT0;4o3!ITBGp~8Hjn?19e|=LD*C;Td*3<|l6@}8>E;Lvz-(4;|gL2hR zos{`0SHh}6%E|gl&m+g|Ro_#xY|@wSF{m(p*=63*nHrie!ZXj{&jVz_J{ znhj?Xmz1uo>t$3)3Va+M+e`FN*nJNv-5Q{pH6GRafn5uY8b>}r zBLYikXEm(w8RR~h^U4`7R+_HvXbLe3yn3R7KZug;LI8Q|)!pa&&Swul$=QQ^PyL@d zxrVH+5AY;A0dL!!=ZD>xiEQRNa({B^A5PDsCQnoGO8Z8hFQIPY=8gj62&x1ap;lLE zR;qmsifB4WTQ18jGe>7Icu8o|EOYP-n+|Mj&b)Cp^Ir zh>HH%VIZ2U0Uk^^sF^^IP4(^%Jh+pDb0-k)I9-Hi*K9()K7N#&2zZ!`3*0hS;%V8- zUtX~Pi|9C|V*lt8bib(LHZyeu4!uiPI#d@5e7F(#2Bc7$Vk^$vFy?g1>VzZLT_?y6 zAS`z$Ilo{-LLx@#fkAMQ6LyQmsb4qrk}n6<>r*Vu*Q>Rj|4Ph}iQ*5JH&wMcx7`T( z+s_6l8r-)Pci|CIuR5Y%@%A`9;;<-v>EUwZSvr>UFCCW7LcT-M$Jt(-P0O6HeruUf(o=wtlKN$e)lL zcGkYVRzm(=ny9P&CZ?E9=9!Waa-EbNPVl+=Jf;ll_)BAy?Ug#>&Ctjp=jbtCuJNem z+s3l4BLaisA{1C{GX~hH7T}s9juxy(zF1c6?x$-}xmMuj>R%{&={ym=5GXy^o?Kp* z1M&7s?zbM>Q=>Q)({ydoKyRBW6qUya0!|BiKs0@ zN}|J}4W}j{e@pqMCkXy9BA|NbV3YCn_0z$J+vmsgmoS#+3O>RxlCEu4-+?R+={(^m zu%i?oQs7gHfwNoS0~VRr37qiyyB+W$R;y@CKvEQK^?v305Dt5Fe{6&MY!k2c>t~H? zc>?|_jdRhA8p+fyzKEk&t*ejDf>AUTl+QPV5=+?*9qYFjyNk)X#&(vli;BlgM5Jlm znj_?7+#ef3aLON6m#FutsmaHJ4tP?k(~B94>eFwjm=@~Kl)%8lx$25e>~bU*RKo}b z1Y(UxVF2Fk25G15m}Xs0xk8`hRO$e0;?<{4ILIkLa2B91RdqT1#h-6upZl<(p4&k~Hd55ylD5paEAar!O^-5X03 z9t_7%QVHimE)eS)nz?k`79sxW5M9xyM181Tk%Brv-J+B0Ng?w@`QothH8Dr|0BEzf z?YiB}tKZ|TNASkQ@n6e)e1||i=e22OQv1Y5?}0OiZ;*L+V5=EIm=rCGp-nH?v1
        }e$#i7%7qX88o6jz6;PiFQ5;8YmloPxEu`Z6)L* zwY)v_U|tnI1oM7!p{kC%r>yqVqx+LAn;w&TH^7=S^c=3b9>TX>Nx5xQw#CZtxGRDT ztg4OX9pU@C*-qoc90a8cI0E(r!b-mF5_plpHPUFh{WM>8K-Oih^bGXj>A1=F=){Hf zo*K7MuSkJ1=25V!BBzMr5I85`DUWU> zIxF}OR7*jb;3!oO`~V9hC)R4ud@NcsOk>gPXY6uR4grjmE6Fflliks2hl`z$4LTmS z$&gbt8;<39KcRVpv~tPSlh$7Rvbj1Kdp(W2FKIgiauq{OOOYM5mQJy_TcQ44&QEW{ z3a%g4gNlb9_`jqst3A>5v%DQ*iuO$kF}y!s+)4VFW|ph9a{A0;Pu>evYS!mlALdz< z&vrgrB(7#UG9_T@=-3AiaDYvcn>ZPk`%M%3-+dfGJ=m#Y&|Wi&`*V5Yx@6~mWzn}JO1BT0Bl{-!5g!2T;8i;L43tjlU6U z?b)MVH7x}gatnROvxGd#bRW~DnVOq+_%3!5C+E&Ej)Ol~!|O;pg8u?uMtLH5R5`nB zBUM%C8m6k=k#K4*o-}*xzDqq);%WcGB!rQIJcooXcnar$hy1GY>^Ja6RCOo|Z?LUx;9EKGdkz0vb6FDS z>o0tl{ng|jrXqMH%dy~@h=@q264g*2{j)9h0vuC&NU?hJLF2&M;a_owQ~qxTKkxWh zu`3X1?B@+SGBs;)URC=Hj;Hy2X*Z5g9r~ceOHv)Q0+GZoWM8lN=8?ATVPxgf~+Pv9ka!mE{oSJ zGuQESA?2=Wc^?B@vIu--j~IY;n*EU$Ko5V}s@0|5Pn&%Z{ErV#m@aSWgL256k zA9IuH{5fo7(jy^fb)LI*gHPmu!)C$2rNioa#s$PqdGs>T3Df`M&!x1khhvdTE@FBje5^;o3O?+LK83~V1G*#BqyNI~& zUMp`Ue>Gb_d+EmXLlL18zZ4HkF5xkr%rk!qVpu9LQ=4Ly(O#*UM>}n#1wCElw9e^< z;(LGCcncK@>~$XDG3i(eJc}|B8buD~u*&w{h%_oi_ynJMX&z|wQfICp>2VJ(L*ngg zdLrmGB7MfE#TSxz{HrQbcGC&(3YVb-P5;V`T4D7{BGjx5nb~jz@RwG1dNXa{7(JGc zl8TXNJ`Pk6ug8wwtXya(&4LmwU*aR&X9e|00tbt|48&q!N=>zxbbl!pGQdQGg)M!+#9ls(MVoGuj_A znm$_`_13?UXT@?2SB2s#1;nS(u)3=)#rwy(Ox+j=-2rUxqfzgK-oaF=$(?2{Y&RM1|~R4>{ftCQG=w% zaj%ZebIKb&f5KA8F50e7!)ep)bj}kIXTrIl1J6j!n{lCDy`)G?9D<1>O;xdN!%?=~ zS-PZ*-As>I5mL?x7nt=p{y?`#v}%CiUJ0Q&wgThTXDk0EJ&PD;_UfXSiMRpkjnkCf zbT8zSxLny(KMYri%Ribi*XR%1=6VW#6T>t6OA8FRd&D6K z6dem9D)GKw6Nuyce2oDH)`;;2!4s`TMfQIdEWI0|G#67ebOD`oT$Z~CGa(*q!&5$x|RM3J)E8z-f?X$5m z620VxAOb}asOA)#-V}p6?O$qoFrN|kMAS@WqSQtvestIR?7K`X zsc;wF&D&&G7b+!(DqkZ*mfCe)G9Csj{p7BTiW@A*h4&?!El*tZ?9?e-Z`@$pL!0F` z-KG?u{&+mC`t!M7oz%<%^Qx+3JwHZif&Y_GUal#%`O_AC0 zuG(UKBP2e=3h^@nWDA*MX$8;R`)}eWtUMG46z2sr>TEzEn&1x`x!+Cjkd&-`e7fi( zTRcTqrw^|Y);18(_7r7Trh*TIBwgU3N*u`jIT{l{^lr1ejI^d|3jljb4>nl}u(*6Y zatU(yhkm-@gA{>3+Mw~1>aC@TL!Tu)b~TqY9iMuYboSW_3)kE(==AWnodvLt9o zP~GBJHJs+AME3M-)NlR%A|f>7NfbplnGb)V1sNaT@$La^6`|f|@N&3{v}z zb-PUDaUVMmPw#Xpbpn^>JBu=rl0WQ5srWVM4QMDjAA>$Kfs!3 zXEBUd|B>(yLsrYoEKlriuK=g+&L;X6)f?p%B6E9k3X+l9DcQeElukVkZ)^B}+#Lys zR3nJJpf+DVonStge1m`iZ+2Ffd?}%Xc#-Z2kIin$*3@T9%$g`Dl^0+?2e(toPP-hN zDT&m`U5azT+gDYmh~s*V5j2QJ{Opu345k^eA?Rp!fdz z%(>BDNnFVotpjlba1yenr8Iz@ihL@gj|-YwZXNh+=vS{wI_(fflI{LpeTVk-pSNF? zBkD%VR{Zw!ip5zWDzCe@S}q?MuP#s#>m3LHQl#v&P&;N@bsMml=Pom1DC6^whf508XRJMr3v_iC! zfcJQcRknF_gY2Yrx%5fj>cTbw=6s3t(caxCO56zZFU{WfJ{`2zNlbdg2tWjUeLrzV zm2T~XG*IY_$>Y8*_cS{~q$-kZ5FRza=pPRm9h9DtZcB~E>09oXzBhP1-18OHZFi7B zTxl^q-O4tv4{c(u7C#mX$QMOm)uH!}{jHEAIw^30X3otw z`-(x5T)M<<$!$=W2_2*Q>OJT;wf7n@b(QfHn& z0Fg>)`Z=9yip;=;RBe3TJ8e@KO2TV*f&He4cit+rT?mh6*et4uM+G;uQEy1hvgro; z7i4=HXm4%aY3B$Zk0Mn%jJXiuKxI#}>S?6SzV!2>^|2uW`Z>A?Nt{;DPruwah?-O# zZA(?!($C~OXF9OSDMB@uW(_!2$&6}k8G1o?RfzStGYeq*vZ5KpKhcC4uA0IkE2tGnEw4t~Yw;(o%f>~Lui0ra#GzhY0kZ_H5B&yc^}YA@aSq;sR18cXb_LoDhPV;Y zp3zK$M_+j1mU#Oiz4zH@ZvihYn7J z4%A`F3k2SjcdEnto7oJUd;$?R5l@;yr+WELtE5D4A-+lC*;NQrfleNSsZI{7V`30k zcHLnDm;zpxxI@d&3LBns`+5UCeE0{WiX!|B_6QT+1!7y# zR=z)V2*b@Wtw3c<7F4Lhy7&%`5C91Rb)k9UqCm(85atD-JI5Vr_Y{CwwVO`c+r|Rp z1+b8f(q-dH%d5%r7SHM9RVfGA#iebDef*ch58)?1L01Jq32%Qj)5`C-WTPL`U?AX@ zhMX`B9L^$-$V58OJp90ciJPEq?@^3sjo)?=Gw7##tf7n6P7&^dhGCgls|IXVjF8CL zE=;Nr?tVESC6P451xCaN-Lf2zeh&=I%Ka@Z?DFfZYsMrho`}d6kbxFk_qP&mD`b@& zQj(R5;=44%XClK+QMyr~ zAvsGy`xnk-Px{AV*SNZxoGT!YswPw7i@y4?Wg58X)(Q$2B59lL@HcqgA?rz|T2p>8w(S$@G%9dsIH^U8Is?b0LlGNQhV<=h;HPuClzZ9Am}RG=ra!xDgL=jTWV8RPs2spn7e95)yZV&YLGpbL`u%!A)H_soG9W(e* zkPA&Jy;0xT1o%Av0(Y-=`vMA^#EMIMQwwRb2PrQUK|w1)Z&=h?ss<#zxurS+Rs;`e z-8N$cTfE&w%lu=}bk&}3Zoi}=rdTa(7`w*p$ppYEEC%BmQE7gzOq%6Yq$e`tveLD# z?PCfZ7g-Fl8hcUG>U1@kU+71%rEBZQLdzYgl9M+%TRL1~?qFgihK*xWmgp)6g7O3V z`n1d*lIe}p=d*L4F0H@C%V zT^xp_)36HMVpGs>f2i2;jaO_Sjmr6}lbkUa<5ryJ)jvY?G|WK=RfKKH7aK{v9SOck z!B)9_Z3x?Yyb%G}^|)wZp6W~K>69|lw}gjm$KbUXvAkw~c=IC0iS>LI047yy03556 z%)zp0JvD1wrcDOG8bC)=7w~SVFM6$a^fzV!L>)pw!%1g*W03K?&SG*C@m2R!aDNZt zcFSFO{2DT{3G6w>l<-Gxe4m@KDH=*0>7SNFE^_f=dfcS;Z6IyfIS?4{fz}9u(1qfO zKN-74^U}Mz2LVRV*qYAFeH1>R<%4i<0BZwEYH<5}Zl--(N5y;bn@z6U7*hp4E+WBy zapJTQKbKR2B1&{r2(z+u0xwSBXkob=0p2=8c30knk8f&gU^fB7e1-W~pbizh=uDj}U^8dJHeO zo@h|8=Hn zv67TECL$-9QJt5YMyTCk65n7kGNF zXWI8mq~b33aHCA3blCOu>+*Z1LZ%dsY;W;t^tJOTHkXB+j3 z`Uefg&Vx_c6!2EWBX!XCMvwHbxj#ON=~HvwD((>fH{(Hvdi54npNf^C>RbcyFn{CsbS43gp{Wb zdBSg<9nCa&_tB+7whNKfqW@~vje1>xnC`)QJ(v$Iv#AE?Km4GW#mY|`s&R+^=g*t* zGlW*qx9ZbGtCXt{Sdf=nLQn+u`=99NLxY^f2!bmJ-QZtRfh)Hy!HOtBSb6vG5H&C7 zG*HDF3ye6Bg`M+(KXP?UdtWw^p@$-WXKTXQ=J0I82$mHx*nl!R11)Ro$F$C?#=}4$hRTt3l)H z*y;>KI@xSgXt6iEINvr@>y`-^{#gwBRXg$cwi2)% z>`N3cay3auUy15l=!PT5E0K)VnT33rkAKr)RXuL>`tM1gn3c%(;@YN!4F?HNUHTiF z1?F50 z+?y*nSIpbDJOeB>ASRj%S^eXWj*QMq=Cu21#3MBUFx}3YTD2RFmv?YHq91%z5hv*p zlNuO~OK#431HW=i7V4z^P0tLKB%$v_MxCY2HFf$hJvQ1Fk(Xjx9L zK|_i2A!f|uw(i+_rc#gKL4sGGOyiWtQge-sF7!{QS}xH zEavod$!=Y&y}*5~o7f)CO5u;IhKnIJvOz}#4e@fR zc_(Um9dNp09=M#3&39b8hQvs%xa2&jE2+AQy`KtN^Lz%t2hv`Ml=Q zUzY5;lA2F0(Ux;>>_$$x9BkFvqnY^So+;U)&dY+mwQEFmhx*eVgBfbJKB#G-X|eZf zQ=R^9)E{j;u4XQW&wiP0%Vu!t=zJ&lKUmo-bo};Ju?*Dyn{QOf5itL=b$B7CDp9&h zmJj6h&a@7j+%3Lc;)u&{dt3LCT6lawF=fBNFR|>tRhAnz|J?y#)eVZ$9dLa5v0H8! zWO*6Sl+_UO!;fOM?t`%gv1gTG!*$69*^EH$^0-n9I^YY#a@ZQW#`tx8YwmSR2F1qlmxLq8<1P9cFE zx*CmIMjb%^^i_Ep?Tb`5CJ>oRFolFq#=?p=gMF56%rva|vfHZq&{cPkPeGZkV#QEZ0`4jnMkUO?ak#mXE+y3${&ET6VDEW#JxX|uw&Ew%Pg9H) z41WU&b-ZtMK+;_bY@UcF&V$dq!w`^)O_gb-nY%(9(l9~Zcu%hVEJb9PsOX+;@mu$h z+@Mje#-_WHX+i`t?p$Ng^&d@7_9`<#?O_v}l=79*P166b)a`53h%i zP6g-@k)L800%{>UJ4W$oh^Gl>8&s0Q=IV6Mhj`E7qwHq*O=%2B44--(B-^hy&|r(yfedvQhFva1 z!oNOt1ZF>8slbmKw^L}MQgA2;M5`AC$N^aQ7)PiNY=&P(+mIbFwJ}!$`+Sih>tusr zG`fd<&Bh?m9*hm9TCwRfI300|ft(}dMSF@nA@p^KR?Rxlf{xiR)F!1KC7&8VJ7MMO zv_^KWx4|a!{K#)O=rR80GkwY(Nb@hl0aCUyqtHKEQbA{!dqY1WWzC9v?7Pz&+6s!3 zZ+&1iD`Ev2J(dTtHHtNCTY1L2NZB0m_*ukMucT3LgS<>M_K{Npvw)5Hon-|Bs1mEC z&w!X)rH`P6-j?X2wNqdI==aTowZPkVYWc1o>Cduv^e#?l2FAS~?!#NEP%fTYhInnxEoM@CP9j^_WE-JFA1@LD03$`#_yR$Owp__gQdmLS} zA-Jmo(n#p0RbPD((%>@XD`5CP8gbg(7`WjW9dmZ5J;uTN?2SMYIvUh?8aD_}C8RAc zu#2gpKB-V8NK6`6&!9bb<9?&lF61tl+~-b3f-q75zbd$g*$S_yik{Ff7B2~n5)jsx zfY=cd8ZRSi_Ivr80N?>ljTId)UkoUUFR<ermXa#p7gZ1{zeQ?csr2pT1{S^T zH2FTnbj)zeMHQ_NEu+u5m&1EBQ#NhOD_)HtSM>Jf4r<{&-mXiiNCGzg8??FHz$K$} zR0v`=BAOLO5BCUTXyAxj+|a9N(`Z-RvyU4B`$&5lI6(4#z&wLgZ%aW6!(u~OloZI9wtY+TgVjz2Es`3Er3+8!W z=}v&|7}ZsGKbZ7)NZ2dd;QR>O+50qINHXe3(;!08+-DqE&88Rw-jV$>W zz3SK9&Zhr5Ssn@NJzzF_4b%AmItfjVjs&M)e)Ag5&>2PD=D@y+x??wg5wgls=6zy)DHE$<&=vi%dD zO<`5Z=8k{2Jb~TRzwf_*-OG1&H-m@n<=(1F4T_)*&6@yjX+L+RZgEp`vB9!OC^&0p z0lM5=9=i?tPv7r?%IKC+A#O-r<-Dki74_81iF2MzveS>tI&I6=Vh=ov*F$G8@Ybs+ zRyWt;W+BBzy5>QF}_|~STLL^a^1;+OM%^a zInI>jVZK&*^}Gg8x-&-Zc*@kU_Ts>}@~PE&EC{h_B=w2S_CB?)_R=chKV@tR<42W+ z!sFApm-}D%B^MnItFH9MKCCWfm_$*T_e>^IA;^_(;7;~~!wCVUBQ|7s^mM_Y5)47( zdfP)Fi5P{Pf+d;C(lU;jNXqeEuWkzR$5hxPP&Kfie*hefdt3#;db=(~YQIW@#CH?M z!QB;YX@HiH-4s}D7;wwY%Iew^j;fyY*#*r7ASNCe${%tt`CvhnhfRcc%1vfQ*XA(iZGL_?nFW!OOy&38ddfxPPaz@Bdc>Z>-SQ+DgbuOLJ> zHZxNE0I-y_j}Py5Z{pmTn($r|yp9#`!3^}ve@06^g#=FHa@zf&_(WAKssrY99MkTy z{jC@VPV<>q%BA*>tfySVgqQ}tcD|F9NV^72l(3M|V!{S9Wo*ApbciF#-Fyt7EPhV1 zSYaY~TodQhsjxYA&C&Rk)pxMCzuM%Bz!=f(%q^XZik07_a78JgE5c=jD;eXHX)l%+ zu!DRNFMN>0up{IVb{TRzYzQ3k&g}({iF6TNgbNR5nm?{J=R#TbyU!KHAY9qtg{|97 zFTQ+|9Y@ze zl10ZFV7(!Trjhd*MfVfvjsP69V`S#nk<_?RH2in zufkAh?&Kf;$gZyQV_aFD_$DEa(Nz?mK!2TfjbcPP72nLf+>wy*H`jxeReTiYgags&^o5)x@yBYQXuA z++mLsuY|D8{DnN}oQ@wCRqfMe9ull?i1dd&f8eP+VbG?=ASNMgCR!3c5g-JxZ5b*# zp_GI~4Z>+>&P)~5w=_-y0~;+b8wPkoX+u%P!T3D>E?@I2Hp86A@APVj5Z#=9 zWqugBDYvK0c$f3aZ;y*2(h7*}pMVeG$Nzz{XcPE$iyEd)lMDEqp;~G)d7bE&vHx_( zcXURvP98<*cW?(TD%q55l2f0{mf{lyC?oBf@O3a|5Z3>4GeMP%+!d4`h7|<|BWx1> zuyjJ1Kpfv^C*;h*_;g;eZl%zqKrg@Jn>}dh@V@G}ZxtfW`GfW5G(xI7rOESm&C}H<`WT&1;NHehzjn;P! ziH8#0IJKX-N!Mm50iSm*J12fbqUo9#lZ^30_ZznaP={z0@X*{C~l%GzE0yHpq=G9SdJT6ReJ8uS`VmV^+4&;Of&(b%gtw4v95{D#~k<&!hKR3vd(Y~ zwah%-!TAVo@!~m~%g>kq&fpB6e6apSNPFVuV&l6)bU&2>wNrLl2yaiZMgx1W!3c{} z@ntpMMOi6}6RN9(?3#aFTjzhK0aGuW+)%6%A0deQJOwO)O;fM(don;41aL)W5Fly% zXc+G%Ap)P=%XE#M=_k~;HZO6VWYQr7B43LQIeb+ZLbw^=PYP9W?Cuuih2OLKn19|S z)L2{tjNpXszHdC(*`p$%3C)Ag-3iEn&8Yn7P+e8!q{4o$YDwP$&@h7IieO~MtM4c! zhok!WUeQk*igkaa>YB~W#`-nWSe3mjT$Pi=Z=#tmLxc`!YDCszVV~DhbCurMW4mxO z`Mkhh&Q$GWko?ytBlbgG!~5i0edpU6;_7#>gr){>yz!`s$Z|;0khI{b41Oj>6tobF{iH2;r3&^!v={? zkUYWG9atzdsvf7{cZpP$G*cCp`vCzpzUJT%4uq0ehlYuYPs zzaLY9B@@Wn#GYX2m;eS;1dpq~E1vHDWFscQJog3s;Kzg-92tGBi1Kzbw|$T~TWL7j z=$Etl0P?RvEBsLs#trgF77TqkH&O;Vg5#;CzTiV(YahE$j0kTQ2sd(&aR6Hi@qjNy zb*XOhLBm!}09Ngm0U(W^(n{D7mRqI&C4&%`AAXJngYLA4??KrbQD{qBdW6$}=GR1q1 z<25?oikUxaU>%81ei8v0$Y__6LHPW@hdi%^SfaSUNhDL$=RaF+HKuW%3$Fh2vyw5f zmT2GKO-Tv7|WCZc;YyX;&zOoFl5A%Xu*o<(Pe=Nc% zJ$GItdJ>?&PaQvKApC~2OF)tp|CC@?b_t&wwW)9Y2?Y&NNCvIdFwP-GV&|SP@I()1 z4cHaXbBP=FK^|^JqDKXJ$e)Ky6;}5}VepV8>@Y=cN%oeTs}XwG5I+cl1@R#bLL(7F$zBd9Swn!Go+UWlMVCZ33=%N`p?r$Of2RvSH13 z_--^|ld9Lmfn_^tTosVv1IO8Hx4?C$*E}@NdO>p7Qg~i3MTe}u{~&3W9zOAY?P`=B zinPCZpsPPWC0vBvdnor+^|&%Pjzh<{bYYG&+l(KDR+r+#1_sx@1#(zeO5W?5=C3)c zKjXRf2Tspejtt$-ZOUTk6!bB1!zky1jlXs$a1zNJ%90vc zHm>*{I2V3j&ObDe^j0R}_&ag$Vocri`y5C)`vKg~QutN4tbF{`aMTqLCSP;Ykz&UM z<=>Lr6q3YZUFVh?%@9z(c5;d~3nCx*+#C1G#zaSBGHB$U z%c$m8MoolDyu(F$O_Di(7|OnG$5y&iP3%BYALd#llTgAWfLCcvJ)-5V*F~N9@-1rf zou%3MaP2>!Ou6FmoHJ(0$1>zJr5Wonfs~ZFBHW^do;Yhz&g{M3_m$0bcM+D)!rz$T>le$e8Mn>kb&xV#Y+0U$PV)IPZj-Any{7Qhgq+)U^OKPpGhJGe(c z7Y8rlYbqCAsbl@nI3XQ>HXTD7^Ok$`%5r9bVQelR^Pa8 ze&g#S7_u;1>fiuqFb}5k-34JsUnAe@gm-U}Yce)Q6@vHo4S$xgkA@|~hwvamMV^8# zi{=Im_EBszz3+x!a}3EZ%ZSANuq$I}P92Q;XNLJRAN$ULci4f%z;T(+>WCdY`!lsc z1DqVm0-EK`jc+??I@>&2T)odW^6XE(@^Ko384UBOS6uvMQSIJL0(;JsCXcr$ORGgQ zhO-;^|M%s!TslWo_zqKgVS!s=7$t6$rW{g9?v9g+)KJTcLu@s$Kn3Bt_WxVNQA$>L zpJ6ciG3#A@clAhL&0YD(!uhM-j{i7PZ*k(g@7>WgQlIw-3|gJbo$&VVTNBj4(<$l< zVTgY0*6CxjjQ>iB*2)ty>e$${$%mVejDgKy{NcKdnh%2lV^u#1++>mCKORq3*O*%s z=>*sluIXRoNdwhxEe{Mbbk53ga~n(Zl>;J%Ysxwwg#&a`wT%#}{wbV!;UIamvq0Rw zn@15wy7dWE3K+0h0grY*qM) z{|N$1m$TN;a%gdOO)W8f$gUZDWv)DN;zR$zkv5->dtU5vM#n{3t)+)YZKX~R@VU^& zWw${p=k{Cp{d^XmrC=TF>_Gpi;fta|m5peNhfYYFhv@fdHnoZ`tL(i5oMvfUE^QKU zfI0f#N;L>WUh7vpP)rvoyGgo*w6v==j*8yZMltL} z9#4gIbIU74JR-kn<0Db|Cyu_WjC$ z9))Km4$fN3`z2hx%gCrQ+;7V9?QS7GMgbL=qd#^44giC*Iza?V+P%iXjz&S_M(ZG; z_v+KJmt!J9$1;=B`7QAB$g-xLg{uR31# zn}hQ@I5}7rVRnO2J|4R*0Sc<|r-Adtsl!eI%9s2iPmhuS@B9Wci>M4^F~9jpmaLzA zt;gxgtfP}71kdM~JPQI$>V68Va`wAP{}Fv&%X~wc>n*_U@~<&}gnNK?^noTrf^R&x z%pBHVc5p1!OEh}z`0N1O3;6Ai!1wltC6lLf(ieiz(TjPJ_}78lh|X=s>caqXUykR3 z9d-+aGK}nv_1w#RImx_AsZNE3k8l|VwoHIV;ZXx&O_E`MKH&h~2Ejd( z^M>eixT2?!?d@&;_9+xt*UA8+T=Q0flH*d7+hqrN*{fq0|IHEN;BDX93L_Fm!i#N* zjwziNFO~RX9b(~xedoH09sWTn_`QgH^Lt~EN0}wE_48%~YAV}@=+RG(GYER&vm?QV z#z)jgqrr08JYB8tls+X}*|z>L7P|*^20lVl%>&OO=&l;&Ca7WU23`lSg7Dg<1k?EP zWWG0bA=Ue)S%^a{Pem&jN3VJ+==@=}j&F+ET`=KkhY-*5jnE5BIX3a;%EDc+dbE2> zGH1F)Kc-D{pP|f`W0%h7&0pNGR~?4Fll=mEi@C%^hc=H%ufN^ty-DRUaQ50K>rK9c zs29N97!O5MK|N<|7b4Lj8)&;E3Yq5ziOdTyE`vJR{=f7m1iZByM#sK)N(Z7^wFd(Y^gED>mpw^>d>xywrx}WH=RXQ`zi6cXGxTFt|4jo z!sIRdbu_yYc<*$b?@;1=K@jkNe7$v4Rp0jo3J6k4Bi&Mpq;w-CNQlzi-O}Bil2XzN zm+tP66zOhIx;x&!-%siLz46AlL*WnZIcJ}}*P3gtn9#Xtfs37$CkEZ3y(ByzzOdua zQRT3@xMT+6KocxN9Iv%r(phYkKYN$(RLer1OktF})n4!|GW%39>i0PX|Elm)RPUHt zL|&_Ni1yP{6D0X=lsnKJqee#k6vcFZ38coT6E)4G6B)`>rM_TCIlKQGY4zw{9)a%OPJ($+Mzf$f9z+V~&aw2BsS+ILi zRT6u(fT!o@vRRE2ov*bp2qCHL$gi!Pa@YrxU8=T=8-^~5(ZM(n0Sz-+L-&c^gip?; zu#ediIM33XKzX{;@*_gaIl-yQhRn6=h40(#M-+&k!XEH(=4W`;kMhW-^Knz_yuvq- z{`v|_10ki5%uS#FfK*v}!YAQrTu8?4j`40Fk(CVrqn{=2lP5E;Y178&tckBk)nfhT zb}m|i%y|2W?rkbGPd{eNoSf%RI}Z9J+bKTel3Lwf@w1hA$n_wwY=wpjAVibR2;T7@ zIHM5XJ+DMv>B+caH3PAC+NG!l>{ly^a*I^QkaE@y|2Hts9OT67@mH!9Bym_k#$?OL zlsj!rq51XRgn4+5Is$L`e!6?#x3dhl{VM2O1xHxJxz7H+z8y%3M_2L1xA>uF;f0(8 zouj7%PD6=d^>f{9@dFGmJdCl*8f9H%xxH&<5(ZN&`x^FDk>WlMW*tl|48XRx^iG8z zkw*QX&2ax=H2BGospZBl0#8c%7*Rv$Ld*l%=Kkh*c(TShyPu*2Gqin=CO_3Kw1W}< zh>+484E`J0DOn6?Bqp~);bg$gj6sIecu7HAxNW4+g2(DNNn8DH@#@B*lSX&_wME8i zZf7ZlSNdAX+Q0bM{DZ9F; zsrpjE__HBu=IP5wyYN#)bgXpa^ag|BDl+qxt1dR_%bC{flEs!@v%(gE)63?ALA3|e z)x)-1QsUkQT4&#`+8hM5Dl*NZwOgE3Y0qd?1>5y^gB~CSa?V}wHXN1rTNE=qxw|Vr zx6Q>e#x!Q2m)UPhTe7Yh`Nd5&t(>b-Tv1u{{=E)M0hdRs!>3p`!wylgVe0r^^UIs1m~=gqG)RT|m^c=TRa^eBf=#h(@-C-^sL)|8Wbh15d|kwq zdJ@=!kn!v2=S7qVB*FY%K`*2Dp%w^c$ z-J5UVEC|J*;|#TQ&=yr7XDBvtfN?SCzX9zR+h=@KX#0sRH@Tojy~U16fa4J@BU+;2 z%Y0~m)I2II#+ye^53M_i;6twN&uUuguF8za8;3Ily*M#=+|Deh9Fy@LiIkM=n;2%C zh^9egaIh8X6$>99Sggi0dv0}D>4^MrVK&>DPa_|f+Y!_J>0*(6@BbPu0{ zKzeWx7M`s#(n9DyP;Undx%5F2VeUnJq!iyG7|9h4dPMK-l3SONC&17N0G3`~1TaBV zq0QhHAsTWcI@(^hr?SrLs)q9^0v`41Y$|vvoX#75{$XsV$Kk6_0(E32Y|{_P-;!+; zhoU-1NxwWrXi}o-GrTTt*efqAuJ1F1NqcD;t8V@CJj(NgD*u9xp5C@tw-R=QL+ioV zH^PpKFG1B`?t7`CKCG+MST!Dsqk z^>qye4Rf<6A_p+B2*!!x*}j)I#~G>@1qc@>+RdY@HW<9g>e@X&I5*BZ$sm)q>- zU#!(EdiEc#F&91H3ZkmrM0L)f5ThD4et$UIDR0jpw|kH#`C#2>p-$R(^)jX80P+}a zjZgZ2g#pp24^)y44=nn}@llovxgUSypq z)k&Tpdb74|sIUiTQ+*_{l7mrz`wm+oV1)+z2oII?VIS2LoDFOil4m+-%-)>#z>Hp7zCyP=tuD#1)C$5?Cl>_-LRl2h6AZi2 zSrP(J@p#DPNW8sf(wTLA`LA~>7;~GRCmoU56W5w+7{w6+dU%NF>~ zru5lQZ8OLx60i4L7SkSJpcB6AtqQPK>@@N;tm?;ub(s_n zZbP#3G=7akR-FOJA>AW|x=)z1-w0&}*iSPbeJ&ofBg@^zpyQozO7cP*Z#d~rv8vvF zi!yv8G@Sz*u%pfJ*`mB2h$R;-0RYneq z!^9_^3v7$VqM1sr8s-k>Swc^e8#Mt9Y zNfElbG;UE<)hV|^!9>9bP!Lp9bE#lm_7v9rl|u z)T=br1(u^*vZSY2H%~X@Uq1A_Vj@;nsYu?&A*L+R=6kwSKj_!YT-@vE9C1L)1x68d zV@N&iDV5o77hbAlldX{;yUu=Ge`rK&rmT)k>-c(ojgeOC&Bg`YZKRblZ8>HR=-NM_ zPc3cihSaiP7=C&s>42VzM$HrEq-Ogo7fX7YqWf3#d7%>Ijav{N7~!pXH{ueXE6O*w zu}p=Yn`A%mDtl$`qG0li)wsr*6{)yw+T%$W(r$_|+v$yK(Y^u?K^bG-0=8QUI7$pQ zICrMYJ%x+g7d!N<_t_?Tfwc!t{#^)#43sS8{$YZ%wV7))*m&LY7@4&=5~1cAPs&m; zM4!hk`37{+;#jTyP^Y)~N>gB9;5L`UTHSjlLZmW6`Oyk-G9rBA1Yv~iY|vtmMS_&` z)S0d|ifkfb0Oi`|jf%~Mg5Kl&9P8&5w^f?(vi>j`Z=2C;Z}bpy$nP-B0=R#$FP`E) zSGq7s7Jh2KL*TKWBqaiai2|3h{WvDaPtu4N{rmzmqH$r##djUwX@i$?^93f2 z6!j*BLii8T$-3UN_Nt$GDON}5mm(=6^_~c}QO5E{)CZI+G?Q24l^tgTXQOAnGB70} zu8+4G$Q7SAjpJsf^2QUl`OFQ-Mz1ut%=42+<;shbyG@!W+D~i3M>3cmlcp^?gv8!m zBq0+tZnU4*0yWD!dpWc<533y<$eMnd#B}1`GPf39@WOjMu1Ct2cKpYs%_YZqh1a7G z>f@T+ZaT`B+Fl7FvW2iL@qYKBB!_!T-TFa_^_BmkU~>ijZacs0d*0#vZtA#f7}E2V z1N|7q*b6x0_2{OJ9e^EYva(ze@rcP6wFpw|addz8G<%d9jD{!R_ ze-sLn!P3ZFN_a%&{e5}AH%QiHT$!(`0VJ?CM5jWq`#O_?2(4Hhzj)#tQ(xZ=%`B)ow#0ahBt zRs~4HeCc{vdstXVQF^*$ES1o)b$lAQee5xw!6RpDfHC1`NBvB0crRLn??Z&*kjNdA z^ji5`Naqep19d(GG#$*NPNqX5*%f{&MD25uk`G91uv>nAvcml1S*l`6%)a5cmaBDI z@9ohMJ14wGi_P_;6+w*}?&<-QC(L;XH-MHqE&f@XUm=*4L2lwYl}J$M+eA``vY_C8 zmTde+hzTe2n(e$xH4Yo=qs3-I#9iClJ)*w(^z}Yc;|%BE2rD1~3jZ=@;IlEd#^NfuW*~u&Ct*7`#WZ!!P{(VV!$ylj~`pnQ{{?9PJzL zed1%)gjr3TKO6P8kaAns`dLwSD(@_WUMu zIb{_pWF!QF*=Ln9@S^1V$V-}Cel{q=GGIo}uHW&BOVFm-#pBKMST_ef_a*NBSNgtI zdO1WqA53N{->+mYvAZ_9x_CY1Hh(L^ZQNL{NMtL;jOR)0T%S7Mju=W?!simw$nvJe zYsQ`A{1q08oWoBxcll{qH@;tOt|^LcnGrk1QBHpN(`d&8bnt|zZ_Qi^aJYwhuLzpD z>xUw!VLx0PE&JwC!j+M?8Ykeq>U@B-=T-KTv*oJw$7_uTe8L#b(;lC@o#M71AIDu< z89OxjP)*kMn!}7rBdy_9k1&Ds`)21hWTqdv&}Mf3Z3 zy04q4j^eaugXc$=cK|alXkt?m7B6}5b>U)Y`Nu+mLrUd-W(nk8R0v*A+?zg5cMJ2E zu8YZ=Cqxq#=;+>;M1Ew_25qlUUlFKMeP>Y}UnTXw^;-zBpq(fImR%^dE?iWZdWF8Y zeNGhXr|(T+4kI%4ZIp3_fJbA)A#|WQ=Yn&#oT-Qurj>xL_M@26WIj2UowA-r!w2Ti z?UygUi*4ZL@TX5jBVJx@mz?h&iUyN&!*{i*JyHD;MSDXsG1fKjOC+fA6>}M$hX=s* z+d&7D=jEPAT!GZN`C(57R3svae~}^ir|6yOlcnPawLf^E0SR&Z*4`*;m!UwpDIR#G z7AEu($wt4&Dam1Nlbz6`>s1PpLh(C_4CY1E=ES)#M;*bzXp8%$MsrAVlw-%)F4wy? z`MEV6hOyg&U3l8594$oKeCUlyvcfm8#nu}6wH(p;$#*7E9(zsaT8pF}RHd)nYTMWl zld!rmCp`5#&ki`Zqdm<4eY&6+zWsbs*fYH2PFKdGcv5t;JAm-~5CkDtWk*^Dx*5H< z7DG2UwA9$*O_P~6=Zw-3K{%y>*T_PnNNCy)7QeNaE6%|tA9 zm`B63$M=u3q#oCT{L(AS1a*<`G(HuaP`4rLavn}$%^e;dn9sW=iu56GiaL>S?+6@= z?igJ^<&26U($;&lEwjjc%ka?lfj~@3Z6sernqhUh4bUx`SXQi z`*^us=Yljht^Jc%-xq;JWTEt4PueDA`IyukvaqDqwohjt?xaIEjEjc+ToF{9nq#PDW za&o@c?6am(&C{e(MytY0?-Cv8YO(c5HoBjjo6Z=Zv2czNRQdHf58r<02h{i3$*7!L zKL%%$N)%;O29e|y3Mb5fgDC!Lxg^;f9~;^nZ|#T@rjH6{@Xbw6!SKz_W@ZrS(V`sX zQN=;pT0_JvjtBuu+FgCC^Xod%XEeo+HBzRc_ARe^uQ}&z{3zbPPVtAyZGy)7_fwRj z9qi=Bgdt z5s=V^U&YJCOt~7`D)F0xDb`GU_rAkqgO5*{N(etsJ@p1l=T0u9!|#bo?<~1&sXUS! zxvIn6dm|cKC#Pi@f-R;>eHrp}jzLdM$UrZmi>D6}#R_iGjP_y$;XT?(;C!jN=Ekku{tyS9-WIDsO6hbY{;<$Mdh=Jy5_#6eR zc@U9Qvq}uYA&F}HW233=2x`tul_k~pP_HHpql=d(D|(hX?LaZMEQ~L$6kslvB!abN zII#!)B02CH&1oJAX5sFqBGW5iY zN5nHVvyMz@hRC^nDu;dS5S4MBgr&|3dF!ZV0;z_StrO!Z&39it0ee4i)wTCGlWJWhW1!bPIoOJ~TBVS|^<=7~jfVcHPiXdvIo zXHmN|L52c)I2T!OQ^jBd6#IBpO4QMaJeiaY{^EAWVxMIS_Iiqn*m>9FU9#O>tiBN% z$eEZBJXj|135EBm(9BV8gd7ws(Zr;*cF?=+EM2W9l#UNB7b*0FY7>batqAFlRX4{FH$5NypO1@iE%GjEnDRIgm`BHSzb`7xKElLat>-7-^H$?$w*Z^=YD^^%=x1JI>yPtR2Yo*M^!|pZH@9m8}P|bi6SG z&YJwnBT*T3qrtP?G8JbqycPDw=KFj+99DBb^O<+%n|c(MR<5M%61L0N`_ynZ34){@ zYYB!cRux`>XXd79C0_f*xB-(Z5k)Gnq+|jg<2Ipc>>?bFZ`Aj$l#~s@@1;Vp7Cbuw z(`@%152k8TU))=MQb^aU82QMciq9;;-bjCaa8Tept~Iwdk3s9lkbr~FYH0%V5zxy4+fsXi82`a4|7_E@-@^ z*-6RVhrd~2s$MYa>(b;Q+lB>8;QX?RkTl{!FxUG49g^AehJPI(!Kfeuc#a{nP_s4s ztXnk^?iv5_=D!~zSSW^4zRBqEwpSPKM2)tf`bw6f*UPI{*WV3uRo3Agviy)89ZYIa z^?or_RqN*BGAU1oDt_>-vk;^Gq!}$oD>Cn8)n=EX(-lgqb{PA*dQR1;bOxh?%C+mY z>sa}AO3Fe`&JU~I6_iTL)gNpVRch?!+~$|8cwLU=cxQjupPNH+@B+ulp zhte_&KQ+oeGGw|_(qzs4;F^(28@y!nFtqpZE735MpCHAYzaHpP zCeia*P}MFUYJB+`RK=~u|K@4j>cOk86e0g^Bt|$HIWx2S+u22~HuvNR$ApBDq0n-x zT^>QfNyNJqoB5l?4)r;{wIW$Asx0jOTIvyr6j_^NzZ&kCM)ym*!qraGlfD=ot;%73 zYttVp^(m@W!SwW2#UFt7hUTXNvufRWS5C`I@5N$hoFeM&`~ZhfTarCdH3TAoGUfaN ztMAa&=q2O72U$eS`?9G>t>&!X+r0R2Vx5J|)8JUsYM(Qr&Xsay@rn+fl;vI}Rc(;9EZl{Nfoa9X zs@pYWwv%XXrZ3$wM|Ek1^!>=rR#`r^iTv?6pT3wou?g{y_?I3J$6Ee7I@CgIDt1&A(cw@^d z6k}^>)w5Et8!fjv+|GAv(o&9v$uKN-XR3N~RKH1kcZJm<&EXgeGe&OLurZTeeanp< zRB1%s>5|zCJl(b&&6C0E^L~rzLn-TxXg*CpU6hzsouw)v!u{#Pc=bP5_C_-J2qSFI zlQ#X0DW(Ao;qBPqhUK@Md4Ju8aH3XiVER75jwSIf#P@OCd%f5BAF+3YI{8F2O1}}v zs3levD)XLivrp`-eFT)B9CUe6P+^bIzx-?2zz?1Dus_Nx`Ky|0cJ^lKMxWHW=Z-LR zdF1R;9mn~t(^6AY7fJiu6{)d%q_6Wcnhg6Qp#E4GMFpnGSK533jPQI(dL0QC+0X;) zFXssTmwX60b>!Eh#8Iwqh^K0`HoEU6!nPfHb2WY-9JimkE(+kq%+8Aj`8t=#mt`$h z%ZqU9jHtn*F!)%`R!=)HTD5~=vB`#=TX1gPb@;XZc8s4*@&4Jfu$aNrK49kIc)|Ox zzD8ADVNa%uH5;-f_!e+&zTj|SEkt?a-m%f$uM(JJ%F zsku6PyXhZ?PS2M`ZGzo3yO9n181YOV`Gn^t>u4bvZqQZiw))&M28?B{azY4!jkA?l zg3e{uYI41dlU?nOs6Zp(xmkOQ<@74z()($gexwFT=s%_*SZD}IXPuhUl%+;iR<^pX zVsiuHLp&yq#3o08nHsm|U(TkVzcarXz#@{oq$jN*R5m|UAfqX2CrK9XXZ2nYEIJwT z&WA%ZV6>hzfZ`2{i-TnjKxc(*rgmTYNWCpN_N%|b`S0n7u}tW213A= zCL~j}M3dH$R}P89r#XGs*Y;rOl;>N6*6=6p{`Bj`P4~s^iK2@2p?TNMArh@OAkyfS zdb*XsD*eUv9sEi#4CBNDM6{F3nU;$cRDH9czB2d^io6LS)&K1_p*c*G(c(0As~?@~ zDzepJVtDP(O7kLNKhO>+3qmvdLfPqxNh#hiJJU^1e*1|xDR=W9_OE2>>Fy}eeJTVr2!NQ49;l-e4P zkQ?i9|9hLMSX|>`IlJG>vNP1VjL(SGo6HntQ+mtq!0lOHPZU{AuWSk>K2z*78-wTu zp^=rxhENx|MUhS%R*pW6t;qSpDMs#z1Rb?L(cxjeJ@!>!v?@Vz=&lY>5dzQ0f7>_i z)biC9s=WC<+(Xp$aYY(sa|@o^FQAiEb8~W1zt<|Hs&7mTrdZ5xDOOwd8%aC(CW}ND zZ;co5Zrl0pF19RI^M=KRg12{ry_7jw;&p3I#H`~TWpSI(pfpyX`1}r$RDvpQ+krUk z(PI#3{)4$AB|fkI%2%yBTDOeqx4el;)UK8jB-KA9;;5XkRGT%;PqTWVR$Y3ucdPK4 zQLoB=67(?e*|g@m%$QzlEEPXs>~nbL)!_IVwrT8_n9eO+N z*cXRAWV?V{s{smLGhjR{#O-|VkbjAbB+cJ0H68!4^nZ85O4)j| z+SvJoNy`GeJIZNqBxLACef_x8NNI?XG)$=-Zr`;-d|!N#NLQ%m0tWuSz@R}yp9mmi%D{)$EHjlH*VA}r@x1?p(LnC?^iK^U?QsAtAAl+kzrx2mN& zi)V#x6ZH<}Et>ZL!gP}PK#MH}vQDEZUNz3L)6c!PlOu1_youBhwqFc9`)`i`6HNj8 zgIy;5<#h9{Yv^FoVVb4Gap=d7PWbdXbP{~Un%(;6?Y!EEcozQFG^>xYroQRZMrwwB zi49SzQ!q52-on{F57V9!6TD8Y5jQSx-~e`e4I7qE2x{C?fOZ@|sF|9`m&OB1sYw?6bnogQ~MnaH}f<{EIS4proYh=33oyR z<&~(`&JgTfkZ3G-J>8lHRlX*m#vr0a_{n$7*K~N_vGaAo{r+wBgp}Y*G4k{BuGZzZ zC4Oe6m+eNpImnhxE17|uYYbSFlFv`pCV;iW??>Qa8J6Z~3jx)Z~A z>_6WG-oRs6Q6_sFb~zR+*^q~na4sS`#~XtjU}%5GCq7{68+OY3k8(8G?OwtnuV=gb zWctr%{uQ|eOTz&b+A1Qe+O~Xepb(rIWkr(s;03%N57v)T4B}uk;s3VyUndXcIV_xm zrcE0H9Cok8S>%y{+0#mBZRK9Wz5o%s zS={)Sw^Y}UzZkto0+)HFGXCZN{GE)><#pNe{Z=~OgJ*Ho3b?fA#SBi5rloS7cs=z8IO?HFL=lZ|2-vtFDV6$&Cl-?Zfh|T z5U=|?N1*9A3*MkHkbQa4DWSoPE>k>-aNKA*_ODxm{t&GX7lck$JvKI0i7?XLepb4{ zP7QHMi;iyXD+$AWo>0BPE`7MtHTp#R?Y*I-4mf~X#GtfoalvJigclrLHb{QNr5tz- z_rpHo|LmT>uHYgC6VqV5C?Ng%^=tKN>qV=905M3BcFO{X^@4?ZwFOJ{{#@OtuKX#;n;`XZa%eBxyPT_QC-{WmEf zXqw-nj6p;d%l>2ynw7pdTrGN=Esk)=96FFh9Tzt6b;9RAOa{=R5gd|wCkv{G^V!a{ zrz-GrFM#NY^(!HLlE_Moj;A+icMh&vF-k@YtNW$?Etq3Ks=gAGUd=+KCqRXAX~GM2 z!Ysm(aOZ9m&A2{nIX>MefvYc%N%^J%(MSpq5fPTwXlv2WFc(ANm{lIX{qy`S3BqIa z054PpzI7^<+uq`6?c3RI&7x}|i)j$0W?_FE{pyS6)2;D}nJRO2@P89EKCF7PyNfkK z9-7FL=XN1j)Q#SGkLRjP(NRyqzPa(mB@8grEuraj){Di50 z>{nuG7~4jNZKZ2ayaR$gfn$+JBcY$grj#HmBkH!ZRp!RDX&+*>Z6d_sS06@rnaqNl z#|jA3hUGvah}n1n6zE!OGQH_ho{AC^sVmLUCCT{hzJxL zs_w+ys#K(=3S@GMz!GcW>r(@<%MYKpB0rQwa$t0a*oYG&zKzl`N@ql!F!pEhy@ON? z9r+#&unnIi?5aevsS)3Sti!Ce*R^`X*^K!vy4QtY{0nssHO;T{bePfdkytA1&;Kxy zF0XZZB1r_|zk{v=YxP>2%;gF77Ece}^EvxlP}H(*2v)t3YpB2ZIO~N*RhjQbJ3XZ2VY&);AOg6!qG7*zwm0SmByVQDVIS!6!=ENf z0F!%+l=JDofCivN9}|pL*056dU%81pALRrNV+z4vn=5NN#Ah7OeinXE_%^%yEo@yD zOJt)3wlo`Nt=Gje;x!P{-YKeCI7+bFV7Wg^Y^i)+T-%Na|6Fon9rRE*XGXbQ_r_2) z1qd=Fe=VBA0+0T}`jqC6N1vu?O!9_@kXWLBg3a_7Dm-9*-vAT*kWDh+AISIn!V zDm}%RhNxD!Yb|pwx{o4aHh{rKmc7vw2;vs3h?l^QAGFm6+sJ%ojrWxi5~Zl6yWZ!VTgL2Nd#yxI4Au>`$7Ss8-`4bhb`pmb4tUxMsBa51V1VQhKohJU zYd=LCznBJf@EOgOW`OzuvM)PO__%m~cW!ISy?LVnrnw2MoP!b8a=c);{%GVYCKLgm ztoUCIOBqZgKEH2JOmZRb=alLnz3^ZI$IC&7K!Dm)d$o`;kIVJMSrVtYWob{Or>4 z!y{t60Fh_ZKQwg3XhC}L+sD<7Qe=@pUasR#Xhf5dRajcr*7JDBom6tiKI%t8q;ah029`@LrptS4j&|8sg<7$5uR%ao1Csd9 z7rV0}v!SN`Dtz4UwX9HJ z0~iIW%zepCd`j{F4y%vF8^ZYKW75L+cFk6rzME}uDgp1*=?S_X3+<}lNIh7@Q~K;B zd62oowq%^V?zmkJB0J+QL_{aud8aa7tjRmMYue-c3hbn%)aMcJf8R;L806^tAfs*3 z;J90^tmV>`z@VxZghuiVOJbN$$2X}7w0$W7H?s}wZZq+Dl;E9-$JI&Mq?X$t6#EF$ za#K)HXm@AH>O&v>Y+yY5k4HCn?OpdRxROTZ)5VEAD9WzPl}gcMX&z450C32DUp;c~Swsl0hk94g?0X z`ceEFqwnTHm~jROvdd!(7ps$c6AVckvcL|pRe6WFKVX1-DH6u%B@igA0y zNllN_@rkeRXw4TI>*DF&X6cZ~Kg^!5v(JY%?{GNosO%dxd)~Tcuw4!D?pFd9#<*1C z1INhzXJJ1JAZ(^ZzIs)x@Bz6uOXI_EQ>4ak&j(1Qr!+LKVbAOxIIS0U#E2&hk5E5a zC+R4I)#Jz##jErcG9qQR8Uj)qIZ)v-0Tb25W{=&oS?hDtGChYkA8BODq0^HjW;_A$ zw*w4$xZ>m%tt_}0aXzhh$G@C16fFA)EdjVD@Ocva#ah5Rpz)g|X$(gK@U%>JXKQM} z@9JPxU!;$|-d$*#MZJUSx{=c*Id2M}6Q zrMewEQC>IMcy%#K>&$$RqTqLss^GU9(|TVG7d@`eazm6fl0xFF~ZfVxW$OEtP zcy9*x+4}?GHjKfs+>+Ao%E7n&p9EATS49`09u`D+mk8S&sHSNE(QPbd50VchzmtLA z1|-q-n6yf48IJMBGg(3V&7mrwwR}O`y<98zK}M$%z>Ud;t`ww6;+9aP99j??qzB(U z`IoqX?lgCrQk^z9vO^c(>KsR9I7yrq7}{|Q8K0>8Kf^5F97tXbpjp8^H)d#I7<-JW zhr<#UpEx%NLBk_kD<+E6-C_p# z%owH{Gh!~HI-5Zjp@Z5LkdXkgl!!Gu%uR;Jl(7cN;~zJjFPK9G)>xR5xxYQ5j3xj8 zZ=lzt;g1zw!}b9+Ij&AR@HD0$F_O6Hg>fpnAG?C}tN!pyp+#J>1nBgr`(S1Un{+Zi zS=HgsE9sq#$>L~4(@QFgS*!yNe?e`&RQFYfS~xB*lGOy#uT&hnXWF38=FSIpg@bk- z#6{IzVR%HC5CU5C$57=SrY&gYQkR?T%)9w4iO);4TF+fK-$*e0c3R|nk>OdSm?4sF zpXNKz;Nq`TLdziOc761wN`{c(;MFCO!8s#_Vn~OEz9@%>K1&`yLz_xUvi6&l0T;C6 zRLr(axrymAe6oF&pBaa1mE;A$g|}SmcU9GcEh;X%@ejR7M!=VES>QQBMV_f~GE^6- z@|%77?2Uosdnp=3G?!IjhWIws6Zw=tLIq=}>=`$|r^dv7{Wc?0EWs+EcA84b1l((( zRyV9v& zP^?dm zD@-T>zI?MM+7KJC&3{4wCgk_U8q-&&+nbspn6AN%s7#IDQF|J9Xh~-&_m5|-TP#6m zQdQcAAFsi2sCg4qXF1D3mV+8*O9!+x%U~ZoQ~`dX$mMuLw_<`anhL-S?)KciKU^J# z2V5<21`w=*iZf1wmMaTr7&q(&g_7z4D7aaI-tJqloX0IddWXYojBZu8O@?#c0QCIX z1!hx3;9?d7lV+w8b$#+n{{V=l+e6+Yvl8rOM^HvM?&*o%fc{%4fHMc!J(Q|E)( z2co`uyumbHr~lG#Zl~lH)^t1nHYpC_Z$C#=#{TM;SITXBi1LQu`0d~1< zTnDk3%4D%-k$z7kg4x{>c)3jo$u7Ox9;fkxsobN0%QQ~ZbWG0Bp38g{1n0oVa)I=Q$8SvY0Au%a^QQPf&-5h77FkgH;?G-cAFIY0bnCAYcHDT?sG&1=A2fGzLln zMxa`oDz8wnaHFVJbl9kE9l(fhQi+VaT_0S_2w(eicU_ulPKsqBJ-X5kc zIqolshDu2~64k&(ncmo|(p=_WVZec&?77_f09K=1QItFZylef}>K=b^Q$ie|8Xl@5 zd3~I5Zvj}Lij}S~9$Ki{%hpVNf*Py~ikHET45LD)OY9|E5dL#kgnp(K{6a^J zp5O)Y$TBJAg7@E|%0P$lLTGAI($91LnET%Rxe{%`1~8&vXOMG|FD9?D1R8d2V3XR- z#X0_6&GQcy308)yRj$yPe?hnIyf=-o&h>K0S7PaBsU3p#4Pn_IDBv&Wv_=mWkFV=% z_n*7a8X4nFAswD-eAv-LYqAVJd zPGBrv#PJOe@gHn4-2r^B+yE=6_e%i{uETEOyd1N=rW#Wy_OUK>2cX@4dNaez3TkH& zNu66aKN=O6haz>xdi&ckm=^v?yub{MCh9ss`=2e|-!4uxxj8+5n?jrHI1Z{a32pCfbRd9@@P=u#0u%0D9>j<0*X zIeZ?|e0{oY?Dz0-`PuF)UhQh%@yC*f#}VK;nlqJq{(C)84w)aWmYNCJCoPXtMK_=# zVzD`trj#p%yZt@WFAel5P82FL6#@f=_vz5g=kbd3{oQS~$p|G8n^Cw^l~$v3nP55~ zGG`(<7fhfcVIDc=KlHx_3wZ+SZHVb;>rX7iO5y$GX{q8>U9XA`W-^(_NlX)XnrhvS zhaHa_0H-pMCquOTBR8yub+SZzF*Y{#=B_fPIqgmTV8vj#AUiv|Wn0syB@L+i(Z;xi zQVYLI)M~6Oq10I#kZ}%FVFY%2hRY;K%sy^3`lnbpk|bRZQf2+0j&%pC)pwv#v(s9f z(iRkeR0A}=AA1WNyK|z2KfRLC6G%Uj{F(IxBspVSqsi4_QAtEZ#4#vl)iqd6qd>Vx zZT-cPN|-U2A^_n8MQ{&dEvL)73V`{Z?|~u<<5b%~c9ZX|4bl1g7(PwFrFlL2wK%#+ zi6H~`iGWO|9yqVx538N94v1~eKuSUd7}z4f#Pn2p|1>oHkrQ&dH$RK|7S0os!fj(9 zd133#5|gMs06O7~1Hq#p$?k%wSz#nY_7uv#ia&b>sbv6B_}T4pbA*t@d&F&KIQ$yZ zPIDC~gO8*Q>DZnusR8idl6}^3XKER5A=?u;A@_p(QCZ$WROjv?jtv!KrK!Z=#b6I` zq^Y5qjsFktv6SZy@;@`s_zut$gYpdd)(>q7JGVeI?qS0)qgrQ|JKPp-L#@Ek9>-oh zt*a}*ypqHY#~p0o&&s%jGXbcd6V$9^Ljd14>oRF@uqzH|DFF_6Ir#l^X*ooWtoZ8w7%z`27cm zC=czCx ziY(Ttu1?4-u_CX}eIFH|l@b!U6h$`k`onw$W5L3kY2m^%9mlAmi0C$!MNVj9)S85s zQA9f}Hco{rH~q07f2Wq-BTLdr;Fb{L{o`T&$E#pdVQ74ogT(vRaQ2YQHKQ*4WMA=> z1%$)r4B?1>OTYk`_4zxd4kI(;k2P@`7-c2cYLxl5h6j4ZFYB_FTN{o4e+)nTH?xtf z0J*xCE=LATNl_KjnXV}&^T4G>pyN+~y(8ja!IR`G3}uj0X(JSVI}x9eFv*L4fDsE@ z_BbDUUbEW_;oXJ>Z^$#!VlYta%_0@W@8EU*h zMkN6xZU(|66u59VM65QU^xz%f&+$zQ8SB=t0K=!RD_}sPo{A;!`h|<1g)reaFDo=c z^BtrH8&)HEE#~VTIE)7HK~C(jE}{Vh+Byn+>uZkye47BpFZ^yB$;LYXUX(&dL4fSQ zPkZ*w9FlQdpGIrj35oYx;4b!b|c_oj2D z;`E!-DtjP_Any=c8;nlo179%R?=f_$A55f?)klX3U~wCw|uxlN5jl z0Z-DuHBn@q#^X>9?e88ExVCt%^d>V-&rV_Nbsj*nY+~7*zuQew@@6C*%>{sk(RWS( zzxcmOGWb@?eP)q5^T}dIP-d(O*v3W^8bn)wm?M^S%5XBmv2}-I0TtK9qJImdlXrmB z@ELb3fih@wgaF#e5m+`gKrur^0#NL#B1@t)Vn`zV?PB;(d2D_=j6S|nOMpTUC#3!% z4owbdd1E~avs5v`>|WEg0)Y*?<;+-^$y~*BdR*LEVrQr5bJg;kG9!VP#j`#3i$)Vh zfODttSH%uULCBPi+X8IZB@0BO?gy0B(kz6MO@8)mgcM*%|5yg#-~|deR}G3CfENpgHC@Yec6quKuRn?KCKi^CcJVtr2UMIr}uJR@@ z=Pu@ZKXRp;lEj!R;C&*HHrNwZN)MdGsa4!Dha1t%;n}^YTwNl#inUujKT#7Ep8Y>< zU3oZEeH)IZj8~S)R+da7A>@scp={Zrs7SVG$d*v4u?tCLOHFAZr3G(8#x`WjE^ArF zPPP_nwxK3`&(R;R`M$5K%XRt3Ip=qNzvsE1`@Wy&KrWt0|4?)*=z&I4cxGM|FQ7|r z6=9)B=3R$jLG2sDlOM@MiSc8k!V&st$fETj6KY-)fs%DK*z1zR%s81& z<{w2%8)%13Gh~+rCRDbDp-+mRz+I4gLs+-%kV-vut2e+jf6G*;Dm!7oCy8J?q7(?^ zFGL1J5&UY_lxeqHn0+%HxQI@e&f(!oBhPr=0a1R!bLZms)*2P!gm>Fh6es9tixZ$( z&IMPXr`k&b{6JNH%RSF;;REafgqkFT;|L&4)Gp3jqGs;_d<<+kgEZFt`~MOv3c`v@ zlK*T(BJg~)Y$xL+8GL}JqEk~2%sX!NaEGqKm{0|lk{y9d1jew~>bF+aIIl^x3<%=gTC-kC_C>2e7_o|%c&S@ z;iGTcRBmJ`u&JrA__&RE-wC3$nudWJ?S@%&_X!-p(Hry_JsnNpJ9TtS zWs!pN^m?$+7F8|5&>I6+cZhsMxE;ptMhIC&K(%yqNF>cc7;*tTNkRCZl$U?0-t@0C z5aSPb7L|vWJv@5MS>)f9K(O>i)|cMp>F)q^n1LF=0C6Fpp&w9cF7(5^FFY!)OPM;w zlUpPhN*swXkM!Y=ABV)W^bTa3=Y(jkwC8nDUiXlpNa)Uhx0M6!(%tePGZg}nuw`6v z;d1NLKxru_3|bM8vmDvv)otXvll3w{1-y}QRG7rN*MeoWz-ZLsyy4nzP|}nn2}Wf` z%L0j$ixBhhp|9z_tTbcIk3{epG;_z0o5u%M=u{$*EM3rs@2}>N7kB2Tw*w@+5*rwa zp+K%vmImzD{3F1PFW4J0fQYfv5qoA(eR1pi~Y?~Av&T= zfk5ZCvr)J#xi`zfP|R7TMefNW6+kJ%Y$e57L%ji9RTwBS)oion3o7Cq`xz&RM9P(v}W2YVB@a_X-`3mT{x;|-At;K#Lu`^^SMr(5Q2(Ot*os=LQ> z#_IPLHVEx^{@nNM#tDcnCEWkq%+wXRr4aDzs#urr`yiG;UIsz|t7R$8kw9j=a3pLC z1%RlJE3s4lO5&pheD-7KrvHP?Mq{81yEB5MF_Lu&ityjCd(3WNr@Gfo5 zQsO-nk>d-y>1G71FhS*siom+46O228H7DIT;ogyvC|K2?`V=dP z6AtlVVW(cuUNd$;$mlQj{oeA52x-x&4xF=hX%Jc%eba$X`5yOP-~-C|552hCMUNW0 z@B}?_5aAlucO9%n%qyC3LCjme(7(+bW(5WU8I%2%{_qu%rNxjFTp1k~&s#z55MVli z_x$2rui)MRu8euc`2{ie-nQs14X1N2oGz`0EvMLfKedze7yq8~OC?ITH4Y(mkd*A_ z6egIgp~N0~&ZaE60V<>r-({H3qdPSW2W*KJt}Kez!(Y|3lt#&GzE}G>!V9e8JxJ~Q zizaW}bn7p|Pfq`^17v|D+Bb04I!EN%%+pqXdC$R6(VLrMR%XJm1du8Bq=GG;x?=UvCLm>6w!Fu zHX}$d)>mvM>e}P0r+^R3Hn_j13v7G-V)>V$I&ODa05;JPF-8k}6n)YgbmZEf8~~-R z+Ak%6QRIv9K<_=sGuA(N4W#EKQ`0zs3oRzg@Kt#AG36Fw8wVy_0bY#MMzcAl2*<<8 zYJS&Pbu#BgsN@`CUGzWZmG5w`U;31(Nkr+Rnq!tyV_0`_Lr@}$@B0o_Mj%uH&~!=E zV;yNGH9LI2?L_og+#6w+S3KkB-suuX6JiHhRV#b%Uh>nCBjYncvhrY!#{3ilJ50|E z9u5uQX(2qJ;do?N*{3#oE1M;ziLKk4NJd=31uf~2X&GmG)WFqtjE!nv!{w3YXms^q zY=Vo!;^s*Or(Zy6=1H5pHV0^z^-sp4HZ}w89CO7wk&9E8DVEq7o`ZS=TyBR7$NqVf zHSrK@9sYeH{JfBXfkBq)RDOk3Ip3S$3Y<$RL}qPyO7V zdV$yKOwx_*GC94eb0TkrqHrvYCu4Bd2cQ>cT^^k|hLw=0;`TtMGr3>3iRBOe4Hgy| z2~(RJr~OV!KEv0Y)FX2-WxBO<^4C_#f`TuzUs2Y(<^J4`b|M_*Hq4ui%&UbgSco=+ z7HpziH1sR1{hfb*V#gr0y@)XvWqPJRSY;Q2RlZ+zA+Nu6oyQ3Bcl&TxA`dXP|6nF8 z{=h0^@wr#mukC@BM@SYjEn|92S2DV@0UxV+ZR|X3N!79kSEvkVC2?>{y!HTmeNtYW z&hi*3ECQ%%BU=7u0#xUKUxt0Ir0TzPDTW}TeChqlOzibeXd{Xr4yfP)?Les-bm^PO z!xPjiRMgfzeX!P%XWlbI1!@lO$N_^drsl8aMZO&zUID*lRZvgjx^erO1MU5e>VN4O842ahcknrga1{`a@aS%f}- z`VLKJTOe8jZGZi>d=^Ft+9ZU9W$qStM3hs+4Ksaj2BF%Nd}c>ZG){Y#Z4wk|-(g<_ zPLEbomc17SM5_0iI1lhqgG*j9Qw2@9^W+uLz-X2P@oGGK?JYbKXG7cU0JiF zz8*N4%gm=p>Ia>(fG)p6YFi1gz5ND7P?Y+?jO!Tok!vkSCA;LPy>^J#m)r!VnJg$$ zdN*?ljZ{fY+rlS1&0gqoGGIjF1+ejD*@A1bKRN2zYZ5eF`~q$c%HBnqb?6e*>CWLl zAPROPW}9(}XypDlDu#vACU5~9tN@z#f8hhCLMc7u@0vJaaUBw;sqJ-)QMisIPA= z^3XSK-tvQ+lcyQH2py;q-^32>c5uu8A(z&ECSX}`RwkJ%x&qesvrR5^WK6z^^TLxz zBtH2}OktO_Lmi0%wf|BPW_(BN@JVqXF#L1YcMgg zeP|VJETbXc#L7b7hAWfO;hISA`T$~q*wolVD8q`qudlz&`6i<`vcs%9OQ zrG;$V8AvC31{Y1%J$KLBjA{*zPvuh&*hj5UbD7f^%e^Ur#6zmh!!+Jwa<*<;RSuiJjS>0lHuz{mm zA<~?y2a!TDd-l1`N~Fk_-G`eorvHp^ae_?HUxm-vUcg_BXltn3}mvwY$P(wf+fnG429U$~*@1RlBkJmC%d|Xg%^I02X6k`AyQy)FQG|afyqjh_eBe?pg z9=7tn6grNC$w8Z;b}@E_BCv>Wn04OZ(gbxA|y#9+F^Kg~#R0 zoLUSKF}zTh*E$lR#nOAx16|opJqTN~K{A@(C+Wuc0XGb4%Skn;(g$`FJi+AVTi&9F zTSnh`EoWWhLPY{Pj2M5p31c4>?tEqM9M6V$_ueebB2su7>x{CctZHMq*>@>Z!-j9Q z)K_q|lbDW9xCR}44pV(QLG8GyuAjIajSYXIRu^s-ix0Aom#=>Px# diff --git a/website/source/guides/authentication.html.md b/website/source/guides/authentication.html.md index aff22a8ac480..ed7fba64ee08 100644 --- a/website/source/guides/authentication.html.md +++ b/website/source/guides/authentication.html.md @@ -44,40 +44,83 @@ This guide focuses on generating tokens for machines or apps by enabling 10 minutes +## Personas + +The end-to-end scenario described in this guide involves two personas: + +- **`admin`** with privileged permissions to configure an auth backend +- **`app`** is the consumer of secrets stored in Vault + ## Challenge Think of a scenario where a DevOps team wants to configure Jenkins to read secrets from Vault so that it can inject the secrets to app's environment -variables at deployment time. For example, Jenkins configures -`WORDPRESS_DB_HOST`, `WORDPRESS_DB_USER`, `WORDPRESS_DB_PASSWORD`, and -`WORDPRESS_DB_NAME` environment variables when deploying WordPress. +variables (e.g. `MYSQL_DB_HOST`) at deployment time. -To retrieve database connection information from Vault, Jenkins must -authenticate with Vault first. +Instead of hardcoding secrets in each build script as a plaintext, Jenkins +retrieves secrets from Vault. ![Vault communication](/assets/images/vault-approle.png) As a user, you can authenticate with Vault using your LDAP credentials, and -Vault would generate a token once it's verified. How can an app programmatically -request a token so that it can interact with Vault? +Vault generates a token. This token has policies granting you to perform +appropriate operations. + +How can a Jenkins server programmatically request a token so that it can read +secrets from Vault? ## Solution -Enable **AppRole** auth backend so that the Jenkins -server can obtain a Vault token with appropriate policies attached. +Enable **AppRole** auth backend so that the Jenkins server can obtain a Vault +token with appropriate policies attached. Since each AppRole has attached +policies, you can write fine-grained policies limiting which app can access +which path. + ## Prerequisites To perform the tasks described in this guide, you need to have a Vault environment. Refer to the [Getting -Started](/intro/getting-started/install.html) guide to install Vault. - -Make sure that your Vault server has been [initialized and +Started](/intro/getting-started/install.html) guide to install Vault. Make sure +that your Vault server has been [initialized and unsealed](/intro/getting-started/deploy.html). -Complete the [policies](/guides/policies.html) guide so that you have policies -to work with. +### Policy requirements + +To perform all tasks demonstrated in this guide, you need to be able to +authenticate with Vault as an **`admin`** user. The `admin` user's policy must +include the following permissions: + +```shell +# Mount the AppRole auth backend +path "sys/auth/approle/*" { + capabilities = [ "create", "read", "update", "delete" ] +} + +# Create and manage roles +path "auth/approle/*" { + capabilities = [ "create", "read", "update", "delete", "list" ] +} + +# Write ACL policies +path "sys/policy/*" { + capabilities = [ "create", "read", "update", "delete", "list" ] +} + +# Write test data +path "secret/mysql/*" { + capabilities = [ "create", "read", "update", "delete", "list" ] +} +``` + +-> **NOTE:** For the purpose of this guide, you can use **`root`** token. However, +Vault team recommends that root tokens are only used for just enough initial +setup or in emergencies. As a best practice, use tokens with appropriate +set of policies based on your role in the organization. + +If you are not familiar with policies, complete the +[policies](/guides/policies.html) guide. ## Steps @@ -94,9 +137,14 @@ In this guide, you are going to perform the following steps: 2. [Create a role with policy attached](#step2) 3. [Get Role ID and Secret ID](#step3) 4. [Login with Role ID & Secret ID](#step4) +5. [Read secrets using the AppRole token](#step5) + +Step 1 through 3 need to be performed by an `admin` user. Step 4 and 5 describe +the commands that an `app` runs to get a token and read secrets from Vault. ### Step 1: Enable AppRole auth backend +(**Persona:** admin) [AppRole](/docs/auth/approle.html) is an authentication mechanism within Vault to allow machines or apps to acquire a token to interact with Vault. It uses @@ -132,33 +180,53 @@ curl -X POST -H "X-Vault-Token: $VAULT_TOKEN" --data '{"type": "approle"}' \ ### Step 2: Create a role with policy attached +(**Persona:** admin) When you enabled AppRole auth backend, it gets mounted at the **`/auth/approle`** path. In this example, you are going to create a role for Jenkins server. --> Policies created in the [policies](/guides/policies.html) guide are -referenced in this step. +The scenario in this guide requires the **`app`** persona (Jenkins) to have the +following policy (`jenkins-pol.hcl`): + +```shell +# Login with AppRole +path "auth/approle/login" { + capabilities = [ "create", "read" ] +} + +# Read test data +path "secret/mysql/*" { + capabilities = [ "read" ] +} +``` #### CLI command -To create a role for machines or apps, run: +Before creating a role, create `jenkins` policy: + +```shell +vault policy-write jenkins jenkins-pol.hcl +``` + +The command to create a new AppRole: ```plaintext vault write auth/approle/role/ [args] ``` There are a number of [parameters](/api/auth/approle/index.html) that you can -set. Most importantly, you want to set policies for the role. You are going to -create a role operates in **pull** mode in this example. +set. Most importantly, you want to specify the policies when you create a role. + **Example:** -The following example creates a role named `jenkins` with `dev-pol` and -`devops-pol` policies attached. +The following example creates a role named `jenkins` with `jenkins` policy +attached. (NOTE: This example creates a role operates in [**pull** +mode](/docs/auth/approle.html).) ```plaintext -$ vault write auth/approle/role/jenkins policies="dev-pol,devops-pol" +$ vault write auth/approle/role/jenkins policies="jenkins" $ vault read auth/approle/role/jenkins @@ -167,7 +235,7 @@ $ vault read auth/approle/role/jenkins bind_secret_id true bound_cidr_list period 0 - policies [dev-pol devops-pol] + policies [jenkins] secret_id_num_uses 0 secret_id_ttl 0 token_max_ttl 0 @@ -175,20 +243,79 @@ $ vault read auth/approle/role/jenkins token_ttl 0 ``` -**NOTE:** If desired, the token use limits, TTL and settings can be specified -during the role creation. +**NOTE:** To attach multiple policies, pass the policy names as a comma +separated string. + +```shell +vault write auth/approle/role/jenkins policies="jenkins,anotherpolicy" +```` #### API call using cURL +Before creating a role, create `jenkins` policy: + +```text +$ curl -X PUT -H "X-Vault-Token: $VAULT_TOKEN" -d @payload.json \ + $VAULT_ADDR/v1/sys/policy/jenkins + +$ cat payload.json +{ + "policy": "path \"auth/approle/login\" { capabilities = [ \"create\", \"read\" ] } ... }" +} +``` + +There are a number of [parameters](/api/auth/approle/index.html) that you can +set. Most importantly, you want to specify the policies when you create a role. + +You are going to create a role operates in [**pull** mode](/docs/auth/approle.html) +in this example. + **Example:** +The following example creates a role named `jenkins` with `jenkins` policy +attached. (NOTE: This example creates a role operates in [**pull** +mode](/docs/auth/approle.html).) + ```text -curl -X POST -H "X-Vault-Token:$VAULT_TOKEN" -d '{"policies":"dev-pol,devops-pol"}' \ +$ curl -X POST -H "X-Vault-Token:$VAULT_TOKEN" -d '{"policies":"jenkins"}' \ $VAULT_ADDR/v1/auth/approle/role/jenkins + +$ curl -X GET -H "X-Vault-Token: $VAULT_TOKEN" $VAULT_ADDR/v1/auth/approle/role/jenkins | jq + +{ + "request_id": "b18054ad-1ab5-8d83-eeed-193d97026ee7", + "lease_id": "", + "renewable": false, + "lease_duration": 0, + "data": { + "bind_secret_id": true, + "bound_cidr_list": "", + "period": 0, + "policies": [ + "jenkins" + ], + "secret_id_num_uses": 0, + "secret_id_ttl": 0, + "token_max_ttl": 0, + "token_num_uses": 0, + "token_ttl": 0 + }, + "wrap_info": null, + "warnings": null, + "auth": null +} ``` +**NOTE:** To attach multiple policies, pass the policy names as a comma +separated string. + +```shell +$ curl -X POST -H "X-Vault-Token:$VAULT_TOKEN" -d '{"policies":"jenkins,anotherpolicy"}' \ + $VAULT_ADDR/v1/auth/approle/role/jenkins +```` ### Step 3: Get Role ID and Secret ID +(**Persona:** admin) Since the example created a `jenkins` role which operates in pull mode, Vault will generate the Secret ID. Similarly to tokens, you can set properties such as @@ -237,10 +364,14 @@ curl -X LIST -H "X-Vault-Token: $VAULT_TOKEN" $VAULT_ADDR/v1/auth/approle/role/j ### Step 4: Login with Role ID & Secret ID +(**Persona:** app) To get a Vault token for the `jenkins` role, you need to pass the role ID and secret ID you obtained previously to the client (in this case, Jenkins). +-> Refer to the [Advanced Features](#advanced-features) section for securely +distributing the role ID and secret ID to the client app. + #### CLI command **Example:** @@ -255,14 +386,17 @@ vault write auth/approle/login role_id="675a50e7-cfe0-be76-e35f-49ec009731ea" \ token_accessor fcee5d4e-7281-8bb0-2901-e743c52e0502 token_duration 768h0m0s token_renewable true - token_policies [dev-pol devops-pol] + token_policies [jenkins] token_meta_role_name "jenkins" ``` +Now you have a client token with `default` and `jenkins` policies attached. + + #### API call using cURL Notice that the following API call passes the role ID and secret ID in the -request payload. Upon a successful login, a token will be returned. +request payload. **Example:** @@ -274,11 +408,127 @@ $ cat jenkins.json } $ curl -X POST -d @jenkins.json $VAULT_ADDR/v1/auth/approle/login | jq + +{ + "request_id": "fccae32b-1e6a-9a9c-7666-f5cb07805c1e", + "lease_id": "", + "renewable": false, + "lease_duration": 0, + "data": null, + "wrap_info": null, + "warnings": null, + "auth": { + "client_token": "3e7dd0ac-8b3e-8f88-bb37-a2890455ca6e", + "accessor": "375c077e-bf02-a09b-c864-63d7f967e86b", + "policies": [ + "default", + "jenkins" + ], + "metadata": { + "role_name": "jenkins" + }, + "lease_duration": 2764800, + "renewable": true, + "entity_id": "54e0b765-6daf-0ff5-70b9-32c0d491f473" + } +} ``` --> Once the client acquired the token, the future requests can be made using +Now you have a client token with `default` and `jenkins` policies attached. + + +### Step 5: Read secrets using the AppRole token +(**Persona:** app) + +Once the client acquired the token, the future requests can be made using that token. +#### CLI command + +**Example:** + +You can pass the `client_token` returned in [Step 4](#step4) as a part of the +CLI command. + +```shell +VAULT_TOKEN=3e7dd0ac-8b3e-8f88-bb37-a2890455ca6e vault read secret/mysql/webapp +No value found at secret/mysql/webapp +``` + +Alternatively, you can first authenticate with Vault using the `client_token`. + +```shell +$ vault auth 3e7dd0ac-8b3e-8f88-bb37-a2890455ca6e +Successfully authenticated! You are now logged in. +token: 3e7dd0ac-8b3e-8f88-bb37-a2890455ca6e +token_duration: 2762013 +token_policies: [default jenkins] + +$ vault read secret/mysql/webapp +No value found at secret/mysql/webapp +``` + +Since there is no value in the `secret/mysql/webapp`, it returne "no value +found" message. + +**Optional:** Using the `admin` user's token, you can store some secrets in the +`secret/mysql/webapp` backend. + +```shell +$ vault write secret/dev/config/mongodb @mysqldb.txt + +$ cat mysqldb.txt +{ + "url": "foo.example.com:35533", + "db_name": "users", + "username": "admin", + "password": "pa$$w0rd" +} +``` + +Now, try to read secrets from `secret/mysql/webapp` using `client_token` again. +This time, it should return the values you just created. + + +#### API call using cURL + +You can now pass the `client_token` returned in [Step 4](#step4) in the +**`X-Vault-Token`** header. + +**Example:** + +```plaintext +curl -X GET -H "X-Vault-Token: 3e7dd0ac-8b3e-8f88-bb37-a2890455ca6e" \ + $VAULT_ADDR/v1/secret/mysql/webapp | jq + +{ + "errors": [] +} +``` + +Since there is no value in the `secret/mysql/webapp`, it returns an empty array. + +**Optional:** Using the `admin` user's token, you can store some secrets in the +`secret/mysql/webapp` backend. + +```shell +$ curl -X POST -H "X-Vault-Token: $VAULT_TOKEN" --data @mysqldb.txt \ + $VAULT_ADDR/v1/secret/mysql/webapp + +$ cat mysqldb.text +{ + "url": "foo.example.com:35533", + "db_name": "users", + "username": "admin", + "password": "p@ssw0rd" +} +``` + +Now, try to read secrets from `secret/mysql/webapp` using `client_token` again. +This time, it should return the values you just created. + + + ## Advanced Features diff --git a/website/source/guides/dynamic-secrets.html.md b/website/source/guides/dynamic-secrets.html.md index 2ab6a27217f2..b316b11760d3 100644 --- a/website/source/guides/dynamic-secrets.html.md +++ b/website/source/guides/dynamic-secrets.html.md @@ -27,6 +27,13 @@ you through the generation of dynamic AWS credentials. 10 minutes +## Personas + +The end-to-end scenario described in this guide involves two personas: + +- **`admin`** with privileged permissions to configure secret backends +- **`app`** is the requester of credentials + ## Challenge Data protection is a top priority which means that the database credential @@ -54,17 +61,16 @@ can be revoked rather than changing more global set of credentials. To perform the tasks described in this guide, you need to have a Vault environment. Refer to the [Getting -Started](/intro/getting-started/install.html) guide to install Vault. - -Make sure that your Vault server has been [initialized and +Started](/intro/getting-started/install.html) guide to install Vault. Make sure +that your Vault server has been [initialized and unsealed](/intro/getting-started/deploy.html). +### PostgreSQL -#### PostgreSQL - -This guide assumes that you have [PostgreSQL -installed](https://www.postgresql.org/download/), and have a database named -`myapp` created. +This guide requires that you have PostgreSQL that you can connect to, +and have a database named **`myapp`**. You can download and install +[PostgreSQL](https://www.postgresql.org/download/) locally, or connect to a +remote host. **Example on Ubuntu:** @@ -72,6 +78,9 @@ installed](https://www.postgresql.org/download/), and have a database named # Install PostgreSQL $ sudo apt-get install -y postgresql postgresql-contrib +# Initialize PostgreSQL +$ sudo postgresql-setup initdb + # Switch to postgres user $ su - postgres @@ -79,7 +88,39 @@ $ su - postgres $ psql -U postgres -c 'CREATE DATABASE myapp;' ``` +[PostgreSQL Wiki](https://wiki.postgresql.org/wiki/First_steps) gives you a +summary of basic commands to get started. + +### Policy requirements + +To perform all tasks demonstrated in this guide, you need to be able to +authenticate with Vault as an **`admin`** user. The `admin` user's policy must +include the following permissions: + +```shell +# Mount secret backends +path "sys/mounts/*" { + capabilities = [ "create", "read", "update", "delete", "list" ] +} + +# Configure the database backend and create roles +path "database/*" { + capabilities = [ "create", "read", "update", "delete", "list" ] +} + +# Write ACL policies +path "sys/policy/*" { + capabilities = [ "create", "read", "update", "delete", "list" ] +} +``` + +-> **NOTE:** For the purpose of this guide, you can use **`root`** token. However, +Vault team recommends that root tokens are only used for just enough initial +setup or in emergencies. As a best practice, use tokens with appropriate +set of policies based on your role in the organization. +If you are not familiar with policies, complete the +[policies](/guides/policies.html) guide. ## Steps @@ -88,13 +129,17 @@ a read-only database role. The Vault generated PostgreSQL credentials will only have read permission. 1. [Mount the database secret backend](#step1) -2. [Configure the PostgreSQL backend](#step2) +2. [Configure PostgreSQL backend](#step2) 3. [Create a role](#step3) -4. [Generate PostgreSQL credentials](#step4) +4. [Request PostgreSQL credentials](#step4) +5. [Validation](#validation) + +Step 1 through 3 need to be performed by an `admin` user. Step 4 describes +the commands that an `app` runs to get a database credentials from Vault. -Be sure to follow the [Validation](#validation) to test the outcomes. ### Step 1: Mount the database secret backend +(**Persona:** admin) As most of the secret backends, the [database backend](/docs/secrets/databases/index.html) must be mounted. @@ -122,20 +167,14 @@ $ export VAULT_TOKEN=0c4d13ba-9f5b-475e-faf2-8f39b28263a5 Now, mount the `database` backend using API: -```text -$ curl -X POST -H "X-Vault-Token: $VAULT_TOKEN" -d @postgres.json \ +```shell +curl -X POST -H "X-Vault-Token: $VAULT_TOKEN" -d '{"type":"database"}' \ $VAULT_ADDR/v1/sys/mounts/database - -$ cat postgres.json - -{ - "type": "database", - "description": "Database secret backend" -} ``` -### Step 2: Configure the PostgreSQL backend +### Step 2: Configure PostgreSQL backend +(**Persona:** admin) The PostgreSQL backend needs to be configured with valid credentials. It is very common to give Vault the **root** credentials and let Vault manage the auditing @@ -180,9 +219,10 @@ $ cat postgres-config.json ``` ### Step 3: Create a role +(**Persona:** admin) In Step 2, you configured the PostgreSQL backend by passing **`readonly`** role -as an allowed member. The next step is to define this `readonly` role. A role is +as an allowed member. The next step is to define the `readonly` role. A role is a logical name that maps to a policy used to generate credentials. -> Vault does not know what kind of PostgreSQL users you want to create. So, @@ -232,27 +272,61 @@ $ cat role-payload.JSON } ``` -The `db_name`, `creation_statements`, `default_ttl`, and `max_ttl` are set in the `role-payload.json`. +The `db_name`, `creation_statements`, `default_ttl`, and `max_ttl` are set in +the `role-payload.json`. -### Step 4: Generate PostgreSQL credentials +### Step 4: Request PostgreSQL credentials +(**Persona:** app) -To generate a new set of PostgreSQL credentials, simply **read** from the `readonly` role endpoint. +Now, you are switching to [`app` persona](#personas). To get a new set of +PostgreSQL credentials, the client app needs to be able to **read** from the +`readonly` role endpoint. Therefore, the app's token must have a policy granting +the read permission. -**NOTE:** Typically, an administrator performs [Step 1](#step1) through -[Step3](step3). In order for the client app to get the database credentials -from Vault, the client's policy must include the following: +`apps-policy.hcl` -```text +```shell +# Get credentials from the database backend path "database/creds/readonly" { - capabilities = ["read"] + capabilities = [ "read" ] } ``` #### CLI command +First create an `apps` policy, and generate a token so that you can authenticate +as an `app` persona. + +**Example:** + ```shell -vault read database/creds/readonly +$ vault policy-write apps apps-policy.hcl +Policy 'apps' written. + +$ vault token-create -policy="apps" +Key Value +--- ----- +token e4bdf7dc-cbbf-1bb1-c06c-6a4f9a826cf2 +token_accessor 54700b7e-d828-a6c4-6141-96e71e002bd7 +token_duration 768h0m0s +token_renewable true +token_policies [apps default] +``` + +Use the returned token to perform the remaining. + +**NOTE:** [AppRole Pull Authentication](/guides/authentication.html) guide +demonstrates more sophisticated way of generating a token for your apps. + +```shell +$ vault auth e4bdf7dc-cbbf-1bb1-c06c-6a4f9a826cf2 +Successfully authenticated! You are now logged in. +token: e4bdf7dc-cbbf-1bb1-c06c-6a4f9a826cf2 +token_duration: 2764277 +token_policies: [apps default] + +$ vault read database/creds/readonly Key Value --- ----- @@ -270,9 +344,51 @@ set of credentials. #### API call using cURL -```plaintext -curl -X GET -H "X-Vault-Token: $VAULT_TOKEN" $VAULT_ADDR/v1/database/creds/readonly | jq +First create an `apps` policy, and generate a token so that you can authenticate +as an `app` persona. + +```text +$ curl -X PUT -H "X-Vault-Token: $VAULT_TOKEN" -d @payload.json \ + $VAULT_ADDR/v1/sys/policy/apps +$ cat payload.json +{ + "policy": "path \"database/creds/readonly\" {capabilities = [ \"read\" ]}" +} + +$ curl -X POST -H "X-Vault-Token: $VAULT_TOKEN" -d '{"policies": ["apps"]}' \ + $VAULT_ADDR/v1/auth/token/create | jq +{ + "request_id": "e1737bc8-7e51-3943-42a0-2dbd6cb40e3e", + "lease_id": "", + "renewable": false, + "lease_duration": 0, + "data": null, + "wrap_info": null, + "warnings": null, + "auth": { + "client_token": "1c97b03a-6098-31cf-9d8b-b404e52dcb4a", + "accessor": "b10a3eb7-15fe-1924-600e-403cfda34c28", + "policies": [ + "apps", + "default" + ], + "metadata": null, + "lease_duration": 2764800, + "renewable": true, + "entity_id": "" + } +} +``` + +Be sure to use the returned token to perform the remaining. + +**NOTE:** [AppRole Pull Authentication](/guides/authentication.html) guide +demonstrates more sophisticated way of generating a token for your apps. + +```shell +curl -X GET -H "X-Vault-Token: 1c97b03a-6098-31cf-9d8b-b404e52dcb4a" \ + $VAULT_ADDR/v1/database/creds/readonly | jq { "request_id": "e0e5a6c1-5e69-5cf3-c9d2-020af192de36", "lease_id": "database/creds/readonly/7aa462ab-98cb-fdcb-b226-f0a0d37644cc", From 1f525a4cf98d423a5e4027291f1d97b953c3075a Mon Sep 17 00:00:00 2001 From: Yoko Hyakuna Date: Mon, 22 Jan 2018 18:14:23 -0800 Subject: [PATCH 008/178] WIP - new guides --- .../assets/images/vault-approle-workflow2.png | Bin 0 -> 53956 bytes .../source/assets/images/vault-approle.png | Bin 79550 -> 0 bytes website/source/guides/authentication.html.md | 243 +++++++++++------- website/source/guides/dynamic-secrets.html.md | 99 +++---- 4 files changed, 204 insertions(+), 138 deletions(-) create mode 100644 website/source/assets/images/vault-approle-workflow2.png delete mode 100644 website/source/assets/images/vault-approle.png diff --git a/website/source/assets/images/vault-approle-workflow2.png b/website/source/assets/images/vault-approle-workflow2.png new file mode 100644 index 0000000000000000000000000000000000000000..66f85e4141eabe72a70381d7de5f39ea07ce3c49 GIT binary patch literal 53956 zcmZ5|WmFtn(=HkY2{6G42{1@ta0~8(1qcpk)vkJ~Llr+ty~H5JKtMovDI*P0MnFIYBOo9e0A4)*qM8`F zg@8bTAOjIqb=NywMql!==Vf_3i18REW+x0D1d_tUoUlp0ZG8&Mi_H}yaiY#^l6(0f zRmC!fUg^~j0}F~R7IBQ=DG`##3b&*1y9QtD2TE8p_FOHaMkr?C3yDnH6$(l>YS;hcJM*Dnx(+RK804v;%Wbzj`8%hS^8JlCw6tqXc(B-~nGG zF5iE>yOSPtas)iJ1v=ir8s#AO;*k3enENNlQvO4$52RHH)Xon&A_6{nhhYlNehn`o z!@MDF_Ux(h~5~{A) zmM+kLOKb+Hj9PjJYIheu7)&A9F$6loVeT`jhIKXD_)7C62{TInmNu30bliox@1+_x|8NQ`vO&>aR{j4)Yqf`XYe2j`AThD}B*0aCV6+usq7M_?_BHT! z7UrG|b62UUU*Z5gTIzq!6zh;s{kTp)L-udYUIioMQaC4HbPrHtBwJsqW6LL81s}{l z5Gu`+cJKc$OZ&T%5Mau;1A;jY`WWG2!`oI^qd4TS=h9|2x(qg4O0FPZ{;!QUzyV-= zo`1^LRP*(~F}7XUPL}9}LweC_v3aj zXOYjUX7c_mGA+nqneg0k#`R%3J$(+7c15^wq*US|G1@lXQ*wmZHOyKw)EbzWh&zM& zZ%2Fw>%4=YB$vOgZ|W#*QWShdnVVAZ80EV-ff>BlW9`+Z;`U4C_;xLK^s-(Sdmy} z(J+`b7ZEp?;dt(|(!vLz;r|x|{xL>kiWtcDIn~CHdDQrvMDIg*(bpT5^6h_v$yZdQ zXO-NuB}r`ek{if({7Z!f_yHjByGJ8@CEims=rqfJG3I}4Jy*G0|B~t7@1#Tdh#XK| z^tInvi)ZBddW~GVNA$m7OA(MDK?4%v0v(Y7pH`b%aU@j7w`FGe{_Q=UD9mvZ+ZkGI zDYh#J!PHN->DaD5_P|74Dy@fqFMkvJWZ-G!;-}gJukfNn(jWU3 z|CRj%b&A zw!p40uaH)#K<&0$D>%_GVLQL4Ea2&#^+iXx>?#+C84u{!5k4OEbKn_nvmm_#QoYAy zme{6my(Lr|`cxZ#s5WkZr~a_(oKR=y345vDo&|pH)A~A=5yxko6t2EnUR*s{ zgSj8Wu7!c8$BS+ng8xDKQG{pxZ{h^p`^CeqGhx^Mu0zHkF^M~k@wKLhIsCAq(LGDK zbj;}`4M?vPq*qw3Wt&OEaBLzJ799rb2!oYCdacpmtM5U+*$*$j^_Swzd&`s_SUI1^ z>L3SEdku8j^Tt&A6b-?Hj##YOB>v#drASmU*`G1wJ2pGh_cPSa}B~*O5Idxy7&qu6%qusQ-JK=0{vPL zm1H6>)wJR4;+2&qUgok{fN9A$@M8jNo*EuI9pjw)BSbc?BI=L(gH(O{(`P5^yFwGQ=&> z`)!BOnLsIZHQCBWlAHwSH|bM}nS15~Jmu2OD)#ZSfq2U}17*X9xj=!k*ssnN#*$BC zfu{wo!m?Po=WWX)k1~HoI^m~dz|$wthNgUpUoxz7>v&mbvXN$)3Dn+vBmL;kA=Pe! zf_22(U@d%%2NYf|73r8Qe@J=nH=C;6z~$7{tO6-@j=Wi=09~Aq*)HqP1pQ*MT>xwz z+-ZY0h!(DmA=~1MT*>y#(CBD@wcLGw=FN8(y?3Bd=7~l@v(LMJ7p4Q-1u=!EbEh^MqqY@9oL{I!aK)iJ!Iyu`+9exn3(BT1> zDlp0&1GngkKzotk^tv{yX$Fe*k@kaEj7j`rDm*w?PMlPr;@E=O;D*e=!WTdnKwkA) ztNKe4Pq`)_)|^SsEtf;mGBtxO;PLV4)Gr%)NEXi&E82UWnaG@^d*1PstkY7JXO zuQf72`Hbg^I!pCFNMaV1)FJZnb7y9t-z^+&$I(Xd&`%qLaY*YQmQH~%9fXI`R7WW= zkJIHiddYz5XtMQgQD>@+K3HuN^bW=OsZhfF2Zie0&2QNCSFZ9ObGB(}ooy^O3qHhy zT#r%moil|Zw+&W}UD0*h8Vjp^p}6&2eJM6%;TzC`a%XAPFVytNcV2TWCQ;k|rrpj- ztq4GQxY$IFy`Yi|`)_A;rp=oDO1_(QW&qWM_Q7T`%7I5m3?kw||IkfUQsr+7Fx+Mj z*hJ&02bd_)%5H&AJ}i+7Y6M~LT|Rc&412kLlQgkk?KAeUw_TA|Yx2!l$%Jw+|BXNf zKqR8XB1JK$^PQavr59o1IYs=%>X7Zcw{zOGElf)5VpoY{3;ubP(s>3E?i93V7I?X- zD6tqve4O+1fQ)h(C)UIw2XZlo>X&n3Cl8$jh+{grF|Se9tL4`Ug2`VcVo^*~K`~AE zYt&I*BBnY;<{|I7CeNll+TT8{W)SRiJzKTGv=+seQdSgeq}xQ$M(Xm{ft7Ch104y~ zFTMG0n_5?7w>MjYH|1OAgV@QXz02qBa7n_^jG5rn)IQW5*0cMNtwWWx1Ja1tqS`Cs z0pe1#G`DjZU>Ep|V~jnpl;V%W=z0l=3Z!%SJit8(2@hdK4>iY zeHTmck>U3Z!{LQuh-nI;TVqm{@9jItWTD491f0c~BCH`4#ETr{-0J-_N}x0Y5NXm} zu4MyYhO*mh|3kZ2vu8p0sd9?3X)tWcq;jB-D`!g6QLh%g8soDp1-*+Z4Gg2Z{R^PIMoKu+GZ6zZHCZnYL&8} zYi(d-rc*ivimcQz(JmL;e6@l*oK|~)`gIy=Kan38t4=w^PXLF$(Nxo(i}<2UnQuBX z=nXDCI-)9_GJ8e~x0@Q@_KFs<$nCKdJA=WToSR|A#> zGX}(R3erzYG@@6UjmHWt#JFPlUl*2~m7SOI2o@~6S($h#p*svnltfurazvdG0--L3 zX80*gQVm`x(c!#<6uUY8OBKN}Lm|qQHKU3;pT3|nq2DPVPBr4WqTkC%0&1rK`W<~) z?$tqBUB^15Ca3HJauN)Z&lV$|J4G~BD|!8U&YOMtd@?LH6wQ15jN%}fIIP#K)M7Wm z1r%)b-emGs3QNp#&Clu=AN${uBrj?=OEP(3_uO2h)z$nT`c{8?-)$cV$lV7OV0c!O+n34Q*HCP|uH>{J(tKPh^ z)JP8R#aPOOx)qn(UyCTgws?^RlMdk%v&Gq&VG(h{~EdN z>kh;PdCte+TN^BsTC2?79M-=j#E)DXdl>VIF*Y~jYNU7tdxPjV0>cSzn8$pKNxtl9Bve|}jF!6l~ZIlW#v$&CrnritrA{I(Z|DGsl1UfHZJd3RAMtwX`O2zM=Sdxv)Ly6)lsw%_;`ieL1OL$|?4d zCOsssHR`B8eF!~Y9BGtLy+S(Bbp0@xr(4MM6pp(0*);uxx65~W_)O=Q1yeO_oj7F> z@T?Th)0dnW$FrPo058@PgJJ$9z8J55`h~_9F}9e^h;PlBWwL*}JOzgzi33P zx42d$e7c>c$25OPIe(ThBh)s>cCr1RGjr!X@E58QCBupIWZr{mqVT8qGWJd1$g#HY zbPav1`$=cML3asNY$WHGP9i9AL5$y(jKC`8ylV;8MgP6te5#w>W7>fOp|mfO_*+tjF@J;= z>A(iOa|lyU-x!x0qxU9QGviy-{d#`-FM1^D;2=E4jCrU5dZP~3oMoxs{*yHL2RECV za-H+8ZlU8YfdXy%NcAWC>#`4`bjt)l5A-|^0o-QK@2bk!XR;uZk zzo$~(U}~6FdFbeRuwkk6XcMv@zQIfX&U0Q|uM13sTcAVlW#@0M1(Cb!WJ%D=^{%kP z(3!V%PC1OXGYeUxkHU*aH+g?Dx`z0R>vq=mc>PHB80Kn8SGxRLS|NHFAmQjhQo+S# zh%7H;L^c2UR|gtbgNA6W(L`hHhfGn{j0HL?lw~LVH?liyby+GM%%Q`qP15BI#w)ie z&AwwB7wqj$*ie%*d=%sPnz7P2&NKaAG?aUr%pnI&D$e|AJ$!Q+J>{@4$G*Z&1)G9T z@bpIJiZo#j*V8s5v!)2DuSQ;d-;|kk8lTgfZoxAxhvzN+3P3`k5&dcu@v%DhBy>%{ zG%W~iHby_IXe=Q(>gv3oY3PM*gCtB<(alOWr&{467XHCO%-<0B+nTIwU;7M5LP+ys zk4dQHh`(XNvbgUJBM7_{Vha8VrKHY?y$SuoU#87%Nf^Rw5Pvy_OE*tLB)B*_mAd!K zD?H4Ne!5<^ei|)`YQ*n-NN_oCi0&(bJAV|&zTaMQzH_qt7gek3)=4U#-v{3CXWiMDAX#s{Es$m!nLw-kw7K+oN@AFJ zN!es?bI0{F%w4Vpn`Bct2(Z*@TFjX#=T(i+{IMg5jpY7*T#VYMRW7t&Q{(}3 z2>p}th3pn3L#~Z<+Y7#38{2+3Z(KF3$Rt)%y(IIerakQ`E<^TY<_>9xe#`o}?uS*s zmGuKXYBaqEr{*!xZmuqaWO=OP3nR1o772Z&S`X6^dWnj@B z2Tf0uv)Ya*(x$?DZn8R}yaT-f7b?tAjNFI5P}$^ISY<^O5^mmT`qh1S8Y=^%f}Ro-vxpgH-4j8za)jWJFHNy`j6c&m(XYcwxfde#(mIq`Dx{P*kX+YG7$ zElJfcG8VTBh7KGPDm6z(X+{3{H*g=Zi`XXl^etkmD9ZU2`gt}VdvB>B(;2O>Nu&)< z+)9#Z<(oOlE_+S+Fct=46mMx3^T%OI|l{n7_zb)Uoi2#aK07*p@>-wjTsoBO@jg_}BF}Nl?<}w>r!6 zxm5vumo~|2)RBZs5XBPe;)Tq+xnMXWQB8R+(ivbLD#}t)on>5vx~v#dlc{FFc{nVr zM!l?rvZ|692^_dvTFKm4<4LJgD!zi4hwP#JE{t^qXc>AgD@?nMcQK54R*d}fe2_kY+Z4hH&*_IJ=<13OF2ONXo-|wCOuq|9pIcCr`hj`+@khyz@60rHw2>B6}Z5{ zTyV3803_4Zdyjsl$M-_8usTJZ$}a*epz?Of7lJ19@Gydpn+rp^xmmWaNq%?*862E5 zYCYF-+#@Wp33~@B2$9{Sy)Df_S=Fy>GBkgP?y&wwA1??gZMekS-$Ms5>+D$C7Sv`hvfu$sp8H!D3}TrqZiK%C0ILDo#Nq%}?^L5+zcb=yq@k>{Q^S zCgmSSh^+fk4m5=AC#FfdF6Bp|&3C`E(n&y7MO6^Wa2OsYCgyamGm8vLZqjV>=uTa! z-&@3+`}juY;otSxN;2EY9z;q_TX@-=1_XGRuHnGBmi6CA?F4w8K zi8!PPHe9Y)=Bo~hc^&+zC8+h2;F?zi7t8dE%Z$RL(e?L9%8oqaT!bjne2s5JkdSPH z+HKworIpxlif}6Wri{Ijg9??zcsPjTn(Uoi-tC2D$ z36Yg7k)e8TGjig{gqap0%34F4;(*v}oGvvh1m)(zN4&ebBD0`C2h!V=eg+0avexVi z{+^Sk8W?!}7${|%$2wAHmVpGlnk6J1s1jLb%ZWWe&IwTPZ8paRH0EwO<9(G@yciwp ztGTkd*>m)WF zM_nd&b7@ff+)LcO#Tb2Gv69P9P04%3o*Or(Q`Y3p+i}?Bqf6{pW6odLxP!$6&Wx|2 zViND!9p)NXIp9sRuV@up_^Ba^QNF6i6haV=XSC^ErT*m9W0dN2b!Glu$FeI{%Xw>O zD0eD8b#%wnH~g094n*-<$+RnAFGV{`XcoO-BF*^7*=(^#q3q8{E>cLZR0In{5{Kz8 zT+-ukw;_J|FBpcWn|C!M>JZap3w8Z?VCDM!p`T4>t1YCKha{!(dyfDQRLvr(pH$yG zB;OYH%P==Q9dA_L=amy^xFESt@Qtszf(PWcQmRj)%(KXzf zQ#_OW%h~`IDkGmYO2g?FW4q9AUAgGgwHT7K6+P*gFS>UphkFX&fyL)o=1wGBg*QY# zry}OmhVQJBgNyUeD?WQeM@$KXILpLel8W~682}hijN{iPg;?3MgmX72bkL}}5g3!& z(0bsQqRn0!O6d-!@#Cr~OWmUil+`POW`}~Gc(6jl9tBk3pl%q^nE5P*0}OYAGbFUh z-EO5v?s#Fd{dbz$YK@OiRFPAczf@fhg$R9bWQap!6c-Kp5Gz0k^H09PN7$tfky?s5 z3+n&d>Gx${vF%(CO)o=+&io3|#Y7xanT#-2*C#ky7=*fm97)7_n_c zQ6ATC&#|~QK4!;ioz%}0KEj$9^tCY#W9>uoe*_mFQ`x}b<*@{ESOD%~JsyQVvS0wn zNMB+$PKSg6ekEZpM?N@Fz11qpcbGgbsZM5|(T2wC+mP&Vb9Ur_dB$!2b~`17B<$V9 zh&NDbmfq`*RWd(Ih5Wp>$WP3nzZsftf;hfgRUc7AK{d|B?$2xH@2eI3k?n|5Q06e> zWW|(<#p9~|br0vd5EVyk1OCP*JH8eldv;%&Wal5raOK|cuK#iYBC73|6SiA22R`00 z%vEG`dsL3wTn7=7J_vZLzx=3JL&D6#5BJGibtI=qMbqmD-8Q zJXR+!!>@kq*q%2iO$7pf$KoKyg?kq}_qec5+F1r6tCLcrTN>8=Xb=}f#&q5s?&)|3 zE=~lIb%ysximbb(e|npDA8?b80Vu2*xyV8BgEMyX2Cti5Z`I@m)Vx(s?VVgVFH1)W z*$LQ9^=QW){|PSt4D7aa*1LKef%@j%IJQ|N0t6bMYgRi%@oULqV5O(ZEhBhjeF+nU z4bb|r!qm_A3`zKJS9Fu!qo|#aChNxcTFt<1$+NtO8qpKfOv!)iH7m>-rNC!5=&5$y zX1uoeyV`b=gIxF#&ri27u&ByE`^lr?TGy3Nm8XzhL6io?1^Uv;qa1`k<+e(&B< zlE*kgMsm`7+_S@O@}b#T-W0$aV086Qr1gx@akCg^Pk!K=G2*5Hw`mG>pwR#39gV@L zqFu5(>#XaV7C9^HuyNkY4VW0?=DJJm5SkX@>ulPYWZzF#3qC#pX@tssn5yXeQZn(#wZiaL_ayqN)Ys!DzQ4cX9zOzZfW@8GS<|C#=U?eYD`Mlo1fP4nja<1}l{sH32ACbh6?im#khsPMM zu5bn7GraT`%<{$-R3h;;pK9ypm#m5WTdg2Mj7~q|Ykxu!zE)clM$$3Fa>!RW3?mimpH4r}n)n>u)>zp$a- zuCwLPgc7TKD%&UD8CQi{g#)0Oo2in`EZ02VXt?~xh_b(m>uZO-uExuJI44q+v4EF$ zJkzbtaaPyk@xq=By*{I&SprmaNNo%WZstFj`IIQ}=Sx$!Es8m5Ke8kz+y1V19u0{~ zz@0TB`H_! znp$a3g?jgESqS-e$Jv+I@=JHrFL-D9h<_Y14+qvT#?%bVuMct=GUkZ+W%w_el7zj| zF4yDC>ltGHpn;%Oke9J zkX?c~_djwbfn76v|2&jhj?*yLCGdu)!I$+m7pe|Dcg%!iY^|~)vlT)+!C#r}iWNnu zaS6OE%-EeD&DbQ)hieSyxp<#c)g810FQH=i=T&e;i;KLF|xz<+p8Xeuj5T`cGQ z&hA};yD`pfw&ktWC{*S#%a&H*U|r4bN>G8@TdQ4vQCOw`8k-EUMC(I;fD8s}*|AHF zefH3mYA4=1is8={xXgPLjLPZ%qC}S^qIj%LeceHX+s3ej4k+5$JQ;xxh#sy@H{3XK zt-Tv6>kLS{Ip?r&lvbT0=;}Z^s*&{H-PQ{E1)bD1i`|b$Hu0w?H(y|%u>Jj(`;&yW zglglv%LP7CnIzD0h)cN2Y5QR4M-|@IcE1LvvXK*+vq`+X%pz99#ZPlDvERt*3z)UB ztx6D68k}fdzKv+h5*#lzTd_R;V4r(+_y#O<710n@louT3Kr7VA0e?Gf7Ur|Z1Qs7r zdNr2$?2!Sra9MLmB8F#|`1yzg? zs}aSjutjyvzP3DY;?+K}NUX|if zQ5WLe2Z_JN(V@{xCXtdK_XXo&n zSV^XJwrdb>G2_KbyY})q8EoQpv>n2-A?aNlC@KYkEtw7v@JxX3A1JG>Xep+23S;^r za)yjtIThP+O3G6|Cw(B~Tjf1gtXrm9BUz-HQnP|nsYc@tM#zLS?xHM3gr2IU0a_HKWb=Xc9B@`0g~%R*4mDYG3e*Suu##^Hp> z@*I3!GI}G#go3C7Bh)iB6tvgY{JatR@X<0sIrA;>OB#%91O>rKmAaS5uPZ6`f z)asC9I5|=7DP&>il2n}n_f(4?j0%eJK?6PGVg$UeDe(%{vPg7e&_wn6^W@E6nFcEY z6etUiYc!`)!!I{jDkK2O*E64_^z{#1F)w`%GXh zEi|h0^TXseG~?sjN(&RMWYw7+Z1c#>{%cV39Q49x+&EmZYg%_WlX~98+67DD`K8jQz7<&Cs zo5lClY$AUNf7a+m3VuC6AXbjmD4I($ODAjmK;^qYKktX$35h0>+s6G{VWNAmnv(rRm+C)?n9?yn*_2$I4%Fe`4zOkyE(rvyKhaDqd z-Rg%I&!JyRKeQX&Qn88rQPeq+G@M%`t~IOFFTCCQfve@-&VD+%4d7UgWw4m-zURd~ zc2T#escQe+0IHNlaW6QD5{Z~;(@gNOO*Vd8T~V6VJss$DUAoZpilCc<@*|BK8ZTln zLntF4z1bGH1L)j%+n9FZkw>|sS3CH|dYmP^Q^fieTD6@B`N69LEcn|X`-oB*#mj@#5~ ztHNx5ZXAg(9Sc;tPtjC1xB4*6Ww*BCphWB8DE9J^^2DffcA4B&IDNnBxs>c0D$-nj zp0H-u{?Rs1ciec+r;4xoLmX-z|E{UC`X91Tj2x+92}0b!{7z>(ey7soT#v4%7babN z-Rxzq1*S`V#4`h&DE(7-3N6lV8daT@-gLwBbCUDRfSGA#TI%7RW+V8`E{n}Z%e(M(xgN%;?l`u1dzQg^(^#8ev6s52FK)T@+kDa@kN z6u;SAXGN{qV-+tu24#yF+j;w;(e}97= z@JY?+N+8L>@S6y^7K#iM!brSmYCvv$TWmc1|zzo(@gH}JWk{Ea?S z=AP<~&N<^V`{EKvQ5gE!yE~M@!-OQB6^2y}4xPBA8~Yvg%->=MQern)icxK>Ni3Ov z8{#bJ+z6?qI9S>B$uibh{ij=530mBxv;1xwjy3FNy5J+VAmr3l zoe^7g$$G<0@uOYEKLlkM55IKYXMA?SSW%nvXH|ljs!$)aiy6QHCQMvIi6%n}$-84m z=8su|;Goj`&pzt3YUoJg^%f~xDVv|oHqfl?N zRm5}Oi{~Xu@Ao1g_2x)U+D54nf>$mmHniJ{e6G3y_yT|+9a>PdTi1eAwg2wrruDU! z%Ka}DoEf@${G?@x<%G=a>!&QKAT8+3U-F9{zy!DXnC>Q0`-Hx>1QPTLb4$=rN}{CHqP!3e;RPAOT-$}1Y!iKbrP%~qgEBA7 zfHq1B+S5IGkF!!UHPf6FXS@ynJVjqc{N+#M@yjzyM=cKYlHx}FO&L?VD0B05V$7?~w-Qllu`bFD|cDSX(uIp^??QSvm> z$@Gr@X<07KmpmGvtgR`cR*Kc!mG~TbK}hgSlR*&?zzh#t(73aM1@VFbt#;ayiq#eG zBzlis-oS%w+^?ALI<}T0Y&B_njF`vT-fNZMF zd3dy!i;AJu_$>)gpLe?eS^xY>zUtf(cp68TT>YKmDxk2jV|{ks;)*-`j~8L-?``vT zbEWk_m%;vRETx;u_m9Zfyzc*KF<3+;VG={{7{Q{5@)GZ}Bh)4HN0YCvUl7U(s+8hN zji!44h7~SBUGdetYQC@g$g8F!9!B`=P1nH+bdCs#hz#*;ehC&PWu$*QQ?PZjqR#5g z9Q`2ph>mMCh7)Td}luT)Dk(1bsIDDHJuho4Ic&mOGrI|ydBz$5$Tf$An~b?e2b8m}dn z28Gf;zn#yOS&r0|FyW&C9T?<)dgKP#2oU+IlMd@q3qHQO9g z$|j#oJk)Q+7(wB~!B)Fssz;MBqz;RS4E56(CS#MW-7A{j!IFRY!44KEP%f0Fkw!IJ zvH(9@M|wu?MZz#$NoY(CPFcv`g}?iZFb8J)#75)Zx!~3sm-;`Vzd^#lTKF83WR)!GpC~0+t!qU~ z1WX#fRkJssbkG8LdqM=7G<`HVpn5nNFXgI%K{98+%kMFXhA;Z2#azPYGclE#KGqbm zF4JGo;i`;3igRxL*48c{Eyo3f`~61@ER;sAQ_G#W=8CJvq%VTuyiej5^JPP zKFv_RQ;P)Qt6Fi+KD%HRx`>kfR;Vy)AB)X1dYlDB77fmJ{s~tLembXIPV#N_=z#A%mI)P`>^lB-Ia`7=gOn2XKD0`(M-&I5LYxS;J zgEJ*~mhwbKq@{H#JRP2QDZmWe>5J7|X$h;vjx-2(}b1=nI8Cs5m&1M^kfJniBC%FO%qENFE9Nx(VcbmvW!Z_n2jls{1;T8(xu5Bcy|AU=hyf|I`eeo|UBKL>&5sfg<{nEOVA+!fM3 zYCERhs;RiDuhk^w7**C$sa!?M=Hz!KX#%0@1&898g*JPXK>p(#_BJ{F%3lqMKFP!y z`oW#Wl-c7UYv<0kal!WnBdm9a1t<%gw5d{2DfE1iltaHQmOJvM12SVqp{k~zVfr3w5W48oaO-v)K(xErDIJRqsvXNG zvkKGe3@W86J&#Hs%{+!HiS_f{@EZDad91b+_Qs;eL)N4(P@Un5@|(EX?Y}E+2PnoA zjoTfkA{(wBdv^#z)jn>cKWdf)iy&+L^^~jd&ZVmkpVFjmi8AnI3Z3O)g^sL7Q(zSz zCa}>mJpoEYiHXlYLrCFJ4(W5MSV2mtPU^JhT1^%}10~m`Bq&%xAHAL7o_1}z z|HP{@q%Eep%a&@br33S z+q(j@r-v-2?B%+S>GD%I>UWsJX(i&`M3Gz)Oo77}b(owb(P9RqNY0B-1!JByC92U< zBKS4=oi|_1xMWZxQp~ER-K;;5-K`|Q$xfO!D@k3~-TkO4^08$=Slg93K#xTA`%2jN ztb1f&(nbE(RB$%k7VPG`Kn2?vy;*-R+!}50h~`LQq{nOcfW!4q?p@*4qBXz9nBlT@ zVY{EoZZo#tUCKeTPuj66mb#&S)&wRZQj=<<@gL%#zV^b&T%(W{iv(_Aw%;(Wz7;yP z*1+h}Nfr{FbM&z+?Y`YYi6H#p9@ha$_xg;&<8RIMaha+ujR5M@alhD&NBa_Aw?E&l zzhoUBWYRx;Y%+_#`MAejvHnABoi+Kve$`&MFI>)GZz>-k<*sdmBsd(PlzDE7| zJVqzm@W*24LGx}+6?N4IvvkBkQ|e^7AWKl_ao-aY1-tFZmThLJVTBd+b}H_RgLU0p zoFIK4>SVZec|9#sp`7YU!yB>hk72J*?_$1|q7Td_Q!!OU08UvItY#!0+GU=nFlgbk zf`8pf2PH{URd4#4+na}-O0b)u%{R)%(BEv4fuwX3m2_y5<)T6tZ&jfO|HFHD$!P8S zb>il!YBkztjBxQ)0_P=uVXV^B>-7DBa@NlmD=>N;sM_RPocDG z`LAj_8T5CU8mp==eQcelKX8Bb`HU%UMcBh1g({-$wjf`1>X>kOXmU3U)Nps7X9~CL%@EVQa|y8H zJ*Se9HF+iD^S{WZj$(6LII=BGaw6t??0qxt%HKn%sq^aiReW z?Y3!HFa=_hi>U_2_t+LmCYDP;f^r;EB9@~Dt27vDt$B+XG$uJbNHuGb^Ss4xI@f+$ zVfk--JD_CUeXws!{5ex2vZe|POGCkatB-(~Uh9GlNeXMKRwJQMt?1CKxo5qT(e%tB zY!wbC%BKB0Im$0ZQ5WhAqI&=d7iy~2%OEn++82F_ZG@Ckbl4oJZ(Pzv-Cp$ee|pKS zTji4=&w1!0?v9%(pUxqAIFiemlYXTQf6mW3tx$YfKtk_9JIzmJdZM~)3@9H1ioD%N z;yPzKz5VDx*KeO@OJj5dNQw_kJYqocGFqf9UPrv0=aB4TOF|^`5Cqe(U-9?6CRoF& ztgCHmB^tQ!CDN($Nm%1@6I1D|3g9aOQru?&$DO-X^iHVCAuxqs$>S+W>#QWrENUds zhSkrV=yBjaoic2{xPX0JiT9w8E%6oQhY;zVrrg+URE%kdjRbuuI-e$Yr< zGg9hSP+~A93z6n*vJdAh{)aLZC6hnMpZ9BUc?glNI?TyfbWlH54WXPymc@{`0d5{Fb)yMXoWqD`zdny48gK(Dzu&8txKyXVWtqpM ziAd=ta?3+e0?JK%x4GBl-hx@%&dASmRnO@ElXgmp8H__DB;1S1-`HS;%OHB}&jhR4 z)YFo7?ACG>AL;y0rY25B;d_MU1}$sP>fjMOD)-}oCKz~nWtQr<*s*(u%HM42y6OCP zmW~W9;JHxLm9V}Aie`c*Jk0&IsQG^mkkm+1=)(D?bW4|w zegwb-`6(2*{AecIs_`7MWN%vodfoCw|NLuyI=kFt! z0eBFRxP1Cmm-zv`%EC*>UB6B24Eka6MfcMuD%xI9ddWe&ArPIi{Mf=$ zW#{2lVw5jg_BHhxOZ-x~AOU|N&pwKL^TN7CwRl}QTjD;Nzek78KJm41s*S3$?8B7G z4r>U0l^V+qVwwM+_YZzhDwPu0utr0k@?ymH3Yt_ennW*AeH_UnE#^0qci}>-uA^l~ zSyW0*VpL!xK>}&&UXFt-6_w6cBq{+nQfX=u6c+zgm%lp@^^<*NPryvX24PqC4GPQD>P*o2^K5#0LktoLRMXY3U3-%Ww9%%8 zj^%~!2CkaQA_qSGd}O&}R3J8Gzvx^3Kt3!_XD~AL&2DA;pGnG7rjhmZW=CiR0qa~0 zxcH~$hiB@x-8}wBBjiZKBVi(7LlmsTlFb`1!C&h!lvjelVpA$3E%wwj8ndOk+cVw5 zRT<%@JEF%gmr{K`XOrt)UX7`tGf{zJm7nlsaLzO(mNw53!}QLV!zE~*V1_tS&_asi6RY%xy< zuf*jo%q_16lK@-x=?E<7u#Osmc$uaQ8CXzf(QB%B2BOjkJf&~@!;y3jWpy1OX4q#w z?X>px>eqe*N|Y?Vs~FOy@4}ZsM*C2bco5m?D>H}bS+u~Qudz*+2l~tg54)?lz=;T0 zmfhZt3JK&rH~E)fwNsAitc^g1U1?Pmd`d8qxBpJQ`=42c3=OoUx3~lmKV_{WM`8c* z=od(wp$bs|w6kK)kb;Y0PXB*0g$+>UGY{4qEf6%{FPkO-zoCKzpD;OO9Ny%QZFEX} zXw9H4$#%y^3BJs8drgR>PDFAxqO2GDlH-S!A288Yv3O1ARYl(j_L@s7n=r06#7>fPt@ zw^I>tu9G8ork2MuNRSaCGOI38x9$0bm4YO2t738N^7-2fGLd8+=A&@r^k8Y7;pfpR;fb53 zCORgZPQH6RkBD3lZE zP~EyV6r^TMnPP}@Hlh?{LYInMI`cmlI9st3_C^tW_`21Ucb^rwO*@yjI0-^@iWeF< zny3E!6J+S6;mlX(tNvU|yFA9v-AFsOV|yKnn(I(Pdx3KYO=P}dW_lZ(P8=TIMyVb5 z^_i_*LW^<)SI=1@3i*Xqp=qLIs5$k2h86b>m3hm!7+kd{WeyCfw< zx^ZCBNKe;ZhGxyA%*|TTuz1DtrBA!5{w~~M%x-*4P zd*hl98(yPi$#o)u*~|cba{&(CKc34vfO&sKOSQM4^;1Fo4qj()szVonzC*d6wrt6z zogw$tOq#RiX4n)C9?^2h_XxWc=>na^52CAdKa-z4>UY6KysCS`2WJm6(sed}xOtZQVwE$#~IAGOdE z4)4#5gVr)Jgt!5DIAE8Rh5KFpu2~oydAr{~EBZN;p9cZe6~n*u!T2Ob^GI?Gg}Ym$ zKC5Wb%;Ijcl~w3|UhZ^%&V(niD(}i=i z1B6Ra74>>i-RGdMbhb#(G)xeE3dTZz)Be1*(REZs_?ciM`0mExK{NvIYXkBLYd{R@ z0MSkR`cHiHkQS-l`|tb?x3TI6l*|_@(Q+24L?aZz8B+#0QAk#v>%KXwf>LS~YY16= zlq-c0-F4H6FB=$$-Hj>W7mL9i-P5YsnW|=(^Sf`5hlFfwUQUR{cgd~2QHinW(HLg zHK!;hl{R^yI<(`frfeK#0epNdbxYYvyp(r4_rqQULi?2hZ+5zYLf_X5O(x zKJ&AOuJu`OKcc+dbc|wN6~V#|K#gQF&S)7Zol9}R#v5jpFn^^gwm>;k=tpJ#v!+bE z<`Q;4qZdNbT68;hBQ`bp^eC4mXQZhAnU94Hq&Hhu|BhQThFUbJWYY`PZ_D~mqw3)m z-uKD{P}2+x6<1jBOHLlb=oso2J(H1mFt!tQ%Ng+rUpLEHW z@EbUDu%Jw>V+|y|u5FfLWcP4lTyDH+B1$RZ$>RY1aA=xo$(OBv7{@7dw8eJTl^X;G zSGy+G%U)z|;eWz-}u&$jXnxqdB8%_45$JA1&eX*{8%0<)cE#iy` z?VUQvv?L{I$eLvBHhjP}!&N@}mZAr?I>m|IMHnL zplkBfpTM3DoQ#6QszWsgW97tB%;6;Fh$Q0E1#NPdpVH4?N+7XIe2T$hb}USNhYM*K zjY^oX9hI!~%@Rk)j}+GPY}L<3$h)lya#WSIflZ)hgxy*3)5>8J@UdGChFNY44GLo= zx@2u;TnE_gBjEJH=NPD!PPFWLUnx56lQeUA5I`;-PhsTU7ke~>w~a_kmXV%pBN8Yn zR}_OxVy1S#oYyB%$VxuTz6Gv;<@Up;;xUH#%45eevgeRn7|dsj$~K=pk+8;rb3*WP z#JIITqaYQaE@tq5mpq{l-^-E!(hq)%ycH@dMIZbK}qck-ww(BWo^%GRBYEHf24L*M7&02YeV+aD`inLTK@&u?_tK>izP{yF6IWf{lWtoWy;#g8bWW3( zwWaOgtJ@z~4lkuQjMit*Tihp6@stDGKIPs5WjCw z6oVXxM~(O$M?eEnJ40oAye%MR{DoCnIh3I-7&%lo(FIH>Jr#Qp8jk_1{@s)Wze)J1 zO%9l0?b-VN8VJRCAAf+{0AInL(^P^caHFr9!b-;wPfvu4;I#xD;njOhimU-(qLeF_$pYeaFUVo`QX6~^MFS*OvB z1m55bAe8x)Y4^B&Pj+Vy{l3-`2!v+K;sz4to*1PeK!B4%hY&hX6WE?QN zlJ1DH2zo6;Ha3sofl7JqV_)c~u!u09;CF#pPL&TBL`uG`8Y{=6*7oHVYDj{7*P zSY8zT)yUaib(}-zwrnF)?Bor=rZ!5#3&e?F`G)tMNwfpxVQ&k@=IBb)(KS&4>tB)oe0dA`M>7#anA?4$Rt0WlTK!wX#U$xKa+@XQ+m*fGl-6(1=G;sf zTTmG;;f&5ZlqeQEv~(j8@N^m5eb_*>MIq}oLdMDVEtSn`s% zPam#!(QRVn8(qH1)wmVEd0l4hOyjq;+eqaU`78ZFZ8W|+k*KwgI!fDq9v(JQSR2uo zv`m@YQ@%_RI*h{8p`V6op(@|7f1 zvt5#QQ@kvv|5--r0qR#q@j5^&xjw7)cm8_eo=qlRX=!)l&Lm;y3~`geyPtEZ&ibD0 z5TH)xlO3_R@i2G#SKd!@(xUtjR9K z{m_%rsIWm1eUB+;2{t_Xsb!`?b|)??Q?IE|S7tS+L}>Be#Y?^oxr&=Bm#p*Xy{Z&Z zd!5%OUM(_O?YND*-d`d*)LRla)^h54rjx485*lWPv23P3gNc;xR-73NI45VXK5ND2 z@OT_t24#%4=Z5YDiE5M<3Vi~T<^ISWp5yAf+QzylW`DjnJHTFMRB$~+68wkI+}!Tg znGr$t7;#iWvMKA~MonY^gg0^#WuI%ds~uJ;pk&h=1C;S`DiqKJnK&^A*N6P1s!o@? zuOe}ETdryOVt=#TFl0#xcVZB|9d*UQjR-7hJ#squBB=*vmYgR&>9c{7q20qIjaIAP zFE*bJnT6`l%Dtt9r*dBhX2?5%zx2{$^Heoz1-el2d)sE3ktDpsmZ<8L?#`J@;)V)i z3uv|UzEY_!w7Jmur~t_7ZIq_}6KYF|@bi<>&idv8jY4#%gVvK>R~Ial4P!4EP>MK2*z21zS?Jb~KoC zjdqwf+fqy2*#_KI*5OVExrw!5xGLEM2u@M4WpV@`rGA>}|I{)1nF+nkb9RAbWg;Mt zQdkU5i@RpXg6;#k_QBCbnMZ5tmlZ)Rjeer3;La)?AbDL#N&e9`^@$@eV||)tf*Tg^ zA+eW6KMx@>LsPD1(MC0Fw9Zu(X3gb5%5N?J91fcQ7$oKqkN@l=553B|^JG4SglMC) z-8ed4sqZhiYKE86sqHU!U4=DAZ481tB}F?QyAdc<4f+)^=7puyv{-s2DA27ZKP1pA z*=eAGD3Kfwx*u4IMX!Tjzs{qlFu*`T$R(e{3lK!F0is&W^G(+iuhe$khNg8p>fqr1 zwF-0nZ)!N0ICfWYSP?BBx;ctl6Th0EwDX{prY7q9GP z2OoP~-$&++(zyBj2wU$UH4A4FJEC$q5YT!L#&KPlGV~yDE*5^yQL%x`7#yte#dG88 zjd~}m-%#N1=$z<+jtF=+$%>6`v5dywOy0O8?%5}mCS)pi+=-=`!M4xumLo-E7A`Yj z?>DA}6YbS_kHYc~<@%ZNv03zGlKS^HI4|y6c;LH*gJT@Ez3W^8S8?d>>uSx_r#oz7 z+vMq22oe&PbUoZ8;_78GU(f3oYuh?S&Os^X)Wqto4L;uf&4nb&%cS7B()rhIT^4!wR>}E;PMH( zl4ojWKfkQxKyja7%UTJvt`KGAAm_57$2+UBJIY8lIfdr9L&i|4Q;YsMN(-|E+;(nO z|3|ZSY6g1EmolOi`^KcosT?8H4B+?UHh|vE;(iP-$Y$Z!>dr<-6pW6QLQH5*uPJZA zV1}b-t@$G35^A898~5uYwlq46Q;d_p5was^vA?mV1f32l-6|qU#d=Eqfrq(e!Clle|`d%mbC ze^urSE!Gag{NAW!i}a3$yo$Gl40#cEFVAoL9N^iZtdl>w)VZ`!0Ciz(5RS3qyt}=Z zbDH|k@ue}=S4p{}P;Z*_j3=4*NvKONAtAvjxR2w7b0?EtC9eAAYmZDkk`c1c7w9uxZ#mm5 zwMo*ThQc}9D=&i5(5uJ`;0(-XQ%#hO+bjt^Rs-g#%K4cTu2nj$+5jQ$5y*I_k&rh47JT_;XtXBdY=s6A(Q9ji)1-=uLMOzO~5qA`)y?H%A$_*|~0 zCkPr;MVKY%d#q6uET)&fv(*Ur?rQ<3ncWpuza5BD%_@zKJ%xi1W?e65wmJNT&++5A zE4M^rQ0RTk8~tXJNLy=GHCO8N7`Py+qZp>NKp&M!S60bLA{LkiKAKCVd%;oaSySCr zugx#J+Z3KkV;&ha4+)0y$34Z{8C^M!m+9E#>;W%$In0=dj*D^kd;s;V z@3lVuem4U{n}nym@Do?rl}o~bgA*Rp`fiU8VI6*<+ZkgbNGKO4L9^JD?C&BW+f0I( z^6E-R*TA08qcyLLX>clLasTv0^^cWCH@=oGMcsqTXdU@f%EO5L|9* z2EzAwZ>^5Cq$BcWt()U%;>p+2@e`>T796raCsgKlmg)EQ*WzWP8h<8z=0HKcX+kRv3YZ zu!zKQg^w467=AS7t7+TyTfFASe#cr;5eB2bMbvRkk?m#JoI-G?0ibVt5wy;^zS_Pw zWI*dcoB2juO?mH2)qy)yG<1|p6$g@m`lycjiN0mAZFh@(&GZ zjm396@*`}y`}p)UGjNPMtm0Maq)mHF1H0@wh05aJSq#A|p6Jb$mMhCG=m!;i_LoOw zqME`Qd8FVo2>vlpccdlzS3ju=%5WtK{QpaY9gwRBKzke z&EQTM9N@=rXJRLGKEHC$Fy9@f9ZSb`BA>A?_|qbfSmW)jz*w>OaRer-@y0xMky;WUD_t{#4hM?FXI;0faLfA+wbf)_O5ru1>EgzA>TeO_3c`|uo%(1GHLFxpfSqD5422`(2I z>Ez!Cnfe&*Nl1P`u(_P2ofA*3y3Ewy5=;z@ZB>{v_#Qhz)8b(w;WgjPdo!QSpuA`? z282NlEMSL^HC?NXNL0G>RM4#!R%v7!t6{r>shH<)81QcCsAyWQDA8b@PG-0?SKvRn zDEWcz-$cO%M6xRF&I)lRLQD)3(J&OL-k$xM&RF*%FsoV@A;u0Jmfv;4XEf~E#daX{(KNJtf;=HvcHCMfmkTqUP z2Q*tcIhD&FO*P~5A>J+R{na*1LvbUAkGeR zlXmVJ=9Spf-F~xw6+TJmoB74>H4!~OUMnswZwDZ18wm}Vl6gwVetf*-;k~$~$`Ctq zaoq5&GcwvFLM!q$^h7=yJ?*FfqHl<;iz=l97pUDRCT&@QY&q=2`;&y1ZhGq2LkV%3 zZFEB;5@Lt$J4F(y#Tmh&urpn}gtX-VB`@KZ+M?&-X$+Uy)7Cnfe^hMlfPGO#1?&q7 zgll(uT@#fG2n2N94!MRzw-?uPu^4jj%=&L zILwWL%hlTX2uJCKA&Lf7(AZyIw2s%gHQzpJxu}AFp~9!LJBe+d4Fbx^6;S3EVa;M~ zF>C0dhO<09LJD@Lt7vr={MGOs>ck3T@ziu&3bT75aQ=RuPjt`=KHnEm;ufm>tEPbm z10>uZ(p^ogE62{=ry+H<>^Bg5DQwyo0PL>+wKdo#p(4f>75>jbl2IrYvufg2eYWt= zH0fc3|EmQExe|Q}a$%M;zvO<^DNq6_Lo`8j@3xE{oO&5zWKF&`7Ry1vb>->u+k9_Y$2=0V2`2Uz{N^FZL#``TY-D0I#O_(jQ2A zZsDAmJJN_0ett{99bDw_ASR`SQsbx~2?am+5<-;1z-U6;*NsN}hT7^_ko}YJG<3rJ z1?Co?2v*_CW`)q7RP3a8awgQNIP-KzZl@MMHgo%GV(`J+(tmn6c3Pi~_e=^fgL(`O zPhoxG%PyF9_l$DjI0{eb(PYdhvj;qu;5{q9SQF;XXxq2};m7-PQklQ6!N>c0njo0A3)cFmr8TsD%P?%-iBGw(Q;IXc?@Q3gZ zpKJ%6?Y+FGotz%*bAy(s>7=#mr$t5limb0R4+`WjWH!EX>*ZewWG2qZKUZrJ0DEDR zUIcw&m!Np^3wttv!V;*lXe{2<^$9{66n22Z`b(umKt7V|lkn!eArZ{;U}E3HnWD|J$Pc*rdUII2NbXr-vVzq{pTnVPQ40nVD{05S0TKri!5VR1SnFkgsn$n26Ux1XV zxfM7FDqsFs_&!;AeXcAIc&g6K}RUd;=v_`D9GQr7qFHx(LBx-K8{2V672zM46}m9 zPEv{_B%=$nisbOA9U#}5k|Hryfe2gn|LRv>L92?Q&{RZ3=@#^{1oBC8Qqk3$4V2eH z4`PtNM=R(29HIEMozIKF%Z!hQkFg`VzS!%&RJby*YlV}$g&~e?c5ZSodAATljq4o| zW|M^lK{Ht5G)JC}A+LTmHN>z9drv(%LYkP%5DBelv6j{Zg z9M}V5BAAj`Yu3qVfO9LqUw170iK`buzgq|Lg;%m?HBXM_>KF%QN>7bH<#j*Y508%TFUNX%1Zm+hbH}DGf>}BlVkX*<73PI z9&`u_a7>y)T#?UaedO4&G{&dvE|*zIM1J_wuFxE!Fz4jSE>Yrk!>t-gE@HJ?U-_Hiqk%7~tuk&QLt`((k)}3$|e$8_ImNmoL`0j@))_r zrN@y*QS3R+!N%QcWp=RCwtY*PBVv5hNONqIG3U#g9}{CsdoB1<_hEGz;kX>-R30F*W=1Oa3v5bN7>)yC2=OHJb zuy#W}?GG}6`4|pS!HQK|c zk_tv1=3;3D_-R4dsW@OoA4cA)Po^_L%gD;0f31*W<+$ZbjROgRLSucr4+G!pCr-LR zW4t%II_it!bA^Lxbb~{90vN!6eRr~M1DyLEPpmdzS8WZJxqIc(=X$*!%FZp(&_#j( z;gz3HLMk2!(&`=Rp+P{O8#gcRJxMWA$}mdJ^z5^$LTZeZldo-wFcL2O+F1(zwk z-ZTon&x)1WQ@icRFZQHWQ*u7bF`S*Cw>AwW?lqWoO5Y}^w*y#`A$X?@=-(D-<{JL* zA+sL}7ma=PT^FYS%CLVMFjEp02#1bnxWFsXi>@oF6X0!u4_Wb<#!m>zyNslf+=Gbv z*G+r3U$!d#4dEl0OCcxAqh7lSL!yAv`IvG1sM$lc!Rl5&Hh}_4=JIVPCb?Rr|C6(A z#0C0!9Ol0UX;4wzBXuaTlfytauskJ28T|_O!${hefVxJavlp?o z!asZd!UA%J0-)OFH;kY^ZcejX<5Pw3X1DK^h0w{a)Hg!l%>1QNIn9WFfD(tevknNf zm9?b7_6VD?qzA#fyl*wOHTs>PKD6nLDb#djlE49%FhWxvvN_LEw>Js4|L+kfLiyWp z(H$)exWix~ueCTD&5Jvmi;CCM@EmJ@Cv>{q_9AupDoP0Eua3ce)^; zQONa=nck=%xDhcOVd2VITJ}Ut+r*uYJZ*8|26c;v91A>SN671^C7x4xnw5E_p~G_~ zdZ4iM$*Gf@rNlizo{~-)Kva!zKuM59$+-lQ!ZL<*3WJ+}12~9c0h05gWS^KXn8B@b z5-SCe$ZTCd)FYq?3|yOymJF!XcXQ(|+umL^du0mq{*Ur=&!t8^3BdxS{{UIGVc_zimih?d7cYvN6P5=4FH~jX#2_Y;T78$g#aV%VKyeYq5{&zf2}0E zlqFi#OVQp29ULLs>)kfhbs>z^vQdSHf4%)gKz!YE45TR-9w^EC0N{exWhW2ts^?Z2 zPg>zH*^dg!1V3+}TNk<}$dU?g8%0$$5-)t;SqJ~KjcpLn3M0~}G+pr(Jd37v@&|B# zxzt>)g=_)&^%-x&8~Q_$B4%hkTg`dx*i^UE*%kAoaLb6iVWlvZhWf>hh{!x!vY64c zve_;-^AV}d_U|`~SAP{Kr%OszSpOrC0=NpWa4M{Ql42V@y5_Dn7RN^FLv9IVDC^-s ze-zgFqUaCm3!d2LcE`y|kubxLPrl1Aw-6W>?o%ZSLIW@r@J}KON(56ti{uAZ!sd;| z2T{V7hK>Jug4dvuDA_hd%Sb;srxThQ=eEXJlnOfQU_JLBze^*Bqv0h=Awow5CAZ#c za20QVj?SE5td5qTJmAZmis;^NUxLeIm0H7!aMS)R$TJ%A8aN`w1ltK%@0rQ0usX-< zcTS-IF0vJk9PZWvdmk@h7vHYW3C#nK&vY?NJRKsyMO?MU`u%CuBY}PWMyUM?8i&t& zbZXyuje(tY=$5N)LxpaG2d$~%r&D-5cW6o&6IX0h^cXU9M}4H?%Dd zC|9excWqdr(H6~ea4FnFxDG>d7?h_rdi)HbRGrINX=%)-;cpV-<>gkYdA)5V)RlJp zuQ5(Wwte}3Bn&F(dx>4x#{6VFmWW`Zkqr9ZA5;|@-6#`}Dhk3(m?{^4x^ za}?00x?Ry=6@R1C{hJiJwP<;6J7G>p*qC)j)8hj4*(iHGJb2!97>h)#&)AYY;ZvNC z>+?ZkFoDL7!6w3u;P?>IW#askb`Mz;vhg%-=fJHLm+^NvhfZx955WfbeshJ+!}EX8 z9-6-uSWhkYT=}_|QKL`b!PuDjU?oU`=ufgzU{%EuCxVPxqw#|eFMjgt#fIKkvle4H z#*E_Nw?fdYHE*8*SfgC&nT!w1l0Vl2yNsIYHX~bz1>|V0>?R>bi8fb5*s~@{c^m~nEND@}c*O;UQ{I`m~` zD?z%uS=)`Wl0C5^Q1#@EP{~fFt1S7FPe|pH(ejod8*B4x;0B!n4#o z7t78#+M_ePtU2~ud)!fWtrBQ+x6IY0mk%fj7Fqwzme2T9K<6VNv0@!$3sX1FnZ$yd z!)JdTVh=2)8IGKj3b)eB2MOy|aSCATW4)e#^}Lvh;04|%D(IlhqoEx<0>DbhD{QlI zUL1DAfuGlF<_YD^A-%zVv8@B%c+&Yervl_{CSK<=wo^s-tPM(9Oue3I@K&AedlqYo`-+GP}k;}iRw+k=CZyrus}Dv z4-lknnq+XySl5G0(thci|5kbb+h4zc4Sr2;u%MYOb0)m{+mLJ%V~dXAQxN0)X?@4j zB++)!w{v314+4?V<&H|ow6FHJ4m+0eG`i)lnm1X*2&$MX#q*iO!u47ImhlUC#)t1L zlMf)#qXK#eutp8t?;fvAWUrNR@+;d+8tL8zHG<*SXIVl!U7%uKN(J~nElI)Qa#<19 z>&+JRH?9$|3EO(5HD;*63`0LvWXK2Y3khrEB!TC50KzSi={Q(k$f3}HcfWpa<=@#~ zKtiY|SClxL2}NVRca`i-=6&0tDFwR8e#ad?Eb(ft{TI;m5Bi})4o5><_ryJK0aj1o z@RfKCsIzFCrH{2cK1JRRqq|*z{a)Ey0s=~>bM{s0(!C+QY^|}Q$^S-k{dqg@_Rss1 z5cw}*(m{PnB#@LhKGS&4u!nZ-ySy8-6ujzcJ4RayDYiWu{M`EZwDo4*K&H?8smerhq<4Cw zMILN9!YJuh{ysByI%yy&9vg~n6~F(B8de}h4-Q*6!Zf)Y7#2@~7V5XVp*BLj<^cm8 zh1$pw?;2Ot*`6r(Ix5-M1fY50_yP$EBF$+$Q#U2Fm0-HaGI=}KXqY%sKb5qM;*9># z7h4Y>pD!#n_ua*J%pjoOW--di%#k7_FwObjO?E`_{(e)U4xlt*Q438jOZJ-U=;(Az za0^xWowgja37z-8<6j;D@&gv=egx6EA86;>Dy`_h&8lnD-OpFxm++tm1n60ar^RKA zc0Jf?+LZeMyBW%M)tTwBD!lIjx!V)If61(P0d(4OAu#??-!Hb&i}gH1#B@$&?f+UH z(p8+MB-`maoToUiUoB`WNp^JLLb7L(MR?3D1=NIyW{=}DF0G<`D0ky-g89t^-pN>QXDYu6{Qf``#)e*OyMaP^jh~V`g3DMnM9cE6 z;I&@#n@7FSux=j{;fkfnO(?b7BQ7ScjiYoG?T4u=>~SSW=H=G1m&y}Z+V5k|93fq8 z*6Wd1UuHp~O$NLv3H@bs*2jMr+v$`a2oNkII%g1F4_&aeVd%s>2VK72&?wk2(D+bE zV1DXx4%hANnaKTQuhmB{!oGzX?_UszV=3$vc0(k}%6b2QL~mr;zQ5X)>2VL$R`fE; zZ3dtg+WLgcA!CoKzv@E^mS4r3Fl$O@HMN(JgyUqsf3X~AFvn9f@UgvDdxhVE)WfZm z>bwN#J^GiHUE?B1ihU?l_U3t)8+n2X$Qo5EYJx!_J34o5r^L_DCXkyUm zjM_w!o@pq~*P`jG7t0EjCoG`rsLq53htqhzV0ZvAv*nqZZEw$i$hW%PSA}!hB4J(L zva?_BTVBa+;+FrF%c2|530w$eT1<4(!^CJ^z{vxeasb|pem>v9Iy$dz___xodfSQg zGn;nQM?d#`2y(^`5v8|Kk}|7fwPukNzHiki3@?q_s-NqzQ-5HR#X1X}n!SJ%iJSQY zjTupMzktP%o|C5?F`7_b@sBin%VcD|;s+_fZ)S&rhlEx>ww3)j42+EB+UM&d2nZNW zwd6^H?bjLNN<5a+F8ErF$PaBXMM)w{nO;Bm>ZGHuK-$S|oZaknJ0#fSa;u^!V%YB1 zA!lhYt(lILzH}awu7@Pzc~#x@o?0J5<=bKl`lsjyopGi5MeHA&sM*^hz|5X=k~%jj#JSq|3)I!P;) zo=$wM4k7jJ%v21a$ya9ETj7^h`&(1r4_h>|vsn;SuY0ETS6^BRYvzhge>&l2Y-fR< z7)qFLe{TY&h@ro#1^$KmpZBr{IvMhD^tc2~xG*!wsDb~Yq2l;yqcpyE6cQ(UY&QS& zDYDET9P%XvD+BK_F)NFL71i$#8fcd@U9!8r43mk`yZrTow`BObDWL;-PPU}vN@%@c zxw)c53P)#a$j?J`wB1KBDlH~Sn4gYez&N)CMk4Jc*|puA%#||1 zl`1zU-s+zRtlK6zpui5xP{e!z*8oSo2x!@z01|K4DNghNogiOaTuKb zRRSA6%hH7;UR48;z>%qjD=xyl)PJU1dOEe!2wJ!5{-~4DK@SCA9h}tK>I0DIi4x3@ z$y7&2p}iS(PA|My0+x9@PWzKlKHN(>rW@Ul5pM+ioi=FOf*D71Jkc}7d(`_-uFcSy zPTZcFNG7+NVM>=vm<75~9Z^Qf!{McT`GWW;B8XO-ZSiyvKYaFHN@9-6wC#-7#xc^J zQjUpZoatzL$$~{j?M~!Da6aj3V$5#&RbsVUe(&JYJZ1g;qmSBCaObOMn~7E2mW-pq zB9!UFhcmK<&-Q_!D(VTt8acQV`ah4t_=WGqB6goV)(QENURMqNbV*^X=Wb zC3LjStj^<`(~oANB%w(}9uj?)KoJQXKBRcGFSyk?{0eJ=l4{YF3teOX3EmyW zgKLW1EaFHnt2x56q92=5Xq07a2Y`Nvxd@yK_{!Q>$3+wSe$US7<%QrK$#AYy>$~^( ziMtB`Xl4~mTCoV=bZ2XeL`_()#Q#~VnHsAMzhmx2f4Qv4gPMXn+7v9PF_iZOZPtkf zte24%JFyHUSOU`UP*Iip=_mmRKrQBEDO<8Dn<=;6XepG12rQ1I+u+%HzeTQKSmldmqi)Cd}7GACoT@7mnr2j7C8*mF(vJX77USafu-QTtw?&aYH8 zMif&ahGXCpjQC?P%d(GVGBDGC!RI?(mh8i7zraZV1brlCfQ6v}NgY}H)>P%#F~XPh zNi-f$K@2f6Sb#IV={ud03|DNBsd#5)?*X|Mg`#=*h zbdpV;o56+a$*r3PKJ2qs%C6-iTJ4k@8r4HR2Qx$>zczm;bE(ya>!hwnb&IUvT41+X zJ^1L-*ib7mD!J2=bbx7(7l?G6NRO;eLcZH**9qt6KhShi;ltp%R_-PKkUJ{`7-Azn z?Oz9FU|p`3QX=Rz*3nD!xybl@xIETgBR(Z_H8&Hp!?cT)>}xs9bgp#4DnVMt`E}(F zXC5oAL3|N^ot$XKG_Brl<4v?Bc}mW)BTzVbGI=#B)GqKlxG>>laHuMkJegztw65q< zLh|oe$)orBFGyBp!(g9nd_XkQN!BiZB6mtn_6&Dn2(Z0>Uux8c5GG5SV}4cq6-Vs% zi*A|AKhrd=$nH*XrY$U%hToCT!dV1>Zb2Cu0;Hh3Uy@J0p8N1F6Y7Z%mdYSW57qYp zu&)yI0YTUaYb~gxp_gFPuUyI-sxjw36#U+cqpBeI8~s$!frI4TNXNfakpR*A9KE}K z6pY|>9bXZ+S!;66uATFJSifnr9M8BIU2z_FzFwPP;f*$rv5ERJhDw})p?5-T-aO`T zI2!68!}OjxH}4Yz-7a_V4dzu2BEIcsn@Mq+jBPEOEb)D$u`(XZ(zr^mE;Mebz(Ql~G^59%5rkKMzsPd!gsnNqUNqQ$A z-v#_kuIbmtykepD9on2yr@(5()Z!RM_)G#bzRhv?;I~EXJroce@G81a3+Lwq2}UTx zkpq_howk)e)B=T3CMoSYbapcdyhM$w5~zo&e4hX|{a_ist;@5nJ- z=V^ak8CQ!(ZZr%VJaRdECin+n`e;G7_8Wf3ll1HO&T9xnpL*A3MD6 z7u3JdALF@ODpY8n$FkKGvCghI8bk8Wx!Ba}7jh$^WeB8PK19l3h>r<3lGgjcR{g!H z+qOQQnRmbUg;V!|L+Vd-Z6z=o%L|s4P&ohL43MQ2cH*ZF`c;z@*WU^Q^Q1OJ6%^k2 z)C~EjJ_aZUeASz*N-XG#+Kvzt@j)xz!k;Uc-4XXRy~y3Yo`a}-?RS5vj8YJObjynP zfLCM}q6 zZ+ExBnzc+ROd5qV-zugL6?eH=QE`@4PTedaeQz*WZ(-Y?NS8HrCMzAV09_NpPlO~Y ztxM!%7cpyY^BX78fpKcz1S<%qSLw{BDq#9|%JU>(;qusNuaTxxn^D{F6s4bhKjp=M zSCm}Db!G@Bo~GcFMk2HL@n@Gx=y=h~-6((j|fXcj^mRC&U z?tRcbda$1ffVwwiSbV4FhCIcc*N;VPx2{umU++vl$Ga^7DrGBl5= zuj#i1Du1|hNp*s$5wb8D*O71%WxqCPMMm@}z2>>sQl@xaJY3UPQNPyAypQTLo3SCL z2=4rpN{3*VeoRe0=7l|iji(lSLXZ?C5$hWDLNE#0Nx#Z}APug1fcZr*6z%c4GBKfv zc%ewVLM5P{8Sc%6Ben9-8}t6NvcO+VEcRHbqqI>1nBG4x(m$GnFiyTD;HV)?7csz) zmMbw4&7vU2VxGyQpg(xjV35^sALLPN?fw=RBRURa)yhAuN4K|YbN3NAlnO?Q&Y;(# zCFon5so&E9W+RXH&tU!k45qgIDFMgi?}@vjmg3;(sMRsn+f9W}ZH)UvGNOtq+Lk!p zXF?4jA_U6DoU5PCWC@pY@Dl}ZKN6b{#}%Z%(h%Y~_A>nQGEF(!|nk#FOzWg1s5-I79St*wbjys%(TPN(mw@^k94DQVOKYPt?qiq%#yFV z{Jx7OOn$2rD{)FJK_d9nN_O38T^%N?X>mbqtn?x-@%FV-M*g`5{pr#d#1ly@ZrCt` zccs3A4eHqSy4g+VzmGBiS?`ZsU7Mij@G7UyiJM$}kwbPW#^o_=wDR&0TeTf=7proJ z1HLD9vS-ObbBSlKSLHVuZ>X$nGgQ<=R`TtLk;j&tLoow7{7!GNh#DB14v}v@hOe$p zL693*BpD}g?v1tG&xe{v9$plY_%66Q zcjgNio}D-X^@e+|Zz=8+y-8V?QS$R3BR{&sYFW2E;(qZ+B+*TZ%q_`X`2a3I@Jtc$LZE(np5>O+u zBEMX=9z?#imj3hqarNDSRKL;x;o8|V`*N*olbOA*Jua?LcG)wd>@6d%9TAz49T#Qq z?JA?lx=6AqyWgA7_xs29_y7C-jPsoJyv}*ffrZvj3LRd4Le(d=Uw=547I6>qr{(-Q z)&laPpiJE;G&=ebm-P1A>0x}Ln~7_w_vd)6^)%rdrqum9&ZtzICrEYrl4u5pqgmys zHy}e$7^{%wexuapkU{UCHhFhd*K6%~s||X+V_0qM=-zhEhg49kt2|<#7a-_#z0$sa zu3AZjU}pT8K~7H}Av;LP#wV5Vm#AJ$NUG`h-LnAqC`ss3RL2UMy}2YS&UW_TJ0o)tPke{`#ob=Kb6D`*IUuNnGzAqZ}M1Jik5VfU4Z` zL~Dq{pTAtD751h_0^9Z8Uo9Url0wKwbJ1v(?-d^={KJztV=c(*8uLmx-RA2y{o|Sx zOnvd#^M;eYDE(+HZ45SZu6CJmYEQ`d%7UHzTWZN7F8EJfo>}W|mSCD@sL$JQ0zCYf zz3nY)7B+*VK%5ay%AE=}1Q)iIW0jp%B$Q_lcgVPnvP)voiB zgb6}~ZS?@92gw{`#tyEpy|kM=BT!)WX5Ri$yw_<{5X=pYiEvT@0t7Nxa;5eTdn)5> zZqt?ZBaG&rrhMmKw>HG)leF!9IklI#^7H}cuFPkB*+WRc6i`J<0d_HG;ANB>eO+HT z2nr4wcf{VtK^%%fpP))9?vp)2^{&unmQ*0rW%Z{Ig^O?0uC5%x9R9m^DLVYTt^|SV zni@yaM-Gq8{ThDEy3cMR#3fq7`S!AMHxqM*>%{ibCL5c4d5^v10)tX6)MsArnT#O@ z*rB>Ec4pr2FDC}=@2st&CYv*Q@wX{{g*iE`zljA2Km$=zkTHZgTY$=bMX=z=7e0Xx zR;ERQMQDiYXkZPYS{GRLSx(5_w7B@uiu}ryv?*1_SO*@;)$?UfRzbJ@5HHUzi5(rS zpo9QQ2MF_)b13PYYDBc~=Nv^*&5gd5^QkChyLI>MeHB znGbOs;4T3rEX&0p*4DaKa( zn!Qtst#Q&t_Z_O+&f(hd0EIXl`!p?S`H+6^tY{exRips{d)elo{ZYvBugECbYUdQ) z>wc+N$RtLUWmPYTJ=cl|ldi&{3TMltu0ldY9H_Jkz#l$MLumSv@FT`z4pE+=wm-ON z6RwqyrRY1wiNZ6R>NS_K`(%p`>KfDWahnOWId|6BRc)ty$y_*~3CLG|aw7o29J^%T zlvW< z2jt6M_$o#Il+{8HJV1^d>IsMXtqj`Wx~;s|GJ5(0%l@0fG`2e(Q0>T8r;=Il-EYow z%uHK;$-ip_f-j@7{d^K6#@N`+++6frR+r#SxD+8KDq$!kLWUL;{fTs&2WB)*OH9c1 z-Lb2fSlVV~2q~?fz3lB%n|$4(%V7=L2v^*RurL;q)L$R+ZN0L|VMr@iRP^++v5T=F z&V4QspDrsRBmgJJy1X_o;F;H`^0X{aCRL$&>V5vNqT5PHz*p1j3BS?C*FrKxc6Kg> zA{!p>5lG2f>a_bgUObG~!25hg zjFf}TFy$SW;g+`iw~uGc%5W+BFoP0MVAgspre+!6F-1?ySo!nL_jtaII;EI6pGX6? z@hQ{V-c=c*t$uXEL-48nC&oR~c0O4SRmHfBLis()>Xk7}y{s|+(-dVbv3S1SZ?bER zkB(TDA3kbI3kGIjb4oeobDQk*Vrj7Z%j3M!(_&{J-rn*ME(Kc#@kBnY1d0uE>WP{o z5KK~^*C9D{>8d{4G8tic%ZFY6sCOsic=K3FPNE2fh>1xs5IejXP;9O^wz{<=!52Z4 z_zAkGdrPcrdekm&dBgFN%wpl}+j14~-mWyw(gXqK$%Ff>jxF5fwe=b5zb~2fWyttN z98s=coYuzLP<8>B@IF|9yi|wu`SmJDwvYNJF`;7o=ZNBTFSV^?L~Do=&s>;K(W{U7 zFUZRXR<^VhUo)ER4ym&eGtJOdal)2GbDp;TJn+}s2ZP8Js_rp`O>tKtQQJzOdBj>~ z-%=a$m9p@+Ve%q0cWdfS)*dx2-+A0gb3@xC;^$Vb@5nYm@Nhnr0h^t-emtnSWkf1OX++rBSW9`XO;e`szXxsp##%{9cY^FAfb zmtv0Aw7rHx7`rXuhApXd3fiyZ@fagAgo*Ch9^O}1jbig9Cq_~=csy-T zv=5%~>mPU#&WOM}IFc4|gE;q7`q}m-Q*aNg@Y>_9j!1dYVfK;RfgyqAL^(D|{e8(7 zVUKf;KXS$M?HrMP99KI~RpEywj;T56>suI}3$cSBd}`QPsvqra1v{Y8M|uB>&K zB*6VfD)5*;V99FKXPeaU6vH`T6>?UFYFJ|~`o}s~ZtGV63p1o2jJyab z=#8NHrYc!$YE#(BNn}G(rB*ePk`AFwz&@yBSSd1juEN%kjFH^6K=~3%-g_EnAR8?t={;>C&A6r|8btr|;C^XDbg9hGr*~_^j$|@`OqX_Bg!gZ->#Vv8Z5g`-}QY8E2y83QBX<yQ3E=k zl6BrRhCHM3C;2v3p>t+wx>&)c_@z!F8Kz-O;6VX}psT;TQ(G^YCBg&D;o+VlpU?Wz zK91Y7-2CA-TXc$P#FBJ?P6E8O?<>R$cc3m_Yoq7&%lGC>e?#fySw&fQy8~us27pqY z@T&ch^?$m9TOx(aE^(D~3G`(ep!=fcUo@SP55f+D`{X(nyxJU!G=o>xje1z!21#J^$U=C;PHxm`mna zA?gk(&L`8FL#HunB2X0=_D*K}U9Uxl-w;90@wbWdTYxJOxLO#DP=&v)V?}V(D%#hE z+D_2#GR&21Qx-=j`9D519DHg4e3w%$Uejgrsz+v_YA^|1TAZ_IHoqtOgkmDw?^_jl zJXW0o!a&c-m-e3LLOV**ZUCBbmQ@celIT6&cRvu@dptio`VZb;o^IL;NlZYZ4(FjF zP~9#fQj&mK3cIKBdm@{u!7i1K@(YqW4+kEY6?I$Z+>sKoi?CnaGTK0_tFcMtr_rPj zXDene4AO;3rb!nt=9)Ar?xIGv6+}9j}cQ$47&h}hE+0|QVm*7 zqo=ci8b{ug$6Il^^cJPnF)#2@QDv?YjQPjuN*=HxwxtjdYi6`sXaoPtNN7Vd2RNw{ z>u_c8zRyxK?IWOUitDZu*)t)22l9K^zv~(&pV-=EPNF#Rp0*Z zQjMSVpkkqh20`+eDe4dnhbv?7-}x~39m=|Msq!jEs*?b~yV zcemO{2ps%JgmpwL_nIHI`j#kDOW(D3KB(TN7i!$! zxLn%gimj{n%UmIDVhEIfug$1cRGcdD@PU?t>&v=s&uAX<6*WtVQYiisS# zo_c@loNbu9ij*E}Opt_}sC zHC29er0&8m&)JA_L1b49@Cfzr`8TECcW4@YZ6c|an82RqaTY7{j-;77#W@8kMg+C7 zpeD|&l1C)TB@Y-6gnKdfwUO0KF0k(5R!kq3g({YgQGf1$%Vy8PF6x~CK)iiTQDcFj z1>waf5}PJ0bm4xdnTI8%Z|#+tw8U`!K>yOOJzSX5I_%y%lN{8tc$6WsyDgCzMlmP! zAN}4AC{cwRpwQk73p5?VcxV*S8zD=3!!jtD*H0Xy26BQKZTo;NDxas*&Z6p%O`RgC z0tvcX?f2Tw{S>W%Ig)z!WYS*EtPVI9JQ+X2EHeD^3V(}Lr~Qc-mzRnnl^iXVZZk$lFGelF_vQo-65LeCLmwk90H0NjoscGi`oIT}ZE``|Yea~>c+FZqRG zs_*zk*tL0KHY7@`WN*$NPXEeaPoXFAQ*42-<;*^ zN`^jN@V1R{##=u^?lN}y*~vjD6;~xAo`91Kp1np!re{8CXSCx+3=b4;>Sz|s{x zNnV6NXjG;{n4>Ss@@(d_o-K^HG2Bu#T2TP&p!-ub_p%>AggNmW_(r}Cc+sun{)`T$ z|ADC|#W{;G*!wbZDq>*b)O#gF?KctbmA7SG4BjHy7XCA1;{3ULUwVL6bvKS$+|5R{ zpZZbY{JjO*ghAoo0(~@d8>$|N7e#PJ^S{UNf}Os|5XC1L9I#(NhcX6RiAW#crODbP zC1`qF5^DeUv!Q)s@CuaV?BOj((NdHH7rt#bFP`>~w6>F`(q}h&}iGK@8XkN zW(wQv(Snz$!wIba=^>=psNKvh`C^-D8D!cE$%6jcXQl5F}Ud=tFy^Nmuc;_4iT$4J!->R<`VYeSv z05x`PIVJ?}Y(4a>&<-@c+>4&~NWG!wGW-^?BLq5>_+GIfS%kLakSQeBu=Rk_M@e_C zjUjI=&?JyI_fJUMLV?ZGhhv8~sOc<8+7(9E-jCb@^N?lw`oZYZj|He`I#h1IC{XGI zj7W4g)KFT5$HvNftPYwXoMf7$nr8pGS=`~i=3)vkGov~i9l||D~esliv`h9%zr**`$2AgWRwIDI!Crm0I69bzNT4ZD?6rjRBkfta!5}5&bvimoJOSv{pfT zddU1o($y6vFRCCBKmVzr`y{gw-p*2}8%;5a6Ru{OA>r~eepoiYO~VFIj8X*IrWi(fBdlcN zzKTPFL#N;D|EJ|#)ZaF~=dUl#F0VRMLInZ`;YW14jE~x?(cr7+DH%ta&r6FRz>|H_ zzK+v7JD8;&*Trd{HS79y{uR9uHCJ*#)Mf+W5~l`1e8B%)fFk`Qy`|(@kpnT}fDD;Ygv-+GR0XWtsOF*KjOTByFIDwKdc zVb-6gr#r9YG7xI#sqmjJSH5A;Eh|pwU9#EtX^^Xk;xbrkWpM#K`NePNj%r0U*m&3;yORCxmfx+hdG%ri;X7Q&g5?RQ-+ zjyUDM&Fo1lIKCPq&|$e@7LEJdMcpZ|#?$T;{Oj=I9!_S9cr{(|{pW8XkAy=))ECxb z#p&9TZ`Z0zkSDQGa-ntJg2JC!Z`M4wNArUNMC8RrTtgZ*r_bDo7%&m&$6|k;pwVM;0 zA5AUCO#VZl(>PO?FwAwrS1z1_W6tJQNU$+lfb+BCP*YIO?N0bXQi{^%ls?q& zBV9X}WK7q@-0?H|*Ep&V){v)fS{848sanDtk{jlW8Dd2&B|s8;Yl5uMZk(T6DRYtg zOw0#7pfNkcy82l~a;rr^hfPs*ejrqOwHBl*@TIvW=KeKdT@ZqQkiaq6-i|?S!-qror=KWWhJ;{M4!`ZIE!*6q5n9=S01*RgaT?Aw_P{`ro{}P}Z#wV3*eIg83;)`GyY&ETwME|OfQE1WMM&W*zZ9wnW2;+* zWUO(g=nw?^oA+G9zdZDx89Eqp)$TL(d(zm)EUD9-{btGqfZM{oKf>5OV-4hFoWm|g z?s0zBM)z5$A2%aec()R8G)C|?!!$u!3!U7YRu3s{@8VO*ID?gK=PaX zuz7G1QP08`vkh5|KS{w_1xpA@7e<$_GHI##5|+yy z;4O`eJD2LCOIazsc{`#^H)lHf-v)-josO%|R<4yP$G@q%t+OXq;xo4IX|;x&UNlrF z1T13`M%b`W{QPvO$5WaTGU?P+M50%xY5D5p3G}NoNViqT`=Cun$=5rIKflFk1-{X5 zYGdWv+fm`HYw^2>kJW2D_%7llgR^s+Y1{`4+uKTE`9ZhGIY&(Ml7D!ELtJ35GLCay zxS)*_ucM*A9`Ipl7AYI;=+^jTSmgzY->5wMA|t}|N?jr>+XQ*)-c>c5A;pRhr5N^0 zbC@KQUj#GTl2H6k#UMOw=o=;1&IIAGCFTUs$>YzEjNzF8qjPvdt;yPx$lC@=1|Vd?6r% z2GtVxKmkwcqH51d`L*Hlw7IJr>?z#;%+ikgQTT!WbG<2jucQBQroQ5q1aTTFiNvA8 z%VI8OO>8-miwtNbE@uf>@N~|DcQ^`2&boT9En#HDW>p(1Fwy-8dW#%Z0>bZn68r{F z$O?iE@eJ8W@+KpdC_hL54+m=(7UaI9)+R0&c^*bI7blcoRu(6yKjIMFJVSo}Sv@tA z(&r;8w1p>QTO=w!*ro^nMt+6^`^UD`giNlC;*THB+tA#|P{=qY76}#I`}eZAgTQS0 z360NHWDjok8HM%*@jI3yj#%09$RC1VlwhP+46up#=ZzN+z>_`Cm_ob)q8Nq$hWad& zm5w`bE-F&)HWOT8WcItVo28%jlw`fYoOerk2yU@>v2HlXM;43L{Cj&qYN>c$Be_`P zzsVP9|9p)dn}_QzaxKn)T6xtAI3YY{xp%Q+VKNe2stX-+gQU`1LUbz@O}&=Z!`B)x z*Y2FToI$afC@ErzuR6aF^zICd=g9K(>c^UI0DJc;!upQwkAi;(dsiP`{>c@z;zuCV zo#Tg{Aa4wg89$BRQz^WXf#!?02*A4V{J)Do?;7rzHbx~q>Mo#RQ<%m_?dI>Wzr)=chUqcRbcBiP6U zT6u(jW|P0kI$OK-B>6G~F&2n-+4JG_dB!s~Zr!48ta5WrGl45BTTLeT;*}8QxDf9JTOG~m!}cJN6sF6?<~Sr zzgI@!7eF7xXIUOdifCnv@(~1BRe$!DRlmz%^XEfWFkguM-^=a{bTlQ3Z*BifQOk~w zfu#{jP!qG5Nt_&lXS8&MT*F@<*C9CV6^WrT2BqB>t7MX zx3QBebUR17rMu5K1bu<73aI?}>-JULutGJ2N|mz%6m0ddY?L{TFnlUo-HcZ{vw94H zS0d1=;ikypmd9yJB{fudf1N0|phmQ*;_-;>#s2>1K1}igSI1g+uhXpAs%oVNQ*eT3 z>vOM%F$xFl4$vy%>^3@z3|F#BT-uj^`>T5k>BVZe z+GHX9yi+;~`>=7N{uWQ@-_wZl{RasTKxLJ_yaRW^P`|5RFB0?@A?7EQtYu*F4OKWA z_i4E}?xzhI4aXo37yN21*NvPSghkv%fY<0mOS=kOt0-lUa%N4Uxi~RP2go>(s#+p{ zjVwR@3WVv58l$fvIkt~B#eOyDpXnW}`X_Nz-d{wu%F+y9OU4tq=piY;Srseh%)D`Z zw?K9B`GrdRgmH}v;Il+YD8YsQetwANo#NIBqSg}>y^}c2s^{Qx{|8^}pMRAr>fN7( zb?YlEOOAQ1(u)(v?t?1$gXC4uGp%L0#Ptjb&@RI?5(wdT@amQ+T_~E|X zz;t29@G{J+SK($CnlINY-Vr`|C)W{I?uk796Yy{TxM6C7s(2xV%&8-$9KcDY8}*m! z49Lr~X*1BaT|xW52|npcuL6N#?5kv{aLoObBvGX-L<_;6&F7v1bVI!^6o$NXGmgSn zGGxM~*W*IJ3gU-P^*sbtqjC5bwCl8*`c_WBvvfKgBR&{6Th`7;VLeO|e|x=Zo9Z2@ z7*jL1n@B>&=Rx_?c&6T@loZl7!8`&`T}tHNM?lEtStb~&J2FI`K(u%Ful*0skP>(e z|92R&>l|xn%|PhG?r#&s^gbj^QAx+UX6ShwHx__m6bRGq|eO z2|Kxto6l@LUyj98%1S@l@Y;;2(SGnL(PMd}-Py*+KYV{v2RG5Ex_0NtWKa6*wimuF z)_6CFs9z_WUz8k=-;tlzHNRs~BqfhPWW9kWW0;*^^z^!PPXIy}`p^;^rGbn(?$GV7 ziz}Zb(YYQ_4HZuHv5kG~+sc0TmaHXFT_h2yBCIKY;CglxHcAmGUI@j}ySRVv)0T2| zX%Z7h5vwtIa{o*VwSMse_SmBD2n38X>kUADdZJFtLRMJS1aW_IJErOkRj3qKKZ=&nXSw@nK zS8}?qRX@(#M8mC0vGj7!r9>f2doNOvT?(=7bETzi)XJw~>iNB>mX;>2XAl{q#Nrt`MH8Nn`udaFM_{ z9+@YGkCErfV!xh89XPP@BqO4YY)@PbW19@R-jYxYh@#w5G5pPKMuT?_#fo2!-76Ec zBhOGXibRRj8DbhEbR|Q|P8p~$_!5bXLmh`cdQv6Gmg zih5VMi;-Yjj#sezrHIARE2I3?Bc=c$X>d1XIIG}9Waq&sy(L!=f8)FORrEoEqcB&LQ+UXh^uFJ++;SIQw%Of*rp}4{}JJf2ABY6468*DtE z=N<#}07g#FbM49qbco*K`o8|>;{;&EQ06_xa;Yl9{9RQw0YS@H%0R!Wt}$Xx{H<%J$~Hr0#+;pkNXP(_2}sm|}R(_lm4;D_;uC3<4~ zkmDQ|ske3t-Pbs-KP6|1OZ{Oits*R6&{CG?w!a5FUu-;CwIKMS@4qHNmO*XQg)<-m zU7PTFFu$4}r)B&;nS_XOU^eEvsZ*hKk%R5BnmQr01Ma#k&AhTV*xU`z@imI)abP%$ zIEIZY1I^$|Cuf*naxZAWy+t1$8}TC<>?32Yr5&w_K!o1?8>u8>|ETuOLPC}ZqTDxV zhDg}cO!AX|V@AHAo%+>(Akm-0r`fn>ArxaH!@4id?t!wN0LFr|k{@-yZoiCyHgt0l z@GIu=ojxuiG=i4g2XqFYLs0wZzlUT;K~!+W81Y97%TsX zJmXM+GbKM1r4Hm-RO%gFkJh2mvSzNfV_Ff(xZQWcBghTdST7U%%D09y{yGFJP9;Rz zEMUCEH?M|dZOvarPL4{ZLEg!J8IhxUK}~AZg_MKyI!tu=un0?j?MLZXoBZAy7I(e$ zxcFn?o2a!emQ86mMAxwZIt1=C;gwo2_;8x<<%aZ1zuLaJ)ue1tV(_ zEc+`14tVvd{3HrT4vr188t~R-A($$V2~yD|L{mpr;S9VLgfX4wb%T`Ne2Le8?9gwd z=blj$TS-Gud*>~A#r;{POi+tXlEGJDdhbo1StPZ<9Y0(o zqjIidHFF`mzup;lmKXTB@l;6WXZLHR>onhweYug+`N8bFpAw%vEhOupc0)FLn<%|2 z{9E814BQyY#MFw=I?2FxG?#m~1gUW5JL7pf9XLB&owRi7)7+&JAW!O6J%248ALugw zkuU02&y>%=MMs}e&5Cg)$X6)AbG##9R8P~&?<-7Pmjp_LPC$$^YNBsom|9Md)D?!h z-oyCjc8DWtc#m~D*tL#}w7GQL;J4@m{R>9RF*c3f(Ph#{!;@rgvnR8WcP65*cI6?> zmV{lrfcZXe?k`eiUKJ7+cMRuQE{$jpXh@Q8v2S1QrCsKlNq?w|oYsK9M%K8IRS2{f zNe7B=`PFJFKD{a#e9h*tu(b z__&}xFN(h3Bl|%-@bNe6@Q*KF?tOdl$EO#$Q08T`wfmq^clI$Wb}!{xa_j>s{6j%z z0-eWDwd}YA1trqE&#mfFk(em#|K6f`%+}OQPNx<#fz+lV!Le` z>A*J*ARfdz*P9R@BJ#LHhAqVU*zZNFp)w2fv>;l6Ngp4B8NvdBNPt4(~HA3h$~ zpLbtDqdyx-i1+V)++vE55*LdWu`Y7HX-T_iWHaFxI`;6Wy7i027gHbp;Ad^}LjUsJ zB(|GQnrqw{XRLPoK4u`+pN;%+8T9dAbOMJt-2Zy{S}wBIKDoS9;hal7mGOB{RnC#- zg1S;v6v;*Ph6{r-Tq~k`0yP&F{aK4uM~RDUH4JIS zdtlb2W=UuiaOzN09nJ4$or@3Eg?`z zWK^V1i#6y2Ael#M%g>crX6|S9DPVS>DFR;q+AJRI)zE1)3NRaj#_F1l9v)FzH zyjzQ&O}b5Rz~e}nNtcK~Ch6vs+p|*0fc>KBY4xb$$%0&Y1pWFJNbp>GiCg)hc_D{n z{%uW%_3TnjH4iFL6V={sk2^N@&!DGwTbj)M2S56B&fAr%EcdK@^?q5rH)FN>&<#M} zPe0#=o^v%n`m%u-{{0P?`0wF_GU(Fx+D2 zCm(^!TdZHV&-@olVjxIVf*X8O-ie;>sGz0pFc^RB%}Uh<7s4?+|NhbN9?o` z4DdQHvD1$ttlU!>c)_@Yo1jHCq(Jb`6|=}YSn;M-XBm1Dc2=H(q^AF!jLee z9ukGb{;`?FBswS{WHH!xxDn?Bmfjc|k-%&N*!G+hcAF;r&er`x_0ts1@e!$fM%qlb zfv;c5GlC{T^I1`SrWr}0xIrqwY5u_qH;ErEfqa&vWJ8i4d`0dLyh}+;iTE`_xB3K_ zT3mG01AA!{Jzkop7H1!?FxQ)e|0DAE0c)ZQo5_GWyY>Q9kT#wVY>ANjCi;!+)1rRm zlXhy+;#JA(uMP|c;y2L++;AXNNJx9Y0tC+g*7~jWT-9bLG>L1FfuU|uxT~w9#};QY zr=`HBKy?F?IHFk=Rzg}2_KJ#(P|cw07szWT?K{eFl;lfd`?><#m8b&&WUcc8xC%Ny zG2OR^;X>J9)L})+GrvqO+ni!I{Z`_U&Ajq_e}@QkfT_8m@f@PRUh$DO8SsDdM|4Rh zortQIK=_%sa>`xLE6zf0=4Alp9rnP*>hzA_EHQ75Bf7UC9oQOPT%-Lww%865EWm(z z2a))Ru=ONdPTzTltQOjeMqaZopfnu`C|ce?E+eOQLX(O&Rpq{QIx9|cnX>ZJ@W=Jq zF+sLOlt^nqD@`%qzlI9@>=}S8!qG=-)F~J80?5}Z<1q=e!JWF>N;ne#Fw6mF3k7wO zL-;dn{h?9C?|O=q58u99{Xx#uPcj4>q3K~mrA5;P8t{t^EE{_u^}uQp#fx33#Lo<${ZAmuOTElhz#egC4+AQ%88xVY_&v&(z0=P z7@d%>0G?=w&Ah*>Gm(rU{?@eF2SE?JjT!p>1l@ zvZb0Rz1~7TVzmdMRjkiXx=#|VO?HP)KmoSq0nx?2HO|{Ovvx{Fib3*1gq7-0k z0$ZTcl}g#5iQBEw+w<3-u2?E4=Bz+KVUPeyCfOCD{sq;$1V_xft(SVG7tiRZGM;h# z{&SmKfmC_$hNO*kbd(Aj7wXEvutnt&sJeaOX>`@Z45e{#=m z0+aON8RWoz6e&~Ed-?T$Yvi88)5=r!iRsFGqP~LDAYL!~`(IIiY?6v%cFtpM_ zzd@1rL2`S$3ECv0oQ>n|lqPnsdS24A>9M=ocp@BQ5xMkN=hCpfRNz&i+8$NiRA{J| zVe)1Lu3^QN3S~z9W0m;f!j&1kp)hN4V)w_Wj#S9bIC;~vNPE94MPHv zmk1(;jogj%gEZoGHFNhJ^H(kuAhv3VRS)2&a;KoC!n-~YS5j9~dypXqpSbOKDx^8o!LHulv$RW5{O(nG ziX>Mb7K+p=6yA}-#Z}9qtm^6PlNi5Q5Oc8@HalnnFyNdpHgG{5{XF`wikNysaHAzn zGST73xT=G8=S9=4mpUaf$3;5C+23JMPrk#!joum9b(MnQ>pqfgu#x%y@ z>Z|R+73?YHUs>HBkHxGePzr)>oCnS?SURY#TD{j)iete>Igg{;IhYI{YNybtV5j^!_YxaqrCJg#{`WEX9ZM8xB_60u-6|mjJVe;ezg&s3sRMUjC5f`uz1<=r5Y|8?U=E2|C|e& ztG@78>?RZF_{IbkZY91@JpYrXeh~^*yd*qe=MQuHWp5mj_=!)prxbLYe*Uu^$X)P+ zVgs2^aUCkpSzN?$|C%o7lr_2oj@@^Mn-qg=dhAL{nwUs!+Fer=&xaAHh{zn?vsg<` z#GBGbadh33(KG`<>PWZ~M=hUfvvW-V>;DNYf6U;W=qd{=dN^Rw0Mmdcbj z{$VESgV1f-C4D#zIgkkmZr^>S;>^;gTs%*)$wu~N){K6SOHdqW#Wma>3y74u^&KEP z0;kj4KgFR#tuuz{0a3(&K5Ku$R$=^bvYfF0Eb!kM2cUMrLu=d*y^AMV zo}UitW)f1d6dSe!LNxvn;&G39Jk| zoR^#?0+UM9UI0OU579?+sQh3GJhcMghqgbx3y*tv4$7;8+`4(?pM;CWy4so&3y0Hz6!4VJtik)jZ`9VHDvZ>U&G@uU(zbT9Qd0H(ja zbMOb6LUE0abgwV|YWqg6!^Zlri`V;>(a)rWW=S~gSR0~lx4GI9k)70WL>$2$y@j9L z#CjfWTj{`Oh-w%CJKRZdSHqgW$U789MuzmxQ5Q_^QOQ3nw~f><8vGu^DrS^Hp0No# z*MZ=w2;k9SU*>C@@kNO52@t|Cp|8fyw(aIn4&cx;N7!Z@C?V_a2x&pE@UA}xtR}@b zE2jAHBV@`<{-5G8{znE&#%ozo=-LlOg)PQlIUfuNrNr~?lL}g7B_czAt<-C2M6Hcn zW>=wDQ4yg!!HUioiVsPdKXXLxa>oBDpa=~$K28cbdR28C$|`t|bq^&X4X;fGvufE& z+}zDd6FQsXhbam%C!+>`UJDwX$cY(N3=E6kT3|*cYm*{uiZI{hCN-U5B>~EG*FRtu z1UuT{*W?^|S_%E*4S!f`Kw@@Ni1e@N4Ngd~B&C+Tq{O1@AP~w|R$|NN;k6o!YZz4i zx68k!ze-j^oPc9r?0V6v#4XkkpLs{w_i3d3 z+8@74Hqx3@P~oc2`RJ01*w@EUJ%JX<-kl=A&0|Snlel~O(pYM-_hk1YQjb&z%tFpk zuQ)9!yys2U;|#KS_it%wknv|OAgi@^vA;v0qp-4G@VIDj!7p(xsBy69ZWbU^FA@M& zECC5hj*r2Xc(e;8WIy7B^%htYp6{^f!C$Cia0ZitlW~weTv(y5{Co?n z#CYorUQ2EGfjt>JT1e8n+63vY1%AH3(5v{_lxWxu|+v9mTtd zK`h$0JrHJ#6shXMrQWxS!;ijtO+!+a6|LKEAdYEO>s(cb*Kt)p_^2|ziue-WnkGXE z`p9z6m#<7PFYCg`r>}lLB{A$eAr_5z#x^2^8*e@RFA&D9)tXjJrEC*J6+nvc$jK)CrfnPLOk1s=xVB(3)ul!}qD)D%8+n&I6C5!ChNH5l z)bTP7{p0##-~BL#EQ0yLDN(Oto|Q|8iGlW}k)Ab*=J?+IAL$6YaU_l_AtCl*F>EWz znZ3ADC|aYFx~C00YQs_)rJCL4LT?xWMQ`l@r0bc+?1zfqAjGBafFc7$0Se6V+0wp0lY6oqcj-1QR|(t2pC z19zVEX6C4s0~XUi@I%!hNN4c|AyK#H1etO|QF@;ho~L-RXi`ymAic=lRKw{>Zu*HR z3A4$ej2*hVySDy4*02E8`7n1KA_RFrLn=?>ByCno-;|Deu^M&_hsz$ebUOgOK*>#W z{uv|S!+r$sHyL(=KgJNzhxU9^K{xRCE-dRsUog5qwT7oPfP#LKd2x{uQ-r&wed6uy z3VIh^Ztc+G*ONg~wJ)FndOPxAgf=6iU9WwP!1XSG!5kDy01&is^Q}!n5CRu=ts~5v zFl$SKni*6;N>cxMoKuYqfq2T_V~>;+`S54dVUH)IEXQ^ zZ_j;sIZ`2AyKX?k5EgeYj24zY5jGx1E*x@T-WpOOD{>%C&VH^Ts}m1&3|Zdom%0~9 z8%Mns0T&^?)k#1O?(peE-~XXI@V?ZwHJ-x8CsZ2-!O}jAkQMP_7^GaYP0ys0*s3sy zE~2fY?~PzGHmjP~4^**VntsqW2=Y=Lko+{bCP%NU-mKrhG^;A^Z}kn3ZpRSB98hNRav? z`l3h^+=Dytj#|Nt%t|<&3S?Q@Ca}=Ta+aP7Lk{!D+&t-BSrvTJ-bv|HiH{*cm zGTD~4T8mnqL+VX-Hh*spx%Iyt&z|mI*kGug6`K}lFpD@AeMs@Jd3LO@|ol%<%;msLEJtbyO?K(^>{OvQ(B4~kl&SG?# zD#2!i>Nl({o@BLuE9Q=CWX5H)7D#SgAn0PP_f|fNQd_qlwDQm&qveqyBmqdoA^@2s zzN!TdEW1_h#^`ox5dfKOnJrs^Jr9+B53`&9ID!>D9>goFG!9f)l{#U-qy*;V-CKgZng}|6gxM9}iU)WtvK~g?vn``Or*F z2(@Xf-7;C#yqQvpVtq{{wN|9j6l+9eR>-{h`PgC=Z_{p3sTee)Zz9=-e5^u?U9+sp z%CsZweRpbi`~CLsoj>o~d+t4-@0@ebdC$Z0Ym3XDvw^=say7GPD2|%zmiMVL{Ny4u!91Xko5J+wbMebzS z7rRmw#c$9nz17Q~@jPLtI^?El1zJ$u52BzSX40+DQ^a-hfaludN` zzNyd15y?B|1Se5%7BilPUCn|0I$%|L62PD7SZxG#VY?xJo~wtlls@TWj2KWt7?)C- z36)iG+@$^j`=r50+8l-xZu0QB#1IJJf>_c>8Wf~C#JoC+2|c9{)ICbjKoVNRTlsM# z?@~TLrn(R_xTi;1ta4yTa__-1chL564D5S{EUpQ`f%zCGhI3rF%5{CQt9mHeV+hjI zedKQM02=6W`Z+60(4zY)_xrS>c3*4GR4}NPA6<%U;9B1=hL3+qydH#$BHk4G%;lNJ?%IArXUdn#u#0+^!OGgxgdX#AOGs)Apt6Xr)p%U@4sqTen*-Th|E zm{^PGX>&lZK(Rl#SHRgs&~2M*w}d4XfNWY?EyYe%`m(c>F`194iJphgVl^C%gf4DC zP=$@k7*%-tK5rD^)(iL15&+AGdp=T&VdQY08WoRRu=4RJ_xD#$^hL5H0u6OJXu(>6 zDtuezwOA@ovl^lNa6!HKyr4tdF9NFeaZ_-rxk;|Ii3YlD8R4Aj9LzR3lrcd#eA8*} zas9TO6P#POMx{kpR4xaXAa&ktahi%*Lldy&B>l#?A&@ZgxZ(;_qIN^)qZo@*9W2Nv zWzXkm&S52-SPAB5<~|VeG7j;YClOr7YBuESC!f7Y)_o0o0{|{zI4+$t)KL%@Tk4Bb zYq^0m)wof(+ks!vv1?J2Hp^@ZKQQ1SUR!3wZ3Q`g^P`{&uhA#Zw0eXG7p>>F<0rYc znm3B(@}cU*26( z$=aoT4I7_WkpkFUk)@7@fNN59w%$Q3$cC=PgE0dn{VxJjk=Si(*{=r!Q4v$M7Jax# zb&l%7IOFT}yjD2hM%|%h?RH$1yoql+mTC>1R|b1Vw`NJZxNg4>l^L-UIyqC~bt#8T z%I=RILYN7YY~?}&w=3tmMYQ2ZZ;87ZsPD_;&{{bXJ~MKz!5gbC)_=M=(?s7sphr5^ z=hkGf<5Eyse`dW&Lb1%(*tGSg*<;I}T-#yDOiElx1&V$&b&#f2<6~@N!`ACms$p)$ zR=>#L+XsYi^=|>-z?X#3p4(8ig7oqcr7PEk;eV@I%#Dywx-}QWHd9h!q4kSto#O@8 UCl@e{5gqVD)_J&>x$%?!0>>4NRsaA1 literal 0 HcmV?d00001 diff --git a/website/source/assets/images/vault-approle.png b/website/source/assets/images/vault-approle.png deleted file mode 100644 index 89a51c48a5f75cf9a069e71f72b935131bb6834e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 79550 zcmZ_0b9kIx+c%mfY0%he8r!yQn~jZ0nlx@~PVC0EZQC{)+uGCn{hs5w-@W(uSB|-m zSvt>k{;(!gQC)!tL^!!}jModf)MF>(A z_vpNWX$kve{o}!F0LK++a_N^XBj;v&=K5i?@_pYO-SV|9$5_4>H1VDxcCr{_ofRbCc5w#Ubypi0`gq_y6*~WOXal z|MzSEzQ0u@))l*xdq3A2#qe?6jnTJf(>|85+p!!QC?9_Ro2YqOI{V&dY6c^d4K znwmJZ8tpP{ma2qyTu)=pTI>ez@oQKd3j>0Kq*R^jL`B7=>*!0>OR48e)PTqHr82UC zUzCfL$*43cbeSY}x>7sc@2s?{jRJoe=k2I;c)As<(ze)v6vf+#btb^R4FXOM!Gbq={E zOghARv6$`-k2PjDT0lR_dUgQ0fF$EjUO~Y~FOmQ)fzNBT&2kOd3&1a(-Eu}W2my~A z0gru5KP!ttr_nA!uhm5=gZszznpd~q=b2Is29dtbk9Uuwm3r$bV|~vnF}Jt7#eB!z zf$NLTj|1sUe|%oMHO}UT4G+`nyUA-!8{FHi!I?_$dWmFa2*%muD+nWP$~&|1MD@k7M0l{Qrgy zr#78RQZ7ELi#anP19pxjJ_tJ(zD2%eirI$Uk6v&`Ue zLMU~1cGk4_`L0HuEf)BmLD?IGm=K0REnT`$zMtN4C|O9a2RXhIOKITqR?qve<}}ml zYTtanVx8}2H8x$s-2KbU#fR-MG&B@&)sH2ksu~}G%|xs)GzFGxE7tLLznY!LNkr6b z)B6Q%2QijGDMvKZw6+(q9uu3@BBo5cURvL6AH#CKB%zsqXLr|hIF1Z(T0Ll%)LVZ! z#xgmCrochb;f zS$QBFLz^PCT7{?RHjmjDwm*IV%J^lsw5VtRQFga%q<=!>6YF86$#9%F&D)>cXk4J} zM+e$_CSf=h1N)0Z)a=a6wOm-U-N9rQL*u4*>(k>X!fVtppY~1^KF`QdEQwRHn$!8D zz=tOe@6W0=msQ&taXMIJo=?U}zNRgkh`u{Ppw9Q7MKs@Y|2HK#^pRBkoHoLFo>gEz zO)@aq4@+1vm`t7!_IvY7p$RAxYEK0$4D0O&+|%Vrlii_JXzEKRQ5U=Kth>y*D~g*1 zk&=^B;cQUp?79s3iP7w371xe2tNRR6km3e1?+bOA$)=Id7Ahne1S2HzoIeX3dCy3p zW`l<#p>t2aV64KIl}lPS5w{L*-gCIm^Y045}<<^T|v) zfsfbP+lx&DTsEt{&2?n$iA7M9lpS(S+w}VIGIR%H6Wp>)^0Gh^9dJrsa2=)_KZgV@ z$L+L@IIrS^_alH(boeTc)7g*zZarHeVubAM>OqvBUfx$P;^ECd|ME)?u&SbE4Ob`Z zE#ZwXh&-0gQfZaCP~nytKUPclBZghhsJ(l8OWUdF0k6HSoG)D@ zW~C7t843I>qdx58ggM+-Tx+^qQg8Jwjrx0uX^`@y67hXk`v-6o3O+^#T9=-QiK$`8 zsFhZyp^PX>CW)Ty(;(mk=Aat_8ZrK&<7EO_c&tR=aSOujW}E{->2x|bST=)O&3k$n zPBw?ARU`=z^V+&jlkpz_q zca&El*s>%-f^tkFlgD983XgfkI@uzb_mrev!L>{KI>Vyh8dR_#llb2><9V$+`|mWv zj4TMjwf91>x47NA--*N0XZ6e4(s>gRe+6%RH_P~)RTPm~tyEmC`SKK)zo|tbW&4Kc zF+Mb;ieT@KELc<5A7jC9kwHZe7s1{vd!#&*?Tt@1v~IFnP|oahZuI2Xr}^Z1{53RM zK@s6c(G``KmOsB-8oSyzpW|ZB&%iG;F}-He)ZQHAL$iB2%8joTdP1&-onB zT>rb=x`-6Vkh>yWi&A^_*$lIJD^fd-tZH=S)$yXklJYSTdH8Xe zO?t|%cECAEwwK801av)hYBZ`sS9_XD0mss|j~zb1+5TY>R7=>*pR%I)NA^v?E+Jca zW=CPF(IbM&w(Ex5phYMw^N$g#LTo1s*4mG^2LqSrM?{>y#)Y_HDBR*!ua|pf>jhdg zi!Z2Q>=<(VREaP_fi8>ZS$fGAaCymZRCqh#&D<+ykl?TL8U{E9=EvU&7QUy-J=J+_ zw7CtKFJW?BH^zzsWw#guo?#;b@7-qdqyYUG8p(fl;w1tsk6r&3ho?eamSGQu+Z|m0 z&23xAl+2I^V<{vT?Qc;L_$=C9+^*Pk#=(gAs!l&ESZx67#+8aM)I=;kXi#PQO_{8$noJ&vB02#nMu%;*xnUZ|s8%nNjSBm1AI))$aH zs=pl6=j+|H0IV9>uX|cIhi{j|NtNrfSQ02VTrc>pL&T}h%TP+fa|Jc+o3^2vuSaN1 zr*p)ZoepH5q`aDlavu>D(mAK|3WP_)V%#lKKwvv@zDtO zCFxqTaoJl7Kf74)ac+)Ski(V2Nf`}8|EL@+;tL$JF+dr{19{IxHrbi$Z{#nV$b(y)^*LudUYc)1~TqM zC8Fj0ia;ZoFrq_?2!`f8)aKnNo``$5rOWSTdYw)$I1U!MS?I>#2(dv$Xeg<5GBH1+ zkj!fIO4aFrMzFS=@6({ljM=xBma4&Pq?`ei$}XldnKW8OvK^2e@|qkRe&qjaliWgH zg7byl9T=q`@S)wE)4%{OBU(+kt7p~b=`>d0E>Y{MS7?{x4j(ZKLC}n+bqbbPpdV>u zwW-MS6$7Ugb27#-$$C?ex9ia7;eib7F^~kNkPssosHfPJ#We=Px!Z zb;GRF;<^J#csC}V&ZTOlW}Y#n8kKg5Y9*>n0Z)R@q9de3?6~H6cIz#G)Pn$W1hn@a z3+M76%rgetDo|!2nvPK;Rz-_1{oWfy4u-XQPnK+m)-_5XlwPNBiv+M8?|L&eERfRy zp_oGh+YX+bHY`#*F(xrkCJ8?ZbsBg1Zz9fqB)nW)>fFOM3w#DV$U)?(yr>VjvgwF~x^SvNm=*6bkWXj< zE^)VC2~&!-XBinp>3JH1ZI)`}yx+ZY;#wqA%0CtAdvA-m9j6rL>popSQ60xz+zjB^ zC$k#{>FTe-3-v1`tIAmTgkDD&T1Buwh()#`IF>2?_6r3c@7Uuc|H1~|EVet++$(_t z&;sEyG{W&yv&C8+c%loaIsX~E86_7NrxwiZ(9H7 zo-yUp;~!gG&C-VK-}M2>U0OI&SFLjSNC@b8 z{$W%q(&rr=Sq)rbL6IrMDBIteJ^v`movCVn^LZ||IXnDq`F*2acnc==4pi|a|5Az3 zm!vv4wNQjL3hZPQ-eOT^y29Z%YKo`PnMlR~ehU@UOGFoe4E^$UJFAdp%;-vPItzO7 zYn>3X{L1(7!sSpxt#?7Kd%;q<2D7oUV24ca=cDT$I0o#t;#G!|#YzsL`b>{=u3B8% zTC#aQkNbEXyJj*E*RigvTr&a~M$7c%rr-RDqE+5U`AHE9^?XD6z%5kDIs{u+#&N(_ z2MD-sIS3JoGFW|81dZMQA{@{e!SUE_VtkYI$>CUY9AsrbH-GrPsJ{I4dk!%h>BRkN zxxzXwRVIq&*XFPdE+xN2WY6cCRA;fFIioyVqqA$8XH88e6A~`YlCI~rg+-=>GEHVO z{%p(qrz6R9J5Fuo9eFmGW5Zi!yxR%2uB#U*c(d5DxCYQKtTEz^*~-r=&B-$|GE&XjFQ2@H^@q-KjcGX1fJH`VrmdI%+bWmc?m%RX?JB#7 z186)MY**@*tqnZjaWDJBvC_cwMa#c283jx~ubjC^rQEV43+_yJ9nM!84z~P2^c4vN zA)DYYZW@*UB19y3!7r@lcFeOpNAfsZuETtp6$LB~FpI>0?iDeW(8;ox07eVOYfQFz zo3FxdSVwMC#6@hnub5|K?Y_^@?$ej-4n@_fapt8ci}a9?)rsQBVPVj3muP)u0;I1! z^sUyYglYv@@$>vRqps|{E7-C>$#X!_Y=^9Te8=`F!G@`erS8c)+7ISSGGOk)B*q+LpWk330qQy-Q8Y zw0Pv;B-+B}FqxvsvZ0oGyga#4Gr(1IVUaqcaF418=Z|X>x10LKNGd>gV|T(I3BzP4 zI}sV#jUB(ln+YC;OSS<992Ex&L|+p8Plqa=d0F2V1^&gPA;N+K=Xl+lp{A)T$r}*n zNgqHAL|pT+H7v?NAvzMfh|dqLc5Tz3lJ^{%&HK;D8`0NmVJb zTqV?sPnD=H=W(J4a~S#j9r-;Xkp~T3+}}{Cx2IFRB~MA?-$@@HBf&&}6zxP%IiCni1_wSpY<2s81_ESX zGB_cloc|JMGm}*(S^rumVo_inDe5w9G7y*uIM=zbQ=*I%p7gmnIcz=lVmDg9JIW=S z;@U~IBc7_? z;#tqn(Q5VnJ(4w}P6hUA!vynV`%*boL*vb(^VuX$wE2sVS^mC7IkMx5*XY7qE7*5^^1~=c6w}rYISAW z&C-lX`sG~Vjs5*NojZ^jqVV%leP=wVtZXsQNQL=-o(a1n<4J>e1j+&)qaA_!35}hs zgYoli-S|<~#C)xFanu;2c+4Go^#k<@O;FqO(9XilY!ZNF)b9YPEIVbp8d)M+FcM(n zCX<1<+LXkI;(s*e}D4B{}q5l`}cHC2| zqY<|2=aG^Bo!c``}0b6&@YiQw*GRU7&WwDJ*2cXEaT? zVr?pMJKQOWxHy&l8-l@P@9_+t!AB+NgGn~%CZB&Q+$~1ou0SA9gnW>7n8=o-;4j~$ ztF!2&S$Uo_$v^Vd=MX~5EmjkX<^%d=3c1#vOhSer>~?(vqNRw#62#lxf9(5wv}(XQ zny2uZroP_ZFsATXSLBfvV)ww{G(4CUplWnzP-=+JZE1&^xlidkjaBTix*g6Em@fF` z&lKtZaNC&}-SgYf%hx?pPKBZp5jct~cyBLmp_LT2!HZ8j;L;m*Y>Iovqd%iN%-HCM zToYDlvz#UODAM@{pZNA-`t}N|d@Vc>xw^WtVve`cM<L}&dvR>$r5ce)6`_eT?w zZYBi`1}w4@*sK@OI}yKrqN@P0^145_0}r&^A)N<*bQ3u&kuVxR!xJ$u?O~4p*-tW{ zFJG-oq*5sy4uJi@KBJz__m=`l*Dy)Z>u_t=GVJG&EkM9l)S2A55T`hE_0^V7t0wva!~z3|bjIWeW*jU@%*=?*}^eQZfjy zF89mk1cI>8E-=P#ptehb3WL9tz6VB)*Ne;F8bqFYezXCw)3H+ZUF4n=6`Dy%bgRW` zzQj~Z`%zk2K|v!tA|H2~Px^SV@?tgaVR4&8e5fpiW&io4a&hP~;hKMoaT#J1-9Zne zN(={1^nG;{i(=n?8g)Ybwp^ygQVincI*2$)^ODi-LFhSovd(grRZuitia&~h7>kPm z%?^{^ME0Y_`N#-d)xnYHpJ9at$LDsAQIY2o<9~nL-I?AZDN5j#P~g21J=$o0L7Agj z#0c)%j_d+ePGfug5X?}wnqxLgO-cpwX?C*3%?wUJRRl%Jip?1^Vloxz+h!>XixAj> zdKM-r`I8OtmT#N7GcIWihc2>8mBHAHW!g%(ihs6Jw-5gEm0ka3~S`HE~MvSBR5_`ELJMPX_HE=oXXnTVYSY8evHe(398P5&g zp6_Td^M2kP&yz=uK5Y8f`=yhUTIf4bKz$tX@%|=9eC73H#MTM4P7(RQ6KFIN;pm$L z-=9wyhztsWIU-`_7D6%yq0_L-0DwC8P>ZOcUuY|w^aqo!szQ8I4 zD-PFIsZUWH?HG@^bgUY#bS8h!-<1i~`UPn?Cg?}$C$x1<(*X{n9cdBkeN`KOgesPQzYEkhtW-j?Tw-RHf}mcg$s><5;fHH7vRbQEz?m~Koiq2 zpA$rxJ)O5+j0J}#Q)K?^Nnc%aph8t{GwcR;d)yA*Kg{xBkHxlx*WS86TTKH>WU|ez zS@<;%HHV})f~buW*#(DpTJy2w@BF%8AT=gh*J+&XU>~S6xaR&>yPP7KlJXzDB<$hN zV}v#i?kEh_fOEh7^PROnSffUJ!SG`i7=KISO zvOmmjCOTVI6qSLtm0D@tq&b;)kKPKK3f(DTu^JiqW&n0h>TmCn*lm;-+7H2rn1S^; z^m#k`aG4mZ1Y=p0J+TUd#?*qKFG=Oxf`QphzkHzm&b#sb=X=E2c%r`SL}}Jrso`+g z=^_I6{7dORBxWnt$fXF`L-d|y_%7OR?%f;NtXE_!+ODNjI4zCXsSdD5Cd(0hQhYbJ zvHxMKyAjr0nqKugz1wvQxw<5ZiaGq$(>E_mc1*7Il7C+7>J^(kcD`PRS4#>K@mS7~ zx;-Bij_*lVwZLVdBYor5Ja2#4IMs@{$6p!E#)BTlF;A~nh-9eMNYVv_et%^IiE=&$ zj0lkl_v7_O85DPhZ-A4(#Z51mFTiv(C72D(Xl#v($`g`WwaCyj^r{~4 zm#suc03RNfs&Q&uHjvnNLJNq!Zvzo2eq;yDhnd#lbFiuCEE@w6Dd@(@gb(NItDdLw$rPO+*7V>l zN*GRN>f`-o(j?u`(+5-}9axrFjjm+n8+h16gQ%g*rxrSwG`$~+G9lz%I3VHB@G9sP zgy^9RWXHD&C{L=)0{z!Ok^tAxqmWu=wEy%kqm{@P%h>|C{Xi`J7=Ewkz1^W)YbDm>yXgQ@6ZWgGC!gLb3!F&Vs_dznM@DTkV_Z1X-ncIO)Q^G z$5gf2y~Fv#Z@xWGCq-7Lif|Di2Z@SG57%JqcYZE48E7*t!AE3yqc>=%i>Jn+OJlc- zYqI?;qIo@??s?GzhSRA&M1TgCeESZlYDGCTiK z)JbR35b9@$WmdoRn~a!`(AJw7+`KDkH#;81^50WX>I zcO@o8)b|~Ken1paUY6H=3fJJHs7TEM zfDw}y9Z?j?8aWMbfe*n$>0&ewmhbquICS61MrBlsXO#6;1x)rjZVb+QM5}$ z<572-Ag<5WH1LpI@B;pN0a#Zw>bzsbB=Ps45g34o$yzxneSOJD{G}GAju#>_R{eX) z3j`5L%ls-NSSsWznghkFE($OX71Jev$m~cnyqDjM!XW9yIPn#a&%N&IQ&64q1xP@! zLKkUMsE!jQv~5Cfu$&!;7a^EZ-Q|fGNHHerq0CpL-;NrBMl%Vx-{Lqy;tvR=+O-+D zj4@j2#>Tsb`$Tb;%!ip}Lf)D}S>@&HO!(fBjPdz)a#LN06o@d?eF>+7DRT^l_0ew4 z_P8~~W;Ds9?e^?W*fILfee?2GT$stcNW7OWg^D%L*EwW*CSgN;jx)jZK$tk>O@*%f zy5=-F%=7FgNLVglwb3CSiTiZIw{@}ht8v{u%@dU02VMh$XMcTyhzK40gmsMQ42sAv z7@z9;lOvuCm;<%9m9#lo1}M@U{Cb}#`93OE#iF~+?(n=1jtcj9@UvGA@kaal`fL!s z>zDV`AQEdc71(sJj=Cib-p5oq%p)f)u$x-i%20CIF6%-VL}n4;vD=QaTxuj+B`=mo zCs;ZqN`^Gh75#ahl9bICk#(b}v!+rpr%UV~U6d-a%9Rqpz{e*mKC(<@;i9uZ3AQ53 z!)8%st&}AvPUi^07(L@@7(HFCm4oyNiNT2H{mbJ{cWIB4$_x}Fi{HQxpw1M05oQX= z8Tvwsr(!}(g{DyGd^EFM(C9sDD2cVVY`*~i$!fKsoalRe_pu zySjW5i6~Ye)@}5SvL^V(mTxoHA{g*>3;aCK=Q?Y*#|i@SJd$IBaqaM|aWfI5z@w|H zNjNua6n$oSUtAN2=6|+8EKLKa=pR$%d)fm+DblBdt`#W~H(h1_`svi`1T<{v2|W5I z++L9hyS|{A-1mDu)>l0?h9t3e7+G-rlQ{#U1y2_=-CnmP_B_b?Lb7Zazg6d18qi(M z38oCqPb;A)6BWp2YOi@E>~CV`aJ$D5mA~JcT@)F_?-m<4 z#KXSc4F;ste3wa&E9u(KDKz2g@m$KP(WW}0S1HMZe>x*znF>HpQdEvu_z_f)Pfdx? z)L9PwoWbtsO&Hou%0@PC@j=M%{W~j0pbq%XL~-(#muTF@n+&Os)$sM>sVY^XZU_`c zEkwr1#DI$#7fI~>i&CU_cE|;sGQBc?%Iqh^zI@pf<^$wadJj)S0{^@Ia}P$D5N^K| zuGrsa&JPWgPe-PqIoxzJ>1Tn_4Fe{%(F!L0dwyphv`sbgr0 zYQlPsEZ;%b_34J-kkI4y`0YaLCKGit4G!4jbVqcFf9J^_X!ZYFuLz4}gJ@f`pn63b zt}r-?kwy=tZ~a)mPTXUOt3cMQW)Uw~AEx)@)MH8LG4+qc3Y47bh@g`Duuo1~6cQo{ zR6CtI!oynq*V185M9N%I!-LVXk*sH?=St`%)Uj4;*$uj`N6XBQgVooAo5wB%2o1LP zSg^ifsy96g(g5=b1NzO6XIJE!iCF1pW>vV<6lxqPSY;Y=ZFd(tvfcsNSf-DO8RnjO zPi?O}wGE#`J-3rPjxf<&GwQL!POn(837x95G8!9V(I;KF$BLbo2u$2s%ewkxOPx4L z4*z?NuS$pqr~VGcx*tp2R4d*T)U3&jS`LePt|{6|T_{snwpX## zqG_OOi2EGP4{@AggCnWzW$ZXQXUbI;8o@=H8~XjjiN3F zkS{Z&(D^|lqhZT=1J^1~pW!rCf@S|I$CwdRL+ud)qMN9o|6n{zNfGSi;$oBa3ZMcW@tM3Nm z{^04xa5u@XBY}q{1KiKw^68Zg^ROEti&_03IJ@=3gt0Bqx{-)J&_BWc6Z63o;1=Nu zJZE*iwT}IDYVbxde*in76qvK$n#_10!;rvRoiA?-Qfs5W-L(eLFm;nY&c!&mO@+sm zNasyqvwTaA7<7QfSc>LjuofL%fci7BZsw=+yW7Jm%067%n0{GcpdoA?BdSN`tiCSMelTtvF*Ae{+~G(gb*hG=qqr zZy^NCD@cxuG^>s7gTK}-ID-onk=umZiiMRBNLuqesxtryBH z$J9fO@F`=^^W-zQ&5k~>iXMr#aQN3aHa%-?)|#d}OP|gci!SP`u`9Ot43N>#`m0Vp zZ|srFr6pV25*}UJ%OK45WLU=DX@cD^L-AH~#hK|0M0L zz>xr)Sl%QC1Mf$+D(r?3Ux-Ovto2sxOy0#kqd+i|?a%Y_Ue8w)W`?Q7q8ENsk|H6a zG&eV@<6XZnt{+Z93?f}*Fua5Q2=hFp<|$>Mv1VOylc~$8?y6MkLjZfI*w%sdcny++ z3vy(7*GWE{9G8UPX$^Ks!3J-_#JwbWQ3tFQDz$M}7m=IIGB>aaz{?m#5f={INT5}M zk?Kj);9M$zNSQ2$c)y2#-6RZZ^4V+&lIuJf3UFRbfo;pkKd{DI7EhjgO!pfML+88JE@a}N|WF+(8o8RA6gcSw8w(ULi-v#LQSWsRq zlQNQe_nKP>mMt21jPJdktu|H?6(^t5tCS0nmNDi#9Zm#Y<{)@&`9i}}71+i&OOk!+ z`I*&VG2LSU^tk;)G@i!6fy)rWFbqiQ_ygEnvS;WNd5&R_%3%(jrIHM z(?CG06p);J=C1ob4K|pjvQ3#WaKJsHPE8iv!2sDbO;sHdiKIwVzvl(X$a7i@3+F*D zsy+`Tl65cBV#T|hdy!qJ+2;LE+c9T)1JHF*s+$m5g?~WTH9`zFSyJ#1I7xr9EAr1@ zcvVGGR2-ZfNU{XBOdNbj5Pyv%UE9H6)3GUM&UsCS6A1nUP>LWk0ith@$SEXEihyw;;2tzvU>IsVoqz0^HTMBZD;XE8TGDnS?tNH*+6BH+ev(G$>KI6Cx z@yBY^2ioSTslts)#A`2kF4xnIx%+RG64JHe^?6!v+TwU??Zz@soz^eIAp(WisOx1) z_($_koLn8IBxq6|hZUq!tC3O~Y;;+r1N%A&@b(*RQr~95OfBHjKw_c@QQjI+KXO3C zBP+7RK-8m6oPJ0H-}Pm0jTrQ39(zyLBGe)A((K)$LDssBWMY={GC~=g?&QT9YvcPJ zWMq!l-Y6LXohT|DRbR$4QDs@Ko<9^q-22;$`NJnUX0Kn5IoZUFbe|lm=W@Jf^5Z_R zVQrAkLkK)CeTmADRgQl}h!9Gd_L}%5bQzzyC%$()F0Nke-OJ5%w3P&4E)sMa;>uy- z`BX9JWa>RXnCE18wj&#nb6#SI5#AxYSHYr#)9s6g75jHQku7mI)EaDcyzhQ__V_+v zN&Tnc+xh;LY~5lqLN;a&Me5+L5L~UasE@xTkOBcMItTr@03o1^Vln+jhgSMlPY==e zP2^XI56E{oHnG{{BhlJU2W|o1G3Cqct^R-J-f(THbIRA3y8n7UbIgf)PEHm_;|@WKa!$j z)39AH$QYZ~Ev%;z8^w!WPc{X3B8#v%UEE}Hbh9_pZ3w2RaE=B04JphaSSYeDmX(4q*Uu1rSyPCW)EM0W+`p7WKh zX40fq?`mnd#OypD^-@^9I@YlCgxR);?JdBnSkGKrpiKB));g|>;_9XObJTvCGyWWY z3qcM67LK{BH|^G({u7VFD-UobY-wQg%gu85|2Y5I1f`t`I^Xgg1SlO@vf)24T{v-|k+3q|PPU4xEqh z89!z-vys;~9{AJ1*F>aTVbJBzUTuP>Z6QG9pFN8O)AXTPH&=%>ZtpEyzF5@XC;Wph z+Xwj)3IP}Utg(~M6WYMRthMvPr4!^#PjR<21~Iyk>IA?GK_}~0AI7pXc61xV5x0iC z&>y-q>Bg;5ZyIHq-|KGDcYEM(#R5#o*@CPL1*lt=vP3u4Oir)Cwu{ybTW1A5Hg)}=>R#zaapyeu*dZEK_PJ_*-M*~CNY;l{YbCkk&_tTvh&xh&>G z3rn2%k`g7D%Fu6-$0H=JdNdCLcMY=X>^cp{h60X@@>B*y;)xZy^sBqB((}^$+wst} zf4Flb0oW5jDJ&zIqSW@P;%QXtE|(G4>4ymTHQ?&$6hOURtBOUQZ8W2jx(gAZ1VQAKFsU|+~gWnK@F^*NAR=MCfaYl3)}_IZ$P!j*Y1z~VSyNPSuu~aVC*LLqfG@jyJf1ZW%+1; zPqb#ODMMH=q^8{Sx&6$-v~v7+Z>RhUdHKoveA(ROea#KEK(w|DwGCQ0H_!SY^Ok`{ zn8nmXJkg~N(2w1GSTLIZeYd5?svq}h>n6)&#OFp1{a}F(ck~yWd=k{%$G$%5o%(hb-a*jg@t?;dE*r( zwrG;GI%7<$Ntplbd&CtHE*B4L(^JvT-jU;1nQ^5R{GK?y;yzBHL)0KD zrhC=V*ZnPqyiluU`sUl2SJwWs-GBT^Ul4pjTik*!E?{iXUSH9o`~ky8q}5p67dGgB z22ea(BKjM7@&L$C5MK8Ck$QRU09gx$VVdEJhU5{ew)-!7onq%{9v~&C{&FeQBLF*F z`_~?;*}r8BRb4>4z*oMKmlIbz!9Dtjs?z!QpMuPW*lgDvPbw-5fu%v5YNdbBP^sFP zfBdOStF6&2_N~rN`tHtieu_&yIp+kBg&Em!-?)v_jJgI2qFBzdYY`9O!Es<=QBB~vC&98u}*)9BCGF4OgS z=V`4+D$airyhxB>;+euHReL!JBV*&pb+1q8%?4tIi_u#OzsLvw%KZ*MNfh}D+Wva4 zUsyw_|9soxF&)o#Xf{M1m=PZh2HS-W6hJ?D(qv&iF%ELm9M{Ip7H6xsDdbIz*HaZv z3kf=|>k|uXDm}Ci{pHwyQrSUnNmU$I5%9n{PT?8ujv#SL-e(wBv}YF?w+v4fMK)J> zAEBQ?M$N6fV69k=n=m?};)t>Y|-Oc}5$Nn8$jOqPHL16fgfcW7$Ok?mrrW;C9NC1C7 zVh-xpwP}6BlABfgPJB_R7avNlT}jwLWIlMHd;;MaHdit2Gy%kK#Gk=^@0hl z9L=*7#_Su|)Hq9P-L`o39$jILrMRfLaVG2Cne$e?QeJG#n;$bY@HnYZse@xft z^x&TdzA+J;ZnU>ro`ICBLT@G=xW@gCna-yJJT!iMw4seuoArOpGoHwV=8j7F*h98G zV+sI~SBTbiMnL+9=Epnck>SZ{gP(TX^(Q(3zoXq||f05Zmyubj~Oh`-11neRSr6A|ZpaEt8U=aBq+4NZv3r=w!$#z1{zK;KI;- z!QtxqA!1Cn1d3tdQ&*8TJ_JGPXNT~`Sjl|p-n#21+g(iQEJ0lR6pbs!Uxy@gBp4?7 zVTNnwD@f+o;u1t^>05(K&TSTS6K4Y3hnOal%!OUx>k*A zMAibSg0HVPljPo?3Kn=@D6K(6ce94BpiZ)9A5tsjTM}H+Q3W>W^qkOET4iUf6dDD! z5*$!+fE|@AVTh(q$E9Sr&g`A7Gdr3|nz+}Q*|xSof2GMZ4cS-Qi}tpeP+3`ugaDW$ zsS!U1^T1Kkz)41CoAu;tt0&eB9~u&W8JCJkO(Mq}ht@Yr2850+KT`SV;4_&S3uN}1 zV3v}VWuBA`9EF+eS4-W*&e|E_E*8v@Cr5kr>y^?NzwwMi-8D!SRm|F%6nIm0&sZB3 z&AY!i>G$~{ z#;mWN!u9&~xl*@T`J3mZkUs;8bGUySNPcJbxVLcwN$=}~9lsQoz~x*%9(SWh$&z%H zO|%!l&xNCQRvPW?Y2`XzuSdV0z&%5oxaTtMDy)R6NcIZP`J`;g8#pee z3xLSh>XnIEL9dh#8wQWk7(PC0uAma2izvov&o$C!1`REP za;Nv3KP}heHpo{J;Q5>DJcj3@O@-U#6x(x<#E_0lkqF)wc5gVVMZ1yBZcZ{JOlPhK z%x}vo(r*swlNQKYM}#A`UeVjkulz>4SX2N{emqy~Bq-O93(@EcGR@;pT?MZSfsT{` zwga(nZJ8ETzr!xA-r9B_{~{Ezdk}NLfj?iVr&-z#Y>BFKO|qg_AU?%{mddPERL`0= zkk0Z-o%?z5v@^BWzLLyq-BHF>+ZoT*8LjG5>o9AZU#?BU(}7oDLXA|Dw`fr$&K=$S zYy>+!)czFfOx9cKu18pG&4C>@>oAdpTG9*%*Jc;EZ99E53;7v}n?tRJ_BFPbom#ku zT0I_+l*NEy*QzZ%uW+Y0GDoEnQLj@ZACaJ1M-LOhUT!v>GoN}oHZ zkO((%PK6;8l&ss0aH5d}HCk#86nl1QLNVe7mYDGIl86%DJ&%aWq>F=7`!HC#CB~$2 zDo?J?sGUTzb82@Il)9zl-nz@qn$t=My>r;F|2A0yT7`}4TkWiy3dQ4{py^8t?JZb#9iQu7`cATe&vnpx$%<)nh7*t&uN z(br!%TTqIL&i89ONcRTpCuoeUH9PI+gww|nI4|4@LVq;hA)f7m+&E^e{N|Z%1t49E zuldYfw5;(xqK)y@PdxLrNOTkGB?psSi2wNyiHg9dU$4Sn@X`hbI^QimIxMD%kLF90 zbbrjNL8mV+=tH}>ks3;~?tkNRADa3tGCtbE`0U&ROMxAZImAG4PE*$>yH%!+@Okew zUPT_I!ZfWAJ0c|>B-zB_gChYg;_u~??&WyRX#SwbB&iIn}B_9{UAvI??wD~G}1p#xf`0hPO#C(n-kk%OnT<#JV!Ngk;c z%Uk={Ge*g$TFrJbC#sL93!5kLTnqapREqM{d7wJ3=V+YQ4s&1ee@Vi};Ao6yM#L6A7og7`aI~L%x(LXB{Ks#;w>EO*JOE>AZH~w=mm0!o+Ow1p&6{%vXbyDG*U%?i6 zW=hP7tZoH)_De-*Xi7D2;|h5_2oR+4w!wlSoP1go$s%`N>hg{)bK&T66gH%6qPcRV z4361VIA>PSWc|6f$si}yw?Wf z9AC-lPBdn$^)<{4$lakSaVDnjD>ZASf+91BeIh;-Fln`N?X0Ik?pw6|AQ=yt$P$d2 zP0PI1@YyDKMsjC1-{vN6vrI`=0(MwR%uM%FN!<*_xu@XrKF{q=_Qq{ z>e7q@_aR#d-$aHEPt59zA-P0k=O$&I>QRU|uA5+;K;? zRu$7t{2Cz%H{X17j(Y45e09+fqnTpxe*gXV8^7I#4I2t&S<+95z%aPuNx;dV6XUQ%v57rYD>BbvxG(m;ld+$AAHkH{%OA;D4ZfuUT zFA|m;Ra*oew3TZCQzY8UK!1M)-|DyCdduK%b7MdK^wSa@9WA%sdTaLN0OqaFKKrbx z3`w=wOpW~r-Ituos0DQZSX-|*o?t4rUk;4h7)@Y-vy zHI@+I6L?M7ef>-PfC=`5;Mez>{RJ@ zYJ2sY&d_J)-pBF0i_rTZLruu7hBav6MX-`dJ+#H6#?6r4-H(@YWlEYhL+BIrUAlDD zMwvQ$vHUi6x-43;&dhUlYTHyUJgb{@@7Pkx>Ldnz3|A6~*>r}NDXZ6Qmd$Yq(oL^r zwIt8ge46f=i3MHu(21bG6c>DpiJS3{jxWyFcU55t&wVC3E2{Z^ZepMNxot0w>#^Wt z9O`o27ss=AXxhv;)sB-6O$&;q)IDwDrReKg@0uSo6@NO_mfx)bT-S-n_XX#s2ys71R$gA&!@5c(0SoVcTSW-+o36Mk} zI8xd`$|0rGrcEE6PN_{kfPo}D zw=&b$Z<5&8K9uOTEu`E<=j^px{Exp%(!}Xf@s4XHyhb(I_4i~+7(PnUmadlct#J}o zrj$ge7Ps7mXG@6=t+S6$S+GRnKK@clo!CXn^f@Jay^iQ*+q<7hhNfSsc<&$yRk9mQ z2&xqO;(LPcEdHcvE7!=zJ0CR~sfhY@rNWH^f@+O3wr!UkUks7tnR6v={bunr$7@8L z8d9=LdntGEITES_(Mrm^MH2Vv*HZeVZc@5;FS{BCM~Qv=Q^}0mA(igE$(ZTJKL3uS zu3o3wN(~6Me3iE4F>Q+{kqzsswo)fObugbT`aNBv3Mc+CP7=pWl(ZFVOdBfRdA&q6 zZ<4*+{(QkSd&dvM#oL)EF*gpBh?>S7l5-_2hFHR?)Yfye?UfHCGc{StUeH&?1(L29 zg;lL26>qy%qEr))ghc84K|g+pYSA={;H$Yk*HWg>Uq4pMj;LK-%A9k$PM{R(a7E_p zJB;@;Pl#wGX8j~w%I9YIZ5A_uYB;mlqne@Jv+6O za5ck*EF!!g!&URTT?39yo3%u0R;w&c8>q>$UZaOXcqB&aIce6gmJA;~Rc?CdZE2$4 z({OXxl_HB*td(_}w&~=4qLkHV!%3Z5$?4tOYQI`Z`LdYzx?yhKW1FOKDgoV{>Jjj zPPY5^oMd;`|R?x4?%iZ|CrXwkw`4W(JH4?K0_ zO3U7d?>Z6S>BHSqLXy2+wQio8v3UAG%3h}rVNXekr;%o}*Xe|S!9gb$%sPE|>licL zQzGc;4e#l!s`;(tD*KqgFM(}R^6h~q=R%25_U=l2J=&!+=Gp7?!R)DK+0zGvS!e6l z2bibC(NnUuSN-}BH~rNYgQtYtqhG42HRrTbr%v9!+G;DN4Ig~)fw^|Lew3hQV{G?P zvhArh*W)^~q9oi?t+uBx47g7CIQBABVm;1qrYR5hLs6I~yL)Ozi z>emOo*-a;oJbh4^Ys})hV#NwiNv5X};ngKF+3d%4s4sm_UtXRPV6#pMs3}V$#hd$3 zC!)-`SJG?N>%hV6XaA{7gr|9hy>jKsc~@V3wK?~8TR|*0Z`thW+%$Do>cc1 zlxgTC{5IAe>c#*3yEj{+y$v_tm%WZJnW<^svNk7s3nJ@z8dW%Z+pbA7ym=wjy|n{x zHS02yQ?&fP-omOaz4;Nfy#*!edy8we^A=Ta>8-u&W-Tb|9?ULa_m`AK%e+OETY5_x zclMTd=ZPt+<1H-L#GKcKF-^^HHfmrm zJ*KjL%6SW8nt3Tpvfcwp)8}}L>vh;&CgqmZPX+UP4bDp?t*4@Xs+jf5+McHS?|HvvH){8nt*?II%@3=Q-A|2JZnh--H`kjVT2srZ z?5*h0&)f0C2t99E&#}NV3gY+k&phkZu2$WvTc?h9M!g2!_BzLUUY!9O_e)b;AttnIaKevJ3ReK&Z^#}D>W7X9j_>L+pjaBuXNFL+m+ z-&^ae;l1|6JzmC|30~s7VTJxlS}?-nvrF6HuP=Gw2yg7yFL@_+Z0j|tU*BuqxRKYg zNfT{KKHXZ_@*E&k0*(PQ}Rm^0M-L;G{(1!roX&hXYw z{MuVG_EWF(@vXf^wd#03)obi+*#~ZZOgHI%-_~#JHB$WQ)vE2aJf?Y}jrY{*&{JY- z#y`9#HBhV9p+g5xiJ7^a9(dpZGuBfgX`bskiEhTMyaU+JKfY6?h#3dz9E|Dwq7&%mSo+4ekar@OD3SEwi^hYH65*{{-8&IIUA_S<^37)|qA(*wiaCY-rB-V7jUo zqT-h&%qlQ@q&I?@NgFn7m@!dew#%B5+I@3dqM<|Mr)0`#)i8gx!mJM(JsqSQ^WOYw zRP6Elvt-tYy66Kzdl0m5n44m@jJ6gDoY_Q!OWT$Bo0&Va(?R^B&)~`jp?v#2w_*d^ zgcg`Kq2*>aa(~3uZ?)3F>Q{1RW-|%AX3q(;hiC)2KG<%L4^}tYLd@mSXk(7g3?ehI z2P#~nh+g?QieMJe3b|$pq=Y8f3bU-t3Nk}zg|;)xi4}uBuC4ToGE2R`iIrTASg@+vx1wKrui>8o1VH;i@_ zjj9zT8j`wXsl*JrTEfa@MX|1Q|E+??GqhZmNiN#MoxhEdwHIC`ajF3>t$x4SdA(pm z)wnUZ$ukaZ_fc2J*Fq^R9$cO7-d{RWEx?wdZY&sqgBu2TJnvnW`;~lklpQZ8vjW zX2vIIdq>E&cRrOQwNAl#II7VxQtqltB(y@7<~7%Y12^dPxApN?Bze{hz2EhmDE^VE z-A7xTv2l~=8f4QLbbe5t&X%l`h3$6N-6Ue zO3M622DcpT&^~N?>oeJM-&1CFrl;EGQ+h~v^(=R&@ETR6;{CVDj?cf7oqvs%#J?s; zsV2O>VDOb9bY*cHEQ4{`?wHvldr3&SxL)&8&M|~%7 z%>}%hg4L7nb+#-mmwqLwg~gnOE2U1&%2HJ|`cWD&TIYVUpLOk9Hj!uVxk9$7RX~Jl z*%$nQ}yP!y#BFQGtCEGOOIKhml0adsjA(>s<5C%Nw2YnV;sl00;?#VEi9T@EYJ{K?a*vu;fU2)pfFxVgKEc&Z0DVg zn-rE<_Fc@mK_Ja7q!wj*@yvpQ3 zPMbJK1<@v3uU!VKpSmn5wr%B{g~0Q2_LD=dL0&2c@<6ay*`=+UC6g1p@HjVq;ku?ye;e4&y+rg#?hhXN z_^w;QHx9uZ3KKB;!9B>miUg(=;@f^)>+ zpdf{F4;En02b{S+G5tdDImb+&{p@pwmnsu8HYf>`BMhjxKG?_N!}VH_LcL62^z7Ah zzl+6mc&n1)gkMG(Gh)))@XXTtKSX`7!*u|yCt;r@L#{BP^$WzQ)T!Mie$+@~`Ye_d`*+IYyXiL*B>uJp zc`niaau=K>H3z?$qr}K#8cF){K&loenlczS`T*N|}DWb;4n*tUd2)NuE1T(qcEsu5lC99K3Eo zi?qu+DUk5vZ;~_xavmyC4eF`scGiSgW?Z}^O_-u(tEqFz5>ji3n&KbVT;g^Abr)Ty zcCe|kYr>=~QmlJf;XFmRZDZOIUa5j?zVB%@%T^Z%#W+KWU=GpyX4BnIDk*5B3eOQc0>jako^sX`t-*><5Ya=qpM5XS{y?krM4YN`;%Rkh15h zf3lkN9;_^0v{)ACKsrpHk0rEAClFk1x9n1a%ZOu7Pwkeym+aSAFYlW}BjowaG+C{e zHYthzo4eeY7F(ZNSY>I&_WA++ zCe2(VkG}S$oYPa)13nVPR#&*S<{v9fk! z)@RJ$GiAoSWlExVYO^!tj;s5sN%e8&oiy>kMUt45A}u4Mq^kBQ=ZG!$4zgcWZF4KV zCYR|^p^C}aKgY_IS6wXy9kYSwHsev2e0bjah4%yNAXfe{0+Zo9_wD-oO=P~QH?s=@Uu3UaMBih9~o_Z+@;Wrc9 z5P8NIe)D6qgZ`r~j%CSv-x46ZwEOv&jBl5#>lKp(mJqYu5_0-rNik(JR)*O6v!pO7 zk5Y+o4HLhV#Wc$_>W=AAbNo+^A@BsfULVT1GUy z1tHvA5H+;I%tk?wAp->8vNt64{Pgora_1d)8f_dm635vat03BOAZ5@_2oxGZFgqOD z6s#Z2@G)D+O9q_%FPdQc=XV_sR%Qj6!9~l7Z`9dFFs~s*@u@Lfu8)tl!vE3 z&=z%aO&0Vy<(yEix!!#p3;b<2LGbVu=jB2GEWc0|VgqN{GPpOVvZLxC8&9|5t)`B3#Xy(-f%LLbhs1}qkFd!m+pjd1;_h`{Ac6L9zo!?AA1oMaY z?_-ZUm?aZI41&s+E5F~x;0qkpprIr}f*-rf_@t7SCt>LCy1t2&$cscmRCREyHgLwz zbH5v~j|0#|8sR$U*_a0@&b25aHS0?uFy&LO`v=*uS6lRY-dl8ViWb~2=6$qp0+YEt zUbYV&qT2S)Ra2TZ=~A*?M=7uV%4L;gTTQ*c*!+G^-x907w~1zVNMY&TJteGcY4eHh z*hZ4(%+hW8d|Dsm-a&JRFYv4HD_PQWq35~6?boW$a79yIy80Jqrf3>1&Wk=nb`BdQ zyZ-uDQdg{20o)i&2P-qOG-@~g_F}~{Mujwy4zWzz#-v2_9rfP)xfzz}PtyOb; zrTWhI(coMMPL4Nb}|?Nh$#^8Zhpin6Y%ebssi_d>zIbjun0)%q|DgNrKuS|>@ zCN+w?1RDYDvrnI@qq+L!WncKr?r<|Pd%%amtR)xwET{lCa>LsToEfG+{`kWTe7RW} z;Bw+1vNjs=!B!2yW`>A*m?2}Jjd_i|iO|qJaQ_3QP0Tid2@ea17QvtL5{Q|7NaVF| zez)_0BH#cI15CJSH*G=_hh{78P?yAG(h&{8_sJ@*XRs+u^0Per$DrNNIDs-{vsPp{LIH$LrJWsP zg)NH7{>sj=|H_72|4+$~nxa;$Dpg;4M9N*-Z+B{>{Vgr${!DP}5$(UfeLg(AG$>k5 zK|^nd?v(#@16uexQf|Qcdv@AQV7b1%T}iU(p+}XbKnyX5j?(YxO31UUQ1%?8-}Ib> zUhE*)D+TkmWMmz3m?)gKK<$UqhgE)hkz!wd=P? zng#?5SHhgG?JifQgq+dico}qAZ;3X6&_ZPLtVNoic)OI+>!F#JwWl;n%v-o(HT0TP z);_G&PlCRy=c=n+VUXgyTa&*%c&|W;Q5M&paj^WZIl~K ztU?Nm&^?US;K@HQxpc&{uvU?S1%Ls%Q9KyXoe+yDD6^0BmvrHs;W(sM0 zK??U4_YeLnymSjfm~f#?GvL>2hJg$B8qYNbHE7&<$uTQ!UyQt1G4Z00MCGhkub%PY zWQT6e&y=FJPm)-ON zgakKPCLsV2m{S-e@L8V%vAPV?N3q_c}?W1B+jlVeN*#iy^zT?INjx~0mX7?W3Ez9+8 zW!&~zsxuCo=v=KEyRNZw>$C+QpG3XqtfEuhHcV0o=)W?7VtN$dZevw7IEQUKP4CdD zx_Y{R_GTG~Z%?SQ7pk!c*4T!PSgh*!#T?@HsIHP{MjZ0<4C_au#Cf@H>mQlAD{YtF zn;-uAZ;JKpW7mE8;|}D0>Vlbe)Zt_7h1ZwZOK&XImP?zQ^%uZfB}EE-hqxE>V4-58 zxt`8u}Z&hLACg2VfTRpKu@APWJ8QDzY&=@IkgG zb{w8ufBp3i3}Og;uMu()vLD&c8Tag9f?@(g2|UKjlX&y)MvWt>eZ652U}?n-6C!3n z8Kb)t7~a>^`Y*r(Zk@PbqP@dfhGmc!4qte-g=#JF!Z8?_Kmf4HqTRrC8eutCAN=ld zZG`~lBtZ%j8o1|Qc;2-M%^GgK_~`?RngY7i1=!)G=GhR>jganRF@pDkACyId=G(+X zLGq?B(I%|leybz)(dW;(@EF9buiadmbc&$Myil%rDGaw6!giF-86d!+-%srjRolxqK0BE+T^%SxO+?rxutC4N$$Ee3Qi9}USWB>-zrNEpf8(0i*M-|CAqXHH zmzvp@xYx%xk#WqCmiN-5R`}NktWYk$yZxOKyqT7g5n8hEaa?Ym4ev*P<_ zTfrTFwbBK|W!G5xB)Lw1;ZntAYm2CsCMpXwnmG+6DlyT+s*2zK5m5Kiu3J~56-ZiO0KnT>kfN& z^=4c8?s_XI+9S_;B~R0w#yH5y%CNx$dfO)jrm63+u_N3E_vIa9nOZ!`UG3BfaViJz!8&egY41lwC|KPjdDkbOz4T2fzAW#N5W))v-i5_OSN zrzOhg)dGDGz>H*0o{$5O<-!z{WjF_bhGKzkFB`c6`UissGDrBhKOg+242B=9uE>D9 z3U&og*Z)S2VGTrK-I9LSR}kk102c*69-bJUa9u_|YK*uBB|YV1xm)|VVT^dey_tD- z%>~8&{>Wf#n}wGpG8|Uu=J3^Df2e&kUNKl9v!Iwjegz*Q3n7nQCPS9@qU{cSZxR&a zW{P$N(8WsyxWp>e5@GsaG6F3UmNUQ%E~Efs1X{ox0Hn1<06z%YU(E=zw& zzJLn}ZQ?vhnY0a$6ZHK(`2MV7Y`H&szd`x=`SoMKPsHwo{=vQGkAM85o7lNObu%eJ z+#}qM#*Vv-V*KM@IzSxSC|s$Tg#G?}^qpslb_!yDIlwd^CfHs;J>wS*B+rX;0AnH*ShWKN~Ig=g$onsyp$Lm{+<{xl~XUrsyRt*<^t~1;78Z6+ir>m1)1(TxARfPGB)h{f< z2a;fi`rGH~%dJ>#s+6K<_Y+SkjEpoJuB2bXhxE4-r%rU00dyTGR!nrY z6d(>z35#;lC;(w@rjOy$y7xW$a z#*z=PX>U->`id+-5>ynQ^a<-$OY)c?i{Pz=HyajHWH9(e>?-mhU?G+=d$7ELAfF%; zPd+0AdvAo&eBJKILRvwQ`l47_itec``}*t!^lf^^dxE$(V?# z3#}tBHXy_klLUZ19H)UbY2GXIl#F7r15orS2xR>Ad;=y=oq4LQUbWh_iN5nflb9^n zCQ{C$onzvlO-zzZuKXPa11tboo=G~!0>k}10oExWwy0rwX2NP}qVx6mZ+OGj2Uz-o zF)nDLuuj7>;(=)|6CXSc0u>e$z&?rMILG3_;=`ii!6v{Si#|#U#tGJCcuu{+g$->O zb+-n%z$fC%xd&khwAW9}wBs73x&Ne|0b_;x=jG+O$v8O4W65MZcndc?;(4OE#Io&` zG-Pp}Cl_a8b5O`|96s>8{bW8v0GYaiJf%LoApqI54+40z@bhkCv)Z5-IpohwoALt?htBA~~1N$&3q+HyjJdfWO3K(o(RFIUFq zkGlBng4<;AR3_@uD-|m7yFc5oM`p!LG8ON>336BM^~FnU%a^|?gJ6OcKlq3hJ*Wh6 zx*#DTRfgPB%RXhMWx>-Jgta(j#8B(04A|R#^m8T8(iTtubF*chcD&o_sOROMur1&C zF6hk)Zu^7Vnu}^`YjG$pQ5JD!D{ccQ)zTb}8!r63RjgU6 z(^u1lr1#h%PZ!feH1wPx8Fq(L; zKh_!gk0%tKTF6ncWU26R{>DJEO_pNZpnbjx#uoAufH^2T`1a$?h4K@{HR~#U1jr&o zp|}nbG6S*;AAUo~p4xl3K{y<3;rWmRiQn`OInu|!dL?+UZhj-n;9g7!5Y|)pK>JaA zd*eg+8tNyW6lFDvcQ12rU0z?+y*#Kt^E)hNj40gVBR)!foam z;NFgG2XI3!mC`?r&_A^nJr(oNO7RbIDUM? zF~I(|{eJW<+x!J>>vhFf9Qa7oRxa7v-Ung0HefYRKYW5^f8cCw&GWDT)3RavEc^Xu$uj<^+IUS}8z)V$e&79?!2Y|o_t}?% z#RZ5nUBagwKl-Hr*yU=A6kQSohtCKA^ca0`mBc&V;0_J{Na~p*V0W1kZhhE+`dz=( zKEWAT^?UO+EUmx%JwiOBT(8f6(rO9{ol9}$rmb$PD{))(DaqPtr`v#E{;=U*zA@_R zedT3xpMOws&#SCt-fL>pqt^4Xk6Q1mJ|j@2c+}tiQI_N_LQBNX>m5i|mf}If1Z2}_ zLLJ4Z*PV!Wys7KHmlRmwAfYIv-EA~oRyzli6v}I&) zdfVSDCZRJF&o@_Y7l0cQ>cj&%`>*OAzi=b=uBgQDVugw*;y_zCfY89p?zdrxRTmR8 z3u<@)h*dT^){q0l@?u%{E?o`JHvcbTU-%$!F!k|GhzKt9xUd8I(f-buF~fNhP%}z1 zydj9&#$^gOcjAcFQ?RIO4dI(+k`Her9RVcO~)tb7i1ej{}>~`^`$%A8C zb1PS`x3VSg2t=g|L@O(9-Y~1)u5EwzmMHnwP|53cLVAs2jZ5df>0EYG^M zSdFW;?a($m!(Ch|?W~o6T)A$ebJu2DodzVnkwB|r&3d&f%hJay@zb!_ZhF41(l_3= zYJtEMS+Ci;hwCaIZ$HY_+yXs@}1yu8k7jJQ3GgPFvQh zE$WMF%RX0fT(oiZO_ZB%@_>e}hq#Q_XlokkcX8Fe!WMk9hjERp*(u_Am~e}(+Pu|S z@Z?&f=ORU1pxwTF)s`JrA;8aGzzG7Y)Ri`NRQ)rfTy15QRj%ED$q-*x_e_18tF~;j znqs-y>c1pe@Pir0abGT9wnBU_(w0j-9IxR+azD9yt1SoAE9}LB+n^U-zrwFRT3?ED72Gh*x%oO&z&>ZzA7tMq2_@8;_)Mv zWdmj5EKaDl-TE|yrv9qde`DjDD?of*b%m8_+znFS?z!y-%O5eg&I(&zQn!Utj9Xy6 zef8~k?CU?i%Vm7N=JOwMuF-KsxEM9?Y9`vEch=f>elg3Itk@uytA~14NmzyD9-XRK zV7}ARQk*vzbvrj|xl?Clrr8bO_@o`9y^P5`4KZgi2Yy#T`(OWl*=3;qW@4%-$9l83 zVT#pI_%5Tm{ZnJ|7V)Y|An+JjR{!$1dz?}^)-{LfF+eZ?jxZwfgEU60ZMblg&!($e z412=cV?>d_Z)g)gJR$zX&gz!Wpc^aKG2- z@{Q(^d8skQLsNHWQpN=>NNC-ev>^l#T(D4Fcwv*d0nI(`>=3}1m~~vXg2c6LA>x$~ zeA*Kb(;i%+>uglA>N*8q zxO}X?spIf*d3Nm=FSP%?<6pLBgZi&6&Z-1@`Rv_y5$@K0{=<5lEoIpUPM>a*#*T2{ z-PaAsetqEzoAdHQ=Qce;ZJ!QM4p@?X*_M2Bd6NDaECm7pnK`&v7QQ0Q!&q3~iv*Zx z4)NTAVPnm?CMpwgpd&dzNB|*&$Z%}6N*<-l6!wVq7^p^TrLUJqe)? zE#dh~E_O8!AOjn#_}c3f!jwW9>~qT~dQxqS)b0iq763 zZ;BV@EwD3Z9_Nx(kq9m!S=ps4>*9ff_orR#8GQN2&$Oj0H`w*Rxz|~7&p-V*xzplu z-8=&Po_O>m8#i*Oy|a3wvPHk6?@bEVuaw7prNDWO^-#9yY<>DEjv2S@38RPF$l-%5 zSv+FvB?!0aP1|O%}oQQhVT{%FQ0s#1)d+u@gi;y^yz+q&-gBQcV!KRp? z7%t8NUBrRT;Q-1k;%!OPMyymv z5Y}Jj0%D2~FdzgB;*iMV8BBiHp7$q~3FTvUR{JCnYR|SsbwwOFR5{>wgTS(>4i2kL zbO5YUzw34G(9Np7SnRb|!mRAT6E7P>B zk$~QGxiqGx>mv}(wrl`p;+H)jW=ScP>@~fb%#+Hn%NY7mK*Q zhg1{21++Kl*#L^S$+G`mBfOSKfR&e**JRg8@QMX4R=$xYFOCXC9OwiN5Tnj6Cb)pJ zB`mwTu!9ZTs1i#~BHeIu-cD#%{Vh<&9YEW*Z*$psIYEZJLy<;}9#tRc-IQhMQ0#xy zr-%dHjRROy*#aWCr(=8f0XJ=8htXtWk>kP?+Y0DhMRES2Zmbd01@zKODH>D&06+jqL_t&pF1PP2 zwAuf8-t7sjrpOIB)e=((&4}HKN`cqm${Ky`7o|i~obNC0_@}L2zr|SyalVL&b! ztg#R$3XEqcmKZl__9VvYTdR!ZWpb@9SHd;+EA~o4_=Vf_gHO$~+0VS@_y^}`?Td2z zepYVb2$pr+jCt#39i+Yt-3zyNeiP<`rTD!@B;_QQG+v_9AV09Qkx({Xmg!*G=y$|{ zgUJDm9K;#pt&8U_h7RJ4$pX)Ir6>Ro2E_!$yOlJ>ZyxTqV>uX&>&Sbu?GcHOAhzd; zDB?iGfv(R1l3Sr+WRJv-Aheid9w!Ed?2>%g>WVCze#?pWzAr%B?Mtk!fg*}H5OJV$ zI8d!D&xAq%@(_fwL0$sJ#1r$gqX@954UbGt+xzZQYyY0}iY;EYQc3-EhW21B7Ep~x zSZ`dnOlxsd)@ zN&JG*nTP`s2f7po$b8sQ$?*^lVJnyBp0 zsp)D?{I)Pxopth5`;jt2uUNCuuD;<;d-&;BfT(rx$?e#QM9ovl+RJ#AEYd%}?E(A2 zukNt|8BYMdDZK_*`rwhSt$_WVYS)c5RrVKIjY-_avDOmFwt_bENLFhtC!^~k4s>k} zuzeHR)BWx&faE*wxTD@c+gYuT35vP7ca`a^hD7&?I1q6l;y`ma(6?`2`|yW9e866U z&AGO#m0_<-Kyi=AO5D{RP1K%4oC7GjN&v+Id`bFb$dwr)G8X{bo&+!i-oC4UZxj^% zxvbRh3N(5F40q&bo`2PzdTyTE0*-qpq-DFLTl|hi$Y@n^rT)Na)9nXWU8KEyEA2Zs z{>5&+d$w)Y7Fy1#+s2Ndw42i5Kk3@84##9(dYz?J8i%S>vhbT)_eLn zmYFw6%~W}{t3aRIYbxy)^>w$7wiXzpL`Vtf1>EzB#f<1!#DRzd-IfDOmo0U%@K}i1 zJDUBmaiRY6pa0zHa$d|tTiuqkQNtq+L>%aJ4zSlZF-*rCbBtwYcYLBK1U0fyldbu| z2On(L{?-YB2TqH4mT<1U2|!FT!?xC4t3)|vZ!fi~jhij|Tx~ITkoW#;Z$3r!MI2~v z4%7$~lQ@qpjR0-9>Vm)8BXhEED>F2mFhf=h7 zTio5-&g@xx?e#;bl?xP$FWz5@GBRqP-1(rJ+cfczOMsMs z%kpvnrmSXijh-MC>vQ<=C8OZAULiUQe|~}ZrJ()8xR8QAx90J4K`TYw#>Q*YJ&lnS zVUBpOvWRWa{ytu^T4EW2XA2-?skiBGT@L}s&=T|ADqHk^th7Nt#U8YxQ#FHt(U`5V zVKuxYO1|TYAuRbe-STyg=1RkHar?x+S+fxJ(Vw1r$-AVQb&qut{_PAE(%^bVN}<*l zc-{lkqq?+`>I}M%byP;UI-hR5w?2p?7e0j|AnP-nI+ngO{h-LRFn)hphz)VcqE;9< z?hTwaE>r(k{onSX!RXrpu(36@pizpgLZdq@GC0k{s(o?f#D#3_kPPe>XHwA@qNAd= z>&o`RA&g&R&r&}7?X4B*4y}8ilz;cwp>|n#JjmHN9`1Bq`^4hw5STocWku&^RCDd2 zt+)J8o#H!R?0#gdzy5j{6#;iajFBKR(qDwq4BIiC{2%Y~H``v4T!ArI)?Tuejw*Cr9j9D@rr6i==X@XH$ zIaz0L>SMpCe`>fBaV??DJKT?Zlb18R%A%JlTAeiBuklvhTvkh1 zl+Zk(<#r1yVgf_Q(_CfCD*T^Mu{GQi0=@m?W)fWrr|t3|1lyniH)n<7uf?poHGQEq zMlSvM_gNP{gV#4Vn9Tai_;^42p*VNr?-`{z;Pd9JhGD4hp#5t!0c*`VPST{{^XZe$ zR`AHu;XXFvIxU&RpTQ4}wsXvo|MDIbiZL0*pxhM0fkUXhZ`m2_s3HV~pR8qj)LKnC zHrmRy4D!K zjH8!Y4FzVn#C(#)DY?H)k&k4yKH~lNdD0-e)JKC+$Hh|^%b3-|d2?GTJ1FgVwktiO z3zVWsbz#{TlUr&Bu{iyX?o}E-tL)K)O*v}t=!ZR%w&(Nz=h}K7wy|`?U9b{9DLO|V zLu%73>OErCra!;l0-7o*fpJ)Enc=fv+v+-b-cuHB@^=EC?=@zHLef*$Yp$S*%CoY_ zbOE{G{L}uvPD+hd?SV@Ws1+X{c5j)zS%>XkDgMgK_KCvj9)Ide7_0DFTbyND4SG>a zkGyt=!=7D=&eJ7w4bi0P{3#yYmV6CGIC&#zG?r z%#KBLH7Nd8U7I^&-1fG(1{W-^ojawt&_KUMA8?dWHld?Mgq0Sl;}~mn@(7EJNKydG?L*Oziu{X z*-EE15=JwMDpdrFxmIpx_rczA>1(UwTQElb$?SS!#Yan8jBjFyRUKa~_09{$rcbML zKJ?=e??p#PlYeIE-D|`E*O$CvTpo{*KZ!8uyaaTe69iO=HOVtT4lUEAKj{x#UZo_i zs9cn9a?cy3*fX3LGkTl^tBkD zRK2bi=yPj(K5soqPIrm=7!F+|5=5e()gnt>1eG$s*dd0NOhR(Lb-_gtPwe^IZ%bKp&CU_jDhAzvcd9ialp(ppNT$a$7^#-&4 zr~yaPtY~NvAVFr0LABQARm*D7GMUyy6>v!*PPga6Q+#KjYAeU~!G7AWe+zX= z#)d_K)?mn3Lng&igGImhO5LBSP#+{zmL0eJ+AlK&7Hg=gr~zM%w}X1tFaVRrw-uU5 zJTn9l{y!~vD{4^~mU1&eq|*$8-|GyKFfa2K zU-iFU1f~QD*K=7NkbVD6H~g{9dMg^^k^xnwlg{sjCU3gp2MxP%#cV8$`7%(2<+j)^ zpSOk8$i}8v6pB}4jmpxR!~RHi$bpein`LyK8ox#?N7@3n2kjtw9u{yZ3v2hys5DSK z%?|z2sJ4ww7I{uQ^YzP4ZhuSBbXWv6wYAp+&AzPdvQAdK6YBnncwmFNhmWPqi|3#Lrzk`S{rqAhumW4c+@<#hamt{Z zI}i8wKpQ3^8j;ES!=U&v%BS~FWQVY1RR0L52w7~>pa*T1Pe{;zX>=~tb>Y(lO=E7D z;xAQh$$mHE{NzKOP$b(Kc;h)+L5N^qR{K#Hw%>41PUZ~yFqH&1f97m5xk3?%!h}?2 zmeA~;{na3$8hvYxrAzY0Q&|eHzqC$sZ0@uXlbM1utYNIh9Gt>4)A6cgzs1@sJ61~? z&gyF5qYdp{j@lN=U&`sUG~0S@At`$0+i-uHwo{z>nV*ez0rNAr-}<3ctk72H9LGp^ zgstK)ISk*{#P6}-T~!|G14kj`eWb@gvDFrQ`cX1Kyl*7*Uela$mH=EEbL3<5ay(xJnekFCu9d!fr zCvSWL@$)YXl}n*3!W3S7{Yq)V-Wjy z95d5FKK%Nub5G3Bs#0!-z_Q>_)$V50VB4%OEVn`!)A8RWC1Mx`?~B-{LI78`7=ogoM`eCZn5R71bECr#^;mWZ2CO(I_|FTa7RheASeC2 z!sD>QV=)9!NPhkn3tEd86P?Tk+l5*(Wj{pyn+rQ#!7Y}#OB%7)&v#-}8CJRh~7hICA$8L-*j>FT0BB zQMT5xer1nvKiS+SVUhfzSZMjoff#`p)Q9>iu=&o&2<*uU)){;~57RaV=2>$FQ-Oi;DK&*Z8 zx1$#%T3D%hv20e!reopMA-EAHSCsv2af@%Sh-q2bwz6Emal#cx!@h_s!Vw5Vwv_RQh!CCZ&oTc2HxP0j(z7Y;lHUG0M-kG`v+ zGY7ORGv6AfNu1eci(x%uV=lNyK2;QdF+Sw>#r`+BroW*3wel?`WoAYF8Qo=tR}&dz zRqQXwyt8t|hV&}UYTp$Sx>B#=aJ->{JOb5#rj!IEkd`L>-)iCFV|A=3NqPEGoSIozvg&uPotvj_F zj1DdCKQ%@ROwnNE{w1064^S8b9xl`1Azb!;6hNB?So>tB?p@Q7zEN38=1_ zz;D-boCAB{*cn(dnbjO9_!~-pj|}6xH7R%Rl=IUXa=6Q)h0KVZwUuuKdc?#*x4OU- z4#s~N((k?K`~oVX6~fSBVU0lHlw+El3A%^Gf3-qHqabe)q-9DpLJ$#gh`aQ?d&7P@q``m^iR4f);I<}7Wz zzj?H0*DE(rM-sSVM0K6ZSMR@{FQ*o*{kJY{;eu1zTEP3aEN-i~A9vL(|1P(B&)_H@ zBnk)hJ?JQ893lm#<^(vt^*QUBf}0js%W+QcQPwO2yJ68kw)GA_BKKoDeIdq-z@6a& z=|7`d#S5vgurWQidXUfe&n53^RrKlN*Pv5Uh{26uX~*ys1{(C+;xaDcel|e4=!t%URTSo`({{^`>j4sdzi~7$q%<# zzpQi8HDyo6qr={qtlDm}!+%q$;vBuJ-2MxO)>><_rhXJ6m#&I-o11yRAR>bCpO!~@ zHd58qMq}ewe5i;M0f!h3x6$*mogSXs1nhaJDWLmY;a>u|3Z8h4kA?Em{;!+1D* z2j^)yh9ziH;JPJA`1~!jwsdeAIAWU#ETV>%{c0F!>WLj=V~XbN<6JPU=u+l7V!c3) zQalMb9h#NDNNM*X*A@z-0*P?Xt3mke23jSc>3%J>7Fo`Q08>MN&fW|~2)HKVbUspg zP&YJD|Ho|9pYdktPX zn&)g!*uR;R|77=BeAH(7^UbhOI`q~m7PP0iJ=fP~L0SS91o@j(Khe%Me>!uCm)?86 zzwr2sw01`x;|Eoa!^oPToZhT|)S4?@hX2VXYZrbC*VorArYdIqg7l1^Xg#3dDM9Cz z#ECd)go$O~-qXPS&*-(JdCGo|*Iq)O#ZSAj&fs(2LV5$h`uiKCRR;ewp9K0)3IqZ; zzHzKcVcfrFY^!JssC++wnv{3$dr;X0BpX@kn4o5g{v{6fPqRW8GUlCoKEjJ4!ix|m zjKRefK7NM5|1dlZ+j?NxTsPY+Zs*|9Y79)bL3nXZdQRF=b#L@CmOt(=Q~GoPEmkWC z%}BWV`W|JvpX}&3F55Qq?KJ3sKfo^pZ8DEmBla=^0UH>9&s$MD72KUVa5aEYd$#EQJzrQFkMtat z{vO-^KF|8&R1ql)@EPMO{X$3p6+4zj7A6o7-CkoC<_|sl0wFkvmp!y!Vp&r-B*<*> zaPfAIJtjpVbxoC4Ilc{7NA^#*h2joAdQyMo-{&g*<`NZ1SfdqS#O{AGsEC~*=#`XbpJlH+>d9Qy569&B(Hk5|AFvEHHGWrF{4zP7ZmZE$rsT+ z`@{kr5o1o(C)%^-f3CE&vKnM2fDkQoLR&hH=5A$ojOw31@jxT(%+bOKB|O_KhH+BY zFj(`#AQT|>D5?l*{TS|WNa--;cU>xRe4$NE|6fUpg3deD%6g{eM~m}erCE$0-a z{g2C?P#JEe-Kr6tl5ce&p3=W-eQm7K@6C$hj#Ho2A%i`>aKU}S&}uBTjCd?LOK$As zzsNIv%%M*t*@MEhtV(OqyGr3IVm;8pha3?|IFj`c4Ez1V)OBvGlf;!p;CA?JyY>Og zUV}kJdkA;Edm_8la%JjS1R3%N4+J{PySlZ8`G%A4y}OBJ_S#D8DGqTcbH_ZA2EZ;J z_e~oI%sW?y(0ibkE9-b3*~S+Q(?(>TgCigDJFA2)d#BfX(h)%7V_Ug5^Up+9X?^yy zgI|8$u#BUwM&*mg6p_e$@choawG)+7gtiY#?WMC5v0MxcMM_Yh?DwSg*a#YEO)MZl zW+G~yMe9h^D;?#^Nfrftn<%5m&kn_?6Y{XS7T)wXp0t8jsPRmb*E@V$eUCMAYC2!` z*wH88QpBJB#S3-cq+4a%II}$r!eNSRN*ro;KFxWnqNN!?G3dBHL{(>!vyV%Ye)BM@ z26TQm85@0NDU0LKia!|PFo)kMyZ*z<>PRvR`4IT+@qly|J;LPAh5!5W271?dmdE-L z*Q&$1BAVt}PyA&B&bB`^hSdQIX1Kdkh3HykSwh+3&1KzR(my*7nt8tCd(NwRx<0v!NsiviMON0n=sYTKxTSQZk` z^}cu&|6;LoJ&WvoXTtj}()uhC4AvB>azs{CLxU36ugqhuMZtIZ_L_U?fuJ;{M*)_%}e z;n(q3MUuSBQq~ZnK~|J$(lzAl?@Q6-g4d_DG&5U_;_an=`z8H z&q!3SF9+fmAs{{kE81_sO6UR7`AL+}*r$3tOL)Pi+8Qo}ungab$U&~vEO{^e(k3>b z2^xv`Uz5eo-wslGW8ULGXlwq>UL3JXvHJ#BMdV+$=XT^PgU}=4&Rz`n#35gGUmJhh zB;%pjaozir%{LmuTPkBZ{z$xIX?8Ofmr1B))Snbr3RcNFHh z#%~>FY>)Sioo8kLJYKihgpc}uk`?u{z;9C24QxlDVyYEzis$8;cNlm0G_QS|QM$_( zVrzFAh z^(>FRx~}a3Y9?0TxDd{cK^Lzef`LN;!X{ z;AE8l^O4bV9@tIeG*9+w@i0&Qc<|qc=@4qGBHU}2$ij%iZfmI#*0iG(VhbCT-$9#_ zCPJ~*aBdu(oNS!*+2@`}jG-4h+=l$Bt5$rGw6iMvZW0>zQAc9aPGiHieTbL)4)H02hncXa6vomSVgdlDIn=VY?%)SWa$iMZ0kk=hC2q>*o^`$-} zDk?e?{^@o`rEydo>=mq_HVq&7!O0V2%QP5%5m!q9FXIvtCw%U#WrbOg;SKR6kM-rQ ze0nUY_WCfi;p}UGIc0@z9RrD-+dBEnwh>pb&r)HdOnj~&SP8mmtvbgS%gniidbWFo)QLZrabl!PDwFPgM zco{C;>*To7DE}_m>s$7C%MBaMq0RikA#Qoe1%PF}Ww?P=-y(ys%}f)FTJHMntw4RH zlK}H%Sn5&!Nnbs0gu#f^>TO_MY*D*xlB-_hy;U?p_e7s0JD>S~4h!flCt9FOWQpk; zWX(gEPyk>G{zqbS*m)VsE&yq{FR5j{%kB*sY2Gll`tsO9WXxvKuDwLQiQM+J;zWK&NfhM+eVZ+bE_nL4qAg9 z-S@Nm{p(+Ox~cBKj;NY9+v?&9v7_nvoKV#T^TytK%H^?W#qxe2{(b~P&qT!q|MG=? z<|+wWsi z@Nur&n$iT2ok*M8ss_SDUG;;>(y<8cGq}lT_Z_}UcL|Ed-$Iq_k&;i>P!XMru#Nr0QQjnRr+yN|zD6(ka4+Vi*bdKd)>U{3IeQQwkYVMZ7_9e>qa|7m{Ea zX^X2#x@Khb#MDt4(!?=PAQEr-TiYpc!+18RBrYqNe;UCpqbsT1$Fl@ z^TLUnTpVs4xSt!9j{a#}H6rt+Y7MswDw1_Ssr{WKXLfVYY-ZJ_e6qA`_5Eoje(&iU z;}gc^0y$sUF!FZEZol96Ibq4?Zj;RWNgvvsa8#&Mxnrfb(e{t;_(8*Axv;}T*7(U% zVf4sSQ-5CXu7cIpme0|}ByLZAspG-d<;@Wht!`{UQ-*s#fqsiL2@TQAmSxWp; z>u;d{3`-GkXCr~iaQ!;=0DsnMM!vZjR{6A`0dfUcdJ)-DmQPfLlEhn0uJaU4hwOPL$zX<$YQ z9Uld3`edDNPl*TEi+Oo@Ic{hh{45^D4H|;_AG8@ls52$jV@Wu=UY$+RaE2ZHo@R1{ z0;4^}4f3=qjm}odgZFwm+viB4qb{KIvX}iCiX9YF^aT&lgpM56^aK4r{DZc+;Ah%8 zY>)80Uk4MfFkOAj-m2Y?P`YXJ{^KfzkzWpalj)eq^wJr@b%4U*>53$MS-xP@K2dQ0`;x(g%rd>M{-%YqeDfZ%#HEOB0q$hw}?2j-KKNIkfP&s{X+}Nna$Fw`LwuB;x z>9>d;8GOh)#6?gC5Let)86MeE*!3M#jl6Aw&!&kOcA>uV2}A7-k2Uwyj9MLG>ZhQZ zU@M`or$pLuoUoUW+_XnRG0#cbeetB?zJzc$&j&t)P8BiBuq%Uz9K%XXxokk9BrG1} zpVhUP>R4JCXw^m&ycSxwIqfrCVyWo$h4ZrU`O$9LM>|mh*%(Jn&06&nZ{U3TMGY2x< zF5`tnu%%-FApybpn^2AYrf`*?#19}yMS3PEgng3Cpd;BL;~mod@aoOE-@Gybr~&T^U1`Qks-n^-w-JZtB2VK zisySKX%p^#GkujzqjMx3B?!5WJm6923fCDvmtYJnurYX*ovh_X?jmHt%jI5~S_Z=p z##h3@V|3w593h8(po-=Uf<>0v>M`hD-8n$*k!RdVmP|7Df%~Qk`y&AberX4`VvM*u z3v-A;0*B>2+sy%VEs+GyGXZ`xciGL>k-Pe`{n}-YP<5DW-KL;}*UWGszD0zE!WzJH zlQUW9oZe>kd7}Tt3raU@fdmPTP6l=u`mseVe2shNdiyo+x05bSSsnK*<2P2TV<4KA z@0iVG@>6gPmnzMJbZUsZ%WSkQ=J(IHT1Q}@=mJ+E{2-!xRYTr~e2jUgO*p$}q@wiwvGC z-U?^DU3AAZOIp9p97{{pJOLL%X$F6Q``oTjR3C;u6XnIQP#BmiWosch_Q?xojK2=^ z3Zox0K7(UvAj_r0@{p9}G$bgC?;_HF=~UKg^jduB>+SU0=rzjY-?oWqywc2!pCp3m8Puf03tV}7WbxUeBFx*ch8t{3_ z60t7@%V-c!50!tOr;gN&w%-3&RF}r6lg}TP!N<$pxf9lzU^luNdD^);j&&!)idx~& zsw`lfzf&@tnZ7}a2@ol>570xpjM#JR2|+%0+75Hcx;gjF49A)m>E9MYGo z|JPsaZN>Pa5_utbGfurPKHkLZVF!kD(AS3-79>O3b9dEd<6rg^6&<;{tkNw;+qHji zAPm@400?+?H1&QbJg!WGM8kUvX%q!H1r(o?z=iK&SfWHxi|Np+4RNrKCj_8eWkB%g zauEB-5MyBew!x>F$COf0?Gw47gydsi&o5L3aTfux5dhFA&3(+a4v0Pd`hFGqwEKh~5FQ60j{}KC$t517_<}X7{)7GCjXNwvW4YX|UVfmEblkC8;BbcJEaD3jY zrh27~%f9bT8+?vB7xU3hqw+p?{F>i$aQrG8@M^z!iS61}-T@eur*2l7F40$NJOlI5 zC=9KbAP4=?Bo4h_m{em<1Gr^@{ARtoJaIg(j7 zuhk^Hf1SIc4`<(SHdjof+l$b>XGoUrtsxFY=4k6ke;o5 zbahAOGJOA|(*eZ|}Y%YnaYmv~9JerDr^CEcuxZ(!oHlwZ_QI`2M z3D8Dt(MQasd6EHv5%4(;Ce#HvfQ_~`k%R2xi~y{Fs;$baL33YlAoaW;fC3VfiiDK3 z7hHv{2qfs34>rptm%?FlYJ%^THQ28z0o1t^TZ&L+dMcp1Q-3x~hq=5l!1B!Tx+k`h zr12sQaSpYFotpIgO;Lu@bh6DC-e1dU8BqE+>;0+?4Ml&ICR+;LG?6pngx;qolvA-o z`JG%0a|1x#W}GDXBOsI^#X0IX&FAXnkG@C|F}}w;y5W_*E&a8Y860I6+`w;DMGscJ zqD6?9h^yEzg0mk*o2(H-H%!1S+fEM=5GZ;u+eAg|$|9Wq$FnJX@Zj2yG*Yk5NcO#S z?tzDiv5{})Fe;c4J27zU4h^|GLQfN|U00hv5?=e%1I>ssV+WGk6sn%9&pX{UTN`zu z&!*6pq)SE23i#cx@}{ASdEDpbDq8HE%~C`I8g93cK1%egL((3EKguG3jESZ)mM10? zB#07^>e=sudDtUFo-O=RPkyCj484OLtl)O;T%m`89B0O^E`Rv}y(rq)9#$5{`Q14n zk6uxa!djia!alEz>Ms{2zC(bqEFWppe8#R{^aY^kj~nyNaI*Hxjz@ll?yoQAgUCdPR)$Th8aWy`iK{7+P4e0V)^Th4WvAo1 zXeNPX%?AtabUMDHex=#WbQSV=LrUt`%v~M^(*mEz&Po@z#rTYgt2Y)A_XGEQT-6iL z4reACsSgaS=U}JmYlwumvot`^p|-e%N`v!xk0e>z{*yA0ZU|i8bH)c$Pltl1A$OW= zFFCcqa?h^~>E~H#>Ac?H(t&c69d3Glv6dbR#ZEjZ|JdF7W+p&_=k^1{^x z^Pl304Jj|ya-IJ(TK*^d2?fB7BlIH)2haqdbj5u{Y*a5pg1U8_ML7^=ji~I5(?@n% zkg!wh9M4+d2$Tab9kcp=)fAbEnovtqnVarpuOjk;fUE{}Rk=7$s4!H{H+`CO!Djww z0sS({nQWU`p=2iE`CO+d$INzx{!@zP>2PRpJUV?akpWl{4JHoeSEkrug+Ads6xg2+ z!TLk2dfP1X6z3PAWIWFw|j zuhFm1ef>GkBXI1q)0hvG3PbiK%BzAgNVK zg(WC0PIrUgX-Jr)VZRx*l^+dk#K zfZq+8>g;wFY=os~IumAA_40h^&6r&o`faic#=~BEbsWr?HEw6M5SMm1GR5w}K`SQP zW*O5Mq|B6&+m~|ZE_SCwvFSYSDZ>xfySsJbWjj(ZnzvpM*jcpW(fPav+rBlPCakvc{`r-m5A( zK7%cl(fY4HL!UnCvJ}#PU^)3F{rOiBN*rF-32n~i*_>^ynLSIChmc)42@S+X_sbkT zdV^=9?Nigap+?=>88~yEc5vi=M4hx!?16qNorhyX9r)XBw2tnJUW-BNC~LJ(rP43g z-{`+w;^6vBN8QRjvqZoCMyC{=NCElkzxWPJq^PsAi0eniyEk}D8a0Y@$cLga0Yq|+ z08^f?C+zy&1MVq_{(XVI>iV{LPO-b(YAJV$hEr)Wy(snS)vHb>bXqwHtj<~cy0ZVX zSwqLqHYI8$IfLk~j1|9RW4SsP%N$;7T872=DQ>H>eR*(xBbTUD z0D_Q~Ac2~IA#fjZm&&En{|F!mW;5ZMfO?wXpFSAPMt5NW<+i}oJXd6GRDlVR z{lEm&A%?GMIvhyry>6Ao2Sf+e6V!|}K4xcyLgxUP_#Kee`Rh5<%J+ptI-`Kf-X zfCvvfA=by9&Rd1{&OTTC5&@pJl)~sv%?Np{WD81>90GB9IA5}&h+f(4m zoTeZ5SEBgaSkNZ<#~9pwNrQ-1?mV7gohmHfVA38>B9*?jx156)1f4Lr?!ab7y+4CE z&m$r5@F#8B`^`G?NidQNHpXl(O5$EBRgOKFL*OP3tA3g!rAwBfTAjULZZRFtV$atx z9-d^Ulq0tL@be@!N6#L=n(XlE#;J`F-NfBZ1jBV!bT59Vy)DGgAK$7K1cT3R();330AvBQoA2nWFsEz6^^;d>_!?OdMsaC-w7e zPgc;qEHfywLP1i-2Vm$$!+hWQW*-%>{?k=c*{prJq1(PsCZWyEN?HD&SjXy-vAD66Oj`_lkeCo+%{WY@%aoIG13R@0)bXxc4u%x24ZLv?6`C5M# zO;}+Ojo1OUH7M~ycLpm}U-NfM;qQM-A$kuvJU**Gu^BZjQutmYw;SiDjE-7R7_ z7Qd-jrc-GtU5~VCz~xzAP#kZzn;73vj@>C~0y2CKG23k4^ER6z7r~^;0C18YDXKZ8 zMu)cg;in>sLad5T@1ti3SIDz>cj87Lh{kirj9kmwL~wK66E}oO#Hjb6*WZmjTV?84 zi5O&fITimg;6oQto*-jD|A}##m2`U>|0PEE1Pf~wM_8b^W!~n^rqg@Hqg|xkt{$Mm zBa}WY5!`17=dizIcDJsyx+o^)6->%^S8s9paMHTm2%+z8?Qgwo@F2xrT_SB3#pgL& z8`z&E{F19mkxxef7c!Y^0o1v2eB|uOTv#MB&E&=)PNhJ4x;pH9y))(4PD)e4wu1%W z^=J6YUa3p{I1!EXF=JSV-#54rJ3HAI-CqMAc89O7_O{3vXGq)aqD+8ypTm9wq=*l9 z%zZ`2a$+RgSR+!=a2y~vMwgy#8%c%ix1s_I*j(LY_y!vMLrT96Q4bk;TR5;da%EYkR;9Sm78C z(@#_?aAy$bt}#hjTfHZI*Yq+<%Ky8qfjGU1h@4juO@(+=4;Mp$$+_qw~Lcj_uC&jj~0v}%jMew=tLgf!Z0VrSwy6U2)>cnu(%%54Ar zhfGwx9;|^)8zMYfi{BiNZ|)l&^YS@K(NECc(W#xb|F{>xgt(wwguP78LL*eXJI(4| z7eNP3YH5Lx@Y_h|2W`Q!+DAPBmq#=lSmL|?8tsTN@W5RYkzbv0V4B=5$2iSQKNn-5 zo#(|M1}ujZx7L>~A&0GuvSL%Ih+x@1?Vm4*d9kPU2I7iQlmonXJKKm41Np>uNIk6# z;^#-~n;2Ue&H#{j3@dxcpU-BQ8i+55s+Sp7xMlGTt{C|Q01OXl5t5**p8(2i{$JK(%b;-RGHQ`GVjxn zVpZld?QOhq^ov2C4S<@sO0DK94v4QcmfD8vr<5yla83rq*o5lK&0%1e<>~@(H2a?CJR^sWN>QrV zRarWFaWFU$JF_{sK19elr_kS2kJb|Az^ejaxLQGt_ct3*J0=_A!Vzx{{}l`xibvm0 zb;kmGmlDx@*_#w)6E zs5w4a8X7T(S`1&_4``HwEo|?PCx7~qdhVj7MyOrpCim+P3-F@NGPy$w&B~qr_N!~RNdro!l!Wdqm(nrqF!&Zp}kgdxPD*%c=JaJRcRB-S*04JlvVpM zV>{C3@ry)z2jnBy1v}xx$JFf9liROCMZ7VbkPdET%%ljvPf!mibgp_waLQhFj3(+M zYBUUL!~5nw$*j7E&(GF3@`wfa+}vteRb&+MI*L&S0GcEW%wH2izLeEnl9xg`-;aVe)J#0g#dpp1=7e+*EwW4AU(3nA(>rd z2!~b^_cGa-BZl9XEFDj)Q!Za%X5Z4y^TJZsX(ouwl`Yyh2&H3G@B+q$JtOjTHXkoD z*`IGM(Lw*-)~`Ayec!$AwVCP`O3?M^?)``N!AfxY)u8+q&jcJja_ZctB!ePcg=9-z zmwp@HaApdvTmfFCMf{=#k`j%s#HFP~jj1m@j$hH&r2vgzE4R1d*&wHD=F#WRKVt>_ z3ig!M@#+$7=VpgO^(I*rd0W^#UMxt3yxUm)p54L9^5Ory-)q7wT3zbwv;*_^Rcd7J z>{Pnh^q(GHwX#wyhee-xfqh@fIDu3Z1RT)$K}Gy{Ti7%~A1AFA_ouOx(2NvK+cH3e z*E{Y1>xNjlN<5+kF?T#Pes!^`w)kfXW4mpi(d@@UK1AtVur*^uv8QnD!09ghqsVR$2%4-w^Gl+r}m*kUt=r0cc8K4#E@* zE)ic?->6DTuUj#liuo947pZ#}1hX(GtSpK|mx&0#hKq4NK{mx8 z{1oz`j1r&~5=nJ=ZTa{~0IrI5m8OjM6B5O2JeJfWm5WN*JU|xM&EZ0BgxK^XDWV^e zksB)Hi5@hki9?JPfu=;kjuY)!4zx7+n=fm&sz%422Ws*a3@bBDj1?VLYNO# zxryZbFKmqqqC$Tt2H?%(IVrMhUtWnfuy$sHB@9fwFh{<%Q_=!@H;KB1EshfN9VbjP zZze94IaSo=aj5|@`~&zSX#g}X0p)XUx2A-7kv3M-26_%}hd@59q{4d%~rPhJttk<|g=(e^?YHLd;ZaH0MM)3wF$@z(K-_!~21d|tW#W`A+Uzoj1`mgqRC z-fC#aeC-MSK3TOW&aSnzdB*chwAz z#wmlm*8HWid*esTu5dU0=vqigx!krnWjVKh(zQp;y;9u&5=4YBs^Uy|yf5<*&w>vw zHkdiKRaOK7t}vYF+TuA3==d93>h-LtR=;59QX5QFF#}!djW2@(Li)4e`I-b;Q851b zA6k|5Z+H+&q6LB|LPI%?p_w2dwYji8sgRAj{ObD$*S8ESB8AP%gWwH-9WY)e1Riz^ z8TBj3)}|H9J`A0Fzb3+*x1U5BmP&m8MU?30)$;Br&wXswAj9YCY(iM-9IF0p(z8hX zn=yB!CsXa++)@Th&yMjuO}As|qk#WI)>no_6}DSb3W(An-5@oDbfj~Qk^bw78kd#xtM>;e?wx{zeW>6Q5%RU)Go z<^iZW6AKgQ-*Mh8tOwN9O)aI)a)69uRz4GVp1jzB78D&gIysWQdp(19kcohMhWb%$ zBleD4qbbk@$*&JF#b5qAEscB>*DS|uPa1KcOPC*Gze6FNJXaR`yS~m7f!W}dI|red zrx7SxFRB{8D4~2MJ2-IW81=#W!e_xR@0b8CNtyZlpiLxdMT@eBlZ$b!t5qMsudK4}r zjp}truZXTW&j}76y-L7Mqn8 z?PX_%29Ax0w+vd26C09XUKMcci|<1qqw9!elUgMK&C=SrL&8VYY126L&NC=)lK0#a zQyRnzuFPMoR=&LenG}f_JL>O-p#PHvz#q}em8W&b^M}P{H7dHle%D&=ug*1j>;foBS~e25G9q5hARh0c&GGmJ)B}O!X4;%$pb)NSutrb6 zPE$qY4=v-oMwMRn0cA~F@!bk)qcD2|=+30N{G;wx-RFU)FeaR9XV4XF$gPiui}M1SM&#KPBYLb{@dEJh;23tUQRs?gM zANDt5=F|<8HKjZpQT7h0K!-ZX6)s2Waz>aD!~BA{>=yPG<)?hx)Zk=YseUP=`CoT< zsHR`6cHnJs)R}%5=+}%`x!P2wRV`_J)V7OS@toFRQq@p8Y2|j#aLiChwbQ2V)3J3` zCgym;J>ar0bCU40xi+a&v^(Gv@>-0XHLM7%Wn!@%#nO9j?pEjfxd zl&8n)(i?tl$K{YqJGg$IAJV;mBZluld*|480O`ha+-W;26sdmms_(Wy{7OYm@^4PI z-533bmQ=v>eS?vo{>hagjWG@Eh?dL>-0B5hd;H1CHsPT3?t zdsEvPD6aW+j;);?EDTNXz>E>y$8kXFUY@AZcY@PeY7kTsk5SiUcoguEhI6Rcbe)x-v}JpHps=kjk71*v)tDW zEL|>u%%lpjnBCrLxnUJ6))Z%^LySj^hdwSDCM0@&OS$~^9km<nMAGNxRY;t zC^`Mf>B9Ky`SC1qI~3vwzFv!^+-i%uz@Y#@G)vbm!2_7v5{{iR9Shg0V#e~09eOU) z>Z47mLcnevu-QOIXVCTETBN`!|4%XARGvFt!vX82g zCm5^XblQJ?aU$jQ>pe=NG3iewe_pd74YRM(Q|u(Ge5cLL2ze&Q*waMdA1);QKoN2I zUH7-#6zexw@(Sx6+ue$F1<$)_qg!wXs(G+oy)3t@rUregJZ6ul+F2Iuvi5_iRpEH4 z?_u*?q;1vu94@Vlm|6wUl^S70mX<$k+9I_Q{>Ii!Hw|h$^UCm&sDdu!uMXT|>eS`p zYI%Ix9Rd!Cm{!z&z5Q%!BiVqTz%0*zP%m_^Wo&2I#ifh$gTu_EDABrhf2qMTsMPSf z4v$5jg8D<^(Ngu|t3)V7W#Fy6oU3l?N14LtlpmhW2;W=}tOnriZ< zxa}7pPw~pGj=E7z#QH!FB<2QON>p&L%?avP$^cu*(j7Qd@%a|`yVxan@2{Eo0qZj> z!i^mNgb3<~A)*ADGWK4CD0H#V;?vd*QtE>9ZY>#Za?gP_U}R*KIdVR;sunK4fI15u z>)Ly-2DnoTA4H!VIr#SE7tgPdo+50^xG2xkeD$bUSlv#k=el4RayI_*mDcPgp19^?SWza; zdFNJ>&T6fLTO8gXBIXclFADP@9>Tcnf}I>Oy>5(NWyuSF>&W^8>hjjWQVkX+*Xipk z4PDjkG9%^nnBtPxQEaotc92f`G2R}~>~o){^+Vf@wQk)r;=KTTHlOqOs+j9w(R-Vy z_EYSUA%QJ+UW-+V^jupYtpKDL+5tuhJ)vN_s{CSPM=X1tQFw8-0bWHdw#7J4YMW}4 zNL}BdzsySi=qc4lulP}+j-IAzys9hSofWUjTg6-#Y^^#E5N*XG@(pG@zwro$sD0R0 zOy^!e_YhkGx$PM&*jWTR6u9o!k_0Hm+fIK!EUMlvc;)_T7yhgDi==d_Qn{_LyOnf{N~rimKFIG13; ziYJdMEwo?zPB8 zY{_`7q?$utZ`=)bd}Ds@p@tY`Kf!ij_zeE*VdS3u!snH-A7<9wUq^jyE97klz1KAG z$X{~bhyf{20`<;$3bj98k%YFphY;=R!|O$RHvyW*(|ht6MC0OU<{sP6HqMrR%g9T~ zh$#L~W-XtUHLmaMKv+blsbk)~w78pY|9}#aERej-W4SlIsF^kJkkYCibVa$cM5Idx z!KId#wf!0+3NR$#rXkqq-sD6M9lGgXUm#IocKZUU18uw2Ln@lkGKe|gxTU~7G!?~j zjUC02rm0IUlf`KDgDpA~F0=Uh)dR(@HZ@klP22~!=-Q4~3=3xJRl6ERZ@i1Q5cHq^ z9AzSZ{-nMT+J@_SqMwEfhKI*OlEjn(m(EF5&ek40mzf=vl=(ziYgZ=MQc%5OWTXhp z4M%zPF;C{C1xe<1%xSgTC?lB0G+yDHtYvsJ$!W~z%l7iaa=EPwz9oI#q&`B0vm8C& z5GdC@S@8Mj{cDYcm2Ie78Cf;K#OOXTl4mH+%pz$lslkt?6r=iR+XzCtiM$AXzsVTa zC7|hfc2~mZX$_N6nrhkww1Z-H*3W}Oh@hEog=df2rS2TX^kVvFpHVB>Et$!0aw-*Z zRF#R?_;|tL?A1|eA3d1R*2$FPhgE>A=nMnD-%B!)2K$3Fw{|48CC#Z9hs&Zsk=$i{v=4(Bo2UhIY>yAGkkt**t%|JW;l0NO<`c1}$%+;~$ z#dhBao(SshVP6V8Wfx{}aSbF}+=t0mxk!90=5pp|pT}EKRCbzA&YV+VI5;ol<=LVk z2y1>%I?yl_n1oko0Qq(wusLvST7LJd_F{}6y5k|$r0P#47&1)y$waV zH*x*C%RcNtq`atzK{(YSUoO!H9UqnpHoU$;W;mWc>Pj|pya+#|1&@8;v0Z@v2HHUn zu?vq+#knqg5r(RCXO&69>e&Petq4pMV)kZ6tqW`#s_Hr`Q`dqI0Sb|$e(DEzf<4#K zD!lmurBq{+4>8k!Or2A>~2MAosmB5{cV985KCGkRn~fEG}9L7hx0m0NLSG-TdcLNpLMD2Tt*F!!qK4AOQXVJIQBVs)HZ=Z z!Ph_s@*TE)Ccn!dxKPlt^?JeDr;~dSm$6Q;Zx`E93X;QN>A37tvO#-c*-u)zoG^1+i4uH+v(=IL&uU8uy#8wx(LN=}-L9EzJMgeM>Lt z_r#T z0f_qEU{;Y{E$>Ds|G8EhG>&v@{kg35Sf@dy4(y4=yRTBT9ouUk#Ev-ZCf28+ zpOsSirxVTJJv4nfMI!)R^3<4ajFi5k8_zV})DxVR{K1Cu%_s?NFxZ~%7E(ALlLOx9 z6;6V(b?drr$W57r8;`=nIQyz?UF}k6=qcxwtG|p~&rM(MO+MX~7`FK)5vvZraJxNS z6D~jt$kBL2{gy)#aD5PHXd6EyqX;_<1KHK*60>ank;I(%HO`&WhmFmntv*>8y&~pO3WuIMOcaayEgc%nCh49l-RJ5;1oEn-3Uil>K_KXuaNK2vQwC-P@(jyHz6aCBG3J2XyT&~mkijU%WF)53G?CR*38EL^jm;v5=2p`mDL{KF z>6TvRC?Q)rK!W0TBvx4GWgK(x!Or(>4q`70&y=V{d5D<*%A4bH0QOuK<2qxkbXiGs zkm)qaSB2ddn9%3J#uDz-4gi3yeKHA#g39RD0I{96J`1dYj5g>%zwN~gFMafs9D2ZZ zS=lin==Vq|&x*~8uTTd!KiWBs`Po&h6s&8Bbacx@(rDLLO%xxY=0^_)N2OcZIe-Ocn3Ou6@0x~kaQ1pQomciDxGMf!bEX+YUt=W%w8Kz zZ@J$u;hyp^UiIKJ?nWU;z?zBLIRLn2;!3>!xGj712?HF5?&t$IBP}m>aGTActr!jq zA-8KS9?pAKWQDPGQ-I*mSXjd32X7*tEw6{w-E7}I@|!$}j?x3#qDiG$9{Vmh+eCZK-W6EG*j%DN+1t zkR<)RBESBW;pScw{HF%GYpI6wcCPxNTBmIXVQdJd^vVg;*g-Tn=$mcGt=FK z^e@)i)^jL1&$`WQJ?Veg@6szO0QkR5(bK(NY&-cSZ2Q&=PVqlM-p9DhabaNw2%&O1 zG^pCSV(huEMul+B_}pjdZmt+MD4t*S65HRZ#5@vIR)J8&*Hfv;YcfNl@pM3zD z4Ud3k@3S&bn2PH4*7L(jy@dX?)PByg&&`tSqHXk&ky{7jwyr}CHxbZ-j{tWLicP!%k;T197G-WUE!udA>lQi0+6HTE)XE%p zFhXg)g0fEV5P+^@rJ_4$V9@9J#GkjoPquh*9|sm@`!*6Z{sq>bBv(#iC>uM7<*f<# zfR$Z%Ud!u4uuPu1$e&k3`j+(|z`bW3D|DTLb;i6KOT+hrB&wF!{x2_ z0BhIvywH8qapS>jc5EWq5B*Z7e;eAL3sNz$M|q+j7zq|-z6P=A*4-*3sJVv1iR->hEyz?n2rj42$3gj zNKf!J0s4aDO%}1Nu?=)j0)qWcnS!@$045sOjSSD{xG9q@7$w{lvta604csojPJ5)a zjGtBmgLk8w=ht6;dv-8<_2je8!Mm;#a4PkAVh%kS%`Vu3D5^F(U8|d;2ja!|$4f8i zt$DcShh6Hld7h0t_LpCyHYLPxH>jjYFqJFN1y4m+kRRwM-&jTeQpG#0k99raWFAg1S@@@(Ksy4^v^_)-c z`@>y~gM{s&-FV&P=WNkVgoJE-Cu>>VuHD=KlZC?@y8%I!jSlU}0>u^?$%^w+n~{Ak zjg|#_j3&&Y4C&jWjcZ9isGe#<+%s?CxXjD$ls`9Ze>~2HpjZtk&Q^Tq--6ODMr|{? zEG~OiNYujnXbRzX$`h3M87}mO`0i&7{jM+&F}pI-SN#6?oM3gm?a#(6Su^v0yF*F6 zV_@9q?ua2hYHQUK1-BB@CURb}qUTA=%{>~Laa_7QQRjEzidH1m z#|E54m>$@Pu$%rM%kTM47>D%461ECf3#|}5@27qeWbV5Rx(Z>o;q2`SNeW!m^1&(= ztTf~6`B1{`FPe%- zuj1h_0vm63?WjcvQyX;2#Lv8`i19*Knj!CZsUtO%O}vYK=aMCXE?5xJTfeI@tbVo zL$1`N@e88m;?5Bth{^VC~?UhL+B#e_gNN6f%%Mcy9)cVs*f{q9(3v z|DLO}>Wda9o^;AYCR*x(z|+-3bm3K^-IO%#n1w6Y-1$Q2ak(NxvsiCnf2z!6vhdGg zwaEpWydsh$g*Ad+n8%z#mj#}OGFe0Pih=t(5>K?=GOeLb{%L++saad>#i zUE@%~?oMpjb4sjPGJd8ImsUgrE-9+>| z&40t971e2-l09wxR({j*E2`VC7odR;u5aRE%tE6+S9~z9Z%qPj60FsFm)zHE+Am~G;O6&y+q3MO`Q&y64MtM8ec0WXguV~K>_|ofcQy+(md_akNbCoWppAO@ z>>L)SEdz&4syrG_Q2Scv2wxBy&(m*B%x;LhU&c=Em?1MYGtD`rE|m9u-FW9**FW9} zazU_0&KZ2NtP_3^IX$*qH+|ks?XR9-{inIX$yGb@y{ooYCMDO&2}zojd~?$4hiMnr4FXm;V$M|p=hdpn{YN6AhU_xRpXd z%WEJ5pXlNi0le{cK81YV{a)NpOIh5{M#3-rWEcM^iDXISK>CEbF;>g(0tvMvc9D0n z9AJkP=@~r!fR!u@anVYM=<4DaS<$j{?Bt%|Wth^3OT;sF+1DdfC6eXq zloff%YJ+1LV{Bmh$0)PkC)mTwt0yGwty#0C1&nvRO2AL`Wl&fg)aByzI*UbI_-@=tod2fLm7ANqWSc@t(fK}@zaqf3y`iU7TvgrPT` z;Y=EHcxsPLCJszA`A}VHH`Y!`3!EEb!P5eD=NmRb(e8zz$Jc#97vkhQd%uS~T!L3H z0M5LU$88UCGXD#oNPPvj`-dOJ>P}hA^vPk6X{jGtn4*X4Ej>a!WQKaIK~is( zKW$ICXL6WDa?P_uHjElg{ge`pzJ6bIOAm|P>FFHeN>>?VBXbqI!iZRB{!G7r=uow? zc-w#?$=#|46U9agEBOKq=n}`XJc@zQHQikH#lpLpL6~wx)`NnWTwND;`Z(<3!5%cr zY>)15kv9g9dx=8@*~NoTX$}Aui&FyCkE0uMWK5LOzR{XK;i44&Jv+QNHCNO-&tnoa zN>lSb=3TB4&x7`?8BA3INm@IscG0q*@kW8v5Ji+XLW6AvYt=q0RDY*#3|6KLMMZtl zpo$_c5`N?mU3tIxG9XG|V8DUC4d4fUYSuSMX`_UVX@C{%5n>_aPQHj0WTUSI;+x8{s#*ou#WBW|OxpHd<{R zBHgcY-_Gtag22l_)~F@LaO?O5Owqp$W3_%nGMB}Qx7x1gQ*!=dOW3pqeQ3SS@@8pg z_y!)6#=Rh%X-(PMdepR}C{h(&yFHo-c3?_amAlp2TJVdv7!&=W!n|w2IFHO_OPtXk zf4_u7Vs5)wjoa6Zz6~?m#V?B$grZ~AQ)%2S>5506qWoN&jwE1?5cGh{)Tb(2eX6a0 zsLUw4X$oi{titWfjqmfAUt%_!r8O+jskOS3p^KfktHkw`EU!; zYej{rjPTeRe$;1{obriGDKQw|$6#Q9z52}#YxfC2{Nn4j7A?5q@Eo~}JVZT<`UIw= zN9Vm4Cuy)#>P?j zI(b^Q7E*Z2)|c_9bp`oKwVns6$jn4S`7`_*3XhQm{pD9LB+QZ-LAro+E(tzlIqm^H z$=J7?=2GuSP~h6h2#cm$r_wvs>)ZFk?$T;p0V9%TL8|(jlcl=jKl=6_f$e{kNX&V^ z6pdCXuxvD3Yj$uF{9~ zDAwf-GU{H3>l9kmX5_Cv4~Qk$w6YGwql%9hJgQoF6}cZ)kUo4xVL~EUiq33nP~OPm z97~jrXx7dXL0GL6HlH;#UE%XMVZG&R?hk_+VMo4jlkXkly>V3|?CqSSkn8+R>kF)H zGn0l^fhJZsJ^Z>=MEVv27A$tXp{?^ceT9hNS5K5v@?H|MV}-b=V^GG@-Am2>ReZv) z$!J8fbwJDw9w$%I**2Rs+@Ujoa>>oi5LTGUttiJ*%Y=BfzA{LLhueW$Z}018DJ;xyRX%V$gC%eOF|=uA z-tb@0e`DNLh?cy`#h1**$>?Z~UDoimr)j_WB)_gOX#~ln9;XTPnafoBYyHe~LrjpEU zL*E{PCMqAdBSbzZeBef6nl*cE5I1WE8K>l~qc-t?v20Ed=|`H9DcS*+dFCXYYKGcJKCRd} z2}rdm8Ld16=tcKgygt{2IHr$U$kpWlefA~Knm1MhA@wspkZsIclgHLWCil3-I#_9I z`?KEics|5!IYIO1lJ0Vd_m|nQ;!_BL0aV%#%E^({k6(v&(Ydmgc-PI~kPsHdb0yj! zW@;0s978p`6M^$4*}Qj5jS&KZN}DbVLbq&i8c1msf6+$DzrYbOt^0}hNg;71^_k%} z60~R|c*t5Q`5WMd$D1`ts-t&8wF`P`Ipl3 zd8^BKGZ^K*^vBt|ZK>pX0t1nXD5yJ>qwvMxAGOjb;H3Z#6==ja>- zK!@K;sUC!fp`R0K)6#>q?nu1D?hCarR|C++V^1V{k1-jlRCZeU^X*jyr)9Aoy9j z8}j4dx|4PHVPf)0AaJM0P}%DVrFR=tBQ8EoI2{8ZO3fo3E+3K&cx1BGYt5Mzo;4jl z_tU1j`O?LCkHbsX%6=;#yz!zJEt2eJ%}sf58I^`rPqJ~4{(eC5TiVc(QYSp_(@qXO z;5zsl=w12YI1XGzI~MN}m0jqeb#bL6V)oNqt*3qc{NXiq7S@6d`O@igx4TSN@kniw zHSG)*>nF)2 zK$K=rggMLi;|C;2E-uF^9@R)XFG^KP4y6p%4QWb{krV9c|_^a&MHpEpkq zCZt5UnT0%1<%_M&&;SoX8Wcn4nI6yK*4@}%MH*SFTh+=pWjM|8!H_&?r6=Zn;W+AP z3zO^{0vhIe!CI-;6Sw;3O%kg;{Hzt|J3`Is?r^;cI(4X&lo{#bO@O{sv%GV7>6Ui@ zZBq2CUWUZRdS6JwGn7L5x-W#M2GZMg7vl74Cx6`ihx^0;{ro9L*aMp2kVoXGqBz7C zWg3MCLGK4vZH9G&N4Ve^d$yC71r5qZM`vUrllM!5(LbAFKeDPN!9P9;8p=1F=tIBe z+dH}xP1b8SMpZg-%qun}egR>S-t3vuN18XTAd7RHFQg8YIo5bqIeGQsWjw@w1f^;a z-Vl$3(;j9f&ONnzXAgitDQ7X{Jj?nk1P}3%7a3bA*Vl_Dw@zZ7o}ngP88mKPy1gs2 zQze=!9_yTS#nZ()EShOW(E>BhH(qx}3(lI`M})~+K5>6+vyQCNHJ#fi|7QDIa8`ZW zyl#%U7aHDeRNi%cCx3k6)O8fHTbFz{E5zKW<#$&)$<})YM;t^j%TC1J`*x>dVS;tJ zFnm@%K4iQaISoBN|Catdj?Kx5xm+4dT-mm(CkMlEcq4`JS0u+b zQ%ju!vpbjtyp(@Q-S^hIMQh{Lh1`t3A@4qK%X<0P2+i}EH{o3s7PZ1U8Id8h;n*1K z=wo|wP%yLiskgs(Din2V55*_6cLa|o(+%bkrfe6W%fX`q^Z%P=OoiXSl-{;%rI^3! zBVe6zzYXLN;V8l*@akr{>aQ?&QO8W|DIR=6;0g_|TL zfs`cI4lyX>apsOi8fYGG@0-*IdBavO(zgZs?)9827bfPme@l~Jok?a$Yx7jMMYc^_ z^#sP$@|=?lTxa|QYIx1VPOktEysmxgmOZ-rX|F`9gI-~VV`MC4>>;xJ$y}vLi`LE> zipdtqRXZYv=_{OW4)B=6D};<&7Komp-fHKVM>XI(WWCr>VQNLXU8bYP&HN1G+@T+u zYwemC5@6qnH@mBQ*nZ!Kq_u)NNs~NfHD8rqH{fHx!4mm22XjkGicd49!CY*>O5WDz z8TEy?Uvd*3AZ4<@^N9v00hxmjO>;Z7$MxTA)EPCwTi^Ad-w&92Sd^V+$jhGC_>V3p zy<0;)ulD)NF=PrOsY< z>gvH=x^0Ix3>BY!r)?Uxw&^3NP#@Cpa_&&nhWOsh7;0>+brK(}5BXAA$AyZSPGcC} zyB;lsOg~z0#?ZeH)HTtH*x2YCh@nYHLkSn{z-}+0<$zHi3YA=lYmFkd?@9(3X#?fQ zfRaz9L&YmVX>8gRWmV?Dc8=iTt1x*bbBQl6hE(#$^#KoyjFQ~3+2IW%Dx6N8(oM`& zcx=?%Z{G=ZGjYx!vPqu`n)5%Em@sf1=zg4E!fG@d)N#qZVHn* zvpGIExbDY-nrbQyCxMTL2|)#8FW?0zn-?!S4@~OO!98|DdSyIza~3X3XXHm#nXbE2 z9X>a@Ixlu&0tC2fLuJ!kW{>=8i$G^%-zZP!p_PU@cdxdVM%)_5R9Z$+zmR=3GU^=c zvad>aDs8@-(e*A1awn_42cSM5;KtsO$z3?OjynZCA~HCJ*0^fJEVbf`;{7S!P$hKd z>QP(54kp<)N!P>)*z~}*5*Adye(GZWFcLlp748%?(Bwtq1TArPUjd}_M=R3LLCB0* zIdLqPcrDreF7D(r8!2xk4ALaQ2EQzcu`uEP^~@>$5I6%XrZ12ro6^C)A1OFd+3%6a z8@9~Fm(1QE@DU!c^VslV^;sy>7x0wpn6{1nnSRE+`o`C`MjZ|g>s?AEHf^S~d5~Ld zFiT+NN{p-P;VsB)w(AgzcbO~=_0qcRWMVbf-oUjle;@;-`8?O8boU|cL&+@lTgNX` zZ`YlZQ=-%QT@Gfe`D+ifs5K8BzJbEDM0P6ipD=~mVl|&4M8P!v1i0&XstWy7F)I`} zEP{tI&S2rgimpeF*XnC-eL#>>cunvWUrzNJ2&v z_wpA`y#{t~@G}ryGlNW?8YV zTb~>F;?Ei4#rmlvUbZ=*6h*G^SK8H7N0yRPuE4 zqOpH4(Zfq`B6hHIsJ5mVw(=Vn6aIOrqiOuAgl)#iF470qiWc)rqqGrYzP}`qzUj$2 z73DiFLb!sYxlBb5IN>vgR>;78v^kp5M@~nZ;5@Bh_A4hca*@Z=pfPapEE59W?3dto z>>a`4FX~P8YEVr&_0!ni5j{}Z@im4(Cf(yc7GNGYThOf0m}8@Y2zh9Kh*OVYmd#{X z2bOU65iDuNdMkP9vU)c4x6uMnl-(ATaQ}Zjn*r_Qu_B|5B>Q$BGIiIbyQJsxB32sn zxJta0Vc(7w7EKok#_Bd}hgkBhY~{;7IwkAYHbq<|ZCC)R4n3wnTwiLR1P;fT1Nv`j z&4*#cM#jFAnLk$QOcL8rm0bJ$qj-x`(v9uny-0sAf*kJTp}&`OO)~G_>_1rAA6PX2 zc4Ha!@_1=cGY3@&NuJG*I$ZWg#8vVK88uTVhDRJGlm_)fo}(~DUI2_p?ECqmw1No( zI=ELWyhu*sE7pnGy4T7TMsAuMUoie!FDdDV5YgWFk>_xxURwdqQR2feFeZ_dIvSF* zbCf~sW(uJHrg3RC|D3t$x=t-wr7w^6->o8wtYpwO9M|OV1a>)x!8Z(uns5M(#In-`&>b&sDqBtD$!>Rv zjY^|{lj069INX$|yj(9m<4gvQTbO(1fB)wAuW{+8g=g+6)vdjr94O4PvTuD3_1WKd z7)^bO%5NeTHFisQw^-AwuI-Ry;)K8UJyMB66Jor*9-c6ub7b{GV6lR>DOl5KX=J7G z>R_EQ^7o!rZi}f~Io@F64bM=rA-Ew82Uw>HvpIQfF*t-+Y)J0ykkRaLR~|iTFFvP zZ_izW!q`B5<|1e3T;Hu-{j~Lrr}g`?*fZ;aHf@iL-79TarV3~aMu62}Ihxp5P{I&B z9q!&uT9y$HT!H>5-9d1)DHa{Mq}Jpa$&OV95L=TG0D~kYb@4BI^w%V1qpV`fFq2NE zg2?QmOAZ8J(}#HqSjSDy!J=G}DL-FWXWi!}f4sySl#Dgz8+{$Y=z!{W@0>3fqS&MhrJq@%4SO2vK6y&HXV^)&=r?rQe2;iSuZ`?x$-u({;V;(4q((D5{GYkWS_7GO7H1_aYo zxDjT33(FUa`nTB)7d6JA&^Z2qj(m3rfijvXel@?K{ps3=cj7pyR8>>M3Bc#RpMfg% zW_xfq%Al5$UjQoAFM?q|TY(pR^$ia7QqD2q9cUoC^{f8B*YSr84sV{dCezMf%(!os zuuz%F2yV~lC%pm%%QjZ4_~V)G=lsYL51m>ab#i->le6xt&(nYb_NNzpvxWwOwvX~| zL<>0)ePYwXDgC5{|w5U6>#3gM$nqoxEV;jA=iq*q;*l9MDbaBFC zyL@Q)B%;KumRls=BPV<|L$WifhyeN!*Ub)MUT4e8_tz*1vK{oC;Bd4 z!E}iV2y-X%<@uPZqF9xjv@5A`zyJz%Ukf;4E2zx??c+?LGP(6)U1ARj7b)=qx#|wr{A$j`&9~j&f8eHaP`cyVb?sZs z{t8c!`dt3LzTJq`t+kq7ht_u==;ZRA3BQj4*5IG+*AFDDU!RKNNdd?jPB)HiElw{^ z>+@j5`sBJeMeV2JSf)H0wUM-1o2^0h-sXvc{8E5^U87A5@nGg>Q>N$ro<^JR6Es>Z z^Y4)*haW6{+G6#qBrtIAAah@ZZ(5IJIxoL4o=T7ev){A1y!+3Hdt%{c<|P302Y97( zxjj*bi>NDe5l;`g`^PrF?>xG-d=ug`iED9sxU6PQ%NC~OTlW{N56A76Y}%f#tF5L> zc6LD1$$)PHP#|OpEhg(yJ+1*lGj*V2!Cd@w(P!km?&a9+{~QnCkZi`m<)`wK!3L(W z6zc~P=ofQC&@SfG4o6%M=Zvf~@jS1Jr<3BcjLe3Ac3#5ze$3xy=y-Gdpd!mpDEhlxCKdO$_~`Z7e4h0 zTDdA;)c*+av9#2!U)WD%vKh#IQTJt9ZpdMMjSc=n-++?EM} zN`(#SU4knB)>#C|-H%MdSG+G2OVkRLIt~Q`Zm4edke*LDo&W6!1jI}H0F0nUksRJ4 z)F|lbCe_@gJB(asgHG|#UxZ{A+t8(Mrc_s3ioh@0;d+ppm~&4_!F~bS0U(2o1z-=P zi?EflPeU(fZ`OO{Z5EU#Z62X#Ww>fpwkwrO+)ZYGvv^YJ?SQ)MVQv)2F@JJp4c$T2A%~|9Nz> zp8BPFEWpsAD}$T7ieVTA`qvq!`o@dYkFxX-PHh9+=ymS_iVfbYNUU-wuL*4$0FM0Q zwKJ+e#E^|!Kr`b)m3*b0u{Ow@-*mecow=8^`TVn7#W><9wU}Sbrxt*B`#1gmYh&J} zA@wu*{CT=r%>MIe-ULX?arpH~In_uxeJZ}xD}saLmXVbd`y_iDTz>%3=Ikp}jrh0m z26pEmUB#CXq6g1M_lNz1@}nmEwp#Tv(}@Kx>&z|pWUu$B#g@OzwU>_X(nalFV0GB+ z8puM_m$cLWtnO3ah+KUVxKAQq^ULJV z)N${WDlinf@ctd2V!}%v1N+Yh-%2lwfJN^!Q>HHGU&CC=(|xhvascDEX0{#Dknb?o zE1m+CfaQv-X=sU)c7OxOceB60+>$mtFT$8H(dzBdfe*|_AX0A( zu{mH0a@-PpujkE60a7C=hwl;ZX(HCU?;xBX|Gj^KtO^#q9CJv@XM;+ThltWHubapw zXNS~L)jl0rB*`D+sDfwRIIaM_y%*D&&<$*Z+yU?Y2evm{B!ki^hDz7p8~mS7fCWM~ zRtYe#xU2{z89e>dnubRQ=xwK+Xs&<~6<#?abNA2Rgw>d9*0cYyMF0Auf(K!xkpuxM zuj#72B^^s;`yc;n4*qFouS42jCi9*EjKuXh5@8Dfkvj%4+voOH=R(_RN($ACHzX|B{~5)< z#u7;P_g?;+@AVFB9us~T2G&V)T;iSTL&Ae|#68rd;{S|6Dz*KuIJY#Z%lBIQmE{j# zNf^ZR;K-AhdtSh4H~l9i@$b1hM6p?FoPIv}^E_tYv4!^lfQ|pbhwWNotu2iG?cJz! z%D&wH9f+g+=iX>SR{(>*2(0cAkPE3*%H-dwLo02=K-v^;!8olc`uDZ{@9lkv7Cb^x*B*d)RFH00#k1_* zWi?%#ID1^PB#im(;ZnGLvf%#=pX!?~!o~JTH5zO4I6jMxDY?&O8~|Jws@J!8@}{AX z2Mc$8()|CvLmCh(@;rwQa5$FeHBiApwMm|DEjscPtrYWuAiQ=;&e1U?RT@B0l!e zygV8aT!Ym3goO8o9%J9*OvhA6&B6B85BmVkEKv&&MWOP%+fqi(ZlC5vw3Fpz>YW6~_E0kCGb*rLpZxR{GJ zE3He);X5Dm<+QD=iW5Ql3xGC}IRMN($FXahF43$f;m{#Iil0AN3Y{S=#Xkmg3x!W@;~fVB93Ej%t0 z0*V&WDRA+$+&=9UX4?#YXW(|)R@ivz3_)wbNq(%sUR!=9d8udmMP|8-mAnK z`d4Mhda@t}@K*-W`FAO-fqZXlrW8dofL4f4kV}%f12WRJUMDTH&wv)#yuRB~ei%}m zVKLREK`s=<=Pgm>|9XqfV7M*sibLZwsoTFO*WRzB)@b<5r%47$?bRA1sHP+#jot%<}Im>Mt%Z90{`%C_mK#`Y8+j zanx^SVE}x>v{8uKwQ}5bcf2Ew%X*t$FCA?DrIVCDeC9NgcO*ho>NAetaPTU6dB+w} zNAx>sim^1VA)v}Gz&cm?x!PWm1JvC;dA&E;r&DitB*kaKsC0Bt-gdo}^o#HDZ+{Fj ze9zu(s$9s&Jw^+1cyEI?}0rhRw5wNcA-l^%;k6M2DE(D=WMW56Sw{|nddaIEV=rt-NO z%gJbkUZAb87C46Ue??wb5^i7RL|}rfV$P^{HTm5REJvr)P3|5q###hie}0HL1k|)@ z|Ate5KYj=_wb?%M5n>DsmbF~#5DR-lpMd`Tn)hRZ@9EPmGpWQybD`nhm_(ufYgDGBk}2>^~g*$+#c|6xl0 zk$p0DmCg8DOqqj%Hy}n`p{{pZ$+`ge%lm_Qya}zRZi7|6VkXCQC_3qW>FN}}@YZ*= zLje1(kirWCWX0y60oABQS^7-VzarDhR7tzp^0Fjtl3>}#DVO2@Y3-zv;ATF>e_8_f zk#bv2y<-g?F!ctMrXTLxrCe7%-fDS%XdE+mTJ}1b2P~mk6h6y2xECmqOT?A!$kQFC z+cgdt_&vFJ9ai=|rd&AOF64z{zB4FVjzszNM&f^2{Bt?~!x7+e&#uSJcA3$3?b*`Q zN|tEC9U^LD7+^4XH1Iy_(I`|R^*SG*_n~6P4mnf#@lL0^P&xZpzs19y-Sg5S`$(WX zyS9#r2uV)k>M*xM@8^H*FJOxUQjq%R6sqW$yQi*t5}^k<`ce55Uy=N8g#f?8r>dAy zy?Cy|sLKY}$8jaN5jQ7*r1}@WBH+$d2!zUbGd>8T0I{(7FS38dO#h6WC=5|lg5GKx zGv_0|e0?gLj?J())hhZ%%e1s{ ztDYcWfzNJ9TyX#AtoQiCZAH;3Wmo_wy`~FYVEE%lwa59N! zAPo{CA~7Icf+9o5mPSAnm6V}DN*GE&38h14lnz1Z@LTWR=XV|E>~lW<@KW)bdE

        MTqAnOmQ;gPuCHRfnC8w&g#0-gz?%~rSbaU`>RwD=UmwM8H`<2( zogqLT-yP?HLQ@JqEhdFMTEGASFK6|LK4?Yd06qSX6H*Nrq4b?5>$682&*>bAYmMxG zW4>e++VSMH6+-5%M7HY~N0H|!Lx>Rni*>(yc*GbI)q1VfsxA*XTw{B*>cjo}S|F4( zS3mDAe}-={=LvJ~W!_YP;x^XSPsmQ<7POPjy@TTs9n8IRjVm03T}Gj)tdtNX^P%;4 zJyd7i;jDD}_fn;OLEIdACeHa~{6yQPEkU9ADBZ&J^Js(!F%Lx|8!=Trz`uOtWJoYs zfMt%k@3JbprtkE#5Tot21&W<+3+-Z&(aP2cMypz%b>SbPcR~*7aC{dYIO<<9{G2Ej zU=##NAa(o{&4*Jc%VAq}7iHqBjo-REu-miPr>dl@yNF)am4kHt*rptM*WAGiZQPL{ zL^1Cf`rRMC(U+z`Q@9G3?!RS6aMeA_NE$avZ(-Xmb)7Yv=!AYODxDCS`>L&T$J0%ruK!1Lg-|69!fv>GS*KB008@Zx$(*zxi zII-8@Al!i{xwXNd;j*=BDr9X}O;k{1|FJDe4vL+tfFx{;xe0i}+`uqF% zNR{iK#I#k=T2;JwcYw+Z1x+F~KZ2rDQ46JgzE|^tB6!&@IHoZS@TZfY~>_O)w zXAd;fq&jFArr8}*puCTNP+t-x8S%JRvH5e7xiNM{!FB3G*~<40O&ud3?41#+MwHW($YY$(2nlt)PdNKlJrWP6Xb(R*eeK?K_cPQ% zdc&N70^=!yqsC#?T@%3$4B>M88AHHEwGvh5&e1##-M*l|5XpRjX|X+mHBYerD?q93 zB)hoKr*M>>`zJkhpgdh`R87u<$A_%DhQ?M<#(n-rXaiM|7UnC&mW^Y*&?QlO zCFOj(r;R^?dEm}a!drkxD&SN(15m6jqYj;Lo$PF1KlW+DZ~ZBpTIuD_^6>ES6~nrp z-aEsE8&vQ(Q5o4$D*FNi$2)Re{~2fzD)U*aYt7X!VETEdC@U_ONmLfd470p{O(d&K zKZPESKjAj%ndO$_Op--^7_nPG&?r{Z<{5A`%tz}L>OFs4A;2AD7)_(1Rr=z^i_Tpx zT+<`6+gVQepK#J|OsabM+ql#i<|IN(lGM$~(4-d==1#Cm8vwG{{q(|)_Uz5_wCse- zV@*tK?(g?r>SQ=_t4EarIg;!gpSr2?L#SfZ5+@AjLI$k&|MFYB&U%spUP3e8>XYK% z-0oit?+6K$EPgIG!mYo0>a$qo-x+TYP=O;kEr)n>~-x*$Ymry@a1lKRb@%+aKZy735`XJ)`h*@V7;7t>Lz z$wCH24e4H!jK;;*p`6yPeT~Y2ZAXsE$|A?&EEH6X7xSlkHX4Vy_Py#C+54wqAIT8vZfa?n{QrLy16)g(>7R5O2oLl^CN%xDXf+< zkL^HE%y&A9a}s~ffsFPF>?Gbd9n4PCgO({I^5CJtq{M~4cpY%Nu|zd*$SbZTIrQ}g zc@sWMav}}b7X;z1N)7$T##Jd~Dzuj()1TE7Q4^5B5)bGP)slZU;6A4G#Kt*lLhhGZ#z35lyjvQ@+v68Ojc^ev8RqzhE~=clp<6$A#WuTUakr zc1X5nj7WO^u-FEF*g`bnSqR(8sae?d!%?WMJ3c$ht$sAcqiZ>vN0y;#5*#QmxWMZlyr?s(Quu5Dn8%wal<8I^c>J;V!C@+tgAoThN- zy7T9NAV_`xAuS*cuTOzCG#c*rIT28=Q7tsDeAZ*^=kaZT4dU zF5L&Dmn>CD&f@Q${`g2rSR=CXHcpTQfI!uNasZrNJP%gMh$^t{@g8k?VY!#OVderBg`<3}$9ut1H01Wf>Y#F{H z?_e0g(lCQzYs^ASOl%(dk&1QXcRwxG|Mve~lnHsc-dIOmh2sKgoXHRW_OS7f$5{(N z;QhaH1Nu(-w)ZAQM8SWfWTAe$w5xyE&-Kl8%33lwRGj) z?)tc%D(N7m@*|E{)7S3{yqqDC`W<|$oXz`_O%5qo_r=j6WU__9TlAr5w|tlc@FTQz z#npFKlhhKh196cUNI)hPS&SXi1-rPr*)LvLUkuv(IW+<=|C<%sOI1*uGwtEILgR`; zzyu#XRapk|4f_N(uUEO)IO*}_(4CqR1Ly5bZ*~B`7Pm)K5^uT(9Q0f+;gIJrTGTUe zRjm?_k2F4S=?VYE->CFXEPYd_RffYzc^M#BA4RPhp1V|kUX;!|eB|yiTKNJ#l4ZWk z`Mzbo{Js4VP=zCe^mV;v!8o$}<5b$AH=zPY)A?zt4JGNcD7%yr!3#HC^_au7#uH25 z3FvBhggXMQ(~=v(P+(M$dn3oB`F*0ul2u&J!w6MI&Zy4`p}sYkudFie3^p-PKfv?n zzq21GC@X_9e4eCIQru;@i;hwH1joCA18>YH23XWiazAp#b46~bP3t6`Q_PZ@eDx-I z^NKcC>ml;AF6*x{`L$^&a$(K34StX~nFF%LqH~ zI9l1GgE1DY$8@Kie)(no64qI0I5_DX5eZ>+v8hsa$zFMb=2e8I*c*fASdMFxb|5O&v5Ao| z4%iDe8DNsB-WlX3Q)kewvothoy0%i8#W5D7`Ff+92CP zIU+e*L5l?U8`wglZ7?5&Ys-g-q&d2QWa}0E_#>2T^Wugc3&UleEJ;yWZID%kSJ-0@ z3+%g8-K%8R3r&W$)|Z^1+?C-6DFg}SLr`rB+x1TcWne6;Zq zgY#rBM!y^NFodZQ-#XWWvPuv!*I**W2mLVfC#vlZjTes89 z^=5~gdNs%QZ^nGkhx~E&M(*{-rlA^}5+ReKZq(K^_comRZjZ>)Y;xX%4i#gQ1vnm- zYqWtu96(g5o|IAUOL9;M;XPQa6AeNooA)#)Gmt19lpCDXIfB%30FoEGe18uD?pOqDc>oR!E22mvHszUgzN{(@0LN}Q2(Fi%tt(1vrk9}p%j5eSWF<+nSN zzBZ#F2-h&6CX=jc=wzvb{nP3X&!RrSQY0KR82h(}0!jc1+TmuTu$56QmGEBru~zDH(ATe{t;+bkH(PUiVdkNC{h^`8jdq?c71{FyJ`}{{o@6D4 z^&f!ok&-}d-hC)+)qIz6$#)i*URGZ;U(!5*0KlJybC>pqzc8tTDm>US;B-;R)<@B@ z0eim8GVb}u*-@kQw_n&AM5ajOLjpqCy8-Es4E<(;=>j1fH-ENX&*C`W9%IKEO!D&e z%4QGP=}8baofT>XUHw~CjDC`4b127SU^7eJ*NBR!4KOVXa{p538jBT<-|2> zPPAE%h91C{BT6BHazy{MWS_$5&Ti!>1s~Nfzh{_Hnx~a4hB}d~)t{4nRfyLs@h#x| zxQRoB-LZ?^oWcyTX$c9paWdi#!=>#Mx5lqs&IQf9F6}BL>zc~e?9@#hDp6$JC(rrU zG6x1>Ax?ICaJV#MtwBJzLLF^Pw$wyyuJXPm4jYO2po&1k1RV4{+IsX_iKkPfTN3E7 zGlW>|mqPbOmt9Bu#TB{^ht1;e<(|uyBI(#g{QHO-iG$9 z1&sOZA5KFx&2N@$Z_PLOO_qQ{<_V`}H@fKxj!Dtm=roSm$%vyOyxXYEltCK7Bq5e+e{jDgRt) zzI~4vEK>>^JaN~lC*Ha=U(VRQ$Vtf){gCfvGLMCGruCB)vXi7ps>#gv+s~*m3Ma^7 z8gl)%*HEJUFtA~P*8ICgiDk*r}qJ`QKp=34vs~lhcU8 zVHGXcZ>)thc_Kh~<$C(*SWKbu+YgAsh$z-I@jIn`+9hD6=k4XZlTWUtz?)37(bU&X z6kON?)gqaOBnC{Z!s$iIk=Z}SkvXiR*_!m`Mmd$N%f&Vw^G%fUr3itCpm_@l@r8(r zvUgAsEu+t>)586BACA3-g%gkR?6&D(}N(z>5x~;{8WKFi7URgB#}3X#5Srx8pQ_& zctFZSnj*E%6j@0j;5O0+G&_J2%O#&8}maY3(uob#TO=g z`z{s2bLMB3a?V5~E>wD@if@B-8<#SykT&0wOc7aKUrQ4(2PH0qXqh$e`9qTE&V-Grz9!@$erS5=+N84 zMYkRz!Vvh%2xE1SGkmt;Gk06{fj(F%HL!bqi*-kk3(O5#YULEohcn_4a5b-^uuY6@ zO=viTs7Snk39W&ivuSN&)e^BB^u)WqQjpsqnF?nR13~sKNR6eC2RF$R=fdL87-fgW z?@043DRFQoQ0LAtYLhNqTK}Fo9qms&jxjfRb~E4LmUWcc6YfX!LPk%Lj~(kVEjKaD zGs!7tz2B{9MhbxMGuUVr3kFnsx?~dB1NBAJAby4SgyayF#s$1c!F%!(LCf#QEtwR%PVP;{pU!)HsU@Wo=fj5+k6g!?n3Pf1LRInC&~r){ zUh~@n$oH{#k-8s3Ri*Pp@6?gu!ht!~wB?!;y&3^h5{$VZu7)cKJAZW#Q{9UDb@;4^ zVTK{JAJS$?liec~SGrJX#O?Wz;`|$Ali|k1n+u99$II61O?$y)V)(<~i;hyQA?s@Le7Q-nCm?-0X9z?SKYBzfs z0CW-FZLyIrOqc3^*CD)rvMbg0IMewesMiiJx3Vv3DySB2gRushHT>^RrMX6l(9u`K-k@0B&$<3ZbkhcNiIl7-9wHq+Qc!q;sdA@Qu9 z7QOtW`Zmr!{|Wx1S>HHuaB=hnx4J`S9XI@t_f1T1{gL>+7fZe}--tZStFk&>X{ zOT~wWH;tNa#Xu1!7^zpfw{eDCI(bCETj)HAONQ|IU&C0Uxb!Vjp^fT_oMnC?b{K+Y ztf3EsXliP?^H(Jwd?Sg7Q8XLORs9EOUU3+wm1ovM(-(B}bL zlqQSYZW*;hohwS@pxgKOn@rHxK{1qjqxdvckNqtWnuN8shAW7_9A>sLaEAH7{J9&) zmYK);3r*)tlhJN!4~kKd18#Huo4r~+Blkwiy9T3ruY8g~EUg}XE$>+_i|f4soAFBs z&tsik=z^9mrkm5@!qsiLQ1%#jmA-uXRhlIk9{vZ?!6shO!%Qu38QFKeubyFvl5m3= z8P!~PWwYBBQV|11Yd}BW0Nbh$weey&%F#3N_M>}L&4{LgZo~alt3dQogc@*5N*QD| z+5f7J4L}6t@Ov$^d1dwkA3mDFoUHt2m=zVQ4T+#zp5*x7-1Yx{chNqeDXdXS^>*s1 zN4kg3-nTz>#AFoOkUTyfr==vAU!!;usWtiUuHN*4Ql9w0)bV}-qR;DNEmhf-O+cDv zr)Qz@UckD1Vvh((h(CMZIi643@Cs=d7ewN$jhs7LMD#l5&_TgwjHSx-tq|79v1G`g z-#g3DwlJG7Ix?aU;@z(~2XH@$Of7*bIRcCwsiY*2_+FTi5lH}j@18tmqTOh^Mw%O< zX+mOLNHBK9idwZ8OrLcn)Yi0zmU)So-ocXL;vw3YEa$osMVmHr5`){Jzpq@mvf4k2 zIEBJ*#98z}P5v$vHOmoYy_Gic%#AaBS0g@G2K?Tu)9QOfPAhgq^4l0^-5aE|_fgqd z9w0iZY4s4j$(Mp2U|yA=WOgJzND;MCn=JR{CJBXyE!88h7`dNoWU5e;CE!6@+906j z@=GGTklD4^hBx(l)zKG#^p#|=pAH*306q1B`OT%Ed3bfWM6<~ub{>DW-(S|WB9`Iu z7Q{6JfR3X&enAW8LaaJlyNQmI3P%rYasDm-*US4cjU=+!jF=XFqF_l)N>z+oJ**e8!Fy_>HAj9J@%D{n>PUShtv}R1en(SO zY4gRO+Qn6_Q{EImetc~z@ZDS)4`RWlCOHk2Ll!?}xLyesGXJssV$G0E*nD9_uWpAa z{I9%8MV3{0f2KFtm@_C8bcS@Pxe^QaZ2jj{o=62#ce-`hyS z!jv!#={-bV+?=|XXC+G?eW%i-L}(~4N1bKpl%RoyNbRpUkAV}}$y|xtgD?TLi2TK= zwF9LAL<@&1FpXBB=&_3NEhHoZq4%34JcNM6dfR8+u2}w!VF{lrn-f)Wr7kit7xkwE zx+&J-TU+efEBW1aAUJl`SxEJ)07_&_Re`Pc%5AS(&vnyhpfZUCRnk0gjz=B2u?lk|_Nmrr zt_Q(MVj3WuOjuEp5vCv8OU$WV7|lI$g5?gll_NdgEcU(n$d*@nXQ)woF`zh-O=7r} znNWDe99D4&*wa5J`h<->ur|j`{RT^ln*JODphZxKBO|L2D*M7NZsy9#XwF6So2UqN zHQbS&npU+fWm3EfN4wvQdrOX!8?lbgrK>`&JC}6qGk7xBg+Cb{r|mcwT1`dZ^q0zW zOOEcA``Ib(cafje1-O2Rv1tclEERb9U!v8~^aF;uuONXMc$L^gt@Kx6=S6DVuZNy> z&_PgRyhf`d`?W*GW}qHsWc`ojqr~w8yh$5cy*y*@m(*&++Uqa9;BEc1^D=L5CG~-2 z*w570Tg0Lam-YdATPEH#=Zp_aYCEFI1z0hlLVEm}N%*Wiay#Gs&;IW}qq#v>tbBH( z^`AddeF{NI@AsqgDB{J1NOqNolFe-7_D?LL`w7Y5t2&nmM3?p#6u~e#mJLF zr^UVcot1DHktiA<-Dx9&sOH-f#WtF7mc%TV?l0sscRyYtDp?AAB}L3ZbHinMh+{ff z2@i}Qgw=iUmKg*6`vaxds4?8|eNv4#h<&;-?4+PqI3VW6r!pRs)o&L@Dn3?Ar~3=rAagFdkBH}OB}qsydOi#+~)KVllDB+P&!@N=L5`J zVy0N_m8k^|kmMXHqFhiSf-x!_^rZdyhE~8}mJ_~09ARvftiB~-2GuMO2Hs;;BVL>tp!gI z0(14ymv;}vL(nh)$LM3aoWr}ILu+s`TdPBp0l&91%#T#eLwCivQ^#JCwEO%W#AJ_! zL7LyJn~rZImWGZY`aY0_9N{EmH-oP5MZ}qdxHl(mPA`F)JNCRDDh7kK>*MzD-o~wV z224FnZ<}MB_7=hGI=Q?$(`OsKYg3qifvboT7GDTETUdlt zbQrz>xgN$hhu3yTp3ImpK|GdomNquE&}H9El}Uy;G?_@~=9b~A9YK>_&N`(jnw6># zepX}}`NF4bI%N>-HoTx73ME^wmfwEhaoF@S2*pl{p|(^yErsgf9_A6lHrA@u2u!o0 z%j8|f!o`)vbaXX;wXBq1Q;~i8I&1*5PRea z9Wph|sb1g`D~`?O`c_*;~A zf*)ryEML6c$>6kk{O5D?44=h|PTyfp>g%V@jpY8Kg`W-F&~AG$$M*S!&9RC6=xloG zU62$vz9U0x{u(2V3~DuYY*It)Rgr9R!${ps)hUU6^YX>hYta}RpJ5njkPlEq5;|N& zin#}-C8aR$=`0qCCm<&=3^~*!ycGJurgtSs9 zjBkJDnq#CTgtH!_Kx;E$-{KCcSL>9>^_vL3i!HEh4jT_jGu^ecd^!WokKKb&Ye4#O zop);;$E4+vI_LT>q5AkAmSJ}9A1#PZXFwcWpZVuPuP6J4OQwwt|Ly@}-pv~Dcv+vd zd-9~?Q>D~S5zX$fbIm;Qd{^Y*Q2FPrbbC>w699;2x1Uo!66^zQJ8mYus}e)I2#W0P zocZr!1QMS>ZCE&Qwys2AUYd_$L!(=ay0BdDl~)Q4LR($DYm9VAvmmso)Amdd#ow3% zq9RzsdU=TuGMAm0v_hIHoyVjK~q0x*`Jv9uM0*vKh9$BG|EsRLPX=u zB^+2FZf@>&djP~;hukyIGkc}z%j4x+W$7>zPbUT;HCubmetc)$1vXDszXp$d#R*#F z$UJw%pLNb3#4@oCVeA-pv@DHePaYXAxWOsf9^YFlz2D*mbQuO`fF`|lgPY)lR^J2O zQ4@duS4mTq6hVo_^bgPR8n0XNodXz zwB2~Fc3fWO7k&PR&SMhcR;%<|c&Rr3$dU6(sY!SDUPheck}Jk)JC8)Ay;1nj{sqjQr ze(A>afDBf+G*v$0D2@~Dhr_kJH;o!GUyU8Bnp+pSa_cwn6yPPS<9wp5{5q~ET<{ZQ zgkn(ShoHcb3t$yDFAUuStj1Vf63eYVyt_WJ6n#*!7U-vZ zbagAwSEV*e7OCz;-z-TqAoHCXpk#wts^RmX097DteC-v4NfFYki!Ki4(%t1m%a4O( zQ~3ber{Um{!6!M_=0n=$JvqH$4{saQ;^xx9k(XT9`{}5f7FP;&2IdA%0NwcMsAGSA zGW$u<$|qJ_v8NWhc=~4{FC&6k>+wH(lCAZD0j~rxUYJD+&uIVmr(bQLE;*OEe7~&x zg5Y??9CLH_?4GBa z^MAYw`0M}o%fNEBMfm*gpBG}S4$MwQ+K7*6Ya^eon@_$Y-&Gcjm!J4U-~jy6P}No` IRI&*Af7_WwX8-^I diff --git a/website/source/guides/authentication.html.md b/website/source/guides/authentication.html.md index ed7fba64ee08..537a49fb1647 100644 --- a/website/source/guides/authentication.html.md +++ b/website/source/guides/authentication.html.md @@ -29,8 +29,8 @@ backend is recommended for machines or apps. [Getting Started](/intro/getting-started/authentication.html) guide walks you through how to enable GitHub auth backend for user authentication. -This guide focuses on generating tokens for machines or apps by enabling -[**AppRole**](/docs/auth/approle.html) auth backend. +This introductory guide focuses on generating tokens for machines or apps by +enabling [**AppRole**](/docs/auth/approle.html) auth backend. ## Reference Material @@ -51,6 +51,7 @@ The end-to-end scenario described in this guide involves two personas: - **`admin`** with privileged permissions to configure an auth backend - **`app`** is the consumer of secrets stored in Vault + ## Challenge Think of a scenario where a DevOps team wants to configure Jenkins to read @@ -60,8 +61,6 @@ variables (e.g. `MYSQL_DB_HOST`) at deployment time. Instead of hardcoding secrets in each build script as a plaintext, Jenkins retrieves secrets from Vault. -![Vault communication](/assets/images/vault-approle.png) - As a user, you can authenticate with Vault using your LDAP credentials, and Vault generates a token. This token has policies granting you to perform appropriate operations. @@ -89,8 +88,14 @@ unsealed](/intro/getting-started/deploy.html). ### Policy requirements To perform all tasks demonstrated in this guide, you need to be able to -authenticate with Vault as an **`admin`** user. The `admin` user's policy must -include the following permissions: +authenticate with Vault as an [**`admin`** user](#personas). + +-> **NOTE:** For the purpose of this guide, you can use **`root`** token to work +with Vault. However, it is recommended that root tokens are only used for just +enough initial setup or in emergencies. As a best practice, use tokens with +appropriate set of policies based on your role in the organization. + +The `admin` policy must include the following permissions: ```shell # Mount the AppRole auth backend @@ -114,23 +119,23 @@ path "secret/mysql/*" { } ``` --> **NOTE:** For the purpose of this guide, you can use **`root`** token. However, -Vault team recommends that root tokens are only used for just enough initial -setup or in emergencies. As a best practice, use tokens with appropriate -set of policies based on your role in the organization. - If you are not familiar with policies, complete the [policies](/guides/policies.html) guide. ## Steps -Vault supports a number of authentication backends, and most auth backends must -be enabled first including AppRole. +[AppRole](/docs/auth/approle.html) is an authentication mechanism within Vault +to allow machines or apps to acquire a token to interact with Vault. It uses +**Role ID** and **Secret ID** for login. -The overall workflow is: +The basic workflow is: ![AppRole auth backend workflow](assets/images/vault-approle-workflow.png) +> For the purpose of introducing the basics of AppRole, this guide walks you +> through a very simple scenario involving only two personas. Please refer to +> the [Advanced Features](#advanced-features) section for further discussions. + In this guide, you are going to perform the following steps: 1. [Enable AppRole auth backend](#step1) @@ -146,47 +151,49 @@ the commands that an `app` runs to get a token and read secrets from Vault. ### Step 1: Enable AppRole auth backend (**Persona:** admin) -[AppRole](/docs/auth/approle.html) is an authentication mechanism within Vault -to allow machines or apps to acquire a token to interact with Vault. It uses -**Role ID** and **Secret ID** for login. +Like many other auth backends, AppRole must be enabled before it can be used. #### CLI command ```shell -vault auth-enable approle +$ vault auth-enable approle ``` #### API call using cURL -Before begin, create the following environment variables for your convenience: +Enable `approle` auth backend using `/sys/auth` endpoint: -- **VAULT_ADDR** is set to your Vault server address -- **VAULT_TOKEN** is set to your Vault token +```shell +$ curl --header "X-Vault-Token: " \ + --request POST \ + --data \ + /v1/sys/auth/approle +``` -**Example:** +Where `` is your valid token, and `` holds [configuration +parameters](/api/system/auth.html#mount-auth-backend) of the backend. -```plaintext -$ export VAULT_ADDR=http://127.0.0.1:8201 -$ export VAULT_TOKEN=0c4d13ba-9f5b-475e-faf2-8f39b28263a5 -``` - -Now, enable the AppRole auth backend via API: +**Example:** -```text -curl -X POST -H "X-Vault-Token: $VAULT_TOKEN" --data '{"type": "approle"}' \ - $VAULT_ADDR/v1/sys/auth/approle +```shell +$ curl --header "X-Vault-Token: ..." \ + --request POST \ + --data '{"type": "approle"}' \ + https://vault.rocks/v1/sys/auth/approle ``` +The above example passes the **type** (`approle`) in the request payload which +at the `sys/auth/approle` endpoint. ### Step 2: Create a role with policy attached (**Persona:** admin) When you enabled AppRole auth backend, it gets mounted at the **`/auth/approle`** path. In this example, you are going to create a role for -Jenkins server. +**`app`** persona (Jenkins) . -The scenario in this guide requires the **`app`** persona (Jenkins) to have the +The scenario in this guide requires the `app` to have the following policy (`jenkins-pol.hcl`): ```shell @@ -206,13 +213,13 @@ path "secret/mysql/*" { Before creating a role, create `jenkins` policy: ```shell -vault policy-write jenkins jenkins-pol.hcl +$ vault policy-write jenkins jenkins-pol.hcl ``` The command to create a new AppRole: -```plaintext -vault write auth/approle/role/ [args] +```shell +$ vault write auth/approle/role/ [args] ``` There are a number of [parameters](/api/auth/approle/index.html) that you can @@ -225,9 +232,10 @@ The following example creates a role named `jenkins` with `jenkins` policy attached. (NOTE: This example creates a role operates in [**pull** mode](/docs/auth/approle.html).) -```plaintext +```shell $ vault write auth/approle/role/jenkins policies="jenkins" +# Read the jenkins role $ vault read auth/approle/role/jenkins Key Value @@ -247,16 +255,16 @@ $ vault read auth/approle/role/jenkins separated string. ```shell -vault write auth/approle/role/jenkins policies="jenkins,anotherpolicy" +$ vault write auth/approle/role/jenkins policies="jenkins,anotherpolicy" ```` #### API call using cURL Before creating a role, create `jenkins` policy: -```text -$ curl -X PUT -H "X-Vault-Token: $VAULT_TOKEN" -d @payload.json \ - $VAULT_ADDR/v1/sys/policy/jenkins +```shell +$ curl --header "X-Vault-Token: ..." --request PUT --data @payload.json \ + https://vault.rocks/v1/sys/policy/jenkins $ cat payload.json { @@ -276,12 +284,15 @@ The following example creates a role named `jenkins` with `jenkins` policy attached. (NOTE: This example creates a role operates in [**pull** mode](/docs/auth/approle.html).) -```text -$ curl -X POST -H "X-Vault-Token:$VAULT_TOKEN" -d '{"policies":"jenkins"}' \ - $VAULT_ADDR/v1/auth/approle/role/jenkins +```shell +$ curl --header "X-Vault-Token: ..." --request POST \ + --data '{"policies":"jenkins"}' \ + https://vault.rocks/v1/auth/approle/role/jenkins -$ curl -X GET -H "X-Vault-Token: $VAULT_TOKEN" $VAULT_ADDR/v1/auth/approle/role/jenkins | jq +# Read the jenkins role +$ curl --header "X-Vault-Token: ..." --request GET \ + https://vault.rocks/v1/auth/approle/role/jenkins | jq { "request_id": "b18054ad-1ab5-8d83-eeed-193d97026ee7", "lease_id": "", @@ -310,13 +321,18 @@ $ curl -X GET -H "X-Vault-Token: $VAULT_TOKEN" $VAULT_ADDR/v1/auth/approle/role/ separated string. ```shell -$ curl -X POST -H "X-Vault-Token:$VAULT_TOKEN" -d '{"policies":"jenkins,anotherpolicy"}' \ - $VAULT_ADDR/v1/auth/approle/role/jenkins +$ curl --header "X-Vault-Token:..." + --request POST \ + --data '{"policies":"jenkins,anotherpolicy"}' \ + https://vault.rocks/v1/auth/approle/role/jenkins ```` ### Step 3: Get Role ID and Secret ID (**Persona:** admin) +Think of **Role ID** and **Secret ID** as the username and password which apps +use to authenticate with Vault. + Since the example created a `jenkins` role which operates in pull mode, Vault will generate the Secret ID. Similarly to tokens, you can set properties such as usage-limit, TTLs, and expirations on the secret IDs. @@ -325,6 +341,21 @@ usage-limit, TTLs, and expirations on the secret IDs. Now, you need to fetch the Role ID and Secret ID of a role. +To read role ID: + +```shell +$ vault read auth/approle/role//role-id +``` + +To generate a new secret ID: + +```shell +$ vault write -f auth/approle/role//secret-id +``` + +The `write` operation is equivalent to `POST` or `PUT` HTTP verbs. The `-f` flag +forces the `write` operation to continue without any data values specified. + **Example:** ```shell @@ -340,44 +371,59 @@ $ vault write -f auth/approle/role/jenkins/secret-id secret_id_accessor a240a31f-270a-4765-64bd-94ba1f65703c ``` -To list existing Secret IDs after creation: - -```text -vault list auth/approle/role/jenkins/secret-id -``` #### API call using cURL -**Example:** +To read role ID: -```text -$ curl -X GET -H "X-Vault-Token:$VAULT_TOKEN" $VAULT_ADDR/v1/auth/approle/role/jenkins/role-id | jq +```shell +$ curl --header "X-Vault-Token:..." \ + --request GET \ + /v1/auth/approle/role//role-id +``` -$ curl -X POST -H "X-Vault-Token:$VAULT_TOKEN" $VAULT_ADDR/v1/auth/approle/role/jenkins/secret-id | jq +To generate a new secret ID: + +```shell +$ curl --header "X-Vault-Token:..." \ + --request POST \ + /v1/auth/approle/role//secret-id ``` -To list existing secret IDs after creation: +**Example:** + +```shell +$ curl --header "X-Vault-Token:..." --request GET \ + https://vault.rocks/v1/auth/approle/role/jenkins/role-id | jq -```text -curl -X LIST -H "X-Vault-Token: $VAULT_TOKEN" $VAULT_ADDR/v1/auth/approle/role/jenkins/secret-id | jq +$ curl --header "X-Vault-Token:..." --request POST \ + https://vault.rocks/v1/auth/approle/role/jenkins/secret-id | jq ``` +The above example to generate a new Secret ID does not have any payload. +Optionally, you can pass +[parameters](/api/auth/approle/index.html#generate-new-secret-id) in the request +payload. ### Step 4: Login with Role ID & Secret ID (**Persona:** app) -To get a Vault token for the `jenkins` role, you need to pass the role ID and -secret ID you obtained previously to the client (in this case, Jenkins). +The client (in this case, Jenkins) uses the role ID and secret ID to +authenticate with Vault. If the expecting client did not receive the role ID and +secret ID, the admin needs to investigate. --> Refer to the [Advanced Features](#advanced-features) section for securely -distributing the role ID and secret ID to the client app. +-> Refer to the [Advanced Features](#advanced-features) section for further +discussion on distributing the role ID and secret ID to the client app +securely. #### CLI command +To login, use `auth/approle/login` endpoint by passing the role ID and secret ID. + **Example:** -```text -vault write auth/approle/login role_id="675a50e7-cfe0-be76-e35f-49ec009731ea" \ +```shell +$ vault write auth/approle/login role_id="675a50e7-cfe0-be76-e35f-49ec009731ea" \ secret_id="ed0a642f-2acf-c2da-232f-1b21300d5f29" Key Value @@ -395,8 +441,8 @@ Now you have a client token with `default` and `jenkins` policies attached. #### API call using cURL -Notice that the following API call passes the role ID and secret ID in the -request payload. +To login, use `auth/approle/login` endpoint by passing the role ID and secret ID +in the request payload. **Example:** @@ -407,8 +453,7 @@ $ cat jenkins.json "secret_id": "ed0a642f-2acf-c2da-232f-1b21300d5f29" } -$ curl -X POST -d @jenkins.json $VAULT_ADDR/v1/auth/approle/login | jq - +$ curl --request POST --data @jenkins.json https://vault.rocks/v1/auth/approle/login | jq { "request_id": "fccae32b-1e6a-9a9c-7666-f5cb07805c1e", "lease_id": "", @@ -451,7 +496,7 @@ You can pass the `client_token` returned in [Step 4](#step4) as a part of the CLI command. ```shell -VAULT_TOKEN=3e7dd0ac-8b3e-8f88-bb37-a2890455ca6e vault read secret/mysql/webapp +$ VAULT_TOKEN=3e7dd0ac-8b3e-8f88-bb37-a2890455ca6e vault read secret/mysql/webapp No value found at secret/mysql/webapp ``` @@ -468,7 +513,7 @@ $ vault read secret/mysql/webapp No value found at secret/mysql/webapp ``` -Since there is no value in the `secret/mysql/webapp`, it returne "no value +Since there is no value in the `secret/mysql/webapp`, it returns "no value found" message. **Optional:** Using the `admin` user's token, you can store some secrets in the @@ -498,9 +543,9 @@ You can now pass the `client_token` returned in [Step 4](#step4) in the **Example:** ```plaintext -curl -X GET -H "X-Vault-Token: 3e7dd0ac-8b3e-8f88-bb37-a2890455ca6e" \ - $VAULT_ADDR/v1/secret/mysql/webapp | jq - +$ curl --header "X-Vault-Token: 3e7dd0ac-8b3e-8f88-bb37-a2890455ca6e" \ + --request GET \ + https://vault.rocks/v1/secret/mysql/webapp | jq { "errors": [] } @@ -508,12 +553,11 @@ curl -X GET -H "X-Vault-Token: 3e7dd0ac-8b3e-8f88-bb37-a2890455ca6e" \ Since there is no value in the `secret/mysql/webapp`, it returns an empty array. -**Optional:** Using the `admin` user's token, you can store some secrets in the +**Optional:** Using the **`admin`** user's token, create some secrets in the `secret/mysql/webapp` backend. ```shell -$ curl -X POST -H "X-Vault-Token: $VAULT_TOKEN" --data @mysqldb.txt \ - $VAULT_ADDR/v1/secret/mysql/webapp +$ curl --header "X-Vault-Token: ..." --request POST --data @mysqldb.txt \ $ cat mysqldb.text { @@ -529,24 +573,38 @@ This time, it should return the values you just created. - ## Advanced Features -To keep the Secret ID confidential, use [**response -wrapping**](/docs/concepts/response-wrapping.html) so that the only expected -client can unwrap the Secret ID. +The Role ID is equivalent to a username, and Secret ID is the corresponding +password. The app needs both to login with Vault. Naturally, the next question +becomes how to deliver those values to the expecting client. + +Common solution involves **three personas** instead of two: `admin`, `app`, and +`trusted entity`. Furthermore, the Role ID and Secret ID are delivered to the +client separately by the `trusted entity`. + +![AppRole auth backend workflow](assets/images/vault-approle-workflow2.png) -In the previous step, you executed the following command to retrieve the Secret +For example, Terraform injects the Role ID onto the virtual machine. When the +app runs on the virtual machine, the Role ID already exists on the virtual +machine. + +Secret ID is like a password. To keep the Secret ID confidential, use +[**response wrapping**](/docs/concepts/response-wrapping.html) so that the only +expected client can unwrap the Secret ID. The `admin` user don't even see the +generated token. + +In [Step 3](#step3), you executed the following command to retrieve the Secret ID: -```text -vault write -f auth/approle/role/jenkins/secret-id +```shell +$ vault write -f auth/approle/role/jenkins/secret-id ``` -Instead, use response wrapping: +Instead, use response wrapping by passing the **`-wrap-ttl`** parameter: -```text -vault write -wrap-ttl=60s -f auth/approle/role/jenkins/secret-id +```shell +$ vault write -wrap-ttl=60s -f auth/approle/role/jenkins/secret-id Key Value --- ----- @@ -557,10 +615,11 @@ wrapping_token_creation_time: 2018-01-08 21:29:38.826611 -0800 PST wrapping_token_creation_path: auth/approle/role/jenkins/secret-id ``` -The client app uses this `wrapping_token` to unwrap and obtain the Secret ID. +Send this `wrapping_token` to the client so that the response can be unwrap and +obtain the Secret ID. -```text -VAULT_TOKEN=9bbe23b7-5f8c-2aec-83dc-e97e94a2e632 vault unwrap +```shell +$ VAULT_TOKEN=9bbe23b7-5f8c-2aec-83dc-e97e94a2e632 vault unwrap Key Value --- ----- @@ -570,8 +629,8 @@ secret_id_accessor 7d8a40b7-a6fd-a634-579b-b7d673ff86fb To retrieve the Secret ID alone, you can use `jq` as follow: -```text -VAULT_TOKEN=2577044d-cf86-a065-e28f-e2a14ea6eaf7 vault unwrap -format=json | jq -r ".data.secret_id" +```shell +$ VAULT_TOKEN=2577044d-cf86-a065-e28f-e2a14ea6eaf7 vault unwrap -format=json | jq -r ".data.secret_id" b07d7a47-1d0d-741d-20b4-ae0de7c6d964 ``` diff --git a/website/source/guides/dynamic-secrets.html.md b/website/source/guides/dynamic-secrets.html.md index b316b11760d3..eb6480e2465f 100644 --- a/website/source/guides/dynamic-secrets.html.md +++ b/website/source/guides/dynamic-secrets.html.md @@ -1,14 +1,14 @@ --- layout: "guides" page_title: "Secret as a Service - Guides" -sidebar_current: "guides-dynamic-secrets" +sidebar_current: "guides--dataynamic-secrets" description: |- - Vault can dynamically generate secrets on-demand for some systems. + Vault can dynamically generate secrets on--dataemand for some systems. --- # Secret as a Service: Dynamic Secrets -Vault can generate secrets on-demand for some systems. For example, when an app +Vault can generate secrets on--dataemand for some systems. For example, when an app needs to access an Amazon S3 bucket, it asks Vault for AWS credentials. Vault will generate an AWS credential granting permissions to access the S3 bucket. In addition, Vault will automatically revoke this credential after the TTL is @@ -94,8 +94,14 @@ summary of basic commands to get started. ### Policy requirements To perform all tasks demonstrated in this guide, you need to be able to -authenticate with Vault as an **`admin`** user. The `admin` user's policy must -include the following permissions: +authenticate with Vault as an [**`admin`** user](#personas). + +-> **NOTE:** For the purpose of this guide, you can use **`root`** token to work +with Vault. However, it is recommended that root tokens are only used for just +enough initial setup or in emergencies. As a best practice, use tokens with +appropriate set of policies based on your role in the organization. + +The `admin` policy must include the following permissions: ```shell # Mount secret backends @@ -114,11 +120,6 @@ path "sys/policy/*" { } ``` --> **NOTE:** For the purpose of this guide, you can use **`root`** token. However, -Vault team recommends that root tokens are only used for just enough initial -setup or in emergencies. As a best practice, use tokens with appropriate -set of policies based on your role in the organization. - If you are not familiar with policies, complete the [policies](/guides/policies.html) guide. @@ -152,24 +153,28 @@ vault mount database #### API call using cURL -Before begin, create the following environment variables for your convenience: - -- **VAULT_ADDR** is set to your Vault server address -- **VAULT_TOKEN** is set to your Vault token +Mount `database` secret backend using `/sys/mounts` endpoint: -**Example:** +```shell +$ curl --header "X-Vault-Token: " \ + --request POST \ + --data \ + /v1/sys/mounts/database +``` -```plaintext -$ export VAULT_ADDR=http://127.0.0.1:8201 +Where `` is your valid token, and `` holds [configuration +parameters](/api/system/mounts.html#mount-secret-backend) of the backend. -$ export VAULT_TOKEN=0c4d13ba-9f5b-475e-faf2-8f39b28263a5 -``` +**Example:** -Now, mount the `database` backend using API: +The following example mounts database backend at `sys/mounts/database` path, and +passed the backend type ("database") in the request payload. ```shell -curl -X POST -H "X-Vault-Token: $VAULT_TOKEN" -d '{"type":"database"}' \ - $VAULT_ADDR/v1/sys/mounts/database +$ curl --header "X-Vault-Token: ..." \ + --request POST \ + --data '{"type":"database"}' \ + https://$ vault.rocks/v1/sys/mounts/database ``` @@ -197,7 +202,7 @@ command with correct URL to match your environment. **Example:** ```shell -vault write database/config/postgresql plugin_name=postgresql-database-plugin \ +$ vault write database/config/postgresql plugin_name=postgresql-database-plugin \ allowed_roles=readonly connection_url=postgresql://root:rootpassword@localhost:5432/myapp ``` @@ -206,9 +211,9 @@ vault write database/config/postgresql plugin_name=postgresql-database-plugin \ **Example:** -```text -$ curl -X POST -H "X-Vault-Token: $VAULT_TOKEN" -d @postgres-config.json \ - $VAULT_ADDR/v1/database/config/postgresql +```shell +$ curl --header "X-Vault-Token: ..." --request POST --data @postgres-config.json \ + https://vault.rocks/v1/database/config/postgresql $ cat postgres-config.json { @@ -221,7 +226,7 @@ $ cat postgres-config.json ### Step 3: Create a role (**Persona:** admin) -In Step 2, you configured the PostgreSQL backend by passing **`readonly`** role +In [Step 2](#step2), you configured the PostgreSQL backend by passing **`readonly`** role as an allowed member. The next step is to define the `readonly` role. A role is a logical name that maps to a policy used to generate credentials. @@ -245,7 +250,7 @@ if Vault is offline or unable to communicate with it. **Example:** ```plaintext -vault write database/roles/readonly db_name=postgresql creation_statements=@readonly.sql \ +$ vault write database/roles/readonly db_name=postgresql creation_statements=@readonly.sql \ default_ttl=1h max_ttl=24h ``` @@ -257,12 +262,11 @@ statement is passed as the role creation statement. **Example:** -```text -$ curl -X POST -H "X-Vault-Token: $VAULT_TOKEN" -d @role-payload.json \ - $VAULT_ADDR/v1/database/roles/readonly - -$ cat role-payload.JSON +```shell +$ curl --header "X-Vault-Token: ..." --request POST --data @role-payload.json \ + https://vault.rocks/v1/database/roles/readonly +$ cat role-payload.json { "db_name": "postgres", "creation_statements": "CREATE ROLE '{{name}}' WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}'; @@ -308,7 +312,7 @@ $ vault token-create -policy="apps" Key Value --- ----- token e4bdf7dc-cbbf-1bb1-c06c-6a4f9a826cf2 -token_accessor 54700b7e-d828-a6c4-6141-96e71e002bd7 +token_accessor 54700b7e--data828-a6c4-6141-96e71e002bd7 token_duration 768h0m0s token_renewable true token_policies [apps default] @@ -330,7 +334,7 @@ $ vault read database/creds/readonly Key Value --- ----- -lease_id database/creds/readonly/4b5c6e82-df88-0dec-c0cb-f07eee8f0329 +lease_id database/creds/readonly/4b5c6e82--dataf88-0dec-c0cb-f07eee8f0329 lease_duration 1h0m0s lease_renewable true password A1a-4urzp0wu92r5s1q0 @@ -347,17 +351,19 @@ set of credentials. First create an `apps` policy, and generate a token so that you can authenticate as an `app` persona. -```text -$ curl -X PUT -H "X-Vault-Token: $VAULT_TOKEN" -d @payload.json \ - $VAULT_ADDR/v1/sys/policy/apps +```shell +$ curl --header "X-Vault-Token: ..." --request PUT \ + --data @payload.json \ + https://vault.rocks/v1/sys/policy/apps $ cat payload.json { "policy": "path \"database/creds/readonly\" {capabilities = [ \"read\" ]}" } -$ curl -X POST -H "X-Vault-Token: $VAULT_TOKEN" -d '{"policies": ["apps"]}' \ - $VAULT_ADDR/v1/auth/token/create | jq +$ curl --header "X-Vault-Token: ..." --request POST \ + --data '{"policies": ["apps"]}' \ + https://vault.rocks/v1/auth/token/create | jq { "request_id": "e1737bc8-7e51-3943-42a0-2dbd6cb40e3e", "lease_id": "", @@ -387,8 +393,9 @@ Be sure to use the returned token to perform the remaining. demonstrates more sophisticated way of generating a token for your apps. ```shell -curl -X GET -H "X-Vault-Token: 1c97b03a-6098-31cf-9d8b-b404e52dcb4a" \ - $VAULT_ADDR/v1/database/creds/readonly | jq +$ curl --header "X-Vault-Token: 1c97b03a-6098-31cf-9d8b-b404e52dcb4a" \ + --request GET \ + https://vault.rocks/v1/database/creds/readonly | jq { "request_id": "e0e5a6c1-5e69-5cf3-c9d2-020af192de36", "lease_id": "database/creds/readonly/7aa462ab-98cb-fdcb-b226-f0a0d37644cc", @@ -409,7 +416,7 @@ curl -X GET -H "X-Vault-Token: 1c97b03a-6098-31cf-9d8b-b404e52dcb4a" \ (1) Generate a new set of credentials. ```plaintext -vault read database/creds/readonly +$ vault read database/creds/readonly Key Value --- ----- @@ -442,7 +449,7 @@ The `\du` command lists all users. You should be able to verify that the usernam (3) Renew the lease for this credential by passing its **`lease_id`**. ```plaintext -vault renew database/creds/readonly/3e8174da-6ca0-143b-aa8c-4c238aa02809 +$ vault renew database/creds/readonly/3e8174da-6ca0-143b-aa8c-4c238aa02809 Key Value --- ----- @@ -454,7 +461,7 @@ lease_renewable true (4) Revoke the generated credentials. ```plaintext -vault revoke database/creds/readonly/3e8174da-6ca0-143b-aa8c-4c238aa02809 +$ vault revoke database/creds/readonly/3e8174da-6ca0-143b-aa8c-4c238aa02809 ``` **NOTE:** If you run the command with **`-prefix=true`** flag, it revokes all @@ -466,7 +473,7 @@ user name exists. ## Next steps -This guide discussed how to generate credentials on-demand so that the access +This guide discussed how to generate credentials on--dataemand so that the access credentials no longer need to be written to disk. Next, learn about the [Tokens and Leases](/guides/lease.html) so that you can control the lifecycle of those credentials. From 0362995a305472cfb06272bb3872ca5dcb320f6e Mon Sep 17 00:00:00 2001 From: Yoko Hyakuna Date: Tue, 23 Jan 2018 15:43:07 -0800 Subject: [PATCH 009/178] More detailed descriptions were added --- .../assets/images/vault-approle-workflow.png | Bin 53140 -> 59048 bytes .../assets/images/vault-policy-workflow.png | Bin 0 -> 10789 bytes website/source/guides/authentication.html.md | 134 +++--- website/source/guides/dynamic-secrets.html.md | 50 ++- website/source/guides/policies.html.md | 408 +++++++++++++----- 5 files changed, 411 insertions(+), 181 deletions(-) create mode 100644 website/source/assets/images/vault-policy-workflow.png diff --git a/website/source/assets/images/vault-approle-workflow.png b/website/source/assets/images/vault-approle-workflow.png index b59d962f76765fca45be559a36ab26a7045a35ee..d5daa107fbc6ae9dd54d875c5d29cca07ce534c1 100644 GIT binary patch literal 59048 zcmaI8WmH|;vNei(a7}P`4+M92mmt9{xCghO!QI{6-5r7lf_rdx|0ZOgd-r*_wf6_w zTC6qZoTF+~_3G7&V0l@wcX03FKtMp=Nr($8f`EV(OOt{VM+=ilj*aT-8k}@AEa71}-8h{TU;b`ON>4ww{$t$SEJ%P} z7!-`c2qxMIgAGdZ1tQG*?~C5J&MsS?l(fSryNEPSjT@mA#Pj2Y+}(D9uHnt`vMrZMt8A_L zFY3FyoeYDOhL0ArgAshslr2t2A(C_TmW$-No_Bff_j?89Pi{BIKP1~!|Lf5@ePFlv zY@(J_^!q|Es=suBY1EoVX?@$vQ!G|4Ds-^9JKsM4rKUTC#P>*uFe;TmPxq@tEn%U~ zVq}OSgBBXkL0)+*W;BlbVwB~4QjB2ea&J2C>wL9r7C-E#^Fb240>k6QgNhFNNB4)L zhH}2D{gIZFb{Zs}%gE6bcDdmMhK#c5QtcL1PUmCVRj-$}7TqH2t-&a}L83sz5*@DJ z|K2r11Bml5=6d@b*}eIi0wsvb3EXeHS$2~mSVo_5dZJHP+)jqd8dj)N!TUnHX#I?! zcH*d2qLWxmBqy^)Se!(vHQ=Pge83<{y`FnpYHKZfzQ5Z@s9&r#i&27FsJEm6hejMV z9=E@?xxXIgdl4_ClUi)Bj#zLN4Z|kN@VHKrPUqH;3Xs}8{r%|Of5m=c2@sDo+ z_K6IHAzcaL`F@)6(Slq}*Q4(7#Ooyn7L8oEPxGVkDE8h;TT89!q@d2XJu;5t#!W$< z+oOh62q~>r^qeB4f?>xwZHk^iqy#iMZl;-V;X7Z)(>1@BRhD|gq3E&X#1FJgQ68Zf z7pCdZ36niYd|LZ6MI-_6SeWI3|7B7BN0==fqtY*3zEfqN*~OfGSLzWRNIS_JY&Sg| zw`}j`M8rQoJ&d4;;YMXQZ$|Lx+@3L;jNzK_^uRG04Wnx`I}|zWP6&ixF&u|{k$Jd3 zsK^tKBDOnj+R3+Z?n$n7In&=!thd{ibT04z@u8)Q6?&7L!)obM5|?wi`}q*X*t?6| z7};opaE|_8Kl=WJGPK*AiGJleX}wqiSvr#5%rF{>hlShb*h$^o-*iDQxW76WQ4qtc zTUA)~xJjE3L;tQM$D<<4u^sy~ENs;|CFDgC&`5bN7>0gqZ<6ksA3C7fXp=PqJX-*y z$#^=?*nNxJ=-prjVonQHCPVa+&V8YVA`@u&@^(vnnxOv;}njiLw(lyYG^ z_SM!Bi}L7}{IBA-It!s~vIVjvb4lD1DvEtc8eEsWXg=_Q}Lf65~6*mvB6;rK?_%L<@y7&5vdinF4TDGXrfsb?Z7g9_sPy2a6(UjJ}I| z1sTWXI5!dja2Q$~FAZDcKks&-w~I;?azt%w6d%}r7yK(KO_65$4RKSg%2%TFIJ^e=LTWBYK zmuBj;ee2Q-#KY8bSq}hRoQ@GA@L-iEBXv3Lg4SOABI;$9f|x24SRATj^K>-_U0euR z><`JAh{%e`(0Ek82QCvF+(@6^#0>MCh`z?4ooF{n!do@pgN?4RSGm zfp`{AK-?@lXDsH!$!5Z}JggMRWqdi9Ez2r?{HP$pTPtI5>We1(iAbJo>THLz^nTdtRP5pU2wVjYyl#QBz4$iZxNkB?40=fjgGLoWxys%{MTAaXgiSe)y2OWCw(A}H z60!~L%`tG=@D~W~0^EW)n|4&p?6s_0&qU{}buqtJw(b{~fYnVkbtoLOAOHICf&E@z zphUF{OvM;Hyr5!9DVFQy@xl*?y@A7L>|IYH8uwjSiWXl?J3N^FH&5})qJ1&u8<(h! zt?KfFZV_1X1_fvCt&~Y&lMU8qEUI|`9ft9^T{hj|VO6FKJr+6^+_@HT&5rMROUfP78t(dypi8djo1ES*!Qy`6v4-gt-}v zj>nbCjhp5R_tlJ&ERKP9scHj%8G|g5qLgYTeFl*TyhwC?CJ5t%nv_cBnVnV23EEDO zazCr+(7Q&rt9=af?nUd4qi`XOGjNL^eQ=baioR1_nQ718n$Cx5z#Wm^%}{T#=iTPY zn16(81*`FV`c^QLjcq+&-4_>t;pfKX33tY{QdNHz3o%0Ftx!Y=V&r1 zFsM071NFu3GVv&iPRXv$DvOAUlnl;arNbBfAXmb@#$wo^Do!0y{yBe$fmb zddD<_LR0!ust1v;*kX!S5Z3(gP+v;?w5EB^HOpOUt9~Z^AH?>Wm4hJ8rAHGHadYT< zLx_rz4GXRC2%BS%a~+YeHZmRf4>vS^%Pxf>vTD2IRB`kQ66MMeFdGIv0(sAh&sHS% zD%;QF=9kwwyrt6iNFP7SY7cKXQGeL&`-R-$9~Jr?a{77V(**Rr54(gK4ikq9S(u4W z`YE5FnS@LAMB=*!c?0KmI;Leec7qCtmp#k{-QzSvw4kK)PiFGQ`UtC}1-=O`ld=)H z5v~Sv5r;Es1$hvU(YrVK4XQJ3Br3x?+4@Eee1A!wbsozq524b}3^LikCmaiJ?g_9E zrA?#`%KF`X`b0bFeR;IV?toW>MD&M&XA(Mk5zn&&xkT)%x}kI?^<_Ej6NM`Ldi%Q0 zU{IkiX>a~nPn&ED$4Y|_=PlyH=`CY>40@njm}gX6tX=PNz(A#K+Kk}tv*?WP{=P!r zFFM_Pid8wtwlK(z7F}eaj^ds+5T3uhw#SPCobflAg%5|N zft!o*cvwAMnY{u7>ih}#*#e1e=H_X3t8y0%%+tN`;(7e)PXw4+i2qm-$be-zliBDm|1cd?^IN zDJvqK&^)*jS46WaYzW3IG;_NMoS(D|@j5e{`PZ<;GJ0PssM7U;+vlox@Mx-t)tf~h z)Lp6&ylx~D_`DAtXG)HJ#=yFqt+URIuqh3Ui0lm-^M+33j?ko_lMocFsv`69q$_o_ z2Ey_1&=v$mM^1UgW`8n6srL>R7g)tuv4^l)N}n_ie!ES3{({lFu}hcpHPG7lVB-^n z1-7a%ZMwQwH=U4SL2tBZea{Sp4veG%NgarhS|viZjX8q)AhA@M`Z4lCl15i{NtJgt zQ-Bo?On3&LSG!UnanhMvcENn<1+4V67>nHU{HZ)CEE5d3 z%^&R2I3tIUwdem+{P2&$;NsRKqm}9#Pubq}EQfZng4-_T-KP1ZVi`|V)kfAo^81#| z2qE!o89y)9S?nmrZAJ&mpY#T!Eqg-6?gbl<+Jj4J{gf9(UhtQ~rdM+x;Oz7!AVU!G zp7*@(Vq>5bgE8xBW324sfro_73veQ;{BruKX4FJ#ob{$rNvtv*Rk9 zQyln?CLfXnNa?t=QT|rvsX~no&)7sR_0G*3FReu8q|Zy9oO<%G;SPx*$Fzk*K|@Z$ z7}t%lYkY{fSJwf9?eMBHUFRM4@K+r6$gMKBas~fUf{+&f0K1)W1!fzUH|}0A9=qAT zZ4D)r+7HpZS(tJZMcLe?WfcU+okOI?AHyb{@Cn`@)C*b-z@&z#UarkJ8WA$U!;gdEz|A)*{Z2852xUSRFANZC+WyR z9+z5dR!H%_Bzmnr>XR>mKPkjn_HfonnAn2jb(hbmcf+b@3&RHQUD`qJu`5-5!8Lr+ zvv`rLYy3OH9()`)i45HmRk{Qs1v)8uTbLoD?f}*Y&LAWseM5pB!w=l+0^hzxS4QrV zl=YI}imf&>3<~2=X^|`lXRJeu?NeM7P?KkE6hF3j7AoQ|^z%%$y4ol33&)Wqh(z{c z0KnF>P}*E~aCh)(qHam?@Q+Sz+GFPrw`hmQV%qP+cSd+X-Gj9dKZ_L|VT06_@et8I zsfKEA!{gqKqe8vxG1Sy}Y_nz^luK55k&Q-htX|Ea7|yFCi!n9vgurrbi+JpO&%c45 zMtJ(`zp4Ve)J}m~erSm%ol20ZLRywRUbf&Q=jIB@2>T{*FnR@2c*0=+238{o#89+N z=7CbaSqi+t5X8&n?l#_Zm;=N!7EWxLUw!gQ)-4baw3K0vzD`lGodgjg(9TR+LqRR; zsp_jXKR2{s;yLQ|K)buKjwJ&>f*wHZObS$41V*??l|>YXaag=R{(cEt0$J`y3xa!0 z{3jysrSX?u(}YijJ;&w4ZLY35$$VfQ*fXt7SY0x<(9NorEuvrg!)D^rO{*O{w0*NvgK`9sA+4}SV>xbPSa`&{(0e^ zQH*}M#6?wSSGGtSq6HzotFaqsQXh;Ob*ls?Pi(U2p1IeDcq<8~Jj*e@Hc>Qsb;oG= z&-FNa@iaOUmnEqGswBPdfIM!nx#6P?Svt^S&-g-K{d~Gwg=p}jccU+RnUiXxoaZSZ zLzejyyXG^##CcZHMVbnH`eU0v{4Cc(c${htSMvcl#qf7{Rm1WqV+KbrXmymTKgn<8 z&0kDHsPI~y(<*pVC~?X6A2%P+?~Gv=(QX^^VNc}XX8QlYlBJXnV_)7-Xf`PcbHjpJV+Nf)-Ps-v-j5Qp=*f}@ckhK)xnW$slJ zA@>%~b<+IIECwPHmI1zOy%d8(mC#i4+3eq}R))7m|He4C*;r5sVR;;BkofpA-3p!{ zN)P0_8@8IT-W1Qnu|NxAtB|YxUs7sA{T`^!n^5oG`)j!v%u$!j{|gFKkpNKO@VDmA z{|W5>VMlyeVG~pIlTE({{_EEN*%2oQX`E2J&;Pa3-vuJc0rG50*nsO_cphf=?~1Bv;A+)^v@mUN_56nu}=O*{MXL>H5>mSOd>NTSG{V@ z|Gjk?u>7#R;C`on8TcR0P+yGD>#(>!`7b|2I0+l}{-b1n7!JwZ#o__sWQB_HVuQ&z ze$!#~$X2TT*wA5?>dN1p+z?*N!tu`14$F&Mh<6VFlj-#QN&X=(t zA2Xe^yux|g3w{Tft)!v}zL!TO-iJe$I{@t(0gQ+h|6-O9^i2|8?B+m30#I#^lxw#v zjoJY>kO!bU#di0*L*76o#-B3)l?{5_EK>ltmH?2D z>TsB}*u{J_y6unWQUw#Z9+#6=Ad+}e@w8C@7eOrISo?I^gM>A#0&pUI?Wy-h=UYQl zbrxz#jC#JCQ94}YvZ<6Yy(LfO{us>Ty15hebCzbxI4Gw#X?2V%UgIH_1 zs2YMvNBz0MD$aJZf9U#XQRqm_jPG(nXd5V69l$41$t3-+=M!Qf#&{pTzVdLbcYji- zoPS$O$gS;{RIrKA?p5fYJAsTG0>s~8`ZT~BO0I;fkNn^dg9VQ3VR_4OG(gcw0?5_h zXCA1kxAGEnqHk8cbl-n8k2M-?Sou~mn!&e9<+xaHX|IY4{5_`MFe` ziQ{(dQV4;-{ZxQmKKzg+WRGQ>JBAFO%lX)W<+_&W{rN^H!!R^~`&v22EC_^1SeL2! zD+f9ViKRt|#C^&iPQ%>de1dt*R4$>}&3k-Rkm0!yCq$&T2yk%Q#UI1$xHFbUBgbXo=T%(%% zS)y0=rJE;`7~57ox#QbNvNa8)M=3(N*GcFs_I?{g z$kZIGpPbS@nwakZ6mERWIMqe}2WxTQ>_EyHmP3X}WW)Mp0LP%oZ3|%Eoo34~7j|D{ zo5ItY-OFr z+;Fi<$<`>#IC?7!^8sEL1llGjIa7@GF0>>@%>o3?YQWHR{o& zWR1k8(i%-X8Yn}U<{d^Z7Y@X8N<08BcfuWDW1vwjjRbaaOvAmB(dF*pq$BNfidU5| zl-*Wo z$S_!m>-Q3+*jC9ndmlm=802V0E4MTWi>RVbP2!WT?W}E=E#}JcRv>QDc$sdqtQLlO zeCv<{;w`)n)?OPO0|Z{JA4XY9Ml*x3*rh)Wu&=srqLbfG?&?ah9tjI%ThV%wMs)@> z0^D|%n@2}K?iZo$;kad5+P*QK8?C0TXenIi`&|l%$JI&D;$fwhrW=4iq#+RtkNug# zzEjk`(?6E&zdn_^=x>5}LY$7J!?fl)>IQNGl`f@$qKh?N2JG`HPvB{0BLEq;0A|_w zv$l|H z-lxF&3vKAJ@-YAxKycPza6g{* zWIfdaLDm{kSp!D-3|{#RMtL62;q+u!3t-BRu~lNVTFfF42ZaX2JQezS>I4W@vb5!R z?{XLOhuFdJ9s}zS)|RRYesXpqu?hsz6i7-|+N^iWHwEH<8?-F2J~6$+PQw_B6FNg8+3-N1fGz$^RMI$As`Wip(}JDUHr-F|HA^vIVC zqbWJAf8~#7wwWgqGHAqH>t;kTZ95p$D+%SD@zuiZ3$w8b!LV9yR@}1Ams0jucIxfZ z8oiV!;gq`&pKmvj)MTOg$`Muk!OQWs0lxBvZ*e{!uDm3$es8V+sGws2&pCBb4(FKV zSmZuEewTkVuHc>dvQwV}G4UF2CcuH6cs<}1SIKAD`@i5FsWC=auYEi4X6uDZzm7>o zm@(p(TmH%Iw$NamvB8sy1HygNGzXm1;|V?P3>V%D&pC;a38(hc@NWPs?}w%1LbTR) z6j0ThDc}cIH`8L$M(xlQOQp1A-fB9nW8p`u) z*Z%A{@gV9);Jn-MH2Qi0babFN_wWiarm?EzNFr+?Z1jd>y8U7UPk?M({mToT#FJG( z{1jl=p(u$FzWxe9EyjZM0p)>1M`AD>j3g?@^)vB@=7WnNSBJsYB1T~QRW@9wL`Q1% z;pNoEu# zxX8AZlHFTdI7R&)&|KSm?>b4m1W$QP`K2`s<-X|Hxm@epF!o&dfrQ(gz}{SAKmW3g z7SE&5lTPqdl5PQM1U6Imas*}Sv(do`Rb4U!qe*A?NIVuXgOf1bw_|QCgJbJsH=RNR z9f$b&Ba7+$A6y;e7cST_`(W2=$}cK%sP( zcAlTB#-5DY8ZPfjjMm;}2eVf6L(blvKEhKAP*$mqUEZ*wOt&nzUq=IAjC7eRR~qj*7B zziyKTt|N|vpFAy-CzO(QUFy{NlKps|DO}ALZdR6(u&h{{)c$vn$+$#osr$xj3v(5^ ze9nmY-rN&7w=9&hGKo|>+sDwmMR8|~t<3$QLG~9tLRfjUsevbG+q(@|_+yj|ty-=6 zsO4dLKZWPl`b3t2R+Vn&*BtT!7*40d-FiJ+NxACmuu0Fcfx34M3wh4?*RDpQ+FODm zRo-XW>j4KMbFOw*4;p;sXgi_Gxb97tu}u5ID8g0ieIh)Mh47|>8xZ#QU>0Kmf`bqs zvoyo^I8xSoiVXs*Gf%v2fX$O1M&WPb8&u73(_2IlFk3%{Tf)qZXRtq#9UlZgjsk8$ z8mz{M-J6&z|?(FCT6ZrbaSZG0JyEo_=j|%M;^T*BrI;T?lS9E0~hG?^tC4$ zx7KQbH0}nAnZor_BkmR)7WoR}4~P{`9VhBBt9i&21<;zC;X6X)vUatPd}LI2bu~oFh16 z(x-U>Uznhhejc1jkF$qt|DJ-B2L@}wzi{e(JIC?~XOOe!%{{UGwmJ#m6q;&FPWsL; z@z-{x zMARPn;C)eqN^`I8TxD0x-!wg`dwsw^@HEzDPdJH{>pvi7hxZ9fuwS7Z#nz}6{A@0` zgJ9MAcdy{!jCdHVpjL{+0>teH6081~qkQeDYf@s+bR63AR4o4;sNias)#y^vmTWX- z`gNoesXEnQYB~CqxD%Zqi|r>NEt+u*&l$WW9;IK3TOntN2Dtnly~oj7lr@5@$^t0W zsm13z`&o!9WRE|p5g={N9@FlxQNUBvCm3E<6aohOaxYTlPCngtB0Uk&r$3+aW>u8x zibkcB~F5ndixB3ypTeql7d23O}(M^MwG9Pnc&5!7Dq?!lZ)%0ZXFp$tU*6VSyO zlBjthyiB1b2sJBfu$HQ_4m#wDW9l~B3iJ40t=)1R+;$97$`cvCIjS2z1S{o)2KK!R zm14w>aCeL;oMR0snBX#Hd=V_eM`ow<>OV$8b{Nrhr*DKh1m=p1MG)t6F;&=%Gx&Bf?S0m1iHf?#I$$ zzF#tQ#qQ@f6jd#WmKxkz?Q1We;q~Bi@1WeIuxtY;L<8SArXQO9kK{M_>&rqRZv9a2 z6R;Kruo{aNTTDySlr}yQ><}jZo|HD*CKTj?}wksUXsv%+l4#rp``?jJiJfvVAA zem+re#*l368zhpkby37T?R8OTK}q;mk5)$aq(S=$MEw5K%h|NrS?Ex1www-oD+Vp4 zcc@PDwDbL?I+_d&@9&#d zmLggsU0tu`Lru-QrH~G=Yhtvpj!(kiLTFfKagl0j$GUj-?{e9NQYJ6HK~5#8-C%T? z|M&tKR?Bv8cYXH)(MYa7z#2YLCU^7VcKDeXZEeN4GX*%JC>GHAwkBscrZD4T`v$?# zwBnSAk9eo}H{%}Z4DJIoJ#LPtj~mwHC1^foZJ&Eq&(@!E(w^}?wDYu`P=>YAe6&(K z21syrfzSlxm`V*4K3lBvOa&xMgOt^AHqRZN93m8EKyIX0ogf{f^T?9o3~^K8C8r>k zOA&I?(t+QO_`nJ_BugkqY0&7*^q~hlb!M46@;2vBASgM~mzUEor$2jc0Ku7K{^_XB z7sZ?yILwhqV@*4HP43?~nVa?B_5DA5U~z3U*F)JP3;F1)K_1I7e0utx%jv5rAsMtfd^AhU>rO=D%F53%GS1zpdZ(Jvu%m2h(2gp?oVy{ z;sK)w*|(=yg7lL`(tuCy* zquOX%*u*AF-3KOgR8vp(X*P0Q=iOJ+TR5^*{f@*m-SF_wwJEjdxl(_)VOYl0;ipi4 zcYSvY?F+DNbNQUW&M#lcVqiup!$-B(nt&AJQv%O}w9)Q(+0C2W9AeMeq zH;^m|ZEiPCa0_$|OB+kdtbaz@)~Zr%U$Q#0_zji~(&%+!8Q1!Th<939+f?QpnKuZG ztv^0@Q&nF2b-|4g6D~=$CMIe3=RuF)vSg~CRg!OF4n3C!Wn76&?r=Yj)#*{e9{1Hk z@oI3WS@HIl8Vor*+L~R!37*&S+S3_#BPW=UcXU%sFsqF`=e0%mu)yR6IKLZbNRNT> z!g7H-P3N8gicOMLTBUYRmH z9ApQJ-eAiTya8l-+xiLD%2A`{`SVU&?`>e!4`(LB)-EpZD%cYuG?GXP*j)mHax7m# ziOMXj-(>U?J}vMNzkHIUpit7^t6+etjhTpXBIBxTX|ajmod$%UZb>?kct}9-&ihjP z`T))NXrwd&d#ar)P;}En&D~FFOm?sz9Xb!d0*7S9{tzzUrFZ&$QBj%I(soDvBBc*D z98kba5y#ziYbZ^6foyinK>{>{?%Pg`Fz6?oYkJ~!fS%75k)hP9?n^*A!&EYTr z0=YKSW1a7ko#$+xN`h@8z~Ok^@%E%LZ@gGJfLZ$9fSAuLrNjA4F++~G^36WxPI=J@ z`w-)opFA5PaTLy;D(X+<31%VuwrQXab0WHr^f{Q8)AN1uO@j;&;t$t>Ui)kM9hXC# zoi_9DdPdIJQPNk^Nl7t2e&T6Gn2X|f@_(+Bi`y8?ZxkkGl$X*C*`zu_o3lZFDyVqI zEsi}>OIYRqW;9%6hh^@E2qHN0;g<6@H?7zm>XL=KDX3zEcbbBq7%LriUHZsvctQcUHFtJ zo&?3$x;(BHEGq7Vgffb4T1>QWxfJJ09JVEjGU6FMGiCb;!ve+SyRic-V<_Zg4;UNL z46s>bGI*DtWV!a(=ij;3$CP1ad2t5stT>+v6Qj9ISXV>D5KWnQ=Hr^}o57nMd8}fS z6b`_)q%nqnc|_$!B%FjEhjBf~AmlXFd zN93OlLxKwwIfpk6DkO3LBd!ZFMu(zCck+F}_EvLq>br>a+=`uQm5mZNi`1w-Q6rbW z84(Udx&Au6#VB!=DI<$)Y|s7x?FUsh4~eGDCq8xNL=OX}P^WW0qi`G=tyNPbdi~nK zdEW7Ef(S^N>B<%yargacIPrWLh?A+EQyfjyxG#7ckL%oxn5iiiJ%{8w1(xf+DP(-= z@|DTL%>D0033gd9doDMc3lpkGm-L#>X4yR>96)=c{eDGV8_$q|!6OL#yzOA|8+I)4 zxQrsSD94x!vb&uAY-WR{Og2{+=;YdE7ve^@?I6EaDpl#Lq{)O@Y3yTA4%xLmvr}Q= zviyu&8%Tg{@FRc#x2J+hm3M5!qZ5IgB`MYqWx$+G%7jeH!YRQm`TBIIZEO{jZ`~sk zpH^cAmgaW>`LoUj?*wQ>&CI&&@G8-bedAh)M8+-a5I3lczGc<#s?nOz8x+nxqU3dk zm4cs97bph3Zio?>OOZXRuq$Xm z!6u)^9X9;VlGj{=PM^0=dOyDecl6hQB-rZ@*+OqU1qLGGGtUUMG#U4{zZSRSZ2LP; zr$GCl`PP0FllRQDvsuK=bImd`xzKla30-3*&6(w>+Y;r*afRXQ!285x zM$d^n*Cl)WKaK3?k0zzUqfEGKBM;wAIO$Wv(2!RwU7prFa^~%p*;dFJshGz)WBe?J zSW<88THSZCPN>8CjAmMrHj}!Wc3ZqCHi>$h9JJX?9PKG8y~6lWQ3uh6)lqd4$$CA^41pa?h_|OigHhMKuyjQ4CE1eDC#^s06ATBfH#!^tY_ZfSYXCS z7JkoJx~`P3KUu&;2}2<2P3?Z_Cyj^W#bGjvld4XX8Ypz(#7Le;tI(2zlqtS8|M(Hn zK79%tw=UoV0lgw~mOvMOXRQysy+U%@;3?JH)JEQ#rpmC!6YJ@*Qia8yixPE zs>3!_#6pD<8z_X|DJvQ&$niZaqF(!qgq*KkQADwlzSjkj(ZHHZqtIzdtL;+;3Sd0!K$jR@q>&1~BTRXFkaa?F+GnskjyUwSs04Ha1=5WozZ zx#i`0ESvGjQ`Iwd*znVwnMxO&yT9Al1 zt6u6?6$_254dS_LOxMB)>aWm!h|nW!fC#?Zh&6Osqx4T0awoMYl!#J4v*5_^TNf2I zg}+<9AMU{0Ph*w*N?0;M@~i1A=bK?#VQ6*e&wJz^N)4VcukM*L{Y@LRulTldPk>nJNZ+ zq7#Oc%ICR9#CVBDF`M!L{Ya_X!4-cmpX1}VdK8XgX?MCDtVfNr^GD;pRoQA zo~NHm%r+~8LkWD}|4gL{d@=b5*ee3)xo8XKOyLYdzg!NZyo4KiqnzijI@X6#h=l-L{guOXzvq7%vs-_p8=E`Y8a1f zs^POcon8@&6zKtW$h1KOPrN3}Hc-hRP#K8fyXL-9`ig*N`)N4462+~~G6ib2$l+)~ zrP=wUU6+Fm=)X}8#8pwN6dQi>BOcB_?RZXnv!@-rkDu_%v_wN%i}P^zm95SJnJBUh zPAH0c$?ThJzXQW!o%q;4Hho)3lB4kX`hd`>)bU^zXhcpNs>T0!?{uUXqxZfV7+#sc zFVzGlGLW9|pN#;08x^eu&^|?2#k-gFa63i$skaCG@w-8v6~~k6p2m|MyXnxn@#5aw z^DB@rn*7AwV=FHylqJ7I8pF%?QtHoka#I(1^V?mt!qPLnU{XlObr$^rpiOU3WnkON z_|beO5)qHn@HR{glS}cI=}l_AMGm%j{dJL{#isgZ92YzK2~P9j?Hab^YX$=w?hD)= zocet>O{{-EZ3NbG^W3o`WVH@xBdnUDXOZ4~IThv$-obQ11UgMVd}dN_D!*}=K9hB1 z+CTDvY*9dtP?%L4@^+qG13_k)^at!D&v)b&M|gGH-Ls6N2D6cAObUo8;~;$9)^BF~ z?E~hLG?Ub=SW47s_cWK^o-36s@_LchWYNfk{ngaiJ`m)Q(^UqqBSG9icbp2<#v6Xy z{Lg3-ksTm5k1k06CMj-9kY0^XW(o9(sWw(b!*TcO0}^t0qn&BB8X1*MxI12Z{Zs88 z4=(9bV@7`^7PhalWn8_*qPM$k3igh``@n1{zSQ#3iV+ z@j&qSRVfjjEfRXHMggr5?l`nT)fsr9u|dBY$aYDCTAntK^+AMkt0x$=utGtG}j)(gVG+Hy0tr1Jxe@x>ICAfrvjo zFG|HyM&W<6P)t#^jh&TZ@D8JpH%oj%;tt(5mCH6~59 zYQErpi!JfdCrhSF+!n@xZVUqgtjp1U=h7d zn6s#FizuQ2X~VehY;#})7;)2Iz?zz4(5NQ;WnVe|s#q}u!~^sm9xh8*!@oi>XavoU zsK&u2W8X0hIOz}RFB6Ozs4`Lh4NvEofF$UA_Nsp6Eluc40{t+kF-|tSt--`}6JSt> z*?gu@dA!POI)CE2FBD4(5O^rng=ZB8&{zT8(aP7sw=9Dvtk{}UJ5RS-zF-WJi=2Pv zv9|C4dC+#6g(VM=AUa`sQ-O04TIcu`m@era_kk#h*A+YDH&WQ>#%KbMi}>>l_<#hU znaI}2`}NPklHl*u?~h(1)Y%s z0uUaV6w}U@YM?3h569Ed0B!ObT-#oNkxv8U2VvMu#JOQnu;&0~Ua7$S;Q4qqkO(xt z0u1G)%RGwMdfEPtJo1+lf3XT_+PBj*dAnq=0LXzl?HnG-ov0>iyEQNjVP-72)b8OH zG8znI0O>l({oieF&czSaEhr`Gz~p1~=O1_g*m;$9Nk{_TN7`mH`}NInve7DkS6x;_ zYV=L*7`VM{s;dtG7hTt>KNGyY`l8s2%>h&Z|BwxAp6+>DxMX z$czW-`*TC3`bG9tWp5Fq^)+O-I`x%xyuJK{8WiV9>-AiFA-6q}z%U~en+^sE=kJO1 z((QEZCQ&lxhs3LX8=S8W)n__Y+x&KsAt}P6295LUAx*2lcMtn&@a!ZF+l}5}JD_h{ zAl|v&!tJ=P{G#%Ff57k>k8*{BQK^QrwVnXs1Qn($KCgS@Yc3YypeC++0`wgpidkB8 zTUAD9F-GVmxZX5ok&mzO=h?!P=WSk4D8(pHfj5)KcCo02IK-% zO4TZK^i`{HJJ4rA-u6ronQ=s2Pz%b!|1Ih`qjhr50)iwQcB|CG-&G`5X>`hkk+BTA zD}6uKt#%>vOo5|Tt=|U+h&duwaWCXb^%J!0Bu2*#DE^Mw`fR;U9@uG7SmeDeI0Esk zMPX-Z8`TY2qa~t@_;sc*D%I=xPL?QCG61JA7npE8e||U_0rV#|x@JqbT#oysz=+?x zwJt5&t$Gzn_$Ok_U!T+dK2D@R#Hb7tEJO0gH-Td$3fSr+vE5E6@fBAv!V@itSZ}@b z*+yTUTn4Xi9kq^NcDQ1mWZu0}wc!x@Ji5U$IS{=*>XrOWRPGR?%<=AXqncmePE1TE z<`qclCndu*)2JdA;n`A5Dow$yIWjYR)H%GJG-sWqG6Ud{%G5=eS<2Pfu(4~Fs>cm)PDm@es9`sH zRNja%tK9dQVk$cYC6(^v;8;HHoVvaWEm`$}jk%VmasLw1l+q4i<Q!QlpbRG$0_?6#JdB3wF{;^rleDOC2nlSmoSV$8 z@SsK}2q%bhH7E-0*$>CzeDcHiJNoA%{3^T6)<&_2cr_|NEUi+W#bvBVd64~1D7`$b z-Q^^4TXQjnbX?`Pf*^Fsa|##kQUgQjrDjKq@Fk_Bs*uUfVWX0v0E+s!gMuZ}^OJ6t zb)DFiEY!JSzY9E40p7as{hfCO%ao887{gJ#3leWO5hZkkh<;Q_ZyQ^jeDh3UVq{YT z<59G`HMA(EWE|Tn@~tmfe~MLv7fQfpi;BeaNYIM<<}IXJOAY2NjAkRo!c@X)aC2X@ zo%?@O8*ZYy9=BkT=|20V(U@z}{m#MB8spwj=IBt2sSWw<^cq0`Y+?gsRI*#h>eq65 zlxx}YKmQ9L@&UGVwR9f20~M!K1Epi)WB2R}i6S7GAT(#|rMDDLP9;+;RzKc~{LDgQ zJWGw~=}2IC+DLo1<9ugxhCNgPr=jUve4UZ(ktgnxZH7^G^!h}AiPzo=d3eJ&`rroj z)~IRlRPH0yzyLAd6D>Vdp(0sSdfK&-NT~|PR$06S5jukow^b6xCM;8pYSn2y2EDwn zPTQJSwZj(koz)fYP=>Wv0PO@R!Fwo*42CDI;@EO($B~S(B%&JzES(CEe^7ewt3fxk z(cY+lro>J}nZ%pE8)EQ}L<6}D!m6b+te1TvW2y&gEr0gI3-L|15r6i9DDG);>klY$ zSdOw84N(92piLwb!6+&*y@BK@)$IK|~bH7YoZ*&JlUacFz90@^5! zmX+V@9J~I^B=kt$wi`A0G|@THasm8hd_gRij1J$4dgcX>H>UKrDnAbY5Jlmop5>$qE^m_|D-?hFE2&)5MOgYzG2VE zQV8Q0Qo9Fu;vWncdu|1TYBj>ts_0E8#xg1|>G`Ez!nqo0ttCNs2O*AOw^fD-rs{p& zIJMI=1>?<&UHKY+d^FJBa(I_RPg`ZxeoQCk$1t}TOsO2YK*3b`V3Q4~6;8g;U{ zP5bYk(ovGw#N(=Xi7ArTi5;q{!e5~=92Pz9LVTERWk{V_j)qz`%+7NVxN{-yxxpOjnRm%L``N$c z3};4~wOL5x~eS$Tq zV|e)oPUzzx_6)}q_sMMJI>K_6ou{qyQLe7vGV#3~U}LMJB$%`8HB=yk}~DK?ZHLLx6Y{F>yh9c07|x zE9c($WFVO<#paAVGmQ=)tztHtBAo|nuhg;kZPUHo)PFv!)qb&cZQDzka(7YMQ^+aU z5}FT*L=BJ>pL?GmQDCmU6}mm0`_k&k>@=i)XYxQkU*(+O-tHdqP^6Hbd^yoreXYVd z%#=qhI-}q558&j6J$zw}*qQ&Q6eK09)SLtRaFaI}86j-!Nm4B_2gg-fDjrx*tj&PV zaf6^T3`b_RV^=x6Y#e z>2B$e?hXklsYA-48|jb^=}@{u8U*PSq)Xsk`1?QC``Hh2oxS&3V~#n;J>3!+pn|vQ zi0!gG2RcIKrVH&XGB~VsbD93_=j96ueXOK(_tT*+i)0$y77xk`^>$HhRmpYGPCt5& z;TfnAw~xXBHcR4^)Uf$gy=U8h@B6Dj@V+BFGj9bK(LgI~@&hx6Pkdi+3}%|BvH21j z^mL!XQ;HWlRw1=NgVR8{X(&>&?_I0gKPGghXtShsuaO`YX>+(h^Hy-EH;ENW$k?Hd z-`8ku*~pv5}L3Gl8>d*f0h{?P)+e?ExKR8 z9{|C8KH5*g>26bmE`mwO`G%941)sq{wZMlPddVy$P$p<9WmvvI{S_9ZRnu{5%m7g( zfw8KMqo~HThTQMZx0`|$_MN7jr8(xr_jqko-TtJnI~`R;4U%$rnc`cESLs;){>d|N z{o9+)wdu-#W^ITu{y)zo?@0>&uR@X4f;r%R-d}7S(NwtHf_&i%r(ri>3vBT@n4fz zle?oxOd8Andne3;!8@@KXcZ1V>9|Z-&s{7njZSRB0-HTLKZ@E@6->i*`Tf$1sE}7F zT$ucMny#13ybX)`{Y6R{w1V$#@seN@mfwL`f(;Z#s^B8RfjdHmIIZ1vwqyD_ec5a# znY&g7Caqy#KaKlD-`n&ufk@*kE4RO8oludd(Go~EfHyG;h=t)O?Vq>yu&4AvqO+0F zS!H&?HsY~P9pDmtyD1y)J*S|;R>|L^Cfu&c*!J41toKscx2=uXQ4#|6d% zPy4us^k?ROSS1QvZlqg`be(KG4UieMs&({c7XByHu2aC%@ML_FP>e|Si?pW;(SCNp ze*7Bd6?(mBGa;{-r{SRW=gj+2iM2JR>IQd``tO-kbb6!*pdKDzWx)xaxj~Wg+QkWHiWcnI2Z}8(U zW~s9ozp?Q#aJxF|HeMZGI=dT&NKu*h7KzeKbXFbDjU*k@t6&Y>i>Ut*@~Rxw zQ}amHD@Bk+2hV2`SS=wClHp;kntB%f3fJPHvn``|{jnCMu)lmd@b_G@+vQn1>qE&7 zMhq&W{#q-US4H*Z^XfixZQ}dd*5o(nU)N;xg#N_>y`ut!QP2MQSwRL;?`A|PH@Jw` zF-9Z#&h(*58C=Ngm}MUf%aQn}aZi>xB_sDgj?xaQda7V5mT-b4Etvm zG+P?hxSLp+S)GW}a21tjxR)mT=EnR=UbXL|RV zWNTg>x6VacaQdHGZ+lYfD|S}QyfEI8U0Q~gwo~PPNc=@g_&2@{5Zc9rGa^tMgJRYU zIz^KgY<_=xQ43OJAe$Au6@slC2i#%lV$&})`mhiZ3BsY$kw~3hmNwNnv4P%N5Y|fr zp&%yxuZpq4mpY|}tzU8IRml~E$G~|T^E!LS-`_ykc#e^nyc-`ag(kzj&?D*QARt-4 z=qJm#|5dbm`LbNg+hdku5^ta6F$;u$IlTC!KxX*(a_zB22iQ}@Aew*(AyJ)z6N`O+ zucV?9?UbJHMChIt@1c`Udo3nak>^tj$q8T)_PtC54VQs5t84~f+a!VT zmBb2&bP0(Ip0s*@gTo&Ha2%4Wux+?6^G{4LrF1SR;Mb@)f_Z)5XU0VR$l$VxhkYI; zX>M4SQbD1@?JsRyB`=K?ZVC@dIu)D;Q!{o$kq1j4i zR>e~0pL&Xi0NXKs*Hl*{M$Cw!TD#v5_y-?8J3`E8Axwr8>IHEvWLnrZtMUau;3)g8 z?R7jYfP?qc5+LNXjDAAQoL@Kmwsw@MHL zo^F<2|aT+`FbwQOg`%n9Qi+a;jXbyC_wj`oU~!|dyTD6u5k z50`nV{V=amy-t=AD)lz!^J*sDT1kk69ssJ*KJbZ?di{F7H<25xS*|mw3nTJyZ3g;P zRT}e09e0lW0Hg90u$;6DoJpjCVb=fZ4osV${SvAZx?Z={-Dpw$d+Yva<=^Lwd@F!! zN_N_dZ_M|FEr#zY7KX&;YSHQ#HBOUl6T7H#h2LwZyb2Oy!OPuun=aVuVCf{NA7T-QT zds~foyj=Pw{c#9{D__&)e5ifoF3ah$$TrOFXj@o!NSm}MTGroDF8wfYlI!-j)&#oD zeeYk&xyjUQ`#p){;1gl4-{pTc6!DWBA+F53_=ZSL5%jxt`X!G>!IEKmNPfn^y~@Gu zyJ4UValKDWpsd`=he#JM%RN5oSJE#D_iROaQDL#Qo%9h`c8G_*90b4ZUI(Cz>4TVT z-Thdw_-u(9RpUKK%O#-_Pa9apZ@>bS&MfMiwc$}Mb^{N&>5Z|Jm({}U*h8rob|?DosN!dNCM-&ou}rvEcZ+$O?X2ZfU7Z=TGa0G#&RYYK7c&ELAAiwsv)q{ z!@lj|+<{JAi<3rLL#KGCH4T+SKojKgcFX9{5E~_H2QH3R13D$)MwahTd~~Jl7Y|jr5bc5SX3+OE!Kq1>(h?| ziON6BH4o4Wf4fu^N`CO4}mqmiyOc zCcgc5&pluZ_R|2&&bRp*GsDoHUau=A(;f&}6izK8CB1!I`={?+LB?_jpsSdG8|W16I^`=C{{nnbX!#gtpwzZ&pLX#>)(y<@XH5>9#xn`Z?xlK;!62TOojB(3u>D zxY73Y?Ksfj9+b>JkwW+B13nk0cBKm#ccN4r4xa~pwres7-imQcS&1^V`W+5~+)}2i z)M!r+@Qjvqht(C#Ivsxs%snf&!+os@Q8p`2wg(QmCqT>eGkKPS$m0~ap6nYrp^Woi z9WnraP_azADmyO?G`-(<)`|8@8RDvl?kjpX>^*KCu+(i%`k)WV6_y>@B?H|!>oNSK z8>dOsWmq1sIc{7RxZciQZhF;KJpcFkM`HkcgDSB+8VJZV%4$`!PExYZT5N{MJ9X{fUi>IL>hDa9NdG3`&Cg7RtWN z4bntPr;B!FQe|6Kp;atd6fao36o_8ERXN?*DX;bKmnN+KWyl{OiEVT7 z2AS~T?5@^gXZtX7EcXBUYz$`XGWMWN;2qq>k_CA%@W>EBhh(lQZI1Oz8a_xW3%=bX z{COGLLfPT`MV2HhaJ;x~VG;}ez1z-M61aYh|JwWecqGIHb6uK8QAv*=M+tA_U4Wcq zb99us@!!*7)-0H?b zgu`0)TykJBL8wW5LZDfyef?TzhCQ{q6vab6xxNNM zMiOqR2MV~T)~`qNtr~r-8RR5=9*MWXl*^AH)0!mk{icF_Z4Npz~Xv}NhcD>e)3CUMvHm~LzDKoeWBJEFhW>*_|=9_Kn z>DAfHJS+;Qt2!TEqY`n&fdrbuQR}hD4RGNN)`LJ`nSOL1MBoLy_X<-C^zNS0zlBXQ z{ASO_K4WT2Ppt%;MpOz^h*JiGn5;ow`>c98YCQ>fjVwor8p+Q_($cdzUw(Xx!mG8c zefBY~C%6-dmISZ?=$mMb+(x-Sa`YW9;Nod?Uav=4fYj{AFRTG|{&EqAvn2k1Gdnv| z8h6m+);iHra5EmJN5meF-kKSNV#&xAzs@SSlS`3{>9z|avs?w*UzQSv^C6SMs`LF< zyAyug{lWTJV_LNX4X3gI&BBhkumALlIz<=C7e;(B*)zi17{Q3$*!`2P7v zD_i{f-IuBk*G|w2`kBNoHDV$^5KtWph@(ubJ&~ctvIb5r3g+K-f?goJyb?{etb&{f z255scKbk0$#OjTpEs$b$(mAd}3@i#%?6x&=8nJwDvjvZ(Zf>V^PZfjdwh}q$5^z@w z`;0p*3WY94>(m3Rh4%!C>J*Jmn-5o78SzG|1^$&jX_Ua3DRR~|p^9rnvY$j`jxb))zxx(nlaY^H_kl!@fdx*_ojU=dy&6oM)`I7L%{ia+Cf|c2h z8qLtKlGRVjAFUr~j=4$bceJgULQip>xgF;lbXV@YOSniD6w^CaCE-~K=!qNqMg0PJ zTK=o@hY>f&E$(ZMK$VH{;$I_d-wkSFCbd0=zfhyGnfkItId!{jcUgYZ{^E9!EW9)e z5M~XlH8F|9>?ng};Mbl~-GE;pk<4QF8lV}1i1~`bgPK^^qn#zFSE75f3As!u$lHZq zNGEJks(!WCEtXufloyXIf9ay+O`*k<{{b>c{pMw56qpkl*fnwdT?@z)2dB7n0|QX1 zpR0ICLe-JE*S!*vHYmC~M23YD7s`O9Ycu6!BzogD$fw)t5PbO3bGQIkr}Vo775OlSa7J zvG^t8MKvZT7~=Y1w#VWdstdpn93}Q-J_(szIPVB2@57pYgZ_0}TDET*G=O%5W` z4Ysbo8|EU76`0!1?2S#ab=rLzqDZKu85loe#d72DY9%DXs`i1wj(AryqE01%zg6wI zChkq|qr;|WVv7097Ovl~BajC=&@O4PH#QeA-oD?S-Mm{vIKAt$xbq2gEE#X5ib|T1 zBqu4%=u67-+}yjnTzKk_Q{z03B2*|DHi-c}EOI>9SqCg{r?x&{LmF2TR;c!EguTX9 zk7tDxe0#ykyW`#UQ6f4#J3z(A8E57CaP6G(?%5Z(rA#t2Iy00_t-|G__kYC^|Hhvmms>Zg zp@-uRU$$yw~76>Yb8J$-)VNf+BDR3)n^&OMdB~OOe_zorp5tg z@=~ue^rk|yR9zg8ua=UsAlqrSJnilQU_)A>9jHnEAoH}60CHAOH}!kWuEn&Zh8k5; zpQ|HgCTfRxZy3c)w&oy8tvXAkry^G2rFgQsDW9%$R&=rA$B{R1EuS$gH_ zHf+=L^0@r@+jRJwZ{0`97j6^?XH8SNs=R`5Kq}k2+WU%Ubl^I-{?&~9m~UrIn{Z=J z`Og;Gm~{Jpj2zGy1RemXsNf_*S7Iu`*mJ>REGa_K9_18tOV`JqrW=N1cvtAb>`<(m zo#`x?_ZX!NYVS882G)W2`m=;K2~b}+hLsbh5Z36_j7%(cG97g{y-bjV zQ{a&ke1b6$0%D6oT0kG66(Vv;cz-lB3ko+gs7aLVj$lW~o(aAX&s|9&1PH+{3*FPemA3oi(_&2+Too7zykC7V4kY+yw zGU+w4F&5XD{WHsLu&QB6ZSrbJq{*+abZYeKC_yXj6gqI_HjV0%F`yZHePB<;r4BG|B)PO6;HD+tFg2{kZ0B z6Cm!}teEswKxS@6_w|L-eD5Ur>y41NV`w4l>Dn>ehv$zQILAM=TrH%3}P@P zj?bfo-nsFXA}T!Y-Sex0RsTCBBd;~Mlv5&JT7SCMwYqVU1ND)+uTM;E%aPPIn7_L7 zX(*A1EUHc&H%0n@g-r0Gg|V{fyRNizCcrWsAuV>4WEDPBO zIi9a~P3aG$ZBap9FdMZs2_hsgJ>gpKGJXSM;clDG@Dt`X1rm;g9}+_Tgf72}t(7vA zio)~g%y-Uj`U%9Hu2zqMl*!{O<6BAZKbbO{VT-(j5aY1nK)8F0*|G)T9qWFv`D2`O zSJZa)qjjp_`_0td=8CI-A##Cikl$~lFMS>V#0iHaD8o5J244~eZPHY~Ntw9)JSnESE^!u+LT>gQxLB?mXkJLF`sa3P#U-)Y~Q|8gtQXT1{ zven?xi-t%$1Sk6|$n=m-)>)VoxHMqUcZR{}!M%w=B}?G#bw>YU%;!Xx<ajBc-vkIPMTz5$NTuh^|)lF-;|E+#v=?2@1g_V|zK^Z7Fo4$FYMVl^0e zb8oSk2R)rjo~hMt$FaJN!PmMwlN#Dmt>rU_ah9S+rhLH; z{}%d$YT8?FuG1)oU{mah8UXieJ&_&WL}y4@A7W{MbWo6_5U`Q>m@@pv@K)X5F z*K7X*juzrLDpRK73I;C`I^)h1s={VF+zX38D!~@te6oIvBa;1)tCEOH1W&vnY1qzy z#Y&q`25r`h>q*PxNs#kaa#|+W>@E{)MPUx8!30#`6Y?sVSJQ5$76M_)q<(}5W%+%+ zBMx=*xS#qCSGy`{%Dp|Bu``SOU5ZWJnZz`v3V4?Ma}>)FANV<5VbQtHn}qX+GM(!9 z)2+dCEqoMQpU_ic<#C9pV%O4oI-S@a#q7C!xOf~d&v?o-*<_OFfBEg`d z45|OM$&M+|JRVPwj;vbTBUe8AdA1a0%r9O|lus)F_!tG}k_0elZJtP2iJY`{rVRb0 z>S{+qccjflmmVBGYqH*UK+NqQr|kz-%gi3nm$+CS5B)L@likQCmOD;wFSIG#R&P@s z>Y=T%&zW%m&9PIA>b>;MX02Ius<@AV+Z%Dm0l3W@QltJQC&!P?O6IqUPJ#R*T2QruU}Ey-_knOJrPzVB|2z zltWO`)v-+_Ka|~4NQ4c5@mF<5%cW?sFr+w+ER;;>$G6c;fYK1X?9|zx{Y;lN0@Lhc zxZEoyJwORZt-x;dyYu8_2!_iH&Fv1|d5PQsu9OQFKan)T!R-M_wDD{&xk2%8*~SFl zp`O?T3xkZBsTx;7hPTc+Qw?UvEH~y0R<46hv94pkd`_o$$A`&?f2ZM9*_rLI!wiZ) zIatl=v&vL|Sc8<7xQX-hzAYYnAHjFW_7Vc7cMioVL3%~)=Tm%Z7495rhd z^Z{=3<3{@61W&hxZFs3`x6PdVjj2o|?K}6=?iO#?pPR&mN543?k{Ngh|Gst0_ptr) zG(kd57biNn1_Pe?ezqLp)$*y+zWeH+=VBmkh71Nn|f(>~CL|>LZ z6~m#62DK5>2jM&+H)usZJ4Ki9V2hcE=ZJpqhp!!}nbWUFxq|-bK6ZL*CQ_xgJ)k*R zfQWt{Nz@qt^32LE$N{7$D5j(0*;GbA6K~G)nblbDo914FWW@DP_M39=p3>9Ihh^7o z2afapEAw9}$Ag&-ZZv$d<~PZrTYC%RgT!YmakIGkgInoDoo_VsF0u1(3DSQUKAMx zEy`1EULBAp*;OUDU10_$^3il=T{e!>IxoN^xy;W~$y&17lK7@@J`Oz3zPtzE^C*Dg zHM6z;80k*dZQMMz(QADOqzUY-xT&zI(uhkDc=x>q)M#RpGsarp7QMfbU$Ntn9jltq zdAYO1i_qb+gXev`V=`rL&iQXJrhHJ0XP3zG$#LHlhDlapKQ?qbaKXaRX;m}->kbXd z|2J%+79hIr3_OTyRxDSpiu{)fJeRP7sb_>D{LXZ^a8rWNvIhml-2``^P-px2+ml zT8ihUL^Y`xIX%x-Ip{4PDY1@2XEJ&h)9NXBs*F4Rk8a}b7au#}X?=M1CE_+k4LZS% z&?5J$vj>ibPC0XTxwNJ&AEI@1UXTE}OU0_qg>~_u#7aINLYO z@ABrzZ|AUKPH$C)BuZHN6Q0eRX3p&k3G{L~3Gy|nID!Qn7pj*p?IzOrr7*V}MB${~ zmt%*CwUJl<#^3J9VZ(PA$*e8;t1|G#nrb^GjN`F>uF(+7)&}Ld&J+TbgAS!W(+k|6 z_;;--d?rl6l*!*xNLRu5^3O0o3os2Y_nK0{mSC>ZFhgoQf@TVDuh~AI;+G06!2gwW zO37KA?btXDedTpn?BT%d2K383<0@lXs1BtWlTCQ`*)I_)hH)lrX(r{yO8h~Xb}~6( zLWTP1Q23my-%I^ZTQ3yMr`^g6Wv;Af1ACtOe;;6q99k}-h&t3 zsN@}Pl9or8KYz5H?1qWC_l}t$Qq#lEzB1gn$tmS&u>H92E1A_Wpz}S4x|&h;7otHM z(?~eheL7{sI|VH)5>dItHv>&WDM*v>c6w2}m*)@71K^vV0JHrbUkNFjF&83nIWibE z&pso{gdq34T9G;hj6Y33GRbC;U@M$tmt3w!kCk!}-Yv#tcPll;%o?60hItTw2L46y zyP5X+96z>QEBTz54+rJ8Zk^@Zk0{m%lb`;0 zndqO>qBgD9*OI>`kn+~lTU3kd_zYDdRnHW$=)y|O81t$`lDK-+BvrUha;U=W`UByD zKb6?hv!#Bd#h8j0BWVZby#>2l{jd3CemBd)RCorN{pr#qUCdyzY3pB2z;;NZ!pjlm z6XebH9C=mK^oY@wst5Kg%vgg7myEF=TvFVqG3;83E)Pa+R zZ#FP*FkaDH$p%U9bJC`fr__LrPw7J5wX>z`q;L{G+z>-@0#rJZy*b%XSVNJ0{dUyS zm=d>M|BiYlo4TnVTdk8rvtMj{x>-x#WFyc!oND?+c2*e`5Z+m;bypFq{kCb?tz$OZ zn+_HI;O%2KjKK!`@p%wL+%m|>$tE&LdU*_=4AI~|QiJr*t&49>XmiYh;Vm z!e77k{*nyIpsFA?%EB_Ea5l<9E6pMfXCr~CSMA7*X^cqWc{?d9x5;1NtlJSyHoNVZ zE*Fu!LnMIt78NMjLC7$K_54So*s_Eqc3khtq;CWt-=g<20`+O-RXA`IYuG4i6<64j z8-cvNLN)-c-b*>!bV{KVKJ7)(NgA{BxipNxYRS9v?68ZoopCD)BGZWdx@yjrpXVfV ztdpW5zL)kT7d7{RXBGTSk*y=g1G-_Wl{Qi79oNRM&2m-FPV`r=Hrk6Ti*5QY4Lma` z;xI5}qirJb2$A7G&ELlDV)C8wPNqafqzf@pj(o!OqldCW+j9{PFk^@n>pxIVGIEq= zu(krwhP`vA|9yQE$)Tw%jpS?eDI_yfj_c1rf9z6#>uPGj;)58b&{Q(m5>lXf#cuQC zk{cE!=$CX?A%g-*iFDRyVF)Cj5A*zb{m6E^7fL$bwX*%kM1)ZO;SiEAfcbzACou#gz<1ZsQ?zfM`Gh zkaT6$ol1x-Wi5IHtR}QRfJT^5d7Y!5{p#eWq4z%(@((`c&s5A#*d-a|iW8ptrZ1h% zv7Rrc`)lq+MV@y$<$P`kpOgI^Fs~ht>wr%62kcpNW6J8Y#yE&} zDeXvUBs(2`eEP?W)Ewf0Hb;arZsTmGbO(>UsnA0IV5x(sMu(-oRDQg68a$#~)w*tz zj2AcX1AHM3(H73#@kIr7L-d(fGv&_nZi`k={|^hS*ykYYmVz^OL^bIcqFx|P=47!b z*T*op@ln}Un%#=^3y;Z9zn!qeAMu3UGohhJskVKMa_j38JEUkZmFG&NQNY7{MwY5tk>_gI() zX)?>~8o~Sxm?9|z5{~{}1Wl$Md6Id#Rm=*#8O@4C555-Dn)-V+>wxG)BgpAN`7-5W zJ~@!Xzv)5u3o8ikWYS1qDpeqCj#VewTQbI*ns>;z8O*hCKbl%~KUuU$cYBwux;38f zsyn26AUY?>BLVHPI~iLGDokR?97}f(}9%o14zIWWk;o+uPmG z!c1l+tQgUdr{-F`%V$}#0#bsJR6>}ruF=rIiC(+K>{i=2S8_Pa5Mj8NI1}|EP;}Lg zi-GB&tiepd6@!mrlMGg!#R|lH61gqu$GqU$ z4iCi{R9Dach`z62eQdM*wT8>?kx9Vw0rs8|C7L+aX=?6{c%_&}YEkvT)S+aTr1yRT z+inUR!5<>UszcbBmDqJUkPc)NF~ri>q)YR|&~$@Ru z$%`y_vv1lzLE>8JXfS>cNMb1X5k~FS@&Jzn6tg6)qMhs)uyfNiOLYun8Sd z={uK(Lw{p?5+Av(?0q61v;I+pI$VI=dPftBxuc4t@L6r!L3RP&Mo!0&dpUfPW#xrQ zXBK~#Q-ybM)F)=5JdN!_?PM1nfg`Re;i|t5gvRZ7@!5nBkp+H~=K+*)1V3;RZl~*_ zB+T$xF%6-z-?_g?#Jq^~wEm32M|U`4%t~iFn^58?nD@LpLRrDQT$wrTo`l>cG68an zWatMyNT~GxO=M{U8g&(Q!}MJECK@xa0OyQHK@^rqnF`6knnG41V0}Tal2c$LVO0n< zqQ1b)zWDldABBl&A_nS_Qj2^J4X0Q?2Mie-`OkuvfEJzNyJ@3RuSgrlm852?Q>vUL z;K=(?#ANMzDAE=6fT^UVET-gsJ%rD$bwV+^GRO;-A!STV_Y)$)Q9k&BW@aGEYyR}g zR9oW#S&}b^p)HU^5MUSF?`T3$$V$VadgG*&sYWAz%8lERJ#wH@iQ>IGGvsHjl+nOd zb7Z9{+~1x^X(RixFKu|odigR!bLWe|^zN5iF0;85_lGI|s(gpZrz;!gd4Nw9yUkr4 z;YbyVsR)6X?Q!b)IJjm4pOx$&_>UQM@VnVY1kxnP>WJi)JmyRXR$+a$RGsS&H_^HR zW}d0Zx~WT(IHoNmkU>E&Z%i-Wi88XRcNY?CB25^23QWm zJ$X6fMNQ_+Dp`Nf74#yzU2KHn1vf}zeYGONLn9R$0Fz;wJ^_tyY?s`PU8uc52r+t` zoadXBT!ee;&HepQ17n-@BaGvThsM~oTFZes*`w6R(L*_GK)neYnTYSev0n`~0nCFK zIlFXUT&Kg+-wGvn)~yvxb};qdXWq`_PEEiuSJsbgHnnrHr)4J-z#RN0vO=9##-zpq zA55Wxd3C&c%pW|>Q;pMGH_hrbYx4XB5(+(dW9F!0WG(YNNY1~3Ks#x&03v*A>V&dg zx>^bRVKBwhTjV14j3IL36}CFM3L|L4{WurJ%(^P?hDp_P>5M0;S3T(V_X3S{cTtMl zKlbtI+IT14cr`ZTElo_nvR_Ke@_9MaXSIW|I3Gs}k*T+oC%Htn&TY=<9`K_LxnQpz zDeFSSK-oPXlwnM&WV| z9nc1_Z4bOAaP8*yq#w+D=~s^KYO>GnP(U@ zo6Y3Z&L=vPLb6_RWE~GMO8g4WF7=Yf@eF% z3q=`w<$gu;_bZm1{P6QaZhR<$W4*D!G;Sv93fBt(2ap80E9?ki)GM+jTSV%YusjM` zmj`5=_%=P6;_lznaV%J7Q*XA=(*n>8yGg1Kq+X(uKBVS)`0z|zA!UeDahtX%TklI; zjE?d|A=&`}$?ySvCeV-V-|>lu_)5@I@uE|VgPPk?epW449Iid!+w;gF&`B;EBcLt% zOt-BP9GgdV7uX$oSNT2>eF0IOx1SP1V#4cOCH1ms;?C|R)qr9g7O9poYJy`|AKB$q z;hB)f5_P3;1zs^}JSBCgi>hn^Q}1VU1G^zV&;^zhabx#vaeUaVYp_8Kks@aoFndn9 zn5>_YMuE|TXn+BecB6iG-)oRJV;7Z5Ho4lWb5Qdua z2lO{-vBTa8+x0k*vGQPPUd@WzPk~ahAH4%d#q;naJZ)kHu%_r3j6u?5=eJ;HfYQW; zdRJ5g3~tJ294}tY+%Yr!P>))7*qt=3u>J|<<}z7=O>cf=6!2bCY56{9y$8j;eVtkQ ztl{-?N1%MWir8H0Ev{Ih_@R~Dkq-Y9| zA1cDp2suK0E)V6z@kt^JQDTk5PzVvnGSmKj``<#I(Wa7T8`PT1;fBU4uab8e0DswI zyk;B`KW3}?kFwNHJL6ehG>u!KC;g&snJ1k>luppi4>20Ta!BYS;R+f zS|8awljgeHqmN*)u%xb2ydanB3=)XsmWzf~(D9~`LNAOSuVnXN4xg0`M#B6HsD7#U zn5nsq1?K7BmfPSL}E* zp*J;h(ZQq`y&o8qOcqNVl5f)FgnUO?sFXea4#@3KZcx*(X* zXHTMFr&5lsW|vm{IL@Gu!NENp*XgLP~Qphnk1-aH`>Hf*ys?T zN0{WVo>m1i4#$t|Gb%BkmH<`t9jMHAa>DP@NY=rvr&wyfQJC*JB^lgR+L#d$Yokk%~4YVyip@WVqJDr_NFb>rC`rkG9r$VY)z_7OU*$W=XWUifyMK7tu!lktvCMvD zhx=A3YL$A`S%=ufR7e&j{$>+suwHTKcPHd-eb)l_Eu8P8-Y~q6Z^WhdfXGCVVm8C` zgaTS0>8mIFA z3sK1yJ=$vp#ZZtWIs0rhoDfG?J&a4G^b3Nw2; ziD!uRg5+w|-oQPSiLb??WHJ&v7tG+nn6#9WY13CHcLC0!{g0-X%i~T8ZsCdta^u=jigjtM4m^Bl9x9we3khXb@J^rdE1}w z$cbQ5{tsG%2e_TyJ(Xt|?7^w+)FW2%OSy1*YL zuq|syeGdl9NAhy+ZxF70mJ>_{%*AZ^Z9~BLs4N27D^(Ng=^N#AF1ah{ppA-X=mL-C zIocfKVqE?EW21`V1F)Pxdf{9w-~ozrP4>y*^SBh(?Qr{#-K);RI3mI$XTsjosCoCO zkE5l25&b29NTejR7L6sypCRg)Goe+oT6%yoqz}V7@p$MgUQ?1qt2|ZRW4J5c*!MSg z^0(ItIyp3r>Ags2hfy1!^I=~*HaGX?@_JgE%KRcT+0AN?Y@Uf4SqOvDw08rqFxlKaR`xh!S9VkCrQhfHxN6H-`FQ8b-zy_3hWV9v)Ui}dz+H9pvcDs-(aixzXPw^d!EO1^ zkWewx=x8`puJ5OX(8wr94 zFMyj^Bei05GJ-|RF((xWZI&m-wCoV|(7umCEs23zMy=k0ebih0 zX*gbAg2OJ<5q{|&;D>CU?NZ zP>z6yJV^=IAeX)BwSn3`j=To(muMnA*VXY@(0@ieMoD{2{UhiTS!XsDJ(Q z^8rtQ#N@y-??-*e!3=|&!`HYqZEDqJxP_q?uIOg6->N7Il(wZ18b=~j5D&;azVv>8YYX=LE*TTZZ^r)D2Q$0h z9^H}N%j0k!>OvLy#l#c2PO9?f(a%=9Nk@aFh7D{y7^~17(wx&I#pFGHgjb?GJvocE_|5PZHT*EgQSEib69Wqc~j`6WPNO;o?Gq0c{Pdb_=abjR^x-@|lm6i$WJYiA&N?xs*Md91m zS|;&e_`E`FT19figpY>EBe|CUd+0S1Vzm~U=OQw(uVCTz28&L(V7JA0QzEG$R)+JT zp!vvnR}tq(uU|23UCQPL1}?uJ?I(=C^MQ?`B=8_X&d2yf&sZhda{fwuIrlbxT@ouK zpNb>xTtnKB?M5I$5yc|QJ?H);o9fu5M`06p?CV_C|%Hy3fojpV|?qGZ-x175I1{en9uWqj*otJj}P~lJmCv( zUDCb4vN1JjZ;+e$VncInm^Z(8k529ft7xqADNVaAm>mZtkMfpqt=ZwfiaAVd1XFB3 z_kAK_gIUwDa*l}bavxh*peL0(v5UP<2D@39^l*q}jwr}XbxIBYF~DNC8)HV9o=}iz zPrdR8`He3^g`DqovcBBxW;JeUKsPWBS}z;A_@2*qU?wAEpNIU!IT+WjGThqgWZpn? zTRL?hE9}hvjz}x*okXCWxN3NYM<#S;S3Yinu#)+&9W=gxL&0;f-wc!F8j2&eY;fW# zRl~cZ!sTMXU5gU1Ji6?L;g)+l!Vt+;%+zO4i*%-+pVmnB=eNgqBp5gje^D@jwv8I2 z5Rw8eMFG>p7v69MgzL}o()eeYCfK58Q;#Br{Dp8P(bNgT(aDY|ZXo5%OaD146d3Pe z#YjDYfT5oeBCt7G$S9HEdUf%Df@kH_-A>$~*Yp^y)d@PZdOOJ8m?`qRm;D9Vyf5H#98`cpC`D`}SI8r=*bDXYP z94`qp z8qTyQ%V++VQtq)$<)WTP^Z~Ul1lp;p$q9e^J4#}otpB?|c>dGGGFP5<6O|y&^3h#gOcY!D20lPosGS>yP+iA#G3-d5b=RFv_kRhD;Ue0hC8rYl> zdOi%NlmEZ7gkAiZfVn!^_Mkx^cJLi{&*yg3y&&>2F-?^6F!JX?5{*u)B8K4`?+ARG z23th@ZoPOh<1B=#;@}@a@~Om;hJXt5d2ra`?qs|cCHyI;`A703%rUw=FLJaKTDUio zXjqbv`cQ5*({K;X?j!7(9psepv%{a9&1>hkWh&dbefY&pp}Q$>vozCW9=YOGjQMci zYJ9z?1-f6rOoZl7oE}lUb>Q+aWbv!R0fXcWuKxp7^9=R$FCV%+`U~;vKK)8L#KzXA~GGr~d4M;1D?v-2_St z<)M&!PmSqD>#}IT$=jyjLrucx+;!I0Y!XgTiGe2z6O_1H6>ps~2?7tYw1Y{}l3Ye| z>Zhf03ACEct`=C~3Dg_GVp@O)20Hc$F2bW(f+;H?9M}s7tGN>PRnlD#X`yYd-<@A6 zvi|&CZn%x|kLLRN1@(QsT22dPzYHF?(8t1=e*e$?_@Z)2blL?EUyO>4A5gr}`p<>F zc2dNtV*J@-dk+G$)TKH;*l{hXfu`g*)kE^(2}2|3gZ8Ro<4$x@q%g%}m@#)@CEpSx zl}PD`I3sp*0wC$U6zP}jlT$8|<6o(VlDK_--`KJWb(t5bW^@P73Wt~{Ys{@R#{Bm3 zQcB|pr4|nDnh!-F^*_T*LlkDLqg=#{2#0vqUHtEbJc$mRR)kLLs?CfDwD>$$@EY?SWq4Wy-STM3lNih!jQ`S`<6(LNq0CCPq zwU496mxB)jZ#QjTLTG%8Y~|OcG@V63m3x|wv1=$VEU`|Kl_{lgB(_Ml@Se6OB^OlqkfwyCyfzY zEthBL_%`IYgu)+S8WRm(lm@d+JLaOHrkmEV7c2!E*aBNNyBidsC8Y`RH@OznE9LEL z&?H%N#hmw8!e%b=!sFsXg1ya}!u4)Df3>^r`&a3_4#)GG_jmpuZEqPBW!JtB0}?|B zGjw-%NjF1>l$0nSoq~i256-Fx9s|OATxO7|t8K7w}g`pv^cTWpKh@NqI0=@Vq5=@ZU%%7u0;qpe6o4-5Q zZgrXDw^L3vQrlf2yyn6>>@av_$|2YD| zb2+_#`x(OdDWz##&MKvS*uXa&gfd4a&TadO(JV=~GAIYH!_8HW@LNICs!S^ln@vFo zQf24&-aW#GFSS3qV%h76kF5`e7uob@PJXi|WnX4uIkuqZz(0Tp%IJ*{2K9#F5KZ`G zIHJ9%M7jB$^!k=D*uYlC1Gk_30Vzf*d{af!XIb~txR*)nudp^w<+vo&&++ZE`yJHY zZTX8@x!bIFMrs(UZ~bsZe~-;xzeKtu84=wxm4*7^1tOboeOsOD`Tgtg*kaz6ZFn@i zGdd{z9dJG2b|R~wYRs{+h1c>z>z3A~cI(!;22ZNghtB0yZj`js5 z*pR}Ct-Ml^{Vv*P*Ni}VCI|I{>x|ovp-2Z3VVSlNh`+x!D{~D?9l0?tbv}?;>_vyX z_r30AbBE!P(e)a+8M?N3)?{Jq3~#3WRwrJY3>|(wnqRQ|gmd|IXz${O7zNE;3D&?7 zr}XGB-`PrnukN}o_xHDipNO4%^h{b(*zELBU&DjH;@Xt$!(}kB4xaJbOt;a*+};n> zXne3J?Lm^azr6rYA&1KT6xA=*g|mc*EWd3<(mN}N+GPl`>oWSc(CH&+Td;86m~hsq zw%5WR;HrECNCCSB*Ek8{m!{(rSq_yEA%a#z2gY%~)l7$4J+mBXH~d*CpH0-3!Z)Ux zDEG&&3|`=A$hEjX$1y0alaZbd{p*w!sVF#isBbQ(fj&M~P)17u$wWw+E9u4l(dD@? zUUH*g@;apktLEu*#}v65R($2z8-{ODGTgAfGQ*P6!1EJ-?bP_FnlS08S=K>DjX)|5 zJQl=n0_;(dBXm}VZ?5m}9pB4QVmm-fK|$pC*&6RL?y>1k zhwj5gu<<`XyjkS!RP@Cn?lJLaio$jZ`lmvbRNo4b3;8GmP8ZS~&pn*P0g25Pk8dA> z^OeMu-LnIbA6?lHoA>Qm(-gIcYUTgh=^_;*AR$lm4CcOABYyW6Dj$TzwJlaE?xGYB z7_7%;jnBs)!f5IHcNv)?@O)4xo@CU`#7|9z;Y0{JaVZG8H? z+vPE$B?Mebw)U6reIv-}ER^^tYF`GlmTHDg5}|C?61rAJeYF#r6OBwIa@h*I+6@9P zV!ozzAKX*gWo2&g7p>+0)|o&n$t=3jk;0Gt(M)84*+T|e8sI_E(U){z&s;h z`R*s*QPq05B8{s8Q4yYS+3H>}k;MIsFJXZoF`Az1hTb5HaBLJU=hIv;6$zA@<-{6! zb@gq+MwMj5NWwiKkCMpPG5P|KnOKWHyPE|30Uur$^BpQ^LzGNSj7;;49MQz{3Cw-k z2HD!l#Ootv@LJqKsP}+iI-bil&F4-sIhC*B8#$Y5V%@xKB%H+qlW8v0k%DtCSMeiO zKCJ4n4oLW%u{D4TTeC@&d1NvBK(gkQJn(MToBd(kg@ggE;1Bih*6tF0E-DAMT&2GA zjiN91Ma`!lkR5ZM(tg+G84BD#Up%|`-AnEt)E#T2arE)N>1bG8-qf~FEgw53CckBq zcCP?!Nead7(SCfUw_{fpSAq90Ppchd>+%yPH)2bOJ6=TW+Pp~->y(7P@g9|m{rM;d zPq))a%KWvSLhNDei6Q4ifg_!(vmr#Lm^0Q%>y_B{vW|QKdJa z>Q`zh-nU&`q6=G)-NfwH7+Yuq+(+WguYDV8&6Gh5Qx0Gb&RZ788=Bv!YY(A%a`rd8 z5E&v5g?{G8?tTia>t$V=3u-9t8LP^YJMVSY0G8#3m*!Dx$Lw~Ek8oAl_%Z0s$HWxx zNBF-3OfU2RRY+Ij6FJNG*cdjhS$tE21!K-W}wq8MK%QSQIf^7MpWDj+fH%~gn2 zu<^IZ#_A)6xsQAf;>&wMW}NT`lW#eUdbgGJm^^-NGx1B+K^M3e?nPQ}9Hs3R*XBI+ zFbI4>o!n7FKl_j>InwgprGef(WpAml;i{p5ji(4Wy16bwl%NizN|%cBW~w|GuFLAC zN4Pv%f7X zM?P2+5_IYN!(Qjh_qqhXL?5zm{?MO%L-j`odEH2cg}`%DT0u;$a# zoV&oDWlbWOuMPbih!1O@z=|g>BhwywhMP9z^%0;7NHWA1>bu4redWfc#)ni?V~gKcq66slbVjtHR}}<&MwEY9R}|#1-GB5W8%0d5*NQ}qNgwwZ8F@U zS{>an_i=c9muF||)&1fxQ6?h|B1l}{-XU*DBB3GqRB-AAJ|^0=NO%chYh2%mXy z!`cXbzX`>kjIw}_r~Wx7xjvDg|3tAFj1;N7>!BMooiZ2E<_}YW4c!_yi721NGgWKW z4X56jD8IWUGV{eP!0m*$V+msmWs8DN#jz=^PM?4pnMWUYbI`obwQPkxNzy0p#&SdD z;filowGFY(%&p9z3oUhH!I$k@mPOn3_AjCi#S0VIqz&J@l6~`Im;O2lIkNl`bygmz zwRzrI(%8^*WspApc=#3hf?@kC$-IO>=J@o{A)8}E=3+h>41)WZN9UEmEYVv&7}NMV z&gHKc{OTJY6$h-yB{80>U|D@1g6}=m99Ltnu*X-q$ag?$F6bP6OM&mn-5#&zAGz1@ zG+PwSLvvRq+L-p1|*iOhUJrVlA zpvHVaDUOog&a~9uHyg~9G9!45Qy`fFO7-Q(6zmgB{hgfMXc zuRHgKYa%iR5yD!uCY*4?M=tWYRcN^3DnYmzvu$}?ij^I$ga>0hl}Kb;WPBfEk=M*twOrF8*tukqvZ{Hm!TpW4h#?qn1S@P@z1%rD<|m`R z4wJhkiRUU}hzacm`;js5^WGzIf+pXtpteN%wSY|VqfspZ6~Fru7wXv|%UGLp?O`}P zUd)7T1I$GZ4I9~iVeWub9og2O!f~q@l6s0vw@!wU%w#x*kKMS?j(bQPQ+S5;g4=-T zWx~rb8|AB{bklP4TWJaHa-1X~%aH?QGN*+XRGdwI-!TFoTfySz54iXwKcw>Ce@~j+ z!I@OO(w{skYqndc%SK-ug)d$_I~raYf%EF2ZypV7{pwIWjxA!&F?H=}>}S-LCWeUsk%Q0x?@Zm8hTgPD#GNYsS4>~WT+@DEd^ z91Aj^ZCi&+RRO#UD%$ZQAlB8=@_y7iyFa^ZE67g_bofWXAf*f0A{$Vx)H^$#740b0 zF}cQO1>t@c?d$TRF`!BE#Vr}=@3+DrXTt>egh9!8z*PwECo9LDBnHRdb)MI}%|bPb zO>Ywub~;X0{mhAoyZTMUJ6x9RRHB*P_!vW=NW^ zU?WMz%oDu&l|so`5VuP4OA1Ogfw!P_I>re|!6l82sCGI&Uu(h**oJZ= zTTi%Et19V0=I|L$F)O@3KGvMERdKhzLc#u!wS$EG=0A%9Il-+Fw@I8?731m zx$&0Ew%ix?>H5`?p)v2Sks0H>TB>nR)3?z77meQLiZS-m&|XKA8@#vejo%M>dzJW@ zw3JfQ@^Bimv8_XnE4eO$7ZW&`MQ6#u?BrRVavg6Nbc_<{`G+C?h>FSq z9A0}(o;m((gFB8!NG?(8A-RM0q~fVIyWM+GBkWc}77A0?Gew_*Mh|it-5;rCa=CdgQ+VwvCz6DKCudwluMw&2N^4?UOah zRotSgdso2&nIE+dywF#rxrM}c`ej@s58wNZwvzJ+kOdr(*Q8qbUGS-!FWt1v9;ZCW zeLUX}_=-e6HR+@#pTBw}mj6-s{Bchp3RKZjR*TAeItZy=<##lc+DJj*oyO(n zFY=kl$^2Bn9Wa~>V|0wdp3oKQc@RD3R z7@mB10n?=kAd!8{1OSQvqn(buQZ16K>!t+x14JoFnB71|5}=@!S^vn+WP3QNXbmS- zN|-Jps&gS4xzk_#Ise&uAr3NYl7*WCB`i)HB6Spao$eOAQ`b#c~p1)CMBO zRDn?8&RL+KFrX2O7Ii-Oa5*W`I{dup<;YJu634ZTIi_BlN;c*3*-_hq$R{*<&xxNI zerbAzf2-xH^vve#KHOVjA?@v`n*7a@V>fYRg=t}Uu-)YkbXamahAz3e=Mer{J3%+F zYwA<7`=~Ut80~=@b7uA^#%wd%)LUGX@8(vsCFE|s^Ou;2p8K8i2hY}=7}k{hq^o8l zJ`EgB3f6CZzHZ5qLkBiAMHVKLei>$ZNRgit3_B`D?Nx$I4&F1%#w*ZtipH?9(wsF% z=&&fjNfwrH7@jUVS-QV!)OAnH^KnP#ith;T15P4!ckTB6#tuT568oUgc+ZZ!GRKm6e z*DfPvM=+loWjH6d*L}4!j2-xxvZS7`m+--Z^Ep1I=a%jU!riDz?g%KS3forqzkMEq zWSbHeN=cIs4oa5dCv#LC$0N|oXzqApbh14vDOAaQr^3Q4T2jFdKS}-Rx%4f{YFw>g%9V^^k;b+D+(waQ+sjE7@@=nQbr>^rDS0IgqJK1 zXj3mZ^87kP2yyqihFLlrNDb7cDBd{^i$-)MS4t$KxRO!wk&jC)C+L1{L3I``*y0!D z5MozVw^nGczNFcyrvW?dG65gEd+RM_Vua1jcq+d>4Xe38uiXzDLa&RlY~-QSp!9$FsLygG#~p+$iJF@1Bi*zdp` zEM+|Gi7p>Zjo6p9d3p}m8RQ+as3nYNb3&x3Z#kp37@n-alE1pmQHZN0zPna1{drQr zFDN|*Wj?SG%@;(E8zqsr3wwb=Krq8CDPt8r85dbekz-EN&`P2>$OZUslu}Y7`vub@ z_?=yKHoF~{1P+}BCWLB#_u(~q-_dlv9OKc-l%cxwzDC%GdnA*dcPd;MHAp!-Hsy&+ zhsb~*!E4R>$yTzKEGsJ~1p6ozreJS;fBvv0FH}r77v2#$i~k|6w1lXPRcaVHzPDO_ z-YGvTZ<6u+ci-1vK7U9n@R-zQ35y0Sg-Om=78a3iB6ZS1x{ic{W*;^Q*To^AiRO{v7e2eV!KU!~3 z*69Z0|9Hpej&Gl9xZU5MeY7iBPq!eZ-BX-gr(R@;ZT|E_Ogvx5-kYG5;PXR;+Syt< z5+V$B#n^P~;hS~J1a0lk5MLQVN_Nr|bt)}bNiS2FYNo(32XjZ^8WeYu>_O1-*l<9O z1W8Ab>1z?Mv+9l*&KWDS*TVHrB*Xb&Z=zd7*Q=JW!_VZHCKtgTWqSPKM<8A%cE0rE z+#LrH3dbv=`2pBb-=>gyy!*yA8qBK4eb$EZO^mhIgF=q`X7z9)m)V?OH8Qu&|HZBQ zvxc=~4yjTvGk75Z=;FUY5$!x?wG+u+PV=_m5I34KHYZ`CIcyJ2X^dFMhUH? zvs8kjn+z?N(&60bi7EFLOCM;q9t-y{UDJ}n39gp(Z!1k&lqxm4^dcR^M z0wLW;Q}8Medb6m*pnk=(@5i(CK91j>vdS+77tGB|*VsnyR8Sp8w`SB|bo~AnHK0Nx zRKiJoz&)Sw%cqQQj#lw#fFdx=CSva`sHF;X^!h(d9P4_()|AHa6HWo}*a3AS-w{YZ zGUPWZg$jT^aV!^DCT>=NFw_U7^U5pJbG4OmUX9tsYm8uO`|qOJh6AyZiK&W5G5eb< z_mEEjpStN9LK{+T`Y_FffKXEdCZ7*1$J=>kqZCb0>aa89bsl~AB&pN$ zMOsGg$gTEImITsc6e0^jL|#3@1NCV(gGPDpdu)ns`o4vKWW`I@FS7P&626_&`&;cR z%VN@f5i#bNXh1fN2+y0ZxdKcCGMuuvhi}3 zQZeb1XI?t5AF!~OW@x2i#^TNdT^ySb<0xye72MqiWX8nshCpAP1z?`>dKVsifg75# z_4$5!adq_3V^@g^UvI0Uywq*qH}$G+YjW{4Xd3r-0$R%|6MSl2R1t_A#G`AjXNe?XCF^zV+k)qR&@?Ld zwxSctY4u$0VO^ot)FO()Cr~yxSMzAdRTnw=lqtd?3*1>Ws{%{S2aR7GKS+q<03mT$3V*T-c~qku~||Kn5~BnP3Q2 zGv1bxn6nW?De{Ddy-0}gAiIC%=?mIBj<(H0wT<7Y{fjj%xf7Y*u6YLx?iL5RETFh8 zjb8Rrc%v8y-==TZ1jg0GTn-8^^C<(!eW{DlDjDkns}) z*5GRNIQVl)n50Sk!_%FxUS9nOJhE{~HKUscSpN<%z~+xhgQ4_Iaah7fSZg>dO_=QS zs%KytDV#Xn5fJoq)nXjLm?xZ~N6wUpMA6B4x|&U+3Pf6%D1xZH`Mx6`Q*Fk{OZRk{-)j1!hh5!`(bV-ozJA3McBAq1IW< zIfB*2#7KHNaFuh|r7)C@$@U5(k#S+T0l&*5XONyz8$ww2(V z3JbPS6lQ-HmS~S4BFRh?$3&a`<8#@Gl9(}swD0!t57~|*&?=TYSIYu7de)-~DG|(( zuJhfd+d~K{W)$NC8h7&s-1g|t$!uCVXI41>wX1PrCN@F>jXnSwV!mDxMwHvfRIWlz zkAh4dlu!5@Mq6BK0$u}!tb?Dc*$;_FsfEnuYMl&o`x3Zm)HM^ICJT9QY_geO&Jt7e z`P(gAp77DI-g{O7gmD=Fj8k*sA?7 z*tgYy67YQ*UTQzR{w~2=p>#yqifYM6LQ^9}m3la?+8Qa?`94xmY$m+;mj98XKj;-T zAQGY~`@nFB9p&{mY4}=I%9J<^gN_QtJAcj;QR|gb(k!tfzb$*5syeKfWe9v&H%DK@ z+7nv4Vy?LYj||qvGS(~`JoHh@r3`C}$i`YEL0J;A(wdoOuccb2S8TY;jl}V+h06Qr zx92m%$dkhtLppqT@1VVJZjkj`449PE`u>g!p=gG$i!ePSPcVIDR3<7+?(g#LXE@|p z<$9?|BobyXV__=w(je&i;2&mLS-u^wtt^^vioR_8cHq0&z z$5tINWnFX+KkP@U%6N*r0wLXlKf%7EA|&L%D@^K^{pU3P4>bxYrk+ToBjx7zXAJTc zBSNXp5}l~pzQe@zSDV~0B)fIiOVEqO<^hVrO+6&EHhs@ZJ94|Q&lN--Yhr{h=Q1@5 zRj|q1)!bqHkoWqB46xNoW8bE{Ev>sZV)*;fuDJi>PP8-cEzVcZ>(OQP4?JJ_o7~dG z9>tKS6l`Oa!@xme%o9Y8n@Ajhw(rOEcU4NNPNIjPVr5PJ{!umMmdiJS08qF-Ura2> za|V+`)}lVS8{+&oqxl28Gur#1pEybvlofMSmzj%@ zMj4m-`FS9T_zP}pgQ~|tXl4CV;aX|Hbx;LtR?j5>7*I||@}7b2Y1sA-fSo1}2yO3_ z1Bu4W1n@<~pU|VGiR} zU=^yO!C(S?iN0D3pb?)1DAr}xchb=iFng!%cZM@z@-RQCa*|f0y}|8EY5E9Cg-^}{ z5XuRcCpEvURI$ae#t*x@1$l1t5{lpWY6^$Uj?o4=t|Ff-{$Z8zSFNJH0+z-aK%Sl)J+qCxRgp|xSKs9_Q@jwDdp^H2-Ors8?Jn1%v z43J}_cRwWpE&%_0dKQJ7A`ekTL6w1t*xuw5@00vP?~NI^QV4XbAbUGpu?qm z$2$>IUGjDc^v6nXJwAW=p?MeZ0!)Nn_sKa_V6p{PvjvEz)F` zPS_SAdopDcu3dUt?pN1xZN%h#?+LcsS)tC~%gW!D_ll39=t!J4^PIeYyk+T9I@mvC zxVy2ICNMgjFNd8N9?ybVOz=@EsVSE7CUx zL7)G6!#bw0bid05Z9kVq_^`01Rb@-G;Xc>B(JJ9H?j*(ZN6#JU0z|g2b!P5Bp@qX> zy&Si1*BhTM&{L652Q|b5u5$oC;+kbqn&o825+UL=hjAT>t!#zP^{U)zuAi>{cLln( zJvf3X#7_c_m=hpkOYQpqXvazW%~DMcY-3981Q=DlwkHdQ<$X3ut#co1GBax>l45vL zGxN68(QfP&?UMPAel&jVq}u6ZBw#|PnaPUvj&C&m(Muw(vFOd5L<~yFN32Xd_{r*w z5{eT!W)O^09Pg2;6pq`;683<%Sx4D!GiVyOi1&LCaz63aGM`mg6%ws!6bGG2pC`$-KY8ONuHs6~<04$n+E$>HRn@+=`{ z)6@e?*0Jj%i$X3H_RhQvS_Myrh1xx8b)nyO^)EHmbYjIyo;>46?a|+Z52bI>mm4ZN z_yU$iDvKIn`QuK?v29gMLF2u-CUI+8!k2>%c~2twEuitQ9kV2DMliYM9*2ow@8DPN zT8UwZ@PIMjOAw^(bXm1Ub2;LfqTv4aPf_qcUHn662)_%6p=U0S$LL%H_~1*Up9S(! zip2y;x1c4Gc^G^2O#YFMRHoz?ZW<}9FE-!1=v5HBFP0(8iJr6!zW0lCF;RotF17dT zw)BUCk32>oUf^cNQ^3a=iR@e(oB|eYwFNqxZ;R$|Ew>@JNxQxLm`HOnZqiHS2>-s( z1eK_uDAb3*!Or6Qds5>$9NwYDiRiRH(&K!gi{e@}+G+_F)ll3v+DX-*i8BCvv1?d`=-S zuES=ZE#>oSGwdB8rW?)k*Afxe5GX#l)ZLl+_xWL5Vh)iC`k-g{9WXF56#QA(Ke3D! zT{~ReuhnuPAjeebBvOVCQTRKyKe~6hi<2SVj^qy)FuzZld#IxB#*iD&w040e}j9>x{@EsB)DbIDO(133w}*qpQIf3DlA*`!evL4w-^NIG(tEcj2{-O#zV4POK%X|e#O0Q z2S&f-CzvOayO6f3?g6}m+xtU=!bFvOto9f64aN3A6Z_BgXM$3K+e!K86Ydq>MU&J6 zb+Z6)?d~vA+R_i|oi5b5-7QzV!F1Q}*w%ePp*3H^GZYkGrPL3SVCk5Rmbl-a0)g{b zh0?mT)aqfMskg54c^57E@8WNEh2Ju49Mt~nlhiR8)xwSBZAA**-zY~BdiT;j<{V>Y zMZ%wHYH79AQo3@*tTS}w*4TX_=d#vd+}BoLQ|gE2c#R~)8rOfOiY3?HZ%vW3-oK(V zCHnU|0rMVy3`R5MEb9BrgxWv{%jiMNXnt}s`;Y`F2O=FP=Tz_CI07VMwjJPn|75(40y{^lC2!XTvi&D>J@c-ju z*BPw_O}+K11OMlE{(2$0PftcB5NzoHoa%Jn&eZGQd;JeX9Z<^a!9ZRO&CYzYbfK^O z#06ogi0|qE6#zwH%^;khYPa$f!Erke1>7N$9%#1i%|-qfzW2wwDEwxweDqzj5y-yR zfx5QhLKbinXC36ZiHzLN4-3^7XFkf8{&a~ims9W56f-2V4=YY$O4Sn1#R zxxYOA+C-ocP%3bje+OS(h*LHKGC$@xl~ytj(ra?Qq)Sk#V0(mlU|_XRC``~SIIp(F^PS{(yhg$~$diX^>O_2Q{-l>*o^Z$HrE zMCznDCQT#~qY0Fq0F0M~gPw}?&fELB^Z<4SWoc>&hey%8{}$gh#&T`g25xmVa5TkQ z&-u#?SAD~4j8N*Zcn?Lvv!y78mmogEDd7BMrx=IhOHrjMY)kdJpnY_ljw5`+ubd~NWgR?L?0ERx1r zGL;DQdmLG(xVaC$-YBrbzU3U{tx9@>Udp>~$NoPCd4Jv7P+LfYXCN>L7+)~0v5&|0 z1)^omA(=yhFTkAv_*c-_HYWr=e(*i+JD~Lz-&QBN4!gT`1~U7&+13A_Y zs@q|W6~IZ%5STiALEz2W!9Oo1lJT1A9V#ywr3qN(sV2~BuxX|ifGK0*bq?VRYf2OCPW;#5VgQL5``Hq%0bTh@KzPgLBK#@Mi28_dO(fi0G)tCQO}5F8x_|K7)GuTr8TmkaYHHaY?nos#>~>f#EL zSHN1F1StzPk%EqaYqbXbR&HZPVq0~~e^;^KQx!ZI_1>5YVZ3LUnqCTcV_FruIZ>_! zLV69%$`{w|R+_KJRyqQH1yHNkdW9I*tm{n#fYR^8Ze8P`vMdMUU|}pzJ(?mi`U%L7 ztnkk{k(9pP8`1Mz(Tr&A{^J>v%CDFb!VcF4+)iJ--XJ=57+bR-kFZ^5|po+hg=k{s${n zj{<+k=n+Rt+@q-d5`=+<#xAD;S2Wr<*eZMD`G2-Vh&^V(WbB(dK-e1wQ=%IaU%;hF zZS>vI1hxw;2Zmk8T_6I+_|Y=}Hncp3$mNppw)F+mm`whpxL1I~sW?_rDpd_i&CS_*fxv@)4$UmmFPC-y zd_i?r$k)Krxg!9BIj7Ido_;NsA@6$y{0&$eLc2o+j462gOyvm>m~m}jMxq32Y=dcB zNA#YF#NeBC4c`!n-3a8T z%?6`11CXB?I4_GbxXv-XMXJveOBw@m&F?J7CAh-MBfdqmdWgQ@nOR=u4=XR5CxfowuF4ijhkt9shJ^otg#GXM4+>`!VX1?L0$Jt>MP!^=b ztlucIp=>4PGGJ|KB;EWV6wnbRHGaKtCr?~)76v~XS+`Z=?k@a;3 zfgAgH_4G$4(d+pFY5ot7CDef(CkE3!A~BZ<-Y+<~S}Nz@zI>GudL%)a(CNc`j7Ch; z;10LXQ6z$4BqHb0D7GhCgM;fO$InBt@UP3fVV_}TOl96FtLB>{d0>;;yh*Ej*H7j1 z`rT|Xx1*UQ3jmXSYKm5WzO>!muGnb*+PK`?a&b4F&$!}#bC!9%yAB|6j#5k&7V&sI z*`5-*_KHrMs{?z@bwx7M5*UEGh#6Fs7+;qjl>nT_*CQV=u<+IkGiZNY-Y*)<+p+n3 z_|!#?9!DgYi91~mEM3g(s=z~}%qgv~*^+G)=XTyA$6uOLMR$&zIbx-zX1=q!&U85Q&pz@)}G5VkkO?>cxqU<}*`Tc+XZ?i_BJ_q;Hr zyZi?hKA4ZWU@egv`Gp6z8t@jp&y2D!BE(C00O&K0pn`L!xUSer6~nN(%MmW}em@E} zdFkbYzSi8f#h>?X0%}LRh{yRbyH_9s^jk!&zH6`4O6M~w5%%iUTi>E=z$U4!ZrSY< zvP;pLM#7;B_jfg-=~TrSk)u_e0;L!(SHZuNoK{$y7ZqT+TZDaqlA!$LY~m7u18;D? zobe9MozGK3R6{zjlm6C0lH+yC*IQL#1c+>6bhuj^A*LFJIIZavdbNBAmr-fr1WsWB zf$j}j1_^%PT0B6KLoDHjEK=kUWY$Vyk1w$&(C1&L?9guuq2FO*Bf4dTTnS;s@G*8I z5wR?F2t%x6NHJfFt#-qfhxwhe73B0=p8i7WzCEhR;8Sj7wIA^aa&W{k?I=6DJm33L zc4J2%Bh&besUlL42_rgHh7_X{J)DUvZIiY9+ z!;YdLWZLWpZi%W4K|c#Cq6{M%WohwCNH@xsrW2WzA)>7XCn~Ja$m!0vEoYj!(h_f4 zL=yws5;db8%e;yLpAi0Gwf)BegN8vFwU`<04UeOOl68jjZFYvvg?^;cV)txBIUx|Oi_YkaDi7BEH zML0f-S63y&zzgqCwC>rjw>o|)d*6)gBXVxGz*_<>NUbqm5{HDiBmQKpBgN)ckqvkp zM*}^11r@xZ2`M5H2Bn`cA~QC;B1KhDF&$=IaaN`d1cR(+7-}SuoCUE`4`>En1a0Cl zT(qCw=zL5Cw@OO{ z^LHc~ExH6hqk-Saw8IzNj(*?WuVo@Cpv=&JL=X&TSC|Sxh&lIxwzPbZXrdVaWqDf> zhap8~5)LDtJsyk(1kepcaYWr>Mge&l*ve=4X$1%lV04cNvF2eT2Ne%HrPgx%rAR+v zJ&aVD441CgQh|37Hb{rrU>ditQ?_te@Sq@zrYw9UgOn8{k)lSFw6`kxrNV5GE^tgd zk+3DI9D~O)v_g6ton}h29)fd{9nxZTTZu1m!$>hU7YF{STLE!{mlhh$bQfz#(YEJk zd)ly#VTDzyjp%d1OdFtZk9j=YhJVmp&aq?NX{0BY|396MetQTsr|N_Obd{ zSaB$lFozFC)stpj<+0RZ1R~zzg_&-80zR(!+wT=O1|hUe@NWm|{JQuG0A!lwM$T z7K*HdvK+gA7*G23(ZU<@epTp}#0T|=@Q@WiWw-Hf*nPHz0ElL6TNk9Wv%88;X&L|c zkw;IP#0CMO(5UF*kAeigH|CYS=S+Iy7zJ38(cSm&{s?ZElnIy+zs z#u$PSDzcsD3TO~TwIX()+X3@8&XD}GDq+y?Xe`Xw7eMGcLCvq%+xbiRsD}!B-h*&h zE=vZHIDM1573I=JzJ{&#Uc+4yF(^^ZEaT-T5snOeV z37$4T3BFQa2q})E>b?&Dj?GGXfY(cvAdOVBSkb51KU+Rqoy(KP`4M%9Q zWZeU~J)?UcUvvG7Nj(Th%PaO%W%9y&H=gr%)?c>T3+e%pD))WIHW~JJbwpUr zN)e0t3*~J7naGx+34HH^`ADzMXoScFh_v3*$tr@x_)0JgUt-uW(c((zd3>{SWY9J9 zeoLm$_H~^}F8+)UV$oR@O0qs@SsSlTY`+36dxVVxOFi;HwfRCg@VnTPB*D1ODc!o2 z=jlTaTOc$q!N*9mO79B8(Iuo+9l-1eq010eT;3W8eE74%qKl}Zvt2ocd5UytaY?#A zl`BP6Z|-z?=0}j44&xbeZ}tW2H*}_`nB#s^vS_*`Xw9<5zj~@yz-fZ&gI|QC6Q; z9>)sv4yIxjWgHF(!xWBfpe~X|qO})#Ca7u8!f8Bohp}m=8mO5Kt#jEVoGPa*L}*p? zz8C8}mA9Tva0%Y=`?H-wgvX*mgt(1L6#zS+0JLV<+e(QW=nnWPc2dgvh9{=6OF;+lA+VD1hmco>A(S_Xr4)r~y|8v91XNKNv zkyRq2a-F~b^B!kx!aZcNQaO(4s+w8ml?dbt~46JIQ zl_r;a$3^vk#8D9Ov>s<806x(K$3Y=g2Y#xRVZ_BAd3w0|I{(DXNYpZw~(Y7cA zzcot|pQ+=068hHsoi9c-aIZtaX9xfHxPC$qE5gYORk@|TTW}(8p^^c$O6=Oq0`Hz= zEW5WDXU$Xn|7<{iT}gGAdU_l@IF>W*!vI$->8pY{N+V4AD`EXdzx3VaRmPXP3%UoS z{_>~#3;Y6uH)#xccQ#F~1WE#3ssTwmo0l*jSJflEn?=$O$8=6OATS8G18<;t(Rf+( z2?Og)vpi&^n*VW4P7UnF1dHF{>yyWO+>+? zo{!I2%_S1nSDcDa>8~hVTgkTmvd8%AR4PE3ek@@Yy_3K9ETJ8@>1i5g0AW!H1MB8^ zIA`z)<7TDLcWg{hP$}(GAWUZzv{6(i-Oj=k;n^2};lQ7Qh+TbE*p9{ZjvX#xbcdJlgm#Nr-V>ekH;?x^O=^=$a-5Y9&4H&8h0! zuPXoh*82NU^_Uac@J9}BlgNG<&8aN-9a=QP<<)b!FrOJRYxK_Zw@MNhx5i6t7&TcT zL|dqOxp0YR?QZLr`a!QZlrI7^(mJZ{Q^cu?o77s*9`VELZglL0aX5t4R~T0l2}R{axO;8l^>&AFdI{ zhOVLVpKlK@V1!EiXuDDFy)jznyJLPn6#Nw>Y8DA`{n{|{{4HqU4SK<=A~YiY>s5?b zB;Ytg!AAWFgt55+gO7Wcdmdt^9=l)PxAcI>6QQy!ww~k;loB%|#=k#_SGc4C_rIFg zI$8tzRV6^j#IGJp&;&qg#2229S^0hBDq+1-(`EYScVldV4CKkqx`VXWbMQTCUVo%5 zkK(YXpYzRjTWFD08&bXq4|knw{F3pLhXfr41wV+d%pRb(ngO(J2jE^-2}al7jYWXL z2pC_u0*L$_z~ZL$)#%cU&hg*Jwp5&H6dEwW)ZH*3IRIS})p;r|j{?n8Z70#t*CLkd znn(6*y_lT6n4HU?OMa&e!~g;DbU%Q|^Q<{f=N{+J0qc?zK)9sbAJ=|#ZFhT35A_A; zfI~w|j@)8l6n%Bj#hJ=%_S_mv9WDDcbOoHVZyN*Th6NsuZw+j7YR+(XD_8*s@@iD~1 z4V?Cx)+kCrtB_XR@48wCgJuBjRCAfGenGVJ6hJf|7`0v=AH=aKYuLdViJ)y^H2{QF z=G+&JGy&ixudT{QZ3+Nw+gvAXgK5LubtbsWOl=w6qduk+kk2{eRFZ2Cfd1Il!a?=9 zuNgK~T$W%s^7wq2sNUI*pSs8qNXqZCc8RedL#Ix9c85N$0pW^2lho6n9(ypC*}8HE z?Ykf)I63W=*NSQ0+%@G;3^2^je;*E=J|XP7hCWl?g$HK#&T%(8Za@;QXIQy(g0YUD*r_gx`-P$~-deAOWdN{@0uC zJ@8oFPi33+E*DAXirx73OrS*!t_vCw; zwaF3PTQ%tYk$7A=j|A~~KbH2q6>%owWSExUPXM-ORX*rKzm1M7An|iC?39yalc*hY z>6{*GF4Fcqp&(Pz>*X3e?g^MZKlSl@1~JjL4Hp^3`8F~pGSjz@L+cTe#;MQT{GcTl z#V@yB5H^~MyAjv_lFS8SPZj7aIsNRI1B&Szm{*)*{dQ?lsXBZqh# zvZ7h2M5;%Ul0&2tbBu=XrFwmTkLUHA+$IGjJ%`r1us^~qEG3r)A?S~G2wa$hFD5BdB+}2lsa-*&5NYh`3lrclC zhenx?q+27-bMP|)i8DpgN?Jy~QoZW(G#(wS3n@xKq zRN`bO)uS8s@Y32Lau$9ArsWO(-lu#E^SzO?c#fIoIB7HlWls1?kw92Qaye!uatCioByhtSpq?Z;8NNhCG?fY_q6&#^Fn0nXF3; zlg`NA)EGS?^&K=th9Pa}aYp}xT+-@EXi7O_|E5?YDKWivp(%NC-rabBrQyJf$FOL6 zBnpnJ_d+oQy;>`#%1ZkBM!?iHmfG>Cq46mYaGr7hBv0V^AN+NntG0ZAfm?By6WiwT z=e>ww{{#0z?H@O$cB&?sE?BS3hMoU`EM#n3#fY!1Dk^_$SguR#&=rYFT0)or7Hh2A zqv=r(!^yD&y+z6E1}E;G>>q%O%VD*ZCl){@n7dMUw`a4wWnX0c3kSj0YP3Uxa!dio zBNY0nzR@n?dJny=m?C1v6HqJr_gPH5+7l-|cI&&qXHMSxR0P)+Y@^3^T>Z}C*WLAg zBxb3*vbEk!N}fnH^Bt*s*`QQC`tj+O)7ao2G4pFUtIc8K}Zi(ZdMhM9xxtz z+u3=WF1>-J=wJCTKEg5)J!P#J#Qh$9OwFc~yK(-KCH}|Wt03A# zXXW7TZD;n?-AuMX_R`YT`V8cw>|^^J6xAEk-Icj|UjK=AiED=1N` zr{BXSEh3MGmh*9JoHi(Xr>@SZOyAb>lyMh1+beVowM{z?%_zIpn(j$+xZ7P}A>d2@ zygV&dtczwl*5ibLrfVDjo$#besw9Zmnx^>U=#}3ak}h>s8HCENyRD6#~$T=b&7Cele8B(U$cDfDIFUnpD{UNm`<8TxDJi{tZbp$ra z7)exaDnOaHP)0lWvh}PVuKK=gf^6;@iL{j*!R5V$Zf{0zet1)Rn)g!6+%XBKG1e!c zyUGhiNv2?RlsA1=AF7rPn>(S#3bZ`({tM0d%-DzXK917eOmmw$cFUGG|=WKQE)E|wd>mZol!r%9(zc80V}KX~CWGxxW%$F#xVET&*-kwP~u zvI;5Qr==FF0?sM%1BPL&gmkbX+!jUL5{a9IinTgJ`7hhW#!9_gc4R{$%$6Vs&`46` zCFqIItg9C|Ac)nq=Pg^ZN#`#sJT5bS&_8L=r@H$yt#GuQZa`gh;M;eWAx zIntZ$owraNW@jeO;W@0tGTN8j0KR5J5m+Bb)9xhZURH4dpG?&0ST7QFZV90!sS+Pw^yGBCIP_Z&tD-2~%Dk(ZgW=FwR(K_o>#r z2w40Xl?ULn^InC=RsW226TzGkC`);MU-eDWGUtstNqXh7&kdC*FJw`>4iyIRgk?wE zfcqQ@a7%Wtt*KgfN)lSC=kW}F^Z3~?bV&*s?IcaA-l*My8N;H>io&7kzzSer_a5hZdQK z^2C?5j3sI3pN?%>F5bf|HyAiwj^VLYlC%6h)^^GE53(+ycc?Hnv(sdAgM(Mg`pe%j z2u$&Bu|>^>cJN)6vdxHWF?&AVVi8RDU6Y6KPo zVAlfjiqlYSA;&2nn7C7mQY|?B)fVq^O7f}C94ar7ay?|FY`&76c+2Mzx<*@FdloHf zGi8OEiIV=7BUlc4RZG?MuB%K*TOBhZbtZevhOO*<619;xjFQT0CQFJF`UHsyQQIj- zq)tfZK8@MRiz1)6VDt%Jbqa&D*W7VmM`;^-aPE zwh=B{vq5Np(AF0+2O+1mAj5mGF0zarV7p>#mW=unY_75Qnc~$5^Rc=kk^`qi8+wOA zSNxbjmT!|#rL36t#5fvlnY$e;->9?Y+6Y|QhMz6+3hiD4aqz8c^@lx4cN*DEGNvV z)!%f#AAPfHPTS)v0{Rg=tmzFcp#mFqs07d6fZ>nMJ{bICsq#WRej1%Mz ze)=Q-(B-kU*vL=T`Q^zzH!tcraL;c$b*Ny(4)Y!r>g9D9VZ=+-v*Ak(4!&uauIuya zPXKw~L9(@kSBmV@gSU;$J>*2rg=5WoQ;lZJRJsWf-`sHaViM@9C5abHY>e)5!VSB0 zEUwJwq{S^yQ+RLuxlWt@+(xG~?Vyw$ijfn<8?gYSZ)~8oa)0#4S5=J$^qmp}p^KTM5_&hrh4(A7O4b77o$!+qgJ9UpU0p z%3H@*7+UsoD*c*JKR+ocR6hB7@u2F@Aof=%`}4C=VJV}eK=88l-)BkJ5^+7Ov!^{Y zeeri$g`>zdarZa4+~tD|#uvn>rQjo~;BX(|b9})*!u8~eRl*k=Li(EozFtsV@q7V4 zr%Ye-fP{Ge>km-vc;i`)*-PD`I@f%_6RDXF*CeHUZW$>YJH6;cGO8i~1S>!T5ZTI~ z$pmY-Vo(6Q&CuGDFLDe5xi+wQS2Uo|Qf<2V8+E@! zmSEZOW9otGKL(X|6`)ZeLnR~k1Fw3m?=sQVWy%)OWMCBwz%l|1N_B^Wa54seZ}UpI zWr97H_U{|nBzn>4=vfY-9CW_J0x@^Io+`f>ynSb;Mv?<$ z1#o|~{02`ps(!bZ%&QfPM$CFDf-PB}qbn5vbk3uNzyzjLs#q~u4a(bge03J@I=x0a zGccyTGG@wuzJ$b(^4jx+`_wSgz&h{L!t(yVx79-om8}5aX2&c2pdM0J5Z8@fLRwoB z3z8KlC<-x>Ut@;fRRzMn{gAbJ0ds}wY z2lfMTo8A2fa!WGg#f%p-WMZqAnv>N!7EGE-4w1oZdp72V<0U`gcY)KNP8+~LmLusx zSuM{?L8wqX)t1MBBq3JehiaQh)w7F)A6HcmKFKJ7p*~%82ySgD=sGNA?6V^n|KFL` zF6GNHOdCVVHyqdb0#5O0k6Pe8n43=`l({P;mHm)K%f;75CfK+nxo{_jySh-`z~?YL zNEd>2G%lrR=x3%}$v64EmHxWdR!cF@xltj#YnV0{?7dV1)OwC|R+fM<;QBb{3&Tm4 zCP$vv*1Y&?_fYqOVP@jVe2qm%Q;|XkRmye=7xc?ssmbK2@h8__OcI+vP6hPL?LBtB z1N#s1?dJ-0X31ju%p)iTOf@XYv%x>yCmZw^915TKygTWRTM4^hlsEg8-J)TON)Rrr zj5Vn@XK;%zI9(HI$Nb3f+KsdM2PX=%bW|~6USt!pe2uG>rO6U_+1ogh3W=VH{{>BH BL;3&! literal 53140 zcmdSBg;&(w`aTRe$N)+U2+}a1v~)K}qjZ z?I-_!AoTy=+rIiN)caZDdQgk+&BfgAFMWsL`~dEMZkgt;FjU)ob1fu%I4Ff!PI16VGAoSxzE@S|@gLS!eXq~D zCo<3@UYzbCOpA)Ev5bArUQBDmmCDDu%?%nQRCF9%USI4`h~CAfx;Y#0HF)B^UAJN| zKV_BuPSBwA(SP4ECS25{SJf@|Dr(|X1RpAKb`qH`zT?9I|BSFbNlr!`ny;4IzDKY( zk(M+bPYyQw-VEmcxG@ZQwb&IrX5`7L#5eP%Q&TIT5sz(c1x(X8U{b-j^K>zKF6bgd zBCsul{3Yo!+&pS1{c`}%YxdvA#Ri|)N8JYr_G=cxnL|np>(7nrCO><~{Fhe|Q~^E$ z`_7)+!cODKtSzl$rQ?$#V?*zwQ3N=#JB(>=X5(H5eJPvKYs+7Lu%)~-H|uNq!CGS= z{-oicUq~vNQsh}&SGv!6k20Cq*%INH`0@H^k-X5^b&_QorbE-2MT;x8Q@y5^Zs!T& zApdE0!}Ww^x=03RicMj`^pZmxCgUNmiENLkRl1g;^Jv*>Rz#ltkCWSXr_G~9h%G)k z|KeClb^2=kh)i*^cdxGP@ti5n>0UQgy)Mk&R(Vi{dbzf4C9Phbki$3lo~RGlSZf`} zR`mAAKUfy0b|31$?qNvTyg`IgeVx0X_kmDV_*LA_sh@1**Fh80*8=T#xPoRIJw4|Z z`oR*c-PUpw+a_&GDVna&H~e7m#nZ?n>*^M~gwwCAm4lKmaU$`4>76Y^uunITIB88@ z&IjU#@QfL7v4C6RvwAY;yK|>b%dvYpe#{JOEAxtLK-ftK7~|DBiC~n=w9Aye4^<<$ z3)eog?kjgASgYYw0mKQmH~T->g?zWoOFXMh@*+cGc2+T(izr;iGc$S~U;VzmTFs7@ zta&+Okj+2mb&#v+bFo!(eTBvR8LyUoen6ypNP#(6hFF(=CVKAYu&UVBi5NL&&+;{} z)8ALFaobi7KG$a}j&t58=x(p)mNw*Ed>cvrp9A$Tgqg&t$7@01Wgp;kIv&*#Rpn-oE@s7ftVSK!34Wp=yREY345+3m!8QT@m)$j4Yu8)*OcUEX-Oj z7We@6a(O$w9b$dE82Dfed_c>rDI`oeC~jCqsIQrCxG$(0ZnEOdg8V57N!;YYwN?eP_$&?n?;bEBAVVJ?Q zKErGR0jhG)fAqai#-m>cK1sVjpL<^Jb`Yw%O(~6^2*Q${$94qGbU=n{6<;HQNj&uX zg?1XAgWXf*kH$<6!_1Pe_J+NM<=sEFecq;HhW5w`>4d##~sEh>?X!9EAvmTU=xp$3Tv~kO?RZsINO@rT-?8^+L zOy)3MxqJ{YXhTLQ2BEQ2A>3CgN>DkT7~tk+8|iXdB0N?RJ$p`~2aMXVG{PI70ROg< zdOR(PZW7Q@soV66bn91`vhaLpw~f79Szm^T>h#(sYL zitwL%O-48Pl_IInM?*o%@9o=5#7VtM`j~p9f_}i%u%v7ihMIiM)ncxDaK%H%oTiZN>Oxk+Nx-EU!xFXKh)I zJ}hzh;AGr9+C;DLkb^dPh;K5$dR0@~@b~9&RAc!P)F$6xti1Pdf7v*#@mGBuYrU*_ ztyohp>+LyOTciD*r*RJ?vxMNAuQMrKX+l&>OKibh@QJix&uQX#_q(S>1M^i^d--B#6%uuuIZsnqb_j4bgpt}$;h%Tfp0qdtW!cvc##Adht z2V-hSC0=>SrYO|NAawcz#mHzvtS2ts&-j2F<7zxRj7*}CGpuXdY2OC}Xc7$=crSZ9 zhP z(;;4PE|*RlfqcQ8@pca@jT_kO5_QBS%ze7>u$I$D4nvM8>RgE|g zA*jSUM#BhK_*>Z)-UrlEyWwdbjHs(RAJha0RqvvcaVl|e-s>1)HRkk%MGrlJbdZJ( zq3N7H7f@+(f3cq`;-*R^yDe+lA4s5YnN*uZy?sww zDsxRsXUL>MQszj{b?f zVmUNW$KlX%gDp{<8{p!YXz224j(I%{mH?%Hnx7$xb^Qd6Z}z>1N|MBv2v&Xio%3n; zGzT&E_yWz!$*iZt$z3Uw#ptW~pU+GsqXr0lcU$b=;R!^A%WxlnxOW^KzC9MqAwA-vQsrJ_xJ3hjrw}? zATNF-aicm z-*qN`^k6t={0Ax+m2L?ljYosLtVP_8o|k*#T5o|#GZV&ZEo!oc&)%>b;47ygox=2K zO5a0jL^j3BbMlsC3t?26RfL7h^3zA=8ttTyXVJpBi~3v)0S&;C8(hxtIa9i4jJ3Y+);ejF)k_1|&1f-mq{+-%WG0 zY~S=9su-%UfG6j-2&IL;z@G9cOU23ZM|R_{4OQA+QxEn++W%c5S<|;Vpl?S&1 zZNM|OudB3Tj9Zbx`B?_TcHev^6$GK%Gza7dBj}8&jseCFLoX^dYL6dSw%Jz9ye0VI z983`-P^TJJtw1!Uv&wu@%*xWCe68>u^%)+#YzJQ?%u3!S$n7d+^YTUv&awKFTbapW zpXX$uq<(uHUqnFcgw8oGmRA4CmPB|osVUcm;kGBO83E16CB~JWo*%8H&7_5@OxtyJ z#{5>M(YC5jpn-Xooy87r)~jS$K2FrZvt9kLUL~&NG%{FO*1JoXfY=&?-A~#XIfwrW zPYKXSIrAd<)6aR;8M-Ya5%+wQ$g)GQ)obCE_tROpjo|C}(t+L)tX4G8khZ-M`8U!^ z8)kll-1M7)d9as1ic_eG;rp3Ai*8C|X5yHHj{<+MA3T9u1>^^IES{zpSN+l}pduin zAk-7V7YysmuA`m2t2AzP>q?3|bm9d~g>Yq>V|l7=YmmxVtO)iJxY%beA=i_FeJi}JxSi1N8z*TG2%7vXj-6Tup*UETXIiev+hS`mTG4`Y1 zz1xb0sS%#{;|vKKDvU7{6A{a;hYUuEFrg){`N{0C?3w9ia2SJTvzStq-O>V`Bykr6 ztkhRa^{b(B@m3oweWA8KKSQz*x$ia;M<-ijJwJ;1Y{1W7+iU*U(P$yTv{7d5;H{{( zGzL6Z!eJX5T3A}pjNH7kR{-i`>?r0<^Usw% zk`)*AJaUl{suQz{4c{~T{G99O6U3A(2RWDP=cNMYlE(yZWij`v1`AHpJPGVShW`V$ za1)?fACs-wB-WL}ISBA>bJbfd>n*DjYlbI{5UTKe)D?Z-Xn-h z>l?zj-h^HaY>LvYe_%SbA|%qc9?L7tr_TOj~DGwqniE=F#78;0Hji@G&*?Fp`UNcccUx|?KaW$^sy@g!`!ksTcYF~4 z1%3&tqeCwNEQE;HHp0BQ+VO2i!)C$DOR`ADO0Dux-2*T~Xc#P+iKTWvV07w9)#p6u zn~h(rmjFOQ6c&{f7Pu6ZcjBK8_+AqtOW_5VUq*j7Ra4bOSieWHuqpoIpmQ-EZRbU5ky4$*Lk>F@T96@lVbR%})(0pBk596+@5!)AXxu z3f5}>i+wOJtkS0QLR;JAkFG`}31D7VI5Rt}X_aWkZS&wx;2LxXlNgQf+*P@_JQxTi zF><4^N4-!M-s|wWLZWFLHEMaS|9CjwXPLQxD zCJdgT$wkfWSoVz-+UR|LXib6(+iJc#)(594W&rOmt}jlf+; zKOw;Md-Z1wocit^&wB2Z0SM3aYsTTlPP0%%!`-VJa(u7bcS!L7YU|zn5`Y5gwV-M? zT)hD3LE+1VZrUCI7?7-zW8YegHXc7ZP4~UVytzJUZU-N?5%AfNxa`69lkptd=OcxwpBG|RN`KM zQIU@;dP>dGe7SE5z}@1<;Vf=XW}U|j5deX}0yDD}hf5MVgWs;!lWU?_SZXG^mL9o> zelc#;f4|1Q?stN}Jm?*5->vlJm`_H6QD@28<@Sf^$2DE3H_Q+bZXURIR+R+*R{*{m z92k_}CUK|bXRqJ1!HVTk{?)CR!}8q=Bm`PxWhw`t?XJlCi`W9tHE0Z!ljXR~ zF>@#t<>VeVk5z@{dLW8kqkZ*6o~U5lFm~4+7Ewy~rI^7P7Hbam7q5EC}o$QS_kcea|$Up@2)N?Dr-{?)V_z0=f41bQlafP zd^oI1b^0R#prN5sI07AvZNLImj*EDkEf;!jStjUOV1k(|^6xYpOb4;m&??DOd2Vu& zu<7(AgNMC#eN{mY>0ZlAVY916glt!IJ+~Xx)IRcVK3``}A1wLu{ZWBC4K7`;{HJ7_ zM|?@WT7ots`Mcnm^$9WYT$6BC=xw<1Gj_7?AS+L4ux5!Su|&j}Jgl8VyH&blgrm zJ#x-zft4)nXUIu)QMGNaeM;Y+j6U^lI%tW#-VK*`C^c$CW9~1{Xf=C<8Ukg7MCEsL1_dbXT$%i`0tF-ynbGO$gdsi3Sm!k~c8Fs92+Pcs14V5=1-eO)co)iFnfqc2ad*#C?l`4%Ni=+^H5x*v#)KpY#VqQ!+5UiMDtg5nUe z7{9wNk7Niq`p8v7mcT7#-G94W|BjTiZKHOpdTNM$r|IJ5oXdU>0Qx~IWsIIUATtT>Xv zq9k#AiFZcU`wzm5Thb9U(Q#Q#kYdLOj7{ZhbkZe5-jR}$j>0cPSAfnYbx>+tH(Cb~ zaGA^7;i+u;$HOu0%-UXg*lm*!CwtWMr(;H4S7AnmB`u#F1AodV5>$PcLXf*0B@BK#3Og>JUA18dM9j*ui zN5q5O@2txQv2c!^xv4^j?Xfk>NtMo3pw2&CRDYkM9@luG1K)=_klIxnquf=Q_zgPeyUB+w%YfDb+l-TNQd-ht|mO!Aetk{C)?_u<2&LHE_6;6&mcYcwKdG`Hhf+9l`3# z(lksO2E*e!Gored^V_hGAX;+{O1id*MqMmm&A8fW`}MP)E?Rh~dyzlnL!m9~!NsXL z8>Mx8r1A7kHFf;U#k-3YtSB%!D(^Q)RD}D!x%mB*Z%Cft)WbPQaQ59pvFA0W~ zV3z6LE^QS}Rc2@}&GO1;OVw2b7)*t&3g8)u@X;W#X1G`jZ4Il1W~>2d_4Jf?Q*I3G zPOso!w3DWl@3Qc0*-LtU=_Gb(WM};N=2=BGXMg*5Vg|xx624it>~z9evV#huqb5pd z*_YgB5Y*v3`n=31pt)Gr(aRdnPkY1mbX-c@Ox)5>*3m>Vg`xqU1>S1}Fkd75K>QV6 zdu20Gw5GeLArjI4F>NR^S4vI2^aC|}xS4)eO5}+z7ZK*ksU2wWoGH>u<@Olq%n*6u zfEa7TA@AcESL5`}?l9CN4nK7~DCs8t8x^6g%8p)y7oIY1zdK>D$U)4$1WD!?ci5~J zY&B0rA$p!hnhFm>8fi`5#<%sG=6-OnR~uz2{s)0;(2P^;ZJnYD@!~Ch`khNecUjpp zNMzDJnMo|&`t9Q?9&beI%meBBFo=`GzUro|+FFNP&AwyoK(&;p4FuoC^ zTs>SFQe;1}7e3Ve;HPcdMj3Y(;uf_sz|H$`z%9USj+Q!Qx$jJ!{URNtpH1X(*ux6v zyg|z62c0Cw^dkeDM8gYpE#G*uaX}MC&a7xF>`V;C-gKH(LxLLRc}r9(&Cd&0*<+K0$GuC!H|QmM z#lnQz`u04=ZaK`LJ6erR(%@1F;D4R>OVw-y~&iA(dIQ&{w1!a|G7C+f5KS*h>UkMs+c!gBH6gSZt+-^$P}sJ1Z1*`k54 zx_NnvMU(h9G!E=W3s^e5)ag=ihk3xH!s1mmi`FxCbH0OE$>0^#15)AxD@N}Zmv4V( zMX>F!pka58$b0H^$XZ1(Xpd)82s`NT_w{GGS+piE>YhH2iCyt!+5EvvjE(5!O6k;a zqj^*GR$K&`uy>3;4|uox+#)b6DdyfQX@ucIjyuTwl&dK3wAC>`BPQy=cywC;LaKED z-_1fdH_3w+ycH9F&6s`1LwMfoq1Jc=nKUKdUaGM4;4c~fC{2mmQkC!Pm|vzwV+x@u z5}}xp?>EYtMxVQ#?tZ7jZDUgETI{_u*vv)PQ`=+w^ZDz@q}9_EuQsERZ~J90oJlev z{s}Hw42y8dT#+_PGINp*yr(6o=&Vzb-siyZ@ z=E+y+Jk1lO?4RCwnqirew4Uc}PUCMcJg*C}E~wNVmwK}Dz)ILERKXNY$*%9gw0o

        Y9MDbCAOX?v7MWb33?!2yJcE43t2h!#BAGmR4_WWE;M>M9FY#frT$o1r$_l) zj^@LT0Piyxx3)W7HH|6LK3hBT!`K9 z#SsGmoD6I(Us^(cy+hMZo9b0w@F~9$c9?GqU>%qONoGqlf@exuS0E%W@S@t4bZ70vsrj zxCzl@AbTpNlyX#NW8F2?X+%d;+XG|XZDmi#-0s(R7ml9r5xWJ>r6^MdSjXP-f4fV= zJxmhqVm(=7BKd`?$DsxC#MdDX)i<|~Xqy77DZBVga!Afgq=F&s7I98whVLaW6R-T< z2``NT#lc#-@`q=>^>&67-VQ}gM(969oqUZcitA^iR%Sa?HDd&9557+>P5Q1>O`Ip_ z_f-U0lA6aUFL*~T>UK7IfR5A!Tz+Kfn5c_`P#o?0B2qmy^jq`N!$@;}bNW_OyS-8G zFUlE?V(x_eGnQ%P@!s}`pD8V;#Ob;A)^V7YX_Q!VzRQq_Hm6SFwPb0kWr6SfKS;mx zlc(351|6_)Waf{)imtXuSDazpy}KwnFp+@O{YvFBr@}j!a0>G!ak}~GZ$fBz1|Q_^ zkMoLQ7q>;Zm)PC@2i--Gm;d4+|>#|#Y7THm-Wce&rQgA=y&5vN``o<~!`26hd6 z4|ST2WHNpM#+NN3d?LIFgSzY<%gr7aNLG7VbDP+{jm}nW5(`O5SDj(P*W1re9Pu-vysjFm6Dy1==9@ z`{ly6`tDU;{lK~8vNxfAf|;8;&mx?|JL_g19nfMZP zHYY5jjrMVX3Q_d}Ji%d;eRChBs%M;QSaEXQ zC82jWIsAgjn|bl@4qV#$d2HV;0b_}cUBGoYheSxkN}gIk-qk)!6k)^pVkafkjrD+x z2rH1{7VIf6zD*dLRz61oAGzz8TWn=22JC6om%umM;zs#w)fMbTR)?XZT3X4v)?8dN zVi>rpT9Wr$-19pmeZP&$A^clVKJGMF?61yo;^$Ik#U>PXV90-t)|7H;bM?R5%34C* zwNp__?AN8OiXcJv7+>CyI#a`<3DcP44(J1)`?$(&EprH?kcj zMqjw$zar_QY-2phQrLiy3Jp@i2dp-PY@-Wl{NATg)D-2JGT1=%=(z$9_xRalpYoVP zwMeWY;Je+NxvZaFY?@v&5^$`%H5VIr+4aqh(kP56((isZb5sNw+g$nG8?37MuWO24 z3D1k{tjphD@!u{c`RVNb`@XCo8MpUYmq(PTk#w^T%F@|Ds{fgi?aG3VLW#Icvs<3! z%EL_(67-6ztWxP)7Ak&a7(1J0!sdb(`Yox40&QpW{lawm;r0&4q>Uv0dUU(Zza#Z* z-IJywbWxangND1M@zf=*zYVw3^Aq>7;w$K2GRvmmM@N+25nnPlmyB|}-*=BQQQB`Y z9)sW(H5xuysFi4Ui$bksRCms>-NY^TIlP50xDambR1EtE7y2Uwm5mdqBymb@v`#7z zjN2Np?V$bWvvjE5J__4&~XR?bBAF7*qsh}mVO zC-xFwUJ>77%AuX7q!EGQsuPR3wK(CHbNC4md9O4fYT8_hV7#9R=&1LFzL;<}HRk&6 zwpS)ySG@IeXCA}c;ysZxhzVv5_9QyCdNy@1m5o#BHm&;k+-YtY140ZllY)ISrf8$7eWlPq_3;@XGUt+$X}?OgRSPe)N4(+_zRH zAb`vkX>S#CYK}UTWoVhQI54$&!0(g9d|CEht0X|44lV8M6H8J z!L<%s4>#AdAzLZ@GOBk9lxWh7738gS7|HWX5)5`joBq;Y9-=~@wE6HpWci-SciXBb z4}JbHA-#X2t8N0q+q**DRkEk?iayEc>rVlF>! zH*%Y$VVYC&M9h=sXi3ckW$UU87HW^XhLW|*BA5%x61@q-qnSdrb>QE zmb^tIoTS&zQ3dL0nBRfI%Aa9*3xYS@9wfJ-FdzRd@LLYQO8XS$!nJ~N*uwn?Oyya& zoU3V}a!0Yrjso50t<03$s{RK6ve;^MFf(kJlnl|9@*_U)c6dld7eIpdoZ6FR zr!LWKMEP9du(B5Sr75qO|TyEwjpRwI8W1*Lh;pbd|_7l}y z%lmfG0}7=h*Ga#l$5NCxI$VWM+?U5`lXh$bWJG@Bb`$RQL9}p52$FR>9CEab{K=h_REHCC1S5#_jN$sqx zrtFy_?zqx0u+$GaL9xrZ;N-*bO~AjO%#=!0g1%A_EPeCf2A|@CxEogQy|C3PP%mR; z$A+R1D(b&e>{S}1dydb*d@a)&+D%KhXl@GWlY%iNtYP~GgihPH14Ea9 zzUw<3c{5K)E8kAu#}J7!50HtXpk%6ymfYrm%}Sj>d z6krTw4K&{*-$Kv?&v#P)$Vk<wSlZ*~J1gZjsjtiw576JL$n7Z5B`k6E?UtWQvDL>{EWlkt1gJqj7mpr-Wv17*@iyCcMxtw%vZ!D9&eAC49-bVv4_{C?D;feRMgD6vUiUXnDrei8C&7=4(=g`q zx3vFTHMGltOmQ*0Yd?fj~(6+Z4x)U zRqTUpNp!-eld>tC<&nV~;yG$YXHl#02@l8n95mJPHv+`4YSJ}MoGf41B7U#^-cRL& zHTLBUFNcV1pF0*Gb(=@O#coW-VoTeVf^41`Wb;MAMI&9jW{FW{mPLW~!q4gf!DmDe z6~?dRu^?SGbk&-kkZ~{XcgbOaa}zCeUO#xpi8n(AKh&D!ZxfJ=LCtLr)M7_-}GS;rGlmJ^!_wTe^XQU842VU zsvw72rALDc;LnVCsR%P*)^V`+V$v&)B1mNQI#K>bxUVnx+Wlgijx|B`_O=*j*$MSqM! zHg!QGSFIvh{u=>o35LP#m<@&8 z1I#ByV`pRHtjM;ie?PTaMO#|%fOGSQe!o1YaOB^!5|&*?ARC%k34vvHGt>kbzdvIE z`n>%_e`a_DqvQ97pMtzkW@=7vRet)@zZEycTYXm4_?G6?D{f>-U|U80w;TK60}4$i zD`rKg`am)K{VM3PVb*U|r(7KT_A&lGkox1bRWLrCteej1vtPwuCuLEJ(|$ACPDxDu zZ82xCK}P_`A*Ht}#P!gBxq1eEnFJ?HGqii=TMg=BCpvX8c&Gxi`bgs4gEsH=>WwK`zRU zPS-h>9+Bp`y_Yj!*Zw8P_vSinSFoPlIhMl%w8WJAJ2~UoI&F@SvJPZ_LG!D-U^;To zG=fkTdCV_BvrIeYKyz5$#%R0<2Dgboe)fhJ6+#g78QHY-KA!kA+&5h$Q_puaq8h)^@rDgx@FbkfIbS|yxgA+SPw&q$wv}dcR@dMRJ|sAJ0hqt>#4OI(w6gm z&~gmLvnzWa|Ip|)s9<;mO+%8dKV59oK;j%ljU`$T7dlWj_5A034}LB`wG=fiB@4>y zB-ZbxDGXomE1?+L{YxtNM=5{3Qxq#%$1udlM=$HP-go-F=YS4Y{{}aglqX&B=NqxQ@)8M%| zUVcx&QW*0gAsdiRoR)Wvg;IJj?T+c40TykW^{0=&CSTsWY630MG}W>!#?hX?RE@#} zzh3^LiUIe*@+$J~RX1u&GjUpsZ;7psq4Oe?n|@zTh2kiC`RRBxsvQazTP^<)8VuT&#^b=~ z4d2`Czql_pU-Su@`U3K~@Xz44k$j)lh&PAB`kU*UXPrf)WqtAG5?3}7{E z#qcbW7}mQSiL>oF9Xo@To}$kH-Mh<6vDUkg-2fDI7}cn)LPuPipC zsp%0O4B`KEYqpS(O#PS&D^f+{pUj9?ux$Vw#0FDMX-9F&SgdlZ!_l`YIwkeJQyTRh397#A*3~sz{0dGA? z0W6u6tqUOD2_k=4o5|8P8>`56pLgPUoW;t>?LSXK#s9`Y&DC!}d;Z6;Xa^r6{lx=D zM!jXwOG>D*$+EG?wyq}9K^JS(*}cV5-S4I(XZ&-03p6fKCDi|qcdkbV=F1~_ZuB?R zp#_7eHhBiWS}dyB>mnzam6-dx!EePw0LAOhoyL1$l^~5WK(jhIKU^EGdzU{{A!jUN zeN=deR-pUm;sk?>qlu7t8u#boJjHxcuYLM`v52wQ$W-)P_V0rP0F|sS$?8u`eJjpL zpyNEMc?+LYQFkz0nI944UbH!st2lq5gH*4aR!`U-3q>Kuy%=ixy)G(W=#Q-bmL;@T zq?pwHJK7#}$yb4g65~kc@6QU*j2UunD>bGU&-(#yLG;0^4t!If%fWdOSOMW_aQ@yWH`>2;`lIkB|my;Gr1}1Ns!OZ7u5g? zNHqew^(WT>OQiwAWWzrOO{?Y%b}qWXC6@^VdBs|wu!|^MM`{c&tF!<^NoXK9NRuaK^M)(I(s1IVb)w+ll7-mKB~9L*+=-x)=Mf86Ue(!Ji;ey04B zK&C+7Kfj!EXuey~$E%+b#eCF{R23q9b2~6Vax3-R?=S1Oh>w9#u;J4bU>LLm!d=oy z{cAf7qsG^2njeu<9pr~R@0#Er(-T3OgFi9md|(LmaJ}nJ8IZ;XA?2l=SIm3A$!tF( zCL0w}nbXV{!WeOY`|i8YX3DY@uKrMJb%f`VJIc(UIr=9_e+uu7s*`dn&=rUQj zYC5t#12#hQXPN>xt?c{HLG-{MP8!+9rQf` zwZn9oX}j>)gH~-OY}QJ(aUgza1A0Szq{MEj@W_~<%9BuuLqg&Xy%M`C;u1+&QZtfQ zvv&Ev?*eFi9jA5m$Chr8!Rv-c3m2FG*@qU8-8=xw;`?miZ#airpXs0ydJ6 zcmCb;`U#U*_XDR|Rg0(bHjIDW;8z;pR$j8@3jWFYZsg{-YUW&6X953*d=|*s=J-MS z|5cY7RVP8m43h-U=G|DbZOK}Uz>lqZ*H(0rAY@)zS{ACN*&m=4?Z+LwfB9nI3ZyTg zASwtue#BS8Up}}hp9At#I#YIR)xW8v1hQ@P9=rG@F!T{Ve~=Z@3GaWSLxAcU>N@Lg zDPAO}3v{FHNU1e1@Bqnt*r`AoZGiWvW``2ZurBzkq^r4pr3W+wwDmEO>_Ru7UdGbA zPi*9dDElc(e(%!A_^&%0VF&)}$kTq53z+|HYH^PsWUbT^k0iHvM)oWsWlJvOrlEsH z+NI*NwH^=S4`+(Fxh_#%K@&Wy(xcoSZkaW)G5ksObiJr_VHs8$h=GeUP52-4eJ2NQ z!=j-R(w}AEK!pK!h|(@N>^jldXH6s-ti>>*2IQilAQqS6cuX{4gW+v`j`v^c0-Hn% z!zaB6_V-LZ6f!=}`Q9{6>{&^Y7&uChT<%S1{LNdf9-#fkW&Xv_GOCU|F(zhzaBF#x zD&9$Tqc<>t>9-P5$@suq^>x)!n@)|%34*G6|7rUrCRKsQJ}WvLrSv|ZP@IG zednR=!7-NDDymnhDgUkzZ6R^OQe(eU7vD0rHa^tmZm?YSZW;}+roi&O`l6E~n zVO>iceS&PHU+hzOtY)GXv*)F;+`-E{dM|~8`GciG37G<43LXEaGRPN0x{RIVLOF0D zd6fKuR>0}irA!w$ov$N6ILBOi)~BwWb_XnDr)7YVvHwTToC9)~k2&tv5UjdU5u z{Ip8P8$616?%7jX(|H`OA|~r=Z@{r^g-z;;Q|mD|`I~n~-31DA6&?5A@rH^@Dze)= zfc1#<$>%g6J2LTf zvj%mKP^%-TJ;RPQip~EnRWJ!GRiz0<5Ez=cIo^}l4#r+&Ekyn8yXeIxp%HL4e(uY_ zn^GBpC?Vb<4N1ggOfBQg_>hr^tYxTq36;5@V%ikh-Ge^c>M7DL(NY0~a#LUsC!HY| z+x6^sNI9tgu-<_z9|!6Oq}ORF9y3ho17fP$ZM31yc+|o|BBX(V+==;t&naS?FnEqo z00D)UgOGuw&kv!C!+sDP3i_0efQ;0j$%Eq4L}iE!i6M6?NNdxIc94$63$}$pW^;Lk zBe+VfiaB)1< zT{IO~=F2YKgO9~ua6ow)&%^BC1oB0+XgA$=dW{WttKV7ehTu?;fiDLsaJ)Ji!=TOd z0l^vp(&{(OO@M6-d;bdou%(9@!PUq@0iZi*z^#8oG5iEpn9q);6PM+ZC00A ztOB>{z9j7%^L=?7vHx7oen#r_#{TBpHsA|B#NQFP0p>qi07cy%a1G2mouHUoNfv>% z0ypRI?)Wor%DWpnv=b2ijH@W#>NO&3YMUt?rS??}3H?(~U@S9?@pGsJ(x-I0cs|}s zVX0tg;RVkw{)Va#{s1v};aB(wWCH7nC}a_U3&`;P@gElt?m6z9&qXmtMJ=$4_KE>f z@+kfVD5l3pN9>FlI%RPl+mpfdSK!2GaH;TL$PfAS3#>rUY8ya)YYJ$&&dp7v?$v4M zpPT+T+G3zj(Pq|G*aF+Ps(}V5v?Z!mn2B@EzP`9+l5Gco;mRWnu5KC;g|P?(C%&If zt*^<`@avmb>gwAm9xTXY7Ww@FZGh#!T}O9uxJK9nidXJW^m?L|C4i);E#hMQ$58wW z>4AGIY+$kZ0CtcE&*YgP;LxAQA=$=AC}*=z(n$jC4XjjpTmxXbKV5OfdO$vq?LlV2 zs%sj2Z(XG*5qB2|6UdPCjT1%sj2|Exthdbpmqc``{~}(~V08vycTxaA+1Jec|A_hu zps3#OZ@@)Ly1SR|5Tv^n3F(p+C8R{ULmJ7Y8%07&O6d-1P)g~NZjgAN_4|A0Kf~zg zIKtg~?{m)i)Nw>S{&XnJ44|u#r_+rE-}4sl60}C0)NdD-RYvg7Sz+dn!FYxk7d@F| zCChYJf?k1=|F*)cRV;{3LB3%908u7D@=GyK)?wxfZmyoc2817UJx%}j|5GC_3I}Cs z8GNrZxg~_t1&zit?}H*;BZP1QB!SGkMJ~q^`JFLs>0SsaeSK^6ui!XqYXr_GL3kNdP+BMd>fU><4F5Kk|9Tlep<1E3PN9Urg#A25>9dFQKoVdx|sm=#{` zd|8ho;ClmJi+c#pys%~_+2=&%>w+JQ6*R+X>Hb^buG>2=2k9DV5^zoiq@tQDvu zKU%EL;E54-tIxRp=b4k8lugXr=M`|5V}$!Z0_gSU?mUJc6q#q8h#N-o( zkH94r)Qp(Xn_KF3;NXW~It0&kbD)xef1T#GxsdJ8yKx7`<77sl9p- z4Kc2qMir?xzeD}3tyAv>$RlYg-9kpA!b@a|RG+dZN7o5CFk`ek1LY+x(FDMQjE6@) z-+&L}rXlL#-N(W>%p&m)+@w03>&0Y913PH=?C`*;O0gzemdP;o4)P0p=FXrw^=eN6 zzN07NU;?(7F?@jyda?%l%R}-`{ntR|%!5G#EmM2N=o}Sw+9DSV zZvWz!o&w95bmg}=BA6^_YH$Bh9f0}xUdFJp1UwSE2P~NmHPSSE(8}t(J*&>Bs}1na z_9zs0wAg5ohix$qq=0oN^?(WWm13Fx0lvu5XCH9xniRJ5QrLSMB?5nrP_pcNMAgFA zx33>JL7&r7oB($j8=@YzDtEo!%W@mRK;$C@0Sm`}=fVGy!=_M!z>%{MCORxQUYW0A zRr3ymc`gXiV|ZR@qx!T9x`RX(EP%TOAPgp1%K)G~kYV;zD2#}-bCTJTM=wGcd6q%v zFtn(Us|E}F1G!Ko*>CZVZ&x{_53Rr!{z->Os^U&o=k0)0Mv8$}TrJ9{x`zY{Br#+t z^{uCjX1T>noI3}!A@W*G-PyJyb<+{A`;-WH-G%&-r+xA5tWhramlzvBm2NI^0)Q+o z0_2j$QKIoGvOnU@mlu;hZPO-Uc&m6K4I3=*2yz1oC=>9ERdx(X95nx_{F8}}cLGp` z4gZQ!W+*R$^8i!xK-fKjzG>ByI&ZCyJdMv{1CGFu(AXZ)sFlF-1wYqz@3WQjxR zVr(GahY$B2+XRGvCJy5f1{Gp5W65T2T>|Br$BBPDubH*Ge3ieYZ!s^V| zt+Nlx^QuL`{3B5Vy)*0z$3B@3@I3?fEvF`tLc}=_>pe_3a$f~F`cxJi5-woj7#z9A zwxDs<=nAZg68)fhg|W0rtnM)6SFbp>Lk}|r!7@Sm+ELb6!A?z+(R3yRr(0kcd9#d@ zYf={_e_{eCvc>p>-_~ryDz$!-KL6%)A@KIR+KVb}VHj(NfOMm5XJ9$;vTj9w@UZa! zhkg$Ymu7bk;_Fra(=wX3hv=D3D1pk)LXUWr4FEpvZ|;Et2nX(-PTGK*<*P1NN;x`G zh{T*Ec(6CYXK6zh=z&|S3aNHY1F19B`+jG5hrqcfMcT-lshISOT#KJCz1KbSH?5KX zFldL}p5pq;kHC)4vO!yeXy(~2Z1n#d`cn|V+q#WbA?O7ekP8m+zYuUyAnW6Zt|cIh zXkMY}1!gM^A){1DPoVxOoOT3uq+uT2TN&~<@?^#4D^~!Byz;rTsP_V||KArk82FgF z>~ctZG$`JpSV86|Di{x_rT1o|^{A5hV3J_utuu7Ec8V9q_5kL$~n zHp1TKobL|sQY~ zf(`(?2u3&j*UV>cef&ywRwY!8;gKc7Iq1S61wI7t3N&Q`;a~t>%-TbE1iny)#`S3= z_%9g?dh8k;XdpaKZ1l>Pe!#d$`blqoNE-b3onE3}eC)h2&?l8qzdyN!8ep~Mj&R!z zM?4~5v4Xsp85dun9a_PQmMwB^Z>TE%{pQ7m%;rD*TN{DvvnPI10>z67V&KKHEK+t1 znWp>sp!F@2aqm4B809GS+T?{ z2BU2R@al2I&`8XE#%}dTgh;iwrRm^<0ZNyyrt+UdaDG|wf5$KIUKSUf9Pui&Gp zE+)9IPiRcv!pS?vI95Z3w>$c5IY_0C2a6XOkzg(MXJDeS8Rd$Udc}$GKzzX8o~?ZW z2P4ty22LBnO)*h08T11rmcEY}OY!DzthY8H^kEJvbua0$%cp-0VhiH)e66o@iyuV6 z5O`04f`>0O-uQ@Cav`KF0g|bl3OC~8`&?8K3fYD`@ym3x;L>({%;yO8XuaA{>)Itm zJ_Mb@ndvx<`BTLsI=puN9x zYE~IU#bm?3Tud&=qwj`MKL0AV-&jbb>rD+TuW9x(Dv*G21ya=D?QdY_x)W2P96d-m z_}56}IiVYzmS=F1IEhwAC%}KJsnkd@_UrcyXsvaO!Y!~zrn~<=1;*Ui} zqqa_F1CH@emEmE5YSh5)xMq8BOl4`tKWtJQ`VY6euUxZwA%EGhP(^U+sdCpSmwr?6J2?lx{2NCEmWOa%J6p3d1X)m z9HtWaU6Pd=dk%a+-}26$c=Zqj7P64|jgCf0D;kf{(1m6g8g+&)2E&*T_0Dh13?7hn z@WNu9W9Di0M^^~EJ5BcM3w*s>$xkLjWq)BVd@~HwP|#nz9gkH|u0wjf)c{uE)$9U1^*kHLrB+F*uT;5!4Hx?oO&1OiPNlvwWFffu8; zz6e0C7(6Y)8lF#SM1yIm+=lsbp2s2KTwdW7L7ulTry3O0v2bf~d!HMK``rP>P=p2zp*#Z07rKLo@ zeu34RUgS?781wHi(UAzk#GGN4&@~ZFw*6dW0NM!mckO@_$uOv_=!SfAS6I*{WHNUA zq8qG1Y5P2dH47~u6LgVt>hfF!w!trF0D`@+7NhG;nYCy#3@wUOe@YlVvk8T#lJYpN zfYUz5V5G8+hstVPX7b>yQ|65SqWqbl$KVdMB?!;1ZQCje63A0d)>TgeoqcHLOb)*b!VWLgRB7<284H_1&4y zs072?0eJ)q5x!wRCo0wh%qLtiYiV?C*;MQKdbM)&=YHBiamys*$CdmVO8zaI=z1 z)YbYrGwyfF>NL#HR4uaP7%}i=oSpPiK2Sj@)j3Cn}qu~S&>jzEe^b9ZMOOKJp<7kH9x>n<_ombL=q z&4x(?n9uggM+#>ndtCo|EszcD3$&mZV3c3F zt4UoDmnm}+6<*XIIW~qyb2opqA44cxPC4z)5asN?;zb{sU}Va~={TIH?S`NJ-7}Dx zIpNY9I=$BZ02g-nOb^_Mk2EN;m9rd9+ZA#vMK~njFIZ5ZurL6Z&iEY-mk;RIg9pre zR3nUb2052rINqu2(2Ibt;v2>&z>k=Ax2_*@vth)dQ3Q<8WudQcc1c#(`?Ti{pO ze;0N^Z)%3-Sg%sFiDwL^57i8+>-&*U_tUC@-+Ua;XcfvL4pM#3<^pub<0QbWQ^__D z#y*tQe&C1ROhtj7;&UyWoZATbto`x@Otv`MbB`FAdE0G*PW|V8DZ=lp5A62TrD1>% z9p*Q!)!=SBPenvB7!0PGC-s|0t5;tA1ru{{ar{yBd%j-nuMk4nc^}OGh^JzDO$pbx z^F|Ec&E`E{zQ*4|N3MHuxsd)+H~2m?R`TwJ%DW_>84{>gd8+j3^^fZEouuBN`UFM# z=W(@U&D6BAf+(}W0rah*!WO4b-gVD@(8%o$o!)iw{!Irt6jGR^JlLBtE1v#y8Qbyt z7{E6i2Kb`9O*lpJd3h~e8aVg!4(t%)VHJdZynDEZkP`=pos=55&3&ck6}uN5_>d>v zd=sC41^}1@U`qCVegak1sbm2*podx-%5*lhCBXUR$T+r@A+bJdKYv@$qL7!5{*&Fy z6#!{0i1F-+mkcZaZz2u(VWu*IFeHqo4jTAJKKwf3b0}e(gAeaLLmG|OZU5ht&%CpB ztl3VfDF;4|_K#3F4XQlHGZOkPN~TY;-p9(6oOll~;Iu8;kqjIV1yRxS8V|o6{Y;4> z7ADAn#q+J|wH&%HU zL2$l%Q9^HEJ9nsYLw=i~?uH!c-AV3!D0neN;XLM5%J6M}$n$)>REdXr0~LV@+owUz z-(T~*{^%Yoi|0>U%bC*4%sUAa@M6a?rm`ar=JJOO(f`=-pUby`0CmJ4aCyCvrO>uF zpcpMTIC=?$tam@!xZlkDzA0SZyz@y?(qd=elFzam{eFaD_hIzZpHgZVS@d-BX^ONa z2p{>DSvVnVERT*z;mG`W{L3|_neCN|#;3u5;4iq^!I@&Q%wZ9=K5d~$BnWRbm87qy z<(*n(Qx#vA{y3i;LkC}pRx!Kqk;@53sMAiXA zc9h~H_?E<_cA$C|myc`+WU{0hB!A!4_vS%SM<*&=Ow#*|QB&hjCgJT~13)h(1G2pL z#$Z~Mpi@0B(wbK?Pc~4Fa%xSEygG&&pu%~o?f+iVIMV;Xb9`QmNrJZ_2LFj-NDyME z4pNe7vcj8S#o7}(pW2?pqw7!xDgM~4ex;YB&}pV_CM?v9i2)BE{vHjeP(IQeykmzH z@oLQ#jHC*alYux7X87emr&{yj z`_I^OGs)61H7`4oO*F*-ZAk#D<04b#2b27Du%@18Et0k*_mW&1R}5;5V+@yVMFJkO z;PnIB3yw`6Xf~qH#43#Wa+AKnNB_ZGvTfD1Ug1r&bRhyMEz~yxDi|{np|9-dRda|W zTyO0oFb7E(%RKawQ5C5ePUrp$35%s2UwbF)3bkF6BFn3BBgn=suVD z+RE)zEU?QBsy97UPsN<}0HO}64T{CE7i-MQhQyTtRFB76v{+j-7xn2UNrKJX1wj9w4(IZa3p>E=&uVNJ9IQC$E^OFE~HD7M)0?hL2Rq<9OhDJWnjneD}-nde8r4G_%Id@`oOi+7D zhx(qS+jhIn0;ozUr!4-PZ;AS&dTmBoQnbo4Mp@8hIIN$ z{e+BjC3~};VUt$08J*oKIA^nw;b(XhdR-b)8&+_TIEdqUNxblNZ94kG{5tHHPF7%X zz>%Ag&UbVFmX5m1mz0WzPGZ5r=}nH!v5z4(e9uPBqfKdc+5BHZ*K@FV9&i3?bXgV8 zBSbbEG%U$@^~u~eTM{Qp?hs+;UMSwM-#x&92-=O&(f-*=``7T*rAsq2?YL&iW&Bfj zoXI0`QEy`$>dX1O2no5z--X;al*b#hUB{L(2jRk4?W>>Ym8s{c%@fY|aB$3}>dXrH zLo6*a6>ebYrEzW49M^ysD*HTQE`GZX zaiziO40yl8@|){SA@X!86sENwkhrdi5gad_p@^+r>QlPxj|}qfrL(%XT(qCXIav|t z!lu+FcbQ2t77EA5pQ6-v+hxL>5ZT8NLiJ#a?g1RzthK3C0YW~Ap)ZoId>$3#aIp(F z`7ic!2?DD!_ZXx${hQTyi365TMGICLmZ+WEkug?L@qO4XS=^{G781EqWqTV49pS-- zELJ!&CWlzIF@`QZ#1f-+FCcGa`@17}HXaq>o?;Ptx?UlGPa*`j?~?V&i3bRK_7gwK zWGe@%OaYKL8xdtR04SLQLNe$>7y-IbV&+VqiF&NX7_P+WSb;{6CISm)W>U-ne(#pO z%WeE1+yIiBQ@DFAdmBi6huTieTEA)CA_VeaJ4WO>pPM+MpxW3a%-xaK)Lbp=>2AnT zJ(M@ogIa)9@%gdK7l+r5`X}6h;7!4!)vv?wu2!M~AJ-OqWhfiaen2Yf<`l=TW z2jZ~45Yj4b)6(GjeIWlhSIN3s_@YKf`NaLBhIRj5#I`OcjDXlsU}DU^7~L0;dNd-d zKnzhi#YVXyj&8j1ARP}(yN9kMftW!yZN_q|w;>`vd`&?;{hk|Fe=vOn}sCFl!j6 zZ89K56;mF%U{pe$G4Lj(r$iuvrC#P@^jk+8bPyzbn16C@o1&|SanoZdFks&57nCOk zd0T)WN0t#&0rVyefQ^@LeuJ(z`05Z$+XZaQMt%hW#x8+c9~0h z&`=G&WuKHfp+A%6+K{3^Z?@U^a7R^TQbaRl1Cpo?&3R&SAvs$AgdpfQuZ5XuK$EAd z9;kwklJb%~xMHPQQy~O@7hZ)|F)>`gK8Geii2{_YbJ6bu?V z!=bXq^)4I6tAxp*|DPzN$+(B{)~b_IeZS!OTJ|ei`U8H|5_Pu6zPD)gl~g!*4kY2} zZ>7fs_R^JhnPqub^@&RG(Z4&0;m!U?EJ4F!Shu2h@2zG!?A=~?-`i{mw3Qjl-!EgF4$G_`Fkbr!_;h?om`7ep|xA5_kQly>Wg-xG>a_4lfwHVgND4So@qmc!Pfv zc-!yxrQ;zb6L?=WJxCEr^dBFf!0lHAlqAI&b}~q$`1X?S&$*~!b6o&-?{2`aip=u7 zJYCML2VAKzrO!l&>S_29`lLF88wqBw>>=r7P7{wH#xJW#sHMDU37%(oe>zh@Uy)=3 z-ep*Ibuu)s&JkD{B;yp5{NY{Xgj3~)zD_=;hLD|X>6=*oO}lP>|B#{PomO-mW@O43 zUt+3BI@eJPC_;#S{fggf-GKfvZF2jLV2ScN_ga7v5MhQCJEEu7iAYd${1T2thm+bw zE6kq|yGGlkEiSA{lx>y6k}jgMyb$WBsz40&^KmrLWzRv)QDW`y_>P378l>aI1-YoIqVtHG=lIoAFJ#CH|g!b=DM~_$|gjtUV}L7;kUA4Wt0NX9kRS z1VDd=0VEZniG;u`s^iQlGnDJ%Vk*|+y5;o{RlNg!>QgAk_kRhAUzt(Ly)$`J5Q4YL zy_)5IH^20IRZB^4nlClQt7>P|93#RqN9`DPxZ_NTQlp8ae=#MRj#&Y?RigAsU^3tK zgRMgPD*6HfnHp<^ylYgU!|xR`UOKYNigA>010kttb_EY{X{a7wm2sgo)yE(4G^`m> z;1z{>M;6Tel3iN?%MUufxI$jhn_{C5JroRp)(H>1Q95L;3$kMXZwq6>;u_Jg4pT*o6yP@045e@ zcxJDxrR7P_kv~Gz;Zke%PdFI(GV344Icxv9MZ67K5)Ny(oCRQvc)=myQ)wSx{Q;vw zI%3&}I!SE5m$Ekrj9ulim490+4;w!(ve5H3=$pFD5L5@1;S7dY6sp3vG_L*h>Yuup zl8!Qx397q$?1m5U9~$y9y7J4?tm>X0LX}vr$j$G*;5W6b z@%dLk(~q+}=QDZ2u@9pI+CR7FM~YjuApiJ1Z*9RE2nS;?eXUvy-x3Gs!8(1QEmnXy zL>%+(b&)u4(g@TFHQJn$J6*+cEgE@btW;3RC)8aamN$k4i692{9g<( zMmJHEi-$&b<0EXvJX92F^e<9!BcVIZ!wOTre3BRY+ln{RQM5&y6@@ zRM2f4*<#$_^)KQJO+hTnUd$Vd%19&y&GZFJHtL1CMPHzZ4`U9!LKB|V+sC!z;%igt zBF&XEczNg`O9+fVXY!!wi8cHFo>A!-8oYjMzM>*)fmO5g{>)C~%y0*Ckc%p6S6^T{ zKC*2M?wgQ8V1IJz1|5C17bo13p*_FD%2!5O&Z@W5K<{hs9XfYRDOku56S3*XY`G3} zSW8%r!_=G#GKBYEzoC7p!k_d>%xnXU%eEQ3)M%{S*6InC{Uwv72L;yr7NIPAhI(DH z-B0!=>2QrR6_)I^R^Ov0>upv7EV@-K1uNq-c9bs&K0DT|1sC=w(Cw|{hdqkD#0=92 z2>hFYpy1=AYVoI%^c_?E428_0R6J*|oIIwRn6uCwik{Fp%W}S5aEWM$Pgt(5N*sYK zfq^J8^CqRf_7=D-Ue}n?{u}U#AO?b#F%~8TOKD2&EGSazBqYOR`bT9PI%Jd=voB~r zC)Ej|Q8@>qJ+&C$0WB`4yFv8)Q5U0uF4f!dJ1(G1-&ceC&}}MWkv*u*TZ|5RhKFS6 zYsFV(+~D-9eqnX!Hoet==-I_&oGh&@YbtH=Q$nr%){p)OtAPbi+B-==;km<+%8D;- z5X+S$o0gU%BNDq${?uPj~nK#m73NLqUu&``XKT6PxsHsu# z^)}jZ)5iC466T84*=w0c|NgR>@}w%9F7J_yfn}ZMh{U4%Br}k%Sr~DRqFlQHa=2vP zGo)P=qK)at!m8&{e$F#^8UKP1*~UB`nkam1LMMr`Dlw-8+O+>;b~TG3crl*sj1D%p zbO@=XZKC0`{y2{y73@~G%TLxJUk}aWa9`+E8fV;e3oo(AQQ|hRx}@F@#IqzwbEb}t zHXybNxg@nsJpZThVkHeKM+(=BXb&C3|1NQrBZw8_Rb*;cO80YFEu!steZv06gIXeX zUHU2#tk(#k*D(;>dwqcqOezj7Zss1%L+6gc5~vi+(5sOEfJ%D1kBe@=yF$z)zyhi( z4~}`^8(fS6xw`dBhw5*iF|-t|q%&%=O^BnVF@W5kgB}LJ@K`Wdpj%V`Ps@6Vyg1R( zEFHu8;d0kx%C>g3#dO2lgJ1q}Km&gHNf3n`g@TY)Hogx{0DsMhJ(cb!3pM;e(=*UY zF*Ns4*#NA>c}D4Ln$Uqm=~KUdiu!drXMiL$wTJgWHp1-I&>4Cxb%~I$vPol!|1uuN z4nhjp>jIP-2rZI(gy$4+BINwAr`^j2$a07BtrpTIg+-{1s*)D%RBF+nnr;(wGw5np>p5;3ZDj@)0rm8SK{ zN$DAMr%PNgC*Jp2Q`q!#z1Z1^`Y&sw%AKa?v4qU9aP+Cp>cy{bH3%_>+*#6U{yoDF zks-MVG1@F>r^S)QtaOF@Ow}A2t~Y_uC7rXTpCM;Izt|5n11N}wdn4MV`f0iNAs-W$ zdNryeo&Rq>Q&cNqZe)YRB?e8^J?ng7uuN=5U39=j`L9L%0Q>tQT0l(6&(MVRzw~(l z_80t^)tBBR1)Qg}5d`HS9#bH(4UNam+3u`B$6EOGf_5s@zudy&u-AYgy#f!_IugaE=6iDmxXgT3Qn4x>SE9(C8|lLm7O8KmZp5Hz1|&556M zYy5gi6hXoDj({&ZceGpJeO93(6R6Pj&Vv|4*BmJ=@s-Ojfirv>afS<-#tPS=_Pu~n zjTxESo&!Ns>KkV#xyd?vYJw#hZ@?0=Af(XO=8XJQxMF&Og^d2CU*p<)UdcaduO=Ti|PVD04*op&0hE+qFI zKIyx-ocs>Nm^mWUWe;I;#!>s}6}1uvqK{Ka<=486LQZP)`b=!Yi1nQB<&V<}1{j$i zU@U^7Tg{V-2z<@OMfU^nxR2}Nn;$)&+0Rw4(I;%3?^sW{nzstL%NY_rAyk9_lf%}} z?-xcm<_17)@|G>u+7$!oqYzq^tjOLlb#afqPz&2P+^=M#%FVt;N)w{M75`- z9Ldx#1!I+zRjA{zcA=5*!#$myU^bQ(1O(4S*A(5N{~l5d9Sy`|ne@D_!7vskNK$$N9Qi)h8=le!Qt1t?w!c-eYe1T7) zg9ka5^n&t&kiHp1!gM4eVD8;;W}|mB6yJ>o6Zc4H#-MAyw@WB@0N+-&F1z3PpLt=- z4#L}K{fKGYYlbPizsn)M)JmDLYZItfr8?${1lU0<@Dvz@*zaw0Z5IVmx% z+u+oqYx-tXVt`oYo6z9ZaKR{1_yKTXY+R{eL?AxvKG)*oV7BQdt*=}m()Rl2bIuf9 z*oExO3qLsxwmDgSNRnG&v|SGGQ6D2?mBw;4eljF`XWaPS_|UHbDD!kB-Tb+=6l_cFCu+-+_zu6)1Nf@_4w53unJDcd(8jjhw!2|U5 zz(=tLtY4?;4Ziyr!|d;8;1FVi^Of^&0+XQ}ALW6x$(B4_r8tl?wbrwx9IRU0UrFMi z;dU|}xd5m2%wNU561Zv7Pn^3Cqf9Z8vX4-MjyVs2lr)=suQBe|KTq5jymrQwP{OB& z1pJ{scvulw%)x5n7pmpH2IC)pMChZX3ije9J4jb0EUT&*W`o^=%{~%_5-PU3n9GuP z2!UI)#F2C3s!|!51^ek0(3XC#wXaF6xdG_iC@0GRsb8-{lY~WmI*Qca64DF zcR8JVj7Mh=J))S3kN!cyEyn8Ch@He$(bU;3R~@?KXQHyru`i|tTmwYU!wXc^rAz|e zS=dMfUr%=2xKOtIlU&&|1+I_~mw4VV)voxbS2C(zqR&FDv^hcMlY(=)5=J5Q%C&QK zpL))j7rvN2W_}#|#fgZa-!NZaBgzHnBCS0lIHalrfS^5-Ma{xB%RqDmA43U2{Mat4 z`UM&u3YMNMFux~L>E8Mv4+7z(2hB?Rh4W3FIyDkH6woOuBUSTn{pqz>Go5YV~29EKAkA801Z=Ptur>Sn%cPlLA88C zza=#)@||^rjTCF@Z095BkGHV9PVXX=7c;ezk+_~TQ6L`Q-F6x=xe{U=j_g*@B$EqX z|I?vk6PR=2Sso?=@d$$`cwPJwMWL_gJ17SUMx(DoeIzbicM3fI%zS@tfTl*zWYR&Q zD13}(wf}XA%(JrRQ6Z;w&3lK5ui*qTR}kiey$Kq|s~N7IV+=wl6JSykXt8cQ`7Bf< zIy`YytDk?FZAMp~ElWK4ZZ1A@xP%sOufP^6*mo2z`zW`Zwm8p(+R+s|8#pn{c-V5> zOcVi*OUsjCyqo^xRIBe%#+2eUcsm51A04h-m(a4>c0c1ilD>Ck3s1-HLemabVot1E zs&1VE{Yx%y8RtJp65oyjnbSSlqhO!a#jnwxVc{*CTgXJR#=E`Vs9rzn*VsfU39Q9y zm64tv-43gv*h}ic#Qerpm>Wq5^U0q^%l9#ze1xl{63Q#b+O378T>14hv4f;&p=AFF?8wbTmA>aaoSMcKKU5)!F$;!zPT-f*w> zd<2?vOc|>wZpmx%uo(MCX~~TNn0d7^rPQ4(xJR!C2`R_X1XtOQuDzrDKUO z@ufFw8Vrx5YZ9F_0JGxRSXL;P!Tt_m?{ioUVQnAZvXHE)xGW7^B(_uFQS@^i8ZBqJ zmk}_%$wss4U)yS|Z@0xWR#$t)-yFcEB3)?chl zXmZM8CH`rI zju%k***%9dj>pKwJa*l=1w|>@oatwToN$Qdn9(KE5JrXp#A@6hxV0_S8VF&SZLh#n zTf8>X+9B;xw#sNR7F7So0R6*F>>Iotlfzw~%TE1oV>htHiYIACjez8eZSOFYPHU!% z6JT%FE)K zVn-A1!=9dlRnU*~4@I4_`GT+rv!+~`-(y>eaAtwFj28T!GdoD5r z01Hx5O~8s^Glney6A!qvK?@^MH(exRNBMU)@*laHp!@AEG}X4LE=%-W2HqxpvjJzu zu(*bn&bFJ}nY{p7F)mk5U~&s)j-?ZcOBLmdbu(k^fJOvc?lt#Jlq|O>$0-sosng(%-W>T zYnKg;RNyqUK8wL5PTElaeyH*sF4!}~hB?Z*a^Bw`Y0UCVP)jq%Q}|dshCAn*)wq>* z@;5AlC#BgD-DGFL@C6mts(DMWkl+9fS2-N+u~f07N;XpY1EsV19K3lCtSqN8ypP4A z0`z2^b5~0O#Z0q;%H*Z$M(^>>Jx+jm@e~bnGmNx0oE6qh(2ZtN?X~=n;vym?%|1xK z`~9>3p9NqjXTt5(xDuCC-+WYM<7Z+x;a4E6RY&q0*nEC{uR~3@H~U{8Qw_%9BYHQc z%DZGX>FU8$ARZr0X^}OhN>5VmL7 zKZUHhCka1t6v0rnwgw3ny`J)d{?JPcMhmP_!(R8J^rvvtu=#;F_Lte9IO!gK%k@1T zxU=deuFSu-EZ%|c2QA<|ao^IM>82@ul4InMh6V{*yqxcwbI&3)(Pe!aZLD01dI6`A z@V@-g{y+$mL`qfUuuAy_4WnX+WMa*e3dl-*XF2O{1shzOs^@L~IXGgr>oI$O{&)Lq z2&A`V$h)jU*NmB-M6Qz`?!L2miz(`z%xglNo)V1ZGYfrh zoGa;PBD0YW+og}3QjDdTb|@CHe|z09hyi-1C5#nlJ8pu`RSJJCEg)Bj59ClaWE9?h ze?-->)#&d`eaO)7-ADcQR2y}Cy4WO}$t+m%a48Cxxjcq*$fI^yrZ*(yVB)AmyghQg zF!mJk&?#ek*k=6+bPxCv5Kn2%KR>;-fwHA6x~$HW^U2y(kWeLFK1}2M+B3h3v-fJ5 zBx)k!FRO}0fu*7HU+fCPmgiMV3iKY-pVLkSc>PIRo+~fNp2IkOVR65J?a?KrrbS?k zr5k0P!t9%Jk>dIOF6SqkKgk|CdMMiGgHd1iM-cL<`*AI}z)X4RSHGAJ=3UaJpLCciGVelS>4$p#AFdjtquUYD<<3rDO3zrE)a~Y ztO-gr7AGU#^Zy=6I+P}KkiqicuAHt~-{axX?pZZn;#M@jmdiv!qsK~n8t||_Ia+h@ z>Bd*Go*Qv0E4`nDk_?_2V517oS0taOZ!tM#JN$W6Q(g1EKYWw1Piq(cS2jLUWdS7i zaGhjr8piUg_G($uGIOQljeJZjHX@h#9n`aj~+v{w7TusBN|1iqxYrtq2vAX@Uy6}fNJGIJ}|5AB0 z|3EYYJ^k~fi<9!!o^Xqsd-meV(V$|H4_T6YZ_K)YTZh5m*lda0dpm!JFIlsVk+GPa zvY8wPQUS8|YxVA(g$CB_lOx}Olor7j8t%eFwv=`>H4cS?)f4KnRbY}yK`^Ana}{$H zbci|{I=UovH-=c(RC5uUNyiqx{XpPpPcvKUt@J0)h~d=t+tCqE#eXd9y8NZ9H4sfd zsd{A>kOWmfeq?=`!fDf(c+4C7GTX(Fp7~8Ps3~XN%Hlx6F!{Yo@2FJk$A8@eI}9o8 z-Ooc`SxZt*Z-Z`2;TJh-p;CEyYbVMKqK}-SJmjlmk=2Rq3D5_7b(6KxurW|=wogEQ2^?cZ@jWBDBn?*TlDlGE_}tV50)YcxV+JTpr#k~1Mu0YB1E)nAi?BhaVb^xwPS3W)mYJ=0nJno3E)genFDr7CI)WF7-SbYl zZzwOFmbi7X=Mj{9t;#Y`@b72&>^9kJ1GPWAg>OOnjctulC$UYAp+NAMTX7Ee+0oGw zy+@$AOYl#XyorPaz9bQdSy4(Hfk2rfm^*UT%ZL;#S6fg2g;X+(HDj226-bM$`zjv? z=OOWVsibcClE_$Yc%Ey25H_}8N7drjRr)c62uoaDni%zwrRiT8sMbuR&s}P60($o= zI36xtrvumw^X57AD3v7<#s}7Q1AIm#dc|&8{_y26el>DTRXLScNr?9+w*gLvdeK-X z2q5DtT=G9=oPnlsxAk>?&H|D^TYMW%_Bw9ir%F5Fi@)qH!{QG8r{4Ya5rVHS zAngKQ`>PW^GVeuAd|Ixkn)G4XY(WV|49Vm~W*@8zGq%k2EMk^1>w6YuU7y zEX6siF~;*pcp_@b=f2{_XFVwr!$;P3YfK5Z2_2rLVbSJ8Tn(pwD?5Q+`r2g3JM?B? zwGc)nMV5fs<&S6H<{+`~tl5sJKBDtSrz6B-BMHI|37E`1b%3_ss)g22usT@}t@$j- zu_kHe`e1Qq!sPRKRsTB;HJaMKH05Fja-n z3A?)IESSqQ$kMcUbKp(87_(%BKU;j>N_h|&_ByYhKkWJxHJ$8g;c`RhhM#Ak{3!xy zRZjLD*=k{tQXxUqllzm-rI7IgA!Tr3bV(yQgq`sbnWWXe#Y8KEBFnq4+XIo$aIV#6 zEaWIND!TE|!2qWg`j3lGr#7#brM=bD`pYIJVQn#MmN#J8#EW zG41T{1C?$LUtMyf^-lYklqg0!t-Z?>*TeysQjT04MzD>SIzMThe?;wy(Ge%VIgI8) zxB*#q&1qRNu~D%|eeSc8vptp+Yg>0} zj^9`>N1v^wBo7?rN7y7fn2Qtf%?dnd7~=kFJ;>hec=q36hG0qjQCQtPJ+)cQX5{;o{eNtV`X7fA@s>o)xP=n|561JAAK59J~3=Yk;9C$ zAnpy63-)s*`wZwbuPs&Sd3&v7MI=vDOu7sn_Egb#V8TD!TFA|B{LQImAzZf(h_T{; zW@>5H_VHiMjUBJxNk=FfUl?WT;zsFy*c~q&NMiZHHvB!FESfMi!#)4$%y$-Azti`l zJ4M7w{5nUg_ItrY9ibS6iNMv~ze=(ii>}uwRkX-3^gXI>VxhbGSdm=NF5zC&Z83(; zU-iEB!30o2;E@sY}NkMbp(&LS)lmzH9 zTP4X=$<;JR@+IkI(2^F{80nB<=LQ9>j#yW5=WN*1A2etWa94?Y>kK&31D|T>kWS>x zyc7>|-!-$Z+mR_}Pmy>M9xuRlX7$9+pAOPq2~u1zBo~I~66g~z`4h`|yX2^2fyrkw z;1YgPNYI5?0BdmWDG*nf0Vx5p52XnZoHxvg#+}&RflVv@TMI`=k#H!U8O-ToVz@D+va~T|9{xkW8|FQvxGM;!H-Ftl&-A4 zMI3i`^IoBX={G~uJ%_A4-10)Rk&KZ)Tsp{_((-z;I%Hqw zh@3~2MM)v!QJT>mSpf-kF zKq(i&-~9VxmkT^Xo@sF3dbmp2>s{T-O(J1=mTKm`9ZKODb9Rhjg~jP)Jyt{=>K$kR zQ9+WEInze}W#9Ob8|>O7FOCoO3?)+^P}O`Eb=%M@Y_&@h9y`P8D6*A@l&sr{JJZ?Y z)G<02tS}-w_URT>G!i25~oOHkj}(5 zJmFZ?@o)e{g``)XyGXcZJJawsC-YWzVdnl)YtS zlU<06%82Yxws?-S?)(1T-OuxSdR>3$b#aaJ{Ep*$9G~O;NjH0?aB;djSm)AQQscecS%d8uL@R;};gitQM$`h6vwO9Id2DJeDbdQc!Bw#)2?rx4P(ohe>;!EO}3!Hls8Rf6QMI=kod z%C-p>RjbCtJq}(bBYxbu-jIeu>184`r6_Wv!_sTKxx|MGefsvI z9G<&4o9DYGItmF=^RX^H8?;9ZBR~45vA-@7!faht^X601l3_>2>{!RgclP;<>~WsjrN0Aoo7$J@E9ny zYF_b>iWSVe{rqM(bF%KxQwKJlhmn@y42DCWx)d2inEB}P@EQ1zhKvi0Ruye4z0jGJ z-%4e3XmRJx22$&Xepbj|(?sT3qK35CZXiVp8;e(>QHhAt?XpX=l}~ z0tQuHQ-YxAl!E+4hn!J08X7W=9>MD;mb0JsS`xKc`6Qn8#ay`v$#oUpdg&z`?7MM| zI}^Q4k937y*B_s$k>wJP)p~_RU)$o)z}m=JxnBQGM62v37@1ykb{<+;uK0T-!jUYo8CsIR7!z^0VfE0D z3wLwHkdd-ko$%U8zRN|C#*eyr!5K$!>CR8S&lT$=Dk3}|UHk7f3t9n8T`Y%=827+u zC+C68T}@KeA&d~gH%o;k9m~`LLOrx^AH{H9nllPZKjXZHMROBZfn~jJ z${s83nO7_1F5;1W8 z$Zp$C4pgwB&W_yhAO))l@t~6STmK?OJQszP}L~Fa&CK>(AE!Ml7wI4$@K8c6zezezP z$f>-0`+vKjHp?j~g%k-EYjTHd=qpHQ@I~+q*lQ-Wbit6s~ z5fQHTWWUbC62I8DLqi>A2LA3ppU`Um`2K8dmE3tTCG2HF3|6q%%m7um&jB8>^QM&F z;kA4Im}SA-QVfy)`og`X#DAY=A+pGxz-j;)uw4h(*A6#WYwl4T;^9{1R0IhMb^5)V z4dH*}ys4{z8?MhL(lT@?=iBL>pvu&0j#U#jC(m0MZ&Iq6Dm8pK@^#{Zs=Dc;Q{v)i zm$`}U+S_TW{GQC{#c84j(jG$={M>!jW~%o24$X$WHl?PyyU|sZYW}mq#N_dvmG?h? zI_%w7CTGm^McL*w>7MRmb&xg@wi9_L@LH`a=O?0&`~8p*LpLGt1?Aq6^%gT>+YSGu zN>!?G9x9CS*p$x~*4Dc}kgt43ILw*1B7>fs=l-a{Ca#ipg-r;w=zQ|qi+n;1a*N~@ zPm>)_tm^BqNbihGJIwe?xm$*@eNWBH`GM9Y$8F+gP zRrH^)4wehN%|h`so*pwxFM*_5m1Q3vTcfsxumEt?O;wT6%{Y!qj)?jy`7k%()QqwGXCZV-!D$>q9r zIxq{7*sCxf)<1P7v}iL7#?5907i1mH4cBVIIaAW?utWCxerD;D8HaR0bCwO7ofXp$`Rjw`?|F- zN)*~Q$!5QBn52|vtCCgTd!1-u4FInS!e$$CJ-3_^G6i3 z#+A_iBIW}a6JcX&GjIcr5O;f*qt;nF)Vm_4dsu2zk^ZYA9uh%ilWMCz_8R|CX3VL% z#etgozGxO)>fk8Bm1mkOepI2^hB#Vdn& zvB>&<9Our2=;2GU5ReUfxSlslSE@zIk=Edy8T3Q*w+v-EknBD*_Qqs}xOUP+vBg z$cru8(Z%_eJMW8|jy>*P;<nYYB3 z@P(I)y=t% z-X&u4CT1y(QKsy-!_Tkdgf{LeT>(n+4mXkVXg+)GWxKb4P0uwM*jCAg_T}hw^(QMnXk)hkp z_>g|>{_JtDJ1UGhb+K2}?sA$bmu^fov}^`Dnb{5DV_!RRQalXkWj6CNyZ5r&zdKU( z4V5XNj=VFpQb9j(u&OH8J6U+UMM;VEv7IKC14jOb)$0|}Qq;e(rN~+!@f~}5w)=y? z7dGxG{!RboPmT5cKnv@1m1AvK|D zU}}yLE*D(=ljEP9tO28N{AgIavV+?iw1L&u5kDu1MQ^0HGj`;yzGeT~2UoVMJ^ z*ZyWST(%s&bMA%w&Q0$tY1f;8j+YmNjn+iBNS&l!oc^iNGx>Qz$J-BG3jjo&czah{J_B-8f7;z(rw?FH-B& z`3>pt@Zib+#21`K+ZD-uKyGZ=8CNuqq0{3Iu!x+eR5tQv?odQREnOQ)jo1G|Ak*6! zwsIlkD?dQe8C@$p(&k#P`^^gOpHeSSJz?I{_smgQrX{PmY*0m4aqx>=|9f>yWF(AR zVP?q5sK4|H`jopzUfhn4d05i2jwHXtit#dUr#g4r3~2J*t4OO>P1C$-_Cu{3;`UWa z;cmvB*KRYxTKUsHRMMHM25cA%`}C*6r$QPoV(0Zu*FnjOxdmNUO@uFyR$iOpl>dFt zAB%>POD?Xx(@d+9?K#t5AKVDnLabae>|T-mwK4qK9!PIKghL1$OF|gOJalkX*WVZ& zYXz*c83UI;i;&4`aLkVlVA@tf7l50~V6EuoCk$M{Tr9#O>wbAL1|y}}N_C1$kWyLe zB07ZhrO^}FDKdvU4NxJDvUwVJLexB;%*`$JWV-JaOTG8o9fe@I9=-0j8pSiJQ^R`> zXOk6on>sPm9Vv3wGt3pEM48rO@LnQFgk;aq-v1@{V0(D$hR*7hV12>UT`uA4E7E0a z3{$K;hzAA}N{obiEP`g&hD~Sjx|JJD(Brog0$KA2*+UtLm!-^Su~sJOH!TyEaJun0 zHQ7a_MS7x4JkT?)IrA#m#_;+^$Gpk3` z6y0qlmiKN^bN3iUaGJ3OkIc+rBFIc+9sl*P5Ia?9j}mxMGRiYo4i|AW{`0L?oYbqf zX)IS5!m#Dl9OVn^m4=!fv8wWLV?k@y1)zOP2EGP%k06`jv@r;cy(p!$@U3i;r7jh( z@}v_T#r~9u-E_p^|1R~`k`^QX@gdjO*D2UiL*klNJ{!4#l9Sc8z2mfNihm_K;DDjc zf2!PI)>OvOiNjw`&TUa<;ze&VmnRFQ@QcP9qD@vr%cqQT7~2+L4>kb8)QzeKMK2E} z4Lz;+gHfXE=(^zp8oJ}@+=l-2D9rFlL!o)#In+SUkAKV%7Pii!3D}1)2q3a;CyMME5@y_j& zk>4J6zsHkb6IRUApf4AZWB|gBWlgPuqxz&j?qv%SmYY`^s#Jdz*DYV-D%u`PN<8_| zL9Xw{qNozS08_<6bH9^Qew9Euj-UQ25_SgBR*i zHUJ!K6&&?O^yfd-?2MITy(u3nA9x=9+q~uP1RVV8N- zgrNQxEBt;=ZRf$cf3Hx#wk}*0NMA5A)oJ7Y4r~98Z%LKM4?$bVcZE9s>Xk;jx+o=M z<|Bz22a}0P%cu#(+cnlBH~*;^{`0z5AQ)2MDy$q*xN7r(`&$p#5op^dgKnv+&m}|H z^|D*NQ6X&0=95Tz2cT9KE&WxN!<}&c5<&bf3cU|^Fz!D;|4*h7z9{m@etahU+3Kx* zZ(ztQ}qf7uju+5uZ z^@bbT*nI8c2Z(tmRp?j)+mtQ=$0l=QC z{ztw6!M4k_)99ZuwM8#}w7_^uYlb#7`Whu4NnV@*N%7r6F;;)zEJfdg)5v)J=*fRR z?ValnH$}?wC2&_r|U2F$K42o$OyqWT~Xu9dJxbR<;qk+X7= z{Cj%&U1ENC%L1s8_NVbR#2StV#814&D7n#<)2|jOcQ4gX;Wx zCS{RLt^JcwPDsKyN0Y(@&0aMuwjC?Jx4<4(%K_EyY7jn{B+ZBK_IjmmpSpct+k$KC z_3+B#zw&p#7TawigrBvu=glf(7@S$u3snq#i(5k%f( z^*|Z7M?7j^2u!Ye&|M^dem}q4&K)>z6HsTm51h8}nW0xxj=k=yy6QXj>DOnZmK1U2 zHBkS#(~NJ`(c9N!Tj;$5`;NXWUT~O$4(ux#$L~hG)#qGHZ|xXKnDn*oL(@>LhVp1{ zN_Nnh%O)RD@dJRVSSc}V3mylgd`88Q6o0FF)?cgn-_!PGJQ{-@DiC!jb~)1x2l0x~ z%OYq~A5nZ+v8%jtM=PQ6oWRsus4H2z&Y^N}B;!ZwnH+G$DuFEf>O|aa!=N7W`L+;e z>^x*Hk(zM+4omEAZGA20=Q7R}*)Y4TP0`DPdR&*s z{(I%th_frHyLIx{qJ&w-Ph2N$1qk@51?+U!=rp4<$Iiv{mPzrD#d^m}$SH6U283j- zg1M1J%I%Zw5?@me*92t)%GZ?$)b=M}>mJNU7Cugpk+45(KM;Vm_5BhR1}Pkb@1{e& zoUa$`6^s$0BPXU`*9zTmLHSg9ph~KI+R&{}~!uSOx~}a7vES z9#4>F4>^L;+H0;)2v@yL8=S8S2<{HRr|S|sSY*2Y4J6uCh#d78U^xQMm(JFF1o7$` zm?rRSJ&w8lEJck>V8F;l)ApBcnFo7%K{=`)IbWpoCslGDc(t7q_<%&j0Dfg#dTo`n z35#+wGNqTS$`@9I9cECct;5PF_oKCXfA96nED{}Pq(~LLXM^JUep}rQV)9O`CGOG# zotMS;duKbf?u8V7f@$=HvDtu9d>c7a-8|Q;yRx7oD|^o_0ohl6Li5H|=z-nq(}ZRP z8$@{1`fR_tXvC59IgFG+>j%(Nup{%W6DXjTz_#EudNk8^Y|qx!=mjhGcJ@Z+dcsv! zyhHGC5Hz2ClFlU33`-o>quh&ThT#9Qvk;mto7#Q~mGnGEkdx;Fbe6o#x~;p;&WWTr z23h&|6rPlLwVrx){>lm_uyyAMy}mjcGNeaMCUkb?MZ9;?kJxi-qF(cm!>-ekHw4*m- z>tVlIgB_+C#CO8O?GO*b8Xj7;FcVVVyjgm=9QgeoAW*hJeR}z{`Jt0$Rs$@~!RbU= zIZz3)L8_-+k&o!bKfR$)7Rt6FJ_zF-G&$8Hz&EgsU3~j7`&6o+itcCRNPu{?y&i`P zzZzMKzu(9NdwsP|NNRTM@5u7#5gImK*%xFB_90jp_l8kC3C%@XPT_PnPy#pajWfRO z!Hz*K0ZybGvNjX2|9!Nf>T@%^H+?ZIF-G#L?VO9;!pF*NnyaYsRL6?3`-_J^4)ClV zU0cq-7Or=2xc4f?r^A`r!~AX3RzxHPPwPdM%++Osc##?*H_R=j(-{ zTJsu`6BZ(J98&pasFO1jykWsQft7K4g}*r2hwJG8dw{>xsI+|NL zVCA*@1mS%mI~!hQnKpxF55*Ck+qB=hw!GP8(u&G#H^V67>?u&3F$LHgd+kwr<*MJh zn?Qkf=CWmuC@=n;n19?m_k@&m5^Xk)$oJIJIv*yQL8CNshQ>{s@nb+FvA~8Vt zQDbjiHljjn-OqRwZ!Slzuy!e1G6b%~uHI*LvgzIKbv}R3^p-5!R>WKSi3u32IMMPy z&Q%=SAJ-nM9syBb`Q+SXfEkFTq76Q~dC6o=_T*Pf^D z!U}$OrLy4@>iPB)tBnjy#?xYE>`1{qimCZw2A&4qm9GFLxwg$gJ*M`tYWVbh4th=E z(lft$@+kt+S&}%HZPYFYNi0_Kh8$8ATeBLm=HeX<2iz)*Wxdicr_quvbjjA)b8E~O z&!)^H+otRr(!Dqr-Eu*&8ZlO-VAeYRd~)b3mZG9#tQrb#7Mgc??XlZE!tzR0!$!#y z6jCm*o{A+eH1My-B4Z&H-5GS3nqd~!^mc?sH61{Hil&qIsXnQ_G4ypop;{(7PLPM0 z-@Bg$CCSi6(IsZkjK<{@uqCalMH)?%hnNRcfK5^-r&fCcQ8L!&+WULly$X@EWOb0W ztRM0(FfyT@?DOfm7M8t{D_5axBT(FXBC;A*)~=21YsI}8=??+vMz#yruy!d<75Ugn_;jFRV>RdHd~tn>Le`>}}8Hv15l<)wFo3&c;noq>KlygwL1mL0R3)y@6~A zx2vzrzR`ZlFpgm#$k)7+m=QU?_@iwo%}Q@tAA**kE7~znEFU z?0x<%d4;jo^PrrNd*3;HqDVYj6wjTS9>^Ul%irZ4$8+85wWB_Me1v>Tq^-Je zhqe$(-pQvWO|$SK-`a?me-efH(Az>EH*Tc5ef$Wm%t^B^bSx~DJl7OO`+bQ8Do4upU8%&OVk{rB1_WU;$ezMa;t1( z=w#Qb=O52*rMsL`?rIpqmm(&OX2&`FLW6|CJIGOD#XizB&sNMyq}D?=tc(7HYt(ZJ z^DC>EV#NFE2_#JNvtoW&AVNpRGyVZi+vd>1^Vl;}-8w6MxFqfFPMXukgvJ?dc0YsI ztyAncB0-X)hmxBOpd>mvnAL9n$U}Eqm%M{%OlVq=@qU6#0;)K* z@=CjSS+>Ki&VhlH zmab#-G#%dAF|v0De_YKwp!w)OqxYsP;U&G*FAL`$$%ltr#@Ly2N_9MJ{oi>-{WPO} z5i^CvrXe^r_?!mBqd1UPA=)pt}ozhfr}4V)XJ-gNyD;FQWfP?F>HkT+09@NloJ znO|1*St`v1;d!XjtZB&@ot(=6qdz(JWHl%q((SE|MOQ+DxrvKb_&2YX%J5NVif6bdVjjv zPb_wf_>qve5`R`Uvo|*)p}YxAduzxLKQ!AlEtT?*r@(qwcog5d7_POkBkN7iv=s_NDhOU&L%F54*#) z(|vcZNnDd6_mCckt%uETq2UQ}yj~Me);PU)R~os|>2r#-J=8b^;ZhUIJoWd&%Z;P1 zmqp>QXvmV*OC?siHPn7HB5K>_#lfLg@O^+8)jRyn=20*AS20cp>WhMlxFlGQjf?rq z8)tW@D2-yj=yInvZ!4yQTTUW-R$2clc0{en&**w?4XNV0qzga9R2SyTWLG!?67tob zPg<^;!(|Qmj5M$}IZWhnp*FfT&Qedl9{sg4TcMhtl6|5au%I?)0#}7-X6;4C zZJ|pB4jam0m~{B8NnRnIY*JP~V}3Bt8KpJ)RzLSfRR_&ujS(#$6LHCs^~BV6aO!FD zmhBNLhB=d5uJwFEQ+`h4nwv~#S(av?eMU!7;#}JuVmj6#))tZJHzuhnM)by>h2*<_ z&iKq27*Qdn95{mxe1;E)GF0ApglDhbl6q*&@S3pZcJYgpwaA~(cl)m%(I0l4Xr7r- zIXjxd^Bn=Ud}#l0ceIymK=g7GgHU)DOMA+3?LCAAN0sY$2|Wo`*;BI`Sv zK_p!XIl1(c%c^fvv9RRLbcwn|vBH{iZLFCUgvbU!J@)P}ka4goia&WJD~z1fVs!4Y zksp&ZySMQW6D|3o@IjOK=H8re#N6v!9NmuLrg1)w9HsLg?9DsYw12e`a)zM|iuUv% zrp7*+kt`_|QJWi_OPbWz$k;s35e@A!zE!|7xMT1(WSgC{Hp8(0O?13M35htLfvlf& zPA?1IgD_=W%JZVn2$<2B&vb-P^PRTgkihc~TgmMQqpo+D(+=6ayP8cDg}D+rBC)He zB=k2m_lZjhA9YAj%RFik=JTvnp)t@djWqp!Vf^eUAICKj3Dqm(uIidYlU;)wy3h?E zO2#f45n9d-b*P$YBGiBZ&1j|K3ydk;vbtHl8b}GdZwQ8Sqmvvwde2gaQU3UXlP+o4 zBWd|S?5|PA1>YWLOE`W~6&%uNW)8r>JqUmSN7E0AXj+Z|Dyr-I9g>|*< zhfTKoY}{l-BW<7%j!? z*1fuT%R;E@SJO(qGy0~Gq|jp|X`nAMoFXXQJx4i7QIe_sHFn(>M7}9vdrXb8iN0pC z=bctT!+S60eNGR-jgKUL8q#R45`_-$67g3~XXUDO7lk=fh~zeZA+}rA^ihRejB1No z8=6>=*ZDfmm3IOY60s3Hfl=dPV|A6OVrMz7XgV9HXU%im)!}F}jm4zZQW(Z|+$z#v zo`1|fU>kW(dViXNy5~t+fqtxbxO#)0V^MM=9=UAXRE+oeVpfgqS8=UbD-lkQ2hOJ3 zC116CWPQc^cxYv0H`OVSSk{*@{l`InBmR)>(ywf6LO5EL`DP_n9(j+MsPWXpJbZ!+ zJH1~RGRfmvRCW%p#&;_%o?j8Vcgdv^$$iu(69-K>2y;GrQ+`(|%?irG*#_w2IJ(tR zt<9-6ncLV&5znxC44ndB%it@aYE&)vBf3dgf`uz z>eZdO6CN#vBk?g$FKb$!#bVAxK7h z-4MFa&v(jO|As#N{R+w?h$DCrn4asc`~ckcizVY*UvZhBD9L?O`(IUf2&k>n(DHEd z+pa-fQ3piOc|YF&80RSb&M7-?eY5{rtEwgE|C9qzN6Wv5zO=aoB%dz|`e2NsyW|O{ zChOhik?##>ti&XHA&I<%>AIK`G6B{?>AMo!L4Tx6E6vd11km;%1lS53-jKF`j+A14 zRm7pbZu<=UDedlY=8K~9m#lJv8`VwkqrJ_l8~UQ)vD5aBHwg`m;FA1xN%eok41`D| zHROsU;2|S@AL{o};P_IERMo7Vge-nJAO7=q7VpkHQ%W@ofh^gB zF1h|XBqa{Ef`mxnuOHIG!$r9mRr1*jiK1q-2iq%m(|^3T{^LThlK27L?ES5sAqBdQ zZu7@w3wHu|V+%7rE=G58T+N5faUVjF!v*sT~YATh7 zL%1X3K+I@UN^0o*UeLk$cbe&+6gB*i9eXB8-^ZOAXjSj{Y>n6w)LEcU`n|i}2>YL( z?~14m@Gs%=w|^zH{~5#*>`aJl_at0rV~DgX5nts*TJP`pyWl%mQ_^%i0l-p2 z5Ieelr|K=MN@%1}t(5!YVnMqmI%K12&39om5rBNbj@^c-$n<1?&=^&KrJuX8&WnHcH`IXLfg;bDjc<|!Ble$F?fBF z+!m^yw<<&IfdpOudRXxKfkkn5kvarRRY=J)S(lT9jl7UT4$Lc>4i0nj?J-7?!*y(%vU@}{>7uP;P>a~eY zGGtoqW*N?-afDJusZi2D@S2zNe}48k?6;muRG>XTs_#IwtY`$N%vGxq)HVOJh~ID0 zq*pCgy#)3M(f(=Iv2(vj*4@Xj)tpvft*f>NZGRzM z|27ycCyN&i-Segq8dX@=Pb+FxkJq2lBJ(Hi91c$)<++$0CC) z4x8`{e`ad+A8!ty#qT8xEdI+XvDaAttK^76p4sfH{BxlWl?cK*LJB|bTPDBs2qOU# z<3$OL6GC^FU;Ob&D?QMmK%a#0adtq{Yo^(N+ zhaw8LzDM2}XLtTn<^xyLk| z0=4JY3|AY#1Mn3Z0a>jEHm`1IOtgyNtk%@+Z)&4;LJI7b!_QvnEa36=8Gt;hj`P)* zxYTV&?-Xc`vjsTNl~EPkLs&t^RzZRykWdMNwGRj$tKjIX_z91$6nN6#Lj*%bipiI& zw|dwQT>*s=A_~2^2vu?%eA?_(L^cEadAew-mtPhfh?4~<6Lfe|Gxo~KTnC(6 zRtgb6*GVWi*;yBs1$#p?HzgUhO{t`1LRWU#zZwO8?=#u&&iFgVpTX$Sm()@)1IydM zT>`Pa3&W$ZNM)XhViAG@R2(2UnOhi>j@It`D*8W34iv2K^I$m3RiUR^7Y9-g;Zy+V z#lv)AhCekhYXqHn%NR9ycbRFGE;GaT@g*jG(N~_G%`EAldca{ z-<_da9|JuDVut#NQ(6f^k2r7z^XtYE#J&3>)D?6flM5DJSLOXzEVkh093CLu?PmIw z@V@33Tgn%^-W&@K0227{szZl?-;a4jV8f>a2JmqPIZ6NrU0>_m4&TJr>LkLY?N_cxv8pZW9KzRi|Q zElhjI`5ly5>;a_&(9Qe6uL9wS+ot^RWER|`nbSN@@x_;hHmip!0BK^VzV_UzE>l-RexSpaSV7ZJeLiWM8l9*bhq;oH87pg(~xVeA2KDq<^B zd}bYJfn*%vqZQ^VcO@JGIIEBHj>+mxtNydjzn#SNk)+4E|;_LEAANA!xC+Ou1=9GCPFptJ7Cw5QUD ze`~U$+*COPHWLV%Kb(A2n)qeuH?PSrRw1S|*6JV1$8tDd4=zZer#Oakc+O`RdjA#s z|FxpxGClNnny`GXCC6(7(#(zAww^@WkKrL1jgOU5SUtv*8gy538e-2^s50cT;EtF70N zG8r#`9<|$lY-v`H(Zc(Y^TFj9D17jcHo`LALGog{nu1xo2j&BnN=mDv0%=U2DWXe? zVdg7d{#F>GgW4+b{n-nh=2nlaBbZ5!BF-Kk&C#FO*Yw=JDbx{Ps!Bn-tCql3X!YZK z4(bdug`U@@45GXe(ZcHr%nl{?-GiOxkmsP4##a!j8&6JN#8xIHu2U`d`yeul!Oj4X z8p(Tyf9%VCR4fu(aj@=wKF>@1VtOEKs1oq1wTY3D@wZe%Ri~x)(e)oWmj%Nub9d%2 zEIfe)kgA7jg>X`qhL%!1w}Y$B`PoNNsEoR*_!EC*me1#fQ&dfUnTpl+t*=}OIvZ3z zpr72Na$_~(5dRV*T?n<{%xow*!SxxLTeMe{iS4*ni!?jW?#tD-isc@G$fXkU{}a(7 zTXH2im;|H}dbOdl-Rms9OMEyMY`Vgeft@GhJd~c z{PSS@dmKS!%O+B$e}u_Ql(!1Iz<06EFFb`Is!#l!ZM=19D^jBuptZa=~QBWQs&0J>+6d_^yn VE9Jh*e2xbHeL`{2Izz4y9*YyV=c@VDv;__&m~7#JA%N{T=&3=GUH^t}Sk zWAs&;@|6V!1|5bHP+A*ovTOXLQC;WUG-Oce0vI30n@GZ|5<=2P^kvW@o);LR&HgO- zi}J>@Nrh@^(qN(wS-!NUvfKvKZPwD6Y2hslvUt9LY@QNF!aQL}2&~c`e!X)%2gy7Y zwXdX~XzNnDV{XFwL=q%bJ= ze=#7nau7rm7WN}~J47okDtWV#6{svjXLDuW?DY*GE$)BqKzK4+B;IkBVciOtHhuTWBX_uW#t!j>83|Jkawla(3e_2p+JFQzoY6a@ZP zpi0vHd3V$V*_XDPEuh_1zymY)^$QFw{GsfP$b*(9Dhu+Nq+4VNmr-ZVE z-D8xsZIlJq`#wBVdzqz1Ihlt7Jl5PAFE)tCaAI7%(LnF@&F#4yyT2(OyKWvvR}5`l%t312gntq4Q2L!!1alS!?(!oP zB0qP#VqgVVupI~cA5I<({7&>qqa)(K75It8`yX;2P+d~-h=ll_Q0IiL!=hc;-;4%O zOB~^?a~LSx`s^2^YL_WWt6=q@1|+VHy24GGPq<0j1ZZ{2wIiJRpt)ZzFE^b}x;7S0 zEE|3%-fxKUS2-)NyUlTW9A-hst0664Pi>}4hsRpwO2;VrV zPJT1AF09LH7^u8pJpQExe8|9Q+7y1Y_FE|!cOy3?Rb_J|R-xE*_)Vg)dpCI1+zHZt z6SBvtlM!>{7xmSz`BT94E!KjYJB^)orEjagc9f*^vYo+wm%4y%%+8eN>f;I2*{=qD zi#hQu=&k3c`rUbrcf8i$L?g++uN|Dv&{k$IToY)`*4nb_{oc{8{O#}I-Zt;C)391= zyKU0UWlvV3-DcU_ddO2{j^OIgU}Id+L&2EByF5!3rTI+WC(iE?#h?F;S416=xS*W! z+Rew0g}unjW2j~^JEwLA^2^Nr$Y%kLpe~o)kX?_X@#iH*ZA>4Ad}lseOIA!lsRV6b zFDv?M4Px3IkN=2sHGOfAcqJG&>_Sd!c-*d$+7@Qu>B|NK&ymHBq%>T!IlrRahh8r{ zQ`wuf=R@R(<85AT*K}Vys?HPJEt-E^B{^vE9O%{z7sV}wVzZT-oU_f=A-BOt9oXK5 zPMPV!U=N==s)r>#^}ptf;7-;(7qi1;t(Cp*)x6P9s_W^lh23wE;W3#_i7=acOrJgr zD*jbw`98u*gVbEMzqB+0{>>j~S_&V%t2eM0xftzXBY}Djt zC0wg*Waj@HU<_G)z%qdNW7m^VKHJkPNBW*-pGj|Q7=!HkW&`V;VBUz{a%CT5Px%_H#=r z&U>#A!Y-%>^zON$5a5EiA$#!k7Jn*|CuqD(ea>g~b|nQeV^@wtGfus2q4V`Fb3Kh+ zCTb+;e!X>(@+-V>C;Vokr6WRnu8-wjv~^Hy^6LbM)pT**?o~HV=Vhor9_bmUNUI{X zf#6%1vDk}WSWd0GKZ)M&1*_5ijT5{U^^G|FzggcE@PFvQLiJZ54yEwGkNoajZxi=tCYkM=h$B_B$=|t+^Vt-ng9yAq^ylsXZDQ zQHm1CLDS-HO3|%Hc1tAz(A!Op$t9K<9J^JvV-fZ(qNh^- zLP9t`jZyNpB<7>*;WGhiW5#0Z@v23#vkcdOs}o_4jbr6r7TT7Mnv2sjVci08C!Fu$ z4!((@zO9;^q=KnLN46|U6y!9(}F*q*P$DTPwfvU4vOSSVn7?WO26syT5g{^y>WX->jwCNsDk$+N1PR@NN`>w_+ zMh{B9>#C6@QF@jFs>9B3lCpjq5+w=Vf%Fv{JGku&BCc02KjKS@$^;#7x&2}vOQFEd z5!5Q2BDqYYPuBJ&$Q1E8iu!Ik%H?r)Jl1yXuHuj=h$U%$tFhU_nX?~nW1l&GzbAau z2NM+oXBs5g{DN?o2+6j^VH|_!?sVVLz09H=GOoaRS7~iHHloLEo!Q|o=+dk2>$nN- zham8E=b00RkCEK^bwEba)G6_-qSbJ$yjb$`f}h-y`xcO~Vk<8pFC z+VjVVSOw6`n0JwD{98|Gruv~+deoyzY+_ghIb5LlytwobgmLMh20RYi4C?#LlBCJo z)WDUStn4n*lp^HVb`|!^M6}VuDa>T`LhvE_~g-nE9iG{!EFO=t9p?V^bJukfJ)vM%%IG zy=-Y#6O$z*C%D#MQPK!()-q6WP$#gu_4aK@HA{~>59@1G;#?Iz3de?tSUjuSxiH07 z8~+W=SnU@u)cyp%eJ`7zEE%Y9@HO2zFNd)(s1q8<+BV;iE26xSM^7QcbU3fOY2}$g zpcT?~=<9sWCBBq>-W`xf9HYDhiaOg7Eh3I|nJCdTNz#~YUR9A(baj2olrVpDc|_r< zHm1U9ZZhoYSP?PQA+cJzUglls(2 z>{rbiuUpi=OKN4TzA&3!qKW_~;);aQoWo@@K_n>BFEDE5^MqQuSt}?a*-_?7DW+8E zLQ2SNjc?}k=8vGH)^f`WiruFR^%S>s5k!D08<99-!}m3CYm?;@C%&IT^!v{eToVks z6V?EPaL1kiyV1igaPY8nQ9;!6qWA2}I#`Exmlx|!3iH(A(iZQ-xm%D|vD%hV_$0kd zip*R@`X0xhu&Zoyv01I=?df*~X0rF@UoWs9#as$Fowl+=^Op8kQO?DdR7R>2qumIJ z0>rN)E2;xOh)xFp_=TH^{B&<}jG^oGhI4e9Jlq6B@N(a`$m&s=$QfxVGh4#2>psET zh4emtrX5#y}O1$Em#Gb%PcXzv|!1PvhHJ%?bULT zokI8}>YR^SHhFajXP8jr`KM_HA2#m_szlDYx)|9NAI(JCsk(Q(?;L>uw|fAK`e+sl z_bSOA1#q}P0Y_@@h1<(DU8SpZG(LZBGm0JrGlCU}x0sLmXa%VleqGB-rvBiYnM1lE zc{1GS&L|-FKYq%V2<&~TBpjU&=0LSYoWJcOZYU+I6;k^lK4Nfo+VFB@lKR^ArsbhF zwMoTjfEs2 zJGLLhlk>S3v#Wh&pI8Sy$l%%>V%k{)?D{}Oe4`>3OkOiRJ{x$rG}ZBo<@xmUS)V@kdWYl#S|rHz@~OGZZRxnz}H$Yf$HzZ+%Bm6>VzqRq1K6ox*k zlX&rBB$Wv%7gjg0k_gf0f-=ZYzqp^W9#9^lWKf3t-?Uo=*nR>xuCT{ww57Q6H~ejSip=Pb`HK^O|$tgbUjx5ni) z*&!XJk5Q0;10_z?EqtGFRj5~kC+GN~eUw*bHx43Ij`a*VzB1H3?4osPU7Dg2og;x{ z_w8p7Np{)m2wp}@TJgA%rD^nj_;ot zMqE3Ku8ITEhTFuCQ(5j!)P_z1qlnh8iRV3vIC9g?zG>@pzlv>&*^^}hccvnOY4urh zy&%K;V&ZwM^BITB(FKAjEeJ^G$-Ab2Mt_*%g?wL+i#j(Vnp#P{*ZO^SilPNL)o<&t z2s~d|Kb-TcVKGBd1J>A~8n7>Hw_rW-qmx?TojivU@buUG3`5Q}nV_&q?HH7l=F5kI zSv6Cd8+v@In;cT^!Jv~7LPuY3sp#`oydpI`%;J5)R-5Z{ zJC%u&#DZH>YOT``%kk0;oZtthzWz~16{@!fq@KKiV^&l>QA-TAhZUl@h}PiJ#N|%X z;y2}RPN(_2pW68=3+zt_`(hfc)cilwl*8DT&l7Rx0?TC~#^c5_}AjgW}n{7{!T z13~rQPm({~-3h{M<<`x5|YZvzS;Mm2$%L4W$+ri$pen>02A3CBZD;kj^hV4PEf!rZ7#mwIA#8%NuI^^_ek|(tc*8} zM$ni9U7u{v=z20y@jC<_9c;14ctI+YK|APijgIl-)rNp?75$eO#m+M*=2NF-$m|kh z!Ei*vQVWNqbWeb2j)?eIPGcjTF>}?IZTDZAowbZ*Boc6Eu%ZSIxqTtSSWgp}BuD!& z+Ke<+CQ7Fe8g<`Bc_45RcqeQsM}uXu&vaFD-^KBzY{vLmN34R5=i`8%tE^iw-(%U_ z9$`k@%db9$m%rK<)NYk(Wy`~W?c zv#BV7iNC;&BgG za;<8FO0Tt6cA88NP|5>6hBIPTV8SM0>vbpYV?09M_k4^wNkb+?lOziow%O$#5xJ~m zi91m!$=vK;MP`}~`aK=KW+lE{dr52*jd^Y=0p-tE%9OvQ;xTDCr_NKL*L0f2o$j@|5@eyf`E-|zZ)R&2 zJuJAI59_ffa{ut>&4FS;sajpy?yyqLpYpwhsBP&rzt2**5zpNt9@QwaB%2*+4YIrm zH>m+|TXs@>dzG>`iX`8tuS0CEcG-{f!1q3^k=NXk{0Q=M8(LC)L1yW){*938^VZA= z{U?ocAv3Yely4a`pJTmro(#)vvuap7SGV5J?SW@ z@L8y9i)p8Gj>zK@%T022yjH#wVY|^(5IJni8+v-^UHxa8_S-s8`ag*1nGK7q8x%)zEq!qkcyO5w}yND!=#e zYh{u+V|5c&$Ng(+3uE_AQTvx{4|x6fJQHx#fc&6K;>Fgdc)tszcM>D=0+>4GV^ zA!H6>V|{ol0!QIKt}}d{Z1fd)hdRDbn7R5+WcIz-Yi=TkAU4P=eGY(lh9)n4)~nCC zuc=(=HzK$_XjQVfGDUs`KJX~X$Vt$sEt-I1EcX^J$dQJeKy&Y;(rZ9p0Hw~Tgr#Sp2F3s~_G*}oS zQ{2Hymz$Ea)uNT3Koqb5+~S0#ATbVg-8gu=RfiWPpLvYVi-pD05f9n){wJ6GK=z#S z%BP{^)j;4sXq<%vF=v{*%<|>K90c@9TP*Hb$BV<|xb7BAd{N51g?r`~;BG^DEC7!Q ztD#nrnZyL$FVxtRf`#1TSaHW44(&F1!=x%RjUR~ERn_+r=KRV!wmIGJI|kiXflQrt zXS<`bhtmsr3;WikZ%VOp3q{{lf7g$PQ(cepCOz6;lU4@S@zb!Q!9X4RY7J-h78aZ2 zyqa$8JJz16W|{%(z@BC$NWMnp+ACL5OBfFmF^d|brZ823>tr86VgT>Q1-^N#~_q~A?pXf4Z z3X$Nu2b54djgXA{V>|w$MyjWAjk29ke>ii6GSh>Xp0heWs3Sa3(F}Ns>-6>~5HE+t z)G?j9ex7*MoV&Dh<~~C;96;UKFgGBG;#6%a0rC$czi3Q?cIAglfU2Fz?n9Oyw7?bJ zMh9<%byq0sM#OACZ5v|gO7TZuuQ6#_aidpfmi1r?z0w6*JCW4~%wF}ofHlG|^Nr1M zS+d%;cPlDG_bxjkjU~0Lh2e~;;vAFsmuqKk6y&M(LI&wnEpLXAIHulX_1pFw?gMj}9EaQ?1PbbzC%NbzQJXCh0TPzkSF=!ah>07W_)EH3oc?q1iLlcTASFsHnftc zWAI=-PjXE?m_&EXJNu+$4BmHaM|_tlyEhi$FUW1ba|+G`Zm;Df8^{3gn6@3K8wYTi z|BO)jz0wV+`W)feC1$!gq3hr1#v()Y;q&IQ^Jp)N#Me^v; zeHRnE;T6F|v8MCA<5k&J4;Bm613)J-w>4pbK5m-(F@07@*vs0}q~!w`u>~XQ)GL@R z#jkmm(B#B#jyH2^x|6L;SgV(U3J1E@ zNahqcUIm+lC+|c(`TXmv_NUhg8l8%hB_=T@FGLn8AG$wMlKskNx=D28lHhcRYuC|% z8Ov%qQrd*4_fFxR;`hJ?5LEtTrs5nt95>mFLr5Wn92wAjrr1$*9??H#Hg=v1;M1P5-FkC@3OTdW7 zmp>Dnf1l9lx>E6`B&Q15%R)x*sq(`fTfv)th-N>6(*frOo%=ew(?H_8jx_uMKL3=wLAM}Gf3S;&E(UetA}81N}JXp>F!x>a))Ye3_h134yq~~{YJhY^Yr=Hv;Ih6 zON!q&{-;TW{XS6?l-WHxg!#S&*;`2S;%9=Y z;((abLlhQP8`TBQK(P*WKu39nkp0l&Re$j#TBFs_vsZ6FXsOOF2#c3Wn1ap4W=o6Q(|yJ!a`T_Kop#yTl66Ph@Uv>D*JWiR~@T%@I+@Ho%6B(zh{0xruZ zx?@&VPOKlfX7XCmtq&)sr+I@%MZ7wAmV4>N6ZO7>8m1-=u>kK8ZwwB=E5gfiU5`{> zjF&6VdDB$AmL{V!NEfc-Xyx(#ZRyyt?zM{6n0@*fSG>wwSqT^9H-yz0ciz>SWH>9Q zgV5T#$L&ADp|YQFr%oV1C`nu8rsa_ZaQKS`5paB3c2wJ_pd233b`_;_GC}id=#dT} z($CG7L>#2SUFEp%_9Ktt!w0Xj*qjc@Tf2!(#A=&_VV#mELv^yq9|{pJkol}Uo|DJR zEH70dlq~mwqqANw&Fq?8$GR@*UlpNgfj)j+TB1~JJl=`ZCBbgjc3&W~(K}&u=dW1h z{qY}FB%J$vC7aM@rS_4MfiLT!_3rL7aTST(N9t;Z5Z7JtPTSpiq8C~spTsFM*wQFq z8l7qk1VO8>Ps>{C2D*!d)GY5902YZG*Oy^!$rX*ngSW-Z9{ma zaGNZ5RkW%s8d4+hWHBI8Y19cqwm0E~e$(KlBgLd->o2 z8m6;7o-i~-Uk3xy*~c9emZ-173HDM-!)Q#;U_GvBWCsH<>Zk4DnbJPq+Ch~u6 zKV<){vb;iTIfUu;XK1$r0eU_Xz183lJM1DWv0GQOL-WgJ4HUbI`C6qxJES-Vb zEkNpr;2NT~Zt6!sW?2v;m;~ARRL8R`4rlzTFPSuF&BD31V70MNn5Uyidf|E^4fP=n zT{6RK@V@tF?JxG1^aaaQZ*~U;<-*ffv~8qh`mB><)S?VSaOGTOnO-|Ls% z{wLRfb1%yee#hPX9^-F7KuqJ5e_MxLaMv2(RH!N8VYkB0hi3Zs z5#%Y^bNB8qLgKarx1Wz45h#h!RiS0c_e9@Pg94D^SbyWv$CHcAwR{vaw zbilX2!58`O;G=uHh9JaaaBp?{*XG8Tu=r=KpZ{*|^PkOe&=x%QJ}P7SzaE3Wi8CVe z*uNG7V}k!(^8W%Cee@wEBnjhU7T}PeHM6ARvZZyi#GAXPyijQ=1v*8vWAf- For the purpose of introducing the basics of AppRole, this guide walks you -> through a very simple scenario involving only two personas. Please refer to -> the [Advanced Features](#advanced-features) section for further discussions. +> through a very simple scenario involving only two personas (admin and app). +> Please refer to the [Advanced Features](#advanced-features) section for +> further discussions after completing the following steps. In this guide, you are going to perform the following steps: @@ -155,13 +156,15 @@ Like many other auth backends, AppRole must be enabled before it can be used. #### CLI command +Enable `approle` auth backend by executing the following command: + ```shell $ vault auth-enable approle ``` #### API call using cURL -Enable `approle` auth backend using `/sys/auth` endpoint: +Enable `approle` auth backend by mounting its endpoint at `/sys/auth/approle`: ```shell $ curl --header "X-Vault-Token: " \ @@ -191,7 +194,7 @@ at the `sys/auth/approle` endpoint. When you enabled AppRole auth backend, it gets mounted at the **`/auth/approle`** path. In this example, you are going to create a role for -**`app`** persona (Jenkins) . +**`app`** persona (`jenkins` in our scenario). The scenario in this guide requires the `app` to have the following policy (`jenkins-pol.hcl`): @@ -219,12 +222,17 @@ $ vault policy-write jenkins jenkins-pol.hcl The command to create a new AppRole: ```shell -$ vault write auth/approle/role/ [args] +$ vault write auth/approle/role/ [parameters] ``` -There are a number of [parameters](/api/auth/approle/index.html) that you can -set. Most importantly, you want to specify the policies when you create a role. - +> There are a number of +> [parameters](/api/auth/approle/index.html#create-new-approle) that you can set +> on a role. If you want to limit the use of the generated secret ID, set +> `secret_id_num_uses` or `secret_id_ttl` parameter values. Similarly, you can +> specify `token_num_uses` and `token_ttl`. You may never want the app token to +> expire. In such a case, specify the `period` so that the token generated by +> this AppRole is a periodic token. To learn more about periodic token, refer to +> the [Tokens and Leases](/guifes/lease.html#step4) guide. **Example:** @@ -272,11 +280,7 @@ $ cat payload.json } ``` -There are a number of [parameters](/api/auth/approle/index.html) that you can -set. Most importantly, you want to specify the policies when you create a role. - -You are going to create a role operates in [**pull** mode](/docs/auth/approle.html) -in this example. +Now, you are ready to create a role. **Example:** @@ -288,9 +292,31 @@ mode](/docs/auth/approle.html).) $ curl --header "X-Vault-Token: ..." --request POST \ --data '{"policies":"jenkins"}' \ https://vault.rocks/v1/auth/approle/role/jenkins +``` +> There are a number of +> [parameters](/api/auth/approle/index.html#create-new-approle) that you can set +> on a role. If you want to limit the use of the generated secret ID, set +> `secret_id_num_uses` or `secret_id_ttl` parameter values. Similarly, you can +> specify `token_num_uses` and `token_ttl`. You may never want the app token to +> expire. In such a case, specify the `period` so that the token generated by +> this AppRole is a periodic token. To learn more about periodic token, refer to +> the [Tokens and Leases](/guifes/lease.html#step4) guide. -# Read the jenkins role + +**NOTE:** To attach multiple policies, pass the policy names as a comma +separated string. + +```shell +$ curl --header "X-Vault-Token:..." + --request POST \ + --data '{"policies":"jenkins,anotherpolicy"}' \ + https://vault.rocks/v1/auth/approle/role/jenkins +```` + +To read the jenkins role you just created: + +```shell $ curl --header "X-Vault-Token: ..." --request GET \ https://vault.rocks/v1/auth/approle/role/jenkins | jq { @@ -317,44 +343,37 @@ $ curl --header "X-Vault-Token: ..." --request GET \ } ``` -**NOTE:** To attach multiple policies, pass the policy names as a comma -separated string. - -```shell -$ curl --header "X-Vault-Token:..." - --request POST \ - --data '{"policies":"jenkins,anotherpolicy"}' \ - https://vault.rocks/v1/auth/approle/role/jenkins -```` ### Step 3: Get Role ID and Secret ID (**Persona:** admin) -Think of **Role ID** and **Secret ID** as the username and password which apps -use to authenticate with Vault. +**Role ID** and **Secret ID** are like username and password which a machine or +app uses to authenticate. Since the example created a `jenkins` role which operates in pull mode, Vault -will generate the Secret ID. Similarly to tokens, you can set properties such as -usage-limit, TTLs, and expirations on the secret IDs. +will generate the Secret ID. You can set properties such as usage-limit, TTLs, +and expirations on the secret IDs to control its lifecycle. #### CLI command Now, you need to fetch the Role ID and Secret ID of a role. -To read role ID: +To read the Role ID: ```shell $ vault read auth/approle/role//role-id ``` -To generate a new secret ID: +To generate a new Secret ID: ```shell $ vault write -f auth/approle/role//secret-id ``` -The `write` operation is equivalent to `POST` or `PUT` HTTP verbs. The `-f` flag -forces the `write` operation to continue without any data values specified. +NOTE: The `-f` flag forces the `write` operation to continue without any data +values specified. Alternatively, you can set +[parameters](/api/auth/approle/index.html#generate-new-secret-id) such as +`cidr_list`. **Example:** @@ -371,10 +390,13 @@ $ vault write -f auth/approle/role/jenkins/secret-id secret_id_accessor a240a31f-270a-4765-64bd-94ba1f65703c ``` +If you specified `secret_id_ttl`, `secret_id_num_uses`, or `bound_cidr_list` on +the role in [Step 2](#step2), the generated secret ID carries out the conditions. + #### API call using cURL -To read role ID: +To read the Role ID: ```shell $ curl --header "X-Vault-Token:..." \ @@ -382,14 +404,19 @@ $ curl --header "X-Vault-Token:..." \ /v1/auth/approle/role//role-id ``` -To generate a new secret ID: +To generate a new Secret ID: ```shell $ curl --header "X-Vault-Token:..." \ --request POST \ + --data /v1/auth/approle/role//secret-id ``` +You can pass +[parameters](/api/auth/approle/index.html#generate-new-secret-id) in the request +payload, or invoke the API with empty payload. + **Example:** ```shell @@ -400,16 +427,16 @@ $ curl --header "X-Vault-Token:..." --request POST \ https://vault.rocks/v1/auth/approle/role/jenkins/secret-id | jq ``` -The above example to generate a new Secret ID does not have any payload. -Optionally, you can pass -[parameters](/api/auth/approle/index.html#generate-new-secret-id) in the request -payload. +If you specified `secret_id_ttl`, `secret_id_num_uses`, or `bound_cidr_list` on +the role in [Step 2](#step2), the generated secret ID carries out the conditions. + + ### Step 4: Login with Role ID & Secret ID (**Persona:** app) -The client (in this case, Jenkins) uses the role ID and secret ID to -authenticate with Vault. If the expecting client did not receive the role ID and +The client (in this case, Jenkins) uses the role ID and secret ID passed by the +admin to authenticate with Vault. If Jenkins did not receive the role ID and/or secret ID, the admin needs to investigate. -> Refer to the [Advanced Features](#advanced-features) section for further @@ -436,7 +463,7 @@ $ vault write auth/approle/login role_id="675a50e7-cfe0-be76-e35f-49ec009731ea" token_meta_role_name "jenkins" ``` -Now you have a client token with `default` and `jenkins` policies attached. +Now you have a **client token** with `default` and `jenkins` policies attached. #### API call using cURL @@ -447,13 +474,13 @@ in the request payload. **Example:** ```plaintext -$ cat jenkins.json +$ cat payload.json { "role_id": "675a50e7-cfe0-be76-e35f-49ec009731ea", "secret_id": "ed0a642f-2acf-c2da-232f-1b21300d5f29" } -$ curl --request POST --data @jenkins.json https://vault.rocks/v1/auth/approle/login | jq +$ curl --request POST --data @payload.json https://vault.rocks/v1/auth/approle/login | jq { "request_id": "fccae32b-1e6a-9a9c-7666-f5cb07805c1e", "lease_id": "", @@ -479,14 +506,14 @@ $ curl --request POST --data @jenkins.json https://vault.rocks/v1/auth/approle/l } ``` -Now you have a client token with `default` and `jenkins` policies attached. +Now you have a **client token** with `default` and `jenkins` policies attached. ### Step 5: Read secrets using the AppRole token (**Persona:** app) -Once the client acquired the token, the future requests can be made using -that token. +Once receiving a token from Vault, the client can make future requests using +this token. #### CLI command @@ -576,23 +603,22 @@ This time, it should return the values you just created. ## Advanced Features The Role ID is equivalent to a username, and Secret ID is the corresponding -password. The app needs both to login with Vault. Naturally, the next question +password. The app needs both to log in with Vault. Naturally, the next question becomes how to deliver those values to the expecting client. -Common solution involves **three personas** instead of two: `admin`, `app`, and -`trusted entity`. Furthermore, the Role ID and Secret ID are delivered to the -client separately by the `trusted entity`. - -![AppRole auth backend workflow](assets/images/vault-approle-workflow2.png) +A common solution involves **three personas** instead of two: `admin`, `app`, and +`trusted entity`. The `trusted entity` delivers the Role ID and Secret ID to the +client by separate means. For example, Terraform injects the Role ID onto the virtual machine. When the app runs on the virtual machine, the Role ID already exists on the virtual machine. +![AppRole auth backend workflow](assets/images/vault-approle-workflow2.png) + Secret ID is like a password. To keep the Secret ID confidential, use [**response wrapping**](/docs/concepts/response-wrapping.html) so that the only -expected client can unwrap the Secret ID. The `admin` user don't even see the -generated token. +expected client can unwrap the Secret ID. In [Step 3](#step3), you executed the following command to retrieve the Secret ID: @@ -627,7 +653,7 @@ secret_id 575f23e4-01ad-25f7-2661-9c9bdbb1cf81 secret_id_accessor 7d8a40b7-a6fd-a634-579b-b7d673ff86fb ``` -To retrieve the Secret ID alone, you can use `jq` as follow: +NOTE: To retrieve the Secret ID alone, you can use `jq` as follow: ```shell $ VAULT_TOKEN=2577044d-cf86-a065-e28f-e2a14ea6eaf7 vault unwrap -format=json | jq -r ".data.secret_id" diff --git a/website/source/guides/dynamic-secrets.html.md b/website/source/guides/dynamic-secrets.html.md index eb6480e2465f..bd9e302df846 100644 --- a/website/source/guides/dynamic-secrets.html.md +++ b/website/source/guides/dynamic-secrets.html.md @@ -32,7 +32,7 @@ you through the generation of dynamic AWS credentials. The end-to-end scenario described in this guide involves two personas: - **`admin`** with privileged permissions to configure secret backends -- **`app`** is the requester of credentials +- **`apps`** reads the secrets from Vault ## Challenge @@ -147,10 +147,21 @@ must be mounted. #### CLI command +To mount a database backend: + +```shell +$ vault mount +``` + +**Example:** + ```shell -vault mount database +$ vault mount database ``` +**NOTE:** In this guide, the database backend is mounted at the `/database path` in +Vault. However, it is possible to mount your secret backends at any location. + #### API call using cURL Mount `database` secret backend using `/sys/mounts` endpoint: @@ -159,7 +170,7 @@ Mount `database` secret backend using `/sys/mounts` endpoint: $ curl --header "X-Vault-Token: " \ --request POST \ --data \ - /v1/sys/mounts/database + /v1/sys/mounts/ ``` Where `` is your valid token, and `` holds [configuration @@ -177,6 +188,8 @@ $ curl --header "X-Vault-Token: ..." \ https://$ vault.rocks/v1/sys/mounts/database ``` +**NOTE:** It is possible to mount your database secret backends at any location. + ### Step 2: Configure PostgreSQL backend (**Persona:** admin) @@ -212,10 +225,10 @@ $ vault write database/config/postgresql plugin_name=postgresql-database-plugin **Example:** ```shell -$ curl --header "X-Vault-Token: ..." --request POST --data @postgres-config.json \ +$ curl --header "X-Vault-Token: ..." --request POST --data @payload.json \ https://vault.rocks/v1/database/config/postgresql -$ cat postgres-config.json +$ cat payload.json { "plugin_name": "postgresql-database-plugin", "allowed_roles": "readonly", @@ -249,7 +262,7 @@ if Vault is offline or unable to communicate with it. **Example:** -```plaintext +```shell $ vault write database/roles/readonly db_name=postgresql creation_statements=@readonly.sql \ default_ttl=1h max_ttl=24h ``` @@ -263,10 +276,10 @@ statement is passed as the role creation statement. **Example:** ```shell -$ curl --header "X-Vault-Token: ..." --request POST --data @role-payload.json \ +$ curl --header "X-Vault-Token: ..." --request POST --data @payload.json \ https://vault.rocks/v1/database/roles/readonly -$ cat role-payload.json +$ cat payload.json { "db_name": "postgres", "creation_statements": "CREATE ROLE '{{name}}' WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}'; @@ -281,9 +294,9 @@ the `role-payload.json`. ### Step 4: Request PostgreSQL credentials -(**Persona:** app) +(**Persona:** apps) -Now, you are switching to [`app` persona](#personas). To get a new set of +Now, you are switching to [`apps` persona](#personas). To get a new set of PostgreSQL credentials, the client app needs to be able to **read** from the `readonly` role endpoint. Therefore, the app's token must have a policy granting the read permission. @@ -300,14 +313,16 @@ path "database/creds/readonly" { #### CLI command First create an `apps` policy, and generate a token so that you can authenticate -as an `app` persona. +as an `apps` persona. **Example:** ```shell +# Create "apps" policy $ vault policy-write apps apps-policy.hcl Policy 'apps' written. +# Create a new token with app policy $ vault token-create -policy="apps" Key Value --- ----- @@ -324,12 +339,14 @@ Use the returned token to perform the remaining. demonstrates more sophisticated way of generating a token for your apps. ```shell +# Authenticate with Vault using the generated token first $ vault auth e4bdf7dc-cbbf-1bb1-c06c-6a4f9a826cf2 Successfully authenticated! You are now logged in. token: e4bdf7dc-cbbf-1bb1-c06c-6a4f9a826cf2 token_duration: 2764277 token_policies: [apps default] +# Invoke the vault command $ vault read database/creds/readonly Key Value @@ -352,15 +369,18 @@ First create an `apps` policy, and generate a token so that you can authenticate as an `app` persona. ```shell -$ curl --header "X-Vault-Token: ..." --request PUT \ - --data @payload.json \ - https://vault.rocks/v1/sys/policy/apps - +# Payload to pass in the API call $ cat payload.json { "policy": "path \"database/creds/readonly\" {capabilities = [ \"read\" ]}" } +# Create "apps" policy +$ curl --header "X-Vault-Token: ..." --request PUT \ + --data @payload.json \ + https://vault.rocks/v1/sys/policy/apps + +# Generate a new token with apps policy $ curl --header "X-Vault-Token: ..." --request POST \ --data '{"policies": ["apps"]}' \ https://vault.rocks/v1/auth/token/create | jq diff --git a/website/source/guides/policies.html.md b/website/source/guides/policies.html.md index 4d28be37f965..576155e86d87 100644 --- a/website/source/guides/policies.html.md +++ b/website/source/guides/policies.html.md @@ -8,8 +8,8 @@ description: |- # Policies -Use policy to govern the behavior of clients by specifying the access privilege -(_authorization_). +In Vault, use policies to govern the behavior of clients by specifying the +access privilege (_authorization_). When you first initialize Vault, the [**`root`**](/docs/concepts/policies.html#root-policy) policy gets created by @@ -47,11 +47,22 @@ valid input. 10 minutes +## Personas + +The scenario described in this guide introduces the following personas: + +- **`root`** sets up initial policies for `admin` +- **`admin`** is empowered with managing a Vault infrastructure for a team or +organizations +- **`provisioner`** configures secret backends as well as creating policies for +client apps + + ## Challenge -Since Vault centrally secure, store, and access control secrets across distributed -infrastructure and applications, it is critical to control permissions before -any user or machine can gain access. +Since Vault centrally secure, store, and access control secrets across +distributed infrastructure and applications, it is critical to control +permissions before any user or machine can gain access. ## Solution @@ -68,26 +79,64 @@ Vault. To perform the tasks described in this guide, you need to have a Vault environment. Refer to the [Getting -Started](/intro/getting-started/install.html) guide to install Vault. - -Make sure that your Vault server has been [initialized and +Started](/intro/getting-started/install.html) guide to install Vault. Make sure +that your Vault server has been [initialized and unsealed](/intro/getting-started/deploy.html). +### Policy requirements + +Since this guide demonstrates the creation of an **`admin`** policy, log in with +**`root`** token if possible. Otherwise, make sure that you have the following +permissions: + +```shell +# To perform Step 2 & 3 +path "sys/policy/*" +{ + capabilities = ["create", "read", "update", "delete", "list"] +} + +# To perform Step 4 +path "auth/token/create" +{ + capabilities = ["create", "update"] +} + +# To perform Step 4 +path "sys/capabilities" +{ + capabilities = ["create", "update"] +} + +# To perform Step 4 +path "sys/capabilities-self" +{ + capabilities = ["create", "update"] +} +``` + + ## Steps +The basic workflow of creating policies is: + +![Policy Creation Workflow](/assets/images/vault-policy-workflow.png) + This guide demonstrates basic policy authoring and management tasks. -1. [Write ACL policies](#step1) -2. [View existing policies](#step2) -3. [Check capabilities of a token](#step3) +1. [Write ACL policies in HCL format](#step1) +2. [Create policies](#step2) +3. [View existing policies](#step3) +4. [Check capabilities of a token](#step4) -### Step 1: Write ACL policies +### Step 1: Write ACL policies in HCL format -ACL policies are defined for each path: +Remember, empty policy grants **no permission** in the system. Therefore, ACL +policies are defined for each path. -```plaintext -path "" { +```shell +path "" { capabilities = [ "" ] } ``` @@ -96,7 +145,7 @@ path "" { namespacing. For example, "`secret/training_*`" grants permissions on any path starts with "`secret/training_`" (e.g. `secret/training_vault`). -Define one or more capabilities on each path to control operations that are +Define one or more [capabilities](/docs/concepts/policies.html#capabilities) on each path to control operations that are permitted. | Capability | Associated HTTP verbs | @@ -110,73 +159,127 @@ permitted. #### Policy requirements -First step in writing policies is to gather policy requirements. As an exercise, -assume that the following are the policy requirements defined for `developers` -and `devops`. +First step in creating policies is to **gather policy requirements**. + +**Example:** -Developers must be able to: +**`admin`** is a type of user empowered with managing a Vault infrastructure for +a team or organizations. Empowered with sudo, the Administrator is focused on +configuring and maintaining the health of Vault cluster(s) as well as +providing bespoke support to Vault users. -- Perform all operations on `secret/apps/*` path -- Obtain AWS credentials for `devops` role -- Obtain database credentials for `devops` role +`admin` must be able to: -DevOps must be able to: +- Mount and manage auth backends broadly across Vault +- Mount and manage secret backends broadly across Vault +- Create and manage ACL policies broadly across Vault +- Read system health check -- View and manage leases +**`provisioner`** is a type of user or service that will be used by an automated +tool (e.g. Terraform) to provision and configure a namespace within a Vault +secret backend for a new Vault user to access and write secrets. + +`provisioner` must be able to: + +- Mount and manage auth backends - Mount and manage secret backends +- Create and manage ACL policies + -#### Example policy for Developers +Now, you are ready to author policies to fulfill the requirements. -`dev-pol.hcl` +#### Example policy for admin + +`admin-policy.hcl` ```shell -# Full permissions on secret/apps/* path -path "secret/apps/*" { - capabilities = ["create", "read", "update", "delete", "list"] +# Manage auth backends broadly across Vault +path "auth/*" +{ + capabilities = ["create", "read", "update", "delete", "list", "sudo"] +} + +# List, create, update, and delete auth backends +path "sys/auth/*" +{ + capabilities = ["create", "read", "update", "delete", "sudo"] +} + +# Create and manage ACL policies broadly across Vault +path "sys/policy/*" +{ + capabilities = ["create", "read", "update", "delete", "list", "sudo"] } -# Read new credentials from aws secret backend -path "aws/creds/devops" { - capabilities = ["read"] +# List, create, update, and delete key/value secrets +path "secret/*" +{ + capabilities = ["create", "read", "update", "delete", "list", "sudo"] } -# Read new credentials from database secret backend -path "database/creds/devops" { - capabilities = ["read"] +# Manage and manage secret backends broadly across Vault. +path "sys/mounts/*" +{ + capabilities = ["create", "read", "update", "delete", "list", "sudo"] +} + +# Read health checks +path "sys/health" +{ + capabilities = ["read", "sudo"] } ``` -#### Example policy for DevOps +#### Example policy for provisioner -`devops-pol.hcl` +`provisioner-policy.hcl` ```shell -# Permissions to manage leases -path "sys/leases/*" { +# Manage auth backends broadly across Vault +path "auth/*" +{ capabilities = ["create", "read", "update", "delete", "list"] } -# Permissions to create and manage secret backends -path "sys/mounts/*" { +# List, create, update, and delete auth backends +path "sys/auth/*" +{ + capabilities = ["create", "read", "update", "delete"] +} + +# Create and manage ACL policies +path "sys/policy/*" +{ capabilities = ["create", "read", "update", "delete", "list"] } -# Move already mounted backend to a new endpoint -path "sys/remount/*" { - capabilities = ["create", "update"] +# List, create, update, and delete key/value secrets +path "secret/*" +{ + capabilities = ["create", "read", "update", "delete", "list"] } ``` -Once the ACL policies are written, create policies. +### Step 2: Create policies + +Now, create `admin` and `provisioner` policies in Vault. #### CLI command -Create new ACL policies: +To create policies: + +```shell +$ vault policy-write +``` + +**Example:** ```shell -$ vault write dev-pol dev-pol.hcl +# Create admin policy +$ vault write admin admin-policy.hcl -$ vault write devops-pol devops-pol.hcl +# Create provisioner policy +$ vault write provisioner provisioner-policy.hcl ``` **NOTE:** To update an existing policy, simply re-run the same command by @@ -184,122 +287,125 @@ passing your modified policy (`*.hcl`). #### API call using cURL -Before begin, create the following environment variables for your convenience: +To create a policy, use `/sys/policy` endpoint: -- **VAULT_ADDR** is set to your Vault server address -- **VAULT_TOKEN** is set to your Vault token +```shell +$ curl --header "X-Vault-Token: " \ + --request PUT \ + --data \ + /v1/sys/policy/ +``` -**Example:** +Where `` is your valid token, and `` includes policy name and +stringfied policy. -```plaintext -$ export VAULT_ADDR=http://127.0.0.1:8201 - -$ export VAULT_TOKEN=0c4d13ba-9f5b-475e-faf2-8f39b28263a5 -``` +**Example:** -Now, create new ACL policies using API: +Now, create `admin` and `provisioner` policies: ```shell -# Create dev-pol policy -$ curl -X PUT -H "X-Vault-Token: $VAULT_TOKEN" -d @dev-payload.json \ - $VAULT_ADDR/v1/sys/policies/acl/dev-pol +# Create admin policy +$ curl --request PUT --header "X-Vault-Token: ..." --data @admin-payload.json \ + https://vault.rocks/v1/sys/policy/admin -$ cat dev-payload.json +$ cat admin-payload.json { - "policy": "path \"secret/apps/*\" { capabilities = [\"create\", \"read\", \"update\" ... }" + "policy": "path \"auth/*\" { capabilities = [\"create\", \"read\", \"update\", ... }" } -# Create devops-pol policy -$ curl -X PUT -H "X-Vault-Token: $VAULT_TOKEN" -d @devops-payload.json \ - $VAULT_ADDR/v1/sys/policies/acl/devops-pol +# Create provisioner policy +$ curl --request PUT --header "X-Vault-Token: ..." --data @provisioner-payload.json \ + https://vault.rocks/v1/sys/policy/provisioner -$ cat devops-payload.json +$ cat provisioner-payload.json { - "policy": "path \"sys/leases/*\" { capabilities = [\"create\", \"read\", \"update\" ... }" + "policy": "path \"auth/*\" { capabilities = [\"create\", \"read\", \"update\", ... }" } ``` +-> NOTE: You can also use `/sys/policies` endpoint which is used to manage +ACL, RGP, and EGP policies in Vault (RGP and EGP policies are enterprise-only +features). To list policies, invoke `/sys/policies/acl` endpoint. + **NOTE:** To update an existing policy, simply re-run the same command by passing your modified policy in the request payload (`*.json`). -### Step 2: View existing policies +### Step 3: View existing policies -Make sure that you see the policies you created in [Step 1](#step1). +Make sure that you see the policies you created in [Step 2](#step2). #### CLI command The following command lists existing policies: ```shell -vault policies +$ vault policies ``` To view a specific policy: ```shell -vault read sys/policy/ +$ vault read sys/policy/ ``` **Example:** ```shell -vault read sys/policy/default - +# Read admin policy +$ vault read sys/policy/admin Key Value --- ----- -name default -rules # Allow tokens to look up their own properties -path "auth/token/lookup-self" { - capabilities = ["read"] +name admin +rules # Mount and manage auth backends broadly across Vault +path "auth/*" +{ + capabilities = ["create", "read", "update", "delete", "list", "sudo"] } -# Allow tokens to renew themselves -path "auth/token/renew-self" { - capabilities = ["update"] +path "sys/auth/*" +{ + capabilities = ["create", "read", "update", "delete", "sudo"] } -# Allow tokens to revoke themselves -path "auth/token/revoke-self" { - capabilities = ["update"] +# Create and manage ACL policies broadly across Vault +path "sys/policy/*" +{ + capabilities = ["create", "read", "update", "delete", "list", "sudo"] } ... ``` - #### API call using cURL To list existing ACL policies, use the `/sys/policy` endpoint. -```plaintext -curl -X LIST -H "X-Vault-Token: $VAULT_TOKEN" $VAULT_ADDR/v1/sys/policy | jq +```shell +$ curl --request LIST --header "X-Vault-Token: ..." https://vault.rocks/v1/sys/policy | jq ``` --> NOTE: You can also use `/sys/policies` endpoint which is used to manage -ACL, RGP, and EGP policies in Vault (RGP and EGP policies are enterprise-only -features). To list policies, invoke `/sys/policies/acl` endpoint. - To read a specific policy, the endpoint path should be `/sys/policy/`. **Example:** -```plaintext -curl -X GET -H "X-Vault-Token: $VAULT_TOKEN" $VAULT_ADDR/v1/sys/policy/default | jq +Read the admin policy: +```plaintext +$ curl --request GET --header "X-Vault-Token: ..." https://vault.rocks/v1/sys/policy/admin | jq { - "name": "default", - "rules": "\n# Allow tokens to look up their own properties\npath \"auth/token/lookup-self\" ...", - "request_id": "1379d18d-e5e3-dbd2-8f3a-0e446c016a23", + "name": "admin", + "rules": "# Mount and manage auth backends broadly across Vault\npath \"auth/*\"\n{\n ...", + "request_id": "e8151bf3-8136-fef9-428b-1506042350cf", "lease_id": "", "renewable": false, "lease_duration": 0, + "data": { ... ``` - -### Step 3: Check capabilities of a token +### Step 4: Check capabilities of a token Use the `/sys/capabilities` endpoint to fetch the capabilities of a token on a given path. This helps to verify what operations are granted based on the @@ -310,22 +416,42 @@ policies attached to the token. The command is: ```shell -vault capabilities +$ vault capabilities ``` **Example:** -```plaintext -vault capabilities a59c0d41-8df7-ba8e-477e-9bfb394f28a0 secret/apps +First, create a token attached to `admin` policy: + +```shell +$ vault token-create -policy="admin" +Key Value +--- ----- +token 79ecdd41-9bac-1ac7-1ee4-99fbce796221 +token_accessor 39b5e8b5-7bbf-6c6d-c536-ba79d3a80dd5 +token_duration 768h0m0s +token_renewable true +token_policies [admin default] +``` + +Now, fetch the capabilities of this token on `sys/auth/approle` path. -Capabilities: [create delete list read update] +```plaintext +$ vault capabilities 79ecdd41-9bac-1ac7-1ee4-99fbce796221 sys/auth/approle +Capabilities: [create delete read sudo update] ``` +The result should match the policy rule you wrote on `sys/auth/*` path. You can +repeat the steps to generate a token for `provisioner` and check its +capabilities on paths. + + In the absence of token, it returns capabilities of current token invoking this command. ```shell -vault capabilities secret/apps +$ vault capabilities sys/auth/approle +Capabilities: [root] ``` #### API call using cURL @@ -334,27 +460,85 @@ Use the `sys/capabilities` endpoint. **Example:** -```plaintext -$ curl -X POST -H "X-Vault-Token: $VAULT_TOKEN" -d @payload.json \ - $VAULT_ADDR/v1/sys/capabilities +First, create a token attached to `admin` policy: + +```shell +$ curl --request POST --header "X-Vault-Token: ..." --data '{ "policies":"admin" }' \ + https://vault.rocks/v1/auth/token/create +{ + "request_id": "870ef38c-1401-7beb-633c-ff09cca3db68", + "lease_id": "", + "renewable": false, + "lease_duration": 0, + "data": null, + "wrap_info": null, + "warnings": null, + "auth": { + "client_token": "9f3a9fbb-4e1a-87c3-9d4d-ee4d96d40af1", + "accessor": "f8a269c0-153a-c1ea-ae97-e7e964814392", + "policies": [ + "root" + ], + "metadata": null, + "lease_duration": 0, + "renewable": false, + "entity_id": "" + } +} +``` +Now, fetch the capabilities of this token on `sys/auth/approle` path. + +```shell +# Request payload $ cat payload.json { - "token": "a59c0d41-8df7-ba8e-477e-9bfb394f28a0", - "path": "secret/apps" + "token": "9f3a9fbb-4e1a-87c3-9d4d-ee4d96d40af1", + "path": "sys/auth/approle" +} + +$ curl --request POST --header "X-Vault-Token: ..." --data @payload.json \ + https://vault.rocks/v1/sys/capabilities +{ + "capabilities": [ + "create", + "delete", + "read", + "sudo", + "update" + ], + "request_id": "03f9d5e2-7e8a-4cd3-b9e9-034c058d3d06", + "lease_id": "", + "renewable": false, + "lease_duration": 0, + "data": { + "capabilities": [ + "create", + "delete", + "read", + "sudo", + "update" + ] + }, + "wrap_info": null, + "warnings": null, + "auth": null } ``` +The result should match the policy rule you wrote on `sys/auth/*` path. You can +repeat the steps to generate a token for `provisioner` and check its +capabilities on paths. + To check current token's capabilities permitted on a path, use `sys/capabilities-self` endpoint. ```plaintext -curl -X POST -H "X-Vault-Token: $VAULT_TOKEN" -d '{"path":"secret/apps"}' \ - $VAULT_ADDR/v1/sys/capabilities-self +$ curl --request POST --header "X-Vault-Token: ..." --data '{"path":"sys/auth/approle"}' \ + https://vault.rocks/v1/sys/capabilities-self ``` - ## Next steps In this guide, you learned how to write policies based on given policy From a8469f89d860dd7d0147050b5e6b7fd1e472096e Mon Sep 17 00:00:00 2001 From: Yoko Hyakuna Date: Tue, 23 Jan 2018 16:22:17 -0800 Subject: [PATCH 010/178] Cleaned up the diagram --- .../assets/images/vault-approle-workflow.png | Bin 59048 -> 49660 bytes website/source/guides/cubbyhole.html.md | 199 ++++++++++++++---- website/source/guides/lease.html.md | 186 ++++++++-------- website/source/guides/static-secrets.html.md | 104 ++++----- 4 files changed, 308 insertions(+), 181 deletions(-) diff --git a/website/source/assets/images/vault-approle-workflow.png b/website/source/assets/images/vault-approle-workflow.png index d5daa107fbc6ae9dd54d875c5d29cca07ce534c1..5f1f002168702357b60e303ef261657d5ab8c5d1 100644 GIT binary patch literal 49660 zcmdSBWkVd>wl$2qHy&JrySqbhf(Ivfa1Yuz!QEYgOK`UkG`IwZ;I6^tEwazu_uS_n zyq}=EtCrPVQ^pvp!c~-HP>~3cARr)6_@c!8SQ~nW|2^4aYk~xr)*ol!;Vwl*}aw?EwqkOwpqjzbb zFW^X|FI1`+RCHfVG+|URa4<2bIQ)E$*G86|-1UBSEUlE!nORtT=J)2{nV!XIRmqiO zB!Hwef{FCUWQCIMM!)xHSo{J|N3nmA+^SYC*Z%X{re-LTz61XP&?z? z+yA#I1?^g||FrsVGvFX9quzJo2Dmnf|8GMy6~Bc3pTR_mies@FQaC7xb=yk4@u_%m-fa(%qCx!5G~d@Ip;f55QNX!}9oV4>bBVKiIlL$N{{ z#hUkJ)X{Pa2hFxF`TtB47*H5BIKP&WF>d7kZZ~Je=roknH`e#*UatQOj_H)%@Y7iz z`gYy8aKf73i~jYZ4GZ5}h^L8oBCng1UNXTn(DHnh{u}q7-*(Y#IBrsFu-34eDhyA2tJ=#+ z?-gJ_5cNOS4ECmsGW>NbX&AiD^?&#F+2a=&+hl^O{Y;#_2tUbk3pKh-CO_5-h@8ojUWO6hmLS zhtsaEdiynlcgc+V(PmfU$|6rxfZ-Mpc^%bWJl(9dT}~1{H?omPwsmc&j zqY`osmRL5Cq9PL_-oME@8xa)Y z$Df7nU3ZVyw*UGns<)8D-PoxvJ+OE%{J+pOtMt;!g%8(7CPoPK9Q$!}=y#hpqmgG~ zs8x=Yasz*h!hZmxv9Gkm2;W=g2FOe_J8p_LaDdUwp^1Z}hG)T!xzOKo4LUxH6-Y-x zas6@HeGo2zz%3ySvxz}^3r3Oyr+;m^balWlxu#WFi_Mjaz!lpbP718jZ-YA;XI$~z z%>t(avc4*}nJtMi*N{RlbdVajqV$eF+3y7H_-^d{^{{9Bmf1p6jf}iEekqq1OPhI}H7(d623E*B{9o}iX-l(;Z)8#2 z_;RjUW7XGU{ULb~^CYs0p=UoguaWv(spfLb_9Q3^@B3O@p$96%{Xrpf-C0J|v=-il zL4=Dm!0_CPlhNxyi6wAhhmgw6W$IL(!DOnK@Pnxb0*k;@5T2p;WLBs{kuFY?p~X4$ zpRW#qZZI&j5Y5l`2_Yy1zk}+|{O3qFGq`(TLa2tt_e>p5VIj5m8GUniRC?&XW@7C{ zwu8zr7%|d$LxUV-GYCZcQiI5b{D~o5lzWj}DJ-WfP%khZfgo8GiAgEl>`Phi#3X0> zBhvBVr1Qb(C2Mn@R z^Q#hlYN7DaM2!UL8Eu@>!BE|U{VO_kqUEI@OEbL2kOkiG*tz&YBgl6~%_!b2rc z+|XBWrTUxZ_7G6$ub&3Aw!o44J=V6dka``lrJ#$Yd>8V#-3S%fSVopyR_=U?>;2UC zZzPdLf}*L|T4xu!nvk&bFWeE-;m^=<;W|e0z1vRVyn{z2+`8tl{CM`IrniEFl^srGgStL{Tyk*Q z!%-m+(C681pfCfq>q%sY93}l7wm^Y~a1#az8^MxXOcy%KP3h2ZW+TZzYgRr6-~N(vqatpT37AfeikFs)fUSLQVC;~Yr8AaNm=5tUF0-WXkA0_w2bL} z@>vJNFSkVCGQD$-#*=;OSa0~kv+7}*?yd6#R*`ON*_A_Ju(ZdxZ-*H2ZM@46izP=# zBoFplME-mvLAD{RUdKl(*_ZBxWlLq-@bP~=Cl5IBMrRVNItn6pm*Y1YQ(NHocM_%v zI!2|PBT;1vtZNwnr=xe(*3E+pZy)(pu(QB;z0A&f!Ty|LP%f;yU;eB;cBhC1WA8%e zLW}LTiQnChVB{xro8j`IkU~B3_J+rf@`qt(k-Hz0sdETZZ%7hv^;HJ~4i!r{^MpID z_bfrRE(@jarR*-gq*zwHVC&Ij=HpO9AnQyTHO_=27fwF3$L>6MEpTj%vQS288nU{? zKk3It&T}Zpm*iG?T?V9-nUMr@x_BTUMj*V=6v%@5Ovl?Ant-HiM~sbM#)>Vx)p%}7 zQQD%t#s8aB{5PRRviDlw4YDwG+4--Zv_lV28#4Lk_R(){Q0M6x+vsAYBDQ%QH_U%Yk7{{qzaa`Y>AHu~eswS_?}BSs)%E;&ce#=fX7`9> z#qVH@u{5Nwf$hG16sB|UBHvRDH|OeJ!N5e1xGS*8QuC z!;Kyui|2|WGWd$(3Y`s~G?>g~=$ONa21(LH4&lJ3@(s^w1c`N3HASc&03g3}!Glk<)d zY2o5Wr$9yFf;w_2oZ(oo$n{YBwYl~Ov8O@YsThdwh^MEo_*$7YEi8mEDJrcXpxw2J z2Pt)n_a4)pG--XlYKWU|bJ=X|x~F=Xn@N&Nc=?9}gxR1R^`*md!Zv7t5-=q^;?`G+ z72h;vW%#{C2S+~i+g!ax|A|glo{pVz_wu6ZhvNzOBPpNs%;Lb6WeEhL$_L_a(?9WNSJsG<%>@}Vglu8@k zUxBd9mM~&>@rc=e`ykP+{z9*%aQiHkAiHOCLisG+67zi1_0r;oLL$hk#&iP;AP#^p z4qNVH?EZpCe%DNU=S3dGlUFU5+4pqxB25vz5b|$*8cPJ@5}PoE7-~-Z36`JZBwuG= z!*N6BPRQr}N_GvAZiFp!wk{pv&zDWk-F?Pp=cymHc%e4=ocrA)I8skR%+YRDJ7j26 zlC6tgrycsYIu{$cRnV^P%xGi$n@5@Bu5JQkzd@7z4lV;aX_7AVTsKab0|?|5;=xPR zft?UC-o5QphT_LqckkwJ9F*3W-}ApL0}U}BU`5}~$nomue<_vIApH92-hDestM$TB zWx&&r3z8Y87D+cQ-f?fP$An6fd9r&D4^6)UdR#OZ15Y!hMBRZbs4^X0YS=iiX7G$= zY9TuwElfXWD8`iAID`+~jkm4*Y?r9sxLVvI{kH?zyqFzTJU%?4*{HBbZ-Mjf7^D~$ zLK6|OAh}*DlJ8i!Asz z(1_fS9tU<=7ccwlL5r76Y(K-@(pVD`-M*oifW8SAr*y6SmS{ag&C->n$cuHfzh01^c%agd=ne-IY(7$=K5&4 zjaV3(!?#h1d3Ohn2}bdOqgu4#Odb4U;~6Ov+-w5FgUg3r99HDfUJpjzFhsPvU%aSZ zb@)f8X+HB}na)3ol{jH;9X&vtobbGHn<~*E2+p)Qtg|L=8JDc%y^%j3zTXON*yCts za)-EWPAIRP1sbvS*C0lVgc5j||41YMDpb#qxrawc8yyG#%;=BsV3`A29R8Cp!s|Xg zclO8V2XPc;-PPo7$l=w}l}@l4Pv4kH5M%LBZ=faVnQ=EQ)FsEGhtUZr!j}DETs(V2 zc-l_eDQlv!TLuk+4W9E6s&>Pc;JKN*id zN$3+$pSYfA5Pv@{ehNTd72+$r5x>PxrOtt=>C(7}`que(1#$J55k*h}w|GBLv$hOv8eZ6zV#~yqp96T3w0|!xJ64lqG>cAP5Ia2411u& zXZN{xnSV)8;+LaWFCqKT_$e+NL_7Q=>dkcK`&tvJQq_VGB9C=&ZzJ{pML!{4$86WU z0cU&`b=K|w+>d9NI6&g1ARR-(WV={Dbgo}xI)LU0KxA93hgAvrQW5;*V8}b5AS9=h ziB5dFUQ*r}%VH>!PZ@I}M)^%wE*XxMmVLPqN;;fok=^ov~m z?+r#an<|u3k`)`d01(uXSCkXLPDh;1b9}DTh4(6&N*xIxJh<;2(iL2=F%ZRY@H;s{%`Sj{trepJCT3cfIE4 z=ed(+QRuWiY&Be>Q&)Tzu5`Kc6C`Zu!P>G2n4W&JM!Dt?;90gZ>^tM!S3PAks|}b! ziQQ6X%C%Tp!#KMp3+q2EOx>k$T1`p5g02jj6%N~lLnR^@`523=5q-4Vzf5D20?~ze z`9HLFSoLgxA7=oY zB07xBFqz^8Toy1sApCHYU`p$x(9!vH{h{Ulpxhm#o`1N>W3J)8>=-I|x0Nt9vkw4@ zaX@#5s~(%Ew2AA#qCE+%zK3Bdy=VV87%POta1!+L0^ef;O!!1g8$oQz2}o20j$sMW zyd`{}?=0p|yiQtV;7|#%na!JywG4eUm^-f2?k>kgvXnzED{xbxEUkjR_wAN_+OqIAP!V&5DMD~w6C^__+3i8|IBJRo%iF(55-d#pj+(o zK)X$4bCPzlDl}kdvPwuuoC8n{@ATViSh4kbN=r*w1h&*9eTN>{=PQ&hOeOpo(*U>U zyIlb=6q8ga8ZpJL;Q4ou(nFv_NS{C_6<`_F)2n1bDq7NrQAnP1)rKsl1JSOFCGyNI zlAX`@HlA0LG93I&0}qGu)u;7J*#4}RL;u1G0Mn6c1bVB|i&U&Ry1I$I*5&s?WOxT` zl$ETuc>^!AQWTA`_ z7T_bQGM$F$lsE#@2*N*ypuX8@Jh!r1X>H)}l2|9BUj)9%WQiGx9TU0j%~ch9YcpGx zv>qx>K$Rc2!Ad$Jx#r^l$tj-vFF*2%U?FjXp-kbfhZ(AQZTo-ntT9Sv4l7bl9hr83O;i%QnMi|u5nbP;c2*!mq z=xE1%FTvPzP^zbp@I>qNc)(mc1hQ8}4BC2{Zdk~5@e%VPgg^JZ?YOLKv;UdSrR4v+ zJrIrmZQIumzW?pjz}S>3WI;H+*r1lfu9v6k%eBE{uB%=ow8PtEN!ol}^2l3DQ%fa$ zZxI08j2qNGlJElH`Psecy2m#IzTzD2hjWU$^_JxJop;580ID;V5+WWZy;IuWp+a3p-T*k^Ews`88SJ3VD+RGm%IS$i#r? zg?=;IHJG8ASaa60u<&CI_V@?jSx*)nceC92!6@&U7DHpjvMjX`Ku4e*!&iX*Av{M` zdcUL~+9|Xoki9SZfgmek_9-X^jn>P5|5&g1*#FRY zwnk`zGmr_9AO-MOKBFTIQ2(T(WNt8Oixy^wbCph;Q9P{+pJCuMYiT)|Ic|fP(PRq6 zDZz%)SHoxfdD5Hy$#Aw(HzzAAWk)D`a<`7T#AoTq*R^xVU6Usm&ne%bVkPTw8AIA3yX%&$_#s<=!w|lv$#x?z)X%Ot&Gp*nQM*Sh7*()GPQ>CK_ z`MQ!wggzt0^&nvQpQ0DLq&9AIZkS#UQpPm1_TNs|TTM$Rm$ndL{=jI>4^GRRGuV>K~*_e zdy5ocBx*1cj#w7ID-=#H6o9-6(rd%g^EO}a`wLAB8pk;o@PwcP&#sJRLG($GB2O6%~}0$vlBoliAs#H`Lyu9p$sQ89Y&Y3;w@CibpCc|9*WGCYoT+}>rxqB!9D%)e>CR~m3BfhOk zldU0^#FCaQY}(yab%h>#&DW9ZXrGPFkx}3I+Ur37v#H6Pp@MlUSW*%dES0qTJ_2|u zv!p|F!mS<#=E(RuC^~gei#J=VLYpmjqSyw(5olWaum3Jch=YtyjM&FdC&R4^0iww9lk;%^%pbgcdfcCl}u_LU=cizNl-UmbF6 z01P4br?LL9E{E7^@D= zD!G6$LL#KPQA09|bEkKUHx+9P!Lg25|6P5u*BW7>zoz(gAq8PZ-KjmRX4iWH70crV zQ$}?Exkv(7Mo!+N(AQCt*}y2Y#d9g$WsTI+-}%5+{B`c4CjhMVH>7 z_1w=>`R=zNrA^-7+c>@B;fCfUz^IHR&(>{O91?n(xC95JR#f2;U#7*E6iNx+VbBad^1lV z9IDfe6_z`>a{8FpIS|nkfe`G|bdT{phW9su)m+7b-N1FdDIg3u@oX_0!CmO|X-lNn z7?%3DxngOa;FX_p?$~^NIIo<}X+^;TBxyegj>9lzsiF80GPgN(z-35EQI` z8(~J~WLL|4Y`mNFCkEoV1 z$}S~?E?=MSfhlIFHJ=-Om1+Ya=_4>wE*NbNnz*@b&CvV2zbX>(TTx)3C_HITJheR3 z$*fQjkOj4MW_n)?#Z>^rYRQsJPJswOdZ2#3J|fto5~cDJTe}5R6f2ix=}AwkPtV~z zpg$Uj$t;Ej6ZS)lfBdG46~)RmD+92o-@(wUND7+`Cp!AwymF7p!{K8<-p%gbsk9CY zjQ?Y|SN!2vnBY_O5}wl^YfK9)&Go9Pg+ zx2^^h$Ge?uLsl~-s#K(JN@i#k)3+4H_r?Lfk^(@2+^NQabz>f%@NwFxPkDvp@2rfI;nH2$99BF-zp^a1Uqdq`)cywNX8swq}o>UgF zhN4%Y$zEQlbaYV@q=mxy-m9MFXt8vW_EoMkHA1rR6)MLjaO@V@EE34aT+Dwq6gh7G zi1YsBK*UiTjEwhgwoHQ1ojbqK!QdKS$To{v8QV39Me$e#MuzZ?ectMg9cRppJb4jcMCZ7U43zWFW~ z_YiRyQ%VpQIatse>TQdSc^byTN16>B`(%$BF zoK9IMndOKhex+HW(vvj)lnYh)%Iq}Hzh;}BXFc#MwE>UHllf9o7I|56sPpq`&lu~c z-J0d&{9X!4o>jr1@tK#WQ$MFgtFJBY8n@bRO?PeUK0TN5H?g_`2;=V$x<^N8ug?|w zK1EtY`i+(E40NP;d_5QT1FFOoX8=ZtaX$?Lz>e1T_86bv`eg~hQ+X2bO%c0f<0{#; z{AvjR`yXLFydn^J^Mj@9kwTDkp%}Hjz;pG&_a|d1Y`~e)R#tv8c9p{FUlikvbMXiK z^wlfly}g|khRA0HR2u96-|3!tI0fjBggPwBk=0w6*#Hq@DP%l)`gXm9 zP%CV>0w{m+#_{FZE6pw7jHEzs$+6qb_9;G}#mpjokWKhr+-c3AJWrSn-1&V)n3F#> zD=tPy4vQmO5B|C**?x3NUDjy;Fi+QcrR(?6oxISTw9BCc)X@oRO<-?>x`4Zod($F5 z4R}KE?qEkO&aq-Tl-d>iA`WpZU-H@LIJ$0kc~$H1O7(KxbD!`tiO6G z9+EKdoyN0Alk_E)JV}meAH{y~noP+sTmur9C(;xp;pSa|#kfqGYMqvikT(=kH8H!4 zr!@|0hN4Wb0? z@na<`Tu)@GJKO2UtSd*I$wjXOzAO}%fx8FwJQ_9i&*@2T?As?h++Cm;<730L~>Xk%tQzo*4*zW8f}+2PZe_3I-^8=F#+$%+TD5n;|-)+)8od0f_v4I zhDX>1{4r^gSQ9(sb~8FrI-!V@ny1<8>dNzKd!h zlEHUD?T#FnKqI&+lmj1=?okN5hC4tgcSOREqORI+I=ty)rSjlhHP+bt-YR0O8-_pd z1deIzrub8x#kiZ#gbq`RRu=n;Q4%D>9s9d>%NpftXtP7X!FNvtVm)`^ zGF2p2*sJ-NOC!k-XW=GqAj2Eu*N_|ayx_c#Hj8-eR|V(I4O;cyV6iX`lc7It!;T2$ zEhZWPpz29c??@tE`xrjlt2Sz+ye>DI!&UI{tj~_Lml4XezGj0S=_x_qIQV@vfJfZj7#-D9JGkPwfH;H>62Vn4MhFhK`)EU!1pTWO zWw#S63U;+HTYRt}S&ck=xnEjox(fVZV0UT0DtrtPpBgL2uocAt9$h)6V%V=d4!(Rs zw8_v$4!+)HcxUp_m|i*3Uruv67JRNe*4FB^l6e%E4ck&0Zw@14-rwZ6N_QxQDa|x} z?rQdaesf8xFnF~=$7mp9FzVUKoC>J?#mk#t$UHl?)ouy`ZM~6b9B6 z)dfbWN@8Ty?|U7sy-#TKPdsph0VAqlx!=ooetJ_yb&n_`|AMvNYIL8nhRD$y8INX8 z5qc}IA^eV|c1=W?cdS8)#qp`ntT=_1% z96momp-T6@a`6q1FM)`!cY3h{$tg4{5fv~ti}ZeF&#tnNm9(Two)LjJAge`w3B`7w z->1pk?S-b;Kd3f3WnvT``2f}AMWE>LLj?rR(r00+UX;y|9th$#UlDwF_`2H|zt}Sf zSr)dieogGWFcIIZeP?uJk{~J)1)^R2HRC+mqnzHpq;_vv6g2|;P2?Vkq)^5I4_1?y z;qCx<^xbpOD|A)&iN5KzVtZW8hvrFl#C*pCY=4nApONS6_B2Q}=jx-(U>d9fWr%7WF0F$R zdZo49WSS8zXQ^8sYU4tVj)^1ReNRVWI^!+}jC>I3EVk6|)$tq=k>B%Bq*zdx?XEvY zXZs^UY*JM(o(3#vGn>(Jv4&eFXnekSF=JP~fsamw(xUPsR}|8PQ3n!XWcAHuR!jTaz-ddJ#MVE#}LSnah`RmqPByCdp)O?uE*Wi zST4@&XlASQmwX=lJhD0D24K>Z1x?R3RLe2>0I(`cbTj7sr#9FfZ2gk;Liy($Y~kS) zcb_Jxj;e6$vcwIAD3dFSz+ilUBI{^35RMiF3tf3c(?!7^s7GX7075s+oO=vJ=mCd9 zqN9n(?q;AR=x~pM z{*&33sVlN+XT=@9JEUL5qwIEwW_1*h6;WAeE^49?#_muar$HxEHh9~4Y#aRRdt=BX zs9|{gEpyi9n~Tsg_>;Jc+rg%(USc#I{EwY`3yxeYPN5TttQpdzC4t}WcKSg|N1LF- z?-3YoRP};16@}EJql}9h2efBta)^pO)`w<6Z zZW)Krnvehkt#;Km*%W2bp?nosD`AWCX{LQyF*2y3rIV3HF;%b#1?v>?1?}AI?&68h zx69`ZSdv0zJqTz0QpIEtmve|%pLv!c-y_1O^x4BI?LtU8NlF!5q1so@YSplXX`xHr z!~Tp&lN1+EY(nJ0qbXNzW2IYC)12-z*=f$u#*^jSz0fBA!HV`}qCS4GJH@yo&68}Z zu2dHTds!g&!*v4uAp%XKr9j+}w|K;uv*6?Ew%)37yH@F&Y3|YQ?XD2w0#6nJ@i*1f zl(9!J>`nc0*Q-_!I<`c0bU7*+7yibYneY+HLGM4V^H6>q-;a^<nm11?`K@$R=tZ0 z@op+4uk{p{TqQ47QWFtGSB|=^RJ%!OmO&JJ)^4l3y}&B+O}K6Z;a|T@qLXxbQP7yM zk7>R$Rs7l=89Q1QBJLZ2e`8^OsM0ena~~)Y+f+?E%1p>P^Jmn_BAr4ku2tw!RH*yGLlK#;xfT3Qlz~cxx7(KoJi5!lH9PWkC zh10A48?DVYd z6YnV<)~Vj=yr7q7@tr$-`bQeS3FfoM0iuZ66)T(D&YvYhEeof#U{zlbFrCHiS}in!<6QA28Mj}qOACEz_B`y3=(-yw{rRf|>mLO( zHhKj@+$px1-sh07t^wT86y}6Te4y`tw}cLliU|^{IScx2)g%o9|*@U4#dP;VDQc#`_;_)gJ?RmC_=i} z=3}!gMUa^0MxWU{xH-aFD%)YtBtLkQTH0`8`k$f8$TvtTm_9cdr+6!->0~K~vc;|#3 z44zNyL&d)D;mAyuGQo3!cvb{eL3+p_pX4gVR^j+&mrjF@;Wy?SBrtPDeW&Hr)+Gbh zdpI*^=E>gt1f(@^*)`=xxDWBwnjtcdf}SLC71zM5I*Xd0i|6AQBVj7bnqOavO4j5& zO@|Zmy)bcia~Iw?GfP+aSplI09$l;@7^wfm+wL1n&PYmf-;^{m#)q~)(tOG9!W$az zAkK=puxs6?!K0r`NlRIioSp757VDaIn)S;%a~ikGb|w%)c2ye|y73G(r~aLeR=*-7 zz18ACagnF=rR63s-K0%|KMv;%ZPS4AQINE^_VByz*39c+9oD0u(s?pYyDp{2mIqZ> zvw2^xZB!4x{Z?wQbt|P0IU)YdN0%^Dq)9~lrol?nS84_b=LCj;}F(YI?)g7pr;}OkNn^~^!lhvj(5Dl&S(*C z##KEiB6TWPS!=-I93{)|dl{YG6grlm`M9Tz@1NedI&=u3lVV1Arz-Y*;r5`ZhwiLF z*hNh_Y--_7jmX0^*@+Z(W?_4So0WQ=Kb{!X7;){Ozk!o|Y?>VLJb`wC=P`k+K+!DI z{CspHEI#?if!WpJblqNpcvD7Q&N1E9|Q|LPNYN(Jy*}XClRX$FNq_dvo}&5&qp^`dYu_6e)b(D@3QXHuQGli zM1K3o|6ctA0K_ROAan@_O-*h3LOGEoyxs#2-+mpGx#J*;Z(#`R)Pxw<KK?-iWe#b0A(3Pu=h4QRYI+G$u>4jWqk!%vAtNuJ?U}Vz5$S~sX!py4jOru>We|g$GwRCVnL5W>Qvg_ z?!Wo@AnKSlF;kclWBO}i*G$}!z4Dy_R?|O2x|1L?t=@aIikbaOVuc}ti3PYOdPADA zI|jrZv1r=ev}J#7%C(I8Q`$+>d7~sS+wb6HiG23EZFexZD6$~L9RrQn*3*B@a?@pu zsQ>n#d5R$dL{~1}k92@~68(f&@(_I0F1gj2!UZ*9Sj!~9P?V?NgFUKtf|#p;C?h`X z6R!E6v#wP10HKBTXIQ%pXeo>i@(*6hwn+H0OSNn$m;${sy-6IIyzcza2vb0wkJevP zYCe0|6Y_t=gj6_?mpXD~BW6*rY~ELxcgYy~bz+6;jySr>r4vp$gYu?Qa90@n^E!pP zMVZN&e=fC^#qic$81yZkDl)fG9?~UKFodONsw3w{!=f>8g<14y?jHG3H=fRajg?lv z%ROw_DJsa@l7V33e zR4T`lDG0x5eb@+2#?!DQC=r)mQ=+fm`)qywdAaT^qY8-yM5~02YZzgn+hmvZfs^yI z{}^(Vl$wu;m;i1!W$HRZuo3AKne^30yqNqW2AC_i;qqrMjP{zVhp`s z<|cKq??dsI&J0svvQMrAtsoLyzwg$f}%{P?jOMd z9TdL-vu1Oui%4Nc=$0DGlf74_ zwya#Zb<<;ek&f4@kZIODz=N2MnH!^Uw67GfC=y1=O|7-c^PN`P@8HCQXb_+BK=%L% zfyiaGr3WAARA}1;NN#dT;k&w*0Fzr%hXx;0`^3-pf&Y+n|n3@-{Fx zfMx&Eoxg@BSB)sNQdeoY5kx$=cQC|6tRFNF0)?qQmyupX!%r!*Nq;IMvJ=HhUs7FR_r^N zIXj)hb{e%(rx!g?6J{hPdRcao|AmI0X)ImSeP#dGovHuUm|@)3tdUl zz0F{j9;!ZW!Q@PO>Z~XyR!6Gc;*VVt+%q0$-u^DY11gG%B_3%PyE0ze3eP0R43WJlJA3w z{#II31E!ty`_8o;f1P)L^sDT`t-rDh_(+8f_5d#Uur=u}=#7$>tIZZA7^`F=GT?)h zvwL%{nBBWy*+?*!_|tZ}>?0`E450hF5enZzM!+TKy(wmjrb{`|?dq2p&_|_vOi5r^!yA>h$(}(+tp(T3y@) z0$k&HM$2sL5vm%WC6bL+AqMO$|3-95#Y|>+IRfX3^~mHUXa%xftRA&V2!v|k@6cK%UAKXP;=-q+`Qi)yq2tPzURcljh}&s%nCL1ssY(*(VSBQriBCn=C)nr zJ$`54<_d7r` zd{-!sN6_k7{70oO_^Loz<*LO6{DVq2V!iDW_jm)tU3ey!{utjb(FZMR5te}2zh|3d zRbH>%3$8VPz19J7tH=#DC$XZ+h_sqvszjAC0s@z%S+nY|-ed?-o3niO^kMmT9PrM81typCR{|Lj%0@640abJvAQKk$s<3z%J5HyK%_21M9Jyxt z<~cyK@XfaF(`u(&)1M_<`((xYhn(Y=!TV#sk$c-WA0MJCr@9RMO0}J;h31S2{w|d? zS?#MBMti0NT!t>aI0 zr`1IAZ!XhLINEMVy(4H(&8J48fcju_W}9ykZ>E$P}6`d~?oF(0{JVyjCK$Vrx$m82|N5`Y;n!E_)Nk^U+i*;^pj?6J$fyFf~H1b<<*5+b7BHa^!!M z$-fa;JzQr^9j+U&*UiH_c^1eQYNq*QO$4l8+@-T@e?hNGHm6J<)HpR{&Uw1t&n~Ok z{EzX(0BbQMbF10#cfXVaouLr0OU4VaYgg3M8{6S=wrVq5JAnT`s=hiZtF8N55hRt8 zGU$+&5NQykySq!eOG=RL?h*;^@B914U>N^AoM)fC*IsL`Ip^A* z_=+r;_dzz}BLkk@xi(wIX2hX(y^y|UGu)xo7JR18>f;Zb4mx2<7S|H^=jS?X4)W9+ z9E;4(mXq~m=0dJGEhyEKRe$NKfIOz${hXrrp10NI2m?e65rD0^>cU|&^`KZG7lcB| zpsxLfdbN3KjV-&_6g3#*dP`H|I?E&Bxy@CRuB?#aaMa6z*hPv4s#hkJQIP_HwaZ)8 z=F#Z$p|O~nd!(;AE8>)zamh{J-C?nfv-~}g9#Gcad|l{pACzMeqbcPC2iUi0C^Z|L zVh2SsgP*)$iI$V%dP^rkm9-d#oLY7tC$D%G!l7up`8zNN&h-s=ul zI38XrM#|JLRZ^86Dv0dy$;*1dF+{p3e-75I#fxbW1Hgx=m+VC^)4Vw|N( z^eK%Jhs||<<$QN#xn+1Z$@AX!JxxM_Vs$h&!xw*lOEt8#YIBPBx)(wvSipgx0Hg+o zA!DU|g@8CkGL+-=#;37mWXwp)*u$+cs4-xXbKGfqCI}#nyX-6~wgAAk8xxR8EUN1DlVzzFliU-|s;mW3mXx4zQI)JgU z(}gkfRz)^zMYAZEgPHj-S!=y_A(ub%VxQb*+V5R2s%eu{n}u@H{YIdKZn5av=rMHY z7Q=X0L0!-o`6pL6g4hP!HEm`ZF%6rRz?3ITq~Gwc50SpBq3LLK%CI)9%~mqU%qLoY@+XnC&92`~Yp?4E#55~^Z{7#tXRzRHKl9Eva|5rNa20Sv@i?7I zNb4LR!jR37NCHO##brBN`p|nDvEFF|i)LrW;~JwZ=Sp(fif~by%R7@Nw%0Q_{8={> zr#6Q*1B{FH;|9Z39vF>cW8C+;{LJD!sKXllid6T{(9+QYFj5t~i5*{o52?8A{Cod%=6T2U1_ zV-P(xn0E>Kcfp<-JmjgOkO6(QL-N)fl^C-$c*11@0A`V~ZjQ^Ol}7(}$9|TDe7-s&CNMsuqoEU0QF3 zT=i}7-W;G@XkVaA*4hfy2~7S2exM7dfe-&L5zQoAa8tsNsE^E3jS030R9!ub%TLmv zCpb-_{>lC{hUKa%Qn&7$)OaWMgmF7xDQmeVbjY~xfbnuGqD-fE9uLdl>Tlfo0QL_n#9__1}LmauporJtW#H_6NsZDdYMZWD_?&(JD1K=DOZaXUr%Xuiq!6 zve4>MI;#}Qfz^G+4DwAtc8lAar9*3?n#@#hHhJWnK1(uCyt>GOD*V&!`NGf=A3^a% zjVQkA`S*(Fv!a*cf5?X8B%{nZstn5?_ul9DfTIoiWxJJ?5Jg-1GXiPgUJtMoiit#T z(Y2;lpjP9j<61*X7(L_1o7;H1p`70sO(i>n)#$$U81G^ScjH))VuQ7=v7yc>zF_uP zi6*a-@%}i9NPuO{Y;qlQf>xx34(4J9Y~$5}@&VBu1nqjOb*KD_qW+-$FtKH-C+&^tqqVEm5*|HzY20My9Tl;=mdV6X?oMhfmh;g;Q`_?Q8|V-^sLn+( zmG^O=LVj8Wl44vJ&o!E?jbPrkRzi?hGU)MkB;L(*W z#?pn>R9GI$#y4Y19quc88{u@oqIAyF5V0@p0qmxgj3By5@JL;t3WIBcyu`q>XyH4r zpyRQa#RFLpg`X1j&9EpoHCfKfAqjFj7oluN52=A%k63xi+G=FC2L4J`TP51?)?wf8 zT4I>BZm0c+vuX30TH!kY1Ot^N8AtJAJX5jhpP3Fo2oG&t-m*HbGtf?0h-Nj zNMQ){66o6i4uD+OgxouAzFa1bn2}4R?R)iYacEhXI+VXuUF33@pR4JfW%U*pYy}?^syK2r@JWw^)3@CfoE#tTSNbuu(mxgcM$j@5!r}_*kQeV_Q@LCW%k8_P+yMO) zh;~q*ARUa)HRYBqkwgx@G!`=z}e#ZW1%0MS`A07e9XKmI>ytHcdIw4Osg3r zgHfAVZ=WZrdg>sYc5e#Uv>pd#P40Kt-1OzIZjEZKsi_s}-Y>T#bd2R}9PYKvgsq5e zYV|gNo8JX!z>y2jY{nb1w3C zqduWFc8O4CK0YXW(%dzRyc@Shk|=T)kkbp#(@4+Zuq*6ssP^JMD7gS@!5(~cmB;@a zG7SGX2e?9{{L#I}YQgWKi}K}$65!6sxxO@2l><~~L6HPTgG}%@!xq=`Kwk&FJy$%}6UMrOq$4MhCoV~1WxE?hfT0B`^ZDZ){{a!58HLo_-S#YEH zPtJo6lDGhP1?u7ZyO$7lDNBPAK^2RRC}Lo$+L9h93kz+(YXK~k^YYI(3%IMTqWS?J z`q1_)h-o{UNDDB*2$0II)OD4S_4MMMz;{)o?)7BK%|$f%9Y>0`_tx7~@6M3Rd8E=c zQk=$M|4iy7LB@~P8lxSwPf`3wPyYWu123#@p~it~43thv(=QJ{%SdV5|AB1NMdT+8 z5|1okcV+{O!nyztomff3UO}A7z`7gI=X(I#oEAdwz&`EBR7avz&5W<$N&nX1aQOOS zp#pU!P%uukuE*Qvcj22{}ig&*!y(F}OhZm!E%L5(HpEKD&nvF&bR6ya z)O&f&NDs1bA)R#3^HwZFb%A3T5Ze0ha{>;n<+#wV)8Z$mZ%P0eOTqI zecg{hI-YH_H&d^_p(S>hp`!SYl;{Zv;6n=~1oy9TgzQ(Xt+2tbwnZ$^ zXlQ}wSc8oLU^#2QsIqeFB!1^D5EHSb4Cyv+h4=V%YZUIqIJ>R)%9#_ykt>8n5P$r1 zd^gW>Lm5WorsUPZ2LI#n>@|)wu^vKvW;h@G~V*wqjL;$0WvF*hHk<1T6Z2&jMg4CVj zFzxP|;z{RBQD%U>cr*f&aq(=~eK4Y$kS>c0k8 zzdUsH8ySGBe~7aE?_Dni61N$q3XJ;=EyDj`NA&LY#wWaCQUq{%o)*p?6{(a9LdFHv z{wsi(Y5;KkD4?|A@Pre(0+&MliGuRSAyY-GImqJ?4*nWkWP(Tn(>CCL_2E4cDRr%U zG2T3(l0eskG3M7TLiH7U|!f=pi+JS)oY2?$^b<~704PM^*ciK1~FsGw32jL{MFZljdT zt_dIfJ(UXt1b|8~LjwE~Vu7+rpog&Fpg^U3WyW?8isR2==t%5NgTN8SbsB%X zJ3C!CymWLR@!&JS4yTRn(A;g3N1hcx#p5yJAO~itTGA}3pW;N;&V|kmW3Bz}t06mm zIXp(^@V*P@Dw8N??6P~q2VOepmJ|Ez015vD2`3RsxO;$(wX8scp-^AK=Z$MI@aOf?|_b-{e3pjIP*DYg23DJill_EK(1XjMqm3& z>!JHz0^{P!!O#tlMwV--hfirgM^#UoK~&cCG*{+Hm)>f(PgrkWvqy+MW&tPkBo81! zyhWgj?!K_h07pdUK|RGh)^Og3sGvd1qRx9RboCZp!PXpmWp`21C z(M6lrsw0&G*tZ9{>ics7ppLps81GW@aK#HUDMW#u3BhyXkGCF*X_O>_`IS)0S>Mdt z4*fz_X!C&r=c5u(fH}WwnXPmj$3_-@ipSVS{CS5Dqng%L0f+)a{V%Y82mo6V;zZ~g zXZ47K{1#1R>mAI;v0t760i6KO9BwNHQ^|5D#{f_kt=n&oh-d;821R@o=$RGnVHAhH zRA`LYug&YOWW4TGTCFVBifZ?8Tje95pWY9eXViD_2#Ek>U47%ucBctz2*74bbu8>MSN zz_WX#pZt?{mCF+tb`B%H0mnQESYAloU!{OSkL(hRiiF5SKW38fM#n4JZb&3T5aR}U z(Ewb`L+S4yQM5s3DkftE8yUWfBWXCsKS3padv$Ply|k`BkXKuVMd4w_ZpTH z=(p-)0tR9B(G8ka(QPE+a2)e;_F!HrwD_|vPUF+5=EXm1V`g;ab~@woVu+Llna}mN z!tM{03}VR}qUYFsem_9?G!%FQ{}g4fYR3$t#ZezWojFP*z4Ic*w^hq>xq@vpJ%+-(OcZ+j z*9boXH#FrIB`dk_5j7j(7NN&KtvL!bS}*X0%po=aBDU8<9bZsVcw7L{BBUC&Ih%Fl zC@rwS1XYg&IGbkywoYb7Ow$sTa%XVF{su`lOy-V&FFLa@i?dhmwwmLZ44~ zery%RE0VFi>sV?JB6+&^krs^xSOL(5aUS}&5wqhU3p5?}P?v$W6wYLbWd$jM5JDoz zMgr};^**XS1!`e7U@J1~p1fOcx3QEF1SQ9k{;eLA^sv~^r3=lT)Mg%FG1l+B#G5p( zd8q{wG=&wd{(;9KWlV?Dr9&Gbl0()b)`vYyI%N*SiNYR`cd4frgj0Ii78d5*r$#8y zR&F1F&0P>MI5X&mOUL`!|VOE|JOe8g06Mj-kMI%*X0r-ZD|-Y` zf4ZU+B7F@3nZjlT69PSO^G-v4{MpK@qG}oVGn+AtE3uyz>G_q<4Z@m{a@9%0hVgFwX_}y_!qT z;l?`vf;b$$@CBo;kBA#_-UNW;xO`@s{>hKw*YcMPe)r&xdzxkmyA$?o^3(V1(a1l+Q=rVb3gg-(nJ!!5imYn^+%cE}LTkxssm%wAUf_jFeVETtw zhB#>lN8#-{D&En_Yv+snxYchw++!!>%&xd)0lwUH8V#9=q4v?OCxfvLmD6I~8CgrS zFRAAdNMCw-p*^9IdQ08rw(jY)Tf1Ht9?$xcF-QpZxuLJW;SczANm#5?lD7RrS0EXj z{c-|+vt2pQ)o#7zkJ&e4g!h*NBc^uCOX{Oc{WY}Ss&A_;VX#^;fmqZ?rsL;rnX_bZ z>ck*!r46^BQ5Jx<&#hHo)9>hg?sftnv<^}lJV>FRBk=Ru5=aD~D!--*lB)v>#j5vr zWcr3*Y^z5DWOcY3K*WzTx6ZnDR75TVKlQwaUahKN8Yjp@6o;CmbL3;e@796nZ&UVA|{alpNs4HIsF43(vMVmxD@ z>b_Qm(l>O30`=OVLLV>wMk$o-Ql!^18Q$ruE%IAgahf)mj^{`xyR&N9QfYJ`LM9%) zLquk73Rd?8t!vAxn&S}*8}M2w=nfQb`@bO@ptPiKo;Bk-`Aak9pF6bOE(%!^)z`-tgr#Ap8i8L{pp^k zDl*tPtiKSVu!(? z404@JN?@^q!hCI$4x`X=m2y^YqC4Y~aMp17r^f9TR^vs-t6{VOccs3jxPlAr8iTQr z)~|yEFS~Bon--2fyYEJ67k5&@@{^}vxz@NUrmJSfj~c__d43>y7xWtj335tztYjZs{+IpI8H>9;k2_oQasVl6EQ2u;?4cu5(DT2 zn>bX5#TOBG&nWpq8y&1(%Pf3bU&*zo2esGR8WKPycIIfcz;g3XBnsk z{@5!mk5ExY_DH`ZPfqvKgiXx}_KZ25cqRrL6r=V2XD#~_7C2lC^TKa|Ux z{CX?p1(n~UV*p>}y^%|1;lEMv0%jI)o0v;;#wMbxhv41MSp9tB$zIA4$#nrpUPRt6wA_F=)A~K+E9TFiho9$OR8b4PI-O;E zu1@%?q{~xMQLx8x{SWc1Ks>5PC!X#;wx1ZmZm0PASB&$~@#E5-`+^oM zjs6GTN;1zPa|~!agmKw-U$XB2-PR}Yf^6QBFXC}znerG{nJy7N`U&9T&5npViJVY2fvOxR@`Y+g)vS+`>% zjLpUJkwTD{>0C48_Y3(G4L)RYU8hq4lpu>!Y zJ=cnail*j|nn^@>2a1>vHV#AZTX|)QRghas={aC&C`x+d!+l{oIwaR_umrY!cGW8n zA~;R&JVqG%T7m80&X}0oLmJsv5gpIpSK zm!zDh7yJgl)6y{C&|qBFxOSJ>@D(l_NZ+&$HJw_^W?KDrde_qexSDB}hSHVoAFKKUVy+Zv9uWMJNd4bI)9Q5qI@T*ZHpM+R}Be(Bq1BCCbw zGUMTFVcP?H9o|9MWE|}4_uja$SgvaFKZzi34op=vB*@-w{cP!IZ7u0d?_!-XiA*Dc z={8(Un#Zk*Jjsfy^$#zk6K*hE#6kqd8xLbK>1|2qk*N+wl>5T4=y8Qp_VZPf9)S?L z2-M5I*wU2FKXo*nA_sRkqGOiRgx?gx0ahY1AetS-PWKLJ_jVnIu88 z)$#GeliVjY)TslW42{?ZOz*x1y^RbA+6pZv{)*}RTJ@eh38G54KP-YyUmZ0~pa0my z&SM}YXCVIgJU07PE;3So-EL zOYe99Mh6HAV1_uYJvEk>*6EK0zK}h@8FQryhemmU{Kcpix$7tOs@~Yw6thovh%jBm zV>h_wV#+s9;u?b#?Ci~FYc&ju;%Oh{Jc%?cejCHFK10V-sDT~lpbSwO^wW6z>{B=M zmxyD(Go_axS!iZL^E~{BndCoEEk5ii2>H*&GC=sVy|RCFK+6x^&X0`OFhMk3{*zc+ z<(YB*6&FBz&Bn9^6^@0AKe#Js5grxDb+A)?G-AFk`S>~MIIw$+8`~nZDv~$JYvHZ+ z(gzB=k8d6-tpP2Q`t%^6hMgtd5*1i+BkNrH2*CqZU2(%(diXY=XX zXfvY8Zfr^y1fmb#-{naIF=8qLPcLuOqOk=;f$vjc*`y*aI& za)q>s&U~SX>@R9FR{2k_4W(%QSbp)qH=`A+sGwWjE6dZA5e-1_Z>c3glkG)vuaa*U z09+TW2^o>l>1F;1RF7+&$=?zFpAn!R-Wtpnj?WdX20hnGE#Y>}Gz-?Yr)3r?*2qWe zgN}5AP!6S#E8AYHhJLp=YGM7tp)Jq}@#8iCy5As)FGXT0@acFSM6ORj(tlmccxo@N z_L}GykaZ;oi_Q<&9AW3lewaWcig;Tvn)%t=Z5NqQlaNmI&Lc6IvKzv`3!d zRMeV@d}r_5chRt%qvXz8P9@gj^P(>K>Dcxp^aAd`U@{LZ7#y^;BwZq$-sO~gnUWtT z^#IlPC7Vr+GWs2ESdEcsV=*v;D#lgGVc?! zHiL}9OY@GyT%K1Nl;G-wya%p8yU#G6<;1s%MVUcDgcM5Wl3HK=M`Sp)^ua70wBRrSIGnc~`#!vGYb*7&7oA@S65wOM0+bR@;9D(^ zuJ!c;S0tGwi^n(^XQV#*-Qn%3(I&>rY90pVQv+2l)N|&}Osfw3H?I!DXlE``W|_YE zDco(FZ1J2~t5x4sz{EeZl}RHegt@|}{M_rX`&YZ8;dj`4G=)8D%OkjIt2ObpvOnI=XTW}UmYRX}wb5&!f?c&u7_51$ z#8|)zkBV<6s``3nA|na86F9`0jv|efw1&)=`@F)QEU$d5oSWSKsDJ#nw)L_5S;Oc{ zm7nZVjkDP13476{ypOoRqasjxhEr0z)|@w0%E;mR+I5uLttr4dSW`1kmgw-)(AtaM zzbRf=S$xld6prbx2$Dk3FpeOXViAui`VDM7=C56fl=lG(^@%mOmwcWR zpihz6spU;o)E z?hxpC=U7FY#-o_fs#aJf{F><|y;iu+h&*-b&oPtfY(M>N&tE9%nHW1@YcF*Aa^8}l z=zQXNu<6JCPL@)7#jsL6iaW9QDc-}f3F zJm~l2g&}a%wSIVbi+EQ*=iyc*q~3rKFNEHjvIE&p9Q|10moaK!C@JCuY~BGI@5uI> zMWi+4*qB!w4y-tD0*!SI4x0Cjm+QMPcKC0cWX6ID<=O{W8gImtW^5v7mGdADpF;d_TOrmqs~dUJU)C0ujJ)`> z|L#H9^Jqu9wQmdpe~%a&f;I!u*rQc1pJw{D%5%@18foj)8Vp7YqS7pcY&22}BVcuC zPiIik8I+;()7JqQz2GTqE|Wa_@j*wW$}FMMa(=EhV==YLbexWa9M16&BvZAj=73Hv zN67yi(YEWOFO0A0i`@9Vn&qeO97VCDzelr%{*E%INaDF}_c#EqnJ{r9H zMFO{2i{`3(@!rc(eV|>PIs5P1Bc*t_q$W+Q{0EZ)GHQK+Xyp1{W&(_(qwd0uYq^Bn zr6@68zrQ`>U?2lS;p{9_ArLz#q;-{sJCat7rMk51B{a7U>|jv@flL`z={zf$BcCan z=Ig^CxsLB!OUR-sz_v{zm};`$-})=6Ngt`7Jf-xgra5aDw*C2lX6>2)wTI4ROUVn= z8w+~co3v4UgjU3;QZ(I%EF{A>KizV7l5};<8gZ}iD(PosHM-f zHCdh`7A8LSX6R*<4@wYvkwG`5fQ^PBs)9?~nxpzhk|cNCCrG2^fFn^$xy^Hs<94{U zKBn)AY08)#;ns90$Kkp(WA=xf0yBgR<}0byj8#H&Iebg`H%b=;d<*p1q89_XvxUbCs5kT95@oS8S8E?NC)cG%JF zurNY&wKXD=)MOCbKf&Hh<*qenL2H|DPve-cVe`IKKPl}o1_6 z`=*b{$hx0mtG}6HMP{J~+e{%?k`9~@d+^=Qb;h3@35w`2VUT${6Sife?Rf>^7HPrm z%i%sJ>(vUX@s)9>RW50XrBT87L(#Jl-XNaF@ z@TnjE2KWyP%nunqy8%x!x?9pJm=O8QG&b98+ioh=itqLDRL9Cp{***&O7e@WeEY7i z+o}f^G$pOL-k<9~AQ52VYd|)K`r|ZQuL-4GR5}2ae_58cli6?ar(gYoJBzJh{%X3sMHuWIVoZeG zGMiBaB{=T3eV&tLA!5`7=3<1)X+TieN?zdmH;()B>cfmsI0JiM^~&=uqgxjr1vmp= zZ8t4xTw&B1fCSu0XA1E=;Gyh!9PYLaRK>OjtZl1=CtKr=WJs=JPeq?#PHf<`w##B}Q z@_T$rDD`S0ty96Bh;knFB&7_&TV938KEslcJcaPRWj7J*)Wt*l71J=WeQldQF};6t zSW#l$(-H=~jtMYx#mJ187-U|ytru-MkTcrUbZaBZA_praY+NybMBsZc!yn_d2en+5 z>UGwk=tk4D)RRoy&^pnPKH*iN)Tpytcr%`X5^>8)PE^V}-{h8(q$X~@^odigV|%Qw zPlDwlyV(3vVz|(@cAC~PTYdKs6FtXlx9Y;7^PNV)TF&Ush0i1NBTotI9o3x=grgW> z3Lr7;P?9gH2rpt|AB@qn;E>tb1(l|4Nc_Z!lB>!lFIy`wsol^jR2yWh4^8Ej2wS*OI|$}l1s1^Yzr zoc0$!YyAPE4vZio0rhV51me~BQEO|cAAvk@Js(s94W{eiPtX2Iw;!SllRkWg!)PAK z43GRc=p1mF>h`pd-Yf~cM?ql71NM`WD<4H%E+Ch9(--!-6ANuf-i!|W3-67riCEyp zkk3v)(}10NNQl5qAM%`?BVx@EPiFlMW;DR9yPpCte!;{yZeJ%LQdvZ3=b6A7ib{cV zcPvZO$%mv_huB%U()`ulUVwu98KjGOuHwt1WMJnNBGtDS7U9C2$f({3J{7! zV_5DC+r`;o__~x9V%Vw;hD!t=cf!tJc@dWbjp#bdI)PXp$x(q~iErbqlRxdBlCIRk zw=JTpG}wP^c3MwZtPYM8kB*)@tdB@mS@pUWy9ci`k)wOc3lfUxDth7R$dd6-K+wBR z;9J@40KEhINnraM(RjWTwENR*;EfU(qT8ZkuG@=8z)8S`^Y80oy+e==TK$R2WB2|9 zFktN-_{+62eNo0b1*BPB@(6m+5zXJV73_wWgH_dUvF0 z^yFlJlO6>z8I^%rq^MxODbnqmR2ny(n*SZQ7MOQvf%E0~i>ojiE{?*Yb|*|ZQ>%sk zb7&gMD<1b5d(YYg)C9oWz0}y0`S;oc@lX7-Dx;HWNp_2ke3hAsBkdL{%sw!W(}fK3 z4EhsCRTKe^u?llon!dnY<+!K0&f=So`~Fg&f{a5&wl_e|V{*HnY3GXp!NkaX&eURa z1MGv>w3^cHs`Rg$d)i|P=<-_-}|Q=D8`(_O`tVd!3hnV=49as{;R7>we% zHNg?0Z?u|RcON|*rdm@{@93KIB=}ChqS{HtkAkwM`rlOvsOjD;4O>XY8=-L z<~S&on**+@18^j+EmEnMc6n^D0_dut%r9T$m=#1W#aDFJ+O9i1y#8$<6=bJ_pm|+m zn;W8hP#U7iF;(S)*Y29-QxvpTGcpxpvQA0oII-&7Z=Xyok+Lu zdtbWfr&=Y63z(v(!BBR7(HKe0!0lyx3YrS#kk>1<_{i-6Lskb;&miz^#O*S~NMjgL z{CA}nu8CSyNoyKlOp#~mtzP`}NePknW@l2?u{!#}(T20x5MlS38!+N_)qeo#r9Pm2 zSgZWJ-nuyzIXS;dOEMeTlsP@<2{UWI)sjLzvfNx&Pq0-k&lp!5N7B%6i?cHxrWj=& zv1G&yFT;ReQ0D1U2}OJ+M@jx0P#j=sC}iq+jaw7>lFmghk8|#9;ixHPuF{{Zsg^~h zkAyQoy*f#mz$wMzzm*q+Z^S>?dT!Dio;O*YUh+H8YpBLrFOKtdjT;#K`~b1eG=7J6N_rL8+zdo8M5rL ztjg$Yn#mqFQcAa4uY82@PWe<^MCl!Q>Dkw#|qpTj4h+gYztIy);RSH}VZN4YR7Jid)jB*wpdg zr1|`Y?TN!zV3!IDwCUVHI=2n=16Am+@nXT$X{dzAq|ZF0eR$MrsL-q-%Z=e0wgfeJ z;&AZAPD5_rt-_sQxX?g`U_k8hZ}rlLQZJIenti#b#XEfh<^^t9z8 z)SPUwI#}W%<#>P)i%B&K=5zGJMUpAxHF<}>&jmH#IqncDhS-;VPySX>hxeray#Qh~ z9GC*P?^}Y4LV<#1c%lVJrUWb>+)NQRf_mfV_tbyq_F_cEA?hvh`Ns7mv)RtDn*gTE zz^5;a%+vYC%hUqa30mq?W;`{c9YuJ0Kb4+Vr=8Iqsh>9H--ejh656tu+8FEA=U;0m z-jzL$CDQ1qvCCyyk8inHc#Lgi;M2}6@ah89C)^@FkplLsPrWoJ1`~CA3R(eojURde z{a>gHLc40v2xAzGLqyj2*NVa6o3JYOUjZ;4e$C50Oh#XsD7YXI@gH?aTZmhfOYS!{ zGw=kizuKGoQaHxpHahLxbVCW)tS6c#-;B;_oi_DPad+ObZ?vP|y%>)qa%0brD6X@o zo1avTsrzkXcsuxtjzMp8DwD{H`!)5oajJsqyx>)9TU z6Eda;x`w3bC#`&7u25$AT>bOE$u|Ii9>6N|r++7eU0g21+RpW4WYX_K%U7>0v&FG} z;whf?=3g%Wz4Ny=E5dQne?W1H`kJb3HqtzJJG*9tB1XSAepWTk*i>%H-JEGk{ODPf zWGsgq-Mg7?56Q`y9pvp$%X(#yw@n-&rAH5b2#q4)Ke;WZ!+>-2W)|A zAl6X3I^EF-)E|4@){0gT=AvxVv)R}@)uqK#3Sh4%@E$x|$IW!QaAm8NitTDsDOhzA z3UEc_PYKy_vP*TrA}T8mN>vyEa&8NY>Pij zs?V`Z%@T%;LZ!w{l3-y6Tnym)n}PZBDL_Bi%GUwsJH?m@QJKOt4t>spb4lTxcaewN zUe~L?rkfq_3He`Kh1hBitz|SH^mS}gkjXahXOP}5?yG|l&~Ain9qD~&HBud; zyR-H658Uq>?))?OvKfb{dBE7G+eKI&d>-dML$gFf{@5o6L$3x)zEOn1FR2dYi0LV< zHumhkcJ!;HoE@_<3Q=JY+lRH&Nk&LU?GY_tpw1lTmwEr`_)i4YGpt>ozL(H&uhs6T z&WYTX_K?qP|MxN`^8{P97Iy)V#%t|`0j;M%zdMpnkqj8tuJDd%Og4Ko_cj66tzujV zN?7=JMyNOO06pggQg<>@&|7NfFA^V_x(zE+jL#IeO)kok6-94PS=?}T)OBYKXSUia z<;!nv37`zrTUYsn2*wD_Uq+?%lGhj6o3I%2*W!|*ZT6QtDEI77v(Jy>CysVurXO>Hi;2`4BXhafkBLQDnZT4+1B`AM;L)6G&76Z z?$u1}6Q#1`STI<@$`Z9wU8BVJi3MjH_DsXC`_yuU1{+s*r}YWTe*JpkTG#V2XHg2Z z8iUkngs05EFhM5oi5n9GxShC7aR`<22!c}PkcY!MrYPsr+FxY<3y$H@u)B3zbnCy- z)sIU7%ujcKda~&HKKFfuGvMZ^JG{ALHI8)LnKF3Rbm~)v0jkc%AWtGa6Ng>7pu2vPl?NSFy~dio(Oc$^@8F0TUR(jQzHc405Lt!coF zJKN4{U~aGlnl82c%El#m(!7!BH!I;YDz?)*SRB*Gr{!ig`Q2kx@}|A1w|0D=^>QR9 zM*8Pfr@MEy6C*0ke+`YBjW4EjGth=ah$6OqFF-r@+3(Z>??c}C3Ru9{jT+Um^%c9E z?MlR)Qa&*STF5}lA%A8{$k1Nb?x%~4$Tyg~(k=DE4a$8(m zO@FIxUf3Ug4}8e2S5<3mvVx3=LKup4Y8>E@Uvxtw%zMe#sHvYd2wvmjrbg`?SB`6z zgTZz+_D@a@zu#e)^?%iPon_-m9g;Sua5eE~UT|_>;ivg()2M}ih@VGwT(_U>6hvS5tP?_d0!6^p^k`RCpVbXa8PLEU zfBK4jVy4zsBa-ye@^?nNiX}JQiMsCA%8+{8B>yOWX;DnwB*+EL{~V&4&4FBSDXn=Y z3=@85SW9SfqH?*w!IOO~i_geZrYy@~(CNLI#^y{jtc}5d0nhF=fTWX+)`}OnxX9ct zheKtjpITPGpKrb(pdV~Fu`XY{Yn1#tsB8D=sNZ+xidzjmd3JGXVx_ZbYvC z0)Mg?OpOm1D9~H$8WC~QbhTR!ls1!~L%m!;*B5e0{hHxy#x^X8>fzUUIR9?pTi z!G+}o%j4B5g@YzjcTFzcRj+2At2wf-qjx0|<#TD?AofO+eaY$#?-()?ejzRYAbLQ| zVIkDHv;RuzY)Eyi%B=p`Af2EAS^Io~#XrrE`#)vhJXCK42O0D>0A-@burFQ*B1+bi zc}DWJ#I%$2X%1AXp|@45LLW+-hJ{!PS;oL zWPGf#qUkNwOp9d7A2cP7%D{B{IUu%lg~t%u>L*5tf+`9 zJu$uQsPLW15H2xRq+tpU!m-1+)D>*R`)y#i#IV`fcswLlWw#-l4+ika_#Y;k76rt- zbo;u^Y&zCQ$;(WBfri&zvK>ywQYy=BDd18%M_pC2?0718qf~g~0g}@CCK|HCMf7u=b;Fdq z@zF8Q&SH&!{C61EIUa6SpuA-LMTx^51U0T(Okqwffm5YXzy;{nXk7O|qo&^logM%f zpyH<=Dn}fn7Ud6nl>C9d1g4Pa-jP`nbY9)nNMxj`8wHo?hNsA8>PHM?6aM1y1E>7o%dWje+T}bkF)zP{%Sqi)S?GVMXruM#M~3!)2gt8(dJ0Rql>u zsGn6{BTsT2mQNZpOq^BOb?8mmIKD{^KJQ$!(9(8voo*L%Q~#N&_U0E0!9@H7kzD)9 z23LO1jlw4(Qw?iHtYT#&lhV9>UmtZ9qDKM%h1-b`!WS9iK@d+1?i~cEaFo5-|FRuW zuO&X1Y}#!&l8oy(2L*J=ThlREB-c*R>C)?bp3sgka)ybzh#`m<1QH$&9|XrTFe|h^ zy6ZI$prt)+t7;nq4YsTUn4hLNO&z`(JTvzoKKRMQ$mYXN8O#9& zyaG|Vmd(?`fBQn5<0Acw5}3x;3uJpHcJX!NZ3g)xjv12AC)c9es2n9JerCM zDtqlv?)@s#STU1*O%G5;N5wb-_j97EB22rY<8}jc-V`JA2%Pal&7ZA`v|0*cLefEJ zmJk)=wCt>KF8%C>f=M-65-u7fB+oC2FdHdX8eZNw1F7edibnjEM zHrnhT>Eo*M|F2NsRYuc(;%#pLYOA7-o^N5?&$k*T{y;No3IM$#7MN^}$3Af5RD=e% zQA?+{;EgX^2-f~tV;raX$vBuF!|3{S+OmFWzIxU{EqxZ4m!)vvib~ln84-}U*~lXAiua4o zX)miuRj8O7O>$w?t2WW#aNv|SH<~F2IntE^(9+(T_GX>SV(YY6WRucI;;uEJRq|%X z-~qLCZxQ`(8nZQ=yZ~VpL@bdLl7G`|LKsT_2V-%-O>1nb%G{JpG}?*@jO+4|NMRp^ z1a8zyMd}rfUsmA`iUX=-FkUuXMsA)uEE84z3Nm#r8snvo$#>F@u7n?-ZfPG>>mM{x zj-#xe{y}@xpf8mJvo5z4H9UqzPwAyp$Xz+25OAp}q7oqb;r{?F3!H?!U%P=T*d$=W zVbx3nrrvxg0ne`2&Lj9QsoS&l<4u>F)JlWx^wM~C>?*0)_1`nO6puu3#u=~czACOq zs%oOQ4U0`d*`E$IPt`x!-}rQmmeBO?sDMHBSekdSpWl}h&DaW{nmQTJ${Q;@42X__ zz1I1I@o(q=FJl81s5Z8B<%*gvO&qBKLAL_*zg~z61E@Nqk*h2innz5@>K-g+_axW# zu9HASjbJr{rgrBvFvVQ(DuE?yRNquBFT`LlykBBHUP;hVk<+@-l_ob?^9lMD675#Q%jm09k|Wq1ORud7HVTAPEo!*uFR3 z7|D%_SUdqb!%!G|g;X%O*aeJ^eX_dd36Jj|F#x6y6{uBPC<5X3H#+2YGQ=(^s_q4> zXfyfy3~&r&fO?J8^G0yxYmU~msgBXKvqw=UiL;$~9;*G9{hub>XUmCmvuz|V`y+|+ zvFiU+yqIT8;Ke{qsaBf;o57B|2X~>268) zim{!T9{ATO?}1rU_>4WGeW_g2wb3#csdim}`5JUm*Opq4d?&iR?wRLi)@S)``{#Ya zH>}dj^6GY0Q}vSPMVYSuTiXBE+INRj`Tubv$|%{R?0G~+NV4}Tv&>_YvPZUXj_nwQ zlB{S@B%^f9kQGHnHW?MNsVM7t-``dJuIHcUx}N@Wxf~t$x$n>C^Lo8sW2C?O*2{}lasQ&)Sj7{ZiUyk4g&#ja z$${+ix>^DkAE$xg(Pses2#Qnfx7{<==`TLM;8l=$+RfRl+`((``uafyZ92d4%si4d9tUHv|ab_TCW7^W$Vs_oKxGLRi z5t|@Qa~3^$R!9>S(qCl;4ON20aWZH_^IJp_F^#knF1?lrH9Y`kFq0bo%7m+48Rcm= z@%o0xf8Ba#x=AmTpoh2Ok|&j;v9wbcZ@+|~#j$)}Xft(xA*YeFpN8R7iN+75JLLrO zX+1e9Ek0YG**R|K)>-)?(BkvRp-zR;*T?yXF*7lXB6?mK^^TS2p;h99uz<&ln|1Hc zq9=ODKciT3EhwL5OS;^W18K`?(C_#kZaLa{0oKKnAc?{FJ^DtrB7N&VEYFC6bnK`s zXgQsa%5U8jJay-KaI%4!wC|Uz)l&OnCE43cyKQ)@^dUcjb>6M2FrkNSla-C#_Rddd ze!p9sXiV{*dE)^yiMPa^bPEchTC5dHmnX4X@N_Ls+vDRWw~>v5o=PJRInv>7<_$Si zx)vPx*u5y{rP2G~yvMg%#jByli&mF%OIU2V2SeO5kGf0h*h63wd2oQ0Lhww1)Z)Vw zx5XRI$!2>LT|%+U<3gTm%JV_ctCASNYUf*M0J3IQL70Q%$ePr?gix8T?(M+@O4wx# z#DlKjFUmJUBTQ2pUpB2o1zfUdnJtkSb<=<8*x5td^boYEt zJ?!LWZL2GS38?T7#S(Ot>)g9M%r=aSpBc4lI)s;d%kNNC5XA&pot91!3jyJz-@=m@ z$G!#Ys~70yvc*}Wt?sWClkI2lU`q((3kVjR;z-Z3&h$lEG1|v?$zu3sEqrc!pe2Xk z8*Nt}W&ERxfWPj35K%F6oF1ocgehYho!`)Fmey%ssFdsKz<$aDv61l15a`Lqb!BjY zhJ5ykx6gRxQ!FMQ8A@W6SsZbBDrqPJ6O>nFl8Jp)-29ZIFOEM961G!u`}sLzpvYS< zxT>+ptNJ?>Twg7*h9HmU$o#7WKOKL@(qCS3+T(zZInsbm{L#GAF>V)fO3hRD*)5b)uGz#nO+Y!Peu#Ag4j zxcQUa^IyyYf&_921d>1JsNJR^WUa zXjI;&L#x*)e{RV1sVfHiBrmw^(4|&)@j~X$P*x@Tdn_tz?M=rQDBX2UFMyYmD&F15 zm;Jt{dry9p&r!s{WNF)jAM;GObrX*+KK=Vs$u&ufGA_Qo7O^;1)h8hQ*IaSvDL8sa zENALJ37&Yi@#G}&qkDx}vVpx-0k%qIkBEv|fMU2wqB3cCY;$WWg@EUw({KUNEh}a2~3ZxoQE^`g%&U}wT zyWISZ!t+0$B;TB4Sj^Tc+Ln+$ltz=i-A~M zdtlZSN_0L2#S5Glp zQ+?eBH*C$Z6R#~Fb2EF0zm9%v_#l2E^J=Tt4F~@ND)+ehB67cR3a2JKI?`xCd|B&1 zQU<;N%_m&GDv34-7WPYRD_7?5gWxx=@i#y^yFpfxusqKNvj(msRLP7QNi1Tg-xyp_ zF3U-5d-o`R9^l6up1O~YQOnPfH_hWj6vvFSay-T1KW=DEc_O?4NsVD1fqq3~ehOXO zea}rW8_X+{>QiBHI(#35xRXB)e&e=5(}WQ*32!M0B;t66j<^Dk^&PA@rr_g5M<4Qb zSsAXFO%VHG|LWr)c+tTAxOq5H+SE2rAL-vlaGUqwOs**uuL9w@?F!R3T_0Y4@wWDH zR#&YlKC;>-p*e~SzSTG$OEx9T%ZuRLuY}$wetn5vk0Om|OGGd4=j3J}V0Wx2F;t3u~pD=PCt$YgsTGaaLh^M_EmWmXP z4g$v^qa^R#mfE$D{*MLfq}5I4%Dy_*fsIdZWQ`*%VO8Z|v6;QNQ`c2_+zw~h)>KT% z*~cpjnn~_E>;?|tTfPigM&d+yv2Klvss!o(X$6pxqb!;J%gFf6`*=sztx=DcRpEYy zjECB4B4-yRi}YzVOUtp*3r_wvh7efjC2V&4OZ$yFza?`MQc_;bqO~Smn(W@y9u4-Y z!95Y|gVNic6H+TTP9{9_G&R?khh)jhw|KyCFCY|G<^c*aoEcoBUlm7Q-wuNIV0Ega z@?J2@e+FR@nr3Tx3%||Co6-m_POTOGB|aa(^h?~x3L~Z|F5ZgofWSYX|9 zO`os*wS31aGEo=m=V8~lr4`6{OwAfwz92{#R%C05j|ayv84s#~jZuVX zu*`VUSrTyV<{c&)YkjolNtTP!WX6|wDrNIyRq2z|{AHbM=B&gkfB%S(-|&e>^LqIy zr!JQCsv?gM^?vgY($6j&n*XRz6{16WWmaFJ{n%#;cU!usucKRS-%!7R*59kJ0U1yG z5k%Qp!fr^O%Ey#0dg}D`>f5ux%ZX#}Lcyv%M9=t?38GMlMxb#SZ%<-zuC#tjx@ebd z{p{n52OUw5pYwis9{O_c-UsV`zdf&C1mEANHIv8rimZ+$#O5m!_aCyb)s#a+HAchp ztb0c=TlG-L{t+F6c=ZE4j9(;E!98|uzAEHw-DAlJLfiCT#K2#`0l8LHn5fw&myQ3}Bw@pd3s1Y* z|JD7A)gQ|$F9t%SMC7UeML2>OI z0ZlV4wytApzmOjMUYc`A%)Pp|U}+Zp@BZi!wBB+Irj5ugYA1Q7h}<$jU>YF{rk@ad9g-} zsCCP3BnZ}jaTwkzjDI5zBX7ve-AbzdM#$IR~$Z{VU6mM1c2SuE~7| zx70Aa)a~<|48;B!46OPS{XFFbrmK+xn9NMXYS z`W*e(Rj?(L4BJdWkNUqt@G0f+x829x@r{?dbKC$0V@LagLEHQUykp-%o>qM)X6n?S z{u{viDAeQR3n~N^Uw}GYbSAWAC5=KV#1QB8C|KG4g05vuazW1!4WD~~g1o(|iOJ>m z>zv=e_UW}1Wb(Ll>K=`!*syI(em@P^#g|+o81NNmk-BorckUhMHgIr@5ai%}?PFK= zsK>I96u|ORNmE^*m519P`#I-3)E$1cc)GHh`N+;MhZQET04HW4y+?PFJbk5()`}FT!&2T!C)(SQq`WTL|;H z+oFvCM5)d^<^Si&rJ^L(PD4!%(1dtQo!A5ML-op2(29-F>dD%|dUH7D3SR(ac`*-D zw(vPO;;o~*03MlcQ87H&>r%5@5wAYS`eMu*H+3S)g@*i~at+eoEFiv^06}aG5PL%@ z6V>jS7+wUsxh!T3oaM@^msK zTgJcoha3#F{lKMb0kfAy=-VXAN}ea%SR?t=nm!poJ6407JkwGUYbm1Q9V_)r$Kgm0 z6wwKrn?8h5D%)l)@SJ`-TV7#!V!8ZhBox{Yy6Hnv9{)XqCU7Xtl(>>|ZD*~mi#}8G z;D>LJBNSlsgu28h+0E+jC2sZz2EcMtl?cps-;j83i*ag^5I7bhi!gclwQWDC!|W$e zhawIg^}BTwJgFT5;=u6Q7Wdhd)GJ3CVp3Ltlu@sa-d2vYy`eWop-n!(n06pk_~nlG zY)&-S6vY7B&(|RKcnhkMrGc$kyC8?g{TfNsA`B3H;tq-$*+0KB zQCmfk&wn@PM+*0fHmteVx_-`v7BZVFU?2FMhYg;fKv1iSxT92SZ z={Jy!B_Ed(rc%{a+yiw|*3IyvWsi&s&N`9~J_N0-P+6~jJ; zwv4!Iy|Pp5l+D7~T>; z(#=_l#;xW#jx9Qk&B2!@RKT-k zn;ikR_)gZG%s}PxlpI{}(ISHFt2tlNPUFlT_GOmNVq;omyGf}E6N8U-kTp(*z9CWi z0+PxiAMqx0sxQa*5>%o~cYbWt-1TQ@#vfbD!_rK(b=r_A5w0GXn_2(9YI}9qF1g-H+KuCJtsb)hkbxfNRSlg)yie6U>dSnK51Vj$FCXM98295q}=6Cw5yL2Rp1^g z2=i#vrqa&bzjNA&HjVS={gZ=U3VXZROCwuZZM_jT-#Eh!{@qywZV-5tHruVUCd!;9 zKkQW!aBFhj6FfK3OKwp&%V{dpB+4%6grBo?cpF=-cxe!my^owbPVUei;5h4lN}fa0 zacAyc@5|2U zT6u>_k_%@4SyVyd5qqVD{xIVrXy{+Hw9^Q7Zb~X`0l}C&`1!J7mn43r)cXKM&g~qW zqBoTdCZ2+Z;^Sm4Y{t^KgADWv6Ikc3{f9XTna~w34p(S=p&S%153mhvNTIptx!oj##6W1Xvn0sc>cJ1$?D&I zQb*G9?!s{APSF+3)+5ZR-7w zsbQt+5+Fn;59_~*BJWi7COiI!=P9S+9?XczhD*~zU9#*xi0#o*E3KgBz#QDZtjcq*)%ksPS8H`OAY-u?lr9q zDAQpPckH0^r)|a{Ar`{i&iIL&@cXYhNr?PLwtzXA5Ci#nOb@7IgY%vduAv+#cn@60 z`pXnDk0dp+h4B_o>3$wkn+ZpP#@7&6*xEy)Syj(>8e2F;` z&-U(@qNivy`EaNHIpho!O3om3`&mQ`-d{kF^WfvY3m5Zl~&?g)x zUWvTinNCYX%vi@S!-TqX{URJ9=>k;@jSWAJKGga(Qv$&~3FhSJ+hhKcE`4u`gM%xy zTT<=P-fdQar4~8fyRA+(`oURNMLKXgj=vcExHrg8$Ao^ozhuy%-MfBq<#%W(5UV)y z>{1(L<~504*QUWsCo@%z&3hw<>sY{`094adyqfz^Y2*6mw+q-=V7uHqGsK;4zdgOz zN2cS*YgxVZA-3c{c^~oxrkSQa<@Mnx-g_pDVky17L&dXCF3tDurw(x{`|W~+34LN3 zp3Excqzm|!(HBqQC@bV(pS6(Gq;2+tziIoxD&0-TqPJ%^Wd<)x)c;1rH2hGXY*6x$ z`ywDns!h>>GcuQ#$~@Iqj9v@5#n(rF=}Onz<+JZUmEA>Je$6hBKJ*yFm-+nQ;`MS) zEj2Xub`bAe+*K+bcc=`qbXIw?{W}v*>Q8hkm=_vQuj3lfbS?!A~V=oV6Ik#1Yb);Ik55-r`;?%apyd%bEVV%mGh^~ zv@ZXCcVISh8a}&S(yQOg^=%PH55=WUxOAT^Ryt7O{J>ywEh;rKHsrrFe)G3qr>M>0 zxf3~TJ)!sT&87Mj?`!8P4(~@7vMAiB)sF8jhI#mRfJf%QGViL)w%kj*xiRfFaQ;6j z7tk2ZQHp2v7#}SO@NbS^8tAVmbdZ(u`s#G;p(Dz^9JG0x_4= zR`ZI=(sOIocKgHrp3_WQvVVs*h%k#4F+>A^FN1&17pO>dRLx(4OYaARl+m@BwnQQ{ z2m`%WW&tf+Mox%E9eaD*9#U1XBUwO&%Ob2qm5^oAbIR%ay45dtCCxd-4sC4Dd{e(F z0j>o!%*CK8B*YPPXh$C=OD^9A#D65}0Z2-X%N?{{eQ78|{G<@ib_wpGGUO0P9}q97 zL&wH*{!X9tgn=+eS;fxZhWdwxj?FL!P z9uRK-5C#Xr1AD&z+7DGZF2RRxcj=z^EHfd)6F5{H8MfSxSA)=OE;9q*XYCR3U>(pY z>X-tVmD-I2v1>YSnECTr6v=Kw6+_y+wcyuHqb8wtH8e#=S35>QFXRTy^KviDwucab zd`@2|ukh=z;b8+W!@^{OzFwX@#xRahR>(}T9^72BKfgk5;-RiX3QB9M<99uA>m)4)aVn)m z7`1zF$^F1jT@}0tS_-$}@|Ks)a;K8v)tyk6X@f*TxIL{|K5J1QQYC}LwN?8-2S}-x z0v>L>0ilK)!D>p8oHIyrHq^v1FwMZI;5mTw#=2-mwaP-$EK{XN9YCW7?}r#yICWQo zu7t1B#Zu%SMt1fjp@87*lEu^GNBJ7^_u*0WshI+H`H1{Yo^C|10)Ij|=tV~%9Dj@{ zp;HXo7Z=0vdFElJyZ7=1vGdqKd$SC1rMqB>BC*u(N7f^OtFjT`xg3uR6IgLj-lN|t~w)QlaG)nN)07{ z{*Hv0kn9_ZD3YS1V#+oCD}ICa57y{W#oYLkAI3C;9K`h_h>EMW#Z?tZCN5dVhpJv{4AWq5=p^kvOXH@HBl#+OlVNnZ zc9xQ1>f|K1Y>~#@x)-L&t78d7PwT?3`6oKbdA7;=m&L+@rV((9WOJm#QxztZyiK_D z*h%SW0V3*&Cb_1H)A&KF>!FdzOBvRdC0~NYDVx-zk!`A_A8$XAuQ1(2A(F6~LZP|? zR3XMsOwO##PE8dKH)CV?S%9({0p$9T1tEBy+XV%M_>G)=y1CYutv=b_ZL&piE~&8m zkm@m$J-f%gd?4_1h7-|DzyQ0HLO?*7IJMPcg3K(*i$f)!qI$*~<^qO7D9o_Cfer+Tn=Hr`; zK9W2ze2$kU*aSA5$Bl=D0;~MVN`p~kdh?S4jnR~Vx%xTi)kJjhrTPFf8s+!4><1GZ zh=^N!7D4*wUB>;4*M-@b;=@nu&4_dMNSOGCYYEB3H&V|LbasHT$p$<+SC_Bgt>JSG zjp`TetP$74)nFhRV!gpS9~PGT)33;YSJXqROE7#D)sS9qd!SCywB0afM{6jxZO!y7B6sD4de)KQYHV9< zcU|*ocXU@?)(;;6@CT!X4gOXyVd#_zq^wUL^O8&I-t-}_s^iJ!JANnjrF2jw;e+C= z#OqzT>BQ~5QP<~B2&B>5iI(0EC{gw6QDdwsGYz1n${DipU}$Tux1r~{y$gi`UJOU+ z4iKvmaF#^jZwxh?aM`)geq-_Ca%jtEBV&F>igl7lSrN~GDrywb*^~x&$~{WDp(9+? z476tH0!`Mn&TP`3QCu{#3PMc8c-jN1#YeT-2e_=U;@%|Iv$=Y6+}f5Glng#v1?tfn z>hU{=1wp149Ac>CiML9owrQUd+eySdO>533$c&3+UkR!dwEs{oJNo{t2+^aoaCSP@ zT0z}+Rg5nui`mzzmL|u;O1Q&w2>g4OkjzLzM*dUgd8Uw!dP;s=WAxV5YEyU5L-sdx zG0N6Rq(;tk4m~+%CbPC>>2=mO*3GHZ3DS3KIr=%LY8eNoL$}_|N*cnFQ{PEDK{3);TZ5bJtool6?rvp}Pf&qbNbE&Np z?AO!EB$fQ_(k4Ah6jHEuttFb}!)OYg)`mM-D5G%!TVZ*!vtyWaKIAcf!?Mi4;SRcF}&5XtvmOxE!;sfw9fgb0v8$(Zv_~rYV-18||gaP_fuVCEgTfjJ_Yzf~jW< zUKD%L?hYJmur3R!yRA^TKy`bV>&tGNP6Awjg7B+c+9+nTyGC!WJ8#Nvl5`##Zfz%s zUZBe;H*F8bY%WifF27UQ{iz)p=5{stKHbBkcA7imymU0nH|+5kPN7LH%YZ3ZRXDoE7K7P0nFr=r>#Bg;SbSfJ{S>S_ zqAVaNme=F;2a^z+LEwHqKnJ2V)XxcRrnD2UIy8*VfW6yWcmyBR_AHL+M@Qe&UUh%{ zw*LV^cKnJ&$L;jtGv~o`-ZHWiCd8O54ujEofsVf1-cUzaKAxP#(X7Wh^)~%Cx?9;^OTz zR3W;`JI#14OrTSHCu5%ckE>3Fap1U1u7;f27(i1y7$=s!FE;A~V(2(iC@|lZ zm);($fz*CCXr(y~N|eqtfmF+D-`*QT44z^Q2u+8e&guyy5&Hqo1;z9&Xng5{vOZ@R zrjk9QDBuTm!Tk6;^dEl|M{ENOW1XRJ%wJm#GOHHhh+hE%))A;EI6&TtjG+*uf)oHi z7^^5O7P-41*V8p%7PE^)hGQjd;D#OkHfZgE$ZD@a*G(l@UuC>M##&zOQ9B*7<>>-B zhws{_)-Jf)Os&aZX86S&z%J~05CeD2FaWHj81~Ro(2@;DgQ<%R@b-eDMKL#6z{>#8 zykmph@IgPAhJA+$E;G0qOLINj_;zifAmSb}N7P4BnjI1ND8sJ%5~zv3 zn!Kt%^dE{;7$Oq#Gq^THen^)B`Y%&NXry!dgAf;2(^jLMH(16-9Mdf?L2}-6$WWAt zasc^OsL|#bsN-6Ik|cT2?Envb)US4%~WEn!@7iXqcm2chj3}BS_SKsmXjTswF zuxthC7-fL8EC6g|sqxsiCUm9HJpTcMMK0ELYp1R(>5-W|rI(g~cXw56H&C70L$&mG zV*hwcI~oMMc97j>jQ6w!Ie7ON8FtpdI6t+p?e&hDthT4RXbEnFQmPC%#A>hng-tYD zs^ceg@8HlM9~spF!ZiAF-y6d&eGktI6XYyf-RGEi?qV`|Lcuc>1Phh+ZIu35LUzyG zKzl(iVkP_T7C-S&D%s&-yw|-t=)D?%R`ZSV*0DIzAH1E~w`-~IME~(NiD?^%yg?FZ z4h)^;+ceq0bo?`E1zD6k#94v`!Vg5==5Wz>`7mwJSR}3Xm({49 zX9?s^tY_GD_5QDS9vuZvRW5e|n-EDsNj{g1JMAE}@X#36Y o@~J=W0}dj2`2PRPk7M=^#h!lB;Tv9IN&x?~)O1x#lx?v82lvVOi2wiq literal 59048 zcmaI8WmH|;vNei(a7}P`4+M92mmt9{xCghO!QI{6-5r7lf_rdx|0ZOgd-r*_wf6_w zTC6qZoTF+~_3G7&V0l@wcX03FKtMp=Nr($8f`EV(OOt{VM+=ilj*aT-8k}@AEa71}-8h{TU;b`ON>4ww{$t$SEJ%P} z7!-`c2qxMIgAGdZ1tQG*?~C5J&MsS?l(fSryNEPSjT@mA#Pj2Y+}(D9uHnt`vMrZMt8A_L zFY3FyoeYDOhL0ArgAshslr2t2A(C_TmW$-No_Bff_j?89Pi{BIKP1~!|Lf5@ePFlv zY@(J_^!q|Es=suBY1EoVX?@$vQ!G|4Ds-^9JKsM4rKUTC#P>*uFe;TmPxq@tEn%U~ zVq}OSgBBXkL0)+*W;BlbVwB~4QjB2ea&J2C>wL9r7C-E#^Fb240>k6QgNhFNNB4)L zhH}2D{gIZFb{Zs}%gE6bcDdmMhK#c5QtcL1PUmCVRj-$}7TqH2t-&a}L83sz5*@DJ z|K2r11Bml5=6d@b*}eIi0wsvb3EXeHS$2~mSVo_5dZJHP+)jqd8dj)N!TUnHX#I?! zcH*d2qLWxmBqy^)Se!(vHQ=Pge83<{y`FnpYHKZfzQ5Z@s9&r#i&27FsJEm6hejMV z9=E@?xxXIgdl4_ClUi)Bj#zLN4Z|kN@VHKrPUqH;3Xs}8{r%|Of5m=c2@sDo+ z_K6IHAzcaL`F@)6(Slq}*Q4(7#Ooyn7L8oEPxGVkDE8h;TT89!q@d2XJu;5t#!W$< z+oOh62q~>r^qeB4f?>xwZHk^iqy#iMZl;-V;X7Z)(>1@BRhD|gq3E&X#1FJgQ68Zf z7pCdZ36niYd|LZ6MI-_6SeWI3|7B7BN0==fqtY*3zEfqN*~OfGSLzWRNIS_JY&Sg| zw`}j`M8rQoJ&d4;;YMXQZ$|Lx+@3L;jNzK_^uRG04Wnx`I}|zWP6&ixF&u|{k$Jd3 zsK^tKBDOnj+R3+Z?n$n7In&=!thd{ibT04z@u8)Q6?&7L!)obM5|?wi`}q*X*t?6| z7};opaE|_8Kl=WJGPK*AiGJleX}wqiSvr#5%rF{>hlShb*h$^o-*iDQxW76WQ4qtc zTUA)~xJjE3L;tQM$D<<4u^sy~ENs;|CFDgC&`5bN7>0gqZ<6ksA3C7fXp=PqJX-*y z$#^=?*nNxJ=-prjVonQHCPVa+&V8YVA`@u&@^(vnnxOv;}njiLw(lyYG^ z_SM!Bi}L7}{IBA-It!s~vIVjvb4lD1DvEtc8eEsWXg=_Q}Lf65~6*mvB6;rK?_%L<@y7&5vdinF4TDGXrfsb?Z7g9_sPy2a6(UjJ}I| z1sTWXI5!dja2Q$~FAZDcKks&-w~I;?azt%w6d%}r7yK(KO_65$4RKSg%2%TFIJ^e=LTWBYK zmuBj;ee2Q-#KY8bSq}hRoQ@GA@L-iEBXv3Lg4SOABI;$9f|x24SRATj^K>-_U0euR z><`JAh{%e`(0Ek82QCvF+(@6^#0>MCh`z?4ooF{n!do@pgN?4RSGm zfp`{AK-?@lXDsH!$!5Z}JggMRWqdi9Ez2r?{HP$pTPtI5>We1(iAbJo>THLz^nTdtRP5pU2wVjYyl#QBz4$iZxNkB?40=fjgGLoWxys%{MTAaXgiSe)y2OWCw(A}H z60!~L%`tG=@D~W~0^EW)n|4&p?6s_0&qU{}buqtJw(b{~fYnVkbtoLOAOHICf&E@z zphUF{OvM;Hyr5!9DVFQy@xl*?y@A7L>|IYH8uwjSiWXl?J3N^FH&5})qJ1&u8<(h! zt?KfFZV_1X1_fvCt&~Y&lMU8qEUI|`9ft9^T{hj|VO6FKJr+6^+_@HT&5rMROUfP78t(dypi8djo1ES*!Qy`6v4-gt-}v zj>nbCjhp5R_tlJ&ERKP9scHj%8G|g5qLgYTeFl*TyhwC?CJ5t%nv_cBnVnV23EEDO zazCr+(7Q&rt9=af?nUd4qi`XOGjNL^eQ=baioR1_nQ718n$Cx5z#Wm^%}{T#=iTPY zn16(81*`FV`c^QLjcq+&-4_>t;pfKX33tY{QdNHz3o%0Ftx!Y=V&r1 zFsM071NFu3GVv&iPRXv$DvOAUlnl;arNbBfAXmb@#$wo^Do!0y{yBe$fmb zddD<_LR0!ust1v;*kX!S5Z3(gP+v;?w5EB^HOpOUt9~Z^AH?>Wm4hJ8rAHGHadYT< zLx_rz4GXRC2%BS%a~+YeHZmRf4>vS^%Pxf>vTD2IRB`kQ66MMeFdGIv0(sAh&sHS% zD%;QF=9kwwyrt6iNFP7SY7cKXQGeL&`-R-$9~Jr?a{77V(**Rr54(gK4ikq9S(u4W z`YE5FnS@LAMB=*!c?0KmI;Leec7qCtmp#k{-QzSvw4kK)PiFGQ`UtC}1-=O`ld=)H z5v~Sv5r;Es1$hvU(YrVK4XQJ3Br3x?+4@Eee1A!wbsozq524b}3^LikCmaiJ?g_9E zrA?#`%KF`X`b0bFeR;IV?toW>MD&M&XA(Mk5zn&&xkT)%x}kI?^<_Ej6NM`Ldi%Q0 zU{IkiX>a~nPn&ED$4Y|_=PlyH=`CY>40@njm}gX6tX=PNz(A#K+Kk}tv*?WP{=P!r zFFM_Pid8wtwlK(z7F}eaj^ds+5T3uhw#SPCobflAg%5|N zft!o*cvwAMnY{u7>ih}#*#e1e=H_X3t8y0%%+tN`;(7e)PXw4+i2qm-$be-zliBDm|1cd?^IN zDJvqK&^)*jS46WaYzW3IG;_NMoS(D|@j5e{`PZ<;GJ0PssM7U;+vlox@Mx-t)tf~h z)Lp6&ylx~D_`DAtXG)HJ#=yFqt+URIuqh3Ui0lm-^M+33j?ko_lMocFsv`69q$_o_ z2Ey_1&=v$mM^1UgW`8n6srL>R7g)tuv4^l)N}n_ie!ES3{({lFu}hcpHPG7lVB-^n z1-7a%ZMwQwH=U4SL2tBZea{Sp4veG%NgarhS|viZjX8q)AhA@M`Z4lCl15i{NtJgt zQ-Bo?On3&LSG!UnanhMvcENn<1+4V67>nHU{HZ)CEE5d3 z%^&R2I3tIUwdem+{P2&$;NsRKqm}9#Pubq}EQfZng4-_T-KP1ZVi`|V)kfAo^81#| z2qE!o89y)9S?nmrZAJ&mpY#T!Eqg-6?gbl<+Jj4J{gf9(UhtQ~rdM+x;Oz7!AVU!G zp7*@(Vq>5bgE8xBW324sfro_73veQ;{BruKX4FJ#ob{$rNvtv*Rk9 zQyln?CLfXnNa?t=QT|rvsX~no&)7sR_0G*3FReu8q|Zy9oO<%G;SPx*$Fzk*K|@Z$ z7}t%lYkY{fSJwf9?eMBHUFRM4@K+r6$gMKBas~fUf{+&f0K1)W1!fzUH|}0A9=qAT zZ4D)r+7HpZS(tJZMcLe?WfcU+okOI?AHyb{@Cn`@)C*b-z@&z#UarkJ8WA$U!;gdEz|A)*{Z2852xUSRFANZC+WyR z9+z5dR!H%_Bzmnr>XR>mKPkjn_HfonnAn2jb(hbmcf+b@3&RHQUD`qJu`5-5!8Lr+ zvv`rLYy3OH9()`)i45HmRk{Qs1v)8uTbLoD?f}*Y&LAWseM5pB!w=l+0^hzxS4QrV zl=YI}imf&>3<~2=X^|`lXRJeu?NeM7P?KkE6hF3j7AoQ|^z%%$y4ol33&)Wqh(z{c z0KnF>P}*E~aCh)(qHam?@Q+Sz+GFPrw`hmQV%qP+cSd+X-Gj9dKZ_L|VT06_@et8I zsfKEA!{gqKqe8vxG1Sy}Y_nz^luK55k&Q-htX|Ea7|yFCi!n9vgurrbi+JpO&%c45 zMtJ(`zp4Ve)J}m~erSm%ol20ZLRywRUbf&Q=jIB@2>T{*FnR@2c*0=+238{o#89+N z=7CbaSqi+t5X8&n?l#_Zm;=N!7EWxLUw!gQ)-4baw3K0vzD`lGodgjg(9TR+LqRR; zsp_jXKR2{s;yLQ|K)buKjwJ&>f*wHZObS$41V*??l|>YXaag=R{(cEt0$J`y3xa!0 z{3jysrSX?u(}YijJ;&w4ZLY35$$VfQ*fXt7SY0x<(9NorEuvrg!)D^rO{*O{w0*NvgK`9sA+4}SV>xbPSa`&{(0e^ zQH*}M#6?wSSGGtSq6HzotFaqsQXh;Ob*ls?Pi(U2p1IeDcq<8~Jj*e@Hc>Qsb;oG= z&-FNa@iaOUmnEqGswBPdfIM!nx#6P?Svt^S&-g-K{d~Gwg=p}jccU+RnUiXxoaZSZ zLzejyyXG^##CcZHMVbnH`eU0v{4Cc(c${htSMvcl#qf7{Rm1WqV+KbrXmymTKgn<8 z&0kDHsPI~y(<*pVC~?X6A2%P+?~Gv=(QX^^VNc}XX8QlYlBJXnV_)7-Xf`PcbHjpJV+Nf)-Ps-v-j5Qp=*f}@ckhK)xnW$slJ zA@>%~b<+IIECwPHmI1zOy%d8(mC#i4+3eq}R))7m|He4C*;r5sVR;;BkofpA-3p!{ zN)P0_8@8IT-W1Qnu|NxAtB|YxUs7sA{T`^!n^5oG`)j!v%u$!j{|gFKkpNKO@VDmA z{|W5>VMlyeVG~pIlTE({{_EEN*%2oQX`E2J&;Pa3-vuJc0rG50*nsO_cphf=?~1Bv;A+)^v@mUN_56nu}=O*{MXL>H5>mSOd>NTSG{V@ z|Gjk?u>7#R;C`on8TcR0P+yGD>#(>!`7b|2I0+l}{-b1n7!JwZ#o__sWQB_HVuQ&z ze$!#~$X2TT*wA5?>dN1p+z?*N!tu`14$F&Mh<6VFlj-#QN&X=(t zA2Xe^yux|g3w{Tft)!v}zL!TO-iJe$I{@t(0gQ+h|6-O9^i2|8?B+m30#I#^lxw#v zjoJY>kO!bU#di0*L*76o#-B3)l?{5_EK>ltmH?2D z>TsB}*u{J_y6unWQUw#Z9+#6=Ad+}e@w8C@7eOrISo?I^gM>A#0&pUI?Wy-h=UYQl zbrxz#jC#JCQ94}YvZ<6Yy(LfO{us>Ty15hebCzbxI4Gw#X?2V%UgIH_1 zs2YMvNBz0MD$aJZf9U#XQRqm_jPG(nXd5V69l$41$t3-+=M!Qf#&{pTzVdLbcYji- zoPS$O$gS;{RIrKA?p5fYJAsTG0>s~8`ZT~BO0I;fkNn^dg9VQ3VR_4OG(gcw0?5_h zXCA1kxAGEnqHk8cbl-n8k2M-?Sou~mn!&e9<+xaHX|IY4{5_`MFe` ziQ{(dQV4;-{ZxQmKKzg+WRGQ>JBAFO%lX)W<+_&W{rN^H!!R^~`&v22EC_^1SeL2! zD+f9ViKRt|#C^&iPQ%>de1dt*R4$>}&3k-Rkm0!yCq$&T2yk%Q#UI1$xHFbUBgbXo=T%(%% zS)y0=rJE;`7~57ox#QbNvNa8)M=3(N*GcFs_I?{g z$kZIGpPbS@nwakZ6mERWIMqe}2WxTQ>_EyHmP3X}WW)Mp0LP%oZ3|%Eoo34~7j|D{ zo5ItY-OFr z+;Fi<$<`>#IC?7!^8sEL1llGjIa7@GF0>>@%>o3?YQWHR{o& zWR1k8(i%-X8Yn}U<{d^Z7Y@X8N<08BcfuWDW1vwjjRbaaOvAmB(dF*pq$BNfidU5| zl-*Wo z$S_!m>-Q3+*jC9ndmlm=802V0E4MTWi>RVbP2!WT?W}E=E#}JcRv>QDc$sdqtQLlO zeCv<{;w`)n)?OPO0|Z{JA4XY9Ml*x3*rh)Wu&=srqLbfG?&?ah9tjI%ThV%wMs)@> z0^D|%n@2}K?iZo$;kad5+P*QK8?C0TXenIi`&|l%$JI&D;$fwhrW=4iq#+RtkNug# zzEjk`(?6E&zdn_^=x>5}LY$7J!?fl)>IQNGl`f@$qKh?N2JG`HPvB{0BLEq;0A|_w zv$l|H z-lxF&3vKAJ@-YAxKycPza6g{* zWIfdaLDm{kSp!D-3|{#RMtL62;q+u!3t-BRu~lNVTFfF42ZaX2JQezS>I4W@vb5!R z?{XLOhuFdJ9s}zS)|RRYesXpqu?hsz6i7-|+N^iWHwEH<8?-F2J~6$+PQw_B6FNg8+3-N1fGz$^RMI$As`Wip(}JDUHr-F|HA^vIVC zqbWJAf8~#7wwWgqGHAqH>t;kTZ95p$D+%SD@zuiZ3$w8b!LV9yR@}1Ams0jucIxfZ z8oiV!;gq`&pKmvj)MTOg$`Muk!OQWs0lxBvZ*e{!uDm3$es8V+sGws2&pCBb4(FKV zSmZuEewTkVuHc>dvQwV}G4UF2CcuH6cs<}1SIKAD`@i5FsWC=auYEi4X6uDZzm7>o zm@(p(TmH%Iw$NamvB8sy1HygNGzXm1;|V?P3>V%D&pC;a38(hc@NWPs?}w%1LbTR) z6j0ThDc}cIH`8L$M(xlQOQp1A-fB9nW8p`u) z*Z%A{@gV9);Jn-MH2Qi0babFN_wWiarm?EzNFr+?Z1jd>y8U7UPk?M({mToT#FJG( z{1jl=p(u$FzWxe9EyjZM0p)>1M`AD>j3g?@^)vB@=7WnNSBJsYB1T~QRW@9wL`Q1% z;pNoEu# zxX8AZlHFTdI7R&)&|KSm?>b4m1W$QP`K2`s<-X|Hxm@epF!o&dfrQ(gz}{SAKmW3g z7SE&5lTPqdl5PQM1U6Imas*}Sv(do`Rb4U!qe*A?NIVuXgOf1bw_|QCgJbJsH=RNR z9f$b&Ba7+$A6y;e7cST_`(W2=$}cK%sP( zcAlTB#-5DY8ZPfjjMm;}2eVf6L(blvKEhKAP*$mqUEZ*wOt&nzUq=IAjC7eRR~qj*7B zziyKTt|N|vpFAy-CzO(QUFy{NlKps|DO}ALZdR6(u&h{{)c$vn$+$#osr$xj3v(5^ ze9nmY-rN&7w=9&hGKo|>+sDwmMR8|~t<3$QLG~9tLRfjUsevbG+q(@|_+yj|ty-=6 zsO4dLKZWPl`b3t2R+Vn&*BtT!7*40d-FiJ+NxACmuu0Fcfx34M3wh4?*RDpQ+FODm zRo-XW>j4KMbFOw*4;p;sXgi_Gxb97tu}u5ID8g0ieIh)Mh47|>8xZ#QU>0Kmf`bqs zvoyo^I8xSoiVXs*Gf%v2fX$O1M&WPb8&u73(_2IlFk3%{Tf)qZXRtq#9UlZgjsk8$ z8mz{M-J6&z|?(FCT6ZrbaSZG0JyEo_=j|%M;^T*BrI;T?lS9E0~hG?^tC4$ zx7KQbH0}nAnZor_BkmR)7WoR}4~P{`9VhBBt9i&21<;zC;X6X)vUatPd}LI2bu~oFh16 z(x-U>Uznhhejc1jkF$qt|DJ-B2L@}wzi{e(JIC?~XOOe!%{{UGwmJ#m6q;&FPWsL; z@z-{x zMARPn;C)eqN^`I8TxD0x-!wg`dwsw^@HEzDPdJH{>pvi7hxZ9fuwS7Z#nz}6{A@0` zgJ9MAcdy{!jCdHVpjL{+0>teH6081~qkQeDYf@s+bR63AR4o4;sNias)#y^vmTWX- z`gNoesXEnQYB~CqxD%Zqi|r>NEt+u*&l$WW9;IK3TOntN2Dtnly~oj7lr@5@$^t0W zsm13z`&o!9WRE|p5g={N9@FlxQNUBvCm3E<6aohOaxYTlPCngtB0Uk&r$3+aW>u8x zibkcB~F5ndixB3ypTeql7d23O}(M^MwG9Pnc&5!7Dq?!lZ)%0ZXFp$tU*6VSyO zlBjthyiB1b2sJBfu$HQ_4m#wDW9l~B3iJ40t=)1R+;$97$`cvCIjS2z1S{o)2KK!R zm14w>aCeL;oMR0snBX#Hd=V_eM`ow<>OV$8b{Nrhr*DKh1m=p1MG)t6F;&=%Gx&Bf?S0m1iHf?#I$$ zzF#tQ#qQ@f6jd#WmKxkz?Q1We;q~Bi@1WeIuxtY;L<8SArXQO9kK{M_>&rqRZv9a2 z6R;Kruo{aNTTDySlr}yQ><}jZo|HD*CKTj?}wksUXsv%+l4#rp``?jJiJfvVAA zem+re#*l368zhpkby37T?R8OTK}q;mk5)$aq(S=$MEw5K%h|NrS?Ex1www-oD+Vp4 zcc@PDwDbL?I+_d&@9&#d zmLggsU0tu`Lru-QrH~G=Yhtvpj!(kiLTFfKagl0j$GUj-?{e9NQYJ6HK~5#8-C%T? z|M&tKR?Bv8cYXH)(MYa7z#2YLCU^7VcKDeXZEeN4GX*%JC>GHAwkBscrZD4T`v$?# zwBnSAk9eo}H{%}Z4DJIoJ#LPtj~mwHC1^foZJ&Eq&(@!E(w^}?wDYu`P=>YAe6&(K z21syrfzSlxm`V*4K3lBvOa&xMgOt^AHqRZN93m8EKyIX0ogf{f^T?9o3~^K8C8r>k zOA&I?(t+QO_`nJ_BugkqY0&7*^q~hlb!M46@;2vBASgM~mzUEor$2jc0Ku7K{^_XB z7sZ?yILwhqV@*4HP43?~nVa?B_5DA5U~z3U*F)JP3;F1)K_1I7e0utx%jv5rAsMtfd^AhU>rO=D%F53%GS1zpdZ(Jvu%m2h(2gp?oVy{ z;sK)w*|(=yg7lL`(tuCy* zquOX%*u*AF-3KOgR8vp(X*P0Q=iOJ+TR5^*{f@*m-SF_wwJEjdxl(_)VOYl0;ipi4 zcYSvY?F+DNbNQUW&M#lcVqiup!$-B(nt&AJQv%O}w9)Q(+0C2W9AeMeq zH;^m|ZEiPCa0_$|OB+kdtbaz@)~Zr%U$Q#0_zji~(&%+!8Q1!Th<939+f?QpnKuZG ztv^0@Q&nF2b-|4g6D~=$CMIe3=RuF)vSg~CRg!OF4n3C!Wn76&?r=Yj)#*{e9{1Hk z@oI3WS@HIl8Vor*+L~R!37*&S+S3_#BPW=UcXU%sFsqF`=e0%mu)yR6IKLZbNRNT> z!g7H-P3N8gicOMLTBUYRmH z9ApQJ-eAiTya8l-+xiLD%2A`{`SVU&?`>e!4`(LB)-EpZD%cYuG?GXP*j)mHax7m# ziOMXj-(>U?J}vMNzkHIUpit7^t6+etjhTpXBIBxTX|ajmod$%UZb>?kct}9-&ihjP z`T))NXrwd&d#ar)P;}En&D~FFOm?sz9Xb!d0*7S9{tzzUrFZ&$QBj%I(soDvBBc*D z98kba5y#ziYbZ^6foyinK>{>{?%Pg`Fz6?oYkJ~!fS%75k)hP9?n^*A!&EYTr z0=YKSW1a7ko#$+xN`h@8z~Ok^@%E%LZ@gGJfLZ$9fSAuLrNjA4F++~G^36WxPI=J@ z`w-)opFA5PaTLy;D(X+<31%VuwrQXab0WHr^f{Q8)AN1uO@j;&;t$t>Ui)kM9hXC# zoi_9DdPdIJQPNk^Nl7t2e&T6Gn2X|f@_(+Bi`y8?ZxkkGl$X*C*`zu_o3lZFDyVqI zEsi}>OIYRqW;9%6hh^@E2qHN0;g<6@H?7zm>XL=KDX3zEcbbBq7%LriUHZsvctQcUHFtJ zo&?3$x;(BHEGq7Vgffb4T1>QWxfJJ09JVEjGU6FMGiCb;!ve+SyRic-V<_Zg4;UNL z46s>bGI*DtWV!a(=ij;3$CP1ad2t5stT>+v6Qj9ISXV>D5KWnQ=Hr^}o57nMd8}fS z6b`_)q%nqnc|_$!B%FjEhjBf~AmlXFd zN93OlLxKwwIfpk6DkO3LBd!ZFMu(zCck+F}_EvLq>br>a+=`uQm5mZNi`1w-Q6rbW z84(Udx&Au6#VB!=DI<$)Y|s7x?FUsh4~eGDCq8xNL=OX}P^WW0qi`G=tyNPbdi~nK zdEW7Ef(S^N>B<%yargacIPrWLh?A+EQyfjyxG#7ckL%oxn5iiiJ%{8w1(xf+DP(-= z@|DTL%>D0033gd9doDMc3lpkGm-L#>X4yR>96)=c{eDGV8_$q|!6OL#yzOA|8+I)4 zxQrsSD94x!vb&uAY-WR{Og2{+=;YdE7ve^@?I6EaDpl#Lq{)O@Y3yTA4%xLmvr}Q= zviyu&8%Tg{@FRc#x2J+hm3M5!qZ5IgB`MYqWx$+G%7jeH!YRQm`TBIIZEO{jZ`~sk zpH^cAmgaW>`LoUj?*wQ>&CI&&@G8-bedAh)M8+-a5I3lczGc<#s?nOz8x+nxqU3dk zm4cs97bph3Zio?>OOZXRuq$Xm z!6u)^9X9;VlGj{=PM^0=dOyDecl6hQB-rZ@*+OqU1qLGGGtUUMG#U4{zZSRSZ2LP; zr$GCl`PP0FllRQDvsuK=bImd`xzKla30-3*&6(w>+Y;r*afRXQ!285x zM$d^n*Cl)WKaK3?k0zzUqfEGKBM;wAIO$Wv(2!RwU7prFa^~%p*;dFJshGz)WBe?J zSW<88THSZCPN>8CjAmMrHj}!Wc3ZqCHi>$h9JJX?9PKG8y~6lWQ3uh6)lqd4$$CA^41pa?h_|OigHhMKuyjQ4CE1eDC#^s06ATBfH#!^tY_ZfSYXCS z7JkoJx~`P3KUu&;2}2<2P3?Z_Cyj^W#bGjvld4XX8Ypz(#7Le;tI(2zlqtS8|M(Hn zK79%tw=UoV0lgw~mOvMOXRQysy+U%@;3?JH)JEQ#rpmC!6YJ@*Qia8yixPE zs>3!_#6pD<8z_X|DJvQ&$niZaqF(!qgq*KkQADwlzSjkj(ZHHZqtIzdtL;+;3Sd0!K$jR@q>&1~BTRXFkaa?F+GnskjyUwSs04Ha1=5WozZ zx#i`0ESvGjQ`Iwd*znVwnMxO&yT9Al1 zt6u6?6$_254dS_LOxMB)>aWm!h|nW!fC#?Zh&6Osqx4T0awoMYl!#J4v*5_^TNf2I zg}+<9AMU{0Ph*w*N?0;M@~i1A=bK?#VQ6*e&wJz^N)4VcukM*L{Y@LRulTldPk>nJNZ+ zq7#Oc%ICR9#CVBDF`M!L{Ya_X!4-cmpX1}VdK8XgX?MCDtVfNr^GD;pRoQA zo~NHm%r+~8LkWD}|4gL{d@=b5*ee3)xo8XKOyLYdzg!NZyo4KiqnzijI@X6#h=l-L{guOXzvq7%vs-_p8=E`Y8a1f zs^POcon8@&6zKtW$h1KOPrN3}Hc-hRP#K8fyXL-9`ig*N`)N4462+~~G6ib2$l+)~ zrP=wUU6+Fm=)X}8#8pwN6dQi>BOcB_?RZXnv!@-rkDu_%v_wN%i}P^zm95SJnJBUh zPAH0c$?ThJzXQW!o%q;4Hho)3lB4kX`hd`>)bU^zXhcpNs>T0!?{uUXqxZfV7+#sc zFVzGlGLW9|pN#;08x^eu&^|?2#k-gFa63i$skaCG@w-8v6~~k6p2m|MyXnxn@#5aw z^DB@rn*7AwV=FHylqJ7I8pF%?QtHoka#I(1^V?mt!qPLnU{XlObr$^rpiOU3WnkON z_|beO5)qHn@HR{glS}cI=}l_AMGm%j{dJL{#isgZ92YzK2~P9j?Hab^YX$=w?hD)= zocet>O{{-EZ3NbG^W3o`WVH@xBdnUDXOZ4~IThv$-obQ11UgMVd}dN_D!*}=K9hB1 z+CTDvY*9dtP?%L4@^+qG13_k)^at!D&v)b&M|gGH-Ls6N2D6cAObUo8;~;$9)^BF~ z?E~hLG?Ub=SW47s_cWK^o-36s@_LchWYNfk{ngaiJ`m)Q(^UqqBSG9icbp2<#v6Xy z{Lg3-ksTm5k1k06CMj-9kY0^XW(o9(sWw(b!*TcO0}^t0qn&BB8X1*MxI12Z{Zs88 z4=(9bV@7`^7PhalWn8_*qPM$k3igh``@n1{zSQ#3iV+ z@j&qSRVfjjEfRXHMggr5?l`nT)fsr9u|dBY$aYDCTAntK^+AMkt0x$=utGtG}j)(gVG+Hy0tr1Jxe@x>ICAfrvjo zFG|HyM&W<6P)t#^jh&TZ@D8JpH%oj%;tt(5mCH6~59 zYQErpi!JfdCrhSF+!n@xZVUqgtjp1U=h7d zn6s#FizuQ2X~VehY;#})7;)2Iz?zz4(5NQ;WnVe|s#q}u!~^sm9xh8*!@oi>XavoU zsK&u2W8X0hIOz}RFB6Ozs4`Lh4NvEofF$UA_Nsp6Eluc40{t+kF-|tSt--`}6JSt> z*?gu@dA!POI)CE2FBD4(5O^rng=ZB8&{zT8(aP7sw=9Dvtk{}UJ5RS-zF-WJi=2Pv zv9|C4dC+#6g(VM=AUa`sQ-O04TIcu`m@era_kk#h*A+YDH&WQ>#%KbMi}>>l_<#hU znaI}2`}NPklHl*u?~h(1)Y%s z0uUaV6w}U@YM?3h569Ed0B!ObT-#oNkxv8U2VvMu#JOQnu;&0~Ua7$S;Q4qqkO(xt z0u1G)%RGwMdfEPtJo1+lf3XT_+PBj*dAnq=0LXzl?HnG-ov0>iyEQNjVP-72)b8OH zG8znI0O>l({oieF&czSaEhr`Gz~p1~=O1_g*m;$9Nk{_TN7`mH`}NInve7DkS6x;_ zYV=L*7`VM{s;dtG7hTt>KNGyY`l8s2%>h&Z|BwxAp6+>DxMX z$czW-`*TC3`bG9tWp5Fq^)+O-I`x%xyuJK{8WiV9>-AiFA-6q}z%U~en+^sE=kJO1 z((QEZCQ&lxhs3LX8=S8W)n__Y+x&KsAt}P6295LUAx*2lcMtn&@a!ZF+l}5}JD_h{ zAl|v&!tJ=P{G#%Ff57k>k8*{BQK^QrwVnXs1Qn($KCgS@Yc3YypeC++0`wgpidkB8 zTUAD9F-GVmxZX5ok&mzO=h?!P=WSk4D8(pHfj5)KcCo02IK-% zO4TZK^i`{HJJ4rA-u6ronQ=s2Pz%b!|1Ih`qjhr50)iwQcB|CG-&G`5X>`hkk+BTA zD}6uKt#%>vOo5|Tt=|U+h&duwaWCXb^%J!0Bu2*#DE^Mw`fR;U9@uG7SmeDeI0Esk zMPX-Z8`TY2qa~t@_;sc*D%I=xPL?QCG61JA7npE8e||U_0rV#|x@JqbT#oysz=+?x zwJt5&t$Gzn_$Ok_U!T+dK2D@R#Hb7tEJO0gH-Td$3fSr+vE5E6@fBAv!V@itSZ}@b z*+yTUTn4Xi9kq^NcDQ1mWZu0}wc!x@Ji5U$IS{=*>XrOWRPGR?%<=AXqncmePE1TE z<`qclCndu*)2JdA;n`A5Dow$yIWjYR)H%GJG-sWqG6Ud{%G5=eS<2Pfu(4~Fs>cm)PDm@es9`sH zRNja%tK9dQVk$cYC6(^v;8;HHoVvaWEm`$}jk%VmasLw1l+q4i<Q!QlpbRG$0_?6#JdB3wF{;^rleDOC2nlSmoSV$8 z@SsK}2q%bhH7E-0*$>CzeDcHiJNoA%{3^T6)<&_2cr_|NEUi+W#bvBVd64~1D7`$b z-Q^^4TXQjnbX?`Pf*^Fsa|##kQUgQjrDjKq@Fk_Bs*uUfVWX0v0E+s!gMuZ}^OJ6t zb)DFiEY!JSzY9E40p7as{hfCO%ao887{gJ#3leWO5hZkkh<;Q_ZyQ^jeDh3UVq{YT z<59G`HMA(EWE|Tn@~tmfe~MLv7fQfpi;BeaNYIM<<}IXJOAY2NjAkRo!c@X)aC2X@ zo%?@O8*ZYy9=BkT=|20V(U@z}{m#MB8spwj=IBt2sSWw<^cq0`Y+?gsRI*#h>eq65 zlxx}YKmQ9L@&UGVwR9f20~M!K1Epi)WB2R}i6S7GAT(#|rMDDLP9;+;RzKc~{LDgQ zJWGw~=}2IC+DLo1<9ugxhCNgPr=jUve4UZ(ktgnxZH7^G^!h}AiPzo=d3eJ&`rroj z)~IRlRPH0yzyLAd6D>Vdp(0sSdfK&-NT~|PR$06S5jukow^b6xCM;8pYSn2y2EDwn zPTQJSwZj(koz)fYP=>Wv0PO@R!Fwo*42CDI;@EO($B~S(B%&JzES(CEe^7ewt3fxk z(cY+lro>J}nZ%pE8)EQ}L<6}D!m6b+te1TvW2y&gEr0gI3-L|15r6i9DDG);>klY$ zSdOw84N(92piLwb!6+&*y@BK@)$IK|~bH7YoZ*&JlUacFz90@^5! zmX+V@9J~I^B=kt$wi`A0G|@THasm8hd_gRij1J$4dgcX>H>UKrDnAbY5Jlmop5>$qE^m_|D-?hFE2&)5MOgYzG2VE zQV8Q0Qo9Fu;vWncdu|1TYBj>ts_0E8#xg1|>G`Ez!nqo0ttCNs2O*AOw^fD-rs{p& zIJMI=1>?<&UHKY+d^FJBa(I_RPg`ZxeoQCk$1t}TOsO2YK*3b`V3Q4~6;8g;U{ zP5bYk(ovGw#N(=Xi7ArTi5;q{!e5~=92Pz9LVTERWk{V_j)qz`%+7NVxN{-yxxpOjnRm%L``N$c z3};4~wOL5x~eS$Tq zV|e)oPUzzx_6)}q_sMMJI>K_6ou{qyQLe7vGV#3~U}LMJB$%`8HB=yk}~DK?ZHLLx6Y{F>yh9c07|x zE9c($WFVO<#paAVGmQ=)tztHtBAo|nuhg;kZPUHo)PFv!)qb&cZQDzka(7YMQ^+aU z5}FT*L=BJ>pL?GmQDCmU6}mm0`_k&k>@=i)XYxQkU*(+O-tHdqP^6Hbd^yoreXYVd z%#=qhI-}q558&j6J$zw}*qQ&Q6eK09)SLtRaFaI}86j-!Nm4B_2gg-fDjrx*tj&PV zaf6^T3`b_RV^=x6Y#e z>2B$e?hXklsYA-48|jb^=}@{u8U*PSq)Xsk`1?QC``Hh2oxS&3V~#n;J>3!+pn|vQ zi0!gG2RcIKrVH&XGB~VsbD93_=j96ueXOK(_tT*+i)0$y77xk`^>$HhRmpYGPCt5& z;TfnAw~xXBHcR4^)Uf$gy=U8h@B6Dj@V+BFGj9bK(LgI~@&hx6Pkdi+3}%|BvH21j z^mL!XQ;HWlRw1=NgVR8{X(&>&?_I0gKPGghXtShsuaO`YX>+(h^Hy-EH;ENW$k?Hd z-`8ku*~pv5}L3Gl8>d*f0h{?P)+e?ExKR8 z9{|C8KH5*g>26bmE`mwO`G%941)sq{wZMlPddVy$P$p<9WmvvI{S_9ZRnu{5%m7g( zfw8KMqo~HThTQMZx0`|$_MN7jr8(xr_jqko-TtJnI~`R;4U%$rnc`cESLs;){>d|N z{o9+)wdu-#W^ITu{y)zo?@0>&uR@X4f;r%R-d}7S(NwtHf_&i%r(ri>3vBT@n4fz zle?oxOd8Andne3;!8@@KXcZ1V>9|Z-&s{7njZSRB0-HTLKZ@E@6->i*`Tf$1sE}7F zT$ucMny#13ybX)`{Y6R{w1V$#@seN@mfwL`f(;Z#s^B8RfjdHmIIZ1vwqyD_ec5a# znY&g7Caqy#KaKlD-`n&ufk@*kE4RO8oludd(Go~EfHyG;h=t)O?Vq>yu&4AvqO+0F zS!H&?HsY~P9pDmtyD1y)J*S|;R>|L^Cfu&c*!J41toKscx2=uXQ4#|6d% zPy4us^k?ROSS1QvZlqg`be(KG4UieMs&({c7XByHu2aC%@ML_FP>e|Si?pW;(SCNp ze*7Bd6?(mBGa;{-r{SRW=gj+2iM2JR>IQd``tO-kbb6!*pdKDzWx)xaxj~Wg+QkWHiWcnI2Z}8(U zW~s9ozp?Q#aJxF|HeMZGI=dT&NKu*h7KzeKbXFbDjU*k@t6&Y>i>Ut*@~Rxw zQ}amHD@Bk+2hV2`SS=wClHp;kntB%f3fJPHvn``|{jnCMu)lmd@b_G@+vQn1>qE&7 zMhq&W{#q-US4H*Z^XfixZQ}dd*5o(nU)N;xg#N_>y`ut!QP2MQSwRL;?`A|PH@Jw` zF-9Z#&h(*58C=Ngm}MUf%aQn}aZi>xB_sDgj?xaQda7V5mT-b4Etvm zG+P?hxSLp+S)GW}a21tjxR)mT=EnR=UbXL|RV zWNTg>x6VacaQdHGZ+lYfD|S}QyfEI8U0Q~gwo~PPNc=@g_&2@{5Zc9rGa^tMgJRYU zIz^KgY<_=xQ43OJAe$Au6@slC2i#%lV$&})`mhiZ3BsY$kw~3hmNwNnv4P%N5Y|fr zp&%yxuZpq4mpY|}tzU8IRml~E$G~|T^E!LS-`_ykc#e^nyc-`ag(kzj&?D*QARt-4 z=qJm#|5dbm`LbNg+hdku5^ta6F$;u$IlTC!KxX*(a_zB22iQ}@Aew*(AyJ)z6N`O+ zucV?9?UbJHMChIt@1c`Udo3nak>^tj$q8T)_PtC54VQs5t84~f+a!VT zmBb2&bP0(Ip0s*@gTo&Ha2%4Wux+?6^G{4LrF1SR;Mb@)f_Z)5XU0VR$l$VxhkYI; zX>M4SQbD1@?JsRyB`=K?ZVC@dIu)D;Q!{o$kq1j4i zR>e~0pL&Xi0NXKs*Hl*{M$Cw!TD#v5_y-?8J3`E8Axwr8>IHEvWLnrZtMUau;3)g8 z?R7jYfP?qc5+LNXjDAAQoL@Kmwsw@MHL zo^F<2|aT+`FbwQOg`%n9Qi+a;jXbyC_wj`oU~!|dyTD6u5k z50`nV{V=amy-t=AD)lz!^J*sDT1kk69ssJ*KJbZ?di{F7H<25xS*|mw3nTJyZ3g;P zRT}e09e0lW0Hg90u$;6DoJpjCVb=fZ4osV${SvAZx?Z={-Dpw$d+Yva<=^Lwd@F!! zN_N_dZ_M|FEr#zY7KX&;YSHQ#HBOUl6T7H#h2LwZyb2Oy!OPuun=aVuVCf{NA7T-QT zds~foyj=Pw{c#9{D__&)e5ifoF3ah$$TrOFXj@o!NSm}MTGroDF8wfYlI!-j)&#oD zeeYk&xyjUQ`#p){;1gl4-{pTc6!DWBA+F53_=ZSL5%jxt`X!G>!IEKmNPfn^y~@Gu zyJ4UValKDWpsd`=he#JM%RN5oSJE#D_iROaQDL#Qo%9h`c8G_*90b4ZUI(Cz>4TVT z-Thdw_-u(9RpUKK%O#-_Pa9apZ@>bS&MfMiwc$}Mb^{N&>5Z|Jm({}U*h8rob|?DosN!dNCM-&ou}rvEcZ+$O?X2ZfU7Z=TGa0G#&RYYK7c&ELAAiwsv)q{ z!@lj|+<{JAi<3rLL#KGCH4T+SKojKgcFX9{5E~_H2QH3R13D$)MwahTd~~Jl7Y|jr5bc5SX3+OE!Kq1>(h?| ziON6BH4o4Wf4fu^N`CO4}mqmiyOc zCcgc5&pluZ_R|2&&bRp*GsDoHUau=A(;f&}6izK8CB1!I`={?+LB?_jpsSdG8|W16I^`=C{{nnbX!#gtpwzZ&pLX#>)(y<@XH5>9#xn`Z?xlK;!62TOojB(3u>D zxY73Y?Ksfj9+b>JkwW+B13nk0cBKm#ccN4r4xa~pwres7-imQcS&1^V`W+5~+)}2i z)M!r+@Qjvqht(C#Ivsxs%snf&!+os@Q8p`2wg(QmCqT>eGkKPS$m0~ap6nYrp^Woi z9WnraP_azADmyO?G`-(<)`|8@8RDvl?kjpX>^*KCu+(i%`k)WV6_y>@B?H|!>oNSK z8>dOsWmq1sIc{7RxZciQZhF;KJpcFkM`HkcgDSB+8VJZV%4$`!PExYZT5N{MJ9X{fUi>IL>hDa9NdG3`&Cg7RtWN z4bntPr;B!FQe|6Kp;atd6fao36o_8ERXN?*DX;bKmnN+KWyl{OiEVT7 z2AS~T?5@^gXZtX7EcXBUYz$`XGWMWN;2qq>k_CA%@W>EBhh(lQZI1Oz8a_xW3%=bX z{COGLLfPT`MV2HhaJ;x~VG;}ez1z-M61aYh|JwWecqGIHb6uK8QAv*=M+tA_U4Wcq zb99us@!!*7)-0H?b zgu`0)TykJBL8wW5LZDfyef?TzhCQ{q6vab6xxNNM zMiOqR2MV~T)~`qNtr~r-8RR5=9*MWXl*^AH)0!mk{icF_Z4Npz~Xv}NhcD>e)3CUMvHm~LzDKoeWBJEFhW>*_|=9_Kn z>DAfHJS+;Qt2!TEqY`n&fdrbuQR}hD4RGNN)`LJ`nSOL1MBoLy_X<-C^zNS0zlBXQ z{ASO_K4WT2Ppt%;MpOz^h*JiGn5;ow`>c98YCQ>fjVwor8p+Q_($cdzUw(Xx!mG8c zefBY~C%6-dmISZ?=$mMb+(x-Sa`YW9;Nod?Uav=4fYj{AFRTG|{&EqAvn2k1Gdnv| z8h6m+);iHra5EmJN5meF-kKSNV#&xAzs@SSlS`3{>9z|avs?w*UzQSv^C6SMs`LF< zyAyug{lWTJV_LNX4X3gI&BBhkumALlIz<=C7e;(B*)zi17{Q3$*!`2P7v zD_i{f-IuBk*G|w2`kBNoHDV$^5KtWph@(ubJ&~ctvIb5r3g+K-f?goJyb?{etb&{f z255scKbk0$#OjTpEs$b$(mAd}3@i#%?6x&=8nJwDvjvZ(Zf>V^PZfjdwh}q$5^z@w z`;0p*3WY94>(m3Rh4%!C>J*Jmn-5o78SzG|1^$&jX_Ua3DRR~|p^9rnvY$j`jxb))zxx(nlaY^H_kl!@fdx*_ojU=dy&6oM)`I7L%{ia+Cf|c2h z8qLtKlGRVjAFUr~j=4$bceJgULQip>xgF;lbXV@YOSniD6w^CaCE-~K=!qNqMg0PJ zTK=o@hY>f&E$(ZMK$VH{;$I_d-wkSFCbd0=zfhyGnfkItId!{jcUgYZ{^E9!EW9)e z5M~XlH8F|9>?ng};Mbl~-GE;pk<4QF8lV}1i1~`bgPK^^qn#zFSE75f3As!u$lHZq zNGEJks(!WCEtXufloyXIf9ay+O`*k<{{b>c{pMw56qpkl*fnwdT?@z)2dB7n0|QX1 zpR0ICLe-JE*S!*vHYmC~M23YD7s`O9Ycu6!BzogD$fw)t5PbO3bGQIkr}Vo775OlSa7J zvG^t8MKvZT7~=Y1w#VWdstdpn93}Q-J_(szIPVB2@57pYgZ_0}TDET*G=O%5W` z4Ysbo8|EU76`0!1?2S#ab=rLzqDZKu85loe#d72DY9%DXs`i1wj(AryqE01%zg6wI zChkq|qr;|WVv7097Ovl~BajC=&@O4PH#QeA-oD?S-Mm{vIKAt$xbq2gEE#X5ib|T1 zBqu4%=u67-+}yjnTzKk_Q{z03B2*|DHi-c}EOI>9SqCg{r?x&{LmF2TR;c!EguTX9 zk7tDxe0#ykyW`#UQ6f4#J3z(A8E57CaP6G(?%5Z(rA#t2Iy00_t-|G__kYC^|Hhvmms>Zg zp@-uRU$$yw~76>Yb8J$-)VNf+BDR3)n^&OMdB~OOe_zorp5tg z@=~ue^rk|yR9zg8ua=UsAlqrSJnilQU_)A>9jHnEAoH}60CHAOH}!kWuEn&Zh8k5; zpQ|HgCTfRxZy3c)w&oy8tvXAkry^G2rFgQsDW9%$R&=rA$B{R1EuS$gH_ zHf+=L^0@r@+jRJwZ{0`97j6^?XH8SNs=R`5Kq}k2+WU%Ubl^I-{?&~9m~UrIn{Z=J z`Og;Gm~{Jpj2zGy1RemXsNf_*S7Iu`*mJ>REGa_K9_18tOV`JqrW=N1cvtAb>`<(m zo#`x?_ZX!NYVS882G)W2`m=;K2~b}+hLsbh5Z36_j7%(cG97g{y-bjV zQ{a&ke1b6$0%D6oT0kG66(Vv;cz-lB3ko+gs7aLVj$lW~o(aAX&s|9&1PH+{3*FPemA3oi(_&2+Too7zykC7V4kY+yw zGU+w4F&5XD{WHsLu&QB6ZSrbJq{*+abZYeKC_yXj6gqI_HjV0%F`yZHePB<;r4BG|B)PO6;HD+tFg2{kZ0B z6Cm!}teEswKxS@6_w|L-eD5Ur>y41NV`w4l>Dn>ehv$zQILAM=TrH%3}P@P zj?bfo-nsFXA}T!Y-Sex0RsTCBBd;~Mlv5&JT7SCMwYqVU1ND)+uTM;E%aPPIn7_L7 zX(*A1EUHc&H%0n@g-r0Gg|V{fyRNizCcrWsAuV>4WEDPBO zIi9a~P3aG$ZBap9FdMZs2_hsgJ>gpKGJXSM;clDG@Dt`X1rm;g9}+_Tgf72}t(7vA zio)~g%y-Uj`U%9Hu2zqMl*!{O<6BAZKbbO{VT-(j5aY1nK)8F0*|G)T9qWFv`D2`O zSJZa)qjjp_`_0td=8CI-A##Cikl$~lFMS>V#0iHaD8o5J244~eZPHY~Ntw9)JSnESE^!u+LT>gQxLB?mXkJLF`sa3P#U-)Y~Q|8gtQXT1{ zven?xi-t%$1Sk6|$n=m-)>)VoxHMqUcZR{}!M%w=B}?G#bw>YU%;!Xx<ajBc-vkIPMTz5$NTuh^|)lF-;|E+#v=?2@1g_V|zK^Z7Fo4$FYMVl^0e zb8oSk2R)rjo~hMt$FaJN!PmMwlN#Dmt>rU_ah9S+rhLH; z{}%d$YT8?FuG1)oU{mah8UXieJ&_&WL}y4@A7W{MbWo6_5U`Q>m@@pv@K)X5F z*K7X*juzrLDpRK73I;C`I^)h1s={VF+zX38D!~@te6oIvBa;1)tCEOH1W&vnY1qzy z#Y&q`25r`h>q*PxNs#kaa#|+W>@E{)MPUx8!30#`6Y?sVSJQ5$76M_)q<(}5W%+%+ zBMx=*xS#qCSGy`{%Dp|Bu``SOU5ZWJnZz`v3V4?Ma}>)FANV<5VbQtHn}qX+GM(!9 z)2+dCEqoMQpU_ic<#C9pV%O4oI-S@a#q7C!xOf~d&v?o-*<_OFfBEg`d z45|OM$&M+|JRVPwj;vbTBUe8AdA1a0%r9O|lus)F_!tG}k_0elZJtP2iJY`{rVRb0 z>S{+qccjflmmVBGYqH*UK+NqQr|kz-%gi3nm$+CS5B)L@likQCmOD;wFSIG#R&P@s z>Y=T%&zW%m&9PIA>b>;MX02Ius<@AV+Z%Dm0l3W@QltJQC&!P?O6IqUPJ#R*T2QruU}Ey-_knOJrPzVB|2z zltWO`)v-+_Ka|~4NQ4c5@mF<5%cW?sFr+w+ER;;>$G6c;fYK1X?9|zx{Y;lN0@Lhc zxZEoyJwORZt-x;dyYu8_2!_iH&Fv1|d5PQsu9OQFKan)T!R-M_wDD{&xk2%8*~SFl zp`O?T3xkZBsTx;7hPTc+Qw?UvEH~y0R<46hv94pkd`_o$$A`&?f2ZM9*_rLI!wiZ) zIatl=v&vL|Sc8<7xQX-hzAYYnAHjFW_7Vc7cMioVL3%~)=Tm%Z7495rhd z^Z{=3<3{@61W&hxZFs3`x6PdVjj2o|?K}6=?iO#?pPR&mN543?k{Ngh|Gst0_ptr) zG(kd57biNn1_Pe?ezqLp)$*y+zWeH+=VBmkh71Nn|f(>~CL|>LZ z6~m#62DK5>2jM&+H)usZJ4Ki9V2hcE=ZJpqhp!!}nbWUFxq|-bK6ZL*CQ_xgJ)k*R zfQWt{Nz@qt^32LE$N{7$D5j(0*;GbA6K~G)nblbDo914FWW@DP_M39=p3>9Ihh^7o z2afapEAw9}$Ag&-ZZv$d<~PZrTYC%RgT!YmakIGkgInoDoo_VsF0u1(3DSQUKAMx zEy`1EULBAp*;OUDU10_$^3il=T{e!>IxoN^xy;W~$y&17lK7@@J`Oz3zPtzE^C*Dg zHM6z;80k*dZQMMz(QADOqzUY-xT&zI(uhkDc=x>q)M#RpGsarp7QMfbU$Ntn9jltq zdAYO1i_qb+gXev`V=`rL&iQXJrhHJ0XP3zG$#LHlhDlapKQ?qbaKXaRX;m}->kbXd z|2J%+79hIr3_OTyRxDSpiu{)fJeRP7sb_>D{LXZ^a8rWNvIhml-2``^P-px2+ml zT8ihUL^Y`xIX%x-Ip{4PDY1@2XEJ&h)9NXBs*F4Rk8a}b7au#}X?=M1CE_+k4LZS% z&?5J$vj>ibPC0XTxwNJ&AEI@1UXTE}OU0_qg>~_u#7aINLYO z@ABrzZ|AUKPH$C)BuZHN6Q0eRX3p&k3G{L~3Gy|nID!Qn7pj*p?IzOrr7*V}MB${~ zmt%*CwUJl<#^3J9VZ(PA$*e8;t1|G#nrb^GjN`F>uF(+7)&}Ld&J+TbgAS!W(+k|6 z_;;--d?rl6l*!*xNLRu5^3O0o3os2Y_nK0{mSC>ZFhgoQf@TVDuh~AI;+G06!2gwW zO37KA?btXDedTpn?BT%d2K383<0@lXs1BtWlTCQ`*)I_)hH)lrX(r{yO8h~Xb}~6( zLWTP1Q23my-%I^ZTQ3yMr`^g6Wv;Af1ACtOe;;6q99k}-h&t3 zsN@}Pl9or8KYz5H?1qWC_l}t$Qq#lEzB1gn$tmS&u>H92E1A_Wpz}S4x|&h;7otHM z(?~eheL7{sI|VH)5>dItHv>&WDM*v>c6w2}m*)@71K^vV0JHrbUkNFjF&83nIWibE z&pso{gdq34T9G;hj6Y33GRbC;U@M$tmt3w!kCk!}-Yv#tcPll;%o?60hItTw2L46y zyP5X+96z>QEBTz54+rJ8Zk^@Zk0{m%lb`;0 zndqO>qBgD9*OI>`kn+~lTU3kd_zYDdRnHW$=)y|O81t$`lDK-+BvrUha;U=W`UByD zKb6?hv!#Bd#h8j0BWVZby#>2l{jd3CemBd)RCorN{pr#qUCdyzY3pB2z;;NZ!pjlm z6XebH9C=mK^oY@wst5Kg%vgg7myEF=TvFVqG3;83E)Pa+R zZ#FP*FkaDH$p%U9bJC`fr__LrPw7J5wX>z`q;L{G+z>-@0#rJZy*b%XSVNJ0{dUyS zm=d>M|BiYlo4TnVTdk8rvtMj{x>-x#WFyc!oND?+c2*e`5Z+m;bypFq{kCb?tz$OZ zn+_HI;O%2KjKK!`@p%wL+%m|>$tE&LdU*_=4AI~|QiJr*t&49>XmiYh;Vm z!e77k{*nyIpsFA?%EB_Ea5l<9E6pMfXCr~CSMA7*X^cqWc{?d9x5;1NtlJSyHoNVZ zE*Fu!LnMIt78NMjLC7$K_54So*s_Eqc3khtq;CWt-=g<20`+O-RXA`IYuG4i6<64j z8-cvNLN)-c-b*>!bV{KVKJ7)(NgA{BxipNxYRS9v?68ZoopCD)BGZWdx@yjrpXVfV ztdpW5zL)kT7d7{RXBGTSk*y=g1G-_Wl{Qi79oNRM&2m-FPV`r=Hrk6Ti*5QY4Lma` z;xI5}qirJb2$A7G&ELlDV)C8wPNqafqzf@pj(o!OqldCW+j9{PFk^@n>pxIVGIEq= zu(krwhP`vA|9yQE$)Tw%jpS?eDI_yfj_c1rf9z6#>uPGj;)58b&{Q(m5>lXf#cuQC zk{cE!=$CX?A%g-*iFDRyVF)Cj5A*zb{m6E^7fL$bwX*%kM1)ZO;SiEAfcbzACou#gz<1ZsQ?zfM`Gh zkaT6$ol1x-Wi5IHtR}QRfJT^5d7Y!5{p#eWq4z%(@((`c&s5A#*d-a|iW8ptrZ1h% zv7Rrc`)lq+MV@y$<$P`kpOgI^Fs~ht>wr%62kcpNW6J8Y#yE&} zDeXvUBs(2`eEP?W)Ewf0Hb;arZsTmGbO(>UsnA0IV5x(sMu(-oRDQg68a$#~)w*tz zj2AcX1AHM3(H73#@kIr7L-d(fGv&_nZi`k={|^hS*ykYYmVz^OL^bIcqFx|P=47!b z*T*op@ln}Un%#=^3y;Z9zn!qeAMu3UGohhJskVKMa_j38JEUkZmFG&NQNY7{MwY5tk>_gI() zX)?>~8o~Sxm?9|z5{~{}1Wl$Md6Id#Rm=*#8O@4C555-Dn)-V+>wxG)BgpAN`7-5W zJ~@!Xzv)5u3o8ikWYS1qDpeqCj#VewTQbI*ns>;z8O*hCKbl%~KUuU$cYBwux;38f zsyn26AUY?>BLVHPI~iLGDokR?97}f(}9%o14zIWWk;o+uPmG z!c1l+tQgUdr{-F`%V$}#0#bsJR6>}ruF=rIiC(+K>{i=2S8_Pa5Mj8NI1}|EP;}Lg zi-GB&tiepd6@!mrlMGg!#R|lH61gqu$GqU$ z4iCi{R9Dach`z62eQdM*wT8>?kx9Vw0rs8|C7L+aX=?6{c%_&}YEkvT)S+aTr1yRT z+inUR!5<>UszcbBmDqJUkPc)NF~ri>q)YR|&~$@Ru z$%`y_vv1lzLE>8JXfS>cNMb1X5k~FS@&Jzn6tg6)qMhs)uyfNiOLYun8Sd z={uK(Lw{p?5+Av(?0q61v;I+pI$VI=dPftBxuc4t@L6r!L3RP&Mo!0&dpUfPW#xrQ zXBK~#Q-ybM)F)=5JdN!_?PM1nfg`Re;i|t5gvRZ7@!5nBkp+H~=K+*)1V3;RZl~*_ zB+T$xF%6-z-?_g?#Jq^~wEm32M|U`4%t~iFn^58?nD@LpLRrDQT$wrTo`l>cG68an zWatMyNT~GxO=M{U8g&(Q!}MJECK@xa0OyQHK@^rqnF`6knnG41V0}Tal2c$LVO0n< zqQ1b)zWDldABBl&A_nS_Qj2^J4X0Q?2Mie-`OkuvfEJzNyJ@3RuSgrlm852?Q>vUL z;K=(?#ANMzDAE=6fT^UVET-gsJ%rD$bwV+^GRO;-A!STV_Y)$)Q9k&BW@aGEYyR}g zR9oW#S&}b^p)HU^5MUSF?`T3$$V$VadgG*&sYWAz%8lERJ#wH@iQ>IGGvsHjl+nOd zb7Z9{+~1x^X(RixFKu|odigR!bLWe|^zN5iF0;85_lGI|s(gpZrz;!gd4Nw9yUkr4 z;YbyVsR)6X?Q!b)IJjm4pOx$&_>UQM@VnVY1kxnP>WJi)JmyRXR$+a$RGsS&H_^HR zW}d0Zx~WT(IHoNmkU>E&Z%i-Wi88XRcNY?CB25^23QWm zJ$X6fMNQ_+Dp`Nf74#yzU2KHn1vf}zeYGONLn9R$0Fz;wJ^_tyY?s`PU8uc52r+t` zoadXBT!ee;&HepQ17n-@BaGvThsM~oTFZes*`w6R(L*_GK)neYnTYSev0n`~0nCFK zIlFXUT&Kg+-wGvn)~yvxb};qdXWq`_PEEiuSJsbgHnnrHr)4J-z#RN0vO=9##-zpq zA55Wxd3C&c%pW|>Q;pMGH_hrbYx4XB5(+(dW9F!0WG(YNNY1~3Ks#x&03v*A>V&dg zx>^bRVKBwhTjV14j3IL36}CFM3L|L4{WurJ%(^P?hDp_P>5M0;S3T(V_X3S{cTtMl zKlbtI+IT14cr`ZTElo_nvR_Ke@_9MaXSIW|I3Gs}k*T+oC%Htn&TY=<9`K_LxnQpz zDeFSSK-oPXlwnM&WV| z9nc1_Z4bOAaP8*yq#w+D=~s^KYO>GnP(U@ zo6Y3Z&L=vPLb6_RWE~GMO8g4WF7=Yf@eF% z3q=`w<$gu;_bZm1{P6QaZhR<$W4*D!G;Sv93fBt(2ap80E9?ki)GM+jTSV%YusjM` zmj`5=_%=P6;_lznaV%J7Q*XA=(*n>8yGg1Kq+X(uKBVS)`0z|zA!UeDahtX%TklI; zjE?d|A=&`}$?ySvCeV-V-|>lu_)5@I@uE|VgPPk?epW449Iid!+w;gF&`B;EBcLt% zOt-BP9GgdV7uX$oSNT2>eF0IOx1SP1V#4cOCH1ms;?C|R)qr9g7O9poYJy`|AKB$q z;hB)f5_P3;1zs^}JSBCgi>hn^Q}1VU1G^zV&;^zhabx#vaeUaVYp_8Kks@aoFndn9 zn5>_YMuE|TXn+BecB6iG-)oRJV;7Z5Ho4lWb5Qdua z2lO{-vBTa8+x0k*vGQPPUd@WzPk~ahAH4%d#q;naJZ)kHu%_r3j6u?5=eJ;HfYQW; zdRJ5g3~tJ294}tY+%Yr!P>))7*qt=3u>J|<<}z7=O>cf=6!2bCY56{9y$8j;eVtkQ ztl{-?N1%MWir8H0Ev{Ih_@R~Dkq-Y9| zA1cDp2suK0E)V6z@kt^JQDTk5PzVvnGSmKj``<#I(Wa7T8`PT1;fBU4uab8e0DswI zyk;B`KW3}?kFwNHJL6ehG>u!KC;g&snJ1k>luppi4>20Ta!BYS;R+f zS|8awljgeHqmN*)u%xb2ydanB3=)XsmWzf~(D9~`LNAOSuVnXN4xg0`M#B6HsD7#U zn5nsq1?K7BmfPSL}E* zp*J;h(ZQq`y&o8qOcqNVl5f)FgnUO?sFXea4#@3KZcx*(X* zXHTMFr&5lsW|vm{IL@Gu!NENp*XgLP~Qphnk1-aH`>Hf*ys?T zN0{WVo>m1i4#$t|Gb%BkmH<`t9jMHAa>DP@NY=rvr&wyfQJC*JB^lgR+L#d$Yokk%~4YVyip@WVqJDr_NFb>rC`rkG9r$VY)z_7OU*$W=XWUifyMK7tu!lktvCMvD zhx=A3YL$A`S%=ufR7e&j{$>+suwHTKcPHd-eb)l_Eu8P8-Y~q6Z^WhdfXGCVVm8C` zgaTS0>8mIFA z3sK1yJ=$vp#ZZtWIs0rhoDfG?J&a4G^b3Nw2; ziD!uRg5+w|-oQPSiLb??WHJ&v7tG+nn6#9WY13CHcLC0!{g0-X%i~T8ZsCdta^u=jigjtM4m^Bl9x9we3khXb@J^rdE1}w z$cbQ5{tsG%2e_TyJ(Xt|?7^w+)FW2%OSy1*YL zuq|syeGdl9NAhy+ZxF70mJ>_{%*AZ^Z9~BLs4N27D^(Ng=^N#AF1ah{ppA-X=mL-C zIocfKVqE?EW21`V1F)Pxdf{9w-~ozrP4>y*^SBh(?Qr{#-K);RI3mI$XTsjosCoCO zkE5l25&b29NTejR7L6sypCRg)Goe+oT6%yoqz}V7@p$MgUQ?1qt2|ZRW4J5c*!MSg z^0(ItIyp3r>Ags2hfy1!^I=~*HaGX?@_JgE%KRcT+0AN?Y@Uf4SqOvDw08rqFxlKaR`xh!S9VkCrQhfHxN6H-`FQ8b-zy_3hWV9v)Ui}dz+H9pvcDs-(aixzXPw^d!EO1^ zkWewx=x8`puJ5OX(8wr94 zFMyj^Bei05GJ-|RF((xWZI&m-wCoV|(7umCEs23zMy=k0ebih0 zX*gbAg2OJ<5q{|&;D>CU?NZ zP>z6yJV^=IAeX)BwSn3`j=To(muMnA*VXY@(0@ieMoD{2{UhiTS!XsDJ(Q z^8rtQ#N@y-??-*e!3=|&!`HYqZEDqJxP_q?uIOg6->N7Il(wZ18b=~j5D&;azVv>8YYX=LE*TTZZ^r)D2Q$0h z9^H}N%j0k!>OvLy#l#c2PO9?f(a%=9Nk@aFh7D{y7^~17(wx&I#pFGHgjb?GJvocE_|5PZHT*EgQSEib69Wqc~j`6WPNO;o?Gq0c{Pdb_=abjR^x-@|lm6i$WJYiA&N?xs*Md91m zS|;&e_`E`FT19figpY>EBe|CUd+0S1Vzm~U=OQw(uVCTz28&L(V7JA0QzEG$R)+JT zp!vvnR}tq(uU|23UCQPL1}?uJ?I(=C^MQ?`B=8_X&d2yf&sZhda{fwuIrlbxT@ouK zpNb>xTtnKB?M5I$5yc|QJ?H);o9fu5M`06p?CV_C|%Hy3fojpV|?qGZ-x175I1{en9uWqj*otJj}P~lJmCv( zUDCb4vN1JjZ;+e$VncInm^Z(8k529ft7xqADNVaAm>mZtkMfpqt=ZwfiaAVd1XFB3 z_kAK_gIUwDa*l}bavxh*peL0(v5UP<2D@39^l*q}jwr}XbxIBYF~DNC8)HV9o=}iz zPrdR8`He3^g`DqovcBBxW;JeUKsPWBS}z;A_@2*qU?wAEpNIU!IT+WjGThqgWZpn? zTRL?hE9}hvjz}x*okXCWxN3NYM<#S;S3Yinu#)+&9W=gxL&0;f-wc!F8j2&eY;fW# zRl~cZ!sTMXU5gU1Ji6?L;g)+l!Vt+;%+zO4i*%-+pVmnB=eNgqBp5gje^D@jwv8I2 z5Rw8eMFG>p7v69MgzL}o()eeYCfK58Q;#Br{Dp8P(bNgT(aDY|ZXo5%OaD146d3Pe z#YjDYfT5oeBCt7G$S9HEdUf%Df@kH_-A>$~*Yp^y)d@PZdOOJ8m?`qRm;D9Vyf5H#98`cpC`D`}SI8r=*bDXYP z94`qp z8qTyQ%V++VQtq)$<)WTP^Z~Ul1lp;p$q9e^J4#}otpB?|c>dGGGFP5<6O|y&^3h#gOcY!D20lPosGS>yP+iA#G3-d5b=RFv_kRhD;Ue0hC8rYl> zdOi%NlmEZ7gkAiZfVn!^_Mkx^cJLi{&*yg3y&&>2F-?^6F!JX?5{*u)B8K4`?+ARG z23th@ZoPOh<1B=#;@}@a@~Om;hJXt5d2ra`?qs|cCHyI;`A703%rUw=FLJaKTDUio zXjqbv`cQ5*({K;X?j!7(9psepv%{a9&1>hkWh&dbefY&pp}Q$>vozCW9=YOGjQMci zYJ9z?1-f6rOoZl7oE}lUb>Q+aWbv!R0fXcWuKxp7^9=R$FCV%+`U~;vKK)8L#KzXA~GGr~d4M;1D?v-2_St z<)M&!PmSqD>#}IT$=jyjLrucx+;!I0Y!XgTiGe2z6O_1H6>ps~2?7tYw1Y{}l3Ye| z>Zhf03ACEct`=C~3Dg_GVp@O)20Hc$F2bW(f+;H?9M}s7tGN>PRnlD#X`yYd-<@A6 zvi|&CZn%x|kLLRN1@(QsT22dPzYHF?(8t1=e*e$?_@Z)2blL?EUyO>4A5gr}`p<>F zc2dNtV*J@-dk+G$)TKH;*l{hXfu`g*)kE^(2}2|3gZ8Ro<4$x@q%g%}m@#)@CEpSx zl}PD`I3sp*0wC$U6zP}jlT$8|<6o(VlDK_--`KJWb(t5bW^@P73Wt~{Ys{@R#{Bm3 zQcB|pr4|nDnh!-F^*_T*LlkDLqg=#{2#0vqUHtEbJc$mRR)kLLs?CfDwD>$$@EY?SWq4Wy-STM3lNih!jQ`S`<6(LNq0CCPq zwU496mxB)jZ#QjTLTG%8Y~|OcG@V63m3x|wv1=$VEU`|Kl_{lgB(_Ml@Se6OB^OlqkfwyCyfzY zEthBL_%`IYgu)+S8WRm(lm@d+JLaOHrkmEV7c2!E*aBNNyBidsC8Y`RH@OznE9LEL z&?H%N#hmw8!e%b=!sFsXg1ya}!u4)Df3>^r`&a3_4#)GG_jmpuZEqPBW!JtB0}?|B zGjw-%NjF1>l$0nSoq~i256-Fx9s|OATxO7|t8K7w}g`pv^cTWpKh@NqI0=@Vq5=@ZU%%7u0;qpe6o4-5Q zZgrXDw^L3vQrlf2yyn6>>@av_$|2YD| zb2+_#`x(OdDWz##&MKvS*uXa&gfd4a&TadO(JV=~GAIYH!_8HW@LNICs!S^ln@vFo zQf24&-aW#GFSS3qV%h76kF5`e7uob@PJXi|WnX4uIkuqZz(0Tp%IJ*{2K9#F5KZ`G zIHJ9%M7jB$^!k=D*uYlC1Gk_30Vzf*d{af!XIb~txR*)nudp^w<+vo&&++ZE`yJHY zZTX8@x!bIFMrs(UZ~bsZe~-;xzeKtu84=wxm4*7^1tOboeOsOD`Tgtg*kaz6ZFn@i zGdd{z9dJG2b|R~wYRs{+h1c>z>z3A~cI(!;22ZNghtB0yZj`js5 z*pR}Ct-Ml^{Vv*P*Ni}VCI|I{>x|ovp-2Z3VVSlNh`+x!D{~D?9l0?tbv}?;>_vyX z_r30AbBE!P(e)a+8M?N3)?{Jq3~#3WRwrJY3>|(wnqRQ|gmd|IXz${O7zNE;3D&?7 zr}XGB-`PrnukN}o_xHDipNO4%^h{b(*zELBU&DjH;@Xt$!(}kB4xaJbOt;a*+};n> zXne3J?Lm^azr6rYA&1KT6xA=*g|mc*EWd3<(mN}N+GPl`>oWSc(CH&+Td;86m~hsq zw%5WR;HrECNCCSB*Ek8{m!{(rSq_yEA%a#z2gY%~)l7$4J+mBXH~d*CpH0-3!Z)Ux zDEG&&3|`=A$hEjX$1y0alaZbd{p*w!sVF#isBbQ(fj&M~P)17u$wWw+E9u4l(dD@? zUUH*g@;apktLEu*#}v65R($2z8-{ODGTgAfGQ*P6!1EJ-?bP_FnlS08S=K>DjX)|5 zJQl=n0_;(dBXm}VZ?5m}9pB4QVmm-fK|$pC*&6RL?y>1k zhwj5gu<<`XyjkS!RP@Cn?lJLaio$jZ`lmvbRNo4b3;8GmP8ZS~&pn*P0g25Pk8dA> z^OeMu-LnIbA6?lHoA>Qm(-gIcYUTgh=^_;*AR$lm4CcOABYyW6Dj$TzwJlaE?xGYB z7_7%;jnBs)!f5IHcNv)?@O)4xo@CU`#7|9z;Y0{JaVZG8H? z+vPE$B?Mebw)U6reIv-}ER^^tYF`GlmTHDg5}|C?61rAJeYF#r6OBwIa@h*I+6@9P zV!ozzAKX*gWo2&g7p>+0)|o&n$t=3jk;0Gt(M)84*+T|e8sI_E(U){z&s;h z`R*s*QPq05B8{s8Q4yYS+3H>}k;MIsFJXZoF`Az1hTb5HaBLJU=hIv;6$zA@<-{6! zb@gq+MwMj5NWwiKkCMpPG5P|KnOKWHyPE|30Uur$^BpQ^LzGNSj7;;49MQz{3Cw-k z2HD!l#Ootv@LJqKsP}+iI-bil&F4-sIhC*B8#$Y5V%@xKB%H+qlW8v0k%DtCSMeiO zKCJ4n4oLW%u{D4TTeC@&d1NvBK(gkQJn(MToBd(kg@ggE;1Bih*6tF0E-DAMT&2GA zjiN91Ma`!lkR5ZM(tg+G84BD#Up%|`-AnEt)E#T2arE)N>1bG8-qf~FEgw53CckBq zcCP?!Nead7(SCfUw_{fpSAq90Ppchd>+%yPH)2bOJ6=TW+Pp~->y(7P@g9|m{rM;d zPq))a%KWvSLhNDei6Q4ifg_!(vmr#Lm^0Q%>y_B{vW|QKdJa z>Q`zh-nU&`q6=G)-NfwH7+Yuq+(+WguYDV8&6Gh5Qx0Gb&RZ788=Bv!YY(A%a`rd8 z5E&v5g?{G8?tTia>t$V=3u-9t8LP^YJMVSY0G8#3m*!Dx$Lw~Ek8oAl_%Z0s$HWxx zNBF-3OfU2RRY+Ij6FJNG*cdjhS$tE21!K-W}wq8MK%QSQIf^7MpWDj+fH%~gn2 zu<^IZ#_A)6xsQAf;>&wMW}NT`lW#eUdbgGJm^^-NGx1B+K^M3e?nPQ}9Hs3R*XBI+ zFbI4>o!n7FKl_j>InwgprGef(WpAml;i{p5ji(4Wy16bwl%NizN|%cBW~w|GuFLAC zN4Pv%f7X zM?P2+5_IYN!(Qjh_qqhXL?5zm{?MO%L-j`odEH2cg}`%DT0u;$a# zoV&oDWlbWOuMPbih!1O@z=|g>BhwywhMP9z^%0;7NHWA1>bu4redWfc#)ni?V~gKcq66slbVjtHR}}<&MwEY9R}|#1-GB5W8%0d5*NQ}qNgwwZ8F@U zS{>an_i=c9muF||)&1fxQ6?h|B1l}{-XU*DBB3GqRB-AAJ|^0=NO%chYh2%mXy z!`cXbzX`>kjIw}_r~Wx7xjvDg|3tAFj1;N7>!BMooiZ2E<_}YW4c!_yi721NGgWKW z4X56jD8IWUGV{eP!0m*$V+msmWs8DN#jz=^PM?4pnMWUYbI`obwQPkxNzy0p#&SdD z;filowGFY(%&p9z3oUhH!I$k@mPOn3_AjCi#S0VIqz&J@l6~`Im;O2lIkNl`bygmz zwRzrI(%8^*WspApc=#3hf?@kC$-IO>=J@o{A)8}E=3+h>41)WZN9UEmEYVv&7}NMV z&gHKc{OTJY6$h-yB{80>U|D@1g6}=m99Ltnu*X-q$ag?$F6bP6OM&mn-5#&zAGz1@ zG+PwSLvvRq+L-p1|*iOhUJrVlA zpvHVaDUOog&a~9uHyg~9G9!45Qy`fFO7-Q(6zmgB{hgfMXc zuRHgKYa%iR5yD!uCY*4?M=tWYRcN^3DnYmzvu$}?ij^I$ga>0hl}Kb;WPBfEk=M*twOrF8*tukqvZ{Hm!TpW4h#?qn1S@P@z1%rD<|m`R z4wJhkiRUU}hzacm`;js5^WGzIf+pXtpteN%wSY|VqfspZ6~Fru7wXv|%UGLp?O`}P zUd)7T1I$GZ4I9~iVeWub9og2O!f~q@l6s0vw@!wU%w#x*kKMS?j(bQPQ+S5;g4=-T zWx~rb8|AB{bklP4TWJaHa-1X~%aH?QGN*+XRGdwI-!TFoTfySz54iXwKcw>Ce@~j+ z!I@OO(w{skYqndc%SK-ug)d$_I~raYf%EF2ZypV7{pwIWjxA!&F?H=}>}S-LCWeUsk%Q0x?@Zm8hTgPD#GNYsS4>~WT+@DEd^ z91Aj^ZCi&+RRO#UD%$ZQAlB8=@_y7iyFa^ZE67g_bofWXAf*f0A{$Vx)H^$#740b0 zF}cQO1>t@c?d$TRF`!BE#Vr}=@3+DrXTt>egh9!8z*PwECo9LDBnHRdb)MI}%|bPb zO>Ywub~;X0{mhAoyZTMUJ6x9RRHB*P_!vW=NW^ zU?WMz%oDu&l|so`5VuP4OA1Ogfw!P_I>re|!6l82sCGI&Uu(h**oJZ= zTTi%Et19V0=I|L$F)O@3KGvMERdKhzLc#u!wS$EG=0A%9Il-+Fw@I8?731m zx$&0Ew%ix?>H5`?p)v2Sks0H>TB>nR)3?z77meQLiZS-m&|XKA8@#vejo%M>dzJW@ zw3JfQ@^Bimv8_XnE4eO$7ZW&`MQ6#u?BrRVavg6Nbc_<{`G+C?h>FSq z9A0}(o;m((gFB8!NG?(8A-RM0q~fVIyWM+GBkWc}77A0?Gew_*Mh|it-5;rCa=CdgQ+VwvCz6DKCudwluMw&2N^4?UOah zRotSgdso2&nIE+dywF#rxrM}c`ej@s58wNZwvzJ+kOdr(*Q8qbUGS-!FWt1v9;ZCW zeLUX}_=-e6HR+@#pTBw}mj6-s{Bchp3RKZjR*TAeItZy=<##lc+DJj*oyO(n zFY=kl$^2Bn9Wa~>V|0wdp3oKQc@RD3R z7@mB10n?=kAd!8{1OSQvqn(buQZ16K>!t+x14JoFnB71|5}=@!S^vn+WP3QNXbmS- zN|-Jps&gS4xzk_#Ise&uAr3NYl7*WCB`i)HB6Spao$eOAQ`b#c~p1)CMBO zRDn?8&RL+KFrX2O7Ii-Oa5*W`I{dup<;YJu634ZTIi_BlN;c*3*-_hq$R{*<&xxNI zerbAzf2-xH^vve#KHOVjA?@v`n*7a@V>fYRg=t}Uu-)YkbXamahAz3e=Mer{J3%+F zYwA<7`=~Ut80~=@b7uA^#%wd%)LUGX@8(vsCFE|s^Ou;2p8K8i2hY}=7}k{hq^o8l zJ`EgB3f6CZzHZ5qLkBiAMHVKLei>$ZNRgit3_B`D?Nx$I4&F1%#w*ZtipH?9(wsF% z=&&fjNfwrH7@jUVS-QV!)OAnH^KnP#ith;T15P4!ckTB6#tuT568oUgc+ZZ!GRKm6e z*DfPvM=+loWjH6d*L}4!j2-xxvZS7`m+--Z^Ep1I=a%jU!riDz?g%KS3forqzkMEq zWSbHeN=cIs4oa5dCv#LC$0N|oXzqApbh14vDOAaQr^3Q4T2jFdKS}-Rx%4f{YFw>g%9V^^k;b+D+(waQ+sjE7@@=nQbr>^rDS0IgqJK1 zXj3mZ^87kP2yyqihFLlrNDb7cDBd{^i$-)MS4t$KxRO!wk&jC)C+L1{L3I``*y0!D z5MozVw^nGczNFcyrvW?dG65gEd+RM_Vua1jcq+d>4Xe38uiXzDLa&RlY~-QSp!9$FsLygG#~p+$iJF@1Bi*zdp` zEM+|Gi7p>Zjo6p9d3p}m8RQ+as3nYNb3&x3Z#kp37@n-alE1pmQHZN0zPna1{drQr zFDN|*Wj?SG%@;(E8zqsr3wwb=Krq8CDPt8r85dbekz-EN&`P2>$OZUslu}Y7`vub@ z_?=yKHoF~{1P+}BCWLB#_u(~q-_dlv9OKc-l%cxwzDC%GdnA*dcPd;MHAp!-Hsy&+ zhsb~*!E4R>$yTzKEGsJ~1p6ozreJS;fBvv0FH}r77v2#$i~k|6w1lXPRcaVHzPDO_ z-YGvTZ<6u+ci-1vK7U9n@R-zQ35y0Sg-Om=78a3iB6ZS1x{ic{W*;^Q*To^AiRO{v7e2eV!KU!~3 z*69Z0|9Hpej&Gl9xZU5MeY7iBPq!eZ-BX-gr(R@;ZT|E_Ogvx5-kYG5;PXR;+Syt< z5+V$B#n^P~;hS~J1a0lk5MLQVN_Nr|bt)}bNiS2FYNo(32XjZ^8WeYu>_O1-*l<9O z1W8Ab>1z?Mv+9l*&KWDS*TVHrB*Xb&Z=zd7*Q=JW!_VZHCKtgTWqSPKM<8A%cE0rE z+#LrH3dbv=`2pBb-=>gyy!*yA8qBK4eb$EZO^mhIgF=q`X7z9)m)V?OH8Qu&|HZBQ zvxc=~4yjTvGk75Z=;FUY5$!x?wG+u+PV=_m5I34KHYZ`CIcyJ2X^dFMhUH? zvs8kjn+z?N(&60bi7EFLOCM;q9t-y{UDJ}n39gp(Z!1k&lqxm4^dcR^M z0wLW;Q}8Medb6m*pnk=(@5i(CK91j>vdS+77tGB|*VsnyR8Sp8w`SB|bo~AnHK0Nx zRKiJoz&)Sw%cqQQj#lw#fFdx=CSva`sHF;X^!h(d9P4_()|AHa6HWo}*a3AS-w{YZ zGUPWZg$jT^aV!^DCT>=NFw_U7^U5pJbG4OmUX9tsYm8uO`|qOJh6AyZiK&W5G5eb< z_mEEjpStN9LK{+T`Y_FffKXEdCZ7*1$J=>kqZCb0>aa89bsl~AB&pN$ zMOsGg$gTEImITsc6e0^jL|#3@1NCV(gGPDpdu)ns`o4vKWW`I@FS7P&626_&`&;cR z%VN@f5i#bNXh1fN2+y0ZxdKcCGMuuvhi}3 zQZeb1XI?t5AF!~OW@x2i#^TNdT^ySb<0xye72MqiWX8nshCpAP1z?`>dKVsifg75# z_4$5!adq_3V^@g^UvI0Uywq*qH}$G+YjW{4Xd3r-0$R%|6MSl2R1t_A#G`AjXNe?XCF^zV+k)qR&@?Ld zwxSctY4u$0VO^ot)FO()Cr~yxSMzAdRTnw=lqtd?3*1>Ws{%{S2aR7GKS+q<03mT$3V*T-c~qku~||Kn5~BnP3Q2 zGv1bxn6nW?De{Ddy-0}gAiIC%=?mIBj<(H0wT<7Y{fjj%xf7Y*u6YLx?iL5RETFh8 zjb8Rrc%v8y-==TZ1jg0GTn-8^^C<(!eW{DlDjDkns}) z*5GRNIQVl)n50Sk!_%FxUS9nOJhE{~HKUscSpN<%z~+xhgQ4_Iaah7fSZg>dO_=QS zs%KytDV#Xn5fJoq)nXjLm?xZ~N6wUpMA6B4x|&U+3Pf6%D1xZH`Mx6`Q*Fk{OZRk{-)j1!hh5!`(bV-ozJA3McBAq1IW< zIfB*2#7KHNaFuh|r7)C@$@U5(k#S+T0l&*5XONyz8$ww2(V z3JbPS6lQ-HmS~S4BFRh?$3&a`<8#@Gl9(}swD0!t57~|*&?=TYSIYu7de)-~DG|(( zuJhfd+d~K{W)$NC8h7&s-1g|t$!uCVXI41>wX1PrCN@F>jXnSwV!mDxMwHvfRIWlz zkAh4dlu!5@Mq6BK0$u}!tb?Dc*$;_FsfEnuYMl&o`x3Zm)HM^ICJT9QY_geO&Jt7e z`P(gAp77DI-g{O7gmD=Fj8k*sA?7 z*tgYy67YQ*UTQzR{w~2=p>#yqifYM6LQ^9}m3la?+8Qa?`94xmY$m+;mj98XKj;-T zAQGY~`@nFB9p&{mY4}=I%9J<^gN_QtJAcj;QR|gb(k!tfzb$*5syeKfWe9v&H%DK@ z+7nv4Vy?LYj||qvGS(~`JoHh@r3`C}$i`YEL0J;A(wdoOuccb2S8TY;jl}V+h06Qr zx92m%$dkhtLppqT@1VVJZjkj`449PE`u>g!p=gG$i!ePSPcVIDR3<7+?(g#LXE@|p z<$9?|BobyXV__=w(je&i;2&mLS-u^wtt^^vioR_8cHq0&z z$5tINWnFX+KkP@U%6N*r0wLXlKf%7EA|&L%D@^K^{pU3P4>bxYrk+ToBjx7zXAJTc zBSNXp5}l~pzQe@zSDV~0B)fIiOVEqO<^hVrO+6&EHhs@ZJ94|Q&lN--Yhr{h=Q1@5 zRj|q1)!bqHkoWqB46xNoW8bE{Ev>sZV)*;fuDJi>PP8-cEzVcZ>(OQP4?JJ_o7~dG z9>tKS6l`Oa!@xme%o9Y8n@Ajhw(rOEcU4NNPNIjPVr5PJ{!umMmdiJS08qF-Ura2> za|V+`)}lVS8{+&oqxl28Gur#1pEybvlofMSmzj%@ zMj4m-`FS9T_zP}pgQ~|tXl4CV;aX|Hbx;LtR?j5>7*I||@}7b2Y1sA-fSo1}2yO3_ z1Bu4W1n@<~pU|VGiR} zU=^yO!C(S?iN0D3pb?)1DAr}xchb=iFng!%cZM@z@-RQCa*|f0y}|8EY5E9Cg-^}{ z5XuRcCpEvURI$ae#t*x@1$l1t5{lpWY6^$Uj?o4=t|Ff-{$Z8zSFNJH0+z-aK%Sl)J+qCxRgp|xSKs9_Q@jwDdp^H2-Ors8?Jn1%v z43J}_cRwWpE&%_0dKQJ7A`ekTL6w1t*xuw5@00vP?~NI^QV4XbAbUGpu?qm z$2$>IUGjDc^v6nXJwAW=p?MeZ0!)Nn_sKa_V6p{PvjvEz)F` zPS_SAdopDcu3dUt?pN1xZN%h#?+LcsS)tC~%gW!D_ll39=t!J4^PIeYyk+T9I@mvC zxVy2ICNMgjFNd8N9?ybVOz=@EsVSE7CUx zL7)G6!#bw0bid05Z9kVq_^`01Rb@-G;Xc>B(JJ9H?j*(ZN6#JU0z|g2b!P5Bp@qX> zy&Si1*BhTM&{L652Q|b5u5$oC;+kbqn&o825+UL=hjAT>t!#zP^{U)zuAi>{cLln( zJvf3X#7_c_m=hpkOYQpqXvazW%~DMcY-3981Q=DlwkHdQ<$X3ut#co1GBax>l45vL zGxN68(QfP&?UMPAel&jVq}u6ZBw#|PnaPUvj&C&m(Muw(vFOd5L<~yFN32Xd_{r*w z5{eT!W)O^09Pg2;6pq`;683<%Sx4D!GiVyOi1&LCaz63aGM`mg6%ws!6bGG2pC`$-KY8ONuHs6~<04$n+E$>HRn@+=`{ z)6@e?*0Jj%i$X3H_RhQvS_Myrh1xx8b)nyO^)EHmbYjIyo;>46?a|+Z52bI>mm4ZN z_yU$iDvKIn`QuK?v29gMLF2u-CUI+8!k2>%c~2twEuitQ9kV2DMliYM9*2ow@8DPN zT8UwZ@PIMjOAw^(bXm1Ub2;LfqTv4aPf_qcUHn662)_%6p=U0S$LL%H_~1*Up9S(! zip2y;x1c4Gc^G^2O#YFMRHoz?ZW<}9FE-!1=v5HBFP0(8iJr6!zW0lCF;RotF17dT zw)BUCk32>oUf^cNQ^3a=iR@e(oB|eYwFNqxZ;R$|Ew>@JNxQxLm`HOnZqiHS2>-s( z1eK_uDAb3*!Or6Qds5>$9NwYDiRiRH(&K!gi{e@}+G+_F)ll3v+DX-*i8BCvv1?d`=-S zuES=ZE#>oSGwdB8rW?)k*Afxe5GX#l)ZLl+_xWL5Vh)iC`k-g{9WXF56#QA(Ke3D! zT{~ReuhnuPAjeebBvOVCQTRKyKe~6hi<2SVj^qy)FuzZld#IxB#*iD&w040e}j9>x{@EsB)DbIDO(133w}*qpQIf3DlA*`!evL4w-^NIG(tEcj2{-O#zV4POK%X|e#O0Q z2S&f-CzvOayO6f3?g6}m+xtU=!bFvOto9f64aN3A6Z_BgXM$3K+e!K86Ydq>MU&J6 zb+Z6)?d~vA+R_i|oi5b5-7QzV!F1Q}*w%ePp*3H^GZYkGrPL3SVCk5Rmbl-a0)g{b zh0?mT)aqfMskg54c^57E@8WNEh2Ju49Mt~nlhiR8)xwSBZAA**-zY~BdiT;j<{V>Y zMZ%wHYH79AQo3@*tTS}w*4TX_=d#vd+}BoLQ|gE2c#R~)8rOfOiY3?HZ%vW3-oK(V zCHnU|0rMVy3`R5MEb9BrgxWv{%jiMNXnt}s`;Y`F2O=FP=Tz_CI07VMwjJPn|75(40y{^lC2!XTvi&D>J@c-ju z*BPw_O}+K11OMlE{(2$0PftcB5NzoHoa%Jn&eZGQd;JeX9Z<^a!9ZRO&CYzYbfK^O z#06ogi0|qE6#zwH%^;khYPa$f!Erke1>7N$9%#1i%|-qfzW2wwDEwxweDqzj5y-yR zfx5QhLKbinXC36ZiHzLN4-3^7XFkf8{&a~ims9W56f-2V4=YY$O4Sn1#R zxxYOA+C-ocP%3bje+OS(h*LHKGC$@xl~ytj(ra?Qq)Sk#V0(mlU|_XRC``~SIIp(F^PS{(yhg$~$diX^>O_2Q{-l>*o^Z$HrE zMCznDCQT#~qY0Fq0F0M~gPw}?&fELB^Z<4SWoc>&hey%8{}$gh#&T`g25xmVa5TkQ z&-u#?SAD~4j8N*Zcn?Lvv!y78mmogEDd7BMrx=IhOHrjMY)kdJpnY_ljw5`+ubd~NWgR?L?0ERx1r zGL;DQdmLG(xVaC$-YBrbzU3U{tx9@>Udp>~$NoPCd4Jv7P+LfYXCN>L7+)~0v5&|0 z1)^omA(=yhFTkAv_*c-_HYWr=e(*i+JD~Lz-&QBN4!gT`1~U7&+13A_Y zs@q|W6~IZ%5STiALEz2W!9Oo1lJT1A9V#ywr3qN(sV2~BuxX|ifGK0*bq?VRYf2OCPW;#5VgQL5``Hq%0bTh@KzPgLBK#@Mi28_dO(fi0G)tCQO}5F8x_|K7)GuTr8TmkaYHHaY?nos#>~>f#EL zSHN1F1StzPk%EqaYqbXbR&HZPVq0~~e^;^KQx!ZI_1>5YVZ3LUnqCTcV_FruIZ>_! zLV69%$`{w|R+_KJRyqQH1yHNkdW9I*tm{n#fYR^8Ze8P`vMdMUU|}pzJ(?mi`U%L7 ztnkk{k(9pP8`1Mz(Tr&A{^J>v%CDFb!VcF4+)iJ--XJ=57+bR-kFZ^5|po+hg=k{s${n zj{<+k=n+Rt+@q-d5`=+<#xAD;S2Wr<*eZMD`G2-Vh&^V(WbB(dK-e1wQ=%IaU%;hF zZS>vI1hxw;2Zmk8T_6I+_|Y=}Hncp3$mNppw)F+mm`whpxL1I~sW?_rDpd_i&CS_*fxv@)4$UmmFPC-y zd_i?r$k)Krxg!9BIj7Ido_;NsA@6$y{0&$eLc2o+j462gOyvm>m~m}jMxq32Y=dcB zNA#YF#NeBC4c`!n-3a8T z%?6`11CXB?I4_GbxXv-XMXJveOBw@m&F?J7CAh-MBfdqmdWgQ@nOR=u4=XR5CxfowuF4ijhkt9shJ^otg#GXM4+>`!VX1?L0$Jt>MP!^=b ztlucIp=>4PGGJ|KB;EWV6wnbRHGaKtCr?~)76v~XS+`Z=?k@a;3 zfgAgH_4G$4(d+pFY5ot7CDef(CkE3!A~BZ<-Y+<~S}Nz@zI>GudL%)a(CNc`j7Ch; z;10LXQ6z$4BqHb0D7GhCgM;fO$InBt@UP3fVV_}TOl96FtLB>{d0>;;yh*Ej*H7j1 z`rT|Xx1*UQ3jmXSYKm5WzO>!muGnb*+PK`?a&b4F&$!}#bC!9%yAB|6j#5k&7V&sI z*`5-*_KHrMs{?z@bwx7M5*UEGh#6Fs7+;qjl>nT_*CQV=u<+IkGiZNY-Y*)<+p+n3 z_|!#?9!DgYi91~mEM3g(s=z~}%qgv~*^+G)=XTyA$6uOLMR$&zIbx-zX1=q!&U85Q&pz@)}G5VkkO?>cxqU<}*`Tc+XZ?i_BJ_q;Hr zyZi?hKA4ZWU@egv`Gp6z8t@jp&y2D!BE(C00O&K0pn`L!xUSer6~nN(%MmW}em@E} zdFkbYzSi8f#h>?X0%}LRh{yRbyH_9s^jk!&zH6`4O6M~w5%%iUTi>E=z$U4!ZrSY< zvP;pLM#7;B_jfg-=~TrSk)u_e0;L!(SHZuNoK{$y7ZqT+TZDaqlA!$LY~m7u18;D? zobe9MozGK3R6{zjlm6C0lH+yC*IQL#1c+>6bhuj^A*LFJIIZavdbNBAmr-fr1WsWB zf$j}j1_^%PT0B6KLoDHjEK=kUWY$Vyk1w$&(C1&L?9guuq2FO*Bf4dTTnS;s@G*8I z5wR?F2t%x6NHJfFt#-qfhxwhe73B0=p8i7WzCEhR;8Sj7wIA^aa&W{k?I=6DJm33L zc4J2%Bh&besUlL42_rgHh7_X{J)DUvZIiY9+ z!;YdLWZLWpZi%W4K|c#Cq6{M%WohwCNH@xsrW2WzA)>7XCn~Ja$m!0vEoYj!(h_f4 zL=yws5;db8%e;yLpAi0Gwf)BegN8vFwU`<04UeOOl68jjZFYvvg?^;cV)txBIUx|Oi_YkaDi7BEH zML0f-S63y&zzgqCwC>rjw>o|)d*6)gBXVxGz*_<>NUbqm5{HDiBmQKpBgN)ckqvkp zM*}^11r@xZ2`M5H2Bn`cA~QC;B1KhDF&$=IaaN`d1cR(+7-}SuoCUE`4`>En1a0Cl zT(qCw=zL5Cw@OO{ z^LHc~ExH6hqk-Saw8IzNj(*?WuVo@Cpv=&JL=X&TSC|Sxh&lIxwzPbZXrdVaWqDf> zhap8~5)LDtJsyk(1kepcaYWr>Mge&l*ve=4X$1%lV04cNvF2eT2Ne%HrPgx%rAR+v zJ&aVD441CgQh|37Hb{rrU>ditQ?_te@Sq@zrYw9UgOn8{k)lSFw6`kxrNV5GE^tgd zk+3DI9D~O)v_g6ton}h29)fd{9nxZTTZu1m!$>hU7YF{STLE!{mlhh$bQfz#(YEJk zd)ly#VTDzyjp%d1OdFtZk9j=YhJVmp&aq?NX{0BY|396MetQTsr|N_Obd{ zSaB$lFozFC)stpj<+0RZ1R~zzg_&-80zR(!+wT=O1|hUe@NWm|{JQuG0A!lwM$T z7K*HdvK+gA7*G23(ZU<@epTp}#0T|=@Q@WiWw-Hf*nPHz0ElL6TNk9Wv%88;X&L|c zkw;IP#0CMO(5UF*kAeigH|CYS=S+Iy7zJ38(cSm&{s?ZElnIy+zs z#u$PSDzcsD3TO~TwIX()+X3@8&XD}GDq+y?Xe`Xw7eMGcLCvq%+xbiRsD}!B-h*&h zE=vZHIDM1573I=JzJ{&#Uc+4yF(^^ZEaT-T5snOeV z37$4T3BFQa2q})E>b?&Dj?GGXfY(cvAdOVBSkb51KU+Rqoy(KP`4M%9Q zWZeU~J)?UcUvvG7Nj(Th%PaO%W%9y&H=gr%)?c>T3+e%pD))WIHW~JJbwpUr zN)e0t3*~J7naGx+34HH^`ADzMXoScFh_v3*$tr@x_)0JgUt-uW(c((zd3>{SWY9J9 zeoLm$_H~^}F8+)UV$oR@O0qs@SsSlTY`+36dxVVxOFi;HwfRCg@VnTPB*D1ODc!o2 z=jlTaTOc$q!N*9mO79B8(Iuo+9l-1eq010eT;3W8eE74%qKl}Zvt2ocd5UytaY?#A zl`BP6Z|-z?=0}j44&xbeZ}tW2H*}_`nB#s^vS_*`Xw9<5zj~@yz-fZ&gI|QC6Q; z9>)sv4yIxjWgHF(!xWBfpe~X|qO})#Ca7u8!f8Bohp}m=8mO5Kt#jEVoGPa*L}*p? zz8C8}mA9Tva0%Y=`?H-wgvX*mgt(1L6#zS+0JLV<+e(QW=nnWPc2dgvh9{=6OF;+lA+VD1hmco>A(S_Xr4)r~y|8v91XNKNv zkyRq2a-F~b^B!kx!aZcNQaO(4s+w8ml?dbt~46JIQ zl_r;a$3^vk#8D9Ov>s<806x(K$3Y=g2Y#xRVZ_BAd3w0|I{(DXNYpZw~(Y7cA zzcot|pQ+=068hHsoi9c-aIZtaX9xfHxPC$qE5gYORk@|TTW}(8p^^c$O6=Oq0`Hz= zEW5WDXU$Xn|7<{iT}gGAdU_l@IF>W*!vI$->8pY{N+V4AD`EXdzx3VaRmPXP3%UoS z{_>~#3;Y6uH)#xccQ#F~1WE#3ssTwmo0l*jSJflEn?=$O$8=6OATS8G18<;t(Rf+( z2?Og)vpi&^n*VW4P7UnF1dHF{>yyWO+>+? zo{!I2%_S1nSDcDa>8~hVTgkTmvd8%AR4PE3ek@@Yy_3K9ETJ8@>1i5g0AW!H1MB8^ zIA`z)<7TDLcWg{hP$}(GAWUZzv{6(i-Oj=k;n^2};lQ7Qh+TbE*p9{ZjvX#xbcdJlgm#Nr-V>ekH;?x^O=^=$a-5Y9&4H&8h0! zuPXoh*82NU^_Uac@J9}BlgNG<&8aN-9a=QP<<)b!FrOJRYxK_Zw@MNhx5i6t7&TcT zL|dqOxp0YR?QZLr`a!QZlrI7^(mJZ{Q^cu?o77s*9`VELZglL0aX5t4R~T0l2}R{axO;8l^>&AFdI{ zhOVLVpKlK@V1!EiXuDDFy)jznyJLPn6#Nw>Y8DA`{n{|{{4HqU4SK<=A~YiY>s5?b zB;Ytg!AAWFgt55+gO7Wcdmdt^9=l)PxAcI>6QQy!ww~k;loB%|#=k#_SGc4C_rIFg zI$8tzRV6^j#IGJp&;&qg#2229S^0hBDq+1-(`EYScVldV4CKkqx`VXWbMQTCUVo%5 zkK(YXpYzRjTWFD08&bXq4|knw{F3pLhXfr41wV+d%pRb(ngO(J2jE^-2}al7jYWXL z2pC_u0*L$_z~ZL$)#%cU&hg*Jwp5&H6dEwW)ZH*3IRIS})p;r|j{?n8Z70#t*CLkd znn(6*y_lT6n4HU?OMa&e!~g;DbU%Q|^Q<{f=N{+J0qc?zK)9sbAJ=|#ZFhT35A_A; zfI~w|j@)8l6n%Bj#hJ=%_S_mv9WDDcbOoHVZyN*Th6NsuZw+j7YR+(XD_8*s@@iD~1 z4V?Cx)+kCrtB_XR@48wCgJuBjRCAfGenGVJ6hJf|7`0v=AH=aKYuLdViJ)y^H2{QF z=G+&JGy&ixudT{QZ3+Nw+gvAXgK5LubtbsWOl=w6qduk+kk2{eRFZ2Cfd1Il!a?=9 zuNgK~T$W%s^7wq2sNUI*pSs8qNXqZCc8RedL#Ix9c85N$0pW^2lho6n9(ypC*}8HE z?Ykf)I63W=*NSQ0+%@G;3^2^je;*E=J|XP7hCWl?g$HK#&T%(8Za@;QXIQy(g0YUD*r_gx`-P$~-deAOWdN{@0uC zJ@8oFPi33+E*DAXirx73OrS*!t_vCw; zwaF3PTQ%tYk$7A=j|A~~KbH2q6>%owWSExUPXM-ORX*rKzm1M7An|iC?39yalc*hY z>6{*GF4Fcqp&(Pz>*X3e?g^MZKlSl@1~JjL4Hp^3`8F~pGSjz@L+cTe#;MQT{GcTl z#V@yB5H^~MyAjv_lFS8SPZj7aIsNRI1B&Szm{*)*{dQ?lsXBZqh# zvZ7h2M5;%Ul0&2tbBu=XrFwmTkLUHA+$IGjJ%`r1us^~qEG3r)A?S~G2wa$hFD5BdB+}2lsa-*&5NYh`3lrclC zhenx?q+27-bMP|)i8DpgN?Jy~QoZW(G#(wS3n@xKq zRN`bO)uS8s@Y32Lau$9ArsWO(-lu#E^SzO?c#fIoIB7HlWls1?kw92Qaye!uatCioByhtSpq?Z;8NNhCG?fY_q6&#^Fn0nXF3; zlg`NA)EGS?^&K=th9Pa}aYp}xT+-@EXi7O_|E5?YDKWivp(%NC-rabBrQyJf$FOL6 zBnpnJ_d+oQy;>`#%1ZkBM!?iHmfG>Cq46mYaGr7hBv0V^AN+NntG0ZAfm?By6WiwT z=e>ww{{#0z?H@O$cB&?sE?BS3hMoU`EM#n3#fY!1Dk^_$SguR#&=rYFT0)or7Hh2A zqv=r(!^yD&y+z6E1}E;G>>q%O%VD*ZCl){@n7dMUw`a4wWnX0c3kSj0YP3Uxa!dio zBNY0nzR@n?dJny=m?C1v6HqJr_gPH5+7l-|cI&&qXHMSxR0P)+Y@^3^T>Z}C*WLAg zBxb3*vbEk!N}fnH^Bt*s*`QQC`tj+O)7ao2G4pFUtIc8K}Zi(ZdMhM9xxtz z+u3=WF1>-J=wJCTKEg5)J!P#J#Qh$9OwFc~yK(-KCH}|Wt03A# zXXW7TZD;n?-AuMX_R`YT`V8cw>|^^J6xAEk-Icj|UjK=AiED=1N` zr{BXSEh3MGmh*9JoHi(Xr>@SZOyAb>lyMh1+beVowM{z?%_zIpn(j$+xZ7P}A>d2@ zygV&dtczwl*5ibLrfVDjo$#besw9Zmnx^>U=#}3ak}h>s8HCENyRD6#~$T=b&7Cele8B(U$cDfDIFUnpD{UNm`<8TxDJi{tZbp$ra z7)exaDnOaHP)0lWvh}PVuKK=gf^6;@iL{j*!R5V$Zf{0zet1)Rn)g!6+%XBKG1e!c zyUGhiNv2?RlsA1=AF7rPn>(S#3bZ`({tM0d%-DzXK917eOmmw$cFUGG|=WKQE)E|wd>mZol!r%9(zc80V}KX~CWGxxW%$F#xVET&*-kwP~u zvI;5Qr==FF0?sM%1BPL&gmkbX+!jUL5{a9IinTgJ`7hhW#!9_gc4R{$%$6Vs&`46` zCFqIItg9C|Ac)nq=Pg^ZN#`#sJT5bS&_8L=r@H$yt#GuQZa`gh;M;eWAx zIntZ$owraNW@jeO;W@0tGTN8j0KR5J5m+Bb)9xhZURH4dpG?&0ST7QFZV90!sS+Pw^yGBCIP_Z&tD-2~%Dk(ZgW=FwR(K_o>#r z2w40Xl?ULn^InC=RsW226TzGkC`);MU-eDWGUtstNqXh7&kdC*FJw`>4iyIRgk?wE zfcqQ@a7%Wtt*KgfN)lSC=kW}F^Z3~?bV&*s?IcaA-l*My8N;H>io&7kzzSer_a5hZdQK z^2C?5j3sI3pN?%>F5bf|HyAiwj^VLYlC%6h)^^GE53(+ycc?Hnv(sdAgM(Mg`pe%j z2u$&Bu|>^>cJN)6vdxHWF?&AVVi8RDU6Y6KPo zVAlfjiqlYSA;&2nn7C7mQY|?B)fVq^O7f}C94ar7ay?|FY`&76c+2Mzx<*@FdloHf zGi8OEiIV=7BUlc4RZG?MuB%K*TOBhZbtZevhOO*<619;xjFQT0CQFJF`UHsyQQIj- zq)tfZK8@MRiz1)6VDt%Jbqa&D*W7VmM`;^-aPE zwh=B{vq5Np(AF0+2O+1mAj5mGF0zarV7p>#mW=unY_75Qnc~$5^Rc=kk^`qi8+wOA zSNxbjmT!|#rL36t#5fvlnY$e;->9?Y+6Y|QhMz6+3hiD4aqz8c^@lx4cN*DEGNvV z)!%f#AAPfHPTS)v0{Rg=tmzFcp#mFqs07d6fZ>nMJ{bICsq#WRej1%Mz ze)=Q-(B-kU*vL=T`Q^zzH!tcraL;c$b*Ny(4)Y!r>g9D9VZ=+-v*Ak(4!&uauIuya zPXKw~L9(@kSBmV@gSU;$J>*2rg=5WoQ;lZJRJsWf-`sHaViM@9C5abHY>e)5!VSB0 zEUwJwq{S^yQ+RLuxlWt@+(xG~?Vyw$ijfn<8?gYSZ)~8oa)0#4S5=J$^qmp}p^KTM5_&hrh4(A7O4b77o$!+qgJ9UpU0p z%3H@*7+UsoD*c*JKR+ocR6hB7@u2F@Aof=%`}4C=VJV}eK=88l-)BkJ5^+7Ov!^{Y zeeri$g`>zdarZa4+~tD|#uvn>rQjo~;BX(|b9})*!u8~eRl*k=Li(EozFtsV@q7V4 zr%Ye-fP{Ge>km-vc;i`)*-PD`I@f%_6RDXF*CeHUZW$>YJH6;cGO8i~1S>!T5ZTI~ z$pmY-Vo(6Q&CuGDFLDe5xi+wQS2Uo|Qf<2V8+E@! zmSEZOW9otGKL(X|6`)ZeLnR~k1Fw3m?=sQVWy%)OWMCBwz%l|1N_B^Wa54seZ}UpI zWr97H_U{|nBzn>4=vfY-9CW_J0x@^Io+`f>ynSb;Mv?<$ z1#o|~{02`ps(!bZ%&QfPM$CFDf-PB}qbn5vbk3uNzyzjLs#q~u4a(bge03J@I=x0a zGccyTGG@wuzJ$b(^4jx+`_wSgz&h{L!t(yVx79-om8}5aX2&c2pdM0J5Z8@fLRwoB z3z8KlC<-x>Ut@;fRRzMn{gAbJ0ds}wY z2lfMTo8A2fa!WGg#f%p-WMZqAnv>N!7EGE-4w1oZdp72V<0U`gcY)KNP8+~LmLusx zSuM{?L8wqX)t1MBBq3JehiaQh)w7F)A6HcmKFKJ7p*~%82ySgD=sGNA?6V^n|KFL` zF6GNHOdCVVHyqdb0#5O0k6Pe8n43=`l({P;mHm)K%f;75CfK+nxo{_jySh-`z~?YL zNEd>2G%lrR=x3%}$v64EmHxWdR!cF@xltj#YnV0{?7dV1)OwC|R+fM<;QBb{3&Tm4 zCP$vv*1Y&?_fYqOVP@jVe2qm%Q;|XkRmye=7xc?ssmbK2@h8__OcI+vP6hPL?LBtB z1N#s1?dJ-0X31ju%p)iTOf@XYv%x>yCmZw^915TKygTWRTM4^hlsEg8-J)TON)Rrr zj5Vn@XK;%zI9(HI$Nb3f+KsdM2PX=%bW|~6USt!pe2uG>rO6U_+1ogh3W=VH{{>BH BL;3&! diff --git a/website/source/guides/cubbyhole.html.md b/website/source/guides/cubbyhole.html.md index 6825dc012bab..c1eb4c3421bb 100644 --- a/website/source/guides/cubbyhole.html.md +++ b/website/source/guides/cubbyhole.html.md @@ -30,6 +30,13 @@ long as its policy allows it. 10 minutes +## Personas + +The end-to-end scenario described in this guide involves two personas: + +- **`admin`** with privileged permissions to create tokens and policies +- **`app`** is the receiving client of a wrapped response + ## Challenge In order to tightly manage the secrets, you set the scope of who can do what @@ -50,39 +57,95 @@ like any other tokens so that the risk of unauthorized access can be minimized. To perform the tasks described in this guide, you need to have a Vault environment. Refer to the [Getting -Started](/intro/getting-started/install.html) guide to install Vault. - -Make sure that your Vault server has been [initialized and +Started](/intro/getting-started/install.html) guide to install Vault. Make sure +that your Vault server has been [initialized and unsealed](/intro/getting-started/deploy.html). +### Policy requirements + +To perform all tasks demonstrated in this guide, you need to be able to +authenticate with Vault as an [**`admin`** user](#personas). + +-> **NOTE:** For the purpose of this guide, you can use **`root`** token to work +with Vault. However, it is recommended that root tokens are only used for just +enough initial setup or in emergencies. As a best practice, use tokens with +appropriate set of policies based on your role in the organization. + +The `admin` policy must include the following permissions: + +```shell +# Manage tokens +path "sys/auth/token/*" { + capabilities = [ "create", "read", "update", "delete" ] +} + +# Write ACL policies +path "sys/policy/*" { + capabilities = [ "create", "read", "update", "delete", "list" ] +} + +# Access cubbyhole backend +path "cubbyhole/private/*" { + capabilities = ["create", "read", "update", "delete", "list"] +} +``` ## Steps To distribute the initial token to an app using cubbyhole response wrapping, you perform the following tasks: -1. Create and wrap a token -2. Unwrap the secret +1. [Create and wrap a token](#step1) +2. [Unwrap the secret](#step2) -### Step 1: Create and wrap a token +### Step 1: Create and wrap a token +(**Persona:** admin) When the response to `vault token-create` request is wrapped, Vault inserts the generated token it into the cubbyhole of a single-use token, returning that single-use wrapping token. Retrieving the secret requires an unwrap operation against this wrapping token. +In this scenario, an [admin user](#personas) creates a token using response wrapping. To perform the steps in this guide, first create a policy for the app. + +`app-policy.hcl`: + +```shell +# Unwrap the token +path "sys/wrapping/unwrap" { + capabilities = [ "create", "read" ] +} + +# For testing, read-only on secret/dev path +path "secret/dev" { + capabilities = [ "read" ] +} +``` + #### CLI command +First create an `apps` policy: + ```shell -vault token-create -policy= -wrap-ttl= +$ vault policy-write apps apps-policy.hcl +Policy 'apps' written. +``` + +To create a token using response wrapping: + +```shell +$ vault token-create -policy= -wrap-ttl= ``` Where the `` is a numeric string indicating the TTL of the response. **Example:** +Generate a token for `app` persona using response wrapping with TTL of 60 +seconds. + ```shell -vault token-create -policy=app-policy -wrap-ttl=60s +$ vault token-create -policy=apps -wrap-ttl=60s Key Value --- ----- @@ -93,19 +156,22 @@ wrapping_token_creation_path: auth/token/create wrapped_accessor: 195763a9-3f26-1fcf-6a1a-ee0a11e76cb1 ``` -#### API call using cURL - -Before begin, create the following environment variables for your convenience: +The response is the wrapping token; therefore, the admin user does not even see +the generated token from the `token-create` command. -- **VAULT_ADDR** is set to your Vault server address -- **VAULT_TOKEN** is set to your Vault token +#### API call using cURL -**Example:** +First create an `apps` policy: -```plaintext -$ export VAULT_ADDR=http://127.0.0.1:8201 +```shell +$ curl --header "X-Vault-Token: ..." --request PUT \ + --data @payload.json \ + https://vault.rocks/v1/sys/policy/apps -$ export VAULT_TOKEN=0c4d13ba-9f5b-475e-faf2-8f39b28263a5 +$ cat payload.json +{ + "policy": "path \"sys/wrapping/unwrap\" { capabilities = [ \"create\", \"read\" ] ... }" +} ``` Response wrapping is per-request and is triggered by providing to Vault the @@ -113,12 +179,27 @@ desired TTL for a response-wrapping token for that request. This is set using the **`X-Vault-Wrap-TTL`** header in the request and can be either an integer number of seconds or a string duration. +```shell +$ curl --header "X-Vault-Wrap-TTL: " \ + --header "X-Vault-Token: " \ + --request \ + --data '' \ + /v1/ +``` + +Where `` can be either an integer number of seconds or a string duration of +seconds (15s), minutes (20m), or hours (25h). + **Example:** -```text -curl -X POST -H "X-Vault-Token: $VAULT_TOKEN" -H "X-Vault-Wrap-TTL: 60s" \ - -d '{"policies":["app-policy"]}' $VAULT_ADDR/v1/auth/token/create | jq +To wrap the response of token-create request: +```shell +$ curl --header "X-Vault-Wrap-TTL: 60s" \ + --header "X-Vault-Token: ..." \ + --request POST \ + --data '{"policies":["apps"]}' \ + https://vault.rocks/v1/auth/token/create | jq { "request_id": "", "lease_id": "", @@ -137,25 +218,32 @@ curl -X POST -H "X-Vault-Token: $VAULT_TOKEN" -H "X-Vault-Wrap-TTL: 60s" \ } ``` -### Step 2: Unwrap the secret +Generate a token for `app` persona using response wrapping with TTL of 60 +seconds. The admin user does not even see the generated token. -The client uses the wrapping token to unwrap the secret. -**NOTE:** -If a client has been expecting delivery of a response-wrapping token and none -arrives, this may be due to an attacker intercepting the token and then -preventing it from traveling further. This should cause an alert to trigger an -immediate investigation. +### Step 2: Unwrap the secret +(**Persona:** app) + +The response is wrapped by a wrapping token, and retrieving it requires an +unwrap operation against this token. + +-> **NOTE:** If a client has been expecting delivery of a response-wrapping +token and none arrives, this may be due to an attacker intercepting the token +and then preventing it from traveling further. This should cause an alert to +trigger an immediate investigation. #### CLI command -```text -vault unwrap +To unwrap the secret: + +```shell +$ vault unwrap ``` Or -```text -VAULT_TOKEN= vault unwrap +```shell +$ VAULT_TOKEN= vault unwrap ``` In this scenario, the wrapped secret is a Vault token. Therefore, it probably @@ -172,16 +260,34 @@ token 7bb915b2-8a44-48b0-a71d-72b590252016 token_accessor 195763a9-3f26-1fcf-6a1a-ee0a11e76cb1 token_duration 768h0m0s token_renewable true -token_policies [app-policy default] +token_policies [apps default] +``` + +Once the client acquired the token, future requests can be made using this +token. + +```shell +$ vault auth 7bb915b2-8a44-48b0-a71d-72b590252016 + +$ vault read secret/dev ``` #### API call using cURL -To enable the AppRole auth backend via API: +To unwrap the secret, use `/sys/wrapping/unwrap` endpoint: -```text -curl -X POST -H "X-Vault-Token: $WRAPPING_TOKEN" $VAULT_ADDR/v1/sys/wrapping/unwrap | jq +```shell +$ curl --header "X-Vault-Token: " \ + --request POST \ + /v1/sys/wrapping/unwrap +``` +**Example:** + +```shell +$ curl --header "X-Vault-Token: e095129f-123a-4fef-c007-1f6a487cfa78" \ + --request POST \ + https://vault.rocks/v1/sys/wrapping/unwrap | jq { "request_id": "d704435d-c1cf-b8a3-52f6-ec50bc8246c4", "lease_id": "", @@ -194,7 +300,7 @@ curl -X POST -H "X-Vault-Token: $WRAPPING_TOKEN" $VAULT_ADDR/v1/sys/wrapping/unw "client_token": "af5f7682-aa55-fa37-5039-ee116df56600", "accessor": "19b5407e-b304-7cde-e946-54942325d3c1", "policies": [ - "app-policy", + "apps", "default" ], "metadata": null, @@ -204,6 +310,17 @@ curl -X POST -H "X-Vault-Token: $WRAPPING_TOKEN" $VAULT_ADDR/v1/sys/wrapping/unw } ``` +Once the client acquired the token, future requests can be made using this +token. + +```plaintext +$ curl --header "X-Vault-Token: af5f7682-aa55-fa37-5039-ee116df56600" \ + --request GET \ + https://vault.rocks/v1/secret/dev | jq +{ + "errors": [] +} +``` ## Additional Discussion @@ -215,7 +332,7 @@ To test the cubbyhole secret backend, perform the following steps. First, create `tester` policy which grants permissions on the path under `cubbyhole/private/` prefix. -```text +```shell $ vault policy-write tester tester.hcl $ cat tester.hcl @@ -227,7 +344,7 @@ path "cubbyhole/private/*" { Create a token attached to the `tester` policy, and then authenticate using the token. -```text +```shell $ vault token-create -policy=tester Key Value --- ----- @@ -249,7 +366,7 @@ token_policies: [default tester] You should be able to write secrets under `cubbyhole/private/` path, and read it back. -```text +```shell $ vault write cubbyhole/private/access-token token="123456789abcdefg87654321" Success! Data written to: cubbyhole/private/access-token @@ -262,8 +379,8 @@ token 123456789abcdefg87654321 Now, try to access the secret using the root token, you shouldn't be able to read. -```text -VAULT_TOKEN= vault read cubbyhole/private/access-token +```shell +$ VAULT_TOKEN= vault read cubbyhole/private/access-token No value found at cubbyhole/private/access-token ``` diff --git a/website/source/guides/lease.html.md b/website/source/guides/lease.html.md index 875b9d819894..ec11cdad7efa 100644 --- a/website/source/guides/lease.html.md +++ b/website/source/guides/lease.html.md @@ -57,25 +57,24 @@ renewal and revocation Consider the following scenarios: - Currently, there is no **break glass** procedure available -- Credentials for externals systems (e.g. AWS, MySQL) are shared +- Credentials for external systems (e.g. AWS, MySQL) are shared - Need a temporal access to database in a specific scenario ## Solution Vault has built-in support for secret revocation. Vault can revoke not only single secret, but also a tree of secrets. For example, Vault can revoke all -secrets read by a specific user or all secrets of a specific type. Revocation -assists in key rolling as well as locking down systems in the case of an -intrusion. This also allows for organizations to plan and train for various +secrets read by a specific **user** or all secrets of a specific **type**. +Revocation assists in key rolling as well as locking down systems in the case of +an intrusion. This also allows for organizations to plan and train for various "break glass" procedures. ## Prerequisites To perform the tasks described in this guide, you need to have a Vault environment. Refer to the [Getting -Started](/intro/getting-started/install.html) guide to install Vault. - -Make sure that your Vault server has been [initialized and +Started](/intro/getting-started/install.html) guide to install Vault. Make sure +that your Vault server has been [initialized and unsealed](/intro/getting-started/deploy.html). ## Steps @@ -100,7 +99,7 @@ When you create leases with no specific TTL values, the default value applies to the lease. ```shell -vault auth -methods +$ vault auth -methods Path Type Accessor Default TTL Max TTL Replication Behavior Description approle/ approle auth_approle_53f0fb08 system system replicated @@ -115,15 +114,17 @@ shorter in Vault's configuration file. Another option is to tune the mount configuration to override the system defaults by calling the **`/sys/mounts//tune`** endpoint (e.g. `/sys/mounts/database/tune`). For the auth backend system configuration, call -**`/sys/auth//tune`** endpoint. See the [Reference Content](#reference) -for more detail. +**`/sys/auth//tune`** endpoint. + +NOTE: Refer to the [Advanced Features](#advanced-features) section for tuning +the backend system configuration. #### CLI command Read the default TTL settings for **token** auth backend: ```shell -vault read sys/auth/token/tune +$ vault read sys/auth/token/tune Key Value --- ----- @@ -134,23 +135,23 @@ max_lease_ttl 2764800 #### API call using cURL -Before begin, create the following environment variables for your convenience: - -- **VAULT_ADDR** is set to your Vault server address -- **VAULT_TOKEN** is set to your Vault token - -**Example:** - -```plaintext -$ export VAULT_ADDR=http://127.0.0.1:8201 +Use `/sys/mounts` endpoint to read the default TTL settings for **token** auth +backend: -$ export VAULT_TOKEN=0c4d13ba-9f5b-475e-faf2-8f39b28263a5 +```shell +$ curl --header "X-Vault-Token: " \ + --request GET \ + /v1/sys/auth/token/tune ``` -Read the default TTL settings for **token** auth backend: +Where `` is your valid token with read permission on the +`sys/auth/token/tune` path. -```plaintext -$ curl -X GET -H "X-Vault-Token: $VAULT_TOKEN" $VAULT_ADDR/v1/sys/auth/token/tune | jq +**Example:** + +```shell +$ curl --header "X-Vault-Token: ..." --request GET \ + https://vault.rocks/v1/sys/auth/token/tune | jq { "default_lease_ttl": 2764800, "max_lease_ttl": 2764800, @@ -179,15 +180,17 @@ Create a new token with TTL of 30 seconds. #### CLI command ```shell +# Create a token with TTL of 30 seconds $ vault token-create -ttl=30s Key Value --- ----- -token 7544266f-3ec9-81a6-d504-e258b89de862 +token 7544266f-3ec9-81a6--data504-e258b89de862 token_accessor 59aae2f1-2e97-6ebb-f925-8a97cf5a9942 token_duration 30s token_renewable true token_policies [root] +# Test the new token $ VAULT_TOKEN=3b2b1285-844b-4b40-6afa-623f39c1b738 vault token-lookup Key Value --- ----- @@ -220,13 +223,13 @@ token usage. You can **renew** the token's TTL as long as the token has not expired, yet. ```shell -vault token-renew +$ vault token-renew ``` If you want to renew and extend the token's TTL, pass the desired extension: ```shell -vault token-renew +$ vault token-renew ``` The extension value can be an integer number of seconds (e.g. 3600) or a string @@ -235,10 +238,11 @@ duration (e.g. "1h"). #### API call using cURL -```plaintext -curl -X POST -H "X-Vault-Token: $VAULT_TOKEN" -d '{"ttl": "30s"}' \ - $VAULT_ADDR/v1/auth/token/create | jq - +```shell +# Create a new token with TTl of 30 seconds +$ curl --header "X-Vault-Token: ..." --request POST \ + --data '{"ttl": "30s"}' \ + https://vault.rocks/v1/auth/token/create | jq { ... "auth": { @@ -252,18 +256,15 @@ curl -X POST -H "X-Vault-Token: $VAULT_TOKEN" -d '{"ttl": "30s"}' \ "renewable": true } } -``` - -#### Verification - -```plaintext -curl -X GET -H "X-Vault-Token: f7d88963-1aba-64d7-11a0-9282ae7681d0" \ - $VAULT_ADDR/v1/auth/token/lookup-self | jq +# Pass the returned token (`client_token`) in the `X-Vault-Token` header to test +$ curl --header "X-Vault-Token: f7d88963-1aba-64d7-11a0-9282ae7681d0" \ + --request GET \ + https://vault.rocks/v1/auth/token/lookup-self | jq { ... "data": { - "accessor": "a54fea3f-6c09-d288-ede5-53288569f988", + "accessor": "a54fea3f-6c09--data288-ede5-53288569f988", "creation_time": 1515702669, "creation_ttl": 30, ... @@ -281,11 +282,14 @@ token usage. #### Renew the token: -```plaintext -$ curl -X POST -H "X-Vault-Token: $VAULT_TOKEN" $VAULT_ADDR/v1/auth/token/renew/ | jq +```shell +$ curl --header "X-Vault-Token: ..." --request POST \ + https://vault.rocks/v1/auth/token/renew/ | jq -$ curl -X POST -H "X-Vault-Token: $VAULT_TOKEN" -d '{"increment": "3600"}' \ - $VAULT_ADDR/v1/auth/token/renew/ | jq +# Renew token with 1 hour extension +$ curl --header "X-Vault-Token: ..." --request POST \ + --data '{"increment": "3600"}' \ + https://vault.rocks/v1/auth/token/renew/ | jq ``` -> **NOTE:** Tokens can be renewed as long as its life hasn't reached its max @@ -312,12 +316,12 @@ Create a token with `-use-limit` property argument. **Example:** ```shell -vault token-create -policy=default -use-limit=2 +$ vault token-create -policy=default -use-limit=2 Key Value --- ----- token bd39178e-176e-cc91-3930-94f7b0194de5 -token_accessor a230f5ab-b59f-db0b-855d-36ea4319b58e +token_accessor a230f5ab-b59f--datab0b-855d-36ea4319b58e token_duration 768h0m0s token_renewable true token_policies [default] @@ -332,7 +336,7 @@ $ VAULT_TOKEN=bd39178e-176e-cc91-3930-94f7b0194de5 vault token-lookup Key Value --- ----- -accessor a230f5ab-b59f-db0b-855d-36ea4319b58e +accessor a230f5ab-b59f--datab0b-855d-36ea4319b58e creation_time 1515710251 creation_ttl 2764800 display_name token @@ -373,10 +377,10 @@ the attempt to read the secret from cubbyhole failed. Set the `num_uses` property in the request payload. -```plaintext -curl -X POST -H "X-Vault-Token: $VAULT_TOKEN" -d '{ "policies": ["default"], "num_uses":2 }' \ - $VAULT_ADDR/v1/auth/token/create | jq - +```shell +$ curl --header "X-Vault-Token: ..." --request POST \ + --data '{ "policies": ["default"], "num_uses":2 }' \ + https://vault.rocks/v1/auth/token/create | jq { "request_id": "0e98ff80-2825-7f50-6522-b6f95d596ef4", "lease_id": "", @@ -402,9 +406,10 @@ This creates a token with _default_ policy with use limit of 2. #### Verification -```plaintext -$ curl -X GET -H "X-Vault-Token: d9c2f2e5-6b8a-4021-476c-ebd3f166d668" \ - $VAULT_ADDR/v1/auth/token/lookup-self | jq +```text +$ curl --header "X-Vault-Token: d9c2f2e5-6b8a-4021-476c-ebd3f166d668" \ + --request GET \ + https://vault.rocks/v1/auth/token/lookup-self | jq { "request_id": "77be1321-c0ca-e099-6f92-4ad87133b044", "lease_id": "", @@ -424,12 +429,15 @@ $ curl -X GET -H "X-Vault-Token: d9c2f2e5-6b8a-4021-476c-ebd3f166d668" \ ... } -$ curl -X POST -H "X-Vault-Token: d9c2f2e5-6b8a-4021-476c-ebd3f166d668" \ - -d '{ "value": "d9c2f2e5-6b8a-4021-476c-ebd3f166d668" }' $VAULT_ADDR/v1/cubbyhole/token - +$ curl --header "X-Vault-Token: d9c2f2e5-6b8a-4021-476c-ebd3f166d668" \ + --request POST \ + --data '{ "value": "d9c2f2e5-6b8a-4021-476c-ebd3f166d668" }' \ + https://vault.rocks/v1/cubbyhole/token -$ curl -X GET -H "X-Vault-Token: d9c2f2e5-6b8a-4021-476c-ebd3f166d668" $VAULT_ADDR/v1/cubbyhole/token | jq +$ curl --header "X-Vault-Token: d9c2f2e5-6b8a-4021-476c-ebd3f166d668" \ + --request GET \ + https://vault.rocks/v1/cubbyhole/token | jq { "errors": [ "permission denied" @@ -458,24 +466,24 @@ token renewal period. This value can be an integer value in seconds (e.g. 2764800) or a string duration (e.g. 72h). ```shell -vault write auth/token/roles/ allowed_policies="" period= +$ vault write auth/token/roles/ allowed_policies="" period= ``` **Example:** ```shell -vault write auth/token/roles/zabbix allowed_policies="zabbix-pol, default" period="24h" +$ vault write auth/token/roles/zabbix allowed_policies="zabbix-pol, default" period="24h" ``` Now, generate a token: ```shell -vault token-create -role=zabbix +$ vault token-create -role=zabbix Key Value --- ----- token de91ebba-20ad-18ba-fa43-08e1932de301 -token_accessor 1f8abad0-c1db-9399-15ee-dd4b6230386c +token_accessor 1f8abad0-c1db-9399-15ee--datad4b6230386c token_duration 24h0m0s token_renewable true token_policies [default zabbix-pol] @@ -492,11 +500,11 @@ token renewal period. This value can be an integer value in seconds (e.g. **Example:** ```plaintext -$ curl -X POST -H "X-Vault-Token: $VAULT_TOKEN" -d @token-role.json \ - $VAULT_ADDR/v1/auth/token/roles/zabbix +$ curl --header "X-Vault-Token: ..." --request POST \ + --data @token-role.json \ + https://vault.rocks/v1/auth/token/roles/zabbix $ cat token-role.json - { "allowed_policies": [ "default", @@ -511,9 +519,9 @@ policies attached. Also, its renewal period is set to 24 hours. Now, generate a token: -```plaintext -curl -X POST -H "X-Vault-Token: $VAULT_TOKEN" $VAULT_ADDR/v1/auth/token/create/zabbix | jq - +```shell +$ curl --header "X-Vault-Token: ..." --request POST \ + https://$ vault.rocks/v1/auth/token/create/zabbix | jq { ... "auth": { @@ -545,14 +553,15 @@ indefinitely. To create AppRole periodic tokens, create your AppRole role with **Example:** ```plaintext -vault write auth/approle/role/jenkins policies="dev-pol,devops-pol" period="72h" +$ vault write auth/approle/role/jenkins policies="dev-pol,devops-pol" period="72h" ``` Or ```plaintext -$ curl -X POST -H "X-Vault-Token:$VAULT_TOKEN" -d @payload.json \ - $VAULT_ADDR/v1/auth/approle/role/jenkins +$ curl --header "X-Vault-Token:..." --request POST \ + --data @payload.json \ + https://vault.rocks/v1/auth/approle/role/jenkins $ cat payload.json { @@ -564,7 +573,7 @@ $ cat payload.json } ``` -For more details about AppRole, refer to [Authentication - AppRole guide](/guides/authentication.html). +For more details about AppRole, refer to [AppRole Pull Authentication](/guides/authentication.html). @@ -579,14 +588,15 @@ parent does. #### CLI command ```shell -vault token-create -orphan +$ vault token-create -orphan ``` #### API call using cURL -```plaintext -$ curl -X POST -H "X-Vault-Token:$VAULT_TOKEN" -d '{ "no_parent": true }' \ - $VAULT_ADDR/v1/auth/token/create-orphan | jq +```shell +$ curl --header "X-Vault-Token:..." --request POST \ + --data '{ "no_parent": true }' \ + https://vault.rocks/v1/auth/token/create-orphan | jq ``` @@ -599,13 +609,13 @@ Revoking a token and all its children. To revoke a specific token: ```shell -vault token-revoke +$ vault token-revoke ``` To revoke all tokens under a specific path: ```shell -vault token-revoke -prefix +$ vault token-revoke -prefix ``` **Example:** @@ -630,16 +640,18 @@ To revoke a specific token, call `/auth/token/revoke` endpoint. If you want to **Example:** ```shell - # Revoke a specific token -$ curl -X POST -H "X-Vault-Token:$VAULT_TOKEN" -d '{ "token": "eeaf890e-4b0f-a687-4190-c75b1d6d70bc" }' \ - $VAULT_ADDR/v1/auth/token/revoke +$ curl --header "X-Vault-Token:..." --request POST \ + --data '{ "token": "eeaf890e-4b0f-a687-4190-c75b1d6d70bc" }' \ + https://vault.rocks/v1/auth/token/revoke # Revoke all secrets for database auth backend -$ curl -X POST -H "X-Vault-Token:$VAULT_TOKEN" $VAULT_ADDR/v1/sys/leases/revoke-prefix/database/creds +$ curl --header "X-Vault-Token:..." --request POST \ + https://vault.rocks/v1/sys/leases/revoke-prefix/database/creds # Revoke all tokens -$ curl -X POST -H "X-Vault-Token:$VAULT_TOKEN" $VAULT_ADDR/v1/sys/leases/revoke-prefix/auth/token/create +$ curl --header "X-Vault-Token:..." --request POST \ + https://vault.rocks/v1/sys/leases/revoke-prefix/auth/token/create ``` @@ -678,8 +690,9 @@ $ vault write sys/mounts/database/tune default_lease_ttl="8640" Or ```plaintext -$ curl -X POST -H "X-Vault-Token:$VAULT_TOKEN" -d `{ "max_lease_ttl": 129600}`\ - $VAULT_ADDR/v1/sys/mounts/database/tune +$ curl --header "X-Vault-Token:..." --request POST \ + --data `{ "max_lease_ttl": 129600}`\ + https://vault.rocks/v1/sys/mounts/database/tune ``` #### 3. Check the role specific TTLs @@ -703,9 +716,4 @@ renewable true ``` - - - - - ## Next steps diff --git a/website/source/guides/static-secrets.html.md b/website/source/guides/static-secrets.html.md index 460efe4b56ef..a5fbe9a7868a 100644 --- a/website/source/guides/static-secrets.html.md +++ b/website/source/guides/static-secrets.html.md @@ -55,9 +55,8 @@ storage isn't enough to access your secrets. To perform the tasks described in this guide, you need to have a Vault environment. Refer to the [Getting -Started](/intro/getting-started/install.html) guide to install Vault. - -Make sure that your Vault server has been [initialized and +Started](/intro/getting-started/install.html) guide to install Vault. Make sure +that your Vault server has been [initialized and unsealed](/intro/getting-started/deploy.html). @@ -87,10 +86,17 @@ You will perform the following: ### Step 1: Store the Google API key +If the secret path convention is **`secret//apikey/`**, store the +Google API key in `secret/eng/apikey/Googl`. If you have an API key for New Relic +owned by the DevOps team, the path may look like +`secret/devops/apikey/New_Relic`. + #### CLI command +To create key/value secrets: + ```shell -vault write secret/ =VALUE> +$ vault write secret/ =VALUE> ``` The `` can be anything you want it to be, and your organization should @@ -99,48 +105,46 @@ decide on the naming convention that makes most sense. **Example:** ```shell -vault write secret/eng/apikey/Google key=AAaaBBccDDeeOTXzSMT1234BB_Z8JzG7JkSVxI +$ vault write secret/eng/apikey/Google key=AAaaBBccDDeeOTXzSMT1234BB_Z8JzG7JkSVxI Success! Data written to: secret/eng/apikey/Google ``` -> In this example, the path -> convention is **`secret//apikey/`**. Therefore, `secret/eng/apikey/Googl`. -> The key is "key" and its value is "AAaaBBccDDeeOTXzSMT1234BB_Z8JzG7JkSVxI". -> If you have an API key for New Relic owned by the DevOps team, the path may -> look like `secret/devops/apikey/New_Relic`. +The secret key is "key" and its value is "AAaaBBccDDeeOTXzSMT1234BB_Z8JzG7JkSVxI" in +this example. #### API call using cURL -Before begin, create the following environment variables for your convenience: - -- **VAULT_ADDR** is set to your Vault server address -- **VAULT_TOKEN** is set to your Vault token - -**Example:** - -```plaintext -$ export VAULT_ADDR=http://127.0.0.1:8201 +Use `/secret/` endpoint to create secrets: -$ export VAULT_TOKEN=0c4d13ba-9f5b-475e-faf2-8f39b28263a5 +```shell +$ curl --header "X-Vault-Token: " \ + --request POST \ + --data \ + /v1/secret/ ``` -To perform the same task using the Vault API, pass the token in the request header. +Where `` is your valid token, `` is the key-value pair(s) of your +secrets, and `secret/` is the path to your secrets. **Example:** ```shell -curl $VAULT_ADDR/v1/secret/eng/apikey/Google -X POST \ - -H "X-Vault-Token: $VAULT_TOKEN" --data '{"key": "AAaaBBccDDeeOTXzSMT1234BB_Z8JzG7JkSVxI"}' +$ curl --header "X-Vault-Token: ..." --request POST \ + --data '{"key": "AAaaBBccDDeeOTXzSMT1234BB_Z8JzG7JkSVxI"}' \ + https://vault.rocks/v1/secret/eng/apikey/Google ``` +The secret key is "key" and its value is +"AAaaBBccDDeeOTXzSMT1234BB_Z8JzG7JkSVxI" in this example. ### Step 2: Store the root certificate for MySQL -For the purpose of this guide, generate a new self-sign certificate using [OpenSSL](https://www.openssl.org/source/). +For the purpose of this guide, generate a new self-sign certificate using +[OpenSSL](https://www.openssl.org/source/). ```shell -openssl req -x509 -sha256 -nodes -newkey rsa:2048 -keyout selfsigned.key -out cert.pem +$ openssl req --request509 -sha256 -nodes -newkey rsa:2048 -keyout selfsigned.key -out cert.pem ``` Generated `cert.pem` file: @@ -174,23 +178,19 @@ save it as `cert.pem`. #### CLI command -The command is basically the same as the Google API key example. +The command is basically the same as the Google API key example. Now, the path +convention is **`secret//cert/`**. To store the root certificate +for production MySQL, the path becomes `secret/staging/cert/postgres`. **Example:** ```shell -vault write secret/prod/cert/mysql cert=@cert.pem +$ vault write secret/prod/cert/mysql cert=@cert.pem ``` -**NOTE:** Any value begins with "@" is loaded from a file. - This example reads the root certificate from a PEM file from the disk, and store it under `secret/prod/cert/mysql` path. - -> The path convention here is **`secret//cert/`**. This path -> has an environment flag (`prod`) to indicate that this is a root certificate -> for MySQL in production. If there is a root certificate for a PostgreSQL -> running in staging, you may store it in `secret/staging/cert/postgres`. +> **NOTE:** Any value begins with "@" is loaded from a file. #### API call using cURL @@ -200,10 +200,12 @@ To perform the same task using the Vault API, pass the token in the request head **Example:** ```shell -curl $VAULT_ADDR/v1/secret/eng/apikey/Google -X POST \ - -H "X-Vault-Token: $VAULT_TOKEN" --data @cert.pem +$ curl --header "X-Vault-Token: ..." \ + --request POST \ + --data @cert.pem \ + https://vault.rocks/v1/secret/prod/cert/mysql ``` - +> **NOTE:** Any value begins with "@" is loaded from a file. ### Step 3: Retrieve the secrets @@ -213,13 +215,13 @@ Retrieving the secret from Vault is simple. #### CLI command ```shell -vault read secret/ +$ vault read secret/ ``` **Example:** ```shell -vault read secret/eng/apikey/Google +$ vault read secret/eng/apikey/Google Key Value --- ----- refresh_interval 768h0m0s @@ -229,14 +231,14 @@ key AAaaBBccDDeeOTXzSMT1234BB_Z8JzG7JkSVxI To return the key value alone, pass `-field=key` as an argument. ```shell -vault read -field=key secret/eng/apikey/Google +$ vault read -field=key secret/eng/apikey/Google AAaaBBccDDeeOTXzSMT1234BB_Z8JzG7JkSVxI ``` #### Root certificate example: ```shell -vault read -field=cert secret/prod/cert/mysql +$ vault read -field=cert secret/prod/cert/mysql -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEA6E2Uq0XqreZISgVMUu9pnoMsq+OoK1PI54rsA9vtDE6wiRk0GWhf5vD4DGf1 ... @@ -247,8 +249,8 @@ MIIEowIBAAKCAQEA6E2Uq0XqreZISgVMUu9pnoMsq+OoK1PI54rsA9vtDE6wiRk0GWhf5vD4DGf1 **Example:** ```shell -curl $VAULT_ADDR/v1/secret/eng/apikey/Google -X GET -H "X-Vault-Token: $VAULT_TOKEN" | jq - +$ curl --header "X-Vault-Token: ..." --request GET \ + https://vault.rocks/v1/secret/eng/apikey/Google | jq { "request_id": "5a2005ac-1149-2275-cab3-76cee71bf524", "lease_id": "", @@ -268,15 +270,15 @@ curl $VAULT_ADDR/v1/secret/eng/apikey/Google -X GET -H "X-Vault-Token: $VAULT_TO Retrieve the key value with `jq`: ```shell -curl $VAULT_ADDR/v1/secret/eng/apikey/Google -X GET \ - -H "X-Vault-Token: $VAULT_TOKEN" | jq ".data.key" +$ curl --header "X-Vault-Token: ..." --request GET \ + https://vault.rocks/v1/secret/eng/apikey/Google | jq ".data.key" ``` #### Root certificate example: ```shell -curl $VAULT_ADDR/v1/secret/prod/cert/mysql -X GET \ - -H "X-Vault-Token: $VAULT_TOKEN" | jq ".data.cert" +$ curl --header "X-Vault-Token: ..." --request GET \ + https://vault.rocks/v1/secret/prod/cert/mysql | jq ".data.cert" ``` ## Additional Discussion @@ -294,7 +296,7 @@ enter the secret in a new line. After entering the secret, press **`Ctrl+d`** to end the pipe and write the secret to the Vault. ```shell -vault write secret/eng/apikey/Google key=- +$ vault write secret/eng/apikey/Google key=- AAaaBBccDDeeOTXzSMT1234BB_Z8JzG7JkSVxI @@ -313,7 +315,7 @@ Using the Google API key example, you can create a file containing the key (apik The CLI command would look like: ```shell -vault write secret/eng/apikey/Google @apikey.txt +$ vault write secret/eng/apikey/Google @apikey.txt ``` #### Option 3: Disable all vault command history @@ -326,7 +328,7 @@ in history. In bash: ```shell -export HISTIGNORE="&:vault" +$ export HISTIGNORE="&:vault" ``` **NOTE:** This prevents the use of the Up arrow key for command history as well. @@ -337,7 +339,7 @@ export HISTIGNORE="&:vault" The two examples introduced in this guide only had a single key-value pair. You can pass multiple values in the command. ```shell -vault write secret/dev/config/mongodb url=foo.example.com:35533 db_name=users \ +$ vault write secret/dev/config/mongodb url=foo.example.com:35533 db_name=users \ username=admin password=pa$$w0rd ``` From 352e5937a50e0cebdd452515ee58ae25717ac74b Mon Sep 17 00:00:00 2001 From: Andy Manoske Date: Wed, 24 Jan 2018 11:47:31 -0800 Subject: [PATCH 011/178] Policy Feedback from PM --- website/source/guides/policies.html.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/website/source/guides/policies.html.md b/website/source/guides/policies.html.md index 576155e86d87..7a700282a470 100644 --- a/website/source/guides/policies.html.md +++ b/website/source/guides/policies.html.md @@ -8,8 +8,9 @@ description: |- # Policies -In Vault, use policies to govern the behavior of clients by specifying the -access privilege (_authorization_). +In Vault, use policies to govern the behavior of clients and instrument +Role-Based Access Control (RBAC) by specifying access privileges + (_authorization_). When you first initialize Vault, the [**`root`**](/docs/concepts/policies.html#root-policy) policy gets created by @@ -22,14 +23,14 @@ In addition, there is another build-in policy, `default` policy is attached to all tokens and provides common permissions. Everything in Vault is path based, and write policies to grant or forbid access -to certain paths and operations in Vault. Empty policy grants **no permission** -in the system. +to certain paths and operations in Vault. Vault operates on a **secure by default** +standard, and as such an empty policy grants **no permission** in the system. ### HashiCorp Configuration Language (HCL) Policies written in [HCL](https://github.com/hashicorp/hcl) format are often -referred as **_ACL Policy_**. [Sentinel](https://www.hashicorp.com/sentinel) is +referred as **_ACL Policies_**. [Sentinel](https://www.hashicorp.com/sentinel) is another framework for policy which is available in [Vault Enterprise](/docs/enterprise/index.html). Since Sentinel is an enterprise-only feature, this guide focuses on writing ACL policies. From 0a923b42c1426f3723d99e78a9dfb65b94140ccb Mon Sep 17 00:00:00 2001 From: Yoko Hyakuna Date: Wed, 24 Jan 2018 16:01:44 -0800 Subject: [PATCH 012/178] Added policy requirements & scenario diagrams --- .../source/assets/images/vault-cubbyhole.png | Bin 0 -> 35116 bytes .../assets/images/vault-static-secrets.png | Bin 0 -> 22109 bytes .../assets/images/vault-static-secrets2.png | Bin 0 -> 32499 bytes website/source/guides/authentication.html.md | 8 +- website/source/guides/cubbyhole.html.md | 199 ++++++++++----- website/source/guides/dynamic-secrets.html.md | 13 +- website/source/guides/lease.html.md | 95 ++++++-- website/source/guides/policies.html.md | 11 +- website/source/guides/static-secrets.html.md | 226 ++++++++++++++++-- 9 files changed, 430 insertions(+), 122 deletions(-) create mode 100644 website/source/assets/images/vault-cubbyhole.png create mode 100644 website/source/assets/images/vault-static-secrets.png create mode 100644 website/source/assets/images/vault-static-secrets2.png diff --git a/website/source/assets/images/vault-cubbyhole.png b/website/source/assets/images/vault-cubbyhole.png new file mode 100644 index 0000000000000000000000000000000000000000..fd216659d1549385bc2efb68e52bfeefa5e1a0d5 GIT binary patch literal 35116 zcmZ6yby!s2`aVoEiV6c#62c6ibazM$U5YeANOzBP*8n2jWe`#W4Ben39RkullrV&} z^oyVKJ->6#`_JBU&9&Fs>*;5$``*znH54D-e{vrS3+th>5=09N3kQLPg^dp&xcdh* zXjPAe#ek&@kuB=rHSrMHR8ZQFG2aNCl2j^BRMS<5NrB;dNeV_)(tr|pGJ ze$5NNiV;JMqHl$^gov0(OuAxnto$b8ffW$NwJouhEL3od`JQ zQt;D-B+#u6-uN3UJ}4d@WEa%(5^`19wYd+6+bE#81wfal;I5ixga3N3G-DMQuZRUP z9Q9?f9;jFFSUJE7a%BRM5CoY#23E$wgPbjVm*9=s5Py3J6bxz?0dYcHiR`ALkK~sgV1R}w@d{!;6#2r`~@5yWC)Bsi-(WI!}pya z6z2izkaHKo{fn0hrqV+Qg2biqkE1F(&ooEvHdu7znKaJg_1A zcH|b<8Ylwx1PNp$!91JlrLEffVMWWJ`k^F1r{(6Gu%tmi<^L#T*_&iKrBNjS z7L|6fEjo0_s)>=xlBl%A39T>aZMG=voh96X#r?M(9>sPRp-xodBus=sfhE8x;a$7u zPe%~}vG6|?rktL1bqDg95vz_7g-@Mm z-=??ME&E4kSjGQ7eErYEOLr67fvY-NHW6i?A{qnTTiR6&C;p#<-3<|u$9wF5kpTbm z1^(v`{7*0Z&ocb?nR?Sat?R`I{LdMDxhp6Da@7Ig z5^>S`-{u6%Vtq{RxG@6Z>^FNut~9`&mG9v}aJU!!s5b>{LgdAB5Z5SMb!mTp)>S9` z&v%8fTW}xdPUA<}-%pMVS3;iNC5Z(x@7}|B2+9eJwu|e$X!xJBR2I1b)hSiqtb2oKc}J9qV%K#Y%oK&9Y13XCQK zqq{1sJC_)?vq|-qF835nZhc1FLsIUwYPRfg=lqH*d-ETicb-F}KR%<-#XD^Q$?~)^ z6djG}n{iKgvvA)!fzZ4>caD#<$DdVqBnCX7**#0&qk3h4XG!*_IW07{@XSZN-8#3O zM8paYK@Kb(l|*b6UR2))c;A`6n61pe|MiD%-8ExYfqy!-QAyJJ;3Lx-(Y1F%9}-O!s0!2z0VX- z>x7@S&g`@1J0vZBe8SHk_vE2<#>B3Q_oR6$L!lDZ0mKwl_DWfD%?j z>B)zWaLwKX42Ug{TyIB{#mkUM!C?t?e-VxD~7XoFwkeWu(wS6J5gck~1(` zh`M+T0-gQ&T^o{GEfUTQI8@Q$zPa1GkpRKq6T_J z!%gD>vs0{D5xt;rw;)f*^S2CMWfG>tyI)(D-$=>0mld)6`WZY=fMF* z!LMicIJb^|U-U>ro$L*mB?!59I1qWjpvu4Q6Vb^F`dw7Nam10o8HtO|1W5FuxHV;< z*!{3LedYKQuc2+~;(C6@CXeQ^hgM ze$>%nFQaIu;XFIMnXnWKU=B7`UCkm`pbv0PSfQkM4K?uuzedEYqxu5GDr zkL|pgtlv^C@AEUOxQG!gg4Tr6w=%W6jLVCeIWvT9yf%a`7@eVbJ*!<0B&6z@f~a#1&-h3tn;DzzlS9vT zeD-ddlBb(%UCQCq_Xk7dwwIhv+itnW`nJ=Cf-S~6kACoJ@Py}XMmAcTwVz;|Uz6%} zA|Hb|;qYjbdzkGkF9RD#MC@Dni_kU3b_z*u1v-jBlvvc-bjVN8k?vwH<|@EEFw~264B-r`^=!(*(R>v zj5|P4>vDsh5r?CQg%p!{0D7l{R|Yz)`{fU3AT>8(7z?#4Xq6t@osa&}28fG4i7z)# zl`7JfCK)pb@Lvb~k!10l3;$jIxi@1Yhhud31qCX_{h?)IS_UkUnNO9p#RZUa#5NVR z3|{+fbpYAP`_Y@qAdaM=dCye3$4;$uv%~^$^N`{e8lg4clp;#;)PO8f4bp_KY~-d1 zRzNw(m8v&6JQ(L_4dICSR)X&MKU=0IOH>JR*gQzXLI!8A|}N0lXdbs#5NXy zy_dVmAVf<(X#W{=F;DyBSbX8Em&+XfI2p!J`Q-3E%}C4# z2x_#chFDozQv8PNhYEj>03JnC*faNRU9~iQZojjIC6B@Drhp|XN7(@484U+1#B>wrmb>l`^9OhOhut)A+x=@&FrXXSS~QUSmx+#piccm9C2T? zdaf6h1$K12`m@S7X+4j~ss5$chO7Gf>ie&=MQNmtCjBB#@(&_V)|m}1i8=V0$Pkz$ z9;#+5)17PcbkLUd+e+&1;kwNFk0*m1AcRm8*lkI3F`NG}Z z3*x=B2Xp}u4NbT64`>E19^iUJ@AQiIc@6TDmMUsq@zgX@ zxV0_Qy@>vvN|E?IjOHiAgWq8IVuOlo2DDb#pyBcD*M{2hoBIIb$L`Fz$%H@5#m@wQ z^p9fOX{t)+o>f5Tr6*a4nWx$#0oCXkKve-UtBWDpK@*V%oT~ldJL>mkL9XD5atL=Q zp8^ud5j%C)>weaRE>b$ILOrF3-c$Za_%glYofy~jP;cwAg)h4FMeGGUf!IhBniz=Z zrUdP&+8tSy(gzsyU3Nd&q5hp@6K8F_0V;kW7{4X3X!}Z}#Qr+bQvGB43gT^6?B!bvSI~?8=MdE_0dmwa7?`fC8`g@bj z-OIh6=6HBc++&b(hl|v{EL*}ziwQ%*9^EJDK=iqVn(*x~$#hk}T`h&q>1kycIWzJpmy3=Qt&p4cLbV}3IL!+fMp?=+qm44sA@+oDvA||=Q)tIhNvZlWGt-kaXp`*L zJkMLvJKpap<2YiAf1hQa)1lC-492%a+#QA1!6hG%GFr{D&IhF-^~Sq@4bJ1yQ50_fVjU@ z)^8fL|2Emgk$&T6&i%JCID+C*Aqo>vWe^>qAtDc<2-qi;0PabIMH z6-mzJs4%xiwn%~g%f$3@O3+!uNUPd)$FtnGf10|?>a4BmM7G5p7>UGV+dQ_29wOw6 zO?!RaXEqI)Cm2>-TaQi+@JZ&&VNTeqGruS&Q+ygLyDK%}WdhE zC!TbqTNEfzzIs~El(K>J%O}bd-4z8Y$NZ=nQ*A0f$(Hs2b0Uq zYJ>WWtQVNIK4ZnzEIhb2bL;>EY_H=yhA9J6Uc_OsNMq>S?}$^Oxri@y_MpJB`%3n) zWK_A8=rgDCR!WKZ2fXdcBOmv@(^^+4+B%#x()$eD$NO;LzicxXf84o-l7T)kkmn)q z$qvZCf?}$s`%T-2k$o$p@|oV!hkT^*R2wWAANyM72(TV45`FXU{nlA@(BF zn}Xj8-=~VO3o(X(z0$sV9H9U9{ZGs7u-w+@-8V>&6WKa|-zcN6lFWu3owyAbRgK=*$Ov2fGq$}_E& zAFXFJ+BCYisp+RC@^eoxy20{C#ERu{c?ALk-sZ^%sGYgRH&D8oqnWoZ_u`J+PA;de z4O7^su7`$jWA7uo@kiKKTDnsvaq_o5pMR*{U^p=O#gX|W7N0Lu3nxGoRC;?Yt3Z}V z^I-EttqN(&v&+eLvvK~LgIKVY8nRABRC{0}ci${L!w65{XwFXtvuTrWJz&GC`0HSJ z$*%-=;J%iV$FfOGk-Y4n6U~b$zFWFYDSZ(M#ZuquV5%1R{38F+P;m-cfyv5?xmyM^ zE`y(vOB;(UuV!L7FbKXBH*XVt@N2pKj76N0hmL_Dxs5MPgNFlI8<~fJLp%7ftQNLUtjPlK*!Np*=cvZKxKOO6B=w@lD(QZP7o&VBhgUjw47-bOdbt;i zsFCE0%ZYyvwApIqAPm47t#YSGPl(Enm>8HGNHOX0Li!lE4!jpc&Ev+VSXtzf*jjQ` zxpRn{7D>zM*4+DaFjj*()B2!Hx{$wH?!ltLLAim4*+fb`>JdcYDL?M(GtY{f=n?4| z8`FP~z*5la0;rJBFj^wYZmH>+sj-r&b!{rX*=Np=qxqqlgU?U7!aK!S7BeKbba6g8 zqDVtuS9uAdXt(L&+4xxwY6X0dVt%7}ZD!x&uen^10xMvd88gP*4upCiM(p1hKKIaI z{EoonDCZo`Qy6(CfPSF6jGuBu-t0F$rC?A(3*_j1^Lcq2q=z@C?2*RQTVtjE%c$8j ziXP7RUK!x4sY;*Rm0-t9r;<%8%%r_nsSPVH5_)|zV((%y)^2Tr_P4$e&Cpd0s4qD* z=6kl^svcbycXL-{l4g_HEw(SM7rzya%FWT1|^ z0k7hbu+_kY8hsr%s}^vIXk)M+HSu)>wkf|{Xp!Fg{f!Luw%W!avf&RS17wWj8_QE7 zidc#P^j%lMdE85-y1^DfcsijdM#mi=IL`Q|M|QnSqO7vJJ9Rx`SzbU_>a_fbF>2Vt zV#TClEG>7u$t-u%urU5wkn#;W=b}+1dY(hl;f?FnbWtB@-RfP6Rj~OIaid85Mw5|X z(5k^v+5^+;`A#E=UwJ2sYz`1nnn+Jv4`p0ca z+VT_%Z>FfI(AXL4cv#@OMv#%+D1W}dq(5r>pu1memeS|ok*i5s^G6|m<#RsK0Rt2{ zy`@>3(ThrDXCZ4hNe9}{@8wh11cG&qH{D<47L)TpBdu|C#QG}uBobZ5@s1+Q1{$P3 z6mAiexcAcig*G=B`J*m|5F-nIG)E@(8#jlIoGMo76jKkBCX1yoaYxp_S)GF+o86N+ zD@|QqW@xFL37h?l03XkoMiU+fT@Zo=YapV}im#@%>b+IL(Y$Fdl;ncjyZ5VV24{u^ z$HTGt9<6J3JPqoQu{`>v1v*_e{!pC)O;)=V`DOchUXZ42n!YoTkfu!s?m)`3*^k4_ z3fpRXZGlSF3y(}9Pq%qwpys1l^lKoP3rUV4KyKS4`fqcH#$tW6qR`vhG|3C6GWe#C z3lw!Y(0`k5wc3lt9HIkniYuy35qb;%cm%Gf{Z^j8caP|pM})}EEV1_0Pesm?o&k8- zswEbqI$BaD#o%ikq4LuKzNE9%ckc+J)7feiGuQT|z z8Q)6+!>4*>IXLzQE(V{!Lcu!rEBK??V=0_6mCbBqI)`A&B7tf{BJj$%uvFIZVA?s6 z_xFyr9T=;)aO9y=@;kqK;_aY%sZxm^$D|CO-%!c?&`+=ZSj&1lsrrF$N`T#_h;p#j zr>#XY+QIZuHrG$V*T^sdu-p7bc^F3pN1t4-@YjKdk{j5fs>7i#IYEe-1}UnsjH8S4 zqHdAaJ%d&0UvaONZB$$n^mP@*Za%g~dxAKBZ0*@(?yb_2yhH-rLCt7JH@g0xRPC08 z(x93|&kRBfdX4~ObgyUN#oA?SheWBRnVidm5mSPkCgM<~#NX{N-#vV<9_bve6`XQ44K9))-RjA6P6}OG6(^u()BpgK1%@rS*F2 zq9me6ayI!-`g`4VJCBfV1!{e~<#BnHyhvOB0#!uM zg~XuFLrM!H#W6uzoBn*=R4C&tYxTH`2g|yS1=SPq;k4?oqcc>`NYOoY)3jlvY<>4I6ZdAW-gjKv2Twk$SxSk$2Q8(D`&AaL5+)Zu zgtjNChB!FzFkcq1+&mi#TF8?%_=o-L$+IuXm?AaK+o%UbQG9DzFV zR8aESkd!QP(>5jg7vA?aK3EOA%vx+Fz~$5{f;av024SN21XM+gX8TOU-NIrc8pmZ^ zyWFnBKf7}=%*ljEDg=9t$uLxXBGxPchS4lV37}Q5Oe+2x9})dKytJ1HQ+9PV1|RiS zC1c4B8~b)&jZTcqHl>l&6bu`K{|G`V^;^AFQQuMuhx(Ew1_i!=ya|2%wYFR9KUh_Z zjM-C^PU*`<*bKNo#LZ67f4yJ>_hmo*f_4j^g&C#Ht|ShMUkD z6&}ZTOS5V#y-n~@`~L=P2Oow60QE8@3&hBBm_Pqq&t^>Sil;Q0g{NYr>!E2X4fiqGzCsIsV{76{s%105ypF@4qb^8=tq9E z&;0qRG?uX}v`Gn|#I@AE`qMxjI)L_F%)5T#^6w$8o`AuSMw~eR;FHwN3ww2URw0%C z@=FNn4oevlFAvs7)xj~NlC2Xf{|5G!TN!yM(OHe)%D~6v<^gSQAW$w)9wo4Y9yqe6 z@?6uWl7$(;_A0=H?6Cjrb zK;_V#OZjj%k16|uSNk-;5&K9Ph^`nXYi*HjGO6BqdxH4RT!&isrL8a~h8e)*H+`RS zA*J!YVcA~{pg2C*EUZNl<&tyra>*)O*m>XONxl6h5q7w+@KX%Q`YfvTvdD=#5aSFX zUCOQxK8)HiGqmp0^MP6=_Lt*eOjKSy+ke0R4$kf9I~CP%Rp}A~56Wh^lm<=-7T{R9 z8GGHII*8~zU~t`nH>#a|GylMd0C0f(`gaG6co4qpGdCd6Rn>88{dM95?9Vr2k<+uQ zIpm1&H3#f%ETU!0NBDXXaZxku<1w6fC?Ppwkt|2fn8WX;!;*nNdDjw?^L+>k@Zsk{ ze!agqTSV?=9Mlx5+7kTdqvG)%4on#0pofkF;{MHX1ys5|wRNQ2g)1F|ztxF5` zuOOS~QjEq*8g;>X4+G;|y;&mWO*1w=qEIw*lZOIT4?l6++tqMQA|L%|yLoljWi0|P zlkU^5)0BuA-|3D9{JR8rKn8Tng?n2}bEy`Bz3>Dr9jbG=U z<8Lc(Etrn$OiIN+3v!p5Xu2PgEHCZubkc04{wn?Q@soRav2e3^n%u9!_75UD?}2%Q z(Y}4~Mr(-wYY3DPlsCS}+%b22kZJH{+eqtgy!`Yi9o7TnFySEYLzzKRk{}ar5P0xI zxnG^_IvKU@!_Ool%6J>n&_o3!7I{s(5NK_5v*dgzt>HvaoTb9q5jX`xJUb7b`fxv_ z1ZbA3P2D}h*7T{k{f2AUD;wUZ3c0d`%sW$3e(|{Ddvsa?Xk!}hw}ObIskni_rNx*B z30M+BpuM@Vb!891Iu5f3tssOv^qJq6ZAe5XE0`g^28SsoCr3qN^EK@_>qys=xpRf( zmna=KoUMvGT8T3$kkSr`C0~SxxN(47UE)RH>$bIgM(Kd|Fhc3mWZ4Avsif|D&P(9Q z!ffA*(zfYC5i9Ex$~iA%>AZ=xilbbIhG3$l*N4^r!k8@pIiNoA@4OQ`oOl}KApvB1 z;o2oO$YAa`z!vs8GEf#GfzX-u?ZNJ(XGReIQZz>XQ#%a6t}#sek9!0#%G$Z?c=ghM zGymdtg90A)sFhI>7Ph`p`5+sB{jmRQGqFJ@6;vMDkO4WF_{%1E@qe$(&8Id1OS%Ad z!WtLr61B*Wm2kDc`f8VzpKVZhGe5vLIfeSUtc?U% zdhGk#|KW%DFjR4)OApDDF0SC-FCh{Y>lW7yxMY*9MDoy0-lt`hcU6T4jHi*fru@Kp zWt9M;51eLn6LiM5J)9_|DiV>YyIWNTA@T>F8VLBmL^1Wy>xb14ZPM8r~(O*VW|(%bMi@pk??f*Jh9}XsV= z$zytY;65erg;Z6ei6qE*;?U#T0&=ASxe6?czmx-h980y;+x(F;b#N27ndaq4KVISc z>TgC5|0_DLtjXl$>#RD#Gz$n8vC5~5%rNZMFLom?CMeh$>V&HT=UcX+=%kB-@M@*e zIZuf}J1>Zy1o*zm1>E$M2Dn5AWWx7(lr^1Rzppw0lG)Q#L{-GQMe63?bx6z4N$%7m z%(Q0ZBpI`%pDV$Lm-71h)BAFhTAH~I2x=9KKARoMZ%|`+;KNMb$e<9zd$a{~6HXf} znO&zDwY0K=!N9)^Z$B7!?(a_k$}F7c$GD+inA?lCTpuJ|JOj$iF@8}^c6oVTtr-ue z)RTVwXk0+UHf4CIhlCJW_Cj7 zj*4(s-S6CRf4VFrx4}n$RZS{^h_FRrx#SBV<{t0<94)Em-vI*iIv{@CllWO z!XpqPiT657$LBu$oG`1?T;RbG@ZbP=5UI28O{e#d|55;Q*!sZVkqrL??hwf`>t03a zQ+|=5WN~D3TC*^-5kSnW32W-?78MW(~WB*nSO?|$UgNBe)e=ULVbp~>v5=3 z8K;8umJ%}Clw6IGm^PT`9{YZdBnR;ZtV@Zv^xt(F%9rtj_ zt|KV0*h5lft!(^n>Y>H~U@E<6=K3_C&t?JG2lqnlZegEYrqb_+oHLrqO_EJ$Qh6Rw z=jxm^iErOz8>JPt9=9C!!Ap6$8sT7xRHXfAAkZmHcFz$xN5xT$lv z(7rH+Ew>giJ%Lngd`F}H%TB(FY$Lv?CrS4h0AApTbA&A(kGOV}xK<``XP zunnxX22O=>D@t$oo7*Z1AJwrw#_$h{RbenA>sRkSy~}E_-Fg}1Vvn}}a9m3101mt+ zt>PY)S~aP`^v41Zmnv%&hnD`}ZboL`q}siom(czE=9 zGb|tJYubSSYpLe?GF~1^EXs+Q{hQVv;`A#gQ!{E#oW=&@A5Vc~KkWLz-t18xG|v_R zekc~1ob-n!S6Q+cq&_s$c-Ysj?$>d>5BD~YB@-iFBNtw8d&Y0&l-jNtiT}OirVWnC zDY85H%buK+4?f*80m=~SI0XT!6arpDB&>qc%h}0s*cqiuGax$76U6)N%(_JlrKct0 zdSd7F#Ip0+ix&q%1WB}AyXFyivU%vpL;>k6ZR|!pI9$Bm>r%5esnN6JwlM$8zeq6E zAZZNSx8NP-iPNy)L2h@4r9%ki$n^((y-d=Ok-gsS34&+3A4{K=^;lM?TzF+(tR8ODie=ascltCe)rd9$vY)&2h4>15D66)Gecj_K@R{F}i+#|HZ_@by)9V zdFhy9uGWB~y8H4{RchMzB_)Czr%xeY)tmz+7p6EwiXCD&mz|mnAg;Tbqd8HqnGVl# z;%N9%JRqsSOEtm}1-sviq5UhbEnY#Lk0T`Ek@g%N4hLV=Mqq_5V22bNuY?=t1JrFP z?`Pr!+HcoCg7SBl(-DCsOZH`ScTP8Jbc%9h0ewkN)Xo z+AJY<2NEteEpHWdUs&<{+4Qv3aeY}QYsPxFP>0aJJq0V{%Zb{ej_k1?y@k(X{$#kD zX~aWv-E{D{_^V0-rO)Jb5_~I4gFEaaI{N{S-HfSA#j5`9V(>y-;BZq%AME&ofto!Q z2X?ishh^kAu_Or=0%4_67Op>t#E^y)llG6CBJOrw70YGZcV_Q=05pRINJIRG9$db4 zG)_vn%OM|ieGQD_clUPdJ1C#(>u`@5@9pB2ZJX}Zv%^lwNg8b-{x+BA@U+W|bP$?& z)~kaJlrj(y2$>fI^&-}K+KnN-$z>Jp@6PtUYWJIl_Z3hTU^FxPv0I^BOd|sCHJ$dI z85JWt^=gmxpL$zf=NWk!7sF2gAZgftyD^6 zaK#CVc~<2r83@TQi#)3Up%sPqW-d(ca8i8yYQ)=S!1T*PdGa^cU%FmSywgNppvNOt z3KXr60;8;1=^oWSLkL~wQvh8skIbX3atmDwy;Bh zq=I0c5)l!(*Nw{s6Eakkx|g5s3gVX8Ynp2iM<4NmNU>?`W%SNmp6KnT*xXS?6F4{k zr8aq+&jz;8aDlR?lLpWcv2KNQ;XZ<1@%V^SU*N$q{7*M)s6=dIUc9o=XAZn!cARqM z`8R-dsoA)>uRlyD;q;V@9(o0b?U^I19!AaK9!wDL(U7dpX zK|Z(56eY<+zb7mHik%jJZV9rg)9H z(7u~=@iM;&Bxi@b{By;wok@O0mmbRntWszoFQQtS{BvPNfT~(w?h_=5$#Xm04lahuxFZ1!{0d5!gC%oX>O@+UK9p3 z8aMT{nl^nWvAK6;*ABtls6ndiV}4FpJ|XG53>#v*`b2>z!?sMzN?q0KTDOZ-ejM+w zH}uE&lf**PP>Bi7j}aG-iV-XZRY=`ANLtJDJWa#i!RsRQjR~?Xdyy7+J74=n;Lq)k zT11H{`Jfe7BKZT{x?!>ILj3N2^AF0|EYD#`T@;M(IR^4K?^xjJOE&dGj`e61J8{0H z_8^UPkQ?Hvc(m5eI)};a*UESG1~lfcs3ob2XZwD=>-wlZI#tSkDNYcUv28ycrSpEq zrz5s;j~3nh&o?S~*jvz)PXZfGIz%)^I?+*fnhosQPW_J0w{muOoFKfgq!{iVGha{5VS#;{0Z&L= z{yKCRYDQd$L(#-Nt)`L5sI%3jU`ed}Ha4EcJ$f?Q?hXMQ z_py9W@;!}Wuzf9eiaRuPbF2XI6Ye7kT}V?wgEix2lwui z8FNv$mlJx>4g4-*T)MdJsqnYEZTbolDoetsF6O5mrO4B57!QA_amCpSGAMw*3kvfCsMGG*QM zwjCPTspJVcTl$lzjYRVI5uUHedM#e3-Z9oy(0jT{V2_AJqyclTT=?aZnn6n-@e$Lw za)33s@|t<60be`7UKRYTE#oZqz(HVDg0;8V`n5{XJCy1vH{HaDASt&rSxH4b-d!^y zDEY6=Dg*N%*s%8Yr^O2eG@D@hhdPVuK=pu;Q<&5YGvAl~j&y41pJ+M*x{dP%y{A!A zO{z6mV?{;e6THwlzLyL?nONXugLFwF;F9^3HEe-~R-(gj75B;&y8G^M#}_Gi9>x;u zf^{qEXnWi%;|c+O?wAAn7fYlkHec^(sQt}3iw}}Q9pq8uS%pF!JviAtm2({)Fn{2b z2du@R>MmMHfMXr=&p?O{T!HtAjqY}!r&dn6fwBzG>~!chfC}5bWo(p}^M;0M%pW)V zyQzPnwuDmSnC+zJQ;t*E4J=*-Xbc$pkHblRSU8_Bomd0idML^xI)@AIEvFdZvRa7_ z6=}0BH1W>;qQ>Y)k{V#sg4c6ZbVBR6=z&j1H6U8QG3xv54;MKNtvXsYfK%kwvUeBh zQn|m%TO(QSCsX|M1XC7}ZG*g+<;Ji`ui2}mc?o=ewT&mH&dF~oSiO`$~iVo~!fDc-3%G`e9|0y5>B>2SF{+!Zp+&~ z>2K_u%Su!0LK5Ze`dPejsRzBv2Co7gl*25HYXY&=JX}U4 zUB?XA$!hcsZhDLuSBZ;mZ0QZX@#Zo4L4RMIimYww=g&BfyFIe3nF?Ox7Dv`=Bje(o zRj!eUMu1q!VLs;bybTtWGs|+OrB3FAsNmK+su*vA#@|h42f-~ud@;5&P+lIZ{!*H{ zP1LQ++?al$iO%xmQ$f;qsP(KNzUbET^vfL2;JR}^aUK%G#6MBcO@rPyA7-dd3p0Wm zRzeeyoyf-KDR|MUC7P$5DQk%oc;-N%pQX227(J12&C$SC(^;`8!1}&|y9I;@A8;nE zuJ-r*77-G`_$)R$S(KRU1@WVr=00>}$Mtk@#m(OaZU>lP^lH15mH&aaUf;lMy1i9g zb*JA*^{{30hebArWNxRl4uf90bjs}%EO z!=3;(3P(!4up{WSG)t|80>lmn$NI@a^=SwP?B4VCiGnnW*}rgAOqkBvy}>W87O^qp zFtHLd(6vhou(ajxbmOz0-BlK4}vo^bA)Ou5?JM-7Cv`&^f| zH!_9JI3Zo)uIn4ibn5;w9pE+txU^}LL$NJ|38b9w9*4r~uBh7b<`)6UN>Y7n zvGdgemPd0>?1pO9mX=62i|53rtStOrs#;jRE3X@Sd#_X$GNdQ=5~WelDkwp7Xf3(V znGyB1x9BA{$)wA57wfUpv=&7|+W5Phvj7SU(hrr+BLe5)!2)ZhSWgzpY$Rx6*&nvO z9X+LGmr82ge5vo~Ys^=?DcppcIW9Aof=aFHd@qL;LKjUF{zZkj%d*`bRS*>%i5l)% zlMS?!*}381aS?xR4mV#f@FP+N zr8?+^BtVf@Q!vR3b@g+|VU-~dcykyVl~}L&jQL1Mep#0bedd_@7TmpAAEQ4OUcERx zbJ)JudOZsN^WyLKp(|%$^(FAKP8dhsd`qY&)K56ghcR>oHImlEXk+R?+9 z_Hkpg_gy*7d4NM9k`z)K?95-qI`$?Sxe>av5Zw!KXB--?f4F6CjJ_wnAEzq9jD?eY z!Ln^E1PCXe5rwRN-AG)6K_?5KvI6}1&#wy~j%9r3H(n|)@p=!S#-)l#5ZJqNRLV*! z*oaw{jr=0TnTEPZcVg1@@BjD&;kw15{PR{==uq^SrI#XD8_nF$#V(`D5}sm%5p3e< zEguugRC3~ucWre*nj|YQR4g(UQ|Vjb_Q{-IP0W+Yp*Uiu{=ot?p+9~=`mYFKJel6BYWlJ-|;?hTZyIYJNz_{ZaUpK>lV^N zeEa0mUY(Ie1TQzUztA~g!l|>B%zaj)!J|djZw9f+a^v>7%4%>!5G33vU5UyDeAqPUK3-wir8 z*KXO6=OWfhpY+G6?$z5}C_2j*dzHpPD;i2cVF8%v?fLuM55{#E%X+mGiagwE@c2op z1^6}+nt9gX4_EetHIb!cn2h{4W*#O{1@VE&x~Y%x-6qUX5mKp}p5sjl?Omift1|N^ zv8szlACyFz|IG#H*Wp%DlWxRfy)7nB2kTDoW$98(aRe@B)&PIER@dGyDuA_lVazmd znox;W$XJVqrL&LEt`>jHW(B?YG6ADO+b1z3;my81Aovy0Hn4#WQzsjP;L=N~{)OV6 z`l5L$|LEWtuB>avciDYCmpq}q$|XeI;g`=ktb2aLW1PDDJfyEYpG_+f%NFOv z(VT=Yoc!KE_t15QP}DCT`5s~`#tYQfUpX8I_www9jW0f4wgWZQmQ6E^&hX++CmJ4I zw7iv;lNsbI_&VSqOn!6szAP8E7UX_+vKbk&{Bun+v z&)hMcKvd=!{#&|W_LNPf{`}Vty>PP>jvk+#Rk`EK*3!w3?W4jh2J$A4Mz#FdT%M_J zu{m)Vr`D>%St~7k1^5lx;{fJd0EaJKmOfT8R`O~AJ5|I?foon-_HfC=A*yw+Y&L3Q zC0wn~_E0T##vCT$EVpE(g4Pfj)uRVB3gdjqy9v@6M@+co$eG8aJV7LWQ=W@&5VLY` z_|h?4$a?GBN7k@A3dWe@!pFjlgrz~OR;JTYHKE|K@R?{|9(MUjsf0?0f4CVD2^cq; zG7MkJuS4KN-4~NOaf0va(_l{e@2uER21cA~9%XB_!+#R$OmGtZh(^^a+--nfz8Wd_ zpFb&ySc|YUE-tS1Nf;+HNSS%_PVIeR86WqU;qXHQGpmqwH?0A2LiJ#7|Mxu;RcvM! z%lC0mneB!*>%7?7-F-v*{8_HEF0ZaLgLFOxS=co8hu>O?l$;eh6k@kKAK`hN)mT&N z={vD-)YNZK|4Sf~l0?O1*@`!)iM1KU|BtS(0E(;Gw#GHMOK=ioaCdhLGQhy#?(Pyi zxHBX`fZ#eof_osi1RWfL1`i$}kbjcz-Fx4A^}ni9#T4gE&+grFx_7U&_O_-RILnD& zwpHNuZdOKKp|iT z*+`4X%h56Kms^za?atWk5>Ydyj{F8apy;Wb#0ERW62IRygicwsSIyZpNZ*voJ|rR! zpS=30*1{(3kZg@}n;L;F`DEj;U@$;j{sYijE>THx!o`SofXs@6=T>(1S*n4FBiKb+ zh5mc)fmNwMF%FbLv08$;s|olG^kFSl8*$V%ozfBSa923`K+_ zgxEXXiZr+D!(U(2q~UI^MxQII9IlJgfC!jWdoX!Ry;Vz4PWv>sXDv-6dnOG}ZI!Z< z87KHaTVBAcdXm1ok8-q%t!gc2VEJ&}i0pB!so<6p1oVhMk1ln8C-6zjz-F6XT19hS zl0)B7Kv%Zc(GA&pJ$>dm?+Rh=y)I18jAj5M^Lc~&_jheFMnCCdwk(=l8 zXg}L*D(%7|KsR?P=`0Q18gy4#P_8RwW@HS!|NLA>8 zo;ry)+jD$B=ot{8;?E8KE!oj+{=Nr3NlfA(mArDSWkk~z+KCp^m3G>IE<;C>#C?cr zB7crInN%}YM?~EZ?&iZo70n`o5HE-UM7w19g**|WmI13;)E5)aAS$vXAAQl6^4@^j zZEh1_nOy{4dQIB%))wm^-h8Xvoe(7nmA5T>^+ek6{?#DZn* z%I;G|PM{KXOpZs6NjY}erzOhfYIo7!P2V|O@tLmDX<{mS1TcB%6w*zB^iul*$SFOL zra2bY+Iq9pNeA8->$@&ziEN#Ef;Iiw%dBJ2(FyMKM_sSnP!eS1*cq1W#&h)AI#!0= zGMa3DxNJ7*B+ds_q=P0#skU9h8n_V~_56$*PeZ zs-=_hHocV2uU`-Xjkn2u@Wo9s-guj)T%s$@=qFi;jwAHm|IiSWP&;pxj+o;*MQ)k= z{e}Ky!uQ$NEB>VlK=A~thfxc!-tD;ucfx`BWGoNe_Oe1Y zv&z*)roMp;b5XAY{=+6*V5W5P-gUS`pTcR{0L)|`5x_%q2{H)In3m=bKZ(L`h`@?$m= zl7ol`uO7Zng?o|-FK;^~$4sSLR`!*%dTHZIo1)R3JZ+_h39B(qzD5@;5hgy2;9w&f z<(Pk##CJ))+!nt+V2Z6KYYzuk5E!(>hqNmOEL#)BgJz}vv{CA>dWWzCN-Em)7VMq7 zeNj$Vi=p(xp;2YVs$RFif`UwqR7+VCi9^<`&Q+b?v1k&6hZzA-6OzH+__De`>gN&I zj&`Vwy};+~q+ndNlO69vers82s*N@`B#c9T3awWn`wh_Z^>3}CmMsZD*1K?X+HKFI zd~Vwj*wgZYPcHUOCY0R4hUE4mB#PSNcf2OjboqDHnRhT*rKimQtJYD{vcGjvZGY1KhqU(|fkMZhuxZ zEH$?Dknh!5N7NyrD}^@nh*V@~<@Fw> z4K}l{27#$d)K$KEIj);p5;3f`e_Kl`C$PyTccv?_ggXZ>HCU2WH=a*BH@4e``ML#Y z#*MmAV&1IHq0@T)@;SLC5XRg(q`%gYH^rb&SZ*=nb0_-7CuVw zO8zjN$lzT4Vppkm7}*dkfGB;}Azsx5B>8YcZC;>EeP3t67zu zPs2VH;?C;WxD!klW$8|BZC0-tx+UvW0lGAp5F>NRW_k~7-f3uzf6@9 zHm&=5P3fV~t#@Mi;W&=HT#QA$a-T@$YxO{($+cFtzrTA)FhY3#ddPRcD^HbQ}~LsD_2@dUFd?rM@5i9oY@hc}KVV@r{^N3F8swORwKX$Y~1 z3bA+vTcSmJDF^l<3{t6Zw0Oz+j(hE3Zp$&8;ObMop(D$u6uzo|ONFG2 zM(CMBsx3tlPSW`qD4qx@Sozr%NkKH}s4_U1Y{kr{FXK>Cts^$kmWJ^4{Y{c$#$Xl% zi1{iiLtCN!1&TnzLJ4)48g1KiNEpx<(Yb{sprs!bpPj1nyk2XNH1aZn>8zmEA5$y($C-_U;89 z8)~$&<7YPX(a%nfh$s3PA7cPW3}Pf=2wPykC*8!hzx(A}#!U&PFR9VKsz_@6!xw@! zrmzX6yVH%Gd)wz?>|BSuGdXsp23a7uCYRI~;WUoLTT*#_z3@I2MO0ik6pY35i!6&h z068|5f8#*KF@2?*>8P%!ieI#auB>vQ*@gRHL^Lj6&w4?=Z>HhYeo$q9%u+HliSBqy z=eq|H_NDP&Bva`m{UxHOn$Cxjcat4e48~2Dk-Z}X1}&2VQ&)zj-ZfCtM3>^nE|wkd z4wWDT%)SF7RFuDnZdvnZ;q*MY@x7{P*4yF+wbg!%T64TE><09vf6%I9 z_{!Bzug9BFAX)Kadh!AKT{&YWi=R|Ud1D9eWj0$2ADY!Ja)4R9BfrTZWNtY#c0%b+ zE_5UhVT$@AbIwfiKg!2U#ZlO6zUX^UHXsgBFg`!#jwWK~yp^hU(Qg*r37J4bxG&rY z8KgnU1S85c$uQ!K@asMkPgLx0R_5%@!NR_kDMMT=^H6RMhtG@*?hOO;2wgwB%Oze_ zO)j3$=lHe)NLH~EuB1s(bLa;Q*vPo}B7$7$Nh5-q-*0!9>F6g-Zvd;85}$W`f2htE zIyWlCJEG|r75UcXXa*DUB?~dR&AablLwm^a^Lg)pFRdf5nbPEf0SMWMTpkR}$=CEE zm8tFo>lzNE58RX0E0_j!m$|Cs8Jg&NiFU>`h4n>P>~Ng)k2AA@B-yLaW-M%zzs}XF zzWtb2m0t3UmG>Jtw&%?r;*!k-m>Ii&j(q2CoPE9u-^B>*8ie_DZ5+==NFrkk_#E48 z&T_!uouLS{P65MlL7D&%mnsl12*Yr3QG727-Z?KvtP;s`#y; z{V71cvz1_RPBUN_U!RLcC6~{j=uI+R{+^;u8msB>k$OR=_EB(oG6y_5zAY1mJul`6 zn0_kKrc;2q?f7u&8$4#WJHBTFd9|tylMu#nb7Cdxyi3z7Y^ktK)~;;D=OTg5INF0L z{4@1IXv9YvWzeEWV#7?58r&oWvk0JBcO&RJ>*yMUrUs%?xXeJJtF9Sf!pE}y;hRpJ zila=T!tlZ72D#5+NKgtl#O(0?cVsX8rJ)V+ea)}q8&AW+^`Tp2kTZp4y}w2ClHrEC zVF5QoHfV&t&v%2ACb0Y)&k@*Zy8dY4Ab%^zC;88`h87Mdu|>V{nVEXgr$pwYeXN7^ zygh){)1xt#hM|4!Ckb;ZXQKW!{J?!`6q!xuy`m3b6P?~h`?-FPPMhiva+5=%9DyvK zd6CoQi0Eq$jwB`|uVIm~`!SuG4NC#*(Qi;Y(7eGHT)pozDCr<6V7_d-?l!x$Dgxz^ z2gJ}O+LkF@0MUZX>oXgBW0;j&Aj0<4hk~T`CvOaD4v$iShOx$nVzFyDL;pQ)+5F^A zsSE7*!)tYUaRuv#qXbh7X}L8dxz6GE&x73LVpk*!9*lT4*Q> zS_`s@IEYd+{O{*49ukm>XDo+ZH1~6Go+4sX4QRv;>Qar9B#G$vkb1NXmJVyWkMA$l z4ZhG7_w3UBIcOD zL`$Ao!de&Z{8DvJa z55^`2f8dC6bll@?+{_je=cxjft@1(v6^fEy?g#JvD`LPZSp)a#R-=XVEiGXT3q6fF z(rnW|X4LE1aA9e`z?=A(Io|``!WAyM8vwT3Z2KV@x^w4MLTQxNDhrMGykGYD%kCXQ zW2em3Weywl*e>2LXp!pQn=*kH5YXOAroFaR`d(Yd`jM`f5l=Z7-xT8aj_9U|R4d%z z{kAZ^Fy$88H$hkedV-{4F?NwqQ}K0?#k{mB-gGC1GJdOR=KJdgI^(aV)1T^nSF_0P z@cqi6APj2U@K4RB5p_4kItA~k9^e2iLu25Gs>F6T!P(J*mlJl`ZW-j+>-Xxs2ZXev zh*&JZ+ps3+^iPJ~h=R1){LRlJ)OnG_mX7L2!I#pTEV1lDQF?j+G8!6)x+^ART&|00 zsy)QiRcHPyUj4I#apE{uW&>t5N$f7T+@3HFN@t@^PkUvI50J_5XURchz`CCmaNF_5 zs{%4`SiVfz*Zx+c5_q-+!~i^hSxKfdq{W z!hWC$3GGpg6aC0o4FuybD+i{v%z=vFj|38T@SH$D+F{P2D!A2xAPnY<31G_I#D&N1 zW-*h7|E|+-5McMmWYYaCJi^UzOzGVPU-N~~a|dm)Vb-UId+X9DGXIX<4+@#??p@vy zH4VMz8eJGuI;7-E06O})d3N1v!UHGc=!gUJvOOwa=U)`pf%N%8Hz?3j>8)MfCt~C# zx-I#Y=tc;Pl@0o6xy2dQW7$ePG(vM7>SKm58)U!Yj{x~|1PN!jFB&ijja#NO4llo6 ztQ5QfM97!8U9~N!q@z2P>a>x$?57QC4^m6b$fgSqPvi_N-tCy$00`wi3-f;>%r!1S z;V!h`VC`-9Yfj!E4F?e!;Jsl{GGZh|5M{0u5(f;;CCZ6%ZWl%h;Kt>oxKIy81zb1b z3#VYvsn$Rrpk+2*nmuh;A69llESQP)ygL?XVU|Dq_0+7Gje9{LGo2O{OX>CNMB94x z>TS-4jRIpckSD5Im-|kUN?k3xcXi3S}aJ z=7NDI9`yCTU6ZXhtK3-kX`qQ635u;6m_VErXdnISG}?Md4HlRj6p2Pa zeHhQ&X&!?=>bE|E!i8PuN zkrkQn_4UknmVfOoBhcs4AT^*YiSHJV7BjZ`!@EGJKEla~@qif_1W19t@5%e7N;=dJ zquQH-2+!6SHfKFYa5&8c#~LQTP1e6{NFPlYP12g__2H6ztu2T&pv%lfNH8>;J5w`C zP1iVaxqNFQR0q8Pv$51w@GerjS4a{g+5Is^l^AM8V{Wq-d%S-YA%Z<;QxG&=*N#P6 z$Synj@EztdX|nO>6)lT^I(&BVQ0!RS~8OW5Aih?Lr4ZF;d1lTQ=HM-TQmbdM1L*odmOcMFh=Rcs{lfj z3g?f=m@cP28OMsORS}!8#i(@n9|1*yLvU1RZ0~VwbvBO9OFNp!mkB#w$@q&lCZy-s z{+!JnO&itReQ|3$l$!MJ<|u}%C9;I{l0H^#^4)qPIT=kphaNZkx}p&5e5KU$aBN!4 ztgX5sX;Wa@ee!D`wGY=HYo(KdtFFpV6ZZVVz2gtvcN;r#$7WTv6{pT_@!Y|B|Peh`vyUU zuxo$r&l|y|(*dm2Rv9x~`jJh)EHgc;cX?pftxG3w^Bf1|LXfbo+v7K5=ju(-wSyL_ z5#|hY^sF+XG7>S2KzT3UW-J0@^86)s?+cj>g$SR34TlcRyC>MN-YUg}sdXIdKzI(7u~FXk^6-?;8E|bU3tABr|+KE0e1y%LB3N7;CJzI(Mon zCViU2r7^MbT69^dYFPl8fo?yM;;7A!Obwu4VbPh!W?!?s?mMbdJL3f@bbP0Kuvm!X znSUI%P{}~B^WH#>=-t-|-ahwWR#XC){@$dK0qZC^arrmfmgKuAx3SBFJ>D0? zoq-jOh_t$th@fjjZtk+nsfFY>8s@dp=&8!}Vs@ggZ$8Iof|TjY{M53mhC`c)LY)~N~3vSEaekSg6(J_WF!lmv%u z_F<7rb=1ZwcMFROg5(?Nw6&y$NpT?*Lz67F_iX*Wa8cOu$++gMXuTy}(pLkQ&(|ih zbmG4NL1rqCjdZ;U3=xw8BQIf6cVT(e{I!7j^Ot0AS_;#)1Cv;U?WSNrFps zt4%^|z94|%)xb5vtqog3b#~RSU~k07SlER!=rqBr<;})0k4fz@I8SoruCKJ<{ zsP#(@TixjG4kXKM;TDebj_$QYfdhQaec^JByJwB5)+CueF${&$8eU24X<~`SYNm=V z8D3DY5Phs=PM{fXmhp6ib!QDNgF8qS#X|l4`b!R;D<^(OFP5aX$*wA^6x#3vg@Jym zzGYi}{&x%u`>&XtvON4@s_RnPXE{=-V zW3yH929R849JyfKZMMk|fU4@%3DGkAR)p{jdgzsmZ&!`6mJ>nFL+c2f?7aKrvz85Y zpLU63{~YhV79f{isaHscL|NnXi~-olR7lon9&RF_gYRJ6x`KN>a~gNVi4ETQZ1+vn zcjjKwrP!llVi3BwU0IM_ng!L-xYwwKesq3^B6xmEjbwHvlB=EedzrD_8DU)v{9ByE zuBpcUixC@)?KVX5)Gi;m&hGRTu2=oe<&vE*%o54736~Ew&u8MVW-%$FJ3Jy3Cl~pF z@#-w(#v7)PV_T0RcJQXweGPshUa}FQ9RuV*Uuyc)93Qp&`PBHuh@vCvGiCdeUp1+> zE)e964->quP@e);GpAz}dqe8Zx)A8}K)tJ~i!Gwft_@~@^4Jo4O084CQo?}E#E*`N zUc*K@x}Hx~$yRNp3PjQ}<+(|yz#qtJ*wqb^Ds#2h1HjL2+i80-RK&PC4WRD=p3j!~ zNgSQY<$pC~T4!K@yA}2ggc+%BX`P`k0O0ifk@5E{Aum3Lb8pWdjd#2+PDi-h9=W^e z+w>DwBUr?u2a5))a<@A|)xIIi<-i5r@7i9@jy8_+Oioa85iTn#@sa&9Gx_N_6dvYi z)CtJl@tL4wxNE{|ng)~YG97j5443&O_5?^~;%lAFus`(; zE`;c;uUoB))YK|p)^9dr(ZI#Z-Id`T)iv&kKGw;1NlouM%O}o>u(>|_2Y&LL-<{Y+ zOwHHQ20(c=Hlo7)_hv(f(zx??bjUxIe}7SM{pManCLZ#RtmD$7Dd3LL)bs}iwPylG zdv^~`?iBS$dg}|a`<|or!Cc0Oqsbx*f&fd#u~_F92xc!xhSB@|K;;e=Y3d8QQL{Z1 zHT16;$i4*$S;F?U!RWf4vkqBv_DD|$kfLDe0} zBpZ6=wVL}~K))brO@;eJUfLNS z1&$r2w%+V?;qiZaYWXG&&VIgaI?DKNB7~`u?(%#6+J$!2$1_aC%PitAjUB3dcEAx) z)Uo^L3|pfF=krcz(aXy0vyO}s`hh+q)JJdsiC!>3jko-32C`6Hv@vBMqL866oSJlu z@-MiRTg|os6JJtF!)?&|&L#8}Ad;tUL)dxSWm<&GM6fYIc19*J?m)b!QeJTW)K444IU`pdqsUjNz*C+w~^h;isy2<+>|QEZd{FBL*E&-)ER# z7@p^&>fy)kEnj`HMqh?k&d8RD-{hTyhly|EWqVD)ez-U%I#N>X_anohqr z4}2FAI?9kp<|{~KO>iO0@GutZ zP7uS!P7^w0nS-|U{+@<_j*OthPhWszs#If))zCP=dicF_YJkZ-WSuhbS3||A2g5=s zRyYnm%T_z0{iDI2GMIp3zzaYq@c`X;cbwB~PTEA-m$KytRD9@ZhLbz4y{)+WOlu<17Iy=b1X|F8C9qizH$_L6YQdhA^Yt8X0!2Rz@u@WXBx zR6WcY_7udf-{i;Em1?%w1t3}h3ISQmKUSY0`crOh2Omf^m}f9c@|{Q>lmhuM147?4 z@i#J-Q1|~l>)9;1N4J8QPJ~28dz=5T)mF48P?x9XQECuacyTMt11Bl<`8M#?&0J56 z^$QH1PB8!u&n{)8v6`QOsgJU7-uan9!?cw(e1PniVorFmosW8M`zP5<`vg@Y5uTjIGGsp% zEo5lQr@Cs;4l?{WSODAA6xbyRsB{4ku75sc%_>$;C09f9i#=%CED-y>9jU+EcB^~|gq2fc>01|qh} zR@IU&DPcHxctfww4#t@zJ8}AT%2&*qCjaJw>Gj1JPj0PRlqVXQXLab@%-~^Pc3;%V z`y+NSdkn)0X-e#BG2*66)u?NIO_a%_^h*|QylplvWYRa8 zBLVxW5*qUe-hC^QTzk)tgT%j5<$#GbKKQxnRSXUY#9ZFjHu*>5XqFznI}=^|dZ=EW zh`<_wBhAIP2=jN4lqyl7&|lI!sW$6BN(C3R*u%J=4^=ZbH6V0@{~WlE6Tl}huTJ*A z3jT1EV=MwFEYq#QY}l>Sp>C6=1DwqU-~M>T!|pXYKF-USE616Jwez>=h9O+=GBT9l)}*a(RSP|* zd@R~5tcm$F>7L0Ra!i*}9mYsf%=B&DW^7J%f24u&F{?M*;;>FZ7+d;bFZO4ZL>UwB zM-)NZ&^1Y)1Tg69E?aGPw;jA{hON= zf^&2YxzkWTx7btAXNzU(5``k{RJ{uwpxst&mJ5-JP? zJN{)m=V9cjZRKReq0lSKcd3jyDi71lw0wMV@OzAL%gp#rlXQ$qen5_K3&N2!0SXzJ zd83oUO0;}SYXO{&k5=?4H4(6J0G_rjh@`*x<=JSTv^zoFAFwe1q}}m(tc(2_W3u*> z;(c}#FwWd2M(bT+(84JZK><0zYuFCL6Yy=3wG3ZQ>R*PgA!fLj2AFKV#uQZ~p?B=Y z{2lcT^T&rfg7Z%|--4Pq+I$Q^QM1cABw6=Pb?vOX@pGXX^6t+W8>d`sG_syDA7&#y zhCU{(*xiyFe&?hmXmKbI>*1}gY5V9*&CHWyo-*|&--@E5g(iHT6|?VBrm)66$Xks zaFzLX&eFT8>#loaTa6ow*0~w*S%9_9bmlh?Cmkx_o;m{dZD2l7#b5&#OnbAs*0Ub^ z8u;Lxb$%nvYEm6l-M!cv3s7=S6!S^pPxZ6UeYw$ePLWG1_p7HO1aEJL1s;VOc^!Nn zo9c8^=`z_j60F-c((^<2T$wl6CO8QuLahIDVnL}Ld>T4nTnw`oxJgWI0%RY9{DU*B zFjTitxyeFKckM$<>^`GuXYt>fVX+#r#Hmj9c}a6sPj#2yt#(eWPM&75`Rs)ymF-dJ zEW;(!8X1sAf)#TgCM%g5dAmUoOMa7qnvyNwoFcJksjhQ{w(b{VxeI8P1{+kqw4kOg z{E-%c6RWY2_S0M0ezTtc795ygt1mq5(Cpw%s`9BPE+^&SsNiyhG&HV`9*F+RjQyF* zSN6_|qgMqDuw2v0gsDP<{|cM?^O$M^_-Epcz8Tj{EUE0KA=GULCC)?g_S+bx%Bwgm z#D}t2=~eK?Mof~a_maTiMfHu9OeWwv1_mL$Tj@phlq1s)>B)LSGDAF^VQlMb#!5jX$E7ZW$>kC{~@&|U~WrFrPt{^kPSi|XMB)J)a!!u%#AOe2U5aU<_hH$wjK~MGy|{*Ih6EWzlRldRS)uxqPl#0PFSV@jpiii^cPs2- z7nYNEoC)u7z7*leaFHmduNXA(+Lk=lsKbT5j~?BH+_i#iz!cuofw2 zudm_~PMv4uZRe*S994&n(&^^EH4whnh_hoCQrT;{OTDym=4^wVO5MqJuD&XqFE>2u4!bh@Wf~#C|!5)t6kD_6lr4St=E@Zmw4xAtJM|{-HM)T?7}4| z`)_iYf0|CH#_@|vsdb82Nao<};mMwecuF}(;2WI92d_KWjRfj&;TliH`KdTgcd_G} zdByLMLSRm$+98t{fFRAzYR}ot^#iicE}HfJ`;FN;tOKiqwf`LP4@LEA6B(e4 zL^xX1wf5A53IVaC=uC`F6|Ptj;hzjynm#RD=`)@hVP}33T*=54m=u|0)uSW-XhQ4m=d^3fT5h2q|cK@Hc}{IbC?X;if<8|MS?Zoy6znF>a6f1!xqrU~9+E#l;Hxea?`mrer`SZ9C zEBL+vdmL1cZ!n=4bsWy@`~ALrL;Q%c|2zd%>^ed8R`}vQrT&JWiKsdir8SA*u$Tcr zwx1BfI)HCzJrqm{S znLPcig;WNB!9Y-Mn4)NdsF!D}eLQd~K3=^KUvQYL2E^Dx4{bXbb}G-x+39@wc;GbFrGY*C$A^jrBQ0$sk4WLEu+`rzU(;*0FKzTQKy|y`9f`x8UWbR0oYRWL;swXPR?tpW zS=CFcf`$Ry;L(uv&tU67xWf98NvFzspqfrk#ml9`ICcZqkCjI%-evEWZ_3J=Gp?0> z6Ab$p-z2CJ@tjQcd5%gXxHo*qjnm{T0l!yP65K(gS6uy7vdfAo5Ruf$l;0Jafx5co z5{cOFTtX%px%R3h0VUrjiJsGrz+k~CmoP-VXguCl4%w}QZf$=uiSDhHG6S|m(fZi4 z7#J-hl!7{Qh>~44vG5)yAwBcRsT}*MZx4gQV{JXhO;=G>TFYUwKwzEc-EeAaJMH7! znXTjjDybIVo_dPpHmQ6jxmm4TngxyRVY^Ddv_}4%0_9x0?0N0p{LRX_y@ucn+QqOo zzaJqU9cZj6NmT)f!FW{9){a&&e&(S{F*9`X2^t}FD<^#FG-wMrigR+*dU#0V%~;Lr zUC7f6i13>6?Jy80s+n;=$NiwaVEDsf=^7PnET710I>zy5cO=p0H8s@Dc!ct-K$N0; zUHFom7^zWyvm%at44s44lE+#3xdypVjY5@KXCQlwg5Nk+)<9DW(|ZN*8*G20`E)uh z9%RoCjc;ct8<1?&)Tqd+P{ks72BA*$UbqXguKL#Kh~{f^h93$LeeQ}H+$5%Gys z9RVNUc@?DDrbI??JynX&3~z<^dyDo50wlQZ>Aev0PGR|79|nC^Hs@H^?f$}T{wOcO zTgIuqv+Y*iA*kLs7!V7|S%0i9 zZtga^gziZA(7b+0^wl2%k$B0ZvBQX@)JRJ~_wG`lRPkX_Mxqn_`Zs(j#eyOz^T*R= z*%qi{;(3)JpTg>BjDAR(Z|18B9lc`X{sf%~n4H*ZAJH(qd9MGwjk(P>O=;)#e2o7R z3dR;CglFQCAtgX_!2%*TGO)q1h%v$zV&w3LGp>JWDl=S2IJr_5vRjh;DeMiEpSMcHK2%EC#K;3U;QN+_?{OI^{ zZ~@NIu#$l*g_20F-mMdPujs;4xz@cT`T%5BqDa`;K=%M?F~!8fq4JqhE|ktk zfWL7Mc;SEU5+f18<9AKrthXQZ@N}F8OZ}d8&vJtfxE0MhXCuIvTz&n198_{#(-G z42D;vFtq(`hAp*~sqL51t(t$C5C7C1UIh1F>*KZJW1X4`%GJZ2|LbV`?-+!45V+h- ze5;^v0Rch5Y-qj!>wr(gzi$1L378cg2VQ;^>?#j#dlYxWvi|=VFwoR@2T!mn`w%cv zf)5+{+wJ}wpZ_hWOd9S0xpNY@SmVk5RGD=1U#RoH`~x@ek5(8}-fIE^+O<$qiT~38 z6M1maW2eRcX#iaQSNS2}=>Igph2Z?@WdB5$&UpXdw*58nEipV^gfj_Guo~1<@VbC_ zOBD3C|Z7S(FpnTWq5Mxq?7$E0gnIaIomjR&yH>NmhUWk44wnH>H1Xt zMJ4>ZePW&d=x=8RTo)h1fd&6G*MI%FgKNwQFi46pn9hVkxqE{2B>n{S{@XK2@KidR zs^`B~#E8sY#zb(c~vLGjAX0IM427nv>q1=W&t zYo~!&!5|F~7X27_`?XfeP|*7AW4FkD=Ty+-S^nLgnAv{7>27<0SNrYL zE>Ks~=v7!_7aYu01?n*V^AhVbTkRC?p)$&IJ{VeZ_xMQk|GIuN*P*+s_bp-y2Vj`nvO<%8SE$}} z5ie2+hhn^%dGjBK8h$~!LB_3KUC2PtMMKlJ<$$`*h$1gm*;8X57fcvM`U}p){rl;8 z1#_!SW%F#xX7=qBgls(2{+cg9+*7^F#5xnPSDa{^HBzCEQy&o2r2f+?=F#|uWQ!== zAzrih?KmgIn;yM3a+F8-15M}t_;qKm(qF&fS24z&nOK`10Am`v?5PIBIz85m;SU zl;S_GrpNb~;QN=~|CGp02LDAb9*qO*|5PeUdO%=G8lxr{DFx9NC75wEC5#L4^?T1n z80sX->3YW#q511g;mr-*1t0Xy@?OY1-p2Ta#O9jrdJiS%<#l|}yqe)t6AH2^UMuR4 z1lIkDJ1MF~s-KgDS1*Bo4DO{Qh;4-uK*7{VUP_xjz14wT`ZQ-erJaHvKwrscERry! zd;=dEv`(bAiVZof@C2IP>W`0*w&Hg0=j%lN6z*KTLdyW(Hm@#<{lVU|@`}~F+x|%+ z__pusC^NiLYMOLg?K`ova2F)@o*a>c7NF##fpI#Cg~{zNge$!`wr-jO{d_u}AiW0R z9SAGP8##IeU&&yst|QC|>gKcYg>GoSY~tG)p}Nw43mj8|7Z_YKtAha$3V$C?6uvSy zQ+Kj~^>f!K_9#dZa3DkwVxVBILGdcq)I@E}4$%!=QhU0;yH&DlJ>^8K!3?95Lbx3H zV5wIl3}ztjmr`{W*sFbgJ#`fLv5BVVmS=Olx0Dwn8vy~MUqxO<&ri&U!hxUH8Rg!t z*Cz~ykd3SuoJ77sv`FSJ@}q>{`VrsXQ=v}i<2@d#Byj9>1*rpR17+RtfP}W{=(UO3 z6&I2wqWXsWFWx}SM;AZ83Opn?R6%Gr`MY&=e@B!3kfhoBUa#;WSv;<9hw8H= zf7qKR7{$2Wee~mqbFp+XQ`h}ojuqT#ZRFweZndb+6pPxB@H&~0zxd0|3Nh;LwBQtb zrM@Z0LV2OdSBe5pThsEk9NJ28`TBG z@6DoNmQNm1ev6Xi0S5Ubx?YJ%?QFkprq9;u27dnvRD9B|L`tc>*)X=c+$caZI_#76 zf*QW=V7N4c;!#hb(A1$#Z4#$AaAJnz8*;#hRkckS-{ibzZ^e58wFKUhfw!XEm5D?K zXA(shv?OnDfuE)(46stZu;jxQ^L>22G6hzM$|Rn)003Im>kJVLmE-fC|^5GMnTmhPwz!s_2*_4jt}hV ziX?bkm3#~pb1Y(eeWrqnV3WX`E2J;#=b~*W`tN+KQqvuFZi-aV>s(R4GJ6zfjFzzy znD%^SMaL>6FlJt^Xe4w|?IR1H0?IFFI4OFQ9E64(A#t|2ncTIPkr?JMu~}YlGjC~K zcR9hzUX+@)Ia6)7PrI&ox*m71qJ(&ylm)UhmWi^gtk1fg-81)Tls#NJZ4mF0+T2k5 zpeb#0sdJ*bIKD&=Dpw^32|kw{Trb~D&b>U#ZtW%){vbMAEA>)U{T_4tR*nwk=?#3o z#FNLU0V65OtVx6#*}=0T5H@LRC^*baUVCgg&doA=?UwF3J+(2EuG^hsaIU<1W+G?` zUv63t?poUnRvgHw`5Il#>mg-tJdfP6)-31!MbWE=q~O}Z^OE`#wQ=^1$%VlJxX2)w zgqN{O5m$n(X2iN$%R!*sL4KCyLqL@x&SPL+t1q*Q%Rm$RyNlyJOd$^!!o%AK?M;=f zLt!^jS#VN1B}gCqcyADPH!vEgmSjIQ*ec=|DxTG=+(5W;zj&C^3SHfhq5xq4FyZfw zbaRbTdTtCP7m6NsK}7@-(4|;XyQb)%;|E>TUuzc7a*=G+IJ#&aV zN{EUPYU-9;+E%(zv8qyBfYp3akw?ke6soquWKB~|FxzdPoP#j5?kT%gXuFXaB%};l z72X--RqK)bC?GY@r=J3K%4uy0o^}n43}}I@K%#QXEJnk&)-{;zFX_cn$QzSg2Ym8c z+gVlX`E%CI_RLs-g$iI}y~WsSwcl%VX{Ux7A@=*N&E8l;){fz{sxKz)HWaDL1z6*y zVrlce8Bk=+-@*rGe_r+#8wzP;*w~1oTo&Gxr-0+nn&nq>J0mt`*_&&0{DNN(6Tfe(7;mi1{7(s6Q7>EwizsS{0^NV;lXnyP}+2YC7{mzOj@n|xY-xj969 zr)c0TrE(D9nibd9#a3tk&e@WZzz`G|KK9*plXuJUsYcsMC~&Pu2d{l=xoF0v@oi1# z#%uNvPrktFACz&KO*+5oM9&sh^@eJ}u7=w!PjBYZdm0W41aXD@HQ1qWHM2=#x3i^+ zqR$IGsjY&n*K!G7R=9A$+K|m*bcpw}mhT(Xx`RlOcQe`@M=_ zvh8v)pQv6oW_%BmQlbKjkCaFnFFKHYLBEI7Cm`8NNu$0WO}GLmMx# zG70BK&$G4<(>;v$1daA>OP+EYJ2!$R;;wT}D-lKul-Sw=s!2*mZgTB&;=eKle!vvm zUuZVonG-Z2d@ZlFPVy}@B)PWZQ!SXPGP9iU>>Q|Cp#5!Os(E_+|IMV)tnT*veVslt zx7j}3|NEKF=SXp27p-lcUc$b0@;o}rtTis`o?UeQ;1&kgtN(7M_n$FpkC>S6`tcs? z56`7?U+&NO+Vm@6;R`03}zocx;LW{oK@4PRMNl*n;Lmr;4zySVQn zjKwbNV;)VsF)jC2-=SSITrIzRpZ0Z^WA@JO=n{(b(7k=?)Le2 z+WEG5r~V{MMqa-qqP%8V@Q#@O-%qLLO?+6WKjXvM^izv>u3Wn%{Ybs^(YaHcF1>#r zbnfS^4JU1Z)@x63I8xf`m(wQ7q`2V?i<;|t@!w|?-=59Liz=RZf4csRT@Txgl@D@d zfJ@6Y8o=sP)O4<-53p&(!>O}<$FJYF#dT#aNp4=rxs12uzLc4>N~RU4MJP5MXmDZW zvTeXt?p5!ED?&B%+tTNkO@ATYJni(KXX|$TsV|&+WP`-lWqqJ_u!IaS6do*7k>x^a z=S#RMJeu_!m=)lCkpw+p+wpnQtV<{1jb|XEBYPf_E{?{X3Ic_5yEDDifkhr%uhP0o hHaG{!c-C~Fo}vE+oAB?+&yyK|z|+;wWt~$(69Aq!yKevh literal 0 HcmV?d00001 diff --git a/website/source/assets/images/vault-static-secrets.png b/website/source/assets/images/vault-static-secrets.png new file mode 100644 index 0000000000000000000000000000000000000000..6ad6fc2d2a638c31f7c7bb11f1b0decc56d6d3ff GIT binary patch literal 22109 zcmaHT1yodB_csg!(p`e2g3=`+9U=|V!_Xq#(j5vYNGQ^sQbP?x$A|&~0#ZYVqSVkW z`Q7pPzt8*s*80}B)?F;-&b{aCv(Mi9{C3Tor`jqcgbajOSXd-#s*m-sut3GY|NHoO zz+a}!k}p_TtXOJ~6%70>wsUYB_)G%a?D3_udkfxSk$8h1YI~4TW-lv%6hNOiKK)kM zvrWvgXxBzCx*rG5N~9I_^Y1!oB?OB76V_T*}Q>1G(R z*2BLx*01~Dk*s7veOTJ~X5`Hv59?(Kq%Km&m(ul+>BWyc-}pXUZM-{-5+Hw`J<{bM zWKH-I;W++SR9@a4!T+q(Dvsd6L;~47aWjF3(=vi%qLcU%|Liy3o@dT|5GnYYx>?;M zjOTqQ~SmXK-Gzf4B9gNJW9P#C5!lAb;9i5qTP^7+$FJ3bB~!{W!C z$MG*AW>=m1O>LL^@BX5-msz+|4+xMNJVYV-^M~WPjC>_)*tte(+KJ#!W(7&UP8Yg= zWdU?Z@m=PIVtEHSC3Y{sk(T`<)((Lgaq~-|5{hED)i?Y9B_}svO|!sfJ-XLopM!7O zOfGaFw#yaBC2TSr3tENNleLFL{|Wu+zw^CI1C6_qO2V*Gg(FboL}7!3-5KN!pgi6kS96)KuLR>9a?q2Cf36P|-NUf&PF@w>XI z_?66&*ck9YbwqdOWEaHDq|iE)ri21?u9gHmtmi{&37&7?WV)8IYOGn%FQqWh`YO{X zY|}Q+Yg2^y&OUV=T2+@N@6xwrDnInRa|Nt0YZ+tGWp_E-y{}UN@dIx_>|eB0e+<_03;rD=_!5~&HTA9FvM-4!`3rkFgxLv84rs!SR*#CxJ8r4-amlko zRpc*{Fx31DJ6dO0gMM6>KKT-ZMEOpuQ`UN8G_He!Ub;+?BAB|Wbpmm~edm5p5;vht zw7JK1bF3TVee{i`x%0duld$eXM*B7vg$mVc`aOY3%F&xH;_0}EJJO385dx@rUUD~= zAD@s-r4sjNp349x@kvtkT1u7)#+D(&!QNDh`6u?o<)A%d{jIK+ZbUFtr7nIv<*9+e z?L;TFEIQ-*ZnhkTIPuDRY>6Mwf?PQuGs54ki9fn|_vH7TKk1nvmPA;5k9?Ib@ z{)pE}Fb{iQrEQREDmVU9drorxW5?&YW{a!OVhK<_rl6KB68+le@gS3kFoNZU@NRzr zypt2L{fakdVgf5(G?jBk4?$;~Z1a6kla- zU2;&ooyjHf9^NwKI0A>8|2Utr$&Q>w*XSu6b(Kx419zlxuLHEIt?;G0oe!Z@ukfad2^bmt28Cp*7Ul)$R_4J{PFy{3>B5>XrDFIF+3rP-Af_!w z5^13;jtFiY(^%(ljk|3S5O4(Hk8zm!K6;Kh1$pzry9W*)^NEe!cKl(GAKL!vmz$4F zTco$1@KZScdD}T?Wughid3YCmQh_J{HX^l46<$w6;8 z!(2Jd7{DG=yTGi99Cu!+l8ZJ&N{6mCjh+t{`6r?uShrDZu91+bjyJl!8#}%EJ=?Q` zrfk(Efn)PiKS6`{PL%=h5b146rzu8?!2w$A-yc8o(`qX7*MJof%E7$Md7S*_>>Ldw zPHeR2c8Q53f;hw$8o_RJF$>vm*{=AlF3UX2+|Yt->Yp47JYcbex+0r=^-GdU8T~t5 zL#^&5C9|D#`+Newch3nFpypc3W3EfQ&B-XCe#O8Fruy^yK2G%?k|XDWXBa@<%vE^#^-WcZCuZl`XDC3WXRf#nYFG4#<@D|PD@19hY30=nC-xZ4V z)-CqR{ufJ-uTwx?v4;4k_y(!?kW1ALB+sZ%xmn3oq!rlaX5)|9j*Zm)i<}xWk?i1& zmxEgFCPI}^NX+!Gib9A)uRajr zH?6aQ!5$Jil)kFmll~-Wm4^Z|g~mNA-YLiMlct+t{0LhL!4+s-eN|T)Vy7U%Ii~h1 z!4`jP=MGHY>B>~OoJ2$$i{3dd1-1d|NZ;axDga!g*|oGIb>xTz@(b0~5`@2URQzt&U64 zRrdibVN2j0mzM>xx;g5@v9z4IZT}2dnhh1Caj>&XR=GTk^nvpRNjMyf1)Pi9-ZZ}G zrz%EKtTgtm6N9I$=s@mR)mZJ!wU+~Ziafv#G(lA+tLyzQjYWMp!_bA#)dY8Lo%t=( za6IK>v@I`Vdjj4dr-mnD1Yr6l(mX=Nm=8$=$|I}8+`%$3O!Czke#6sw)QJ4eoqMEg z*mX1)&VLyI-@mJR=<^qq;gWw}@R40ch3`XdWA=m<|rv zgUWI>ox`{IV*%^G;h3icak1SSmkIVCG|aQUfFoAhnp=K*EsET3X)_U!D1M|UCQc#zvsEUFsTw4oA^8#ppuWRb|A9Bc9BsdkYKqK8NhRR zeH%F!AwcGx%dUD0l(B$;+DL71wc&zJuDSS85+O#no>&>;mS>z0j=qeT`@o7QS@#Mz z##sVghP}^x!S`1VGRbSj3OtSAw8Iw3wsx5Sg(Bn-Q3a=}bDBL54U*irm3(avy@ zV}SN!Hgbhl*)?tvk_crgNGhwSwc2U>vm^QC)bO5NL}(|Wf1uAh#RA*R19b z_y0~TlJ~+DrH7~;DX>3`D*4VFIStJa z74e-9_6lr*R2X}D%lP&8!vUF_V;YJAb1RBs5p&r;Pcgt?OWR7E$FZuYB@mDV28_+F z{*#OogSCX)Dd^EQ!Zz{@ypi+}UIQ$Pe4Tu{U!4K%z>g7RWqdv7_}S#e>F+1@hW#o@ z)tedp?Z6nQT;x5>fX-o1csM!z2V^?!n8JO@gJE`66};>PKv-SGBRW$aqDHqnnd{HV z*Qs8!%4Dhn(#7~!y4WMCF<(+B*iW(5mV((;@2XB6jSV#bb{rKi4~?mwyFD1JWaaty z8#+J4Z&lzmQ!RO(@}B*XA4!q23`23FT{6U^l-KNyQNY z7S+RS*%P_sGTV)Ek>RwP3Ei7=7TeVn2OH&tM;&`XZcZz;MpNx=>Fm2 zPRO-;L>rDfpg{3N58;4toSB00B|d=W-CcK5Do)1La*_exe;_+|wD3RT5KQl^%;&#(KVn1pT-Mr_~R zGqz<4;oF<8ICU=j)=2F0algp8l5V+gYDq4Em1&nU30Ar;j%AsCAlS*(PIl&yg1g@P?yV|;8rh9>lp2zCa0rxx-7l(&I!EW8y zywuglJzI)Ic}>SoDFL&uwy&=K@u>Z}|6I;eNO114FAJdDR?&~FZDz0CWIpDa#2{zM zB|>CGwC-F6Eo&hYo9^WrnEwj7>b7ONQZT%8mP8}NuG-fYJwg~vdo~{Onrozw3Onjo z9@bLL#?|e;)mDcQlHl^tQ0-+KjwkmCS{YNgE`tp_e~Tie!o#w?W`+-c8-9HHE&zWo zXIOS_){@Y{$MXTdyZ()lwA2!(#Lewme7~@>AeiXX(yh;r(oz#^=pzQPYe3#V?BA*^ zGlo~mi7v9$uK~JB`J4`Xjs1Q4c>tnm>hOw=k%7M`?iw-~rL%C5e-JDKJ~Ku(&n|rt zdQPk%FI1Wz?6B=C7YUd!6Op$gWM`;le=I9=`51E-3!@t`*0Yvyc0=pdDT#(x3;L(C z9*IlhpJv3+!~J=PrMba5`V28rUTatnq%w`JjP^VJ*dv{~=sI39^?X;dI6 zvQBM}a8|L{YJ0%#HRgAk?|ZBUu6DKNrp3a2+;iq-5JSp0eMp+{tduj<16$t?*qbn_ zdU6HHOL4`@VzTdICp@Yn5Zdq6G`ix~UD&PNU3#>-r!}I-BbBLXAe2o9i@)SvZN2aG zpI&+r+-<&a_sL6W{~JaFwu98i&vXwu6p45AEbpxhRh69lrcCGiVkM5=BO08wrH_d6 zJiV*hVc~x3%y)w^b>aE2L8N(8r?cNR^Jjr}0o;?Hp=xWv4!FX)y@EIkxVI~HkYlW! zuN<|$(&vWf-f0uQ&HVv5Nd;viL`9&&gTKWr}CMl0x9{p+Mg3k8U521gtP4o z@crS?6X}Q8maJQgA6kn)zt^(6s+EQ}0m^h62%HS#yTv9B-BtDB$qKN4mTcmGpI4#O z)Er%0!X7+6N;%7$9LtMa(08RfR3o4oKl4<&)jUpaGP5iW8DdJN#Z&IKGpJdc?%yF@ z^f=F55BgX~|6+W5>Xo%=+uUqZ6Nz$N|5Ftd8Q>>H^QhyNPp$mxf(=2d)TG^IcQ_?;U&Rd&@UN0$X!*MnAFzM z9@p6pkP)m)8156!1KfT3a3HFPMeaA5F(Aa*UC(YgL*BO5 zM~9g@9uM`jcFtWikrhy~Ykh?u+rPk@Nm)o z(c;WVZXbJo)I2wBblvlB+Vbc!fu?O+?-QBd$$#My7Qi%Y)}7ioqt0^ocUjN-vm1!y z?Ay!gG6~1Ur0t;>nmeO<4!1vYs>bt)Qm9utU6?fKC)?(|y?w}5>~UG7?r! zYl20~iZO47&v~-ZnGI{$6kSqSYpUTh#$dlO;k_1HV3?l%)^;ov)I|d88?Kv+S05}> zJWe&FbZ&>|$|Pzb>F)Af@F}=$t+;MpcYO4B@BiywrLY2EpYo%1LGt(Q^0r|;a@X|q zUx@tIB0>%ey=vSSvyt7&vxS@8P0v5nHEAJh<`_hlZaDJk5tOg4lITQ(KOM|Eo@y@4 z$J)S7?w9Q*qk=8*U>$3FLB2l&)x1reiL~og&!4U5DU-N;uaeAznVr=d$7F)Er5Rr#slmL-CAP+uwV>4<{b0_lDp_pH3JWYqy^F3A zy7f4yEpmd6%?8F-UE}8yUC~NO)D$ImYO4sxKk1hs+=uwHGqD2Rm>>cQOl!rruU-yM`-Bq z%6j}!h7;F-Lhp3s#F$MO!&O{$bacP z%sCQ1CC16u^geN0!U+3?H&xLZ^fx5ZfWy^~_0zQVSBA8OQJ>pH4K2;HVn%!75xr5S ziHG;SV8SemMj#7QLR$Ftln}MG>B!teG)k+QM!ul=wROp@3x2;C+A(qCHW^FbYO{rz z);S2-6vQ5P1FfFq3!e>f6n|H{FyChpXFgda|E^loCVBW;$toCRlrrjX56OJfk&xQ; z>{M~^mkGBXU#ac*a4hLuXpo$qjS1eUwtt)JiU#~ADs6Ms(Ph%-o4%th*BW&HI}jY@ zlJEG$tx5x4JTsW0^%S3*p-pOS%9IzZ>$xuFoN+j=jZ2)FjWt-gLsQ&{fFBzUB!Ba1 zJ^VpF{Q$IR)9`-wp7oZ{Mk#tQfmZKAjz_hl|8&9FoT!{EJXARK^pX2X9C@)A(j!3@ zDGUI0v6tceL0Q8N_(!?V(~|_y<_dvVP7UMS7Y)B0D!0~!gxCU`TzO#*?~gYs``;S+ zAJx;_J(?cePKq>$>lxzl8pjI3{RlcDpc%BnK6H#Gqnp#On58L;g=$d$F{d_cGHaHLV!?`HvhjPnn$%~wVq72Fj--a_eDwtV>- zGq3}=DzuN~L!M{3!}6|1X^K1X8HHyib)edaQU*CEt)Cr@qjM`)D35Tl_K)k=;=FD< zLO^g~=a+fJoM9u}eHm}qRMx@Bug%G_r#b)vZ`c+Tl{2mWRn}sh%k&EH2=<~2(~z~1 zZ?CBKIHnoV(?(+-adxW`>=wllgb!Zx@w&tD_{bV-Cke|ZKNZCE1*M%nS^Mbsm9ZNZ_>fvg!o^?d^;X7Q*^7*v_=9!@7TzbpNSXx( zh7?<;#1;>a*8RH0qP z#MAWYuSoV^v5D7z_9TT^7u2a*6}Q@L_e0&;4-;&w{1zXL90b5Vpn60<%h(8GCo3Hb zI=<1G)~|j~K79uy%k!<;_-?~mE3=)9xDzNj1xoCw@#4iX-*5wqQtP-_G!}$&=Y5XR zXRR|Rsg96T6FSsF!6|?WR+t$_GTX!(J5#7+@4@|wx}@_*R(ws+AXQzgZDDnjlJy@) z;ZbQ83s%B3H=RJK`x(*&9-~`s&N?d2aWnkw*HfAn(DZoE!)HP*-FoEE8vEN?Neok! z@?yN7$J9HS9tE3@74JGk9fWu}|6s5?Lbz^M6rVvS1XnDaQ|ku2!aPf}8)!H$DK8fG za4UjjGl>l8s?A$?ZO-qO5C5kY;MeII4hM6o^p}JzKAVoi;Q-VK`o%$sj%Vin1-M}r zijAaOzzF#e+plO>91h=mn9%s!L)7e(-Q!Xpz#Io|eS+1$9u4ki5HKw+tz z%`YwOUDCEEi>1U-UdcHsNl*vFf?v;NEh774y3;=wjxp;G=I8hY^9b5KGkn7HDZhW- zUnIuP^#*3^#{l;gDG{%<_gXQ<8{EX<^#3Cj<1P=CrG8Bau_UHO_qLfVerjUCdDk&b z-GE{rZ{J}|aepXF-vNntK8*NNb?(QLI=40pcI;xRm=k4l70U&+BUFz?dT$y>QBC@c zI#e^~=!Rhbo=*?>bKK#+3|>|1Q`_5nanEX-1n@%@e4HIh8Xrc_X{jf`nJNpr z#Z`I`3O{HkjDye2XW|XR7DGonv_l*Zmky@%Hvb4V_D%Q27=$;!2_wWi-94VSXzGY% z&YjPxbxX^^vs%j_NVeg1Kqqx!CqDh^Ppy@V$vfR?Q46a!e9cBl<^@+TDQBve4%b>Q z(1?SmA2?bLgUX(>&tB8oiZUNupcc}^)oX6*s*2Ijm8Q$xURJ_dEYletC1+ne9m{BE_rX`z5$ z)rOwNEFtyY?`!F<3yR{Q_s;E^?$B#TP)iq!d0O?Sdx-1xn$O)o@EmxYY)4!DxSFX0 zqIn?Eib69a&8SF+c9$Ruj~u8W&C9ETI76a_0@_yDY-6|!Pd!a+?9Bp1>*tc+%;`vs zICfN_^#jtWmHpiMzTme+V%Fbwa}Isa>I+4iO=_|R7mph=y`U~69xJ@_P{Mf)c-QN%H*C#DZIR*XDcBCIrI=zZ@L@F7m2n~*E{eJRtB zY7dwr)D&^O(R#`uPjpP@=ke|o_bHV$l;8BSoK{%5_yRRilQQwmJxX&ar7bI}!6cI8 z#ST=}JZ=YD`Q6X4Z!eVaywN)K^rz-mu3gnLf0{u&lzRdW@h-wtakL_ty`3!+Vb9t?y8?A_rK zyeev28U;I^Lbh9Vi=Ej{et+_U$shNq#KCP9Q6cMvdf$RNqnXhURF66Tge<;FdRs7J ze?kYEQ>t$sm_=o+Q{VxM{e)i$qv$)i)~dFy@!fF^PhtnVa{ z9XdibB8`)L|LE|jB9gd+vsgv({Kqoqf_XV?58f&@bqPF=)wU$PPoNi7bs?guP>DeM ztZ({-KuvGOk;>r6#WzF26^m9f8o+?kG9?I zfJ;e#49tw)nfRqq%6op8k)|a3H>+7ho^F`L054;mIR6OQymgT%JTt6~*a-+`!DqIt z{K`#iBZi=M{vpg}hf0U`6ucqlbo$!N=G!TaZb4j-SE^BAj{2)Y) zl<2vh<{Df)lTi*YAmF=h82XrJU7a#KNeW={frX9-xZ)hJ1^-fQ3?6f48 z>|7gR7cdPTGkkS(i2wOmBZx89{t?4@Jy+Bp*POLu+pUA7&rj);E!ynQ>r20j?|-v7 zA1fC%dsp+-`@so99Ze(1`z7tQQF>?4?y5pDf!vbWpPuJV!qQU&)~J0eM!n_Iq}TP_(#yg-8=0GG&4%3YHK-Dg|fRu zCAl<~y%^s{(TWfM8@Fn_^HGHR8>%Qr_%xr>D4|?pP4mH7Zx5_{-41%XR`hk0veat5 z&G-ILN6Yoav4&}6Z0c>QK;D%Ju;U=_RK;v4YI|aWGNR!F*K4gZp@MSf93fiWwDaOR z{g0f=g**F3n*$@6ngt~la^3rmm5ex(Jxt%qChds`_8f(Oo5vTGxsY?JnkxtwNn` zLw!pd74E;g%#szSc1sSuLwac$CC5;es(y@?(X)F&&cqv4Ic-Kiq{JObd#AWtW4<*v z;nu6UFQn#mCON*DV&5c6V5W!)nTp+P5hj?(`y}8HS6(@Y#}D>1vDY=TxMgz(*x+!^z^Oz3Z;m( zOTUUR6x62?aa1XA7G(ahElMvvY1KE>cg**~wgjT<@{OUhZZ5b%y^R?*C+xWh#m!R9 zYp^)|Xyp}>#re2x3TE3zys{T~`x!*U2zwXtn+3P*jwvp2mI5SUI4}>E)&WA16H>*^ zqtb+$_Sg6T5c$X$wxC1|D}w$^Hjx7lZDH_^HQ0`(7-~oz*;~q`YQKFcf>uNj2L!J) zN{4EkW%z{sF~c}$6i?F`hpixkV7VtM|}b3KiD! ziMpE!JEvQA7r-DTRKOtTj|LgI)Z-tS70-3Hpb>%o^KS2Z$0F=79#Tlw2_QM`fk z4{$rGU4%ase)~pdi4y_sg1&F*n;<8F7k@&4{3|x2rUOUL$A zbHl?}&m1MX8Prd!_KKOJ)P>QXR%wM=j(*LlbUK_&pdcVCKWUBV*%gi{sjhnCOu1T0 z(z9J)XyZGMNB3v?zAo#}Y~fZ_uxa9CEm(l83M2|OCHlS>juHrs z(>6|J068loNuRn`8ns4G@#?297Hmcg+i)z9Tnjjd1iCjwOEzROv~7k|BB+?o!A?w~ zoyQ$YyAl_F3zU>8=@o(U%?sNm;io4rQ0h+R9RcvAq17(09`lW{`u1e9Mm1MHx_-Vs zApf485S~*3wfysW^P-K|x+3KW*O14%HDlME$8>787q#QFU~$4JDnqw-rbMP(Ypqu< zCHZh>3sbuA0~}3RtUb?IbF5(6CL81$1aDCO6$&eX3VlluwL2zue(A_qO}&%v2YZr^Hk4ezaIiQ`&mM)cTXAkhWc}Z1&x`*IXn+*vY!n zNSe#Jtr^>A7Wgsf)ZJ!#_GYf@{*?>L)!4^!;dskF0saDVvZjrQ!8a=wJhq*po3|ki zb`*dn1(G3_!>WpK^1g2I1H62M(IdMK(}7>a$bOB-jq=xxlue@p0mt>(JN8k%=`%4< zbcLthg0)fkPn0k(RFe-ewq%!SlR-a8rv#U6KE2C*GV5EjG{S9n0$(yo6e8&|scCT> zc5F1U1f9H^f(!cwmvf|6SqHy~(A}tSa$Q>sypVB^;v?CvKfSiyXq#YSI(uyA2N-}s zwptcXkImK}7Vw{vS7DZ~_ycJc-}0%twr}!8G)>%m%!pBgEKZ2fY9N#1Px=m<=DJSL zJMwZGhPcDrcERrPB&DL9|U}^^4nsGOU!%S zYdM<)XAduIYjGH%Cw7~*VFT>&?&Ja z(RWucF>Krqiyw9%4dmO*bN<>=yfe0LWk39of_J-k7P`-(1v82t4R!d=w#*~mcRypw zNrf~5+5`yzwJqF(<=Nk+at{qN;~6Dfe)$VAi8pd9zR>&j=d5-$1G?&4ah{dYWD;AD zXIteRA1@XRQ-!APh=3bY!c#}>eQDj(<4fjw4Y~lB!;LdJ8_e&;fAOf%N99JkuING` z6;o+}ia=^d8aPLDqy?u>*Xs`!(cU9q7}utSb4hx}aR>ra*GH~ZyA1pZ6- z7sLDjiHbnq$a&<1?7r_+vti56JVI&0TB3eQk}2yMt|{y6as(^z?nPQz#FDk3foECbrqyu8crWbEb zSfNJBgwLfkhe8k{=0@MplEUAzm8`}IE`1iz(2ie*<~1l?8e0YGW(H|2aD zRlcETT=z`FWozbLt}+9?m|O^0WSddX&puHgIOoo6F?D9)V9mt_zWpBKJ2A}6O7H%` ze0K>RDmc|STzq$CyLyf|44R3qns$NOOb=Vo>cy$ucqpM#F)x49S?*22di30U?2r9% zSCAmvx55jk+CK*yW{Axp?NQ&l3ingi(xw~3L;s#5s>q;MxyeMZ z2MM=8i^=+a-pV>pOKE^irCbE3>h9CRq3Z*}@y}~Z$Liak3a_K@W;cU3sEnL^Gc*Ap zB23`V(vG_)ki)Mrn5}aTvi;U>`woPSY&i1?)P_rA+R zY}}0i^&|@_e@%ih7T4(t9Rv0w{z;{|+EFXZ?NX*Q|=lY=eFxpzPg0{D8F z8t$V;X0B+i*Cu36D)?FUzwaKMr#yH*r)%>xub$PZb)5IdbBZt+zCiZRW{P5c`2kF| zWfzB)Eh(%xZfEg%*Lh3{kAC$RfD^7j*?p_4y)+uYf$7om=*8lcBl_`Rt8mwb1Pk1= zZ&()t{D0jT7*I`EJ-IRP9Fq}IMeb;g;P7|l+bp)!qsQT)3P`VXV6;h0oucF#y9fZO zAbg-j77{JVVC=eL-vkl(wO3^nEBr6k>H(@H&576UZ~%;xA;`w_cNHbS?Tib3oClsK zP&F>Cdtl!MP|Tyn8tGl4qr(aG7}bKnnzQX>9^c-r78)KsL0+iLhWRr7MU^_hQ@?d| zIe`>??Q>8Vs2xk<6#uZ6Cs_u)JwT0K#}9`O0<;}t(yGjBTySE5HvR}H5E)BBP%=j8 zaq@BQn9v+k~YngF;QjI}V({7+XkT!8PwgkNd zlLyxF$dpM@MuVeC8>Xr5i10S|pZN1XyD2TEYdvnK9NCjVEh29m0Jki}Z2++pzM}GI z`jWtpKKk9vR!a#6>eR@aSv_!&jjiG$^p%5{p{gUG~iOH#k)lI?zbXI?!$MKlP0qw@*`hmJ643at~g53n-H;297B@FI*vx`6WN1zHwkSSV85zLpj zif`Cu*#%cTQ|S^O>Yd>PZr>%y#%h-I*p01hcQ>3nV>&&4Qhn*r)bZ?67Wq4T4f}>T zSOr_Qk`*D*Ao|Dc1MetFhf6)?oa(?&_q>VbvQhKV*jT-Z>F~{50@&&DFyas!`k1CP z_1(pDjz2C(g;H_j&jO*#*vOLbAgr1XpQIy?-XbksZhv)cv8o>i2HL=%$35%gY8B5g zaW^i7sC-<>geh9-6P)Qe@&2X?Pcx!DFKu4?C}R&*AHk7^z0YjJe ztP!Fq*h>)o?Z?oC5V8qmDrX*f0fMCF@C zaldUNnrIdV(-;R&{6m43D2{NY0VgMOZoV8^wGPiWL(XZFhe{nG^m!$YbC0=)TA^}= z;|V;55l*;eM)RkJd;(2=*)6X&EwM*tRz>m2`P~N3-dDGnSADbYsbu4}8cbIa7WoqO{3p%h#dMvZezy$7={})iJebiJ!6I zlr^t=^>Z?O%D^rq)fo48n|k_YqcN5^QN_jgo*JKtkabG9UE1+YmFe$2NUS+sDZ(fs zC~!HH=0WA;xN{*m&hT0pqmR{*yydTRcBJ&G6FUqQi*D{DP0xCrcpwZ^NcEhz$1h z?rsk0=U2h~*X#Z<-*Pd=;ca-NLE_Hgl*^)$j-O?uL7kK4s`B9E;w%J_HUc%D?18eq~ga9 z1E(-y4`XF_@m55G&N!br$X8J-S?bML0v7zPRbeUF?WObM0eZJzFaJ6J8GwqUBDF1z zBryudAf6s`4M|Cjt2v;pF8@>6^^IWKyu6lbR#t3Qyf6FFnWEl5_WAGBaOCs=8P`oM3?6idoP^GtO@~7>SitUyR z6-UQHWT_#5&{Q!2bKk}-S5svX@N1%d(o<-pFS0UJKgHy;Kky|itYo(`kfyM8Md0a< zKUvLku)XaTdO)0Dz{n&aRoXU#6UPjZ*|?IfushVjA?nD4*!sW*jzO7GmpA?v(H+>i z1${cw>)V51*@JTYlY?8HboMyupB#|0~6{+PA=t8w@8U#lAv528Ey)`Z!4Q%e%5s^a-$;p!YASev}gdEfkBQmtW4Z4@yCMY{(@O6P;ymK-Fs5vM{PtA zBy6=06r9?Q+Klv)7x+f-=1H2L_B6_o_y_p3Z~69^QLo~UDZd-`1l|O2x;APQqSmxZ z`Bf3qRue~E?1$|=a)X`!03mZR8P0P##u%mH{Gq$k+g%jn6>PrET-0haf2H*__%P$#$0FRt7 z+reT)art?3_ZF5`_+nM4ul(lwYE=KAi=veprUR+fd*KYKp#wIfZpQI=ni3sIxW~U- zR-b`RiFw0ENW~_~LD(5hSd&q>)Et*nFi>RiKr9TDX@L)w9X3C(DiI&E=Xh!LP zq7&w2Yx04O!jasjs-~+Qb;W5|ZiLxQ!n=9c?M$`p3*>ic$Jid&v0#+D76&k_W(>f; zXa_dYaSOIUL60oT;zsHa(mkhT)9@P|J^kukj17U{0I1yASIp=fe(Smk{q(Fy12Z1qt0kn>>&f2mq+nNQ+h@D|6lEWY>v49~{_{5(Y;(mq0NQ4i0=7oc$%oXVk^XlR>VjX!@!!m(v- z+w>-4)8yv=lyT+JY%lMdh)eC)-nuA7TZ*EV%f+Ro)V>qMR{K&y?1Wsp&_%07?aH_L zS|X&0eMzfmskMlmOVtvBYKp}2{e-*x&iS45IrGPyIkS9b-kJBAd7p>G$Tn*cN4{W$ zl76v4AC|izsHjSEc$uM1V^QZDos!rmRpX~eWuJe(RM^fNsxZGp5J@I7&dKc_yz;-9 zp^zK>n2rwNU@qpPpQ4pQThY!5f`E5cBSNQa0URtAGGl(D^0JwWb-oUuwDHO|eMR_; z$!8bFpUXa5_NdWk>MBdJ3j9i`12a^syY1T$y-~>;Rz2!{-aI!@#L!gC>QWMUzqCg( zKzqphfz^N?c-6<1=wt>AER8q%mrzu0-UD-S=b;!M2>mxn)3+0pbm#KDbt{$WiS~vg-M*-`z*S<%)to${gJ5bt}`9kr8$SreA@pr5XXSIqNSj2ubt$h3CFc zMNEN$tC}SM-a@^3(MVV0IQfG3la*Y5kifFYh=P9mufRcddg9es(a&I=0suq9oqU!4 z$^}g1#tCJ-pqltem2Pb(Yk}!RULj=OyFmIM6_YAHz^Yh>;Z0B#A}~>>A183e0)*b= zY&d{e{%*+}XbIrGt;Y7b(61Qji%SO7{nKNngV5I&%h$d5EHh@CCu1KcRN2iU)O(K# z2wstaLUldtAE!?WPqF3;NAqv_&D+>0Ks~nZVJn%tqf^N$FN^rZuW;pl_S zNln^ay9lahKH}daJlC??N~oba1*ZBfJ|}RJbR9rP@Sejy>`PChuI~1bA#jFchkrYmlKM7!BcG+rRZ`T3~C}i&MVL7wpm@1?;pHy6sH8u(-&1NkSYW zbNRv#Q-XzNrk!OwSA*IXwpLKdqrKXg6pqmGGWWoE^-ynnKN5=-ixZ7op-0Of@kMjZ z?~<4K+W7LC$VW})wu+qy_G!`R>)_S8d}|t6Z3xhgyM5-=Vv`06#{KdK$B`zl5t*unzf99#C`<2+x08VXO$^zyGPg&+y z6vZMPmE|G-n$7&l(g0%Q*O!k5#KNIn!Jn*O=ejviY&4^3XEg4%MI4T7<+YCy=g+qA;-$_Ct%Ya311h@sa z_Ro;KP!uw}wTcuK@+pQ?_#^Js)KTeDtME>AWy76K?LY8xEAJyP7Vc{vEVTKi=`n)vs7sKN3{~zV_uXQkF4Xt3{lp{#sOdLF0T_p zdjo5~Of9r}cT2DIcWcwjpeSsHId7Rx5r1;iHhh=X9Rp?CgKCdhSb9=0$vaF%d7*z^ z^B`e#>_dVL#?=F~)mgYM?fwvwtKL8n@)!(CT3p|7;K!Tnm%lFKV3$4dI_dkb;i$tjht3#8YZt>gY|Up1wvW6rLw0Mc ziQ)1lt5Rmn^S`T2?;en&H-sSz>6ye=h+_?8gors}jDD$D4SvWxlIC7jHqi)K=I5n7 zkO&T0s&=%wa+yDm!Nykh2uBbF9bl9EwZA8qub(LZ8$yk3PVJ$A{~0OX)e-RVMT!2mE#AYU{^eSIXkb|j zXV_N03m_iRSG%dUc~SLaZ_K{aJ^hK>7!~eOG*3^%SxbsKS?zvs*sm+vKRk!#Sw|FB(Q-El! zK;LF-a>2O!vJjkmYZJI=JFDq4!23J==U%o~u&MTuzs+XIoX#znT2lQ%4Iq{k+?Js1%%uF+M`CmsWmm2}%^$_4 zl^HGL{SAn6D#+H~*lXQz?rLA?Q}sVfzQ=;YYY0uiRiOaJRYmBqpRx9j-#(*HhAn%9V^P^^%ak6s{UMCQ*R`xDOXP{hB>S$YqC+PB5l?#=vN{z~2G z*0Y|T`u|aU-@dQ!dwTR$2{LZ>u~m^q|5!_DT~+OU&0RZV*o!Utf^{hN7gb5L)kB4< z#<})p7lr%1y((x+nsCzOHt)=x3e>Z0xKzxKhFHRBvZhn?UeyKvHj8XGP_sm;Xs`hDKiwfSa9XGow$u~2|xDbPKPy5R1YO2Na^YDH#2fc;; zh5&SZ^J{-*f0Ofp$PwWY(MVp>eCx$Ol3VFBLBIL^wiI|lp^}mjflfSJ zSlNh5Q$Z(>?F23P6}pAQ7^F$skQPN{yDUBYSbsOUHP{;L@=D*3SQ;KCvS`>R)n@iU zbh*_=)EXTw_F45@WyK}?47ulKtizro&*J&v?P1%aTgNgY8@6o$&(7O1XgJ8X%0T^- z$CRh1m*mC9IHC;dgU~v~s*O%bc}Wys*c!yT0K(q5CEV4!U!$&MEQFq*vRQdWz%g>L z;}+%lO`B1MT!u}y;UlF4kJY=J-vis!*vobAY=7_>4t%8Yy+f8Ms}DwI10!}TV3pK& ziq^1*Tl(N>cRC&9 zC>56!K0T5umCP0TO1;Zp!6${O|B8Gpc;9s$cNf4-Y_xkGXi5LWUCmVC0rqP0Z=5P`j@+ zR>>L76lG0!HOUzX=)$a1>cUXiE~*yhXWiwkXehhPjPPcFOT}0Pg5lTCO_6wr2&s;e|z0LIk^BN z9{DfU<1eS5zW)(~0k^xmI5*)RC;;S|(jW2yY$yH^P^3HK902I`vh36O%Q>fK#e=dy zZw|5$RnOebT=HC7O1XkF!E#>XluuaCG5$!AxDN;q@hM07cUX6T4d}?*FT<{8FMRt( z1{YFE>jeLwb}p5-=E3{siq=ZXAM!+RCU)k<)XKapyq`0As)K>F0U?crg{roV2j&e# zo%NY8Aw$FEb&wGX@%y3wj^;}0@1#O+p=-_Oe+}|2i6p382P!)2sslJ8 zf7fMlp}6ztjV3cgLcQ$x9nphJ2S+Xq7}Dt9`{1!RwgR7(JHnyZ6*z;ZaPb>j=c`Pel}?* z+ki4j*hv!M9+CunqFNz~$AbTMbd+8k^n!0`UTLjyqVARfBJ9D z`io;oEN$#~fJ-IECvWJYxSpow!Y`*7_B3@@2OW#YpM#58l%=r%vat-t2Ie=a_1%&G E1K7Qux&QzG literal 0 HcmV?d00001 diff --git a/website/source/assets/images/vault-static-secrets2.png b/website/source/assets/images/vault-static-secrets2.png new file mode 100644 index 0000000000000000000000000000000000000000..58781d4413c452639d8a80f091309eeb91ffec04 GIT binary patch literal 32499 zcmb@tby$>L_XaA6GGNf6fW$C#NsE*W49w7tBBhjciAWA94a3l_Fm!`-OSd#4DFaBu z(0vBK_x*m~xz4}mFRp8N_I~!W*4pd7R|Tso%RL~ZBD{6$)&m$+M*Y?;T-2>wI3$3( z*k6kBDlxZi(cgl}NNIjD*qkM(skRg0zS_5&GK-2)Wv#!j2JR&u4&#FK5C`bLFXbRD ze*j^9;7?4U_EnvVoazAs17EBR6q5ZEauKQ0eBL`c>QZ#5Z{@k_JlnNLyK`QAD0XZw zG3uH=d2pTehVchL05|;Qzkf<0cvsC_5wp_5|MTO`BNpIkVX1$g`n#q@o8&#XPV2;d zSN03Zdps(ifBrC|Jc<5y%O3!13Lj?Fn}B9~yZ?LY=3(&k@qb_Z|JRmo4%wINJlV5N9?{OwVUy_X+{;toT)6Xe^ zV(!5V+&(Kya`%u$>wR?GEp)hPDl@Pq!sA&7{mj` zbillyy>zZU;A z9d-rk=}PmFnFaM|blz{`>#<`w{R1L;A}Oknp7Z)gJm@qDL?@zVuHtmX9sz+C9ZMq{ z7~2(z8?#It>TuKrw87VG|)FPnyr?KrRN1_tRt11<@YskM!}f{SPXw^fvIBU4POy zZ2&W~hcs1Y^(h&a=cEFb=NxFOZ(la(*OM3SMQjvP-{}51F_}gN< zR9&vwBLSIH;JnprhZs+0Ic@)1rS^a>4lUX#LKlO+en?h5FaE5@nAvhQkh!+&r17fR zDmMxqg$_lkno5fGs4&&OLBgLH&kFajfLtv}ue}CI;(zPH5YwySONdfBCC3ubg;9Z; z7@fcjX>QBPLFiJv2KcP5ER9Y9lLK3@PX-aubvcHfOn{n2g>Z+IF#ORD#p!4#x$6tz zg2wBXl}E4|>6(w7tK4s!u*XWr7lF68Lz*-z1D6bJt-i1Gz^Q`m2Wtnk;wTGd?Pd^zR`U~^duy$3seiWQwyOf0bI+Z<+H(8Z zT_aiZ@^QfoU;lAIXX6*TkZ$t#_w7@=VIUju3YG( zmuhwaWvSFZHcLG-5Ccp+#V?alCV6dw=38#D_r+QyR3o^B_pmGJv%=sAxo(7&VC`qj1fk7hZ8Vb@iU2Dlj{M$ zFE8TX^-q$!qCNtVSD)vbnO&1X%>v}|A^UJeX7^Ljv9e=*S;P*^*ZvAaKYO;k6a1%b zhZ{C$5%$_-T-JMM?K=5D;q5o(B`(Wt0)N%??(2r1c)M1fi@PF40|fJPXHN`&r_*gL zzvH!o$D!9@#BaC>LX$RHDe%|=lD&xSsR^hVA4mw1&i>bbRKNT}u;w*GY<|d)WlJ!( z`0EoguMWUAdd45<81%)fo!-RPM?hw&)$cw~PlYzboMdiD1>@b5U|Qa6fIOzjHp}OE zS5S*jk`PJfsSHb-pKM@_jHF)m7*o9!#X-mc_L$_gJq+HYBKuiC+#X0?Mo#>p00ieB zgvhgbOrM9PQ%{yn=urFAJ(P=D<@?E4s(3Uck2!|1{;1^62l)mq?A?=PhQsx8AS(_b zoZ$S{g|($uc$)meAbrE>O1Ur714uD1>&L{$Jk%y9FqnipYjrc<#Ln?ELBj_Ioeo=h z4dgoP!N?0_80DVc16m|4RZ=sMsQtgu(LWxt1x``N2v;O)FoTWHrB7xdylDFzK${? zWLb{Tb&LI4s%Av;)R@t;`l;mx@V8icykHE`GSPz$q$P`QT4E#BxQcz0M7TcTS`0$> zIK%0>3*g00vBwfvE;oL0CiR1oZE$o0W!QdSMDAq)g#`peqUQg>tN-9dEI14bOzfT! z=rxc$<8-Dbh;@`VyKQ?b$*QBVB?STAN4;lURJ<0#A9Wy}kS8+RcgR`n+?$16z5nQW zIJD&*ipTV;@}hEaUUy^Hi5eg7l=x@jUpQ*GgY}TdOP`+;F)UMe$Mojd&mkVjFX9hr z%2=|G_;K>mF^XQ5FbH+`4u$XMT0$Ro4DL-nCD{xGti=X?mu-~kBv#+D!ynE_8Pxg? z@gLKZNn}LDh~>|wAe1jFrm^cgzkj43GnT^GP2&PQ7begrtbt;Uz|D&W4s)ah(sYwa!`{MrAJV zF^~mdqe%W8flx=K>LjN)y1#s03rnDkCs=|iX$_>Lx}?3#yZrRdJ?iSrJ#S%p zy49QsmDR~Rz}KeiNye7yt3(WIe@h!|fFgP=#h1^J6hvaE22bed>l)$pU_FJ!jp!1x z>D)r2nc7OoTk~Xl_C?z*YzMhA{67$YMu$kT<^Gz^7lWe!=RJxSCp z*@4+={(0%9aXcvqM=O!RNS7!uJAM8P*#VI#nuJ&S2javOz&8GR;mLi(Qm?qBL^nST zO&i5RY$gB~_)x{^C2n7s;WL6MNBtVI-L2&`@3HmtB*J?V6+s;P?osenC+RPpgOO41 z!Z3u=t*V^?C10xY9GfZw^YH(H+bQuIoR|}QEs&WBU~3lhcT_X^c-SUz?&o)Z_nQ2z z5^vET&nB<#u8c7#X~Xr&?vM;?!g8JwRE^E1JJ9J=(Q75>hpd?GGXM{+nMW7BaR1~= zD`)?=PyvkS#b=mX0oz>&G|v%Ac8L7WUPle17?a5g@G(x@x_l5%xR6+EV_7cuyPtqI zLW=l~u-b8P0-8q-U3*mvq;KkWIUOA=8NYZD91>ry&|d4!wd$zF$`obQ0`vcNVXI&v zuxh1zR~8ECVT`{jVmKGNJN;qsEW=*g$3KsU6TVyFF9pt%ZS{P(U<^tcnF1$r0xpc4Fe*n}ECwFj&_-r3Uy6Oab4Us{xG{wXSZ+uDM zy?t*xj~RE?b>Ex0nFpNTOeJUNrCc_e`=L|Dw}8P9je}al*i+8|MBi# zifj+#*@(EBZ-JUs;#5@UsqEcHW4itgNlUiRg}5L!m$ve5Z_S)QkCmn8IDX`vNm<%R z$Q-#?{mZxJaIu7ta`p2UP6Jy!JcfV^p?I61kXv+8FN6Mk(`xST9MAElYKn-MWc9&~ z%I3b^U6#(sukl?VeKbZ9_{mW(sSPOEe*AQaGieoO#Z}JD?xh^2u$ zCT>MA{{3~!$OV<+>XL5jyhBcH=coj#)X}DY@^eS!SO@}`S1D4;?bXqlJWshJSRCjz z_#%Gv-E7xCymyn~#{2AM=$Eqb6yTQJenj|;v~$2a1=N9o1Vq7=du$kW#$acS*6zkaK@u#QmYf2cOw5Kghm9|jk$3~ z;)v8z<)#_%XeMe{&M$Nof91^L0v9s$;bX8cf=LPvJ!Nm}xSH^y|JD zs^Cxa*@6>0(2(?#tCkk~`hR`404@u?JqaN1BHmH4S1tIlg`=T5AgVkwe|z)$fKwkR z^7XT*e95MM8YT~&LA7YK!68l0Si#3LhpcDuYu6}anSA&F^t-|OCTz9v?06Jgt6wfn&9e)+yXtp*$&9HGuPiwku(3% zw{YsbUNNBRBrV}mkt|zhJ=19#6EhP~Hx|Vark>vYUQlLir^!XrS~sJf|7nJAq@|R+ zqPFiLzw?KPXrb5_`RtYq+2_i#Or6y}QxnX;Y2xcuZ2lv2tZE*@7_@k0*SbZSPESDV zwkpX)R$9?-b(b|nY%Ei*ds(A{zcktQQC5sqsVHMoc;l;|T+5F_4Z|?fOwHFJ z+bT>_C@nR<2~W9TSQhlMe&TuHrEVtY@_wg7uRi-5*Am!Ija5}FDIT+L|CKTpKAG)5 z=3Gg83W+`SZ?i$NR^+h-oE5>mT*kiY%wL)_N7r4kGUdZ5Lh@l5M9FXNFJIp4JegtY zua++du0}qd9Q1s@)f>#dV@bR3n0BTk0%OxWt~#3f`hDVzbxnxtnMb->(%7Mz{Md{Q zUYv;R{Mi0^_=B+PddiFI$f^smgWZ3i4nM4gfmq$@<;!MUVs$!Kx~2I0j(de~GnU(4 zNikan-P_&UyN&?~%V#_kL56$-qJqAc*s6_7gKZ^)M$#kQOUYH7M@VR$rz5Q(?Zt8E zaRr*t#}sVRV598MVw0amAHECjXDD}}6+~Y~*cH^OXY5EqSxC<;GR+#NSI#t8F0=hq z^E~_$JcsE&t*o2xYdfPa8!THGO*#cTtva#Ht=UFT6!ciC@lZ7;lK*GHhON?I*5iFa z2yI?!5UP36yzQOzu0keF_PJSpcD=!0V*HS>%6%_B8cU2D2kFmt>-(kzo>X+RW4ew% zBrR3MVAyS5bmTl+sy@q-)0?+@-0qfWEb&f^!?aw_#x8w|_3B4MXXU z|A9U}&X)##2V!Nsm?vjHbD(qKf7F0coHDngzU(sSKw;x1^ApZ|+)VplVYz9(QEA`W zO>$#nlq@%_;z20IjUk#|2Hy}Ay~(mwAIkxjC4XP*k>2C{&T(r4Cz`j<1l|bh9=BsU z4VJ=H>JbMRCllg1ZS(njNW@>>b1;4oL`p#}1vw)AT_534pkgwa(4F=GfBezIpk+GH z;?=J3k{;^djqE(RtfX+UaZ$;Ib%FY@8oE~TX!l*Y3y(TBCaUCaClNu*V_0AY2=sB6 zvo3k8p?vLzl9V%#y7;1Hw2^)>{$Y%rz@5n{=+X6)c73`Dml59WBDrvdS&-QBzkKH`|m>L@a(8H*g z_lX~(vlS~@26DO?fTmpgvLq|h-sqT+S6y*b_srLswVu2MtL7z*H5t;G+zD>JVah)& zikt{pI*?eR?2ww!QPesGowo^`t_ylTv}*bQcbxba9aTt{70+L$Ji=WAP46_2ffl(B z*IuxkZr7CB;xEUpU$<*z$H9q0Wop^Z!!d6ha?QCKPmfHZUW2 zEC^`ssIN69&~! zoEa8oD6-izoPl4uN%wgJMy>_DqV<5pl&fkuB&KHXy9`|t`a<=T39yuz9g3yQy+g-# zf#*2OABsu2fv6RrJ_Y#fV0aZvnFkK!NJijdzx8AqJxtjA0M8A7u-vC%TMM0zLC`{k zD4({)el4f%KhL7sx0%qBrsiIO+h9Mn>3jFGVZ;(PnNVYVK*W(>C#dqPJpZEn*o;ydy1VyWVQW{t zhnULWXGPld!e>idwKYUPKHx%J`=gaQimT8q)b_w&B zt{p^qt)X?|W?q4F_$fc8V3{REhS!r{Skh)Br^!||K-O6Dy2~p35JO_hC<{TmZ;7yq^ql%B?>6m4XEI% zXz&KMBNChR2vYj&_V@#@i_1*J7My~-pUm^(`X-bNNXK~_Qlm)LiWibaiXqU`;P3u! zu(uSKktoNkFC*Vu%C_&o+p@-5)~2&1P~C+hYQ#_d=+&o5^d)-8Wi8qdhA43MQqM*Q zS6?up^ay1-e|1m2#6|$zI(HrePxWr+_I8ns082IB2OmXQPgyyE*UclA7&+Dr3T_EJ z0kF$o=Niv!K+;a%)<+DIs5-~YZ`P&zZDTW1H$b|8OJ8c|f8e;}=Nbs&p)w)oePg~< zvBs#xCS7>q$j4h!PeJlV;9=!`m{2t)Tx>A)R&WkfnX!@tlx=n4XWHKT zoFqieYrH8RF_*c!lm0KuWWzm|g)XZfIG{sWy?eU$IkPuM^|)Kb0e8~J<0JOi^v)+( zLjmIP_;||#C@MD61x5gXB(-Wie#rC?HV}JWUQVWp8!pp ztx#zik!M^m!_n}z@!o6Z!CUU>BR7|{Wsq?p`H;3vzgPJ452w66u3y3tLU*X~Tkd%* znHIl&YvK&@Jw1Ix(fc!}Lw@f-iLtiM`%y31@_VvyA|Q}+DtI2%zIGWkhldH(ClKPt zF!9_q`(%4J2KJNkV;RLyPO_^E5pJh`?&6}=vA^$Q0MeHT?%ge^S+uWsC%E*PS>p$I zq{{r|tIUPvW2!ZQ*9yxkE1zHe9!d^glOR#gHbf!Pf$5_DF_FKRsXBV540$o|v*V21 zL#6)ZjPSC&^7K&q#otI`-hIrX|xf;%7(YVangk({lklV!;WW`N!P$ z7{kyfQey@ZBLcSU-fpQ=x-6l|-+5;SYlzh09i{fdGEKGPjlnV7WDHz}%3eX;fA}hA zbO^phiW{mA&jQx!Jau$Ljy<h$>^y=~7yvIQu#0x5m;TVpr;^mEybY7#5JsOF$A_v9G#vp=kq3wQH%IZ(WWLe!}ZW!$R& zjTdfG{BaQPa|Q@GZ!D>5QWJZ7xi#In2TjMp<=u4k@=MyxAA{7#!3eK`SKgt43G$NP zdYJKWEQiyVoHEa71S8l^g{ldUJw^2|2&2O4w?-bRjQe zhzh!`{Kp2q1)I&N(2Tnv9D+}mlf;xXjxfO$Vklhaga;;^ugnX`!RAUX-$H5$!jK!I zx1SA3*M(da5D_KfD@x&*J+5Eyv`yJw*3c?jdjZpQ{Wr?6|A_a>6>e@~(`wGWE^GLr zy@cAeV!8Wjz!Qi94iih!dHQRP>?jFE)O5<-4KLwbs!KjlC;g&Aole$n`C6TQ(OoP4 zw+xr4chFvbs+S&HzgD3NIfL^XbK z*#iRE`(>xA_usAWI9KJLF%mSN?b4)?h;A6f$q2e#aT5h0d4^y={c_*K&(}NC&W~2O!u*dh}GXOq6G2GPi4e#th+8C&zV8 z>LD-PJ5kwn&KMlQ?Q;KbW5f9i{2jfO)e3%AwRir+TfPtf$k{(MBG7Uf+Ob=c*IT8<;U(`)aK<}QZsts}e zW}X9E+InT*lh992G1|fg$)xH8fkkp&YT0DZXPA51y2?VhRI}mO_y=x_Oi#SET8E8) zuHgw6DIECLw!D})uhz%&x6PZhkQ6rsfg#zh=~%L54HMc4VV>IscGM)66?ge9hAch3 zj$lhkY}CChFjBY`x^LY>%4f`ZS$5f5V@+{ebl?z-5*&(ucT0X>w|XGN^@Ut7KWO}J zkB5;BxBNOGU*Ur;2PfXU0ck{4V{}R91J_yNYagcoQ|~$28oCwNu3V={smba1ie=Mc zUEds77v5G2U{0VBU)3zm)U{Ekd|efx8@M{TzYuvG`*G%zmhY74N%ch8)V5O=pqoF$ z-!;boEsNOYR^9!R*pz-Q10B#}qA~#&cPJ%o_3074TvE2GFWLC4UOd`IU7JDAaA)RG zf?wh$Np`d@Nm)VoH^Q!`hJs5^{bF37V9qs#XCodS1uweBEHENZ#M6~`4x zBQC#5*&{%gKS>B5W}Z!xFqlpFFFctaS}9uZK6f4Wc4=}5XDH)d#(E?q;?qrh<&2aY z0<6uL*k!)`H^TCS62stak)e25yYaFxVH3-IP5BG=9jS@J+iyP%JhwiFuE*15yMEu{ zW^~Er4J`zkd8p)w=$tO7vz$6id!N44clS1FTf8mN@jiqO`M%<<#-iVIn@%at!#C7% zYp*Us2O3w*D=@x2g2{#~5-%s5NA#?XEE(4%&U1t9DsHh;C)x&vw%BwzRlW}hN+|!K z-a<1O;(hv1QMg&*Kw zA|f&HdRs$}tiDXCK>PQUINo3C99v0=h}HaG9#;@(;>4Er4E3`rKdEl{;V&buB1yNu zXVu|#R7d~~ven;>|E+qEf_~i_9V8|g3-deiydc@gcU7b1Ks*SR8Y5vdA!10=W*cEC zw^B4wS<|5-b^>#5EEhEuJI%@!7sv`8I4!-HIFpacrulx&iqW$KG$d@M3-)F*1UNUc zB4SnxBAaFunk9=zGf+p%@s_qRay}3V$Dq`!yo9sTL15gWD4igk)Zw2{1aN;$ZQ~;s ziOF##5r^QhPUnuEA-XY!_34n=P{d0E55fREv;Eml2WB_4O@Ma z%iXLor(0!L)Hp+v6f8SrLjmXB0pHKp(^yy|+}MGu;!CfSggjkoBMNk@LN**|qzbQA z3IEK9uje{z+M^tihqN}}x{!h@YEOF9_P)}p`h58K^)csB8bV$lWJl?|ni{yivQ$^h zF5&U))Mn1p<9XhD%_gPu27S}bh-Pb6)lkLVP}?eCV9=N(*Yhv=EUE$uN=3$f*D-|h zvj-TN1Y*s6v#lc%0?S1$d>qtgb)F4KNVf)OUe*M|pFqCOnZi2a5jjEL!N0{7(}qj> zst__&&O;HMa5j%I6Hh945{Alc$f}zvqD=k%mPsvu-uGjb9NQq|Rh00hI^`Po43^hty#^K55Yp>owp z0?$&KU8se5fZtV}1GuWM*P7_8d@B0u#7%`SC%tP6+Ppl`#*R*d|FIvC%BEzC6QoSG zrhaZ&BsMW;I_fgxuwgX&wJZ=QhMo70Gkudckn;upRPbZ#}_&Tl-Te@9_(K)*xc@wHIRtSj$5rfyto}uMgg)&J}npCv2YtC?^j*c7Ad?E`}e(z&8+!)1>z} z_v-{~>ky~NJZqbUnvmIr&fZu}?ltX-Ke@<99z~_#&a6N0B`#P70?xMGRJRvj*a(p% zbANJ3askuTyW#bA+8Z`iSKJ_uR@ z(v4t-T~vM*-s_FsGI5Kf%RvA$3yE_WP=(NE=+Uj$+yx`B$Dh)l44o%tNgE&TZdDLe z_H0$Xz@~N$e3zw&)$i?%l(|>ze{i_-nO>wIUw9j`=+`4WESK>5G4Iz;Hu)5n3|}d*O18cR7TRE!wS?CBfZ>6d}O_2VFe}vj_FQsJ*qTPzn3`Uez*6 z_!ECYTgeO;vCO_)AzODL!86?h9EfUO(fA4G557eznYv|-vCT_sM?E4lIAP9Jtu6iS zu7Qrb-G>E6yj^GBb4It#CX~eM#RnY$HR)H58QnZC6Y%+Xp_hls_QhAkkfGQI?3ITN zwsL7Wt!%~D0$+CGj8iPQm!cJq<`_9$ z=f;KHX54FrIG5a(#TjzTpdJJFPGz;LW1pJ-JbybMVFh;Up%8rxw&ayaioF|RDfhIz zPt@)}RL+^sgYNA3vFJN9#g!jQRq}o4fL=Y$xwb{&5kB6UEGKKT0A# zH4?9j%Us=1bw=1O_dI(APjr5&g!&SrYCe^9O6W6Qg}rFLN4`G0K%-8V`;P6aePRtU za2tf|mGQ?V%^+6}@Om9#5C-$@be9*b&gP@3`}ld>$eLYEj8)qQ8x1;jlZljt#m97f zwod@`lEQQfH5=(1xFdpxIjKX=^3cTl3a{Tvko`gH6%#`4izE7o)!B2hiRi#|Qu}!e ze01_5pR?_nQi9UVo=QAhiD(&={Bq&udEc|UG7r9)f>_VQEkvkOSDt;+R*fE5bZ{zr z!scsm9O4uXkFnckPOqo6ast%o)NF8)eGp02Vhf!UnSoo6334-1&-_VK;q}mkM+c0vjkSh2rLrT(+oS!NK&3TP4w%YU{2+dcl zGkB=XbkGtWDKS&`xYI2yfEg9P;HK(7=6ljjZxs}>!eG{UfFoI?yT05KoHE2ZPZu5> zkmxl|Fc#l95K62Zc`S8|%mi^K8%E>8qBuvsO7h6n&&#Kxc$&f}_O>4L$X=z77UDvK zp4Pm465>zf>m=YmSe!P*WJ&=eH(6Nz-14cmp4*^!LQM&;ZvRoOJ~_jkn zMSP0~r+(8$D4Q156POh2`XuKXvY&-54CWF*8JY)7llKPNrv8=%J-7>09%7!A)Yk3g zKGulGK~D{lyxe$^uM}KPDZXDJ!Z~ffdnh=V;hOes0=Q9pnL-}h>#hxFXO`HX*m>=V zNL48d^f^piZBUb@$^7}guy1T7X@B|Xf+pY)=9GslpICBBJ8Y6zt2^3pA@k{t(!1)- zNnCbleVGMt^eb~kU8Qzyb-VjOf)3^Ezi1b0cyLf+>2j@OL6R9x?t`@Er%NI)dcf*6 zoYK%Js3kWCVfABb2^P3SYhir#t$);T}hiGSqSK{q7FreI19R6XCn|l^Aw1+;spZ_HQTRWX63dP|_WX)I}RI-C#3`pzx*I_Mvot+IJ{y!;ev(T!Fi7-knDv^Oto|}#U z>u7{_OT@;2iHpHCdRco$P7pURyagu3&mz9>EJ25Mr5!nYYW1X=wD%l)P7fEuX~(X3P_|6k7GaMVvnMZmF>63R&kNl_(l(55Q+Q=0a`K21f?pFYsm9NvIe<;l>ce80cfNM2O3pPJ^Xdg zMZeZ8GPzcXNH7()@lB#h+` z+U}m@ym?->!HnvNvi>}=TvZujRVs{alKLT|K$x~injlnJ%j9ZqFi$?^v0Q_*Tfw&P zH4qH@EF$xRI1pp|-xP2Y{X#u+N#CBBq%ny>PN6Y~!A)I`XeKx_13WjAwO2ses zbx69mr49PrBlBg>pIxUJ|6f;WA)SvBu{wk$H>^1Y`~=FMzE!53^CIAo8kox0{0R8Ii)!WP`9Bgu1V3VxG}%dO zwWDN3Ms0Rvj!62_oc=wd{d<5lmOZ8cY2{SOygGDFY%^sFQ#RGJ#jg^;{2QH~tAIR0 zSa0W^v+9`|_^lT2QLO`O74tT}yqRuvh}!?jPpDr3rUe;hpsfBs{OasoSN{;qbhou<|;)(BIM` zx)u$VWDj$`NllJ3zLfbT2PPyiQ59me;3Rm@?#A%d_e%mMRu4X#q#?6K&d@kYZ{YDn zPjmAEk%YPm%959~)mvVSvoNo1jbE#dw7}!W#U-@RbHK=L8$DovD3Xjx+d2Vz@p8~y z%dgn$^p(E4bWfrtKh^+Jmfag|0=^aBg(T?aKl7DOc>Xi?v*}tOQcSqV>hrt0i1ss4 zX(&^R+{E)KOo_}?8r5ifj+VvaakiQE^@dNFrs7Z`3`5Go`Dn z0$c2>%Iy6$!LGsRs7h%C5YKS4;M_+Ka)d44ryC7UapJPaL0hxys3Z^HSbsbT59=h_ z6b`g|Y!x=p6vKUEI7ZdPQ-WaKKdho>gT|x9?Wq{YIXP4vUNY)C}4oGMQ6QQ7DAQ3R?aPuoWAx`79D7(uNfXG z@`ln=8>>6(TR!?ssL?DZ!GpnzUeF}n6)N)Sse)mwKf!gw@Co)6CA{H zseEflU)VdKhw*9m-!%6u#K;i9_C2?E^nsjPZeKX-gao*bW&#b-Gc2^&_8jDm4@kMpyCk>!i^1Q{+XtDNYuue z8#RbW;0l-}Seih&^T~DV9YHmg!FT04r+?})@g|&*4ffKpz*iz zh%E4g!d_COJ-1Tdc%b5vxA@RONr9_@$P({}*hilcqijk(5<#x*#TZ5>5}t|UzQSUIqr;c0AnupfFEZA2lw|dbm{H~p=E;aOk{XF3k||!ihfxhr zeNCjN{9!$6Cr2^^{GwxolD$e4z3P4Qr_ato@1scwh3=>mX)~rS7C_W zG~5;cfHn38CfsCZRM3iPpz9SgEJi)9;$#h$hLnj_Tsc*$#_lB3K(O}2XJeGghYM(* zi!K7NzW1EbOjAGHUPbD8B2=42QHr>48p7TF$QotcAkCb)weC(7x|h+>V1d*zU-v06 zBt~6klBD$8eIu;4r7T)`m7qfaz4Qry^%EaykR9ZkDYZ!crEx*#o2GrY6Iml(++=#x zyh!&-AM)8S$DOm2w`uSJRheb7*+)+T6v;;TB^ds92PQj>j7Gq3ZMkZXrNiCu7Lpr$ zlDCfZ=$*XEjgr=v7`~q3BjI|5)z2P@1=vk?;q05N5kB#A8O%qTVO!@9__lRvV8&7i z*llM~`YO6jjK|F@+42vN_5ZU%6Z4V$e^%T9_X@xhK{^T;7ns3|UU+f-%qlz2`XKQL z2k5jPBp)PUJO+eaPoE{T~Ik7;{u!&nOc9QVd1?QC?`sDo0*<{VO-{760+HNjm+ zV3+4uH~8uvZXk5-5y_Ue+@$0Ahn(=1UgB3dJqE>Uf@^tS56w-<3?1aKPDrPrc)R#- z0oj=3xh6)4Wx6Qh$nOVWQ|N~3)Hh4NMK)47V=!xhH3e)7U!eTlQRCT|#EhtTm#mQ%Hfx2=D(1WAo!>OsiOVh!_fThW ziAbbh6!(7X5;j-41k?ZU|3%pN_pyzL zJkJ;|uRsQc<`#5FG*PsNHPX~EGR-thA_pt5D{7w&kSmy!-K=_xVHXL)4t#X{N(M*H z0BArrYv~z0&lmr|X~Be5)zp=SM3|mG5J6ng&)yl7M2eVZ7i$Abn-{*#F?1eFkT;)7 zs!3k);{w(uS=1)>fz=k%Ijf*k+SixIUmIPJB{XnWmPjSv_Y&@Wr$q7?cyz=5r{JrF z=h=WY7ErA#GF{%W3uKsr4ve1R=oycOvU+ZT=3~*x$Oeg?%Z2FZ3q7R5R;wP7LkM;xVid&lqP^oV342u;zZ72xGoO}m z4H^GxYi{el@9QTn-s5-dgGdtSax>fCQNUEgwgnX30O7BJs$bvz|qfrSw2rK?sR;C}3-Tp+?&JOMMOXAYJgF+x= zRw&fl(a&SM*?PdoG+AFOassgV5Vr*8I1f6eTNZaQH%m?>u$p3Fsx?Q-0sox8g!V=5 z?+4Zq@UbZy2*oH9vSyL-eydq!Dl4{oT8|K6V2Z7OB7j3~7=zwNikT&>rbnUEqdku3 zE8%>53|!!K4^f(x!eo%EJW@r$ckC~m?K3X8Ui*M{ysnDt0yXGgHts2VtgsEPN#8)O zE8Z1TPh_OGRNR!a8To53?PST3`dRlY4y1<-(r^kNOvudaP8se9j9g%O=pQDVkTp*olht z9V)NeAR8o`htW!FSHvTfJGU83%U4HXKU0MLVTO23M~|m{8=ClY@Y@ z3-c}#bx);8IkTt<^>>r*PwJ0l7k<;XobCS6h6#Uct>taKAQBRKM>Gb|6T`FRA5#NT z4FczRbP_{Hc9k2p`Md5WJbTZ0F@)6ytS(X>liD`qO~m%`5?i2;Zh~|5=rJ(iH`~*U z`X6M>tTzrygI|8WC$TtVUROkiBVprWc>PQq%xM3Wqy~(1zfX5s0#mp3rSysUoiexa z&N(+z{wW!C$66JvmU6 zXZk-v=lSul^GU(5gx&fgBA;euTr1c3dhC!;%Ng;@?&4VVue&8t1`pCn>M@^hJI6Bs zG^St8C(qQk6a3ymcJKY^Et>FmuJ-Usj+3q)E zdyB$sk5)Eh3quNl%WJhq4}!NjPcF?XYX zy&`8NWnYl8Rb_T(+TIoxk(E%3D941$vw0g~G)}sMiSnQqznD);aS)@afnQ!2tmj&+ z{eXCCs%nIfs@%j8g^zH4@>|O`-m5F3#gW)mU$`7zuivJE`}9nH~@AjK56(Id^C4#*3dv-r^tfV-|rQ!y)yR zxWi4p;Cl8^TmAU7fknm^4|pv@Ax!c#Pny-F&M>wTY?){H)N<31MjC3$i+sCuzVDQ%?;lt(@OY584cyp*^afNHBSeuvA3*A+|YVSl9L#<#=L!G@zI&H$))Aq<{b9t zg|M3*@4vJN%gV`pis!z$)g<l&Dr@5A>sQbq&0WxbpK+>Y+{n_7QA&xD1rQfDjx*&jW<2q~qkngB)uUNI?XBfJ z&mr=(!qbG2sQtR(##BD3H`83odY{u|um?=R#W6WBmlH>8qA@zEgy<2V>c4Owe!KE zYZJqb{N{-l6wdyD(ra6T;jfW$1AsMmW>-gKB$ewSC|<|n&gmGMR5Ki+eytEm>gsf@ zb9y=!dA;(W7^0Q!{&8;j0dP)Q5O+iR<(2dD_+_m%vWxlj3N%D3&HjgRa_wHUhdC+R z0Zk^~F9j8cu;XIKtwH`l4Y|Fq^M>OiNr+;?p6wf46$6<4C6D{Jg1PlzI9( z9_jG`sdGPFk$vr(zB@wOpWO8_?B@=NI$BkHLrGx&d{fQGmTc+p@r~dm@aEo{^qfqo z$zR$<&sY%4?xd|oj@cT%$ll%ED^|ZRUElkO5_LjAR@5hH-r=_(K=0oRn`dmqc+yabItUXW5}OP=R7bB+eh z$#pNM$}x$_9OW8YCq=zUwq*KQ$-yF}X~$olp5oq$C8iJFy4c=H=xBNDQu`jp-$)R`s@*0gXbKZ>Jcm-7{)KWx$87{aTSlQ6a8VcqQS|CfwLII z96JH#Y`V;3W+z83&-qa_K1gIc;SI~*u~qEgXR}z$INWe~rHWwf?F^zZM0NoPq(3CP z?%%L8+9U10MqAUcZ&ffepHp+wyH8Tdx4S>c`VckG0Y2NZGVmjsAY!R)OX^zNzVRkb zfM-A9qpCuynaTut;k)C}7ky~@UN*tl$h?$xmZxpgOP+o3Z%HnM`_~29WoTwp!OODq z8|$`Vu&>85tqpA$c6?L>cH-e?7xG0eh$-&c`>WUt4*>-Re*c-woCeeOiMfgrCCN~0t#45hy6cf9xD^w_$v-sZ+W&UsK0x4 z2jHS>mpZHcqgHm40+mmj)U8EweJo*z3&$Pyv^g>Y4NBEd5!#68w%(x++tO}hyn44# z!S&myF?$ljwOzz(|3keZg0p;usX*ebhu|#G(tgO^iz+uVI`&QF9rp zh>X>Bd&2)CS7hSKH`UYxg!snd;zw}XwT>iV^TIPP-^-L!{rwc z@L-;;C;k3!G2x$vJUux@R=;6Q9KnCiZakg+D}bu(X%%DOxC!mz-Gf?~1VhhiIP3Xo zZ{o}{<9G;y)&&dHh6zvUpM@CKWzel+yR7~-SW)kmx&mRfJ6@Jm%9gGCfs(P)yMVn6 zF_a1ov*22~2Wxit&rmwcEaTULF(YaOXJ<=VE;E-m&^${$E!HXEKiNgfTxf{D?Ohp%h(%l&6G5&gSB|;dpJDu^@q-RsPm*i^5NL* z<(Vt}Uv;J8wl|*g9?trzSk`Dmn`wl|Bq&a#mH>j@>-@JDV2zLUkoQJtM1W^+@*H^1 zJjZS52-uo=S`FZJme1;%Z!${Mc(nYz0m}P`L6+uzUMoX;Y_uaibNi;D^E0tg#@Sa; zwO-q&b0}0xe^GLJ{STFG&~`b=6d4}3WdFhX1YNADaiZ}=(+o4pDzFCs#@rtOTTFOv z!H9?1sljJ|UI)fZ<*2X=!rXWSd%t<=Az8vkzV>dpZT`;g5!ku@3xcyx4! zR$In?7~Ocj@yQXdmvGn0eCx~5-_A(vzXcd(1%8VgU{@AW`?%1tC22o#xUK`)CB$CD zm_Z0B%v|!(*VK8c+3f4T!c9iJn3Y0|dm{^a1DlLV;o8GtU&Fqfjr=E#ixn`o;4qN2 z9*mvMYGETrtjH9Zt$ooR-i}7+`61lwfM0@kZb$1e^%Tf;ke*5u#EIj&hm*WQzY0Fo z65Mk#sUk%uZ|D@gLuUH+hQBEHg1rAIe4|v}8xX#~PMdp!D?zuM8vPHD-%B!heF}p3 zY{rJoRY;c#O!#<)PI+Nzap*?m#qYul`9tS;DeECo6+E3ewPoBJ(umzj=jMA0`o^Pg zW|lPQ=`-}5v(!0N9M<1Ftqb|4(wu^3mS!lzVa>W`>A4)_uXWhQ4jG|%UP~FyLjDSu z8iEzB?BaIo4bb`lShr4V7&UuFm5u2DYt>Araf706(+avC;4c%3|=)*BcxP zxW!-BfLbk@J2>qcD>skR>AUK@hw(Dt=+O`|Du=5flbKE{oN<0${+(+pRmOgDG1=^P zJ$7wXxc9n}WD448NF=HRhB+Y_LvdUsoq5S13z%F@k-r{**;jL!Kdl+dDXX5UWxaI_ zgPvH_+mLF-4vzNkxXYG~yPmB%VXXms2MDniSB>jVG=1Y@Wfn#Q<=xW8E zjHN~mtGRO@W;IeOcmjddL`s<0bH2qi^S?q1#g;#(k8cF1hljTQicmwwwf9e9q>I>@>NU^jkS*E_r@-Mo)Wb*t#Dy6*f z9-fMxfL$4B_Zg^;W+ETM#~%<}Z4ZjpS-z_Od)M#Ye5a3F7V2EN*O#YLB+$M(_dN4JgTUboAu^Q`Ucn z!})yw<2WL*r07JqtS(yg8r|wvjV@YrA_!KE=yegD=)Fe}H3(LX-bs`dJyD|byEl2h zKEL;MegE>ux@YE`Idf*_oX6t~Pmn&O*^X!{rD#voa!94xV(5~&d6V*DkL#aWg@Nvb z9(m)>0^J$OJ;VJL#^T*VI%+WyqN7_x^-=WmYWeIE+Br_6DTx9Vn;rmHm|!yLD-)TYb#a0dA?-wSBDwWfZ^G=?rWh9Pl({x$YmY` z->6pkVmo2+rm+44GxX>nYkf(-2|jl9s=WQpJ3mkTe;WM1#YUdccjjonD;zcWG0QG= zy`#yw)3$Ak*i;c{81ULNNfa-c8Y4Ar+b=^4AKS@phA=Wy)%aJI1ufQnY_3G$&L;QeKxK`a-D!&E)VfPz6!-;= zmDf2CDn1lEpS$wepdl`s!Bz)7x! zN;>0D>u&$dTJU;}U!|u}3pA&W4k>BNPP3rLfC+Y8fZ#(9)y3MGw^>)lQg+Y8eSQAw zAQKm`BHQ3f4YU>Ak^a7f5NATN?4S7no{7o}9xKuIcXT6YKI&8185Xqv3Znn@4(jjt z)f=jhJ3Od3?#FKT5B&WIZIU?N&waJfLf~O9KSgSL&88e1A>a;|vDvGUe{z8zYP`^{ zrbT6%7@bHZW&AF2RtWWXg<0EumCbB!sTz1~^Yfwytu7X{*PNKzZbtX|nIJypSPSah zRE0S*d$5!!&V!^Hed7;=N6{jhqFo9%m$n9)EzVLizeo$neQY52KfCMVbgfY^6{9FF;FR|_<> z!h*|#`y<*Of;tPslrP+hg>6a0%Jgq(0G*I(deWhXqJf@|;_@kXwCh&`Yffd96u8vq zN|)y6WUt2w@tfiUn<1dC5wwnNx#TqpfCfDuU`}QD^C2G!@^gzQ%Fhf+|4ngF2Hk&$ z9-BwAZ|%RawbHpHud@gO7cX1Jx*H7*-VRChfGC6Bq6Ph8JYcE>$X$UMbgFi^4w*5K zU72E%KL$hh$92=D!(Vx!kGx{&S<7k{muN`DH-h?C*s>rt_V=IS|y@OEeb5?WpjgD!Fw>bf_PeL2msms^z#_(Q2Rw zI#oZMgp^mfX%KEa`c>J|`YZb%BQfKd`BF&I=u{Z5bFw1$v5#j1*G7OmXq@9 zRnybGZ-3VcE(kuQWE!ySwVCr^P-~NB&*)!J9kS_HsxA$mfi$YTYJ})hhY(}xdautx zZ&ncD9V!S7b%t;ZX?gow2IO_()k{Rc^ST_#iof%(%LuH#IJH+x?w;^Ih}1XTw2_Dx zIm>9F-*%RPN{M{E)MO;yoIeBcBNooKfApC)91@jU4mB9Pk53`q!`Wt-J3oxX z9%Z3Zl_Pq8Xz6n>x1NQ3@H|*6JpWv zD)u=nZ@kE0QZ194keUc-8oMCm$a2#i9;z|cSlAPtdl60uK z(kz zI@ZiBGj2ISfVcFn|BasAzFzI@sp_lK+?Vazh+@e3CsJnbc0GiPDiE25tK21BXLy5x%{D1CkuC@W-9=~kdm z?eIu;>{G6=hP#V|B+@qK0UnTX*@lMQx-Wi^62sko#&y6GTY66Rb9k5?=3H3k09zQ)W~F2L{enKVwGMH=x$xe!-BnMIK~B7>2AXu~2>d z$32P%)8XXpGc}&K3J5b=>bGaiuGhl{Uyg`i53<=WP8fY|w4nQbA%`Bc)CuGTB;Ix5 zE_CZwW)pI_R%bQ8wbD)BO68nQ(}t1rT}&|E9d?Pkb94>TS; z3WF~cbVMX&r^Ihl6Y_l{z6VZ6MCmTmhey?>zE7S#lKueOHF_)Je#}jiYrs{XjZcmD zQ%ByaHzh5QEpxPT#comuC4Gj>{b~5+zyjKC*`#l5%R0()Jr1c>T@C%wxT646;KHXC z%TkOE$gy(P@m6qMP(xhJzUe1WZE0r%3*`y4Sy@mkSQYi-+%d zoGN$EY?Od3#H7Z><)^O*%+~h@5+nJ`^_19Zdfm;MeyAjDlwYp?5TuV^@9vWbDOs^L zzJr~kf|){qA2*D3vLZXt>^k#{fLbYKpN`_0c-$cWX!CIHLre4-q$w2y!XP*MQa4nM zIGJfYelj$JgBL^ZVRc1?An*@&?_u7D-+Iu>_zX(RBs{nYRqCrtIJW&tIp#)qUcsP7 zA|dCTLz!b_BSu<&rooU4BIz?@N7XT5SDLuqU5zNwz8(NyoGO~#3Mc6>`&%ZLnthvi zit{q*nV5iNNx@Mm@+KeQihDK$EaL_|#Q2I34Q4ARE+1#OT#=+9IWd#WS-hJ%A*`j~ z(96TGbU*#r?3Eq+XRCXeA**yTkWTGnTDEpt{R3 zXTLIg$A++mt+CdqH)XPZBdwwKZ~l;+9P>9NiB?aNfW`y4=a0Ct*yZR-C2`Z6uxgcm z9Z`)cD`7@Nhlkp*7wP!$y5xb`O?Or6R0oFYE|c&gx$jQ!whqKa&!y+}N5^JzF-|R* zXd0wFO2bHgA>W_+`Q$6VQUtF$TcQ$~O!#Z0;fG<|(oUA6SH|Z#FyixupGG$Z>}+}7 zZFlhzzREsa1*6wN=J&D2a+b^qyBYjrH^hvF!!pLzrzYQn3-+bG9UE9;p0PiE4|7md zcsQMM&X^m{p?`PHpgL>5E!5tA;wgUDd{5hwT0yLXv7+OJA+}*Pz}r}?=zu1!#-`|pHD=nB$jwA{IK#sKE`(GegG3G6Fb3CdV0Rd$iegKLAf z-P&-2++NXMAJq!Wka9kgX~|jt0-Pi=LjujQmD|-u-1f4e?MGPtZ`8Z00q(vrKX&S7 zGBjlgMOuFxM~-`cKiC-CntYY)ECY~YV-R`zh$5Nlbz%%7XLCwjsA|Q6mq)S#2dsaH z<&9Ftg)u{lPFEu3tFxZkiMnp08Xd{3tI2Fp(GT?9%3@Ezq&nC}MSCz#j+fzSS*58EF7VftGlm^=rP?_7vg++ z>~^k~cHik(?um)}M1D&@+rbC2k&ClE4o$x8zK)IZn`&# zGRWREJZ&bwgQQ%ff{Ru;@P^MW*7#?GjOyIvO`=;|jw@%^0adC*#+$a}pyP ztDMQ{%C#>(3wcQ!fdJxot%!QLmX-qH6gO3S>*Z^y6XV9Hz|CRzdRDIky0}SO(x%3x zv_C)5M|daf9!q+QsP=?~>;>jNme;lFk%~lC*PX!FrTIZ%Ydqd3N56{5^6e9Uvw8QD z*VMTTfBirNBV~&VcJeG_TTpKHyS9?SN?hbtTI3q`cs^t$6b}w;w$gg8Qzk|lb>P$t z<6Q6p3Ng$!A)|J)bYd9n^ZWI8^X@)5rWpfHY*B>Y?O9#*==bEEg*6K;NFaW_?cjj2i7et29(Q6{=| z24=-GS2GNc^}i^jE;@7;6koQ)`Qu24Ie}Sen@Rm@fWImqxy>DXvJW*Cy7~xtPbyv$ zr}nzBOf|`r&7vSsbNi@3&s*g7rQEOSi^6zBsLFD;hT0)rK4WPtWI_K+_-ApA5s6XR zvdk1qvO)z>J7<5hW~I$O<%bGdx5G&8bzI$c_hst*v*3cO496OnqeY^BKvjp#y#SH@ zx92BkJrLN7eyTy;Pzr;?o3ILuRHq8ByA%H9Tp|7+m1STTjsnT%` zNjxD6Np0W;98SutQ4A{6<|JEUjeRodnYvc;zf*{mpSjf@|002mr2AICY^4$ilsY!mpDWnPsN zZ4l(yYnqHEaph021=gVqWvl&ce}9C?y@q8R7VqlZqH4;wzyy#wXdX^o?;qHSIhbzf z4%y9zIn3YWmn$?}I$%FSo1p`w;PW5MYJN>+nMnVD?|6ADX{>}H3o(=8<6^(5vSu__ ziWesPB7MAfa^Ix2;Fk_ORNdDwc)>fRSek9!tFM?nP)WwpHHj`CC!v!$> zd2_m^L)-m-;TRryAR2J&)N9_pltH97^6K48Ui`FNmB8U!_MK9&B3wBQC&$9TFA_2uXZJ98+Q7pze@bnDb?1%Z4{jPGj>UAzgV zvTsibk2ef|Aq#{Vn9?Wtul&!W{pA6?ty3sbrCC{7@Es5`OCg7Sgr2|u@x%o~K)NM%6{oD0sspAtxy548sU6MoQQn@+x!*H?!r{K#~B8k@~ea2Bb zEwnRKGb*HfR6)M@h{$+el?6^}p&S;L^THr-UJNyOZu;Qj`6;|@zzk2d;05D6sT@dl z#>$9W2r}9be4-VTfi&hdK|MD-;q8}_aal74f*EmRfAeWK3^nR9Wy;k0$}8?zGY4^4 zGUcB6#&<6qmJOImaS+X#FHnZdYNESs)yJb66K55c>> ziQquKB3zxI!6$vU#mr}k(?GUhLxwX6CQqFpca!cc6IoK?XwS(Y_mx9NZpUW&{fI9hls&S-3S7rGVqS=a@rZ3BB{qKL_QLn57h+U+$-sk4^ecrGd)68wCT zqoyPb|A)+B6Ne@RA?zzPHm)6soLnf!Ti@7fW?fQ>OdJojFTj|sEy&dF6X8HrH_ za|Xq5z2l?)(#~=INuFwJz8A|`fUdUu%-T|9w-VZjiNt%a`^ZHBQhTFB3w6*%V1}Qct ztSTIRQA}r*R_f+TeW35=K+cv6$JMFjVrLugOd2bDA zLHsI#VEZ*$H`JY0q>b!q+{xuaOIM4v*1}!+y2-Kh6|Nz>#F_HH$(BUIS!}R%mQBO7 zfgqhoaQ3YY)ZgupeIx)lSg?_)yIln4@_`dJ8Z{?gN8{7EqwM@zjB5b;Q$tev_DtVO z7*UWkB9(lzFO#n90%Tcb)z8gfr7E#Y)AVo6db3V~S>rIx_Qo4ltf9fkDFRTz{VMv_kRcDSVuF|QfibdLig z*)&7#5IL)@G^EztAHugfKM&r1L_Lk;QRK(=+Hy#k^KXxZai5qu2voz~4Cgq!4JwXDf)x+l`7heCpn$Hxm;Tvg1Xh7xjx<#&BRy3vWv+=PT}uYjuxmIyGOFJBe*f7}HdG1DY6gSpy=z zHQv~Q(n?>cTRnS1T-S&XzWZsoe*cUzV$};tZG7_dCJkVlSHCo~5z{)D2(_@BAKJ+{ zRCyN8DlwE`y<9Ew+by4nY&N4~N}aa$il&+M?3aqw!P|pw-J3A@WvV~TT9IfO?|D=& z%0=YlGNa6L=tn=|6DL^y1pz;E0CsOoccvNzsVn2%lwo9^BMwm2wk(`-JoFj88*iW- zGX@6jd-NLtIv!&SLpTC-_L&~4jPuuYK_t7fQ<;tOJ59C-7dor701okWYx#li@aA0B zBRfy2Zc^`tk;5eq8h_XC>x<3h&wj+jmy_5$fqTU7nwemg%O5G6VHc!@H7~zJ2|m+0 zS)5X^-iEm?!o^br?NRn?GFesq@EIcS?CP0Y2`SeUyTH*>k-49m<&Arf@!gYu3?c8o zUkG;i-~^ZzgU84HIX$R`Kg%D&m`-^abL|iv)puSZ{-GSWA4q4}sbWqME)fS94x4s& zM)lp=)a8{1S;m6lsr=21&`uqSG9vRvrb}2ws>R0Pal)!m@2#5bA*-llSrqKF0&D2# zSbB?4+^P@u@W-amb2%sHc@uux2@WY4A&M7ZIx*XUC60k$nBlft}v|*wZ@vO2~mY3GJK3$O0BEuf^BamTjeF=bj#|e`TCX) z&X=k6v1VlVgg3cF_dgo^zWn$_)M0LE4YfvFPs>e}n%d}FrF4;ZvK@D~>*AA|oQc;> zZej23ftEquK8{tqPfKNzMqg>ZK%X8o#n0!mNevvB`DW8`;i0Ye&QhV%_>hhaVOy|}q^?3qiKDEzPpnRn--;L=M}6)@+!G8a()bVwFREx= zub}zkjlMApV8?q<(1_1uZ?JP15zBxIedqN?MoUH6`(d#L15!Dj?Vklt=RfNL#ksk8 zTCMmjybY50oW|Z&ymsVdI8p%H`u*st8|fu7f7;Ai-m7&~4sV9{4O&+OFQeQy${5L? zk{76bn#Uma5Zss+q;sbgW{ZljjkFGV!#EPSK&~?Cy&yR4yDZ{zapgn|+wsT>kKt4? zZW0&T*XT(iReyH8GYucjR#IXUQ?(p|Px5Xs-hIRqx2IkINE(0Ig5@O*`||FB=pWpp zYzM}gN7(UT8y33P&LS;VxojRu10ku0c3CXFw$_LBDwVw4Y(hlx^hJA3;_XK}I+(s! z{Y6{?lOA0mf)Bfl`#iEQl{NZUWd?+@rv}3w{MM_GP7IC37tyw~ZqcO9=X?~*>cH52 z{Xj6o{_0PY6mrndSiF;c^C=xMI9a+I6>fOo+wZv3j4&KkIA{#bSn%GgjXBBo8p)6h zAP1ES5L1^HR#;$7ZN#VeXnT@*S2-D)J|&s(=)tE}Q6dylev7lv(MB&md8Ke#JLkmF zz*=&r`A^q-aepJp>dSD8(PqL~W~^+pEfxNtm;L=*4Q15t!u7<;U=w+k`n6>KN9=W) zf=y2~<(+z;zavXNFyTjOu?bW;rbxq5(C0 zkSv{{Z7hRwkBzqe`bt!sc^RMB8`AJh+y1z00cu(8)9SbDq7SmO2ur%KoKSs2%E%z} zc{975c}F;>mn{HGs}E6nvpze;&A!mI4Xvz~60>xu8{GW3W2v0h+R&$mH2KcMVk>O90Izx*jAMq;Ist?-O zyD_z!V%q8Zl=T&v>eEUdfJjuY-*Zb@hgM6yn-IYgCzNL&$`c>z8?Fv!EpK(&xX2>! zEMcHXzT+JmF)57Ny~AmQBS7q5;bc5*FDqRDc1}8A3hI_r@9jB4KnbrcUVq$I8EV>7bM54LueeeB1{n%|Gp^<6@UyWNchtBGaz?2s*m{w*jPDsCL;Eb7^rxwro;@vlTrQ|#(+6`ae z1QpEyl!l9ae7>;^Rta6XKmW|%MQm_J{HtX;jU1bWjT0m~Bju!t#g8Se@q9+t-zx1{ zyv!W5qPZ^Bpu9Fq(L~|Jppc6w7sC+E*T*EzXQFyMRXX0fN?(oRttqbDh?=B!Gb zO>A3=GM|Q)-7DVZWniyKh#X-G-3U6U-_aq(AT*6oG6jyCbUvy1i(*PuyPJss1F+4~dsk+Knv`lciGr}MVx+_xyfhiRpmB5(EQ&T@YH zDhvGJcTrv$r++?zb;mQG9F4KksVPrSvWIelBjr2el_MYDbxuEhY$0tL&x4Kamb;zY zLVlk#PhnVq4528(*`dF$tHjN_{t>TKfZT1o!zE3G%f9b?iVQ5j4k8anIItZY@_U#T zhSo#t9)%o#?p_&51&N&Eo;{6F$teEb(|V>jT-_VrUUQXC=&8*0z^`6TO8*N!gq-bz zLKl_kw8|LF-Y6qucvD*K7a#YgeX?@w%7?|T*+M~P93MFN%35JSZC#ZmOc_T7P<^Nc>7 z<;rrJsk^!ih!)1+%2(a2|I|fi(&Ma zoiYnhnfK`#ATg5*ysxz=;wo}(N4MqO$6>q(X#24s8I zAT@EPEXm#B>bf?rZ=Vlb+3&kg4v%<_Wnc&(u2B*Tf<@&o?~}rWBxDAV zncNZN+f~d6DGt!Mi9voAQx1PY21Oa#DjaEp1_HuL=<`9rHnP#t%0hM3PE;W}%|-%(1Vcd*N7rpuzSs87FyQ`!j>GF-Fr} zoir;yO{=uPIEHVEgf?^u@$(JHuQ1{cx_{WX^3-7@Prr!q^5+YusP42#Tr3pNmk_GO5Qja zP^YRu@WIfL;gSmK%j?m&Z$3+R44n*=e`m+4fdN0=9R8cSMOn$jK~9I~jHb736e};2 zUnOdD;&z5|a$Wk_v^YSc?w@b9T5b2IwqK^+@ncP`752Ln3MgEg|3u_;AT})l5CRCX z1m6vXoY?wAr^dzSDwhnU>Cgj$oMp?Fo4KLtmN`*Vg@65Dm z+Pq?q;UzR^FPrY8!O$Wj;2)NaoKz$Ayd|IY(YYv-579ACYVK11PU^s5-88hZfzQ!J zvlUwD!p2~T=SpZGRo`BUu=hj7)lkX?Ch!}zYhlI8?J(xSUpsNe8|z6Hd7O7WCyWf# zz}fKPGZWF?vcqCoV>Z&a0z> zv16mEL)J4Ue!fEM^Abz8#Z0DeJ{DEB$!LW`$2P{tcX*{)F=74A$e5qjd;u>#ud#CY zrEF;E@bEKC>I5R$#UtY1GoC}Q|MK6zAA>-&zuj~-&Nb(YaM>2m-hc}xP$r7ztO!A& z9rd^;U7KrfGdVA^)FfoW)+1WwKa^>GI*&h`TX(nNik&jZBTz5J_M0WpV&9tR?Vw@A z=pRj}R({g(^3jnpOtqI}&TfEheL>8BnVN$~mS8+jFGL3;@mz=4T2d|RYcWMF*Kc-J=^T?wJ#v^x&!?`K7 zUFVYGx8o2-1{%0*udrAkALmU%DR;c~2{-L}-MN*Jy(?2TiQWO9O(7Rem)4lnIJfx# zdmWZhYyT$n{O!W``7`gT=a{XsdH~scoe{S*r39xLcPl{Zeq}uEm2WP2lQgy*IdV+WG2rle6Czdtyw(^8<(k>xAS z4Z>rg_iYiLmq0PoFHq`v4SPULnUcTd=*wlEIeBWWFx0s;m#Meppz~iKY(a~<6g;)* zFkgt)Yq|B-PNsDoAB{P}cv$4mPgji@@t=@4^t3-s) z8v-EOmK=dOr^ER+!t_JhN8^z0nFsPZl4DK@T1rA_=5-oNl_F5?Ll_HY2u;Z!*2Xn) zed%)!!1ol;Q3NfVb!`fi;zM#pHVJEmS!Tk@sFlBDY=6SzRjMF01|GjHl?txgHF?hD zCg_lFg@XAEI>M)GAYJz4JRohe&C4?=M7>(=FGu^P;?EU;U6lD?KWsF)lc-d|l~O1k zpzC|{fow5KgbcIb*+rIoC8*o2Lu&9K+GD&)@uX$MeP-#@jr>JyAM{qLth#=k!;A%N zovsg6y{j(bX7+jYRZcm)H6vaSY_f4Z>4%n@2vjniU-!tYO8ssFwmAR>1OTI;vSk4o zd&^vAiC~iePtpPA0s!lHvb^gpfJKglIrXNB?}lHbjUc6!+`ALBO9@_LDM7cnRD9X6 ziAJ^mwIga0tR4Qj17b}zr3?UEdp-Xb^$AQ9nxF$Dc2bN-(Cy-Hf7$=~-zNaIF$73f zS%S7m5pWye9Yb#g1WQawMIzU)zUZT6yUe4-M0JC)gXD(-D>E@}Q|1z-ZEM1t_n`i^ znJnWC|I&AVJLkvBKx1WjLtbl>=l1>I7iqpT0Jvs=Aur#4>$~^g{{nw%?f}?SV21BB zT4Ga@PN`sDX#dt~(()S?e)W%^?#1fS&*Lb{T_l#J~U5@wP<;<+pM`+HtbG z!i>B;qEchf5SO`FJt7*TsPaCHD@Ok(NPK2*4@8{W;Rcj8VO^hj z=A01$S3>}J(6%q{JDwm@qAlCqYc};`ZmD)&K}}P84kVe7mWm(eRr+`j#CwUpc+NpI zXofCNXM6)Z4*nD4@1M-@!0psifN%dLNT>g5^S+F-+X#RX-TQKIW8vDgV&fzg5zp{u zl(OJ31?Odsz;}gvE?Mg^Xm-ka_q{Eh@k9*_2JaJaUpptV``+`bYB$MZQ}PXE=&~R( zCpIU*9pObmUUu=u8vTxD;aV!dEBG4Udi|3fYKmA_#L1OUzZJv{F831_IqO*{!2f@$ zLgNbjK=f8KlvnF~(0z$FWU!0SI}M^w$2zXRd-n9ZsC9)MO9FJ65VO6EtH-ep)arD= zQ-MwmW!%KN4XFX(dR#1a*v>h$|N9l;M-KcvWrj_;#eaLjU&{uFf()H5 zhs25SrSELQTv9i=B_Iad#ge=heOF&V@XurPk??!|l1P>~8cdn=K(8`zCwugovE?ty z%%60LHOw92$Q6xzR(r>N!j&5)FveZg8 z+#mOKaB$o|sC{NCCdt*yPuV~pVqv2cD3z!ka@e{E_tfzcW~sJeel-&ssNiM(%bl&ny*%a zxw&-!<4>`dL(FDo%KB6p-QJp*y+enCmM!L%2vK|>HiRA%SIImZ``h#5UPms8uj)@f zM^^&QXX}fBil5Hh?7<8{LDI|Rto0&g@v6Qxs5#;xN{sT?SBMLXg>Yv(5~qSmNkl;n zbq<}iR}`)ToYY|0@tV(fd1Coy?BDvOepUH4Br7o3r)nLxPDWkrXEurB7&l8%9khQY zPqM%pVhm)u5)>*%n&1ywtDBQ%v`JX4nuVBIekSl|2YtD|v;mWH)w`JE~&?4-gT z`SiF72_(>b^^7D6-Xp!wa58A0lqVjj$|;lFTjE4YZu!~x|4H@?iz*u3H zMx<$}^xixAJxZAI&2RP%5zDv4n?!xJ9)!HEbSeL*9c3&NQRI375_R~t*FjI(=Np#c znlxw}x=Us~KE0LA1Ma#isXA}fl3jGrQYHk-(VS+po`G`X??h}LefgLp z&$gKb)CfLycnI|=D{_04c?i9T-sf<6lRll6cmCDBV^f}}z+aCEy%hdxt&Zq%Rt!Pl zgUehmR2q?2s|zQW-K32xq3pZIQUj~T>BH5Olx^PEg^gv3n;!R!b;tf>yQo=AdinbHDe}oi|7*Py${$IuO(G0@;+pUsqJNlmDBj(w z^RMtT`=2#%5(Rzg6lcRt)6l~w?NTPL_RI`(=J?U?#+PO#;Hx9nMd+0~W>Mnz9U06Q zn)S{A{;4;`Uw4&EdO$x4>L{_W6)wE5CgT`wA5gI?mez^vvN@`Z+-oLka(PdHIW)RjcTpCS-=ySXGHXH?Wug{mzz`GMli-%7`%k2{T)qm7{N5jFcp@xj{g~^G`|S zTO#F;kkL2AFHn9wK}S98B5xY6*3-_K?X${)Uq6?cZs-2rnj?$A@JNZ%^LyEM?T(;I zY&CtZCB9JnWW+&w;M1km9pR_jrN7rbPz#JNtJMzSQwg8w3&lSKpd=H^pX7}gGsP}X zEAp>t1T4BP$3pNYr*9$$NeiNmwFLD3*TMT_jI|M@5&|jChW3WY z+qA0{%NF8R6q(Fq%yQRmCVKp(ToI8k3$q2EAx(lv8klJTx~5ajxP9f4*lIQtA48Kd z)QnHDaInqrLbRE(p=J*v$k(ZQV?35wMQ<`4*KnZnpW6zOX9#4IU?2p~8!eFQ-yx<@ zZ2yH%SoS`ra678VlQS$09w>|BvZnwo2G>zEJTsK8qZ$ z9m$)xX@C?zV)=F*t46YLZKc$xQ3~F8-CKW9y3@P6`Ee{)2$GAcpBaI8Jy@GXzCz%d zJQ-0z?4}D#dfsp-k#8m1Rs3&RTpfUTK;aiEd~sINrGwPueLsErIO*0dS2pE9LD8G6 z3xAx#r6ePnIpw(At^}Jfk430i1_xI&>1HA)9&Ba$M=k69pRGg?3vYZ**!%tej34lm znIKlBP3-A~|L3GIafcM1NsCgkj3WMXN`PlbCC0qFmD%ZI^gpu#oY@@krS01K^ZyMM f@F4CCzwiTarzbbAk_&*x>@lG7>T*>w=E46zf!@hD literal 0 HcmV?d00001 diff --git a/website/source/guides/authentication.html.md b/website/source/guides/authentication.html.md index cac5d24b77f5..098ac640b5f8 100644 --- a/website/source/guides/authentication.html.md +++ b/website/source/guides/authentication.html.md @@ -85,17 +85,15 @@ Started](/intro/getting-started/install.html) guide to install Vault. Make sure that your Vault server has been [initialized and unsealed](/intro/getting-started/deploy.html). -### Policy requirements - -To perform all tasks demonstrated in this guide, you need to be able to -authenticate with Vault as an [**`admin`** user](#personas). +### Policy requirements -> **NOTE:** For the purpose of this guide, you can use **`root`** token to work with Vault. However, it is recommended that root tokens are only used for just enough initial setup or in emergencies. As a best practice, use tokens with appropriate set of policies based on your role in the organization. -The `admin` policy must include the following permissions: +To perform all tasks demonstrated in this guide, your policy must include the +following permissions: ```shell # Mount the AppRole auth backend diff --git a/website/source/guides/cubbyhole.html.md b/website/source/guides/cubbyhole.html.md index c1eb4c3421bb..7d016038fc9e 100644 --- a/website/source/guides/cubbyhole.html.md +++ b/website/source/guides/cubbyhole.html.md @@ -34,8 +34,8 @@ long as its policy allows it. The end-to-end scenario described in this guide involves two personas: -- **`admin`** with privileged permissions to create tokens and policies -- **`app`** is the receiving client of a wrapped response +- **`admin`** with privileged permissions to create tokens +- **`apps`** is the receiving client of a wrapped response ## Challenge @@ -43,12 +43,12 @@ In order to tightly manage the secrets, you set the scope of who can do what using the [Vault policy](/docs/concepts/policies.html) and attach that to tokens, roles, entities, etc. -How to securely distribute the initial token to a machine or app? +How to securely distribute a secret (e.g. token, credentials) to a machine or app? ## Solution Use Vault's **cubbyhole response wrapping** where the initial token is stored in -the cubbyhole backend. The wrapped secret can be unwrap using the single use +the cubbyhole backend. The wrapped secret can be unwrapped using the single-use wrapping token. Even the user or the system created the initial token won't see the original value. The wrapping token is short-lived and can be revoked just like any other tokens so that the risk of unauthorized access can be minimized. @@ -63,15 +63,13 @@ unsealed](/intro/getting-started/deploy.html). ### Policy requirements -To perform all tasks demonstrated in this guide, you need to be able to -authenticate with Vault as an [**`admin`** user](#personas). - -> **NOTE:** For the purpose of this guide, you can use **`root`** token to work with Vault. However, it is recommended that root tokens are only used for just enough initial setup or in emergencies. As a best practice, use tokens with appropriate set of policies based on your role in the organization. -The `admin` policy must include the following permissions: +To perform all tasks demonstrated in this guide, your policy must include the +following permissions: ```shell # Manage tokens @@ -83,39 +81,41 @@ path "sys/auth/token/*" { path "sys/policy/*" { capabilities = [ "create", "read", "update", "delete", "list" ] } - -# Access cubbyhole backend -path "cubbyhole/private/*" { - capabilities = ["create", "read", "update", "delete", "list"] -} ``` ## Steps -To distribute the initial token to an app using cubbyhole response wrapping, you -perform the following tasks: +Think of a scenario where apps read secrets from Vault. The `apps` need: + +- Policy granting "read" permission on the specific path (`secret/dev`) +- Valid tokens to interact with Vault + +![Response Wrapping Scenario](/assets/images/vault-cubbyhole.png) + +Setting the appropriate policies and token generation are done by the `admin` +persona. For the `admin` to distribute the initial token to the app securely, it +uses cubbyhole response wrapping. In this guide, you perform the following: 1. [Create and wrap a token](#step1) 2. [Unwrap the secret](#step2) +**NOTE:** This guide demonstrates how the response wrapping works. To learn more +about reading and writing secrets in Vault, refer to the [Static +Secret](/guide/static-secrets.html) guide. + ### Step 1: Create and wrap a token (**Persona:** admin) When the response to `vault token-create` request is wrapped, Vault inserts the -generated token it into the cubbyhole of a single-use token, returning that +generated token into the cubbyhole of a single-use token, returning that single-use wrapping token. Retrieving the secret requires an unwrap operation against this wrapping token. In this scenario, an [admin user](#personas) creates a token using response wrapping. To perform the steps in this guide, first create a policy for the app. -`app-policy.hcl`: +`apps-policy.hcl`: ```shell -# Unwrap the token -path "sys/wrapping/unwrap" { - capabilities = [ "create", "read" ] -} - # For testing, read-only on secret/dev path path "secret/dev" { capabilities = [ "read" ] @@ -137,11 +137,12 @@ To create a token using response wrapping: $ vault token-create -policy= -wrap-ttl= ``` -Where the `` is a numeric string indicating the TTL of the response. +Where the `` can be either an integer number of seconds or a string +duration of seconds (15s), minutes (20m), or hours (25h). **Example:** -Generate a token for `app` persona using response wrapping with TTL of 60 +Generate a token for `apps` persona using response wrapping with TTL of 60 seconds. ```shell @@ -159,19 +160,33 @@ wrapped_accessor: 195763a9-3f26-1fcf-6a1a-ee0a11e76cb1 The response is the wrapping token; therefore, the admin user does not even see the generated token from the `token-create` command. + #### API call using cURL -First create an `apps` policy: +First create an `apps` policy using `sys/policy` endpoint: ```shell -$ curl --header "X-Vault-Token: ..." --request PUT \ - --data @payload.json \ - https://vault.rocks/v1/sys/policy/apps +$ curl --header "X-Vault-Token: " \ + --request PUT \ + --data \ + /v1/sys/policy/ +``` + +Where `` is your valid token, and `` includes policy name and +stringfied policy. +**Example:** + +```shell +# Request payload $ cat payload.json { - "policy": "path \"sys/wrapping/unwrap\" { capabilities = [ \"create\", \"read\" ] ... }" + "policy": "path \"secret/dev\" { capabilities = [ \"read\" ] }" } + +# API call to create a policy named, "apps" +$ curl --header "X-Vault-Token: ..." --request PUT --data @payload.json \ + https://vault.rocks/v1/sys/policy/apps ``` Response wrapping is per-request and is triggered by providing to Vault the @@ -218,15 +233,16 @@ $ curl --header "X-Vault-Wrap-TTL: 60s" \ } ``` -Generate a token for `app` persona using response wrapping with TTL of 60 -seconds. The admin user does not even see the generated token. +This API call generates a token for `apps` persona using response wrapping with +TTL of 60 seconds. The admin user does not even see the generated token. ### Step 2: Unwrap the secret -(**Persona:** app) +(**Persona:** apps) -The response is wrapped by a wrapping token, and retrieving it requires an -unwrap operation against this token. +The `apps` persona receives a wrapping token from the `admin`. In order for the +`apps` to acquire a valid token to read secrets from `secret/dev` path, it must +run the unwrap operation using this token. -> **NOTE:** If a client has been expecting delivery of a response-wrapping token and none arrives, this may be due to an attacker intercepting the token @@ -324,60 +340,57 @@ $ curl --header "X-Vault-Token: af5f7682-aa55-fa37-5039-ee116df56600" \ ## Additional Discussion -Similar to the key/value secret backend, the cubbyhole backend is mounted at the -**`cubbyhole/`** prefix by default. The secrets you store in the `cubbyhole/` path -are tied to your token and only accessible by you. - -To test the cubbyhole secret backend, perform the following steps. +The `cubbyhole` secret backend provides your own private secret storage space +where no one else can read (including `root`). This comes handy when you want to +store a password tied to your username that should not be shared with anyone. -First, create `tester` policy which grants permissions on the path under `cubbyhole/private/` prefix. +The cubbyhole backend is mounted at the **`cubbyhole/`** prefix by default. The +secrets you store in the `cubbyhole/` path are tied to your token and all tokens +are permitted to read and write to the `cubbyhole` backend by the [`default`](/docs/concepts/policies.html#default-policy) policy. ```shell -$ vault policy-write tester tester.hcl - -$ cat tester.hcl -path "cubbyhole/private/*" { - capabilities = ["create", "read", "update", "delete", "list"] +... +# Allow a token to manage its own cubbyhole +path "cubbyhole/*" { + capabilities = ["create", "read", "update", "delete", "list"] } +... ``` -Create a token attached to the `tester` policy, and then authenticate using the -token. +To test the cubbyhole secret backend, perform the following steps. (NOTE: Keep +using the `apps` token from [Step 2](#step2) to ensure that you are logged in with +non-root token.) -```shell -$ vault token-create -policy=tester -Key Value ---- ----- -token 2ba26888-b531-1626-3598-01ea4aa383bb -token_accessor 28cbd05c-31a3-0aaa-4dca-838a9aafe4cb -token_duration 768h0m0s -token_renewable true -token_policies [default tester] +#### CLI command + +Commands to write and read secrets to the `cubbyhole` backend: -$ unset VAULT_TOKEN +```shell +# Write key-value pair(s) in your cubbyhole +$ vault write cubbyhole/ = -$ vault auth 2ba26888-b531-1626-3598-01ea4aa383bb -Successfully authenticated! You are now logged in. -token: 2ba26888-b531-1626-3598-01ea4aa383bb -token_duration: 2764651 -token_policies: [default tester] +# Read values from your cubbyhole +$ vault write cubbyhole/ ``` -You should be able to write secrets under `cubbyhole/private/` path, and read it -back. +**Example:** + +Write secrets under `cubbyhole/private/` path, and read it back. ```shell +# Write "token" to cubbyhole/private/access-token path $ vault write cubbyhole/private/access-token token="123456789abcdefg87654321" Success! Data written to: cubbyhole/private/access-token +# Read value from cubbyhole/private/access-token path $ vault read cubbyhole/private/access-token Key Value --- ----- token 123456789abcdefg87654321 ``` -Now, try to access the secret using the root token, you shouldn't be able to -read. +Now, try to access the secret using the `root` token. It should NOT return the +secret. ```shell $ VAULT_TOKEN= vault read cubbyhole/private/access-token @@ -385,7 +398,61 @@ $ VAULT_TOKEN= vault read cubbyhole/private/access-token No value found at cubbyhole/private/access-token ``` +#### API call using cURL + +The API to work with the `cubbyhole` backend is very similar to `secret` backend: + +```shell +$ curl --header "X-Vault-Token: " \ + --request POST \ + --data \ + /v1/cubbyhole/ +``` + +**Example:** + +Write secrets under `cubbyhole/private/` path, and read it back. + +```shell +# Write "token" to cubbyhole/private/access-token path +$ curl --header "X-Vault-Token: e095129f-123a-4fef-c007-1f6a487cfa78" --request POST \ + --data '{"token": "123456789abcdefg87654321"}' \ + https://vault.rocks/v1/cubbyhole/private/access-token + +# Read value from cubbyhole/private/access-token path +$ curl --header "X-Vault-Token: e095129f-123a-4fef-c007-1f6a487cfa78" --request GET \ + https://vault.rocks/v1/cubbyhole/private/access-token | jq +{ + "request_id": "b2ff9f04-7a72-7eb0-672f-225b5eb652df", + "lease_id": "", + "renewable": false, + "lease_duration": 0, + "data": { + "token": "123456789abcdefg87654321" + }, + "wrap_info": null, + "warnings": null, + "auth": null +} +``` + +Now, try to access the secret using the `root` token. It should NOT return the +secret. + +```shell +$ curl --header "X-Vault-Token: root" --request GET \ + https://vault.rocks/v1/cubbyhole/private/access-token | jq +{ + "errors": [] +} +``` + Also, refer to [Cubbyhole Secret Backend HTTP API](/api/secret/cubbyhole/index.html). ## Next steps + +The use of [AppRole Pull Authentication](/guides/authentication.html) is a good +use case to leverage the response wrapping. Go through the guide if you have not +done so. To better understand the lifecycle of Vault tokens, proceed to [Tokens +and Leases](/guides/lease.html) guide. diff --git a/website/source/guides/dynamic-secrets.html.md b/website/source/guides/dynamic-secrets.html.md index bd9e302df846..6690aea73465 100644 --- a/website/source/guides/dynamic-secrets.html.md +++ b/website/source/guides/dynamic-secrets.html.md @@ -91,17 +91,15 @@ $ psql -U postgres -c 'CREATE DATABASE myapp;' [PostgreSQL Wiki](https://wiki.postgresql.org/wiki/First_steps) gives you a summary of basic commands to get started. -### Policy requirements - -To perform all tasks demonstrated in this guide, you need to be able to -authenticate with Vault as an [**`admin`** user](#personas). +### Policy requirements -> **NOTE:** For the purpose of this guide, you can use **`root`** token to work with Vault. However, it is recommended that root tokens are only used for just enough initial setup or in emergencies. As a best practice, use tokens with appropriate set of policies based on your role in the organization. -The `admin` policy must include the following permissions: +To perform all tasks demonstrated in this guide, your policy must include the +following permissions: ```shell # Mount secret backends @@ -118,6 +116,11 @@ path "database/*" { path "sys/policy/*" { capabilities = [ "create", "read", "update", "delete", "list" ] } + +# Create tokens for verification +path "auth/token/create" { + capabilities = [ "create" ] +} ``` If you are not familiar with policies, complete the diff --git a/website/source/guides/lease.html.md b/website/source/guides/lease.html.md index ec11cdad7efa..b126f441aafd 100644 --- a/website/source/guides/lease.html.md +++ b/website/source/guides/lease.html.md @@ -52,6 +52,14 @@ renewal and revocation 10 minutes +## Personas + +The end-to-end scenario described in this guide involves one persona: + +- **`admin`** with privileged permissions to create and manage tokens + +See the [policy requirements](#policy-requirements) section for details. + ## Challenge Consider the following scenarios: @@ -66,7 +74,13 @@ Vault has built-in support for secret revocation. Vault can revoke not only single secret, but also a tree of secrets. For example, Vault can revoke all secrets read by a specific **user** or all secrets of a specific **type**. Revocation assists in key rolling as well as locking down systems in the case of -an intrusion. This also allows for organizations to plan and train for various +an intrusion. + +If a user or machine needs a temporal access to Vault, you can set a short TTL +or number of use to a token so that the token gets revoked automatically at the +end of its life. + +This also allows for organizations to plan and train for various "break glass" procedures. ## Prerequisites @@ -77,6 +91,33 @@ Started](/intro/getting-started/install.html) guide to install Vault. Make sure that your Vault server has been [initialized and unsealed](/intro/getting-started/deploy.html). + +### Policy requirements + +-> **NOTE:** For the purpose of this guide, you can use **`root`** token to work +with Vault. However, it is recommended that root tokens are only used for just +enough initial setup or in emergencies. As a best practice, use tokens with +appropriate set of policies based on your role in the organization. + +To perform all tasks demonstrated in this guide, your policy must include the +following permissions: + +```shell +# Read default token configuration +path "sys/auth/token/tune" { + capabilities = [ "read" ] +} + +# Create and manage tokens (renew, lookup, revoke, etc.) +path "auth/token/*" { + capabilities = [ "create", "read", "update", "delete", "list", "sudo" ] +} +``` + +If you are not familiar with policies, complete the +[policies](/guides/policies.html) guide. + + ## Steps Tokens are the core methods for authentication within Vault. Tokens can be used @@ -135,7 +176,7 @@ max_lease_ttl 2764800 #### API call using cURL -Use `/sys/mounts` endpoint to read the default TTL settings for **token** auth +Use `/sys/auth/token/tune` endpoint to read the default TTL settings for **token** auth backend: ```shell @@ -453,16 +494,16 @@ the attempt to read the secret from cubbyhole failed. ### Step 4: Periodic tokens -Root or sudo users have the ability to generate **periodic tokens**. Periodic -tokens have a TTL, but no max TTL; therefore, it may live for an infinite -duration of time so long as they are renewed within their TTL. This is useful -for long-running services that cannot handle regenerating a token. +**Root** or **sudo** users have the ability to generate **periodic tokens**. +Periodic tokens have a TTL, but no max TTL; therefore, it may live for an +infinite duration of time so long as they are renewed within their TTL. This +is useful for long-running services that cannot handle regenerating a token. #### CLI command -First, create a token role with a specific `period`. When you set `period`, tokens -created for this role will have no max TTL. Instead, the `period` becomes the -token renewal period. This value can be an integer value in seconds (e.g. +First, create a token role with a specific `period`. When you set `period`, +tokens created for this role will have no max TTL. Instead, the `period` becomes +the token renewal period. This value can be an integer value in seconds (e.g. 2764800) or a string duration (e.g. 72h). ```shell @@ -499,12 +540,12 @@ token renewal period. This value can be an integer value in seconds (e.g. **Example:** -```plaintext +```shell $ curl --header "X-Vault-Token: ..." --request POST \ - --data @token-role.json \ + --data @payload.json \ https://vault.rocks/v1/auth/token/roles/zabbix -$ cat token-role.json +$ cat payload.json { "allowed_policies": [ "default", @@ -519,9 +560,9 @@ policies attached. Also, its renewal period is set to 24 hours. Now, generate a token: -```shell +```plaintext $ curl --header "X-Vault-Token: ..." --request POST \ - https://$ vault.rocks/v1/auth/token/create/zabbix | jq + https://vault.rocks/v1/auth/token/create/zabbix | jq { ... "auth": { @@ -538,7 +579,7 @@ $ curl --header "X-Vault-Token: ..." --request POST \ } ``` --> Generated tokens are renewable indefinitely for as long as it gets renewed +Generated tokens are renewable indefinitely for as long as it gets renewed before its lease duration expires. The token renew command was covered in [Step 2](#step2). @@ -553,7 +594,7 @@ indefinitely. To create AppRole periodic tokens, create your AppRole role with **Example:** ```plaintext -$ vault write auth/approle/role/jenkins policies="dev-pol,devops-pol" period="72h" +$ vault write auth/approle/role/jenkins policies="jenkins" period="72h" ``` Or @@ -566,23 +607,23 @@ $ curl --header "X-Vault-Token:..." --request POST \ $ cat payload.json { "allowed_policies": [ - "dev-pol", - "devops-pol" + "jenkins" ], "period": "72h" } ``` -For more details about AppRole, refer to [AppRole Pull Authentication](/guides/authentication.html). +-> For more details about AppRole, refer to [AppRole Pull Authentication](/guides/authentication.html). ### Step 5: Orphan tokens -Root or sudo users have the ability to generate **orphan** tokens. Orphan tokens +**Root** or **sudo users** have the ability to generate **orphan** tokens. Orphan tokens are **not** children of their parent; therefore, it does not expire when their parent does. + **NOTE:** Orphan tokens still expire when their own max TTL is reached. #### CLI command @@ -676,6 +717,8 @@ sys/ system system_f5b5ecac n/a n/a n/a false transit/ transit transit_07fc2df9 n/a system system false replicated false ``` +Notice the **Default TTL** and **Max TTL** columns. + #### 2. Tune the system TTLs Override the global defaults by specifying `default_lease_ttl` and @@ -683,18 +726,22 @@ Override the global defaults by specifying `default_lease_ttl` and **Example:** +The following example assumes that you have database secret backend configured. + ```shell $ vault write sys/mounts/database/tune default_lease_ttl="8640" ``` Or -```plaintext +```shell $ curl --header "X-Vault-Token:..." --request POST \ - --data `{ "max_lease_ttl": 129600}`\ + --data '{ "max_lease_ttl": 129600}' \ https://vault.rocks/v1/sys/mounts/database/tune ``` + + #### 3. Check the role specific TTLs Depending on the backend, there may be more specific TTLs configured (e.g. @@ -717,3 +764,7 @@ renewable true ## Next steps + +Now you have learned the lifecycle of tokens and leases, read [AppRole Pull +Authentication](/guides/authentication.html) guide to learn how to generate +tokens for apps or machines. diff --git a/website/source/guides/policies.html.md b/website/source/guides/policies.html.md index 7a700282a470..b6f8109edd2c 100644 --- a/website/source/guides/policies.html.md +++ b/website/source/guides/policies.html.md @@ -8,9 +8,9 @@ description: |- # Policies -In Vault, use policies to govern the behavior of clients and instrument +In Vault, use policies to govern the behavior of clients and instrument Role-Based Access Control (RBAC) by specifying access privileges - (_authorization_). +(_authorization_). When you first initialize Vault, the [**`root`**](/docs/concepts/policies.html#root-policy) policy gets created by @@ -23,8 +23,9 @@ In addition, there is another build-in policy, `default` policy is attached to all tokens and provides common permissions. Everything in Vault is path based, and write policies to grant or forbid access -to certain paths and operations in Vault. Vault operates on a **secure by default** -standard, and as such an empty policy grants **no permission** in the system. +to certain paths and operations in Vault. Vault operates on a **secure by +default** standard, and as such as empty policy grants **no permission** in the +system. ### HashiCorp Configuration Language (HCL) @@ -84,7 +85,7 @@ Started](/intro/getting-started/install.html) guide to install Vault. Make sure that your Vault server has been [initialized and unsealed](/intro/getting-started/deploy.html). -### Policy requirements +### Policy requirements Since this guide demonstrates the creation of an **`admin`** policy, log in with **`root`** token if possible. Otherwise, make sure that you have the following diff --git a/website/source/guides/static-secrets.html.md b/website/source/guides/static-secrets.html.md index a5fbe9a7868a..d0fb8ec55e40 100644 --- a/website/source/guides/static-secrets.html.md +++ b/website/source/guides/static-secrets.html.md @@ -27,6 +27,13 @@ Secret Storage. 10 minutes +## Personas + +The end-to-end scenario described in this guide involves two personas: + +- **`devops`** with privileged permissions to write secrets +- **`apps`** reads the secrets from Vault + ## Challenge Consider the following situations: @@ -59,6 +66,36 @@ Started](/intro/getting-started/install.html) guide to install Vault. Make sure that your Vault server has been [initialized and unsealed](/intro/getting-started/deploy.html). +### Policy requirements + +-> **NOTE:** For the purpose of this guide, you can use **`root`** token to work +with Vault. However, it is recommended that root tokens are only used for just +enough initial setup or in emergencies. As a best practice, use tokens with +appropriate set of policies based on your role in the organization. + +To perform all tasks demonstrated in this guide, your policy must include the +following permissions: + +```shell +# Write and manage secrets in key/value backend +path "secret/*" { + capabilities = [ "create", "read", "update", "delete", "list" ] +} + +# Create policies to permit apps to read secrets +path "sys/policy/*" { + capabilities = [ "create", "read", "update", "delete", "list" ] +} + +# Create tokens for verification & test +path "auth/token/create" { + capabilities = [ "create" ] +} +``` + +If you are not familiar with policies, complete the +[policies](/guides/policies.html) guide. + ## Steps @@ -69,7 +106,7 @@ scenario here is to store the following secrets: - Root certificate of a production database (MySQL) To store your API key within the configured physical storage for Vault, use the -key/value secret backend via **`secret/`** prefixed. +**key/value** secret backend via **`secret/`** prefixed path. -> Key/Value secret backend passes through any operation back to the configured storage backend for Vault. For example, if your Vault server is configured with @@ -77,18 +114,30 @@ Consul as its storage backend, a "read" operation turns into a read from Consul at the same path. - You will perform the following: 1. [Store the Google API key](#step1) 2. [Store the root certificate for MySQL](#step2) -3. [Retrieve the secrets](#step3) +3. [Generate a token for apps](#step3) +4. [Retrieve the secrets](#step4) + +![Personas Introduction](/assets/images/vault-static-secrets.png) + +Step 1 through 3 are performed by `devops` psersona. Step 4 describes the +commands that `apps` persona runs to read secrets from Vault. ### Step 1: Store the Google API key +(**Persona:** devops) + +Everything after the **`secret/`** path is a key-value pair to write to the +secret backend. You can specify multiple values. If the value has a space, you +need to surround it with quotes. Having keys with spaces is permitted, but +strongly discouraged because it can lead to unexpected client-side behavior. -If the secret path convention is **`secret//apikey/`**, store the -Google API key in `secret/eng/apikey/Googl`. If you have an API key for New Relic -owned by the DevOps team, the path may look like +Let's assume that the path convention in your organization is +**`secret//apikey/`** for API keys. To store the Google API key used +by the engineering team, the path would be `secret/eng/apikey/Googl`. If you +have an API key for New Relic owned by the DevOps team, the path would look like `secret/devops/apikey/New_Relic`. #### CLI command @@ -139,6 +188,7 @@ The secret key is "key" and its value is ### Step 2: Store the root certificate for MySQL +(**Persona:** devops) For the purpose of this guide, generate a new self-sign certificate using [OpenSSL](https://www.openssl.org/source/). @@ -179,8 +229,9 @@ save it as `cert.pem`. #### CLI command The command is basically the same as the Google API key example. Now, the path -convention is **`secret//cert/`**. To store the root certificate -for production MySQL, the path becomes `secret/staging/cert/postgres`. +convention for certificates is **`secret//cert/`**. To +store the root certificate for production MySQL, the path becomes +`secret/staging/cert/postgres`. **Example:** @@ -188,8 +239,8 @@ for production MySQL, the path becomes `secret/staging/cert/postgres`. $ vault write secret/prod/cert/mysql cert=@cert.pem ``` -This example reads the root certificate from a PEM file from the disk, and store it under -`secret/prod/cert/mysql` path. +This example reads the root certificate from a PEM file from the disk, and store +it under `secret/prod/cert/mysql` path. > **NOTE:** Any value begins with "@" is loaded from a file. @@ -208,12 +259,121 @@ $ curl --header "X-Vault-Token: ..." \ > **NOTE:** Any value begins with "@" is loaded from a file. -### Step 3: Retrieve the secrets +### Step 3: Generate a token for apps +(**Persona:** devops) + +To read the secrets, `apps` persona needs "read" permit on those secret backend +paths. In this scenario, the `apps` policy must include the following: + +**Example:** `apps-policy.hcl` + +```shell +# Read-only permit +path "secret/eng/apikey/Google" { + capabilities = [ "read" ] +} + +# Read-only permit +path "secret/prod/cert/mysql" { + capabilities = [ "read" ] +} +``` + + +#### CLI command + +First create `apps` policy, and generate a token so that you can authenticate +as an `apps` persona, and read the secrets. + +```shell +# Create "apps" policy +$ vault policy-write apps apps-policy.hcl +Policy 'apps' written. + +# Create a new token with app policy +$ vault token-create -policy="apps" +Key Value +--- ----- +token e4bdf7dc-cbbf-1bb1-c06c-6a4f9a826cf2 +token_accessor 54700b7e--data828-a6c4-6141-96e71e002bd7 +token_duration 768h0m0s +token_renewable true +token_policies [apps default] +``` + +Now, `apps` can use this token to read the secrets. + + +#### API call using cURL + +First create an `apps` policy, and generate a token so that you can authenticate +as an `app` persona. + +**Example:** + +```shell +# Payload to pass in the API call +$ cat payload.json +{ + "policy": "path \"secret/eng/apikey/Google\" { capabilities = [ \"read\" ] ...}" +} + +# Create "apps" policy +$ curl --header "X-Vault-Token: ..." --request PUT \ + --data @payload.json \ + https://vault.rocks/v1/sys/policy/apps + +# Generate a new token with apps policy +$ curl --header "X-Vault-Token: ..." --request POST \ + --data '{"policies": ["apps"]}' \ + https://vault.rocks/v1/auth/token/create | jq +{ + "request_id": "e1737bc8-7e51-3943-42a0-2dbd6cb40e3e", + "lease_id": "", + "renewable": false, + "lease_duration": 0, + "data": null, + "wrap_info": null, + "warnings": null, + "auth": { + "client_token": "1c97b03a-6098-31cf-9d8b-b404e52dcb4a", + "accessor": "b10a3eb7-15fe-1924-600e-403cfda34c28", + "policies": [ + "apps", + "default" + ], + "metadata": null, + "lease_duration": 2764800, + "renewable": true, + "entity_id": "" + } +} +``` + +Now, `apps` can use this token to read the secrets. + +**NOTE:** For the purpose of this guide, you created a policy for `apps` +persona, and generated a token for it. However, in a real world, you may have +a dedicated `policy author`, or `admin` to write policies. Also, the +consumer of the API key may be different from the consumer of the root +certificate. Then each persona would have a policy based on what it needs to +access. + +![Personas Introduction](/assets/images/vault-static-secrets2.png) + + + +### Step 4: Retrieve the secrets +(**Persona:** apps) + +Using the token from [Step 3](#step3), read the Google API key, and root certificate for +MySQL. -Retrieving the secret from Vault is simple. #### CLI command +The command to read secret is: + ```shell $ vault read secret/ ``` @@ -221,6 +381,14 @@ $ vault read secret/ **Example:** ```shell +# Authenticate with Vault using the generated token first +$ vault auth e4bdf7dc-cbbf-1bb1-c06c-6a4f9a826cf2 +Successfully authenticated! You are now logged in. +token: e4bdf7dc-cbbf-1bb1-c06c-6a4f9a826cf2 +token_duration: 2764277 +token_policies: [apps default] + +# Read the API key $ vault read secret/eng/apikey/Google Key Value --- ----- @@ -237,6 +405,8 @@ AAaaBBccDDeeOTXzSMT1234BB_Z8JzG7JkSVxI #### Root certificate example: +The command is basically the same: + ```shell $ vault read -field=cert secret/prod/cert/mysql -----BEGIN RSA PRIVATE KEY----- @@ -246,11 +416,22 @@ MIIEowIBAAKCAQEA6E2Uq0XqreZISgVMUu9pnoMsq+OoK1PI54rsA9vtDE6wiRk0GWhf5vD4DGf1 #### API call using cURL +Use `secret/` endpoint to retrieve secrets from key/value backend: + +```shell +$ curl --header "X-Vault-Token: " \ + --request Get \ + /v1/secret/ +``` + **Example:** +Read the Google API key. + ```shell -$ curl --header "X-Vault-Token: ..." --request GET \ - https://vault.rocks/v1/secret/eng/apikey/Google | jq +$ curl --header "X-Vault-Token: 1c97b03a-6098-31cf-9d8b-b404e52dcb4a" \ + --request GET \ + https://vault.rocks/v1/secret/eng/apikey/Google | jq { "request_id": "5a2005ac-1149-2275-cab3-76cee71bf524", "lease_id": "", @@ -270,15 +451,17 @@ $ curl --header "X-Vault-Token: ..." --request GET \ Retrieve the key value with `jq`: ```shell -$ curl --header "X-Vault-Token: ..." --request GET \ - https://vault.rocks/v1/secret/eng/apikey/Google | jq ".data.key" +$ curl --header "X-Vault-Token: 1c97b03a-6098-31cf-9d8b-b404e52dcb4a" \ + --request GET \ + https://vault.rocks/v1/secret/eng/apikey/Google | jq ".data.key" ``` #### Root certificate example: ```shell -$ curl --header "X-Vault-Token: ..." --request GET \ - https://vault.rocks/v1/secret/prod/cert/mysql | jq ".data.cert" +$ curl --header "X-Vault-Token: 1c97b03a-6098-31cf-9d8b-b404e52dcb4a" \ + --request GET \ + https://vault.rocks/v1/secret/prod/cert/mysql | jq ".data.cert" ``` ## Additional Discussion @@ -357,5 +540,10 @@ $ cat mongodb.txt } ``` - ## Next steps + +This guide introduced the CLI commands and API endpoints to read and write +secrets in key/value backend. To keep it simple, the `devops` persona generated a +token for `apps`. Read [AppRole Pull +Authentication](/guides/authentication.html) guide to learn about +programmatically generate a token for apps. From 0dcb02fec73d1194063cb2020f93877a6d3a0a47 Mon Sep 17 00:00:00 2001 From: Yoko Hyakuna Date: Wed, 24 Jan 2018 18:10:56 -0800 Subject: [PATCH 013/178] Fixed the sample admin policies --- website/source/guides/authentication.html.md | 5 ++ website/source/guides/dynamic-secrets.html.md | 4 +- website/source/guides/lease.html.md | 50 ++++++++++++------- website/source/guides/policies.html.md | 50 ++++++++++++++++--- website/source/guides/static-secrets.html.md | 2 +- 5 files changed, 84 insertions(+), 27 deletions(-) diff --git a/website/source/guides/authentication.html.md b/website/source/guides/authentication.html.md index 098ac640b5f8..938bea13839a 100644 --- a/website/source/guides/authentication.html.md +++ b/website/source/guides/authentication.html.md @@ -97,6 +97,11 @@ following permissions: ```shell # Mount the AppRole auth backend +path "sys/auth/approle" { + capabilities = [ "create", "read", "update", "delete", "sudo" ] +} + +# Configure the AppRole auth backend path "sys/auth/approle/*" { capabilities = [ "create", "read", "update", "delete" ] } diff --git a/website/source/guides/dynamic-secrets.html.md b/website/source/guides/dynamic-secrets.html.md index 6690aea73465..59a70297c4d2 100644 --- a/website/source/guides/dynamic-secrets.html.md +++ b/website/source/guides/dynamic-secrets.html.md @@ -117,9 +117,9 @@ path "sys/policy/*" { capabilities = [ "create", "read", "update", "delete", "list" ] } -# Create tokens for verification +# Manage tokens for verification path "auth/token/create" { - capabilities = [ "create" ] + capabilities = [ "create", "read", "update", "delete", "list", "sudo" ] } ``` diff --git a/website/source/guides/lease.html.md b/website/source/guides/lease.html.md index b126f441aafd..f83fbc0694cf 100644 --- a/website/source/guides/lease.html.md +++ b/website/source/guides/lease.html.md @@ -103,15 +103,30 @@ To perform all tasks demonstrated in this guide, your policy must include the following permissions: ```shell +# List available auth backend - Step 1 +path "sys/auth" { + capabilities = [ "read" ] +} + # Read default token configuration path "sys/auth/token/tune" { - capabilities = [ "read" ] + capabilities = [ "read", "sudo" ] } # Create and manage tokens (renew, lookup, revoke, etc.) path "auth/token/*" { capabilities = [ "create", "read", "update", "delete", "list", "sudo" ] } + +# For Advanced Features - list available secret backends +path "sys/mounts" { + capabilities = [ "read" ] +} + +# For Advanced Features - tune the database backend TTL +path "sys/mounts/database/tune" { + capabilities = [ "update" ] +} ``` If you are not familiar with policies, complete the @@ -229,7 +244,7 @@ token 7544266f-3ec9-81a6--data504-e258b89de862 token_accessor 59aae2f1-2e97-6ebb-f925-8a97cf5a9942 token_duration 30s token_renewable true -token_policies [root] +token_policies [admin] # Test the new token $ VAULT_TOKEN=3b2b1285-844b-4b40-6afa-623f39c1b738 vault token-lookup @@ -247,7 +262,7 @@ meta num_uses 0 orphan false path auth/token/create -policies [root] +policies [admin] renewable true ttl 8 ``` @@ -290,7 +305,7 @@ $ curl --header "X-Vault-Token: ..." --request POST \ "client_token": "f7d88963-1aba-64d7-11a0-9282ae7681d0", "accessor": "c0a40d94-b814-e46f-7e56-ee18fccdf1b6", "policies": [ - "root" + "admin" ], "metadata": null, "lease_duration": 30, @@ -513,7 +528,7 @@ $ vault write auth/token/roles/ allowed_policies="" per **Example:** ```shell -$ vault write auth/token/roles/zabbix allowed_policies="zabbix-pol, default" period="24h" +$ vault write auth/token/roles/zabbix allowed_policies="default" period="24h" ``` Now, generate a token: @@ -527,7 +542,7 @@ token de91ebba-20ad-18ba-fa43-08e1932de301 token_accessor 1f8abad0-c1db-9399-15ee--datad4b6230386c token_duration 24h0m0s token_renewable true -token_policies [default zabbix-pol] +token_policies [default] ``` @@ -548,15 +563,14 @@ $ curl --header "X-Vault-Token: ..." --request POST \ $ cat payload.json { "allowed_policies": [ - "default", - "zabbix-pol" + "default" ], "period": "24h" } ``` -This creates a token role named `zabbix` with `default` and `zabbix-pol` -policies attached. Also, its renewal period is set to 24 hours. +This creates a token role named `zabbix` with `default` policies attached. Also, +its renewal period is set to 24 hours. Now, generate a token: @@ -569,8 +583,7 @@ $ curl --header "X-Vault-Token: ..." --request POST \ "client_token": "a59c0d41-8df7-ba8e-477e-9bfb394f28a0", "accessor": "c2023006-ce8d-532b-136f-330223ccf464", "policies": [ - "default", - "zabbix-pol" + "default" ], "metadata": null, "lease_duration": 86400, @@ -584,11 +597,16 @@ before its lease duration expires. The token renew command was covered in [Step 2](#step2). -#### Periodic Tokens with AppRole +#### Additional Note: Periodic Tokens with AppRole It probably makes better sense to create **AppRole** periodic tokens since we are talking about long-running apps need to be able to renew its token -indefinitely. To create AppRole periodic tokens, create your AppRole role with +indefinitely. + +-> For more details about AppRole, read the [AppRole Pull +-Authentication](/guides/authentication.html) guide. + +To create AppRole periodic tokens, create your AppRole role with `period` specified. **Example:** @@ -613,8 +631,6 @@ $ cat payload.json } ``` --> For more details about AppRole, refer to [AppRole Pull Authentication](/guides/authentication.html). - ### Step 5: Orphan tokens @@ -752,7 +768,7 @@ $ vault read auth/token/roles/zabbix Key Value --- ----- -allowed_policies [default zabbix-pol] +allowed_policies [default] disallowed_policies [] explicit_max_ttl 0 name zabbix diff --git a/website/source/guides/policies.html.md b/website/source/guides/policies.html.md index b6f8109edd2c..f7650806a794 100644 --- a/website/source/guides/policies.html.md +++ b/website/source/guides/policies.html.md @@ -92,16 +92,46 @@ Since this guide demonstrates the creation of an **`admin`** policy, log in with permissions: ```shell -# To perform Step 2 & 3 +# Manage auth backends broadly across Vault +path "auth/*" +{ + capabilities = ["create", "read", "update", "delete", "list", "sudo"] +} + +# List, create, update, and delete auth backends +path "sys/auth/*" +{ + capabilities = ["create", "read", "update", "delete", "sudo"] +} + +# To list policies - Step 3 +path "sys/policy" +{ + capabilities = ["read"] +} + +# Create and manage ACL policies broadly across Vault path "sys/policy/*" { - capabilities = ["create", "read", "update", "delete", "list"] + capabilities = ["create", "read", "update", "delete", "list", "sudo"] } -# To perform Step 4 -path "auth/token/create" +# List, create, update, and delete key/value secrets +path "secret/*" { - capabilities = ["create", "update"] + capabilities = ["create", "read", "update", "delete", "list", "sudo"] +} + +# Manage and manage secret backends broadly across Vault. +path "sys/mounts/*" +{ + capabilities = ["create", "read", "update", "delete", "list", "sudo"] +} + +# Read health checks +path "sys/health" +{ + capabilities = ["read", "sudo"] } # To perform Step 4 @@ -207,6 +237,12 @@ path "sys/auth/*" capabilities = ["create", "read", "update", "delete", "sudo"] } +# List existing policies +path "sys/policy" +{ + capabilities = ["read"] +} + # Create and manage ACL policies broadly across Vault path "sys/policy/*" { @@ -240,13 +276,13 @@ path "sys/health" # Manage auth backends broadly across Vault path "auth/*" { - capabilities = ["create", "read", "update", "delete", "list"] + capabilities = ["create", "read", "update", "delete", "list", "sudo"] } # List, create, update, and delete auth backends path "sys/auth/*" { - capabilities = ["create", "read", "update", "delete"] + capabilities = ["create", "read", "update", "delete", "sudo"] } # Create and manage ACL policies diff --git a/website/source/guides/static-secrets.html.md b/website/source/guides/static-secrets.html.md index d0fb8ec55e40..933f24449ef4 100644 --- a/website/source/guides/static-secrets.html.md +++ b/website/source/guides/static-secrets.html.md @@ -89,7 +89,7 @@ path "sys/policy/*" { # Create tokens for verification & test path "auth/token/create" { - capabilities = [ "create" ] + capabilities = [ "create", "update", "sudo" ] } ``` From 50e997e8d33c5587ab889ee6fd9da98150bb5ca0 Mon Sep 17 00:00:00 2001 From: Yoko Hyakuna Date: Wed, 24 Jan 2018 21:21:23 -0800 Subject: [PATCH 014/178] Fixed the sample admin policies --- website/source/guides/cubbyhole.html.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/website/source/guides/cubbyhole.html.md b/website/source/guides/cubbyhole.html.md index 7d016038fc9e..014e9e8798f2 100644 --- a/website/source/guides/cubbyhole.html.md +++ b/website/source/guides/cubbyhole.html.md @@ -73,8 +73,8 @@ following permissions: ```shell # Manage tokens -path "sys/auth/token/*" { - capabilities = [ "create", "read", "update", "delete" ] +path "auth/token/*" { + capabilities = [ "create", "read", "update", "delete", "sudo" ] } # Write ACL policies @@ -286,6 +286,7 @@ token. $ vault auth 7bb915b2-8a44-48b0-a71d-72b590252016 $ vault read secret/dev +No value found at secret/dev ``` #### API call using cURL From 80ef06137bdeb1c42b14fa24f6720e7591160a80 Mon Sep 17 00:00:00 2001 From: Yoko Hyakuna Date: Wed, 24 Jan 2018 22:15:40 -0800 Subject: [PATCH 015/178] Fixed the sample admin policies --- website/source/guides/lease.html.md | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/website/source/guides/lease.html.md b/website/source/guides/lease.html.md index f83fbc0694cf..86f182adffd9 100644 --- a/website/source/guides/lease.html.md +++ b/website/source/guides/lease.html.md @@ -231,10 +231,22 @@ $ curl --header "X-Vault-Token: ..." --request GET \ ### Step 2: Create short-live tokens -Create a new token with TTL of 30 seconds. +Create a new token with TTL of 30 seconds which means that the token gets +automatically revoked after 30 seconds. #### CLI command +To view optional parameters to create tokens: + +```shell +$ vault token-create -help +``` + +There are a number of parameters you can set. To specify the token TTL, pass +the value using `-ttl` parameter. + +**Example:** + ```shell # Create a token with TTL of 30 seconds $ vault token-create -ttl=30s @@ -294,6 +306,14 @@ duration (e.g. "1h"). #### API call using cURL +Use `auth/token/create` endpoint to create a new token. There are a number of +optional [parameters](/api/auth/token/index.html#create-token) that you can pass +in the request payload. + +**Example:** + +The following example sets the `ttl` parameter. + ```shell # Create a new token with TTl of 30 seconds $ curl --header "X-Vault-Token: ..." --request POST \ From 4cec1436ad5f75d548cdfda225cce67065603a1d Mon Sep 17 00:00:00 2001 From: Yoko Hyakuna Date: Thu, 25 Jan 2018 15:07:35 -0800 Subject: [PATCH 016/178] Fixed typos in the command --- website/source/guides/lease.html.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/website/source/guides/lease.html.md b/website/source/guides/lease.html.md index 86f182adffd9..2e6cdc25a3c9 100644 --- a/website/source/guides/lease.html.md +++ b/website/source/guides/lease.html.md @@ -677,7 +677,7 @@ $ curl --header "X-Vault-Token:..." --request POST \ ``` -### Step 6: Revoke tokens +### Step 6: Revoke tokens and leases Revoking a token and all its children. @@ -689,10 +689,10 @@ To revoke a specific token: $ vault token-revoke ``` -To revoke all tokens under a specific path: +To revoke all leases under a specific path: ```shell -$ vault token-revoke -prefix +$ vault revoke -prefix ``` **Example:** @@ -701,11 +701,11 @@ $ vault token-revoke -prefix # Revoke a specific token $ vault token-revoke eeaf890e-4b0f-a687-4190-c75b1d6d70bc -# Revoke all secrets for database auth backend -$ vault token-revoke -prefix database/creds +# Revoke all leases for database auth backend +$ vault revoke -prefix database/creds # Revoke all tokens -$ vault token-revoke -prefix auth/token/create +$ vault revoke -prefix auth/token/create ``` From f251883109318c9d29d53f63d5afbbbba065988d Mon Sep 17 00:00:00 2001 From: Yoko Hyakuna Date: Fri, 26 Jan 2018 15:13:15 -0800 Subject: [PATCH 017/178] Re-categorized the guides on the navigation --- .../authentication.html.md | 2 +- .../{ => configuration}/generate-root.html.md | 2 +- .../source/guides/configuration/index.html.md | 37 ++++++ .../guides/{ => configuration}/lease.html.md | 2 +- .../plugin-backends.html.md | 12 +- .../{ => configuration}/policies.html.md | 8 +- .../rekeying-and-rotating.html.md | 2 +- .../guides/getting-started/index.html.md | 14 +++ .../source/guides/operations/index.html.md | 23 ++++ .../{ => operations}/production.html.md | 2 +- .../{ => operations}/replication.html.md | 5 +- .../{ => secret-mgmt}/cubbyhole.html.md | 114 +++++++++++++++--- .../{ => secret-mgmt}/dynamic-secrets.html.md | 2 +- .../source/guides/secret-mgmt/index.html.md | 31 +++++ .../{ => secret-mgmt}/static-secrets.html.md | 2 +- website/source/layouts/guides.erb | 85 +++++++------ 16 files changed, 273 insertions(+), 70 deletions(-) rename website/source/guides/{ => configuration}/authentication.html.md (99%) rename website/source/guides/{ => configuration}/generate-root.html.md (98%) create mode 100644 website/source/guides/configuration/index.html.md rename website/source/guides/{ => configuration}/lease.html.md (99%) rename website/source/guides/{ => configuration}/plugin-backends.html.md (96%) rename website/source/guides/{ => configuration}/policies.html.md (99%) rename website/source/guides/{ => configuration}/rekeying-and-rotating.html.md (98%) create mode 100644 website/source/guides/getting-started/index.html.md create mode 100644 website/source/guides/operations/index.html.md rename website/source/guides/{ => operations}/production.html.md (99%) rename website/source/guides/{ => operations}/replication.html.md (99%) rename website/source/guides/{ => secret-mgmt}/cubbyhole.html.md (80%) rename website/source/guides/{ => secret-mgmt}/dynamic-secrets.html.md (99%) create mode 100644 website/source/guides/secret-mgmt/index.html.md rename website/source/guides/{ => secret-mgmt}/static-secrets.html.md (99%) diff --git a/website/source/guides/authentication.html.md b/website/source/guides/configuration/authentication.html.md similarity index 99% rename from website/source/guides/authentication.html.md rename to website/source/guides/configuration/authentication.html.md index 938bea13839a..8ad8c6348b6c 100644 --- a/website/source/guides/authentication.html.md +++ b/website/source/guides/configuration/authentication.html.md @@ -1,7 +1,7 @@ --- layout: "guides" page_title: "AppRole Pull Authentication - Guides" -sidebar_current: "guides-authentication" +sidebar_current: "guides-configuration-authentication" description: |- Authentication is a process in Vault by which user or machine-supplied information is verified to create a token with pre-configured policy. diff --git a/website/source/guides/generate-root.html.md b/website/source/guides/configuration/generate-root.html.md similarity index 98% rename from website/source/guides/generate-root.html.md rename to website/source/guides/configuration/generate-root.html.md index b83a2fcb9a41..a8d90a3a23d2 100644 --- a/website/source/guides/generate-root.html.md +++ b/website/source/guides/configuration/generate-root.html.md @@ -1,7 +1,7 @@ --- layout: "guides" page_title: "Generate Root Tokens using Unseal Keys - Guides" -sidebar_current: "guides-generate-root" +sidebar_current: "guides-configuration-generate-root" description: |- Generate a new root token using a threshold of unseal keys. --- diff --git a/website/source/guides/configuration/index.html.md b/website/source/guides/configuration/index.html.md new file mode 100644 index 000000000000..b4d467b1d7be --- /dev/null +++ b/website/source/guides/configuration/index.html.md @@ -0,0 +1,37 @@ +--- +layout: "guides" +page_title: "Vault Configuration - Guides" +sidebar_current: "guides-configuration" +description: |- + Once a Vault instance has been installed, the next step is to configure auth + backend, secret backend, and manage keys. Vault configuration guides addresses + key concepts in configuring your Vault servers. +--- + +# Vault Configuration + +This guide walks you through Vault configuration topics. Some guides address +fundamental tasks to get the server setup, and some guides introduce more +advanced discussions. + +- [Policies](/guides/configuration/policies.html) are used to instrument +Role-Based Access Control (RBAC) by specifying access privileges. Authoring of +policies is probably the first step the Vault administrator performs. This guide +walks you through creating example policies for `admin` and `provisioner` users. +- [AppRole Pull Authentication](/guides/configuration/authentication.html) guide +is an introductory guide introduces the steps to generate tokens for machines +or apps by enabling AppRole auth backend. +- [Token and Leases](/guides/configuration/lease.html) guide helps you +understand how tokens and leases work in Vault. The understanding of the +lease hierarchy and expiration mechanism helps you plan for break glass +procedures and more. +- [Root Token Generation](/guides/configuration/generate-root.html) guide +demonstrates the workflow of regenerating root tokens. It is considered to be a +best practice not to persist the initial **root** token. If a root token needs +to be regenerated, this guide helps you walk through the task. +- [Rekeying & Rotating](/guides/configuration/rekeying-and-rotating.html) guide +provides a high-level overview of Shamir's Secret Sharing Algorithm, and how to +perform _rekey_ and _rotate_ operations in Vault. +- [Building Plugin Backends](/guides/configuration/plugin-backends.html) guide +provides steps to build, register, and mount non-database external plugin +backends. diff --git a/website/source/guides/lease.html.md b/website/source/guides/configuration/lease.html.md similarity index 99% rename from website/source/guides/lease.html.md rename to website/source/guides/configuration/lease.html.md index 2e6cdc25a3c9..18026060d366 100644 --- a/website/source/guides/lease.html.md +++ b/website/source/guides/configuration/lease.html.md @@ -1,7 +1,7 @@ --- layout: "guides" page_title: "Tokens and Leases - Guides" -sidebar_current: "guides-lease" +sidebar_current: "guides-configuration-lease" description: |- Tokens are the core method for authentication within Vault. For every authentication token and dynamic secret, Vault creates a lease diff --git a/website/source/guides/plugin-backends.html.md b/website/source/guides/configuration/plugin-backends.html.md similarity index 96% rename from website/source/guides/plugin-backends.html.md rename to website/source/guides/configuration/plugin-backends.html.md index d021405cb573..c9b866577ba6 100644 --- a/website/source/guides/plugin-backends.html.md +++ b/website/source/guides/configuration/plugin-backends.html.md @@ -1,21 +1,21 @@ --- layout: "guides" page_title: "Plugin Backends - Guides" -sidebar_current: "guides-plugin-backends" +sidebar_current: "guides-configuration-plugin-backends" description: |- Learn how to build, register, and mount a custom plugin backend. --- # Introduction -Plugin backends utilize the [plugin system][plugin-system] to enable -third-party secret and auth backends to be mounted. +Plugin backends utilize the [plugin system][plugin-system] to enable +third-party secret and auth backends to be mounted. It is worth noting that even though [database backends][database-backend] operate under the same underlying plugin mechanism, they are slightly different -in design than plugin backends demonstrated in this guide. The database backend +in design than plugin backends demonstrated in this guide. The database backend manages multiple plugins under the same backend mount point, whereas plugin -backends are generic backends that function as either secret or auth backends. +backends are generic backends that function as either secret or auth backends. This guide provides steps to build, register, and mount non-database external plugin backends. @@ -35,7 +35,7 @@ plugin_directory="/etc/vault/vault_plugins" ## Build the Plugin Backend Build the custom backend binary, and move it to the `plugin_directory` path. -In this guide, we will use `mock-plugin` that comes from Vault's +In this guide, we will use `mock-plugin` that comes from Vault's `logical/plugin/mock` package. ``` diff --git a/website/source/guides/policies.html.md b/website/source/guides/configuration/policies.html.md similarity index 99% rename from website/source/guides/policies.html.md rename to website/source/guides/configuration/policies.html.md index f7650806a794..b0f6e801aae4 100644 --- a/website/source/guides/policies.html.md +++ b/website/source/guides/configuration/policies.html.md @@ -1,7 +1,7 @@ --- layout: "guides" page_title: "Policies - Guides" -sidebar_current: "guides-governance" +sidebar_current: "guides-configuration-policies" description: |- Policies in Vault control what a user can access. --- @@ -285,6 +285,12 @@ path "sys/auth/*" capabilities = ["create", "read", "update", "delete", "sudo"] } +# List existing policies +path "sys/policy" +{ + capabilities = ["read"] +} + # Create and manage ACL policies path "sys/policy/*" { diff --git a/website/source/guides/rekeying-and-rotating.html.md b/website/source/guides/configuration/rekeying-and-rotating.html.md similarity index 98% rename from website/source/guides/rekeying-and-rotating.html.md rename to website/source/guides/configuration/rekeying-and-rotating.html.md index 42bd7da5520a..42ef240cc97d 100644 --- a/website/source/guides/rekeying-and-rotating.html.md +++ b/website/source/guides/configuration/rekeying-and-rotating.html.md @@ -1,7 +1,7 @@ --- layout: "guides" page_title: "Rekeying & Rotating Vault - Guides" -sidebar_current: "guides-rekeying-and-rotating" +sidebar_current: "guides-configuration-rekeying-and-rotating" description: |- Vault supports generating new unseal keys as well as rotating the underlying encryption keys. This guide covers rekeying and rotating Vault's encryption diff --git a/website/source/guides/getting-started/index.html.md b/website/source/guides/getting-started/index.html.md new file mode 100644 index 000000000000..e3f2634a73b1 --- /dev/null +++ b/website/source/guides/getting-started/index.html.md @@ -0,0 +1,14 @@ +--- +layout: "guides" +page_title: "Guides" +sidebar_current: "getting-started" +description: |- + This section takes you to the Getting Started section. +--- + +# Vault Getting Started + +Welcome to the Vault guides section! If you are just getting started with Vault, +please start with the [Vault introduction](/intro/getting-started/install.html) +instead and then continue on to the guides. The guides provide examples of +common Vault workflows and actions for both beginner and advanced Vault users. diff --git a/website/source/guides/operations/index.html.md b/website/source/guides/operations/index.html.md new file mode 100644 index 000000000000..2f8958198c94 --- /dev/null +++ b/website/source/guides/operations/index.html.md @@ -0,0 +1,23 @@ +--- +layout: "guides" +page_title: "Vault Architecture - Guides" +sidebar_current: "guides-operations" +description: |- + Vault architecture guide covers Vault infrastructure discussions including + installation. +--- + +# Vault Architecture + +Vault Architectures guides address Vault infrastructure discussions. These +guides are designed to help the operations team to plan and install a Vault +cluster that meets your organization's needs. + +- [Production Hardening](/guides/architecture/production.html) guide provides +guidance on best practices for a production hardened deployment of Vault. +The recommendations are based on the [security model](/docs/internals/security.html) +and focus on defense in depth. +- [Replication Setup & Guidance](/guides/architecture/replication.html) +walks you through the commands to activate the Vault servers in replication mode. +Please note that [Vault Replication](/docs/vault-enterprise/replication/index.html) +is a Vault Enterprise feature. diff --git a/website/source/guides/production.html.md b/website/source/guides/operations/production.html.md similarity index 99% rename from website/source/guides/production.html.md rename to website/source/guides/operations/production.html.md index 559dff13b5fb..c73d8d71a2b2 100644 --- a/website/source/guides/production.html.md +++ b/website/source/guides/operations/production.html.md @@ -1,7 +1,7 @@ --- layout: "guides" page_title: "Production Hardening - Guides" -sidebar_current: "guides-production-hardening" +sidebar_current: "guides-operations-production-hardening" description: |- This guide provides guidance on best practices for a production hardened deployment of HashiCorp Vault. --- diff --git a/website/source/guides/replication.html.md b/website/source/guides/operations/replication.html.md similarity index 99% rename from website/source/guides/replication.html.md rename to website/source/guides/operations/replication.html.md index 6fb8473ce833..5867399956b4 100644 --- a/website/source/guides/replication.html.md +++ b/website/source/guides/operations/replication.html.md @@ -1,7 +1,7 @@ --- layout: "guides" page_title: "Setting up Vault Enterprise Performance Replication - Guides" -sidebar_current: "guides-replication" +sidebar_current: "guides-operations-replication" description: |- Learn how to set up and manage Vault Enterprise Performance Replication. --- @@ -177,6 +177,3 @@ mechanisms if DR is necessary in your implementation. If you need true DR, look at the [general information page](/docs/vault-enterprise/replication/index.html) for information on Vault's disaster recovery replication. - - - diff --git a/website/source/guides/cubbyhole.html.md b/website/source/guides/secret-mgmt/cubbyhole.html.md similarity index 80% rename from website/source/guides/cubbyhole.html.md rename to website/source/guides/secret-mgmt/cubbyhole.html.md index 014e9e8798f2..acc0df0ec3c1 100644 --- a/website/source/guides/cubbyhole.html.md +++ b/website/source/guides/secret-mgmt/cubbyhole.html.md @@ -1,7 +1,7 @@ --- layout: "guides" page_title: "Cubbyhole Response Wrapping - Guides" -sidebar_current: "guides-cubbyhole" +sidebar_current: "guides-secret-mgmt-cubbyhole" description: |- Vault provides a capability to wrap Vault response and store it in a "cubbyhole" where the holder of the one-time use wrapping token can unwrap to @@ -35,7 +35,7 @@ long as its policy allows it. The end-to-end scenario described in this guide involves two personas: - **`admin`** with privileged permissions to create tokens -- **`apps`** is the receiving client of a wrapped response +- **`apps`** trusted entity retrieving secrets from Vault ## Challenge @@ -43,7 +43,12 @@ In order to tightly manage the secrets, you set the scope of who can do what using the [Vault policy](/docs/concepts/policies.html) and attach that to tokens, roles, entities, etc. -How to securely distribute a secret (e.g. token, credentials) to a machine or app? +Think of a case where you have a trusted entity (Chef, Jenkins, etc.) which +reads secrets from Vault. This trusted entity must obtain a token. If the +trusted entity or its host machine was rebooted, it must re-authenticate with +Vault using a valid token. + +How can you securely distribute the initial token to the trusted entity? ## Solution @@ -81,6 +86,11 @@ path "auth/token/*" { path "sys/policy/*" { capabilities = [ "create", "read", "update", "delete", "list" ] } + +# Manage secret/dev secret backend - for Verification test +path "secret/dev" { + capabilities = [ "create", "read", "update", "delete", "list" ] +} ``` ## Steps @@ -106,12 +116,19 @@ Secret](/guide/static-secrets.html) guide. ### Step 1: Create and wrap a token (**Persona:** admin) +To solve the [challenge](#challenge) addressed in this guide: + +1. More privileged token (`admin`) wraps a secret only the expecting client can +read +2. The receiving client (`app`) unwraps the secret to obtain the token + When the response to `vault token-create` request is wrapped, Vault inserts the generated token into the cubbyhole of a single-use token, returning that single-use wrapping token. Retrieving the secret requires an unwrap operation against this wrapping token. -In this scenario, an [admin user](#personas) creates a token using response wrapping. To perform the steps in this guide, first create a policy for the app. +In this scenario, an [admin user](#personas) creates a token using response +wrapping. To perform the steps in this guide, first create a policy for the app. `apps-policy.hcl`: @@ -142,16 +159,16 @@ duration of seconds (15s), minutes (20m), or hours (25h). **Example:** -Generate a token for `apps` persona using response wrapping with TTL of 60 +Generate a token for `apps` persona using response wrapping with TTL of 120 seconds. ```shell -$ vault token-create -policy=apps -wrap-ttl=60s +$ vault token-create -policy=apps -wrap-ttl=120 Key Value --- ----- wrapping_token: 9ac59985-094f-a2de-aed8-bf688e436fbc -wrapping_token_ttl: 1m0s +wrapping_token_ttl: 2m0s wrapping_token_creation_time: 2018-01-10 00:47:54.970185208 +0000 UTC wrapping_token_creation_path: auth/token/create wrapped_accessor: 195763a9-3f26-1fcf-6a1a-ee0a11e76cb1 @@ -210,7 +227,7 @@ seconds (15s), minutes (20m), or hours (25h). To wrap the response of token-create request: ```shell -$ curl --header "X-Vault-Wrap-TTL: 60s" \ +$ curl --header "X-Vault-Wrap-TTL: 120" \ --header "X-Vault-Token: ..." \ --request POST \ --data '{"policies":["apps"]}' \ @@ -223,7 +240,7 @@ $ curl --header "X-Vault-Wrap-TTL: 60s" \ "data": null, "wrap_info": { "token": "e095129f-123a-4fef-c007-1f6a487cfa78", - "ttl": 60, + "ttl": 120, "creation_time": "2018-01-10T01:43:38.025351336Z", "creation_path": "auth/token/create", "wrapped_accessor": "44e8253c-65b4-1690-1bf1-7902a7a6b2aa" @@ -249,9 +266,47 @@ token and none arrives, this may be due to an attacker intercepting the token and then preventing it from traveling further. This should cause an alert to trigger an immediate investigation. +The following tasks will be performed to demonstrate the client operations: + +1. Create a token with **`default`** policy +2. Authenticate with Vault using this `default` token (less privileged token) +3. Unwrap the secret to obtain more privileged token (**`apps`** persona token) +4. Verify that you can read `secret/dev` using the `apps`token + + #### CLI command -To unwrap the secret: +First, create a token with `default` policy: + +```shell +# Create a token with `default` policy +$ vault token-create -policy=default +Key Value +--- ----- +token 4522b2e8-27fe-bdc5-b932-d982f3166c6c +token_accessor 96108f48-7475-6190-b058-769a2e5ebc8e +token_duration 768h0m0s +token_renewable true +token_policies [default] + +# Authenticate using the generated token +$ vault auth 4522b2e8-27fe-bdc5-b932-d982f3166c6c +Successfully authenticated! You are now logged in. +token: 4522b2e8-27fe-bdc5-b932-d982f3166c6c +token_duration: 2764729 +token_policies: [default] + +# Verify that you do NOT have a permission to read secret/dev +$ vault read secret/dev +Error reading secret/dev: Error making API request. + +URL: GET http:///v1/secret/dev +Code: 403. Errors: + +* permission denied +``` + +The command to unwrap the wrapped secret is: ```shell $ vault unwrap @@ -262,9 +317,6 @@ Or $ VAULT_TOKEN= vault unwrap ``` -In this scenario, the wrapped secret is a Vault token. Therefore, it probably -makes better sense to use the second option. - **Example:** ```shell @@ -279,6 +331,8 @@ token_renewable true token_policies [apps default] ``` +Verify that this token has `apps` policy attached. + Once the client acquired the token, future requests can be made using this token. @@ -291,7 +345,37 @@ No value found at secret/dev #### API call using cURL -To unwrap the secret, use `/sys/wrapping/unwrap` endpoint: +First, create a token with `default` policy: + +```shell +# Create a new token default policy +$ curl --header "X-Vault-Token: ..." --request POST \ + --data '{"policies": "default"}' \ + https://vault.rocks/v1/auth/token/create | jq +{ + ... + "auth": { + "client_token": "5fe14760-b0fd-22dc-403c-14a05003b67f", + "accessor": "e709610e-916e-f7e3-b93b-41f4dfdca7a0", + "policies": [ + "default" + ], + ... + } +} + +# Verify that you can NOT read secret/dev using default token +$ curl --header "X-Vault-Token: 5fe14760-b0fd-22dc-403c-14a05003b67f" \ + --request GET \ + https://vault.rocks/v1/secret/dev | jq +{ + "errors": [ + "permission denied" + ] +} +``` + +Now, unwrap the secret using `/sys/wrapping/unwrap` endpoint: ```shell $ curl --header "X-Vault-Token: " \ @@ -339,6 +423,8 @@ $ curl --header "X-Vault-Token: af5f7682-aa55-fa37-5039-ee116df56600" \ } ``` +Since there is no data in `secret/dev`, it returns an empty array. + ## Additional Discussion The `cubbyhole` secret backend provides your own private secret storage space diff --git a/website/source/guides/dynamic-secrets.html.md b/website/source/guides/secret-mgmt/dynamic-secrets.html.md similarity index 99% rename from website/source/guides/dynamic-secrets.html.md rename to website/source/guides/secret-mgmt/dynamic-secrets.html.md index 59a70297c4d2..a11061a5505e 100644 --- a/website/source/guides/dynamic-secrets.html.md +++ b/website/source/guides/secret-mgmt/dynamic-secrets.html.md @@ -1,7 +1,7 @@ --- layout: "guides" page_title: "Secret as a Service - Guides" -sidebar_current: "guides--dataynamic-secrets" +sidebar_current: "guides-secret-mgmt-dataynamic-secrets" description: |- Vault can dynamically generate secrets on--dataemand for some systems. --- diff --git a/website/source/guides/secret-mgmt/index.html.md b/website/source/guides/secret-mgmt/index.html.md new file mode 100644 index 000000000000..1bfe282afc28 --- /dev/null +++ b/website/source/guides/secret-mgmt/index.html.md @@ -0,0 +1,31 @@ +--- +layout: "guides" +page_title: "Secret Management - Guides" +sidebar_current: "guides-secret-mgmt" +description: |- + A very common use case of Vault is to manage your organization's secrets from + storing credentials and API keys to encrypting passwords for user signups. + Vault is meant to be a solution for all secret management needs. +--- + +# Secret Management + +Vault is a tool for securely accessing secrets. A secret is anything that you +want to tightly control access to, such as API keys, passwords, certificates, +and more. Vault provides a unified interface to any secret while providing +tight access control and recording a detailed audit log. + +Secret Management guides demonstrate features in Vault to securely store your +secrets. + +- [Static Secrets](/guides/secret-mgmt/static-secrets.html) guide walks you +through the steps to write secrets in Vault, and control who can access them. + +- [Secret as a Service: Dynamic Secrets](/guides/secret-mgmt/dynamic-secrets.html) + guide demonstrates the Vault feature to generate database credentials + on-demand so that each application or system can obtain its own credentials, + and its permissions can be tightly controlled. + +- [Cubbyhole Response Wrapping](/guides/secret-mgmt/cubbyhole.html) guide +demonstrates a secure method to distribute secrets by wrapping them where only +the expecting client can unwrap. diff --git a/website/source/guides/static-secrets.html.md b/website/source/guides/secret-mgmt/static-secrets.html.md similarity index 99% rename from website/source/guides/static-secrets.html.md rename to website/source/guides/secret-mgmt/static-secrets.html.md index 933f24449ef4..aef7678d9b2c 100644 --- a/website/source/guides/static-secrets.html.md +++ b/website/source/guides/secret-mgmt/static-secrets.html.md @@ -1,7 +1,7 @@ --- layout: "guides" page_title: "Static Secrets - Guides" -sidebar_current: "guides-static-secrets" +sidebar_current: "guides-secret-mgmt-static-secrets" description: |- Vault supports generating new unseal keys as well as rotating the underlying encryption keys. This guide covers rekeying and rotating Vault's encryption diff --git a/website/source/layouts/guides.erb b/website/source/layouts/guides.erb index e22b7f9e0ea3..f9b00607e47c 100644 --- a/website/source/layouts/guides.erb +++ b/website/source/layouts/guides.erb @@ -3,50 +3,59 @@

          - > - Policies + > + Getting Started - > - AppRole Pull Authentication - - - > - Static Secrets - - - > - Secret as a Service - - - > - Tokens and Leases - - - > - Cubbyhole Response Wrapping - - - - - > - Production Hardening - - - > - Root Token Generation - - - > - Rekeying & Rotating + > + Vault Operations + - > - Replication Setup & Guidance + > + Vault Configuration + - > - Building Plugin Backends + > + Secret Management +
          From 40da3e785caadb32f7abd7c28225ea17fefb15ce Mon Sep 17 00:00:00 2001 From: Yoko Hyakuna Date: Mon, 29 Jan 2018 16:41:44 -0800 Subject: [PATCH 018/178] resolved the file name conflict --- ...flow.png => vault-policy-authoring-workflow.png} | Bin .../source/guides/configuration/policies.html.md | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename website/source/assets/images/{vault-policy-workflow.png => vault-policy-authoring-workflow.png} (100%) diff --git a/website/source/assets/images/vault-policy-workflow.png b/website/source/assets/images/vault-policy-authoring-workflow.png similarity index 100% rename from website/source/assets/images/vault-policy-workflow.png rename to website/source/assets/images/vault-policy-authoring-workflow.png diff --git a/website/source/guides/configuration/policies.html.md b/website/source/guides/configuration/policies.html.md index b0f6e801aae4..24e7ff5afbec 100644 --- a/website/source/guides/configuration/policies.html.md +++ b/website/source/guides/configuration/policies.html.md @@ -152,7 +152,7 @@ path "sys/capabilities-self" The basic workflow of creating policies is: -![Policy Creation Workflow](/assets/images/vault-policy-workflow.png) +![Policy Creation Workflow](/assets/images/vault-policy-authoring-workflow.png) This guide demonstrates basic policy authoring and management tasks. From 8ca8b46c51847bd721a8b534925cc8f8f3ea68e4 Mon Sep 17 00:00:00 2001 From: Jack Pearkes Date: Tue, 30 Jan 2018 10:30:47 -0800 Subject: [PATCH 019/178] website: add note about the 0.9.2+ CLI changes to reduce confusion (#3868) * website: add note about the 0.9.2+ CLI changes to reduce confusion * website: fix frontmatter for 0.9.3 guide, add to guides index * website: add overview title to 0.9.3 guide for spacing --- website/source/docs/commands/index.html.md | 4 ++++ .../guides/upgrading/upgrade-to-0.9.2.html.md | 15 +++++++++++++++ .../guides/upgrading/upgrade-to-0.9.3.html.md | 17 +++++++++++++++++ website/source/layouts/guides.erb | 3 +++ 4 files changed, 39 insertions(+) create mode 100644 website/source/guides/upgrading/upgrade-to-0.9.3.html.md diff --git a/website/source/docs/commands/index.html.md b/website/source/docs/commands/index.html.md index a356dfe95acc..f9b218bf6553 100644 --- a/website/source/docs/commands/index.html.md +++ b/website/source/docs/commands/index.html.md @@ -11,6 +11,10 @@ description: |- # Vault Commands (CLI) +~> **Note:** The Vault CLI interface was changed substantially in 0.9.2+ and may cause +confusion while using older versions of Vault with this documentation. Read our +[upgrade guide](/guides/upgrading/upgrade-to-0.9.2.html#backwards-compatible-cli-changes) for more information. + In addition to a verbose [HTTP API](/api/index.html), Vault features a command-line interface that wraps common functionality and formats output. The Vault CLI is a single static binary. It is a thin wrapper around the HTTP API. diff --git a/website/source/guides/upgrading/upgrade-to-0.9.2.html.md b/website/source/guides/upgrading/upgrade-to-0.9.2.html.md index 02c0f64100aa..088242532acf 100644 --- a/website/source/guides/upgrading/upgrade-to-0.9.2.html.md +++ b/website/source/guides/upgrading/upgrade-to-0.9.2.html.md @@ -12,6 +12,21 @@ description: |- This page contains the list of deprecations and important or breaking changes for Vault 0.9.2 compared to 0.9.1. Please read it carefully. +### Backwards Compatible CLI Changes + +This upgrade guide is typically reserved for breaking changes, however it +is worth calling out that the CLI interface to Vault has been completely +revamped while maintaining backwards compatbitility. This could lead to +potential confusion while browsing the latest version of the Vault +documentation on vaultproject.io. + +All previous CLI commands should continue to work and are backwards +compatible in almost all cases. + +Documentation for previous versions of Vault can be accessed using +the GitHub interface by browsing tags (eg [0.9.1 website tree](https://github.com/hashicorp/vault/tree/v0.9.1/website)) or by +[building the Vault website locally](https://github.com/hashicorp/vault/tree/v0.9.1/website#running-the-site-locally). + ### `sys/health` DR Secondary Reporting The `replication_dr_secondary` bool returned by `sys/health` could be diff --git a/website/source/guides/upgrading/upgrade-to-0.9.3.html.md b/website/source/guides/upgrading/upgrade-to-0.9.3.html.md new file mode 100644 index 000000000000..0d721a40e080 --- /dev/null +++ b/website/source/guides/upgrading/upgrade-to-0.9.3.html.md @@ -0,0 +1,17 @@ +--- +layout: "guides" +page_title: "Upgrading to Vault 0.9.3 - Guides" +sidebar_current: "guides-upgrading-to-0.9.3" +description: |- + This page contains the list of deprecations and important or breaking changes + for Vault 0.9.3. Please read it carefully. +--- + +# Overview + +Due to a rapid release following 0.9.2, there are no version-specific upgrade +instructions although any upgrade notices for 0.9.2 apply if you are coming +from a previous version. + +Please see the [0.9.2 upgrade guide](/guides/upgrading/upgrade-to-0.9.2.html) for notes on upgrading to 0.9.3. + diff --git a/website/source/layouts/guides.erb b/website/source/layouts/guides.erb index 7ff288d994c1..9dd5f730e3af 100644 --- a/website/source/layouts/guides.erb +++ b/website/source/layouts/guides.erb @@ -62,6 +62,9 @@ > Upgrade to 0.9.2 + > + Upgrade to 0.9.3 +

      From 53770fcf59e4866897bd2a23d01ccd5de174b029 Mon Sep 17 00:00:00 2001 From: Yoko Hyakuna Date: Tue, 30 Jan 2018 10:46:27 -0800 Subject: [PATCH 020/178] Replaced the deprecated commands with new ones --- .../configuration/authentication.html.md | 4 +-- .../source/guides/configuration/lease.html.md | 34 +++++++++---------- .../guides/configuration/policies.html.md | 26 +++++++------- .../guides/secret-mgmt/cubbyhole.html.md | 14 ++++---- .../secret-mgmt/dynamic-secrets.html.md | 10 +++--- .../guides/secret-mgmt/static-secrets.html.md | 4 +-- 6 files changed, 45 insertions(+), 47 deletions(-) diff --git a/website/source/guides/configuration/authentication.html.md b/website/source/guides/configuration/authentication.html.md index 8ad8c6348b6c..cbb7d4f3fe0e 100644 --- a/website/source/guides/configuration/authentication.html.md +++ b/website/source/guides/configuration/authentication.html.md @@ -162,7 +162,7 @@ Like many other auth backends, AppRole must be enabled before it can be used. Enable `approle` auth backend by executing the following command: ```shell -$ vault auth-enable approle +$ vault auth enable approle ``` #### API call using cURL @@ -219,7 +219,7 @@ path "secret/mysql/*" { Before creating a role, create `jenkins` policy: ```shell -$ vault policy-write jenkins jenkins-pol.hcl +$ vault policy write jenkins jenkins-pol.hcl ``` The command to create a new AppRole: diff --git a/website/source/guides/configuration/lease.html.md b/website/source/guides/configuration/lease.html.md index 18026060d366..528b43032786 100644 --- a/website/source/guides/configuration/lease.html.md +++ b/website/source/guides/configuration/lease.html.md @@ -155,7 +155,7 @@ When you create leases with no specific TTL values, the default value applies to the lease. ```shell -$ vault auth -methods +$ vault auth list Path Type Accessor Default TTL Max TTL Replication Behavior Description approle/ approle auth_approle_53f0fb08 system system replicated @@ -239,7 +239,7 @@ automatically revoked after 30 seconds. To view optional parameters to create tokens: ```shell -$ vault token-create -help +$ vault token create -help ``` There are a number of parameters you can set. To specify the token TTL, pass @@ -249,7 +249,7 @@ the value using `-ttl` parameter. ```shell # Create a token with TTL of 30 seconds -$ vault token-create -ttl=30s +$ vault token create -ttl=30s Key Value --- ----- token 7544266f-3ec9-81a6--data504-e258b89de862 @@ -259,7 +259,7 @@ token_renewable true token_policies [admin] # Test the new token -$ VAULT_TOKEN=3b2b1285-844b-4b40-6afa-623f39c1b738 vault token-lookup +$ VAULT_TOKEN=3b2b1285-844b-4b40-6afa-623f39c1b738 vault token lookup Key Value --- ----- accessor 2b2b5b83-7f22-fecd-03f0-4e25bf64da11 @@ -279,7 +279,7 @@ renewable true ttl 8 ``` -**NOTE:** The `vault token-lookup` command returns the token's properties. +**NOTE:** The `vault token lookup` command returns the token's properties. In this example, it shows that this token has 8 more seconds before it expires. When you execute a vault command using the new token immediately following its @@ -291,13 +291,13 @@ token usage. You can **renew** the token's TTL as long as the token has not expired, yet. ```shell -$ vault token-renew +$ vault token renew ``` If you want to renew and extend the token's TTL, pass the desired extension: ```shell -$ vault token-renew +$ vault token renew ``` The extension value can be an integer number of seconds (e.g. 3600) or a string @@ -392,7 +392,7 @@ Create a token with `-use-limit` property argument. **Example:** ```shell -$ vault token-create -policy=default -use-limit=2 +$ vault token create -policy=default -use-limit=2 Key Value --- ----- @@ -408,7 +408,7 @@ This creates a token with _default_ policy with use limit of 2. #### Verification ```shell -$ VAULT_TOKEN=bd39178e-176e-cc91-3930-94f7b0194de5 vault token-lookup +$ VAULT_TOKEN=bd39178e-176e-cc91-3930-94f7b0194de5 vault token lookup Key Value --- ----- @@ -554,7 +554,7 @@ $ vault write auth/token/roles/zabbix allowed_policies="default" period="24h" Now, generate a token: ```shell -$ vault token-create -role=zabbix +$ vault token create -role=zabbix Key Value --- ----- @@ -665,7 +665,7 @@ parent does. #### CLI command ```shell -$ vault token-create -orphan +$ vault token create -orphan ``` #### API call using cURL @@ -686,26 +686,26 @@ Revoking a token and all its children. To revoke a specific token: ```shell -$ vault token-revoke +$ vault token revoke ``` To revoke all leases under a specific path: ```shell -$ vault revoke -prefix +$ vault lease revoke -prefix ``` **Example:** ```shell # Revoke a specific token -$ vault token-revoke eeaf890e-4b0f-a687-4190-c75b1d6d70bc +$ vault token revoke eeaf890e-4b0f-a687-4190-c75b1d6d70bc # Revoke all leases for database auth backend -$ vault revoke -prefix database/creds +$ vault lease revoke -prefix database/creds # Revoke all tokens -$ vault revoke -prefix auth/token/create +$ vault lease revoke -prefix auth/token/create ``` @@ -740,7 +740,7 @@ secret leases expiring earlier than you expected. #### 1. Determine the TTLs specific to the mount ```shell -$ vault mounts +$ vault secrets list Path Type Accessor Plugin Default TTL Max TTL Force No Cache Replication Behavior Seal Wrap Description cubbyhole/ cubbyhole cubbyhole_36021b8e n/a n/a n/a false local false per-token private secret storage diff --git a/website/source/guides/configuration/policies.html.md b/website/source/guides/configuration/policies.html.md index 24e7ff5afbec..c04830773ec2 100644 --- a/website/source/guides/configuration/policies.html.md +++ b/website/source/guides/configuration/policies.html.md @@ -313,17 +313,17 @@ Now, create `admin` and `provisioner` policies in Vault. To create policies: ```shell -$ vault policy-write +$ vault policy write ``` **Example:** ```shell # Create admin policy -$ vault write admin admin-policy.hcl +$ vault policy write admin admin-policy.hcl # Create provisioner policy -$ vault write provisioner provisioner-policy.hcl +$ vault policy write provisioner provisioner-policy.hcl ``` **NOTE:** To update an existing policy, simply re-run the same command by @@ -385,24 +385,22 @@ Make sure that you see the policies you created in [Step 2](#step2). The following command lists existing policies: ```shell -$ vault policies +$ vault policy list ``` To view a specific policy: ```shell -$ vault read sys/policy/ +$ vault policy read ``` **Example:** ```shell # Read admin policy -$ vault read sys/policy/admin -Key Value ---- ----- -name admin -rules # Mount and manage auth backends broadly across Vault +$ vault policy read admin + +# Mount and manage auth backends broadly across Vault path "auth/*" { capabilities = ["create", "read", "update", "delete", "list", "sudo"] @@ -460,7 +458,7 @@ policies attached to the token. The command is: ```shell -$ vault capabilities +$ vault token capabilities ``` **Example:** @@ -468,7 +466,7 @@ $ vault capabilities First, create a token attached to `admin` policy: ```shell -$ vault token-create -policy="admin" +$ vault token create -policy="admin" Key Value --- ----- token 79ecdd41-9bac-1ac7-1ee4-99fbce796221 @@ -481,7 +479,7 @@ token_policies [admin default] Now, fetch the capabilities of this token on `sys/auth/approle` path. ```plaintext -$ vault capabilities 79ecdd41-9bac-1ac7-1ee4-99fbce796221 sys/auth/approle +$ vault token capabilities 79ecdd41-9bac-1ac7-1ee4-99fbce796221 sys/auth/approle Capabilities: [create delete read sudo update] ``` @@ -494,7 +492,7 @@ In the absence of token, it returns capabilities of current token invoking this command. ```shell -$ vault capabilities sys/auth/approle +$ vault token capabilities sys/auth/approle Capabilities: [root] ``` diff --git a/website/source/guides/secret-mgmt/cubbyhole.html.md b/website/source/guides/secret-mgmt/cubbyhole.html.md index acc0df0ec3c1..4e4dc6069c02 100644 --- a/website/source/guides/secret-mgmt/cubbyhole.html.md +++ b/website/source/guides/secret-mgmt/cubbyhole.html.md @@ -122,7 +122,7 @@ To solve the [challenge](#challenge) addressed in this guide: read 2. The receiving client (`app`) unwraps the secret to obtain the token -When the response to `vault token-create` request is wrapped, Vault inserts the +When the response to `vault token create` request is wrapped, Vault inserts the generated token into the cubbyhole of a single-use token, returning that single-use wrapping token. Retrieving the secret requires an unwrap operation against this wrapping token. @@ -144,14 +144,14 @@ path "secret/dev" { First create an `apps` policy: ```shell -$ vault policy-write apps apps-policy.hcl +$ vault policy write apps apps-policy.hcl Policy 'apps' written. ``` To create a token using response wrapping: ```shell -$ vault token-create -policy= -wrap-ttl= +$ vault token create -policy= -wrap-ttl= ``` Where the `` can be either an integer number of seconds or a string @@ -163,7 +163,7 @@ Generate a token for `apps` persona using response wrapping with TTL of 120 seconds. ```shell -$ vault token-create -policy=apps -wrap-ttl=120 +$ vault token create -policy=apps -wrap-ttl=120 Key Value --- ----- @@ -175,7 +175,7 @@ wrapped_accessor: 195763a9-3f26-1fcf-6a1a-ee0a11e76cb1 ``` The response is the wrapping token; therefore, the admin user does not even see -the generated token from the `token-create` command. +the generated token from the `token create` command. #### API call using cURL @@ -224,7 +224,7 @@ seconds (15s), minutes (20m), or hours (25h). **Example:** -To wrap the response of token-create request: +To wrap the response of token create request: ```shell $ curl --header "X-Vault-Wrap-TTL: 120" \ @@ -280,7 +280,7 @@ First, create a token with `default` policy: ```shell # Create a token with `default` policy -$ vault token-create -policy=default +$ vault token create -policy=default Key Value --- ----- token 4522b2e8-27fe-bdc5-b932-d982f3166c6c diff --git a/website/source/guides/secret-mgmt/dynamic-secrets.html.md b/website/source/guides/secret-mgmt/dynamic-secrets.html.md index a11061a5505e..1badfe34aed9 100644 --- a/website/source/guides/secret-mgmt/dynamic-secrets.html.md +++ b/website/source/guides/secret-mgmt/dynamic-secrets.html.md @@ -153,13 +153,13 @@ must be mounted. To mount a database backend: ```shell -$ vault mount +$ vault secrets enable ``` **Example:** ```shell -$ vault mount database +$ vault secrets enable database ``` **NOTE:** In this guide, the database backend is mounted at the `/database path` in @@ -322,11 +322,11 @@ as an `apps` persona. ```shell # Create "apps" policy -$ vault policy-write apps apps-policy.hcl +$ vault policy write apps apps-policy.hcl Policy 'apps' written. # Create a new token with app policy -$ vault token-create -policy="apps" +$ vault token create -policy="apps" Key Value --- ----- token e4bdf7dc-cbbf-1bb1-c06c-6a4f9a826cf2 @@ -484,7 +484,7 @@ lease_renewable true (4) Revoke the generated credentials. ```plaintext -$ vault revoke database/creds/readonly/3e8174da-6ca0-143b-aa8c-4c238aa02809 +$ vault lease revoke database/creds/readonly/3e8174da-6ca0-143b-aa8c-4c238aa02809 ``` **NOTE:** If you run the command with **`-prefix=true`** flag, it revokes all diff --git a/website/source/guides/secret-mgmt/static-secrets.html.md b/website/source/guides/secret-mgmt/static-secrets.html.md index aef7678d9b2c..578f7b7a2bca 100644 --- a/website/source/guides/secret-mgmt/static-secrets.html.md +++ b/website/source/guides/secret-mgmt/static-secrets.html.md @@ -287,11 +287,11 @@ as an `apps` persona, and read the secrets. ```shell # Create "apps" policy -$ vault policy-write apps apps-policy.hcl +$ vault policy write apps apps-policy.hcl Policy 'apps' written. # Create a new token with app policy -$ vault token-create -policy="apps" +$ vault token create -policy="apps" Key Value --- ----- token e4bdf7dc-cbbf-1bb1-c06c-6a4f9a826cf2 From f21b129a24ed7a79c3bbdb0a6e3f965f502d8e4c Mon Sep 17 00:00:00 2001 From: Yoko Hyakuna Date: Wed, 31 Jan 2018 09:27:14 -0800 Subject: [PATCH 021/178] Replaced deprecated command --- website/source/guides/configuration/authentication.html.md | 2 +- website/source/guides/secret-mgmt/cubbyhole.html.md | 4 ++-- website/source/guides/secret-mgmt/dynamic-secrets.html.md | 2 +- website/source/guides/secret-mgmt/static-secrets.html.md | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/website/source/guides/configuration/authentication.html.md b/website/source/guides/configuration/authentication.html.md index cbb7d4f3fe0e..c13e1aabb351 100644 --- a/website/source/guides/configuration/authentication.html.md +++ b/website/source/guides/configuration/authentication.html.md @@ -533,7 +533,7 @@ No value found at secret/mysql/webapp Alternatively, you can first authenticate with Vault using the `client_token`. ```shell -$ vault auth 3e7dd0ac-8b3e-8f88-bb37-a2890455ca6e +$ vault login 3e7dd0ac-8b3e-8f88-bb37-a2890455ca6e Successfully authenticated! You are now logged in. token: 3e7dd0ac-8b3e-8f88-bb37-a2890455ca6e token_duration: 2762013 diff --git a/website/source/guides/secret-mgmt/cubbyhole.html.md b/website/source/guides/secret-mgmt/cubbyhole.html.md index 4e4dc6069c02..cb2b66c644c6 100644 --- a/website/source/guides/secret-mgmt/cubbyhole.html.md +++ b/website/source/guides/secret-mgmt/cubbyhole.html.md @@ -290,7 +290,7 @@ token_renewable true token_policies [default] # Authenticate using the generated token -$ vault auth 4522b2e8-27fe-bdc5-b932-d982f3166c6c +$ vault login 4522b2e8-27fe-bdc5-b932-d982f3166c6c Successfully authenticated! You are now logged in. token: 4522b2e8-27fe-bdc5-b932-d982f3166c6c token_duration: 2764729 @@ -337,7 +337,7 @@ Once the client acquired the token, future requests can be made using this token. ```shell -$ vault auth 7bb915b2-8a44-48b0-a71d-72b590252016 +$ vault login 7bb915b2-8a44-48b0-a71d-72b590252016 $ vault read secret/dev No value found at secret/dev diff --git a/website/source/guides/secret-mgmt/dynamic-secrets.html.md b/website/source/guides/secret-mgmt/dynamic-secrets.html.md index 1badfe34aed9..e4421968d83e 100644 --- a/website/source/guides/secret-mgmt/dynamic-secrets.html.md +++ b/website/source/guides/secret-mgmt/dynamic-secrets.html.md @@ -343,7 +343,7 @@ demonstrates more sophisticated way of generating a token for your apps. ```shell # Authenticate with Vault using the generated token first -$ vault auth e4bdf7dc-cbbf-1bb1-c06c-6a4f9a826cf2 +$ vault login e4bdf7dc-cbbf-1bb1-c06c-6a4f9a826cf2 Successfully authenticated! You are now logged in. token: e4bdf7dc-cbbf-1bb1-c06c-6a4f9a826cf2 token_duration: 2764277 diff --git a/website/source/guides/secret-mgmt/static-secrets.html.md b/website/source/guides/secret-mgmt/static-secrets.html.md index 578f7b7a2bca..1458c5813dbc 100644 --- a/website/source/guides/secret-mgmt/static-secrets.html.md +++ b/website/source/guides/secret-mgmt/static-secrets.html.md @@ -382,7 +382,7 @@ $ vault read secret/ ```shell # Authenticate with Vault using the generated token first -$ vault auth e4bdf7dc-cbbf-1bb1-c06c-6a4f9a826cf2 +$ vault login e4bdf7dc-cbbf-1bb1-c06c-6a4f9a826cf2 Successfully authenticated! You are now logged in. token: e4bdf7dc-cbbf-1bb1-c06c-6a4f9a826cf2 token_duration: 2764277 From 15982cfa072fc6898f56d8320a460b5bafb7606b Mon Sep 17 00:00:00 2001 From: Brian Shumate Date: Wed, 31 Jan 2018 13:41:31 -0500 Subject: [PATCH 022/178] Correct cofiguration option in example (#3879) --- website/source/docs/configuration/seal/awskms.html.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/source/docs/configuration/seal/awskms.html.md b/website/source/docs/configuration/seal/awskms.html.md index f6ffb2dc118d..275163c9e11a 100644 --- a/website/source/docs/configuration/seal/awskms.html.md +++ b/website/source/docs/configuration/seal/awskms.html.md @@ -26,7 +26,7 @@ by providing all the required values: ```hcl seal "awskms" { - aws_region = "us-east-1" + region = "us-east-1" access_key = "AKIAIOSFODNN7EXAMPLE" secret_key = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" kms_key_id = "19ec80b0-dfdd-4d97-8164-c6examplekey" From f94e7e318b79c928cee71ab81d32caf7394d7274 Mon Sep 17 00:00:00 2001 From: Brian Kassouf Date: Wed, 31 Jan 2018 15:42:22 -0800 Subject: [PATCH 023/178] helper/storagepacker: Fix panic when bucket doesn't exist (#3875) --- helper/storagepacker/storagepacker.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/helper/storagepacker/storagepacker.go b/helper/storagepacker/storagepacker.go index 430314607c8e..62e0bced22d1 100644 --- a/helper/storagepacker/storagepacker.go +++ b/helper/storagepacker/storagepacker.go @@ -254,6 +254,9 @@ func (s *StoragePacker) GetItem(itemID string) (*Item, error) { if err != nil { return nil, errwrap.Wrapf("failed to read packed storage item: {{err}}", err) } + if bucket == nil { + return nil, nil + } // Look for a matching storage entry in the bucket items for _, item := range bucket.Items { From 7cc193d6662dbf26f8f9153f7a6a54f11f59d5ca Mon Sep 17 00:00:00 2001 From: Chris Hoffman Date: Thu, 1 Feb 2018 11:30:04 -0500 Subject: [PATCH 024/178] Adding tests to ensure all backends are mountable (#3861) --- command/audit_enable_test.go | 39 ++++++++++ command/auth_enable_test.go | 50 ++++++++++++ command/command_test.go | 14 ++++ command/commands.go | 134 ++++++++++++++++++--------------- command/secrets_enable_test.go | 50 ++++++++++++ 5 files changed, 225 insertions(+), 62 deletions(-) diff --git a/command/audit_enable_test.go b/command/audit_enable_test.go index c2fe43e84fe1..bea8c32233aa 100644 --- a/command/audit_enable_test.go +++ b/command/audit_enable_test.go @@ -1,6 +1,7 @@ package command import ( + "io/ioutil" "strings" "testing" @@ -157,4 +158,42 @@ func TestAuditEnableCommand_Run(t *testing.T) { _, cmd := testAuditEnableCommand(t) assertNoTabs(t, cmd) }) + + t.Run("mount_all", func(t *testing.T) { + t.Parallel() + + client, closer := testVaultServerAllBackends(t) + defer closer() + + files, err := ioutil.ReadDir("../builtin/audit") + if err != nil { + t.Fatal(err) + } + + var backends []string + for _, f := range files { + if f.IsDir() { + backends = append(backends, f.Name()) + } + } + + for _, b := range backends { + ui, cmd := testAuditEnableCommand(t) + cmd.client = client + + args := []string{ + b, + } + switch b { + case "file": + args = append(args, "file_path=discard") + case "socket": + args = append(args, "address=127.0.0.1:8888") + } + code := cmd.Run(args) + if exp := 0; code != exp { + t.Errorf("type %s, expected %d to be %d - %s", b, code, exp, ui.OutputWriter.String()+ui.ErrorWriter.String()) + } + } + }) } diff --git a/command/auth_enable_test.go b/command/auth_enable_test.go index e4308f9934d6..d3d693d8126b 100644 --- a/command/auth_enable_test.go +++ b/command/auth_enable_test.go @@ -1,6 +1,7 @@ package command import ( + "io/ioutil" "strings" "testing" @@ -141,4 +142,53 @@ func TestAuthEnableCommand_Run(t *testing.T) { _, cmd := testAuthEnableCommand(t) assertNoTabs(t, cmd) }) + + t.Run("mount_all", func(t *testing.T) { + t.Parallel() + + client, closer := testVaultServerAllBackends(t) + defer closer() + + files, err := ioutil.ReadDir("../builtin/credential") + if err != nil { + t.Fatal(err) + } + + var backends []string + for _, f := range files { + if f.IsDir() { + backends = append(backends, f.Name()) + } + } + + plugins, err := ioutil.ReadDir("../vendor/github.com/hashicorp") + if err != nil { + t.Fatal(err) + } + for _, p := range plugins { + if p.IsDir() && strings.HasPrefix(p.Name(), "vault-plugin-auth-") { + backends = append(backends, strings.TrimPrefix(p.Name(), "vault-plugin-auth-")) + } + } + + if len(backends) != len(credentialBackends) { + t.Fatalf("expected %d credential backends, got %d", len(credentialBackends), len(backends)) + } + + for _, b := range backends { + if b == "token" { + continue + } + + ui, cmd := testAuthEnableCommand(t) + cmd.client = client + + code := cmd.Run([]string{ + b, + }) + if exp := 0; code != exp { + t.Errorf("type %s, expected %d to be %d - %s", b, code, exp, ui.OutputWriter.String()+ui.ErrorWriter.String()) + } + } + }) } diff --git a/command/command_test.go b/command/command_test.go index 0ff084f45b33..5303935494f8 100644 --- a/command/command_test.go +++ b/command/command_test.go @@ -62,6 +62,20 @@ func testVaultServer(tb testing.TB) (*api.Client, func()) { return client, closer } +func testVaultServerAllBackends(tb testing.TB) (*api.Client, func()) { + tb.Helper() + + client, _, closer := testVaultServerCoreConfig(tb, &vault.CoreConfig{ + DisableMlock: true, + DisableCache: true, + Logger: defaultVaultLogger, + CredentialBackends: credentialBackends, + AuditBackends: auditBackends, + LogicalBackends: logicalBackends, + }) + return client, closer +} + // testVaultServerUnseal creates a test vault cluster and returns a configured // API client, list of unseal keys (as strings), and a closer function. func testVaultServerUnseal(tb testing.TB) (*api.Client, []string, func()) { diff --git a/command/commands.go b/command/commands.go index d276239ac1fa..6af11b0083dc 100644 --- a/command/commands.go +++ b/command/commands.go @@ -64,6 +64,72 @@ import ( physZooKeeper "github.com/hashicorp/vault/physical/zookeeper" ) +var ( + auditBackends = map[string]audit.Factory{ + "file": auditFile.Factory, + "socket": auditSocket.Factory, + "syslog": auditSyslog.Factory, + } + + credentialBackends = map[string]logical.Factory{ + "app-id": credAppId.Factory, + "approle": credAppRole.Factory, + "aws": credAws.Factory, + "centrify": credCentrify.Factory, + "cert": credCert.Factory, + "gcp": credGcp.Factory, + "github": credGitHub.Factory, + "kubernetes": credKube.Factory, + "ldap": credLdap.Factory, + "okta": credOkta.Factory, + "plugin": plugin.Factory, + "radius": credRadius.Factory, + "userpass": credUserpass.Factory, + } + + logicalBackends = map[string]logical.Factory{ + "aws": aws.Factory, + "cassandra": cassandra.Factory, + "consul": consul.Factory, + "database": database.Factory, + "mongodb": mongodb.Factory, + "mssql": mssql.Factory, + "mysql": mysql.Factory, + "nomad": nomad.Factory, + "pki": pki.Factory, + "plugin": plugin.Factory, + "postgresql": postgresql.Factory, + "rabbitmq": rabbitmq.Factory, + "ssh": ssh.Factory, + "totp": totp.Factory, + "transit": transit.Factory, + } + + physicalBackends = map[string]physical.Factory{ + "azure": physAzure.NewAzureBackend, + "cassandra": physCassandra.NewCassandraBackend, + "cockroachdb": physCockroachDB.NewCockroachDBBackend, + "consul": physConsul.NewConsulBackend, + "couchdb_transactional": physCouchDB.NewTransactionalCouchDBBackend, + "couchdb": physCouchDB.NewCouchDBBackend, + "dynamodb": physDynamoDB.NewDynamoDBBackend, + "etcd": physEtcd.NewEtcdBackend, + "file_transactional": physFile.NewTransactionalFileBackend, + "file": physFile.NewFileBackend, + "gcs": physGCS.NewGCSBackend, + "inmem_ha": physInmem.NewInmemHA, + "inmem_transactional_ha": physInmem.NewTransactionalInmemHA, + "inmem_transactional": physInmem.NewTransactionalInmem, + "inmem": physInmem.NewInmem, + "mssql": physMSSQL.NewMSSQLBackend, + "mysql": physMySQL.NewMySQLBackend, + "postgresql": physPostgreSQL.NewPostgreSQLBackend, + "s3": physS3.NewS3Backend, + "swift": physSwift.NewSwiftBackend, + "zookeeper": physZooKeeper.NewZooKeeperBackend, + } +) + // DeprecatedCommand is a command that wraps an existing command and prints a // deprecation notice and points the user to the new command. Deprecated // commands are always hidden from help output. @@ -415,68 +481,12 @@ func init() { BaseCommand: &BaseCommand{ UI: serverCmdUi, }, - AuditBackends: map[string]audit.Factory{ - "file": auditFile.Factory, - "socket": auditSocket.Factory, - "syslog": auditSyslog.Factory, - }, - CredentialBackends: map[string]logical.Factory{ - "app-id": credAppId.Factory, - "approle": credAppRole.Factory, - "aws": credAws.Factory, - "centrify": credCentrify.Factory, - "cert": credCert.Factory, - "gcp": credGcp.Factory, - "github": credGitHub.Factory, - "kubernetes": credKube.Factory, - "ldap": credLdap.Factory, - "okta": credOkta.Factory, - "plugin": plugin.Factory, - "radius": credRadius.Factory, - "userpass": credUserpass.Factory, - }, - LogicalBackends: map[string]logical.Factory{ - "aws": aws.Factory, - "cassandra": cassandra.Factory, - "consul": consul.Factory, - "database": database.Factory, - "mongodb": mongodb.Factory, - "mssql": mssql.Factory, - "mysql": mysql.Factory, - "nomad": nomad.Factory, - "pki": pki.Factory, - "plugin": plugin.Factory, - "postgresql": postgresql.Factory, - "rabbitmq": rabbitmq.Factory, - "ssh": ssh.Factory, - "totp": totp.Factory, - "transit": transit.Factory, - }, - PhysicalBackends: map[string]physical.Factory{ - "azure": physAzure.NewAzureBackend, - "cassandra": physCassandra.NewCassandraBackend, - "cockroachdb": physCockroachDB.NewCockroachDBBackend, - "consul": physConsul.NewConsulBackend, - "couchdb_transactional": physCouchDB.NewTransactionalCouchDBBackend, - "couchdb": physCouchDB.NewCouchDBBackend, - "dynamodb": physDynamoDB.NewDynamoDBBackend, - "etcd": physEtcd.NewEtcdBackend, - "file_transactional": physFile.NewTransactionalFileBackend, - "file": physFile.NewFileBackend, - "gcs": physGCS.NewGCSBackend, - "inmem_ha": physInmem.NewInmemHA, - "inmem_transactional_ha": physInmem.NewTransactionalInmemHA, - "inmem_transactional": physInmem.NewTransactionalInmem, - "inmem": physInmem.NewInmem, - "mssql": physMSSQL.NewMSSQLBackend, - "mysql": physMySQL.NewMySQLBackend, - "postgresql": physPostgreSQL.NewPostgreSQLBackend, - "s3": physS3.NewS3Backend, - "swift": physSwift.NewSwiftBackend, - "zookeeper": physZooKeeper.NewZooKeeperBackend, - }, - ShutdownCh: MakeShutdownCh(), - SighupCh: MakeSighupCh(), + AuditBackends: auditBackends, + CredentialBackends: credentialBackends, + LogicalBackends: logicalBackends, + PhysicalBackends: physicalBackends, + ShutdownCh: MakeShutdownCh(), + SighupCh: MakeSighupCh(), }, nil }, "ssh": func() (cli.Command, error) { diff --git a/command/secrets_enable_test.go b/command/secrets_enable_test.go index e241edfa65f4..952bd98cc1cb 100644 --- a/command/secrets_enable_test.go +++ b/command/secrets_enable_test.go @@ -1,6 +1,7 @@ package command import ( + "io/ioutil" "strings" "testing" @@ -168,4 +169,53 @@ func TestSecretsEnableCommand_Run(t *testing.T) { _, cmd := testSecretsEnableCommand(t) assertNoTabs(t, cmd) }) + + t.Run("mount_all", func(t *testing.T) { + t.Parallel() + + client, closer := testVaultServerAllBackends(t) + defer closer() + + files, err := ioutil.ReadDir("../builtin/logical") + if err != nil { + t.Fatal(err) + } + + var backends []string + for _, f := range files { + if f.IsDir() { + if f.Name() == "plugin" { + continue + } + backends = append(backends, f.Name()) + } + } + + plugins, err := ioutil.ReadDir("../vendor/github.com/hashicorp") + if err != nil { + t.Fatal(err) + } + for _, p := range plugins { + if p.IsDir() && strings.HasPrefix(p.Name(), "vault-plugin-") && !strings.HasPrefix(p.Name(), "vault-plugin-auth-") { + backends = append(backends, strings.TrimPrefix(p.Name(), "vault-plugin-")) + } + } + + // Removing one from logical list since plugin is a virtual backend + if len(backends) != len(logicalBackends)-1 { + t.Fatalf("expected %d logical backends, got %d", len(logicalBackends)-1, len(backends)) + } + + for _, b := range backends { + ui, cmd := testSecretsEnableCommand(t) + cmd.client = client + + code := cmd.Run([]string{ + b, + }) + if exp := 0; code != exp { + t.Errorf("type %s, expected %d to be %d - %s", b, code, exp, ui.OutputWriter.String()+ui.ErrorWriter.String()) + } + } + }) } From 75ed6b90e54b8374cd6bd5d1f1741bc43a4f2082 Mon Sep 17 00:00:00 2001 From: Calvin Leung Huang Date: Thu, 1 Feb 2018 12:01:46 -0500 Subject: [PATCH 025/178] Handle period's zero value in token store's token creation (#3880) * Handle period's zero value on handleCreateCommon * Add test for period zero value --- vault/token_store.go | 18 +++++++++++------- vault/token_store_test.go | 15 +++++++++++++++ 2 files changed, 26 insertions(+), 7 deletions(-) diff --git a/vault/token_store.go b/vault/token_store.go index d3e9d11b0ef3..c65b9a3cabe3 100644 --- a/vault/token_store.go +++ b/vault/token_store.go @@ -1823,19 +1823,23 @@ func (ts *TokenStore) handleCreateCommon(ctx context.Context, req *logical.Reque var periodToUse time.Duration if data.Period != "" { - if !isSudo { - return logical.ErrorResponse("root or sudo privileges required to create periodic token"), - logical.ErrInvalidRequest - } dur, err := parseutil.ParseDurationSecond(data.Period) if err != nil { return logical.ErrorResponse(err.Error()), logical.ErrInvalidRequest } - if dur < 0 { + + switch { + case dur < 0: return logical.ErrorResponse("period must be positive"), logical.ErrInvalidRequest + case dur == 0: + default: + if !isSudo { + return logical.ErrorResponse("root or sudo privileges required to create periodic token"), + logical.ErrInvalidRequest + } + te.Period = dur + periodToUse = dur } - te.Period = dur - periodToUse = dur } // Parse the TTL/lease if any diff --git a/vault/token_store_test.go b/vault/token_store_test.go index 7c19c32b0ad3..fa865c7e2199 100644 --- a/vault/token_store_test.go +++ b/vault/token_store_test.go @@ -2990,6 +2990,21 @@ func TestTokenStore_NoDefaultPolicy(t *testing.T) { t.Fatalf("bad: policies: expected: [default policy1]; actual: %s", resp.Auth.Policies) } + // A non-root token which has 'default' policy attached and period explicitly + // set to its zero value requests for a child token. Child token should be + // successfully created and have 'default' policy attached. + tokenReq.Data = map[string]interface{}{ + "period": "0s", + } + resp, err = ts.HandleRequest(context.Background(), tokenReq) + if err != nil || (resp != nil && resp.IsError()) { + t.Fatalf("err: %v, resp: %v", err, resp) + } + + if !reflect.DeepEqual(resp.Auth.Policies, []string{"default", "policy1"}) { + t.Fatalf("bad: policies: expected: [default policy1]; actual: %s", resp.Auth.Policies) + } + // A non-root token which has 'default' policy attached, request for a // child token to not have 'default' policy while not sending a list tokenReq.Data = map[string]interface{}{ From 1d310fadb6c319509574ceb220c9543ed9aee8ed Mon Sep 17 00:00:00 2001 From: Vishal Nayak Date: Thu, 1 Feb 2018 12:09:58 -0500 Subject: [PATCH 026/178] docs/telemetry: remove merge conflict remnant (#3882) * remove merge conflict remnant * s/auth/authentication --- .../source/docs/internals/telemetry.html.md | 63 +------------------ 1 file changed, 1 insertion(+), 62 deletions(-) diff --git a/website/source/docs/internals/telemetry.html.md b/website/source/docs/internals/telemetry.html.md index 2e1978cf9814..cdb0e119f795 100644 --- a/website/source/docs/internals/telemetry.html.md +++ b/website/source/docs/internals/telemetry.html.md @@ -62,67 +62,6 @@ The following sections describe available Vault metrics. The metrics interval ca These metrics represent operational aspects of the running Vault instance. -<<<<<<< HEAD -| Metric | Description | Unit | Type | -| ---------------- | ----------------------------------| ---- | ---- | -|`vault.audit.log_request`| This measures the number of audit log requests | Number of requests | Summary | -|`vault.audit.log_response`| This measures the number of audit log responses | Number of responses | Summary | -|`vault.barrier.delete`| This measures the number of delete operations at the barrier | Number of operations | Summary | -|`vault.barrier.get`| This measures the number of get operations at the barrier | Number of operations | Summary | -|`vault.barrier.put`| This measures the number of put operations at the barrier | Number of operations | Summary | -|`vault.barrier.list`| This measures the number of list operations at the barrier | Number of operations | Counter | -|`vault.core.check_token`| This measures the number of token checks | Number of checks | Summary | -|`vault.core.fetch_acl_and_token`| This measures the number of ACL and corresponding token entry fetches | Number of fetches | Summary | -|`vault.core.handle_request`| This measures the number of requests | Number of requests | Summary | -|`vault.core.handle_login_request`| This measures the number of login requests | Number of requests | Summary | -|`vault.core.leadership_setup_failed`| This measures the number of cluster leadership setup failures | Number of failures | Summary | -|`vault.core.leadership_lost`| This measures the number of cluster leadership losses | Number of losses | Summary | -|`vault.core.post_unseal` | This measures the number of post-unseal operations | Number of operations | Gauge | -|`vault.core.pre_seal`| This measures the number of pre-seal operations | Number of operations | Gauge | -|`vault.core.seal-with-request`| This measures the number of requested seal operations | Number of operations | Gauge | -|`vault.core.seal`| This measures the number of seal operations | Number of operations | Gauge | -|`vault.core.seal-internal`| This measures the number of internal seal operations | Number of operations | Gauge | -|`vault.core.step_down`| This measures the number of cluster leadership step downs | Number of stepdowns | Summary | -|`vault.core.unseal`| This measures the number of unseal operations | Number of operations | Summary | -|`vault.runtime.alloc_bytes` | This measures the number of bytes allocated by the Vault process. This may burst from time to time but should return to a steady state value.| Number of bytes | Gauge | -|`vault.runtime.free_count`| This measures the number of `free` operations | Number of operations | Gauge | -|`vault.runtime.heap_objects`| This measures the number of objects on the heap and is a good general memory pressure indicator | Number of heap objects | Gauge | -|`vault.runtime.malloc_count`| This measures the number of `malloc` operations | Number of operations | Gauge | -|`vault.runtime.num_goroutines`| This measures the number of goroutines and serves as a general load indicator | Number of goroutines| Gauge | -|`vault.runtime.sys_bytes`| This measures the number of bytes allocated to Vault and includes what is being used by the heap and what has been reclaimed but not given back| Number of bytes | Gauge | -|`vault.runtime.total_gc_pause_ns` | This measures the total garbage collector pause time since the Vault instance was last started | Nanosecond | Summary | -| `vault.runtime.total_gc_runs` | Total number of garbage collection runs since the Vault instance was last started | Number of operations | Gauge | - -### Policy and Token Metrics - -These metrics relate to policies and tokens. - -| Metric | Description | Unit | Type | -| ---------------- | ----------------------------------| ---- | ---- | -`vault.expire.fetch-lease-times`| This measures the number of lease time fetch operations | Number of operations | Gauge | -`vault.expire.fetch-lease-times-by-token`| This measures the number of operations which compute lease times by token | Number of operations | Gauge | -`vault.expire.num_leases`| This measures the number of expired leases | Number of expired leases | Gauge | -`vault.expire.revoke`| This measures the number of revoke operations | Number of operations | Counter | -`vault.expire.revoke-force`| This measures the number of forced revoke operations | Number of operations | Counter | -`vault.expire.revoke-prefix`| This measures the number of operations used to revoke all secrets with a given prefix | Number of operations | Counter | -`vault.expire.revoke-by-token`| This measures the number of operations used to revoke all secrets issued with a given token | Number of operations | Counter | -`vault.expire.renew`| This measures the number of renew operations | Number of operations | Counter | -`vault.expire.renew-token`| This measures the number of renew token operations to renew a token which does not need to invoke a logical backend | Number of operations | Gauge | -`vault.expire.register`| This measures the number of register operations which take a request and response with an associated lease and register a lease entry with lease ID | Number of operations | Gauge | -`vault.expire.register-auth`| This measures the number of register auth operations which create lease entries without lease ID | Number of operations | Gauge | -`vault.policy.get_policy`| This measures the number of policy get operations | Number of operations | Counter | -`vault.policy.list_policies`| This measures the number of policy list operations | Number of operations | Counter | -`vault.policy.delete_policy`| This measures the number of policy delete operations | Number of operations | Counter | -`vault.policy.set_policy`| This measures the number of policy set operations | Number of operations | Gauge | -`vault.token.create`| This measures the number of token create operations | Number of operations | Gauge | -`vault.token.createAccessor`| This measures the number of Token ID identifier operations | Number of operations | Gauge | -`vault.token.lookup`| This measures the number of token lookups | Number of lookups | Counter | -`vault.token.revoke`| This measures the number of token revocation operations | Number of operations | Gauge | -`vault.token.revoke-tree`| This measures the number of revoke tree operations | Number of operations | Gauge | -`vault.token.store`| This measures the number of operations to store an updated token entry without writing to the secondary index | Number of operations | Gauge | - -### Auth Method Metrics -======= ### vault.audit.log_request **[S]** Summary (Number of requests): Number of audit log requests @@ -349,7 +288,7 @@ Thes operations take a request and response with an associated lease and registe ## Authentication Backend Metrics -These metrics relate to supported auth methods. +These metrics relate to supported authentication methods. ### vault.rollback.attempt.auth-token- From 75b9e2174a97614a7111c2d09cf86a11c45c56c3 Mon Sep 17 00:00:00 2001 From: Josh Giles Date: Thu, 1 Feb 2018 12:44:57 -0500 Subject: [PATCH 027/178] Return Okta config TTLs in seconds, not nanos. (#3871) --- builtin/credential/okta/path_config.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/builtin/credential/okta/path_config.go b/builtin/credential/okta/path_config.go index a535257bcd69..8e8415bceb9c 100644 --- a/builtin/credential/okta/path_config.go +++ b/builtin/credential/okta/path_config.go @@ -101,8 +101,8 @@ func (b *backend) pathConfigRead(ctx context.Context, req *logical.Request, d *f Data: map[string]interface{}{ "organization": cfg.Org, "org_name": cfg.Org, - "ttl": cfg.TTL, - "max_ttl": cfg.MaxTTL, + "ttl": cfg.TTL.Seconds(), + "max_ttl": cfg.MaxTTL.Seconds(), }, } if cfg.BaseURL != "" { From 4ff26fd82d06953cc0aecbbf9054a941fb363192 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Thu, 1 Feb 2018 12:45:58 -0500 Subject: [PATCH 028/178] changelog++ --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2bf344ffdc51..2e60fef69266 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.9.4 (Unreleased) + +BUG FIXES: + + * auth/okta: Return configured durations as seconds, not nanoseconds [GH-3871] + ## 0.9.3 (January 28th, 2018) A regression from a feature merge disabled the Nomad secrets backend in 0.9.2. From 15ba1142f79f4bdb8523b2b4560198bbf4ac1046 Mon Sep 17 00:00:00 2001 From: Yoko Hyakuna Date: Thu, 1 Feb 2018 09:50:59 -0800 Subject: [PATCH 029/178] Incorporated review comments --- .../configuration/authentication.html.md | 18 +- .../configuration/generate-root.html.md | 203 ++++++++++-------- .../source/guides/configuration/index.html.md | 12 +- .../source/guides/configuration/lease.html.md | 9 +- .../configuration/plugin-backends.html.md | 16 +- .../guides/configuration/policies.html.md | 10 +- .../source/guides/operations/index.html.md | 6 +- .../guides/secret-mgmt/cubbyhole.html.md | 2 +- .../secret-mgmt/dynamic-secrets.html.md | 12 +- .../source/guides/secret-mgmt/index.html.md | 6 +- .../guides/secret-mgmt/static-secrets.html.md | 18 +- website/source/layouts/guides.erb | 2 +- 12 files changed, 166 insertions(+), 148 deletions(-) diff --git a/website/source/guides/configuration/authentication.html.md b/website/source/guides/configuration/authentication.html.md index c13e1aabb351..42bb8fa9011b 100644 --- a/website/source/guides/configuration/authentication.html.md +++ b/website/source/guides/configuration/authentication.html.md @@ -19,18 +19,18 @@ auth backend responsible for creating and storing tokens. ### Auth Backends -Auth backends performs authentication to verify the user or machine-supplied +Auth backends perform authentication to verify the user or machine-supplied information. Some of the supported auth backends are targeted towards users while others are targeted toward machines or apps. For example, [**LDAP**](/docs/auth/ldap.html) auth backend enables user authentication using an existing LDAP server while [**AppRole**](/docs/auth/approle.html) auth backend is recommended for machines or apps. -[Getting Started](/intro/getting-started/authentication.html) guide walks you -through how to enable GitHub auth backend for user authentication. +The [Getting Started](/intro/getting-started/authentication.html) guide walks you +through how to enable the GitHub auth backend for user authentication. This introductory guide focuses on generating tokens for machines or apps by -enabling [**AppRole**](/docs/auth/approle.html) auth backend. +enabling the [**AppRole**](/docs/auth/approle.html) auth backend. ## Reference Material @@ -55,7 +55,7 @@ The end-to-end scenario described in this guide involves two personas: ## Challenge Think of a scenario where a DevOps team wants to configure Jenkins to read -secrets from Vault so that it can inject the secrets to app's environment +secrets from Vault so that it can inject the secrets to an app's environment variables (e.g. `MYSQL_DB_HOST`) at deployment time. Instead of hardcoding secrets in each build script as a plaintext, Jenkins @@ -350,7 +350,7 @@ $ curl --header "X-Vault-Token: ..." --request GET \ ### Step 3: Get Role ID and Secret ID (**Persona:** admin) -**Role ID** and **Secret ID** are like username and password which a machine or +**Role ID** and **Secret ID** are like a username and password that a machine or app uses to authenticate. Since the example created a `jenkins` role which operates in pull mode, Vault @@ -613,9 +613,9 @@ A common solution involves **three personas** instead of two: `admin`, `app`, an `trusted entity`. The `trusted entity` delivers the Role ID and Secret ID to the client by separate means. -For example, Terraform injects the Role ID onto the virtual machine. When the -app runs on the virtual machine, the Role ID already exists on the virtual -machine. +For example, Terraform as a trusted entity can deliver the Role ID onto the +virtual machine. When the app runs on the virtual machine, the Role ID already +exists on the virtual machine. ![AppRole auth backend workflow](assets/images/vault-approle-workflow2.png) diff --git a/website/source/guides/configuration/generate-root.html.md b/website/source/guides/configuration/generate-root.html.md index a8d90a3a23d2..ed88c7a4bb2d 100644 --- a/website/source/guides/configuration/generate-root.html.md +++ b/website/source/guides/configuration/generate-root.html.md @@ -8,132 +8,151 @@ description: |- # Generate Root Tokens Using Unseal Keys -In a production Vault installation, the initial [root token][root-tokens] should only be used -for initial configuration. +It is generally considered a best practice to not persist +[root tokens][root-tokens]. Instead a root token should be generated using +Vault's `generate-root` command only when absolutely necessary. This guide +demonstrates regenerating a root token. -The following command creates a token for an admin: +1. Unseal the vault using the existing quorum of unseal keys. You do not need to + be authenticated to generate a new root token, but the Vault must be unsealed + and a quorum of unseal keys must be available. -```shell -vault token-create -metadata "name=ADMIN_NAME" -display-name="ADMIN_USER_NAME" \ --orphan -no-default-policy -``` + ```shell + $ vault operator unseal + # ... + ``` -After a subset of administrators have sudo access, -almost all operations can be performed. However, for some system critical -operations, a root token may still be required. +### Using OTP -It is generally considered a best practice to not persist [root -tokens][root-tokens]. Instead a root token should be generated using Vault's -`generate-root` command only when absolutely necessary. A quorum of unseal key -holders can generate a new root token. This enforces that there -is no single person has complete access to the system. +In this method, an OTP is XORed with the generated token on final output. -This guide demonstrates regenerating a root token using a one-time-password (OTP). +1. Generate a one-time password (OTP) to use for XORing the resulting token: -## Steps to Regenerate Root Tokens + ```text + $ vault operator generate-root -generate-otp + mOXx7iVimjE6LXQ2Zna6NA== + ``` -1. Make sure that the Vault server is unsealed -2. Generate a one-time-password (OTP) to share -3. Each unseal key holder runs `generate-root` with the OTP -4. Decode the generated root token + Save this OTP because you will need it to get the decoded final root token. -### Step 1: Make sure that the Vault server is unsealed +1. Initialize a root token generation, providing the OTP code from the step + above: + + ```text + $ vault operator generate-root -init -otp=mOXx7iVimjE6LXQ2Zna6NA== + Nonce f67f4da3-4ae4-68fb-4716-91da6b609c3e + Started true + Progress 0/5 + Complete false + ``` -First, verify the status: + The nonce value should be distributed to all unseal key holders. -```shell -$ vault status -``` -The output should indicate that the Vault is unsealed (`Sealed: false`). +1. Each unseal key holder providers their unseal key: -If the status indicates that the Vault server is sealed, unseal the vault using -the existing quorum of unseal keys. You do not need to be authenticated. + ```text + $ vault operator generate-root + Root generation operation nonce: f67f4da3-4ae4-68fb-4716-91da6b609c3e + Unseal Key (will be hidden): ... + ``` -```shell -$ vault unseal -# ... -``` + If there is a tty, Vault will prompt for the key and automatically + complete the nonce value. If there is no tty, or if the value is piped + from stdin, the user must specify the nonce value from the `-init` + operation. -### Step 2: Generate a one-time-password (OTP) + ```text + $ echo $UNSEAL_KEY | vault operator generate-root -nonce=f67f4da3... - + ``` -Generate a one-time password: +1. When the quorum of unseal keys are supplied, the final user will also get + the encoded root token. -```shell -$ vault generate-root -genotp -``` + ```text + $ vault operator generate-root + Root generation operation nonce: f67f4da3-4ae4-68fb-4716-91da6b609c3e + Unseal Key (will be hidden): -This generates the OTP to generate a new root token. The output would look like: + Nonce f67f4da3-4ae4-68fb-4716-91da6b609c3e + Started true + Progress 5/5 + Complete true + Root Token IxJpyqxn3YafOGhqhvP6cQ== + ``` -```shell -$ vault generate-root -genotp -OTP: +G07n16yukWxyn7nQbG0aw== -``` +1. Decode the encoded token using the OTP: -### Step 3: Each unseal key holder runs generate-root + ```text + $ vault operator generate-root \ + -decode=IxJpyqxn3YafOGhqhvP6cQ== \ + -otp=mOXx7iVimjE6LXQ2Zna6NA== -Each unseal key holder runs the `generate-root` command with generated OTP: + 24bde68f-3df3-e137-cf4d-014fe9ebc43f + ``` -```shell -$ vault generate-root -otp="" -``` +### Using PGP -Example: +1. Initialize a root token generation, providing the path to a GPG public key + or keybase username of a user to encrypted the resulting token. -```shell -$ vault generate-root -otp="+G07n16yukWxyn7nQbG0aw==" -Root generation operation nonce: abe86476-c6c5-9ca9-426e-bb6eba7fc987 -Key (will be hidden): -Nonce: abe86476-c6c5-9ca9-426e-bb6eba7fc987 -Started: true -Generate Root Progress: 1 -Required Keys: 3 -Complete: false -``` + ```text + $ vault operator generate-root -init -pgp-key=keybase:sethvargo + Nonce e24dec5e-f1ea-2dfe-ecce-604022006976 + Started true + Progress 0/5 + Complete false + PGP Fingerprint e2f8e2974623ba2a0e933a59c921994f9c27e0ff + ``` -When the root key generation completes, an encoded new root token will be -provided. + The nonce value should be distributed to all unseal key holders. -The output would look like: +1. Each unseal key holder providers their unseal key: -```shell -$ vault generate-root -otp="+G07n16yukWxyn7nQbG0aw==" -Root generation operation nonce: abe86476-c6c5-9ca9-426e-bb6eba7fc987 -Key (will be hidden): -Nonce: abe86476-c6c5-9ca9-426e-bb6eba7fc987 -Started: true -Generate Root Progress: 3 -Required Keys: 3 -Complete: true + ```text + $ vault operator generate-root + Root generation operation nonce: e24dec5e-f1ea-2dfe-ecce-604022006976 + Unseal Key (will be hidden): ... + ``` -Encoded root token: O7gIhugL3oHKeVmxpKGcYA== -``` + If there is a tty, Vault will prompt for the key and automatically + complete the nonce value. If there is no tty, or if the value is piped + from stdin, the user must specify the nonce value from the `-init` + operation. -### Step 4: Decode the generated root tokens + ```text + $ echo $UNSEAL_KEY | vault generate-root -nonce=f67f4da3... - + ``` -Run the `generate-root` command as follow: +1. When the quorum of unseal keys are supplied, the final user will also get + the encoded root token. -```shell -$ vault generate-root -otp="" -decode="" -``` + ```text + $ vault operator generate-root + Root generation operation nonce: e24dec5e-f1ea-2dfe-ecce-604022006976 + Unseal Key (will be hidden): -Example: + Nonce e24dec5e-f1ea-2dfe-ecce-604022006976 + Started true + Progress 1/1 + Complete true + PGP Fingerprint e2f8e2974623ba2a0e933a59c921994f9c27e0ff + Root Token wcFMA0RVkFtoqzRlARAAI3Ux8kdSpfgXdF9mg... + ``` + +1. Decrypt the encrypted token using associated private key: -```shell -$ vault generate-root -otp="+G07n16yukWxyn7nQbG0aw==" -decode="O7gIhugL3oHKeVmxpKGcYA==" -Root token: c3d53319-b6b9-64c4-7bb3-2756e510280b -``` + ```text + $ echo "wcFMA0RVkFtoqzRlARAAI3Ux8kdSpfgXdF9mg..." | base64 --decode | gpg --decrypt -## Additional References + d0f71e9b-ebff-6d8a-50ae-b8859f2e5671 + ``` -Instead of using a shared OTP, you can pass a file on a disk containing a public -PGP key. + or via keybase: -Example: + ```text + $ echo "wcFMA0RVkFtoqzRlARAAI3Ux8kdSpfgXdF9mg..." | base64 --decode | keybase pgp decrypt -```shell -$ vault generate-root -pgp-key="keyname.asc" -``` - -Please see `vault generate-root -help` for more information about using PGP. + d0f71e9b-ebff-6d8a-50ae-b8859f2e5671 + ``` [root-tokens]: /docs/concepts/tokens.html#root-tokens diff --git a/website/source/guides/configuration/index.html.md b/website/source/guides/configuration/index.html.md index b4d467b1d7be..eb12ae5fd94e 100644 --- a/website/source/guides/configuration/index.html.md +++ b/website/source/guides/configuration/index.html.md @@ -4,23 +4,21 @@ page_title: "Vault Configuration - Guides" sidebar_current: "guides-configuration" description: |- Once a Vault instance has been installed, the next step is to configure auth - backend, secret backend, and manage keys. Vault configuration guides addresses - key concepts in configuring your Vault servers. + backends, secret backends, and manage keys. Vault configuration guides addresses + key concepts in configuring your Vault application. --- # Vault Configuration -This guide walks you through Vault configuration topics. Some guides address -fundamental tasks to get the server setup, and some guides introduce more -advanced discussions. +This guide walks you through Vault configuration topics. - [Policies](/guides/configuration/policies.html) are used to instrument Role-Based Access Control (RBAC) by specifying access privileges. Authoring of policies is probably the first step the Vault administrator performs. This guide walks you through creating example policies for `admin` and `provisioner` users. - [AppRole Pull Authentication](/guides/configuration/authentication.html) guide -is an introductory guide introduces the steps to generate tokens for machines -or apps by enabling AppRole auth backend. +that introduces the steps to generate tokens for machines or apps by enabling +AppRole auth backend. - [Token and Leases](/guides/configuration/lease.html) guide helps you understand how tokens and leases work in Vault. The understanding of the lease hierarchy and expiration mechanism helps you plan for break glass diff --git a/website/source/guides/configuration/lease.html.md b/website/source/guides/configuration/lease.html.md index 528b43032786..e50af7d01db1 100644 --- a/website/source/guides/configuration/lease.html.md +++ b/website/source/guides/configuration/lease.html.md @@ -64,7 +64,8 @@ See the [policy requirements](#policy-requirements) section for details. Consider the following scenarios: -- Currently, there is no **break glass** procedure available +- Currently, there is no **break glass** procedure available for revoking +access to credentials in the event of a breach - Credentials for external systems (e.g. AWS, MySQL) are shared - Need a temporal access to database in a specific scenario @@ -135,14 +136,14 @@ If you are not familiar with policies, complete the ## Steps -Tokens are the core methods for authentication within Vault. Tokens can be used +Tokens are the core method for authentication within Vault. Tokens can be used directly or dynamically generated by the auth backends. Regardless, the clients need valid tokens to interact with Vault. This guide demonstrates the lifecycle of tokens. 1. [Read token backend configuration](#step1) -2. [Create short-live tokens](#step2) +2. [Create short-lived tokens](#step2) 3. [Create tokens with use limit](#step3) 4. [Periodic tokens](#step4) 5. [Orphan tokens](#step5) @@ -229,7 +230,7 @@ $ curl --header "X-Vault-Token: ..." --request GET \ -> **NOTE:** The returned TTL value is in seconds (2764800 seconds = 32 days). -### Step 2: Create short-live tokens +### Step 2: Create short-lived tokens Create a new token with TTL of 30 seconds which means that the token gets automatically revoked after 30 seconds. diff --git a/website/source/guides/configuration/plugin-backends.html.md b/website/source/guides/configuration/plugin-backends.html.md index cff9aa8d21dd..d31a9d6d4f5e 100644 --- a/website/source/guides/configuration/plugin-backends.html.md +++ b/website/source/guides/configuration/plugin-backends.html.md @@ -8,14 +8,14 @@ description: |- # Introduction -Plugin backends utilize the [plugin system][plugin-system] to enable -third-party secret and auth backends to be mounted. +Plugin backends utilize the [plugin system][plugin-system] to enable third-party +secrets engines and auth methods. It is worth noting that even though [database secrets engines][database-backend] operate under the same underlying plugin mechanism, they are slightly different -in design than plugin backends demonstrated in this guide. The database backend -manages multiple plugins under the same backend mount point, whereas plugin -backends are generic backends that function as either secret or auth backends. +in design than plugin backends demonstrated in this guide. The database secrets +engine manages multiple plugins under the same backend mount point, whereas +plugin backends are kv backends that function as either secret or auth methods. This guide provides steps to build, register, and mount non-database external plugin backends. @@ -36,9 +36,9 @@ will need to unseal it again. ## Compile Plugin -Build the custom backend binary, and move it to the `plugin_directory` path. -In this guide, we will use `mock-plugin` that comes from Vault's -`logical/plugin/mock` package. +Build the custom binary, and move it inside the `plugin_directory` path +configured above. This guide uses `mock-plugin` that comes from Vault's +[`logical/plugin/mock`](https://github.com/hashicorp/vault/tree/master/logical/plugin/mock/mock-plugin) package. Download the source (you would probably use your own plugin): diff --git a/website/source/guides/configuration/policies.html.md b/website/source/guides/configuration/policies.html.md index c04830773ec2..e08de04c756a 100644 --- a/website/source/guides/configuration/policies.html.md +++ b/website/source/guides/configuration/policies.html.md @@ -18,12 +18,12 @@ default. The `root` policy is a special policy that gives superuser access to _everything_ in Vault. This allows the superuser to set up initial policies, tokens, etc. -In addition, there is another build-in policy, +In addition, there is another built-in policy, [**`default`**](/docs/concepts/policies.html#default-policy) gets created. The `default` policy is attached to all tokens and provides common permissions. -Everything in Vault is path based, and write policies to grant or forbid access -to certain paths and operations in Vault. Vault operates on a **secure by +Everything in Vault is path based, and admins write policies to grant or forbid +access to certain paths and operations in Vault. Vault operates on a **secure by default** standard, and as such as empty policy grants **no permission** in the system. @@ -34,7 +34,7 @@ Policies written in [HCL](https://github.com/hashicorp/hcl) format are often referred as **_ACL Policies_**. [Sentinel](https://www.hashicorp.com/sentinel) is another framework for policy which is available in [Vault Enterprise](/docs/enterprise/index.html). Since Sentinel is an enterprise-only -feature, this guide focuses on writing ACL policies. +feature, this guide focuses on writing ACL policies as a foundation. **NOTE:** HCL is JSON compatible; therefore, JSON can be used as completely valid input. @@ -56,7 +56,7 @@ The scenario described in this guide introduces the following personas: - **`root`** sets up initial policies for `admin` - **`admin`** is empowered with managing a Vault infrastructure for a team or organizations -- **`provisioner`** configures secret backends as well as creating policies for +- **`provisioner`** configures secret backends and creates policies for client apps diff --git a/website/source/guides/operations/index.html.md b/website/source/guides/operations/index.html.md index 2f8958198c94..6e8dc8d6584c 100644 --- a/website/source/guides/operations/index.html.md +++ b/website/source/guides/operations/index.html.md @@ -1,15 +1,15 @@ --- layout: "guides" -page_title: "Vault Architecture - Guides" +page_title: "Vault Operations - Guides" sidebar_current: "guides-operations" description: |- Vault architecture guide covers Vault infrastructure discussions including installation. --- -# Vault Architecture +# Vault Operations -Vault Architectures guides address Vault infrastructure discussions. These +Vault Operations guides address Vault infrastructure discussions. These guides are designed to help the operations team to plan and install a Vault cluster that meets your organization's needs. diff --git a/website/source/guides/secret-mgmt/cubbyhole.html.md b/website/source/guides/secret-mgmt/cubbyhole.html.md index cb2b66c644c6..ccbe576d5dc5 100644 --- a/website/source/guides/secret-mgmt/cubbyhole.html.md +++ b/website/source/guides/secret-mgmt/cubbyhole.html.md @@ -10,7 +10,7 @@ description: |- # Cubbyhole -The term _cubbyhole_ comes from an Americnaism where you get a "locker" or "safe +The term _cubbyhole_ comes from an Americanism where you get a "locker" or "safe place" to store your belongings or valuables. In Vault, cubbyhole is your "locker". All secrets are namespaced under **your token**. If that token expires or is revoked, all the secrets in its cubbyhole are revoked as well. diff --git a/website/source/guides/secret-mgmt/dynamic-secrets.html.md b/website/source/guides/secret-mgmt/dynamic-secrets.html.md index e4421968d83e..04b11e1d4438 100644 --- a/website/source/guides/secret-mgmt/dynamic-secrets.html.md +++ b/website/source/guides/secret-mgmt/dynamic-secrets.html.md @@ -32,20 +32,20 @@ you through the generation of dynamic AWS credentials. The end-to-end scenario described in this guide involves two personas: - **`admin`** with privileged permissions to configure secret backends -- **`apps`** reads the secrets from Vault +- **`apps`** read the secrets from Vault ## Challenge Data protection is a top priority which means that the database credential -rotation is a critical part of the effort. Each role has a different set of -permissions granted to access the database. When the system is constantly under -attack by hackers, continuous credential rotation becomes necessary and needs to -be automated. +rotation is a critical part of any data protection initiative. Each role has a +different set of permissions granted to access the database. When a system is +attacked by hackers, continuous credential rotation becomes necessary and needs +to be automated. ## Solution -The application asks Vault for database credential rather than setting them as +Applications ask Vault for database credential rather than setting them as environment variables. The administrator specifies the TTL of the database credentials to enforce its validity so that they are automatically revoked when they are no longer used. diff --git a/website/source/guides/secret-mgmt/index.html.md b/website/source/guides/secret-mgmt/index.html.md index 1bfe282afc28..3049dce35f6a 100644 --- a/website/source/guides/secret-mgmt/index.html.md +++ b/website/source/guides/secret-mgmt/index.html.md @@ -1,6 +1,6 @@ --- layout: "guides" -page_title: "Secret Management - Guides" +page_title: "Secrets Management - Guides" sidebar_current: "guides-secret-mgmt" description: |- A very common use case of Vault is to manage your organization's secrets from @@ -8,14 +8,14 @@ description: |- Vault is meant to be a solution for all secret management needs. --- -# Secret Management +# Secrets Management Vault is a tool for securely accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, and more. Vault provides a unified interface to any secret while providing tight access control and recording a detailed audit log. -Secret Management guides demonstrate features in Vault to securely store your +Secrets Management guides demonstrate features in Vault to securely store your secrets. - [Static Secrets](/guides/secret-mgmt/static-secrets.html) guide walks you diff --git a/website/source/guides/secret-mgmt/static-secrets.html.md b/website/source/guides/secret-mgmt/static-secrets.html.md index 1458c5813dbc..ce8c47a8402b 100644 --- a/website/source/guides/secret-mgmt/static-secrets.html.md +++ b/website/source/guides/secret-mgmt/static-secrets.html.md @@ -10,9 +10,9 @@ description: |- # Static Secrets -Vault can be used to store any secrets in a secure manner. The secrets may be +Vault can be used to store any secret in a secure manner. The secrets may be SSL certificates and keys for your organization's domain, credentials to connect -to a corporate database server, etc. Storing such sensitive information in a +to a corporate database server, etc. Storing such sensitive information in plaintext is not desirable. This guide demonstrates the use case of Vault as a Secret Storage. @@ -46,16 +46,16 @@ Consider the following situations: - An app integrates with LDAP, and its configuration information is in a plaintext -Organizations often seek an uniform solution to store any sensitive information -securely. +Organizations often seek an uniform workflow to securely store this sensitive +information. ## Solution -Leverage Vault as a centralized secret storage to secure any sensitive -information. Vault encrypts these secrets using 256-bit AES in GCM mode with a -randomly generated nonce prior to writing them to its persistent storage. The -storage backend never sees the unencrypted value, so gaining access to the raw -storage isn't enough to access your secrets. +Vault as centralized secret storage to secure any sensitive information. Vault +encrypts these secrets using 256-bit AES in GCM mode with a randomly generated +nonce prior to writing them to its persistent storage. The storage backend never +sees the unencrypted value, so gaining access to the raw storage isn't enough to +access your secrets. ## Prerequisites diff --git a/website/source/layouts/guides.erb b/website/source/layouts/guides.erb index a238b70a0879..02d431f629f8 100644 --- a/website/source/layouts/guides.erb +++ b/website/source/layouts/guides.erb @@ -44,7 +44,7 @@ > - Secret Management + Secrets Management
        > Static Secrets From ce1b43cd487a3fa47734af3a68e270d15fa02f77 Mon Sep 17 00:00:00 2001 From: John Eismeier <32205350+jeis2497052@users.noreply.github.com> Date: Thu, 1 Feb 2018 12:51:38 -0500 Subject: [PATCH 030/178] Propose small spelling change (#3890) --- builtin/credential/aws/client.go | 2 +- helper/awsutil/generate_credentials.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/builtin/credential/aws/client.go b/builtin/credential/aws/client.go index 2b4c4aba4ec8..761ddeb55acf 100644 --- a/builtin/credential/aws/client.go +++ b/builtin/credential/aws/client.go @@ -69,7 +69,7 @@ func (b *backend) getRawClientConfig(ctx context.Context, s logical.Storage, reg } // getClientConfig returns an aws-sdk-go config, with optionally assumed credentials -// It uses getRawClientConfig to obtain config for the runtime environemnt, and if +// It uses getRawClientConfig to obtain config for the runtime environment, and if // stsRole is a non-empty string, it will use AssumeRole to obtain a set of assumed // credentials. The credentials will expire after 15 minutes but will auto-refresh. func (b *backend) getClientConfig(ctx context.Context, s logical.Storage, region, stsRole, accountID, clientType string) (*aws.Config, error) { diff --git a/helper/awsutil/generate_credentials.go b/helper/awsutil/generate_credentials.go index 6b1896832989..83c134a56e2a 100644 --- a/helper/awsutil/generate_credentials.go +++ b/helper/awsutil/generate_credentials.go @@ -77,7 +77,7 @@ func (c *CredentialsConfig) GenerateCredentialChain() (*credentials.Credentials, // Create the credentials required to access the API. creds := credentials.NewChainCredentials(providers) if creds == nil { - return nil, fmt.Errorf("could not compile valid credential providers from static config, environemnt, shared, or instance metadata") + return nil, fmt.Errorf("could not compile valid credential providers from static config, environment, shared, or instance metadata") } return creds, nil From 3d62f7679670a03271e53d23a4bf39e09f320b26 Mon Sep 17 00:00:00 2001 From: Calvin Leung Huang Date: Thu, 1 Feb 2018 12:56:02 -0500 Subject: [PATCH 031/178] changelog++ --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2e60fef69266..89f044bc4b15 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,9 @@ BUG FIXES: * auth/okta: Return configured durations as seconds, not nanoseconds [GH-3871] + * auth/token: Token creation via the CLI no longer forces periodic token + creation. Passing an explicit zero value for the period no longer create + periodic tokens [GH-3880] ## 0.9.3 (January 28th, 2018) From 0c727dfe6d026d434ca109afc5e771dc33fda244 Mon Sep 17 00:00:00 2001 From: Yoko Hyakuna Date: Thu, 1 Feb 2018 10:00:18 -0800 Subject: [PATCH 032/178] Fixed a typo 'on-demand' --- website/source/guides/secret-mgmt/dynamic-secrets.html.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/source/guides/secret-mgmt/dynamic-secrets.html.md b/website/source/guides/secret-mgmt/dynamic-secrets.html.md index 04b11e1d4438..c90a99a92a80 100644 --- a/website/source/guides/secret-mgmt/dynamic-secrets.html.md +++ b/website/source/guides/secret-mgmt/dynamic-secrets.html.md @@ -8,7 +8,7 @@ description: |- # Secret as a Service: Dynamic Secrets -Vault can generate secrets on--dataemand for some systems. For example, when an app +Vault can generate secrets on-demand for some systems. For example, when an app needs to access an Amazon S3 bucket, it asks Vault for AWS credentials. Vault will generate an AWS credential granting permissions to access the S3 bucket. In addition, Vault will automatically revoke this credential after the TTL is From 91dffedc3955a6407ac6644a0d797215b4aaabc0 Mon Sep 17 00:00:00 2001 From: Brian Kassouf Date: Thu, 1 Feb 2018 14:30:17 -0800 Subject: [PATCH 033/178] plugins/gRPC: fix issues with reserved keywords in response data (#3881) * plugins/gRPC: fix issues with reserved keywords in response data * Add the path raw file for mock plugin * Fix panic when special paths is nil * Add tests for Listing and raw requests from plugins * Add json.Number case when decoding the status * Bump the version required for gRPC defaults * Fix test for gRPC version check --- helper/pluginutil/version.go | 4 +- helper/pluginutil/version_test.go | 12 +- http/logical.go | 33 +++++- http/plugin_test.go | 153 ++++++++++++++++++++++++++ logical/plugin/grpc_backend_server.go | 5 + logical/plugin/mock/backend.go | 1 + logical/plugin/mock/path_raw.go | 29 +++++ logical/response_util.go | 19 +++- 8 files changed, 245 insertions(+), 11 deletions(-) create mode 100644 http/plugin_test.go create mode 100644 logical/plugin/mock/path_raw.go diff --git a/helper/pluginutil/version.go b/helper/pluginutil/version.go index ec2336761b0d..e1537a697683 100644 --- a/helper/pluginutil/version.go +++ b/helper/pluginutil/version.go @@ -28,7 +28,9 @@ func GRPCSupport() bool { return true } - constraint, err := version.NewConstraint(">= 0.9.2") + // Due to some regressions on 0.9.2 & 0.9.3 we now require version 0.9.4 + // to allow the plugin framework to default to gRPC. + constraint, err := version.NewConstraint(">= 0.9.4") if err != nil { return true } diff --git a/helper/pluginutil/version_test.go b/helper/pluginutil/version_test.go index 8921f84b922d..1d04b327524e 100644 --- a/helper/pluginutil/version_test.go +++ b/helper/pluginutil/version_test.go @@ -16,18 +16,22 @@ func TestGRPCSupport(t *testing.T) { }, { "0.9.2", - true, + false, }, { - "0.9.2+ent", + "0.9.3", + false, + }, + { + "0.9.4+ent", true, }, { - "0.9.2-beta", + "0.9.4-beta", false, }, { - "0.9.3", + "0.9.4", true, }, { diff --git a/http/logical.go b/http/logical.go index bcc5ba902b84..2b09414e54a3 100644 --- a/http/logical.go +++ b/http/logical.go @@ -1,6 +1,8 @@ package http import ( + "encoding/base64" + "encoding/json" "io" "net" "net/http" @@ -200,8 +202,21 @@ func respondRaw(w http.ResponseWriter, r *http.Request, resp *logical.Response) retErr(w, "no status code given") return } - status, ok := statusRaw.(int) - if !ok { + + var status int + switch statusRaw.(type) { + case int: + status = statusRaw.(int) + case float64: + status = int(statusRaw.(float64)) + case json.Number: + s64, err := statusRaw.(json.Number).Float64() + if err != nil { + retErr(w, "cannot decode status code") + return + } + status = int(s64) + default: retErr(w, "cannot decode status code") return } @@ -232,8 +247,18 @@ func respondRaw(w http.ResponseWriter, r *http.Request, resp *logical.Response) retErr(w, "no body given") return } - body, ok = bodyRaw.([]byte) - if !ok { + + switch bodyRaw.(type) { + case string: + var err error + body, err = base64.StdEncoding.DecodeString(bodyRaw.(string)) + if err != nil { + retErr(w, "cannot decode body") + return + } + case []byte: + body = bodyRaw.([]byte) + default: retErr(w, "cannot decode body") return } diff --git a/http/plugin_test.go b/http/plugin_test.go new file mode 100644 index 000000000000..b96e8d484020 --- /dev/null +++ b/http/plugin_test.go @@ -0,0 +1,153 @@ +package http + +import ( + "io/ioutil" + "os" + "sync" + "testing" + + hclog "github.com/hashicorp/go-hclog" + "github.com/hashicorp/vault/api" + bplugin "github.com/hashicorp/vault/builtin/plugin" + "github.com/hashicorp/vault/helper/logbridge" + "github.com/hashicorp/vault/helper/pluginutil" + "github.com/hashicorp/vault/logical" + "github.com/hashicorp/vault/logical/plugin" + "github.com/hashicorp/vault/logical/plugin/mock" + "github.com/hashicorp/vault/physical/inmem" + "github.com/hashicorp/vault/vault" +) + +func getPluginClusterAndCore(t testing.TB, logger *logbridge.Logger) (*vault.TestCluster, *vault.TestClusterCore) { + inmha, err := inmem.NewInmemHA(nil, logger.LogxiLogger()) + if err != nil { + t.Fatal(err) + } + + coreConfig := &vault.CoreConfig{ + Physical: inmha, + LogicalBackends: map[string]logical.Factory{ + "plugin": bplugin.Factory, + }, + } + + cluster := vault.NewTestCluster(t, coreConfig, &vault.TestClusterOptions{ + HandlerFunc: Handler, + RawLogger: logger, + }) + cluster.Start() + + cores := cluster.Cores + core := cores[0] + + os.Setenv(pluginutil.PluginCACertPEMEnv, cluster.CACertPEMFile) + + vault.TestWaitActive(t, core.Core) + vault.TestAddTestPlugin(t, core.Core, "mock-plugin", "TestPlugin_PluginMain") + + // Mount the mock plugin + err = core.Client.Sys().Mount("mock", &api.MountInput{ + Type: "plugin", + PluginName: "mock-plugin", + }) + if err != nil { + t.Fatal(err) + } + + return cluster, core +} + +func TestPlugin_PluginMain(t *testing.T) { + if os.Getenv(pluginutil.PluginVaultVersionEnv) == "" { + return + } + + caPEM := os.Getenv(pluginutil.PluginCACertPEMEnv) + if caPEM == "" { + t.Fatal("CA cert not passed in") + } + + args := []string{"--ca-cert=" + caPEM} + + apiClientMeta := &pluginutil.APIClientMeta{} + flags := apiClientMeta.FlagSet() + flags.Parse(args) + + tlsConfig := apiClientMeta.GetTLSConfig() + tlsProviderFunc := pluginutil.VaultPluginTLSProvider(tlsConfig) + + factoryFunc := mock.FactoryType(logical.TypeLogical) + + err := plugin.Serve(&plugin.ServeOpts{ + BackendFactoryFunc: factoryFunc, + TLSProviderFunc: tlsProviderFunc, + }) + if err != nil { + t.Fatal(err) + } + t.Fatal("Why are we here") +} + +func TestPlugin_MockList(t *testing.T) { + logger := logbridge.NewLogger(hclog.New(&hclog.LoggerOptions{ + Mutex: &sync.Mutex{}, + })) + cluster, core := getPluginClusterAndCore(t, logger) + defer cluster.Cleanup() + + _, err := core.Client.Logical().Write("mock/kv/foo", map[string]interface{}{ + "bar": "baz", + }) + if err != nil { + t.Fatal(err) + } + + keys, err := core.Client.Logical().List("mock/kv/") + if err != nil { + t.Fatal(err) + } + if keys.Data["keys"].([]interface{})[0].(string) != "foo" { + t.Fatal(keys) + } + + _, err = core.Client.Logical().Write("mock/kv/zoo", map[string]interface{}{ + "bar": "baz", + }) + if err != nil { + t.Fatal(err) + } + + keys, err = core.Client.Logical().List("mock/kv/") + if err != nil { + t.Fatal(err) + } + if keys.Data["keys"].([]interface{})[0].(string) != "foo" || keys.Data["keys"].([]interface{})[1].(string) != "zoo" { + t.Fatal(keys) + } +} + +func TestPlugin_MockRawResponse(t *testing.T) { + logger := logbridge.NewLogger(hclog.New(&hclog.LoggerOptions{ + Mutex: &sync.Mutex{}, + })) + cluster, core := getPluginClusterAndCore(t, logger) + defer cluster.Cleanup() + + resp, err := core.Client.RawRequest(core.Client.NewRequest("GET", "/v1/mock/raw")) + if err != nil { + t.Fatal(err) + } + defer resp.Body.Close() + body, err := ioutil.ReadAll(resp.Body) + if err != nil { + t.Fatal(err) + } + if string(body[:]) != "Response" { + t.Fatal("bad body") + } + + if resp.StatusCode != 200 { + t.Fatal("bad status") + } + +} diff --git a/logical/plugin/grpc_backend_server.go b/logical/plugin/grpc_backend_server.go index e0940225a0e9..3e902e03301b 100644 --- a/logical/plugin/grpc_backend_server.go +++ b/logical/plugin/grpc_backend_server.go @@ -81,6 +81,11 @@ func (b *backendGRPCPluginServer) HandleRequest(ctx context.Context, args *pb.Ha func (b *backendGRPCPluginServer) SpecialPaths(ctx context.Context, args *pb.Empty) (*pb.SpecialPathsReply, error) { paths := b.backend.SpecialPaths() + if paths == nil { + return &pb.SpecialPathsReply{ + Paths: nil, + }, nil + } return &pb.SpecialPathsReply{ Paths: &pb.Paths{ diff --git a/logical/plugin/mock/backend.go b/logical/plugin/mock/backend.go index 82e578101633..45c72a148c16 100644 --- a/logical/plugin/mock/backend.go +++ b/logical/plugin/mock/backend.go @@ -46,6 +46,7 @@ func Backend() *backend { []*framework.Path{ pathInternal(&b), pathSpecial(&b), + pathRaw(&b), }, ), PathsSpecial: &logical.Paths{ diff --git a/logical/plugin/mock/path_raw.go b/logical/plugin/mock/path_raw.go new file mode 100644 index 000000000000..132155629505 --- /dev/null +++ b/logical/plugin/mock/path_raw.go @@ -0,0 +1,29 @@ +package mock + +import ( + "context" + + "github.com/hashicorp/vault/logical" + "github.com/hashicorp/vault/logical/framework" +) + +// pathRaw is used to test raw responses. +func pathRaw(b *backend) *framework.Path { + return &framework.Path{ + Pattern: "raw", + Callbacks: map[logical.Operation]framework.OperationFunc{ + logical.ReadOperation: b.pathRawRead, + }, + } +} + +func (b *backend) pathRawRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) { + return &logical.Response{ + Data: map[string]interface{}{ + logical.HTTPContentType: "text/plain", + logical.HTTPRawBody: []byte("Response"), + logical.HTTPStatusCode: 200, + }, + }, nil + +} diff --git a/logical/response_util.go b/logical/response_util.go index a3fd2bfd193d..41e617a8b47f 100644 --- a/logical/response_util.go +++ b/logical/response_util.go @@ -31,10 +31,25 @@ func RespondErrorCommon(req *Request, resp *Response, err error) (int, error) { if !ok || keysRaw == nil { return http.StatusNotFound, nil } - keys, ok := keysRaw.([]string) - if !ok { + + var keys []string + switch keysRaw.(type) { + case []interface{}: + keys = make([]string, len(keysRaw.([]interface{}))) + for i, el := range keysRaw.([]interface{}) { + s, ok := el.(string) + if !ok { + return http.StatusInternalServerError, nil + } + keys[i] = s + } + + case []string: + keys = keysRaw.([]string) + default: return http.StatusInternalServerError, nil } + if len(keys) == 0 { return http.StatusNotFound, nil } From 74a3b5a9644e0ded91adee9b40dfe1355820aabc Mon Sep 17 00:00:00 2001 From: Xiang Li Date: Thu, 1 Feb 2018 16:04:52 -0800 Subject: [PATCH 034/178] etcd3: only create lock when lock is called (#3893) --- physical/etcd/etcd3.go | 36 +++++++++++++++++++++--------------- 1 file changed, 21 insertions(+), 15 deletions(-) diff --git a/physical/etcd/etcd3.go b/physical/etcd/etcd3.go index 2495e6f5fe3f..dac9329e4fc0 100644 --- a/physical/etcd/etcd3.go +++ b/physical/etcd/etcd3.go @@ -249,18 +249,11 @@ type EtcdLock struct { // Lock is used for mutual exclusion based on the given key. func (c *EtcdBackend) LockWith(key, value string) (physical.Lock, error) { - session, err := concurrency.NewSession(c.etcd, concurrency.WithTTL(etcd3LockTimeoutInSeconds)) - if err != nil { - return nil, err - } - p := path.Join(c.path, key) return &EtcdLock{ - etcdSession: session, - etcdMu: concurrency.NewMutex(session, p), - prefix: p, - value: value, - etcd: c.etcd, + prefix: p, + value: value, + etcd: c.etcd, }, nil } @@ -268,6 +261,12 @@ func (c *EtcdLock) Lock(stopCh <-chan struct{}) (<-chan struct{}, error) { c.lock.Lock() defer c.lock.Unlock() + if c.etcdMu == nil { + if err := c.initMu(); err != nil { + return nil, err + } + } + if c.held { return nil, EtcdLockHeldError } @@ -276,13 +275,10 @@ func (c *EtcdLock) Lock(stopCh <-chan struct{}) (<-chan struct{}, error) { case _, ok := <-c.etcdSession.Done(): if !ok { // The session's done channel is closed, so the session is over, - // and we need a new one - session, err := concurrency.NewSession(c.etcd, concurrency.WithTTL(etcd3LockTimeoutInSeconds)) - if err != nil { + // and we need a new lock with a new session. + if err := c.initMu(); err != nil { return nil, err } - c.etcdSession = session - c.etcdMu = concurrency.NewMutex(session, c.prefix) } default: } @@ -340,3 +336,13 @@ func (c *EtcdLock) Value() (bool, string, error) { return true, string(resp.Kvs[0].Value), nil } + +func (c *EtcdLock) initMu() error { + session, err := concurrency.NewSession(c.etcd, concurrency.WithTTL(etcd3LockTimeoutInSeconds)) + if err != nil { + return err + } + c.etcdSession = session + c.etcdMu = concurrency.NewMutex(session, c.prefix) + return nil +} From 556916e28cea2ee2e92db42692aaed5b8bf96164 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Thu, 1 Feb 2018 19:05:29 -0500 Subject: [PATCH 035/178] changelog++ --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 89f044bc4b15..5e23acb3e0e4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ BUG FIXES: * auth/token: Token creation via the CLI no longer forces periodic token creation. Passing an explicit zero value for the period no longer create periodic tokens [GH-3880] + * storage/etcd3: Fix memory ballooning with standby instances [GH-3798] ## 0.9.3 (January 28th, 2018) From 6a22114a8f814c14b3f58425002858993cf1d40e Mon Sep 17 00:00:00 2001 From: Xiang Li Date: Thu, 1 Feb 2018 16:08:09 -0800 Subject: [PATCH 036/178] etcd: config etcd3 client's max response size (#3891) --- physical/etcd/etcd3.go | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/physical/etcd/etcd3.go b/physical/etcd/etcd3.go index dac9329e4fc0..cd244ce8ae08 100644 --- a/physical/etcd/etcd3.go +++ b/physical/etcd/etcd3.go @@ -113,6 +113,15 @@ func newEtcd3Backend(conf map[string]string, logger log.Logger) (physical.Backen cfg.Password = password } + if maxReceive, ok := conf["max_receive_size"]; ok { + // grpc converts this to uint32 internally, so parse as that to avoid passing invalid values + val, err := strconv.ParseUint(maxReceive, 10, 32) + if err != nil { + return nil, fmt.Errorf("value [%v] of 'max_receive_size' could not be understood", maxReceive) + } + cfg.MaxCallRecvMsgSize = int(val) + } + etcd, err := clientv3.New(cfg) if err != nil { return nil, err From 13afb528db73c481c9ca5e5c4251c2f199f38e55 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Thu, 1 Feb 2018 19:08:39 -0500 Subject: [PATCH 037/178] changelog++ --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5e23acb3e0e4..80ea0766cb48 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,8 @@ BUG FIXES: creation. Passing an explicit zero value for the period no longer create periodic tokens [GH-3880] * storage/etcd3: Fix memory ballooning with standby instances [GH-3798] + * storage/etcd3: Fix large lists (like token loading at startup) not being + handled [GH-3772] ## 0.9.3 (January 28th, 2018) From f2dfba96558aa3a48590b0b8c7355eba9b562cb8 Mon Sep 17 00:00:00 2001 From: Brian Kassouf Date: Thu, 1 Feb 2018 16:47:38 -0800 Subject: [PATCH 038/178] changelog++ --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 80ea0766cb48..fca63c307a58 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,8 @@ BUG FIXES: * storage/etcd3: Fix memory ballooning with standby instances [GH-3798] * storage/etcd3: Fix large lists (like token loading at startup) not being handled [GH-3772] + * plugin/gRPC: Fixed an issue with list requests and raw responses coming from + plugins using gRPC transport [GH-3881] ## 0.9.3 (January 28th, 2018) From feb47cbf7fce6a11b7c3c239e5e11f5a1f0f3ecb Mon Sep 17 00:00:00 2001 From: George Christou Date: Fri, 2 Feb 2018 15:34:48 +0000 Subject: [PATCH 039/178] website: Include `fish` as a supported shell (#3895) --- website/source/intro/getting-started/install.html.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/website/source/intro/getting-started/install.html.md b/website/source/intro/getting-started/install.html.md index bf46f0f30bd8..a7ef2657ee5d 100644 --- a/website/source/intro/getting-started/install.html.md +++ b/website/source/intro/getting-started/install.html.md @@ -72,7 +72,7 @@ Otherwise, Vault is installed and ready to go! Vault also includes command-line completion for subcommands, flags, and path arguments where supported. To install command-line completion, you must be using -Bash or ZSH. Unfortunately other shells are not supported at this time. +Bash, ZSH or Fish. Unfortunately other shells are not supported at this time. To install completions, run: @@ -80,9 +80,9 @@ To install completions, run: $ vault -autocomplete-install ``` -This will install the helpers in your `~/.bashrc` or `~/.zshrc` automatically. -Then restart your terminal or reload your shell: - +This will automatically install the helpers in your `~/.bashrc` or `~/.zshrc`, or to +`~/.config/fish/completions/vault.fish` for Fish users. Then restart your terminal +or reload your shell: ```sh $ exec $SHELL ``` From 3d7d2a01dd79dc4246e06e3e079914e7285e8b91 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Fri, 2 Feb 2018 18:17:12 -0500 Subject: [PATCH 040/178] Add a sysview call to determine if a mount is local. (#3899) This is useful for deciding when to run upgrade logic, e.g. if on a performance secondary but local it's fine to run. --- logical/plugin/grpc_system.go | 16 ++ logical/plugin/pb/backend.pb.go | 307 +++++++++++++++++++------------- logical/plugin/pb/backend.proto | 7 +- logical/plugin/system.go | 23 +++ logical/system_view.go | 9 + vault/dynamic_system_view.go | 4 + 6 files changed, 237 insertions(+), 129 deletions(-) diff --git a/logical/plugin/grpc_system.go b/logical/plugin/grpc_system.go index b7081b0d77fd..17aeec411d92 100644 --- a/logical/plugin/grpc_system.go +++ b/logical/plugin/grpc_system.go @@ -123,6 +123,15 @@ func (s *gRPCSystemViewClient) MlockEnabled() bool { return reply.Enabled } +func (s *gRPCSystemViewClient) LocalMount() bool { + reply, err := s.client.LocalMount(context.Background(), &pb.Empty{}) + if err != nil { + return false + } + + return reply.Local +} + type gRPCSystemViewServer struct { impl logical.SystemView } @@ -200,3 +209,10 @@ func (s *gRPCSystemViewServer) MlockEnabled(ctx context.Context, _ *pb.Empty) (* Enabled: enabled, }, nil } + +func (s *gRPCSystemViewServer) LocalMount(ctx context.Context, _ *pb.Empty) (*pb.LocalMountReply, error) { + local := s.impl.LocalMount() + return &pb.LocalMountReply{ + Local: local, + }, nil +} diff --git a/logical/plugin/pb/backend.pb.go b/logical/plugin/pb/backend.pb.go index 2d579e0bc1a4..10279e9ac5f8 100644 --- a/logical/plugin/pb/backend.pb.go +++ b/logical/plugin/pb/backend.pb.go @@ -47,6 +47,7 @@ It has these top-level messages: ResponseWrapDataArgs ResponseWrapDataReply MlockEnabledReply + LocalMountReply */ package pb @@ -1384,6 +1385,22 @@ func (m *MlockEnabledReply) GetEnabled() bool { return false } +type LocalMountReply struct { + Local bool `sentinel:"" protobuf:"varint,1,opt,name=local" json:"local,omitempty"` +} + +func (m *LocalMountReply) Reset() { *m = LocalMountReply{} } +func (m *LocalMountReply) String() string { return proto.CompactTextString(m) } +func (*LocalMountReply) ProtoMessage() {} +func (*LocalMountReply) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{39} } + +func (m *LocalMountReply) GetLocal() bool { + if m != nil { + return m.Local + } + return false +} + func init() { proto.RegisterType((*Empty)(nil), "pb.Empty") proto.RegisterType((*Header)(nil), "pb.Header") @@ -1424,6 +1441,7 @@ func init() { proto.RegisterType((*ResponseWrapDataArgs)(nil), "pb.ResponseWrapDataArgs") proto.RegisterType((*ResponseWrapDataReply)(nil), "pb.ResponseWrapDataReply") proto.RegisterType((*MlockEnabledReply)(nil), "pb.MlockEnabledReply") + proto.RegisterType((*LocalMountReply)(nil), "pb.LocalMountReply") } // Reference imports to suppress errors if they are not otherwise used. @@ -1870,6 +1888,7 @@ type SystemViewClient interface { ReplicationState(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*ReplicationStateReply, error) ResponseWrapData(ctx context.Context, in *ResponseWrapDataArgs, opts ...grpc.CallOption) (*ResponseWrapDataReply, error) MlockEnabled(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*MlockEnabledReply, error) + LocalMount(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*LocalMountReply, error) } type systemViewClient struct { @@ -1952,6 +1971,15 @@ func (c *systemViewClient) MlockEnabled(ctx context.Context, in *Empty, opts ... return out, nil } +func (c *systemViewClient) LocalMount(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*LocalMountReply, error) { + out := new(LocalMountReply) + err := grpc.Invoke(ctx, "/pb.SystemView/LocalMount", in, out, c.cc, opts...) + if err != nil { + return nil, err + } + return out, nil +} + // Server API for SystemView service type SystemViewServer interface { @@ -1963,6 +1991,7 @@ type SystemViewServer interface { ReplicationState(context.Context, *Empty) (*ReplicationStateReply, error) ResponseWrapData(context.Context, *ResponseWrapDataArgs) (*ResponseWrapDataReply, error) MlockEnabled(context.Context, *Empty) (*MlockEnabledReply, error) + LocalMount(context.Context, *Empty) (*LocalMountReply, error) } func RegisterSystemViewServer(s *grpc.Server, srv SystemViewServer) { @@ -2113,6 +2142,24 @@ func _SystemView_MlockEnabled_Handler(srv interface{}, ctx context.Context, dec return interceptor(ctx, in, info, handler) } +func _SystemView_LocalMount_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(Empty) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(SystemViewServer).LocalMount(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/pb.SystemView/LocalMount", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(SystemViewServer).LocalMount(ctx, req.(*Empty)) + } + return interceptor(ctx, in, info, handler) +} + var _SystemView_serviceDesc = grpc.ServiceDesc{ ServiceName: "pb.SystemView", HandlerType: (*SystemViewServer)(nil), @@ -2149,6 +2196,10 @@ var _SystemView_serviceDesc = grpc.ServiceDesc{ MethodName: "MlockEnabled", Handler: _SystemView_MlockEnabled_Handler, }, + { + MethodName: "LocalMount", + Handler: _SystemView_LocalMount_Handler, + }, }, Streams: []grpc.StreamDesc{}, Metadata: "logical/plugin/pb/backend.proto", @@ -2157,131 +2208,133 @@ var _SystemView_serviceDesc = grpc.ServiceDesc{ func init() { proto.RegisterFile("logical/plugin/pb/backend.proto", fileDescriptor0) } var fileDescriptor0 = []byte{ - // 2014 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x58, 0xdb, 0x72, 0xdb, 0xc8, - 0xd1, 0x2e, 0x92, 0x22, 0x09, 0x36, 0x49, 0x1d, 0x46, 0xb2, 0x7f, 0x88, 0xf6, 0xfe, 0x62, 0xb0, - 0x65, 0x85, 0xeb, 0xaa, 0xa5, 0x6c, 0xe6, 0xe4, 0x4d, 0x6a, 0x37, 0xa5, 0xc8, 0x5a, 0xaf, 0xb2, - 0xf6, 0xae, 0x0a, 0x62, 0xb2, 0x49, 0x25, 0x55, 0xdc, 0x11, 0xd0, 0xa2, 0x50, 0x02, 0x01, 0x64, - 0x30, 0x90, 0xcc, 0xab, 0x3c, 0x42, 0xee, 0x36, 0x4f, 0x92, 0x77, 0x48, 0x55, 0xae, 0xf3, 0x1a, - 0xb9, 0xc8, 0x13, 0xa4, 0xe6, 0x00, 0x70, 0x40, 0x52, 0xb1, 0x53, 0x95, 0xdc, 0x4d, 0x7f, 0xdd, - 0x33, 0x3d, 0xd3, 0xd3, 0xfd, 0xf5, 0x00, 0x70, 0x10, 0xc6, 0xd3, 0xc0, 0xa3, 0xe1, 0x51, 0x12, - 0x66, 0xd3, 0x20, 0x3a, 0x4a, 0x2e, 0x8f, 0x2e, 0xa9, 0x77, 0x83, 0x91, 0x3f, 0x4c, 0x58, 0xcc, - 0x63, 0x52, 0x4d, 0x2e, 0x7b, 0x07, 0xd3, 0x38, 0x9e, 0x86, 0x78, 0x24, 0x91, 0xcb, 0xec, 0xea, - 0x88, 0x07, 0x33, 0x4c, 0x39, 0x9d, 0x25, 0xca, 0xc8, 0x69, 0x42, 0xfd, 0x74, 0x96, 0xf0, 0xb9, - 0xd3, 0x87, 0xc6, 0x17, 0x48, 0x7d, 0x64, 0xe4, 0x21, 0x34, 0xae, 0xe5, 0xc8, 0xae, 0xf4, 0x6b, - 0x83, 0x96, 0xab, 0x25, 0xe7, 0x77, 0x00, 0xe7, 0x62, 0xce, 0x29, 0x63, 0x31, 0x23, 0xfb, 0x60, - 0x21, 0x63, 0x13, 0x3e, 0x4f, 0xd0, 0xae, 0xf4, 0x2b, 0x83, 0xae, 0xdb, 0x44, 0xc6, 0xc6, 0xf3, - 0x04, 0xc9, 0xff, 0x81, 0x18, 0x4e, 0x66, 0xe9, 0xd4, 0xae, 0xf6, 0x2b, 0x62, 0x05, 0x64, 0xec, - 0x4d, 0x3a, 0xcd, 0xe7, 0x78, 0xb1, 0x8f, 0x76, 0xad, 0x5f, 0x19, 0xd4, 0xe4, 0x9c, 0x93, 0xd8, - 0x47, 0xe7, 0xbb, 0x0a, 0xd4, 0xcf, 0x29, 0xbf, 0x4e, 0x09, 0x81, 0x0d, 0x16, 0xc7, 0x5c, 0x3b, - 0x97, 0x63, 0x32, 0x80, 0xad, 0x2c, 0xa2, 0x19, 0xbf, 0xc6, 0x88, 0x07, 0x1e, 0xe5, 0xe8, 0xdb, - 0x55, 0xa9, 0x5e, 0x86, 0xc9, 0x87, 0xd0, 0x0d, 0x63, 0x8f, 0x86, 0x93, 0x94, 0xc7, 0x8c, 0x4e, - 0x85, 0x1f, 0x61, 0xd7, 0x91, 0xe0, 0x85, 0xc2, 0xc8, 0x53, 0xd8, 0x49, 0x91, 0x86, 0x93, 0x3b, - 0x46, 0x93, 0xc2, 0x70, 0x43, 0x2d, 0x28, 0x14, 0xdf, 0x30, 0x9a, 0x68, 0x5b, 0xe7, 0x4f, 0x0d, - 0x68, 0xba, 0xf8, 0x87, 0x0c, 0x53, 0x4e, 0x36, 0xa1, 0x1a, 0xf8, 0xf2, 0xb4, 0x2d, 0xb7, 0x1a, - 0xf8, 0x64, 0x08, 0xc4, 0xc5, 0x24, 0x14, 0xae, 0x83, 0x38, 0x3a, 0x09, 0xb3, 0x94, 0x23, 0xd3, - 0x67, 0x5e, 0xa3, 0x21, 0x8f, 0xa1, 0x15, 0x27, 0xc8, 0x24, 0x26, 0x03, 0xd0, 0x72, 0x17, 0x80, - 0x38, 0x78, 0x42, 0xf9, 0xb5, 0xbd, 0x21, 0x15, 0x72, 0x2c, 0x30, 0x9f, 0x72, 0x6a, 0xd7, 0x15, - 0x26, 0xc6, 0xc4, 0x81, 0x46, 0x8a, 0x1e, 0x43, 0x6e, 0x37, 0xfa, 0x95, 0x41, 0x7b, 0x04, 0xc3, - 0xe4, 0x72, 0x78, 0x21, 0x11, 0x57, 0x6b, 0xc8, 0x63, 0xd8, 0x10, 0x71, 0xb1, 0x9b, 0xd2, 0xc2, - 0x12, 0x16, 0xc7, 0x19, 0xbf, 0x76, 0x25, 0x4a, 0x46, 0xd0, 0x54, 0x77, 0x9a, 0xda, 0x56, 0xbf, - 0x36, 0x68, 0x8f, 0x6c, 0x61, 0xa0, 0x4f, 0x39, 0x54, 0x69, 0x90, 0x9e, 0x46, 0x9c, 0xcd, 0xdd, - 0xdc, 0x90, 0x7c, 0x0f, 0x3a, 0x5e, 0x18, 0x60, 0xc4, 0x27, 0x3c, 0xbe, 0xc1, 0xc8, 0x6e, 0xc9, - 0x1d, 0xb5, 0x15, 0x36, 0x16, 0x10, 0x19, 0xc1, 0x03, 0xd3, 0x64, 0x42, 0x3d, 0x0f, 0xd3, 0x34, - 0x66, 0x36, 0x48, 0xdb, 0x5d, 0xc3, 0xf6, 0x58, 0xab, 0xc4, 0xb2, 0x7e, 0x90, 0x26, 0x21, 0x9d, - 0x4f, 0x22, 0x3a, 0x43, 0xbb, 0xad, 0x96, 0xd5, 0xd8, 0x57, 0x74, 0x86, 0xe4, 0x00, 0xda, 0xb3, - 0x38, 0x8b, 0xf8, 0x24, 0x89, 0x83, 0x88, 0xdb, 0x1d, 0x69, 0x01, 0x12, 0x3a, 0x17, 0x08, 0xf9, - 0x00, 0x94, 0xa4, 0x92, 0xb1, 0xab, 0xe2, 0x2a, 0x11, 0x99, 0x8e, 0x4f, 0x60, 0x53, 0xa9, 0x8b, - 0xfd, 0x6c, 0x4a, 0x93, 0xae, 0x44, 0x8b, 0x9d, 0x3c, 0x83, 0x96, 0xcc, 0x87, 0x20, 0xba, 0x8a, - 0xed, 0x2d, 0x19, 0xb7, 0x5d, 0x23, 0x2c, 0x22, 0x27, 0xce, 0xa2, 0xab, 0xd8, 0xb5, 0xee, 0xf4, - 0x88, 0x7c, 0x0a, 0x8f, 0x4a, 0xe7, 0x65, 0x38, 0xa3, 0x41, 0x14, 0x44, 0xd3, 0x49, 0x96, 0x62, - 0x6a, 0x6f, 0xcb, 0x0c, 0xb7, 0x8d, 0x53, 0xbb, 0xb9, 0xc1, 0xaf, 0x52, 0x4c, 0xc9, 0x23, 0x68, - 0x89, 0xbc, 0xe5, 0xf3, 0x49, 0xe0, 0xdb, 0x3b, 0x72, 0x4b, 0x96, 0x02, 0xce, 0x7c, 0xf2, 0x7d, - 0xd8, 0x4a, 0xe2, 0x30, 0xf0, 0xe6, 0x93, 0xf8, 0x16, 0x19, 0x0b, 0x7c, 0xb4, 0x49, 0xbf, 0x32, - 0xb0, 0xdc, 0x4d, 0x05, 0x7f, 0xad, 0xd1, 0x75, 0xa5, 0xb1, 0x2b, 0x0d, 0x97, 0xe1, 0xde, 0xe7, - 0xd0, 0x31, 0xaf, 0x96, 0x6c, 0x43, 0xed, 0x06, 0xe7, 0x3a, 0x9d, 0xc5, 0x90, 0xf4, 0xa1, 0x7e, - 0x4b, 0xc3, 0x0c, 0x65, 0x0a, 0xeb, 0xc4, 0x52, 0x53, 0x5c, 0xa5, 0xf8, 0x69, 0xf5, 0x45, 0xc5, - 0xa1, 0x50, 0x3f, 0x0e, 0x03, 0x9a, 0x2e, 0xc5, 0xbd, 0xf2, 0xee, 0xb8, 0x57, 0xd7, 0xc5, 0x9d, - 0xc0, 0x86, 0xbc, 0x79, 0x55, 0x0f, 0x72, 0xec, 0xfc, 0xb3, 0x06, 0x1b, 0x22, 0x5f, 0xc9, 0x8f, - 0xa0, 0x1b, 0x22, 0x4d, 0x71, 0x12, 0x27, 0xa2, 0x46, 0x52, 0xe9, 0xa5, 0x3d, 0xda, 0x16, 0x3b, - 0x7b, 0x2d, 0x14, 0x5f, 0x2b, 0xdc, 0xed, 0x84, 0x86, 0x24, 0x58, 0x20, 0x88, 0x38, 0xb2, 0x88, - 0x86, 0x13, 0x59, 0x3f, 0xca, 0x73, 0x27, 0x07, 0x5f, 0x8a, 0x3a, 0x5a, 0x4e, 0xbd, 0xda, 0x6a, - 0xea, 0xf5, 0xc0, 0x92, 0xe1, 0x0e, 0x30, 0xd5, 0xfc, 0x50, 0xc8, 0x64, 0x04, 0xd6, 0x0c, 0x39, - 0xd5, 0xe5, 0x29, 0xaa, 0xe8, 0x61, 0x5e, 0x66, 0xc3, 0x37, 0x5a, 0xa1, 0x6a, 0xa8, 0xb0, 0x5b, - 0x29, 0xa2, 0xc6, 0x6a, 0x11, 0xf5, 0xc0, 0x2a, 0xe2, 0xd5, 0x54, 0x49, 0x91, 0xcb, 0x82, 0x99, - 0x13, 0x64, 0x41, 0xec, 0xdb, 0x96, 0xcc, 0x2d, 0x2d, 0x09, 0x5e, 0x8d, 0xb2, 0x99, 0xca, 0xba, - 0x96, 0xe2, 0xd5, 0x28, 0x9b, 0xad, 0x26, 0x19, 0x2c, 0x25, 0xd9, 0x01, 0xd4, 0xa9, 0xb8, 0x49, - 0x59, 0x75, 0xed, 0x51, 0x4b, 0xee, 0x5f, 0x00, 0xae, 0xc2, 0xc9, 0x10, 0xba, 0x53, 0x16, 0x67, - 0xc9, 0x44, 0x8a, 0x98, 0xda, 0x1d, 0x79, 0x50, 0xc3, 0xb0, 0x23, 0xf5, 0xc7, 0x4a, 0xdd, 0xfb, - 0x19, 0x74, 0x4b, 0x47, 0x5f, 0x93, 0x63, 0x7b, 0x66, 0x8e, 0xb5, 0xcc, 0xbc, 0xfa, 0x73, 0x05, - 0x3a, 0xe6, 0x9d, 0x8a, 0xc9, 0xe3, 0xf1, 0x6b, 0x39, 0xb9, 0xe6, 0x8a, 0xa1, 0x20, 0x50, 0x86, - 0x11, 0xde, 0xd1, 0xcb, 0x50, 0x2d, 0x60, 0xb9, 0x0b, 0x40, 0x68, 0x83, 0xc8, 0x63, 0x38, 0xc3, - 0x88, 0xeb, 0xfe, 0xb2, 0x00, 0xc8, 0x27, 0x00, 0x41, 0x9a, 0x66, 0x38, 0x11, 0x2d, 0x50, 0x92, - 0x6c, 0x7b, 0xd4, 0x1b, 0xaa, 0xfe, 0x38, 0xcc, 0xfb, 0xe3, 0x70, 0x9c, 0xf7, 0x47, 0xb7, 0x25, - 0xad, 0x85, 0xec, 0xfc, 0x11, 0x1a, 0x8a, 0x5f, 0xff, 0xa7, 0xf9, 0xb8, 0x0f, 0x96, 0x5a, 0x3b, - 0xf0, 0x75, 0x2e, 0x36, 0xa5, 0x7c, 0xe6, 0x3b, 0x7f, 0xab, 0x80, 0xe5, 0x62, 0x9a, 0xc4, 0x51, - 0x8a, 0x06, 0xff, 0x57, 0xde, 0xc9, 0xff, 0xd5, 0xb5, 0xfc, 0x9f, 0x77, 0x95, 0x9a, 0xd1, 0x55, - 0x7a, 0x60, 0x31, 0xf4, 0x03, 0x86, 0x1e, 0xd7, 0x1d, 0xa8, 0x90, 0x85, 0xee, 0x8e, 0x32, 0x41, - 0x5c, 0xa9, 0x4c, 0xf5, 0x96, 0x5b, 0xc8, 0xe4, 0xb9, 0x49, 0x9b, 0xaa, 0x21, 0xed, 0x29, 0xda, - 0x54, 0xdb, 0x5d, 0xe5, 0x4d, 0xe7, 0xaf, 0x55, 0xd8, 0x5e, 0x56, 0xaf, 0xb9, 0xec, 0x3d, 0xa8, - 0xab, 0x2a, 0xd1, 0x99, 0xc2, 0x57, 0xea, 0xa3, 0xb6, 0x54, 0x1f, 0x3f, 0x87, 0xae, 0xc7, 0x50, - 0x76, 0xd3, 0xf7, 0xbd, 0xe5, 0x4e, 0x3e, 0x41, 0x40, 0xe4, 0x23, 0xd8, 0x16, 0xbb, 0x4c, 0xd0, - 0x5f, 0x90, 0x96, 0x6a, 0xbd, 0x5b, 0x1a, 0x2f, 0x68, 0xeb, 0x29, 0xec, 0xe4, 0xa6, 0x8b, 0x02, - 0x6b, 0x94, 0x6c, 0x4f, 0xf3, 0x3a, 0x7b, 0x08, 0x8d, 0xab, 0x98, 0xcd, 0x28, 0xd7, 0x15, 0xad, - 0x25, 0x91, 0x16, 0xc5, 0x7e, 0x65, 0xeb, 0xb7, 0x54, 0x5a, 0xe4, 0xa0, 0x78, 0x10, 0x89, 0x0a, - 0x2e, 0x1e, 0x2b, 0xb2, 0xba, 0x2d, 0xd7, 0xca, 0x1f, 0x29, 0xce, 0x6f, 0x60, 0x6b, 0xa9, 0x3f, - 0xad, 0x09, 0xe4, 0xc2, 0x7d, 0xb5, 0xe4, 0xbe, 0xb4, 0x72, 0x6d, 0x69, 0xe5, 0xdf, 0xc2, 0xce, - 0x17, 0x34, 0xf2, 0x43, 0xd4, 0xeb, 0x1f, 0xb3, 0xa9, 0x64, 0x7c, 0xfd, 0x5c, 0x9a, 0xe8, 0x87, - 0x50, 0xd7, 0x6d, 0x69, 0xe4, 0xcc, 0x27, 0x4f, 0xa0, 0xc9, 0x94, 0xb5, 0x4e, 0xbc, 0xb6, 0xd1, - 0x40, 0xdd, 0x5c, 0xe7, 0x7c, 0x0b, 0xa4, 0xb4, 0xb4, 0x78, 0x29, 0xcd, 0xc9, 0x40, 0x24, 0xa0, - 0x4a, 0x0a, 0x9d, 0xd8, 0x1d, 0x33, 0x8f, 0xdc, 0x42, 0x4b, 0xfa, 0x50, 0x43, 0xc6, 0xb4, 0x8b, - 0x4d, 0x61, 0xb4, 0x78, 0x97, 0xba, 0x42, 0xe5, 0xfc, 0x10, 0x76, 0x2e, 0x12, 0xf4, 0x02, 0x1a, - 0xca, 0x37, 0xa5, 0x72, 0x70, 0x00, 0x75, 0x11, 0xe4, 0xbc, 0x66, 0x25, 0x89, 0x29, 0xb5, 0xc2, - 0x9d, 0x6f, 0xc1, 0x56, 0xfb, 0x3a, 0x7d, 0x1b, 0xa4, 0x1c, 0x23, 0x0f, 0x4f, 0xae, 0xd1, 0xbb, - 0xf9, 0x2f, 0x9e, 0xfc, 0x16, 0xf6, 0xd7, 0x79, 0xc8, 0xf7, 0xd7, 0xf6, 0x84, 0x34, 0xb9, 0x8a, - 0xb3, 0x48, 0xf9, 0xb0, 0x5c, 0x90, 0xd0, 0xe7, 0x02, 0x11, 0xf7, 0x88, 0x62, 0x5e, 0xaa, 0xa9, - 0x4f, 0x4b, 0x79, 0x3c, 0x6a, 0xf7, 0xc7, 0xe3, 0xbb, 0x0a, 0xb4, 0x2e, 0x90, 0x67, 0x89, 0x3c, - 0xcb, 0x23, 0x68, 0x5d, 0xb2, 0xf8, 0x06, 0xd9, 0xe2, 0x28, 0x96, 0x02, 0xce, 0x7c, 0xf2, 0x1c, - 0x1a, 0x27, 0x71, 0x74, 0x15, 0x4c, 0xe5, 0x0b, 0xbb, 0x3d, 0xda, 0x57, 0xec, 0xa2, 0xe7, 0x0e, - 0x95, 0x4e, 0xf5, 0x35, 0x6d, 0xd8, 0xfb, 0x04, 0xda, 0x06, 0xfc, 0x1f, 0x71, 0xfe, 0xff, 0x03, - 0xc8, 0xb5, 0x55, 0x04, 0xb6, 0xd5, 0x41, 0xf4, 0x4c, 0xb1, 0xf1, 0x03, 0x68, 0x89, 0xb7, 0x84, - 0x52, 0x13, 0xd8, 0x30, 0x3e, 0x37, 0xe4, 0xd8, 0x79, 0x02, 0x3b, 0x67, 0xd1, 0x2d, 0x0d, 0x03, - 0x9f, 0x72, 0xfc, 0x12, 0xe7, 0xf2, 0x80, 0x2b, 0x3b, 0x70, 0x2e, 0xa0, 0xa3, 0x1f, 0xf4, 0xef, - 0xb5, 0xc7, 0x8e, 0xde, 0xe3, 0xbf, 0x2f, 0x91, 0x8f, 0x60, 0x4b, 0x2f, 0xfa, 0x3a, 0xd0, 0x05, - 0x22, 0x3a, 0x34, 0xc3, 0xab, 0xe0, 0xad, 0x5e, 0x5a, 0x4b, 0xce, 0x0b, 0xd8, 0x36, 0x4c, 0x8b, - 0xe3, 0xdc, 0xe0, 0x3c, 0xcd, 0x3f, 0x74, 0xc4, 0x38, 0x8f, 0x40, 0x75, 0x11, 0x01, 0x07, 0x36, - 0xf5, 0xcc, 0x57, 0xc8, 0xef, 0x39, 0xdd, 0x97, 0xc5, 0x46, 0x5e, 0xa1, 0x5e, 0xfc, 0x10, 0xea, - 0x28, 0x4e, 0x6a, 0x36, 0x28, 0x33, 0x02, 0xae, 0x52, 0xaf, 0x71, 0xf8, 0xa2, 0x70, 0x78, 0x9e, - 0x29, 0x87, 0xef, 0xb9, 0x96, 0xf3, 0x61, 0xb1, 0x8d, 0xf3, 0x8c, 0xdf, 0x77, 0xa3, 0x4f, 0x60, - 0x47, 0x1b, 0xbd, 0xc4, 0x10, 0x39, 0xde, 0x73, 0xa4, 0x43, 0x20, 0x25, 0xb3, 0xfb, 0x96, 0x7b, - 0x0c, 0xd6, 0x78, 0xfc, 0xba, 0xd0, 0x96, 0x99, 0xcf, 0xf9, 0x14, 0x76, 0x2e, 0x32, 0x3f, 0x3e, - 0x67, 0xc1, 0x6d, 0x10, 0xe2, 0x54, 0x39, 0xcb, 0xbf, 0xb3, 0x2a, 0xc6, 0x77, 0xd6, 0xda, 0x5e, - 0xe3, 0x0c, 0x80, 0x94, 0xa6, 0x17, 0xf7, 0x96, 0x66, 0x7e, 0xac, 0x0b, 0x54, 0x8e, 0x9d, 0x01, - 0x74, 0xc6, 0x54, 0x74, 0x73, 0x5f, 0xd9, 0xd8, 0xd0, 0xe4, 0x4a, 0xd6, 0x66, 0xb9, 0xe8, 0x8c, - 0x60, 0xef, 0x84, 0x7a, 0xd7, 0x41, 0x34, 0x7d, 0x19, 0xa4, 0xe2, 0xd9, 0xa2, 0x67, 0xf4, 0xc0, - 0xf2, 0x35, 0xa0, 0xa7, 0x14, 0xb2, 0xf3, 0x31, 0x3c, 0x30, 0xbe, 0x26, 0x2f, 0x38, 0xcd, 0xe3, - 0xb1, 0x07, 0xf5, 0x54, 0x48, 0x72, 0x46, 0xdd, 0x55, 0x82, 0xf3, 0x15, 0xec, 0x99, 0xed, 0x55, - 0x3c, 0x2e, 0xf2, 0x83, 0xcb, 0xb6, 0x5f, 0x31, 0xda, 0xbe, 0x8e, 0x59, 0x75, 0xd1, 0x2d, 0xb6, - 0xa1, 0xf6, 0xcb, 0x6f, 0xc6, 0x3a, 0xd9, 0xc5, 0xd0, 0xf9, 0xbd, 0x70, 0x5f, 0x5e, 0x4f, 0xb9, - 0x2f, 0xf5, 0xfe, 0xca, 0xfb, 0xf4, 0xfe, 0x35, 0xf9, 0xf6, 0x31, 0xec, 0xbc, 0x09, 0x63, 0xef, - 0xe6, 0x34, 0x32, 0xa2, 0x61, 0x43, 0x13, 0x23, 0x33, 0x18, 0xb9, 0x38, 0xfa, 0x47, 0x15, 0x9a, - 0xbf, 0x50, 0xff, 0x39, 0xc8, 0x67, 0xd0, 0x2d, 0x35, 0x12, 0xf2, 0x40, 0x7e, 0xb1, 0x2c, 0xb7, - 0xad, 0xde, 0xc3, 0x15, 0x58, 0x79, 0x79, 0x06, 0x1d, 0xb3, 0x4d, 0x10, 0xd9, 0x12, 0xe4, 0xef, - 0x90, 0x9e, 0x5c, 0x69, 0xb5, 0x87, 0x5c, 0xc0, 0xde, 0x3a, 0x02, 0x27, 0x8f, 0x17, 0x1e, 0x56, - 0x9b, 0x47, 0xef, 0x83, 0xfb, 0xb4, 0x39, 0xf1, 0x37, 0x4f, 0x42, 0xa4, 0x51, 0x96, 0x98, 0x3b, - 0x58, 0x0c, 0xc9, 0x73, 0xe8, 0x96, 0x48, 0x4e, 0x9d, 0x73, 0x85, 0xf7, 0xcc, 0x29, 0x87, 0x50, - 0x97, 0xc4, 0x4a, 0xba, 0x25, 0xfe, 0xee, 0x6d, 0x16, 0xa2, 0xf2, 0xdd, 0x87, 0x0d, 0xf9, 0xb1, - 0x66, 0x38, 0x96, 0x33, 0x0a, 0xd6, 0x1d, 0xfd, 0xbd, 0x02, 0xcd, 0xfc, 0xc7, 0xc9, 0x73, 0xd8, - 0x10, 0xfc, 0x45, 0x76, 0x0d, 0x0a, 0xc8, 0xb9, 0xaf, 0xb7, 0xb7, 0x04, 0x2a, 0x07, 0x43, 0xa8, - 0xbd, 0x42, 0x4e, 0x88, 0xa1, 0xd4, 0x44, 0xd6, 0xdb, 0x2d, 0x63, 0x85, 0xfd, 0x79, 0x56, 0xb6, - 0xd7, 0x3c, 0x54, 0xb2, 0x2f, 0x18, 0xe6, 0x27, 0xd0, 0x50, 0x0c, 0xa1, 0x82, 0xb2, 0xc2, 0x2d, - 0xea, 0xf2, 0x57, 0xb9, 0x64, 0xf4, 0x97, 0x1a, 0xc0, 0xc5, 0x3c, 0xe5, 0x38, 0xfb, 0x75, 0x80, - 0x77, 0xe4, 0x29, 0x6c, 0xbd, 0xc4, 0x2b, 0x9a, 0x85, 0x5c, 0xbe, 0xe3, 0x45, 0x25, 0x18, 0x31, - 0x91, 0x4f, 0x91, 0x82, 0x68, 0x0e, 0xa1, 0xfd, 0x86, 0xbe, 0x7d, 0xb7, 0xdd, 0x67, 0xd0, 0x2d, - 0xf1, 0x87, 0xde, 0xe2, 0x32, 0x23, 0xe9, 0x2d, 0xae, 0x32, 0xcd, 0x21, 0x34, 0x35, 0xab, 0x98, - 0x3e, 0x24, 0xff, 0x96, 0xd8, 0xe6, 0xc7, 0xb0, 0xb5, 0xc4, 0x29, 0xa6, 0xbd, 0xfc, 0xb9, 0xb3, - 0x96, 0x73, 0x5e, 0x88, 0x77, 0x78, 0x99, 0x57, 0xcc, 0x89, 0xfb, 0xaa, 0x96, 0xd7, 0x11, 0xcf, - 0xab, 0xf2, 0x0b, 0x5e, 0x7e, 0xbf, 0xd8, 0xcb, 0xa5, 0x9f, 0x13, 0x4f, 0xbe, 0xd0, 0x3a, 0x0a, - 0x79, 0x06, 0x1d, 0xb3, 0xfa, 0x57, 0x4a, 0x70, 0x85, 0x1a, 0x2e, 0x1b, 0xf2, 0x15, 0xff, 0x83, - 0x7f, 0x05, 0x00, 0x00, 0xff, 0xff, 0x0c, 0x80, 0xb2, 0xf5, 0x00, 0x15, 0x00, 0x00, + // 2042 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x58, 0x5f, 0x73, 0xdb, 0xc6, + 0x11, 0x1f, 0x92, 0x22, 0x09, 0x2e, 0x49, 0xfd, 0x39, 0xcb, 0x2e, 0x44, 0x3b, 0x15, 0x8b, 0x8c, + 0x15, 0xc6, 0xd3, 0x50, 0x36, 0xfb, 0xcf, 0x69, 0x27, 0xe9, 0xa8, 0xb2, 0xe2, 0xa8, 0x91, 0x12, + 0x0d, 0xa4, 0x36, 0xed, 0xb4, 0x33, 0xcc, 0x09, 0x58, 0x51, 0x18, 0x81, 0x00, 0x7a, 0x38, 0x48, + 0xe6, 0x53, 0x3f, 0x42, 0xdf, 0xd2, 0xaf, 0xd4, 0x99, 0x3e, 0xf7, 0x13, 0xf4, 0xbd, 0x0f, 0xfd, + 0x04, 0x9d, 0xfb, 0x03, 0xf0, 0x40, 0x52, 0xb5, 0x3b, 0xd3, 0xbc, 0xdd, 0xfe, 0x76, 0xef, 0xf6, + 0x6e, 0xb1, 0xfb, 0xdb, 0x3b, 0xc0, 0x6e, 0x18, 0x4f, 0x02, 0x8f, 0x86, 0xfb, 0x49, 0x98, 0x4d, + 0x82, 0x68, 0x3f, 0xb9, 0xdc, 0xbf, 0xa4, 0xde, 0x0d, 0x46, 0xfe, 0x30, 0x61, 0x31, 0x8f, 0x49, + 0x35, 0xb9, 0xec, 0xed, 0x4e, 0xe2, 0x78, 0x12, 0xe2, 0xbe, 0x44, 0x2e, 0xb3, 0xab, 0x7d, 0x1e, + 0x4c, 0x31, 0xe5, 0x74, 0x9a, 0x28, 0x23, 0xa7, 0x09, 0xf5, 0xa3, 0x69, 0xc2, 0x67, 0x4e, 0x1f, + 0x1a, 0x9f, 0x23, 0xf5, 0x91, 0x91, 0x47, 0xd0, 0xb8, 0x96, 0x23, 0xbb, 0xd2, 0xaf, 0x0d, 0x5a, + 0xae, 0x96, 0x9c, 0x3f, 0x00, 0x9c, 0x89, 0x39, 0x47, 0x8c, 0xc5, 0x8c, 0xec, 0x80, 0x85, 0x8c, + 0x8d, 0xf9, 0x2c, 0x41, 0xbb, 0xd2, 0xaf, 0x0c, 0xba, 0x6e, 0x13, 0x19, 0xbb, 0x98, 0x25, 0x48, + 0xbe, 0x07, 0x62, 0x38, 0x9e, 0xa6, 0x13, 0xbb, 0xda, 0xaf, 0x88, 0x15, 0x90, 0xb1, 0xd3, 0x74, + 0x92, 0xcf, 0xf1, 0x62, 0x1f, 0xed, 0x5a, 0xbf, 0x32, 0xa8, 0xc9, 0x39, 0x87, 0xb1, 0x8f, 0xce, + 0xb7, 0x15, 0xa8, 0x9f, 0x51, 0x7e, 0x9d, 0x12, 0x02, 0x6b, 0x2c, 0x8e, 0xb9, 0x76, 0x2e, 0xc7, + 0x64, 0x00, 0x1b, 0x59, 0x44, 0x33, 0x7e, 0x8d, 0x11, 0x0f, 0x3c, 0xca, 0xd1, 0xb7, 0xab, 0x52, + 0xbd, 0x08, 0x93, 0xf7, 0xa1, 0x1b, 0xc6, 0x1e, 0x0d, 0xc7, 0x29, 0x8f, 0x19, 0x9d, 0x08, 0x3f, + 0xc2, 0xae, 0x23, 0xc1, 0x73, 0x85, 0x91, 0x67, 0xb0, 0x95, 0x22, 0x0d, 0xc7, 0x77, 0x8c, 0x26, + 0x85, 0xe1, 0x9a, 0x5a, 0x50, 0x28, 0xbe, 0x66, 0x34, 0xd1, 0xb6, 0xce, 0x5f, 0x1a, 0xd0, 0x74, + 0xf1, 0x4f, 0x19, 0xa6, 0x9c, 0xac, 0x43, 0x35, 0xf0, 0xe5, 0x69, 0x5b, 0x6e, 0x35, 0xf0, 0xc9, + 0x10, 0x88, 0x8b, 0x49, 0x28, 0x5c, 0x07, 0x71, 0x74, 0x18, 0x66, 0x29, 0x47, 0xa6, 0xcf, 0xbc, + 0x42, 0x43, 0x9e, 0x40, 0x2b, 0x4e, 0x90, 0x49, 0x4c, 0x06, 0xa0, 0xe5, 0xce, 0x01, 0x71, 0xf0, + 0x84, 0xf2, 0x6b, 0x7b, 0x4d, 0x2a, 0xe4, 0x58, 0x60, 0x3e, 0xe5, 0xd4, 0xae, 0x2b, 0x4c, 0x8c, + 0x89, 0x03, 0x8d, 0x14, 0x3d, 0x86, 0xdc, 0x6e, 0xf4, 0x2b, 0x83, 0xf6, 0x08, 0x86, 0xc9, 0xe5, + 0xf0, 0x5c, 0x22, 0xae, 0xd6, 0x90, 0x27, 0xb0, 0x26, 0xe2, 0x62, 0x37, 0xa5, 0x85, 0x25, 0x2c, + 0x0e, 0x32, 0x7e, 0xed, 0x4a, 0x94, 0x8c, 0xa0, 0xa9, 0xbe, 0x69, 0x6a, 0x5b, 0xfd, 0xda, 0xa0, + 0x3d, 0xb2, 0x85, 0x81, 0x3e, 0xe5, 0x50, 0xa5, 0x41, 0x7a, 0x14, 0x71, 0x36, 0x73, 0x73, 0x43, + 0xf2, 0x03, 0xe8, 0x78, 0x61, 0x80, 0x11, 0x1f, 0xf3, 0xf8, 0x06, 0x23, 0xbb, 0x25, 0x77, 0xd4, + 0x56, 0xd8, 0x85, 0x80, 0xc8, 0x08, 0x1e, 0x9a, 0x26, 0x63, 0xea, 0x79, 0x98, 0xa6, 0x31, 0xb3, + 0x41, 0xda, 0x3e, 0x30, 0x6c, 0x0f, 0xb4, 0x4a, 0x2c, 0xeb, 0x07, 0x69, 0x12, 0xd2, 0xd9, 0x38, + 0xa2, 0x53, 0xb4, 0xdb, 0x6a, 0x59, 0x8d, 0x7d, 0x49, 0xa7, 0x48, 0x76, 0xa1, 0x3d, 0x8d, 0xb3, + 0x88, 0x8f, 0x93, 0x38, 0x88, 0xb8, 0xdd, 0x91, 0x16, 0x20, 0xa1, 0x33, 0x81, 0x90, 0xf7, 0x40, + 0x49, 0x2a, 0x19, 0xbb, 0x2a, 0xae, 0x12, 0x91, 0xe9, 0xf8, 0x14, 0xd6, 0x95, 0xba, 0xd8, 0xcf, + 0xba, 0x34, 0xe9, 0x4a, 0xb4, 0xd8, 0xc9, 0x73, 0x68, 0xc9, 0x7c, 0x08, 0xa2, 0xab, 0xd8, 0xde, + 0x90, 0x71, 0x7b, 0x60, 0x84, 0x45, 0xe4, 0xc4, 0x71, 0x74, 0x15, 0xbb, 0xd6, 0x9d, 0x1e, 0x91, + 0x4f, 0xe0, 0x71, 0xe9, 0xbc, 0x0c, 0xa7, 0x34, 0x88, 0x82, 0x68, 0x32, 0xce, 0x52, 0x4c, 0xed, + 0x4d, 0x99, 0xe1, 0xb6, 0x71, 0x6a, 0x37, 0x37, 0xf8, 0x4d, 0x8a, 0x29, 0x79, 0x0c, 0x2d, 0x91, + 0xb7, 0x7c, 0x36, 0x0e, 0x7c, 0x7b, 0x4b, 0x6e, 0xc9, 0x52, 0xc0, 0xb1, 0x4f, 0x3e, 0x80, 0x8d, + 0x24, 0x0e, 0x03, 0x6f, 0x36, 0x8e, 0x6f, 0x91, 0xb1, 0xc0, 0x47, 0x9b, 0xf4, 0x2b, 0x03, 0xcb, + 0x5d, 0x57, 0xf0, 0x57, 0x1a, 0x5d, 0x55, 0x1a, 0x0f, 0xa4, 0xe1, 0x22, 0xdc, 0xfb, 0x0c, 0x3a, + 0xe6, 0xa7, 0x25, 0x9b, 0x50, 0xbb, 0xc1, 0x99, 0x4e, 0x67, 0x31, 0x24, 0x7d, 0xa8, 0xdf, 0xd2, + 0x30, 0x43, 0x99, 0xc2, 0x3a, 0xb1, 0xd4, 0x14, 0x57, 0x29, 0x7e, 0x5e, 0x7d, 0x59, 0x71, 0x28, + 0xd4, 0x0f, 0xc2, 0x80, 0xa6, 0x0b, 0x71, 0xaf, 0xbc, 0x3d, 0xee, 0xd5, 0x55, 0x71, 0x27, 0xb0, + 0x26, 0xbf, 0xbc, 0xaa, 0x07, 0x39, 0x76, 0xfe, 0x5d, 0x83, 0x35, 0x91, 0xaf, 0xe4, 0x27, 0xd0, + 0x0d, 0x91, 0xa6, 0x38, 0x8e, 0x13, 0x51, 0x23, 0xa9, 0xf4, 0xd2, 0x1e, 0x6d, 0x8a, 0x9d, 0x9d, + 0x08, 0xc5, 0x57, 0x0a, 0x77, 0x3b, 0xa1, 0x21, 0x09, 0x16, 0x08, 0x22, 0x8e, 0x2c, 0xa2, 0xe1, + 0x58, 0xd6, 0x8f, 0xf2, 0xdc, 0xc9, 0xc1, 0x57, 0xa2, 0x8e, 0x16, 0x53, 0xaf, 0xb6, 0x9c, 0x7a, + 0x3d, 0xb0, 0x64, 0xb8, 0x03, 0x4c, 0x35, 0x3f, 0x14, 0x32, 0x19, 0x81, 0x35, 0x45, 0x4e, 0x75, + 0x79, 0x8a, 0x2a, 0x7a, 0x94, 0x97, 0xd9, 0xf0, 0x54, 0x2b, 0x54, 0x0d, 0x15, 0x76, 0x4b, 0x45, + 0xd4, 0x58, 0x2e, 0xa2, 0x1e, 0x58, 0x45, 0xbc, 0x9a, 0x2a, 0x29, 0x72, 0x59, 0x30, 0x73, 0x82, + 0x2c, 0x88, 0x7d, 0xdb, 0x92, 0xb9, 0xa5, 0x25, 0xc1, 0xab, 0x51, 0x36, 0x55, 0x59, 0xd7, 0x52, + 0xbc, 0x1a, 0x65, 0xd3, 0xe5, 0x24, 0x83, 0x85, 0x24, 0xdb, 0x85, 0x3a, 0x15, 0x5f, 0x52, 0x56, + 0x5d, 0x7b, 0xd4, 0x92, 0xfb, 0x17, 0x80, 0xab, 0x70, 0x32, 0x84, 0xee, 0x84, 0xc5, 0x59, 0x32, + 0x96, 0x22, 0xa6, 0x76, 0x47, 0x1e, 0xd4, 0x30, 0xec, 0x48, 0xfd, 0x81, 0x52, 0xf7, 0x7e, 0x01, + 0xdd, 0xd2, 0xd1, 0x57, 0xe4, 0xd8, 0xb6, 0x99, 0x63, 0x2d, 0x33, 0xaf, 0xfe, 0x5a, 0x81, 0x8e, + 0xf9, 0x4d, 0xc5, 0xe4, 0x8b, 0x8b, 0x13, 0x39, 0xb9, 0xe6, 0x8a, 0xa1, 0x20, 0x50, 0x86, 0x11, + 0xde, 0xd1, 0xcb, 0x50, 0x2d, 0x60, 0xb9, 0x73, 0x40, 0x68, 0x83, 0xc8, 0x63, 0x38, 0xc5, 0x88, + 0xeb, 0xfe, 0x32, 0x07, 0xc8, 0xc7, 0x00, 0x41, 0x9a, 0x66, 0x38, 0x16, 0x2d, 0x50, 0x92, 0x6c, + 0x7b, 0xd4, 0x1b, 0xaa, 0xfe, 0x38, 0xcc, 0xfb, 0xe3, 0xf0, 0x22, 0xef, 0x8f, 0x6e, 0x4b, 0x5a, + 0x0b, 0xd9, 0xf9, 0x33, 0x34, 0x14, 0xbf, 0x7e, 0xa7, 0xf9, 0xb8, 0x03, 0x96, 0x5a, 0x3b, 0xf0, + 0x75, 0x2e, 0x36, 0xa5, 0x7c, 0xec, 0x3b, 0x7f, 0xaf, 0x80, 0xe5, 0x62, 0x9a, 0xc4, 0x51, 0x8a, + 0x06, 0xff, 0x57, 0xde, 0xca, 0xff, 0xd5, 0x95, 0xfc, 0x9f, 0x77, 0x95, 0x9a, 0xd1, 0x55, 0x7a, + 0x60, 0x31, 0xf4, 0x03, 0x86, 0x1e, 0xd7, 0x1d, 0xa8, 0x90, 0x85, 0xee, 0x8e, 0x32, 0x41, 0x5c, + 0xa9, 0x4c, 0xf5, 0x96, 0x5b, 0xc8, 0xe4, 0x85, 0x49, 0x9b, 0xaa, 0x21, 0x6d, 0x2b, 0xda, 0x54, + 0xdb, 0x5d, 0xe6, 0x4d, 0xe7, 0x6f, 0x55, 0xd8, 0x5c, 0x54, 0xaf, 0xf8, 0xd8, 0xdb, 0x50, 0x57, + 0x55, 0xa2, 0x33, 0x85, 0x2f, 0xd5, 0x47, 0x6d, 0xa1, 0x3e, 0x7e, 0x09, 0x5d, 0x8f, 0xa1, 0xec, + 0xa6, 0xef, 0xfa, 0x95, 0x3b, 0xf9, 0x04, 0x01, 0x91, 0x0f, 0x61, 0x53, 0xec, 0x32, 0x41, 0x7f, + 0x4e, 0x5a, 0xaa, 0xf5, 0x6e, 0x68, 0xbc, 0xa0, 0xad, 0x67, 0xb0, 0x95, 0x9b, 0xce, 0x0b, 0xac, + 0x51, 0xb2, 0x3d, 0xca, 0xeb, 0xec, 0x11, 0x34, 0xae, 0x62, 0x36, 0xa5, 0x5c, 0x57, 0xb4, 0x96, + 0x44, 0x5a, 0x14, 0xfb, 0x95, 0xad, 0xdf, 0x52, 0x69, 0x91, 0x83, 0xe2, 0x42, 0x24, 0x2a, 0xb8, + 0xb8, 0xac, 0xc8, 0xea, 0xb6, 0x5c, 0x2b, 0xbf, 0xa4, 0x38, 0xbf, 0x83, 0x8d, 0x85, 0xfe, 0xb4, + 0x22, 0x90, 0x73, 0xf7, 0xd5, 0x92, 0xfb, 0xd2, 0xca, 0xb5, 0x85, 0x95, 0x7f, 0x0f, 0x5b, 0x9f, + 0xd3, 0xc8, 0x0f, 0x51, 0xaf, 0x7f, 0xc0, 0x26, 0x92, 0xf1, 0xf5, 0x75, 0x69, 0xac, 0x2f, 0x42, + 0x5d, 0xb7, 0xa5, 0x91, 0x63, 0x9f, 0x3c, 0x85, 0x26, 0x53, 0xd6, 0x3a, 0xf1, 0xda, 0x46, 0x03, + 0x75, 0x73, 0x9d, 0xf3, 0x0d, 0x90, 0xd2, 0xd2, 0xe2, 0xa6, 0x34, 0x23, 0x03, 0x91, 0x80, 0x2a, + 0x29, 0x74, 0x62, 0x77, 0xcc, 0x3c, 0x72, 0x0b, 0x2d, 0xe9, 0x43, 0x0d, 0x19, 0xd3, 0x2e, 0xd6, + 0x85, 0xd1, 0xfc, 0x5e, 0xea, 0x0a, 0x95, 0xf3, 0x63, 0xd8, 0x3a, 0x4f, 0xd0, 0x0b, 0x68, 0x28, + 0xef, 0x94, 0xca, 0xc1, 0x2e, 0xd4, 0x45, 0x90, 0xf3, 0x9a, 0x95, 0x24, 0xa6, 0xd4, 0x0a, 0x77, + 0xbe, 0x01, 0x5b, 0xed, 0xeb, 0xe8, 0x4d, 0x90, 0x72, 0x8c, 0x3c, 0x3c, 0xbc, 0x46, 0xef, 0xe6, + 0xff, 0x78, 0xf2, 0x5b, 0xd8, 0x59, 0xe5, 0x21, 0xdf, 0x5f, 0xdb, 0x13, 0xd2, 0xf8, 0x2a, 0xce, + 0x22, 0xe5, 0xc3, 0x72, 0x41, 0x42, 0x9f, 0x09, 0x44, 0x7c, 0x47, 0x14, 0xf3, 0x52, 0x4d, 0x7d, + 0x5a, 0xca, 0xe3, 0x51, 0xbb, 0x3f, 0x1e, 0xdf, 0x56, 0xa0, 0x75, 0x8e, 0x3c, 0x4b, 0xe4, 0x59, + 0x1e, 0x43, 0xeb, 0x92, 0xc5, 0x37, 0xc8, 0xe6, 0x47, 0xb1, 0x14, 0x70, 0xec, 0x93, 0x17, 0xd0, + 0x38, 0x8c, 0xa3, 0xab, 0x60, 0x22, 0x6f, 0xd8, 0xed, 0xd1, 0x8e, 0x62, 0x17, 0x3d, 0x77, 0xa8, + 0x74, 0xaa, 0xaf, 0x69, 0xc3, 0xde, 0xc7, 0xd0, 0x36, 0xe0, 0xff, 0x89, 0xf3, 0xbf, 0x0f, 0x20, + 0xd7, 0x56, 0x11, 0xd8, 0x54, 0x07, 0xd1, 0x33, 0xc5, 0xc6, 0x77, 0xa1, 0x25, 0xee, 0x12, 0x4a, + 0x4d, 0x60, 0xcd, 0x78, 0x6e, 0xc8, 0xb1, 0xf3, 0x14, 0xb6, 0x8e, 0xa3, 0x5b, 0x1a, 0x06, 0x3e, + 0xe5, 0xf8, 0x05, 0xce, 0xe4, 0x01, 0x97, 0x76, 0xe0, 0x9c, 0x43, 0x47, 0x5f, 0xe8, 0xdf, 0x69, + 0x8f, 0x1d, 0xbd, 0xc7, 0xff, 0x5e, 0x22, 0x1f, 0xc2, 0x86, 0x5e, 0xf4, 0x24, 0xd0, 0x05, 0x22, + 0x3a, 0x34, 0xc3, 0xab, 0xe0, 0x8d, 0x5e, 0x5a, 0x4b, 0xce, 0x4b, 0xd8, 0x34, 0x4c, 0x8b, 0xe3, + 0xdc, 0xe0, 0x2c, 0xcd, 0x1f, 0x3a, 0x62, 0x9c, 0x47, 0xa0, 0x3a, 0x8f, 0x80, 0x03, 0xeb, 0x7a, + 0xe6, 0x6b, 0xe4, 0xf7, 0x9c, 0xee, 0x8b, 0x62, 0x23, 0xaf, 0x51, 0x2f, 0xbe, 0x07, 0x75, 0x14, + 0x27, 0x35, 0x1b, 0x94, 0x19, 0x01, 0x57, 0xa9, 0x57, 0x38, 0x7c, 0x59, 0x38, 0x3c, 0xcb, 0x94, + 0xc3, 0x77, 0x5c, 0xcb, 0x79, 0xbf, 0xd8, 0xc6, 0x59, 0xc6, 0xef, 0xfb, 0xa2, 0x4f, 0x61, 0x4b, + 0x1b, 0xbd, 0xc2, 0x10, 0x39, 0xde, 0x73, 0xa4, 0x3d, 0x20, 0x25, 0xb3, 0xfb, 0x96, 0x7b, 0x02, + 0xd6, 0xc5, 0xc5, 0x49, 0xa1, 0x2d, 0x33, 0x9f, 0xf3, 0x09, 0x6c, 0x9d, 0x67, 0x7e, 0x7c, 0xc6, + 0x82, 0xdb, 0x20, 0xc4, 0x89, 0x72, 0x96, 0xbf, 0xb3, 0x2a, 0xc6, 0x3b, 0x6b, 0x65, 0xaf, 0x71, + 0x06, 0x40, 0x4a, 0xd3, 0x8b, 0xef, 0x96, 0x66, 0x7e, 0xac, 0x0b, 0x54, 0x8e, 0x9d, 0x01, 0x74, + 0x2e, 0xa8, 0xe8, 0xe6, 0xbe, 0xb2, 0xb1, 0xa1, 0xc9, 0x95, 0xac, 0xcd, 0x72, 0xd1, 0x19, 0xc1, + 0xf6, 0x21, 0xf5, 0xae, 0x83, 0x68, 0xf2, 0x2a, 0x48, 0xc5, 0xb5, 0x45, 0xcf, 0xe8, 0x81, 0xe5, + 0x6b, 0x40, 0x4f, 0x29, 0x64, 0xe7, 0x23, 0x78, 0x68, 0xbc, 0x26, 0xcf, 0x39, 0xcd, 0xe3, 0xb1, + 0x0d, 0xf5, 0x54, 0x48, 0x72, 0x46, 0xdd, 0x55, 0x82, 0xf3, 0x25, 0x6c, 0x9b, 0xed, 0x55, 0x5c, + 0x2e, 0xf2, 0x83, 0xcb, 0xb6, 0x5f, 0x31, 0xda, 0xbe, 0x8e, 0x59, 0x75, 0xde, 0x2d, 0x36, 0xa1, + 0xf6, 0xeb, 0xaf, 0x2f, 0x74, 0xb2, 0x8b, 0xa1, 0xf3, 0x47, 0xe1, 0xbe, 0xbc, 0x9e, 0x72, 0x5f, + 0xea, 0xfd, 0x95, 0x77, 0xe9, 0xfd, 0x2b, 0xf2, 0xed, 0x23, 0xd8, 0x3a, 0x0d, 0x63, 0xef, 0xe6, + 0x28, 0x32, 0xa2, 0x61, 0x43, 0x13, 0x23, 0x33, 0x18, 0xb9, 0xe8, 0x7c, 0x00, 0x1b, 0x27, 0xe2, + 0x2d, 0x7f, 0x2a, 0x1e, 0x11, 0x45, 0x14, 0xe4, 0xf3, 0x5e, 0x9b, 0x2a, 0x61, 0xf4, 0xaf, 0x2a, + 0x34, 0x7f, 0xa5, 0x7e, 0x88, 0x90, 0x4f, 0xa1, 0x5b, 0xea, 0x38, 0xe4, 0xa1, 0x7c, 0xda, 0x2c, + 0xf6, 0xb7, 0xde, 0xa3, 0x25, 0x58, 0x79, 0x78, 0x0e, 0x1d, 0xb3, 0x9f, 0x10, 0xd9, 0x3b, 0xe4, + 0x7f, 0x93, 0x9e, 0x5c, 0x69, 0xb9, 0xd9, 0x9c, 0xc3, 0xf6, 0x2a, 0xa6, 0x27, 0x4f, 0xe6, 0x1e, + 0x96, 0xbb, 0x4c, 0xef, 0xbd, 0xfb, 0xb4, 0x79, 0x87, 0x68, 0x1e, 0x86, 0x48, 0xa3, 0x2c, 0x31, + 0x77, 0x30, 0x1f, 0x92, 0x17, 0xd0, 0x2d, 0xb1, 0xa1, 0x3a, 0xe7, 0x12, 0x41, 0x9a, 0x53, 0xf6, + 0xa0, 0x2e, 0x19, 0x98, 0x74, 0x4b, 0x44, 0xdf, 0x5b, 0x2f, 0x44, 0xe5, 0xbb, 0x0f, 0x6b, 0xf2, + 0x55, 0x67, 0x38, 0x96, 0x33, 0x0a, 0x7a, 0x1e, 0xfd, 0xa3, 0x02, 0xcd, 0xfc, 0x0f, 0xcb, 0x0b, + 0x58, 0x13, 0x44, 0x47, 0x1e, 0x18, 0x5c, 0x91, 0x93, 0x64, 0x6f, 0x7b, 0x01, 0x54, 0x0e, 0x86, + 0x50, 0x7b, 0x8d, 0x9c, 0x10, 0x43, 0xa9, 0x19, 0xaf, 0xf7, 0xa0, 0x8c, 0x15, 0xf6, 0x67, 0x59, + 0xd9, 0x5e, 0x13, 0x56, 0xc9, 0xbe, 0xa0, 0xa2, 0x9f, 0x41, 0x43, 0x51, 0x89, 0x0a, 0xca, 0x12, + 0x09, 0xa9, 0x8f, 0xbf, 0x4c, 0x3a, 0xa3, 0x7f, 0xd6, 0x00, 0xce, 0x67, 0x29, 0xc7, 0xe9, 0x6f, + 0x03, 0xbc, 0x23, 0xcf, 0x60, 0xe3, 0x15, 0x5e, 0xd1, 0x2c, 0xe4, 0xf2, 0xc2, 0x2f, 0x4a, 0xc6, + 0x88, 0x89, 0xbc, 0xb3, 0x14, 0x8c, 0xb4, 0x07, 0xed, 0x53, 0xfa, 0xe6, 0xed, 0x76, 0x9f, 0x42, + 0xb7, 0x44, 0x34, 0x7a, 0x8b, 0x8b, 0xd4, 0xa5, 0xb7, 0xb8, 0x4c, 0x49, 0x7b, 0xd0, 0xd4, 0xf4, + 0x63, 0xfa, 0x90, 0x44, 0x5d, 0xa2, 0xa5, 0x9f, 0xc2, 0xc6, 0x02, 0xf9, 0x98, 0xf6, 0xf2, 0x2f, + 0xd0, 0x4a, 0x72, 0x7a, 0x29, 0x2e, 0xec, 0x65, 0x02, 0x32, 0x27, 0xee, 0xa8, 0xa2, 0x5f, 0xc5, + 0x50, 0xaf, 0xcb, 0x57, 0x7d, 0xf9, 0xd0, 0xb1, 0x17, 0x39, 0x22, 0x67, 0xa8, 0x7c, 0xa1, 0x55, + 0x5c, 0xf3, 0x1c, 0x3a, 0x26, 0x4d, 0x2c, 0x95, 0xe0, 0x32, 0x87, 0xfc, 0x10, 0x60, 0xce, 0x14, + 0xa6, 0xbd, 0x4c, 0x8f, 0x05, 0x12, 0xb9, 0x6c, 0xc8, 0xc7, 0xc1, 0x8f, 0xfe, 0x13, 0x00, 0x00, + 0xff, 0xff, 0x54, 0xbe, 0x6c, 0x5a, 0x57, 0x15, 0x00, 0x00, } diff --git a/logical/plugin/pb/backend.proto b/logical/plugin/pb/backend.proto index a2aced7ca503..64ef52e4da15 100644 --- a/logical/plugin/pb/backend.proto +++ b/logical/plugin/pb/backend.proto @@ -435,6 +435,10 @@ message MlockEnabledReply { bool enabled = 1; } +message LocalMountReply { + bool local = 1; +} + service SystemView { rpc DefaultLeaseTTL(Empty) returns (TTLReply); rpc MaxLeaseTTL(Empty) returns (TTLReply); @@ -444,6 +448,5 @@ service SystemView { rpc ReplicationState(Empty) returns (ReplicationStateReply); rpc ResponseWrapData(ResponseWrapDataArgs) returns (ResponseWrapDataReply); rpc MlockEnabled(Empty) returns (MlockEnabledReply); + rpc LocalMount(Empty) returns (LocalMountReply); } - - diff --git a/logical/plugin/system.go b/logical/plugin/system.go index 97f3e0f0921d..1daa48f4efb5 100644 --- a/logical/plugin/system.go +++ b/logical/plugin/system.go @@ -119,6 +119,16 @@ func (s *SystemViewClient) MlockEnabled() bool { return reply.MlockEnabled } +func (s *SystemViewClient) LocalMount() bool { + var reply LocalMountReply + err := s.client.Call("Plugin.LocalMount", new(interface{}), &reply) + if err != nil { + return false + } + + return reply.Local +} + type SystemViewServer struct { impl logical.SystemView } @@ -202,6 +212,15 @@ func (s *SystemViewServer) MlockEnabled(_ interface{}, reply *MlockEnabledReply) return nil } +func (s *SystemViewServer) LocalMount(_ interface{}, reply *LocalMountReply) error { + local := s.impl.LocalMount() + *reply = LocalMountReply{ + Local: local, + } + + return nil +} + type DefaultLeaseTTLReply struct { DefaultLeaseTTL time.Duration } @@ -245,3 +264,7 @@ type ResponseWrapDataReply struct { type MlockEnabledReply struct { MlockEnabled bool } + +type LocalMountReply struct { + Local bool +} diff --git a/logical/system_view.go b/logical/system_view.go index e5083beffe8e..ad406c29f7dd 100644 --- a/logical/system_view.go +++ b/logical/system_view.go @@ -39,6 +39,10 @@ type SystemView interface { // despite known slowdowns. CachingDisabled() bool + // When run from a system view attached to a request, indicates whether the + // request is affecting a local mount or not + LocalMount() bool + // ReplicationState indicates the state of cluster replication ReplicationState() consts.ReplicationState @@ -63,6 +67,7 @@ type StaticSystemView struct { CachingDisabledVal bool Primary bool EnableMlock bool + LocalMountVal bool ReplicationStateVal consts.ReplicationState } @@ -86,6 +91,10 @@ func (d StaticSystemView) CachingDisabled() bool { return d.CachingDisabledVal } +func (d StaticSystemView) LocalMount() bool { + return d.LocalMountVal +} + func (d StaticSystemView) ReplicationState() consts.ReplicationState { return d.ReplicationStateVal } diff --git a/vault/dynamic_system_view.go b/vault/dynamic_system_view.go index 6363dcc25b47..a1b3052bc698 100644 --- a/vault/dynamic_system_view.go +++ b/vault/dynamic_system_view.go @@ -85,6 +85,10 @@ func (d dynamicSystemView) CachingDisabled() bool { return d.core.cachingDisabled || (d.mountEntry != nil && d.mountEntry.Config.ForceNoCache) } +func (d dynamicSystemView) LocalMount() bool { + return d.mountEntry != nil && d.mountEntry.Local +} + // Checks if this is a primary Vault instance. Caller should hold the stateLock // in read mode. func (d dynamicSystemView) ReplicationState() consts.ReplicationState { From 7a4e7c8242f7b05d33885b9b54bfc409e39b2856 Mon Sep 17 00:00:00 2001 From: Vishal Nayak Date: Fri, 2 Feb 2018 19:06:08 -0500 Subject: [PATCH 041/178] Add the actual error object to the message (#3901) --- builtin/credential/approle/validation.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/builtin/credential/approle/validation.go b/builtin/credential/approle/validation.go index b3511a9e26d2..1a63c4d0650f 100644 --- a/builtin/credential/approle/validation.go +++ b/builtin/credential/approle/validation.go @@ -250,9 +250,9 @@ func (b *backend) validateBindSecretID(ctx context.Context, req *logical.Request result.SecretIDNumUses -= 1 result.LastUpdatedTime = time.Now() if entry, err := logical.StorageEntryJSON(entryIndex, &result); err != nil { - return false, nil, fmt.Errorf("failed to decrement the use count for secret ID %q", secretID) + return false, nil, fmt.Errorf("failed to create storage entry while decrementing the secret ID use count: %v", err) } else if err = req.Storage.Put(ctx, entry); err != nil { - return false, nil, fmt.Errorf("failed to decrement the use count for secret ID %q", secretID) + return false, nil, fmt.Errorf("failed to decrement the secret ID use count: %v", err) } } From 1a3fa27dad6cef248e75ff6eda309ee697e3a90c Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Fri, 2 Feb 2018 20:28:25 -0500 Subject: [PATCH 042/178] Don't run rollback and upgrade functionality if we are a replication secondary (#3900) * Don't run rollback and upgrade functionality if we are a replication secondary, but do if the mount is local. --- builtin/credential/approle/backend.go | 5 ++- builtin/credential/aws/backend.go | 45 +++++++++++++++------------ builtin/logical/aws/backend.go | 2 +- builtin/logical/aws/rollback.go | 7 ++++- builtin/logical/pki/path_roles.go | 3 +- vault/rollback.go | 4 +++ 6 files changed, 42 insertions(+), 24 deletions(-) diff --git a/builtin/credential/approle/backend.go b/builtin/credential/approle/backend.go index e101f5470a18..11c62648b60d 100644 --- a/builtin/credential/approle/backend.go +++ b/builtin/credential/approle/backend.go @@ -4,6 +4,7 @@ import ( "context" "sync" + "github.com/hashicorp/vault/helper/consts" "github.com/hashicorp/vault/helper/locksutil" "github.com/hashicorp/vault/helper/salt" "github.com/hashicorp/vault/logical" @@ -142,7 +143,9 @@ func (b *backend) invalidate(_ context.Context, key string) { // to delay the removal of SecretIDs by a minute. func (b *backend) periodicFunc(ctx context.Context, req *logical.Request) error { // Initiate clean-up of expired SecretID entries - b.tidySecretID(ctx, req.Storage) + if b.System().LocalMount() || !b.System().ReplicationState().HasState(consts.ReplicationPerformanceSecondary) { + b.tidySecretID(ctx, req.Storage) + } return nil } diff --git a/builtin/credential/aws/backend.go b/builtin/credential/aws/backend.go index d709d666773a..dfd217c00d91 100644 --- a/builtin/credential/aws/backend.go +++ b/builtin/credential/aws/backend.go @@ -9,6 +9,7 @@ import ( "github.com/aws/aws-sdk-go/aws/endpoints" "github.com/aws/aws-sdk-go/service/ec2" "github.com/aws/aws-sdk-go/service/iam" + "github.com/hashicorp/vault/helper/consts" "github.com/hashicorp/vault/logical" "github.com/hashicorp/vault/logical/framework" "github.com/patrickmn/go-cache" @@ -143,29 +144,33 @@ func (b *backend) periodicFunc(ctx context.Context, req *logical.Request) error // Run the tidy operations for the first time. Then run it when current // time matches the nextTidyTime. if b.nextTidyTime.IsZero() || !time.Now().Before(b.nextTidyTime) { - // safety_buffer defaults to 180 days for roletag blacklist - safety_buffer := 15552000 - tidyBlacklistConfigEntry, err := b.lockedConfigTidyRoleTags(ctx, req.Storage) - if err != nil { - return err - } - skipBlacklistTidy := false - // check if tidying of role tags was configured - if tidyBlacklistConfigEntry != nil { - // check if periodic tidying of role tags was disabled - if tidyBlacklistConfigEntry.DisablePeriodicTidy { - skipBlacklistTidy = true + if b.System().LocalMount() || !b.System().ReplicationState().HasState(consts.ReplicationPerformanceSecondary) { + // safety_buffer defaults to 180 days for roletag blacklist + safety_buffer := 15552000 + tidyBlacklistConfigEntry, err := b.lockedConfigTidyRoleTags(ctx, req.Storage) + if err != nil { + return err + } + skipBlacklistTidy := false + // check if tidying of role tags was configured + if tidyBlacklistConfigEntry != nil { + // check if periodic tidying of role tags was disabled + if tidyBlacklistConfigEntry.DisablePeriodicTidy { + skipBlacklistTidy = true + } + // overwrite the default safety_buffer with the configured value + safety_buffer = tidyBlacklistConfigEntry.SafetyBuffer + } + // tidy role tags if explicitly not disabled + if !skipBlacklistTidy { + b.tidyBlacklistRoleTag(ctx, req.Storage, safety_buffer) } - // overwrite the default safety_buffer with the configured value - safety_buffer = tidyBlacklistConfigEntry.SafetyBuffer - } - // tidy role tags if explicitly not disabled - if !skipBlacklistTidy { - b.tidyBlacklistRoleTag(ctx, req.Storage, safety_buffer) } - // reset the safety_buffer to 72h - safety_buffer = 259200 + // We don't check for replication state for whitelist identities as + // these are locally stored + + safety_buffer := 259200 tidyWhitelistConfigEntry, err := b.lockedConfigTidyIdentities(ctx, req.Storage) if err != nil { return err diff --git a/builtin/logical/aws/backend.go b/builtin/logical/aws/backend.go index 12e646fa6a9c..6b0b5e4878a6 100644 --- a/builtin/logical/aws/backend.go +++ b/builtin/logical/aws/backend.go @@ -44,7 +44,7 @@ func Backend() *backend { secretAccessKeys(&b), }, - WALRollback: walRollback, + WALRollback: b.walRollback, WALRollbackMinAge: 5 * time.Minute, BackendType: logical.TypeLogical, } diff --git a/builtin/logical/aws/rollback.go b/builtin/logical/aws/rollback.go index c3b1844db232..92130bceb386 100644 --- a/builtin/logical/aws/rollback.go +++ b/builtin/logical/aws/rollback.go @@ -4,6 +4,7 @@ import ( "context" "fmt" + "github.com/hashicorp/vault/helper/consts" "github.com/hashicorp/vault/logical" "github.com/hashicorp/vault/logical/framework" ) @@ -12,7 +13,11 @@ var walRollbackMap = map[string]framework.WALRollbackFunc{ "user": pathUserRollback, } -func walRollback(ctx context.Context, req *logical.Request, kind string, data interface{}) error { +func (b *backend) walRollback(ctx context.Context, req *logical.Request, kind string, data interface{}) error { + if !b.System().LocalMount() && b.System().ReplicationState().HasState(consts.ReplicationPerformancePrimary) { + return nil + } + f, ok := walRollbackMap[kind] if !ok { return fmt.Errorf("unknown type to rollback") diff --git a/builtin/logical/pki/path_roles.go b/builtin/logical/pki/path_roles.go index 7f578c8c0adc..d3e02401a83c 100644 --- a/builtin/logical/pki/path_roles.go +++ b/builtin/logical/pki/path_roles.go @@ -7,6 +7,7 @@ import ( "strings" "time" + "github.com/hashicorp/vault/helper/consts" "github.com/hashicorp/vault/helper/parseutil" "github.com/hashicorp/vault/logical" "github.com/hashicorp/vault/logical/framework" @@ -315,7 +316,7 @@ func (b *backend) getRole(ctx context.Context, s logical.Storage, n string) (*ro modified = true } - if modified { + if modified && (b.System().LocalMount() || !b.System().ReplicationState().HasState(consts.ReplicationPerformanceSecondary)) { jsonEntry, err := logical.StorageEntryJSON("role/"+n, &result) if err != nil { return nil, err diff --git a/vault/rollback.go b/vault/rollback.go index ac60c2b5880f..4c85aaba0eb1 100644 --- a/vault/rollback.go +++ b/vault/rollback.go @@ -175,6 +175,10 @@ func (m *RollbackManager) attemptRollback(ctx context.Context, path string, rs * if err == logical.ErrUnsupportedOperation { err = nil } + // If we failed due to read-only storage, we can't do anything; ignore + if err != nil && strings.Contains(err.Error(), logical.ErrReadOnly.Error()) { + err = nil + } if err != nil { m.logger.Error("rollback: error rolling back", "path", path, "error", err) } From 7ada9f634a2c1e29b0db34b5b737842e5715f138 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Fri, 2 Feb 2018 20:34:32 -0500 Subject: [PATCH 043/178] Differentiate between user/internal error in AppRole login. (#3902) * Differentiate between user/internal error in AppRole login. This allows us to properly pass through internal errors back up into core. * Separate out error cases --- builtin/credential/approle/path_login.go | 12 +++++++++--- builtin/credential/approle/validation.go | 25 ++++++++++++------------ 2 files changed, 22 insertions(+), 15 deletions(-) diff --git a/builtin/credential/approle/path_login.go b/builtin/credential/approle/path_login.go index 01443c4f4565..820fdb67d71c 100644 --- a/builtin/credential/approle/path_login.go +++ b/builtin/credential/approle/path_login.go @@ -6,6 +6,7 @@ import ( "strings" "time" + "github.com/hashicorp/errwrap" "github.com/hashicorp/vault/logical" "github.com/hashicorp/vault/logical/framework" ) @@ -51,9 +52,14 @@ func (b *backend) pathLoginUpdateAliasLookahead(ctx context.Context, req *logica // Returns the Auth object indicating the authentication and authorization information // if the credentials provided are validated by the backend. func (b *backend) pathLoginUpdate(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) { - role, roleName, metadata, _, err := b.validateCredentials(ctx, req, data) - if err != nil || role == nil { - return logical.ErrorResponse(fmt.Sprintf("failed to validate credentials: %v", err)), nil + role, roleName, metadata, _, userErr, intErr := b.validateCredentials(ctx, req, data) + switch { + case intErr != nil: + return nil, errwrap.Wrapf("failed to validate credentials: {{err}}", intErr) + case userErr != nil: + return logical.ErrorResponse(fmt.Sprintf("failed to validate credentials: %v", userErr)), nil + case role == nil: + return logical.ErrorResponse("failed to validate credentials; could not find role"), nil } // Always include the role name, for later filtering diff --git a/builtin/credential/approle/validation.go b/builtin/credential/approle/validation.go index 1a63c4d0650f..2052e70e5e85 100644 --- a/builtin/credential/approle/validation.go +++ b/builtin/credential/approle/validation.go @@ -9,6 +9,7 @@ import ( "strings" "time" + "github.com/hashicorp/errwrap" "github.com/hashicorp/go-uuid" "github.com/hashicorp/vault/helper/cidrutil" "github.com/hashicorp/vault/helper/locksutil" @@ -95,26 +96,26 @@ func (b *backend) validateRoleID(ctx context.Context, s logical.Storage, roleID } // Validates the supplied RoleID and SecretID -func (b *backend) validateCredentials(ctx context.Context, req *logical.Request, data *framework.FieldData) (*roleStorageEntry, string, map[string]string, string, error) { +func (b *backend) validateCredentials(ctx context.Context, req *logical.Request, data *framework.FieldData) (*roleStorageEntry, string, map[string]string, string, error, error) { metadata := make(map[string]string) // RoleID must be supplied during every login roleID := strings.TrimSpace(data.Get("role_id").(string)) if roleID == "" { - return nil, "", metadata, "", fmt.Errorf("missing role_id") + return nil, "", metadata, "", fmt.Errorf("missing role_id"), nil } // Validate the RoleID and get the Role entry role, roleName, err := b.validateRoleID(ctx, req.Storage, roleID) if err != nil { - return nil, "", metadata, "", err + return nil, "", metadata, "", nil, err } if role == nil || roleName == "" { - return nil, "", metadata, "", fmt.Errorf("failed to validate role_id") + return nil, "", metadata, "", fmt.Errorf("failed to validate role_id"), nil } // Calculate the TTL boundaries since this reflects the properties of the token issued if role.TokenTTL, role.TokenMaxTTL, err = b.SanitizeTTL(role.TokenTTL, role.TokenMaxTTL); err != nil { - return nil, "", metadata, "", err + return nil, "", metadata, "", nil, err } var secretID string @@ -123,7 +124,7 @@ func (b *backend) validateCredentials(ctx context.Context, req *logical.Request, // to be specified and validate it. secretID = strings.TrimSpace(data.Get("secret_id").(string)) if secretID == "" { - return nil, "", metadata, "", fmt.Errorf("missing secret_id") + return nil, "", metadata, "", fmt.Errorf("missing secret_id"), nil } if role.LowerCaseRoleName { @@ -135,29 +136,29 @@ func (b *backend) validateCredentials(ctx context.Context, req *logical.Request, var valid bool valid, metadata, err = b.validateBindSecretID(ctx, req, roleName, secretID, role.HMACKey, role.BoundCIDRList) if err != nil { - return nil, "", metadata, "", err + return nil, "", metadata, "", nil, err } if !valid { - return nil, "", metadata, "", fmt.Errorf("invalid secret_id %q", secretID) + return nil, "", metadata, "", fmt.Errorf("invalid secret_id %q", secretID), nil } } if role.BoundCIDRList != "" { // If 'bound_cidr_list' was set, verify the CIDR restrictions if req.Connection == nil || req.Connection.RemoteAddr == "" { - return nil, "", metadata, "", fmt.Errorf("failed to get connection information") + return nil, "", metadata, "", fmt.Errorf("failed to get connection information"), nil } belongs, err := cidrutil.IPBelongsToCIDRBlocksString(req.Connection.RemoteAddr, role.BoundCIDRList, ",") if err != nil { - return nil, "", metadata, "", fmt.Errorf("failed to verify the CIDR restrictions set on the role: %v", err) + return nil, "", metadata, "", nil, errwrap.Wrapf("failed to verify the CIDR restrictions set on the role: {{err}}", err) } if !belongs { - return nil, "", metadata, "", fmt.Errorf("source address %q unauthorized through CIDR restrictions on the role", req.Connection.RemoteAddr) + return nil, "", metadata, "", fmt.Errorf("source address %q unauthorized through CIDR restrictions on the role", req.Connection.RemoteAddr), nil } } - return role, roleName, metadata, secretID, nil + return role, roleName, metadata, secretID, nil, nil } // validateBindSecretID is used to determine if the given SecretID is a valid one. From 59c483a01d905e4ab0e9255fa515a9edb21d2a69 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Sat, 3 Feb 2018 13:28:15 -0500 Subject: [PATCH 044/178] changelog++ --- CHANGELOG.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index fca63c307a58..8b4cf762b65f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,10 +2,12 @@ BUG FIXES: + * auth/approle: Fix inability to use limited-use-count secret IDs on + replication performance secondaries * auth/okta: Return configured durations as seconds, not nanoseconds [GH-3871] * auth/token: Token creation via the CLI no longer forces periodic token creation. Passing an explicit zero value for the period no longer create - periodic tokens [GH-3880] + periodic tokens. [GH-3880] * storage/etcd3: Fix memory ballooning with standby instances [GH-3798] * storage/etcd3: Fix large lists (like token loading at startup) not being handled [GH-3772] From 78ff2014fa427fab4fbebdb62e21c4ad408d4fa5 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Sun, 4 Feb 2018 19:25:27 -0500 Subject: [PATCH 045/178] Make the MFA support status more clear for the legacy system --- website/source/docs/auth/mfa.html.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/website/source/docs/auth/mfa.html.md b/website/source/docs/auth/mfa.html.md index 884065e0a95d..ffee2a42316a 100644 --- a/website/source/docs/auth/mfa.html.md +++ b/website/source/docs/auth/mfa.html.md @@ -10,8 +10,9 @@ description: |- # Multi-Factor Authentication ~> **NOTE**: This page describes the legacy MFA system available in the OSS -edition of Vault. Vault Enterprise contains a significantly more complete and -flexible MFA system that can be used throughout Vault's API. See the [Vault +edition of Vault. This system is not supported by HashiCorp. Vault Enterprise +contains fully-supported MFA system that is significantly more complete and +flexible, and that can be used throughout Vault's API. See the [Vault Enterprise MFA](/docs/enterprise/mfa/index.html) page for more information. Several auth methods support multi-factor authentication (MFA). Once From 9584ff537f9fcb7ac039df5f10157deee8e83a97 Mon Sep 17 00:00:00 2001 From: Joel Thompson Date: Sun, 4 Feb 2018 17:37:03 -0700 Subject: [PATCH 046/178] auth/aws: Switch role tag processing from strings.Contains to strings.HasPrefix (#3906) strings.HasPrefix is more correct; if a tag part value ended up containing the expected prefix of another part, it could cause incorrect parsing. I don't think that these values would be semantically legal today, but it's probably better to be defensive. --- builtin/credential/aws/path_role_tag.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/builtin/credential/aws/path_role_tag.go b/builtin/credential/aws/path_role_tag.go index bd01bbb6176e..3d775ea9acd2 100644 --- a/builtin/credential/aws/path_role_tag.go +++ b/builtin/credential/aws/path_role_tag.go @@ -319,23 +319,23 @@ func (b *backend) parseAndVerifyRoleTagValue(ctx context.Context, s logical.Stor for _, tagItem := range tagItems { var err error switch { - case strings.Contains(tagItem, "i="): + case strings.HasPrefix(tagItem, "i="): rTag.InstanceID = strings.TrimPrefix(tagItem, "i=") - case strings.Contains(tagItem, "r="): + case strings.HasPrefix(tagItem, "r="): rTag.Role = strings.TrimPrefix(tagItem, "r=") - case strings.Contains(tagItem, "p="): + case strings.HasPrefix(tagItem, "p="): rTag.Policies = strings.Split(strings.TrimPrefix(tagItem, "p="), ",") - case strings.Contains(tagItem, "d="): + case strings.HasPrefix(tagItem, "d="): rTag.DisallowReauthentication, err = strconv.ParseBool(strings.TrimPrefix(tagItem, "d=")) if err != nil { return nil, err } - case strings.Contains(tagItem, "m="): + case strings.HasPrefix(tagItem, "m="): rTag.AllowInstanceMigration, err = strconv.ParseBool(strings.TrimPrefix(tagItem, "m=")) if err != nil { return nil, err } - case strings.Contains(tagItem, "t="): + case strings.HasPrefix(tagItem, "t="): rTag.MaxTTL, err = time.ParseDuration(fmt.Sprintf("%ss", strings.TrimPrefix(tagItem, "t="))) if err != nil { return nil, err From 63efb0e1116c1b845f590fb186b60ff16aed2d19 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Sun, 4 Feb 2018 20:37:57 -0500 Subject: [PATCH 047/178] Some vet fixes --- helper/keysutil/policy.go | 2 -- helper/proxyutil/proxyutil.go | 2 +- helper/strutil/strutil_test.go | 2 +- http/sys_wrapping_test.go | 4 +-- logical/framework/path_map_test.go | 2 +- logical/plugin/pb/translation_test.go | 4 +-- physical/inmem/inmem_ha.go | 8 +++--- vault/cluster.go | 35 ++++++++++++--------------- 8 files changed, 27 insertions(+), 32 deletions(-) diff --git a/helper/keysutil/policy.go b/helper/keysutil/policy.go index 9899c7f223c6..a45b1a772b71 100644 --- a/helper/keysutil/policy.go +++ b/helper/keysutil/policy.go @@ -953,8 +953,6 @@ func (p *Policy) VerifySignature(context, input []byte, sig, algorithm string) ( default: return false, errutil.InternalError{Err: fmt.Sprintf("unsupported key type %v", p.Type)} } - - return false, errutil.InternalError{Err: "no valid key type found"} } func (p *Policy) Rotate(ctx context.Context, storage logical.Storage) error { diff --git a/helper/proxyutil/proxyutil.go b/helper/proxyutil/proxyutil.go index 5ff59b1f1cf7..06371b29e548 100644 --- a/helper/proxyutil/proxyutil.go +++ b/helper/proxyutil/proxyutil.go @@ -36,7 +36,7 @@ func (p *ProxyProtoConfig) SetAuthorizedAddrs(addrs interface{}) error { for _, v := range addrs.([]interface{}) { stringAddr, ok := v.(string) if !ok { - return fmt.Errorf("error parsing %q as string") + return fmt.Errorf("error parsing %v as string", v) } stringAddrs = append(stringAddrs, stringAddr) } diff --git a/helper/strutil/strutil_test.go b/helper/strutil/strutil_test.go index 87feb4a35215..e0196a660a91 100644 --- a/helper/strutil/strutil_test.go +++ b/helper/strutil/strutil_test.go @@ -349,7 +349,7 @@ func TestGlobbedStringsMatch(t *testing.T) { actual := GlobbedStringsMatch(tc.item, tc.val) if actual != tc.expect { - t.Fatalf("Bad testcase %#v, expected %b, got %b", tc, tc.expect, actual) + t.Fatalf("Bad testcase %#v, expected %t, got %t", tc, tc.expect, actual) } } } diff --git a/http/sys_wrapping_test.go b/http/sys_wrapping_test.go index 7ab2143b17ce..b353707e6d5e 100644 --- a/http/sys_wrapping_test.go +++ b/http/sys_wrapping_test.go @@ -310,7 +310,7 @@ func TestHTTP_Wrapping(t *testing.T) { // Check for correct CreationPath before rewrap if wrapInfo.CreationPath != "secret/foo" { - t.Fatal("error on wrapInfo.CreationPath: expected: secret/foo, got: %s", wrapInfo.CreationPath) + t.Fatalf("error on wrapInfo.CreationPath: expected: secret/foo, got: %s", wrapInfo.CreationPath) } // Test rewrapping @@ -323,7 +323,7 @@ func TestHTTP_Wrapping(t *testing.T) { // Check for correct Creation path after rewrap if wrapInfo.CreationPath != "secret/foo" { - t.Fatal("error on wrapInfo.CreationPath: expected: secret/foo, got: %s", wrapInfo.CreationPath) + t.Fatalf("error on wrapInfo.CreationPath: expected: secret/foo, got: %s", wrapInfo.CreationPath) } // Should be expired and fail diff --git a/logical/framework/path_map_test.go b/logical/framework/path_map_test.go index 11f459b4a69c..b1cce0923f2c 100644 --- a/logical/framework/path_map_test.go +++ b/logical/framework/path_map_test.go @@ -271,7 +271,7 @@ func testSalting(t *testing.T, ctx context.Context, storage logical.Storage, sal Value: []byte(`{"foo": "bar"}`), }) if err != nil { - t.Fatal("err: %v", err) + t.Fatalf("err: %v", err) } // A read should transparently upgrade resp, err = b.HandleRequest(ctx, &logical.Request{ diff --git a/logical/plugin/pb/translation_test.go b/logical/plugin/pb/translation_test.go index bee6553daf3c..f829f687d60c 100644 --- a/logical/plugin/pb/translation_test.go +++ b/logical/plugin/pb/translation_test.go @@ -31,7 +31,7 @@ func TestTranslation_Errors(t *testing.T) { e := ProtoErrToErr(pe) if !reflect.DeepEqual(e, err) { - t.Fatal("Errs did not match: %#v, %#v", e, err) + t.Fatalf("Errs did not match: %#v, %#v", e, err) } } } @@ -49,7 +49,7 @@ func TestTranslation_StorageEntry(t *testing.T) { e := ProtoStorageEntryToLogicalStorageEntry(p) if !reflect.DeepEqual(c, e) { - t.Fatal("Entries did not match: %#v, %#v", e, c) + t.Fatalf("Entries did not match: %#v, %#v", e, c) } } } diff --git a/physical/inmem/inmem_ha.go b/physical/inmem/inmem_ha.go index d322da229ed4..5dcacb7cd26c 100644 --- a/physical/inmem/inmem_ha.go +++ b/physical/inmem/inmem_ha.go @@ -11,7 +11,7 @@ import ( type InmemHABackend struct { physical.Backend locks map[string]string - l sync.Mutex + l *sync.Mutex cond *sync.Cond logger log.Logger } @@ -32,8 +32,9 @@ func NewInmemHA(_ map[string]string, logger log.Logger) (physical.Backend, error Backend: be, locks: make(map[string]string), logger: logger, + l: new(sync.Mutex), } - in.cond = sync.NewCond(&in.l) + in.cond = sync.NewCond(in.l) return in, nil } @@ -46,13 +47,14 @@ func NewTransactionalInmemHA(_ map[string]string, logger log.Logger) (physical.B Backend: transInmem, locks: make(map[string]string), logger: logger, + l: new(sync.Mutex), } in := &TransactionalInmemHABackend{ InmemHABackend: inmemHA, Transactional: transInmem.(physical.Transactional), } - in.cond = sync.NewCond(&in.l) + in.cond = sync.NewCond(in.l) return in, nil } diff --git a/vault/cluster.go b/vault/cluster.go index 4464061741d4..a95c1daba80f 100644 --- a/vault/cluster.go +++ b/vault/cluster.go @@ -343,31 +343,26 @@ func (c *Core) ClusterTLSConfig(ctx context.Context) (*tls.Config, error) { // of clustering as connections come and go serverLookup := func(clientHello *tls.ClientHelloInfo) (*tls.Certificate, error) { - switch { - default: - var localCert bytes.Buffer - - c.clusterParamsLock.RLock() - localCert.Write(c.localClusterCert) - localSigner := c.localClusterPrivateKey - parsedCert := c.localClusterParsedCert - c.clusterParamsLock.RUnlock() + var localCert bytes.Buffer - if localCert.Len() == 0 { - return nil, fmt.Errorf("got forwarding connection but no local cert") - } + c.clusterParamsLock.RLock() + localCert.Write(c.localClusterCert) + localSigner := c.localClusterPrivateKey + parsedCert := c.localClusterParsedCert + c.clusterParamsLock.RUnlock() - //c.logger.Trace("core: performing cert name lookup", "hello_server_name", clientHello.ServerName, "local_cluster_cert_name", parsedCert.Subject.CommonName) + if localCert.Len() == 0 { + return nil, fmt.Errorf("got forwarding connection but no local cert") + } - return &tls.Certificate{ - Certificate: [][]byte{localCert.Bytes()}, - PrivateKey: localSigner, - Leaf: parsedCert, - }, nil + //c.logger.Trace("core: performing cert name lookup", "hello_server_name", clientHello.ServerName, "local_cluster_cert_name", parsedCert.Subject.CommonName) - } + return &tls.Certificate{ + Certificate: [][]byte{localCert.Bytes()}, + PrivateKey: localSigner, + Leaf: parsedCert, + }, nil - return nil, nil } clientLookup := func(requestInfo *tls.CertificateRequestInfo) (*tls.Certificate, error) { From b8a4dc1e0935053cdcf32f38ca486780398c17f9 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Sun, 4 Feb 2018 20:42:45 -0500 Subject: [PATCH 048/178] Revert cluster.go change --- vault/cluster.go | 34 ++++++++++++++++++---------------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/vault/cluster.go b/vault/cluster.go index a95c1daba80f..c29bcaf84b7e 100644 --- a/vault/cluster.go +++ b/vault/cluster.go @@ -343,26 +343,28 @@ func (c *Core) ClusterTLSConfig(ctx context.Context) (*tls.Config, error) { // of clustering as connections come and go serverLookup := func(clientHello *tls.ClientHelloInfo) (*tls.Certificate, error) { - var localCert bytes.Buffer - - c.clusterParamsLock.RLock() - localCert.Write(c.localClusterCert) - localSigner := c.localClusterPrivateKey - parsedCert := c.localClusterParsedCert - c.clusterParamsLock.RUnlock() + switch { + default: + var localCert bytes.Buffer - if localCert.Len() == 0 { - return nil, fmt.Errorf("got forwarding connection but no local cert") - } + c.clusterParamsLock.RLock() + localCert.Write(c.localClusterCert) + localSigner := c.localClusterPrivateKey + parsedCert := c.localClusterParsedCert + c.clusterParamsLock.RUnlock() - //c.logger.Trace("core: performing cert name lookup", "hello_server_name", clientHello.ServerName, "local_cluster_cert_name", parsedCert.Subject.CommonName) + if localCert.Len() == 0 { + return nil, fmt.Errorf("got forwarding connection but no local cert") + } - return &tls.Certificate{ - Certificate: [][]byte{localCert.Bytes()}, - PrivateKey: localSigner, - Leaf: parsedCert, - }, nil + //c.logger.Trace("core: performing cert name lookup", "hello_server_name", clientHello.ServerName, "local_cluster_cert_name", parsedCert.Subject.CommonName) + return &tls.Certificate{ + Certificate: [][]byte{localCert.Bytes()}, + PrivateKey: localSigner, + Leaf: parsedCert, + }, nil + } } clientLookup := func(requestInfo *tls.CertificateRequestInfo) (*tls.Certificate, error) { From 359c7cdffa1d3b7fad0a3aea9ecbdfd975876bda Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Mon, 5 Feb 2018 10:56:57 -0500 Subject: [PATCH 049/178] Add centrify CLI handler support --- command/commands.go | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/command/commands.go b/command/commands.go index 6af11b0083dc..7a8204dd9c2c 100644 --- a/command/commands.go +++ b/command/commands.go @@ -185,11 +185,12 @@ func init() { } loginHandlers := map[string]LoginHandler{ - "aws": &credAws.CLIHandler{}, - "cert": &credCert.CLIHandler{}, - "github": &credGitHub.CLIHandler{}, - "ldap": &credLdap.CLIHandler{}, - "okta": &credOkta.CLIHandler{}, + "aws": &credAws.CLIHandler{}, + "centrify": &credCentrify.CLIHandler{}, + "cert": &credCert.CLIHandler{}, + "github": &credGitHub.CLIHandler{}, + "ldap": &credLdap.CLIHandler{}, + "okta": &credOkta.CLIHandler{}, "radius": &credUserpass.CLIHandler{ DefaultMount: "radius", }, From 1f3db196d2552cefa81990852a7d8c3bb16d3b27 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Mon, 5 Feb 2018 10:57:22 -0500 Subject: [PATCH 050/178] changelog++ --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8b4cf762b65f..77bd5546d77e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ ## 0.9.4 (Unreleased) +IMPROVEMENTS: + + * auth/centrify: Add CLI helper + BUG FIXES: * auth/approle: Fix inability to use limited-use-count secret IDs on From 964bde23497408d0b5449628a0025d7333c0e62e Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Mon, 5 Feb 2018 11:22:21 -0500 Subject: [PATCH 051/178] Update zookeeper dep Fixes #3896 --- .../github.com/samuel/go-zookeeper/zk/conn.go | 45 ++++++++++++++++--- vendor/vendor.json | 6 +-- 2 files changed, 43 insertions(+), 8 deletions(-) diff --git a/vendor/github.com/samuel/go-zookeeper/zk/conn.go b/vendor/github.com/samuel/go-zookeeper/zk/conn.go index 13fb0f0c5846..f79a51b35516 100644 --- a/vendor/github.com/samuel/go-zookeeper/zk/conn.go +++ b/vendor/github.com/samuel/go-zookeeper/zk/conn.go @@ -101,6 +101,9 @@ type Conn struct { reconnectLatch chan struct{} setWatchLimit int setWatchCallback func([]*setWatchesRequest) + // Debug (for recurring re-auth hang) + debugCloseRecvLoop bool + debugReauthDone chan struct{} logger Logger logInfo bool // true if information messages are logged; false if only errors are logged @@ -301,9 +304,9 @@ func WithMaxBufferSize(maxBufferSize int) connOption { // to a limit of 1mb. This option should be used for non-standard server setup // where znode is bigger than default 1mb. func WithMaxConnBufferSize(maxBufferSize int) connOption { - return func(c *Conn) { - c.buf = make([]byte, maxBufferSize) - } + return func(c *Conn) { + c.buf = make([]byte, maxBufferSize) + } } func (c *Conn) Close() { @@ -389,6 +392,17 @@ func (c *Conn) connect() error { } func (c *Conn) resendZkAuth(reauthReadyChan chan struct{}) { + shouldCancel := func() bool { + select { + case <-c.shouldQuit: + return true + case <-c.closeChan: + return true + default: + return false + } + } + c.credsMu.Lock() defer c.credsMu.Unlock() @@ -400,6 +414,10 @@ func (c *Conn) resendZkAuth(reauthReadyChan chan struct{}) { } for _, cred := range c.creds { + if shouldCancel() { + c.logger.Printf("Cancel rer-submitting credentials") + return + } resChan, err := c.sendRequest( opSetAuth, &setAuthRequest{Type: 0, @@ -415,7 +433,16 @@ func (c *Conn) resendZkAuth(reauthReadyChan chan struct{}) { continue } - res := <-resChan + var res response + select { + case res = <-resChan: + case <-c.closeChan: + c.logger.Printf("Recv closed, cancel re-submitting credentials") + return + case <-c.shouldQuit: + c.logger.Printf("Should quit, cancel re-submitting credentials") + return + } if res.err != nil { c.logger.Printf("Credential re-submit failed: %s", res.err) // FIXME(prozlach): lets ignore errors for now @@ -476,6 +503,9 @@ func (c *Conn) loop() { wg.Add(1) go func() { <-reauthChan + if c.debugCloseRecvLoop { + close(c.debugReauthDone) + } err := c.sendLoop() if err != nil || c.logInfo { c.logger.Printf("Send loop terminated: err=%v", err) @@ -486,7 +516,12 @@ func (c *Conn) loop() { wg.Add(1) go func() { - err := c.recvLoop(c.conn) + var err error + if c.debugCloseRecvLoop { + err = errors.New("DEBUG: close recv loop") + } else { + err = c.recvLoop(c.conn) + } if err != io.EOF || c.logInfo { c.logger.Printf("Recv loop terminated: err=%v", err) } diff --git a/vendor/vendor.json b/vendor/vendor.json index 20ee5657399b..b3d9523e13bf 100644 --- a/vendor/vendor.json +++ b/vendor/vendor.json @@ -1495,10 +1495,10 @@ "revisionTime": "2017-01-28T01:21:29Z" }, { - "checksumSHA1": "y33yd1uDZmV3VY4K/5FCGTeRtB8=", + "checksumSHA1": "ze1R6Lrk0kW0cX24ZdZD6ZpIDCo=", "path": "github.com/samuel/go-zookeeper/zk", - "revision": "471cd4e61d7a78ece1791fa5faa0345dc8c7d5a5", - "revisionTime": "2017-11-17T18:40:27Z" + "revision": "c4fab1ac1bec58281ad0667dc3f0907a9476ac47", + "revisionTime": "2018-01-30T19:37:22Z" }, { "checksumSHA1": "eDQ6f1EsNf+frcRO/9XukSEchm8=", From 733b0af8989fbb62b63c3d658651ab33c5769faa Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Mon, 5 Feb 2018 11:23:03 -0500 Subject: [PATCH 052/178] changelog++ --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 77bd5546d77e..cfc7baa9775d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,7 @@ BUG FIXES: * storage/etcd3: Fix memory ballooning with standby instances [GH-3798] * storage/etcd3: Fix large lists (like token loading at startup) not being handled [GH-3772] + * storage/zookeeper: Update vendoring to fix freezing issues [GH-3896] * plugin/gRPC: Fixed an issue with list requests and raw responses coming from plugins using gRPC transport [GH-3881] From ca9aed63bb0f618480625a4590347020cca4605d Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Mon, 5 Feb 2018 11:47:59 -0500 Subject: [PATCH 053/178] Mark old MFA as legacy/unsupported in sidebar --- website/source/layouts/docs.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/source/layouts/docs.erb b/website/source/layouts/docs.erb index 779db6da465b..ec04aa859607 100644 --- a/website/source/layouts/docs.erb +++ b/website/source/layouts/docs.erb @@ -479,7 +479,7 @@ > - MFA + MFA (Legacy / Unsupported) > From fbb0c633e9192172d20c5d90459514651591ef83 Mon Sep 17 00:00:00 2001 From: Gobin Sougrakpam Date: Tue, 6 Feb 2018 04:22:49 +1100 Subject: [PATCH 054/178] Fix renewAuth to use the increment value (#3904) --- api/renewer.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/renewer.go b/api/renewer.go index b61ef0245b8e..2a72ebe2ef66 100644 --- a/api/renewer.go +++ b/api/renewer.go @@ -195,7 +195,7 @@ func (r *Renewer) renewAuth() error { } // Renew the auth. - renewal, err := client.Auth().Token().RenewTokenAsSelf(token, 0) + renewal, err := client.Auth().Token().RenewTokenAsSelf(token, r.increment) if err != nil { return err } From 21380997f1f1d4419161c9f6504d1789fed3300b Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Mon, 5 Feb 2018 12:23:12 -0500 Subject: [PATCH 055/178] changelog++ --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index cfc7baa9775d..3939eba508a8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ IMPROVEMENTS: BUG FIXES: + * api/renewer: Honor increment value in renew auth calls [GH-3904] * auth/approle: Fix inability to use limited-use-count secret IDs on replication performance secondaries * auth/okta: Return configured durations as seconds, not nanoseconds [GH-3871] From 291df73f421350bbc5767c589b528418cdbfb386 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Mon, 5 Feb 2018 12:26:16 -0500 Subject: [PATCH 056/178] Minor grammatical update to MFA doc --- website/source/docs/auth/mfa.html.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/website/source/docs/auth/mfa.html.md b/website/source/docs/auth/mfa.html.md index ffee2a42316a..d8af55ecc483 100644 --- a/website/source/docs/auth/mfa.html.md +++ b/website/source/docs/auth/mfa.html.md @@ -11,8 +11,8 @@ description: |- ~> **NOTE**: This page describes the legacy MFA system available in the OSS edition of Vault. This system is not supported by HashiCorp. Vault Enterprise -contains fully-supported MFA system that is significantly more complete and -flexible, and that can be used throughout Vault's API. See the [Vault +contains a fully-supported MFA system that is significantly more complete and +flexible and which can be used throughout Vault's API. See the [Vault Enterprise MFA](/docs/enterprise/mfa/index.html) page for more information. Several auth methods support multi-factor authentication (MFA). Once From d719a6c06774916b131d546f1045c3c709a66fa9 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Mon, 5 Feb 2018 12:29:26 -0500 Subject: [PATCH 057/178] Move MFA to deprecated section, mark with a super --- website/source/layouts/docs.erb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/website/source/layouts/docs.erb b/website/source/layouts/docs.erb index ec04aa859607..c587d91aaad1 100644 --- a/website/source/layouts/docs.erb +++ b/website/source/layouts/docs.erb @@ -478,10 +478,6 @@ LDAP - > - MFA (Legacy / Unsupported) - - > Okta @@ -508,6 +504,10 @@ App ID DEPRECATED + > + MFALEGACY / UNSUPPORTED + +
      From 22aeac2e8ea546dec49e60284625b5f30417b84f Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Mon, 5 Feb 2018 12:32:06 -0500 Subject: [PATCH 058/178] Add a space before the MFA super --- website/source/layouts/docs.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/source/layouts/docs.erb b/website/source/layouts/docs.erb index c587d91aaad1..2e3f8affdf9a 100644 --- a/website/source/layouts/docs.erb +++ b/website/source/layouts/docs.erb @@ -505,7 +505,7 @@ > - MFALEGACY / UNSUPPORTED + MFA LEGACY / UNSUPPORTED
    From 7d73ac4c967b3b8726c71e00c017129e1d36ad3c Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Mon, 5 Feb 2018 14:26:31 -0500 Subject: [PATCH 059/178] go vet fixes --- builtin/credential/aws/backend_test.go | 6 +-- builtin/credential/cert/backend_test.go | 3 +- builtin/credential/ldap/backend_test.go | 2 +- builtin/logical/database/backend_test.go | 4 +- command/identity_group_aliases_integ_test.go | 12 ++--- command/server/listener_tcp_test.go | 2 +- helper/certutil/helpers.go | 18 +++---- helper/certutil/types.go | 56 ++++++++++---------- helper/wrapping/wrapinfo.go | 2 +- http/sys_wrapping_test.go | 2 +- physical/zookeeper/zookeeper.go | 8 ++- vault/cluster_test.go | 1 - vault/identity_store_util.go | 10 ++-- 13 files changed, 65 insertions(+), 61 deletions(-) diff --git a/builtin/credential/aws/backend_test.go b/builtin/credential/aws/backend_test.go index d1f1b819ce1c..438de50f472f 100644 --- a/builtin/credential/aws/backend_test.go +++ b/builtin/credential/aws/backend_test.go @@ -287,7 +287,7 @@ func TestBackend_ConfigTidyIdentities(t *testing.T) { t.Fatalf("failed to read config/tidy/identity-whitelist endpoint") } if resp.Data["safety_buffer"].(int) != 60 || !resp.Data["disable_periodic_tidy"].(bool) { - t.Fatalf("bad: expected: safety_buffer:60 disable_periodic_tidy:true actual: safety_buffer:%s disable_periodic_tidy:%t\n", resp.Data["safety_buffer"].(int), resp.Data["disable_periodic_tidy"].(bool)) + t.Fatalf("bad: expected: safety_buffer:60 disable_periodic_tidy:true actual: safety_buffer:%d disable_periodic_tidy:%t\n", resp.Data["safety_buffer"].(int), resp.Data["disable_periodic_tidy"].(bool)) } // test delete operation @@ -342,7 +342,7 @@ func TestBackend_ConfigTidyRoleTags(t *testing.T) { t.Fatalf("failed to read config/tidy/roletag-blacklist endpoint") } if resp.Data["safety_buffer"].(int) != 60 || !resp.Data["disable_periodic_tidy"].(bool) { - t.Fatalf("bad: expected: safety_buffer:60 disable_periodic_tidy:true actual: safety_buffer:%s disable_periodic_tidy:%t\n", resp.Data["safety_buffer"].(int), resp.Data["disable_periodic_tidy"].(bool)) + t.Fatalf("bad: expected: safety_buffer:60 disable_periodic_tidy:true actual: safety_buffer:%d disable_periodic_tidy:%t\n", resp.Data["safety_buffer"].(int), resp.Data["disable_periodic_tidy"].(bool)) } // test delete operation @@ -1587,7 +1587,7 @@ func TestBackendAcc_LoginWithCallerIdentity(t *testing.T) { // and ensure a renew no longer works resp, err = b.pathLoginRenew(context.Background(), renewReq, empty_login_fd) if err == nil || (resp != nil && !resp.IsError()) { - t.Errorf("bad: expected failed renew due to changed AWS role ID: resp: %#v", resp, err) + t.Errorf("bad: expected failed renew due to changed AWS role ID: resp: %#v", resp) } // Undo the fake resolver... b.resolveArnToUniqueIDFunc = b.resolveArnToRealUniqueId diff --git a/builtin/credential/cert/backend_test.go b/builtin/credential/cert/backend_test.go index 6ae4234fd7e2..62f1b4646081 100644 --- a/builtin/credential/cert/backend_test.go +++ b/builtin/credential/cert/backend_test.go @@ -1062,8 +1062,7 @@ func testConnState(certPath, keyPath, rootCertPath string) (tls.ConnectionState, InsecureSkipVerify: false, RootCAs: rootCAs, } - dialConf := new(tls.Config) - *dialConf = *listenConf + dialConf := listenConf.Clone() // start a server list, err := tls.Listen("tcp", "127.0.0.1:0", listenConf) if err != nil { diff --git a/builtin/credential/ldap/backend_test.go b/builtin/credential/ldap/backend_test.go index fed732734778..c056b4119f1d 100644 --- a/builtin/credential/ldap/backend_test.go +++ b/builtin/credential/ldap/backend_test.go @@ -261,7 +261,7 @@ func TestBackend_configDefaultsAfterUpdate(t *testing.T) { defaultDenyNullBind := true if cfg["deny_null_bind"] != defaultDenyNullBind { - t.Errorf("Default mismatch: deny_null_bind. Expected: '%s', received :'%s'", defaultDenyNullBind, cfg["deny_null_bind"]) + t.Errorf("Default mismatch: deny_null_bind. Expected: '%t', received :'%s'", defaultDenyNullBind, cfg["deny_null_bind"]) } return nil diff --git a/builtin/logical/database/backend_test.go b/builtin/logical/database/backend_test.go index 6b207f6d3a01..ba7185ba639d 100644 --- a/builtin/logical/database/backend_test.go +++ b/builtin/logical/database/backend_test.go @@ -143,7 +143,7 @@ func TestBackend_RoleUpgrade(t *testing.T) { } if !reflect.DeepEqual(role, roleEnt) { - t.Fatal("bad role %#v", role) + t.Fatalf("bad role %#v", role) } // Upgrade case @@ -162,7 +162,7 @@ func TestBackend_RoleUpgrade(t *testing.T) { } if !reflect.DeepEqual(role, roleEnt) { - t.Fatal("bad role %#v", role) + t.Fatalf("bad role %#v", role) } } diff --git a/command/identity_group_aliases_integ_test.go b/command/identity_group_aliases_integ_test.go index 8fc832e81c53..5790ae202144 100644 --- a/command/identity_group_aliases_integ_test.go +++ b/command/identity_group_aliases_integ_test.go @@ -192,7 +192,7 @@ func TestIdentityStore_Integ_GroupAliases(t *testing.T) { } } if !found { - t.Fatalf("expected entity ID %q to be part of Italians group") + t.Fatalf("expected entity ID %q to be part of Italians group", entityID) } secret, err = client.Logical().Read("identity/group/id/" + scientistsGroupID) @@ -207,7 +207,7 @@ func TestIdentityStore_Integ_GroupAliases(t *testing.T) { } } if !found { - t.Fatalf("expected entity ID %q to be part of Scientists group") + t.Fatalf("expected entity ID %q to be part of Scientists group", entityID) } secret, err = client.Logical().Read("identity/group/id/" + devopsGroupID) @@ -222,7 +222,7 @@ func TestIdentityStore_Integ_GroupAliases(t *testing.T) { } } if !found { - t.Fatalf("expected entity ID %q to be part of devops group") + t.Fatalf("expected entity ID %q to be part of devops group", entityID) } identityStore := cores[0].IdentityStore() @@ -308,7 +308,7 @@ func TestIdentityStore_Integ_GroupAliases(t *testing.T) { } } if !found { - t.Fatalf("expected entity ID %q to be part of Italians group") + t.Fatalf("expected entity ID %q to be part of Italians group", entityID) } secret, err = client.Logical().Read("identity/group/id/" + scientistsGroupID) @@ -323,7 +323,7 @@ func TestIdentityStore_Integ_GroupAliases(t *testing.T) { } } if !found { - t.Fatalf("expected entity ID %q to be part of Italians group") + t.Fatalf("expected entity ID %q to be part of scientists group", entityID) } secret, err = client.Logical().Read("identity/group/id/" + devopsGroupID) @@ -339,7 +339,7 @@ func TestIdentityStore_Integ_GroupAliases(t *testing.T) { } } if !found { - t.Fatalf("expected entity ID %q to be part of devops group") + t.Fatalf("expected entity ID %q to be part of devops group", entityID) } // Remove user tesla from the devops group in LDAP backend diff --git a/command/server/listener_tcp_test.go b/command/server/listener_tcp_test.go index 9d5d11895c98..89045da29538 100644 --- a/command/server/listener_tcp_test.go +++ b/command/server/listener_tcp_test.go @@ -36,7 +36,7 @@ func TestTCPListener_tls(t *testing.T) { wd, _ := os.Getwd() wd += "/test-fixtures/reload/" - td, err := ioutil.TempDir("", fmt.Sprintf("vault-test-%d", rand.New(rand.NewSource(time.Now().Unix())).Int63)) + td, err := ioutil.TempDir("", fmt.Sprintf("vault-test-%d", rand.New(rand.NewSource(time.Now().Unix())).Int63())) if err != nil { t.Fatal(err) } diff --git a/helper/certutil/helpers.go b/helper/certutil/helpers.go index b6e61b20b0bd..4488f1b1d80f 100644 --- a/helper/certutil/helpers.go +++ b/helper/certutil/helpers.go @@ -52,12 +52,12 @@ func ParseHexFormatted(in, sep string) []byte { // of the marshaled public key func GetSubjKeyID(privateKey crypto.Signer) ([]byte, error) { if privateKey == nil { - return nil, errutil.InternalError{"passed-in private key is nil"} + return nil, errutil.InternalError{Err: "passed-in private key is nil"} } marshaledKey, err := x509.MarshalPKIXPublicKey(privateKey.Public()) if err != nil { - return nil, errutil.InternalError{fmt.Sprintf("error marshalling public key: %s", err)} + return nil, errutil.InternalError{Err: fmt.Sprintf("error marshalling public key: %s", err)} } subjKeyID := sha1.Sum(marshaledKey) @@ -71,7 +71,7 @@ func ParsePKIMap(data map[string]interface{}) (*ParsedCertBundle, error) { result := &CertBundle{} err := mapstructure.Decode(data, result) if err != nil { - return nil, errutil.UserError{err.Error()} + return nil, errutil.UserError{Err: err.Error()} } return result.ToParsedCertBundle() @@ -97,7 +97,7 @@ func ParsePKIJSON(input []byte) (*ParsedCertBundle, error) { return ParsePKIMap(secret.Data) } - return nil, errutil.UserError{"unable to parse out of either secret data or a secret object"} + return nil, errutil.UserError{Err: "unable to parse out of either secret data or a secret object"} } // ParsePEMBundle takes a string of concatenated PEM-format certificate @@ -106,7 +106,7 @@ func ParsePKIJSON(input []byte) (*ParsedCertBundle, error) { // certificates may follow. There must be at most one private key. func ParsePEMBundle(pemBundle string) (*ParsedCertBundle, error) { if len(pemBundle) == 0 { - return nil, errutil.UserError{"empty pem bundle"} + return nil, errutil.UserError{Err: "empty pem bundle"} } pemBundle = strings.TrimSpace(pemBundle) @@ -119,12 +119,12 @@ func ParsePEMBundle(pemBundle string) (*ParsedCertBundle, error) { for len(pemBytes) > 0 { pemBlock, pemBytes = pem.Decode(pemBytes) if pemBlock == nil { - return nil, errutil.UserError{"no data found"} + return nil, errutil.UserError{Err: "no data found"} } if signer, err := x509.ParseECPrivateKey(pemBlock.Bytes); err == nil { if parsedBundle.PrivateKeyType != UnknownPrivateKey { - return nil, errutil.UserError{"more than one private key given; provide only one private key in the bundle"} + return nil, errutil.UserError{Err: "more than one private key given; provide only one private key in the bundle"} } parsedBundle.PrivateKeyFormat = ECBlock parsedBundle.PrivateKeyType = ECPrivateKey @@ -133,7 +133,7 @@ func ParsePEMBundle(pemBundle string) (*ParsedCertBundle, error) { } else if signer, err := x509.ParsePKCS1PrivateKey(pemBlock.Bytes); err == nil { if parsedBundle.PrivateKeyType != UnknownPrivateKey { - return nil, errutil.UserError{"more than one private key given; provide only one private key in the bundle"} + return nil, errutil.UserError{Err: "more than one private key given; provide only one private key in the bundle"} } parsedBundle.PrivateKeyType = RSAPrivateKey parsedBundle.PrivateKeyFormat = PKCS1Block @@ -143,7 +143,7 @@ func ParsePEMBundle(pemBundle string) (*ParsedCertBundle, error) { parsedBundle.PrivateKeyFormat = PKCS8Block if parsedBundle.PrivateKeyType != UnknownPrivateKey { - return nil, errutil.UserError{"More than one private key given; provide only one private key in the bundle"} + return nil, errutil.UserError{Err: "More than one private key given; provide only one private key in the bundle"} } switch signer := signer.(type) { case *rsa.PrivateKey: diff --git a/helper/certutil/types.go b/helper/certutil/types.go index c955222e0848..dbf607f5c0cb 100644 --- a/helper/certutil/types.go +++ b/helper/certutil/types.go @@ -147,7 +147,7 @@ func (c *CertBundle) ToParsedCertBundle() (*ParsedCertBundle, error) { if len(c.PrivateKey) > 0 { pemBlock, _ = pem.Decode([]byte(c.PrivateKey)) if pemBlock == nil { - return nil, errutil.UserError{"Error decoding private key from cert bundle"} + return nil, errutil.UserError{Err: "Error decoding private key from cert bundle"} } result.PrivateKeyBytes = pemBlock.Bytes @@ -161,7 +161,7 @@ func (c *CertBundle) ToParsedCertBundle() (*ParsedCertBundle, error) { case PKCS8Block: t, err := getPKCS8Type(pemBlock.Bytes) if err != nil { - return nil, errutil.UserError{fmt.Sprintf("Error getting key type from pkcs#8: %v", err)} + return nil, errutil.UserError{Err: fmt.Sprintf("Error getting key type from pkcs#8: %v", err)} } result.PrivateKeyType = t switch t { @@ -171,24 +171,24 @@ func (c *CertBundle) ToParsedCertBundle() (*ParsedCertBundle, error) { c.PrivateKeyType = RSAPrivateKey } default: - return nil, errutil.UserError{fmt.Sprintf("Unsupported key block type: %s", pemBlock.Type)} + return nil, errutil.UserError{Err: fmt.Sprintf("Unsupported key block type: %s", pemBlock.Type)} } result.PrivateKey, err = result.getSigner() if err != nil { - return nil, errutil.UserError{fmt.Sprintf("Error getting signer: %s", err)} + return nil, errutil.UserError{Err: fmt.Sprintf("Error getting signer: %s", err)} } } if len(c.Certificate) > 0 { pemBlock, _ = pem.Decode([]byte(c.Certificate)) if pemBlock == nil { - return nil, errutil.UserError{"Error decoding certificate from cert bundle"} + return nil, errutil.UserError{Err: "Error decoding certificate from cert bundle"} } result.CertificateBytes = pemBlock.Bytes result.Certificate, err = x509.ParseCertificate(result.CertificateBytes) if err != nil { - return nil, errutil.UserError{"Error encountered parsing certificate bytes from raw bundle"} + return nil, errutil.UserError{Err: "Error encountered parsing certificate bytes from raw bundle"} } } switch { @@ -196,12 +196,12 @@ func (c *CertBundle) ToParsedCertBundle() (*ParsedCertBundle, error) { for _, cert := range c.CAChain { pemBlock, _ := pem.Decode([]byte(cert)) if pemBlock == nil { - return nil, errutil.UserError{"Error decoding certificate from cert bundle"} + return nil, errutil.UserError{Err: "Error decoding certificate from cert bundle"} } parsedCert, err := x509.ParseCertificate(pemBlock.Bytes) if err != nil { - return nil, errutil.UserError{"Error encountered parsing certificate bytes from raw bundle"} + return nil, errutil.UserError{Err: "Error encountered parsing certificate bytes from raw bundle"} } certBlock := &CertBlock{ @@ -215,12 +215,12 @@ func (c *CertBundle) ToParsedCertBundle() (*ParsedCertBundle, error) { case len(c.IssuingCA) > 0: pemBlock, _ = pem.Decode([]byte(c.IssuingCA)) if pemBlock == nil { - return nil, errutil.UserError{"Error decoding ca certificate from cert bundle"} + return nil, errutil.UserError{Err: "Error decoding ca certificate from cert bundle"} } parsedCert, err := x509.ParseCertificate(pemBlock.Bytes) if err != nil { - return nil, errutil.UserError{"Error encountered parsing certificate bytes from raw bundle3"} + return nil, errutil.UserError{Err: "Error encountered parsing certificate bytes from raw bundle3"} } result.SerialNumber = result.Certificate.SerialNumber @@ -343,20 +343,20 @@ func (p *ParsedCertBundle) getSigner() (crypto.Signer, error) { var err error if p.PrivateKeyBytes == nil || len(p.PrivateKeyBytes) == 0 { - return nil, errutil.UserError{"Given parsed cert bundle does not have private key information"} + return nil, errutil.UserError{Err: "Given parsed cert bundle does not have private key information"} } switch p.PrivateKeyFormat { case ECBlock: signer, err = x509.ParseECPrivateKey(p.PrivateKeyBytes) if err != nil { - return nil, errutil.UserError{fmt.Sprintf("Unable to parse CA's private EC key: %s", err)} + return nil, errutil.UserError{Err: fmt.Sprintf("Unable to parse CA's private EC key: %s", err)} } case PKCS1Block: signer, err = x509.ParsePKCS1PrivateKey(p.PrivateKeyBytes) if err != nil { - return nil, errutil.UserError{fmt.Sprintf("Unable to parse CA's private RSA key: %s", err)} + return nil, errutil.UserError{Err: fmt.Sprintf("Unable to parse CA's private RSA key: %s", err)} } case PKCS8Block: @@ -365,12 +365,12 @@ func (p *ParsedCertBundle) getSigner() (crypto.Signer, error) { case *rsa.PrivateKey, *ecdsa.PrivateKey: return k.(crypto.Signer), nil default: - return nil, errutil.UserError{"Found unknown private key type in pkcs#8 wrapping"} + return nil, errutil.UserError{Err: "Found unknown private key type in pkcs#8 wrapping"} } } - return nil, errutil.UserError{fmt.Sprintf("Failed to parse pkcs#8 key: %v", err)} + return nil, errutil.UserError{Err: fmt.Sprintf("Failed to parse pkcs#8 key: %v", err)} default: - return nil, errutil.UserError{"Unable to determine type of private key; only RSA and EC are supported"} + return nil, errutil.UserError{Err: "Unable to determine type of private key; only RSA and EC are supported"} } return signer, nil } @@ -385,7 +385,7 @@ func (p *ParsedCertBundle) SetParsedPrivateKey(privateKey crypto.Signer, private func getPKCS8Type(bs []byte) (PrivateKeyType, error) { k, err := x509.ParsePKCS8PrivateKey(bs) if err != nil { - return UnknownPrivateKey, errutil.UserError{fmt.Sprintf("Failed to parse pkcs#8 key: %v", err)} + return UnknownPrivateKey, errutil.UserError{Err: fmt.Sprintf("Failed to parse pkcs#8 key: %v", err)} } switch k.(type) { @@ -394,7 +394,7 @@ func getPKCS8Type(bs []byte) (PrivateKeyType, error) { case *rsa.PrivateKey: return RSAPrivateKey, nil default: - return UnknownPrivateKey, errutil.UserError{"Found unknown private key type in pkcs#8 wrapping"} + return UnknownPrivateKey, errutil.UserError{Err: "Found unknown private key type in pkcs#8 wrapping"} } } @@ -408,7 +408,7 @@ func (c *CSRBundle) ToParsedCSRBundle() (*ParsedCSRBundle, error) { if len(c.PrivateKey) > 0 { pemBlock, _ = pem.Decode([]byte(c.PrivateKey)) if pemBlock == nil { - return nil, errutil.UserError{"Error decoding private key from cert bundle"} + return nil, errutil.UserError{Err: "Error decoding private key from cert bundle"} } result.PrivateKeyBytes = pemBlock.Bytes @@ -426,25 +426,25 @@ func (c *CSRBundle) ToParsedCSRBundle() (*ParsedCSRBundle, error) { result.PrivateKeyType = RSAPrivateKey c.PrivateKeyType = "rsa" } else { - return nil, errutil.UserError{fmt.Sprintf("Unknown private key type in bundle: %s", c.PrivateKeyType)} + return nil, errutil.UserError{Err: fmt.Sprintf("Unknown private key type in bundle: %s", c.PrivateKeyType)} } } result.PrivateKey, err = result.getSigner() if err != nil { - return nil, errutil.UserError{fmt.Sprintf("Error getting signer: %s", err)} + return nil, errutil.UserError{Err: fmt.Sprintf("Error getting signer: %s", err)} } } if len(c.CSR) > 0 { pemBlock, _ = pem.Decode([]byte(c.CSR)) if pemBlock == nil { - return nil, errutil.UserError{"Error decoding certificate from cert bundle"} + return nil, errutil.UserError{Err: "Error decoding certificate from cert bundle"} } result.CSRBytes = pemBlock.Bytes result.CSR, err = x509.ParseCertificateRequest(result.CSRBytes) if err != nil { - return nil, errutil.UserError{fmt.Sprintf("Error encountered parsing certificate bytes from raw bundle: %v", err)} + return nil, errutil.UserError{Err: fmt.Sprintf("Error encountered parsing certificate bytes from raw bundle: %v", err)} } } @@ -474,7 +474,7 @@ func (p *ParsedCSRBundle) ToCSRBundle() (*CSRBundle, error) { result.PrivateKeyType = "ec" block.Type = "EC PRIVATE KEY" default: - return nil, errutil.InternalError{"Could not determine private key type when creating block"} + return nil, errutil.InternalError{Err: "Could not determine private key type when creating block"} } result.PrivateKey = strings.TrimSpace(string(pem.EncodeToMemory(&block))) } @@ -491,24 +491,24 @@ func (p *ParsedCSRBundle) getSigner() (crypto.Signer, error) { var err error if p.PrivateKeyBytes == nil || len(p.PrivateKeyBytes) == 0 { - return nil, errutil.UserError{"Given parsed cert bundle does not have private key information"} + return nil, errutil.UserError{Err: "Given parsed cert bundle does not have private key information"} } switch p.PrivateKeyType { case ECPrivateKey: signer, err = x509.ParseECPrivateKey(p.PrivateKeyBytes) if err != nil { - return nil, errutil.UserError{fmt.Sprintf("Unable to parse CA's private EC key: %s", err)} + return nil, errutil.UserError{Err: fmt.Sprintf("Unable to parse CA's private EC key: %s", err)} } case RSAPrivateKey: signer, err = x509.ParsePKCS1PrivateKey(p.PrivateKeyBytes) if err != nil { - return nil, errutil.UserError{fmt.Sprintf("Unable to parse CA's private RSA key: %s", err)} + return nil, errutil.UserError{Err: fmt.Sprintf("Unable to parse CA's private RSA key: %s", err)} } default: - return nil, errutil.UserError{"Unable to determine type of private key; only RSA and EC are supported"} + return nil, errutil.UserError{Err: "Unable to determine type of private key; only RSA and EC are supported"} } return signer, nil } diff --git a/helper/wrapping/wrapinfo.go b/helper/wrapping/wrapinfo.go index 07e37c27d32b..9c84a1d47d49 100644 --- a/helper/wrapping/wrapinfo.go +++ b/helper/wrapping/wrapinfo.go @@ -23,7 +23,7 @@ type ResponseWrapInfo struct { // WrappedEntityID is the entity identifier of the caller who initiated the // wrapping request - WrappedEntityID string `json:"wrapped_entity_id" structs:"wrapped_entity_id" mapstructure:"wrapped_entity_id sentinel:"""` + WrappedEntityID string `json:"wrapped_entity_id" structs:"wrapped_entity_id" mapstructure:"wrapped_entity_id" sentinel:""` // The format to use. This doesn't get returned, it's only internal. Format string `json:"format" structs:"format" mapstructure:"format" sentinel:""` diff --git a/http/sys_wrapping_test.go b/http/sys_wrapping_test.go index b353707e6d5e..37afbafd3a87 100644 --- a/http/sys_wrapping_test.go +++ b/http/sys_wrapping_test.go @@ -122,7 +122,7 @@ func TestHTTP_Wrapping(t *testing.T) { t.Fatalf("mistmatched ttls: %d vs %d", creationTTL, wrapInfo.TTL) } if secret.Data["creation_time"].(string) != wrapInfo.CreationTime.Format(time.RFC3339Nano) { - t.Fatalf("mistmatched creation times: %d vs %d", secret.Data["creation_time"].(string), wrapInfo.CreationTime.Format(time.RFC3339Nano)) + t.Fatalf("mistmatched creation times: %q vs %q", secret.Data["creation_time"].(string), wrapInfo.CreationTime.Format(time.RFC3339Nano)) } } diff --git a/physical/zookeeper/zookeeper.go b/physical/zookeeper/zookeeper.go index aa5de944bd12..cf52999519e8 100644 --- a/physical/zookeeper/zookeeper.go +++ b/physical/zookeeper/zookeeper.go @@ -88,7 +88,13 @@ func NewZooKeeperBackend(conf map[string]string, logger log.Logger) (physical.Ba } } - acl := []zk.ACL{{zk.PermAll, schema, owner}} + acl := []zk.ACL{ + { + Perms: zk.PermAll, + Scheme: schema, + ID: owner, + }, + } // Authnetication info var schemaAndUser string diff --git a/vault/cluster_test.go b/vault/cluster_test.go index d334a0547b52..17aad7bd5c8d 100644 --- a/vault/cluster_test.go +++ b/vault/cluster_test.go @@ -338,7 +338,6 @@ func testCluster_ForwardRequests(t *testing.T, c *TestClusterCore, rootToken, re // We need to call Leader as that refreshes the connection info isLeader, _, _, err := c.Leader() if err != nil { - panic(err.Error()) t.Fatal(err) } if isLeader { diff --git a/vault/identity_store_util.go b/vault/identity_store_util.go index 458daf8c7b03..64585171b0a1 100644 --- a/vault/identity_store_util.go +++ b/vault/identity_store_util.go @@ -1322,6 +1322,11 @@ func (i *IdentityStore) sanitizeAndUpsertGroup(group *identity.Group, memberGrou } func (i *IdentityStore) validateMemberGroupID(groupID string, memberGroupID string) error { + // Detect self loop + if groupID == memberGroupID { + return fmt.Errorf("member group ID %q is same as the ID of the group", groupID) + } + group, err := i.MemDBGroupByID(groupID, true) if err != nil { return err @@ -1333,11 +1338,6 @@ func (i *IdentityStore) validateMemberGroupID(groupID string, memberGroupID stri return nil } - // Detect self loop - if groupID == memberGroupID { - fmt.Errorf("member group ID %q is same as the ID of the group") - } - // If adding the memberGroupID to groupID creates a cycle, then groupID must // be a hop in that loop. Start a DFS traversal from memberGroupID and see if // it reaches back to groupID. If it does, then it's a loop. From 3302389ca1ca05f9f1ac986e312e41ecfb70b843 Mon Sep 17 00:00:00 2001 From: Yoko Hyakuna Date: Mon, 5 Feb 2018 16:17:18 -0800 Subject: [PATCH 060/178] Missing * in the command --- website/source/guides/secret-mgmt/static-secrets.html.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/source/guides/secret-mgmt/static-secrets.html.md b/website/source/guides/secret-mgmt/static-secrets.html.md index ce8c47a8402b..af7fffd0f3e1 100644 --- a/website/source/guides/secret-mgmt/static-secrets.html.md +++ b/website/source/guides/secret-mgmt/static-secrets.html.md @@ -511,7 +511,7 @@ in history. In bash: ```shell -$ export HISTIGNORE="&:vault" +$ export HISTIGNORE="&:vault*" ``` **NOTE:** This prevents the use of the Up arrow key for command history as well. From f4f66a9779410ab0aee37c999415f96e3db3265c Mon Sep 17 00:00:00 2001 From: cikenerd Date: Wed, 7 Feb 2018 00:00:00 +0800 Subject: [PATCH 061/178] Update etcd storage doc (#3753) --- website/source/docs/configuration/storage/etcd.html.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/source/docs/configuration/storage/etcd.html.md b/website/source/docs/configuration/storage/etcd.html.md index 46d981c2f957..3b9fdd5c031d 100644 --- a/website/source/docs/configuration/storage/etcd.html.md +++ b/website/source/docs/configuration/storage/etcd.html.md @@ -117,7 +117,7 @@ This example show enabling high availability for the Etcd storage backend. api_addr = "https://vault-leader.my-company.internal" storage "etcd" { - ha_enabled = true + ha_enabled = "true" ... } ``` From 67cc60fbb6d73d877889cec082e787eea93bc862 Mon Sep 17 00:00:00 2001 From: Vishal Nayak Date: Tue, 6 Feb 2018 13:06:17 -0500 Subject: [PATCH 062/178] command/ssh: create and reuse the api client (#3909) * pass around the api client * reuse the client object in the base command --- command/base.go | 3 ++- command/ssh.go | 28 ++++++++++------------------ 2 files changed, 12 insertions(+), 19 deletions(-) diff --git a/command/base.go b/command/base.go index 7dcca7671b5a..be6925b3e0d8 100644 --- a/command/base.go +++ b/command/base.go @@ -45,7 +45,6 @@ type BaseCommand struct { tokenHelper token.TokenHelper - // For testing client *api.Client } @@ -110,6 +109,8 @@ func (c *BaseCommand) Client() (*api.Client, error) { client.SetToken(token) } + c.client = client + return client, nil } diff --git a/command/ssh.go b/command/ssh.go index c35fbb9cfd99..8d2922cecda3 100644 --- a/command/ssh.go +++ b/command/ssh.go @@ -244,6 +244,13 @@ func (c *SSHCommand) Run(args []string) int { sshArgs = args[1:] } + // Set the client in the command + _, err = c.Client() + if err != nil { + c.UI.Error(err.Error()) + return 1 + } + // Credentials are generated only against a registered role. If user // does not specify a role with the SSH command, then lookup API is used // to fetch all the roles with which this IP is associated. If there is @@ -331,13 +338,7 @@ func (c *SSHCommand) handleTypeCA(username, ip string, sshArgs []string) int { return 1 } - client, err := c.Client() - if err != nil { - c.UI.Error(err.Error()) - return 1 - } - - sshClient := client.SSHWithMountPoint(c.flagMountPoint) + sshClient := c.client.SSHWithMountPoint(c.flagMountPoint) // Attempt to sign the public key secret, err := sshClient.SignKey(c.flagRole, map[string]interface{}{ @@ -611,12 +612,7 @@ func (c *SSHCommand) handleTypeDynamic(username, ip string, sshArgs []string) in // generateCredential generates a credential for the given role and returns the // decoded secret data. func (c *SSHCommand) generateCredential(username, ip string) (*api.Secret, *SSHCredentialResp, error) { - client, err := c.Client() - if err != nil { - return nil, nil, err - } - - sshClient := client.SSHWithMountPoint(c.flagMountPoint) + sshClient := c.client.SSHWithMountPoint(c.flagMountPoint) // Attempt to generate the credential. secret, err := sshClient.Credential(c.flagRole, map[string]interface{}{ @@ -683,11 +679,7 @@ func (c *SSHCommand) defaultRole(mountPoint, ip string) (string, error) { data := map[string]interface{}{ "ip": ip, } - client, err := c.Client() - if err != nil { - return "", err - } - secret, err := client.Logical().Write(mountPoint+"/lookup", data) + secret, err := c.client.Logical().Write(mountPoint+"/lookup", data) if err != nil { return "", fmt.Errorf("Error finding roles for IP %q: %q", ip, err) From 6a122055e35ad6a149c07e0c8813df92b507f2b3 Mon Sep 17 00:00:00 2001 From: vishalnayak Date: Tue, 6 Feb 2018 13:09:38 -0500 Subject: [PATCH 063/178] changelog++ --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3939eba508a8..437c2a623ae3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ BUG FIXES: * auth/token: Token creation via the CLI no longer forces periodic token creation. Passing an explicit zero value for the period no longer create periodic tokens. [GH-3880] + * command/ssh: Create and reuse the api client [GH-3909] * storage/etcd3: Fix memory ballooning with standby instances [GH-3798] * storage/etcd3: Fix large lists (like token loading at startup) not being handled [GH-3772] From e47c53dcab47d6deb9bb91b437dc19811390adb2 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Tue, 6 Feb 2018 13:31:13 -0500 Subject: [PATCH 064/178] Update go-plugin --- .../github.com/hashicorp/go-plugin/testing.go | 23 ++++++++++++++++++- vendor/vendor.json | 6 ++--- 2 files changed, 25 insertions(+), 4 deletions(-) diff --git a/vendor/github.com/hashicorp/go-plugin/testing.go b/vendor/github.com/hashicorp/go-plugin/testing.go index df29593e1038..2f541d968399 100644 --- a/vendor/github.com/hashicorp/go-plugin/testing.go +++ b/vendor/github.com/hashicorp/go-plugin/testing.go @@ -3,6 +3,7 @@ package plugin import ( "bytes" "context" + "io" "net" "net/rpc" @@ -10,6 +11,18 @@ import ( "google.golang.org/grpc" ) +// TestOptions allows specifying options that can affect the behavior of the +// test functions +type TestOptions struct { + //ServerStdout causes the given value to be used in place of a blank buffer + //for RPCServer's Stdout + ServerStdout io.ReadCloser + + //ServerStderr causes the given value to be used in place of a blank buffer + //for RPCServer's Stderr + ServerStderr io.ReadCloser +} + // The testing file contains test helpers that you can use outside of // this package for making it easier to test plugins themselves. @@ -61,12 +74,20 @@ func TestRPCConn(t testing.T) (*rpc.Client, *rpc.Server) { // TestPluginRPCConn returns a plugin RPC client and server that are connected // together and configured. -func TestPluginRPCConn(t testing.T, ps map[string]Plugin) (*RPCClient, *RPCServer) { +func TestPluginRPCConn(t testing.T, ps map[string]Plugin, opts *TestOptions) (*RPCClient, *RPCServer) { // Create two net.Conns we can use to shuttle our control connection clientConn, serverConn := TestConn(t) // Start up the server server := &RPCServer{Plugins: ps, Stdout: new(bytes.Buffer), Stderr: new(bytes.Buffer)} + if opts != nil { + if opts.ServerStdout != nil { + server.Stdout = opts.ServerStdout + } + if opts.ServerStderr != nil { + server.Stderr = opts.ServerStderr + } + } go server.ServeConn(serverConn) // Connect the client to the server diff --git a/vendor/vendor.json b/vendor/vendor.json index b3d9523e13bf..26b22b74d904 100644 --- a/vendor/vendor.json +++ b/vendor/vendor.json @@ -1003,10 +1003,10 @@ "revisionTime": "2017-12-04T18:29:08Z" }, { - "checksumSHA1": "y3op+t01flBlSBKlzUNqH5d4XHQ=", + "checksumSHA1": "7SheX5w6+xGsTMxPI3LiJx0iz7s=", "path": "github.com/hashicorp/go-plugin", - "revision": "e53f54cbf51efde642d4711313e829a1ff0c236d", - "revisionTime": "2018-01-25T19:04:38Z" + "revision": "4b17561773d85e482ea040884ee3e288425d4174", + "revisionTime": "2018-02-06T18:30:35Z" }, { "checksumSHA1": "yzoWV7yrS/TvOrKy5ZrdUjsYaOA=", From 5d6c4ae36873e8b4a621c35ce173e5e6f277e431 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Tue, 6 Feb 2018 13:33:29 -0500 Subject: [PATCH 065/178] Fix compilation of test against new go-plugin --- logical/plugin/backend_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/logical/plugin/backend_test.go b/logical/plugin/backend_test.go index 8ffbeda1a472..18aab4eba45b 100644 --- a/logical/plugin/backend_test.go +++ b/logical/plugin/backend_test.go @@ -143,7 +143,7 @@ func testBackend(t *testing.T) (logical.Backend, func()) { Factory: mock.Factory, }, } - client, _ := gplugin.TestPluginRPCConn(t, pluginMap) + client, _ := gplugin.TestPluginRPCConn(t, pluginMap, nil) cleanup := func() { client.Close() } From acc37c3cc943fdd090ffb547d7e7a771922dbe35 Mon Sep 17 00:00:00 2001 From: John Eismeier <32205350+jeis2497052@users.noreply.github.com> Date: Tue, 6 Feb 2018 13:35:01 -0500 Subject: [PATCH 066/178] Fix some typos (#3923) --- builtin/credential/cert/path_certs.go | 4 ++-- builtin/logical/mssql/path_roles.go | 2 +- builtin/logical/mysql/path_roles.go | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/builtin/credential/cert/path_certs.go b/builtin/credential/cert/path_certs.go index eb596a68cf75..511b240c489f 100644 --- a/builtin/credential/cert/path_certs.go +++ b/builtin/credential/cert/path_certs.go @@ -61,7 +61,7 @@ certificate.`, "policies": &framework.FieldSchema{ Type: framework.TypeCommaStringSlice, - Description: "Comma-seperated list of policies.", + Description: "Comma-separated list of policies.", }, "lease": &framework.FieldSchema{ @@ -78,7 +78,7 @@ Defaults to system/backend default TTL time.`, "max_ttl": &framework.FieldSchema{ Type: framework.TypeDurationSecond, Description: `Duration in either an integer number of seconds (3600) or -an integer time unit (60m) after which the +an integer time unit (60m) after which the issued token can no longer be renewed.`, }, "period": &framework.FieldSchema{ diff --git a/builtin/logical/mssql/path_roles.go b/builtin/logical/mssql/path_roles.go index 63a544b0f5cb..fd29f36d2928 100644 --- a/builtin/logical/mssql/path_roles.go +++ b/builtin/logical/mssql/path_roles.go @@ -154,7 +154,7 @@ This path lets you manage the roles that can be created with this backend. The "sql" parameter customizes the SQL string used to create the login to the server. The parameter can be a sequence of SQL queries, each semi-colon -seperated. Some substitution will be done to the SQL string for certain keys. +separated. Some substitution will be done to the SQL string for certain keys. The names of the variables must be surrounded by "{{" and "}}" to be replaced. * "name" - The random username generated for the DB user. diff --git a/builtin/logical/mysql/path_roles.go b/builtin/logical/mysql/path_roles.go index f620c9eb557e..4c54f5f8bfaf 100644 --- a/builtin/logical/mysql/path_roles.go +++ b/builtin/logical/mysql/path_roles.go @@ -192,7 +192,7 @@ const pathRoleHelpDesc = ` This path lets you manage the roles that can be created with this backend. The "sql" parameter customizes the SQL string used to create the role. -This can be a sequence of SQL queries, each semi-colon seperated. Some +This can be a sequence of SQL queries, each semi-colon separated. Some substitution will be done to the SQL string for certain keys. The names of the variables must be surrounded by "{{" and "}}" to be replaced. From 85c7b528e22c300efdc5ae39beccfe54802d9780 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Tue, 6 Feb 2018 13:52:35 -0500 Subject: [PATCH 067/178] Change grpc's max sent/recv size to a very large value. (#3912) --- logical/plugin/grpc_backend.go | 12 ++++++++++++ logical/plugin/grpc_backend_client.go | 4 ++-- logical/plugin/grpc_storage.go | 6 +++--- vault/request_forwarding.go | 7 ++++++- 4 files changed, 23 insertions(+), 6 deletions(-) create mode 100644 logical/plugin/grpc_backend.go diff --git a/logical/plugin/grpc_backend.go b/logical/plugin/grpc_backend.go new file mode 100644 index 000000000000..a65eeebeb432 --- /dev/null +++ b/logical/plugin/grpc_backend.go @@ -0,0 +1,12 @@ +package plugin + +import ( + "math" + + "google.golang.org/grpc" +) + +var largeMsgGRPCCallOpts []grpc.CallOption = []grpc.CallOption{ + grpc.MaxCallSendMsgSize(math.MaxInt32), + grpc.MaxCallRecvMsgSize(math.MaxInt32), +} diff --git a/logical/plugin/grpc_backend_client.go b/logical/plugin/grpc_backend_client.go index ba7bdbdd88c3..8e584d778d3f 100644 --- a/logical/plugin/grpc_backend_client.go +++ b/logical/plugin/grpc_backend_client.go @@ -53,7 +53,7 @@ func (b *backendGRPCPluginClient) HandleRequest(ctx context.Context, req *logica reply, err := b.client.HandleRequest(ctx, &pb.HandleRequestArgs{ Request: protoReq, - }) + }, largeMsgGRPCCallOpts...) if err != nil { if b.doneCtx.Err() != nil { return nil, ErrPluginShutdown @@ -115,7 +115,7 @@ func (b *backendGRPCPluginClient) HandleExistenceCheck(ctx context.Context, req defer cancel() reply, err := b.client.HandleExistenceCheck(ctx, &pb.HandleExistenceCheckArgs{ Request: protoReq, - }) + }, largeMsgGRPCCallOpts...) if err != nil { if b.doneCtx.Err() != nil { return false, false, ErrPluginShutdown diff --git a/logical/plugin/grpc_storage.go b/logical/plugin/grpc_storage.go index b3eb7d28ef67..cfc236877357 100644 --- a/logical/plugin/grpc_storage.go +++ b/logical/plugin/grpc_storage.go @@ -25,7 +25,7 @@ type GRPCStorageClient struct { func (s *GRPCStorageClient) List(ctx context.Context, prefix string) ([]string, error) { reply, err := s.client.List(ctx, &pb.StorageListArgs{ Prefix: prefix, - }) + }, largeMsgGRPCCallOpts...) if err != nil { return reply.Keys, err } @@ -38,7 +38,7 @@ func (s *GRPCStorageClient) List(ctx context.Context, prefix string) ([]string, func (s *GRPCStorageClient) Get(ctx context.Context, key string) (*logical.StorageEntry, error) { reply, err := s.client.Get(ctx, &pb.StorageGetArgs{ Key: key, - }) + }, largeMsgGRPCCallOpts...) if err != nil { return nil, err } @@ -51,7 +51,7 @@ func (s *GRPCStorageClient) Get(ctx context.Context, key string) (*logical.Stora func (s *GRPCStorageClient) Put(ctx context.Context, entry *logical.StorageEntry) error { reply, err := s.client.Put(ctx, &pb.StoragePutArgs{ Entry: pb.LogicalStorageEntryToProtoStorageEntry(entry), - }) + }, largeMsgGRPCCallOpts...) if err != nil { return err } diff --git a/vault/request_forwarding.go b/vault/request_forwarding.go index 7ca4465e4778..687e647763ea 100644 --- a/vault/request_forwarding.go +++ b/vault/request_forwarding.go @@ -5,6 +5,7 @@ import ( "crypto/tls" "crypto/x509" "fmt" + math "math" "net" "net/http" "net/url" @@ -263,7 +264,11 @@ func (c *Core) refreshRequestForwardingConnection(ctx context.Context, clusterAd grpc.WithInsecure(), // it's not, we handle it in the dialer grpc.WithKeepaliveParams(keepalive.ClientParameters{ Time: 2 * HeartbeatInterval, - })) + }), + grpc.WithDefaultCallOptions( + grpc.MaxCallRecvMsgSize(math.MaxInt32), + grpc.MaxCallSendMsgSize(math.MaxInt32), + )) if err != nil { cancelFunc() c.logger.Error("core: err setting up forwarding rpc client", "error", err) From 462caf4c6d0e453fa547261ecdef6666333e702f Mon Sep 17 00:00:00 2001 From: Vishal Nayak Date: Tue, 6 Feb 2018 15:44:48 -0500 Subject: [PATCH 068/178] AppRole: Cleanup accessor indexes and dangling accessor indexes (#3924) * Cleanup accessor indexes and dangling accessor indexes * Add a test that exercises the accessor cleanup --- .../credential/approle/path_tidy_user_id.go | 42 ++++++++++ .../approle/path_tidy_user_id_test.go | 79 +++++++++++++++++++ 2 files changed, 121 insertions(+) create mode 100644 builtin/credential/approle/path_tidy_user_id_test.go diff --git a/builtin/credential/approle/path_tidy_user_id.go b/builtin/credential/approle/path_tidy_user_id.go index 686a8f2e8012..437d5c8137e3 100644 --- a/builtin/credential/approle/path_tidy_user_id.go +++ b/builtin/credential/approle/path_tidy_user_id.go @@ -38,6 +38,16 @@ func (b *backend) tidySecretID(ctx context.Context, s logical.Storage) error { return err } + // List all the accessors and add them all to a map + accessorHashes, err := s.List(ctx, "accessor/") + if err != nil { + return err + } + accessorMap := make(map[string]bool, len(accessorHashes)) + for _, accessorHash := range accessorHashes { + accessorMap[accessorHash] = true + } + var result error for _, roleNameHMAC := range roleNameHMACs { // roleNameHMAC will already have a '/' suffix. Don't append another one. @@ -77,14 +87,46 @@ func (b *backend) tidySecretID(ctx context.Context, s logical.Storage) error { // ExpirationTime not being set indicates non-expiring SecretIDs if !result.ExpirationTime.IsZero() && time.Now().After(result.ExpirationTime) { + // Clean up the accessor of the secret ID first + err = b.deleteSecretIDAccessorEntry(ctx, s, result.SecretIDAccessor) + if err != nil { + lock.Unlock() + return err + } + if err := s.Delete(ctx, entryIndex); err != nil { lock.Unlock() return fmt.Errorf("error deleting SecretID %s from storage: %s", secretIDHMAC, err) } } + + // At this point, the secret ID is not expired and is valid. Delete + // the corresponding accessor from the accessorMap. This will leave + // only the dangling accessors in the map which can then be cleaned + // up later. + salt, err := b.Salt() + if err != nil { + lock.Unlock() + return err + } + delete(accessorMap, salt.SaltID(result.SecretIDAccessor)) + lock.Unlock() } } + + // Accessor indexes were not getting cleaned up until 0.9.3. This is a fix + // to clean up the dangling accessor entries. + for accessorHash, _ := range accessorMap { + // Ideally, locking should be performed here. But for that, accessors + // are required in plaintext, which are not available. Hence performing + // a racy cleanup. + err = s.Delete(ctx, "accessor/"+accessorHash) + if err != nil { + return err + } + } + return result } diff --git a/builtin/credential/approle/path_tidy_user_id_test.go b/builtin/credential/approle/path_tidy_user_id_test.go new file mode 100644 index 000000000000..b52b711356f4 --- /dev/null +++ b/builtin/credential/approle/path_tidy_user_id_test.go @@ -0,0 +1,79 @@ +package approle + +import ( + "context" + "testing" + + "github.com/hashicorp/vault/logical" +) + +func TestAppRole_TidyDanglingAccessors(t *testing.T) { + var resp *logical.Response + var err error + b, storage := createBackendWithStorage(t) + + // Create a role + createRole(t, b, storage, "role1", "a,b,c") + + // Create a secret-id + roleSecretIDReq := &logical.Request{ + Operation: logical.UpdateOperation, + Path: "role/role1/secret-id", + Storage: storage, + } + resp, err = b.HandleRequest(context.Background(), roleSecretIDReq) + if err != nil || (resp != nil && resp.IsError()) { + t.Fatalf("err:%v resp:%#v", err, resp) + } + + accessorHashes, err := storage.List(context.Background(), "accessor/") + if err != nil { + t.Fatal(err) + } + if len(accessorHashes) != 1 { + t.Fatalf("bad: len(accessorHashes); expect 1, got %d", len(accessorHashes)) + } + + entry1, err := logical.StorageEntryJSON( + "accessor/invalid1", + &secretIDAccessorStorageEntry{ + SecretIDHMAC: "samplesecretidhmac", + }, + ) + err = storage.Put(context.Background(), entry1) + if err != nil { + t.Fatal(err) + } + + entry2, err := logical.StorageEntryJSON( + "accessor/invalid2", + &secretIDAccessorStorageEntry{ + SecretIDHMAC: "samplesecretidhmac2", + }, + ) + err = storage.Put(context.Background(), entry2) + if err != nil { + t.Fatal(err) + } + + accessorHashes, err = storage.List(context.Background(), "accessor/") + if err != nil { + t.Fatal(err) + } + if len(accessorHashes) != 3 { + t.Fatalf("bad: len(accessorHashes); expect 3, got %d", len(accessorHashes)) + } + + err = b.tidySecretID(context.Background(), storage) + if err != nil { + t.Fatal(err) + } + + accessorHashes, err = storage.List(context.Background(), "accessor/") + if err != nil { + t.Fatal(err) + } + if len(accessorHashes) != 1 { + t.Fatalf("bad: len(accessorHashes); expect 1, got %d", len(accessorHashes)) + } +} From 29dc99bbf42e8c2a9b145eeb68dbafe9e050b7e4 Mon Sep 17 00:00:00 2001 From: vishalnayak Date: Tue, 6 Feb 2018 15:46:22 -0500 Subject: [PATCH 069/178] changelog++ --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 437c2a623ae3..888956fa086c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,8 @@ BUG FIXES: * api/renewer: Honor increment value in renew auth calls [GH-3904] * auth/approle: Fix inability to use limited-use-count secret IDs on replication performance secondaries + * auth/approle: Cleanup of secret ID accessors during tidy and removal of + dangling accessor entries [GH-3924] * auth/okta: Return configured durations as seconds, not nanoseconds [GH-3871] * auth/token: Token creation via the CLI no longer forces periodic token creation. Passing an explicit zero value for the period no longer create From f59280d6d4a10a546a8c56c8e2367bf2a30cbbe4 Mon Sep 17 00:00:00 2001 From: emily Date: Wed, 7 Feb 2018 06:37:11 -0800 Subject: [PATCH 070/178] fix IAM diagram for GCP auth method docs (#3927) --- .../assets/images/vault-gcp-iam-auth-workflow.svg | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/website/source/assets/images/vault-gcp-iam-auth-workflow.svg b/website/source/assets/images/vault-gcp-iam-auth-workflow.svg index cd2fa18cbaf2..295e42d65985 100644 --- a/website/source/assets/images/vault-gcp-iam-auth-workflow.svg +++ b/website/source/assets/images/vault-gcp-iam-auth-workflow.svg @@ -1,6 +1,6 @@ - + Sequence Diagram 2@3x Created with Sketch. @@ -64,7 +64,7 @@ - + @@ -105,7 +105,7 @@ - + @@ -116,10 +116,10 @@ - + - + @@ -128,7 +128,7 @@ Developer - + \ No newline at end of file From b020d310e4d4fcaedd0bff9bed6397fa261fbc21 Mon Sep 17 00:00:00 2001 From: Jed Date: Wed, 7 Feb 2018 06:38:11 -0800 Subject: [PATCH 071/178] Lil typo fixes (#3925) Read through the initial docs and noticed a few typos --- command/operator_init.go | 8 ++++---- .../source/intro/getting-started/authentication.html.md | 2 +- website/source/intro/getting-started/deploy.html.md | 6 +++--- .../source/intro/getting-started/secrets-engines.html.md | 2 +- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/command/operator_init.go b/command/operator_init.go index 1002fa70bea2..80a23de07d11 100644 --- a/command/operator_init.go +++ b/command/operator_init.go @@ -53,7 +53,7 @@ func (c *OperatorInitCommand) Help() string { Usage: vault operator init [options] Initializes a Vault server. Initialization is the process by which Vault's - storage backend is prepared to receive data. Since Vault server's share the + storage backend is prepared to receive data. Since Vault servers share the same storage backend in HA mode, you only need to initialize one Vault to initialize the storage backend. @@ -405,7 +405,7 @@ func (c *OperatorInitCommand) consulAuto(client *api.Client, req *api.InitReques // requiring the client to update VAULT_ADDR and to run init again. c.UI.Output(wrapAtLength(fmt.Sprintf( "Discovered %d uninitialized Vault servers with Consul service name "+ - "%q. To initialize these Vatuls, set any one of the following "+ + "%q. To initialize these Vaults, set any one of the following "+ "environment variables and run \"vault init\":", len(uninitedVaults), c.flagConsulService))) c.UI.Output("") @@ -466,8 +466,8 @@ func (c *OperatorInitCommand) init(client *api.Client, req *api.InitRequest) int if req.StoredShares < 1 { c.UI.Output("") c.UI.Output(wrapAtLength(fmt.Sprintf( - "Vault initialized with %d key shares an a key threshold of %d. Please "+ - "securely distributed the key shares printed above. When the Vault is "+ + "Vault initialized with %d key shares and a key threshold of %d. Please "+ + "securely distribute the key shares printed above. When the Vault is "+ "re-sealed, restarted, or stopped, you must supply at least %d of "+ "these keys to unseal it before it can start servicing requests.", req.SecretShares, diff --git a/website/source/intro/getting-started/authentication.html.md b/website/source/intro/getting-started/authentication.html.md index 2b9948c6ebce..55f90ab57402 100644 --- a/website/source/intro/getting-started/authentication.html.md +++ b/website/source/intro/getting-started/authentication.html.md @@ -115,7 +115,7 @@ discussed in more detail in the next section. ## Auth Methods -Vault supports many auth methods, but then must be enabled before use. Auth +Vault supports many auth methods, but they must be enabled before use. Auth methods give you flexibility. Enabling and configuration are typically performed by a Vault operator or security team. As an example of a human-focused auth method, let's authenticate via GitHub. diff --git a/website/source/intro/getting-started/deploy.html.md b/website/source/intro/getting-started/deploy.html.md index 83f8ca79069d..7bc0dd41caf9 100644 --- a/website/source/intro/getting-started/deploy.html.md +++ b/website/source/intro/getting-started/deploy.html.md @@ -72,7 +72,7 @@ $ vault server -config=config.hcl ==> Vault server started! Log data will stream in below: ``` --> If you get a warning message about mlock not begin supported, that is okay. +-> If you get a warning message about mlock not being supported, that is okay. However, you should run Vault on a system that supports mlock for maximum security. @@ -124,8 +124,8 @@ Unseal Key 5: cI8yglWJX+jPf/yQG7Sg6SPWzy0WyrBPvaFTOAYkPJTx Initial Root Token: 62421926-81b9-b202-86f8-8850176c0cf3 -Vault initialized with 5 key shares an a key threshold of 3. Please securely -distributed the key shares printed above. When the Vault is re-sealed, +Vault initialized with 5 key shares and a key threshold of 3. Please securely +distribute the key shares printed above. When the Vault is re-sealed, restarted, or stopped, you must supply at least 3 of these keys to unseal it before it can start servicing requests. diff --git a/website/source/intro/getting-started/secrets-engines.html.md b/website/source/intro/getting-started/secrets-engines.html.md index 229877524c67..e37d14847519 100644 --- a/website/source/intro/getting-started/secrets-engines.html.md +++ b/website/source/intro/getting-started/secrets-engines.html.md @@ -128,7 +128,7 @@ it? What is the point of a secrets engine? As mentioned above, Vault behaves similarly to a [virtual filesystem][vfs]. The read/write/delete/list operations are forwarded to the corresponding secrets -engine, and the secrets engine decides who to react to those operations. +engine, and the secrets engine decides how to react to those operations. This abstraction is incredibly powerful. It enables Vault to interface directly with physical systems, databases, HSMs, etc. But in addition to these physical From 4a0d3f6036b78f60437d81257a3b6f2bc7a536b2 Mon Sep 17 00:00:00 2001 From: seanjfellows <34144035+seanjfellows@users.noreply.github.com> Date: Wed, 7 Feb 2018 12:57:00 -0800 Subject: [PATCH 072/178] Create audit failure metrics unconditionally (#3937) --- vault/audit.go | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/vault/audit.go b/vault/audit.go index b446d21b35e0..ad9fbf2c7290 100644 --- a/vault/audit.go +++ b/vault/audit.go @@ -525,10 +525,11 @@ func (a *AuditBroker) LogRequest(ctx context.Context, auth *logical.Auth, req *l } ret = retErr.ErrorOrNil() - + failure := float32(0.0) if ret != nil { - metrics.IncrCounter([]string{"audit", "log_request_failure"}, 1.0) + failure = 1.0 } + metrics.IncrCounter([]string{"audit", "log_request_failure"}, failure) }() // All logged requests must have an identifier @@ -588,9 +589,11 @@ func (a *AuditBroker) LogResponse(ctx context.Context, auth *logical.Auth, req * ret = retErr.ErrorOrNil() + failure := float32(0.0) if ret != nil { - metrics.IncrCounter([]string{"audit", "log_response_failure"}, 1.0) + failure = 1.0 } + metrics.IncrCounter([]string{"audit", "log_response_failure"}, failure) }() headers := req.Headers From 9501667b35c7789d7e8c5ca559ba0b27113ee793 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Wed, 7 Feb 2018 15:57:52 -0500 Subject: [PATCH 073/178] changelog++ --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 888956fa086c..0ad64490b030 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,8 @@ IMPROVEMENTS: * auth/centrify: Add CLI helper + * audit: Always log failure metrics, even if zero, to ensure the values appear + on dashboards [GH-3937] BUG FIXES: From d285fdf957e3202dfd3f5150365cc3ef62a2b692 Mon Sep 17 00:00:00 2001 From: Chris Hoffman Date: Wed, 7 Feb 2018 19:29:07 -0500 Subject: [PATCH 074/178] Fixing docs links and adding redirects for new guides (#3939) * updating links * updating links * updating links * updating links * updating links * adding redirects --- website/redirects.txt | 18 +++++++++++++++--- .../commands/operator/generate-root.html.md | 2 +- .../docs/commands/operator/rekey.html.md | 2 +- website/source/docs/concepts/policies.html.md | 4 ++-- website/source/docs/concepts/tokens.html.md | 2 +- .../docs/enterprise/replication/index.html.md | 2 +- .../configuration/authentication.html.md | 14 +++++++------- .../source/guides/configuration/lease.html.md | 10 +++++----- .../guides/configuration/policies.html.md | 2 +- website/source/guides/operations/index.html.md | 6 +++--- .../guides/operations/production.html.md | 2 +- .../guides/secret-mgmt/cubbyhole.html.md | 6 +++--- .../guides/secret-mgmt/dynamic-secrets.html.md | 10 +++++----- .../guides/secret-mgmt/static-secrets.html.md | 8 ++++---- 14 files changed, 50 insertions(+), 38 deletions(-) diff --git a/website/redirects.txt b/website/redirects.txt index 0a317b3f1f6c..9f59114bc6ba 100644 --- a/website/redirects.txt +++ b/website/redirects.txt @@ -68,10 +68,11 @@ /docs/http/sys-rotate.html /api/system/rotate.html /docs/http/sys-raw.html /api/system/raw.html /docs/http/sys-health.html /api/system/health.html -/docs/guides/generate-root.html /guides/generate-root.html + +/docs/guides/generate-root.html /guides/configuration/generate-root.html /docs/guides/index.html /guides/index.html -/docs/guides/production.html /guides/production.html -/docs/guides/replication.html /guides/replication.html +/docs/guides/production.html /guides/operations/production.html +/docs/guides/replication.html /guides/operations/replication.html /docs/guides/upgrading/index.html /guides/upgrading/index.html /docs/guides/upgrading/upgrade-to-0.5.0.html /guides/upgrading/upgrade-to-0.5.0.html /docs/guides/upgrading/upgrade-to-0.5.1.html /guides/upgrading/upgrade-to-0.5.1.html @@ -81,6 +82,17 @@ /docs/guides/upgrading/upgrade-to-0.6.3.html /guides/upgrading/upgrade-to-0.6.3.html /docs/guides/upgrading/upgrade-to-0.6.4.html /guides/upgrading/upgrade-to-0.6.4.html /docs/guides/upgrading/upgrade-to-0.7.0.html /guides/upgrading/upgrade-to-0.7.0.html +/guides/production.html /guides/operations/production.html +/guides/replication.html /guides/operations/replication.html +/guides/policies.html /guides/configuration/policies.html +/guides/authentication.html /guides/configuration/authentication.html +/guides/lease.html /guides/configuration/lease.html +/guides/generate-root.html /guides/configuration/generate-root.html +/guides/rekeying-and-rotating.html /guides/configuration/rekeying-and-rotating.html +/guides/plugin-backends.html /guides/configuration/plugin-backends.html +/guides/static-secrets.html /guides/secret-mgmt/static-secrets.html +/guides/dynamic-secret.html /guides/secret-mgmt/dynamic-secret.html +/guides/cubbyhole.html /guides/secret-mgmt/cubbyhole.html /docs/secrets/custom.html /docs/plugin/index.html /docs/secrets/generic/index.html /docs/secrets/kv/index.html /intro/getting-started/acl.html /intro/getting-started/policies.html diff --git a/website/source/docs/commands/operator/generate-root.html.md b/website/source/docs/commands/operator/generate-root.html.md index 4a235aa3cea2..70f0f6da2bd1 100644 --- a/website/source/docs/commands/operator/generate-root.html.md +++ b/website/source/docs/commands/operator/generate-root.html.md @@ -26,7 +26,7 @@ An unseal key may be provided directly on the command line as an argument to the command. If key is specified as "-", the command will read from stdin. If a TTY is available, the command will prompt for text. -Please see the [generate root guide](/guides/generate-root.html) for +Please see the [generate root guide](/guides/configuration/generate-root.html) for step-by-step instructions. ## Examples diff --git a/website/source/docs/commands/operator/rekey.html.md b/website/source/docs/commands/operator/rekey.html.md index 04bd9541838a..2635d0923b09 100644 --- a/website/source/docs/commands/operator/rekey.html.md +++ b/website/source/docs/commands/operator/rekey.html.md @@ -22,7 +22,7 @@ An unseal key may be provided directly on the command line as an argument to the command. If key is specified as "-", the command will read from stdin. If a TTY is available, the command will prompt for text. -Please see the [rotating and rekeying](/guides/rekeying-and-rotating.html) for +Please see the [rotating and rekeying](/guides/configuration/rekeying-and-rotating.html) for step-by-step instructions. ## Examples diff --git a/website/source/docs/concepts/policies.html.md b/website/source/docs/concepts/policies.html.md index 20188b88fb1f..6d37e895b5d9 100644 --- a/website/source/docs/concepts/policies.html.md +++ b/website/source/docs/concepts/policies.html.md @@ -437,8 +437,8 @@ $ curl \ For more information, please read: -- [Production Hardening](/guides/production.html) -- [Generating a Root Token](/guides/generate-root.html) +- [Production Hardening](/guides/operations/production.html) +- [Generating a Root Token](/guides/configuration/generate-root.html) ## Managing Policies diff --git a/website/source/docs/concepts/tokens.html.md b/website/source/docs/concepts/tokens.html.md index c917e294f516..53e3d12e76d2 100644 --- a/website/source/docs/concepts/tokens.html.md +++ b/website/source/docs/concepts/tokens.html.md @@ -54,7 +54,7 @@ of version 0.6.1, there are only three ways to create root tokens: expiration 2. By using another root token; a root token with an expiration cannot create a root token that never expires -3. By using `vault generate-root` ([example](/guides/generate-root.html)) +3. By using `vault generate-root` ([example](/guides/configuration/generate-root.html)) with the permission of a quorum of unseal key holders Root tokens are useful in development but should be extremely carefully guarded diff --git a/website/source/docs/enterprise/replication/index.html.md b/website/source/docs/enterprise/replication/index.html.md index f55bc2e47f4f..7d3d1b72756b 100644 --- a/website/source/docs/enterprise/replication/index.html.md +++ b/website/source/docs/enterprise/replication/index.html.md @@ -134,7 +134,7 @@ its encrypted barrier. ## Setup and Best Practices -A [setup guide](/guides/replication.html) is +A [setup guide](/guides/operations/replication.html) is available to help you get started; this guide also contains best practices around operationalizing the replication feature. diff --git a/website/source/guides/configuration/authentication.html.md b/website/source/guides/configuration/authentication.html.md index 42bb8fa9011b..882cb0d227ec 100644 --- a/website/source/guides/configuration/authentication.html.md +++ b/website/source/guides/configuration/authentication.html.md @@ -36,7 +36,7 @@ enabling the [**AppRole**](/docs/auth/approle.html) auth backend. ## Reference Material - [Getting Started](/intro/getting-started/authentication.html) -- [Auth Backends](docs/auth/index.html) +- [Auth Backends](/docs/auth/index.html) - [GitHub Auth APIs](/api/auth/github/index.html) @@ -123,7 +123,7 @@ path "secret/mysql/*" { ``` If you are not familiar with policies, complete the -[policies](/guides/policies.html) guide. +[policies](/guides/configuration/policies.html) guide. ## Steps @@ -133,7 +133,7 @@ to allow machines or apps to acquire a token to interact with Vault. It uses **Role ID** and **Secret ID** for login. The basic workflow is: -![AppRole auth backend workflow](assets/images/vault-approle-workflow.png) +![AppRole auth backend workflow](/assets/images/vault-approle-workflow.png) > For the purpose of introducing the basics of AppRole, this guide walks you > through a very simple scenario involving only two personas (admin and app). @@ -235,7 +235,7 @@ $ vault write auth/approle/role/ [parameters] > specify `token_num_uses` and `token_ttl`. You may never want the app token to > expire. In such a case, specify the `period` so that the token generated by > this AppRole is a periodic token. To learn more about periodic token, refer to -> the [Tokens and Leases](/guifes/lease.html#step4) guide. +> the [Tokens and Leases](/guides/configuration/lease.html#step4) guide. **Example:** @@ -304,7 +304,7 @@ $ curl --header "X-Vault-Token: ..." --request POST \ > specify `token_num_uses` and `token_ttl`. You may never want the app token to > expire. In such a case, specify the `period` so that the token generated by > this AppRole is a periodic token. To learn more about periodic token, refer to -> the [Tokens and Leases](/guifes/lease.html#step4) guide. +> the [Tokens and Leases](/guides/configuration/lease.html#step4) guide. **NOTE:** To attach multiple policies, pass the policy names as a comma @@ -617,7 +617,7 @@ For example, Terraform as a trusted entity can deliver the Role ID onto the virtual machine. When the app runs on the virtual machine, the Role ID already exists on the virtual machine. -![AppRole auth backend workflow](assets/images/vault-approle-workflow2.png) +![AppRole auth backend workflow](/assets/images/vault-approle-workflow2.png) Secret ID is like a password. To keep the Secret ID confidential, use [**response wrapping**](/docs/concepts/response-wrapping.html) so that the only @@ -668,4 +668,4 @@ b07d7a47-1d0d-741d-20b4-ae0de7c6d964 ## Next steps To learn more about response wrapping, go to [Cubbyhole Response -Wrapping](/guides/cubbyhole.html) guide. +Wrapping](/guides/secret-mgmt/cubbyhole.html) guide. diff --git a/website/source/guides/configuration/lease.html.md b/website/source/guides/configuration/lease.html.md index e50af7d01db1..9060e661cdb7 100644 --- a/website/source/guides/configuration/lease.html.md +++ b/website/source/guides/configuration/lease.html.md @@ -41,8 +41,8 @@ two hours later, `b519c6aa...` will be revoked and takes its child ## Reference Material -- The [Validation](/guides/dynamic-secrets.html#validation) section of the -[Secret as a Service](/guides/dynamic-secrets.html) guide demonstrated lease +- The [Validation](/guides/secret-mgmt/dynamic-secrets.html#validation) section of the +[Secret as a Service](/guides/secret-mgmt/dynamic-secrets.html) guide demonstrated lease renewal and revocation - [Tokens documentation](/docs/concepts/tokens.html) - [Token Auth Backend HTTP API](/api/auth/token/index.html) @@ -131,7 +131,7 @@ path "sys/mounts/database/tune" { ``` If you are not familiar with policies, complete the -[policies](/guides/policies.html) guide. +[policies](/guides/configuration/policies.html) guide. ## Steps @@ -625,7 +625,7 @@ are talking about long-running apps need to be able to renew its token indefinitely. -> For more details about AppRole, read the [AppRole Pull --Authentication](/guides/authentication.html) guide. +-Authentication](/guides/configuration/authentication.html) guide. To create AppRole periodic tokens, create your AppRole role with `period` specified. @@ -803,5 +803,5 @@ renewable true ## Next steps Now you have learned the lifecycle of tokens and leases, read [AppRole Pull -Authentication](/guides/authentication.html) guide to learn how to generate +Authentication](/guides/configuration/authentication.html) guide to learn how to generate tokens for apps or machines. diff --git a/website/source/guides/configuration/policies.html.md b/website/source/guides/configuration/policies.html.md index e08de04c756a..343b98e7d86f 100644 --- a/website/source/guides/configuration/policies.html.md +++ b/website/source/guides/configuration/policies.html.md @@ -584,5 +584,5 @@ $ curl --request POST --header "X-Vault-Token: ..." --data '{"path":"sys/auth/ap ## Next steps In this guide, you learned how to write policies based on given policy -requirements. Next, [AppRole Pull Authentication](/guides/authentication.html) +requirements. Next, [AppRole Pull Authentication](/guides/configuration/authentication.html) guide demonstrates how to associate policies to a role. diff --git a/website/source/guides/operations/index.html.md b/website/source/guides/operations/index.html.md index 6e8dc8d6584c..83a3d02d663f 100644 --- a/website/source/guides/operations/index.html.md +++ b/website/source/guides/operations/index.html.md @@ -13,11 +13,11 @@ Vault Operations guides address Vault infrastructure discussions. These guides are designed to help the operations team to plan and install a Vault cluster that meets your organization's needs. -- [Production Hardening](/guides/architecture/production.html) guide provides -guidance on best practices for a production hardened deployment of Vault. +- [Production Hardening](/guides/operations/production.html) guide provides +guidance on best practices for a production hardened deployment of Vault. The recommendations are based on the [security model](/docs/internals/security.html) and focus on defense in depth. -- [Replication Setup & Guidance](/guides/architecture/replication.html) +- [Replication Setup & Guidance](/guides/operations/replication.html) walks you through the commands to activate the Vault servers in replication mode. Please note that [Vault Replication](/docs/vault-enterprise/replication/index.html) is a Vault Enterprise feature. diff --git a/website/source/guides/operations/production.html.md b/website/source/guides/operations/production.html.md index 4bc54a1109e8..13f3ad9466a4 100644 --- a/website/source/guides/operations/production.html.md +++ b/website/source/guides/operations/production.html.md @@ -81,7 +81,7 @@ and practical. code](https://www.hashicorp.com/blog/codifying-vault-policies-and-configuration/), and using version control to manage policies. Once setup, the root token should be revoked to eliminate the risk of exposure. Root tokens can be - [generated when needed](/guides/generate-root.html), and should be + [generated when needed](/guides/configuration/generate-root.html), and should be revoked as soon as possible. * **Enable Auditing**. Vault supports several auditing backends. Enabling diff --git a/website/source/guides/secret-mgmt/cubbyhole.html.md b/website/source/guides/secret-mgmt/cubbyhole.html.md index ccbe576d5dc5..b0c6905f3dee 100644 --- a/website/source/guides/secret-mgmt/cubbyhole.html.md +++ b/website/source/guides/secret-mgmt/cubbyhole.html.md @@ -111,7 +111,7 @@ uses cubbyhole response wrapping. In this guide, you perform the following: **NOTE:** This guide demonstrates how the response wrapping works. To learn more about reading and writing secrets in Vault, refer to the [Static -Secret](/guide/static-secrets.html) guide. +Secret](/guides/secret-mgmt/static-secrets.html) guide. ### Step 1: Create and wrap a token (**Persona:** admin) @@ -539,7 +539,7 @@ Also, refer to [Cubbyhole Secret Backend HTTP API](/api/secret/cubbyhole/index.h ## Next steps -The use of [AppRole Pull Authentication](/guides/authentication.html) is a good +The use of [AppRole Pull Authentication](/guides/configuration/authentication.html) is a good use case to leverage the response wrapping. Go through the guide if you have not done so. To better understand the lifecycle of Vault tokens, proceed to [Tokens -and Leases](/guides/lease.html) guide. +and Leases](/guides/configuration/lease.html) guide. diff --git a/website/source/guides/secret-mgmt/dynamic-secrets.html.md b/website/source/guides/secret-mgmt/dynamic-secrets.html.md index c90a99a92a80..3e8e0167de26 100644 --- a/website/source/guides/secret-mgmt/dynamic-secrets.html.md +++ b/website/source/guides/secret-mgmt/dynamic-secrets.html.md @@ -50,7 +50,7 @@ environment variables. The administrator specifies the TTL of the database credentials to enforce its validity so that they are automatically revoked when they are no longer used. -![Dynamic Secret Workflow](assets/images/vault-dynamic-secrets.png) +![Dynamic Secret Workflow](/assets/images/vault-dynamic-secrets.png) Each app instance can get unique credentials that they don't have to share. By making those credentials to be short-lived, you reduced the change of the secret @@ -124,7 +124,7 @@ path "auth/token/create" { ``` If you are not familiar with policies, complete the -[policies](/guides/policies.html) guide. +[policies](/guides/configuration/policies.html) guide. ## Steps @@ -338,7 +338,7 @@ token_policies [apps default] Use the returned token to perform the remaining. -**NOTE:** [AppRole Pull Authentication](/guides/authentication.html) guide +**NOTE:** [AppRole Pull Authentication](/guides/configuration/authentication.html) guide demonstrates more sophisticated way of generating a token for your apps. ```shell @@ -412,7 +412,7 @@ $ curl --header "X-Vault-Token: ..." --request POST \ Be sure to use the returned token to perform the remaining. -**NOTE:** [AppRole Pull Authentication](/guides/authentication.html) guide +**NOTE:** [AppRole Pull Authentication](/guides/configuration/authentication.html) guide demonstrates more sophisticated way of generating a token for your apps. ```shell @@ -498,5 +498,5 @@ user name exists. This guide discussed how to generate credentials on--dataemand so that the access credentials no longer need to be written to disk. Next, learn about the -[Tokens and Leases](/guides/lease.html) so that you can control the lifecycle of +[Tokens and Leases](/guides/configuration/lease.html) so that you can control the lifecycle of those credentials. diff --git a/website/source/guides/secret-mgmt/static-secrets.html.md b/website/source/guides/secret-mgmt/static-secrets.html.md index af7fffd0f3e1..4ebb8e1d8637 100644 --- a/website/source/guides/secret-mgmt/static-secrets.html.md +++ b/website/source/guides/secret-mgmt/static-secrets.html.md @@ -20,8 +20,8 @@ Secret Storage. ## Reference Material - [Key/Value Secret Backend](/docs/secrets/kv/index.html) -- [Key/Value Secret Backend API](/apikey/secret/kv/index.html) -- [Client libraries](/apikey/libraries.html) for Vault API for commonly used languages +- [Key/Value Secret Backend API](/api/secret/kv/index.html) +- [Client libraries](/api/libraries.html) for Vault API for commonly used languages ## Estimated Time to Complete @@ -94,7 +94,7 @@ path "auth/token/create" { ``` If you are not familiar with policies, complete the -[policies](/guides/policies.html) guide. +[policies](/guides/configuration/policies.html) guide. ## Steps @@ -545,5 +545,5 @@ $ cat mongodb.txt This guide introduced the CLI commands and API endpoints to read and write secrets in key/value backend. To keep it simple, the `devops` persona generated a token for `apps`. Read [AppRole Pull -Authentication](/guides/authentication.html) guide to learn about +Authentication](/guides/configuration/authentication.html) guide to learn about programmatically generate a token for apps. From 0587540feaf7a9afdbd1cb9b52ac4e7ae9adde3c Mon Sep 17 00:00:00 2001 From: Vishal Nayak Date: Wed, 7 Feb 2018 20:43:05 -0500 Subject: [PATCH 075/178] avoid masking of role tag response (#3941) --- builtin/credential/aws/path_login.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/builtin/credential/aws/path_login.go b/builtin/credential/aws/path_login.go index 43ef00ba194c..40ceee9bdc39 100644 --- a/builtin/credential/aws/path_login.go +++ b/builtin/credential/aws/path_login.go @@ -682,7 +682,7 @@ func (b *backend) pathLoginUpdateEc2(ctx context.Context, req *logical.Request, rTagMaxTTL := time.Duration(0) var roleTagResp *roleTagLoginResponse if roleEntry.RoleTag != "" { - roleTagResp, err := b.handleRoleTagLogin(ctx, req.Storage, roleName, roleEntry, instance) + roleTagResp, err = b.handleRoleTagLogin(ctx, req.Storage, roleName, roleEntry, instance) if err != nil { return nil, err } From 7244efe130da761923abaa73dd01f5c2b6399729 Mon Sep 17 00:00:00 2001 From: vishalnayak Date: Wed, 7 Feb 2018 20:44:33 -0500 Subject: [PATCH 076/178] changelog++ --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0ad64490b030..ad8520c7a2d5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ BUG FIXES: replication performance secondaries * auth/approle: Cleanup of secret ID accessors during tidy and removal of dangling accessor entries [GH-3924] + * auth/aws-ec2: Avoid masking of role tag response [GH-3941] * auth/okta: Return configured durations as seconds, not nanoseconds [GH-3871] * auth/token: Token creation via the CLI no longer forces periodic token creation. Passing an explicit zero value for the period no longer create From 8f475dd93f54ac9cd1a6dd3ba426b0b4441d4a9d Mon Sep 17 00:00:00 2001 From: Robert Kreuzer Date: Thu, 8 Feb 2018 16:30:45 +0100 Subject: [PATCH 077/178] Add vaultenv to the list of related tools (#3945) --- website/source/api/relatedtools.html.md | 1 + 1 file changed, 1 insertion(+) diff --git a/website/source/api/relatedtools.html.md b/website/source/api/relatedtools.html.md index 6b442eed3f3a..a53972e4a278 100644 --- a/website/source/api/relatedtools.html.md +++ b/website/source/api/relatedtools.html.md @@ -25,5 +25,6 @@ The following list of tools is maintained by the community of Vault users; Hashi * [pouch](https://github.com/tuenti/pouch) - A set of tools to manage provisioning of secrets on hosts based on the AppRole authentication method of Vault * [vault-aws-creds](https://github.com/jantman/vault-aws-creds) - Python helper to export Vault-provided temporary AWS creds into the environment * [goldfish](https://github.com/Caiyeon/goldfish) - A Vault UI panel written with VueJS and Vault native Go API. +* [vaultenv](https://github.com/channable/vaultenv) - A tool that fetches secrets in parallel, puts them into the environment and then `exec`s the process that needs them Want to add your own project, or one that you use? Additions are welcome via [pull requests](https://github.com/hashicorp/vault/blob/master/website/source/api/relatedtools.html.md). From ec27e83b6e9cb65f1642d0930f208b0cc7a9a181 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Thu, 8 Feb 2018 11:15:47 -0500 Subject: [PATCH 078/178] Update relatedtools.html.md --- website/source/api/relatedtools.html.md | 1 + 1 file changed, 1 insertion(+) diff --git a/website/source/api/relatedtools.html.md b/website/source/api/relatedtools.html.md index a53972e4a278..d62177167cba 100644 --- a/website/source/api/relatedtools.html.md +++ b/website/source/api/relatedtools.html.md @@ -26,5 +26,6 @@ The following list of tools is maintained by the community of Vault users; Hashi * [vault-aws-creds](https://github.com/jantman/vault-aws-creds) - Python helper to export Vault-provided temporary AWS creds into the environment * [goldfish](https://github.com/Caiyeon/goldfish) - A Vault UI panel written with VueJS and Vault native Go API. * [vaultenv](https://github.com/channable/vaultenv) - A tool that fetches secrets in parallel, puts them into the environment and then `exec`s the process that needs them +* [vault-migrator](https://github.com/nebtex/vault-migrator) - A tool to migrate data between different Vault storage mechanisms Want to add your own project, or one that you use? Additions are welcome via [pull requests](https://github.com/hashicorp/vault/blob/master/website/source/api/relatedtools.html.md). From dd9f17ef7dcd1698f9084746e43dbfd754aa75fe Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Thu, 8 Feb 2018 13:34:45 -0500 Subject: [PATCH 079/178] Exclude rekey command tests from race detector --- command/operator_rekey_test.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/command/operator_rekey_test.go b/command/operator_rekey_test.go index 47154c73ec8d..64718aacfd57 100644 --- a/command/operator_rekey_test.go +++ b/command/operator_rekey_test.go @@ -1,3 +1,5 @@ +// +build !race + package command import ( From d6e38ddf8a11a0ccd0708a33ef81e058626b325f Mon Sep 17 00:00:00 2001 From: Guillaume Date: Thu, 8 Feb 2018 18:09:39 -0500 Subject: [PATCH 080/178] Minor tweaks to Windows build scripts (#3931) --- make.bat | 10 ++++++++-- scripts/windows/build.bat | 2 +- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/make.bat b/make.bat index 34adbfded956..c5b6baf0f619 100644 --- a/make.bat +++ b/make.bat @@ -6,7 +6,8 @@ set _EXITCODE=0 REM If no target is provided, default to test. if [%1]==[] goto test -set _TARGETS=bin,dev,generate,test,testacc,testrace,vet +set _TARGETS=bin,bootstrap,dev,generate,test,testacc,testrace,vet +set _EXTERNAL_TOOLS=github.com/mitchellh/gox,github.com/kardianos/govendor REM Run target. for %%a in (%_TARGETS%) do (if x%1==x%%a goto %%a) @@ -18,6 +19,11 @@ REM bin generates the releaseable binaries for Vault call .\scripts\windows\build.bat "%CD%" goto :eof +REM bootstrap downloads required build tools +:bootstrap + for %%t in (%_EXTERNAL_TOOLS%) do (go get -u -v %%t) + goto :eof + REM dev creates binaries for testing Vault locally. These are put REM into ./bin/ as well as %GOPATH%/bin :dev @@ -28,7 +34,7 @@ REM into ./bin/ as well as %GOPATH%/bin REM generate runs `go generate` to build the dynamically generated REM source files. :generate - go list ./... | findstr /v vendor | go generate + for /F "usebackq" %%f in (`go list ./... ^| findstr /v vendor`) do @go generate %%f goto :eof REM test runs the unit tests and vets the code. diff --git a/scripts/windows/build.bat b/scripts/windows/build.bat index feace8f29b9a..0e33e4c67358 100644 --- a/scripts/windows/build.bat +++ b/scripts/windows/build.bat @@ -60,7 +60,7 @@ echo ==^> Building... gox^ -os="%_XC_OS%"^ -arch="%_XC_ARCH%"^ - -ldflags "-X github.com/hashicorp/vault/version.GitCommit %_GIT_COMMIT%%_GIT_DIRTY%"^ + -ldflags "-X github.com/hashicorp/vault/version.GitCommit=%_GIT_COMMIT%%_GIT_DIRTY%"^ -output "pkg/{{.OS}}_{{.Arch}}/vault"^ . From f64bcf1a9abe40e6b6094893cd1cab50411a0095 Mon Sep 17 00:00:00 2001 From: Roger Berlind Date: Thu, 8 Feb 2018 18:11:00 -0500 Subject: [PATCH 081/178] Updated replication table (#3929) --- website/source/docs/enterprise/replication/index.html.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/website/source/docs/enterprise/replication/index.html.md b/website/source/docs/enterprise/replication/index.html.md index 7d3d1b72756b..34d78e0884ca 100644 --- a/website/source/docs/enterprise/replication/index.html.md +++ b/website/source/docs/enterprise/replication/index.html.md @@ -67,10 +67,10 @@ They do not forward service read or write requests until they are elected and be | Capability | Disaster Recovery | Performance | |-------------------------------------------------------------------------------------------------------------------------- |------------------- |-------------------------------------------------------------------------- | -| Mirrors the secrets infrastructure of a primary cluster | Yes | Yes | -| Mirrors the configuration of a primary cluster’s backends (i.e.: auth methods, storage backends, secrets engines, etc.) | Yes | Yes | -| Contains a local replica of secrets on the secondary and allows the secondary to forward writes | No | Yes | -| Mirrors the token auth infrastructure for applications or users interacting with the primary cluster | Yes | No. Upon promotion, applications must re-auth tokens with a new primary. | +| Mirrors the configuration of a primary cluster | Yes | Yes | +| Mirrors the configuration of a primary cluster’s backends (i.e.: auth methods, secrets engines, audit devices, etc.) | Yes | Yes | +| Mirrors the tokens and leases for applications and users interacting with the primary cluster | Yes | No. Applications must re-auth tokens and obtain new leases from the new primary. | +| Allows the secondary cluster to handle client requests | No | Yes | For more information on the capabilities of performance and disaster recovery replication, see the Vault Replication [API Documentation](/api/system/replication.html). From 5ccb34744e2ab341bfc898d607a0c7fb5654c1bf Mon Sep 17 00:00:00 2001 From: Brian Kassouf Date: Thu, 8 Feb 2018 16:51:26 -0800 Subject: [PATCH 082/178] plugin/gRPC: fix panic when special paths are not set (#3946) * plugin/gRPC: fix panic when special paths are not set * Remove comment --- logical/plugin/grpc_backend_client.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/logical/plugin/grpc_backend_client.go b/logical/plugin/grpc_backend_client.go index 8e584d778d3f..7df90837d1c3 100644 --- a/logical/plugin/grpc_backend_client.go +++ b/logical/plugin/grpc_backend_client.go @@ -73,12 +73,15 @@ func (b *backendGRPCPluginClient) HandleRequest(ctx context.Context, req *logica } func (b *backendGRPCPluginClient) SpecialPaths() *logical.Paths { - // Timeout the connection reply, err := b.client.SpecialPaths(b.doneCtx, &pb.Empty{}) if err != nil { return nil } + if reply.Paths == nil { + return nil + } + return &logical.Paths{ Root: reply.Paths.Root, Unauthenticated: reply.Paths.Unauthenticated, From 1bad693a01982321198750e9ad1e8a9ed453a6d9 Mon Sep 17 00:00:00 2001 From: Brian Kassouf Date: Thu, 8 Feb 2018 16:52:14 -0800 Subject: [PATCH 083/178] changelog++ --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index ad8520c7a2d5..54131d57c497 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -25,6 +25,7 @@ BUG FIXES: * storage/zookeeper: Update vendoring to fix freezing issues [GH-3896] * plugin/gRPC: Fixed an issue with list requests and raw responses coming from plugins using gRPC transport [GH-3881] + * plugin/gRPC: Fix panic when special paths are not set [GH-3946] ## 0.9.3 (January 28th, 2018) From e47c7e866a47f45f1938a44fa13c728ad1af783f Mon Sep 17 00:00:00 2001 From: alexandrumd Date: Fri, 9 Feb 2018 14:43:18 +0200 Subject: [PATCH 084/178] Change 'rules' parameter for Policies requests (#3947) With Vault Version: 0.9.1, the following is returned when using "rules" for policies operation: ```The following warnings were returned from the Vault server: * 'rules' is deprecated, please use 'policy' instead``` --- website/source/docs/concepts/policies.html.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/website/source/docs/concepts/policies.html.md b/website/source/docs/concepts/policies.html.md index 6d37e895b5d9..6f15d630b585 100644 --- a/website/source/docs/concepts/policies.html.md +++ b/website/source/docs/concepts/policies.html.md @@ -472,7 +472,7 @@ Policies may be created (uploaded) via the CLI or via the API. To create a new policy in Vault: ```sh -$ vault write sys/policy/my-policy rules=@my-policy.hcl +$ vault write sys/policy/my-policy policy=@my-policy.hcl ``` -> The `@` tells Vault to read from a file on disk. In the example above, Vault @@ -485,7 +485,7 @@ or via the API: $ curl \ --request POST \ --header "X-Vault-Token: ..." \ - --data '{"rules":"path \"...\" {...} "}' \ + --data '{"policy":"path \"...\" {...} "}' \ https://vault.hashicorp.rocks/v1/sys/policy/my-policy ``` @@ -500,7 +500,7 @@ API. To update an existing policy in Vault, follow the same steps as creating a policy, but use an existing policy name: ```sh -$ vault write sys/policy/my-existing-policy rules=@updated-policy.json +$ vault write sys/policy/my-existing-policy policy=@updated-policy.json ``` or via the API: @@ -509,7 +509,7 @@ or via the API: $ curl \ --request POST \ --header "X-Vault-Token: ..." \ - --data '{"rules":"path \"...\" {...} "}' \ + --data '{"policy":"path \"...\" {...} "}' \ https://vault.hashicorp.rocks/v1/sys/policy/my-existing-policy ``` From 5bb8fa246952a7eb47eb136b6642bbff230379e9 Mon Sep 17 00:00:00 2001 From: Vishal Nayak Date: Fri, 9 Feb 2018 10:40:56 -0500 Subject: [PATCH 085/178] AppRole/Identity: Fix for race when creating an entity during login (#3932) * possible fix for race in approle login while creating entity * Add a test that hits the login request concurrently * address review comments --- command/approle_concurrency_integ_test.go | 86 +++++++++++++++++++++++ vault/identity_store.go | 49 +++++++++++-- vault/identity_store_test.go | 22 ++++-- vault/identity_store_util.go | 19 ++++- vault/request_handling.go | 15 ++-- 5 files changed, 167 insertions(+), 24 deletions(-) create mode 100644 command/approle_concurrency_integ_test.go diff --git a/command/approle_concurrency_integ_test.go b/command/approle_concurrency_integ_test.go new file mode 100644 index 000000000000..d9f9fe9b92c3 --- /dev/null +++ b/command/approle_concurrency_integ_test.go @@ -0,0 +1,86 @@ +package command + +import ( + "sync" + "testing" + + "github.com/hashicorp/vault/api" + credAppRole "github.com/hashicorp/vault/builtin/credential/approle" + vaulthttp "github.com/hashicorp/vault/http" + "github.com/hashicorp/vault/logical" + "github.com/hashicorp/vault/vault" + logxi "github.com/mgutz/logxi/v1" +) + +func TestAppRole_Integ_ConcurrentLogins(t *testing.T) { + var err error + coreConfig := &vault.CoreConfig{ + DisableMlock: true, + DisableCache: true, + Logger: logxi.NullLog, + CredentialBackends: map[string]logical.Factory{ + "approle": credAppRole.Factory, + }, + } + + cluster := vault.NewTestCluster(t, coreConfig, &vault.TestClusterOptions{ + HandlerFunc: vaulthttp.Handler, + }) + + cluster.Start() + defer cluster.Cleanup() + + cores := cluster.Cores + + vault.TestWaitActive(t, cores[0].Core) + + client := cores[0].Client + + err = client.Sys().EnableAuthWithOptions("approle", &api.EnableAuthOptions{ + Type: "approle", + }) + if err != nil { + t.Fatal(err) + } + + _, err = client.Logical().Write("auth/approle/role/role1", map[string]interface{}{ + "bind_secret_id": "true", + "period": "300", + }) + if err != nil { + t.Fatal(err) + } + + secret, err := client.Logical().Write("auth/approle/role/role1/secret-id", nil) + if err != nil { + t.Fatal(err) + } + secretID := secret.Data["secret_id"].(string) + + secret, err = client.Logical().Read("auth/approle/role/role1/role-id") + if err != nil { + t.Fatal(err) + } + roleID := secret.Data["role_id"].(string) + + wg := &sync.WaitGroup{} + + for i := 0; i < 100; i++ { + wg.Add(1) + go func() { + defer wg.Done() + secret, err = client.Logical().Write("auth/approle/login", map[string]interface{}{ + "role_id": roleID, + "secret_id": secretID, + }) + if err != nil { + t.Fatal(err) + } + if secret.Auth.ClientToken == "" { + t.Fatalf("expected a successful login") + } + }() + + } + wg.Wait() +} diff --git a/vault/identity_store.go b/vault/identity_store.go index 559c8148d25a..60cd0262fb68 100644 --- a/vault/identity_store.go +++ b/vault/identity_store.go @@ -249,7 +249,27 @@ func (i *IdentityStore) entityByAliasFactors(mountAccessor, aliasName string, cl return nil, fmt.Errorf("missing alias name") } - alias, err := i.MemDBAliasByFactors(mountAccessor, aliasName, false, false) + txn := i.db.Txn(false) + + return i.entityByAliasFactorsInTxn(txn, mountAccessor, aliasName, clone) +} + +// entityByAlaisFactorsInTxn fetches the entity based on factors of alias, i.e +// mount accessor and the alias name. +func (i *IdentityStore) entityByAliasFactorsInTxn(txn *memdb.Txn, mountAccessor, aliasName string, clone bool) (*identity.Entity, error) { + if txn == nil { + return nil, fmt.Errorf("nil txn") + } + + if mountAccessor == "" { + return nil, fmt.Errorf("missing mount accessor") + } + + if aliasName == "" { + return nil, fmt.Errorf("missing alias name") + } + + alias, err := i.MemDBAliasByFactorsInTxn(txn, mountAccessor, aliasName, false, false) if err != nil { return nil, err } @@ -258,12 +278,12 @@ func (i *IdentityStore) entityByAliasFactors(mountAccessor, aliasName string, cl return nil, nil } - return i.MemDBEntityByAliasID(alias.ID, clone) + return i.MemDBEntityByAliasIDInTxn(txn, alias.ID, clone) } -// CreateEntity creates a new entity. This is used by core to +// CreateOrFetchEntity creates a new entity. This is used by core to // associate each login attempt by an alias to a unified entity in Vault. -func (i *IdentityStore) CreateEntity(alias *logical.Alias) (*identity.Entity, error) { +func (i *IdentityStore) CreateOrFetchEntity(alias *logical.Alias) (*identity.Entity, error) { var entity *identity.Entity var err error @@ -290,9 +310,24 @@ func (i *IdentityStore) CreateEntity(alias *logical.Alias) (*identity.Entity, er return nil, err } if entity != nil { - return nil, fmt.Errorf("alias already belongs to a different entity") + return entity, nil } + // Create a MemDB transaction to update both alias and entity + txn := i.db.Txn(true) + defer txn.Abort() + + // Check if an entity was created before acquiring the lock + entity, err = i.entityByAliasFactorsInTxn(txn, alias.MountAccessor, alias.Name, false) + if err != nil { + return nil, err + } + if entity != nil { + return entity, nil + } + + i.logger.Debug("identity: creating a new entity", "alias", alias) + entity = &identity.Entity{} err = i.sanitizeEntity(entity) @@ -320,10 +355,12 @@ func (i *IdentityStore) CreateEntity(alias *logical.Alias) (*identity.Entity, er } // Update MemDB and persist entity object - err = i.upsertEntity(entity, nil, true) + err = i.upsertEntityInTxn(txn, entity, nil, true, false) if err != nil { return nil, err } + txn.Commit() + return entity, nil } diff --git a/vault/identity_store_test.go b/vault/identity_store_test.go index 5f5c884609d3..5c7f338191a0 100644 --- a/vault/identity_store_test.go +++ b/vault/identity_store_test.go @@ -9,7 +9,7 @@ import ( "github.com/hashicorp/vault/logical" ) -func TestIdentityStore_CreateEntity(t *testing.T) { +func TestIdentityStore_CreateOrFetchEntity(t *testing.T) { is, ghAccessor, _ := testIdentityStoreWithGithubAuth(t) alias := &logical.Alias{ MountType: "github", @@ -17,7 +17,7 @@ func TestIdentityStore_CreateEntity(t *testing.T) { Name: "githubuser", } - entity, err := is.CreateEntity(alias) + entity, err := is.CreateOrFetchEntity(alias) if err != nil { t.Fatal(err) } @@ -33,10 +33,20 @@ func TestIdentityStore_CreateEntity(t *testing.T) { t.Fatalf("bad: alias name; expected: %q, actual: %q", alias.Name, entity.Aliases[0].Name) } - // Try recreating an entity with the same alias details. It should fail. - entity, err = is.CreateEntity(alias) - if err == nil { - t.Fatalf("expected an error") + entity, err = is.CreateOrFetchEntity(alias) + if err != nil { + t.Fatal(err) + } + if entity == nil { + t.Fatalf("expected a non-nil entity") + } + + if len(entity.Aliases) != 1 { + t.Fatalf("bad: length of aliases; expected: 1, actual: %d", len(entity.Aliases)) + } + + if entity.Aliases[0].Name != alias.Name { + t.Fatalf("bad: alias name; expected: %q, actual: %q", alias.Name, entity.Aliases[0].Name) } } diff --git a/vault/identity_store_util.go b/vault/identity_store_util.go index 64585171b0a1..2e0e7fea883f 100644 --- a/vault/identity_store_util.go +++ b/vault/identity_store_util.go @@ -666,12 +666,29 @@ func (i *IdentityStore) MemDBAliasByFactors(mountAccessor, aliasName string, clo return nil, fmt.Errorf("missing mount accessor") } + txn := i.db.Txn(false) + + return i.MemDBAliasByFactorsInTxn(txn, mountAccessor, aliasName, clone, groupAlias) +} + +func (i *IdentityStore) MemDBAliasByFactorsInTxn(txn *memdb.Txn, mountAccessor, aliasName string, clone bool, groupAlias bool) (*identity.Alias, error) { + if txn == nil { + return nil, fmt.Errorf("nil txn") + } + + if aliasName == "" { + return nil, fmt.Errorf("missing alias name") + } + + if mountAccessor == "" { + return nil, fmt.Errorf("missing mount accessor") + } + tableName := entityAliasesTable if groupAlias { tableName = groupAliasesTable } - txn := i.db.Txn(false) aliasRaw, err := txn.First(tableName, "factors", mountAccessor, aliasName) if err != nil { return nil, fmt.Errorf("failed to fetch alias from memdb using factors: %v", err) diff --git a/vault/request_handling.go b/vault/request_handling.go index 360d39e0b91a..79477db2259c 100644 --- a/vault/request_handling.go +++ b/vault/request_handling.go @@ -436,22 +436,15 @@ func (c *Core) handleLoginRequest(ctx context.Context, req *logical.Request) (re var err error - // Check if an entity already exists for the given alias - entity, err = c.identityStore.entityByAliasFactors(auth.Alias.MountAccessor, auth.Alias.Name, false) + // Fetch the entity for the alias, or create an entity if one + // doesn't exist. + entity, err = c.identityStore.CreateOrFetchEntity(auth.Alias) if err != nil { return nil, nil, err } - // If not, create one. if entity == nil { - c.logger.Debug("core: creating a new entity", "alias", auth.Alias) - entity, err = c.identityStore.CreateEntity(auth.Alias) - if err != nil { - return nil, nil, err - } - if entity == nil { - return nil, nil, fmt.Errorf("failed to create an entity for the authenticated alias") - } + return nil, nil, fmt.Errorf("failed to create an entity for the authenticated alias") } auth.EntityID = entity.ID From f8ec02b65b6a3370dc1705f7dc1c5c309aaf195f Mon Sep 17 00:00:00 2001 From: vishalnayak Date: Fri, 9 Feb 2018 10:43:13 -0500 Subject: [PATCH 086/178] changelog++ --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 54131d57c497..aec50d11bb5c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,6 +19,7 @@ BUG FIXES: creation. Passing an explicit zero value for the period no longer create periodic tokens. [GH-3880] * command/ssh: Create and reuse the api client [GH-3909] + * identity: Fix race when creating entities [GH-3932] * storage/etcd3: Fix memory ballooning with standby instances [GH-3798] * storage/etcd3: Fix large lists (like token loading at startup) not being handled [GH-3772] From 58cab5f59f890bf489016749cc849a684b512133 Mon Sep 17 00:00:00 2001 From: Vishal Nayak Date: Fri, 9 Feb 2018 13:42:19 -0500 Subject: [PATCH 087/178] added a flag to make common name optional if desired (#3940) * added a flag to make common name optional if desired * Cover one more case where cn can be empty * remove skipping when empty; instead check for emptiness before calling validateNames * Add verification before adding to DNS names to also fix #3918 --- builtin/logical/pki/backend_test.go | 91 +++++++++++++++++++++ builtin/logical/pki/cert_util.go | 27 +++--- builtin/logical/pki/path_roles.go | 7 ++ website/source/api/secret/pki/index.html.md | 13 +-- 4 files changed, 123 insertions(+), 15 deletions(-) diff --git a/builtin/logical/pki/backend_test.go b/builtin/logical/pki/backend_test.go index b56c9a5bdef0..f6dc61b73aa8 100644 --- a/builtin/logical/pki/backend_test.go +++ b/builtin/logical/pki/backend_test.go @@ -41,6 +41,97 @@ var ( parsedKeyUsageUnderTest int ) +func TestPKI_RequireCN(t *testing.T) { + coreConfig := &vault.CoreConfig{ + LogicalBackends: map[string]logical.Factory{ + "pki": Factory, + }, + } + cluster := vault.NewTestCluster(t, coreConfig, &vault.TestClusterOptions{ + HandlerFunc: vaulthttp.Handler, + }) + cluster.Start() + defer cluster.Cleanup() + + client := cluster.Cores[0].Client + var err error + err = client.Sys().Mount("pki", &api.MountInput{ + Type: "pki", + Config: api.MountConfigInput{ + DefaultLeaseTTL: "16h", + MaxLeaseTTL: "32h", + }, + }) + if err != nil { + t.Fatal(err) + } + + resp, err := client.Logical().Write("pki/root/generate/internal", map[string]interface{}{ + "common_name": "myvault.com", + }) + if err != nil { + t.Fatal(err) + } + if resp == nil { + t.Fatal("expected ca info") + } + + // Create a role which does require CN (default) + _, err = client.Logical().Write("pki/roles/example", map[string]interface{}{ + "allowed_domains": "foobar.com,zipzap.com,abc.com,xyz.com", + "allow_bare_domains": true, + "allow_subdomains": true, + "max_ttl": "2h", + }) + + // Issue a cert with require_cn set to true and with common name supplied. + // It should succeed. + resp, err = client.Logical().Write("pki/issue/example", map[string]interface{}{ + "common_name": "foobar.com", + }) + if err != nil { + t.Fatal(err) + } + + // Issue a cert with require_cn set to true and with out supplying the + // common name. It should error out. + resp, err = client.Logical().Write("pki/issue/example", map[string]interface{}{}) + if err == nil { + t.Fatalf("expected an error due to missing common_name") + } + + // Modify the role to make the common name optional + _, err = client.Logical().Write("pki/roles/example", map[string]interface{}{ + "allowed_domains": "foobar.com,zipzap.com,abc.com,xyz.com", + "allow_bare_domains": true, + "allow_subdomains": true, + "max_ttl": "2h", + "require_cn": false, + }) + + // Issue a cert with require_cn set to false and without supplying the + // common name. It should succeed. + resp, err = client.Logical().Write("pki/issue/example", map[string]interface{}{}) + if err != nil { + t.Fatal(err) + } + + if resp.Data["certificate"] == "" { + t.Fatalf("expected a cert to be generated") + } + + // Issue a cert with require_cn set to false and with a common name. It + // should succeed. + resp, err = client.Logical().Write("pki/issue/example", map[string]interface{}{}) + if err != nil { + t.Fatal(err) + } + + if resp.Data["certificate"] == "" { + t.Fatalf("expected a cert to be generated") + } +} + // Performs basic tests on CA functionality // Uses the RSA CA key func TestBackend_RSAKey(t *testing.T) { diff --git a/builtin/logical/pki/cert_util.go b/builtin/logical/pki/cert_util.go index 1d6c5236ec5a..6f04110b2352 100644 --- a/builtin/logical/pki/cert_util.go +++ b/builtin/logical/pki/cert_util.go @@ -623,8 +623,8 @@ func generateCreationBundle(b *backend, } if cn == "" { cn = data.Get("common_name").(string) - if cn == "" { - return nil, errutil.UserError{Err: `the common_name field is required, or must be provided in a CSR with "use_csr_common_name" set to true`} + if cn == "" && role.RequireCN { + return nil, errutil.UserError{Err: `the common_name field is required, or must be provided in a CSR with "use_csr_common_name" set to true, unless "require_cn" is set to false`} } } @@ -633,7 +633,7 @@ func generateCreationBundle(b *backend, emailAddresses = csr.EmailAddresses } - if !data.Get("exclude_cn_from_sans").(bool) { + if cn != "" && !data.Get("exclude_cn_from_sans").(bool) { if strings.Contains(cn, "@") { // Note: emails are not disallowed if the role's email protection // flag is false, because they may well be included for @@ -642,7 +642,10 @@ func generateCreationBundle(b *backend, // used for the purpose for which they are presented emailAddresses = append(emailAddresses, cn) } else { - dnsNames = append(dnsNames, cn) + // Only add to dnsNames if it's actually a DNS name + if hostnameRegex.MatchString(cn) { + dnsNames = append(dnsNames, cn) + } } } @@ -654,7 +657,9 @@ func generateCreationBundle(b *backend, if strings.Contains(v, "@") { emailAddresses = append(emailAddresses, v) } else { - dnsNames = append(dnsNames, v) + if hostnameRegex.MatchString(cnAlt) { + dnsNames = append(dnsNames, v) + } } } } @@ -662,14 +667,16 @@ func generateCreationBundle(b *backend, // Check the CN. This ensures that the CN is checked even if it's // excluded from SANs. - badName := validateNames(req, []string{cn}, role) - if len(badName) != 0 { - return nil, errutil.UserError{Err: fmt.Sprintf( - "common name %s not allowed by this role", badName)} + if cn != "" { + badName := validateNames(req, []string{cn}, role) + if len(badName) != 0 { + return nil, errutil.UserError{Err: fmt.Sprintf( + "common name %s not allowed by this role", badName)} + } } // Check for bad email and/or DNS names - badName = validateNames(req, dnsNames, role) + badName := validateNames(req, dnsNames, role) if len(badName) != 0 { return nil, errutil.UserError{Err: fmt.Sprintf( "subject alternate name %s not allowed by this role", badName)} diff --git a/builtin/logical/pki/path_roles.go b/builtin/logical/pki/path_roles.go index d3e02401a83c..d3a32e9983d6 100644 --- a/builtin/logical/pki/path_roles.go +++ b/builtin/logical/pki/path_roles.go @@ -221,6 +221,11 @@ or revoked, so this option is recommended only for certificates that are non-sensitive, or extremely short-lived. This option implies a value of "false" for "generate_lease".`, }, + "require_cn": &framework.FieldSchema{ + Type: framework.TypeBool, + Default: true, + Description: `If set to false, makes the 'common_name' field optional while generating a certificate.`, + }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ @@ -411,6 +416,7 @@ func (b *backend) pathRoleCreate(ctx context.Context, req *logical.Request, data Organization: data.Get("organization").([]string), GenerateLease: new(bool), NoStore: data.Get("no_store").(bool), + RequireCN: data.Get("require_cn").(bool), } // no_store implies generate_lease := false @@ -541,6 +547,7 @@ type roleEntry struct { Organization []string `json:"organization_list" mapstructure:"organization"` GenerateLease *bool `json:"generate_lease,omitempty"` NoStore bool `json:"no_store" mapstructure:"no_store"` + RequireCN bool `json:"require_cn" mapstructure:"require_cn"` // Used internally for signing intermediates AllowExpirationPastCA bool diff --git a/website/source/api/secret/pki/index.html.md b/website/source/api/secret/pki/index.html.md index 815b9811750d..3b704c2af55d 100644 --- a/website/source/api/secret/pki/index.html.md +++ b/website/source/api/secret/pki/index.html.md @@ -773,11 +773,14 @@ request is denied. Vault. - `no_store` `(bool: false)` – If set, certificates issued/signed against this -role will not be stored in the storage backend. This can improve performance -when issuing large numbers of certificates. However, certificates issued -in this way cannot be enumerated or revoked, so this option is recommended -only for certificates that are non-sensitive, or extremely short-lived. -This option implies a value of `false` for `generate_lease`. + role will not be stored in the storage backend. This can improve performance + when issuing large numbers of certificates. However, certificates issued in + this way cannot be enumerated or revoked, so this option is recommended only + for certificates that are non-sensitive, or extremely short-lived. This + option implies a value of `false` for `generate_lease`. + +- `require_cn` `(bool: true)` - If set to false, makes the `common_name` field + optional while generating a certificate. ### Sample Payload From e1723498234c076d9ee9ce6579ffcdcdc71f1b85 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Fri, 9 Feb 2018 13:44:54 -0500 Subject: [PATCH 088/178] changelog++ --- CHANGELOG.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index aec50d11bb5c..6e34d7521062 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ IMPROVEMENTS: * auth/centrify: Add CLI helper * audit: Always log failure metrics, even if zero, to ensure the values appear on dashboards [GH-3937] + * secret/pki: Add a flag to make the common name optional on certs [GH-3940] BUG FIXES: @@ -20,13 +21,15 @@ BUG FIXES: periodic tokens. [GH-3880] * command/ssh: Create and reuse the api client [GH-3909] * identity: Fix race when creating entities [GH-3932] + * plugin/gRPC: Fixed an issue with list requests and raw responses coming from + plugins using gRPC transport [GH-3881] + * plugin/gRPC: Fix panic when special paths are not set [GH-3946] + * secret/pki: Verify a name is a valid hostname before adding to DNS SANs + [GH-3918] * storage/etcd3: Fix memory ballooning with standby instances [GH-3798] * storage/etcd3: Fix large lists (like token loading at startup) not being handled [GH-3772] * storage/zookeeper: Update vendoring to fix freezing issues [GH-3896] - * plugin/gRPC: Fixed an issue with list requests and raw responses coming from - plugins using gRPC transport [GH-3881] - * plugin/gRPC: Fix panic when special paths are not set [GH-3946] ## 0.9.3 (January 28th, 2018) From 4120046ac8358a2ac4b33d98ff6e5abe7c2e991a Mon Sep 17 00:00:00 2001 From: Chris Hoffman Date: Fri, 9 Feb 2018 13:54:18 -0500 Subject: [PATCH 089/178] Fix auditing for transit keys with backup/restore info (#3919) --- builtin/logical/transit/path_keys.go | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/builtin/logical/transit/path_keys.go b/builtin/logical/transit/path_keys.go index 1e293cbe9983..30951a7b04b0 100644 --- a/builtin/logical/transit/path_keys.go +++ b/builtin/logical/transit/path_keys.go @@ -207,11 +207,22 @@ func (b *backend) pathPolicyRead(ctx context.Context, req *logical.Request, d *f "supports_decryption": p.Type.DecryptionSupported(), "supports_signing": p.Type.SigningSupported(), "supports_derivation": p.Type.DerivationSupported(), - "backup_info": p.BackupInfo, - "restore_info": p.RestoreInfo, }, } + if p.BackupInfo != nil { + resp.Data["backup_info"] = map[string]interface{}{ + "time": p.BackupInfo.Time, + "version": p.BackupInfo.Version, + } + } + if p.RestoreInfo != nil { + resp.Data["restore_info"] = map[string]interface{}{ + "time": p.RestoreInfo.Time, + "version": p.RestoreInfo.Version, + } + } + if p.Derived { switch p.KDF { case keysutil.Kdf_hmac_sha256_counter: From 5d2c8b6b4e00d3c3ec9108545ba895d95160ad7a Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Fri, 9 Feb 2018 13:55:03 -0500 Subject: [PATCH 090/178] changelog++ --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6e34d7521062..c2cf2f2b9216 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -26,6 +26,8 @@ BUG FIXES: * plugin/gRPC: Fix panic when special paths are not set [GH-3946] * secret/pki: Verify a name is a valid hostname before adding to DNS SANs [GH-3918] + * secret/transit: Fix auditing when reading a key after it has been backed up + or restored [GH-3919] * storage/etcd3: Fix memory ballooning with standby instances [GH-3798] * storage/etcd3: Fix large lists (like token loading at startup) not being handled [GH-3772] From 71336d359636386ad89ef4303585c717039b8715 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Fri, 9 Feb 2018 14:04:05 -0500 Subject: [PATCH 091/178] Fix compile --- builtin/logical/pki/cert_util.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/builtin/logical/pki/cert_util.go b/builtin/logical/pki/cert_util.go index 6f04110b2352..bbdff2f3aec7 100644 --- a/builtin/logical/pki/cert_util.go +++ b/builtin/logical/pki/cert_util.go @@ -657,7 +657,7 @@ func generateCreationBundle(b *backend, if strings.Contains(v, "@") { emailAddresses = append(emailAddresses, v) } else { - if hostnameRegex.MatchString(cnAlt) { + if hostnameRegex.MatchString(v) { dnsNames = append(dnsNames, v) } } From e57aff9e694ecc62bec77e95e55829b57c599362 Mon Sep 17 00:00:00 2001 From: Vishal Nayak Date: Fri, 9 Feb 2018 14:04:25 -0500 Subject: [PATCH 092/178] Make mount view read only until after mount persist (#3910) --- logical/storage.go | 4 ++++ vault/audit.go | 15 +++++++++++++++ vault/audit_test.go | 24 ++++++++++++++++++++++++ vault/auth.go | 19 +++++++++++++++++++ vault/auth_test.go | 24 ++++++++++++++++++++++++ vault/barrier_view.go | 20 ++++++++++++-------- vault/barrier_view_test.go | 2 +- vault/mount.go | 18 ++++++++++++++++++ vault/mount_test.go | 24 ++++++++++++++++++++++++ vault/testing.go | 3 +-- 10 files changed, 142 insertions(+), 11 deletions(-) diff --git a/logical/storage.go b/logical/storage.go index 07a8a24065e9..1ca97ab74b7f 100644 --- a/logical/storage.go +++ b/logical/storage.go @@ -14,6 +14,10 @@ import ( // cluster operation. var ErrReadOnly = errors.New("Cannot write to readonly storage") +// ErrSetupReadOnly is returned when a write operation is attempted on a +// storage while the backend is still being setup. +var ErrSetupReadOnly = errors.New("Cannot write to storage during setup") + // Storage is the way that logical backends are able read/write data. type Storage interface { List(context.Context, string) ([]string, error) diff --git a/vault/audit.go b/vault/audit.go index ad9fbf2c7290..293af4b88116 100644 --- a/vault/audit.go +++ b/vault/audit.go @@ -90,6 +90,12 @@ func (c *Core) enableAudit(ctx context.Context, entry *MountEntry) error { viewPath := auditBarrierPrefix + entry.UUID + "/" view := NewBarrierView(c.barrier, viewPath) + // Mark the view as read-only until the mounting is complete and + // ensure that it is reset after. This ensures that there will be no + // writes during the construction of the backend. + view.setReadOnlyErr(logical.ErrSetupReadOnly) + defer view.setReadOnlyErr(nil) + // Lookup the new backend backend, err := c.newAuditBackend(ctx, entry, view, entry.Options) if err != nil { @@ -320,14 +326,21 @@ func (c *Core) setupAudits(ctx context.Context) error { viewPath := auditBarrierPrefix + entry.UUID + "/" view := NewBarrierView(c.barrier, viewPath) + // Mark the view as read-only until the mounting is complete and + // ensure that it is reset after. This ensures that there will be no + // writes during the construction of the backend. + view.setReadOnlyErr(logical.ErrSetupReadOnly) + // Initialize the backend backend, err := c.newAuditBackend(ctx, entry, view, entry.Options) if err != nil { c.logger.Error("core: failed to create audit entry", "path", entry.Path, "error", err) + view.setReadOnlyErr(nil) continue } if backend == nil { c.logger.Error("core: created audit entry was nil", "path", entry.Path, "type", entry.Type) + view.setReadOnlyErr(nil) continue } @@ -335,6 +348,8 @@ func (c *Core) setupAudits(ctx context.Context) error { broker.Register(entry.Path, backend, view) successCount += 1 + + view.setReadOnlyErr(nil) } if len(c.audit.Entries) > 0 && successCount == 0 { diff --git a/vault/audit_test.go b/vault/audit_test.go index 53b813952233..b2f048fd0fab 100644 --- a/vault/audit_test.go +++ b/vault/audit_test.go @@ -94,6 +94,30 @@ func (n *NoopAudit) Invalidate(ctx context.Context) { n.salt = nil } +func TestAudit_ReadOnlyViewDuringMount(t *testing.T) { + c, _, _ := TestCoreUnsealed(t) + c.auditBackends["noop"] = func(ctx context.Context, config *audit.BackendConfig) (audit.Backend, error) { + err := config.SaltView.Put(ctx, &logical.StorageEntry{ + Key: "bar", + Value: []byte("baz"), + }) + if err == nil || !strings.Contains(err.Error(), logical.ErrSetupReadOnly.Error()) { + t.Fatalf("expected a read-only error") + } + return &NoopAudit{}, nil + } + + me := &MountEntry{ + Table: auditTableType, + Path: "foo", + Type: "noop", + } + err := c.enableAudit(context.Background(), me) + if err != nil { + t.Fatalf("err: %v", err) + } +} + func TestCore_EnableAudit(t *testing.T) { c, keys, _ := TestCoreUnsealed(t) c.auditBackends["noop"] = func(ctx context.Context, config *audit.BackendConfig) (audit.Backend, error) { diff --git a/vault/auth.go b/vault/auth.go index 0248e44014e2..fa130be9561d 100644 --- a/vault/auth.go +++ b/vault/auth.go @@ -96,6 +96,13 @@ func (c *Core) enableCredential(ctx context.Context, entry *MountEntry) error { } viewPath := credentialBarrierPrefix + entry.UUID + "/" view := NewBarrierView(c.barrier, viewPath) + + // Mark the view as read-only until the mounting is complete and + // ensure that it is reset after. This ensures that there will be no + // writes during the construction of the backend. + view.setReadOnlyErr(logical.ErrSetupReadOnly) + defer view.setReadOnlyErr(nil) + var err error var backend logical.Backend sysView := c.mountEntrySysView(entry) @@ -446,6 +453,12 @@ func (c *Core) setupCredentials(ctx context.Context) error { // Create a barrier view using the UUID viewPath := credentialBarrierPrefix + entry.UUID + "/" view = NewBarrierView(c.barrier, viewPath) + + // Mark the view as read-only until the mounting is complete and + // ensure that it is reset after. This ensures that there will be no + // writes during the construction of the backend. + view.setReadOnlyErr(logical.ErrSetupReadOnly) + // Initialize the backend sysView := c.mountEntrySysView(entry) conf := make(map[string]string) @@ -463,15 +476,18 @@ func (c *Core) setupCredentials(ctx context.Context) error { c.logger.Warn("core: skipping plugin-based credential entry", "path", entry.Path) goto ROUTER_MOUNT } + view.setReadOnlyErr(nil) return errLoadAuthFailed } if backend == nil { + view.setReadOnlyErr(nil) return fmt.Errorf("nil backend returned from %q factory", entry.Type) } // Check for the correct backend type backendType = backend.Type() if entry.Type == "plugin" && backendType != logical.TypeCredential { + view.setReadOnlyErr(nil) return fmt.Errorf("cannot mount '%s' of type '%s' as an auth backend", entry.Config.PluginName, backendType) } @@ -480,6 +496,7 @@ func (c *Core) setupCredentials(ctx context.Context) error { path := credentialRoutePrefix + entry.Path err = c.router.Mount(backend, path, entry, view) if err != nil { + view.setReadOnlyErr(nil) c.logger.Error("core: failed to mount auth entry", "path", entry.Path, "error", err) return errLoadAuthFailed } @@ -497,6 +514,8 @@ func (c *Core) setupCredentials(ctx context.Context) error { c.router.tokenStoreSaltFunc = c.tokenStore.Salt c.tokenStore.cubbyholeBackend = c.router.MatchingBackend("cubbyhole/").(*CubbyholeBackend) } + + view.setReadOnlyErr(nil) } if persistNeeded { diff --git a/vault/auth_test.go b/vault/auth_test.go index ff6cd81243ea..cbbb9f022dce 100644 --- a/vault/auth_test.go +++ b/vault/auth_test.go @@ -10,6 +10,30 @@ import ( "github.com/hashicorp/vault/logical" ) +func TestAuth_ReadOnlyViewDuringMount(t *testing.T) { + c, _, _ := TestCoreUnsealed(t) + c.credentialBackends["noop"] = func(ctx context.Context, config *logical.BackendConfig) (logical.Backend, error) { + err := config.StorageView.Put(ctx, &logical.StorageEntry{ + Key: "bar", + Value: []byte("baz"), + }) + if err == nil || !strings.Contains(err.Error(), logical.ErrSetupReadOnly.Error()) { + t.Fatalf("expected a read-only error") + } + return &NoopBackend{}, nil + } + + me := &MountEntry{ + Table: credentialTableType, + Path: "foo", + Type: "noop", + } + err := c.enableCredential(context.Background(), me) + if err != nil { + t.Fatalf("err: %v", err) + } +} + func TestCore_DefaultAuthTable(t *testing.T) { c, keys, _ := TestCoreUnsealed(t) verifyDefaultAuthTable(t, c.auth) diff --git a/vault/barrier_view.go b/vault/barrier_view.go index 960c2465d6b8..16f48c0c6987 100644 --- a/vault/barrier_view.go +++ b/vault/barrier_view.go @@ -16,9 +16,9 @@ import ( // BarrierView implements logical.Storage so it can be passed in as the // durable storage mechanism for logical views. type BarrierView struct { - barrier BarrierStorage - prefix string - readonly bool + barrier BarrierStorage + prefix string + readOnlyErr error } var ( @@ -34,6 +34,10 @@ func NewBarrierView(barrier BarrierStorage, prefix string) *BarrierView { } } +func (v *BarrierView) setReadOnlyErr(readOnlyErr error) { + v.readOnlyErr = readOnlyErr +} + // sanityCheck is used to perform a sanity check on a key func (v *BarrierView) sanityCheck(key string) error { if strings.Contains(key, "..") { @@ -81,8 +85,8 @@ func (v *BarrierView) Put(ctx context.Context, entry *logical.StorageEntry) erro expandedKey := v.expandKey(entry.Key) - if v.readonly { - return logical.ErrReadOnly + if v.readOnlyErr != nil { + return v.readOnlyErr } nested := &Entry{ @@ -101,8 +105,8 @@ func (v *BarrierView) Delete(ctx context.Context, key string) error { expandedKey := v.expandKey(key) - if v.readonly { - return logical.ErrReadOnly + if v.readOnlyErr != nil { + return v.readOnlyErr } return v.barrier.Delete(ctx, expandedKey) @@ -111,7 +115,7 @@ func (v *BarrierView) Delete(ctx context.Context, key string) error { // SubView constructs a nested sub-view using the given prefix func (v *BarrierView) SubView(prefix string) *BarrierView { sub := v.expandKey(prefix) - return &BarrierView{barrier: v.barrier, prefix: sub, readonly: v.readonly} + return &BarrierView{barrier: v.barrier, prefix: sub, readOnlyErr: v.readOnlyErr} } // expandKey is used to expand to the full key path with the prefix diff --git a/vault/barrier_view_test.go b/vault/barrier_view_test.go index 060ca835c37d..6df983a9a042 100644 --- a/vault/barrier_view_test.go +++ b/vault/barrier_view_test.go @@ -294,7 +294,7 @@ func TestBarrierView_Readonly(t *testing.T) { } // Enable read only mode - view.readonly = true + view.readOnlyErr = logical.ErrReadOnly // Put should fail in readonly mode if err := view.Put(context.Background(), entry.Logical()); err != logical.ErrReadOnly { diff --git a/vault/mount.go b/vault/mount.go index c22866bdadfc..fe60a4186310 100644 --- a/vault/mount.go +++ b/vault/mount.go @@ -247,6 +247,13 @@ func (c *Core) mountInternal(ctx context.Context, entry *MountEntry) error { } viewPath := backendBarrierPrefix + entry.UUID + "/" view := NewBarrierView(c.barrier, viewPath) + + // Mark the view as read-only until the mounting is complete and + // ensure that it is reset after. This ensures that there will be no + // writes during the construction of the backend. + view.setReadOnlyErr(logical.ErrSetupReadOnly) + defer view.setReadOnlyErr(nil) + var backend logical.Backend var err error sysView := c.mountEntrySysView(entry) @@ -735,6 +742,11 @@ func (c *Core) setupMounts(ctx context.Context) error { // Create a barrier view using the UUID view = NewBarrierView(c.barrier, barrierPath) + // Mark the view as read-only until the mounting is complete and + // ensure that it is reset after. This ensures that there will be no + // writes during the construction of the backend. + view.setReadOnlyErr(logical.ErrSetupReadOnly) + var backend logical.Backend var err error sysView := c.mountEntrySysView(entry) @@ -754,15 +766,18 @@ func (c *Core) setupMounts(ctx context.Context) error { c.logger.Warn("core: skipping plugin-based mount entry", "path", entry.Path) goto ROUTER_MOUNT } + view.setReadOnlyErr(nil) return errLoadMountsFailed } if backend == nil { + view.setReadOnlyErr(nil) return fmt.Errorf("created mount entry of type %q is nil", entry.Type) } // Check for the correct backend type backendType = backend.Type() if entry.Type == "plugin" && backendType != logical.TypeLogical { + view.setReadOnlyErr(nil) return fmt.Errorf("cannot mount '%s' of type '%s' as a logical backend", entry.Config.PluginName, backendType) } @@ -772,6 +787,7 @@ func (c *Core) setupMounts(ctx context.Context) error { // Mount the backend err = c.router.Mount(backend, entry.Path, entry, view) if err != nil { + view.setReadOnlyErr(nil) c.logger.Error("core: failed to mount entry", "path", entry.Path, "error", err) return errLoadMountsFailed } @@ -784,6 +800,8 @@ func (c *Core) setupMounts(ctx context.Context) error { if entry.Tainted { c.router.Taint(entry.Path) } + + view.setReadOnlyErr(nil) } return nil } diff --git a/vault/mount_test.go b/vault/mount_test.go index b9fc663ee6f1..6e58b9341821 100644 --- a/vault/mount_test.go +++ b/vault/mount_test.go @@ -14,6 +14,30 @@ import ( "github.com/hashicorp/vault/logical" ) +func TestMount_ReadOnlyViewDuringMount(t *testing.T) { + c, _, _ := TestCoreUnsealed(t) + c.logicalBackends["noop"] = func(ctx context.Context, config *logical.BackendConfig) (logical.Backend, error) { + err := config.StorageView.Put(ctx, &logical.StorageEntry{ + Key: "bar", + Value: []byte("baz"), + }) + if err == nil || !strings.Contains(err.Error(), logical.ErrSetupReadOnly.Error()) { + t.Fatalf("expected a read-only error") + } + return &NoopBackend{}, nil + } + + me := &MountEntry{ + Table: mountTableType, + Path: "foo", + Type: "noop", + } + err := c.mount(context.Background(), me) + if err != nil { + t.Fatalf("err: %v", err) + } +} + func TestCore_DefaultMountTable(t *testing.T) { c, keys, _ := TestCoreUnsealed(t) verifyDefaultTable(t, c.mounts) diff --git a/vault/testing.go b/vault/testing.go index cb70e6e22c62..8ccc0f5697c8 100644 --- a/vault/testing.go +++ b/vault/testing.go @@ -343,9 +343,8 @@ func testTokenStore(t testing.T, c *Core) *TokenStore { // mounted, so that logical token functions can be used func TestCoreWithTokenStore(t testing.T) (*Core, *TokenStore, [][]byte, string) { c, keys, root := TestCoreUnsealed(t) - ts := testTokenStore(t, c) - return c, ts, keys, root + return c, c.tokenStore, keys, root } // TestCoreWithBackendTokenStore returns a core that has a token store From 0995bdbb0d3bda893b2d984cce25a1a095df7f14 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Fri, 9 Feb 2018 15:39:27 -0500 Subject: [PATCH 093/178] Simplify readonly view logic --- vault/audit.go | 5 +---- vault/auth.go | 10 ++-------- vault/mount.go | 10 ++-------- 3 files changed, 5 insertions(+), 20 deletions(-) diff --git a/vault/audit.go b/vault/audit.go index 293af4b88116..1f1bdd2839c1 100644 --- a/vault/audit.go +++ b/vault/audit.go @@ -330,17 +330,16 @@ func (c *Core) setupAudits(ctx context.Context) error { // ensure that it is reset after. This ensures that there will be no // writes during the construction of the backend. view.setReadOnlyErr(logical.ErrSetupReadOnly) + defer view.setReadOnlyErr(nil) // Initialize the backend backend, err := c.newAuditBackend(ctx, entry, view, entry.Options) if err != nil { c.logger.Error("core: failed to create audit entry", "path", entry.Path, "error", err) - view.setReadOnlyErr(nil) continue } if backend == nil { c.logger.Error("core: created audit entry was nil", "path", entry.Path, "type", entry.Type) - view.setReadOnlyErr(nil) continue } @@ -348,8 +347,6 @@ func (c *Core) setupAudits(ctx context.Context) error { broker.Register(entry.Path, backend, view) successCount += 1 - - view.setReadOnlyErr(nil) } if len(c.audit.Entries) > 0 && successCount == 0 { diff --git a/vault/auth.go b/vault/auth.go index fa130be9561d..a29edc4a46db 100644 --- a/vault/auth.go +++ b/vault/auth.go @@ -436,7 +436,6 @@ func (c *Core) persistAuth(ctx context.Context, table *MountTable, localOnly boo func (c *Core) setupCredentials(ctx context.Context) error { var err error var persistNeeded bool - var view *BarrierView var backendType logical.BackendType c.authLock.Lock() @@ -452,12 +451,13 @@ func (c *Core) setupCredentials(ctx context.Context) error { // Create a barrier view using the UUID viewPath := credentialBarrierPrefix + entry.UUID + "/" - view = NewBarrierView(c.barrier, viewPath) + view := NewBarrierView(c.barrier, viewPath) // Mark the view as read-only until the mounting is complete and // ensure that it is reset after. This ensures that there will be no // writes during the construction of the backend. view.setReadOnlyErr(logical.ErrSetupReadOnly) + defer view.setReadOnlyErr(nil) // Initialize the backend sysView := c.mountEntrySysView(entry) @@ -476,18 +476,15 @@ func (c *Core) setupCredentials(ctx context.Context) error { c.logger.Warn("core: skipping plugin-based credential entry", "path", entry.Path) goto ROUTER_MOUNT } - view.setReadOnlyErr(nil) return errLoadAuthFailed } if backend == nil { - view.setReadOnlyErr(nil) return fmt.Errorf("nil backend returned from %q factory", entry.Type) } // Check for the correct backend type backendType = backend.Type() if entry.Type == "plugin" && backendType != logical.TypeCredential { - view.setReadOnlyErr(nil) return fmt.Errorf("cannot mount '%s' of type '%s' as an auth backend", entry.Config.PluginName, backendType) } @@ -496,7 +493,6 @@ func (c *Core) setupCredentials(ctx context.Context) error { path := credentialRoutePrefix + entry.Path err = c.router.Mount(backend, path, entry, view) if err != nil { - view.setReadOnlyErr(nil) c.logger.Error("core: failed to mount auth entry", "path", entry.Path, "error", err) return errLoadAuthFailed } @@ -514,8 +510,6 @@ func (c *Core) setupCredentials(ctx context.Context) error { c.router.tokenStoreSaltFunc = c.tokenStore.Salt c.tokenStore.cubbyholeBackend = c.router.MatchingBackend("cubbyhole/").(*CubbyholeBackend) } - - view.setReadOnlyErr(nil) } if persistNeeded { diff --git a/vault/mount.go b/vault/mount.go index fe60a4186310..1ffbdfc59901 100644 --- a/vault/mount.go +++ b/vault/mount.go @@ -728,7 +728,6 @@ func (c *Core) setupMounts(ctx context.Context) error { c.mountsLock.Lock() defer c.mountsLock.Unlock() - var view *BarrierView var backendType logical.BackendType for _, entry := range c.mounts.Entries { @@ -740,12 +739,13 @@ func (c *Core) setupMounts(ctx context.Context) error { } // Create a barrier view using the UUID - view = NewBarrierView(c.barrier, barrierPath) + view := NewBarrierView(c.barrier, barrierPath) // Mark the view as read-only until the mounting is complete and // ensure that it is reset after. This ensures that there will be no // writes during the construction of the backend. view.setReadOnlyErr(logical.ErrSetupReadOnly) + defer view.setReadOnlyErr(nil) var backend logical.Backend var err error @@ -766,18 +766,15 @@ func (c *Core) setupMounts(ctx context.Context) error { c.logger.Warn("core: skipping plugin-based mount entry", "path", entry.Path) goto ROUTER_MOUNT } - view.setReadOnlyErr(nil) return errLoadMountsFailed } if backend == nil { - view.setReadOnlyErr(nil) return fmt.Errorf("created mount entry of type %q is nil", entry.Type) } // Check for the correct backend type backendType = backend.Type() if entry.Type == "plugin" && backendType != logical.TypeLogical { - view.setReadOnlyErr(nil) return fmt.Errorf("cannot mount '%s' of type '%s' as a logical backend", entry.Config.PluginName, backendType) } @@ -787,7 +784,6 @@ func (c *Core) setupMounts(ctx context.Context) error { // Mount the backend err = c.router.Mount(backend, entry.Path, entry, view) if err != nil { - view.setReadOnlyErr(nil) c.logger.Error("core: failed to mount entry", "path", entry.Path, "error", err) return errLoadMountsFailed } @@ -800,8 +796,6 @@ func (c *Core) setupMounts(ctx context.Context) error { if entry.Tainted { c.router.Taint(entry.Path) } - - view.setReadOnlyErr(nil) } return nil } From f4af9889271426be08d524b08b3b1ec0634b084d Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Fri, 9 Feb 2018 16:37:40 -0500 Subject: [PATCH 094/178] Add sealunwrapper to ease OSS downgrades (#3936) --- vault/core.go | 23 ++++- vault/sealunwrapper.go | 183 ++++++++++++++++++++++++++++++++++++ vault/sealunwrapper_test.go | 111 ++++++++++++++++++++++ 3 files changed, 315 insertions(+), 2 deletions(-) create mode 100644 vault/sealunwrapper.go create mode 100644 vault/sealunwrapper_test.go diff --git a/vault/core.go b/vault/core.go index 31dcb4603312..40f734db64eb 100644 --- a/vault/core.go +++ b/vault/core.go @@ -380,6 +380,9 @@ type Core struct { // going to be shut down, stepped down, or sealed activeContext context.Context activeContextCancelFunc context.CancelFunc + + // Stores the sealunwrapper for downgrade needs + sealUnwrapper physical.Backend } // CoreConfig is used to parameterize a core @@ -517,13 +520,15 @@ func NewCore(conf *CoreConfig) (*Core, error) { } c.seal.SetCore(c) + c.sealUnwrapper = NewSealUnwrapper(phys, conf.Logger) + var ok bool // Wrap the physical backend in a cache layer if enabled if txnOK { - c.physical = physical.NewTransactionalCache(phys, conf.CacheSize, conf.Logger) + c.physical = physical.NewTransactionalCache(c.sealUnwrapper, conf.CacheSize, conf.Logger) } else { - c.physical = physical.NewCache(phys, conf.CacheSize, conf.Logger) + c.physical = physical.NewCache(c.sealUnwrapper, conf.CacheSize, conf.Logger) } c.physicalCache = c.physical.(physical.ToggleablePurgemonster) @@ -1580,6 +1585,13 @@ func (c *Core) postUnseal() (retErr error) { c.physicalCache.SetEnabled(true) } + switch c.sealUnwrapper.(type) { + case *sealUnwrapper: + c.sealUnwrapper.(*sealUnwrapper).runUnwraps() + case *transactionalSealUnwrapper: + c.sealUnwrapper.(*transactionalSealUnwrapper).runUnwraps() + } + // Purge these for safety in case of a rekey c.seal.SetBarrierConfig(c.activeContext, nil) if c.seal.RecoveryKeySupported() { @@ -1685,6 +1697,13 @@ func (c *Core) preSeal() error { result = multierror.Append(result, err) } + switch c.sealUnwrapper.(type) { + case *sealUnwrapper: + c.sealUnwrapper.(*sealUnwrapper).stopUnwraps() + case *transactionalSealUnwrapper: + c.sealUnwrapper.(*transactionalSealUnwrapper).stopUnwraps() + } + // Purge the cache c.physicalCache.SetEnabled(false) c.physicalCache.Purge(c.activeContext) diff --git a/vault/sealunwrapper.go b/vault/sealunwrapper.go new file mode 100644 index 000000000000..f635b4c54751 --- /dev/null +++ b/vault/sealunwrapper.go @@ -0,0 +1,183 @@ +// +build !ent +// +build !prem +// +build !pro +// +build !hsm + +package vault + +import ( + "context" + "fmt" + "sync/atomic" + + proto "github.com/golang/protobuf/proto" + "github.com/hashicorp/vault/helper/locksutil" + "github.com/hashicorp/vault/physical" + log "github.com/mgutz/logxi/v1" +) + +// NewSealUnwrapper creates a new seal unwrapper +func NewSealUnwrapper(underlying physical.Backend, logger log.Logger) physical.Backend { + ret := &sealUnwrapper{ + underlying: underlying, + logger: logger, + locks: locksutil.CreateLocks(), + allowUnwraps: new(uint32), + } + + if underTxn, ok := underlying.(physical.Transactional); ok { + return &transactionalSealUnwrapper{ + sealUnwrapper: ret, + Transactional: underTxn, + } + } + + return ret +} + +var _ physical.Backend = (*sealUnwrapper)(nil) +var _ physical.Transactional = (*transactionalSealUnwrapper)(nil) + +type sealUnwrapper struct { + underlying physical.Backend + logger log.Logger + locks []*locksutil.LockEntry + allowUnwraps *uint32 +} + +// transactionalSealUnwrapper is a seal unwrapper that wraps a physical that is transactional +type transactionalSealUnwrapper struct { + *sealUnwrapper + physical.Transactional +} + +func (d *sealUnwrapper) Put(ctx context.Context, entry *physical.Entry) error { + if entry == nil { + return nil + } + + locksutil.LockForKey(d.locks, entry.Key).Lock() + defer locksutil.LockForKey(d.locks, entry.Key).Unlock() + + return d.underlying.Put(ctx, entry) +} + +func (d *sealUnwrapper) Get(ctx context.Context, key string) (*physical.Entry, error) { + entry, err := d.underlying.Get(ctx, key) + if err != nil { + return nil, err + } + if entry == nil { + return nil, nil + } + + var performUnwrap bool + se := &physical.SealWrapEntry{} + // If the value ends in our canary value, try to decode the bytes. + eLen := len(entry.Value) + if eLen > 0 && entry.Value[eLen-1] == 's' { + if err := proto.Unmarshal(entry.Value[:eLen-1], se); err == nil { + // We unmarshaled successfully which means we need to store it as a + // non-proto message + performUnwrap = true + } + } + if !performUnwrap { + return entry, nil + } + // It's actually encrypted and we can't read it + if se.Wrapped { + return nil, fmt.Errorf("cannot decode sealwrapped storage entry %s", entry.Key) + } + if atomic.LoadUint32(d.allowUnwraps) != 1 { + return &physical.Entry{ + Key: entry.Key, + Value: se.Ciphertext, + }, nil + } + + locksutil.LockForKey(d.locks, key).Lock() + defer locksutil.LockForKey(d.locks, key).Unlock() + + // At this point we need to re-read and re-check + entry, err = d.underlying.Get(ctx, key) + if err != nil { + return nil, err + } + if entry == nil { + return nil, nil + } + + performUnwrap = false + se = &physical.SealWrapEntry{} + // If the value ends in our canary value, try to decode the bytes. + eLen = len(entry.Value) + if eLen > 0 && entry.Value[eLen-1] == 's' { + // We ignore an error because the canary is not a guarantee; if it + // doesn't decode, proceed normally + if err := proto.Unmarshal(entry.Value[:eLen-1], se); err == nil { + // We unmarshaled successfully which means we need to store it as a + // non-proto message + performUnwrap = true + } + } + if !performUnwrap { + return entry, nil + } + if se.Wrapped { + return nil, fmt.Errorf("cannot decode sealwrapped storage entry %s", entry.Key) + } + + entry = &physical.Entry{ + Key: entry.Key, + Value: se.Ciphertext, + } + + if atomic.LoadUint32(d.allowUnwraps) != 1 { + return entry, nil + } + return entry, d.underlying.Put(ctx, entry) +} + +func (d *sealUnwrapper) Delete(ctx context.Context, key string) error { + locksutil.LockForKey(d.locks, key).Lock() + defer locksutil.LockForKey(d.locks, key).Unlock() + + return d.underlying.Delete(ctx, key) +} + +func (d *sealUnwrapper) List(ctx context.Context, prefix string) ([]string, error) { + return d.underlying.List(ctx, prefix) +} + +func (d *transactionalSealUnwrapper) Transaction(ctx context.Context, txns []*physical.TxnEntry) error { + // Collect keys that need to be locked + var keys []string + for _, curr := range txns { + keys = append(keys, curr.Entry.Key) + } + // Lock the keys + for _, l := range locksutil.LocksForKeys(d.locks, keys) { + l.Lock() + defer l.Unlock() + } + + if err := d.Transactional.Transaction(ctx, txns); err != nil { + return err + } + + return nil +} + +// This should only run during preSeal which ensures that it can't be run +// concurrently and that it will be run only by the active node +func (d *sealUnwrapper) stopUnwraps() { + atomic.StoreUint32(d.allowUnwraps, 0) +} + +func (d *sealUnwrapper) runUnwraps() { + // Allow key unwraps on key gets. This gets set only when running on the + // active node to prevent standbys from changing data underneath the + // primary + atomic.StoreUint32(d.allowUnwraps, 1) +} diff --git a/vault/sealunwrapper_test.go b/vault/sealunwrapper_test.go new file mode 100644 index 000000000000..e148df2189cb --- /dev/null +++ b/vault/sealunwrapper_test.go @@ -0,0 +1,111 @@ +// +build !ent +// +build !prem +// +build !pro +// +build !hsm + +package vault + +import ( + "bytes" + "context" + "sync" + "testing" + + proto "github.com/golang/protobuf/proto" + hclog "github.com/hashicorp/go-hclog" + "github.com/hashicorp/vault/helper/logbridge" + "github.com/hashicorp/vault/physical" + "github.com/hashicorp/vault/physical/inmem" +) + +func TestSealUnwrapper(t *testing.T) { + logger := logbridge.NewLogger(hclog.New(&hclog.LoggerOptions{ + Mutex: &sync.Mutex{}, + })) + + // Test without transactions + phys, err := inmem.NewInmemHA(nil, logger.LogxiLogger()) + if err != nil { + t.Fatal(err) + } + performTestSealUnwrapper(t, phys, logger) + + // Test with transactions + tPhys, err := inmem.NewTransactionalInmemHA(nil, logger.LogxiLogger()) + if err != nil { + t.Fatal(err) + } + performTestSealUnwrapper(t, tPhys, logger) +} + +func performTestSealUnwrapper(t *testing.T, phys physical.Backend, logger *logbridge.Logger) { + ctx := context.Background() + base := &CoreConfig{ + Physical: phys, + } + cluster := NewTestCluster(t, base, &TestClusterOptions{ + RawLogger: logger, + }) + cluster.Start() + defer cluster.Cleanup() + + // Read a value and then save it back in a proto message + entry, err := phys.Get(ctx, "core/master") + if err != nil { + t.Fatal(err) + } + if len(entry.Value) == 0 { + t.Fatal("got no value for master") + } + // Save the original for comparison later + origBytes := make([]byte, len(entry.Value)) + copy(origBytes, entry.Value) + se := &physical.SealWrapEntry{ + Ciphertext: entry.Value, + } + seb, err := proto.Marshal(se) + if err != nil { + t.Fatal(err) + } + // Write the canary + entry.Value = append(seb, 's') + // Save the protobuf value for comparison later + pBytes := make([]byte, len(entry.Value)) + copy(pBytes, entry.Value) + if err = phys.Put(ctx, entry); err != nil { + t.Fatal(err) + } + + // At this point we should be able to read through the standby cores, + // successfully decode it, but be able to unmarshal it when read back from + // the underlying physical store. When we read from active, it should both + // successfully decode it and persist it back. + checkValue := func(core *Core, wrapped bool) { + entry, err := core.physical.Get(ctx, "core/master") + if err != nil { + t.Fatal(err) + } + if !bytes.Equal(entry.Value, origBytes) { + t.Fatalf("mismatched original bytes and unwrapped entry bytes: %v vs %v", entry.Value, origBytes) + } + underlyingEntry, err := phys.Get(ctx, "core/master") + if err != nil { + t.Fatal(err) + } + switch wrapped { + case true: + if !bytes.Equal(underlyingEntry.Value, pBytes) { + t.Fatalf("mismatched original bytes and proto entry bytes: %v vs %v", underlyingEntry.Value, pBytes) + } + default: + if !bytes.Equal(underlyingEntry.Value, origBytes) { + t.Fatalf("mismatched original bytes and unwrapped entry bytes: %v vs %v", underlyingEntry.Value, origBytes) + } + } + } + + TestWaitActive(t, cluster.Cores[0].Core) + checkValue(cluster.Cores[2].Core, true) + checkValue(cluster.Cores[1].Core, true) + checkValue(cluster.Cores[0].Core, false) +} From 65328e9c129afebd66cbcf3d355be5a6d21ff82a Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Fri, 9 Feb 2018 17:01:10 -0500 Subject: [PATCH 095/178] Fix race in approle integ test --- command/approle_concurrency_integ_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/command/approle_concurrency_integ_test.go b/command/approle_concurrency_integ_test.go index d9f9fe9b92c3..8237c3fcc268 100644 --- a/command/approle_concurrency_integ_test.go +++ b/command/approle_concurrency_integ_test.go @@ -69,7 +69,7 @@ func TestAppRole_Integ_ConcurrentLogins(t *testing.T) { wg.Add(1) go func() { defer wg.Done() - secret, err = client.Logical().Write("auth/approle/login", map[string]interface{}{ + secret, err := client.Logical().Write("auth/approle/login", map[string]interface{}{ "role_id": roleID, "secret_id": secretID, }) From a9a322aa39cc2227298b45e966ee740e9a897f6c Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Fri, 9 Feb 2018 17:03:49 -0500 Subject: [PATCH 096/178] Adds the ability to bypass Okta MFA checks. (#3944) * Adds the ability to bypass Okta MFA checks. Unlike before, the administrator opts-in to this behavior, and is suitably warned. Fixes #3872 --- builtin/credential/okta/backend.go | 13 ++++++- builtin/credential/okta/path_config.go | 43 ++++++++++++++++------ website/source/api/auth/okta/index.html.md | 3 ++ 3 files changed, 47 insertions(+), 12 deletions(-) diff --git a/builtin/credential/okta/backend.go b/builtin/credential/okta/backend.go index fa275b6665ce..95829a9a1249 100644 --- a/builtin/credential/okta/backend.go +++ b/builtin/credential/okta/backend.go @@ -115,6 +115,11 @@ func (b *backend) Login(ctx context.Context, req *logical.Request, username stri case "PASSWORD_WARN": oktaResponse.AddWarning("Your Okta password is in warning state and needs to be changed soon.") + case "MFA_REQUIRED", "MFA_ENROLL": + if !cfg.BypassOktaMFA { + return nil, logical.ErrorResponse("okta mfa required for this account but mfa bypass not set in config"), nil, nil + } + case "SUCCESS": // Do nothing here @@ -126,7 +131,13 @@ func (b *backend) Login(ctx context.Context, req *logical.Request, username stri } // Verify result status again in case a switch case above modifies result - if result.Status != "SUCCESS" && result.Status != "PASSWORD_WARN" { + switch { + case result.Status == "SUCCESS", + result.Status == "PASSWORD_WARN", + result.Status == "MFA_REQUIRED" && cfg.BypassOktaMFA, + result.Status == "MFA_ENROLL" && cfg.BypassOktaMFA: + // Allowed + default: if b.Logger().IsDebug() { b.Logger().Debug("auth/okta: authentication returned a non-success status", "status", result.Status) } diff --git a/builtin/credential/okta/path_config.go b/builtin/credential/okta/path_config.go index 8e8415bceb9c..365af74f4efb 100644 --- a/builtin/credential/okta/path_config.go +++ b/builtin/credential/okta/path_config.go @@ -54,6 +54,10 @@ func pathConfig(b *backend) *framework.Path { Type: framework.TypeDurationSecond, Description: `Maximum duration after which authentication will be expired`, }, + "bypass_okta_mfa": &framework.FieldSchema{ + Type: framework.TypeBool, + Description: `When set true, requests by Okta for a MFA check will be bypassed. This also disallows certain status checks on the account, such as whether the password is expired.`, + }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ @@ -99,10 +103,11 @@ func (b *backend) pathConfigRead(ctx context.Context, req *logical.Request, d *f resp := &logical.Response{ Data: map[string]interface{}{ - "organization": cfg.Org, - "org_name": cfg.Org, - "ttl": cfg.TTL.Seconds(), - "max_ttl": cfg.MaxTTL.Seconds(), + "organization": cfg.Org, + "org_name": cfg.Org, + "ttl": cfg.TTL.Seconds(), + "max_ttl": cfg.MaxTTL.Seconds(), + "bypass_okta_mfa": cfg.BypassOktaMFA, }, } if cfg.BaseURL != "" { @@ -112,6 +117,10 @@ func (b *backend) pathConfigRead(ctx context.Context, req *logical.Request, d *f resp.Data["production"] = *cfg.Production } + if cfg.BypassOktaMFA { + resp.AddWarning("Okta MFA bypass is configured. In addition to ignoring Okta MFA requests, certain other account statuses will not be seen, such as PASSWORD_EXPIRED. Authentication will succeed in these cases.") + } + return resp, nil } @@ -175,6 +184,11 @@ func (b *backend) pathConfigWrite(ctx context.Context, req *logical.Request, d * cfg.Production = nil } + bypass, ok := d.GetOk("bypass_okta_mfa") + if ok { + cfg.BypassOktaMFA = bypass.(bool) + } + ttl, ok := d.GetOk("ttl") if ok { cfg.TTL = time.Duration(ttl.(int)) * time.Second @@ -197,7 +211,13 @@ func (b *backend) pathConfigWrite(ctx context.Context, req *logical.Request, d * return nil, err } - return nil, nil + var resp *logical.Response + if cfg.BypassOktaMFA { + resp = new(logical.Response) + resp.AddWarning("Okta MFA bypass is configured. In addition to ignoring Okta MFA requests, certain other account statuses will not be seen, such as PASSWORD_EXPIRED. Authentication will succeed in these cases.") + } + + return resp, nil } func (b *backend) pathConfigExistenceCheck(ctx context.Context, req *logical.Request, d *framework.FieldData) (bool, error) { @@ -228,12 +248,13 @@ func (c *ConfigEntry) OktaClient() *okta.Client { // ConfigEntry for Okta type ConfigEntry struct { - Org string `json:"organization"` - Token string `json:"token"` - BaseURL string `json:"base_url"` - Production *bool `json:"is_production,omitempty"` - TTL time.Duration `json:"ttl"` - MaxTTL time.Duration `json:"max_ttl"` + Org string `json:"organization"` + Token string `json:"token"` + BaseURL string `json:"base_url"` + Production *bool `json:"is_production,omitempty"` + TTL time.Duration `json:"ttl"` + MaxTTL time.Duration `json:"max_ttl"` + BypassOktaMFA bool `json:"bypass_okta_mfa"` } const pathConfigHelp = ` diff --git a/website/source/api/auth/okta/index.html.md b/website/source/api/auth/okta/index.html.md index 6d3dfd5d00d9..408c87e436a6 100644 --- a/website/source/api/auth/okta/index.html.md +++ b/website/source/api/auth/okta/index.html.md @@ -37,6 +37,9 @@ distinction between the `create` and `update` capabilities inside ACL policies. - `ttl` `(string: "")` - Duration after which authentication will be expired. - `max_ttl` `(string: "")` - Maximum duration after which authentication will be expired. +- `bypass_okta_mfa` `(bool: false)` - Whether to bypass an Okta MFA request. + Useful if using one of Vault's built-in MFA mechanisms, but this will also + cause certain other statuses to be ignored, such as `PASSWORD_EXPIRED`. ### Sample Payload From e045cb11341d00706dce329f4080107959682997 Mon Sep 17 00:00:00 2001 From: Kevin Paulisse Date: Fri, 9 Feb 2018 17:43:48 -0600 Subject: [PATCH 097/178] Decompress data before sending via sys/raw (#3954) --- vault/logical_system.go | 18 +++++++++++++++++- vault/logical_system_test.go | 13 +++++++++++++ 2 files changed, 30 insertions(+), 1 deletion(-) diff --git a/vault/logical_system.go b/vault/logical_system.go index 4971c6c69d8e..2f4cd725005d 100644 --- a/vault/logical_system.go +++ b/vault/logical_system.go @@ -17,6 +17,7 @@ import ( "time" uuid "github.com/hashicorp/go-uuid" + "github.com/hashicorp/vault/helper/compressutil" "github.com/hashicorp/vault/helper/consts" "github.com/hashicorp/vault/helper/parseutil" "github.com/hashicorp/vault/helper/wrapping" @@ -2327,9 +2328,24 @@ func (b *SystemBackend) handleRawRead(ctx context.Context, req *logical.Request, if entry == nil { return nil, nil } + + // Run this through the decompression helper to see if it's been compressed. + // If the input contained the compression canary, `outputBytes` will hold + // the decompressed data. If the input was not compressed, then `outputBytes` + // will be nil. + outputBytes, _, err := compressutil.Decompress(entry.Value) + if err != nil { + return handleError(err) + } + + // `outputBytes` is nil if the input is uncompressed. In that case set it to the original input. + if outputBytes == nil { + outputBytes = entry.Value + } + resp := &logical.Response{ Data: map[string]interface{}{ - "value": string(entry.Value), + "value": string(outputBytes), }, } return resp, nil diff --git a/vault/logical_system_test.go b/vault/logical_system_test.go index c82b8e8a2c0c..75ceedc42cab 100644 --- a/vault/logical_system_test.go +++ b/vault/logical_system_test.go @@ -1589,6 +1589,19 @@ func TestSystemBackend_disableAudit(t *testing.T) { } } +func TestSystemBackend_rawRead_Compressed(t *testing.T) { + b := testSystemBackendRaw(t) + + req := logical.TestRequest(t, logical.ReadOperation, "raw/core/mounts") + resp, err := b.HandleRequest(context.Background(), req) + if err != nil { + t.Fatalf("err: %v", err) + } + if !strings.HasPrefix(resp.Data["value"].(string), "{\"type\":\"mounts\"") { + t.Fatalf("bad: %v", resp) + } +} + func TestSystemBackend_rawRead_Protected(t *testing.T) { b := testSystemBackendRaw(t) From 07f8ebbbf6fee7bb3ec99ffa8d1fdb54efe91eb2 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Sat, 10 Feb 2018 10:07:10 -0500 Subject: [PATCH 098/178] Various PKI updates (#3953) --- builtin/logical/pki/backend_test.go | 60 ++++++++++++++--------------- builtin/logical/pki/cert_util.go | 47 ++++++++++++++++++---- vendor/vendor.json | 4 +- 3 files changed, 69 insertions(+), 42 deletions(-) diff --git a/builtin/logical/pki/backend_test.go b/builtin/logical/pki/backend_test.go index f6dc61b73aa8..0684ee5555fa 100644 --- a/builtin/logical/pki/backend_test.go +++ b/builtin/logical/pki/backend_test.go @@ -33,6 +33,7 @@ import ( logicaltest "github.com/hashicorp/vault/logical/testing" "github.com/hashicorp/vault/vault" "github.com/mitchellh/mapstructure" + "golang.org/x/net/idna" ) var ( @@ -153,8 +154,6 @@ func TestBackend_RSAKey(t *testing.T) { Steps: []logicaltest.TestStep{}, } - stepCount = len(testCase.Steps) - intdata := map[string]interface{}{} reqdata := map[string]interface{}{} testCase.Steps = append(testCase.Steps, generateCATestingSteps(t, rsaCACert, rsaCAKey, ecCACert, intdata, reqdata)...) @@ -183,8 +182,6 @@ func TestBackend_ECKey(t *testing.T) { Steps: []logicaltest.TestStep{}, } - stepCount = len(testCase.Steps) - intdata := map[string]interface{}{} reqdata := map[string]interface{}{} testCase.Steps = append(testCase.Steps, generateCATestingSteps(t, ecCACert, ecCAKey, rsaCACert, intdata, reqdata)...) @@ -211,8 +208,6 @@ func TestBackend_CSRValues(t *testing.T) { Steps: []logicaltest.TestStep{}, } - stepCount = len(testCase.Steps) - intdata := map[string]interface{}{} reqdata := map[string]interface{}{} testCase.Steps = append(testCase.Steps, generateCSRSteps(t, ecCACert, ecCAKey, intdata, reqdata)...) @@ -239,8 +234,6 @@ func TestBackend_URLsCRUD(t *testing.T) { Steps: []logicaltest.TestStep{}, } - stepCount = len(testCase.Steps) - intdata := map[string]interface{}{} reqdata := map[string]interface{}{} testCase.Steps = append(testCase.Steps, generateURLSteps(t, ecCACert, ecCAKey, intdata, reqdata)...) @@ -278,12 +271,10 @@ func TestBackend_RSARoles(t *testing.T) { }, } - stepCount = len(testCase.Steps) - testCase.Steps = append(testCase.Steps, generateRoleSteps(t, false)...) if len(os.Getenv("VAULT_VERBOSE_PKITESTS")) > 0 { for i, v := range testCase.Steps { - fmt.Printf("Step %d:\n%+v\n\n", i+stepCount, v) + fmt.Printf("Step %d:\n%+v\n\n", i+1, v) } } @@ -320,12 +311,10 @@ func TestBackend_RSARoles_CSR(t *testing.T) { }, } - stepCount = len(testCase.Steps) - testCase.Steps = append(testCase.Steps, generateRoleSteps(t, true)...) if len(os.Getenv("VAULT_VERBOSE_PKITESTS")) > 0 { for i, v := range testCase.Steps { - fmt.Printf("Step %d:\n%+v\n\n", i+stepCount, v) + fmt.Printf("Step %d:\n%+v\n\n", i+1, v) } } @@ -362,12 +351,10 @@ func TestBackend_ECRoles(t *testing.T) { }, } - stepCount = len(testCase.Steps) - testCase.Steps = append(testCase.Steps, generateRoleSteps(t, false)...) if len(os.Getenv("VAULT_VERBOSE_PKITESTS")) > 0 { for i, v := range testCase.Steps { - fmt.Printf("Step %d:\n%+v\n\n", i+stepCount, v) + fmt.Printf("Step %d:\n%+v\n\n", i+1, v) } } @@ -404,12 +391,10 @@ func TestBackend_ECRoles_CSR(t *testing.T) { }, } - stepCount = len(testCase.Steps) - testCase.Steps = append(testCase.Steps, generateRoleSteps(t, true)...) if len(os.Getenv("VAULT_VERBOSE_PKITESTS")) > 0 { for i, v := range testCase.Steps { - fmt.Printf("Step %d:\n%+v\n\n", i+stepCount, v) + fmt.Printf("Step %d:\n%+v\n\n", i+1, v) } } @@ -588,7 +573,7 @@ func generateURLSteps(t *testing.T, caCert, caKey string, intdata, reqdata map[s Operation: logical.UpdateOperation, Path: "root/sign-intermediate", Data: map[string]interface{}{ - "common_name": "Intermediate Cert", + "common_name": "intermediate.cert.com", "csr": string(csrPem1024), "format": "der", }, @@ -609,7 +594,7 @@ func generateURLSteps(t *testing.T, caCert, caKey string, intdata, reqdata map[s Operation: logical.UpdateOperation, Path: "root/sign-intermediate", Data: map[string]interface{}{ - "common_name": "Intermediate Cert", + "common_name": "intermediate.cert.com", "csr": string(csrPem2048), "format": "der", }, @@ -638,8 +623,8 @@ func generateURLSteps(t *testing.T, caCert, caKey string, intdata, reqdata map[s return fmt.Errorf("expected\n%#v\ngot\n%#v\n", expected.CRLDistributionPoints, cert.CRLDistributionPoints) case !reflect.DeepEqual(expected.OCSPServers, cert.OCSPServer): return fmt.Errorf("expected\n%#v\ngot\n%#v\n", expected.OCSPServers, cert.OCSPServer) - case !reflect.DeepEqual([]string{"Intermediate Cert"}, cert.DNSNames): - return fmt.Errorf("expected\n%#v\ngot\n%#v\n", []string{"Intermediate Cert"}, cert.DNSNames) + case !reflect.DeepEqual([]string{"intermediate.cert.com"}, cert.DNSNames): + return fmt.Errorf("expected\n%#v\ngot\n%#v\n", []string{"intermediate.cert.com"}, cert.DNSNames) } return nil @@ -651,7 +636,7 @@ func generateURLSteps(t *testing.T, caCert, caKey string, intdata, reqdata map[s Operation: logical.UpdateOperation, Path: "root/sign-intermediate", Data: map[string]interface{}{ - "common_name": "Intermediate Cert", + "common_name": "intermediate.cert.com", "csr": string(csrPem2048), "format": "der", "exclude_cn_from_sans": true, @@ -991,7 +976,7 @@ func generateCATestingSteps(t *testing.T, caCert, caKey, otherCaCert string, int Operation: logical.UpdateOperation, Path: "intermediate/generate/exported", Data: map[string]interface{}{ - "common_name": "Intermediate Cert", + "common_name": "intermediate.cert.com", }, Check: func(resp *logical.Response) error { intdata["intermediatecsr"] = resp.Data["csr"].(string) @@ -1009,7 +994,7 @@ func generateCATestingSteps(t *testing.T, caCert, caKey, otherCaCert string, int delete(reqdata, "pem_bundle") delete(reqdata, "ttl") reqdata["csr"] = intdata["intermediatecsr"].(string) - reqdata["common_name"] = "Intermediate Cert" + reqdata["common_name"] = "intermediate.cert.com" reqdata["ttl"] = "10s" return nil }, @@ -1144,7 +1129,7 @@ func generateCATestingSteps(t *testing.T, caCert, caKey, otherCaCert string, int "format": "der", "key_type": "ec", "key_bits": 384, - "common_name": "Intermediate Cert", + "common_name": "intermediate.cert.com", }, Check: func(resp *logical.Response) error { csrBytes, _ := base64.StdEncoding.DecodeString(resp.Data["csr"].(string)) @@ -1171,7 +1156,7 @@ func generateCATestingSteps(t *testing.T, caCert, caKey, otherCaCert string, int delete(reqdata, "pem_bundle") delete(reqdata, "ttl") reqdata["csr"] = intdata["intermediatecsr"].(string) - reqdata["common_name"] = "Intermediate Cert" + reqdata["common_name"] = "intermediate.cert.com" reqdata["ttl"] = "10s" return nil }, @@ -1646,7 +1631,18 @@ func generateRoleSteps(t *testing.T, useCSRs bool) []logicaltest.TestStep { retName = cert.EmailAddresses[0] } if retName != name { - return fmt.Errorf("Error: returned certificate has a DNS SAN of %s but %s was requested", retName, name) + // Check IDNA + p := idna.New( + idna.StrictDomainName(true), + idna.VerifyDNSLength(true), + ) + converted, err := p.ToUnicode(retName) + if err != nil { + t.Fatal(err) + } + if converted != name { + return fmt.Errorf("Error: returned certificate has a DNS SAN of %s (from idna: %s) but %s was requested", retName, converted, name) + } } return nil } @@ -1662,7 +1658,7 @@ func generateRoleSteps(t *testing.T, useCSRs bool) []logicaltest.TestStep { SubSubdomain bool `structs:"foo.bar.example.com"` SubSubdomainWildcard bool `structs:"*.bar.example.com"` GlobDomain bool `structs:"fooexample.com"` - NonHostname bool `structs:"daɪˈɛrɨsɨs"` + IDN bool `structs:"daɪˈɛrɨsɨs"` AnyHost bool `structs:"porkslap.beer"` } @@ -1876,10 +1872,10 @@ func generateRoleSteps(t *testing.T, useCSRs bool) []logicaltest.TestStep { roleVals.AllowAnyName = true roleVals.EnforceHostnames = true commonNames.AnyHost = true + commonNames.IDN = true addCnTests() roleVals.EnforceHostnames = false - commonNames.NonHostname = true addCnTests() // Ensure that we end up with acceptable key sizes since they won't be diff --git a/builtin/logical/pki/cert_util.go b/builtin/logical/pki/cert_util.go index bbdff2f3aec7..a02a4c229231 100644 --- a/builtin/logical/pki/cert_util.go +++ b/builtin/logical/pki/cert_util.go @@ -27,6 +27,7 @@ import ( "github.com/hashicorp/vault/logical" "github.com/hashicorp/vault/logical/framework" "github.com/ryanuber/go-glob" + "golang.org/x/net/idna" ) type certExtKeyUsage int @@ -91,7 +92,11 @@ func (b *caInfoBundle) GetCAChain() []*certutil.CertBlock { } var ( - hostnameRegex = regexp.MustCompile(`^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$`) + // A note on hostnameRegex: although we set the StrictDomainName option + // when doing the idna conversion, this appears to only affect output, not + // input, so it will allow e.g. host^123.example.com straight through. So + // we still need to use this to check the output. + hostnameRegex = regexp.MustCompile(`^(\*\.)?(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$`) oidExtensionBasicConstraints = []int{2, 5, 29, 19} ) @@ -297,7 +302,15 @@ func validateNames(req *logical.Request, names []string, role *roleEntry) string // ensure that we are not either checking a full email address or a // wildcard prefix. if role.EnforceHostnames { - if !hostnameRegex.MatchString(sanitizedName) { + p := idna.New( + idna.StrictDomainName(true), + idna.VerifyDNSLength(true), + ) + converted, err := p.ToASCII(sanitizedName) + if err != nil { + return name + } + if !hostnameRegex.MatchString(converted) { return name } } @@ -413,7 +426,6 @@ func validateNames(req *logical.Request, names []string, role *roleEntry) string } } - //panic(fmt.Sprintf("\nName is %s\nRole is\n%#v\n", name, role)) return name } @@ -642,9 +654,18 @@ func generateCreationBundle(b *backend, // used for the purpose for which they are presented emailAddresses = append(emailAddresses, cn) } else { - // Only add to dnsNames if it's actually a DNS name - if hostnameRegex.MatchString(cn) { - dnsNames = append(dnsNames, cn) + // Only add to dnsNames if it's actually a DNS name but convert + // idn first + p := idna.New( + idna.StrictDomainName(true), + idna.VerifyDNSLength(true), + ) + converted, err := p.ToASCII(cn) + if err != nil { + return nil, errutil.UserError{Err: err.Error()} + } + if hostnameRegex.MatchString(converted) { + dnsNames = append(dnsNames, converted) } } } @@ -657,8 +678,18 @@ func generateCreationBundle(b *backend, if strings.Contains(v, "@") { emailAddresses = append(emailAddresses, v) } else { - if hostnameRegex.MatchString(v) { - dnsNames = append(dnsNames, v) + // Only add to dnsNames if it's actually a DNS name but + // convert idn first + p := idna.New( + idna.StrictDomainName(true), + idna.VerifyDNSLength(true), + ) + converted, err := p.ToASCII(v) + if err != nil { + return nil, errutil.UserError{Err: err.Error()} + } + if hostnameRegex.MatchString(converted) { + dnsNames = append(dnsNames, converted) } } } diff --git a/vendor/vendor.json b/vendor/vendor.json index 26b22b74d904..db66169493bf 100644 --- a/vendor/vendor.json +++ b/vendor/vendor.json @@ -1647,8 +1647,8 @@ { "checksumSHA1": "RcrB7tgYS/GMW4QrwVdMOTNqIU8=", "path": "golang.org/x/net/idna", - "revision": "0ed95abb35c445290478a5348a7b38bb154135fd", - "revisionTime": "2018-01-24T06:08:02Z" + "revision": "f5dfe339be1d06f81b22525fe34671ee7d2c8904", + "revisionTime": "2018-02-04T03:50:36Z" }, { "checksumSHA1": "5JWn/wMC+EWNDKI/AYE4JifQF54=", From 3ea40387005f10ca2f51e3d1fbfc519ed0f9aacb Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Sat, 10 Feb 2018 10:08:07 -0500 Subject: [PATCH 099/178] changelog++ --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index c2cf2f2b9216..ed5d5b5d8db2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,8 @@ IMPROVEMENTS: * audit: Always log failure metrics, even if zero, to ensure the values appear on dashboards [GH-3937] * secret/pki: Add a flag to make the common name optional on certs [GH-3940] + * secret/pki: Ensure only DNS-compatible names go into DNS SANs; additionally, + properly handle IDNA transformations for these DNS names [GH-3953] BUG FIXES: From 1bb6bf2559e85df1cccfb10bf821c355892507b9 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Sat, 10 Feb 2018 19:29:52 -0500 Subject: [PATCH 100/178] Bump deps --- vendor/cloud.google.com/go/iam/iam.go | 48 +- vendor/cloud.google.com/go/storage/writer.go | 22 +- .../Azure/azure-sdk-for-go/storage/version.go | 2 +- .../Azure/go-autorest/autorest/adal/token.go | 48 +- .../go-autorest/autorest/authorization.go | 19 + .../Azure/go-autorest/autorest/azure/async.go | 67 +- .../Azure/go-autorest/autorest/azure/azure.go | 88 +- .../autorest/azure/environments.go | 9 +- .../Azure/go-autorest/autorest/azure/rp.go | 7 +- .../DataDog/datadog-go/statsd/statsd.go | 8 +- .../DataDog/datadog-go/statsd/udp.go | 7 +- .../DataDog/datadog-go/statsd/uds.go | 13 +- .../armon/go-proxyproto/protocol.go | 9 +- .../aws/aws-sdk-go/aws/endpoints/defaults.go | 11 + .../aws/aws-sdk-go/aws/session/env_config.go | 8 + .../aws/aws-sdk-go/aws/session/session.go | 14 +- .../github.com/aws/aws-sdk-go/aws/version.go | 2 +- .../aws/aws-sdk-go/service/dynamodb/api.go | 466 +- .../aws/aws-sdk-go/service/dynamodb/errors.go | 19 +- .../aws/aws-sdk-go/service/ec2/api.go | 1291 +- .../aws/aws-sdk-go/service/iam/api.go | 281 - .../aws/aws-sdk-go/service/s3/api.go | 250 - .../aws/aws-sdk-go/service/sts/api.go | 17 - .../{cenk => cenkalti}/backoff/LICENSE | 0 .../{cenk => cenkalti}/backoff/README.md | 0 .../{cenk => cenkalti}/backoff/backoff.go | 0 .../{cenk => cenkalti}/backoff/context.go | 0 .../{cenk => cenkalti}/backoff/exponential.go | 0 .../{cenk => cenkalti}/backoff/retry.go | 0 .../{cenk => cenkalti}/backoff/ticker.go | 0 .../{cenk => cenkalti}/backoff/tries.go | 0 .../circonus-gometrics/CHANGELOG.md | 17 +- .../circonus-gometrics/Gopkg.lock | 39 + .../circonus-gometrics/Gopkg.toml | 37 + .../circonus-gometrics/api/api.go | 3 +- .../circonus-gometrics/api/doc.go | 2 +- .../circonus-gometrics/api/rule_set_group.go | 2 +- .../circonus-gometrics/checkmgr/check.go | 2 +- .../circonus-gometrics/checkmgr/checkmgr.go | 20 +- .../circonus-gometrics/circonus-gometrics.go | 2 +- .../github.com/coreos/etcd/client/client.go | 2 +- .../github.com/coreos/etcd/clientv3/auth.go | 2 +- .../github.com/coreos/etcd/clientv3/client.go | 2 +- .../coreos/etcd/clientv3/health_balancer.go | 18 +- .../github.com/coreos/etcd/clientv3/logger.go | 70 +- .../github.com/coreos/etcd/clientv3/retry.go | 8 +- .../etcd/etcdserver/etcdserverpb/rpc.pb.go | 507 +- .../etcd/etcdserver/etcdserverpb/rpc.proto | 6 +- .../{ => internal}/auth/authpb/auth.pb.go | 0 .../{ => internal}/auth/authpb/auth.proto | 0 .../etcd/{ => internal}/version/version.go | 0 .../coreos/etcd/pkg/logger/discard.go | 46 + .../github.com/coreos/etcd/pkg/logger/doc.go | 16 + .../coreos/etcd/pkg/logger/logger.go | 63 + .../coreos/etcd/pkg/logger/package_logger.go | 60 + .../coreos/etcd/pkg/transport/proxy.go | 801 + vendor/github.com/coreos/go-systemd/LICENSE | 191 + vendor/github.com/coreos/go-systemd/NOTICE | 5 + .../coreos/go-systemd/journal/journal.go | 179 + vendor/github.com/coreos/pkg/LICENSE | 202 + vendor/github.com/coreos/pkg/NOTICE | 5 + .../github.com/coreos/pkg/capnslog/README.md | 39 + .../coreos/pkg/capnslog/formatters.go | 157 + .../coreos/pkg/capnslog/glog_formatter.go | 96 + vendor/github.com/coreos/pkg/capnslog/init.go | 49 + .../coreos/pkg/capnslog/init_windows.go | 25 + .../coreos/pkg/capnslog/journald_formatter.go | 68 + .../coreos/pkg/capnslog/log_hijack.go | 39 + .../github.com/coreos/pkg/capnslog/logmap.go | 245 + .../coreos/pkg/capnslog/pkg_logger.go | 191 + .../coreos/pkg/capnslog/syslog_formatter.go | 65 + .../github.com/denisenkom/go-mssqldb/types.go | 24 +- .../docker/docker/api/types/auth.go | 2 +- .../docker/docker/api/types/blkiodev/blkio.go | 2 +- .../docker/docker/api/types/client.go | 2 +- .../docker/docker/api/types/configs.go | 15 +- .../docker/api/types/container/config.go | 2 +- .../docker/api/types/container/host_config.go | 2 +- .../api/types/container/hostconfig_unix.go | 2 +- .../api/types/container/hostconfig_windows.go | 2 +- .../api/types/container/waitcondition.go | 2 +- .../docker/docker/api/types/filters/parse.go | 2 +- .../docker/docker/api/types/mount/mount.go | 2 +- .../docker/api/types/network/network.go | 2 +- .../docker/api/types/plugin_responses.go | 2 +- .../docker/api/types/registry/authenticate.go | 2 +- .../docker/api/types/registry/registry.go | 2 +- .../docker/docker/api/types/seccomp.go | 2 +- .../docker/docker/api/types/stats.go | 2 +- .../docker/api/types/strslice/strslice.go | 2 +- .../docker/docker/api/types/swarm/common.go | 2 +- .../docker/docker/api/types/swarm/config.go | 2 +- .../docker/api/types/swarm/container.go | 2 +- .../docker/docker/api/types/swarm/network.go | 2 +- .../docker/docker/api/types/swarm/node.go | 2 +- .../docker/docker/api/types/swarm/runtime.go | 2 +- .../docker/api/types/swarm/runtime/gen.go | 2 +- .../docker/docker/api/types/swarm/secret.go | 2 +- .../docker/docker/api/types/swarm/service.go | 2 +- .../docker/docker/api/types/swarm/swarm.go | 2 +- .../docker/docker/api/types/swarm/task.go | 24 +- .../docker/docker/api/types/types.go | 2 +- .../docker/api/types/versions/compare.go | 2 +- vendor/github.com/docker/docker/opts/env.go | 2 +- vendor/github.com/docker/docker/opts/hosts.go | 2 +- .../docker/docker/opts/hosts_unix.go | 2 +- .../docker/docker/opts/hosts_windows.go | 2 +- vendor/github.com/docker/docker/opts/ip.go | 2 +- vendor/github.com/docker/docker/opts/opts.go | 2 +- .../docker/docker/opts/opts_unix.go | 2 +- .../docker/docker/opts/opts_windows.go | 2 +- .../docker/docker/opts/quotedstring.go | 2 +- .../github.com/docker/docker/opts/runtime.go | 2 +- .../github.com/docker/docker/opts/ulimit.go | 2 +- .../docker/docker/pkg/archive/archive.go | 2 +- .../docker/pkg/archive/archive_linux.go | 2 +- .../docker/pkg/archive/archive_other.go | 2 +- .../docker/docker/pkg/archive/archive_unix.go | 2 +- .../docker/pkg/archive/archive_windows.go | 2 +- .../docker/docker/pkg/archive/changes.go | 2 +- .../docker/pkg/archive/changes_linux.go | 2 +- .../docker/pkg/archive/changes_other.go | 2 +- .../docker/docker/pkg/archive/changes_unix.go | 2 +- .../docker/pkg/archive/changes_windows.go | 2 +- .../docker/docker/pkg/archive/copy.go | 2 +- .../docker/docker/pkg/archive/copy_unix.go | 2 +- .../docker/docker/pkg/archive/copy_windows.go | 2 +- .../docker/docker/pkg/archive/diff.go | 2 +- .../docker/docker/pkg/archive/time_linux.go | 2 +- .../docker/pkg/archive/time_unsupported.go | 2 +- .../docker/docker/pkg/archive/whiteouts.go | 2 +- .../docker/docker/pkg/archive/wrap.go | 2 +- .../docker/docker/pkg/fileutils/fileutils.go | 2 +- .../docker/pkg/fileutils/fileutils_darwin.go | 2 +- .../docker/pkg/fileutils/fileutils_unix.go | 2 +- .../docker/pkg/fileutils/fileutils_windows.go | 2 +- .../docker/pkg/homedir/homedir_linux.go | 2 +- .../docker/pkg/homedir/homedir_others.go | 2 +- .../docker/docker/pkg/homedir/homedir_unix.go | 2 +- .../docker/pkg/homedir/homedir_windows.go | 2 +- .../docker/docker/pkg/idtools/idtools.go | 2 +- .../docker/docker/pkg/idtools/idtools_unix.go | 2 +- .../docker/pkg/idtools/idtools_windows.go | 2 +- .../docker/pkg/idtools/usergroupadd_linux.go | 2 +- .../pkg/idtools/usergroupadd_unsupported.go | 2 +- .../docker/docker/pkg/idtools/utils_unix.go | 2 +- .../docker/docker/pkg/ioutils/buffer.go | 2 +- .../docker/docker/pkg/ioutils/bytespipe.go | 2 +- .../docker/docker/pkg/ioutils/fswriters.go | 2 +- .../docker/docker/pkg/ioutils/readers.go | 2 +- .../docker/docker/pkg/ioutils/temp_unix.go | 2 +- .../docker/docker/pkg/ioutils/temp_windows.go | 2 +- .../docker/docker/pkg/ioutils/writeflusher.go | 2 +- .../docker/docker/pkg/ioutils/writers.go | 2 +- .../docker/pkg/jsonmessage/jsonmessage.go | 2 +- .../docker/docker/pkg/longpath/longpath.go | 2 +- .../docker/docker/pkg/mount/flags.go | 2 +- .../docker/docker/pkg/mount/flags_freebsd.go | 2 +- .../docker/docker/pkg/mount/flags_linux.go | 2 +- .../docker/pkg/mount/flags_unsupported.go | 2 +- .../docker/docker/pkg/mount/mount.go | 2 +- .../docker/pkg/mount/mounter_freebsd.go | 2 +- .../docker/docker/pkg/mount/mounter_linux.go | 2 +- .../docker/pkg/mount/mounter_unsupported.go | 2 +- .../docker/docker/pkg/mount/mountinfo.go | 2 +- .../docker/pkg/mount/mountinfo_freebsd.go | 2 +- .../docker/pkg/mount/mountinfo_linux.go | 2 +- .../docker/pkg/mount/mountinfo_unsupported.go | 2 +- .../docker/pkg/mount/mountinfo_windows.go | 2 +- .../docker/pkg/mount/sharedsubtree_linux.go | 2 +- .../docker/docker/pkg/pools/pools.go | 2 +- .../docker/docker/pkg/stdcopy/stdcopy.go | 2 +- .../docker/docker/pkg/system/chtimes.go | 2 +- .../docker/docker/pkg/system/chtimes_unix.go | 2 +- .../docker/pkg/system/chtimes_windows.go | 2 +- .../docker/docker/pkg/system/errors.go | 2 +- .../docker/docker/pkg/system/exitcode.go | 2 +- .../docker/docker/pkg/system/filesys.go | 2 +- .../docker/pkg/system/filesys_windows.go | 2 +- .../docker/docker/pkg/system/init.go | 2 +- .../docker/docker/pkg/system/init_unix.go | 2 +- .../docker/docker/pkg/system/init_windows.go | 2 +- .../docker/docker/pkg/system/lcow.go | 2 +- .../docker/docker/pkg/system/lcow_unix.go | 2 +- .../docker/docker/pkg/system/lcow_windows.go | 2 +- .../docker/docker/pkg/system/lstat_unix.go | 2 +- .../docker/docker/pkg/system/lstat_windows.go | 2 +- .../docker/docker/pkg/system/meminfo.go | 2 +- .../docker/docker/pkg/system/meminfo_linux.go | 2 +- .../docker/pkg/system/meminfo_unsupported.go | 2 +- .../docker/pkg/system/meminfo_windows.go | 2 +- .../docker/docker/pkg/system/mknod.go | 2 +- .../docker/docker/pkg/system/mknod_windows.go | 2 +- .../docker/docker/pkg/system/path.go | 2 +- .../docker/docker/pkg/system/process_unix.go | 2 +- .../docker/pkg/system/process_windows.go | 2 +- .../github.com/docker/docker/pkg/system/rm.go | 2 +- .../docker/docker/pkg/system/stat_darwin.go | 2 +- .../docker/docker/pkg/system/stat_freebsd.go | 2 +- .../docker/docker/pkg/system/stat_linux.go | 2 +- .../docker/docker/pkg/system/stat_openbsd.go | 2 +- .../docker/docker/pkg/system/stat_solaris.go | 2 +- .../docker/docker/pkg/system/stat_unix.go | 2 +- .../docker/docker/pkg/system/stat_windows.go | 2 +- .../docker/docker/pkg/system/syscall_unix.go | 2 +- .../docker/pkg/system/syscall_windows.go | 2 +- .../docker/docker/pkg/system/umask.go | 2 +- .../docker/docker/pkg/system/umask_windows.go | 2 +- .../docker/pkg/system/utimes_freebsd.go | 2 +- .../docker/docker/pkg/system/utimes_linux.go | 2 +- .../docker/pkg/system/utimes_unsupported.go | 2 +- .../docker/docker/pkg/system/xattrs_linux.go | 2 +- .../docker/pkg/system/xattrs_unsupported.go | 2 +- .../docker/docker/pkg/term/ascii.go | 2 +- .../docker/docker/pkg/term/proxy.go | 2 +- .../github.com/docker/docker/pkg/term/tc.go | 2 +- .../github.com/docker/docker/pkg/term/term.go | 2 +- .../docker/docker/pkg/term/term_windows.go | 2 +- .../docker/docker/pkg/term/termios_bsd.go | 2 +- .../docker/docker/pkg/term/termios_linux.go | 2 +- .../docker/pkg/term/windows/ansi_reader.go | 2 +- .../docker/pkg/term/windows/ansi_writer.go | 2 +- .../docker/docker/pkg/term/windows/console.go | 2 +- .../docker/docker/pkg/term/windows/windows.go | 2 +- .../docker/docker/pkg/term/winsize.go | 2 +- .../docker/go-connections/nat/nat.go | 2 +- vendor/github.com/dustin/go-humanize/LICENSE | 21 + .../dustin/go-humanize/README.markdown | 124 + vendor/github.com/dustin/go-humanize/big.go | 31 + .../github.com/dustin/go-humanize/bigbytes.go | 173 + vendor/github.com/dustin/go-humanize/bytes.go | 143 + vendor/github.com/dustin/go-humanize/comma.go | 108 + .../github.com/dustin/go-humanize/commaf.go | 40 + vendor/github.com/dustin/go-humanize/ftoa.go | 23 + .../github.com/dustin/go-humanize/humanize.go | 8 + .../github.com/dustin/go-humanize/number.go | 192 + .../github.com/dustin/go-humanize/ordinals.go | 25 + vendor/github.com/dustin/go-humanize/si.go | 113 + vendor/github.com/dustin/go-humanize/times.go | 117 + .../github.com/fsouza/go-dockerclient/AUTHORS | 1 + .../github.com/fsouza/go-dockerclient/LICENSE | 2 +- .../fsouza/go-dockerclient/container.go | 15 +- vendor/github.com/gocql/gocql/marshal.go | 6 +- .../github.com/gogo/protobuf/proto/discard.go | 151 + .../descriptor/descriptor.pb.go | 3 +- .../google/go-github/github/github.go | 3 +- .../github.com/hashicorp/consul/api/agent.go | 24 +- vendor/github.com/hashicorp/consul/api/api.go | 4 +- vendor/github.com/hashicorp/consul/lib/rtt.go | 4 +- .../hashicorp/go-immutable-radix/iradix.go | 7 +- .../hashicorp/go-sockaddr/ifaddrs.go | 2 +- vendor/github.com/hashicorp/golang-lru/2q.go | 21 +- vendor/github.com/hashicorp/golang-lru/arc.go | 16 +- vendor/github.com/hashicorp/golang-lru/doc.go | 21 + vendor/github.com/hashicorp/golang-lru/lru.go | 28 +- .../hashicorp/golang-lru/simplelru/lru.go | 17 +- .../golang-lru/simplelru/lru_interface.go | 37 + .../github.com/hashicorp/memberlist/README.md | 2 +- .../github.com/hashicorp/nomad/api/nodes.go | 1 + .../hashicorp/nomad/api/operator_autopilot.go | 128 +- .../jmespath/go-jmespath/interpreter.go | 33 +- .../github.com/jmespath/go-jmespath/util.go | 19 - .../keybase/go-crypto/openpgp/armor/armor.go | 5 +- .../mattn/go-colorable/colorable_windows.go | 2 + .../mitchellh/mapstructure/README.md | 2 +- .../mitchellh/mapstructure/decode_hooks.go | 19 + .../mitchellh/mapstructure/mapstructure.go | 247 +- vendor/github.com/pkg/errors/stack.go | 40 - vendor/github.com/sethgrid/pester/pester.go | 10 + vendor/github.com/sirupsen/logrus/README.md | 3 +- vendor/github.com/sirupsen/logrus/entry.go | 47 +- .../github.com/spf13/pflag/duration_slice.go | 128 + vendor/github.com/ugorji/go/codec/binc.go | 80 +- vendor/github.com/ugorji/go/codec/cbor.go | 52 +- vendor/github.com/ugorji/go/codec/decode.go | 2 +- vendor/github.com/ugorji/go/codec/encode.go | 4 +- vendor/github.com/ugorji/go/codec/helper.go | 4 + .../ugorji/go/codec/helper_unsafe.go | 2 - vendor/github.com/ugorji/go/codec/json.go | 14 +- vendor/github.com/ugorji/go/codec/msgpack.go | 110 +- vendor/github.com/ugorji/go/codec/simple.go | 18 +- vendor/golang.org/x/crypto/ssh/certs.go | 4 +- vendor/golang.org/x/crypto/ssh/client_auth.go | 95 +- vendor/golang.org/x/oauth2/internal/token.go | 2 + .../golang.org/x/sys/unix/affinity_linux.go | 2 +- vendor/golang.org/x/sys/unix/mksyscall.pl | 15 +- vendor/golang.org/x/sys/unix/syscall_linux.go | 7 - .../golang.org/x/sys/unix/syscall_linux_gc.go | 14 + .../api/compute/v1/compute-api.json | 57874 ++++++++-------- .../api/compute/v1/compute-gen.go | 2254 +- .../google.golang.org/api/gensupport/go18.go | 17 + .../google.golang.org/api/gensupport/media.go | 40 +- .../api/gensupport/not_go18.go | 14 + .../google.golang.org/api/iam/v1/iam-api.json | 2992 +- .../google.golang.org/api/iam/v1/iam-gen.go | 178 +- .../api/oauth2/v2/oauth2-api.json | 546 +- .../api/storage/v1/storage-api.json | 7448 +- .../api/storage/v1/storage-gen.go | 3 +- vendor/google.golang.org/grpc/call.go | 299 +- vendor/google.golang.org/grpc/clientconn.go | 32 +- .../grpc/encoding/proto/proto.go | 2 + vendor/google.golang.org/grpc/go16.go | 5 +- vendor/google.golang.org/grpc/go17.go | 5 +- .../grpc/resolver/resolver.go | 3 - .../grpc/resolver_conn_wrapper.go | 4 +- vendor/google.golang.org/grpc/server.go | 2 +- .../google.golang.org/grpc/status/status.go | 12 +- vendor/google.golang.org/grpc/stream.go | 264 +- .../grpc/transport/handler_server.go | 27 +- .../grpc/transport/transport.go | 10 +- .../gopkg.in/ory-am/dockertest.v3/Gopkg.lock | 2 +- .../gopkg.in/ory-am/dockertest.v3/Gopkg.toml | 2 +- .../ory-am/dockertest.v3/dockertest.go | 18 +- vendor/k8s.io/api/authentication/v1/BUILD | 1 + .../api/authentication/v1/generated.pb.go | 962 +- .../api/authentication/v1/generated.proto | 61 + .../k8s.io/api/authentication/v1/register.go | 1 + vendor/k8s.io/api/authentication/v1/types.go | 61 + .../v1/types_swagger_doc_generated.go | 41 + .../v1/zz_generated.deepcopy.go | 101 + .../pkg/apis/meta/v1/conversion.go | 18 + .../pkg/apis/meta/v1/generated.proto | 1 + .../apimachinery/pkg/apis/meta/v1/labels.go | 28 +- .../apimachinery/pkg/apis/meta/v1/types.go | 1 + .../meta/v1/types_swagger_doc_generated.go | 2 +- vendor/layeh.com/radius/README.md | 2 +- vendor/layeh.com/radius/client.go | 29 +- vendor/layeh.com/radius/errors.go | 10 + vendor/layeh.com/radius/packet.go | 6 +- vendor/layeh.com/radius/rfc2865/generated.go | 2 + vendor/layeh.com/radius/server.go | 7 +- vendor/vendor.json | 1224 +- 332 files changed, 44764 insertions(+), 38792 deletions(-) rename vendor/github.com/{cenk => cenkalti}/backoff/LICENSE (100%) rename vendor/github.com/{cenk => cenkalti}/backoff/README.md (100%) rename vendor/github.com/{cenk => cenkalti}/backoff/backoff.go (100%) rename vendor/github.com/{cenk => cenkalti}/backoff/context.go (100%) rename vendor/github.com/{cenk => cenkalti}/backoff/exponential.go (100%) rename vendor/github.com/{cenk => cenkalti}/backoff/retry.go (100%) rename vendor/github.com/{cenk => cenkalti}/backoff/ticker.go (100%) rename vendor/github.com/{cenk => cenkalti}/backoff/tries.go (100%) create mode 100644 vendor/github.com/circonus-labs/circonus-gometrics/Gopkg.lock create mode 100644 vendor/github.com/circonus-labs/circonus-gometrics/Gopkg.toml rename vendor/github.com/coreos/etcd/{ => internal}/auth/authpb/auth.pb.go (100%) rename vendor/github.com/coreos/etcd/{ => internal}/auth/authpb/auth.proto (100%) rename vendor/github.com/coreos/etcd/{ => internal}/version/version.go (100%) create mode 100644 vendor/github.com/coreos/etcd/pkg/logger/discard.go create mode 100644 vendor/github.com/coreos/etcd/pkg/logger/doc.go create mode 100644 vendor/github.com/coreos/etcd/pkg/logger/logger.go create mode 100644 vendor/github.com/coreos/etcd/pkg/logger/package_logger.go create mode 100644 vendor/github.com/coreos/etcd/pkg/transport/proxy.go create mode 100644 vendor/github.com/coreos/go-systemd/LICENSE create mode 100644 vendor/github.com/coreos/go-systemd/NOTICE create mode 100644 vendor/github.com/coreos/go-systemd/journal/journal.go create mode 100644 vendor/github.com/coreos/pkg/LICENSE create mode 100644 vendor/github.com/coreos/pkg/NOTICE create mode 100644 vendor/github.com/coreos/pkg/capnslog/README.md create mode 100644 vendor/github.com/coreos/pkg/capnslog/formatters.go create mode 100644 vendor/github.com/coreos/pkg/capnslog/glog_formatter.go create mode 100644 vendor/github.com/coreos/pkg/capnslog/init.go create mode 100644 vendor/github.com/coreos/pkg/capnslog/init_windows.go create mode 100644 vendor/github.com/coreos/pkg/capnslog/journald_formatter.go create mode 100644 vendor/github.com/coreos/pkg/capnslog/log_hijack.go create mode 100644 vendor/github.com/coreos/pkg/capnslog/logmap.go create mode 100644 vendor/github.com/coreos/pkg/capnslog/pkg_logger.go create mode 100644 vendor/github.com/coreos/pkg/capnslog/syslog_formatter.go create mode 100644 vendor/github.com/dustin/go-humanize/LICENSE create mode 100644 vendor/github.com/dustin/go-humanize/README.markdown create mode 100644 vendor/github.com/dustin/go-humanize/big.go create mode 100644 vendor/github.com/dustin/go-humanize/bigbytes.go create mode 100644 vendor/github.com/dustin/go-humanize/bytes.go create mode 100644 vendor/github.com/dustin/go-humanize/comma.go create mode 100644 vendor/github.com/dustin/go-humanize/commaf.go create mode 100644 vendor/github.com/dustin/go-humanize/ftoa.go create mode 100644 vendor/github.com/dustin/go-humanize/humanize.go create mode 100644 vendor/github.com/dustin/go-humanize/number.go create mode 100644 vendor/github.com/dustin/go-humanize/ordinals.go create mode 100644 vendor/github.com/dustin/go-humanize/si.go create mode 100644 vendor/github.com/dustin/go-humanize/times.go create mode 100644 vendor/github.com/gogo/protobuf/proto/discard.go create mode 100644 vendor/github.com/hashicorp/golang-lru/doc.go create mode 100644 vendor/github.com/hashicorp/golang-lru/simplelru/lru_interface.go create mode 100644 vendor/github.com/spf13/pflag/duration_slice.go create mode 100644 vendor/golang.org/x/sys/unix/syscall_linux_gc.go create mode 100644 vendor/google.golang.org/api/gensupport/go18.go create mode 100644 vendor/google.golang.org/api/gensupport/not_go18.go create mode 100644 vendor/layeh.com/radius/errors.go diff --git a/vendor/cloud.google.com/go/iam/iam.go b/vendor/cloud.google.com/go/iam/iam.go index 8722ee8838f7..37720aa2d670 100644 --- a/vendor/cloud.google.com/go/iam/iam.go +++ b/vendor/cloud.google.com/go/iam/iam.go @@ -22,9 +22,13 @@ package iam import ( + "time" + + gax "github.com/googleapis/gax-go" "golang.org/x/net/context" pb "google.golang.org/genproto/googleapis/iam/v1" "google.golang.org/grpc" + "google.golang.org/grpc/codes" ) // client abstracts the IAMPolicy API to allow multiple implementations. @@ -39,26 +43,50 @@ type grpcClient struct { c pb.IAMPolicyClient } +var withRetry = gax.WithRetry(func() gax.Retryer { + return gax.OnCodes([]codes.Code{ + codes.DeadlineExceeded, + codes.Unavailable, + }, gax.Backoff{ + Initial: 100 * time.Millisecond, + Max: 60 * time.Second, + Multiplier: 1.3, + }) +}) + func (g *grpcClient) Get(ctx context.Context, resource string) (*pb.Policy, error) { - proto, err := g.c.GetIamPolicy(ctx, &pb.GetIamPolicyRequest{Resource: resource}) + var proto *pb.Policy + err := gax.Invoke(ctx, func(ctx context.Context, _ gax.CallSettings) error { + var err error + proto, err = g.c.GetIamPolicy(ctx, &pb.GetIamPolicyRequest{Resource: resource}) + return err + }, withRetry) if err != nil { return nil, err } return proto, nil } + func (g *grpcClient) Set(ctx context.Context, resource string, p *pb.Policy) error { - _, err := g.c.SetIamPolicy(ctx, &pb.SetIamPolicyRequest{ - Resource: resource, - Policy: p, - }) - return err + return gax.Invoke(ctx, func(ctx context.Context, _ gax.CallSettings) error { + _, err := g.c.SetIamPolicy(ctx, &pb.SetIamPolicyRequest{ + Resource: resource, + Policy: p, + }) + return err + }, withRetry) } func (g *grpcClient) Test(ctx context.Context, resource string, perms []string) ([]string, error) { - res, err := g.c.TestIamPermissions(ctx, &pb.TestIamPermissionsRequest{ - Resource: resource, - Permissions: perms, - }) + var res *pb.TestIamPermissionsResponse + err := gax.Invoke(ctx, func(ctx context.Context, _ gax.CallSettings) error { + var err error + res, err = g.c.TestIamPermissions(ctx, &pb.TestIamPermissionsRequest{ + Resource: resource, + Permissions: perms, + }) + return err + }, withRetry) if err != nil { return nil, err } diff --git a/vendor/cloud.google.com/go/storage/writer.go b/vendor/cloud.google.com/go/storage/writer.go index 534ba567b72a..2c6f9cb4a9d3 100644 --- a/vendor/cloud.google.com/go/storage/writer.go +++ b/vendor/cloud.google.com/go/storage/writer.go @@ -19,6 +19,7 @@ import ( "errors" "fmt" "io" + "sync" "unicode/utf8" "golang.org/x/net/context" @@ -68,8 +69,10 @@ type Writer struct { pw *io.PipeWriter donec chan struct{} // closed after err and obj are set. - err error obj *ObjectAttrs + + mu sync.Mutex + err error } func (w *Writer) open() error { @@ -114,8 +117,10 @@ func (w *Writer) open() error { call.ProgressUpdater(func(n, _ int64) { w.ProgressFunc(n) }) } if err := setEncryptionHeaders(call.Header(), w.o.encryptionKey, false); err != nil { + w.mu.Lock() w.err = err - pr.CloseWithError(w.err) + w.mu.Unlock() + pr.CloseWithError(err) return } var resp *raw.Object @@ -142,8 +147,10 @@ func (w *Writer) open() error { } } if err != nil { + w.mu.Lock() w.err = err - pr.CloseWithError(w.err) + w.mu.Unlock() + pr.CloseWithError(err) return } w.obj = newObject(resp) @@ -158,8 +165,11 @@ func (w *Writer) open() error { // use the error returned from Writer.Close to determine if // the upload was successful. func (w *Writer) Write(p []byte) (n int, err error) { - if w.err != nil { - return 0, w.err + w.mu.Lock() + werr := w.err + w.mu.Unlock() + if werr != nil { + return 0, werr } if !w.opened { if err := w.open(); err != nil { @@ -182,6 +192,8 @@ func (w *Writer) Close() error { return err } <-w.donec + w.mu.Lock() + defer w.mu.Unlock() return w.err } diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/version.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/version.go index 2ddf18e447f3..74eda60808c1 100644 --- a/vendor/github.com/Azure/azure-sdk-for-go/storage/version.go +++ b/vendor/github.com/Azure/azure-sdk-for-go/storage/version.go @@ -15,5 +15,5 @@ package storage // limitations under the License. var ( - sdkVersion = "v12.2.0-beta" + sdkVersion = "v12.4.0-beta" ) diff --git a/vendor/github.com/Azure/go-autorest/autorest/adal/token.go b/vendor/github.com/Azure/go-autorest/autorest/adal/token.go index 4eb0c1adf63a..d98504122b46 100644 --- a/vendor/github.com/Azure/go-autorest/autorest/adal/token.go +++ b/vendor/github.com/Azure/go-autorest/autorest/adal/token.go @@ -27,6 +27,7 @@ import ( "net/url" "strconv" "strings" + "sync" "time" "github.com/Azure/go-autorest/autorest/date" @@ -242,13 +243,13 @@ func (secret *ServicePrincipalCertificateSecret) SetAuthenticationValues(spt *Se // ServicePrincipalToken encapsulates a Token created for a Service Principal. type ServicePrincipalToken struct { - Token - + token Token secret ServicePrincipalSecret oauthConfig OAuthConfig clientID string resource string autoRefresh bool + refreshLock *sync.RWMutex refreshWithin time.Duration sender Sender @@ -282,6 +283,7 @@ func NewServicePrincipalTokenWithSecret(oauthConfig OAuthConfig, id string, reso clientID: id, resource: resource, autoRefresh: true, + refreshLock: &sync.RWMutex{}, refreshWithin: defaultRefresh, sender: &http.Client{}, refreshCallbacks: callbacks, @@ -313,7 +315,7 @@ func NewServicePrincipalTokenFromManualToken(oauthConfig OAuthConfig, clientID s return nil, err } - spt.Token = token + spt.token = token return spt, nil } @@ -499,6 +501,7 @@ func newServicePrincipalTokenFromMSI(msiEndpoint, resource string, userAssignedI secret: &ServicePrincipalMSISecret{}, resource: resource, autoRefresh: true, + refreshLock: &sync.RWMutex{}, refreshWithin: defaultRefresh, sender: &http.Client{}, refreshCallbacks: callbacks, @@ -532,10 +535,15 @@ func newTokenRefreshError(message string, resp *http.Response) TokenRefreshError } // EnsureFresh will refresh the token if it will expire within the refresh window (as set by -// RefreshWithin) and autoRefresh flag is on. +// RefreshWithin) and autoRefresh flag is on. This method is safe for concurrent use. func (spt *ServicePrincipalToken) EnsureFresh() error { - if spt.autoRefresh && spt.WillExpireIn(spt.refreshWithin) { - return spt.Refresh() + if spt.autoRefresh && spt.token.WillExpireIn(spt.refreshWithin) { + // take the write lock then check to see if the token was already refreshed + spt.refreshLock.Lock() + defer spt.refreshLock.Unlock() + if spt.token.WillExpireIn(spt.refreshWithin) { + return spt.refreshInternal(spt.resource) + } } return nil } @@ -544,7 +552,7 @@ func (spt *ServicePrincipalToken) EnsureFresh() error { func (spt *ServicePrincipalToken) InvokeRefreshCallbacks(token Token) error { if spt.refreshCallbacks != nil { for _, callback := range spt.refreshCallbacks { - err := callback(spt.Token) + err := callback(spt.token) if err != nil { return fmt.Errorf("adal: TokenRefreshCallback handler failed. Error = '%v'", err) } @@ -554,12 +562,18 @@ func (spt *ServicePrincipalToken) InvokeRefreshCallbacks(token Token) error { } // Refresh obtains a fresh token for the Service Principal. +// This method is not safe for concurrent use and should be syncrhonized. func (spt *ServicePrincipalToken) Refresh() error { + spt.refreshLock.Lock() + defer spt.refreshLock.Unlock() return spt.refreshInternal(spt.resource) } // RefreshExchange refreshes the token, but for a different resource. +// This method is not safe for concurrent use and should be syncrhonized. func (spt *ServicePrincipalToken) RefreshExchange(resource string) error { + spt.refreshLock.Lock() + defer spt.refreshLock.Unlock() return spt.refreshInternal(resource) } @@ -579,9 +593,9 @@ func (spt *ServicePrincipalToken) refreshInternal(resource string) error { v.Set("client_id", spt.clientID) v.Set("resource", resource) - if spt.RefreshToken != "" { + if spt.token.RefreshToken != "" { v.Set("grant_type", OAuthGrantTypeRefreshToken) - v.Set("refresh_token", spt.RefreshToken) + v.Set("refresh_token", spt.token.RefreshToken) } else { v.Set("grant_type", spt.getGrantType()) err := spt.secret.SetAuthenticationValues(spt, &v) @@ -629,7 +643,7 @@ func (spt *ServicePrincipalToken) refreshInternal(resource string) error { return fmt.Errorf("adal: Failed to unmarshal the service principal token during refresh. Error = '%v' JSON = '%s'", err, string(rb)) } - spt.Token = token + spt.token = token return spt.InvokeRefreshCallbacks(token) } @@ -649,3 +663,17 @@ func (spt *ServicePrincipalToken) SetRefreshWithin(d time.Duration) { // SetSender sets the http.Client used when obtaining the Service Principal token. An // undecorated http.Client is used by default. func (spt *ServicePrincipalToken) SetSender(s Sender) { spt.sender = s } + +// OAuthToken implements the OAuthTokenProvider interface. It returns the current access token. +func (spt *ServicePrincipalToken) OAuthToken() string { + spt.refreshLock.RLock() + defer spt.refreshLock.RUnlock() + return spt.token.OAuthToken() +} + +// Token returns a copy of the current token. +func (spt *ServicePrincipalToken) Token() Token { + spt.refreshLock.RLock() + defer spt.refreshLock.RUnlock() + return spt.token +} diff --git a/vendor/github.com/Azure/go-autorest/autorest/authorization.go b/vendor/github.com/Azure/go-autorest/autorest/authorization.go index 214b0e6f26c7..4a602f6760af 100644 --- a/vendor/github.com/Azure/go-autorest/autorest/authorization.go +++ b/vendor/github.com/Azure/go-autorest/autorest/authorization.go @@ -233,3 +233,22 @@ func newBearerChallenge(resp *http.Response) (bc bearerChallenge, err error) { return bc, err } + +// EventGridKeyAuthorizer implements authorization for event grid using key authentication. +type EventGridKeyAuthorizer struct { + topicKey string +} + +// NewEventGridKeyAuthorizer creates a new EventGridKeyAuthorizer +// with the specified topic key. +func NewEventGridKeyAuthorizer(topicKey string) EventGridKeyAuthorizer { + return EventGridKeyAuthorizer{topicKey: topicKey} +} + +// WithAuthorization returns a PrepareDecorator that adds the aeg-sas-key authentication header. +func (egta EventGridKeyAuthorizer) WithAuthorization() PrepareDecorator { + headers := map[string]interface{}{ + "aeg-sas-key": egta.topicKey, + } + return NewAPIKeyAuthorizerWithHeaders(headers).WithAuthorization() +} diff --git a/vendor/github.com/Azure/go-autorest/autorest/azure/async.go b/vendor/github.com/Azure/go-autorest/autorest/azure/async.go index 366fc5379391..a18b61041654 100644 --- a/vendor/github.com/Azure/go-autorest/autorest/azure/async.go +++ b/vendor/github.com/Azure/go-autorest/autorest/azure/async.go @@ -78,13 +78,39 @@ func (f *Future) Done(sender autorest.Sender) (bool, error) { if f.ps.hasTerminated() { return true, f.errorInfo() } - resp, err := sender.Do(f.req) f.resp = resp - if err != nil || !autorest.ResponseHasStatusCode(resp, pollingCodes[:]...) { + if err != nil { return false, err } + if !autorest.ResponseHasStatusCode(resp, pollingCodes[:]...) { + // check response body for error content + if resp.Body != nil { + type respErr struct { + ServiceError ServiceError `json:"error"` + } + re := respErr{} + + defer resp.Body.Close() + b, err := ioutil.ReadAll(resp.Body) + if err != nil { + return false, err + } + err = json.Unmarshal(b, &re) + if err != nil { + return false, err + } + return false, re.ServiceError + } + + // try to return something meaningful + return false, ServiceError{ + Code: fmt.Sprintf("%v", resp.StatusCode), + Message: resp.Status, + } + } + err = updatePollingState(resp, &f.ps) if err != nil { return false, err @@ -185,6 +211,12 @@ func (f *Future) UnmarshalJSON(data []byte) error { return err } +// PollingURL returns the URL used for retrieving the status of the long-running operation. +// For LROs that use the Location header the final URL value is used to retrieve the result. +func (f Future) PollingURL() string { + return f.ps.URI +} + // DoPollForAsynchronous returns a SendDecorator that polls if the http.Response is for an Azure // long-running operation. It will delay between requests for the duration specified in the // RetryAfter header or, if the header is absent, the passed delay. Polling may be canceled by @@ -300,7 +332,9 @@ func (ps provisioningStatus) hasTerminated() bool { } func (ps provisioningStatus) hasProvisioningError() bool { - return ps.ProvisioningError != ServiceError{} + // code and message are required fields so only check them + return len(ps.ProvisioningError.Code) > 0 || + len(ps.ProvisioningError.Message) > 0 } // PollingMethodType defines a type used for enumerating polling mechanisms. @@ -321,8 +355,7 @@ type pollingState struct { PollingMethod PollingMethodType `json:"pollingMethod"` URI string `json:"uri"` State string `json:"state"` - Code string `json:"code"` - Message string `json:"message"` + ServiceError *ServiceError `json:"error,omitempty"` } func (ps pollingState) hasSucceeded() bool { @@ -338,7 +371,11 @@ func (ps pollingState) hasFailed() bool { } func (ps pollingState) Error() string { - return fmt.Sprintf("Long running operation terminated with status '%s': Code=%q Message=%q", ps.State, ps.Code, ps.Message) + s := fmt.Sprintf("Long running operation terminated with status '%s'", ps.State) + if ps.ServiceError != nil { + s = fmt.Sprintf("%s: %+v", s, *ps.ServiceError) + } + return s } // updatePollingState maps the operation status -- retrieved from either a provisioningState @@ -430,18 +467,14 @@ func updatePollingState(resp *http.Response, ps *pollingState) error { // -- Response // -- Otherwise, Unknown if ps.hasFailed() { - if ps.PollingMethod == PollingAsyncOperation { - or := pt.(*operationResource) - ps.Code = or.OperationError.Code - ps.Message = or.OperationError.Message + if or, ok := pt.(*operationResource); ok { + ps.ServiceError = &or.OperationError + } else if p, ok := pt.(*provisioningStatus); ok && p.hasProvisioningError() { + ps.ServiceError = &p.ProvisioningError } else { - p := pt.(*provisioningStatus) - if p.hasProvisioningError() { - ps.Code = p.ProvisioningError.Code - ps.Message = p.ProvisioningError.Message - } else { - ps.Code = "Unknown" - ps.Message = "None" + ps.ServiceError = &ServiceError{ + Code: "Unknown", + Message: "None", } } } diff --git a/vendor/github.com/Azure/go-autorest/autorest/azure/azure.go b/vendor/github.com/Azure/go-autorest/autorest/azure/azure.go index fa18356476b9..2383b2d74428 100644 --- a/vendor/github.com/Azure/go-autorest/autorest/azure/azure.go +++ b/vendor/github.com/Azure/go-autorest/autorest/azure/azure.go @@ -1,8 +1,5 @@ -/* -Package azure provides Azure-specific implementations used with AutoRest. - -See the included examples for more detail. -*/ +// Package azure provides Azure-specific implementations used with AutoRest. +// See the included examples for more detail. package azure // Copyright 2017 Microsoft Corporation @@ -43,21 +40,88 @@ const ( ) // ServiceError encapsulates the error response from an Azure service. +// It adhears to the OData v4 specification for error responses. type ServiceError struct { - Code string `json:"code"` - Message string `json:"message"` - Details *[]interface{} `json:"details"` + Code string `json:"code"` + Message string `json:"message"` + Target *string `json:"target"` + Details []map[string]interface{} `json:"details"` + InnerError map[string]interface{} `json:"innererror"` } func (se ServiceError) Error() string { + result := fmt.Sprintf("Code=%q Message=%q", se.Code, se.Message) + + if se.Target != nil { + result += fmt.Sprintf(" Target=%q", *se.Target) + } + if se.Details != nil { - d, err := json.Marshal(*(se.Details)) + d, err := json.Marshal(se.Details) if err != nil { - return fmt.Sprintf("Code=%q Message=%q Details=%v", se.Code, se.Message, *se.Details) + result += fmt.Sprintf(" Details=%v", se.Details) } - return fmt.Sprintf("Code=%q Message=%q Details=%v", se.Code, se.Message, string(d)) + result += fmt.Sprintf(" Details=%v", string(d)) } - return fmt.Sprintf("Code=%q Message=%q", se.Code, se.Message) + + if se.InnerError != nil { + d, err := json.Marshal(se.InnerError) + if err != nil { + result += fmt.Sprintf(" InnerError=%v", se.InnerError) + } + result += fmt.Sprintf(" InnerError=%v", string(d)) + } + + return result +} + +// UnmarshalJSON implements the json.Unmarshaler interface for the ServiceError type. +func (se *ServiceError) UnmarshalJSON(b []byte) error { + // per the OData v4 spec the details field must be an array of JSON objects. + // unfortunately not all services adhear to the spec and just return a single + // object instead of an array with one object. so we have to perform some + // shenanigans to accommodate both cases. + // http://docs.oasis-open.org/odata/odata-json-format/v4.0/os/odata-json-format-v4.0-os.html#_Toc372793091 + + type serviceError1 struct { + Code string `json:"code"` + Message string `json:"message"` + Target *string `json:"target"` + Details []map[string]interface{} `json:"details"` + InnerError map[string]interface{} `json:"innererror"` + } + + type serviceError2 struct { + Code string `json:"code"` + Message string `json:"message"` + Target *string `json:"target"` + Details map[string]interface{} `json:"details"` + InnerError map[string]interface{} `json:"innererror"` + } + + se1 := serviceError1{} + err := json.Unmarshal(b, &se1) + if err == nil { + se.populate(se1.Code, se1.Message, se1.Target, se1.Details, se1.InnerError) + return nil + } + + se2 := serviceError2{} + err = json.Unmarshal(b, &se2) + if err == nil { + se.populate(se2.Code, se2.Message, se2.Target, nil, se2.InnerError) + se.Details = append(se.Details, se2.Details) + return nil + } + return err +} + +func (se *ServiceError) populate(code, message string, target *string, details []map[string]interface{}, inner map[string]interface{}) { + se.Code = code + se.Message = message + se.Target = target + se.Details = details + se.InnerError = inner } // RequestError describes an error response returned by Azure service. diff --git a/vendor/github.com/Azure/go-autorest/autorest/azure/environments.go b/vendor/github.com/Azure/go-autorest/autorest/azure/environments.go index 936836493ba1..0916b14f34ae 100644 --- a/vendor/github.com/Azure/go-autorest/autorest/azure/environments.go +++ b/vendor/github.com/Azure/go-autorest/autorest/azure/environments.go @@ -44,6 +44,7 @@ type Environment struct { GalleryEndpoint string `json:"galleryEndpoint"` KeyVaultEndpoint string `json:"keyVaultEndpoint"` GraphEndpoint string `json:"graphEndpoint"` + ServiceBusEndpoint string `json:"serviceBusEndpoint"` StorageEndpointSuffix string `json:"storageEndpointSuffix"` SQLDatabaseDNSSuffix string `json:"sqlDatabaseDNSSuffix"` TrafficManagerDNSSuffix string `json:"trafficManagerDNSSuffix"` @@ -66,11 +67,12 @@ var ( GalleryEndpoint: "https://gallery.azure.com/", KeyVaultEndpoint: "https://vault.azure.net/", GraphEndpoint: "https://graph.windows.net/", + ServiceBusEndpoint: "https://servicebus.windows.net/", StorageEndpointSuffix: "core.windows.net", SQLDatabaseDNSSuffix: "database.windows.net", TrafficManagerDNSSuffix: "trafficmanager.net", KeyVaultDNSSuffix: "vault.azure.net", - ServiceBusEndpointSuffix: "servicebus.azure.com", + ServiceBusEndpointSuffix: "servicebus.windows.net", ServiceManagementVMDNSSuffix: "cloudapp.net", ResourceManagerVMDNSSuffix: "cloudapp.azure.com", ContainerRegistryDNSSuffix: "azurecr.io", @@ -87,6 +89,7 @@ var ( GalleryEndpoint: "https://gallery.usgovcloudapi.net/", KeyVaultEndpoint: "https://vault.usgovcloudapi.net/", GraphEndpoint: "https://graph.windows.net/", + ServiceBusEndpoint: "https://servicebus.usgovcloudapi.net/", StorageEndpointSuffix: "core.usgovcloudapi.net", SQLDatabaseDNSSuffix: "database.usgovcloudapi.net", TrafficManagerDNSSuffix: "usgovtrafficmanager.net", @@ -108,11 +111,12 @@ var ( GalleryEndpoint: "https://gallery.chinacloudapi.cn/", KeyVaultEndpoint: "https://vault.azure.cn/", GraphEndpoint: "https://graph.chinacloudapi.cn/", + ServiceBusEndpoint: "https://servicebus.chinacloudapi.cn/", StorageEndpointSuffix: "core.chinacloudapi.cn", SQLDatabaseDNSSuffix: "database.chinacloudapi.cn", TrafficManagerDNSSuffix: "trafficmanager.cn", KeyVaultDNSSuffix: "vault.azure.cn", - ServiceBusEndpointSuffix: "servicebus.chinacloudapi.net", + ServiceBusEndpointSuffix: "servicebus.chinacloudapi.cn", ServiceManagementVMDNSSuffix: "chinacloudapp.cn", ResourceManagerVMDNSSuffix: "cloudapp.azure.cn", ContainerRegistryDNSSuffix: "azurecr.io", @@ -129,6 +133,7 @@ var ( GalleryEndpoint: "https://gallery.cloudapi.de/", KeyVaultEndpoint: "https://vault.microsoftazure.de/", GraphEndpoint: "https://graph.cloudapi.de/", + ServiceBusEndpoint: "https://servicebus.cloudapi.de/", StorageEndpointSuffix: "core.cloudapi.de", SQLDatabaseDNSSuffix: "database.cloudapi.de", TrafficManagerDNSSuffix: "azuretrafficmanager.de", diff --git a/vendor/github.com/Azure/go-autorest/autorest/azure/rp.go b/vendor/github.com/Azure/go-autorest/autorest/azure/rp.go index b6b95d6fdbcb..2c88d60ba6c6 100644 --- a/vendor/github.com/Azure/go-autorest/autorest/azure/rp.go +++ b/vendor/github.com/Azure/go-autorest/autorest/azure/rp.go @@ -70,11 +70,8 @@ func DoRetryWithRegistration(client autorest.Client) autorest.SendDecorator { } func getProvider(re RequestError) (string, error) { - if re.ServiceError != nil { - if re.ServiceError.Details != nil && len(*re.ServiceError.Details) > 0 { - detail := (*re.ServiceError.Details)[0].(map[string]interface{}) - return detail["target"].(string), nil - } + if re.ServiceError != nil && len(re.ServiceError.Details) > 0 { + return re.ServiceError.Details[0]["target"].(string), nil } return "", errors.New("provider was not found in the response") } diff --git a/vendor/github.com/DataDog/datadog-go/statsd/statsd.go b/vendor/github.com/DataDog/datadog-go/statsd/statsd.go index 811d32f59b6e..0a7ec501cf28 100644 --- a/vendor/github.com/DataDog/datadog-go/statsd/statsd.go +++ b/vendor/github.com/DataDog/datadog-go/statsd/statsd.go @@ -77,7 +77,7 @@ var ( // A statsdWriter offers a standard interface regardless of the underlying // protocol. For now UDS and UPD writers are available. type statsdWriter interface { - Write(data []byte) error + Write(data []byte) (n int, err error) SetWriteTimeout(time.Duration) error Close() error } @@ -112,7 +112,7 @@ func New(addr string) (*Client, error) { } return NewWithWriter(w) } - w, err := newUdpWriter(addr) + w, err := newUDPWriter(addr) if err != nil { return nil, err } @@ -273,7 +273,7 @@ func (c *Client) flushLocked() error { var err error cmdsFlushed := 0 for i, data := range frames { - e := c.writer.Write(data) + _, e := c.writer.Write(data) if e != nil { err = e break @@ -303,7 +303,7 @@ func (c *Client) sendMsg(msg string) error { return c.append(msg) } - err := c.writer.Write([]byte(msg)) + _, err := c.writer.Write([]byte(msg)) if c.SkipErrors { return nil diff --git a/vendor/github.com/DataDog/datadog-go/statsd/udp.go b/vendor/github.com/DataDog/datadog-go/statsd/udp.go index 7cbb5148bf65..8af522c5bb44 100644 --- a/vendor/github.com/DataDog/datadog-go/statsd/udp.go +++ b/vendor/github.com/DataDog/datadog-go/statsd/udp.go @@ -12,7 +12,7 @@ type udpWriter struct { } // New returns a pointer to a new udpWriter given an addr in the format "hostname:port". -func newUdpWriter(addr string) (*udpWriter, error) { +func newUDPWriter(addr string) (*udpWriter, error) { udpAddr, err := net.ResolveUDPAddr("udp", addr) if err != nil { return nil, err @@ -31,9 +31,8 @@ func (w *udpWriter) SetWriteTimeout(d time.Duration) error { } // Write data to the UDP connection with no error handling -func (w *udpWriter) Write(data []byte) error { - _, e := w.conn.Write(data) - return e +func (w *udpWriter) Write(data []byte) (int, error) { + return w.conn.Write(data) } func (w *udpWriter) Close() error { diff --git a/vendor/github.com/DataDog/datadog-go/statsd/uds.go b/vendor/github.com/DataDog/datadog-go/statsd/uds.go index 2e4a41394e9e..31154ab4dd92 100644 --- a/vendor/github.com/DataDog/datadog-go/statsd/uds.go +++ b/vendor/github.com/DataDog/datadog-go/statsd/uds.go @@ -2,7 +2,6 @@ package statsd import ( "net" - "strings" "time" ) @@ -41,23 +40,23 @@ func (w *udsWriter) SetWriteTimeout(d time.Duration) error { // Write data to the UDS connection with write timeout and minimal error handling: // create the connection if nil, and destroy it if the statsd server has disconnected -func (w *udsWriter) Write(data []byte) error { +func (w *udsWriter) Write(data []byte) (int, error) { // Try connecting (first packet or connection lost) if w.conn == nil { conn, err := net.Dial(w.addr.Network(), w.addr.String()) if err != nil { - return err + return 0, err } w.conn = conn } w.conn.SetWriteDeadline(time.Now().Add(w.writeTimeout)) - _, e := w.conn.Write(data) - if e != nil && strings.Contains(e.Error(), "transport endpoint is not connected") { + n, e := w.conn.Write(data) + if e != nil { // Statsd server disconnected, retry connecting at next packet w.conn = nil - return e + return 0, e } - return e + return n, e } func (w *udsWriter) Close() error { diff --git a/vendor/github.com/armon/go-proxyproto/protocol.go b/vendor/github.com/armon/go-proxyproto/protocol.go index 576507294ffa..38bb6cbb1f75 100644 --- a/vendor/github.com/armon/go-proxyproto/protocol.go +++ b/vendor/github.com/armon/go-proxyproto/protocol.go @@ -28,12 +28,13 @@ var ( // passed in as an argument. If the function returns an error due to the source // being disallowed, it should return ErrInvalidUpstream. // -// Behavior is as follows: -// * If error is not nil, the call to Accept() will fail. If the reason for +// If error is not nil, the call to Accept() will fail. If the reason for // triggering this failure is due to a disallowed source, it should return // ErrInvalidUpstream. -// * If bool is true, the PROXY-set address is used. -// * If bool is false, the connection's remote address is used, rather than the +// +// If bool is true, the PROXY-set address is used. +// +// If bool is false, the connection's remote address is used, rather than the // address claimed in the PROXY info. type SourceChecker func(net.Addr) (bool, error) diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go index b2405175acd0..9e728feeee05 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go @@ -1182,6 +1182,7 @@ var awsPartition = partition{ "eu-central-1": endpoint{}, "eu-west-1": endpoint{}, "us-east-1": endpoint{}, + "us-east-2": endpoint{}, "us-west-1": endpoint{}, "us-west-2": endpoint{}, }, @@ -1761,7 +1762,9 @@ var awsPartition = partition{ Endpoints: endpoints{ "ap-northeast-1": endpoint{}, + "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, + "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, @@ -1940,6 +1943,8 @@ var awsPartition = partition{ Endpoints: endpoints{ "ap-northeast-1": endpoint{}, + "ap-southeast-2": endpoint{}, + "eu-central-1": endpoint{}, "eu-west-1": endpoint{}, "us-east-1": endpoint{}, "us-west-1": endpoint{}, @@ -2261,6 +2266,12 @@ var awscnPartition = partition{ "cn-northwest-1": endpoint{}, }, }, + "sms": service{ + + Endpoints: endpoints{ + "cn-north-1": endpoint{}, + }, + }, "snowball": service{ Endpoints: endpoints{ diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go b/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go index f1adcf481982..12b452177a8b 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go @@ -5,6 +5,7 @@ import ( "strconv" "github.com/aws/aws-sdk-go/aws/credentials" + "github.com/aws/aws-sdk-go/aws/defaults" ) // EnvProviderName provides a name of the provider when config is loaded from environment. @@ -176,6 +177,13 @@ func envConfigLoad(enableSharedConfig bool) envConfig { setFromEnvVal(&cfg.SharedCredentialsFile, sharedCredsFileEnvKey) setFromEnvVal(&cfg.SharedConfigFile, sharedConfigFileEnvKey) + if len(cfg.SharedCredentialsFile) == 0 { + cfg.SharedCredentialsFile = defaults.SharedCredentialsFilename() + } + if len(cfg.SharedConfigFile) == 0 { + cfg.SharedConfigFile = defaults.SharedConfigFilename() + } + cfg.CustomCABundle = os.Getenv("AWS_CA_BUNDLE") return cfg diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/session.go b/vendor/github.com/aws/aws-sdk-go/aws/session/session.go index 9f75d5ac5889..2fc789d6d840 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/session.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/session.go @@ -58,7 +58,12 @@ func New(cfgs ...*aws.Config) *Session { envCfg := loadEnvConfig() if envCfg.EnableSharedConfig { - s, err := newSession(Options{}, envCfg, cfgs...) + var cfg aws.Config + cfg.MergeIn(cfgs...) + s, err := NewSessionWithOptions(Options{ + Config: cfg, + SharedConfigState: SharedConfigEnable, + }) if err != nil { // Old session.New expected all errors to be discovered when // a request is made, and would report the errors then. This @@ -243,13 +248,6 @@ func NewSessionWithOptions(opts Options) (*Session, error) { envCfg.EnableSharedConfig = true } - if len(envCfg.SharedCredentialsFile) == 0 { - envCfg.SharedCredentialsFile = defaults.SharedCredentialsFilename() - } - if len(envCfg.SharedConfigFile) == 0 { - envCfg.SharedConfigFile = defaults.SharedConfigFilename() - } - // Only use AWS_CA_BUNDLE if session option is not provided. if len(envCfg.CustomCABundle) != 0 && opts.CustomCABundle == nil { f, err := os.Open(envCfg.CustomCABundle) diff --git a/vendor/github.com/aws/aws-sdk-go/aws/version.go b/vendor/github.com/aws/aws-sdk-go/aws/version.go index 927213b101dc..68b53dfcd294 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/version.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/version.go @@ -5,4 +5,4 @@ package aws const SDKName = "aws-sdk-go" // SDKVersion is the version of this SDK -const SDKVersion = "1.12.69" +const SDKVersion = "1.12.74" diff --git a/vendor/github.com/aws/aws-sdk-go/service/dynamodb/api.go b/vendor/github.com/aws/aws-sdk-go/service/dynamodb/api.go index 2b3343198d62..43abb412355a 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/dynamodb/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/dynamodb/api.go @@ -420,23 +420,21 @@ func (c *DynamoDB) CreateBackupRequest(input *CreateBackupInput) (req *request.R // Each time you create an On-Demand Backup, the entire table data is backed // up. There is no limit to the number of on-demand backups that can be taken. // +// When you create an On-Demand Backup, a time marker of the request is cataloged, +// and the backup is created asynchronously, by applying all changes until the +// time of the request to the last full table snapshot. Backup requests are +// processed instantaneously and become available for restore within minutes. +// // You can call CreateBackup at a maximum rate of 50 times per second. // // All backups in DynamoDB work without consuming any provisioned throughput -// on the table. This results in a fast, low-cost, and scalable backup process. -// In general, the larger the table, the more time it takes to back up. The -// backup is stored in an S3 data store that is maintained and managed by DynamoDB. -// -// Backups incorporate all writes (delete, put, update) that were completed -// within the last minute before the backup request was initiated. Backups might -// include some writes (delete, put, update) that were completed before the -// backup request was finished. +// on the table. // -// For example, if you submit the backup request on 2018-12-14 at 14:25:00, -// the backup is guaranteed to contain all data committed to the table up to -// 14:24:00, and data committed after 14:26:00 will not be. The backup may or -// may not contain data modifications made between 14:24:00 and 14:26:00. On-Demand -// Backup does not support causal consistency. +// If you submit a backup request on 2018-12-14 at 14:25:00, the backup is guaranteed +// to contain all data committed to the table up to 14:24:00, and data committed +// after 14:26:00 will not be. The backup may or may not contain data modifications +// made between 14:24:00 and 14:26:00. On-Demand Backup does not support causal +// consistency. // // Along with data, the following are also included on the backups: // @@ -471,12 +469,21 @@ func (c *DynamoDB) CreateBackupRequest(input *CreateBackupInput) (req *request.R // table. The backups is either being created, deleted or restored to a table. // // * ErrCodeLimitExceededException "LimitExceededException" -// The number of concurrent table requests (cumulative number of tables in the -// CREATING, DELETING or UPDATING state) exceeds the maximum allowed of 10. +// Up to 50 CreateBackup operations are allowed per second, per account. There +// is no limit to the number of daily on-demand backups that can be taken. +// +// Up to 10 simultaneous table operations are allowed per account. These operations +// include CreateTable, UpdateTable, DeleteTable,UpdateTimeToLive, and RestoreTableFromBackup. +// +// For tables with secondary indexes, only one of those tables can be in the +// CREATING state at any point in time. Do not attempt to create more than one +// such table simultaneously. // -// Also, for tables with secondary indexes, only one of those tables can be -// in the CREATING state at any point in time. Do not attempt to create more -// than one such table simultaneously. +// The total limit of tables in the ACTIVE state is 250. +// +// For tables with secondary indexes, only one of those tables can be in the +// CREATING state at any point in time. Do not attempt to create more than one +// such table simultaneously. // // The total limit of tables in the ACTIVE state is 250. // @@ -573,12 +580,21 @@ func (c *DynamoDB) CreateGlobalTableRequest(input *CreateGlobalTableInput) (req // // Returned Error Codes: // * ErrCodeLimitExceededException "LimitExceededException" -// The number of concurrent table requests (cumulative number of tables in the -// CREATING, DELETING or UPDATING state) exceeds the maximum allowed of 10. +// Up to 50 CreateBackup operations are allowed per second, per account. There +// is no limit to the number of daily on-demand backups that can be taken. // -// Also, for tables with secondary indexes, only one of those tables can be -// in the CREATING state at any point in time. Do not attempt to create more -// than one such table simultaneously. +// Up to 10 simultaneous table operations are allowed per account. These operations +// include CreateTable, UpdateTable, DeleteTable,UpdateTimeToLive, and RestoreTableFromBackup. +// +// For tables with secondary indexes, only one of those tables can be in the +// CREATING state at any point in time. Do not attempt to create more than one +// such table simultaneously. +// +// The total limit of tables in the ACTIVE state is 250. +// +// For tables with secondary indexes, only one of those tables can be in the +// CREATING state at any point in time. Do not attempt to create more than one +// such table simultaneously. // // The total limit of tables in the ACTIVE state is 250. // @@ -688,12 +704,21 @@ func (c *DynamoDB) CreateTableRequest(input *CreateTableInput) (req *request.Req // in the CREATING state. // // * ErrCodeLimitExceededException "LimitExceededException" -// The number of concurrent table requests (cumulative number of tables in the -// CREATING, DELETING or UPDATING state) exceeds the maximum allowed of 10. +// Up to 50 CreateBackup operations are allowed per second, per account. There +// is no limit to the number of daily on-demand backups that can be taken. // -// Also, for tables with secondary indexes, only one of those tables can be -// in the CREATING state at any point in time. Do not attempt to create more -// than one such table simultaneously. +// Up to 10 simultaneous table operations are allowed per account. These operations +// include CreateTable, UpdateTable, DeleteTable,UpdateTimeToLive, and RestoreTableFromBackup. +// +// For tables with secondary indexes, only one of those tables can be in the +// CREATING state at any point in time. Do not attempt to create more than one +// such table simultaneously. +// +// The total limit of tables in the ACTIVE state is 250. +// +// For tables with secondary indexes, only one of those tables can be in the +// CREATING state at any point in time. Do not attempt to create more than one +// such table simultaneously. // // The total limit of tables in the ACTIVE state is 250. // @@ -786,12 +811,21 @@ func (c *DynamoDB) DeleteBackupRequest(input *DeleteBackupInput) (req *request.R // table. The backups is either being created, deleted or restored to a table. // // * ErrCodeLimitExceededException "LimitExceededException" -// The number of concurrent table requests (cumulative number of tables in the -// CREATING, DELETING or UPDATING state) exceeds the maximum allowed of 10. +// Up to 50 CreateBackup operations are allowed per second, per account. There +// is no limit to the number of daily on-demand backups that can be taken. +// +// Up to 10 simultaneous table operations are allowed per account. These operations +// include CreateTable, UpdateTable, DeleteTable,UpdateTimeToLive, and RestoreTableFromBackup. // -// Also, for tables with secondary indexes, only one of those tables can be -// in the CREATING state at any point in time. Do not attempt to create more -// than one such table simultaneously. +// For tables with secondary indexes, only one of those tables can be in the +// CREATING state at any point in time. Do not attempt to create more than one +// such table simultaneously. +// +// The total limit of tables in the ACTIVE state is 250. +// +// For tables with secondary indexes, only one of those tables can be in the +// CREATING state at any point in time. Do not attempt to create more than one +// such table simultaneously. // // The total limit of tables in the ACTIVE state is 250. // @@ -1012,12 +1046,21 @@ func (c *DynamoDB) DeleteTableRequest(input *DeleteTableInput) (req *request.Req // might not be specified correctly, or its status might not be ACTIVE. // // * ErrCodeLimitExceededException "LimitExceededException" -// The number of concurrent table requests (cumulative number of tables in the -// CREATING, DELETING or UPDATING state) exceeds the maximum allowed of 10. +// Up to 50 CreateBackup operations are allowed per second, per account. There +// is no limit to the number of daily on-demand backups that can be taken. +// +// Up to 10 simultaneous table operations are allowed per account. These operations +// include CreateTable, UpdateTable, DeleteTable,UpdateTimeToLive, and RestoreTableFromBackup. // -// Also, for tables with secondary indexes, only one of those tables can be -// in the CREATING state at any point in time. Do not attempt to create more -// than one such table simultaneously. +// For tables with secondary indexes, only one of those tables can be in the +// CREATING state at any point in time. Do not attempt to create more than one +// such table simultaneously. +// +// The total limit of tables in the ACTIVE state is 250. +// +// For tables with secondary indexes, only one of those tables can be in the +// CREATING state at any point in time. Do not attempt to create more than one +// such table simultaneously. // // The total limit of tables in the ACTIVE state is 250. // @@ -1261,7 +1304,7 @@ func (c *DynamoDB) DescribeGlobalTableRequest(input *DescribeGlobalTableInput) ( // DescribeGlobalTable API operation for Amazon DynamoDB. // -// Returns information about the global table. +// Returns information about the specified global table. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1837,8 +1880,7 @@ func (c *DynamoDB) ListGlobalTablesRequest(input *ListGlobalTablesInput) (req *r // ListGlobalTables API operation for Amazon DynamoDB. // -// Lists all the global tables. Only those global tables that have replicas -// in the region specified as input are returned. +// Lists all global tables that have a replica in the specified region. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2491,6 +2533,8 @@ func (c *DynamoDB) RestoreTableFromBackupRequest(input *RestoreTableFromBackupIn // // * Tags // +// * Stream settings +// // * Time to Live (TTL) settings // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -2515,12 +2559,21 @@ func (c *DynamoDB) RestoreTableFromBackupRequest(input *RestoreTableFromBackupIn // table. The backups is either being created, deleted or restored to a table. // // * ErrCodeLimitExceededException "LimitExceededException" -// The number of concurrent table requests (cumulative number of tables in the -// CREATING, DELETING or UPDATING state) exceeds the maximum allowed of 10. +// Up to 50 CreateBackup operations are allowed per second, per account. There +// is no limit to the number of daily on-demand backups that can be taken. // -// Also, for tables with secondary indexes, only one of those tables can be -// in the CREATING state at any point in time. Do not attempt to create more -// than one such table simultaneously. +// Up to 10 simultaneous table operations are allowed per account. These operations +// include CreateTable, UpdateTable, DeleteTable,UpdateTimeToLive, and RestoreTableFromBackup. +// +// For tables with secondary indexes, only one of those tables can be in the +// CREATING state at any point in time. Do not attempt to create more than one +// such table simultaneously. +// +// The total limit of tables in the ACTIVE state is 250. +// +// For tables with secondary indexes, only one of those tables can be in the +// CREATING state at any point in time. Do not attempt to create more than one +// such table simultaneously. // // The total limit of tables in the ACTIVE state is 250. // @@ -2786,12 +2839,21 @@ func (c *DynamoDB) TagResourceRequest(input *TagResourceInput) (req *request.Req // // Returned Error Codes: // * ErrCodeLimitExceededException "LimitExceededException" -// The number of concurrent table requests (cumulative number of tables in the -// CREATING, DELETING or UPDATING state) exceeds the maximum allowed of 10. +// Up to 50 CreateBackup operations are allowed per second, per account. There +// is no limit to the number of daily on-demand backups that can be taken. // -// Also, for tables with secondary indexes, only one of those tables can be -// in the CREATING state at any point in time. Do not attempt to create more -// than one such table simultaneously. +// Up to 10 simultaneous table operations are allowed per account. These operations +// include CreateTable, UpdateTable, DeleteTable,UpdateTimeToLive, and RestoreTableFromBackup. +// +// For tables with secondary indexes, only one of those tables can be in the +// CREATING state at any point in time. Do not attempt to create more than one +// such table simultaneously. +// +// The total limit of tables in the ACTIVE state is 250. +// +// For tables with secondary indexes, only one of those tables can be in the +// CREATING state at any point in time. Do not attempt to create more than one +// such table simultaneously. // // The total limit of tables in the ACTIVE state is 250. // @@ -2890,12 +2952,21 @@ func (c *DynamoDB) UntagResourceRequest(input *UntagResourceInput) (req *request // // Returned Error Codes: // * ErrCodeLimitExceededException "LimitExceededException" -// The number of concurrent table requests (cumulative number of tables in the -// CREATING, DELETING or UPDATING state) exceeds the maximum allowed of 10. +// Up to 50 CreateBackup operations are allowed per second, per account. There +// is no limit to the number of daily on-demand backups that can be taken. +// +// Up to 10 simultaneous table operations are allowed per account. These operations +// include CreateTable, UpdateTable, DeleteTable,UpdateTimeToLive, and RestoreTableFromBackup. +// +// For tables with secondary indexes, only one of those tables can be in the +// CREATING state at any point in time. Do not attempt to create more than one +// such table simultaneously. +// +// The total limit of tables in the ACTIVE state is 250. // -// Also, for tables with secondary indexes, only one of those tables can be -// in the CREATING state at any point in time. Do not attempt to create more -// than one such table simultaneously. +// For tables with secondary indexes, only one of those tables can be in the +// CREATING state at any point in time. Do not attempt to create more than one +// such table simultaneously. // // The total limit of tables in the ACTIVE state is 250. // @@ -2977,9 +3048,15 @@ func (c *DynamoDB) UpdateGlobalTableRequest(input *UpdateGlobalTableInput) (req // UpdateGlobalTable API operation for Amazon DynamoDB. // -// Adds or removes replicas to the specified global table. The global table -// should already exist to be able to use this operation. Currently, the replica -// to be added should be empty. +// Adds or removes replicas in the specified global table. The global table +// must already exist to be able to use this operation. Any replica to be added +// must be empty, must have the same name as the global table, must have the +// same key schema, must have DynamoDB Streams enabled, and cannot have any +// local secondary indexes (LSIs). +// +// Although you can use UpdateGlobalTable to add replicas and remove replicas +// in a single request, for simplicity we recommend that you issue separate +// requests for adding or removing replicas. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3213,12 +3290,21 @@ func (c *DynamoDB) UpdateTableRequest(input *UpdateTableInput) (req *request.Req // might not be specified correctly, or its status might not be ACTIVE. // // * ErrCodeLimitExceededException "LimitExceededException" -// The number of concurrent table requests (cumulative number of tables in the -// CREATING, DELETING or UPDATING state) exceeds the maximum allowed of 10. +// Up to 50 CreateBackup operations are allowed per second, per account. There +// is no limit to the number of daily on-demand backups that can be taken. // -// Also, for tables with secondary indexes, only one of those tables can be -// in the CREATING state at any point in time. Do not attempt to create more -// than one such table simultaneously. +// Up to 10 simultaneous table operations are allowed per account. These operations +// include CreateTable, UpdateTable, DeleteTable,UpdateTimeToLive, and RestoreTableFromBackup. +// +// For tables with secondary indexes, only one of those tables can be in the +// CREATING state at any point in time. Do not attempt to create more than one +// such table simultaneously. +// +// The total limit of tables in the ACTIVE state is 250. +// +// For tables with secondary indexes, only one of those tables can be in the +// CREATING state at any point in time. Do not attempt to create more than one +// such table simultaneously. // // The total limit of tables in the ACTIVE state is 250. // @@ -3338,12 +3424,21 @@ func (c *DynamoDB) UpdateTimeToLiveRequest(input *UpdateTimeToLiveInput) (req *r // might not be specified correctly, or its status might not be ACTIVE. // // * ErrCodeLimitExceededException "LimitExceededException" -// The number of concurrent table requests (cumulative number of tables in the -// CREATING, DELETING or UPDATING state) exceeds the maximum allowed of 10. +// Up to 50 CreateBackup operations are allowed per second, per account. There +// is no limit to the number of daily on-demand backups that can be taken. // -// Also, for tables with secondary indexes, only one of those tables can be -// in the CREATING state at any point in time. Do not attempt to create more -// than one such table simultaneously. +// Up to 10 simultaneous table operations are allowed per account. These operations +// include CreateTable, UpdateTable, DeleteTable,UpdateTimeToLive, and RestoreTableFromBackup. +// +// For tables with secondary indexes, only one of those tables can be in the +// CREATING state at any point in time. Do not attempt to create more than one +// such table simultaneously. +// +// The total limit of tables in the ACTIVE state is 250. +// +// For tables with secondary indexes, only one of those tables can be in the +// CREATING state at any point in time. Do not attempt to create more than one +// such table simultaneously. // // The total limit of tables in the ACTIVE state is 250. // @@ -3373,7 +3468,6 @@ func (c *DynamoDB) UpdateTimeToLiveWithContext(ctx aws.Context, input *UpdateTim } // Represents an attribute for describing the key schema for the table and indexes. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/AttributeDefinition type AttributeDefinition struct { _ struct{} `type:"structure"` @@ -3442,7 +3536,6 @@ func (s *AttributeDefinition) SetAttributeType(v string) *AttributeDefinition { // // For more information, see Data Types (http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.NamingRulesDataTypes.html#HowItWorks.DataTypes) // in the Amazon DynamoDB Developer Guide. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/AttributeValue type AttributeValue struct { _ struct{} `type:"structure"` @@ -3587,7 +3680,6 @@ func (s *AttributeValue) SetSS(v []*string) *AttributeValue { // Attribute values cannot be null; string and binary type attributes must have // lengths greater than zero; and set type attributes must not be empty. Requests // with empty values will be rejected with a ValidationException exception. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/AttributeValueUpdate type AttributeValueUpdate struct { _ struct{} `type:"structure"` @@ -3661,7 +3753,7 @@ type AttributeValueUpdate struct { // Each attribute value is described as a name-value pair. The name is the data // type, and the value is the data itself. // - // For more information, see Data TYpes (http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.NamingRulesDataTypes.html#HowItWorks.DataTypes) + // For more information, see Data Types (http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.NamingRulesDataTypes.html#HowItWorks.DataTypes) // in the Amazon DynamoDB Developer Guide. Value *AttributeValue `type:"structure"` } @@ -3689,7 +3781,6 @@ func (s *AttributeValueUpdate) SetValue(v *AttributeValue) *AttributeValueUpdate } // Contains the description of the backup created for the table. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/BackupDescription type BackupDescription struct { _ struct{} `type:"structure"` @@ -3733,7 +3824,6 @@ func (s *BackupDescription) SetSourceTableFeatureDetails(v *SourceTableFeatureDe } // Contains the details of the backup created for the table. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/BackupDetails type BackupDetails struct { _ struct{} `type:"structure"` @@ -3802,7 +3892,6 @@ func (s *BackupDetails) SetBackupStatus(v string) *BackupDetails { } // Contains details for the backup. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/BackupSummary type BackupSummary struct { _ struct{} `type:"structure"` @@ -3890,7 +3979,6 @@ func (s *BackupSummary) SetTableName(v string) *BackupSummary { } // Represents the input of a BatchGetItem operation. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/BatchGetItemInput type BatchGetItemInput struct { _ struct{} `type:"structure"` @@ -4031,7 +4119,6 @@ func (s *BatchGetItemInput) SetReturnConsumedCapacity(v string) *BatchGetItemInp } // Represents the output of a BatchGetItem operation. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/BatchGetItemOutput type BatchGetItemOutput struct { _ struct{} `type:"structure"` @@ -4101,7 +4188,6 @@ func (s *BatchGetItemOutput) SetUnprocessedKeys(v map[string]*KeysAndAttributes) } // Represents the input of a BatchWriteItem operation. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/BatchWriteItemInput type BatchWriteItemInput struct { _ struct{} `type:"structure"` @@ -4204,7 +4290,6 @@ func (s *BatchWriteItemInput) SetReturnItemCollectionMetrics(v string) *BatchWri } // Represents the output of a BatchWriteItem operation. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/BatchWriteItemOutput type BatchWriteItemOutput struct { _ struct{} `type:"structure"` @@ -4300,7 +4385,6 @@ func (s *BatchWriteItemOutput) SetUnprocessedItems(v map[string][]*WriteRequest) // Represents the amount of provisioned throughput capacity consumed on a table // or an index. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/Capacity type Capacity struct { _ struct{} `type:"structure"` @@ -4337,7 +4421,6 @@ func (s *Capacity) SetCapacityUnits(v float64) *Capacity { // // * For a Scan operation, Condition is used in a ScanFilter, which evaluates // the scan results and returns only the desired values. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/Condition type Condition struct { _ struct{} `type:"structure"` @@ -4442,7 +4525,6 @@ func (s *Condition) SetComparisonOperator(v string) *Condition { // if the request asked for it. For more information, see Provisioned Throughput // (http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ProvisionedThroughputIntro.html) // in the Amazon DynamoDB Developer Guide. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/ConsumedCapacity type ConsumedCapacity struct { _ struct{} `type:"structure"` @@ -4504,7 +4586,6 @@ func (s *ConsumedCapacity) SetTableName(v string) *ConsumedCapacity { // Represents the backup and restore settings on the table when the backup was // created. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/ContinuousBackupsDescription type ContinuousBackupsDescription struct { _ struct{} `type:"structure"` @@ -4530,7 +4611,6 @@ func (s *ContinuousBackupsDescription) SetContinuousBackupsStatus(v string) *Con return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/CreateBackupInput type CreateBackupInput struct { _ struct{} `type:"structure"` @@ -4589,7 +4669,6 @@ func (s *CreateBackupInput) SetTableName(v string) *CreateBackupInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/CreateBackupOutput type CreateBackupOutput struct { _ struct{} `type:"structure"` @@ -4614,7 +4693,6 @@ func (s *CreateBackupOutput) SetBackupDetails(v *BackupDetails) *CreateBackupOut } // Represents a new global secondary index to be added to an existing table. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/CreateGlobalSecondaryIndexAction type CreateGlobalSecondaryIndexAction struct { _ struct{} `type:"structure"` @@ -4728,7 +4806,6 @@ func (s *CreateGlobalSecondaryIndexAction) SetProvisionedThroughput(v *Provision return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/CreateGlobalTableInput type CreateGlobalTableInput struct { _ struct{} `type:"structure"` @@ -4784,7 +4861,6 @@ func (s *CreateGlobalTableInput) SetReplicationGroup(v []*Replica) *CreateGlobal return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/CreateGlobalTableOutput type CreateGlobalTableOutput struct { _ struct{} `type:"structure"` @@ -4809,7 +4885,6 @@ func (s *CreateGlobalTableOutput) SetGlobalTableDescription(v *GlobalTableDescri } // Represents a replica to be added. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/CreateReplicaAction type CreateReplicaAction struct { _ struct{} `type:"structure"` @@ -4849,7 +4924,6 @@ func (s *CreateReplicaAction) SetRegionName(v string) *CreateReplicaAction { } // Represents the input of a CreateTable operation. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/CreateTableInput type CreateTableInput struct { _ struct{} `type:"structure"` @@ -4971,6 +5045,9 @@ type CreateTableInput struct { // ProvisionedThroughput is a required field ProvisionedThroughput *ProvisionedThroughput `type:"structure" required:"true"` + // Represents the settings used to enable server-side encryption. + SSESpecification *SSESpecification `type:"structure"` + // The settings for DynamoDB Streams on the table. These settings consist of: // // * StreamEnabled - Indicates whether Streams is to be enabled (true) or @@ -5075,6 +5152,11 @@ func (s *CreateTableInput) Validate() error { invalidParams.AddNested("ProvisionedThroughput", err.(request.ErrInvalidParams)) } } + if s.SSESpecification != nil { + if err := s.SSESpecification.Validate(); err != nil { + invalidParams.AddNested("SSESpecification", err.(request.ErrInvalidParams)) + } + } if invalidParams.Len() > 0 { return invalidParams @@ -5112,6 +5194,12 @@ func (s *CreateTableInput) SetProvisionedThroughput(v *ProvisionedThroughput) *C return s } +// SetSSESpecification sets the SSESpecification field's value. +func (s *CreateTableInput) SetSSESpecification(v *SSESpecification) *CreateTableInput { + s.SSESpecification = v + return s +} + // SetStreamSpecification sets the StreamSpecification field's value. func (s *CreateTableInput) SetStreamSpecification(v *StreamSpecification) *CreateTableInput { s.StreamSpecification = v @@ -5125,7 +5213,6 @@ func (s *CreateTableInput) SetTableName(v string) *CreateTableInput { } // Represents the output of a CreateTable operation. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/CreateTableOutput type CreateTableOutput struct { _ struct{} `type:"structure"` @@ -5149,7 +5236,6 @@ func (s *CreateTableOutput) SetTableDescription(v *TableDescription) *CreateTabl return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/DeleteBackupInput type DeleteBackupInput struct { _ struct{} `type:"structure"` @@ -5191,7 +5277,6 @@ func (s *DeleteBackupInput) SetBackupArn(v string) *DeleteBackupInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/DeleteBackupOutput type DeleteBackupOutput struct { _ struct{} `type:"structure"` @@ -5216,7 +5301,6 @@ func (s *DeleteBackupOutput) SetBackupDescription(v *BackupDescription) *DeleteB } // Represents a global secondary index to be deleted from an existing table. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/DeleteGlobalSecondaryIndexAction type DeleteGlobalSecondaryIndexAction struct { _ struct{} `type:"structure"` @@ -5259,7 +5343,6 @@ func (s *DeleteGlobalSecondaryIndexAction) SetIndexName(v string) *DeleteGlobalS } // Represents the input of a DeleteItem operation. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/DeleteItemInput type DeleteItemInput struct { _ struct{} `type:"structure"` @@ -5493,7 +5576,6 @@ func (s *DeleteItemInput) SetTableName(v string) *DeleteItemInput { } // Represents the output of a DeleteItem operation. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/DeleteItemOutput type DeleteItemOutput struct { _ struct{} `type:"structure"` @@ -5561,7 +5643,6 @@ func (s *DeleteItemOutput) SetItemCollectionMetrics(v *ItemCollectionMetrics) *D } // Represents a replica to be removed. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/DeleteReplicaAction type DeleteReplicaAction struct { _ struct{} `type:"structure"` @@ -5601,7 +5682,6 @@ func (s *DeleteReplicaAction) SetRegionName(v string) *DeleteReplicaAction { } // Represents a request to perform a DeleteItem operation on an item. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/DeleteRequest type DeleteRequest struct { _ struct{} `type:"structure"` @@ -5630,7 +5710,6 @@ func (s *DeleteRequest) SetKey(v map[string]*AttributeValue) *DeleteRequest { } // Represents the input of a DeleteTable operation. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/DeleteTableInput type DeleteTableInput struct { _ struct{} `type:"structure"` @@ -5673,7 +5752,6 @@ func (s *DeleteTableInput) SetTableName(v string) *DeleteTableInput { } // Represents the output of a DeleteTable operation. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/DeleteTableOutput type DeleteTableOutput struct { _ struct{} `type:"structure"` @@ -5697,7 +5775,6 @@ func (s *DeleteTableOutput) SetTableDescription(v *TableDescription) *DeleteTabl return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/DescribeBackupInput type DescribeBackupInput struct { _ struct{} `type:"structure"` @@ -5739,7 +5816,6 @@ func (s *DescribeBackupInput) SetBackupArn(v string) *DescribeBackupInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/DescribeBackupOutput type DescribeBackupOutput struct { _ struct{} `type:"structure"` @@ -5763,7 +5839,6 @@ func (s *DescribeBackupOutput) SetBackupDescription(v *BackupDescription) *Descr return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/DescribeContinuousBackupsInput type DescribeContinuousBackupsInput struct { _ struct{} `type:"structure"` @@ -5806,7 +5881,6 @@ func (s *DescribeContinuousBackupsInput) SetTableName(v string) *DescribeContinu return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/DescribeContinuousBackupsOutput type DescribeContinuousBackupsOutput struct { _ struct{} `type:"structure"` @@ -5830,7 +5904,6 @@ func (s *DescribeContinuousBackupsOutput) SetContinuousBackupsDescription(v *Con return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/DescribeGlobalTableInput type DescribeGlobalTableInput struct { _ struct{} `type:"structure"` @@ -5872,7 +5945,6 @@ func (s *DescribeGlobalTableInput) SetGlobalTableName(v string) *DescribeGlobalT return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/DescribeGlobalTableOutput type DescribeGlobalTableOutput struct { _ struct{} `type:"structure"` @@ -5897,7 +5969,6 @@ func (s *DescribeGlobalTableOutput) SetGlobalTableDescription(v *GlobalTableDesc } // Represents the input of a DescribeLimits operation. Has no content. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/DescribeLimitsInput type DescribeLimitsInput struct { _ struct{} `type:"structure"` } @@ -5913,7 +5984,6 @@ func (s DescribeLimitsInput) GoString() string { } // Represents the output of a DescribeLimits operation. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/DescribeLimitsOutput type DescribeLimitsOutput struct { _ struct{} `type:"structure"` @@ -5971,7 +6041,6 @@ func (s *DescribeLimitsOutput) SetTableMaxWriteCapacityUnits(v int64) *DescribeL } // Represents the input of a DescribeTable operation. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/DescribeTableInput type DescribeTableInput struct { _ struct{} `type:"structure"` @@ -6014,7 +6083,6 @@ func (s *DescribeTableInput) SetTableName(v string) *DescribeTableInput { } // Represents the output of a DescribeTable operation. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/DescribeTableOutput type DescribeTableOutput struct { _ struct{} `type:"structure"` @@ -6038,7 +6106,6 @@ func (s *DescribeTableOutput) SetTable(v *TableDescription) *DescribeTableOutput return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/DescribeTimeToLiveInput type DescribeTimeToLiveInput struct { _ struct{} `type:"structure"` @@ -6080,7 +6147,6 @@ func (s *DescribeTimeToLiveInput) SetTableName(v string) *DescribeTimeToLiveInpu return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/DescribeTimeToLiveOutput type DescribeTimeToLiveOutput struct { _ struct{} `type:"structure"` @@ -6124,7 +6190,6 @@ func (s *DescribeTimeToLiveOutput) SetTimeToLiveDescription(v *TimeToLiveDescrip // Value and Exists are incompatible with AttributeValueList and ComparisonOperator. // Note that if you use both sets of parameters at once, DynamoDB will return // a ValidationException exception. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/ExpectedAttributeValue type ExpectedAttributeValue struct { _ struct{} `type:"structure"` @@ -6257,7 +6322,6 @@ func (s *ExpectedAttributeValue) SetValue(v *AttributeValue) *ExpectedAttributeV } // Represents the input of a GetItem operation. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/GetItemInput type GetItemInput struct { _ struct{} `type:"structure"` @@ -6429,7 +6493,6 @@ func (s *GetItemInput) SetTableName(v string) *GetItemInput { } // Represents the output of a GetItem operation. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/GetItemOutput type GetItemOutput struct { _ struct{} `type:"structure"` @@ -6468,7 +6531,6 @@ func (s *GetItemOutput) SetItem(v map[string]*AttributeValue) *GetItemOutput { } // Represents the properties of a global secondary index. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/GlobalSecondaryIndex type GlobalSecondaryIndex struct { _ struct{} `type:"structure"` @@ -6598,7 +6660,6 @@ func (s *GlobalSecondaryIndex) SetProvisionedThroughput(v *ProvisionedThroughput } // Represents the properties of a global secondary index. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/GlobalSecondaryIndexDescription type GlobalSecondaryIndexDescription struct { _ struct{} `type:"structure"` @@ -6736,7 +6797,6 @@ func (s *GlobalSecondaryIndexDescription) SetProvisionedThroughput(v *Provisione // Represents the properties of a global secondary index for the table when // the backup was created. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/GlobalSecondaryIndexInfo type GlobalSecondaryIndexInfo struct { _ struct{} `type:"structure"` @@ -6812,7 +6872,6 @@ func (s *GlobalSecondaryIndexInfo) SetProvisionedThroughput(v *ProvisionedThroug // index. // // * An existing global secondary index to be removed from an existing table. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/GlobalSecondaryIndexUpdate type GlobalSecondaryIndexUpdate struct { _ struct{} `type:"structure"` @@ -6892,7 +6951,6 @@ func (s *GlobalSecondaryIndexUpdate) SetUpdate(v *UpdateGlobalSecondaryIndexActi } // Represents the properties of a global table. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/GlobalTable type GlobalTable struct { _ struct{} `type:"structure"` @@ -6926,7 +6984,6 @@ func (s *GlobalTable) SetReplicationGroup(v []*Replica) *GlobalTable { } // Contains details about the global table. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/GlobalTableDescription type GlobalTableDescription struct { _ struct{} `type:"structure"` @@ -6998,7 +7055,6 @@ func (s *GlobalTableDescription) SetReplicationGroup(v []*ReplicaDescription) *G // ItemCollectionMetrics is only returned if the request asked for it. If the // table does not have any local secondary indexes, this information is not // returned in the response. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/ItemCollectionMetrics type ItemCollectionMetrics struct { _ struct{} `type:"structure"` @@ -7051,7 +7107,6 @@ func (s *ItemCollectionMetrics) SetSizeEstimateRangeGB(v []*float64) *ItemCollec // A KeySchemaElement must be a scalar, top-level attribute (not a nested attribute). // The data type must be one of String, Number, or Binary. The attribute cannot // be nested within a List or a Map. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/KeySchemaElement type KeySchemaElement struct { _ struct{} `type:"structure"` @@ -7127,7 +7182,6 @@ func (s *KeySchemaElement) SetKeyType(v string) *KeySchemaElement { // with a simple primary key, you only need to provide the partition key. For // a composite primary key, you must provide both the partition key and the // sort key. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/KeysAndAttributes type KeysAndAttributes struct { _ struct{} `type:"structure"` @@ -7255,7 +7309,6 @@ func (s *KeysAndAttributes) SetProjectionExpression(v string) *KeysAndAttributes return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/ListBackupsInput type ListBackupsInput struct { _ struct{} `type:"structure"` @@ -7335,7 +7388,6 @@ func (s *ListBackupsInput) SetTimeRangeUpperBound(v time.Time) *ListBackupsInput return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/ListBackupsOutput type ListBackupsOutput struct { _ struct{} `type:"structure"` @@ -7368,7 +7420,6 @@ func (s *ListBackupsOutput) SetLastEvaluatedBackupArn(v string) *ListBackupsOutp return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/ListGlobalTablesInput type ListGlobalTablesInput struct { _ struct{} `type:"structure"` @@ -7426,7 +7477,6 @@ func (s *ListGlobalTablesInput) SetRegionName(v string) *ListGlobalTablesInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/ListGlobalTablesOutput type ListGlobalTablesOutput struct { _ struct{} `type:"structure"` @@ -7460,7 +7510,6 @@ func (s *ListGlobalTablesOutput) SetLastEvaluatedGlobalTableName(v string) *List } // Represents the input of a ListTables operation. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/ListTablesInput type ListTablesInput struct { _ struct{} `type:"structure"` @@ -7513,7 +7562,6 @@ func (s *ListTablesInput) SetLimit(v int64) *ListTablesInput { } // Represents the output of a ListTables operation. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/ListTablesOutput type ListTablesOutput struct { _ struct{} `type:"structure"` @@ -7556,7 +7604,6 @@ func (s *ListTablesOutput) SetTableNames(v []*string) *ListTablesOutput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/ListTagsOfResourceInput type ListTagsOfResourceInput struct { _ struct{} `type:"structure"` @@ -7610,7 +7657,6 @@ func (s *ListTagsOfResourceInput) SetResourceArn(v string) *ListTagsOfResourceIn return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/ListTagsOfResourceOutput type ListTagsOfResourceOutput struct { _ struct{} `type:"structure"` @@ -7646,7 +7692,6 @@ func (s *ListTagsOfResourceOutput) SetTags(v []*Tag) *ListTagsOfResourceOutput { } // Represents the properties of a local secondary index. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/LocalSecondaryIndex type LocalSecondaryIndex struct { _ struct{} `type:"structure"` @@ -7752,7 +7797,6 @@ func (s *LocalSecondaryIndex) SetProjection(v *Projection) *LocalSecondaryIndex } // Represents the properties of a local secondary index. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/LocalSecondaryIndexDescription type LocalSecondaryIndexDescription struct { _ struct{} `type:"structure"` @@ -7842,7 +7886,6 @@ func (s *LocalSecondaryIndexDescription) SetProjection(v *Projection) *LocalSeco // Represents the properties of a local secondary index for the table when the // backup was created. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/LocalSecondaryIndexInfo type LocalSecondaryIndexInfo struct { _ struct{} `type:"structure"` @@ -7903,7 +7946,6 @@ func (s *LocalSecondaryIndexInfo) SetProjection(v *Projection) *LocalSecondaryIn // Represents attributes that are copied (projected) from the table into an // index. These are in addition to the primary key attributes and index key // attributes, which are automatically projected. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/Projection type Projection struct { _ struct{} `type:"structure"` @@ -7967,7 +8009,6 @@ func (s *Projection) SetProjectionType(v string) *Projection { // For current minimum and maximum provisioned throughput values, see Limits // (http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Limits.html) // in the Amazon DynamoDB Developer Guide. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/ProvisionedThroughput type ProvisionedThroughput struct { _ struct{} `type:"structure"` @@ -8034,7 +8075,6 @@ func (s *ProvisionedThroughput) SetWriteCapacityUnits(v int64) *ProvisionedThrou // Represents the provisioned throughput settings for the table, consisting // of read and write capacity units, along with data about increases and decreases. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/ProvisionedThroughputDescription type ProvisionedThroughputDescription struct { _ struct{} `type:"structure"` @@ -8102,7 +8142,6 @@ func (s *ProvisionedThroughputDescription) SetWriteCapacityUnits(v int64) *Provi } // Represents the input of a PutItem operation. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/PutItemInput type PutItemInput struct { _ struct{} `type:"structure"` @@ -8348,7 +8387,6 @@ func (s *PutItemInput) SetTableName(v string) *PutItemInput { } // Represents the output of a PutItem operation. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/PutItemOutput type PutItemOutput struct { _ struct{} `type:"structure"` @@ -8416,7 +8454,6 @@ func (s *PutItemOutput) SetItemCollectionMetrics(v *ItemCollectionMetrics) *PutI } // Represents a request to perform a PutItem operation on an item. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/PutRequest type PutRequest struct { _ struct{} `type:"structure"` @@ -8447,7 +8484,6 @@ func (s *PutRequest) SetItem(v map[string]*AttributeValue) *PutRequest { } // Represents the input of a Query operation. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/QueryInput type QueryInput struct { _ struct{} `type:"structure"` @@ -8559,10 +8595,11 @@ type QueryInput struct { // the Query action. // // The condition must perform an equality test on a single partition key value. - // The condition can also perform one of several comparison tests on a single - // sort key value. Query can use KeyConditionExpression to retrieve one item - // with a given partition key value and sort key value, or several items that - // have the same partition key value but different sort key values. + // + // The condition can optionally perform one of several comparison tests on a + // single sort key value. This allows Query to retrieve one item with a given + // partition key value and sort key value, or several items that have the same + // partition key value but different sort key values. // // The partition key equality test is required, and must be specified in the // following format: @@ -8900,7 +8937,6 @@ func (s *QueryInput) SetTableName(v string) *QueryInput { } // Represents the output of a Query operation. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/QueryOutput type QueryOutput struct { _ struct{} `type:"structure"` @@ -8989,7 +9025,6 @@ func (s *QueryOutput) SetScannedCount(v int64) *QueryOutput { } // Represents the properties of a replica. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/Replica type Replica struct { _ struct{} `type:"structure"` @@ -9014,7 +9049,6 @@ func (s *Replica) SetRegionName(v string) *Replica { } // Contains the details of the replica. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/ReplicaDescription type ReplicaDescription struct { _ struct{} `type:"structure"` @@ -9045,7 +9079,6 @@ func (s *ReplicaDescription) SetRegionName(v string) *ReplicaDescription { // * New parameters for an existing replica. // // * An existing replica to be removed from an existing global table. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/ReplicaUpdate type ReplicaUpdate struct { _ struct{} `type:"structure"` @@ -9099,7 +9132,6 @@ func (s *ReplicaUpdate) SetDelete(v *DeleteReplicaAction) *ReplicaUpdate { } // Contains details for the restore. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/RestoreSummary type RestoreSummary struct { _ struct{} `type:"structure"` @@ -9154,7 +9186,6 @@ func (s *RestoreSummary) SetSourceTableArn(v string) *RestoreSummary { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/RestoreTableFromBackupInput type RestoreTableFromBackupInput struct { _ struct{} `type:"structure"` @@ -9213,7 +9244,6 @@ func (s *RestoreTableFromBackupInput) SetTargetTableName(v string) *RestoreTable return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/RestoreTableFromBackupOutput type RestoreTableFromBackupOutput struct { _ struct{} `type:"structure"` @@ -9237,8 +9267,79 @@ func (s *RestoreTableFromBackupOutput) SetTableDescription(v *TableDescription) return s } +// The description of the server-side encryption status on the specified table. +type SSEDescription struct { + _ struct{} `type:"structure"` + + // The current state of server-side encryption: + // + // * ENABLING - Server-side encryption is being enabled. + // + // * ENABLED - Server-side encryption is enabled. + // + // * DISABLING - Server-side encryption is being disabled. + // + // * DISABLED - Server-side encryption is disabled. + Status *string `type:"string" enum:"SSEStatus"` +} + +// String returns the string representation +func (s SSEDescription) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s SSEDescription) GoString() string { + return s.String() +} + +// SetStatus sets the Status field's value. +func (s *SSEDescription) SetStatus(v string) *SSEDescription { + s.Status = &v + return s +} + +// Represents the settings used to enable server-side encryption. +type SSESpecification struct { + _ struct{} `type:"structure"` + + // Indicates whether server-side encryption is enabled (true) or disabled (false) + // on the table. + // + // Enabled is a required field + Enabled *bool `type:"boolean" required:"true"` +} + +// String returns the string representation +func (s SSESpecification) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s SSESpecification) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *SSESpecification) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "SSESpecification"} + if s.Enabled == nil { + invalidParams.Add(request.NewErrParamRequired("Enabled")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetEnabled sets the Enabled field's value. +func (s *SSESpecification) SetEnabled(v bool) *SSESpecification { + s.Enabled = &v + return s +} + // Represents the input of a Scan operation. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/ScanInput type ScanInput struct { _ struct{} `type:"structure"` @@ -9629,7 +9730,6 @@ func (s *ScanInput) SetTotalSegments(v int64) *ScanInput { } // Represents the output of a Scan operation. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/ScanOutput type ScanOutput struct { _ struct{} `type:"structure"` @@ -9717,7 +9817,6 @@ func (s *ScanOutput) SetScannedCount(v int64) *ScanOutput { } // Contains the details of the table when the backup was created. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/SourceTableDetails type SourceTableDetails struct { _ struct{} `type:"structure"` @@ -9816,7 +9915,6 @@ func (s *SourceTableDetails) SetTableSizeBytes(v int64) *SourceTableDetails { // Contains the details of the features enabled on the table when the backup // was created. For example, LSIs, GSIs, streams, TTL. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/SourceTableFeatureDetails type SourceTableFeatureDetails struct { _ struct{} `type:"structure"` @@ -9830,6 +9928,10 @@ type SourceTableFeatureDetails struct { // at the time of backup. LocalSecondaryIndexes []*LocalSecondaryIndexInfo `type:"list"` + // The description of the server-side encryption status on the table when the + // backup was created. + SSEDescription *SSEDescription `type:"structure"` + // Stream settings on the table when the backup was created. StreamDescription *StreamSpecification `type:"structure"` @@ -9859,6 +9961,12 @@ func (s *SourceTableFeatureDetails) SetLocalSecondaryIndexes(v []*LocalSecondary return s } +// SetSSEDescription sets the SSEDescription field's value. +func (s *SourceTableFeatureDetails) SetSSEDescription(v *SSEDescription) *SourceTableFeatureDetails { + s.SSEDescription = v + return s +} + // SetStreamDescription sets the StreamDescription field's value. func (s *SourceTableFeatureDetails) SetStreamDescription(v *StreamSpecification) *SourceTableFeatureDetails { s.StreamDescription = v @@ -9872,7 +9980,6 @@ func (s *SourceTableFeatureDetails) SetTimeToLiveDescription(v *TimeToLiveDescri } // Represents the DynamoDB Streams configuration for a table in DynamoDB. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/StreamSpecification type StreamSpecification struct { _ struct{} `type:"structure"` @@ -9921,7 +10028,6 @@ func (s *StreamSpecification) SetStreamViewType(v string) *StreamSpecification { } // Represents the properties of a table. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/TableDescription type TableDescription struct { _ struct{} `type:"structure"` @@ -10096,6 +10202,9 @@ type TableDescription struct { // Contains details for the restore. RestoreSummary *RestoreSummary `type:"structure"` + // The description of the server-side encryption status on the specified table. + SSEDescription *SSEDescription `type:"structure"` + // The current DynamoDB Streams configuration for the table. StreamSpecification *StreamSpecification `type:"structure"` @@ -10195,6 +10304,12 @@ func (s *TableDescription) SetRestoreSummary(v *RestoreSummary) *TableDescriptio return s } +// SetSSEDescription sets the SSEDescription field's value. +func (s *TableDescription) SetSSEDescription(v *SSEDescription) *TableDescription { + s.SSEDescription = v + return s +} + // SetStreamSpecification sets the StreamSpecification field's value. func (s *TableDescription) SetStreamSpecification(v *StreamSpecification) *TableDescription { s.StreamSpecification = v @@ -10241,7 +10356,6 @@ func (s *TableDescription) SetTableStatus(v string) *TableDescription { // // For an overview on tagging DynamoDB resources, see Tagging for DynamoDB (http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Tagging.html) // in the Amazon DynamoDB Developer Guide. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/Tag type Tag struct { _ struct{} `type:"structure"` @@ -10299,7 +10413,6 @@ func (s *Tag) SetValue(v string) *Tag { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/TagResourceInput type TagResourceInput struct { _ struct{} `type:"structure"` @@ -10366,7 +10479,6 @@ func (s *TagResourceInput) SetTags(v []*Tag) *TagResourceInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/TagResourceOutput type TagResourceOutput struct { _ struct{} `type:"structure"` } @@ -10382,7 +10494,6 @@ func (s TagResourceOutput) GoString() string { } // The description of the Time to Live (TTL) status on the specified table. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/TimeToLiveDescription type TimeToLiveDescription struct { _ struct{} `type:"structure"` @@ -10417,7 +10528,6 @@ func (s *TimeToLiveDescription) SetTimeToLiveStatus(v string) *TimeToLiveDescrip // Represents the settings used to enable or disable Time to Live for the specified // table. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/TimeToLiveSpecification type TimeToLiveSpecification struct { _ struct{} `type:"structure"` @@ -10475,7 +10585,6 @@ func (s *TimeToLiveSpecification) SetEnabled(v bool) *TimeToLiveSpecification { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/UntagResourceInput type UntagResourceInput struct { _ struct{} `type:"structure"` @@ -10533,7 +10642,6 @@ func (s *UntagResourceInput) SetTagKeys(v []*string) *UntagResourceInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/UntagResourceOutput type UntagResourceOutput struct { _ struct{} `type:"structure"` } @@ -10550,7 +10658,6 @@ func (s UntagResourceOutput) GoString() string { // Represents the new provisioned throughput settings to be applied to a global // secondary index. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/UpdateGlobalSecondaryIndexAction type UpdateGlobalSecondaryIndexAction struct { _ struct{} `type:"structure"` @@ -10616,7 +10723,6 @@ func (s *UpdateGlobalSecondaryIndexAction) SetProvisionedThroughput(v *Provision return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/UpdateGlobalTableInput type UpdateGlobalTableInput struct { _ struct{} `type:"structure"` @@ -10682,7 +10788,6 @@ func (s *UpdateGlobalTableInput) SetReplicaUpdates(v []*ReplicaUpdate) *UpdateGl return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/UpdateGlobalTableOutput type UpdateGlobalTableOutput struct { _ struct{} `type:"structure"` @@ -10707,7 +10812,6 @@ func (s *UpdateGlobalTableOutput) SetGlobalTableDescription(v *GlobalTableDescri } // Represents the input of an UpdateItem operation. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/UpdateItemInput type UpdateItemInput struct { _ struct{} `type:"structure"` @@ -11045,7 +11149,6 @@ func (s *UpdateItemInput) SetUpdateExpression(v string) *UpdateItemInput { } // Represents the output of an UpdateItem operation. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/UpdateItemOutput type UpdateItemOutput struct { _ struct{} `type:"structure"` @@ -11115,7 +11218,6 @@ func (s *UpdateItemOutput) SetItemCollectionMetrics(v *ItemCollectionMetrics) *U } // Represents the input of an UpdateTable operation. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/UpdateTableInput type UpdateTableInput struct { _ struct{} `type:"structure"` @@ -11236,7 +11338,6 @@ func (s *UpdateTableInput) SetTableName(v string) *UpdateTableInput { } // Represents the output of an UpdateTable operation. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/UpdateTableOutput type UpdateTableOutput struct { _ struct{} `type:"structure"` @@ -11261,7 +11362,6 @@ func (s *UpdateTableOutput) SetTableDescription(v *TableDescription) *UpdateTabl } // Represents the input of an UpdateTimeToLive operation. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/UpdateTimeToLiveInput type UpdateTimeToLiveInput struct { _ struct{} `type:"structure"` @@ -11323,7 +11423,6 @@ func (s *UpdateTimeToLiveInput) SetTimeToLiveSpecification(v *TimeToLiveSpecific return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/UpdateTimeToLiveOutput type UpdateTimeToLiveOutput struct { _ struct{} `type:"structure"` @@ -11351,7 +11450,6 @@ func (s *UpdateTimeToLiveOutput) SetTimeToLiveSpecification(v *TimeToLiveSpecifi // only request one of these operations, not both, in a single WriteRequest. // If you do need to perform both of these operations, you will need to provide // two separate WriteRequest objects. -// See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/WriteRequest type WriteRequest struct { _ struct{} `type:"structure"` @@ -11561,6 +11659,20 @@ const ( ReturnValueUpdatedNew = "UPDATED_NEW" ) +const ( + // SSEStatusEnabling is a SSEStatus enum value + SSEStatusEnabling = "ENABLING" + + // SSEStatusEnabled is a SSEStatus enum value + SSEStatusEnabled = "ENABLED" + + // SSEStatusDisabling is a SSEStatus enum value + SSEStatusDisabling = "DISABLING" + + // SSEStatusDisabled is a SSEStatus enum value + SSEStatusDisabled = "DISABLED" +) + const ( // ScalarAttributeTypeS is a ScalarAttributeType enum value ScalarAttributeTypeS = "S" diff --git a/vendor/github.com/aws/aws-sdk-go/service/dynamodb/errors.go b/vendor/github.com/aws/aws-sdk-go/service/dynamodb/errors.go index 41986cfd57e3..4f898d967371 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/dynamodb/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/dynamodb/errors.go @@ -57,12 +57,21 @@ const ( // ErrCodeLimitExceededException for service response error code // "LimitExceededException". // - // The number of concurrent table requests (cumulative number of tables in the - // CREATING, DELETING or UPDATING state) exceeds the maximum allowed of 10. + // Up to 50 CreateBackup operations are allowed per second, per account. There + // is no limit to the number of daily on-demand backups that can be taken. // - // Also, for tables with secondary indexes, only one of those tables can be - // in the CREATING state at any point in time. Do not attempt to create more - // than one such table simultaneously. + // Up to 10 simultaneous table operations are allowed per account. These operations + // include CreateTable, UpdateTable, DeleteTable,UpdateTimeToLive, and RestoreTableFromBackup. + // + // For tables with secondary indexes, only one of those tables can be in the + // CREATING state at any point in time. Do not attempt to create more than one + // such table simultaneously. + // + // The total limit of tables in the ACTIVE state is 250. + // + // For tables with secondary indexes, only one of those tables can be in the + // CREATING state at any point in time. Do not attempt to create more than one + // such table simultaneously. // // The total limit of tables in the ACTIVE state is 250. ErrCodeLimitExceededException = "LimitExceededException" diff --git a/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go b/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go index 1743b3449933..5d07969620de 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go @@ -8390,6 +8390,94 @@ func (c *EC2) DescribeAddressesWithContext(ctx aws.Context, input *DescribeAddre return out, req.Send() } +const opDescribeAggregateIdFormat = "DescribeAggregateIdFormat" + +// DescribeAggregateIdFormatRequest generates a "aws/request.Request" representing the +// client's request for the DescribeAggregateIdFormat operation. The "output" return +// value will be populated with the request's response once the request complets +// successfuly. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeAggregateIdFormat for more information on using the DescribeAggregateIdFormat +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DescribeAggregateIdFormatRequest method. +// req, resp := client.DescribeAggregateIdFormatRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeAggregateIdFormat +func (c *EC2) DescribeAggregateIdFormatRequest(input *DescribeAggregateIdFormatInput) (req *request.Request, output *DescribeAggregateIdFormatOutput) { + op := &request.Operation{ + Name: opDescribeAggregateIdFormat, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DescribeAggregateIdFormatInput{} + } + + output = &DescribeAggregateIdFormatOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeAggregateIdFormat API operation for Amazon Elastic Compute Cloud. +// +// Describes the longer ID format settings for all resource types in a specific +// region. This request is useful for performing a quick audit to determine +// whether a specific region is fully opted in for longer IDs (17-character +// IDs). +// +// This request only returns information about resource types that support longer +// IDs. +// +// The following resource types support longer IDs: bundle | conversion-task +// | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task +// | flow-log | image | import-task | instance | internet-gateway | network-acl +// | network-acl-association | network-interface | network-interface-attachment +// | prefix-list | reservation | route-table | route-table-association | security-group +// | snapshot | subnet | subnet-cidr-block-association | volume | vpc | vpc-cidr-block-association +// | vpc-peering-connection. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribeAggregateIdFormat for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeAggregateIdFormat +func (c *EC2) DescribeAggregateIdFormat(input *DescribeAggregateIdFormatInput) (*DescribeAggregateIdFormatOutput, error) { + req, out := c.DescribeAggregateIdFormatRequest(input) + return out, req.Send() +} + +// DescribeAggregateIdFormatWithContext is the same as DescribeAggregateIdFormat with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeAggregateIdFormat for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeAggregateIdFormatWithContext(ctx aws.Context, input *DescribeAggregateIdFormatInput, opts ...request.Option) (*DescribeAggregateIdFormatOutput, error) { + req, out := c.DescribeAggregateIdFormatRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDescribeAvailabilityZones = "DescribeAvailabilityZones" // DescribeAvailabilityZonesRequest generates a "aws/request.Request" representing the @@ -9666,8 +9754,13 @@ func (c *EC2) DescribeIdFormatRequest(input *DescribeIdFormatInput) (req *reques // request only returns information about resource types whose ID formats can // be modified; it does not return information about other resource types. // -// The following resource types support longer IDs: instance | reservation | -// snapshot | volume. +// The following resource types support longer IDs: bundle | conversion-task +// | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task +// | flow-log | image | import-task | instance | internet-gateway | network-acl +// | network-acl-association | network-interface | network-interface-attachment +// | prefix-list | reservation | route-table | route-table-association | security-group +// | snapshot | subnet | subnet-cidr-block-association | volume | vpc | vpc-cidr-block-association +// | vpc-peering-connection. // // These settings apply to the IAM user who makes the request; they do not apply // to the entire AWS account. By default, an IAM user defaults to the same settings @@ -9755,8 +9848,13 @@ func (c *EC2) DescribeIdentityIdFormatRequest(input *DescribeIdentityIdFormatInp // other resource types. For more information, see Resource IDs (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/resource-ids.html) // in the Amazon Elastic Compute Cloud User Guide. // -// The following resource types support longer IDs: instance | reservation | -// snapshot | volume. +// The following resource types support longer IDs: bundle | conversion-task +// | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task +// | flow-log | image | import-task | instance | internet-gateway | network-acl +// | network-acl-association | network-interface | network-interface-attachment +// | prefix-list | reservation | route-table | route-table-association | security-group +// | snapshot | subnet | subnet-cidr-block-association | volume | vpc | vpc-cidr-block-association +// | vpc-peering-connection. // // These settings apply to the principal specified in the request. They do not // apply to the principal that makes the request. @@ -11519,6 +11617,94 @@ func (c *EC2) DescribePrefixListsWithContext(ctx aws.Context, input *DescribePre return out, req.Send() } +const opDescribePrincipalIdFormat = "DescribePrincipalIdFormat" + +// DescribePrincipalIdFormatRequest generates a "aws/request.Request" representing the +// client's request for the DescribePrincipalIdFormat operation. The "output" return +// value will be populated with the request's response once the request complets +// successfuly. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribePrincipalIdFormat for more information on using the DescribePrincipalIdFormat +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DescribePrincipalIdFormatRequest method. +// req, resp := client.DescribePrincipalIdFormatRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribePrincipalIdFormat +func (c *EC2) DescribePrincipalIdFormatRequest(input *DescribePrincipalIdFormatInput) (req *request.Request, output *DescribePrincipalIdFormatOutput) { + op := &request.Operation{ + Name: opDescribePrincipalIdFormat, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DescribePrincipalIdFormatInput{} + } + + output = &DescribePrincipalIdFormatOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribePrincipalIdFormat API operation for Amazon Elastic Compute Cloud. +// +// Describes the ID format settings for the root user and all IAM roles and +// IAM users that have explicitly specified a longer ID (17-character ID) preference. +// +// By default, all IAM roles and IAM users default to the same ID settings as +// the root user, unless they explicitly override the settings. This request +// is useful for identifying those IAM users and IAM roles that have overridden +// the default ID settings. +// +// The following resource types support longer IDs: bundle | conversion-task +// | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task +// | flow-log | image | import-task | instance | internet-gateway | network-acl +// | network-acl-association | network-interface | network-interface-attachment +// | prefix-list | reservation | route-table | route-table-association | security-group +// | snapshot | subnet | subnet-cidr-block-association | volume | vpc | vpc-cidr-block-association +// | vpc-peering-connection. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribePrincipalIdFormat for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribePrincipalIdFormat +func (c *EC2) DescribePrincipalIdFormat(input *DescribePrincipalIdFormatInput) (*DescribePrincipalIdFormatOutput, error) { + req, out := c.DescribePrincipalIdFormatRequest(input) + return out, req.Send() +} + +// DescribePrincipalIdFormatWithContext is the same as DescribePrincipalIdFormat with the addition of +// the ability to pass a context and additional request options. +// +// See DescribePrincipalIdFormat for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribePrincipalIdFormatWithContext(ctx aws.Context, input *DescribePrincipalIdFormatInput, opts ...request.Option) (*DescribePrincipalIdFormatOutput, error) { + req, out := c.DescribePrincipalIdFormatRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDescribeRegions = "DescribeRegions" // DescribeRegionsRequest generates a "aws/request.Request" representing the @@ -17435,8 +17621,16 @@ func (c *EC2) ModifyIdFormatRequest(input *ModifyIdFormatInput) (req *request.Re // // Modifies the ID format for the specified resource on a per-region basis. // You can specify that resources should receive longer IDs (17-character IDs) -// when they are created. The following resource types support longer IDs: instance -// | reservation | snapshot | volume. +// when they are created. +// +// This request can only be used to modify longer ID settings for resource types +// that are within the opt-in period. Resources currently in their opt-in period +// include: bundle | conversion-task | dhcp-options | elastic-ip-allocation +// | elastic-ip-association | export-task | flow-log | image | import-task | +// internet-gateway | network-acl | network-acl-association | network-interface +// | network-interface-attachment | prefix-list | route-table | route-table-association +// | security-group | subnet | subnet-cidr-block-association | vpc | vpc-cidr-block-association +// | vpc-peering-connection. // // This setting applies to the IAM user who makes the request; it does not apply // to the entire AWS account. By default, an IAM user defaults to the same settings @@ -17528,8 +17722,16 @@ func (c *EC2) ModifyIdentityIdFormatRequest(input *ModifyIdentityIdFormatInput) // user for an account. You can specify that resources should receive longer // IDs (17-character IDs) when they are created. // -// The following resource types support longer IDs: instance | reservation | -// snapshot | volume. For more information, see Resource IDs (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/resource-ids.html) +// This request can only be used to modify longer ID settings for resource types +// that are within the opt-in period. Resources currently in their opt-in period +// include: bundle | conversion-task | dhcp-options | elastic-ip-allocation +// | elastic-ip-association | export-task | flow-log | image | import-task | +// internet-gateway | network-acl | network-acl-association | network-interface +// | network-interface-attachment | prefix-list | route-table | route-table-association +// | security-group | subnet | subnet-cidr-block-association | vpc | vpc-cidr-block-association +// | vpc-peering-connection.. +// +// For more information, see Resource IDs (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/resource-ids.html) // in the Amazon Elastic Compute Cloud User Guide. // // This setting applies to the principal specified in the request; it does not @@ -22266,7 +22468,6 @@ func (c *EC2) UpdateSecurityGroupRuleDescriptionsIngressWithContext(ctx aws.Cont } // Contains the parameters for accepting the quote. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AcceptReservedInstancesExchangeQuoteRequest type AcceptReservedInstancesExchangeQuoteInput struct { _ struct{} `type:"structure"` @@ -22339,7 +22540,6 @@ func (s *AcceptReservedInstancesExchangeQuoteInput) SetTargetConfigurations(v [] } // The result of the exchange and whether it was successful. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AcceptReservedInstancesExchangeQuoteResult type AcceptReservedInstancesExchangeQuoteOutput struct { _ struct{} `type:"structure"` @@ -22363,7 +22563,6 @@ func (s *AcceptReservedInstancesExchangeQuoteOutput) SetExchangeId(v string) *Ac return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AcceptVpcEndpointConnectionsRequest type AcceptVpcEndpointConnectionsInput struct { _ struct{} `type:"structure"` @@ -22428,7 +22627,6 @@ func (s *AcceptVpcEndpointConnectionsInput) SetVpcEndpointIds(v []*string) *Acce return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AcceptVpcEndpointConnectionsResult type AcceptVpcEndpointConnectionsOutput struct { _ struct{} `type:"structure"` @@ -22453,7 +22651,6 @@ func (s *AcceptVpcEndpointConnectionsOutput) SetUnsuccessful(v []*UnsuccessfulIt } // Contains the parameters for AcceptVpcPeeringConnection. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AcceptVpcPeeringConnectionRequest type AcceptVpcPeeringConnectionInput struct { _ struct{} `type:"structure"` @@ -22491,7 +22688,6 @@ func (s *AcceptVpcPeeringConnectionInput) SetVpcPeeringConnectionId(v string) *A } // Contains the output of AcceptVpcPeeringConnection. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AcceptVpcPeeringConnectionResult type AcceptVpcPeeringConnectionOutput struct { _ struct{} `type:"structure"` @@ -22516,7 +22712,6 @@ func (s *AcceptVpcPeeringConnectionOutput) SetVpcPeeringConnection(v *VpcPeering } // Describes an account attribute. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AccountAttribute type AccountAttribute struct { _ struct{} `type:"structure"` @@ -22550,7 +22745,6 @@ func (s *AccountAttribute) SetAttributeValues(v []*AccountAttributeValue) *Accou } // Describes a value of an account attribute. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AccountAttributeValue type AccountAttributeValue struct { _ struct{} `type:"structure"` @@ -22575,7 +22769,6 @@ func (s *AccountAttributeValue) SetAttributeValue(v string) *AccountAttributeVal } // Describes a running instance in a Spot Fleet. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ActiveInstance type ActiveInstance struct { _ struct{} `type:"structure"` @@ -22629,7 +22822,6 @@ func (s *ActiveInstance) SetSpotInstanceRequestId(v string) *ActiveInstance { } // Describes an Elastic IP address. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/Address type Address struct { _ struct{} `type:"structure"` @@ -22728,7 +22920,6 @@ func (s *Address) SetTags(v []*Tag) *Address { } // Contains the parameters for AllocateAddress. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AllocateAddressRequest type AllocateAddressInput struct { _ struct{} `type:"structure"` @@ -22776,7 +22967,6 @@ func (s *AllocateAddressInput) SetDryRun(v bool) *AllocateAddressInput { } // Contains the output of AllocateAddress. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AllocateAddressResult type AllocateAddressOutput struct { _ struct{} `type:"structure"` @@ -22821,7 +23011,6 @@ func (s *AllocateAddressOutput) SetPublicIp(v string) *AllocateAddressOutput { } // Contains the parameters for AllocateHosts. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AllocateHostsRequest type AllocateHostsInput struct { _ struct{} `type:"structure"` @@ -22916,7 +23105,6 @@ func (s *AllocateHostsInput) SetQuantity(v int64) *AllocateHostsInput { } // Contains the output of AllocateHosts. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AllocateHostsResult type AllocateHostsOutput struct { _ struct{} `type:"structure"` @@ -22942,7 +23130,6 @@ func (s *AllocateHostsOutput) SetHostIds(v []*string) *AllocateHostsOutput { } // Describes a principal. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AllowedPrincipal type AllowedPrincipal struct { _ struct{} `type:"structure"` @@ -22975,7 +23162,6 @@ func (s *AllowedPrincipal) SetPrincipalType(v string) *AllowedPrincipal { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AssignIpv6AddressesRequest type AssignIpv6AddressesInput struct { _ struct{} `type:"structure"` @@ -23035,7 +23221,6 @@ func (s *AssignIpv6AddressesInput) SetNetworkInterfaceId(v string) *AssignIpv6Ad return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AssignIpv6AddressesResult type AssignIpv6AddressesOutput struct { _ struct{} `type:"structure"` @@ -23069,7 +23254,6 @@ func (s *AssignIpv6AddressesOutput) SetNetworkInterfaceId(v string) *AssignIpv6A } // Contains the parameters for AssignPrivateIpAddresses. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AssignPrivateIpAddressesRequest type AssignPrivateIpAddressesInput struct { _ struct{} `type:"structure"` @@ -23142,7 +23326,6 @@ func (s *AssignPrivateIpAddressesInput) SetSecondaryPrivateIpAddressCount(v int6 return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AssignPrivateIpAddressesOutput type AssignPrivateIpAddressesOutput struct { _ struct{} `type:"structure"` } @@ -23158,7 +23341,6 @@ func (s AssignPrivateIpAddressesOutput) GoString() string { } // Contains the parameters for AssociateAddress. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AssociateAddressRequest type AssociateAddressInput struct { _ struct{} `type:"structure"` @@ -23251,7 +23433,6 @@ func (s *AssociateAddressInput) SetPublicIp(v string) *AssociateAddressInput { } // Contains the output of AssociateAddress. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AssociateAddressResult type AssociateAddressOutput struct { _ struct{} `type:"structure"` @@ -23277,7 +23458,6 @@ func (s *AssociateAddressOutput) SetAssociationId(v string) *AssociateAddressOut } // Contains the parameters for AssociateDhcpOptions. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AssociateDhcpOptionsRequest type AssociateDhcpOptionsInput struct { _ struct{} `type:"structure"` @@ -23343,7 +23523,6 @@ func (s *AssociateDhcpOptionsInput) SetVpcId(v string) *AssociateDhcpOptionsInpu return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AssociateDhcpOptionsOutput type AssociateDhcpOptionsOutput struct { _ struct{} `type:"structure"` } @@ -23358,7 +23537,6 @@ func (s AssociateDhcpOptionsOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AssociateIamInstanceProfileRequest type AssociateIamInstanceProfileInput struct { _ struct{} `type:"structure"` @@ -23411,7 +23589,6 @@ func (s *AssociateIamInstanceProfileInput) SetInstanceId(v string) *AssociateIam return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AssociateIamInstanceProfileResult type AssociateIamInstanceProfileOutput struct { _ struct{} `type:"structure"` @@ -23436,7 +23613,6 @@ func (s *AssociateIamInstanceProfileOutput) SetIamInstanceProfileAssociation(v * } // Contains the parameters for AssociateRouteTable. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AssociateRouteTableRequest type AssociateRouteTableInput struct { _ struct{} `type:"structure"` @@ -23502,7 +23678,6 @@ func (s *AssociateRouteTableInput) SetSubnetId(v string) *AssociateRouteTableInp } // Contains the output of AssociateRouteTable. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AssociateRouteTableResult type AssociateRouteTableOutput struct { _ struct{} `type:"structure"` @@ -23526,7 +23701,6 @@ func (s *AssociateRouteTableOutput) SetAssociationId(v string) *AssociateRouteTa return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AssociateSubnetCidrBlockRequest type AssociateSubnetCidrBlockInput struct { _ struct{} `type:"structure"` @@ -23579,7 +23753,6 @@ func (s *AssociateSubnetCidrBlockInput) SetSubnetId(v string) *AssociateSubnetCi return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AssociateSubnetCidrBlockResult type AssociateSubnetCidrBlockOutput struct { _ struct{} `type:"structure"` @@ -23612,7 +23785,6 @@ func (s *AssociateSubnetCidrBlockOutput) SetSubnetId(v string) *AssociateSubnetC return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AssociateVpcCidrBlockRequest type AssociateVpcCidrBlockInput struct { _ struct{} `type:"structure"` @@ -23671,7 +23843,6 @@ func (s *AssociateVpcCidrBlockInput) SetVpcId(v string) *AssociateVpcCidrBlockIn return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AssociateVpcCidrBlockResult type AssociateVpcCidrBlockOutput struct { _ struct{} `type:"structure"` @@ -23714,7 +23885,6 @@ func (s *AssociateVpcCidrBlockOutput) SetVpcId(v string) *AssociateVpcCidrBlockO } // Contains the parameters for AttachClassicLinkVpc. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AttachClassicLinkVpcRequest type AttachClassicLinkVpcInput struct { _ struct{} `type:"structure"` @@ -23795,7 +23965,6 @@ func (s *AttachClassicLinkVpcInput) SetVpcId(v string) *AttachClassicLinkVpcInpu } // Contains the output of AttachClassicLinkVpc. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AttachClassicLinkVpcResult type AttachClassicLinkVpcOutput struct { _ struct{} `type:"structure"` @@ -23820,7 +23989,6 @@ func (s *AttachClassicLinkVpcOutput) SetReturn(v bool) *AttachClassicLinkVpcOutp } // Contains the parameters for AttachInternetGateway. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AttachInternetGatewayRequest type AttachInternetGatewayInput struct { _ struct{} `type:"structure"` @@ -23885,7 +24053,6 @@ func (s *AttachInternetGatewayInput) SetVpcId(v string) *AttachInternetGatewayIn return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AttachInternetGatewayOutput type AttachInternetGatewayOutput struct { _ struct{} `type:"structure"` } @@ -23901,7 +24068,6 @@ func (s AttachInternetGatewayOutput) GoString() string { } // Contains the parameters for AttachNetworkInterface. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AttachNetworkInterfaceRequest type AttachNetworkInterfaceInput struct { _ struct{} `type:"structure"` @@ -23981,7 +24147,6 @@ func (s *AttachNetworkInterfaceInput) SetNetworkInterfaceId(v string) *AttachNet } // Contains the output of AttachNetworkInterface. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AttachNetworkInterfaceResult type AttachNetworkInterfaceOutput struct { _ struct{} `type:"structure"` @@ -24006,7 +24171,6 @@ func (s *AttachNetworkInterfaceOutput) SetAttachmentId(v string) *AttachNetworkI } // Contains the parameters for AttachVolume. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AttachVolumeRequest type AttachVolumeInput struct { _ struct{} `type:"structure"` @@ -24087,7 +24251,6 @@ func (s *AttachVolumeInput) SetVolumeId(v string) *AttachVolumeInput { } // Contains the parameters for AttachVpnGateway. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AttachVpnGatewayRequest type AttachVpnGatewayInput struct { _ struct{} `type:"structure"` @@ -24153,7 +24316,6 @@ func (s *AttachVpnGatewayInput) SetVpnGatewayId(v string) *AttachVpnGatewayInput } // Contains the output of AttachVpnGateway. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AttachVpnGatewayResult type AttachVpnGatewayOutput struct { _ struct{} `type:"structure"` @@ -24178,7 +24340,6 @@ func (s *AttachVpnGatewayOutput) SetVpcAttachment(v *VpcAttachment) *AttachVpnGa } // Describes a value for a resource attribute that is a Boolean value. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AttributeBooleanValue type AttributeBooleanValue struct { _ struct{} `type:"structure"` @@ -24203,7 +24364,6 @@ func (s *AttributeBooleanValue) SetValue(v bool) *AttributeBooleanValue { } // Describes a value for a resource attribute that is a String. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AttributeValue type AttributeValue struct { _ struct{} `type:"structure"` @@ -24228,7 +24388,6 @@ func (s *AttributeValue) SetValue(v string) *AttributeValue { } // Contains the parameters for AuthorizeSecurityGroupEgress. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AuthorizeSecurityGroupEgressRequest type AuthorizeSecurityGroupEgressInput struct { _ struct{} `type:"structure"` @@ -24346,7 +24505,6 @@ func (s *AuthorizeSecurityGroupEgressInput) SetToPort(v int64) *AuthorizeSecurit return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AuthorizeSecurityGroupEgressOutput type AuthorizeSecurityGroupEgressOutput struct { _ struct{} `type:"structure"` } @@ -24362,7 +24520,6 @@ func (s AuthorizeSecurityGroupEgressOutput) GoString() string { } // Contains the parameters for AuthorizeSecurityGroupIngress. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AuthorizeSecurityGroupIngressRequest type AuthorizeSecurityGroupIngressInput struct { _ struct{} `type:"structure"` @@ -24495,7 +24652,6 @@ func (s *AuthorizeSecurityGroupIngressInput) SetToPort(v int64) *AuthorizeSecuri return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AuthorizeSecurityGroupIngressOutput type AuthorizeSecurityGroupIngressOutput struct { _ struct{} `type:"structure"` } @@ -24511,7 +24667,6 @@ func (s AuthorizeSecurityGroupIngressOutput) GoString() string { } // Describes an Availability Zone. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AvailabilityZone type AvailabilityZone struct { _ struct{} `type:"structure"` @@ -24563,7 +24718,6 @@ func (s *AvailabilityZone) SetZoneName(v string) *AvailabilityZone { } // Describes a message about an Availability Zone. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AvailabilityZoneMessage type AvailabilityZoneMessage struct { _ struct{} `type:"structure"` @@ -24588,7 +24742,6 @@ func (s *AvailabilityZoneMessage) SetMessage(v string) *AvailabilityZoneMessage } // The capacity information for instances launched onto the Dedicated Host. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AvailableCapacity type AvailableCapacity struct { _ struct{} `type:"structure"` @@ -24621,7 +24774,6 @@ func (s *AvailableCapacity) SetAvailableVCpus(v int64) *AvailableCapacity { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/BlobAttributeValue type BlobAttributeValue struct { _ struct{} `type:"structure"` @@ -24646,7 +24798,6 @@ func (s *BlobAttributeValue) SetValue(v []byte) *BlobAttributeValue { } // Describes a block device mapping. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/BlockDeviceMapping type BlockDeviceMapping struct { _ struct{} `type:"structure"` @@ -24709,7 +24860,6 @@ func (s *BlockDeviceMapping) SetVirtualName(v string) *BlockDeviceMapping { } // Contains the parameters for BundleInstance. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/BundleInstanceRequest type BundleInstanceInput struct { _ struct{} `type:"structure"` @@ -24783,7 +24933,6 @@ func (s *BundleInstanceInput) SetStorage(v *Storage) *BundleInstanceInput { } // Contains the output of BundleInstance. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/BundleInstanceResult type BundleInstanceOutput struct { _ struct{} `type:"structure"` @@ -24808,7 +24957,6 @@ func (s *BundleInstanceOutput) SetBundleTask(v *BundleTask) *BundleInstanceOutpu } // Describes a bundle task. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/BundleTask type BundleTask struct { _ struct{} `type:"structure"` @@ -24896,7 +25044,6 @@ func (s *BundleTask) SetUpdateTime(v time.Time) *BundleTask { } // Describes an error for BundleInstance. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/BundleTaskError type BundleTaskError struct { _ struct{} `type:"structure"` @@ -24930,7 +25077,6 @@ func (s *BundleTaskError) SetMessage(v string) *BundleTaskError { } // Contains the parameters for CancelBundleTask. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CancelBundleTaskRequest type CancelBundleTaskInput struct { _ struct{} `type:"structure"` @@ -24982,7 +25128,6 @@ func (s *CancelBundleTaskInput) SetDryRun(v bool) *CancelBundleTaskInput { } // Contains the output of CancelBundleTask. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CancelBundleTaskResult type CancelBundleTaskOutput struct { _ struct{} `type:"structure"` @@ -25007,7 +25152,6 @@ func (s *CancelBundleTaskOutput) SetBundleTask(v *BundleTask) *CancelBundleTaskO } // Contains the parameters for CancelConversionTask. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CancelConversionRequest type CancelConversionTaskInput struct { _ struct{} `type:"structure"` @@ -25067,7 +25211,6 @@ func (s *CancelConversionTaskInput) SetReasonMessage(v string) *CancelConversion return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CancelConversionTaskOutput type CancelConversionTaskOutput struct { _ struct{} `type:"structure"` } @@ -25083,7 +25226,6 @@ func (s CancelConversionTaskOutput) GoString() string { } // Contains the parameters for CancelExportTask. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CancelExportTaskRequest type CancelExportTaskInput struct { _ struct{} `type:"structure"` @@ -25122,7 +25264,6 @@ func (s *CancelExportTaskInput) SetExportTaskId(v string) *CancelExportTaskInput return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CancelExportTaskOutput type CancelExportTaskOutput struct { _ struct{} `type:"structure"` } @@ -25138,7 +25279,6 @@ func (s CancelExportTaskOutput) GoString() string { } // Contains the parameters for CancelImportTask. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CancelImportTaskRequest type CancelImportTaskInput struct { _ struct{} `type:"structure"` @@ -25184,7 +25324,6 @@ func (s *CancelImportTaskInput) SetImportTaskId(v string) *CancelImportTaskInput } // Contains the output for CancelImportTask. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CancelImportTaskResult type CancelImportTaskOutput struct { _ struct{} `type:"structure"` @@ -25227,7 +25366,6 @@ func (s *CancelImportTaskOutput) SetState(v string) *CancelImportTaskOutput { } // Contains the parameters for CancelReservedInstancesListing. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CancelReservedInstancesListingRequest type CancelReservedInstancesListingInput struct { _ struct{} `type:"structure"` @@ -25267,7 +25405,6 @@ func (s *CancelReservedInstancesListingInput) SetReservedInstancesListingId(v st } // Contains the output of CancelReservedInstancesListing. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CancelReservedInstancesListingResult type CancelReservedInstancesListingOutput struct { _ struct{} `type:"structure"` @@ -25292,7 +25429,6 @@ func (s *CancelReservedInstancesListingOutput) SetReservedInstancesListings(v [] } // Describes a Spot Fleet error. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CancelSpotFleetRequestsError type CancelSpotFleetRequestsError struct { _ struct{} `type:"structure"` @@ -25330,7 +25466,6 @@ func (s *CancelSpotFleetRequestsError) SetMessage(v string) *CancelSpotFleetRequ } // Describes a Spot Fleet request that was not successfully canceled. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CancelSpotFleetRequestsErrorItem type CancelSpotFleetRequestsErrorItem struct { _ struct{} `type:"structure"` @@ -25368,7 +25503,6 @@ func (s *CancelSpotFleetRequestsErrorItem) SetSpotFleetRequestId(v string) *Canc } // Contains the parameters for CancelSpotFleetRequests. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CancelSpotFleetRequestsRequest type CancelSpotFleetRequestsInput struct { _ struct{} `type:"structure"` @@ -25435,7 +25569,6 @@ func (s *CancelSpotFleetRequestsInput) SetTerminateInstances(v bool) *CancelSpot } // Contains the output of CancelSpotFleetRequests. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CancelSpotFleetRequestsResponse type CancelSpotFleetRequestsOutput struct { _ struct{} `type:"structure"` @@ -25469,7 +25602,6 @@ func (s *CancelSpotFleetRequestsOutput) SetUnsuccessfulFleetRequests(v []*Cancel } // Describes a Spot Fleet request that was successfully canceled. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CancelSpotFleetRequestsSuccessItem type CancelSpotFleetRequestsSuccessItem struct { _ struct{} `type:"structure"` @@ -25518,7 +25650,6 @@ func (s *CancelSpotFleetRequestsSuccessItem) SetSpotFleetRequestId(v string) *Ca } // Contains the parameters for CancelSpotInstanceRequests. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CancelSpotInstanceRequestsRequest type CancelSpotInstanceRequestsInput struct { _ struct{} `type:"structure"` @@ -25570,7 +25701,6 @@ func (s *CancelSpotInstanceRequestsInput) SetSpotInstanceRequestIds(v []*string) } // Contains the output of CancelSpotInstanceRequests. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CancelSpotInstanceRequestsResult type CancelSpotInstanceRequestsOutput struct { _ struct{} `type:"structure"` @@ -25595,7 +25725,6 @@ func (s *CancelSpotInstanceRequestsOutput) SetCancelledSpotInstanceRequests(v [] } // Describes a request to cancel a Spot Instance. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CancelledSpotInstanceRequest type CancelledSpotInstanceRequest struct { _ struct{} `type:"structure"` @@ -25629,7 +25758,6 @@ func (s *CancelledSpotInstanceRequest) SetState(v string) *CancelledSpotInstance } // Describes an IPv4 CIDR block. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CidrBlock type CidrBlock struct { _ struct{} `type:"structure"` @@ -25654,7 +25782,6 @@ func (s *CidrBlock) SetCidrBlock(v string) *CidrBlock { } // Describes the ClassicLink DNS support status of a VPC. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ClassicLinkDnsSupport type ClassicLinkDnsSupport struct { _ struct{} `type:"structure"` @@ -25688,7 +25815,6 @@ func (s *ClassicLinkDnsSupport) SetVpcId(v string) *ClassicLinkDnsSupport { } // Describes a linked EC2-Classic instance. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ClassicLinkInstance type ClassicLinkInstance struct { _ struct{} `type:"structure"` @@ -25740,7 +25866,6 @@ func (s *ClassicLinkInstance) SetVpcId(v string) *ClassicLinkInstance { } // Describes a Classic Load Balancer. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ClassicLoadBalancer type ClassicLoadBalancer struct { _ struct{} `type:"structure"` @@ -25781,7 +25906,6 @@ func (s *ClassicLoadBalancer) SetName(v string) *ClassicLoadBalancer { // Describes the Classic Load Balancers to attach to a Spot Fleet. Spot Fleet // registers the running Spot Instances with these Classic Load Balancers. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ClassicLoadBalancersConfig type ClassicLoadBalancersConfig struct { _ struct{} `type:"structure"` @@ -25834,7 +25958,6 @@ func (s *ClassicLoadBalancersConfig) SetClassicLoadBalancers(v []*ClassicLoadBal } // Describes the client-specific data. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ClientData type ClientData struct { _ struct{} `type:"structure"` @@ -25886,7 +26009,6 @@ func (s *ClientData) SetUploadStart(v time.Time) *ClientData { } // Contains the parameters for ConfirmProductInstance. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ConfirmProductInstanceRequest type ConfirmProductInstanceInput struct { _ struct{} `type:"structure"` @@ -25952,7 +26074,6 @@ func (s *ConfirmProductInstanceInput) SetProductCode(v string) *ConfirmProductIn } // Contains the output of ConfirmProductInstance. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ConfirmProductInstanceResult type ConfirmProductInstanceOutput struct { _ struct{} `type:"structure"` @@ -25988,7 +26109,6 @@ func (s *ConfirmProductInstanceOutput) SetReturn(v bool) *ConfirmProductInstance } // Describes a connection notification for a VPC endpoint or VPC endpoint service. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ConnectionNotification type ConnectionNotification struct { _ struct{} `type:"structure"` @@ -26068,7 +26188,6 @@ func (s *ConnectionNotification) SetVpcEndpointId(v string) *ConnectionNotificat } // Describes a conversion task. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ConversionTask type ConversionTask struct { _ struct{} `type:"structure"` @@ -26153,7 +26272,6 @@ func (s *ConversionTask) SetTags(v []*Tag) *ConversionTask { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CopyFpgaImageRequest type CopyFpgaImageInput struct { _ struct{} `type:"structure"` @@ -26246,7 +26364,6 @@ func (s *CopyFpgaImageInput) SetSourceRegion(v string) *CopyFpgaImageInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CopyFpgaImageResult type CopyFpgaImageOutput struct { _ struct{} `type:"structure"` @@ -26271,7 +26388,6 @@ func (s *CopyFpgaImageOutput) SetFpgaImageId(v string) *CopyFpgaImageOutput { } // Contains the parameters for CopyImage. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CopyImageRequest type CopyImageInput struct { _ struct{} `type:"structure"` @@ -26400,7 +26516,6 @@ func (s *CopyImageInput) SetSourceRegion(v string) *CopyImageInput { } // Contains the output of CopyImage. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CopyImageResult type CopyImageOutput struct { _ struct{} `type:"structure"` @@ -26425,7 +26540,6 @@ func (s *CopyImageOutput) SetImageId(v string) *CopyImageOutput { } // Contains the parameters for CopySnapshot. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CopySnapshotRequest type CopySnapshotInput struct { _ struct{} `type:"structure"` @@ -26567,7 +26681,6 @@ func (s *CopySnapshotInput) SetSourceSnapshotId(v string) *CopySnapshotInput { } // Contains the output of CopySnapshot. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CopySnapshotResult type CopySnapshotOutput struct { _ struct{} `type:"structure"` @@ -26592,7 +26705,6 @@ func (s *CopySnapshotOutput) SetSnapshotId(v string) *CopySnapshotOutput { } // Contains the parameters for CreateCustomerGateway. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateCustomerGatewayRequest type CreateCustomerGatewayInput struct { _ struct{} `type:"structure"` @@ -26675,7 +26787,6 @@ func (s *CreateCustomerGatewayInput) SetType(v string) *CreateCustomerGatewayInp } // Contains the output of CreateCustomerGateway. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateCustomerGatewayResult type CreateCustomerGatewayOutput struct { _ struct{} `type:"structure"` @@ -26699,7 +26810,6 @@ func (s *CreateCustomerGatewayOutput) SetCustomerGateway(v *CustomerGateway) *Cr return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateDefaultSubnetRequest type CreateDefaultSubnetInput struct { _ struct{} `type:"structure"` @@ -26750,7 +26860,6 @@ func (s *CreateDefaultSubnetInput) SetDryRun(v bool) *CreateDefaultSubnetInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateDefaultSubnetResult type CreateDefaultSubnetOutput struct { _ struct{} `type:"structure"` @@ -26775,7 +26884,6 @@ func (s *CreateDefaultSubnetOutput) SetSubnet(v *Subnet) *CreateDefaultSubnetOut } // Contains the parameters for CreateDefaultVpc. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateDefaultVpcRequest type CreateDefaultVpcInput struct { _ struct{} `type:"structure"` @@ -26803,7 +26911,6 @@ func (s *CreateDefaultVpcInput) SetDryRun(v bool) *CreateDefaultVpcInput { } // Contains the output of CreateDefaultVpc. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateDefaultVpcResult type CreateDefaultVpcOutput struct { _ struct{} `type:"structure"` @@ -26828,7 +26935,6 @@ func (s *CreateDefaultVpcOutput) SetVpc(v *Vpc) *CreateDefaultVpcOutput { } // Contains the parameters for CreateDhcpOptions. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateDhcpOptionsRequest type CreateDhcpOptionsInput struct { _ struct{} `type:"structure"` @@ -26880,7 +26986,6 @@ func (s *CreateDhcpOptionsInput) SetDryRun(v bool) *CreateDhcpOptionsInput { } // Contains the output of CreateDhcpOptions. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateDhcpOptionsResult type CreateDhcpOptionsOutput struct { _ struct{} `type:"structure"` @@ -26904,7 +27009,6 @@ func (s *CreateDhcpOptionsOutput) SetDhcpOptions(v *DhcpOptions) *CreateDhcpOpti return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateEgressOnlyInternetGatewayRequest type CreateEgressOnlyInternetGatewayInput struct { _ struct{} `type:"structure"` @@ -26965,7 +27069,6 @@ func (s *CreateEgressOnlyInternetGatewayInput) SetVpcId(v string) *CreateEgressO return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateEgressOnlyInternetGatewayResult type CreateEgressOnlyInternetGatewayOutput struct { _ struct{} `type:"structure"` @@ -27000,7 +27103,6 @@ func (s *CreateEgressOnlyInternetGatewayOutput) SetEgressOnlyInternetGateway(v * } // Contains the parameters for CreateFlowLogs. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateFlowLogsRequest type CreateFlowLogsInput struct { _ struct{} `type:"structure"` @@ -27109,7 +27211,6 @@ func (s *CreateFlowLogsInput) SetTrafficType(v string) *CreateFlowLogsInput { } // Contains the output of CreateFlowLogs. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateFlowLogsResult type CreateFlowLogsOutput struct { _ struct{} `type:"structure"` @@ -27152,7 +27253,6 @@ func (s *CreateFlowLogsOutput) SetUnsuccessful(v []*UnsuccessfulItem) *CreateFlo return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateFpgaImageRequest type CreateFpgaImageInput struct { _ struct{} `type:"structure"` @@ -27241,7 +27341,6 @@ func (s *CreateFpgaImageInput) SetName(v string) *CreateFpgaImageInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateFpgaImageResult type CreateFpgaImageOutput struct { _ struct{} `type:"structure"` @@ -27275,7 +27374,6 @@ func (s *CreateFpgaImageOutput) SetFpgaImageId(v string) *CreateFpgaImageOutput } // Contains the parameters for CreateImage. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateImageRequest type CreateImageInput struct { _ struct{} `type:"structure"` @@ -27375,7 +27473,6 @@ func (s *CreateImageInput) SetNoReboot(v bool) *CreateImageInput { } // Contains the output of CreateImage. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateImageResult type CreateImageOutput struct { _ struct{} `type:"structure"` @@ -27400,7 +27497,6 @@ func (s *CreateImageOutput) SetImageId(v string) *CreateImageOutput { } // Contains the parameters for CreateInstanceExportTask. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateInstanceExportTaskRequest type CreateInstanceExportTaskInput struct { _ struct{} `type:"structure"` @@ -27468,7 +27564,6 @@ func (s *CreateInstanceExportTaskInput) SetTargetEnvironment(v string) *CreateIn } // Contains the output for CreateInstanceExportTask. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateInstanceExportTaskResult type CreateInstanceExportTaskOutput struct { _ struct{} `type:"structure"` @@ -27493,7 +27588,6 @@ func (s *CreateInstanceExportTaskOutput) SetExportTask(v *ExportTask) *CreateIns } // Contains the parameters for CreateInternetGateway. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateInternetGatewayRequest type CreateInternetGatewayInput struct { _ struct{} `type:"structure"` @@ -27521,7 +27615,6 @@ func (s *CreateInternetGatewayInput) SetDryRun(v bool) *CreateInternetGatewayInp } // Contains the output of CreateInternetGateway. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateInternetGatewayResult type CreateInternetGatewayOutput struct { _ struct{} `type:"structure"` @@ -27546,7 +27639,6 @@ func (s *CreateInternetGatewayOutput) SetInternetGateway(v *InternetGateway) *Cr } // Contains the parameters for CreateKeyPair. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateKeyPairRequest type CreateKeyPairInput struct { _ struct{} `type:"structure"` @@ -27600,7 +27692,6 @@ func (s *CreateKeyPairInput) SetKeyName(v string) *CreateKeyPairInput { } // Describes a key pair. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/KeyPair type CreateKeyPairOutput struct { _ struct{} `type:"structure"` @@ -27642,7 +27733,6 @@ func (s *CreateKeyPairOutput) SetKeyName(v string) *CreateKeyPairOutput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateLaunchTemplateRequest type CreateLaunchTemplateInput struct { _ struct{} `type:"structure"` @@ -27734,7 +27824,6 @@ func (s *CreateLaunchTemplateInput) SetVersionDescription(v string) *CreateLaunc return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateLaunchTemplateResult type CreateLaunchTemplateOutput struct { _ struct{} `type:"structure"` @@ -27758,7 +27847,6 @@ func (s *CreateLaunchTemplateOutput) SetLaunchTemplate(v *LaunchTemplate) *Creat return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateLaunchTemplateVersionRequest type CreateLaunchTemplateVersionInput struct { _ struct{} `type:"structure"` @@ -27867,7 +27955,6 @@ func (s *CreateLaunchTemplateVersionInput) SetVersionDescription(v string) *Crea return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateLaunchTemplateVersionResult type CreateLaunchTemplateVersionOutput struct { _ struct{} `type:"structure"` @@ -27892,7 +27979,6 @@ func (s *CreateLaunchTemplateVersionOutput) SetLaunchTemplateVersion(v *LaunchTe } // Contains the parameters for CreateNatGateway. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateNatGatewayRequest type CreateNatGatewayInput struct { _ struct{} `type:"structure"` @@ -27960,7 +28046,6 @@ func (s *CreateNatGatewayInput) SetSubnetId(v string) *CreateNatGatewayInput { } // Contains the output of CreateNatGateway. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateNatGatewayResult type CreateNatGatewayOutput struct { _ struct{} `type:"structure"` @@ -27995,7 +28080,6 @@ func (s *CreateNatGatewayOutput) SetNatGateway(v *NatGateway) *CreateNatGatewayO } // Contains the parameters for CreateNetworkAclEntry. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateNetworkAclEntryRequest type CreateNetworkAclEntryInput struct { _ struct{} `type:"structure"` @@ -28150,7 +28234,6 @@ func (s *CreateNetworkAclEntryInput) SetRuleNumber(v int64) *CreateNetworkAclEnt return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateNetworkAclEntryOutput type CreateNetworkAclEntryOutput struct { _ struct{} `type:"structure"` } @@ -28166,7 +28249,6 @@ func (s CreateNetworkAclEntryOutput) GoString() string { } // Contains the parameters for CreateNetworkAcl. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateNetworkAclRequest type CreateNetworkAclInput struct { _ struct{} `type:"structure"` @@ -28218,7 +28300,6 @@ func (s *CreateNetworkAclInput) SetVpcId(v string) *CreateNetworkAclInput { } // Contains the output of CreateNetworkAcl. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateNetworkAclResult type CreateNetworkAclOutput struct { _ struct{} `type:"structure"` @@ -28243,7 +28324,6 @@ func (s *CreateNetworkAclOutput) SetNetworkAcl(v *NetworkAcl) *CreateNetworkAclO } // Contains the parameters for CreateNetworkInterface. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateNetworkInterfaceRequest type CreateNetworkInterfaceInput struct { _ struct{} `type:"structure"` @@ -28385,7 +28465,6 @@ func (s *CreateNetworkInterfaceInput) SetSubnetId(v string) *CreateNetworkInterf } // Contains the output of CreateNetworkInterface. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateNetworkInterfaceResult type CreateNetworkInterfaceOutput struct { _ struct{} `type:"structure"` @@ -28410,7 +28489,6 @@ func (s *CreateNetworkInterfaceOutput) SetNetworkInterface(v *NetworkInterface) } // Contains the parameters for CreateNetworkInterfacePermission. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateNetworkInterfacePermissionRequest type CreateNetworkInterfacePermissionInput struct { _ struct{} `type:"structure"` @@ -28494,7 +28572,6 @@ func (s *CreateNetworkInterfacePermissionInput) SetPermission(v string) *CreateN } // Contains the output of CreateNetworkInterfacePermission. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateNetworkInterfacePermissionResult type CreateNetworkInterfacePermissionOutput struct { _ struct{} `type:"structure"` @@ -28519,7 +28596,6 @@ func (s *CreateNetworkInterfacePermissionOutput) SetInterfacePermission(v *Netwo } // Contains the parameters for CreatePlacementGroup. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreatePlacementGroupRequest type CreatePlacementGroupInput struct { _ struct{} `type:"structure"` @@ -28587,7 +28663,6 @@ func (s *CreatePlacementGroupInput) SetStrategy(v string) *CreatePlacementGroupI return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreatePlacementGroupOutput type CreatePlacementGroupOutput struct { _ struct{} `type:"structure"` } @@ -28603,7 +28678,6 @@ func (s CreatePlacementGroupOutput) GoString() string { } // Contains the parameters for CreateReservedInstancesListing. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateReservedInstancesListingRequest type CreateReservedInstancesListingInput struct { _ struct{} `type:"structure"` @@ -28691,7 +28765,6 @@ func (s *CreateReservedInstancesListingInput) SetReservedInstancesId(v string) * } // Contains the output of CreateReservedInstancesListing. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateReservedInstancesListingResult type CreateReservedInstancesListingOutput struct { _ struct{} `type:"structure"` @@ -28716,7 +28789,6 @@ func (s *CreateReservedInstancesListingOutput) SetReservedInstancesListings(v [] } // Contains the parameters for CreateRoute. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateRouteRequest type CreateRouteInput struct { _ struct{} `type:"structure"` @@ -28844,7 +28916,6 @@ func (s *CreateRouteInput) SetVpcPeeringConnectionId(v string) *CreateRouteInput } // Contains the output of CreateRoute. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateRouteResult type CreateRouteOutput struct { _ struct{} `type:"structure"` @@ -28869,7 +28940,6 @@ func (s *CreateRouteOutput) SetReturn(v bool) *CreateRouteOutput { } // Contains the parameters for CreateRouteTable. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateRouteTableRequest type CreateRouteTableInput struct { _ struct{} `type:"structure"` @@ -28921,7 +28991,6 @@ func (s *CreateRouteTableInput) SetVpcId(v string) *CreateRouteTableInput { } // Contains the output of CreateRouteTable. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateRouteTableResult type CreateRouteTableOutput struct { _ struct{} `type:"structure"` @@ -28946,7 +29015,6 @@ func (s *CreateRouteTableOutput) SetRouteTable(v *RouteTable) *CreateRouteTableO } // Contains the parameters for CreateSecurityGroup. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateSecurityGroupRequest type CreateSecurityGroupInput struct { _ struct{} `type:"structure"` @@ -28969,7 +29037,7 @@ type CreateSecurityGroupInput struct { // The name of the security group. // - // Constraints: Up to 255 characters in length + // Constraints: Up to 255 characters in length. Cannot start with sg-. // // Constraints for EC2-Classic: ASCII characters // @@ -29033,7 +29101,6 @@ func (s *CreateSecurityGroupInput) SetVpcId(v string) *CreateSecurityGroupInput } // Contains the output of CreateSecurityGroup. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateSecurityGroupResult type CreateSecurityGroupOutput struct { _ struct{} `type:"structure"` @@ -29058,7 +29125,6 @@ func (s *CreateSecurityGroupOutput) SetGroupId(v string) *CreateSecurityGroupOut } // Contains the parameters for CreateSnapshot. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateSnapshotRequest type CreateSnapshotInput struct { _ struct{} `type:"structure"` @@ -29119,7 +29185,6 @@ func (s *CreateSnapshotInput) SetVolumeId(v string) *CreateSnapshotInput { } // Contains the parameters for CreateSpotDatafeedSubscription. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateSpotDatafeedSubscriptionRequest type CreateSpotDatafeedSubscriptionInput struct { _ struct{} `type:"structure"` @@ -29180,7 +29245,6 @@ func (s *CreateSpotDatafeedSubscriptionInput) SetPrefix(v string) *CreateSpotDat } // Contains the output of CreateSpotDatafeedSubscription. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateSpotDatafeedSubscriptionResult type CreateSpotDatafeedSubscriptionOutput struct { _ struct{} `type:"structure"` @@ -29205,7 +29269,6 @@ func (s *CreateSpotDatafeedSubscriptionOutput) SetSpotDatafeedSubscription(v *Sp } // Contains the parameters for CreateSubnet. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateSubnetRequest type CreateSubnetInput struct { _ struct{} `type:"structure"` @@ -29293,7 +29356,6 @@ func (s *CreateSubnetInput) SetVpcId(v string) *CreateSubnetInput { } // Contains the output of CreateSubnet. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateSubnetResult type CreateSubnetOutput struct { _ struct{} `type:"structure"` @@ -29318,7 +29380,6 @@ func (s *CreateSubnetOutput) SetSubnet(v *Subnet) *CreateSubnetOutput { } // Contains the parameters for CreateTags. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateTagsRequest type CreateTagsInput struct { _ struct{} `type:"structure"` @@ -29385,7 +29446,6 @@ func (s *CreateTagsInput) SetTags(v []*Tag) *CreateTagsInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateTagsOutput type CreateTagsOutput struct { _ struct{} `type:"structure"` } @@ -29401,7 +29461,6 @@ func (s CreateTagsOutput) GoString() string { } // Contains the parameters for CreateVolume. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateVolumeRequest type CreateVolumeInput struct { _ struct{} `type:"structure"` @@ -29545,7 +29604,6 @@ func (s *CreateVolumeInput) SetVolumeType(v string) *CreateVolumeInput { // Describes the user or group to be added or removed from the permissions for // a volume. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateVolumePermission type CreateVolumePermission struct { _ struct{} `type:"structure"` @@ -29581,7 +29639,6 @@ func (s *CreateVolumePermission) SetUserId(v string) *CreateVolumePermission { } // Describes modifications to the permissions for a volume. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateVolumePermissionModifications type CreateVolumePermissionModifications struct { _ struct{} `type:"structure"` @@ -29616,7 +29673,6 @@ func (s *CreateVolumePermissionModifications) SetRemove(v []*CreateVolumePermiss return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateVpcEndpointConnectionNotificationRequest type CreateVpcEndpointConnectionNotificationInput struct { _ struct{} `type:"structure"` @@ -29710,7 +29766,6 @@ func (s *CreateVpcEndpointConnectionNotificationInput) SetVpcEndpointId(v string return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateVpcEndpointConnectionNotificationResult type CreateVpcEndpointConnectionNotificationOutput struct { _ struct{} `type:"structure"` @@ -29745,7 +29800,6 @@ func (s *CreateVpcEndpointConnectionNotificationOutput) SetConnectionNotificatio } // Contains the parameters for CreateVpcEndpoint. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateVpcEndpointRequest type CreateVpcEndpointInput struct { _ struct{} `type:"structure"` @@ -29895,7 +29949,6 @@ func (s *CreateVpcEndpointInput) SetVpcId(v string) *CreateVpcEndpointInput { } // Contains the output of CreateVpcEndpoint. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateVpcEndpointResult type CreateVpcEndpointOutput struct { _ struct{} `type:"structure"` @@ -29929,7 +29982,6 @@ func (s *CreateVpcEndpointOutput) SetVpcEndpoint(v *VpcEndpoint) *CreateVpcEndpo return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateVpcEndpointServiceConfigurationRequest type CreateVpcEndpointServiceConfigurationInput struct { _ struct{} `type:"structure"` @@ -30001,7 +30053,6 @@ func (s *CreateVpcEndpointServiceConfigurationInput) SetNetworkLoadBalancerArns( return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateVpcEndpointServiceConfigurationResult type CreateVpcEndpointServiceConfigurationOutput struct { _ struct{} `type:"structure"` @@ -30036,7 +30087,6 @@ func (s *CreateVpcEndpointServiceConfigurationOutput) SetServiceConfiguration(v } // Contains the parameters for CreateVpc. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateVpcRequest type CreateVpcInput struct { _ struct{} `type:"structure"` @@ -30117,7 +30167,6 @@ func (s *CreateVpcInput) SetInstanceTenancy(v string) *CreateVpcInput { } // Contains the output of CreateVpc. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateVpcResult type CreateVpcOutput struct { _ struct{} `type:"structure"` @@ -30142,7 +30191,6 @@ func (s *CreateVpcOutput) SetVpc(v *Vpc) *CreateVpcOutput { } // Contains the parameters for CreateVpcPeeringConnection. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateVpcPeeringConnectionRequest type CreateVpcPeeringConnectionInput struct { _ struct{} `type:"structure"` @@ -30212,7 +30260,6 @@ func (s *CreateVpcPeeringConnectionInput) SetVpcId(v string) *CreateVpcPeeringCo } // Contains the output of CreateVpcPeeringConnection. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateVpcPeeringConnectionResult type CreateVpcPeeringConnectionOutput struct { _ struct{} `type:"structure"` @@ -30237,7 +30284,6 @@ func (s *CreateVpcPeeringConnectionOutput) SetVpcPeeringConnection(v *VpcPeering } // Contains the parameters for CreateVpnConnection. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateVpnConnectionRequest type CreateVpnConnectionInput struct { _ struct{} `type:"structure"` @@ -30326,7 +30372,6 @@ func (s *CreateVpnConnectionInput) SetVpnGatewayId(v string) *CreateVpnConnectio } // Contains the output of CreateVpnConnection. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateVpnConnectionResult type CreateVpnConnectionOutput struct { _ struct{} `type:"structure"` @@ -30351,7 +30396,6 @@ func (s *CreateVpnConnectionOutput) SetVpnConnection(v *VpnConnection) *CreateVp } // Contains the parameters for CreateVpnConnectionRoute. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateVpnConnectionRouteRequest type CreateVpnConnectionRouteInput struct { _ struct{} `type:"structure"` @@ -30404,7 +30448,6 @@ func (s *CreateVpnConnectionRouteInput) SetVpnConnectionId(v string) *CreateVpnC return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateVpnConnectionRouteOutput type CreateVpnConnectionRouteOutput struct { _ struct{} `type:"structure"` } @@ -30420,7 +30463,6 @@ func (s CreateVpnConnectionRouteOutput) GoString() string { } // Contains the parameters for CreateVpnGateway. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateVpnGatewayRequest type CreateVpnGatewayInput struct { _ struct{} `type:"structure"` @@ -30494,7 +30536,6 @@ func (s *CreateVpnGatewayInput) SetType(v string) *CreateVpnGatewayInput { } // Contains the output of CreateVpnGateway. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateVpnGatewayResult type CreateVpnGatewayOutput struct { _ struct{} `type:"structure"` @@ -30519,7 +30560,6 @@ func (s *CreateVpnGatewayOutput) SetVpnGateway(v *VpnGateway) *CreateVpnGatewayO } // Describes the credit option for CPU usage of a T2 instance. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreditSpecification type CreditSpecification struct { _ struct{} `type:"structure"` @@ -30544,7 +30584,6 @@ func (s *CreditSpecification) SetCpuCredits(v string) *CreditSpecification { } // The credit option for CPU usage of a T2 instance. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreditSpecificationRequest type CreditSpecificationRequest struct { _ struct{} `type:"structure"` @@ -30585,7 +30624,6 @@ func (s *CreditSpecificationRequest) SetCpuCredits(v string) *CreditSpecificatio } // Describes a customer gateway. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CustomerGateway type CustomerGateway struct { _ struct{} `type:"structure"` @@ -30657,7 +30695,6 @@ func (s *CustomerGateway) SetType(v string) *CustomerGateway { } // Contains the parameters for DeleteCustomerGateway. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteCustomerGatewayRequest type DeleteCustomerGatewayInput struct { _ struct{} `type:"structure"` @@ -30708,7 +30745,6 @@ func (s *DeleteCustomerGatewayInput) SetDryRun(v bool) *DeleteCustomerGatewayInp return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteCustomerGatewayOutput type DeleteCustomerGatewayOutput struct { _ struct{} `type:"structure"` } @@ -30724,7 +30760,6 @@ func (s DeleteCustomerGatewayOutput) GoString() string { } // Contains the parameters for DeleteDhcpOptions. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteDhcpOptionsRequest type DeleteDhcpOptionsInput struct { _ struct{} `type:"structure"` @@ -30775,7 +30810,6 @@ func (s *DeleteDhcpOptionsInput) SetDryRun(v bool) *DeleteDhcpOptionsInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteDhcpOptionsOutput type DeleteDhcpOptionsOutput struct { _ struct{} `type:"structure"` } @@ -30790,7 +30824,6 @@ func (s DeleteDhcpOptionsOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteEgressOnlyInternetGatewayRequest type DeleteEgressOnlyInternetGatewayInput struct { _ struct{} `type:"structure"` @@ -30841,7 +30874,6 @@ func (s *DeleteEgressOnlyInternetGatewayInput) SetEgressOnlyInternetGatewayId(v return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteEgressOnlyInternetGatewayResult type DeleteEgressOnlyInternetGatewayOutput struct { _ struct{} `type:"structure"` @@ -30866,7 +30898,6 @@ func (s *DeleteEgressOnlyInternetGatewayOutput) SetReturnCode(v bool) *DeleteEgr } // Contains the parameters for DeleteFlowLogs. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteFlowLogsRequest type DeleteFlowLogsInput struct { _ struct{} `type:"structure"` @@ -30906,7 +30937,6 @@ func (s *DeleteFlowLogsInput) SetFlowLogIds(v []*string) *DeleteFlowLogsInput { } // Contains the output of DeleteFlowLogs. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteFlowLogsResult type DeleteFlowLogsOutput struct { _ struct{} `type:"structure"` @@ -30930,7 +30960,6 @@ func (s *DeleteFlowLogsOutput) SetUnsuccessful(v []*UnsuccessfulItem) *DeleteFlo return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteFpgaImageRequest type DeleteFpgaImageInput struct { _ struct{} `type:"structure"` @@ -30981,7 +31010,6 @@ func (s *DeleteFpgaImageInput) SetFpgaImageId(v string) *DeleteFpgaImageInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteFpgaImageResult type DeleteFpgaImageOutput struct { _ struct{} `type:"structure"` @@ -31006,7 +31034,6 @@ func (s *DeleteFpgaImageOutput) SetReturn(v bool) *DeleteFpgaImageOutput { } // Contains the parameters for DeleteInternetGateway. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteInternetGatewayRequest type DeleteInternetGatewayInput struct { _ struct{} `type:"structure"` @@ -31057,7 +31084,6 @@ func (s *DeleteInternetGatewayInput) SetInternetGatewayId(v string) *DeleteInter return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteInternetGatewayOutput type DeleteInternetGatewayOutput struct { _ struct{} `type:"structure"` } @@ -31073,7 +31099,6 @@ func (s DeleteInternetGatewayOutput) GoString() string { } // Contains the parameters for DeleteKeyPair. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteKeyPairRequest type DeleteKeyPairInput struct { _ struct{} `type:"structure"` @@ -31124,7 +31149,6 @@ func (s *DeleteKeyPairInput) SetKeyName(v string) *DeleteKeyPairInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteKeyPairOutput type DeleteKeyPairOutput struct { _ struct{} `type:"structure"` } @@ -31139,7 +31163,6 @@ func (s DeleteKeyPairOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteLaunchTemplateRequest type DeleteLaunchTemplateInput struct { _ struct{} `type:"structure"` @@ -31199,7 +31222,6 @@ func (s *DeleteLaunchTemplateInput) SetLaunchTemplateName(v string) *DeleteLaunc return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteLaunchTemplateResult type DeleteLaunchTemplateOutput struct { _ struct{} `type:"structure"` @@ -31223,7 +31245,6 @@ func (s *DeleteLaunchTemplateOutput) SetLaunchTemplate(v *LaunchTemplate) *Delet return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteLaunchTemplateVersionsRequest type DeleteLaunchTemplateVersionsInput struct { _ struct{} `type:"structure"` @@ -31297,7 +31318,6 @@ func (s *DeleteLaunchTemplateVersionsInput) SetVersions(v []*string) *DeleteLaun return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteLaunchTemplateVersionsResult type DeleteLaunchTemplateVersionsOutput struct { _ struct{} `type:"structure"` @@ -31331,7 +31351,6 @@ func (s *DeleteLaunchTemplateVersionsOutput) SetUnsuccessfullyDeletedLaunchTempl } // Describes a launch template version that could not be deleted. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteLaunchTemplateVersionsResponseErrorItem type DeleteLaunchTemplateVersionsResponseErrorItem struct { _ struct{} `type:"structure"` @@ -31383,7 +31402,6 @@ func (s *DeleteLaunchTemplateVersionsResponseErrorItem) SetVersionNumber(v int64 } // Describes a launch template version that was successfully deleted. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteLaunchTemplateVersionsResponseSuccessItem type DeleteLaunchTemplateVersionsResponseSuccessItem struct { _ struct{} `type:"structure"` @@ -31426,7 +31444,6 @@ func (s *DeleteLaunchTemplateVersionsResponseSuccessItem) SetVersionNumber(v int } // Contains the parameters for DeleteNatGateway. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteNatGatewayRequest type DeleteNatGatewayInput struct { _ struct{} `type:"structure"` @@ -31466,7 +31483,6 @@ func (s *DeleteNatGatewayInput) SetNatGatewayId(v string) *DeleteNatGatewayInput } // Contains the output of DeleteNatGateway. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteNatGatewayResult type DeleteNatGatewayOutput struct { _ struct{} `type:"structure"` @@ -31491,7 +31507,6 @@ func (s *DeleteNatGatewayOutput) SetNatGatewayId(v string) *DeleteNatGatewayOutp } // Contains the parameters for DeleteNetworkAclEntry. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteNetworkAclEntryRequest type DeleteNetworkAclEntryInput struct { _ struct{} `type:"structure"` @@ -31570,7 +31585,6 @@ func (s *DeleteNetworkAclEntryInput) SetRuleNumber(v int64) *DeleteNetworkAclEnt return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteNetworkAclEntryOutput type DeleteNetworkAclEntryOutput struct { _ struct{} `type:"structure"` } @@ -31586,7 +31600,6 @@ func (s DeleteNetworkAclEntryOutput) GoString() string { } // Contains the parameters for DeleteNetworkAcl. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteNetworkAclRequest type DeleteNetworkAclInput struct { _ struct{} `type:"structure"` @@ -31637,7 +31650,6 @@ func (s *DeleteNetworkAclInput) SetNetworkAclId(v string) *DeleteNetworkAclInput return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteNetworkAclOutput type DeleteNetworkAclOutput struct { _ struct{} `type:"structure"` } @@ -31653,7 +31665,6 @@ func (s DeleteNetworkAclOutput) GoString() string { } // Contains the parameters for DeleteNetworkInterface. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteNetworkInterfaceRequest type DeleteNetworkInterfaceInput struct { _ struct{} `type:"structure"` @@ -31704,7 +31715,6 @@ func (s *DeleteNetworkInterfaceInput) SetNetworkInterfaceId(v string) *DeleteNet return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteNetworkInterfaceOutput type DeleteNetworkInterfaceOutput struct { _ struct{} `type:"structure"` } @@ -31720,7 +31730,6 @@ func (s DeleteNetworkInterfaceOutput) GoString() string { } // Contains the parameters for DeleteNetworkInterfacePermission. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteNetworkInterfacePermissionRequest type DeleteNetworkInterfacePermissionInput struct { _ struct{} `type:"structure"` @@ -31782,7 +31791,6 @@ func (s *DeleteNetworkInterfacePermissionInput) SetNetworkInterfacePermissionId( } // Contains the output for DeleteNetworkInterfacePermission. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteNetworkInterfacePermissionResult type DeleteNetworkInterfacePermissionOutput struct { _ struct{} `type:"structure"` @@ -31807,7 +31815,6 @@ func (s *DeleteNetworkInterfacePermissionOutput) SetReturn(v bool) *DeleteNetwor } // Contains the parameters for DeletePlacementGroup. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeletePlacementGroupRequest type DeletePlacementGroupInput struct { _ struct{} `type:"structure"` @@ -31858,7 +31865,6 @@ func (s *DeletePlacementGroupInput) SetGroupName(v string) *DeletePlacementGroup return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeletePlacementGroupOutput type DeletePlacementGroupOutput struct { _ struct{} `type:"structure"` } @@ -31874,7 +31880,6 @@ func (s DeletePlacementGroupOutput) GoString() string { } // Contains the parameters for DeleteRoute. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteRouteRequest type DeleteRouteInput struct { _ struct{} `type:"structure"` @@ -31945,7 +31950,6 @@ func (s *DeleteRouteInput) SetRouteTableId(v string) *DeleteRouteInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteRouteOutput type DeleteRouteOutput struct { _ struct{} `type:"structure"` } @@ -31961,7 +31965,6 @@ func (s DeleteRouteOutput) GoString() string { } // Contains the parameters for DeleteRouteTable. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteRouteTableRequest type DeleteRouteTableInput struct { _ struct{} `type:"structure"` @@ -32012,7 +32015,6 @@ func (s *DeleteRouteTableInput) SetRouteTableId(v string) *DeleteRouteTableInput return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteRouteTableOutput type DeleteRouteTableOutput struct { _ struct{} `type:"structure"` } @@ -32028,7 +32030,6 @@ func (s DeleteRouteTableOutput) GoString() string { } // Contains the parameters for DeleteSecurityGroup. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteSecurityGroupRequest type DeleteSecurityGroupInput struct { _ struct{} `type:"structure"` @@ -32074,7 +32075,6 @@ func (s *DeleteSecurityGroupInput) SetGroupName(v string) *DeleteSecurityGroupIn return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteSecurityGroupOutput type DeleteSecurityGroupOutput struct { _ struct{} `type:"structure"` } @@ -32090,7 +32090,6 @@ func (s DeleteSecurityGroupOutput) GoString() string { } // Contains the parameters for DeleteSnapshot. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteSnapshotRequest type DeleteSnapshotInput struct { _ struct{} `type:"structure"` @@ -32141,7 +32140,6 @@ func (s *DeleteSnapshotInput) SetSnapshotId(v string) *DeleteSnapshotInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteSnapshotOutput type DeleteSnapshotOutput struct { _ struct{} `type:"structure"` } @@ -32157,7 +32155,6 @@ func (s DeleteSnapshotOutput) GoString() string { } // Contains the parameters for DeleteSpotDatafeedSubscription. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteSpotDatafeedSubscriptionRequest type DeleteSpotDatafeedSubscriptionInput struct { _ struct{} `type:"structure"` @@ -32184,7 +32181,6 @@ func (s *DeleteSpotDatafeedSubscriptionInput) SetDryRun(v bool) *DeleteSpotDataf return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteSpotDatafeedSubscriptionOutput type DeleteSpotDatafeedSubscriptionOutput struct { _ struct{} `type:"structure"` } @@ -32200,7 +32196,6 @@ func (s DeleteSpotDatafeedSubscriptionOutput) GoString() string { } // Contains the parameters for DeleteSubnet. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteSubnetRequest type DeleteSubnetInput struct { _ struct{} `type:"structure"` @@ -32251,7 +32246,6 @@ func (s *DeleteSubnetInput) SetSubnetId(v string) *DeleteSubnetInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteSubnetOutput type DeleteSubnetOutput struct { _ struct{} `type:"structure"` } @@ -32267,7 +32261,6 @@ func (s DeleteSubnetOutput) GoString() string { } // Contains the parameters for DeleteTags. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteTagsRequest type DeleteTagsInput struct { _ struct{} `type:"structure"` @@ -32332,7 +32325,6 @@ func (s *DeleteTagsInput) SetTags(v []*Tag) *DeleteTagsInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteTagsOutput type DeleteTagsOutput struct { _ struct{} `type:"structure"` } @@ -32348,7 +32340,6 @@ func (s DeleteTagsOutput) GoString() string { } // Contains the parameters for DeleteVolume. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteVolumeRequest type DeleteVolumeInput struct { _ struct{} `type:"structure"` @@ -32399,7 +32390,6 @@ func (s *DeleteVolumeInput) SetVolumeId(v string) *DeleteVolumeInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteVolumeOutput type DeleteVolumeOutput struct { _ struct{} `type:"structure"` } @@ -32414,7 +32404,6 @@ func (s DeleteVolumeOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteVpcEndpointConnectionNotificationsRequest type DeleteVpcEndpointConnectionNotificationsInput struct { _ struct{} `type:"structure"` @@ -32465,7 +32454,6 @@ func (s *DeleteVpcEndpointConnectionNotificationsInput) SetDryRun(v bool) *Delet return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteVpcEndpointConnectionNotificationsResult type DeleteVpcEndpointConnectionNotificationsOutput struct { _ struct{} `type:"structure"` @@ -32489,7 +32477,6 @@ func (s *DeleteVpcEndpointConnectionNotificationsOutput) SetUnsuccessful(v []*Un return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteVpcEndpointServiceConfigurationsRequest type DeleteVpcEndpointServiceConfigurationsInput struct { _ struct{} `type:"structure"` @@ -32540,7 +32527,6 @@ func (s *DeleteVpcEndpointServiceConfigurationsInput) SetServiceIds(v []*string) return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteVpcEndpointServiceConfigurationsResult type DeleteVpcEndpointServiceConfigurationsOutput struct { _ struct{} `type:"structure"` @@ -32565,7 +32551,6 @@ func (s *DeleteVpcEndpointServiceConfigurationsOutput) SetUnsuccessful(v []*Unsu } // Contains the parameters for DeleteVpcEndpoints. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteVpcEndpointsRequest type DeleteVpcEndpointsInput struct { _ struct{} `type:"structure"` @@ -32617,7 +32602,6 @@ func (s *DeleteVpcEndpointsInput) SetVpcEndpointIds(v []*string) *DeleteVpcEndpo } // Contains the output of DeleteVpcEndpoints. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteVpcEndpointsResult type DeleteVpcEndpointsOutput struct { _ struct{} `type:"structure"` @@ -32642,7 +32626,6 @@ func (s *DeleteVpcEndpointsOutput) SetUnsuccessful(v []*UnsuccessfulItem) *Delet } // Contains the parameters for DeleteVpc. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteVpcRequest type DeleteVpcInput struct { _ struct{} `type:"structure"` @@ -32693,7 +32676,6 @@ func (s *DeleteVpcInput) SetVpcId(v string) *DeleteVpcInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteVpcOutput type DeleteVpcOutput struct { _ struct{} `type:"structure"` } @@ -32709,7 +32691,6 @@ func (s DeleteVpcOutput) GoString() string { } // Contains the parameters for DeleteVpcPeeringConnection. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteVpcPeeringConnectionRequest type DeleteVpcPeeringConnectionInput struct { _ struct{} `type:"structure"` @@ -32761,7 +32742,6 @@ func (s *DeleteVpcPeeringConnectionInput) SetVpcPeeringConnectionId(v string) *D } // Contains the output of DeleteVpcPeeringConnection. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteVpcPeeringConnectionResult type DeleteVpcPeeringConnectionOutput struct { _ struct{} `type:"structure"` @@ -32786,7 +32766,6 @@ func (s *DeleteVpcPeeringConnectionOutput) SetReturn(v bool) *DeleteVpcPeeringCo } // Contains the parameters for DeleteVpnConnection. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteVpnConnectionRequest type DeleteVpnConnectionInput struct { _ struct{} `type:"structure"` @@ -32837,7 +32816,6 @@ func (s *DeleteVpnConnectionInput) SetVpnConnectionId(v string) *DeleteVpnConnec return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteVpnConnectionOutput type DeleteVpnConnectionOutput struct { _ struct{} `type:"structure"` } @@ -32853,7 +32831,6 @@ func (s DeleteVpnConnectionOutput) GoString() string { } // Contains the parameters for DeleteVpnConnectionRoute. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteVpnConnectionRouteRequest type DeleteVpnConnectionRouteInput struct { _ struct{} `type:"structure"` @@ -32906,7 +32883,6 @@ func (s *DeleteVpnConnectionRouteInput) SetVpnConnectionId(v string) *DeleteVpnC return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteVpnConnectionRouteOutput type DeleteVpnConnectionRouteOutput struct { _ struct{} `type:"structure"` } @@ -32922,7 +32898,6 @@ func (s DeleteVpnConnectionRouteOutput) GoString() string { } // Contains the parameters for DeleteVpnGateway. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteVpnGatewayRequest type DeleteVpnGatewayInput struct { _ struct{} `type:"structure"` @@ -32973,7 +32948,6 @@ func (s *DeleteVpnGatewayInput) SetVpnGatewayId(v string) *DeleteVpnGatewayInput return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteVpnGatewayOutput type DeleteVpnGatewayOutput struct { _ struct{} `type:"structure"` } @@ -32989,7 +32963,6 @@ func (s DeleteVpnGatewayOutput) GoString() string { } // Contains the parameters for DeregisterImage. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeregisterImageRequest type DeregisterImageInput struct { _ struct{} `type:"structure"` @@ -33040,7 +33013,6 @@ func (s *DeregisterImageInput) SetImageId(v string) *DeregisterImageInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeregisterImageOutput type DeregisterImageOutput struct { _ struct{} `type:"structure"` } @@ -33056,7 +33028,6 @@ func (s DeregisterImageOutput) GoString() string { } // Contains the parameters for DescribeAccountAttributes. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeAccountAttributesRequest type DescribeAccountAttributesInput struct { _ struct{} `type:"structure"` @@ -33093,7 +33064,6 @@ func (s *DescribeAccountAttributesInput) SetDryRun(v bool) *DescribeAccountAttri } // Contains the output of DescribeAccountAttributes. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeAccountAttributesResult type DescribeAccountAttributesOutput struct { _ struct{} `type:"structure"` @@ -33118,7 +33088,6 @@ func (s *DescribeAccountAttributesOutput) SetAccountAttributes(v []*AccountAttri } // Contains the parameters for DescribeAddresses. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeAddressesRequest type DescribeAddressesInput struct { _ struct{} `type:"structure"` @@ -33209,7 +33178,6 @@ func (s *DescribeAddressesInput) SetPublicIps(v []*string) *DescribeAddressesInp } // Contains the output of DescribeAddresses. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeAddressesResult type DescribeAddressesOutput struct { _ struct{} `type:"structure"` @@ -33233,8 +33201,67 @@ func (s *DescribeAddressesOutput) SetAddresses(v []*Address) *DescribeAddressesO return s } +type DescribeAggregateIdFormatInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` +} + +// String returns the string representation +func (s DescribeAggregateIdFormatInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeAggregateIdFormatInput) GoString() string { + return s.String() +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribeAggregateIdFormatInput) SetDryRun(v bool) *DescribeAggregateIdFormatInput { + s.DryRun = &v + return s +} + +type DescribeAggregateIdFormatOutput struct { + _ struct{} `type:"structure"` + + // Information about each resource's ID format. + Statuses []*IdFormat `locationName:"statusSet" locationNameList:"item" type:"list"` + + // Indicates whether all resrouces types in the region are configured to use + // longer IDs. This value will only be true if all users are configured to use + // longer IDs for all resources types in the region. + UseLongIdsAggregated *bool `locationName:"useLongIdsAggregated" type:"boolean"` +} + +// String returns the string representation +func (s DescribeAggregateIdFormatOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeAggregateIdFormatOutput) GoString() string { + return s.String() +} + +// SetStatuses sets the Statuses field's value. +func (s *DescribeAggregateIdFormatOutput) SetStatuses(v []*IdFormat) *DescribeAggregateIdFormatOutput { + s.Statuses = v + return s +} + +// SetUseLongIdsAggregated sets the UseLongIdsAggregated field's value. +func (s *DescribeAggregateIdFormatOutput) SetUseLongIdsAggregated(v bool) *DescribeAggregateIdFormatOutput { + s.UseLongIdsAggregated = &v + return s +} + // Contains the parameters for DescribeAvailabilityZones. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeAvailabilityZonesRequest type DescribeAvailabilityZonesInput struct { _ struct{} `type:"structure"` @@ -33290,7 +33317,6 @@ func (s *DescribeAvailabilityZonesInput) SetZoneNames(v []*string) *DescribeAvai } // Contains the output of DescribeAvailabiltyZones. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeAvailabilityZonesResult type DescribeAvailabilityZonesOutput struct { _ struct{} `type:"structure"` @@ -33315,7 +33341,6 @@ func (s *DescribeAvailabilityZonesOutput) SetAvailabilityZones(v []*Availability } // Contains the parameters for DescribeBundleTasks. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeBundleTasksRequest type DescribeBundleTasksInput struct { _ struct{} `type:"structure"` @@ -33385,7 +33410,6 @@ func (s *DescribeBundleTasksInput) SetFilters(v []*Filter) *DescribeBundleTasksI } // Contains the output of DescribeBundleTasks. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeBundleTasksResult type DescribeBundleTasksOutput struct { _ struct{} `type:"structure"` @@ -33410,7 +33434,6 @@ func (s *DescribeBundleTasksOutput) SetBundleTasks(v []*BundleTask) *DescribeBun } // Contains the parameters for DescribeClassicLinkInstances. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeClassicLinkInstancesRequest type DescribeClassicLinkInstancesInput struct { _ struct{} `type:"structure"` @@ -33501,7 +33524,6 @@ func (s *DescribeClassicLinkInstancesInput) SetNextToken(v string) *DescribeClas } // Contains the output of DescribeClassicLinkInstances. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeClassicLinkInstancesResult type DescribeClassicLinkInstancesOutput struct { _ struct{} `type:"structure"` @@ -33536,7 +33558,6 @@ func (s *DescribeClassicLinkInstancesOutput) SetNextToken(v string) *DescribeCla } // Contains the parameters for DescribeConversionTasks. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeConversionTasksRequest type DescribeConversionTasksInput struct { _ struct{} `type:"structure"` @@ -33573,7 +33594,6 @@ func (s *DescribeConversionTasksInput) SetDryRun(v bool) *DescribeConversionTask } // Contains the output for DescribeConversionTasks. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeConversionTasksResult type DescribeConversionTasksOutput struct { _ struct{} `type:"structure"` @@ -33598,7 +33618,6 @@ func (s *DescribeConversionTasksOutput) SetConversionTasks(v []*ConversionTask) } // Contains the parameters for DescribeCustomerGateways. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeCustomerGatewaysRequest type DescribeCustomerGatewaysInput struct { _ struct{} `type:"structure"` @@ -33676,7 +33695,6 @@ func (s *DescribeCustomerGatewaysInput) SetFilters(v []*Filter) *DescribeCustome } // Contains the output of DescribeCustomerGateways. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeCustomerGatewaysResult type DescribeCustomerGatewaysOutput struct { _ struct{} `type:"structure"` @@ -33701,7 +33719,6 @@ func (s *DescribeCustomerGatewaysOutput) SetCustomerGateways(v []*CustomerGatewa } // Contains the parameters for DescribeDhcpOptions. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeDhcpOptionsRequest type DescribeDhcpOptionsInput struct { _ struct{} `type:"structure"` @@ -33771,7 +33788,6 @@ func (s *DescribeDhcpOptionsInput) SetFilters(v []*Filter) *DescribeDhcpOptionsI } // Contains the output of DescribeDhcpOptions. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeDhcpOptionsResult type DescribeDhcpOptionsOutput struct { _ struct{} `type:"structure"` @@ -33795,7 +33811,6 @@ func (s *DescribeDhcpOptionsOutput) SetDhcpOptions(v []*DhcpOptions) *DescribeDh return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeEgressOnlyInternetGatewaysRequest type DescribeEgressOnlyInternetGatewaysInput struct { _ struct{} `type:"structure"` @@ -33852,7 +33867,6 @@ func (s *DescribeEgressOnlyInternetGatewaysInput) SetNextToken(v string) *Descri return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeEgressOnlyInternetGatewaysResult type DescribeEgressOnlyInternetGatewaysOutput struct { _ struct{} `type:"structure"` @@ -33885,7 +33899,6 @@ func (s *DescribeEgressOnlyInternetGatewaysOutput) SetNextToken(v string) *Descr return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeElasticGpusRequest type DescribeElasticGpusInput struct { _ struct{} `type:"structure"` @@ -33960,7 +33973,6 @@ func (s *DescribeElasticGpusInput) SetNextToken(v string) *DescribeElasticGpusIn return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeElasticGpusResult type DescribeElasticGpusOutput struct { _ struct{} `type:"structure"` @@ -34006,7 +34018,6 @@ func (s *DescribeElasticGpusOutput) SetNextToken(v string) *DescribeElasticGpusO } // Contains the parameters for DescribeExportTasks. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeExportTasksRequest type DescribeExportTasksInput struct { _ struct{} `type:"structure"` @@ -34031,7 +34042,6 @@ func (s *DescribeExportTasksInput) SetExportTaskIds(v []*string) *DescribeExport } // Contains the output for DescribeExportTasks. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeExportTasksResult type DescribeExportTasksOutput struct { _ struct{} `type:"structure"` @@ -34056,7 +34066,6 @@ func (s *DescribeExportTasksOutput) SetExportTasks(v []*ExportTask) *DescribeExp } // Contains the parameters for DescribeFlowLogs. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeFlowLogsRequest type DescribeFlowLogsInput struct { _ struct{} `type:"structure"` @@ -34122,7 +34131,6 @@ func (s *DescribeFlowLogsInput) SetNextToken(v string) *DescribeFlowLogsInput { } // Contains the output of DescribeFlowLogs. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeFlowLogsResult type DescribeFlowLogsOutput struct { _ struct{} `type:"structure"` @@ -34156,7 +34164,6 @@ func (s *DescribeFlowLogsOutput) SetNextToken(v string) *DescribeFlowLogsOutput return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeFpgaImageAttributeRequest type DescribeFpgaImageAttributeInput struct { _ struct{} `type:"structure"` @@ -34221,7 +34228,6 @@ func (s *DescribeFpgaImageAttributeInput) SetFpgaImageId(v string) *DescribeFpga return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeFpgaImageAttributeResult type DescribeFpgaImageAttributeOutput struct { _ struct{} `type:"structure"` @@ -34245,7 +34251,6 @@ func (s *DescribeFpgaImageAttributeOutput) SetFpgaImageAttribute(v *FpgaImageAtt return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeFpgaImagesRequest type DescribeFpgaImagesInput struct { _ struct{} `type:"structure"` @@ -34369,7 +34374,6 @@ func (s *DescribeFpgaImagesInput) SetOwners(v []*string) *DescribeFpgaImagesInpu return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeFpgaImagesResult type DescribeFpgaImagesOutput struct { _ struct{} `type:"structure"` @@ -34403,7 +34407,6 @@ func (s *DescribeFpgaImagesOutput) SetNextToken(v string) *DescribeFpgaImagesOut return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeHostReservationOfferingsRequest type DescribeHostReservationOfferingsInput struct { _ struct{} `type:"structure"` @@ -34487,7 +34490,6 @@ func (s *DescribeHostReservationOfferingsInput) SetOfferingId(v string) *Describ return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeHostReservationOfferingsResult type DescribeHostReservationOfferingsOutput struct { _ struct{} `type:"structure"` @@ -34521,7 +34523,6 @@ func (s *DescribeHostReservationOfferingsOutput) SetOfferingSet(v []*HostOfferin return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeHostReservationsRequest type DescribeHostReservationsInput struct { _ struct{} `type:"structure"` @@ -34582,7 +34583,6 @@ func (s *DescribeHostReservationsInput) SetNextToken(v string) *DescribeHostRese return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeHostReservationsResult type DescribeHostReservationsOutput struct { _ struct{} `type:"structure"` @@ -34617,7 +34617,6 @@ func (s *DescribeHostReservationsOutput) SetNextToken(v string) *DescribeHostRes } // Contains the parameters for DescribeHosts. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeHostsRequest type DescribeHostsInput struct { _ struct{} `type:"structure"` @@ -34689,7 +34688,6 @@ func (s *DescribeHostsInput) SetNextToken(v string) *DescribeHostsInput { } // Contains the output of DescribeHosts. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeHostsResult type DescribeHostsOutput struct { _ struct{} `type:"structure"` @@ -34723,7 +34721,6 @@ func (s *DescribeHostsOutput) SetNextToken(v string) *DescribeHostsOutput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeIamInstanceProfileAssociationsRequest type DescribeIamInstanceProfileAssociationsInput struct { _ struct{} `type:"structure"` @@ -34796,7 +34793,6 @@ func (s *DescribeIamInstanceProfileAssociationsInput) SetNextToken(v string) *De return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeIamInstanceProfileAssociationsResult type DescribeIamInstanceProfileAssociationsOutput struct { _ struct{} `type:"structure"` @@ -34831,11 +34827,15 @@ func (s *DescribeIamInstanceProfileAssociationsOutput) SetNextToken(v string) *D } // Contains the parameters for DescribeIdFormat. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeIdFormatRequest type DescribeIdFormatInput struct { _ struct{} `type:"structure"` - // The type of resource: instance | reservation | snapshot | volume + // The type of resource: bundle | conversion-task | dhcp-options | elastic-ip-allocation + // | elastic-ip-association | export-task | flow-log | image | import-task | + // instance | internet-gateway | network-acl | network-acl-association | network-interface + // | network-interface-attachment | prefix-list | reservation | route-table + // | route-table-association | security-group | snapshot | subnet | subnet-cidr-block-association + // | volume | vpc | vpc-cidr-block-association | vpc-peering-connection Resource *string `type:"string"` } @@ -34856,7 +34856,6 @@ func (s *DescribeIdFormatInput) SetResource(v string) *DescribeIdFormatInput { } // Contains the output of DescribeIdFormat. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeIdFormatResult type DescribeIdFormatOutput struct { _ struct{} `type:"structure"` @@ -34881,7 +34880,6 @@ func (s *DescribeIdFormatOutput) SetStatuses(v []*IdFormat) *DescribeIdFormatOut } // Contains the parameters for DescribeIdentityIdFormat. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeIdentityIdFormatRequest type DescribeIdentityIdFormatInput struct { _ struct{} `type:"structure"` @@ -34891,7 +34889,12 @@ type DescribeIdentityIdFormatInput struct { // PrincipalArn is a required field PrincipalArn *string `locationName:"principalArn" type:"string" required:"true"` - // The type of resource: instance | reservation | snapshot | volume + // The type of resource: bundle | conversion-task | dhcp-options | elastic-ip-allocation + // | elastic-ip-association | export-task | flow-log | image | import-task | + // instance | internet-gateway | network-acl | network-acl-association | network-interface + // | network-interface-attachment | prefix-list | reservation | route-table + // | route-table-association | security-group | snapshot | subnet | subnet-cidr-block-association + // | volume | vpc | vpc-cidr-block-association | vpc-peering-connection Resource *string `locationName:"resource" type:"string"` } @@ -34931,7 +34934,6 @@ func (s *DescribeIdentityIdFormatInput) SetResource(v string) *DescribeIdentityI } // Contains the output of DescribeIdentityIdFormat. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeIdentityIdFormatResult type DescribeIdentityIdFormatOutput struct { _ struct{} `type:"structure"` @@ -34956,7 +34958,6 @@ func (s *DescribeIdentityIdFormatOutput) SetStatuses(v []*IdFormat) *DescribeIde } // Contains the parameters for DescribeImageAttribute. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeImageAttributeRequest type DescribeImageAttributeInput struct { _ struct{} `type:"structure"` @@ -35026,7 +35027,6 @@ func (s *DescribeImageAttributeInput) SetImageId(v string) *DescribeImageAttribu } // Describes an image attribute. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ImageAttribute type DescribeImageAttributeOutput struct { _ struct{} `type:"structure"` @@ -35115,7 +35115,6 @@ func (s *DescribeImageAttributeOutput) SetSriovNetSupport(v *AttributeValue) *De } // Contains the parameters for DescribeImages. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeImagesRequest type DescribeImagesInput struct { _ struct{} `type:"structure"` @@ -35267,7 +35266,6 @@ func (s *DescribeImagesInput) SetOwners(v []*string) *DescribeImagesInput { } // Contains the output of DescribeImages. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeImagesResult type DescribeImagesOutput struct { _ struct{} `type:"structure"` @@ -35292,7 +35290,6 @@ func (s *DescribeImagesOutput) SetImages(v []*Image) *DescribeImagesOutput { } // Contains the parameters for DescribeImportImageTasks. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeImportImageTasksRequest type DescribeImportImageTasksInput struct { _ struct{} `type:"structure"` @@ -35358,7 +35355,6 @@ func (s *DescribeImportImageTasksInput) SetNextToken(v string) *DescribeImportIm } // Contains the output for DescribeImportImageTasks. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeImportImageTasksResult type DescribeImportImageTasksOutput struct { _ struct{} `type:"structure"` @@ -35394,7 +35390,6 @@ func (s *DescribeImportImageTasksOutput) SetNextToken(v string) *DescribeImportI } // Contains the parameters for DescribeImportSnapshotTasks. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeImportSnapshotTasksRequest type DescribeImportSnapshotTasksInput struct { _ struct{} `type:"structure"` @@ -35459,7 +35454,6 @@ func (s *DescribeImportSnapshotTasksInput) SetNextToken(v string) *DescribeImpor } // Contains the output for DescribeImportSnapshotTasks. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeImportSnapshotTasksResult type DescribeImportSnapshotTasksOutput struct { _ struct{} `type:"structure"` @@ -35495,7 +35489,6 @@ func (s *DescribeImportSnapshotTasksOutput) SetNextToken(v string) *DescribeImpo } // Contains the parameters for DescribeInstanceAttribute. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeInstanceAttributeRequest type DescribeInstanceAttributeInput struct { _ struct{} `type:"structure"` @@ -35563,7 +35556,6 @@ func (s *DescribeInstanceAttributeInput) SetInstanceId(v string) *DescribeInstan } // Describes an instance attribute. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/InstanceAttribute type DescribeInstanceAttributeOutput struct { _ struct{} `type:"structure"` @@ -35718,7 +35710,6 @@ func (s *DescribeInstanceAttributeOutput) SetUserData(v *AttributeValue) *Descri return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeInstanceCreditSpecificationsRequest type DescribeInstanceCreditSpecificationsInput struct { _ struct{} `type:"structure"` @@ -35790,7 +35781,6 @@ func (s *DescribeInstanceCreditSpecificationsInput) SetNextToken(v string) *Desc return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeInstanceCreditSpecificationsResult type DescribeInstanceCreditSpecificationsOutput struct { _ struct{} `type:"structure"` @@ -35825,7 +35815,6 @@ func (s *DescribeInstanceCreditSpecificationsOutput) SetNextToken(v string) *Des } // Contains the parameters for DescribeInstanceStatus. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeInstanceStatusRequest type DescribeInstanceStatusInput struct { _ struct{} `type:"structure"` @@ -35942,7 +35931,6 @@ func (s *DescribeInstanceStatusInput) SetNextToken(v string) *DescribeInstanceSt } // Contains the output of DescribeInstanceStatus. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeInstanceStatusResult type DescribeInstanceStatusOutput struct { _ struct{} `type:"structure"` @@ -35977,7 +35965,6 @@ func (s *DescribeInstanceStatusOutput) SetNextToken(v string) *DescribeInstanceS } // Contains the parameters for DescribeInstances. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeInstancesRequest type DescribeInstancesInput struct { _ struct{} `type:"structure"` @@ -36283,7 +36270,6 @@ func (s *DescribeInstancesInput) SetNextToken(v string) *DescribeInstancesInput } // Contains the output of DescribeInstances. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeInstancesResult type DescribeInstancesOutput struct { _ struct{} `type:"structure"` @@ -36318,7 +36304,6 @@ func (s *DescribeInstancesOutput) SetReservations(v []*Reservation) *DescribeIns } // Contains the parameters for DescribeInternetGateways. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeInternetGatewaysRequest type DescribeInternetGatewaysInput struct { _ struct{} `type:"structure"` @@ -36389,7 +36374,6 @@ func (s *DescribeInternetGatewaysInput) SetInternetGatewayIds(v []*string) *Desc } // Contains the output of DescribeInternetGateways. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeInternetGatewaysResult type DescribeInternetGatewaysOutput struct { _ struct{} `type:"structure"` @@ -36414,7 +36398,6 @@ func (s *DescribeInternetGatewaysOutput) SetInternetGateways(v []*InternetGatewa } // Contains the parameters for DescribeKeyPairs. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeKeyPairsRequest type DescribeKeyPairsInput struct { _ struct{} `type:"structure"` @@ -36466,7 +36449,6 @@ func (s *DescribeKeyPairsInput) SetKeyNames(v []*string) *DescribeKeyPairsInput } // Contains the output of DescribeKeyPairs. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeKeyPairsResult type DescribeKeyPairsOutput struct { _ struct{} `type:"structure"` @@ -36490,7 +36472,6 @@ func (s *DescribeKeyPairsOutput) SetKeyPairs(v []*KeyPairInfo) *DescribeKeyPairs return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeLaunchTemplateVersionsRequest type DescribeLaunchTemplateVersionsInput struct { _ struct{} `type:"structure"` @@ -36624,7 +36605,6 @@ func (s *DescribeLaunchTemplateVersionsInput) SetVersions(v []*string) *Describe return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeLaunchTemplateVersionsResult type DescribeLaunchTemplateVersionsOutput struct { _ struct{} `type:"structure"` @@ -36658,7 +36638,6 @@ func (s *DescribeLaunchTemplateVersionsOutput) SetNextToken(v string) *DescribeL return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeLaunchTemplatesRequest type DescribeLaunchTemplatesInput struct { _ struct{} `type:"structure"` @@ -36748,7 +36727,6 @@ func (s *DescribeLaunchTemplatesInput) SetNextToken(v string) *DescribeLaunchTem return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeLaunchTemplatesResult type DescribeLaunchTemplatesOutput struct { _ struct{} `type:"structure"` @@ -36783,7 +36761,6 @@ func (s *DescribeLaunchTemplatesOutput) SetNextToken(v string) *DescribeLaunchTe } // Contains the parameters for DescribeMovingAddresses. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeMovingAddressesRequest type DescribeMovingAddressesInput struct { _ struct{} `type:"structure"` @@ -36855,7 +36832,6 @@ func (s *DescribeMovingAddressesInput) SetPublicIps(v []*string) *DescribeMoving } // Contains the output of DescribeMovingAddresses. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeMovingAddressesResult type DescribeMovingAddressesOutput struct { _ struct{} `type:"structure"` @@ -36890,7 +36866,6 @@ func (s *DescribeMovingAddressesOutput) SetNextToken(v string) *DescribeMovingAd } // Contains the parameters for DescribeNatGateways. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeNatGatewaysRequest type DescribeNatGatewaysInput struct { _ struct{} `type:"structure"` @@ -36972,7 +36947,6 @@ func (s *DescribeNatGatewaysInput) SetNextToken(v string) *DescribeNatGatewaysIn } // Contains the output of DescribeNatGateways. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeNatGatewaysResult type DescribeNatGatewaysOutput struct { _ struct{} `type:"structure"` @@ -37007,7 +36981,6 @@ func (s *DescribeNatGatewaysOutput) SetNextToken(v string) *DescribeNatGatewaysO } // Contains the parameters for DescribeNetworkAcls. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeNetworkAclsRequest type DescribeNetworkAclsInput struct { _ struct{} `type:"structure"` @@ -37109,7 +37082,6 @@ func (s *DescribeNetworkAclsInput) SetNetworkAclIds(v []*string) *DescribeNetwor } // Contains the output of DescribeNetworkAcls. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeNetworkAclsResult type DescribeNetworkAclsOutput struct { _ struct{} `type:"structure"` @@ -37134,7 +37106,6 @@ func (s *DescribeNetworkAclsOutput) SetNetworkAcls(v []*NetworkAcl) *DescribeNet } // Contains the parameters for DescribeNetworkInterfaceAttribute. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeNetworkInterfaceAttributeRequest type DescribeNetworkInterfaceAttributeInput struct { _ struct{} `type:"structure"` @@ -37195,7 +37166,6 @@ func (s *DescribeNetworkInterfaceAttributeInput) SetNetworkInterfaceId(v string) } // Contains the output of DescribeNetworkInterfaceAttribute. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeNetworkInterfaceAttributeResult type DescribeNetworkInterfaceAttributeOutput struct { _ struct{} `type:"structure"` @@ -37256,7 +37226,6 @@ func (s *DescribeNetworkInterfaceAttributeOutput) SetSourceDestCheck(v *Attribut } // Contains the parameters for DescribeNetworkInterfacePermissions. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeNetworkInterfacePermissionsRequest type DescribeNetworkInterfacePermissionsInput struct { _ struct{} `type:"structure"` @@ -37323,7 +37292,6 @@ func (s *DescribeNetworkInterfacePermissionsInput) SetNextToken(v string) *Descr } // Contains the output for DescribeNetworkInterfacePermissions. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeNetworkInterfacePermissionsResult type DescribeNetworkInterfacePermissionsOutput struct { _ struct{} `type:"structure"` @@ -37357,7 +37325,6 @@ func (s *DescribeNetworkInterfacePermissionsOutput) SetNextToken(v string) *Desc } // Contains the parameters for DescribeNetworkInterfaces. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeNetworkInterfacesRequest type DescribeNetworkInterfacesInput struct { _ struct{} `type:"structure"` @@ -37515,7 +37482,6 @@ func (s *DescribeNetworkInterfacesInput) SetNetworkInterfaceIds(v []*string) *De } // Contains the output of DescribeNetworkInterfaces. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeNetworkInterfacesResult type DescribeNetworkInterfacesOutput struct { _ struct{} `type:"structure"` @@ -37540,7 +37506,6 @@ func (s *DescribeNetworkInterfacesOutput) SetNetworkInterfaces(v []*NetworkInter } // Contains the parameters for DescribePlacementGroups. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribePlacementGroupsRequest type DescribePlacementGroupsInput struct { _ struct{} `type:"structure"` @@ -37595,7 +37560,6 @@ func (s *DescribePlacementGroupsInput) SetGroupNames(v []*string) *DescribePlace } // Contains the output of DescribePlacementGroups. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribePlacementGroupsResult type DescribePlacementGroupsOutput struct { _ struct{} `type:"structure"` @@ -37620,7 +37584,6 @@ func (s *DescribePlacementGroupsOutput) SetPlacementGroups(v []*PlacementGroup) } // Contains the parameters for DescribePrefixLists. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribePrefixListsRequest type DescribePrefixListsInput struct { _ struct{} `type:"structure"` @@ -37694,7 +37657,6 @@ func (s *DescribePrefixListsInput) SetPrefixListIds(v []*string) *DescribePrefix } // Contains the output of DescribePrefixLists. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribePrefixListsResult type DescribePrefixListsOutput struct { _ struct{} `type:"structure"` @@ -37728,8 +37690,99 @@ func (s *DescribePrefixListsOutput) SetPrefixLists(v []*PrefixList) *DescribePre return s } +type DescribePrincipalIdFormatInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The maximum number of results to return in a single call. To retrieve the + // remaining results, make another call with the returned NextToken value. + MaxResults *int64 `type:"integer"` + + // The token to request the next page of results. + NextToken *string `type:"string"` + + // The type of resource: bundle | conversion-task | dhcp-options | elastic-ip-allocation + // | elastic-ip-association | export-task | flow-log | image | import-task | + // instance | internet-gateway | network-acl | network-acl-association | network-interface + // | network-interface-attachment | prefix-list | reservation | route-table + // | route-table-association | security-group | snapshot | subnet | subnet-cidr-block-association + // | volume | vpc | vpc-cidr-block-association | vpc-peering-connection + Resources []*string `locationName:"Resource" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s DescribePrincipalIdFormatInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribePrincipalIdFormatInput) GoString() string { + return s.String() +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribePrincipalIdFormatInput) SetDryRun(v bool) *DescribePrincipalIdFormatInput { + s.DryRun = &v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribePrincipalIdFormatInput) SetMaxResults(v int64) *DescribePrincipalIdFormatInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribePrincipalIdFormatInput) SetNextToken(v string) *DescribePrincipalIdFormatInput { + s.NextToken = &v + return s +} + +// SetResources sets the Resources field's value. +func (s *DescribePrincipalIdFormatInput) SetResources(v []*string) *DescribePrincipalIdFormatInput { + s.Resources = v + return s +} + +type DescribePrincipalIdFormatOutput struct { + _ struct{} `type:"structure"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` + + // Information about the ID format settings for the ARN. + Principals []*PrincipalIdFormat `locationName:"principalSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s DescribePrincipalIdFormatOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribePrincipalIdFormatOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribePrincipalIdFormatOutput) SetNextToken(v string) *DescribePrincipalIdFormatOutput { + s.NextToken = &v + return s +} + +// SetPrincipals sets the Principals field's value. +func (s *DescribePrincipalIdFormatOutput) SetPrincipals(v []*PrincipalIdFormat) *DescribePrincipalIdFormatOutput { + s.Principals = v + return s +} + // Contains the parameters for DescribeRegions. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeRegionsRequest type DescribeRegionsInput struct { _ struct{} `type:"structure"` @@ -37779,7 +37832,6 @@ func (s *DescribeRegionsInput) SetRegionNames(v []*string) *DescribeRegionsInput } // Contains the output of DescribeRegions. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeRegionsResult type DescribeRegionsOutput struct { _ struct{} `type:"structure"` @@ -37804,7 +37856,6 @@ func (s *DescribeRegionsOutput) SetRegions(v []*Region) *DescribeRegionsOutput { } // Contains the parameters for DescribeReservedInstances. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeReservedInstancesRequest type DescribeReservedInstancesInput struct { _ struct{} `type:"structure"` @@ -37924,7 +37975,6 @@ func (s *DescribeReservedInstancesInput) SetReservedInstancesIds(v []*string) *D } // Contains the parameters for DescribeReservedInstancesListings. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeReservedInstancesListingsRequest type DescribeReservedInstancesListingsInput struct { _ struct{} `type:"structure"` @@ -37976,7 +38026,6 @@ func (s *DescribeReservedInstancesListingsInput) SetReservedInstancesListingId(v } // Contains the output of DescribeReservedInstancesListings. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeReservedInstancesListingsResult type DescribeReservedInstancesListingsOutput struct { _ struct{} `type:"structure"` @@ -38001,7 +38050,6 @@ func (s *DescribeReservedInstancesListingsOutput) SetReservedInstancesListings(v } // Contains the parameters for DescribeReservedInstancesModifications. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeReservedInstancesModificationsRequest type DescribeReservedInstancesModificationsInput struct { _ struct{} `type:"structure"` @@ -38077,7 +38125,6 @@ func (s *DescribeReservedInstancesModificationsInput) SetReservedInstancesModifi } // Contains the output of DescribeReservedInstancesModifications. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeReservedInstancesModificationsResult type DescribeReservedInstancesModificationsOutput struct { _ struct{} `type:"structure"` @@ -38112,7 +38159,6 @@ func (s *DescribeReservedInstancesModificationsOutput) SetReservedInstancesModif } // Contains the parameters for DescribeReservedInstancesOfferings. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeReservedInstancesOfferingsRequest type DescribeReservedInstancesOfferingsInput struct { _ struct{} `type:"structure"` @@ -38322,7 +38368,6 @@ func (s *DescribeReservedInstancesOfferingsInput) SetReservedInstancesOfferingId } // Contains the output of DescribeReservedInstancesOfferings. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeReservedInstancesOfferingsResult type DescribeReservedInstancesOfferingsOutput struct { _ struct{} `type:"structure"` @@ -38357,7 +38402,6 @@ func (s *DescribeReservedInstancesOfferingsOutput) SetReservedInstancesOfferings } // Contains the output for DescribeReservedInstances. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeReservedInstancesResult type DescribeReservedInstancesOutput struct { _ struct{} `type:"structure"` @@ -38382,7 +38426,6 @@ func (s *DescribeReservedInstancesOutput) SetReservedInstances(v []*ReservedInst } // Contains the parameters for DescribeRouteTables. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeRouteTablesRequest type DescribeRouteTablesInput struct { _ struct{} `type:"structure"` @@ -38495,7 +38538,6 @@ func (s *DescribeRouteTablesInput) SetRouteTableIds(v []*string) *DescribeRouteT } // Contains the output of DescribeRouteTables. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeRouteTablesResult type DescribeRouteTablesOutput struct { _ struct{} `type:"structure"` @@ -38520,7 +38562,6 @@ func (s *DescribeRouteTablesOutput) SetRouteTables(v []*RouteTable) *DescribeRou } // Contains the parameters for DescribeScheduledInstanceAvailability. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeScheduledInstanceAvailabilityRequest type DescribeScheduledInstanceAvailabilityInput struct { _ struct{} `type:"structure"` @@ -38650,7 +38691,6 @@ func (s *DescribeScheduledInstanceAvailabilityInput) SetRecurrence(v *ScheduledI } // Contains the output of DescribeScheduledInstanceAvailability. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeScheduledInstanceAvailabilityResult type DescribeScheduledInstanceAvailabilityOutput struct { _ struct{} `type:"structure"` @@ -38685,7 +38725,6 @@ func (s *DescribeScheduledInstanceAvailabilityOutput) SetScheduledInstanceAvaila } // Contains the parameters for DescribeScheduledInstances. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeScheduledInstancesRequest type DescribeScheduledInstancesInput struct { _ struct{} `type:"structure"` @@ -38768,7 +38807,6 @@ func (s *DescribeScheduledInstancesInput) SetSlotStartTimeRange(v *SlotStartTime } // Contains the output of DescribeScheduledInstances. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeScheduledInstancesResult type DescribeScheduledInstancesOutput struct { _ struct{} `type:"structure"` @@ -38802,7 +38840,6 @@ func (s *DescribeScheduledInstancesOutput) SetScheduledInstanceSet(v []*Schedule return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeSecurityGroupReferencesRequest type DescribeSecurityGroupReferencesInput struct { _ struct{} `type:"structure"` @@ -38853,7 +38890,6 @@ func (s *DescribeSecurityGroupReferencesInput) SetGroupId(v []*string) *Describe return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeSecurityGroupReferencesResult type DescribeSecurityGroupReferencesOutput struct { _ struct{} `type:"structure"` @@ -38878,7 +38914,6 @@ func (s *DescribeSecurityGroupReferencesOutput) SetSecurityGroupReferenceSet(v [ } // Contains the parameters for DescribeSecurityGroups. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeSecurityGroupsRequest type DescribeSecurityGroupsInput struct { _ struct{} `type:"structure"` @@ -38977,7 +39012,8 @@ type DescribeSecurityGroupsInput struct { // The maximum number of results to return in a single call. To retrieve the // remaining results, make another request with the returned NextToken value. - // This value can be between 5 and 1000. + // This value can be between 5 and 1000. If this parameter is not specified, + // then all results are returned. MaxResults *int64 `type:"integer"` // The token to request the next page of results. @@ -39031,7 +39067,6 @@ func (s *DescribeSecurityGroupsInput) SetNextToken(v string) *DescribeSecurityGr } // Contains the output of DescribeSecurityGroups. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeSecurityGroupsResult type DescribeSecurityGroupsOutput struct { _ struct{} `type:"structure"` @@ -39066,7 +39101,6 @@ func (s *DescribeSecurityGroupsOutput) SetSecurityGroups(v []*SecurityGroup) *De } // Contains the parameters for DescribeSnapshotAttribute. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeSnapshotAttributeRequest type DescribeSnapshotAttributeInput struct { _ struct{} `type:"structure"` @@ -39132,7 +39166,6 @@ func (s *DescribeSnapshotAttributeInput) SetSnapshotId(v string) *DescribeSnapsh } // Contains the output of DescribeSnapshotAttribute. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeSnapshotAttributeResult type DescribeSnapshotAttributeOutput struct { _ struct{} `type:"structure"` @@ -39175,7 +39208,6 @@ func (s *DescribeSnapshotAttributeOutput) SetSnapshotId(v string) *DescribeSnaps } // Contains the parameters for DescribeSnapshots. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeSnapshotsRequest type DescribeSnapshotsInput struct { _ struct{} `type:"structure"` @@ -39309,7 +39341,6 @@ func (s *DescribeSnapshotsInput) SetSnapshotIds(v []*string) *DescribeSnapshotsI } // Contains the output of DescribeSnapshots. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeSnapshotsResult type DescribeSnapshotsOutput struct { _ struct{} `type:"structure"` @@ -39346,7 +39377,6 @@ func (s *DescribeSnapshotsOutput) SetSnapshots(v []*Snapshot) *DescribeSnapshots } // Contains the parameters for DescribeSpotDatafeedSubscription. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeSpotDatafeedSubscriptionRequest type DescribeSpotDatafeedSubscriptionInput struct { _ struct{} `type:"structure"` @@ -39374,7 +39404,6 @@ func (s *DescribeSpotDatafeedSubscriptionInput) SetDryRun(v bool) *DescribeSpotD } // Contains the output of DescribeSpotDatafeedSubscription. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeSpotDatafeedSubscriptionResult type DescribeSpotDatafeedSubscriptionOutput struct { _ struct{} `type:"structure"` @@ -39399,7 +39428,6 @@ func (s *DescribeSpotDatafeedSubscriptionOutput) SetSpotDatafeedSubscription(v * } // Contains the parameters for DescribeSpotFleetInstances. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeSpotFleetInstancesRequest type DescribeSpotFleetInstancesInput struct { _ struct{} `type:"structure"` @@ -39471,7 +39499,6 @@ func (s *DescribeSpotFleetInstancesInput) SetSpotFleetRequestId(v string) *Descr } // Contains the output of DescribeSpotFleetInstances. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeSpotFleetInstancesResponse type DescribeSpotFleetInstancesOutput struct { _ struct{} `type:"structure"` @@ -39520,7 +39547,6 @@ func (s *DescribeSpotFleetInstancesOutput) SetSpotFleetRequestId(v string) *Desc } // Contains the parameters for DescribeSpotFleetRequestHistory. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeSpotFleetRequestHistoryRequest type DescribeSpotFleetRequestHistoryInput struct { _ struct{} `type:"structure"` @@ -39615,7 +39641,6 @@ func (s *DescribeSpotFleetRequestHistoryInput) SetStartTime(v time.Time) *Descri } // Contains the output of DescribeSpotFleetRequestHistory. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeSpotFleetRequestHistoryResponse type DescribeSpotFleetRequestHistoryOutput struct { _ struct{} `type:"structure"` @@ -39688,7 +39713,6 @@ func (s *DescribeSpotFleetRequestHistoryOutput) SetStartTime(v time.Time) *Descr } // Contains the parameters for DescribeSpotFleetRequests. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeSpotFleetRequestsRequest type DescribeSpotFleetRequestsInput struct { _ struct{} `type:"structure"` @@ -39745,7 +39769,6 @@ func (s *DescribeSpotFleetRequestsInput) SetSpotFleetRequestIds(v []*string) *De } // Contains the output of DescribeSpotFleetRequests. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeSpotFleetRequestsResponse type DescribeSpotFleetRequestsOutput struct { _ struct{} `type:"structure"` @@ -39782,7 +39805,6 @@ func (s *DescribeSpotFleetRequestsOutput) SetSpotFleetRequestConfigs(v []*SpotFl } // Contains the parameters for DescribeSpotInstanceRequests. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeSpotInstanceRequestsRequest type DescribeSpotInstanceRequestsInput struct { _ struct{} `type:"structure"` @@ -39937,7 +39959,6 @@ func (s *DescribeSpotInstanceRequestsInput) SetSpotInstanceRequestIds(v []*strin } // Contains the output of DescribeSpotInstanceRequests. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeSpotInstanceRequestsResult type DescribeSpotInstanceRequestsOutput struct { _ struct{} `type:"structure"` @@ -39962,7 +39983,6 @@ func (s *DescribeSpotInstanceRequestsOutput) SetSpotInstanceRequests(v []*SpotIn } // Contains the parameters for DescribeSpotPriceHistory. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeSpotPriceHistoryRequest type DescribeSpotPriceHistoryInput struct { _ struct{} `type:"structure"` @@ -40082,12 +40102,11 @@ func (s *DescribeSpotPriceHistoryInput) SetStartTime(v time.Time) *DescribeSpotP } // Contains the output of DescribeSpotPriceHistory. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeSpotPriceHistoryResult type DescribeSpotPriceHistoryOutput struct { _ struct{} `type:"structure"` - // The token required to retrieve the next set of results. This value is null - // when there are no more results to return. + // The token required to retrieve the next set of results. This value is an + // empty string when there are no more results to return. NextToken *string `locationName:"nextToken" type:"string"` // The historical Spot prices. @@ -40116,7 +40135,6 @@ func (s *DescribeSpotPriceHistoryOutput) SetSpotPriceHistory(v []*SpotPrice) *De return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeStaleSecurityGroupsRequest type DescribeStaleSecurityGroupsInput struct { _ struct{} `type:"structure"` @@ -40194,7 +40212,6 @@ func (s *DescribeStaleSecurityGroupsInput) SetVpcId(v string) *DescribeStaleSecu return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeStaleSecurityGroupsResult type DescribeStaleSecurityGroupsOutput struct { _ struct{} `type:"structure"` @@ -40229,7 +40246,6 @@ func (s *DescribeStaleSecurityGroupsOutput) SetStaleSecurityGroupSet(v []*StaleS } // Contains the parameters for DescribeSubnets. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeSubnetsRequest type DescribeSubnetsInput struct { _ struct{} `type:"structure"` @@ -40321,7 +40337,6 @@ func (s *DescribeSubnetsInput) SetSubnetIds(v []*string) *DescribeSubnetsInput { } // Contains the output of DescribeSubnets. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeSubnetsResult type DescribeSubnetsOutput struct { _ struct{} `type:"structure"` @@ -40346,7 +40361,6 @@ func (s *DescribeSubnetsOutput) SetSubnets(v []*Subnet) *DescribeSubnetsOutput { } // Contains the parameters for DescribeTags. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeTagsRequest type DescribeTagsInput struct { _ struct{} `type:"structure"` @@ -40415,7 +40429,6 @@ func (s *DescribeTagsInput) SetNextToken(v string) *DescribeTagsInput { } // Contains the output of DescribeTags. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeTagsResult type DescribeTagsOutput struct { _ struct{} `type:"structure"` @@ -40450,7 +40463,6 @@ func (s *DescribeTagsOutput) SetTags(v []*TagDescription) *DescribeTagsOutput { } // Contains the parameters for DescribeVolumeAttribute. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVolumeAttributeRequest type DescribeVolumeAttributeInput struct { _ struct{} `type:"structure"` @@ -40511,7 +40523,6 @@ func (s *DescribeVolumeAttributeInput) SetVolumeId(v string) *DescribeVolumeAttr } // Contains the output of DescribeVolumeAttribute. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVolumeAttributeResult type DescribeVolumeAttributeOutput struct { _ struct{} `type:"structure"` @@ -40554,7 +40565,6 @@ func (s *DescribeVolumeAttributeOutput) SetVolumeId(v string) *DescribeVolumeAtt } // Contains the parameters for DescribeVolumeStatus. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVolumeStatusRequest type DescribeVolumeStatusInput struct { _ struct{} `type:"structure"` @@ -40660,7 +40670,6 @@ func (s *DescribeVolumeStatusInput) SetVolumeIds(v []*string) *DescribeVolumeSta } // Contains the output of DescribeVolumeStatus. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVolumeStatusResult type DescribeVolumeStatusOutput struct { _ struct{} `type:"structure"` @@ -40695,7 +40704,6 @@ func (s *DescribeVolumeStatusOutput) SetVolumeStatuses(v []*VolumeStatusItem) *D } // Contains the parameters for DescribeVolumes. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVolumesRequest type DescribeVolumesInput struct { _ struct{} `type:"structure"` @@ -40818,7 +40826,6 @@ func (s *DescribeVolumesInput) SetVolumeIds(v []*string) *DescribeVolumesInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVolumesModificationsRequest type DescribeVolumesModificationsInput struct { _ struct{} `type:"structure"` @@ -40884,7 +40891,6 @@ func (s *DescribeVolumesModificationsInput) SetVolumeIds(v []*string) *DescribeV return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVolumesModificationsResult type DescribeVolumesModificationsOutput struct { _ struct{} `type:"structure"` @@ -40918,7 +40924,6 @@ func (s *DescribeVolumesModificationsOutput) SetVolumesModifications(v []*Volume } // Contains the output of DescribeVolumes. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVolumesResult type DescribeVolumesOutput struct { _ struct{} `type:"structure"` @@ -40955,7 +40960,6 @@ func (s *DescribeVolumesOutput) SetVolumes(v []*Volume) *DescribeVolumesOutput { } // Contains the parameters for DescribeVpcAttribute. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVpcAttributeRequest type DescribeVpcAttributeInput struct { _ struct{} `type:"structure"` @@ -41021,7 +41025,6 @@ func (s *DescribeVpcAttributeInput) SetVpcId(v string) *DescribeVpcAttributeInpu } // Contains the output of DescribeVpcAttribute. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVpcAttributeResult type DescribeVpcAttributeOutput struct { _ struct{} `type:"structure"` @@ -41068,7 +41071,6 @@ func (s *DescribeVpcAttributeOutput) SetVpcId(v string) *DescribeVpcAttributeOut } // Contains the parameters for DescribeVpcClassicLinkDnsSupport. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVpcClassicLinkDnsSupportRequest type DescribeVpcClassicLinkDnsSupportInput struct { _ struct{} `type:"structure"` @@ -41130,7 +41132,6 @@ func (s *DescribeVpcClassicLinkDnsSupportInput) SetVpcIds(v []*string) *Describe } // Contains the output of DescribeVpcClassicLinkDnsSupport. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVpcClassicLinkDnsSupportResult type DescribeVpcClassicLinkDnsSupportOutput struct { _ struct{} `type:"structure"` @@ -41164,7 +41165,6 @@ func (s *DescribeVpcClassicLinkDnsSupportOutput) SetVpcs(v []*ClassicLinkDnsSupp } // Contains the parameters for DescribeVpcClassicLink. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVpcClassicLinkRequest type DescribeVpcClassicLinkInput struct { _ struct{} `type:"structure"` @@ -41229,7 +41229,6 @@ func (s *DescribeVpcClassicLinkInput) SetVpcIds(v []*string) *DescribeVpcClassic } // Contains the output of DescribeVpcClassicLink. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVpcClassicLinkResult type DescribeVpcClassicLinkOutput struct { _ struct{} `type:"structure"` @@ -41253,7 +41252,6 @@ func (s *DescribeVpcClassicLinkOutput) SetVpcs(v []*VpcClassicLink) *DescribeVpc return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVpcEndpointConnectionNotificationsRequest type DescribeVpcEndpointConnectionNotificationsInput struct { _ struct{} `type:"structure"` @@ -41330,7 +41328,6 @@ func (s *DescribeVpcEndpointConnectionNotificationsInput) SetNextToken(v string) return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVpcEndpointConnectionNotificationsResult type DescribeVpcEndpointConnectionNotificationsOutput struct { _ struct{} `type:"structure"` @@ -41364,7 +41361,6 @@ func (s *DescribeVpcEndpointConnectionNotificationsOutput) SetNextToken(v string return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVpcEndpointConnectionsRequest type DescribeVpcEndpointConnectionsInput struct { _ struct{} `type:"structure"` @@ -41431,7 +41427,6 @@ func (s *DescribeVpcEndpointConnectionsInput) SetNextToken(v string) *DescribeVp return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVpcEndpointConnectionsResult type DescribeVpcEndpointConnectionsOutput struct { _ struct{} `type:"structure"` @@ -41465,7 +41460,6 @@ func (s *DescribeVpcEndpointConnectionsOutput) SetVpcEndpointConnections(v []*Vp return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVpcEndpointServiceConfigurationsRequest type DescribeVpcEndpointServiceConfigurationsInput struct { _ struct{} `type:"structure"` @@ -41539,7 +41533,6 @@ func (s *DescribeVpcEndpointServiceConfigurationsInput) SetServiceIds(v []*strin return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVpcEndpointServiceConfigurationsResult type DescribeVpcEndpointServiceConfigurationsOutput struct { _ struct{} `type:"structure"` @@ -41573,7 +41566,6 @@ func (s *DescribeVpcEndpointServiceConfigurationsOutput) SetServiceConfiguration return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVpcEndpointServicePermissionsRequest type DescribeVpcEndpointServicePermissionsInput struct { _ struct{} `type:"structure"` @@ -41660,7 +41652,6 @@ func (s *DescribeVpcEndpointServicePermissionsInput) SetServiceId(v string) *Des return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVpcEndpointServicePermissionsResult type DescribeVpcEndpointServicePermissionsOutput struct { _ struct{} `type:"structure"` @@ -41695,7 +41686,6 @@ func (s *DescribeVpcEndpointServicePermissionsOutput) SetNextToken(v string) *De } // Contains the parameters for DescribeVpcEndpointServices. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVpcEndpointServicesRequest type DescribeVpcEndpointServicesInput struct { _ struct{} `type:"structure"` @@ -41766,7 +41756,6 @@ func (s *DescribeVpcEndpointServicesInput) SetServiceNames(v []*string) *Describ } // Contains the output of DescribeVpcEndpointServices. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVpcEndpointServicesResult type DescribeVpcEndpointServicesOutput struct { _ struct{} `type:"structure"` @@ -41810,7 +41799,6 @@ func (s *DescribeVpcEndpointServicesOutput) SetServiceNames(v []*string) *Descri } // Contains the parameters for DescribeVpcEndpoints. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVpcEndpointsRequest type DescribeVpcEndpointsInput struct { _ struct{} `type:"structure"` @@ -41888,7 +41876,6 @@ func (s *DescribeVpcEndpointsInput) SetVpcEndpointIds(v []*string) *DescribeVpcE } // Contains the output of DescribeVpcEndpoints. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVpcEndpointsResult type DescribeVpcEndpointsOutput struct { _ struct{} `type:"structure"` @@ -41923,7 +41910,6 @@ func (s *DescribeVpcEndpointsOutput) SetVpcEndpoints(v []*VpcEndpoint) *Describe } // Contains the parameters for DescribeVpcPeeringConnections. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVpcPeeringConnectionsRequest type DescribeVpcPeeringConnectionsInput struct { _ struct{} `type:"structure"` @@ -42012,7 +41998,6 @@ func (s *DescribeVpcPeeringConnectionsInput) SetVpcPeeringConnectionIds(v []*str } // Contains the output of DescribeVpcPeeringConnections. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVpcPeeringConnectionsResult type DescribeVpcPeeringConnectionsOutput struct { _ struct{} `type:"structure"` @@ -42037,7 +42022,6 @@ func (s *DescribeVpcPeeringConnectionsOutput) SetVpcPeeringConnections(v []*VpcP } // Contains the parameters for DescribeVpcs. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVpcsRequest type DescribeVpcsInput struct { _ struct{} `type:"structure"` @@ -42132,7 +42116,6 @@ func (s *DescribeVpcsInput) SetVpcIds(v []*string) *DescribeVpcsInput { } // Contains the output of DescribeVpcs. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVpcsResult type DescribeVpcsOutput struct { _ struct{} `type:"structure"` @@ -42157,7 +42140,6 @@ func (s *DescribeVpcsOutput) SetVpcs(v []*Vpc) *DescribeVpcsOutput { } // Contains the parameters for DescribeVpnConnections. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVpnConnectionsRequest type DescribeVpnConnectionsInput struct { _ struct{} `type:"structure"` @@ -42248,7 +42230,6 @@ func (s *DescribeVpnConnectionsInput) SetVpnConnectionIds(v []*string) *Describe } // Contains the output of DescribeVpnConnections. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVpnConnectionsResult type DescribeVpnConnectionsOutput struct { _ struct{} `type:"structure"` @@ -42273,7 +42254,6 @@ func (s *DescribeVpnConnectionsOutput) SetVpnConnections(v []*VpnConnection) *De } // Contains the parameters for DescribeVpnGateways. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVpnGatewaysRequest type DescribeVpnGatewaysInput struct { _ struct{} `type:"structure"` @@ -42356,7 +42336,6 @@ func (s *DescribeVpnGatewaysInput) SetVpnGatewayIds(v []*string) *DescribeVpnGat } // Contains the output of DescribeVpnGateways. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVpnGatewaysResult type DescribeVpnGatewaysOutput struct { _ struct{} `type:"structure"` @@ -42381,7 +42360,6 @@ func (s *DescribeVpnGatewaysOutput) SetVpnGateways(v []*VpnGateway) *DescribeVpn } // Contains the parameters for DetachClassicLinkVpc. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DetachClassicLinkVpcRequest type DetachClassicLinkVpcInput struct { _ struct{} `type:"structure"` @@ -42447,7 +42425,6 @@ func (s *DetachClassicLinkVpcInput) SetVpcId(v string) *DetachClassicLinkVpcInpu } // Contains the output of DetachClassicLinkVpc. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DetachClassicLinkVpcResult type DetachClassicLinkVpcOutput struct { _ struct{} `type:"structure"` @@ -42472,7 +42449,6 @@ func (s *DetachClassicLinkVpcOutput) SetReturn(v bool) *DetachClassicLinkVpcOutp } // Contains the parameters for DetachInternetGateway. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DetachInternetGatewayRequest type DetachInternetGatewayInput struct { _ struct{} `type:"structure"` @@ -42537,7 +42513,6 @@ func (s *DetachInternetGatewayInput) SetVpcId(v string) *DetachInternetGatewayIn return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DetachInternetGatewayOutput type DetachInternetGatewayOutput struct { _ struct{} `type:"structure"` } @@ -42553,7 +42528,6 @@ func (s DetachInternetGatewayOutput) GoString() string { } // Contains the parameters for DetachNetworkInterface. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DetachNetworkInterfaceRequest type DetachNetworkInterfaceInput struct { _ struct{} `type:"structure"` @@ -42613,7 +42587,6 @@ func (s *DetachNetworkInterfaceInput) SetForce(v bool) *DetachNetworkInterfaceIn return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DetachNetworkInterfaceOutput type DetachNetworkInterfaceOutput struct { _ struct{} `type:"structure"` } @@ -42629,7 +42602,6 @@ func (s DetachNetworkInterfaceOutput) GoString() string { } // Contains the parameters for DetachVolume. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DetachVolumeRequest type DetachVolumeInput struct { _ struct{} `type:"structure"` @@ -42714,7 +42686,6 @@ func (s *DetachVolumeInput) SetVolumeId(v string) *DetachVolumeInput { } // Contains the parameters for DetachVpnGateway. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DetachVpnGatewayRequest type DetachVpnGatewayInput struct { _ struct{} `type:"structure"` @@ -42779,7 +42750,6 @@ func (s *DetachVpnGatewayInput) SetVpnGatewayId(v string) *DetachVpnGatewayInput return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DetachVpnGatewayOutput type DetachVpnGatewayOutput struct { _ struct{} `type:"structure"` } @@ -42795,7 +42765,6 @@ func (s DetachVpnGatewayOutput) GoString() string { } // Describes a DHCP configuration option. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DhcpConfiguration type DhcpConfiguration struct { _ struct{} `type:"structure"` @@ -42829,7 +42798,6 @@ func (s *DhcpConfiguration) SetValues(v []*AttributeValue) *DhcpConfiguration { } // Describes a set of DHCP options. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DhcpOptions type DhcpOptions struct { _ struct{} `type:"structure"` @@ -42872,7 +42840,6 @@ func (s *DhcpOptions) SetTags(v []*Tag) *DhcpOptions { } // Contains the parameters for DisableVgwRoutePropagation. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisableVgwRoutePropagationRequest type DisableVgwRoutePropagationInput struct { _ struct{} `type:"structure"` @@ -42925,7 +42892,6 @@ func (s *DisableVgwRoutePropagationInput) SetRouteTableId(v string) *DisableVgwR return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisableVgwRoutePropagationOutput type DisableVgwRoutePropagationOutput struct { _ struct{} `type:"structure"` } @@ -42941,7 +42907,6 @@ func (s DisableVgwRoutePropagationOutput) GoString() string { } // Contains the parameters for DisableVpcClassicLinkDnsSupport. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisableVpcClassicLinkDnsSupportRequest type DisableVpcClassicLinkDnsSupportInput struct { _ struct{} `type:"structure"` @@ -42966,7 +42931,6 @@ func (s *DisableVpcClassicLinkDnsSupportInput) SetVpcId(v string) *DisableVpcCla } // Contains the output of DisableVpcClassicLinkDnsSupport. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisableVpcClassicLinkDnsSupportResult type DisableVpcClassicLinkDnsSupportOutput struct { _ struct{} `type:"structure"` @@ -42991,7 +42955,6 @@ func (s *DisableVpcClassicLinkDnsSupportOutput) SetReturn(v bool) *DisableVpcCla } // Contains the parameters for DisableVpcClassicLink. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisableVpcClassicLinkRequest type DisableVpcClassicLinkInput struct { _ struct{} `type:"structure"` @@ -43043,7 +43006,6 @@ func (s *DisableVpcClassicLinkInput) SetVpcId(v string) *DisableVpcClassicLinkIn } // Contains the output of DisableVpcClassicLink. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisableVpcClassicLinkResult type DisableVpcClassicLinkOutput struct { _ struct{} `type:"structure"` @@ -43068,7 +43030,6 @@ func (s *DisableVpcClassicLinkOutput) SetReturn(v bool) *DisableVpcClassicLinkOu } // Contains the parameters for DisassociateAddress. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisassociateAddressRequest type DisassociateAddressInput struct { _ struct{} `type:"structure"` @@ -43113,7 +43074,6 @@ func (s *DisassociateAddressInput) SetPublicIp(v string) *DisassociateAddressInp return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisassociateAddressOutput type DisassociateAddressOutput struct { _ struct{} `type:"structure"` } @@ -43128,7 +43088,6 @@ func (s DisassociateAddressOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisassociateIamInstanceProfileRequest type DisassociateIamInstanceProfileInput struct { _ struct{} `type:"structure"` @@ -43167,7 +43126,6 @@ func (s *DisassociateIamInstanceProfileInput) SetAssociationId(v string) *Disass return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisassociateIamInstanceProfileResult type DisassociateIamInstanceProfileOutput struct { _ struct{} `type:"structure"` @@ -43192,7 +43150,6 @@ func (s *DisassociateIamInstanceProfileOutput) SetIamInstanceProfileAssociation( } // Contains the parameters for DisassociateRouteTable. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisassociateRouteTableRequest type DisassociateRouteTableInput struct { _ struct{} `type:"structure"` @@ -43244,7 +43201,6 @@ func (s *DisassociateRouteTableInput) SetDryRun(v bool) *DisassociateRouteTableI return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisassociateRouteTableOutput type DisassociateRouteTableOutput struct { _ struct{} `type:"structure"` } @@ -43259,7 +43215,6 @@ func (s DisassociateRouteTableOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisassociateSubnetCidrBlockRequest type DisassociateSubnetCidrBlockInput struct { _ struct{} `type:"structure"` @@ -43298,7 +43253,6 @@ func (s *DisassociateSubnetCidrBlockInput) SetAssociationId(v string) *Disassoci return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisassociateSubnetCidrBlockResult type DisassociateSubnetCidrBlockOutput struct { _ struct{} `type:"structure"` @@ -43331,7 +43285,6 @@ func (s *DisassociateSubnetCidrBlockOutput) SetSubnetId(v string) *DisassociateS return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisassociateVpcCidrBlockRequest type DisassociateVpcCidrBlockInput struct { _ struct{} `type:"structure"` @@ -43370,7 +43323,6 @@ func (s *DisassociateVpcCidrBlockInput) SetAssociationId(v string) *Disassociate return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisassociateVpcCidrBlockResult type DisassociateVpcCidrBlockOutput struct { _ struct{} `type:"structure"` @@ -43413,7 +43365,6 @@ func (s *DisassociateVpcCidrBlockOutput) SetVpcId(v string) *DisassociateVpcCidr } // Describes a disk image. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DiskImage type DiskImage struct { _ struct{} `type:"structure"` @@ -43476,7 +43427,6 @@ func (s *DiskImage) SetVolume(v *VolumeDetail) *DiskImage { } // Describes a disk image. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DiskImageDescription type DiskImageDescription struct { _ struct{} `type:"structure"` @@ -43541,7 +43491,6 @@ func (s *DiskImageDescription) SetSize(v int64) *DiskImageDescription { } // Describes a disk image. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DiskImageDetail type DiskImageDetail struct { _ struct{} `type:"structure"` @@ -43616,7 +43565,6 @@ func (s *DiskImageDetail) SetImportManifestUrl(v string) *DiskImageDetail { } // Describes a disk image volume. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DiskImageVolumeDescription type DiskImageVolumeDescription struct { _ struct{} `type:"structure"` @@ -43652,7 +43600,6 @@ func (s *DiskImageVolumeDescription) SetSize(v int64) *DiskImageVolumeDescriptio } // Describes a DNS entry. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DnsEntry type DnsEntry struct { _ struct{} `type:"structure"` @@ -43686,7 +43633,6 @@ func (s *DnsEntry) SetHostedZoneId(v string) *DnsEntry { } // Describes a block device for an EBS volume. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EbsBlockDevice type EbsBlockDevice struct { _ struct{} `type:"structure"` @@ -43796,7 +43742,6 @@ func (s *EbsBlockDevice) SetVolumeType(v string) *EbsBlockDevice { } // Describes a parameter used to set up an EBS volume in a block device mapping. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EbsInstanceBlockDevice type EbsInstanceBlockDevice struct { _ struct{} `type:"structure"` @@ -43849,7 +43794,6 @@ func (s *EbsInstanceBlockDevice) SetVolumeId(v string) *EbsInstanceBlockDevice { // Describes information used to set up an EBS volume specified in a block device // mapping. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EbsInstanceBlockDeviceSpecification type EbsInstanceBlockDeviceSpecification struct { _ struct{} `type:"structure"` @@ -43883,7 +43827,6 @@ func (s *EbsInstanceBlockDeviceSpecification) SetVolumeId(v string) *EbsInstance } // Describes an egress-only Internet gateway. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EgressOnlyInternetGateway type EgressOnlyInternetGateway struct { _ struct{} `type:"structure"` @@ -43917,7 +43860,6 @@ func (s *EgressOnlyInternetGateway) SetEgressOnlyInternetGatewayId(v string) *Eg } // Describes the association between an instance and an Elastic GPU. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ElasticGpuAssociation type ElasticGpuAssociation struct { _ struct{} `type:"structure"` @@ -43969,7 +43911,6 @@ func (s *ElasticGpuAssociation) SetElasticGpuId(v string) *ElasticGpuAssociation } // Describes the status of an Elastic GPU. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ElasticGpuHealth type ElasticGpuHealth struct { _ struct{} `type:"structure"` @@ -43994,7 +43935,6 @@ func (s *ElasticGpuHealth) SetStatus(v string) *ElasticGpuHealth { } // A specification for an Elastic GPU. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ElasticGpuSpecification type ElasticGpuSpecification struct { _ struct{} `type:"structure"` @@ -44034,7 +43974,6 @@ func (s *ElasticGpuSpecification) SetType(v string) *ElasticGpuSpecification { } // Describes an elastic GPU. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ElasticGpuSpecificationResponse type ElasticGpuSpecificationResponse struct { _ struct{} `type:"structure"` @@ -44059,7 +43998,6 @@ func (s *ElasticGpuSpecificationResponse) SetType(v string) *ElasticGpuSpecifica } // Describes an Elastic GPU. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ElasticGpus type ElasticGpus struct { _ struct{} `type:"structure"` @@ -44129,7 +44067,6 @@ func (s *ElasticGpus) SetInstanceId(v string) *ElasticGpus { } // Contains the parameters for EnableVgwRoutePropagation. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EnableVgwRoutePropagationRequest type EnableVgwRoutePropagationInput struct { _ struct{} `type:"structure"` @@ -44182,7 +44119,6 @@ func (s *EnableVgwRoutePropagationInput) SetRouteTableId(v string) *EnableVgwRou return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EnableVgwRoutePropagationOutput type EnableVgwRoutePropagationOutput struct { _ struct{} `type:"structure"` } @@ -44198,7 +44134,6 @@ func (s EnableVgwRoutePropagationOutput) GoString() string { } // Contains the parameters for EnableVolumeIO. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EnableVolumeIORequest type EnableVolumeIOInput struct { _ struct{} `type:"structure"` @@ -44249,7 +44184,6 @@ func (s *EnableVolumeIOInput) SetVolumeId(v string) *EnableVolumeIOInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EnableVolumeIOOutput type EnableVolumeIOOutput struct { _ struct{} `type:"structure"` } @@ -44265,7 +44199,6 @@ func (s EnableVolumeIOOutput) GoString() string { } // Contains the parameters for EnableVpcClassicLinkDnsSupport. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EnableVpcClassicLinkDnsSupportRequest type EnableVpcClassicLinkDnsSupportInput struct { _ struct{} `type:"structure"` @@ -44290,7 +44223,6 @@ func (s *EnableVpcClassicLinkDnsSupportInput) SetVpcId(v string) *EnableVpcClass } // Contains the output of EnableVpcClassicLinkDnsSupport. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EnableVpcClassicLinkDnsSupportResult type EnableVpcClassicLinkDnsSupportOutput struct { _ struct{} `type:"structure"` @@ -44315,7 +44247,6 @@ func (s *EnableVpcClassicLinkDnsSupportOutput) SetReturn(v bool) *EnableVpcClass } // Contains the parameters for EnableVpcClassicLink. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EnableVpcClassicLinkRequest type EnableVpcClassicLinkInput struct { _ struct{} `type:"structure"` @@ -44367,7 +44298,6 @@ func (s *EnableVpcClassicLinkInput) SetVpcId(v string) *EnableVpcClassicLinkInpu } // Contains the output of EnableVpcClassicLink. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EnableVpcClassicLinkResult type EnableVpcClassicLinkOutput struct { _ struct{} `type:"structure"` @@ -44392,7 +44322,6 @@ func (s *EnableVpcClassicLinkOutput) SetReturn(v bool) *EnableVpcClassicLinkOutp } // Describes a Spot Fleet event. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EventInformation type EventInformation struct { _ struct{} `type:"structure"` @@ -44496,7 +44425,6 @@ func (s *EventInformation) SetInstanceId(v string) *EventInformation { } // Describes an instance export task. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ExportTask type ExportTask struct { _ struct{} `type:"structure"` @@ -44566,7 +44494,6 @@ func (s *ExportTask) SetStatusMessage(v string) *ExportTask { } // Describes the format and location for an instance export task. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ExportToS3Task type ExportToS3Task struct { _ struct{} `type:"structure"` @@ -44620,7 +44547,6 @@ func (s *ExportToS3Task) SetS3Key(v string) *ExportToS3Task { } // Describes an instance export task. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ExportToS3TaskSpecification type ExportToS3TaskSpecification struct { _ struct{} `type:"structure"` @@ -44677,7 +44603,6 @@ func (s *ExportToS3TaskSpecification) SetS3Prefix(v string) *ExportToS3TaskSpeci // A filter name and value pair that is used to return a more specific list // of results. Filters can be used to match a set of resources by various criteria, // such as tags, attributes, or IDs. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/Filter type Filter struct { _ struct{} `type:"structure"` @@ -44711,7 +44636,6 @@ func (s *Filter) SetValues(v []*string) *Filter { } // Describes a launch template. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/FleetLaunchTemplateSpecification type FleetLaunchTemplateSpecification struct { _ struct{} `type:"structure"` @@ -44770,7 +44694,6 @@ func (s *FleetLaunchTemplateSpecification) SetVersion(v string) *FleetLaunchTemp } // Describes a flow log. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/FlowLog type FlowLog struct { _ struct{} `type:"structure"` @@ -44872,7 +44795,6 @@ func (s *FlowLog) SetTrafficType(v string) *FlowLog { } // Describes an Amazon FPGA image (AFI). -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/FpgaImage type FpgaImage struct { _ struct{} `type:"structure"` @@ -45014,7 +44936,6 @@ func (s *FpgaImage) SetUpdateTime(v time.Time) *FpgaImage { } // Describes an Amazon FPGA image (AFI) attribute. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/FpgaImageAttribute type FpgaImageAttribute struct { _ struct{} `type:"structure"` @@ -45076,7 +44997,6 @@ func (s *FpgaImageAttribute) SetProductCodes(v []*ProductCode) *FpgaImageAttribu // Describes the state of the bitstream generation process for an Amazon FPGA // image (AFI). -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/FpgaImageState type FpgaImageState struct { _ struct{} `type:"structure"` @@ -45118,7 +45038,6 @@ func (s *FpgaImageState) SetMessage(v string) *FpgaImageState { } // Contains the parameters for GetConsoleOutput. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetConsoleOutputRequest type GetConsoleOutputInput struct { _ struct{} `type:"structure"` @@ -45170,7 +45089,6 @@ func (s *GetConsoleOutputInput) SetInstanceId(v string) *GetConsoleOutputInput { } // Contains the output of GetConsoleOutput. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetConsoleOutputResult type GetConsoleOutputOutput struct { _ struct{} `type:"structure"` @@ -45214,7 +45132,6 @@ func (s *GetConsoleOutputOutput) SetTimestamp(v time.Time) *GetConsoleOutputOutp } // Contains the parameters for the request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetConsoleScreenshotRequest type GetConsoleScreenshotInput struct { _ struct{} `type:"structure"` @@ -45276,7 +45193,6 @@ func (s *GetConsoleScreenshotInput) SetWakeUp(v bool) *GetConsoleScreenshotInput } // Contains the output of the request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetConsoleScreenshotResult type GetConsoleScreenshotOutput struct { _ struct{} `type:"structure"` @@ -45309,7 +45225,6 @@ func (s *GetConsoleScreenshotOutput) SetInstanceId(v string) *GetConsoleScreensh return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetHostReservationPurchasePreviewRequest type GetHostReservationPurchasePreviewInput struct { _ struct{} `type:"structure"` @@ -45363,7 +45278,6 @@ func (s *GetHostReservationPurchasePreviewInput) SetOfferingId(v string) *GetHos return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetHostReservationPurchasePreviewResult type GetHostReservationPurchasePreviewOutput struct { _ struct{} `type:"structure"` @@ -45416,7 +45330,6 @@ func (s *GetHostReservationPurchasePreviewOutput) SetTotalUpfrontPrice(v string) return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetLaunchTemplateDataRequest type GetLaunchTemplateDataInput struct { _ struct{} `type:"structure"` @@ -45467,7 +45380,6 @@ func (s *GetLaunchTemplateDataInput) SetInstanceId(v string) *GetLaunchTemplateD return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetLaunchTemplateDataResult type GetLaunchTemplateDataOutput struct { _ struct{} `type:"structure"` @@ -45492,7 +45404,6 @@ func (s *GetLaunchTemplateDataOutput) SetLaunchTemplateData(v *ResponseLaunchTem } // Contains the parameters for GetPasswordData. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetPasswordDataRequest type GetPasswordDataInput struct { _ struct{} `type:"structure"` @@ -45544,7 +45455,6 @@ func (s *GetPasswordDataInput) SetInstanceId(v string) *GetPasswordDataInput { } // Contains the output of GetPasswordData. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetPasswordDataResult type GetPasswordDataOutput struct { _ struct{} `type:"structure"` @@ -45588,7 +45498,6 @@ func (s *GetPasswordDataOutput) SetTimestamp(v time.Time) *GetPasswordDataOutput } // Contains the parameters for GetReservedInstanceExchangeQuote. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetReservedInstancesExchangeQuoteRequest type GetReservedInstancesExchangeQuoteInput struct { _ struct{} `type:"structure"` @@ -45660,7 +45569,6 @@ func (s *GetReservedInstancesExchangeQuoteInput) SetTargetConfigurations(v []*Ta } // Contains the output of GetReservedInstancesExchangeQuote. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetReservedInstancesExchangeQuoteResult type GetReservedInstancesExchangeQuoteOutput struct { _ struct{} `type:"structure"` @@ -45757,7 +45665,6 @@ func (s *GetReservedInstancesExchangeQuoteOutput) SetValidationFailureReason(v s } // Describes a security group. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GroupIdentifier type GroupIdentifier struct { _ struct{} `type:"structure"` @@ -45791,7 +45698,6 @@ func (s *GroupIdentifier) SetGroupName(v string) *GroupIdentifier { } // Describes an event in the history of the Spot Fleet request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/HistoryRecord type HistoryRecord struct { _ struct{} `type:"structure"` @@ -45849,7 +45755,6 @@ func (s *HistoryRecord) SetTimestamp(v time.Time) *HistoryRecord { } // Describes the properties of the Dedicated Host. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/Host type Host struct { _ struct{} `type:"structure"` @@ -45949,7 +45854,6 @@ func (s *Host) SetState(v string) *Host { } // Describes an instance running on a Dedicated Host. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/HostInstance type HostInstance struct { _ struct{} `type:"structure"` @@ -45983,7 +45887,6 @@ func (s *HostInstance) SetInstanceType(v string) *HostInstance { } // Details about the Dedicated Host Reservation offering. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/HostOffering type HostOffering struct { _ struct{} `type:"structure"` @@ -46062,7 +45965,6 @@ func (s *HostOffering) SetUpfrontPrice(v string) *HostOffering { } // Describes properties of a Dedicated Host. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/HostProperties type HostProperties struct { _ struct{} `type:"structure"` @@ -46114,7 +46016,6 @@ func (s *HostProperties) SetTotalVCpus(v int64) *HostProperties { } // Details about the Dedicated Host Reservation and associated Dedicated Hosts. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/HostReservation type HostReservation struct { _ struct{} `type:"structure"` @@ -46252,7 +46153,6 @@ func (s *HostReservation) SetUpfrontPrice(v string) *HostReservation { } // Describes an IAM instance profile. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/IamInstanceProfile type IamInstanceProfile struct { _ struct{} `type:"structure"` @@ -46286,7 +46186,6 @@ func (s *IamInstanceProfile) SetId(v string) *IamInstanceProfile { } // Describes an association between an IAM instance profile and an instance. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/IamInstanceProfileAssociation type IamInstanceProfileAssociation struct { _ struct{} `type:"structure"` @@ -46347,7 +46246,6 @@ func (s *IamInstanceProfileAssociation) SetTimestamp(v time.Time) *IamInstancePr } // Describes an IAM instance profile. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/IamInstanceProfileSpecification type IamInstanceProfileSpecification struct { _ struct{} `type:"structure"` @@ -46381,7 +46279,6 @@ func (s *IamInstanceProfileSpecification) SetName(v string) *IamInstanceProfileS } // Describes the ICMP type and code. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/IcmpTypeCode type IcmpTypeCode struct { _ struct{} `type:"structure"` @@ -46415,7 +46312,6 @@ func (s *IcmpTypeCode) SetType(v int64) *IcmpTypeCode { } // Describes the ID format for a resource. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/IdFormat type IdFormat struct { _ struct{} `type:"structure"` @@ -46460,7 +46356,6 @@ func (s *IdFormat) SetUseLongIds(v bool) *IdFormat { } // Describes an image. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/Image type Image struct { _ struct{} `type:"structure"` @@ -46700,7 +46595,6 @@ func (s *Image) SetVirtualizationType(v string) *Image { } // Describes the disk container object for an import image task. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ImageDiskContainer type ImageDiskContainer struct { _ struct{} `type:"structure"` @@ -46712,7 +46606,7 @@ type ImageDiskContainer struct { // The format of the disk image being imported. // - // Valid values: RAW | VHD | VMDK | OVA + // Valid values: VHD | VMDK | OVA Format *string `type:"string"` // The ID of the EBS snapshot to be used for importing the snapshot. @@ -46773,7 +46667,6 @@ func (s *ImageDiskContainer) SetUserBucket(v *UserBucket) *ImageDiskContainer { } // Contains the parameters for ImportImage. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ImportImageRequest type ImportImageInput struct { _ struct{} `type:"structure"` @@ -46895,7 +46788,6 @@ func (s *ImportImageInput) SetRoleName(v string) *ImportImageInput { } // Contains the output for ImportImage. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ImportImageResult type ImportImageOutput struct { _ struct{} `type:"structure"` @@ -47010,7 +46902,6 @@ func (s *ImportImageOutput) SetStatusMessage(v string) *ImportImageOutput { } // Describes an import image task. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ImportImageTask type ImportImageTask struct { _ struct{} `type:"structure"` @@ -47129,7 +47020,6 @@ func (s *ImportImageTask) SetStatusMessage(v string) *ImportImageTask { } // Contains the parameters for ImportInstance. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ImportInstanceRequest type ImportInstanceInput struct { _ struct{} `type:"structure"` @@ -47218,7 +47108,6 @@ func (s *ImportInstanceInput) SetPlatform(v string) *ImportInstanceInput { } // Describes the launch specification for VM import. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ImportInstanceLaunchSpecification type ImportInstanceLaunchSpecification struct { _ struct{} `type:"structure"` @@ -47255,9 +47144,7 @@ type ImportInstanceLaunchSpecification struct { // [EC2-VPC] The ID of the subnet in which to launch the instance. SubnetId *string `locationName:"subnetId" type:"string"` - // The user data to make available to the instance. If you are using an AWS - // SDK or command line tool, Base64-encoding is performed for you, and you can - // load the text from a file. Otherwise, you must provide Base64-encoded text. + // The Base64-encoded user data to make available to the instance. UserData *UserData `locationName:"userData" type:"structure"` } @@ -47338,7 +47225,6 @@ func (s *ImportInstanceLaunchSpecification) SetUserData(v *UserData) *ImportInst } // Contains the output for ImportInstance. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ImportInstanceResult type ImportInstanceOutput struct { _ struct{} `type:"structure"` @@ -47363,7 +47249,6 @@ func (s *ImportInstanceOutput) SetConversionTask(v *ConversionTask) *ImportInsta } // Describes an import instance task. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ImportInstanceTaskDetails type ImportInstanceTaskDetails struct { _ struct{} `type:"structure"` @@ -47417,7 +47302,6 @@ func (s *ImportInstanceTaskDetails) SetVolumes(v []*ImportInstanceVolumeDetailIt } // Describes an import volume task. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ImportInstanceVolumeDetailItem type ImportInstanceVolumeDetailItem struct { _ struct{} `type:"structure"` @@ -47506,7 +47390,6 @@ func (s *ImportInstanceVolumeDetailItem) SetVolume(v *DiskImageVolumeDescription } // Contains the parameters for ImportKeyPair. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ImportKeyPairRequest type ImportKeyPairInput struct { _ struct{} `type:"structure"` @@ -47575,7 +47458,6 @@ func (s *ImportKeyPairInput) SetPublicKeyMaterial(v []byte) *ImportKeyPairInput } // Contains the output of ImportKeyPair. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ImportKeyPairResult type ImportKeyPairOutput struct { _ struct{} `type:"structure"` @@ -47609,7 +47491,6 @@ func (s *ImportKeyPairOutput) SetKeyName(v string) *ImportKeyPairOutput { } // Contains the parameters for ImportSnapshot. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ImportSnapshotRequest type ImportSnapshotInput struct { _ struct{} `type:"structure"` @@ -47682,7 +47563,6 @@ func (s *ImportSnapshotInput) SetRoleName(v string) *ImportSnapshotInput { } // Contains the output for ImportSnapshot. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ImportSnapshotResult type ImportSnapshotOutput struct { _ struct{} `type:"structure"` @@ -47725,7 +47605,6 @@ func (s *ImportSnapshotOutput) SetSnapshotTaskDetail(v *SnapshotTaskDetail) *Imp } // Describes an import snapshot task. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ImportSnapshotTask type ImportSnapshotTask struct { _ struct{} `type:"structure"` @@ -47768,7 +47647,6 @@ func (s *ImportSnapshotTask) SetSnapshotTaskDetail(v *SnapshotTaskDetail) *Impor } // Contains the parameters for ImportVolume. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ImportVolumeRequest type ImportVolumeInput struct { _ struct{} `type:"structure"` @@ -47867,7 +47745,6 @@ func (s *ImportVolumeInput) SetVolume(v *VolumeDetail) *ImportVolumeInput { } // Contains the output for ImportVolume. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ImportVolumeResult type ImportVolumeOutput struct { _ struct{} `type:"structure"` @@ -47892,7 +47769,6 @@ func (s *ImportVolumeOutput) SetConversionTask(v *ConversionTask) *ImportVolumeO } // Describes an import volume task. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ImportVolumeTaskDetails type ImportVolumeTaskDetails struct { _ struct{} `type:"structure"` @@ -47961,7 +47837,6 @@ func (s *ImportVolumeTaskDetails) SetVolume(v *DiskImageVolumeDescription) *Impo } // Describes an instance. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/Instance type Instance struct { _ struct{} `type:"structure"` @@ -48350,7 +48225,6 @@ func (s *Instance) SetVpcId(v string) *Instance { } // Describes a block device mapping. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/InstanceBlockDeviceMapping type InstanceBlockDeviceMapping struct { _ struct{} `type:"structure"` @@ -48385,7 +48259,6 @@ func (s *InstanceBlockDeviceMapping) SetEbs(v *EbsInstanceBlockDevice) *Instance } // Describes a block device mapping entry. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/InstanceBlockDeviceMappingSpecification type InstanceBlockDeviceMappingSpecification struct { _ struct{} `type:"structure"` @@ -48438,7 +48311,6 @@ func (s *InstanceBlockDeviceMappingSpecification) SetVirtualName(v string) *Inst } // Information about the instance type that the Dedicated Host supports. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/InstanceCapacity type InstanceCapacity struct { _ struct{} `type:"structure"` @@ -48481,7 +48353,6 @@ func (s *InstanceCapacity) SetTotalCapacity(v int64) *InstanceCapacity { } // Describes a Reserved Instance listing state. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/InstanceCount type InstanceCount struct { _ struct{} `type:"structure"` @@ -48515,7 +48386,6 @@ func (s *InstanceCount) SetState(v string) *InstanceCount { } // Describes the credit option for CPU usage of a T2 instance. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/InstanceCreditSpecification type InstanceCreditSpecification struct { _ struct{} `type:"structure"` @@ -48550,7 +48420,6 @@ func (s *InstanceCreditSpecification) SetInstanceId(v string) *InstanceCreditSpe } // Describes the credit option for CPU usage of a T2 instance. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/InstanceCreditSpecificationRequest type InstanceCreditSpecificationRequest struct { _ struct{} `type:"structure"` @@ -48585,7 +48454,6 @@ func (s *InstanceCreditSpecificationRequest) SetInstanceId(v string) *InstanceCr } // Describes an instance to export. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/InstanceExportDetails type InstanceExportDetails struct { _ struct{} `type:"structure"` @@ -48619,7 +48487,6 @@ func (s *InstanceExportDetails) SetTargetEnvironment(v string) *InstanceExportDe } // Describes an IPv6 address. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/InstanceIpv6Address type InstanceIpv6Address struct { _ struct{} `type:"structure"` @@ -48644,7 +48511,6 @@ func (s *InstanceIpv6Address) SetIpv6Address(v string) *InstanceIpv6Address { } // Describes an IPv6 address. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/InstanceIpv6AddressRequest type InstanceIpv6AddressRequest struct { _ struct{} `type:"structure"` @@ -48669,7 +48535,6 @@ func (s *InstanceIpv6AddressRequest) SetIpv6Address(v string) *InstanceIpv6Addre } // Describes the market (purchasing) option for the instances. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/InstanceMarketOptionsRequest type InstanceMarketOptionsRequest struct { _ struct{} `type:"structure"` @@ -48703,7 +48568,6 @@ func (s *InstanceMarketOptionsRequest) SetSpotOptions(v *SpotMarketOptions) *Ins } // Describes the monitoring of an instance. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/InstanceMonitoring type InstanceMonitoring struct { _ struct{} `type:"structure"` @@ -48737,7 +48601,6 @@ func (s *InstanceMonitoring) SetMonitoring(v *Monitoring) *InstanceMonitoring { } // Describes a network interface. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/InstanceNetworkInterface type InstanceNetworkInterface struct { _ struct{} `type:"structure"` @@ -48889,7 +48752,6 @@ func (s *InstanceNetworkInterface) SetVpcId(v string) *InstanceNetworkInterface } // Describes association information for an Elastic IP address (IPv4). -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/InstanceNetworkInterfaceAssociation type InstanceNetworkInterfaceAssociation struct { _ struct{} `type:"structure"` @@ -48932,7 +48794,6 @@ func (s *InstanceNetworkInterfaceAssociation) SetPublicIp(v string) *InstanceNet } // Describes a network interface attachment. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/InstanceNetworkInterfaceAttachment type InstanceNetworkInterfaceAttachment struct { _ struct{} `type:"structure"` @@ -48993,7 +48854,6 @@ func (s *InstanceNetworkInterfaceAttachment) SetStatus(v string) *InstanceNetwor } // Describes a network interface. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/InstanceNetworkInterfaceSpecification type InstanceNetworkInterfaceSpecification struct { _ struct{} `type:"structure"` @@ -49163,7 +49023,6 @@ func (s *InstanceNetworkInterfaceSpecification) SetSubnetId(v string) *InstanceN } // Describes a private IPv4 address. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/InstancePrivateIpAddress type InstancePrivateIpAddress struct { _ struct{} `type:"structure"` @@ -49216,7 +49075,6 @@ func (s *InstancePrivateIpAddress) SetPrivateIpAddress(v string) *InstancePrivat } // Describes the current state of an instance. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/InstanceState type InstanceState struct { _ struct{} `type:"structure"` @@ -49263,7 +49121,6 @@ func (s *InstanceState) SetName(v string) *InstanceState { } // Describes an instance state change. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/InstanceStateChange type InstanceStateChange struct { _ struct{} `type:"structure"` @@ -49306,7 +49163,6 @@ func (s *InstanceStateChange) SetPreviousState(v *InstanceState) *InstanceStateC } // Describes the status of an instance. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/InstanceStatus type InstanceStatus struct { _ struct{} `type:"structure"` @@ -49380,7 +49236,6 @@ func (s *InstanceStatus) SetSystemStatus(v *InstanceStatusSummary) *InstanceStat } // Describes the instance status. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/InstanceStatusDetails type InstanceStatusDetails struct { _ struct{} `type:"structure"` @@ -49424,7 +49279,6 @@ func (s *InstanceStatusDetails) SetStatus(v string) *InstanceStatusDetails { } // Describes a scheduled event for an instance. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/InstanceStatusEvent type InstanceStatusEvent struct { _ struct{} `type:"structure"` @@ -49480,7 +49334,6 @@ func (s *InstanceStatusEvent) SetNotBefore(v time.Time) *InstanceStatusEvent { } // Describes the status of an instance. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/InstanceStatusSummary type InstanceStatusSummary struct { _ struct{} `type:"structure"` @@ -49514,7 +49367,6 @@ func (s *InstanceStatusSummary) SetStatus(v string) *InstanceStatusSummary { } // Describes an Internet gateway. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/InternetGateway type InternetGateway struct { _ struct{} `type:"structure"` @@ -49558,7 +49410,6 @@ func (s *InternetGateway) SetTags(v []*Tag) *InternetGateway { // Describes the attachment of a VPC to an Internet gateway or an egress-only // Internet gateway. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/InternetGatewayAttachment type InternetGatewayAttachment struct { _ struct{} `type:"structure"` @@ -49593,7 +49444,6 @@ func (s *InternetGatewayAttachment) SetVpcId(v string) *InternetGatewayAttachmen } // Describes a set of permissions for a security group rule. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/IpPermission type IpPermission struct { _ struct{} `type:"structure"` @@ -49687,7 +49537,6 @@ func (s *IpPermission) SetUserIdGroupPairs(v []*UserIdGroupPair) *IpPermission { } // Describes an IPv4 range. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/IpRange type IpRange struct { _ struct{} `type:"structure"` @@ -49726,7 +49575,6 @@ func (s *IpRange) SetDescription(v string) *IpRange { } // Describes an IPv6 CIDR block. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/Ipv6CidrBlock type Ipv6CidrBlock struct { _ struct{} `type:"structure"` @@ -49751,7 +49599,6 @@ func (s *Ipv6CidrBlock) SetIpv6CidrBlock(v string) *Ipv6CidrBlock { } // [EC2-VPC only] Describes an IPv6 range. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/Ipv6Range type Ipv6Range struct { _ struct{} `type:"structure"` @@ -49790,7 +49637,6 @@ func (s *Ipv6Range) SetDescription(v string) *Ipv6Range { } // Describes a key pair. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/KeyPairInfo type KeyPairInfo struct { _ struct{} `type:"structure"` @@ -49827,7 +49673,6 @@ func (s *KeyPairInfo) SetKeyName(v string) *KeyPairInfo { } // Describes a launch permission. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/LaunchPermission type LaunchPermission struct { _ struct{} `type:"structure"` @@ -49861,7 +49706,6 @@ func (s *LaunchPermission) SetUserId(v string) *LaunchPermission { } // Describes a launch permission modification. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/LaunchPermissionModifications type LaunchPermissionModifications struct { _ struct{} `type:"structure"` @@ -49896,7 +49740,6 @@ func (s *LaunchPermissionModifications) SetRemove(v []*LaunchPermission) *Launch } // Describes the launch specification for an instance. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/LaunchSpecification type LaunchSpecification struct { _ struct{} `type:"structure"` @@ -49951,9 +49794,7 @@ type LaunchSpecification struct { // The ID of the subnet in which to launch the instance. SubnetId *string `locationName:"subnetId" type:"string"` - // The user data to make available to the instances. If you are using an AWS - // SDK or command line tool, Base64-encoding is performed for you, and you can - // load the text from a file. Otherwise, you must provide Base64-encoded text. + // The Base64-encoded user data for the instance. UserData *string `locationName:"userData" type:"string"` } @@ -50058,7 +49899,6 @@ func (s *LaunchSpecification) SetUserData(v string) *LaunchSpecification { } // Describes a launch template. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/LaunchTemplate type LaunchTemplate struct { _ struct{} `type:"structure"` @@ -50137,7 +49977,6 @@ func (s *LaunchTemplate) SetTags(v []*Tag) *LaunchTemplate { } // Describes a block device mapping. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/LaunchTemplateBlockDeviceMapping type LaunchTemplateBlockDeviceMapping struct { _ struct{} `type:"structure"` @@ -50190,7 +50029,6 @@ func (s *LaunchTemplateBlockDeviceMapping) SetVirtualName(v string) *LaunchTempl } // Describes a block device mapping. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/LaunchTemplateBlockDeviceMappingRequest type LaunchTemplateBlockDeviceMappingRequest struct { _ struct{} `type:"structure"` @@ -50248,7 +50086,6 @@ func (s *LaunchTemplateBlockDeviceMappingRequest) SetVirtualName(v string) *Laun } // Describes a launch template and overrides. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/LaunchTemplateConfig type LaunchTemplateConfig struct { _ struct{} `type:"structure"` @@ -50298,7 +50135,6 @@ func (s *LaunchTemplateConfig) SetOverrides(v []*LaunchTemplateOverrides) *Launc } // Describes a block device for an EBS volume. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/LaunchTemplateEbsBlockDevice type LaunchTemplateEbsBlockDevice struct { _ struct{} `type:"structure"` @@ -50377,7 +50213,6 @@ func (s *LaunchTemplateEbsBlockDevice) SetVolumeType(v string) *LaunchTemplateEb } // The parameters for a block device for an EBS volume. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/LaunchTemplateEbsBlockDeviceRequest type LaunchTemplateEbsBlockDeviceRequest struct { _ struct{} `type:"structure"` @@ -50470,7 +50305,6 @@ func (s *LaunchTemplateEbsBlockDeviceRequest) SetVolumeType(v string) *LaunchTem } // Describes an IAM instance profile. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/LaunchTemplateIamInstanceProfileSpecification type LaunchTemplateIamInstanceProfileSpecification struct { _ struct{} `type:"structure"` @@ -50504,7 +50338,6 @@ func (s *LaunchTemplateIamInstanceProfileSpecification) SetName(v string) *Launc } // An IAM instance profile. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/LaunchTemplateIamInstanceProfileSpecificationRequest type LaunchTemplateIamInstanceProfileSpecificationRequest struct { _ struct{} `type:"structure"` @@ -50538,7 +50371,6 @@ func (s *LaunchTemplateIamInstanceProfileSpecificationRequest) SetName(v string) } // The market (purchasing) option for the instances. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/LaunchTemplateInstanceMarketOptions type LaunchTemplateInstanceMarketOptions struct { _ struct{} `type:"structure"` @@ -50572,7 +50404,6 @@ func (s *LaunchTemplateInstanceMarketOptions) SetSpotOptions(v *LaunchTemplateSp } // The market (purchasing) option for the instances. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/LaunchTemplateInstanceMarketOptionsRequest type LaunchTemplateInstanceMarketOptionsRequest struct { _ struct{} `type:"structure"` @@ -50606,7 +50437,6 @@ func (s *LaunchTemplateInstanceMarketOptionsRequest) SetSpotOptions(v *LaunchTem } // Describes a network interface. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/LaunchTemplateInstanceNetworkInterfaceSpecification type LaunchTemplateInstanceNetworkInterfaceSpecification struct { _ struct{} `type:"structure"` @@ -50731,7 +50561,6 @@ func (s *LaunchTemplateInstanceNetworkInterfaceSpecification) SetSubnetId(v stri } // The parameters for a network interface. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/LaunchTemplateInstanceNetworkInterfaceSpecificationRequest type LaunchTemplateInstanceNetworkInterfaceSpecificationRequest struct { _ struct{} `type:"structure"` @@ -50878,7 +50707,6 @@ func (s *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest) SetSubnetId } // Describes overrides for a launch template. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/LaunchTemplateOverrides type LaunchTemplateOverrides struct { _ struct{} `type:"structure"` @@ -50939,7 +50767,6 @@ func (s *LaunchTemplateOverrides) SetWeightedCapacity(v float64) *LaunchTemplate } // Describes the placement of an instance. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/LaunchTemplatePlacement type LaunchTemplatePlacement struct { _ struct{} `type:"structure"` @@ -51010,7 +50837,6 @@ func (s *LaunchTemplatePlacement) SetTenancy(v string) *LaunchTemplatePlacement } // The placement for the instance. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/LaunchTemplatePlacementRequest type LaunchTemplatePlacementRequest struct { _ struct{} `type:"structure"` @@ -51082,7 +50908,6 @@ func (s *LaunchTemplatePlacementRequest) SetTenancy(v string) *LaunchTemplatePla // The launch template to use. You must specify either the launch template ID // or launch template name in the request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/LaunchTemplateSpecification type LaunchTemplateSpecification struct { _ struct{} `type:"structure"` @@ -51127,7 +50952,6 @@ func (s *LaunchTemplateSpecification) SetVersion(v string) *LaunchTemplateSpecif } // The options for Spot Instances. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/LaunchTemplateSpotMarketOptions type LaunchTemplateSpotMarketOptions struct { _ struct{} `type:"structure"` @@ -51193,7 +51017,6 @@ func (s *LaunchTemplateSpotMarketOptions) SetValidUntil(v time.Time) *LaunchTemp } // The options for Spot Instances. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/LaunchTemplateSpotMarketOptionsRequest type LaunchTemplateSpotMarketOptionsRequest struct { _ struct{} `type:"structure"` @@ -51260,7 +51083,6 @@ func (s *LaunchTemplateSpotMarketOptionsRequest) SetValidUntil(v time.Time) *Lau } // The tag specification for the launch template. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/LaunchTemplateTagSpecification type LaunchTemplateTagSpecification struct { _ struct{} `type:"structure"` @@ -51294,7 +51116,6 @@ func (s *LaunchTemplateTagSpecification) SetTags(v []*Tag) *LaunchTemplateTagSpe } // The tags specification for the launch template. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/LaunchTemplateTagSpecificationRequest type LaunchTemplateTagSpecificationRequest struct { _ struct{} `type:"structure"` @@ -51329,7 +51150,6 @@ func (s *LaunchTemplateTagSpecificationRequest) SetTags(v []*Tag) *LaunchTemplat } // Describes a launch template version. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/LaunchTemplateVersion type LaunchTemplateVersion struct { _ struct{} `type:"structure"` @@ -51417,7 +51237,6 @@ func (s *LaunchTemplateVersion) SetVersionNumber(v int64) *LaunchTemplateVersion } // Describes the monitoring for the instance. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/LaunchTemplatesMonitoring type LaunchTemplatesMonitoring struct { _ struct{} `type:"structure"` @@ -51443,7 +51262,6 @@ func (s *LaunchTemplatesMonitoring) SetEnabled(v bool) *LaunchTemplatesMonitorin } // Describes the monitoring for the instance. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/LaunchTemplatesMonitoringRequest type LaunchTemplatesMonitoringRequest struct { _ struct{} `type:"structure"` @@ -51470,7 +51288,6 @@ func (s *LaunchTemplatesMonitoringRequest) SetEnabled(v bool) *LaunchTemplatesMo // Describes the Classic Load Balancers and target groups to attach to a Spot // Fleet request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/LoadBalancersConfig type LoadBalancersConfig struct { _ struct{} `type:"structure"` @@ -51524,7 +51341,6 @@ func (s *LoadBalancersConfig) SetTargetGroupsConfig(v *TargetGroupsConfig) *Load } // Describes a load permission. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/LoadPermission type LoadPermission struct { _ struct{} `type:"structure"` @@ -51558,7 +51374,6 @@ func (s *LoadPermission) SetUserId(v string) *LoadPermission { } // Describes modifications to the load permissions of an Amazon FPGA image (AFI). -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/LoadPermissionModifications type LoadPermissionModifications struct { _ struct{} `type:"structure"` @@ -51592,7 +51407,6 @@ func (s *LoadPermissionModifications) SetRemove(v []*LoadPermissionRequest) *Loa } // Describes a load permission. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/LoadPermissionRequest type LoadPermissionRequest struct { _ struct{} `type:"structure"` @@ -51625,7 +51439,6 @@ func (s *LoadPermissionRequest) SetUserId(v string) *LoadPermissionRequest { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyFpgaImageAttributeRequest type ModifyFpgaImageAttributeInput struct { _ struct{} `type:"structure"` @@ -51752,7 +51565,6 @@ func (s *ModifyFpgaImageAttributeInput) SetUserIds(v []*string) *ModifyFpgaImage return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyFpgaImageAttributeResult type ModifyFpgaImageAttributeOutput struct { _ struct{} `type:"structure"` @@ -51777,7 +51589,6 @@ func (s *ModifyFpgaImageAttributeOutput) SetFpgaImageAttribute(v *FpgaImageAttri } // Contains the parameters for ModifyHosts. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyHostsRequest type ModifyHostsInput struct { _ struct{} `type:"structure"` @@ -51831,7 +51642,6 @@ func (s *ModifyHostsInput) SetHostIds(v []*string) *ModifyHostsInput { } // Contains the output of ModifyHosts. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyHostsResult type ModifyHostsOutput struct { _ struct{} `type:"structure"` @@ -51866,11 +51676,18 @@ func (s *ModifyHostsOutput) SetUnsuccessful(v []*UnsuccessfulItem) *ModifyHostsO } // Contains the parameters of ModifyIdFormat. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyIdFormatRequest type ModifyIdFormatInput struct { _ struct{} `type:"structure"` - // The type of resource: instance | reservation | snapshot | volume + // The type of resource: bundle | conversion-task | dhcp-options | elastic-ip-allocation + // | elastic-ip-association | export-task | flow-log | image | import-task | + // internet-gateway | network-acl | network-acl-association | network-interface + // | network-interface-attachment | prefix-list | route-table | route-table-association + // | security-group | subnet | subnet-cidr-block-association | vpc | vpc-cidr-block-association + // | vpc-peering-connection. + // + // Alternatively, use the all-current option to include all resource types that + // are currently within their opt-in period for longer IDs. // // Resource is a required field Resource *string `type:"string" required:"true"` @@ -51919,7 +51736,6 @@ func (s *ModifyIdFormatInput) SetUseLongIds(v bool) *ModifyIdFormatInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyIdFormatOutput type ModifyIdFormatOutput struct { _ struct{} `type:"structure"` } @@ -51935,7 +51751,6 @@ func (s ModifyIdFormatOutput) GoString() string { } // Contains the parameters of ModifyIdentityIdFormat. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyIdentityIdFormatRequest type ModifyIdentityIdFormatInput struct { _ struct{} `type:"structure"` @@ -51946,7 +51761,15 @@ type ModifyIdentityIdFormatInput struct { // PrincipalArn is a required field PrincipalArn *string `locationName:"principalArn" type:"string" required:"true"` - // The type of resource: instance | reservation | snapshot | volume + // The type of resource: bundle | conversion-task | dhcp-options | elastic-ip-allocation + // | elastic-ip-association | export-task | flow-log | image | import-task | + // internet-gateway | network-acl | network-acl-association | network-interface + // | network-interface-attachment | prefix-list | route-table | route-table-association + // | security-group | subnet | subnet-cidr-block-association | vpc | vpc-cidr-block-association + // | vpc-peering-connection. + // + // Alternatively, use the all-current option to include all resource types that + // are currently within their opt-in period for longer IDs. // // Resource is a required field Resource *string `locationName:"resource" type:"string" required:"true"` @@ -52004,7 +51827,6 @@ func (s *ModifyIdentityIdFormatInput) SetUseLongIds(v bool) *ModifyIdentityIdFor return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyIdentityIdFormatOutput type ModifyIdentityIdFormatOutput struct { _ struct{} `type:"structure"` } @@ -52020,7 +51842,6 @@ func (s ModifyIdentityIdFormatOutput) GoString() string { } // Contains the parameters for ModifyImageAttribute. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyImageAttributeRequest type ModifyImageAttributeInput struct { _ struct{} `type:"structure"` @@ -52149,7 +51970,6 @@ func (s *ModifyImageAttributeInput) SetValue(v string) *ModifyImageAttributeInpu return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyImageAttributeOutput type ModifyImageAttributeOutput struct { _ struct{} `type:"structure"` } @@ -52165,7 +51985,6 @@ func (s ModifyImageAttributeOutput) GoString() string { } // Contains the parameters for ModifyInstanceAttribute. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyInstanceAttributeRequest type ModifyInstanceAttributeInput struct { _ struct{} `type:"structure"` @@ -52381,7 +52200,6 @@ func (s *ModifyInstanceAttributeInput) SetValue(v string) *ModifyInstanceAttribu return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyInstanceAttributeOutput type ModifyInstanceAttributeOutput struct { _ struct{} `type:"structure"` } @@ -52396,7 +52214,6 @@ func (s ModifyInstanceAttributeOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyInstanceCreditSpecificationRequest type ModifyInstanceCreditSpecificationInput struct { _ struct{} `type:"structure"` @@ -52458,7 +52275,6 @@ func (s *ModifyInstanceCreditSpecificationInput) SetInstanceCreditSpecifications return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyInstanceCreditSpecificationResult type ModifyInstanceCreditSpecificationOutput struct { _ struct{} `type:"structure"` @@ -52494,7 +52310,6 @@ func (s *ModifyInstanceCreditSpecificationOutput) SetUnsuccessfulInstanceCreditS } // Contains the parameters for ModifyInstancePlacement. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyInstancePlacementRequest type ModifyInstancePlacementInput struct { _ struct{} `type:"structure"` @@ -52561,7 +52376,6 @@ func (s *ModifyInstancePlacementInput) SetTenancy(v string) *ModifyInstancePlace } // Contains the output of ModifyInstancePlacement. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyInstancePlacementResult type ModifyInstancePlacementOutput struct { _ struct{} `type:"structure"` @@ -52585,7 +52399,6 @@ func (s *ModifyInstancePlacementOutput) SetReturn(v bool) *ModifyInstancePlaceme return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyLaunchTemplateRequest type ModifyLaunchTemplateInput struct { _ struct{} `type:"structure"` @@ -52664,7 +52477,6 @@ func (s *ModifyLaunchTemplateInput) SetLaunchTemplateName(v string) *ModifyLaunc return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyLaunchTemplateResult type ModifyLaunchTemplateOutput struct { _ struct{} `type:"structure"` @@ -52689,7 +52501,6 @@ func (s *ModifyLaunchTemplateOutput) SetLaunchTemplate(v *LaunchTemplate) *Modif } // Contains the parameters for ModifyNetworkInterfaceAttribute. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyNetworkInterfaceAttributeRequest type ModifyNetworkInterfaceAttributeInput struct { _ struct{} `type:"structure"` @@ -52784,7 +52595,6 @@ func (s *ModifyNetworkInterfaceAttributeInput) SetSourceDestCheck(v *AttributeBo return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyNetworkInterfaceAttributeOutput type ModifyNetworkInterfaceAttributeOutput struct { _ struct{} `type:"structure"` } @@ -52800,7 +52610,6 @@ func (s ModifyNetworkInterfaceAttributeOutput) GoString() string { } // Contains the parameters for ModifyReservedInstances. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyReservedInstancesRequest type ModifyReservedInstancesInput struct { _ struct{} `type:"structure"` @@ -52864,7 +52673,6 @@ func (s *ModifyReservedInstancesInput) SetTargetConfigurations(v []*ReservedInst } // Contains the output of ModifyReservedInstances. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyReservedInstancesResult type ModifyReservedInstancesOutput struct { _ struct{} `type:"structure"` @@ -52889,7 +52697,6 @@ func (s *ModifyReservedInstancesOutput) SetReservedInstancesModificationId(v str } // Contains the parameters for ModifySnapshotAttribute. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifySnapshotAttributeRequest type ModifySnapshotAttributeInput struct { _ struct{} `type:"structure"` @@ -52987,7 +52794,6 @@ func (s *ModifySnapshotAttributeInput) SetUserIds(v []*string) *ModifySnapshotAt return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifySnapshotAttributeOutput type ModifySnapshotAttributeOutput struct { _ struct{} `type:"structure"` } @@ -53003,7 +52809,6 @@ func (s ModifySnapshotAttributeOutput) GoString() string { } // Contains the parameters for ModifySpotFleetRequest. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifySpotFleetRequestRequest type ModifySpotFleetRequestInput struct { _ struct{} `type:"structure"` @@ -53063,7 +52868,6 @@ func (s *ModifySpotFleetRequestInput) SetTargetCapacity(v int64) *ModifySpotFlee } // Contains the output of ModifySpotFleetRequest. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifySpotFleetRequestResponse type ModifySpotFleetRequestOutput struct { _ struct{} `type:"structure"` @@ -53088,7 +52892,6 @@ func (s *ModifySpotFleetRequestOutput) SetReturn(v bool) *ModifySpotFleetRequest } // Contains the parameters for ModifySubnetAttribute. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifySubnetAttributeRequest type ModifySubnetAttributeInput struct { _ struct{} `type:"structure"` @@ -53155,7 +52958,6 @@ func (s *ModifySubnetAttributeInput) SetSubnetId(v string) *ModifySubnetAttribut return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifySubnetAttributeOutput type ModifySubnetAttributeOutput struct { _ struct{} `type:"structure"` } @@ -53171,7 +52973,6 @@ func (s ModifySubnetAttributeOutput) GoString() string { } // Contains the parameters for ModifyVolumeAttribute. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVolumeAttributeRequest type ModifyVolumeAttributeInput struct { _ struct{} `type:"structure"` @@ -53231,7 +53032,6 @@ func (s *ModifyVolumeAttributeInput) SetVolumeId(v string) *ModifyVolumeAttribut return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVolumeAttributeOutput type ModifyVolumeAttributeOutput struct { _ struct{} `type:"structure"` } @@ -53246,7 +53046,6 @@ func (s ModifyVolumeAttributeOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVolumeRequest type ModifyVolumeInput struct { _ struct{} `type:"structure"` @@ -53338,7 +53137,6 @@ func (s *ModifyVolumeInput) SetVolumeType(v string) *ModifyVolumeInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVolumeResult type ModifyVolumeOutput struct { _ struct{} `type:"structure"` @@ -53363,7 +53161,6 @@ func (s *ModifyVolumeOutput) SetVolumeModification(v *VolumeModification) *Modif } // Contains the parameters for ModifyVpcAttribute. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVpcAttributeRequest type ModifyVpcAttributeInput struct { _ struct{} `type:"structure"` @@ -53432,7 +53229,6 @@ func (s *ModifyVpcAttributeInput) SetVpcId(v string) *ModifyVpcAttributeInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVpcAttributeOutput type ModifyVpcAttributeOutput struct { _ struct{} `type:"structure"` } @@ -53447,7 +53243,6 @@ func (s ModifyVpcAttributeOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVpcEndpointConnectionNotificationRequest type ModifyVpcEndpointConnectionNotificationInput struct { _ struct{} `type:"structure"` @@ -53517,7 +53312,6 @@ func (s *ModifyVpcEndpointConnectionNotificationInput) SetDryRun(v bool) *Modify return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVpcEndpointConnectionNotificationResult type ModifyVpcEndpointConnectionNotificationOutput struct { _ struct{} `type:"structure"` @@ -53542,7 +53336,6 @@ func (s *ModifyVpcEndpointConnectionNotificationOutput) SetReturnValue(v bool) * } // Contains the parameters for ModifyVpcEndpoint. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVpcEndpointRequest type ModifyVpcEndpointInput struct { _ struct{} `type:"structure"` @@ -53679,7 +53472,6 @@ func (s *ModifyVpcEndpointInput) SetVpcEndpointId(v string) *ModifyVpcEndpointIn return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVpcEndpointResult type ModifyVpcEndpointOutput struct { _ struct{} `type:"structure"` @@ -53703,7 +53495,6 @@ func (s *ModifyVpcEndpointOutput) SetReturn(v bool) *ModifyVpcEndpointOutput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVpcEndpointServiceConfigurationRequest type ModifyVpcEndpointServiceConfigurationInput struct { _ struct{} `type:"structure"` @@ -53712,7 +53503,7 @@ type ModifyVpcEndpointServiceConfigurationInput struct { // The Amazon Resource Names (ARNs) of Network Load Balancers to add to your // service configuration. - AddNetworkLoadBalancerArns []*string `locationName:"addNetworkLoadBalancerArn" locationNameList:"item" type:"list"` + AddNetworkLoadBalancerArns []*string `locationName:"AddNetworkLoadBalancerArn" locationNameList:"item" type:"list"` // Checks whether you have the required permissions for the action, without // actually making the request, and provides an error response. If you have @@ -53722,7 +53513,7 @@ type ModifyVpcEndpointServiceConfigurationInput struct { // The Amazon Resource Names (ARNs) of Network Load Balancers to remove from // your service configuration. - RemoveNetworkLoadBalancerArns []*string `locationName:"removeNetworkLoadBalancerArn" locationNameList:"item" type:"list"` + RemoveNetworkLoadBalancerArns []*string `locationName:"RemoveNetworkLoadBalancerArn" locationNameList:"item" type:"list"` // The ID of the service. // @@ -53783,7 +53574,6 @@ func (s *ModifyVpcEndpointServiceConfigurationInput) SetServiceId(v string) *Mod return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVpcEndpointServiceConfigurationResult type ModifyVpcEndpointServiceConfigurationOutput struct { _ struct{} `type:"structure"` @@ -53807,7 +53597,6 @@ func (s *ModifyVpcEndpointServiceConfigurationOutput) SetReturn(v bool) *ModifyV return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVpcEndpointServicePermissionsRequest type ModifyVpcEndpointServicePermissionsInput struct { _ struct{} `type:"structure"` @@ -53878,7 +53667,6 @@ func (s *ModifyVpcEndpointServicePermissionsInput) SetServiceId(v string) *Modif return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVpcEndpointServicePermissionsResult type ModifyVpcEndpointServicePermissionsOutput struct { _ struct{} `type:"structure"` @@ -53902,7 +53690,6 @@ func (s *ModifyVpcEndpointServicePermissionsOutput) SetReturnValue(v bool) *Modi return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVpcPeeringConnectionOptionsRequest type ModifyVpcPeeringConnectionOptionsInput struct { _ struct{} `type:"structure"` @@ -53971,7 +53758,6 @@ func (s *ModifyVpcPeeringConnectionOptionsInput) SetVpcPeeringConnectionId(v str return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVpcPeeringConnectionOptionsResult type ModifyVpcPeeringConnectionOptionsOutput struct { _ struct{} `type:"structure"` @@ -54005,7 +53791,6 @@ func (s *ModifyVpcPeeringConnectionOptionsOutput) SetRequesterPeeringConnectionO } // Contains the parameters for ModifyVpcTenancy. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVpcTenancyRequest type ModifyVpcTenancyInput struct { _ struct{} `type:"structure"` @@ -54071,7 +53856,6 @@ func (s *ModifyVpcTenancyInput) SetVpcId(v string) *ModifyVpcTenancyInput { } // Contains the output of ModifyVpcTenancy. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVpcTenancyResult type ModifyVpcTenancyOutput struct { _ struct{} `type:"structure"` @@ -54096,7 +53880,6 @@ func (s *ModifyVpcTenancyOutput) SetReturnValue(v bool) *ModifyVpcTenancyOutput } // Contains the parameters for MonitorInstances. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/MonitorInstancesRequest type MonitorInstancesInput struct { _ struct{} `type:"structure"` @@ -54148,7 +53931,6 @@ func (s *MonitorInstancesInput) SetInstanceIds(v []*string) *MonitorInstancesInp } // Contains the output of MonitorInstances. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/MonitorInstancesResult type MonitorInstancesOutput struct { _ struct{} `type:"structure"` @@ -54173,7 +53955,6 @@ func (s *MonitorInstancesOutput) SetInstanceMonitorings(v []*InstanceMonitoring) } // Describes the monitoring of an instance. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/Monitoring type Monitoring struct { _ struct{} `type:"structure"` @@ -54199,7 +53980,6 @@ func (s *Monitoring) SetState(v string) *Monitoring { } // Contains the parameters for MoveAddressToVpc. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/MoveAddressToVpcRequest type MoveAddressToVpcInput struct { _ struct{} `type:"structure"` @@ -54251,7 +54031,6 @@ func (s *MoveAddressToVpcInput) SetPublicIp(v string) *MoveAddressToVpcInput { } // Contains the output of MoveAddressToVpc. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/MoveAddressToVpcResult type MoveAddressToVpcOutput struct { _ struct{} `type:"structure"` @@ -54285,7 +54064,6 @@ func (s *MoveAddressToVpcOutput) SetStatus(v string) *MoveAddressToVpcOutput { } // Describes the status of a moving Elastic IP address. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/MovingAddressStatus type MovingAddressStatus struct { _ struct{} `type:"structure"` @@ -54320,7 +54098,6 @@ func (s *MovingAddressStatus) SetPublicIp(v string) *MovingAddressStatus { } // Describes a NAT gateway. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/NatGateway type NatGateway struct { _ struct{} `type:"structure"` @@ -54475,7 +54252,6 @@ func (s *NatGateway) SetVpcId(v string) *NatGateway { } // Describes the IP addresses and network interface associated with a NAT gateway. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/NatGatewayAddress type NatGatewayAddress struct { _ struct{} `type:"structure"` @@ -54528,7 +54304,6 @@ func (s *NatGatewayAddress) SetPublicIp(v string) *NatGatewayAddress { } // Describes a network ACL. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/NetworkAcl type NetworkAcl struct { _ struct{} `type:"structure"` @@ -54598,7 +54373,6 @@ func (s *NetworkAcl) SetVpcId(v string) *NetworkAcl { } // Describes an association between a network ACL and a subnet. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/NetworkAclAssociation type NetworkAclAssociation struct { _ struct{} `type:"structure"` @@ -54641,7 +54415,6 @@ func (s *NetworkAclAssociation) SetSubnetId(v string) *NetworkAclAssociation { } // Describes an entry in a network ACL. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/NetworkAclEntry type NetworkAclEntry struct { _ struct{} `type:"structure"` @@ -54731,7 +54504,6 @@ func (s *NetworkAclEntry) SetRuleNumber(v int64) *NetworkAclEntry { } // Describes a network interface. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/NetworkInterface type NetworkInterface struct { _ struct{} `type:"structure"` @@ -54929,7 +54701,6 @@ func (s *NetworkInterface) SetVpcId(v string) *NetworkInterface { } // Describes association information for an Elastic IP address (IPv4 only). -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/NetworkInterfaceAssociation type NetworkInterfaceAssociation struct { _ struct{} `type:"structure"` @@ -54990,7 +54761,6 @@ func (s *NetworkInterfaceAssociation) SetPublicIp(v string) *NetworkInterfaceAss } // Describes a network interface attachment. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/NetworkInterfaceAttachment type NetworkInterfaceAttachment struct { _ struct{} `type:"structure"` @@ -55069,7 +54839,6 @@ func (s *NetworkInterfaceAttachment) SetStatus(v string) *NetworkInterfaceAttach } // Describes an attachment change. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/NetworkInterfaceAttachmentChanges type NetworkInterfaceAttachmentChanges struct { _ struct{} `type:"structure"` @@ -55103,7 +54872,6 @@ func (s *NetworkInterfaceAttachmentChanges) SetDeleteOnTermination(v bool) *Netw } // Describes an IPv6 address associated with a network interface. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/NetworkInterfaceIpv6Address type NetworkInterfaceIpv6Address struct { _ struct{} `type:"structure"` @@ -55128,7 +54896,6 @@ func (s *NetworkInterfaceIpv6Address) SetIpv6Address(v string) *NetworkInterface } // Describes a permission for a network interface. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/NetworkInterfacePermission type NetworkInterfacePermission struct { _ struct{} `type:"structure"` @@ -55198,7 +54965,6 @@ func (s *NetworkInterfacePermission) SetPermissionState(v *NetworkInterfacePermi } // Describes the state of a network interface permission. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/NetworkInterfacePermissionState type NetworkInterfacePermissionState struct { _ struct{} `type:"structure"` @@ -55232,7 +54998,6 @@ func (s *NetworkInterfacePermissionState) SetStatusMessage(v string) *NetworkInt } // Describes the private IPv4 address of a network interface. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/NetworkInterfacePrivateIpAddress type NetworkInterfacePrivateIpAddress struct { _ struct{} `type:"structure"` @@ -55285,7 +55050,6 @@ func (s *NetworkInterfacePrivateIpAddress) SetPrivateIpAddress(v string) *Networ return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/NewDhcpConfiguration type NewDhcpConfiguration struct { _ struct{} `type:"structure"` @@ -55318,7 +55082,6 @@ func (s *NewDhcpConfiguration) SetValues(v []*string) *NewDhcpConfiguration { // Describes the data that identifies an Amazon FPGA image (AFI) on the PCI // bus. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/PciId type PciId struct { _ struct{} `type:"structure"` @@ -55370,7 +55133,6 @@ func (s *PciId) SetVendorId(v string) *PciId { } // Describes the VPC peering connection options. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/PeeringConnectionOptions type PeeringConnectionOptions struct { _ struct{} `type:"structure"` @@ -55416,7 +55178,6 @@ func (s *PeeringConnectionOptions) SetAllowEgressFromLocalVpcToRemoteClassicLink } // The VPC peering connection options. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/PeeringConnectionOptionsRequest type PeeringConnectionOptionsRequest struct { _ struct{} `type:"structure"` @@ -55462,7 +55223,6 @@ func (s *PeeringConnectionOptionsRequest) SetAllowEgressFromLocalVpcToRemoteClas } // Describes the placement of an instance. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/Placement type Placement struct { _ struct{} `type:"structure"` @@ -55536,7 +55296,6 @@ func (s *Placement) SetTenancy(v string) *Placement { } // Describes a placement group. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/PlacementGroup type PlacementGroup struct { _ struct{} `type:"structure"` @@ -55579,7 +55338,6 @@ func (s *PlacementGroup) SetStrategy(v string) *PlacementGroup { } // Describes a range of ports. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/PortRange type PortRange struct { _ struct{} `type:"structure"` @@ -55613,7 +55371,6 @@ func (s *PortRange) SetTo(v int64) *PortRange { } // Describes prefixes for AWS services. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/PrefixList type PrefixList struct { _ struct{} `type:"structure"` @@ -55656,7 +55413,6 @@ func (s *PrefixList) SetPrefixListName(v string) *PrefixList { } // [EC2-VPC only] The ID of the prefix. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/PrefixListId type PrefixListId struct { _ struct{} `type:"structure"` @@ -55694,7 +55450,6 @@ func (s *PrefixListId) SetPrefixListId(v string) *PrefixListId { } // Describes the price for a Reserved Instance. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/PriceSchedule type PriceSchedule struct { _ struct{} `type:"structure"` @@ -55757,7 +55512,6 @@ func (s *PriceSchedule) SetTerm(v int64) *PriceSchedule { } // Describes the price for a Reserved Instance. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/PriceScheduleSpecification type PriceScheduleSpecification struct { _ struct{} `type:"structure"` @@ -55802,7 +55556,6 @@ func (s *PriceScheduleSpecification) SetTerm(v int64) *PriceScheduleSpecificatio } // Describes a Reserved Instance offering. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/PricingDetail type PricingDetail struct { _ struct{} `type:"structure"` @@ -55835,8 +55588,40 @@ func (s *PricingDetail) SetPrice(v float64) *PricingDetail { return s } +// PrincipalIdFormat description +type PrincipalIdFormat struct { + _ struct{} `type:"structure"` + + // PrincipalIdFormatARN description + Arn *string `locationName:"arn" type:"string"` + + // PrincipalIdFormatStatuses description + Statuses []*IdFormat `locationName:"statusSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s PrincipalIdFormat) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s PrincipalIdFormat) GoString() string { + return s.String() +} + +// SetArn sets the Arn field's value. +func (s *PrincipalIdFormat) SetArn(v string) *PrincipalIdFormat { + s.Arn = &v + return s +} + +// SetStatuses sets the Statuses field's value. +func (s *PrincipalIdFormat) SetStatuses(v []*IdFormat) *PrincipalIdFormat { + s.Statuses = v + return s +} + // Describes a secondary private IPv4 address for a network interface. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/PrivateIpAddressSpecification type PrivateIpAddressSpecification struct { _ struct{} `type:"structure"` @@ -55886,7 +55671,6 @@ func (s *PrivateIpAddressSpecification) SetPrivateIpAddress(v string) *PrivateIp } // Describes a product code. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ProductCode type ProductCode struct { _ struct{} `type:"structure"` @@ -55920,7 +55704,6 @@ func (s *ProductCode) SetProductCodeType(v string) *ProductCode { } // Describes a virtual private gateway propagating route. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/PropagatingVgw type PropagatingVgw struct { _ struct{} `type:"structure"` @@ -55947,7 +55730,6 @@ func (s *PropagatingVgw) SetGatewayId(v string) *PropagatingVgw { // Reserved. If you need to sustain traffic greater than the documented limits // (http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat-gateway.html), // contact us through the Support Center (https://console.aws.amazon.com/support/home?). -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ProvisionedBandwidth type ProvisionedBandwidth struct { _ struct{} `type:"structure"` @@ -56018,7 +55800,6 @@ func (s *ProvisionedBandwidth) SetStatus(v string) *ProvisionedBandwidth { } // Describes the result of the purchase. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/Purchase type Purchase struct { _ struct{} `type:"structure"` @@ -56107,7 +55888,6 @@ func (s *Purchase) SetUpfrontPrice(v string) *Purchase { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/PurchaseHostReservationRequest type PurchaseHostReservationInput struct { _ struct{} `type:"structure"` @@ -56197,7 +55977,6 @@ func (s *PurchaseHostReservationInput) SetOfferingId(v string) *PurchaseHostRese return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/PurchaseHostReservationResult type PurchaseHostReservationOutput struct { _ struct{} `type:"structure"` @@ -56262,7 +56041,6 @@ func (s *PurchaseHostReservationOutput) SetTotalUpfrontPrice(v string) *Purchase } // Describes a request to purchase Scheduled Instances. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/PurchaseRequest type PurchaseRequest struct { _ struct{} `type:"structure"` @@ -56316,7 +56094,6 @@ func (s *PurchaseRequest) SetPurchaseToken(v string) *PurchaseRequest { } // Contains the parameters for PurchaseReservedInstancesOffering. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/PurchaseReservedInstancesOfferingRequest type PurchaseReservedInstancesOfferingInput struct { _ struct{} `type:"structure"` @@ -56393,7 +56170,6 @@ func (s *PurchaseReservedInstancesOfferingInput) SetReservedInstancesOfferingId( } // Contains the output of PurchaseReservedInstancesOffering. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/PurchaseReservedInstancesOfferingResult type PurchaseReservedInstancesOfferingOutput struct { _ struct{} `type:"structure"` @@ -56418,7 +56194,6 @@ func (s *PurchaseReservedInstancesOfferingOutput) SetReservedInstancesId(v strin } // Contains the parameters for PurchaseScheduledInstances. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/PurchaseScheduledInstancesRequest type PurchaseScheduledInstancesInput struct { _ struct{} `type:"structure"` @@ -56493,7 +56268,6 @@ func (s *PurchaseScheduledInstancesInput) SetPurchaseRequests(v []*PurchaseReque } // Contains the output of PurchaseScheduledInstances. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/PurchaseScheduledInstancesResult type PurchaseScheduledInstancesOutput struct { _ struct{} `type:"structure"` @@ -56518,7 +56292,6 @@ func (s *PurchaseScheduledInstancesOutput) SetScheduledInstanceSet(v []*Schedule } // Contains the parameters for RebootInstances. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RebootInstancesRequest type RebootInstancesInput struct { _ struct{} `type:"structure"` @@ -56569,7 +56342,6 @@ func (s *RebootInstancesInput) SetInstanceIds(v []*string) *RebootInstancesInput return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RebootInstancesOutput type RebootInstancesOutput struct { _ struct{} `type:"structure"` } @@ -56585,7 +56357,6 @@ func (s RebootInstancesOutput) GoString() string { } // Describes a recurring charge. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RecurringCharge type RecurringCharge struct { _ struct{} `type:"structure"` @@ -56619,7 +56390,6 @@ func (s *RecurringCharge) SetFrequency(v string) *RecurringCharge { } // Describes a region. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/Region type Region struct { _ struct{} `type:"structure"` @@ -56653,7 +56423,6 @@ func (s *Region) SetRegionName(v string) *Region { } // Contains the parameters for RegisterImage. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RegisterImageRequest type RegisterImageInput struct { _ struct{} `type:"structure"` @@ -56826,7 +56595,6 @@ func (s *RegisterImageInput) SetVirtualizationType(v string) *RegisterImageInput } // Contains the output of RegisterImage. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RegisterImageResult type RegisterImageOutput struct { _ struct{} `type:"structure"` @@ -56850,7 +56618,6 @@ func (s *RegisterImageOutput) SetImageId(v string) *RegisterImageOutput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RejectVpcEndpointConnectionsRequest type RejectVpcEndpointConnectionsInput struct { _ struct{} `type:"structure"` @@ -56915,7 +56682,6 @@ func (s *RejectVpcEndpointConnectionsInput) SetVpcEndpointIds(v []*string) *Reje return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RejectVpcEndpointConnectionsResult type RejectVpcEndpointConnectionsOutput struct { _ struct{} `type:"structure"` @@ -56940,7 +56706,6 @@ func (s *RejectVpcEndpointConnectionsOutput) SetUnsuccessful(v []*UnsuccessfulIt } // Contains the parameters for RejectVpcPeeringConnection. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RejectVpcPeeringConnectionRequest type RejectVpcPeeringConnectionInput struct { _ struct{} `type:"structure"` @@ -56992,7 +56757,6 @@ func (s *RejectVpcPeeringConnectionInput) SetVpcPeeringConnectionId(v string) *R } // Contains the output of RejectVpcPeeringConnection. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RejectVpcPeeringConnectionResult type RejectVpcPeeringConnectionOutput struct { _ struct{} `type:"structure"` @@ -57017,7 +56781,6 @@ func (s *RejectVpcPeeringConnectionOutput) SetReturn(v bool) *RejectVpcPeeringCo } // Contains the parameters for ReleaseAddress. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ReleaseAddressRequest type ReleaseAddressInput struct { _ struct{} `type:"structure"` @@ -57062,7 +56825,6 @@ func (s *ReleaseAddressInput) SetPublicIp(v string) *ReleaseAddressInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ReleaseAddressOutput type ReleaseAddressOutput struct { _ struct{} `type:"structure"` } @@ -57078,7 +56840,6 @@ func (s ReleaseAddressOutput) GoString() string { } // Contains the parameters for ReleaseHosts. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ReleaseHostsRequest type ReleaseHostsInput struct { _ struct{} `type:"structure"` @@ -57118,7 +56879,6 @@ func (s *ReleaseHostsInput) SetHostIds(v []*string) *ReleaseHostsInput { } // Contains the output of ReleaseHosts. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ReleaseHostsResult type ReleaseHostsOutput struct { _ struct{} `type:"structure"` @@ -57152,7 +56912,6 @@ func (s *ReleaseHostsOutput) SetUnsuccessful(v []*UnsuccessfulItem) *ReleaseHost return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ReplaceIamInstanceProfileAssociationRequest type ReplaceIamInstanceProfileAssociationInput struct { _ struct{} `type:"structure"` @@ -57205,7 +56964,6 @@ func (s *ReplaceIamInstanceProfileAssociationInput) SetIamInstanceProfile(v *Iam return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ReplaceIamInstanceProfileAssociationResult type ReplaceIamInstanceProfileAssociationOutput struct { _ struct{} `type:"structure"` @@ -57230,7 +56988,6 @@ func (s *ReplaceIamInstanceProfileAssociationOutput) SetIamInstanceProfileAssoci } // Contains the parameters for ReplaceNetworkAclAssociation. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ReplaceNetworkAclAssociationRequest type ReplaceNetworkAclAssociationInput struct { _ struct{} `type:"structure"` @@ -57297,7 +57054,6 @@ func (s *ReplaceNetworkAclAssociationInput) SetNetworkAclId(v string) *ReplaceNe } // Contains the output of ReplaceNetworkAclAssociation. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ReplaceNetworkAclAssociationResult type ReplaceNetworkAclAssociationOutput struct { _ struct{} `type:"structure"` @@ -57322,7 +57078,6 @@ func (s *ReplaceNetworkAclAssociationOutput) SetNewAssociationId(v string) *Repl } // Contains the parameters for ReplaceNetworkAclEntry. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ReplaceNetworkAclEntryRequest type ReplaceNetworkAclEntryInput struct { _ struct{} `type:"structure"` @@ -57475,7 +57230,6 @@ func (s *ReplaceNetworkAclEntryInput) SetRuleNumber(v int64) *ReplaceNetworkAclE return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ReplaceNetworkAclEntryOutput type ReplaceNetworkAclEntryOutput struct { _ struct{} `type:"structure"` } @@ -57491,7 +57245,6 @@ func (s ReplaceNetworkAclEntryOutput) GoString() string { } // Contains the parameters for ReplaceRoute. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ReplaceRouteRequest type ReplaceRouteInput struct { _ struct{} `type:"structure"` @@ -57616,7 +57369,6 @@ func (s *ReplaceRouteInput) SetVpcPeeringConnectionId(v string) *ReplaceRouteInp return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ReplaceRouteOutput type ReplaceRouteOutput struct { _ struct{} `type:"structure"` } @@ -57632,7 +57384,6 @@ func (s ReplaceRouteOutput) GoString() string { } // Contains the parameters for ReplaceRouteTableAssociation. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ReplaceRouteTableAssociationRequest type ReplaceRouteTableAssociationInput struct { _ struct{} `type:"structure"` @@ -57698,7 +57449,6 @@ func (s *ReplaceRouteTableAssociationInput) SetRouteTableId(v string) *ReplaceRo } // Contains the output of ReplaceRouteTableAssociation. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ReplaceRouteTableAssociationResult type ReplaceRouteTableAssociationOutput struct { _ struct{} `type:"structure"` @@ -57723,7 +57473,6 @@ func (s *ReplaceRouteTableAssociationOutput) SetNewAssociationId(v string) *Repl } // Contains the parameters for ReportInstanceStatus. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ReportInstanceStatusRequest type ReportInstanceStatusInput struct { _ struct{} `type:"structure"` @@ -57850,7 +57599,6 @@ func (s *ReportInstanceStatusInput) SetStatus(v string) *ReportInstanceStatusInp return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ReportInstanceStatusOutput type ReportInstanceStatusOutput struct { _ struct{} `type:"structure"` } @@ -57866,7 +57614,6 @@ func (s ReportInstanceStatusOutput) GoString() string { } // The information to include in the launch template. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RequestLaunchTemplateData type RequestLaunchTemplateData struct { _ struct{} `type:"structure"` @@ -57960,12 +57707,10 @@ type RequestLaunchTemplateData struct { // are created during launch. TagSpecifications []*LaunchTemplateTagSpecificationRequest `locationName:"TagSpecification" locationNameList:"LaunchTemplateTagSpecificationRequest" type:"list"` - // The user data to make available to the instance. For more information, see - // Running Commands on Your Linux Instance at Launch (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html) + // The Base64-encoded user data to make available to the instance. For more + // information, see Running Commands on Your Linux Instance at Launch (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html) // (Linux) and Adding User Data (http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ec2-instance-metadata.html#instancedata-add-user-data) - // (Windows). If you are using a command line tool, base64-encoding is performed - // for you and you can load the text from a file. Otherwise, you must provide - // base64-encoded text. + // (Windows). UserData *string `type:"string"` } @@ -58135,7 +57880,6 @@ func (s *RequestLaunchTemplateData) SetUserData(v string) *RequestLaunchTemplate } // Contains the parameters for RequestSpotFleet. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RequestSpotFleetRequest type RequestSpotFleetInput struct { _ struct{} `type:"structure"` @@ -58192,7 +57936,6 @@ func (s *RequestSpotFleetInput) SetSpotFleetRequestConfig(v *SpotFleetRequestCon } // Contains the output of RequestSpotFleet. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RequestSpotFleetResponse type RequestSpotFleetOutput struct { _ struct{} `type:"structure"` @@ -58219,7 +57962,6 @@ func (s *RequestSpotFleetOutput) SetSpotFleetRequestId(v string) *RequestSpotFle } // Contains the parameters for RequestSpotInstances. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RequestSpotInstancesRequest type RequestSpotInstancesInput struct { _ struct{} `type:"structure"` @@ -58407,7 +58149,6 @@ func (s *RequestSpotInstancesInput) SetValidUntil(v time.Time) *RequestSpotInsta } // Contains the output of RequestSpotInstances. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RequestSpotInstancesResult type RequestSpotInstancesOutput struct { _ struct{} `type:"structure"` @@ -58432,7 +58173,6 @@ func (s *RequestSpotInstancesOutput) SetSpotInstanceRequests(v []*SpotInstanceRe } // Describes the launch specification for an instance. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RequestSpotLaunchSpecification type RequestSpotLaunchSpecification struct { _ struct{} `type:"structure"` @@ -58495,9 +58235,7 @@ type RequestSpotLaunchSpecification struct { // The ID of the subnet in which to launch the instance. SubnetId *string `locationName:"subnetId" type:"string"` - // The user data to make available to the instances. If you are using an AWS - // SDK or command line tool, Base64-encoding is performed for you, and you can - // load the text from a file. Otherwise, you must provide Base64-encoded text. + // The Base64-encoded user data for the instance. UserData *string `locationName:"userData" type:"string"` } @@ -58633,7 +58371,6 @@ func (s *RequestSpotLaunchSpecification) SetUserData(v string) *RequestSpotLaunc } // Describes a reservation. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/Reservation type Reservation struct { _ struct{} `type:"structure"` @@ -58695,7 +58432,6 @@ func (s *Reservation) SetReservationId(v string) *Reservation { } // The cost associated with the Reserved Instance. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ReservationValue type ReservationValue struct { _ struct{} `type:"structure"` @@ -58739,7 +58475,6 @@ func (s *ReservationValue) SetRemainingUpfrontValue(v string) *ReservationValue } // Describes the limit price of a Reserved Instance offering. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ReservedInstanceLimitPrice type ReservedInstanceLimitPrice struct { _ struct{} `type:"structure"` @@ -58775,7 +58510,6 @@ func (s *ReservedInstanceLimitPrice) SetCurrencyCode(v string) *ReservedInstance } // The total value of the Convertible Reserved Instance. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ReservedInstanceReservationValue type ReservedInstanceReservationValue struct { _ struct{} `type:"structure"` @@ -58809,7 +58543,6 @@ func (s *ReservedInstanceReservationValue) SetReservedInstanceId(v string) *Rese } // Describes a Reserved Instance. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ReservedInstances type ReservedInstances struct { _ struct{} `type:"structure"` @@ -58988,7 +58721,6 @@ func (s *ReservedInstances) SetUsagePrice(v float64) *ReservedInstances { } // Describes the configuration settings for the modified Reserved Instances. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ReservedInstancesConfiguration type ReservedInstancesConfiguration struct { _ struct{} `type:"structure"` @@ -59051,7 +58783,6 @@ func (s *ReservedInstancesConfiguration) SetScope(v string) *ReservedInstancesCo } // Describes the ID of a Reserved Instance. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ReservedInstancesId type ReservedInstancesId struct { _ struct{} `type:"structure"` @@ -59076,7 +58807,6 @@ func (s *ReservedInstancesId) SetReservedInstancesId(v string) *ReservedInstance } // Describes a Reserved Instance listing. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ReservedInstancesListing type ReservedInstancesListing struct { _ struct{} `type:"structure"` @@ -59184,7 +58914,6 @@ func (s *ReservedInstancesListing) SetUpdateDate(v time.Time) *ReservedInstances } // Describes a Reserved Instance modification. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ReservedInstancesModification type ReservedInstancesModification struct { _ struct{} `type:"structure"` @@ -59283,7 +59012,6 @@ func (s *ReservedInstancesModification) SetUpdateDate(v time.Time) *ReservedInst } // Describes the modification request/s. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ReservedInstancesModificationResult type ReservedInstancesModificationResult struct { _ struct{} `type:"structure"` @@ -59319,7 +59047,6 @@ func (s *ReservedInstancesModificationResult) SetTargetConfiguration(v *Reserved } // Describes a Reserved Instance offering. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ReservedInstancesOffering type ReservedInstancesOffering struct { _ struct{} `type:"structure"` @@ -59477,7 +59204,6 @@ func (s *ReservedInstancesOffering) SetUsagePrice(v float64) *ReservedInstancesO return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ResetFpgaImageAttributeRequest type ResetFpgaImageAttributeInput struct { _ struct{} `type:"structure"` @@ -59537,7 +59263,6 @@ func (s *ResetFpgaImageAttributeInput) SetFpgaImageId(v string) *ResetFpgaImageA return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ResetFpgaImageAttributeResult type ResetFpgaImageAttributeOutput struct { _ struct{} `type:"structure"` @@ -59562,7 +59287,6 @@ func (s *ResetFpgaImageAttributeOutput) SetReturn(v bool) *ResetFpgaImageAttribu } // Contains the parameters for ResetImageAttribute. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ResetImageAttributeRequest type ResetImageAttributeInput struct { _ struct{} `type:"structure"` @@ -59628,7 +59352,6 @@ func (s *ResetImageAttributeInput) SetImageId(v string) *ResetImageAttributeInpu return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ResetImageAttributeOutput type ResetImageAttributeOutput struct { _ struct{} `type:"structure"` } @@ -59644,7 +59367,6 @@ func (s ResetImageAttributeOutput) GoString() string { } // Contains the parameters for ResetInstanceAttribute. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ResetInstanceAttributeRequest type ResetInstanceAttributeInput struct { _ struct{} `type:"structure"` @@ -59712,7 +59434,6 @@ func (s *ResetInstanceAttributeInput) SetInstanceId(v string) *ResetInstanceAttr return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ResetInstanceAttributeOutput type ResetInstanceAttributeOutput struct { _ struct{} `type:"structure"` } @@ -59728,7 +59449,6 @@ func (s ResetInstanceAttributeOutput) GoString() string { } // Contains the parameters for ResetNetworkInterfaceAttribute. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ResetNetworkInterfaceAttributeRequest type ResetNetworkInterfaceAttributeInput struct { _ struct{} `type:"structure"` @@ -59788,7 +59508,6 @@ func (s *ResetNetworkInterfaceAttributeInput) SetSourceDestCheck(v string) *Rese return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ResetNetworkInterfaceAttributeOutput type ResetNetworkInterfaceAttributeOutput struct { _ struct{} `type:"structure"` } @@ -59804,7 +59523,6 @@ func (s ResetNetworkInterfaceAttributeOutput) GoString() string { } // Contains the parameters for ResetSnapshotAttribute. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ResetSnapshotAttributeRequest type ResetSnapshotAttributeInput struct { _ struct{} `type:"structure"` @@ -59870,7 +59588,6 @@ func (s *ResetSnapshotAttributeInput) SetSnapshotId(v string) *ResetSnapshotAttr return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ResetSnapshotAttributeOutput type ResetSnapshotAttributeOutput struct { _ struct{} `type:"structure"` } @@ -59887,7 +59604,6 @@ func (s ResetSnapshotAttributeOutput) GoString() string { // Describes the error that's returned when you cannot delete a launch template // version. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ResponseError type ResponseError struct { _ struct{} `type:"structure"` @@ -59921,7 +59637,6 @@ func (s *ResponseError) SetMessage(v string) *ResponseError { } // The information for a launch template. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ResponseLaunchTemplateData type ResponseLaunchTemplateData struct { _ struct{} `type:"structure"` @@ -60119,7 +59834,6 @@ func (s *ResponseLaunchTemplateData) SetUserData(v string) *ResponseLaunchTempla } // Contains the parameters for RestoreAddressToClassic. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RestoreAddressToClassicRequest type RestoreAddressToClassicInput struct { _ struct{} `type:"structure"` @@ -60171,7 +59885,6 @@ func (s *RestoreAddressToClassicInput) SetPublicIp(v string) *RestoreAddressToCl } // Contains the output of RestoreAddressToClassic. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RestoreAddressToClassicResult type RestoreAddressToClassicOutput struct { _ struct{} `type:"structure"` @@ -60205,7 +59918,6 @@ func (s *RestoreAddressToClassicOutput) SetStatus(v string) *RestoreAddressToCla } // Contains the parameters for RevokeSecurityGroupEgress. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RevokeSecurityGroupEgressRequest type RevokeSecurityGroupEgressInput struct { _ struct{} `type:"structure"` @@ -60323,7 +60035,6 @@ func (s *RevokeSecurityGroupEgressInput) SetToPort(v int64) *RevokeSecurityGroup return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RevokeSecurityGroupEgressOutput type RevokeSecurityGroupEgressOutput struct { _ struct{} `type:"structure"` } @@ -60339,7 +60050,6 @@ func (s RevokeSecurityGroupEgressOutput) GoString() string { } // Contains the parameters for RevokeSecurityGroupIngress. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RevokeSecurityGroupIngressRequest type RevokeSecurityGroupIngressInput struct { _ struct{} `type:"structure"` @@ -60465,7 +60175,6 @@ func (s *RevokeSecurityGroupIngressInput) SetToPort(v int64) *RevokeSecurityGrou return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RevokeSecurityGroupIngressOutput type RevokeSecurityGroupIngressOutput struct { _ struct{} `type:"structure"` } @@ -60481,7 +60190,6 @@ func (s RevokeSecurityGroupIngressOutput) GoString() string { } // Describes a route in a route table. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/Route type Route struct { _ struct{} `type:"structure"` @@ -60614,7 +60322,6 @@ func (s *Route) SetVpcPeeringConnectionId(v string) *Route { } // Describes a route table. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RouteTable type RouteTable struct { _ struct{} `type:"structure"` @@ -60684,7 +60391,6 @@ func (s *RouteTable) SetVpcId(v string) *RouteTable { } // Describes an association between a route table and a subnet. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RouteTableAssociation type RouteTableAssociation struct { _ struct{} `type:"structure"` @@ -60736,7 +60442,6 @@ func (s *RouteTableAssociation) SetSubnetId(v string) *RouteTableAssociation { } // Contains the parameters for RunInstances. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RunInstancesRequest type RunInstancesInput struct { _ struct{} `type:"structure"` @@ -61159,7 +60864,6 @@ func (s *RunInstancesInput) SetUserData(v string) *RunInstancesInput { } // Describes the monitoring of an instance. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RunInstancesMonitoringEnabled type RunInstancesMonitoringEnabled struct { _ struct{} `type:"structure"` @@ -61200,7 +60904,6 @@ func (s *RunInstancesMonitoringEnabled) SetEnabled(v bool) *RunInstancesMonitori } // Contains the parameters for RunScheduledInstances. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RunScheduledInstancesRequest type RunScheduledInstancesInput struct { _ struct{} `type:"structure"` @@ -61293,7 +60996,6 @@ func (s *RunScheduledInstancesInput) SetScheduledInstanceId(v string) *RunSchedu } // Contains the output of RunScheduledInstances. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RunScheduledInstancesResult type RunScheduledInstancesOutput struct { _ struct{} `type:"structure"` @@ -61319,7 +61021,6 @@ func (s *RunScheduledInstancesOutput) SetInstanceIdSet(v []*string) *RunSchedule // Describes the storage parameters for S3 and S3 buckets for an instance store-backed // AMI. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/S3Storage type S3Storage struct { _ struct{} `type:"structure"` @@ -61387,7 +61088,6 @@ func (s *S3Storage) SetUploadPolicySignature(v string) *S3Storage { } // Describes a Scheduled Instance. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ScheduledInstance type ScheduledInstance struct { _ struct{} `type:"structure"` @@ -61538,7 +61238,6 @@ func (s *ScheduledInstance) SetTotalScheduledInstanceHours(v int64) *ScheduledIn } // Describes a schedule that is available for your Scheduled Instances. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ScheduledInstanceAvailability type ScheduledInstanceAvailability struct { _ struct{} `type:"structure"` @@ -61672,7 +61371,6 @@ func (s *ScheduledInstanceAvailability) SetTotalScheduledInstanceHours(v int64) } // Describes the recurring schedule for a Scheduled Instance. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ScheduledInstanceRecurrence type ScheduledInstanceRecurrence struct { _ struct{} `type:"structure"` @@ -61737,7 +61435,6 @@ func (s *ScheduledInstanceRecurrence) SetOccurrenceUnit(v string) *ScheduledInst } // Describes the recurring schedule for a Scheduled Instance. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ScheduledInstanceRecurrenceRequest type ScheduledInstanceRecurrenceRequest struct { _ struct{} `type:"structure"` @@ -61805,7 +61502,6 @@ func (s *ScheduledInstanceRecurrenceRequest) SetOccurrenceUnit(v string) *Schedu } // Describes a block device mapping for a Scheduled Instance. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ScheduledInstancesBlockDeviceMapping type ScheduledInstancesBlockDeviceMapping struct { _ struct{} `type:"structure"` @@ -61868,7 +61564,6 @@ func (s *ScheduledInstancesBlockDeviceMapping) SetVirtualName(v string) *Schedul } // Describes an EBS volume for a Scheduled Instance. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ScheduledInstancesEbs type ScheduledInstancesEbs struct { _ struct{} `type:"structure"` @@ -61957,7 +61652,6 @@ func (s *ScheduledInstancesEbs) SetVolumeType(v string) *ScheduledInstancesEbs { } // Describes an IAM instance profile for a Scheduled Instance. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ScheduledInstancesIamInstanceProfile type ScheduledInstancesIamInstanceProfile struct { _ struct{} `type:"structure"` @@ -61991,7 +61685,6 @@ func (s *ScheduledInstancesIamInstanceProfile) SetName(v string) *ScheduledInsta } // Describes an IPv6 address. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ScheduledInstancesIpv6Address type ScheduledInstancesIpv6Address struct { _ struct{} `type:"structure"` @@ -62020,7 +61713,6 @@ func (s *ScheduledInstancesIpv6Address) SetIpv6Address(v string) *ScheduledInsta // If you are launching the Scheduled Instance in EC2-VPC, you must specify // the ID of the subnet. You can specify the subnet using either SubnetId or // NetworkInterface. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ScheduledInstancesLaunchSpecification type ScheduledInstancesLaunchSpecification struct { _ struct{} `type:"structure"` @@ -62183,7 +61875,6 @@ func (s *ScheduledInstancesLaunchSpecification) SetUserData(v string) *Scheduled } // Describes whether monitoring is enabled for a Scheduled Instance. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ScheduledInstancesMonitoring type ScheduledInstancesMonitoring struct { _ struct{} `type:"structure"` @@ -62208,7 +61899,6 @@ func (s *ScheduledInstancesMonitoring) SetEnabled(v bool) *ScheduledInstancesMon } // Describes a network interface for a Scheduled Instance. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ScheduledInstancesNetworkInterface type ScheduledInstancesNetworkInterface struct { _ struct{} `type:"structure"` @@ -62337,7 +62027,6 @@ func (s *ScheduledInstancesNetworkInterface) SetSubnetId(v string) *ScheduledIns } // Describes the placement for a Scheduled Instance. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ScheduledInstancesPlacement type ScheduledInstancesPlacement struct { _ struct{} `type:"structure"` @@ -62371,7 +62060,6 @@ func (s *ScheduledInstancesPlacement) SetGroupName(v string) *ScheduledInstances } // Describes a private IPv4 address for a Scheduled Instance. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ScheduledInstancesPrivateIpAddressConfig type ScheduledInstancesPrivateIpAddressConfig struct { _ struct{} `type:"structure"` @@ -62406,7 +62094,6 @@ func (s *ScheduledInstancesPrivateIpAddressConfig) SetPrivateIpAddress(v string) } // Describes a security group -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/SecurityGroup type SecurityGroup struct { _ struct{} `type:"structure"` @@ -62494,7 +62181,6 @@ func (s *SecurityGroup) SetVpcId(v string) *SecurityGroup { } // Describes a security group. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/SecurityGroupIdentifier type SecurityGroupIdentifier struct { _ struct{} `type:"structure"` @@ -62528,7 +62214,6 @@ func (s *SecurityGroupIdentifier) SetGroupName(v string) *SecurityGroupIdentifie } // Describes a VPC with a security group that references your security group. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/SecurityGroupReference type SecurityGroupReference struct { _ struct{} `type:"structure"` @@ -62575,7 +62260,6 @@ func (s *SecurityGroupReference) SetVpcPeeringConnectionId(v string) *SecurityGr } // Describes a service configuration for a VPC endpoint service. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ServiceConfiguration type ServiceConfiguration struct { _ struct{} `type:"structure"` @@ -62673,7 +62357,6 @@ func (s *ServiceConfiguration) SetServiceType(v []*ServiceTypeDetail) *ServiceCo } // Describes a VPC endpoint service. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ServiceDetail type ServiceDetail struct { _ struct{} `type:"structure"` @@ -62762,7 +62445,6 @@ func (s *ServiceDetail) SetVpcEndpointPolicySupported(v bool) *ServiceDetail { } // Describes the type of service for a VPC endpoint. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ServiceTypeDetail type ServiceTypeDetail struct { _ struct{} `type:"structure"` @@ -62788,7 +62470,6 @@ func (s *ServiceTypeDetail) SetServiceType(v string) *ServiceTypeDetail { // Describes the time period for a Scheduled Instance to start its first schedule. // The time period must span less than one day. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/SlotDateTimeRangeRequest type SlotDateTimeRangeRequest struct { _ struct{} `type:"structure"` @@ -62844,7 +62525,6 @@ func (s *SlotDateTimeRangeRequest) SetLatestTime(v time.Time) *SlotDateTimeRange } // Describes the time period for a Scheduled Instance to start its first schedule. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/SlotStartTimeRangeRequest type SlotStartTimeRangeRequest struct { _ struct{} `type:"structure"` @@ -62878,7 +62558,6 @@ func (s *SlotStartTimeRangeRequest) SetLatestTime(v time.Time) *SlotStartTimeRan } // Describes a snapshot. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/Snapshot type Snapshot struct { _ struct{} `type:"structure"` @@ -63036,7 +62715,6 @@ func (s *Snapshot) SetVolumeSize(v int64) *Snapshot { } // Describes the snapshot created from the imported disk. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/SnapshotDetail type SnapshotDetail struct { _ struct{} `type:"structure"` @@ -63142,7 +62820,6 @@ func (s *SnapshotDetail) SetUserBucket(v *UserBucketDetails) *SnapshotDetail { } // The disk container object for the import snapshot request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/SnapshotDiskContainer type SnapshotDiskContainer struct { _ struct{} `type:"structure"` @@ -63151,7 +62828,7 @@ type SnapshotDiskContainer struct { // The format of the disk image being imported. // - // Valid values: RAW | VHD | VMDK | OVA + // Valid values: VHD | VMDK | OVA Format *string `type:"string"` // The URL to the Amazon S3-based disk image being imported. It can either be @@ -63197,7 +62874,6 @@ func (s *SnapshotDiskContainer) SetUserBucket(v *UserBucket) *SnapshotDiskContai } // Details about the import snapshot task. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/SnapshotTaskDetail type SnapshotTaskDetail struct { _ struct{} `type:"structure"` @@ -63294,7 +62970,6 @@ func (s *SnapshotTaskDetail) SetUserBucket(v *UserBucketDetails) *SnapshotTaskDe } // Describes the data feed for a Spot Instance. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/SpotDatafeedSubscription type SpotDatafeedSubscription struct { _ struct{} `type:"structure"` @@ -63355,7 +63030,6 @@ func (s *SpotDatafeedSubscription) SetState(v string) *SpotDatafeedSubscription } // Describes the launch specification for one or more Spot Instances. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/SpotFleetLaunchSpecification type SpotFleetLaunchSpecification struct { _ struct{} `type:"structure"` @@ -63423,9 +63097,7 @@ type SpotFleetLaunchSpecification struct { // The tags to apply during creation. TagSpecifications []*SpotFleetTagSpecification `locationName:"tagSpecificationSet" locationNameList:"item" type:"list"` - // The user data to make available to the instances. If you are using an AWS - // SDK or command line tool, Base64-encoding is performed for you, and you can - // load the text from a file. Otherwise, you must provide Base64-encoded text. + // The Base64-encoded user data to make available to the instances. UserData *string `locationName:"userData" type:"string"` // The number of units provided by the specified instance type. These are the @@ -63577,7 +63249,6 @@ func (s *SpotFleetLaunchSpecification) SetWeightedCapacity(v float64) *SpotFleet } // Describes whether monitoring is enabled. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/SpotFleetMonitoring type SpotFleetMonitoring struct { _ struct{} `type:"structure"` @@ -63604,7 +63275,6 @@ func (s *SpotFleetMonitoring) SetEnabled(v bool) *SpotFleetMonitoring { } // Describes a Spot Fleet request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/SpotFleetRequestConfig type SpotFleetRequestConfig struct { _ struct{} `type:"structure"` @@ -63677,7 +63347,6 @@ func (s *SpotFleetRequestConfig) SetSpotFleetRequestState(v string) *SpotFleetRe } // Describes the configuration of a Spot Fleet request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/SpotFleetRequestConfigData type SpotFleetRequestConfigData struct { _ struct{} `type:"structure"` @@ -63912,7 +63581,6 @@ func (s *SpotFleetRequestConfigData) SetValidUntil(v time.Time) *SpotFleetReques } // The tags for a Spot Fleet resource. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/SpotFleetTagSpecification type SpotFleetTagSpecification struct { _ struct{} `type:"structure"` @@ -63947,7 +63615,6 @@ func (s *SpotFleetTagSpecification) SetTags(v []*Tag) *SpotFleetTagSpecification } // Describes a Spot Instance request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/SpotInstanceRequest type SpotInstanceRequest struct { _ struct{} `type:"structure"` @@ -64148,7 +63815,6 @@ func (s *SpotInstanceRequest) SetValidUntil(v time.Time) *SpotInstanceRequest { } // Describes a Spot Instance state change. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/SpotInstanceStateFault type SpotInstanceStateFault struct { _ struct{} `type:"structure"` @@ -64182,7 +63848,6 @@ func (s *SpotInstanceStateFault) SetMessage(v string) *SpotInstanceStateFault { } // Describes the status of a Spot Instance request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/SpotInstanceStatus type SpotInstanceStatus struct { _ struct{} `type:"structure"` @@ -64227,7 +63892,6 @@ func (s *SpotInstanceStatus) SetUpdateTime(v time.Time) *SpotInstanceStatus { } // The options for Spot Instances. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/SpotMarketOptions type SpotMarketOptions struct { _ struct{} `type:"structure"` @@ -64295,7 +63959,6 @@ func (s *SpotMarketOptions) SetValidUntil(v time.Time) *SpotMarketOptions { } // Describes Spot Instance placement. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/SpotPlacement type SpotPlacement struct { _ struct{} `type:"structure"` @@ -64344,7 +64007,6 @@ func (s *SpotPlacement) SetTenancy(v string) *SpotPlacement { // Describes the maximum price per hour that you are willing to pay for a Spot // Instance. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/SpotPrice type SpotPrice struct { _ struct{} `type:"structure"` @@ -64405,7 +64067,6 @@ func (s *SpotPrice) SetTimestamp(v time.Time) *SpotPrice { } // Describes a stale rule in a security group. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/StaleIpPermission type StaleIpPermission struct { _ struct{} `type:"structure"` @@ -64480,7 +64141,6 @@ func (s *StaleIpPermission) SetUserIdGroupPairs(v []*UserIdGroupPair) *StaleIpPe } // Describes a stale security group (a security group that contains stale rules). -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/StaleSecurityGroup type StaleSecurityGroup struct { _ struct{} `type:"structure"` @@ -64552,7 +64212,6 @@ func (s *StaleSecurityGroup) SetVpcId(v string) *StaleSecurityGroup { } // Contains the parameters for StartInstances. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/StartInstancesRequest type StartInstancesInput struct { _ struct{} `type:"structure"` @@ -64613,7 +64272,6 @@ func (s *StartInstancesInput) SetInstanceIds(v []*string) *StartInstancesInput { } // Contains the output of StartInstances. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/StartInstancesResult type StartInstancesOutput struct { _ struct{} `type:"structure"` @@ -64638,7 +64296,6 @@ func (s *StartInstancesOutput) SetStartingInstances(v []*InstanceStateChange) *S } // Describes a state change. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/StateReason type StateReason struct { _ struct{} `type:"structure"` @@ -64701,7 +64358,6 @@ func (s *StateReason) SetMessage(v string) *StateReason { } // Contains the parameters for StopInstances. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/StopInstancesRequest type StopInstancesInput struct { _ struct{} `type:"structure"` @@ -64767,7 +64423,6 @@ func (s *StopInstancesInput) SetInstanceIds(v []*string) *StopInstancesInput { } // Contains the output of StopInstances. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/StopInstancesResult type StopInstancesOutput struct { _ struct{} `type:"structure"` @@ -64792,7 +64447,6 @@ func (s *StopInstancesOutput) SetStoppingInstances(v []*InstanceStateChange) *St } // Describes the storage location for an instance store-backed AMI. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/Storage type Storage struct { _ struct{} `type:"structure"` @@ -64817,7 +64471,6 @@ func (s *Storage) SetS3(v *S3Storage) *Storage { } // Describes a storage location in Amazon S3. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/StorageLocation type StorageLocation struct { _ struct{} `type:"structure"` @@ -64851,7 +64504,6 @@ func (s *StorageLocation) SetKey(v string) *StorageLocation { } // Describes a subnet. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/Subnet type Subnet struct { _ struct{} `type:"structure"` @@ -64969,7 +64621,6 @@ func (s *Subnet) SetVpcId(v string) *Subnet { } // Describes the state of a CIDR block. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/SubnetCidrBlockState type SubnetCidrBlockState struct { _ struct{} `type:"structure"` @@ -65003,7 +64654,6 @@ func (s *SubnetCidrBlockState) SetStatusMessage(v string) *SubnetCidrBlockState } // Describes an IPv6 CIDR block associated with a subnet. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/SubnetIpv6CidrBlockAssociation type SubnetIpv6CidrBlockAssociation struct { _ struct{} `type:"structure"` @@ -65047,7 +64697,6 @@ func (s *SubnetIpv6CidrBlockAssociation) SetIpv6CidrBlockState(v *SubnetCidrBloc // Describes the T2 instance whose credit option for CPU usage was successfully // modified. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/SuccessfulInstanceCreditSpecificationItem type SuccessfulInstanceCreditSpecificationItem struct { _ struct{} `type:"structure"` @@ -65072,7 +64721,6 @@ func (s *SuccessfulInstanceCreditSpecificationItem) SetInstanceId(v string) *Suc } // Describes a tag. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/Tag type Tag struct { _ struct{} `type:"structure"` @@ -65112,7 +64760,6 @@ func (s *Tag) SetValue(v string) *Tag { } // Describes a tag. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/TagDescription type TagDescription struct { _ struct{} `type:"structure"` @@ -65164,7 +64811,6 @@ func (s *TagDescription) SetValue(v string) *TagDescription { } // The tags to apply to a resource when the resource is being created. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/TagSpecification type TagSpecification struct { _ struct{} `type:"structure"` @@ -65199,7 +64845,6 @@ func (s *TagSpecification) SetTags(v []*Tag) *TagSpecification { } // Information about the Convertible Reserved Instance offering. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/TargetConfiguration type TargetConfiguration struct { _ struct{} `type:"structure"` @@ -65234,7 +64879,6 @@ func (s *TargetConfiguration) SetOfferingId(v string) *TargetConfiguration { } // Details about the target configuration. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/TargetConfigurationRequest type TargetConfigurationRequest struct { _ struct{} `type:"structure"` @@ -65284,7 +64928,6 @@ func (s *TargetConfigurationRequest) SetOfferingId(v string) *TargetConfiguratio } // Describes a load balancer target group. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/TargetGroup type TargetGroup struct { _ struct{} `type:"structure"` @@ -65325,7 +64968,6 @@ func (s *TargetGroup) SetArn(v string) *TargetGroup { // Describes the target groups to attach to a Spot Fleet. Spot Fleet registers // the running Spot Instances with these target groups. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/TargetGroupsConfig type TargetGroupsConfig struct { _ struct{} `type:"structure"` @@ -65378,7 +65020,6 @@ func (s *TargetGroupsConfig) SetTargetGroups(v []*TargetGroup) *TargetGroupsConf } // The total value of the new Convertible Reserved Instances. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/TargetReservationValue type TargetReservationValue struct { _ struct{} `type:"structure"` @@ -65415,7 +65056,6 @@ func (s *TargetReservationValue) SetTargetConfiguration(v *TargetConfiguration) } // Contains the parameters for TerminateInstances. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/TerminateInstancesRequest type TerminateInstancesInput struct { _ struct{} `type:"structure"` @@ -65470,7 +65110,6 @@ func (s *TerminateInstancesInput) SetInstanceIds(v []*string) *TerminateInstance } // Contains the output of TerminateInstances. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/TerminateInstancesResult type TerminateInstancesOutput struct { _ struct{} `type:"structure"` @@ -65494,7 +65133,6 @@ func (s *TerminateInstancesOutput) SetTerminatingInstances(v []*InstanceStateCha return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/UnassignIpv6AddressesRequest type UnassignIpv6AddressesInput struct { _ struct{} `type:"structure"` @@ -65547,7 +65185,6 @@ func (s *UnassignIpv6AddressesInput) SetNetworkInterfaceId(v string) *UnassignIp return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/UnassignIpv6AddressesResult type UnassignIpv6AddressesOutput struct { _ struct{} `type:"structure"` @@ -65581,7 +65218,6 @@ func (s *UnassignIpv6AddressesOutput) SetUnassignedIpv6Addresses(v []*string) *U } // Contains the parameters for UnassignPrivateIpAddresses. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/UnassignPrivateIpAddressesRequest type UnassignPrivateIpAddressesInput struct { _ struct{} `type:"structure"` @@ -65635,7 +65271,6 @@ func (s *UnassignPrivateIpAddressesInput) SetPrivateIpAddresses(v []*string) *Un return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/UnassignPrivateIpAddressesOutput type UnassignPrivateIpAddressesOutput struct { _ struct{} `type:"structure"` } @@ -65651,7 +65286,6 @@ func (s UnassignPrivateIpAddressesOutput) GoString() string { } // Contains the parameters for UnmonitorInstances. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/UnmonitorInstancesRequest type UnmonitorInstancesInput struct { _ struct{} `type:"structure"` @@ -65703,7 +65337,6 @@ func (s *UnmonitorInstancesInput) SetInstanceIds(v []*string) *UnmonitorInstance } // Contains the output of UnmonitorInstances. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/UnmonitorInstancesResult type UnmonitorInstancesOutput struct { _ struct{} `type:"structure"` @@ -65728,7 +65361,6 @@ func (s *UnmonitorInstancesOutput) SetInstanceMonitorings(v []*InstanceMonitorin } // Describes the T2 instance whose credit option for CPU usage was not modified. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/UnsuccessfulInstanceCreditSpecificationItem type UnsuccessfulInstanceCreditSpecificationItem struct { _ struct{} `type:"structure"` @@ -65764,7 +65396,6 @@ func (s *UnsuccessfulInstanceCreditSpecificationItem) SetInstanceId(v string) *U // Information about the error for the T2 instance whose credit option for CPU // usage was not modified. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/UnsuccessfulInstanceCreditSpecificationItemError type UnsuccessfulInstanceCreditSpecificationItemError struct { _ struct{} `type:"structure"` @@ -65798,7 +65429,6 @@ func (s *UnsuccessfulInstanceCreditSpecificationItemError) SetMessage(v string) } // Information about items that were not successfully processed in a batch call. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/UnsuccessfulItem type UnsuccessfulItem struct { _ struct{} `type:"structure"` @@ -65835,7 +65465,6 @@ func (s *UnsuccessfulItem) SetResourceId(v string) *UnsuccessfulItem { // Information about the error that occurred. For more information about errors, // see Error Codes (http://docs.aws.amazon.com/AWSEC2/latest/APIReference/errors-overview.html). -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/UnsuccessfulItemError type UnsuccessfulItemError struct { _ struct{} `type:"structure"` @@ -65873,7 +65502,6 @@ func (s *UnsuccessfulItemError) SetMessage(v string) *UnsuccessfulItemError { } // Contains the parameters for UpdateSecurityGroupRuleDescriptionsEgress. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/UpdateSecurityGroupRuleDescriptionsEgressRequest type UpdateSecurityGroupRuleDescriptionsEgressInput struct { _ struct{} `type:"structure"` @@ -65946,7 +65574,6 @@ func (s *UpdateSecurityGroupRuleDescriptionsEgressInput) SetIpPermissions(v []*I } // Contains the output of UpdateSecurityGroupRuleDescriptionsEgress. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/UpdateSecurityGroupRuleDescriptionsEgressResult type UpdateSecurityGroupRuleDescriptionsEgressOutput struct { _ struct{} `type:"structure"` @@ -65971,7 +65598,6 @@ func (s *UpdateSecurityGroupRuleDescriptionsEgressOutput) SetReturn(v bool) *Upd } // Contains the parameters for UpdateSecurityGroupRuleDescriptionsIngress. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/UpdateSecurityGroupRuleDescriptionsIngressRequest type UpdateSecurityGroupRuleDescriptionsIngressInput struct { _ struct{} `type:"structure"` @@ -66044,7 +65670,6 @@ func (s *UpdateSecurityGroupRuleDescriptionsIngressInput) SetIpPermissions(v []* } // Contains the output of UpdateSecurityGroupRuleDescriptionsIngress. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/UpdateSecurityGroupRuleDescriptionsIngressResult type UpdateSecurityGroupRuleDescriptionsIngressOutput struct { _ struct{} `type:"structure"` @@ -66069,7 +65694,6 @@ func (s *UpdateSecurityGroupRuleDescriptionsIngressOutput) SetReturn(v bool) *Up } // Describes the S3 bucket for the disk image. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/UserBucket type UserBucket struct { _ struct{} `type:"structure"` @@ -66103,7 +65727,6 @@ func (s *UserBucket) SetS3Key(v string) *UserBucket { } // Describes the S3 bucket for the disk image. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/UserBucketDetails type UserBucketDetails struct { _ struct{} `type:"structure"` @@ -66137,7 +65760,6 @@ func (s *UserBucketDetails) SetS3Key(v string) *UserBucketDetails { } // Describes the user data for an instance. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/UserData type UserData struct { _ struct{} `type:"structure"` @@ -66164,7 +65786,6 @@ func (s *UserData) SetData(v string) *UserData { } // Describes a security group and AWS account ID pair. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/UserIdGroupPair type UserIdGroupPair struct { _ struct{} `type:"structure"` @@ -66259,7 +65880,6 @@ func (s *UserIdGroupPair) SetVpcPeeringConnectionId(v string) *UserIdGroupPair { } // Describes telemetry for a VPN tunnel. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/VgwTelemetry type VgwTelemetry struct { _ struct{} `type:"structure"` @@ -66321,7 +65941,6 @@ func (s *VgwTelemetry) SetStatusMessage(v string) *VgwTelemetry { } // Describes a volume. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/Volume type Volume struct { _ struct{} `type:"structure"` @@ -66460,7 +66079,6 @@ func (s *Volume) SetVolumeType(v string) *Volume { } // Describes volume attachment details. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/VolumeAttachment type VolumeAttachment struct { _ struct{} `type:"structure"` @@ -66530,7 +66148,6 @@ func (s *VolumeAttachment) SetVolumeId(v string) *VolumeAttachment { } // Describes an EBS volume. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/VolumeDetail type VolumeDetail struct { _ struct{} `type:"structure"` @@ -66572,7 +66189,6 @@ func (s *VolumeDetail) SetSize(v int64) *VolumeDetail { // Describes the modification status of an EBS volume. // // If the volume has never been modified, some element values will be null. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/VolumeModification type VolumeModification struct { _ struct{} `type:"structure"` @@ -66697,7 +66313,6 @@ func (s *VolumeModification) SetVolumeId(v string) *VolumeModification { } // Describes a volume status operation code. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/VolumeStatusAction type VolumeStatusAction struct { _ struct{} `type:"structure"` @@ -66749,7 +66364,6 @@ func (s *VolumeStatusAction) SetEventType(v string) *VolumeStatusAction { } // Describes a volume status. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/VolumeStatusDetails type VolumeStatusDetails struct { _ struct{} `type:"structure"` @@ -66783,7 +66397,6 @@ func (s *VolumeStatusDetails) SetStatus(v string) *VolumeStatusDetails { } // Describes a volume status event. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/VolumeStatusEvent type VolumeStatusEvent struct { _ struct{} `type:"structure"` @@ -66844,7 +66457,6 @@ func (s *VolumeStatusEvent) SetNotBefore(v time.Time) *VolumeStatusEvent { } // Describes the status of a volume. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/VolumeStatusInfo type VolumeStatusInfo struct { _ struct{} `type:"structure"` @@ -66878,7 +66490,6 @@ func (s *VolumeStatusInfo) SetStatus(v string) *VolumeStatusInfo { } // Describes the volume status. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/VolumeStatusItem type VolumeStatusItem struct { _ struct{} `type:"structure"` @@ -66939,7 +66550,6 @@ func (s *VolumeStatusItem) SetVolumeStatus(v *VolumeStatusInfo) *VolumeStatusIte } // Describes a VPC. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/Vpc type Vpc struct { _ struct{} `type:"structure"` @@ -67037,7 +66647,6 @@ func (s *Vpc) SetVpcId(v string) *Vpc { } // Describes an attachment between a virtual private gateway and a VPC. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/VpcAttachment type VpcAttachment struct { _ struct{} `type:"structure"` @@ -67071,7 +66680,6 @@ func (s *VpcAttachment) SetVpcId(v string) *VpcAttachment { } // Describes an IPv4 CIDR block associated with a VPC. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/VpcCidrBlockAssociation type VpcCidrBlockAssociation struct { _ struct{} `type:"structure"` @@ -67114,7 +66722,6 @@ func (s *VpcCidrBlockAssociation) SetCidrBlockState(v *VpcCidrBlockState) *VpcCi } // Describes the state of a CIDR block. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/VpcCidrBlockState type VpcCidrBlockState struct { _ struct{} `type:"structure"` @@ -67148,7 +66755,6 @@ func (s *VpcCidrBlockState) SetStatusMessage(v string) *VpcCidrBlockState { } // Describes whether a VPC is enabled for ClassicLink. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/VpcClassicLink type VpcClassicLink struct { _ struct{} `type:"structure"` @@ -67191,7 +66797,6 @@ func (s *VpcClassicLink) SetVpcId(v string) *VpcClassicLink { } // Describes a VPC endpoint. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/VpcEndpoint type VpcEndpoint struct { _ struct{} `type:"structure"` @@ -67326,7 +66931,6 @@ func (s *VpcEndpoint) SetVpcId(v string) *VpcEndpoint { } // Describes a VPC endpoint connection to a service. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/VpcEndpointConnection type VpcEndpointConnection struct { _ struct{} `type:"structure"` @@ -67387,7 +66991,6 @@ func (s *VpcEndpointConnection) SetVpcEndpointState(v string) *VpcEndpointConnec } // Describes an IPv6 CIDR block associated with a VPC. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/VpcIpv6CidrBlockAssociation type VpcIpv6CidrBlockAssociation struct { _ struct{} `type:"structure"` @@ -67430,7 +67033,6 @@ func (s *VpcIpv6CidrBlockAssociation) SetIpv6CidrBlockState(v *VpcCidrBlockState } // Describes a VPC peering connection. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/VpcPeeringConnection type VpcPeeringConnection struct { _ struct{} `type:"structure"` @@ -67502,7 +67104,6 @@ func (s *VpcPeeringConnection) SetVpcPeeringConnectionId(v string) *VpcPeeringCo } // Describes the VPC peering connection options. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/VpcPeeringConnectionOptionsDescription type VpcPeeringConnectionOptionsDescription struct { _ struct{} `type:"structure"` @@ -67548,7 +67149,6 @@ func (s *VpcPeeringConnectionOptionsDescription) SetAllowEgressFromLocalVpcToRem } // Describes the status of a VPC peering connection. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/VpcPeeringConnectionStateReason type VpcPeeringConnectionStateReason struct { _ struct{} `type:"structure"` @@ -67582,7 +67182,6 @@ func (s *VpcPeeringConnectionStateReason) SetMessage(v string) *VpcPeeringConnec } // Describes a VPC in a VPC peering connection. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/VpcPeeringConnectionVpcInfo type VpcPeeringConnectionVpcInfo struct { _ struct{} `type:"structure"` @@ -67662,7 +67261,6 @@ func (s *VpcPeeringConnectionVpcInfo) SetVpcId(v string) *VpcPeeringConnectionVp } // Describes a VPN connection. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/VpnConnection type VpnConnection struct { _ struct{} `type:"structure"` @@ -67783,7 +67381,6 @@ func (s *VpnConnection) SetVpnGatewayId(v string) *VpnConnection { } // Describes VPN connection options. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/VpnConnectionOptions type VpnConnectionOptions struct { _ struct{} `type:"structure"` @@ -67809,13 +67406,12 @@ func (s *VpnConnectionOptions) SetStaticRoutesOnly(v bool) *VpnConnectionOptions } // Describes VPN connection options. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/VpnConnectionOptionsSpecification type VpnConnectionOptionsSpecification struct { _ struct{} `type:"structure"` // Indicate whether the VPN connection uses static routes only. If you are creating // a VPN connection for a device that does not support BGP, you must specify - // true. + // true. Use CreateVpnConnectionRoute to create a static route. // // Default: false StaticRoutesOnly *bool `locationName:"staticRoutesOnly" type:"boolean"` @@ -67847,7 +67443,6 @@ func (s *VpnConnectionOptionsSpecification) SetTunnelOptions(v []*VpnTunnelOptio } // Describes a virtual private gateway. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/VpnGateway type VpnGateway struct { _ struct{} `type:"structure"` @@ -67927,7 +67522,6 @@ func (s *VpnGateway) SetVpnGatewayId(v string) *VpnGateway { } // Describes a static route for a VPN connection. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/VpnStaticRoute type VpnStaticRoute struct { _ struct{} `type:"structure"` @@ -67970,7 +67564,6 @@ func (s *VpnStaticRoute) SetState(v string) *VpnStaticRoute { } // The tunnel options for a VPN connection. -// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/VpnTunnelOptionsSpecification type VpnTunnelOptionsSpecification struct { _ struct{} `type:"structure"` diff --git a/vendor/github.com/aws/aws-sdk-go/service/iam/api.go b/vendor/github.com/aws/aws-sdk-go/service/iam/api.go index b6da5272135d..f7878f23ed68 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/iam/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/iam/api.go @@ -13331,7 +13331,6 @@ func (c *IAM) UploadSigningCertificateWithContext(ctx aws.Context, input *Upload // You can get a secret access key only when you first create an access key; // you cannot recover the secret access key later. If you lose a secret access // key, you must create a new access key. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/AccessKey type AccessKey struct { _ struct{} `type:"structure"` @@ -13404,7 +13403,6 @@ func (s *AccessKey) SetUserName(v string) *AccessKey { // // This data type is used as a response element in the GetAccessKeyLastUsed // action. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/AccessKeyLastUsed type AccessKeyLastUsed struct { _ struct{} `type:"structure"` @@ -13482,7 +13480,6 @@ func (s *AccessKeyLastUsed) SetServiceName(v string) *AccessKeyLastUsed { // Contains information about an AWS access key, without its secret key. // // This data type is used as a response element in the ListAccessKeys action. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/AccessKeyMetadata type AccessKeyMetadata struct { _ struct{} `type:"structure"` @@ -13534,7 +13531,6 @@ func (s *AccessKeyMetadata) SetUserName(v string) *AccessKeyMetadata { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/AddClientIDToOpenIDConnectProviderRequest type AddClientIDToOpenIDConnectProviderInput struct { _ struct{} `type:"structure"` @@ -13596,7 +13592,6 @@ func (s *AddClientIDToOpenIDConnectProviderInput) SetOpenIDConnectProviderArn(v return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/AddClientIDToOpenIDConnectProviderOutput type AddClientIDToOpenIDConnectProviderOutput struct { _ struct{} `type:"structure"` } @@ -13611,7 +13606,6 @@ func (s AddClientIDToOpenIDConnectProviderOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/AddRoleToInstanceProfileRequest type AddRoleToInstanceProfileInput struct { _ struct{} `type:"structure"` @@ -13678,7 +13672,6 @@ func (s *AddRoleToInstanceProfileInput) SetRoleName(v string) *AddRoleToInstance return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/AddRoleToInstanceProfileOutput type AddRoleToInstanceProfileOutput struct { _ struct{} `type:"structure"` } @@ -13693,7 +13686,6 @@ func (s AddRoleToInstanceProfileOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/AddUserToGroupRequest type AddUserToGroupInput struct { _ struct{} `type:"structure"` @@ -13760,7 +13752,6 @@ func (s *AddUserToGroupInput) SetUserName(v string) *AddUserToGroupInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/AddUserToGroupOutput type AddUserToGroupOutput struct { _ struct{} `type:"structure"` } @@ -13775,7 +13766,6 @@ func (s AddUserToGroupOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/AttachGroupPolicyRequest type AttachGroupPolicyInput struct { _ struct{} `type:"structure"` @@ -13842,7 +13832,6 @@ func (s *AttachGroupPolicyInput) SetPolicyArn(v string) *AttachGroupPolicyInput return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/AttachGroupPolicyOutput type AttachGroupPolicyOutput struct { _ struct{} `type:"structure"` } @@ -13857,7 +13846,6 @@ func (s AttachGroupPolicyOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/AttachRolePolicyRequest type AttachRolePolicyInput struct { _ struct{} `type:"structure"` @@ -13924,7 +13912,6 @@ func (s *AttachRolePolicyInput) SetRoleName(v string) *AttachRolePolicyInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/AttachRolePolicyOutput type AttachRolePolicyOutput struct { _ struct{} `type:"structure"` } @@ -13939,7 +13926,6 @@ func (s AttachRolePolicyOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/AttachUserPolicyRequest type AttachUserPolicyInput struct { _ struct{} `type:"structure"` @@ -14006,7 +13992,6 @@ func (s *AttachUserPolicyInput) SetUserName(v string) *AttachUserPolicyInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/AttachUserPolicyOutput type AttachUserPolicyOutput struct { _ struct{} `type:"structure"` } @@ -14031,7 +14016,6 @@ func (s AttachUserPolicyOutput) GoString() string { // For more information about managed policies, refer to Managed Policies and // Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) // in the Using IAM guide. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/AttachedPolicy type AttachedPolicy struct { _ struct{} `type:"structure"` @@ -14068,7 +14052,6 @@ func (s *AttachedPolicy) SetPolicyName(v string) *AttachedPolicy { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ChangePasswordRequest type ChangePasswordInput struct { _ struct{} `type:"structure"` @@ -14137,7 +14120,6 @@ func (s *ChangePasswordInput) SetOldPassword(v string) *ChangePasswordInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ChangePasswordOutput type ChangePasswordOutput struct { _ struct{} `type:"structure"` } @@ -14159,7 +14141,6 @@ func (s ChangePasswordOutput) GoString() string { // // This data type is used as an input parameter to SimulateCustomPolicy and // SimulateCustomPolicy. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ContextEntry type ContextEntry struct { _ struct{} `type:"structure"` @@ -14218,7 +14199,6 @@ func (s *ContextEntry) SetContextKeyValues(v []*string) *ContextEntry { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateAccessKeyRequest type CreateAccessKeyInput struct { _ struct{} `type:"structure"` @@ -14260,7 +14240,6 @@ func (s *CreateAccessKeyInput) SetUserName(v string) *CreateAccessKeyInput { } // Contains the response to a successful CreateAccessKey request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateAccessKeyResponse type CreateAccessKeyOutput struct { _ struct{} `type:"structure"` @@ -14286,7 +14265,6 @@ func (s *CreateAccessKeyOutput) SetAccessKey(v *AccessKey) *CreateAccessKeyOutpu return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateAccountAliasRequest type CreateAccountAliasInput struct { _ struct{} `type:"structure"` @@ -14333,7 +14311,6 @@ func (s *CreateAccountAliasInput) SetAccountAlias(v string) *CreateAccountAliasI return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateAccountAliasOutput type CreateAccountAliasOutput struct { _ struct{} `type:"structure"` } @@ -14348,7 +14325,6 @@ func (s CreateAccountAliasOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateGroupRequest type CreateGroupInput struct { _ struct{} `type:"structure"` @@ -14420,7 +14396,6 @@ func (s *CreateGroupInput) SetPath(v string) *CreateGroupInput { } // Contains the response to a successful CreateGroup request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateGroupResponse type CreateGroupOutput struct { _ struct{} `type:"structure"` @@ -14446,7 +14421,6 @@ func (s *CreateGroupOutput) SetGroup(v *Group) *CreateGroupOutput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateInstanceProfileRequest type CreateInstanceProfileInput struct { _ struct{} `type:"structure"` @@ -14516,7 +14490,6 @@ func (s *CreateInstanceProfileInput) SetPath(v string) *CreateInstanceProfileInp } // Contains the response to a successful CreateInstanceProfile request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateInstanceProfileResponse type CreateInstanceProfileOutput struct { _ struct{} `type:"structure"` @@ -14542,7 +14515,6 @@ func (s *CreateInstanceProfileOutput) SetInstanceProfile(v *InstanceProfile) *Cr return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateLoginProfileRequest type CreateLoginProfileInput struct { _ struct{} `type:"structure"` @@ -14625,7 +14597,6 @@ func (s *CreateLoginProfileInput) SetUserName(v string) *CreateLoginProfileInput } // Contains the response to a successful CreateLoginProfile request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateLoginProfileResponse type CreateLoginProfileOutput struct { _ struct{} `type:"structure"` @@ -14651,7 +14622,6 @@ func (s *CreateLoginProfileOutput) SetLoginProfile(v *LoginProfile) *CreateLogin return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateOpenIDConnectProviderRequest type CreateOpenIDConnectProviderInput struct { _ struct{} `type:"structure"` @@ -14753,7 +14723,6 @@ func (s *CreateOpenIDConnectProviderInput) SetUrl(v string) *CreateOpenIDConnect } // Contains the response to a successful CreateOpenIDConnectProvider request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateOpenIDConnectProviderResponse type CreateOpenIDConnectProviderOutput struct { _ struct{} `type:"structure"` @@ -14778,7 +14747,6 @@ func (s *CreateOpenIDConnectProviderOutput) SetOpenIDConnectProviderArn(v string return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreatePolicyRequest type CreatePolicyInput struct { _ struct{} `type:"structure"` @@ -14886,7 +14854,6 @@ func (s *CreatePolicyInput) SetPolicyName(v string) *CreatePolicyInput { } // Contains the response to a successful CreatePolicy request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreatePolicyResponse type CreatePolicyOutput struct { _ struct{} `type:"structure"` @@ -14910,7 +14877,6 @@ func (s *CreatePolicyOutput) SetPolicy(v *Policy) *CreatePolicyOutput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreatePolicyVersionRequest type CreatePolicyVersionInput struct { _ struct{} `type:"structure"` @@ -15000,7 +14966,6 @@ func (s *CreatePolicyVersionInput) SetSetAsDefault(v bool) *CreatePolicyVersionI } // Contains the response to a successful CreatePolicyVersion request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreatePolicyVersionResponse type CreatePolicyVersionOutput struct { _ struct{} `type:"structure"` @@ -15024,7 +14989,6 @@ func (s *CreatePolicyVersionOutput) SetPolicyVersion(v *PolicyVersion) *CreatePo return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateRoleRequest type CreateRoleInput struct { _ struct{} `type:"structure"` @@ -15131,7 +15095,6 @@ func (s *CreateRoleInput) SetRoleName(v string) *CreateRoleInput { } // Contains the response to a successful CreateRole request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateRoleResponse type CreateRoleOutput struct { _ struct{} `type:"structure"` @@ -15157,7 +15120,6 @@ func (s *CreateRoleOutput) SetRole(v *Role) *CreateRoleOutput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateSAMLProviderRequest type CreateSAMLProviderInput struct { _ struct{} `type:"structure"` @@ -15228,7 +15190,6 @@ func (s *CreateSAMLProviderInput) SetSAMLMetadataDocument(v string) *CreateSAMLP } // Contains the response to a successful CreateSAMLProvider request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateSAMLProviderResponse type CreateSAMLProviderOutput struct { _ struct{} `type:"structure"` @@ -15252,7 +15213,6 @@ func (s *CreateSAMLProviderOutput) SetSAMLProviderArn(v string) *CreateSAMLProvi return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateServiceLinkedRoleRequest type CreateServiceLinkedRoleInput struct { _ struct{} `type:"structure"` @@ -15320,7 +15280,6 @@ func (s *CreateServiceLinkedRoleInput) SetDescription(v string) *CreateServiceLi return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateServiceLinkedRoleResponse type CreateServiceLinkedRoleOutput struct { _ struct{} `type:"structure"` @@ -15344,7 +15303,6 @@ func (s *CreateServiceLinkedRoleOutput) SetRole(v *Role) *CreateServiceLinkedRol return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateServiceSpecificCredentialRequest type CreateServiceSpecificCredentialInput struct { _ struct{} `type:"structure"` @@ -15408,7 +15366,6 @@ func (s *CreateServiceSpecificCredentialInput) SetUserName(v string) *CreateServ return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateServiceSpecificCredentialResponse type CreateServiceSpecificCredentialOutput struct { _ struct{} `type:"structure"` @@ -15437,7 +15394,6 @@ func (s *CreateServiceSpecificCredentialOutput) SetServiceSpecificCredential(v * return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateUserRequest type CreateUserInput struct { _ struct{} `type:"structure"` @@ -15509,7 +15465,6 @@ func (s *CreateUserInput) SetUserName(v string) *CreateUserInput { } // Contains the response to a successful CreateUser request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateUserResponse type CreateUserOutput struct { _ struct{} `type:"structure"` @@ -15533,7 +15488,6 @@ func (s *CreateUserOutput) SetUser(v *User) *CreateUserOutput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateVirtualMFADeviceRequest type CreateVirtualMFADeviceInput struct { _ struct{} `type:"structure"` @@ -15604,7 +15558,6 @@ func (s *CreateVirtualMFADeviceInput) SetVirtualMFADeviceName(v string) *CreateV } // Contains the response to a successful CreateVirtualMFADevice request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateVirtualMFADeviceResponse type CreateVirtualMFADeviceOutput struct { _ struct{} `type:"structure"` @@ -15630,7 +15583,6 @@ func (s *CreateVirtualMFADeviceOutput) SetVirtualMFADevice(v *VirtualMFADevice) return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeactivateMFADeviceRequest type DeactivateMFADeviceInput struct { _ struct{} `type:"structure"` @@ -15698,7 +15650,6 @@ func (s *DeactivateMFADeviceInput) SetUserName(v string) *DeactivateMFADeviceInp return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeactivateMFADeviceOutput type DeactivateMFADeviceOutput struct { _ struct{} `type:"structure"` } @@ -15713,7 +15664,6 @@ func (s DeactivateMFADeviceOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteAccessKeyRequest type DeleteAccessKeyInput struct { _ struct{} `type:"structure"` @@ -15776,7 +15726,6 @@ func (s *DeleteAccessKeyInput) SetUserName(v string) *DeleteAccessKeyInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteAccessKeyOutput type DeleteAccessKeyOutput struct { _ struct{} `type:"structure"` } @@ -15791,7 +15740,6 @@ func (s DeleteAccessKeyOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteAccountAliasRequest type DeleteAccountAliasInput struct { _ struct{} `type:"structure"` @@ -15838,7 +15786,6 @@ func (s *DeleteAccountAliasInput) SetAccountAlias(v string) *DeleteAccountAliasI return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteAccountAliasOutput type DeleteAccountAliasOutput struct { _ struct{} `type:"structure"` } @@ -15853,7 +15800,6 @@ func (s DeleteAccountAliasOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteAccountPasswordPolicyInput type DeleteAccountPasswordPolicyInput struct { _ struct{} `type:"structure"` } @@ -15868,7 +15814,6 @@ func (s DeleteAccountPasswordPolicyInput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteAccountPasswordPolicyOutput type DeleteAccountPasswordPolicyOutput struct { _ struct{} `type:"structure"` } @@ -15883,7 +15828,6 @@ func (s DeleteAccountPasswordPolicyOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteGroupRequest type DeleteGroupInput struct { _ struct{} `type:"structure"` @@ -15929,7 +15873,6 @@ func (s *DeleteGroupInput) SetGroupName(v string) *DeleteGroupInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteGroupOutput type DeleteGroupOutput struct { _ struct{} `type:"structure"` } @@ -15944,7 +15887,6 @@ func (s DeleteGroupOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteGroupPolicyRequest type DeleteGroupPolicyInput struct { _ struct{} `type:"structure"` @@ -16012,7 +15954,6 @@ func (s *DeleteGroupPolicyInput) SetPolicyName(v string) *DeleteGroupPolicyInput return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteGroupPolicyOutput type DeleteGroupPolicyOutput struct { _ struct{} `type:"structure"` } @@ -16027,7 +15968,6 @@ func (s DeleteGroupPolicyOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteInstanceProfileRequest type DeleteInstanceProfileInput struct { _ struct{} `type:"structure"` @@ -16073,7 +16013,6 @@ func (s *DeleteInstanceProfileInput) SetInstanceProfileName(v string) *DeleteIns return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteInstanceProfileOutput type DeleteInstanceProfileOutput struct { _ struct{} `type:"structure"` } @@ -16088,7 +16027,6 @@ func (s DeleteInstanceProfileOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteLoginProfileRequest type DeleteLoginProfileInput struct { _ struct{} `type:"structure"` @@ -16134,7 +16072,6 @@ func (s *DeleteLoginProfileInput) SetUserName(v string) *DeleteLoginProfileInput return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteLoginProfileOutput type DeleteLoginProfileOutput struct { _ struct{} `type:"structure"` } @@ -16149,7 +16086,6 @@ func (s DeleteLoginProfileOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteOpenIDConnectProviderRequest type DeleteOpenIDConnectProviderInput struct { _ struct{} `type:"structure"` @@ -16193,7 +16129,6 @@ func (s *DeleteOpenIDConnectProviderInput) SetOpenIDConnectProviderArn(v string) return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteOpenIDConnectProviderOutput type DeleteOpenIDConnectProviderOutput struct { _ struct{} `type:"structure"` } @@ -16208,7 +16143,6 @@ func (s DeleteOpenIDConnectProviderOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeletePolicyRequest type DeletePolicyInput struct { _ struct{} `type:"structure"` @@ -16254,7 +16188,6 @@ func (s *DeletePolicyInput) SetPolicyArn(v string) *DeletePolicyInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeletePolicyOutput type DeletePolicyOutput struct { _ struct{} `type:"structure"` } @@ -16269,7 +16202,6 @@ func (s DeletePolicyOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeletePolicyVersionRequest type DeletePolicyVersionInput struct { _ struct{} `type:"structure"` @@ -16339,7 +16271,6 @@ func (s *DeletePolicyVersionInput) SetVersionId(v string) *DeletePolicyVersionIn return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeletePolicyVersionOutput type DeletePolicyVersionOutput struct { _ struct{} `type:"structure"` } @@ -16354,7 +16285,6 @@ func (s DeletePolicyVersionOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteRoleRequest type DeleteRoleInput struct { _ struct{} `type:"structure"` @@ -16400,7 +16330,6 @@ func (s *DeleteRoleInput) SetRoleName(v string) *DeleteRoleInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteRoleOutput type DeleteRoleOutput struct { _ struct{} `type:"structure"` } @@ -16415,7 +16344,6 @@ func (s DeleteRoleOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteRolePolicyRequest type DeleteRolePolicyInput struct { _ struct{} `type:"structure"` @@ -16483,7 +16411,6 @@ func (s *DeleteRolePolicyInput) SetRoleName(v string) *DeleteRolePolicyInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteRolePolicyOutput type DeleteRolePolicyOutput struct { _ struct{} `type:"structure"` } @@ -16498,7 +16425,6 @@ func (s DeleteRolePolicyOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteSAMLProviderRequest type DeleteSAMLProviderInput struct { _ struct{} `type:"structure"` @@ -16540,7 +16466,6 @@ func (s *DeleteSAMLProviderInput) SetSAMLProviderArn(v string) *DeleteSAMLProvid return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteSAMLProviderOutput type DeleteSAMLProviderOutput struct { _ struct{} `type:"structure"` } @@ -16555,7 +16480,6 @@ func (s DeleteSAMLProviderOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteSSHPublicKeyRequest type DeleteSSHPublicKeyInput struct { _ struct{} `type:"structure"` @@ -16622,7 +16546,6 @@ func (s *DeleteSSHPublicKeyInput) SetUserName(v string) *DeleteSSHPublicKeyInput return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteSSHPublicKeyOutput type DeleteSSHPublicKeyOutput struct { _ struct{} `type:"structure"` } @@ -16637,7 +16560,6 @@ func (s DeleteSSHPublicKeyOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteServerCertificateRequest type DeleteServerCertificateInput struct { _ struct{} `type:"structure"` @@ -16683,7 +16605,6 @@ func (s *DeleteServerCertificateInput) SetServerCertificateName(v string) *Delet return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteServerCertificateOutput type DeleteServerCertificateOutput struct { _ struct{} `type:"structure"` } @@ -16698,7 +16619,6 @@ func (s DeleteServerCertificateOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteServiceLinkedRoleRequest type DeleteServiceLinkedRoleInput struct { _ struct{} `type:"structure"` @@ -16740,7 +16660,6 @@ func (s *DeleteServiceLinkedRoleInput) SetRoleName(v string) *DeleteServiceLinke return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteServiceLinkedRoleResponse type DeleteServiceLinkedRoleOutput struct { _ struct{} `type:"structure"` @@ -16767,7 +16686,6 @@ func (s *DeleteServiceLinkedRoleOutput) SetDeletionTaskId(v string) *DeleteServi return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteServiceSpecificCredentialRequest type DeleteServiceSpecificCredentialInput struct { _ struct{} `type:"structure"` @@ -16832,7 +16750,6 @@ func (s *DeleteServiceSpecificCredentialInput) SetUserName(v string) *DeleteServ return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteServiceSpecificCredentialOutput type DeleteServiceSpecificCredentialOutput struct { _ struct{} `type:"structure"` } @@ -16847,7 +16764,6 @@ func (s DeleteServiceSpecificCredentialOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteSigningCertificateRequest type DeleteSigningCertificateInput struct { _ struct{} `type:"structure"` @@ -16909,7 +16825,6 @@ func (s *DeleteSigningCertificateInput) SetUserName(v string) *DeleteSigningCert return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteSigningCertificateOutput type DeleteSigningCertificateOutput struct { _ struct{} `type:"structure"` } @@ -16924,7 +16839,6 @@ func (s DeleteSigningCertificateOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteUserRequest type DeleteUserInput struct { _ struct{} `type:"structure"` @@ -16970,7 +16884,6 @@ func (s *DeleteUserInput) SetUserName(v string) *DeleteUserInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteUserOutput type DeleteUserOutput struct { _ struct{} `type:"structure"` } @@ -16985,7 +16898,6 @@ func (s DeleteUserOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteUserPolicyRequest type DeleteUserPolicyInput struct { _ struct{} `type:"structure"` @@ -17053,7 +16965,6 @@ func (s *DeleteUserPolicyInput) SetUserName(v string) *DeleteUserPolicyInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteUserPolicyOutput type DeleteUserPolicyOutput struct { _ struct{} `type:"structure"` } @@ -17068,7 +16979,6 @@ func (s DeleteUserPolicyOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteVirtualMFADeviceRequest type DeleteVirtualMFADeviceInput struct { _ struct{} `type:"structure"` @@ -17115,7 +17025,6 @@ func (s *DeleteVirtualMFADeviceInput) SetSerialNumber(v string) *DeleteVirtualMF return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteVirtualMFADeviceOutput type DeleteVirtualMFADeviceOutput struct { _ struct{} `type:"structure"` } @@ -17134,7 +17043,6 @@ func (s DeleteVirtualMFADeviceOutput) GoString() string { // // This data type is used as a response element in the GetServiceLinkedRoleDeletionStatus // operation. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeletionTaskFailureReasonType type DeletionTaskFailureReasonType struct { _ struct{} `type:"structure"` @@ -17172,7 +17080,6 @@ func (s *DeletionTaskFailureReasonType) SetRoleUsageList(v []*RoleUsageType) *De return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DetachGroupPolicyRequest type DetachGroupPolicyInput struct { _ struct{} `type:"structure"` @@ -17239,7 +17146,6 @@ func (s *DetachGroupPolicyInput) SetPolicyArn(v string) *DetachGroupPolicyInput return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DetachGroupPolicyOutput type DetachGroupPolicyOutput struct { _ struct{} `type:"structure"` } @@ -17254,7 +17160,6 @@ func (s DetachGroupPolicyOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DetachRolePolicyRequest type DetachRolePolicyInput struct { _ struct{} `type:"structure"` @@ -17321,7 +17226,6 @@ func (s *DetachRolePolicyInput) SetRoleName(v string) *DetachRolePolicyInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DetachRolePolicyOutput type DetachRolePolicyOutput struct { _ struct{} `type:"structure"` } @@ -17336,7 +17240,6 @@ func (s DetachRolePolicyOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DetachUserPolicyRequest type DetachUserPolicyInput struct { _ struct{} `type:"structure"` @@ -17403,7 +17306,6 @@ func (s *DetachUserPolicyInput) SetUserName(v string) *DetachUserPolicyInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DetachUserPolicyOutput type DetachUserPolicyOutput struct { _ struct{} `type:"structure"` } @@ -17418,7 +17320,6 @@ func (s DetachUserPolicyOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/EnableMFADeviceRequest type EnableMFADeviceInput struct { _ struct{} `type:"structure"` @@ -17538,7 +17439,6 @@ func (s *EnableMFADeviceInput) SetUserName(v string) *EnableMFADeviceInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/EnableMFADeviceOutput type EnableMFADeviceOutput struct { _ struct{} `type:"structure"` } @@ -17557,7 +17457,6 @@ func (s EnableMFADeviceOutput) GoString() string { // // This data type is used by the return parameter of SimulateCustomPolicy and // SimulatePrincipalPolicy. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/EvaluationResult type EvaluationResult struct { _ struct{} `type:"structure"` @@ -17666,7 +17565,6 @@ func (s *EvaluationResult) SetResourceSpecificResults(v []*ResourceSpecificResul return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GenerateCredentialReportInput type GenerateCredentialReportInput struct { _ struct{} `type:"structure"` } @@ -17682,7 +17580,6 @@ func (s GenerateCredentialReportInput) GoString() string { } // Contains the response to a successful GenerateCredentialReport request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GenerateCredentialReportResponse type GenerateCredentialReportOutput struct { _ struct{} `type:"structure"` @@ -17715,7 +17612,6 @@ func (s *GenerateCredentialReportOutput) SetState(v string) *GenerateCredentialR return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetAccessKeyLastUsedRequest type GetAccessKeyLastUsedInput struct { _ struct{} `type:"structure"` @@ -17764,7 +17660,6 @@ func (s *GetAccessKeyLastUsedInput) SetAccessKeyId(v string) *GetAccessKeyLastUs // Contains the response to a successful GetAccessKeyLastUsed request. It is // also returned as a member of the AccessKeyMetaData structure returned by // the ListAccessKeys action. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetAccessKeyLastUsedResponse type GetAccessKeyLastUsedOutput struct { _ struct{} `type:"structure"` @@ -17797,7 +17692,6 @@ func (s *GetAccessKeyLastUsedOutput) SetUserName(v string) *GetAccessKeyLastUsed return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetAccountAuthorizationDetailsRequest type GetAccountAuthorizationDetailsInput struct { _ struct{} `type:"structure"` @@ -17873,7 +17767,6 @@ func (s *GetAccountAuthorizationDetailsInput) SetMaxItems(v int64) *GetAccountAu } // Contains the response to a successful GetAccountAuthorizationDetails request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetAccountAuthorizationDetailsResponse type GetAccountAuthorizationDetailsOutput struct { _ struct{} `type:"structure"` @@ -17948,7 +17841,6 @@ func (s *GetAccountAuthorizationDetailsOutput) SetUserDetailList(v []*UserDetail return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetAccountPasswordPolicyInput type GetAccountPasswordPolicyInput struct { _ struct{} `type:"structure"` } @@ -17964,7 +17856,6 @@ func (s GetAccountPasswordPolicyInput) GoString() string { } // Contains the response to a successful GetAccountPasswordPolicy request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetAccountPasswordPolicyResponse type GetAccountPasswordPolicyOutput struct { _ struct{} `type:"structure"` @@ -17990,7 +17881,6 @@ func (s *GetAccountPasswordPolicyOutput) SetPasswordPolicy(v *PasswordPolicy) *G return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetAccountSummaryInput type GetAccountSummaryInput struct { _ struct{} `type:"structure"` } @@ -18006,7 +17896,6 @@ func (s GetAccountSummaryInput) GoString() string { } // Contains the response to a successful GetAccountSummary request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetAccountSummaryResponse type GetAccountSummaryOutput struct { _ struct{} `type:"structure"` @@ -18031,7 +17920,6 @@ func (s *GetAccountSummaryOutput) SetSummaryMap(v map[string]*int64) *GetAccount return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetContextKeysForCustomPolicyRequest type GetContextKeysForCustomPolicyInput struct { _ struct{} `type:"structure"` @@ -18081,7 +17969,6 @@ func (s *GetContextKeysForCustomPolicyInput) SetPolicyInputList(v []*string) *Ge // Contains the response to a successful GetContextKeysForPrincipalPolicy or // GetContextKeysForCustomPolicy request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetContextKeysForPolicyResponse type GetContextKeysForPolicyResponse struct { _ struct{} `type:"structure"` @@ -18105,7 +17992,6 @@ func (s *GetContextKeysForPolicyResponse) SetContextKeyNames(v []*string) *GetCo return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetContextKeysForPrincipalPolicyRequest type GetContextKeysForPrincipalPolicyInput struct { _ struct{} `type:"structure"` @@ -18174,7 +18060,6 @@ func (s *GetContextKeysForPrincipalPolicyInput) SetPolicySourceArn(v string) *Ge return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetCredentialReportInput type GetCredentialReportInput struct { _ struct{} `type:"structure"` } @@ -18190,7 +18075,6 @@ func (s GetCredentialReportInput) GoString() string { } // Contains the response to a successful GetCredentialReport request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetCredentialReportResponse type GetCredentialReportOutput struct { _ struct{} `type:"structure"` @@ -18235,7 +18119,6 @@ func (s *GetCredentialReportOutput) SetReportFormat(v string) *GetCredentialRepo return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetGroupRequest type GetGroupInput struct { _ struct{} `type:"structure"` @@ -18317,7 +18200,6 @@ func (s *GetGroupInput) SetMaxItems(v int64) *GetGroupInput { } // Contains the response to a successful GetGroup request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetGroupResponse type GetGroupOutput struct { _ struct{} `type:"structure"` @@ -18378,7 +18260,6 @@ func (s *GetGroupOutput) SetUsers(v []*User) *GetGroupOutput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetGroupPolicyRequest type GetGroupPolicyInput struct { _ struct{} `type:"structure"` @@ -18446,7 +18327,6 @@ func (s *GetGroupPolicyInput) SetPolicyName(v string) *GetGroupPolicyInput { } // Contains the response to a successful GetGroupPolicy request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetGroupPolicyResponse type GetGroupPolicyOutput struct { _ struct{} `type:"structure"` @@ -18494,7 +18374,6 @@ func (s *GetGroupPolicyOutput) SetPolicyName(v string) *GetGroupPolicyOutput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetInstanceProfileRequest type GetInstanceProfileInput struct { _ struct{} `type:"structure"` @@ -18541,7 +18420,6 @@ func (s *GetInstanceProfileInput) SetInstanceProfileName(v string) *GetInstanceP } // Contains the response to a successful GetInstanceProfile request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetInstanceProfileResponse type GetInstanceProfileOutput struct { _ struct{} `type:"structure"` @@ -18567,7 +18445,6 @@ func (s *GetInstanceProfileOutput) SetInstanceProfile(v *InstanceProfile) *GetIn return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetLoginProfileRequest type GetLoginProfileInput struct { _ struct{} `type:"structure"` @@ -18614,7 +18491,6 @@ func (s *GetLoginProfileInput) SetUserName(v string) *GetLoginProfileInput { } // Contains the response to a successful GetLoginProfile request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetLoginProfileResponse type GetLoginProfileOutput struct { _ struct{} `type:"structure"` @@ -18640,7 +18516,6 @@ func (s *GetLoginProfileOutput) SetLoginProfile(v *LoginProfile) *GetLoginProfil return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetOpenIDConnectProviderRequest type GetOpenIDConnectProviderInput struct { _ struct{} `type:"structure"` @@ -18689,7 +18564,6 @@ func (s *GetOpenIDConnectProviderInput) SetOpenIDConnectProviderArn(v string) *G } // Contains the response to a successful GetOpenIDConnectProvider request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetOpenIDConnectProviderResponse type GetOpenIDConnectProviderOutput struct { _ struct{} `type:"structure"` @@ -18744,7 +18618,6 @@ func (s *GetOpenIDConnectProviderOutput) SetUrl(v string) *GetOpenIDConnectProvi return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetPolicyRequest type GetPolicyInput struct { _ struct{} `type:"structure"` @@ -18792,7 +18665,6 @@ func (s *GetPolicyInput) SetPolicyArn(v string) *GetPolicyInput { } // Contains the response to a successful GetPolicy request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetPolicyResponse type GetPolicyOutput struct { _ struct{} `type:"structure"` @@ -18816,7 +18688,6 @@ func (s *GetPolicyOutput) SetPolicy(v *Policy) *GetPolicyOutput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetPolicyVersionRequest type GetPolicyVersionInput struct { _ struct{} `type:"structure"` @@ -18883,7 +18754,6 @@ func (s *GetPolicyVersionInput) SetVersionId(v string) *GetPolicyVersionInput { } // Contains the response to a successful GetPolicyVersion request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetPolicyVersionResponse type GetPolicyVersionOutput struct { _ struct{} `type:"structure"` @@ -18907,7 +18777,6 @@ func (s *GetPolicyVersionOutput) SetPolicyVersion(v *PolicyVersion) *GetPolicyVe return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetRoleRequest type GetRoleInput struct { _ struct{} `type:"structure"` @@ -18954,7 +18823,6 @@ func (s *GetRoleInput) SetRoleName(v string) *GetRoleInput { } // Contains the response to a successful GetRole request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetRoleResponse type GetRoleOutput struct { _ struct{} `type:"structure"` @@ -18980,7 +18848,6 @@ func (s *GetRoleOutput) SetRole(v *Role) *GetRoleOutput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetRolePolicyRequest type GetRolePolicyInput struct { _ struct{} `type:"structure"` @@ -19048,7 +18915,6 @@ func (s *GetRolePolicyInput) SetRoleName(v string) *GetRolePolicyInput { } // Contains the response to a successful GetRolePolicy request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetRolePolicyResponse type GetRolePolicyOutput struct { _ struct{} `type:"structure"` @@ -19096,7 +18962,6 @@ func (s *GetRolePolicyOutput) SetRoleName(v string) *GetRolePolicyOutput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetSAMLProviderRequest type GetSAMLProviderInput struct { _ struct{} `type:"structure"` @@ -19144,7 +19009,6 @@ func (s *GetSAMLProviderInput) SetSAMLProviderArn(v string) *GetSAMLProviderInpu } // Contains the response to a successful GetSAMLProvider request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetSAMLProviderResponse type GetSAMLProviderOutput struct { _ struct{} `type:"structure"` @@ -19186,7 +19050,6 @@ func (s *GetSAMLProviderOutput) SetValidUntil(v time.Time) *GetSAMLProviderOutpu return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetSSHPublicKeyRequest type GetSSHPublicKeyInput struct { _ struct{} `type:"structure"` @@ -19270,7 +19133,6 @@ func (s *GetSSHPublicKeyInput) SetUserName(v string) *GetSSHPublicKeyInput { } // Contains the response to a successful GetSSHPublicKey request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetSSHPublicKeyResponse type GetSSHPublicKeyOutput struct { _ struct{} `type:"structure"` @@ -19294,7 +19156,6 @@ func (s *GetSSHPublicKeyOutput) SetSSHPublicKey(v *SSHPublicKey) *GetSSHPublicKe return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetServerCertificateRequest type GetServerCertificateInput struct { _ struct{} `type:"structure"` @@ -19341,7 +19202,6 @@ func (s *GetServerCertificateInput) SetServerCertificateName(v string) *GetServe } // Contains the response to a successful GetServerCertificate request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetServerCertificateResponse type GetServerCertificateOutput struct { _ struct{} `type:"structure"` @@ -19367,7 +19227,6 @@ func (s *GetServerCertificateOutput) SetServerCertificate(v *ServerCertificate) return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetServiceLinkedRoleDeletionStatusRequest type GetServiceLinkedRoleDeletionStatusInput struct { _ struct{} `type:"structure"` @@ -19410,7 +19269,6 @@ func (s *GetServiceLinkedRoleDeletionStatusInput) SetDeletionTaskId(v string) *G return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetServiceLinkedRoleDeletionStatusResponse type GetServiceLinkedRoleDeletionStatusOutput struct { _ struct{} `type:"structure"` @@ -19445,7 +19303,6 @@ func (s *GetServiceLinkedRoleDeletionStatusOutput) SetStatus(v string) *GetServi return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetUserRequest type GetUserInput struct { _ struct{} `type:"structure"` @@ -19488,7 +19345,6 @@ func (s *GetUserInput) SetUserName(v string) *GetUserInput { } // Contains the response to a successful GetUser request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetUserResponse type GetUserOutput struct { _ struct{} `type:"structure"` @@ -19514,7 +19370,6 @@ func (s *GetUserOutput) SetUser(v *User) *GetUserOutput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetUserPolicyRequest type GetUserPolicyInput struct { _ struct{} `type:"structure"` @@ -19582,7 +19437,6 @@ func (s *GetUserPolicyInput) SetUserName(v string) *GetUserPolicyInput { } // Contains the response to a successful GetUserPolicy request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetUserPolicyResponse type GetUserPolicyOutput struct { _ struct{} `type:"structure"` @@ -19639,7 +19493,6 @@ func (s *GetUserPolicyOutput) SetUserName(v string) *GetUserPolicyOutput { // * GetGroup // // * ListGroups -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/Group type Group struct { _ struct{} `type:"structure"` @@ -19720,7 +19573,6 @@ func (s *Group) SetPath(v string) *Group { // // This data type is used as a response element in the GetAccountAuthorizationDetails // action. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GroupDetail type GroupDetail struct { _ struct{} `type:"structure"` @@ -19818,7 +19670,6 @@ func (s *GroupDetail) SetPath(v string) *GroupDetail { // * ListInstanceProfiles // // * ListInstanceProfilesForRole -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/InstanceProfile type InstanceProfile struct { _ struct{} `type:"structure"` @@ -19906,7 +19757,6 @@ func (s *InstanceProfile) SetRoles(v []*Role) *InstanceProfile { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListAccessKeysRequest type ListAccessKeysInput struct { _ struct{} `type:"structure"` @@ -19983,7 +19833,6 @@ func (s *ListAccessKeysInput) SetUserName(v string) *ListAccessKeysInput { } // Contains the response to a successful ListAccessKeys request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListAccessKeysResponse type ListAccessKeysOutput struct { _ struct{} `type:"structure"` @@ -20033,7 +19882,6 @@ func (s *ListAccessKeysOutput) SetMarker(v string) *ListAccessKeysOutput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListAccountAliasesRequest type ListAccountAliasesInput struct { _ struct{} `type:"structure"` @@ -20094,7 +19942,6 @@ func (s *ListAccountAliasesInput) SetMaxItems(v int64) *ListAccountAliasesInput } // Contains the response to a successful ListAccountAliases request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListAccountAliasesResponse type ListAccountAliasesOutput struct { _ struct{} `type:"structure"` @@ -20145,7 +19992,6 @@ func (s *ListAccountAliasesOutput) SetMarker(v string) *ListAccountAliasesOutput return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListAttachedGroupPoliciesRequest type ListAttachedGroupPoliciesInput struct { _ struct{} `type:"structure"` @@ -20244,7 +20090,6 @@ func (s *ListAttachedGroupPoliciesInput) SetPathPrefix(v string) *ListAttachedGr } // Contains the response to a successful ListAttachedGroupPolicies request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListAttachedGroupPoliciesResponse type ListAttachedGroupPoliciesOutput struct { _ struct{} `type:"structure"` @@ -20292,7 +20137,6 @@ func (s *ListAttachedGroupPoliciesOutput) SetMarker(v string) *ListAttachedGroup return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListAttachedRolePoliciesRequest type ListAttachedRolePoliciesInput struct { _ struct{} `type:"structure"` @@ -20390,7 +20234,6 @@ func (s *ListAttachedRolePoliciesInput) SetRoleName(v string) *ListAttachedRoleP } // Contains the response to a successful ListAttachedRolePolicies request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListAttachedRolePoliciesResponse type ListAttachedRolePoliciesOutput struct { _ struct{} `type:"structure"` @@ -20438,7 +20281,6 @@ func (s *ListAttachedRolePoliciesOutput) SetMarker(v string) *ListAttachedRolePo return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListAttachedUserPoliciesRequest type ListAttachedUserPoliciesInput struct { _ struct{} `type:"structure"` @@ -20536,7 +20378,6 @@ func (s *ListAttachedUserPoliciesInput) SetUserName(v string) *ListAttachedUserP } // Contains the response to a successful ListAttachedUserPolicies request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListAttachedUserPoliciesResponse type ListAttachedUserPoliciesOutput struct { _ struct{} `type:"structure"` @@ -20584,7 +20425,6 @@ func (s *ListAttachedUserPoliciesOutput) SetMarker(v string) *ListAttachedUserPo return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListEntitiesForPolicyRequest type ListEntitiesForPolicyInput struct { _ struct{} `type:"structure"` @@ -20699,7 +20539,6 @@ func (s *ListEntitiesForPolicyInput) SetPolicyArn(v string) *ListEntitiesForPoli } // Contains the response to a successful ListEntitiesForPolicy request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListEntitiesForPolicyResponse type ListEntitiesForPolicyOutput struct { _ struct{} `type:"structure"` @@ -20765,7 +20604,6 @@ func (s *ListEntitiesForPolicyOutput) SetPolicyUsers(v []*PolicyUser) *ListEntit return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListGroupPoliciesRequest type ListGroupPoliciesInput struct { _ struct{} `type:"structure"` @@ -20847,7 +20685,6 @@ func (s *ListGroupPoliciesInput) SetMaxItems(v int64) *ListGroupPoliciesInput { } // Contains the response to a successful ListGroupPolicies request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListGroupPoliciesResponse type ListGroupPoliciesOutput struct { _ struct{} `type:"structure"` @@ -20901,7 +20738,6 @@ func (s *ListGroupPoliciesOutput) SetPolicyNames(v []*string) *ListGroupPolicies return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListGroupsForUserRequest type ListGroupsForUserInput struct { _ struct{} `type:"structure"` @@ -20983,7 +20819,6 @@ func (s *ListGroupsForUserInput) SetUserName(v string) *ListGroupsForUserInput { } // Contains the response to a successful ListGroupsForUser request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListGroupsForUserResponse type ListGroupsForUserOutput struct { _ struct{} `type:"structure"` @@ -21033,7 +20868,6 @@ func (s *ListGroupsForUserOutput) SetMarker(v string) *ListGroupsForUserOutput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListGroupsRequest type ListGroupsInput struct { _ struct{} `type:"structure"` @@ -21114,7 +20948,6 @@ func (s *ListGroupsInput) SetPathPrefix(v string) *ListGroupsInput { } // Contains the response to a successful ListGroups request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListGroupsResponse type ListGroupsOutput struct { _ struct{} `type:"structure"` @@ -21164,7 +20997,6 @@ func (s *ListGroupsOutput) SetMarker(v string) *ListGroupsOutput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListInstanceProfilesForRoleRequest type ListInstanceProfilesForRoleInput struct { _ struct{} `type:"structure"` @@ -21246,7 +21078,6 @@ func (s *ListInstanceProfilesForRoleInput) SetRoleName(v string) *ListInstancePr } // Contains the response to a successful ListInstanceProfilesForRole request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListInstanceProfilesForRoleResponse type ListInstanceProfilesForRoleOutput struct { _ struct{} `type:"structure"` @@ -21296,7 +21127,6 @@ func (s *ListInstanceProfilesForRoleOutput) SetMarker(v string) *ListInstancePro return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListInstanceProfilesRequest type ListInstanceProfilesInput struct { _ struct{} `type:"structure"` @@ -21378,7 +21208,6 @@ func (s *ListInstanceProfilesInput) SetPathPrefix(v string) *ListInstanceProfile } // Contains the response to a successful ListInstanceProfiles request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListInstanceProfilesResponse type ListInstanceProfilesOutput struct { _ struct{} `type:"structure"` @@ -21428,7 +21257,6 @@ func (s *ListInstanceProfilesOutput) SetMarker(v string) *ListInstanceProfilesOu return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListMFADevicesRequest type ListMFADevicesInput struct { _ struct{} `type:"structure"` @@ -21505,7 +21333,6 @@ func (s *ListMFADevicesInput) SetUserName(v string) *ListMFADevicesInput { } // Contains the response to a successful ListMFADevices request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListMFADevicesResponse type ListMFADevicesOutput struct { _ struct{} `type:"structure"` @@ -21555,7 +21382,6 @@ func (s *ListMFADevicesOutput) SetMarker(v string) *ListMFADevicesOutput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListOpenIDConnectProvidersRequest type ListOpenIDConnectProvidersInput struct { _ struct{} `type:"structure"` } @@ -21571,7 +21397,6 @@ func (s ListOpenIDConnectProvidersInput) GoString() string { } // Contains the response to a successful ListOpenIDConnectProviders request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListOpenIDConnectProvidersResponse type ListOpenIDConnectProvidersOutput struct { _ struct{} `type:"structure"` @@ -21595,7 +21420,6 @@ func (s *ListOpenIDConnectProvidersOutput) SetOpenIDConnectProviderList(v []*Ope return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListPoliciesRequest type ListPoliciesInput struct { _ struct{} `type:"structure"` @@ -21699,7 +21523,6 @@ func (s *ListPoliciesInput) SetScope(v string) *ListPoliciesInput { } // Contains the response to a successful ListPolicies request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListPoliciesResponse type ListPoliciesOutput struct { _ struct{} `type:"structure"` @@ -21747,7 +21570,6 @@ func (s *ListPoliciesOutput) SetPolicies(v []*Policy) *ListPoliciesOutput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListPolicyVersionsRequest type ListPolicyVersionsInput struct { _ struct{} `type:"structure"` @@ -21829,7 +21651,6 @@ func (s *ListPolicyVersionsInput) SetPolicyArn(v string) *ListPolicyVersionsInpu } // Contains the response to a successful ListPolicyVersions request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListPolicyVersionsResponse type ListPolicyVersionsOutput struct { _ struct{} `type:"structure"` @@ -21881,7 +21702,6 @@ func (s *ListPolicyVersionsOutput) SetVersions(v []*PolicyVersion) *ListPolicyVe return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListRolePoliciesRequest type ListRolePoliciesInput struct { _ struct{} `type:"structure"` @@ -21963,7 +21783,6 @@ func (s *ListRolePoliciesInput) SetRoleName(v string) *ListRolePoliciesInput { } // Contains the response to a successful ListRolePolicies request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListRolePoliciesResponse type ListRolePoliciesOutput struct { _ struct{} `type:"structure"` @@ -22013,7 +21832,6 @@ func (s *ListRolePoliciesOutput) SetPolicyNames(v []*string) *ListRolePoliciesOu return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListRolesRequest type ListRolesInput struct { _ struct{} `type:"structure"` @@ -22094,7 +21912,6 @@ func (s *ListRolesInput) SetPathPrefix(v string) *ListRolesInput { } // Contains the response to a successful ListRoles request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListRolesResponse type ListRolesOutput struct { _ struct{} `type:"structure"` @@ -22144,7 +21961,6 @@ func (s *ListRolesOutput) SetRoles(v []*Role) *ListRolesOutput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListSAMLProvidersRequest type ListSAMLProvidersInput struct { _ struct{} `type:"structure"` } @@ -22160,7 +21976,6 @@ func (s ListSAMLProvidersInput) GoString() string { } // Contains the response to a successful ListSAMLProviders request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListSAMLProvidersResponse type ListSAMLProvidersOutput struct { _ struct{} `type:"structure"` @@ -22184,7 +21999,6 @@ func (s *ListSAMLProvidersOutput) SetSAMLProviderList(v []*SAMLProviderListEntry return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListSSHPublicKeysRequest type ListSSHPublicKeysInput struct { _ struct{} `type:"structure"` @@ -22263,7 +22077,6 @@ func (s *ListSSHPublicKeysInput) SetUserName(v string) *ListSSHPublicKeysInput { } // Contains the response to a successful ListSSHPublicKeys request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListSSHPublicKeysResponse type ListSSHPublicKeysOutput struct { _ struct{} `type:"structure"` @@ -22311,7 +22124,6 @@ func (s *ListSSHPublicKeysOutput) SetSSHPublicKeys(v []*SSHPublicKeyMetadata) *L return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListServerCertificatesRequest type ListServerCertificatesInput struct { _ struct{} `type:"structure"` @@ -22393,7 +22205,6 @@ func (s *ListServerCertificatesInput) SetPathPrefix(v string) *ListServerCertifi } // Contains the response to a successful ListServerCertificates request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListServerCertificatesResponse type ListServerCertificatesOutput struct { _ struct{} `type:"structure"` @@ -22443,7 +22254,6 @@ func (s *ListServerCertificatesOutput) SetServerCertificateMetadataList(v []*Ser return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListServiceSpecificCredentialsRequest type ListServiceSpecificCredentialsInput struct { _ struct{} `type:"structure"` @@ -22496,7 +22306,6 @@ func (s *ListServiceSpecificCredentialsInput) SetUserName(v string) *ListService return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListServiceSpecificCredentialsResponse type ListServiceSpecificCredentialsOutput struct { _ struct{} `type:"structure"` @@ -22520,7 +22329,6 @@ func (s *ListServiceSpecificCredentialsOutput) SetServiceSpecificCredentials(v [ return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListSigningCertificatesRequest type ListSigningCertificatesInput struct { _ struct{} `type:"structure"` @@ -22597,7 +22405,6 @@ func (s *ListSigningCertificatesInput) SetUserName(v string) *ListSigningCertifi } // Contains the response to a successful ListSigningCertificates request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListSigningCertificatesResponse type ListSigningCertificatesOutput struct { _ struct{} `type:"structure"` @@ -22647,7 +22454,6 @@ func (s *ListSigningCertificatesOutput) SetMarker(v string) *ListSigningCertific return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListUserPoliciesRequest type ListUserPoliciesInput struct { _ struct{} `type:"structure"` @@ -22729,7 +22535,6 @@ func (s *ListUserPoliciesInput) SetUserName(v string) *ListUserPoliciesInput { } // Contains the response to a successful ListUserPolicies request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListUserPoliciesResponse type ListUserPoliciesOutput struct { _ struct{} `type:"structure"` @@ -22779,7 +22584,6 @@ func (s *ListUserPoliciesOutput) SetPolicyNames(v []*string) *ListUserPoliciesOu return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListUsersRequest type ListUsersInput struct { _ struct{} `type:"structure"` @@ -22861,7 +22665,6 @@ func (s *ListUsersInput) SetPathPrefix(v string) *ListUsersInput { } // Contains the response to a successful ListUsers request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListUsersResponse type ListUsersOutput struct { _ struct{} `type:"structure"` @@ -22911,7 +22714,6 @@ func (s *ListUsersOutput) SetUsers(v []*User) *ListUsersOutput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListVirtualMFADevicesRequest type ListVirtualMFADevicesInput struct { _ struct{} `type:"structure"` @@ -22983,7 +22785,6 @@ func (s *ListVirtualMFADevicesInput) SetMaxItems(v int64) *ListVirtualMFADevices } // Contains the response to a successful ListVirtualMFADevices request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListVirtualMFADevicesResponse type ListVirtualMFADevicesOutput struct { _ struct{} `type:"structure"` @@ -23038,7 +22839,6 @@ func (s *ListVirtualMFADevicesOutput) SetVirtualMFADevices(v []*VirtualMFADevice // // This data type is used as a response element in the CreateLoginProfile and // GetLoginProfile actions. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/LoginProfile type LoginProfile struct { _ struct{} `type:"structure"` @@ -23088,7 +22888,6 @@ func (s *LoginProfile) SetUserName(v string) *LoginProfile { // Contains information about an MFA device. // // This data type is used as a response element in the ListMFADevices action. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/MFADevice type MFADevice struct { _ struct{} `type:"structure"` @@ -23147,7 +22946,6 @@ func (s *MFADevice) SetUserName(v string) *MFADevice { // For more information about managed policies, see Managed Policies and Inline // Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) // in the Using IAM guide. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ManagedPolicyDetail type ManagedPolicyDetail struct { _ struct{} `type:"structure"` @@ -23285,7 +23083,6 @@ func (s *ManagedPolicyDetail) SetUpdateDate(v time.Time) *ManagedPolicyDetail { } // Contains the Amazon Resource Name (ARN) for an IAM OpenID Connect provider. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/OpenIDConnectProviderListEntry type OpenIDConnectProviderListEntry struct { _ struct{} `type:"structure"` @@ -23314,7 +23111,6 @@ func (s *OpenIDConnectProviderListEntry) SetArn(v string) *OpenIDConnectProvider } // Contains information about AWS Organizations's affect on a policy simulation. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/OrganizationsDecisionDetail type OrganizationsDecisionDetail struct { _ struct{} `type:"structure"` @@ -23343,7 +23139,6 @@ func (s *OrganizationsDecisionDetail) SetAllowedByOrganizations(v bool) *Organiz // // This data type is used as a response element in the GetAccountPasswordPolicy // action. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/PasswordPolicy type PasswordPolicy struct { _ struct{} `type:"structure"` @@ -23460,7 +23255,6 @@ func (s *PasswordPolicy) SetRequireUppercaseCharacters(v bool) *PasswordPolicy { // For more information about managed policies, refer to Managed Policies and // Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) // in the Using IAM guide. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/Policy type Policy struct { _ struct{} `type:"structure"` @@ -23590,7 +23384,6 @@ func (s *Policy) SetUpdateDate(v time.Time) *Policy { // // This data type is used as a response element in the GetAccountAuthorizationDetails // action. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/PolicyDetail type PolicyDetail struct { _ struct{} `type:"structure"` @@ -23631,7 +23424,6 @@ func (s *PolicyDetail) SetPolicyName(v string) *PolicyDetail { // For more information about managed policies, refer to Managed Policies and // Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) // in the Using IAM guide. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/PolicyGroup type PolicyGroup struct { _ struct{} `type:"structure"` @@ -23674,7 +23466,6 @@ func (s *PolicyGroup) SetGroupName(v string) *PolicyGroup { // For more information about managed policies, refer to Managed Policies and // Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) // in the Using IAM guide. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/PolicyRole type PolicyRole struct { _ struct{} `type:"structure"` @@ -23717,7 +23508,6 @@ func (s *PolicyRole) SetRoleName(v string) *PolicyRole { // For more information about managed policies, refer to Managed Policies and // Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) // in the Using IAM guide. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/PolicyUser type PolicyUser struct { _ struct{} `type:"structure"` @@ -23761,7 +23551,6 @@ func (s *PolicyUser) SetUserName(v string) *PolicyUser { // For more information about managed policies, refer to Managed Policies and // Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) // in the Using IAM guide. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/PolicyVersion type PolicyVersion struct { _ struct{} `type:"structure"` @@ -23824,7 +23613,6 @@ func (s *PolicyVersion) SetVersionId(v string) *PolicyVersion { // document. // // This data type is used as a member of the Statement type. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/Position type Position struct { _ struct{} `type:"structure"` @@ -23857,7 +23645,6 @@ func (s *Position) SetLine(v int64) *Position { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/PutGroupPolicyRequest type PutGroupPolicyInput struct { _ struct{} `type:"structure"` @@ -23948,7 +23735,6 @@ func (s *PutGroupPolicyInput) SetPolicyName(v string) *PutGroupPolicyInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/PutGroupPolicyOutput type PutGroupPolicyOutput struct { _ struct{} `type:"structure"` } @@ -23963,7 +23749,6 @@ func (s PutGroupPolicyOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/PutRolePolicyRequest type PutRolePolicyInput struct { _ struct{} `type:"structure"` @@ -24054,7 +23839,6 @@ func (s *PutRolePolicyInput) SetRoleName(v string) *PutRolePolicyInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/PutRolePolicyOutput type PutRolePolicyOutput struct { _ struct{} `type:"structure"` } @@ -24069,7 +23853,6 @@ func (s PutRolePolicyOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/PutUserPolicyRequest type PutUserPolicyInput struct { _ struct{} `type:"structure"` @@ -24160,7 +23943,6 @@ func (s *PutUserPolicyInput) SetUserName(v string) *PutUserPolicyInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/PutUserPolicyOutput type PutUserPolicyOutput struct { _ struct{} `type:"structure"` } @@ -24175,7 +23957,6 @@ func (s PutUserPolicyOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/RemoveClientIDFromOpenIDConnectProviderRequest type RemoveClientIDFromOpenIDConnectProviderInput struct { _ struct{} `type:"structure"` @@ -24241,7 +24022,6 @@ func (s *RemoveClientIDFromOpenIDConnectProviderInput) SetOpenIDConnectProviderA return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/RemoveClientIDFromOpenIDConnectProviderOutput type RemoveClientIDFromOpenIDConnectProviderOutput struct { _ struct{} `type:"structure"` } @@ -24256,7 +24036,6 @@ func (s RemoveClientIDFromOpenIDConnectProviderOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/RemoveRoleFromInstanceProfileRequest type RemoveRoleFromInstanceProfileInput struct { _ struct{} `type:"structure"` @@ -24323,7 +24102,6 @@ func (s *RemoveRoleFromInstanceProfileInput) SetRoleName(v string) *RemoveRoleFr return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/RemoveRoleFromInstanceProfileOutput type RemoveRoleFromInstanceProfileOutput struct { _ struct{} `type:"structure"` } @@ -24338,7 +24116,6 @@ func (s RemoveRoleFromInstanceProfileOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/RemoveUserFromGroupRequest type RemoveUserFromGroupInput struct { _ struct{} `type:"structure"` @@ -24405,7 +24182,6 @@ func (s *RemoveUserFromGroupInput) SetUserName(v string) *RemoveUserFromGroupInp return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/RemoveUserFromGroupOutput type RemoveUserFromGroupOutput struct { _ struct{} `type:"structure"` } @@ -24420,7 +24196,6 @@ func (s RemoveUserFromGroupOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ResetServiceSpecificCredentialRequest type ResetServiceSpecificCredentialInput struct { _ struct{} `type:"structure"` @@ -24484,7 +24259,6 @@ func (s *ResetServiceSpecificCredentialInput) SetUserName(v string) *ResetServic return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ResetServiceSpecificCredentialResponse type ResetServiceSpecificCredentialOutput struct { _ struct{} `type:"structure"` @@ -24516,7 +24290,6 @@ func (s *ResetServiceSpecificCredentialOutput) SetServiceSpecificCredential(v *S // resource. // // This data type is used by a member of the EvaluationResult data type. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ResourceSpecificResult type ResourceSpecificResult struct { _ struct{} `type:"structure"` @@ -24596,7 +24369,6 @@ func (s *ResourceSpecificResult) SetMissingContextValues(v []*string) *ResourceS return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ResyncMFADeviceRequest type ResyncMFADeviceInput struct { _ struct{} `type:"structure"` @@ -24701,7 +24473,6 @@ func (s *ResyncMFADeviceInput) SetUserName(v string) *ResyncMFADeviceInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ResyncMFADeviceOutput type ResyncMFADeviceOutput struct { _ struct{} `type:"structure"` } @@ -24718,7 +24489,6 @@ func (s ResyncMFADeviceOutput) GoString() string { // Contains information about an IAM role. This structure is returned as a response // element in several APIs that interact with roles. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/Role type Role struct { _ struct{} `type:"structure"` @@ -24817,7 +24587,6 @@ func (s *Role) SetRoleName(v string) *Role { // // This data type is used as a response element in the GetAccountAuthorizationDetails // action. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/RoleDetail type RoleDetail struct { _ struct{} `type:"structure"` @@ -24928,7 +24697,6 @@ func (s *RoleDetail) SetRolePolicyList(v []*PolicyDetail) *RoleDetail { // // This data type is used as a response element in the GetServiceLinkedRoleDeletionStatus // operation. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/RoleUsageType type RoleUsageType struct { _ struct{} `type:"structure"` @@ -24962,7 +24730,6 @@ func (s *RoleUsageType) SetResources(v []*string) *RoleUsageType { } // Contains the list of SAML providers for this account. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/SAMLProviderListEntry type SAMLProviderListEntry struct { _ struct{} `type:"structure"` @@ -25008,7 +24775,6 @@ func (s *SAMLProviderListEntry) SetValidUntil(v time.Time) *SAMLProviderListEntr // // This data type is used as a response element in the GetSSHPublicKey and UploadSSHPublicKey // actions. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/SSHPublicKey type SSHPublicKey struct { _ struct{} `type:"structure"` @@ -25092,7 +24858,6 @@ func (s *SSHPublicKey) SetUserName(v string) *SSHPublicKey { // Contains information about an SSH public key, without the key's body or fingerprint. // // This data type is used as a response element in the ListSSHPublicKeys action. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/SSHPublicKeyMetadata type SSHPublicKeyMetadata struct { _ struct{} `type:"structure"` @@ -25157,7 +24922,6 @@ func (s *SSHPublicKeyMetadata) SetUserName(v string) *SSHPublicKeyMetadata { // // This data type is used as a response element in the GetServerCertificate // action. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ServerCertificate type ServerCertificate struct { _ struct{} `type:"structure"` @@ -25209,7 +24973,6 @@ func (s *ServerCertificate) SetServerCertificateMetadata(v *ServerCertificateMet // // This data type is used as a response element in the UploadServerCertificate // and ListServerCertificates actions. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ServerCertificateMetadata type ServerCertificateMetadata struct { _ struct{} `type:"structure"` @@ -25294,7 +25057,6 @@ func (s *ServerCertificateMetadata) SetUploadDate(v time.Time) *ServerCertificat } // Contains the details of a service specific credential. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ServiceSpecificCredential type ServiceSpecificCredential struct { _ struct{} `type:"structure"` @@ -25392,7 +25154,6 @@ func (s *ServiceSpecificCredential) SetUserName(v string) *ServiceSpecificCreden } // Contains additional details about a service-specific credential. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ServiceSpecificCredentialMetadata type ServiceSpecificCredentialMetadata struct { _ struct{} `type:"structure"` @@ -25475,7 +25236,6 @@ func (s *ServiceSpecificCredentialMetadata) SetUserName(v string) *ServiceSpecif return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/SetDefaultPolicyVersionRequest type SetDefaultPolicyVersionInput struct { _ struct{} `type:"structure"` @@ -25540,7 +25300,6 @@ func (s *SetDefaultPolicyVersionInput) SetVersionId(v string) *SetDefaultPolicyV return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/SetDefaultPolicyVersionOutput type SetDefaultPolicyVersionOutput struct { _ struct{} `type:"structure"` } @@ -25559,7 +25318,6 @@ func (s SetDefaultPolicyVersionOutput) GoString() string { // // This data type is used as a response element in the UploadSigningCertificate // and ListSigningCertificates actions. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/SigningCertificate type SigningCertificate struct { _ struct{} `type:"structure"` @@ -25628,7 +25386,6 @@ func (s *SigningCertificate) SetUserName(v string) *SigningCertificate { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/SimulateCustomPolicyRequest type SimulateCustomPolicyInput struct { _ struct{} `type:"structure"` @@ -25887,7 +25644,6 @@ func (s *SimulateCustomPolicyInput) SetResourcePolicy(v string) *SimulateCustomP // Contains the response to a successful SimulatePrincipalPolicy or SimulateCustomPolicy // request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/SimulatePolicyResponse type SimulatePolicyResponse struct { _ struct{} `type:"structure"` @@ -25935,7 +25691,6 @@ func (s *SimulatePolicyResponse) SetMarker(v string) *SimulatePolicyResponse { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/SimulatePrincipalPolicyRequest type SimulatePrincipalPolicyInput struct { _ struct{} `type:"structure"` @@ -26220,7 +25975,6 @@ func (s *SimulatePrincipalPolicyInput) SetResourcePolicy(v string) *SimulatePrin // // This data type is used by the MatchedStatements member of the EvaluationResult // type. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/Statement type Statement struct { _ struct{} `type:"structure"` @@ -26271,7 +26025,6 @@ func (s *Statement) SetStartPosition(v *Position) *Statement { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateAccessKeyRequest type UpdateAccessKeyInput struct { _ struct{} `type:"structure"` @@ -26349,7 +26102,6 @@ func (s *UpdateAccessKeyInput) SetUserName(v string) *UpdateAccessKeyInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateAccessKeyOutput type UpdateAccessKeyOutput struct { _ struct{} `type:"structure"` } @@ -26364,7 +26116,6 @@ func (s UpdateAccessKeyOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateAccountPasswordPolicyRequest type UpdateAccountPasswordPolicyInput struct { _ struct{} `type:"structure"` @@ -26509,7 +26260,6 @@ func (s *UpdateAccountPasswordPolicyInput) SetRequireUppercaseCharacters(v bool) return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateAccountPasswordPolicyOutput type UpdateAccountPasswordPolicyOutput struct { _ struct{} `type:"structure"` } @@ -26524,7 +26274,6 @@ func (s UpdateAccountPasswordPolicyOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateAssumeRolePolicyRequest type UpdateAssumeRolePolicyInput struct { _ struct{} `type:"structure"` @@ -26594,7 +26343,6 @@ func (s *UpdateAssumeRolePolicyInput) SetRoleName(v string) *UpdateAssumeRolePol return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateAssumeRolePolicyOutput type UpdateAssumeRolePolicyOutput struct { _ struct{} `type:"structure"` } @@ -26609,7 +26357,6 @@ func (s UpdateAssumeRolePolicyOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateGroupRequest type UpdateGroupInput struct { _ struct{} `type:"structure"` @@ -26690,7 +26437,6 @@ func (s *UpdateGroupInput) SetNewPath(v string) *UpdateGroupInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateGroupOutput type UpdateGroupOutput struct { _ struct{} `type:"structure"` } @@ -26705,7 +26451,6 @@ func (s UpdateGroupOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateLoginProfileRequest type UpdateLoginProfileInput struct { _ struct{} `type:"structure"` @@ -26782,7 +26527,6 @@ func (s *UpdateLoginProfileInput) SetUserName(v string) *UpdateLoginProfileInput return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateLoginProfileOutput type UpdateLoginProfileOutput struct { _ struct{} `type:"structure"` } @@ -26797,7 +26541,6 @@ func (s UpdateLoginProfileOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateOpenIDConnectProviderThumbprintRequest type UpdateOpenIDConnectProviderThumbprintInput struct { _ struct{} `type:"structure"` @@ -26860,7 +26603,6 @@ func (s *UpdateOpenIDConnectProviderThumbprintInput) SetThumbprintList(v []*stri return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateOpenIDConnectProviderThumbprintOutput type UpdateOpenIDConnectProviderThumbprintOutput struct { _ struct{} `type:"structure"` } @@ -26875,7 +26617,6 @@ func (s UpdateOpenIDConnectProviderThumbprintOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateRoleDescriptionRequest type UpdateRoleDescriptionInput struct { _ struct{} `type:"structure"` @@ -26931,7 +26672,6 @@ func (s *UpdateRoleDescriptionInput) SetRoleName(v string) *UpdateRoleDescriptio return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateRoleDescriptionResponse type UpdateRoleDescriptionOutput struct { _ struct{} `type:"structure"` @@ -26955,7 +26695,6 @@ func (s *UpdateRoleDescriptionOutput) SetRole(v *Role) *UpdateRoleDescriptionOut return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateSAMLProviderRequest type UpdateSAMLProviderInput struct { _ struct{} `type:"structure"` @@ -27023,7 +26762,6 @@ func (s *UpdateSAMLProviderInput) SetSAMLProviderArn(v string) *UpdateSAMLProvid } // Contains the response to a successful UpdateSAMLProvider request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateSAMLProviderResponse type UpdateSAMLProviderOutput struct { _ struct{} `type:"structure"` @@ -27047,7 +26785,6 @@ func (s *UpdateSAMLProviderOutput) SetSAMLProviderArn(v string) *UpdateSAMLProvi return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateSSHPublicKeyRequest type UpdateSSHPublicKeyInput struct { _ struct{} `type:"structure"` @@ -27130,7 +26867,6 @@ func (s *UpdateSSHPublicKeyInput) SetUserName(v string) *UpdateSSHPublicKeyInput return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateSSHPublicKeyOutput type UpdateSSHPublicKeyOutput struct { _ struct{} `type:"structure"` } @@ -27145,7 +26881,6 @@ func (s UpdateSSHPublicKeyOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateServerCertificateRequest type UpdateServerCertificateInput struct { _ struct{} `type:"structure"` @@ -27228,7 +26963,6 @@ func (s *UpdateServerCertificateInput) SetServerCertificateName(v string) *Updat return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateServerCertificateOutput type UpdateServerCertificateOutput struct { _ struct{} `type:"structure"` } @@ -27243,7 +26977,6 @@ func (s UpdateServerCertificateOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateServiceSpecificCredentialRequest type UpdateServiceSpecificCredentialInput struct { _ struct{} `type:"structure"` @@ -27321,7 +27054,6 @@ func (s *UpdateServiceSpecificCredentialInput) SetUserName(v string) *UpdateServ return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateServiceSpecificCredentialOutput type UpdateServiceSpecificCredentialOutput struct { _ struct{} `type:"structure"` } @@ -27336,7 +27068,6 @@ func (s UpdateServiceSpecificCredentialOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateSigningCertificateRequest type UpdateSigningCertificateInput struct { _ struct{} `type:"structure"` @@ -27414,7 +27145,6 @@ func (s *UpdateSigningCertificateInput) SetUserName(v string) *UpdateSigningCert return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateSigningCertificateOutput type UpdateSigningCertificateOutput struct { _ struct{} `type:"structure"` } @@ -27429,7 +27159,6 @@ func (s UpdateSigningCertificateOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateUserRequest type UpdateUserInput struct { _ struct{} `type:"structure"` @@ -27512,7 +27241,6 @@ func (s *UpdateUserInput) SetUserName(v string) *UpdateUserInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateUserOutput type UpdateUserOutput struct { _ struct{} `type:"structure"` } @@ -27527,7 +27255,6 @@ func (s UpdateUserOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UploadSSHPublicKeyRequest type UploadSSHPublicKeyInput struct { _ struct{} `type:"structure"` @@ -27599,7 +27326,6 @@ func (s *UploadSSHPublicKeyInput) SetUserName(v string) *UploadSSHPublicKeyInput } // Contains the response to a successful UploadSSHPublicKey request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UploadSSHPublicKeyResponse type UploadSSHPublicKeyOutput struct { _ struct{} `type:"structure"` @@ -27623,7 +27349,6 @@ func (s *UploadSSHPublicKeyOutput) SetSSHPublicKey(v *SSHPublicKey) *UploadSSHPu return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UploadServerCertificateRequest type UploadServerCertificateInput struct { _ struct{} `type:"structure"` @@ -27765,7 +27490,6 @@ func (s *UploadServerCertificateInput) SetServerCertificateName(v string) *Uploa } // Contains the response to a successful UploadServerCertificate request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UploadServerCertificateResponse type UploadServerCertificateOutput struct { _ struct{} `type:"structure"` @@ -27790,7 +27514,6 @@ func (s *UploadServerCertificateOutput) SetServerCertificateMetadata(v *ServerCe return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UploadSigningCertificateRequest type UploadSigningCertificateInput struct { _ struct{} `type:"structure"` @@ -27856,7 +27579,6 @@ func (s *UploadSigningCertificateInput) SetUserName(v string) *UploadSigningCert } // Contains the response to a successful UploadSigningCertificate request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UploadSigningCertificateResponse type UploadSigningCertificateOutput struct { _ struct{} `type:"structure"` @@ -27891,7 +27613,6 @@ func (s *UploadSigningCertificateOutput) SetCertificate(v *SigningCertificate) * // * GetUser // // * ListUsers -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/User type User struct { _ struct{} `type:"structure"` @@ -28000,7 +27721,6 @@ func (s *User) SetUserName(v string) *User { // // This data type is used as a response element in the GetAccountAuthorizationDetails // action. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UserDetail type UserDetail struct { _ struct{} `type:"structure"` @@ -28097,7 +27817,6 @@ func (s *UserDetail) SetUserPolicyList(v []*PolicyDetail) *UserDetail { } // Contains information about a virtual MFA device. -// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/VirtualMFADevice type VirtualMFADevice struct { _ struct{} `type:"structure"` diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/api.go b/vendor/github.com/aws/aws-sdk-go/service/s3/api.go index 0d852f59c80b..2faeee1ec8f3 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/api.go @@ -6173,7 +6173,6 @@ func (c *S3) UploadPartCopyWithContext(ctx aws.Context, input *UploadPartCopyInp // Specifies the days since the initiation of an Incomplete Multipart Upload // that Lifecycle will wait before permanently removing all parts of the upload. -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/AbortIncompleteMultipartUpload type AbortIncompleteMultipartUpload struct { _ struct{} `type:"structure"` @@ -6198,7 +6197,6 @@ func (s *AbortIncompleteMultipartUpload) SetDaysAfterInitiation(v int64) *AbortI return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/AbortMultipartUploadRequest type AbortMultipartUploadInput struct { _ struct{} `type:"structure"` @@ -6281,7 +6279,6 @@ func (s *AbortMultipartUploadInput) SetUploadId(v string) *AbortMultipartUploadI return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/AbortMultipartUploadOutput type AbortMultipartUploadOutput struct { _ struct{} `type:"structure"` @@ -6306,7 +6303,6 @@ func (s *AbortMultipartUploadOutput) SetRequestCharged(v string) *AbortMultipart return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/AccelerateConfiguration type AccelerateConfiguration struct { _ struct{} `type:"structure"` @@ -6330,7 +6326,6 @@ func (s *AccelerateConfiguration) SetStatus(v string) *AccelerateConfiguration { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/AccessControlPolicy type AccessControlPolicy struct { _ struct{} `type:"structure"` @@ -6383,7 +6378,6 @@ func (s *AccessControlPolicy) SetOwner(v *Owner) *AccessControlPolicy { } // Container for information regarding the access control for replicas. -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/AccessControlTranslation type AccessControlTranslation struct { _ struct{} `type:"structure"` @@ -6422,7 +6416,6 @@ func (s *AccessControlTranslation) SetOwner(v string) *AccessControlTranslation return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/AnalyticsAndOperator type AnalyticsAndOperator struct { _ struct{} `type:"structure"` @@ -6475,7 +6468,6 @@ func (s *AnalyticsAndOperator) SetTags(v []*Tag) *AnalyticsAndOperator { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/AnalyticsConfiguration type AnalyticsConfiguration struct { _ struct{} `type:"structure"` @@ -6550,7 +6542,6 @@ func (s *AnalyticsConfiguration) SetStorageClassAnalysis(v *StorageClassAnalysis return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/AnalyticsExportDestination type AnalyticsExportDestination struct { _ struct{} `type:"structure"` @@ -6594,7 +6585,6 @@ func (s *AnalyticsExportDestination) SetS3BucketDestination(v *AnalyticsS3Bucket return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/AnalyticsFilter type AnalyticsFilter struct { _ struct{} `type:"structure"` @@ -6657,7 +6647,6 @@ func (s *AnalyticsFilter) SetTag(v *Tag) *AnalyticsFilter { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/AnalyticsS3BucketDestination type AnalyticsS3BucketDestination struct { _ struct{} `type:"structure"` @@ -6737,7 +6726,6 @@ func (s *AnalyticsS3BucketDestination) SetPrefix(v string) *AnalyticsS3BucketDes return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/Bucket type Bucket struct { _ struct{} `type:"structure"` @@ -6770,7 +6758,6 @@ func (s *Bucket) SetName(v string) *Bucket { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/BucketLifecycleConfiguration type BucketLifecycleConfiguration struct { _ struct{} `type:"structure"` @@ -6817,7 +6804,6 @@ func (s *BucketLifecycleConfiguration) SetRules(v []*LifecycleRule) *BucketLifec return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/BucketLoggingStatus type BucketLoggingStatus struct { _ struct{} `type:"structure"` @@ -6855,7 +6841,6 @@ func (s *BucketLoggingStatus) SetLoggingEnabled(v *LoggingEnabled) *BucketLoggin return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CORSConfiguration type CORSConfiguration struct { _ struct{} `type:"structure"` @@ -6902,7 +6887,6 @@ func (s *CORSConfiguration) SetCORSRules(v []*CORSRule) *CORSConfiguration { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CORSRule type CORSRule struct { _ struct{} `type:"structure"` @@ -6987,7 +6971,6 @@ func (s *CORSRule) SetMaxAgeSeconds(v int64) *CORSRule { } // Describes how a CSV-formatted input object is formatted. -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CSVInput type CSVInput struct { _ struct{} `type:"structure"` @@ -7059,7 +7042,6 @@ func (s *CSVInput) SetRecordDelimiter(v string) *CSVInput { } // Describes how CSV-formatted results are formatted. -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CSVOutput type CSVOutput struct { _ struct{} `type:"structure"` @@ -7120,7 +7102,6 @@ func (s *CSVOutput) SetRecordDelimiter(v string) *CSVOutput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CloudFunctionConfiguration type CloudFunctionConfiguration struct { _ struct{} `type:"structure"` @@ -7178,7 +7159,6 @@ func (s *CloudFunctionConfiguration) SetInvocationRole(v string) *CloudFunctionC return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CommonPrefix type CommonPrefix struct { _ struct{} `type:"structure"` @@ -7201,7 +7181,6 @@ func (s *CommonPrefix) SetPrefix(v string) *CommonPrefix { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CompleteMultipartUploadRequest type CompleteMultipartUploadInput struct { _ struct{} `type:"structure" payload:"MultipartUpload"` @@ -7292,7 +7271,6 @@ func (s *CompleteMultipartUploadInput) SetUploadId(v string) *CompleteMultipartU return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CompleteMultipartUploadOutput type CompleteMultipartUploadOutput struct { _ struct{} `type:"structure"` @@ -7396,7 +7374,6 @@ func (s *CompleteMultipartUploadOutput) SetVersionId(v string) *CompleteMultipar return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CompletedMultipartUpload type CompletedMultipartUpload struct { _ struct{} `type:"structure"` @@ -7419,7 +7396,6 @@ func (s *CompletedMultipartUpload) SetParts(v []*CompletedPart) *CompletedMultip return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CompletedPart type CompletedPart struct { _ struct{} `type:"structure"` @@ -7453,7 +7429,6 @@ func (s *CompletedPart) SetPartNumber(v int64) *CompletedPart { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/Condition type Condition struct { _ struct{} `type:"structure"` @@ -7496,7 +7471,6 @@ func (s *Condition) SetKeyPrefixEquals(v string) *Condition { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CopyObjectRequest type CopyObjectInput struct { _ struct{} `type:"structure"` @@ -7880,7 +7854,6 @@ func (s *CopyObjectInput) SetWebsiteRedirectLocation(v string) *CopyObjectInput return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CopyObjectOutput type CopyObjectOutput struct { _ struct{} `type:"structure" payload:"CopyObjectResult"` @@ -7981,7 +7954,6 @@ func (s *CopyObjectOutput) SetVersionId(v string) *CopyObjectOutput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CopyObjectResult type CopyObjectResult struct { _ struct{} `type:"structure"` @@ -8012,7 +7984,6 @@ func (s *CopyObjectResult) SetLastModified(v time.Time) *CopyObjectResult { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CopyPartResult type CopyPartResult struct { _ struct{} `type:"structure"` @@ -8045,7 +8016,6 @@ func (s *CopyPartResult) SetLastModified(v time.Time) *CopyPartResult { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CreateBucketConfiguration type CreateBucketConfiguration struct { _ struct{} `type:"structure"` @@ -8070,7 +8040,6 @@ func (s *CreateBucketConfiguration) SetLocationConstraint(v string) *CreateBucke return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CreateBucketRequest type CreateBucketInput struct { _ struct{} `type:"structure" payload:"CreateBucketConfiguration"` @@ -8177,7 +8146,6 @@ func (s *CreateBucketInput) SetGrantWriteACP(v string) *CreateBucketInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CreateBucketOutput type CreateBucketOutput struct { _ struct{} `type:"structure"` @@ -8200,7 +8168,6 @@ func (s *CreateBucketOutput) SetLocation(v string) *CreateBucketOutput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CreateMultipartUploadRequest type CreateMultipartUploadInput struct { _ struct{} `type:"structure"` @@ -8472,7 +8439,6 @@ func (s *CreateMultipartUploadInput) SetWebsiteRedirectLocation(v string) *Creat return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CreateMultipartUploadOutput type CreateMultipartUploadOutput struct { _ struct{} `type:"structure"` @@ -8592,7 +8558,6 @@ func (s *CreateMultipartUploadOutput) SetUploadId(v string) *CreateMultipartUplo return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/Delete type Delete struct { _ struct{} `type:"structure"` @@ -8649,7 +8614,6 @@ func (s *Delete) SetQuiet(v bool) *Delete { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketAnalyticsConfigurationRequest type DeleteBucketAnalyticsConfigurationInput struct { _ struct{} `type:"structure"` @@ -8709,7 +8673,6 @@ func (s *DeleteBucketAnalyticsConfigurationInput) SetId(v string) *DeleteBucketA return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketAnalyticsConfigurationOutput type DeleteBucketAnalyticsConfigurationOutput struct { _ struct{} `type:"structure"` } @@ -8724,7 +8687,6 @@ func (s DeleteBucketAnalyticsConfigurationOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketCorsRequest type DeleteBucketCorsInput struct { _ struct{} `type:"structure"` @@ -8768,7 +8730,6 @@ func (s *DeleteBucketCorsInput) getBucket() (v string) { return *s.Bucket } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketCorsOutput type DeleteBucketCorsOutput struct { _ struct{} `type:"structure"` } @@ -8783,7 +8744,6 @@ func (s DeleteBucketCorsOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketEncryptionRequest type DeleteBucketEncryptionInput struct { _ struct{} `type:"structure"` @@ -8830,7 +8790,6 @@ func (s *DeleteBucketEncryptionInput) getBucket() (v string) { return *s.Bucket } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketEncryptionOutput type DeleteBucketEncryptionOutput struct { _ struct{} `type:"structure"` } @@ -8845,7 +8804,6 @@ func (s DeleteBucketEncryptionOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketRequest type DeleteBucketInput struct { _ struct{} `type:"structure"` @@ -8889,7 +8847,6 @@ func (s *DeleteBucketInput) getBucket() (v string) { return *s.Bucket } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketInventoryConfigurationRequest type DeleteBucketInventoryConfigurationInput struct { _ struct{} `type:"structure"` @@ -8949,7 +8906,6 @@ func (s *DeleteBucketInventoryConfigurationInput) SetId(v string) *DeleteBucketI return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketInventoryConfigurationOutput type DeleteBucketInventoryConfigurationOutput struct { _ struct{} `type:"structure"` } @@ -8964,7 +8920,6 @@ func (s DeleteBucketInventoryConfigurationOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketLifecycleRequest type DeleteBucketLifecycleInput struct { _ struct{} `type:"structure"` @@ -9008,7 +8963,6 @@ func (s *DeleteBucketLifecycleInput) getBucket() (v string) { return *s.Bucket } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketLifecycleOutput type DeleteBucketLifecycleOutput struct { _ struct{} `type:"structure"` } @@ -9023,7 +8977,6 @@ func (s DeleteBucketLifecycleOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketMetricsConfigurationRequest type DeleteBucketMetricsConfigurationInput struct { _ struct{} `type:"structure"` @@ -9083,7 +9036,6 @@ func (s *DeleteBucketMetricsConfigurationInput) SetId(v string) *DeleteBucketMet return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketMetricsConfigurationOutput type DeleteBucketMetricsConfigurationOutput struct { _ struct{} `type:"structure"` } @@ -9098,7 +9050,6 @@ func (s DeleteBucketMetricsConfigurationOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketOutput type DeleteBucketOutput struct { _ struct{} `type:"structure"` } @@ -9113,7 +9064,6 @@ func (s DeleteBucketOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketPolicyRequest type DeleteBucketPolicyInput struct { _ struct{} `type:"structure"` @@ -9157,7 +9107,6 @@ func (s *DeleteBucketPolicyInput) getBucket() (v string) { return *s.Bucket } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketPolicyOutput type DeleteBucketPolicyOutput struct { _ struct{} `type:"structure"` } @@ -9172,7 +9121,6 @@ func (s DeleteBucketPolicyOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketReplicationRequest type DeleteBucketReplicationInput struct { _ struct{} `type:"structure"` @@ -9216,7 +9164,6 @@ func (s *DeleteBucketReplicationInput) getBucket() (v string) { return *s.Bucket } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketReplicationOutput type DeleteBucketReplicationOutput struct { _ struct{} `type:"structure"` } @@ -9231,7 +9178,6 @@ func (s DeleteBucketReplicationOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketTaggingRequest type DeleteBucketTaggingInput struct { _ struct{} `type:"structure"` @@ -9275,7 +9221,6 @@ func (s *DeleteBucketTaggingInput) getBucket() (v string) { return *s.Bucket } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketTaggingOutput type DeleteBucketTaggingOutput struct { _ struct{} `type:"structure"` } @@ -9290,7 +9235,6 @@ func (s DeleteBucketTaggingOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketWebsiteRequest type DeleteBucketWebsiteInput struct { _ struct{} `type:"structure"` @@ -9334,7 +9278,6 @@ func (s *DeleteBucketWebsiteInput) getBucket() (v string) { return *s.Bucket } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketWebsiteOutput type DeleteBucketWebsiteOutput struct { _ struct{} `type:"structure"` } @@ -9349,7 +9292,6 @@ func (s DeleteBucketWebsiteOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteMarkerEntry type DeleteMarkerEntry struct { _ struct{} `type:"structure"` @@ -9409,7 +9351,6 @@ func (s *DeleteMarkerEntry) SetVersionId(v string) *DeleteMarkerEntry { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteObjectRequest type DeleteObjectInput struct { _ struct{} `type:"structure"` @@ -9499,7 +9440,6 @@ func (s *DeleteObjectInput) SetVersionId(v string) *DeleteObjectInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteObjectOutput type DeleteObjectOutput struct { _ struct{} `type:"structure"` @@ -9544,7 +9484,6 @@ func (s *DeleteObjectOutput) SetVersionId(v string) *DeleteObjectOutput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteObjectTaggingRequest type DeleteObjectTaggingInput struct { _ struct{} `type:"structure"` @@ -9612,7 +9551,6 @@ func (s *DeleteObjectTaggingInput) SetVersionId(v string) *DeleteObjectTaggingIn return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteObjectTaggingOutput type DeleteObjectTaggingOutput struct { _ struct{} `type:"structure"` @@ -9636,7 +9574,6 @@ func (s *DeleteObjectTaggingOutput) SetVersionId(v string) *DeleteObjectTaggingO return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteObjectsRequest type DeleteObjectsInput struct { _ struct{} `type:"structure" payload:"Delete"` @@ -9719,7 +9656,6 @@ func (s *DeleteObjectsInput) SetRequestPayer(v string) *DeleteObjectsInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteObjectsOutput type DeleteObjectsOutput struct { _ struct{} `type:"structure"` @@ -9760,7 +9696,6 @@ func (s *DeleteObjectsOutput) SetRequestCharged(v string) *DeleteObjectsOutput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeletedObject type DeletedObject struct { _ struct{} `type:"structure"` @@ -9808,7 +9743,6 @@ func (s *DeletedObject) SetVersionId(v string) *DeletedObject { } // Container for replication destination information. -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/Destination type Destination struct { _ struct{} `type:"structure"` @@ -9899,7 +9833,6 @@ func (s *Destination) SetStorageClass(v string) *Destination { // Describes the server-side encryption that will be applied to the restore // results. -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/Encryption type Encryption struct { _ struct{} `type:"structure"` @@ -9960,7 +9893,6 @@ func (s *Encryption) SetKMSKeyId(v string) *Encryption { } // Container for information regarding encryption based configuration for replicas. -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/EncryptionConfiguration type EncryptionConfiguration struct { _ struct{} `type:"structure"` @@ -9984,7 +9916,6 @@ func (s *EncryptionConfiguration) SetReplicaKmsKeyID(v string) *EncryptionConfig return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/Error type Error struct { _ struct{} `type:"structure"` @@ -10031,7 +9962,6 @@ func (s *Error) SetVersionId(v string) *Error { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ErrorDocument type ErrorDocument struct { _ struct{} `type:"structure"` @@ -10074,7 +10004,6 @@ func (s *ErrorDocument) SetKey(v string) *ErrorDocument { } // Container for key value pair that defines the criteria for the filter rule. -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/FilterRule type FilterRule struct { _ struct{} `type:"structure"` @@ -10109,7 +10038,6 @@ func (s *FilterRule) SetValue(v string) *FilterRule { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketAccelerateConfigurationRequest type GetBucketAccelerateConfigurationInput struct { _ struct{} `type:"structure"` @@ -10155,7 +10083,6 @@ func (s *GetBucketAccelerateConfigurationInput) getBucket() (v string) { return *s.Bucket } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketAccelerateConfigurationOutput type GetBucketAccelerateConfigurationOutput struct { _ struct{} `type:"structure"` @@ -10179,7 +10106,6 @@ func (s *GetBucketAccelerateConfigurationOutput) SetStatus(v string) *GetBucketA return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketAclRequest type GetBucketAclInput struct { _ struct{} `type:"structure"` @@ -10223,7 +10149,6 @@ func (s *GetBucketAclInput) getBucket() (v string) { return *s.Bucket } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketAclOutput type GetBucketAclOutput struct { _ struct{} `type:"structure"` @@ -10255,7 +10180,6 @@ func (s *GetBucketAclOutput) SetOwner(v *Owner) *GetBucketAclOutput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketAnalyticsConfigurationRequest type GetBucketAnalyticsConfigurationInput struct { _ struct{} `type:"structure"` @@ -10315,7 +10239,6 @@ func (s *GetBucketAnalyticsConfigurationInput) SetId(v string) *GetBucketAnalyti return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketAnalyticsConfigurationOutput type GetBucketAnalyticsConfigurationOutput struct { _ struct{} `type:"structure" payload:"AnalyticsConfiguration"` @@ -10339,7 +10262,6 @@ func (s *GetBucketAnalyticsConfigurationOutput) SetAnalyticsConfiguration(v *Ana return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketCorsRequest type GetBucketCorsInput struct { _ struct{} `type:"structure"` @@ -10383,7 +10305,6 @@ func (s *GetBucketCorsInput) getBucket() (v string) { return *s.Bucket } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketCorsOutput type GetBucketCorsOutput struct { _ struct{} `type:"structure"` @@ -10406,7 +10327,6 @@ func (s *GetBucketCorsOutput) SetCORSRules(v []*CORSRule) *GetBucketCorsOutput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketEncryptionRequest type GetBucketEncryptionInput struct { _ struct{} `type:"structure"` @@ -10453,7 +10373,6 @@ func (s *GetBucketEncryptionInput) getBucket() (v string) { return *s.Bucket } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketEncryptionOutput type GetBucketEncryptionOutput struct { _ struct{} `type:"structure" payload:"ServerSideEncryptionConfiguration"` @@ -10478,7 +10397,6 @@ func (s *GetBucketEncryptionOutput) SetServerSideEncryptionConfiguration(v *Serv return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketInventoryConfigurationRequest type GetBucketInventoryConfigurationInput struct { _ struct{} `type:"structure"` @@ -10538,7 +10456,6 @@ func (s *GetBucketInventoryConfigurationInput) SetId(v string) *GetBucketInvento return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketInventoryConfigurationOutput type GetBucketInventoryConfigurationOutput struct { _ struct{} `type:"structure" payload:"InventoryConfiguration"` @@ -10562,7 +10479,6 @@ func (s *GetBucketInventoryConfigurationOutput) SetInventoryConfiguration(v *Inv return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLifecycleConfigurationRequest type GetBucketLifecycleConfigurationInput struct { _ struct{} `type:"structure"` @@ -10606,7 +10522,6 @@ func (s *GetBucketLifecycleConfigurationInput) getBucket() (v string) { return *s.Bucket } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLifecycleConfigurationOutput type GetBucketLifecycleConfigurationOutput struct { _ struct{} `type:"structure"` @@ -10629,7 +10544,6 @@ func (s *GetBucketLifecycleConfigurationOutput) SetRules(v []*LifecycleRule) *Ge return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLifecycleRequest type GetBucketLifecycleInput struct { _ struct{} `type:"structure"` @@ -10673,7 +10587,6 @@ func (s *GetBucketLifecycleInput) getBucket() (v string) { return *s.Bucket } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLifecycleOutput type GetBucketLifecycleOutput struct { _ struct{} `type:"structure"` @@ -10696,7 +10609,6 @@ func (s *GetBucketLifecycleOutput) SetRules(v []*Rule) *GetBucketLifecycleOutput return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLocationRequest type GetBucketLocationInput struct { _ struct{} `type:"structure"` @@ -10740,7 +10652,6 @@ func (s *GetBucketLocationInput) getBucket() (v string) { return *s.Bucket } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLocationOutput type GetBucketLocationOutput struct { _ struct{} `type:"structure"` @@ -10763,7 +10674,6 @@ func (s *GetBucketLocationOutput) SetLocationConstraint(v string) *GetBucketLoca return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLoggingRequest type GetBucketLoggingInput struct { _ struct{} `type:"structure"` @@ -10807,7 +10717,6 @@ func (s *GetBucketLoggingInput) getBucket() (v string) { return *s.Bucket } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLoggingOutput type GetBucketLoggingOutput struct { _ struct{} `type:"structure"` @@ -10830,7 +10739,6 @@ func (s *GetBucketLoggingOutput) SetLoggingEnabled(v *LoggingEnabled) *GetBucket return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketMetricsConfigurationRequest type GetBucketMetricsConfigurationInput struct { _ struct{} `type:"structure"` @@ -10890,7 +10798,6 @@ func (s *GetBucketMetricsConfigurationInput) SetId(v string) *GetBucketMetricsCo return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketMetricsConfigurationOutput type GetBucketMetricsConfigurationOutput struct { _ struct{} `type:"structure" payload:"MetricsConfiguration"` @@ -10914,7 +10821,6 @@ func (s *GetBucketMetricsConfigurationOutput) SetMetricsConfiguration(v *Metrics return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketNotificationConfigurationRequest type GetBucketNotificationConfigurationRequest struct { _ struct{} `type:"structure"` @@ -10960,7 +10866,6 @@ func (s *GetBucketNotificationConfigurationRequest) getBucket() (v string) { return *s.Bucket } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketPolicyRequest type GetBucketPolicyInput struct { _ struct{} `type:"structure"` @@ -11004,7 +10909,6 @@ func (s *GetBucketPolicyInput) getBucket() (v string) { return *s.Bucket } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketPolicyOutput type GetBucketPolicyOutput struct { _ struct{} `type:"structure" payload:"Policy"` @@ -11028,7 +10932,6 @@ func (s *GetBucketPolicyOutput) SetPolicy(v string) *GetBucketPolicyOutput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketReplicationRequest type GetBucketReplicationInput struct { _ struct{} `type:"structure"` @@ -11072,7 +10975,6 @@ func (s *GetBucketReplicationInput) getBucket() (v string) { return *s.Bucket } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketReplicationOutput type GetBucketReplicationOutput struct { _ struct{} `type:"structure" payload:"ReplicationConfiguration"` @@ -11097,7 +10999,6 @@ func (s *GetBucketReplicationOutput) SetReplicationConfiguration(v *ReplicationC return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketRequestPaymentRequest type GetBucketRequestPaymentInput struct { _ struct{} `type:"structure"` @@ -11141,7 +11042,6 @@ func (s *GetBucketRequestPaymentInput) getBucket() (v string) { return *s.Bucket } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketRequestPaymentOutput type GetBucketRequestPaymentOutput struct { _ struct{} `type:"structure"` @@ -11165,7 +11065,6 @@ func (s *GetBucketRequestPaymentOutput) SetPayer(v string) *GetBucketRequestPaym return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketTaggingRequest type GetBucketTaggingInput struct { _ struct{} `type:"structure"` @@ -11209,7 +11108,6 @@ func (s *GetBucketTaggingInput) getBucket() (v string) { return *s.Bucket } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketTaggingOutput type GetBucketTaggingOutput struct { _ struct{} `type:"structure"` @@ -11233,7 +11131,6 @@ func (s *GetBucketTaggingOutput) SetTagSet(v []*Tag) *GetBucketTaggingOutput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketVersioningRequest type GetBucketVersioningInput struct { _ struct{} `type:"structure"` @@ -11277,7 +11174,6 @@ func (s *GetBucketVersioningInput) getBucket() (v string) { return *s.Bucket } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketVersioningOutput type GetBucketVersioningOutput struct { _ struct{} `type:"structure"` @@ -11312,7 +11208,6 @@ func (s *GetBucketVersioningOutput) SetStatus(v string) *GetBucketVersioningOutp return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketWebsiteRequest type GetBucketWebsiteInput struct { _ struct{} `type:"structure"` @@ -11356,7 +11251,6 @@ func (s *GetBucketWebsiteInput) getBucket() (v string) { return *s.Bucket } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketWebsiteOutput type GetBucketWebsiteOutput struct { _ struct{} `type:"structure"` @@ -11403,7 +11297,6 @@ func (s *GetBucketWebsiteOutput) SetRoutingRules(v []*RoutingRule) *GetBucketWeb return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectAclRequest type GetObjectAclInput struct { _ struct{} `type:"structure"` @@ -11483,7 +11376,6 @@ func (s *GetObjectAclInput) SetVersionId(v string) *GetObjectAclInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectAclOutput type GetObjectAclOutput struct { _ struct{} `type:"structure"` @@ -11525,7 +11417,6 @@ func (s *GetObjectAclOutput) SetRequestCharged(v string) *GetObjectAclOutput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectRequest type GetObjectInput struct { _ struct{} `type:"structure"` @@ -11760,7 +11651,6 @@ func (s *GetObjectInput) SetVersionId(v string) *GetObjectInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectOutput type GetObjectOutput struct { _ struct{} `type:"structure" payload:"Body"` @@ -12044,7 +11934,6 @@ func (s *GetObjectOutput) SetWebsiteRedirectLocation(v string) *GetObjectOutput return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectTaggingRequest type GetObjectTaggingInput struct { _ struct{} `type:"structure"` @@ -12111,7 +12000,6 @@ func (s *GetObjectTaggingInput) SetVersionId(v string) *GetObjectTaggingInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectTaggingOutput type GetObjectTaggingOutput struct { _ struct{} `type:"structure"` @@ -12143,7 +12031,6 @@ func (s *GetObjectTaggingOutput) SetVersionId(v string) *GetObjectTaggingOutput return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectTorrentRequest type GetObjectTorrentInput struct { _ struct{} `type:"structure"` @@ -12214,7 +12101,6 @@ func (s *GetObjectTorrentInput) SetRequestPayer(v string) *GetObjectTorrentInput return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectTorrentOutput type GetObjectTorrentOutput struct { _ struct{} `type:"structure" payload:"Body"` @@ -12247,7 +12133,6 @@ func (s *GetObjectTorrentOutput) SetRequestCharged(v string) *GetObjectTorrentOu return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GlacierJobParameters type GlacierJobParameters struct { _ struct{} `type:"structure"` @@ -12286,7 +12171,6 @@ func (s *GlacierJobParameters) SetTier(v string) *GlacierJobParameters { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/Grant type Grant struct { _ struct{} `type:"structure"` @@ -12333,7 +12217,6 @@ func (s *Grant) SetPermission(v string) *Grant { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/Grantee type Grantee struct { _ struct{} `type:"structure" xmlPrefix:"xsi" xmlURI:"http://www.w3.org/2001/XMLSchema-instance"` @@ -12408,7 +12291,6 @@ func (s *Grantee) SetURI(v string) *Grantee { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/HeadBucketRequest type HeadBucketInput struct { _ struct{} `type:"structure"` @@ -12452,7 +12334,6 @@ func (s *HeadBucketInput) getBucket() (v string) { return *s.Bucket } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/HeadBucketOutput type HeadBucketOutput struct { _ struct{} `type:"structure"` } @@ -12467,7 +12348,6 @@ func (s HeadBucketOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/HeadObjectRequest type HeadObjectInput struct { _ struct{} `type:"structure"` @@ -12649,7 +12529,6 @@ func (s *HeadObjectInput) SetVersionId(v string) *HeadObjectInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/HeadObjectOutput type HeadObjectOutput struct { _ struct{} `type:"structure"` @@ -12906,7 +12785,6 @@ func (s *HeadObjectOutput) SetWebsiteRedirectLocation(v string) *HeadObjectOutpu return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/IndexDocument type IndexDocument struct { _ struct{} `type:"structure"` @@ -12948,7 +12826,6 @@ func (s *IndexDocument) SetSuffix(v string) *IndexDocument { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/Initiator type Initiator struct { _ struct{} `type:"structure"` @@ -12983,7 +12860,6 @@ func (s *Initiator) SetID(v string) *Initiator { } // Describes the serialization format of the object. -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/InputSerialization type InputSerialization struct { _ struct{} `type:"structure"` @@ -13007,7 +12883,6 @@ func (s *InputSerialization) SetCSV(v *CSVInput) *InputSerialization { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/InventoryConfiguration type InventoryConfiguration struct { _ struct{} `type:"structure"` @@ -13136,7 +13011,6 @@ func (s *InventoryConfiguration) SetSchedule(v *InventorySchedule) *InventoryCon return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/InventoryDestination type InventoryDestination struct { _ struct{} `type:"structure"` @@ -13183,7 +13057,6 @@ func (s *InventoryDestination) SetS3BucketDestination(v *InventoryS3BucketDestin // Contains the type of server-side encryption used to encrypt the inventory // results. -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/InventoryEncryption type InventoryEncryption struct { _ struct{} `type:"structure"` @@ -13231,7 +13104,6 @@ func (s *InventoryEncryption) SetSSES3(v *SSES3) *InventoryEncryption { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/InventoryFilter type InventoryFilter struct { _ struct{} `type:"structure"` @@ -13270,7 +13142,6 @@ func (s *InventoryFilter) SetPrefix(v string) *InventoryFilter { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/InventoryS3BucketDestination type InventoryS3BucketDestination struct { _ struct{} `type:"structure"` @@ -13364,7 +13235,6 @@ func (s *InventoryS3BucketDestination) SetPrefix(v string) *InventoryS3BucketDes return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/InventorySchedule type InventorySchedule struct { _ struct{} `type:"structure"` @@ -13404,7 +13274,6 @@ func (s *InventorySchedule) SetFrequency(v string) *InventorySchedule { } // Container for object key name prefix and suffix filtering rules. -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/S3KeyFilter type KeyFilter struct { _ struct{} `type:"structure"` @@ -13430,7 +13299,6 @@ func (s *KeyFilter) SetFilterRules(v []*FilterRule) *KeyFilter { } // Container for specifying the AWS Lambda notification configuration. -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/LambdaFunctionConfiguration type LambdaFunctionConfiguration struct { _ struct{} `type:"structure"` @@ -13502,7 +13370,6 @@ func (s *LambdaFunctionConfiguration) SetLambdaFunctionArn(v string) *LambdaFunc return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/LifecycleConfiguration type LifecycleConfiguration struct { _ struct{} `type:"structure"` @@ -13549,7 +13416,6 @@ func (s *LifecycleConfiguration) SetRules(v []*Rule) *LifecycleConfiguration { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/LifecycleExpiration type LifecycleExpiration struct { _ struct{} `type:"structure"` @@ -13596,7 +13462,6 @@ func (s *LifecycleExpiration) SetExpiredObjectDeleteMarker(v bool) *LifecycleExp return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/LifecycleRule type LifecycleRule struct { _ struct{} `type:"structure"` @@ -13720,7 +13585,6 @@ func (s *LifecycleRule) SetTransitions(v []*Transition) *LifecycleRule { // This is used in a Lifecycle Rule Filter to apply a logical AND to two or // more predicates. The Lifecycle Rule will apply to any object matching all // of the predicates configured inside the And operator. -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/LifecycleRuleAndOperator type LifecycleRuleAndOperator struct { _ struct{} `type:"structure"` @@ -13775,7 +13639,6 @@ func (s *LifecycleRuleAndOperator) SetTags(v []*Tag) *LifecycleRuleAndOperator { // The Filter is used to identify objects that a Lifecycle Rule applies to. // A Filter must have exactly one of Prefix, Tag, or And specified. -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/LifecycleRuleFilter type LifecycleRuleFilter struct { _ struct{} `type:"structure"` @@ -13839,7 +13702,6 @@ func (s *LifecycleRuleFilter) SetTag(v *Tag) *LifecycleRuleFilter { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBucketAnalyticsConfigurationsRequest type ListBucketAnalyticsConfigurationsInput struct { _ struct{} `type:"structure"` @@ -13895,7 +13757,6 @@ func (s *ListBucketAnalyticsConfigurationsInput) SetContinuationToken(v string) return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBucketAnalyticsConfigurationsOutput type ListBucketAnalyticsConfigurationsOutput struct { _ struct{} `type:"structure"` @@ -13950,7 +13811,6 @@ func (s *ListBucketAnalyticsConfigurationsOutput) SetNextContinuationToken(v str return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBucketInventoryConfigurationsRequest type ListBucketInventoryConfigurationsInput struct { _ struct{} `type:"structure"` @@ -14008,7 +13868,6 @@ func (s *ListBucketInventoryConfigurationsInput) SetContinuationToken(v string) return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBucketInventoryConfigurationsOutput type ListBucketInventoryConfigurationsOutput struct { _ struct{} `type:"structure"` @@ -14063,7 +13922,6 @@ func (s *ListBucketInventoryConfigurationsOutput) SetNextContinuationToken(v str return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBucketMetricsConfigurationsRequest type ListBucketMetricsConfigurationsInput struct { _ struct{} `type:"structure"` @@ -14121,7 +13979,6 @@ func (s *ListBucketMetricsConfigurationsInput) SetContinuationToken(v string) *L return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBucketMetricsConfigurationsOutput type ListBucketMetricsConfigurationsOutput struct { _ struct{} `type:"structure"` @@ -14178,7 +14035,6 @@ func (s *ListBucketMetricsConfigurationsOutput) SetNextContinuationToken(v strin return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBucketsInput type ListBucketsInput struct { _ struct{} `type:"structure"` } @@ -14193,7 +14049,6 @@ func (s ListBucketsInput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBucketsOutput type ListBucketsOutput struct { _ struct{} `type:"structure"` @@ -14224,7 +14079,6 @@ func (s *ListBucketsOutput) SetOwner(v *Owner) *ListBucketsOutput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListMultipartUploadsRequest type ListMultipartUploadsInput struct { _ struct{} `type:"structure"` @@ -14333,7 +14187,6 @@ func (s *ListMultipartUploadsInput) SetUploadIdMarker(v string) *ListMultipartUp return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListMultipartUploadsOutput type ListMultipartUploadsOutput struct { _ struct{} `type:"structure"` @@ -14467,7 +14320,6 @@ func (s *ListMultipartUploadsOutput) SetUploads(v []*MultipartUpload) *ListMulti return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListObjectVersionsRequest type ListObjectVersionsInput struct { _ struct{} `type:"structure"` @@ -14571,7 +14423,6 @@ func (s *ListObjectVersionsInput) SetVersionIdMarker(v string) *ListObjectVersio return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListObjectVersionsOutput type ListObjectVersionsOutput struct { _ struct{} `type:"structure"` @@ -14699,7 +14550,6 @@ func (s *ListObjectVersionsOutput) SetVersions(v []*ObjectVersion) *ListObjectVe return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListObjectsRequest type ListObjectsInput struct { _ struct{} `type:"structure"` @@ -14805,7 +14655,6 @@ func (s *ListObjectsInput) SetRequestPayer(v string) *ListObjectsInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListObjectsOutput type ListObjectsOutput struct { _ struct{} `type:"structure"` @@ -14910,7 +14759,6 @@ func (s *ListObjectsOutput) SetPrefix(v string) *ListObjectsOutput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListObjectsV2Request type ListObjectsV2Input struct { _ struct{} `type:"structure"` @@ -15036,7 +14884,6 @@ func (s *ListObjectsV2Input) SetStartAfter(v string) *ListObjectsV2Input { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListObjectsV2Output type ListObjectsV2Output struct { _ struct{} `type:"structure"` @@ -15170,7 +15017,6 @@ func (s *ListObjectsV2Output) SetStartAfter(v string) *ListObjectsV2Output { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListPartsRequest type ListPartsInput struct { _ struct{} `type:"structure"` @@ -15274,7 +15120,6 @@ func (s *ListPartsInput) SetUploadId(v string) *ListPartsInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListPartsOutput type ListPartsOutput struct { _ struct{} `type:"structure"` @@ -15425,7 +15270,6 @@ func (s *ListPartsOutput) SetUploadId(v string) *ListPartsOutput { } // Describes an S3 location that will receive the results of the restore request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/S3Location type Location struct { _ struct{} `type:"structure"` @@ -15553,7 +15397,6 @@ func (s *Location) SetUserMetadata(v []*MetadataEntry) *Location { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/LoggingEnabled type LoggingEnabled struct { _ struct{} `type:"structure"` @@ -15621,7 +15464,6 @@ func (s *LoggingEnabled) SetTargetPrefix(v string) *LoggingEnabled { } // A metadata key-value pair to store with an object. -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/MetadataEntry type MetadataEntry struct { _ struct{} `type:"structure"` @@ -15652,7 +15494,6 @@ func (s *MetadataEntry) SetValue(v string) *MetadataEntry { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/MetricsAndOperator type MetricsAndOperator struct { _ struct{} `type:"structure"` @@ -15705,7 +15546,6 @@ func (s *MetricsAndOperator) SetTags(v []*Tag) *MetricsAndOperator { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/MetricsConfiguration type MetricsConfiguration struct { _ struct{} `type:"structure"` @@ -15760,7 +15600,6 @@ func (s *MetricsConfiguration) SetId(v string) *MetricsConfiguration { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/MetricsFilter type MetricsFilter struct { _ struct{} `type:"structure"` @@ -15824,7 +15663,6 @@ func (s *MetricsFilter) SetTag(v *Tag) *MetricsFilter { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/MultipartUpload type MultipartUpload struct { _ struct{} `type:"structure"` @@ -15897,7 +15735,6 @@ func (s *MultipartUpload) SetUploadId(v string) *MultipartUpload { // configuration action on a bucket that has versioning enabled (or suspended) // to request that Amazon S3 delete noncurrent object versions at a specific // period in the object's lifetime. -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/NoncurrentVersionExpiration type NoncurrentVersionExpiration struct { _ struct{} `type:"structure"` @@ -15929,7 +15766,6 @@ func (s *NoncurrentVersionExpiration) SetNoncurrentDays(v int64) *NoncurrentVers // versioning-enabled (or versioning is suspended), you can set this action // to request that Amazon S3 transition noncurrent object versions to the STANDARD_IA // or GLACIER storage class at a specific period in the object's lifetime. -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/NoncurrentVersionTransition type NoncurrentVersionTransition struct { _ struct{} `type:"structure"` @@ -15967,7 +15803,6 @@ func (s *NoncurrentVersionTransition) SetStorageClass(v string) *NoncurrentVersi // Container for specifying the notification configuration of the bucket. If // this element is empty, notifications are turned off on the bucket. -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/NotificationConfiguration type NotificationConfiguration struct { _ struct{} `type:"structure"` @@ -16046,7 +15881,6 @@ func (s *NotificationConfiguration) SetTopicConfigurations(v []*TopicConfigurati return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/NotificationConfigurationDeprecated type NotificationConfigurationDeprecated struct { _ struct{} `type:"structure"` @@ -16087,7 +15921,6 @@ func (s *NotificationConfigurationDeprecated) SetTopicConfiguration(v *TopicConf // Container for object key name filtering rules. For information about key // name filtering, go to Configuring Event Notifications (http://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/NotificationConfigurationFilter type NotificationConfigurationFilter struct { _ struct{} `type:"structure"` @@ -16111,7 +15944,6 @@ func (s *NotificationConfigurationFilter) SetKey(v *KeyFilter) *NotificationConf return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/Object type Object struct { _ struct{} `type:"structure"` @@ -16175,7 +16007,6 @@ func (s *Object) SetStorageClass(v string) *Object { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ObjectIdentifier type ObjectIdentifier struct { _ struct{} `type:"structure"` @@ -16226,7 +16057,6 @@ func (s *ObjectIdentifier) SetVersionId(v string) *ObjectIdentifier { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ObjectVersion type ObjectVersion struct { _ struct{} `type:"structure"` @@ -16313,7 +16143,6 @@ func (s *ObjectVersion) SetVersionId(v string) *ObjectVersion { } // Describes the location where the restore job's output is stored. -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/OutputLocation type OutputLocation struct { _ struct{} `type:"structure"` @@ -16353,7 +16182,6 @@ func (s *OutputLocation) SetS3(v *Location) *OutputLocation { } // Describes how results of the Select job are serialized. -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/OutputSerialization type OutputSerialization struct { _ struct{} `type:"structure"` @@ -16377,7 +16205,6 @@ func (s *OutputSerialization) SetCSV(v *CSVOutput) *OutputSerialization { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/Owner type Owner struct { _ struct{} `type:"structure"` @@ -16408,7 +16235,6 @@ func (s *Owner) SetID(v string) *Owner { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/Part type Part struct { _ struct{} `type:"structure"` @@ -16460,7 +16286,6 @@ func (s *Part) SetSize(v int64) *Part { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketAccelerateConfigurationRequest type PutBucketAccelerateConfigurationInput struct { _ struct{} `type:"structure" payload:"AccelerateConfiguration"` @@ -16520,7 +16345,6 @@ func (s *PutBucketAccelerateConfigurationInput) getBucket() (v string) { return *s.Bucket } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketAccelerateConfigurationOutput type PutBucketAccelerateConfigurationOutput struct { _ struct{} `type:"structure"` } @@ -16535,7 +16359,6 @@ func (s PutBucketAccelerateConfigurationOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketAclRequest type PutBucketAclInput struct { _ struct{} `type:"structure" payload:"AccessControlPolicy"` @@ -16647,7 +16470,6 @@ func (s *PutBucketAclInput) SetGrantWriteACP(v string) *PutBucketAclInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketAclOutput type PutBucketAclOutput struct { _ struct{} `type:"structure"` } @@ -16662,7 +16484,6 @@ func (s PutBucketAclOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketAnalyticsConfigurationRequest type PutBucketAnalyticsConfigurationInput struct { _ struct{} `type:"structure" payload:"AnalyticsConfiguration"` @@ -16741,7 +16562,6 @@ func (s *PutBucketAnalyticsConfigurationInput) SetId(v string) *PutBucketAnalyti return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketAnalyticsConfigurationOutput type PutBucketAnalyticsConfigurationOutput struct { _ struct{} `type:"structure"` } @@ -16756,7 +16576,6 @@ func (s PutBucketAnalyticsConfigurationOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketCorsRequest type PutBucketCorsInput struct { _ struct{} `type:"structure" payload:"CORSConfiguration"` @@ -16817,7 +16636,6 @@ func (s *PutBucketCorsInput) SetCORSConfiguration(v *CORSConfiguration) *PutBuck return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketCorsOutput type PutBucketCorsOutput struct { _ struct{} `type:"structure"` } @@ -16832,7 +16650,6 @@ func (s PutBucketCorsOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketEncryptionRequest type PutBucketEncryptionInput struct { _ struct{} `type:"structure" payload:"ServerSideEncryptionConfiguration"` @@ -16899,7 +16716,6 @@ func (s *PutBucketEncryptionInput) SetServerSideEncryptionConfiguration(v *Serve return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketEncryptionOutput type PutBucketEncryptionOutput struct { _ struct{} `type:"structure"` } @@ -16914,7 +16730,6 @@ func (s PutBucketEncryptionOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketInventoryConfigurationRequest type PutBucketInventoryConfigurationInput struct { _ struct{} `type:"structure" payload:"InventoryConfiguration"` @@ -16993,7 +16808,6 @@ func (s *PutBucketInventoryConfigurationInput) SetInventoryConfiguration(v *Inve return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketInventoryConfigurationOutput type PutBucketInventoryConfigurationOutput struct { _ struct{} `type:"structure"` } @@ -17008,7 +16822,6 @@ func (s PutBucketInventoryConfigurationOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLifecycleConfigurationRequest type PutBucketLifecycleConfigurationInput struct { _ struct{} `type:"structure" payload:"LifecycleConfiguration"` @@ -17065,7 +16878,6 @@ func (s *PutBucketLifecycleConfigurationInput) SetLifecycleConfiguration(v *Buck return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLifecycleConfigurationOutput type PutBucketLifecycleConfigurationOutput struct { _ struct{} `type:"structure"` } @@ -17080,7 +16892,6 @@ func (s PutBucketLifecycleConfigurationOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLifecycleRequest type PutBucketLifecycleInput struct { _ struct{} `type:"structure" payload:"LifecycleConfiguration"` @@ -17137,7 +16948,6 @@ func (s *PutBucketLifecycleInput) SetLifecycleConfiguration(v *LifecycleConfigur return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLifecycleOutput type PutBucketLifecycleOutput struct { _ struct{} `type:"structure"` } @@ -17152,7 +16962,6 @@ func (s PutBucketLifecycleOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLoggingRequest type PutBucketLoggingInput struct { _ struct{} `type:"structure" payload:"BucketLoggingStatus"` @@ -17213,7 +17022,6 @@ func (s *PutBucketLoggingInput) SetBucketLoggingStatus(v *BucketLoggingStatus) * return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLoggingOutput type PutBucketLoggingOutput struct { _ struct{} `type:"structure"` } @@ -17228,7 +17036,6 @@ func (s PutBucketLoggingOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketMetricsConfigurationRequest type PutBucketMetricsConfigurationInput struct { _ struct{} `type:"structure" payload:"MetricsConfiguration"` @@ -17307,7 +17114,6 @@ func (s *PutBucketMetricsConfigurationInput) SetMetricsConfiguration(v *MetricsC return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketMetricsConfigurationOutput type PutBucketMetricsConfigurationOutput struct { _ struct{} `type:"structure"` } @@ -17322,7 +17128,6 @@ func (s PutBucketMetricsConfigurationOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketNotificationConfigurationRequest type PutBucketNotificationConfigurationInput struct { _ struct{} `type:"structure" payload:"NotificationConfiguration"` @@ -17386,7 +17191,6 @@ func (s *PutBucketNotificationConfigurationInput) SetNotificationConfiguration(v return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketNotificationConfigurationOutput type PutBucketNotificationConfigurationOutput struct { _ struct{} `type:"structure"` } @@ -17401,7 +17205,6 @@ func (s PutBucketNotificationConfigurationOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketNotificationRequest type PutBucketNotificationInput struct { _ struct{} `type:"structure" payload:"NotificationConfiguration"` @@ -17457,7 +17260,6 @@ func (s *PutBucketNotificationInput) SetNotificationConfiguration(v *Notificatio return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketNotificationOutput type PutBucketNotificationOutput struct { _ struct{} `type:"structure"` } @@ -17472,7 +17274,6 @@ func (s PutBucketNotificationOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketPolicyRequest type PutBucketPolicyInput struct { _ struct{} `type:"structure" payload:"Policy"` @@ -17540,7 +17341,6 @@ func (s *PutBucketPolicyInput) SetPolicy(v string) *PutBucketPolicyInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketPolicyOutput type PutBucketPolicyOutput struct { _ struct{} `type:"structure"` } @@ -17555,7 +17355,6 @@ func (s PutBucketPolicyOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketReplicationRequest type PutBucketReplicationInput struct { _ struct{} `type:"structure" payload:"ReplicationConfiguration"` @@ -17619,7 +17418,6 @@ func (s *PutBucketReplicationInput) SetReplicationConfiguration(v *ReplicationCo return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketReplicationOutput type PutBucketReplicationOutput struct { _ struct{} `type:"structure"` } @@ -17634,7 +17432,6 @@ func (s PutBucketReplicationOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketRequestPaymentRequest type PutBucketRequestPaymentInput struct { _ struct{} `type:"structure" payload:"RequestPaymentConfiguration"` @@ -17695,7 +17492,6 @@ func (s *PutBucketRequestPaymentInput) SetRequestPaymentConfiguration(v *Request return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketRequestPaymentOutput type PutBucketRequestPaymentOutput struct { _ struct{} `type:"structure"` } @@ -17710,7 +17506,6 @@ func (s PutBucketRequestPaymentOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketTaggingRequest type PutBucketTaggingInput struct { _ struct{} `type:"structure" payload:"Tagging"` @@ -17771,7 +17566,6 @@ func (s *PutBucketTaggingInput) SetTagging(v *Tagging) *PutBucketTaggingInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketTaggingOutput type PutBucketTaggingOutput struct { _ struct{} `type:"structure"` } @@ -17786,7 +17580,6 @@ func (s PutBucketTaggingOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketVersioningRequest type PutBucketVersioningInput struct { _ struct{} `type:"structure" payload:"VersioningConfiguration"` @@ -17852,7 +17645,6 @@ func (s *PutBucketVersioningInput) SetVersioningConfiguration(v *VersioningConfi return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketVersioningOutput type PutBucketVersioningOutput struct { _ struct{} `type:"structure"` } @@ -17867,7 +17659,6 @@ func (s PutBucketVersioningOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketWebsiteRequest type PutBucketWebsiteInput struct { _ struct{} `type:"structure" payload:"WebsiteConfiguration"` @@ -17928,7 +17719,6 @@ func (s *PutBucketWebsiteInput) SetWebsiteConfiguration(v *WebsiteConfiguration) return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketWebsiteOutput type PutBucketWebsiteOutput struct { _ struct{} `type:"structure"` } @@ -17943,7 +17733,6 @@ func (s PutBucketWebsiteOutput) GoString() string { return s.String() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectAclRequest type PutObjectAclInput struct { _ struct{} `type:"structure" payload:"AccessControlPolicy"` @@ -18091,7 +17880,6 @@ func (s *PutObjectAclInput) SetVersionId(v string) *PutObjectAclInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectAclOutput type PutObjectAclOutput struct { _ struct{} `type:"structure"` @@ -18116,7 +17904,6 @@ func (s *PutObjectAclOutput) SetRequestCharged(v string) *PutObjectAclOutput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectRequest type PutObjectInput struct { _ struct{} `type:"structure" payload:"Body"` @@ -18420,7 +18207,6 @@ func (s *PutObjectInput) SetWebsiteRedirectLocation(v string) *PutObjectInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectOutput type PutObjectOutput struct { _ struct{} `type:"structure"` @@ -18515,7 +18301,6 @@ func (s *PutObjectOutput) SetVersionId(v string) *PutObjectOutput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectTaggingRequest type PutObjectTaggingInput struct { _ struct{} `type:"structure" payload:"Tagging"` @@ -18599,7 +18384,6 @@ func (s *PutObjectTaggingInput) SetVersionId(v string) *PutObjectTaggingInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectTaggingOutput type PutObjectTaggingOutput struct { _ struct{} `type:"structure"` @@ -18624,7 +18408,6 @@ func (s *PutObjectTaggingOutput) SetVersionId(v string) *PutObjectTaggingOutput // Container for specifying an configuration when you want Amazon S3 to publish // events to an Amazon Simple Queue Service (Amazon SQS) queue. -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/QueueConfiguration type QueueConfiguration struct { _ struct{} `type:"structure"` @@ -18696,7 +18479,6 @@ func (s *QueueConfiguration) SetQueueArn(v string) *QueueConfiguration { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/QueueConfigurationDeprecated type QueueConfigurationDeprecated struct { _ struct{} `type:"structure"` @@ -18746,7 +18528,6 @@ func (s *QueueConfigurationDeprecated) SetQueue(v string) *QueueConfigurationDep return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/Redirect type Redirect struct { _ struct{} `type:"structure"` @@ -18815,7 +18596,6 @@ func (s *Redirect) SetReplaceKeyWith(v string) *Redirect { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/RedirectAllRequestsTo type RedirectAllRequestsTo struct { _ struct{} `type:"structure"` @@ -18866,7 +18646,6 @@ func (s *RedirectAllRequestsTo) SetProtocol(v string) *RedirectAllRequestsTo { // Container for replication rules. You can add as many as 1,000 rules. Total // replication configuration size can be up to 2 MB. -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ReplicationConfiguration type ReplicationConfiguration struct { _ struct{} `type:"structure"` @@ -18932,7 +18711,6 @@ func (s *ReplicationConfiguration) SetRules(v []*ReplicationRule) *ReplicationCo } // Container for information about a particular replication rule. -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ReplicationRule type ReplicationRule struct { _ struct{} `type:"structure"` @@ -19029,7 +18807,6 @@ func (s *ReplicationRule) SetStatus(v string) *ReplicationRule { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/RequestPaymentConfiguration type RequestPaymentConfiguration struct { _ struct{} `type:"structure"` @@ -19068,7 +18845,6 @@ func (s *RequestPaymentConfiguration) SetPayer(v string) *RequestPaymentConfigur return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/RestoreObjectRequest type RestoreObjectInput struct { _ struct{} `type:"structure" payload:"RestoreRequest"` @@ -19161,7 +18937,6 @@ func (s *RestoreObjectInput) SetVersionId(v string) *RestoreObjectInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/RestoreObjectOutput type RestoreObjectOutput struct { _ struct{} `type:"structure"` @@ -19197,7 +18972,6 @@ func (s *RestoreObjectOutput) SetRestoreOutputPath(v string) *RestoreObjectOutpu } // Container for restore job parameters. -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/RestoreRequest type RestoreRequest struct { _ struct{} `type:"structure"` @@ -19302,7 +19076,6 @@ func (s *RestoreRequest) SetType(v string) *RestoreRequest { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/RoutingRule type RoutingRule struct { _ struct{} `type:"structure"` @@ -19355,7 +19128,6 @@ func (s *RoutingRule) SetRedirect(v *Redirect) *RoutingRule { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/Rule type Rule struct { _ struct{} `type:"structure"` @@ -19471,7 +19243,6 @@ func (s *Rule) SetTransition(v *Transition) *Rule { } // Specifies the use of SSE-KMS to encrypt delievered Inventory reports. -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/SSEKMS type SSEKMS struct { _ struct{} `locationName:"SSE-KMS" type:"structure"` @@ -19512,7 +19283,6 @@ func (s *SSEKMS) SetKeyId(v string) *SSEKMS { } // Specifies the use of SSE-S3 to encrypt delievered Inventory reports. -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/SSES3 type SSES3 struct { _ struct{} `locationName:"SSE-S3" type:"structure"` } @@ -19528,7 +19298,6 @@ func (s SSES3) GoString() string { } // Describes the parameters for Select job types. -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/SelectParameters type SelectParameters struct { _ struct{} `type:"structure"` @@ -19612,7 +19381,6 @@ func (s *SelectParameters) SetOutputSerialization(v *OutputSerialization) *Selec // Describes the default server-side encryption to apply to new objects in the // bucket. If Put Object request does not specify any server-side encryption, // this default encryption will be applied. -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ServerSideEncryptionByDefault type ServerSideEncryptionByDefault struct { _ struct{} `type:"structure"` @@ -19663,7 +19431,6 @@ func (s *ServerSideEncryptionByDefault) SetSSEAlgorithm(v string) *ServerSideEnc // Container for server-side encryption configuration rules. Currently S3 supports // one rule only. -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ServerSideEncryptionConfiguration type ServerSideEncryptionConfiguration struct { _ struct{} `type:"structure"` @@ -19715,7 +19482,6 @@ func (s *ServerSideEncryptionConfiguration) SetRules(v []*ServerSideEncryptionRu // Container for information about a particular server-side encryption configuration // rule. -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ServerSideEncryptionRule type ServerSideEncryptionRule struct { _ struct{} `type:"structure"` @@ -19757,7 +19523,6 @@ func (s *ServerSideEncryptionRule) SetApplyServerSideEncryptionByDefault(v *Serv } // Container for filters that define which source objects should be replicated. -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/SourceSelectionCriteria type SourceSelectionCriteria struct { _ struct{} `type:"structure"` @@ -19797,7 +19562,6 @@ func (s *SourceSelectionCriteria) SetSseKmsEncryptedObjects(v *SseKmsEncryptedOb } // Container for filter information of selection of KMS Encrypted S3 objects. -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/SseKmsEncryptedObjects type SseKmsEncryptedObjects struct { _ struct{} `type:"structure"` @@ -19837,7 +19601,6 @@ func (s *SseKmsEncryptedObjects) SetStatus(v string) *SseKmsEncryptedObjects { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/StorageClassAnalysis type StorageClassAnalysis struct { _ struct{} `type:"structure"` @@ -19877,7 +19640,6 @@ func (s *StorageClassAnalysis) SetDataExport(v *StorageClassAnalysisDataExport) return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/StorageClassAnalysisDataExport type StorageClassAnalysisDataExport struct { _ struct{} `type:"structure"` @@ -19935,7 +19697,6 @@ func (s *StorageClassAnalysisDataExport) SetOutputSchemaVersion(v string) *Stora return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/Tag type Tag struct { _ struct{} `type:"structure"` @@ -19991,7 +19752,6 @@ func (s *Tag) SetValue(v string) *Tag { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/Tagging type Tagging struct { _ struct{} `type:"structure"` @@ -20038,7 +19798,6 @@ func (s *Tagging) SetTagSet(v []*Tag) *Tagging { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/TargetGrant type TargetGrant struct { _ struct{} `type:"structure"` @@ -20087,7 +19846,6 @@ func (s *TargetGrant) SetPermission(v string) *TargetGrant { // Container for specifying the configuration when you want Amazon S3 to publish // events to an Amazon Simple Notification Service (Amazon SNS) topic. -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/TopicConfiguration type TopicConfiguration struct { _ struct{} `type:"structure"` @@ -20159,7 +19917,6 @@ func (s *TopicConfiguration) SetTopicArn(v string) *TopicConfiguration { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/TopicConfigurationDeprecated type TopicConfigurationDeprecated struct { _ struct{} `type:"structure"` @@ -20211,7 +19968,6 @@ func (s *TopicConfigurationDeprecated) SetTopic(v string) *TopicConfigurationDep return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/Transition type Transition struct { _ struct{} `type:"structure"` @@ -20255,7 +20011,6 @@ func (s *Transition) SetStorageClass(v string) *Transition { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/UploadPartCopyRequest type UploadPartCopyInput struct { _ struct{} `type:"structure"` @@ -20499,7 +20254,6 @@ func (s *UploadPartCopyInput) SetUploadId(v string) *UploadPartCopyInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/UploadPartCopyOutput type UploadPartCopyOutput struct { _ struct{} `type:"structure" payload:"CopyPartResult"` @@ -20584,7 +20338,6 @@ func (s *UploadPartCopyOutput) SetServerSideEncryption(v string) *UploadPartCopy return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/UploadPartRequest type UploadPartInput struct { _ struct{} `type:"structure" payload:"Body"` @@ -20757,7 +20510,6 @@ func (s *UploadPartInput) SetUploadId(v string) *UploadPartInput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/UploadPartOutput type UploadPartOutput struct { _ struct{} `type:"structure"` @@ -20833,7 +20585,6 @@ func (s *UploadPartOutput) SetServerSideEncryption(v string) *UploadPartOutput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/VersioningConfiguration type VersioningConfiguration struct { _ struct{} `type:"structure"` @@ -20868,7 +20619,6 @@ func (s *VersioningConfiguration) SetStatus(v string) *VersioningConfiguration { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/WebsiteConfiguration type WebsiteConfiguration struct { _ struct{} `type:"structure"` diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go index 23f0a06db8ab..22a0a12856fe 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go @@ -1049,7 +1049,6 @@ func (c *STS) GetSessionTokenWithContext(ctx aws.Context, input *GetSessionToken return out, req.Send() } -// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleRequest type AssumeRoleInput struct { _ struct{} `type:"structure"` @@ -1241,7 +1240,6 @@ func (s *AssumeRoleInput) SetTokenCode(v string) *AssumeRoleInput { // Contains the response to a successful AssumeRole request, including temporary // AWS credentials that can be used to make AWS requests. -// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleResponse type AssumeRoleOutput struct { _ struct{} `type:"structure"` @@ -1295,7 +1293,6 @@ func (s *AssumeRoleOutput) SetPackedPolicySize(v int64) *AssumeRoleOutput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithSAMLRequest type AssumeRoleWithSAMLInput struct { _ struct{} `type:"structure"` @@ -1436,7 +1433,6 @@ func (s *AssumeRoleWithSAMLInput) SetSAMLAssertion(v string) *AssumeRoleWithSAML // Contains the response to a successful AssumeRoleWithSAML request, including // temporary AWS credentials that can be used to make AWS requests. -// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithSAMLResponse type AssumeRoleWithSAMLOutput struct { _ struct{} `type:"structure"` @@ -1548,7 +1544,6 @@ func (s *AssumeRoleWithSAMLOutput) SetSubjectType(v string) *AssumeRoleWithSAMLO return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithWebIdentityRequest type AssumeRoleWithWebIdentityInput struct { _ struct{} `type:"structure"` @@ -1711,7 +1706,6 @@ func (s *AssumeRoleWithWebIdentityInput) SetWebIdentityToken(v string) *AssumeRo // Contains the response to a successful AssumeRoleWithWebIdentity request, // including temporary AWS credentials that can be used to make AWS requests. -// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithWebIdentityResponse type AssumeRoleWithWebIdentityOutput struct { _ struct{} `type:"structure"` @@ -1804,7 +1798,6 @@ func (s *AssumeRoleWithWebIdentityOutput) SetSubjectFromWebIdentityToken(v strin // The identifiers for the temporary security credentials that the operation // returns. -// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumedRoleUser type AssumedRoleUser struct { _ struct{} `type:"structure"` @@ -1847,7 +1840,6 @@ func (s *AssumedRoleUser) SetAssumedRoleId(v string) *AssumedRoleUser { } // AWS credentials for API authentication. -// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/Credentials type Credentials struct { _ struct{} `type:"structure"` @@ -1906,7 +1898,6 @@ func (s *Credentials) SetSessionToken(v string) *Credentials { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/DecodeAuthorizationMessageRequest type DecodeAuthorizationMessageInput struct { _ struct{} `type:"structure"` @@ -1951,7 +1942,6 @@ func (s *DecodeAuthorizationMessageInput) SetEncodedMessage(v string) *DecodeAut // A document that contains additional information about the authorization status // of a request from an encoded message that is returned in response to an AWS // request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/DecodeAuthorizationMessageResponse type DecodeAuthorizationMessageOutput struct { _ struct{} `type:"structure"` @@ -1976,7 +1966,6 @@ func (s *DecodeAuthorizationMessageOutput) SetDecodedMessage(v string) *DecodeAu } // Identifiers for the federated user that is associated with the credentials. -// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/FederatedUser type FederatedUser struct { _ struct{} `type:"structure"` @@ -2017,7 +2006,6 @@ func (s *FederatedUser) SetFederatedUserId(v string) *FederatedUser { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetCallerIdentityRequest type GetCallerIdentityInput struct { _ struct{} `type:"structure"` } @@ -2034,7 +2022,6 @@ func (s GetCallerIdentityInput) GoString() string { // Contains the response to a successful GetCallerIdentity request, including // information about the entity making the request. -// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetCallerIdentityResponse type GetCallerIdentityOutput struct { _ struct{} `type:"structure"` @@ -2080,7 +2067,6 @@ func (s *GetCallerIdentityOutput) SetUserId(v string) *GetCallerIdentityOutput { return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetFederationTokenRequest type GetFederationTokenInput struct { _ struct{} `type:"structure"` @@ -2189,7 +2175,6 @@ func (s *GetFederationTokenInput) SetPolicy(v string) *GetFederationTokenInput { // Contains the response to a successful GetFederationToken request, including // temporary AWS credentials that can be used to make AWS requests. -// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetFederationTokenResponse type GetFederationTokenOutput struct { _ struct{} `type:"structure"` @@ -2242,7 +2227,6 @@ func (s *GetFederationTokenOutput) SetPackedPolicySize(v int64) *GetFederationTo return s } -// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetSessionTokenRequest type GetSessionTokenInput struct { _ struct{} `type:"structure"` @@ -2327,7 +2311,6 @@ func (s *GetSessionTokenInput) SetTokenCode(v string) *GetSessionTokenInput { // Contains the response to a successful GetSessionToken request, including // temporary AWS credentials that can be used to make AWS requests. -// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetSessionTokenResponse type GetSessionTokenOutput struct { _ struct{} `type:"structure"` diff --git a/vendor/github.com/cenk/backoff/LICENSE b/vendor/github.com/cenkalti/backoff/LICENSE similarity index 100% rename from vendor/github.com/cenk/backoff/LICENSE rename to vendor/github.com/cenkalti/backoff/LICENSE diff --git a/vendor/github.com/cenk/backoff/README.md b/vendor/github.com/cenkalti/backoff/README.md similarity index 100% rename from vendor/github.com/cenk/backoff/README.md rename to vendor/github.com/cenkalti/backoff/README.md diff --git a/vendor/github.com/cenk/backoff/backoff.go b/vendor/github.com/cenkalti/backoff/backoff.go similarity index 100% rename from vendor/github.com/cenk/backoff/backoff.go rename to vendor/github.com/cenkalti/backoff/backoff.go diff --git a/vendor/github.com/cenk/backoff/context.go b/vendor/github.com/cenkalti/backoff/context.go similarity index 100% rename from vendor/github.com/cenk/backoff/context.go rename to vendor/github.com/cenkalti/backoff/context.go diff --git a/vendor/github.com/cenk/backoff/exponential.go b/vendor/github.com/cenkalti/backoff/exponential.go similarity index 100% rename from vendor/github.com/cenk/backoff/exponential.go rename to vendor/github.com/cenkalti/backoff/exponential.go diff --git a/vendor/github.com/cenk/backoff/retry.go b/vendor/github.com/cenkalti/backoff/retry.go similarity index 100% rename from vendor/github.com/cenk/backoff/retry.go rename to vendor/github.com/cenkalti/backoff/retry.go diff --git a/vendor/github.com/cenk/backoff/ticker.go b/vendor/github.com/cenkalti/backoff/ticker.go similarity index 100% rename from vendor/github.com/cenk/backoff/ticker.go rename to vendor/github.com/cenkalti/backoff/ticker.go diff --git a/vendor/github.com/cenk/backoff/tries.go b/vendor/github.com/cenkalti/backoff/tries.go similarity index 100% rename from vendor/github.com/cenk/backoff/tries.go rename to vendor/github.com/cenkalti/backoff/tries.go diff --git a/vendor/github.com/circonus-labs/circonus-gometrics/CHANGELOG.md b/vendor/github.com/circonus-labs/circonus-gometrics/CHANGELOG.md index 9a54a31a9328..3e74d9fe7d9b 100644 --- a/vendor/github.com/circonus-labs/circonus-gometrics/CHANGELOG.md +++ b/vendor/github.com/circonus-labs/circonus-gometrics/CHANGELOG.md @@ -1,5 +1,20 @@ -# v2.0.0 +# v2.1.1 + +* dep dependencies +* fix two instances of shadowed variables +* fix several documentation typos +* simplify (gofmt -s) +* remove an inefficient use of regexp.MatchString + +# v2.1.0 * Add unix socket capability for SubmissionURL `http+unix://...` * Add `RecordCountForValue` function to histograms + +# v2.0.0 + +* gauges as `interface{}` + * change: `GeTestGauge(string) (string,error)` -> `GeTestGauge(string) (interface{},error)` + * add: `AddGauge(string, interface{})` to add a delta value to an existing gauge +* prom output candidate * Add `CHANGELOG.md` to repository diff --git a/vendor/github.com/circonus-labs/circonus-gometrics/Gopkg.lock b/vendor/github.com/circonus-labs/circonus-gometrics/Gopkg.lock new file mode 100644 index 000000000000..68a3bd69330b --- /dev/null +++ b/vendor/github.com/circonus-labs/circonus-gometrics/Gopkg.lock @@ -0,0 +1,39 @@ +# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'. + + +[[projects]] + branch = "master" + name = "github.com/circonus-labs/circonusllhist" + packages = ["."] + revision = "1e65893c445875524c5610f2a58aef24e30ef98a" + +[[projects]] + branch = "master" + name = "github.com/hashicorp/go-cleanhttp" + packages = ["."] + revision = "d5fe4b57a186c716b0e00b8c301cbd9b4182694d" + +[[projects]] + branch = "master" + name = "github.com/hashicorp/go-retryablehttp" + packages = ["."] + revision = "794af36148bf63c118d6db80eb902a136b907e71" + +[[projects]] + name = "github.com/pkg/errors" + packages = ["."] + revision = "645ef00459ed84a119197bfb8d8205042c6df63d" + version = "v0.8.0" + +[[projects]] + branch = "master" + name = "github.com/tv42/httpunix" + packages = ["."] + revision = "b75d8614f926c077e48d85f1f8f7885b758c6225" + +[solve-meta] + analyzer-name = "dep" + analyzer-version = 1 + inputs-digest = "6db34ba31cd011426f28b5db0dbe259c4dc3787fb2074b2c06cb382385a90242" + solver-name = "gps-cdcl" + solver-version = 1 diff --git a/vendor/github.com/circonus-labs/circonus-gometrics/Gopkg.toml b/vendor/github.com/circonus-labs/circonus-gometrics/Gopkg.toml new file mode 100644 index 000000000000..fa41a53c0a65 --- /dev/null +++ b/vendor/github.com/circonus-labs/circonus-gometrics/Gopkg.toml @@ -0,0 +1,37 @@ +# Gopkg.toml example +# +# Refer to https://github.com/golang/dep/blob/master/docs/Gopkg.toml.md +# for detailed Gopkg.toml documentation. +# +# required = ["github.com/user/thing/cmd/thing"] +# ignored = ["github.com/user/project/pkgX", "bitbucket.org/user/project/pkgA/pkgY"] +# +# [[constraint]] +# name = "github.com/user/project" +# version = "1.0.0" +# +# [[constraint]] +# name = "github.com/user/project2" +# branch = "dev" +# source = "github.com/myfork/project2" +# +# [[override]] +# name = "github.com/x/y" +# version = "2.4.0" + + +[[constraint]] + branch = "master" + name = "github.com/circonus-labs/circonusllhist" + +[[constraint]] + branch = "master" + name = "github.com/hashicorp/go-retryablehttp" + +[[constraint]] + name = "github.com/pkg/errors" + version = "0.8.0" + +[[constraint]] + branch = "master" + name = "github.com/tv42/httpunix" diff --git a/vendor/github.com/circonus-labs/circonus-gometrics/api/api.go b/vendor/github.com/circonus-labs/circonus-gometrics/api/api.go index f3cd8cd8ad52..864b5aa1d514 100644 --- a/vendor/github.com/circonus-labs/circonus-gometrics/api/api.go +++ b/vendor/github.com/circonus-labs/circonus-gometrics/api/api.go @@ -20,7 +20,6 @@ import ( "net/http" "net/url" "os" - "regexp" "strings" "sync" "time" @@ -241,7 +240,7 @@ func (a *API) apiRequest(reqMethod string, reqPath string, data []byte) ([]byte, if !a.useExponentialBackoff { break } - if matched, _ := regexp.MatchString("code 403", err.Error()); matched { + if strings.Contains(err.Error(), "code 403") { break } } diff --git a/vendor/github.com/circonus-labs/circonus-gometrics/api/doc.go b/vendor/github.com/circonus-labs/circonus-gometrics/api/doc.go index 63904d7844b5..bdceae5d0427 100644 --- a/vendor/github.com/circonus-labs/circonus-gometrics/api/doc.go +++ b/vendor/github.com/circonus-labs/circonus-gometrics/api/doc.go @@ -56,7 +56,7 @@ Verbs Delete remove an item - e.g. DeleteAnnotation, DeleteAnnotationByCID Search search for item(s) - e.g. SearchAnnotations New new item config - e.g. NewAnnotation (returns an empty item, - any applicable defautls defined) + any applicable defaults defined) Not all endpoints support all verbs. */ diff --git a/vendor/github.com/circonus-labs/circonus-gometrics/api/rule_set_group.go b/vendor/github.com/circonus-labs/circonus-gometrics/api/rule_set_group.go index a15743061750..382c9221c66f 100644 --- a/vendor/github.com/circonus-labs/circonus-gometrics/api/rule_set_group.go +++ b/vendor/github.com/circonus-labs/circonus-gometrics/api/rule_set_group.go @@ -166,7 +166,7 @@ func (a *API) DeleteRuleSetGroup(cfg *RuleSetGroup) (bool, error) { return a.DeleteRuleSetGroupByCID(CIDType(&cfg.CID)) } -// DeleteRuleSetGroupByCID deletes rule set group wiht passed cid. +// DeleteRuleSetGroupByCID deletes rule set group with passed cid. func (a *API) DeleteRuleSetGroupByCID(cid CIDType) (bool, error) { if cid == nil || *cid == "" { return false, fmt.Errorf("Invalid rule set group CID [none]") diff --git a/vendor/github.com/circonus-labs/circonus-gometrics/checkmgr/check.go b/vendor/github.com/circonus-labs/circonus-gometrics/checkmgr/check.go index f9e9987de713..2f0c9eb13f04 100644 --- a/vendor/github.com/circonus-labs/circonus-gometrics/checkmgr/check.go +++ b/vendor/github.com/circonus-labs/circonus-gometrics/checkmgr/check.go @@ -166,7 +166,7 @@ func (cm *CheckManager) initializeTrapURL() error { // new search (check.target != instanceid, instanceid encoded in notes field) searchCriteria := fmt.Sprintf( "(active:1)(type:\"%s\")(tags:%s)", cm.checkType, strings.Join(cm.checkSearchTag, ",")) - filterCriteria := map[string][]string{"f_notes": []string{*cm.getNotes()}} + filterCriteria := map[string][]string{"f_notes": {*cm.getNotes()}} checkBundle, err = cm.checkBundleSearch(searchCriteria, filterCriteria) if err != nil { return err diff --git a/vendor/github.com/circonus-labs/circonus-gometrics/checkmgr/checkmgr.go b/vendor/github.com/circonus-labs/circonus-gometrics/checkmgr/checkmgr.go index 665f732fc2cb..c3b8322ed361 100644 --- a/vendor/github.com/circonus-labs/circonus-gometrics/checkmgr/checkmgr.go +++ b/vendor/github.com/circonus-labs/circonus-gometrics/checkmgr/checkmgr.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -// Package checkmgr provides a check management interace to circonus-gometrics +// Package checkmgr provides a check management interface to circonus-gometrics package checkmgr import ( @@ -37,7 +37,7 @@ import ( // - configuration parameters other than Check.SubmissionUrl, Debug and Log are ignored // - note: SubmissionUrl is **required** in this case as there is no way to derive w/o api // configure with api token - check management enabled -// - all otehr configuration parameters affect how the trap url is obtained +// - all other configuration parameters affect how the trap url is obtained // 1. provided (Check.SubmissionUrl) // 2. via check lookup (CheckConfig.Id) // 3. via a search using CheckConfig.InstanceId + CheckConfig.SearchTag @@ -103,7 +103,7 @@ type BrokerConfig struct { // for a broker to be considered viable it must respond to a // connection attempt within this amount of time e.g. 200ms, 2s, 1m MaxResponseTime string - // TLS configuration to use when communicating wtih broker + // TLS configuration to use when communicating within broker TLSConfig *tls.Config } @@ -221,11 +221,13 @@ func New(cfg *Config) (*CheckManager, error) { cm.Log = log.New(ioutil.Discard, "", log.LstdFlags) } - rx, err := regexp.Compile(`^http\+unix://(?P.+)/write/(?P.+)$`) - if err != nil { - return nil, errors.Wrap(err, "compiling socket regex") + { + rx, err := regexp.Compile(`^http\+unix://(?P.+)/write/(?P.+)$`) + if err != nil { + return nil, errors.Wrap(err, "compiling socket regex") + } + cm.sockRx = rx } - cm.sockRx = rx if cfg.Check.SubmissionURL != "" { cm.checkSubmissionURL = api.URLType(cfg.Check.SubmissionURL) @@ -410,7 +412,6 @@ func (cm *CheckManager) GetSubmissionURL() (*Trap, error) { if err != nil { return nil, errors.Wrap(err, "get submission url") } - trap.URL = u if u.Scheme == "http+unix" { @@ -435,11 +436,12 @@ func (cm *CheckManager) GetSubmissionURL() (*Trap, error) { return nil, errors.Errorf("get submission url - invalid socket url (%s)", cm.trapURL) } - u, err := url.Parse(fmt.Sprintf("http+unix://%s/write/%s", service, metricID)) + u, err = url.Parse(fmt.Sprintf("http+unix://%s/write/%s", service, metricID)) if err != nil { return nil, errors.Wrap(err, "get submission url") } trap.URL = u + trap.SockTransport = &httpunix.Transport{ DialTimeout: 100 * time.Millisecond, RequestTimeout: 1 * time.Second, diff --git a/vendor/github.com/circonus-labs/circonus-gometrics/circonus-gometrics.go b/vendor/github.com/circonus-labs/circonus-gometrics/circonus-gometrics.go index e335aea96066..019cc8f8660e 100644 --- a/vendor/github.com/circonus-labs/circonus-gometrics/circonus-gometrics.go +++ b/vendor/github.com/circonus-labs/circonus-gometrics/circonus-gometrics.go @@ -238,7 +238,7 @@ func New(cfg *Config) (*CirconusMetrics, error) { // Start deprecated NOP, automatic flush is started in New if flush interval > 0. func (m *CirconusMetrics) Start() { - return + // nop } // Ready returns true or false indicating if the check is ready to accept metrics diff --git a/vendor/github.com/coreos/etcd/client/client.go b/vendor/github.com/coreos/etcd/client/client.go index e6874505666b..ec7327230493 100644 --- a/vendor/github.com/coreos/etcd/client/client.go +++ b/vendor/github.com/coreos/etcd/client/client.go @@ -29,7 +29,7 @@ import ( "sync" "time" - "github.com/coreos/etcd/version" + "github.com/coreos/etcd/internal/version" ) var ( diff --git a/vendor/github.com/coreos/etcd/clientv3/auth.go b/vendor/github.com/coreos/etcd/clientv3/auth.go index 7545bb6ca1ca..6ffe48b0caf7 100644 --- a/vendor/github.com/coreos/etcd/clientv3/auth.go +++ b/vendor/github.com/coreos/etcd/clientv3/auth.go @@ -19,8 +19,8 @@ import ( "fmt" "strings" - "github.com/coreos/etcd/auth/authpb" pb "github.com/coreos/etcd/etcdserver/etcdserverpb" + "github.com/coreos/etcd/internal/auth/authpb" "google.golang.org/grpc" ) diff --git a/vendor/github.com/coreos/etcd/clientv3/client.go b/vendor/github.com/coreos/etcd/clientv3/client.go index 685401084da6..01a93f5a3b91 100644 --- a/vendor/github.com/coreos/etcd/clientv3/client.go +++ b/vendor/github.com/coreos/etcd/clientv3/client.go @@ -166,7 +166,7 @@ func (c *Client) autoSync() { err := c.Sync(ctx) cancel() if err != nil && err != c.ctx.Err() { - logger.Println("Auto sync endpoints failed:", err) + lg.Lvl(4).Infof("Auto sync endpoints failed: %v", err) } } } diff --git a/vendor/github.com/coreos/etcd/clientv3/health_balancer.go b/vendor/github.com/coreos/etcd/clientv3/health_balancer.go index 5918cba84823..ce447c7e9f99 100644 --- a/vendor/github.com/coreos/etcd/clientv3/health_balancer.go +++ b/vendor/github.com/coreos/etcd/clientv3/health_balancer.go @@ -158,26 +158,26 @@ func (b *healthBalancer) pinned() string { func (b *healthBalancer) hostPortError(hostPort string, err error) { if b.endpoint(hostPort) == "" { - logger.Lvl(4).Infof("clientv3/balancer: %q is stale (skip marking as unhealthy on %q)", hostPort, err.Error()) + lg.Lvl(4).Infof("clientv3/balancer: %q is stale (skip marking as unhealthy on %q)", hostPort, err.Error()) return } b.unhealthyMu.Lock() b.unhealthyHostPorts[hostPort] = time.Now() b.unhealthyMu.Unlock() - logger.Lvl(4).Infof("clientv3/balancer: %q is marked unhealthy (%q)", hostPort, err.Error()) + lg.Lvl(4).Infof("clientv3/balancer: %q is marked unhealthy (%q)", hostPort, err.Error()) } func (b *healthBalancer) removeUnhealthy(hostPort, msg string) { if b.endpoint(hostPort) == "" { - logger.Lvl(4).Infof("clientv3/balancer: %q was not in unhealthy (%q)", hostPort, msg) + lg.Lvl(4).Infof("clientv3/balancer: %q was not in unhealthy (%q)", hostPort, msg) return } b.unhealthyMu.Lock() delete(b.unhealthyHostPorts, hostPort) b.unhealthyMu.Unlock() - logger.Lvl(4).Infof("clientv3/balancer: %q is removed from unhealthy (%q)", hostPort, msg) + lg.Lvl(4).Infof("clientv3/balancer: %q is removed from unhealthy (%q)", hostPort, msg) } func (b *healthBalancer) countUnhealthy() (count int) { @@ -199,7 +199,7 @@ func (b *healthBalancer) cleanupUnhealthy() { for k, v := range b.unhealthyHostPorts { if time.Since(v) > b.healthCheckTimeout { delete(b.unhealthyHostPorts, k) - logger.Lvl(4).Infof("clientv3/balancer: removed %q from unhealthy after %v", k, b.healthCheckTimeout) + lg.Lvl(4).Infof("clientv3/balancer: removed %q from unhealthy after %v", k, b.healthCheckTimeout) } } b.unhealthyMu.Unlock() @@ -402,7 +402,7 @@ func (b *healthBalancer) Up(addr grpc.Address) func(error) { } if b.pinAddr != "" { - logger.Lvl(4).Infof("clientv3/balancer: %q is up but not pinned (already pinned %q)", addr.Addr, b.pinAddr) + lg.Lvl(4).Infof("clientv3/balancer: %q is up but not pinned (already pinned %q)", addr.Addr, b.pinAddr) return func(err error) {} } @@ -410,7 +410,7 @@ func (b *healthBalancer) Up(addr grpc.Address) func(error) { close(b.upc) b.downc = make(chan struct{}) b.pinAddr = addr.Addr - logger.Lvl(4).Infof("clientv3/balancer: pin %q", addr.Addr) + lg.Lvl(4).Infof("clientv3/balancer: pin %q", addr.Addr) // notify client that a connection is up b.readyOnce.Do(func() { close(b.readyc) }) @@ -427,7 +427,7 @@ func (b *healthBalancer) Up(addr grpc.Address) func(error) { close(b.downc) b.pinAddr = "" b.mu.Unlock() - logger.Lvl(4).Infof("clientv3/balancer: unpin %q (%q)", addr.Addr, err.Error()) + lg.Lvl(4).Infof("clientv3/balancer: unpin %q (%q)", addr.Addr, err.Error()) } } @@ -454,7 +454,7 @@ func (b *healthBalancer) mayPin(addr grpc.Address) bool { // 3. grpc-healthcheck still SERVING, thus retry to pin // instead, return before grpc-healthcheck if failed within healthcheck timeout if elapsed := time.Since(failedTime); elapsed < b.healthCheckTimeout { - logger.Lvl(4).Infof("clientv3/balancer: %q is up but not pinned (failed %v ago, require minimum %v after failure)", addr.Addr, elapsed, b.healthCheckTimeout) + lg.Lvl(4).Infof("clientv3/balancer: %q is up but not pinned (failed %v ago, require minimum %v after failure)", addr.Addr, elapsed, b.healthCheckTimeout) return false } diff --git a/vendor/github.com/coreos/etcd/clientv3/logger.go b/vendor/github.com/coreos/etcd/clientv3/logger.go index 782e313137a6..6c13514a27d2 100644 --- a/vendor/github.com/coreos/etcd/clientv3/logger.go +++ b/vendor/github.com/coreos/etcd/clientv3/logger.go @@ -18,28 +18,14 @@ import ( "io/ioutil" "sync" + "github.com/coreos/etcd/pkg/logger" + "google.golang.org/grpc/grpclog" ) -// Logger is the logger used by client library. -// It implements grpclog.LoggerV2 interface. -type Logger interface { - grpclog.LoggerV2 - - // Lvl returns logger if logger's verbosity level >= "lvl". - // Otherwise, logger that discards all logs. - Lvl(lvl int) Logger - - // to satisfy capnslog - - Print(args ...interface{}) - Printf(format string, args ...interface{}) - Println(args ...interface{}) -} - var ( - loggerMu sync.RWMutex - logger Logger + lgMu sync.RWMutex + lg logger.Logger ) type settableLogger struct { @@ -49,29 +35,29 @@ type settableLogger struct { func init() { // disable client side logs by default - logger = &settableLogger{} + lg = &settableLogger{} SetLogger(grpclog.NewLoggerV2(ioutil.Discard, ioutil.Discard, ioutil.Discard)) } // SetLogger sets client-side Logger. func SetLogger(l grpclog.LoggerV2) { - loggerMu.Lock() - logger = NewLogger(l) + lgMu.Lock() + lg = logger.New(l) // override grpclog so that any changes happen with locking - grpclog.SetLoggerV2(logger) - loggerMu.Unlock() + grpclog.SetLoggerV2(lg) + lgMu.Unlock() } -// GetLogger returns the current logger. -func GetLogger() Logger { - loggerMu.RLock() - l := logger - loggerMu.RUnlock() +// GetLogger returns the current logger.Logger. +func GetLogger() logger.Logger { + lgMu.RLock() + l := lg + lgMu.RUnlock() return l } -// NewLogger returns a new Logger with grpclog.LoggerV2. -func NewLogger(gl grpclog.LoggerV2) Logger { +// NewLogger returns a new Logger with logger.Logger. +func NewLogger(gl grpclog.LoggerV2) logger.Logger { return &settableLogger{l: gl} } @@ -104,32 +90,12 @@ func (s *settableLogger) Print(args ...interface{}) { s.get().In func (s *settableLogger) Printf(format string, args ...interface{}) { s.get().Infof(format, args...) } func (s *settableLogger) Println(args ...interface{}) { s.get().Infoln(args...) } func (s *settableLogger) V(l int) bool { return s.get().V(l) } -func (s *settableLogger) Lvl(lvl int) Logger { +func (s *settableLogger) Lvl(lvl int) grpclog.LoggerV2 { s.mu.RLock() l := s.l s.mu.RUnlock() if l.V(lvl) { return s } - return &noLogger{} + return logger.NewDiscardLogger() } - -type noLogger struct{} - -func (*noLogger) Info(args ...interface{}) {} -func (*noLogger) Infof(format string, args ...interface{}) {} -func (*noLogger) Infoln(args ...interface{}) {} -func (*noLogger) Warning(args ...interface{}) {} -func (*noLogger) Warningf(format string, args ...interface{}) {} -func (*noLogger) Warningln(args ...interface{}) {} -func (*noLogger) Error(args ...interface{}) {} -func (*noLogger) Errorf(format string, args ...interface{}) {} -func (*noLogger) Errorln(args ...interface{}) {} -func (*noLogger) Fatal(args ...interface{}) {} -func (*noLogger) Fatalf(format string, args ...interface{}) {} -func (*noLogger) Fatalln(args ...interface{}) {} -func (*noLogger) Print(args ...interface{}) {} -func (*noLogger) Printf(format string, args ...interface{}) {} -func (*noLogger) Println(args ...interface{}) {} -func (*noLogger) V(l int) bool { return false } -func (ng *noLogger) Lvl(lvl int) Logger { return ng } diff --git a/vendor/github.com/coreos/etcd/clientv3/retry.go b/vendor/github.com/coreos/etcd/clientv3/retry.go index f923f74ba26a..13b5b9d67b42 100644 --- a/vendor/github.com/coreos/etcd/clientv3/retry.go +++ b/vendor/github.com/coreos/etcd/clientv3/retry.go @@ -96,13 +96,13 @@ func (c *Client) newRetryWrapper() retryRPCFunc { if err == nil { return nil } - logger.Lvl(4).Infof("clientv3/retry: error %q on pinned endpoint %q", err.Error(), pinned) + lg.Lvl(4).Infof("clientv3/retry: error %q on pinned endpoint %q", err.Error(), pinned) if s, ok := status.FromError(err); ok && (s.Code() == codes.Unavailable || s.Code() == codes.DeadlineExceeded || s.Code() == codes.Internal) { // mark this before endpoint switch is triggered c.balancer.hostPortError(pinned, err) c.balancer.next() - logger.Lvl(4).Infof("clientv3/retry: switching from %q due to error %q", pinned, err.Error()) + lg.Lvl(4).Infof("clientv3/retry: switching from %q due to error %q", pinned, err.Error()) } if isStop(err) { @@ -120,12 +120,12 @@ func (c *Client) newAuthRetryWrapper(retryf retryRPCFunc) retryRPCFunc { if err == nil { return nil } - logger.Lvl(4).Infof("clientv3/auth-retry: error %q on pinned endpoint %q", err.Error(), pinned) + lg.Lvl(4).Infof("clientv3/auth-retry: error %q on pinned endpoint %q", err.Error(), pinned) // always stop retry on etcd errors other than invalid auth token if rpctypes.Error(err) == rpctypes.ErrInvalidAuthToken { gterr := c.getToken(rpcCtx) if gterr != nil { - logger.Lvl(4).Infof("clientv3/auth-retry: cannot retry due to error %q(%q) on pinned endpoint %q", err.Error(), gterr.Error(), pinned) + lg.Lvl(4).Infof("clientv3/auth-retry: cannot retry due to error %q(%q) on pinned endpoint %q", err.Error(), gterr.Error(), pinned) return err // return the original error for simplicity } continue diff --git a/vendor/github.com/coreos/etcd/etcdserver/etcdserverpb/rpc.pb.go b/vendor/github.com/coreos/etcd/etcdserver/etcdserverpb/rpc.pb.go index ce9e87c2a586..6ec38362fee8 100644 --- a/vendor/github.com/coreos/etcd/etcdserver/etcdserverpb/rpc.pb.go +++ b/vendor/github.com/coreos/etcd/etcdserver/etcdserverpb/rpc.pb.go @@ -14,7 +14,7 @@ import ( mvccpb "github.com/coreos/etcd/internal/mvcc/mvccpb" - authpb "github.com/coreos/etcd/auth/authpb" + authpb "github.com/coreos/etcd/internal/auth/authpb" context "golang.org/x/net/context" @@ -2436,7 +2436,7 @@ type StatusResponse struct { Header *ResponseHeader `protobuf:"bytes,1,opt,name=header" json:"header,omitempty"` // version is the cluster protocol version used by the responding member. Version string `protobuf:"bytes,2,opt,name=version,proto3" json:"version,omitempty"` - // dbSize is the size of the backend database, in bytes, of the responding member. + // dbSize is the size of the backend database physically allocated, in bytes, of the responding member. DbSize int64 `protobuf:"varint,3,opt,name=dbSize,proto3" json:"dbSize,omitempty"` // leader is the member ID which the responding member believes is the current leader. Leader uint64 `protobuf:"varint,4,opt,name=leader,proto3" json:"leader,omitempty"` @@ -2448,6 +2448,8 @@ type StatusResponse struct { RaftAppliedIndex uint64 `protobuf:"varint,7,opt,name=raftAppliedIndex,proto3" json:"raftAppliedIndex,omitempty"` // errors contains alarm/health information and status. Errors []string `protobuf:"bytes,8,rep,name=errors" json:"errors,omitempty"` + // dbSizeInUse is the size of the backend database logically in use, in bytes, of the responding member. + DbSizeInUse int64 `protobuf:"varint,9,opt,name=dbSizeInUse,proto3" json:"dbSizeInUse,omitempty"` } func (m *StatusResponse) Reset() { *m = StatusResponse{} } @@ -2511,6 +2513,13 @@ func (m *StatusResponse) GetErrors() []string { return nil } +func (m *StatusResponse) GetDbSizeInUse() int64 { + if m != nil { + return m.DbSizeInUse + } + return 0 +} + type AuthEnableRequest struct { } @@ -7034,6 +7043,11 @@ func (m *StatusResponse) MarshalTo(dAtA []byte) (int, error) { i += copy(dAtA[i:], s) } } + if m.DbSizeInUse != 0 { + dAtA[i] = 0x48 + i++ + i = encodeVarintRpc(dAtA, i, uint64(m.DbSizeInUse)) + } return i, nil } @@ -8906,6 +8920,9 @@ func (m *StatusResponse) Size() (n int) { n += 1 + l + sovRpc(uint64(l)) } } + if m.DbSizeInUse != 0 { + n += 1 + sovRpc(uint64(m.DbSizeInUse)) + } return n } @@ -15578,6 +15595,25 @@ func (m *StatusResponse) Unmarshal(dAtA []byte) error { } m.Errors = append(m.Errors, string(dAtA[iNdEx:postIndex])) iNdEx = postIndex + case 9: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field DbSizeInUse", wireType) + } + m.DbSizeInUse = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowRpc + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.DbSizeInUse |= (int64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } default: iNdEx = preIndex skippy, err := skipRpc(dAtA[iNdEx:]) @@ -18566,237 +18602,238 @@ var ( func init() { proto.RegisterFile("rpc.proto", fileDescriptorRpc) } var fileDescriptorRpc = []byte{ - // 3708 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x5b, 0x5b, 0x6f, 0x1b, 0x49, - 0x76, 0x56, 0x93, 0xe2, 0xed, 0xf0, 0x22, 0xba, 0x24, 0xdb, 0x34, 0x6d, 0xcb, 0x72, 0xf9, 0x26, - 0x5f, 0x46, 0xdc, 0xd5, 0x6e, 0xf2, 0xe0, 0x04, 0x8b, 0x95, 0x25, 0xae, 0xa5, 0x95, 0x2c, 0x69, - 0x5b, 0x94, 0x67, 0x02, 0x6c, 0x22, 0xb4, 0xc8, 0x92, 0xd4, 0x11, 0xd9, 0xcd, 0x74, 0x37, 0x69, - 0xc9, 0x59, 0x24, 0xc0, 0x66, 0x13, 0xe4, 0x25, 0x79, 0xc8, 0x02, 0x41, 0x92, 0xd7, 0x20, 0x58, - 0xec, 0x0f, 0x18, 0xe4, 0x2f, 0xe4, 0x2d, 0x01, 0xf2, 0x07, 0x82, 0x49, 0x5e, 0xf2, 0x0b, 0x72, - 0x79, 0x5a, 0xd4, 0xad, 0xbb, 0xfa, 0x46, 0x69, 0x86, 0x33, 0xf3, 0x22, 0x77, 0x9d, 0x3a, 0x75, - 0xce, 0xa9, 0x53, 0x75, 0xce, 0xa9, 0xfa, 0x8a, 0x86, 0x92, 0x33, 0xec, 0xae, 0x0c, 0x1d, 0xdb, - 0xb3, 0x51, 0x85, 0x78, 0xdd, 0x9e, 0x4b, 0x9c, 0x31, 0x71, 0x86, 0xc7, 0xcd, 0x85, 0x53, 0xfb, - 0xd4, 0x66, 0x1d, 0x2d, 0xfa, 0xc5, 0x79, 0x9a, 0x98, 0xf2, 0xb4, 0x4c, 0xcb, 0x23, 0x8e, 0x65, - 0xf4, 0x5b, 0x83, 0x71, 0xb7, 0xcb, 0xfe, 0x0c, 0x8f, 0x5b, 0xe7, 0x63, 0xc1, 0x73, 0x97, 0xf1, - 0x18, 0x23, 0xef, 0x8c, 0xfd, 0x19, 0x1e, 0xb3, 0x7f, 0x44, 0xe7, 0xbd, 0x53, 0xdb, 0x3e, 0xed, - 0x93, 0x96, 0x31, 0x34, 0x5b, 0x86, 0x65, 0xd9, 0x9e, 0xe1, 0x99, 0xb6, 0xe5, 0xf2, 0x5e, 0xfc, - 0xe7, 0x1a, 0xd4, 0x74, 0xe2, 0x0e, 0x6d, 0xcb, 0x25, 0x9b, 0xc4, 0xe8, 0x11, 0x07, 0xdd, 0x07, - 0xe8, 0xf6, 0x47, 0xae, 0x47, 0x9c, 0x23, 0xb3, 0xd7, 0xd0, 0x96, 0xb4, 0xe5, 0x59, 0xbd, 0x24, - 0x28, 0x5b, 0x3d, 0x74, 0x17, 0x4a, 0x03, 0x32, 0x38, 0xe6, 0xbd, 0x19, 0xd6, 0x5b, 0xe4, 0x84, - 0xad, 0x1e, 0x6a, 0x42, 0xd1, 0x21, 0x63, 0xd3, 0x35, 0x6d, 0xab, 0x91, 0x5d, 0xd2, 0x96, 0xb3, - 0xba, 0xdf, 0xa6, 0x03, 0x1d, 0xe3, 0xc4, 0x3b, 0xf2, 0x88, 0x33, 0x68, 0xcc, 0xf2, 0x81, 0x94, - 0xd0, 0x21, 0xce, 0x00, 0xff, 0x22, 0x07, 0x15, 0xdd, 0xb0, 0x4e, 0x89, 0x4e, 0xfe, 0x68, 0x44, - 0x5c, 0x0f, 0xd5, 0x21, 0x7b, 0x4e, 0x2e, 0x99, 0xfa, 0x8a, 0x4e, 0x3f, 0xf9, 0x78, 0xeb, 0x94, - 0x1c, 0x11, 0x8b, 0x2b, 0xae, 0xd0, 0xf1, 0xd6, 0x29, 0x69, 0x5b, 0x3d, 0xb4, 0x00, 0xb9, 0xbe, - 0x39, 0x30, 0x3d, 0xa1, 0x95, 0x37, 0x42, 0xe6, 0xcc, 0x46, 0xcc, 0x59, 0x07, 0x70, 0x6d, 0xc7, - 0x3b, 0xb2, 0x9d, 0x1e, 0x71, 0x1a, 0xb9, 0x25, 0x6d, 0xb9, 0xb6, 0xfa, 0x78, 0x45, 0x5d, 0x91, - 0x15, 0xd5, 0xa0, 0x95, 0x03, 0xdb, 0xf1, 0xf6, 0x28, 0xaf, 0x5e, 0x72, 0xe5, 0x27, 0xfa, 0x11, - 0x94, 0x99, 0x10, 0xcf, 0x70, 0x4e, 0x89, 0xd7, 0xc8, 0x33, 0x29, 0x4f, 0xae, 0x90, 0xd2, 0x61, - 0xcc, 0x3a, 0x53, 0xcf, 0xbf, 0x11, 0x86, 0x8a, 0x4b, 0x1c, 0xd3, 0xe8, 0x9b, 0x1f, 0x8d, 0xe3, - 0x3e, 0x69, 0x14, 0x96, 0xb4, 0xe5, 0xa2, 0x1e, 0xa2, 0xd1, 0xf9, 0x9f, 0x93, 0x4b, 0xf7, 0xc8, - 0xb6, 0xfa, 0x97, 0x8d, 0x22, 0x63, 0x28, 0x52, 0xc2, 0x9e, 0xd5, 0xbf, 0x64, 0x8b, 0x66, 0x8f, - 0x2c, 0x8f, 0xf7, 0x96, 0x58, 0x6f, 0x89, 0x51, 0x58, 0xf7, 0x32, 0xd4, 0x07, 0xa6, 0x75, 0x34, - 0xb0, 0x7b, 0x47, 0xbe, 0x43, 0x80, 0x39, 0xa4, 0x36, 0x30, 0xad, 0x77, 0x76, 0x4f, 0x97, 0x6e, - 0xa1, 0x9c, 0xc6, 0x45, 0x98, 0xb3, 0x2c, 0x38, 0x8d, 0x0b, 0x95, 0x73, 0x05, 0xe6, 0xa9, 0xcc, - 0xae, 0x43, 0x0c, 0x8f, 0x04, 0xcc, 0x15, 0xc6, 0x7c, 0x63, 0x60, 0x5a, 0xeb, 0xac, 0x27, 0xc4, - 0x6f, 0x5c, 0xc4, 0xf8, 0xab, 0x82, 0xdf, 0xb8, 0x08, 0xf3, 0xe3, 0x15, 0x28, 0xf9, 0x3e, 0x47, - 0x45, 0x98, 0xdd, 0xdd, 0xdb, 0x6d, 0xd7, 0x67, 0x10, 0x40, 0x7e, 0xed, 0x60, 0xbd, 0xbd, 0xbb, - 0x51, 0xd7, 0x50, 0x19, 0x0a, 0x1b, 0x6d, 0xde, 0xc8, 0xe0, 0x37, 0x00, 0x81, 0x77, 0x51, 0x01, - 0xb2, 0xdb, 0xed, 0xdf, 0xab, 0xcf, 0x50, 0x9e, 0xf7, 0x6d, 0xfd, 0x60, 0x6b, 0x6f, 0xb7, 0xae, - 0xd1, 0xc1, 0xeb, 0x7a, 0x7b, 0xad, 0xd3, 0xae, 0x67, 0x28, 0xc7, 0xbb, 0xbd, 0x8d, 0x7a, 0x16, - 0x95, 0x20, 0xf7, 0x7e, 0x6d, 0xe7, 0xb0, 0x5d, 0x9f, 0xc5, 0xbf, 0xd4, 0xa0, 0x2a, 0xd6, 0x8b, - 0xc7, 0x04, 0xfa, 0x3e, 0xe4, 0xcf, 0x58, 0x5c, 0xb0, 0xad, 0x58, 0x5e, 0xbd, 0x17, 0x59, 0xdc, - 0x50, 0xec, 0xe8, 0x82, 0x17, 0x61, 0xc8, 0x9e, 0x8f, 0xdd, 0x46, 0x66, 0x29, 0xbb, 0x5c, 0x5e, - 0xad, 0xaf, 0xf0, 0x80, 0x5d, 0xd9, 0x26, 0x97, 0xef, 0x8d, 0xfe, 0x88, 0xe8, 0xb4, 0x13, 0x21, - 0x98, 0x1d, 0xd8, 0x0e, 0x61, 0x3b, 0xb6, 0xa8, 0xb3, 0x6f, 0xba, 0x8d, 0xd9, 0xa2, 0x89, 0xdd, - 0xca, 0x1b, 0xf8, 0xd7, 0x1a, 0xc0, 0xfe, 0xc8, 0x4b, 0x0f, 0x8d, 0x05, 0xc8, 0x8d, 0xa9, 0x60, - 0x11, 0x16, 0xbc, 0xc1, 0x62, 0x82, 0x18, 0x2e, 0xf1, 0x63, 0x82, 0x36, 0xd0, 0x6d, 0x28, 0x0c, - 0x1d, 0x32, 0x3e, 0x3a, 0x1f, 0x33, 0x25, 0x45, 0x3d, 0x4f, 0x9b, 0xdb, 0x63, 0xf4, 0x10, 0x2a, - 0xe6, 0xa9, 0x65, 0x3b, 0xe4, 0x88, 0xcb, 0xca, 0xb1, 0xde, 0x32, 0xa7, 0x31, 0xbb, 0x15, 0x16, - 0x2e, 0x38, 0xaf, 0xb2, 0xec, 0x50, 0x12, 0xb6, 0xa0, 0xcc, 0x4c, 0x9d, 0xca, 0x7d, 0xcf, 0x03, - 0x1b, 0x33, 0x6c, 0x58, 0xdc, 0x85, 0xc2, 0x6a, 0xfc, 0x53, 0x40, 0x1b, 0xa4, 0x4f, 0x3c, 0x32, - 0x4d, 0xf6, 0x50, 0x7c, 0x92, 0x55, 0x7d, 0x82, 0xff, 0x46, 0x83, 0xf9, 0x90, 0xf8, 0xa9, 0xa6, - 0xd5, 0x80, 0x42, 0x8f, 0x09, 0xe3, 0x16, 0x64, 0x75, 0xd9, 0x44, 0x2f, 0xa1, 0x28, 0x0c, 0x70, - 0x1b, 0xd9, 0x94, 0x4d, 0x53, 0xe0, 0x36, 0xb9, 0xf8, 0xd7, 0x19, 0x28, 0x89, 0x89, 0xee, 0x0d, - 0xd1, 0x1a, 0x54, 0x1d, 0xde, 0x38, 0x62, 0xf3, 0x11, 0x16, 0x35, 0xd3, 0x93, 0xd0, 0xe6, 0x8c, - 0x5e, 0x11, 0x43, 0x18, 0x19, 0xfd, 0x0e, 0x94, 0xa5, 0x88, 0xe1, 0xc8, 0x13, 0x2e, 0x6f, 0x84, - 0x05, 0x04, 0xfb, 0x6f, 0x73, 0x46, 0x07, 0xc1, 0xbe, 0x3f, 0xf2, 0x50, 0x07, 0x16, 0xe4, 0x60, - 0x3e, 0x1b, 0x61, 0x46, 0x96, 0x49, 0x59, 0x0a, 0x4b, 0x89, 0x2f, 0xd5, 0xe6, 0x8c, 0x8e, 0xc4, - 0x78, 0xa5, 0x53, 0x35, 0xc9, 0xbb, 0xe0, 0xc9, 0x3b, 0x66, 0x52, 0xe7, 0xc2, 0x8a, 0x9b, 0xd4, - 0xb9, 0xb0, 0xde, 0x94, 0xa0, 0x20, 0x5a, 0xf8, 0x9f, 0x33, 0x00, 0x72, 0x35, 0xf6, 0x86, 0x68, - 0x03, 0x6a, 0x8e, 0x68, 0x85, 0xbc, 0x75, 0x37, 0xd1, 0x5b, 0x62, 0x11, 0x67, 0xf4, 0xaa, 0x1c, - 0xc4, 0x8d, 0xfb, 0x01, 0x54, 0x7c, 0x29, 0x81, 0xc3, 0xee, 0x24, 0x38, 0xcc, 0x97, 0x50, 0x96, - 0x03, 0xa8, 0xcb, 0x3e, 0x85, 0x9b, 0xfe, 0xf8, 0x04, 0x9f, 0x3d, 0x9c, 0xe0, 0x33, 0x5f, 0xe0, - 0xbc, 0x94, 0xa0, 0x7a, 0x4d, 0x35, 0x2c, 0x70, 0xdb, 0x9d, 0x04, 0xb7, 0xc5, 0x0d, 0xa3, 0x8e, - 0x03, 0x5a, 0x2f, 0x79, 0x13, 0xff, 0x77, 0x16, 0x0a, 0xeb, 0xf6, 0x60, 0x68, 0x38, 0x74, 0x35, - 0xf2, 0x0e, 0x71, 0x47, 0x7d, 0x8f, 0xb9, 0xab, 0xb6, 0xfa, 0x28, 0x2c, 0x51, 0xb0, 0xc9, 0x7f, - 0x75, 0xc6, 0xaa, 0x8b, 0x21, 0x74, 0xb0, 0x28, 0x8f, 0x99, 0x6b, 0x0c, 0x16, 0xc5, 0x51, 0x0c, - 0x91, 0x81, 0x9c, 0x0d, 0x02, 0xb9, 0x09, 0x85, 0x31, 0x71, 0x82, 0x92, 0xbe, 0x39, 0xa3, 0x4b, - 0x02, 0x7a, 0x0e, 0x73, 0xd1, 0xf2, 0x92, 0x13, 0x3c, 0xb5, 0x6e, 0xb8, 0x1a, 0x3d, 0x82, 0x4a, - 0xa8, 0xc6, 0xe5, 0x05, 0x5f, 0x79, 0xa0, 0x94, 0xb8, 0x5b, 0x32, 0xaf, 0xd2, 0x7a, 0x5c, 0xd9, - 0x9c, 0x91, 0x99, 0xf5, 0x96, 0xcc, 0xac, 0x45, 0x31, 0x4a, 0xe4, 0xd6, 0x50, 0x92, 0xf9, 0x61, - 0x38, 0xc9, 0xe0, 0x1f, 0x42, 0x35, 0xe4, 0x20, 0x5a, 0x77, 0xda, 0x3f, 0x39, 0x5c, 0xdb, 0xe1, - 0x45, 0xea, 0x2d, 0xab, 0x4b, 0x7a, 0x5d, 0xa3, 0xb5, 0x6e, 0xa7, 0x7d, 0x70, 0x50, 0xcf, 0xa0, - 0x2a, 0x94, 0x76, 0xf7, 0x3a, 0x47, 0x9c, 0x2b, 0x8b, 0xdf, 0xfa, 0x12, 0x44, 0x91, 0x53, 0x6a, - 0xdb, 0x8c, 0x52, 0xdb, 0x34, 0x59, 0xdb, 0x32, 0x41, 0x6d, 0x63, 0x65, 0x6e, 0xa7, 0xbd, 0x76, - 0xd0, 0xae, 0xcf, 0xbe, 0xa9, 0x41, 0x85, 0xfb, 0xf7, 0x68, 0x64, 0xd1, 0x52, 0xfb, 0x8f, 0x1a, - 0x40, 0x10, 0x4d, 0xa8, 0x05, 0x85, 0x2e, 0xd7, 0xd3, 0xd0, 0x58, 0x32, 0xba, 0x99, 0xb8, 0x64, - 0xba, 0xe4, 0x42, 0xdf, 0x85, 0x82, 0x3b, 0xea, 0x76, 0x89, 0x2b, 0x4b, 0xde, 0xed, 0x68, 0x3e, - 0x14, 0xd9, 0x4a, 0x97, 0x7c, 0x74, 0xc8, 0x89, 0x61, 0xf6, 0x47, 0xac, 0x00, 0x4e, 0x1e, 0x22, - 0xf8, 0xf0, 0xdf, 0x6b, 0x50, 0x56, 0x36, 0xef, 0x57, 0x4c, 0xc2, 0xf7, 0xa0, 0xc4, 0x6c, 0x20, - 0x3d, 0x91, 0x86, 0x8b, 0x7a, 0x40, 0x40, 0xbf, 0x0d, 0x25, 0x19, 0x01, 0x32, 0x13, 0x37, 0x92, - 0xc5, 0xee, 0x0d, 0xf5, 0x80, 0x15, 0x6f, 0xc3, 0x0d, 0xe6, 0x95, 0x2e, 0x3d, 0x5c, 0x4b, 0x3f, - 0xaa, 0xc7, 0x4f, 0x2d, 0x72, 0xfc, 0x6c, 0x42, 0x71, 0x78, 0x76, 0xe9, 0x9a, 0x5d, 0xa3, 0x2f, - 0xac, 0xf0, 0xdb, 0xf8, 0xc7, 0x80, 0x54, 0x61, 0xd3, 0x4c, 0x17, 0x57, 0xa1, 0xbc, 0x69, 0xb8, - 0x67, 0xc2, 0x24, 0xfc, 0x12, 0xaa, 0xb4, 0xb9, 0xfd, 0xfe, 0x1a, 0x36, 0xb2, 0xcb, 0x81, 0xe4, - 0x9e, 0xca, 0xe7, 0x08, 0x66, 0xcf, 0x0c, 0xf7, 0x8c, 0x4d, 0xb4, 0xaa, 0xb3, 0x6f, 0xf4, 0x1c, - 0xea, 0x5d, 0x3e, 0xc9, 0xa3, 0xc8, 0x95, 0x61, 0x4e, 0xd0, 0xfd, 0x93, 0xe0, 0x67, 0x50, 0xe1, - 0x73, 0xf8, 0xba, 0x8d, 0xc0, 0x37, 0x60, 0xee, 0xc0, 0x32, 0x86, 0xee, 0x99, 0x2d, 0xab, 0x1b, - 0x9d, 0x74, 0x3d, 0xa0, 0x4d, 0xa5, 0xf1, 0x19, 0xcc, 0x39, 0x64, 0x60, 0x98, 0x96, 0x69, 0x9d, - 0x1e, 0x1d, 0x5f, 0x7a, 0xc4, 0x15, 0x17, 0xa6, 0x9a, 0x4f, 0x7e, 0x43, 0xa9, 0xd4, 0xb4, 0xe3, - 0xbe, 0x7d, 0x2c, 0xd2, 0x1c, 0xfb, 0xc6, 0x9f, 0x6b, 0x50, 0xf9, 0xd4, 0xf0, 0xba, 0x72, 0xe9, - 0xd0, 0x16, 0xd4, 0xfc, 0xe4, 0xc6, 0x28, 0xc2, 0x96, 0x48, 0x89, 0x65, 0x63, 0xe4, 0x51, 0x5a, - 0x56, 0xc7, 0x6a, 0x57, 0x25, 0x30, 0x51, 0x86, 0xd5, 0x25, 0x7d, 0x5f, 0x54, 0x26, 0x5d, 0x14, - 0x63, 0x54, 0x45, 0xa9, 0x84, 0x37, 0x73, 0xc1, 0xf1, 0x83, 0xe7, 0x92, 0xcf, 0x33, 0x80, 0xe2, - 0x36, 0x7c, 0xd9, 0x13, 0xd9, 0x13, 0xa8, 0xb9, 0x9e, 0xe1, 0xc4, 0xf6, 0x46, 0x95, 0x51, 0xfd, - 0x04, 0xfd, 0x0c, 0xe6, 0x86, 0x8e, 0x7d, 0xea, 0x10, 0xd7, 0x3d, 0xb2, 0x6c, 0xcf, 0x3c, 0xb9, - 0x14, 0x87, 0xda, 0x9a, 0x24, 0xef, 0x32, 0x2a, 0x6a, 0x43, 0xe1, 0xc4, 0xec, 0x7b, 0xc4, 0x71, - 0x1b, 0xb9, 0xa5, 0xec, 0x72, 0x6d, 0xf5, 0xe5, 0x55, 0x5e, 0x5b, 0xf9, 0x11, 0xe3, 0xef, 0x5c, - 0x0e, 0x89, 0x2e, 0xc7, 0xaa, 0x07, 0xc5, 0x7c, 0xe8, 0xf0, 0x7c, 0x07, 0x8a, 0x1f, 0xa8, 0x08, - 0x7a, 0x29, 0x2e, 0xf0, 0xb3, 0x1d, 0x6b, 0x6f, 0xf5, 0xf0, 0x13, 0x80, 0x40, 0x14, 0xcd, 0xc2, - 0xbb, 0x7b, 0xfb, 0x87, 0x9d, 0xfa, 0x0c, 0xaa, 0x40, 0x71, 0x77, 0x6f, 0xa3, 0xbd, 0xd3, 0xa6, - 0x29, 0x1b, 0xb7, 0xa4, 0xdb, 0x54, 0xf7, 0x86, 0xe4, 0x6a, 0x61, 0xb9, 0x7f, 0x95, 0x81, 0xaa, - 0xd8, 0x20, 0x53, 0xed, 0x52, 0x55, 0x45, 0x26, 0xa4, 0x82, 0x1e, 0x58, 0xf9, 0xc6, 0xe9, 0x89, - 0x73, 0xb1, 0x6c, 0xd2, 0xb4, 0xc1, 0xf7, 0x01, 0xe9, 0x09, 0x8f, 0xfb, 0xed, 0xc4, 0xc8, 0xce, - 0x25, 0x46, 0x36, 0x7a, 0x04, 0x55, 0x7f, 0x23, 0x1a, 0xae, 0x28, 0xc3, 0x25, 0xbd, 0x22, 0xf7, - 0x18, 0xa5, 0xa1, 0x27, 0x90, 0x27, 0x63, 0x62, 0x79, 0x6e, 0xa3, 0xcc, 0x12, 0x72, 0x55, 0x1e, - 0x8d, 0xdb, 0x94, 0xaa, 0x8b, 0x4e, 0xfc, 0x5b, 0x70, 0x83, 0x5d, 0x41, 0xde, 0x3a, 0x86, 0xa5, - 0xde, 0x95, 0x3a, 0x9d, 0x1d, 0xe1, 0x3a, 0xfa, 0x89, 0x6a, 0x90, 0xd9, 0xda, 0x10, 0x13, 0xcd, - 0x6c, 0x6d, 0xe0, 0x9f, 0x6b, 0x80, 0xd4, 0x71, 0x53, 0xf9, 0x32, 0x22, 0x5c, 0xaa, 0xcf, 0x06, - 0xea, 0x17, 0x20, 0x47, 0x1c, 0xc7, 0x76, 0x98, 0xd7, 0x4a, 0x3a, 0x6f, 0xe0, 0xc7, 0xc2, 0x06, - 0x9d, 0x8c, 0xed, 0x73, 0x3f, 0x66, 0xb8, 0x34, 0xcd, 0x37, 0x75, 0x1b, 0xe6, 0x43, 0x5c, 0x53, - 0x15, 0x86, 0x67, 0x70, 0x93, 0x09, 0xdb, 0x26, 0x64, 0xb8, 0xd6, 0x37, 0xc7, 0xa9, 0x5a, 0x87, - 0x70, 0x2b, 0xca, 0xf8, 0xcd, 0xfa, 0x08, 0xff, 0xae, 0xd0, 0xd8, 0x31, 0x07, 0xa4, 0x63, 0xef, - 0xa4, 0xdb, 0x46, 0x13, 0xe7, 0x39, 0xb9, 0x74, 0x45, 0x05, 0x65, 0xdf, 0xf8, 0x9f, 0x34, 0xb8, - 0x1d, 0x1b, 0xfe, 0x0d, 0xaf, 0xea, 0x22, 0xc0, 0x29, 0xdd, 0x3e, 0xa4, 0x47, 0x3b, 0xf8, 0xe5, - 0x5d, 0xa1, 0xf8, 0x76, 0xd2, 0xdc, 0x53, 0x11, 0x76, 0x2e, 0x88, 0x35, 0x67, 0x7f, 0x5c, 0x59, - 0x7e, 0xee, 0x43, 0x99, 0x11, 0x0e, 0x3c, 0xc3, 0x1b, 0xb9, 0xb1, 0xc5, 0xf8, 0x13, 0xb1, 0x05, - 0xe4, 0xa0, 0xa9, 0xe6, 0xf5, 0x5d, 0xc8, 0xb3, 0x73, 0xab, 0x3c, 0xb5, 0x45, 0x2e, 0x0a, 0x8a, - 0x1d, 0xba, 0x60, 0xc4, 0x67, 0x90, 0x7f, 0xc7, 0xc0, 0x3e, 0xc5, 0xb2, 0x59, 0xb9, 0x14, 0x96, - 0x31, 0xe0, 0x10, 0x44, 0x49, 0x67, 0xdf, 0xec, 0x90, 0x43, 0x88, 0x73, 0xa8, 0xef, 0xf0, 0xc3, - 0x54, 0x49, 0xf7, 0xdb, 0xd4, 0x65, 0xdd, 0xbe, 0x49, 0x2c, 0x8f, 0xf5, 0xce, 0xb2, 0x5e, 0x85, - 0x82, 0x57, 0xa0, 0xce, 0x35, 0xad, 0xf5, 0x7a, 0xca, 0x61, 0xc5, 0x97, 0xa7, 0x85, 0xe5, 0xe1, - 0x5f, 0x69, 0x70, 0x43, 0x19, 0x30, 0x95, 0x63, 0x5e, 0x41, 0x9e, 0x43, 0x9a, 0xa2, 0x2e, 0x2e, - 0x84, 0x47, 0x71, 0x35, 0xba, 0xe0, 0x41, 0x2b, 0x50, 0xe0, 0x5f, 0xf2, 0xc4, 0x98, 0xcc, 0x2e, - 0x99, 0xf0, 0x13, 0x98, 0x17, 0x24, 0x32, 0xb0, 0x93, 0xf6, 0x36, 0x73, 0x28, 0xfe, 0x19, 0x2c, - 0x84, 0xd9, 0xa6, 0x9a, 0x92, 0x62, 0x64, 0xe6, 0x3a, 0x46, 0xae, 0x49, 0x23, 0x0f, 0x87, 0x3d, - 0xa5, 0x8c, 0x47, 0x57, 0x5d, 0x5d, 0x91, 0x4c, 0x64, 0x45, 0xfc, 0x09, 0x48, 0x11, 0xdf, 0xea, - 0x04, 0xe6, 0xe5, 0x76, 0xd8, 0x31, 0x5d, 0xff, 0x70, 0xf7, 0x11, 0x90, 0x4a, 0xfc, 0xb6, 0x0d, - 0xda, 0x20, 0x27, 0x8e, 0x71, 0x3a, 0x20, 0x7e, 0x7d, 0xa2, 0x47, 0x7d, 0x95, 0x38, 0x55, 0x46, - 0x6f, 0xc1, 0x8d, 0x77, 0xf6, 0x98, 0xa6, 0x06, 0x4a, 0x0d, 0x42, 0x86, 0x5f, 0xf5, 0xfc, 0x65, - 0xf3, 0xdb, 0x54, 0xb9, 0x3a, 0x60, 0x2a, 0xe5, 0xff, 0xaa, 0x41, 0x65, 0xad, 0x6f, 0x38, 0x03, - 0xa9, 0xf8, 0x07, 0x90, 0xe7, 0x17, 0x18, 0x81, 0x19, 0x3c, 0x0d, 0x8b, 0x51, 0x79, 0x79, 0x63, - 0x8d, 0x5f, 0x77, 0xc4, 0x28, 0x6a, 0xb8, 0x78, 0x56, 0xd8, 0x88, 0x3c, 0x33, 0x6c, 0xa0, 0x4f, - 0x20, 0x67, 0xd0, 0x21, 0x2c, 0x05, 0xd7, 0xa2, 0x57, 0x47, 0x26, 0x8d, 0x9d, 0xdb, 0x38, 0x17, - 0xfe, 0x3e, 0x94, 0x15, 0x0d, 0xf4, 0x72, 0xfc, 0xb6, 0x2d, 0x0e, 0x60, 0x6b, 0xeb, 0x9d, 0xad, - 0xf7, 0xfc, 0xce, 0x5c, 0x03, 0xd8, 0x68, 0xfb, 0xed, 0x0c, 0xfe, 0x4c, 0x8c, 0x12, 0xf9, 0x4e, - 0xb5, 0x47, 0x4b, 0xb3, 0x27, 0x73, 0x2d, 0x7b, 0x2e, 0xa0, 0x2a, 0xa6, 0x3f, 0x6d, 0xfa, 0x66, - 0xf2, 0x52, 0xd2, 0xb7, 0x62, 0xbc, 0x2e, 0x18, 0xf1, 0x1c, 0x54, 0x45, 0x42, 0x17, 0xfb, 0xef, - 0xaf, 0x33, 0x50, 0x93, 0x94, 0x69, 0xb1, 0x4d, 0x09, 0xcb, 0xf0, 0x0a, 0xe0, 0x83, 0x32, 0xb7, - 0x20, 0xdf, 0x3b, 0x3e, 0x30, 0x3f, 0x4a, 0x1c, 0x5a, 0xb4, 0x28, 0xbd, 0xcf, 0xf5, 0xf0, 0xc7, - 0x20, 0xd1, 0xa2, 0x17, 0x74, 0xc7, 0x38, 0xf1, 0xb6, 0xac, 0x1e, 0xb9, 0x60, 0xe7, 0xc6, 0x59, - 0x3d, 0x20, 0xb0, 0xfb, 0xaa, 0x78, 0x34, 0x62, 0x87, 0x45, 0xe5, 0x11, 0x09, 0xbd, 0x80, 0x3a, - 0xfd, 0x5e, 0x1b, 0x0e, 0xfb, 0x26, 0xe9, 0x71, 0x01, 0x05, 0xc6, 0x13, 0xa3, 0x53, 0xed, 0xec, - 0xe8, 0xe5, 0x36, 0x8a, 0x2c, 0x6d, 0x89, 0x16, 0x8d, 0xd2, 0xb5, 0x91, 0x77, 0xd6, 0xb6, 0x8c, - 0xe3, 0xbe, 0xcc, 0x7a, 0xb4, 0x54, 0x53, 0xe2, 0x86, 0xe9, 0xaa, 0xd4, 0x36, 0xcc, 0x53, 0x2a, - 0xb1, 0x3c, 0xb3, 0xab, 0xa4, 0x48, 0x59, 0x08, 0xb5, 0x48, 0x21, 0x34, 0x5c, 0xf7, 0x83, 0xed, - 0xf4, 0x84, 0x7b, 0xfc, 0x36, 0xde, 0xe0, 0xc2, 0x0f, 0xdd, 0x50, 0xa9, 0xfb, 0xb2, 0x52, 0x96, - 0x03, 0x29, 0x6f, 0x89, 0x37, 0x41, 0x0a, 0x7e, 0x09, 0x37, 0x25, 0xa7, 0xc0, 0x0e, 0x27, 0x30, - 0xef, 0xc1, 0x7d, 0xc9, 0xbc, 0x7e, 0x46, 0x2f, 0x67, 0xfb, 0x42, 0xe1, 0x57, 0xb5, 0xf3, 0x0d, - 0x34, 0x7c, 0x3b, 0xd9, 0x81, 0xdb, 0xee, 0xab, 0x06, 0x8c, 0x5c, 0xb1, 0xef, 0x4a, 0x3a, 0xfb, - 0xa6, 0x34, 0xc7, 0xee, 0xfb, 0xc7, 0x0a, 0xfa, 0x8d, 0xd7, 0xe1, 0x8e, 0x94, 0x21, 0x8e, 0xc2, - 0x61, 0x21, 0x31, 0x83, 0x92, 0x84, 0x08, 0x87, 0xd1, 0xa1, 0x93, 0xdd, 0xae, 0x72, 0x86, 0x5d, - 0xcb, 0x64, 0x6a, 0x8a, 0xcc, 0x9b, 0x7c, 0x47, 0x50, 0xc3, 0xd4, 0xaa, 0x23, 0xc8, 0x54, 0x80, - 0x4a, 0x16, 0x0b, 0x41, 0xc9, 0xb1, 0x85, 0x88, 0x89, 0xfe, 0x29, 0x2c, 0xfa, 0x46, 0x50, 0xbf, - 0xed, 0x13, 0x67, 0x60, 0xba, 0xae, 0x82, 0x36, 0x25, 0x4d, 0xfc, 0x29, 0xcc, 0x0e, 0x89, 0xc8, - 0x4b, 0xe5, 0x55, 0xb4, 0xc2, 0x9f, 0x87, 0x57, 0x94, 0xc1, 0xac, 0x1f, 0xf7, 0xe0, 0x81, 0x94, - 0xce, 0x3d, 0x9a, 0x28, 0x3e, 0x6a, 0x94, 0xbc, 0xd4, 0x73, 0xb7, 0xc6, 0x2f, 0xf5, 0x59, 0xbe, - 0xf6, 0x3e, 0x02, 0xfa, 0x63, 0xee, 0x48, 0x19, 0x5b, 0x53, 0xd5, 0x9b, 0x6d, 0xee, 0x53, 0x3f, - 0x24, 0xa7, 0x12, 0x76, 0x0c, 0x0b, 0xe1, 0x48, 0x9e, 0x2a, 0x15, 0x2e, 0x40, 0xce, 0xb3, 0xcf, - 0x89, 0x4c, 0x84, 0xbc, 0x21, 0x0d, 0xf6, 0xc3, 0x7c, 0x2a, 0x83, 0x8d, 0x40, 0x18, 0xdb, 0x92, - 0xd3, 0xda, 0x4b, 0x57, 0x53, 0x1e, 0xe0, 0x78, 0x03, 0xef, 0xc2, 0xad, 0x68, 0x9a, 0x98, 0xca, - 0xe4, 0xf7, 0x7c, 0x03, 0x27, 0x65, 0x92, 0xa9, 0xe4, 0xfe, 0x24, 0x48, 0x06, 0x4a, 0x42, 0x99, - 0x4a, 0xa4, 0x0e, 0xcd, 0xa4, 0xfc, 0xf2, 0x75, 0xec, 0x57, 0x3f, 0xdd, 0x4c, 0x25, 0xcc, 0x0d, - 0x84, 0x4d, 0xbf, 0xfc, 0x41, 0x8e, 0xc8, 0x4e, 0xcc, 0x11, 0x22, 0x48, 0x82, 0x2c, 0xf6, 0x0d, - 0x6c, 0x3a, 0xa1, 0x23, 0x48, 0xa0, 0xd3, 0xea, 0xa0, 0x35, 0xc4, 0xd7, 0xc1, 0x1a, 0x72, 0x63, - 0xab, 0x69, 0x77, 0xaa, 0xc5, 0xf8, 0x34, 0xc8, 0x9d, 0xb1, 0xcc, 0x3c, 0x95, 0xe0, 0xcf, 0x60, - 0x29, 0x3d, 0x29, 0x4f, 0x23, 0xf9, 0x45, 0x0b, 0x4a, 0xfe, 0xa1, 0x54, 0xf9, 0x69, 0x45, 0x19, - 0x0a, 0xbb, 0x7b, 0x07, 0xfb, 0x6b, 0xeb, 0x6d, 0xfe, 0xdb, 0x8a, 0xf5, 0x3d, 0x5d, 0x3f, 0xdc, - 0xef, 0xd4, 0x33, 0xab, 0xff, 0x9b, 0x85, 0xcc, 0xf6, 0x7b, 0xf4, 0xfb, 0x90, 0xe3, 0x0f, 0x8d, - 0x13, 0x5e, 0x97, 0x9b, 0x93, 0xde, 0x52, 0xf1, 0xdd, 0x9f, 0xff, 0xfb, 0x7f, 0xfd, 0x32, 0x73, - 0x13, 0xd7, 0x5b, 0xe3, 0xef, 0x1d, 0x13, 0xcf, 0x68, 0x9d, 0x8f, 0x5b, 0xac, 0x3e, 0xbc, 0xd6, - 0x5e, 0xa0, 0x43, 0xc8, 0xee, 0x8f, 0x3c, 0x94, 0xfa, 0xf2, 0xdc, 0x4c, 0x7f, 0x62, 0xc5, 0x77, - 0x98, 0xe0, 0x79, 0x5c, 0x53, 0x04, 0x0f, 0x47, 0x1e, 0x15, 0x3b, 0x82, 0xb2, 0xfa, 0x48, 0x7a, - 0xe5, 0x93, 0x74, 0xf3, 0xea, 0x07, 0x58, 0xfc, 0x90, 0xa9, 0xbb, 0x8b, 0x6f, 0x29, 0xea, 0xf8, - 0x53, 0xae, 0x3a, 0x9b, 0xce, 0x85, 0x85, 0x52, 0x1f, 0xad, 0x9b, 0xe9, 0xef, 0xb2, 0x89, 0xb3, - 0xf1, 0x2e, 0x2c, 0x2a, 0xd6, 0x12, 0xcf, 0xb2, 0x5d, 0x0f, 0x3d, 0x48, 0x78, 0x96, 0x53, 0x1f, - 0xa0, 0x9a, 0x4b, 0xe9, 0x0c, 0x42, 0xd1, 0x12, 0x53, 0xd4, 0xc4, 0x37, 0x15, 0x45, 0x5d, 0x9f, - 0xed, 0xb5, 0xf6, 0x62, 0xf5, 0x14, 0x72, 0x0c, 0x65, 0x46, 0x7f, 0x20, 0x3f, 0x9a, 0x09, 0xd0, - 0x79, 0xca, 0xe2, 0x87, 0xf0, 0x69, 0xdc, 0x60, 0xca, 0x10, 0xae, 0x4a, 0x65, 0x0c, 0x67, 0x7e, - 0xad, 0xbd, 0x58, 0xd6, 0xbe, 0xa3, 0xad, 0xfe, 0xcf, 0x2c, 0xe4, 0x18, 0xe4, 0x84, 0x6c, 0x80, - 0x00, 0x91, 0x8d, 0xce, 0x32, 0x86, 0xf1, 0x46, 0x67, 0x19, 0x07, 0x73, 0xf1, 0x22, 0x53, 0xdc, - 0xc0, 0xf3, 0x52, 0x31, 0x43, 0xb3, 0x5a, 0x0c, 0xa0, 0xa3, 0x3e, 0x1d, 0x0b, 0xd0, 0x8d, 0x87, - 0x19, 0x4a, 0x12, 0x18, 0x42, 0x66, 0xa3, 0x3b, 0x24, 0x01, 0x95, 0xc5, 0x98, 0xe9, 0xbc, 0x87, - 0x6f, 0x2b, 0x9e, 0xe5, 0x6a, 0x1d, 0xc6, 0x48, 0xf5, 0xfe, 0x99, 0x06, 0xb5, 0x30, 0xb6, 0x8a, - 0x1e, 0x25, 0x48, 0x8e, 0x42, 0xb4, 0xcd, 0xc7, 0x93, 0x99, 0xd2, 0x2c, 0xe0, 0xea, 0xcf, 0x09, - 0x19, 0x1a, 0x94, 0x51, 0x38, 0x1e, 0xfd, 0x85, 0x06, 0x73, 0x11, 0xc0, 0x14, 0x25, 0x69, 0x88, - 0xc1, 0xb1, 0xcd, 0x27, 0x57, 0x70, 0x09, 0x43, 0x9e, 0x32, 0x43, 0x96, 0xf0, 0xdd, 0x98, 0x2b, - 0x3c, 0x73, 0x40, 0x3c, 0x5b, 0x18, 0xe3, 0x2f, 0x03, 0x07, 0x37, 0x13, 0x97, 0x21, 0x04, 0x96, - 0x26, 0x2e, 0x43, 0x18, 0x19, 0x9d, 0xb0, 0x0c, 0x1c, 0xd1, 0xa4, 0x5b, 0xfc, 0xff, 0xb2, 0x50, - 0x58, 0xe7, 0x3f, 0x70, 0x44, 0x2e, 0x94, 0x7c, 0x14, 0x11, 0x2d, 0x26, 0x21, 0x3a, 0xc1, 0x6d, - 0xa1, 0xf9, 0x20, 0xb5, 0x5f, 0x68, 0x7f, 0xc2, 0xb4, 0x3f, 0xc0, 0x4d, 0xa9, 0x5d, 0xfc, 0x8e, - 0xb2, 0xc5, 0xa1, 0x83, 0x96, 0xd1, 0xeb, 0xd1, 0x89, 0xff, 0x29, 0x54, 0x54, 0xa8, 0x0f, 0x3d, - 0x4c, 0x44, 0x92, 0x54, 0xb4, 0xb0, 0x89, 0x27, 0xb1, 0x08, 0xed, 0xcb, 0x4c, 0x3b, 0xc6, 0xf7, - 0x53, 0xb4, 0x3b, 0x8c, 0x3d, 0x64, 0x00, 0x87, 0xea, 0x92, 0x0d, 0x08, 0x21, 0x81, 0xc9, 0x06, - 0x84, 0x91, 0xbe, 0x2b, 0x0d, 0x18, 0x31, 0x76, 0x6a, 0xc0, 0x07, 0x80, 0x00, 0x98, 0x43, 0x89, - 0x7e, 0x55, 0xae, 0x4e, 0xd1, 0x90, 0x8f, 0x63, 0x7a, 0xf1, 0x3d, 0x17, 0x51, 0xdd, 0x37, 0x5d, - 0x1a, 0xfa, 0xab, 0xbf, 0xca, 0x43, 0xf9, 0x9d, 0x61, 0x5a, 0x1e, 0xb1, 0x0c, 0xab, 0x4b, 0xd0, - 0x09, 0xe4, 0x58, 0x69, 0x8c, 0x66, 0x39, 0x15, 0xaf, 0x8a, 0x66, 0xb9, 0x10, 0x98, 0x83, 0x1f, - 0x33, 0xcd, 0x8b, 0xf8, 0x8e, 0xd4, 0x3c, 0x08, 0xc4, 0xb7, 0x18, 0x0e, 0x43, 0x27, 0xfc, 0x87, - 0x90, 0x17, 0x10, 0x7f, 0x44, 0x58, 0x08, 0x9f, 0x69, 0xde, 0x4b, 0xee, 0x4c, 0xdb, 0x5e, 0xaa, - 0x2a, 0x97, 0xf1, 0x52, 0x5d, 0x1f, 0x01, 0x02, 0x90, 0x31, 0xea, 0xdc, 0x18, 0x26, 0xd9, 0x5c, - 0x4a, 0x67, 0x10, 0x7a, 0x9f, 0x33, 0xbd, 0x8f, 0xf0, 0x62, 0x92, 0xde, 0x9e, 0xcf, 0x4f, 0x75, - 0x1f, 0xc3, 0xec, 0xa6, 0xe1, 0x9e, 0xa1, 0x48, 0xb1, 0x53, 0x7e, 0x93, 0xd0, 0x6c, 0x26, 0x75, - 0x09, 0x4d, 0x8f, 0x98, 0xa6, 0xfb, 0xb8, 0x91, 0xa4, 0xe9, 0xcc, 0x70, 0x69, 0xf5, 0x40, 0x67, - 0x90, 0xe7, 0x3f, 0x53, 0x88, 0xfa, 0x32, 0xf4, 0x53, 0x87, 0xa8, 0x2f, 0xc3, 0xbf, 0x6c, 0xb8, - 0x9e, 0x26, 0x0f, 0x8a, 0xf2, 0xb7, 0x01, 0xe8, 0x7e, 0x64, 0x69, 0xc2, 0xbf, 0x23, 0x68, 0x2e, - 0xa6, 0x75, 0x0b, 0x7d, 0xcf, 0x98, 0xbe, 0x87, 0xf8, 0x5e, 0xe2, 0xda, 0x09, 0xee, 0xd7, 0xda, - 0x8b, 0xef, 0x68, 0xb4, 0x4c, 0x40, 0x00, 0xd4, 0xc6, 0xa2, 0x23, 0x8a, 0xf9, 0xc6, 0xa2, 0x23, - 0x86, 0xf1, 0xe2, 0x55, 0xa6, 0xfc, 0x15, 0x7e, 0x96, 0xa4, 0xdc, 0x73, 0x0c, 0xcb, 0x3d, 0x21, - 0xce, 0x27, 0x1c, 0x90, 0x73, 0xcf, 0xcc, 0x21, 0x8d, 0x94, 0xff, 0x9f, 0x83, 0x59, 0x7a, 0x1e, - 0xa5, 0xe5, 0x39, 0xb8, 0xc6, 0x47, 0xad, 0x89, 0x81, 0x67, 0x51, 0x6b, 0xe2, 0x08, 0x40, 0xbc, - 0x3c, 0xb3, 0x9f, 0xb2, 0x13, 0xc6, 0x44, 0xbd, 0xee, 0x42, 0x59, 0xb9, 0xeb, 0xa3, 0x04, 0x81, - 0x61, 0x64, 0x2e, 0x5a, 0x17, 0x12, 0x80, 0x02, 0xfc, 0x80, 0xe9, 0xbc, 0x83, 0x17, 0x42, 0x3a, - 0x7b, 0x9c, 0x8b, 0x2a, 0xfd, 0x63, 0xa8, 0xa8, 0x98, 0x00, 0x4a, 0x90, 0x19, 0x41, 0xfe, 0xa2, - 0x29, 0x31, 0x09, 0x52, 0x88, 0x67, 0x07, 0xff, 0x67, 0xfb, 0x92, 0x95, 0x2a, 0x1f, 0x42, 0x41, - 0x00, 0x05, 0x49, 0xb3, 0x0d, 0x43, 0x85, 0x49, 0xb3, 0x8d, 0xa0, 0x0c, 0xf1, 0x63, 0x1e, 0xd3, - 0x4a, 0xef, 0x43, 0xb2, 0x04, 0x09, 0x8d, 0x6f, 0x89, 0x97, 0xa6, 0x31, 0xc0, 0xbe, 0xd2, 0x34, - 0x2a, 0x77, 0xd1, 0x49, 0x1a, 0x4f, 0x89, 0x27, 0x62, 0x49, 0xde, 0xf3, 0x50, 0x8a, 0x40, 0x35, - 0xe5, 0xe3, 0x49, 0x2c, 0x69, 0xa7, 0xf2, 0x40, 0xa9, 0xc8, 0xf7, 0xe8, 0x67, 0x00, 0x01, 0xa4, - 0x11, 0x3d, 0x6d, 0x25, 0xe2, 0xa2, 0xd1, 0xd3, 0x56, 0x32, 0x2a, 0x12, 0xcf, 0x1f, 0x81, 0x6e, - 0x7e, 0x31, 0xa0, 0xda, 0xff, 0x56, 0x03, 0x14, 0x47, 0x40, 0xd0, 0xcb, 0x64, 0x0d, 0x89, 0x88, - 0x6b, 0xf3, 0xd5, 0xf5, 0x98, 0xd3, 0x4a, 0x44, 0x60, 0x56, 0x97, 0x8d, 0x18, 0x7e, 0xa0, 0x86, - 0xfd, 0x42, 0x83, 0x6a, 0x08, 0x42, 0x41, 0x4f, 0x53, 0xd6, 0x38, 0x02, 0xda, 0x36, 0x9f, 0x5d, - 0xc9, 0x97, 0x76, 0x12, 0x53, 0x76, 0x84, 0x3c, 0x88, 0xff, 0xa5, 0x06, 0xb5, 0x30, 0xec, 0x82, - 0x52, 0xe4, 0xc7, 0x80, 0xdf, 0xe6, 0xf2, 0xd5, 0x8c, 0x57, 0x2f, 0x55, 0x70, 0x36, 0x1f, 0x42, - 0x41, 0x80, 0x35, 0x49, 0x01, 0x11, 0x86, 0x8d, 0x93, 0x02, 0x22, 0x82, 0xf4, 0xa4, 0x04, 0x84, - 0x63, 0xf7, 0x89, 0x12, 0x82, 0x02, 0xd1, 0x49, 0xd3, 0x38, 0x39, 0x04, 0x23, 0x70, 0xd0, 0x24, - 0x8d, 0x41, 0x08, 0x4a, 0x38, 0x07, 0xa5, 0x08, 0xbc, 0x22, 0x04, 0xa3, 0x68, 0x50, 0x4a, 0x08, - 0x32, 0xa5, 0x4a, 0x08, 0x06, 0xe0, 0x4b, 0x52, 0x08, 0xc6, 0x10, 0xf1, 0xa4, 0x10, 0x8c, 0xe3, - 0x37, 0x29, 0xeb, 0xca, 0x74, 0x87, 0x42, 0x70, 0x3e, 0x01, 0xab, 0x41, 0xaf, 0x52, 0x1c, 0x9a, - 0x08, 0xb6, 0x37, 0x3f, 0xb9, 0x26, 0xf7, 0xc4, 0xbd, 0xcf, 0x97, 0x42, 0xee, 0xfd, 0x7f, 0xd0, - 0x60, 0x21, 0x09, 0xeb, 0x41, 0x29, 0xba, 0x52, 0x80, 0xfa, 0xe6, 0xca, 0x75, 0xd9, 0xaf, 0xf6, - 0x9a, 0x1f, 0x0d, 0x6f, 0xea, 0xff, 0xf2, 0xc5, 0xa2, 0xf6, 0x6f, 0x5f, 0x2c, 0x6a, 0xff, 0xf1, - 0xc5, 0xa2, 0xf6, 0x77, 0xff, 0xb9, 0x38, 0x73, 0x9c, 0x67, 0xff, 0x81, 0xec, 0x7b, 0xbf, 0x09, - 0x00, 0x00, 0xff, 0xff, 0x62, 0x18, 0xc8, 0xf6, 0xd0, 0x36, 0x00, 0x00, + // 3724 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x5b, 0x4b, 0x6f, 0x1b, 0x4b, + 0x76, 0x56, 0x93, 0xe2, 0xeb, 0xf0, 0x21, 0xba, 0x24, 0xdb, 0x34, 0x6d, 0xcb, 0x72, 0xf9, 0x25, + 0x3f, 0xae, 0x38, 0xa3, 0x99, 0x64, 0xe1, 0x04, 0x83, 0x91, 0x25, 0x8e, 0xa5, 0x91, 0x2c, 0x69, + 0x5a, 0x94, 0xef, 0x0d, 0x30, 0x89, 0xd0, 0x22, 0x4b, 0x52, 0x47, 0x64, 0x37, 0xd3, 0xdd, 0xa4, + 0x25, 0x67, 0x90, 0x00, 0x93, 0x49, 0x90, 0x4d, 0x36, 0x19, 0x20, 0x48, 0xb2, 0x0d, 0x82, 0xc1, + 0xec, 0xb2, 0xb9, 0xc8, 0x5f, 0xc8, 0x2e, 0x01, 0xf2, 0x07, 0x82, 0x9b, 0x6c, 0xf2, 0x0b, 0xf2, + 0x58, 0x0d, 0xea, 0xd5, 0x5d, 0xfd, 0xa2, 0x74, 0x2f, 0xef, 0xbd, 0x1b, 0xb9, 0xeb, 0xd4, 0xa9, + 0x73, 0x4e, 0x9d, 0xaa, 0x73, 0x4e, 0xd5, 0x57, 0x34, 0x94, 0x9c, 0x61, 0x77, 0x65, 0xe8, 0xd8, + 0x9e, 0x8d, 0x2a, 0xc4, 0xeb, 0xf6, 0x5c, 0xe2, 0x8c, 0x89, 0x33, 0x3c, 0x6e, 0x2e, 0x9c, 0xda, + 0xa7, 0x36, 0xeb, 0x68, 0xd1, 0x2f, 0xce, 0xd3, 0xc4, 0x94, 0xa7, 0x65, 0x5a, 0x1e, 0x71, 0x2c, + 0xa3, 0xdf, 0x1a, 0x8c, 0xbb, 0x5d, 0xf6, 0x67, 0x78, 0xdc, 0x3a, 0x1f, 0x0b, 0x9e, 0xc7, 0x61, + 0x1e, 0x63, 0xe4, 0x9d, 0xb1, 0x3f, 0xc3, 0x63, 0xf6, 0x8f, 0xe0, 0xba, 0x77, 0x6a, 0xdb, 0xa7, + 0x7d, 0xd2, 0x32, 0x86, 0x66, 0xcb, 0xb0, 0x2c, 0xdb, 0x33, 0x3c, 0xd3, 0xb6, 0x5c, 0xde, 0x8b, + 0xff, 0x5c, 0x83, 0x9a, 0x4e, 0xdc, 0xa1, 0x6d, 0xb9, 0x64, 0x93, 0x18, 0x3d, 0xe2, 0xa0, 0xfb, + 0x00, 0xdd, 0xfe, 0xc8, 0xf5, 0x88, 0x73, 0x64, 0xf6, 0x1a, 0xda, 0x92, 0xb6, 0x3c, 0xab, 0x97, + 0x04, 0x65, 0xab, 0x87, 0xee, 0x42, 0x69, 0x40, 0x06, 0xc7, 0xbc, 0x37, 0xc3, 0x7a, 0x8b, 0x9c, + 0xb0, 0xd5, 0x43, 0x4d, 0x28, 0x3a, 0x64, 0x6c, 0xba, 0xa6, 0x6d, 0x35, 0xb2, 0x4b, 0xda, 0x72, + 0x56, 0xf7, 0xdb, 0x74, 0xa0, 0x63, 0x9c, 0x78, 0x47, 0x1e, 0x71, 0x06, 0x8d, 0x59, 0x3e, 0x90, + 0x12, 0x3a, 0xc4, 0x19, 0xe0, 0x5f, 0xe4, 0xa0, 0xa2, 0x1b, 0xd6, 0x29, 0xd1, 0xc9, 0x1f, 0x8d, + 0x88, 0xeb, 0xa1, 0x3a, 0x64, 0xcf, 0xc9, 0x25, 0x53, 0x5f, 0xd1, 0xe9, 0x27, 0x1f, 0x6f, 0x9d, + 0x92, 0x23, 0x62, 0x71, 0xc5, 0x15, 0x3a, 0xde, 0x3a, 0x25, 0x6d, 0xab, 0x87, 0x16, 0x20, 0xd7, + 0x37, 0x07, 0xa6, 0x27, 0xb4, 0xf2, 0x46, 0xc8, 0x9c, 0xd9, 0x88, 0x39, 0xeb, 0x00, 0xae, 0xed, + 0x78, 0x47, 0xb6, 0xd3, 0x23, 0x4e, 0x23, 0xb7, 0xa4, 0x2d, 0xd7, 0x56, 0x1f, 0xaf, 0xa8, 0x4b, + 0xb3, 0xa2, 0x1a, 0xb4, 0x72, 0x60, 0x3b, 0xde, 0x1e, 0xe5, 0xd5, 0x4b, 0xae, 0xfc, 0x44, 0x3f, + 0x82, 0x32, 0x13, 0xe2, 0x19, 0xce, 0x29, 0xf1, 0x1a, 0x79, 0x26, 0xe5, 0xc9, 0x15, 0x52, 0x3a, + 0x8c, 0x59, 0x67, 0xea, 0xf9, 0x37, 0xc2, 0x50, 0x71, 0x89, 0x63, 0x1a, 0x7d, 0xf3, 0xa3, 0x71, + 0xdc, 0x27, 0x8d, 0xc2, 0x92, 0xb6, 0x5c, 0xd4, 0x43, 0x34, 0x3a, 0xff, 0x73, 0x72, 0xe9, 0x1e, + 0xd9, 0x56, 0xff, 0xb2, 0x51, 0x64, 0x0c, 0x45, 0x4a, 0xd8, 0xb3, 0xfa, 0x97, 0x6c, 0xd1, 0xec, + 0x91, 0xe5, 0xf1, 0xde, 0x12, 0xeb, 0x2d, 0x31, 0x0a, 0xeb, 0x5e, 0x86, 0xfa, 0xc0, 0xb4, 0x8e, + 0x06, 0x76, 0xef, 0xc8, 0x77, 0x08, 0x30, 0x87, 0xd4, 0x06, 0xa6, 0xf5, 0xce, 0xee, 0xe9, 0xd2, + 0x2d, 0x94, 0xd3, 0xb8, 0x08, 0x73, 0x96, 0x05, 0xa7, 0x71, 0xa1, 0x72, 0xae, 0xc0, 0x3c, 0x95, + 0xd9, 0x75, 0x88, 0xe1, 0x91, 0x80, 0xb9, 0xc2, 0x98, 0x6f, 0x0c, 0x4c, 0x6b, 0x9d, 0xf5, 0x84, + 0xf8, 0x8d, 0x8b, 0x18, 0x7f, 0x55, 0xf0, 0x1b, 0x17, 0x61, 0x7e, 0xbc, 0x02, 0x25, 0xdf, 0xe7, + 0xa8, 0x08, 0xb3, 0xbb, 0x7b, 0xbb, 0xed, 0xfa, 0x0c, 0x02, 0xc8, 0xaf, 0x1d, 0xac, 0xb7, 0x77, + 0x37, 0xea, 0x1a, 0x2a, 0x43, 0x61, 0xa3, 0xcd, 0x1b, 0x19, 0xfc, 0x06, 0x20, 0xf0, 0x2e, 0x2a, + 0x40, 0x76, 0xbb, 0xfd, 0x7b, 0xf5, 0x19, 0xca, 0xf3, 0xbe, 0xad, 0x1f, 0x6c, 0xed, 0xed, 0xd6, + 0x35, 0x3a, 0x78, 0x5d, 0x6f, 0xaf, 0x75, 0xda, 0xf5, 0x0c, 0xe5, 0x78, 0xb7, 0xb7, 0x51, 0xcf, + 0xa2, 0x12, 0xe4, 0xde, 0xaf, 0xed, 0x1c, 0xb6, 0xeb, 0xb3, 0xf8, 0x97, 0x1a, 0x54, 0xc5, 0x7a, + 0xf1, 0x98, 0x40, 0xdf, 0x87, 0xfc, 0x19, 0x8b, 0x0b, 0xb6, 0x15, 0xcb, 0xab, 0xf7, 0x22, 0x8b, + 0x1b, 0x8a, 0x1d, 0x5d, 0xf0, 0x22, 0x0c, 0xd9, 0xf3, 0xb1, 0xdb, 0xc8, 0x2c, 0x65, 0x97, 0xcb, + 0xab, 0xf5, 0x15, 0x1e, 0xb9, 0x2b, 0xdb, 0xe4, 0xf2, 0xbd, 0xd1, 0x1f, 0x11, 0x9d, 0x76, 0x22, + 0x04, 0xb3, 0x03, 0xdb, 0x21, 0x6c, 0xc7, 0x16, 0x75, 0xf6, 0x4d, 0xb7, 0x31, 0x5b, 0x34, 0xb1, + 0x5b, 0x79, 0x03, 0xff, 0x5a, 0x03, 0xd8, 0x1f, 0x79, 0xe9, 0xa1, 0xb1, 0x00, 0xb9, 0x31, 0x15, + 0x2c, 0xc2, 0x82, 0x37, 0x58, 0x4c, 0x10, 0xc3, 0x25, 0x7e, 0x4c, 0xd0, 0x06, 0xba, 0x0d, 0x85, + 0xa1, 0x43, 0xc6, 0x47, 0xe7, 0x63, 0xa6, 0xa4, 0xa8, 0xe7, 0x69, 0x73, 0x7b, 0x8c, 0x1e, 0x42, + 0xc5, 0x3c, 0xb5, 0x6c, 0x87, 0x1c, 0x71, 0x59, 0x39, 0xd6, 0x5b, 0xe6, 0x34, 0x66, 0xb7, 0xc2, + 0xc2, 0x05, 0xe7, 0x55, 0x96, 0x1d, 0x4a, 0xc2, 0x16, 0x94, 0x99, 0xa9, 0x53, 0xb9, 0xef, 0x79, + 0x60, 0x63, 0x86, 0x0d, 0x8b, 0xbb, 0x50, 0x58, 0x8d, 0x7f, 0x0a, 0x68, 0x83, 0xf4, 0x89, 0x47, + 0xa6, 0xc9, 0x1e, 0x8a, 0x4f, 0xb2, 0xaa, 0x4f, 0xf0, 0x5f, 0x6b, 0x30, 0x1f, 0x12, 0x3f, 0xd5, + 0xb4, 0x1a, 0x50, 0xe8, 0x31, 0x61, 0xdc, 0x82, 0xac, 0x2e, 0x9b, 0xe8, 0x25, 0x14, 0x85, 0x01, + 0x6e, 0x23, 0x9b, 0xb2, 0x69, 0x0a, 0xdc, 0x26, 0x17, 0xff, 0x3a, 0x03, 0x25, 0x31, 0xd1, 0xbd, + 0x21, 0x5a, 0x83, 0xaa, 0xc3, 0x1b, 0x47, 0x6c, 0x3e, 0xc2, 0xa2, 0x66, 0x7a, 0x12, 0xda, 0x9c, + 0xd1, 0x2b, 0x62, 0x08, 0x23, 0xa3, 0xdf, 0x81, 0xb2, 0x14, 0x31, 0x1c, 0x79, 0xc2, 0xe5, 0x8d, + 0xb0, 0x80, 0x60, 0xff, 0x6d, 0xce, 0xe8, 0x20, 0xd8, 0xf7, 0x47, 0x1e, 0xea, 0xc0, 0x82, 0x1c, + 0xcc, 0x67, 0x23, 0xcc, 0xc8, 0x32, 0x29, 0x4b, 0x61, 0x29, 0xf1, 0xa5, 0xda, 0x9c, 0xd1, 0x91, + 0x18, 0xaf, 0x74, 0xaa, 0x26, 0x79, 0x17, 0x3c, 0x79, 0xc7, 0x4c, 0xea, 0x5c, 0x58, 0x71, 0x93, + 0x3a, 0x17, 0xd6, 0x9b, 0x12, 0x14, 0x44, 0x0b, 0xff, 0x73, 0x06, 0x40, 0xae, 0xc6, 0xde, 0x10, + 0x6d, 0x40, 0xcd, 0x11, 0xad, 0x90, 0xb7, 0xee, 0x26, 0x7a, 0x4b, 0x2c, 0xe2, 0x8c, 0x5e, 0x95, + 0x83, 0xb8, 0x71, 0x3f, 0x80, 0x8a, 0x2f, 0x25, 0x70, 0xd8, 0x9d, 0x04, 0x87, 0xf9, 0x12, 0xca, + 0x72, 0x00, 0x75, 0xd9, 0xa7, 0x70, 0xd3, 0x1f, 0x9f, 0xe0, 0xb3, 0x87, 0x13, 0x7c, 0xe6, 0x0b, + 0x9c, 0x97, 0x12, 0x54, 0xaf, 0xa9, 0x86, 0x05, 0x6e, 0xbb, 0x93, 0xe0, 0xb6, 0xb8, 0x61, 0xd4, + 0x71, 0x40, 0xeb, 0x25, 0x6f, 0xe2, 0xff, 0xce, 0x42, 0x61, 0xdd, 0x1e, 0x0c, 0x0d, 0x87, 0xae, + 0x46, 0xde, 0x21, 0xee, 0xa8, 0xef, 0x31, 0x77, 0xd5, 0x56, 0x1f, 0x85, 0x25, 0x0a, 0x36, 0xf9, + 0xaf, 0xce, 0x58, 0x75, 0x31, 0x84, 0x0e, 0x16, 0xe5, 0x31, 0x73, 0x8d, 0xc1, 0xa2, 0x38, 0x8a, + 0x21, 0x32, 0x90, 0xb3, 0x41, 0x20, 0x37, 0xa1, 0x30, 0x26, 0x4e, 0x50, 0xd2, 0x37, 0x67, 0x74, + 0x49, 0x40, 0xcf, 0x61, 0x2e, 0x5a, 0x5e, 0x72, 0x82, 0xa7, 0xd6, 0x0d, 0x57, 0xa3, 0x47, 0x50, + 0x09, 0xd5, 0xb8, 0xbc, 0xe0, 0x2b, 0x0f, 0x94, 0x12, 0x77, 0x4b, 0xe6, 0x55, 0x5a, 0x8f, 0x2b, + 0x9b, 0x33, 0x32, 0xb3, 0xde, 0x92, 0x99, 0xb5, 0x28, 0x46, 0x89, 0xdc, 0x1a, 0x4a, 0x32, 0x3f, + 0x0c, 0x27, 0x19, 0xfc, 0x43, 0xa8, 0x86, 0x1c, 0x44, 0xeb, 0x4e, 0xfb, 0x27, 0x87, 0x6b, 0x3b, + 0xbc, 0x48, 0xbd, 0x65, 0x75, 0x49, 0xaf, 0x6b, 0xb4, 0xd6, 0xed, 0xb4, 0x0f, 0x0e, 0xea, 0x19, + 0x54, 0x85, 0xd2, 0xee, 0x5e, 0xe7, 0x88, 0x73, 0x65, 0xf1, 0x5b, 0x5f, 0x82, 0x28, 0x72, 0x4a, + 0x6d, 0x9b, 0x51, 0x6a, 0x9b, 0x26, 0x6b, 0x5b, 0x26, 0xa8, 0x6d, 0xac, 0xcc, 0xed, 0xb4, 0xd7, + 0x0e, 0xda, 0xf5, 0xd9, 0x37, 0x35, 0xa8, 0x70, 0xff, 0x1e, 0x8d, 0x2c, 0x5a, 0x6a, 0xff, 0x41, + 0x03, 0x08, 0xa2, 0x09, 0xb5, 0xa0, 0xd0, 0xe5, 0x7a, 0x1a, 0x1a, 0x4b, 0x46, 0x37, 0x13, 0x97, + 0x4c, 0x97, 0x5c, 0xe8, 0xbb, 0x50, 0x70, 0x47, 0xdd, 0x2e, 0x71, 0x65, 0xc9, 0xbb, 0x1d, 0xcd, + 0x87, 0x22, 0x5b, 0xe9, 0x92, 0x8f, 0x0e, 0x39, 0x31, 0xcc, 0xfe, 0x88, 0x15, 0xc0, 0xc9, 0x43, + 0x04, 0x1f, 0xfe, 0x3b, 0x0d, 0xca, 0xca, 0xe6, 0xfd, 0x8a, 0x49, 0xf8, 0x1e, 0x94, 0x98, 0x0d, + 0xa4, 0x27, 0xd2, 0x70, 0x51, 0x0f, 0x08, 0xe8, 0xb7, 0xa1, 0x24, 0x23, 0x40, 0x66, 0xe2, 0x46, + 0xb2, 0xd8, 0xbd, 0xa1, 0x1e, 0xb0, 0xe2, 0x6d, 0xb8, 0xc1, 0xbc, 0xd2, 0xa5, 0x87, 0x6b, 0xe9, + 0x47, 0xf5, 0xf8, 0xa9, 0x45, 0x8e, 0x9f, 0x4d, 0x28, 0x0e, 0xcf, 0x2e, 0x5d, 0xb3, 0x6b, 0xf4, + 0x85, 0x15, 0x7e, 0x1b, 0xff, 0x18, 0x90, 0x2a, 0x6c, 0x9a, 0xe9, 0xe2, 0x2a, 0x94, 0x37, 0x0d, + 0xf7, 0x4c, 0x98, 0x84, 0x5f, 0x42, 0x95, 0x36, 0xb7, 0xdf, 0x5f, 0xc3, 0x46, 0x76, 0x39, 0x90, + 0xdc, 0x53, 0xf9, 0x1c, 0xc1, 0xec, 0x99, 0xe1, 0x9e, 0xb1, 0x89, 0x56, 0x75, 0xf6, 0x8d, 0x9e, + 0x43, 0xbd, 0xcb, 0x27, 0x79, 0x14, 0xb9, 0x32, 0xcc, 0x09, 0xba, 0x7f, 0x12, 0xfc, 0x0c, 0x2a, + 0x7c, 0x0e, 0x5f, 0xb7, 0x11, 0xf8, 0x06, 0xcc, 0x1d, 0x58, 0xc6, 0xd0, 0x3d, 0xb3, 0x65, 0x75, + 0xa3, 0x93, 0xae, 0x07, 0xb4, 0xa9, 0x34, 0x3e, 0x83, 0x39, 0x87, 0x0c, 0x0c, 0xd3, 0x32, 0xad, + 0xd3, 0xa3, 0xe3, 0x4b, 0x8f, 0xb8, 0xe2, 0xc2, 0x54, 0xf3, 0xc9, 0x6f, 0x28, 0x95, 0x9a, 0x76, + 0xdc, 0xb7, 0x8f, 0x45, 0x9a, 0x63, 0xdf, 0xf8, 0x73, 0x0d, 0x2a, 0x9f, 0x1a, 0x5e, 0x57, 0x2e, + 0x1d, 0xda, 0x82, 0x9a, 0x9f, 0xdc, 0x18, 0x45, 0xd8, 0x12, 0x29, 0xb1, 0x6c, 0x8c, 0x3c, 0x4a, + 0xcb, 0xea, 0x58, 0xed, 0xaa, 0x04, 0x26, 0xca, 0xb0, 0xba, 0xa4, 0xef, 0x8b, 0xca, 0xa4, 0x8b, + 0x62, 0x8c, 0xaa, 0x28, 0x95, 0xf0, 0x66, 0x2e, 0x38, 0x7e, 0xf0, 0x5c, 0xf2, 0x79, 0x06, 0x50, + 0xdc, 0x86, 0x2f, 0x7b, 0x22, 0x7b, 0x02, 0x35, 0xd7, 0x33, 0x9c, 0xd8, 0xde, 0xa8, 0x32, 0xaa, + 0x9f, 0xa0, 0x9f, 0xc1, 0xdc, 0xd0, 0xb1, 0x4f, 0x1d, 0xe2, 0xba, 0x47, 0x96, 0xed, 0x99, 0x27, + 0x97, 0xe2, 0x50, 0x5b, 0x93, 0xe4, 0x5d, 0x46, 0x45, 0x6d, 0x28, 0x9c, 0x98, 0x7d, 0x8f, 0x38, + 0x6e, 0x23, 0xb7, 0x94, 0x5d, 0xae, 0xad, 0xbe, 0xbc, 0xca, 0x6b, 0x2b, 0x3f, 0x62, 0xfc, 0x9d, + 0xcb, 0x21, 0xd1, 0xe5, 0x58, 0xf5, 0xa0, 0x98, 0x0f, 0x1d, 0x9e, 0xef, 0x40, 0xf1, 0x03, 0x15, + 0x41, 0x2f, 0xc5, 0x05, 0x7e, 0xb6, 0x63, 0xed, 0xad, 0x1e, 0x7e, 0x02, 0x10, 0x88, 0xa2, 0x59, + 0x78, 0x77, 0x6f, 0xff, 0xb0, 0x53, 0x9f, 0x41, 0x15, 0x28, 0xee, 0xee, 0x6d, 0xb4, 0x77, 0xda, + 0x34, 0x65, 0xe3, 0x96, 0x74, 0x9b, 0xea, 0xde, 0x90, 0x5c, 0x2d, 0x2c, 0xf7, 0xaf, 0x32, 0x50, + 0x15, 0x1b, 0x64, 0xaa, 0x5d, 0xaa, 0xaa, 0xc8, 0x84, 0x54, 0xd0, 0x03, 0x2b, 0xdf, 0x38, 0x3d, + 0x71, 0x2e, 0x96, 0x4d, 0x9a, 0x36, 0xf8, 0x3e, 0x20, 0x3d, 0xe1, 0x71, 0xbf, 0x9d, 0x18, 0xd9, + 0xb9, 0xc4, 0xc8, 0x46, 0x8f, 0xa0, 0xea, 0x6f, 0x44, 0xc3, 0x15, 0x65, 0xb8, 0xa4, 0x57, 0xe4, + 0x1e, 0xa3, 0x34, 0xf4, 0x04, 0xf2, 0x64, 0x4c, 0x2c, 0xcf, 0x6d, 0x94, 0x59, 0x42, 0xae, 0xca, + 0xa3, 0x71, 0x9b, 0x52, 0x75, 0xd1, 0x89, 0x7f, 0x0b, 0x6e, 0xb0, 0x2b, 0xc8, 0x5b, 0xc7, 0xb0, + 0xd4, 0xbb, 0x52, 0xa7, 0xb3, 0x23, 0x5c, 0x47, 0x3f, 0x51, 0x0d, 0x32, 0x5b, 0x1b, 0x62, 0xa2, + 0x99, 0xad, 0x0d, 0xfc, 0x73, 0x0d, 0x90, 0x3a, 0x6e, 0x2a, 0x5f, 0x46, 0x84, 0x4b, 0xf5, 0xd9, + 0x40, 0xfd, 0x02, 0xe4, 0x88, 0xe3, 0xd8, 0x0e, 0xf3, 0x5a, 0x49, 0xe7, 0x0d, 0xfc, 0x58, 0xd8, + 0xa0, 0x93, 0xb1, 0x7d, 0xee, 0xc7, 0x0c, 0x97, 0xa6, 0xf9, 0xa6, 0x6e, 0xc3, 0x7c, 0x88, 0x6b, + 0xaa, 0xc2, 0xf0, 0x0c, 0x6e, 0x32, 0x61, 0xdb, 0x84, 0x0c, 0xd7, 0xfa, 0xe6, 0x38, 0x55, 0xeb, + 0x10, 0x6e, 0x45, 0x19, 0xbf, 0x59, 0x1f, 0xe1, 0xdf, 0x15, 0x1a, 0x3b, 0xe6, 0x80, 0x74, 0xec, + 0x9d, 0x74, 0xdb, 0x68, 0xe2, 0x3c, 0x27, 0x97, 0xae, 0xa8, 0xa0, 0xec, 0x1b, 0xff, 0xa3, 0x06, + 0xb7, 0x63, 0xc3, 0xbf, 0xe1, 0x55, 0x5d, 0x04, 0x38, 0xa5, 0xdb, 0x87, 0xf4, 0x68, 0x07, 0xbf, + 0xbc, 0x2b, 0x14, 0xdf, 0x4e, 0x9a, 0x7b, 0x2a, 0xc2, 0xce, 0x05, 0xb1, 0xe6, 0xec, 0x8f, 0x2b, + 0xcb, 0xcf, 0x7d, 0x28, 0x33, 0xc2, 0x81, 0x67, 0x78, 0x23, 0x37, 0xb6, 0x18, 0x7f, 0x22, 0xb6, + 0x80, 0x1c, 0x34, 0xd5, 0xbc, 0xbe, 0x0b, 0x79, 0x76, 0x6e, 0x95, 0xa7, 0xb6, 0xc8, 0x45, 0x41, + 0xb1, 0x43, 0x17, 0x8c, 0xf8, 0x0c, 0xf2, 0xef, 0x18, 0xd8, 0xa7, 0x58, 0x36, 0x2b, 0x97, 0xc2, + 0x32, 0x06, 0x1c, 0x82, 0x28, 0xe9, 0xec, 0x9b, 0x1d, 0x72, 0x08, 0x71, 0x0e, 0xf5, 0x1d, 0x7e, + 0x98, 0x2a, 0xe9, 0x7e, 0x9b, 0xba, 0xac, 0xdb, 0x37, 0x89, 0xe5, 0xb1, 0xde, 0x59, 0xd6, 0xab, + 0x50, 0xf0, 0x0a, 0xd4, 0xb9, 0xa6, 0xb5, 0x5e, 0x4f, 0x39, 0xac, 0xf8, 0xf2, 0xb4, 0xb0, 0x3c, + 0xfc, 0x2b, 0x0d, 0x6e, 0x28, 0x03, 0xa6, 0x72, 0xcc, 0x2b, 0xc8, 0x73, 0x48, 0x53, 0xd4, 0xc5, + 0x85, 0xf0, 0x28, 0xae, 0x46, 0x17, 0x3c, 0x68, 0x05, 0x0a, 0xfc, 0x4b, 0x9e, 0x18, 0x93, 0xd9, + 0x25, 0x13, 0x7e, 0x02, 0xf3, 0x82, 0x44, 0x06, 0x76, 0xd2, 0xde, 0x66, 0x0e, 0xc5, 0x3f, 0x83, + 0x85, 0x30, 0xdb, 0x54, 0x53, 0x52, 0x8c, 0xcc, 0x5c, 0xc7, 0xc8, 0x35, 0x69, 0xe4, 0xe1, 0xb0, + 0xa7, 0x94, 0xf1, 0xe8, 0xaa, 0xab, 0x2b, 0x92, 0x89, 0xac, 0x88, 0x3f, 0x01, 0x29, 0xe2, 0x5b, + 0x9d, 0xc0, 0xbc, 0xdc, 0x0e, 0x3b, 0xa6, 0xeb, 0x1f, 0xee, 0x3e, 0x02, 0x52, 0x89, 0xdf, 0xb6, + 0x41, 0x1b, 0xe4, 0xc4, 0x31, 0x4e, 0x07, 0xc4, 0xaf, 0x4f, 0xf4, 0xa8, 0xaf, 0x12, 0xa7, 0xca, + 0xe8, 0x2d, 0xb8, 0xf1, 0xce, 0x1e, 0xd3, 0xd4, 0x40, 0xa9, 0x41, 0xc8, 0xf0, 0xab, 0x9e, 0xbf, + 0x6c, 0x7e, 0x9b, 0x2a, 0x57, 0x07, 0x4c, 0xa5, 0xfc, 0x5f, 0x35, 0xa8, 0xac, 0xf5, 0x0d, 0x67, + 0x20, 0x15, 0xff, 0x00, 0xf2, 0xfc, 0x02, 0x23, 0x30, 0x83, 0xa7, 0x61, 0x31, 0x2a, 0x2f, 0x6f, + 0xac, 0xf1, 0xeb, 0x8e, 0x18, 0x45, 0x0d, 0x17, 0xcf, 0x0a, 0x1b, 0x91, 0x67, 0x86, 0x0d, 0xf4, + 0x09, 0xe4, 0x0c, 0x3a, 0x84, 0xa5, 0xe0, 0x5a, 0xf4, 0xea, 0xc8, 0xa4, 0xb1, 0x73, 0x1b, 0xe7, + 0xc2, 0xdf, 0x87, 0xb2, 0xa2, 0x81, 0x5e, 0x8e, 0xdf, 0xb6, 0xc5, 0x01, 0x6c, 0x6d, 0xbd, 0xb3, + 0xf5, 0x9e, 0xdf, 0x99, 0x6b, 0x00, 0x1b, 0x6d, 0xbf, 0x9d, 0xc1, 0x9f, 0x89, 0x51, 0x22, 0xdf, + 0xa9, 0xf6, 0x68, 0x69, 0xf6, 0x64, 0xae, 0x65, 0xcf, 0x05, 0x54, 0xc5, 0xf4, 0xa7, 0x4d, 0xdf, + 0x4c, 0x5e, 0x4a, 0xfa, 0x56, 0x8c, 0xd7, 0x05, 0x23, 0x9e, 0x83, 0xaa, 0x48, 0xe8, 0x62, 0xff, + 0xfd, 0x53, 0x06, 0x6a, 0x92, 0x32, 0x2d, 0xb6, 0x29, 0x61, 0x19, 0x5e, 0x01, 0x7c, 0x50, 0xe6, + 0x16, 0xe4, 0x7b, 0xc7, 0x07, 0xe6, 0x47, 0x89, 0x43, 0x8b, 0x16, 0xa5, 0xf7, 0xb9, 0x1e, 0xfe, + 0x18, 0x24, 0x5a, 0xf4, 0x82, 0xee, 0x18, 0x27, 0xde, 0x96, 0xd5, 0x23, 0x17, 0xec, 0xdc, 0x38, + 0xab, 0x07, 0x04, 0x76, 0x5f, 0x15, 0x8f, 0x46, 0xec, 0xb0, 0xa8, 0x3c, 0x22, 0xa1, 0x17, 0x50, + 0xa7, 0xdf, 0x6b, 0xc3, 0x61, 0xdf, 0x24, 0x3d, 0x2e, 0xa0, 0xc0, 0x78, 0x62, 0x74, 0xaa, 0x9d, + 0x1d, 0xbd, 0xdc, 0x46, 0x91, 0xa5, 0x2d, 0xd1, 0x42, 0x4b, 0x50, 0xe6, 0xf6, 0x6d, 0x59, 0x87, + 0x2e, 0x61, 0x2f, 0x29, 0x59, 0x5d, 0x25, 0xd1, 0x38, 0x5e, 0x1b, 0x79, 0x67, 0x6d, 0xcb, 0x38, + 0xee, 0xcb, 0xbc, 0x48, 0x8b, 0x39, 0x25, 0x6e, 0x98, 0xae, 0x4a, 0x6d, 0xc3, 0x3c, 0xa5, 0x12, + 0xcb, 0x33, 0xbb, 0x4a, 0x12, 0x95, 0xa5, 0x52, 0x8b, 0x94, 0x4a, 0xc3, 0x75, 0x3f, 0xd8, 0x4e, + 0x4f, 0x38, 0xd0, 0x6f, 0xe3, 0x0d, 0x2e, 0xfc, 0xd0, 0x0d, 0x15, 0xc3, 0x2f, 0x2b, 0x65, 0x39, + 0x90, 0xf2, 0x96, 0x78, 0x13, 0xa4, 0xe0, 0x97, 0x70, 0x53, 0x72, 0x0a, 0x74, 0x71, 0x02, 0xf3, + 0x1e, 0xdc, 0x97, 0xcc, 0xeb, 0x67, 0xf4, 0xfa, 0xb6, 0x2f, 0x14, 0x7e, 0x55, 0x3b, 0xdf, 0x40, + 0xc3, 0xb7, 0x93, 0x1d, 0xc9, 0xed, 0xbe, 0x6a, 0xc0, 0xc8, 0x15, 0x3b, 0xb3, 0xa4, 0xb3, 0x6f, + 0x4a, 0x73, 0xec, 0xbe, 0x7f, 0xf0, 0xa0, 0xdf, 0x78, 0x1d, 0xee, 0x48, 0x19, 0xe2, 0xb0, 0x1c, + 0x16, 0x12, 0x33, 0x28, 0x49, 0x88, 0x70, 0x18, 0x1d, 0x3a, 0xd9, 0xed, 0x2a, 0x67, 0xd8, 0xb5, + 0x4c, 0xa6, 0xa6, 0xc8, 0xbc, 0xc9, 0x77, 0x04, 0x35, 0x4c, 0xad, 0x4b, 0x82, 0x4c, 0x05, 0xa8, + 0x64, 0xb1, 0x10, 0x94, 0x1c, 0x5b, 0x88, 0x98, 0xe8, 0x9f, 0xc2, 0xa2, 0x6f, 0x04, 0xf5, 0xdb, + 0x3e, 0x71, 0x06, 0xa6, 0xeb, 0x2a, 0x78, 0x54, 0xd2, 0xc4, 0x9f, 0xc2, 0xec, 0x90, 0x88, 0xcc, + 0x55, 0x5e, 0x45, 0x2b, 0xfc, 0x01, 0x79, 0x45, 0x19, 0xcc, 0xfa, 0x71, 0x0f, 0x1e, 0x48, 0xe9, + 0xdc, 0xa3, 0x89, 0xe2, 0xa3, 0x46, 0xc9, 0x6b, 0x3f, 0x77, 0x6b, 0xfc, 0xda, 0x9f, 0xe5, 0x6b, + 0xef, 0x63, 0xa4, 0x3f, 0xe6, 0x8e, 0x94, 0xb1, 0x35, 0x55, 0x45, 0xda, 0xe6, 0x3e, 0xf5, 0x43, + 0x72, 0x2a, 0x61, 0xc7, 0xb0, 0x10, 0x8e, 0xe4, 0xa9, 0x92, 0xe5, 0x02, 0xe4, 0x3c, 0xfb, 0x9c, + 0xc8, 0x54, 0xc9, 0x1b, 0xd2, 0x60, 0x3f, 0xcc, 0xa7, 0x32, 0xd8, 0x08, 0x84, 0xb1, 0x2d, 0x39, + 0xad, 0xbd, 0x74, 0x35, 0xe5, 0x11, 0x8f, 0x37, 0xf0, 0x2e, 0xdc, 0x8a, 0xa6, 0x89, 0xa9, 0x4c, + 0x7e, 0xcf, 0x37, 0x70, 0x52, 0x26, 0x99, 0x4a, 0xee, 0x4f, 0x82, 0x64, 0xa0, 0x24, 0x94, 0xa9, + 0x44, 0xea, 0xd0, 0x4c, 0xca, 0x2f, 0x5f, 0xc7, 0x7e, 0xf5, 0xd3, 0xcd, 0x54, 0xc2, 0xdc, 0x40, + 0xd8, 0xf4, 0xcb, 0x1f, 0xe4, 0x88, 0xec, 0xc4, 0x1c, 0x21, 0x82, 0x24, 0xc8, 0x62, 0xdf, 0xc0, + 0xa6, 0x13, 0x3a, 0x82, 0x04, 0x3a, 0xad, 0x0e, 0x5a, 0x43, 0x7c, 0x1d, 0xac, 0x21, 0x37, 0xb6, + 0x9a, 0x76, 0xa7, 0x5a, 0x8c, 0x4f, 0x83, 0xdc, 0x19, 0xcb, 0xcc, 0x53, 0x09, 0xfe, 0x0c, 0x96, + 0xd2, 0x93, 0xf2, 0x34, 0x92, 0x5f, 0xb4, 0xa0, 0xe4, 0x1f, 0x5b, 0x95, 0x1f, 0x5f, 0x94, 0xa1, + 0xb0, 0xbb, 0x77, 0xb0, 0xbf, 0xb6, 0xde, 0xe6, 0xbf, 0xbe, 0x58, 0xdf, 0xd3, 0xf5, 0xc3, 0xfd, + 0x4e, 0x3d, 0xb3, 0xfa, 0xbf, 0x59, 0xc8, 0x6c, 0xbf, 0x47, 0xbf, 0x0f, 0x39, 0xfe, 0x14, 0x39, + 0xe1, 0xfd, 0xb9, 0x39, 0xe9, 0xb5, 0x15, 0xdf, 0xfd, 0xf9, 0xbf, 0xff, 0xd7, 0x2f, 0x33, 0x37, + 0x71, 0xbd, 0x35, 0xfe, 0xde, 0x31, 0xf1, 0x8c, 0xd6, 0xf9, 0xb8, 0xc5, 0xea, 0xc3, 0x6b, 0xed, + 0x05, 0x3a, 0x84, 0xec, 0xfe, 0xc8, 0x43, 0xa9, 0x6f, 0xd3, 0xcd, 0xf4, 0x47, 0x58, 0x7c, 0x87, + 0x09, 0x9e, 0xc7, 0x35, 0x45, 0xf0, 0x70, 0xe4, 0x51, 0xb1, 0x23, 0x28, 0xab, 0xcf, 0xa8, 0x57, + 0x3e, 0x5a, 0x37, 0xaf, 0x7e, 0xa2, 0xc5, 0x0f, 0x99, 0xba, 0xbb, 0xf8, 0x96, 0xa2, 0x8e, 0x3f, + 0xf6, 0xaa, 0xb3, 0xe9, 0x5c, 0x58, 0x28, 0xf5, 0x59, 0xbb, 0x99, 0xfe, 0x72, 0x9b, 0x38, 0x1b, + 0xef, 0xc2, 0xa2, 0x62, 0x2d, 0xf1, 0x70, 0xdb, 0xf5, 0xd0, 0x83, 0x84, 0x87, 0x3b, 0xf5, 0x89, + 0xaa, 0xb9, 0x94, 0xce, 0x20, 0x14, 0x2d, 0x31, 0x45, 0x4d, 0x7c, 0x53, 0x51, 0xd4, 0xf5, 0xd9, + 0x5e, 0x6b, 0x2f, 0x56, 0x4f, 0x21, 0xc7, 0x70, 0x68, 0xf4, 0x07, 0xf2, 0xa3, 0x99, 0x00, 0xae, + 0xa7, 0x2c, 0x7e, 0x08, 0xc1, 0xc6, 0x0d, 0xa6, 0x0c, 0xe1, 0xaa, 0x54, 0xc6, 0x90, 0xe8, 0xd7, + 0xda, 0x8b, 0x65, 0xed, 0x3b, 0xda, 0xea, 0xff, 0xcc, 0x42, 0x8e, 0x81, 0x52, 0xc8, 0x06, 0x08, + 0x30, 0xdb, 0xe8, 0x2c, 0x63, 0x28, 0x70, 0x74, 0x96, 0x71, 0xb8, 0x17, 0x2f, 0x32, 0xc5, 0x0d, + 0x3c, 0x2f, 0x15, 0x33, 0xbc, 0xab, 0xc5, 0x20, 0x3c, 0xea, 0xd3, 0xb1, 0x80, 0xe5, 0x78, 0x98, + 0xa1, 0x24, 0x81, 0x21, 0xec, 0x36, 0xba, 0x43, 0x12, 0x70, 0x5b, 0x8c, 0x99, 0xce, 0x7b, 0xf8, + 0xb6, 0xe2, 0x59, 0xae, 0xd6, 0x61, 0x8c, 0x54, 0xef, 0x9f, 0x69, 0x50, 0x0b, 0xa3, 0xaf, 0xe8, + 0x51, 0x82, 0xe4, 0x28, 0x88, 0xdb, 0x7c, 0x3c, 0x99, 0x29, 0xcd, 0x02, 0xae, 0xfe, 0x9c, 0x90, + 0xa1, 0x41, 0x19, 0x85, 0xe3, 0xd1, 0x5f, 0x68, 0x30, 0x17, 0x81, 0x54, 0x51, 0x92, 0x86, 0x18, + 0x60, 0xdb, 0x7c, 0x72, 0x05, 0x97, 0x30, 0xe4, 0x29, 0x33, 0x64, 0x09, 0xdf, 0x8d, 0xb9, 0xc2, + 0x33, 0x07, 0xc4, 0xb3, 0x85, 0x31, 0xfe, 0x32, 0x70, 0xf8, 0x33, 0x71, 0x19, 0x42, 0x70, 0x6a, + 0xe2, 0x32, 0x84, 0xb1, 0xd3, 0x09, 0xcb, 0xc0, 0x31, 0x4f, 0xba, 0xc5, 0xff, 0x2f, 0x0b, 0x85, + 0x75, 0xfe, 0x13, 0x48, 0xe4, 0x42, 0xc9, 0xc7, 0x19, 0xd1, 0x62, 0x12, 0xe6, 0x13, 0xdc, 0x16, + 0x9a, 0x0f, 0x52, 0xfb, 0x85, 0xf6, 0x27, 0x4c, 0xfb, 0x03, 0xdc, 0x94, 0xda, 0xc5, 0x2f, 0x2d, + 0x5b, 0x1c, 0x5c, 0x68, 0x19, 0xbd, 0x1e, 0x9d, 0xf8, 0x9f, 0x42, 0x45, 0x05, 0x03, 0xd1, 0xc3, + 0x44, 0xac, 0x49, 0xc5, 0x13, 0x9b, 0x78, 0x12, 0x8b, 0xd0, 0xbe, 0xcc, 0xb4, 0x63, 0x7c, 0x3f, + 0x45, 0xbb, 0xc3, 0xd8, 0x43, 0x06, 0x70, 0x30, 0x2f, 0xd9, 0x80, 0x10, 0x56, 0x98, 0x6c, 0x40, + 0x18, 0x0b, 0xbc, 0xd2, 0x80, 0x11, 0x63, 0xa7, 0x06, 0x7c, 0x00, 0x08, 0xa0, 0x3b, 0x94, 0xe8, + 0x57, 0xe5, 0xea, 0x14, 0x0d, 0xf9, 0x38, 0xea, 0x17, 0xdf, 0x73, 0x11, 0xd5, 0x7d, 0xd3, 0xa5, + 0xa1, 0xbf, 0xfa, 0xab, 0x3c, 0x94, 0xdf, 0x19, 0xa6, 0xe5, 0x11, 0xcb, 0xb0, 0xba, 0x04, 0x9d, + 0x40, 0x8e, 0x95, 0xc6, 0x68, 0x96, 0x53, 0x11, 0xad, 0x68, 0x96, 0x0b, 0xc1, 0x3d, 0xf8, 0x31, + 0xd3, 0xbc, 0x88, 0xef, 0x48, 0xcd, 0x83, 0x40, 0x7c, 0x8b, 0x21, 0x35, 0x74, 0xc2, 0x7f, 0x08, + 0x79, 0xf1, 0x08, 0x10, 0x11, 0x16, 0x42, 0x70, 0x9a, 0xf7, 0x92, 0x3b, 0xd3, 0xb6, 0x97, 0xaa, + 0xca, 0x65, 0xbc, 0x54, 0xd7, 0x47, 0x80, 0x00, 0x86, 0x8c, 0x3a, 0x37, 0x86, 0x5a, 0x36, 0x97, + 0xd2, 0x19, 0x84, 0xde, 0xe7, 0x4c, 0xef, 0x23, 0xbc, 0x98, 0xa4, 0xb7, 0xe7, 0xf3, 0x53, 0xdd, + 0xc7, 0x30, 0xbb, 0x69, 0xb8, 0x67, 0x28, 0x52, 0xec, 0x94, 0x5f, 0x2d, 0x34, 0x9b, 0x49, 0x5d, + 0x42, 0xd3, 0x23, 0xa6, 0xe9, 0x3e, 0x6e, 0x24, 0x69, 0x3a, 0x33, 0x5c, 0x5a, 0x3d, 0xd0, 0x19, + 0xe4, 0xf9, 0x0f, 0x19, 0xa2, 0xbe, 0x0c, 0xfd, 0x18, 0x22, 0xea, 0xcb, 0xf0, 0x6f, 0x1f, 0xae, + 0xa7, 0xc9, 0x83, 0xa2, 0xfc, 0xf5, 0x00, 0xba, 0x1f, 0x59, 0x9a, 0xf0, 0x2f, 0x0d, 0x9a, 0x8b, + 0x69, 0xdd, 0x42, 0xdf, 0x33, 0xa6, 0xef, 0x21, 0xbe, 0x97, 0xb8, 0x76, 0x82, 0xfb, 0xb5, 0xf6, + 0xe2, 0x3b, 0x1a, 0x2d, 0x13, 0x10, 0x40, 0xb9, 0xb1, 0xe8, 0x88, 0xa2, 0xc2, 0xb1, 0xe8, 0x88, + 0xa1, 0xc0, 0x78, 0x95, 0x29, 0x7f, 0x85, 0x9f, 0x25, 0x29, 0xf7, 0x1c, 0xc3, 0x72, 0x4f, 0x88, + 0xf3, 0x09, 0x87, 0xec, 0xdc, 0x33, 0x73, 0x48, 0x23, 0xe5, 0xff, 0xe7, 0x60, 0x96, 0x9e, 0x47, + 0x69, 0x79, 0x0e, 0xae, 0xf1, 0x51, 0x6b, 0x62, 0xe0, 0x59, 0xd4, 0x9a, 0x38, 0x02, 0x10, 0x2f, + 0xcf, 0xec, 0xc7, 0xee, 0x84, 0x31, 0x51, 0xaf, 0xbb, 0x50, 0x56, 0xee, 0xfa, 0x28, 0x41, 0x60, + 0x18, 0x99, 0x8b, 0xd6, 0x85, 0x04, 0xa0, 0x00, 0x3f, 0x60, 0x3a, 0xef, 0xe0, 0x85, 0x90, 0xce, + 0x1e, 0xe7, 0xa2, 0x4a, 0xff, 0x18, 0x2a, 0x2a, 0x26, 0x80, 0x12, 0x64, 0x46, 0x90, 0xbf, 0x68, + 0x4a, 0x4c, 0x82, 0x14, 0xe2, 0xd9, 0xc1, 0xff, 0x61, 0xbf, 0x64, 0xa5, 0xca, 0x87, 0x50, 0x10, + 0x40, 0x41, 0xd2, 0x6c, 0xc3, 0x50, 0x61, 0xd2, 0x6c, 0x23, 0x28, 0x43, 0xfc, 0x98, 0xc7, 0xb4, + 0xd2, 0xfb, 0x90, 0x2c, 0x41, 0x42, 0xe3, 0x5b, 0xe2, 0xa5, 0x69, 0x0c, 0xb0, 0xaf, 0x34, 0x8d, + 0xca, 0x5d, 0x74, 0x92, 0xc6, 0x53, 0xe2, 0x89, 0x58, 0x92, 0xf7, 0x3c, 0x94, 0x22, 0x50, 0x4d, + 0xf9, 0x78, 0x12, 0x4b, 0xda, 0xa9, 0x3c, 0x50, 0x2a, 0xf2, 0x3d, 0xfa, 0x19, 0x40, 0x00, 0x69, + 0x44, 0x4f, 0x5b, 0x89, 0xb8, 0x68, 0xf4, 0xb4, 0x95, 0x8c, 0x8a, 0xc4, 0xf3, 0x47, 0xa0, 0x9b, + 0x5f, 0x0c, 0xa8, 0xf6, 0xbf, 0xd1, 0x00, 0xc5, 0x11, 0x10, 0xf4, 0x32, 0x59, 0x43, 0x22, 0xe2, + 0xda, 0x7c, 0x75, 0x3d, 0xe6, 0xb4, 0x12, 0x11, 0x98, 0xd5, 0x65, 0x23, 0x86, 0x1f, 0xa8, 0x61, + 0xbf, 0xd0, 0xa0, 0x1a, 0x82, 0x50, 0xd0, 0xd3, 0x94, 0x35, 0x8e, 0x80, 0xb6, 0xcd, 0x67, 0x57, + 0xf2, 0xa5, 0x9d, 0xc4, 0x94, 0x1d, 0x21, 0x0f, 0xe2, 0x7f, 0xa9, 0x41, 0x2d, 0x0c, 0xbb, 0xa0, + 0x14, 0xf9, 0x31, 0xe0, 0xb7, 0xb9, 0x7c, 0x35, 0xe3, 0xd5, 0x4b, 0x15, 0x9c, 0xcd, 0x87, 0x50, + 0x10, 0x60, 0x4d, 0x52, 0x40, 0x84, 0x61, 0xe3, 0xa4, 0x80, 0x88, 0x20, 0x3d, 0x29, 0x01, 0xe1, + 0xd8, 0x7d, 0xa2, 0x84, 0xa0, 0x40, 0x74, 0xd2, 0x34, 0x4e, 0x0e, 0xc1, 0x08, 0x1c, 0x34, 0x49, + 0x63, 0x10, 0x82, 0x12, 0xce, 0x41, 0x29, 0x02, 0xaf, 0x08, 0xc1, 0x28, 0x1a, 0x94, 0x12, 0x82, + 0x4c, 0xa9, 0x12, 0x82, 0x01, 0xf8, 0x92, 0x14, 0x82, 0x31, 0x44, 0x3c, 0x29, 0x04, 0xe3, 0xf8, + 0x4d, 0xca, 0xba, 0x32, 0xdd, 0xa1, 0x10, 0x9c, 0x4f, 0xc0, 0x6a, 0xd0, 0xab, 0x14, 0x87, 0x26, + 0x82, 0xed, 0xcd, 0x4f, 0xae, 0xc9, 0x3d, 0x71, 0xef, 0xf3, 0xa5, 0x90, 0x7b, 0xff, 0xef, 0x35, + 0x58, 0x48, 0xc2, 0x7a, 0x50, 0x8a, 0xae, 0x14, 0xa0, 0xbe, 0xb9, 0x72, 0x5d, 0xf6, 0xab, 0xbd, + 0xe6, 0x47, 0xc3, 0x9b, 0xfa, 0xbf, 0x7c, 0xb1, 0xa8, 0xfd, 0xdb, 0x17, 0x8b, 0xda, 0x7f, 0x7c, + 0xb1, 0xa8, 0xfd, 0xed, 0x7f, 0x2e, 0xce, 0x1c, 0xe7, 0xd9, 0x7f, 0x31, 0xfb, 0xde, 0x6f, 0x02, + 0x00, 0x00, 0xff, 0xff, 0x8e, 0x1f, 0x05, 0xf6, 0xfb, 0x36, 0x00, 0x00, } diff --git a/vendor/github.com/coreos/etcd/etcdserver/etcdserverpb/rpc.proto b/vendor/github.com/coreos/etcd/etcdserver/etcdserverpb/rpc.proto index 7302215db316..a6dcb8c88649 100644 --- a/vendor/github.com/coreos/etcd/etcdserver/etcdserverpb/rpc.proto +++ b/vendor/github.com/coreos/etcd/etcdserver/etcdserverpb/rpc.proto @@ -3,7 +3,7 @@ package etcdserverpb; import "gogoproto/gogo.proto"; import "etcd/internal/mvcc/mvccpb/kv.proto"; -import "etcd/auth/authpb/auth.proto"; +import "etcd/internal/auth/authpb/auth.proto"; // for grpc-gateway import "google/api/annotations.proto"; @@ -899,7 +899,7 @@ message StatusResponse { ResponseHeader header = 1; // version is the cluster protocol version used by the responding member. string version = 2; - // dbSize is the size of the backend database, in bytes, of the responding member. + // dbSize is the size of the backend database physically allocated, in bytes, of the responding member. int64 dbSize = 3; // leader is the member ID which the responding member believes is the current leader. uint64 leader = 4; @@ -911,6 +911,8 @@ message StatusResponse { uint64 raftAppliedIndex = 7; // errors contains alarm/health information and status. repeated string errors = 8; + // dbSizeInUse is the size of the backend database logically in use, in bytes, of the responding member. + int64 dbSizeInUse = 9; } message AuthEnableRequest { diff --git a/vendor/github.com/coreos/etcd/auth/authpb/auth.pb.go b/vendor/github.com/coreos/etcd/internal/auth/authpb/auth.pb.go similarity index 100% rename from vendor/github.com/coreos/etcd/auth/authpb/auth.pb.go rename to vendor/github.com/coreos/etcd/internal/auth/authpb/auth.pb.go diff --git a/vendor/github.com/coreos/etcd/auth/authpb/auth.proto b/vendor/github.com/coreos/etcd/internal/auth/authpb/auth.proto similarity index 100% rename from vendor/github.com/coreos/etcd/auth/authpb/auth.proto rename to vendor/github.com/coreos/etcd/internal/auth/authpb/auth.proto diff --git a/vendor/github.com/coreos/etcd/version/version.go b/vendor/github.com/coreos/etcd/internal/version/version.go similarity index 100% rename from vendor/github.com/coreos/etcd/version/version.go rename to vendor/github.com/coreos/etcd/internal/version/version.go diff --git a/vendor/github.com/coreos/etcd/pkg/logger/discard.go b/vendor/github.com/coreos/etcd/pkg/logger/discard.go new file mode 100644 index 000000000000..0ac32462efcb --- /dev/null +++ b/vendor/github.com/coreos/etcd/pkg/logger/discard.go @@ -0,0 +1,46 @@ +// Copyright 2018 The etcd Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package logger + +import ( + "log" + + "google.golang.org/grpc/grpclog" +) + +// assert that "discardLogger" satisfy "Logger" interface +var _ Logger = &discardLogger{} + +// NewDiscardLogger returns a new Logger that discards everything except "fatal". +func NewDiscardLogger() Logger { return &discardLogger{} } + +type discardLogger struct{} + +func (l *discardLogger) Info(args ...interface{}) {} +func (l *discardLogger) Infoln(args ...interface{}) {} +func (l *discardLogger) Infof(format string, args ...interface{}) {} +func (l *discardLogger) Warning(args ...interface{}) {} +func (l *discardLogger) Warningln(args ...interface{}) {} +func (l *discardLogger) Warningf(format string, args ...interface{}) {} +func (l *discardLogger) Error(args ...interface{}) {} +func (l *discardLogger) Errorln(args ...interface{}) {} +func (l *discardLogger) Errorf(format string, args ...interface{}) {} +func (l *discardLogger) Fatal(args ...interface{}) { log.Fatal(args...) } +func (l *discardLogger) Fatalln(args ...interface{}) { log.Fatalln(args...) } +func (l *discardLogger) Fatalf(format string, args ...interface{}) { log.Fatalf(format, args...) } +func (l *discardLogger) V(lvl int) bool { + return false +} +func (l *discardLogger) Lvl(lvl int) grpclog.LoggerV2 { return l } diff --git a/vendor/github.com/coreos/etcd/pkg/logger/doc.go b/vendor/github.com/coreos/etcd/pkg/logger/doc.go new file mode 100644 index 000000000000..c32ffae4cb1f --- /dev/null +++ b/vendor/github.com/coreos/etcd/pkg/logger/doc.go @@ -0,0 +1,16 @@ +// Copyright 2018 The etcd Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Package logger implements various logging utilities. +package logger diff --git a/vendor/github.com/coreos/etcd/pkg/logger/logger.go b/vendor/github.com/coreos/etcd/pkg/logger/logger.go new file mode 100644 index 000000000000..1256cec643ce --- /dev/null +++ b/vendor/github.com/coreos/etcd/pkg/logger/logger.go @@ -0,0 +1,63 @@ +// Copyright 2018 The etcd Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package logger + +import "google.golang.org/grpc/grpclog" + +// Logger defines logging interface. +type Logger interface { + grpclog.LoggerV2 + + // Lvl returns logger if logger's verbosity level >= "lvl". + // Otherwise, logger that discards everything. + Lvl(lvl int) grpclog.LoggerV2 +} + +// assert that "defaultLogger" satisfy "Logger" interface +var _ Logger = &defaultLogger{} + +// New wraps "grpclog.LoggerV2" that implements "Logger" interface. +// +// For example: +// +// var defaultLogger Logger +// g := grpclog.NewLoggerV2WithVerbosity(os.Stderr, os.Stderr, os.Stderr, 4) +// defaultLogger = New(g) +// +func New(g grpclog.LoggerV2) Logger { return &defaultLogger{g: g} } + +type defaultLogger struct { + g grpclog.LoggerV2 +} + +func (l *defaultLogger) Info(args ...interface{}) { l.g.Info(args...) } +func (l *defaultLogger) Infoln(args ...interface{}) { l.g.Info(args...) } +func (l *defaultLogger) Infof(format string, args ...interface{}) { l.g.Infof(format, args...) } +func (l *defaultLogger) Warning(args ...interface{}) { l.g.Warning(args...) } +func (l *defaultLogger) Warningln(args ...interface{}) { l.g.Warning(args...) } +func (l *defaultLogger) Warningf(format string, args ...interface{}) { l.g.Warningf(format, args...) } +func (l *defaultLogger) Error(args ...interface{}) { l.g.Error(args...) } +func (l *defaultLogger) Errorln(args ...interface{}) { l.g.Error(args...) } +func (l *defaultLogger) Errorf(format string, args ...interface{}) { l.g.Errorf(format, args...) } +func (l *defaultLogger) Fatal(args ...interface{}) { l.g.Fatal(args...) } +func (l *defaultLogger) Fatalln(args ...interface{}) { l.g.Fatal(args...) } +func (l *defaultLogger) Fatalf(format string, args ...interface{}) { l.g.Fatalf(format, args...) } +func (l *defaultLogger) V(lvl int) bool { return l.g.V(lvl) } +func (l *defaultLogger) Lvl(lvl int) grpclog.LoggerV2 { + if l.g.V(lvl) { + return l + } + return &discardLogger{} +} diff --git a/vendor/github.com/coreos/etcd/pkg/logger/package_logger.go b/vendor/github.com/coreos/etcd/pkg/logger/package_logger.go new file mode 100644 index 000000000000..576f31d2fb94 --- /dev/null +++ b/vendor/github.com/coreos/etcd/pkg/logger/package_logger.go @@ -0,0 +1,60 @@ +// Copyright 2018 The etcd Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package logger + +import ( + "github.com/coreos/pkg/capnslog" + "google.golang.org/grpc/grpclog" +) + +// assert that "packageLogger" satisfy "Logger" interface +var _ Logger = &packageLogger{} + +// NewPackageLogger wraps "*capnslog.PackageLogger" that implements "Logger" interface. +// +// For example: +// +// var defaultLogger Logger +// defaultLogger = NewPackageLogger("github.com/coreos/etcd", "snapshot") +// +func NewPackageLogger(repo, pkg string) Logger { + return &packageLogger{p: capnslog.NewPackageLogger(repo, pkg)} +} + +type packageLogger struct { + p *capnslog.PackageLogger +} + +func (l *packageLogger) Info(args ...interface{}) { l.p.Info(args...) } +func (l *packageLogger) Infoln(args ...interface{}) { l.p.Info(args...) } +func (l *packageLogger) Infof(format string, args ...interface{}) { l.p.Infof(format, args...) } +func (l *packageLogger) Warning(args ...interface{}) { l.p.Warning(args...) } +func (l *packageLogger) Warningln(args ...interface{}) { l.p.Warning(args...) } +func (l *packageLogger) Warningf(format string, args ...interface{}) { l.p.Warningf(format, args...) } +func (l *packageLogger) Error(args ...interface{}) { l.p.Error(args...) } +func (l *packageLogger) Errorln(args ...interface{}) { l.p.Error(args...) } +func (l *packageLogger) Errorf(format string, args ...interface{}) { l.p.Errorf(format, args...) } +func (l *packageLogger) Fatal(args ...interface{}) { l.p.Fatal(args...) } +func (l *packageLogger) Fatalln(args ...interface{}) { l.p.Fatal(args...) } +func (l *packageLogger) Fatalf(format string, args ...interface{}) { l.p.Fatalf(format, args...) } +func (l *packageLogger) V(lvl int) bool { + return l.p.LevelAt(capnslog.LogLevel(lvl)) +} +func (l *packageLogger) Lvl(lvl int) grpclog.LoggerV2 { + if l.p.LevelAt(capnslog.LogLevel(lvl)) { + return l + } + return &discardLogger{} +} diff --git a/vendor/github.com/coreos/etcd/pkg/transport/proxy.go b/vendor/github.com/coreos/etcd/pkg/transport/proxy.go new file mode 100644 index 000000000000..8af76d46b219 --- /dev/null +++ b/vendor/github.com/coreos/etcd/pkg/transport/proxy.go @@ -0,0 +1,801 @@ +// Copyright 2018 The etcd Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package transport + +import ( + "fmt" + "io" + mrand "math/rand" + "net" + "net/http" + "net/url" + "os" + "strings" + "sync" + "time" + + humanize "github.com/dustin/go-humanize" + "google.golang.org/grpc/grpclog" +) + +// Proxy defines proxy layer that simulates common network faults, +// such as latency spikes, packet drop/corruption, etc.. +type Proxy interface { + // From returns proxy source address in "scheme://host:port" format. + From() string + // To returns proxy destination address in "scheme://host:port" format. + To() string + + // Ready returns when proxy is ready to serve. + Ready() <-chan struct{} + // Done returns when proxy has been closed. + Done() <-chan struct{} + // Error sends errors while serving proxy. + Error() <-chan error + // Close closes listener and transport. + Close() error + + // DelayAccept adds latency ± random variable to accepting new incoming connections. + DelayAccept(latency, rv time.Duration) + // UndelayAccept removes sending latencies. + UndelayAccept() + // LatencyAccept returns current latency on accepting new incoming connections. + LatencyAccept() time.Duration + // DelayTx adds latency ± random variable to "sending" layer. + DelayTx(latency, rv time.Duration) + // UndelayTx removes sending latencies. + UndelayTx() + // LatencyTx returns current send latency. + LatencyTx() time.Duration + // DelayRx adds latency ± random variable to "receiving" layer. + DelayRx(latency, rv time.Duration) + // UndelayRx removes "receiving" latencies. + UndelayRx() + // LatencyRx returns current receive latency. + LatencyRx() time.Duration + + // PauseAccept stops accepting new connections. + PauseAccept() + // UnpauseAccept removes pause operation on accepting new connections. + UnpauseAccept() + // PauseTx stops "forwarding" packets. + PauseTx() + // UnpauseTx removes "forwarding" pause operation. + UnpauseTx() + // PauseRx stops "receiving" packets to client. + PauseRx() + // UnpauseRx removes "receiving" pause operation. + UnpauseRx() + + // BlackholeTx drops all incoming packets before "forwarding". + BlackholeTx() + // UnblackholeTx removes blackhole operation on "sending". + UnblackholeTx() + // BlackholeRx drops all incoming packets to client. + BlackholeRx() + // UnblackholeRx removes blackhole operation on "receiving". + UnblackholeRx() + + // CorruptTx corrupts incoming packets from the listener. + CorruptTx(f func(data []byte) []byte) + // UncorruptTx removes corrupt operation on "forwarding". + UncorruptTx() + // CorruptRx corrupts incoming packets to client. + CorruptRx(f func(data []byte) []byte) + // UncorruptRx removes corrupt operation on "receiving". + UncorruptRx() + + // ResetListener closes and restarts listener. + ResetListener() error +} + +type proxy struct { + from, to url.URL + tlsInfo TLSInfo + dialTimeout time.Duration + bufferSize int + retryInterval time.Duration + logger grpclog.LoggerV2 + + readyc chan struct{} + donec chan struct{} + errc chan error + + closeOnce sync.Once + closeWg sync.WaitGroup + + listenerMu sync.RWMutex + listener net.Listener + + latencyAcceptMu sync.RWMutex + latencyAccept time.Duration + latencyTxMu sync.RWMutex + latencyTx time.Duration + latencyRxMu sync.RWMutex + latencyRx time.Duration + + corruptTxMu sync.RWMutex + corruptTx func(data []byte) []byte + corruptRxMu sync.RWMutex + corruptRx func(data []byte) []byte + + acceptMu sync.Mutex + pauseAcceptc chan struct{} + txMu sync.Mutex + pauseTxc chan struct{} + blackholeTxc chan struct{} + rxMu sync.Mutex + pauseRxc chan struct{} + blackholeRxc chan struct{} +} + +// ProxyConfig defines proxy configuration. +type ProxyConfig struct { + From url.URL + To url.URL + TLSInfo TLSInfo + DialTimeout time.Duration + BufferSize int + RetryInterval time.Duration + Logger grpclog.LoggerV2 +} + +var ( + defaultDialTimeout = 3 * time.Second + defaultBufferSize = 48 * 1024 + defaultRetryInterval = 10 * time.Millisecond + defaultLogger = grpclog.NewLoggerV2WithVerbosity(os.Stderr, os.Stderr, os.Stderr, 0) +) + +// NewProxy returns a proxy implementation with no iptables/tc dependencies. +// The proxy layer overhead is <1ms. +func NewProxy(cfg ProxyConfig) Proxy { + p := &proxy{ + from: cfg.From, + to: cfg.To, + tlsInfo: cfg.TLSInfo, + dialTimeout: cfg.DialTimeout, + bufferSize: cfg.BufferSize, + retryInterval: cfg.RetryInterval, + logger: cfg.Logger, + + readyc: make(chan struct{}), + donec: make(chan struct{}), + errc: make(chan error, 16), + + pauseAcceptc: make(chan struct{}), + pauseTxc: make(chan struct{}), + blackholeTxc: make(chan struct{}), + pauseRxc: make(chan struct{}), + blackholeRxc: make(chan struct{}), + } + if p.dialTimeout == 0 { + p.dialTimeout = defaultDialTimeout + } + if p.bufferSize == 0 { + p.bufferSize = defaultBufferSize + } + if p.retryInterval == 0 { + p.retryInterval = defaultRetryInterval + } + if p.logger == nil { + p.logger = defaultLogger + } + close(p.pauseAcceptc) + close(p.pauseTxc) + close(p.pauseRxc) + + if strings.HasPrefix(p.from.Scheme, "http") { + p.from.Scheme = "tcp" + } + if strings.HasPrefix(p.to.Scheme, "http") { + p.to.Scheme = "tcp" + } + + var ln net.Listener + var err error + if !p.tlsInfo.Empty() { + ln, err = NewListener(p.from.Host, p.from.Scheme, &p.tlsInfo) + } else { + ln, err = net.Listen(p.from.Scheme, p.from.Host) + } + if err != nil { + p.errc <- err + p.Close() + return p + } + p.listener = ln + + p.closeWg.Add(1) + go p.listenAndServe() + p.logger.Infof("started proxying [%s -> %s]", p.From(), p.To()) + return p +} + +func (p *proxy) From() string { + return fmt.Sprintf("%s://%s", p.from.Scheme, p.from.Host) +} + +func (p *proxy) To() string { + return fmt.Sprintf("%s://%s", p.to.Scheme, p.to.Host) +} + +// TODO: implement packet reordering from multiple TCP connections +// buffer packets per connection for awhile, reorder before transmit +// - https://github.com/coreos/etcd/issues/5614 +// - https://github.com/coreos/etcd/pull/6918#issuecomment-264093034 + +func (p *proxy) listenAndServe() { + defer p.closeWg.Done() + + p.logger.Infof("listen %q", p.From()) + close(p.readyc) + + for { + p.acceptMu.Lock() + pausec := p.pauseAcceptc + p.acceptMu.Unlock() + select { + case <-pausec: + case <-p.donec: + return + } + + p.latencyAcceptMu.RLock() + lat := p.latencyAccept + p.latencyAcceptMu.RUnlock() + if lat > 0 { + select { + case <-time.After(lat): + case <-p.donec: + return + } + } + + p.listenerMu.RLock() + ln := p.listener + p.listenerMu.RUnlock() + + in, err := ln.Accept() + if err != nil { + select { + case p.errc <- err: + select { + case <-p.donec: + return + default: + } + case <-p.donec: + return + } + if p.logger.V(5) { + p.logger.Errorf("listener accept error %q", err.Error()) + } + + if strings.HasSuffix(err.Error(), "use of closed network connection") { + select { + case <-time.After(p.retryInterval): + case <-p.donec: + return + } + if p.logger.V(5) { + p.logger.Errorf("listener is closed; retry listen %q", p.From()) + } + + if err = p.ResetListener(); err != nil { + select { + case p.errc <- err: + select { + case <-p.donec: + return + default: + } + case <-p.donec: + return + } + p.logger.Errorf("failed to reset listener %q", err.Error()) + } + } + + continue + } + + var out net.Conn + if !p.tlsInfo.Empty() { + var tp *http.Transport + tp, err = NewTransport(p.tlsInfo, p.dialTimeout) + if err != nil { + select { + case p.errc <- err: + select { + case <-p.donec: + return + default: + } + case <-p.donec: + return + } + continue + } + out, err = tp.Dial(p.to.Scheme, p.to.Host) + } else { + out, err = net.Dial(p.to.Scheme, p.to.Host) + } + if err != nil { + select { + case p.errc <- err: + select { + case <-p.donec: + return + default: + } + case <-p.donec: + return + } + if p.logger.V(5) { + p.logger.Errorf("dial error %q", err.Error()) + } + continue + } + + go func() { + // read incoming bytes from listener, dispatch to outgoing connection + p.transmit(out, in) + out.Close() + in.Close() + }() + go func() { + // read response from outgoing connection, write back to listener + p.receive(in, out) + in.Close() + out.Close() + }() + } +} + +func (p *proxy) transmit(dst io.Writer, src io.Reader) { p.ioCopy(dst, src, true) } +func (p *proxy) receive(dst io.Writer, src io.Reader) { p.ioCopy(dst, src, false) } +func (p *proxy) ioCopy(dst io.Writer, src io.Reader, proxySend bool) { + buf := make([]byte, p.bufferSize) + for { + nr, err := src.Read(buf) + if err != nil { + if err == io.EOF { + return + } + // connection already closed + if strings.HasSuffix(err.Error(), "read: connection reset by peer") { + return + } + if strings.HasSuffix(err.Error(), "use of closed network connection") { + return + } + select { + case p.errc <- err: + select { + case <-p.donec: + return + default: + } + case <-p.donec: + return + } + if p.logger.V(5) { + p.logger.Errorf("read error %q", err.Error()) + } + return + } + if nr == 0 { + return + } + data := buf[:nr] + + var pausec chan struct{} + var blackholec chan struct{} + if proxySend { + p.txMu.Lock() + pausec = p.pauseTxc + blackholec = p.blackholeTxc + p.txMu.Unlock() + } else { + p.rxMu.Lock() + pausec = p.pauseRxc + blackholec = p.blackholeRxc + p.rxMu.Unlock() + } + select { + case <-pausec: + case <-p.donec: + return + } + blackholed := false + select { + case <-blackholec: + blackholed = true + case <-p.donec: + return + default: + } + if blackholed { + if p.logger.V(5) { + if proxySend { + p.logger.Infof("dropped %s [%s -> %s]", humanize.Bytes(uint64(nr)), p.From(), p.To()) + } else { + p.logger.Infof("dropped %s [%s <- %s]", humanize.Bytes(uint64(nr)), p.From(), p.To()) + } + } + continue + } + + var lat time.Duration + if proxySend { + p.latencyTxMu.RLock() + lat = p.latencyTx + p.latencyTxMu.RUnlock() + } else { + p.latencyRxMu.RLock() + lat = p.latencyRx + p.latencyRxMu.RUnlock() + } + if lat > 0 { + select { + case <-time.After(lat): + case <-p.donec: + return + } + } + + if proxySend { + p.corruptTxMu.RLock() + if p.corruptTx != nil { + data = p.corruptTx(data) + } + p.corruptTxMu.RUnlock() + } else { + p.corruptRxMu.RLock() + if p.corruptRx != nil { + data = p.corruptRx(data) + } + p.corruptRxMu.RUnlock() + } + + var nw int + nw, err = dst.Write(data) + if err != nil { + if err == io.EOF { + return + } + select { + case p.errc <- err: + select { + case <-p.donec: + return + default: + } + case <-p.donec: + return + } + if p.logger.V(5) { + if proxySend { + p.logger.Errorf("write error while sending (%q)", err.Error()) + } else { + p.logger.Errorf("write error while receiving (%q)", err.Error()) + } + } + return + } + + if nr != nw { + select { + case p.errc <- io.ErrShortWrite: + select { + case <-p.donec: + return + default: + } + case <-p.donec: + return + } + if proxySend { + p.logger.Errorf("write error while sending (%q); read %d bytes != wrote %d bytes", io.ErrShortWrite.Error(), nr, nw) + } else { + p.logger.Errorf("write error while receiving (%q); read %d bytes != wrote %d bytes", io.ErrShortWrite.Error(), nr, nw) + } + return + } + + if p.logger.V(5) { + if proxySend { + p.logger.Infof("transmitted %s [%s -> %s]", humanize.Bytes(uint64(nr)), p.From(), p.To()) + } else { + p.logger.Infof("received %s [%s <- %s]", humanize.Bytes(uint64(nr)), p.From(), p.To()) + } + } + } +} + +func (p *proxy) Ready() <-chan struct{} { return p.readyc } +func (p *proxy) Done() <-chan struct{} { return p.donec } +func (p *proxy) Error() <-chan error { return p.errc } +func (p *proxy) Close() (err error) { + p.closeOnce.Do(func() { + close(p.donec) + p.listenerMu.Lock() + if p.listener != nil { + err = p.listener.Close() + p.logger.Infof("closed proxy listener on %q", p.From()) + } + p.listenerMu.Unlock() + }) + p.closeWg.Wait() + return err +} + +func (p *proxy) DelayAccept(latency, rv time.Duration) { + if latency <= 0 { + return + } + d := computeLatency(latency, rv) + p.latencyAcceptMu.Lock() + p.latencyAccept = d + p.latencyAcceptMu.Unlock() + p.logger.Infof("set accept latency %v(%v±%v) [%s -> %s]", d, latency, rv, p.From(), p.To()) +} + +func (p *proxy) UndelayAccept() { + p.latencyAcceptMu.Lock() + d := p.latencyAccept + p.latencyAccept = 0 + p.latencyAcceptMu.Unlock() + p.logger.Infof("removed accept latency %v [%s -> %s]", d, p.From(), p.To()) +} + +func (p *proxy) LatencyAccept() time.Duration { + p.latencyAcceptMu.RLock() + d := p.latencyAccept + p.latencyAcceptMu.RUnlock() + return d +} + +func (p *proxy) DelayTx(latency, rv time.Duration) { + if latency <= 0 { + return + } + d := computeLatency(latency, rv) + p.latencyTxMu.Lock() + p.latencyTx = d + p.latencyTxMu.Unlock() + p.logger.Infof("set transmit latency %v(%v±%v) [%s -> %s]", d, latency, rv, p.From(), p.To()) +} + +func (p *proxy) UndelayTx() { + p.latencyTxMu.Lock() + d := p.latencyTx + p.latencyTx = 0 + p.latencyTxMu.Unlock() + p.logger.Infof("removed transmit latency %v [%s -> %s]", d, p.From(), p.To()) +} + +func (p *proxy) LatencyTx() time.Duration { + p.latencyTxMu.RLock() + d := p.latencyTx + p.latencyTxMu.RUnlock() + return d +} + +func (p *proxy) DelayRx(latency, rv time.Duration) { + if latency <= 0 { + return + } + d := computeLatency(latency, rv) + p.latencyRxMu.Lock() + p.latencyRx = d + p.latencyRxMu.Unlock() + p.logger.Infof("set receive latency %v(%v±%v) [%s <- %s]", d, latency, rv, p.From(), p.To()) +} + +func (p *proxy) UndelayRx() { + p.latencyRxMu.Lock() + d := p.latencyRx + p.latencyRx = 0 + p.latencyRxMu.Unlock() + p.logger.Infof("removed receive latency %v [%s <- %s]", d, p.From(), p.To()) +} + +func (p *proxy) LatencyRx() time.Duration { + p.latencyRxMu.RLock() + d := p.latencyRx + p.latencyRxMu.RUnlock() + return d +} + +func computeLatency(lat, rv time.Duration) time.Duration { + if rv == 0 { + return lat + } + if rv < 0 { + rv *= -1 + } + if rv > lat { + rv = lat / 10 + } + now := time.Now() + mrand.Seed(int64(now.Nanosecond())) + sign := 1 + if now.Second()%2 == 0 { + sign = -1 + } + return lat + time.Duration(int64(sign)*mrand.Int63n(rv.Nanoseconds())) +} + +func (p *proxy) PauseAccept() { + p.acceptMu.Lock() + p.pauseAcceptc = make(chan struct{}) + p.acceptMu.Unlock() + p.logger.Infof("paused accepting new connections [%s -> %s]", p.From(), p.To()) +} + +func (p *proxy) UnpauseAccept() { + p.acceptMu.Lock() + select { + case <-p.pauseAcceptc: // already unpaused + case <-p.donec: + p.acceptMu.Unlock() + return + default: + close(p.pauseAcceptc) + } + p.acceptMu.Unlock() + p.logger.Infof("unpaused accepting new connections [%s -> %s]", p.From(), p.To()) +} + +func (p *proxy) PauseTx() { + p.txMu.Lock() + p.pauseTxc = make(chan struct{}) + p.txMu.Unlock() + p.logger.Infof("paused transmit listen [%s -> %s]", p.From(), p.To()) +} + +func (p *proxy) UnpauseTx() { + p.txMu.Lock() + select { + case <-p.pauseTxc: // already unpaused + case <-p.donec: + p.txMu.Unlock() + return + default: + close(p.pauseTxc) + } + p.txMu.Unlock() + p.logger.Infof("unpaused transmit listen [%s -> %s]", p.From(), p.To()) +} + +func (p *proxy) PauseRx() { + p.rxMu.Lock() + p.pauseRxc = make(chan struct{}) + p.rxMu.Unlock() + p.logger.Infof("paused receive listen [%s <- %s]", p.From(), p.To()) +} + +func (p *proxy) UnpauseRx() { + p.rxMu.Lock() + select { + case <-p.pauseRxc: // already unpaused + case <-p.donec: + p.rxMu.Unlock() + return + default: + close(p.pauseRxc) + } + p.rxMu.Unlock() + p.logger.Infof("unpaused receive listen [%s <- %s]", p.From(), p.To()) +} + +func (p *proxy) BlackholeTx() { + p.txMu.Lock() + select { + case <-p.blackholeTxc: // already blackholed + case <-p.donec: + p.txMu.Unlock() + return + default: + close(p.blackholeTxc) + } + p.txMu.Unlock() + p.logger.Infof("blackholed transmit [%s -> %s]", p.From(), p.To()) +} + +func (p *proxy) UnblackholeTx() { + p.txMu.Lock() + p.blackholeTxc = make(chan struct{}) + p.txMu.Unlock() + p.logger.Infof("unblackholed transmit [%s -> %s]", p.From(), p.To()) +} + +func (p *proxy) BlackholeRx() { + p.rxMu.Lock() + select { + case <-p.blackholeRxc: // already blackholed + case <-p.donec: + p.rxMu.Unlock() + return + default: + close(p.blackholeRxc) + } + p.rxMu.Unlock() + p.logger.Infof("blackholed receive [%s <- %s]", p.From(), p.To()) +} + +func (p *proxy) UnblackholeRx() { + p.rxMu.Lock() + p.blackholeRxc = make(chan struct{}) + p.rxMu.Unlock() + p.logger.Infof("unblackholed receive [%s <- %s]", p.From(), p.To()) +} + +func (p *proxy) CorruptTx(f func([]byte) []byte) { + p.corruptTxMu.Lock() + p.corruptTx = f + p.corruptTxMu.Unlock() + p.logger.Infof("corrupting transmit [%s -> %s]", p.From(), p.To()) +} + +func (p *proxy) UncorruptTx() { + p.corruptTxMu.Lock() + p.corruptTx = nil + p.corruptTxMu.Unlock() + p.logger.Infof("stopped corrupting transmit [%s -> %s]", p.From(), p.To()) +} + +func (p *proxy) CorruptRx(f func([]byte) []byte) { + p.corruptRxMu.Lock() + p.corruptRx = f + p.corruptRxMu.Unlock() + p.logger.Infof("corrupting receive [%s <- %s]", p.From(), p.To()) +} + +func (p *proxy) UncorruptRx() { + p.corruptRxMu.Lock() + p.corruptRx = nil + p.corruptRxMu.Unlock() + p.logger.Infof("stopped corrupting receive [%s <- %s]", p.From(), p.To()) +} + +func (p *proxy) ResetListener() error { + p.listenerMu.Lock() + defer p.listenerMu.Unlock() + + if err := p.listener.Close(); err != nil { + // already closed + if !strings.HasSuffix(err.Error(), "use of closed network connection") { + return err + } + } + + var ln net.Listener + var err error + if !p.tlsInfo.Empty() { + ln, err = NewListener(p.from.Host, p.from.Scheme, &p.tlsInfo) + } else { + ln, err = net.Listen(p.from.Scheme, p.from.Host) + } + if err != nil { + return err + } + p.listener = ln + + p.logger.Infof("reset listener %q", p.From()) + return nil +} diff --git a/vendor/github.com/coreos/go-systemd/LICENSE b/vendor/github.com/coreos/go-systemd/LICENSE new file mode 100644 index 000000000000..37ec93a14fdc --- /dev/null +++ b/vendor/github.com/coreos/go-systemd/LICENSE @@ -0,0 +1,191 @@ +Apache License +Version 2.0, January 2004 +http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + +"License" shall mean the terms and conditions for use, reproduction, and +distribution as defined by Sections 1 through 9 of this document. + +"Licensor" shall mean the copyright owner or entity authorized by the copyright +owner that is granting the License. + +"Legal Entity" shall mean the union of the acting entity and all other entities +that control, are controlled by, or are under common control with that entity. +For the purposes of this definition, "control" means (i) the power, direct or +indirect, to cause the direction or management of such entity, whether by +contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the +outstanding shares, or (iii) beneficial ownership of such entity. + +"You" (or "Your") shall mean an individual or Legal Entity exercising +permissions granted by this License. + +"Source" form shall mean the preferred form for making modifications, including +but not limited to software source code, documentation source, and configuration +files. + +"Object" form shall mean any form resulting from mechanical transformation or +translation of a Source form, including but not limited to compiled object code, +generated documentation, and conversions to other media types. + +"Work" shall mean the work of authorship, whether in Source or Object form, made +available under the License, as indicated by a copyright notice that is included +in or attached to the work (an example is provided in the Appendix below). + +"Derivative Works" shall mean any work, whether in Source or Object form, that +is based on (or derived from) the Work and for which the editorial revisions, +annotations, elaborations, or other modifications represent, as a whole, an +original work of authorship. For the purposes of this License, Derivative Works +shall not include works that remain separable from, or merely link (or bind by +name) to the interfaces of, the Work and Derivative Works thereof. + +"Contribution" shall mean any work of authorship, including the original version +of the Work and any modifications or additions to that Work or Derivative Works +thereof, that is intentionally submitted to Licensor for inclusion in the Work +by the copyright owner or by an individual or Legal Entity authorized to submit +on behalf of the copyright owner. For the purposes of this definition, +"submitted" means any form of electronic, verbal, or written communication sent +to the Licensor or its representatives, including but not limited to +communication on electronic mailing lists, source code control systems, and +issue tracking systems that are managed by, or on behalf of, the Licensor for +the purpose of discussing and improving the Work, but excluding communication +that is conspicuously marked or otherwise designated in writing by the copyright +owner as "Not a Contribution." + +"Contributor" shall mean Licensor and any individual or Legal Entity on behalf +of whom a Contribution has been received by Licensor and subsequently +incorporated within the Work. + +2. Grant of Copyright License. + +Subject to the terms and conditions of this License, each Contributor hereby +grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, +irrevocable copyright license to reproduce, prepare Derivative Works of, +publicly display, publicly perform, sublicense, and distribute the Work and such +Derivative Works in Source or Object form. + +3. Grant of Patent License. + +Subject to the terms and conditions of this License, each Contributor hereby +grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, +irrevocable (except as stated in this section) patent license to make, have +made, use, offer to sell, sell, import, and otherwise transfer the Work, where +such license applies only to those patent claims licensable by such Contributor +that are necessarily infringed by their Contribution(s) alone or by combination +of their Contribution(s) with the Work to which such Contribution(s) was +submitted. If You institute patent litigation against any entity (including a +cross-claim or counterclaim in a lawsuit) alleging that the Work or a +Contribution incorporated within the Work constitutes direct or contributory +patent infringement, then any patent licenses granted to You under this License +for that Work shall terminate as of the date such litigation is filed. + +4. Redistribution. + +You may reproduce and distribute copies of the Work or Derivative Works thereof +in any medium, with or without modifications, and in Source or Object form, +provided that You meet the following conditions: + +You must give any other recipients of the Work or Derivative Works a copy of +this License; and +You must cause any modified files to carry prominent notices stating that You +changed the files; and +You must retain, in the Source form of any Derivative Works that You distribute, +all copyright, patent, trademark, and attribution notices from the Source form +of the Work, excluding those notices that do not pertain to any part of the +Derivative Works; and +If the Work includes a "NOTICE" text file as part of its distribution, then any +Derivative Works that You distribute must include a readable copy of the +attribution notices contained within such NOTICE file, excluding those notices +that do not pertain to any part of the Derivative Works, in at least one of the +following places: within a NOTICE text file distributed as part of the +Derivative Works; within the Source form or documentation, if provided along +with the Derivative Works; or, within a display generated by the Derivative +Works, if and wherever such third-party notices normally appear. The contents of +the NOTICE file are for informational purposes only and do not modify the +License. You may add Your own attribution notices within Derivative Works that +You distribute, alongside or as an addendum to the NOTICE text from the Work, +provided that such additional attribution notices cannot be construed as +modifying the License. +You may add Your own copyright statement to Your modifications and may provide +additional or different license terms and conditions for use, reproduction, or +distribution of Your modifications, or for any such Derivative Works as a whole, +provided Your use, reproduction, and distribution of the Work otherwise complies +with the conditions stated in this License. + +5. Submission of Contributions. + +Unless You explicitly state otherwise, any Contribution intentionally submitted +for inclusion in the Work by You to the Licensor shall be under the terms and +conditions of this License, without any additional terms or conditions. +Notwithstanding the above, nothing herein shall supersede or modify the terms of +any separate license agreement you may have executed with Licensor regarding +such Contributions. + +6. Trademarks. + +This License does not grant permission to use the trade names, trademarks, +service marks, or product names of the Licensor, except as required for +reasonable and customary use in describing the origin of the Work and +reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. + +Unless required by applicable law or agreed to in writing, Licensor provides the +Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, +including, without limitation, any warranties or conditions of TITLE, +NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are +solely responsible for determining the appropriateness of using or +redistributing the Work and assume any risks associated with Your exercise of +permissions under this License. + +8. Limitation of Liability. + +In no event and under no legal theory, whether in tort (including negligence), +contract, or otherwise, unless required by applicable law (such as deliberate +and grossly negligent acts) or agreed to in writing, shall any Contributor be +liable to You for damages, including any direct, indirect, special, incidental, +or consequential damages of any character arising as a result of this License or +out of the use or inability to use the Work (including but not limited to +damages for loss of goodwill, work stoppage, computer failure or malfunction, or +any and all other commercial damages or losses), even if such Contributor has +been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. + +While redistributing the Work or Derivative Works thereof, You may choose to +offer, and charge a fee for, acceptance of support, warranty, indemnity, or +other liability obligations and/or rights consistent with this License. However, +in accepting such obligations, You may act only on Your own behalf and on Your +sole responsibility, not on behalf of any other Contributor, and only if You +agree to indemnify, defend, and hold each Contributor harmless for any liability +incurred by, or claims asserted against, such Contributor by reason of your +accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work + +To apply the Apache License to your work, attach the following boilerplate +notice, with the fields enclosed by brackets "[]" replaced with your own +identifying information. (Don't include the brackets!) The text should be +enclosed in the appropriate comment syntax for the file format. We also +recommend that a file or class name and description of purpose be included on +the same "printed page" as the copyright notice for easier identification within +third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/vendor/github.com/coreos/go-systemd/NOTICE b/vendor/github.com/coreos/go-systemd/NOTICE new file mode 100644 index 000000000000..23a0ada2fbb5 --- /dev/null +++ b/vendor/github.com/coreos/go-systemd/NOTICE @@ -0,0 +1,5 @@ +CoreOS Project +Copyright 2018 CoreOS, Inc + +This product includes software developed at CoreOS, Inc. +(http://www.coreos.com/). diff --git a/vendor/github.com/coreos/go-systemd/journal/journal.go b/vendor/github.com/coreos/go-systemd/journal/journal.go new file mode 100644 index 000000000000..7f434990d25b --- /dev/null +++ b/vendor/github.com/coreos/go-systemd/journal/journal.go @@ -0,0 +1,179 @@ +// Copyright 2015 CoreOS, Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Package journal provides write bindings to the local systemd journal. +// It is implemented in pure Go and connects to the journal directly over its +// unix socket. +// +// To read from the journal, see the "sdjournal" package, which wraps the +// sd-journal a C API. +// +// http://www.freedesktop.org/software/systemd/man/systemd-journald.service.html +package journal + +import ( + "bytes" + "encoding/binary" + "errors" + "fmt" + "io" + "io/ioutil" + "net" + "os" + "strconv" + "strings" + "syscall" +) + +// Priority of a journal message +type Priority int + +const ( + PriEmerg Priority = iota + PriAlert + PriCrit + PriErr + PriWarning + PriNotice + PriInfo + PriDebug +) + +var conn net.Conn + +func init() { + var err error + conn, err = net.Dial("unixgram", "/run/systemd/journal/socket") + if err != nil { + conn = nil + } +} + +// Enabled returns true if the local systemd journal is available for logging +func Enabled() bool { + return conn != nil +} + +// Send a message to the local systemd journal. vars is a map of journald +// fields to values. Fields must be composed of uppercase letters, numbers, +// and underscores, but must not start with an underscore. Within these +// restrictions, any arbitrary field name may be used. Some names have special +// significance: see the journalctl documentation +// (http://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html) +// for more details. vars may be nil. +func Send(message string, priority Priority, vars map[string]string) error { + if conn == nil { + return journalError("could not connect to journald socket") + } + + data := new(bytes.Buffer) + appendVariable(data, "PRIORITY", strconv.Itoa(int(priority))) + appendVariable(data, "MESSAGE", message) + for k, v := range vars { + appendVariable(data, k, v) + } + + _, err := io.Copy(conn, data) + if err != nil && isSocketSpaceError(err) { + file, err := tempFd() + if err != nil { + return journalError(err.Error()) + } + defer file.Close() + _, err = io.Copy(file, data) + if err != nil { + return journalError(err.Error()) + } + + rights := syscall.UnixRights(int(file.Fd())) + + /* this connection should always be a UnixConn, but better safe than sorry */ + unixConn, ok := conn.(*net.UnixConn) + if !ok { + return journalError("can't send file through non-Unix connection") + } + unixConn.WriteMsgUnix([]byte{}, rights, nil) + } else if err != nil { + return journalError(err.Error()) + } + return nil +} + +// Print prints a message to the local systemd journal using Send(). +func Print(priority Priority, format string, a ...interface{}) error { + return Send(fmt.Sprintf(format, a...), priority, nil) +} + +func appendVariable(w io.Writer, name, value string) { + if !validVarName(name) { + journalError("variable name contains invalid character, ignoring") + } + if strings.ContainsRune(value, '\n') { + /* When the value contains a newline, we write: + * - the variable name, followed by a newline + * - the size (in 64bit little endian format) + * - the data, followed by a newline + */ + fmt.Fprintln(w, name) + binary.Write(w, binary.LittleEndian, uint64(len(value))) + fmt.Fprintln(w, value) + } else { + /* just write the variable and value all on one line */ + fmt.Fprintf(w, "%s=%s\n", name, value) + } +} + +func validVarName(name string) bool { + /* The variable name must be in uppercase and consist only of characters, + * numbers and underscores, and may not begin with an underscore. (from the docs) + */ + + valid := name[0] != '_' + for _, c := range name { + valid = valid && ('A' <= c && c <= 'Z') || ('0' <= c && c <= '9') || c == '_' + } + return valid +} + +func isSocketSpaceError(err error) bool { + opErr, ok := err.(*net.OpError) + if !ok { + return false + } + + sysErr, ok := opErr.Err.(syscall.Errno) + if !ok { + return false + } + + return sysErr == syscall.EMSGSIZE || sysErr == syscall.ENOBUFS +} + +func tempFd() (*os.File, error) { + file, err := ioutil.TempFile("/dev/shm/", "journal.XXXXX") + if err != nil { + return nil, err + } + syscall.Unlink(file.Name()) + if err != nil { + return nil, err + } + return file, nil +} + +func journalError(s string) error { + s = "journal error: " + s + fmt.Fprintln(os.Stderr, s) + return errors.New(s) +} diff --git a/vendor/github.com/coreos/pkg/LICENSE b/vendor/github.com/coreos/pkg/LICENSE new file mode 100644 index 000000000000..e06d2081865a --- /dev/null +++ b/vendor/github.com/coreos/pkg/LICENSE @@ -0,0 +1,202 @@ +Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/vendor/github.com/coreos/pkg/NOTICE b/vendor/github.com/coreos/pkg/NOTICE new file mode 100644 index 000000000000..b39ddfa5cbde --- /dev/null +++ b/vendor/github.com/coreos/pkg/NOTICE @@ -0,0 +1,5 @@ +CoreOS Project +Copyright 2014 CoreOS, Inc + +This product includes software developed at CoreOS, Inc. +(http://www.coreos.com/). diff --git a/vendor/github.com/coreos/pkg/capnslog/README.md b/vendor/github.com/coreos/pkg/capnslog/README.md new file mode 100644 index 000000000000..f79dbfca5cbe --- /dev/null +++ b/vendor/github.com/coreos/pkg/capnslog/README.md @@ -0,0 +1,39 @@ +# capnslog, the CoreOS logging package + +There are far too many logging packages out there, with varying degrees of licenses, far too many features (colorization, all sorts of log frameworks) or are just a pain to use (lack of `Fatalln()`?). +capnslog provides a simple but consistent logging interface suitable for all kinds of projects. + +### Design Principles + +##### `package main` is the place where logging gets turned on and routed + +A library should not touch log options, only generate log entries. Libraries are silent until main lets them speak. + +##### All log options are runtime-configurable. + +Still the job of `main` to expose these configurations. `main` may delegate this to, say, a configuration webhook, but does so explicitly. + +##### There is one log object per package. It is registered under its repository and package name. + +`main` activates logging for its repository and any dependency repositories it would also like to have output in its logstream. `main` also dictates at which level each subpackage logs. + +##### There is *one* output stream, and it is an `io.Writer` composed with a formatter. + +Splitting streams is probably not the job of your program, but rather, your log aggregation framework. If you must split output streams, again, `main` configures this and you can write a very simple two-output struct that satisfies io.Writer. + +Fancy colorful formatting and JSON output are beyond the scope of a basic logging framework -- they're application/log-collector dependent. These are, at best, provided as options, but more likely, provided by your application. + +##### Log objects are an interface + +An object knows best how to print itself. Log objects can collect more interesting metadata if they wish, however, because text isn't going away anytime soon, they must all be marshalable to text. The simplest log object is a string, which returns itself. If you wish to do more fancy tricks for printing your log objects, see also JSON output -- introspect and write a formatter which can handle your advanced log interface. Making strings is the only thing guaranteed. + +##### Log levels have specific meanings: + + * Critical: Unrecoverable. Must fail. + * Error: Data has been lost, a request has failed for a bad reason, or a required resource has been lost + * Warning: (Hopefully) Temporary conditions that may cause errors, but may work fine. A replica disappearing (that may reconnect) is a warning. + * Notice: Normal, but important (uncommon) log information. + * Info: Normal, working log information, everything is fine, but helpful notices for auditing or common operations. + * Debug: Everything is still fine, but even common operations may be logged, and less helpful but more quantity of notices. + * Trace: Anything goes, from logging every function call as part of a common operation, to tracing execution of a query. + diff --git a/vendor/github.com/coreos/pkg/capnslog/formatters.go b/vendor/github.com/coreos/pkg/capnslog/formatters.go new file mode 100644 index 000000000000..b305a845fb2b --- /dev/null +++ b/vendor/github.com/coreos/pkg/capnslog/formatters.go @@ -0,0 +1,157 @@ +// Copyright 2015 CoreOS, Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package capnslog + +import ( + "bufio" + "fmt" + "io" + "log" + "runtime" + "strings" + "time" +) + +type Formatter interface { + Format(pkg string, level LogLevel, depth int, entries ...interface{}) + Flush() +} + +func NewStringFormatter(w io.Writer) Formatter { + return &StringFormatter{ + w: bufio.NewWriter(w), + } +} + +type StringFormatter struct { + w *bufio.Writer +} + +func (s *StringFormatter) Format(pkg string, l LogLevel, i int, entries ...interface{}) { + now := time.Now().UTC() + s.w.WriteString(now.Format(time.RFC3339)) + s.w.WriteByte(' ') + writeEntries(s.w, pkg, l, i, entries...) + s.Flush() +} + +func writeEntries(w *bufio.Writer, pkg string, _ LogLevel, _ int, entries ...interface{}) { + if pkg != "" { + w.WriteString(pkg + ": ") + } + str := fmt.Sprint(entries...) + endsInNL := strings.HasSuffix(str, "\n") + w.WriteString(str) + if !endsInNL { + w.WriteString("\n") + } +} + +func (s *StringFormatter) Flush() { + s.w.Flush() +} + +func NewPrettyFormatter(w io.Writer, debug bool) Formatter { + return &PrettyFormatter{ + w: bufio.NewWriter(w), + debug: debug, + } +} + +type PrettyFormatter struct { + w *bufio.Writer + debug bool +} + +func (c *PrettyFormatter) Format(pkg string, l LogLevel, depth int, entries ...interface{}) { + now := time.Now() + ts := now.Format("2006-01-02 15:04:05") + c.w.WriteString(ts) + ms := now.Nanosecond() / 1000 + c.w.WriteString(fmt.Sprintf(".%06d", ms)) + if c.debug { + _, file, line, ok := runtime.Caller(depth) // It's always the same number of frames to the user's call. + if !ok { + file = "???" + line = 1 + } else { + slash := strings.LastIndex(file, "/") + if slash >= 0 { + file = file[slash+1:] + } + } + if line < 0 { + line = 0 // not a real line number + } + c.w.WriteString(fmt.Sprintf(" [%s:%d]", file, line)) + } + c.w.WriteString(fmt.Sprint(" ", l.Char(), " | ")) + writeEntries(c.w, pkg, l, depth, entries...) + c.Flush() +} + +func (c *PrettyFormatter) Flush() { + c.w.Flush() +} + +// LogFormatter emulates the form of the traditional built-in logger. +type LogFormatter struct { + logger *log.Logger + prefix string +} + +// NewLogFormatter is a helper to produce a new LogFormatter struct. It uses the +// golang log package to actually do the logging work so that logs look similar. +func NewLogFormatter(w io.Writer, prefix string, flag int) Formatter { + return &LogFormatter{ + logger: log.New(w, "", flag), // don't use prefix here + prefix: prefix, // save it instead + } +} + +// Format builds a log message for the LogFormatter. The LogLevel is ignored. +func (lf *LogFormatter) Format(pkg string, _ LogLevel, _ int, entries ...interface{}) { + str := fmt.Sprint(entries...) + prefix := lf.prefix + if pkg != "" { + prefix = fmt.Sprintf("%s%s: ", prefix, pkg) + } + lf.logger.Output(5, fmt.Sprintf("%s%v", prefix, str)) // call depth is 5 +} + +// Flush is included so that the interface is complete, but is a no-op. +func (lf *LogFormatter) Flush() { + // noop +} + +// NilFormatter is a no-op log formatter that does nothing. +type NilFormatter struct { +} + +// NewNilFormatter is a helper to produce a new LogFormatter struct. It logs no +// messages so that you can cause part of your logging to be silent. +func NewNilFormatter() Formatter { + return &NilFormatter{} +} + +// Format does nothing. +func (_ *NilFormatter) Format(_ string, _ LogLevel, _ int, _ ...interface{}) { + // noop +} + +// Flush is included so that the interface is complete, but is a no-op. +func (_ *NilFormatter) Flush() { + // noop +} diff --git a/vendor/github.com/coreos/pkg/capnslog/glog_formatter.go b/vendor/github.com/coreos/pkg/capnslog/glog_formatter.go new file mode 100644 index 000000000000..426603ef305c --- /dev/null +++ b/vendor/github.com/coreos/pkg/capnslog/glog_formatter.go @@ -0,0 +1,96 @@ +// Copyright 2015 CoreOS, Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package capnslog + +import ( + "bufio" + "bytes" + "io" + "os" + "runtime" + "strconv" + "strings" + "time" +) + +var pid = os.Getpid() + +type GlogFormatter struct { + StringFormatter +} + +func NewGlogFormatter(w io.Writer) *GlogFormatter { + g := &GlogFormatter{} + g.w = bufio.NewWriter(w) + return g +} + +func (g GlogFormatter) Format(pkg string, level LogLevel, depth int, entries ...interface{}) { + g.w.Write(GlogHeader(level, depth+1)) + g.StringFormatter.Format(pkg, level, depth+1, entries...) +} + +func GlogHeader(level LogLevel, depth int) []byte { + // Lmmdd hh:mm:ss.uuuuuu threadid file:line] + now := time.Now().UTC() + _, file, line, ok := runtime.Caller(depth) // It's always the same number of frames to the user's call. + if !ok { + file = "???" + line = 1 + } else { + slash := strings.LastIndex(file, "/") + if slash >= 0 { + file = file[slash+1:] + } + } + if line < 0 { + line = 0 // not a real line number + } + buf := &bytes.Buffer{} + buf.Grow(30) + _, month, day := now.Date() + hour, minute, second := now.Clock() + buf.WriteString(level.Char()) + twoDigits(buf, int(month)) + twoDigits(buf, day) + buf.WriteByte(' ') + twoDigits(buf, hour) + buf.WriteByte(':') + twoDigits(buf, minute) + buf.WriteByte(':') + twoDigits(buf, second) + buf.WriteByte('.') + buf.WriteString(strconv.Itoa(now.Nanosecond() / 1000)) + buf.WriteByte('Z') + buf.WriteByte(' ') + buf.WriteString(strconv.Itoa(pid)) + buf.WriteByte(' ') + buf.WriteString(file) + buf.WriteByte(':') + buf.WriteString(strconv.Itoa(line)) + buf.WriteByte(']') + buf.WriteByte(' ') + return buf.Bytes() +} + +const digits = "0123456789" + +func twoDigits(b *bytes.Buffer, d int) { + c2 := digits[d%10] + d /= 10 + c1 := digits[d%10] + b.WriteByte(c1) + b.WriteByte(c2) +} diff --git a/vendor/github.com/coreos/pkg/capnslog/init.go b/vendor/github.com/coreos/pkg/capnslog/init.go new file mode 100644 index 000000000000..44b8cd361b0f --- /dev/null +++ b/vendor/github.com/coreos/pkg/capnslog/init.go @@ -0,0 +1,49 @@ +// Copyright 2015 CoreOS, Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// +build !windows + +package capnslog + +import ( + "io" + "os" + "syscall" +) + +// Here's where the opinionation comes in. We need some sensible defaults, +// especially after taking over the log package. Your project (whatever it may +// be) may see things differently. That's okay; there should be no defaults in +// the main package that cannot be controlled or overridden programatically, +// otherwise it's a bug. Doing so is creating your own init_log.go file much +// like this one. + +func init() { + initHijack() + + // Go `log` pacakge uses os.Stderr. + SetFormatter(NewDefaultFormatter(os.Stderr)) + SetGlobalLogLevel(INFO) +} + +func NewDefaultFormatter(out io.Writer) Formatter { + if syscall.Getppid() == 1 { + // We're running under init, which may be systemd. + f, err := NewJournaldFormatter() + if err == nil { + return f + } + } + return NewPrettyFormatter(out, false) +} diff --git a/vendor/github.com/coreos/pkg/capnslog/init_windows.go b/vendor/github.com/coreos/pkg/capnslog/init_windows.go new file mode 100644 index 000000000000..45530506537f --- /dev/null +++ b/vendor/github.com/coreos/pkg/capnslog/init_windows.go @@ -0,0 +1,25 @@ +// Copyright 2015 CoreOS, Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package capnslog + +import "os" + +func init() { + initHijack() + + // Go `log` package uses os.Stderr. + SetFormatter(NewPrettyFormatter(os.Stderr, false)) + SetGlobalLogLevel(INFO) +} diff --git a/vendor/github.com/coreos/pkg/capnslog/journald_formatter.go b/vendor/github.com/coreos/pkg/capnslog/journald_formatter.go new file mode 100644 index 000000000000..72e05207c52c --- /dev/null +++ b/vendor/github.com/coreos/pkg/capnslog/journald_formatter.go @@ -0,0 +1,68 @@ +// Copyright 2015 CoreOS, Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// +build !windows + +package capnslog + +import ( + "errors" + "fmt" + "os" + "path/filepath" + + "github.com/coreos/go-systemd/journal" +) + +func NewJournaldFormatter() (Formatter, error) { + if !journal.Enabled() { + return nil, errors.New("No systemd detected") + } + return &journaldFormatter{}, nil +} + +type journaldFormatter struct{} + +func (j *journaldFormatter) Format(pkg string, l LogLevel, _ int, entries ...interface{}) { + var pri journal.Priority + switch l { + case CRITICAL: + pri = journal.PriCrit + case ERROR: + pri = journal.PriErr + case WARNING: + pri = journal.PriWarning + case NOTICE: + pri = journal.PriNotice + case INFO: + pri = journal.PriInfo + case DEBUG: + pri = journal.PriDebug + case TRACE: + pri = journal.PriDebug + default: + panic("Unhandled loglevel") + } + msg := fmt.Sprint(entries...) + tags := map[string]string{ + "PACKAGE": pkg, + "SYSLOG_IDENTIFIER": filepath.Base(os.Args[0]), + } + err := journal.Send(msg, pri, tags) + if err != nil { + fmt.Fprintln(os.Stderr, err) + } +} + +func (j *journaldFormatter) Flush() {} diff --git a/vendor/github.com/coreos/pkg/capnslog/log_hijack.go b/vendor/github.com/coreos/pkg/capnslog/log_hijack.go new file mode 100644 index 000000000000..970086b9f973 --- /dev/null +++ b/vendor/github.com/coreos/pkg/capnslog/log_hijack.go @@ -0,0 +1,39 @@ +// Copyright 2015 CoreOS, Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package capnslog + +import ( + "log" +) + +func initHijack() { + pkg := NewPackageLogger("log", "") + w := packageWriter{pkg} + log.SetFlags(0) + log.SetPrefix("") + log.SetOutput(w) +} + +type packageWriter struct { + pl *PackageLogger +} + +func (p packageWriter) Write(b []byte) (int, error) { + if p.pl.level < INFO { + return 0, nil + } + p.pl.internalLog(calldepth+2, INFO, string(b)) + return len(b), nil +} diff --git a/vendor/github.com/coreos/pkg/capnslog/logmap.go b/vendor/github.com/coreos/pkg/capnslog/logmap.go new file mode 100644 index 000000000000..226b60c22534 --- /dev/null +++ b/vendor/github.com/coreos/pkg/capnslog/logmap.go @@ -0,0 +1,245 @@ +// Copyright 2015 CoreOS, Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package capnslog + +import ( + "errors" + "strings" + "sync" +) + +// LogLevel is the set of all log levels. +type LogLevel int8 + +const ( + // CRITICAL is the lowest log level; only errors which will end the program will be propagated. + CRITICAL LogLevel = iota - 1 + // ERROR is for errors that are not fatal but lead to troubling behavior. + ERROR + // WARNING is for errors which are not fatal and not errors, but are unusual. Often sourced from misconfigurations. + WARNING + // NOTICE is for normal but significant conditions. + NOTICE + // INFO is a log level for common, everyday log updates. + INFO + // DEBUG is the default hidden level for more verbose updates about internal processes. + DEBUG + // TRACE is for (potentially) call by call tracing of programs. + TRACE +) + +// Char returns a single-character representation of the log level. +func (l LogLevel) Char() string { + switch l { + case CRITICAL: + return "C" + case ERROR: + return "E" + case WARNING: + return "W" + case NOTICE: + return "N" + case INFO: + return "I" + case DEBUG: + return "D" + case TRACE: + return "T" + default: + panic("Unhandled loglevel") + } +} + +// String returns a multi-character representation of the log level. +func (l LogLevel) String() string { + switch l { + case CRITICAL: + return "CRITICAL" + case ERROR: + return "ERROR" + case WARNING: + return "WARNING" + case NOTICE: + return "NOTICE" + case INFO: + return "INFO" + case DEBUG: + return "DEBUG" + case TRACE: + return "TRACE" + default: + panic("Unhandled loglevel") + } +} + +// Update using the given string value. Fulfills the flag.Value interface. +func (l *LogLevel) Set(s string) error { + value, err := ParseLevel(s) + if err != nil { + return err + } + + *l = value + return nil +} + +// Returns an empty string, only here to fulfill the pflag.Value interface. +func (l *LogLevel) Type() string { + return "" +} + +// ParseLevel translates some potential loglevel strings into their corresponding levels. +func ParseLevel(s string) (LogLevel, error) { + switch s { + case "CRITICAL", "C": + return CRITICAL, nil + case "ERROR", "0", "E": + return ERROR, nil + case "WARNING", "1", "W": + return WARNING, nil + case "NOTICE", "2", "N": + return NOTICE, nil + case "INFO", "3", "I": + return INFO, nil + case "DEBUG", "4", "D": + return DEBUG, nil + case "TRACE", "5", "T": + return TRACE, nil + } + return CRITICAL, errors.New("couldn't parse log level " + s) +} + +type RepoLogger map[string]*PackageLogger + +type loggerStruct struct { + sync.Mutex + repoMap map[string]RepoLogger + formatter Formatter +} + +// logger is the global logger +var logger = new(loggerStruct) + +// SetGlobalLogLevel sets the log level for all packages in all repositories +// registered with capnslog. +func SetGlobalLogLevel(l LogLevel) { + logger.Lock() + defer logger.Unlock() + for _, r := range logger.repoMap { + r.setRepoLogLevelInternal(l) + } +} + +// GetRepoLogger may return the handle to the repository's set of packages' loggers. +func GetRepoLogger(repo string) (RepoLogger, error) { + logger.Lock() + defer logger.Unlock() + r, ok := logger.repoMap[repo] + if !ok { + return nil, errors.New("no packages registered for repo " + repo) + } + return r, nil +} + +// MustRepoLogger returns the handle to the repository's packages' loggers. +func MustRepoLogger(repo string) RepoLogger { + r, err := GetRepoLogger(repo) + if err != nil { + panic(err) + } + return r +} + +// SetRepoLogLevel sets the log level for all packages in the repository. +func (r RepoLogger) SetRepoLogLevel(l LogLevel) { + logger.Lock() + defer logger.Unlock() + r.setRepoLogLevelInternal(l) +} + +func (r RepoLogger) setRepoLogLevelInternal(l LogLevel) { + for _, v := range r { + v.level = l + } +} + +// ParseLogLevelConfig parses a comma-separated string of "package=loglevel", in +// order, and returns a map of the results, for use in SetLogLevel. +func (r RepoLogger) ParseLogLevelConfig(conf string) (map[string]LogLevel, error) { + setlist := strings.Split(conf, ",") + out := make(map[string]LogLevel) + for _, setstring := range setlist { + setting := strings.Split(setstring, "=") + if len(setting) != 2 { + return nil, errors.New("oddly structured `pkg=level` option: " + setstring) + } + l, err := ParseLevel(setting[1]) + if err != nil { + return nil, err + } + out[setting[0]] = l + } + return out, nil +} + +// SetLogLevel takes a map of package names within a repository to their desired +// loglevel, and sets the levels appropriately. Unknown packages are ignored. +// "*" is a special package name that corresponds to all packages, and will be +// processed first. +func (r RepoLogger) SetLogLevel(m map[string]LogLevel) { + logger.Lock() + defer logger.Unlock() + if l, ok := m["*"]; ok { + r.setRepoLogLevelInternal(l) + } + for k, v := range m { + l, ok := r[k] + if !ok { + continue + } + l.level = v + } +} + +// SetFormatter sets the formatting function for all logs. +func SetFormatter(f Formatter) { + logger.Lock() + defer logger.Unlock() + logger.formatter = f +} + +// NewPackageLogger creates a package logger object. +// This should be defined as a global var in your package, referencing your repo. +func NewPackageLogger(repo string, pkg string) (p *PackageLogger) { + logger.Lock() + defer logger.Unlock() + if logger.repoMap == nil { + logger.repoMap = make(map[string]RepoLogger) + } + r, rok := logger.repoMap[repo] + if !rok { + logger.repoMap[repo] = make(RepoLogger) + r = logger.repoMap[repo] + } + p, pok := r[pkg] + if !pok { + r[pkg] = &PackageLogger{ + pkg: pkg, + level: INFO, + } + p = r[pkg] + } + return +} diff --git a/vendor/github.com/coreos/pkg/capnslog/pkg_logger.go b/vendor/github.com/coreos/pkg/capnslog/pkg_logger.go new file mode 100644 index 000000000000..00ff37149aeb --- /dev/null +++ b/vendor/github.com/coreos/pkg/capnslog/pkg_logger.go @@ -0,0 +1,191 @@ +// Copyright 2015 CoreOS, Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package capnslog + +import ( + "fmt" + "os" +) + +type PackageLogger struct { + pkg string + level LogLevel +} + +const calldepth = 2 + +func (p *PackageLogger) internalLog(depth int, inLevel LogLevel, entries ...interface{}) { + logger.Lock() + defer logger.Unlock() + if inLevel != CRITICAL && p.level < inLevel { + return + } + if logger.formatter != nil { + logger.formatter.Format(p.pkg, inLevel, depth+1, entries...) + } +} + +// SetLevel allows users to change the current logging level. +func (p *PackageLogger) SetLevel(l LogLevel) { + logger.Lock() + defer logger.Unlock() + p.level = l +} + +// LevelAt checks if the given log level will be outputted under current setting. +func (p *PackageLogger) LevelAt(l LogLevel) bool { + logger.Lock() + defer logger.Unlock() + return p.level >= l +} + +// Log a formatted string at any level between ERROR and TRACE +func (p *PackageLogger) Logf(l LogLevel, format string, args ...interface{}) { + p.internalLog(calldepth, l, fmt.Sprintf(format, args...)) +} + +// Log a message at any level between ERROR and TRACE +func (p *PackageLogger) Log(l LogLevel, args ...interface{}) { + p.internalLog(calldepth, l, fmt.Sprint(args...)) +} + +// log stdlib compatibility + +func (p *PackageLogger) Println(args ...interface{}) { + p.internalLog(calldepth, INFO, fmt.Sprintln(args...)) +} + +func (p *PackageLogger) Printf(format string, args ...interface{}) { + p.Logf(INFO, format, args...) +} + +func (p *PackageLogger) Print(args ...interface{}) { + p.internalLog(calldepth, INFO, fmt.Sprint(args...)) +} + +// Panic and fatal + +func (p *PackageLogger) Panicf(format string, args ...interface{}) { + s := fmt.Sprintf(format, args...) + p.internalLog(calldepth, CRITICAL, s) + panic(s) +} + +func (p *PackageLogger) Panic(args ...interface{}) { + s := fmt.Sprint(args...) + p.internalLog(calldepth, CRITICAL, s) + panic(s) +} + +func (p *PackageLogger) Panicln(args ...interface{}) { + s := fmt.Sprintln(args...) + p.internalLog(calldepth, CRITICAL, s) + panic(s) +} + +func (p *PackageLogger) Fatalf(format string, args ...interface{}) { + p.Logf(CRITICAL, format, args...) + os.Exit(1) +} + +func (p *PackageLogger) Fatal(args ...interface{}) { + s := fmt.Sprint(args...) + p.internalLog(calldepth, CRITICAL, s) + os.Exit(1) +} + +func (p *PackageLogger) Fatalln(args ...interface{}) { + s := fmt.Sprintln(args...) + p.internalLog(calldepth, CRITICAL, s) + os.Exit(1) +} + +// Error Functions + +func (p *PackageLogger) Errorf(format string, args ...interface{}) { + p.Logf(ERROR, format, args...) +} + +func (p *PackageLogger) Error(entries ...interface{}) { + p.internalLog(calldepth, ERROR, entries...) +} + +// Warning Functions + +func (p *PackageLogger) Warningf(format string, args ...interface{}) { + p.Logf(WARNING, format, args...) +} + +func (p *PackageLogger) Warning(entries ...interface{}) { + p.internalLog(calldepth, WARNING, entries...) +} + +// Notice Functions + +func (p *PackageLogger) Noticef(format string, args ...interface{}) { + p.Logf(NOTICE, format, args...) +} + +func (p *PackageLogger) Notice(entries ...interface{}) { + p.internalLog(calldepth, NOTICE, entries...) +} + +// Info Functions + +func (p *PackageLogger) Infof(format string, args ...interface{}) { + p.Logf(INFO, format, args...) +} + +func (p *PackageLogger) Info(entries ...interface{}) { + p.internalLog(calldepth, INFO, entries...) +} + +// Debug Functions + +func (p *PackageLogger) Debugf(format string, args ...interface{}) { + if p.level < DEBUG { + return + } + p.Logf(DEBUG, format, args...) +} + +func (p *PackageLogger) Debug(entries ...interface{}) { + if p.level < DEBUG { + return + } + p.internalLog(calldepth, DEBUG, entries...) +} + +// Trace Functions + +func (p *PackageLogger) Tracef(format string, args ...interface{}) { + if p.level < TRACE { + return + } + p.Logf(TRACE, format, args...) +} + +func (p *PackageLogger) Trace(entries ...interface{}) { + if p.level < TRACE { + return + } + p.internalLog(calldepth, TRACE, entries...) +} + +func (p *PackageLogger) Flush() { + logger.Lock() + defer logger.Unlock() + logger.formatter.Flush() +} diff --git a/vendor/github.com/coreos/pkg/capnslog/syslog_formatter.go b/vendor/github.com/coreos/pkg/capnslog/syslog_formatter.go new file mode 100644 index 000000000000..4be5a1f2de39 --- /dev/null +++ b/vendor/github.com/coreos/pkg/capnslog/syslog_formatter.go @@ -0,0 +1,65 @@ +// Copyright 2015 CoreOS, Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// +build !windows + +package capnslog + +import ( + "fmt" + "log/syslog" +) + +func NewSyslogFormatter(w *syslog.Writer) Formatter { + return &syslogFormatter{w} +} + +func NewDefaultSyslogFormatter(tag string) (Formatter, error) { + w, err := syslog.New(syslog.LOG_DEBUG, tag) + if err != nil { + return nil, err + } + return NewSyslogFormatter(w), nil +} + +type syslogFormatter struct { + w *syslog.Writer +} + +func (s *syslogFormatter) Format(pkg string, l LogLevel, _ int, entries ...interface{}) { + for _, entry := range entries { + str := fmt.Sprint(entry) + switch l { + case CRITICAL: + s.w.Crit(str) + case ERROR: + s.w.Err(str) + case WARNING: + s.w.Warning(str) + case NOTICE: + s.w.Notice(str) + case INFO: + s.w.Info(str) + case DEBUG: + s.w.Debug(str) + case TRACE: + s.w.Debug(str) + default: + panic("Unhandled loglevel") + } + } +} + +func (s *syslogFormatter) Flush() { +} diff --git a/vendor/github.com/denisenkom/go-mssqldb/types.go b/vendor/github.com/denisenkom/go-mssqldb/types.go index 6832e2ec8bb9..05ea3e945b45 100644 --- a/vendor/github.com/denisenkom/go-mssqldb/types.go +++ b/vendor/github.com/denisenkom/go-mssqldb/types.go @@ -345,6 +345,10 @@ func readByteLenType(ti *typeInfo, r *tdsBuffer) interface{} { default: badStreamPanicf("Invalid size for MONEYNTYPE") } + case typeDateTim4: + return decodeDateTim4(buf) + case typeDateTime: + return decodeDateTime(buf) case typeDateTimeN: switch len(buf) { case 4: @@ -964,6 +968,8 @@ func makeGoLangScanType(ti typeInfo) reflect.Type { return reflect.TypeOf("") case typeImage: return reflect.TypeOf([]byte{}) + case typeBigBinary: + return reflect.TypeOf([]byte{}) case typeVariant: return reflect.TypeOf(nil) default: @@ -1052,10 +1058,10 @@ func makeDecl(ti typeInfo) string { } case typeBit, typeBitN: return "bit" - case typeDateTim4: - return "smalldatetime" case typeDateN: return "date" + case typeDateTim4: + return "smalldatetime" case typeDateTime: return "datetime" case typeDateTimeN: @@ -1143,6 +1149,10 @@ func makeGoLangTypeName(ti typeInfo) string { default: panic("invalid size of MONEYN") } + case typeDateTim4: + return "SMALLDATETIME" + case typeDateTime: + return "DATETIME" case typeDateTimeN: switch ti.Size { case 4: @@ -1178,6 +1188,8 @@ func makeGoLangTypeName(ti typeInfo) string { return "IMAGE" case typeVariant: return "SQL_VARIANT" + case typeBigBinary: + return "BINARY" default: panic(fmt.Sprintf("not implemented makeDecl for type %d", ti.TypeId)) } @@ -1244,6 +1256,8 @@ func makeGoLangTypeLength(ti typeInfo) (int64, bool) { default: panic("invalid size of MONEYN") } + case typeDateTim4, typeDateTime: + return 0, false case typeDateTimeN: switch ti.Size { case 4: @@ -1297,6 +1311,8 @@ func makeGoLangTypeLength(ti typeInfo) (int64, bool) { return 2147483647, true case typeVariant: return 0, false + case typeBigBinary: + return 0, false default: panic(fmt.Sprintf("not implemented makeDecl for type %d", ti.TypeId)) } @@ -1363,6 +1379,8 @@ func makeGoLangTypePrecisionScale(ti typeInfo) (int64, int64, bool) { default: panic("invalid size of MONEYN") } + case typeDateTim4, typeDateTime: + return 0, 0, false case typeDateTimeN: switch ti.Size { case 4: @@ -1404,6 +1422,8 @@ func makeGoLangTypePrecisionScale(ti typeInfo) (int64, int64, bool) { return 0, 0, false case typeVariant: return 0, 0, false + case typeBigBinary: + return 0, 0, false default: panic(fmt.Sprintf("not implemented makeDecl for type %d", ti.TypeId)) } diff --git a/vendor/github.com/docker/docker/api/types/auth.go b/vendor/github.com/docker/docker/api/types/auth.go index 056af6b84259..ddf15bb182dd 100644 --- a/vendor/github.com/docker/docker/api/types/auth.go +++ b/vendor/github.com/docker/docker/api/types/auth.go @@ -1,4 +1,4 @@ -package types +package types // import "github.com/docker/docker/api/types" // AuthConfig contains authorization information for connecting to a Registry type AuthConfig struct { diff --git a/vendor/github.com/docker/docker/api/types/blkiodev/blkio.go b/vendor/github.com/docker/docker/api/types/blkiodev/blkio.go index 931ae10ab1ef..bf3463b90e71 100644 --- a/vendor/github.com/docker/docker/api/types/blkiodev/blkio.go +++ b/vendor/github.com/docker/docker/api/types/blkiodev/blkio.go @@ -1,4 +1,4 @@ -package blkiodev +package blkiodev // import "github.com/docker/docker/api/types/blkiodev" import "fmt" diff --git a/vendor/github.com/docker/docker/api/types/client.go b/vendor/github.com/docker/docker/api/types/client.go index 93ca42854005..18b36d592b01 100644 --- a/vendor/github.com/docker/docker/api/types/client.go +++ b/vendor/github.com/docker/docker/api/types/client.go @@ -1,4 +1,4 @@ -package types +package types // import "github.com/docker/docker/api/types" import ( "bufio" diff --git a/vendor/github.com/docker/docker/api/types/configs.go b/vendor/github.com/docker/docker/api/types/configs.go index 54d3e39fb96a..f6537a27f21e 100644 --- a/vendor/github.com/docker/docker/api/types/configs.go +++ b/vendor/github.com/docker/docker/api/types/configs.go @@ -1,4 +1,4 @@ -package types +package types // import "github.com/docker/docker/api/types" import ( "github.com/docker/docker/api/types/container" @@ -25,19 +25,6 @@ type ContainerRmConfig struct { ForceRemove, RemoveVolume, RemoveLink bool } -// ContainerCommitConfig contains build configs for commit operation, -// and is used when making a commit with the current state of the container. -type ContainerCommitConfig struct { - Pause bool - Repo string - Tag string - Author string - Comment string - // merge container config into commit config before commit - MergeConfigs bool - Config *container.Config -} - // ExecConfig is a small subset of the Config struct that holds the configuration // for the exec feature of docker. type ExecConfig struct { diff --git a/vendor/github.com/docker/docker/api/types/container/config.go b/vendor/github.com/docker/docker/api/types/container/config.go index 55a03fc981ff..89ad08c23461 100644 --- a/vendor/github.com/docker/docker/api/types/container/config.go +++ b/vendor/github.com/docker/docker/api/types/container/config.go @@ -1,4 +1,4 @@ -package container +package container // import "github.com/docker/docker/api/types/container" import ( "time" diff --git a/vendor/github.com/docker/docker/api/types/container/host_config.go b/vendor/github.com/docker/docker/api/types/container/host_config.go index 568cdcca9338..02271ecd985f 100644 --- a/vendor/github.com/docker/docker/api/types/container/host_config.go +++ b/vendor/github.com/docker/docker/api/types/container/host_config.go @@ -1,4 +1,4 @@ -package container +package container // import "github.com/docker/docker/api/types/container" import ( "strings" diff --git a/vendor/github.com/docker/docker/api/types/container/hostconfig_unix.go b/vendor/github.com/docker/docker/api/types/container/hostconfig_unix.go index 2d664d1c9675..cf6fdf44026c 100644 --- a/vendor/github.com/docker/docker/api/types/container/hostconfig_unix.go +++ b/vendor/github.com/docker/docker/api/types/container/hostconfig_unix.go @@ -1,6 +1,6 @@ // +build !windows -package container +package container // import "github.com/docker/docker/api/types/container" // IsValid indicates if an isolation technology is valid func (i Isolation) IsValid() bool { diff --git a/vendor/github.com/docker/docker/api/types/container/hostconfig_windows.go b/vendor/github.com/docker/docker/api/types/container/hostconfig_windows.go index 3374d737f129..99f803a5bb17 100644 --- a/vendor/github.com/docker/docker/api/types/container/hostconfig_windows.go +++ b/vendor/github.com/docker/docker/api/types/container/hostconfig_windows.go @@ -1,4 +1,4 @@ -package container +package container // import "github.com/docker/docker/api/types/container" // IsBridge indicates whether container uses the bridge network stack // in windows it is given the name NAT diff --git a/vendor/github.com/docker/docker/api/types/container/waitcondition.go b/vendor/github.com/docker/docker/api/types/container/waitcondition.go index 64820fe3583f..cd8311f99cfb 100644 --- a/vendor/github.com/docker/docker/api/types/container/waitcondition.go +++ b/vendor/github.com/docker/docker/api/types/container/waitcondition.go @@ -1,4 +1,4 @@ -package container +package container // import "github.com/docker/docker/api/types/container" // WaitCondition is a type used to specify a container state for which // to wait. diff --git a/vendor/github.com/docker/docker/api/types/filters/parse.go b/vendor/github.com/docker/docker/api/types/filters/parse.go index d45d0528fb1f..a41e3d8d96ad 100644 --- a/vendor/github.com/docker/docker/api/types/filters/parse.go +++ b/vendor/github.com/docker/docker/api/types/filters/parse.go @@ -1,7 +1,7 @@ /*Package filters provides tools for encoding a mapping of keys to a set of multiple values. */ -package filters +package filters // import "github.com/docker/docker/api/types/filters" import ( "encoding/json" diff --git a/vendor/github.com/docker/docker/api/types/mount/mount.go b/vendor/github.com/docker/docker/api/types/mount/mount.go index b7d133cd8459..3fef974df883 100644 --- a/vendor/github.com/docker/docker/api/types/mount/mount.go +++ b/vendor/github.com/docker/docker/api/types/mount/mount.go @@ -1,4 +1,4 @@ -package mount +package mount // import "github.com/docker/docker/api/types/mount" import ( "os" diff --git a/vendor/github.com/docker/docker/api/types/network/network.go b/vendor/github.com/docker/docker/api/types/network/network.go index 7c7dbacc855c..761d0b34f2f1 100644 --- a/vendor/github.com/docker/docker/api/types/network/network.go +++ b/vendor/github.com/docker/docker/api/types/network/network.go @@ -1,4 +1,4 @@ -package network +package network // import "github.com/docker/docker/api/types/network" // Address represents an IP address type Address struct { diff --git a/vendor/github.com/docker/docker/api/types/plugin_responses.go b/vendor/github.com/docker/docker/api/types/plugin_responses.go index 18f743fcde3a..60d1fb5ad855 100644 --- a/vendor/github.com/docker/docker/api/types/plugin_responses.go +++ b/vendor/github.com/docker/docker/api/types/plugin_responses.go @@ -1,4 +1,4 @@ -package types +package types // import "github.com/docker/docker/api/types" import ( "encoding/json" diff --git a/vendor/github.com/docker/docker/api/types/registry/authenticate.go b/vendor/github.com/docker/docker/api/types/registry/authenticate.go index 42cac4430a62..f0a2113e405a 100644 --- a/vendor/github.com/docker/docker/api/types/registry/authenticate.go +++ b/vendor/github.com/docker/docker/api/types/registry/authenticate.go @@ -1,4 +1,4 @@ -package registry +package registry // import "github.com/docker/docker/api/types/registry" // ---------------------------------------------------------------------------- // DO NOT EDIT THIS FILE diff --git a/vendor/github.com/docker/docker/api/types/registry/registry.go b/vendor/github.com/docker/docker/api/types/registry/registry.go index b98a943a1323..8789ad3b3210 100644 --- a/vendor/github.com/docker/docker/api/types/registry/registry.go +++ b/vendor/github.com/docker/docker/api/types/registry/registry.go @@ -1,4 +1,4 @@ -package registry +package registry // import "github.com/docker/docker/api/types/registry" import ( "encoding/json" diff --git a/vendor/github.com/docker/docker/api/types/seccomp.go b/vendor/github.com/docker/docker/api/types/seccomp.go index 7d62c9a43f85..67a41e1a89e8 100644 --- a/vendor/github.com/docker/docker/api/types/seccomp.go +++ b/vendor/github.com/docker/docker/api/types/seccomp.go @@ -1,4 +1,4 @@ -package types +package types // import "github.com/docker/docker/api/types" // Seccomp represents the config for a seccomp profile for syscall restriction. type Seccomp struct { diff --git a/vendor/github.com/docker/docker/api/types/stats.go b/vendor/github.com/docker/docker/api/types/stats.go index 7ca76a5b6373..60175c061360 100644 --- a/vendor/github.com/docker/docker/api/types/stats.go +++ b/vendor/github.com/docker/docker/api/types/stats.go @@ -1,6 +1,6 @@ // Package types is used for API stability in the types and response to the // consumers of the API stats endpoint. -package types +package types // import "github.com/docker/docker/api/types" import "time" diff --git a/vendor/github.com/docker/docker/api/types/strslice/strslice.go b/vendor/github.com/docker/docker/api/types/strslice/strslice.go index bad493fb89fd..82921cebc150 100644 --- a/vendor/github.com/docker/docker/api/types/strslice/strslice.go +++ b/vendor/github.com/docker/docker/api/types/strslice/strslice.go @@ -1,4 +1,4 @@ -package strslice +package strslice // import "github.com/docker/docker/api/types/strslice" import "encoding/json" diff --git a/vendor/github.com/docker/docker/api/types/swarm/common.go b/vendor/github.com/docker/docker/api/types/swarm/common.go index 2834cf20224b..ef020f458bd4 100644 --- a/vendor/github.com/docker/docker/api/types/swarm/common.go +++ b/vendor/github.com/docker/docker/api/types/swarm/common.go @@ -1,4 +1,4 @@ -package swarm +package swarm // import "github.com/docker/docker/api/types/swarm" import "time" diff --git a/vendor/github.com/docker/docker/api/types/swarm/config.go b/vendor/github.com/docker/docker/api/types/swarm/config.go index 0fb021ce927e..c1fdf3b3e420 100644 --- a/vendor/github.com/docker/docker/api/types/swarm/config.go +++ b/vendor/github.com/docker/docker/api/types/swarm/config.go @@ -1,4 +1,4 @@ -package swarm +package swarm // import "github.com/docker/docker/api/types/swarm" import "os" diff --git a/vendor/github.com/docker/docker/api/types/swarm/container.go b/vendor/github.com/docker/docker/api/types/swarm/container.go index 734236c4b015..0041653c9d1a 100644 --- a/vendor/github.com/docker/docker/api/types/swarm/container.go +++ b/vendor/github.com/docker/docker/api/types/swarm/container.go @@ -1,4 +1,4 @@ -package swarm +package swarm // import "github.com/docker/docker/api/types/swarm" import ( "time" diff --git a/vendor/github.com/docker/docker/api/types/swarm/network.go b/vendor/github.com/docker/docker/api/types/swarm/network.go index 97c484e14c7e..fd9b1a52c2ee 100644 --- a/vendor/github.com/docker/docker/api/types/swarm/network.go +++ b/vendor/github.com/docker/docker/api/types/swarm/network.go @@ -1,4 +1,4 @@ -package swarm +package swarm // import "github.com/docker/docker/api/types/swarm" import ( "github.com/docker/docker/api/types/network" diff --git a/vendor/github.com/docker/docker/api/types/swarm/node.go b/vendor/github.com/docker/docker/api/types/swarm/node.go index 28c6851e9c26..1e30f5fa10dd 100644 --- a/vendor/github.com/docker/docker/api/types/swarm/node.go +++ b/vendor/github.com/docker/docker/api/types/swarm/node.go @@ -1,4 +1,4 @@ -package swarm +package swarm // import "github.com/docker/docker/api/types/swarm" // Node represents a node. type Node struct { diff --git a/vendor/github.com/docker/docker/api/types/swarm/runtime.go b/vendor/github.com/docker/docker/api/types/swarm/runtime.go index c4c731dc82a5..81b5f4cfd9f7 100644 --- a/vendor/github.com/docker/docker/api/types/swarm/runtime.go +++ b/vendor/github.com/docker/docker/api/types/swarm/runtime.go @@ -1,4 +1,4 @@ -package swarm +package swarm // import "github.com/docker/docker/api/types/swarm" // RuntimeType is the type of runtime used for the TaskSpec type RuntimeType string diff --git a/vendor/github.com/docker/docker/api/types/swarm/runtime/gen.go b/vendor/github.com/docker/docker/api/types/swarm/runtime/gen.go index 47ae234ef37f..98c2806c31dc 100644 --- a/vendor/github.com/docker/docker/api/types/swarm/runtime/gen.go +++ b/vendor/github.com/docker/docker/api/types/swarm/runtime/gen.go @@ -1,3 +1,3 @@ //go:generate protoc -I . --gogofast_out=import_path=github.com/docker/docker/api/types/swarm/runtime:. plugin.proto -package runtime +package runtime // import "github.com/docker/docker/api/types/swarm/runtime" diff --git a/vendor/github.com/docker/docker/api/types/swarm/secret.go b/vendor/github.com/docker/docker/api/types/swarm/secret.go index f9b1e9266965..cfba1141d8c8 100644 --- a/vendor/github.com/docker/docker/api/types/swarm/secret.go +++ b/vendor/github.com/docker/docker/api/types/swarm/secret.go @@ -1,4 +1,4 @@ -package swarm +package swarm // import "github.com/docker/docker/api/types/swarm" import "os" diff --git a/vendor/github.com/docker/docker/api/types/swarm/service.go b/vendor/github.com/docker/docker/api/types/swarm/service.go index fa31a7ec867a..abf192e75941 100644 --- a/vendor/github.com/docker/docker/api/types/swarm/service.go +++ b/vendor/github.com/docker/docker/api/types/swarm/service.go @@ -1,4 +1,4 @@ -package swarm +package swarm // import "github.com/docker/docker/api/types/swarm" import "time" diff --git a/vendor/github.com/docker/docker/api/types/swarm/swarm.go b/vendor/github.com/docker/docker/api/types/swarm/swarm.go index b65fa86dac8b..1b111d725b8f 100644 --- a/vendor/github.com/docker/docker/api/types/swarm/swarm.go +++ b/vendor/github.com/docker/docker/api/types/swarm/swarm.go @@ -1,4 +1,4 @@ -package swarm +package swarm // import "github.com/docker/docker/api/types/swarm" import "time" diff --git a/vendor/github.com/docker/docker/api/types/swarm/task.go b/vendor/github.com/docker/docker/api/types/swarm/task.go index ff11b07e74fb..5c2bc492e489 100644 --- a/vendor/github.com/docker/docker/api/types/swarm/task.go +++ b/vendor/github.com/docker/docker/api/types/swarm/task.go @@ -1,4 +1,4 @@ -package swarm +package swarm // import "github.com/docker/docker/api/types/swarm" import ( "time" @@ -36,6 +36,10 @@ const ( TaskStateFailed TaskState = "failed" // TaskStateRejected REJECTED TaskStateRejected TaskState = "rejected" + // TaskStateRemove REMOVE + TaskStateRemove TaskState = "remove" + // TaskStateOrphaned ORPHANED + TaskStateOrphaned TaskState = "orphaned" ) // Task represents a task. @@ -162,19 +166,19 @@ const ( // TaskStatus represents the status of a task. type TaskStatus struct { - Timestamp time.Time `json:",omitempty"` - State TaskState `json:",omitempty"` - Message string `json:",omitempty"` - Err string `json:",omitempty"` - ContainerStatus ContainerStatus `json:",omitempty"` - PortStatus PortStatus `json:",omitempty"` + Timestamp time.Time `json:",omitempty"` + State TaskState `json:",omitempty"` + Message string `json:",omitempty"` + Err string `json:",omitempty"` + ContainerStatus *ContainerStatus `json:",omitempty"` + PortStatus PortStatus `json:",omitempty"` } // ContainerStatus represents the status of a container. type ContainerStatus struct { - ContainerID string `json:",omitempty"` - PID int `json:",omitempty"` - ExitCode int `json:",omitempty"` + ContainerID string + PID int + ExitCode int } // PortStatus represents the port status of a task's host ports whose diff --git a/vendor/github.com/docker/docker/api/types/types.go b/vendor/github.com/docker/docker/api/types/types.go index 7814e6b934ae..729f4eb6c491 100644 --- a/vendor/github.com/docker/docker/api/types/types.go +++ b/vendor/github.com/docker/docker/api/types/types.go @@ -1,4 +1,4 @@ -package types +package types // import "github.com/docker/docker/api/types" import ( "errors" diff --git a/vendor/github.com/docker/docker/api/types/versions/compare.go b/vendor/github.com/docker/docker/api/types/versions/compare.go index 611d4fed66e5..8ccb0aa92ebe 100644 --- a/vendor/github.com/docker/docker/api/types/versions/compare.go +++ b/vendor/github.com/docker/docker/api/types/versions/compare.go @@ -1,4 +1,4 @@ -package versions +package versions // import "github.com/docker/docker/api/types/versions" import ( "strconv" diff --git a/vendor/github.com/docker/docker/opts/env.go b/vendor/github.com/docker/docker/opts/env.go index 4fbd470bcf8c..f6e5e9074d67 100644 --- a/vendor/github.com/docker/docker/opts/env.go +++ b/vendor/github.com/docker/docker/opts/env.go @@ -1,4 +1,4 @@ -package opts +package opts // import "github.com/docker/docker/opts" import ( "fmt" diff --git a/vendor/github.com/docker/docker/opts/hosts.go b/vendor/github.com/docker/docker/opts/hosts.go index f46b8ee711d0..2adf4211d571 100644 --- a/vendor/github.com/docker/docker/opts/hosts.go +++ b/vendor/github.com/docker/docker/opts/hosts.go @@ -1,4 +1,4 @@ -package opts +package opts // import "github.com/docker/docker/opts" import ( "fmt" diff --git a/vendor/github.com/docker/docker/opts/hosts_unix.go b/vendor/github.com/docker/docker/opts/hosts_unix.go index 611407a9d94b..9d5bb64565e5 100644 --- a/vendor/github.com/docker/docker/opts/hosts_unix.go +++ b/vendor/github.com/docker/docker/opts/hosts_unix.go @@ -1,6 +1,6 @@ // +build !windows -package opts +package opts // import "github.com/docker/docker/opts" import "fmt" diff --git a/vendor/github.com/docker/docker/opts/hosts_windows.go b/vendor/github.com/docker/docker/opts/hosts_windows.go index 684f0e128c25..906eba53ee2a 100644 --- a/vendor/github.com/docker/docker/opts/hosts_windows.go +++ b/vendor/github.com/docker/docker/opts/hosts_windows.go @@ -1,4 +1,4 @@ -package opts +package opts // import "github.com/docker/docker/opts" // DefaultHost constant defines the default host string used by docker on Windows var DefaultHost = "npipe://" + DefaultNamedPipe diff --git a/vendor/github.com/docker/docker/opts/ip.go b/vendor/github.com/docker/docker/opts/ip.go index 1095063977c6..cfbff3a9fd61 100644 --- a/vendor/github.com/docker/docker/opts/ip.go +++ b/vendor/github.com/docker/docker/opts/ip.go @@ -1,4 +1,4 @@ -package opts +package opts // import "github.com/docker/docker/opts" import ( "fmt" diff --git a/vendor/github.com/docker/docker/opts/opts.go b/vendor/github.com/docker/docker/opts/opts.go index a2cc5e33b1de..bfdcb996b0d9 100644 --- a/vendor/github.com/docker/docker/opts/opts.go +++ b/vendor/github.com/docker/docker/opts/opts.go @@ -1,4 +1,4 @@ -package opts +package opts // import "github.com/docker/docker/opts" import ( "fmt" diff --git a/vendor/github.com/docker/docker/opts/opts_unix.go b/vendor/github.com/docker/docker/opts/opts_unix.go index 2766a43a0886..0c32367cb22d 100644 --- a/vendor/github.com/docker/docker/opts/opts_unix.go +++ b/vendor/github.com/docker/docker/opts/opts_unix.go @@ -1,6 +1,6 @@ // +build !windows -package opts +package opts // import "github.com/docker/docker/opts" // DefaultHTTPHost Default HTTP Host used if only port is provided to -H flag e.g. dockerd -H tcp://:8080 const DefaultHTTPHost = "localhost" diff --git a/vendor/github.com/docker/docker/opts/opts_windows.go b/vendor/github.com/docker/docker/opts/opts_windows.go index 98b7251a9e46..0e1b6c6d18e8 100644 --- a/vendor/github.com/docker/docker/opts/opts_windows.go +++ b/vendor/github.com/docker/docker/opts/opts_windows.go @@ -1,4 +1,4 @@ -package opts +package opts // import "github.com/docker/docker/opts" // TODO Windows. Identify bug in GOLang 1.5.1+ and/or Windows Server 2016 TP5. // @jhowardmsft, @swernli. diff --git a/vendor/github.com/docker/docker/opts/quotedstring.go b/vendor/github.com/docker/docker/opts/quotedstring.go index 09c68a526149..6c889070e825 100644 --- a/vendor/github.com/docker/docker/opts/quotedstring.go +++ b/vendor/github.com/docker/docker/opts/quotedstring.go @@ -1,4 +1,4 @@ -package opts +package opts // import "github.com/docker/docker/opts" // QuotedString is a string that may have extra quotes around the value. The // quotes are stripped from the value. diff --git a/vendor/github.com/docker/docker/opts/runtime.go b/vendor/github.com/docker/docker/opts/runtime.go index 4361b3ce0949..4b9babf0a5c7 100644 --- a/vendor/github.com/docker/docker/opts/runtime.go +++ b/vendor/github.com/docker/docker/opts/runtime.go @@ -1,4 +1,4 @@ -package opts +package opts // import "github.com/docker/docker/opts" import ( "fmt" diff --git a/vendor/github.com/docker/docker/opts/ulimit.go b/vendor/github.com/docker/docker/opts/ulimit.go index a2a65fcd2186..0e2a36236c1b 100644 --- a/vendor/github.com/docker/docker/opts/ulimit.go +++ b/vendor/github.com/docker/docker/opts/ulimit.go @@ -1,4 +1,4 @@ -package opts +package opts // import "github.com/docker/docker/opts" import ( "fmt" diff --git a/vendor/github.com/docker/docker/pkg/archive/archive.go b/vendor/github.com/docker/docker/pkg/archive/archive.go index 5f7f562677bc..e8f50869d9b1 100644 --- a/vendor/github.com/docker/docker/pkg/archive/archive.go +++ b/vendor/github.com/docker/docker/pkg/archive/archive.go @@ -1,4 +1,4 @@ -package archive +package archive // import "github.com/docker/docker/pkg/archive" import ( "archive/tar" diff --git a/vendor/github.com/docker/docker/pkg/archive/archive_linux.go b/vendor/github.com/docker/docker/pkg/archive/archive_linux.go index 6e950e93cf3d..970d4d06800d 100644 --- a/vendor/github.com/docker/docker/pkg/archive/archive_linux.go +++ b/vendor/github.com/docker/docker/pkg/archive/archive_linux.go @@ -1,4 +1,4 @@ -package archive +package archive // import "github.com/docker/docker/pkg/archive" import ( "archive/tar" diff --git a/vendor/github.com/docker/docker/pkg/archive/archive_other.go b/vendor/github.com/docker/docker/pkg/archive/archive_other.go index 54acbf285667..462dfc632325 100644 --- a/vendor/github.com/docker/docker/pkg/archive/archive_other.go +++ b/vendor/github.com/docker/docker/pkg/archive/archive_other.go @@ -1,6 +1,6 @@ // +build !linux -package archive +package archive // import "github.com/docker/docker/pkg/archive" func getWhiteoutConverter(format WhiteoutFormat) tarWhiteoutConverter { return nil diff --git a/vendor/github.com/docker/docker/pkg/archive/archive_unix.go b/vendor/github.com/docker/docker/pkg/archive/archive_unix.go index 02e95adff5f9..e81076c17010 100644 --- a/vendor/github.com/docker/docker/pkg/archive/archive_unix.go +++ b/vendor/github.com/docker/docker/pkg/archive/archive_unix.go @@ -1,6 +1,6 @@ // +build !windows -package archive +package archive // import "github.com/docker/docker/pkg/archive" import ( "archive/tar" diff --git a/vendor/github.com/docker/docker/pkg/archive/archive_windows.go b/vendor/github.com/docker/docker/pkg/archive/archive_windows.go index 66243a64ab7d..e75bfc9b623f 100644 --- a/vendor/github.com/docker/docker/pkg/archive/archive_windows.go +++ b/vendor/github.com/docker/docker/pkg/archive/archive_windows.go @@ -1,4 +1,4 @@ -package archive +package archive // import "github.com/docker/docker/pkg/archive" import ( "archive/tar" diff --git a/vendor/github.com/docker/docker/pkg/archive/changes.go b/vendor/github.com/docker/docker/pkg/archive/changes.go index d78fe6ac65ef..43734db5b117 100644 --- a/vendor/github.com/docker/docker/pkg/archive/changes.go +++ b/vendor/github.com/docker/docker/pkg/archive/changes.go @@ -1,4 +1,4 @@ -package archive +package archive // import "github.com/docker/docker/pkg/archive" import ( "archive/tar" diff --git a/vendor/github.com/docker/docker/pkg/archive/changes_linux.go b/vendor/github.com/docker/docker/pkg/archive/changes_linux.go index e9eb478fe359..78a5393c8ea5 100644 --- a/vendor/github.com/docker/docker/pkg/archive/changes_linux.go +++ b/vendor/github.com/docker/docker/pkg/archive/changes_linux.go @@ -1,4 +1,4 @@ -package archive +package archive // import "github.com/docker/docker/pkg/archive" import ( "bytes" diff --git a/vendor/github.com/docker/docker/pkg/archive/changes_other.go b/vendor/github.com/docker/docker/pkg/archive/changes_other.go index da70ed37c45a..ba744741cd02 100644 --- a/vendor/github.com/docker/docker/pkg/archive/changes_other.go +++ b/vendor/github.com/docker/docker/pkg/archive/changes_other.go @@ -1,6 +1,6 @@ // +build !linux -package archive +package archive // import "github.com/docker/docker/pkg/archive" import ( "fmt" diff --git a/vendor/github.com/docker/docker/pkg/archive/changes_unix.go b/vendor/github.com/docker/docker/pkg/archive/changes_unix.go index 7aa1226d7f73..c06a209d8ed1 100644 --- a/vendor/github.com/docker/docker/pkg/archive/changes_unix.go +++ b/vendor/github.com/docker/docker/pkg/archive/changes_unix.go @@ -1,6 +1,6 @@ // +build !windows -package archive +package archive // import "github.com/docker/docker/pkg/archive" import ( "os" diff --git a/vendor/github.com/docker/docker/pkg/archive/changes_windows.go b/vendor/github.com/docker/docker/pkg/archive/changes_windows.go index 6fd353269be9..6555c01368c6 100644 --- a/vendor/github.com/docker/docker/pkg/archive/changes_windows.go +++ b/vendor/github.com/docker/docker/pkg/archive/changes_windows.go @@ -1,4 +1,4 @@ -package archive +package archive // import "github.com/docker/docker/pkg/archive" import ( "os" diff --git a/vendor/github.com/docker/docker/pkg/archive/copy.go b/vendor/github.com/docker/docker/pkg/archive/copy.go index d1e036d5c6af..d0f13ca79beb 100644 --- a/vendor/github.com/docker/docker/pkg/archive/copy.go +++ b/vendor/github.com/docker/docker/pkg/archive/copy.go @@ -1,4 +1,4 @@ -package archive +package archive // import "github.com/docker/docker/pkg/archive" import ( "archive/tar" diff --git a/vendor/github.com/docker/docker/pkg/archive/copy_unix.go b/vendor/github.com/docker/docker/pkg/archive/copy_unix.go index e305b5e4af91..3958364f5ba0 100644 --- a/vendor/github.com/docker/docker/pkg/archive/copy_unix.go +++ b/vendor/github.com/docker/docker/pkg/archive/copy_unix.go @@ -1,6 +1,6 @@ // +build !windows -package archive +package archive // import "github.com/docker/docker/pkg/archive" import ( "path/filepath" diff --git a/vendor/github.com/docker/docker/pkg/archive/copy_windows.go b/vendor/github.com/docker/docker/pkg/archive/copy_windows.go index 2b775b45c4f1..a878d1bac426 100644 --- a/vendor/github.com/docker/docker/pkg/archive/copy_windows.go +++ b/vendor/github.com/docker/docker/pkg/archive/copy_windows.go @@ -1,4 +1,4 @@ -package archive +package archive // import "github.com/docker/docker/pkg/archive" import ( "path/filepath" diff --git a/vendor/github.com/docker/docker/pkg/archive/diff.go b/vendor/github.com/docker/docker/pkg/archive/diff.go index 019facd38383..d0cff98ffc24 100644 --- a/vendor/github.com/docker/docker/pkg/archive/diff.go +++ b/vendor/github.com/docker/docker/pkg/archive/diff.go @@ -1,4 +1,4 @@ -package archive +package archive // import "github.com/docker/docker/pkg/archive" import ( "archive/tar" diff --git a/vendor/github.com/docker/docker/pkg/archive/time_linux.go b/vendor/github.com/docker/docker/pkg/archive/time_linux.go index 3448569b1ebb..58aefe3efb32 100644 --- a/vendor/github.com/docker/docker/pkg/archive/time_linux.go +++ b/vendor/github.com/docker/docker/pkg/archive/time_linux.go @@ -1,4 +1,4 @@ -package archive +package archive // import "github.com/docker/docker/pkg/archive" import ( "syscall" diff --git a/vendor/github.com/docker/docker/pkg/archive/time_unsupported.go b/vendor/github.com/docker/docker/pkg/archive/time_unsupported.go index e85aac054080..f58bf227fd33 100644 --- a/vendor/github.com/docker/docker/pkg/archive/time_unsupported.go +++ b/vendor/github.com/docker/docker/pkg/archive/time_unsupported.go @@ -1,6 +1,6 @@ // +build !linux -package archive +package archive // import "github.com/docker/docker/pkg/archive" import ( "syscall" diff --git a/vendor/github.com/docker/docker/pkg/archive/whiteouts.go b/vendor/github.com/docker/docker/pkg/archive/whiteouts.go index d20478a10dc1..4c072a87ee53 100644 --- a/vendor/github.com/docker/docker/pkg/archive/whiteouts.go +++ b/vendor/github.com/docker/docker/pkg/archive/whiteouts.go @@ -1,4 +1,4 @@ -package archive +package archive // import "github.com/docker/docker/pkg/archive" // Whiteouts are files with a special meaning for the layered filesystem. // Docker uses AUFS whiteout files inside exported archives. In other diff --git a/vendor/github.com/docker/docker/pkg/archive/wrap.go b/vendor/github.com/docker/docker/pkg/archive/wrap.go index b39d12c87800..85435694cff7 100644 --- a/vendor/github.com/docker/docker/pkg/archive/wrap.go +++ b/vendor/github.com/docker/docker/pkg/archive/wrap.go @@ -1,4 +1,4 @@ -package archive +package archive // import "github.com/docker/docker/pkg/archive" import ( "archive/tar" diff --git a/vendor/github.com/docker/docker/pkg/fileutils/fileutils.go b/vendor/github.com/docker/docker/pkg/fileutils/fileutils.go index a129e654ea26..88e0f2834b33 100644 --- a/vendor/github.com/docker/docker/pkg/fileutils/fileutils.go +++ b/vendor/github.com/docker/docker/pkg/fileutils/fileutils.go @@ -1,4 +1,4 @@ -package fileutils +package fileutils // import "github.com/docker/docker/pkg/fileutils" import ( "errors" diff --git a/vendor/github.com/docker/docker/pkg/fileutils/fileutils_darwin.go b/vendor/github.com/docker/docker/pkg/fileutils/fileutils_darwin.go index ccd648fac300..e40cc271b3bf 100644 --- a/vendor/github.com/docker/docker/pkg/fileutils/fileutils_darwin.go +++ b/vendor/github.com/docker/docker/pkg/fileutils/fileutils_darwin.go @@ -1,4 +1,4 @@ -package fileutils +package fileutils // import "github.com/docker/docker/pkg/fileutils" import ( "os" diff --git a/vendor/github.com/docker/docker/pkg/fileutils/fileutils_unix.go b/vendor/github.com/docker/docker/pkg/fileutils/fileutils_unix.go index 9e0e97bd64ac..565396f1c7f4 100644 --- a/vendor/github.com/docker/docker/pkg/fileutils/fileutils_unix.go +++ b/vendor/github.com/docker/docker/pkg/fileutils/fileutils_unix.go @@ -1,6 +1,6 @@ // +build linux freebsd -package fileutils +package fileutils // import "github.com/docker/docker/pkg/fileutils" import ( "fmt" diff --git a/vendor/github.com/docker/docker/pkg/fileutils/fileutils_windows.go b/vendor/github.com/docker/docker/pkg/fileutils/fileutils_windows.go index 5ec21cace526..3f1ebb65678e 100644 --- a/vendor/github.com/docker/docker/pkg/fileutils/fileutils_windows.go +++ b/vendor/github.com/docker/docker/pkg/fileutils/fileutils_windows.go @@ -1,4 +1,4 @@ -package fileutils +package fileutils // import "github.com/docker/docker/pkg/fileutils" // GetTotalUsedFds Returns the number of used File Descriptors. Not supported // on Windows. diff --git a/vendor/github.com/docker/docker/pkg/homedir/homedir_linux.go b/vendor/github.com/docker/docker/pkg/homedir/homedir_linux.go index a7cd2e103964..ee15ed52b164 100644 --- a/vendor/github.com/docker/docker/pkg/homedir/homedir_linux.go +++ b/vendor/github.com/docker/docker/pkg/homedir/homedir_linux.go @@ -1,4 +1,4 @@ -package homedir +package homedir // import "github.com/docker/docker/pkg/homedir" import ( "os" diff --git a/vendor/github.com/docker/docker/pkg/homedir/homedir_others.go b/vendor/github.com/docker/docker/pkg/homedir/homedir_others.go index 6b96b856f67b..75ada2fe5460 100644 --- a/vendor/github.com/docker/docker/pkg/homedir/homedir_others.go +++ b/vendor/github.com/docker/docker/pkg/homedir/homedir_others.go @@ -1,6 +1,6 @@ // +build !linux -package homedir +package homedir // import "github.com/docker/docker/pkg/homedir" import ( "errors" diff --git a/vendor/github.com/docker/docker/pkg/homedir/homedir_unix.go b/vendor/github.com/docker/docker/pkg/homedir/homedir_unix.go index f2a20ea8f828..d85e12448840 100644 --- a/vendor/github.com/docker/docker/pkg/homedir/homedir_unix.go +++ b/vendor/github.com/docker/docker/pkg/homedir/homedir_unix.go @@ -1,6 +1,6 @@ // +build !windows -package homedir +package homedir // import "github.com/docker/docker/pkg/homedir" import ( "os" diff --git a/vendor/github.com/docker/docker/pkg/homedir/homedir_windows.go b/vendor/github.com/docker/docker/pkg/homedir/homedir_windows.go index fafdb2bbf932..2f81813b2879 100644 --- a/vendor/github.com/docker/docker/pkg/homedir/homedir_windows.go +++ b/vendor/github.com/docker/docker/pkg/homedir/homedir_windows.go @@ -1,4 +1,4 @@ -package homedir +package homedir // import "github.com/docker/docker/pkg/homedir" import ( "os" diff --git a/vendor/github.com/docker/docker/pkg/idtools/idtools.go b/vendor/github.com/docker/docker/pkg/idtools/idtools.go index 6108ae3f437a..e2b493158cb1 100644 --- a/vendor/github.com/docker/docker/pkg/idtools/idtools.go +++ b/vendor/github.com/docker/docker/pkg/idtools/idtools.go @@ -1,4 +1,4 @@ -package idtools +package idtools // import "github.com/docker/docker/pkg/idtools" import ( "bufio" diff --git a/vendor/github.com/docker/docker/pkg/idtools/idtools_unix.go b/vendor/github.com/docker/docker/pkg/idtools/idtools_unix.go index aedf8ad343f6..1d87ea3bcb40 100644 --- a/vendor/github.com/docker/docker/pkg/idtools/idtools_unix.go +++ b/vendor/github.com/docker/docker/pkg/idtools/idtools_unix.go @@ -1,6 +1,6 @@ // +build !windows -package idtools +package idtools // import "github.com/docker/docker/pkg/idtools" import ( "bytes" diff --git a/vendor/github.com/docker/docker/pkg/idtools/idtools_windows.go b/vendor/github.com/docker/docker/pkg/idtools/idtools_windows.go index ec491777029f..d72cc28929c5 100644 --- a/vendor/github.com/docker/docker/pkg/idtools/idtools_windows.go +++ b/vendor/github.com/docker/docker/pkg/idtools/idtools_windows.go @@ -1,4 +1,4 @@ -package idtools +package idtools // import "github.com/docker/docker/pkg/idtools" import ( "os" diff --git a/vendor/github.com/docker/docker/pkg/idtools/usergroupadd_linux.go b/vendor/github.com/docker/docker/pkg/idtools/usergroupadd_linux.go index 9da7975e2c17..6272c5a40471 100644 --- a/vendor/github.com/docker/docker/pkg/idtools/usergroupadd_linux.go +++ b/vendor/github.com/docker/docker/pkg/idtools/usergroupadd_linux.go @@ -1,4 +1,4 @@ -package idtools +package idtools // import "github.com/docker/docker/pkg/idtools" import ( "fmt" diff --git a/vendor/github.com/docker/docker/pkg/idtools/usergroupadd_unsupported.go b/vendor/github.com/docker/docker/pkg/idtools/usergroupadd_unsupported.go index d98b354cbd82..e7c4d63118c3 100644 --- a/vendor/github.com/docker/docker/pkg/idtools/usergroupadd_unsupported.go +++ b/vendor/github.com/docker/docker/pkg/idtools/usergroupadd_unsupported.go @@ -1,6 +1,6 @@ // +build !linux -package idtools +package idtools // import "github.com/docker/docker/pkg/idtools" import "fmt" diff --git a/vendor/github.com/docker/docker/pkg/idtools/utils_unix.go b/vendor/github.com/docker/docker/pkg/idtools/utils_unix.go index 9703ecbd9d6a..903ac4501b4b 100644 --- a/vendor/github.com/docker/docker/pkg/idtools/utils_unix.go +++ b/vendor/github.com/docker/docker/pkg/idtools/utils_unix.go @@ -1,6 +1,6 @@ // +build !windows -package idtools +package idtools // import "github.com/docker/docker/pkg/idtools" import ( "fmt" diff --git a/vendor/github.com/docker/docker/pkg/ioutils/buffer.go b/vendor/github.com/docker/docker/pkg/ioutils/buffer.go index 3d737b3e19dc..466f79294b8d 100644 --- a/vendor/github.com/docker/docker/pkg/ioutils/buffer.go +++ b/vendor/github.com/docker/docker/pkg/ioutils/buffer.go @@ -1,4 +1,4 @@ -package ioutils +package ioutils // import "github.com/docker/docker/pkg/ioutils" import ( "errors" diff --git a/vendor/github.com/docker/docker/pkg/ioutils/bytespipe.go b/vendor/github.com/docker/docker/pkg/ioutils/bytespipe.go index 72a04f34919b..d4bbf3c9dcaf 100644 --- a/vendor/github.com/docker/docker/pkg/ioutils/bytespipe.go +++ b/vendor/github.com/docker/docker/pkg/ioutils/bytespipe.go @@ -1,4 +1,4 @@ -package ioutils +package ioutils // import "github.com/docker/docker/pkg/ioutils" import ( "errors" diff --git a/vendor/github.com/docker/docker/pkg/ioutils/fswriters.go b/vendor/github.com/docker/docker/pkg/ioutils/fswriters.go index a56c4626515e..534d66ac268a 100644 --- a/vendor/github.com/docker/docker/pkg/ioutils/fswriters.go +++ b/vendor/github.com/docker/docker/pkg/ioutils/fswriters.go @@ -1,4 +1,4 @@ -package ioutils +package ioutils // import "github.com/docker/docker/pkg/ioutils" import ( "io" diff --git a/vendor/github.com/docker/docker/pkg/ioutils/readers.go b/vendor/github.com/docker/docker/pkg/ioutils/readers.go index 168fa1d2d026..72f7f2319f38 100644 --- a/vendor/github.com/docker/docker/pkg/ioutils/readers.go +++ b/vendor/github.com/docker/docker/pkg/ioutils/readers.go @@ -1,4 +1,4 @@ -package ioutils +package ioutils // import "github.com/docker/docker/pkg/ioutils" import ( "crypto/sha256" diff --git a/vendor/github.com/docker/docker/pkg/ioutils/temp_unix.go b/vendor/github.com/docker/docker/pkg/ioutils/temp_unix.go index 1539ad21b57a..dc894f91314e 100644 --- a/vendor/github.com/docker/docker/pkg/ioutils/temp_unix.go +++ b/vendor/github.com/docker/docker/pkg/ioutils/temp_unix.go @@ -1,6 +1,6 @@ // +build !windows -package ioutils +package ioutils // import "github.com/docker/docker/pkg/ioutils" import "io/ioutil" diff --git a/vendor/github.com/docker/docker/pkg/ioutils/temp_windows.go b/vendor/github.com/docker/docker/pkg/ioutils/temp_windows.go index fb14c9548905..ecaba2e36d26 100644 --- a/vendor/github.com/docker/docker/pkg/ioutils/temp_windows.go +++ b/vendor/github.com/docker/docker/pkg/ioutils/temp_windows.go @@ -1,4 +1,4 @@ -package ioutils +package ioutils // import "github.com/docker/docker/pkg/ioutils" import ( "io/ioutil" diff --git a/vendor/github.com/docker/docker/pkg/ioutils/writeflusher.go b/vendor/github.com/docker/docker/pkg/ioutils/writeflusher.go index 52a4901adebf..91b8d182662f 100644 --- a/vendor/github.com/docker/docker/pkg/ioutils/writeflusher.go +++ b/vendor/github.com/docker/docker/pkg/ioutils/writeflusher.go @@ -1,4 +1,4 @@ -package ioutils +package ioutils // import "github.com/docker/docker/pkg/ioutils" import ( "io" diff --git a/vendor/github.com/docker/docker/pkg/ioutils/writers.go b/vendor/github.com/docker/docker/pkg/ioutils/writers.go index ccc7f9c23e0f..61c679497dab 100644 --- a/vendor/github.com/docker/docker/pkg/ioutils/writers.go +++ b/vendor/github.com/docker/docker/pkg/ioutils/writers.go @@ -1,4 +1,4 @@ -package ioutils +package ioutils // import "github.com/docker/docker/pkg/ioutils" import "io" diff --git a/vendor/github.com/docker/docker/pkg/jsonmessage/jsonmessage.go b/vendor/github.com/docker/docker/pkg/jsonmessage/jsonmessage.go index 6cfa464830c2..368f128949d0 100644 --- a/vendor/github.com/docker/docker/pkg/jsonmessage/jsonmessage.go +++ b/vendor/github.com/docker/docker/pkg/jsonmessage/jsonmessage.go @@ -1,4 +1,4 @@ -package jsonmessage +package jsonmessage // import "github.com/docker/docker/pkg/jsonmessage" import ( "encoding/json" diff --git a/vendor/github.com/docker/docker/pkg/longpath/longpath.go b/vendor/github.com/docker/docker/pkg/longpath/longpath.go index 9b15bfff4c9a..4177affba242 100644 --- a/vendor/github.com/docker/docker/pkg/longpath/longpath.go +++ b/vendor/github.com/docker/docker/pkg/longpath/longpath.go @@ -2,7 +2,7 @@ // in Windows, which are expected to be prepended with `\\?\` and followed by either // a drive letter, a UNC server\share, or a volume identifier. -package longpath +package longpath // import "github.com/docker/docker/pkg/longpath" import ( "strings" diff --git a/vendor/github.com/docker/docker/pkg/mount/flags.go b/vendor/github.com/docker/docker/pkg/mount/flags.go index 607dbed43a0a..272363b68540 100644 --- a/vendor/github.com/docker/docker/pkg/mount/flags.go +++ b/vendor/github.com/docker/docker/pkg/mount/flags.go @@ -1,4 +1,4 @@ -package mount +package mount // import "github.com/docker/docker/pkg/mount" import ( "fmt" diff --git a/vendor/github.com/docker/docker/pkg/mount/flags_freebsd.go b/vendor/github.com/docker/docker/pkg/mount/flags_freebsd.go index 5f76f331b63d..ef35ef90591a 100644 --- a/vendor/github.com/docker/docker/pkg/mount/flags_freebsd.go +++ b/vendor/github.com/docker/docker/pkg/mount/flags_freebsd.go @@ -1,6 +1,6 @@ // +build freebsd,cgo -package mount +package mount // import "github.com/docker/docker/pkg/mount" /* #include diff --git a/vendor/github.com/docker/docker/pkg/mount/flags_linux.go b/vendor/github.com/docker/docker/pkg/mount/flags_linux.go index 0425d0dd633c..a1b199a31ac6 100644 --- a/vendor/github.com/docker/docker/pkg/mount/flags_linux.go +++ b/vendor/github.com/docker/docker/pkg/mount/flags_linux.go @@ -1,4 +1,4 @@ -package mount +package mount // import "github.com/docker/docker/pkg/mount" import ( "golang.org/x/sys/unix" diff --git a/vendor/github.com/docker/docker/pkg/mount/flags_unsupported.go b/vendor/github.com/docker/docker/pkg/mount/flags_unsupported.go index 43d5e339f0e4..cc6c4759083a 100644 --- a/vendor/github.com/docker/docker/pkg/mount/flags_unsupported.go +++ b/vendor/github.com/docker/docker/pkg/mount/flags_unsupported.go @@ -1,6 +1,6 @@ // +build !linux,!freebsd freebsd,!cgo -package mount +package mount // import "github.com/docker/docker/pkg/mount" // These flags are unsupported. const ( diff --git a/vendor/github.com/docker/docker/pkg/mount/mount.go b/vendor/github.com/docker/docker/pkg/mount/mount.go index 0d02a575f6a7..8ff4925d73d4 100644 --- a/vendor/github.com/docker/docker/pkg/mount/mount.go +++ b/vendor/github.com/docker/docker/pkg/mount/mount.go @@ -1,4 +1,4 @@ -package mount +package mount // import "github.com/docker/docker/pkg/mount" import ( "sort" diff --git a/vendor/github.com/docker/docker/pkg/mount/mounter_freebsd.go b/vendor/github.com/docker/docker/pkg/mount/mounter_freebsd.go index 814896cc9e6b..b6ab83a23079 100644 --- a/vendor/github.com/docker/docker/pkg/mount/mounter_freebsd.go +++ b/vendor/github.com/docker/docker/pkg/mount/mounter_freebsd.go @@ -1,4 +1,4 @@ -package mount +package mount // import "github.com/docker/docker/pkg/mount" /* #include diff --git a/vendor/github.com/docker/docker/pkg/mount/mounter_linux.go b/vendor/github.com/docker/docker/pkg/mount/mounter_linux.go index 39c36d472a93..631daf10a5ab 100644 --- a/vendor/github.com/docker/docker/pkg/mount/mounter_linux.go +++ b/vendor/github.com/docker/docker/pkg/mount/mounter_linux.go @@ -1,4 +1,4 @@ -package mount +package mount // import "github.com/docker/docker/pkg/mount" import ( "golang.org/x/sys/unix" diff --git a/vendor/github.com/docker/docker/pkg/mount/mounter_unsupported.go b/vendor/github.com/docker/docker/pkg/mount/mounter_unsupported.go index eb93365eb743..1428dffa5296 100644 --- a/vendor/github.com/docker/docker/pkg/mount/mounter_unsupported.go +++ b/vendor/github.com/docker/docker/pkg/mount/mounter_unsupported.go @@ -1,6 +1,6 @@ // +build !linux,!freebsd freebsd,!cgo -package mount +package mount // import "github.com/docker/docker/pkg/mount" func mount(device, target, mType string, flag uintptr, data string) error { panic("Not implemented") diff --git a/vendor/github.com/docker/docker/pkg/mount/mountinfo.go b/vendor/github.com/docker/docker/pkg/mount/mountinfo.go index ff4cc1d86b6d..05803938af08 100644 --- a/vendor/github.com/docker/docker/pkg/mount/mountinfo.go +++ b/vendor/github.com/docker/docker/pkg/mount/mountinfo.go @@ -1,4 +1,4 @@ -package mount +package mount // import "github.com/docker/docker/pkg/mount" // Info reveals information about a particular mounted filesystem. This // struct is populated from the content in the /proc//mountinfo file. diff --git a/vendor/github.com/docker/docker/pkg/mount/mountinfo_freebsd.go b/vendor/github.com/docker/docker/pkg/mount/mountinfo_freebsd.go index 4f32edcd906a..b86f4a97f6f1 100644 --- a/vendor/github.com/docker/docker/pkg/mount/mountinfo_freebsd.go +++ b/vendor/github.com/docker/docker/pkg/mount/mountinfo_freebsd.go @@ -1,4 +1,4 @@ -package mount +package mount // import "github.com/docker/docker/pkg/mount" /* #include diff --git a/vendor/github.com/docker/docker/pkg/mount/mountinfo_linux.go b/vendor/github.com/docker/docker/pkg/mount/mountinfo_linux.go index dde889e7bf02..4afa8d538daf 100644 --- a/vendor/github.com/docker/docker/pkg/mount/mountinfo_linux.go +++ b/vendor/github.com/docker/docker/pkg/mount/mountinfo_linux.go @@ -1,4 +1,4 @@ -package mount +package mount // import "github.com/docker/docker/pkg/mount" import ( "bufio" diff --git a/vendor/github.com/docker/docker/pkg/mount/mountinfo_unsupported.go b/vendor/github.com/docker/docker/pkg/mount/mountinfo_unsupported.go index b8d9aa5c732c..2ecc8baed894 100644 --- a/vendor/github.com/docker/docker/pkg/mount/mountinfo_unsupported.go +++ b/vendor/github.com/docker/docker/pkg/mount/mountinfo_unsupported.go @@ -1,6 +1,6 @@ // +build !windows,!linux,!freebsd freebsd,!cgo -package mount +package mount // import "github.com/docker/docker/pkg/mount" import ( "fmt" diff --git a/vendor/github.com/docker/docker/pkg/mount/mountinfo_windows.go b/vendor/github.com/docker/docker/pkg/mount/mountinfo_windows.go index dab8a37ed01d..7ecba7c13ae3 100644 --- a/vendor/github.com/docker/docker/pkg/mount/mountinfo_windows.go +++ b/vendor/github.com/docker/docker/pkg/mount/mountinfo_windows.go @@ -1,4 +1,4 @@ -package mount +package mount // import "github.com/docker/docker/pkg/mount" func parseMountTable() ([]*Info, error) { // Do NOT return an error! diff --git a/vendor/github.com/docker/docker/pkg/mount/sharedsubtree_linux.go b/vendor/github.com/docker/docker/pkg/mount/sharedsubtree_linux.go index f3c13e5a16ce..538f6637a043 100644 --- a/vendor/github.com/docker/docker/pkg/mount/sharedsubtree_linux.go +++ b/vendor/github.com/docker/docker/pkg/mount/sharedsubtree_linux.go @@ -1,4 +1,4 @@ -package mount +package mount // import "github.com/docker/docker/pkg/mount" // MakeShared ensures a mounted filesystem has the SHARED mount option enabled. // See the supported options in flags.go for further reference. diff --git a/vendor/github.com/docker/docker/pkg/pools/pools.go b/vendor/github.com/docker/docker/pkg/pools/pools.go index 6a111a3ba7cd..46339c282f11 100644 --- a/vendor/github.com/docker/docker/pkg/pools/pools.go +++ b/vendor/github.com/docker/docker/pkg/pools/pools.go @@ -7,7 +7,7 @@ // // Utility functions which operate on pools should be added to this // package to allow them to be reused. -package pools +package pools // import "github.com/docker/docker/pkg/pools" import ( "bufio" diff --git a/vendor/github.com/docker/docker/pkg/stdcopy/stdcopy.go b/vendor/github.com/docker/docker/pkg/stdcopy/stdcopy.go index a018a203f386..3b1e18736db0 100644 --- a/vendor/github.com/docker/docker/pkg/stdcopy/stdcopy.go +++ b/vendor/github.com/docker/docker/pkg/stdcopy/stdcopy.go @@ -1,4 +1,4 @@ -package stdcopy +package stdcopy // import "github.com/docker/docker/pkg/stdcopy" import ( "bytes" diff --git a/vendor/github.com/docker/docker/pkg/system/chtimes.go b/vendor/github.com/docker/docker/pkg/system/chtimes.go index 18378f1cae4b..c26a4e24b66d 100644 --- a/vendor/github.com/docker/docker/pkg/system/chtimes.go +++ b/vendor/github.com/docker/docker/pkg/system/chtimes.go @@ -1,4 +1,4 @@ -package system +package system // import "github.com/docker/docker/pkg/system" import ( "os" diff --git a/vendor/github.com/docker/docker/pkg/system/chtimes_unix.go b/vendor/github.com/docker/docker/pkg/system/chtimes_unix.go index 09d58bcbfdd4..259138a45b52 100644 --- a/vendor/github.com/docker/docker/pkg/system/chtimes_unix.go +++ b/vendor/github.com/docker/docker/pkg/system/chtimes_unix.go @@ -1,6 +1,6 @@ // +build !windows -package system +package system // import "github.com/docker/docker/pkg/system" import ( "time" diff --git a/vendor/github.com/docker/docker/pkg/system/chtimes_windows.go b/vendor/github.com/docker/docker/pkg/system/chtimes_windows.go index a1f4fd53bc88..d3a115ff42b8 100644 --- a/vendor/github.com/docker/docker/pkg/system/chtimes_windows.go +++ b/vendor/github.com/docker/docker/pkg/system/chtimes_windows.go @@ -1,4 +1,4 @@ -package system +package system // import "github.com/docker/docker/pkg/system" import ( "time" diff --git a/vendor/github.com/docker/docker/pkg/system/errors.go b/vendor/github.com/docker/docker/pkg/system/errors.go index 1b5bc2c0376d..2573d7162221 100644 --- a/vendor/github.com/docker/docker/pkg/system/errors.go +++ b/vendor/github.com/docker/docker/pkg/system/errors.go @@ -1,4 +1,4 @@ -package system +package system // import "github.com/docker/docker/pkg/system" import ( "errors" diff --git a/vendor/github.com/docker/docker/pkg/system/exitcode.go b/vendor/github.com/docker/docker/pkg/system/exitcode.go index a5e5616c4f59..4ba8fe35bfd9 100644 --- a/vendor/github.com/docker/docker/pkg/system/exitcode.go +++ b/vendor/github.com/docker/docker/pkg/system/exitcode.go @@ -1,4 +1,4 @@ -package system +package system // import "github.com/docker/docker/pkg/system" import ( "fmt" diff --git a/vendor/github.com/docker/docker/pkg/system/filesys.go b/vendor/github.com/docker/docker/pkg/system/filesys.go index 102565f7601a..adeb16305204 100644 --- a/vendor/github.com/docker/docker/pkg/system/filesys.go +++ b/vendor/github.com/docker/docker/pkg/system/filesys.go @@ -1,6 +1,6 @@ // +build !windows -package system +package system // import "github.com/docker/docker/pkg/system" import ( "io/ioutil" diff --git a/vendor/github.com/docker/docker/pkg/system/filesys_windows.go b/vendor/github.com/docker/docker/pkg/system/filesys_windows.go index b1e46d9e857c..a1f6013f1397 100644 --- a/vendor/github.com/docker/docker/pkg/system/filesys_windows.go +++ b/vendor/github.com/docker/docker/pkg/system/filesys_windows.go @@ -1,4 +1,4 @@ -package system +package system // import "github.com/docker/docker/pkg/system" import ( "os" diff --git a/vendor/github.com/docker/docker/pkg/system/init.go b/vendor/github.com/docker/docker/pkg/system/init.go index 17935088dedf..a17597aaba23 100644 --- a/vendor/github.com/docker/docker/pkg/system/init.go +++ b/vendor/github.com/docker/docker/pkg/system/init.go @@ -1,4 +1,4 @@ -package system +package system // import "github.com/docker/docker/pkg/system" import ( "syscall" diff --git a/vendor/github.com/docker/docker/pkg/system/init_unix.go b/vendor/github.com/docker/docker/pkg/system/init_unix.go index a219895e6d71..4996a67c12e5 100644 --- a/vendor/github.com/docker/docker/pkg/system/init_unix.go +++ b/vendor/github.com/docker/docker/pkg/system/init_unix.go @@ -1,6 +1,6 @@ // +build !windows -package system +package system // import "github.com/docker/docker/pkg/system" // InitLCOW does nothing since LCOW is a windows only feature func InitLCOW(experimental bool) { diff --git a/vendor/github.com/docker/docker/pkg/system/init_windows.go b/vendor/github.com/docker/docker/pkg/system/init_windows.go index 9487947368c6..4910ff69d666 100644 --- a/vendor/github.com/docker/docker/pkg/system/init_windows.go +++ b/vendor/github.com/docker/docker/pkg/system/init_windows.go @@ -1,4 +1,4 @@ -package system +package system // import "github.com/docker/docker/pkg/system" // lcowSupported determines if Linux Containers on Windows are supported. var lcowSupported = false diff --git a/vendor/github.com/docker/docker/pkg/system/lcow.go b/vendor/github.com/docker/docker/pkg/system/lcow.go index 95958b2c8441..5c3fbfe6f4a7 100644 --- a/vendor/github.com/docker/docker/pkg/system/lcow.go +++ b/vendor/github.com/docker/docker/pkg/system/lcow.go @@ -1,4 +1,4 @@ -package system +package system // import "github.com/docker/docker/pkg/system" import ( "fmt" diff --git a/vendor/github.com/docker/docker/pkg/system/lcow_unix.go b/vendor/github.com/docker/docker/pkg/system/lcow_unix.go index cff33bb40856..26397fb8a176 100644 --- a/vendor/github.com/docker/docker/pkg/system/lcow_unix.go +++ b/vendor/github.com/docker/docker/pkg/system/lcow_unix.go @@ -1,6 +1,6 @@ // +build !windows -package system +package system // import "github.com/docker/docker/pkg/system" // LCOWSupported returns true if Linux containers on Windows are supported. func LCOWSupported() bool { diff --git a/vendor/github.com/docker/docker/pkg/system/lcow_windows.go b/vendor/github.com/docker/docker/pkg/system/lcow_windows.go index e54d01e696b5..f0139df8f7e0 100644 --- a/vendor/github.com/docker/docker/pkg/system/lcow_windows.go +++ b/vendor/github.com/docker/docker/pkg/system/lcow_windows.go @@ -1,4 +1,4 @@ -package system +package system // import "github.com/docker/docker/pkg/system" // LCOWSupported returns true if Linux containers on Windows are supported. func LCOWSupported() bool { diff --git a/vendor/github.com/docker/docker/pkg/system/lstat_unix.go b/vendor/github.com/docker/docker/pkg/system/lstat_unix.go index bd23c4d50b21..7477995f1bfd 100644 --- a/vendor/github.com/docker/docker/pkg/system/lstat_unix.go +++ b/vendor/github.com/docker/docker/pkg/system/lstat_unix.go @@ -1,6 +1,6 @@ // +build !windows -package system +package system // import "github.com/docker/docker/pkg/system" import ( "syscall" diff --git a/vendor/github.com/docker/docker/pkg/system/lstat_windows.go b/vendor/github.com/docker/docker/pkg/system/lstat_windows.go index e51df0dafeb1..359c791d9b62 100644 --- a/vendor/github.com/docker/docker/pkg/system/lstat_windows.go +++ b/vendor/github.com/docker/docker/pkg/system/lstat_windows.go @@ -1,4 +1,4 @@ -package system +package system // import "github.com/docker/docker/pkg/system" import "os" diff --git a/vendor/github.com/docker/docker/pkg/system/meminfo.go b/vendor/github.com/docker/docker/pkg/system/meminfo.go index 3b6e947e6753..6667eb84dcbf 100644 --- a/vendor/github.com/docker/docker/pkg/system/meminfo.go +++ b/vendor/github.com/docker/docker/pkg/system/meminfo.go @@ -1,4 +1,4 @@ -package system +package system // import "github.com/docker/docker/pkg/system" // MemInfo contains memory statistics of the host system. type MemInfo struct { diff --git a/vendor/github.com/docker/docker/pkg/system/meminfo_linux.go b/vendor/github.com/docker/docker/pkg/system/meminfo_linux.go index 385f1d5e735a..d79e8b076535 100644 --- a/vendor/github.com/docker/docker/pkg/system/meminfo_linux.go +++ b/vendor/github.com/docker/docker/pkg/system/meminfo_linux.go @@ -1,4 +1,4 @@ -package system +package system // import "github.com/docker/docker/pkg/system" import ( "bufio" diff --git a/vendor/github.com/docker/docker/pkg/system/meminfo_unsupported.go b/vendor/github.com/docker/docker/pkg/system/meminfo_unsupported.go index 82ddd30c1b06..56f449426804 100644 --- a/vendor/github.com/docker/docker/pkg/system/meminfo_unsupported.go +++ b/vendor/github.com/docker/docker/pkg/system/meminfo_unsupported.go @@ -1,6 +1,6 @@ // +build !linux,!windows -package system +package system // import "github.com/docker/docker/pkg/system" // ReadMemInfo is not supported on platforms other than linux and windows. func ReadMemInfo() (*MemInfo, error) { diff --git a/vendor/github.com/docker/docker/pkg/system/meminfo_windows.go b/vendor/github.com/docker/docker/pkg/system/meminfo_windows.go index 883944a4c536..6ed93f2fe268 100644 --- a/vendor/github.com/docker/docker/pkg/system/meminfo_windows.go +++ b/vendor/github.com/docker/docker/pkg/system/meminfo_windows.go @@ -1,4 +1,4 @@ -package system +package system // import "github.com/docker/docker/pkg/system" import ( "unsafe" diff --git a/vendor/github.com/docker/docker/pkg/system/mknod.go b/vendor/github.com/docker/docker/pkg/system/mknod.go index 2200ec42da07..b132482e0381 100644 --- a/vendor/github.com/docker/docker/pkg/system/mknod.go +++ b/vendor/github.com/docker/docker/pkg/system/mknod.go @@ -1,6 +1,6 @@ // +build !windows -package system +package system // import "github.com/docker/docker/pkg/system" import ( "golang.org/x/sys/unix" diff --git a/vendor/github.com/docker/docker/pkg/system/mknod_windows.go b/vendor/github.com/docker/docker/pkg/system/mknod_windows.go index ba2692aedd85..ec89d7a15eaf 100644 --- a/vendor/github.com/docker/docker/pkg/system/mknod_windows.go +++ b/vendor/github.com/docker/docker/pkg/system/mknod_windows.go @@ -1,4 +1,4 @@ -package system +package system // import "github.com/docker/docker/pkg/system" // Mknod is not implemented on Windows. func Mknod(path string, mode uint32, dev int) error { diff --git a/vendor/github.com/docker/docker/pkg/system/path.go b/vendor/github.com/docker/docker/pkg/system/path.go index 034c33c877ff..3d209b1bdf22 100644 --- a/vendor/github.com/docker/docker/pkg/system/path.go +++ b/vendor/github.com/docker/docker/pkg/system/path.go @@ -1,4 +1,4 @@ -package system +package system // import "github.com/docker/docker/pkg/system" import ( "fmt" diff --git a/vendor/github.com/docker/docker/pkg/system/process_unix.go b/vendor/github.com/docker/docker/pkg/system/process_unix.go index 02c138235a4e..0195a891b27c 100644 --- a/vendor/github.com/docker/docker/pkg/system/process_unix.go +++ b/vendor/github.com/docker/docker/pkg/system/process_unix.go @@ -1,6 +1,6 @@ // +build linux freebsd darwin -package system +package system // import "github.com/docker/docker/pkg/system" import ( "syscall" diff --git a/vendor/github.com/docker/docker/pkg/system/process_windows.go b/vendor/github.com/docker/docker/pkg/system/process_windows.go index 5973c46de974..4e70c97b18f0 100644 --- a/vendor/github.com/docker/docker/pkg/system/process_windows.go +++ b/vendor/github.com/docker/docker/pkg/system/process_windows.go @@ -1,4 +1,4 @@ -package system +package system // import "github.com/docker/docker/pkg/system" import "os" diff --git a/vendor/github.com/docker/docker/pkg/system/rm.go b/vendor/github.com/docker/docker/pkg/system/rm.go index c453adcdb93c..02e4d262216e 100644 --- a/vendor/github.com/docker/docker/pkg/system/rm.go +++ b/vendor/github.com/docker/docker/pkg/system/rm.go @@ -1,4 +1,4 @@ -package system +package system // import "github.com/docker/docker/pkg/system" import ( "os" diff --git a/vendor/github.com/docker/docker/pkg/system/stat_darwin.go b/vendor/github.com/docker/docker/pkg/system/stat_darwin.go index 715f05b9387f..c1c0ee9f3865 100644 --- a/vendor/github.com/docker/docker/pkg/system/stat_darwin.go +++ b/vendor/github.com/docker/docker/pkg/system/stat_darwin.go @@ -1,4 +1,4 @@ -package system +package system // import "github.com/docker/docker/pkg/system" import "syscall" diff --git a/vendor/github.com/docker/docker/pkg/system/stat_freebsd.go b/vendor/github.com/docker/docker/pkg/system/stat_freebsd.go index 715f05b9387f..c1c0ee9f3865 100644 --- a/vendor/github.com/docker/docker/pkg/system/stat_freebsd.go +++ b/vendor/github.com/docker/docker/pkg/system/stat_freebsd.go @@ -1,4 +1,4 @@ -package system +package system // import "github.com/docker/docker/pkg/system" import "syscall" diff --git a/vendor/github.com/docker/docker/pkg/system/stat_linux.go b/vendor/github.com/docker/docker/pkg/system/stat_linux.go index 1939f95181a0..98c9eb18d18d 100644 --- a/vendor/github.com/docker/docker/pkg/system/stat_linux.go +++ b/vendor/github.com/docker/docker/pkg/system/stat_linux.go @@ -1,4 +1,4 @@ -package system +package system // import "github.com/docker/docker/pkg/system" import "syscall" diff --git a/vendor/github.com/docker/docker/pkg/system/stat_openbsd.go b/vendor/github.com/docker/docker/pkg/system/stat_openbsd.go index b607dea946f8..756b92d1e6cf 100644 --- a/vendor/github.com/docker/docker/pkg/system/stat_openbsd.go +++ b/vendor/github.com/docker/docker/pkg/system/stat_openbsd.go @@ -1,4 +1,4 @@ -package system +package system // import "github.com/docker/docker/pkg/system" import "syscall" diff --git a/vendor/github.com/docker/docker/pkg/system/stat_solaris.go b/vendor/github.com/docker/docker/pkg/system/stat_solaris.go index b607dea946f8..756b92d1e6cf 100644 --- a/vendor/github.com/docker/docker/pkg/system/stat_solaris.go +++ b/vendor/github.com/docker/docker/pkg/system/stat_solaris.go @@ -1,4 +1,4 @@ -package system +package system // import "github.com/docker/docker/pkg/system" import "syscall" diff --git a/vendor/github.com/docker/docker/pkg/system/stat_unix.go b/vendor/github.com/docker/docker/pkg/system/stat_unix.go index 9dcec6afbd83..3d7e2ebbefaf 100644 --- a/vendor/github.com/docker/docker/pkg/system/stat_unix.go +++ b/vendor/github.com/docker/docker/pkg/system/stat_unix.go @@ -1,6 +1,6 @@ // +build !windows -package system +package system // import "github.com/docker/docker/pkg/system" import ( "syscall" diff --git a/vendor/github.com/docker/docker/pkg/system/stat_windows.go b/vendor/github.com/docker/docker/pkg/system/stat_windows.go index 6c63972682a4..b2456cb88704 100644 --- a/vendor/github.com/docker/docker/pkg/system/stat_windows.go +++ b/vendor/github.com/docker/docker/pkg/system/stat_windows.go @@ -1,4 +1,4 @@ -package system +package system // import "github.com/docker/docker/pkg/system" import ( "os" diff --git a/vendor/github.com/docker/docker/pkg/system/syscall_unix.go b/vendor/github.com/docker/docker/pkg/system/syscall_unix.go index 49dbdd378173..919a412a7b30 100644 --- a/vendor/github.com/docker/docker/pkg/system/syscall_unix.go +++ b/vendor/github.com/docker/docker/pkg/system/syscall_unix.go @@ -1,6 +1,6 @@ // +build linux freebsd -package system +package system // import "github.com/docker/docker/pkg/system" import "golang.org/x/sys/unix" diff --git a/vendor/github.com/docker/docker/pkg/system/syscall_windows.go b/vendor/github.com/docker/docker/pkg/system/syscall_windows.go index 23e9b207c756..85e89a7eea5e 100644 --- a/vendor/github.com/docker/docker/pkg/system/syscall_windows.go +++ b/vendor/github.com/docker/docker/pkg/system/syscall_windows.go @@ -1,4 +1,4 @@ -package system +package system // import "github.com/docker/docker/pkg/system" import ( "unsafe" diff --git a/vendor/github.com/docker/docker/pkg/system/umask.go b/vendor/github.com/docker/docker/pkg/system/umask.go index 5a10eda5afb0..9912a2babb3f 100644 --- a/vendor/github.com/docker/docker/pkg/system/umask.go +++ b/vendor/github.com/docker/docker/pkg/system/umask.go @@ -1,6 +1,6 @@ // +build !windows -package system +package system // import "github.com/docker/docker/pkg/system" import ( "golang.org/x/sys/unix" diff --git a/vendor/github.com/docker/docker/pkg/system/umask_windows.go b/vendor/github.com/docker/docker/pkg/system/umask_windows.go index 71fc0f1bad03..fc62388c3891 100644 --- a/vendor/github.com/docker/docker/pkg/system/umask_windows.go +++ b/vendor/github.com/docker/docker/pkg/system/umask_windows.go @@ -1,4 +1,4 @@ -package system +package system // import "github.com/docker/docker/pkg/system" // Umask is not supported on the windows platform. func Umask(newmask int) (oldmask int, err error) { diff --git a/vendor/github.com/docker/docker/pkg/system/utimes_freebsd.go b/vendor/github.com/docker/docker/pkg/system/utimes_freebsd.go index 6a77524376db..ed1b9fad59bb 100644 --- a/vendor/github.com/docker/docker/pkg/system/utimes_freebsd.go +++ b/vendor/github.com/docker/docker/pkg/system/utimes_freebsd.go @@ -1,4 +1,4 @@ -package system +package system // import "github.com/docker/docker/pkg/system" import ( "syscall" diff --git a/vendor/github.com/docker/docker/pkg/system/utimes_linux.go b/vendor/github.com/docker/docker/pkg/system/utimes_linux.go index edc588a63f36..0afe854589f6 100644 --- a/vendor/github.com/docker/docker/pkg/system/utimes_linux.go +++ b/vendor/github.com/docker/docker/pkg/system/utimes_linux.go @@ -1,4 +1,4 @@ -package system +package system // import "github.com/docker/docker/pkg/system" import ( "syscall" diff --git a/vendor/github.com/docker/docker/pkg/system/utimes_unsupported.go b/vendor/github.com/docker/docker/pkg/system/utimes_unsupported.go index 139714544d02..095e072e1df3 100644 --- a/vendor/github.com/docker/docker/pkg/system/utimes_unsupported.go +++ b/vendor/github.com/docker/docker/pkg/system/utimes_unsupported.go @@ -1,6 +1,6 @@ // +build !linux,!freebsd -package system +package system // import "github.com/docker/docker/pkg/system" import "syscall" diff --git a/vendor/github.com/docker/docker/pkg/system/xattrs_linux.go b/vendor/github.com/docker/docker/pkg/system/xattrs_linux.go index 98b111be426e..66d4895b27ab 100644 --- a/vendor/github.com/docker/docker/pkg/system/xattrs_linux.go +++ b/vendor/github.com/docker/docker/pkg/system/xattrs_linux.go @@ -1,4 +1,4 @@ -package system +package system // import "github.com/docker/docker/pkg/system" import "golang.org/x/sys/unix" diff --git a/vendor/github.com/docker/docker/pkg/system/xattrs_unsupported.go b/vendor/github.com/docker/docker/pkg/system/xattrs_unsupported.go index 0114f2227cf0..d780a90cd383 100644 --- a/vendor/github.com/docker/docker/pkg/system/xattrs_unsupported.go +++ b/vendor/github.com/docker/docker/pkg/system/xattrs_unsupported.go @@ -1,6 +1,6 @@ // +build !linux -package system +package system // import "github.com/docker/docker/pkg/system" // Lgetxattr is not supported on platforms other than linux. func Lgetxattr(path string, attr string) ([]byte, error) { diff --git a/vendor/github.com/docker/docker/pkg/term/ascii.go b/vendor/github.com/docker/docker/pkg/term/ascii.go index 55873c0556c9..87bca8d4acdb 100644 --- a/vendor/github.com/docker/docker/pkg/term/ascii.go +++ b/vendor/github.com/docker/docker/pkg/term/ascii.go @@ -1,4 +1,4 @@ -package term +package term // import "github.com/docker/docker/pkg/term" import ( "fmt" diff --git a/vendor/github.com/docker/docker/pkg/term/proxy.go b/vendor/github.com/docker/docker/pkg/term/proxy.go index e648eb81208f..5c4a5260fcb1 100644 --- a/vendor/github.com/docker/docker/pkg/term/proxy.go +++ b/vendor/github.com/docker/docker/pkg/term/proxy.go @@ -1,4 +1,4 @@ -package term +package term // import "github.com/docker/docker/pkg/term" import ( "io" diff --git a/vendor/github.com/docker/docker/pkg/term/tc.go b/vendor/github.com/docker/docker/pkg/term/tc.go index 19dbb1cb11f8..01bcaa8abb18 100644 --- a/vendor/github.com/docker/docker/pkg/term/tc.go +++ b/vendor/github.com/docker/docker/pkg/term/tc.go @@ -1,6 +1,6 @@ // +build !windows -package term +package term // import "github.com/docker/docker/pkg/term" import ( "syscall" diff --git a/vendor/github.com/docker/docker/pkg/term/term.go b/vendor/github.com/docker/docker/pkg/term/term.go index 4f59d8d9389c..0589a955194b 100644 --- a/vendor/github.com/docker/docker/pkg/term/term.go +++ b/vendor/github.com/docker/docker/pkg/term/term.go @@ -2,7 +2,7 @@ // Package term provides structures and helper functions to work with // terminal (state, sizes). -package term +package term // import "github.com/docker/docker/pkg/term" import ( "errors" diff --git a/vendor/github.com/docker/docker/pkg/term/term_windows.go b/vendor/github.com/docker/docker/pkg/term/term_windows.go index 284ac6301066..64ead3c53b8c 100644 --- a/vendor/github.com/docker/docker/pkg/term/term_windows.go +++ b/vendor/github.com/docker/docker/pkg/term/term_windows.go @@ -1,4 +1,4 @@ -package term +package term // import "github.com/docker/docker/pkg/term" import ( "io" diff --git a/vendor/github.com/docker/docker/pkg/term/termios_bsd.go b/vendor/github.com/docker/docker/pkg/term/termios_bsd.go index c47341e8731e..48f25ce7ebb8 100644 --- a/vendor/github.com/docker/docker/pkg/term/termios_bsd.go +++ b/vendor/github.com/docker/docker/pkg/term/termios_bsd.go @@ -1,6 +1,6 @@ // +build darwin freebsd openbsd -package term +package term // import "github.com/docker/docker/pkg/term" import ( "unsafe" diff --git a/vendor/github.com/docker/docker/pkg/term/termios_linux.go b/vendor/github.com/docker/docker/pkg/term/termios_linux.go index 0f21abcc2fa1..6d4c63fdb75e 100644 --- a/vendor/github.com/docker/docker/pkg/term/termios_linux.go +++ b/vendor/github.com/docker/docker/pkg/term/termios_linux.go @@ -1,4 +1,4 @@ -package term +package term // import "github.com/docker/docker/pkg/term" import ( "golang.org/x/sys/unix" diff --git a/vendor/github.com/docker/docker/pkg/term/windows/ansi_reader.go b/vendor/github.com/docker/docker/pkg/term/windows/ansi_reader.go index 29d396318727..1d7c452cc845 100644 --- a/vendor/github.com/docker/docker/pkg/term/windows/ansi_reader.go +++ b/vendor/github.com/docker/docker/pkg/term/windows/ansi_reader.go @@ -1,6 +1,6 @@ // +build windows -package windowsconsole +package windowsconsole // import "github.com/docker/docker/pkg/term/windows" import ( "bytes" diff --git a/vendor/github.com/docker/docker/pkg/term/windows/ansi_writer.go b/vendor/github.com/docker/docker/pkg/term/windows/ansi_writer.go index 256577e1f27f..7799a03fc59e 100644 --- a/vendor/github.com/docker/docker/pkg/term/windows/ansi_writer.go +++ b/vendor/github.com/docker/docker/pkg/term/windows/ansi_writer.go @@ -1,6 +1,6 @@ // +build windows -package windowsconsole +package windowsconsole // import "github.com/docker/docker/pkg/term/windows" import ( "io" diff --git a/vendor/github.com/docker/docker/pkg/term/windows/console.go b/vendor/github.com/docker/docker/pkg/term/windows/console.go index 4bad32ea78cd..527401975805 100644 --- a/vendor/github.com/docker/docker/pkg/term/windows/console.go +++ b/vendor/github.com/docker/docker/pkg/term/windows/console.go @@ -1,6 +1,6 @@ // +build windows -package windowsconsole +package windowsconsole // import "github.com/docker/docker/pkg/term/windows" import ( "os" diff --git a/vendor/github.com/docker/docker/pkg/term/windows/windows.go b/vendor/github.com/docker/docker/pkg/term/windows/windows.go index c02a93a03f14..1f8965969c63 100644 --- a/vendor/github.com/docker/docker/pkg/term/windows/windows.go +++ b/vendor/github.com/docker/docker/pkg/term/windows/windows.go @@ -2,7 +2,7 @@ // When asked for the set of standard streams (e.g., stdin, stdout, stderr), the code will create // and return pseudo-streams that convert ANSI sequences to / from Windows Console API calls. -package windowsconsole +package windowsconsole // import "github.com/docker/docker/pkg/term/windows" import ( "io/ioutil" diff --git a/vendor/github.com/docker/docker/pkg/term/winsize.go b/vendor/github.com/docker/docker/pkg/term/winsize.go index 1ef98d59961e..a19663ad834b 100644 --- a/vendor/github.com/docker/docker/pkg/term/winsize.go +++ b/vendor/github.com/docker/docker/pkg/term/winsize.go @@ -1,6 +1,6 @@ // +build !windows -package term +package term // import "github.com/docker/docker/pkg/term" import ( "golang.org/x/sys/unix" diff --git a/vendor/github.com/docker/go-connections/nat/nat.go b/vendor/github.com/docker/go-connections/nat/nat.go index 4d5f5ae63afd..bb7e4e336950 100644 --- a/vendor/github.com/docker/go-connections/nat/nat.go +++ b/vendor/github.com/docker/go-connections/nat/nat.go @@ -113,7 +113,7 @@ func SplitProtoPort(rawPort string) (string, string) { } func validateProto(proto string) bool { - for _, availableProto := range []string{"tcp", "udp"} { + for _, availableProto := range []string{"tcp", "udp", "sctp"} { if availableProto == proto { return true } diff --git a/vendor/github.com/dustin/go-humanize/LICENSE b/vendor/github.com/dustin/go-humanize/LICENSE new file mode 100644 index 000000000000..8d9a94a90680 --- /dev/null +++ b/vendor/github.com/dustin/go-humanize/LICENSE @@ -0,0 +1,21 @@ +Copyright (c) 2005-2008 Dustin Sallings + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + + diff --git a/vendor/github.com/dustin/go-humanize/README.markdown b/vendor/github.com/dustin/go-humanize/README.markdown new file mode 100644 index 000000000000..91b4ae56464b --- /dev/null +++ b/vendor/github.com/dustin/go-humanize/README.markdown @@ -0,0 +1,124 @@ +# Humane Units [![Build Status](https://travis-ci.org/dustin/go-humanize.svg?branch=master)](https://travis-ci.org/dustin/go-humanize) [![GoDoc](https://godoc.org/github.com/dustin/go-humanize?status.svg)](https://godoc.org/github.com/dustin/go-humanize) + +Just a few functions for helping humanize times and sizes. + +`go get` it as `github.com/dustin/go-humanize`, import it as +`"github.com/dustin/go-humanize"`, use it as `humanize`. + +See [godoc](https://godoc.org/github.com/dustin/go-humanize) for +complete documentation. + +## Sizes + +This lets you take numbers like `82854982` and convert them to useful +strings like, `83 MB` or `79 MiB` (whichever you prefer). + +Example: + +```go +fmt.Printf("That file is %s.", humanize.Bytes(82854982)) // That file is 83 MB. +``` + +## Times + +This lets you take a `time.Time` and spit it out in relative terms. +For example, `12 seconds ago` or `3 days from now`. + +Example: + +```go +fmt.Printf("This was touched %s.", humanize.Time(someTimeInstance)) // This was touched 7 hours ago. +``` + +Thanks to Kyle Lemons for the time implementation from an IRC +conversation one day. It's pretty neat. + +## Ordinals + +From a [mailing list discussion][odisc] where a user wanted to be able +to label ordinals. + + 0 -> 0th + 1 -> 1st + 2 -> 2nd + 3 -> 3rd + 4 -> 4th + [...] + +Example: + +```go +fmt.Printf("You're my %s best friend.", humanize.Ordinal(193)) // You are my 193rd best friend. +``` + +## Commas + +Want to shove commas into numbers? Be my guest. + + 0 -> 0 + 100 -> 100 + 1000 -> 1,000 + 1000000000 -> 1,000,000,000 + -100000 -> -100,000 + +Example: + +```go +fmt.Printf("You owe $%s.\n", humanize.Comma(6582491)) // You owe $6,582,491. +``` + +## Ftoa + +Nicer float64 formatter that removes trailing zeros. + +```go +fmt.Printf("%f", 2.24) // 2.240000 +fmt.Printf("%s", humanize.Ftoa(2.24)) // 2.24 +fmt.Printf("%f", 2.0) // 2.000000 +fmt.Printf("%s", humanize.Ftoa(2.0)) // 2 +``` + +## SI notation + +Format numbers with [SI notation][sinotation]. + +Example: + +```go +humanize.SI(0.00000000223, "M") // 2.23 nM +``` + +## English-specific functions + +The following functions are in the `humanize/english` subpackage. + +### Plurals + +Simple English pluralization + +```go +english.PluralWord(1, "object", "") // object +english.PluralWord(42, "object", "") // objects +english.PluralWord(2, "bus", "") // buses +english.PluralWord(99, "locus", "loci") // loci + +english.Plural(1, "object", "") // 1 object +english.Plural(42, "object", "") // 42 objects +english.Plural(2, "bus", "") // 2 buses +english.Plural(99, "locus", "loci") // 99 loci +``` + +### Word series + +Format comma-separated words lists with conjuctions: + +```go +english.WordSeries([]string{"foo"}, "and") // foo +english.WordSeries([]string{"foo", "bar"}, "and") // foo and bar +english.WordSeries([]string{"foo", "bar", "baz"}, "and") // foo, bar and baz + +english.OxfordWordSeries([]string{"foo", "bar", "baz"}, "and") // foo, bar, and baz +``` + +[odisc]: https://groups.google.com/d/topic/golang-nuts/l8NhI74jl-4/discussion +[sinotation]: http://en.wikipedia.org/wiki/Metric_prefix diff --git a/vendor/github.com/dustin/go-humanize/big.go b/vendor/github.com/dustin/go-humanize/big.go new file mode 100644 index 000000000000..f49dc337dcd7 --- /dev/null +++ b/vendor/github.com/dustin/go-humanize/big.go @@ -0,0 +1,31 @@ +package humanize + +import ( + "math/big" +) + +// order of magnitude (to a max order) +func oomm(n, b *big.Int, maxmag int) (float64, int) { + mag := 0 + m := &big.Int{} + for n.Cmp(b) >= 0 { + n.DivMod(n, b, m) + mag++ + if mag == maxmag && maxmag >= 0 { + break + } + } + return float64(n.Int64()) + (float64(m.Int64()) / float64(b.Int64())), mag +} + +// total order of magnitude +// (same as above, but with no upper limit) +func oom(n, b *big.Int) (float64, int) { + mag := 0 + m := &big.Int{} + for n.Cmp(b) >= 0 { + n.DivMod(n, b, m) + mag++ + } + return float64(n.Int64()) + (float64(m.Int64()) / float64(b.Int64())), mag +} diff --git a/vendor/github.com/dustin/go-humanize/bigbytes.go b/vendor/github.com/dustin/go-humanize/bigbytes.go new file mode 100644 index 000000000000..1a2bf6172392 --- /dev/null +++ b/vendor/github.com/dustin/go-humanize/bigbytes.go @@ -0,0 +1,173 @@ +package humanize + +import ( + "fmt" + "math/big" + "strings" + "unicode" +) + +var ( + bigIECExp = big.NewInt(1024) + + // BigByte is one byte in bit.Ints + BigByte = big.NewInt(1) + // BigKiByte is 1,024 bytes in bit.Ints + BigKiByte = (&big.Int{}).Mul(BigByte, bigIECExp) + // BigMiByte is 1,024 k bytes in bit.Ints + BigMiByte = (&big.Int{}).Mul(BigKiByte, bigIECExp) + // BigGiByte is 1,024 m bytes in bit.Ints + BigGiByte = (&big.Int{}).Mul(BigMiByte, bigIECExp) + // BigTiByte is 1,024 g bytes in bit.Ints + BigTiByte = (&big.Int{}).Mul(BigGiByte, bigIECExp) + // BigPiByte is 1,024 t bytes in bit.Ints + BigPiByte = (&big.Int{}).Mul(BigTiByte, bigIECExp) + // BigEiByte is 1,024 p bytes in bit.Ints + BigEiByte = (&big.Int{}).Mul(BigPiByte, bigIECExp) + // BigZiByte is 1,024 e bytes in bit.Ints + BigZiByte = (&big.Int{}).Mul(BigEiByte, bigIECExp) + // BigYiByte is 1,024 z bytes in bit.Ints + BigYiByte = (&big.Int{}).Mul(BigZiByte, bigIECExp) +) + +var ( + bigSIExp = big.NewInt(1000) + + // BigSIByte is one SI byte in big.Ints + BigSIByte = big.NewInt(1) + // BigKByte is 1,000 SI bytes in big.Ints + BigKByte = (&big.Int{}).Mul(BigSIByte, bigSIExp) + // BigMByte is 1,000 SI k bytes in big.Ints + BigMByte = (&big.Int{}).Mul(BigKByte, bigSIExp) + // BigGByte is 1,000 SI m bytes in big.Ints + BigGByte = (&big.Int{}).Mul(BigMByte, bigSIExp) + // BigTByte is 1,000 SI g bytes in big.Ints + BigTByte = (&big.Int{}).Mul(BigGByte, bigSIExp) + // BigPByte is 1,000 SI t bytes in big.Ints + BigPByte = (&big.Int{}).Mul(BigTByte, bigSIExp) + // BigEByte is 1,000 SI p bytes in big.Ints + BigEByte = (&big.Int{}).Mul(BigPByte, bigSIExp) + // BigZByte is 1,000 SI e bytes in big.Ints + BigZByte = (&big.Int{}).Mul(BigEByte, bigSIExp) + // BigYByte is 1,000 SI z bytes in big.Ints + BigYByte = (&big.Int{}).Mul(BigZByte, bigSIExp) +) + +var bigBytesSizeTable = map[string]*big.Int{ + "b": BigByte, + "kib": BigKiByte, + "kb": BigKByte, + "mib": BigMiByte, + "mb": BigMByte, + "gib": BigGiByte, + "gb": BigGByte, + "tib": BigTiByte, + "tb": BigTByte, + "pib": BigPiByte, + "pb": BigPByte, + "eib": BigEiByte, + "eb": BigEByte, + "zib": BigZiByte, + "zb": BigZByte, + "yib": BigYiByte, + "yb": BigYByte, + // Without suffix + "": BigByte, + "ki": BigKiByte, + "k": BigKByte, + "mi": BigMiByte, + "m": BigMByte, + "gi": BigGiByte, + "g": BigGByte, + "ti": BigTiByte, + "t": BigTByte, + "pi": BigPiByte, + "p": BigPByte, + "ei": BigEiByte, + "e": BigEByte, + "z": BigZByte, + "zi": BigZiByte, + "y": BigYByte, + "yi": BigYiByte, +} + +var ten = big.NewInt(10) + +func humanateBigBytes(s, base *big.Int, sizes []string) string { + if s.Cmp(ten) < 0 { + return fmt.Sprintf("%d B", s) + } + c := (&big.Int{}).Set(s) + val, mag := oomm(c, base, len(sizes)-1) + suffix := sizes[mag] + f := "%.0f %s" + if val < 10 { + f = "%.1f %s" + } + + return fmt.Sprintf(f, val, suffix) + +} + +// BigBytes produces a human readable representation of an SI size. +// +// See also: ParseBigBytes. +// +// BigBytes(82854982) -> 83 MB +func BigBytes(s *big.Int) string { + sizes := []string{"B", "kB", "MB", "GB", "TB", "PB", "EB", "ZB", "YB"} + return humanateBigBytes(s, bigSIExp, sizes) +} + +// BigIBytes produces a human readable representation of an IEC size. +// +// See also: ParseBigBytes. +// +// BigIBytes(82854982) -> 79 MiB +func BigIBytes(s *big.Int) string { + sizes := []string{"B", "KiB", "MiB", "GiB", "TiB", "PiB", "EiB", "ZiB", "YiB"} + return humanateBigBytes(s, bigIECExp, sizes) +} + +// ParseBigBytes parses a string representation of bytes into the number +// of bytes it represents. +// +// See also: BigBytes, BigIBytes. +// +// ParseBigBytes("42 MB") -> 42000000, nil +// ParseBigBytes("42 mib") -> 44040192, nil +func ParseBigBytes(s string) (*big.Int, error) { + lastDigit := 0 + hasComma := false + for _, r := range s { + if !(unicode.IsDigit(r) || r == '.' || r == ',') { + break + } + if r == ',' { + hasComma = true + } + lastDigit++ + } + + num := s[:lastDigit] + if hasComma { + num = strings.Replace(num, ",", "", -1) + } + + val := &big.Rat{} + _, err := fmt.Sscanf(num, "%f", val) + if err != nil { + return nil, err + } + + extra := strings.ToLower(strings.TrimSpace(s[lastDigit:])) + if m, ok := bigBytesSizeTable[extra]; ok { + mv := (&big.Rat{}).SetInt(m) + val.Mul(val, mv) + rv := &big.Int{} + rv.Div(val.Num(), val.Denom()) + return rv, nil + } + + return nil, fmt.Errorf("unhandled size name: %v", extra) +} diff --git a/vendor/github.com/dustin/go-humanize/bytes.go b/vendor/github.com/dustin/go-humanize/bytes.go new file mode 100644 index 000000000000..0b498f4885c5 --- /dev/null +++ b/vendor/github.com/dustin/go-humanize/bytes.go @@ -0,0 +1,143 @@ +package humanize + +import ( + "fmt" + "math" + "strconv" + "strings" + "unicode" +) + +// IEC Sizes. +// kibis of bits +const ( + Byte = 1 << (iota * 10) + KiByte + MiByte + GiByte + TiByte + PiByte + EiByte +) + +// SI Sizes. +const ( + IByte = 1 + KByte = IByte * 1000 + MByte = KByte * 1000 + GByte = MByte * 1000 + TByte = GByte * 1000 + PByte = TByte * 1000 + EByte = PByte * 1000 +) + +var bytesSizeTable = map[string]uint64{ + "b": Byte, + "kib": KiByte, + "kb": KByte, + "mib": MiByte, + "mb": MByte, + "gib": GiByte, + "gb": GByte, + "tib": TiByte, + "tb": TByte, + "pib": PiByte, + "pb": PByte, + "eib": EiByte, + "eb": EByte, + // Without suffix + "": Byte, + "ki": KiByte, + "k": KByte, + "mi": MiByte, + "m": MByte, + "gi": GiByte, + "g": GByte, + "ti": TiByte, + "t": TByte, + "pi": PiByte, + "p": PByte, + "ei": EiByte, + "e": EByte, +} + +func logn(n, b float64) float64 { + return math.Log(n) / math.Log(b) +} + +func humanateBytes(s uint64, base float64, sizes []string) string { + if s < 10 { + return fmt.Sprintf("%d B", s) + } + e := math.Floor(logn(float64(s), base)) + suffix := sizes[int(e)] + val := math.Floor(float64(s)/math.Pow(base, e)*10+0.5) / 10 + f := "%.0f %s" + if val < 10 { + f = "%.1f %s" + } + + return fmt.Sprintf(f, val, suffix) +} + +// Bytes produces a human readable representation of an SI size. +// +// See also: ParseBytes. +// +// Bytes(82854982) -> 83 MB +func Bytes(s uint64) string { + sizes := []string{"B", "kB", "MB", "GB", "TB", "PB", "EB"} + return humanateBytes(s, 1000, sizes) +} + +// IBytes produces a human readable representation of an IEC size. +// +// See also: ParseBytes. +// +// IBytes(82854982) -> 79 MiB +func IBytes(s uint64) string { + sizes := []string{"B", "KiB", "MiB", "GiB", "TiB", "PiB", "EiB"} + return humanateBytes(s, 1024, sizes) +} + +// ParseBytes parses a string representation of bytes into the number +// of bytes it represents. +// +// See Also: Bytes, IBytes. +// +// ParseBytes("42 MB") -> 42000000, nil +// ParseBytes("42 mib") -> 44040192, nil +func ParseBytes(s string) (uint64, error) { + lastDigit := 0 + hasComma := false + for _, r := range s { + if !(unicode.IsDigit(r) || r == '.' || r == ',') { + break + } + if r == ',' { + hasComma = true + } + lastDigit++ + } + + num := s[:lastDigit] + if hasComma { + num = strings.Replace(num, ",", "", -1) + } + + f, err := strconv.ParseFloat(num, 64) + if err != nil { + return 0, err + } + + extra := strings.ToLower(strings.TrimSpace(s[lastDigit:])) + if m, ok := bytesSizeTable[extra]; ok { + f *= float64(m) + if f >= math.MaxUint64 { + return 0, fmt.Errorf("too large: %v", s) + } + return uint64(f), nil + } + + return 0, fmt.Errorf("unhandled size name: %v", extra) +} diff --git a/vendor/github.com/dustin/go-humanize/comma.go b/vendor/github.com/dustin/go-humanize/comma.go new file mode 100644 index 000000000000..13611aaab875 --- /dev/null +++ b/vendor/github.com/dustin/go-humanize/comma.go @@ -0,0 +1,108 @@ +package humanize + +import ( + "bytes" + "math" + "math/big" + "strconv" + "strings" +) + +// Comma produces a string form of the given number in base 10 with +// commas after every three orders of magnitude. +// +// e.g. Comma(834142) -> 834,142 +func Comma(v int64) string { + sign := "" + + // Min int64 can't be negated to a usable value, so it has to be special cased. + if v == math.MinInt64 { + return "-9,223,372,036,854,775,808" + } + + if v < 0 { + sign = "-" + v = 0 - v + } + + parts := []string{"", "", "", "", "", "", ""} + j := len(parts) - 1 + + for v > 999 { + parts[j] = strconv.FormatInt(v%1000, 10) + switch len(parts[j]) { + case 2: + parts[j] = "0" + parts[j] + case 1: + parts[j] = "00" + parts[j] + } + v = v / 1000 + j-- + } + parts[j] = strconv.Itoa(int(v)) + return sign + strings.Join(parts[j:], ",") +} + +// Commaf produces a string form of the given number in base 10 with +// commas after every three orders of magnitude. +// +// e.g. Commaf(834142.32) -> 834,142.32 +func Commaf(v float64) string { + buf := &bytes.Buffer{} + if v < 0 { + buf.Write([]byte{'-'}) + v = 0 - v + } + + comma := []byte{','} + + parts := strings.Split(strconv.FormatFloat(v, 'f', -1, 64), ".") + pos := 0 + if len(parts[0])%3 != 0 { + pos += len(parts[0]) % 3 + buf.WriteString(parts[0][:pos]) + buf.Write(comma) + } + for ; pos < len(parts[0]); pos += 3 { + buf.WriteString(parts[0][pos : pos+3]) + buf.Write(comma) + } + buf.Truncate(buf.Len() - 1) + + if len(parts) > 1 { + buf.Write([]byte{'.'}) + buf.WriteString(parts[1]) + } + return buf.String() +} + +// BigComma produces a string form of the given big.Int in base 10 +// with commas after every three orders of magnitude. +func BigComma(b *big.Int) string { + sign := "" + if b.Sign() < 0 { + sign = "-" + b.Abs(b) + } + + athousand := big.NewInt(1000) + c := (&big.Int{}).Set(b) + _, m := oom(c, athousand) + parts := make([]string, m+1) + j := len(parts) - 1 + + mod := &big.Int{} + for b.Cmp(athousand) >= 0 { + b.DivMod(b, athousand, mod) + parts[j] = strconv.FormatInt(mod.Int64(), 10) + switch len(parts[j]) { + case 2: + parts[j] = "0" + parts[j] + case 1: + parts[j] = "00" + parts[j] + } + j-- + } + parts[j] = strconv.Itoa(int(b.Int64())) + return sign + strings.Join(parts[j:], ",") +} diff --git a/vendor/github.com/dustin/go-humanize/commaf.go b/vendor/github.com/dustin/go-humanize/commaf.go new file mode 100644 index 000000000000..620690dec7dd --- /dev/null +++ b/vendor/github.com/dustin/go-humanize/commaf.go @@ -0,0 +1,40 @@ +// +build go1.6 + +package humanize + +import ( + "bytes" + "math/big" + "strings" +) + +// BigCommaf produces a string form of the given big.Float in base 10 +// with commas after every three orders of magnitude. +func BigCommaf(v *big.Float) string { + buf := &bytes.Buffer{} + if v.Sign() < 0 { + buf.Write([]byte{'-'}) + v.Abs(v) + } + + comma := []byte{','} + + parts := strings.Split(v.Text('f', -1), ".") + pos := 0 + if len(parts[0])%3 != 0 { + pos += len(parts[0]) % 3 + buf.WriteString(parts[0][:pos]) + buf.Write(comma) + } + for ; pos < len(parts[0]); pos += 3 { + buf.WriteString(parts[0][pos : pos+3]) + buf.Write(comma) + } + buf.Truncate(buf.Len() - 1) + + if len(parts) > 1 { + buf.Write([]byte{'.'}) + buf.WriteString(parts[1]) + } + return buf.String() +} diff --git a/vendor/github.com/dustin/go-humanize/ftoa.go b/vendor/github.com/dustin/go-humanize/ftoa.go new file mode 100644 index 000000000000..c76190b10671 --- /dev/null +++ b/vendor/github.com/dustin/go-humanize/ftoa.go @@ -0,0 +1,23 @@ +package humanize + +import "strconv" + +func stripTrailingZeros(s string) string { + offset := len(s) - 1 + for offset > 0 { + if s[offset] == '.' { + offset-- + break + } + if s[offset] != '0' { + break + } + offset-- + } + return s[:offset+1] +} + +// Ftoa converts a float to a string with no trailing zeros. +func Ftoa(num float64) string { + return stripTrailingZeros(strconv.FormatFloat(num, 'f', 6, 64)) +} diff --git a/vendor/github.com/dustin/go-humanize/humanize.go b/vendor/github.com/dustin/go-humanize/humanize.go new file mode 100644 index 000000000000..a2c2da31ef1a --- /dev/null +++ b/vendor/github.com/dustin/go-humanize/humanize.go @@ -0,0 +1,8 @@ +/* +Package humanize converts boring ugly numbers to human-friendly strings and back. + +Durations can be turned into strings such as "3 days ago", numbers +representing sizes like 82854982 into useful strings like, "83 MB" or +"79 MiB" (whichever you prefer). +*/ +package humanize diff --git a/vendor/github.com/dustin/go-humanize/number.go b/vendor/github.com/dustin/go-humanize/number.go new file mode 100644 index 000000000000..dec618659969 --- /dev/null +++ b/vendor/github.com/dustin/go-humanize/number.go @@ -0,0 +1,192 @@ +package humanize + +/* +Slightly adapted from the source to fit go-humanize. + +Author: https://github.com/gorhill +Source: https://gist.github.com/gorhill/5285193 + +*/ + +import ( + "math" + "strconv" +) + +var ( + renderFloatPrecisionMultipliers = [...]float64{ + 1, + 10, + 100, + 1000, + 10000, + 100000, + 1000000, + 10000000, + 100000000, + 1000000000, + } + + renderFloatPrecisionRounders = [...]float64{ + 0.5, + 0.05, + 0.005, + 0.0005, + 0.00005, + 0.000005, + 0.0000005, + 0.00000005, + 0.000000005, + 0.0000000005, + } +) + +// FormatFloat produces a formatted number as string based on the following user-specified criteria: +// * thousands separator +// * decimal separator +// * decimal precision +// +// Usage: s := RenderFloat(format, n) +// The format parameter tells how to render the number n. +// +// See examples: http://play.golang.org/p/LXc1Ddm1lJ +// +// Examples of format strings, given n = 12345.6789: +// "#,###.##" => "12,345.67" +// "#,###." => "12,345" +// "#,###" => "12345,678" +// "#\u202F###,##" => "12 345,68" +// "#.###,###### => 12.345,678900 +// "" (aka default format) => 12,345.67 +// +// The highest precision allowed is 9 digits after the decimal symbol. +// There is also a version for integer number, FormatInteger(), +// which is convenient for calls within template. +func FormatFloat(format string, n float64) string { + // Special cases: + // NaN = "NaN" + // +Inf = "+Infinity" + // -Inf = "-Infinity" + if math.IsNaN(n) { + return "NaN" + } + if n > math.MaxFloat64 { + return "Infinity" + } + if n < -math.MaxFloat64 { + return "-Infinity" + } + + // default format + precision := 2 + decimalStr := "." + thousandStr := "," + positiveStr := "" + negativeStr := "-" + + if len(format) > 0 { + format := []rune(format) + + // If there is an explicit format directive, + // then default values are these: + precision = 9 + thousandStr = "" + + // collect indices of meaningful formatting directives + formatIndx := []int{} + for i, char := range format { + if char != '#' && char != '0' { + formatIndx = append(formatIndx, i) + } + } + + if len(formatIndx) > 0 { + // Directive at index 0: + // Must be a '+' + // Raise an error if not the case + // index: 0123456789 + // +0.000,000 + // +000,000.0 + // +0000.00 + // +0000 + if formatIndx[0] == 0 { + if format[formatIndx[0]] != '+' { + panic("RenderFloat(): invalid positive sign directive") + } + positiveStr = "+" + formatIndx = formatIndx[1:] + } + + // Two directives: + // First is thousands separator + // Raise an error if not followed by 3-digit + // 0123456789 + // 0.000,000 + // 000,000.00 + if len(formatIndx) == 2 { + if (formatIndx[1] - formatIndx[0]) != 4 { + panic("RenderFloat(): thousands separator directive must be followed by 3 digit-specifiers") + } + thousandStr = string(format[formatIndx[0]]) + formatIndx = formatIndx[1:] + } + + // One directive: + // Directive is decimal separator + // The number of digit-specifier following the separator indicates wanted precision + // 0123456789 + // 0.00 + // 000,0000 + if len(formatIndx) == 1 { + decimalStr = string(format[formatIndx[0]]) + precision = len(format) - formatIndx[0] - 1 + } + } + } + + // generate sign part + var signStr string + if n >= 0.000000001 { + signStr = positiveStr + } else if n <= -0.000000001 { + signStr = negativeStr + n = -n + } else { + signStr = "" + n = 0.0 + } + + // split number into integer and fractional parts + intf, fracf := math.Modf(n + renderFloatPrecisionRounders[precision]) + + // generate integer part string + intStr := strconv.FormatInt(int64(intf), 10) + + // add thousand separator if required + if len(thousandStr) > 0 { + for i := len(intStr); i > 3; { + i -= 3 + intStr = intStr[:i] + thousandStr + intStr[i:] + } + } + + // no fractional part, we can leave now + if precision == 0 { + return signStr + intStr + } + + // generate fractional part + fracStr := strconv.Itoa(int(fracf * renderFloatPrecisionMultipliers[precision])) + // may need padding + if len(fracStr) < precision { + fracStr = "000000000000000"[:precision-len(fracStr)] + fracStr + } + + return signStr + intStr + decimalStr + fracStr +} + +// FormatInteger produces a formatted number as string. +// See FormatFloat. +func FormatInteger(format string, n int) string { + return FormatFloat(format, float64(n)) +} diff --git a/vendor/github.com/dustin/go-humanize/ordinals.go b/vendor/github.com/dustin/go-humanize/ordinals.go new file mode 100644 index 000000000000..43d88a861950 --- /dev/null +++ b/vendor/github.com/dustin/go-humanize/ordinals.go @@ -0,0 +1,25 @@ +package humanize + +import "strconv" + +// Ordinal gives you the input number in a rank/ordinal format. +// +// Ordinal(3) -> 3rd +func Ordinal(x int) string { + suffix := "th" + switch x % 10 { + case 1: + if x%100 != 11 { + suffix = "st" + } + case 2: + if x%100 != 12 { + suffix = "nd" + } + case 3: + if x%100 != 13 { + suffix = "rd" + } + } + return strconv.Itoa(x) + suffix +} diff --git a/vendor/github.com/dustin/go-humanize/si.go b/vendor/github.com/dustin/go-humanize/si.go new file mode 100644 index 000000000000..b24e48169f4f --- /dev/null +++ b/vendor/github.com/dustin/go-humanize/si.go @@ -0,0 +1,113 @@ +package humanize + +import ( + "errors" + "math" + "regexp" + "strconv" +) + +var siPrefixTable = map[float64]string{ + -24: "y", // yocto + -21: "z", // zepto + -18: "a", // atto + -15: "f", // femto + -12: "p", // pico + -9: "n", // nano + -6: "µ", // micro + -3: "m", // milli + 0: "", + 3: "k", // kilo + 6: "M", // mega + 9: "G", // giga + 12: "T", // tera + 15: "P", // peta + 18: "E", // exa + 21: "Z", // zetta + 24: "Y", // yotta +} + +var revSIPrefixTable = revfmap(siPrefixTable) + +// revfmap reverses the map and precomputes the power multiplier +func revfmap(in map[float64]string) map[string]float64 { + rv := map[string]float64{} + for k, v := range in { + rv[v] = math.Pow(10, k) + } + return rv +} + +var riParseRegex *regexp.Regexp + +func init() { + ri := `^([\-0-9.]+)\s?([` + for _, v := range siPrefixTable { + ri += v + } + ri += `]?)(.*)` + + riParseRegex = regexp.MustCompile(ri) +} + +// ComputeSI finds the most appropriate SI prefix for the given number +// and returns the prefix along with the value adjusted to be within +// that prefix. +// +// See also: SI, ParseSI. +// +// e.g. ComputeSI(2.2345e-12) -> (2.2345, "p") +func ComputeSI(input float64) (float64, string) { + if input == 0 { + return 0, "" + } + mag := math.Abs(input) + exponent := math.Floor(logn(mag, 10)) + exponent = math.Floor(exponent/3) * 3 + + value := mag / math.Pow(10, exponent) + + // Handle special case where value is exactly 1000.0 + // Should return 1 M instead of 1000 k + if value == 1000.0 { + exponent += 3 + value = mag / math.Pow(10, exponent) + } + + value = math.Copysign(value, input) + + prefix := siPrefixTable[exponent] + return value, prefix +} + +// SI returns a string with default formatting. +// +// SI uses Ftoa to format float value, removing trailing zeros. +// +// See also: ComputeSI, ParseSI. +// +// e.g. SI(1000000, "B") -> 1 MB +// e.g. SI(2.2345e-12, "F") -> 2.2345 pF +func SI(input float64, unit string) string { + value, prefix := ComputeSI(input) + return Ftoa(value) + " " + prefix + unit +} + +var errInvalid = errors.New("invalid input") + +// ParseSI parses an SI string back into the number and unit. +// +// See also: SI, ComputeSI. +// +// e.g. ParseSI("2.2345 pF") -> (2.2345e-12, "F", nil) +func ParseSI(input string) (float64, string, error) { + found := riParseRegex.FindStringSubmatch(input) + if len(found) != 4 { + return 0, "", errInvalid + } + mag := revSIPrefixTable[found[2]] + unit := found[3] + + base, err := strconv.ParseFloat(found[1], 64) + return base * mag, unit, err +} diff --git a/vendor/github.com/dustin/go-humanize/times.go b/vendor/github.com/dustin/go-humanize/times.go new file mode 100644 index 000000000000..dd3fbf5efc0c --- /dev/null +++ b/vendor/github.com/dustin/go-humanize/times.go @@ -0,0 +1,117 @@ +package humanize + +import ( + "fmt" + "math" + "sort" + "time" +) + +// Seconds-based time units +const ( + Day = 24 * time.Hour + Week = 7 * Day + Month = 30 * Day + Year = 12 * Month + LongTime = 37 * Year +) + +// Time formats a time into a relative string. +// +// Time(someT) -> "3 weeks ago" +func Time(then time.Time) string { + return RelTime(then, time.Now(), "ago", "from now") +} + +// A RelTimeMagnitude struct contains a relative time point at which +// the relative format of time will switch to a new format string. A +// slice of these in ascending order by their "D" field is passed to +// CustomRelTime to format durations. +// +// The Format field is a string that may contain a "%s" which will be +// replaced with the appropriate signed label (e.g. "ago" or "from +// now") and a "%d" that will be replaced by the quantity. +// +// The DivBy field is the amount of time the time difference must be +// divided by in order to display correctly. +// +// e.g. if D is 2*time.Minute and you want to display "%d minutes %s" +// DivBy should be time.Minute so whatever the duration is will be +// expressed in minutes. +type RelTimeMagnitude struct { + D time.Duration + Format string + DivBy time.Duration +} + +var defaultMagnitudes = []RelTimeMagnitude{ + {time.Second, "now", time.Second}, + {2 * time.Second, "1 second %s", 1}, + {time.Minute, "%d seconds %s", time.Second}, + {2 * time.Minute, "1 minute %s", 1}, + {time.Hour, "%d minutes %s", time.Minute}, + {2 * time.Hour, "1 hour %s", 1}, + {Day, "%d hours %s", time.Hour}, + {2 * Day, "1 day %s", 1}, + {Week, "%d days %s", Day}, + {2 * Week, "1 week %s", 1}, + {Month, "%d weeks %s", Week}, + {2 * Month, "1 month %s", 1}, + {Year, "%d months %s", Month}, + {18 * Month, "1 year %s", 1}, + {2 * Year, "2 years %s", 1}, + {LongTime, "%d years %s", Year}, + {math.MaxInt64, "a long while %s", 1}, +} + +// RelTime formats a time into a relative string. +// +// It takes two times and two labels. In addition to the generic time +// delta string (e.g. 5 minutes), the labels are used applied so that +// the label corresponding to the smaller time is applied. +// +// RelTime(timeInPast, timeInFuture, "earlier", "later") -> "3 weeks earlier" +func RelTime(a, b time.Time, albl, blbl string) string { + return CustomRelTime(a, b, albl, blbl, defaultMagnitudes) +} + +// CustomRelTime formats a time into a relative string. +// +// It takes two times two labels and a table of relative time formats. +// In addition to the generic time delta string (e.g. 5 minutes), the +// labels are used applied so that the label corresponding to the +// smaller time is applied. +func CustomRelTime(a, b time.Time, albl, blbl string, magnitudes []RelTimeMagnitude) string { + lbl := albl + diff := b.Sub(a) + + if a.After(b) { + lbl = blbl + diff = a.Sub(b) + } + + n := sort.Search(len(magnitudes), func(i int) bool { + return magnitudes[i].D > diff + }) + + if n >= len(magnitudes) { + n = len(magnitudes) - 1 + } + mag := magnitudes[n] + args := []interface{}{} + escaped := false + for _, ch := range mag.Format { + if escaped { + switch ch { + case 's': + args = append(args, lbl) + case 'd': + args = append(args, diff/mag.DivBy) + } + escaped = false + } else { + escaped = ch == '%' + } + } + return fmt.Sprintf(mag.Format, args...) +} diff --git a/vendor/github.com/fsouza/go-dockerclient/AUTHORS b/vendor/github.com/fsouza/go-dockerclient/AUTHORS index b07c0095f70b..10efeac05662 100644 --- a/vendor/github.com/fsouza/go-dockerclient/AUTHORS +++ b/vendor/github.com/fsouza/go-dockerclient/AUTHORS @@ -156,6 +156,7 @@ Sam Rijs Sami Wagiaalla Samuel Archambault Samuel Karp +Sebastian Borza Seth Jennings Shane Xie Silas Sewell diff --git a/vendor/github.com/fsouza/go-dockerclient/LICENSE b/vendor/github.com/fsouza/go-dockerclient/LICENSE index 545174c18f79..f3ce3a9aa7da 100644 --- a/vendor/github.com/fsouza/go-dockerclient/LICENSE +++ b/vendor/github.com/fsouza/go-dockerclient/LICENSE @@ -1,4 +1,4 @@ -Copyright (c) 2013-2017, go-dockerclient authors +Copyright (c) 2013-2018, go-dockerclient authors All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/vendor/github.com/fsouza/go-dockerclient/container.go b/vendor/github.com/fsouza/go-dockerclient/container.go index e0fa600d1b4d..94014d66ca94 100644 --- a/vendor/github.com/fsouza/go-dockerclient/container.go +++ b/vendor/github.com/fsouza/go-dockerclient/container.go @@ -15,7 +15,7 @@ import ( "strings" "time" - "github.com/docker/go-units" + units "github.com/docker/go-units" "golang.org/x/net/context" ) @@ -1052,6 +1052,7 @@ type CPUStats struct { UsageInKernelmode uint64 `json:"usage_in_kernelmode,omitempty" yaml:"usage_in_kernelmode,omitempty" toml:"usage_in_kernelmode,omitempty"` } `json:"cpu_usage,omitempty" yaml:"cpu_usage,omitempty" toml:"cpu_usage,omitempty"` SystemCPUUsage uint64 `json:"system_cpu_usage,omitempty" yaml:"system_cpu_usage,omitempty" toml:"system_cpu_usage,omitempty"` + OnlineCPUs uint64 `json:"online_cpus,omitempty" yaml:"online_cpus,omitempty" toml:"online_cpus,omitempty"` ThrottlingData struct { Periods uint64 `json:"periods,omitempty"` ThrottledPeriods uint64 `json:"throttled_periods,omitempty"` @@ -1187,10 +1188,18 @@ func (c *Client) KillContainer(opts KillContainerOptions) error { path := "/containers/" + opts.ID + "/kill" + "?" + queryString(opts) resp, err := c.do("POST", path, doOptions{context: opts.Context}) if err != nil { - if e, ok := err.(*Error); ok && e.Status == http.StatusNotFound { + e, ok := err.(*Error) + if !ok { + return err + } + switch e.Status { + case http.StatusNotFound: return &NoSuchContainer{ID: opts.ID} + case http.StatusConflict: + return &ContainerNotRunning{ID: opts.ID} + default: + return err } - return err } resp.Body.Close() return nil diff --git a/vendor/github.com/gocql/gocql/marshal.go b/vendor/github.com/gocql/gocql/marshal.go index fbc41aee6665..fce258f99c49 100644 --- a/vendor/github.com/gocql/gocql/marshal.go +++ b/vendor/github.com/gocql/gocql/marshal.go @@ -330,7 +330,7 @@ func marshalSmallInt(info TypeInfo, value interface{}) ([]byte, error) { return nil, marshalErrorf("marshal smallint: value %d out of range", v) } return encShort(int16(v)), nil - default: + case reflect.Ptr: if rv.IsNil() { return nil, nil } @@ -414,7 +414,7 @@ func marshalTinyInt(info TypeInfo, value interface{}) ([]byte, error) { return nil, marshalErrorf("marshal tinyint: value %d out of range", v) } return []byte{byte(v)}, nil - default: + case reflect.Ptr: if rv.IsNil() { return nil, nil } @@ -486,7 +486,7 @@ func marshalInt(info TypeInfo, value interface{}) ([]byte, error) { return nil, marshalErrorf("marshal int: value %d out of range", v) } return encInt(int32(v)), nil - default: + case reflect.Ptr: if rv.IsNil() { return nil, nil } diff --git a/vendor/github.com/gogo/protobuf/proto/discard.go b/vendor/github.com/gogo/protobuf/proto/discard.go new file mode 100644 index 000000000000..bd0e3bb4c851 --- /dev/null +++ b/vendor/github.com/gogo/protobuf/proto/discard.go @@ -0,0 +1,151 @@ +// Go support for Protocol Buffers - Google's data interchange format +// +// Copyright 2017 The Go Authors. All rights reserved. +// https://github.com/golang/protobuf +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are +// met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following disclaimer +// in the documentation and/or other materials provided with the +// distribution. +// * Neither the name of Google Inc. nor the names of its +// contributors may be used to endorse or promote products derived from +// this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +package proto + +import ( + "fmt" + "reflect" + "strings" +) + +// DiscardUnknown recursively discards all unknown fields from this message +// and all embedded messages. +// +// When unmarshaling a message with unrecognized fields, the tags and values +// of such fields are preserved in the Message. This allows a later call to +// marshal to be able to produce a message that continues to have those +// unrecognized fields. To avoid this, DiscardUnknown is used to +// explicitly clear the unknown fields after unmarshaling. +// +// For proto2 messages, the unknown fields of message extensions are only +// discarded from messages that have been accessed via GetExtension. +func DiscardUnknown(m Message) { + discardLegacy(m) +} + +func discardLegacy(m Message) { + v := reflect.ValueOf(m) + if v.Kind() != reflect.Ptr || v.IsNil() { + return + } + v = v.Elem() + if v.Kind() != reflect.Struct { + return + } + t := v.Type() + + for i := 0; i < v.NumField(); i++ { + f := t.Field(i) + if strings.HasPrefix(f.Name, "XXX_") { + continue + } + vf := v.Field(i) + tf := f.Type + + // Unwrap tf to get its most basic type. + var isPointer, isSlice bool + if tf.Kind() == reflect.Slice && tf.Elem().Kind() != reflect.Uint8 { + isSlice = true + tf = tf.Elem() + } + if tf.Kind() == reflect.Ptr { + isPointer = true + tf = tf.Elem() + } + if isPointer && isSlice && tf.Kind() != reflect.Struct { + panic(fmt.Sprintf("%T.%s cannot be a slice of pointers to primitive types", m, f.Name)) + } + + switch tf.Kind() { + case reflect.Struct: + switch { + case !isPointer: + panic(fmt.Sprintf("%T.%s cannot be a direct struct value", m, f.Name)) + case isSlice: // E.g., []*pb.T + for j := 0; j < vf.Len(); j++ { + discardLegacy(vf.Index(j).Interface().(Message)) + } + default: // E.g., *pb.T + discardLegacy(vf.Interface().(Message)) + } + case reflect.Map: + switch { + case isPointer || isSlice: + panic(fmt.Sprintf("%T.%s cannot be a pointer to a map or a slice of map values", m, f.Name)) + default: // E.g., map[K]V + tv := vf.Type().Elem() + if tv.Kind() == reflect.Ptr && tv.Implements(protoMessageType) { // Proto struct (e.g., *T) + for _, key := range vf.MapKeys() { + val := vf.MapIndex(key) + discardLegacy(val.Interface().(Message)) + } + } + } + case reflect.Interface: + // Must be oneof field. + switch { + case isPointer || isSlice: + panic(fmt.Sprintf("%T.%s cannot be a pointer to a interface or a slice of interface values", m, f.Name)) + default: // E.g., test_proto.isCommunique_Union interface + if !vf.IsNil() && f.Tag.Get("protobuf_oneof") != "" { + vf = vf.Elem() // E.g., *test_proto.Communique_Msg + if !vf.IsNil() { + vf = vf.Elem() // E.g., test_proto.Communique_Msg + vf = vf.Field(0) // E.g., Proto struct (e.g., *T) or primitive value + if vf.Kind() == reflect.Ptr { + discardLegacy(vf.Interface().(Message)) + } + } + } + } + } + } + + if vf := v.FieldByName("XXX_unrecognized"); vf.IsValid() { + if vf.Type() != reflect.TypeOf([]byte{}) { + panic("expected XXX_unrecognized to be of type []byte") + } + vf.Set(reflect.ValueOf([]byte(nil))) + } + + // For proto2 messages, only discard unknown fields in message extensions + // that have been accessed via GetExtension. + if em, ok := extendable(m); ok { + // Ignore lock since discardLegacy is not concurrency safe. + emm, _ := em.extensionsRead() + for _, mx := range emm { + if m, ok := mx.value.(Message); ok { + discardLegacy(m) + } + } + } +} diff --git a/vendor/github.com/gogo/protobuf/protoc-gen-gogo/descriptor/descriptor.pb.go b/vendor/github.com/gogo/protobuf/protoc-gen-gogo/descriptor/descriptor.pb.go index 4174cbd9f3d6..a63db3c4bcac 100644 --- a/vendor/github.com/gogo/protobuf/protoc-gen-gogo/descriptor/descriptor.pb.go +++ b/vendor/github.com/gogo/protobuf/protoc-gen-gogo/descriptor/descriptor.pb.go @@ -1100,7 +1100,8 @@ type FileOptions struct { // is empty. When this option is empty, the package name will be used for // determining the namespace. PhpNamespace *string `protobuf:"bytes,41,opt,name=php_namespace,json=phpNamespace" json:"php_namespace,omitempty"` - // The parser stores options it doesn't recognize here. See above. + // The parser stores options it doesn't recognize here. + // See the documentation for the "Options" section above. UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"` proto.XXX_InternalExtensions `json:"-"` XXX_unrecognized []byte `json:"-"` diff --git a/vendor/github.com/google/go-github/github/github.go b/vendor/github.com/google/go-github/github/github.go index 082472260b19..f3eadce9e972 100644 --- a/vendor/github.com/google/go-github/github/github.go +++ b/vendor/github.com/google/go-github/github/github.go @@ -27,10 +27,9 @@ import ( ) const ( - libraryVersion = "15" defaultBaseURL = "https://api.github.com/" uploadBaseURL = "https://uploads.github.com/" - userAgent = "go-github/" + libraryVersion + userAgent = "go-github" headerRateLimit = "X-RateLimit-Limit" headerRateRemaining = "X-RateLimit-Remaining" diff --git a/vendor/github.com/hashicorp/consul/api/agent.go b/vendor/github.com/hashicorp/consul/api/agent.go index 8509276ace5c..4e1ef089084b 100644 --- a/vendor/github.com/hashicorp/consul/api/agent.go +++ b/vendor/github.com/hashicorp/consul/api/agent.go @@ -97,6 +97,8 @@ type AgentServiceCheck struct { Status string `json:",omitempty"` Notes string `json:",omitempty"` TLSSkipVerify bool `json:",omitempty"` + GRPC string `json:",omitempty"` + GRPCUseTLS bool `json:",omitempty"` // In Consul 0.7 and later, checks that are associated with a service // may also contain this optional DeregisterCriticalServiceAfter field, @@ -584,36 +586,36 @@ func (a *Agent) Monitor(loglevel string, stopCh <-chan struct{}, q *QueryOptions // UpdateACLToken updates the agent's "acl_token". See updateToken for more // details. -func (c *Agent) UpdateACLToken(token string, q *WriteOptions) (*WriteMeta, error) { - return c.updateToken("acl_token", token, q) +func (a *Agent) UpdateACLToken(token string, q *WriteOptions) (*WriteMeta, error) { + return a.updateToken("acl_token", token, q) } // UpdateACLAgentToken updates the agent's "acl_agent_token". See updateToken // for more details. -func (c *Agent) UpdateACLAgentToken(token string, q *WriteOptions) (*WriteMeta, error) { - return c.updateToken("acl_agent_token", token, q) +func (a *Agent) UpdateACLAgentToken(token string, q *WriteOptions) (*WriteMeta, error) { + return a.updateToken("acl_agent_token", token, q) } // UpdateACLAgentMasterToken updates the agent's "acl_agent_master_token". See // updateToken for more details. -func (c *Agent) UpdateACLAgentMasterToken(token string, q *WriteOptions) (*WriteMeta, error) { - return c.updateToken("acl_agent_master_token", token, q) +func (a *Agent) UpdateACLAgentMasterToken(token string, q *WriteOptions) (*WriteMeta, error) { + return a.updateToken("acl_agent_master_token", token, q) } // UpdateACLReplicationToken updates the agent's "acl_replication_token". See // updateToken for more details. -func (c *Agent) UpdateACLReplicationToken(token string, q *WriteOptions) (*WriteMeta, error) { - return c.updateToken("acl_replication_token", token, q) +func (a *Agent) UpdateACLReplicationToken(token string, q *WriteOptions) (*WriteMeta, error) { + return a.updateToken("acl_replication_token", token, q) } // updateToken can be used to update an agent's ACL token after the agent has // started. The tokens are not persisted, so will need to be updated again if // the agent is restarted. -func (c *Agent) updateToken(target, token string, q *WriteOptions) (*WriteMeta, error) { - r := c.c.newRequest("PUT", fmt.Sprintf("/v1/agent/token/%s", target)) +func (a *Agent) updateToken(target, token string, q *WriteOptions) (*WriteMeta, error) { + r := a.c.newRequest("PUT", fmt.Sprintf("/v1/agent/token/%s", target)) r.setWriteOptions(q) r.obj = &AgentToken{Token: token} - rtt, resp, err := requireOK(c.c.doRequest(r)) + rtt, resp, err := requireOK(a.c.doRequest(r)) if err != nil { return nil, err } diff --git a/vendor/github.com/hashicorp/consul/api/api.go b/vendor/github.com/hashicorp/consul/api/api.go index 7db12b49d7f5..b756ceb0637c 100644 --- a/vendor/github.com/hashicorp/consul/api/api.go +++ b/vendor/github.com/hashicorp/consul/api/api.go @@ -633,9 +633,9 @@ func (r *request) toHTTP() (*http.Request, error) { } if r.ctx != nil { return req.WithContext(r.ctx), nil - } else { - return req, nil } + + return req, nil } // newRequest is used to create a new request diff --git a/vendor/github.com/hashicorp/consul/lib/rtt.go b/vendor/github.com/hashicorp/consul/lib/rtt.go index a417f533c915..fb9090ab1dbf 100644 --- a/vendor/github.com/hashicorp/consul/lib/rtt.go +++ b/vendor/github.com/hashicorp/consul/lib/rtt.go @@ -36,14 +36,14 @@ func (cs CoordinateSet) Intersect(other CoordinateSet) (*coordinate.Coordinate, // we are possibly a client. Any node with more than one segment can only // be a server, which means it should be in all segments. if len(cs) == 1 { - for s, _ := range cs { + for s := range cs { segment = s } } // Likewise for the other set. if len(other) == 1 { - for s, _ := range other { + for s := range other { segment = s } } diff --git a/vendor/github.com/hashicorp/go-immutable-radix/iradix.go b/vendor/github.com/hashicorp/go-immutable-radix/iradix.go index c7172c406b44..e5e6e57f2626 100644 --- a/vendor/github.com/hashicorp/go-immutable-radix/iradix.go +++ b/vendor/github.com/hashicorp/go-immutable-radix/iradix.go @@ -338,6 +338,11 @@ func (t *Txn) delete(parent, n *Node, search []byte) (*Node, *leafNode) { if !n.isLeaf() { return nil, nil } + // Copy the pointer in case we are in a transaction that already + // modified this node since the node will be reused. Any changes + // made to the node will not affect returning the original leaf + // value. + oldLeaf := n.leaf // Remove the leaf node nc := t.writeNode(n, true) @@ -347,7 +352,7 @@ func (t *Txn) delete(parent, n *Node, search []byte) (*Node, *leafNode) { if n != t.root && len(nc.edges) == 1 { t.mergeChild(nc) } - return nc, n.leaf + return nc, oldLeaf } // Look for an edge diff --git a/vendor/github.com/hashicorp/go-sockaddr/ifaddrs.go b/vendor/github.com/hashicorp/go-sockaddr/ifaddrs.go index 4b4e63808945..90b6576f2f2a 100644 --- a/vendor/github.com/hashicorp/go-sockaddr/ifaddrs.go +++ b/vendor/github.com/hashicorp/go-sockaddr/ifaddrs.go @@ -16,7 +16,7 @@ var ( // Centralize all regexps and regexp.Copy() where necessary. signRE *regexp.Regexp = regexp.MustCompile(`^[\s]*[+-]`) whitespaceRE *regexp.Regexp = regexp.MustCompile(`[\s]+`) - ifNameRE *regexp.Regexp = regexp.MustCompile(`^Ethernet adapter ([^\s:]+):`) + ifNameRE *regexp.Regexp = regexp.MustCompile(`^Ethernet adapter ([^:]+):`) ipAddrRE *regexp.Regexp = regexp.MustCompile(`^ IPv[46] Address\. \. \. \. \. \. \. \. \. \. \. : ([^\s]+)`) ) diff --git a/vendor/github.com/hashicorp/golang-lru/2q.go b/vendor/github.com/hashicorp/golang-lru/2q.go index 337d963296cd..e474cd07581a 100644 --- a/vendor/github.com/hashicorp/golang-lru/2q.go +++ b/vendor/github.com/hashicorp/golang-lru/2q.go @@ -30,9 +30,9 @@ type TwoQueueCache struct { size int recentSize int - recent *simplelru.LRU - frequent *simplelru.LRU - recentEvict *simplelru.LRU + recent simplelru.LRUCache + frequent simplelru.LRUCache + recentEvict simplelru.LRUCache lock sync.RWMutex } @@ -84,7 +84,8 @@ func New2QParams(size int, recentRatio float64, ghostRatio float64) (*TwoQueueCa return c, nil } -func (c *TwoQueueCache) Get(key interface{}) (interface{}, bool) { +// Get looks up a key's value from the cache. +func (c *TwoQueueCache) Get(key interface{}) (value interface{}, ok bool) { c.lock.Lock() defer c.lock.Unlock() @@ -105,6 +106,7 @@ func (c *TwoQueueCache) Get(key interface{}) (interface{}, bool) { return nil, false } +// Add adds a value to the cache. func (c *TwoQueueCache) Add(key, value interface{}) { c.lock.Lock() defer c.lock.Unlock() @@ -160,12 +162,15 @@ func (c *TwoQueueCache) ensureSpace(recentEvict bool) { c.frequent.RemoveOldest() } +// Len returns the number of items in the cache. func (c *TwoQueueCache) Len() int { c.lock.RLock() defer c.lock.RUnlock() return c.recent.Len() + c.frequent.Len() } +// Keys returns a slice of the keys in the cache. +// The frequently used keys are first in the returned slice. func (c *TwoQueueCache) Keys() []interface{} { c.lock.RLock() defer c.lock.RUnlock() @@ -174,6 +179,7 @@ func (c *TwoQueueCache) Keys() []interface{} { return append(k1, k2...) } +// Remove removes the provided key from the cache. func (c *TwoQueueCache) Remove(key interface{}) { c.lock.Lock() defer c.lock.Unlock() @@ -188,6 +194,7 @@ func (c *TwoQueueCache) Remove(key interface{}) { } } +// Purge is used to completely clear the cache. func (c *TwoQueueCache) Purge() { c.lock.Lock() defer c.lock.Unlock() @@ -196,13 +203,17 @@ func (c *TwoQueueCache) Purge() { c.recentEvict.Purge() } +// Contains is used to check if the cache contains a key +// without updating recency or frequency. func (c *TwoQueueCache) Contains(key interface{}) bool { c.lock.RLock() defer c.lock.RUnlock() return c.frequent.Contains(key) || c.recent.Contains(key) } -func (c *TwoQueueCache) Peek(key interface{}) (interface{}, bool) { +// Peek is used to inspect the cache value of a key +// without updating recency or frequency. +func (c *TwoQueueCache) Peek(key interface{}) (value interface{}, ok bool) { c.lock.RLock() defer c.lock.RUnlock() if val, ok := c.frequent.Peek(key); ok { diff --git a/vendor/github.com/hashicorp/golang-lru/arc.go b/vendor/github.com/hashicorp/golang-lru/arc.go index a2a252817333..555225a218c9 100644 --- a/vendor/github.com/hashicorp/golang-lru/arc.go +++ b/vendor/github.com/hashicorp/golang-lru/arc.go @@ -18,11 +18,11 @@ type ARCCache struct { size int // Size is the total capacity of the cache p int // P is the dynamic preference towards T1 or T2 - t1 *simplelru.LRU // T1 is the LRU for recently accessed items - b1 *simplelru.LRU // B1 is the LRU for evictions from t1 + t1 simplelru.LRUCache // T1 is the LRU for recently accessed items + b1 simplelru.LRUCache // B1 is the LRU for evictions from t1 - t2 *simplelru.LRU // T2 is the LRU for frequently accessed items - b2 *simplelru.LRU // B2 is the LRU for evictions from t2 + t2 simplelru.LRUCache // T2 is the LRU for frequently accessed items + b2 simplelru.LRUCache // B2 is the LRU for evictions from t2 lock sync.RWMutex } @@ -60,11 +60,11 @@ func NewARC(size int) (*ARCCache, error) { } // Get looks up a key's value from the cache. -func (c *ARCCache) Get(key interface{}) (interface{}, bool) { +func (c *ARCCache) Get(key interface{}) (value interface{}, ok bool) { c.lock.Lock() defer c.lock.Unlock() - // Ff the value is contained in T1 (recent), then + // If the value is contained in T1 (recent), then // promote it to T2 (frequent) if val, ok := c.t1.Peek(key); ok { c.t1.Remove(key) @@ -153,7 +153,7 @@ func (c *ARCCache) Add(key, value interface{}) { // Remove from B2 c.b2.Remove(key) - // Add the key to the frequntly used list + // Add the key to the frequently used list c.t2.Add(key, value) return } @@ -247,7 +247,7 @@ func (c *ARCCache) Contains(key interface{}) bool { // Peek is used to inspect the cache value of a key // without updating recency or frequency. -func (c *ARCCache) Peek(key interface{}) (interface{}, bool) { +func (c *ARCCache) Peek(key interface{}) (value interface{}, ok bool) { c.lock.RLock() defer c.lock.RUnlock() if val, ok := c.t1.Peek(key); ok { diff --git a/vendor/github.com/hashicorp/golang-lru/doc.go b/vendor/github.com/hashicorp/golang-lru/doc.go new file mode 100644 index 000000000000..2547df979d0b --- /dev/null +++ b/vendor/github.com/hashicorp/golang-lru/doc.go @@ -0,0 +1,21 @@ +// Package lru provides three different LRU caches of varying sophistication. +// +// Cache is a simple LRU cache. It is based on the +// LRU implementation in groupcache: +// https://github.com/golang/groupcache/tree/master/lru +// +// TwoQueueCache tracks frequently used and recently used entries separately. +// This avoids a burst of accesses from taking out frequently used entries, +// at the cost of about 2x computational overhead and some extra bookkeeping. +// +// ARCCache is an adaptive replacement cache. It tracks recent evictions as +// well as recent usage in both the frequent and recent caches. Its +// computational overhead is comparable to TwoQueueCache, but the memory +// overhead is linear with the size of the cache. +// +// ARC has been patented by IBM, so do not use it if that is problematic for +// your program. +// +// All caches in this package take locks while operating, and are therefore +// thread-safe for consumers. +package lru diff --git a/vendor/github.com/hashicorp/golang-lru/lru.go b/vendor/github.com/hashicorp/golang-lru/lru.go index a6285f989e0a..c8d9b0a230f9 100644 --- a/vendor/github.com/hashicorp/golang-lru/lru.go +++ b/vendor/github.com/hashicorp/golang-lru/lru.go @@ -1,6 +1,3 @@ -// This package provides a simple LRU cache. It is based on the -// LRU implementation in groupcache: -// https://github.com/golang/groupcache/tree/master/lru package lru import ( @@ -11,11 +8,11 @@ import ( // Cache is a thread-safe fixed size LRU cache. type Cache struct { - lru *simplelru.LRU + lru simplelru.LRUCache lock sync.RWMutex } -// New creates an LRU of the given size +// New creates an LRU of the given size. func New(size int) (*Cache, error) { return NewWithEvict(size, nil) } @@ -33,7 +30,7 @@ func NewWithEvict(size int, onEvicted func(key interface{}, value interface{})) return c, nil } -// Purge is used to completely clear the cache +// Purge is used to completely clear the cache. func (c *Cache) Purge() { c.lock.Lock() c.lru.Purge() @@ -41,30 +38,30 @@ func (c *Cache) Purge() { } // Add adds a value to the cache. Returns true if an eviction occurred. -func (c *Cache) Add(key, value interface{}) bool { +func (c *Cache) Add(key, value interface{}) (evicted bool) { c.lock.Lock() defer c.lock.Unlock() return c.lru.Add(key, value) } // Get looks up a key's value from the cache. -func (c *Cache) Get(key interface{}) (interface{}, bool) { +func (c *Cache) Get(key interface{}) (value interface{}, ok bool) { c.lock.Lock() defer c.lock.Unlock() return c.lru.Get(key) } -// Check if a key is in the cache, without updating the recent-ness -// or deleting it for being stale. +// Contains checks if a key is in the cache, without updating the +// recent-ness or deleting it for being stale. func (c *Cache) Contains(key interface{}) bool { c.lock.RLock() defer c.lock.RUnlock() return c.lru.Contains(key) } -// Returns the key value (or undefined if not found) without updating +// Peek returns the key value (or undefined if not found) without updating // the "recently used"-ness of the key. -func (c *Cache) Peek(key interface{}) (interface{}, bool) { +func (c *Cache) Peek(key interface{}) (value interface{}, ok bool) { c.lock.RLock() defer c.lock.RUnlock() return c.lru.Peek(key) @@ -73,16 +70,15 @@ func (c *Cache) Peek(key interface{}) (interface{}, bool) { // ContainsOrAdd checks if a key is in the cache without updating the // recent-ness or deleting it for being stale, and if not, adds the value. // Returns whether found and whether an eviction occurred. -func (c *Cache) ContainsOrAdd(key, value interface{}) (ok, evict bool) { +func (c *Cache) ContainsOrAdd(key, value interface{}) (ok, evicted bool) { c.lock.Lock() defer c.lock.Unlock() if c.lru.Contains(key) { return true, false - } else { - evict := c.lru.Add(key, value) - return false, evict } + evicted = c.lru.Add(key, value) + return false, evicted } // Remove removes the provided key from the cache. diff --git a/vendor/github.com/hashicorp/golang-lru/simplelru/lru.go b/vendor/github.com/hashicorp/golang-lru/simplelru/lru.go index cb416b394f27..5673773b22be 100644 --- a/vendor/github.com/hashicorp/golang-lru/simplelru/lru.go +++ b/vendor/github.com/hashicorp/golang-lru/simplelru/lru.go @@ -36,7 +36,7 @@ func NewLRU(size int, onEvict EvictCallback) (*LRU, error) { return c, nil } -// Purge is used to completely clear the cache +// Purge is used to completely clear the cache. func (c *LRU) Purge() { for k, v := range c.items { if c.onEvict != nil { @@ -48,7 +48,7 @@ func (c *LRU) Purge() { } // Add adds a value to the cache. Returns true if an eviction occurred. -func (c *LRU) Add(key, value interface{}) bool { +func (c *LRU) Add(key, value interface{}) (evicted bool) { // Check for existing item if ent, ok := c.items[key]; ok { c.evictList.MoveToFront(ent) @@ -78,17 +78,18 @@ func (c *LRU) Get(key interface{}) (value interface{}, ok bool) { return } -// Check if a key is in the cache, without updating the recent-ness +// Contains checks if a key is in the cache, without updating the recent-ness // or deleting it for being stale. func (c *LRU) Contains(key interface{}) (ok bool) { _, ok = c.items[key] return ok } -// Returns the key value (or undefined if not found) without updating +// Peek returns the key value (or undefined if not found) without updating // the "recently used"-ness of the key. func (c *LRU) Peek(key interface{}) (value interface{}, ok bool) { - if ent, ok := c.items[key]; ok { + var ent *list.Element + if ent, ok = c.items[key]; ok { return ent.Value.(*entry).value, true } return nil, ok @@ -96,7 +97,7 @@ func (c *LRU) Peek(key interface{}) (value interface{}, ok bool) { // Remove removes the provided key from the cache, returning if the // key was contained. -func (c *LRU) Remove(key interface{}) bool { +func (c *LRU) Remove(key interface{}) (present bool) { if ent, ok := c.items[key]; ok { c.removeElement(ent) return true @@ -105,7 +106,7 @@ func (c *LRU) Remove(key interface{}) bool { } // RemoveOldest removes the oldest item from the cache. -func (c *LRU) RemoveOldest() (interface{}, interface{}, bool) { +func (c *LRU) RemoveOldest() (key interface{}, value interface{}, ok bool) { ent := c.evictList.Back() if ent != nil { c.removeElement(ent) @@ -116,7 +117,7 @@ func (c *LRU) RemoveOldest() (interface{}, interface{}, bool) { } // GetOldest returns the oldest entry -func (c *LRU) GetOldest() (interface{}, interface{}, bool) { +func (c *LRU) GetOldest() (key interface{}, value interface{}, ok bool) { ent := c.evictList.Back() if ent != nil { kv := ent.Value.(*entry) diff --git a/vendor/github.com/hashicorp/golang-lru/simplelru/lru_interface.go b/vendor/github.com/hashicorp/golang-lru/simplelru/lru_interface.go new file mode 100644 index 000000000000..744cac01c63c --- /dev/null +++ b/vendor/github.com/hashicorp/golang-lru/simplelru/lru_interface.go @@ -0,0 +1,37 @@ +package simplelru + + +// LRUCache is the interface for simple LRU cache. +type LRUCache interface { + // Adds a value to the cache, returns true if an eviction occurred and + // updates the "recently used"-ness of the key. + Add(key, value interface{}) bool + + // Returns key's value from the cache and + // updates the "recently used"-ness of the key. #value, isFound + Get(key interface{}) (value interface{}, ok bool) + + // Check if a key exsists in cache without updating the recent-ness. + Contains(key interface{}) (ok bool) + + // Returns key's value without updating the "recently used"-ness of the key. + Peek(key interface{}) (value interface{}, ok bool) + + // Removes a key from the cache. + Remove(key interface{}) bool + + // Removes the oldest entry from cache. + RemoveOldest() (interface{}, interface{}, bool) + + // Returns the oldest entry from the cache. #key, value, isFound + GetOldest() (interface{}, interface{}, bool) + + // Returns a slice of the keys in the cache, from oldest to newest. + Keys() []interface{} + + // Returns the number of items in the cache. + Len() int + + // Clear all cache entries + Purge() +} diff --git a/vendor/github.com/hashicorp/memberlist/README.md b/vendor/github.com/hashicorp/memberlist/README.md index 0adc075e815e..e6fed4e64981 100644 --- a/vendor/github.com/hashicorp/memberlist/README.md +++ b/vendor/github.com/hashicorp/memberlist/README.md @@ -65,7 +65,7 @@ For complete documentation, see the associated [Godoc](http://godoc.org/github.c ## Protocol -memberlist is based on ["SWIM: Scalable Weakly-consistent Infection-style Process Group Membership Protocol"](http://www.cs.cornell.edu/~asdas/research/dsn02-swim.pdf). However, we extend the protocol in a number of ways: +memberlist is based on ["SWIM: Scalable Weakly-consistent Infection-style Process Group Membership Protocol"](http://ieeexplore.ieee.org/document/1028914/). However, we extend the protocol in a number of ways: * Several extensions are made to increase propagation speed and convergence rate. diff --git a/vendor/github.com/hashicorp/nomad/api/nodes.go b/vendor/github.com/hashicorp/nomad/api/nodes.go index e1ef5e2aaa06..194affde4586 100644 --- a/vendor/github.com/hashicorp/nomad/api/nodes.go +++ b/vendor/github.com/hashicorp/nomad/api/nodes.go @@ -151,6 +151,7 @@ type HostDiskStats struct { // NodeListStub is a subset of information returned during // node list operations. type NodeListStub struct { + Address string ID string Datacenter string Name string diff --git a/vendor/github.com/hashicorp/nomad/api/operator_autopilot.go b/vendor/github.com/hashicorp/nomad/api/operator_autopilot.go index a61ad21d611b..2dbde9dd2d03 100644 --- a/vendor/github.com/hashicorp/nomad/api/operator_autopilot.go +++ b/vendor/github.com/hashicorp/nomad/api/operator_autopilot.go @@ -2,6 +2,7 @@ package api import ( "bytes" + "encoding/json" "fmt" "io" "strconv" @@ -19,7 +20,7 @@ type AutopilotConfiguration struct { // LastContactThreshold is the limit on the amount of time a server can go // without leader contact before being considered unhealthy. - LastContactThreshold *ReadableDuration + LastContactThreshold time.Duration // MaxTrailingLogs is the amount of entries in the Raft Log that a server can // be behind before being considered unhealthy. @@ -28,20 +29,19 @@ type AutopilotConfiguration struct { // ServerStabilizationTime is the minimum amount of time a server must be // in a stable, healthy state before it can be added to the cluster. Only // applicable with Raft protocol version 3 or higher. - ServerStabilizationTime *ReadableDuration + ServerStabilizationTime time.Duration - // (Enterprise-only) RedundancyZoneTag is the node tag to use for separating - // servers into zones for redundancy. If left blank, this feature will be disabled. - RedundancyZoneTag string + // (Enterprise-only) EnableRedundancyZones specifies whether to enable redundancy zones. + EnableRedundancyZones bool // (Enterprise-only) DisableUpgradeMigration will disable Autopilot's upgrade migration // strategy of waiting until enough newer-versioned servers have been added to the // cluster before promoting them to voters. DisableUpgradeMigration bool - // (Enterprise-only) UpgradeVersionTag is the node tag to use for version info when - // performing upgrade migrations. If left blank, the Nomad version will be used. - UpgradeVersionTag string + // (Enterprise-only) EnableCustomUpgrades specifies whether to enable using custom + // upgrade versions when performing migrations. + EnableCustomUpgrades bool // CreateIndex holds the index corresponding the creation of this configuration. // This is a read-only field. @@ -54,6 +54,45 @@ type AutopilotConfiguration struct { ModifyIndex uint64 } +func (u *AutopilotConfiguration) MarshalJSON() ([]byte, error) { + type Alias AutopilotConfiguration + return json.Marshal(&struct { + LastContactThreshold string + ServerStabilizationTime string + *Alias + }{ + LastContactThreshold: u.LastContactThreshold.String(), + ServerStabilizationTime: u.ServerStabilizationTime.String(), + Alias: (*Alias)(u), + }) +} + +func (u *AutopilotConfiguration) UnmarshalJSON(data []byte) error { + type Alias AutopilotConfiguration + aux := &struct { + LastContactThreshold string + ServerStabilizationTime string + *Alias + }{ + Alias: (*Alias)(u), + } + if err := json.Unmarshal(data, &aux); err != nil { + return err + } + var err error + if aux.LastContactThreshold != "" { + if u.LastContactThreshold, err = time.ParseDuration(aux.LastContactThreshold); err != nil { + return err + } + } + if aux.ServerStabilizationTime != "" { + if u.ServerStabilizationTime, err = time.ParseDuration(aux.ServerStabilizationTime); err != nil { + return err + } + } + return nil +} + // ServerHealth is the health (from the leader's point of view) of a server. type ServerHealth struct { // ID is the raft ID of the server. @@ -75,7 +114,7 @@ type ServerHealth struct { Leader bool // LastContact is the time since this node's last contact with the leader. - LastContact *ReadableDuration + LastContact time.Duration // LastTerm is the highest leader term this server has a record of in its Raft log. LastTerm uint64 @@ -94,6 +133,37 @@ type ServerHealth struct { StableSince time.Time } +func (u *ServerHealth) MarshalJSON() ([]byte, error) { + type Alias ServerHealth + return json.Marshal(&struct { + LastContact string + *Alias + }{ + LastContact: u.LastContact.String(), + Alias: (*Alias)(u), + }) +} + +func (u *ServerHealth) UnmarshalJSON(data []byte) error { + type Alias ServerHealth + aux := &struct { + LastContact string + *Alias + }{ + Alias: (*Alias)(u), + } + if err := json.Unmarshal(data, &aux); err != nil { + return err + } + var err error + if aux.LastContact != "" { + if u.LastContact, err = time.ParseDuration(aux.LastContact); err != nil { + return err + } + } + return nil +} + // OperatorHealthReply is a representation of the overall health of the cluster type OperatorHealthReply struct { // Healthy is true if all the servers in the cluster are healthy. @@ -107,46 +177,6 @@ type OperatorHealthReply struct { Servers []ServerHealth } -// ReadableDuration is a duration type that is serialized to JSON in human readable format. -type ReadableDuration time.Duration - -func NewReadableDuration(dur time.Duration) *ReadableDuration { - d := ReadableDuration(dur) - return &d -} - -func (d *ReadableDuration) String() string { - return d.Duration().String() -} - -func (d *ReadableDuration) Duration() time.Duration { - if d == nil { - return time.Duration(0) - } - return time.Duration(*d) -} - -func (d *ReadableDuration) MarshalJSON() ([]byte, error) { - return []byte(fmt.Sprintf(`"%s"`, d.Duration().String())), nil -} - -func (d *ReadableDuration) UnmarshalJSON(raw []byte) error { - if d == nil { - return fmt.Errorf("cannot unmarshal to nil pointer") - } - - str := string(raw) - if len(str) < 2 || str[0] != '"' || str[len(str)-1] != '"' { - return fmt.Errorf("must be enclosed with quotes: %s", str) - } - dur, err := time.ParseDuration(str[1 : len(str)-1]) - if err != nil { - return err - } - *d = ReadableDuration(dur) - return nil -} - // AutopilotGetConfiguration is used to query the current Autopilot configuration. func (op *Operator) AutopilotGetConfiguration(q *QueryOptions) (*AutopilotConfiguration, error) { r, err := op.c.newRequest("GET", "/v1/operator/autopilot/configuration") diff --git a/vendor/github.com/jmespath/go-jmespath/interpreter.go b/vendor/github.com/jmespath/go-jmespath/interpreter.go index 8672a3f675b5..13c74604c2c8 100644 --- a/vendor/github.com/jmespath/go-jmespath/interpreter.go +++ b/vendor/github.com/jmespath/go-jmespath/interpreter.go @@ -76,7 +76,11 @@ func (intr *treeInterpreter) Execute(node ASTNode, value interface{}) (interface } return intr.fCall.CallFunction(node.value.(string), resolvedArgs, intr) case ASTField: - return intr.fieldFromStructOrMap(node.value.(string), value) + if m, ok := value.(map[string]interface{}); ok { + key := node.value.(string) + return m[key], nil + } + return intr.fieldFromStruct(node.value.(string), value) case ASTFilterProjection: left, err := intr.Execute(node.children[0], value) if err != nil { @@ -310,14 +314,8 @@ func (intr *treeInterpreter) Execute(node ASTNode, value interface{}) (interface return nil, errors.New("Unknown AST node: " + node.nodeType.String()) } -func (intr *treeInterpreter) fieldFromStructOrMap(key string, value interface{}) (interface{}, error) { - var err error +func (intr *treeInterpreter) fieldFromStruct(key string, value interface{}) (interface{}, error) { rv := reflect.ValueOf(value) - rv, err = stripPtrs(rv) - if err != nil { - return nil, nil - } - first, n := utf8.DecodeRuneInString(key) fieldName := string(unicode.ToUpper(first)) + key[n:] if rv.Kind() == reflect.Struct { @@ -325,24 +323,19 @@ func (intr *treeInterpreter) fieldFromStructOrMap(key string, value interface{}) if !v.IsValid() { return nil, nil } - v, err = stripPtrs(v) - if err != nil { - return nil, nil - } return v.Interface(), nil - } else if rv.Kind() == reflect.Map { - field := rv.MapIndex(reflect.ValueOf(key)) - field, err = stripPtrs(field) - if err != nil { + } else if rv.Kind() == reflect.Ptr { + // Handle multiple levels of indirection? + if rv.IsNil() { return nil, nil } - if field.IsValid() { - return field.Interface(), nil - } else { + rv = rv.Elem() + v := rv.FieldByName(fieldName) + if !v.IsValid() { return nil, nil } + return v.Interface(), nil } - return nil, nil } diff --git a/vendor/github.com/jmespath/go-jmespath/util.go b/vendor/github.com/jmespath/go-jmespath/util.go index dfedc988d5ac..ddc1b7d7d460 100644 --- a/vendor/github.com/jmespath/go-jmespath/util.go +++ b/vendor/github.com/jmespath/go-jmespath/util.go @@ -183,22 +183,3 @@ func isSliceType(v interface{}) bool { } return reflect.TypeOf(v).Kind() == reflect.Slice } - -func stripPtrs(rv reflect.Value) (reflect.Value, error) { - // Some pointer chains are disguised as interface - if rv.Kind() == reflect.Interface { - // Try to reassess type - rv = reflect.ValueOf(rv.Interface()) - } - for rv.Kind() == reflect.Ptr { - if rv.IsNil() { - return rv, errors.New("Pointer is nil") - } - rv = rv.Elem() - if rv.Kind() == reflect.Interface { - // Try to reassess type - rv = reflect.ValueOf(rv.Interface()) - } - } - return rv, nil -} diff --git a/vendor/github.com/keybase/go-crypto/openpgp/armor/armor.go b/vendor/github.com/keybase/go-crypto/openpgp/armor/armor.go index 3d691ad5f99f..b65b58bcbef8 100644 --- a/vendor/github.com/keybase/go-crypto/openpgp/armor/armor.go +++ b/vendor/github.com/keybase/go-crypto/openpgp/armor/armor.go @@ -112,7 +112,10 @@ func (l *lineReader) Read(p []byte) (n int, err error) { for { line, _, err = l.in.ReadLine() - if err != nil && err != io.EOF { + if err == io.EOF { + break + } + if err != nil { return } if len(strings.TrimSpace(string(line))) > 0 { diff --git a/vendor/github.com/mattn/go-colorable/colorable_windows.go b/vendor/github.com/mattn/go-colorable/colorable_windows.go index 9551973b20ea..404e10ca02b1 100644 --- a/vendor/github.com/mattn/go-colorable/colorable_windows.go +++ b/vendor/github.com/mattn/go-colorable/colorable_windows.go @@ -449,6 +449,8 @@ loop: } switch c2 { + case '>': + continue case ']': w.rest.WriteByte(c1) w.rest.WriteByte(c2) diff --git a/vendor/github.com/mitchellh/mapstructure/README.md b/vendor/github.com/mitchellh/mapstructure/README.md index 7ecc785e4963..0018dc7d9f94 100644 --- a/vendor/github.com/mitchellh/mapstructure/README.md +++ b/vendor/github.com/mitchellh/mapstructure/README.md @@ -1,4 +1,4 @@ -# mapstructure [![Godoc](https://godoc.org/github.com/mitchell/mapstructure?status.svg)](https://godoc.org/github.com/mitchell/mapstructure) +# mapstructure [![Godoc](https://godoc.org/github.com/mitchellh/mapstructure?status.svg)](https://godoc.org/github.com/mitchellh/mapstructure) mapstructure is a Go library for decoding generic map values to structures and vice versa, while providing helpful error handling. diff --git a/vendor/github.com/mitchellh/mapstructure/decode_hooks.go b/vendor/github.com/mitchellh/mapstructure/decode_hooks.go index afcfd5eed69c..2a727575a355 100644 --- a/vendor/github.com/mitchellh/mapstructure/decode_hooks.go +++ b/vendor/github.com/mitchellh/mapstructure/decode_hooks.go @@ -115,6 +115,25 @@ func StringToTimeDurationHookFunc() DecodeHookFunc { } } +// StringToTimeHookFunc returns a DecodeHookFunc that converts +// strings to time.Time. +func StringToTimeHookFunc(layout string) DecodeHookFunc { + return func( + f reflect.Type, + t reflect.Type, + data interface{}) (interface{}, error) { + if f.Kind() != reflect.String { + return data, nil + } + if t != reflect.TypeOf(time.Time{}) { + return data, nil + } + + // Convert it by parsing + return time.Parse(layout, data.(string)) + } +} + // WeaklyTypedHook is a DecodeHookFunc which adds support for weak typing to // the decoder. // diff --git a/vendor/github.com/mitchellh/mapstructure/mapstructure.go b/vendor/github.com/mitchellh/mapstructure/mapstructure.go index 39ec1e943d79..65977b654508 100644 --- a/vendor/github.com/mitchellh/mapstructure/mapstructure.go +++ b/vendor/github.com/mitchellh/mapstructure/mapstructure.go @@ -114,12 +114,12 @@ type Metadata struct { Unused []string } -// Decode takes a map and uses reflection to convert it into the -// given Go native structure. val must be a pointer to a struct. -func Decode(m interface{}, rawVal interface{}) error { +// Decode takes an input structure and uses reflection to translate it to +// the output structure. output must be a pointer to a map or struct. +func Decode(input interface{}, output interface{}) error { config := &DecoderConfig{ Metadata: nil, - Result: rawVal, + Result: output, } decoder, err := NewDecoder(config) @@ -127,7 +127,7 @@ func Decode(m interface{}, rawVal interface{}) error { return err } - return decoder.Decode(m) + return decoder.Decode(input) } // WeakDecode is the same as Decode but is shorthand to enable @@ -147,6 +147,40 @@ func WeakDecode(input, output interface{}) error { return decoder.Decode(input) } +// DecodeMetadata is the same as Decode, but is shorthand to +// enable metadata collection. See DecoderConfig for more info. +func DecodeMetadata(input interface{}, output interface{}, metadata *Metadata) error { + config := &DecoderConfig{ + Metadata: metadata, + Result: output, + } + + decoder, err := NewDecoder(config) + if err != nil { + return err + } + + return decoder.Decode(input) +} + +// WeakDecodeMetadata is the same as Decode, but is shorthand to +// enable both WeaklyTypedInput and metadata collection. See +// DecoderConfig for more info. +func WeakDecodeMetadata(input interface{}, output interface{}, metadata *Metadata) error { + config := &DecoderConfig{ + Metadata: metadata, + Result: output, + WeaklyTypedInput: true, + } + + decoder, err := NewDecoder(config) + if err != nil { + return err + } + + return decoder.Decode(input) +} + // NewDecoder returns a new decoder for the given configuration. Once // a decoder has been returned, the same configuration must not be used // again. @@ -184,70 +218,70 @@ func NewDecoder(config *DecoderConfig) (*Decoder, error) { // Decode decodes the given raw interface to the target pointer specified // by the configuration. -func (d *Decoder) Decode(raw interface{}) error { - return d.decode("", raw, reflect.ValueOf(d.config.Result).Elem()) +func (d *Decoder) Decode(input interface{}) error { + return d.decode("", input, reflect.ValueOf(d.config.Result).Elem()) } // Decodes an unknown data type into a specific reflection value. -func (d *Decoder) decode(name string, data interface{}, val reflect.Value) error { - if data == nil { - // If the data is nil, then we don't set anything. +func (d *Decoder) decode(name string, input interface{}, outVal reflect.Value) error { + if input == nil { + // If the input is nil, then we don't set anything. return nil } - dataVal := reflect.ValueOf(data) - if !dataVal.IsValid() { - // If the data value is invalid, then we just set the value + inputVal := reflect.ValueOf(input) + if !inputVal.IsValid() { + // If the input value is invalid, then we just set the value // to be the zero value. - val.Set(reflect.Zero(val.Type())) + outVal.Set(reflect.Zero(outVal.Type())) return nil } if d.config.DecodeHook != nil { - // We have a DecodeHook, so let's pre-process the data. + // We have a DecodeHook, so let's pre-process the input. var err error - data, err = DecodeHookExec( + input, err = DecodeHookExec( d.config.DecodeHook, - dataVal.Type(), val.Type(), data) + inputVal.Type(), outVal.Type(), input) if err != nil { return fmt.Errorf("error decoding '%s': %s", name, err) } } var err error - dataKind := getKind(val) - switch dataKind { + inputKind := getKind(outVal) + switch inputKind { case reflect.Bool: - err = d.decodeBool(name, data, val) + err = d.decodeBool(name, input, outVal) case reflect.Interface: - err = d.decodeBasic(name, data, val) + err = d.decodeBasic(name, input, outVal) case reflect.String: - err = d.decodeString(name, data, val) + err = d.decodeString(name, input, outVal) case reflect.Int: - err = d.decodeInt(name, data, val) + err = d.decodeInt(name, input, outVal) case reflect.Uint: - err = d.decodeUint(name, data, val) + err = d.decodeUint(name, input, outVal) case reflect.Float32: - err = d.decodeFloat(name, data, val) + err = d.decodeFloat(name, input, outVal) case reflect.Struct: - err = d.decodeStruct(name, data, val) + err = d.decodeStruct(name, input, outVal) case reflect.Map: - err = d.decodeMap(name, data, val) + err = d.decodeMap(name, input, outVal) case reflect.Ptr: - err = d.decodePtr(name, data, val) + err = d.decodePtr(name, input, outVal) case reflect.Slice: - err = d.decodeSlice(name, data, val) + err = d.decodeSlice(name, input, outVal) case reflect.Array: - err = d.decodeArray(name, data, val) + err = d.decodeArray(name, input, outVal) case reflect.Func: - err = d.decodeFunc(name, data, val) + err = d.decodeFunc(name, input, outVal) default: // If we reached this point then we weren't able to decode it - return fmt.Errorf("%s: unsupported type: %s", name, dataKind) + return fmt.Errorf("%s: unsupported type: %s", name, inputKind) } // If we reached here, then we successfully decoded SOMETHING, so - // mark the key as used if we're tracking metadata. + // mark the key as used if we're tracking metainput. if d.config.Metadata != nil && name != "" { d.config.Metadata.Keys = append(d.config.Metadata.Keys, name) } @@ -258,6 +292,9 @@ func (d *Decoder) decode(name string, data interface{}, val reflect.Value) error // This decodes a basic type (bool, int, string, etc.) and sets the // value to "data" of that type. func (d *Decoder) decodeBasic(name string, data interface{}, val reflect.Value) error { + if val.IsValid() && val.Elem().IsValid() { + return d.decode(name, data, val.Elem()) + } dataVal := reflect.ValueOf(data) if !dataVal.IsValid() { dataVal = reflect.Zero(val.Type()) @@ -499,34 +536,50 @@ func (d *Decoder) decodeMap(name string, data interface{}, val reflect.Value) er valMap = reflect.MakeMap(mapType) } - // Check input type + // Check input type and based on the input type jump to the proper func dataVal := reflect.Indirect(reflect.ValueOf(data)) - if dataVal.Kind() != reflect.Map { - // In weak mode, we accept a slice of maps as an input... - if d.config.WeaklyTypedInput { - switch dataVal.Kind() { - case reflect.Array, reflect.Slice: - // Special case for BC reasons (covered by tests) - if dataVal.Len() == 0 { - val.Set(valMap) - return nil - } + switch dataVal.Kind() { + case reflect.Map: + return d.decodeMapFromMap(name, dataVal, val, valMap) - for i := 0; i < dataVal.Len(); i++ { - err := d.decode( - fmt.Sprintf("%s[%d]", name, i), - dataVal.Index(i).Interface(), val) - if err != nil { - return err - } - } + case reflect.Struct: + return d.decodeMapFromStruct(name, dataVal, val, valMap) - return nil - } + case reflect.Array, reflect.Slice: + if d.config.WeaklyTypedInput { + return d.decodeMapFromSlice(name, dataVal, val, valMap) } + fallthrough + + default: return fmt.Errorf("'%s' expected a map, got '%s'", name, dataVal.Kind()) } +} + +func (d *Decoder) decodeMapFromSlice(name string, dataVal reflect.Value, val reflect.Value, valMap reflect.Value) error { + // Special case for BC reasons (covered by tests) + if dataVal.Len() == 0 { + val.Set(valMap) + return nil + } + + for i := 0; i < dataVal.Len(); i++ { + err := d.decode( + fmt.Sprintf("%s[%d]", name, i), + dataVal.Index(i).Interface(), val) + if err != nil { + return err + } + } + + return nil +} + +func (d *Decoder) decodeMapFromMap(name string, dataVal reflect.Value, val reflect.Value, valMap reflect.Value) error { + valType := val.Type() + valKeyType := valType.Key() + valElemType := valType.Elem() // Accumulate errors errors := make([]string, 0) @@ -563,22 +616,88 @@ func (d *Decoder) decodeMap(name string, data interface{}, val reflect.Value) er return nil } +func (d *Decoder) decodeMapFromStruct(name string, dataVal reflect.Value, val reflect.Value, valMap reflect.Value) error { + typ := dataVal.Type() + for i := 0; i < typ.NumField(); i++ { + // Get the StructField first since this is a cheap operation. If the + // field is unexported, then ignore it. + f := typ.Field(i) + if f.PkgPath != "" { + continue + } + + // Next get the actual value of this field and verify it is assignable + // to the map value. + v := dataVal.Field(i) + if !v.Type().AssignableTo(valMap.Type().Elem()) { + return fmt.Errorf("cannot assign type '%s' to map value field of type '%s'", v.Type(), valMap.Type().Elem()) + } + + // Determine the name of the key in the map + keyName := f.Name + tagValue := f.Tag.Get(d.config.TagName) + tagValue = strings.SplitN(tagValue, ",", 2)[0] + if tagValue != "" { + if tagValue == "-" { + continue + } + + keyName = tagValue + } + + switch v.Kind() { + // this is an embedded struct, so handle it differently + case reflect.Struct: + x := reflect.New(v.Type()) + x.Elem().Set(v) + + vType := valMap.Type() + vKeyType := vType.Key() + vElemType := vType.Elem() + mType := reflect.MapOf(vKeyType, vElemType) + vMap := reflect.MakeMap(mType) + + err := d.decode(keyName, x.Interface(), vMap) + if err != nil { + return err + } + + valMap.SetMapIndex(reflect.ValueOf(keyName), vMap) + + default: + valMap.SetMapIndex(reflect.ValueOf(keyName), v) + } + } + + if val.CanAddr() { + val.Set(valMap) + } + + return nil +} + func (d *Decoder) decodePtr(name string, data interface{}, val reflect.Value) error { // Create an element of the concrete (non pointer) type and decode // into that. Then set the value of the pointer to this type. valType := val.Type() valElemType := valType.Elem() - realVal := val - if realVal.IsNil() || d.config.ZeroFields { - realVal = reflect.New(valElemType) - } + if val.CanSet() { + realVal := val + if realVal.IsNil() || d.config.ZeroFields { + realVal = reflect.New(valElemType) + } - if err := d.decode(name, data, reflect.Indirect(realVal)); err != nil { - return err - } + if err := d.decode(name, data, reflect.Indirect(realVal)); err != nil { + return err + } - val.Set(realVal) + val.Set(realVal) + } else { + if err := d.decode(name, data, reflect.Indirect(val)); err != nil { + return err + } + } return nil } @@ -614,7 +733,8 @@ func (d *Decoder) decodeSlice(name string, data interface{}, val reflect.Value) val.Set(reflect.MakeSlice(sliceType, 0, 0)) return nil } - + case dataValKind == reflect.String && valElemType.Kind() == reflect.Uint8: + return d.decodeSlice(name, []byte(dataVal.String()), val) // All other types we try to convert to the slice type // and "lift" it into it. i.e. a string becomes a string slice. default: @@ -622,7 +742,6 @@ func (d *Decoder) decodeSlice(name string, data interface{}, val reflect.Value) return d.decodeSlice(name, []interface{}{data}, val) } } - return fmt.Errorf( "'%s': source data must be an array or slice, got %s", name, dataValKind) diff --git a/vendor/github.com/pkg/errors/stack.go b/vendor/github.com/pkg/errors/stack.go index b485761a7cbe..2874a048cf3e 100644 --- a/vendor/github.com/pkg/errors/stack.go +++ b/vendor/github.com/pkg/errors/stack.go @@ -145,43 +145,3 @@ func funcname(name string) string { i = strings.Index(name, ".") return name[i+1:] } - -func trimGOPATH(name, file string) string { - // Here we want to get the source file path relative to the compile time - // GOPATH. As of Go 1.6.x there is no direct way to know the compiled - // GOPATH at runtime, but we can infer the number of path segments in the - // GOPATH. We note that fn.Name() returns the function name qualified by - // the import path, which does not include the GOPATH. Thus we can trim - // segments from the beginning of the file path until the number of path - // separators remaining is one more than the number of path separators in - // the function name. For example, given: - // - // GOPATH /home/user - // file /home/user/src/pkg/sub/file.go - // fn.Name() pkg/sub.Type.Method - // - // We want to produce: - // - // pkg/sub/file.go - // - // From this we can easily see that fn.Name() has one less path separator - // than our desired output. We count separators from the end of the file - // path until it finds two more than in the function name and then move - // one character forward to preserve the initial path segment without a - // leading separator. - const sep = "/" - goal := strings.Count(name, sep) + 2 - i := len(file) - for n := 0; n < goal; n++ { - i = strings.LastIndex(file[:i], sep) - if i == -1 { - // not enough separators found, set i so that the slice expression - // below leaves file unmodified - i = -len(sep) - break - } - } - // get back to 0 or trim the leading separator - file = file[i+len(sep):] - return file -} diff --git a/vendor/github.com/sethgrid/pester/pester.go b/vendor/github.com/sethgrid/pester/pester.go index 55db6fa39f9c..688e88ad5a42 100644 --- a/vendor/github.com/sethgrid/pester/pester.go +++ b/vendor/github.com/sethgrid/pester/pester.go @@ -300,6 +300,16 @@ func (c *Client) pester(p params) (*http.Response, error) { return } + //If the request has been cancelled, skip retries + if p.req != nil { + ctx := p.req.Context() + select { + case <-ctx.Done(): + multiplexCh <- result{resp: resp, err: ctx.Err()} + return + } + } + // if we are retrying, we should close this response body to free the fd if resp != nil { resp.Body.Close() diff --git a/vendor/github.com/sirupsen/logrus/README.md b/vendor/github.com/sirupsen/logrus/README.md index 08584b5fc246..bc3f9bc097ec 100644 --- a/vendor/github.com/sirupsen/logrus/README.md +++ b/vendor/github.com/sirupsen/logrus/README.md @@ -220,7 +220,7 @@ Logrus comes with [built-in hooks](hooks/). Add those, or your custom hook, in ```go import ( log "github.com/sirupsen/logrus" - "gopkg.in/gemnasium/logrus-airbrake-hook.v2" // the package is named "aibrake" + "gopkg.in/gemnasium/logrus-airbrake-hook.v2" // the package is named "airbrake" logrus_syslog "github.com/sirupsen/logrus/hooks/syslog" "log/syslog" ) @@ -247,6 +247,7 @@ Note: Syslog hook also support connecting to local syslog (Ex. "/dev/log" or "/v | [Airbrake](https://github.com/gemnasium/logrus-airbrake-hook) | Send errors to the Airbrake API V3. Uses the official [`gobrake`](https://github.com/airbrake/gobrake) behind the scenes. | | [Amazon Kinesis](https://github.com/evalphobia/logrus_kinesis) | Hook for logging to [Amazon Kinesis](https://aws.amazon.com/kinesis/) | | [Amqp-Hook](https://github.com/vladoatanasov/logrus_amqp) | Hook for logging to Amqp broker (Like RabbitMQ) | +| [Application Insights](https://github.com/jjcollinge/logrus-appinsights) | Hook for logging to [Application Insights](https://azure.microsoft.com/en-us/services/application-insights/) | [AzureTableHook](https://github.com/kpfaulkner/azuretablehook/) | Hook for logging to Azure Table Storage| | [Bugsnag](https://github.com/Shopify/logrus-bugsnag/blob/master/bugsnag.go) | Send errors to the Bugsnag exception tracking service. | | [DeferPanic](https://github.com/deferpanic/dp-logrus) | Hook for logging to DeferPanic | diff --git a/vendor/github.com/sirupsen/logrus/entry.go b/vendor/github.com/sirupsen/logrus/entry.go index 1fad45e08232..df6f92dc825d 100644 --- a/vendor/github.com/sirupsen/logrus/entry.go +++ b/vendor/github.com/sirupsen/logrus/entry.go @@ -94,38 +94,45 @@ func (entry Entry) log(level Level, msg string) { entry.Level = level entry.Message = msg - entry.Logger.mu.Lock() - err := entry.Logger.Hooks.Fire(level, &entry) - entry.Logger.mu.Unlock() - if err != nil { - entry.Logger.mu.Lock() - fmt.Fprintf(os.Stderr, "Failed to fire hook: %v\n", err) - entry.Logger.mu.Unlock() - } + entry.fireHooks() + buffer = bufferPool.Get().(*bytes.Buffer) buffer.Reset() defer bufferPool.Put(buffer) entry.Buffer = buffer - serialized, err := entry.Logger.Formatter.Format(&entry) + + entry.write() + entry.Buffer = nil + + // To avoid Entry#log() returning a value that only would make sense for + // panic() to use in Entry#Panic(), we avoid the allocation by checking + // directly here. + if level <= PanicLevel { + panic(&entry) + } +} + +func (entry *Entry) fireHooks() { + entry.Logger.mu.Lock() + defer entry.Logger.mu.Unlock() + err := entry.Logger.Hooks.Fire(entry.Level, entry) + if err != nil { + fmt.Fprintf(os.Stderr, "Failed to fire hook: %v\n", err) + } +} + +func (entry *Entry) write() { + serialized, err := entry.Logger.Formatter.Format(entry) + entry.Logger.mu.Lock() + defer entry.Logger.mu.Unlock() if err != nil { - entry.Logger.mu.Lock() fmt.Fprintf(os.Stderr, "Failed to obtain reader, %v\n", err) - entry.Logger.mu.Unlock() } else { - entry.Logger.mu.Lock() _, err = entry.Logger.Out.Write(serialized) if err != nil { fmt.Fprintf(os.Stderr, "Failed to write to log, %v\n", err) } - entry.Logger.mu.Unlock() - } - - // To avoid Entry#log() returning a value that only would make sense for - // panic() to use in Entry#Panic(), we avoid the allocation by checking - // directly here. - if level <= PanicLevel { - panic(&entry) } } diff --git a/vendor/github.com/spf13/pflag/duration_slice.go b/vendor/github.com/spf13/pflag/duration_slice.go new file mode 100644 index 000000000000..52c6b6dc1041 --- /dev/null +++ b/vendor/github.com/spf13/pflag/duration_slice.go @@ -0,0 +1,128 @@ +package pflag + +import ( + "fmt" + "strings" + "time" +) + +// -- durationSlice Value +type durationSliceValue struct { + value *[]time.Duration + changed bool +} + +func newDurationSliceValue(val []time.Duration, p *[]time.Duration) *durationSliceValue { + dsv := new(durationSliceValue) + dsv.value = p + *dsv.value = val + return dsv +} + +func (s *durationSliceValue) Set(val string) error { + ss := strings.Split(val, ",") + out := make([]time.Duration, len(ss)) + for i, d := range ss { + var err error + out[i], err = time.ParseDuration(d) + if err != nil { + return err + } + + } + if !s.changed { + *s.value = out + } else { + *s.value = append(*s.value, out...) + } + s.changed = true + return nil +} + +func (s *durationSliceValue) Type() string { + return "durationSlice" +} + +func (s *durationSliceValue) String() string { + out := make([]string, len(*s.value)) + for i, d := range *s.value { + out[i] = fmt.Sprintf("%s", d) + } + return "[" + strings.Join(out, ",") + "]" +} + +func durationSliceConv(val string) (interface{}, error) { + val = strings.Trim(val, "[]") + // Empty string would cause a slice with one (empty) entry + if len(val) == 0 { + return []time.Duration{}, nil + } + ss := strings.Split(val, ",") + out := make([]time.Duration, len(ss)) + for i, d := range ss { + var err error + out[i], err = time.ParseDuration(d) + if err != nil { + return nil, err + } + + } + return out, nil +} + +// GetDurationSlice returns the []time.Duration value of a flag with the given name +func (f *FlagSet) GetDurationSlice(name string) ([]time.Duration, error) { + val, err := f.getFlagType(name, "durationSlice", durationSliceConv) + if err != nil { + return []time.Duration{}, err + } + return val.([]time.Duration), nil +} + +// DurationSliceVar defines a durationSlice flag with specified name, default value, and usage string. +// The argument p points to a []time.Duration variable in which to store the value of the flag. +func (f *FlagSet) DurationSliceVar(p *[]time.Duration, name string, value []time.Duration, usage string) { + f.VarP(newDurationSliceValue(value, p), name, "", usage) +} + +// DurationSliceVarP is like DurationSliceVar, but accepts a shorthand letter that can be used after a single dash. +func (f *FlagSet) DurationSliceVarP(p *[]time.Duration, name, shorthand string, value []time.Duration, usage string) { + f.VarP(newDurationSliceValue(value, p), name, shorthand, usage) +} + +// DurationSliceVar defines a duration[] flag with specified name, default value, and usage string. +// The argument p points to a duration[] variable in which to store the value of the flag. +func DurationSliceVar(p *[]time.Duration, name string, value []time.Duration, usage string) { + CommandLine.VarP(newDurationSliceValue(value, p), name, "", usage) +} + +// DurationSliceVarP is like DurationSliceVar, but accepts a shorthand letter that can be used after a single dash. +func DurationSliceVarP(p *[]time.Duration, name, shorthand string, value []time.Duration, usage string) { + CommandLine.VarP(newDurationSliceValue(value, p), name, shorthand, usage) +} + +// DurationSlice defines a []time.Duration flag with specified name, default value, and usage string. +// The return value is the address of a []time.Duration variable that stores the value of the flag. +func (f *FlagSet) DurationSlice(name string, value []time.Duration, usage string) *[]time.Duration { + p := []time.Duration{} + f.DurationSliceVarP(&p, name, "", value, usage) + return &p +} + +// DurationSliceP is like DurationSlice, but accepts a shorthand letter that can be used after a single dash. +func (f *FlagSet) DurationSliceP(name, shorthand string, value []time.Duration, usage string) *[]time.Duration { + p := []time.Duration{} + f.DurationSliceVarP(&p, name, shorthand, value, usage) + return &p +} + +// DurationSlice defines a []time.Duration flag with specified name, default value, and usage string. +// The return value is the address of a []time.Duration variable that stores the value of the flag. +func DurationSlice(name string, value []time.Duration, usage string) *[]time.Duration { + return CommandLine.DurationSliceP(name, "", value, usage) +} + +// DurationSliceP is like DurationSlice, but accepts a shorthand letter that can be used after a single dash. +func DurationSliceP(name, shorthand string, value []time.Duration, usage string) *[]time.Duration { + return CommandLine.DurationSliceP(name, shorthand, value, usage) +} diff --git a/vendor/github.com/ugorji/go/codec/binc.go b/vendor/github.com/ugorji/go/codec/binc.go index 39fd7d4a0713..4776ed186ab2 100644 --- a/vendor/github.com/ugorji/go/codec/binc.go +++ b/vendor/github.com/ugorji/go/codec/binc.go @@ -55,6 +55,50 @@ const ( // others not currently supported ) +func bincdesc(vd, vs byte) string { + switch vd { + case bincVdSpecial: + switch vs { + case bincSpNil: + return "nil" + case bincSpFalse: + return "false" + case bincSpTrue: + return "true" + case bincSpNan, bincSpPosInf, bincSpNegInf, bincSpZeroFloat: + return "float" + case bincSpZero: + return "uint" + case bincSpNegOne: + return "int" + default: + return "unknown" + } + case bincVdSmallInt, bincVdPosInt: + return "uint" + case bincVdNegInt: + return "int" + case bincVdFloat: + return "float" + case bincVdSymbol: + return "string" + case bincVdString: + return "string" + case bincVdByteArray: + return "bytes" + case bincVdTimestamp: + return "time" + case bincVdCustomExt: + return "ext" + case bincVdArray: + return "array" + case bincVdMap: + return "map" + default: + return "unknown" + } +} + type bincEncDriver struct { e *Encoder h *BincHandle @@ -405,7 +449,7 @@ func (d *bincDecDriver) DecodeTime() (t time.Time) { return } if d.vd != bincVdTimestamp { - d.d.errorf("Invalid d.vd. Expecting 0x%x. Received: 0x%x", bincVdTimestamp, d.vd) + d.d.errorf("cannot decode time - %s %x-%x/%s", msgBadDesc, d.vd, d.vs, bincdesc(d.vd, d.vs)) return } t, err := bincDecodeTime(d.r.readx(int(d.vs))) @@ -422,7 +466,7 @@ func (d *bincDecDriver) decFloatPre(vs, defaultLen byte) { } else { l := d.r.readn1() if l > 8 { - d.d.errorf("At most 8 bytes used to represent float. Received: %v bytes", l) + d.d.errorf("cannot read float - at most 8 bytes used to represent float - received %v bytes", l) return } for i := l; i < 8; i++ { @@ -441,7 +485,7 @@ func (d *bincDecDriver) decFloat() (f float64) { d.decFloatPre(d.vs, 8) f = math.Float64frombits(bigen.Uint64(d.b[0:8])) } else { - d.d.errorf("only float32 and float64 are supported. d.vd: 0x%x, d.vs: 0x%x", d.vd, d.vs) + d.d.errorf("read float - only float32 and float64 are supported - %s %x-%x/%s", msgBadDesc, d.vd, d.vs, bincdesc(d.vd, d.vs)) return } return @@ -498,7 +542,8 @@ func (d *bincDecDriver) decCheckInteger() (ui uint64, neg bool) { neg = true ui = 1 } else { - d.d.errorf("numeric decode fails for special value: d.vs: 0x%x", d.vs) + d.d.errorf("integer decode fails - invalid special value from descriptor %x-%x/%s", + d.vd, d.vs, bincdesc(d.vd, d.vs)) return } } else { @@ -521,7 +566,7 @@ func (d *bincDecDriver) DecodeInt64() (i int64) { func (d *bincDecDriver) DecodeUint64() (ui uint64) { ui, neg := d.decCheckInteger() if neg { - d.d.errorf("Assigning negative signed value to unsigned type") + d.d.errorf("assigning negative signed value to unsigned integer type") return } d.bdRead = false @@ -544,7 +589,8 @@ func (d *bincDecDriver) DecodeFloat64() (f float64) { } else if vs == bincSpNegInf { return math.Inf(-1) } else { - d.d.errorf("Invalid d.vs decoding float where d.vd=bincVdSpecial: %v", d.vs) + d.d.errorf("float - invalid special value from descriptor %x-%x/%s", + d.vd, d.vs, bincdesc(d.vd, d.vs)) return } } else if vd == bincVdFloat { @@ -566,7 +612,7 @@ func (d *bincDecDriver) DecodeBool() (b bool) { } else if bd == (bincVdSpecial | bincSpTrue) { b = true } else { - d.d.errorf("Invalid single-byte value for bool: %s: %x", msgBadDesc, d.bd) + d.d.errorf("bool - %s %x-%x/%s", msgBadDesc, d.vd, d.vs, bincdesc(d.vd, d.vs)) return } d.bdRead = false @@ -578,7 +624,7 @@ func (d *bincDecDriver) ReadMapStart() (length int) { d.readNextBd() } if d.vd != bincVdMap { - d.d.errorf("Invalid d.vd for map. Expecting 0x%x. Got: 0x%x", bincVdMap, d.vd) + d.d.errorf("map - %s %x-%x/%s", msgBadDesc, d.vd, d.vs, bincdesc(d.vd, d.vs)) return } length = d.decLen() @@ -591,7 +637,7 @@ func (d *bincDecDriver) ReadArrayStart() (length int) { d.readNextBd() } if d.vd != bincVdArray { - d.d.errorf("Invalid d.vd for array. Expecting 0x%x. Got: 0x%x", bincVdArray, d.vd) + d.d.errorf("array - %s %x-%x/%s", msgBadDesc, d.vd, d.vs, bincdesc(d.vd, d.vs)) return } length = d.decLen() @@ -704,8 +750,7 @@ func (d *bincDecDriver) decStringAndBytes(bs []byte, withString, zerocopy bool) d.s = append(d.s, bincDecSymbol{i: symbol, s: s, b: bs2}) } default: - d.d.errorf("Invalid d.vd. Expecting string:0x%x, bytearray:0x%x or symbol: 0x%x. Got: 0x%x", - bincVdString, bincVdByteArray, bincVdSymbol, d.vd) + d.d.errorf("string/bytes - %s %x-%x/%s", msgBadDesc, d.vd, d.vs, bincdesc(d.vd, d.vs)) return } d.bdRead = false @@ -742,8 +787,7 @@ func (d *bincDecDriver) DecodeBytes(bs []byte, zerocopy bool) (bsOut []byte) { if d.vd == bincVdString || d.vd == bincVdByteArray { clen = d.decLen() } else { - d.d.errorf("Invalid d.vd for bytes. Expecting string:0x%x or bytearray:0x%x. Got: 0x%x", - bincVdString, bincVdByteArray, d.vd) + d.d.errorf("bytes - %s %x-%x/%s", msgBadDesc, d.vd, d.vs, bincdesc(d.vd, d.vs)) return } d.bdRead = false @@ -759,7 +803,7 @@ func (d *bincDecDriver) DecodeBytes(bs []byte, zerocopy bool) (bsOut []byte) { func (d *bincDecDriver) DecodeExt(rv interface{}, xtag uint64, ext Ext) (realxtag uint64) { if xtag > 0xff { - d.d.errorf("decodeExt: tag must be <= 0xff; got: %v", xtag) + d.d.errorf("ext: tag must be <= 0xff; got: %v", xtag) return } realxtag1, xbs := d.decodeExtV(ext != nil, uint8(xtag)) @@ -782,14 +826,14 @@ func (d *bincDecDriver) decodeExtV(verifyTag bool, tag byte) (xtag byte, xbs []b l := d.decLen() xtag = d.r.readn1() if verifyTag && xtag != tag { - d.d.errorf("Wrong extension tag. Got %b. Expecting: %v", xtag, tag) + d.d.errorf("wrong extension tag - got %b, expecting: %v", xtag, tag) return } xbs = d.r.readx(l) } else if d.vd == bincVdByteArray { xbs = d.DecodeBytes(nil, true) } else { - d.d.errorf("Invalid d.vd for extensions (Expecting extensions or byte array). Got: 0x%x", d.vd) + d.d.errorf("ext - expecting extensions or byte array - %s %x-%x/%s", msgBadDesc, d.vd, d.vs, bincdesc(d.vd, d.vs)) return } d.bdRead = false @@ -834,7 +878,7 @@ func (d *bincDecDriver) DecodeNaked() { n.v = valueTypeInt n.i = int64(-1) // int8(-1) default: - d.d.errorf("decodeNaked: Unrecognized special value 0x%x", d.vs) + d.d.errorf("cannot infer value - unrecognized special value from descriptor %x-%x/%s", d.vd, d.vs, bincdesc(d.vd, d.vs)) } case bincVdSmallInt: n.v = valueTypeUint @@ -876,7 +920,7 @@ func (d *bincDecDriver) DecodeNaked() { n.v = valueTypeMap decodeFurther = true default: - d.d.errorf("decodeNaked: Unrecognized d.vd: 0x%x", d.vd) + d.d.errorf("cannot infer value - %s %x-%x/%s", msgBadDesc, d.vd, d.vs, bincdesc(d.vd, d.vs)) } if !decodeFurther { diff --git a/vendor/github.com/ugorji/go/codec/cbor.go b/vendor/github.com/ugorji/go/codec/cbor.go index be01e19e735a..29e26986ba8b 100644 --- a/vendor/github.com/ugorji/go/codec/cbor.go +++ b/vendor/github.com/ugorji/go/codec/cbor.go @@ -60,6 +60,46 @@ const ( cborBaseSimple = 0xe0 ) +func cbordesc(bd byte) string { + switch bd { + case cborBdNil: + return "nil" + case cborBdFalse: + return "false" + case cborBdTrue: + return "true" + case cborBdFloat16, cborBdFloat32, cborBdFloat64: + return "float" + case cborBdIndefiniteBytes: + return "bytes*" + case cborBdIndefiniteString: + return "string*" + case cborBdIndefiniteArray: + return "array*" + case cborBdIndefiniteMap: + return "map*" + default: + switch { + case bd >= cborBaseUint && bd < cborBaseNegInt: + return "(u)int" + case bd >= cborBaseNegInt && bd < cborBaseBytes: + return "int" + case bd >= cborBaseBytes && bd < cborBaseString: + return "bytes" + case bd >= cborBaseString && bd < cborBaseArray: + return "string" + case bd >= cborBaseArray && bd < cborBaseMap: + return "array" + case bd >= cborBaseMap && bd < cborBaseTag: + return "map" + case bd >= cborBaseTag && bd < cborBaseSimple: + return "ext" + default: + return "unknown" + } + } +} + // ------------------- type cborEncDriver struct { @@ -326,7 +366,7 @@ func (d *cborDecDriver) decUint() (ui uint64) { } else if v == 0x1b { ui = uint64(bigen.Uint64(d.r.readx(8))) } else { - d.d.errorf("decUint: Invalid descriptor: %v", d.bd) + d.d.errorf("invalid descriptor decoding uint: %x/%s", d.bd, cbordesc(d.bd)) return } } @@ -342,7 +382,7 @@ func (d *cborDecDriver) decCheckInteger() (neg bool) { } else if major == cborMajorNegInt { neg = true } else { - d.d.errorf("invalid major: %v (bd: %v)", major, d.bd) + d.d.errorf("not an integer - invalid major %v from descriptor %x/%s", major, d.bd, cbordesc(d.bd)) return } return @@ -363,7 +403,7 @@ func (d *cborDecDriver) DecodeInt64() (i int64) { func (d *cborDecDriver) DecodeUint64() (ui uint64) { if d.decCheckInteger() { - d.d.errorf("Assigning negative signed value to unsigned type") + d.d.errorf("assigning negative signed value to unsigned type") return } ui = d.decUint() @@ -384,7 +424,7 @@ func (d *cborDecDriver) DecodeFloat64() (f float64) { } else if bd >= cborBaseUint && bd < cborBaseBytes { f = float64(d.DecodeInt64()) } else { - d.d.errorf("Float only valid from float16/32/64: Invalid descriptor: %v", bd) + d.d.errorf("float only valid from float16/32/64 - invalid descriptor %x/%s", bd, cbordesc(bd)) return } d.bdRead = false @@ -400,7 +440,7 @@ func (d *cborDecDriver) DecodeBool() (b bool) { b = true } else if bd == cborBdFalse { } else { - d.d.errorf("Invalid single-byte value for bool: %s: %x", msgBadDesc, d.bd) + d.d.errorf("not bool - %s %x/%s", msgBadDesc, d.bd, cbordesc(d.bd)) return } d.bdRead = false @@ -441,7 +481,7 @@ func (d *cborDecDriver) decAppendIndefiniteBytes(bs []byte) []byte { } if major := d.bd >> 5; major != cborMajorBytes && major != cborMajorText { d.d.errorf("expect bytes/string major type in indefinite string/bytes;"+ - " got: %v, byte: %v", major, d.bd) + " got major %v from descriptor %x/%x", major, d.bd, cbordesc(d.bd)) return nil } n := d.decLen() diff --git a/vendor/github.com/ugorji/go/codec/decode.go b/vendor/github.com/ugorji/go/codec/decode.go index 148c609c1b7a..3332aa1bbff2 100644 --- a/vendor/github.com/ugorji/go/codec/decode.go +++ b/vendor/github.com/ugorji/go/codec/decode.go @@ -16,7 +16,7 @@ import ( // Some tagging information for error messages. const ( - msgBadDesc = "Unrecognized descriptor byte" + msgBadDesc = "unrecognized descriptor byte" msgDecCannotExpandArr = "cannot expand go array from %v to stream length: %v" ) diff --git a/vendor/github.com/ugorji/go/codec/encode.go b/vendor/github.com/ugorji/go/codec/encode.go index 48053d24cdea..89ad4ed87971 100644 --- a/vendor/github.com/ugorji/go/codec/encode.go +++ b/vendor/github.com/ugorji/go/codec/encode.go @@ -219,7 +219,9 @@ func (z *ioEncWriter) writen2(b1, b2 byte) { func (z *ioEncWriter) atEndOfEncode() { if z.fw != nil { - z.fw.Flush() + if err := z.fw.Flush(); err != nil { + panic(err) + } } } diff --git a/vendor/github.com/ugorji/go/codec/helper.go b/vendor/github.com/ugorji/go/codec/helper.go index e6994a91786a..0567b91d8472 100644 --- a/vendor/github.com/ugorji/go/codec/helper.go +++ b/vendor/github.com/ugorji/go/codec/helper.go @@ -391,6 +391,10 @@ var immutableKindsSet = [32]bool{ // Any type which implements Selfer will be able to encode or decode itself. // Consequently, during (en|de)code, this takes precedence over // (text|binary)(M|Unm)arshal or extension support. +// +// Note: *the first set of bytes of any value MUST NOT represent nil in the format*. +// This is because, during each decode, we first check the the next set of bytes +// represent nil, and if so, we just set the value to nil. type Selfer interface { CodecEncodeSelf(*Encoder) CodecDecodeSelf(*Decoder) diff --git a/vendor/github.com/ugorji/go/codec/helper_unsafe.go b/vendor/github.com/ugorji/go/codec/helper_unsafe.go index 21aa4db75266..320f41f39a7b 100644 --- a/vendor/github.com/ugorji/go/codec/helper_unsafe.go +++ b/vendor/github.com/ugorji/go/codec/helper_unsafe.go @@ -186,14 +186,12 @@ func (x *atomicTypeInfoSlice) load() []rtid2ti { return nil } return *(*[]rtid2ti)(unsafe.Pointer(&unsafeSlice{Data: atomic.LoadPointer(&x.v), Len: l, Cap: l})) - // return (*[]rtid2ti)(atomic.LoadPointer(&x.v)) } func (x *atomicTypeInfoSlice) store(p []rtid2ti) { s := (*unsafeSlice)(unsafe.Pointer(&p)) atomic.StorePointer(&x.v, s.Data) atomic.StoreInt64(&x.l, int64(s.Len)) - // atomic.StorePointer(&x.v, unsafe.Pointer(p)) } // -------------------------- diff --git a/vendor/github.com/ugorji/go/codec/json.go b/vendor/github.com/ugorji/go/codec/json.go index ec7b0d65683c..92bbdbd089fb 100644 --- a/vendor/github.com/ugorji/go/codec/json.go +++ b/vendor/github.com/ugorji/go/codec/json.go @@ -606,7 +606,7 @@ func (d *jsonDecDriver) ReadMapStart() int { } const xc uint8 = '{' if d.tok != xc { - d.d.errorf("expect char '%c' but got char '%c'", xc, d.tok) + d.d.errorf("read map - expect char '%c' but got char '%c'", xc, d.tok) } d.tok = 0 d.c = containerMapStart @@ -619,7 +619,7 @@ func (d *jsonDecDriver) ReadArrayStart() int { } const xc uint8 = '[' if d.tok != xc { - d.d.errorf("expect char '%c' but got char '%c'", xc, d.tok) + d.d.errorf("read array - expect char '%c' but got char '%c'", xc, d.tok) } d.tok = 0 d.c = containerArrayStart @@ -649,7 +649,7 @@ func (d *jsonDecDriver) ReadArrayElem() { } if d.c != containerArrayStart { if d.tok != xc { - d.d.errorf("expect char '%c' but got char '%c'", xc, d.tok) + d.d.errorf("read array element - expect char '%c' but got char '%c'", xc, d.tok) } d.tok = 0 } @@ -662,7 +662,7 @@ func (d *jsonDecDriver) ReadArrayEnd() { d.tok = d.r.skip(&jsonCharWhitespaceSet) } if d.tok != xc { - d.d.errorf("expect char '%c' but got char '%c'", xc, d.tok) + d.d.errorf("read array end - expect char '%c' but got char '%c'", xc, d.tok) } d.tok = 0 d.c = containerArrayEnd @@ -675,7 +675,7 @@ func (d *jsonDecDriver) ReadMapElemKey() { } if d.c != containerMapStart { if d.tok != xc { - d.d.errorf("expect char '%c' but got char '%c'", xc, d.tok) + d.d.errorf("read map key - expect char '%c' but got char '%c'", xc, d.tok) } d.tok = 0 } @@ -688,7 +688,7 @@ func (d *jsonDecDriver) ReadMapElemValue() { d.tok = d.r.skip(&jsonCharWhitespaceSet) } if d.tok != xc { - d.d.errorf("expect char '%c' but got char '%c'", xc, d.tok) + d.d.errorf("read map value - expect char '%c' but got char '%c'", xc, d.tok) } d.tok = 0 d.c = containerMapValue @@ -700,7 +700,7 @@ func (d *jsonDecDriver) ReadMapEnd() { d.tok = d.r.skip(&jsonCharWhitespaceSet) } if d.tok != xc { - d.d.errorf("expect char '%c' but got char '%c'", xc, d.tok) + d.d.errorf("read map end - expect char '%c' but got char '%c'", xc, d.tok) } d.tok = 0 d.c = containerMapEnd diff --git a/vendor/github.com/ugorji/go/codec/msgpack.go b/vendor/github.com/ugorji/go/codec/msgpack.go index 31265cc683d6..164605766b13 100644 --- a/vendor/github.com/ugorji/go/codec/msgpack.go +++ b/vendor/github.com/ugorji/go/codec/msgpack.go @@ -82,6 +82,86 @@ const ( var mpTimeExtTag int8 = -1 var mpTimeExtTagU = uint8(mpTimeExtTag) +// var mpdesc = map[byte]string{ +// mpPosFixNumMin: "PosFixNumMin", +// mpPosFixNumMax: "PosFixNumMax", +// mpFixMapMin: "FixMapMin", +// mpFixMapMax: "FixMapMax", +// mpFixArrayMin: "FixArrayMin", +// mpFixArrayMax: "FixArrayMax", +// mpFixStrMin: "FixStrMin", +// mpFixStrMax: "FixStrMax", +// mpNil: "Nil", +// mpFalse: "False", +// mpTrue: "True", +// mpFloat: "Float", +// mpDouble: "Double", +// mpUint8: "Uint8", +// mpUint16: "Uint16", +// mpUint32: "Uint32", +// mpUint64: "Uint64", +// mpInt8: "Int8", +// mpInt16: "Int16", +// mpInt32: "Int32", +// mpInt64: "Int64", +// mpBin8: "Bin8", +// mpBin16: "Bin16", +// mpBin32: "Bin32", +// mpExt8: "Ext8", +// mpExt16: "Ext16", +// mpExt32: "Ext32", +// mpFixExt1: "FixExt1", +// mpFixExt2: "FixExt2", +// mpFixExt4: "FixExt4", +// mpFixExt8: "FixExt8", +// mpFixExt16: "FixExt16", +// mpStr8: "Str8", +// mpStr16: "Str16", +// mpStr32: "Str32", +// mpArray16: "Array16", +// mpArray32: "Array32", +// mpMap16: "Map16", +// mpMap32: "Map32", +// mpNegFixNumMin: "NegFixNumMin", +// mpNegFixNumMax: "NegFixNumMax", +// } + +func mpdesc(bd byte) string { + switch bd { + case mpNil: + return "nil" + case mpFalse: + return "false" + case mpTrue: + return "true" + case mpFloat, mpDouble: + return "float" + case mpUint8, mpUint16, mpUint32, mpUint64: + return "uint" + case mpInt8, mpInt16, mpInt32, mpInt64: + return "int" + default: + switch { + case bd >= mpPosFixNumMin && bd <= mpPosFixNumMax: + return "int" + case bd >= mpNegFixNumMin && bd <= mpNegFixNumMax: + return "int" + case bd == mpStr8, bd == mpStr16, bd == mpStr32, bd >= mpFixStrMin && bd <= mpFixStrMax: + return "string|bytes" + case bd == mpBin8, bd == mpBin16, bd == mpBin32: + return "bytes" + case bd == mpArray16, bd == mpArray32, bd >= mpFixArrayMin && bd <= mpFixArrayMax: + return "array" + case bd == mpMap16, bd == mpMap32, bd >= mpFixMapMin && bd <= mpFixMapMax: + return "map" + case bd >= mpFixExt1 && bd <= mpFixExt16, bd >= mpExt8 && bd <= mpExt32: + return "ext" + default: + return "unknown" + } + } +} + // MsgpackSpecRpcMultiArgs is a special type which signifies to the MsgpackSpecRpcCodec // that the backend RPC service takes multiple arguments, which have been arranged // in sequence in the slice. @@ -442,7 +522,7 @@ func (d *msgpackDecDriver) DecodeNaked() { n.l = d.r.readx(clen) } default: - d.d.errorf("Nil-Deciphered DecodeValue: %s: hex: %x, dec: %d", msgBadDesc, bd, bd) + d.d.errorf("cannot infer value: %s: Ox%x/%d/%s", msgBadDesc, bd, bd, mpdesc(bd)) } } if !decodeFurther { @@ -484,7 +564,7 @@ func (d *msgpackDecDriver) DecodeInt64() (i int64) { case d.bd >= mpNegFixNumMin && d.bd <= mpNegFixNumMax: i = int64(int8(d.bd)) default: - d.d.errorf("Unhandled single-byte unsigned integer value: %s: %x", msgBadDesc, d.bd) + d.d.errorf("cannot decode signed integer: %s: %x/%s", msgBadDesc, d.bd, mpdesc(d.bd)) return } } @@ -510,28 +590,28 @@ func (d *msgpackDecDriver) DecodeUint64() (ui uint64) { if i := int64(int8(d.r.readn1())); i >= 0 { ui = uint64(i) } else { - d.d.errorf("Assigning negative signed value: %v, to unsigned type", i) + d.d.errorf("assigning negative signed value: %v, to unsigned type", i) return } case mpInt16: if i := int64(int16(bigen.Uint16(d.r.readx(2)))); i >= 0 { ui = uint64(i) } else { - d.d.errorf("Assigning negative signed value: %v, to unsigned type", i) + d.d.errorf("assigning negative signed value: %v, to unsigned type", i) return } case mpInt32: if i := int64(int32(bigen.Uint32(d.r.readx(4)))); i >= 0 { ui = uint64(i) } else { - d.d.errorf("Assigning negative signed value: %v, to unsigned type", i) + d.d.errorf("assigning negative signed value: %v, to unsigned type", i) return } case mpInt64: if i := int64(bigen.Uint64(d.r.readx(8))); i >= 0 { ui = uint64(i) } else { - d.d.errorf("Assigning negative signed value: %v, to unsigned type", i) + d.d.errorf("assigning negative signed value: %v, to unsigned type", i) return } default: @@ -539,10 +619,10 @@ func (d *msgpackDecDriver) DecodeUint64() (ui uint64) { case d.bd >= mpPosFixNumMin && d.bd <= mpPosFixNumMax: ui = uint64(d.bd) case d.bd >= mpNegFixNumMin && d.bd <= mpNegFixNumMax: - d.d.errorf("Assigning negative signed value: %v, to unsigned type", int(d.bd)) + d.d.errorf("assigning negative signed value: %v, to unsigned type", int(d.bd)) return default: - d.d.errorf("Unhandled single-byte unsigned integer value: %s: %x", msgBadDesc, d.bd) + d.d.errorf("cannot decode unsigned integer: %s: %x/%s", msgBadDesc, d.bd, mpdesc(d.bd)) return } } @@ -576,7 +656,7 @@ func (d *msgpackDecDriver) DecodeBool() (b bool) { } else if d.bd == mpTrue || d.bd == 1 { b = true } else { - d.d.errorf("Invalid single-byte value for bool: %s: %x", msgBadDesc, d.bd) + d.d.errorf("cannot decode bool: %s: %x/%s", msgBadDesc, d.bd, mpdesc(d.bd)) return } d.bdRead = false @@ -699,7 +779,7 @@ func (d *msgpackDecDriver) readContainerLen(ct msgpackContainerType) (clen int) } else if (ct.bFixMin & bd) == ct.bFixMin { clen = int(ct.bFixMin ^ bd) } else { - d.d.errorf("readContainerLen: %s: hex: %x, decimal: %d", msgBadDesc, bd, bd) + d.d.errorf("cannot read container length: %s: hex: %x, decimal: %d", msgBadDesc, bd, bd) return } d.bdRead = false @@ -800,7 +880,7 @@ func (d *msgpackDecDriver) decodeTime(clen int) (t time.Time) { func (d *msgpackDecDriver) DecodeExt(rv interface{}, xtag uint64, ext Ext) (realxtag uint64) { if xtag > 0xff { - d.d.errorf("decodeExt: tag must be <= 0xff; got: %v", xtag) + d.d.errorf("ext: tag must be <= 0xff; got: %v", xtag) return } realxtag1, xbs := d.decodeExtV(ext != nil, uint8(xtag)) @@ -829,7 +909,7 @@ func (d *msgpackDecDriver) decodeExtV(verifyTag bool, tag byte) (xtag byte, xbs clen := d.readExtLen() xtag = d.r.readn1() if verifyTag && xtag != tag { - d.d.errorf("Wrong extension tag. Got %b. Expecting: %v", xtag, tag) + d.d.errorf("wrong extension tag - got %b, expecting %v", xtag, tag) return } xbs = d.r.readx(clen) @@ -970,13 +1050,13 @@ func (c *msgpackSpecRpcCodec) parseCustomHeader(expectTypeByte byte, msgid *uint var b = ba[0] if b != fia { - err = fmt.Errorf("Unexpected value for array descriptor: Expecting %v. Received %v", fia, b) + err = fmt.Errorf("not array - %s %x/%s", msgBadDesc, b, mpdesc(b)) } else { err = c.read(&b) if err == nil { if b != expectTypeByte { - err = fmt.Errorf("Unexpected byte descriptor. Expecting %v; Received %v", - expectTypeByte, b) + err = fmt.Errorf("%s - expecting %v but got %x/%s", + msgBadDesc, expectTypeByte, b, mpdesc(b)) } else { err = c.read(msgid) if err == nil { diff --git a/vendor/github.com/ugorji/go/codec/simple.go b/vendor/github.com/ugorji/go/codec/simple.go index a839d810e985..f50564d725c4 100644 --- a/vendor/github.com/ugorji/go/codec/simple.go +++ b/vendor/github.com/ugorji/go/codec/simple.go @@ -290,7 +290,7 @@ func (d *simpleDecDriver) decCheckInteger() (ui uint64, neg bool) { ui = uint64(bigen.Uint64(d.r.readx(8))) neg = true default: - d.d.errorf("Integer only valid from pos/neg integer1..8. Invalid descriptor: %v", d.bd) + d.d.errorf("integer only valid from pos/neg integer1..8. Invalid descriptor: %v", d.bd) return } // don't do this check, because callers may only want the unsigned value. @@ -314,7 +314,7 @@ func (d *simpleDecDriver) DecodeInt64() (i int64) { func (d *simpleDecDriver) DecodeUint64() (ui uint64) { ui, neg := d.decCheckInteger() if neg { - d.d.errorf("Assigning negative signed value to unsigned type") + d.d.errorf("assigning negative signed value to unsigned type") return } d.bdRead = false @@ -333,7 +333,7 @@ func (d *simpleDecDriver) DecodeFloat64() (f float64) { if d.bd >= simpleVdPosInt && d.bd <= simpleVdNegInt+3 { f = float64(d.DecodeInt64()) } else { - d.d.errorf("Float only valid from float32/64: Invalid descriptor: %v", d.bd) + d.d.errorf("float only valid from float32/64: Invalid descriptor: %v", d.bd) return } } @@ -350,7 +350,7 @@ func (d *simpleDecDriver) DecodeBool() (b bool) { b = true } else if d.bd == simpleVdFalse { } else { - d.d.errorf("Invalid single-byte value for bool: %s: %x", msgBadDesc, d.bd) + d.d.errorf("cannot decode bool - %s: %x", msgBadDesc, d.bd) return } d.bdRead = false @@ -418,7 +418,7 @@ func (d *simpleDecDriver) decLen() int { } return int(ui) } - d.d.errorf("decLen: Cannot read length: bd%%8 must be in range 0..4. Got: %d", d.bd%8) + d.d.errorf("cannot read length: bd%%8 must be in range 0..4. Got: %d", d.bd%8) return -1 } @@ -482,7 +482,7 @@ func (d *simpleDecDriver) DecodeTime() (t time.Time) { func (d *simpleDecDriver) DecodeExt(rv interface{}, xtag uint64, ext Ext) (realxtag uint64) { if xtag > 0xff { - d.d.errorf("decodeExt: tag must be <= 0xff; got: %v", xtag) + d.d.errorf("ext: tag must be <= 0xff; got: %v", xtag) return } realxtag1, xbs := d.decodeExtV(ext != nil, uint8(xtag)) @@ -506,7 +506,7 @@ func (d *simpleDecDriver) decodeExtV(verifyTag bool, tag byte) (xtag byte, xbs [ l := d.decLen() xtag = d.r.readn1() if verifyTag && xtag != tag { - d.d.errorf("Wrong extension tag. Got %b. Expecting: %v", xtag, tag) + d.d.errorf("wrong extension tag. Got %b. Expecting: %v", xtag, tag) return } xbs = d.r.readx(l) @@ -514,7 +514,7 @@ func (d *simpleDecDriver) decodeExtV(verifyTag bool, tag byte) (xtag byte, xbs [ simpleVdByteArray + 2, simpleVdByteArray + 3, simpleVdByteArray + 4: xbs = d.DecodeBytes(nil, true) default: - d.d.errorf("Invalid descriptor - expecting extensions/bytearray, got: 0x%x", d.bd) + d.d.errorf("ext - %s - expecting extensions/bytearray, got: 0x%x", msgBadDesc, d.bd) return } d.bdRead = false @@ -579,7 +579,7 @@ func (d *simpleDecDriver) DecodeNaked() { n.v = valueTypeMap decodeFurther = true default: - d.d.errorf("decodeNaked: Unrecognized d.bd: 0x%x", d.bd) + d.d.errorf("cannot infer value - %s 0x%x", msgBadDesc, d.bd) } if !decodeFurther { diff --git a/vendor/golang.org/x/crypto/ssh/certs.go b/vendor/golang.org/x/crypto/ssh/certs.go index cfc8ead1bcae..42106f3f2cb1 100644 --- a/vendor/golang.org/x/crypto/ssh/certs.go +++ b/vendor/golang.org/x/crypto/ssh/certs.go @@ -44,7 +44,9 @@ type Signature struct { const CertTimeInfinity = 1<<64 - 1 // An Certificate represents an OpenSSH certificate as defined in -// [PROTOCOL.certkeys]?rev=1.8. +// [PROTOCOL.certkeys]?rev=1.8. The Certificate type implements the +// PublicKey interface, so it can be unmarshaled using +// ParsePublicKey. type Certificate struct { Nonce []byte Key PublicKey diff --git a/vendor/golang.org/x/crypto/ssh/client_auth.go b/vendor/golang.org/x/crypto/ssh/client_auth.go index a1252cb9be12..5f44b77403e8 100644 --- a/vendor/golang.org/x/crypto/ssh/client_auth.go +++ b/vendor/golang.org/x/crypto/ssh/client_auth.go @@ -11,6 +11,14 @@ import ( "io" ) +type authResult int + +const ( + authFailure authResult = iota + authPartialSuccess + authSuccess +) + // clientAuthenticate authenticates with the remote server. See RFC 4252. func (c *connection) clientAuthenticate(config *ClientConfig) error { // initiate user auth session @@ -37,11 +45,12 @@ func (c *connection) clientAuthenticate(config *ClientConfig) error { if err != nil { return err } - if ok { + if ok == authSuccess { // success return nil + } else if ok == authFailure { + tried[auth.method()] = true } - tried[auth.method()] = true if methods == nil { methods = lastMethods } @@ -82,7 +91,7 @@ type AuthMethod interface { // If authentication is not successful, a []string of alternative // method names is returned. If the slice is nil, it will be ignored // and the previous set of possible methods will be reused. - auth(session []byte, user string, p packetConn, rand io.Reader) (bool, []string, error) + auth(session []byte, user string, p packetConn, rand io.Reader) (authResult, []string, error) // method returns the RFC 4252 method name. method() string @@ -91,13 +100,13 @@ type AuthMethod interface { // "none" authentication, RFC 4252 section 5.2. type noneAuth int -func (n *noneAuth) auth(session []byte, user string, c packetConn, rand io.Reader) (bool, []string, error) { +func (n *noneAuth) auth(session []byte, user string, c packetConn, rand io.Reader) (authResult, []string, error) { if err := c.writePacket(Marshal(&userAuthRequestMsg{ User: user, Service: serviceSSH, Method: "none", })); err != nil { - return false, nil, err + return authFailure, nil, err } return handleAuthResponse(c) @@ -111,7 +120,7 @@ func (n *noneAuth) method() string { // a function call, e.g. by prompting the user. type passwordCallback func() (password string, err error) -func (cb passwordCallback) auth(session []byte, user string, c packetConn, rand io.Reader) (bool, []string, error) { +func (cb passwordCallback) auth(session []byte, user string, c packetConn, rand io.Reader) (authResult, []string, error) { type passwordAuthMsg struct { User string `sshtype:"50"` Service string @@ -125,7 +134,7 @@ func (cb passwordCallback) auth(session []byte, user string, c packetConn, rand // The program may only find out that the user doesn't have a password // when prompting. if err != nil { - return false, nil, err + return authFailure, nil, err } if err := c.writePacket(Marshal(&passwordAuthMsg{ @@ -135,7 +144,7 @@ func (cb passwordCallback) auth(session []byte, user string, c packetConn, rand Reply: false, Password: pw, })); err != nil { - return false, nil, err + return authFailure, nil, err } return handleAuthResponse(c) @@ -178,7 +187,7 @@ func (cb publicKeyCallback) method() string { return "publickey" } -func (cb publicKeyCallback) auth(session []byte, user string, c packetConn, rand io.Reader) (bool, []string, error) { +func (cb publicKeyCallback) auth(session []byte, user string, c packetConn, rand io.Reader) (authResult, []string, error) { // Authentication is performed by sending an enquiry to test if a key is // acceptable to the remote. If the key is acceptable, the client will // attempt to authenticate with the valid key. If not the client will repeat @@ -186,13 +195,13 @@ func (cb publicKeyCallback) auth(session []byte, user string, c packetConn, rand signers, err := cb() if err != nil { - return false, nil, err + return authFailure, nil, err } var methods []string for _, signer := range signers { ok, err := validateKey(signer.PublicKey(), user, c) if err != nil { - return false, nil, err + return authFailure, nil, err } if !ok { continue @@ -206,7 +215,7 @@ func (cb publicKeyCallback) auth(session []byte, user string, c packetConn, rand Method: cb.method(), }, []byte(pub.Type()), pubKey)) if err != nil { - return false, nil, err + return authFailure, nil, err } // manually wrap the serialized signature in a string @@ -224,24 +233,24 @@ func (cb publicKeyCallback) auth(session []byte, user string, c packetConn, rand } p := Marshal(&msg) if err := c.writePacket(p); err != nil { - return false, nil, err + return authFailure, nil, err } - var success bool + var success authResult success, methods, err = handleAuthResponse(c) if err != nil { - return false, nil, err + return authFailure, nil, err } // If authentication succeeds or the list of available methods does not // contain the "publickey" method, do not attempt to authenticate with any // other keys. According to RFC 4252 Section 7, the latter can occur when // additional authentication methods are required. - if success || !containsMethod(methods, cb.method()) { + if success == authSuccess || !containsMethod(methods, cb.method()) { return success, methods, err } } - return false, methods, nil + return authFailure, methods, nil } func containsMethod(methods []string, method string) bool { @@ -318,28 +327,31 @@ func PublicKeysCallback(getSigners func() (signers []Signer, err error)) AuthMet // handleAuthResponse returns whether the preceding authentication request succeeded // along with a list of remaining authentication methods to try next and // an error if an unexpected response was received. -func handleAuthResponse(c packetConn) (bool, []string, error) { +func handleAuthResponse(c packetConn) (authResult, []string, error) { for { packet, err := c.readPacket() if err != nil { - return false, nil, err + return authFailure, nil, err } switch packet[0] { case msgUserAuthBanner: if err := handleBannerResponse(c, packet); err != nil { - return false, nil, err + return authFailure, nil, err } case msgUserAuthFailure: var msg userAuthFailureMsg if err := Unmarshal(packet, &msg); err != nil { - return false, nil, err + return authFailure, nil, err } - return false, msg.Methods, nil + if msg.PartialSuccess { + return authPartialSuccess, msg.Methods, nil + } + return authFailure, msg.Methods, nil case msgUserAuthSuccess: - return true, nil, nil + return authSuccess, nil, nil default: - return false, nil, unexpectedMessageError(msgUserAuthSuccess, packet[0]) + return authFailure, nil, unexpectedMessageError(msgUserAuthSuccess, packet[0]) } } } @@ -381,7 +393,7 @@ func (cb KeyboardInteractiveChallenge) method() string { return "keyboard-interactive" } -func (cb KeyboardInteractiveChallenge) auth(session []byte, user string, c packetConn, rand io.Reader) (bool, []string, error) { +func (cb KeyboardInteractiveChallenge) auth(session []byte, user string, c packetConn, rand io.Reader) (authResult, []string, error) { type initiateMsg struct { User string `sshtype:"50"` Service string @@ -395,20 +407,20 @@ func (cb KeyboardInteractiveChallenge) auth(session []byte, user string, c packe Service: serviceSSH, Method: "keyboard-interactive", })); err != nil { - return false, nil, err + return authFailure, nil, err } for { packet, err := c.readPacket() if err != nil { - return false, nil, err + return authFailure, nil, err } // like handleAuthResponse, but with less options. switch packet[0] { case msgUserAuthBanner: if err := handleBannerResponse(c, packet); err != nil { - return false, nil, err + return authFailure, nil, err } continue case msgUserAuthInfoRequest: @@ -416,18 +428,21 @@ func (cb KeyboardInteractiveChallenge) auth(session []byte, user string, c packe case msgUserAuthFailure: var msg userAuthFailureMsg if err := Unmarshal(packet, &msg); err != nil { - return false, nil, err + return authFailure, nil, err + } + if msg.PartialSuccess { + return authPartialSuccess, msg.Methods, nil } - return false, msg.Methods, nil + return authFailure, msg.Methods, nil case msgUserAuthSuccess: - return true, nil, nil + return authSuccess, nil, nil default: - return false, nil, unexpectedMessageError(msgUserAuthInfoRequest, packet[0]) + return authFailure, nil, unexpectedMessageError(msgUserAuthInfoRequest, packet[0]) } var msg userAuthInfoRequestMsg if err := Unmarshal(packet, &msg); err != nil { - return false, nil, err + return authFailure, nil, err } // Manually unpack the prompt/echo pairs. @@ -437,7 +452,7 @@ func (cb KeyboardInteractiveChallenge) auth(session []byte, user string, c packe for i := 0; i < int(msg.NumPrompts); i++ { prompt, r, ok := parseString(rest) if !ok || len(r) == 0 { - return false, nil, errors.New("ssh: prompt format error") + return authFailure, nil, errors.New("ssh: prompt format error") } prompts = append(prompts, string(prompt)) echos = append(echos, r[0] != 0) @@ -445,16 +460,16 @@ func (cb KeyboardInteractiveChallenge) auth(session []byte, user string, c packe } if len(rest) != 0 { - return false, nil, errors.New("ssh: extra data following keyboard-interactive pairs") + return authFailure, nil, errors.New("ssh: extra data following keyboard-interactive pairs") } answers, err := cb(msg.User, msg.Instruction, prompts, echos) if err != nil { - return false, nil, err + return authFailure, nil, err } if len(answers) != len(prompts) { - return false, nil, errors.New("ssh: not enough answers from keyboard-interactive callback") + return authFailure, nil, errors.New("ssh: not enough answers from keyboard-interactive callback") } responseLength := 1 + 4 for _, a := range answers { @@ -470,7 +485,7 @@ func (cb KeyboardInteractiveChallenge) auth(session []byte, user string, c packe } if err := c.writePacket(serialized); err != nil { - return false, nil, err + return authFailure, nil, err } } } @@ -480,10 +495,10 @@ type retryableAuthMethod struct { maxTries int } -func (r *retryableAuthMethod) auth(session []byte, user string, c packetConn, rand io.Reader) (ok bool, methods []string, err error) { +func (r *retryableAuthMethod) auth(session []byte, user string, c packetConn, rand io.Reader) (ok authResult, methods []string, err error) { for i := 0; r.maxTries <= 0 || i < r.maxTries; i++ { ok, methods, err = r.authMethod.auth(session, user, c, rand) - if ok || err != nil { // either success or error terminate + if ok != authFailure || err != nil { // either success, partial success or error terminate return ok, methods, err } } diff --git a/vendor/golang.org/x/oauth2/internal/token.go b/vendor/golang.org/x/oauth2/internal/token.go index e7d078fa2bbe..7d61117af503 100644 --- a/vendor/golang.org/x/oauth2/internal/token.go +++ b/vendor/golang.org/x/oauth2/internal/token.go @@ -124,6 +124,8 @@ var brokenAuthHeaderProviders = []string{ "https://api.patreon.com/", "https://sandbox.codeswholesale.com/oauth/token", "https://api.sipgate.com/v1/authorization/oauth", + "https://api.medium.com/v1/tokens", + "https://log.finalsurge.com/oauth/token", } // brokenAuthHeaderDomains lists broken providers that issue dynamic endpoints. diff --git a/vendor/golang.org/x/sys/unix/affinity_linux.go b/vendor/golang.org/x/sys/unix/affinity_linux.go index d81fbb5b4e41..72afe3338cfd 100644 --- a/vendor/golang.org/x/sys/unix/affinity_linux.go +++ b/vendor/golang.org/x/sys/unix/affinity_linux.go @@ -16,7 +16,7 @@ const cpuSetSize = _CPU_SETSIZE / _NCPUBITS type CPUSet [cpuSetSize]cpuMask func schedAffinity(trap uintptr, pid int, set *CPUSet) error { - _, _, e := RawSyscall(trap, uintptr(pid), uintptr(unsafe.Sizeof(set)), uintptr(unsafe.Pointer(set))) + _, _, e := RawSyscall(trap, uintptr(pid), uintptr(unsafe.Sizeof(*set)), uintptr(unsafe.Pointer(set))) if e != 0 { return errnoErr(e) } diff --git a/vendor/golang.org/x/sys/unix/mksyscall.pl b/vendor/golang.org/x/sys/unix/mksyscall.pl index 73e26cafa857..1f6b926f8c64 100755 --- a/vendor/golang.org/x/sys/unix/mksyscall.pl +++ b/vendor/golang.org/x/sys/unix/mksyscall.pl @@ -210,13 +210,13 @@ ($) # Determine which form to use; pad args with zeros. my $asm = "Syscall"; if ($nonblock) { - if ($errvar ne "") { - $asm = "RawSyscall"; - } else { + if ($errvar eq "" && $ENV{'GOOS'} eq "linux") { $asm = "RawSyscallNoError"; + } else { + $asm = "RawSyscall"; } } else { - if ($errvar eq "") { + if ($errvar eq "" && $ENV{'GOOS'} eq "linux") { $asm = "SyscallNoError"; } } @@ -292,10 +292,11 @@ ($) if ($ret[0] eq "_" && $ret[1] eq "_" && $ret[2] eq "_") { $text .= "\t$call\n"; } else { - if ($errvar ne "") { - $text .= "\t$ret[0], $ret[1], $ret[2] := $call\n"; - } else { + if ($errvar eq "" && $ENV{'GOOS'} eq "linux") { + # raw syscall without error on Linux, see golang.org/issue/22924 $text .= "\t$ret[0], $ret[1] := $call\n"; + } else { + $text .= "\t$ret[0], $ret[1], $ret[2] := $call\n"; } } $text .= $body; diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go index b48f77f92076..76cf81f57967 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux.go @@ -16,13 +16,6 @@ import ( "unsafe" ) -// SyscallNoError may be used instead of Syscall for syscalls that don't fail. -func SyscallNoError(trap, a1, a2, a3 uintptr) (r1, r2 uintptr) - -// RawSyscallNoError may be used instead of RawSyscall for syscalls that don't -// fail. -func RawSyscallNoError(trap, a1, a2, a3 uintptr) (r1, r2 uintptr) - /* * Wrapped */ diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_gc.go b/vendor/golang.org/x/sys/unix/syscall_linux_gc.go new file mode 100644 index 000000000000..c26e6ec2314a --- /dev/null +++ b/vendor/golang.org/x/sys/unix/syscall_linux_gc.go @@ -0,0 +1,14 @@ +// Copyright 2018 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build linux,!gccgo + +package unix + +// SyscallNoError may be used instead of Syscall for syscalls that don't fail. +func SyscallNoError(trap, a1, a2, a3 uintptr) (r1, r2 uintptr) + +// RawSyscallNoError may be used instead of RawSyscall for syscalls that don't +// fail. +func RawSyscallNoError(trap, a1, a2, a3 uintptr) (r1, r2 uintptr) diff --git a/vendor/google.golang.org/api/compute/v1/compute-api.json b/vendor/google.golang.org/api/compute/v1/compute-api.json index d5409179aa5b..c76b00c1d567 100644 --- a/vendor/google.golang.org/api/compute/v1/compute-api.json +++ b/vendor/google.golang.org/api/compute/v1/compute-api.json @@ -1,29143 +1,29403 @@ { - "kind": "discovery#restDescription", - "etag": "\"-iA1DTNe4s-I6JZXPt1t1Ypy8IU/yYKGGymxCOlXess_DWUNkE4vOp4\"", - "discoveryVersion": "v1", - "id": "compute:v1", - "name": "compute", - "version": "v1", - "revision": "20171228", - "title": "Compute Engine API", - "description": "Creates and runs virtual machines on Google Cloud Platform.", - "ownerDomain": "google.com", - "ownerName": "Google", - "icons": { - "x16": "https://www.google.com/images/icons/product/compute_engine-16.png", - "x32": "https://www.google.com/images/icons/product/compute_engine-32.png" - }, - "documentationLink": "https://developers.google.com/compute/docs/reference/latest/", - "protocol": "rest", - "baseUrl": "https://www.googleapis.com/compute/v1/projects/", - "basePath": "/compute/v1/projects/", - "rootUrl": "https://www.googleapis.com/", - "servicePath": "compute/v1/projects/", - "batchPath": "batch/compute/v1", - "parameters": { - "alt": { - "type": "string", - "description": "Data format for the response.", - "default": "json", - "enum": [ - "json" - ], - "enumDescriptions": [ - "Responses with Content-Type of application/json" - ], - "location": "query" - }, - "fields": { - "type": "string", - "description": "Selector specifying which fields to include in a partial response.", - "location": "query" - }, - "key": { - "type": "string", - "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.", - "location": "query" - }, - "oauth_token": { - "type": "string", - "description": "OAuth 2.0 token for the current user.", - "location": "query" - }, - "prettyPrint": { - "type": "boolean", - "description": "Returns response with indentations and line breaks.", - "default": "true", - "location": "query" - }, - "quotaUser": { - "type": "string", - "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. Overrides userIp if both are provided.", - "location": "query" - }, - "userIp": { - "type": "string", - "description": "IP address of the site where the request originates. Use this if you want to enforce per-user limits.", - "location": "query" - } - }, - "auth": { - "oauth2": { - "scopes": { - "https://www.googleapis.com/auth/cloud-platform": { - "description": "View and manage your data across Google Cloud Platform services" - }, - "https://www.googleapis.com/auth/compute": { - "description": "View and manage your Google Compute Engine resources" - }, - "https://www.googleapis.com/auth/compute.readonly": { - "description": "View your Google Compute Engine resources" - }, - "https://www.googleapis.com/auth/devstorage.full_control": { - "description": "Manage your data and permissions in Google Cloud Storage" - }, - "https://www.googleapis.com/auth/devstorage.read_only": { - "description": "View your data in Google Cloud Storage" - }, - "https://www.googleapis.com/auth/devstorage.read_write": { - "description": "Manage your data in Google Cloud Storage" - } - } - } - }, - "schemas": { - "AcceleratorConfig": { - "id": "AcceleratorConfig", - "type": "object", - "description": "A specification of the type and number of accelerator cards attached to the instance.", - "properties": { - "acceleratorCount": { - "type": "integer", - "description": "The number of the guest accelerator cards exposed to this instance.", - "format": "int32" - }, - "acceleratorType": { - "type": "string", - "description": "Full or partial URL of the accelerator type resource to attach to this instance. If you are creating an instance template, specify only the accelerator name." - } - } - }, - "AcceleratorType": { - "id": "AcceleratorType", - "type": "object", - "description": "An Accelerator Type resource. (== resource_for beta.acceleratorTypes ==) (== resource_for v1.acceleratorTypes ==)", - "properties": { - "creationTimestamp": { - "type": "string", - "description": "[Output Only] Creation timestamp in RFC3339 text format." - }, - "deprecated": { - "$ref": "DeprecationStatus", - "description": "[Output Only] The deprecation status associated with this accelerator type." - }, - "description": { - "type": "string", - "description": "[Output Only] An optional textual description of the resource." - }, - "id": { - "type": "string", - "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", - "format": "uint64" - }, - "kind": { - "type": "string", - "description": "[Output Only] The type of the resource. Always compute#acceleratorType for accelerator types.", - "default": "compute#acceleratorType" - }, - "maximumCardsPerInstance": { - "type": "integer", - "description": "[Output Only] Maximum accelerator cards allowed per instance.", - "format": "int32" - }, - "name": { - "type": "string", - "description": "[Output Only] Name of the resource.", - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?" - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined fully-qualified URL for this resource." - }, - "zone": { - "type": "string", - "description": "[Output Only] The name of the zone where the accelerator type resides, such as us-central1-a." - } - } - }, - "AcceleratorTypeAggregatedList": { - "id": "AcceleratorTypeAggregatedList", - "type": "object", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "object", - "description": "A list of AcceleratorTypesScopedList resources.", - "additionalProperties": { - "$ref": "AcceleratorTypesScopedList", - "description": "[Output Only] Name of the scope containing this set of accelerator types." - } - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of resource. Always compute#acceleratorTypeAggregatedList for aggregated lists of accelerator types.", - "default": "compute#acceleratorTypeAggregatedList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "AcceleratorTypeList": { - "id": "AcceleratorTypeList", - "type": "object", - "description": "Contains a list of accelerator types.", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "array", - "description": "A list of AcceleratorType resources.", - "items": { - "$ref": "AcceleratorType" - } - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of resource. Always compute#acceleratorTypeList for lists of accelerator types.", - "default": "compute#acceleratorTypeList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "AcceleratorTypesScopedList": { - "id": "AcceleratorTypesScopedList", - "type": "object", - "properties": { - "acceleratorTypes": { - "type": "array", - "description": "[Output Only] List of accelerator types contained in this scope.", - "items": { - "$ref": "AcceleratorType" - } - }, - "warning": { - "type": "object", - "description": "[Output Only] An informational warning that appears when the accelerator types list is empty.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." + "auth": { + "oauth2": { + "scopes": { + "https://www.googleapis.com/auth/cloud-platform": { + "description": "View and manage your data across Google Cloud Platform services" + }, + "https://www.googleapis.com/auth/compute": { + "description": "View and manage your Google Compute Engine resources" + }, + "https://www.googleapis.com/auth/compute.readonly": { + "description": "View your Google Compute Engine resources" + }, + "https://www.googleapis.com/auth/devstorage.full_control": { + "description": "Manage your data and permissions in Google Cloud Storage" + }, + "https://www.googleapis.com/auth/devstorage.read_only": { + "description": "View your data in Google Cloud Storage" + }, + "https://www.googleapis.com/auth/devstorage.read_write": { + "description": "Manage your data in Google Cloud Storage" + } } - } } - } }, - "AccessConfig": { - "id": "AccessConfig", - "type": "object", - "description": "An access configuration attached to an instance's network interface. Only one access config per instance is supported.", - "properties": { - "kind": { - "type": "string", - "description": "[Output Only] Type of the resource. Always compute#accessConfig for access configs.", - "default": "compute#accessConfig" - }, - "name": { - "type": "string", - "description": "The name of this access configuration. The default and recommended name is External NAT but you can use any arbitrary string you would like. For example, My external IP or Network Access." - }, - "natIP": { - "type": "string", - "description": "An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance." - }, - "type": { - "type": "string", - "description": "The type of configuration. The default and only option is ONE_TO_ONE_NAT.", - "default": "ONE_TO_ONE_NAT", - "enum": [ - "ONE_TO_ONE_NAT" - ], - "enumDescriptions": [ - "" - ] - } - } - }, - "Address": { - "id": "Address", - "type": "object", - "description": "A reserved address resource. (== resource_for beta.addresses ==) (== resource_for v1.addresses ==) (== resource_for beta.globalAddresses ==) (== resource_for v1.globalAddresses ==)", - "properties": { - "address": { - "type": "string", - "description": "The static IP address represented by this resource." - }, - "addressType": { - "type": "string", - "description": "The type of address to reserve, either INTERNAL or EXTERNAL. If unspecified, defaults to EXTERNAL.", - "enum": [ - "EXTERNAL", - "INTERNAL", - "UNSPECIFIED_TYPE" - ], - "enumDescriptions": [ - "", - "", - "" - ] - }, - "creationTimestamp": { - "type": "string", - "description": "[Output Only] Creation timestamp in RFC3339 text format." - }, - "description": { - "type": "string", - "description": "An optional description of this resource. Provide this property when you create the resource." - }, - "id": { - "type": "string", - "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", - "format": "uint64" - }, - "ipVersion": { - "type": "string", - "description": "The IP Version that will be used by this address. Valid options are IPV4 or IPV6. This can only be specified for a global address.", - "enum": [ - "IPV4", - "IPV6", - "UNSPECIFIED_VERSION" - ], - "enumDescriptions": [ - "", - "", - "" - ] - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of the resource. Always compute#address for addresses.", - "default": "compute#address" - }, - "name": { - "type": "string", - "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "annotations": { - "required": [ - "compute.addresses.insert" - ] - } - }, - "region": { - "type": "string", - "description": "[Output Only] URL of the region where the regional address resides. This field is not applicable to global addresses." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for the resource." - }, - "status": { - "type": "string", - "description": "[Output Only] The status of the address, which can be one of RESERVING, RESERVED, or IN_USE. An address that is RESERVING is currently in the process of being reserved. A RESERVED address is currently reserved and available to use. An IN_USE address is currently being used by another resource and is not available.", - "enum": [ - "IN_USE", - "RESERVED" - ], - "enumDescriptions": [ - "", - "" - ] - }, - "subnetwork": { - "type": "string", - "description": "The URL of the subnetwork in which to reserve the address. If an IP address is specified, it must be within the subnetwork's IP range. This field can only be used with INTERNAL type with GCE_ENDPOINT/DNS_RESOLVER purposes." - }, - "users": { - "type": "array", - "description": "[Output Only] The URLs of the resources that are using this address.", - "items": { + "basePath": "/compute/v1/projects/", + "baseUrl": "https://www.googleapis.com/compute/v1/projects/", + "batchPath": "batch/compute/v1", + "description": "Creates and runs virtual machines on Google Cloud Platform.", + "discoveryVersion": "v1", + "documentationLink": "https://developers.google.com/compute/docs/reference/latest/", + "etag": "\"-iA1DTNe4s-I6JZXPt1t1Ypy8IU/VVFHwTcA6SoK5z-8D9nB3uGnswc\"", + "icons": { + "x16": "https://www.google.com/images/icons/product/compute_engine-16.png", + "x32": "https://www.google.com/images/icons/product/compute_engine-32.png" + }, + "id": "compute:v1", + "kind": "discovery#restDescription", + "name": "compute", + "ownerDomain": "google.com", + "ownerName": "Google", + "parameters": { + "alt": { + "default": "json", + "description": "Data format for the response.", + "enum": [ + "json" + ], + "enumDescriptions": [ + "Responses with Content-Type of application/json" + ], + "location": "query", "type": "string" - } - } - } - }, - "AddressAggregatedList": { - "id": "AddressAggregatedList", - "type": "object", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "object", - "description": "A list of AddressesScopedList resources.", - "additionalProperties": { - "$ref": "AddressesScopedList", - "description": "[Output Only] Name of the scope containing this set of addresses." - } - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of resource. Always compute#addressAggregatedList for aggregated lists of addresses.", - "default": "compute#addressAggregatedList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "AddressList": { - "id": "AddressList", - "type": "object", - "description": "Contains a list of addresses.", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "array", - "description": "A list of Address resources.", - "items": { - "$ref": "Address" - } - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of resource. Always compute#addressList for lists of addresses.", - "default": "compute#addressList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "AddressesScopedList": { - "id": "AddressesScopedList", - "type": "object", - "properties": { - "addresses": { - "type": "array", - "description": "[Output Only] List of addresses contained in this scope.", - "items": { - "$ref": "Address" - } - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning which replaces the list of addresses when the list is empty.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "AliasIpRange": { - "id": "AliasIpRange", - "type": "object", - "description": "An alias IP range attached to an instance's network interface.", - "properties": { - "ipCidrRange": { - "type": "string", - "description": "The IP CIDR range represented by this alias IP range. This IP CIDR range must belong to the specified subnetwork and cannot contain IP addresses reserved by system or used by other network interfaces. This range may be a single IP address (e.g. 10.2.3.4), a netmask (e.g. /24) or a CIDR format string (e.g. 10.1.2.0/24)." - }, - "subnetworkRangeName": { - "type": "string", - "description": "Optional subnetwork secondary range name specifying the secondary range from which to allocate the IP CIDR range for this alias IP range. If left unspecified, the primary range of the subnetwork will be used." - } - } - }, - "AttachedDisk": { - "id": "AttachedDisk", - "type": "object", - "description": "An instance-attached disk resource.", - "properties": { - "autoDelete": { - "type": "boolean", - "description": "Specifies whether the disk will be auto-deleted when the instance is deleted (but not when the disk is detached from the instance)." - }, - "boot": { - "type": "boolean", - "description": "Indicates that this is a boot disk. The virtual machine will use the first partition of the disk for its root filesystem." - }, - "deviceName": { - "type": "string", - "description": "Specifies a unique device name of your choice that is reflected into the /dev/disk/by-id/google-* tree of a Linux operating system running within the instance. This name can be used to reference the device for mounting, resizing, and so on, from within the instance.\n\nIf not specified, the server chooses a default device name to apply to this disk, in the form persistent-disks-x, where x is a number assigned by Google Compute Engine. This field is only applicable for persistent disks." - }, - "diskEncryptionKey": { - "$ref": "CustomerEncryptionKey", - "description": "Encrypts or decrypts a disk using a customer-supplied encryption key.\n\nIf you are creating a new disk, this field encrypts the new disk using an encryption key that you provide. If you are attaching an existing disk that is already encrypted, this field decrypts the disk using the customer-supplied encryption key.\n\nIf you encrypt a disk using a customer-supplied key, you must provide the same key again when you attempt to use this resource at a later time. For example, you must provide the key when you create a snapshot or an image from the disk or when you attach the disk to a virtual machine instance.\n\nIf you do not provide an encryption key, then the disk will be encrypted using an automatically generated key and you do not need to provide a key to use the disk later.\n\nInstance templates do not store customer-supplied encryption keys, so you cannot use your own keys to encrypt disks in a managed instance group." - }, - "index": { - "type": "integer", - "description": "[Output Only] A zero-based index to this disk, where 0 is reserved for the boot disk. If you have many disks attached to an instance, each disk would have a unique index number.", - "format": "int32" - }, - "initializeParams": { - "$ref": "AttachedDiskInitializeParams", - "description": "[Input Only] Specifies the parameters for a new disk that will be created alongside the new instance. Use initialization parameters to create boot disks or local SSDs attached to the new instance.\n\nThis property is mutually exclusive with the source property; you can only define one or the other, but not both." - }, - "interface": { - "type": "string", - "description": "Specifies the disk interface to use for attaching this disk, which is either SCSI or NVME. The default is SCSI. Persistent disks must always use SCSI and the request will fail if you attempt to attach a persistent disk in any other format than SCSI. Local SSDs can use either NVME or SCSI. For performance characteristics of SCSI over NVMe, see Local SSD performance.", - "enum": [ - "NVME", - "SCSI" - ], - "enumDescriptions": [ - "", - "" - ] - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of the resource. Always compute#attachedDisk for attached disks.", - "default": "compute#attachedDisk" }, - "licenses": { - "type": "array", - "description": "[Output Only] Any valid publicly visible licenses.", - "items": { - "type": "string" - } - }, - "mode": { - "type": "string", - "description": "The mode in which to attach this disk, either READ_WRITE or READ_ONLY. If not specified, the default is to attach the disk in READ_WRITE mode.", - "enum": [ - "READ_ONLY", - "READ_WRITE" - ], - "enumDescriptions": [ - "", - "" - ] - }, - "source": { - "type": "string", - "description": "Specifies a valid partial or full URL to an existing Persistent Disk resource. When creating a new instance, one of initializeParams.sourceImage or disks.source is required except for local SSD.\n\nIf desired, you can also attach existing non-root persistent disks using this property. This field is only applicable for persistent disks.\n\nNote that for InstanceTemplate, specify the disk name, not the URL for the disk." - }, - "type": { - "type": "string", - "description": "Specifies the type of the disk, either SCRATCH or PERSISTENT. If not specified, the default is PERSISTENT.", - "enum": [ - "PERSISTENT", - "SCRATCH" - ], - "enumDescriptions": [ - "", - "" - ] - } - } - }, - "AttachedDiskInitializeParams": { - "id": "AttachedDiskInitializeParams", - "type": "object", - "description": "[Input Only] Specifies the parameters for a new disk that will be created alongside the new instance. Use initialization parameters to create boot disks or local SSDs attached to the new instance.\n\nThis property is mutually exclusive with the source property; you can only define one or the other, but not both.", - "properties": { - "diskName": { - "type": "string", - "description": "Specifies the disk name. If not specified, the default is to use the name of the instance." - }, - "diskSizeGb": { - "type": "string", - "description": "Specifies the size of the disk in base-2 GB.", - "format": "int64" - }, - "diskType": { - "type": "string", - "description": "Specifies the disk type to use to create the instance. If not specified, the default is pd-standard, specified using the full URL. For example:\n\nhttps://www.googleapis.com/compute/v1/projects/project/zones/zone/diskTypes/pd-standard \n\nOther values include pd-ssd and local-ssd. If you define this field, you can provide either the full or partial URL. For example, the following are valid values: \n- https://www.googleapis.com/compute/v1/projects/project/zones/zone/diskTypes/diskType \n- projects/project/zones/zone/diskTypes/diskType \n- zones/zone/diskTypes/diskType Note that for InstanceTemplate, this is the name of the disk type, not URL." - }, - "labels": { - "type": "object", - "description": "Labels to apply to this disk. These can be later modified by the disks.setLabels method. This field is only applicable for persistent disks.", - "additionalProperties": { + "fields": { + "description": "Selector specifying which fields to include in a partial response.", + "location": "query", "type": "string" - } - }, - "sourceImage": { - "type": "string", - "description": "The source image to create this disk. When creating a new instance, one of initializeParams.sourceImage or disks.source is required except for local SSD.\n\nTo create a disk with one of the public operating system images, specify the image by its family name. For example, specify family/debian-8 to use the latest Debian 8 image:\n\nprojects/debian-cloud/global/images/family/debian-8 \n\nAlternatively, use a specific version of a public operating system image:\n\nprojects/debian-cloud/global/images/debian-8-jessie-vYYYYMMDD \n\nTo create a disk with a custom image that you created, specify the image name in the following format:\n\nglobal/images/my-custom-image \n\nYou can also specify a custom image by its image family, which returns the latest version of the image in that family. Replace the image name with family/family-name:\n\nglobal/images/family/my-image-family \n\nIf the source image is deleted later, this field will not be set." - }, - "sourceImageEncryptionKey": { - "$ref": "CustomerEncryptionKey", - "description": "The customer-supplied encryption key of the source image. Required if the source image is protected by a customer-supplied encryption key.\n\nInstance templates do not store customer-supplied encryption keys, so you cannot create disks for instances in a managed instance group if the source images are encrypted with your own keys." - } - } - }, - "Autoscaler": { - "id": "Autoscaler", - "type": "object", - "description": "Represents an Autoscaler resource. Autoscalers allow you to automatically scale virtual machine instances in managed instance groups according to an autoscaling policy that you define. For more information, read Autoscaling Groups of Instances. (== resource_for beta.autoscalers ==) (== resource_for v1.autoscalers ==) (== resource_for beta.regionAutoscalers ==) (== resource_for v1.regionAutoscalers ==)", - "properties": { - "autoscalingPolicy": { - "$ref": "AutoscalingPolicy", - "description": "The configuration parameters for the autoscaling algorithm. You can define one or more of the policies for an autoscaler: cpuUtilization, customMetricUtilizations, and loadBalancingUtilization.\n\nIf none of these are specified, the default will be to autoscale based on cpuUtilization to 0.6 or 60%." - }, - "creationTimestamp": { - "type": "string", - "description": "[Output Only] Creation timestamp in RFC3339 text format." - }, - "description": { - "type": "string", - "description": "An optional description of this resource. Provide this property when you create the resource." - }, - "id": { - "type": "string", - "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", - "format": "uint64" - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of the resource. Always compute#autoscaler for autoscalers.", - "default": "compute#autoscaler" - }, - "name": { - "type": "string", - "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "annotations": { - "required": [ - "compute.instanceGroups.insert" - ] - } - }, - "region": { - "type": "string", - "description": "[Output Only] URL of the region where the instance group resides (for autoscalers living in regional scope)." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for the resource." - }, - "status": { - "type": "string", - "description": "[Output Only] The status of the autoscaler configuration.", - "enum": [ - "ACTIVE", - "DELETING", - "ERROR", - "PENDING" - ], - "enumDescriptions": [ - "", - "", - "", - "" - ] - }, - "statusDetails": { - "type": "array", - "description": "[Output Only] Human-readable details about the current state of the autoscaler. Read the documentation for Commonly returned status messages for examples of status messages you might encounter.", - "items": { - "$ref": "AutoscalerStatusDetails" - } - }, - "target": { - "type": "string", - "description": "URL of the managed instance group that this autoscaler will scale." - }, - "zone": { - "type": "string", - "description": "[Output Only] URL of the zone where the instance group resides (for autoscalers living in zonal scope)." - } - } - }, - "AutoscalerAggregatedList": { - "id": "AutoscalerAggregatedList", - "type": "object", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "object", - "description": "A list of AutoscalersScopedList resources.", - "additionalProperties": { - "$ref": "AutoscalersScopedList", - "description": "[Output Only] Name of the scope containing this set of autoscalers." - } - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of resource. Always compute#autoscalerAggregatedList for aggregated lists of autoscalers.", - "default": "compute#autoscalerAggregatedList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "AutoscalerList": { - "id": "AutoscalerList", - "type": "object", - "description": "Contains a list of Autoscaler resources.", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "array", - "description": "A list of Autoscaler resources.", - "items": { - "$ref": "Autoscaler" - } - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of resource. Always compute#autoscalerList for lists of autoscalers.", - "default": "compute#autoscalerList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "AutoscalerStatusDetails": { - "id": "AutoscalerStatusDetails", - "type": "object", - "properties": { - "message": { - "type": "string", - "description": "The status message." - }, - "type": { - "type": "string", - "description": "The type of error returned.", - "enum": [ - "ALL_INSTANCES_UNHEALTHY", - "BACKEND_SERVICE_DOES_NOT_EXIST", - "CAPPED_AT_MAX_NUM_REPLICAS", - "CUSTOM_METRIC_DATA_POINTS_TOO_SPARSE", - "CUSTOM_METRIC_INVALID", - "MIN_EQUALS_MAX", - "MISSING_CUSTOM_METRIC_DATA_POINTS", - "MISSING_LOAD_BALANCING_DATA_POINTS", - "MORE_THAN_ONE_BACKEND_SERVICE", - "NOT_ENOUGH_QUOTA_AVAILABLE", - "REGION_RESOURCE_STOCKOUT", - "SCALING_TARGET_DOES_NOT_EXIST", - "UNKNOWN", - "UNSUPPORTED_MAX_RATE_LOAD_BALANCING_CONFIGURATION", - "ZONE_RESOURCE_STOCKOUT" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - } - } - }, - "AutoscalersScopedList": { - "id": "AutoscalersScopedList", - "type": "object", - "properties": { - "autoscalers": { - "type": "array", - "description": "[Output Only] List of autoscalers contained in this scope.", - "items": { - "$ref": "Autoscaler" - } - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning which replaces the list of autoscalers when the list is empty.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "AutoscalingPolicy": { - "id": "AutoscalingPolicy", - "type": "object", - "description": "Cloud Autoscaler policy.", - "properties": { - "coolDownPeriodSec": { - "type": "integer", - "description": "The number of seconds that the autoscaler should wait before it starts collecting information from a new instance. This prevents the autoscaler from collecting information when the instance is initializing, during which the collected usage would not be reliable. The default time autoscaler waits is 60 seconds.\n\nVirtual machine initialization times might vary because of numerous factors. We recommend that you test how long an instance may take to initialize. To do this, create an instance and time the startup process.", - "format": "int32" - }, - "cpuUtilization": { - "$ref": "AutoscalingPolicyCpuUtilization", - "description": "Defines the CPU utilization policy that allows the autoscaler to scale based on the average CPU utilization of a managed instance group." - }, - "customMetricUtilizations": { - "type": "array", - "description": "Configuration parameters of autoscaling based on a custom metric.", - "items": { - "$ref": "AutoscalingPolicyCustomMetricUtilization" - } - }, - "loadBalancingUtilization": { - "$ref": "AutoscalingPolicyLoadBalancingUtilization", - "description": "Configuration parameters of autoscaling based on load balancer." - }, - "maxNumReplicas": { - "type": "integer", - "description": "The maximum number of instances that the autoscaler can scale up to. This is required when creating or updating an autoscaler. The maximum number of replicas should not be lower than minimal number of replicas.", - "format": "int32" - }, - "minNumReplicas": { - "type": "integer", - "description": "The minimum number of replicas that the autoscaler can scale down to. This cannot be less than 0. If not provided, autoscaler will choose a default value depending on maximum number of instances allowed.", - "format": "int32" - } - } - }, - "AutoscalingPolicyCpuUtilization": { - "id": "AutoscalingPolicyCpuUtilization", - "type": "object", - "description": "CPU utilization policy.", - "properties": { - "utilizationTarget": { - "type": "number", - "description": "The target CPU utilization that the autoscaler should maintain. Must be a float value in the range (0, 1]. If not specified, the default is 0.6.\n\nIf the CPU level is below the target utilization, the autoscaler scales down the number of instances until it reaches the minimum number of instances you specified or until the average CPU of your instances reaches the target utilization.\n\nIf the average CPU is above the target utilization, the autoscaler scales up until it reaches the maximum number of instances you specified or until the average utilization reaches the target utilization.", - "format": "double" - } - } - }, - "AutoscalingPolicyCustomMetricUtilization": { - "id": "AutoscalingPolicyCustomMetricUtilization", - "type": "object", - "description": "Custom utilization metric policy.", - "properties": { - "metric": { - "type": "string", - "description": "The identifier (type) of the Stackdriver Monitoring metric. The metric cannot have negative values.\n\nThe metric must have a value type of INT64 or DOUBLE." - }, - "utilizationTarget": { - "type": "number", - "description": "The target value of the metric that autoscaler should maintain. This must be a positive value. A utilization metric scales number of virtual machines handling requests to increase or decrease proportionally to the metric.\n\nFor example, a good metric to use as a utilization_target is compute.googleapis.com/instance/network/received_bytes_count. The autoscaler will work to keep this value constant for each of the instances.", - "format": "double" - }, - "utilizationTargetType": { - "type": "string", - "description": "Defines how target utilization value is expressed for a Stackdriver Monitoring metric. Either GAUGE, DELTA_PER_SECOND, or DELTA_PER_MINUTE. If not specified, the default is GAUGE.", - "enum": [ - "DELTA_PER_MINUTE", - "DELTA_PER_SECOND", - "GAUGE" - ], - "enumDescriptions": [ - "", - "", - "" - ] - } - } - }, - "AutoscalingPolicyLoadBalancingUtilization": { - "id": "AutoscalingPolicyLoadBalancingUtilization", - "type": "object", - "description": "Configuration parameters of autoscaling based on load balancing.", - "properties": { - "utilizationTarget": { - "type": "number", - "description": "Fraction of backend capacity utilization (set in HTTP(s) load balancing configuration) that autoscaler should maintain. Must be a positive float value. If not defined, the default is 0.8.", - "format": "double" - } - } - }, - "Backend": { - "id": "Backend", - "type": "object", - "description": "Message containing information of one individual backend.", - "properties": { - "balancingMode": { - "type": "string", - "description": "Specifies the balancing mode for this backend. For global HTTP(S) or TCP/SSL load balancing, the default is UTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S)) and CONNECTION (for TCP/SSL).\n\nFor Internal Load Balancing, the default and only supported mode is CONNECTION.", - "enum": [ - "CONNECTION", - "RATE", - "UTILIZATION" - ], - "enumDescriptions": [ - "", - "", - "" - ] - }, - "capacityScaler": { - "type": "number", - "description": "A multiplier applied to the group's maximum servicing capacity (based on UTILIZATION, RATE or CONNECTION). Default value is 1, which means the group will serve up to 100% of its configured capacity (depending on balancingMode). A setting of 0 means the group is completely drained, offering 0% of its available Capacity. Valid range is [0.0,1.0].\n\nThis cannot be used for internal load balancing.", - "format": "float" - }, - "description": { - "type": "string", - "description": "An optional description of this resource. Provide this property when you create the resource." - }, - "group": { - "type": "string", - "description": "The fully-qualified URL of a Instance Group resource. This instance group defines the list of instances that serve traffic. Member virtual machine instances from each instance group must live in the same zone as the instance group itself. No two backends in a backend service are allowed to use same Instance Group resource.\n\nNote that you must specify an Instance Group resource using the fully-qualified URL, rather than a partial URL.\n\nWhen the BackendService has load balancing scheme INTERNAL, the instance group must be within the same region as the BackendService." - }, - "maxConnections": { - "type": "integer", - "description": "The max number of simultaneous connections for the group. Can be used with either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or maxConnectionsPerInstance must be set.\n\nThis cannot be used for internal load balancing.", - "format": "int32" - }, - "maxConnectionsPerInstance": { - "type": "integer", - "description": "The max number of simultaneous connections that a single backend instance can handle. This is used to calculate the capacity of the group. Can be used in either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or maxConnectionsPerInstance must be set.\n\nThis cannot be used for internal load balancing.", - "format": "int32" - }, - "maxRate": { - "type": "integer", - "description": "The max requests per second (RPS) of the group. Can be used with either RATE or UTILIZATION balancing modes, but required if RATE mode. For RATE mode, either maxRate or maxRatePerInstance must be set.\n\nThis cannot be used for internal load balancing.", - "format": "int32" - }, - "maxRatePerInstance": { - "type": "number", - "description": "The max requests per second (RPS) that a single backend instance can handle. This is used to calculate the capacity of the group. Can be used in either balancing mode. For RATE mode, either maxRate or maxRatePerInstance must be set.\n\nThis cannot be used for internal load balancing.", - "format": "float" - }, - "maxUtilization": { - "type": "number", - "description": "Used when balancingMode is UTILIZATION. This ratio defines the CPU utilization target for the group. The default is 0.8. Valid range is [0.0, 1.0].\n\nThis cannot be used for internal load balancing.", - "format": "float" - } - } - }, - "BackendBucket": { - "id": "BackendBucket", - "type": "object", - "description": "A BackendBucket resource. This resource defines a Cloud Storage bucket.", - "properties": { - "bucketName": { - "type": "string", - "description": "Cloud Storage bucket name." - }, - "creationTimestamp": { - "type": "string", - "description": "[Output Only] Creation timestamp in RFC3339 text format." - }, - "description": { - "type": "string", - "description": "An optional textual description of the resource; provided by the client when the resource is created." - }, - "enableCdn": { - "type": "boolean", - "description": "If true, enable Cloud CDN for this BackendBucket." - }, - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server.", - "format": "uint64" - }, - "kind": { - "type": "string", - "description": "Type of the resource.", - "default": "compute#backendBucket" - }, - "name": { - "type": "string", - "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?" - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for the resource." - } - } - }, - "BackendBucketList": { - "id": "BackendBucketList", - "type": "object", - "description": "Contains a list of BackendBucket resources.", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "array", - "description": "A list of BackendBucket resources.", - "items": { - "$ref": "BackendBucket" - } - }, - "kind": { - "type": "string", - "description": "Type of resource.", - "default": "compute#backendBucketList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "BackendService": { - "id": "BackendService", - "type": "object", - "description": "A BackendService resource. This resource defines a group of backend virtual machines and their serving capacity. (== resource_for v1.backendService ==) (== resource_for beta.backendService ==)", - "properties": { - "affinityCookieTtlSec": { - "type": "integer", - "description": "Lifetime of cookies in seconds if session_affinity is GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts only until the end of the browser session (or equivalent). The maximum allowed value for TTL is one day.\n\nWhen the load balancing scheme is INTERNAL, this field is not used.", - "format": "int32" - }, - "backends": { - "type": "array", - "description": "The list of backends that serve this BackendService.", - "items": { - "$ref": "Backend" - } - }, - "cdnPolicy": { - "$ref": "BackendServiceCdnPolicy", - "description": "Cloud CDN configuration for this BackendService." - }, - "connectionDraining": { - "$ref": "ConnectionDraining" - }, - "creationTimestamp": { - "type": "string", - "description": "[Output Only] Creation timestamp in RFC3339 text format." - }, - "description": { - "type": "string", - "description": "An optional description of this resource. Provide this property when you create the resource." - }, - "enableCDN": { - "type": "boolean", - "description": "If true, enable Cloud CDN for this BackendService.\n\nWhen the load balancing scheme is INTERNAL, this field is not used." - }, - "fingerprint": { - "type": "string", - "description": "Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. This field will be ignored when inserting a BackendService. An up-to-date fingerprint must be provided in order to update the BackendService.", - "format": "byte" }, - "healthChecks": { - "type": "array", - "description": "The list of URLs to the HttpHealthCheck or HttpsHealthCheck resource for health checking this BackendService. Currently at most one health check can be specified, and a health check is required for Compute Engine backend services. A health check must not be specified for App Engine backend and Cloud Function backend.\n\nFor internal load balancing, a URL to a HealthCheck resource must be specified instead.", - "items": { - "type": "string" - } - }, - "iap": { - "$ref": "BackendServiceIAP" - }, - "id": { - "type": "string", - "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", - "format": "uint64" - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of resource. Always compute#backendService for backend services.", - "default": "compute#backendService" - }, - "loadBalancingScheme": { - "type": "string", - "description": "Indicates whether the backend service will be used with internal or external load balancing. A backend service created for one type of load balancing cannot be used with the other. Possible values are INTERNAL and EXTERNAL.", - "enum": [ - "EXTERNAL", - "INTERNAL", - "INVALID_LOAD_BALANCING_SCHEME" - ], - "enumDescriptions": [ - "", - "", - "" - ] - }, - "name": { - "type": "string", - "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?" - }, - "port": { - "type": "integer", - "description": "Deprecated in favor of portName. The TCP port to connect on the backend. The default value is 80.\n\nThis cannot be used for internal load balancing.", - "format": "int32" - }, - "portName": { - "type": "string", - "description": "Name of backend port. The same name should appear in the instance groups referenced by this service. Required when the load balancing scheme is EXTERNAL.\n\nWhen the load balancing scheme is INTERNAL, this field is not used." - }, - "protocol": { - "type": "string", - "description": "The protocol this BackendService uses to communicate with backends.\n\nPossible values are HTTP, HTTPS, TCP, and SSL. The default is HTTP.\n\nFor internal load balancing, the possible values are TCP and UDP, and the default is TCP.", - "enum": [ - "HTTP", - "HTTPS", - "SSL", - "TCP", - "UDP" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "" - ] - }, - "region": { - "type": "string", - "description": "[Output Only] URL of the region where the regional backend service resides. This field is not applicable to global backend services." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for the resource." - }, - "sessionAffinity": { - "type": "string", - "description": "Type of session affinity to use. The default is NONE.\n\nWhen the load balancing scheme is EXTERNAL, can be NONE, CLIENT_IP, or GENERATED_COOKIE.\n\nWhen the load balancing scheme is INTERNAL, can be NONE, CLIENT_IP, CLIENT_IP_PROTO, or CLIENT_IP_PORT_PROTO.\n\nWhen the protocol is UDP, this field is not used.", - "enum": [ - "CLIENT_IP", - "CLIENT_IP_PORT_PROTO", - "CLIENT_IP_PROTO", - "GENERATED_COOKIE", - "NONE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "" - ] - }, - "timeoutSec": { - "type": "integer", - "description": "How many seconds to wait for the backend before considering it a failed request. Default is 30 seconds.", - "format": "int32" - } - } - }, - "BackendServiceAggregatedList": { - "id": "BackendServiceAggregatedList", - "type": "object", - "description": "Contains a list of BackendServicesScopedList.", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "object", - "description": "A list of BackendServicesScopedList resources.", - "additionalProperties": { - "$ref": "BackendServicesScopedList", - "description": "Name of the scope containing this set of BackendServices." - } - }, - "kind": { - "type": "string", - "description": "Type of resource.", - "default": "compute#backendServiceAggregatedList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "BackendServiceCdnPolicy": { - "id": "BackendServiceCdnPolicy", - "type": "object", - "description": "Message containing Cloud CDN configuration for a backend service.", - "properties": { - "cacheKeyPolicy": { - "$ref": "CacheKeyPolicy", - "description": "The CacheKeyPolicy for this CdnPolicy." - } - } - }, - "BackendServiceGroupHealth": { - "id": "BackendServiceGroupHealth", - "type": "object", - "properties": { - "healthStatus": { - "type": "array", - "items": { - "$ref": "HealthStatus" - } - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of resource. Always compute#backendServiceGroupHealth for the health of backend services.", - "default": "compute#backendServiceGroupHealth" - } - } - }, - "BackendServiceIAP": { - "id": "BackendServiceIAP", - "type": "object", - "description": "Identity-Aware Proxy", - "properties": { - "enabled": { - "type": "boolean" - }, - "oauth2ClientId": { - "type": "string" - }, - "oauth2ClientSecret": { - "type": "string" - }, - "oauth2ClientSecretSha256": { - "type": "string", - "description": "[Output Only] SHA256 hash value for the field oauth2_client_secret above." - } - } - }, - "BackendServiceList": { - "id": "BackendServiceList", - "type": "object", - "description": "Contains a list of BackendService resources.", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "array", - "description": "A list of BackendService resources.", - "items": { - "$ref": "BackendService" - } - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of resource. Always compute#backendServiceList for lists of backend services.", - "default": "compute#backendServiceList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "BackendServicesScopedList": { - "id": "BackendServicesScopedList", - "type": "object", - "properties": { - "backendServices": { - "type": "array", - "description": "List of BackendServices contained in this scope.", - "items": { - "$ref": "BackendService" - } - }, - "warning": { - "type": "object", - "description": "Informational warning which replaces the list of backend services when the list is empty.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "CacheInvalidationRule": { - "id": "CacheInvalidationRule", - "type": "object", - "properties": { - "host": { - "type": "string", - "description": "If set, this invalidation rule will only apply to requests with a Host header matching host." - }, - "path": { - "type": "string" - } - } - }, - "CacheKeyPolicy": { - "id": "CacheKeyPolicy", - "type": "object", - "description": "Message containing what to include in the cache key for a request for Cloud CDN.", - "properties": { - "includeHost": { - "type": "boolean", - "description": "If true, requests to different hosts will be cached separately." - }, - "includeProtocol": { - "type": "boolean", - "description": "If true, http and https requests will be cached separately." - }, - "includeQueryString": { - "type": "boolean", - "description": "If true, include query string parameters in the cache key according to query_string_whitelist and query_string_blacklist. If neither is set, the entire query string will be included. If false, the query string will be excluded from the cache key entirely." - }, - "queryStringBlacklist": { - "type": "array", - "description": "Names of query string parameters to exclude in cache keys. All other parameters will be included. Either specify query_string_whitelist or query_string_blacklist, not both. '&' and '=' will be percent encoded and not treated as delimiters.", - "items": { + "key": { + "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.", + "location": "query", "type": "string" - } }, - "queryStringWhitelist": { - "type": "array", - "description": "Names of query string parameters to include in cache keys. All other parameters will be excluded. Either specify query_string_whitelist or query_string_blacklist, not both. '&' and '=' will be percent encoded and not treated as delimiters.", - "items": { - "type": "string" - } - } - } - }, - "Commitment": { - "id": "Commitment", - "type": "object", - "description": "Represents a Commitment resource. Creating a Commitment resource means that you are purchasing a committed use contract with an explicit start and end time. You can create commitments based on vCPUs and memory usage and receive discounted rates. For full details, read Signing Up for Committed Use Discounts.\n\nCommitted use discounts are subject to Google Cloud Platform's Service Specific Terms. By purchasing a committed use discount, you agree to these terms. Committed use discounts will not renew, so you must purchase a new commitment to continue receiving discounts. (== resource_for beta.commitments ==) (== resource_for v1.commitments ==)", - "properties": { - "creationTimestamp": { - "type": "string", - "description": "[Output Only] Creation timestamp in RFC3339 text format." - }, - "description": { - "type": "string", - "description": "An optional description of this resource. Provide this property when you create the resource." - }, - "endTimestamp": { - "type": "string", - "description": "[Output Only] Commitment end time in RFC3339 text format." - }, - "id": { - "type": "string", - "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", - "format": "uint64" - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of the resource. Always compute#commitment for commitments.", - "default": "compute#commitment" - }, - "name": { - "type": "string", - "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?" - }, - "plan": { - "type": "string", - "description": "The plan for this commitment, which determines duration and discount rate. The currently supported plans are TWELVE_MONTH (1 year), and THIRTY_SIX_MONTH (3 years).", - "enum": [ - "INVALID", - "THIRTY_SIX_MONTH", - "TWELVE_MONTH" - ], - "enumDescriptions": [ - "", - "", - "" - ] - }, - "region": { - "type": "string", - "description": "[Output Only] URL of the region where this commitment may be used." - }, - "resources": { - "type": "array", - "description": "List of commitment amounts for particular resources. Note that VCPU and MEMORY resource commitments must occur together.", - "items": { - "$ref": "ResourceCommitment" - } - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for the resource." - }, - "startTimestamp": { - "type": "string", - "description": "[Output Only] Commitment start time in RFC3339 text format." - }, - "status": { - "type": "string", - "description": "[Output Only] Status of the commitment with regards to eventual expiration (each commitment has an end date defined). One of the following values: NOT_YET_ACTIVE, ACTIVE, EXPIRED.", - "enum": [ - "ACTIVE", - "CREATING", - "EXPIRED", - "NOT_YET_ACTIVE" - ], - "enumDescriptions": [ - "", - "", - "", - "" - ] - }, - "statusMessage": { - "type": "string", - "description": "[Output Only] An optional, human-readable explanation of the status." - } - } - }, - "CommitmentAggregatedList": { - "id": "CommitmentAggregatedList", - "type": "object", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "object", - "description": "A list of CommitmentsScopedList resources.", - "additionalProperties": { - "$ref": "CommitmentsScopedList", - "description": "[Output Only] Name of the scope containing this set of commitments." - } - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of resource. Always compute#commitmentAggregatedList for aggregated lists of commitments.", - "default": "compute#commitmentAggregatedList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "CommitmentList": { - "id": "CommitmentList", - "type": "object", - "description": "Contains a list of Commitment resources.", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "array", - "description": "A list of Commitment resources.", - "items": { - "$ref": "Commitment" - } - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of resource. Always compute#commitmentList for lists of commitments.", - "default": "compute#commitmentList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "CommitmentsScopedList": { - "id": "CommitmentsScopedList", - "type": "object", - "properties": { - "commitments": { - "type": "array", - "description": "[Output Only] List of commitments contained in this scope.", - "items": { - "$ref": "Commitment" - } - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning which replaces the list of commitments when the list is empty.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "ConnectionDraining": { - "id": "ConnectionDraining", - "type": "object", - "description": "Message containing connection draining configuration.", - "properties": { - "drainingTimeoutSec": { - "type": "integer", - "description": "Time for which instance will be drained (not accept new connections, but still work to finish started).", - "format": "int32" - } - } - }, - "CustomerEncryptionKey": { - "id": "CustomerEncryptionKey", - "type": "object", - "description": "Represents a customer-supplied encryption key", - "properties": { - "rawKey": { - "type": "string", - "description": "Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource." - }, - "sha256": { - "type": "string", - "description": "[Output only] The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource." - } - } - }, - "CustomerEncryptionKeyProtectedDisk": { - "id": "CustomerEncryptionKeyProtectedDisk", - "type": "object", - "properties": { - "diskEncryptionKey": { - "$ref": "CustomerEncryptionKey", - "description": "Decrypts data associated with the disk with a customer-supplied encryption key." - }, - "source": { - "type": "string", - "description": "Specifies a valid partial or full URL to an existing Persistent Disk resource. This field is only applicable for persistent disks." - } - } - }, - "DeprecationStatus": { - "id": "DeprecationStatus", - "type": "object", - "description": "Deprecation status for a public resource.", - "properties": { - "deleted": { - "type": "string", - "description": "An optional RFC3339 timestamp on or after which the state of this resource is intended to change to DELETED. This is only informational and the status will not change unless the client explicitly changes it." - }, - "deprecated": { - "type": "string", - "description": "An optional RFC3339 timestamp on or after which the state of this resource is intended to change to DEPRECATED. This is only informational and the status will not change unless the client explicitly changes it." - }, - "obsolete": { - "type": "string", - "description": "An optional RFC3339 timestamp on or after which the state of this resource is intended to change to OBSOLETE. This is only informational and the status will not change unless the client explicitly changes it." - }, - "replacement": { - "type": "string", - "description": "The URL of the suggested replacement for a deprecated resource. The suggested replacement resource must be the same kind of resource as the deprecated resource." - }, - "state": { - "type": "string", - "description": "The deprecation state of this resource. This can be DEPRECATED, OBSOLETE, or DELETED. Operations which create a new resource using a DEPRECATED resource will return successfully, but with a warning indicating the deprecated resource and recommending its replacement. Operations which use OBSOLETE or DELETED resources will be rejected and result in an error.", - "enum": [ - "DELETED", - "DEPRECATED", - "OBSOLETE" - ], - "enumDescriptions": [ - "", - "", - "" - ] - } - } - }, - "Disk": { - "id": "Disk", - "type": "object", - "description": "A Disk resource. (== resource_for beta.disks ==) (== resource_for v1.disks ==)", - "properties": { - "creationTimestamp": { - "type": "string", - "description": "[Output Only] Creation timestamp in RFC3339 text format." - }, - "description": { - "type": "string", - "description": "An optional description of this resource. Provide this property when you create the resource." - }, - "diskEncryptionKey": { - "$ref": "CustomerEncryptionKey", - "description": "Encrypts the disk using a customer-supplied encryption key.\n\nAfter you encrypt a disk with a customer-supplied key, you must provide the same key if you use the disk later (e.g. to create a disk snapshot or an image, or to attach the disk to a virtual machine).\n\nCustomer-supplied encryption keys do not protect access to metadata of the disk.\n\nIf you do not provide an encryption key when creating the disk, then the disk will be encrypted using an automatically generated key and you do not need to provide a key to use the disk later." - }, - "id": { - "type": "string", - "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", - "format": "uint64" - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of the resource. Always compute#disk for disks.", - "default": "compute#disk" - }, - "labelFingerprint": { - "type": "string", - "description": "A fingerprint for the labels being applied to this disk, which is essentially a hash of the labels set used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash in order to update or change labels.\n\nTo see the latest fingerprint, make a get() request to retrieve a disk.", - "format": "byte" - }, - "labels": { - "type": "object", - "description": "Labels to apply to this disk. These can be later modified by the setLabels method.", - "additionalProperties": { + "oauth_token": { + "description": "OAuth 2.0 token for the current user.", + "location": "query", "type": "string" - } }, - "lastAttachTimestamp": { - "type": "string", - "description": "[Output Only] Last attach timestamp in RFC3339 text format." + "prettyPrint": { + "default": "true", + "description": "Returns response with indentations and line breaks.", + "location": "query", + "type": "boolean" }, - "lastDetachTimestamp": { - "type": "string", - "description": "[Output Only] Last detach timestamp in RFC3339 text format." - }, - "licenses": { - "type": "array", - "description": "Any applicable publicly visible licenses.", - "items": { + "quotaUser": { + "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. Overrides userIp if both are provided.", + "location": "query", "type": "string" - } - }, - "name": { - "type": "string", - "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "annotations": { - "required": [ - "compute.disks.insert" - ] - } - }, - "options": { - "type": "string", - "description": "Internal use only." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined fully-qualified URL for this resource." - }, - "sizeGb": { - "type": "string", - "description": "Size of the persistent disk, specified in GB. You can specify this field when creating a persistent disk using the sourceImage or sourceSnapshot parameter, or specify it alone to create an empty persistent disk.\n\nIf you specify this field along with sourceImage or sourceSnapshot, the value of sizeGb must not be less than the size of the sourceImage or the size of the snapshot. Acceptable values are 1 to 65536, inclusive.", - "format": "int64" - }, - "sourceImage": { - "type": "string", - "description": "The source image used to create this disk. If the source image is deleted, this field will not be set.\n\nTo create a disk with one of the public operating system images, specify the image by its family name. For example, specify family/debian-8 to use the latest Debian 8 image:\n\nprojects/debian-cloud/global/images/family/debian-8 \n\nAlternatively, use a specific version of a public operating system image:\n\nprojects/debian-cloud/global/images/debian-8-jessie-vYYYYMMDD \n\nTo create a disk with a custom image that you created, specify the image name in the following format:\n\nglobal/images/my-custom-image \n\nYou can also specify a custom image by its image family, which returns the latest version of the image in that family. Replace the image name with family/family-name:\n\nglobal/images/family/my-image-family" - }, - "sourceImageEncryptionKey": { - "$ref": "CustomerEncryptionKey", - "description": "The customer-supplied encryption key of the source image. Required if the source image is protected by a customer-supplied encryption key." - }, - "sourceImageId": { - "type": "string", - "description": "[Output Only] The ID value of the image used to create this disk. This value identifies the exact image that was used to create this persistent disk. For example, if you created the persistent disk from an image that was later deleted and recreated under the same name, the source image ID would identify the exact version of the image that was used." - }, - "sourceSnapshot": { - "type": "string", - "description": "The source snapshot used to create this disk. You can provide this as a partial or full URL to the resource. For example, the following are valid values: \n- https://www.googleapis.com/compute/v1/projects/project/global/snapshots/snapshot \n- projects/project/global/snapshots/snapshot \n- global/snapshots/snapshot" - }, - "sourceSnapshotEncryptionKey": { - "$ref": "CustomerEncryptionKey", - "description": "The customer-supplied encryption key of the source snapshot. Required if the source snapshot is protected by a customer-supplied encryption key." - }, - "sourceSnapshotId": { - "type": "string", - "description": "[Output Only] The unique ID of the snapshot used to create this disk. This value identifies the exact snapshot that was used to create this persistent disk. For example, if you created the persistent disk from a snapshot that was later deleted and recreated under the same name, the source snapshot ID would identify the exact version of the snapshot that was used." - }, - "status": { - "type": "string", - "description": "[Output Only] The status of disk creation.", - "enum": [ - "CREATING", - "FAILED", - "READY", - "RESTORING" - ], - "enumDescriptions": [ - "", - "", - "", - "" - ] - }, - "type": { - "type": "string", - "description": "URL of the disk type resource describing which disk type to use to create the disk. Provide this when creating the disk." - }, - "users": { - "type": "array", - "description": "[Output Only] Links to the users of the disk (attached instances) in form: project/zones/zone/instances/instance", - "items": { - "type": "string" - } }, - "zone": { - "type": "string", - "description": "[Output Only] URL of the zone where the disk resides." - } - } - }, - "DiskAggregatedList": { - "id": "DiskAggregatedList", - "type": "object", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "object", - "description": "A list of DisksScopedList resources.", - "additionalProperties": { - "$ref": "DisksScopedList", - "description": "[Output Only] Name of the scope containing this set of disks." - } - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of resource. Always compute#diskAggregatedList for aggregated lists of persistent disks.", - "default": "compute#diskAggregatedList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "DiskList": { - "id": "DiskList", - "type": "object", - "description": "A list of Disk resources.", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "array", - "description": "A list of Disk resources.", - "items": { - "$ref": "Disk" - } - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of resource. Always compute#diskList for lists of disks.", - "default": "compute#diskList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "DiskMoveRequest": { - "id": "DiskMoveRequest", - "type": "object", - "properties": { - "destinationZone": { - "type": "string", - "description": "The URL of the destination zone to move the disk. This can be a full or partial URL. For example, the following are all valid URLs to a zone: \n- https://www.googleapis.com/compute/v1/projects/project/zones/zone \n- projects/project/zones/zone \n- zones/zone" - }, - "targetDisk": { - "type": "string", - "description": "The URL of the target disk to move. This can be a full or partial URL. For example, the following are all valid URLs to a disk: \n- https://www.googleapis.com/compute/v1/projects/project/zones/zone/disks/disk \n- projects/project/zones/zone/disks/disk \n- zones/zone/disks/disk" - } - } - }, - "DiskType": { - "id": "DiskType", - "type": "object", - "description": "A DiskType resource. (== resource_for beta.diskTypes ==) (== resource_for v1.diskTypes ==)", - "properties": { - "creationTimestamp": { - "type": "string", - "description": "[Output Only] Creation timestamp in RFC3339 text format." - }, - "defaultDiskSizeGb": { - "type": "string", - "description": "[Output Only] Server-defined default disk size in GB.", - "format": "int64" - }, - "deprecated": { - "$ref": "DeprecationStatus", - "description": "[Output Only] The deprecation status associated with this disk type." - }, - "description": { - "type": "string", - "description": "[Output Only] An optional description of this resource." - }, - "id": { - "type": "string", - "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", - "format": "uint64" - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of the resource. Always compute#diskType for disk types.", - "default": "compute#diskType" - }, - "name": { - "type": "string", - "description": "[Output Only] Name of the resource.", - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?" - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for the resource." - }, - "validDiskSize": { - "type": "string", - "description": "[Output Only] An optional textual description of the valid disk size, such as \"10GB-10TB\"." - }, - "zone": { - "type": "string", - "description": "[Output Only] URL of the zone where the disk type resides." - } - } - }, - "DiskTypeAggregatedList": { - "id": "DiskTypeAggregatedList", - "type": "object", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "object", - "description": "A list of DiskTypesScopedList resources.", - "additionalProperties": { - "$ref": "DiskTypesScopedList", - "description": "[Output Only] Name of the scope containing this set of disk types." - } - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of resource. Always compute#diskTypeAggregatedList.", - "default": "compute#diskTypeAggregatedList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "DiskTypeList": { - "id": "DiskTypeList", - "type": "object", - "description": "Contains a list of disk types.", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "array", - "description": "A list of DiskType resources.", - "items": { - "$ref": "DiskType" - } - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of resource. Always compute#diskTypeList for disk types.", - "default": "compute#diskTypeList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "DiskTypesScopedList": { - "id": "DiskTypesScopedList", - "type": "object", - "properties": { - "diskTypes": { - "type": "array", - "description": "[Output Only] List of disk types contained in this scope.", - "items": { - "$ref": "DiskType" - } - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning which replaces the list of disk types when the list is empty.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "DisksResizeRequest": { - "id": "DisksResizeRequest", - "type": "object", - "properties": { - "sizeGb": { - "type": "string", - "description": "The new size of the persistent disk, which is specified in GB.", - "format": "int64" - } - } - }, - "DisksScopedList": { - "id": "DisksScopedList", - "type": "object", - "properties": { - "disks": { - "type": "array", - "description": "[Output Only] List of disks contained in this scope.", - "items": { - "$ref": "Disk" - } - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning which replaces the list of disks when the list is empty.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } + "userIp": { + "description": "IP address of the site where the request originates. Use this if you want to enforce per-user limits.", + "location": "query", + "type": "string" } - } }, - "Firewall": { - "id": "Firewall", - "type": "object", - "description": "Represents a Firewall resource.", - "properties": { - "allowed": { - "type": "array", - "description": "The list of ALLOW rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a permitted connection.", - "items": { - "type": "object", - "properties": { - "IPProtocol": { - "type": "string", - "description": "The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number." - }, - "ports": { - "type": "array", - "description": "An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port.\n\nExample inputs include: [\"22\"], [\"80\",\"443\"], and [\"12345-12349\"].", - "items": { - "type": "string" + "protocol": "rest", + "resources": { + "acceleratorTypes": { + "methods": { + "aggregatedList": { + "description": "Retrieves an aggregated list of accelerator types.", + "httpMethod": "GET", + "id": "compute.acceleratorTypes.aggregatedList", + "parameterOrder": [ + "project" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/aggregated/acceleratorTypes", + "response": { + "$ref": "AcceleratorTypeAggregatedList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "get": { + "description": "Returns the specified accelerator type. Get a list of available accelerator types by making a list() request.", + "httpMethod": "GET", + "id": "compute.acceleratorTypes.get", + "parameterOrder": [ + "project", + "zone", + "acceleratorType" + ], + "parameters": { + "acceleratorType": { + "description": "Name of the accelerator type to return.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "zone": { + "description": "The name of the zone for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/acceleratorTypes/{acceleratorType}", + "response": { + "$ref": "AcceleratorType" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "list": { + "description": "Retrieves a list of accelerator types available to the specified project.", + "httpMethod": "GET", + "id": "compute.acceleratorTypes.list", + "parameterOrder": [ + "project", + "zone" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "zone": { + "description": "The name of the zone for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/acceleratorTypes", + "response": { + "$ref": "AcceleratorTypeList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] } - } } - } - }, - "creationTimestamp": { - "type": "string", - "description": "[Output Only] Creation timestamp in RFC3339 text format." }, - "denied": { - "type": "array", - "description": "The list of DENY rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a permitted connection.", - "items": { - "type": "object", - "properties": { - "IPProtocol": { - "type": "string", - "description": "The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number." - }, - "ports": { - "type": "array", - "description": "An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port.\n\nExample inputs include: [\"22\"], [\"80\",\"443\"], and [\"12345-12349\"].", - "items": { - "type": "string" + "addresses": { + "methods": { + "aggregatedList": { + "description": "Retrieves an aggregated list of addresses.", + "httpMethod": "GET", + "id": "compute.addresses.aggregatedList", + "parameterOrder": [ + "project" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/aggregated/addresses", + "response": { + "$ref": "AddressAggregatedList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "delete": { + "description": "Deletes the specified address resource.", + "httpMethod": "DELETE", + "id": "compute.addresses.delete", + "parameterOrder": [ + "project", + "region", + "address" + ], + "parameters": { + "address": { + "description": "Name of the address resource to delete.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/regions/{region}/addresses/{address}", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "get": { + "description": "Returns the specified address resource.", + "httpMethod": "GET", + "id": "compute.addresses.get", + "parameterOrder": [ + "project", + "region", + "address" + ], + "parameters": { + "address": { + "description": "Name of the address resource to return.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}/addresses/{address}", + "response": { + "$ref": "Address" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "insert": { + "description": "Creates an address resource in the specified project using the data included in the request.", + "httpMethod": "POST", + "id": "compute.addresses.insert", + "parameterOrder": [ + "project", + "region" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/regions/{region}/addresses", + "request": { + "$ref": "Address" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "list": { + "description": "Retrieves a list of addresses contained within the specified region.", + "httpMethod": "GET", + "id": "compute.addresses.list", + "parameterOrder": [ + "project", + "region" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}/addresses", + "response": { + "$ref": "AddressList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] } - } } - } }, - "description": { - "type": "string", - "description": "An optional description of this resource. Provide this property when you create the resource." + "autoscalers": { + "methods": { + "aggregatedList": { + "description": "Retrieves an aggregated list of autoscalers.", + "httpMethod": "GET", + "id": "compute.autoscalers.aggregatedList", + "parameterOrder": [ + "project" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/aggregated/autoscalers", + "response": { + "$ref": "AutoscalerAggregatedList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "delete": { + "description": "Deletes the specified autoscaler.", + "httpMethod": "DELETE", + "id": "compute.autoscalers.delete", + "parameterOrder": [ + "project", + "zone", + "autoscaler" + ], + "parameters": { + "autoscaler": { + "description": "Name of the autoscaler to delete.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "zone": { + "description": "Name of the zone for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/autoscalers/{autoscaler}", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "get": { + "description": "Returns the specified autoscaler resource. Get a list of available autoscalers by making a list() request.", + "httpMethod": "GET", + "id": "compute.autoscalers.get", + "parameterOrder": [ + "project", + "zone", + "autoscaler" + ], + "parameters": { + "autoscaler": { + "description": "Name of the autoscaler to return.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "zone": { + "description": "Name of the zone for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/autoscalers/{autoscaler}", + "response": { + "$ref": "Autoscaler" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "insert": { + "description": "Creates an autoscaler in the specified project using the data included in the request.", + "httpMethod": "POST", + "id": "compute.autoscalers.insert", + "parameterOrder": [ + "project", + "zone" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "zone": { + "description": "Name of the zone for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/autoscalers", + "request": { + "$ref": "Autoscaler" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "list": { + "description": "Retrieves a list of autoscalers contained within the specified zone.", + "httpMethod": "GET", + "id": "compute.autoscalers.list", + "parameterOrder": [ + "project", + "zone" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "zone": { + "description": "Name of the zone for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/autoscalers", + "response": { + "$ref": "AutoscalerList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "patch": { + "description": "Updates an autoscaler in the specified project using the data included in the request. This method supports PATCH semantics and uses the JSON merge patch format and processing rules.", + "httpMethod": "PATCH", + "id": "compute.autoscalers.patch", + "parameterOrder": [ + "project", + "zone" + ], + "parameters": { + "autoscaler": { + "description": "Name of the autoscaler to patch.", + "location": "query", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "zone": { + "description": "Name of the zone for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/autoscalers", + "request": { + "$ref": "Autoscaler" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "update": { + "description": "Updates an autoscaler in the specified project using the data included in the request.", + "httpMethod": "PUT", + "id": "compute.autoscalers.update", + "parameterOrder": [ + "project", + "zone" + ], + "parameters": { + "autoscaler": { + "description": "Name of the autoscaler to update.", + "location": "query", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "zone": { + "description": "Name of the zone for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/autoscalers", + "request": { + "$ref": "Autoscaler" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + } + } }, - "destinationRanges": { - "type": "array", - "description": "If destination ranges are specified, the firewall will apply only to traffic that has destination IP address in these ranges. These ranges must be expressed in CIDR format. Only IPv4 is supported.", - "items": { - "type": "string" - } - }, - "direction": { - "type": "string", - "description": "Direction of traffic to which this firewall applies; default is INGRESS. Note: For INGRESS traffic, it is NOT supported to specify destinationRanges; For EGRESS traffic, it is NOT supported to specify sourceRanges OR sourceTags.", - "enum": [ - "EGRESS", - "INGRESS" - ], - "enumDescriptions": [ - "", - "" - ] - }, - "id": { - "type": "string", - "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", - "format": "uint64" - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of the resource. Always compute#firewall for firewall rules.", - "default": "compute#firewall" - }, - "name": { - "type": "string", - "description": "Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "annotations": { - "required": [ - "compute.firewalls.insert", - "compute.firewalls.patch" - ] - } - }, - "network": { - "type": "string", - "description": "URL of the network resource for this firewall rule. If not specified when creating a firewall rule, the default network is used:\nglobal/networks/default\nIf you choose to specify this property, you can specify the network as a full or partial URL. For example, the following are all valid URLs: \n- https://www.googleapis.com/compute/v1/projects/myproject/global/networks/my-network \n- projects/myproject/global/networks/my-network \n- global/networks/default" - }, - "priority": { - "type": "integer", - "description": "Priority for this rule. This is an integer between 0 and 65535, both inclusive. When not specified, the value assumed is 1000. Relative priorities determine precedence of conflicting rules. Lower value of priority implies higher precedence (eg, a rule with priority 0 has higher precedence than a rule with priority 1). DENY rules take precedence over ALLOW rules having equal priority.", - "format": "int32" - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for the resource." - }, - "sourceRanges": { - "type": "array", - "description": "If source ranges are specified, the firewall will apply only to traffic that has source IP address in these ranges. These ranges must be expressed in CIDR format. One or both of sourceRanges and sourceTags may be set. If both properties are set, the firewall will apply to traffic that has source IP address within sourceRanges OR the source IP that belongs to a tag listed in the sourceTags property. The connection does not need to match both properties for the firewall to apply. Only IPv4 is supported.", - "items": { - "type": "string" - } - }, - "sourceServiceAccounts": { - "type": "array", - "description": "If source service accounts are specified, the firewall will apply only to traffic originating from an instance with a service account in this list. Source service accounts cannot be used to control traffic to an instance's external IP address because service accounts are associated with an instance, not an IP address. sourceRanges can be set at the same time as sourceServiceAccounts. If both are set, the firewall will apply to traffic that has source IP address within sourceRanges OR the source IP belongs to an instance with service account listed in sourceServiceAccount. The connection does not need to match both properties for the firewall to apply. sourceServiceAccounts cannot be used at the same time as sourceTags or targetTags.", - "items": { - "type": "string" - } - }, - "sourceTags": { - "type": "array", - "description": "If source tags are specified, the firewall rule applies only to traffic with source IPs that match the primary network interfaces of VM instances that have the tag and are in the same VPC network. Source tags cannot be used to control traffic to an instance's external IP address, it only applies to traffic between instances in the same virtual network. Because tags are associated with instances, not IP addresses. One or both of sourceRanges and sourceTags may be set. If both properties are set, the firewall will apply to traffic that has source IP address within sourceRanges OR the source IP that belongs to a tag listed in the sourceTags property. The connection does not need to match both properties for the firewall to apply.", - "items": { - "type": "string" - } - }, - "targetServiceAccounts": { - "type": "array", - "description": "A list of service accounts indicating sets of instances located in the network that may make network connections as specified in allowed[]. targetServiceAccounts cannot be used at the same time as targetTags or sourceTags. If neither targetServiceAccounts nor targetTags are specified, the firewall rule applies to all instances on the specified network.", - "items": { - "type": "string" - } - }, - "targetTags": { - "type": "array", - "description": "A list of tags that controls which instances the firewall rule applies to. If targetTags are specified, then the firewall rule applies only to instances in the VPC network that have one of those tags. If no targetTags are specified, the firewall rule applies to all instances on the specified network.", - "items": { - "type": "string" - } - } - } - }, - "FirewallList": { - "id": "FirewallList", - "type": "object", - "description": "Contains a list of firewalls.", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "array", - "description": "A list of Firewall resources.", - "items": { - "$ref": "Firewall" - } - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of resource. Always compute#firewallList for lists of firewalls.", - "default": "compute#firewallList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." + "backendBuckets": { + "methods": { + "delete": { + "description": "Deletes the specified BackendBucket resource.", + "httpMethod": "DELETE", + "id": "compute.backendBuckets.delete", + "parameterOrder": [ + "project", + "backendBucket" + ], + "parameters": { + "backendBucket": { + "description": "Name of the BackendBucket resource to delete.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/backendBuckets/{backendBucket}", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "get": { + "description": "Returns the specified BackendBucket resource. Get a list of available backend buckets by making a list() request.", + "httpMethod": "GET", + "id": "compute.backendBuckets.get", + "parameterOrder": [ + "project", + "backendBucket" + ], + "parameters": { + "backendBucket": { + "description": "Name of the BackendBucket resource to return.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/backendBuckets/{backendBucket}", + "response": { + "$ref": "BackendBucket" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "insert": { + "description": "Creates a BackendBucket resource in the specified project using the data included in the request.", + "httpMethod": "POST", + "id": "compute.backendBuckets.insert", + "parameterOrder": [ + "project" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/backendBuckets", + "request": { + "$ref": "BackendBucket" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "list": { + "description": "Retrieves the list of BackendBucket resources available to the specified project.", + "httpMethod": "GET", + "id": "compute.backendBuckets.list", + "parameterOrder": [ + "project" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/backendBuckets", + "response": { + "$ref": "BackendBucketList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "patch": { + "description": "Updates the specified BackendBucket resource with the data included in the request. This method supports PATCH semantics and uses the JSON merge patch format and processing rules.", + "httpMethod": "PATCH", + "id": "compute.backendBuckets.patch", + "parameterOrder": [ + "project", + "backendBucket" + ], + "parameters": { + "backendBucket": { + "description": "Name of the BackendBucket resource to patch.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/backendBuckets/{backendBucket}", + "request": { + "$ref": "BackendBucket" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "update": { + "description": "Updates the specified BackendBucket resource with the data included in the request.", + "httpMethod": "PUT", + "id": "compute.backendBuckets.update", + "parameterOrder": [ + "project", + "backendBucket" + ], + "parameters": { + "backendBucket": { + "description": "Name of the BackendBucket resource to update.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/backendBuckets/{backendBucket}", + "request": { + "$ref": "BackendBucket" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + } } - } - } - } - }, - "ForwardingRule": { - "id": "ForwardingRule", - "type": "object", - "description": "A ForwardingRule resource. A ForwardingRule resource specifies which pool of target virtual machines to forward a packet to if it matches the given [IPAddress, IPProtocol, ports] tuple. (== resource_for beta.forwardingRules ==) (== resource_for v1.forwardingRules ==) (== resource_for beta.globalForwardingRules ==) (== resource_for v1.globalForwardingRules ==) (== resource_for beta.regionForwardingRules ==) (== resource_for v1.regionForwardingRules ==)", - "properties": { - "IPAddress": { - "type": "string", - "description": "The IP address that this forwarding rule is serving on behalf of.\n\nAddresses are restricted based on the forwarding rule's load balancing scheme (EXTERNAL or INTERNAL) and scope (global or regional).\n\nWhen the load balancing scheme is EXTERNAL, for global forwarding rules, the address must be a global IP, and for regional forwarding rules, the address must live in the same region as the forwarding rule. If this field is empty, an ephemeral IPv4 address from the same scope (global or regional) will be assigned. A regional forwarding rule supports IPv4 only. A global forwarding rule supports either IPv4 or IPv6.\n\nWhen the load balancing scheme is INTERNAL, this can only be an RFC 1918 IP address belonging to the network/subnet configured for the forwarding rule. By default, if this field is empty, an ephemeral internal IP address will be automatically allocated from the IP range of the subnet or network configured for this forwarding rule.\n\nAn address can be specified either by a literal IP address or a URL reference to an existing Address resource. The following examples are all valid: \n- 100.1.2.3 \n- https://www.googleapis.com/compute/v1/projects/project/regions/region/addresses/address \n- projects/project/regions/region/addresses/address \n- regions/region/addresses/address \n- global/addresses/address \n- address" - }, - "IPProtocol": { - "type": "string", - "description": "The IP protocol to which this rule applies. Valid options are TCP, UDP, ESP, AH, SCTP or ICMP.\n\nWhen the load balancing scheme is INTERNAL, only TCP and UDP are valid.", - "enum": [ - "AH", - "ESP", - "ICMP", - "SCTP", - "TCP", - "UDP" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "" - ] - }, - "backendService": { - "type": "string", - "description": "This field is not used for external load balancing.\n\nFor internal load balancing, this field identifies the BackendService resource to receive the matched traffic." - }, - "creationTimestamp": { - "type": "string", - "description": "[Output Only] Creation timestamp in RFC3339 text format." - }, - "description": { - "type": "string", - "description": "An optional description of this resource. Provide this property when you create the resource." - }, - "id": { - "type": "string", - "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", - "format": "uint64" - }, - "ipVersion": { - "type": "string", - "description": "The IP Version that will be used by this forwarding rule. Valid options are IPV4 or IPV6. This can only be specified for a global forwarding rule.", - "enum": [ - "IPV4", - "IPV6", - "UNSPECIFIED_VERSION" - ], - "enumDescriptions": [ - "", - "", - "" - ] - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of the resource. Always compute#forwardingRule for Forwarding Rule resources.", - "default": "compute#forwardingRule" - }, - "loadBalancingScheme": { - "type": "string", - "description": "This signifies what the ForwardingRule will be used for and can only take the following values: INTERNAL, EXTERNAL The value of INTERNAL means that this will be used for Internal Network Load Balancing (TCP, UDP). The value of EXTERNAL means that this will be used for External Load Balancing (HTTP(S) LB, External TCP/UDP LB, SSL Proxy)", - "enum": [ - "EXTERNAL", - "INTERNAL", - "INVALID" - ], - "enumDescriptions": [ - "", - "", - "" - ] - }, - "name": { - "type": "string", - "description": "Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?" - }, - "network": { - "type": "string", - "description": "This field is not used for external load balancing.\n\nFor internal load balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If this field is not specified, the default network will be used." - }, - "portRange": { - "type": "string", - "description": "This field is used along with the target field for TargetHttpProxy, TargetHttpsProxy, TargetSslProxy, TargetTcpProxy, TargetVpnGateway, TargetPool, TargetInstance.\n\nApplicable only when IPProtocol is TCP, UDP, or SCTP, only packets addressed to ports in the specified range will be forwarded to target. Forwarding rules with the same [IPAddress, IPProtocol] pair must have disjoint port ranges.\n\nSome types of forwarding target have constraints on the acceptable ports: \n- TargetHttpProxy: 80, 8080 \n- TargetHttpsProxy: 443 \n- TargetTcpProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1883, 5222 \n- TargetSslProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1883, 5222 \n- TargetVpnGateway: 500, 4500\n-" - }, - "ports": { - "type": "array", - "description": "This field is used along with the backend_service field for internal load balancing.\n\nWhen the load balancing scheme is INTERNAL, a single port or a comma separated list of ports can be configured. Only packets addressed to these ports will be forwarded to the backends configured with this forwarding rule.\n\nYou may specify a maximum of up to 5 ports.", - "items": { - "type": "string" - } }, - "region": { - "type": "string", - "description": "[Output Only] URL of the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for the resource." + "backendServices": { + "methods": { + "aggregatedList": { + "description": "Retrieves the list of all BackendService resources, regional and global, available to the specified project.", + "httpMethod": "GET", + "id": "compute.backendServices.aggregatedList", + "parameterOrder": [ + "project" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Name of the project scoping this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/aggregated/backendServices", + "response": { + "$ref": "BackendServiceAggregatedList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "delete": { + "description": "Deletes the specified BackendService resource.", + "httpMethod": "DELETE", + "id": "compute.backendServices.delete", + "parameterOrder": [ + "project", + "backendService" + ], + "parameters": { + "backendService": { + "description": "Name of the BackendService resource to delete.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/backendServices/{backendService}", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "get": { + "description": "Returns the specified BackendService resource. Get a list of available backend services by making a list() request.", + "httpMethod": "GET", + "id": "compute.backendServices.get", + "parameterOrder": [ + "project", + "backendService" + ], + "parameters": { + "backendService": { + "description": "Name of the BackendService resource to return.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/backendServices/{backendService}", + "response": { + "$ref": "BackendService" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "getHealth": { + "description": "Gets the most recent health check results for this BackendService.", + "httpMethod": "POST", + "id": "compute.backendServices.getHealth", + "parameterOrder": [ + "project", + "backendService" + ], + "parameters": { + "backendService": { + "description": "Name of the BackendService resource to which the queried instance belongs.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/backendServices/{backendService}/getHealth", + "request": { + "$ref": "ResourceGroupReference" + }, + "response": { + "$ref": "BackendServiceGroupHealth" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "insert": { + "description": "Creates a BackendService resource in the specified project using the data included in the request. There are several restrictions and guidelines to keep in mind when creating a backend service. Read Restrictions and Guidelines for more information.", + "httpMethod": "POST", + "id": "compute.backendServices.insert", + "parameterOrder": [ + "project" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/backendServices", + "request": { + "$ref": "BackendService" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "list": { + "description": "Retrieves the list of BackendService resources available to the specified project.", + "httpMethod": "GET", + "id": "compute.backendServices.list", + "parameterOrder": [ + "project" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/backendServices", + "response": { + "$ref": "BackendServiceList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "patch": { + "description": "Patches the specified BackendService resource with the data included in the request. There are several restrictions and guidelines to keep in mind when updating a backend service. Read Restrictions and Guidelines for more information. This method supports PATCH semantics and uses the JSON merge patch format and processing rules.", + "httpMethod": "PATCH", + "id": "compute.backendServices.patch", + "parameterOrder": [ + "project", + "backendService" + ], + "parameters": { + "backendService": { + "description": "Name of the BackendService resource to patch.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/backendServices/{backendService}", + "request": { + "$ref": "BackendService" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "update": { + "description": "Updates the specified BackendService resource with the data included in the request. There are several restrictions and guidelines to keep in mind when updating a backend service. Read Restrictions and Guidelines for more information.", + "httpMethod": "PUT", + "id": "compute.backendServices.update", + "parameterOrder": [ + "project", + "backendService" + ], + "parameters": { + "backendService": { + "description": "Name of the BackendService resource to update.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/backendServices/{backendService}", + "request": { + "$ref": "BackendService" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + } + } }, - "subnetwork": { - "type": "string", - "description": "This field is not used for external load balancing.\n\nFor internal load balancing, this field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule.\n\nIf the network specified is in auto subnet mode, this field is optional. However, if the network is in custom subnet mode, a subnetwork must be specified." + "diskTypes": { + "methods": { + "aggregatedList": { + "description": "Retrieves an aggregated list of disk types.", + "httpMethod": "GET", + "id": "compute.diskTypes.aggregatedList", + "parameterOrder": [ + "project" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/aggregated/diskTypes", + "response": { + "$ref": "DiskTypeAggregatedList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "get": { + "description": "Returns the specified disk type. Get a list of available disk types by making a list() request.", + "httpMethod": "GET", + "id": "compute.diskTypes.get", + "parameterOrder": [ + "project", + "zone", + "diskType" + ], + "parameters": { + "diskType": { + "description": "Name of the disk type to return.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "zone": { + "description": "The name of the zone for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/diskTypes/{diskType}", + "response": { + "$ref": "DiskType" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "list": { + "description": "Retrieves a list of disk types available to the specified project.", + "httpMethod": "GET", + "id": "compute.diskTypes.list", + "parameterOrder": [ + "project", + "zone" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "zone": { + "description": "The name of the zone for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/diskTypes", + "response": { + "$ref": "DiskTypeList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + } + } }, - "target": { - "type": "string", - "description": "The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must live in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.\n\nThis field is not used for internal load balancing." - } - } - }, - "ForwardingRuleAggregatedList": { - "id": "ForwardingRuleAggregatedList", - "type": "object", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "object", - "description": "A list of ForwardingRulesScopedList resources.", - "additionalProperties": { - "$ref": "ForwardingRulesScopedList", - "description": "Name of the scope containing this set of addresses." - } - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of resource. Always compute#forwardingRuleAggregatedList for lists of forwarding rules.", - "default": "compute#forwardingRuleAggregatedList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." + "disks": { + "methods": { + "aggregatedList": { + "description": "Retrieves an aggregated list of persistent disks.", + "httpMethod": "GET", + "id": "compute.disks.aggregatedList", + "parameterOrder": [ + "project" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/aggregated/disks", + "response": { + "$ref": "DiskAggregatedList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "createSnapshot": { + "description": "Creates a snapshot of a specified persistent disk.", + "httpMethod": "POST", + "id": "compute.disks.createSnapshot", + "parameterOrder": [ + "project", + "zone", + "disk" + ], + "parameters": { + "disk": { + "description": "Name of the persistent disk to snapshot.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "guestFlush": { + "location": "query", + "type": "boolean" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "zone": { + "description": "The name of the zone for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/disks/{disk}/createSnapshot", + "request": { + "$ref": "Snapshot" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "delete": { + "description": "Deletes the specified persistent disk. Deleting a disk removes its data permanently and is irreversible. However, deleting a disk does not delete any snapshots previously made from the disk. You must separately delete snapshots.", + "httpMethod": "DELETE", + "id": "compute.disks.delete", + "parameterOrder": [ + "project", + "zone", + "disk" + ], + "parameters": { + "disk": { + "description": "Name of the persistent disk to delete.", + "location": "path", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "zone": { + "description": "The name of the zone for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/disks/{disk}", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "get": { + "description": "Returns a specified persistent disk. Get a list of available persistent disks by making a list() request.", + "httpMethod": "GET", + "id": "compute.disks.get", + "parameterOrder": [ + "project", + "zone", + "disk" + ], + "parameters": { + "disk": { + "description": "Name of the persistent disk to return.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "zone": { + "description": "The name of the zone for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/disks/{disk}", + "response": { + "$ref": "Disk" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "insert": { + "description": "Creates a persistent disk in the specified project using the data in the request. You can create a disk with a sourceImage, a sourceSnapshot, or create an empty 500 GB data disk by omitting all properties. You can also create a disk that is larger than the default size by specifying the sizeGb property.", + "httpMethod": "POST", + "id": "compute.disks.insert", + "parameterOrder": [ + "project", + "zone" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "sourceImage": { + "description": "Optional. Source image to restore onto a disk.", + "location": "query", + "type": "string" + }, + "zone": { + "description": "The name of the zone for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/disks", + "request": { + "$ref": "Disk" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "list": { + "description": "Retrieves a list of persistent disks contained within the specified zone.", + "httpMethod": "GET", + "id": "compute.disks.list", + "parameterOrder": [ + "project", + "zone" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "zone": { + "description": "The name of the zone for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/disks", + "response": { + "$ref": "DiskList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "resize": { + "description": "Resizes the specified persistent disk. You can only increase the size of the disk.", + "httpMethod": "POST", + "id": "compute.disks.resize", + "parameterOrder": [ + "project", + "zone", + "disk" + ], + "parameters": { + "disk": { + "description": "The name of the persistent disk.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "zone": { + "description": "The name of the zone for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/disks/{disk}/resize", + "request": { + "$ref": "DisksResizeRequest" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "setLabels": { + "description": "Sets the labels on a disk. To learn more about labels, read the Labeling Resources documentation.", + "httpMethod": "POST", + "id": "compute.disks.setLabels", + "parameterOrder": [ + "project", + "zone", + "resource" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "resource": { + "description": "Name of the resource for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "zone": { + "description": "The name of the zone for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/disks/{resource}/setLabels", + "request": { + "$ref": "ZoneSetLabelsRequest" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + } } - } - } - } - }, - "ForwardingRuleList": { - "id": "ForwardingRuleList", - "type": "object", - "description": "Contains a list of ForwardingRule resources.", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "array", - "description": "A list of ForwardingRule resources.", - "items": { - "$ref": "ForwardingRule" - } - }, - "kind": { - "type": "string", - "description": "Type of resource.", - "default": "compute#forwardingRuleList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." + }, + "firewalls": { + "methods": { + "delete": { + "description": "Deletes the specified firewall.", + "httpMethod": "DELETE", + "id": "compute.firewalls.delete", + "parameterOrder": [ + "project", + "firewall" + ], + "parameters": { + "firewall": { + "description": "Name of the firewall rule to delete.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/firewalls/{firewall}", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "get": { + "description": "Returns the specified firewall.", + "httpMethod": "GET", + "id": "compute.firewalls.get", + "parameterOrder": [ + "project", + "firewall" + ], + "parameters": { + "firewall": { + "description": "Name of the firewall rule to return.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/firewalls/{firewall}", + "response": { + "$ref": "Firewall" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "insert": { + "description": "Creates a firewall rule in the specified project using the data included in the request.", + "httpMethod": "POST", + "id": "compute.firewalls.insert", + "parameterOrder": [ + "project" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/firewalls", + "request": { + "$ref": "Firewall" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "list": { + "description": "Retrieves the list of firewall rules available to the specified project.", + "httpMethod": "GET", + "id": "compute.firewalls.list", + "parameterOrder": [ + "project" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/firewalls", + "response": { + "$ref": "FirewallList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "patch": { + "description": "Updates the specified firewall rule with the data included in the request. This method supports PATCH semantics and uses the JSON merge patch format and processing rules.", + "httpMethod": "PATCH", + "id": "compute.firewalls.patch", + "parameterOrder": [ + "project", + "firewall" + ], + "parameters": { + "firewall": { + "description": "Name of the firewall rule to patch.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/firewalls/{firewall}", + "request": { + "$ref": "Firewall" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "update": { + "description": "Updates the specified firewall rule with the data included in the request. The PUT method can only update the following fields of firewall rule: allowed, description, sourceRanges, sourceTags, targetTags.", + "httpMethod": "PUT", + "id": "compute.firewalls.update", + "parameterOrder": [ + "project", + "firewall" + ], + "parameters": { + "firewall": { + "description": "Name of the firewall rule to update.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/firewalls/{firewall}", + "request": { + "$ref": "Firewall" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + } } - } - } - } - }, - "ForwardingRulesScopedList": { - "id": "ForwardingRulesScopedList", - "type": "object", - "properties": { + }, "forwardingRules": { - "type": "array", - "description": "List of forwarding rules contained in this scope.", - "items": { - "$ref": "ForwardingRule" - } - }, - "warning": { - "type": "object", - "description": "Informational warning which replaces the list of forwarding rules when the list is empty.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." + "methods": { + "aggregatedList": { + "description": "Retrieves an aggregated list of forwarding rules.", + "httpMethod": "GET", + "id": "compute.forwardingRules.aggregatedList", + "parameterOrder": [ + "project" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/aggregated/forwardingRules", + "response": { + "$ref": "ForwardingRuleAggregatedList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "delete": { + "description": "Deletes the specified ForwardingRule resource.", + "httpMethod": "DELETE", + "id": "compute.forwardingRules.delete", + "parameterOrder": [ + "project", + "region", + "forwardingRule" + ], + "parameters": { + "forwardingRule": { + "description": "Name of the ForwardingRule resource to delete.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region scoping this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/regions/{region}/forwardingRules/{forwardingRule}", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "get": { + "description": "Returns the specified ForwardingRule resource.", + "httpMethod": "GET", + "id": "compute.forwardingRules.get", + "parameterOrder": [ + "project", + "region", + "forwardingRule" + ], + "parameters": { + "forwardingRule": { + "description": "Name of the ForwardingRule resource to return.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region scoping this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}/forwardingRules/{forwardingRule}", + "response": { + "$ref": "ForwardingRule" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "insert": { + "description": "Creates a ForwardingRule resource in the specified project and region using the data included in the request.", + "httpMethod": "POST", + "id": "compute.forwardingRules.insert", + "parameterOrder": [ + "project", + "region" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region scoping this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/regions/{region}/forwardingRules", + "request": { + "$ref": "ForwardingRule" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "list": { + "description": "Retrieves a list of ForwardingRule resources available to the specified project and region.", + "httpMethod": "GET", + "id": "compute.forwardingRules.list", + "parameterOrder": [ + "project", + "region" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region scoping this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}/forwardingRules", + "response": { + "$ref": "ForwardingRuleList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "setTarget": { + "description": "Changes target URL for forwarding rule. The new target should be of the same type as the old target.", + "httpMethod": "POST", + "id": "compute.forwardingRules.setTarget", + "parameterOrder": [ + "project", + "region", + "forwardingRule" + ], + "parameters": { + "forwardingRule": { + "description": "Name of the ForwardingRule resource in which target is to be set.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region scoping this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/regions/{region}/forwardingRules/{forwardingRule}/setTarget", + "request": { + "$ref": "TargetReference" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + } } - } - } - } - }, - "GlobalSetLabelsRequest": { - "id": "GlobalSetLabelsRequest", - "type": "object", - "properties": { - "labelFingerprint": { - "type": "string", - "description": "The fingerprint of the previous set of labels for this resource, used to detect conflicts. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash when updating or changing labels. Make a get() request to the resource to get the latest fingerprint.", - "format": "byte" - }, - "labels": { - "type": "object", - "description": "A list of labels to apply for this resource. Each label key & value must comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For example, \"webserver-frontend\": \"images\". A label value can also be empty (e.g. \"my-label\": \"\").", - "additionalProperties": { - "type": "string" - } - } - } - }, - "GuestOsFeature": { - "id": "GuestOsFeature", - "type": "object", - "description": "Guest OS features.", - "properties": { - "type": { - "type": "string", - "description": "The ID of a supported feature. Read Enabling guest operating system features to see a list of available options.", - "enum": [ - "FEATURE_TYPE_UNSPECIFIED", - "MULTI_IP_SUBNET", - "VIRTIO_SCSI_MULTIQUEUE", - "WINDOWS" - ], - "enumDescriptions": [ - "", - "", - "", - "" - ] - } - } - }, - "HTTPHealthCheck": { - "id": "HTTPHealthCheck", - "type": "object", - "properties": { - "host": { - "type": "string", - "description": "The value of the host header in the HTTP health check request. If left empty (default value), the IP on behalf of which this health check is performed will be used." - }, - "port": { - "type": "integer", - "description": "The TCP port number for the health check request. The default value is 80. Valid values are 1 through 65535.", - "format": "int32" - }, - "portName": { - "type": "string", - "description": "Port name as defined in InstanceGroup#NamedPort#name. If both port and port_name are defined, port takes precedence." - }, - "proxyHeader": { - "type": "string", - "description": "Specifies the type of proxy header to append before sending data to the backend, either NONE or PROXY_V1. The default is NONE.", - "enum": [ - "NONE", - "PROXY_V1" - ], - "enumDescriptions": [ - "", - "" - ] - }, - "requestPath": { - "type": "string", - "description": "The request path of the HTTP health check request. The default value is /." - } - } - }, - "HTTPSHealthCheck": { - "id": "HTTPSHealthCheck", - "type": "object", - "properties": { - "host": { - "type": "string", - "description": "The value of the host header in the HTTPS health check request. If left empty (default value), the IP on behalf of which this health check is performed will be used." - }, - "port": { - "type": "integer", - "description": "The TCP port number for the health check request. The default value is 443. Valid values are 1 through 65535.", - "format": "int32" - }, - "portName": { - "type": "string", - "description": "Port name as defined in InstanceGroup#NamedPort#name. If both port and port_name are defined, port takes precedence." - }, - "proxyHeader": { - "type": "string", - "description": "Specifies the type of proxy header to append before sending data to the backend, either NONE or PROXY_V1. The default is NONE.", - "enum": [ - "NONE", - "PROXY_V1" - ], - "enumDescriptions": [ - "", - "" - ] - }, - "requestPath": { - "type": "string", - "description": "The request path of the HTTPS health check request. The default value is /." - } - } - }, - "HealthCheck": { - "id": "HealthCheck", - "type": "object", - "description": "An HealthCheck resource. This resource defines a template for how individual virtual machines should be checked for health, via one of the supported protocols.", - "properties": { - "checkIntervalSec": { - "type": "integer", - "description": "How often (in seconds) to send a health check. The default value is 5 seconds.", - "format": "int32" - }, - "creationTimestamp": { - "type": "string", - "description": "[Output Only] Creation timestamp in 3339 text format." - }, - "description": { - "type": "string", - "description": "An optional description of this resource. Provide this property when you create the resource." - }, - "healthyThreshold": { - "type": "integer", - "description": "A so-far unhealthy instance will be marked healthy after this many consecutive successes. The default value is 2.", - "format": "int32" - }, - "httpHealthCheck": { - "$ref": "HTTPHealthCheck" - }, - "httpsHealthCheck": { - "$ref": "HTTPSHealthCheck" - }, - "id": { - "type": "string", - "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", - "format": "uint64" - }, - "kind": { - "type": "string", - "description": "Type of the resource.", - "default": "compute#healthCheck" - }, - "name": { - "type": "string", - "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?" - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for the resource." - }, - "sslHealthCheck": { - "$ref": "SSLHealthCheck" - }, - "tcpHealthCheck": { - "$ref": "TCPHealthCheck" - }, - "timeoutSec": { - "type": "integer", - "description": "How long (in seconds) to wait before claiming failure. The default value is 5 seconds. It is invalid for timeoutSec to have greater value than checkIntervalSec.", - "format": "int32" - }, - "type": { - "type": "string", - "description": "Specifies the type of the healthCheck, either TCP, SSL, HTTP or HTTPS. If not specified, the default is TCP. Exactly one of the protocol-specific health check field must be specified, which must match type field.", - "enum": [ - "HTTP", - "HTTPS", - "INVALID", - "SSL", - "TCP" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "" - ] - }, - "unhealthyThreshold": { - "type": "integer", - "description": "A so-far healthy instance will be marked unhealthy after this many consecutive failures. The default value is 2.", - "format": "int32" - } - } - }, - "HealthCheckList": { - "id": "HealthCheckList", - "type": "object", - "description": "Contains a list of HealthCheck resources.", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "array", - "description": "A list of HealthCheck resources.", - "items": { - "$ref": "HealthCheck" - } - }, - "kind": { - "type": "string", - "description": "Type of resource.", - "default": "compute#healthCheckList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." + }, + "globalAddresses": { + "methods": { + "delete": { + "description": "Deletes the specified address resource.", + "httpMethod": "DELETE", + "id": "compute.globalAddresses.delete", + "parameterOrder": [ + "project", + "address" + ], + "parameters": { + "address": { + "description": "Name of the address resource to delete.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/addresses/{address}", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "get": { + "description": "Returns the specified address resource. Get a list of available addresses by making a list() request.", + "httpMethod": "GET", + "id": "compute.globalAddresses.get", + "parameterOrder": [ + "project", + "address" + ], + "parameters": { + "address": { + "description": "Name of the address resource to return.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/addresses/{address}", + "response": { + "$ref": "Address" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "insert": { + "description": "Creates an address resource in the specified project using the data included in the request.", + "httpMethod": "POST", + "id": "compute.globalAddresses.insert", + "parameterOrder": [ + "project" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/addresses", + "request": { + "$ref": "Address" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "list": { + "description": "Retrieves a list of global addresses.", + "httpMethod": "GET", + "id": "compute.globalAddresses.list", + "parameterOrder": [ + "project" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/addresses", + "response": { + "$ref": "AddressList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + } } - } - } - } - }, - "HealthCheckReference": { - "id": "HealthCheckReference", - "type": "object", - "description": "A full or valid partial URL to a health check. For example, the following are valid URLs: \n- https://www.googleapis.com/compute/beta/projects/project-id/global/httpHealthChecks/health-check \n- projects/project-id/global/httpHealthChecks/health-check \n- global/httpHealthChecks/health-check", - "properties": { - "healthCheck": { - "type": "string" - } - } - }, - "HealthStatus": { - "id": "HealthStatus", - "type": "object", - "properties": { - "healthState": { - "type": "string", - "description": "Health state of the instance.", - "enum": [ - "HEALTHY", - "UNHEALTHY" - ], - "enumDescriptions": [ - "", - "" - ] - }, - "instance": { - "type": "string", - "description": "URL of the instance resource." - }, - "ipAddress": { - "type": "string", - "description": "The IP address represented by this resource." - }, - "port": { - "type": "integer", - "description": "The port on the instance.", - "format": "int32" - } - } - }, - "HostRule": { - "id": "HostRule", - "type": "object", - "description": "UrlMaps A host-matching rule for a URL. If matched, will use the named PathMatcher to select the BackendService.", - "properties": { - "description": { - "type": "string", - "description": "An optional description of this resource. Provide this property when you create the resource." - }, - "hosts": { - "type": "array", - "description": "The list of host patterns to match. They must be valid hostnames, except * will match any string of ([a-z0-9-.]*). In that case, * must be the first character and must be followed in the pattern by either - or ..", - "items": { - "type": "string" - } }, - "pathMatcher": { - "type": "string", - "description": "The name of the PathMatcher to use to match the path portion of the URL if the hostRule matches the URL's host portion." - } - } - }, - "HttpHealthCheck": { - "id": "HttpHealthCheck", - "type": "object", - "description": "An HttpHealthCheck resource. This resource defines a template for how individual instances should be checked for health, via HTTP.", - "properties": { - "checkIntervalSec": { - "type": "integer", - "description": "How often (in seconds) to send a health check. The default value is 5 seconds.", - "format": "int32" - }, - "creationTimestamp": { - "type": "string", - "description": "[Output Only] Creation timestamp in RFC3339 text format." - }, - "description": { - "type": "string", - "description": "An optional description of this resource. Provide this property when you create the resource." - }, - "healthyThreshold": { - "type": "integer", - "description": "A so-far unhealthy instance will be marked healthy after this many consecutive successes. The default value is 2.", - "format": "int32" - }, - "host": { - "type": "string", - "description": "The value of the host header in the HTTP health check request. If left empty (default value), the public IP on behalf of which this health check is performed will be used." - }, - "id": { - "type": "string", - "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", - "format": "uint64" - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of the resource. Always compute#httpHealthCheck for HTTP health checks.", - "default": "compute#httpHealthCheck" - }, - "name": { - "type": "string", - "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?" - }, - "port": { - "type": "integer", - "description": "The TCP port number for the HTTP health check request. The default value is 80.", - "format": "int32" - }, - "requestPath": { - "type": "string", - "description": "The request path of the HTTP health check request. The default value is /." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for the resource." - }, - "timeoutSec": { - "type": "integer", - "description": "How long (in seconds) to wait before claiming failure. The default value is 5 seconds. It is invalid for timeoutSec to have greater value than checkIntervalSec.", - "format": "int32" - }, - "unhealthyThreshold": { - "type": "integer", - "description": "A so-far healthy instance will be marked unhealthy after this many consecutive failures. The default value is 2.", - "format": "int32" - } - } - }, - "HttpHealthCheckList": { - "id": "HttpHealthCheckList", - "type": "object", - "description": "Contains a list of HttpHealthCheck resources.", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "array", - "description": "A list of HttpHealthCheck resources.", - "items": { - "$ref": "HttpHealthCheck" - } - }, - "kind": { - "type": "string", - "description": "Type of resource.", - "default": "compute#httpHealthCheckList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." + "globalForwardingRules": { + "methods": { + "delete": { + "description": "Deletes the specified GlobalForwardingRule resource.", + "httpMethod": "DELETE", + "id": "compute.globalForwardingRules.delete", + "parameterOrder": [ + "project", + "forwardingRule" + ], + "parameters": { + "forwardingRule": { + "description": "Name of the ForwardingRule resource to delete.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/forwardingRules/{forwardingRule}", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "get": { + "description": "Returns the specified GlobalForwardingRule resource. Get a list of available forwarding rules by making a list() request.", + "httpMethod": "GET", + "id": "compute.globalForwardingRules.get", + "parameterOrder": [ + "project", + "forwardingRule" + ], + "parameters": { + "forwardingRule": { + "description": "Name of the ForwardingRule resource to return.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/forwardingRules/{forwardingRule}", + "response": { + "$ref": "ForwardingRule" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "insert": { + "description": "Creates a GlobalForwardingRule resource in the specified project using the data included in the request.", + "httpMethod": "POST", + "id": "compute.globalForwardingRules.insert", + "parameterOrder": [ + "project" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/forwardingRules", + "request": { + "$ref": "ForwardingRule" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "list": { + "description": "Retrieves a list of GlobalForwardingRule resources available to the specified project.", + "httpMethod": "GET", + "id": "compute.globalForwardingRules.list", + "parameterOrder": [ + "project" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/forwardingRules", + "response": { + "$ref": "ForwardingRuleList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "setTarget": { + "description": "Changes target URL for the GlobalForwardingRule resource. The new target should be of the same type as the old target.", + "httpMethod": "POST", + "id": "compute.globalForwardingRules.setTarget", + "parameterOrder": [ + "project", + "forwardingRule" + ], + "parameters": { + "forwardingRule": { + "description": "Name of the ForwardingRule resource in which target is to be set.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/forwardingRules/{forwardingRule}/setTarget", + "request": { + "$ref": "TargetReference" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + } } - } - } - } - }, - "HttpsHealthCheck": { - "id": "HttpsHealthCheck", - "type": "object", - "description": "An HttpsHealthCheck resource. This resource defines a template for how individual instances should be checked for health, via HTTPS.", - "properties": { - "checkIntervalSec": { - "type": "integer", - "description": "How often (in seconds) to send a health check. The default value is 5 seconds.", - "format": "int32" - }, - "creationTimestamp": { - "type": "string", - "description": "[Output Only] Creation timestamp in RFC3339 text format." - }, - "description": { - "type": "string", - "description": "An optional description of this resource. Provide this property when you create the resource." - }, - "healthyThreshold": { - "type": "integer", - "description": "A so-far unhealthy instance will be marked healthy after this many consecutive successes. The default value is 2.", - "format": "int32" - }, - "host": { - "type": "string", - "description": "The value of the host header in the HTTPS health check request. If left empty (default value), the public IP on behalf of which this health check is performed will be used." - }, - "id": { - "type": "string", - "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", - "format": "uint64" - }, - "kind": { - "type": "string", - "description": "Type of the resource.", - "default": "compute#httpsHealthCheck" - }, - "name": { - "type": "string", - "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?" - }, - "port": { - "type": "integer", - "description": "The TCP port number for the HTTPS health check request. The default value is 443.", - "format": "int32" - }, - "requestPath": { - "type": "string", - "description": "The request path of the HTTPS health check request. The default value is \"/\"." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for the resource." - }, - "timeoutSec": { - "type": "integer", - "description": "How long (in seconds) to wait before claiming failure. The default value is 5 seconds. It is invalid for timeoutSec to have a greater value than checkIntervalSec.", - "format": "int32" - }, - "unhealthyThreshold": { - "type": "integer", - "description": "A so-far healthy instance will be marked unhealthy after this many consecutive failures. The default value is 2.", - "format": "int32" - } - } - }, - "HttpsHealthCheckList": { - "id": "HttpsHealthCheckList", - "type": "object", - "description": "Contains a list of HttpsHealthCheck resources.", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "array", - "description": "A list of HttpsHealthCheck resources.", - "items": { - "$ref": "HttpsHealthCheck" - } - }, - "kind": { - "type": "string", - "description": "Type of resource.", - "default": "compute#httpsHealthCheckList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." + }, + "globalOperations": { + "methods": { + "aggregatedList": { + "description": "Retrieves an aggregated list of all operations.", + "httpMethod": "GET", + "id": "compute.globalOperations.aggregatedList", + "parameterOrder": [ + "project" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/aggregated/operations", + "response": { + "$ref": "OperationAggregatedList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "delete": { + "description": "Deletes the specified Operations resource.", + "httpMethod": "DELETE", + "id": "compute.globalOperations.delete", + "parameterOrder": [ + "project", + "operation" + ], + "parameters": { + "operation": { + "description": "Name of the Operations resource to delete.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/operations/{operation}", + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "get": { + "description": "Retrieves the specified Operations resource. Get a list of operations by making a list() request.", + "httpMethod": "GET", + "id": "compute.globalOperations.get", + "parameterOrder": [ + "project", + "operation" + ], + "parameters": { + "operation": { + "description": "Name of the Operations resource to return.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/operations/{operation}", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "list": { + "description": "Retrieves a list of Operation resources contained within the specified project.", + "httpMethod": "GET", + "id": "compute.globalOperations.list", + "parameterOrder": [ + "project" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/operations", + "response": { + "$ref": "OperationList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + } } - } - } - } - }, - "Image": { - "id": "Image", - "type": "object", - "description": "An Image resource. (== resource_for beta.images ==) (== resource_for v1.images ==)", - "properties": { - "archiveSizeBytes": { - "type": "string", - "description": "Size of the image tar.gz archive stored in Google Cloud Storage (in bytes).", - "format": "int64" - }, - "creationTimestamp": { - "type": "string", - "description": "[Output Only] Creation timestamp in RFC3339 text format." - }, - "deprecated": { - "$ref": "DeprecationStatus", - "description": "The deprecation status associated with this image." - }, - "description": { - "type": "string", - "description": "An optional description of this resource. Provide this property when you create the resource." - }, - "diskSizeGb": { - "type": "string", - "description": "Size of the image when restored onto a persistent disk (in GB).", - "format": "int64" - }, - "family": { - "type": "string", - "description": "The name of the image family to which this image belongs. You can create disks by specifying an image family instead of a specific image name. The image family always returns its latest image that is not deprecated. The name of the image family must comply with RFC1035." - }, - "guestOsFeatures": { - "type": "array", - "description": "A list of features to enable on the guest operating system. Applicable only for bootable images. Read Enabling guest operating system features to see a list of available options.", - "items": { - "$ref": "GuestOsFeature" - } - }, - "id": { - "type": "string", - "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", - "format": "uint64" - }, - "imageEncryptionKey": { - "$ref": "CustomerEncryptionKey", - "description": "Encrypts the image using a customer-supplied encryption key.\n\nAfter you encrypt an image with a customer-supplied key, you must provide the same key if you use the image later (e.g. to create a disk from the image).\n\nCustomer-supplied encryption keys do not protect access to metadata of the disk.\n\nIf you do not provide an encryption key when creating the image, then the disk will be encrypted using an automatically generated key and you do not need to provide a key to use the image later." - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of the resource. Always compute#image for images.", - "default": "compute#image" - }, - "labelFingerprint": { - "type": "string", - "description": "A fingerprint for the labels being applied to this image, which is essentially a hash of the labels used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash in order to update or change labels.\n\nTo see the latest fingerprint, make a get() request to retrieve an image.", - "format": "byte" - }, - "labels": { - "type": "object", - "description": "Labels to apply to this image. These can be later modified by the setLabels method.", - "additionalProperties": { - "type": "string" - } }, - "licenses": { - "type": "array", - "description": "Any applicable license URI.", - "items": { - "type": "string" - } - }, - "name": { - "type": "string", - "description": "Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "annotations": { - "required": [ - "compute.images.insert" - ] - } - }, - "rawDisk": { - "type": "object", - "description": "The parameters of the raw disk image.", - "properties": { - "containerType": { - "type": "string", - "description": "The format used to encode and transmit the block device, which should be TAR. This is just a container and transmission format and not a runtime format. Provided by the client when the disk image is created.", - "enum": [ - "TAR" - ], - "enumDescriptions": [ - "" - ] - }, - "sha1Checksum": { - "type": "string", - "description": "An optional SHA1 checksum of the disk image before unpackaging; provided by the client when the disk image is created.", - "pattern": "[a-f0-9]{40}" - }, - "source": { - "type": "string", - "description": "The full Google Cloud Storage URL where the disk image is stored. You must provide either this property or the sourceDisk property but not both.", - "annotations": { - "required": [ - "compute.images.insert" - ] - } + "healthChecks": { + "methods": { + "delete": { + "description": "Deletes the specified HealthCheck resource.", + "httpMethod": "DELETE", + "id": "compute.healthChecks.delete", + "parameterOrder": [ + "project", + "healthCheck" + ], + "parameters": { + "healthCheck": { + "description": "Name of the HealthCheck resource to delete.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/healthChecks/{healthCheck}", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "get": { + "description": "Returns the specified HealthCheck resource. Get a list of available health checks by making a list() request.", + "httpMethod": "GET", + "id": "compute.healthChecks.get", + "parameterOrder": [ + "project", + "healthCheck" + ], + "parameters": { + "healthCheck": { + "description": "Name of the HealthCheck resource to return.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/healthChecks/{healthCheck}", + "response": { + "$ref": "HealthCheck" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "insert": { + "description": "Creates a HealthCheck resource in the specified project using the data included in the request.", + "httpMethod": "POST", + "id": "compute.healthChecks.insert", + "parameterOrder": [ + "project" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/healthChecks", + "request": { + "$ref": "HealthCheck" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "list": { + "description": "Retrieves the list of HealthCheck resources available to the specified project.", + "httpMethod": "GET", + "id": "compute.healthChecks.list", + "parameterOrder": [ + "project" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/healthChecks", + "response": { + "$ref": "HealthCheckList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "patch": { + "description": "Updates a HealthCheck resource in the specified project using the data included in the request. This method supports PATCH semantics and uses the JSON merge patch format and processing rules.", + "httpMethod": "PATCH", + "id": "compute.healthChecks.patch", + "parameterOrder": [ + "project", + "healthCheck" + ], + "parameters": { + "healthCheck": { + "description": "Name of the HealthCheck resource to patch.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/healthChecks/{healthCheck}", + "request": { + "$ref": "HealthCheck" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "update": { + "description": "Updates a HealthCheck resource in the specified project using the data included in the request.", + "httpMethod": "PUT", + "id": "compute.healthChecks.update", + "parameterOrder": [ + "project", + "healthCheck" + ], + "parameters": { + "healthCheck": { + "description": "Name of the HealthCheck resource to update.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/healthChecks/{healthCheck}", + "request": { + "$ref": "HealthCheck" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + } } - } - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for the resource." - }, - "sourceDisk": { - "type": "string", - "description": "URL of the source disk used to create this image. This can be a full or valid partial URL. You must provide either this property or the rawDisk.source property but not both to create an image. For example, the following are valid values: \n- https://www.googleapis.com/compute/v1/projects/project/zones/zone/disks/disk \n- projects/project/zones/zone/disks/disk \n- zones/zone/disks/disk" - }, - "sourceDiskEncryptionKey": { - "$ref": "CustomerEncryptionKey", - "description": "The customer-supplied encryption key of the source disk. Required if the source disk is protected by a customer-supplied encryption key." - }, - "sourceDiskId": { - "type": "string", - "description": "The ID value of the disk used to create this image. This value may be used to determine whether the image was taken from the current or a previous instance of a given disk name." - }, - "sourceImage": { - "type": "string", - "description": "URL of the source image used to create this image. This can be a full or valid partial URL. You must provide exactly one of: \n- this property, or \n- the rawDisk.source property, or \n- the sourceDisk property in order to create an image." - }, - "sourceImageEncryptionKey": { - "$ref": "CustomerEncryptionKey", - "description": "The customer-supplied encryption key of the source image. Required if the source image is protected by a customer-supplied encryption key." - }, - "sourceImageId": { - "type": "string", - "description": "[Output Only] The ID value of the image used to create this image. This value may be used to determine whether the image was taken from the current or a previous instance of a given image name." - }, - "sourceType": { - "type": "string", - "description": "The type of the image used to create this disk. The default and only value is RAW", - "default": "RAW", - "enum": [ - "RAW" - ], - "enumDescriptions": [ - "" - ] - }, - "status": { - "type": "string", - "description": "[Output Only] The status of the image. An image can be used to create other resources, such as instances, only after the image has been successfully created and the status is set to READY. Possible values are FAILED, PENDING, or READY.", - "enum": [ - "FAILED", - "PENDING", - "READY" - ], - "enumDescriptions": [ - "", - "", - "" - ] - } - } - }, - "ImageList": { - "id": "ImageList", - "type": "object", - "description": "Contains a list of images.", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "array", - "description": "A list of Image resources.", - "items": { - "$ref": "Image" - } - }, - "kind": { - "type": "string", - "description": "Type of resource.", - "default": "compute#imageList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." + }, + "httpHealthChecks": { + "methods": { + "delete": { + "description": "Deletes the specified HttpHealthCheck resource.", + "httpMethod": "DELETE", + "id": "compute.httpHealthChecks.delete", + "parameterOrder": [ + "project", + "httpHealthCheck" + ], + "parameters": { + "httpHealthCheck": { + "description": "Name of the HttpHealthCheck resource to delete.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/httpHealthChecks/{httpHealthCheck}", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "get": { + "description": "Returns the specified HttpHealthCheck resource. Get a list of available HTTP health checks by making a list() request.", + "httpMethod": "GET", + "id": "compute.httpHealthChecks.get", + "parameterOrder": [ + "project", + "httpHealthCheck" + ], + "parameters": { + "httpHealthCheck": { + "description": "Name of the HttpHealthCheck resource to return.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/httpHealthChecks/{httpHealthCheck}", + "response": { + "$ref": "HttpHealthCheck" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "insert": { + "description": "Creates a HttpHealthCheck resource in the specified project using the data included in the request.", + "httpMethod": "POST", + "id": "compute.httpHealthChecks.insert", + "parameterOrder": [ + "project" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/httpHealthChecks", + "request": { + "$ref": "HttpHealthCheck" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "list": { + "description": "Retrieves the list of HttpHealthCheck resources available to the specified project.", + "httpMethod": "GET", + "id": "compute.httpHealthChecks.list", + "parameterOrder": [ + "project" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/httpHealthChecks", + "response": { + "$ref": "HttpHealthCheckList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "patch": { + "description": "Updates a HttpHealthCheck resource in the specified project using the data included in the request. This method supports PATCH semantics and uses the JSON merge patch format and processing rules.", + "httpMethod": "PATCH", + "id": "compute.httpHealthChecks.patch", + "parameterOrder": [ + "project", + "httpHealthCheck" + ], + "parameters": { + "httpHealthCheck": { + "description": "Name of the HttpHealthCheck resource to patch.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/httpHealthChecks/{httpHealthCheck}", + "request": { + "$ref": "HttpHealthCheck" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "update": { + "description": "Updates a HttpHealthCheck resource in the specified project using the data included in the request.", + "httpMethod": "PUT", + "id": "compute.httpHealthChecks.update", + "parameterOrder": [ + "project", + "httpHealthCheck" + ], + "parameters": { + "httpHealthCheck": { + "description": "Name of the HttpHealthCheck resource to update.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/httpHealthChecks/{httpHealthCheck}", + "request": { + "$ref": "HttpHealthCheck" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + } } - } - } - } - }, - "Instance": { - "id": "Instance", - "type": "object", - "description": "An Instance resource. (== resource_for beta.instances ==) (== resource_for v1.instances ==)", - "properties": { - "canIpForward": { - "type": "boolean", - "description": "Allows this instance to send and receive packets with non-matching destination or source IPs. This is required if you plan to use this instance to forward routes. For more information, see Enabling IP Forwarding." - }, - "cpuPlatform": { - "type": "string", - "description": "[Output Only] The CPU platform used by this instance." - }, - "creationTimestamp": { - "type": "string", - "description": "[Output Only] Creation timestamp in RFC3339 text format." - }, - "deletionProtection": { - "type": "boolean", - "description": "Whether the resource should be protected against deletion." - }, - "description": { - "type": "string", - "description": "An optional description of this resource. Provide this property when you create the resource." }, - "disks": { - "type": "array", - "description": "Array of disks associated with this instance. Persistent disks must be created before you can assign them.", - "items": { - "$ref": "AttachedDisk" - } - }, - "guestAccelerators": { - "type": "array", - "description": "List of the type and count of accelerator cards attached to the instance.", - "items": { - "$ref": "AcceleratorConfig" - } - }, - "id": { - "type": "string", - "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", - "format": "uint64" - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of the resource. Always compute#instance for instances.", - "default": "compute#instance" - }, - "labelFingerprint": { - "type": "string", - "description": "A fingerprint for this request, which is essentially a hash of the metadata's contents and used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update metadata. You must always provide an up-to-date fingerprint hash in order to update or change metadata.\n\nTo see the latest fingerprint, make get() request to the instance.", - "format": "byte" - }, - "labels": { - "type": "object", - "description": "Labels to apply to this instance. These can be later modified by the setLabels method.", - "additionalProperties": { - "type": "string" - } - }, - "machineType": { - "type": "string", - "description": "Full or partial URL of the machine type resource to use for this instance, in the format: zones/zone/machineTypes/machine-type. This is provided by the client when the instance is created. For example, the following is a valid partial url to a predefined machine type:\n\nzones/us-central1-f/machineTypes/n1-standard-1 \n\nTo create a custom machine type, provide a URL to a machine type in the following format, where CPUS is 1 or an even number up to 32 (2, 4, 6, ... 24, etc), and MEMORY is the total memory for this instance. Memory must be a multiple of 256 MB and must be supplied in MB (e.g. 5 GB of memory is 5120 MB):\n\nzones/zone/machineTypes/custom-CPUS-MEMORY \n\nFor example: zones/us-central1-f/machineTypes/custom-4-5120 \n\nFor a full list of restrictions, read the Specifications for custom machine types.", - "annotations": { - "required": [ - "compute.instances.insert" - ] - } - }, - "metadata": { - "$ref": "Metadata", - "description": "The metadata key/value pairs assigned to this instance. This includes custom metadata and predefined keys." - }, - "minCpuPlatform": { - "type": "string", - "description": "Specifies a minimum CPU platform for the VM instance. Applicable values are the friendly names of CPU platforms, such as minCpuPlatform: \"Intel Haswell\" or minCpuPlatform: \"Intel Sandy Bridge\"." - }, - "name": { - "type": "string", - "description": "The name of the resource, provided by the client when initially creating the resource. The resource name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "annotations": { - "required": [ - "compute.instances.insert" - ] - } - }, - "networkInterfaces": { - "type": "array", - "description": "An array of network configurations for this instance. These specify how interfaces are configured to interact with other network services, such as connecting to the internet. Multiple interfaces are supported per instance.", - "items": { - "$ref": "NetworkInterface" - } - }, - "scheduling": { - "$ref": "Scheduling", - "description": "Sets the scheduling options for this instance." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "serviceAccounts": { - "type": "array", - "description": "A list of service accounts, with their specified scopes, authorized for this instance. Only one service account per VM instance is supported.\n\nService accounts generate access tokens that can be accessed through the metadata server and used to authenticate applications on the instance. See Service Accounts for more information.", - "items": { - "$ref": "ServiceAccount" - } - }, - "startRestricted": { - "type": "boolean", - "description": "[Output Only] Whether a VM has been restricted for start because Compute Engine has detected suspicious activity." - }, - "status": { - "type": "string", - "description": "[Output Only] The status of the instance. One of the following values: PROVISIONING, STAGING, RUNNING, STOPPING, STOPPED, SUSPENDING, SUSPENDED, and TERMINATED.", - "enum": [ - "PROVISIONING", - "RUNNING", - "STAGING", - "STOPPED", - "STOPPING", - "SUSPENDED", - "SUSPENDING", - "TERMINATED" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "statusMessage": { - "type": "string", - "description": "[Output Only] An optional, human-readable explanation of the status." - }, - "tags": { - "$ref": "Tags", - "description": "A list of tags to apply to this instance. Tags are used to identify valid sources or targets for network firewalls and are specified by the client during instance creation. The tags can be later modified by the setTags method. Each tag within the list must comply with RFC1035." - }, - "zone": { - "type": "string", - "description": "[Output Only] URL of the zone where the instance resides." - } - } - }, - "InstanceAggregatedList": { - "id": "InstanceAggregatedList", - "type": "object", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "object", - "description": "A list of InstancesScopedList resources.", - "additionalProperties": { - "$ref": "InstancesScopedList", - "description": "[Output Only] Name of the scope containing this set of instances." - } - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of resource. Always compute#instanceAggregatedList for aggregated lists of Instance resources.", - "default": "compute#instanceAggregatedList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "InstanceGroup": { - "id": "InstanceGroup", - "type": "object", - "description": "InstanceGroups (== resource_for beta.instanceGroups ==) (== resource_for v1.instanceGroups ==) (== resource_for beta.regionInstanceGroups ==) (== resource_for v1.regionInstanceGroups ==)", - "properties": { - "creationTimestamp": { - "type": "string", - "description": "[Output Only] The creation timestamp for this instance group in RFC3339 text format." - }, - "description": { - "type": "string", - "description": "An optional description of this resource. Provide this property when you create the resource." - }, - "fingerprint": { - "type": "string", - "description": "[Output Only] The fingerprint of the named ports. The system uses this fingerprint to detect conflicts when multiple users change the named ports concurrently.", - "format": "byte" - }, - "id": { - "type": "string", - "description": "[Output Only] A unique identifier for this instance group, generated by the server.", - "format": "uint64" - }, - "kind": { - "type": "string", - "description": "[Output Only] The resource type, which is always compute#instanceGroup for instance groups.", - "default": "compute#instanceGroup" - }, - "name": { - "type": "string", - "description": "The name of the instance group. The name must be 1-63 characters long, and comply with RFC1035.", - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "annotations": { - "required": [ - "compute.instanceGroupManagers.insert" - ] - } - }, - "namedPorts": { - "type": "array", - "description": "Assigns a name to a port number. For example: {name: \"http\", port: 80}\n\nThis allows the system to reference ports by the assigned name instead of a port number. Named ports can also contain multiple ports. For example: [{name: \"http\", port: 80},{name: \"http\", port: 8080}] \n\nNamed ports apply to all instances in this instance group.", - "items": { - "$ref": "NamedPort" - } - }, - "network": { - "type": "string", - "description": "The URL of the network to which all instances in the instance group belong." - }, - "region": { - "type": "string", - "description": "The URL of the region where the instance group is located (for regional resources)." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] The URL for this instance group. The server generates this URL." - }, - "size": { - "type": "integer", - "description": "[Output Only] The total number of instances in the instance group.", - "format": "int32" - }, - "subnetwork": { - "type": "string", - "description": "The URL of the subnetwork to which all instances in the instance group belong." - }, - "zone": { - "type": "string", - "description": "[Output Only] The URL of the zone where the instance group is located (for zonal resources)." - } - } - }, - "InstanceGroupAggregatedList": { - "id": "InstanceGroupAggregatedList", - "type": "object", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "object", - "description": "A list of InstanceGroupsScopedList resources.", - "additionalProperties": { - "$ref": "InstanceGroupsScopedList", - "description": "The name of the scope that contains this set of instance groups." - } - }, - "kind": { - "type": "string", - "description": "[Output Only] The resource type, which is always compute#instanceGroupAggregatedList for aggregated lists of instance groups.", - "default": "compute#instanceGroupAggregatedList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "InstanceGroupList": { - "id": "InstanceGroupList", - "type": "object", - "description": "A list of InstanceGroup resources.", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "array", - "description": "A list of InstanceGroup resources.", - "items": { - "$ref": "InstanceGroup" - } - }, - "kind": { - "type": "string", - "description": "[Output Only] The resource type, which is always compute#instanceGroupList for instance group lists.", - "default": "compute#instanceGroupList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." + "httpsHealthChecks": { + "methods": { + "delete": { + "description": "Deletes the specified HttpsHealthCheck resource.", + "httpMethod": "DELETE", + "id": "compute.httpsHealthChecks.delete", + "parameterOrder": [ + "project", + "httpsHealthCheck" + ], + "parameters": { + "httpsHealthCheck": { + "description": "Name of the HttpsHealthCheck resource to delete.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/httpsHealthChecks/{httpsHealthCheck}", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "get": { + "description": "Returns the specified HttpsHealthCheck resource. Get a list of available HTTPS health checks by making a list() request.", + "httpMethod": "GET", + "id": "compute.httpsHealthChecks.get", + "parameterOrder": [ + "project", + "httpsHealthCheck" + ], + "parameters": { + "httpsHealthCheck": { + "description": "Name of the HttpsHealthCheck resource to return.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/httpsHealthChecks/{httpsHealthCheck}", + "response": { + "$ref": "HttpsHealthCheck" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "insert": { + "description": "Creates a HttpsHealthCheck resource in the specified project using the data included in the request.", + "httpMethod": "POST", + "id": "compute.httpsHealthChecks.insert", + "parameterOrder": [ + "project" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/httpsHealthChecks", + "request": { + "$ref": "HttpsHealthCheck" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "list": { + "description": "Retrieves the list of HttpsHealthCheck resources available to the specified project.", + "httpMethod": "GET", + "id": "compute.httpsHealthChecks.list", + "parameterOrder": [ + "project" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/httpsHealthChecks", + "response": { + "$ref": "HttpsHealthCheckList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "patch": { + "description": "Updates a HttpsHealthCheck resource in the specified project using the data included in the request. This method supports PATCH semantics and uses the JSON merge patch format and processing rules.", + "httpMethod": "PATCH", + "id": "compute.httpsHealthChecks.patch", + "parameterOrder": [ + "project", + "httpsHealthCheck" + ], + "parameters": { + "httpsHealthCheck": { + "description": "Name of the HttpsHealthCheck resource to patch.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/httpsHealthChecks/{httpsHealthCheck}", + "request": { + "$ref": "HttpsHealthCheck" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "update": { + "description": "Updates a HttpsHealthCheck resource in the specified project using the data included in the request.", + "httpMethod": "PUT", + "id": "compute.httpsHealthChecks.update", + "parameterOrder": [ + "project", + "httpsHealthCheck" + ], + "parameters": { + "httpsHealthCheck": { + "description": "Name of the HttpsHealthCheck resource to update.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/httpsHealthChecks/{httpsHealthCheck}", + "request": { + "$ref": "HttpsHealthCheck" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + } } - } - } - } - }, - "InstanceGroupManager": { - "id": "InstanceGroupManager", - "type": "object", - "description": "An Instance Group Manager resource. (== resource_for beta.instanceGroupManagers ==) (== resource_for v1.instanceGroupManagers ==) (== resource_for beta.regionInstanceGroupManagers ==) (== resource_for v1.regionInstanceGroupManagers ==)", - "properties": { - "baseInstanceName": { - "type": "string", - "description": "The base instance name to use for instances in this group. The value must be 1-58 characters long. Instances are named by appending a hyphen and a random four-character string to the base instance name. The base instance name must comply with RFC1035.", - "pattern": "[a-z][-a-z0-9]{0,57}", - "annotations": { - "required": [ - "compute.instanceGroupManagers.insert" - ] - } - }, - "creationTimestamp": { - "type": "string", - "description": "[Output Only] The creation timestamp for this managed instance group in RFC3339 text format." - }, - "currentActions": { - "$ref": "InstanceGroupManagerActionsSummary", - "description": "[Output Only] The list of instance actions and the number of instances in this managed instance group that are scheduled for each of those actions." - }, - "description": { - "type": "string", - "description": "An optional description of this resource. Provide this property when you create the resource." - }, - "fingerprint": { - "type": "string", - "description": "[Output Only] The fingerprint of the resource data. You can use this optional field for optimistic locking when you update the resource.", - "format": "byte" - }, - "id": { - "type": "string", - "description": "[Output Only] A unique identifier for this resource type. The server generates this identifier.", - "format": "uint64" - }, - "instanceGroup": { - "type": "string", - "description": "[Output Only] The URL of the Instance Group resource." - }, - "instanceTemplate": { - "type": "string", - "description": "The URL of the instance template that is specified for this managed instance group. The group uses this template to create all new instances in the managed instance group." - }, - "kind": { - "type": "string", - "description": "[Output Only] The resource type, which is always compute#instanceGroupManager for managed instance groups.", - "default": "compute#instanceGroupManager" - }, - "name": { - "type": "string", - "description": "The name of the managed instance group. The name must be 1-63 characters long, and comply with RFC1035.", - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "annotations": { - "required": [ - "compute.instanceGroupManagers.insert", - "compute.regionInstanceGroupManagers.insert" - ] - } - }, - "namedPorts": { - "type": "array", - "description": "Named ports configured for the Instance Groups complementary to this Instance Group Manager.", - "items": { - "$ref": "NamedPort" - } - }, - "region": { - "type": "string", - "description": "[Output Only] The URL of the region where the managed instance group resides (for regional resources)." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] The URL for this managed instance group. The server defines this URL." }, - "targetPools": { - "type": "array", - "description": "The URLs for all TargetPool resources to which instances in the instanceGroup field are added. The target pools automatically apply to all of the instances in the managed instance group.", - "items": { - "type": "string" - } - }, - "targetSize": { - "type": "integer", - "description": "The target number of running instances for this managed instance group. Deleting or abandoning instances reduces this number. Resizing the group changes this number.", - "format": "int32", - "annotations": { - "required": [ - "compute.instanceGroupManagers.insert", - "compute.regionInstanceGroupManagers.insert" - ] - } - }, - "zone": { - "type": "string", - "description": "[Output Only] The URL of the zone where the managed instance group is located (for zonal resources)." - } - } - }, - "InstanceGroupManagerActionsSummary": { - "id": "InstanceGroupManagerActionsSummary", - "type": "object", - "properties": { - "abandoning": { - "type": "integer", - "description": "[Output Only] The total number of instances in the managed instance group that are scheduled to be abandoned. Abandoning an instance removes it from the managed instance group without deleting it.", - "format": "int32" - }, - "creating": { - "type": "integer", - "description": "[Output Only] The number of instances in the managed instance group that are scheduled to be created or are currently being created. If the group fails to create any of these instances, it tries again until it creates the instance successfully.\n\nIf you have disabled creation retries, this field will not be populated; instead, the creatingWithoutRetries field will be populated.", - "format": "int32" - }, - "creatingWithoutRetries": { - "type": "integer", - "description": "[Output Only] The number of instances that the managed instance group will attempt to create. The group attempts to create each instance only once. If the group fails to create any of these instances, it decreases the group's targetSize value accordingly.", - "format": "int32" - }, - "deleting": { - "type": "integer", - "description": "[Output Only] The number of instances in the managed instance group that are scheduled to be deleted or are currently being deleted.", - "format": "int32" - }, - "none": { - "type": "integer", - "description": "[Output Only] The number of instances in the managed instance group that are running and have no scheduled actions.", - "format": "int32" - }, - "recreating": { - "type": "integer", - "description": "[Output Only] The number of instances in the managed instance group that are scheduled to be recreated or are currently being being recreated. Recreating an instance deletes the existing root persistent disk and creates a new disk from the image that is defined in the instance template.", - "format": "int32" - }, - "refreshing": { - "type": "integer", - "description": "[Output Only] The number of instances in the managed instance group that are being reconfigured with properties that do not require a restart or a recreate action. For example, setting or removing target pools for the instance.", - "format": "int32" - }, - "restarting": { - "type": "integer", - "description": "[Output Only] The number of instances in the managed instance group that are scheduled to be restarted or are currently being restarted.", - "format": "int32" - } - } - }, - "InstanceGroupManagerAggregatedList": { - "id": "InstanceGroupManagerAggregatedList", - "type": "object", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "object", - "description": "A list of InstanceGroupManagersScopedList resources.", - "additionalProperties": { - "$ref": "InstanceGroupManagersScopedList", - "description": "[Output Only] The name of the scope that contains this set of managed instance groups." - } - }, - "kind": { - "type": "string", - "description": "[Output Only] The resource type, which is always compute#instanceGroupManagerAggregatedList for an aggregated list of managed instance groups.", - "default": "compute#instanceGroupManagerAggregatedList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "InstanceGroupManagerList": { - "id": "InstanceGroupManagerList", - "type": "object", - "description": "[Output Only] A list of managed instance groups.", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "array", - "description": "A list of InstanceGroupManager resources.", - "items": { - "$ref": "InstanceGroupManager" - } - }, - "kind": { - "type": "string", - "description": "[Output Only] The resource type, which is always compute#instanceGroupManagerList for a list of managed instance groups.", - "default": "compute#instanceGroupManagerList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." + "images": { + "methods": { + "delete": { + "description": "Deletes the specified image.", + "httpMethod": "DELETE", + "id": "compute.images.delete", + "parameterOrder": [ + "project", + "image" + ], + "parameters": { + "image": { + "description": "Name of the image resource to delete.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/images/{image}", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "deprecate": { + "description": "Sets the deprecation status of an image.\n\nIf an empty request body is given, clears the deprecation status instead.", + "httpMethod": "POST", + "id": "compute.images.deprecate", + "parameterOrder": [ + "project", + "image" + ], + "parameters": { + "image": { + "description": "Image name.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/images/{image}/deprecate", + "request": { + "$ref": "DeprecationStatus" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "get": { + "description": "Returns the specified image. Get a list of available images by making a list() request.", + "httpMethod": "GET", + "id": "compute.images.get", + "parameterOrder": [ + "project", + "image" + ], + "parameters": { + "image": { + "description": "Name of the image resource to return.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/images/{image}", + "response": { + "$ref": "Image" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "getFromFamily": { + "description": "Returns the latest image that is part of an image family and is not deprecated.", + "httpMethod": "GET", + "id": "compute.images.getFromFamily", + "parameterOrder": [ + "project", + "family" + ], + "parameters": { + "family": { + "description": "Name of the image family to search for.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/images/family/{family}", + "response": { + "$ref": "Image" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "insert": { + "description": "Creates an image in the specified project using the data included in the request.", + "httpMethod": "POST", + "id": "compute.images.insert", + "parameterOrder": [ + "project" + ], + "parameters": { + "forceCreate": { + "description": "Force image creation if true.", + "location": "query", + "type": "boolean" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/images", + "request": { + "$ref": "Image" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/devstorage.full_control", + "https://www.googleapis.com/auth/devstorage.read_only", + "https://www.googleapis.com/auth/devstorage.read_write" + ] + }, + "list": { + "description": "Retrieves the list of custom images available to the specified project. Custom images are images you create that belong to your project. This method does not get any images that belong to other projects, including publicly-available images, like Debian 8. If you want to get a list of publicly-available images, use this method to make a request to the respective image project, such as debian-cloud or windows-cloud.", + "httpMethod": "GET", + "id": "compute.images.list", + "parameterOrder": [ + "project" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/images", + "response": { + "$ref": "ImageList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "setLabels": { + "description": "Sets the labels on an image. To learn more about labels, read the Labeling Resources documentation.", + "httpMethod": "POST", + "id": "compute.images.setLabels", + "parameterOrder": [ + "project", + "resource" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "resource": { + "description": "Name of the resource for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9_]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/images/{resource}/setLabels", + "request": { + "$ref": "GlobalSetLabelsRequest" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + } } - } - } - } - }, - "InstanceGroupManagersAbandonInstancesRequest": { - "id": "InstanceGroupManagersAbandonInstancesRequest", - "type": "object", - "properties": { - "instances": { - "type": "array", - "description": "The URLs of one or more instances to abandon. This can be a full URL or a partial URL, such as zones/[ZONE]/instances/[INSTANCE_NAME].", - "items": { - "type": "string" - } - } - } - }, - "InstanceGroupManagersDeleteInstancesRequest": { - "id": "InstanceGroupManagersDeleteInstancesRequest", - "type": "object", - "properties": { - "instances": { - "type": "array", - "description": "The URLs of one or more instances to delete. This can be a full URL or a partial URL, such as zones/[ZONE]/instances/[INSTANCE_NAME].", - "items": { - "type": "string" - } - } - } - }, - "InstanceGroupManagersListManagedInstancesResponse": { - "id": "InstanceGroupManagersListManagedInstancesResponse", - "type": "object", - "properties": { - "managedInstances": { - "type": "array", - "description": "[Output Only] The list of instances in the managed instance group.", - "items": { - "$ref": "ManagedInstance" - } - } - } - }, - "InstanceGroupManagersRecreateInstancesRequest": { - "id": "InstanceGroupManagersRecreateInstancesRequest", - "type": "object", - "properties": { - "instances": { - "type": "array", - "description": "The URLs of one or more instances to recreate. This can be a full URL or a partial URL, such as zones/[ZONE]/instances/[INSTANCE_NAME].", - "items": { - "type": "string" - } - } - } - }, - "InstanceGroupManagersScopedList": { - "id": "InstanceGroupManagersScopedList", - "type": "object", - "properties": { + }, "instanceGroupManagers": { - "type": "array", - "description": "[Output Only] The list of managed instance groups that are contained in the specified project and zone.", - "items": { - "$ref": "InstanceGroupManager" - } - }, - "warning": { - "type": "object", - "description": "[Output Only] The warning that replaces the list of managed instance groups when the list is empty.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." + "methods": { + "abandonInstances": { + "description": "Schedules a group action to remove the specified instances from the managed instance group. Abandoning an instance does not delete the instance, but it does remove the instance from any target pools that are applied by the managed instance group. This method reduces the targetSize of the managed instance group by the number of instances that you abandon. This operation is marked as DONE when the action is scheduled even if the instances have not yet been removed from the group. You must separately verify the status of the abandoning action with the listmanagedinstances method.\n\nIf the group is part of a backend service that has enabled connection draining, it can take up to 60 seconds after the connection draining duration has elapsed before the VM instance is removed or deleted.\n\nYou can specify a maximum of 1000 instances with this method per request.", + "httpMethod": "POST", + "id": "compute.instanceGroupManagers.abandonInstances", + "parameterOrder": [ + "project", + "zone", + "instanceGroupManager" + ], + "parameters": { + "instanceGroupManager": { + "description": "The name of the managed instance group.", + "location": "path", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "zone": { + "description": "The name of the zone where the managed instance group is located.", + "location": "path", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}/abandonInstances", + "request": { + "$ref": "InstanceGroupManagersAbandonInstancesRequest" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "aggregatedList": { + "description": "Retrieves the list of managed instance groups and groups them by zone.", + "httpMethod": "GET", + "id": "compute.instanceGroupManagers.aggregatedList", + "parameterOrder": [ + "project" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/aggregated/instanceGroupManagers", + "response": { + "$ref": "InstanceGroupManagerAggregatedList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "delete": { + "description": "Deletes the specified managed instance group and all of the instances in that group. Note that the instance group must not belong to a backend service. Read Deleting an instance group for more information.", + "httpMethod": "DELETE", + "id": "compute.instanceGroupManagers.delete", + "parameterOrder": [ + "project", + "zone", + "instanceGroupManager" + ], + "parameters": { + "instanceGroupManager": { + "description": "The name of the managed instance group to delete.", + "location": "path", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "zone": { + "description": "The name of the zone where the managed instance group is located.", + "location": "path", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "deleteInstances": { + "description": "Schedules a group action to delete the specified instances in the managed instance group. The instances are also removed from any target pools of which they were a member. This method reduces the targetSize of the managed instance group by the number of instances that you delete. This operation is marked as DONE when the action is scheduled even if the instances are still being deleted. You must separately verify the status of the deleting action with the listmanagedinstances method.\n\nIf the group is part of a backend service that has enabled connection draining, it can take up to 60 seconds after the connection draining duration has elapsed before the VM instance is removed or deleted.\n\nYou can specify a maximum of 1000 instances with this method per request.", + "httpMethod": "POST", + "id": "compute.instanceGroupManagers.deleteInstances", + "parameterOrder": [ + "project", + "zone", + "instanceGroupManager" + ], + "parameters": { + "instanceGroupManager": { + "description": "The name of the managed instance group.", + "location": "path", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "zone": { + "description": "The name of the zone where the managed instance group is located.", + "location": "path", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}/deleteInstances", + "request": { + "$ref": "InstanceGroupManagersDeleteInstancesRequest" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "get": { + "description": "Returns all of the details about the specified managed instance group. Get a list of available managed instance groups by making a list() request.", + "httpMethod": "GET", + "id": "compute.instanceGroupManagers.get", + "parameterOrder": [ + "project", + "zone", + "instanceGroupManager" + ], + "parameters": { + "instanceGroupManager": { + "description": "The name of the managed instance group.", + "location": "path", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "zone": { + "description": "The name of the zone where the managed instance group is located.", + "location": "path", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}", + "response": { + "$ref": "InstanceGroupManager" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "insert": { + "description": "Creates a managed instance group using the information that you specify in the request. After the group is created, it schedules an action to create instances in the group using the specified instance template. This operation is marked as DONE when the group is created even if the instances in the group have not yet been created. You must separately verify the status of the individual instances with the listmanagedinstances method.\n\nA managed instance group can have up to 1000 VM instances per group. Please contact Cloud Support if you need an increase in this limit.", + "httpMethod": "POST", + "id": "compute.instanceGroupManagers.insert", + "parameterOrder": [ + "project", + "zone" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "zone": { + "description": "The name of the zone where you want to create the managed instance group.", + "location": "path", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/instanceGroupManagers", + "request": { + "$ref": "InstanceGroupManager" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "list": { + "description": "Retrieves a list of managed instance groups that are contained within the specified project and zone.", + "httpMethod": "GET", + "id": "compute.instanceGroupManagers.list", + "parameterOrder": [ + "project", + "zone" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "zone": { + "description": "The name of the zone where the managed instance group is located.", + "location": "path", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/instanceGroupManagers", + "response": { + "$ref": "InstanceGroupManagerList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "listManagedInstances": { + "description": "Lists all of the instances in the managed instance group. Each instance in the list has a currentAction, which indicates the action that the managed instance group is performing on the instance. For example, if the group is still creating an instance, the currentAction is CREATING. If a previous action failed, the list displays the errors for that failed action.", + "httpMethod": "POST", + "id": "compute.instanceGroupManagers.listManagedInstances", + "parameterOrder": [ + "project", + "zone", + "instanceGroupManager" + ], + "parameters": { + "filter": { + "location": "query", + "type": "string" + }, + "instanceGroupManager": { + "description": "The name of the managed instance group.", + "location": "path", + "required": true, + "type": "string" + }, + "maxResults": { + "default": "500", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "order_by": { + "location": "query", + "type": "string" + }, + "pageToken": { + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "zone": { + "description": "The name of the zone where the managed instance group is located.", + "location": "path", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}/listManagedInstances", + "response": { + "$ref": "InstanceGroupManagersListManagedInstancesResponse" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "recreateInstances": { + "description": "Schedules a group action to recreate the specified instances in the managed instance group. The instances are deleted and recreated using the current instance template for the managed instance group. This operation is marked as DONE when the action is scheduled even if the instances have not yet been recreated. You must separately verify the status of the recreating action with the listmanagedinstances method.\n\nIf the group is part of a backend service that has enabled connection draining, it can take up to 60 seconds after the connection draining duration has elapsed before the VM instance is removed or deleted.\n\nYou can specify a maximum of 1000 instances with this method per request.", + "httpMethod": "POST", + "id": "compute.instanceGroupManagers.recreateInstances", + "parameterOrder": [ + "project", + "zone", + "instanceGroupManager" + ], + "parameters": { + "instanceGroupManager": { + "description": "The name of the managed instance group.", + "location": "path", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "zone": { + "description": "The name of the zone where the managed instance group is located.", + "location": "path", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}/recreateInstances", + "request": { + "$ref": "InstanceGroupManagersRecreateInstancesRequest" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "resize": { + "description": "Resizes the managed instance group. If you increase the size, the group creates new instances using the current instance template. If you decrease the size, the group deletes instances. The resize operation is marked DONE when the resize actions are scheduled even if the group has not yet added or deleted any instances. You must separately verify the status of the creating or deleting actions with the listmanagedinstances method.\n\nIf the group is part of a backend service that has enabled connection draining, it can take up to 60 seconds after the connection draining duration has elapsed before the VM instance is removed or deleted.", + "httpMethod": "POST", + "id": "compute.instanceGroupManagers.resize", + "parameterOrder": [ + "project", + "zone", + "instanceGroupManager", + "size" + ], + "parameters": { + "instanceGroupManager": { + "description": "The name of the managed instance group.", + "location": "path", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "size": { + "description": "The number of running instances that the managed instance group should maintain at any given time. The group automatically adds or removes instances to maintain the number of instances specified by this parameter.", + "format": "int32", + "location": "query", + "required": true, + "type": "integer" + }, + "zone": { + "description": "The name of the zone where the managed instance group is located.", + "location": "path", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}/resize", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "setInstanceTemplate": { + "description": "Specifies the instance template to use when creating new instances in this group. The templates for existing instances in the group do not change unless you recreate them.", + "httpMethod": "POST", + "id": "compute.instanceGroupManagers.setInstanceTemplate", + "parameterOrder": [ + "project", + "zone", + "instanceGroupManager" + ], + "parameters": { + "instanceGroupManager": { + "description": "The name of the managed instance group.", + "location": "path", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "zone": { + "description": "The name of the zone where the managed instance group is located.", + "location": "path", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}/setInstanceTemplate", + "request": { + "$ref": "InstanceGroupManagersSetInstanceTemplateRequest" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "setTargetPools": { + "description": "Modifies the target pools to which all instances in this managed instance group are assigned. The target pools automatically apply to all of the instances in the managed instance group. This operation is marked DONE when you make the request even if the instances have not yet been added to their target pools. The change might take some time to apply to all of the instances in the group depending on the size of the group.", + "httpMethod": "POST", + "id": "compute.instanceGroupManagers.setTargetPools", + "parameterOrder": [ + "project", + "zone", + "instanceGroupManager" + ], + "parameters": { + "instanceGroupManager": { + "description": "The name of the managed instance group.", + "location": "path", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "zone": { + "description": "The name of the zone where the managed instance group is located.", + "location": "path", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}/setTargetPools", + "request": { + "$ref": "InstanceGroupManagersSetTargetPoolsRequest" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + } } - } - } - } - }, - "InstanceGroupManagersSetInstanceTemplateRequest": { - "id": "InstanceGroupManagersSetInstanceTemplateRequest", - "type": "object", - "properties": { - "instanceTemplate": { - "type": "string", - "description": "The URL of the instance template that is specified for this managed instance group. The group uses this template to create all new instances in the managed instance group." - } - } - }, - "InstanceGroupManagersSetTargetPoolsRequest": { - "id": "InstanceGroupManagersSetTargetPoolsRequest", - "type": "object", - "properties": { - "fingerprint": { - "type": "string", - "description": "The fingerprint of the target pools information. Use this optional property to prevent conflicts when multiple users change the target pools settings concurrently. Obtain the fingerprint with the instanceGroupManagers.get method. Then, include the fingerprint in your request to ensure that you do not overwrite changes that were applied from another concurrent request.", - "format": "byte" }, - "targetPools": { - "type": "array", - "description": "The list of target pool URLs that instances in this managed instance group belong to. The managed instance group applies these target pools to all of the instances in the group. Existing instances and new instances in the group all receive these target pool settings.", - "items": { - "type": "string" - } - } - } - }, - "InstanceGroupsAddInstancesRequest": { - "id": "InstanceGroupsAddInstancesRequest", - "type": "object", - "properties": { - "instances": { - "type": "array", - "description": "The list of instances to add to the instance group.", - "items": { - "$ref": "InstanceReference" - } - } - } - }, - "InstanceGroupsListInstances": { - "id": "InstanceGroupsListInstances", - "type": "object", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "array", - "description": "A list of InstanceWithNamedPorts resources.", - "items": { - "$ref": "InstanceWithNamedPorts" - } - }, - "kind": { - "type": "string", - "description": "[Output Only] The resource type, which is always compute#instanceGroupsListInstances for the list of instances in the specified instance group.", - "default": "compute#instanceGroupsListInstances" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "InstanceGroupsListInstancesRequest": { - "id": "InstanceGroupsListInstancesRequest", - "type": "object", - "properties": { - "instanceState": { - "type": "string", - "description": "A filter for the state of the instances in the instance group. Valid options are ALL or RUNNING. If you do not specify this parameter the list includes all instances regardless of their state.", - "enum": [ - "ALL", - "RUNNING" - ], - "enumDescriptions": [ - "", - "" - ] - } - } - }, - "InstanceGroupsRemoveInstancesRequest": { - "id": "InstanceGroupsRemoveInstancesRequest", - "type": "object", - "properties": { - "instances": { - "type": "array", - "description": "The list of instances to remove from the instance group.", - "items": { - "$ref": "InstanceReference" - } - } - } - }, - "InstanceGroupsScopedList": { - "id": "InstanceGroupsScopedList", - "type": "object", - "properties": { "instanceGroups": { - "type": "array", - "description": "[Output Only] The list of instance groups that are contained in this scope.", - "items": { - "$ref": "InstanceGroup" - } - }, - "warning": { - "type": "object", - "description": "[Output Only] An informational warning that replaces the list of instance groups when the list is empty.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "InstanceGroupsSetNamedPortsRequest": { - "id": "InstanceGroupsSetNamedPortsRequest", - "type": "object", - "properties": { - "fingerprint": { - "type": "string", - "description": "The fingerprint of the named ports information for this instance group. Use this optional property to prevent conflicts when multiple users change the named ports settings concurrently. Obtain the fingerprint with the instanceGroups.get method. Then, include the fingerprint in your request to ensure that you do not overwrite changes that were applied from another concurrent request.", - "format": "byte" - }, - "namedPorts": { - "type": "array", - "description": "The list of named ports to set for this instance group.", - "items": { - "$ref": "NamedPort" - } - } - } - }, - "InstanceList": { - "id": "InstanceList", - "type": "object", - "description": "Contains a list of instances.", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "array", - "description": "A list of Instance resources.", - "items": { - "$ref": "Instance" - } - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of resource. Always compute#instanceList for lists of Instance resources.", - "default": "compute#instanceList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." + "methods": { + "addInstances": { + "description": "Adds a list of instances to the specified instance group. All of the instances in the instance group must be in the same network/subnetwork. Read Adding instances for more information.", + "httpMethod": "POST", + "id": "compute.instanceGroups.addInstances", + "parameterOrder": [ + "project", + "zone", + "instanceGroup" + ], + "parameters": { + "instanceGroup": { + "description": "The name of the instance group where you are adding instances.", + "location": "path", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "zone": { + "description": "The name of the zone where the instance group is located.", + "location": "path", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/instanceGroups/{instanceGroup}/addInstances", + "request": { + "$ref": "InstanceGroupsAddInstancesRequest" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "aggregatedList": { + "description": "Retrieves the list of instance groups and sorts them by zone.", + "httpMethod": "GET", + "id": "compute.instanceGroups.aggregatedList", + "parameterOrder": [ + "project" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/aggregated/instanceGroups", + "response": { + "$ref": "InstanceGroupAggregatedList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "delete": { + "description": "Deletes the specified instance group. The instances in the group are not deleted. Note that instance group must not belong to a backend service. Read Deleting an instance group for more information.", + "httpMethod": "DELETE", + "id": "compute.instanceGroups.delete", + "parameterOrder": [ + "project", + "zone", + "instanceGroup" + ], + "parameters": { + "instanceGroup": { + "description": "The name of the instance group to delete.", + "location": "path", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "zone": { + "description": "The name of the zone where the instance group is located.", + "location": "path", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/instanceGroups/{instanceGroup}", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "get": { + "description": "Returns the specified instance group. Get a list of available instance groups by making a list() request.", + "httpMethod": "GET", + "id": "compute.instanceGroups.get", + "parameterOrder": [ + "project", + "zone", + "instanceGroup" + ], + "parameters": { + "instanceGroup": { + "description": "The name of the instance group.", + "location": "path", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "zone": { + "description": "The name of the zone where the instance group is located.", + "location": "path", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/instanceGroups/{instanceGroup}", + "response": { + "$ref": "InstanceGroup" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "insert": { + "description": "Creates an instance group in the specified project using the parameters that are included in the request.", + "httpMethod": "POST", + "id": "compute.instanceGroups.insert", + "parameterOrder": [ + "project", + "zone" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "zone": { + "description": "The name of the zone where you want to create the instance group.", + "location": "path", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/instanceGroups", + "request": { + "$ref": "InstanceGroup" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "list": { + "description": "Retrieves the list of instance groups that are located in the specified project and zone.", + "httpMethod": "GET", + "id": "compute.instanceGroups.list", + "parameterOrder": [ + "project", + "zone" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "zone": { + "description": "The name of the zone where the instance group is located.", + "location": "path", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/instanceGroups", + "response": { + "$ref": "InstanceGroupList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "listInstances": { + "description": "Lists the instances in the specified instance group.", + "httpMethod": "POST", + "id": "compute.instanceGroups.listInstances", + "parameterOrder": [ + "project", + "zone", + "instanceGroup" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "instanceGroup": { + "description": "The name of the instance group from which you want to generate a list of included instances.", + "location": "path", + "required": true, + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "zone": { + "description": "The name of the zone where the instance group is located.", + "location": "path", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/instanceGroups/{instanceGroup}/listInstances", + "request": { + "$ref": "InstanceGroupsListInstancesRequest" + }, + "response": { + "$ref": "InstanceGroupsListInstances" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "removeInstances": { + "description": "Removes one or more instances from the specified instance group, but does not delete those instances.\n\nIf the group is part of a backend service that has enabled connection draining, it can take up to 60 seconds after the connection draining duration before the VM instance is removed or deleted.", + "httpMethod": "POST", + "id": "compute.instanceGroups.removeInstances", + "parameterOrder": [ + "project", + "zone", + "instanceGroup" + ], + "parameters": { + "instanceGroup": { + "description": "The name of the instance group where the specified instances will be removed.", + "location": "path", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "zone": { + "description": "The name of the zone where the instance group is located.", + "location": "path", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/instanceGroups/{instanceGroup}/removeInstances", + "request": { + "$ref": "InstanceGroupsRemoveInstancesRequest" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "setNamedPorts": { + "description": "Sets the named ports for the specified instance group.", + "httpMethod": "POST", + "id": "compute.instanceGroups.setNamedPorts", + "parameterOrder": [ + "project", + "zone", + "instanceGroup" + ], + "parameters": { + "instanceGroup": { + "description": "The name of the instance group where the named ports are updated.", + "location": "path", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "zone": { + "description": "The name of the zone where the instance group is located.", + "location": "path", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/instanceGroups/{instanceGroup}/setNamedPorts", + "request": { + "$ref": "InstanceGroupsSetNamedPortsRequest" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + } } - } - } - } - }, - "InstanceMoveRequest": { - "id": "InstanceMoveRequest", - "type": "object", - "properties": { - "destinationZone": { - "type": "string", - "description": "The URL of the destination zone to move the instance. This can be a full or partial URL. For example, the following are all valid URLs to a zone: \n- https://www.googleapis.com/compute/v1/projects/project/zones/zone \n- projects/project/zones/zone \n- zones/zone" - }, - "targetInstance": { - "type": "string", - "description": "The URL of the target instance to move. This can be a full or partial URL. For example, the following are all valid URLs to an instance: \n- https://www.googleapis.com/compute/v1/projects/project/zones/zone/instances/instance \n- projects/project/zones/zone/instances/instance \n- zones/zone/instances/instance" - } - } - }, - "InstanceProperties": { - "id": "InstanceProperties", - "type": "object", - "description": "", - "properties": { - "canIpForward": { - "type": "boolean", - "description": "Enables instances created based on this template to send packets with source IP addresses other than their own and receive packets with destination IP addresses other than their own. If these instances will be used as an IP gateway or it will be set as the next-hop in a Route resource, specify true. If unsure, leave this set to false. See the Enable IP forwarding documentation for more information." - }, - "description": { - "type": "string", - "description": "An optional text description for the instances that are created from this instance template." }, - "disks": { - "type": "array", - "description": "An array of disks that are associated with the instances that are created from this template.", - "items": { - "$ref": "AttachedDisk" - } - }, - "guestAccelerators": { - "type": "array", - "description": "A list of guest accelerator cards' type and count to use for instances created from the instance template.", - "items": { - "$ref": "AcceleratorConfig" - } - }, - "labels": { - "type": "object", - "description": "Labels to apply to instances that are created from this template.", - "additionalProperties": { - "type": "string" - } - }, - "machineType": { - "type": "string", - "description": "The machine type to use for instances that are created from this template.", - "annotations": { - "required": [ - "compute.instanceTemplates.insert" - ] - } - }, - "metadata": { - "$ref": "Metadata", - "description": "The metadata key/value pairs to assign to instances that are created from this template. These pairs can consist of custom metadata or predefined keys. See Project and instance metadata for more information." - }, - "minCpuPlatform": { - "type": "string", - "description": "Minimum cpu/platform to be used by this instance. The instance may be scheduled on the specified or newer cpu/platform. Applicable values are the friendly names of CPU platforms, such as minCpuPlatform: \"Intel Haswell\" or minCpuPlatform: \"Intel Sandy Bridge\". For more information, read Specifying a Minimum CPU Platform." - }, - "networkInterfaces": { - "type": "array", - "description": "An array of network access configurations for this interface.", - "items": { - "$ref": "NetworkInterface" - } - }, - "scheduling": { - "$ref": "Scheduling", - "description": "Specifies the scheduling options for the instances that are created from this template." - }, - "serviceAccounts": { - "type": "array", - "description": "A list of service accounts with specified scopes. Access tokens for these service accounts are available to the instances that are created from this template. Use metadata queries to obtain the access tokens for these instances.", - "items": { - "$ref": "ServiceAccount" - } - }, - "tags": { - "$ref": "Tags", - "description": "A list of tags to apply to the instances that are created from this template. The tags identify valid sources or targets for network firewalls. The setTags method can modify this list of tags. Each tag within the list must comply with RFC1035." - } - } - }, - "InstanceReference": { - "id": "InstanceReference", - "type": "object", - "properties": { - "instance": { - "type": "string", - "description": "The URL for a specific instance." - } - } - }, - "InstanceTemplate": { - "id": "InstanceTemplate", - "type": "object", - "description": "An Instance Template resource. (== resource_for beta.instanceTemplates ==) (== resource_for v1.instanceTemplates ==)", - "properties": { - "creationTimestamp": { - "type": "string", - "description": "[Output Only] The creation timestamp for this instance template in RFC3339 text format." - }, - "description": { - "type": "string", - "description": "An optional description of this resource. Provide this property when you create the resource." - }, - "id": { - "type": "string", - "description": "[Output Only] A unique identifier for this instance template. The server defines this identifier.", - "format": "uint64" - }, - "kind": { - "type": "string", - "description": "[Output Only] The resource type, which is always compute#instanceTemplate for instance templates.", - "default": "compute#instanceTemplate" - }, - "name": { - "type": "string", - "description": "Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "annotations": { - "required": [ - "compute.instanceTemplates.insert" - ] - } - }, - "properties": { - "$ref": "InstanceProperties", - "description": "The instance properties for this instance template." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] The URL for this instance template. The server defines this URL." - } - } - }, - "InstanceTemplateList": { - "id": "InstanceTemplateList", - "type": "object", - "description": "A list of instance templates.", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "array", - "description": "A list of InstanceTemplate resources.", - "items": { - "$ref": "InstanceTemplate" - } - }, - "kind": { - "type": "string", - "description": "[Output Only] The resource type, which is always compute#instanceTemplatesListResponse for instance template lists.", - "default": "compute#instanceTemplateList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "InstanceWithNamedPorts": { - "id": "InstanceWithNamedPorts", - "type": "object", - "properties": { - "instance": { - "type": "string", - "description": "[Output Only] The URL of the instance." - }, - "namedPorts": { - "type": "array", - "description": "[Output Only] The named ports that belong to this instance group.", - "items": { - "$ref": "NamedPort" - } - }, - "status": { - "type": "string", - "description": "[Output Only] The status of the instance.", - "enum": [ - "PROVISIONING", - "RUNNING", - "STAGING", - "STOPPED", - "STOPPING", - "SUSPENDED", - "SUSPENDING", - "TERMINATED" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "" - ] - } - } - }, - "InstancesScopedList": { - "id": "InstancesScopedList", - "type": "object", - "properties": { - "instances": { - "type": "array", - "description": "[Output Only] List of instances contained in this scope.", - "items": { - "$ref": "Instance" - } - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning which replaces the list of instances when the list is empty.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." + "instanceTemplates": { + "methods": { + "delete": { + "description": "Deletes the specified instance template. Deleting an instance template is permanent and cannot be undone. It's not possible to delete templates which are in use by an instance group.", + "httpMethod": "DELETE", + "id": "compute.instanceTemplates.delete", + "parameterOrder": [ + "project", + "instanceTemplate" + ], + "parameters": { + "instanceTemplate": { + "description": "The name of the instance template to delete.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/instanceTemplates/{instanceTemplate}", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "get": { + "description": "Returns the specified instance template. Get a list of available instance templates by making a list() request.", + "httpMethod": "GET", + "id": "compute.instanceTemplates.get", + "parameterOrder": [ + "project", + "instanceTemplate" + ], + "parameters": { + "instanceTemplate": { + "description": "The name of the instance template.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/instanceTemplates/{instanceTemplate}", + "response": { + "$ref": "InstanceTemplate" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "insert": { + "description": "Creates an instance template in the specified project using the data that is included in the request. If you are creating a new template to update an existing instance group, your new instance template must use the same network or, if applicable, the same subnetwork as the original template.", + "httpMethod": "POST", + "id": "compute.instanceTemplates.insert", + "parameterOrder": [ + "project" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/instanceTemplates", + "request": { + "$ref": "InstanceTemplate" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "list": { + "description": "Retrieves a list of instance templates that are contained within the specified project and zone.", + "httpMethod": "GET", + "id": "compute.instanceTemplates.list", + "parameterOrder": [ + "project" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/instanceTemplates", + "response": { + "$ref": "InstanceTemplateList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + } } - } - } - } - }, - "InstancesSetLabelsRequest": { - "id": "InstancesSetLabelsRequest", - "type": "object", - "properties": { - "labelFingerprint": { - "type": "string", - "description": "Fingerprint of the previous set of labels for this resource, used to prevent conflicts. Provide the latest fingerprint value when making a request to add or change labels.", - "format": "byte" - }, - "labels": { - "type": "object", - "additionalProperties": { - "type": "string" - } - } - } - }, - "InstancesSetMachineResourcesRequest": { - "id": "InstancesSetMachineResourcesRequest", - "type": "object", - "properties": { - "guestAccelerators": { - "type": "array", - "description": "List of the type and count of accelerator cards attached to the instance.", - "items": { - "$ref": "AcceleratorConfig" - } - } - } - }, - "InstancesSetMachineTypeRequest": { - "id": "InstancesSetMachineTypeRequest", - "type": "object", - "properties": { - "machineType": { - "type": "string", - "description": "Full or partial URL of the machine type resource. See Machine Types for a full list of machine types. For example: zones/us-central1-f/machineTypes/n1-standard-1" - } - } - }, - "InstancesSetMinCpuPlatformRequest": { - "id": "InstancesSetMinCpuPlatformRequest", - "type": "object", - "properties": { - "minCpuPlatform": { - "type": "string", - "description": "Minimum cpu/platform this instance should be started at." - } - } - }, - "InstancesSetServiceAccountRequest": { - "id": "InstancesSetServiceAccountRequest", - "type": "object", - "properties": { - "email": { - "type": "string", - "description": "Email address of the service account." - }, - "scopes": { - "type": "array", - "description": "The list of scopes to be made available for this service account.", - "items": { - "type": "string" - } - } - } - }, - "InstancesStartWithEncryptionKeyRequest": { - "id": "InstancesStartWithEncryptionKeyRequest", - "type": "object", - "properties": { - "disks": { - "type": "array", - "description": "Array of disks associated with this instance that are protected with a customer-supplied encryption key.\n\nIn order to start the instance, the disk url and its corresponding key must be provided.\n\nIf the disk is not protected with a customer-supplied encryption key it should not be specified.", - "items": { - "$ref": "CustomerEncryptionKeyProtectedDisk" - } - } - } - }, - "Interconnect": { - "id": "Interconnect", - "type": "object", - "description": "Represents an Interconnects resource. The Interconnects resource is a dedicated connection between Google's network and your on-premises network. For more information, see the Dedicated overview page. (== resource_for v1.interconnects ==) (== resource_for beta.interconnects ==)", - "properties": { - "adminEnabled": { - "type": "boolean", - "description": "Administrative status of the interconnect. When this is set to true, the Interconnect is functional and can carry traffic. When set to false, no packets can be carried over the interconnect and no BGP routes are exchanged over it. By default, the status is set to true." - }, - "circuitInfos": { - "type": "array", - "description": "[Output Only] List of CircuitInfo objects, that describe the individual circuits in this LAG.", - "items": { - "$ref": "InterconnectCircuitInfo" - } - }, - "creationTimestamp": { - "type": "string", - "description": "[Output Only] Creation timestamp in RFC3339 text format." - }, - "customerName": { - "type": "string", - "description": "Customer name, to put in the Letter of Authorization as the party authorized to request a crossconnect." - }, - "description": { - "type": "string", - "description": "An optional description of this resource. Provide this property when you create the resource." - }, - "expectedOutages": { - "type": "array", - "description": "[Output Only] List of outages expected for this Interconnect.", - "items": { - "$ref": "InterconnectOutageNotification" - } - }, - "googleIpAddress": { - "type": "string", - "description": "[Output Only] IP address configured on the Google side of the Interconnect link. This can be used only for ping tests." - }, - "googleReferenceId": { - "type": "string", - "description": "[Output Only] Google reference ID; to be used when raising support tickets with Google or otherwise to debug backend connectivity issues." - }, - "id": { - "type": "string", - "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", - "format": "uint64" }, - "interconnectAttachments": { - "type": "array", - "description": "[Output Only] A list of the URLs of all InterconnectAttachments configured to use this Interconnect.", - "items": { - "type": "string" - } - }, - "interconnectType": { - "type": "string", - "description": "Type of interconnect. Note that \"IT_PRIVATE\" has been deprecated in favor of \"DEDICATED\"", - "enum": [ - "DEDICATED", - "IT_PRIVATE" - ], - "enumDescriptions": [ - "", - "" - ] - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of the resource. Always compute#interconnect for interconnects.", - "default": "compute#interconnect" - }, - "linkType": { - "type": "string", - "description": "Type of link requested. This field indicates speed of each of the links in the bundle, not the entire bundle. Only 10G per link is allowed for a dedicated interconnect. Options: Ethernet_10G_LR", - "enum": [ - "LINK_TYPE_ETHERNET_10G_LR" - ], - "enumDescriptions": [ - "" - ] - }, - "location": { - "type": "string", - "description": "URL of the InterconnectLocation object that represents where this connection is to be provisioned." - }, - "name": { - "type": "string", - "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "annotations": { - "required": [ - "compute.interconnects.insert" - ] - } - }, - "nocContactEmail": { - "type": "string", - "description": "Email address to contact the customer NOC for operations and maintenance notifications regarding this Interconnect. If specified, this will be used for notifications in addition to all other forms described, such as Stackdriver logs alerting and Cloud Notifications." - }, - "operationalStatus": { - "type": "string", - "description": "[Output Only] The current status of whether or not this Interconnect is functional.", - "enum": [ - "OS_ACTIVE", - "OS_UNPROVISIONED" - ], - "enumDescriptions": [ - "", - "" - ] - }, - "peerIpAddress": { - "type": "string", - "description": "[Output Only] IP address configured on the customer side of the Interconnect link. The customer should configure this IP address during turnup when prompted by Google NOC. This can be used only for ping tests." - }, - "provisionedLinkCount": { - "type": "integer", - "description": "[Output Only] Number of links actually provisioned in this interconnect.", - "format": "int32" - }, - "requestedLinkCount": { - "type": "integer", - "description": "Target number of physical links in the link bundle, as requested by the customer.", - "format": "int32" - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for the resource." - } - } - }, - "InterconnectAttachment": { - "id": "InterconnectAttachment", - "type": "object", - "description": "Represents an InterconnectAttachment (VLAN attachment) resource. For more information, see Creating VLAN Attachments. (== resource_for beta.interconnectAttachments ==) (== resource_for v1.interconnectAttachments ==)", - "properties": { - "cloudRouterIpAddress": { - "type": "string", - "description": "[Output Only] IPv4 address + prefix length to be configured on Cloud Router Interface for this interconnect attachment." - }, - "creationTimestamp": { - "type": "string", - "description": "[Output Only] Creation timestamp in RFC3339 text format." - }, - "customerRouterIpAddress": { - "type": "string", - "description": "[Output Only] IPv4 address + prefix length to be configured on the customer router subinterface for this interconnect attachment." - }, - "description": { - "type": "string", - "description": "An optional description of this resource." - }, - "googleReferenceId": { - "type": "string", - "description": "[Output Only] Google reference ID, to be used when raising support tickets with Google or otherwise to debug backend connectivity issues." - }, - "id": { - "type": "string", - "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", - "format": "uint64" - }, - "interconnect": { - "type": "string", - "description": "URL of the underlying Interconnect object that this attachment's traffic will traverse through." - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of the resource. Always compute#interconnectAttachment for interconnect attachments.", - "default": "compute#interconnectAttachment" - }, - "name": { - "type": "string", - "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?" - }, - "operationalStatus": { - "type": "string", - "description": "[Output Only] The current status of whether or not this interconnect attachment is functional.", - "enum": [ - "OS_ACTIVE", - "OS_UNPROVISIONED" - ], - "enumDescriptions": [ - "", - "" - ] - }, - "privateInterconnectInfo": { - "$ref": "InterconnectAttachmentPrivateInfo", - "description": "[Output Only] Information specific to an InterconnectAttachment. This property is populated if the interconnect that this is attached to is of type DEDICATED." - }, - "region": { - "type": "string", - "description": "[Output Only] URL of the region where the regional interconnect attachment resides." - }, - "router": { - "type": "string", - "description": "URL of the cloud router to be used for dynamic routing. This router must be in the same region as this InterconnectAttachment. The InterconnectAttachment will automatically connect the Interconnect to the network & region within which the Cloud Router is configured." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for the resource." - } - } - }, - "InterconnectAttachmentAggregatedList": { - "id": "InterconnectAttachmentAggregatedList", - "type": "object", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "object", - "description": "A list of InterconnectAttachmentsScopedList resources.", - "additionalProperties": { - "$ref": "InterconnectAttachmentsScopedList", - "description": "Name of the scope containing this set of interconnect attachments." - } - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of resource. Always compute#interconnectAttachmentAggregatedList for aggregated lists of interconnect attachments.", - "default": "compute#interconnectAttachmentAggregatedList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "InterconnectAttachmentList": { - "id": "InterconnectAttachmentList", - "type": "object", - "description": "Response to the list request, and contains a list of interconnect attachments.", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "array", - "description": "A list of InterconnectAttachment resources.", - "items": { - "$ref": "InterconnectAttachment" - } - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of resource. Always compute#interconnectAttachmentList for lists of interconnect attachments.", - "default": "compute#interconnectAttachmentList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "InterconnectAttachmentPrivateInfo": { - "id": "InterconnectAttachmentPrivateInfo", - "type": "object", - "description": "Information for an interconnect attachment when this belongs to an interconnect of type DEDICATED.", - "properties": { - "tag8021q": { - "type": "integer", - "description": "[Output Only] 802.1q encapsulation tag to be used for traffic between Google and the customer, going to and from this network and region.", - "format": "uint32" - } - } - }, - "InterconnectAttachmentsScopedList": { - "id": "InterconnectAttachmentsScopedList", - "type": "object", - "properties": { - "interconnectAttachments": { - "type": "array", - "description": "List of interconnect attachments contained in this scope.", - "items": { - "$ref": "InterconnectAttachment" - } - }, - "warning": { - "type": "object", - "description": "Informational warning which replaces the list of addresses when the list is empty.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "InterconnectCircuitInfo": { - "id": "InterconnectCircuitInfo", - "type": "object", - "description": "Describes a single physical circuit between the Customer and Google. CircuitInfo objects are created by Google, so all fields are output only. Next id: 4", - "properties": { - "customerDemarcId": { - "type": "string", - "description": "Customer-side demarc ID for this circuit." - }, - "googleCircuitId": { - "type": "string", - "description": "Google-assigned unique ID for this circuit. Assigned at circuit turn-up." - }, - "googleDemarcId": { - "type": "string", - "description": "Google-side demarc ID for this circuit. Assigned at circuit turn-up and provided by Google to the customer in the LOA." - } - } - }, - "InterconnectList": { - "id": "InterconnectList", - "type": "object", - "description": "Response to the list request, and contains a list of interconnects.", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "array", - "description": "A list of Interconnect resources.", - "items": { - "$ref": "Interconnect" - } - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of resource. Always compute#interconnectList for lists of interconnects.", - "default": "compute#interconnectList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "InterconnectLocation": { - "id": "InterconnectLocation", - "type": "object", - "description": "Represents an InterconnectLocations resource. The InterconnectLocations resource describes the locations where you can connect to Google's networks. For more information, see Colocation Facilities.", - "properties": { - "address": { - "type": "string", - "description": "[Output Only] The postal address of the Point of Presence, each line in the address is separated by a newline character." - }, - "availabilityZone": { - "type": "string", - "description": "[Output Only] Availability zone for this location. Within a metropolitan area (metro), maintenance will not be simultaneously scheduled in more than one availability zone. Example: \"zone1\" or \"zone2\"." - }, - "city": { - "type": "string", - "description": "[Output Only] Metropolitan area designator that indicates which city an interconnect is located. For example: \"Chicago, IL\", \"Amsterdam, Netherlands\"." - }, - "continent": { - "type": "string", - "description": "[Output Only] Continent for this location.", - "enum": [ - "AFRICA", - "ASIA_PAC", - "C_AFRICA", - "C_ASIA_PAC", - "C_EUROPE", - "C_NORTH_AMERICA", - "C_SOUTH_AMERICA", - "EUROPE", - "NORTH_AMERICA", - "SOUTH_AMERICA" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "creationTimestamp": { - "type": "string", - "description": "[Output Only] Creation timestamp in RFC3339 text format." - }, - "description": { - "type": "string", - "description": "[Output Only] An optional description of the resource." - }, - "facilityProvider": { - "type": "string", - "description": "[Output Only] The name of the provider for this facility (e.g., EQUINIX)." - }, - "facilityProviderFacilityId": { - "type": "string", - "description": "[Output Only] A provider-assigned Identifier for this facility (e.g., Ashburn-DC1)." - }, - "id": { - "type": "string", - "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", - "format": "uint64" - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of the resource. Always compute#interconnectLocation for interconnect locations.", - "default": "compute#interconnectLocation" - }, - "name": { - "type": "string", - "description": "[Output Only] Name of the resource." - }, - "peeringdbFacilityId": { - "type": "string", - "description": "[Output Only] The peeringdb identifier for this facility (corresponding with a netfac type in peeringdb)." - }, - "regionInfos": { - "type": "array", - "description": "[Output Only] A list of InterconnectLocation.RegionInfo objects, that describe parameters pertaining to the relation between this InterconnectLocation and various Google Cloud regions.", - "items": { - "$ref": "InterconnectLocationRegionInfo" - } - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for the resource." - } - } - }, - "InterconnectLocationList": { - "id": "InterconnectLocationList", - "type": "object", - "description": "Response to the list request, and contains a list of interconnect locations.", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "array", - "description": "A list of InterconnectLocation resources.", - "items": { - "$ref": "InterconnectLocation" - } - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of resource. Always compute#interconnectLocationList for lists of interconnect locations.", - "default": "compute#interconnectLocationList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "InterconnectLocationRegionInfo": { - "id": "InterconnectLocationRegionInfo", - "type": "object", - "description": "Information about any potential InterconnectAttachments between an Interconnect at a specific InterconnectLocation, and a specific Cloud Region.", - "properties": { - "expectedRttMs": { - "type": "string", - "description": "Expected round-trip time in milliseconds, from this InterconnectLocation to a VM in this region.", - "format": "int64" - }, - "locationPresence": { - "type": "string", - "description": "Identifies the network presence of this location.", - "enum": [ - "GLOBAL", - "LOCAL_REGION", - "LP_GLOBAL", - "LP_LOCAL_REGION" - ], - "enumDescriptions": [ - "", - "", - "", - "" - ] - }, - "region": { - "type": "string", - "description": "URL for the region of this location." - } - } - }, - "InterconnectOutageNotification": { - "id": "InterconnectOutageNotification", - "type": "object", - "description": "Description of a planned outage on this Interconnect. Next id: 9", - "properties": { - "affectedCircuits": { - "type": "array", - "description": "Iff issue_type is IT_PARTIAL_OUTAGE, a list of the Google-side circuit IDs that will be affected.", - "items": { - "type": "string" - } - }, - "description": { - "type": "string", - "description": "A description about the purpose of the outage." - }, - "endTime": { - "type": "string", - "description": "Scheduled end time for the outage (milliseconds since Unix epoch).", - "format": "int64" - }, - "issueType": { - "type": "string", - "description": "Form this outage is expected to take. Note that the \"IT_\" versions of this enum have been deprecated in favor of the unprefixed values.", - "enum": [ - "IT_OUTAGE", - "IT_PARTIAL_OUTAGE", - "OUTAGE", - "PARTIAL_OUTAGE" - ], - "enumDescriptions": [ - "", - "", - "", - "" - ] - }, - "name": { - "type": "string", - "description": "Unique identifier for this outage notification." - }, - "source": { - "type": "string", - "description": "The party that generated this notification. Note that \"NSRC_GOOGLE\" has been deprecated in favor of \"GOOGLE\"", - "enum": [ - "GOOGLE", - "NSRC_GOOGLE" - ], - "enumDescriptions": [ - "", - "" - ] - }, - "startTime": { - "type": "string", - "description": "Scheduled start time for the outage (milliseconds since Unix epoch).", - "format": "int64" - }, - "state": { - "type": "string", - "description": "State of this notification. Note that the \"NS_\" versions of this enum have been deprecated in favor of the unprefixed values.", - "enum": [ - "ACTIVE", - "CANCELLED", - "NS_ACTIVE", - "NS_CANCELED" - ], - "enumDescriptions": [ - "", - "", - "", - "" - ] - } - } - }, - "License": { - "id": "License", - "type": "object", - "description": "A license resource.", - "properties": { - "chargesUseFee": { - "type": "boolean", - "description": "[Output Only] Deprecated. This field no longer reflects whether a license charges a usage fee." - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of resource. Always compute#license for licenses.", - "default": "compute#license" - }, - "name": { - "type": "string", - "description": "[Output Only] Name of the resource. The name is 1-63 characters long and complies with RFC1035.", - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "annotations": { - "required": [ - "compute.images.insert" - ] - } - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for the resource." - } - } - }, - "MachineType": { - "id": "MachineType", - "type": "object", - "description": "A Machine Type resource. (== resource_for v1.machineTypes ==) (== resource_for beta.machineTypes ==)", - "properties": { - "creationTimestamp": { - "type": "string", - "description": "[Output Only] Creation timestamp in RFC3339 text format." - }, - "deprecated": { - "$ref": "DeprecationStatus", - "description": "[Output Only] The deprecation status associated with this machine type." - }, - "description": { - "type": "string", - "description": "[Output Only] An optional textual description of the resource." - }, - "guestCpus": { - "type": "integer", - "description": "[Output Only] The number of virtual CPUs that are available to the instance.", - "format": "int32" - }, - "id": { - "type": "string", - "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", - "format": "uint64" - }, - "imageSpaceGb": { - "type": "integer", - "description": "[Deprecated] This property is deprecated and will never be populated with any relevant values.", - "format": "int32" - }, - "isSharedCpu": { - "type": "boolean", - "description": "[Output Only] Whether this machine type has a shared CPU. See Shared-core machine types for more information." - }, - "kind": { - "type": "string", - "description": "[Output Only] The type of the resource. Always compute#machineType for machine types.", - "default": "compute#machineType" - }, - "maximumPersistentDisks": { - "type": "integer", - "description": "[Output Only] Maximum persistent disks allowed.", - "format": "int32" - }, - "maximumPersistentDisksSizeGb": { - "type": "string", - "description": "[Output Only] Maximum total persistent disks size (GB) allowed.", - "format": "int64" - }, - "memoryMb": { - "type": "integer", - "description": "[Output Only] The amount of physical memory available to the instance, defined in MB.", - "format": "int32" - }, - "name": { - "type": "string", - "description": "[Output Only] Name of the resource.", - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?" - }, - "scratchDisks": { - "type": "array", - "description": "[Output Only] List of extended scratch disks assigned to the instance.", - "items": { - "type": "object", - "properties": { - "diskGb": { - "type": "integer", - "description": "Size of the scratch disk, defined in GB.", - "format": "int32" - } - } - } - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for the resource." - }, - "zone": { - "type": "string", - "description": "[Output Only] The name of the zone where the machine type resides, such as us-central1-a." - } - } - }, - "MachineTypeAggregatedList": { - "id": "MachineTypeAggregatedList", - "type": "object", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "object", - "description": "A list of MachineTypesScopedList resources.", - "additionalProperties": { - "$ref": "MachineTypesScopedList", - "description": "[Output Only] Name of the scope containing this set of machine types." - } - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of resource. Always compute#machineTypeAggregatedList for aggregated lists of machine types.", - "default": "compute#machineTypeAggregatedList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "MachineTypeList": { - "id": "MachineTypeList", - "type": "object", - "description": "Contains a list of machine types.", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "array", - "description": "A list of MachineType resources.", - "items": { - "$ref": "MachineType" - } - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of resource. Always compute#machineTypeList for lists of machine types.", - "default": "compute#machineTypeList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "MachineTypesScopedList": { - "id": "MachineTypesScopedList", - "type": "object", - "properties": { - "machineTypes": { - "type": "array", - "description": "[Output Only] List of machine types contained in this scope.", - "items": { - "$ref": "MachineType" - } - }, - "warning": { - "type": "object", - "description": "[Output Only] An informational warning that appears when the machine types list is empty.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "ManagedInstance": { - "id": "ManagedInstance", - "type": "object", - "properties": { - "currentAction": { - "type": "string", - "description": "[Output Only] The current action that the managed instance group has scheduled for the instance. Possible values: \n- NONE The instance is running, and the managed instance group does not have any scheduled actions for this instance. \n- CREATING The managed instance group is creating this instance. If the group fails to create this instance, it will try again until it is successful. \n- CREATING_WITHOUT_RETRIES The managed instance group is attempting to create this instance only once. If the group fails to create this instance, it does not try again and the group's targetSize value is decreased instead. \n- RECREATING The managed instance group is recreating this instance. \n- DELETING The managed instance group is permanently deleting this instance. \n- ABANDONING The managed instance group is abandoning this instance. The instance will be removed from the instance group and from any target pools that are associated with this group. \n- RESTARTING The managed instance group is restarting the instance. \n- REFRESHING The managed instance group is applying configuration changes to the instance without stopping it. For example, the group can update the target pool list for an instance without stopping that instance.", - "enum": [ - "ABANDONING", - "CREATING", - "CREATING_WITHOUT_RETRIES", - "DELETING", - "NONE", - "RECREATING", - "REFRESHING", - "RESTARTING" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "id": { - "type": "string", - "description": "[Output only] The unique identifier for this resource. This field is empty when instance does not exist.", - "format": "uint64" - }, - "instance": { - "type": "string", - "description": "[Output Only] The URL of the instance. The URL can exist even if the instance has not yet been created." - }, - "instanceStatus": { - "type": "string", - "description": "[Output Only] The status of the instance. This field is empty when the instance does not exist.", - "enum": [ - "PROVISIONING", - "RUNNING", - "STAGING", - "STOPPED", - "STOPPING", - "SUSPENDED", - "SUSPENDING", - "TERMINATED" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "lastAttempt": { - "$ref": "ManagedInstanceLastAttempt", - "description": "[Output Only] Information about the last attempt to create or delete the instance." - } - } - }, - "ManagedInstanceLastAttempt": { - "id": "ManagedInstanceLastAttempt", - "type": "object", - "properties": { - "errors": { - "type": "object", - "description": "[Output Only] Encountered errors during the last attempt to create or delete the instance.", - "properties": { - "errors": { - "type": "array", - "description": "[Output Only] The array of errors encountered while processing this operation.", - "items": { - "type": "object", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] The error type identifier for this error." - }, - "location": { - "type": "string", - "description": "[Output Only] Indicates the field in the request that caused the error. This property is optional." - }, - "message": { - "type": "string", - "description": "[Output Only] An optional, human-readable error message." - } - } - } - } - } - } - } - }, - "Metadata": { - "id": "Metadata", - "type": "object", - "description": "A metadata key/value entry.", - "properties": { - "fingerprint": { - "type": "string", - "description": "Specifies a fingerprint for this request, which is essentially a hash of the metadata's contents and used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update metadata. You must always provide an up-to-date fingerprint hash in order to update or change metadata.", - "format": "byte" - }, - "items": { - "type": "array", - "description": "Array of key/value pairs. The total size of all keys and values must be less than 512 KB.", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "Key for the metadata entry. Keys must conform to the following regexp: [a-zA-Z0-9-_]+, and be less than 128 bytes in length. This is reflected as part of a URL in the metadata server. Additionally, to avoid ambiguity, keys must not conflict with any other metadata keys for the project.", - "pattern": "[a-zA-Z0-9-_]{1,128}", - "annotations": { - "required": [ - "compute.instances.insert", - "compute.projects.setCommonInstanceMetadata" - ] - } - }, - "value": { - "type": "string", - "description": "Value for the metadata entry. These are free-form strings, and only have meaning as interpreted by the image running in the instance. The only restriction placed on values is that their size must be less than or equal to 262144 bytes (256 KiB).", - "annotations": { - "required": [ - "compute.instances.insert", - "compute.projects.setCommonInstanceMetadata" - ] - } - } + "instances": { + "methods": { + "addAccessConfig": { + "description": "Adds an access config to an instance's network interface.", + "httpMethod": "POST", + "id": "compute.instances.addAccessConfig", + "parameterOrder": [ + "project", + "zone", + "instance", + "networkInterface" + ], + "parameters": { + "instance": { + "description": "The instance name for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "networkInterface": { + "description": "The name of the network interface to add to this instance.", + "location": "query", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "zone": { + "description": "The name of the zone for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/instances/{instance}/addAccessConfig", + "request": { + "$ref": "AccessConfig" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "aggregatedList": { + "description": "Retrieves aggregated list of instances.", + "httpMethod": "GET", + "id": "compute.instances.aggregatedList", + "parameterOrder": [ + "project" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/aggregated/instances", + "response": { + "$ref": "InstanceAggregatedList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "attachDisk": { + "description": "Attaches an existing Disk resource to an instance. You must first create the disk before you can attach it. It is not possible to create and attach a disk at the same time. For more information, read Adding a persistent disk to your instance.", + "httpMethod": "POST", + "id": "compute.instances.attachDisk", + "parameterOrder": [ + "project", + "zone", + "instance" + ], + "parameters": { + "instance": { + "description": "The instance name for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "zone": { + "description": "The name of the zone for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/instances/{instance}/attachDisk", + "request": { + "$ref": "AttachedDisk" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "delete": { + "description": "Deletes the specified Instance resource. For more information, see Stopping or Deleting an Instance.", + "httpMethod": "DELETE", + "id": "compute.instances.delete", + "parameterOrder": [ + "project", + "zone", + "instance" + ], + "parameters": { + "instance": { + "description": "Name of the instance resource to delete.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "zone": { + "description": "The name of the zone for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/instances/{instance}", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "deleteAccessConfig": { + "description": "Deletes an access config from an instance's network interface.", + "httpMethod": "POST", + "id": "compute.instances.deleteAccessConfig", + "parameterOrder": [ + "project", + "zone", + "instance", + "accessConfig", + "networkInterface" + ], + "parameters": { + "accessConfig": { + "description": "The name of the access config to delete.", + "location": "query", + "required": true, + "type": "string" + }, + "instance": { + "description": "The instance name for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "networkInterface": { + "description": "The name of the network interface.", + "location": "query", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "zone": { + "description": "The name of the zone for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/instances/{instance}/deleteAccessConfig", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "detachDisk": { + "description": "Detaches a disk from an instance.", + "httpMethod": "POST", + "id": "compute.instances.detachDisk", + "parameterOrder": [ + "project", + "zone", + "instance", + "deviceName" + ], + "parameters": { + "deviceName": { + "description": "Disk device name to detach.", + "location": "query", + "required": true, + "type": "string" + }, + "instance": { + "description": "Instance name.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "zone": { + "description": "The name of the zone for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/instances/{instance}/detachDisk", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "get": { + "description": "Returns the specified Instance resource. Get a list of available instances by making a list() request.", + "httpMethod": "GET", + "id": "compute.instances.get", + "parameterOrder": [ + "project", + "zone", + "instance" + ], + "parameters": { + "instance": { + "description": "Name of the instance resource to return.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "zone": { + "description": "The name of the zone for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/instances/{instance}", + "response": { + "$ref": "Instance" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "getSerialPortOutput": { + "description": "Returns the specified instance's serial port output.", + "httpMethod": "GET", + "id": "compute.instances.getSerialPortOutput", + "parameterOrder": [ + "project", + "zone", + "instance" + ], + "parameters": { + "instance": { + "description": "Name of the instance scoping this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "port": { + "default": "1", + "description": "Specifies which COM or serial port to retrieve data from.", + "format": "int32", + "location": "query", + "maximum": "4", + "minimum": "1", + "type": "integer" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "start": { + "description": "Returns output starting from a specific byte position. Use this to page through output when the output is too large to return in a single request. For the initial request, leave this field unspecified. For subsequent calls, this field should be set to the next value returned in the previous call.", + "format": "int64", + "location": "query", + "type": "string" + }, + "zone": { + "description": "The name of the zone for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/instances/{instance}/serialPort", + "response": { + "$ref": "SerialPortOutput" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "insert": { + "description": "Creates an instance resource in the specified project using the data included in the request.", + "httpMethod": "POST", + "id": "compute.instances.insert", + "parameterOrder": [ + "project", + "zone" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "zone": { + "description": "The name of the zone for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/instances", + "request": { + "$ref": "Instance" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "list": { + "description": "Retrieves the list of instances contained within the specified zone.", + "httpMethod": "GET", + "id": "compute.instances.list", + "parameterOrder": [ + "project", + "zone" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "zone": { + "description": "The name of the zone for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/instances", + "response": { + "$ref": "InstanceList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "listReferrers": { + "description": "Retrieves the list of referrers to instances contained within the specified zone.", + "httpMethod": "GET", + "id": "compute.instances.listReferrers", + "parameterOrder": [ + "project", + "zone", + "instance" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "instance": { + "description": "Name of the target instance scoping this request, or '-' if the request should span over all instances in the container.", + "location": "path", + "pattern": "-|[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "zone": { + "description": "The name of the zone for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/instances/{instance}/referrers", + "response": { + "$ref": "InstanceListReferrers" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "reset": { + "description": "Performs a reset on the instance. For more information, see Resetting an instance.", + "httpMethod": "POST", + "id": "compute.instances.reset", + "parameterOrder": [ + "project", + "zone", + "instance" + ], + "parameters": { + "instance": { + "description": "Name of the instance scoping this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "zone": { + "description": "The name of the zone for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/instances/{instance}/reset", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "setDeletionProtection": { + "description": "Sets deletion protection on the instance.", + "httpMethod": "POST", + "id": "compute.instances.setDeletionProtection", + "parameterOrder": [ + "project", + "zone", + "resource" + ], + "parameters": { + "deletionProtection": { + "default": "true", + "description": "Whether the resource should be protected against deletion.", + "location": "query", + "type": "boolean" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "resource": { + "description": "Name of the resource for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "zone": { + "description": "The name of the zone for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/instances/{resource}/setDeletionProtection", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "setDiskAutoDelete": { + "description": "Sets the auto-delete flag for a disk attached to an instance.", + "httpMethod": "POST", + "id": "compute.instances.setDiskAutoDelete", + "parameterOrder": [ + "project", + "zone", + "instance", + "autoDelete", + "deviceName" + ], + "parameters": { + "autoDelete": { + "description": "Whether to auto-delete the disk when the instance is deleted.", + "location": "query", + "required": true, + "type": "boolean" + }, + "deviceName": { + "description": "The device name of the disk to modify.", + "location": "query", + "pattern": "\\w[\\w.-]{0,254}", + "required": true, + "type": "string" + }, + "instance": { + "description": "The instance name.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "zone": { + "description": "The name of the zone for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/instances/{instance}/setDiskAutoDelete", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "setLabels": { + "description": "Sets labels on an instance. To learn more about labels, read the Labeling Resources documentation.", + "httpMethod": "POST", + "id": "compute.instances.setLabels", + "parameterOrder": [ + "project", + "zone", + "instance" + ], + "parameters": { + "instance": { + "description": "Name of the instance scoping this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "zone": { + "description": "The name of the zone for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/instances/{instance}/setLabels", + "request": { + "$ref": "InstancesSetLabelsRequest" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "setMachineResources": { + "description": "Changes the number and/or type of accelerator for a stopped instance to the values specified in the request.", + "httpMethod": "POST", + "id": "compute.instances.setMachineResources", + "parameterOrder": [ + "project", + "zone", + "instance" + ], + "parameters": { + "instance": { + "description": "Name of the instance scoping this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "zone": { + "description": "The name of the zone for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/instances/{instance}/setMachineResources", + "request": { + "$ref": "InstancesSetMachineResourcesRequest" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "setMachineType": { + "description": "Changes the machine type for a stopped instance to the machine type specified in the request.", + "httpMethod": "POST", + "id": "compute.instances.setMachineType", + "parameterOrder": [ + "project", + "zone", + "instance" + ], + "parameters": { + "instance": { + "description": "Name of the instance scoping this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "zone": { + "description": "The name of the zone for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/instances/{instance}/setMachineType", + "request": { + "$ref": "InstancesSetMachineTypeRequest" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "setMetadata": { + "description": "Sets metadata for the specified instance to the data included in the request.", + "httpMethod": "POST", + "id": "compute.instances.setMetadata", + "parameterOrder": [ + "project", + "zone", + "instance" + ], + "parameters": { + "instance": { + "description": "Name of the instance scoping this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "zone": { + "description": "The name of the zone for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/instances/{instance}/setMetadata", + "request": { + "$ref": "Metadata" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "setMinCpuPlatform": { + "description": "Changes the minimum CPU platform that this instance should use. This method can only be called on a stopped instance. For more information, read Specifying a Minimum CPU Platform.", + "httpMethod": "POST", + "id": "compute.instances.setMinCpuPlatform", + "parameterOrder": [ + "project", + "zone", + "instance" + ], + "parameters": { + "instance": { + "description": "Name of the instance scoping this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "zone": { + "description": "The name of the zone for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/instances/{instance}/setMinCpuPlatform", + "request": { + "$ref": "InstancesSetMinCpuPlatformRequest" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "setScheduling": { + "description": "Sets an instance's scheduling options.", + "httpMethod": "POST", + "id": "compute.instances.setScheduling", + "parameterOrder": [ + "project", + "zone", + "instance" + ], + "parameters": { + "instance": { + "description": "Instance name.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "zone": { + "description": "The name of the zone for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/instances/{instance}/setScheduling", + "request": { + "$ref": "Scheduling" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "setServiceAccount": { + "description": "Sets the service account on the instance. For more information, read Changing the service account and access scopes for an instance.", + "httpMethod": "POST", + "id": "compute.instances.setServiceAccount", + "parameterOrder": [ + "project", + "zone", + "instance" + ], + "parameters": { + "instance": { + "description": "Name of the instance resource to start.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "zone": { + "description": "The name of the zone for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/instances/{instance}/setServiceAccount", + "request": { + "$ref": "InstancesSetServiceAccountRequest" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "setTags": { + "description": "Sets tags for the specified instance to the data included in the request.", + "httpMethod": "POST", + "id": "compute.instances.setTags", + "parameterOrder": [ + "project", + "zone", + "instance" + ], + "parameters": { + "instance": { + "description": "Name of the instance scoping this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "zone": { + "description": "The name of the zone for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/instances/{instance}/setTags", + "request": { + "$ref": "Tags" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "start": { + "description": "Starts an instance that was stopped using the using the instances().stop method. For more information, see Restart an instance.", + "httpMethod": "POST", + "id": "compute.instances.start", + "parameterOrder": [ + "project", + "zone", + "instance" + ], + "parameters": { + "instance": { + "description": "Name of the instance resource to start.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "zone": { + "description": "The name of the zone for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/instances/{instance}/start", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "startWithEncryptionKey": { + "description": "Starts an instance that was stopped using the using the instances().stop method. For more information, see Restart an instance.", + "httpMethod": "POST", + "id": "compute.instances.startWithEncryptionKey", + "parameterOrder": [ + "project", + "zone", + "instance" + ], + "parameters": { + "instance": { + "description": "Name of the instance resource to start.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "zone": { + "description": "The name of the zone for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/instances/{instance}/startWithEncryptionKey", + "request": { + "$ref": "InstancesStartWithEncryptionKeyRequest" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "stop": { + "description": "Stops a running instance, shutting it down cleanly, and allows you to restart the instance at a later time. Stopped instances do not incur VM usage charges while they are stopped. However, resources that the VM is using, such as persistent disks and static IP addresses, will continue to be charged until they are deleted. For more information, see Stopping an instance.", + "httpMethod": "POST", + "id": "compute.instances.stop", + "parameterOrder": [ + "project", + "zone", + "instance" + ], + "parameters": { + "instance": { + "description": "Name of the instance resource to stop.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "zone": { + "description": "The name of the zone for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/instances/{instance}/stop", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "updateAccessConfig": { + "description": "Updates the specified access config from an instance's network interface with the data included in the request. This method supports PATCH semantics and uses the JSON merge patch format and processing rules.", + "httpMethod": "POST", + "id": "compute.instances.updateAccessConfig", + "parameterOrder": [ + "project", + "zone", + "instance", + "networkInterface" + ], + "parameters": { + "instance": { + "description": "The instance name for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "networkInterface": { + "description": "The name of the network interface where the access config is attached.", + "location": "query", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "zone": { + "description": "The name of the zone for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/instances/{instance}/updateAccessConfig", + "request": { + "$ref": "AccessConfig" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + } } - } - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of the resource. Always compute#metadata for metadata.", - "default": "compute#metadata" - } - } - }, - "NamedPort": { - "id": "NamedPort", - "type": "object", - "description": "The named port. For example: .", - "properties": { - "name": { - "type": "string", - "description": "The name for this named port. The name must be 1-63 characters long, and comply with RFC1035." - }, - "port": { - "type": "integer", - "description": "The port number, which can be a value between 1 and 65535.", - "format": "int32" - } - } - }, - "Network": { - "id": "Network", - "type": "object", - "description": "Represents a Network resource. Read Networks and Firewalls for more information. (== resource_for v1.networks ==) (== resource_for beta.networks ==)", - "properties": { - "IPv4Range": { - "type": "string", - "description": "The range of internal addresses that are legal on this network. This range is a CIDR specification, for example: 192.168.0.0/16. Provided by the client when the network is created.", - "pattern": "[0-9]{1,3}(?:\\.[0-9]{1,3}){3}/[0-9]{1,2}" - }, - "autoCreateSubnetworks": { - "type": "boolean", - "description": "When set to true, the network is created in \"auto subnet mode\". When set to false, the network is in \"custom subnet mode\".\n\nIn \"auto subnet mode\", a newly created network is assigned the default CIDR of 10.128.0.0/9 and it automatically creates one subnetwork per region." - }, - "creationTimestamp": { - "type": "string", - "description": "[Output Only] Creation timestamp in RFC3339 text format." - }, - "description": { - "type": "string", - "description": "An optional description of this resource. Provide this property when you create the resource." - }, - "gatewayIPv4": { - "type": "string", - "description": "A gateway address for default routing to other networks. This value is read only and is selected by the Google Compute Engine, typically as the first usable address in the IPv4Range.", - "pattern": "[0-9]{1,3}(?:\\.[0-9]{1,3}){3}" - }, - "id": { - "type": "string", - "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", - "format": "uint64" - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of the resource. Always compute#network for networks.", - "default": "compute#network" - }, - "name": { - "type": "string", - "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "annotations": { - "required": [ - "compute.networks.insert" - ] - } - }, - "peerings": { - "type": "array", - "description": "[Output Only] List of network peerings for the resource.", - "items": { - "$ref": "NetworkPeering" - } - }, - "routingConfig": { - "$ref": "NetworkRoutingConfig", - "description": "The network-level routing configuration for this network. Used by Cloud Router to determine what type of network-wide routing behavior to enforce." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for the resource." }, - "subnetworks": { - "type": "array", - "description": "[Output Only] Server-defined fully-qualified URLs for all subnetworks in this network.", - "items": { - "type": "string" - } - } - } - }, - "NetworkInterface": { - "id": "NetworkInterface", - "type": "object", - "description": "A network interface resource attached to an instance.", - "properties": { - "accessConfigs": { - "type": "array", - "description": "An array of configurations for this interface. Currently, only one access config, ONE_TO_ONE_NAT, is supported. If there are no accessConfigs specified, then this instance will have no external internet access.", - "items": { - "$ref": "AccessConfig" - } - }, - "aliasIpRanges": { - "type": "array", - "description": "An array of alias IP ranges for this network interface. Can only be specified for network interfaces on subnet-mode networks.", - "items": { - "$ref": "AliasIpRange" - } - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of the resource. Always compute#networkInterface for network interfaces.", - "default": "compute#networkInterface" - }, - "name": { - "type": "string", - "description": "[Output Only] The name of the network interface, generated by the server. For network devices, these are eth0, eth1, etc." - }, - "network": { - "type": "string", - "description": "URL of the network resource for this instance. When creating an instance, if neither the network nor the subnetwork is specified, the default network global/networks/default is used; if the network is not specified but the subnetwork is specified, the network is inferred.\n\nThis field is optional when creating a firewall rule. If not specified when creating a firewall rule, the default network global/networks/default is used.\n\nIf you specify this property, you can specify the network as a full or partial URL. For example, the following are all valid URLs: \n- https://www.googleapis.com/compute/v1/projects/project/global/networks/network \n- projects/project/global/networks/network \n- global/networks/default" - }, - "networkIP": { - "type": "string", - "description": "An IPv4 internal network address to assign to the instance for this network interface. If not specified by the user, an unused internal IP is assigned by the system." - }, - "subnetwork": { - "type": "string", - "description": "The URL of the Subnetwork resource for this instance. If the network resource is in legacy mode, do not provide this property. If the network is in auto subnet mode, providing the subnetwork is optional. If the network is in custom subnet mode, then this field should be specified. If you specify this property, you can specify the subnetwork as a full or partial URL. For example, the following are all valid URLs: \n- https://www.googleapis.com/compute/v1/projects/project/regions/region/subnetworks/subnetwork \n- regions/region/subnetworks/subnetwork" - } - } - }, - "NetworkList": { - "id": "NetworkList", - "type": "object", - "description": "Contains a list of networks.", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "array", - "description": "A list of Network resources.", - "items": { - "$ref": "Network" - } - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of resource. Always compute#networkList for lists of networks.", - "default": "compute#networkList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "NetworkPeering": { - "id": "NetworkPeering", - "type": "object", - "description": "A network peering attached to a network resource. The message includes the peering name, peer network, peering state, and a flag indicating whether Google Compute Engine should automatically create routes for the peering.", - "properties": { - "autoCreateRoutes": { - "type": "boolean", - "description": "Whether full mesh connectivity is created and managed automatically. When it is set to true, Google Compute Engine will automatically create and manage the routes between two networks when the state is ACTIVE. Otherwise, user needs to create routes manually to route packets to peer network." - }, - "name": { - "type": "string", - "description": "Name of this peering. Provided by the client when the peering is created. The name must comply with RFC1035. Specifically, the name must be 1-63 characters long and match regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all the following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash." - }, - "network": { - "type": "string", - "description": "The URL of the peer network. It can be either full URL or partial URL. The peer network may belong to a different project. If the partial URL does not contain project, it is assumed that the peer network is in the same project as the current network." - }, - "state": { - "type": "string", - "description": "[Output Only] State for the peering.", - "enum": [ - "ACTIVE", - "INACTIVE" - ], - "enumDescriptions": [ - "", - "" - ] - }, - "stateDetails": { - "type": "string", - "description": "[Output Only] Details about the current state of the peering." - } - } - }, - "NetworkRoutingConfig": { - "id": "NetworkRoutingConfig", - "type": "object", - "description": "A routing configuration attached to a network resource. The message includes the list of routers associated with the network, and a flag indicating the type of routing behavior to enforce network-wide.", - "properties": { - "routingMode": { - "type": "string", - "description": "The network-wide routing mode to use. If set to REGIONAL, this network's cloud routers will only advertise routes with subnetworks of this network in the same region as the router. If set to GLOBAL, this network's cloud routers will advertise routes with all subnetworks of this network, across regions.", - "enum": [ - "GLOBAL", - "REGIONAL" - ], - "enumDescriptions": [ - "", - "" - ] - } - } - }, - "NetworksAddPeeringRequest": { - "id": "NetworksAddPeeringRequest", - "type": "object", - "properties": { - "autoCreateRoutes": { - "type": "boolean", - "description": "Whether Google Compute Engine manages the routes automatically." - }, - "name": { - "type": "string", - "description": "Name of the peering, which should conform to RFC1035.", - "annotations": { - "required": [ - "compute.networks.addPeering" - ] - } - }, - "peerNetwork": { - "type": "string", - "description": "URL of the peer network. It can be either full URL or partial URL. The peer network may belong to a different project. If the partial URL does not contain project, it is assumed that the peer network is in the same project as the current network." - } - } - }, - "NetworksRemovePeeringRequest": { - "id": "NetworksRemovePeeringRequest", - "type": "object", - "properties": { - "name": { - "type": "string", - "description": "Name of the peering, which should conform to RFC1035." - } - } - }, - "Operation": { - "id": "Operation", - "type": "object", - "description": "An Operation resource, used to manage asynchronous API requests. (== resource_for v1.globalOperations ==) (== resource_for beta.globalOperations ==) (== resource_for v1.regionOperations ==) (== resource_for beta.regionOperations ==) (== resource_for v1.zoneOperations ==) (== resource_for beta.zoneOperations ==)", - "properties": { - "clientOperationId": { - "type": "string", - "description": "[Output Only] Reserved for future use." - }, - "creationTimestamp": { - "type": "string", - "description": "[Deprecated] This field is deprecated." - }, - "description": { - "type": "string", - "description": "[Output Only] A textual description of the operation, which is set when the operation is created." - }, - "endTime": { - "type": "string", - "description": "[Output Only] The time that this operation was completed. This value is in RFC3339 text format." - }, - "error": { - "type": "object", - "description": "[Output Only] If errors are generated during processing of the operation, this field will be populated.", - "properties": { - "errors": { - "type": "array", - "description": "[Output Only] The array of errors encountered while processing this operation.", - "items": { - "type": "object", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] The error type identifier for this error." - }, - "location": { - "type": "string", - "description": "[Output Only] Indicates the field in the request that caused the error. This property is optional." - }, - "message": { - "type": "string", - "description": "[Output Only] An optional, human-readable error message." - } - } - } - } - } - }, - "httpErrorMessage": { - "type": "string", - "description": "[Output Only] If the operation fails, this field contains the HTTP error message that was returned, such as NOT FOUND." - }, - "httpErrorStatusCode": { - "type": "integer", - "description": "[Output Only] If the operation fails, this field contains the HTTP error status code that was returned. For example, a 404 means the resource was not found.", - "format": "int32" - }, - "id": { - "type": "string", - "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", - "format": "uint64" - }, - "insertTime": { - "type": "string", - "description": "[Output Only] The time that this operation was requested. This value is in RFC3339 text format." - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of the resource. Always compute#operation for Operation resources.", - "default": "compute#operation" - }, - "name": { - "type": "string", - "description": "[Output Only] Name of the resource." - }, - "operationType": { - "type": "string", - "description": "[Output Only] The type of operation, such as insert, update, or delete, and so on." - }, - "progress": { - "type": "integer", - "description": "[Output Only] An optional progress indicator that ranges from 0 to 100. There is no requirement that this be linear or support any granularity of operations. This should not be used to guess when the operation will be complete. This number should monotonically increase as the operation progresses.", - "format": "int32" - }, - "region": { - "type": "string", - "description": "[Output Only] The URL of the region where the operation resides. Only available when performing regional operations." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for the resource." - }, - "startTime": { - "type": "string", - "description": "[Output Only] The time that this operation was started by the server. This value is in RFC3339 text format." - }, - "status": { - "type": "string", - "description": "[Output Only] The status of the operation, which can be one of the following: PENDING, RUNNING, or DONE.", - "enum": [ - "DONE", - "PENDING", - "RUNNING" - ], - "enumDescriptions": [ - "", - "", - "" - ] - }, - "statusMessage": { - "type": "string", - "description": "[Output Only] An optional textual description of the current status of the operation." - }, - "targetId": { - "type": "string", - "description": "[Output Only] The unique target ID, which identifies a specific incarnation of the target resource.", - "format": "uint64" - }, - "targetLink": { - "type": "string", - "description": "[Output Only] The URL of the resource that the operation modifies. For operations related to creating a snapshot, this points to the persistent disk that the snapshot was created from." - }, - "user": { - "type": "string", - "description": "[Output Only] User who requested the operation, for example: user@example.com." - }, - "warnings": { - "type": "array", - "description": "[Output Only] If warning messages are generated during processing of the operation, this field will be populated.", - "items": { - "type": "object", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } + "interconnectAttachments": { + "methods": { + "aggregatedList": { + "description": "Retrieves an aggregated list of interconnect attachments.", + "httpMethod": "GET", + "id": "compute.interconnectAttachments.aggregatedList", + "parameterOrder": [ + "project" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/aggregated/interconnectAttachments", + "response": { + "$ref": "InterconnectAttachmentAggregatedList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "delete": { + "description": "Deletes the specified interconnect attachment.", + "httpMethod": "DELETE", + "id": "compute.interconnectAttachments.delete", + "parameterOrder": [ + "project", + "region", + "interconnectAttachment" + ], + "parameters": { + "interconnectAttachment": { + "description": "Name of the interconnect attachment to delete.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/regions/{region}/interconnectAttachments/{interconnectAttachment}", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "get": { + "description": "Returns the specified interconnect attachment.", + "httpMethod": "GET", + "id": "compute.interconnectAttachments.get", + "parameterOrder": [ + "project", + "region", + "interconnectAttachment" + ], + "parameters": { + "interconnectAttachment": { + "description": "Name of the interconnect attachment to return.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}/interconnectAttachments/{interconnectAttachment}", + "response": { + "$ref": "InterconnectAttachment" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "insert": { + "description": "Creates an InterconnectAttachment in the specified project using the data included in the request.", + "httpMethod": "POST", + "id": "compute.interconnectAttachments.insert", + "parameterOrder": [ + "project", + "region" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/regions/{region}/interconnectAttachments", + "request": { + "$ref": "InterconnectAttachment" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "list": { + "description": "Retrieves the list of interconnect attachments contained within the specified region.", + "httpMethod": "GET", + "id": "compute.interconnectAttachments.list", + "parameterOrder": [ + "project", + "region" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}/interconnectAttachments", + "response": { + "$ref": "InterconnectAttachmentList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + } } - } }, - "zone": { - "type": "string", - "description": "[Output Only] The URL of the zone where the operation resides. Only available when performing per-zone operations." - } - } - }, - "OperationAggregatedList": { - "id": "OperationAggregatedList", - "type": "object", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server." - }, - "items": { - "type": "object", - "description": "[Output Only] A map of scoped operation lists.", - "additionalProperties": { - "$ref": "OperationsScopedList", - "description": "[Output Only] Name of the scope containing this set of operations." - } - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of resource. Always compute#operationAggregatedList for aggregated lists of operations.", - "default": "compute#operationAggregatedList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "OperationList": { - "id": "OperationList", - "type": "object", - "description": "Contains a list of Operation resources.", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server." - }, - "items": { - "type": "array", - "description": "[Output Only] A list of Operation resources.", - "items": { - "$ref": "Operation" - } - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of resource. Always compute#operations for Operations resource.", - "default": "compute#operationList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "OperationsScopedList": { - "id": "OperationsScopedList", - "type": "object", - "properties": { - "operations": { - "type": "array", - "description": "[Output Only] List of operations contained in this scope.", - "items": { - "$ref": "Operation" - } - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning which replaces the list of operations when the list is empty.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." + "interconnectLocations": { + "methods": { + "get": { + "description": "Returns the details for the specified interconnect location. Get a list of available interconnect locations by making a list() request.", + "httpMethod": "GET", + "id": "compute.interconnectLocations.get", + "parameterOrder": [ + "project", + "interconnectLocation" + ], + "parameters": { + "interconnectLocation": { + "description": "Name of the interconnect location to return.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/interconnectLocations/{interconnectLocation}", + "response": { + "$ref": "InterconnectLocation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "list": { + "description": "Retrieves the list of interconnect locations available to the specified project.", + "httpMethod": "GET", + "id": "compute.interconnectLocations.list", + "parameterOrder": [ + "project" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/interconnectLocations", + "response": { + "$ref": "InterconnectLocationList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + } } - } - } - } - }, - "PathMatcher": { - "id": "PathMatcher", - "type": "object", - "description": "A matcher for the path portion of the URL. The BackendService from the longest-matched rule will serve the URL. If no rule was matched, the default service will be used.", - "properties": { - "defaultService": { - "type": "string", - "description": "The full or partial URL to the BackendService resource. This will be used if none of the pathRules defined by this PathMatcher is matched by the URL's path portion. For example, the following are all valid URLs to a BackendService resource: \n- https://www.googleapis.com/compute/v1/projects/project/global/backendServices/backendService \n- compute/v1/projects/project/global/backendServices/backendService \n- global/backendServices/backendService" - }, - "description": { - "type": "string", - "description": "An optional description of this resource. Provide this property when you create the resource." - }, - "name": { - "type": "string", - "description": "The name to which this PathMatcher is referred by the HostRule." - }, - "pathRules": { - "type": "array", - "description": "The list of path rules.", - "items": { - "$ref": "PathRule" - } - } - } - }, - "PathRule": { - "id": "PathRule", - "type": "object", - "description": "A path-matching rule for a URL. If matched, will use the specified BackendService to handle the traffic arriving at this URL.", - "properties": { - "paths": { - "type": "array", - "description": "The list of path patterns to match. Each must start with / and the only place a * is allowed is at the end following a /. The string fed to the path matcher does not include any text after the first ? or #, and those chars are not allowed here.", - "items": { - "type": "string" - } }, - "service": { - "type": "string", - "description": "The URL of the BackendService resource if this rule is matched." - } - } - }, - "Project": { - "id": "Project", - "type": "object", - "description": "A Project resource. For an overview of projects, see Cloud Platform Resource Hierarchy. (== resource_for v1.projects ==) (== resource_for beta.projects ==)", - "properties": { - "commonInstanceMetadata": { - "$ref": "Metadata", - "description": "Metadata key/value pairs available to all instances contained in this project. See Custom metadata for more information." - }, - "creationTimestamp": { - "type": "string", - "description": "[Output Only] Creation timestamp in RFC3339 text format." - }, - "defaultServiceAccount": { - "type": "string", - "description": "[Output Only] Default service account used by VMs running in this project." - }, - "description": { - "type": "string", - "description": "An optional textual description of the resource." - }, - "enabledFeatures": { - "type": "array", - "description": "Restricted features enabled for use on this project.", - "items": { - "type": "string" - } - }, - "id": { - "type": "string", - "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server. This is not the project ID, and is just a unique ID used by Compute Engine to identify resources.", - "format": "uint64" - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of the resource. Always compute#project for projects.", - "default": "compute#project" - }, - "name": { - "type": "string", - "description": "The project ID. For example: my-example-project. Use the project ID to make requests to Compute Engine." - }, - "quotas": { - "type": "array", - "description": "[Output Only] Quotas assigned to this project.", - "items": { - "$ref": "Quota" - } - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for the resource." - }, - "usageExportLocation": { - "$ref": "UsageExportLocation", - "description": "The naming prefix for daily usage reports and the Google Cloud Storage bucket where they are stored." - }, - "xpnProjectStatus": { - "type": "string", - "description": "[Output Only] The role this project has in a shared VPC configuration. Currently only HOST projects are differentiated.", - "enum": [ - "HOST", - "UNSPECIFIED_XPN_PROJECT_STATUS" - ], - "enumDescriptions": [ - "", - "" - ] - } - } - }, - "ProjectsDisableXpnResourceRequest": { - "id": "ProjectsDisableXpnResourceRequest", - "type": "object", - "properties": { - "xpnResource": { - "$ref": "XpnResourceId", - "description": "Service resource (a.k.a service project) ID." - } - } - }, - "ProjectsEnableXpnResourceRequest": { - "id": "ProjectsEnableXpnResourceRequest", - "type": "object", - "properties": { - "xpnResource": { - "$ref": "XpnResourceId", - "description": "Service resource (a.k.a service project) ID." - } - } - }, - "ProjectsGetXpnResources": { - "id": "ProjectsGetXpnResources", - "type": "object", - "properties": { - "kind": { - "type": "string", - "description": "[Output Only] Type of resource. Always compute#projectsGetXpnResources for lists of service resources (a.k.a service projects)", - "default": "compute#projectsGetXpnResources" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "resources": { - "type": "array", - "description": "Service resources (a.k.a service projects) attached to this project as their shared VPC host.", - "items": { - "$ref": "XpnResourceId" - } - } - } - }, - "ProjectsListXpnHostsRequest": { - "id": "ProjectsListXpnHostsRequest", - "type": "object", - "properties": { - "organization": { - "type": "string", - "description": "Optional organization ID managed by Cloud Resource Manager, for which to list shared VPC host projects. If not specified, the organization will be inferred from the project." - } - } - }, - "Quota": { - "id": "Quota", - "type": "object", - "description": "A quotas entry.", - "properties": { - "limit": { - "type": "number", - "description": "[Output Only] Quota limit for this metric.", - "format": "double" - }, - "metric": { - "type": "string", - "description": "[Output Only] Name of the quota metric.", - "enum": [ - "AUTOSCALERS", - "BACKEND_BUCKETS", - "BACKEND_SERVICES", - "COMMITMENTS", - "CPUS", - "CPUS_ALL_REGIONS", - "DISKS_TOTAL_GB", - "FIREWALLS", - "FORWARDING_RULES", - "HEALTH_CHECKS", - "IMAGES", - "INSTANCES", - "INSTANCE_GROUPS", - "INSTANCE_GROUP_MANAGERS", - "INSTANCE_TEMPLATES", - "INTERCONNECTS", - "INTERNAL_ADDRESSES", - "IN_USE_ADDRESSES", - "LOCAL_SSD_TOTAL_GB", - "NETWORKS", - "NVIDIA_K80_GPUS", - "NVIDIA_P100_GPUS", - "PREEMPTIBLE_CPUS", - "PREEMPTIBLE_LOCAL_SSD_GB", - "PREEMPTIBLE_NVIDIA_K80_GPUS", - "PREEMPTIBLE_NVIDIA_P100_GPUS", - "REGIONAL_AUTOSCALERS", - "REGIONAL_INSTANCE_GROUP_MANAGERS", - "ROUTERS", - "ROUTES", - "SECURITY_POLICIES", - "SECURITY_POLICY_RULES", - "SNAPSHOTS", - "SSD_TOTAL_GB", - "SSL_CERTIFICATES", - "STATIC_ADDRESSES", - "SUBNETWORKS", - "TARGET_HTTPS_PROXIES", - "TARGET_HTTP_PROXIES", - "TARGET_INSTANCES", - "TARGET_POOLS", - "TARGET_SSL_PROXIES", - "TARGET_TCP_PROXIES", - "TARGET_VPN_GATEWAYS", - "URL_MAPS", - "VPN_TUNNELS" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "usage": { - "type": "number", - "description": "[Output Only] Current usage of this metric.", - "format": "double" - } - } - }, - "Region": { - "id": "Region", - "type": "object", - "description": "Region resource. (== resource_for beta.regions ==) (== resource_for v1.regions ==)", - "properties": { - "creationTimestamp": { - "type": "string", - "description": "[Output Only] Creation timestamp in RFC3339 text format." - }, - "deprecated": { - "$ref": "DeprecationStatus", - "description": "[Output Only] The deprecation status associated with this region." - }, - "description": { - "type": "string", - "description": "[Output Only] Textual description of the resource." - }, - "id": { - "type": "string", - "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", - "format": "uint64" - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of the resource. Always compute#region for regions.", - "default": "compute#region" - }, - "name": { - "type": "string", - "description": "[Output Only] Name of the resource." - }, - "quotas": { - "type": "array", - "description": "[Output Only] Quotas assigned to this region.", - "items": { - "$ref": "Quota" - } - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for the resource." - }, - "status": { - "type": "string", - "description": "[Output Only] Status of the region, either UP or DOWN.", - "enum": [ - "DOWN", - "UP" - ], - "enumDescriptions": [ - "", - "" - ] - }, - "zones": { - "type": "array", - "description": "[Output Only] A list of zones available in this region, in the form of resource URLs.", - "items": { - "type": "string" - } - } - } - }, - "RegionAutoscalerList": { - "id": "RegionAutoscalerList", - "type": "object", - "description": "Contains a list of autoscalers.", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "array", - "description": "A list of Autoscaler resources.", - "items": { - "$ref": "Autoscaler" - } - }, - "kind": { - "type": "string", - "description": "Type of resource.", - "default": "compute#regionAutoscalerList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "RegionInstanceGroupList": { - "id": "RegionInstanceGroupList", - "type": "object", - "description": "Contains a list of InstanceGroup resources.", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "array", - "description": "A list of InstanceGroup resources.", - "items": { - "$ref": "InstanceGroup" - } - }, - "kind": { - "type": "string", - "description": "The resource type.", - "default": "compute#regionInstanceGroupList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "RegionInstanceGroupManagerList": { - "id": "RegionInstanceGroupManagerList", - "type": "object", - "description": "Contains a list of managed instance groups.", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "array", - "description": "A list of InstanceGroupManager resources.", - "items": { - "$ref": "InstanceGroupManager" - } - }, - "kind": { - "type": "string", - "description": "[Output Only] The resource type, which is always compute#instanceGroupManagerList for a list of managed instance groups that exist in th regional scope.", - "default": "compute#regionInstanceGroupManagerList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." + "interconnects": { + "methods": { + "delete": { + "description": "Deletes the specified interconnect.", + "httpMethod": "DELETE", + "id": "compute.interconnects.delete", + "parameterOrder": [ + "project", + "interconnect" + ], + "parameters": { + "interconnect": { + "description": "Name of the interconnect to delete.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/interconnects/{interconnect}", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "get": { + "description": "Returns the specified interconnect. Get a list of available interconnects by making a list() request.", + "httpMethod": "GET", + "id": "compute.interconnects.get", + "parameterOrder": [ + "project", + "interconnect" + ], + "parameters": { + "interconnect": { + "description": "Name of the interconnect to return.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/interconnects/{interconnect}", + "response": { + "$ref": "Interconnect" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "insert": { + "description": "Creates a Interconnect in the specified project using the data included in the request.", + "httpMethod": "POST", + "id": "compute.interconnects.insert", + "parameterOrder": [ + "project" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/interconnects", + "request": { + "$ref": "Interconnect" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "list": { + "description": "Retrieves the list of interconnect available to the specified project.", + "httpMethod": "GET", + "id": "compute.interconnects.list", + "parameterOrder": [ + "project" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/interconnects", + "response": { + "$ref": "InterconnectList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "patch": { + "description": "Updates the specified interconnect with the data included in the request. This method supports PATCH semantics and uses the JSON merge patch format and processing rules.", + "httpMethod": "PATCH", + "id": "compute.interconnects.patch", + "parameterOrder": [ + "project", + "interconnect" + ], + "parameters": { + "interconnect": { + "description": "Name of the interconnect to update.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/interconnects/{interconnect}", + "request": { + "$ref": "Interconnect" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + } } - } - } - } - }, - "RegionInstanceGroupManagersAbandonInstancesRequest": { - "id": "RegionInstanceGroupManagersAbandonInstancesRequest", - "type": "object", - "properties": { - "instances": { - "type": "array", - "description": "The URLs of one or more instances to abandon. This can be a full URL or a partial URL, such as zones/[ZONE]/instances/[INSTANCE_NAME].", - "items": { - "type": "string" - } - } - } - }, - "RegionInstanceGroupManagersDeleteInstancesRequest": { - "id": "RegionInstanceGroupManagersDeleteInstancesRequest", - "type": "object", - "properties": { - "instances": { - "type": "array", - "description": "The URLs of one or more instances to delete. This can be a full URL or a partial URL, such as zones/[ZONE]/instances/[INSTANCE_NAME].", - "items": { - "type": "string" - } - } - } - }, - "RegionInstanceGroupManagersListInstancesResponse": { - "id": "RegionInstanceGroupManagersListInstancesResponse", - "type": "object", - "properties": { - "managedInstances": { - "type": "array", - "description": "List of managed instances.", - "items": { - "$ref": "ManagedInstance" - } - } - } - }, - "RegionInstanceGroupManagersRecreateRequest": { - "id": "RegionInstanceGroupManagersRecreateRequest", - "type": "object", - "properties": { - "instances": { - "type": "array", - "description": "The URLs of one or more instances to recreate. This can be a full URL or a partial URL, such as zones/[ZONE]/instances/[INSTANCE_NAME].", - "items": { - "type": "string" - } - } - } - }, - "RegionInstanceGroupManagersSetTargetPoolsRequest": { - "id": "RegionInstanceGroupManagersSetTargetPoolsRequest", - "type": "object", - "properties": { - "fingerprint": { - "type": "string", - "description": "Fingerprint of the target pools information, which is a hash of the contents. This field is used for optimistic locking when you update the target pool entries. This field is optional.", - "format": "byte" - }, - "targetPools": { - "type": "array", - "description": "The URL of all TargetPool resources to which instances in the instanceGroup field are added. The target pools automatically apply to all of the instances in the managed instance group.", - "items": { - "type": "string" - } - } - } - }, - "RegionInstanceGroupManagersSetTemplateRequest": { - "id": "RegionInstanceGroupManagersSetTemplateRequest", - "type": "object", - "properties": { - "instanceTemplate": { - "type": "string", - "description": "URL of the InstanceTemplate resource from which all new instances will be created." - } - } - }, - "RegionInstanceGroupsListInstances": { - "id": "RegionInstanceGroupsListInstances", - "type": "object", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "array", - "description": "A list of InstanceWithNamedPorts resources.", - "items": { - "$ref": "InstanceWithNamedPorts" - } - }, - "kind": { - "type": "string", - "description": "The resource type.", - "default": "compute#regionInstanceGroupsListInstances" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "RegionInstanceGroupsListInstancesRequest": { - "id": "RegionInstanceGroupsListInstancesRequest", - "type": "object", - "properties": { - "instanceState": { - "type": "string", - "description": "Instances in which state should be returned. Valid options are: 'ALL', 'RUNNING'. By default, it lists all instances.", - "enum": [ - "ALL", - "RUNNING" - ], - "enumDescriptions": [ - "", - "" - ] - }, - "portName": { - "type": "string", - "description": "Name of port user is interested in. It is optional. If it is set, only information about this ports will be returned. If it is not set, all the named ports will be returned. Always lists all instances.", - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?" - } - } - }, - "RegionInstanceGroupsSetNamedPortsRequest": { - "id": "RegionInstanceGroupsSetNamedPortsRequest", - "type": "object", - "properties": { - "fingerprint": { - "type": "string", - "description": "The fingerprint of the named ports information for this instance group. Use this optional property to prevent conflicts when multiple users change the named ports settings concurrently. Obtain the fingerprint with the instanceGroups.get method. Then, include the fingerprint in your request to ensure that you do not overwrite changes that were applied from another concurrent request.", - "format": "byte" - }, - "namedPorts": { - "type": "array", - "description": "The list of named ports to set for this instance group.", - "items": { - "$ref": "NamedPort" - } - } - } - }, - "RegionList": { - "id": "RegionList", - "type": "object", - "description": "Contains a list of region resources.", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "array", - "description": "A list of Region resources.", - "items": { - "$ref": "Region" - } - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of resource. Always compute#regionList for lists of regions.", - "default": "compute#regionList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "ResourceCommitment": { - "id": "ResourceCommitment", - "type": "object", - "description": "Commitment for a particular resource (a Commitment is composed of one or more of these).", - "properties": { - "amount": { - "type": "string", - "description": "The amount of the resource purchased (in a type-dependent unit, such as bytes). For vCPUs, this can just be an integer. For memory, this must be provided in MB. Memory must be a multiple of 256 MB, with up to 6.5GB of memory per every vCPU.", - "format": "int64" - }, - "type": { - "type": "string", - "description": "Type of resource for which this commitment applies. Possible values are VCPU and MEMORY", - "enum": [ - "MEMORY", - "UNSPECIFIED", - "VCPU" - ], - "enumDescriptions": [ - "", - "", - "" - ] - } - } - }, - "ResourceGroupReference": { - "id": "ResourceGroupReference", - "type": "object", - "properties": { - "group": { - "type": "string", - "description": "A URI referencing one of the instance groups listed in the backend service." - } - } - }, - "Route": { - "id": "Route", - "type": "object", - "description": "Represents a Route resource. A route specifies how certain packets should be handled by the network. Routes are associated with instances by tags and the set of routes for a particular instance is called its routing table.\n\nFor each packet leaving an instance, the system searches that instance's routing table for a single best matching route. Routes match packets by destination IP address, preferring smaller or more specific ranges over larger ones. If there is a tie, the system selects the route with the smallest priority value. If there is still a tie, it uses the layer three and four packet headers to select just one of the remaining matching routes. The packet is then forwarded as specified by the nextHop field of the winning route - either to another instance destination, an instance gateway, or a Google Compute Engine-operated gateway.\n\nPackets that do not match any route in the sending instance's routing table are dropped. (== resource_for beta.routes ==) (== resource_for v1.routes ==)", - "properties": { - "creationTimestamp": { - "type": "string", - "description": "[Output Only] Creation timestamp in RFC3339 text format." - }, - "description": { - "type": "string", - "description": "An optional description of this resource. Provide this property when you create the resource." - }, - "destRange": { - "type": "string", - "description": "The destination range of outgoing packets that this route applies to. Only IPv4 is supported.", - "annotations": { - "required": [ - "compute.routes.insert" - ] - } - }, - "id": { - "type": "string", - "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", - "format": "uint64" - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of this resource. Always compute#routes for Route resources.", - "default": "compute#route" - }, - "name": { - "type": "string", - "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "annotations": { - "required": [ - "compute.routes.insert" - ] - } - }, - "network": { - "type": "string", - "description": "Fully-qualified URL of the network that this route applies to.", - "annotations": { - "required": [ - "compute.routes.insert" - ] - } - }, - "nextHopGateway": { - "type": "string", - "description": "The URL to a gateway that should handle matching packets. You can only specify the internet gateway using a full or partial valid URL: projects/\u003cproject-id\u003e/global/gateways/default-internet-gateway" - }, - "nextHopInstance": { - "type": "string", - "description": "The URL to an instance that should handle matching packets. You can specify this as a full or partial URL. For example:\nhttps://www.googleapis.com/compute/v1/projects/project/zones/zone/instances/" - }, - "nextHopIp": { - "type": "string", - "description": "The network IP address of an instance that should handle matching packets. Only IPv4 is supported." - }, - "nextHopNetwork": { - "type": "string", - "description": "The URL of the local network if it should handle matching packets." - }, - "nextHopPeering": { - "type": "string", - "description": "[Output Only] The network peering name that should handle matching packets, which should conform to RFC1035." - }, - "nextHopVpnTunnel": { - "type": "string", - "description": "The URL to a VpnTunnel that should handle matching packets." - }, - "priority": { - "type": "integer", - "description": "The priority of this route. Priority is used to break ties in cases where there is more than one matching route of equal prefix length. In the case of two routes with equal prefix length, the one with the lowest-numbered priority value wins. Default value is 1000. Valid range is 0 through 65535.", - "format": "uint32", - "annotations": { - "required": [ - "compute.routes.insert" - ] - } - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined fully-qualified URL for this resource." - }, - "tags": { - "type": "array", - "description": "A list of instance tags to which this route applies.", - "items": { - "type": "string" - }, - "annotations": { - "required": [ - "compute.routes.insert" - ] - } - }, - "warnings": { - "type": "array", - "description": "[Output Only] If potential misconfigurations are detected for this route, this field will be populated with warning messages.", - "items": { - "type": "object", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - } - }, - "RouteList": { - "id": "RouteList", - "type": "object", - "description": "Contains a list of Route resources.", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "array", - "description": "A list of Route resources.", - "items": { - "$ref": "Route" - } - }, - "kind": { - "type": "string", - "description": "Type of resource.", - "default": "compute#routeList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "Router": { - "id": "Router", - "type": "object", - "description": "Router resource.", - "properties": { - "bgp": { - "$ref": "RouterBgp", - "description": "BGP information specific to this router." - }, - "bgpPeers": { - "type": "array", - "description": "BGP information that needs to be configured into the routing stack to establish the BGP peering. It must specify peer ASN and either interface name, IP, or peer IP. Please refer to RFC4273.", - "items": { - "$ref": "RouterBgpPeer" - } - }, - "creationTimestamp": { - "type": "string", - "description": "[Output Only] Creation timestamp in RFC3339 text format." - }, - "description": { - "type": "string", - "description": "An optional description of this resource. Provide this property when you create the resource." - }, - "id": { - "type": "string", - "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", - "format": "uint64" - }, - "interfaces": { - "type": "array", - "description": "Router interfaces. Each interface requires either one linked resource (e.g. linkedVpnTunnel), or IP address and IP address range (e.g. ipRange), or both.", - "items": { - "$ref": "RouterInterface" - } - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of resource. Always compute#router for routers.", - "default": "compute#router" - }, - "name": { - "type": "string", - "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "annotations": { - "required": [ - "compute.routers.insert" - ] - } - }, - "network": { - "type": "string", - "description": "URI of the network to which this router belongs.", - "annotations": { - "required": [ - "compute.routers.insert" - ] - } - }, - "region": { - "type": "string", - "description": "[Output Only] URI of the region where the router resides." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for the resource." - } - } - }, - "RouterAggregatedList": { - "id": "RouterAggregatedList", - "type": "object", - "description": "Contains a list of routers.", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "object", - "description": "A list of Router resources.", - "additionalProperties": { - "$ref": "RoutersScopedList", - "description": "Name of the scope containing this set of routers." - } - }, - "kind": { - "type": "string", - "description": "Type of resource.", - "default": "compute#routerAggregatedList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "RouterBgp": { - "id": "RouterBgp", - "type": "object", - "properties": { - "asn": { - "type": "integer", - "description": "Local BGP Autonomous System Number (ASN). Must be an RFC6996 private ASN, either 16-bit or 32-bit. The value will be fixed for this router resource. All VPN tunnels that link to this router will have the same local ASN.", - "format": "uint32" - } - } - }, - "RouterBgpPeer": { - "id": "RouterBgpPeer", - "type": "object", - "properties": { - "advertisedRoutePriority": { - "type": "integer", - "description": "The priority of routes advertised to this BGP peer. In the case where there is more than one matching route of maximum length, the routes with lowest priority value win.", - "format": "uint32" - }, - "interfaceName": { - "type": "string", - "description": "Name of the interface the BGP peer is associated with." - }, - "ipAddress": { - "type": "string", - "description": "IP address of the interface inside Google Cloud Platform. Only IPv4 is supported." - }, - "name": { - "type": "string", - "description": "Name of this BGP peer. The name must be 1-63 characters long and comply with RFC1035.", - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?" - }, - "peerAsn": { - "type": "integer", - "description": "Peer BGP Autonomous System Number (ASN). For VPN use case, this value can be different for every tunnel.", - "format": "uint32" - }, - "peerIpAddress": { - "type": "string", - "description": "IP address of the BGP interface outside Google cloud. Only IPv4 is supported." - } - } - }, - "RouterInterface": { - "id": "RouterInterface", - "type": "object", - "properties": { - "ipRange": { - "type": "string", - "description": "IP address and range of the interface. The IP range must be in the RFC3927 link-local IP space. The value must be a CIDR-formatted string, for example: 169.254.0.1/30. NOTE: Do not truncate the address as it represents the IP address of the interface." - }, - "linkedInterconnectAttachment": { - "type": "string", - "description": "URI of the linked interconnect attachment. It must be in the same region as the router. Each interface can have at most one linked resource and it could either be a VPN Tunnel or an interconnect attachment." - }, - "linkedVpnTunnel": { - "type": "string", - "description": "URI of the linked VPN tunnel. It must be in the same region as the router. Each interface can have at most one linked resource and it could either be a VPN Tunnel or an interconnect attachment." - }, - "name": { - "type": "string", - "description": "Name of this interface entry. The name must be 1-63 characters long and comply with RFC1035.", - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?" - } - } - }, - "RouterList": { - "id": "RouterList", - "type": "object", - "description": "Contains a list of Router resources.", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "array", - "description": "A list of Router resources.", - "items": { - "$ref": "Router" - } - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of resource. Always compute#router for routers.", - "default": "compute#routerList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "RouterStatus": { - "id": "RouterStatus", - "type": "object", - "properties": { - "bestRoutes": { - "type": "array", - "description": "Best routes for this router's network.", - "items": { - "$ref": "Route" - } - }, - "bestRoutesForRouter": { - "type": "array", - "description": "Best routes learned by this router.", - "items": { - "$ref": "Route" - } - }, - "bgpPeerStatus": { - "type": "array", - "items": { - "$ref": "RouterStatusBgpPeerStatus" - } - }, - "network": { - "type": "string", - "description": "URI of the network to which this router belongs." - } - } - }, - "RouterStatusBgpPeerStatus": { - "id": "RouterStatusBgpPeerStatus", - "type": "object", - "properties": { - "advertisedRoutes": { - "type": "array", - "description": "Routes that were advertised to the remote BGP peer", - "items": { - "$ref": "Route" - } - }, - "ipAddress": { - "type": "string", - "description": "IP address of the local BGP interface." - }, - "linkedVpnTunnel": { - "type": "string", - "description": "URL of the VPN tunnel that this BGP peer controls." - }, - "name": { - "type": "string", - "description": "Name of this BGP peer. Unique within the Routers resource." - }, - "numLearnedRoutes": { - "type": "integer", - "description": "Number of routes learned from the remote BGP Peer.", - "format": "uint32" - }, - "peerIpAddress": { - "type": "string", - "description": "IP address of the remote BGP interface." - }, - "state": { - "type": "string", - "description": "BGP state as specified in RFC1771." - }, - "status": { - "type": "string", - "description": "Status of the BGP peer: {UP, DOWN}", - "enum": [ - "DOWN", - "UNKNOWN", - "UP" - ], - "enumDescriptions": [ - "", - "", - "" - ] - }, - "uptime": { - "type": "string", - "description": "Time this session has been up. Format: 14 years, 51 weeks, 6 days, 23 hours, 59 minutes, 59 seconds" - }, - "uptimeSeconds": { - "type": "string", - "description": "Time this session has been up, in seconds. Format: 145" - } - } - }, - "RouterStatusResponse": { - "id": "RouterStatusResponse", - "type": "object", - "properties": { - "kind": { - "type": "string", - "description": "Type of resource.", - "default": "compute#routerStatusResponse" - }, - "result": { - "$ref": "RouterStatus" - } - } - }, - "RoutersPreviewResponse": { - "id": "RoutersPreviewResponse", - "type": "object", - "properties": { - "resource": { - "$ref": "Router", - "description": "Preview of given router." - } - } - }, - "RoutersScopedList": { - "id": "RoutersScopedList", - "type": "object", - "properties": { - "routers": { - "type": "array", - "description": "List of routers contained in this scope.", - "items": { - "$ref": "Router" - } - }, - "warning": { - "type": "object", - "description": "Informational warning which replaces the list of routers when the list is empty.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "SSLHealthCheck": { - "id": "SSLHealthCheck", - "type": "object", - "properties": { - "port": { - "type": "integer", - "description": "The TCP port number for the health check request. The default value is 443. Valid values are 1 through 65535.", - "format": "int32" - }, - "portName": { - "type": "string", - "description": "Port name as defined in InstanceGroup#NamedPort#name. If both port and port_name are defined, port takes precedence." - }, - "proxyHeader": { - "type": "string", - "description": "Specifies the type of proxy header to append before sending data to the backend, either NONE or PROXY_V1. The default is NONE.", - "enum": [ - "NONE", - "PROXY_V1" - ], - "enumDescriptions": [ - "", - "" - ] - }, - "request": { - "type": "string", - "description": "The application data to send once the SSL connection has been established (default value is empty). If both request and response are empty, the connection establishment alone will indicate health. The request data can only be ASCII." - }, - "response": { - "type": "string", - "description": "The bytes to match against the beginning of the response data. If left empty (the default value), any response will indicate health. The response data can only be ASCII." - } - } - }, - "Scheduling": { - "id": "Scheduling", - "type": "object", - "description": "Sets the scheduling options for an Instance.", - "properties": { - "automaticRestart": { - "type": "boolean", - "description": "Specifies whether the instance should be automatically restarted if it is terminated by Compute Engine (not terminated by a user). You can only set the automatic restart option for standard instances. Preemptible instances cannot be automatically restarted.\n\nBy default, this is set to true so an instance is automatically restarted if it is terminated by Compute Engine." - }, - "onHostMaintenance": { - "type": "string", - "description": "Defines the maintenance behavior for this instance. For standard instances, the default behavior is MIGRATE. For preemptible instances, the default and only possible behavior is TERMINATE. For more information, see Setting Instance Scheduling Options.", - "enum": [ - "MIGRATE", - "TERMINATE" - ], - "enumDescriptions": [ - "", - "" - ] - }, - "preemptible": { - "type": "boolean", - "description": "Defines whether the instance is preemptible. This can only be set during instance creation, it cannot be set or changed after the instance has been created." - } - } - }, - "SerialPortOutput": { - "id": "SerialPortOutput", - "type": "object", - "description": "An instance's serial console output.", - "properties": { - "contents": { - "type": "string", - "description": "[Output Only] The contents of the console output." - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of the resource. Always compute#serialPortOutput for serial port output.", - "default": "compute#serialPortOutput" - }, - "next": { - "type": "string", - "description": "[Output Only] The position of the next byte of content from the serial console output. Use this value in the next request as the start parameter.", - "format": "int64" - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "start": { - "type": "string", - "description": "The starting byte position of the output that was returned. This should match the start parameter sent with the request. If the serial console output exceeds the size of the buffer, older output will be overwritten by newer content and the start values will be mismatched.", - "format": "int64" - } - } - }, - "ServiceAccount": { - "id": "ServiceAccount", - "type": "object", - "description": "A service account.", - "properties": { - "email": { - "type": "string", - "description": "Email address of the service account." - }, - "scopes": { - "type": "array", - "description": "The list of scopes to be made available for this service account.", - "items": { - "type": "string" - } - } - } - }, - "Snapshot": { - "id": "Snapshot", - "type": "object", - "description": "A persistent disk snapshot resource. (== resource_for beta.snapshots ==) (== resource_for v1.snapshots ==)", - "properties": { - "creationTimestamp": { - "type": "string", - "description": "[Output Only] Creation timestamp in RFC3339 text format." - }, - "description": { - "type": "string", - "description": "An optional description of this resource. Provide this property when you create the resource." - }, - "diskSizeGb": { - "type": "string", - "description": "[Output Only] Size of the snapshot, specified in GB.", - "format": "int64" - }, - "id": { - "type": "string", - "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", - "format": "uint64" - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of the resource. Always compute#snapshot for Snapshot resources.", - "default": "compute#snapshot" - }, - "labelFingerprint": { - "type": "string", - "description": "A fingerprint for the labels being applied to this snapshot, which is essentially a hash of the labels set used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash in order to update or change labels.\n\nTo see the latest fingerprint, make a get() request to retrieve a snapshot.", - "format": "byte" - }, - "labels": { - "type": "object", - "description": "Labels to apply to this snapshot. These can be later modified by the setLabels method. Label values may be empty.", - "additionalProperties": { - "type": "string" - } }, "licenses": { - "type": "array", - "description": "[Output Only] A list of public visible licenses that apply to this snapshot. This can be because the original image had licenses attached (such as a Windows image).", - "items": { - "type": "string" - } - }, - "name": { - "type": "string", - "description": "Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?" - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for the resource." - }, - "snapshotEncryptionKey": { - "$ref": "CustomerEncryptionKey", - "description": "Encrypts the snapshot using a customer-supplied encryption key.\n\nAfter you encrypt a snapshot using a customer-supplied key, you must provide the same key if you use the image later For example, you must provide the encryption key when you create a disk from the encrypted snapshot in a future request.\n\nCustomer-supplied encryption keys do not protect access to metadata of the disk.\n\nIf you do not provide an encryption key when creating the snapshot, then the snapshot will be encrypted using an automatically generated key and you do not need to provide a key to use the snapshot later." - }, - "sourceDisk": { - "type": "string", - "description": "[Output Only] The source disk used to create this snapshot." - }, - "sourceDiskEncryptionKey": { - "$ref": "CustomerEncryptionKey", - "description": "The customer-supplied encryption key of the source disk. Required if the source disk is protected by a customer-supplied encryption key." - }, - "sourceDiskId": { - "type": "string", - "description": "[Output Only] The ID value of the disk used to create this snapshot. This value may be used to determine whether the snapshot was taken from the current or a previous instance of a given disk name." - }, - "status": { - "type": "string", - "description": "[Output Only] The status of the snapshot. This can be CREATING, DELETING, FAILED, READY, or UPLOADING.", - "enum": [ - "CREATING", - "DELETING", - "FAILED", - "READY", - "UPLOADING" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "" - ] - }, - "storageBytes": { - "type": "string", - "description": "[Output Only] A size of the storage used by the snapshot. As snapshots share storage, this number is expected to change with snapshot creation/deletion.", - "format": "int64" - }, - "storageBytesStatus": { - "type": "string", - "description": "[Output Only] An indicator whether storageBytes is in a stable state or it is being adjusted as a result of shared storage reallocation. This status can either be UPDATING, meaning the size of the snapshot is being updated, or UP_TO_DATE, meaning the size of the snapshot is up-to-date.", - "enum": [ - "UPDATING", - "UP_TO_DATE" - ], - "enumDescriptions": [ - "", - "" - ] - } - } - }, - "SnapshotList": { - "id": "SnapshotList", - "type": "object", - "description": "Contains a list of Snapshot resources.", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "array", - "description": "A list of Snapshot resources.", - "items": { - "$ref": "Snapshot" - } - }, - "kind": { - "type": "string", - "description": "Type of resource.", - "default": "compute#snapshotList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "SslCertificate": { - "id": "SslCertificate", - "type": "object", - "description": "An SslCertificate resource. This resource provides a mechanism to upload an SSL key and certificate to the load balancer to serve secure connections from the user. (== resource_for beta.sslCertificates ==) (== resource_for v1.sslCertificates ==)", - "properties": { - "certificate": { - "type": "string", - "description": "A local certificate file. The certificate must be in PEM format. The certificate chain must be no greater than 5 certs long. The chain must include at least one intermediate cert." - }, - "creationTimestamp": { - "type": "string", - "description": "[Output Only] Creation timestamp in RFC3339 text format." - }, - "description": { - "type": "string", - "description": "An optional description of this resource. Provide this property when you create the resource." - }, - "id": { - "type": "string", - "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", - "format": "uint64" - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of the resource. Always compute#sslCertificate for SSL certificates.", - "default": "compute#sslCertificate" - }, - "name": { - "type": "string", - "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?" - }, - "privateKey": { - "type": "string", - "description": "A write-only private key in PEM format. Only insert requests will include this field." - }, - "selfLink": { - "type": "string", - "description": "[Output only] Server-defined URL for the resource." - } - } - }, - "SslCertificateList": { - "id": "SslCertificateList", - "type": "object", - "description": "Contains a list of SslCertificate resources.", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "array", - "description": "A list of SslCertificate resources.", - "items": { - "$ref": "SslCertificate" - } - }, - "kind": { - "type": "string", - "description": "Type of resource.", - "default": "compute#sslCertificateList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "Subnetwork": { - "id": "Subnetwork", - "type": "object", - "description": "A Subnetwork resource. (== resource_for beta.subnetworks ==) (== resource_for v1.subnetworks ==)", - "properties": { - "creationTimestamp": { - "type": "string", - "description": "[Output Only] Creation timestamp in RFC3339 text format." - }, - "description": { - "type": "string", - "description": "An optional description of this resource. Provide this property when you create the resource. This field can be set only at resource creation time." - }, - "gatewayAddress": { - "type": "string", - "description": "[Output Only] The gateway address for default routes to reach destination addresses outside this subnetwork. This field can be set only at resource creation time." - }, - "id": { - "type": "string", - "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", - "format": "uint64" - }, - "ipCidrRange": { - "type": "string", - "description": "The range of internal addresses that are owned by this subnetwork. Provide this property when you create the subnetwork. For example, 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and non-overlapping within a network. Only IPv4 is supported. This field can be set only at resource creation time." - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of the resource. Always compute#subnetwork for Subnetwork resources.", - "default": "compute#subnetwork" - }, - "name": { - "type": "string", - "description": "The name of the resource, provided by the client when initially creating the resource. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?" - }, - "network": { - "type": "string", - "description": "The URL of the network to which this subnetwork belongs, provided by the client when initially creating the subnetwork. Only networks that are in the distributed mode can have subnetworks. This field can be set only at resource creation time." - }, - "privateIpGoogleAccess": { - "type": "boolean", - "description": "Whether the VMs in this subnet can access Google services without assigned external IP addresses. This field can be both set at resource creation time and updated using setPrivateIpGoogleAccess." - }, - "region": { - "type": "string", - "description": "URL of the region where the Subnetwork resides. This field can be set only at resource creation time." - }, - "secondaryIpRanges": { - "type": "array", - "description": "An array of configurations for secondary IP ranges for VM instances contained in this subnetwork. The primary IP of such VM must belong to the primary ipCidrRange of the subnetwork. The alias IPs may belong to either primary or secondary ranges.", - "items": { - "$ref": "SubnetworkSecondaryRange" - } - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for the resource." - } - } - }, - "SubnetworkAggregatedList": { - "id": "SubnetworkAggregatedList", - "type": "object", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "object", - "description": "A list of SubnetworksScopedList resources.", - "additionalProperties": { - "$ref": "SubnetworksScopedList", - "description": "Name of the scope containing this set of Subnetworks." - } - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of resource. Always compute#subnetworkAggregatedList for aggregated lists of subnetworks.", - "default": "compute#subnetworkAggregatedList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "SubnetworkList": { - "id": "SubnetworkList", - "type": "object", - "description": "Contains a list of Subnetwork resources.", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "array", - "description": "A list of Subnetwork resources.", - "items": { - "$ref": "Subnetwork" - } - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of resource. Always compute#subnetworkList for lists of subnetworks.", - "default": "compute#subnetworkList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "SubnetworkSecondaryRange": { - "id": "SubnetworkSecondaryRange", - "type": "object", - "description": "Represents a secondary IP range of a subnetwork.", - "properties": { - "ipCidrRange": { - "type": "string", - "description": "The range of IP addresses belonging to this subnetwork secondary range. Provide this property when you create the subnetwork. Ranges must be unique and non-overlapping with all primary and secondary IP ranges within a network. Only IPv4 is supported." - }, - "rangeName": { - "type": "string", - "description": "The name associated with this subnetwork secondary range, used when adding an alias IP range to a VM instance. The name must be 1-63 characters long, and comply with RFC1035. The name must be unique within the subnetwork." - } - } - }, - "SubnetworksExpandIpCidrRangeRequest": { - "id": "SubnetworksExpandIpCidrRangeRequest", - "type": "object", - "properties": { - "ipCidrRange": { - "type": "string", - "description": "The IP (in CIDR format or netmask) of internal addresses that are legal on this Subnetwork. This range should be disjoint from other subnetworks within this network. This range can only be larger than (i.e. a superset of) the range previously defined before the update." - } - } - }, - "SubnetworksScopedList": { - "id": "SubnetworksScopedList", - "type": "object", - "properties": { - "subnetworks": { - "type": "array", - "description": "List of subnetworks contained in this scope.", - "items": { - "$ref": "Subnetwork" - } - }, - "warning": { - "type": "object", - "description": "An informational warning that appears when the list of addresses is empty.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "SubnetworksSetPrivateIpGoogleAccessRequest": { - "id": "SubnetworksSetPrivateIpGoogleAccessRequest", - "type": "object", - "properties": { - "privateIpGoogleAccess": { - "type": "boolean" - } - } - }, - "TCPHealthCheck": { - "id": "TCPHealthCheck", - "type": "object", - "properties": { - "port": { - "type": "integer", - "description": "The TCP port number for the health check request. The default value is 80. Valid values are 1 through 65535.", - "format": "int32" - }, - "portName": { - "type": "string", - "description": "Port name as defined in InstanceGroup#NamedPort#name. If both port and port_name are defined, port takes precedence." - }, - "proxyHeader": { - "type": "string", - "description": "Specifies the type of proxy header to append before sending data to the backend, either NONE or PROXY_V1. The default is NONE.", - "enum": [ - "NONE", - "PROXY_V1" - ], - "enumDescriptions": [ - "", - "" - ] - }, - "request": { - "type": "string", - "description": "The application data to send once the TCP connection has been established (default value is empty). If both request and response are empty, the connection establishment alone will indicate health. The request data can only be ASCII." - }, - "response": { - "type": "string", - "description": "The bytes to match against the beginning of the response data. If left empty (the default value), any response will indicate health. The response data can only be ASCII." - } - } - }, - "Tags": { - "id": "Tags", - "type": "object", - "description": "A set of instance tags.", - "properties": { - "fingerprint": { - "type": "string", - "description": "Specifies a fingerprint for this request, which is essentially a hash of the metadata's contents and used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update metadata. You must always provide an up-to-date fingerprint hash in order to update or change metadata.\n\nTo see the latest fingerprint, make get() request to the instance.", - "format": "byte" - }, - "items": { - "type": "array", - "description": "An array of tags. Each tag must be 1-63 characters long, and comply with RFC1035.", - "items": { - "type": "string" - } - } - } - }, - "TargetHttpProxy": { - "id": "TargetHttpProxy", - "type": "object", - "description": "A TargetHttpProxy resource. This resource defines an HTTP proxy. (== resource_for beta.targetHttpProxies ==) (== resource_for v1.targetHttpProxies ==)", - "properties": { - "creationTimestamp": { - "type": "string", - "description": "[Output Only] Creation timestamp in RFC3339 text format." - }, - "description": { - "type": "string", - "description": "An optional description of this resource. Provide this property when you create the resource." - }, - "id": { - "type": "string", - "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", - "format": "uint64" - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of resource. Always compute#targetHttpProxy for target HTTP proxies.", - "default": "compute#targetHttpProxy" - }, - "name": { - "type": "string", - "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?" - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for the resource." - }, - "urlMap": { - "type": "string", - "description": "URL to the UrlMap resource that defines the mapping from URL to the BackendService." - } - } - }, - "TargetHttpProxyList": { - "id": "TargetHttpProxyList", - "type": "object", - "description": "A list of TargetHttpProxy resources.", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "array", - "description": "A list of TargetHttpProxy resources.", - "items": { - "$ref": "TargetHttpProxy" - } - }, - "kind": { - "type": "string", - "description": "Type of resource. Always compute#targetHttpProxyList for lists of target HTTP proxies.", - "default": "compute#targetHttpProxyList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "TargetHttpsProxiesSetSslCertificatesRequest": { - "id": "TargetHttpsProxiesSetSslCertificatesRequest", - "type": "object", - "properties": { - "sslCertificates": { - "type": "array", - "description": "New set of SslCertificate resources to associate with this TargetHttpsProxy resource. Currently exactly one SslCertificate resource must be specified.", - "items": { - "type": "string" - } - } - } - }, - "TargetHttpsProxy": { - "id": "TargetHttpsProxy", - "type": "object", - "description": "A TargetHttpsProxy resource. This resource defines an HTTPS proxy. (== resource_for beta.targetHttpsProxies ==) (== resource_for v1.targetHttpsProxies ==)", - "properties": { - "creationTimestamp": { - "type": "string", - "description": "[Output Only] Creation timestamp in RFC3339 text format." - }, - "description": { - "type": "string", - "description": "An optional description of this resource. Provide this property when you create the resource." - }, - "id": { - "type": "string", - "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", - "format": "uint64" - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of resource. Always compute#targetHttpsProxy for target HTTPS proxies.", - "default": "compute#targetHttpsProxy" - }, - "name": { - "type": "string", - "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?" - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for the resource." - }, - "sslCertificates": { - "type": "array", - "description": "URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. Currently, exactly one SSL certificate must be specified.", - "items": { - "type": "string" - } - }, - "urlMap": { - "type": "string", - "description": "A fully-qualified or valid partial URL to the UrlMap resource that defines the mapping from URL to the BackendService. For example, the following are all valid URLs for specifying a URL map: \n- https://www.googleapis.compute/v1/projects/project/global/urlMaps/url-map \n- projects/project/global/urlMaps/url-map \n- global/urlMaps/url-map" - } - } - }, - "TargetHttpsProxyList": { - "id": "TargetHttpsProxyList", - "type": "object", - "description": "Contains a list of TargetHttpsProxy resources.", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "array", - "description": "A list of TargetHttpsProxy resources.", - "items": { - "$ref": "TargetHttpsProxy" - } - }, - "kind": { - "type": "string", - "description": "Type of resource. Always compute#targetHttpsProxyList for lists of target HTTPS proxies.", - "default": "compute#targetHttpsProxyList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "TargetInstance": { - "id": "TargetInstance", - "type": "object", - "description": "A TargetInstance resource. This resource defines an endpoint instance that terminates traffic of certain protocols. (== resource_for beta.targetInstances ==) (== resource_for v1.targetInstances ==)", - "properties": { - "creationTimestamp": { - "type": "string", - "description": "[Output Only] Creation timestamp in RFC3339 text format." - }, - "description": { - "type": "string", - "description": "An optional description of this resource. Provide this property when you create the resource." - }, - "id": { - "type": "string", - "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", - "format": "uint64" - }, - "instance": { - "type": "string", - "description": "A URL to the virtual machine instance that handles traffic for this target instance. When creating a target instance, you can provide the fully-qualified URL or a valid partial URL to the desired virtual machine. For example, the following are all valid URLs: \n- https://www.googleapis.com/compute/v1/projects/project/zones/zone/instances/instance \n- projects/project/zones/zone/instances/instance \n- zones/zone/instances/instance" - }, - "kind": { - "type": "string", - "description": "[Output Only] The type of the resource. Always compute#targetInstance for target instances.", - "default": "compute#targetInstance" - }, - "name": { - "type": "string", - "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?" - }, - "natPolicy": { - "type": "string", - "description": "NAT option controlling how IPs are NAT'ed to the instance. Currently only NO_NAT (default value) is supported.", - "enum": [ - "NO_NAT" - ], - "enumDescriptions": [ - "" - ] - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for the resource." - }, - "zone": { - "type": "string", - "description": "[Output Only] URL of the zone where the target instance resides." - } - } - }, - "TargetInstanceAggregatedList": { - "id": "TargetInstanceAggregatedList", - "type": "object", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "object", - "description": "A list of TargetInstance resources.", - "additionalProperties": { - "$ref": "TargetInstancesScopedList", - "description": "Name of the scope containing this set of target instances." - } - }, - "kind": { - "type": "string", - "description": "Type of resource.", - "default": "compute#targetInstanceAggregatedList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "TargetInstanceList": { - "id": "TargetInstanceList", - "type": "object", - "description": "Contains a list of TargetInstance resources.", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "array", - "description": "A list of TargetInstance resources.", - "items": { - "$ref": "TargetInstance" - } - }, - "kind": { - "type": "string", - "description": "Type of resource.", - "default": "compute#targetInstanceList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "TargetInstancesScopedList": { - "id": "TargetInstancesScopedList", - "type": "object", - "properties": { - "targetInstances": { - "type": "array", - "description": "List of target instances contained in this scope.", - "items": { - "$ref": "TargetInstance" - } - }, - "warning": { - "type": "object", - "description": "Informational warning which replaces the list of addresses when the list is empty.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "TargetPool": { - "id": "TargetPool", - "type": "object", - "description": "A TargetPool resource. This resource defines a pool of instances, an associated HttpHealthCheck resource, and the fallback target pool. (== resource_for beta.targetPools ==) (== resource_for v1.targetPools ==)", - "properties": { - "backupPool": { - "type": "string", - "description": "This field is applicable only when the containing target pool is serving a forwarding rule as the primary pool, and its failoverRatio field is properly set to a value between [0, 1].\n\nbackupPool and failoverRatio together define the fallback behavior of the primary target pool: if the ratio of the healthy instances in the primary pool is at or below failoverRatio, traffic arriving at the load-balanced IP will be directed to the backup pool.\n\nIn case where failoverRatio and backupPool are not set, or all the instances in the backup pool are unhealthy, the traffic will be directed back to the primary pool in the \"force\" mode, where traffic will be spread to the healthy instances with the best effort, or to all instances when no instance is healthy." - }, - "creationTimestamp": { - "type": "string", - "description": "[Output Only] Creation timestamp in RFC3339 text format." - }, - "description": { - "type": "string", - "description": "An optional description of this resource. Provide this property when you create the resource." - }, - "failoverRatio": { - "type": "number", - "description": "This field is applicable only when the containing target pool is serving a forwarding rule as the primary pool (i.e., not as a backup pool to some other target pool). The value of the field must be in [0, 1].\n\nIf set, backupPool must also be set. They together define the fallback behavior of the primary target pool: if the ratio of the healthy instances in the primary pool is at or below this number, traffic arriving at the load-balanced IP will be directed to the backup pool.\n\nIn case where failoverRatio is not set or all the instances in the backup pool are unhealthy, the traffic will be directed back to the primary pool in the \"force\" mode, where traffic will be spread to the healthy instances with the best effort, or to all instances when no instance is healthy.", - "format": "float" - }, - "healthChecks": { - "type": "array", - "description": "The URL of the HttpHealthCheck resource. A member instance in this pool is considered healthy if and only if the health checks pass. An empty list means all member instances will be considered healthy at all times. Only HttpHealthChecks are supported. Only one health check may be specified.", - "items": { - "type": "string" - } - }, - "id": { - "type": "string", - "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", - "format": "uint64" - }, - "instances": { - "type": "array", - "description": "A list of resource URLs to the virtual machine instances serving this pool. They must live in zones contained in the same region as this pool.", - "items": { - "type": "string" - } - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of the resource. Always compute#targetPool for target pools.", - "default": "compute#targetPool" - }, - "name": { - "type": "string", - "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?" - }, - "region": { - "type": "string", - "description": "[Output Only] URL of the region where the target pool resides." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for the resource." - }, - "sessionAffinity": { - "type": "string", - "description": "Sesssion affinity option, must be one of the following values:\nNONE: Connections from the same client IP may go to any instance in the pool.\nCLIENT_IP: Connections from the same client IP will go to the same instance in the pool while that instance remains healthy.\nCLIENT_IP_PROTO: Connections from the same client IP with the same IP protocol will go to the same instance in the pool while that instance remains healthy.", - "enum": [ - "CLIENT_IP", - "CLIENT_IP_PORT_PROTO", - "CLIENT_IP_PROTO", - "GENERATED_COOKIE", - "NONE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "" - ] - } - } - }, - "TargetPoolAggregatedList": { - "id": "TargetPoolAggregatedList", - "type": "object", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "object", - "description": "A list of TargetPool resources.", - "additionalProperties": { - "$ref": "TargetPoolsScopedList", - "description": "Name of the scope containing this set of target pools." - } - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of resource. Always compute#targetPoolAggregatedList for aggregated lists of target pools.", - "default": "compute#targetPoolAggregatedList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "TargetPoolInstanceHealth": { - "id": "TargetPoolInstanceHealth", - "type": "object", - "properties": { - "healthStatus": { - "type": "array", - "items": { - "$ref": "HealthStatus" - } - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of resource. Always compute#targetPoolInstanceHealth when checking the health of an instance.", - "default": "compute#targetPoolInstanceHealth" - } - } - }, - "TargetPoolList": { - "id": "TargetPoolList", - "type": "object", - "description": "Contains a list of TargetPool resources.", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "array", - "description": "A list of TargetPool resources.", - "items": { - "$ref": "TargetPool" - } - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of resource. Always compute#targetPoolList for lists of target pools.", - "default": "compute#targetPoolList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "TargetPoolsAddHealthCheckRequest": { - "id": "TargetPoolsAddHealthCheckRequest", - "type": "object", - "properties": { - "healthChecks": { - "type": "array", - "description": "The HttpHealthCheck to add to the target pool.", - "items": { - "$ref": "HealthCheckReference" - } - } - } - }, - "TargetPoolsAddInstanceRequest": { - "id": "TargetPoolsAddInstanceRequest", - "type": "object", - "properties": { - "instances": { - "type": "array", - "description": "A full or partial URL to an instance to add to this target pool. This can be a full or partial URL. For example, the following are valid URLs: \n- https://www.googleapis.com/compute/v1/projects/project-id/zones/zone/instances/instance-name \n- projects/project-id/zones/zone/instances/instance-name \n- zones/zone/instances/instance-name", - "items": { - "$ref": "InstanceReference" - } - } - } - }, - "TargetPoolsRemoveHealthCheckRequest": { - "id": "TargetPoolsRemoveHealthCheckRequest", - "type": "object", - "properties": { - "healthChecks": { - "type": "array", - "description": "Health check URL to be removed. This can be a full or valid partial URL. For example, the following are valid URLs: \n- https://www.googleapis.com/compute/beta/projects/project/global/httpHealthChecks/health-check \n- projects/project/global/httpHealthChecks/health-check \n- global/httpHealthChecks/health-check", - "items": { - "$ref": "HealthCheckReference" - } - } - } - }, - "TargetPoolsRemoveInstanceRequest": { - "id": "TargetPoolsRemoveInstanceRequest", - "type": "object", - "properties": { - "instances": { - "type": "array", - "description": "URLs of the instances to be removed from target pool.", - "items": { - "$ref": "InstanceReference" - } - } - } - }, - "TargetPoolsScopedList": { - "id": "TargetPoolsScopedList", - "type": "object", - "properties": { - "targetPools": { - "type": "array", - "description": "List of target pools contained in this scope.", - "items": { - "$ref": "TargetPool" - } - }, - "warning": { - "type": "object", - "description": "Informational warning which replaces the list of addresses when the list is empty.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "TargetReference": { - "id": "TargetReference", - "type": "object", - "properties": { - "target": { - "type": "string" - } - } - }, - "TargetSslProxiesSetBackendServiceRequest": { - "id": "TargetSslProxiesSetBackendServiceRequest", - "type": "object", - "properties": { - "service": { - "type": "string", - "description": "The URL of the new BackendService resource for the targetSslProxy." - } - } - }, - "TargetSslProxiesSetProxyHeaderRequest": { - "id": "TargetSslProxiesSetProxyHeaderRequest", - "type": "object", - "properties": { - "proxyHeader": { - "type": "string", - "description": "The new type of proxy header to append before sending data to the backend. NONE or PROXY_V1 are allowed.", - "enum": [ - "NONE", - "PROXY_V1" - ], - "enumDescriptions": [ - "", - "" - ] - } - } - }, - "TargetSslProxiesSetSslCertificatesRequest": { - "id": "TargetSslProxiesSetSslCertificatesRequest", - "type": "object", - "properties": { - "sslCertificates": { - "type": "array", - "description": "New set of URLs to SslCertificate resources to associate with this TargetSslProxy. Currently exactly one ssl certificate must be specified.", - "items": { - "type": "string" - } - } - } - }, - "TargetSslProxy": { - "id": "TargetSslProxy", - "type": "object", - "description": "A TargetSslProxy resource. This resource defines an SSL proxy. (== resource_for beta.targetSslProxies ==) (== resource_for v1.targetSslProxies ==)", - "properties": { - "creationTimestamp": { - "type": "string", - "description": "[Output Only] Creation timestamp in RFC3339 text format." - }, - "description": { - "type": "string", - "description": "An optional description of this resource. Provide this property when you create the resource." - }, - "id": { - "type": "string", - "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", - "format": "uint64" - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of the resource. Always compute#targetSslProxy for target SSL proxies.", - "default": "compute#targetSslProxy" - }, - "name": { - "type": "string", - "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?" - }, - "proxyHeader": { - "type": "string", - "description": "Specifies the type of proxy header to append before sending data to the backend, either NONE or PROXY_V1. The default is NONE.", - "enum": [ - "NONE", - "PROXY_V1" - ], - "enumDescriptions": [ - "", - "" - ] - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for the resource." - }, - "service": { - "type": "string", - "description": "URL to the BackendService resource." - }, - "sslCertificates": { - "type": "array", - "description": "URLs to SslCertificate resources that are used to authenticate connections to Backends. Currently exactly one SSL certificate must be specified.", - "items": { - "type": "string" - } - } - } - }, - "TargetSslProxyList": { - "id": "TargetSslProxyList", - "type": "object", - "description": "Contains a list of TargetSslProxy resources.", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "array", - "description": "A list of TargetSslProxy resources.", - "items": { - "$ref": "TargetSslProxy" - } - }, - "kind": { - "type": "string", - "description": "Type of resource.", - "default": "compute#targetSslProxyList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "TargetTcpProxiesSetBackendServiceRequest": { - "id": "TargetTcpProxiesSetBackendServiceRequest", - "type": "object", - "properties": { - "service": { - "type": "string", - "description": "The URL of the new BackendService resource for the targetTcpProxy." - } - } - }, - "TargetTcpProxiesSetProxyHeaderRequest": { - "id": "TargetTcpProxiesSetProxyHeaderRequest", - "type": "object", - "properties": { - "proxyHeader": { - "type": "string", - "description": "The new type of proxy header to append before sending data to the backend. NONE or PROXY_V1 are allowed.", - "enum": [ - "NONE", - "PROXY_V1" - ], - "enumDescriptions": [ - "", - "" - ] - } - } - }, - "TargetTcpProxy": { - "id": "TargetTcpProxy", - "type": "object", - "description": "A TargetTcpProxy resource. This resource defines a TCP proxy. (== resource_for beta.targetTcpProxies ==) (== resource_for v1.targetTcpProxies ==)", - "properties": { - "creationTimestamp": { - "type": "string", - "description": "[Output Only] Creation timestamp in RFC3339 text format." - }, - "description": { - "type": "string", - "description": "An optional description of this resource. Provide this property when you create the resource." - }, - "id": { - "type": "string", - "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", - "format": "uint64" - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of the resource. Always compute#targetTcpProxy for target TCP proxies.", - "default": "compute#targetTcpProxy" - }, - "name": { - "type": "string", - "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?" - }, - "proxyHeader": { - "type": "string", - "description": "Specifies the type of proxy header to append before sending data to the backend, either NONE or PROXY_V1. The default is NONE.", - "enum": [ - "NONE", - "PROXY_V1" - ], - "enumDescriptions": [ - "", - "" - ] - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for the resource." - }, - "service": { - "type": "string", - "description": "URL to the BackendService resource." - } - } - }, - "TargetTcpProxyList": { - "id": "TargetTcpProxyList", - "type": "object", - "description": "Contains a list of TargetTcpProxy resources.", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "array", - "description": "A list of TargetTcpProxy resources.", - "items": { - "$ref": "TargetTcpProxy" - } - }, - "kind": { - "type": "string", - "description": "Type of resource.", - "default": "compute#targetTcpProxyList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "TargetVpnGateway": { - "id": "TargetVpnGateway", - "type": "object", - "description": "Represents a Target VPN gateway resource. (== resource_for beta.targetVpnGateways ==) (== resource_for v1.targetVpnGateways ==)", - "properties": { - "creationTimestamp": { - "type": "string", - "description": "[Output Only] Creation timestamp in RFC3339 text format." - }, - "description": { - "type": "string", - "description": "An optional description of this resource. Provide this property when you create the resource." - }, - "forwardingRules": { - "type": "array", - "description": "[Output Only] A list of URLs to the ForwardingRule resources. ForwardingRules are created using compute.forwardingRules.insert and associated to a VPN gateway.", - "items": { - "type": "string" - } - }, - "id": { - "type": "string", - "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", - "format": "uint64" - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of resource. Always compute#targetVpnGateway for target VPN gateways.", - "default": "compute#targetVpnGateway" - }, - "name": { - "type": "string", - "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "annotations": { - "required": [ - "compute.targetVpnGateways.insert" - ] - } - }, - "network": { - "type": "string", - "description": "URL of the network to which this VPN gateway is attached. Provided by the client when the VPN gateway is created.", - "annotations": { - "required": [ - "compute.targetVpnGateways.insert" - ] - } - }, - "region": { - "type": "string", - "description": "[Output Only] URL of the region where the target VPN gateway resides." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for the resource." - }, - "status": { - "type": "string", - "description": "[Output Only] The status of the VPN gateway.", - "enum": [ - "CREATING", - "DELETING", - "FAILED", - "READY" - ], - "enumDescriptions": [ - "", - "", - "", - "" - ] - }, - "tunnels": { - "type": "array", - "description": "[Output Only] A list of URLs to VpnTunnel resources. VpnTunnels are created using compute.vpntunnels.insert method and associated to a VPN gateway.", - "items": { - "type": "string" - } - } - } - }, - "TargetVpnGatewayAggregatedList": { - "id": "TargetVpnGatewayAggregatedList", - "type": "object", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "object", - "description": "A list of TargetVpnGateway resources.", - "additionalProperties": { - "$ref": "TargetVpnGatewaysScopedList", - "description": "[Output Only] Name of the scope containing this set of target VPN gateways." - } - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of resource. Always compute#targetVpnGateway for target VPN gateways.", - "default": "compute#targetVpnGatewayAggregatedList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "TargetVpnGatewayList": { - "id": "TargetVpnGatewayList", - "type": "object", - "description": "Contains a list of TargetVpnGateway resources.", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "array", - "description": "A list of TargetVpnGateway resources.", - "items": { - "$ref": "TargetVpnGateway" - } - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of resource. Always compute#targetVpnGateway for target VPN gateways.", - "default": "compute#targetVpnGatewayList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "TargetVpnGatewaysScopedList": { - "id": "TargetVpnGatewaysScopedList", - "type": "object", - "properties": { - "targetVpnGateways": { - "type": "array", - "description": "[Output Only] List of target vpn gateways contained in this scope.", - "items": { - "$ref": "TargetVpnGateway" - } - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning which replaces the list of addresses when the list is empty.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "TestFailure": { - "id": "TestFailure", - "type": "object", - "properties": { - "actualService": { - "type": "string" - }, - "expectedService": { - "type": "string" - }, - "host": { - "type": "string" - }, - "path": { - "type": "string" - } - } - }, - "UrlMap": { - "id": "UrlMap", - "type": "object", - "description": "A UrlMap resource. This resource defines the mapping from URL to the BackendService resource, based on the \"longest-match\" of the URL's host and path.", - "properties": { - "creationTimestamp": { - "type": "string", - "description": "[Output Only] Creation timestamp in RFC3339 text format." - }, - "defaultService": { - "type": "string", - "description": "The URL of the BackendService resource if none of the hostRules match." - }, - "description": { - "type": "string", - "description": "An optional description of this resource. Provide this property when you create the resource." - }, - "fingerprint": { - "type": "string", - "description": "Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. This field will be ignored when inserting a UrlMap. An up-to-date fingerprint must be provided in order to update the UrlMap.", - "format": "byte" - }, - "hostRules": { - "type": "array", - "description": "The list of HostRules to use against the URL.", - "items": { - "$ref": "HostRule" - } - }, - "id": { - "type": "string", - "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", - "format": "uint64" - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of the resource. Always compute#urlMaps for url maps.", - "default": "compute#urlMap" - }, - "name": { - "type": "string", - "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?" - }, - "pathMatchers": { - "type": "array", - "description": "The list of named PathMatchers to use against the URL.", - "items": { - "$ref": "PathMatcher" - } - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for the resource." - }, - "tests": { - "type": "array", - "description": "The list of expected URL mappings. Request to update this UrlMap will succeed only if all of the test cases pass.", - "items": { - "$ref": "UrlMapTest" - } - } - } - }, - "UrlMapList": { - "id": "UrlMapList", - "type": "object", - "description": "Contains a list of UrlMap resources.", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "array", - "description": "A list of UrlMap resources.", - "items": { - "$ref": "UrlMap" - } - }, - "kind": { - "type": "string", - "description": "Type of resource.", - "default": "compute#urlMapList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "UrlMapReference": { - "id": "UrlMapReference", - "type": "object", - "properties": { - "urlMap": { - "type": "string" - } - } - }, - "UrlMapTest": { - "id": "UrlMapTest", - "type": "object", - "description": "Message for the expected URL mappings.", - "properties": { - "description": { - "type": "string", - "description": "Description of this test case." - }, - "host": { - "type": "string", - "description": "Host portion of the URL." - }, - "path": { - "type": "string", - "description": "Path portion of the URL." - }, - "service": { - "type": "string", - "description": "Expected BackendService resource the given URL should be mapped to." - } - } - }, - "UrlMapValidationResult": { - "id": "UrlMapValidationResult", - "type": "object", - "description": "Message representing the validation result for a UrlMap.", - "properties": { - "loadErrors": { - "type": "array", - "items": { - "type": "string" - } - }, - "loadSucceeded": { - "type": "boolean", - "description": "Whether the given UrlMap can be successfully loaded. If false, 'loadErrors' indicates the reasons." - }, - "testFailures": { - "type": "array", - "items": { - "$ref": "TestFailure" - } - }, - "testPassed": { - "type": "boolean", - "description": "If successfully loaded, this field indicates whether the test passed. If false, 'testFailures's indicate the reason of failure." - } - } - }, - "UrlMapsValidateRequest": { - "id": "UrlMapsValidateRequest", - "type": "object", - "properties": { - "resource": { - "$ref": "UrlMap", - "description": "Content of the UrlMap to be validated." - } - } - }, - "UrlMapsValidateResponse": { - "id": "UrlMapsValidateResponse", - "type": "object", - "properties": { - "result": { - "$ref": "UrlMapValidationResult" - } - } - }, - "UsageExportLocation": { - "id": "UsageExportLocation", - "type": "object", - "description": "The location in Cloud Storage and naming method of the daily usage report. Contains bucket_name and report_name prefix.", - "properties": { - "bucketName": { - "type": "string", - "description": "The name of an existing bucket in Cloud Storage where the usage report object is stored. The Google Service Account is granted write access to this bucket. This can either be the bucket name by itself, such as example-bucket, or the bucket name with gs:// or https://storage.googleapis.com/ in front of it, such as gs://example-bucket." - }, - "reportNamePrefix": { - "type": "string", - "description": "An optional prefix for the name of the usage report object stored in bucketName. If not supplied, defaults to usage. The report is stored as a CSV file named report_name_prefix_gce_YYYYMMDD.csv where YYYYMMDD is the day of the usage according to Pacific Time. If you supply a prefix, it should conform to Cloud Storage object naming conventions." - } - } - }, - "VpnTunnel": { - "id": "VpnTunnel", - "type": "object", - "description": "VPN tunnel resource. (== resource_for beta.vpnTunnels ==) (== resource_for v1.vpnTunnels ==)", - "properties": { - "creationTimestamp": { - "type": "string", - "description": "[Output Only] Creation timestamp in RFC3339 text format." - }, - "description": { - "type": "string", - "description": "An optional description of this resource. Provide this property when you create the resource." - }, - "detailedStatus": { - "type": "string", - "description": "[Output Only] Detailed status message for the VPN tunnel." - }, - "id": { - "type": "string", - "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", - "format": "uint64" - }, - "ikeVersion": { - "type": "integer", - "description": "IKE protocol version to use when establishing the VPN tunnel with peer VPN gateway. Acceptable IKE versions are 1 or 2. Default version is 2.", - "format": "int32" - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of resource. Always compute#vpnTunnel for VPN tunnels.", - "default": "compute#vpnTunnel" - }, - "localTrafficSelector": { - "type": "array", - "description": "Local traffic selector to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example: 192.168.0.0/16. The ranges should be disjoint. Only IPv4 is supported.", - "items": { - "type": "string" - } - }, - "name": { - "type": "string", - "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "annotations": { - "required": [ - "compute.vpnTunnels.insert" - ] - } - }, - "peerIp": { - "type": "string", - "description": "IP address of the peer VPN gateway. Only IPv4 is supported." - }, - "region": { - "type": "string", - "description": "[Output Only] URL of the region where the VPN tunnel resides." - }, - "remoteTrafficSelector": { - "type": "array", - "description": "Remote traffic selectors to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example: 192.168.0.0/16. The ranges should be disjoint. Only IPv4 is supported.", - "items": { - "type": "string" - } - }, - "router": { - "type": "string", - "description": "URL of router resource to be used for dynamic routing." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for the resource." - }, - "sharedSecret": { - "type": "string", - "description": "Shared secret used to set the secure session between the Cloud VPN gateway and the peer VPN gateway." - }, - "sharedSecretHash": { - "type": "string", - "description": "Hash of the shared secret." - }, - "status": { - "type": "string", - "description": "[Output Only] The status of the VPN tunnel.", - "enum": [ - "ALLOCATING_RESOURCES", - "AUTHORIZATION_ERROR", - "DEPROVISIONING", - "ESTABLISHED", - "FAILED", - "FIRST_HANDSHAKE", - "NEGOTIATION_FAILURE", - "NETWORK_ERROR", - "NO_INCOMING_PACKETS", - "PROVISIONING", - "REJECTED", - "WAITING_FOR_FULL_CONFIG" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "targetVpnGateway": { - "type": "string", - "description": "URL of the VPN gateway with which this VPN tunnel is associated. Provided by the client when the VPN tunnel is created.", - "annotations": { - "required": [ - "compute.vpnTunnels.insert" - ] - } - } - } - }, - "VpnTunnelAggregatedList": { - "id": "VpnTunnelAggregatedList", - "type": "object", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "object", - "description": "A list of VpnTunnelsScopedList resources.", - "additionalProperties": { - "$ref": "VpnTunnelsScopedList", - "description": "Name of the scope containing this set of vpn tunnels." - } - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of resource. Always compute#vpnTunnel for VPN tunnels.", - "default": "compute#vpnTunnelAggregatedList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "VpnTunnelList": { - "id": "VpnTunnelList", - "type": "object", - "description": "Contains a list of VpnTunnel resources.", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "array", - "description": "A list of VpnTunnel resources.", - "items": { - "$ref": "VpnTunnel" - } - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of resource. Always compute#vpnTunnel for VPN tunnels.", - "default": "compute#vpnTunnelList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "VpnTunnelsScopedList": { - "id": "VpnTunnelsScopedList", - "type": "object", - "properties": { - "vpnTunnels": { - "type": "array", - "description": "List of vpn tunnels contained in this scope.", - "items": { - "$ref": "VpnTunnel" - } - }, - "warning": { - "type": "object", - "description": "Informational warning which replaces the list of addresses when the list is empty.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "XpnHostList": { - "id": "XpnHostList", - "type": "object", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "array", - "description": "[Output Only] A list of shared VPC host project URLs.", - "items": { - "$ref": "Project" - } - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of resource. Always compute#xpnHostList for lists of shared VPC hosts.", - "default": "compute#xpnHostList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "XpnResourceId": { - "id": "XpnResourceId", - "type": "object", - "description": "Service resource (a.k.a service project) ID.", - "properties": { - "id": { - "type": "string", - "description": "The ID of the service resource. In the case of projects, this field matches the project ID (e.g., my-project), not the project number (e.g., 12345678)." - }, - "type": { - "type": "string", - "description": "The type of the service resource.", - "enum": [ - "PROJECT", - "XPN_RESOURCE_TYPE_UNSPECIFIED" - ], - "enumDescriptions": [ - "", - "" - ] - } - } - }, - "Zone": { - "id": "Zone", - "type": "object", - "description": "A Zone resource. (== resource_for beta.zones ==) (== resource_for v1.zones ==)", - "properties": { - "availableCpuPlatforms": { - "type": "array", - "description": "[Output Only] Available cpu/platform selections for the zone.", - "items": { - "type": "string" - } - }, - "creationTimestamp": { - "type": "string", - "description": "[Output Only] Creation timestamp in RFC3339 text format." - }, - "deprecated": { - "$ref": "DeprecationStatus", - "description": "[Output Only] The deprecation status associated with this zone." - }, - "description": { - "type": "string", - "description": "[Output Only] Textual description of the resource." - }, - "id": { - "type": "string", - "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", - "format": "uint64" - }, - "kind": { - "type": "string", - "description": "[Output Only] Type of the resource. Always compute#zone for zones.", - "default": "compute#zone" - }, - "name": { - "type": "string", - "description": "[Output Only] Name of the resource." - }, - "region": { - "type": "string", - "description": "[Output Only] Full URL reference to the region which hosts the zone." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for the resource." - }, - "status": { - "type": "string", - "description": "[Output Only] Status of the zone, either UP or DOWN.", - "enum": [ - "DOWN", - "UP" - ], - "enumDescriptions": [ - "", - "" - ] - } - } - }, - "ZoneList": { - "id": "ZoneList", - "type": "object", - "description": "Contains a list of zone resources.", - "properties": { - "id": { - "type": "string", - "description": "[Output Only] Unique identifier for the resource; defined by the server." - }, - "items": { - "type": "array", - "description": "A list of Zone resources.", - "items": { - "$ref": "Zone" - } - }, - "kind": { - "type": "string", - "description": "Type of resource.", - "default": "compute#zoneList" - }, - "nextPageToken": { - "type": "string", - "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results." - }, - "selfLink": { - "type": "string", - "description": "[Output Only] Server-defined URL for this resource." - }, - "warning": { - "type": "object", - "description": "[Output Only] Informational warning message.", - "properties": { - "code": { - "type": "string", - "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", - "enum": [ - "CLEANUP_FAILED", - "DEPRECATED_RESOURCE_USED", - "DEPRECATED_TYPE_USED", - "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", - "EXPERIMENTAL_TYPE_USED", - "EXTERNAL_API_WARNING", - "FIELD_VALUE_OVERRIDEN", - "INJECTED_KERNELS_DEPRECATED", - "MISSING_TYPE_DEPENDENCY", - "NEXT_HOP_ADDRESS_NOT_ASSIGNED", - "NEXT_HOP_CANNOT_IP_FORWARD", - "NEXT_HOP_INSTANCE_NOT_FOUND", - "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", - "NEXT_HOP_NOT_RUNNING", - "NOT_CRITICAL_ERROR", - "NO_RESULTS_ON_PAGE", - "REQUIRED_TOS_AGREEMENT", - "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", - "RESOURCE_NOT_DELETED", - "SCHEMA_VALIDATION_IGNORED", - "SINGLE_INSTANCE_PROPERTY_TEMPLATE", - "UNDECLARED_PROPERTIES", - "UNREACHABLE" - ], - "enumDescriptions": [ - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "", - "" - ] - }, - "data": { - "type": "array", - "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding)." - }, - "value": { - "type": "string", - "description": "[Output Only] A warning data value corresponding to the key." - } - } - } - }, - "message": { - "type": "string", - "description": "[Output Only] A human-readable description of the warning code." - } - } - } - } - }, - "ZoneSetLabelsRequest": { - "id": "ZoneSetLabelsRequest", - "type": "object", - "properties": { - "labelFingerprint": { - "type": "string", - "description": "The fingerprint of the previous set of labels for this resource, used to detect conflicts. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash in order to update or change labels. Make a get() request to the resource to get the latest fingerprint.", - "format": "byte" - }, - "labels": { - "type": "object", - "description": "The labels to set for this resource.", - "additionalProperties": { - "type": "string" - } - } - } - } - }, - "resources": { - "acceleratorTypes": { - "methods": { - "aggregatedList": { - "id": "compute.acceleratorTypes.aggregatedList", - "path": "{project}/aggregated/acceleratorTypes", - "httpMethod": "GET", - "description": "Retrieves an aggregated list of accelerator types.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" - }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "AcceleratorTypeAggregatedList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "get": { - "id": "compute.acceleratorTypes.get", - "path": "{project}/zones/{zone}/acceleratorTypes/{acceleratorType}", - "httpMethod": "GET", - "description": "Returns the specified accelerator type. Get a list of available accelerator types by making a list() request.", - "parameters": { - "acceleratorType": { - "type": "string", - "description": "Name of the accelerator type to return.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "zone": { - "type": "string", - "description": "The name of the zone for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "acceleratorType" - ], - "response": { - "$ref": "AcceleratorType" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "list": { - "id": "compute.acceleratorTypes.list", - "path": "{project}/zones/{zone}/acceleratorTypes", - "httpMethod": "GET", - "description": "Retrieves a list of accelerator types available to the specified project.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" - }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "zone": { - "type": "string", - "description": "The name of the zone for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone" - ], - "response": { - "$ref": "AcceleratorTypeList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - } - } - }, - "addresses": { - "methods": { - "aggregatedList": { - "id": "compute.addresses.aggregatedList", - "path": "{project}/aggregated/addresses", - "httpMethod": "GET", - "description": "Retrieves an aggregated list of addresses.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" - }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "AddressAggregatedList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "delete": { - "id": "compute.addresses.delete", - "path": "{project}/regions/{region}/addresses/{address}", - "httpMethod": "DELETE", - "description": "Deletes the specified address resource.", - "parameters": { - "address": { - "type": "string", - "description": "Name of the address resource to delete.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "region": { - "type": "string", - "description": "Name of the region for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project", - "region", - "address" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "get": { - "id": "compute.addresses.get", - "path": "{project}/regions/{region}/addresses/{address}", - "httpMethod": "GET", - "description": "Returns the specified address resource.", - "parameters": { - "address": { - "type": "string", - "description": "Name of the address resource to return.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "region": { - "type": "string", - "description": "Name of the region for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "region", - "address" - ], - "response": { - "$ref": "Address" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "insert": { - "id": "compute.addresses.insert", - "path": "{project}/regions/{region}/addresses", - "httpMethod": "POST", - "description": "Creates an address resource in the specified project using the data included in the request.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "region": { - "type": "string", - "description": "Name of the region for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project", - "region" - ], - "request": { - "$ref": "Address" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "list": { - "id": "compute.addresses.list", - "path": "{project}/regions/{region}/addresses", - "httpMethod": "GET", - "description": "Retrieves a list of addresses contained within the specified region.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" - }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "region": { - "type": "string", - "description": "Name of the region for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "region" - ], - "response": { - "$ref": "AddressList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - } - } - }, - "autoscalers": { - "methods": { - "aggregatedList": { - "id": "compute.autoscalers.aggregatedList", - "path": "{project}/aggregated/autoscalers", - "httpMethod": "GET", - "description": "Retrieves an aggregated list of autoscalers.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" - }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "AutoscalerAggregatedList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "delete": { - "id": "compute.autoscalers.delete", - "path": "{project}/zones/{zone}/autoscalers/{autoscaler}", - "httpMethod": "DELETE", - "description": "Deletes the specified autoscaler.", - "parameters": { - "autoscaler": { - "type": "string", - "description": "Name of the autoscaler to delete.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - }, - "zone": { - "type": "string", - "description": "Name of the zone for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "autoscaler" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "get": { - "id": "compute.autoscalers.get", - "path": "{project}/zones/{zone}/autoscalers/{autoscaler}", - "httpMethod": "GET", - "description": "Returns the specified autoscaler resource. Get a list of available autoscalers by making a list() request.", - "parameters": { - "autoscaler": { - "type": "string", - "description": "Name of the autoscaler to return.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "zone": { - "type": "string", - "description": "Name of the zone for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "autoscaler" - ], - "response": { - "$ref": "Autoscaler" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "insert": { - "id": "compute.autoscalers.insert", - "path": "{project}/zones/{zone}/autoscalers", - "httpMethod": "POST", - "description": "Creates an autoscaler in the specified project using the data included in the request.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - }, - "zone": { - "type": "string", - "description": "Name of the zone for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone" - ], - "request": { - "$ref": "Autoscaler" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "list": { - "id": "compute.autoscalers.list", - "path": "{project}/zones/{zone}/autoscalers", - "httpMethod": "GET", - "description": "Retrieves a list of autoscalers contained within the specified zone.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" - }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "zone": { - "type": "string", - "description": "Name of the zone for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone" - ], - "response": { - "$ref": "AutoscalerList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "patch": { - "id": "compute.autoscalers.patch", - "path": "{project}/zones/{zone}/autoscalers", - "httpMethod": "PATCH", - "description": "Updates an autoscaler in the specified project using the data included in the request. This method supports PATCH semantics and uses the JSON merge patch format and processing rules.", - "parameters": { - "autoscaler": { - "type": "string", - "description": "Name of the autoscaler to patch.", - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - }, - "zone": { - "type": "string", - "description": "Name of the zone for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone" - ], - "request": { - "$ref": "Autoscaler" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "update": { - "id": "compute.autoscalers.update", - "path": "{project}/zones/{zone}/autoscalers", - "httpMethod": "PUT", - "description": "Updates an autoscaler in the specified project using the data included in the request.", - "parameters": { - "autoscaler": { - "type": "string", - "description": "Name of the autoscaler to update.", - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - }, - "zone": { - "type": "string", - "description": "Name of the zone for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone" - ], - "request": { - "$ref": "Autoscaler" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - } - } - }, - "backendBuckets": { - "methods": { - "delete": { - "id": "compute.backendBuckets.delete", - "path": "{project}/global/backendBuckets/{backendBucket}", - "httpMethod": "DELETE", - "description": "Deletes the specified BackendBucket resource.", - "parameters": { - "backendBucket": { - "type": "string", - "description": "Name of the BackendBucket resource to delete.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project", - "backendBucket" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "get": { - "id": "compute.backendBuckets.get", - "path": "{project}/global/backendBuckets/{backendBucket}", - "httpMethod": "GET", - "description": "Returns the specified BackendBucket resource. Get a list of available backend buckets by making a list() request.", - "parameters": { - "backendBucket": { - "type": "string", - "description": "Name of the BackendBucket resource to return.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "backendBucket" - ], - "response": { - "$ref": "BackendBucket" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "insert": { - "id": "compute.backendBuckets.insert", - "path": "{project}/global/backendBuckets", - "httpMethod": "POST", - "description": "Creates a BackendBucket resource in the specified project using the data included in the request.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project" - ], - "request": { - "$ref": "BackendBucket" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "list": { - "id": "compute.backendBuckets.list", - "path": "{project}/global/backendBuckets", - "httpMethod": "GET", - "description": "Retrieves the list of BackendBucket resources available to the specified project.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" - }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "BackendBucketList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "patch": { - "id": "compute.backendBuckets.patch", - "path": "{project}/global/backendBuckets/{backendBucket}", - "httpMethod": "PATCH", - "description": "Updates the specified BackendBucket resource with the data included in the request. This method supports PATCH semantics and uses the JSON merge patch format and processing rules.", - "parameters": { - "backendBucket": { - "type": "string", - "description": "Name of the BackendBucket resource to patch.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project", - "backendBucket" - ], - "request": { - "$ref": "BackendBucket" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "update": { - "id": "compute.backendBuckets.update", - "path": "{project}/global/backendBuckets/{backendBucket}", - "httpMethod": "PUT", - "description": "Updates the specified BackendBucket resource with the data included in the request.", - "parameters": { - "backendBucket": { - "type": "string", - "description": "Name of the BackendBucket resource to update.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project", - "backendBucket" - ], - "request": { - "$ref": "BackendBucket" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - } - } - }, - "backendServices": { - "methods": { - "aggregatedList": { - "id": "compute.backendServices.aggregatedList", - "path": "{project}/aggregated/backendServices", - "httpMethod": "GET", - "description": "Retrieves the list of all BackendService resources, regional and global, available to the specified project.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" - }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" - }, - "project": { - "type": "string", - "description": "Name of the project scoping this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "BackendServiceAggregatedList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "delete": { - "id": "compute.backendServices.delete", - "path": "{project}/global/backendServices/{backendService}", - "httpMethod": "DELETE", - "description": "Deletes the specified BackendService resource.", - "parameters": { - "backendService": { - "type": "string", - "description": "Name of the BackendService resource to delete.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project", - "backendService" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "get": { - "id": "compute.backendServices.get", - "path": "{project}/global/backendServices/{backendService}", - "httpMethod": "GET", - "description": "Returns the specified BackendService resource. Get a list of available backend services by making a list() request.", - "parameters": { - "backendService": { - "type": "string", - "description": "Name of the BackendService resource to return.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "backendService" - ], - "response": { - "$ref": "BackendService" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "getHealth": { - "id": "compute.backendServices.getHealth", - "path": "{project}/global/backendServices/{backendService}/getHealth", - "httpMethod": "POST", - "description": "Gets the most recent health check results for this BackendService.", - "parameters": { - "backendService": { - "type": "string", - "description": "Name of the BackendService resource to which the queried instance belongs.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "backendService" - ], - "request": { - "$ref": "ResourceGroupReference" - }, - "response": { - "$ref": "BackendServiceGroupHealth" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "insert": { - "id": "compute.backendServices.insert", - "path": "{project}/global/backendServices", - "httpMethod": "POST", - "description": "Creates a BackendService resource in the specified project using the data included in the request. There are several restrictions and guidelines to keep in mind when creating a backend service. Read Restrictions and Guidelines for more information.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project" - ], - "request": { - "$ref": "BackendService" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "list": { - "id": "compute.backendServices.list", - "path": "{project}/global/backendServices", - "httpMethod": "GET", - "description": "Retrieves the list of BackendService resources available to the specified project.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" - }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "BackendServiceList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "patch": { - "id": "compute.backendServices.patch", - "path": "{project}/global/backendServices/{backendService}", - "httpMethod": "PATCH", - "description": "Patches the specified BackendService resource with the data included in the request. There are several restrictions and guidelines to keep in mind when updating a backend service. Read Restrictions and Guidelines for more information. This method supports PATCH semantics and uses the JSON merge patch format and processing rules.", - "parameters": { - "backendService": { - "type": "string", - "description": "Name of the BackendService resource to patch.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project", - "backendService" - ], - "request": { - "$ref": "BackendService" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "update": { - "id": "compute.backendServices.update", - "path": "{project}/global/backendServices/{backendService}", - "httpMethod": "PUT", - "description": "Updates the specified BackendService resource with the data included in the request. There are several restrictions and guidelines to keep in mind when updating a backend service. Read Restrictions and Guidelines for more information.", - "parameters": { - "backendService": { - "type": "string", - "description": "Name of the BackendService resource to update.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project", - "backendService" - ], - "request": { - "$ref": "BackendService" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - } - } - }, - "diskTypes": { - "methods": { - "aggregatedList": { - "id": "compute.diskTypes.aggregatedList", - "path": "{project}/aggregated/diskTypes", - "httpMethod": "GET", - "description": "Retrieves an aggregated list of disk types.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" - }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "DiskTypeAggregatedList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "get": { - "id": "compute.diskTypes.get", - "path": "{project}/zones/{zone}/diskTypes/{diskType}", - "httpMethod": "GET", - "description": "Returns the specified disk type. Get a list of available disk types by making a list() request.", - "parameters": { - "diskType": { - "type": "string", - "description": "Name of the disk type to return.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "zone": { - "type": "string", - "description": "The name of the zone for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "diskType" - ], - "response": { - "$ref": "DiskType" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "list": { - "id": "compute.diskTypes.list", - "path": "{project}/zones/{zone}/diskTypes", - "httpMethod": "GET", - "description": "Retrieves a list of disk types available to the specified project.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" - }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "zone": { - "type": "string", - "description": "The name of the zone for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone" - ], - "response": { - "$ref": "DiskTypeList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - } - } - }, - "disks": { - "methods": { - "aggregatedList": { - "id": "compute.disks.aggregatedList", - "path": "{project}/aggregated/disks", - "httpMethod": "GET", - "description": "Retrieves an aggregated list of persistent disks.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" - }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "DiskAggregatedList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "createSnapshot": { - "id": "compute.disks.createSnapshot", - "path": "{project}/zones/{zone}/disks/{disk}/createSnapshot", - "httpMethod": "POST", - "description": "Creates a snapshot of a specified persistent disk.", - "parameters": { - "disk": { - "type": "string", - "description": "Name of the persistent disk to snapshot.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "guestFlush": { - "type": "boolean", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - }, - "zone": { - "type": "string", - "description": "The name of the zone for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "disk" - ], - "request": { - "$ref": "Snapshot" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "delete": { - "id": "compute.disks.delete", - "path": "{project}/zones/{zone}/disks/{disk}", - "httpMethod": "DELETE", - "description": "Deletes the specified persistent disk. Deleting a disk removes its data permanently and is irreversible. However, deleting a disk does not delete any snapshots previously made from the disk. You must separately delete snapshots.", - "parameters": { - "disk": { - "type": "string", - "description": "Name of the persistent disk to delete.", - "required": true, - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - }, - "zone": { - "type": "string", - "description": "The name of the zone for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "disk" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "get": { - "id": "compute.disks.get", - "path": "{project}/zones/{zone}/disks/{disk}", - "httpMethod": "GET", - "description": "Returns a specified persistent disk. Get a list of available persistent disks by making a list() request.", - "parameters": { - "disk": { - "type": "string", - "description": "Name of the persistent disk to return.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "zone": { - "type": "string", - "description": "The name of the zone for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "disk" - ], - "response": { - "$ref": "Disk" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "insert": { - "id": "compute.disks.insert", - "path": "{project}/zones/{zone}/disks", - "httpMethod": "POST", - "description": "Creates a persistent disk in the specified project using the data in the request. You can create a disk with a sourceImage, a sourceSnapshot, or create an empty 500 GB data disk by omitting all properties. You can also create a disk that is larger than the default size by specifying the sizeGb property.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - }, - "sourceImage": { - "type": "string", - "description": "Optional. Source image to restore onto a disk.", - "location": "query" - }, - "zone": { - "type": "string", - "description": "The name of the zone for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone" - ], - "request": { - "$ref": "Disk" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "list": { - "id": "compute.disks.list", - "path": "{project}/zones/{zone}/disks", - "httpMethod": "GET", - "description": "Retrieves a list of persistent disks contained within the specified zone.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" - }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "zone": { - "type": "string", - "description": "The name of the zone for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone" - ], - "response": { - "$ref": "DiskList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "resize": { - "id": "compute.disks.resize", - "path": "{project}/zones/{zone}/disks/{disk}/resize", - "httpMethod": "POST", - "description": "Resizes the specified persistent disk. You can only increase the size of the disk.", - "parameters": { - "disk": { - "type": "string", - "description": "The name of the persistent disk.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - }, - "zone": { - "type": "string", - "description": "The name of the zone for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "disk" - ], - "request": { - "$ref": "DisksResizeRequest" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "setLabels": { - "id": "compute.disks.setLabels", - "path": "{project}/zones/{zone}/disks/{resource}/setLabels", - "httpMethod": "POST", - "description": "Sets the labels on a disk. To learn more about labels, read the Labeling Resources documentation.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - }, - "resource": { - "type": "string", - "description": "Name of the resource for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "zone": { - "type": "string", - "description": "The name of the zone for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "resource" - ], - "request": { - "$ref": "ZoneSetLabelsRequest" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - } - } - }, - "firewalls": { - "methods": { - "delete": { - "id": "compute.firewalls.delete", - "path": "{project}/global/firewalls/{firewall}", - "httpMethod": "DELETE", - "description": "Deletes the specified firewall.", - "parameters": { - "firewall": { - "type": "string", - "description": "Name of the firewall rule to delete.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project", - "firewall" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "get": { - "id": "compute.firewalls.get", - "path": "{project}/global/firewalls/{firewall}", - "httpMethod": "GET", - "description": "Returns the specified firewall.", - "parameters": { - "firewall": { - "type": "string", - "description": "Name of the firewall rule to return.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "firewall" - ], - "response": { - "$ref": "Firewall" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "insert": { - "id": "compute.firewalls.insert", - "path": "{project}/global/firewalls", - "httpMethod": "POST", - "description": "Creates a firewall rule in the specified project using the data included in the request.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project" - ], - "request": { - "$ref": "Firewall" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "list": { - "id": "compute.firewalls.list", - "path": "{project}/global/firewalls", - "httpMethod": "GET", - "description": "Retrieves the list of firewall rules available to the specified project.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" - }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "FirewallList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "patch": { - "id": "compute.firewalls.patch", - "path": "{project}/global/firewalls/{firewall}", - "httpMethod": "PATCH", - "description": "Updates the specified firewall rule with the data included in the request. This method supports PATCH semantics and uses the JSON merge patch format and processing rules.", - "parameters": { - "firewall": { - "type": "string", - "description": "Name of the firewall rule to patch.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project", - "firewall" - ], - "request": { - "$ref": "Firewall" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "update": { - "id": "compute.firewalls.update", - "path": "{project}/global/firewalls/{firewall}", - "httpMethod": "PUT", - "description": "Updates the specified firewall rule with the data included in the request. Using PUT method, can only update following fields of firewall rule: allowed, description, sourceRanges, sourceTags, targetTags.", - "parameters": { - "firewall": { - "type": "string", - "description": "Name of the firewall rule to update.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project", - "firewall" - ], - "request": { - "$ref": "Firewall" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - } - } - }, - "forwardingRules": { - "methods": { - "aggregatedList": { - "id": "compute.forwardingRules.aggregatedList", - "path": "{project}/aggregated/forwardingRules", - "httpMethod": "GET", - "description": "Retrieves an aggregated list of forwarding rules.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" - }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "ForwardingRuleAggregatedList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "delete": { - "id": "compute.forwardingRules.delete", - "path": "{project}/regions/{region}/forwardingRules/{forwardingRule}", - "httpMethod": "DELETE", - "description": "Deletes the specified ForwardingRule resource.", - "parameters": { - "forwardingRule": { - "type": "string", - "description": "Name of the ForwardingRule resource to delete.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "region": { - "type": "string", - "description": "Name of the region scoping this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project", - "region", - "forwardingRule" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "get": { - "id": "compute.forwardingRules.get", - "path": "{project}/regions/{region}/forwardingRules/{forwardingRule}", - "httpMethod": "GET", - "description": "Returns the specified ForwardingRule resource.", - "parameters": { - "forwardingRule": { - "type": "string", - "description": "Name of the ForwardingRule resource to return.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "region": { - "type": "string", - "description": "Name of the region scoping this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "region", - "forwardingRule" - ], - "response": { - "$ref": "ForwardingRule" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "insert": { - "id": "compute.forwardingRules.insert", - "path": "{project}/regions/{region}/forwardingRules", - "httpMethod": "POST", - "description": "Creates a ForwardingRule resource in the specified project and region using the data included in the request.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "region": { - "type": "string", - "description": "Name of the region scoping this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project", - "region" - ], - "request": { - "$ref": "ForwardingRule" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "list": { - "id": "compute.forwardingRules.list", - "path": "{project}/regions/{region}/forwardingRules", - "httpMethod": "GET", - "description": "Retrieves a list of ForwardingRule resources available to the specified project and region.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" - }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "region": { - "type": "string", - "description": "Name of the region scoping this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "region" - ], - "response": { - "$ref": "ForwardingRuleList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "setTarget": { - "id": "compute.forwardingRules.setTarget", - "path": "{project}/regions/{region}/forwardingRules/{forwardingRule}/setTarget", - "httpMethod": "POST", - "description": "Changes target URL for forwarding rule. The new target should be of the same type as the old target.", - "parameters": { - "forwardingRule": { - "type": "string", - "description": "Name of the ForwardingRule resource in which target is to be set.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "region": { - "type": "string", - "description": "Name of the region scoping this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project", - "region", - "forwardingRule" - ], - "request": { - "$ref": "TargetReference" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - } - } - }, - "globalAddresses": { - "methods": { - "delete": { - "id": "compute.globalAddresses.delete", - "path": "{project}/global/addresses/{address}", - "httpMethod": "DELETE", - "description": "Deletes the specified address resource.", - "parameters": { - "address": { - "type": "string", - "description": "Name of the address resource to delete.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project", - "address" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "get": { - "id": "compute.globalAddresses.get", - "path": "{project}/global/addresses/{address}", - "httpMethod": "GET", - "description": "Returns the specified address resource. Get a list of available addresses by making a list() request.", - "parameters": { - "address": { - "type": "string", - "description": "Name of the address resource to return.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "address" - ], - "response": { - "$ref": "Address" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "insert": { - "id": "compute.globalAddresses.insert", - "path": "{project}/global/addresses", - "httpMethod": "POST", - "description": "Creates an address resource in the specified project using the data included in the request.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project" - ], - "request": { - "$ref": "Address" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "list": { - "id": "compute.globalAddresses.list", - "path": "{project}/global/addresses", - "httpMethod": "GET", - "description": "Retrieves a list of global addresses.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" - }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "AddressList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - } - } - }, - "globalForwardingRules": { - "methods": { - "delete": { - "id": "compute.globalForwardingRules.delete", - "path": "{project}/global/forwardingRules/{forwardingRule}", - "httpMethod": "DELETE", - "description": "Deletes the specified GlobalForwardingRule resource.", - "parameters": { - "forwardingRule": { - "type": "string", - "description": "Name of the ForwardingRule resource to delete.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project", - "forwardingRule" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "get": { - "id": "compute.globalForwardingRules.get", - "path": "{project}/global/forwardingRules/{forwardingRule}", - "httpMethod": "GET", - "description": "Returns the specified GlobalForwardingRule resource. Get a list of available forwarding rules by making a list() request.", - "parameters": { - "forwardingRule": { - "type": "string", - "description": "Name of the ForwardingRule resource to return.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "forwardingRule" - ], - "response": { - "$ref": "ForwardingRule" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "insert": { - "id": "compute.globalForwardingRules.insert", - "path": "{project}/global/forwardingRules", - "httpMethod": "POST", - "description": "Creates a GlobalForwardingRule resource in the specified project using the data included in the request.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project" - ], - "request": { - "$ref": "ForwardingRule" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "list": { - "id": "compute.globalForwardingRules.list", - "path": "{project}/global/forwardingRules", - "httpMethod": "GET", - "description": "Retrieves a list of GlobalForwardingRule resources available to the specified project.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" - }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "ForwardingRuleList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "setTarget": { - "id": "compute.globalForwardingRules.setTarget", - "path": "{project}/global/forwardingRules/{forwardingRule}/setTarget", - "httpMethod": "POST", - "description": "Changes target URL for the GlobalForwardingRule resource. The new target should be of the same type as the old target.", - "parameters": { - "forwardingRule": { - "type": "string", - "description": "Name of the ForwardingRule resource in which target is to be set.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project", - "forwardingRule" - ], - "request": { - "$ref": "TargetReference" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - } - } - }, - "globalOperations": { - "methods": { - "aggregatedList": { - "id": "compute.globalOperations.aggregatedList", - "path": "{project}/aggregated/operations", - "httpMethod": "GET", - "description": "Retrieves an aggregated list of all operations.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" - }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "OperationAggregatedList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "delete": { - "id": "compute.globalOperations.delete", - "path": "{project}/global/operations/{operation}", - "httpMethod": "DELETE", - "description": "Deletes the specified Operations resource.", - "parameters": { - "operation": { - "type": "string", - "description": "Name of the Operations resource to delete.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "operation" - ], - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "get": { - "id": "compute.globalOperations.get", - "path": "{project}/global/operations/{operation}", - "httpMethod": "GET", - "description": "Retrieves the specified Operations resource. Get a list of operations by making a list() request.", - "parameters": { - "operation": { - "type": "string", - "description": "Name of the Operations resource to return.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "operation" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "list": { - "id": "compute.globalOperations.list", - "path": "{project}/global/operations", - "httpMethod": "GET", - "description": "Retrieves a list of Operation resources contained within the specified project.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" - }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "OperationList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - } - } - }, - "healthChecks": { - "methods": { - "delete": { - "id": "compute.healthChecks.delete", - "path": "{project}/global/healthChecks/{healthCheck}", - "httpMethod": "DELETE", - "description": "Deletes the specified HealthCheck resource.", - "parameters": { - "healthCheck": { - "type": "string", - "description": "Name of the HealthCheck resource to delete.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project", - "healthCheck" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "get": { - "id": "compute.healthChecks.get", - "path": "{project}/global/healthChecks/{healthCheck}", - "httpMethod": "GET", - "description": "Returns the specified HealthCheck resource. Get a list of available health checks by making a list() request.", - "parameters": { - "healthCheck": { - "type": "string", - "description": "Name of the HealthCheck resource to return.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "healthCheck" - ], - "response": { - "$ref": "HealthCheck" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "insert": { - "id": "compute.healthChecks.insert", - "path": "{project}/global/healthChecks", - "httpMethod": "POST", - "description": "Creates a HealthCheck resource in the specified project using the data included in the request.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project" - ], - "request": { - "$ref": "HealthCheck" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "list": { - "id": "compute.healthChecks.list", - "path": "{project}/global/healthChecks", - "httpMethod": "GET", - "description": "Retrieves the list of HealthCheck resources available to the specified project.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" - }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "HealthCheckList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "patch": { - "id": "compute.healthChecks.patch", - "path": "{project}/global/healthChecks/{healthCheck}", - "httpMethod": "PATCH", - "description": "Updates a HealthCheck resource in the specified project using the data included in the request. This method supports PATCH semantics and uses the JSON merge patch format and processing rules.", - "parameters": { - "healthCheck": { - "type": "string", - "description": "Name of the HealthCheck resource to patch.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project", - "healthCheck" - ], - "request": { - "$ref": "HealthCheck" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "update": { - "id": "compute.healthChecks.update", - "path": "{project}/global/healthChecks/{healthCheck}", - "httpMethod": "PUT", - "description": "Updates a HealthCheck resource in the specified project using the data included in the request.", - "parameters": { - "healthCheck": { - "type": "string", - "description": "Name of the HealthCheck resource to update.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project", - "healthCheck" - ], - "request": { - "$ref": "HealthCheck" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - } - } - }, - "httpHealthChecks": { - "methods": { - "delete": { - "id": "compute.httpHealthChecks.delete", - "path": "{project}/global/httpHealthChecks/{httpHealthCheck}", - "httpMethod": "DELETE", - "description": "Deletes the specified HttpHealthCheck resource.", - "parameters": { - "httpHealthCheck": { - "type": "string", - "description": "Name of the HttpHealthCheck resource to delete.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project", - "httpHealthCheck" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "get": { - "id": "compute.httpHealthChecks.get", - "path": "{project}/global/httpHealthChecks/{httpHealthCheck}", - "httpMethod": "GET", - "description": "Returns the specified HttpHealthCheck resource. Get a list of available HTTP health checks by making a list() request.", - "parameters": { - "httpHealthCheck": { - "type": "string", - "description": "Name of the HttpHealthCheck resource to return.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "httpHealthCheck" - ], - "response": { - "$ref": "HttpHealthCheck" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "insert": { - "id": "compute.httpHealthChecks.insert", - "path": "{project}/global/httpHealthChecks", - "httpMethod": "POST", - "description": "Creates a HttpHealthCheck resource in the specified project using the data included in the request.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project" - ], - "request": { - "$ref": "HttpHealthCheck" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "list": { - "id": "compute.httpHealthChecks.list", - "path": "{project}/global/httpHealthChecks", - "httpMethod": "GET", - "description": "Retrieves the list of HttpHealthCheck resources available to the specified project.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" - }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "HttpHealthCheckList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "patch": { - "id": "compute.httpHealthChecks.patch", - "path": "{project}/global/httpHealthChecks/{httpHealthCheck}", - "httpMethod": "PATCH", - "description": "Updates a HttpHealthCheck resource in the specified project using the data included in the request. This method supports PATCH semantics and uses the JSON merge patch format and processing rules.", - "parameters": { - "httpHealthCheck": { - "type": "string", - "description": "Name of the HttpHealthCheck resource to patch.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project", - "httpHealthCheck" - ], - "request": { - "$ref": "HttpHealthCheck" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "update": { - "id": "compute.httpHealthChecks.update", - "path": "{project}/global/httpHealthChecks/{httpHealthCheck}", - "httpMethod": "PUT", - "description": "Updates a HttpHealthCheck resource in the specified project using the data included in the request.", - "parameters": { - "httpHealthCheck": { - "type": "string", - "description": "Name of the HttpHealthCheck resource to update.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project", - "httpHealthCheck" - ], - "request": { - "$ref": "HttpHealthCheck" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - } - } - }, - "httpsHealthChecks": { - "methods": { - "delete": { - "id": "compute.httpsHealthChecks.delete", - "path": "{project}/global/httpsHealthChecks/{httpsHealthCheck}", - "httpMethod": "DELETE", - "description": "Deletes the specified HttpsHealthCheck resource.", - "parameters": { - "httpsHealthCheck": { - "type": "string", - "description": "Name of the HttpsHealthCheck resource to delete.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project", - "httpsHealthCheck" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "get": { - "id": "compute.httpsHealthChecks.get", - "path": "{project}/global/httpsHealthChecks/{httpsHealthCheck}", - "httpMethod": "GET", - "description": "Returns the specified HttpsHealthCheck resource. Get a list of available HTTPS health checks by making a list() request.", - "parameters": { - "httpsHealthCheck": { - "type": "string", - "description": "Name of the HttpsHealthCheck resource to return.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "httpsHealthCheck" - ], - "response": { - "$ref": "HttpsHealthCheck" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "insert": { - "id": "compute.httpsHealthChecks.insert", - "path": "{project}/global/httpsHealthChecks", - "httpMethod": "POST", - "description": "Creates a HttpsHealthCheck resource in the specified project using the data included in the request.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project" - ], - "request": { - "$ref": "HttpsHealthCheck" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "list": { - "id": "compute.httpsHealthChecks.list", - "path": "{project}/global/httpsHealthChecks", - "httpMethod": "GET", - "description": "Retrieves the list of HttpsHealthCheck resources available to the specified project.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" - }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "HttpsHealthCheckList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "patch": { - "id": "compute.httpsHealthChecks.patch", - "path": "{project}/global/httpsHealthChecks/{httpsHealthCheck}", - "httpMethod": "PATCH", - "description": "Updates a HttpsHealthCheck resource in the specified project using the data included in the request. This method supports PATCH semantics and uses the JSON merge patch format and processing rules.", - "parameters": { - "httpsHealthCheck": { - "type": "string", - "description": "Name of the HttpsHealthCheck resource to patch.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project", - "httpsHealthCheck" - ], - "request": { - "$ref": "HttpsHealthCheck" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "update": { - "id": "compute.httpsHealthChecks.update", - "path": "{project}/global/httpsHealthChecks/{httpsHealthCheck}", - "httpMethod": "PUT", - "description": "Updates a HttpsHealthCheck resource in the specified project using the data included in the request.", - "parameters": { - "httpsHealthCheck": { - "type": "string", - "description": "Name of the HttpsHealthCheck resource to update.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project", - "httpsHealthCheck" - ], - "request": { - "$ref": "HttpsHealthCheck" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - } - } - }, - "images": { - "methods": { - "delete": { - "id": "compute.images.delete", - "path": "{project}/global/images/{image}", - "httpMethod": "DELETE", - "description": "Deletes the specified image.", - "parameters": { - "image": { - "type": "string", - "description": "Name of the image resource to delete.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project", - "image" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "deprecate": { - "id": "compute.images.deprecate", - "path": "{project}/global/images/{image}/deprecate", - "httpMethod": "POST", - "description": "Sets the deprecation status of an image.\n\nIf an empty request body is given, clears the deprecation status instead.", - "parameters": { - "image": { - "type": "string", - "description": "Image name.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project", - "image" - ], - "request": { - "$ref": "DeprecationStatus" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "get": { - "id": "compute.images.get", - "path": "{project}/global/images/{image}", - "httpMethod": "GET", - "description": "Returns the specified image. Get a list of available images by making a list() request.", - "parameters": { - "image": { - "type": "string", - "description": "Name of the image resource to return.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "image" - ], - "response": { - "$ref": "Image" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "getFromFamily": { - "id": "compute.images.getFromFamily", - "path": "{project}/global/images/family/{family}", - "httpMethod": "GET", - "description": "Returns the latest image that is part of an image family and is not deprecated.", - "parameters": { - "family": { - "type": "string", - "description": "Name of the image family to search for.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "family" - ], - "response": { - "$ref": "Image" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "insert": { - "id": "compute.images.insert", - "path": "{project}/global/images", - "httpMethod": "POST", - "description": "Creates an image in the specified project using the data included in the request.", - "parameters": { - "forceCreate": { - "type": "boolean", - "description": "Force image creation if true.", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project" - ], - "request": { - "$ref": "Image" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/devstorage.full_control", - "https://www.googleapis.com/auth/devstorage.read_only", - "https://www.googleapis.com/auth/devstorage.read_write" - ] - }, - "list": { - "id": "compute.images.list", - "path": "{project}/global/images", - "httpMethod": "GET", - "description": "Retrieves the list of custom images available to the specified project. Custom images are images you create that belong to your project. This method does not get any images that belong to other projects, including publicly-available images, like Debian 8. If you want to get a list of publicly-available images, use this method to make a request to the respective image project, such as debian-cloud or windows-cloud.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" - }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "ImageList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "setLabels": { - "id": "compute.images.setLabels", - "path": "{project}/global/images/{resource}/setLabels", - "httpMethod": "POST", - "description": "Sets the labels on an image. To learn more about labels, read the Labeling Resources documentation.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "resource": { - "type": "string", - "description": "Name of the resource for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9_]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "resource" - ], - "request": { - "$ref": "GlobalSetLabelsRequest" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - } - } - }, - "instanceGroupManagers": { - "methods": { - "abandonInstances": { - "id": "compute.instanceGroupManagers.abandonInstances", - "path": "{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}/abandonInstances", - "httpMethod": "POST", - "description": "Schedules a group action to remove the specified instances from the managed instance group. Abandoning an instance does not delete the instance, but it does remove the instance from any target pools that are applied by the managed instance group. This method reduces the targetSize of the managed instance group by the number of instances that you abandon. This operation is marked as DONE when the action is scheduled even if the instances have not yet been removed from the group. You must separately verify the status of the abandoning action with the listmanagedinstances method.\n\nIf the group is part of a backend service that has enabled connection draining, it can take up to 60 seconds after the connection draining duration has elapsed before the VM instance is removed or deleted.\n\nYou can specify a maximum of 1000 instances with this method per request.", - "parameters": { - "instanceGroupManager": { - "type": "string", - "description": "The name of the managed instance group.", - "required": true, - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - }, - "zone": { - "type": "string", - "description": "The name of the zone where the managed instance group is located.", - "required": true, - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "instanceGroupManager" - ], - "request": { - "$ref": "InstanceGroupManagersAbandonInstancesRequest" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "aggregatedList": { - "id": "compute.instanceGroupManagers.aggregatedList", - "path": "{project}/aggregated/instanceGroupManagers", - "httpMethod": "GET", - "description": "Retrieves the list of managed instance groups and groups them by zone.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" - }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "InstanceGroupManagerAggregatedList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "delete": { - "id": "compute.instanceGroupManagers.delete", - "path": "{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}", - "httpMethod": "DELETE", - "description": "Deletes the specified managed instance group and all of the instances in that group. Note that the instance group must not belong to a backend service. Read Deleting an instance group for more information.", - "parameters": { - "instanceGroupManager": { - "type": "string", - "description": "The name of the managed instance group to delete.", - "required": true, - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - }, - "zone": { - "type": "string", - "description": "The name of the zone where the managed instance group is located.", - "required": true, - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "instanceGroupManager" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "deleteInstances": { - "id": "compute.instanceGroupManagers.deleteInstances", - "path": "{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}/deleteInstances", - "httpMethod": "POST", - "description": "Schedules a group action to delete the specified instances in the managed instance group. The instances are also removed from any target pools of which they were a member. This method reduces the targetSize of the managed instance group by the number of instances that you delete. This operation is marked as DONE when the action is scheduled even if the instances are still being deleted. You must separately verify the status of the deleting action with the listmanagedinstances method.\n\nIf the group is part of a backend service that has enabled connection draining, it can take up to 60 seconds after the connection draining duration has elapsed before the VM instance is removed or deleted.\n\nYou can specify a maximum of 1000 instances with this method per request.", - "parameters": { - "instanceGroupManager": { - "type": "string", - "description": "The name of the managed instance group.", - "required": true, - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - }, - "zone": { - "type": "string", - "description": "The name of the zone where the managed instance group is located.", - "required": true, - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "instanceGroupManager" - ], - "request": { - "$ref": "InstanceGroupManagersDeleteInstancesRequest" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "get": { - "id": "compute.instanceGroupManagers.get", - "path": "{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}", - "httpMethod": "GET", - "description": "Returns all of the details about the specified managed instance group. Get a list of available managed instance groups by making a list() request.", - "parameters": { - "instanceGroupManager": { - "type": "string", - "description": "The name of the managed instance group.", - "required": true, - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "zone": { - "type": "string", - "description": "The name of the zone where the managed instance group is located.", - "required": true, - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "instanceGroupManager" - ], - "response": { - "$ref": "InstanceGroupManager" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "insert": { - "id": "compute.instanceGroupManagers.insert", - "path": "{project}/zones/{zone}/instanceGroupManagers", - "httpMethod": "POST", - "description": "Creates a managed instance group using the information that you specify in the request. After the group is created, it schedules an action to create instances in the group using the specified instance template. This operation is marked as DONE when the group is created even if the instances in the group have not yet been created. You must separately verify the status of the individual instances with the listmanagedinstances method.\n\nA managed instance group can have up to 1000 VM instances per group. Please contact Cloud Support if you need an increase in this limit.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - }, - "zone": { - "type": "string", - "description": "The name of the zone where you want to create the managed instance group.", - "required": true, - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone" - ], - "request": { - "$ref": "InstanceGroupManager" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "list": { - "id": "compute.instanceGroupManagers.list", - "path": "{project}/zones/{zone}/instanceGroupManagers", - "httpMethod": "GET", - "description": "Retrieves a list of managed instance groups that are contained within the specified project and zone.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" - }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "zone": { - "type": "string", - "description": "The name of the zone where the managed instance group is located.", - "required": true, - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone" - ], - "response": { - "$ref": "InstanceGroupManagerList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "listManagedInstances": { - "id": "compute.instanceGroupManagers.listManagedInstances", - "path": "{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}/listManagedInstances", - "httpMethod": "POST", - "description": "Lists all of the instances in the managed instance group. Each instance in the list has a currentAction, which indicates the action that the managed instance group is performing on the instance. For example, if the group is still creating an instance, the currentAction is CREATING. If a previous action failed, the list displays the errors for that failed action.", - "parameters": { - "filter": { - "type": "string", - "location": "query" - }, - "instanceGroupManager": { - "type": "string", - "description": "The name of the managed instance group.", - "required": true, - "location": "path" - }, - "maxResults": { - "type": "integer", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "order_by": { - "type": "string", - "location": "query" - }, - "pageToken": { - "type": "string", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "zone": { - "type": "string", - "description": "The name of the zone where the managed instance group is located.", - "required": true, - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "instanceGroupManager" - ], - "response": { - "$ref": "InstanceGroupManagersListManagedInstancesResponse" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "recreateInstances": { - "id": "compute.instanceGroupManagers.recreateInstances", - "path": "{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}/recreateInstances", - "httpMethod": "POST", - "description": "Schedules a group action to recreate the specified instances in the managed instance group. The instances are deleted and recreated using the current instance template for the managed instance group. This operation is marked as DONE when the action is scheduled even if the instances have not yet been recreated. You must separately verify the status of the recreating action with the listmanagedinstances method.\n\nIf the group is part of a backend service that has enabled connection draining, it can take up to 60 seconds after the connection draining duration has elapsed before the VM instance is removed or deleted.\n\nYou can specify a maximum of 1000 instances with this method per request.", - "parameters": { - "instanceGroupManager": { - "type": "string", - "description": "The name of the managed instance group.", - "required": true, - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - }, - "zone": { - "type": "string", - "description": "The name of the zone where the managed instance group is located.", - "required": true, - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "instanceGroupManager" - ], - "request": { - "$ref": "InstanceGroupManagersRecreateInstancesRequest" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "resize": { - "id": "compute.instanceGroupManagers.resize", - "path": "{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}/resize", - "httpMethod": "POST", - "description": "Resizes the managed instance group. If you increase the size, the group creates new instances using the current instance template. If you decrease the size, the group deletes instances. The resize operation is marked DONE when the resize actions are scheduled even if the group has not yet added or deleted any instances. You must separately verify the status of the creating or deleting actions with the listmanagedinstances method.\n\nIf the group is part of a backend service that has enabled connection draining, it can take up to 60 seconds after the connection draining duration has elapsed before the VM instance is removed or deleted.", - "parameters": { - "instanceGroupManager": { - "type": "string", - "description": "The name of the managed instance group.", - "required": true, - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - }, - "size": { - "type": "integer", - "description": "The number of running instances that the managed instance group should maintain at any given time. The group automatically adds or removes instances to maintain the number of instances specified by this parameter.", - "required": true, - "format": "int32", - "location": "query" - }, - "zone": { - "type": "string", - "description": "The name of the zone where the managed instance group is located.", - "required": true, - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "instanceGroupManager", - "size" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "setInstanceTemplate": { - "id": "compute.instanceGroupManagers.setInstanceTemplate", - "path": "{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}/setInstanceTemplate", - "httpMethod": "POST", - "description": "Specifies the instance template to use when creating new instances in this group. The templates for existing instances in the group do not change unless you recreate them.", - "parameters": { - "instanceGroupManager": { - "type": "string", - "description": "The name of the managed instance group.", - "required": true, - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - }, - "zone": { - "type": "string", - "description": "The name of the zone where the managed instance group is located.", - "required": true, - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "instanceGroupManager" - ], - "request": { - "$ref": "InstanceGroupManagersSetInstanceTemplateRequest" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "setTargetPools": { - "id": "compute.instanceGroupManagers.setTargetPools", - "path": "{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}/setTargetPools", - "httpMethod": "POST", - "description": "Modifies the target pools to which all instances in this managed instance group are assigned. The target pools automatically apply to all of the instances in the managed instance group. This operation is marked DONE when you make the request even if the instances have not yet been added to their target pools. The change might take some time to apply to all of the instances in the group depending on the size of the group.", - "parameters": { - "instanceGroupManager": { - "type": "string", - "description": "The name of the managed instance group.", - "required": true, - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - }, - "zone": { - "type": "string", - "description": "The name of the zone where the managed instance group is located.", - "required": true, - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "instanceGroupManager" - ], - "request": { - "$ref": "InstanceGroupManagersSetTargetPoolsRequest" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - } - } - }, - "instanceGroups": { - "methods": { - "addInstances": { - "id": "compute.instanceGroups.addInstances", - "path": "{project}/zones/{zone}/instanceGroups/{instanceGroup}/addInstances", - "httpMethod": "POST", - "description": "Adds a list of instances to the specified instance group. All of the instances in the instance group must be in the same network/subnetwork. Read Adding instances for more information.", - "parameters": { - "instanceGroup": { - "type": "string", - "description": "The name of the instance group where you are adding instances.", - "required": true, - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - }, - "zone": { - "type": "string", - "description": "The name of the zone where the instance group is located.", - "required": true, - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "instanceGroup" - ], - "request": { - "$ref": "InstanceGroupsAddInstancesRequest" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "aggregatedList": { - "id": "compute.instanceGroups.aggregatedList", - "path": "{project}/aggregated/instanceGroups", - "httpMethod": "GET", - "description": "Retrieves the list of instance groups and sorts them by zone.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" - }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "InstanceGroupAggregatedList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "delete": { - "id": "compute.instanceGroups.delete", - "path": "{project}/zones/{zone}/instanceGroups/{instanceGroup}", - "httpMethod": "DELETE", - "description": "Deletes the specified instance group. The instances in the group are not deleted. Note that instance group must not belong to a backend service. Read Deleting an instance group for more information.", - "parameters": { - "instanceGroup": { - "type": "string", - "description": "The name of the instance group to delete.", - "required": true, - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - }, - "zone": { - "type": "string", - "description": "The name of the zone where the instance group is located.", - "required": true, - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "instanceGroup" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "get": { - "id": "compute.instanceGroups.get", - "path": "{project}/zones/{zone}/instanceGroups/{instanceGroup}", - "httpMethod": "GET", - "description": "Returns the specified instance group. Get a list of available instance groups by making a list() request.", - "parameters": { - "instanceGroup": { - "type": "string", - "description": "The name of the instance group.", - "required": true, - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "zone": { - "type": "string", - "description": "The name of the zone where the instance group is located.", - "required": true, - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "instanceGroup" - ], - "response": { - "$ref": "InstanceGroup" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "insert": { - "id": "compute.instanceGroups.insert", - "path": "{project}/zones/{zone}/instanceGroups", - "httpMethod": "POST", - "description": "Creates an instance group in the specified project using the parameters that are included in the request.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - }, - "zone": { - "type": "string", - "description": "The name of the zone where you want to create the instance group.", - "required": true, - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone" - ], - "request": { - "$ref": "InstanceGroup" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "list": { - "id": "compute.instanceGroups.list", - "path": "{project}/zones/{zone}/instanceGroups", - "httpMethod": "GET", - "description": "Retrieves the list of instance groups that are located in the specified project and zone.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" - }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "zone": { - "type": "string", - "description": "The name of the zone where the instance group is located.", - "required": true, - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone" - ], - "response": { - "$ref": "InstanceGroupList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "listInstances": { - "id": "compute.instanceGroups.listInstances", - "path": "{project}/zones/{zone}/instanceGroups/{instanceGroup}/listInstances", - "httpMethod": "POST", - "description": "Lists the instances in the specified instance group.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" - }, - "instanceGroup": { - "type": "string", - "description": "The name of the instance group from which you want to generate a list of included instances.", - "required": true, - "location": "path" - }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "zone": { - "type": "string", - "description": "The name of the zone where the instance group is located.", - "required": true, - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "instanceGroup" - ], - "request": { - "$ref": "InstanceGroupsListInstancesRequest" - }, - "response": { - "$ref": "InstanceGroupsListInstances" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "removeInstances": { - "id": "compute.instanceGroups.removeInstances", - "path": "{project}/zones/{zone}/instanceGroups/{instanceGroup}/removeInstances", - "httpMethod": "POST", - "description": "Removes one or more instances from the specified instance group, but does not delete those instances.\n\nIf the group is part of a backend service that has enabled connection draining, it can take up to 60 seconds after the connection draining duration before the VM instance is removed or deleted.", - "parameters": { - "instanceGroup": { - "type": "string", - "description": "The name of the instance group where the specified instances will be removed.", - "required": true, - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - }, - "zone": { - "type": "string", - "description": "The name of the zone where the instance group is located.", - "required": true, - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "instanceGroup" - ], - "request": { - "$ref": "InstanceGroupsRemoveInstancesRequest" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "setNamedPorts": { - "id": "compute.instanceGroups.setNamedPorts", - "path": "{project}/zones/{zone}/instanceGroups/{instanceGroup}/setNamedPorts", - "httpMethod": "POST", - "description": "Sets the named ports for the specified instance group.", - "parameters": { - "instanceGroup": { - "type": "string", - "description": "The name of the instance group where the named ports are updated.", - "required": true, - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - }, - "zone": { - "type": "string", - "description": "The name of the zone where the instance group is located.", - "required": true, - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "instanceGroup" - ], - "request": { - "$ref": "InstanceGroupsSetNamedPortsRequest" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - } - } - }, - "instanceTemplates": { - "methods": { - "delete": { - "id": "compute.instanceTemplates.delete", - "path": "{project}/global/instanceTemplates/{instanceTemplate}", - "httpMethod": "DELETE", - "description": "Deletes the specified instance template. Deleting an instance template is permanent and cannot be undone. It's not possible to delete templates which are in use by an instance group.", - "parameters": { - "instanceTemplate": { - "type": "string", - "description": "The name of the instance template to delete.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project", - "instanceTemplate" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "get": { - "id": "compute.instanceTemplates.get", - "path": "{project}/global/instanceTemplates/{instanceTemplate}", - "httpMethod": "GET", - "description": "Returns the specified instance template. Get a list of available instance templates by making a list() request.", - "parameters": { - "instanceTemplate": { - "type": "string", - "description": "The name of the instance template.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "instanceTemplate" - ], - "response": { - "$ref": "InstanceTemplate" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "insert": { - "id": "compute.instanceTemplates.insert", - "path": "{project}/global/instanceTemplates", - "httpMethod": "POST", - "description": "Creates an instance template in the specified project using the data that is included in the request. If you are creating a new template to update an existing instance group, your new instance template must use the same network or, if applicable, the same subnetwork as the original template.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project" - ], - "request": { - "$ref": "InstanceTemplate" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "list": { - "id": "compute.instanceTemplates.list", - "path": "{project}/global/instanceTemplates", - "httpMethod": "GET", - "description": "Retrieves a list of instance templates that are contained within the specified project and zone.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" - }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "InstanceTemplateList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - } - } - }, - "instances": { - "methods": { - "addAccessConfig": { - "id": "compute.instances.addAccessConfig", - "path": "{project}/zones/{zone}/instances/{instance}/addAccessConfig", - "httpMethod": "POST", - "description": "Adds an access config to an instance's network interface.", - "parameters": { - "instance": { - "type": "string", - "description": "The instance name for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "networkInterface": { - "type": "string", - "description": "The name of the network interface to add to this instance.", - "required": true, - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - }, - "zone": { - "type": "string", - "description": "The name of the zone for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "instance", - "networkInterface" - ], - "request": { - "$ref": "AccessConfig" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "aggregatedList": { - "id": "compute.instances.aggregatedList", - "path": "{project}/aggregated/instances", - "httpMethod": "GET", - "description": "Retrieves aggregated list of instances.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" - }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "InstanceAggregatedList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "attachDisk": { - "id": "compute.instances.attachDisk", - "path": "{project}/zones/{zone}/instances/{instance}/attachDisk", - "httpMethod": "POST", - "description": "Attaches an existing Disk resource to an instance. You must first create the disk before you can attach it. It is not possible to create and attach a disk at the same time. For more information, read Adding a persistent disk to your instance.", - "parameters": { - "instance": { - "type": "string", - "description": "The instance name for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - }, - "zone": { - "type": "string", - "description": "The name of the zone for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "instance" - ], - "request": { - "$ref": "AttachedDisk" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "delete": { - "id": "compute.instances.delete", - "path": "{project}/zones/{zone}/instances/{instance}", - "httpMethod": "DELETE", - "description": "Deletes the specified Instance resource. For more information, see Stopping or Deleting an Instance.", - "parameters": { - "instance": { - "type": "string", - "description": "Name of the instance resource to delete.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - }, - "zone": { - "type": "string", - "description": "The name of the zone for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "instance" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "deleteAccessConfig": { - "id": "compute.instances.deleteAccessConfig", - "path": "{project}/zones/{zone}/instances/{instance}/deleteAccessConfig", - "httpMethod": "POST", - "description": "Deletes an access config from an instance's network interface.", - "parameters": { - "accessConfig": { - "type": "string", - "description": "The name of the access config to delete.", - "required": true, - "location": "query" - }, - "instance": { - "type": "string", - "description": "The instance name for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "networkInterface": { - "type": "string", - "description": "The name of the network interface.", - "required": true, - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - }, - "zone": { - "type": "string", - "description": "The name of the zone for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "instance", - "accessConfig", - "networkInterface" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "detachDisk": { - "id": "compute.instances.detachDisk", - "path": "{project}/zones/{zone}/instances/{instance}/detachDisk", - "httpMethod": "POST", - "description": "Detaches a disk from an instance.", - "parameters": { - "deviceName": { - "type": "string", - "description": "Disk device name to detach.", - "required": true, - "location": "query" - }, - "instance": { - "type": "string", - "description": "Instance name.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - }, - "zone": { - "type": "string", - "description": "The name of the zone for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "instance", - "deviceName" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "get": { - "id": "compute.instances.get", - "path": "{project}/zones/{zone}/instances/{instance}", - "httpMethod": "GET", - "description": "Returns the specified Instance resource. Get a list of available instances by making a list() request.", - "parameters": { - "instance": { - "type": "string", - "description": "Name of the instance resource to return.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "zone": { - "type": "string", - "description": "The name of the zone for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "instance" - ], - "response": { - "$ref": "Instance" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "getSerialPortOutput": { - "id": "compute.instances.getSerialPortOutput", - "path": "{project}/zones/{zone}/instances/{instance}/serialPort", - "httpMethod": "GET", - "description": "Returns the specified instance's serial port output.", - "parameters": { - "instance": { - "type": "string", - "description": "Name of the instance scoping this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "port": { - "type": "integer", - "description": "Specifies which COM or serial port to retrieve data from.", - "default": "1", - "format": "int32", - "minimum": "1", - "maximum": "4", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "start": { - "type": "string", - "description": "Returns output starting from a specific byte position. Use this to page through output when the output is too large to return in a single request. For the initial request, leave this field unspecified. For subsequent calls, this field should be set to the next value returned in the previous call.", - "format": "int64", - "location": "query" - }, - "zone": { - "type": "string", - "description": "The name of the zone for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "instance" - ], - "response": { - "$ref": "SerialPortOutput" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "insert": { - "id": "compute.instances.insert", - "path": "{project}/zones/{zone}/instances", - "httpMethod": "POST", - "description": "Creates an instance resource in the specified project using the data included in the request.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - }, - "zone": { - "type": "string", - "description": "The name of the zone for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone" - ], - "request": { - "$ref": "Instance" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "list": { - "id": "compute.instances.list", - "path": "{project}/zones/{zone}/instances", - "httpMethod": "GET", - "description": "Retrieves the list of instances contained within the specified zone.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" - }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "zone": { - "type": "string", - "description": "The name of the zone for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone" - ], - "response": { - "$ref": "InstanceList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "reset": { - "id": "compute.instances.reset", - "path": "{project}/zones/{zone}/instances/{instance}/reset", - "httpMethod": "POST", - "description": "Performs a reset on the instance. For more information, see Resetting an instance.", - "parameters": { - "instance": { - "type": "string", - "description": "Name of the instance scoping this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - }, - "zone": { - "type": "string", - "description": "The name of the zone for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "instance" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "setDeletionProtection": { - "id": "compute.instances.setDeletionProtection", - "path": "{project}/zones/{zone}/instances/{resource}/setDeletionProtection", - "httpMethod": "POST", - "description": "Sets deletion protection on the instance.", - "parameters": { - "deletionProtection": { - "type": "boolean", - "description": "Whether the resource should be protected against deletion.", - "default": "true", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - }, - "resource": { - "type": "string", - "description": "Name of the resource for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "zone": { - "type": "string", - "description": "The name of the zone for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "resource" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "setDiskAutoDelete": { - "id": "compute.instances.setDiskAutoDelete", - "path": "{project}/zones/{zone}/instances/{instance}/setDiskAutoDelete", - "httpMethod": "POST", - "description": "Sets the auto-delete flag for a disk attached to an instance.", - "parameters": { - "autoDelete": { - "type": "boolean", - "description": "Whether to auto-delete the disk when the instance is deleted.", - "required": true, - "location": "query" - }, - "deviceName": { - "type": "string", - "description": "The device name of the disk to modify.", - "required": true, - "pattern": "\\w[\\w.-]{0,254}", - "location": "query" - }, - "instance": { - "type": "string", - "description": "The instance name.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - }, - "zone": { - "type": "string", - "description": "The name of the zone for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "instance", - "autoDelete", - "deviceName" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "setLabels": { - "id": "compute.instances.setLabels", - "path": "{project}/zones/{zone}/instances/{instance}/setLabels", - "httpMethod": "POST", - "description": "Sets labels on an instance. To learn more about labels, read the Labeling Resources documentation.", - "parameters": { - "instance": { - "type": "string", - "description": "Name of the instance scoping this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - }, - "zone": { - "type": "string", - "description": "The name of the zone for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "instance" - ], - "request": { - "$ref": "InstancesSetLabelsRequest" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "setMachineResources": { - "id": "compute.instances.setMachineResources", - "path": "{project}/zones/{zone}/instances/{instance}/setMachineResources", - "httpMethod": "POST", - "description": "Changes the number and/or type of accelerator for a stopped instance to the values specified in the request.", - "parameters": { - "instance": { - "type": "string", - "description": "Name of the instance scoping this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - }, - "zone": { - "type": "string", - "description": "The name of the zone for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "instance" - ], - "request": { - "$ref": "InstancesSetMachineResourcesRequest" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "setMachineType": { - "id": "compute.instances.setMachineType", - "path": "{project}/zones/{zone}/instances/{instance}/setMachineType", - "httpMethod": "POST", - "description": "Changes the machine type for a stopped instance to the machine type specified in the request.", - "parameters": { - "instance": { - "type": "string", - "description": "Name of the instance scoping this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - }, - "zone": { - "type": "string", - "description": "The name of the zone for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "instance" - ], - "request": { - "$ref": "InstancesSetMachineTypeRequest" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "setMetadata": { - "id": "compute.instances.setMetadata", - "path": "{project}/zones/{zone}/instances/{instance}/setMetadata", - "httpMethod": "POST", - "description": "Sets metadata for the specified instance to the data included in the request.", - "parameters": { - "instance": { - "type": "string", - "description": "Name of the instance scoping this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - }, - "zone": { - "type": "string", - "description": "The name of the zone for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "instance" - ], - "request": { - "$ref": "Metadata" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "setMinCpuPlatform": { - "id": "compute.instances.setMinCpuPlatform", - "path": "{project}/zones/{zone}/instances/{instance}/setMinCpuPlatform", - "httpMethod": "POST", - "description": "Changes the minimum CPU platform that this instance should use. This method can only be called on a stopped instance. For more information, read Specifying a Minimum CPU Platform.", - "parameters": { - "instance": { - "type": "string", - "description": "Name of the instance scoping this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - }, - "zone": { - "type": "string", - "description": "The name of the zone for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "instance" - ], - "request": { - "$ref": "InstancesSetMinCpuPlatformRequest" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "setScheduling": { - "id": "compute.instances.setScheduling", - "path": "{project}/zones/{zone}/instances/{instance}/setScheduling", - "httpMethod": "POST", - "description": "Sets an instance's scheduling options.", - "parameters": { - "instance": { - "type": "string", - "description": "Instance name.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - }, - "zone": { - "type": "string", - "description": "The name of the zone for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "instance" - ], - "request": { - "$ref": "Scheduling" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "setServiceAccount": { - "id": "compute.instances.setServiceAccount", - "path": "{project}/zones/{zone}/instances/{instance}/setServiceAccount", - "httpMethod": "POST", - "description": "Sets the service account on the instance. For more information, read Changing the service account and access scopes for an instance.", - "parameters": { - "instance": { - "type": "string", - "description": "Name of the instance resource to start.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - }, - "zone": { - "type": "string", - "description": "The name of the zone for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "instance" - ], - "request": { - "$ref": "InstancesSetServiceAccountRequest" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "setTags": { - "id": "compute.instances.setTags", - "path": "{project}/zones/{zone}/instances/{instance}/setTags", - "httpMethod": "POST", - "description": "Sets tags for the specified instance to the data included in the request.", - "parameters": { - "instance": { - "type": "string", - "description": "Name of the instance scoping this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - }, - "zone": { - "type": "string", - "description": "The name of the zone for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "instance" - ], - "request": { - "$ref": "Tags" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "start": { - "id": "compute.instances.start", - "path": "{project}/zones/{zone}/instances/{instance}/start", - "httpMethod": "POST", - "description": "Starts an instance that was stopped using the using the instances().stop method. For more information, see Restart an instance.", - "parameters": { - "instance": { - "type": "string", - "description": "Name of the instance resource to start.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - }, - "zone": { - "type": "string", - "description": "The name of the zone for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "instance" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "startWithEncryptionKey": { - "id": "compute.instances.startWithEncryptionKey", - "path": "{project}/zones/{zone}/instances/{instance}/startWithEncryptionKey", - "httpMethod": "POST", - "description": "Starts an instance that was stopped using the using the instances().stop method. For more information, see Restart an instance.", - "parameters": { - "instance": { - "type": "string", - "description": "Name of the instance resource to start.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - }, - "zone": { - "type": "string", - "description": "The name of the zone for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "instance" - ], - "request": { - "$ref": "InstancesStartWithEncryptionKeyRequest" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "stop": { - "id": "compute.instances.stop", - "path": "{project}/zones/{zone}/instances/{instance}/stop", - "httpMethod": "POST", - "description": "Stops a running instance, shutting it down cleanly, and allows you to restart the instance at a later time. Stopped instances do not incur VM usage charges while they are stopped. However, resources that the VM is using, such as persistent disks and static IP addresses, will continue to be charged until they are deleted. For more information, see Stopping an instance.", - "parameters": { - "instance": { - "type": "string", - "description": "Name of the instance resource to stop.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - }, - "zone": { - "type": "string", - "description": "The name of the zone for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "instance" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - } - } - }, - "interconnectAttachments": { - "methods": { - "aggregatedList": { - "id": "compute.interconnectAttachments.aggregatedList", - "path": "{project}/aggregated/interconnectAttachments", - "httpMethod": "GET", - "description": "Retrieves an aggregated list of interconnect attachments.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" - }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "InterconnectAttachmentAggregatedList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "delete": { - "id": "compute.interconnectAttachments.delete", - "path": "{project}/regions/{region}/interconnectAttachments/{interconnectAttachment}", - "httpMethod": "DELETE", - "description": "Deletes the specified interconnect attachment.", - "parameters": { - "interconnectAttachment": { - "type": "string", - "description": "Name of the interconnect attachment to delete.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "region": { - "type": "string", - "description": "Name of the region for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project", - "region", - "interconnectAttachment" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "get": { - "id": "compute.interconnectAttachments.get", - "path": "{project}/regions/{region}/interconnectAttachments/{interconnectAttachment}", - "httpMethod": "GET", - "description": "Returns the specified interconnect attachment.", - "parameters": { - "interconnectAttachment": { - "type": "string", - "description": "Name of the interconnect attachment to return.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "region": { - "type": "string", - "description": "Name of the region for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "region", - "interconnectAttachment" - ], - "response": { - "$ref": "InterconnectAttachment" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "insert": { - "id": "compute.interconnectAttachments.insert", - "path": "{project}/regions/{region}/interconnectAttachments", - "httpMethod": "POST", - "description": "Creates an InterconnectAttachment in the specified project using the data included in the request.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "region": { - "type": "string", - "description": "Name of the region for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project", - "region" - ], - "request": { - "$ref": "InterconnectAttachment" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "list": { - "id": "compute.interconnectAttachments.list", - "path": "{project}/regions/{region}/interconnectAttachments", - "httpMethod": "GET", - "description": "Retrieves the list of interconnect attachments contained within the specified region.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" - }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "region": { - "type": "string", - "description": "Name of the region for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "region" - ], - "response": { - "$ref": "InterconnectAttachmentList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - } - } - }, - "interconnectLocations": { - "methods": { - "get": { - "id": "compute.interconnectLocations.get", - "path": "{project}/global/interconnectLocations/{interconnectLocation}", - "httpMethod": "GET", - "description": "Returns the details for the specified interconnect location. Get a list of available interconnect locations by making a list() request.", - "parameters": { - "interconnectLocation": { - "type": "string", - "description": "Name of the interconnect location to return.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "interconnectLocation" - ], - "response": { - "$ref": "InterconnectLocation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "list": { - "id": "compute.interconnectLocations.list", - "path": "{project}/global/interconnectLocations", - "httpMethod": "GET", - "description": "Retrieves the list of interconnect locations available to the specified project.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" - }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "InterconnectLocationList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - } - } - }, - "interconnects": { - "methods": { - "delete": { - "id": "compute.interconnects.delete", - "path": "{project}/global/interconnects/{interconnect}", - "httpMethod": "DELETE", - "description": "Deletes the specified interconnect.", - "parameters": { - "interconnect": { - "type": "string", - "description": "Name of the interconnect to delete.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project", - "interconnect" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "get": { - "id": "compute.interconnects.get", - "path": "{project}/global/interconnects/{interconnect}", - "httpMethod": "GET", - "description": "Returns the specified interconnect. Get a list of available interconnects by making a list() request.", - "parameters": { - "interconnect": { - "type": "string", - "description": "Name of the interconnect to return.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "interconnect" - ], - "response": { - "$ref": "Interconnect" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "insert": { - "id": "compute.interconnects.insert", - "path": "{project}/global/interconnects", - "httpMethod": "POST", - "description": "Creates a Interconnect in the specified project using the data included in the request.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project" - ], - "request": { - "$ref": "Interconnect" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "list": { - "id": "compute.interconnects.list", - "path": "{project}/global/interconnects", - "httpMethod": "GET", - "description": "Retrieves the list of interconnect available to the specified project.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" - }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "InterconnectList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "patch": { - "id": "compute.interconnects.patch", - "path": "{project}/global/interconnects/{interconnect}", - "httpMethod": "PATCH", - "description": "Updates the specified interconnect with the data included in the request. This method supports PATCH semantics and uses the JSON merge patch format and processing rules.", - "parameters": { - "interconnect": { - "type": "string", - "description": "Name of the interconnect to update.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project", - "interconnect" - ], - "request": { - "$ref": "Interconnect" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - } - } - }, - "licenses": { - "methods": { - "get": { - "id": "compute.licenses.get", - "path": "{project}/global/licenses/{license}", - "httpMethod": "GET", - "description": "Returns the specified License resource.", - "parameters": { - "license": { - "type": "string", - "description": "Name of the License resource to return.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "license" - ], - "response": { - "$ref": "License" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - } - } - }, - "machineTypes": { - "methods": { - "aggregatedList": { - "id": "compute.machineTypes.aggregatedList", - "path": "{project}/aggregated/machineTypes", - "httpMethod": "GET", - "description": "Retrieves an aggregated list of machine types.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" - }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "MachineTypeAggregatedList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "get": { - "id": "compute.machineTypes.get", - "path": "{project}/zones/{zone}/machineTypes/{machineType}", - "httpMethod": "GET", - "description": "Returns the specified machine type. Get a list of available machine types by making a list() request.", - "parameters": { - "machineType": { - "type": "string", - "description": "Name of the machine type to return.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "zone": { - "type": "string", - "description": "The name of the zone for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "machineType" - ], - "response": { - "$ref": "MachineType" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "list": { - "id": "compute.machineTypes.list", - "path": "{project}/zones/{zone}/machineTypes", - "httpMethod": "GET", - "description": "Retrieves a list of machine types available to the specified project.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" - }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "zone": { - "type": "string", - "description": "The name of the zone for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone" - ], - "response": { - "$ref": "MachineTypeList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - } - } - }, - "networks": { - "methods": { - "addPeering": { - "id": "compute.networks.addPeering", - "path": "{project}/global/networks/{network}/addPeering", - "httpMethod": "POST", - "description": "Adds a peering to the specified network.", - "parameters": { - "network": { - "type": "string", - "description": "Name of the network resource to add peering to.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project", - "network" - ], - "request": { - "$ref": "NetworksAddPeeringRequest" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "delete": { - "id": "compute.networks.delete", - "path": "{project}/global/networks/{network}", - "httpMethod": "DELETE", - "description": "Deletes the specified network.", - "parameters": { - "network": { - "type": "string", - "description": "Name of the network to delete.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project", - "network" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "get": { - "id": "compute.networks.get", - "path": "{project}/global/networks/{network}", - "httpMethod": "GET", - "description": "Returns the specified network. Get a list of available networks by making a list() request.", - "parameters": { - "network": { - "type": "string", - "description": "Name of the network to return.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "network" - ], - "response": { - "$ref": "Network" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "insert": { - "id": "compute.networks.insert", - "path": "{project}/global/networks", - "httpMethod": "POST", - "description": "Creates a network in the specified project using the data included in the request.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project" - ], - "request": { - "$ref": "Network" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "list": { - "id": "compute.networks.list", - "path": "{project}/global/networks", - "httpMethod": "GET", - "description": "Retrieves the list of networks available to the specified project.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" - }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "NetworkList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "patch": { - "id": "compute.networks.patch", - "path": "{project}/global/networks/{network}", - "httpMethod": "PATCH", - "description": "Patches the specified network with the data included in the request. Only the following fields can be modified: routingConfig.routingMode.", - "parameters": { - "network": { - "type": "string", - "description": "Name of the network to update.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project", - "network" - ], - "request": { - "$ref": "Network" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "removePeering": { - "id": "compute.networks.removePeering", - "path": "{project}/global/networks/{network}/removePeering", - "httpMethod": "POST", - "description": "Removes a peering from the specified network.", - "parameters": { - "network": { - "type": "string", - "description": "Name of the network resource to remove peering from.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project", - "network" - ], - "request": { - "$ref": "NetworksRemovePeeringRequest" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "switchToCustomMode": { - "id": "compute.networks.switchToCustomMode", - "path": "{project}/global/networks/{network}/switchToCustomMode", - "httpMethod": "POST", - "description": "Switches the network mode from auto subnet mode to custom subnet mode.", - "parameters": { - "network": { - "type": "string", - "description": "Name of the network to be updated.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project", - "network" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - } - } - }, - "projects": { - "methods": { - "disableXpnHost": { - "id": "compute.projects.disableXpnHost", - "path": "{project}/disableXpnHost", - "httpMethod": "POST", - "description": "Disable this project as a shared VPC host project.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "disableXpnResource": { - "id": "compute.projects.disableXpnResource", - "path": "{project}/disableXpnResource", - "httpMethod": "POST", - "description": "Disable a serivce resource (a.k.a service project) associated with this host project.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project" - ], - "request": { - "$ref": "ProjectsDisableXpnResourceRequest" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "enableXpnHost": { - "id": "compute.projects.enableXpnHost", - "path": "{project}/enableXpnHost", - "httpMethod": "POST", - "description": "Enable this project as a shared VPC host project.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "enableXpnResource": { - "id": "compute.projects.enableXpnResource", - "path": "{project}/enableXpnResource", - "httpMethod": "POST", - "description": "Enable service resource (a.k.a service project) for a host project, so that subnets in the host project can be used by instances in the service project.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project" - ], - "request": { - "$ref": "ProjectsEnableXpnResourceRequest" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "get": { - "id": "compute.projects.get", - "path": "{project}", - "httpMethod": "GET", - "description": "Returns the specified Project resource.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "Project" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "getXpnHost": { - "id": "compute.projects.getXpnHost", - "path": "{project}/getXpnHost", - "httpMethod": "GET", - "description": "Get the shared VPC host project that this project links to. May be empty if no link exists.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "Project" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "getXpnResources": { - "id": "compute.projects.getXpnResources", - "path": "{project}/getXpnResources", - "httpMethod": "GET", - "description": "Get service resources (a.k.a service project) associated with this host project.", - "parameters": { - "filter": { - "type": "string", - "location": "query" - }, - "maxResults": { - "type": "integer", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "order_by": { - "type": "string", - "location": "query" - }, - "pageToken": { - "type": "string", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "ProjectsGetXpnResources" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "listXpnHosts": { - "id": "compute.projects.listXpnHosts", - "path": "{project}/listXpnHosts", - "httpMethod": "POST", - "description": "List all shared VPC host projects visible to the user in an organization.", - "parameters": { - "filter": { - "type": "string", - "location": "query" - }, - "maxResults": { - "type": "integer", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "order_by": { - "type": "string", - "location": "query" - }, - "pageToken": { - "type": "string", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project" - ], - "request": { - "$ref": "ProjectsListXpnHostsRequest" - }, - "response": { - "$ref": "XpnHostList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "moveDisk": { - "id": "compute.projects.moveDisk", - "path": "{project}/moveDisk", - "httpMethod": "POST", - "description": "Moves a persistent disk from one zone to another.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project" - ], - "request": { - "$ref": "DiskMoveRequest" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "moveInstance": { - "id": "compute.projects.moveInstance", - "path": "{project}/moveInstance", - "httpMethod": "POST", - "description": "Moves an instance and its attached persistent disks from one zone to another.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project" - ], - "request": { - "$ref": "InstanceMoveRequest" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "setCommonInstanceMetadata": { - "id": "compute.projects.setCommonInstanceMetadata", - "path": "{project}/setCommonInstanceMetadata", - "httpMethod": "POST", - "description": "Sets metadata common to all instances within the specified project using the data included in the request.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project" - ], - "request": { - "$ref": "Metadata" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "setUsageExportBucket": { - "id": "compute.projects.setUsageExportBucket", - "path": "{project}/setUsageExportBucket", - "httpMethod": "POST", - "description": "Enables the usage export feature and sets the usage export bucket where reports are stored. If you provide an empty request body using this method, the usage export feature will be disabled.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project" - ], - "request": { - "$ref": "UsageExportLocation" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/devstorage.full_control", - "https://www.googleapis.com/auth/devstorage.read_only", - "https://www.googleapis.com/auth/devstorage.read_write" - ] - } - } - }, - "regionAutoscalers": { - "methods": { - "delete": { - "id": "compute.regionAutoscalers.delete", - "path": "{project}/regions/{region}/autoscalers/{autoscaler}", - "httpMethod": "DELETE", - "description": "Deletes the specified autoscaler.", - "parameters": { - "autoscaler": { - "type": "string", - "description": "Name of the autoscaler to delete.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "region": { - "type": "string", - "description": "Name of the region scoping this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project", - "region", - "autoscaler" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "get": { - "id": "compute.regionAutoscalers.get", - "path": "{project}/regions/{region}/autoscalers/{autoscaler}", - "httpMethod": "GET", - "description": "Returns the specified autoscaler.", - "parameters": { - "autoscaler": { - "type": "string", - "description": "Name of the autoscaler to return.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "region": { - "type": "string", - "description": "Name of the region scoping this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "region", - "autoscaler" - ], - "response": { - "$ref": "Autoscaler" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "insert": { - "id": "compute.regionAutoscalers.insert", - "path": "{project}/regions/{region}/autoscalers", - "httpMethod": "POST", - "description": "Creates an autoscaler in the specified project using the data included in the request.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "region": { - "type": "string", - "description": "Name of the region scoping this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + "methods": { + "get": { + "description": "Returns the specified License resource.", + "httpMethod": "GET", + "id": "compute.licenses.get", + "parameterOrder": [ + "project", + "license" + ], + "parameters": { + "license": { + "description": "Name of the License resource to return.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/licenses/{license}", + "response": { + "$ref": "License" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + } } - }, - "parameterOrder": [ - "project", - "region" - ], - "request": { - "$ref": "Autoscaler" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "list": { - "id": "compute.regionAutoscalers.list", - "path": "{project}/regions/{region}/autoscalers", - "httpMethod": "GET", - "description": "Retrieves a list of autoscalers contained within the specified region.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" - }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "region": { - "type": "string", - "description": "Name of the region scoping this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" + }, + "machineTypes": { + "methods": { + "aggregatedList": { + "description": "Retrieves an aggregated list of machine types.", + "httpMethod": "GET", + "id": "compute.machineTypes.aggregatedList", + "parameterOrder": [ + "project" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/aggregated/machineTypes", + "response": { + "$ref": "MachineTypeAggregatedList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "get": { + "description": "Returns the specified machine type. Get a list of available machine types by making a list() request.", + "httpMethod": "GET", + "id": "compute.machineTypes.get", + "parameterOrder": [ + "project", + "zone", + "machineType" + ], + "parameters": { + "machineType": { + "description": "Name of the machine type to return.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "zone": { + "description": "The name of the zone for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/machineTypes/{machineType}", + "response": { + "$ref": "MachineType" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "list": { + "description": "Retrieves a list of machine types available to the specified project.", + "httpMethod": "GET", + "id": "compute.machineTypes.list", + "parameterOrder": [ + "project", + "zone" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "zone": { + "description": "The name of the zone for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/machineTypes", + "response": { + "$ref": "MachineTypeList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + } } - }, - "parameterOrder": [ - "project", - "region" - ], - "response": { - "$ref": "RegionAutoscalerList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "patch": { - "id": "compute.regionAutoscalers.patch", - "path": "{project}/regions/{region}/autoscalers", - "httpMethod": "PATCH", - "description": "Updates an autoscaler in the specified project using the data included in the request. This method supports PATCH semantics and uses the JSON merge patch format and processing rules.", - "parameters": { - "autoscaler": { - "type": "string", - "description": "Name of the autoscaler to patch.", - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "region": { - "type": "string", - "description": "Name of the region scoping this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + }, + "networks": { + "methods": { + "addPeering": { + "description": "Adds a peering to the specified network.", + "httpMethod": "POST", + "id": "compute.networks.addPeering", + "parameterOrder": [ + "project", + "network" + ], + "parameters": { + "network": { + "description": "Name of the network resource to add peering to.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/networks/{network}/addPeering", + "request": { + "$ref": "NetworksAddPeeringRequest" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "delete": { + "description": "Deletes the specified network.", + "httpMethod": "DELETE", + "id": "compute.networks.delete", + "parameterOrder": [ + "project", + "network" + ], + "parameters": { + "network": { + "description": "Name of the network to delete.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/networks/{network}", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "get": { + "description": "Returns the specified network. Get a list of available networks by making a list() request.", + "httpMethod": "GET", + "id": "compute.networks.get", + "parameterOrder": [ + "project", + "network" + ], + "parameters": { + "network": { + "description": "Name of the network to return.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/networks/{network}", + "response": { + "$ref": "Network" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "insert": { + "description": "Creates a network in the specified project using the data included in the request.", + "httpMethod": "POST", + "id": "compute.networks.insert", + "parameterOrder": [ + "project" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/networks", + "request": { + "$ref": "Network" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "list": { + "description": "Retrieves the list of networks available to the specified project.", + "httpMethod": "GET", + "id": "compute.networks.list", + "parameterOrder": [ + "project" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/networks", + "response": { + "$ref": "NetworkList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "patch": { + "description": "Patches the specified network with the data included in the request. Only the following fields can be modified: routingConfig.routingMode.", + "httpMethod": "PATCH", + "id": "compute.networks.patch", + "parameterOrder": [ + "project", + "network" + ], + "parameters": { + "network": { + "description": "Name of the network to update.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/networks/{network}", + "request": { + "$ref": "Network" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "removePeering": { + "description": "Removes a peering from the specified network.", + "httpMethod": "POST", + "id": "compute.networks.removePeering", + "parameterOrder": [ + "project", + "network" + ], + "parameters": { + "network": { + "description": "Name of the network resource to remove peering from.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/networks/{network}/removePeering", + "request": { + "$ref": "NetworksRemovePeeringRequest" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "switchToCustomMode": { + "description": "Switches the network mode from auto subnet mode to custom subnet mode.", + "httpMethod": "POST", + "id": "compute.networks.switchToCustomMode", + "parameterOrder": [ + "project", + "network" + ], + "parameters": { + "network": { + "description": "Name of the network to be updated.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/networks/{network}/switchToCustomMode", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + } } - }, - "parameterOrder": [ - "project", - "region" - ], - "request": { - "$ref": "Autoscaler" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "update": { - "id": "compute.regionAutoscalers.update", - "path": "{project}/regions/{region}/autoscalers", - "httpMethod": "PUT", - "description": "Updates an autoscaler in the specified project using the data included in the request.", - "parameters": { - "autoscaler": { - "type": "string", - "description": "Name of the autoscaler to update.", - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "region": { - "type": "string", - "description": "Name of the region scoping this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + }, + "projects": { + "methods": { + "disableXpnHost": { + "description": "Disable this project as a shared VPC host project.", + "httpMethod": "POST", + "id": "compute.projects.disableXpnHost", + "parameterOrder": [ + "project" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/disableXpnHost", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "disableXpnResource": { + "description": "Disable a serivce resource (a.k.a service project) associated with this host project.", + "httpMethod": "POST", + "id": "compute.projects.disableXpnResource", + "parameterOrder": [ + "project" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/disableXpnResource", + "request": { + "$ref": "ProjectsDisableXpnResourceRequest" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "enableXpnHost": { + "description": "Enable this project as a shared VPC host project.", + "httpMethod": "POST", + "id": "compute.projects.enableXpnHost", + "parameterOrder": [ + "project" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/enableXpnHost", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "enableXpnResource": { + "description": "Enable service resource (a.k.a service project) for a host project, so that subnets in the host project can be used by instances in the service project.", + "httpMethod": "POST", + "id": "compute.projects.enableXpnResource", + "parameterOrder": [ + "project" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/enableXpnResource", + "request": { + "$ref": "ProjectsEnableXpnResourceRequest" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "get": { + "description": "Returns the specified Project resource.", + "httpMethod": "GET", + "id": "compute.projects.get", + "parameterOrder": [ + "project" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}", + "response": { + "$ref": "Project" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "getXpnHost": { + "description": "Get the shared VPC host project that this project links to. May be empty if no link exists.", + "httpMethod": "GET", + "id": "compute.projects.getXpnHost", + "parameterOrder": [ + "project" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/getXpnHost", + "response": { + "$ref": "Project" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "getXpnResources": { + "description": "Get service resources (a.k.a service project) associated with this host project.", + "httpMethod": "GET", + "id": "compute.projects.getXpnResources", + "parameterOrder": [ + "project" + ], + "parameters": { + "filter": { + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "order_by": { + "location": "query", + "type": "string" + }, + "pageToken": { + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/getXpnResources", + "response": { + "$ref": "ProjectsGetXpnResources" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "listXpnHosts": { + "description": "List all shared VPC host projects visible to the user in an organization.", + "httpMethod": "POST", + "id": "compute.projects.listXpnHosts", + "parameterOrder": [ + "project" + ], + "parameters": { + "filter": { + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "order_by": { + "location": "query", + "type": "string" + }, + "pageToken": { + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/listXpnHosts", + "request": { + "$ref": "ProjectsListXpnHostsRequest" + }, + "response": { + "$ref": "XpnHostList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "moveDisk": { + "description": "Moves a persistent disk from one zone to another.", + "httpMethod": "POST", + "id": "compute.projects.moveDisk", + "parameterOrder": [ + "project" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/moveDisk", + "request": { + "$ref": "DiskMoveRequest" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "moveInstance": { + "description": "Moves an instance and its attached persistent disks from one zone to another.", + "httpMethod": "POST", + "id": "compute.projects.moveInstance", + "parameterOrder": [ + "project" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/moveInstance", + "request": { + "$ref": "InstanceMoveRequest" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "setCommonInstanceMetadata": { + "description": "Sets metadata common to all instances within the specified project using the data included in the request.", + "httpMethod": "POST", + "id": "compute.projects.setCommonInstanceMetadata", + "parameterOrder": [ + "project" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/setCommonInstanceMetadata", + "request": { + "$ref": "Metadata" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "setUsageExportBucket": { + "description": "Enables the usage export feature and sets the usage export bucket where reports are stored. If you provide an empty request body using this method, the usage export feature will be disabled.", + "httpMethod": "POST", + "id": "compute.projects.setUsageExportBucket", + "parameterOrder": [ + "project" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/setUsageExportBucket", + "request": { + "$ref": "UsageExportLocation" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/devstorage.full_control", + "https://www.googleapis.com/auth/devstorage.read_only", + "https://www.googleapis.com/auth/devstorage.read_write" + ] + } } - }, - "parameterOrder": [ - "project", - "region" - ], - "request": { - "$ref": "Autoscaler" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - } - } - }, - "regionBackendServices": { - "methods": { - "delete": { - "id": "compute.regionBackendServices.delete", - "path": "{project}/regions/{region}/backendServices/{backendService}", - "httpMethod": "DELETE", - "description": "Deletes the specified regional BackendService resource.", - "parameters": { - "backendService": { - "type": "string", - "description": "Name of the BackendService resource to delete.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "region": { - "type": "string", - "description": "Name of the region scoping this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + }, + "regionAutoscalers": { + "methods": { + "delete": { + "description": "Deletes the specified autoscaler.", + "httpMethod": "DELETE", + "id": "compute.regionAutoscalers.delete", + "parameterOrder": [ + "project", + "region", + "autoscaler" + ], + "parameters": { + "autoscaler": { + "description": "Name of the autoscaler to delete.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region scoping this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/regions/{region}/autoscalers/{autoscaler}", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "get": { + "description": "Returns the specified autoscaler.", + "httpMethod": "GET", + "id": "compute.regionAutoscalers.get", + "parameterOrder": [ + "project", + "region", + "autoscaler" + ], + "parameters": { + "autoscaler": { + "description": "Name of the autoscaler to return.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region scoping this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}/autoscalers/{autoscaler}", + "response": { + "$ref": "Autoscaler" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "insert": { + "description": "Creates an autoscaler in the specified project using the data included in the request.", + "httpMethod": "POST", + "id": "compute.regionAutoscalers.insert", + "parameterOrder": [ + "project", + "region" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region scoping this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/regions/{region}/autoscalers", + "request": { + "$ref": "Autoscaler" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "list": { + "description": "Retrieves a list of autoscalers contained within the specified region.", + "httpMethod": "GET", + "id": "compute.regionAutoscalers.list", + "parameterOrder": [ + "project", + "region" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region scoping this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}/autoscalers", + "response": { + "$ref": "RegionAutoscalerList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "patch": { + "description": "Updates an autoscaler in the specified project using the data included in the request. This method supports PATCH semantics and uses the JSON merge patch format and processing rules.", + "httpMethod": "PATCH", + "id": "compute.regionAutoscalers.patch", + "parameterOrder": [ + "project", + "region" + ], + "parameters": { + "autoscaler": { + "description": "Name of the autoscaler to patch.", + "location": "query", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region scoping this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/regions/{region}/autoscalers", + "request": { + "$ref": "Autoscaler" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "update": { + "description": "Updates an autoscaler in the specified project using the data included in the request.", + "httpMethod": "PUT", + "id": "compute.regionAutoscalers.update", + "parameterOrder": [ + "project", + "region" + ], + "parameters": { + "autoscaler": { + "description": "Name of the autoscaler to update.", + "location": "query", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region scoping this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/regions/{region}/autoscalers", + "request": { + "$ref": "Autoscaler" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + } } - }, - "parameterOrder": [ - "project", - "region", - "backendService" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "get": { - "id": "compute.regionBackendServices.get", - "path": "{project}/regions/{region}/backendServices/{backendService}", - "httpMethod": "GET", - "description": "Returns the specified regional BackendService resource.", - "parameters": { - "backendService": { - "type": "string", - "description": "Name of the BackendService resource to return.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "region": { - "type": "string", - "description": "Name of the region scoping this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" + }, + "regionBackendServices": { + "methods": { + "delete": { + "description": "Deletes the specified regional BackendService resource.", + "httpMethod": "DELETE", + "id": "compute.regionBackendServices.delete", + "parameterOrder": [ + "project", + "region", + "backendService" + ], + "parameters": { + "backendService": { + "description": "Name of the BackendService resource to delete.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region scoping this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/regions/{region}/backendServices/{backendService}", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "get": { + "description": "Returns the specified regional BackendService resource.", + "httpMethod": "GET", + "id": "compute.regionBackendServices.get", + "parameterOrder": [ + "project", + "region", + "backendService" + ], + "parameters": { + "backendService": { + "description": "Name of the BackendService resource to return.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region scoping this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}/backendServices/{backendService}", + "response": { + "$ref": "BackendService" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "getHealth": { + "description": "Gets the most recent health check results for this regional BackendService.", + "httpMethod": "POST", + "id": "compute.regionBackendServices.getHealth", + "parameterOrder": [ + "project", + "region", + "backendService" + ], + "parameters": { + "backendService": { + "description": "Name of the BackendService resource for which to get health.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region scoping this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}/backendServices/{backendService}/getHealth", + "request": { + "$ref": "ResourceGroupReference" + }, + "response": { + "$ref": "BackendServiceGroupHealth" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "insert": { + "description": "Creates a regional BackendService resource in the specified project using the data included in the request. There are several restrictions and guidelines to keep in mind when creating a regional backend service. Read Restrictions and Guidelines for more information.", + "httpMethod": "POST", + "id": "compute.regionBackendServices.insert", + "parameterOrder": [ + "project", + "region" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region scoping this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/regions/{region}/backendServices", + "request": { + "$ref": "BackendService" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "list": { + "description": "Retrieves the list of regional BackendService resources available to the specified project in the given region.", + "httpMethod": "GET", + "id": "compute.regionBackendServices.list", + "parameterOrder": [ + "project", + "region" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region scoping this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}/backendServices", + "response": { + "$ref": "BackendServiceList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "patch": { + "description": "Updates the specified regional BackendService resource with the data included in the request. There are several restrictions and guidelines to keep in mind when updating a backend service. Read Restrictions and Guidelines for more information. This method supports PATCH semantics and uses the JSON merge patch format and processing rules.", + "httpMethod": "PATCH", + "id": "compute.regionBackendServices.patch", + "parameterOrder": [ + "project", + "region", + "backendService" + ], + "parameters": { + "backendService": { + "description": "Name of the BackendService resource to patch.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region scoping this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/regions/{region}/backendServices/{backendService}", + "request": { + "$ref": "BackendService" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "update": { + "description": "Updates the specified regional BackendService resource with the data included in the request. There are several restrictions and guidelines to keep in mind when updating a backend service. Read Restrictions and Guidelines for more information.", + "httpMethod": "PUT", + "id": "compute.regionBackendServices.update", + "parameterOrder": [ + "project", + "region", + "backendService" + ], + "parameters": { + "backendService": { + "description": "Name of the BackendService resource to update.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region scoping this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/regions/{region}/backendServices/{backendService}", + "request": { + "$ref": "BackendService" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + } } - }, - "parameterOrder": [ - "project", - "region", - "backendService" - ], - "response": { - "$ref": "BackendService" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "getHealth": { - "id": "compute.regionBackendServices.getHealth", - "path": "{project}/regions/{region}/backendServices/{backendService}/getHealth", - "httpMethod": "POST", - "description": "Gets the most recent health check results for this regional BackendService.", - "parameters": { - "backendService": { - "type": "string", - "description": "Name of the BackendService resource to which the queried instance belongs.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "region": { - "type": "string", - "description": "Name of the region scoping this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" + }, + "regionCommitments": { + "methods": { + "aggregatedList": { + "description": "Retrieves an aggregated list of commitments.", + "httpMethod": "GET", + "id": "compute.regionCommitments.aggregatedList", + "parameterOrder": [ + "project" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/aggregated/commitments", + "response": { + "$ref": "CommitmentAggregatedList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "get": { + "description": "Returns the specified commitment resource. Get a list of available commitments by making a list() request.", + "httpMethod": "GET", + "id": "compute.regionCommitments.get", + "parameterOrder": [ + "project", + "region", + "commitment" + ], + "parameters": { + "commitment": { + "description": "Name of the commitment to return.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}/commitments/{commitment}", + "response": { + "$ref": "Commitment" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "insert": { + "description": "Creates a commitment in the specified project using the data included in the request.", + "httpMethod": "POST", + "id": "compute.regionCommitments.insert", + "parameterOrder": [ + "project", + "region" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/regions/{region}/commitments", + "request": { + "$ref": "Commitment" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "list": { + "description": "Retrieves a list of commitments contained within the specified region.", + "httpMethod": "GET", + "id": "compute.regionCommitments.list", + "parameterOrder": [ + "project", + "region" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}/commitments", + "response": { + "$ref": "CommitmentList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + } } - }, - "parameterOrder": [ - "project", - "region", - "backendService" - ], - "request": { - "$ref": "ResourceGroupReference" - }, - "response": { - "$ref": "BackendServiceGroupHealth" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "insert": { - "id": "compute.regionBackendServices.insert", - "path": "{project}/regions/{region}/backendServices", - "httpMethod": "POST", - "description": "Creates a regional BackendService resource in the specified project using the data included in the request. There are several restrictions and guidelines to keep in mind when creating a regional backend service. Read Restrictions and Guidelines for more information.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "region": { - "type": "string", - "description": "Name of the region scoping this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + }, + "regionInstanceGroupManagers": { + "methods": { + "abandonInstances": { + "description": "Schedules a group action to remove the specified instances from the managed instance group. Abandoning an instance does not delete the instance, but it does remove the instance from any target pools that are applied by the managed instance group. This method reduces the targetSize of the managed instance group by the number of instances that you abandon. This operation is marked as DONE when the action is scheduled even if the instances have not yet been removed from the group. You must separately verify the status of the abandoning action with the listmanagedinstances method.\n\nIf the group is part of a backend service that has enabled connection draining, it can take up to 60 seconds after the connection draining duration has elapsed before the VM instance is removed or deleted.\n\nYou can specify a maximum of 1000 instances with this method per request.", + "httpMethod": "POST", + "id": "compute.regionInstanceGroupManagers.abandonInstances", + "parameterOrder": [ + "project", + "region", + "instanceGroupManager" + ], + "parameters": { + "instanceGroupManager": { + "description": "Name of the managed instance group.", + "location": "path", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region scoping this request.", + "location": "path", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/regions/{region}/instanceGroupManagers/{instanceGroupManager}/abandonInstances", + "request": { + "$ref": "RegionInstanceGroupManagersAbandonInstancesRequest" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "delete": { + "description": "Deletes the specified managed instance group and all of the instances in that group.", + "httpMethod": "DELETE", + "id": "compute.regionInstanceGroupManagers.delete", + "parameterOrder": [ + "project", + "region", + "instanceGroupManager" + ], + "parameters": { + "instanceGroupManager": { + "description": "Name of the managed instance group to delete.", + "location": "path", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region scoping this request.", + "location": "path", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/regions/{region}/instanceGroupManagers/{instanceGroupManager}", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "deleteInstances": { + "description": "Schedules a group action to delete the specified instances in the managed instance group. The instances are also removed from any target pools of which they were a member. This method reduces the targetSize of the managed instance group by the number of instances that you delete. This operation is marked as DONE when the action is scheduled even if the instances are still being deleted. You must separately verify the status of the deleting action with the listmanagedinstances method.\n\nIf the group is part of a backend service that has enabled connection draining, it can take up to 60 seconds after the connection draining duration has elapsed before the VM instance is removed or deleted.\n\nYou can specify a maximum of 1000 instances with this method per request.", + "httpMethod": "POST", + "id": "compute.regionInstanceGroupManagers.deleteInstances", + "parameterOrder": [ + "project", + "region", + "instanceGroupManager" + ], + "parameters": { + "instanceGroupManager": { + "description": "Name of the managed instance group.", + "location": "path", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region scoping this request.", + "location": "path", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/regions/{region}/instanceGroupManagers/{instanceGroupManager}/deleteInstances", + "request": { + "$ref": "RegionInstanceGroupManagersDeleteInstancesRequest" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "get": { + "description": "Returns all of the details about the specified managed instance group.", + "httpMethod": "GET", + "id": "compute.regionInstanceGroupManagers.get", + "parameterOrder": [ + "project", + "region", + "instanceGroupManager" + ], + "parameters": { + "instanceGroupManager": { + "description": "Name of the managed instance group to return.", + "location": "path", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region scoping this request.", + "location": "path", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}/instanceGroupManagers/{instanceGroupManager}", + "response": { + "$ref": "InstanceGroupManager" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "insert": { + "description": "Creates a managed instance group using the information that you specify in the request. After the group is created, it schedules an action to create instances in the group using the specified instance template. This operation is marked as DONE when the group is created even if the instances in the group have not yet been created. You must separately verify the status of the individual instances with the listmanagedinstances method.\n\nA regional managed instance group can contain up to 2000 instances.", + "httpMethod": "POST", + "id": "compute.regionInstanceGroupManagers.insert", + "parameterOrder": [ + "project", + "region" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region scoping this request.", + "location": "path", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/regions/{region}/instanceGroupManagers", + "request": { + "$ref": "InstanceGroupManager" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "list": { + "description": "Retrieves the list of managed instance groups that are contained within the specified region.", + "httpMethod": "GET", + "id": "compute.regionInstanceGroupManagers.list", + "parameterOrder": [ + "project", + "region" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region scoping this request.", + "location": "path", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}/instanceGroupManagers", + "response": { + "$ref": "RegionInstanceGroupManagerList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "listManagedInstances": { + "description": "Lists the instances in the managed instance group and instances that are scheduled to be created. The list includes any current actions that the group has scheduled for its instances.", + "httpMethod": "POST", + "id": "compute.regionInstanceGroupManagers.listManagedInstances", + "parameterOrder": [ + "project", + "region", + "instanceGroupManager" + ], + "parameters": { + "filter": { + "location": "query", + "type": "string" + }, + "instanceGroupManager": { + "description": "The name of the managed instance group.", + "location": "path", + "required": true, + "type": "string" + }, + "maxResults": { + "default": "500", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "order_by": { + "location": "query", + "type": "string" + }, + "pageToken": { + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region scoping this request.", + "location": "path", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}/instanceGroupManagers/{instanceGroupManager}/listManagedInstances", + "response": { + "$ref": "RegionInstanceGroupManagersListInstancesResponse" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "recreateInstances": { + "description": "Schedules a group action to recreate the specified instances in the managed instance group. The instances are deleted and recreated using the current instance template for the managed instance group. This operation is marked as DONE when the action is scheduled even if the instances have not yet been recreated. You must separately verify the status of the recreating action with the listmanagedinstances method.\n\nIf the group is part of a backend service that has enabled connection draining, it can take up to 60 seconds after the connection draining duration has elapsed before the VM instance is removed or deleted.\n\nYou can specify a maximum of 1000 instances with this method per request.", + "httpMethod": "POST", + "id": "compute.regionInstanceGroupManagers.recreateInstances", + "parameterOrder": [ + "project", + "region", + "instanceGroupManager" + ], + "parameters": { + "instanceGroupManager": { + "description": "Name of the managed instance group.", + "location": "path", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region scoping this request.", + "location": "path", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/regions/{region}/instanceGroupManagers/{instanceGroupManager}/recreateInstances", + "request": { + "$ref": "RegionInstanceGroupManagersRecreateRequest" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "resize": { + "description": "Changes the intended size for the managed instance group. If you increase the size, the group schedules actions to create new instances using the current instance template. If you decrease the size, the group schedules delete actions on one or more instances. The resize operation is marked DONE when the resize actions are scheduled even if the group has not yet added or deleted any instances. You must separately verify the status of the creating or deleting actions with the listmanagedinstances method.\n\nIf the group is part of a backend service that has enabled connection draining, it can take up to 60 seconds after the connection draining duration has elapsed before the VM instance is removed or deleted.", + "httpMethod": "POST", + "id": "compute.regionInstanceGroupManagers.resize", + "parameterOrder": [ + "project", + "region", + "instanceGroupManager", + "size" + ], + "parameters": { + "instanceGroupManager": { + "description": "Name of the managed instance group.", + "location": "path", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region scoping this request.", + "location": "path", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "size": { + "description": "Number of instances that should exist in this instance group manager.", + "format": "int32", + "location": "query", + "minimum": "0", + "required": true, + "type": "integer" + } + }, + "path": "{project}/regions/{region}/instanceGroupManagers/{instanceGroupManager}/resize", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "setInstanceTemplate": { + "description": "Sets the instance template to use when creating new instances or recreating instances in this group. Existing instances are not affected.", + "httpMethod": "POST", + "id": "compute.regionInstanceGroupManagers.setInstanceTemplate", + "parameterOrder": [ + "project", + "region", + "instanceGroupManager" + ], + "parameters": { + "instanceGroupManager": { + "description": "The name of the managed instance group.", + "location": "path", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region scoping this request.", + "location": "path", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/regions/{region}/instanceGroupManagers/{instanceGroupManager}/setInstanceTemplate", + "request": { + "$ref": "RegionInstanceGroupManagersSetTemplateRequest" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "setTargetPools": { + "description": "Modifies the target pools to which all new instances in this group are assigned. Existing instances in the group are not affected.", + "httpMethod": "POST", + "id": "compute.regionInstanceGroupManagers.setTargetPools", + "parameterOrder": [ + "project", + "region", + "instanceGroupManager" + ], + "parameters": { + "instanceGroupManager": { + "description": "Name of the managed instance group.", + "location": "path", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region scoping this request.", + "location": "path", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/regions/{region}/instanceGroupManagers/{instanceGroupManager}/setTargetPools", + "request": { + "$ref": "RegionInstanceGroupManagersSetTargetPoolsRequest" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + } } - }, - "parameterOrder": [ - "project", - "region" - ], - "request": { - "$ref": "BackendService" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "list": { - "id": "compute.regionBackendServices.list", - "path": "{project}/regions/{region}/backendServices", - "httpMethod": "GET", - "description": "Retrieves the list of regional BackendService resources available to the specified project in the given region.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" - }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "region": { - "type": "string", - "description": "Name of the region scoping this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" + }, + "regionInstanceGroups": { + "methods": { + "get": { + "description": "Returns the specified instance group resource.", + "httpMethod": "GET", + "id": "compute.regionInstanceGroups.get", + "parameterOrder": [ + "project", + "region", + "instanceGroup" + ], + "parameters": { + "instanceGroup": { + "description": "Name of the instance group resource to return.", + "location": "path", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region scoping this request.", + "location": "path", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}/instanceGroups/{instanceGroup}", + "response": { + "$ref": "InstanceGroup" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "list": { + "description": "Retrieves the list of instance group resources contained within the specified region.", + "httpMethod": "GET", + "id": "compute.regionInstanceGroups.list", + "parameterOrder": [ + "project", + "region" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region scoping this request.", + "location": "path", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}/instanceGroups", + "response": { + "$ref": "RegionInstanceGroupList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "listInstances": { + "description": "Lists the instances in the specified instance group and displays information about the named ports. Depending on the specified options, this method can list all instances or only the instances that are running.", + "httpMethod": "POST", + "id": "compute.regionInstanceGroups.listInstances", + "parameterOrder": [ + "project", + "region", + "instanceGroup" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "instanceGroup": { + "description": "Name of the regional instance group for which we want to list the instances.", + "location": "path", + "required": true, + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region scoping this request.", + "location": "path", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}/instanceGroups/{instanceGroup}/listInstances", + "request": { + "$ref": "RegionInstanceGroupsListInstancesRequest" + }, + "response": { + "$ref": "RegionInstanceGroupsListInstances" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "setNamedPorts": { + "description": "Sets the named ports for the specified regional instance group.", + "httpMethod": "POST", + "id": "compute.regionInstanceGroups.setNamedPorts", + "parameterOrder": [ + "project", + "region", + "instanceGroup" + ], + "parameters": { + "instanceGroup": { + "description": "The name of the regional instance group where the named ports are updated.", + "location": "path", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region scoping this request.", + "location": "path", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/regions/{region}/instanceGroups/{instanceGroup}/setNamedPorts", + "request": { + "$ref": "RegionInstanceGroupsSetNamedPortsRequest" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + } } - }, - "parameterOrder": [ - "project", - "region" - ], - "response": { - "$ref": "BackendServiceList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "patch": { - "id": "compute.regionBackendServices.patch", - "path": "{project}/regions/{region}/backendServices/{backendService}", - "httpMethod": "PATCH", - "description": "Updates the specified regional BackendService resource with the data included in the request. There are several restrictions and guidelines to keep in mind when updating a backend service. Read Restrictions and Guidelines for more information. This method supports PATCH semantics and uses the JSON merge patch format and processing rules.", - "parameters": { - "backendService": { - "type": "string", - "description": "Name of the BackendService resource to patch.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "region": { - "type": "string", - "description": "Name of the region scoping this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + }, + "regionOperations": { + "methods": { + "delete": { + "description": "Deletes the specified region-specific Operations resource.", + "httpMethod": "DELETE", + "id": "compute.regionOperations.delete", + "parameterOrder": [ + "project", + "region", + "operation" + ], + "parameters": { + "operation": { + "description": "Name of the Operations resource to delete.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}/operations/{operation}", + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "get": { + "description": "Retrieves the specified region-specific Operations resource.", + "httpMethod": "GET", + "id": "compute.regionOperations.get", + "parameterOrder": [ + "project", + "region", + "operation" + ], + "parameters": { + "operation": { + "description": "Name of the Operations resource to return.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}/operations/{operation}", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "list": { + "description": "Retrieves a list of Operation resources contained within the specified region.", + "httpMethod": "GET", + "id": "compute.regionOperations.list", + "parameterOrder": [ + "project", + "region" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}/operations", + "response": { + "$ref": "OperationList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + } } - }, - "parameterOrder": [ - "project", - "region", - "backendService" - ], - "request": { - "$ref": "BackendService" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "update": { - "id": "compute.regionBackendServices.update", - "path": "{project}/regions/{region}/backendServices/{backendService}", - "httpMethod": "PUT", - "description": "Updates the specified regional BackendService resource with the data included in the request. There are several restrictions and guidelines to keep in mind when updating a backend service. Read Restrictions and Guidelines for more information.", - "parameters": { - "backendService": { - "type": "string", - "description": "Name of the BackendService resource to update.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "region": { - "type": "string", - "description": "Name of the region scoping this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + }, + "regions": { + "methods": { + "get": { + "description": "Returns the specified Region resource. Get a list of available regions by making a list() request.", + "httpMethod": "GET", + "id": "compute.regions.get", + "parameterOrder": [ + "project", + "region" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region resource to return.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}", + "response": { + "$ref": "Region" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "list": { + "description": "Retrieves the list of region resources available to the specified project.", + "httpMethod": "GET", + "id": "compute.regions.list", + "parameterOrder": [ + "project" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions", + "response": { + "$ref": "RegionList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + } } - }, - "parameterOrder": [ - "project", - "region", - "backendService" - ], - "request": { - "$ref": "BackendService" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - } - } - }, - "regionCommitments": { - "methods": { - "aggregatedList": { - "id": "compute.regionCommitments.aggregatedList", - "path": "{project}/aggregated/commitments", - "httpMethod": "GET", - "description": "Retrieves an aggregated list of commitments.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" - }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + }, + "routers": { + "methods": { + "aggregatedList": { + "description": "Retrieves an aggregated list of routers.", + "httpMethod": "GET", + "id": "compute.routers.aggregatedList", + "parameterOrder": [ + "project" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/aggregated/routers", + "response": { + "$ref": "RouterAggregatedList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "delete": { + "description": "Deletes the specified Router resource.", + "httpMethod": "DELETE", + "id": "compute.routers.delete", + "parameterOrder": [ + "project", + "region", + "router" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "router": { + "description": "Name of the Router resource to delete.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}/routers/{router}", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "get": { + "description": "Returns the specified Router resource. Get a list of available routers by making a list() request.", + "httpMethod": "GET", + "id": "compute.routers.get", + "parameterOrder": [ + "project", + "region", + "router" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "router": { + "description": "Name of the Router resource to return.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}/routers/{router}", + "response": { + "$ref": "Router" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "getRouterStatus": { + "description": "Retrieves runtime information of the specified router.", + "httpMethod": "GET", + "id": "compute.routers.getRouterStatus", + "parameterOrder": [ + "project", + "region", + "router" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "router": { + "description": "Name of the Router resource to query.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}/routers/{router}/getRouterStatus", + "response": { + "$ref": "RouterStatusResponse" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "insert": { + "description": "Creates a Router resource in the specified project and region using the data included in the request.", + "httpMethod": "POST", + "id": "compute.routers.insert", + "parameterOrder": [ + "project", + "region" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/regions/{region}/routers", + "request": { + "$ref": "Router" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "list": { + "description": "Retrieves a list of Router resources available to the specified project.", + "httpMethod": "GET", + "id": "compute.routers.list", + "parameterOrder": [ + "project", + "region" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}/routers", + "response": { + "$ref": "RouterList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "patch": { + "description": "Patches the specified Router resource with the data included in the request. This method supports PATCH semantics and uses JSON merge patch format and processing rules.", + "httpMethod": "PATCH", + "id": "compute.routers.patch", + "parameterOrder": [ + "project", + "region", + "router" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "router": { + "description": "Name of the Router resource to patch.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}/routers/{router}", + "request": { + "$ref": "Router" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "preview": { + "description": "Preview fields auto-generated during router create and update operations. Calling this method does NOT create or update the router.", + "httpMethod": "POST", + "id": "compute.routers.preview", + "parameterOrder": [ + "project", + "region", + "router" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "router": { + "description": "Name of the Router resource to query.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}/routers/{router}/preview", + "request": { + "$ref": "Router" + }, + "response": { + "$ref": "RoutersPreviewResponse" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "update": { + "description": "Updates the specified Router resource with the data included in the request.", + "httpMethod": "PUT", + "id": "compute.routers.update", + "parameterOrder": [ + "project", + "region", + "router" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "router": { + "description": "Name of the Router resource to update.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}/routers/{router}", + "request": { + "$ref": "Router" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + } } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "CommitmentAggregatedList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "get": { - "id": "compute.regionCommitments.get", - "path": "{project}/regions/{region}/commitments/{commitment}", - "httpMethod": "GET", - "description": "Returns the specified commitment resource. Get a list of available commitments by making a list() request.", - "parameters": { - "commitment": { - "type": "string", - "description": "Name of the commitment to return.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "region": { - "type": "string", - "description": "Name of the region for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" + }, + "routes": { + "methods": { + "delete": { + "description": "Deletes the specified Route resource.", + "httpMethod": "DELETE", + "id": "compute.routes.delete", + "parameterOrder": [ + "project", + "route" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "route": { + "description": "Name of the Route resource to delete.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/routes/{route}", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "get": { + "description": "Returns the specified Route resource. Get a list of available routes by making a list() request.", + "httpMethod": "GET", + "id": "compute.routes.get", + "parameterOrder": [ + "project", + "route" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "route": { + "description": "Name of the Route resource to return.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/routes/{route}", + "response": { + "$ref": "Route" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "insert": { + "description": "Creates a Route resource in the specified project using the data included in the request.", + "httpMethod": "POST", + "id": "compute.routes.insert", + "parameterOrder": [ + "project" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/routes", + "request": { + "$ref": "Route" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "list": { + "description": "Retrieves the list of Route resources available to the specified project.", + "httpMethod": "GET", + "id": "compute.routes.list", + "parameterOrder": [ + "project" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/routes", + "response": { + "$ref": "RouteList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + } + } + }, + "snapshots": { + "methods": { + "delete": { + "description": "Deletes the specified Snapshot resource. Keep in mind that deleting a single snapshot might not necessarily delete all the data on that snapshot. If any data on the snapshot that is marked for deletion is needed for subsequent snapshots, the data will be moved to the next corresponding snapshot.\n\nFor more information, see Deleting snaphots.", + "httpMethod": "DELETE", + "id": "compute.snapshots.delete", + "parameterOrder": [ + "project", + "snapshot" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "snapshot": { + "description": "Name of the Snapshot resource to delete.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/snapshots/{snapshot}", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "get": { + "description": "Returns the specified Snapshot resource. Get a list of available snapshots by making a list() request.", + "httpMethod": "GET", + "id": "compute.snapshots.get", + "parameterOrder": [ + "project", + "snapshot" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "snapshot": { + "description": "Name of the Snapshot resource to return.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/snapshots/{snapshot}", + "response": { + "$ref": "Snapshot" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "list": { + "description": "Retrieves the list of Snapshot resources contained within the specified project.", + "httpMethod": "GET", + "id": "compute.snapshots.list", + "parameterOrder": [ + "project" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/snapshots", + "response": { + "$ref": "SnapshotList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "setLabels": { + "description": "Sets the labels on a snapshot. To learn more about labels, read the Labeling Resources documentation.", + "httpMethod": "POST", + "id": "compute.snapshots.setLabels", + "parameterOrder": [ + "project", + "resource" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "resource": { + "description": "Name of the resource for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9_]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/snapshots/{resource}/setLabels", + "request": { + "$ref": "GlobalSetLabelsRequest" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + } } - }, - "parameterOrder": [ - "project", - "region", - "commitment" - ], - "response": { - "$ref": "Commitment" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "insert": { - "id": "compute.regionCommitments.insert", - "path": "{project}/regions/{region}/commitments", - "httpMethod": "POST", - "description": "Creates a commitment in the specified project using the data included in the request.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "region": { - "type": "string", - "description": "Name of the region for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + }, + "sslCertificates": { + "methods": { + "delete": { + "description": "Deletes the specified SslCertificate resource.", + "httpMethod": "DELETE", + "id": "compute.sslCertificates.delete", + "parameterOrder": [ + "project", + "sslCertificate" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "sslCertificate": { + "description": "Name of the SslCertificate resource to delete.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/sslCertificates/{sslCertificate}", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "get": { + "description": "Returns the specified SslCertificate resource. Get a list of available SSL certificates by making a list() request.", + "httpMethod": "GET", + "id": "compute.sslCertificates.get", + "parameterOrder": [ + "project", + "sslCertificate" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "sslCertificate": { + "description": "Name of the SslCertificate resource to return.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/sslCertificates/{sslCertificate}", + "response": { + "$ref": "SslCertificate" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "insert": { + "description": "Creates a SslCertificate resource in the specified project using the data included in the request.", + "httpMethod": "POST", + "id": "compute.sslCertificates.insert", + "parameterOrder": [ + "project" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/sslCertificates", + "request": { + "$ref": "SslCertificate" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "list": { + "description": "Retrieves the list of SslCertificate resources available to the specified project.", + "httpMethod": "GET", + "id": "compute.sslCertificates.list", + "parameterOrder": [ + "project" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/sslCertificates", + "response": { + "$ref": "SslCertificateList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + } } - }, - "parameterOrder": [ - "project", - "region" - ], - "request": { - "$ref": "Commitment" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "list": { - "id": "compute.regionCommitments.list", - "path": "{project}/regions/{region}/commitments", - "httpMethod": "GET", - "description": "Retrieves a list of commitments contained within the specified region.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" - }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "region": { - "type": "string", - "description": "Name of the region for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" + }, + "subnetworks": { + "methods": { + "aggregatedList": { + "description": "Retrieves an aggregated list of subnetworks.", + "httpMethod": "GET", + "id": "compute.subnetworks.aggregatedList", + "parameterOrder": [ + "project" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/aggregated/subnetworks", + "response": { + "$ref": "SubnetworkAggregatedList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "delete": { + "description": "Deletes the specified subnetwork.", + "httpMethod": "DELETE", + "id": "compute.subnetworks.delete", + "parameterOrder": [ + "project", + "region", + "subnetwork" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region scoping this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "subnetwork": { + "description": "Name of the Subnetwork resource to delete.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}/subnetworks/{subnetwork}", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "expandIpCidrRange": { + "description": "Expands the IP CIDR range of the subnetwork to a specified value.", + "httpMethod": "POST", + "id": "compute.subnetworks.expandIpCidrRange", + "parameterOrder": [ + "project", + "region", + "subnetwork" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region scoping this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "subnetwork": { + "description": "Name of the Subnetwork resource to update.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}/subnetworks/{subnetwork}/expandIpCidrRange", + "request": { + "$ref": "SubnetworksExpandIpCidrRangeRequest" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "get": { + "description": "Returns the specified subnetwork. Get a list of available subnetworks list() request.", + "httpMethod": "GET", + "id": "compute.subnetworks.get", + "parameterOrder": [ + "project", + "region", + "subnetwork" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region scoping this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "subnetwork": { + "description": "Name of the Subnetwork resource to return.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}/subnetworks/{subnetwork}", + "response": { + "$ref": "Subnetwork" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "insert": { + "description": "Creates a subnetwork in the specified project using the data included in the request.", + "httpMethod": "POST", + "id": "compute.subnetworks.insert", + "parameterOrder": [ + "project", + "region" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region scoping this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/regions/{region}/subnetworks", + "request": { + "$ref": "Subnetwork" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "list": { + "description": "Retrieves a list of subnetworks available to the specified project.", + "httpMethod": "GET", + "id": "compute.subnetworks.list", + "parameterOrder": [ + "project", + "region" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region scoping this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}/subnetworks", + "response": { + "$ref": "SubnetworkList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "setPrivateIpGoogleAccess": { + "description": "Set whether VMs in this subnet can access Google services without assigning external IP addresses through Private Google Access.", + "httpMethod": "POST", + "id": "compute.subnetworks.setPrivateIpGoogleAccess", + "parameterOrder": [ + "project", + "region", + "subnetwork" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region scoping this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "subnetwork": { + "description": "Name of the Subnetwork resource.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}/subnetworks/{subnetwork}/setPrivateIpGoogleAccess", + "request": { + "$ref": "SubnetworksSetPrivateIpGoogleAccessRequest" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + } } - }, - "parameterOrder": [ - "project", - "region" - ], - "response": { - "$ref": "CommitmentList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - } - } - }, - "regionInstanceGroupManagers": { - "methods": { - "abandonInstances": { - "id": "compute.regionInstanceGroupManagers.abandonInstances", - "path": "{project}/regions/{region}/instanceGroupManagers/{instanceGroupManager}/abandonInstances", - "httpMethod": "POST", - "description": "Schedules a group action to remove the specified instances from the managed instance group. Abandoning an instance does not delete the instance, but it does remove the instance from any target pools that are applied by the managed instance group. This method reduces the targetSize of the managed instance group by the number of instances that you abandon. This operation is marked as DONE when the action is scheduled even if the instances have not yet been removed from the group. You must separately verify the status of the abandoning action with the listmanagedinstances method.\n\nIf the group is part of a backend service that has enabled connection draining, it can take up to 60 seconds after the connection draining duration has elapsed before the VM instance is removed or deleted.\n\nYou can specify a maximum of 1000 instances with this method per request.", - "parameters": { - "instanceGroupManager": { - "type": "string", - "description": "Name of the managed instance group.", - "required": true, - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "region": { - "type": "string", - "description": "Name of the region scoping this request.", - "required": true, - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + }, + "targetHttpProxies": { + "methods": { + "delete": { + "description": "Deletes the specified TargetHttpProxy resource.", + "httpMethod": "DELETE", + "id": "compute.targetHttpProxies.delete", + "parameterOrder": [ + "project", + "targetHttpProxy" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "targetHttpProxy": { + "description": "Name of the TargetHttpProxy resource to delete.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/targetHttpProxies/{targetHttpProxy}", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "get": { + "description": "Returns the specified TargetHttpProxy resource. Get a list of available target HTTP proxies by making a list() request.", + "httpMethod": "GET", + "id": "compute.targetHttpProxies.get", + "parameterOrder": [ + "project", + "targetHttpProxy" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "targetHttpProxy": { + "description": "Name of the TargetHttpProxy resource to return.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/targetHttpProxies/{targetHttpProxy}", + "response": { + "$ref": "TargetHttpProxy" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "insert": { + "description": "Creates a TargetHttpProxy resource in the specified project using the data included in the request.", + "httpMethod": "POST", + "id": "compute.targetHttpProxies.insert", + "parameterOrder": [ + "project" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/targetHttpProxies", + "request": { + "$ref": "TargetHttpProxy" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "list": { + "description": "Retrieves the list of TargetHttpProxy resources available to the specified project.", + "httpMethod": "GET", + "id": "compute.targetHttpProxies.list", + "parameterOrder": [ + "project" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/targetHttpProxies", + "response": { + "$ref": "TargetHttpProxyList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "setUrlMap": { + "description": "Changes the URL map for TargetHttpProxy.", + "httpMethod": "POST", + "id": "compute.targetHttpProxies.setUrlMap", + "parameterOrder": [ + "project", + "targetHttpProxy" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "targetHttpProxy": { + "description": "Name of the TargetHttpProxy to set a URL map for.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/targetHttpProxies/{targetHttpProxy}/setUrlMap", + "request": { + "$ref": "UrlMapReference" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + } } - }, - "parameterOrder": [ - "project", - "region", - "instanceGroupManager" - ], - "request": { - "$ref": "RegionInstanceGroupManagersAbandonInstancesRequest" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "delete": { - "id": "compute.regionInstanceGroupManagers.delete", - "path": "{project}/regions/{region}/instanceGroupManagers/{instanceGroupManager}", - "httpMethod": "DELETE", - "description": "Deletes the specified managed instance group and all of the instances in that group.", - "parameters": { - "instanceGroupManager": { - "type": "string", - "description": "Name of the managed instance group to delete.", - "required": true, - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "region": { - "type": "string", - "description": "Name of the region scoping this request.", - "required": true, - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + }, + "targetHttpsProxies": { + "methods": { + "delete": { + "description": "Deletes the specified TargetHttpsProxy resource.", + "httpMethod": "DELETE", + "id": "compute.targetHttpsProxies.delete", + "parameterOrder": [ + "project", + "targetHttpsProxy" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "targetHttpsProxy": { + "description": "Name of the TargetHttpsProxy resource to delete.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/targetHttpsProxies/{targetHttpsProxy}", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "get": { + "description": "Returns the specified TargetHttpsProxy resource. Get a list of available target HTTPS proxies by making a list() request.", + "httpMethod": "GET", + "id": "compute.targetHttpsProxies.get", + "parameterOrder": [ + "project", + "targetHttpsProxy" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "targetHttpsProxy": { + "description": "Name of the TargetHttpsProxy resource to return.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/targetHttpsProxies/{targetHttpsProxy}", + "response": { + "$ref": "TargetHttpsProxy" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "insert": { + "description": "Creates a TargetHttpsProxy resource in the specified project using the data included in the request.", + "httpMethod": "POST", + "id": "compute.targetHttpsProxies.insert", + "parameterOrder": [ + "project" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/targetHttpsProxies", + "request": { + "$ref": "TargetHttpsProxy" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "list": { + "description": "Retrieves the list of TargetHttpsProxy resources available to the specified project.", + "httpMethod": "GET", + "id": "compute.targetHttpsProxies.list", + "parameterOrder": [ + "project" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/targetHttpsProxies", + "response": { + "$ref": "TargetHttpsProxyList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "setSslCertificates": { + "description": "Replaces SslCertificates for TargetHttpsProxy.", + "httpMethod": "POST", + "id": "compute.targetHttpsProxies.setSslCertificates", + "parameterOrder": [ + "project", + "targetHttpsProxy" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "targetHttpsProxy": { + "description": "Name of the TargetHttpsProxy resource to set an SslCertificates resource for.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/targetHttpsProxies/{targetHttpsProxy}/setSslCertificates", + "request": { + "$ref": "TargetHttpsProxiesSetSslCertificatesRequest" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "setUrlMap": { + "description": "Changes the URL map for TargetHttpsProxy.", + "httpMethod": "POST", + "id": "compute.targetHttpsProxies.setUrlMap", + "parameterOrder": [ + "project", + "targetHttpsProxy" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "targetHttpsProxy": { + "description": "Name of the TargetHttpsProxy resource whose URL map is to be set.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/targetHttpsProxies/{targetHttpsProxy}/setUrlMap", + "request": { + "$ref": "UrlMapReference" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + } } - }, - "parameterOrder": [ - "project", - "region", - "instanceGroupManager" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "deleteInstances": { - "id": "compute.regionInstanceGroupManagers.deleteInstances", - "path": "{project}/regions/{region}/instanceGroupManagers/{instanceGroupManager}/deleteInstances", - "httpMethod": "POST", - "description": "Schedules a group action to delete the specified instances in the managed instance group. The instances are also removed from any target pools of which they were a member. This method reduces the targetSize of the managed instance group by the number of instances that you delete. This operation is marked as DONE when the action is scheduled even if the instances are still being deleted. You must separately verify the status of the deleting action with the listmanagedinstances method.\n\nIf the group is part of a backend service that has enabled connection draining, it can take up to 60 seconds after the connection draining duration has elapsed before the VM instance is removed or deleted.\n\nYou can specify a maximum of 1000 instances with this method per request.", - "parameters": { - "instanceGroupManager": { - "type": "string", - "description": "Name of the managed instance group.", - "required": true, - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "region": { - "type": "string", - "description": "Name of the region scoping this request.", - "required": true, - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + }, + "targetInstances": { + "methods": { + "aggregatedList": { + "description": "Retrieves an aggregated list of target instances.", + "httpMethod": "GET", + "id": "compute.targetInstances.aggregatedList", + "parameterOrder": [ + "project" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/aggregated/targetInstances", + "response": { + "$ref": "TargetInstanceAggregatedList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "delete": { + "description": "Deletes the specified TargetInstance resource.", + "httpMethod": "DELETE", + "id": "compute.targetInstances.delete", + "parameterOrder": [ + "project", + "zone", + "targetInstance" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "targetInstance": { + "description": "Name of the TargetInstance resource to delete.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "zone": { + "description": "Name of the zone scoping this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/targetInstances/{targetInstance}", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "get": { + "description": "Returns the specified TargetInstance resource. Get a list of available target instances by making a list() request.", + "httpMethod": "GET", + "id": "compute.targetInstances.get", + "parameterOrder": [ + "project", + "zone", + "targetInstance" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "targetInstance": { + "description": "Name of the TargetInstance resource to return.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "zone": { + "description": "Name of the zone scoping this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/targetInstances/{targetInstance}", + "response": { + "$ref": "TargetInstance" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "insert": { + "description": "Creates a TargetInstance resource in the specified project and zone using the data included in the request.", + "httpMethod": "POST", + "id": "compute.targetInstances.insert", + "parameterOrder": [ + "project", + "zone" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "zone": { + "description": "Name of the zone scoping this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/targetInstances", + "request": { + "$ref": "TargetInstance" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "list": { + "description": "Retrieves a list of TargetInstance resources available to the specified project and zone.", + "httpMethod": "GET", + "id": "compute.targetInstances.list", + "parameterOrder": [ + "project", + "zone" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "zone": { + "description": "Name of the zone scoping this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/targetInstances", + "response": { + "$ref": "TargetInstanceList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + } } - }, - "parameterOrder": [ - "project", - "region", - "instanceGroupManager" - ], - "request": { - "$ref": "RegionInstanceGroupManagersDeleteInstancesRequest" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "get": { - "id": "compute.regionInstanceGroupManagers.get", - "path": "{project}/regions/{region}/instanceGroupManagers/{instanceGroupManager}", - "httpMethod": "GET", - "description": "Returns all of the details about the specified managed instance group.", - "parameters": { - "instanceGroupManager": { - "type": "string", - "description": "Name of the managed instance group to return.", - "required": true, - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "region": { - "type": "string", - "description": "Name of the region scoping this request.", - "required": true, - "location": "path" + }, + "targetPools": { + "methods": { + "addHealthCheck": { + "description": "Adds health check URLs to a target pool.", + "httpMethod": "POST", + "id": "compute.targetPools.addHealthCheck", + "parameterOrder": [ + "project", + "region", + "targetPool" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region scoping this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "targetPool": { + "description": "Name of the target pool to add a health check to.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}/targetPools/{targetPool}/addHealthCheck", + "request": { + "$ref": "TargetPoolsAddHealthCheckRequest" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "addInstance": { + "description": "Adds an instance to a target pool.", + "httpMethod": "POST", + "id": "compute.targetPools.addInstance", + "parameterOrder": [ + "project", + "region", + "targetPool" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region scoping this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "targetPool": { + "description": "Name of the TargetPool resource to add instances to.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}/targetPools/{targetPool}/addInstance", + "request": { + "$ref": "TargetPoolsAddInstanceRequest" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "aggregatedList": { + "description": "Retrieves an aggregated list of target pools.", + "httpMethod": "GET", + "id": "compute.targetPools.aggregatedList", + "parameterOrder": [ + "project" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/aggregated/targetPools", + "response": { + "$ref": "TargetPoolAggregatedList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "delete": { + "description": "Deletes the specified target pool.", + "httpMethod": "DELETE", + "id": "compute.targetPools.delete", + "parameterOrder": [ + "project", + "region", + "targetPool" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region scoping this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "targetPool": { + "description": "Name of the TargetPool resource to delete.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}/targetPools/{targetPool}", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "get": { + "description": "Returns the specified target pool. Get a list of available target pools by making a list() request.", + "httpMethod": "GET", + "id": "compute.targetPools.get", + "parameterOrder": [ + "project", + "region", + "targetPool" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region scoping this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "targetPool": { + "description": "Name of the TargetPool resource to return.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}/targetPools/{targetPool}", + "response": { + "$ref": "TargetPool" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "getHealth": { + "description": "Gets the most recent health check results for each IP for the instance that is referenced by the given target pool.", + "httpMethod": "POST", + "id": "compute.targetPools.getHealth", + "parameterOrder": [ + "project", + "region", + "targetPool" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region scoping this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "targetPool": { + "description": "Name of the TargetPool resource to which the queried instance belongs.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}/targetPools/{targetPool}/getHealth", + "request": { + "$ref": "InstanceReference" + }, + "response": { + "$ref": "TargetPoolInstanceHealth" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "insert": { + "description": "Creates a target pool in the specified project and region using the data included in the request.", + "httpMethod": "POST", + "id": "compute.targetPools.insert", + "parameterOrder": [ + "project", + "region" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region scoping this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/regions/{region}/targetPools", + "request": { + "$ref": "TargetPool" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "list": { + "description": "Retrieves a list of target pools available to the specified project and region.", + "httpMethod": "GET", + "id": "compute.targetPools.list", + "parameterOrder": [ + "project", + "region" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region scoping this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}/targetPools", + "response": { + "$ref": "TargetPoolList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "removeHealthCheck": { + "description": "Removes health check URL from a target pool.", + "httpMethod": "POST", + "id": "compute.targetPools.removeHealthCheck", + "parameterOrder": [ + "project", + "region", + "targetPool" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "targetPool": { + "description": "Name of the target pool to remove health checks from.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}/targetPools/{targetPool}/removeHealthCheck", + "request": { + "$ref": "TargetPoolsRemoveHealthCheckRequest" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "removeInstance": { + "description": "Removes instance URL from a target pool.", + "httpMethod": "POST", + "id": "compute.targetPools.removeInstance", + "parameterOrder": [ + "project", + "region", + "targetPool" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region scoping this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "targetPool": { + "description": "Name of the TargetPool resource to remove instances from.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}/targetPools/{targetPool}/removeInstance", + "request": { + "$ref": "TargetPoolsRemoveInstanceRequest" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "setBackup": { + "description": "Changes a backup target pool's configurations.", + "httpMethod": "POST", + "id": "compute.targetPools.setBackup", + "parameterOrder": [ + "project", + "region", + "targetPool" + ], + "parameters": { + "failoverRatio": { + "description": "New failoverRatio value for the target pool.", + "format": "float", + "location": "query", + "type": "number" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region scoping this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "targetPool": { + "description": "Name of the TargetPool resource to set a backup pool for.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}/targetPools/{targetPool}/setBackup", + "request": { + "$ref": "TargetReference" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + } } - }, - "parameterOrder": [ - "project", - "region", - "instanceGroupManager" - ], - "response": { - "$ref": "InstanceGroupManager" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "insert": { - "id": "compute.regionInstanceGroupManagers.insert", - "path": "{project}/regions/{region}/instanceGroupManagers", - "httpMethod": "POST", - "description": "Creates a managed instance group using the information that you specify in the request. After the group is created, it schedules an action to create instances in the group using the specified instance template. This operation is marked as DONE when the group is created even if the instances in the group have not yet been created. You must separately verify the status of the individual instances with the listmanagedinstances method.\n\nA regional managed instance group can contain up to 2000 instances.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "region": { - "type": "string", - "description": "Name of the region scoping this request.", - "required": true, - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + }, + "targetSslProxies": { + "methods": { + "delete": { + "description": "Deletes the specified TargetSslProxy resource.", + "httpMethod": "DELETE", + "id": "compute.targetSslProxies.delete", + "parameterOrder": [ + "project", + "targetSslProxy" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "targetSslProxy": { + "description": "Name of the TargetSslProxy resource to delete.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/targetSslProxies/{targetSslProxy}", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "get": { + "description": "Returns the specified TargetSslProxy resource. Get a list of available target SSL proxies by making a list() request.", + "httpMethod": "GET", + "id": "compute.targetSslProxies.get", + "parameterOrder": [ + "project", + "targetSslProxy" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "targetSslProxy": { + "description": "Name of the TargetSslProxy resource to return.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/targetSslProxies/{targetSslProxy}", + "response": { + "$ref": "TargetSslProxy" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "insert": { + "description": "Creates a TargetSslProxy resource in the specified project using the data included in the request.", + "httpMethod": "POST", + "id": "compute.targetSslProxies.insert", + "parameterOrder": [ + "project" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/targetSslProxies", + "request": { + "$ref": "TargetSslProxy" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "list": { + "description": "Retrieves the list of TargetSslProxy resources available to the specified project.", + "httpMethod": "GET", + "id": "compute.targetSslProxies.list", + "parameterOrder": [ + "project" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/targetSslProxies", + "response": { + "$ref": "TargetSslProxyList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "setBackendService": { + "description": "Changes the BackendService for TargetSslProxy.", + "httpMethod": "POST", + "id": "compute.targetSslProxies.setBackendService", + "parameterOrder": [ + "project", + "targetSslProxy" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "targetSslProxy": { + "description": "Name of the TargetSslProxy resource whose BackendService resource is to be set.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/targetSslProxies/{targetSslProxy}/setBackendService", + "request": { + "$ref": "TargetSslProxiesSetBackendServiceRequest" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "setProxyHeader": { + "description": "Changes the ProxyHeaderType for TargetSslProxy.", + "httpMethod": "POST", + "id": "compute.targetSslProxies.setProxyHeader", + "parameterOrder": [ + "project", + "targetSslProxy" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "targetSslProxy": { + "description": "Name of the TargetSslProxy resource whose ProxyHeader is to be set.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/targetSslProxies/{targetSslProxy}/setProxyHeader", + "request": { + "$ref": "TargetSslProxiesSetProxyHeaderRequest" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "setSslCertificates": { + "description": "Changes SslCertificates for TargetSslProxy.", + "httpMethod": "POST", + "id": "compute.targetSslProxies.setSslCertificates", + "parameterOrder": [ + "project", + "targetSslProxy" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "targetSslProxy": { + "description": "Name of the TargetSslProxy resource whose SslCertificate resource is to be set.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/targetSslProxies/{targetSslProxy}/setSslCertificates", + "request": { + "$ref": "TargetSslProxiesSetSslCertificatesRequest" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + } } - }, - "parameterOrder": [ - "project", - "region" - ], - "request": { - "$ref": "InstanceGroupManager" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "list": { - "id": "compute.regionInstanceGroupManagers.list", - "path": "{project}/regions/{region}/instanceGroupManagers", - "httpMethod": "GET", - "description": "Retrieves the list of managed instance groups that are contained within the specified region.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" - }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "region": { - "type": "string", - "description": "Name of the region scoping this request.", - "required": true, - "location": "path" + }, + "targetTcpProxies": { + "methods": { + "delete": { + "description": "Deletes the specified TargetTcpProxy resource.", + "httpMethod": "DELETE", + "id": "compute.targetTcpProxies.delete", + "parameterOrder": [ + "project", + "targetTcpProxy" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "targetTcpProxy": { + "description": "Name of the TargetTcpProxy resource to delete.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/targetTcpProxies/{targetTcpProxy}", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "get": { + "description": "Returns the specified TargetTcpProxy resource. Get a list of available target TCP proxies by making a list() request.", + "httpMethod": "GET", + "id": "compute.targetTcpProxies.get", + "parameterOrder": [ + "project", + "targetTcpProxy" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "targetTcpProxy": { + "description": "Name of the TargetTcpProxy resource to return.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/targetTcpProxies/{targetTcpProxy}", + "response": { + "$ref": "TargetTcpProxy" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "insert": { + "description": "Creates a TargetTcpProxy resource in the specified project using the data included in the request.", + "httpMethod": "POST", + "id": "compute.targetTcpProxies.insert", + "parameterOrder": [ + "project" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/targetTcpProxies", + "request": { + "$ref": "TargetTcpProxy" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "list": { + "description": "Retrieves the list of TargetTcpProxy resources available to the specified project.", + "httpMethod": "GET", + "id": "compute.targetTcpProxies.list", + "parameterOrder": [ + "project" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/targetTcpProxies", + "response": { + "$ref": "TargetTcpProxyList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "setBackendService": { + "description": "Changes the BackendService for TargetTcpProxy.", + "httpMethod": "POST", + "id": "compute.targetTcpProxies.setBackendService", + "parameterOrder": [ + "project", + "targetTcpProxy" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "targetTcpProxy": { + "description": "Name of the TargetTcpProxy resource whose BackendService resource is to be set.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/targetTcpProxies/{targetTcpProxy}/setBackendService", + "request": { + "$ref": "TargetTcpProxiesSetBackendServiceRequest" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "setProxyHeader": { + "description": "Changes the ProxyHeaderType for TargetTcpProxy.", + "httpMethod": "POST", + "id": "compute.targetTcpProxies.setProxyHeader", + "parameterOrder": [ + "project", + "targetTcpProxy" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "targetTcpProxy": { + "description": "Name of the TargetTcpProxy resource whose ProxyHeader is to be set.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/targetTcpProxies/{targetTcpProxy}/setProxyHeader", + "request": { + "$ref": "TargetTcpProxiesSetProxyHeaderRequest" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + } } - }, - "parameterOrder": [ - "project", - "region" - ], - "response": { - "$ref": "RegionInstanceGroupManagerList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "listManagedInstances": { - "id": "compute.regionInstanceGroupManagers.listManagedInstances", - "path": "{project}/regions/{region}/instanceGroupManagers/{instanceGroupManager}/listManagedInstances", - "httpMethod": "POST", - "description": "Lists the instances in the managed instance group and instances that are scheduled to be created. The list includes any current actions that the group has scheduled for its instances.", - "parameters": { - "filter": { - "type": "string", - "location": "query" - }, - "instanceGroupManager": { - "type": "string", - "description": "The name of the managed instance group.", - "required": true, - "location": "path" - }, - "maxResults": { - "type": "integer", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "order_by": { - "type": "string", - "location": "query" - }, - "pageToken": { - "type": "string", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "region": { - "type": "string", - "description": "Name of the region scoping this request.", - "required": true, - "location": "path" + }, + "targetVpnGateways": { + "methods": { + "aggregatedList": { + "description": "Retrieves an aggregated list of target VPN gateways.", + "httpMethod": "GET", + "id": "compute.targetVpnGateways.aggregatedList", + "parameterOrder": [ + "project" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/aggregated/targetVpnGateways", + "response": { + "$ref": "TargetVpnGatewayAggregatedList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "delete": { + "description": "Deletes the specified target VPN gateway.", + "httpMethod": "DELETE", + "id": "compute.targetVpnGateways.delete", + "parameterOrder": [ + "project", + "region", + "targetVpnGateway" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "targetVpnGateway": { + "description": "Name of the target VPN gateway to delete.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}/targetVpnGateways/{targetVpnGateway}", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "get": { + "description": "Returns the specified target VPN gateway. Get a list of available target VPN gateways by making a list() request.", + "httpMethod": "GET", + "id": "compute.targetVpnGateways.get", + "parameterOrder": [ + "project", + "region", + "targetVpnGateway" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "targetVpnGateway": { + "description": "Name of the target VPN gateway to return.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}/targetVpnGateways/{targetVpnGateway}", + "response": { + "$ref": "TargetVpnGateway" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "insert": { + "description": "Creates a target VPN gateway in the specified project and region using the data included in the request.", + "httpMethod": "POST", + "id": "compute.targetVpnGateways.insert", + "parameterOrder": [ + "project", + "region" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/regions/{region}/targetVpnGateways", + "request": { + "$ref": "TargetVpnGateway" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "list": { + "description": "Retrieves a list of target VPN gateways available to the specified project and region.", + "httpMethod": "GET", + "id": "compute.targetVpnGateways.list", + "parameterOrder": [ + "project", + "region" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}/targetVpnGateways", + "response": { + "$ref": "TargetVpnGatewayList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + } } - }, - "parameterOrder": [ - "project", - "region", - "instanceGroupManager" - ], - "response": { - "$ref": "RegionInstanceGroupManagersListInstancesResponse" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "recreateInstances": { - "id": "compute.regionInstanceGroupManagers.recreateInstances", - "path": "{project}/regions/{region}/instanceGroupManagers/{instanceGroupManager}/recreateInstances", - "httpMethod": "POST", - "description": "Schedules a group action to recreate the specified instances in the managed instance group. The instances are deleted and recreated using the current instance template for the managed instance group. This operation is marked as DONE when the action is scheduled even if the instances have not yet been recreated. You must separately verify the status of the recreating action with the listmanagedinstances method.\n\nIf the group is part of a backend service that has enabled connection draining, it can take up to 60 seconds after the connection draining duration has elapsed before the VM instance is removed or deleted.\n\nYou can specify a maximum of 1000 instances with this method per request.", - "parameters": { - "instanceGroupManager": { - "type": "string", - "description": "Name of the managed instance group.", - "required": true, - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "region": { - "type": "string", - "description": "Name of the region scoping this request.", - "required": true, - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + }, + "urlMaps": { + "methods": { + "delete": { + "description": "Deletes the specified UrlMap resource.", + "httpMethod": "DELETE", + "id": "compute.urlMaps.delete", + "parameterOrder": [ + "project", + "urlMap" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "urlMap": { + "description": "Name of the UrlMap resource to delete.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/urlMaps/{urlMap}", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "get": { + "description": "Returns the specified UrlMap resource. Get a list of available URL maps by making a list() request.", + "httpMethod": "GET", + "id": "compute.urlMaps.get", + "parameterOrder": [ + "project", + "urlMap" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "urlMap": { + "description": "Name of the UrlMap resource to return.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/urlMaps/{urlMap}", + "response": { + "$ref": "UrlMap" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "insert": { + "description": "Creates a UrlMap resource in the specified project using the data included in the request.", + "httpMethod": "POST", + "id": "compute.urlMaps.insert", + "parameterOrder": [ + "project" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/global/urlMaps", + "request": { + "$ref": "UrlMap" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "invalidateCache": { + "description": "Initiates a cache invalidation operation, invalidating the specified path, scoped to the specified UrlMap.", + "httpMethod": "POST", + "id": "compute.urlMaps.invalidateCache", + "parameterOrder": [ + "project", + "urlMap" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "urlMap": { + "description": "Name of the UrlMap scoping this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/urlMaps/{urlMap}/invalidateCache", + "request": { + "$ref": "CacheInvalidationRule" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "list": { + "description": "Retrieves the list of UrlMap resources available to the specified project.", + "httpMethod": "GET", + "id": "compute.urlMaps.list", + "parameterOrder": [ + "project" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/urlMaps", + "response": { + "$ref": "UrlMapList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "patch": { + "description": "Patches the specified UrlMap resource with the data included in the request. This method supports PATCH semantics and uses the JSON merge patch format and processing rules.", + "httpMethod": "PATCH", + "id": "compute.urlMaps.patch", + "parameterOrder": [ + "project", + "urlMap" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "urlMap": { + "description": "Name of the UrlMap resource to patch.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/urlMaps/{urlMap}", + "request": { + "$ref": "UrlMap" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "update": { + "description": "Updates the specified UrlMap resource with the data included in the request.", + "httpMethod": "PUT", + "id": "compute.urlMaps.update", + "parameterOrder": [ + "project", + "urlMap" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "urlMap": { + "description": "Name of the UrlMap resource to update.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/urlMaps/{urlMap}", + "request": { + "$ref": "UrlMap" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "validate": { + "description": "Runs static validation for the UrlMap. In particular, the tests of the provided UrlMap will be run. Calling this method does NOT create the UrlMap.", + "httpMethod": "POST", + "id": "compute.urlMaps.validate", + "parameterOrder": [ + "project", + "urlMap" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "urlMap": { + "description": "Name of the UrlMap resource to be validated as.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/global/urlMaps/{urlMap}/validate", + "request": { + "$ref": "UrlMapsValidateRequest" + }, + "response": { + "$ref": "UrlMapsValidateResponse" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + } } - }, - "parameterOrder": [ - "project", - "region", - "instanceGroupManager" - ], - "request": { - "$ref": "RegionInstanceGroupManagersRecreateRequest" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "resize": { - "id": "compute.regionInstanceGroupManagers.resize", - "path": "{project}/regions/{region}/instanceGroupManagers/{instanceGroupManager}/resize", - "httpMethod": "POST", - "description": "Changes the intended size for the managed instance group. If you increase the size, the group schedules actions to create new instances using the current instance template. If you decrease the size, the group schedules delete actions on one or more instances. The resize operation is marked DONE when the resize actions are scheduled even if the group has not yet added or deleted any instances. You must separately verify the status of the creating or deleting actions with the listmanagedinstances method.\n\nIf the group is part of a backend service that has enabled connection draining, it can take up to 60 seconds after the connection draining duration has elapsed before the VM instance is removed or deleted.", - "parameters": { - "instanceGroupManager": { - "type": "string", - "description": "Name of the managed instance group.", - "required": true, - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "region": { - "type": "string", - "description": "Name of the region scoping this request.", - "required": true, - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - }, - "size": { - "type": "integer", - "description": "Number of instances that should exist in this instance group manager.", - "required": true, - "format": "int32", - "minimum": "0", - "location": "query" + }, + "vpnTunnels": { + "methods": { + "aggregatedList": { + "description": "Retrieves an aggregated list of VPN tunnels.", + "httpMethod": "GET", + "id": "compute.vpnTunnels.aggregatedList", + "parameterOrder": [ + "project" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/aggregated/vpnTunnels", + "response": { + "$ref": "VpnTunnelAggregatedList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "delete": { + "description": "Deletes the specified VpnTunnel resource.", + "httpMethod": "DELETE", + "id": "compute.vpnTunnels.delete", + "parameterOrder": [ + "project", + "region", + "vpnTunnel" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + }, + "vpnTunnel": { + "description": "Name of the VpnTunnel resource to delete.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}/vpnTunnels/{vpnTunnel}", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "get": { + "description": "Returns the specified VpnTunnel resource. Get a list of available VPN tunnels by making a list() request.", + "httpMethod": "GET", + "id": "compute.vpnTunnels.get", + "parameterOrder": [ + "project", + "region", + "vpnTunnel" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "vpnTunnel": { + "description": "Name of the VpnTunnel resource to return.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}/vpnTunnels/{vpnTunnel}", + "response": { + "$ref": "VpnTunnel" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "insert": { + "description": "Creates a VpnTunnel resource in the specified project and region using the data included in the request.", + "httpMethod": "POST", + "id": "compute.vpnTunnels.insert", + "parameterOrder": [ + "project", + "region" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "requestId": { + "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + "location": "query", + "type": "string" + } + }, + "path": "{project}/regions/{region}/vpnTunnels", + "request": { + "$ref": "VpnTunnel" + }, + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "list": { + "description": "Retrieves a list of VpnTunnel resources contained in the specified project and region.", + "httpMethod": "GET", + "id": "compute.vpnTunnels.list", + "parameterOrder": [ + "project", + "region" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "region": { + "description": "Name of the region for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/regions/{region}/vpnTunnels", + "response": { + "$ref": "VpnTunnelList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + } } - }, - "parameterOrder": [ - "project", - "region", - "instanceGroupManager", - "size" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "setInstanceTemplate": { - "id": "compute.regionInstanceGroupManagers.setInstanceTemplate", - "path": "{project}/regions/{region}/instanceGroupManagers/{instanceGroupManager}/setInstanceTemplate", - "httpMethod": "POST", - "description": "Sets the instance template to use when creating new instances or recreating instances in this group. Existing instances are not affected.", - "parameters": { - "instanceGroupManager": { - "type": "string", - "description": "The name of the managed instance group.", - "required": true, - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "region": { - "type": "string", - "description": "Name of the region scoping this request.", - "required": true, - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + }, + "zoneOperations": { + "methods": { + "delete": { + "description": "Deletes the specified zone-specific Operations resource.", + "httpMethod": "DELETE", + "id": "compute.zoneOperations.delete", + "parameterOrder": [ + "project", + "zone", + "operation" + ], + "parameters": { + "operation": { + "description": "Name of the Operations resource to delete.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "zone": { + "description": "Name of the zone for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/operations/{operation}", + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute" + ] + }, + "get": { + "description": "Retrieves the specified zone-specific Operations resource.", + "httpMethod": "GET", + "id": "compute.zoneOperations.get", + "parameterOrder": [ + "project", + "zone", + "operation" + ], + "parameters": { + "operation": { + "description": "Name of the Operations resource to return.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "zone": { + "description": "Name of the zone for this request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/operations/{operation}", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "list": { + "description": "Retrieves a list of Operation resources contained within the specified zone.", + "httpMethod": "GET", + "id": "compute.zoneOperations.list", + "parameterOrder": [ + "project", + "zone" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "zone": { + "description": "Name of the zone for request.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}/operations", + "response": { + "$ref": "OperationList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + } } - }, - "parameterOrder": [ - "project", - "region", - "instanceGroupManager" - ], - "request": { - "$ref": "RegionInstanceGroupManagersSetTemplateRequest" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "setTargetPools": { - "id": "compute.regionInstanceGroupManagers.setTargetPools", - "path": "{project}/regions/{region}/instanceGroupManagers/{instanceGroupManager}/setTargetPools", - "httpMethod": "POST", - "description": "Modifies the target pools to which all new instances in this group are assigned. Existing instances in the group are not affected.", - "parameters": { - "instanceGroupManager": { - "type": "string", - "description": "Name of the managed instance group.", - "required": true, - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "region": { - "type": "string", - "description": "Name of the region scoping this request.", - "required": true, - "location": "path" - }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + }, + "zones": { + "methods": { + "get": { + "description": "Returns the specified Zone resource. Get a list of available zones by making a list() request.", + "httpMethod": "GET", + "id": "compute.zones.get", + "parameterOrder": [ + "project", + "zone" + ], + "parameters": { + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + }, + "zone": { + "description": "Name of the zone resource to return.", + "location": "path", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones/{zone}", + "response": { + "$ref": "Zone" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + }, + "list": { + "description": "Retrieves the list of Zone resources available to the specified project.", + "httpMethod": "GET", + "id": "compute.zones.list", + "parameterOrder": [ + "project" + ], + "parameters": { + "filter": { + "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "500", + "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "orderBy": { + "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + "location": "query", + "type": "string" + }, + "pageToken": { + "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + "location": "query", + "type": "string" + }, + "project": { + "description": "Project ID for this request.", + "location": "path", + "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + "required": true, + "type": "string" + } + }, + "path": "{project}/zones", + "response": { + "$ref": "ZoneList" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/compute.readonly" + ] + } } - }, - "parameterOrder": [ - "project", - "region", - "instanceGroupManager" - ], - "request": { - "$ref": "RegionInstanceGroupManagersSetTargetPoolsRequest" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] } - } }, - "regionInstanceGroups": { - "methods": { - "get": { - "id": "compute.regionInstanceGroups.get", - "path": "{project}/regions/{region}/instanceGroups/{instanceGroup}", - "httpMethod": "GET", - "description": "Returns the specified instance group resource.", - "parameters": { - "instanceGroup": { - "type": "string", - "description": "Name of the instance group resource to return.", - "required": true, - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "region": { - "type": "string", - "description": "Name of the region scoping this request.", - "required": true, - "location": "path" - } - }, - "parameterOrder": [ - "project", - "region", - "instanceGroup" - ], - "response": { - "$ref": "InstanceGroup" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "list": { - "id": "compute.regionInstanceGroups.list", - "path": "{project}/regions/{region}/instanceGroups", - "httpMethod": "GET", - "description": "Retrieves the list of instance group resources contained within the specified region.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" - }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "region": { - "type": "string", - "description": "Name of the region scoping this request.", - "required": true, - "location": "path" - } - }, - "parameterOrder": [ - "project", - "region" - ], - "response": { - "$ref": "RegionInstanceGroupList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "listInstances": { - "id": "compute.regionInstanceGroups.listInstances", - "path": "{project}/regions/{region}/instanceGroups/{instanceGroup}/listInstances", - "httpMethod": "POST", - "description": "Lists the instances in the specified instance group and displays information about the named ports. Depending on the specified options, this method can list all instances or only the instances that are running.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" - }, - "instanceGroup": { - "type": "string", - "description": "Name of the regional instance group for which we want to list the instances.", - "required": true, - "location": "path" - }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - }, - "region": { - "type": "string", - "description": "Name of the region scoping this request.", - "required": true, - "location": "path" - } - }, - "parameterOrder": [ - "project", - "region", - "instanceGroup" - ], - "request": { - "$ref": "RegionInstanceGroupsListInstancesRequest" - }, - "response": { - "$ref": "RegionInstanceGroupsListInstances" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "setNamedPorts": { - "id": "compute.regionInstanceGroups.setNamedPorts", - "path": "{project}/regions/{region}/instanceGroups/{instanceGroup}/setNamedPorts", - "httpMethod": "POST", - "description": "Sets the named ports for the specified regional instance group.", - "parameters": { - "instanceGroup": { - "type": "string", - "description": "The name of the regional instance group where the named ports are updated.", - "required": true, - "location": "path" - }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "revision": "20180112", + "rootUrl": "https://www.googleapis.com/", + "schemas": { + "AcceleratorConfig": { + "description": "A specification of the type and number of accelerator cards attached to the instance.", + "id": "AcceleratorConfig", + "properties": { + "acceleratorCount": { + "description": "The number of the guest accelerator cards exposed to this instance.", + "format": "int32", + "type": "integer" + }, + "acceleratorType": { + "description": "Full or partial URL of the accelerator type resource to attach to this instance. If you are creating an instance template, specify only the accelerator name.", + "type": "string" + } }, - "region": { - "type": "string", - "description": "Name of the region scoping this request.", - "required": true, - "location": "path" + "type": "object" + }, + "AcceleratorType": { + "description": "An Accelerator Type resource. (== resource_for beta.acceleratorTypes ==) (== resource_for v1.acceleratorTypes ==)", + "id": "AcceleratorType", + "properties": { + "creationTimestamp": { + "description": "[Output Only] Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "deprecated": { + "$ref": "DeprecationStatus", + "description": "[Output Only] The deprecation status associated with this accelerator type." + }, + "description": { + "description": "[Output Only] An optional textual description of the resource.", + "type": "string" + }, + "id": { + "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", + "format": "uint64", + "type": "string" + }, + "kind": { + "default": "compute#acceleratorType", + "description": "[Output Only] The type of the resource. Always compute#acceleratorType for accelerator types.", + "type": "string" + }, + "maximumCardsPerInstance": { + "description": "[Output Only] Maximum accelerator cards allowed per instance.", + "format": "int32", + "type": "integer" + }, + "name": { + "description": "[Output Only] Name of the resource.", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined fully-qualified URL for this resource.", + "type": "string" + }, + "zone": { + "description": "[Output Only] The name of the zone where the accelerator type resides, such as us-central1-a. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.", + "type": "string" + } }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project", - "region", - "instanceGroup" - ], - "request": { - "$ref": "RegionInstanceGroupsSetNamedPortsRequest" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - } - } - }, - "regionOperations": { - "methods": { - "delete": { - "id": "compute.regionOperations.delete", - "path": "{project}/regions/{region}/operations/{operation}", - "httpMethod": "DELETE", - "description": "Deletes the specified region-specific Operations resource.", - "parameters": { - "operation": { - "type": "string", - "description": "Name of the Operations resource to delete.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" + "type": "object" + }, + "AcceleratorTypeAggregatedList": { + "id": "AcceleratorTypeAggregatedList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "additionalProperties": { + "$ref": "AcceleratorTypesScopedList", + "description": "[Output Only] Name of the scope containing this set of accelerator types." + }, + "description": "A list of AcceleratorTypesScopedList resources.", + "type": "object" + }, + "kind": { + "default": "compute#acceleratorTypeAggregatedList", + "description": "[Output Only] Type of resource. Always compute#acceleratorTypeAggregatedList for aggregated lists of accelerator types.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "AcceleratorTypeList": { + "description": "Contains a list of accelerator types.", + "id": "AcceleratorTypeList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "description": "A list of AcceleratorType resources.", + "items": { + "$ref": "AcceleratorType" + }, + "type": "array" + }, + "kind": { + "default": "compute#acceleratorTypeList", + "description": "[Output Only] Type of resource. Always compute#acceleratorTypeList for lists of accelerator types.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "region": { - "type": "string", - "description": "Name of the region for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "region", - "operation" - ], - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "get": { - "id": "compute.regionOperations.get", - "path": "{project}/regions/{region}/operations/{operation}", - "httpMethod": "GET", - "description": "Retrieves the specified region-specific Operations resource.", - "parameters": { - "operation": { - "type": "string", - "description": "Name of the Operations resource to return.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" + "type": "object" + }, + "AcceleratorTypesScopedList": { + "id": "AcceleratorTypesScopedList", + "properties": { + "acceleratorTypes": { + "description": "[Output Only] List of accelerator types contained in this scope.", + "items": { + "$ref": "AcceleratorType" + }, + "type": "array" + }, + "warning": { + "description": "[Output Only] An informational warning that appears when the accelerator types list is empty.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "AccessConfig": { + "description": "An access configuration attached to an instance's network interface. Only one access config per instance is supported.", + "id": "AccessConfig", + "properties": { + "kind": { + "default": "compute#accessConfig", + "description": "[Output Only] Type of the resource. Always compute#accessConfig for access configs.", + "type": "string" + }, + "name": { + "description": "The name of this access configuration. The default and recommended name is External NAT but you can use any arbitrary string you would like. For example, My external IP or Network Access.", + "type": "string" + }, + "natIP": { + "description": "An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.", + "type": "string" + }, + "publicPtrDomainName": { + "description": "The DNS domain name for the public PTR record. This field can only be set when the set_public_ptr field is enabled.", + "type": "string" + }, + "setPublicPtr": { + "description": "Specifies whether a public DNS ?PTR? record should be created to map the external IP address of the instance to a DNS domain name.", + "type": "boolean" + }, + "type": { + "default": "ONE_TO_ONE_NAT", + "description": "The type of configuration. The default and only option is ONE_TO_ONE_NAT.", + "enum": [ + "ONE_TO_ONE_NAT" + ], + "enumDescriptions": [ + "" + ], + "type": "string" + } }, - "region": { - "type": "string", - "description": "Name of the region for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "region", - "operation" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "list": { - "id": "compute.regionOperations.list", - "path": "{project}/regions/{region}/operations", - "httpMethod": "GET", - "description": "Retrieves a list of Operation resources contained within the specified region.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" + "type": "object" + }, + "Address": { + "description": "A reserved address resource. (== resource_for beta.addresses ==) (== resource_for v1.addresses ==) (== resource_for beta.globalAddresses ==) (== resource_for v1.globalAddresses ==)", + "id": "Address", + "properties": { + "address": { + "description": "The static IP address represented by this resource.", + "type": "string" + }, + "addressType": { + "description": "The type of address to reserve, either INTERNAL or EXTERNAL. If unspecified, defaults to EXTERNAL.", + "enum": [ + "EXTERNAL", + "INTERNAL", + "UNSPECIFIED_TYPE" + ], + "enumDescriptions": [ + "", + "", + "" + ], + "type": "string" + }, + "creationTimestamp": { + "description": "[Output Only] Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "description": { + "description": "An optional description of this resource. Provide this property when you create the resource.", + "type": "string" + }, + "id": { + "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", + "format": "uint64", + "type": "string" + }, + "ipVersion": { + "description": "The IP Version that will be used by this address. Valid options are IPV4 or IPV6. This can only be specified for a global address.", + "enum": [ + "IPV4", + "IPV6", + "UNSPECIFIED_VERSION" + ], + "enumDescriptions": [ + "", + "", + "" + ], + "type": "string" + }, + "kind": { + "default": "compute#address", + "description": "[Output Only] Type of the resource. Always compute#address for addresses.", + "type": "string" + }, + "name": { + "annotations": { + "required": [ + "compute.addresses.insert" + ] + }, + "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "type": "string" + }, + "region": { + "description": "[Output Only] URL of the region where the regional address resides. This field is not applicable to global addresses. You must specify this field as part of the HTTP request URL. You cannot set this field in the request body.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for the resource.", + "type": "string" + }, + "status": { + "description": "[Output Only] The status of the address, which can be one of RESERVING, RESERVED, or IN_USE. An address that is RESERVING is currently in the process of being reserved. A RESERVED address is currently reserved and available to use. An IN_USE address is currently being used by another resource and is not available.", + "enum": [ + "IN_USE", + "RESERVED" + ], + "enumDescriptions": [ + "", + "" + ], + "type": "string" + }, + "subnetwork": { + "description": "The URL of the subnetwork in which to reserve the address. If an IP address is specified, it must be within the subnetwork's IP range. This field can only be used with INTERNAL type with GCE_ENDPOINT/DNS_RESOLVER purposes.", + "type": "string" + }, + "users": { + "description": "[Output Only] The URLs of the resources that are using this address.", + "items": { + "type": "string" + }, + "type": "array" + } }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" + "type": "object" + }, + "AddressAggregatedList": { + "id": "AddressAggregatedList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "additionalProperties": { + "$ref": "AddressesScopedList", + "description": "[Output Only] Name of the scope containing this set of addresses." + }, + "description": "A list of AddressesScopedList resources.", + "type": "object" + }, + "kind": { + "default": "compute#addressAggregatedList", + "description": "[Output Only] Type of resource. Always compute#addressAggregatedList for aggregated lists of addresses.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" + "type": "object" + }, + "AddressList": { + "description": "Contains a list of addresses.", + "id": "AddressList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "description": "A list of Address resources.", + "items": { + "$ref": "Address" + }, + "type": "array" + }, + "kind": { + "default": "compute#addressList", + "description": "[Output Only] Type of resource. Always compute#addressList for lists of addresses.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" + "type": "object" + }, + "AddressesScopedList": { + "id": "AddressesScopedList", + "properties": { + "addresses": { + "description": "[Output Only] List of addresses contained in this scope.", + "items": { + "$ref": "Address" + }, + "type": "array" + }, + "warning": { + "description": "[Output Only] Informational warning which replaces the list of addresses when the list is empty.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "AliasIpRange": { + "description": "An alias IP range attached to an instance's network interface.", + "id": "AliasIpRange", + "properties": { + "ipCidrRange": { + "description": "The IP CIDR range represented by this alias IP range. This IP CIDR range must belong to the specified subnetwork and cannot contain IP addresses reserved by system or used by other network interfaces. This range may be a single IP address (e.g. 10.2.3.4), a netmask (e.g. /24) or a CIDR format string (e.g. 10.1.2.0/24).", + "type": "string" + }, + "subnetworkRangeName": { + "description": "Optional subnetwork secondary range name specifying the secondary range from which to allocate the IP CIDR range for this alias IP range. If left unspecified, the primary range of the subnetwork will be used.", + "type": "string" + } }, - "region": { - "type": "string", - "description": "Name of the region for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "region" - ], - "response": { - "$ref": "OperationList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - } - } - }, - "regions": { - "methods": { - "get": { - "id": "compute.regions.get", - "path": "{project}/regions/{region}", - "httpMethod": "GET", - "description": "Returns the specified Region resource. Get a list of available regions by making a list() request.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "AttachedDisk": { + "description": "An instance-attached disk resource.", + "id": "AttachedDisk", + "properties": { + "autoDelete": { + "description": "Specifies whether the disk will be auto-deleted when the instance is deleted (but not when the disk is detached from the instance).", + "type": "boolean" + }, + "boot": { + "description": "Indicates that this is a boot disk. The virtual machine will use the first partition of the disk for its root filesystem.", + "type": "boolean" + }, + "deviceName": { + "description": "Specifies a unique device name of your choice that is reflected into the /dev/disk/by-id/google-* tree of a Linux operating system running within the instance. This name can be used to reference the device for mounting, resizing, and so on, from within the instance.\n\nIf not specified, the server chooses a default device name to apply to this disk, in the form persistent-disks-x, where x is a number assigned by Google Compute Engine. This field is only applicable for persistent disks.", + "type": "string" + }, + "diskEncryptionKey": { + "$ref": "CustomerEncryptionKey", + "description": "Encrypts or decrypts a disk using a customer-supplied encryption key.\n\nIf you are creating a new disk, this field encrypts the new disk using an encryption key that you provide. If you are attaching an existing disk that is already encrypted, this field decrypts the disk using the customer-supplied encryption key.\n\nIf you encrypt a disk using a customer-supplied key, you must provide the same key again when you attempt to use this resource at a later time. For example, you must provide the key when you create a snapshot or an image from the disk or when you attach the disk to a virtual machine instance.\n\nIf you do not provide an encryption key, then the disk will be encrypted using an automatically generated key and you do not need to provide a key to use the disk later.\n\nInstance templates do not store customer-supplied encryption keys, so you cannot use your own keys to encrypt disks in a managed instance group." + }, + "index": { + "description": "[Output Only] A zero-based index to this disk, where 0 is reserved for the boot disk. If you have many disks attached to an instance, each disk would have a unique index number.", + "format": "int32", + "type": "integer" + }, + "initializeParams": { + "$ref": "AttachedDiskInitializeParams", + "description": "[Input Only] Specifies the parameters for a new disk that will be created alongside the new instance. Use initialization parameters to create boot disks or local SSDs attached to the new instance.\n\nThis property is mutually exclusive with the source property; you can only define one or the other, but not both." + }, + "interface": { + "description": "Specifies the disk interface to use for attaching this disk, which is either SCSI or NVME. The default is SCSI. Persistent disks must always use SCSI and the request will fail if you attempt to attach a persistent disk in any other format than SCSI. Local SSDs can use either NVME or SCSI. For performance characteristics of SCSI over NVMe, see Local SSD performance.", + "enum": [ + "NVME", + "SCSI" + ], + "enumDescriptions": [ + "", + "" + ], + "type": "string" + }, + "kind": { + "default": "compute#attachedDisk", + "description": "[Output Only] Type of the resource. Always compute#attachedDisk for attached disks.", + "type": "string" + }, + "licenses": { + "description": "[Output Only] Any valid publicly visible licenses.", + "items": { + "type": "string" + }, + "type": "array" + }, + "mode": { + "description": "The mode in which to attach this disk, either READ_WRITE or READ_ONLY. If not specified, the default is to attach the disk in READ_WRITE mode.", + "enum": [ + "READ_ONLY", + "READ_WRITE" + ], + "enumDescriptions": [ + "", + "" + ], + "type": "string" + }, + "source": { + "description": "Specifies a valid partial or full URL to an existing Persistent Disk resource. When creating a new instance, one of initializeParams.sourceImage or disks.source is required except for local SSD.\n\nIf desired, you can also attach existing non-root persistent disks using this property. This field is only applicable for persistent disks.\n\nNote that for InstanceTemplate, specify the disk name, not the URL for the disk.", + "type": "string" + }, + "type": { + "description": "Specifies the type of the disk, either SCRATCH or PERSISTENT. If not specified, the default is PERSISTENT.", + "enum": [ + "PERSISTENT", + "SCRATCH" + ], + "enumDescriptions": [ + "", + "" + ], + "type": "string" + } }, - "region": { - "type": "string", - "description": "Name of the region resource to return.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "region" - ], - "response": { - "$ref": "Region" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "list": { - "id": "compute.regions.list", - "path": "{project}/regions", - "httpMethod": "GET", - "description": "Retrieves the list of region resources available to the specified project.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" + "type": "object" + }, + "AttachedDiskInitializeParams": { + "description": "[Input Only] Specifies the parameters for a new disk that will be created alongside the new instance. Use initialization parameters to create boot disks or local SSDs attached to the new instance.\n\nThis property is mutually exclusive with the source property; you can only define one or the other, but not both.", + "id": "AttachedDiskInitializeParams", + "properties": { + "diskName": { + "description": "Specifies the disk name. If not specified, the default is to use the name of the instance.", + "type": "string" + }, + "diskSizeGb": { + "description": "Specifies the size of the disk in base-2 GB.", + "format": "int64", + "type": "string" + }, + "diskType": { + "description": "Specifies the disk type to use to create the instance. If not specified, the default is pd-standard, specified using the full URL. For example:\nhttps://www.googleapis.com/compute/v1/projects/project/zones/zone/diskTypes/pd-standard\n\n\nOther values include pd-ssd and local-ssd. If you define this field, you can provide either the full or partial URL. For example, the following are valid values: \n- https://www.googleapis.com/compute/v1/projects/project/zones/zone/diskTypes/diskType \n- projects/project/zones/zone/diskTypes/diskType \n- zones/zone/diskTypes/diskType Note that for InstanceTemplate, this is the name of the disk type, not URL.", + "type": "string" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "description": "Labels to apply to this disk. These can be later modified by the disks.setLabels method. This field is only applicable for persistent disks.", + "type": "object" + }, + "sourceImage": { + "description": "The source image to create this disk. When creating a new instance, one of initializeParams.sourceImage or disks.source is required except for local SSD.\n\nTo create a disk with one of the public operating system images, specify the image by its family name. For example, specify family/debian-8 to use the latest Debian 8 image:\nprojects/debian-cloud/global/images/family/debian-8\n\n\nAlternatively, use a specific version of a public operating system image:\nprojects/debian-cloud/global/images/debian-8-jessie-vYYYYMMDD\n\n\nTo create a disk with a custom image that you created, specify the image name in the following format:\nglobal/images/my-custom-image\n\n\nYou can also specify a custom image by its image family, which returns the latest version of the image in that family. Replace the image name with family/family-name:\nglobal/images/family/my-image-family\n\n\nIf the source image is deleted later, this field will not be set.", + "type": "string" + }, + "sourceImageEncryptionKey": { + "$ref": "CustomerEncryptionKey", + "description": "The customer-supplied encryption key of the source image. Required if the source image is protected by a customer-supplied encryption key.\n\nInstance templates do not store customer-supplied encryption keys, so you cannot create disks for instances in a managed instance group if the source images are encrypted with your own keys." + } }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" + "type": "object" + }, + "Autoscaler": { + "description": "Represents an Autoscaler resource. Autoscalers allow you to automatically scale virtual machine instances in managed instance groups according to an autoscaling policy that you define. For more information, read Autoscaling Groups of Instances. (== resource_for beta.autoscalers ==) (== resource_for v1.autoscalers ==) (== resource_for beta.regionAutoscalers ==) (== resource_for v1.regionAutoscalers ==)", + "id": "Autoscaler", + "properties": { + "autoscalingPolicy": { + "$ref": "AutoscalingPolicy", + "description": "The configuration parameters for the autoscaling algorithm. You can define one or more of the policies for an autoscaler: cpuUtilization, customMetricUtilizations, and loadBalancingUtilization.\n\nIf none of these are specified, the default will be to autoscale based on cpuUtilization to 0.6 or 60%." + }, + "creationTimestamp": { + "description": "[Output Only] Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "description": { + "description": "An optional description of this resource. Provide this property when you create the resource.", + "type": "string" + }, + "id": { + "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", + "format": "uint64", + "type": "string" + }, + "kind": { + "default": "compute#autoscaler", + "description": "[Output Only] Type of the resource. Always compute#autoscaler for autoscalers.", + "type": "string" + }, + "name": { + "annotations": { + "required": [ + "compute.instanceGroups.insert" + ] + }, + "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "type": "string" + }, + "region": { + "description": "[Output Only] URL of the region where the instance group resides (for autoscalers living in regional scope).", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for the resource.", + "type": "string" + }, + "status": { + "description": "[Output Only] The status of the autoscaler configuration.", + "enum": [ + "ACTIVE", + "DELETING", + "ERROR", + "PENDING" + ], + "enumDescriptions": [ + "", + "", + "", + "" + ], + "type": "string" + }, + "statusDetails": { + "description": "[Output Only] Human-readable details about the current state of the autoscaler. Read the documentation for Commonly returned status messages for examples of status messages you might encounter.", + "items": { + "$ref": "AutoscalerStatusDetails" + }, + "type": "array" + }, + "target": { + "description": "URL of the managed instance group that this autoscaler will scale.", + "type": "string" + }, + "zone": { + "description": "[Output Only] URL of the zone where the instance group resides (for autoscalers living in zonal scope).", + "type": "string" + } }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" + "type": "object" + }, + "AutoscalerAggregatedList": { + "id": "AutoscalerAggregatedList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "additionalProperties": { + "$ref": "AutoscalersScopedList", + "description": "[Output Only] Name of the scope containing this set of autoscalers." + }, + "description": "A list of AutoscalersScopedList resources.", + "type": "object" + }, + "kind": { + "default": "compute#autoscalerAggregatedList", + "description": "[Output Only] Type of resource. Always compute#autoscalerAggregatedList for aggregated lists of autoscalers.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" + "type": "object" + }, + "AutoscalerList": { + "description": "Contains a list of Autoscaler resources.", + "id": "AutoscalerList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "description": "A list of Autoscaler resources.", + "items": { + "$ref": "Autoscaler" + }, + "type": "array" + }, + "kind": { + "default": "compute#autoscalerList", + "description": "[Output Only] Type of resource. Always compute#autoscalerList for lists of autoscalers.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "RegionList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - } - } - }, - "routers": { - "methods": { - "aggregatedList": { - "id": "compute.routers.aggregatedList", - "path": "{project}/aggregated/routers", - "httpMethod": "GET", - "description": "Retrieves an aggregated list of routers.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" + "type": "object" + }, + "AutoscalerStatusDetails": { + "id": "AutoscalerStatusDetails", + "properties": { + "message": { + "description": "The status message.", + "type": "string" + }, + "type": { + "description": "The type of error returned.", + "enum": [ + "ALL_INSTANCES_UNHEALTHY", + "BACKEND_SERVICE_DOES_NOT_EXIST", + "CAPPED_AT_MAX_NUM_REPLICAS", + "CUSTOM_METRIC_DATA_POINTS_TOO_SPARSE", + "CUSTOM_METRIC_INVALID", + "MIN_EQUALS_MAX", + "MISSING_CUSTOM_METRIC_DATA_POINTS", + "MISSING_LOAD_BALANCING_DATA_POINTS", + "MORE_THAN_ONE_BACKEND_SERVICE", + "NOT_ENOUGH_QUOTA_AVAILABLE", + "REGION_RESOURCE_STOCKOUT", + "SCALING_TARGET_DOES_NOT_EXIST", + "UNKNOWN", + "UNSUPPORTED_MAX_RATE_LOAD_BALANCING_CONFIGURATION", + "ZONE_RESOURCE_STOCKOUT" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + } }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" + "type": "object" + }, + "AutoscalersScopedList": { + "id": "AutoscalersScopedList", + "properties": { + "autoscalers": { + "description": "[Output Only] List of autoscalers contained in this scope.", + "items": { + "$ref": "Autoscaler" + }, + "type": "array" + }, + "warning": { + "description": "[Output Only] Informational warning which replaces the list of autoscalers when the list is empty.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" + "type": "object" + }, + "AutoscalingPolicy": { + "description": "Cloud Autoscaler policy.", + "id": "AutoscalingPolicy", + "properties": { + "coolDownPeriodSec": { + "description": "The number of seconds that the autoscaler should wait before it starts collecting information from a new instance. This prevents the autoscaler from collecting information when the instance is initializing, during which the collected usage would not be reliable. The default time autoscaler waits is 60 seconds.\n\nVirtual machine initialization times might vary because of numerous factors. We recommend that you test how long an instance may take to initialize. To do this, create an instance and time the startup process.", + "format": "int32", + "type": "integer" + }, + "cpuUtilization": { + "$ref": "AutoscalingPolicyCpuUtilization", + "description": "Defines the CPU utilization policy that allows the autoscaler to scale based on the average CPU utilization of a managed instance group." + }, + "customMetricUtilizations": { + "description": "Configuration parameters of autoscaling based on a custom metric.", + "items": { + "$ref": "AutoscalingPolicyCustomMetricUtilization" + }, + "type": "array" + }, + "loadBalancingUtilization": { + "$ref": "AutoscalingPolicyLoadBalancingUtilization", + "description": "Configuration parameters of autoscaling based on load balancer." + }, + "maxNumReplicas": { + "description": "The maximum number of instances that the autoscaler can scale up to. This is required when creating or updating an autoscaler. The maximum number of replicas should not be lower than minimal number of replicas.", + "format": "int32", + "type": "integer" + }, + "minNumReplicas": { + "description": "The minimum number of replicas that the autoscaler can scale down to. This cannot be less than 0. If not provided, autoscaler will choose a default value depending on maximum number of instances allowed.", + "format": "int32", + "type": "integer" + } }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" + "type": "object" + }, + "AutoscalingPolicyCpuUtilization": { + "description": "CPU utilization policy.", + "id": "AutoscalingPolicyCpuUtilization", + "properties": { + "utilizationTarget": { + "description": "The target CPU utilization that the autoscaler should maintain. Must be a float value in the range (0, 1]. If not specified, the default is 0.6.\n\nIf the CPU level is below the target utilization, the autoscaler scales down the number of instances until it reaches the minimum number of instances you specified or until the average CPU of your instances reaches the target utilization.\n\nIf the average CPU is above the target utilization, the autoscaler scales up until it reaches the maximum number of instances you specified or until the average utilization reaches the target utilization.", + "format": "double", + "type": "number" + } }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "RouterAggregatedList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "delete": { - "id": "compute.routers.delete", - "path": "{project}/regions/{region}/routers/{router}", - "httpMethod": "DELETE", - "description": "Deletes the specified Router resource.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "AutoscalingPolicyCustomMetricUtilization": { + "description": "Custom utilization metric policy.", + "id": "AutoscalingPolicyCustomMetricUtilization", + "properties": { + "metric": { + "description": "The identifier (type) of the Stackdriver Monitoring metric. The metric cannot have negative values.\n\nThe metric must have a value type of INT64 or DOUBLE.", + "type": "string" + }, + "utilizationTarget": { + "description": "The target value of the metric that autoscaler should maintain. This must be a positive value. A utilization metric scales number of virtual machines handling requests to increase or decrease proportionally to the metric.\n\nFor example, a good metric to use as a utilization_target is compute.googleapis.com/instance/network/received_bytes_count. The autoscaler will work to keep this value constant for each of the instances.", + "format": "double", + "type": "number" + }, + "utilizationTargetType": { + "description": "Defines how target utilization value is expressed for a Stackdriver Monitoring metric. Either GAUGE, DELTA_PER_SECOND, or DELTA_PER_MINUTE. If not specified, the default is GAUGE.", + "enum": [ + "DELTA_PER_MINUTE", + "DELTA_PER_SECOND", + "GAUGE" + ], + "enumDescriptions": [ + "", + "", + "" + ], + "type": "string" + } }, - "region": { - "type": "string", - "description": "Name of the region for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" + "type": "object" + }, + "AutoscalingPolicyLoadBalancingUtilization": { + "description": "Configuration parameters of autoscaling based on load balancing.", + "id": "AutoscalingPolicyLoadBalancingUtilization", + "properties": { + "utilizationTarget": { + "description": "Fraction of backend capacity utilization (set in HTTP(s) load balancing configuration) that autoscaler should maintain. Must be a positive float value. If not defined, the default is 0.8.", + "format": "double", + "type": "number" + } }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + "type": "object" + }, + "Backend": { + "description": "Message containing information of one individual backend.", + "id": "Backend", + "properties": { + "balancingMode": { + "description": "Specifies the balancing mode for this backend. For global HTTP(S) or TCP/SSL load balancing, the default is UTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S)) and CONNECTION (for TCP/SSL).\n\nFor Internal Load Balancing, the default and only supported mode is CONNECTION.", + "enum": [ + "CONNECTION", + "RATE", + "UTILIZATION" + ], + "enumDescriptions": [ + "", + "", + "" + ], + "type": "string" + }, + "capacityScaler": { + "description": "A multiplier applied to the group's maximum servicing capacity (based on UTILIZATION, RATE or CONNECTION). Default value is 1, which means the group will serve up to 100% of its configured capacity (depending on balancingMode). A setting of 0 means the group is completely drained, offering 0% of its available Capacity. Valid range is [0.0,1.0].\n\nThis cannot be used for internal load balancing.", + "format": "float", + "type": "number" + }, + "description": { + "description": "An optional description of this resource. Provide this property when you create the resource.", + "type": "string" + }, + "group": { + "description": "The fully-qualified URL of a Instance Group resource. This instance group defines the list of instances that serve traffic. Member virtual machine instances from each instance group must live in the same zone as the instance group itself. No two backends in a backend service are allowed to use same Instance Group resource.\n\nNote that you must specify an Instance Group resource using the fully-qualified URL, rather than a partial URL.\n\nWhen the BackendService has load balancing scheme INTERNAL, the instance group must be within the same region as the BackendService.", + "type": "string" + }, + "maxConnections": { + "description": "The max number of simultaneous connections for the group. Can be used with either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or maxConnectionsPerInstance must be set.\n\nThis cannot be used for internal load balancing.", + "format": "int32", + "type": "integer" + }, + "maxConnectionsPerInstance": { + "description": "The max number of simultaneous connections that a single backend instance can handle. This is used to calculate the capacity of the group. Can be used in either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or maxConnectionsPerInstance must be set.\n\nThis cannot be used for internal load balancing.", + "format": "int32", + "type": "integer" + }, + "maxRate": { + "description": "The max requests per second (RPS) of the group. Can be used with either RATE or UTILIZATION balancing modes, but required if RATE mode. For RATE mode, either maxRate or maxRatePerInstance must be set.\n\nThis cannot be used for internal load balancing.", + "format": "int32", + "type": "integer" + }, + "maxRatePerInstance": { + "description": "The max requests per second (RPS) that a single backend instance can handle. This is used to calculate the capacity of the group. Can be used in either balancing mode. For RATE mode, either maxRate or maxRatePerInstance must be set.\n\nThis cannot be used for internal load balancing.", + "format": "float", + "type": "number" + }, + "maxUtilization": { + "description": "Used when balancingMode is UTILIZATION. This ratio defines the CPU utilization target for the group. The default is 0.8. Valid range is [0.0, 1.0].\n\nThis cannot be used for internal load balancing.", + "format": "float", + "type": "number" + } }, - "router": { - "type": "string", - "description": "Name of the Router resource to delete.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "region", - "router" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "get": { - "id": "compute.routers.get", - "path": "{project}/regions/{region}/routers/{router}", - "httpMethod": "GET", - "description": "Returns the specified Router resource. Get a list of available routers by making a list() request.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "BackendBucket": { + "description": "A BackendBucket resource. This resource defines a Cloud Storage bucket.", + "id": "BackendBucket", + "properties": { + "bucketName": { + "description": "Cloud Storage bucket name.", + "type": "string" + }, + "creationTimestamp": { + "description": "[Output Only] Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "description": { + "description": "An optional textual description of the resource; provided by the client when the resource is created.", + "type": "string" + }, + "enableCdn": { + "description": "If true, enable Cloud CDN for this BackendBucket.", + "type": "boolean" + }, + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "format": "uint64", + "type": "string" + }, + "kind": { + "default": "compute#backendBucket", + "description": "Type of the resource.", + "type": "string" + }, + "name": { + "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for the resource.", + "type": "string" + } }, - "region": { - "type": "string", - "description": "Name of the region for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" + "type": "object" + }, + "BackendBucketList": { + "description": "Contains a list of BackendBucket resources.", + "id": "BackendBucketList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "description": "A list of BackendBucket resources.", + "items": { + "$ref": "BackendBucket" + }, + "type": "array" + }, + "kind": { + "default": "compute#backendBucketList", + "description": "Type of resource.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "router": { - "type": "string", - "description": "Name of the Router resource to return.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "region", - "router" - ], - "response": { - "$ref": "Router" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "getRouterStatus": { - "id": "compute.routers.getRouterStatus", - "path": "{project}/regions/{region}/routers/{router}/getRouterStatus", - "httpMethod": "GET", - "description": "Retrieves runtime information of the specified router.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "BackendService": { + "description": "A BackendService resource. This resource defines a group of backend virtual machines and their serving capacity. (== resource_for v1.backendService ==) (== resource_for beta.backendService ==)", + "id": "BackendService", + "properties": { + "affinityCookieTtlSec": { + "description": "Lifetime of cookies in seconds if session_affinity is GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts only until the end of the browser session (or equivalent). The maximum allowed value for TTL is one day.\n\nWhen the load balancing scheme is INTERNAL, this field is not used.", + "format": "int32", + "type": "integer" + }, + "backends": { + "description": "The list of backends that serve this BackendService.", + "items": { + "$ref": "Backend" + }, + "type": "array" + }, + "cdnPolicy": { + "$ref": "BackendServiceCdnPolicy", + "description": "Cloud CDN configuration for this BackendService." + }, + "connectionDraining": { + "$ref": "ConnectionDraining" + }, + "creationTimestamp": { + "description": "[Output Only] Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "description": { + "description": "An optional description of this resource. Provide this property when you create the resource.", + "type": "string" + }, + "enableCDN": { + "description": "If true, enable Cloud CDN for this BackendService.\n\nWhen the load balancing scheme is INTERNAL, this field is not used.", + "type": "boolean" + }, + "fingerprint": { + "description": "Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. This field will be ignored when inserting a BackendService. An up-to-date fingerprint must be provided in order to update the BackendService.", + "format": "byte", + "type": "string" + }, + "healthChecks": { + "description": "The list of URLs to the HttpHealthCheck or HttpsHealthCheck resource for health checking this BackendService. Currently at most one health check can be specified, and a health check is required for Compute Engine backend services. A health check must not be specified for App Engine backend and Cloud Function backend.\n\nFor internal load balancing, a URL to a HealthCheck resource must be specified instead.", + "items": { + "type": "string" + }, + "type": "array" + }, + "iap": { + "$ref": "BackendServiceIAP" + }, + "id": { + "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", + "format": "uint64", + "type": "string" + }, + "kind": { + "default": "compute#backendService", + "description": "[Output Only] Type of resource. Always compute#backendService for backend services.", + "type": "string" + }, + "loadBalancingScheme": { + "description": "Indicates whether the backend service will be used with internal or external load balancing. A backend service created for one type of load balancing cannot be used with the other. Possible values are INTERNAL and EXTERNAL.", + "enum": [ + "EXTERNAL", + "INTERNAL", + "INVALID_LOAD_BALANCING_SCHEME" + ], + "enumDescriptions": [ + "", + "", + "" + ], + "type": "string" + }, + "name": { + "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "type": "string" + }, + "port": { + "description": "Deprecated in favor of portName. The TCP port to connect on the backend. The default value is 80.\n\nThis cannot be used for internal load balancing.", + "format": "int32", + "type": "integer" + }, + "portName": { + "description": "Name of backend port. The same name should appear in the instance groups referenced by this service. Required when the load balancing scheme is EXTERNAL.\n\nWhen the load balancing scheme is INTERNAL, this field is not used.", + "type": "string" + }, + "protocol": { + "description": "The protocol this BackendService uses to communicate with backends.\n\nPossible values are HTTP, HTTPS, TCP, and SSL. The default is HTTP.\n\nFor internal load balancing, the possible values are TCP and UDP, and the default is TCP.", + "enum": [ + "HTTP", + "HTTPS", + "SSL", + "TCP", + "UDP" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "region": { + "description": "[Output Only] URL of the region where the regional backend service resides. This field is not applicable to global backend services. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for the resource.", + "type": "string" + }, + "sessionAffinity": { + "description": "Type of session affinity to use. The default is NONE.\n\nWhen the load balancing scheme is EXTERNAL, can be NONE, CLIENT_IP, or GENERATED_COOKIE.\n\nWhen the load balancing scheme is INTERNAL, can be NONE, CLIENT_IP, CLIENT_IP_PROTO, or CLIENT_IP_PORT_PROTO.\n\nWhen the protocol is UDP, this field is not used.", + "enum": [ + "CLIENT_IP", + "CLIENT_IP_PORT_PROTO", + "CLIENT_IP_PROTO", + "GENERATED_COOKIE", + "NONE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "timeoutSec": { + "description": "How many seconds to wait for the backend before considering it a failed request. Default is 30 seconds.", + "format": "int32", + "type": "integer" + } }, - "region": { - "type": "string", - "description": "Name of the region for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" + "type": "object" + }, + "BackendServiceAggregatedList": { + "description": "Contains a list of BackendServicesScopedList.", + "id": "BackendServiceAggregatedList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "additionalProperties": { + "$ref": "BackendServicesScopedList", + "description": "Name of the scope containing this set of BackendServices." + }, + "description": "A list of BackendServicesScopedList resources.", + "type": "object" + }, + "kind": { + "default": "compute#backendServiceAggregatedList", + "description": "Type of resource.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "router": { - "type": "string", - "description": "Name of the Router resource to query.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "region", - "router" - ], - "response": { - "$ref": "RouterStatusResponse" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "insert": { - "id": "compute.routers.insert", - "path": "{project}/regions/{region}/routers", - "httpMethod": "POST", - "description": "Creates a Router resource in the specified project and region using the data included in the request.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "BackendServiceCdnPolicy": { + "description": "Message containing Cloud CDN configuration for a backend service.", + "id": "BackendServiceCdnPolicy", + "properties": { + "cacheKeyPolicy": { + "$ref": "CacheKeyPolicy", + "description": "The CacheKeyPolicy for this CdnPolicy." + } }, - "region": { - "type": "string", - "description": "Name of the region for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" + "type": "object" + }, + "BackendServiceGroupHealth": { + "id": "BackendServiceGroupHealth", + "properties": { + "healthStatus": { + "items": { + "$ref": "HealthStatus" + }, + "type": "array" + }, + "kind": { + "default": "compute#backendServiceGroupHealth", + "description": "[Output Only] Type of resource. Always compute#backendServiceGroupHealth for the health of backend services.", + "type": "string" + } }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project", - "region" - ], - "request": { - "$ref": "Router" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "list": { - "id": "compute.routers.list", - "path": "{project}/regions/{region}/routers", - "httpMethod": "GET", - "description": "Retrieves a list of Router resources available to the specified project.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" + "type": "object" + }, + "BackendServiceIAP": { + "description": "Identity-Aware Proxy", + "id": "BackendServiceIAP", + "properties": { + "enabled": { + "type": "boolean" + }, + "oauth2ClientId": { + "type": "string" + }, + "oauth2ClientSecret": { + "type": "string" + }, + "oauth2ClientSecretSha256": { + "description": "[Output Only] SHA256 hash value for the field oauth2_client_secret above.", + "type": "string" + } }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" + "type": "object" + }, + "BackendServiceList": { + "description": "Contains a list of BackendService resources.", + "id": "BackendServiceList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "description": "A list of BackendService resources.", + "items": { + "$ref": "BackendService" + }, + "type": "array" + }, + "kind": { + "default": "compute#backendServiceList", + "description": "[Output Only] Type of resource. Always compute#backendServiceList for lists of backend services.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" + "type": "object" + }, + "BackendServicesScopedList": { + "id": "BackendServicesScopedList", + "properties": { + "backendServices": { + "description": "List of BackendServices contained in this scope.", + "items": { + "$ref": "BackendService" + }, + "type": "array" + }, + "warning": { + "description": "Informational warning which replaces the list of backend services when the list is empty.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" + "type": "object" + }, + "CacheInvalidationRule": { + "id": "CacheInvalidationRule", + "properties": { + "host": { + "description": "If set, this invalidation rule will only apply to requests with a Host header matching host.", + "type": "string" + }, + "path": { + "type": "string" + } }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "CacheKeyPolicy": { + "description": "Message containing what to include in the cache key for a request for Cloud CDN.", + "id": "CacheKeyPolicy", + "properties": { + "includeHost": { + "description": "If true, requests to different hosts will be cached separately.", + "type": "boolean" + }, + "includeProtocol": { + "description": "If true, http and https requests will be cached separately.", + "type": "boolean" + }, + "includeQueryString": { + "description": "If true, include query string parameters in the cache key according to query_string_whitelist and query_string_blacklist. If neither is set, the entire query string will be included. If false, the query string will be excluded from the cache key entirely.", + "type": "boolean" + }, + "queryStringBlacklist": { + "description": "Names of query string parameters to exclude in cache keys. All other parameters will be included. Either specify query_string_whitelist or query_string_blacklist, not both. '\u0026' and '=' will be percent encoded and not treated as delimiters.", + "items": { + "type": "string" + }, + "type": "array" + }, + "queryStringWhitelist": { + "description": "Names of query string parameters to include in cache keys. All other parameters will be excluded. Either specify query_string_whitelist or query_string_blacklist, not both. '\u0026' and '=' will be percent encoded and not treated as delimiters.", + "items": { + "type": "string" + }, + "type": "array" + } }, - "region": { - "type": "string", - "description": "Name of the region for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "region" - ], - "response": { - "$ref": "RouterList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "patch": { - "id": "compute.routers.patch", - "path": "{project}/regions/{region}/routers/{router}", - "httpMethod": "PATCH", - "description": "Patches the specified Router resource with the data included in the request. This method supports PATCH semantics and uses JSON merge patch format and processing rules.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "Commitment": { + "description": "Represents a Commitment resource. Creating a Commitment resource means that you are purchasing a committed use contract with an explicit start and end time. You can create commitments based on vCPUs and memory usage and receive discounted rates. For full details, read Signing Up for Committed Use Discounts.\n\nCommitted use discounts are subject to Google Cloud Platform's Service Specific Terms. By purchasing a committed use discount, you agree to these terms. Committed use discounts will not renew, so you must purchase a new commitment to continue receiving discounts. (== resource_for beta.commitments ==) (== resource_for v1.commitments ==)", + "id": "Commitment", + "properties": { + "creationTimestamp": { + "description": "[Output Only] Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "description": { + "description": "An optional description of this resource. Provide this property when you create the resource.", + "type": "string" + }, + "endTimestamp": { + "description": "[Output Only] Commitment end time in RFC3339 text format.", + "type": "string" + }, + "id": { + "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", + "format": "uint64", + "type": "string" + }, + "kind": { + "default": "compute#commitment", + "description": "[Output Only] Type of the resource. Always compute#commitment for commitments.", + "type": "string" + }, + "name": { + "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "type": "string" + }, + "plan": { + "description": "The plan for this commitment, which determines duration and discount rate. The currently supported plans are TWELVE_MONTH (1 year), and THIRTY_SIX_MONTH (3 years).", + "enum": [ + "INVALID", + "THIRTY_SIX_MONTH", + "TWELVE_MONTH" + ], + "enumDescriptions": [ + "", + "", + "" + ], + "type": "string" + }, + "region": { + "description": "[Output Only] URL of the region where this commitment may be used.", + "type": "string" + }, + "resources": { + "description": "List of commitment amounts for particular resources. Note that VCPU and MEMORY resource commitments must occur together.", + "items": { + "$ref": "ResourceCommitment" + }, + "type": "array" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for the resource.", + "type": "string" + }, + "startTimestamp": { + "description": "[Output Only] Commitment start time in RFC3339 text format.", + "type": "string" + }, + "status": { + "description": "[Output Only] Status of the commitment with regards to eventual expiration (each commitment has an end date defined). One of the following values: NOT_YET_ACTIVE, ACTIVE, EXPIRED.", + "enum": [ + "ACTIVE", + "CREATING", + "EXPIRED", + "NOT_YET_ACTIVE" + ], + "enumDescriptions": [ + "", + "", + "", + "" + ], + "type": "string" + }, + "statusMessage": { + "description": "[Output Only] An optional, human-readable explanation of the status.", + "type": "string" + } }, - "region": { - "type": "string", - "description": "Name of the region for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" + "type": "object" + }, + "CommitmentAggregatedList": { + "id": "CommitmentAggregatedList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "additionalProperties": { + "$ref": "CommitmentsScopedList", + "description": "[Output Only] Name of the scope containing this set of commitments." + }, + "description": "A list of CommitmentsScopedList resources.", + "type": "object" + }, + "kind": { + "default": "compute#commitmentAggregatedList", + "description": "[Output Only] Type of resource. Always compute#commitmentAggregatedList for aggregated lists of commitments.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + "type": "object" + }, + "CommitmentList": { + "description": "Contains a list of Commitment resources.", + "id": "CommitmentList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "description": "A list of Commitment resources.", + "items": { + "$ref": "Commitment" + }, + "type": "array" + }, + "kind": { + "default": "compute#commitmentList", + "description": "[Output Only] Type of resource. Always compute#commitmentList for lists of commitments.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "router": { - "type": "string", - "description": "Name of the Router resource to patch.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "region", - "router" - ], - "request": { - "$ref": "Router" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "preview": { - "id": "compute.routers.preview", - "path": "{project}/regions/{region}/routers/{router}/preview", - "httpMethod": "POST", - "description": "Preview fields auto-generated during router create and update operations. Calling this method does NOT create or update the router.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "CommitmentsScopedList": { + "id": "CommitmentsScopedList", + "properties": { + "commitments": { + "description": "[Output Only] List of commitments contained in this scope.", + "items": { + "$ref": "Commitment" + }, + "type": "array" + }, + "warning": { + "description": "[Output Only] Informational warning which replaces the list of commitments when the list is empty.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "region": { - "type": "string", - "description": "Name of the region for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" + "type": "object" + }, + "ConnectionDraining": { + "description": "Message containing connection draining configuration.", + "id": "ConnectionDraining", + "properties": { + "drainingTimeoutSec": { + "description": "Time for which instance will be drained (not accept new connections, but still work to finish started).", + "format": "int32", + "type": "integer" + } }, - "router": { - "type": "string", - "description": "Name of the Router resource to query.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "region", - "router" - ], - "request": { - "$ref": "Router" - }, - "response": { - "$ref": "RoutersPreviewResponse" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "update": { - "id": "compute.routers.update", - "path": "{project}/regions/{region}/routers/{router}", - "httpMethod": "PUT", - "description": "Updates the specified Router resource with the data included in the request.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "CustomerEncryptionKey": { + "description": "Represents a customer-supplied encryption key", + "id": "CustomerEncryptionKey", + "properties": { + "rawKey": { + "description": "Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource.", + "type": "string" + }, + "sha256": { + "description": "[Output only] The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.", + "type": "string" + } }, - "region": { - "type": "string", - "description": "Name of the region for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" + "type": "object" + }, + "CustomerEncryptionKeyProtectedDisk": { + "id": "CustomerEncryptionKeyProtectedDisk", + "properties": { + "diskEncryptionKey": { + "$ref": "CustomerEncryptionKey", + "description": "Decrypts data associated with the disk with a customer-supplied encryption key." + }, + "source": { + "description": "Specifies a valid partial or full URL to an existing Persistent Disk resource. This field is only applicable for persistent disks.", + "type": "string" + } }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + "type": "object" + }, + "DeprecationStatus": { + "description": "Deprecation status for a public resource.", + "id": "DeprecationStatus", + "properties": { + "deleted": { + "description": "An optional RFC3339 timestamp on or after which the state of this resource is intended to change to DELETED. This is only informational and the status will not change unless the client explicitly changes it.", + "type": "string" + }, + "deprecated": { + "description": "An optional RFC3339 timestamp on or after which the state of this resource is intended to change to DEPRECATED. This is only informational and the status will not change unless the client explicitly changes it.", + "type": "string" + }, + "obsolete": { + "description": "An optional RFC3339 timestamp on or after which the state of this resource is intended to change to OBSOLETE. This is only informational and the status will not change unless the client explicitly changes it.", + "type": "string" + }, + "replacement": { + "description": "The URL of the suggested replacement for a deprecated resource. The suggested replacement resource must be the same kind of resource as the deprecated resource.", + "type": "string" + }, + "state": { + "description": "The deprecation state of this resource. This can be DEPRECATED, OBSOLETE, or DELETED. Operations which create a new resource using a DEPRECATED resource will return successfully, but with a warning indicating the deprecated resource and recommending its replacement. Operations which use OBSOLETE or DELETED resources will be rejected and result in an error.", + "enum": [ + "DELETED", + "DEPRECATED", + "OBSOLETE" + ], + "enumDescriptions": [ + "", + "", + "" + ], + "type": "string" + } }, - "router": { - "type": "string", - "description": "Name of the Router resource to update.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "region", - "router" - ], - "request": { - "$ref": "Router" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - } - } - }, - "routes": { - "methods": { - "delete": { - "id": "compute.routes.delete", - "path": "{project}/global/routes/{route}", - "httpMethod": "DELETE", - "description": "Deletes the specified Route resource.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "Disk": { + "description": "A Disk resource. (== resource_for beta.disks ==) (== resource_for v1.disks ==)", + "id": "Disk", + "properties": { + "creationTimestamp": { + "description": "[Output Only] Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "description": { + "description": "An optional description of this resource. Provide this property when you create the resource.", + "type": "string" + }, + "diskEncryptionKey": { + "$ref": "CustomerEncryptionKey", + "description": "Encrypts the disk using a customer-supplied encryption key.\n\nAfter you encrypt a disk with a customer-supplied key, you must provide the same key if you use the disk later (e.g. to create a disk snapshot or an image, or to attach the disk to a virtual machine).\n\nCustomer-supplied encryption keys do not protect access to metadata of the disk.\n\nIf you do not provide an encryption key when creating the disk, then the disk will be encrypted using an automatically generated key and you do not need to provide a key to use the disk later." + }, + "id": { + "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", + "format": "uint64", + "type": "string" + }, + "kind": { + "default": "compute#disk", + "description": "[Output Only] Type of the resource. Always compute#disk for disks.", + "type": "string" + }, + "labelFingerprint": { + "description": "A fingerprint for the labels being applied to this disk, which is essentially a hash of the labels set used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash in order to update or change labels.\n\nTo see the latest fingerprint, make a get() request to retrieve a disk.", + "format": "byte", + "type": "string" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "description": "Labels to apply to this disk. These can be later modified by the setLabels method.", + "type": "object" + }, + "lastAttachTimestamp": { + "description": "[Output Only] Last attach timestamp in RFC3339 text format.", + "type": "string" + }, + "lastDetachTimestamp": { + "description": "[Output Only] Last detach timestamp in RFC3339 text format.", + "type": "string" + }, + "licenses": { + "description": "Any applicable publicly visible licenses.", + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "annotations": { + "required": [ + "compute.disks.insert" + ] + }, + "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "type": "string" + }, + "options": { + "description": "Internal use only.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined fully-qualified URL for this resource.", + "type": "string" + }, + "sizeGb": { + "description": "Size of the persistent disk, specified in GB. You can specify this field when creating a persistent disk using the sourceImage or sourceSnapshot parameter, or specify it alone to create an empty persistent disk.\n\nIf you specify this field along with sourceImage or sourceSnapshot, the value of sizeGb must not be less than the size of the sourceImage or the size of the snapshot. Acceptable values are 1 to 65536, inclusive.", + "format": "int64", + "type": "string" + }, + "sourceImage": { + "description": "The source image used to create this disk. If the source image is deleted, this field will not be set.\n\nTo create a disk with one of the public operating system images, specify the image by its family name. For example, specify family/debian-8 to use the latest Debian 8 image:\nprojects/debian-cloud/global/images/family/debian-8\n\n\nAlternatively, use a specific version of a public operating system image:\nprojects/debian-cloud/global/images/debian-8-jessie-vYYYYMMDD\n\n\nTo create a disk with a custom image that you created, specify the image name in the following format:\nglobal/images/my-custom-image\n\n\nYou can also specify a custom image by its image family, which returns the latest version of the image in that family. Replace the image name with family/family-name:\nglobal/images/family/my-image-family", + "type": "string" + }, + "sourceImageEncryptionKey": { + "$ref": "CustomerEncryptionKey", + "description": "The customer-supplied encryption key of the source image. Required if the source image is protected by a customer-supplied encryption key." + }, + "sourceImageId": { + "description": "[Output Only] The ID value of the image used to create this disk. This value identifies the exact image that was used to create this persistent disk. For example, if you created the persistent disk from an image that was later deleted and recreated under the same name, the source image ID would identify the exact version of the image that was used.", + "type": "string" + }, + "sourceSnapshot": { + "description": "The source snapshot used to create this disk. You can provide this as a partial or full URL to the resource. For example, the following are valid values: \n- https://www.googleapis.com/compute/v1/projects/project/global/snapshots/snapshot \n- projects/project/global/snapshots/snapshot \n- global/snapshots/snapshot", + "type": "string" + }, + "sourceSnapshotEncryptionKey": { + "$ref": "CustomerEncryptionKey", + "description": "The customer-supplied encryption key of the source snapshot. Required if the source snapshot is protected by a customer-supplied encryption key." + }, + "sourceSnapshotId": { + "description": "[Output Only] The unique ID of the snapshot used to create this disk. This value identifies the exact snapshot that was used to create this persistent disk. For example, if you created the persistent disk from a snapshot that was later deleted and recreated under the same name, the source snapshot ID would identify the exact version of the snapshot that was used.", + "type": "string" + }, + "status": { + "description": "[Output Only] The status of disk creation.", + "enum": [ + "CREATING", + "FAILED", + "READY", + "RESTORING" + ], + "enumDescriptions": [ + "", + "", + "", + "" + ], + "type": "string" + }, + "type": { + "description": "URL of the disk type resource describing which disk type to use to create the disk. Provide this when creating the disk.", + "type": "string" + }, + "users": { + "description": "[Output Only] Links to the users of the disk (attached instances) in form: project/zones/zone/instances/instance", + "items": { + "type": "string" + }, + "type": "array" + }, + "zone": { + "description": "[Output Only] URL of the zone where the disk resides. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.", + "type": "string" + } }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + "type": "object" + }, + "DiskAggregatedList": { + "id": "DiskAggregatedList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "additionalProperties": { + "$ref": "DisksScopedList", + "description": "[Output Only] Name of the scope containing this set of disks." + }, + "description": "A list of DisksScopedList resources.", + "type": "object" + }, + "kind": { + "default": "compute#diskAggregatedList", + "description": "[Output Only] Type of resource. Always compute#diskAggregatedList for aggregated lists of persistent disks.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "route": { - "type": "string", - "description": "Name of the Route resource to delete.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "route" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "get": { - "id": "compute.routes.get", - "path": "{project}/global/routes/{route}", - "httpMethod": "GET", - "description": "Returns the specified Route resource. Get a list of available routes by making a list() request.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "DiskList": { + "description": "A list of Disk resources.", + "id": "DiskList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "description": "A list of Disk resources.", + "items": { + "$ref": "Disk" + }, + "type": "array" + }, + "kind": { + "default": "compute#diskList", + "description": "[Output Only] Type of resource. Always compute#diskList for lists of disks.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "route": { - "type": "string", - "description": "Name of the Route resource to return.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "route" - ], - "response": { - "$ref": "Route" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "insert": { - "id": "compute.routes.insert", - "path": "{project}/global/routes", - "httpMethod": "POST", - "description": "Creates a Route resource in the specified project using the data included in the request.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "DiskMoveRequest": { + "id": "DiskMoveRequest", + "properties": { + "destinationZone": { + "description": "The URL of the destination zone to move the disk. This can be a full or partial URL. For example, the following are all valid URLs to a zone: \n- https://www.googleapis.com/compute/v1/projects/project/zones/zone \n- projects/project/zones/zone \n- zones/zone", + "type": "string" + }, + "targetDisk": { + "description": "The URL of the target disk to move. This can be a full or partial URL. For example, the following are all valid URLs to a disk: \n- https://www.googleapis.com/compute/v1/projects/project/zones/zone/disks/disk \n- projects/project/zones/zone/disks/disk \n- zones/zone/disks/disk", + "type": "string" + } }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project" - ], - "request": { - "$ref": "Route" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "list": { - "id": "compute.routes.list", - "path": "{project}/global/routes", - "httpMethod": "GET", - "description": "Retrieves the list of Route resources available to the specified project.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" + "type": "object" + }, + "DiskType": { + "description": "A DiskType resource. (== resource_for beta.diskTypes ==) (== resource_for v1.diskTypes ==)", + "id": "DiskType", + "properties": { + "creationTimestamp": { + "description": "[Output Only] Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "defaultDiskSizeGb": { + "description": "[Output Only] Server-defined default disk size in GB.", + "format": "int64", + "type": "string" + }, + "deprecated": { + "$ref": "DeprecationStatus", + "description": "[Output Only] The deprecation status associated with this disk type." + }, + "description": { + "description": "[Output Only] An optional description of this resource.", + "type": "string" + }, + "id": { + "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", + "format": "uint64", + "type": "string" + }, + "kind": { + "default": "compute#diskType", + "description": "[Output Only] Type of the resource. Always compute#diskType for disk types.", + "type": "string" + }, + "name": { + "description": "[Output Only] Name of the resource.", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for the resource.", + "type": "string" + }, + "validDiskSize": { + "description": "[Output Only] An optional textual description of the valid disk size, such as \"10GB-10TB\".", + "type": "string" + }, + "zone": { + "description": "[Output Only] URL of the zone where the disk type resides. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.", + "type": "string" + } }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" + "type": "object" + }, + "DiskTypeAggregatedList": { + "id": "DiskTypeAggregatedList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "additionalProperties": { + "$ref": "DiskTypesScopedList", + "description": "[Output Only] Name of the scope containing this set of disk types." + }, + "description": "A list of DiskTypesScopedList resources.", + "type": "object" + }, + "kind": { + "default": "compute#diskTypeAggregatedList", + "description": "[Output Only] Type of resource. Always compute#diskTypeAggregatedList.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" + "type": "object" + }, + "DiskTypeList": { + "description": "Contains a list of disk types.", + "id": "DiskTypeList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "description": "A list of DiskType resources.", + "items": { + "$ref": "DiskType" + }, + "type": "array" + }, + "kind": { + "default": "compute#diskTypeList", + "description": "[Output Only] Type of resource. Always compute#diskTypeList for disk types.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" + "type": "object" + }, + "DiskTypesScopedList": { + "id": "DiskTypesScopedList", + "properties": { + "diskTypes": { + "description": "[Output Only] List of disk types contained in this scope.", + "items": { + "$ref": "DiskType" + }, + "type": "array" + }, + "warning": { + "description": "[Output Only] Informational warning which replaces the list of disk types when the list is empty.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "RouteList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - } - } - }, - "snapshots": { - "methods": { - "delete": { - "id": "compute.snapshots.delete", - "path": "{project}/global/snapshots/{snapshot}", - "httpMethod": "DELETE", - "description": "Deletes the specified Snapshot resource. Keep in mind that deleting a single snapshot might not necessarily delete all the data on that snapshot. If any data on the snapshot that is marked for deletion is needed for subsequent snapshots, the data will be moved to the next corresponding snapshot.\n\nFor more information, see Deleting snaphots.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "DisksResizeRequest": { + "id": "DisksResizeRequest", + "properties": { + "sizeGb": { + "description": "The new size of the persistent disk, which is specified in GB.", + "format": "int64", + "type": "string" + } }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + "type": "object" + }, + "DisksScopedList": { + "id": "DisksScopedList", + "properties": { + "disks": { + "description": "[Output Only] List of disks contained in this scope.", + "items": { + "$ref": "Disk" + }, + "type": "array" + }, + "warning": { + "description": "[Output Only] Informational warning which replaces the list of disks when the list is empty.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "snapshot": { - "type": "string", - "description": "Name of the Snapshot resource to delete.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "snapshot" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "get": { - "id": "compute.snapshots.get", - "path": "{project}/global/snapshots/{snapshot}", - "httpMethod": "GET", - "description": "Returns the specified Snapshot resource. Get a list of available snapshots by making a list() request.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "Firewall": { + "description": "Represents a Firewall resource.", + "id": "Firewall", + "properties": { + "allowed": { + "description": "The list of ALLOW rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a permitted connection.", + "items": { + "properties": { + "IPProtocol": { + "description": "The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.", + "type": "string" + }, + "ports": { + "description": "An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port.\n\nExample inputs include: [\"22\"], [\"80\",\"443\"], and [\"12345-12349\"].", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "creationTimestamp": { + "description": "[Output Only] Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "denied": { + "description": "The list of DENY rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a denied connection.", + "items": { + "properties": { + "IPProtocol": { + "description": "The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.", + "type": "string" + }, + "ports": { + "description": "An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port.\n\nExample inputs include: [\"22\"], [\"80\",\"443\"], and [\"12345-12349\"].", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "description": { + "description": "An optional description of this resource. Provide this property when you create the resource.", + "type": "string" + }, + "destinationRanges": { + "description": "If destination ranges are specified, the firewall will apply only to traffic that has destination IP address in these ranges. These ranges must be expressed in CIDR format. Only IPv4 is supported.", + "items": { + "type": "string" + }, + "type": "array" + }, + "direction": { + "description": "Direction of traffic to which this firewall applies; default is INGRESS. Note: For INGRESS traffic, it is NOT supported to specify destinationRanges; For EGRESS traffic, it is NOT supported to specify sourceRanges OR sourceTags.", + "enum": [ + "EGRESS", + "INGRESS" + ], + "enumDescriptions": [ + "", + "" + ], + "type": "string" + }, + "id": { + "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", + "format": "uint64", + "type": "string" + }, + "kind": { + "default": "compute#firewall", + "description": "[Output Only] Type of the resource. Always compute#firewall for firewall rules.", + "type": "string" + }, + "name": { + "annotations": { + "required": [ + "compute.firewalls.insert", + "compute.firewalls.patch" + ] + }, + "description": "Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "type": "string" + }, + "network": { + "description": "URL of the network resource for this firewall rule. If not specified when creating a firewall rule, the default network is used:\nglobal/networks/default\nIf you choose to specify this property, you can specify the network as a full or partial URL. For example, the following are all valid URLs: \n- https://www.googleapis.com/compute/v1/projects/myproject/global/networks/my-network \n- projects/myproject/global/networks/my-network \n- global/networks/default", + "type": "string" + }, + "priority": { + "description": "Priority for this rule. This is an integer between 0 and 65535, both inclusive. When not specified, the value assumed is 1000. Relative priorities determine precedence of conflicting rules. Lower value of priority implies higher precedence (eg, a rule with priority 0 has higher precedence than a rule with priority 1). DENY rules take precedence over ALLOW rules having equal priority.", + "format": "int32", + "type": "integer" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for the resource.", + "type": "string" + }, + "sourceRanges": { + "description": "If source ranges are specified, the firewall will apply only to traffic that has source IP address in these ranges. These ranges must be expressed in CIDR format. One or both of sourceRanges and sourceTags may be set. If both properties are set, the firewall will apply to traffic that has source IP address within sourceRanges OR the source IP that belongs to a tag listed in the sourceTags property. The connection does not need to match both properties for the firewall to apply. Only IPv4 is supported.", + "items": { + "type": "string" + }, + "type": "array" + }, + "sourceServiceAccounts": { + "description": "If source service accounts are specified, the firewall will apply only to traffic originating from an instance with a service account in this list. Source service accounts cannot be used to control traffic to an instance's external IP address because service accounts are associated with an instance, not an IP address. sourceRanges can be set at the same time as sourceServiceAccounts. If both are set, the firewall will apply to traffic that has source IP address within sourceRanges OR the source IP belongs to an instance with service account listed in sourceServiceAccount. The connection does not need to match both properties for the firewall to apply. sourceServiceAccounts cannot be used at the same time as sourceTags or targetTags.", + "items": { + "type": "string" + }, + "type": "array" + }, + "sourceTags": { + "description": "If source tags are specified, the firewall rule applies only to traffic with source IPs that match the primary network interfaces of VM instances that have the tag and are in the same VPC network. Source tags cannot be used to control traffic to an instance's external IP address, it only applies to traffic between instances in the same virtual network. Because tags are associated with instances, not IP addresses. One or both of sourceRanges and sourceTags may be set. If both properties are set, the firewall will apply to traffic that has source IP address within sourceRanges OR the source IP that belongs to a tag listed in the sourceTags property. The connection does not need to match both properties for the firewall to apply.", + "items": { + "type": "string" + }, + "type": "array" + }, + "targetServiceAccounts": { + "description": "A list of service accounts indicating sets of instances located in the network that may make network connections as specified in allowed[]. targetServiceAccounts cannot be used at the same time as targetTags or sourceTags. If neither targetServiceAccounts nor targetTags are specified, the firewall rule applies to all instances on the specified network.", + "items": { + "type": "string" + }, + "type": "array" + }, + "targetTags": { + "description": "A list of tags that controls which instances the firewall rule applies to. If targetTags are specified, then the firewall rule applies only to instances in the VPC network that have one of those tags. If no targetTags are specified, the firewall rule applies to all instances on the specified network.", + "items": { + "type": "string" + }, + "type": "array" + } }, - "snapshot": { - "type": "string", - "description": "Name of the Snapshot resource to return.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "snapshot" - ], - "response": { - "$ref": "Snapshot" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "list": { - "id": "compute.snapshots.list", - "path": "{project}/global/snapshots", - "httpMethod": "GET", - "description": "Retrieves the list of Snapshot resources contained within the specified project.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" + "type": "object" + }, + "FirewallList": { + "description": "Contains a list of firewalls.", + "id": "FirewallList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "description": "A list of Firewall resources.", + "items": { + "$ref": "Firewall" + }, + "type": "array" + }, + "kind": { + "default": "compute#firewallList", + "description": "[Output Only] Type of resource. Always compute#firewallList for lists of firewalls.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" + "type": "object" + }, + "ForwardingRule": { + "description": "A ForwardingRule resource. A ForwardingRule resource specifies which pool of target virtual machines to forward a packet to if it matches the given [IPAddress, IPProtocol, ports] tuple. (== resource_for beta.forwardingRules ==) (== resource_for v1.forwardingRules ==) (== resource_for beta.globalForwardingRules ==) (== resource_for v1.globalForwardingRules ==) (== resource_for beta.regionForwardingRules ==) (== resource_for v1.regionForwardingRules ==)", + "id": "ForwardingRule", + "properties": { + "IPAddress": { + "description": "The IP address that this forwarding rule is serving on behalf of.\n\nAddresses are restricted based on the forwarding rule's load balancing scheme (EXTERNAL or INTERNAL) and scope (global or regional).\n\nWhen the load balancing scheme is EXTERNAL, for global forwarding rules, the address must be a global IP, and for regional forwarding rules, the address must live in the same region as the forwarding rule. If this field is empty, an ephemeral IPv4 address from the same scope (global or regional) will be assigned. A regional forwarding rule supports IPv4 only. A global forwarding rule supports either IPv4 or IPv6.\n\nWhen the load balancing scheme is INTERNAL, this can only be an RFC 1918 IP address belonging to the network/subnet configured for the forwarding rule. By default, if this field is empty, an ephemeral internal IP address will be automatically allocated from the IP range of the subnet or network configured for this forwarding rule.\n\nAn address can be specified either by a literal IP address or a URL reference to an existing Address resource. The following examples are all valid: \n- 100.1.2.3 \n- https://www.googleapis.com/compute/v1/projects/project/regions/region/addresses/address \n- projects/project/regions/region/addresses/address \n- regions/region/addresses/address \n- global/addresses/address \n- address", + "type": "string" + }, + "IPProtocol": { + "description": "The IP protocol to which this rule applies. Valid options are TCP, UDP, ESP, AH, SCTP or ICMP.\n\nWhen the load balancing scheme is INTERNAL, only TCP and UDP are valid.", + "enum": [ + "AH", + "ESP", + "ICMP", + "SCTP", + "TCP", + "UDP" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "backendService": { + "description": "This field is not used for external load balancing.\n\nFor internal load balancing, this field identifies the BackendService resource to receive the matched traffic.", + "type": "string" + }, + "creationTimestamp": { + "description": "[Output Only] Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "description": { + "description": "An optional description of this resource. Provide this property when you create the resource.", + "type": "string" + }, + "id": { + "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", + "format": "uint64", + "type": "string" + }, + "ipVersion": { + "description": "The IP Version that will be used by this forwarding rule. Valid options are IPV4 or IPV6. This can only be specified for a global forwarding rule.", + "enum": [ + "IPV4", + "IPV6", + "UNSPECIFIED_VERSION" + ], + "enumDescriptions": [ + "", + "", + "" + ], + "type": "string" + }, + "kind": { + "default": "compute#forwardingRule", + "description": "[Output Only] Type of the resource. Always compute#forwardingRule for Forwarding Rule resources.", + "type": "string" + }, + "loadBalancingScheme": { + "description": "This signifies what the ForwardingRule will be used for and can only take the following values: INTERNAL, EXTERNAL The value of INTERNAL means that this will be used for Internal Network Load Balancing (TCP, UDP). The value of EXTERNAL means that this will be used for External Load Balancing (HTTP(S) LB, External TCP/UDP LB, SSL Proxy)", + "enum": [ + "EXTERNAL", + "INTERNAL", + "INVALID" + ], + "enumDescriptions": [ + "", + "", + "" + ], + "type": "string" + }, + "name": { + "description": "Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "type": "string" + }, + "network": { + "description": "This field is not used for external load balancing.\n\nFor internal load balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If this field is not specified, the default network will be used.", + "type": "string" + }, + "portRange": { + "description": "This field is used along with the target field for TargetHttpProxy, TargetHttpsProxy, TargetSslProxy, TargetTcpProxy, TargetVpnGateway, TargetPool, TargetInstance.\n\nApplicable only when IPProtocol is TCP, UDP, or SCTP, only packets addressed to ports in the specified range will be forwarded to target. Forwarding rules with the same [IPAddress, IPProtocol] pair must have disjoint port ranges.\n\nSome types of forwarding target have constraints on the acceptable ports: \n- TargetHttpProxy: 80, 8080 \n- TargetHttpsProxy: 443 \n- TargetTcpProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1883, 5222 \n- TargetSslProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1883, 5222 \n- TargetVpnGateway: 500, 4500", + "type": "string" + }, + "ports": { + "description": "This field is used along with the backend_service field for internal load balancing.\n\nWhen the load balancing scheme is INTERNAL, a single port or a comma separated list of ports can be configured. Only packets addressed to these ports will be forwarded to the backends configured with this forwarding rule.\n\nYou may specify a maximum of up to 5 ports.", + "items": { + "type": "string" + }, + "type": "array" + }, + "region": { + "description": "[Output Only] URL of the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for the resource.", + "type": "string" + }, + "subnetwork": { + "description": "This field is not used for external load balancing.\n\nFor internal load balancing, this field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule.\n\nIf the network specified is in auto subnet mode, this field is optional. However, if the network is in custom subnet mode, a subnetwork must be specified.", + "type": "string" + }, + "target": { + "description": "The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must live in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.", + "type": "string" + } }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" + "type": "object" + }, + "ForwardingRuleAggregatedList": { + "id": "ForwardingRuleAggregatedList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "additionalProperties": { + "$ref": "ForwardingRulesScopedList", + "description": "Name of the scope containing this set of addresses." + }, + "description": "A list of ForwardingRulesScopedList resources.", + "type": "object" + }, + "kind": { + "default": "compute#forwardingRuleAggregatedList", + "description": "[Output Only] Type of resource. Always compute#forwardingRuleAggregatedList for lists of forwarding rules.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" + "type": "object" + }, + "ForwardingRuleList": { + "description": "Contains a list of ForwardingRule resources.", + "id": "ForwardingRuleList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "description": "A list of ForwardingRule resources.", + "items": { + "$ref": "ForwardingRule" + }, + "type": "array" + }, + "kind": { + "default": "compute#forwardingRuleList", + "description": "Type of resource.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "SnapshotList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "setLabels": { - "id": "compute.snapshots.setLabels", - "path": "{project}/global/snapshots/{resource}/setLabels", - "httpMethod": "POST", - "description": "Sets the labels on a snapshot. To learn more about labels, read the Labeling Resources documentation.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "ForwardingRulesScopedList": { + "id": "ForwardingRulesScopedList", + "properties": { + "forwardingRules": { + "description": "List of forwarding rules contained in this scope.", + "items": { + "$ref": "ForwardingRule" + }, + "type": "array" + }, + "warning": { + "description": "Informational warning which replaces the list of forwarding rules when the list is empty.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "resource": { - "type": "string", - "description": "Name of the resource for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9_]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "resource" - ], - "request": { - "$ref": "GlobalSetLabelsRequest" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - } - } - }, - "sslCertificates": { - "methods": { - "delete": { - "id": "compute.sslCertificates.delete", - "path": "{project}/global/sslCertificates/{sslCertificate}", - "httpMethod": "DELETE", - "description": "Deletes the specified SslCertificate resource.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "GlobalSetLabelsRequest": { + "id": "GlobalSetLabelsRequest", + "properties": { + "labelFingerprint": { + "description": "The fingerprint of the previous set of labels for this resource, used to detect conflicts. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash when updating or changing labels. Make a get() request to the resource to get the latest fingerprint.", + "format": "byte", + "type": "string" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "description": "A list of labels to apply for this resource. Each label key \u0026 value must comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For example, \"webserver-frontend\": \"images\". A label value can also be empty (e.g. \"my-label\": \"\").", + "type": "object" + } }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + "type": "object" + }, + "GuestOsFeature": { + "description": "Guest OS features.", + "id": "GuestOsFeature", + "properties": { + "type": { + "description": "The ID of a supported feature. Read Enabling guest operating system features to see a list of available options.", + "enum": [ + "FEATURE_TYPE_UNSPECIFIED", + "MULTI_IP_SUBNET", + "VIRTIO_SCSI_MULTIQUEUE", + "WINDOWS" + ], + "enumDescriptions": [ + "", + "", + "", + "" + ], + "type": "string" + } }, - "sslCertificate": { - "type": "string", - "description": "Name of the SslCertificate resource to delete.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "sslCertificate" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "get": { - "id": "compute.sslCertificates.get", - "path": "{project}/global/sslCertificates/{sslCertificate}", - "httpMethod": "GET", - "description": "Returns the specified SslCertificate resource. Get a list of available SSL certificates by making a list() request.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "HTTPHealthCheck": { + "id": "HTTPHealthCheck", + "properties": { + "host": { + "description": "The value of the host header in the HTTP health check request. If left empty (default value), the IP on behalf of which this health check is performed will be used.", + "type": "string" + }, + "port": { + "description": "The TCP port number for the health check request. The default value is 80. Valid values are 1 through 65535.", + "format": "int32", + "type": "integer" + }, + "portName": { + "description": "Port name as defined in InstanceGroup#NamedPort#name. If both port and port_name are defined, port takes precedence.", + "type": "string" + }, + "proxyHeader": { + "description": "Specifies the type of proxy header to append before sending data to the backend, either NONE or PROXY_V1. The default is NONE.", + "enum": [ + "NONE", + "PROXY_V1" + ], + "enumDescriptions": [ + "", + "" + ], + "type": "string" + }, + "requestPath": { + "description": "The request path of the HTTP health check request. The default value is /.", + "type": "string" + } }, - "sslCertificate": { - "type": "string", - "description": "Name of the SslCertificate resource to return.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "sslCertificate" - ], - "response": { - "$ref": "SslCertificate" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "insert": { - "id": "compute.sslCertificates.insert", - "path": "{project}/global/sslCertificates", - "httpMethod": "POST", - "description": "Creates a SslCertificate resource in the specified project using the data included in the request.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "HTTPSHealthCheck": { + "id": "HTTPSHealthCheck", + "properties": { + "host": { + "description": "The value of the host header in the HTTPS health check request. If left empty (default value), the IP on behalf of which this health check is performed will be used.", + "type": "string" + }, + "port": { + "description": "The TCP port number for the health check request. The default value is 443. Valid values are 1 through 65535.", + "format": "int32", + "type": "integer" + }, + "portName": { + "description": "Port name as defined in InstanceGroup#NamedPort#name. If both port and port_name are defined, port takes precedence.", + "type": "string" + }, + "proxyHeader": { + "description": "Specifies the type of proxy header to append before sending data to the backend, either NONE or PROXY_V1. The default is NONE.", + "enum": [ + "NONE", + "PROXY_V1" + ], + "enumDescriptions": [ + "", + "" + ], + "type": "string" + }, + "requestPath": { + "description": "The request path of the HTTPS health check request. The default value is /.", + "type": "string" + } }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project" - ], - "request": { - "$ref": "SslCertificate" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "list": { - "id": "compute.sslCertificates.list", - "path": "{project}/global/sslCertificates", - "httpMethod": "GET", - "description": "Retrieves the list of SslCertificate resources available to the specified project.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" + "type": "object" + }, + "HealthCheck": { + "description": "An HealthCheck resource. This resource defines a template for how individual virtual machines should be checked for health, via one of the supported protocols.", + "id": "HealthCheck", + "properties": { + "checkIntervalSec": { + "description": "How often (in seconds) to send a health check. The default value is 5 seconds.", + "format": "int32", + "type": "integer" + }, + "creationTimestamp": { + "description": "[Output Only] Creation timestamp in 3339 text format.", + "type": "string" + }, + "description": { + "description": "An optional description of this resource. Provide this property when you create the resource.", + "type": "string" + }, + "healthyThreshold": { + "description": "A so-far unhealthy instance will be marked healthy after this many consecutive successes. The default value is 2.", + "format": "int32", + "type": "integer" + }, + "httpHealthCheck": { + "$ref": "HTTPHealthCheck" + }, + "httpsHealthCheck": { + "$ref": "HTTPSHealthCheck" + }, + "id": { + "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", + "format": "uint64", + "type": "string" + }, + "kind": { + "default": "compute#healthCheck", + "description": "Type of the resource.", + "type": "string" + }, + "name": { + "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for the resource.", + "type": "string" + }, + "sslHealthCheck": { + "$ref": "SSLHealthCheck" + }, + "tcpHealthCheck": { + "$ref": "TCPHealthCheck" + }, + "timeoutSec": { + "description": "How long (in seconds) to wait before claiming failure. The default value is 5 seconds. It is invalid for timeoutSec to have greater value than checkIntervalSec.", + "format": "int32", + "type": "integer" + }, + "type": { + "description": "Specifies the type of the healthCheck, either TCP, SSL, HTTP or HTTPS. If not specified, the default is TCP. Exactly one of the protocol-specific health check field must be specified, which must match type field.", + "enum": [ + "HTTP", + "HTTPS", + "INVALID", + "SSL", + "TCP" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "unhealthyThreshold": { + "description": "A so-far healthy instance will be marked unhealthy after this many consecutive failures. The default value is 2.", + "format": "int32", + "type": "integer" + } }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" + "type": "object" + }, + "HealthCheckList": { + "description": "Contains a list of HealthCheck resources.", + "id": "HealthCheckList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "description": "A list of HealthCheck resources.", + "items": { + "$ref": "HealthCheck" + }, + "type": "array" + }, + "kind": { + "default": "compute#healthCheckList", + "description": "Type of resource.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" + "type": "object" + }, + "HealthCheckReference": { + "description": "A full or valid partial URL to a health check. For example, the following are valid URLs: \n- https://www.googleapis.com/compute/beta/projects/project-id/global/httpHealthChecks/health-check \n- projects/project-id/global/httpHealthChecks/health-check \n- global/httpHealthChecks/health-check", + "id": "HealthCheckReference", + "properties": { + "healthCheck": { + "type": "string" + } }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" + "type": "object" + }, + "HealthStatus": { + "id": "HealthStatus", + "properties": { + "healthState": { + "description": "Health state of the instance.", + "enum": [ + "HEALTHY", + "UNHEALTHY" + ], + "enumDescriptions": [ + "", + "" + ], + "type": "string" + }, + "instance": { + "description": "URL of the instance resource.", + "type": "string" + }, + "ipAddress": { + "description": "The IP address represented by this resource.", + "type": "string" + }, + "port": { + "description": "The port on the instance.", + "format": "int32", + "type": "integer" + } }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "SslCertificateList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - } - } - }, - "subnetworks": { - "methods": { - "aggregatedList": { - "id": "compute.subnetworks.aggregatedList", - "path": "{project}/aggregated/subnetworks", - "httpMethod": "GET", - "description": "Retrieves an aggregated list of subnetworks.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" + "type": "object" + }, + "HostRule": { + "description": "UrlMaps A host-matching rule for a URL. If matched, will use the named PathMatcher to select the BackendService.", + "id": "HostRule", + "properties": { + "description": { + "description": "An optional description of this resource. Provide this property when you create the resource.", + "type": "string" + }, + "hosts": { + "description": "The list of host patterns to match. They must be valid hostnames, except * will match any string of ([a-z0-9-.]*). In that case, * must be the first character and must be followed in the pattern by either - or ..", + "items": { + "type": "string" + }, + "type": "array" + }, + "pathMatcher": { + "description": "The name of the PathMatcher to use to match the path portion of the URL if the hostRule matches the URL's host portion.", + "type": "string" + } }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" + "type": "object" + }, + "HttpHealthCheck": { + "description": "An HttpHealthCheck resource. This resource defines a template for how individual instances should be checked for health, via HTTP.", + "id": "HttpHealthCheck", + "properties": { + "checkIntervalSec": { + "description": "How often (in seconds) to send a health check. The default value is 5 seconds.", + "format": "int32", + "type": "integer" + }, + "creationTimestamp": { + "description": "[Output Only] Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "description": { + "description": "An optional description of this resource. Provide this property when you create the resource.", + "type": "string" + }, + "healthyThreshold": { + "description": "A so-far unhealthy instance will be marked healthy after this many consecutive successes. The default value is 2.", + "format": "int32", + "type": "integer" + }, + "host": { + "description": "The value of the host header in the HTTP health check request. If left empty (default value), the public IP on behalf of which this health check is performed will be used.", + "type": "string" + }, + "id": { + "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", + "format": "uint64", + "type": "string" + }, + "kind": { + "default": "compute#httpHealthCheck", + "description": "[Output Only] Type of the resource. Always compute#httpHealthCheck for HTTP health checks.", + "type": "string" + }, + "name": { + "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "type": "string" + }, + "port": { + "description": "The TCP port number for the HTTP health check request. The default value is 80.", + "format": "int32", + "type": "integer" + }, + "requestPath": { + "description": "The request path of the HTTP health check request. The default value is /.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for the resource.", + "type": "string" + }, + "timeoutSec": { + "description": "How long (in seconds) to wait before claiming failure. The default value is 5 seconds. It is invalid for timeoutSec to have greater value than checkIntervalSec.", + "format": "int32", + "type": "integer" + }, + "unhealthyThreshold": { + "description": "A so-far healthy instance will be marked unhealthy after this many consecutive failures. The default value is 2.", + "format": "int32", + "type": "integer" + } }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" + "type": "object" + }, + "HttpHealthCheckList": { + "description": "Contains a list of HttpHealthCheck resources.", + "id": "HttpHealthCheckList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "description": "A list of HttpHealthCheck resources.", + "items": { + "$ref": "HttpHealthCheck" + }, + "type": "array" + }, + "kind": { + "default": "compute#httpHealthCheckList", + "description": "Type of resource.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" + "type": "object" + }, + "HttpsHealthCheck": { + "description": "An HttpsHealthCheck resource. This resource defines a template for how individual instances should be checked for health, via HTTPS.", + "id": "HttpsHealthCheck", + "properties": { + "checkIntervalSec": { + "description": "How often (in seconds) to send a health check. The default value is 5 seconds.", + "format": "int32", + "type": "integer" + }, + "creationTimestamp": { + "description": "[Output Only] Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "description": { + "description": "An optional description of this resource. Provide this property when you create the resource.", + "type": "string" + }, + "healthyThreshold": { + "description": "A so-far unhealthy instance will be marked healthy after this many consecutive successes. The default value is 2.", + "format": "int32", + "type": "integer" + }, + "host": { + "description": "The value of the host header in the HTTPS health check request. If left empty (default value), the public IP on behalf of which this health check is performed will be used.", + "type": "string" + }, + "id": { + "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", + "format": "uint64", + "type": "string" + }, + "kind": { + "default": "compute#httpsHealthCheck", + "description": "Type of the resource.", + "type": "string" + }, + "name": { + "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "type": "string" + }, + "port": { + "description": "The TCP port number for the HTTPS health check request. The default value is 443.", + "format": "int32", + "type": "integer" + }, + "requestPath": { + "description": "The request path of the HTTPS health check request. The default value is \"/\".", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for the resource.", + "type": "string" + }, + "timeoutSec": { + "description": "How long (in seconds) to wait before claiming failure. The default value is 5 seconds. It is invalid for timeoutSec to have a greater value than checkIntervalSec.", + "format": "int32", + "type": "integer" + }, + "unhealthyThreshold": { + "description": "A so-far healthy instance will be marked unhealthy after this many consecutive failures. The default value is 2.", + "format": "int32", + "type": "integer" + } }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "SubnetworkAggregatedList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "delete": { - "id": "compute.subnetworks.delete", - "path": "{project}/regions/{region}/subnetworks/{subnetwork}", - "httpMethod": "DELETE", - "description": "Deletes the specified subnetwork.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "HttpsHealthCheckList": { + "description": "Contains a list of HttpsHealthCheck resources.", + "id": "HttpsHealthCheckList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "description": "A list of HttpsHealthCheck resources.", + "items": { + "$ref": "HttpsHealthCheck" + }, + "type": "array" + }, + "kind": { + "default": "compute#httpsHealthCheckList", + "description": "Type of resource.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "region": { - "type": "string", - "description": "Name of the region scoping this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" + "type": "object" + }, + "Image": { + "description": "An Image resource. (== resource_for beta.images ==) (== resource_for v1.images ==)", + "id": "Image", + "properties": { + "archiveSizeBytes": { + "description": "Size of the image tar.gz archive stored in Google Cloud Storage (in bytes).", + "format": "int64", + "type": "string" + }, + "creationTimestamp": { + "description": "[Output Only] Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "deprecated": { + "$ref": "DeprecationStatus", + "description": "The deprecation status associated with this image." + }, + "description": { + "description": "An optional description of this resource. Provide this property when you create the resource.", + "type": "string" + }, + "diskSizeGb": { + "description": "Size of the image when restored onto a persistent disk (in GB).", + "format": "int64", + "type": "string" + }, + "family": { + "description": "The name of the image family to which this image belongs. You can create disks by specifying an image family instead of a specific image name. The image family always returns its latest image that is not deprecated. The name of the image family must comply with RFC1035.", + "type": "string" + }, + "guestOsFeatures": { + "description": "A list of features to enable on the guest operating system. Applicable only for bootable images. Read Enabling guest operating system features to see a list of available options.", + "items": { + "$ref": "GuestOsFeature" + }, + "type": "array" + }, + "id": { + "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", + "format": "uint64", + "type": "string" + }, + "imageEncryptionKey": { + "$ref": "CustomerEncryptionKey", + "description": "Encrypts the image using a customer-supplied encryption key.\n\nAfter you encrypt an image with a customer-supplied key, you must provide the same key if you use the image later (e.g. to create a disk from the image).\n\nCustomer-supplied encryption keys do not protect access to metadata of the disk.\n\nIf you do not provide an encryption key when creating the image, then the disk will be encrypted using an automatically generated key and you do not need to provide a key to use the image later." + }, + "kind": { + "default": "compute#image", + "description": "[Output Only] Type of the resource. Always compute#image for images.", + "type": "string" + }, + "labelFingerprint": { + "description": "A fingerprint for the labels being applied to this image, which is essentially a hash of the labels used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash in order to update or change labels.\n\nTo see the latest fingerprint, make a get() request to retrieve an image.", + "format": "byte", + "type": "string" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "description": "Labels to apply to this image. These can be later modified by the setLabels method.", + "type": "object" + }, + "licenses": { + "description": "Any applicable license URI.", + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "annotations": { + "required": [ + "compute.images.insert" + ] + }, + "description": "Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "type": "string" + }, + "rawDisk": { + "description": "The parameters of the raw disk image.", + "properties": { + "containerType": { + "description": "The format used to encode and transmit the block device, which should be TAR. This is just a container and transmission format and not a runtime format. Provided by the client when the disk image is created.", + "enum": [ + "TAR" + ], + "enumDescriptions": [ + "" + ], + "type": "string" + }, + "sha1Checksum": { + "description": "An optional SHA1 checksum of the disk image before unpackaging; provided by the client when the disk image is created.", + "pattern": "[a-f0-9]{40}", + "type": "string" + }, + "source": { + "annotations": { + "required": [ + "compute.images.insert" + ] + }, + "description": "The full Google Cloud Storage URL where the disk image is stored. You must provide either this property or the sourceDisk property but not both.", + "type": "string" + } + }, + "type": "object" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for the resource.", + "type": "string" + }, + "sourceDisk": { + "description": "URL of the source disk used to create this image. This can be a full or valid partial URL. You must provide either this property or the rawDisk.source property but not both to create an image. For example, the following are valid values: \n- https://www.googleapis.com/compute/v1/projects/project/zones/zone/disks/disk \n- projects/project/zones/zone/disks/disk \n- zones/zone/disks/disk", + "type": "string" + }, + "sourceDiskEncryptionKey": { + "$ref": "CustomerEncryptionKey", + "description": "The customer-supplied encryption key of the source disk. Required if the source disk is protected by a customer-supplied encryption key." + }, + "sourceDiskId": { + "description": "The ID value of the disk used to create this image. This value may be used to determine whether the image was taken from the current or a previous instance of a given disk name.", + "type": "string" + }, + "sourceImage": { + "description": "URL of the source image used to create this image. This can be a full or valid partial URL. You must provide exactly one of: \n- this property, or \n- the rawDisk.source property, or \n- the sourceDisk property in order to create an image.", + "type": "string" + }, + "sourceImageEncryptionKey": { + "$ref": "CustomerEncryptionKey", + "description": "The customer-supplied encryption key of the source image. Required if the source image is protected by a customer-supplied encryption key." + }, + "sourceImageId": { + "description": "[Output Only] The ID value of the image used to create this image. This value may be used to determine whether the image was taken from the current or a previous instance of a given image name.", + "type": "string" + }, + "sourceType": { + "default": "RAW", + "description": "The type of the image used to create this disk. The default and only value is RAW", + "enum": [ + "RAW" + ], + "enumDescriptions": [ + "" + ], + "type": "string" + }, + "status": { + "description": "[Output Only] The status of the image. An image can be used to create other resources, such as instances, only after the image has been successfully created and the status is set to READY. Possible values are FAILED, PENDING, or READY.", + "enum": [ + "FAILED", + "PENDING", + "READY" + ], + "enumDescriptions": [ + "", + "", + "" + ], + "type": "string" + } }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + "type": "object" + }, + "ImageList": { + "description": "Contains a list of images.", + "id": "ImageList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "description": "A list of Image resources.", + "items": { + "$ref": "Image" + }, + "type": "array" + }, + "kind": { + "default": "compute#imageList", + "description": "Type of resource.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "subnetwork": { - "type": "string", - "description": "Name of the Subnetwork resource to delete.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "region", - "subnetwork" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "expandIpCidrRange": { - "id": "compute.subnetworks.expandIpCidrRange", - "path": "{project}/regions/{region}/subnetworks/{subnetwork}/expandIpCidrRange", - "httpMethod": "POST", - "description": "Expands the IP CIDR range of the subnetwork to a specified value.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "Instance": { + "description": "An Instance resource. (== resource_for beta.instances ==) (== resource_for v1.instances ==)", + "id": "Instance", + "properties": { + "canIpForward": { + "description": "Allows this instance to send and receive packets with non-matching destination or source IPs. This is required if you plan to use this instance to forward routes. For more information, see Enabling IP Forwarding.", + "type": "boolean" + }, + "cpuPlatform": { + "description": "[Output Only] The CPU platform used by this instance.", + "type": "string" + }, + "creationTimestamp": { + "description": "[Output Only] Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "deletionProtection": { + "description": "Whether the resource should be protected against deletion.", + "type": "boolean" + }, + "description": { + "description": "An optional description of this resource. Provide this property when you create the resource.", + "type": "string" + }, + "disks": { + "description": "Array of disks associated with this instance. Persistent disks must be created before you can assign them.", + "items": { + "$ref": "AttachedDisk" + }, + "type": "array" + }, + "guestAccelerators": { + "description": "List of the type and count of accelerator cards attached to the instance.", + "items": { + "$ref": "AcceleratorConfig" + }, + "type": "array" + }, + "id": { + "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", + "format": "uint64", + "type": "string" + }, + "kind": { + "default": "compute#instance", + "description": "[Output Only] Type of the resource. Always compute#instance for instances.", + "type": "string" + }, + "labelFingerprint": { + "description": "A fingerprint for this request, which is essentially a hash of the metadata's contents and used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update metadata. You must always provide an up-to-date fingerprint hash in order to update or change metadata.\n\nTo see the latest fingerprint, make get() request to the instance.", + "format": "byte", + "type": "string" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "description": "Labels to apply to this instance. These can be later modified by the setLabels method.", + "type": "object" + }, + "machineType": { + "annotations": { + "required": [ + "compute.instances.insert" + ] + }, + "description": "Full or partial URL of the machine type resource to use for this instance, in the format: zones/zone/machineTypes/machine-type. This is provided by the client when the instance is created. For example, the following is a valid partial url to a predefined machine type:\nzones/us-central1-f/machineTypes/n1-standard-1\n\n\nTo create a custom machine type, provide a URL to a machine type in the following format, where CPUS is 1 or an even number up to 32 (2, 4, 6, ... 24, etc), and MEMORY is the total memory for this instance. Memory must be a multiple of 256 MB and must be supplied in MB (e.g. 5 GB of memory is 5120 MB):\nzones/zone/machineTypes/custom-CPUS-MEMORY\n\n\nFor example: zones/us-central1-f/machineTypes/custom-4-5120 \n\nFor a full list of restrictions, read the Specifications for custom machine types.", + "type": "string" + }, + "metadata": { + "$ref": "Metadata", + "description": "The metadata key/value pairs assigned to this instance. This includes custom metadata and predefined keys." + }, + "minCpuPlatform": { + "description": "Specifies a minimum CPU platform for the VM instance. Applicable values are the friendly names of CPU platforms, such as minCpuPlatform: \"Intel Haswell\" or minCpuPlatform: \"Intel Sandy Bridge\".", + "type": "string" + }, + "name": { + "annotations": { + "required": [ + "compute.instances.insert" + ] + }, + "description": "The name of the resource, provided by the client when initially creating the resource. The resource name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "type": "string" + }, + "networkInterfaces": { + "description": "An array of network configurations for this instance. These specify how interfaces are configured to interact with other network services, such as connecting to the internet. Multiple interfaces are supported per instance.", + "items": { + "$ref": "NetworkInterface" + }, + "type": "array" + }, + "scheduling": { + "$ref": "Scheduling", + "description": "Sets the scheduling options for this instance." + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "serviceAccounts": { + "description": "A list of service accounts, with their specified scopes, authorized for this instance. Only one service account per VM instance is supported.\n\nService accounts generate access tokens that can be accessed through the metadata server and used to authenticate applications on the instance. See Service Accounts for more information.", + "items": { + "$ref": "ServiceAccount" + }, + "type": "array" + }, + "startRestricted": { + "description": "[Output Only] Whether a VM has been restricted for start because Compute Engine has detected suspicious activity.", + "type": "boolean" + }, + "status": { + "description": "[Output Only] The status of the instance. One of the following values: PROVISIONING, STAGING, RUNNING, STOPPING, STOPPED, SUSPENDING, SUSPENDED, and TERMINATED.", + "enum": [ + "PROVISIONING", + "RUNNING", + "STAGING", + "STOPPED", + "STOPPING", + "SUSPENDED", + "SUSPENDING", + "TERMINATED" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "statusMessage": { + "description": "[Output Only] An optional, human-readable explanation of the status.", + "type": "string" + }, + "tags": { + "$ref": "Tags", + "description": "A list of tags to apply to this instance. Tags are used to identify valid sources or targets for network firewalls and are specified by the client during instance creation. The tags can be later modified by the setTags method. Each tag within the list must comply with RFC1035." + }, + "zone": { + "description": "[Output Only] URL of the zone where the instance resides. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.", + "type": "string" + } }, - "region": { - "type": "string", - "description": "Name of the region scoping this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" + "type": "object" + }, + "InstanceAggregatedList": { + "id": "InstanceAggregatedList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "additionalProperties": { + "$ref": "InstancesScopedList", + "description": "[Output Only] Name of the scope containing this set of instances." + }, + "description": "A list of InstancesScopedList resources.", + "type": "object" + }, + "kind": { + "default": "compute#instanceAggregatedList", + "description": "[Output Only] Type of resource. Always compute#instanceAggregatedList for aggregated lists of Instance resources.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + "type": "object" + }, + "InstanceGroup": { + "description": "InstanceGroups (== resource_for beta.instanceGroups ==) (== resource_for v1.instanceGroups ==) (== resource_for beta.regionInstanceGroups ==) (== resource_for v1.regionInstanceGroups ==)", + "id": "InstanceGroup", + "properties": { + "creationTimestamp": { + "description": "[Output Only] The creation timestamp for this instance group in RFC3339 text format.", + "type": "string" + }, + "description": { + "description": "An optional description of this resource. Provide this property when you create the resource.", + "type": "string" + }, + "fingerprint": { + "description": "[Output Only] The fingerprint of the named ports. The system uses this fingerprint to detect conflicts when multiple users change the named ports concurrently.", + "format": "byte", + "type": "string" + }, + "id": { + "description": "[Output Only] A unique identifier for this instance group, generated by the server.", + "format": "uint64", + "type": "string" + }, + "kind": { + "default": "compute#instanceGroup", + "description": "[Output Only] The resource type, which is always compute#instanceGroup for instance groups.", + "type": "string" + }, + "name": { + "annotations": { + "required": [ + "compute.instanceGroupManagers.insert" + ] + }, + "description": "The name of the instance group. The name must be 1-63 characters long, and comply with RFC1035.", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "type": "string" + }, + "namedPorts": { + "description": "Assigns a name to a port number. For example: {name: \"http\", port: 80}\n\nThis allows the system to reference ports by the assigned name instead of a port number. Named ports can also contain multiple ports. For example: [{name: \"http\", port: 80},{name: \"http\", port: 8080}] \n\nNamed ports apply to all instances in this instance group.", + "items": { + "$ref": "NamedPort" + }, + "type": "array" + }, + "network": { + "description": "The URL of the network to which all instances in the instance group belong.", + "type": "string" + }, + "region": { + "description": "The URL of the region where the instance group is located (for regional resources).", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] The URL for this instance group. The server generates this URL.", + "type": "string" + }, + "size": { + "description": "[Output Only] The total number of instances in the instance group.", + "format": "int32", + "type": "integer" + }, + "subnetwork": { + "description": "The URL of the subnetwork to which all instances in the instance group belong.", + "type": "string" + }, + "zone": { + "description": "[Output Only] The URL of the zone where the instance group is located (for zonal resources).", + "type": "string" + } }, - "subnetwork": { - "type": "string", - "description": "Name of the Subnetwork resource to update.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "region", - "subnetwork" - ], - "request": { - "$ref": "SubnetworksExpandIpCidrRangeRequest" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "get": { - "id": "compute.subnetworks.get", - "path": "{project}/regions/{region}/subnetworks/{subnetwork}", - "httpMethod": "GET", - "description": "Returns the specified subnetwork. Get a list of available subnetworks list() request.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "InstanceGroupAggregatedList": { + "id": "InstanceGroupAggregatedList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "additionalProperties": { + "$ref": "InstanceGroupsScopedList", + "description": "The name of the scope that contains this set of instance groups." + }, + "description": "A list of InstanceGroupsScopedList resources.", + "type": "object" + }, + "kind": { + "default": "compute#instanceGroupAggregatedList", + "description": "[Output Only] The resource type, which is always compute#instanceGroupAggregatedList for aggregated lists of instance groups.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "region": { - "type": "string", - "description": "Name of the region scoping this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" + "type": "object" + }, + "InstanceGroupList": { + "description": "A list of InstanceGroup resources.", + "id": "InstanceGroupList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "description": "A list of InstanceGroup resources.", + "items": { + "$ref": "InstanceGroup" + }, + "type": "array" + }, + "kind": { + "default": "compute#instanceGroupList", + "description": "[Output Only] The resource type, which is always compute#instanceGroupList for instance group lists.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "subnetwork": { - "type": "string", - "description": "Name of the Subnetwork resource to return.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "region", - "subnetwork" - ], - "response": { - "$ref": "Subnetwork" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "insert": { - "id": "compute.subnetworks.insert", - "path": "{project}/regions/{region}/subnetworks", - "httpMethod": "POST", - "description": "Creates a subnetwork in the specified project using the data included in the request.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "InstanceGroupManager": { + "description": "An Instance Group Manager resource. (== resource_for beta.instanceGroupManagers ==) (== resource_for v1.instanceGroupManagers ==) (== resource_for beta.regionInstanceGroupManagers ==) (== resource_for v1.regionInstanceGroupManagers ==)", + "id": "InstanceGroupManager", + "properties": { + "baseInstanceName": { + "annotations": { + "required": [ + "compute.instanceGroupManagers.insert" + ] + }, + "description": "The base instance name to use for instances in this group. The value must be 1-58 characters long. Instances are named by appending a hyphen and a random four-character string to the base instance name. The base instance name must comply with RFC1035.", + "pattern": "[a-z][-a-z0-9]{0,57}", + "type": "string" + }, + "creationTimestamp": { + "description": "[Output Only] The creation timestamp for this managed instance group in RFC3339 text format.", + "type": "string" + }, + "currentActions": { + "$ref": "InstanceGroupManagerActionsSummary", + "description": "[Output Only] The list of instance actions and the number of instances in this managed instance group that are scheduled for each of those actions." + }, + "description": { + "description": "An optional description of this resource. Provide this property when you create the resource.", + "type": "string" + }, + "fingerprint": { + "description": "[Output Only] The fingerprint of the resource data. You can use this optional field for optimistic locking when you update the resource.", + "format": "byte", + "type": "string" + }, + "id": { + "description": "[Output Only] A unique identifier for this resource type. The server generates this identifier.", + "format": "uint64", + "type": "string" + }, + "instanceGroup": { + "description": "[Output Only] The URL of the Instance Group resource.", + "type": "string" + }, + "instanceTemplate": { + "description": "The URL of the instance template that is specified for this managed instance group. The group uses this template to create all new instances in the managed instance group.", + "type": "string" + }, + "kind": { + "default": "compute#instanceGroupManager", + "description": "[Output Only] The resource type, which is always compute#instanceGroupManager for managed instance groups.", + "type": "string" + }, + "name": { + "annotations": { + "required": [ + "compute.instanceGroupManagers.insert", + "compute.regionInstanceGroupManagers.insert" + ] + }, + "description": "The name of the managed instance group. The name must be 1-63 characters long, and comply with RFC1035.", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "type": "string" + }, + "namedPorts": { + "description": "Named ports configured for the Instance Groups complementary to this Instance Group Manager.", + "items": { + "$ref": "NamedPort" + }, + "type": "array" + }, + "region": { + "description": "[Output Only] The URL of the region where the managed instance group resides (for regional resources).", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] The URL for this managed instance group. The server defines this URL.", + "type": "string" + }, + "targetPools": { + "description": "The URLs for all TargetPool resources to which instances in the instanceGroup field are added. The target pools automatically apply to all of the instances in the managed instance group.", + "items": { + "type": "string" + }, + "type": "array" + }, + "targetSize": { + "annotations": { + "required": [ + "compute.instanceGroupManagers.insert", + "compute.regionInstanceGroupManagers.insert" + ] + }, + "description": "The target number of running instances for this managed instance group. Deleting or abandoning instances reduces this number. Resizing the group changes this number.", + "format": "int32", + "type": "integer" + }, + "zone": { + "description": "[Output Only] The URL of the zone where the managed instance group is located (for zonal resources).", + "type": "string" + } }, - "region": { - "type": "string", - "description": "Name of the region scoping this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" + "type": "object" + }, + "InstanceGroupManagerActionsSummary": { + "id": "InstanceGroupManagerActionsSummary", + "properties": { + "abandoning": { + "description": "[Output Only] The total number of instances in the managed instance group that are scheduled to be abandoned. Abandoning an instance removes it from the managed instance group without deleting it.", + "format": "int32", + "type": "integer" + }, + "creating": { + "description": "[Output Only] The number of instances in the managed instance group that are scheduled to be created or are currently being created. If the group fails to create any of these instances, it tries again until it creates the instance successfully.\n\nIf you have disabled creation retries, this field will not be populated; instead, the creatingWithoutRetries field will be populated.", + "format": "int32", + "type": "integer" + }, + "creatingWithoutRetries": { + "description": "[Output Only] The number of instances that the managed instance group will attempt to create. The group attempts to create each instance only once. If the group fails to create any of these instances, it decreases the group's targetSize value accordingly.", + "format": "int32", + "type": "integer" + }, + "deleting": { + "description": "[Output Only] The number of instances in the managed instance group that are scheduled to be deleted or are currently being deleted.", + "format": "int32", + "type": "integer" + }, + "none": { + "description": "[Output Only] The number of instances in the managed instance group that are running and have no scheduled actions.", + "format": "int32", + "type": "integer" + }, + "recreating": { + "description": "[Output Only] The number of instances in the managed instance group that are scheduled to be recreated or are currently being being recreated. Recreating an instance deletes the existing root persistent disk and creates a new disk from the image that is defined in the instance template.", + "format": "int32", + "type": "integer" + }, + "refreshing": { + "description": "[Output Only] The number of instances in the managed instance group that are being reconfigured with properties that do not require a restart or a recreate action. For example, setting or removing target pools for the instance.", + "format": "int32", + "type": "integer" + }, + "restarting": { + "description": "[Output Only] The number of instances in the managed instance group that are scheduled to be restarted or are currently being restarted.", + "format": "int32", + "type": "integer" + } }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project", - "region" - ], - "request": { - "$ref": "Subnetwork" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "list": { - "id": "compute.subnetworks.list", - "path": "{project}/regions/{region}/subnetworks", - "httpMethod": "GET", - "description": "Retrieves a list of subnetworks available to the specified project.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" + "type": "object" + }, + "InstanceGroupManagerAggregatedList": { + "id": "InstanceGroupManagerAggregatedList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "additionalProperties": { + "$ref": "InstanceGroupManagersScopedList", + "description": "[Output Only] The name of the scope that contains this set of managed instance groups." + }, + "description": "A list of InstanceGroupManagersScopedList resources.", + "type": "object" + }, + "kind": { + "default": "compute#instanceGroupManagerAggregatedList", + "description": "[Output Only] The resource type, which is always compute#instanceGroupManagerAggregatedList for an aggregated list of managed instance groups.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" + "type": "object" + }, + "InstanceGroupManagerList": { + "description": "[Output Only] A list of managed instance groups.", + "id": "InstanceGroupManagerList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "description": "A list of InstanceGroupManager resources.", + "items": { + "$ref": "InstanceGroupManager" + }, + "type": "array" + }, + "kind": { + "default": "compute#instanceGroupManagerList", + "description": "[Output Only] The resource type, which is always compute#instanceGroupManagerList for a list of managed instance groups.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" + "type": "object" + }, + "InstanceGroupManagersAbandonInstancesRequest": { + "id": "InstanceGroupManagersAbandonInstancesRequest", + "properties": { + "instances": { + "description": "The URLs of one or more instances to abandon. This can be a full URL or a partial URL, such as zones/[ZONE]/instances/[INSTANCE_NAME].", + "items": { + "type": "string" + }, + "type": "array" + } }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" + "type": "object" + }, + "InstanceGroupManagersDeleteInstancesRequest": { + "id": "InstanceGroupManagersDeleteInstancesRequest", + "properties": { + "instances": { + "description": "The URLs of one or more instances to delete. This can be a full URL or a partial URL, such as zones/[ZONE]/instances/[INSTANCE_NAME].", + "items": { + "type": "string" + }, + "type": "array" + } }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "InstanceGroupManagersListManagedInstancesResponse": { + "id": "InstanceGroupManagersListManagedInstancesResponse", + "properties": { + "managedInstances": { + "description": "[Output Only] The list of instances in the managed instance group.", + "items": { + "$ref": "ManagedInstance" + }, + "type": "array" + } }, - "region": { - "type": "string", - "description": "Name of the region scoping this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "region" - ], - "response": { - "$ref": "SubnetworkList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "setPrivateIpGoogleAccess": { - "id": "compute.subnetworks.setPrivateIpGoogleAccess", - "path": "{project}/regions/{region}/subnetworks/{subnetwork}/setPrivateIpGoogleAccess", - "httpMethod": "POST", - "description": "Set whether VMs in this subnet can access Google services without assigning external IP addresses through Private Google Access.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "InstanceGroupManagersRecreateInstancesRequest": { + "id": "InstanceGroupManagersRecreateInstancesRequest", + "properties": { + "instances": { + "description": "The URLs of one or more instances to recreate. This can be a full URL or a partial URL, such as zones/[ZONE]/instances/[INSTANCE_NAME].", + "items": { + "type": "string" + }, + "type": "array" + } }, - "region": { - "type": "string", - "description": "Name of the region scoping this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" + "type": "object" + }, + "InstanceGroupManagersScopedList": { + "id": "InstanceGroupManagersScopedList", + "properties": { + "instanceGroupManagers": { + "description": "[Output Only] The list of managed instance groups that are contained in the specified project and zone.", + "items": { + "$ref": "InstanceGroupManager" + }, + "type": "array" + }, + "warning": { + "description": "[Output Only] The warning that replaces the list of managed instance groups when the list is empty.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + "type": "object" + }, + "InstanceGroupManagersSetInstanceTemplateRequest": { + "id": "InstanceGroupManagersSetInstanceTemplateRequest", + "properties": { + "instanceTemplate": { + "description": "The URL of the instance template that is specified for this managed instance group. The group uses this template to create all new instances in the managed instance group.", + "type": "string" + } }, - "subnetwork": { - "type": "string", - "description": "Name of the Subnetwork resource.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "region", - "subnetwork" - ], - "request": { - "$ref": "SubnetworksSetPrivateIpGoogleAccessRequest" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - } - } - }, - "targetHttpProxies": { - "methods": { - "delete": { - "id": "compute.targetHttpProxies.delete", - "path": "{project}/global/targetHttpProxies/{targetHttpProxy}", - "httpMethod": "DELETE", - "description": "Deletes the specified TargetHttpProxy resource.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "InstanceGroupManagersSetTargetPoolsRequest": { + "id": "InstanceGroupManagersSetTargetPoolsRequest", + "properties": { + "fingerprint": { + "description": "The fingerprint of the target pools information. Use this optional property to prevent conflicts when multiple users change the target pools settings concurrently. Obtain the fingerprint with the instanceGroupManagers.get method. Then, include the fingerprint in your request to ensure that you do not overwrite changes that were applied from another concurrent request.", + "format": "byte", + "type": "string" + }, + "targetPools": { + "description": "The list of target pool URLs that instances in this managed instance group belong to. The managed instance group applies these target pools to all of the instances in the group. Existing instances and new instances in the group all receive these target pool settings.", + "items": { + "type": "string" + }, + "type": "array" + } }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + "type": "object" + }, + "InstanceGroupsAddInstancesRequest": { + "id": "InstanceGroupsAddInstancesRequest", + "properties": { + "instances": { + "description": "The list of instances to add to the instance group.", + "items": { + "$ref": "InstanceReference" + }, + "type": "array" + } }, - "targetHttpProxy": { - "type": "string", - "description": "Name of the TargetHttpProxy resource to delete.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "targetHttpProxy" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "get": { - "id": "compute.targetHttpProxies.get", - "path": "{project}/global/targetHttpProxies/{targetHttpProxy}", - "httpMethod": "GET", - "description": "Returns the specified TargetHttpProxy resource. Get a list of available target HTTP proxies by making a list() request.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "InstanceGroupsListInstances": { + "id": "InstanceGroupsListInstances", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "description": "A list of InstanceWithNamedPorts resources.", + "items": { + "$ref": "InstanceWithNamedPorts" + }, + "type": "array" + }, + "kind": { + "default": "compute#instanceGroupsListInstances", + "description": "[Output Only] The resource type, which is always compute#instanceGroupsListInstances for the list of instances in the specified instance group.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "targetHttpProxy": { - "type": "string", - "description": "Name of the TargetHttpProxy resource to return.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "targetHttpProxy" - ], - "response": { - "$ref": "TargetHttpProxy" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "insert": { - "id": "compute.targetHttpProxies.insert", - "path": "{project}/global/targetHttpProxies", - "httpMethod": "POST", - "description": "Creates a TargetHttpProxy resource in the specified project using the data included in the request.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "InstanceGroupsListInstancesRequest": { + "id": "InstanceGroupsListInstancesRequest", + "properties": { + "instanceState": { + "description": "A filter for the state of the instances in the instance group. Valid options are ALL or RUNNING. If you do not specify this parameter the list includes all instances regardless of their state.", + "enum": [ + "ALL", + "RUNNING" + ], + "enumDescriptions": [ + "", + "" + ], + "type": "string" + } }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project" - ], - "request": { - "$ref": "TargetHttpProxy" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "list": { - "id": "compute.targetHttpProxies.list", - "path": "{project}/global/targetHttpProxies", - "httpMethod": "GET", - "description": "Retrieves the list of TargetHttpProxy resources available to the specified project.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" + "type": "object" + }, + "InstanceGroupsRemoveInstancesRequest": { + "id": "InstanceGroupsRemoveInstancesRequest", + "properties": { + "instances": { + "description": "The list of instances to remove from the instance group.", + "items": { + "$ref": "InstanceReference" + }, + "type": "array" + } }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" + "type": "object" + }, + "InstanceGroupsScopedList": { + "id": "InstanceGroupsScopedList", + "properties": { + "instanceGroups": { + "description": "[Output Only] The list of instance groups that are contained in this scope.", + "items": { + "$ref": "InstanceGroup" + }, + "type": "array" + }, + "warning": { + "description": "[Output Only] An informational warning that replaces the list of instance groups when the list is empty.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" + "type": "object" + }, + "InstanceGroupsSetNamedPortsRequest": { + "id": "InstanceGroupsSetNamedPortsRequest", + "properties": { + "fingerprint": { + "description": "The fingerprint of the named ports information for this instance group. Use this optional property to prevent conflicts when multiple users change the named ports settings concurrently. Obtain the fingerprint with the instanceGroups.get method. Then, include the fingerprint in your request to ensure that you do not overwrite changes that were applied from another concurrent request.", + "format": "byte", + "type": "string" + }, + "namedPorts": { + "description": "The list of named ports to set for this instance group.", + "items": { + "$ref": "NamedPort" + }, + "type": "array" + } }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" + "type": "object" + }, + "InstanceList": { + "description": "Contains a list of instances.", + "id": "InstanceList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "description": "A list of Instance resources.", + "items": { + "$ref": "Instance" + }, + "type": "array" + }, + "kind": { + "default": "compute#instanceList", + "description": "[Output Only] Type of resource. Always compute#instanceList for lists of Instance resources.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "TargetHttpProxyList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "setUrlMap": { - "id": "compute.targetHttpProxies.setUrlMap", - "path": "{project}/targetHttpProxies/{targetHttpProxy}/setUrlMap", - "httpMethod": "POST", - "description": "Changes the URL map for TargetHttpProxy.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "InstanceListReferrers": { + "description": "Contains a list of instance referrers.", + "id": "InstanceListReferrers", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "description": "A list of Reference resources.", + "items": { + "$ref": "Reference" + }, + "type": "array" + }, + "kind": { + "default": "compute#instanceListReferrers", + "description": "[Output Only] Type of resource. Always compute#instanceListReferrers for lists of Instance referrers.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + "type": "object" + }, + "InstanceMoveRequest": { + "id": "InstanceMoveRequest", + "properties": { + "destinationZone": { + "description": "The URL of the destination zone to move the instance. This can be a full or partial URL. For example, the following are all valid URLs to a zone: \n- https://www.googleapis.com/compute/v1/projects/project/zones/zone \n- projects/project/zones/zone \n- zones/zone", + "type": "string" + }, + "targetInstance": { + "description": "The URL of the target instance to move. This can be a full or partial URL. For example, the following are all valid URLs to an instance: \n- https://www.googleapis.com/compute/v1/projects/project/zones/zone/instances/instance \n- projects/project/zones/zone/instances/instance \n- zones/zone/instances/instance", + "type": "string" + } }, - "targetHttpProxy": { - "type": "string", - "description": "Name of the TargetHttpProxy to set a URL map for.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "targetHttpProxy" - ], - "request": { - "$ref": "UrlMapReference" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - } - } - }, - "targetHttpsProxies": { - "methods": { - "delete": { - "id": "compute.targetHttpsProxies.delete", - "path": "{project}/global/targetHttpsProxies/{targetHttpsProxy}", - "httpMethod": "DELETE", - "description": "Deletes the specified TargetHttpsProxy resource.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "InstanceProperties": { + "description": "", + "id": "InstanceProperties", + "properties": { + "canIpForward": { + "description": "Enables instances created based on this template to send packets with source IP addresses other than their own and receive packets with destination IP addresses other than their own. If these instances will be used as an IP gateway or it will be set as the next-hop in a Route resource, specify true. If unsure, leave this set to false. See the Enable IP forwarding documentation for more information.", + "type": "boolean" + }, + "description": { + "description": "An optional text description for the instances that are created from this instance template.", + "type": "string" + }, + "disks": { + "description": "An array of disks that are associated with the instances that are created from this template.", + "items": { + "$ref": "AttachedDisk" + }, + "type": "array" + }, + "guestAccelerators": { + "description": "A list of guest accelerator cards' type and count to use for instances created from the instance template.", + "items": { + "$ref": "AcceleratorConfig" + }, + "type": "array" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "description": "Labels to apply to instances that are created from this template.", + "type": "object" + }, + "machineType": { + "annotations": { + "required": [ + "compute.instanceTemplates.insert" + ] + }, + "description": "The machine type to use for instances that are created from this template.", + "type": "string" + }, + "metadata": { + "$ref": "Metadata", + "description": "The metadata key/value pairs to assign to instances that are created from this template. These pairs can consist of custom metadata or predefined keys. See Project and instance metadata for more information." + }, + "minCpuPlatform": { + "description": "Minimum cpu/platform to be used by this instance. The instance may be scheduled on the specified or newer cpu/platform. Applicable values are the friendly names of CPU platforms, such as minCpuPlatform: \"Intel Haswell\" or minCpuPlatform: \"Intel Sandy Bridge\". For more information, read Specifying a Minimum CPU Platform.", + "type": "string" + }, + "networkInterfaces": { + "description": "An array of network access configurations for this interface.", + "items": { + "$ref": "NetworkInterface" + }, + "type": "array" + }, + "scheduling": { + "$ref": "Scheduling", + "description": "Specifies the scheduling options for the instances that are created from this template." + }, + "serviceAccounts": { + "description": "A list of service accounts with specified scopes. Access tokens for these service accounts are available to the instances that are created from this template. Use metadata queries to obtain the access tokens for these instances.", + "items": { + "$ref": "ServiceAccount" + }, + "type": "array" + }, + "tags": { + "$ref": "Tags", + "description": "A list of tags to apply to the instances that are created from this template. The tags identify valid sources or targets for network firewalls. The setTags method can modify this list of tags. Each tag within the list must comply with RFC1035." + } }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + "type": "object" + }, + "InstanceReference": { + "id": "InstanceReference", + "properties": { + "instance": { + "description": "The URL for a specific instance.", + "type": "string" + } }, - "targetHttpsProxy": { - "type": "string", - "description": "Name of the TargetHttpsProxy resource to delete.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "targetHttpsProxy" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "get": { - "id": "compute.targetHttpsProxies.get", - "path": "{project}/global/targetHttpsProxies/{targetHttpsProxy}", - "httpMethod": "GET", - "description": "Returns the specified TargetHttpsProxy resource. Get a list of available target HTTPS proxies by making a list() request.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "InstanceTemplate": { + "description": "An Instance Template resource. (== resource_for beta.instanceTemplates ==) (== resource_for v1.instanceTemplates ==)", + "id": "InstanceTemplate", + "properties": { + "creationTimestamp": { + "description": "[Output Only] The creation timestamp for this instance template in RFC3339 text format.", + "type": "string" + }, + "description": { + "description": "An optional description of this resource. Provide this property when you create the resource.", + "type": "string" + }, + "id": { + "description": "[Output Only] A unique identifier for this instance template. The server defines this identifier.", + "format": "uint64", + "type": "string" + }, + "kind": { + "default": "compute#instanceTemplate", + "description": "[Output Only] The resource type, which is always compute#instanceTemplate for instance templates.", + "type": "string" + }, + "name": { + "annotations": { + "required": [ + "compute.instanceTemplates.insert" + ] + }, + "description": "Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "type": "string" + }, + "properties": { + "$ref": "InstanceProperties", + "description": "The instance properties for this instance template." + }, + "selfLink": { + "description": "[Output Only] The URL for this instance template. The server defines this URL.", + "type": "string" + } }, - "targetHttpsProxy": { - "type": "string", - "description": "Name of the TargetHttpsProxy resource to return.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "targetHttpsProxy" - ], - "response": { - "$ref": "TargetHttpsProxy" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "insert": { - "id": "compute.targetHttpsProxies.insert", - "path": "{project}/global/targetHttpsProxies", - "httpMethod": "POST", - "description": "Creates a TargetHttpsProxy resource in the specified project using the data included in the request.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "InstanceTemplateList": { + "description": "A list of instance templates.", + "id": "InstanceTemplateList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "description": "A list of InstanceTemplate resources.", + "items": { + "$ref": "InstanceTemplate" + }, + "type": "array" + }, + "kind": { + "default": "compute#instanceTemplateList", + "description": "[Output Only] The resource type, which is always compute#instanceTemplatesListResponse for instance template lists.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project" - ], - "request": { - "$ref": "TargetHttpsProxy" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "list": { - "id": "compute.targetHttpsProxies.list", - "path": "{project}/global/targetHttpsProxies", - "httpMethod": "GET", - "description": "Retrieves the list of TargetHttpsProxy resources available to the specified project.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" + "type": "object" + }, + "InstanceWithNamedPorts": { + "id": "InstanceWithNamedPorts", + "properties": { + "instance": { + "description": "[Output Only] The URL of the instance.", + "type": "string" + }, + "namedPorts": { + "description": "[Output Only] The named ports that belong to this instance group.", + "items": { + "$ref": "NamedPort" + }, + "type": "array" + }, + "status": { + "description": "[Output Only] The status of the instance.", + "enum": [ + "PROVISIONING", + "RUNNING", + "STAGING", + "STOPPED", + "STOPPING", + "SUSPENDED", + "SUSPENDING", + "TERMINATED" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + } }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" + "type": "object" + }, + "InstancesScopedList": { + "id": "InstancesScopedList", + "properties": { + "instances": { + "description": "[Output Only] List of instances contained in this scope.", + "items": { + "$ref": "Instance" + }, + "type": "array" + }, + "warning": { + "description": "[Output Only] Informational warning which replaces the list of instances when the list is empty.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" + "type": "object" + }, + "InstancesSetLabelsRequest": { + "id": "InstancesSetLabelsRequest", + "properties": { + "labelFingerprint": { + "description": "Fingerprint of the previous set of labels for this resource, used to prevent conflicts. Provide the latest fingerprint value when making a request to add or change labels.", + "format": "byte", + "type": "string" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" + "type": "object" + }, + "InstancesSetMachineResourcesRequest": { + "id": "InstancesSetMachineResourcesRequest", + "properties": { + "guestAccelerators": { + "description": "List of the type and count of accelerator cards attached to the instance.", + "items": { + "$ref": "AcceleratorConfig" + }, + "type": "array" + } }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "TargetHttpsProxyList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "setSslCertificates": { - "id": "compute.targetHttpsProxies.setSslCertificates", - "path": "{project}/targetHttpsProxies/{targetHttpsProxy}/setSslCertificates", - "httpMethod": "POST", - "description": "Replaces SslCertificates for TargetHttpsProxy.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "InstancesSetMachineTypeRequest": { + "id": "InstancesSetMachineTypeRequest", + "properties": { + "machineType": { + "description": "Full or partial URL of the machine type resource. See Machine Types for a full list of machine types. For example: zones/us-central1-f/machineTypes/n1-standard-1", + "type": "string" + } }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + "type": "object" + }, + "InstancesSetMinCpuPlatformRequest": { + "id": "InstancesSetMinCpuPlatformRequest", + "properties": { + "minCpuPlatform": { + "description": "Minimum cpu/platform this instance should be started at.", + "type": "string" + } }, - "targetHttpsProxy": { - "type": "string", - "description": "Name of the TargetHttpsProxy resource to set an SslCertificates resource for.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "targetHttpsProxy" - ], - "request": { - "$ref": "TargetHttpsProxiesSetSslCertificatesRequest" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "setUrlMap": { - "id": "compute.targetHttpsProxies.setUrlMap", - "path": "{project}/targetHttpsProxies/{targetHttpsProxy}/setUrlMap", - "httpMethod": "POST", - "description": "Changes the URL map for TargetHttpsProxy.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "InstancesSetServiceAccountRequest": { + "id": "InstancesSetServiceAccountRequest", + "properties": { + "email": { + "description": "Email address of the service account.", + "type": "string" + }, + "scopes": { + "description": "The list of scopes to be made available for this service account.", + "items": { + "type": "string" + }, + "type": "array" + } }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + "type": "object" + }, + "InstancesStartWithEncryptionKeyRequest": { + "id": "InstancesStartWithEncryptionKeyRequest", + "properties": { + "disks": { + "description": "Array of disks associated with this instance that are protected with a customer-supplied encryption key.\n\nIn order to start the instance, the disk url and its corresponding key must be provided.\n\nIf the disk is not protected with a customer-supplied encryption key it should not be specified.", + "items": { + "$ref": "CustomerEncryptionKeyProtectedDisk" + }, + "type": "array" + } }, - "targetHttpsProxy": { - "type": "string", - "description": "Name of the TargetHttpsProxy resource whose URL map is to be set.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "targetHttpsProxy" - ], - "request": { - "$ref": "UrlMapReference" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - } - } - }, - "targetInstances": { - "methods": { - "aggregatedList": { - "id": "compute.targetInstances.aggregatedList", - "path": "{project}/aggregated/targetInstances", - "httpMethod": "GET", - "description": "Retrieves an aggregated list of target instances.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" + "type": "object" + }, + "Interconnect": { + "description": "Represents an Interconnects resource. The Interconnects resource is a dedicated connection between Google's network and your on-premises network. For more information, see the Dedicated overview page. (== resource_for v1.interconnects ==) (== resource_for beta.interconnects ==)", + "id": "Interconnect", + "properties": { + "adminEnabled": { + "description": "Administrative status of the interconnect. When this is set to true, the Interconnect is functional and can carry traffic. When set to false, no packets can be carried over the interconnect and no BGP routes are exchanged over it. By default, the status is set to true.", + "type": "boolean" + }, + "circuitInfos": { + "description": "[Output Only] List of CircuitInfo objects, that describe the individual circuits in this LAG.", + "items": { + "$ref": "InterconnectCircuitInfo" + }, + "type": "array" + }, + "creationTimestamp": { + "description": "[Output Only] Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "customerName": { + "description": "Customer name, to put in the Letter of Authorization as the party authorized to request a crossconnect.", + "type": "string" + }, + "description": { + "description": "An optional description of this resource. Provide this property when you create the resource.", + "type": "string" + }, + "expectedOutages": { + "description": "[Output Only] List of outages expected for this Interconnect.", + "items": { + "$ref": "InterconnectOutageNotification" + }, + "type": "array" + }, + "googleIpAddress": { + "description": "[Output Only] IP address configured on the Google side of the Interconnect link. This can be used only for ping tests.", + "type": "string" + }, + "googleReferenceId": { + "description": "[Output Only] Google reference ID; to be used when raising support tickets with Google or otherwise to debug backend connectivity issues.", + "type": "string" + }, + "id": { + "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", + "format": "uint64", + "type": "string" + }, + "interconnectAttachments": { + "description": "[Output Only] A list of the URLs of all InterconnectAttachments configured to use this Interconnect.", + "items": { + "type": "string" + }, + "type": "array" + }, + "interconnectType": { + "description": "Type of interconnect. Note that \"IT_PRIVATE\" has been deprecated in favor of \"DEDICATED\"", + "enum": [ + "DEDICATED", + "IT_PRIVATE" + ], + "enumDescriptions": [ + "", + "" + ], + "type": "string" + }, + "kind": { + "default": "compute#interconnect", + "description": "[Output Only] Type of the resource. Always compute#interconnect for interconnects.", + "type": "string" + }, + "linkType": { + "description": "Type of link requested. This field indicates speed of each of the links in the bundle, not the entire bundle. Only 10G per link is allowed for a dedicated interconnect. Options: Ethernet_10G_LR", + "enum": [ + "LINK_TYPE_ETHERNET_10G_LR" + ], + "enumDescriptions": [ + "" + ], + "type": "string" + }, + "location": { + "description": "URL of the InterconnectLocation object that represents where this connection is to be provisioned.", + "type": "string" + }, + "name": { + "annotations": { + "required": [ + "compute.interconnects.insert" + ] + }, + "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "type": "string" + }, + "nocContactEmail": { + "description": "Email address to contact the customer NOC for operations and maintenance notifications regarding this Interconnect. If specified, this will be used for notifications in addition to all other forms described, such as Stackdriver logs alerting and Cloud Notifications.", + "type": "string" + }, + "operationalStatus": { + "description": "[Output Only] The current status of whether or not this Interconnect is functional.", + "enum": [ + "OS_ACTIVE", + "OS_UNPROVISIONED" + ], + "enumDescriptions": [ + "", + "" + ], + "type": "string" + }, + "peerIpAddress": { + "description": "[Output Only] IP address configured on the customer side of the Interconnect link. The customer should configure this IP address during turnup when prompted by Google NOC. This can be used only for ping tests.", + "type": "string" + }, + "provisionedLinkCount": { + "description": "[Output Only] Number of links actually provisioned in this interconnect.", + "format": "int32", + "type": "integer" + }, + "requestedLinkCount": { + "description": "Target number of physical links in the link bundle, as requested by the customer.", + "format": "int32", + "type": "integer" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for the resource.", + "type": "string" + } }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" + "type": "object" + }, + "InterconnectAttachment": { + "description": "Represents an InterconnectAttachment (VLAN attachment) resource. For more information, see Creating VLAN Attachments. (== resource_for beta.interconnectAttachments ==) (== resource_for v1.interconnectAttachments ==)", + "id": "InterconnectAttachment", + "properties": { + "cloudRouterIpAddress": { + "description": "[Output Only] IPv4 address + prefix length to be configured on Cloud Router Interface for this interconnect attachment.", + "type": "string" + }, + "creationTimestamp": { + "description": "[Output Only] Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "customerRouterIpAddress": { + "description": "[Output Only] IPv4 address + prefix length to be configured on the customer router subinterface for this interconnect attachment.", + "type": "string" + }, + "description": { + "description": "An optional description of this resource.", + "type": "string" + }, + "googleReferenceId": { + "description": "[Output Only] Google reference ID, to be used when raising support tickets with Google or otherwise to debug backend connectivity issues.", + "type": "string" + }, + "id": { + "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", + "format": "uint64", + "type": "string" + }, + "interconnect": { + "description": "URL of the underlying Interconnect object that this attachment's traffic will traverse through.", + "type": "string" + }, + "kind": { + "default": "compute#interconnectAttachment", + "description": "[Output Only] Type of the resource. Always compute#interconnectAttachment for interconnect attachments.", + "type": "string" + }, + "name": { + "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "type": "string" + }, + "operationalStatus": { + "description": "[Output Only] The current status of whether or not this interconnect attachment is functional.", + "enum": [ + "OS_ACTIVE", + "OS_UNPROVISIONED" + ], + "enumDescriptions": [ + "", + "" + ], + "type": "string" + }, + "privateInterconnectInfo": { + "$ref": "InterconnectAttachmentPrivateInfo", + "description": "[Output Only] Information specific to an InterconnectAttachment. This property is populated if the interconnect that this is attached to is of type DEDICATED." + }, + "region": { + "description": "[Output Only] URL of the region where the regional interconnect attachment resides. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.", + "type": "string" + }, + "router": { + "description": "URL of the cloud router to be used for dynamic routing. This router must be in the same region as this InterconnectAttachment. The InterconnectAttachment will automatically connect the Interconnect to the network \u0026 region within which the Cloud Router is configured.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for the resource.", + "type": "string" + } }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" + "type": "object" + }, + "InterconnectAttachmentAggregatedList": { + "id": "InterconnectAttachmentAggregatedList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "additionalProperties": { + "$ref": "InterconnectAttachmentsScopedList", + "description": "Name of the scope containing this set of interconnect attachments." + }, + "description": "A list of InterconnectAttachmentsScopedList resources.", + "type": "object" + }, + "kind": { + "default": "compute#interconnectAttachmentAggregatedList", + "description": "[Output Only] Type of resource. Always compute#interconnectAttachmentAggregatedList for aggregated lists of interconnect attachments.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" + "type": "object" + }, + "InterconnectAttachmentList": { + "description": "Response to the list request, and contains a list of interconnect attachments.", + "id": "InterconnectAttachmentList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "description": "A list of InterconnectAttachment resources.", + "items": { + "$ref": "InterconnectAttachment" + }, + "type": "array" + }, + "kind": { + "default": "compute#interconnectAttachmentList", + "description": "[Output Only] Type of resource. Always compute#interconnectAttachmentList for lists of interconnect attachments.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "TargetInstanceAggregatedList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "delete": { - "id": "compute.targetInstances.delete", - "path": "{project}/zones/{zone}/targetInstances/{targetInstance}", - "httpMethod": "DELETE", - "description": "Deletes the specified TargetInstance resource.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "InterconnectAttachmentPrivateInfo": { + "description": "Information for an interconnect attachment when this belongs to an interconnect of type DEDICATED.", + "id": "InterconnectAttachmentPrivateInfo", + "properties": { + "tag8021q": { + "description": "[Output Only] 802.1q encapsulation tag to be used for traffic between Google and the customer, going to and from this network and region.", + "format": "uint32", + "type": "integer" + } }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + "type": "object" + }, + "InterconnectAttachmentsScopedList": { + "id": "InterconnectAttachmentsScopedList", + "properties": { + "interconnectAttachments": { + "description": "List of interconnect attachments contained in this scope.", + "items": { + "$ref": "InterconnectAttachment" + }, + "type": "array" + }, + "warning": { + "description": "Informational warning which replaces the list of addresses when the list is empty.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "targetInstance": { - "type": "string", - "description": "Name of the TargetInstance resource to delete.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" + "type": "object" + }, + "InterconnectCircuitInfo": { + "description": "Describes a single physical circuit between the Customer and Google. CircuitInfo objects are created by Google, so all fields are output only. Next id: 4", + "id": "InterconnectCircuitInfo", + "properties": { + "customerDemarcId": { + "description": "Customer-side demarc ID for this circuit.", + "type": "string" + }, + "googleCircuitId": { + "description": "Google-assigned unique ID for this circuit. Assigned at circuit turn-up.", + "type": "string" + }, + "googleDemarcId": { + "description": "Google-side demarc ID for this circuit. Assigned at circuit turn-up and provided by Google to the customer in the LOA.", + "type": "string" + } }, - "zone": { - "type": "string", - "description": "Name of the zone scoping this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "targetInstance" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "get": { - "id": "compute.targetInstances.get", - "path": "{project}/zones/{zone}/targetInstances/{targetInstance}", - "httpMethod": "GET", - "description": "Returns the specified TargetInstance resource. Get a list of available target instances by making a list() request.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "InterconnectList": { + "description": "Response to the list request, and contains a list of interconnects.", + "id": "InterconnectList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "description": "A list of Interconnect resources.", + "items": { + "$ref": "Interconnect" + }, + "type": "array" + }, + "kind": { + "default": "compute#interconnectList", + "description": "[Output Only] Type of resource. Always compute#interconnectList for lists of interconnects.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "targetInstance": { - "type": "string", - "description": "Name of the TargetInstance resource to return.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" + "type": "object" + }, + "InterconnectLocation": { + "description": "Represents an InterconnectLocations resource. The InterconnectLocations resource describes the locations where you can connect to Google's networks. For more information, see Colocation Facilities.", + "id": "InterconnectLocation", + "properties": { + "address": { + "description": "[Output Only] The postal address of the Point of Presence, each line in the address is separated by a newline character.", + "type": "string" + }, + "availabilityZone": { + "description": "[Output Only] Availability zone for this location. Within a metropolitan area (metro), maintenance will not be simultaneously scheduled in more than one availability zone. Example: \"zone1\" or \"zone2\".", + "type": "string" + }, + "city": { + "description": "[Output Only] Metropolitan area designator that indicates which city an interconnect is located. For example: \"Chicago, IL\", \"Amsterdam, Netherlands\".", + "type": "string" + }, + "continent": { + "description": "[Output Only] Continent for this location.", + "enum": [ + "AFRICA", + "ASIA_PAC", + "C_AFRICA", + "C_ASIA_PAC", + "C_EUROPE", + "C_NORTH_AMERICA", + "C_SOUTH_AMERICA", + "EUROPE", + "NORTH_AMERICA", + "SOUTH_AMERICA" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "creationTimestamp": { + "description": "[Output Only] Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "description": { + "description": "[Output Only] An optional description of the resource.", + "type": "string" + }, + "facilityProvider": { + "description": "[Output Only] The name of the provider for this facility (e.g., EQUINIX).", + "type": "string" + }, + "facilityProviderFacilityId": { + "description": "[Output Only] A provider-assigned Identifier for this facility (e.g., Ashburn-DC1).", + "type": "string" + }, + "id": { + "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", + "format": "uint64", + "type": "string" + }, + "kind": { + "default": "compute#interconnectLocation", + "description": "[Output Only] Type of the resource. Always compute#interconnectLocation for interconnect locations.", + "type": "string" + }, + "name": { + "description": "[Output Only] Name of the resource.", + "type": "string" + }, + "peeringdbFacilityId": { + "description": "[Output Only] The peeringdb identifier for this facility (corresponding with a netfac type in peeringdb).", + "type": "string" + }, + "regionInfos": { + "description": "[Output Only] A list of InterconnectLocation.RegionInfo objects, that describe parameters pertaining to the relation between this InterconnectLocation and various Google Cloud regions.", + "items": { + "$ref": "InterconnectLocationRegionInfo" + }, + "type": "array" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for the resource.", + "type": "string" + } }, - "zone": { - "type": "string", - "description": "Name of the zone scoping this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "targetInstance" - ], - "response": { - "$ref": "TargetInstance" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "insert": { - "id": "compute.targetInstances.insert", - "path": "{project}/zones/{zone}/targetInstances", - "httpMethod": "POST", - "description": "Creates a TargetInstance resource in the specified project and zone using the data included in the request.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "InterconnectLocationList": { + "description": "Response to the list request, and contains a list of interconnect locations.", + "id": "InterconnectLocationList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "description": "A list of InterconnectLocation resources.", + "items": { + "$ref": "InterconnectLocation" + }, + "type": "array" + }, + "kind": { + "default": "compute#interconnectLocationList", + "description": "[Output Only] Type of resource. Always compute#interconnectLocationList for lists of interconnect locations.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + "type": "object" + }, + "InterconnectLocationRegionInfo": { + "description": "Information about any potential InterconnectAttachments between an Interconnect at a specific InterconnectLocation, and a specific Cloud Region.", + "id": "InterconnectLocationRegionInfo", + "properties": { + "expectedRttMs": { + "description": "Expected round-trip time in milliseconds, from this InterconnectLocation to a VM in this region.", + "format": "int64", + "type": "string" + }, + "locationPresence": { + "description": "Identifies the network presence of this location.", + "enum": [ + "GLOBAL", + "LOCAL_REGION", + "LP_GLOBAL", + "LP_LOCAL_REGION" + ], + "enumDescriptions": [ + "", + "", + "", + "" + ], + "type": "string" + }, + "region": { + "description": "URL for the region of this location.", + "type": "string" + } }, - "zone": { - "type": "string", - "description": "Name of the zone scoping this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone" - ], - "request": { - "$ref": "TargetInstance" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "list": { - "id": "compute.targetInstances.list", - "path": "{project}/zones/{zone}/targetInstances", - "httpMethod": "GET", - "description": "Retrieves a list of TargetInstance resources available to the specified project and zone.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" + "type": "object" + }, + "InterconnectOutageNotification": { + "description": "Description of a planned outage on this Interconnect. Next id: 9", + "id": "InterconnectOutageNotification", + "properties": { + "affectedCircuits": { + "description": "Iff issue_type is IT_PARTIAL_OUTAGE, a list of the Google-side circuit IDs that will be affected.", + "items": { + "type": "string" + }, + "type": "array" + }, + "description": { + "description": "A description about the purpose of the outage.", + "type": "string" + }, + "endTime": { + "description": "Scheduled end time for the outage (milliseconds since Unix epoch).", + "format": "int64", + "type": "string" + }, + "issueType": { + "description": "Form this outage is expected to take. Note that the \"IT_\" versions of this enum have been deprecated in favor of the unprefixed values.", + "enum": [ + "IT_OUTAGE", + "IT_PARTIAL_OUTAGE", + "OUTAGE", + "PARTIAL_OUTAGE" + ], + "enumDescriptions": [ + "", + "", + "", + "" + ], + "type": "string" + }, + "name": { + "description": "Unique identifier for this outage notification.", + "type": "string" + }, + "source": { + "description": "The party that generated this notification. Note that \"NSRC_GOOGLE\" has been deprecated in favor of \"GOOGLE\"", + "enum": [ + "GOOGLE", + "NSRC_GOOGLE" + ], + "enumDescriptions": [ + "", + "" + ], + "type": "string" + }, + "startTime": { + "description": "Scheduled start time for the outage (milliseconds since Unix epoch).", + "format": "int64", + "type": "string" + }, + "state": { + "description": "State of this notification. Note that the \"NS_\" versions of this enum have been deprecated in favor of the unprefixed values.", + "enum": [ + "ACTIVE", + "CANCELLED", + "NS_ACTIVE", + "NS_CANCELED" + ], + "enumDescriptions": [ + "", + "", + "", + "" + ], + "type": "string" + } }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" + "type": "object" + }, + "License": { + "description": "A license resource.", + "id": "License", + "properties": { + "chargesUseFee": { + "description": "[Output Only] Deprecated. This field no longer reflects whether a license charges a usage fee.", + "type": "boolean" + }, + "kind": { + "default": "compute#license", + "description": "[Output Only] Type of resource. Always compute#license for licenses.", + "type": "string" + }, + "name": { + "annotations": { + "required": [ + "compute.images.insert" + ] + }, + "description": "[Output Only] Name of the resource. The name is 1-63 characters long and complies with RFC1035.", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for the resource.", + "type": "string" + } }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" + "type": "object" + }, + "MachineType": { + "description": "A Machine Type resource. (== resource_for v1.machineTypes ==) (== resource_for beta.machineTypes ==)", + "id": "MachineType", + "properties": { + "creationTimestamp": { + "description": "[Output Only] Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "deprecated": { + "$ref": "DeprecationStatus", + "description": "[Output Only] The deprecation status associated with this machine type." + }, + "description": { + "description": "[Output Only] An optional textual description of the resource.", + "type": "string" + }, + "guestCpus": { + "description": "[Output Only] The number of virtual CPUs that are available to the instance.", + "format": "int32", + "type": "integer" + }, + "id": { + "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", + "format": "uint64", + "type": "string" + }, + "imageSpaceGb": { + "description": "[Deprecated] This property is deprecated and will never be populated with any relevant values.", + "format": "int32", + "type": "integer" + }, + "isSharedCpu": { + "description": "[Output Only] Whether this machine type has a shared CPU. See Shared-core machine types for more information.", + "type": "boolean" + }, + "kind": { + "default": "compute#machineType", + "description": "[Output Only] The type of the resource. Always compute#machineType for machine types.", + "type": "string" + }, + "maximumPersistentDisks": { + "description": "[Output Only] Maximum persistent disks allowed.", + "format": "int32", + "type": "integer" + }, + "maximumPersistentDisksSizeGb": { + "description": "[Output Only] Maximum total persistent disks size (GB) allowed.", + "format": "int64", + "type": "string" + }, + "memoryMb": { + "description": "[Output Only] The amount of physical memory available to the instance, defined in MB.", + "format": "int32", + "type": "integer" + }, + "name": { + "description": "[Output Only] Name of the resource.", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "type": "string" + }, + "scratchDisks": { + "description": "[Output Only] List of extended scratch disks assigned to the instance.", + "items": { + "properties": { + "diskGb": { + "description": "Size of the scratch disk, defined in GB.", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "type": "array" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for the resource.", + "type": "string" + }, + "zone": { + "description": "[Output Only] The name of the zone where the machine type resides, such as us-central1-a.", + "type": "string" + } }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" + "type": "object" + }, + "MachineTypeAggregatedList": { + "id": "MachineTypeAggregatedList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "additionalProperties": { + "$ref": "MachineTypesScopedList", + "description": "[Output Only] Name of the scope containing this set of machine types." + }, + "description": "A list of MachineTypesScopedList resources.", + "type": "object" + }, + "kind": { + "default": "compute#machineTypeAggregatedList", + "description": "[Output Only] Type of resource. Always compute#machineTypeAggregatedList for aggregated lists of machine types.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "MachineTypeList": { + "description": "Contains a list of machine types.", + "id": "MachineTypeList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "description": "A list of MachineType resources.", + "items": { + "$ref": "MachineType" + }, + "type": "array" + }, + "kind": { + "default": "compute#machineTypeList", + "description": "[Output Only] Type of resource. Always compute#machineTypeList for lists of machine types.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "zone": { - "type": "string", - "description": "Name of the zone scoping this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone" - ], - "response": { - "$ref": "TargetInstanceList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - } - } - }, - "targetPools": { - "methods": { - "addHealthCheck": { - "id": "compute.targetPools.addHealthCheck", - "path": "{project}/regions/{region}/targetPools/{targetPool}/addHealthCheck", - "httpMethod": "POST", - "description": "Adds health check URLs to a target pool.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "MachineTypesScopedList": { + "id": "MachineTypesScopedList", + "properties": { + "machineTypes": { + "description": "[Output Only] List of machine types contained in this scope.", + "items": { + "$ref": "MachineType" + }, + "type": "array" + }, + "warning": { + "description": "[Output Only] An informational warning that appears when the machine types list is empty.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "region": { - "type": "string", - "description": "Name of the region scoping this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" + "type": "object" + }, + "ManagedInstance": { + "id": "ManagedInstance", + "properties": { + "currentAction": { + "description": "[Output Only] The current action that the managed instance group has scheduled for the instance. Possible values: \n- NONE The instance is running, and the managed instance group does not have any scheduled actions for this instance. \n- CREATING The managed instance group is creating this instance. If the group fails to create this instance, it will try again until it is successful. \n- CREATING_WITHOUT_RETRIES The managed instance group is attempting to create this instance only once. If the group fails to create this instance, it does not try again and the group's targetSize value is decreased instead. \n- RECREATING The managed instance group is recreating this instance. \n- DELETING The managed instance group is permanently deleting this instance. \n- ABANDONING The managed instance group is abandoning this instance. The instance will be removed from the instance group and from any target pools that are associated with this group. \n- RESTARTING The managed instance group is restarting the instance. \n- REFRESHING The managed instance group is applying configuration changes to the instance without stopping it. For example, the group can update the target pool list for an instance without stopping that instance. \n- VERIFYING The managed instance group has created the instance and it is in the process of being verified.", + "enum": [ + "ABANDONING", + "CREATING", + "CREATING_WITHOUT_RETRIES", + "DELETING", + "NONE", + "RECREATING", + "REFRESHING", + "RESTARTING" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "id": { + "description": "[Output only] The unique identifier for this resource. This field is empty when instance does not exist.", + "format": "uint64", + "type": "string" + }, + "instance": { + "description": "[Output Only] The URL of the instance. The URL can exist even if the instance has not yet been created.", + "type": "string" + }, + "instanceStatus": { + "description": "[Output Only] The status of the instance. This field is empty when the instance does not exist.", + "enum": [ + "PROVISIONING", + "RUNNING", + "STAGING", + "STOPPED", + "STOPPING", + "SUSPENDED", + "SUSPENDING", + "TERMINATED" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "lastAttempt": { + "$ref": "ManagedInstanceLastAttempt", + "description": "[Output Only] Information about the last attempt to create or delete the instance." + } }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + "type": "object" + }, + "ManagedInstanceLastAttempt": { + "id": "ManagedInstanceLastAttempt", + "properties": { + "errors": { + "description": "[Output Only] Encountered errors during the last attempt to create or delete the instance.", + "properties": { + "errors": { + "description": "[Output Only] The array of errors encountered while processing this operation.", + "items": { + "properties": { + "code": { + "description": "[Output Only] The error type identifier for this error.", + "type": "string" + }, + "location": { + "description": "[Output Only] Indicates the field in the request that caused the error. This property is optional.", + "type": "string" + }, + "message": { + "description": "[Output Only] An optional, human-readable error message.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + } }, - "targetPool": { - "type": "string", - "description": "Name of the target pool to add a health check to.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "region", - "targetPool" - ], - "request": { - "$ref": "TargetPoolsAddHealthCheckRequest" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "addInstance": { - "id": "compute.targetPools.addInstance", - "path": "{project}/regions/{region}/targetPools/{targetPool}/addInstance", - "httpMethod": "POST", - "description": "Adds an instance to a target pool.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "Metadata": { + "description": "A metadata key/value entry.", + "id": "Metadata", + "properties": { + "fingerprint": { + "description": "Specifies a fingerprint for this request, which is essentially a hash of the metadata's contents and used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update metadata. You must always provide an up-to-date fingerprint hash in order to update or change metadata.", + "format": "byte", + "type": "string" + }, + "items": { + "description": "Array of key/value pairs. The total size of all keys and values must be less than 512 KB.", + "items": { + "properties": { + "key": { + "annotations": { + "required": [ + "compute.instances.insert", + "compute.projects.setCommonInstanceMetadata" + ] + }, + "description": "Key for the metadata entry. Keys must conform to the following regexp: [a-zA-Z0-9-_]+, and be less than 128 bytes in length. This is reflected as part of a URL in the metadata server. Additionally, to avoid ambiguity, keys must not conflict with any other metadata keys for the project.", + "pattern": "[a-zA-Z0-9-_]{1,128}", + "type": "string" + }, + "value": { + "annotations": { + "required": [ + "compute.instances.insert", + "compute.projects.setCommonInstanceMetadata" + ] + }, + "description": "Value for the metadata entry. These are free-form strings, and only have meaning as interpreted by the image running in the instance. The only restriction placed on values is that their size must be less than or equal to 262144 bytes (256 KiB).", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "kind": { + "default": "compute#metadata", + "description": "[Output Only] Type of the resource. Always compute#metadata for metadata.", + "type": "string" + } }, - "region": { - "type": "string", - "description": "Name of the region scoping this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" + "type": "object" + }, + "NamedPort": { + "description": "The named port. For example: .", + "id": "NamedPort", + "properties": { + "name": { + "description": "The name for this named port. The name must be 1-63 characters long, and comply with RFC1035.", + "type": "string" + }, + "port": { + "description": "The port number, which can be a value between 1 and 65535.", + "format": "int32", + "type": "integer" + } }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + "type": "object" + }, + "Network": { + "description": "Represents a Network resource. Read Networks and Firewalls for more information. (== resource_for v1.networks ==) (== resource_for beta.networks ==)", + "id": "Network", + "properties": { + "IPv4Range": { + "description": "The range of internal addresses that are legal on this network. This range is a CIDR specification, for example: 192.168.0.0/16. Provided by the client when the network is created.", + "pattern": "[0-9]{1,3}(?:\\.[0-9]{1,3}){3}/[0-9]{1,2}", + "type": "string" + }, + "autoCreateSubnetworks": { + "description": "When set to true, the network is created in \"auto subnet mode\". When set to false, the network is in \"custom subnet mode\".\n\nIn \"auto subnet mode\", a newly created network is assigned the default CIDR of 10.128.0.0/9 and it automatically creates one subnetwork per region.", + "type": "boolean" + }, + "creationTimestamp": { + "description": "[Output Only] Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "description": { + "description": "An optional description of this resource. Provide this property when you create the resource.", + "type": "string" + }, + "gatewayIPv4": { + "description": "A gateway address for default routing to other networks. This value is read only and is selected by the Google Compute Engine, typically as the first usable address in the IPv4Range.", + "pattern": "[0-9]{1,3}(?:\\.[0-9]{1,3}){3}", + "type": "string" + }, + "id": { + "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", + "format": "uint64", + "type": "string" + }, + "kind": { + "default": "compute#network", + "description": "[Output Only] Type of the resource. Always compute#network for networks.", + "type": "string" + }, + "name": { + "annotations": { + "required": [ + "compute.networks.insert" + ] + }, + "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "type": "string" + }, + "peerings": { + "description": "[Output Only] List of network peerings for the resource.", + "items": { + "$ref": "NetworkPeering" + }, + "type": "array" + }, + "routingConfig": { + "$ref": "NetworkRoutingConfig", + "description": "The network-level routing configuration for this network. Used by Cloud Router to determine what type of network-wide routing behavior to enforce." + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for the resource.", + "type": "string" + }, + "subnetworks": { + "description": "[Output Only] Server-defined fully-qualified URLs for all subnetworks in this network.", + "items": { + "type": "string" + }, + "type": "array" + } }, - "targetPool": { - "type": "string", - "description": "Name of the TargetPool resource to add instances to.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "region", - "targetPool" - ], - "request": { - "$ref": "TargetPoolsAddInstanceRequest" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "aggregatedList": { - "id": "compute.targetPools.aggregatedList", - "path": "{project}/aggregated/targetPools", - "httpMethod": "GET", - "description": "Retrieves an aggregated list of target pools.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" + "type": "object" + }, + "NetworkInterface": { + "description": "A network interface resource attached to an instance.", + "id": "NetworkInterface", + "properties": { + "accessConfigs": { + "description": "An array of configurations for this interface. Currently, only one access config, ONE_TO_ONE_NAT, is supported. If there are no accessConfigs specified, then this instance will have no external internet access.", + "items": { + "$ref": "AccessConfig" + }, + "type": "array" + }, + "aliasIpRanges": { + "description": "An array of alias IP ranges for this network interface. Can only be specified for network interfaces on subnet-mode networks.", + "items": { + "$ref": "AliasIpRange" + }, + "type": "array" + }, + "kind": { + "default": "compute#networkInterface", + "description": "[Output Only] Type of the resource. Always compute#networkInterface for network interfaces.", + "type": "string" + }, + "name": { + "description": "[Output Only] The name of the network interface, generated by the server. For network devices, these are eth0, eth1, etc.", + "type": "string" + }, + "network": { + "description": "URL of the network resource for this instance. When creating an instance, if neither the network nor the subnetwork is specified, the default network global/networks/default is used; if the network is not specified but the subnetwork is specified, the network is inferred.\n\nThis field is optional when creating a firewall rule. If not specified when creating a firewall rule, the default network global/networks/default is used.\n\nIf you specify this property, you can specify the network as a full or partial URL. For example, the following are all valid URLs: \n- https://www.googleapis.com/compute/v1/projects/project/global/networks/network \n- projects/project/global/networks/network \n- global/networks/default", + "type": "string" + }, + "networkIP": { + "description": "An IPv4 internal network address to assign to the instance for this network interface. If not specified by the user, an unused internal IP is assigned by the system.", + "type": "string" + }, + "subnetwork": { + "description": "The URL of the Subnetwork resource for this instance. If the network resource is in legacy mode, do not provide this property. If the network is in auto subnet mode, providing the subnetwork is optional. If the network is in custom subnet mode, then this field should be specified. If you specify this property, you can specify the subnetwork as a full or partial URL. For example, the following are all valid URLs: \n- https://www.googleapis.com/compute/v1/projects/project/regions/region/subnetworks/subnetwork \n- regions/region/subnetworks/subnetwork", + "type": "string" + } }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" + "type": "object" + }, + "NetworkList": { + "description": "Contains a list of networks.", + "id": "NetworkList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "description": "A list of Network resources.", + "items": { + "$ref": "Network" + }, + "type": "array" + }, + "kind": { + "default": "compute#networkList", + "description": "[Output Only] Type of resource. Always compute#networkList for lists of networks.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" + "type": "object" + }, + "NetworkPeering": { + "description": "A network peering attached to a network resource. The message includes the peering name, peer network, peering state, and a flag indicating whether Google Compute Engine should automatically create routes for the peering.", + "id": "NetworkPeering", + "properties": { + "autoCreateRoutes": { + "description": "Whether full mesh connectivity is created and managed automatically. When it is set to true, Google Compute Engine will automatically create and manage the routes between two networks when the state is ACTIVE. Otherwise, user needs to create routes manually to route packets to peer network.", + "type": "boolean" + }, + "name": { + "description": "Name of this peering. Provided by the client when the peering is created. The name must comply with RFC1035. Specifically, the name must be 1-63 characters long and match regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all the following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", + "type": "string" + }, + "network": { + "description": "The URL of the peer network. It can be either full URL or partial URL. The peer network may belong to a different project. If the partial URL does not contain project, it is assumed that the peer network is in the same project as the current network.", + "type": "string" + }, + "state": { + "description": "[Output Only] State for the peering.", + "enum": [ + "ACTIVE", + "INACTIVE" + ], + "enumDescriptions": [ + "", + "" + ], + "type": "string" + }, + "stateDetails": { + "description": "[Output Only] Details about the current state of the peering.", + "type": "string" + } }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" + "type": "object" + }, + "NetworkRoutingConfig": { + "description": "A routing configuration attached to a network resource. The message includes the list of routers associated with the network, and a flag indicating the type of routing behavior to enforce network-wide.", + "id": "NetworkRoutingConfig", + "properties": { + "routingMode": { + "description": "The network-wide routing mode to use. If set to REGIONAL, this network's cloud routers will only advertise routes with subnetworks of this network in the same region as the router. If set to GLOBAL, this network's cloud routers will advertise routes with all subnetworks of this network, across regions.", + "enum": [ + "GLOBAL", + "REGIONAL" + ], + "enumDescriptions": [ + "", + "" + ], + "type": "string" + } }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "TargetPoolAggregatedList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "delete": { - "id": "compute.targetPools.delete", - "path": "{project}/regions/{region}/targetPools/{targetPool}", - "httpMethod": "DELETE", - "description": "Deletes the specified target pool.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "NetworksAddPeeringRequest": { + "id": "NetworksAddPeeringRequest", + "properties": { + "autoCreateRoutes": { + "description": "Whether Google Compute Engine manages the routes automatically.", + "type": "boolean" + }, + "name": { + "annotations": { + "required": [ + "compute.networks.addPeering" + ] + }, + "description": "Name of the peering, which should conform to RFC1035.", + "type": "string" + }, + "peerNetwork": { + "description": "URL of the peer network. It can be either full URL or partial URL. The peer network may belong to a different project. If the partial URL does not contain project, it is assumed that the peer network is in the same project as the current network.", + "type": "string" + } }, - "region": { - "type": "string", - "description": "Name of the region scoping this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" + "type": "object" + }, + "NetworksRemovePeeringRequest": { + "id": "NetworksRemovePeeringRequest", + "properties": { + "name": { + "description": "Name of the peering, which should conform to RFC1035.", + "type": "string" + } }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + "type": "object" + }, + "Operation": { + "description": "An Operation resource, used to manage asynchronous API requests. (== resource_for v1.globalOperations ==) (== resource_for beta.globalOperations ==) (== resource_for v1.regionOperations ==) (== resource_for beta.regionOperations ==) (== resource_for v1.zoneOperations ==) (== resource_for beta.zoneOperations ==)", + "id": "Operation", + "properties": { + "clientOperationId": { + "description": "[Output Only] Reserved for future use.", + "type": "string" + }, + "creationTimestamp": { + "description": "[Deprecated] This field is deprecated.", + "type": "string" + }, + "description": { + "description": "[Output Only] A textual description of the operation, which is set when the operation is created.", + "type": "string" + }, + "endTime": { + "description": "[Output Only] The time that this operation was completed. This value is in RFC3339 text format.", + "type": "string" + }, + "error": { + "description": "[Output Only] If errors are generated during processing of the operation, this field will be populated.", + "properties": { + "errors": { + "description": "[Output Only] The array of errors encountered while processing this operation.", + "items": { + "properties": { + "code": { + "description": "[Output Only] The error type identifier for this error.", + "type": "string" + }, + "location": { + "description": "[Output Only] Indicates the field in the request that caused the error. This property is optional.", + "type": "string" + }, + "message": { + "description": "[Output Only] An optional, human-readable error message.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "httpErrorMessage": { + "description": "[Output Only] If the operation fails, this field contains the HTTP error message that was returned, such as NOT FOUND.", + "type": "string" + }, + "httpErrorStatusCode": { + "description": "[Output Only] If the operation fails, this field contains the HTTP error status code that was returned. For example, a 404 means the resource was not found.", + "format": "int32", + "type": "integer" + }, + "id": { + "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", + "format": "uint64", + "type": "string" + }, + "insertTime": { + "description": "[Output Only] The time that this operation was requested. This value is in RFC3339 text format.", + "type": "string" + }, + "kind": { + "default": "compute#operation", + "description": "[Output Only] Type of the resource. Always compute#operation for Operation resources.", + "type": "string" + }, + "name": { + "description": "[Output Only] Name of the resource.", + "type": "string" + }, + "operationType": { + "description": "[Output Only] The type of operation, such as insert, update, or delete, and so on.", + "type": "string" + }, + "progress": { + "description": "[Output Only] An optional progress indicator that ranges from 0 to 100. There is no requirement that this be linear or support any granularity of operations. This should not be used to guess when the operation will be complete. This number should monotonically increase as the operation progresses.", + "format": "int32", + "type": "integer" + }, + "region": { + "description": "[Output Only] The URL of the region where the operation resides. Only available when performing regional operations. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for the resource.", + "type": "string" + }, + "startTime": { + "description": "[Output Only] The time that this operation was started by the server. This value is in RFC3339 text format.", + "type": "string" + }, + "status": { + "description": "[Output Only] The status of the operation, which can be one of the following: PENDING, RUNNING, or DONE.", + "enum": [ + "DONE", + "PENDING", + "RUNNING" + ], + "enumDescriptions": [ + "", + "", + "" + ], + "type": "string" + }, + "statusMessage": { + "description": "[Output Only] An optional textual description of the current status of the operation.", + "type": "string" + }, + "targetId": { + "description": "[Output Only] The unique target ID, which identifies a specific incarnation of the target resource.", + "format": "uint64", + "type": "string" + }, + "targetLink": { + "description": "[Output Only] The URL of the resource that the operation modifies. For operations related to creating a snapshot, this points to the persistent disk that the snapshot was created from.", + "type": "string" + }, + "user": { + "description": "[Output Only] User who requested the operation, for example: user@example.com.", + "type": "string" + }, + "warnings": { + "description": "[Output Only] If warning messages are generated during processing of the operation, this field will be populated.", + "items": { + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "zone": { + "description": "[Output Only] The URL of the zone where the operation resides. Only available when performing per-zone operations. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.", + "type": "string" + } }, - "targetPool": { - "type": "string", - "description": "Name of the TargetPool resource to delete.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "region", - "targetPool" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "get": { - "id": "compute.targetPools.get", - "path": "{project}/regions/{region}/targetPools/{targetPool}", - "httpMethod": "GET", - "description": "Returns the specified target pool. Get a list of available target pools by making a list() request.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "OperationAggregatedList": { + "id": "OperationAggregatedList", + "properties": { + "id": { + "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", + "type": "string" + }, + "items": { + "additionalProperties": { + "$ref": "OperationsScopedList", + "description": "[Output Only] Name of the scope containing this set of operations." + }, + "description": "[Output Only] A map of scoped operation lists.", + "type": "object" + }, + "kind": { + "default": "compute#operationAggregatedList", + "description": "[Output Only] Type of resource. Always compute#operationAggregatedList for aggregated lists of operations.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "region": { - "type": "string", - "description": "Name of the region scoping this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" + "type": "object" + }, + "OperationList": { + "description": "Contains a list of Operation resources.", + "id": "OperationList", + "properties": { + "id": { + "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", + "type": "string" + }, + "items": { + "description": "[Output Only] A list of Operation resources.", + "items": { + "$ref": "Operation" + }, + "type": "array" + }, + "kind": { + "default": "compute#operationList", + "description": "[Output Only] Type of resource. Always compute#operations for Operations resource.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "targetPool": { - "type": "string", - "description": "Name of the TargetPool resource to return.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "region", - "targetPool" - ], - "response": { - "$ref": "TargetPool" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "getHealth": { - "id": "compute.targetPools.getHealth", - "path": "{project}/regions/{region}/targetPools/{targetPool}/getHealth", - "httpMethod": "POST", - "description": "Gets the most recent health check results for each IP for the instance that is referenced by the given target pool.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "OperationsScopedList": { + "id": "OperationsScopedList", + "properties": { + "operations": { + "description": "[Output Only] List of operations contained in this scope.", + "items": { + "$ref": "Operation" + }, + "type": "array" + }, + "warning": { + "description": "[Output Only] Informational warning which replaces the list of operations when the list is empty.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "region": { - "type": "string", - "description": "Name of the region scoping this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" + "type": "object" + }, + "PathMatcher": { + "description": "A matcher for the path portion of the URL. The BackendService from the longest-matched rule will serve the URL. If no rule was matched, the default service will be used.", + "id": "PathMatcher", + "properties": { + "defaultService": { + "description": "The full or partial URL to the BackendService resource. This will be used if none of the pathRules defined by this PathMatcher is matched by the URL's path portion. For example, the following are all valid URLs to a BackendService resource: \n- https://www.googleapis.com/compute/v1/projects/project/global/backendServices/backendService \n- compute/v1/projects/project/global/backendServices/backendService \n- global/backendServices/backendService", + "type": "string" + }, + "description": { + "description": "An optional description of this resource. Provide this property when you create the resource.", + "type": "string" + }, + "name": { + "description": "The name to which this PathMatcher is referred by the HostRule.", + "type": "string" + }, + "pathRules": { + "description": "The list of path rules.", + "items": { + "$ref": "PathRule" + }, + "type": "array" + } }, - "targetPool": { - "type": "string", - "description": "Name of the TargetPool resource to which the queried instance belongs.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "region", - "targetPool" - ], - "request": { - "$ref": "InstanceReference" - }, - "response": { - "$ref": "TargetPoolInstanceHealth" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "insert": { - "id": "compute.targetPools.insert", - "path": "{project}/regions/{region}/targetPools", - "httpMethod": "POST", - "description": "Creates a target pool in the specified project and region using the data included in the request.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "PathRule": { + "description": "A path-matching rule for a URL. If matched, will use the specified BackendService to handle the traffic arriving at this URL.", + "id": "PathRule", + "properties": { + "paths": { + "description": "The list of path patterns to match. Each must start with / and the only place a * is allowed is at the end following a /. The string fed to the path matcher does not include any text after the first ? or #, and those chars are not allowed here.", + "items": { + "type": "string" + }, + "type": "array" + }, + "service": { + "description": "The URL of the BackendService resource if this rule is matched.", + "type": "string" + } }, - "region": { - "type": "string", - "description": "Name of the region scoping this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" + "type": "object" + }, + "Project": { + "description": "A Project resource. For an overview of projects, see Cloud Platform Resource Hierarchy. (== resource_for v1.projects ==) (== resource_for beta.projects ==)", + "id": "Project", + "properties": { + "commonInstanceMetadata": { + "$ref": "Metadata", + "description": "Metadata key/value pairs available to all instances contained in this project. See Custom metadata for more information." + }, + "creationTimestamp": { + "description": "[Output Only] Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "defaultServiceAccount": { + "description": "[Output Only] Default service account used by VMs running in this project.", + "type": "string" + }, + "description": { + "description": "An optional textual description of the resource.", + "type": "string" + }, + "enabledFeatures": { + "description": "Restricted features enabled for use on this project.", + "items": { + "type": "string" + }, + "type": "array" + }, + "id": { + "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server. This is not the project ID, and is just a unique ID used by Compute Engine to identify resources.", + "format": "uint64", + "type": "string" + }, + "kind": { + "default": "compute#project", + "description": "[Output Only] Type of the resource. Always compute#project for projects.", + "type": "string" + }, + "name": { + "description": "The project ID. For example: my-example-project. Use the project ID to make requests to Compute Engine.", + "type": "string" + }, + "quotas": { + "description": "[Output Only] Quotas assigned to this project.", + "items": { + "$ref": "Quota" + }, + "type": "array" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for the resource.", + "type": "string" + }, + "usageExportLocation": { + "$ref": "UsageExportLocation", + "description": "The naming prefix for daily usage reports and the Google Cloud Storage bucket where they are stored." + }, + "xpnProjectStatus": { + "description": "[Output Only] The role this project has in a shared VPC configuration. Currently only HOST projects are differentiated.", + "enum": [ + "HOST", + "UNSPECIFIED_XPN_PROJECT_STATUS" + ], + "enumDescriptions": [ + "", + "" + ], + "type": "string" + } }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project", - "region" - ], - "request": { - "$ref": "TargetPool" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "list": { - "id": "compute.targetPools.list", - "path": "{project}/regions/{region}/targetPools", - "httpMethod": "GET", - "description": "Retrieves a list of target pools available to the specified project and region.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" + "type": "object" + }, + "ProjectsDisableXpnResourceRequest": { + "id": "ProjectsDisableXpnResourceRequest", + "properties": { + "xpnResource": { + "$ref": "XpnResourceId", + "description": "Service resource (a.k.a service project) ID." + } }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" + "type": "object" + }, + "ProjectsEnableXpnResourceRequest": { + "id": "ProjectsEnableXpnResourceRequest", + "properties": { + "xpnResource": { + "$ref": "XpnResourceId", + "description": "Service resource (a.k.a service project) ID." + } }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" + "type": "object" + }, + "ProjectsGetXpnResources": { + "id": "ProjectsGetXpnResources", + "properties": { + "kind": { + "default": "compute#projectsGetXpnResources", + "description": "[Output Only] Type of resource. Always compute#projectsGetXpnResources for lists of service resources (a.k.a service projects)", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "resources": { + "description": "Service resources (a.k.a service projects) attached to this project as their shared VPC host.", + "items": { + "$ref": "XpnResourceId" + }, + "type": "array" + } }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" + "type": "object" + }, + "ProjectsListXpnHostsRequest": { + "id": "ProjectsListXpnHostsRequest", + "properties": { + "organization": { + "description": "Optional organization ID managed by Cloud Resource Manager, for which to list shared VPC host projects. If not specified, the organization will be inferred from the project.", + "type": "string" + } }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "Quota": { + "description": "A quotas entry.", + "id": "Quota", + "properties": { + "limit": { + "description": "[Output Only] Quota limit for this metric.", + "format": "double", + "type": "number" + }, + "metric": { + "description": "[Output Only] Name of the quota metric.", + "enum": [ + "AUTOSCALERS", + "BACKEND_BUCKETS", + "BACKEND_SERVICES", + "COMMITMENTS", + "CPUS", + "CPUS_ALL_REGIONS", + "DISKS_TOTAL_GB", + "FIREWALLS", + "FORWARDING_RULES", + "HEALTH_CHECKS", + "IMAGES", + "INSTANCES", + "INSTANCE_GROUPS", + "INSTANCE_GROUP_MANAGERS", + "INSTANCE_TEMPLATES", + "INTERCONNECTS", + "INTERNAL_ADDRESSES", + "IN_USE_ADDRESSES", + "LOCAL_SSD_TOTAL_GB", + "NETWORKS", + "NVIDIA_K80_GPUS", + "NVIDIA_P100_GPUS", + "PREEMPTIBLE_CPUS", + "PREEMPTIBLE_LOCAL_SSD_GB", + "PREEMPTIBLE_NVIDIA_K80_GPUS", + "PREEMPTIBLE_NVIDIA_P100_GPUS", + "REGIONAL_AUTOSCALERS", + "REGIONAL_INSTANCE_GROUP_MANAGERS", + "ROUTERS", + "ROUTES", + "SECURITY_POLICIES", + "SECURITY_POLICY_RULES", + "SNAPSHOTS", + "SSD_TOTAL_GB", + "SSL_CERTIFICATES", + "STATIC_ADDRESSES", + "SUBNETWORKS", + "TARGET_HTTPS_PROXIES", + "TARGET_HTTP_PROXIES", + "TARGET_INSTANCES", + "TARGET_POOLS", + "TARGET_SSL_PROXIES", + "TARGET_TCP_PROXIES", + "TARGET_VPN_GATEWAYS", + "URL_MAPS", + "VPN_TUNNELS" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "usage": { + "description": "[Output Only] Current usage of this metric.", + "format": "double", + "type": "number" + } }, - "region": { - "type": "string", - "description": "Name of the region scoping this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "region" - ], - "response": { - "$ref": "TargetPoolList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "removeHealthCheck": { - "id": "compute.targetPools.removeHealthCheck", - "path": "{project}/regions/{region}/targetPools/{targetPool}/removeHealthCheck", - "httpMethod": "POST", - "description": "Removes health check URL from a target pool.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "Reference": { + "description": "Represents a reference to a resource.", + "id": "Reference", + "properties": { + "kind": { + "default": "compute#reference", + "description": "[Output Only] Type of the resource. Always compute#reference for references.", + "type": "string" + }, + "referenceType": { + "description": "A description of the reference type with no implied semantics. Possible values include: \n- MEMBER_OF", + "type": "string" + }, + "referrer": { + "description": "URL of the resource which refers to the target.", + "type": "string" + }, + "target": { + "description": "URL of the resource to which this reference points.", + "type": "string" + } }, - "region": { - "type": "string", - "description": "Name of the region for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" + "type": "object" + }, + "Region": { + "description": "Region resource. (== resource_for beta.regions ==) (== resource_for v1.regions ==)", + "id": "Region", + "properties": { + "creationTimestamp": { + "description": "[Output Only] Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "deprecated": { + "$ref": "DeprecationStatus", + "description": "[Output Only] The deprecation status associated with this region." + }, + "description": { + "description": "[Output Only] Textual description of the resource.", + "type": "string" + }, + "id": { + "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", + "format": "uint64", + "type": "string" + }, + "kind": { + "default": "compute#region", + "description": "[Output Only] Type of the resource. Always compute#region for regions.", + "type": "string" + }, + "name": { + "description": "[Output Only] Name of the resource.", + "type": "string" + }, + "quotas": { + "description": "[Output Only] Quotas assigned to this region.", + "items": { + "$ref": "Quota" + }, + "type": "array" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for the resource.", + "type": "string" + }, + "status": { + "description": "[Output Only] Status of the region, either UP or DOWN.", + "enum": [ + "DOWN", + "UP" + ], + "enumDescriptions": [ + "", + "" + ], + "type": "string" + }, + "zones": { + "description": "[Output Only] A list of zones available in this region, in the form of resource URLs.", + "items": { + "type": "string" + }, + "type": "array" + } }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + "type": "object" + }, + "RegionAutoscalerList": { + "description": "Contains a list of autoscalers.", + "id": "RegionAutoscalerList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "description": "A list of Autoscaler resources.", + "items": { + "$ref": "Autoscaler" + }, + "type": "array" + }, + "kind": { + "default": "compute#regionAutoscalerList", + "description": "Type of resource.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "targetPool": { - "type": "string", - "description": "Name of the target pool to remove health checks from.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "region", - "targetPool" - ], - "request": { - "$ref": "TargetPoolsRemoveHealthCheckRequest" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "removeInstance": { - "id": "compute.targetPools.removeInstance", - "path": "{project}/regions/{region}/targetPools/{targetPool}/removeInstance", - "httpMethod": "POST", - "description": "Removes instance URL from a target pool.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "RegionInstanceGroupList": { + "description": "Contains a list of InstanceGroup resources.", + "id": "RegionInstanceGroupList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "description": "A list of InstanceGroup resources.", + "items": { + "$ref": "InstanceGroup" + }, + "type": "array" + }, + "kind": { + "default": "compute#regionInstanceGroupList", + "description": "The resource type.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "region": { - "type": "string", - "description": "Name of the region scoping this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" + "type": "object" + }, + "RegionInstanceGroupManagerList": { + "description": "Contains a list of managed instance groups.", + "id": "RegionInstanceGroupManagerList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "description": "A list of InstanceGroupManager resources.", + "items": { + "$ref": "InstanceGroupManager" + }, + "type": "array" + }, + "kind": { + "default": "compute#regionInstanceGroupManagerList", + "description": "[Output Only] The resource type, which is always compute#instanceGroupManagerList for a list of managed instance groups that exist in th regional scope.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + "type": "object" + }, + "RegionInstanceGroupManagersAbandonInstancesRequest": { + "id": "RegionInstanceGroupManagersAbandonInstancesRequest", + "properties": { + "instances": { + "description": "The URLs of one or more instances to abandon. This can be a full URL or a partial URL, such as zones/[ZONE]/instances/[INSTANCE_NAME].", + "items": { + "type": "string" + }, + "type": "array" + } }, - "targetPool": { - "type": "string", - "description": "Name of the TargetPool resource to remove instances from.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "region", - "targetPool" - ], - "request": { - "$ref": "TargetPoolsRemoveInstanceRequest" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "setBackup": { - "id": "compute.targetPools.setBackup", - "path": "{project}/regions/{region}/targetPools/{targetPool}/setBackup", - "httpMethod": "POST", - "description": "Changes a backup target pool's configurations.", - "parameters": { - "failoverRatio": { - "type": "number", - "description": "New failoverRatio value for the target pool.", - "format": "float", - "location": "query" + "type": "object" + }, + "RegionInstanceGroupManagersDeleteInstancesRequest": { + "id": "RegionInstanceGroupManagersDeleteInstancesRequest", + "properties": { + "instances": { + "description": "The URLs of one or more instances to delete. This can be a full URL or a partial URL, such as zones/[ZONE]/instances/[INSTANCE_NAME].", + "items": { + "type": "string" + }, + "type": "array" + } }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "RegionInstanceGroupManagersListInstancesResponse": { + "id": "RegionInstanceGroupManagersListInstancesResponse", + "properties": { + "managedInstances": { + "description": "List of managed instances.", + "items": { + "$ref": "ManagedInstance" + }, + "type": "array" + } }, - "region": { - "type": "string", - "description": "Name of the region scoping this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" + "type": "object" + }, + "RegionInstanceGroupManagersRecreateRequest": { + "id": "RegionInstanceGroupManagersRecreateRequest", + "properties": { + "instances": { + "description": "The URLs of one or more instances to recreate. This can be a full URL or a partial URL, such as zones/[ZONE]/instances/[INSTANCE_NAME].", + "items": { + "type": "string" + }, + "type": "array" + } }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + "type": "object" + }, + "RegionInstanceGroupManagersSetTargetPoolsRequest": { + "id": "RegionInstanceGroupManagersSetTargetPoolsRequest", + "properties": { + "fingerprint": { + "description": "Fingerprint of the target pools information, which is a hash of the contents. This field is used for optimistic locking when you update the target pool entries. This field is optional.", + "format": "byte", + "type": "string" + }, + "targetPools": { + "description": "The URL of all TargetPool resources to which instances in the instanceGroup field are added. The target pools automatically apply to all of the instances in the managed instance group.", + "items": { + "type": "string" + }, + "type": "array" + } }, - "targetPool": { - "type": "string", - "description": "Name of the TargetPool resource to set a backup pool for.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "region", - "targetPool" - ], - "request": { - "$ref": "TargetReference" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - } - } - }, - "targetSslProxies": { - "methods": { - "delete": { - "id": "compute.targetSslProxies.delete", - "path": "{project}/global/targetSslProxies/{targetSslProxy}", - "httpMethod": "DELETE", - "description": "Deletes the specified TargetSslProxy resource.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "RegionInstanceGroupManagersSetTemplateRequest": { + "id": "RegionInstanceGroupManagersSetTemplateRequest", + "properties": { + "instanceTemplate": { + "description": "URL of the InstanceTemplate resource from which all new instances will be created.", + "type": "string" + } }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + "type": "object" + }, + "RegionInstanceGroupsListInstances": { + "id": "RegionInstanceGroupsListInstances", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "description": "A list of InstanceWithNamedPorts resources.", + "items": { + "$ref": "InstanceWithNamedPorts" + }, + "type": "array" + }, + "kind": { + "default": "compute#regionInstanceGroupsListInstances", + "description": "The resource type.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "targetSslProxy": { - "type": "string", - "description": "Name of the TargetSslProxy resource to delete.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "targetSslProxy" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "get": { - "id": "compute.targetSslProxies.get", - "path": "{project}/global/targetSslProxies/{targetSslProxy}", - "httpMethod": "GET", - "description": "Returns the specified TargetSslProxy resource. Get a list of available target SSL proxies by making a list() request.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "RegionInstanceGroupsListInstancesRequest": { + "id": "RegionInstanceGroupsListInstancesRequest", + "properties": { + "instanceState": { + "description": "Instances in which state should be returned. Valid options are: 'ALL', 'RUNNING'. By default, it lists all instances.", + "enum": [ + "ALL", + "RUNNING" + ], + "enumDescriptions": [ + "", + "" + ], + "type": "string" + }, + "portName": { + "description": "Name of port user is interested in. It is optional. If it is set, only information about this ports will be returned. If it is not set, all the named ports will be returned. Always lists all instances.", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "type": "string" + } }, - "targetSslProxy": { - "type": "string", - "description": "Name of the TargetSslProxy resource to return.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "targetSslProxy" - ], - "response": { - "$ref": "TargetSslProxy" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "insert": { - "id": "compute.targetSslProxies.insert", - "path": "{project}/global/targetSslProxies", - "httpMethod": "POST", - "description": "Creates a TargetSslProxy resource in the specified project using the data included in the request.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "RegionInstanceGroupsSetNamedPortsRequest": { + "id": "RegionInstanceGroupsSetNamedPortsRequest", + "properties": { + "fingerprint": { + "description": "The fingerprint of the named ports information for this instance group. Use this optional property to prevent conflicts when multiple users change the named ports settings concurrently. Obtain the fingerprint with the instanceGroups.get method. Then, include the fingerprint in your request to ensure that you do not overwrite changes that were applied from another concurrent request.", + "format": "byte", + "type": "string" + }, + "namedPorts": { + "description": "The list of named ports to set for this instance group.", + "items": { + "$ref": "NamedPort" + }, + "type": "array" + } }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project" - ], - "request": { - "$ref": "TargetSslProxy" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "list": { - "id": "compute.targetSslProxies.list", - "path": "{project}/global/targetSslProxies", - "httpMethod": "GET", - "description": "Retrieves the list of TargetSslProxy resources available to the specified project.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" + "type": "object" + }, + "RegionList": { + "description": "Contains a list of region resources.", + "id": "RegionList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "description": "A list of Region resources.", + "items": { + "$ref": "Region" + }, + "type": "array" + }, + "kind": { + "default": "compute#regionList", + "description": "[Output Only] Type of resource. Always compute#regionList for lists of regions.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" + "type": "object" + }, + "ResourceCommitment": { + "description": "Commitment for a particular resource (a Commitment is composed of one or more of these).", + "id": "ResourceCommitment", + "properties": { + "amount": { + "description": "The amount of the resource purchased (in a type-dependent unit, such as bytes). For vCPUs, this can just be an integer. For memory, this must be provided in MB. Memory must be a multiple of 256 MB, with up to 6.5GB of memory per every vCPU.", + "format": "int64", + "type": "string" + }, + "type": { + "description": "Type of resource for which this commitment applies. Possible values are VCPU and MEMORY", + "enum": [ + "MEMORY", + "UNSPECIFIED", + "VCPU" + ], + "enumDescriptions": [ + "", + "", + "" + ], + "type": "string" + } }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" + "type": "object" + }, + "ResourceGroupReference": { + "id": "ResourceGroupReference", + "properties": { + "group": { + "description": "A URI referencing one of the instance groups listed in the backend service.", + "type": "string" + } }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" + "type": "object" + }, + "Route": { + "description": "Represents a Route resource. A route specifies how certain packets should be handled by the network. Routes are associated with instances by tags and the set of routes for a particular instance is called its routing table.\n\nFor each packet leaving an instance, the system searches that instance's routing table for a single best matching route. Routes match packets by destination IP address, preferring smaller or more specific ranges over larger ones. If there is a tie, the system selects the route with the smallest priority value. If there is still a tie, it uses the layer three and four packet headers to select just one of the remaining matching routes. The packet is then forwarded as specified by the nextHop field of the winning route - either to another instance destination, an instance gateway, or a Google Compute Engine-operated gateway.\n\nPackets that do not match any route in the sending instance's routing table are dropped. (== resource_for beta.routes ==) (== resource_for v1.routes ==)", + "id": "Route", + "properties": { + "creationTimestamp": { + "description": "[Output Only] Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "description": { + "description": "An optional description of this resource. Provide this property when you create the resource.", + "type": "string" + }, + "destRange": { + "annotations": { + "required": [ + "compute.routes.insert" + ] + }, + "description": "The destination range of outgoing packets that this route applies to. Only IPv4 is supported.", + "type": "string" + }, + "id": { + "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", + "format": "uint64", + "type": "string" + }, + "kind": { + "default": "compute#route", + "description": "[Output Only] Type of this resource. Always compute#routes for Route resources.", + "type": "string" + }, + "name": { + "annotations": { + "required": [ + "compute.routes.insert" + ] + }, + "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "type": "string" + }, + "network": { + "annotations": { + "required": [ + "compute.routes.insert" + ] + }, + "description": "Fully-qualified URL of the network that this route applies to.", + "type": "string" + }, + "nextHopGateway": { + "description": "The URL to a gateway that should handle matching packets. You can only specify the internet gateway using a full or partial valid URL: projects/\u003cproject-id\u003e/global/gateways/default-internet-gateway", + "type": "string" + }, + "nextHopInstance": { + "description": "The URL to an instance that should handle matching packets. You can specify this as a full or partial URL. For example:\nhttps://www.googleapis.com/compute/v1/projects/project/zones/zone/instances/", + "type": "string" + }, + "nextHopIp": { + "description": "The network IP address of an instance that should handle matching packets. Only IPv4 is supported.", + "type": "string" + }, + "nextHopNetwork": { + "description": "The URL of the local network if it should handle matching packets.", + "type": "string" + }, + "nextHopPeering": { + "description": "[Output Only] The network peering name that should handle matching packets, which should conform to RFC1035.", + "type": "string" + }, + "nextHopVpnTunnel": { + "description": "The URL to a VpnTunnel that should handle matching packets.", + "type": "string" + }, + "priority": { + "annotations": { + "required": [ + "compute.routes.insert" + ] + }, + "description": "The priority of this route. Priority is used to break ties in cases where there is more than one matching route of equal prefix length. In the case of two routes with equal prefix length, the one with the lowest-numbered priority value wins. Default value is 1000. Valid range is 0 through 65535.", + "format": "uint32", + "type": "integer" + }, + "selfLink": { + "description": "[Output Only] Server-defined fully-qualified URL for this resource.", + "type": "string" + }, + "tags": { + "annotations": { + "required": [ + "compute.routes.insert" + ] + }, + "description": "A list of instance tags to which this route applies.", + "items": { + "type": "string" + }, + "type": "array" + }, + "warnings": { + "description": "[Output Only] If potential misconfigurations are detected for this route, this field will be populated with warning messages.", + "items": { + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "TargetSslProxyList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "setBackendService": { - "id": "compute.targetSslProxies.setBackendService", - "path": "{project}/global/targetSslProxies/{targetSslProxy}/setBackendService", - "httpMethod": "POST", - "description": "Changes the BackendService for TargetSslProxy.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "RouteList": { + "description": "Contains a list of Route resources.", + "id": "RouteList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "description": "A list of Route resources.", + "items": { + "$ref": "Route" + }, + "type": "array" + }, + "kind": { + "default": "compute#routeList", + "description": "Type of resource.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + "type": "object" + }, + "Router": { + "description": "Router resource.", + "id": "Router", + "properties": { + "bgp": { + "$ref": "RouterBgp", + "description": "BGP information specific to this router." + }, + "bgpPeers": { + "description": "BGP information that needs to be configured into the routing stack to establish the BGP peering. It must specify peer ASN and either interface name, IP, or peer IP. Please refer to RFC4273.", + "items": { + "$ref": "RouterBgpPeer" + }, + "type": "array" + }, + "creationTimestamp": { + "description": "[Output Only] Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "description": { + "description": "An optional description of this resource. Provide this property when you create the resource.", + "type": "string" + }, + "id": { + "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", + "format": "uint64", + "type": "string" + }, + "interfaces": { + "description": "Router interfaces. Each interface requires either one linked resource (e.g. linkedVpnTunnel), or IP address and IP address range (e.g. ipRange), or both.", + "items": { + "$ref": "RouterInterface" + }, + "type": "array" + }, + "kind": { + "default": "compute#router", + "description": "[Output Only] Type of resource. Always compute#router for routers.", + "type": "string" + }, + "name": { + "annotations": { + "required": [ + "compute.routers.insert" + ] + }, + "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "type": "string" + }, + "network": { + "annotations": { + "required": [ + "compute.routers.insert" + ] + }, + "description": "URI of the network to which this router belongs.", + "type": "string" + }, + "region": { + "description": "[Output Only] URI of the region where the router resides. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for the resource.", + "type": "string" + } }, - "targetSslProxy": { - "type": "string", - "description": "Name of the TargetSslProxy resource whose BackendService resource is to be set.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "targetSslProxy" - ], - "request": { - "$ref": "TargetSslProxiesSetBackendServiceRequest" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "setProxyHeader": { - "id": "compute.targetSslProxies.setProxyHeader", - "path": "{project}/global/targetSslProxies/{targetSslProxy}/setProxyHeader", - "httpMethod": "POST", - "description": "Changes the ProxyHeaderType for TargetSslProxy.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "RouterAggregatedList": { + "description": "Contains a list of routers.", + "id": "RouterAggregatedList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "additionalProperties": { + "$ref": "RoutersScopedList", + "description": "Name of the scope containing this set of routers." + }, + "description": "A list of Router resources.", + "type": "object" + }, + "kind": { + "default": "compute#routerAggregatedList", + "description": "Type of resource.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + "type": "object" + }, + "RouterBgp": { + "id": "RouterBgp", + "properties": { + "asn": { + "description": "Local BGP Autonomous System Number (ASN). Must be an RFC6996 private ASN, either 16-bit or 32-bit. The value will be fixed for this router resource. All VPN tunnels that link to this router will have the same local ASN.", + "format": "uint32", + "type": "integer" + } }, - "targetSslProxy": { - "type": "string", - "description": "Name of the TargetSslProxy resource whose ProxyHeader is to be set.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "targetSslProxy" - ], - "request": { - "$ref": "TargetSslProxiesSetProxyHeaderRequest" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "setSslCertificates": { - "id": "compute.targetSslProxies.setSslCertificates", - "path": "{project}/global/targetSslProxies/{targetSslProxy}/setSslCertificates", - "httpMethod": "POST", - "description": "Changes SslCertificates for TargetSslProxy.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "RouterBgpPeer": { + "id": "RouterBgpPeer", + "properties": { + "advertisedRoutePriority": { + "description": "The priority of routes advertised to this BGP peer. In the case where there is more than one matching route of maximum length, the routes with lowest priority value win.", + "format": "uint32", + "type": "integer" + }, + "interfaceName": { + "description": "Name of the interface the BGP peer is associated with.", + "type": "string" + }, + "ipAddress": { + "description": "IP address of the interface inside Google Cloud Platform. Only IPv4 is supported.", + "type": "string" + }, + "name": { + "description": "Name of this BGP peer. The name must be 1-63 characters long and comply with RFC1035.", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "type": "string" + }, + "peerAsn": { + "description": "Peer BGP Autonomous System Number (ASN). For VPN use case, this value can be different for every tunnel.", + "format": "uint32", + "type": "integer" + }, + "peerIpAddress": { + "description": "IP address of the BGP interface outside Google cloud. Only IPv4 is supported.", + "type": "string" + } }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + "type": "object" + }, + "RouterInterface": { + "id": "RouterInterface", + "properties": { + "ipRange": { + "description": "IP address and range of the interface. The IP range must be in the RFC3927 link-local IP space. The value must be a CIDR-formatted string, for example: 169.254.0.1/30. NOTE: Do not truncate the address as it represents the IP address of the interface.", + "type": "string" + }, + "linkedInterconnectAttachment": { + "description": "URI of the linked interconnect attachment. It must be in the same region as the router. Each interface can have at most one linked resource and it could either be a VPN Tunnel or an interconnect attachment.", + "type": "string" + }, + "linkedVpnTunnel": { + "description": "URI of the linked VPN tunnel. It must be in the same region as the router. Each interface can have at most one linked resource and it could either be a VPN Tunnel or an interconnect attachment.", + "type": "string" + }, + "name": { + "description": "Name of this interface entry. The name must be 1-63 characters long and comply with RFC1035.", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "type": "string" + } }, - "targetSslProxy": { - "type": "string", - "description": "Name of the TargetSslProxy resource whose SslCertificate resource is to be set.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "targetSslProxy" - ], - "request": { - "$ref": "TargetSslProxiesSetSslCertificatesRequest" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - } - } - }, - "targetTcpProxies": { - "methods": { - "delete": { - "id": "compute.targetTcpProxies.delete", - "path": "{project}/global/targetTcpProxies/{targetTcpProxy}", - "httpMethod": "DELETE", - "description": "Deletes the specified TargetTcpProxy resource.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "RouterList": { + "description": "Contains a list of Router resources.", + "id": "RouterList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "description": "A list of Router resources.", + "items": { + "$ref": "Router" + }, + "type": "array" + }, + "kind": { + "default": "compute#routerList", + "description": "[Output Only] Type of resource. Always compute#router for routers.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + "type": "object" + }, + "RouterStatus": { + "id": "RouterStatus", + "properties": { + "bestRoutes": { + "description": "Best routes for this router's network.", + "items": { + "$ref": "Route" + }, + "type": "array" + }, + "bestRoutesForRouter": { + "description": "Best routes learned by this router.", + "items": { + "$ref": "Route" + }, + "type": "array" + }, + "bgpPeerStatus": { + "items": { + "$ref": "RouterStatusBgpPeerStatus" + }, + "type": "array" + }, + "network": { + "description": "URI of the network to which this router belongs.", + "type": "string" + } }, - "targetTcpProxy": { - "type": "string", - "description": "Name of the TargetTcpProxy resource to delete.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "targetTcpProxy" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "get": { - "id": "compute.targetTcpProxies.get", - "path": "{project}/global/targetTcpProxies/{targetTcpProxy}", - "httpMethod": "GET", - "description": "Returns the specified TargetTcpProxy resource. Get a list of available target TCP proxies by making a list() request.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "RouterStatusBgpPeerStatus": { + "id": "RouterStatusBgpPeerStatus", + "properties": { + "advertisedRoutes": { + "description": "Routes that were advertised to the remote BGP peer", + "items": { + "$ref": "Route" + }, + "type": "array" + }, + "ipAddress": { + "description": "IP address of the local BGP interface.", + "type": "string" + }, + "linkedVpnTunnel": { + "description": "URL of the VPN tunnel that this BGP peer controls.", + "type": "string" + }, + "name": { + "description": "Name of this BGP peer. Unique within the Routers resource.", + "type": "string" + }, + "numLearnedRoutes": { + "description": "Number of routes learned from the remote BGP Peer.", + "format": "uint32", + "type": "integer" + }, + "peerIpAddress": { + "description": "IP address of the remote BGP interface.", + "type": "string" + }, + "state": { + "description": "BGP state as specified in RFC1771.", + "type": "string" + }, + "status": { + "description": "Status of the BGP peer: {UP, DOWN}", + "enum": [ + "DOWN", + "UNKNOWN", + "UP" + ], + "enumDescriptions": [ + "", + "", + "" + ], + "type": "string" + }, + "uptime": { + "description": "Time this session has been up. Format: 14 years, 51 weeks, 6 days, 23 hours, 59 minutes, 59 seconds", + "type": "string" + }, + "uptimeSeconds": { + "description": "Time this session has been up, in seconds. Format: 145", + "type": "string" + } }, - "targetTcpProxy": { - "type": "string", - "description": "Name of the TargetTcpProxy resource to return.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "targetTcpProxy" - ], - "response": { - "$ref": "TargetTcpProxy" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "insert": { - "id": "compute.targetTcpProxies.insert", - "path": "{project}/global/targetTcpProxies", - "httpMethod": "POST", - "description": "Creates a TargetTcpProxy resource in the specified project using the data included in the request.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "RouterStatusResponse": { + "id": "RouterStatusResponse", + "properties": { + "kind": { + "default": "compute#routerStatusResponse", + "description": "Type of resource.", + "type": "string" + }, + "result": { + "$ref": "RouterStatus" + } }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project" - ], - "request": { - "$ref": "TargetTcpProxy" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "list": { - "id": "compute.targetTcpProxies.list", - "path": "{project}/global/targetTcpProxies", - "httpMethod": "GET", - "description": "Retrieves the list of TargetTcpProxy resources available to the specified project.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" + "type": "object" + }, + "RoutersPreviewResponse": { + "id": "RoutersPreviewResponse", + "properties": { + "resource": { + "$ref": "Router", + "description": "Preview of given router." + } }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" + "type": "object" + }, + "RoutersScopedList": { + "id": "RoutersScopedList", + "properties": { + "routers": { + "description": "List of routers contained in this scope.", + "items": { + "$ref": "Router" + }, + "type": "array" + }, + "warning": { + "description": "Informational warning which replaces the list of routers when the list is empty.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" + "type": "object" + }, + "SSLHealthCheck": { + "id": "SSLHealthCheck", + "properties": { + "port": { + "description": "The TCP port number for the health check request. The default value is 443. Valid values are 1 through 65535.", + "format": "int32", + "type": "integer" + }, + "portName": { + "description": "Port name as defined in InstanceGroup#NamedPort#name. If both port and port_name are defined, port takes precedence.", + "type": "string" + }, + "proxyHeader": { + "description": "Specifies the type of proxy header to append before sending data to the backend, either NONE or PROXY_V1. The default is NONE.", + "enum": [ + "NONE", + "PROXY_V1" + ], + "enumDescriptions": [ + "", + "" + ], + "type": "string" + }, + "request": { + "description": "The application data to send once the SSL connection has been established (default value is empty). If both request and response are empty, the connection establishment alone will indicate health. The request data can only be ASCII.", + "type": "string" + }, + "response": { + "description": "The bytes to match against the beginning of the response data. If left empty (the default value), any response will indicate health. The response data can only be ASCII.", + "type": "string" + } }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" + "type": "object" + }, + "Scheduling": { + "description": "Sets the scheduling options for an Instance.", + "id": "Scheduling", + "properties": { + "automaticRestart": { + "description": "Specifies whether the instance should be automatically restarted if it is terminated by Compute Engine (not terminated by a user). You can only set the automatic restart option for standard instances. Preemptible instances cannot be automatically restarted.\n\nBy default, this is set to true so an instance is automatically restarted if it is terminated by Compute Engine.", + "type": "boolean" + }, + "onHostMaintenance": { + "description": "Defines the maintenance behavior for this instance. For standard instances, the default behavior is MIGRATE. For preemptible instances, the default and only possible behavior is TERMINATE. For more information, see Setting Instance Scheduling Options.", + "enum": [ + "MIGRATE", + "TERMINATE" + ], + "enumDescriptions": [ + "", + "" + ], + "type": "string" + }, + "preemptible": { + "description": "Defines whether the instance is preemptible. This can only be set during instance creation, it cannot be set or changed after the instance has been created.", + "type": "boolean" + } }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "TargetTcpProxyList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "setBackendService": { - "id": "compute.targetTcpProxies.setBackendService", - "path": "{project}/global/targetTcpProxies/{targetTcpProxy}/setBackendService", - "httpMethod": "POST", - "description": "Changes the BackendService for TargetTcpProxy.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "SerialPortOutput": { + "description": "An instance's serial console output.", + "id": "SerialPortOutput", + "properties": { + "contents": { + "description": "[Output Only] The contents of the console output.", + "type": "string" + }, + "kind": { + "default": "compute#serialPortOutput", + "description": "[Output Only] Type of the resource. Always compute#serialPortOutput for serial port output.", + "type": "string" + }, + "next": { + "description": "[Output Only] The position of the next byte of content from the serial console output. Use this value in the next request as the start parameter.", + "format": "int64", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "start": { + "description": "The starting byte position of the output that was returned. This should match the start parameter sent with the request. If the serial console output exceeds the size of the buffer, older output will be overwritten by newer content and the start values will be mismatched.", + "format": "int64", + "type": "string" + } }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + "type": "object" + }, + "ServiceAccount": { + "description": "A service account.", + "id": "ServiceAccount", + "properties": { + "email": { + "description": "Email address of the service account.", + "type": "string" + }, + "scopes": { + "description": "The list of scopes to be made available for this service account.", + "items": { + "type": "string" + }, + "type": "array" + } }, - "targetTcpProxy": { - "type": "string", - "description": "Name of the TargetTcpProxy resource whose BackendService resource is to be set.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "targetTcpProxy" - ], - "request": { - "$ref": "TargetTcpProxiesSetBackendServiceRequest" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "setProxyHeader": { - "id": "compute.targetTcpProxies.setProxyHeader", - "path": "{project}/global/targetTcpProxies/{targetTcpProxy}/setProxyHeader", - "httpMethod": "POST", - "description": "Changes the ProxyHeaderType for TargetTcpProxy.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "Snapshot": { + "description": "A persistent disk snapshot resource. (== resource_for beta.snapshots ==) (== resource_for v1.snapshots ==)", + "id": "Snapshot", + "properties": { + "creationTimestamp": { + "description": "[Output Only] Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "description": { + "description": "An optional description of this resource. Provide this property when you create the resource.", + "type": "string" + }, + "diskSizeGb": { + "description": "[Output Only] Size of the snapshot, specified in GB.", + "format": "int64", + "type": "string" + }, + "id": { + "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", + "format": "uint64", + "type": "string" + }, + "kind": { + "default": "compute#snapshot", + "description": "[Output Only] Type of the resource. Always compute#snapshot for Snapshot resources.", + "type": "string" + }, + "labelFingerprint": { + "description": "A fingerprint for the labels being applied to this snapshot, which is essentially a hash of the labels set used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash in order to update or change labels.\n\nTo see the latest fingerprint, make a get() request to retrieve a snapshot.", + "format": "byte", + "type": "string" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "description": "Labels to apply to this snapshot. These can be later modified by the setLabels method. Label values may be empty.", + "type": "object" + }, + "licenses": { + "description": "[Output Only] A list of public visible licenses that apply to this snapshot. This can be because the original image had licenses attached (such as a Windows image).", + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "description": "Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for the resource.", + "type": "string" + }, + "snapshotEncryptionKey": { + "$ref": "CustomerEncryptionKey", + "description": "Encrypts the snapshot using a customer-supplied encryption key.\n\nAfter you encrypt a snapshot using a customer-supplied key, you must provide the same key if you use the image later For example, you must provide the encryption key when you create a disk from the encrypted snapshot in a future request.\n\nCustomer-supplied encryption keys do not protect access to metadata of the disk.\n\nIf you do not provide an encryption key when creating the snapshot, then the snapshot will be encrypted using an automatically generated key and you do not need to provide a key to use the snapshot later." + }, + "sourceDisk": { + "description": "[Output Only] The source disk used to create this snapshot.", + "type": "string" + }, + "sourceDiskEncryptionKey": { + "$ref": "CustomerEncryptionKey", + "description": "The customer-supplied encryption key of the source disk. Required if the source disk is protected by a customer-supplied encryption key." + }, + "sourceDiskId": { + "description": "[Output Only] The ID value of the disk used to create this snapshot. This value may be used to determine whether the snapshot was taken from the current or a previous instance of a given disk name.", + "type": "string" + }, + "status": { + "description": "[Output Only] The status of the snapshot. This can be CREATING, DELETING, FAILED, READY, or UPLOADING.", + "enum": [ + "CREATING", + "DELETING", + "FAILED", + "READY", + "UPLOADING" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "storageBytes": { + "description": "[Output Only] A size of the storage used by the snapshot. As snapshots share storage, this number is expected to change with snapshot creation/deletion.", + "format": "int64", + "type": "string" + }, + "storageBytesStatus": { + "description": "[Output Only] An indicator whether storageBytes is in a stable state or it is being adjusted as a result of shared storage reallocation. This status can either be UPDATING, meaning the size of the snapshot is being updated, or UP_TO_DATE, meaning the size of the snapshot is up-to-date.", + "enum": [ + "UPDATING", + "UP_TO_DATE" + ], + "enumDescriptions": [ + "", + "" + ], + "type": "string" + } }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + "type": "object" + }, + "SnapshotList": { + "description": "Contains a list of Snapshot resources.", + "id": "SnapshotList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "description": "A list of Snapshot resources.", + "items": { + "$ref": "Snapshot" + }, + "type": "array" + }, + "kind": { + "default": "compute#snapshotList", + "description": "Type of resource.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "targetTcpProxy": { - "type": "string", - "description": "Name of the TargetTcpProxy resource whose ProxyHeader is to be set.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "targetTcpProxy" - ], - "request": { - "$ref": "TargetTcpProxiesSetProxyHeaderRequest" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - } - } - }, - "targetVpnGateways": { - "methods": { - "aggregatedList": { - "id": "compute.targetVpnGateways.aggregatedList", - "path": "{project}/aggregated/targetVpnGateways", - "httpMethod": "GET", - "description": "Retrieves an aggregated list of target VPN gateways.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" + "type": "object" + }, + "SslCertificate": { + "description": "An SslCertificate resource. This resource provides a mechanism to upload an SSL key and certificate to the load balancer to serve secure connections from the user. (== resource_for beta.sslCertificates ==) (== resource_for v1.sslCertificates ==)", + "id": "SslCertificate", + "properties": { + "certificate": { + "description": "A local certificate file. The certificate must be in PEM format. The certificate chain must be no greater than 5 certs long. The chain must include at least one intermediate cert.", + "type": "string" + }, + "creationTimestamp": { + "description": "[Output Only] Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "description": { + "description": "An optional description of this resource. Provide this property when you create the resource.", + "type": "string" + }, + "id": { + "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", + "format": "uint64", + "type": "string" + }, + "kind": { + "default": "compute#sslCertificate", + "description": "[Output Only] Type of the resource. Always compute#sslCertificate for SSL certificates.", + "type": "string" + }, + "name": { + "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "type": "string" + }, + "privateKey": { + "description": "A write-only private key in PEM format. Only insert requests will include this field.", + "type": "string" + }, + "selfLink": { + "description": "[Output only] Server-defined URL for the resource.", + "type": "string" + } }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" + "type": "object" + }, + "SslCertificateList": { + "description": "Contains a list of SslCertificate resources.", + "id": "SslCertificateList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "description": "A list of SslCertificate resources.", + "items": { + "$ref": "SslCertificate" + }, + "type": "array" + }, + "kind": { + "default": "compute#sslCertificateList", + "description": "Type of resource.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" + "type": "object" + }, + "Subnetwork": { + "description": "A Subnetwork resource. (== resource_for beta.subnetworks ==) (== resource_for v1.subnetworks ==)", + "id": "Subnetwork", + "properties": { + "creationTimestamp": { + "description": "[Output Only] Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "description": { + "description": "An optional description of this resource. Provide this property when you create the resource. This field can be set only at resource creation time.", + "type": "string" + }, + "gatewayAddress": { + "description": "[Output Only] The gateway address for default routes to reach destination addresses outside this subnetwork.", + "type": "string" + }, + "id": { + "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", + "format": "uint64", + "type": "string" + }, + "ipCidrRange": { + "description": "The range of internal addresses that are owned by this subnetwork. Provide this property when you create the subnetwork. For example, 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and non-overlapping within a network. Only IPv4 is supported. This field can be set only at resource creation time.", + "type": "string" + }, + "kind": { + "default": "compute#subnetwork", + "description": "[Output Only] Type of the resource. Always compute#subnetwork for Subnetwork resources.", + "type": "string" + }, + "name": { + "description": "The name of the resource, provided by the client when initially creating the resource. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "type": "string" + }, + "network": { + "description": "The URL of the network to which this subnetwork belongs, provided by the client when initially creating the subnetwork. Only networks that are in the distributed mode can have subnetworks. This field can be set only at resource creation time.", + "type": "string" + }, + "privateIpGoogleAccess": { + "description": "Whether the VMs in this subnet can access Google services without assigned external IP addresses. This field can be both set at resource creation time and updated using setPrivateIpGoogleAccess.", + "type": "boolean" + }, + "region": { + "description": "URL of the region where the Subnetwork resides. This field can be set only at resource creation time.", + "type": "string" + }, + "secondaryIpRanges": { + "description": "An array of configurations for secondary IP ranges for VM instances contained in this subnetwork. The primary IP of such VM must belong to the primary ipCidrRange of the subnetwork. The alias IPs may belong to either primary or secondary ranges.", + "items": { + "$ref": "SubnetworkSecondaryRange" + }, + "type": "array" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for the resource.", + "type": "string" + } }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" + "type": "object" + }, + "SubnetworkAggregatedList": { + "id": "SubnetworkAggregatedList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "additionalProperties": { + "$ref": "SubnetworksScopedList", + "description": "Name of the scope containing this set of Subnetworks." + }, + "description": "A list of SubnetworksScopedList resources.", + "type": "object" + }, + "kind": { + "default": "compute#subnetworkAggregatedList", + "description": "[Output Only] Type of resource. Always compute#subnetworkAggregatedList for aggregated lists of subnetworks.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "TargetVpnGatewayAggregatedList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "delete": { - "id": "compute.targetVpnGateways.delete", - "path": "{project}/regions/{region}/targetVpnGateways/{targetVpnGateway}", - "httpMethod": "DELETE", - "description": "Deletes the specified target VPN gateway.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "SubnetworkList": { + "description": "Contains a list of Subnetwork resources.", + "id": "SubnetworkList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "description": "A list of Subnetwork resources.", + "items": { + "$ref": "Subnetwork" + }, + "type": "array" + }, + "kind": { + "default": "compute#subnetworkList", + "description": "[Output Only] Type of resource. Always compute#subnetworkList for lists of subnetworks.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "region": { - "type": "string", - "description": "Name of the region for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" + "type": "object" + }, + "SubnetworkSecondaryRange": { + "description": "Represents a secondary IP range of a subnetwork.", + "id": "SubnetworkSecondaryRange", + "properties": { + "ipCidrRange": { + "description": "The range of IP addresses belonging to this subnetwork secondary range. Provide this property when you create the subnetwork. Ranges must be unique and non-overlapping with all primary and secondary IP ranges within a network. Only IPv4 is supported.", + "type": "string" + }, + "rangeName": { + "description": "The name associated with this subnetwork secondary range, used when adding an alias IP range to a VM instance. The name must be 1-63 characters long, and comply with RFC1035. The name must be unique within the subnetwork.", + "type": "string" + } }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + "type": "object" + }, + "SubnetworksExpandIpCidrRangeRequest": { + "id": "SubnetworksExpandIpCidrRangeRequest", + "properties": { + "ipCidrRange": { + "description": "The IP (in CIDR format or netmask) of internal addresses that are legal on this Subnetwork. This range should be disjoint from other subnetworks within this network. This range can only be larger than (i.e. a superset of) the range previously defined before the update.", + "type": "string" + } }, - "targetVpnGateway": { - "type": "string", - "description": "Name of the target VPN gateway to delete.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "region", - "targetVpnGateway" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "get": { - "id": "compute.targetVpnGateways.get", - "path": "{project}/regions/{region}/targetVpnGateways/{targetVpnGateway}", - "httpMethod": "GET", - "description": "Returns the specified target VPN gateway. Get a list of available target VPN gateways by making a list() request.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "SubnetworksScopedList": { + "id": "SubnetworksScopedList", + "properties": { + "subnetworks": { + "description": "List of subnetworks contained in this scope.", + "items": { + "$ref": "Subnetwork" + }, + "type": "array" + }, + "warning": { + "description": "An informational warning that appears when the list of addresses is empty.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "region": { - "type": "string", - "description": "Name of the region for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" + "type": "object" + }, + "SubnetworksSetPrivateIpGoogleAccessRequest": { + "id": "SubnetworksSetPrivateIpGoogleAccessRequest", + "properties": { + "privateIpGoogleAccess": { + "type": "boolean" + } }, - "targetVpnGateway": { - "type": "string", - "description": "Name of the target VPN gateway to return.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "region", - "targetVpnGateway" - ], - "response": { - "$ref": "TargetVpnGateway" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "insert": { - "id": "compute.targetVpnGateways.insert", - "path": "{project}/regions/{region}/targetVpnGateways", - "httpMethod": "POST", - "description": "Creates a target VPN gateway in the specified project and region using the data included in the request.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "TCPHealthCheck": { + "id": "TCPHealthCheck", + "properties": { + "port": { + "description": "The TCP port number for the health check request. The default value is 80. Valid values are 1 through 65535.", + "format": "int32", + "type": "integer" + }, + "portName": { + "description": "Port name as defined in InstanceGroup#NamedPort#name. If both port and port_name are defined, port takes precedence.", + "type": "string" + }, + "proxyHeader": { + "description": "Specifies the type of proxy header to append before sending data to the backend, either NONE or PROXY_V1. The default is NONE.", + "enum": [ + "NONE", + "PROXY_V1" + ], + "enumDescriptions": [ + "", + "" + ], + "type": "string" + }, + "request": { + "description": "The application data to send once the TCP connection has been established (default value is empty). If both request and response are empty, the connection establishment alone will indicate health. The request data can only be ASCII.", + "type": "string" + }, + "response": { + "description": "The bytes to match against the beginning of the response data. If left empty (the default value), any response will indicate health. The response data can only be ASCII.", + "type": "string" + } }, - "region": { - "type": "string", - "description": "Name of the region for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" + "type": "object" + }, + "Tags": { + "description": "A set of instance tags.", + "id": "Tags", + "properties": { + "fingerprint": { + "description": "Specifies a fingerprint for this request, which is essentially a hash of the metadata's contents and used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update metadata. You must always provide an up-to-date fingerprint hash in order to update or change metadata.\n\nTo see the latest fingerprint, make get() request to the instance.", + "format": "byte", + "type": "string" + }, + "items": { + "description": "An array of tags. Each tag must be 1-63 characters long, and comply with RFC1035.", + "items": { + "type": "string" + }, + "type": "array" + } }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project", - "region" - ], - "request": { - "$ref": "TargetVpnGateway" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "list": { - "id": "compute.targetVpnGateways.list", - "path": "{project}/regions/{region}/targetVpnGateways", - "httpMethod": "GET", - "description": "Retrieves a list of target VPN gateways available to the specified project and region.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" + "type": "object" + }, + "TargetHttpProxy": { + "description": "A TargetHttpProxy resource. This resource defines an HTTP proxy. (== resource_for beta.targetHttpProxies ==) (== resource_for v1.targetHttpProxies ==)", + "id": "TargetHttpProxy", + "properties": { + "creationTimestamp": { + "description": "[Output Only] Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "description": { + "description": "An optional description of this resource. Provide this property when you create the resource.", + "type": "string" + }, + "id": { + "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", + "format": "uint64", + "type": "string" + }, + "kind": { + "default": "compute#targetHttpProxy", + "description": "[Output Only] Type of resource. Always compute#targetHttpProxy for target HTTP proxies.", + "type": "string" + }, + "name": { + "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for the resource.", + "type": "string" + }, + "urlMap": { + "description": "URL to the UrlMap resource that defines the mapping from URL to the BackendService.", + "type": "string" + } }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" + "type": "object" + }, + "TargetHttpProxyList": { + "description": "A list of TargetHttpProxy resources.", + "id": "TargetHttpProxyList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "description": "A list of TargetHttpProxy resources.", + "items": { + "$ref": "TargetHttpProxy" + }, + "type": "array" + }, + "kind": { + "default": "compute#targetHttpProxyList", + "description": "Type of resource. Always compute#targetHttpProxyList for lists of target HTTP proxies.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" + "type": "object" + }, + "TargetHttpsProxiesSetSslCertificatesRequest": { + "id": "TargetHttpsProxiesSetSslCertificatesRequest", + "properties": { + "sslCertificates": { + "description": "New set of SslCertificate resources to associate with this TargetHttpsProxy resource. Currently exactly one SslCertificate resource must be specified.", + "items": { + "type": "string" + }, + "type": "array" + } }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" + "type": "object" + }, + "TargetHttpsProxy": { + "description": "A TargetHttpsProxy resource. This resource defines an HTTPS proxy. (== resource_for beta.targetHttpsProxies ==) (== resource_for v1.targetHttpsProxies ==)", + "id": "TargetHttpsProxy", + "properties": { + "creationTimestamp": { + "description": "[Output Only] Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "description": { + "description": "An optional description of this resource. Provide this property when you create the resource.", + "type": "string" + }, + "id": { + "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", + "format": "uint64", + "type": "string" + }, + "kind": { + "default": "compute#targetHttpsProxy", + "description": "[Output Only] Type of resource. Always compute#targetHttpsProxy for target HTTPS proxies.", + "type": "string" + }, + "name": { + "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for the resource.", + "type": "string" + }, + "sslCertificates": { + "description": "URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. Currently, exactly one SSL certificate must be specified.", + "items": { + "type": "string" + }, + "type": "array" + }, + "urlMap": { + "description": "A fully-qualified or valid partial URL to the UrlMap resource that defines the mapping from URL to the BackendService. For example, the following are all valid URLs for specifying a URL map: \n- https://www.googleapis.compute/v1/projects/project/global/urlMaps/url-map \n- projects/project/global/urlMaps/url-map \n- global/urlMaps/url-map", + "type": "string" + } }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "TargetHttpsProxyList": { + "description": "Contains a list of TargetHttpsProxy resources.", + "id": "TargetHttpsProxyList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "description": "A list of TargetHttpsProxy resources.", + "items": { + "$ref": "TargetHttpsProxy" + }, + "type": "array" + }, + "kind": { + "default": "compute#targetHttpsProxyList", + "description": "Type of resource. Always compute#targetHttpsProxyList for lists of target HTTPS proxies.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "region": { - "type": "string", - "description": "Name of the region for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "region" - ], - "response": { - "$ref": "TargetVpnGatewayList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - } - } - }, - "urlMaps": { - "methods": { - "delete": { - "id": "compute.urlMaps.delete", - "path": "{project}/global/urlMaps/{urlMap}", - "httpMethod": "DELETE", - "description": "Deletes the specified UrlMap resource.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "TargetInstance": { + "description": "A TargetInstance resource. This resource defines an endpoint instance that terminates traffic of certain protocols. (== resource_for beta.targetInstances ==) (== resource_for v1.targetInstances ==)", + "id": "TargetInstance", + "properties": { + "creationTimestamp": { + "description": "[Output Only] Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "description": { + "description": "An optional description of this resource. Provide this property when you create the resource.", + "type": "string" + }, + "id": { + "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", + "format": "uint64", + "type": "string" + }, + "instance": { + "description": "A URL to the virtual machine instance that handles traffic for this target instance. When creating a target instance, you can provide the fully-qualified URL or a valid partial URL to the desired virtual machine. For example, the following are all valid URLs: \n- https://www.googleapis.com/compute/v1/projects/project/zones/zone/instances/instance \n- projects/project/zones/zone/instances/instance \n- zones/zone/instances/instance", + "type": "string" + }, + "kind": { + "default": "compute#targetInstance", + "description": "[Output Only] The type of the resource. Always compute#targetInstance for target instances.", + "type": "string" + }, + "name": { + "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "type": "string" + }, + "natPolicy": { + "description": "NAT option controlling how IPs are NAT'ed to the instance. Currently only NO_NAT (default value) is supported.", + "enum": [ + "NO_NAT" + ], + "enumDescriptions": [ + "" + ], + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for the resource.", + "type": "string" + }, + "zone": { + "description": "[Output Only] URL of the zone where the target instance resides. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.", + "type": "string" + } }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + "type": "object" + }, + "TargetInstanceAggregatedList": { + "id": "TargetInstanceAggregatedList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "additionalProperties": { + "$ref": "TargetInstancesScopedList", + "description": "Name of the scope containing this set of target instances." + }, + "description": "A list of TargetInstance resources.", + "type": "object" + }, + "kind": { + "default": "compute#targetInstanceAggregatedList", + "description": "Type of resource.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "urlMap": { - "type": "string", - "description": "Name of the UrlMap resource to delete.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "urlMap" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "get": { - "id": "compute.urlMaps.get", - "path": "{project}/global/urlMaps/{urlMap}", - "httpMethod": "GET", - "description": "Returns the specified UrlMap resource. Get a list of available URL maps by making a list() request.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "TargetInstanceList": { + "description": "Contains a list of TargetInstance resources.", + "id": "TargetInstanceList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "description": "A list of TargetInstance resources.", + "items": { + "$ref": "TargetInstance" + }, + "type": "array" + }, + "kind": { + "default": "compute#targetInstanceList", + "description": "Type of resource.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "urlMap": { - "type": "string", - "description": "Name of the UrlMap resource to return.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "urlMap" - ], - "response": { - "$ref": "UrlMap" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "insert": { - "id": "compute.urlMaps.insert", - "path": "{project}/global/urlMaps", - "httpMethod": "POST", - "description": "Creates a UrlMap resource in the specified project using the data included in the request.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "TargetInstancesScopedList": { + "id": "TargetInstancesScopedList", + "properties": { + "targetInstances": { + "description": "List of target instances contained in this scope.", + "items": { + "$ref": "TargetInstance" + }, + "type": "array" + }, + "warning": { + "description": "Informational warning which replaces the list of addresses when the list is empty.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project" - ], - "request": { - "$ref": "UrlMap" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "invalidateCache": { - "id": "compute.urlMaps.invalidateCache", - "path": "{project}/global/urlMaps/{urlMap}/invalidateCache", - "httpMethod": "POST", - "description": "Initiates a cache invalidation operation, invalidating the specified path, scoped to the specified UrlMap.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "TargetPool": { + "description": "A TargetPool resource. This resource defines a pool of instances, an associated HttpHealthCheck resource, and the fallback target pool. (== resource_for beta.targetPools ==) (== resource_for v1.targetPools ==)", + "id": "TargetPool", + "properties": { + "backupPool": { + "description": "This field is applicable only when the containing target pool is serving a forwarding rule as the primary pool, and its failoverRatio field is properly set to a value between [0, 1].\n\nbackupPool and failoverRatio together define the fallback behavior of the primary target pool: if the ratio of the healthy instances in the primary pool is at or below failoverRatio, traffic arriving at the load-balanced IP will be directed to the backup pool.\n\nIn case where failoverRatio and backupPool are not set, or all the instances in the backup pool are unhealthy, the traffic will be directed back to the primary pool in the \"force\" mode, where traffic will be spread to the healthy instances with the best effort, or to all instances when no instance is healthy.", + "type": "string" + }, + "creationTimestamp": { + "description": "[Output Only] Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "description": { + "description": "An optional description of this resource. Provide this property when you create the resource.", + "type": "string" + }, + "failoverRatio": { + "description": "This field is applicable only when the containing target pool is serving a forwarding rule as the primary pool (i.e., not as a backup pool to some other target pool). The value of the field must be in [0, 1].\n\nIf set, backupPool must also be set. They together define the fallback behavior of the primary target pool: if the ratio of the healthy instances in the primary pool is at or below this number, traffic arriving at the load-balanced IP will be directed to the backup pool.\n\nIn case where failoverRatio is not set or all the instances in the backup pool are unhealthy, the traffic will be directed back to the primary pool in the \"force\" mode, where traffic will be spread to the healthy instances with the best effort, or to all instances when no instance is healthy.", + "format": "float", + "type": "number" + }, + "healthChecks": { + "description": "The URL of the HttpHealthCheck resource. A member instance in this pool is considered healthy if and only if the health checks pass. An empty list means all member instances will be considered healthy at all times. Only HttpHealthChecks are supported. Only one health check may be specified.", + "items": { + "type": "string" + }, + "type": "array" + }, + "id": { + "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", + "format": "uint64", + "type": "string" + }, + "instances": { + "description": "A list of resource URLs to the virtual machine instances serving this pool. They must live in zones contained in the same region as this pool.", + "items": { + "type": "string" + }, + "type": "array" + }, + "kind": { + "default": "compute#targetPool", + "description": "[Output Only] Type of the resource. Always compute#targetPool for target pools.", + "type": "string" + }, + "name": { + "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "type": "string" + }, + "region": { + "description": "[Output Only] URL of the region where the target pool resides.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for the resource.", + "type": "string" + }, + "sessionAffinity": { + "description": "Sesssion affinity option, must be one of the following values:\nNONE: Connections from the same client IP may go to any instance in the pool.\nCLIENT_IP: Connections from the same client IP will go to the same instance in the pool while that instance remains healthy.\nCLIENT_IP_PROTO: Connections from the same client IP with the same IP protocol will go to the same instance in the pool while that instance remains healthy.", + "enum": [ + "CLIENT_IP", + "CLIENT_IP_PORT_PROTO", + "CLIENT_IP_PROTO", + "GENERATED_COOKIE", + "NONE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "" + ], + "type": "string" + } }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + "type": "object" + }, + "TargetPoolAggregatedList": { + "id": "TargetPoolAggregatedList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "additionalProperties": { + "$ref": "TargetPoolsScopedList", + "description": "Name of the scope containing this set of target pools." + }, + "description": "A list of TargetPool resources.", + "type": "object" + }, + "kind": { + "default": "compute#targetPoolAggregatedList", + "description": "[Output Only] Type of resource. Always compute#targetPoolAggregatedList for aggregated lists of target pools.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "urlMap": { - "type": "string", - "description": "Name of the UrlMap scoping this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "urlMap" - ], - "request": { - "$ref": "CacheInvalidationRule" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "list": { - "id": "compute.urlMaps.list", - "path": "{project}/global/urlMaps", - "httpMethod": "GET", - "description": "Retrieves the list of UrlMap resources available to the specified project.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" + "type": "object" + }, + "TargetPoolInstanceHealth": { + "id": "TargetPoolInstanceHealth", + "properties": { + "healthStatus": { + "items": { + "$ref": "HealthStatus" + }, + "type": "array" + }, + "kind": { + "default": "compute#targetPoolInstanceHealth", + "description": "[Output Only] Type of resource. Always compute#targetPoolInstanceHealth when checking the health of an instance.", + "type": "string" + } }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" + "type": "object" + }, + "TargetPoolList": { + "description": "Contains a list of TargetPool resources.", + "id": "TargetPoolList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "description": "A list of TargetPool resources.", + "items": { + "$ref": "TargetPool" + }, + "type": "array" + }, + "kind": { + "default": "compute#targetPoolList", + "description": "[Output Only] Type of resource. Always compute#targetPoolList for lists of target pools.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" + "type": "object" + }, + "TargetPoolsAddHealthCheckRequest": { + "id": "TargetPoolsAddHealthCheckRequest", + "properties": { + "healthChecks": { + "description": "The HttpHealthCheck to add to the target pool.", + "items": { + "$ref": "HealthCheckReference" + }, + "type": "array" + } }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" + "type": "object" + }, + "TargetPoolsAddInstanceRequest": { + "id": "TargetPoolsAddInstanceRequest", + "properties": { + "instances": { + "description": "A full or partial URL to an instance to add to this target pool. This can be a full or partial URL. For example, the following are valid URLs: \n- https://www.googleapis.com/compute/v1/projects/project-id/zones/zone/instances/instance-name \n- projects/project-id/zones/zone/instances/instance-name \n- zones/zone/instances/instance-name", + "items": { + "$ref": "InstanceReference" + }, + "type": "array" + } }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "UrlMapList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "patch": { - "id": "compute.urlMaps.patch", - "path": "{project}/global/urlMaps/{urlMap}", - "httpMethod": "PATCH", - "description": "Patches the specified UrlMap resource with the data included in the request. This method supports PATCH semantics and uses the JSON merge patch format and processing rules.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "TargetPoolsRemoveHealthCheckRequest": { + "id": "TargetPoolsRemoveHealthCheckRequest", + "properties": { + "healthChecks": { + "description": "Health check URL to be removed. This can be a full or valid partial URL. For example, the following are valid URLs: \n- https://www.googleapis.com/compute/beta/projects/project/global/httpHealthChecks/health-check \n- projects/project/global/httpHealthChecks/health-check \n- global/httpHealthChecks/health-check", + "items": { + "$ref": "HealthCheckReference" + }, + "type": "array" + } }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + "type": "object" + }, + "TargetPoolsRemoveInstanceRequest": { + "id": "TargetPoolsRemoveInstanceRequest", + "properties": { + "instances": { + "description": "URLs of the instances to be removed from target pool.", + "items": { + "$ref": "InstanceReference" + }, + "type": "array" + } }, - "urlMap": { - "type": "string", - "description": "Name of the UrlMap resource to patch.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "urlMap" - ], - "request": { - "$ref": "UrlMap" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "update": { - "id": "compute.urlMaps.update", - "path": "{project}/global/urlMaps/{urlMap}", - "httpMethod": "PUT", - "description": "Updates the specified UrlMap resource with the data included in the request.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "TargetPoolsScopedList": { + "id": "TargetPoolsScopedList", + "properties": { + "targetPools": { + "description": "List of target pools contained in this scope.", + "items": { + "$ref": "TargetPool" + }, + "type": "array" + }, + "warning": { + "description": "Informational warning which replaces the list of addresses when the list is empty.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + "type": "object" + }, + "TargetReference": { + "id": "TargetReference", + "properties": { + "target": { + "type": "string" + } }, - "urlMap": { - "type": "string", - "description": "Name of the UrlMap resource to update.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "urlMap" - ], - "request": { - "$ref": "UrlMap" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "validate": { - "id": "compute.urlMaps.validate", - "path": "{project}/global/urlMaps/{urlMap}/validate", - "httpMethod": "POST", - "description": "Runs static validation for the UrlMap. In particular, the tests of the provided UrlMap will be run. Calling this method does NOT create the UrlMap.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "TargetSslProxiesSetBackendServiceRequest": { + "id": "TargetSslProxiesSetBackendServiceRequest", + "properties": { + "service": { + "description": "The URL of the new BackendService resource for the targetSslProxy.", + "type": "string" + } }, - "urlMap": { - "type": "string", - "description": "Name of the UrlMap resource to be validated as.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "urlMap" - ], - "request": { - "$ref": "UrlMapsValidateRequest" - }, - "response": { - "$ref": "UrlMapsValidateResponse" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - } - } - }, - "vpnTunnels": { - "methods": { - "aggregatedList": { - "id": "compute.vpnTunnels.aggregatedList", - "path": "{project}/aggregated/vpnTunnels", - "httpMethod": "GET", - "description": "Retrieves an aggregated list of VPN tunnels.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" + "type": "object" + }, + "TargetSslProxiesSetProxyHeaderRequest": { + "id": "TargetSslProxiesSetProxyHeaderRequest", + "properties": { + "proxyHeader": { + "description": "The new type of proxy header to append before sending data to the backend. NONE or PROXY_V1 are allowed.", + "enum": [ + "NONE", + "PROXY_V1" + ], + "enumDescriptions": [ + "", + "" + ], + "type": "string" + } }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" + "type": "object" + }, + "TargetSslProxiesSetSslCertificatesRequest": { + "id": "TargetSslProxiesSetSslCertificatesRequest", + "properties": { + "sslCertificates": { + "description": "New set of URLs to SslCertificate resources to associate with this TargetSslProxy. Currently exactly one ssl certificate must be specified.", + "items": { + "type": "string" + }, + "type": "array" + } }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" + "type": "object" + }, + "TargetSslProxy": { + "description": "A TargetSslProxy resource. This resource defines an SSL proxy. (== resource_for beta.targetSslProxies ==) (== resource_for v1.targetSslProxies ==)", + "id": "TargetSslProxy", + "properties": { + "creationTimestamp": { + "description": "[Output Only] Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "description": { + "description": "An optional description of this resource. Provide this property when you create the resource.", + "type": "string" + }, + "id": { + "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", + "format": "uint64", + "type": "string" + }, + "kind": { + "default": "compute#targetSslProxy", + "description": "[Output Only] Type of the resource. Always compute#targetSslProxy for target SSL proxies.", + "type": "string" + }, + "name": { + "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "type": "string" + }, + "proxyHeader": { + "description": "Specifies the type of proxy header to append before sending data to the backend, either NONE or PROXY_V1. The default is NONE.", + "enum": [ + "NONE", + "PROXY_V1" + ], + "enumDescriptions": [ + "", + "" + ], + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for the resource.", + "type": "string" + }, + "service": { + "description": "URL to the BackendService resource.", + "type": "string" + }, + "sslCertificates": { + "description": "URLs to SslCertificate resources that are used to authenticate connections to Backends. Currently exactly one SSL certificate must be specified.", + "items": { + "type": "string" + }, + "type": "array" + } }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" + "type": "object" + }, + "TargetSslProxyList": { + "description": "Contains a list of TargetSslProxy resources.", + "id": "TargetSslProxyList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "description": "A list of TargetSslProxy resources.", + "items": { + "$ref": "TargetSslProxy" + }, + "type": "array" + }, + "kind": { + "default": "compute#targetSslProxyList", + "description": "Type of resource.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "VpnTunnelAggregatedList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "delete": { - "id": "compute.vpnTunnels.delete", - "path": "{project}/regions/{region}/vpnTunnels/{vpnTunnel}", - "httpMethod": "DELETE", - "description": "Deletes the specified VpnTunnel resource.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "TargetTcpProxiesSetBackendServiceRequest": { + "id": "TargetTcpProxiesSetBackendServiceRequest", + "properties": { + "service": { + "description": "The URL of the new BackendService resource for the targetTcpProxy.", + "type": "string" + } }, - "region": { - "type": "string", - "description": "Name of the region for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" + "type": "object" + }, + "TargetTcpProxiesSetProxyHeaderRequest": { + "id": "TargetTcpProxiesSetProxyHeaderRequest", + "properties": { + "proxyHeader": { + "description": "The new type of proxy header to append before sending data to the backend. NONE or PROXY_V1 are allowed.", + "enum": [ + "NONE", + "PROXY_V1" + ], + "enumDescriptions": [ + "", + "" + ], + "type": "string" + } }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" + "type": "object" + }, + "TargetTcpProxy": { + "description": "A TargetTcpProxy resource. This resource defines a TCP proxy. (== resource_for beta.targetTcpProxies ==) (== resource_for v1.targetTcpProxies ==)", + "id": "TargetTcpProxy", + "properties": { + "creationTimestamp": { + "description": "[Output Only] Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "description": { + "description": "An optional description of this resource. Provide this property when you create the resource.", + "type": "string" + }, + "id": { + "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", + "format": "uint64", + "type": "string" + }, + "kind": { + "default": "compute#targetTcpProxy", + "description": "[Output Only] Type of the resource. Always compute#targetTcpProxy for target TCP proxies.", + "type": "string" + }, + "name": { + "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "type": "string" + }, + "proxyHeader": { + "description": "Specifies the type of proxy header to append before sending data to the backend, either NONE or PROXY_V1. The default is NONE.", + "enum": [ + "NONE", + "PROXY_V1" + ], + "enumDescriptions": [ + "", + "" + ], + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for the resource.", + "type": "string" + }, + "service": { + "description": "URL to the BackendService resource.", + "type": "string" + } }, - "vpnTunnel": { - "type": "string", - "description": "Name of the VpnTunnel resource to delete.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "region", - "vpnTunnel" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "get": { - "id": "compute.vpnTunnels.get", - "path": "{project}/regions/{region}/vpnTunnels/{vpnTunnel}", - "httpMethod": "GET", - "description": "Returns the specified VpnTunnel resource. Get a list of available VPN tunnels by making a list() request.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "TargetTcpProxyList": { + "description": "Contains a list of TargetTcpProxy resources.", + "id": "TargetTcpProxyList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "description": "A list of TargetTcpProxy resources.", + "items": { + "$ref": "TargetTcpProxy" + }, + "type": "array" + }, + "kind": { + "default": "compute#targetTcpProxyList", + "description": "Type of resource.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "region": { - "type": "string", - "description": "Name of the region for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" + "type": "object" + }, + "TargetVpnGateway": { + "description": "Represents a Target VPN gateway resource. (== resource_for beta.targetVpnGateways ==) (== resource_for v1.targetVpnGateways ==)", + "id": "TargetVpnGateway", + "properties": { + "creationTimestamp": { + "description": "[Output Only] Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "description": { + "description": "An optional description of this resource. Provide this property when you create the resource.", + "type": "string" + }, + "forwardingRules": { + "description": "[Output Only] A list of URLs to the ForwardingRule resources. ForwardingRules are created using compute.forwardingRules.insert and associated to a VPN gateway.", + "items": { + "type": "string" + }, + "type": "array" + }, + "id": { + "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", + "format": "uint64", + "type": "string" + }, + "kind": { + "default": "compute#targetVpnGateway", + "description": "[Output Only] Type of resource. Always compute#targetVpnGateway for target VPN gateways.", + "type": "string" + }, + "name": { + "annotations": { + "required": [ + "compute.targetVpnGateways.insert" + ] + }, + "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "type": "string" + }, + "network": { + "annotations": { + "required": [ + "compute.targetVpnGateways.insert" + ] + }, + "description": "URL of the network to which this VPN gateway is attached. Provided by the client when the VPN gateway is created.", + "type": "string" + }, + "region": { + "description": "[Output Only] URL of the region where the target VPN gateway resides. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for the resource.", + "type": "string" + }, + "status": { + "description": "[Output Only] The status of the VPN gateway.", + "enum": [ + "CREATING", + "DELETING", + "FAILED", + "READY" + ], + "enumDescriptions": [ + "", + "", + "", + "" + ], + "type": "string" + }, + "tunnels": { + "description": "[Output Only] A list of URLs to VpnTunnel resources. VpnTunnels are created using compute.vpntunnels.insert method and associated to a VPN gateway.", + "items": { + "type": "string" + }, + "type": "array" + } }, - "vpnTunnel": { - "type": "string", - "description": "Name of the VpnTunnel resource to return.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "region", - "vpnTunnel" - ], - "response": { - "$ref": "VpnTunnel" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "insert": { - "id": "compute.vpnTunnels.insert", - "path": "{project}/regions/{region}/vpnTunnels", - "httpMethod": "POST", - "description": "Creates a VpnTunnel resource in the specified project and region using the data included in the request.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "TargetVpnGatewayAggregatedList": { + "id": "TargetVpnGatewayAggregatedList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "additionalProperties": { + "$ref": "TargetVpnGatewaysScopedList", + "description": "[Output Only] Name of the scope containing this set of target VPN gateways." + }, + "description": "A list of TargetVpnGateway resources.", + "type": "object" + }, + "kind": { + "default": "compute#targetVpnGatewayAggregatedList", + "description": "[Output Only] Type of resource. Always compute#targetVpnGateway for target VPN gateways.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "region": { - "type": "string", - "description": "Name of the region for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" + "type": "object" + }, + "TargetVpnGatewayList": { + "description": "Contains a list of TargetVpnGateway resources.", + "id": "TargetVpnGatewayList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "description": "A list of TargetVpnGateway resources.", + "items": { + "$ref": "TargetVpnGateway" + }, + "type": "array" + }, + "kind": { + "default": "compute#targetVpnGatewayList", + "description": "[Output Only] Type of resource. Always compute#targetVpnGateway for target VPN gateways.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "requestId": { - "type": "string", - "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", - "location": "query" - } - }, - "parameterOrder": [ - "project", - "region" - ], - "request": { - "$ref": "VpnTunnel" - }, - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "list": { - "id": "compute.vpnTunnels.list", - "path": "{project}/regions/{region}/vpnTunnels", - "httpMethod": "GET", - "description": "Retrieves a list of VpnTunnel resources contained in the specified project and region.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" + "type": "object" + }, + "TargetVpnGatewaysScopedList": { + "id": "TargetVpnGatewaysScopedList", + "properties": { + "targetVpnGateways": { + "description": "[Output Only] List of target vpn gateways contained in this scope.", + "items": { + "$ref": "TargetVpnGateway" + }, + "type": "array" + }, + "warning": { + "description": "[Output Only] Informational warning which replaces the list of addresses when the list is empty.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" + "type": "object" + }, + "TestFailure": { + "id": "TestFailure", + "properties": { + "actualService": { + "type": "string" + }, + "expectedService": { + "type": "string" + }, + "host": { + "type": "string" + }, + "path": { + "type": "string" + } }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" + "type": "object" + }, + "UrlMap": { + "description": "A UrlMap resource. This resource defines the mapping from URL to the BackendService resource, based on the \"longest-match\" of the URL's host and path.", + "id": "UrlMap", + "properties": { + "creationTimestamp": { + "description": "[Output Only] Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "defaultService": { + "description": "The URL of the BackendService resource if none of the hostRules match.", + "type": "string" + }, + "description": { + "description": "An optional description of this resource. Provide this property when you create the resource.", + "type": "string" + }, + "fingerprint": { + "description": "Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. This field will be ignored when inserting a UrlMap. An up-to-date fingerprint must be provided in order to update the UrlMap.", + "format": "byte", + "type": "string" + }, + "hostRules": { + "description": "The list of HostRules to use against the URL.", + "items": { + "$ref": "HostRule" + }, + "type": "array" + }, + "id": { + "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", + "format": "uint64", + "type": "string" + }, + "kind": { + "default": "compute#urlMap", + "description": "[Output Only] Type of the resource. Always compute#urlMaps for url maps.", + "type": "string" + }, + "name": { + "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "type": "string" + }, + "pathMatchers": { + "description": "The list of named PathMatchers to use against the URL.", + "items": { + "$ref": "PathMatcher" + }, + "type": "array" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for the resource.", + "type": "string" + }, + "tests": { + "description": "The list of expected URL mapping tests. Request to update this UrlMap will succeed only if all of the test cases pass. You can specify a maximum of 100 tests per UrlMap.", + "items": { + "$ref": "UrlMapTest" + }, + "type": "array" + } }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" + "type": "object" + }, + "UrlMapList": { + "description": "Contains a list of UrlMap resources.", + "id": "UrlMapList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "description": "A list of UrlMap resources.", + "items": { + "$ref": "UrlMap" + }, + "type": "array" + }, + "kind": { + "default": "compute#urlMapList", + "description": "Type of resource.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "UrlMapReference": { + "id": "UrlMapReference", + "properties": { + "urlMap": { + "type": "string" + } }, - "region": { - "type": "string", - "description": "Name of the region for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "region" - ], - "response": { - "$ref": "VpnTunnelList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - } - } - }, - "zoneOperations": { - "methods": { - "delete": { - "id": "compute.zoneOperations.delete", - "path": "{project}/zones/{zone}/operations/{operation}", - "httpMethod": "DELETE", - "description": "Deletes the specified zone-specific Operations resource.", - "parameters": { - "operation": { - "type": "string", - "description": "Name of the Operations resource to delete.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" + "type": "object" + }, + "UrlMapTest": { + "description": "Message for the expected URL mappings.", + "id": "UrlMapTest", + "properties": { + "description": { + "description": "Description of this test case.", + "type": "string" + }, + "host": { + "description": "Host portion of the URL.", + "type": "string" + }, + "path": { + "description": "Path portion of the URL.", + "type": "string" + }, + "service": { + "description": "Expected BackendService resource the given URL should be mapped to.", + "type": "string" + } }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "UrlMapValidationResult": { + "description": "Message representing the validation result for a UrlMap.", + "id": "UrlMapValidationResult", + "properties": { + "loadErrors": { + "items": { + "type": "string" + }, + "type": "array" + }, + "loadSucceeded": { + "description": "Whether the given UrlMap can be successfully loaded. If false, 'loadErrors' indicates the reasons.", + "type": "boolean" + }, + "testFailures": { + "items": { + "$ref": "TestFailure" + }, + "type": "array" + }, + "testPassed": { + "description": "If successfully loaded, this field indicates whether the test passed. If false, 'testFailures's indicate the reason of failure.", + "type": "boolean" + } }, - "zone": { - "type": "string", - "description": "Name of the zone for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "operation" - ], - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute" - ] - }, - "get": { - "id": "compute.zoneOperations.get", - "path": "{project}/zones/{zone}/operations/{operation}", - "httpMethod": "GET", - "description": "Retrieves the specified zone-specific Operations resource.", - "parameters": { - "operation": { - "type": "string", - "description": "Name of the Operations resource to return.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" + "type": "object" + }, + "UrlMapsValidateRequest": { + "id": "UrlMapsValidateRequest", + "properties": { + "resource": { + "$ref": "UrlMap", + "description": "Content of the UrlMap to be validated." + } }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "UrlMapsValidateResponse": { + "id": "UrlMapsValidateResponse", + "properties": { + "result": { + "$ref": "UrlMapValidationResult" + } }, - "zone": { - "type": "string", - "description": "Name of the zone for this request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone", - "operation" - ], - "response": { - "$ref": "Operation" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "list": { - "id": "compute.zoneOperations.list", - "path": "{project}/zones/{zone}/operations", - "httpMethod": "GET", - "description": "Retrieves a list of Operation resources contained within the specified zone.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" + "type": "object" + }, + "UsageExportLocation": { + "description": "The location in Cloud Storage and naming method of the daily usage report. Contains bucket_name and report_name prefix.", + "id": "UsageExportLocation", + "properties": { + "bucketName": { + "description": "The name of an existing bucket in Cloud Storage where the usage report object is stored. The Google Service Account is granted write access to this bucket. This can either be the bucket name by itself, such as example-bucket, or the bucket name with gs:// or https://storage.googleapis.com/ in front of it, such as gs://example-bucket.", + "type": "string" + }, + "reportNamePrefix": { + "description": "An optional prefix for the name of the usage report object stored in bucketName. If not supplied, defaults to usage. The report is stored as a CSV file named report_name_prefix_gce_YYYYMMDD.csv where YYYYMMDD is the day of the usage according to Pacific Time. If you supply a prefix, it should conform to Cloud Storage object naming conventions.", + "type": "string" + } }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" + "type": "object" + }, + "VpnTunnel": { + "description": "VPN tunnel resource. (== resource_for beta.vpnTunnels ==) (== resource_for v1.vpnTunnels ==)", + "id": "VpnTunnel", + "properties": { + "creationTimestamp": { + "description": "[Output Only] Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "description": { + "description": "An optional description of this resource. Provide this property when you create the resource.", + "type": "string" + }, + "detailedStatus": { + "description": "[Output Only] Detailed status message for the VPN tunnel.", + "type": "string" + }, + "id": { + "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", + "format": "uint64", + "type": "string" + }, + "ikeVersion": { + "description": "IKE protocol version to use when establishing the VPN tunnel with peer VPN gateway. Acceptable IKE versions are 1 or 2. Default version is 2.", + "format": "int32", + "type": "integer" + }, + "kind": { + "default": "compute#vpnTunnel", + "description": "[Output Only] Type of resource. Always compute#vpnTunnel for VPN tunnels.", + "type": "string" + }, + "localTrafficSelector": { + "description": "Local traffic selector to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example: 192.168.0.0/16. The ranges should be disjoint. Only IPv4 is supported.", + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "annotations": { + "required": [ + "compute.vpnTunnels.insert" + ] + }, + "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", + "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + "type": "string" + }, + "peerIp": { + "description": "IP address of the peer VPN gateway. Only IPv4 is supported.", + "type": "string" + }, + "region": { + "description": "[Output Only] URL of the region where the VPN tunnel resides. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.", + "type": "string" + }, + "remoteTrafficSelector": { + "description": "Remote traffic selectors to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example: 192.168.0.0/16. The ranges should be disjoint. Only IPv4 is supported.", + "items": { + "type": "string" + }, + "type": "array" + }, + "router": { + "description": "URL of router resource to be used for dynamic routing.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for the resource.", + "type": "string" + }, + "sharedSecret": { + "description": "Shared secret used to set the secure session between the Cloud VPN gateway and the peer VPN gateway.", + "type": "string" + }, + "sharedSecretHash": { + "description": "Hash of the shared secret.", + "type": "string" + }, + "status": { + "description": "[Output Only] The status of the VPN tunnel.", + "enum": [ + "ALLOCATING_RESOURCES", + "AUTHORIZATION_ERROR", + "DEPROVISIONING", + "ESTABLISHED", + "FAILED", + "FIRST_HANDSHAKE", + "NEGOTIATION_FAILURE", + "NETWORK_ERROR", + "NO_INCOMING_PACKETS", + "PROVISIONING", + "REJECTED", + "WAITING_FOR_FULL_CONFIG" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "targetVpnGateway": { + "description": "URL of the Target VPN gateway with which this VPN tunnel is associated. Provided by the client when the VPN tunnel is created.", + "type": "string" + } }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" + "type": "object" + }, + "VpnTunnelAggregatedList": { + "id": "VpnTunnelAggregatedList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "additionalProperties": { + "$ref": "VpnTunnelsScopedList", + "description": "Name of the scope containing this set of vpn tunnels." + }, + "description": "A list of VpnTunnelsScopedList resources.", + "type": "object" + }, + "kind": { + "default": "compute#vpnTunnelAggregatedList", + "description": "[Output Only] Type of resource. Always compute#vpnTunnel for VPN tunnels.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" + "type": "object" + }, + "VpnTunnelList": { + "description": "Contains a list of VpnTunnel resources.", + "id": "VpnTunnelList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "description": "A list of VpnTunnel resources.", + "items": { + "$ref": "VpnTunnel" + }, + "type": "array" + }, + "kind": { + "default": "compute#vpnTunnelList", + "description": "[Output Only] Type of resource. Always compute#vpnTunnel for VPN tunnels.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "VpnTunnelsScopedList": { + "id": "VpnTunnelsScopedList", + "properties": { + "vpnTunnels": { + "description": "List of vpn tunnels contained in this scope.", + "items": { + "$ref": "VpnTunnel" + }, + "type": "array" + }, + "warning": { + "description": "Informational warning which replaces the list of addresses when the list is empty.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "zone": { - "type": "string", - "description": "Name of the zone for request.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone" - ], - "response": { - "$ref": "OperationList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - } - } - }, - "zones": { - "methods": { - "get": { - "id": "compute.zones.get", - "path": "{project}/zones/{zone}", - "httpMethod": "GET", - "description": "Returns the specified Zone resource. Get a list of available zones by making a list() request.", - "parameters": { - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" + "type": "object" + }, + "XpnHostList": { + "id": "XpnHostList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "description": "[Output Only] A list of shared VPC host project URLs.", + "items": { + "$ref": "Project" + }, + "type": "array" + }, + "kind": { + "default": "compute#xpnHostList", + "description": "[Output Only] Type of resource. Always compute#xpnHostList for lists of shared VPC hosts.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "zone": { - "type": "string", - "description": "Name of the zone resource to return.", - "required": true, - "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - "location": "path" - } - }, - "parameterOrder": [ - "project", - "zone" - ], - "response": { - "$ref": "Zone" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] - }, - "list": { - "id": "compute.zones.list", - "path": "{project}/zones", - "httpMethod": "GET", - "description": "Retrieves the list of Zone resources available to the specified project.", - "parameters": { - "filter": { - "type": "string", - "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", - "location": "query" + "type": "object" + }, + "XpnResourceId": { + "description": "Service resource (a.k.a service project) ID.", + "id": "XpnResourceId", + "properties": { + "id": { + "description": "The ID of the service resource. In the case of projects, this field matches the project ID (e.g., my-project), not the project number (e.g., 12345678).", + "type": "string" + }, + "type": { + "description": "The type of the service resource.", + "enum": [ + "PROJECT", + "XPN_RESOURCE_TYPE_UNSPECIFIED" + ], + "enumDescriptions": [ + "", + "" + ], + "type": "string" + } }, - "maxResults": { - "type": "integer", - "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", - "default": "500", - "format": "uint32", - "minimum": "0", - "location": "query" + "type": "object" + }, + "Zone": { + "description": "A Zone resource. (== resource_for beta.zones ==) (== resource_for v1.zones ==)", + "id": "Zone", + "properties": { + "availableCpuPlatforms": { + "description": "[Output Only] Available cpu/platform selections for the zone.", + "items": { + "type": "string" + }, + "type": "array" + }, + "creationTimestamp": { + "description": "[Output Only] Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "deprecated": { + "$ref": "DeprecationStatus", + "description": "[Output Only] The deprecation status associated with this zone." + }, + "description": { + "description": "[Output Only] Textual description of the resource.", + "type": "string" + }, + "id": { + "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", + "format": "uint64", + "type": "string" + }, + "kind": { + "default": "compute#zone", + "description": "[Output Only] Type of the resource. Always compute#zone for zones.", + "type": "string" + }, + "name": { + "description": "[Output Only] Name of the resource.", + "type": "string" + }, + "region": { + "description": "[Output Only] Full URL reference to the region which hosts the zone.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for the resource.", + "type": "string" + }, + "status": { + "description": "[Output Only] Status of the zone, either UP or DOWN.", + "enum": [ + "DOWN", + "UP" + ], + "enumDescriptions": [ + "", + "" + ], + "type": "string" + } }, - "orderBy": { - "type": "string", - "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", - "location": "query" + "type": "object" + }, + "ZoneList": { + "description": "Contains a list of zone resources.", + "id": "ZoneList", + "properties": { + "id": { + "description": "[Output Only] Unique identifier for the resource; defined by the server.", + "type": "string" + }, + "items": { + "description": "A list of Zone resources.", + "items": { + "$ref": "Zone" + }, + "type": "array" + }, + "kind": { + "default": "compute#zoneList", + "description": "Type of resource.", + "type": "string" + }, + "nextPageToken": { + "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] Server-defined URL for this resource.", + "type": "string" + }, + "warning": { + "description": "[Output Only] Informational warning message.", + "properties": { + "code": { + "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", + "enum": [ + "CLEANUP_FAILED", + "DEPRECATED_RESOURCE_USED", + "DEPRECATED_TYPE_USED", + "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", + "EXPERIMENTAL_TYPE_USED", + "EXTERNAL_API_WARNING", + "FIELD_VALUE_OVERRIDEN", + "INJECTED_KERNELS_DEPRECATED", + "MISSING_TYPE_DEPENDENCY", + "NEXT_HOP_ADDRESS_NOT_ASSIGNED", + "NEXT_HOP_CANNOT_IP_FORWARD", + "NEXT_HOP_INSTANCE_NOT_FOUND", + "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", + "NEXT_HOP_NOT_RUNNING", + "NOT_CRITICAL_ERROR", + "NO_RESULTS_ON_PAGE", + "REQUIRED_TOS_AGREEMENT", + "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", + "RESOURCE_NOT_DELETED", + "SCHEMA_VALIDATION_IGNORED", + "SINGLE_INSTANCE_PROPERTY_TEMPLATE", + "UNDECLARED_PROPERTIES", + "UNREACHABLE" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + }, + "data": { + "description": "[Output Only] Metadata about this warning in key: value format. For example:\n\"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" }", + "items": { + "properties": { + "key": { + "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", + "type": "string" + }, + "value": { + "description": "[Output Only] A warning data value corresponding to the key.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "[Output Only] A human-readable description of the warning code.", + "type": "string" + } + }, + "type": "object" + } }, - "pageToken": { - "type": "string", - "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", - "location": "query" + "type": "object" + }, + "ZoneSetLabelsRequest": { + "id": "ZoneSetLabelsRequest", + "properties": { + "labelFingerprint": { + "description": "The fingerprint of the previous set of labels for this resource, used to detect conflicts. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash in order to update or change labels. Make a get() request to the resource to get the latest fingerprint.", + "format": "byte", + "type": "string" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "description": "The labels to set for this resource.", + "type": "object" + } }, - "project": { - "type": "string", - "description": "Project ID for this request.", - "required": true, - "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - "location": "path" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "ZoneList" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/compute.readonly" - ] + "type": "object" } - } - } - } -} + }, + "servicePath": "compute/v1/projects/", + "title": "Compute Engine API", + "version": "v1" +} \ No newline at end of file diff --git a/vendor/google.golang.org/api/compute/v1/compute-gen.go b/vendor/google.golang.org/api/compute/v1/compute-gen.go index e455acfad9b5..014cad2fe0fd 100644 --- a/vendor/google.golang.org/api/compute/v1/compute-gen.go +++ b/vendor/google.golang.org/api/compute/v1/compute-gen.go @@ -758,7 +758,9 @@ type AcceleratorType struct { SelfLink string `json:"selfLink,omitempty"` // Zone: [Output Only] The name of the zone where the accelerator type - // resides, such as us-central1-a. + // resides, such as us-central1-a. You must specify this field as part + // of the HTTP request URL. It is not settable as a field in the request + // body. Zone string `json:"zone,omitempty"` // ServerResponse contains the HTTP response code and headers from the @@ -1255,6 +1257,15 @@ type AccessConfig struct { // live in the same region as the zone of the instance. NatIP string `json:"natIP,omitempty"` + // PublicPtrDomainName: The DNS domain name for the public PTR record. + // This field can only be set when the set_public_ptr field is enabled. + PublicPtrDomainName string `json:"publicPtrDomainName,omitempty"` + + // SetPublicPtr: Specifies whether a public DNS ?PTR? record should be + // created to map the external IP address of the instance to a DNS + // domain name. + SetPublicPtr bool `json:"setPublicPtr,omitempty"` + // Type: The type of configuration. The default and only option is // ONE_TO_ONE_NAT. // @@ -1337,7 +1348,9 @@ type Address struct { Name string `json:"name,omitempty"` // Region: [Output Only] URL of the region where the regional address - // resides. This field is not applicable to global addresses. + // resides. This field is not applicable to global addresses. You must + // specify this field as part of the HTTP request URL. You cannot set + // this field in the request body. Region string `json:"region,omitempty"` // SelfLink: [Output Only] Server-defined URL for the resource. @@ -2024,9 +2037,9 @@ type AttachedDiskInitializeParams struct { // not specified, the default is pd-standard, specified using the full // URL. For // example: + // https://www.googleapis.com/compute/v1/projects/project/zones/ + // zone/diskTypes/pd-standard // - // https://www.googleapis.com/compute/v1/projects/project/zones - // /zone/diskTypes/pd-standard // // Other values include pd-ssd and local-ssd. If you define this field, // you can provide either the full or partial URL. For example, the @@ -2051,26 +2064,29 @@ type AttachedDiskInitializeParams struct { // specify the image by its family name. For example, specify // family/debian-8 to use the latest Debian 8 // image: - // // projects/debian-cloud/global/images/family/debian-8 // - // Alternatively, use a specific version of a public operating system - // image: // + // Alternati + // vely, use a specific version of a public operating system + // image: // projects/debian-cloud/global/images/debian-8-jessie-vYYYYMMDD // - // To create a disk with a custom image that you created, specify the - // image name in the following format: // + // + // To create a disk with a custom image that you created, specify the + // image name in the following + // format: // global/images/my-custom-image // + // // You can also specify a custom image by its image family, which // returns the latest version of the image in that family. Replace the // image name with // family/family-name: - // // global/images/family/my-image-family // + // // If the source image is deleted later, this field will not be set. SourceImage string `json:"sourceImage,omitempty"` @@ -3386,7 +3402,8 @@ type BackendService struct { // Region: [Output Only] URL of the region where the regional backend // service resides. This field is not applicable to global backend - // services. + // services. You must specify this field as part of the HTTP request + // URL. It is not settable as a field in the request body. Region string `json:"region,omitempty"` // SelfLink: [Output Only] Server-defined URL for the resource. @@ -4879,24 +4896,26 @@ type Disk struct { // specify the image by its family name. For example, specify // family/debian-8 to use the latest Debian 8 // image: - // // projects/debian-cloud/global/images/family/debian-8 // - // Alternatively, use a specific version of a public operating system - // image: // + // Alternati + // vely, use a specific version of a public operating system + // image: // projects/debian-cloud/global/images/debian-8-jessie-vYYYYMMDD // - // To create a disk with a custom image that you created, specify the - // image name in the following format: // + // + // To create a disk with a custom image that you created, specify the + // image name in the following + // format: // global/images/my-custom-image // + // // You can also specify a custom image by its image family, which // returns the latest version of the image in that family. Replace the // image name with // family/family-name: - // // global/images/family/my-image-family SourceImage string `json:"sourceImage,omitempty"` @@ -4952,7 +4971,9 @@ type Disk struct { // instances) in form: project/zones/zone/instances/instance Users []string `json:"users,omitempty"` - // Zone: [Output Only] URL of the zone where the disk resides. + // Zone: [Output Only] URL of the zone where the disk resides. You must + // specify this field as part of the HTTP request URL. It is not + // settable as a field in the request body. Zone string `json:"zone,omitempty"` // ServerResponse contains the HTTP response code and headers from the @@ -5372,7 +5393,9 @@ type DiskType struct { // valid disk size, such as "10GB-10TB". ValidDiskSize string `json:"validDiskSize,omitempty"` - // Zone: [Output Only] URL of the zone where the disk type resides. + // Zone: [Output Only] URL of the zone where the disk type resides. You + // must specify this field as part of the HTTP request URL. It is not + // settable as a field in the request body. Zone string `json:"zone,omitempty"` // ServerResponse contains the HTTP response code and headers from the @@ -6019,7 +6042,7 @@ type Firewall struct { CreationTimestamp string `json:"creationTimestamp,omitempty"` // Denied: The list of DENY rules specified by this firewall. Each rule - // specifies a protocol and port-range tuple that describes a permitted + // specifies a protocol and port-range tuple that describes a denied // connection. Denied []*FirewallDenied `json:"denied,omitempty"` @@ -6532,7 +6555,6 @@ type ForwardingRule struct { // - TargetSslProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, // 995, 1883, 5222 // - TargetVpnGateway: 500, 4500 - // - PortRange string `json:"portRange,omitempty"` // Ports: This field is used along with the backend_service field for @@ -6548,7 +6570,8 @@ type ForwardingRule struct { // Region: [Output Only] URL of the region where the regional forwarding // rule resides. This field is not applicable to global forwarding - // rules. + // rules. You must specify this field as part of the HTTP request URL. + // It is not settable as a field in the request body. Region string `json:"region,omitempty"` // SelfLink: [Output Only] Server-defined URL for the resource. @@ -6570,8 +6593,6 @@ type ForwardingRule struct { // same region as the forwarding rule. For global forwarding rules, this // target must be a global load balancing resource. The forwarded // traffic must be of a type appropriate to the target object. - // - // This field is not used for internal load balancing. Target string `json:"target,omitempty"` // ServerResponse contains the HTTP response code and headers from the @@ -8509,18 +8530,18 @@ type Instance struct { // when the instance is created. For example, the following is a valid // partial url to a predefined machine // type: - // // zones/us-central1-f/machineTypes/n1-standard-1 // + // // To create a custom machine type, provide a URL to a machine type in // the following format, where CPUS is 1 or an even number up to 32 (2, // 4, 6, ... 24, etc), and MEMORY is the total memory for this instance. // Memory must be a multiple of 256 MB and must be supplied in MB (e.g. // 5 GB of memory is 5120 // MB): - // // zones/zone/machineTypes/custom-CPUS-MEMORY // + // // For example: zones/us-central1-f/machineTypes/custom-4-5120 // // For a full list of restrictions, read the Specifications for custom @@ -8598,7 +8619,9 @@ type Instance struct { // comply with RFC1035. Tags *Tags `json:"tags,omitempty"` - // Zone: [Output Only] URL of the zone where the instance resides. + // Zone: [Output Only] URL of the zone where the instance resides. You + // must specify this field as part of the HTTP request URL. It is not + // settable as a field in the request body. Zone string `json:"zone,omitempty"` // ServerResponse contains the HTTP response code and headers from the @@ -10577,237 +10600,17 @@ func (s *InstanceListWarningData) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } -type InstanceMoveRequest struct { - // DestinationZone: The URL of the destination zone to move the - // instance. This can be a full or partial URL. For example, the - // following are all valid URLs to a zone: - // - https://www.googleapis.com/compute/v1/projects/project/zones/zone - // - // - projects/project/zones/zone - // - zones/zone - DestinationZone string `json:"destinationZone,omitempty"` - - // TargetInstance: The URL of the target instance to move. This can be a - // full or partial URL. For example, the following are all valid URLs to - // an instance: - // - - // https://www.googleapis.com/compute/v1/projects/project/zones/zone/instances/instance - // - projects/project/zones/zone/instances/instance - // - zones/zone/instances/instance - TargetInstance string `json:"targetInstance,omitempty"` - - // ForceSendFields is a list of field names (e.g. "DestinationZone") to - // unconditionally include in API requests. By default, fields with - // empty values are omitted from API requests. However, any non-pointer, - // non-interface field appearing in ForceSendFields will be sent to the - // server regardless of whether the field is empty or not. This may be - // used to include empty fields in Patch requests. - ForceSendFields []string `json:"-"` - - // NullFields is a list of field names (e.g. "DestinationZone") to - // include in API requests with the JSON null value. By default, fields - // with empty values are omitted from API requests. However, any field - // with an empty value appearing in NullFields will be sent to the - // server as null. It is an error if a field in this list has a - // non-empty value. This may be used to include null fields in Patch - // requests. - NullFields []string `json:"-"` -} - -func (s *InstanceMoveRequest) MarshalJSON() ([]byte, error) { - type NoMethod InstanceMoveRequest - raw := NoMethod(*s) - return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) -} - -type InstanceProperties struct { - // CanIpForward: Enables instances created based on this template to - // send packets with source IP addresses other than their own and - // receive packets with destination IP addresses other than their own. - // If these instances will be used as an IP gateway or it will be set as - // the next-hop in a Route resource, specify true. If unsure, leave this - // set to false. See the Enable IP forwarding documentation for more - // information. - CanIpForward bool `json:"canIpForward,omitempty"` - - // Description: An optional text description for the instances that are - // created from this instance template. - Description string `json:"description,omitempty"` - - // Disks: An array of disks that are associated with the instances that - // are created from this template. - Disks []*AttachedDisk `json:"disks,omitempty"` - - // GuestAccelerators: A list of guest accelerator cards' type and count - // to use for instances created from the instance template. - GuestAccelerators []*AcceleratorConfig `json:"guestAccelerators,omitempty"` - - // Labels: Labels to apply to instances that are created from this - // template. - Labels map[string]string `json:"labels,omitempty"` - - // MachineType: The machine type to use for instances that are created - // from this template. - MachineType string `json:"machineType,omitempty"` - - // Metadata: The metadata key/value pairs to assign to instances that - // are created from this template. These pairs can consist of custom - // metadata or predefined keys. See Project and instance metadata for - // more information. - Metadata *Metadata `json:"metadata,omitempty"` - - // MinCpuPlatform: Minimum cpu/platform to be used by this instance. The - // instance may be scheduled on the specified or newer cpu/platform. - // Applicable values are the friendly names of CPU platforms, such as - // minCpuPlatform: "Intel Haswell" or minCpuPlatform: "Intel Sandy - // Bridge". For more information, read Specifying a Minimum CPU - // Platform. - MinCpuPlatform string `json:"minCpuPlatform,omitempty"` - - // NetworkInterfaces: An array of network access configurations for this - // interface. - NetworkInterfaces []*NetworkInterface `json:"networkInterfaces,omitempty"` - - // Scheduling: Specifies the scheduling options for the instances that - // are created from this template. - Scheduling *Scheduling `json:"scheduling,omitempty"` - - // ServiceAccounts: A list of service accounts with specified scopes. - // Access tokens for these service accounts are available to the - // instances that are created from this template. Use metadata queries - // to obtain the access tokens for these instances. - ServiceAccounts []*ServiceAccount `json:"serviceAccounts,omitempty"` - - // Tags: A list of tags to apply to the instances that are created from - // this template. The tags identify valid sources or targets for network - // firewalls. The setTags method can modify this list of tags. Each tag - // within the list must comply with RFC1035. - Tags *Tags `json:"tags,omitempty"` - - // ForceSendFields is a list of field names (e.g. "CanIpForward") to - // unconditionally include in API requests. By default, fields with - // empty values are omitted from API requests. However, any non-pointer, - // non-interface field appearing in ForceSendFields will be sent to the - // server regardless of whether the field is empty or not. This may be - // used to include empty fields in Patch requests. - ForceSendFields []string `json:"-"` - - // NullFields is a list of field names (e.g. "CanIpForward") to include - // in API requests with the JSON null value. By default, fields with - // empty values are omitted from API requests. However, any field with - // an empty value appearing in NullFields will be sent to the server as - // null. It is an error if a field in this list has a non-empty value. - // This may be used to include null fields in Patch requests. - NullFields []string `json:"-"` -} - -func (s *InstanceProperties) MarshalJSON() ([]byte, error) { - type NoMethod InstanceProperties - raw := NoMethod(*s) - return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) -} - -type InstanceReference struct { - // Instance: The URL for a specific instance. - Instance string `json:"instance,omitempty"` - - // ForceSendFields is a list of field names (e.g. "Instance") to - // unconditionally include in API requests. By default, fields with - // empty values are omitted from API requests. However, any non-pointer, - // non-interface field appearing in ForceSendFields will be sent to the - // server regardless of whether the field is empty or not. This may be - // used to include empty fields in Patch requests. - ForceSendFields []string `json:"-"` - - // NullFields is a list of field names (e.g. "Instance") to include in - // API requests with the JSON null value. By default, fields with empty - // values are omitted from API requests. However, any field with an - // empty value appearing in NullFields will be sent to the server as - // null. It is an error if a field in this list has a non-empty value. - // This may be used to include null fields in Patch requests. - NullFields []string `json:"-"` -} - -func (s *InstanceReference) MarshalJSON() ([]byte, error) { - type NoMethod InstanceReference - raw := NoMethod(*s) - return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) -} - -// InstanceTemplate: An Instance Template resource. (== resource_for -// beta.instanceTemplates ==) (== resource_for v1.instanceTemplates ==) -type InstanceTemplate struct { - // CreationTimestamp: [Output Only] The creation timestamp for this - // instance template in RFC3339 text format. - CreationTimestamp string `json:"creationTimestamp,omitempty"` - - // Description: An optional description of this resource. Provide this - // property when you create the resource. - Description string `json:"description,omitempty"` - - // Id: [Output Only] A unique identifier for this instance template. The - // server defines this identifier. - Id uint64 `json:"id,omitempty,string"` - - // Kind: [Output Only] The resource type, which is always - // compute#instanceTemplate for instance templates. - Kind string `json:"kind,omitempty"` - - // Name: Name of the resource; provided by the client when the resource - // is created. The name must be 1-63 characters long, and comply with - // RFC1035. Specifically, the name must be 1-63 characters long and - // match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means - // the first character must be a lowercase letter, and all following - // characters must be a dash, lowercase letter, or digit, except the - // last character, which cannot be a dash. - Name string `json:"name,omitempty"` - - // Properties: The instance properties for this instance template. - Properties *InstanceProperties `json:"properties,omitempty"` - - // SelfLink: [Output Only] The URL for this instance template. The - // server defines this URL. - SelfLink string `json:"selfLink,omitempty"` - - // ServerResponse contains the HTTP response code and headers from the - // server. - googleapi.ServerResponse `json:"-"` - - // ForceSendFields is a list of field names (e.g. "CreationTimestamp") - // to unconditionally include in API requests. By default, fields with - // empty values are omitted from API requests. However, any non-pointer, - // non-interface field appearing in ForceSendFields will be sent to the - // server regardless of whether the field is empty or not. This may be - // used to include empty fields in Patch requests. - ForceSendFields []string `json:"-"` - - // NullFields is a list of field names (e.g. "CreationTimestamp") to - // include in API requests with the JSON null value. By default, fields - // with empty values are omitted from API requests. However, any field - // with an empty value appearing in NullFields will be sent to the - // server as null. It is an error if a field in this list has a - // non-empty value. This may be used to include null fields in Patch - // requests. - NullFields []string `json:"-"` -} - -func (s *InstanceTemplate) MarshalJSON() ([]byte, error) { - type NoMethod InstanceTemplate - raw := NoMethod(*s) - return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) -} - -// InstanceTemplateList: A list of instance templates. -type InstanceTemplateList struct { +// InstanceListReferrers: Contains a list of instance referrers. +type InstanceListReferrers struct { // Id: [Output Only] Unique identifier for the resource; defined by the // server. Id string `json:"id,omitempty"` - // Items: A list of InstanceTemplate resources. - Items []*InstanceTemplate `json:"items,omitempty"` + // Items: A list of Reference resources. + Items []*Reference `json:"items,omitempty"` - // Kind: [Output Only] The resource type, which is always - // compute#instanceTemplatesListResponse for instance template lists. + // Kind: [Output Only] Type of resource. Always + // compute#instanceListReferrers for lists of Instance referrers. Kind string `json:"kind,omitempty"` // NextPageToken: [Output Only] This token allows you to get the next @@ -10822,7 +10625,7 @@ type InstanceTemplateList struct { SelfLink string `json:"selfLink,omitempty"` // Warning: [Output Only] Informational warning message. - Warning *InstanceTemplateListWarning `json:"warning,omitempty"` + Warning *InstanceListReferrersWarning `json:"warning,omitempty"` // ServerResponse contains the HTTP response code and headers from the // server. @@ -10845,15 +10648,391 @@ type InstanceTemplateList struct { NullFields []string `json:"-"` } -func (s *InstanceTemplateList) MarshalJSON() ([]byte, error) { - type NoMethod InstanceTemplateList +func (s *InstanceListReferrers) MarshalJSON() ([]byte, error) { + type NoMethod InstanceListReferrers raw := NoMethod(*s) return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } -// InstanceTemplateListWarning: [Output Only] Informational warning +// InstanceListReferrersWarning: [Output Only] Informational warning // message. -type InstanceTemplateListWarning struct { +type InstanceListReferrersWarning struct { + // Code: [Output Only] A warning code, if applicable. For example, + // Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in + // the response. + // + // Possible values: + // "CLEANUP_FAILED" + // "DEPRECATED_RESOURCE_USED" + // "DEPRECATED_TYPE_USED" + // "DISK_SIZE_LARGER_THAN_IMAGE_SIZE" + // "EXPERIMENTAL_TYPE_USED" + // "EXTERNAL_API_WARNING" + // "FIELD_VALUE_OVERRIDEN" + // "INJECTED_KERNELS_DEPRECATED" + // "MISSING_TYPE_DEPENDENCY" + // "NEXT_HOP_ADDRESS_NOT_ASSIGNED" + // "NEXT_HOP_CANNOT_IP_FORWARD" + // "NEXT_HOP_INSTANCE_NOT_FOUND" + // "NEXT_HOP_INSTANCE_NOT_ON_NETWORK" + // "NEXT_HOP_NOT_RUNNING" + // "NOT_CRITICAL_ERROR" + // "NO_RESULTS_ON_PAGE" + // "REQUIRED_TOS_AGREEMENT" + // "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING" + // "RESOURCE_NOT_DELETED" + // "SCHEMA_VALIDATION_IGNORED" + // "SINGLE_INSTANCE_PROPERTY_TEMPLATE" + // "UNDECLARED_PROPERTIES" + // "UNREACHABLE" + Code string `json:"code,omitempty"` + + // Data: [Output Only] Metadata about this warning in key: value format. + // For example: + // "data": [ { "key": "scope", "value": "zones/us-east1-d" } + Data []*InstanceListReferrersWarningData `json:"data,omitempty"` + + // Message: [Output Only] A human-readable description of the warning + // code. + Message string `json:"message,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Code") to + // unconditionally include in API requests. By default, fields with + // empty values are omitted from API requests. However, any non-pointer, + // non-interface field appearing in ForceSendFields will be sent to the + // server regardless of whether the field is empty or not. This may be + // used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Code") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *InstanceListReferrersWarning) MarshalJSON() ([]byte, error) { + type NoMethod InstanceListReferrersWarning + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +type InstanceListReferrersWarningData struct { + // Key: [Output Only] A key that provides more detail on the warning + // being returned. For example, for warnings where there are no results + // in a list request for a particular zone, this key might be scope and + // the key value might be the zone name. Other examples might be a key + // indicating a deprecated resource and a suggested replacement, or a + // warning about invalid network settings (for example, if an instance + // attempts to perform IP forwarding but is not enabled for IP + // forwarding). + Key string `json:"key,omitempty"` + + // Value: [Output Only] A warning data value corresponding to the key. + Value string `json:"value,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Key") to + // unconditionally include in API requests. By default, fields with + // empty values are omitted from API requests. However, any non-pointer, + // non-interface field appearing in ForceSendFields will be sent to the + // server regardless of whether the field is empty or not. This may be + // used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Key") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *InstanceListReferrersWarningData) MarshalJSON() ([]byte, error) { + type NoMethod InstanceListReferrersWarningData + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +type InstanceMoveRequest struct { + // DestinationZone: The URL of the destination zone to move the + // instance. This can be a full or partial URL. For example, the + // following are all valid URLs to a zone: + // - https://www.googleapis.com/compute/v1/projects/project/zones/zone + // + // - projects/project/zones/zone + // - zones/zone + DestinationZone string `json:"destinationZone,omitempty"` + + // TargetInstance: The URL of the target instance to move. This can be a + // full or partial URL. For example, the following are all valid URLs to + // an instance: + // - + // https://www.googleapis.com/compute/v1/projects/project/zones/zone/instances/instance + // - projects/project/zones/zone/instances/instance + // - zones/zone/instances/instance + TargetInstance string `json:"targetInstance,omitempty"` + + // ForceSendFields is a list of field names (e.g. "DestinationZone") to + // unconditionally include in API requests. By default, fields with + // empty values are omitted from API requests. However, any non-pointer, + // non-interface field appearing in ForceSendFields will be sent to the + // server regardless of whether the field is empty or not. This may be + // used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "DestinationZone") to + // include in API requests with the JSON null value. By default, fields + // with empty values are omitted from API requests. However, any field + // with an empty value appearing in NullFields will be sent to the + // server as null. It is an error if a field in this list has a + // non-empty value. This may be used to include null fields in Patch + // requests. + NullFields []string `json:"-"` +} + +func (s *InstanceMoveRequest) MarshalJSON() ([]byte, error) { + type NoMethod InstanceMoveRequest + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +type InstanceProperties struct { + // CanIpForward: Enables instances created based on this template to + // send packets with source IP addresses other than their own and + // receive packets with destination IP addresses other than their own. + // If these instances will be used as an IP gateway or it will be set as + // the next-hop in a Route resource, specify true. If unsure, leave this + // set to false. See the Enable IP forwarding documentation for more + // information. + CanIpForward bool `json:"canIpForward,omitempty"` + + // Description: An optional text description for the instances that are + // created from this instance template. + Description string `json:"description,omitempty"` + + // Disks: An array of disks that are associated with the instances that + // are created from this template. + Disks []*AttachedDisk `json:"disks,omitempty"` + + // GuestAccelerators: A list of guest accelerator cards' type and count + // to use for instances created from the instance template. + GuestAccelerators []*AcceleratorConfig `json:"guestAccelerators,omitempty"` + + // Labels: Labels to apply to instances that are created from this + // template. + Labels map[string]string `json:"labels,omitempty"` + + // MachineType: The machine type to use for instances that are created + // from this template. + MachineType string `json:"machineType,omitempty"` + + // Metadata: The metadata key/value pairs to assign to instances that + // are created from this template. These pairs can consist of custom + // metadata or predefined keys. See Project and instance metadata for + // more information. + Metadata *Metadata `json:"metadata,omitempty"` + + // MinCpuPlatform: Minimum cpu/platform to be used by this instance. The + // instance may be scheduled on the specified or newer cpu/platform. + // Applicable values are the friendly names of CPU platforms, such as + // minCpuPlatform: "Intel Haswell" or minCpuPlatform: "Intel Sandy + // Bridge". For more information, read Specifying a Minimum CPU + // Platform. + MinCpuPlatform string `json:"minCpuPlatform,omitempty"` + + // NetworkInterfaces: An array of network access configurations for this + // interface. + NetworkInterfaces []*NetworkInterface `json:"networkInterfaces,omitempty"` + + // Scheduling: Specifies the scheduling options for the instances that + // are created from this template. + Scheduling *Scheduling `json:"scheduling,omitempty"` + + // ServiceAccounts: A list of service accounts with specified scopes. + // Access tokens for these service accounts are available to the + // instances that are created from this template. Use metadata queries + // to obtain the access tokens for these instances. + ServiceAccounts []*ServiceAccount `json:"serviceAccounts,omitempty"` + + // Tags: A list of tags to apply to the instances that are created from + // this template. The tags identify valid sources or targets for network + // firewalls. The setTags method can modify this list of tags. Each tag + // within the list must comply with RFC1035. + Tags *Tags `json:"tags,omitempty"` + + // ForceSendFields is a list of field names (e.g. "CanIpForward") to + // unconditionally include in API requests. By default, fields with + // empty values are omitted from API requests. However, any non-pointer, + // non-interface field appearing in ForceSendFields will be sent to the + // server regardless of whether the field is empty or not. This may be + // used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "CanIpForward") to include + // in API requests with the JSON null value. By default, fields with + // empty values are omitted from API requests. However, any field with + // an empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *InstanceProperties) MarshalJSON() ([]byte, error) { + type NoMethod InstanceProperties + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +type InstanceReference struct { + // Instance: The URL for a specific instance. + Instance string `json:"instance,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Instance") to + // unconditionally include in API requests. By default, fields with + // empty values are omitted from API requests. However, any non-pointer, + // non-interface field appearing in ForceSendFields will be sent to the + // server regardless of whether the field is empty or not. This may be + // used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Instance") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *InstanceReference) MarshalJSON() ([]byte, error) { + type NoMethod InstanceReference + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// InstanceTemplate: An Instance Template resource. (== resource_for +// beta.instanceTemplates ==) (== resource_for v1.instanceTemplates ==) +type InstanceTemplate struct { + // CreationTimestamp: [Output Only] The creation timestamp for this + // instance template in RFC3339 text format. + CreationTimestamp string `json:"creationTimestamp,omitempty"` + + // Description: An optional description of this resource. Provide this + // property when you create the resource. + Description string `json:"description,omitempty"` + + // Id: [Output Only] A unique identifier for this instance template. The + // server defines this identifier. + Id uint64 `json:"id,omitempty,string"` + + // Kind: [Output Only] The resource type, which is always + // compute#instanceTemplate for instance templates. + Kind string `json:"kind,omitempty"` + + // Name: Name of the resource; provided by the client when the resource + // is created. The name must be 1-63 characters long, and comply with + // RFC1035. Specifically, the name must be 1-63 characters long and + // match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means + // the first character must be a lowercase letter, and all following + // characters must be a dash, lowercase letter, or digit, except the + // last character, which cannot be a dash. + Name string `json:"name,omitempty"` + + // Properties: The instance properties for this instance template. + Properties *InstanceProperties `json:"properties,omitempty"` + + // SelfLink: [Output Only] The URL for this instance template. The + // server defines this URL. + SelfLink string `json:"selfLink,omitempty"` + + // ServerResponse contains the HTTP response code and headers from the + // server. + googleapi.ServerResponse `json:"-"` + + // ForceSendFields is a list of field names (e.g. "CreationTimestamp") + // to unconditionally include in API requests. By default, fields with + // empty values are omitted from API requests. However, any non-pointer, + // non-interface field appearing in ForceSendFields will be sent to the + // server regardless of whether the field is empty or not. This may be + // used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "CreationTimestamp") to + // include in API requests with the JSON null value. By default, fields + // with empty values are omitted from API requests. However, any field + // with an empty value appearing in NullFields will be sent to the + // server as null. It is an error if a field in this list has a + // non-empty value. This may be used to include null fields in Patch + // requests. + NullFields []string `json:"-"` +} + +func (s *InstanceTemplate) MarshalJSON() ([]byte, error) { + type NoMethod InstanceTemplate + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// InstanceTemplateList: A list of instance templates. +type InstanceTemplateList struct { + // Id: [Output Only] Unique identifier for the resource; defined by the + // server. + Id string `json:"id,omitempty"` + + // Items: A list of InstanceTemplate resources. + Items []*InstanceTemplate `json:"items,omitempty"` + + // Kind: [Output Only] The resource type, which is always + // compute#instanceTemplatesListResponse for instance template lists. + Kind string `json:"kind,omitempty"` + + // NextPageToken: [Output Only] This token allows you to get the next + // page of results for list requests. If the number of results is larger + // than maxResults, use the nextPageToken as a value for the query + // parameter pageToken in the next list request. Subsequent list + // requests will have their own nextPageToken to continue paging through + // the results. + NextPageToken string `json:"nextPageToken,omitempty"` + + // SelfLink: [Output Only] Server-defined URL for this resource. + SelfLink string `json:"selfLink,omitempty"` + + // Warning: [Output Only] Informational warning message. + Warning *InstanceTemplateListWarning `json:"warning,omitempty"` + + // ServerResponse contains the HTTP response code and headers from the + // server. + googleapi.ServerResponse `json:"-"` + + // ForceSendFields is a list of field names (e.g. "Id") to + // unconditionally include in API requests. By default, fields with + // empty values are omitted from API requests. However, any non-pointer, + // non-interface field appearing in ForceSendFields will be sent to the + // server regardless of whether the field is empty or not. This may be + // used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Id") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *InstanceTemplateList) MarshalJSON() ([]byte, error) { + type NoMethod InstanceTemplateList + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// InstanceTemplateListWarning: [Output Only] Informational warning +// message. +type InstanceTemplateListWarning struct { // Code: [Output Only] A warning code, if applicable. For example, // Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in // the response. @@ -11518,7 +11697,9 @@ type InterconnectAttachment struct { PrivateInterconnectInfo *InterconnectAttachmentPrivateInfo `json:"privateInterconnectInfo,omitempty"` // Region: [Output Only] URL of the region where the regional - // interconnect attachment resides. + // interconnect attachment resides. You must specify this field as part + // of the HTTP request URL. It is not settable as a field in the request + // body. Region string `json:"region,omitempty"` // Router: URL of the cloud router to be used for dynamic routing. This @@ -13239,6 +13420,8 @@ type ManagedInstance struct { // changes to the instance without stopping it. For example, the group // can update the target pool list for an instance without stopping that // instance. + // - VERIFYING The managed instance group has created the instance and + // it is in the process of being verified. // // Possible values: // "ABANDONING" @@ -14053,7 +14236,9 @@ type Operation struct { Progress int64 `json:"progress,omitempty"` // Region: [Output Only] The URL of the region where the operation - // resides. Only available when performing regional operations. + // resides. Only available when performing regional operations. You must + // specify this field as part of the HTTP request URL. It is not + // settable as a field in the request body. Region string `json:"region,omitempty"` // SelfLink: [Output Only] Server-defined URL for the resource. @@ -14094,7 +14279,9 @@ type Operation struct { Warnings []*OperationWarnings `json:"warnings,omitempty"` // Zone: [Output Only] The URL of the zone where the operation resides. - // Only available when performing per-zone operations. + // Only available when performing per-zone operations. You must specify + // this field as part of the HTTP request URL. It is not settable as a + // field in the request body. Zone string `json:"zone,omitempty"` // ServerResponse contains the HTTP response code and headers from the @@ -15126,6 +15313,46 @@ func (s *Quota) UnmarshalJSON(data []byte) error { return nil } +// Reference: Represents a reference to a resource. +type Reference struct { + // Kind: [Output Only] Type of the resource. Always compute#reference + // for references. + Kind string `json:"kind,omitempty"` + + // ReferenceType: A description of the reference type with no implied + // semantics. Possible values include: + // - MEMBER_OF + ReferenceType string `json:"referenceType,omitempty"` + + // Referrer: URL of the resource which refers to the target. + Referrer string `json:"referrer,omitempty"` + + // Target: URL of the resource to which this reference points. + Target string `json:"target,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Kind") to + // unconditionally include in API requests. By default, fields with + // empty values are omitted from API requests. However, any non-pointer, + // non-interface field appearing in ForceSendFields will be sent to the + // server regardless of whether the field is empty or not. This may be + // used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Kind") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *Reference) MarshalJSON() ([]byte, error) { + type NoMethod Reference + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // Region: Region resource. (== resource_for beta.regions ==) (== // resource_for v1.regions ==) type Region struct { @@ -16722,7 +16949,9 @@ type Router struct { // Network: URI of the network to which this router belongs. Network string `json:"network,omitempty"` - // Region: [Output Only] URI of the region where the router resides. + // Region: [Output Only] URI of the region where the router resides. You + // must specify this field as part of the HTTP request URL. It is not + // settable as a field in the request body. Region string `json:"region,omitempty"` // SelfLink: [Output Only] Server-defined URL for the resource. @@ -18203,8 +18432,7 @@ type Subnetwork struct { Description string `json:"description,omitempty"` // GatewayAddress: [Output Only] The gateway address for default routes - // to reach destination addresses outside this subnetwork. This field - // can be set only at resource creation time. + // to reach destination addresses outside this subnetwork. GatewayAddress string `json:"gatewayAddress,omitempty"` // Id: [Output Only] The unique identifier for the resource. This @@ -19447,7 +19675,8 @@ type TargetInstance struct { SelfLink string `json:"selfLink,omitempty"` // Zone: [Output Only] URL of the zone where the target instance - // resides. + // resides. You must specify this field as part of the HTTP request URL. + // It is not settable as a field in the request body. Zone string `json:"zone,omitempty"` // ServerResponse contains the HTTP response code and headers from the @@ -21337,7 +21566,8 @@ type TargetVpnGateway struct { Network string `json:"network,omitempty"` // Region: [Output Only] URL of the region where the target VPN gateway - // resides. + // resides. You must specify this field as part of the HTTP request URL. + // It is not settable as a field in the request body. Region string `json:"region,omitempty"` // SelfLink: [Output Only] Server-defined URL for the resource. @@ -21911,8 +22141,9 @@ type UrlMap struct { // SelfLink: [Output Only] Server-defined URL for the resource. SelfLink string `json:"selfLink,omitempty"` - // Tests: The list of expected URL mappings. Request to update this - // UrlMap will succeed only if all of the test cases pass. + // Tests: The list of expected URL mapping tests. Request to update this + // UrlMap will succeed only if all of the test cases pass. You can + // specify a maximum of 100 tests per UrlMap. Tests []*UrlMapTest `json:"tests,omitempty"` // ServerResponse contains the HTTP response code and headers from the @@ -22347,6 +22578,8 @@ type VpnTunnel struct { PeerIp string `json:"peerIp,omitempty"` // Region: [Output Only] URL of the region where the VPN tunnel resides. + // You must specify this field as part of the HTTP request URL. It is + // not settable as a field in the request body. Region string `json:"region,omitempty"` // RemoteTrafficSelector: Remote traffic selectors to use when @@ -22385,8 +22618,9 @@ type VpnTunnel struct { // "WAITING_FOR_FULL_CONFIG" Status string `json:"status,omitempty"` - // TargetVpnGateway: URL of the VPN gateway with which this VPN tunnel - // is associated. Provided by the client when the VPN tunnel is created. + // TargetVpnGateway: URL of the Target VPN gateway with which this VPN + // tunnel is associated. Provided by the client when the VPN tunnel is + // created. TargetVpnGateway string `json:"targetVpnGateway,omitempty"` // ServerResponse contains the HTTP response code and headers from the @@ -32138,7 +32372,7 @@ type FirewallsUpdateCall struct { } // Update: Updates the specified firewall rule with the data included in -// the request. Using PUT method, can only update following fields of +// the request. The PUT method can only update the following fields of // firewall rule: allowed, description, sourceRanges, sourceTags, // targetTags. // For details, see https://cloud.google.com/compute/docs/reference/latest/firewalls/update @@ -32256,7 +32490,7 @@ func (c *FirewallsUpdateCall) Do(opts ...googleapi.CallOption) (*Operation, erro } return ret, nil // { - // "description": "Updates the specified firewall rule with the data included in the request. Using PUT method, can only update following fields of firewall rule: allowed, description, sourceRanges, sourceTags, targetTags.", + // "description": "Updates the specified firewall rule with the data included in the request. The PUT method can only update the following fields of firewall rule: allowed, description, sourceRanges, sourceTags, targetTags.", // "httpMethod": "PUT", // "id": "compute.firewalls.update", // "parameterOrder": [ @@ -47214,6 +47448,280 @@ func (c *InstancesListCall) Pages(ctx context.Context, f func(*InstanceList) err } } +// method id "compute.instances.listReferrers": + +type InstancesListReferrersCall struct { + s *Service + project string + zone string + instance string + urlParams_ gensupport.URLParams + ifNoneMatch_ string + ctx_ context.Context + header_ http.Header +} + +// ListReferrers: Retrieves the list of referrers to instances contained +// within the specified zone. +func (r *InstancesService) ListReferrers(project string, zone string, instance string) *InstancesListReferrersCall { + c := &InstancesListReferrersCall{s: r.s, urlParams_: make(gensupport.URLParams)} + c.project = project + c.zone = zone + c.instance = instance + return c +} + +// Filter sets the optional parameter "filter": Sets a filter +// {expression} for filtering listed resources. Your {expression} must +// be in the format: field_name comparison_string literal_string. +// +// The field_name is the name of the field you want to compare. Only +// atomic field types are supported (string, number, boolean). The +// comparison_string must be either eq (equals) or ne (not equals). The +// literal_string is the string value to filter to. The literal value +// must be valid for the type of field you are filtering by (string, +// number, boolean). For string fields, the literal value is interpreted +// as a regular expression using RE2 syntax. The literal value must +// match the entire field. +// +// For example, to filter for instances that do not have a name of +// example-instance, you would use name ne example-instance. +// +// You can filter on nested fields. For example, you could filter on +// instances that have set the scheduling.automaticRestart field to +// true. Use filtering on nested fields to take advantage of labels to +// organize and search for results based on label values. +// +// To filter on multiple expressions, provide each separate expression +// within parentheses. For example, (scheduling.automaticRestart eq +// true) (zone eq us-central1-f). Multiple expressions are treated as +// AND expressions, meaning that resources must match all expressions to +// pass the filters. +func (c *InstancesListReferrersCall) Filter(filter string) *InstancesListReferrersCall { + c.urlParams_.Set("filter", filter) + return c +} + +// MaxResults sets the optional parameter "maxResults": The maximum +// number of results per page that should be returned. If the number of +// available results is larger than maxResults, Compute Engine returns a +// nextPageToken that can be used to get the next page of results in +// subsequent list requests. Acceptable values are 0 to 500, inclusive. +// (Default: 500) +func (c *InstancesListReferrersCall) MaxResults(maxResults int64) *InstancesListReferrersCall { + c.urlParams_.Set("maxResults", fmt.Sprint(maxResults)) + return c +} + +// OrderBy sets the optional parameter "orderBy": Sorts list results by +// a certain order. By default, results are returned in alphanumerical +// order based on the resource name. +// +// You can also sort results in descending order based on the creation +// timestamp using orderBy="creationTimestamp desc". This sorts results +// based on the creationTimestamp field in reverse chronological order +// (newest result first). Use this to sort resources like operations so +// that the newest operation is returned first. +// +// Currently, only sorting by name or creationTimestamp desc is +// supported. +func (c *InstancesListReferrersCall) OrderBy(orderBy string) *InstancesListReferrersCall { + c.urlParams_.Set("orderBy", orderBy) + return c +} + +// PageToken sets the optional parameter "pageToken": Specifies a page +// token to use. Set pageToken to the nextPageToken returned by a +// previous list request to get the next page of results. +func (c *InstancesListReferrersCall) PageToken(pageToken string) *InstancesListReferrersCall { + c.urlParams_.Set("pageToken", pageToken) + return c +} + +// Fields allows partial responses to be retrieved. See +// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse +// for more information. +func (c *InstancesListReferrersCall) Fields(s ...googleapi.Field) *InstancesListReferrersCall { + c.urlParams_.Set("fields", googleapi.CombineFields(s)) + return c +} + +// IfNoneMatch sets the optional parameter which makes the operation +// fail if the object's ETag matches the given value. This is useful for +// getting updates only after the object has changed since the last +// request. Use googleapi.IsNotModified to check whether the response +// error from Do is the result of In-None-Match. +func (c *InstancesListReferrersCall) IfNoneMatch(entityTag string) *InstancesListReferrersCall { + c.ifNoneMatch_ = entityTag + return c +} + +// Context sets the context to be used in this call's Do method. Any +// pending HTTP request will be aborted if the provided context is +// canceled. +func (c *InstancesListReferrersCall) Context(ctx context.Context) *InstancesListReferrersCall { + c.ctx_ = ctx + return c +} + +// Header returns an http.Header that can be modified by the caller to +// add HTTP headers to the request. +func (c *InstancesListReferrersCall) Header() http.Header { + if c.header_ == nil { + c.header_ = make(http.Header) + } + return c.header_ +} + +func (c *InstancesListReferrersCall) doRequest(alt string) (*http.Response, error) { + reqHeaders := make(http.Header) + for k, v := range c.header_ { + reqHeaders[k] = v + } + reqHeaders.Set("User-Agent", c.s.userAgent()) + if c.ifNoneMatch_ != "" { + reqHeaders.Set("If-None-Match", c.ifNoneMatch_) + } + var body io.Reader = nil + c.urlParams_.Set("alt", alt) + urls := googleapi.ResolveRelative(c.s.BasePath, "{project}/zones/{zone}/instances/{instance}/referrers") + urls += "?" + c.urlParams_.Encode() + req, _ := http.NewRequest("GET", urls, body) + req.Header = reqHeaders + googleapi.Expand(req.URL, map[string]string{ + "project": c.project, + "zone": c.zone, + "instance": c.instance, + }) + return gensupport.SendRequest(c.ctx_, c.s.client, req) +} + +// Do executes the "compute.instances.listReferrers" call. +// Exactly one of *InstanceListReferrers or error will be non-nil. Any +// non-2xx status code is an error. Response headers are in either +// *InstanceListReferrers.ServerResponse.Header or (if a response was +// returned at all) in error.(*googleapi.Error).Header. Use +// googleapi.IsNotModified to check whether the returned error was +// because http.StatusNotModified was returned. +func (c *InstancesListReferrersCall) Do(opts ...googleapi.CallOption) (*InstanceListReferrers, error) { + gensupport.SetOptions(c.urlParams_, opts...) + res, err := c.doRequest("json") + if res != nil && res.StatusCode == http.StatusNotModified { + if res.Body != nil { + res.Body.Close() + } + return nil, &googleapi.Error{ + Code: res.StatusCode, + Header: res.Header, + } + } + if err != nil { + return nil, err + } + defer googleapi.CloseBody(res) + if err := googleapi.CheckResponse(res); err != nil { + return nil, err + } + ret := &InstanceListReferrers{ + ServerResponse: googleapi.ServerResponse{ + Header: res.Header, + HTTPStatusCode: res.StatusCode, + }, + } + target := &ret + if err := gensupport.DecodeResponse(target, res); err != nil { + return nil, err + } + return ret, nil + // { + // "description": "Retrieves the list of referrers to instances contained within the specified zone.", + // "httpMethod": "GET", + // "id": "compute.instances.listReferrers", + // "parameterOrder": [ + // "project", + // "zone", + // "instance" + // ], + // "parameters": { + // "filter": { + // "description": "Sets a filter {expression} for filtering listed resources. Your {expression} must be in the format: field_name comparison_string literal_string.\n\nThe field_name is the name of the field you want to compare. Only atomic field types are supported (string, number, boolean). The comparison_string must be either eq (equals) or ne (not equals). The literal_string is the string value to filter to. The literal value must be valid for the type of field you are filtering by (string, number, boolean). For string fields, the literal value is interpreted as a regular expression using RE2 syntax. The literal value must match the entire field.\n\nFor example, to filter for instances that do not have a name of example-instance, you would use name ne example-instance.\n\nYou can filter on nested fields. For example, you could filter on instances that have set the scheduling.automaticRestart field to true. Use filtering on nested fields to take advantage of labels to organize and search for results based on label values.\n\nTo filter on multiple expressions, provide each separate expression within parentheses. For example, (scheduling.automaticRestart eq true) (zone eq us-central1-f). Multiple expressions are treated as AND expressions, meaning that resources must match all expressions to pass the filters.", + // "location": "query", + // "type": "string" + // }, + // "instance": { + // "description": "Name of the target instance scoping this request, or '-' if the request should span over all instances in the container.", + // "location": "path", + // "pattern": "-|[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + // "required": true, + // "type": "string" + // }, + // "maxResults": { + // "default": "500", + // "description": "The maximum number of results per page that should be returned. If the number of available results is larger than maxResults, Compute Engine returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Acceptable values are 0 to 500, inclusive. (Default: 500)", + // "format": "uint32", + // "location": "query", + // "minimum": "0", + // "type": "integer" + // }, + // "orderBy": { + // "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name.\n\nYou can also sort results in descending order based on the creation timestamp using orderBy=\"creationTimestamp desc\". This sorts results based on the creationTimestamp field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first.\n\nCurrently, only sorting by name or creationTimestamp desc is supported.", + // "location": "query", + // "type": "string" + // }, + // "pageToken": { + // "description": "Specifies a page token to use. Set pageToken to the nextPageToken returned by a previous list request to get the next page of results.", + // "location": "query", + // "type": "string" + // }, + // "project": { + // "description": "Project ID for this request.", + // "location": "path", + // "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + // "required": true, + // "type": "string" + // }, + // "zone": { + // "description": "The name of the zone for this request.", + // "location": "path", + // "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + // "required": true, + // "type": "string" + // } + // }, + // "path": "{project}/zones/{zone}/instances/{instance}/referrers", + // "response": { + // "$ref": "InstanceListReferrers" + // }, + // "scopes": [ + // "https://www.googleapis.com/auth/cloud-platform", + // "https://www.googleapis.com/auth/compute", + // "https://www.googleapis.com/auth/compute.readonly" + // ] + // } + +} + +// Pages invokes f for each page of results. +// A non-nil error returned from f will halt the iteration. +// The provided context supersedes any context provided to the Context method. +func (c *InstancesListReferrersCall) Pages(ctx context.Context, f func(*InstanceListReferrers) error) error { + c.ctx_ = ctx + defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point + for { + x, err := c.Do() + if err != nil { + return err + } + if err := f(x); err != nil { + return err + } + if x.NextPageToken == "" { + return nil + } + c.PageToken(x.NextPageToken) + } +} + // method id "compute.instances.reset": type InstancesResetCall struct { @@ -47517,20 +48025,396 @@ func (c *InstancesSetDeletionProtectionCall) Do(opts ...googleapi.CallOption) (* } return ret, nil // { - // "description": "Sets deletion protection on the instance.", + // "description": "Sets deletion protection on the instance.", + // "httpMethod": "POST", + // "id": "compute.instances.setDeletionProtection", + // "parameterOrder": [ + // "project", + // "zone", + // "resource" + // ], + // "parameters": { + // "deletionProtection": { + // "default": "true", + // "description": "Whether the resource should be protected against deletion.", + // "location": "query", + // "type": "boolean" + // }, + // "project": { + // "description": "Project ID for this request.", + // "location": "path", + // "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + // "required": true, + // "type": "string" + // }, + // "requestId": { + // "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + // "location": "query", + // "type": "string" + // }, + // "resource": { + // "description": "Name of the resource for this request.", + // "location": "path", + // "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + // "required": true, + // "type": "string" + // }, + // "zone": { + // "description": "The name of the zone for this request.", + // "location": "path", + // "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + // "required": true, + // "type": "string" + // } + // }, + // "path": "{project}/zones/{zone}/instances/{resource}/setDeletionProtection", + // "response": { + // "$ref": "Operation" + // }, + // "scopes": [ + // "https://www.googleapis.com/auth/cloud-platform", + // "https://www.googleapis.com/auth/compute" + // ] + // } + +} + +// method id "compute.instances.setDiskAutoDelete": + +type InstancesSetDiskAutoDeleteCall struct { + s *Service + project string + zone string + instance string + urlParams_ gensupport.URLParams + ctx_ context.Context + header_ http.Header +} + +// SetDiskAutoDelete: Sets the auto-delete flag for a disk attached to +// an instance. +// For details, see https://cloud.google.com/compute/docs/reference/latest/instances/setDiskAutoDelete +func (r *InstancesService) SetDiskAutoDelete(project string, zone string, instance string, autoDelete bool, deviceName string) *InstancesSetDiskAutoDeleteCall { + c := &InstancesSetDiskAutoDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)} + c.project = project + c.zone = zone + c.instance = instance + c.urlParams_.Set("autoDelete", fmt.Sprint(autoDelete)) + c.urlParams_.Set("deviceName", deviceName) + return c +} + +// RequestId sets the optional parameter "requestId": An optional +// request ID to identify requests. Specify a unique request ID so that +// if you must retry your request, the server will know to ignore the +// request if it has already been completed. +// +// For example, consider a situation where you make an initial request +// and the request times out. If you make the request again with the +// same request ID, the server can check if original operation with the +// same request ID was received, and if so, will ignore the second +// request. This prevents clients from accidentally creating duplicate +// commitments. +// +// The request ID must be a valid UUID with the exception that zero UUID +// is not supported (00000000-0000-0000-0000-000000000000). +func (c *InstancesSetDiskAutoDeleteCall) RequestId(requestId string) *InstancesSetDiskAutoDeleteCall { + c.urlParams_.Set("requestId", requestId) + return c +} + +// Fields allows partial responses to be retrieved. See +// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse +// for more information. +func (c *InstancesSetDiskAutoDeleteCall) Fields(s ...googleapi.Field) *InstancesSetDiskAutoDeleteCall { + c.urlParams_.Set("fields", googleapi.CombineFields(s)) + return c +} + +// Context sets the context to be used in this call's Do method. Any +// pending HTTP request will be aborted if the provided context is +// canceled. +func (c *InstancesSetDiskAutoDeleteCall) Context(ctx context.Context) *InstancesSetDiskAutoDeleteCall { + c.ctx_ = ctx + return c +} + +// Header returns an http.Header that can be modified by the caller to +// add HTTP headers to the request. +func (c *InstancesSetDiskAutoDeleteCall) Header() http.Header { + if c.header_ == nil { + c.header_ = make(http.Header) + } + return c.header_ +} + +func (c *InstancesSetDiskAutoDeleteCall) doRequest(alt string) (*http.Response, error) { + reqHeaders := make(http.Header) + for k, v := range c.header_ { + reqHeaders[k] = v + } + reqHeaders.Set("User-Agent", c.s.userAgent()) + var body io.Reader = nil + c.urlParams_.Set("alt", alt) + urls := googleapi.ResolveRelative(c.s.BasePath, "{project}/zones/{zone}/instances/{instance}/setDiskAutoDelete") + urls += "?" + c.urlParams_.Encode() + req, _ := http.NewRequest("POST", urls, body) + req.Header = reqHeaders + googleapi.Expand(req.URL, map[string]string{ + "project": c.project, + "zone": c.zone, + "instance": c.instance, + }) + return gensupport.SendRequest(c.ctx_, c.s.client, req) +} + +// Do executes the "compute.instances.setDiskAutoDelete" call. +// Exactly one of *Operation or error will be non-nil. Any non-2xx +// status code is an error. Response headers are in either +// *Operation.ServerResponse.Header or (if a response was returned at +// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified +// to check whether the returned error was because +// http.StatusNotModified was returned. +func (c *InstancesSetDiskAutoDeleteCall) Do(opts ...googleapi.CallOption) (*Operation, error) { + gensupport.SetOptions(c.urlParams_, opts...) + res, err := c.doRequest("json") + if res != nil && res.StatusCode == http.StatusNotModified { + if res.Body != nil { + res.Body.Close() + } + return nil, &googleapi.Error{ + Code: res.StatusCode, + Header: res.Header, + } + } + if err != nil { + return nil, err + } + defer googleapi.CloseBody(res) + if err := googleapi.CheckResponse(res); err != nil { + return nil, err + } + ret := &Operation{ + ServerResponse: googleapi.ServerResponse{ + Header: res.Header, + HTTPStatusCode: res.StatusCode, + }, + } + target := &ret + if err := gensupport.DecodeResponse(target, res); err != nil { + return nil, err + } + return ret, nil + // { + // "description": "Sets the auto-delete flag for a disk attached to an instance.", + // "httpMethod": "POST", + // "id": "compute.instances.setDiskAutoDelete", + // "parameterOrder": [ + // "project", + // "zone", + // "instance", + // "autoDelete", + // "deviceName" + // ], + // "parameters": { + // "autoDelete": { + // "description": "Whether to auto-delete the disk when the instance is deleted.", + // "location": "query", + // "required": true, + // "type": "boolean" + // }, + // "deviceName": { + // "description": "The device name of the disk to modify.", + // "location": "query", + // "pattern": "\\w[\\w.-]{0,254}", + // "required": true, + // "type": "string" + // }, + // "instance": { + // "description": "The instance name.", + // "location": "path", + // "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + // "required": true, + // "type": "string" + // }, + // "project": { + // "description": "Project ID for this request.", + // "location": "path", + // "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", + // "required": true, + // "type": "string" + // }, + // "requestId": { + // "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + // "location": "query", + // "type": "string" + // }, + // "zone": { + // "description": "The name of the zone for this request.", + // "location": "path", + // "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + // "required": true, + // "type": "string" + // } + // }, + // "path": "{project}/zones/{zone}/instances/{instance}/setDiskAutoDelete", + // "response": { + // "$ref": "Operation" + // }, + // "scopes": [ + // "https://www.googleapis.com/auth/cloud-platform", + // "https://www.googleapis.com/auth/compute" + // ] + // } + +} + +// method id "compute.instances.setLabels": + +type InstancesSetLabelsCall struct { + s *Service + project string + zone string + instance string + instancessetlabelsrequest *InstancesSetLabelsRequest + urlParams_ gensupport.URLParams + ctx_ context.Context + header_ http.Header +} + +// SetLabels: Sets labels on an instance. To learn more about labels, +// read the Labeling Resources documentation. +func (r *InstancesService) SetLabels(project string, zone string, instance string, instancessetlabelsrequest *InstancesSetLabelsRequest) *InstancesSetLabelsCall { + c := &InstancesSetLabelsCall{s: r.s, urlParams_: make(gensupport.URLParams)} + c.project = project + c.zone = zone + c.instance = instance + c.instancessetlabelsrequest = instancessetlabelsrequest + return c +} + +// RequestId sets the optional parameter "requestId": An optional +// request ID to identify requests. Specify a unique request ID so that +// if you must retry your request, the server will know to ignore the +// request if it has already been completed. +// +// For example, consider a situation where you make an initial request +// and the request times out. If you make the request again with the +// same request ID, the server can check if original operation with the +// same request ID was received, and if so, will ignore the second +// request. This prevents clients from accidentally creating duplicate +// commitments. +// +// The request ID must be a valid UUID with the exception that zero UUID +// is not supported (00000000-0000-0000-0000-000000000000). +func (c *InstancesSetLabelsCall) RequestId(requestId string) *InstancesSetLabelsCall { + c.urlParams_.Set("requestId", requestId) + return c +} + +// Fields allows partial responses to be retrieved. See +// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse +// for more information. +func (c *InstancesSetLabelsCall) Fields(s ...googleapi.Field) *InstancesSetLabelsCall { + c.urlParams_.Set("fields", googleapi.CombineFields(s)) + return c +} + +// Context sets the context to be used in this call's Do method. Any +// pending HTTP request will be aborted if the provided context is +// canceled. +func (c *InstancesSetLabelsCall) Context(ctx context.Context) *InstancesSetLabelsCall { + c.ctx_ = ctx + return c +} + +// Header returns an http.Header that can be modified by the caller to +// add HTTP headers to the request. +func (c *InstancesSetLabelsCall) Header() http.Header { + if c.header_ == nil { + c.header_ = make(http.Header) + } + return c.header_ +} + +func (c *InstancesSetLabelsCall) doRequest(alt string) (*http.Response, error) { + reqHeaders := make(http.Header) + for k, v := range c.header_ { + reqHeaders[k] = v + } + reqHeaders.Set("User-Agent", c.s.userAgent()) + var body io.Reader = nil + body, err := googleapi.WithoutDataWrapper.JSONReader(c.instancessetlabelsrequest) + if err != nil { + return nil, err + } + reqHeaders.Set("Content-Type", "application/json") + c.urlParams_.Set("alt", alt) + urls := googleapi.ResolveRelative(c.s.BasePath, "{project}/zones/{zone}/instances/{instance}/setLabels") + urls += "?" + c.urlParams_.Encode() + req, _ := http.NewRequest("POST", urls, body) + req.Header = reqHeaders + googleapi.Expand(req.URL, map[string]string{ + "project": c.project, + "zone": c.zone, + "instance": c.instance, + }) + return gensupport.SendRequest(c.ctx_, c.s.client, req) +} + +// Do executes the "compute.instances.setLabels" call. +// Exactly one of *Operation or error will be non-nil. Any non-2xx +// status code is an error. Response headers are in either +// *Operation.ServerResponse.Header or (if a response was returned at +// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified +// to check whether the returned error was because +// http.StatusNotModified was returned. +func (c *InstancesSetLabelsCall) Do(opts ...googleapi.CallOption) (*Operation, error) { + gensupport.SetOptions(c.urlParams_, opts...) + res, err := c.doRequest("json") + if res != nil && res.StatusCode == http.StatusNotModified { + if res.Body != nil { + res.Body.Close() + } + return nil, &googleapi.Error{ + Code: res.StatusCode, + Header: res.Header, + } + } + if err != nil { + return nil, err + } + defer googleapi.CloseBody(res) + if err := googleapi.CheckResponse(res); err != nil { + return nil, err + } + ret := &Operation{ + ServerResponse: googleapi.ServerResponse{ + Header: res.Header, + HTTPStatusCode: res.StatusCode, + }, + } + target := &ret + if err := gensupport.DecodeResponse(target, res); err != nil { + return nil, err + } + return ret, nil + // { + // "description": "Sets labels on an instance. To learn more about labels, read the Labeling Resources documentation.", // "httpMethod": "POST", - // "id": "compute.instances.setDeletionProtection", + // "id": "compute.instances.setLabels", // "parameterOrder": [ // "project", // "zone", - // "resource" + // "instance" // ], // "parameters": { - // "deletionProtection": { - // "default": "true", - // "description": "Whether the resource should be protected against deletion.", - // "location": "query", - // "type": "boolean" + // "instance": { + // "description": "Name of the instance scoping this request.", + // "location": "path", + // "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", + // "required": true, + // "type": "string" // }, // "project": { // "description": "Project ID for this request.", @@ -47544,13 +48428,6 @@ func (c *InstancesSetDeletionProtectionCall) Do(opts ...googleapi.CallOption) (* // "location": "query", // "type": "string" // }, - // "resource": { - // "description": "Name of the resource for this request.", - // "location": "path", - // "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - // "required": true, - // "type": "string" - // }, // "zone": { // "description": "The name of the zone for this request.", // "location": "path", @@ -47559,7 +48436,10 @@ func (c *InstancesSetDeletionProtectionCall) Do(opts ...googleapi.CallOption) (* // "type": "string" // } // }, - // "path": "{project}/zones/{zone}/instances/{resource}/setDeletionProtection", + // "path": "{project}/zones/{zone}/instances/{instance}/setLabels", + // "request": { + // "$ref": "InstancesSetLabelsRequest" + // }, // "response": { // "$ref": "Operation" // }, @@ -47571,28 +48451,27 @@ func (c *InstancesSetDeletionProtectionCall) Do(opts ...googleapi.CallOption) (* } -// method id "compute.instances.setDiskAutoDelete": +// method id "compute.instances.setMachineResources": -type InstancesSetDiskAutoDeleteCall struct { - s *Service - project string - zone string - instance string - urlParams_ gensupport.URLParams - ctx_ context.Context - header_ http.Header +type InstancesSetMachineResourcesCall struct { + s *Service + project string + zone string + instance string + instancessetmachineresourcesrequest *InstancesSetMachineResourcesRequest + urlParams_ gensupport.URLParams + ctx_ context.Context + header_ http.Header } -// SetDiskAutoDelete: Sets the auto-delete flag for a disk attached to -// an instance. -// For details, see https://cloud.google.com/compute/docs/reference/latest/instances/setDiskAutoDelete -func (r *InstancesService) SetDiskAutoDelete(project string, zone string, instance string, autoDelete bool, deviceName string) *InstancesSetDiskAutoDeleteCall { - c := &InstancesSetDiskAutoDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)} +// SetMachineResources: Changes the number and/or type of accelerator +// for a stopped instance to the values specified in the request. +func (r *InstancesService) SetMachineResources(project string, zone string, instance string, instancessetmachineresourcesrequest *InstancesSetMachineResourcesRequest) *InstancesSetMachineResourcesCall { + c := &InstancesSetMachineResourcesCall{s: r.s, urlParams_: make(gensupport.URLParams)} c.project = project c.zone = zone c.instance = instance - c.urlParams_.Set("autoDelete", fmt.Sprint(autoDelete)) - c.urlParams_.Set("deviceName", deviceName) + c.instancessetmachineresourcesrequest = instancessetmachineresourcesrequest return c } @@ -47610,7 +48489,7 @@ func (r *InstancesService) SetDiskAutoDelete(project string, zone string, instan // // The request ID must be a valid UUID with the exception that zero UUID // is not supported (00000000-0000-0000-0000-000000000000). -func (c *InstancesSetDiskAutoDeleteCall) RequestId(requestId string) *InstancesSetDiskAutoDeleteCall { +func (c *InstancesSetMachineResourcesCall) RequestId(requestId string) *InstancesSetMachineResourcesCall { c.urlParams_.Set("requestId", requestId) return c } @@ -47618,7 +48497,7 @@ func (c *InstancesSetDiskAutoDeleteCall) RequestId(requestId string) *InstancesS // Fields allows partial responses to be retrieved. See // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse // for more information. -func (c *InstancesSetDiskAutoDeleteCall) Fields(s ...googleapi.Field) *InstancesSetDiskAutoDeleteCall { +func (c *InstancesSetMachineResourcesCall) Fields(s ...googleapi.Field) *InstancesSetMachineResourcesCall { c.urlParams_.Set("fields", googleapi.CombineFields(s)) return c } @@ -47626,29 +48505,34 @@ func (c *InstancesSetDiskAutoDeleteCall) Fields(s ...googleapi.Field) *Instances // Context sets the context to be used in this call's Do method. Any // pending HTTP request will be aborted if the provided context is // canceled. -func (c *InstancesSetDiskAutoDeleteCall) Context(ctx context.Context) *InstancesSetDiskAutoDeleteCall { +func (c *InstancesSetMachineResourcesCall) Context(ctx context.Context) *InstancesSetMachineResourcesCall { c.ctx_ = ctx return c } // Header returns an http.Header that can be modified by the caller to // add HTTP headers to the request. -func (c *InstancesSetDiskAutoDeleteCall) Header() http.Header { +func (c *InstancesSetMachineResourcesCall) Header() http.Header { if c.header_ == nil { c.header_ = make(http.Header) } return c.header_ } -func (c *InstancesSetDiskAutoDeleteCall) doRequest(alt string) (*http.Response, error) { +func (c *InstancesSetMachineResourcesCall) doRequest(alt string) (*http.Response, error) { reqHeaders := make(http.Header) for k, v := range c.header_ { reqHeaders[k] = v } reqHeaders.Set("User-Agent", c.s.userAgent()) var body io.Reader = nil + body, err := googleapi.WithoutDataWrapper.JSONReader(c.instancessetmachineresourcesrequest) + if err != nil { + return nil, err + } + reqHeaders.Set("Content-Type", "application/json") c.urlParams_.Set("alt", alt) - urls := googleapi.ResolveRelative(c.s.BasePath, "{project}/zones/{zone}/instances/{instance}/setDiskAutoDelete") + urls := googleapi.ResolveRelative(c.s.BasePath, "{project}/zones/{zone}/instances/{instance}/setMachineResources") urls += "?" + c.urlParams_.Encode() req, _ := http.NewRequest("POST", urls, body) req.Header = reqHeaders @@ -47660,14 +48544,14 @@ func (c *InstancesSetDiskAutoDeleteCall) doRequest(alt string) (*http.Response, return gensupport.SendRequest(c.ctx_, c.s.client, req) } -// Do executes the "compute.instances.setDiskAutoDelete" call. +// Do executes the "compute.instances.setMachineResources" call. // Exactly one of *Operation or error will be non-nil. Any non-2xx // status code is an error. Response headers are in either // *Operation.ServerResponse.Header or (if a response was returned at // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified // to check whether the returned error was because // http.StatusNotModified was returned. -func (c *InstancesSetDiskAutoDeleteCall) Do(opts ...googleapi.CallOption) (*Operation, error) { +func (c *InstancesSetMachineResourcesCall) Do(opts ...googleapi.CallOption) (*Operation, error) { gensupport.SetOptions(c.urlParams_, opts...) res, err := c.doRequest("json") if res != nil && res.StatusCode == http.StatusNotModified { @@ -47698,32 +48582,17 @@ func (c *InstancesSetDiskAutoDeleteCall) Do(opts ...googleapi.CallOption) (*Oper } return ret, nil // { - // "description": "Sets the auto-delete flag for a disk attached to an instance.", + // "description": "Changes the number and/or type of accelerator for a stopped instance to the values specified in the request.", // "httpMethod": "POST", - // "id": "compute.instances.setDiskAutoDelete", + // "id": "compute.instances.setMachineResources", // "parameterOrder": [ // "project", // "zone", - // "instance", - // "autoDelete", - // "deviceName" + // "instance" // ], // "parameters": { - // "autoDelete": { - // "description": "Whether to auto-delete the disk when the instance is deleted.", - // "location": "query", - // "required": true, - // "type": "boolean" - // }, - // "deviceName": { - // "description": "The device name of the disk to modify.", - // "location": "query", - // "pattern": "\\w[\\w.-]{0,254}", - // "required": true, - // "type": "string" - // }, // "instance": { - // "description": "The instance name.", + // "description": "Name of the instance scoping this request.", // "location": "path", // "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", // "required": true, @@ -47749,7 +48618,10 @@ func (c *InstancesSetDiskAutoDeleteCall) Do(opts ...googleapi.CallOption) (*Oper // "type": "string" // } // }, - // "path": "{project}/zones/{zone}/instances/{instance}/setDiskAutoDelete", + // "path": "{project}/zones/{zone}/instances/{instance}/setMachineResources", + // "request": { + // "$ref": "InstancesSetMachineResourcesRequest" + // }, // "response": { // "$ref": "Operation" // }, @@ -47761,27 +48633,27 @@ func (c *InstancesSetDiskAutoDeleteCall) Do(opts ...googleapi.CallOption) (*Oper } -// method id "compute.instances.setLabels": +// method id "compute.instances.setMachineType": -type InstancesSetLabelsCall struct { - s *Service - project string - zone string - instance string - instancessetlabelsrequest *InstancesSetLabelsRequest - urlParams_ gensupport.URLParams - ctx_ context.Context - header_ http.Header +type InstancesSetMachineTypeCall struct { + s *Service + project string + zone string + instance string + instancessetmachinetyperequest *InstancesSetMachineTypeRequest + urlParams_ gensupport.URLParams + ctx_ context.Context + header_ http.Header } -// SetLabels: Sets labels on an instance. To learn more about labels, -// read the Labeling Resources documentation. -func (r *InstancesService) SetLabels(project string, zone string, instance string, instancessetlabelsrequest *InstancesSetLabelsRequest) *InstancesSetLabelsCall { - c := &InstancesSetLabelsCall{s: r.s, urlParams_: make(gensupport.URLParams)} +// SetMachineType: Changes the machine type for a stopped instance to +// the machine type specified in the request. +func (r *InstancesService) SetMachineType(project string, zone string, instance string, instancessetmachinetyperequest *InstancesSetMachineTypeRequest) *InstancesSetMachineTypeCall { + c := &InstancesSetMachineTypeCall{s: r.s, urlParams_: make(gensupport.URLParams)} c.project = project c.zone = zone c.instance = instance - c.instancessetlabelsrequest = instancessetlabelsrequest + c.instancessetmachinetyperequest = instancessetmachinetyperequest return c } @@ -47799,7 +48671,7 @@ func (r *InstancesService) SetLabels(project string, zone string, instance strin // // The request ID must be a valid UUID with the exception that zero UUID // is not supported (00000000-0000-0000-0000-000000000000). -func (c *InstancesSetLabelsCall) RequestId(requestId string) *InstancesSetLabelsCall { +func (c *InstancesSetMachineTypeCall) RequestId(requestId string) *InstancesSetMachineTypeCall { c.urlParams_.Set("requestId", requestId) return c } @@ -47807,7 +48679,7 @@ func (c *InstancesSetLabelsCall) RequestId(requestId string) *InstancesSetLabels // Fields allows partial responses to be retrieved. See // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse // for more information. -func (c *InstancesSetLabelsCall) Fields(s ...googleapi.Field) *InstancesSetLabelsCall { +func (c *InstancesSetMachineTypeCall) Fields(s ...googleapi.Field) *InstancesSetMachineTypeCall { c.urlParams_.Set("fields", googleapi.CombineFields(s)) return c } @@ -47815,34 +48687,34 @@ func (c *InstancesSetLabelsCall) Fields(s ...googleapi.Field) *InstancesSetLabel // Context sets the context to be used in this call's Do method. Any // pending HTTP request will be aborted if the provided context is // canceled. -func (c *InstancesSetLabelsCall) Context(ctx context.Context) *InstancesSetLabelsCall { +func (c *InstancesSetMachineTypeCall) Context(ctx context.Context) *InstancesSetMachineTypeCall { c.ctx_ = ctx return c } // Header returns an http.Header that can be modified by the caller to // add HTTP headers to the request. -func (c *InstancesSetLabelsCall) Header() http.Header { +func (c *InstancesSetMachineTypeCall) Header() http.Header { if c.header_ == nil { c.header_ = make(http.Header) } return c.header_ } -func (c *InstancesSetLabelsCall) doRequest(alt string) (*http.Response, error) { +func (c *InstancesSetMachineTypeCall) doRequest(alt string) (*http.Response, error) { reqHeaders := make(http.Header) for k, v := range c.header_ { reqHeaders[k] = v } reqHeaders.Set("User-Agent", c.s.userAgent()) var body io.Reader = nil - body, err := googleapi.WithoutDataWrapper.JSONReader(c.instancessetlabelsrequest) + body, err := googleapi.WithoutDataWrapper.JSONReader(c.instancessetmachinetyperequest) if err != nil { return nil, err } reqHeaders.Set("Content-Type", "application/json") c.urlParams_.Set("alt", alt) - urls := googleapi.ResolveRelative(c.s.BasePath, "{project}/zones/{zone}/instances/{instance}/setLabels") + urls := googleapi.ResolveRelative(c.s.BasePath, "{project}/zones/{zone}/instances/{instance}/setMachineType") urls += "?" + c.urlParams_.Encode() req, _ := http.NewRequest("POST", urls, body) req.Header = reqHeaders @@ -47854,14 +48726,14 @@ func (c *InstancesSetLabelsCall) doRequest(alt string) (*http.Response, error) { return gensupport.SendRequest(c.ctx_, c.s.client, req) } -// Do executes the "compute.instances.setLabels" call. +// Do executes the "compute.instances.setMachineType" call. // Exactly one of *Operation or error will be non-nil. Any non-2xx // status code is an error. Response headers are in either // *Operation.ServerResponse.Header or (if a response was returned at // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified // to check whether the returned error was because // http.StatusNotModified was returned. -func (c *InstancesSetLabelsCall) Do(opts ...googleapi.CallOption) (*Operation, error) { +func (c *InstancesSetMachineTypeCall) Do(opts ...googleapi.CallOption) (*Operation, error) { gensupport.SetOptions(c.urlParams_, opts...) res, err := c.doRequest("json") if res != nil && res.StatusCode == http.StatusNotModified { @@ -47892,9 +48764,9 @@ func (c *InstancesSetLabelsCall) Do(opts ...googleapi.CallOption) (*Operation, e } return ret, nil // { - // "description": "Sets labels on an instance. To learn more about labels, read the Labeling Resources documentation.", + // "description": "Changes the machine type for a stopped instance to the machine type specified in the request.", // "httpMethod": "POST", - // "id": "compute.instances.setLabels", + // "id": "compute.instances.setMachineType", // "parameterOrder": [ // "project", // "zone", @@ -47928,9 +48800,9 @@ func (c *InstancesSetLabelsCall) Do(opts ...googleapi.CallOption) (*Operation, e // "type": "string" // } // }, - // "path": "{project}/zones/{zone}/instances/{instance}/setLabels", + // "path": "{project}/zones/{zone}/instances/{instance}/setMachineType", // "request": { - // "$ref": "InstancesSetLabelsRequest" + // "$ref": "InstancesSetMachineTypeRequest" // }, // "response": { // "$ref": "Operation" @@ -47943,27 +48815,28 @@ func (c *InstancesSetLabelsCall) Do(opts ...googleapi.CallOption) (*Operation, e } -// method id "compute.instances.setMachineResources": +// method id "compute.instances.setMetadata": -type InstancesSetMachineResourcesCall struct { - s *Service - project string - zone string - instance string - instancessetmachineresourcesrequest *InstancesSetMachineResourcesRequest - urlParams_ gensupport.URLParams - ctx_ context.Context - header_ http.Header +type InstancesSetMetadataCall struct { + s *Service + project string + zone string + instance string + metadata *Metadata + urlParams_ gensupport.URLParams + ctx_ context.Context + header_ http.Header } -// SetMachineResources: Changes the number and/or type of accelerator -// for a stopped instance to the values specified in the request. -func (r *InstancesService) SetMachineResources(project string, zone string, instance string, instancessetmachineresourcesrequest *InstancesSetMachineResourcesRequest) *InstancesSetMachineResourcesCall { - c := &InstancesSetMachineResourcesCall{s: r.s, urlParams_: make(gensupport.URLParams)} +// SetMetadata: Sets metadata for the specified instance to the data +// included in the request. +// For details, see https://cloud.google.com/compute/docs/reference/latest/instances/setMetadata +func (r *InstancesService) SetMetadata(project string, zone string, instance string, metadata *Metadata) *InstancesSetMetadataCall { + c := &InstancesSetMetadataCall{s: r.s, urlParams_: make(gensupport.URLParams)} c.project = project c.zone = zone c.instance = instance - c.instancessetmachineresourcesrequest = instancessetmachineresourcesrequest + c.metadata = metadata return c } @@ -47981,7 +48854,7 @@ func (r *InstancesService) SetMachineResources(project string, zone string, inst // // The request ID must be a valid UUID with the exception that zero UUID // is not supported (00000000-0000-0000-0000-000000000000). -func (c *InstancesSetMachineResourcesCall) RequestId(requestId string) *InstancesSetMachineResourcesCall { +func (c *InstancesSetMetadataCall) RequestId(requestId string) *InstancesSetMetadataCall { c.urlParams_.Set("requestId", requestId) return c } @@ -47989,7 +48862,7 @@ func (c *InstancesSetMachineResourcesCall) RequestId(requestId string) *Instance // Fields allows partial responses to be retrieved. See // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse // for more information. -func (c *InstancesSetMachineResourcesCall) Fields(s ...googleapi.Field) *InstancesSetMachineResourcesCall { +func (c *InstancesSetMetadataCall) Fields(s ...googleapi.Field) *InstancesSetMetadataCall { c.urlParams_.Set("fields", googleapi.CombineFields(s)) return c } @@ -47997,34 +48870,34 @@ func (c *InstancesSetMachineResourcesCall) Fields(s ...googleapi.Field) *Instanc // Context sets the context to be used in this call's Do method. Any // pending HTTP request will be aborted if the provided context is // canceled. -func (c *InstancesSetMachineResourcesCall) Context(ctx context.Context) *InstancesSetMachineResourcesCall { +func (c *InstancesSetMetadataCall) Context(ctx context.Context) *InstancesSetMetadataCall { c.ctx_ = ctx return c } // Header returns an http.Header that can be modified by the caller to // add HTTP headers to the request. -func (c *InstancesSetMachineResourcesCall) Header() http.Header { +func (c *InstancesSetMetadataCall) Header() http.Header { if c.header_ == nil { c.header_ = make(http.Header) } return c.header_ } -func (c *InstancesSetMachineResourcesCall) doRequest(alt string) (*http.Response, error) { +func (c *InstancesSetMetadataCall) doRequest(alt string) (*http.Response, error) { reqHeaders := make(http.Header) for k, v := range c.header_ { reqHeaders[k] = v } reqHeaders.Set("User-Agent", c.s.userAgent()) var body io.Reader = nil - body, err := googleapi.WithoutDataWrapper.JSONReader(c.instancessetmachineresourcesrequest) + body, err := googleapi.WithoutDataWrapper.JSONReader(c.metadata) if err != nil { return nil, err } reqHeaders.Set("Content-Type", "application/json") c.urlParams_.Set("alt", alt) - urls := googleapi.ResolveRelative(c.s.BasePath, "{project}/zones/{zone}/instances/{instance}/setMachineResources") + urls := googleapi.ResolveRelative(c.s.BasePath, "{project}/zones/{zone}/instances/{instance}/setMetadata") urls += "?" + c.urlParams_.Encode() req, _ := http.NewRequest("POST", urls, body) req.Header = reqHeaders @@ -48036,14 +48909,14 @@ func (c *InstancesSetMachineResourcesCall) doRequest(alt string) (*http.Response return gensupport.SendRequest(c.ctx_, c.s.client, req) } -// Do executes the "compute.instances.setMachineResources" call. +// Do executes the "compute.instances.setMetadata" call. // Exactly one of *Operation or error will be non-nil. Any non-2xx // status code is an error. Response headers are in either // *Operation.ServerResponse.Header or (if a response was returned at // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified // to check whether the returned error was because // http.StatusNotModified was returned. -func (c *InstancesSetMachineResourcesCall) Do(opts ...googleapi.CallOption) (*Operation, error) { +func (c *InstancesSetMetadataCall) Do(opts ...googleapi.CallOption) (*Operation, error) { gensupport.SetOptions(c.urlParams_, opts...) res, err := c.doRequest("json") if res != nil && res.StatusCode == http.StatusNotModified { @@ -48074,9 +48947,9 @@ func (c *InstancesSetMachineResourcesCall) Do(opts ...googleapi.CallOption) (*Op } return ret, nil // { - // "description": "Changes the number and/or type of accelerator for a stopped instance to the values specified in the request.", + // "description": "Sets metadata for the specified instance to the data included in the request.", // "httpMethod": "POST", - // "id": "compute.instances.setMachineResources", + // "id": "compute.instances.setMetadata", // "parameterOrder": [ // "project", // "zone", @@ -48110,9 +48983,9 @@ func (c *InstancesSetMachineResourcesCall) Do(opts ...googleapi.CallOption) (*Op // "type": "string" // } // }, - // "path": "{project}/zones/{zone}/instances/{instance}/setMachineResources", + // "path": "{project}/zones/{zone}/instances/{instance}/setMetadata", // "request": { - // "$ref": "InstancesSetMachineResourcesRequest" + // "$ref": "Metadata" // }, // "response": { // "$ref": "Operation" @@ -48125,27 +48998,29 @@ func (c *InstancesSetMachineResourcesCall) Do(opts ...googleapi.CallOption) (*Op } -// method id "compute.instances.setMachineType": +// method id "compute.instances.setMinCpuPlatform": -type InstancesSetMachineTypeCall struct { - s *Service - project string - zone string - instance string - instancessetmachinetyperequest *InstancesSetMachineTypeRequest - urlParams_ gensupport.URLParams - ctx_ context.Context - header_ http.Header +type InstancesSetMinCpuPlatformCall struct { + s *Service + project string + zone string + instance string + instancessetmincpuplatformrequest *InstancesSetMinCpuPlatformRequest + urlParams_ gensupport.URLParams + ctx_ context.Context + header_ http.Header } -// SetMachineType: Changes the machine type for a stopped instance to -// the machine type specified in the request. -func (r *InstancesService) SetMachineType(project string, zone string, instance string, instancessetmachinetyperequest *InstancesSetMachineTypeRequest) *InstancesSetMachineTypeCall { - c := &InstancesSetMachineTypeCall{s: r.s, urlParams_: make(gensupport.URLParams)} +// SetMinCpuPlatform: Changes the minimum CPU platform that this +// instance should use. This method can only be called on a stopped +// instance. For more information, read Specifying a Minimum CPU +// Platform. +func (r *InstancesService) SetMinCpuPlatform(project string, zone string, instance string, instancessetmincpuplatformrequest *InstancesSetMinCpuPlatformRequest) *InstancesSetMinCpuPlatformCall { + c := &InstancesSetMinCpuPlatformCall{s: r.s, urlParams_: make(gensupport.URLParams)} c.project = project c.zone = zone c.instance = instance - c.instancessetmachinetyperequest = instancessetmachinetyperequest + c.instancessetmincpuplatformrequest = instancessetmincpuplatformrequest return c } @@ -48163,7 +49038,7 @@ func (r *InstancesService) SetMachineType(project string, zone string, instance // // The request ID must be a valid UUID with the exception that zero UUID // is not supported (00000000-0000-0000-0000-000000000000). -func (c *InstancesSetMachineTypeCall) RequestId(requestId string) *InstancesSetMachineTypeCall { +func (c *InstancesSetMinCpuPlatformCall) RequestId(requestId string) *InstancesSetMinCpuPlatformCall { c.urlParams_.Set("requestId", requestId) return c } @@ -48171,7 +49046,7 @@ func (c *InstancesSetMachineTypeCall) RequestId(requestId string) *InstancesSetM // Fields allows partial responses to be retrieved. See // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse // for more information. -func (c *InstancesSetMachineTypeCall) Fields(s ...googleapi.Field) *InstancesSetMachineTypeCall { +func (c *InstancesSetMinCpuPlatformCall) Fields(s ...googleapi.Field) *InstancesSetMinCpuPlatformCall { c.urlParams_.Set("fields", googleapi.CombineFields(s)) return c } @@ -48179,34 +49054,34 @@ func (c *InstancesSetMachineTypeCall) Fields(s ...googleapi.Field) *InstancesSet // Context sets the context to be used in this call's Do method. Any // pending HTTP request will be aborted if the provided context is // canceled. -func (c *InstancesSetMachineTypeCall) Context(ctx context.Context) *InstancesSetMachineTypeCall { +func (c *InstancesSetMinCpuPlatformCall) Context(ctx context.Context) *InstancesSetMinCpuPlatformCall { c.ctx_ = ctx return c } // Header returns an http.Header that can be modified by the caller to // add HTTP headers to the request. -func (c *InstancesSetMachineTypeCall) Header() http.Header { +func (c *InstancesSetMinCpuPlatformCall) Header() http.Header { if c.header_ == nil { c.header_ = make(http.Header) } return c.header_ } -func (c *InstancesSetMachineTypeCall) doRequest(alt string) (*http.Response, error) { +func (c *InstancesSetMinCpuPlatformCall) doRequest(alt string) (*http.Response, error) { reqHeaders := make(http.Header) for k, v := range c.header_ { reqHeaders[k] = v } reqHeaders.Set("User-Agent", c.s.userAgent()) var body io.Reader = nil - body, err := googleapi.WithoutDataWrapper.JSONReader(c.instancessetmachinetyperequest) + body, err := googleapi.WithoutDataWrapper.JSONReader(c.instancessetmincpuplatformrequest) if err != nil { return nil, err } reqHeaders.Set("Content-Type", "application/json") c.urlParams_.Set("alt", alt) - urls := googleapi.ResolveRelative(c.s.BasePath, "{project}/zones/{zone}/instances/{instance}/setMachineType") + urls := googleapi.ResolveRelative(c.s.BasePath, "{project}/zones/{zone}/instances/{instance}/setMinCpuPlatform") urls += "?" + c.urlParams_.Encode() req, _ := http.NewRequest("POST", urls, body) req.Header = reqHeaders @@ -48218,14 +49093,14 @@ func (c *InstancesSetMachineTypeCall) doRequest(alt string) (*http.Response, err return gensupport.SendRequest(c.ctx_, c.s.client, req) } -// Do executes the "compute.instances.setMachineType" call. +// Do executes the "compute.instances.setMinCpuPlatform" call. // Exactly one of *Operation or error will be non-nil. Any non-2xx // status code is an error. Response headers are in either // *Operation.ServerResponse.Header or (if a response was returned at // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified // to check whether the returned error was because // http.StatusNotModified was returned. -func (c *InstancesSetMachineTypeCall) Do(opts ...googleapi.CallOption) (*Operation, error) { +func (c *InstancesSetMinCpuPlatformCall) Do(opts ...googleapi.CallOption) (*Operation, error) { gensupport.SetOptions(c.urlParams_, opts...) res, err := c.doRequest("json") if res != nil && res.StatusCode == http.StatusNotModified { @@ -48256,9 +49131,9 @@ func (c *InstancesSetMachineTypeCall) Do(opts ...googleapi.CallOption) (*Operati } return ret, nil // { - // "description": "Changes the machine type for a stopped instance to the machine type specified in the request.", + // "description": "Changes the minimum CPU platform that this instance should use. This method can only be called on a stopped instance. For more information, read Specifying a Minimum CPU Platform.", // "httpMethod": "POST", - // "id": "compute.instances.setMachineType", + // "id": "compute.instances.setMinCpuPlatform", // "parameterOrder": [ // "project", // "zone", @@ -48292,9 +49167,9 @@ func (c *InstancesSetMachineTypeCall) Do(opts ...googleapi.CallOption) (*Operati // "type": "string" // } // }, - // "path": "{project}/zones/{zone}/instances/{instance}/setMachineType", + // "path": "{project}/zones/{zone}/instances/{instance}/setMinCpuPlatform", // "request": { - // "$ref": "InstancesSetMachineTypeRequest" + // "$ref": "InstancesSetMinCpuPlatformRequest" // }, // "response": { // "$ref": "Operation" @@ -48307,28 +49182,27 @@ func (c *InstancesSetMachineTypeCall) Do(opts ...googleapi.CallOption) (*Operati } -// method id "compute.instances.setMetadata": +// method id "compute.instances.setScheduling": -type InstancesSetMetadataCall struct { +type InstancesSetSchedulingCall struct { s *Service project string zone string instance string - metadata *Metadata + scheduling *Scheduling urlParams_ gensupport.URLParams ctx_ context.Context header_ http.Header } -// SetMetadata: Sets metadata for the specified instance to the data -// included in the request. -// For details, see https://cloud.google.com/compute/docs/reference/latest/instances/setMetadata -func (r *InstancesService) SetMetadata(project string, zone string, instance string, metadata *Metadata) *InstancesSetMetadataCall { - c := &InstancesSetMetadataCall{s: r.s, urlParams_: make(gensupport.URLParams)} +// SetScheduling: Sets an instance's scheduling options. +// For details, see https://cloud.google.com/compute/docs/reference/latest/instances/setScheduling +func (r *InstancesService) SetScheduling(project string, zone string, instance string, scheduling *Scheduling) *InstancesSetSchedulingCall { + c := &InstancesSetSchedulingCall{s: r.s, urlParams_: make(gensupport.URLParams)} c.project = project c.zone = zone c.instance = instance - c.metadata = metadata + c.scheduling = scheduling return c } @@ -48346,7 +49220,7 @@ func (r *InstancesService) SetMetadata(project string, zone string, instance str // // The request ID must be a valid UUID with the exception that zero UUID // is not supported (00000000-0000-0000-0000-000000000000). -func (c *InstancesSetMetadataCall) RequestId(requestId string) *InstancesSetMetadataCall { +func (c *InstancesSetSchedulingCall) RequestId(requestId string) *InstancesSetSchedulingCall { c.urlParams_.Set("requestId", requestId) return c } @@ -48354,7 +49228,7 @@ func (c *InstancesSetMetadataCall) RequestId(requestId string) *InstancesSetMeta // Fields allows partial responses to be retrieved. See // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse // for more information. -func (c *InstancesSetMetadataCall) Fields(s ...googleapi.Field) *InstancesSetMetadataCall { +func (c *InstancesSetSchedulingCall) Fields(s ...googleapi.Field) *InstancesSetSchedulingCall { c.urlParams_.Set("fields", googleapi.CombineFields(s)) return c } @@ -48362,34 +49236,34 @@ func (c *InstancesSetMetadataCall) Fields(s ...googleapi.Field) *InstancesSetMet // Context sets the context to be used in this call's Do method. Any // pending HTTP request will be aborted if the provided context is // canceled. -func (c *InstancesSetMetadataCall) Context(ctx context.Context) *InstancesSetMetadataCall { +func (c *InstancesSetSchedulingCall) Context(ctx context.Context) *InstancesSetSchedulingCall { c.ctx_ = ctx return c } // Header returns an http.Header that can be modified by the caller to // add HTTP headers to the request. -func (c *InstancesSetMetadataCall) Header() http.Header { +func (c *InstancesSetSchedulingCall) Header() http.Header { if c.header_ == nil { c.header_ = make(http.Header) } return c.header_ } -func (c *InstancesSetMetadataCall) doRequest(alt string) (*http.Response, error) { +func (c *InstancesSetSchedulingCall) doRequest(alt string) (*http.Response, error) { reqHeaders := make(http.Header) for k, v := range c.header_ { reqHeaders[k] = v } reqHeaders.Set("User-Agent", c.s.userAgent()) var body io.Reader = nil - body, err := googleapi.WithoutDataWrapper.JSONReader(c.metadata) + body, err := googleapi.WithoutDataWrapper.JSONReader(c.scheduling) if err != nil { return nil, err } reqHeaders.Set("Content-Type", "application/json") c.urlParams_.Set("alt", alt) - urls := googleapi.ResolveRelative(c.s.BasePath, "{project}/zones/{zone}/instances/{instance}/setMetadata") + urls := googleapi.ResolveRelative(c.s.BasePath, "{project}/zones/{zone}/instances/{instance}/setScheduling") urls += "?" + c.urlParams_.Encode() req, _ := http.NewRequest("POST", urls, body) req.Header = reqHeaders @@ -48401,14 +49275,14 @@ func (c *InstancesSetMetadataCall) doRequest(alt string) (*http.Response, error) return gensupport.SendRequest(c.ctx_, c.s.client, req) } -// Do executes the "compute.instances.setMetadata" call. +// Do executes the "compute.instances.setScheduling" call. // Exactly one of *Operation or error will be non-nil. Any non-2xx // status code is an error. Response headers are in either // *Operation.ServerResponse.Header or (if a response was returned at // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified // to check whether the returned error was because // http.StatusNotModified was returned. -func (c *InstancesSetMetadataCall) Do(opts ...googleapi.CallOption) (*Operation, error) { +func (c *InstancesSetSchedulingCall) Do(opts ...googleapi.CallOption) (*Operation, error) { gensupport.SetOptions(c.urlParams_, opts...) res, err := c.doRequest("json") if res != nil && res.StatusCode == http.StatusNotModified { @@ -48439,9 +49313,9 @@ func (c *InstancesSetMetadataCall) Do(opts ...googleapi.CallOption) (*Operation, } return ret, nil // { - // "description": "Sets metadata for the specified instance to the data included in the request.", + // "description": "Sets an instance's scheduling options.", // "httpMethod": "POST", - // "id": "compute.instances.setMetadata", + // "id": "compute.instances.setScheduling", // "parameterOrder": [ // "project", // "zone", @@ -48449,7 +49323,7 @@ func (c *InstancesSetMetadataCall) Do(opts ...googleapi.CallOption) (*Operation, // ], // "parameters": { // "instance": { - // "description": "Name of the instance scoping this request.", + // "description": "Instance name.", // "location": "path", // "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", // "required": true, @@ -48475,9 +49349,9 @@ func (c *InstancesSetMetadataCall) Do(opts ...googleapi.CallOption) (*Operation, // "type": "string" // } // }, - // "path": "{project}/zones/{zone}/instances/{instance}/setMetadata", + // "path": "{project}/zones/{zone}/instances/{instance}/setScheduling", // "request": { - // "$ref": "Metadata" + // "$ref": "Scheduling" // }, // "response": { // "$ref": "Operation" @@ -48490,29 +49364,28 @@ func (c *InstancesSetMetadataCall) Do(opts ...googleapi.CallOption) (*Operation, } -// method id "compute.instances.setMinCpuPlatform": +// method id "compute.instances.setServiceAccount": -type InstancesSetMinCpuPlatformCall struct { +type InstancesSetServiceAccountCall struct { s *Service project string zone string instance string - instancessetmincpuplatformrequest *InstancesSetMinCpuPlatformRequest + instancessetserviceaccountrequest *InstancesSetServiceAccountRequest urlParams_ gensupport.URLParams ctx_ context.Context header_ http.Header } -// SetMinCpuPlatform: Changes the minimum CPU platform that this -// instance should use. This method can only be called on a stopped -// instance. For more information, read Specifying a Minimum CPU -// Platform. -func (r *InstancesService) SetMinCpuPlatform(project string, zone string, instance string, instancessetmincpuplatformrequest *InstancesSetMinCpuPlatformRequest) *InstancesSetMinCpuPlatformCall { - c := &InstancesSetMinCpuPlatformCall{s: r.s, urlParams_: make(gensupport.URLParams)} +// SetServiceAccount: Sets the service account on the instance. For more +// information, read Changing the service account and access scopes for +// an instance. +func (r *InstancesService) SetServiceAccount(project string, zone string, instance string, instancessetserviceaccountrequest *InstancesSetServiceAccountRequest) *InstancesSetServiceAccountCall { + c := &InstancesSetServiceAccountCall{s: r.s, urlParams_: make(gensupport.URLParams)} c.project = project c.zone = zone c.instance = instance - c.instancessetmincpuplatformrequest = instancessetmincpuplatformrequest + c.instancessetserviceaccountrequest = instancessetserviceaccountrequest return c } @@ -48530,7 +49403,7 @@ func (r *InstancesService) SetMinCpuPlatform(project string, zone string, instan // // The request ID must be a valid UUID with the exception that zero UUID // is not supported (00000000-0000-0000-0000-000000000000). -func (c *InstancesSetMinCpuPlatformCall) RequestId(requestId string) *InstancesSetMinCpuPlatformCall { +func (c *InstancesSetServiceAccountCall) RequestId(requestId string) *InstancesSetServiceAccountCall { c.urlParams_.Set("requestId", requestId) return c } @@ -48538,7 +49411,7 @@ func (c *InstancesSetMinCpuPlatformCall) RequestId(requestId string) *InstancesS // Fields allows partial responses to be retrieved. See // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse // for more information. -func (c *InstancesSetMinCpuPlatformCall) Fields(s ...googleapi.Field) *InstancesSetMinCpuPlatformCall { +func (c *InstancesSetServiceAccountCall) Fields(s ...googleapi.Field) *InstancesSetServiceAccountCall { c.urlParams_.Set("fields", googleapi.CombineFields(s)) return c } @@ -48546,34 +49419,34 @@ func (c *InstancesSetMinCpuPlatformCall) Fields(s ...googleapi.Field) *Instances // Context sets the context to be used in this call's Do method. Any // pending HTTP request will be aborted if the provided context is // canceled. -func (c *InstancesSetMinCpuPlatformCall) Context(ctx context.Context) *InstancesSetMinCpuPlatformCall { +func (c *InstancesSetServiceAccountCall) Context(ctx context.Context) *InstancesSetServiceAccountCall { c.ctx_ = ctx return c } // Header returns an http.Header that can be modified by the caller to // add HTTP headers to the request. -func (c *InstancesSetMinCpuPlatformCall) Header() http.Header { +func (c *InstancesSetServiceAccountCall) Header() http.Header { if c.header_ == nil { c.header_ = make(http.Header) } return c.header_ } -func (c *InstancesSetMinCpuPlatformCall) doRequest(alt string) (*http.Response, error) { +func (c *InstancesSetServiceAccountCall) doRequest(alt string) (*http.Response, error) { reqHeaders := make(http.Header) for k, v := range c.header_ { reqHeaders[k] = v } reqHeaders.Set("User-Agent", c.s.userAgent()) var body io.Reader = nil - body, err := googleapi.WithoutDataWrapper.JSONReader(c.instancessetmincpuplatformrequest) + body, err := googleapi.WithoutDataWrapper.JSONReader(c.instancessetserviceaccountrequest) if err != nil { return nil, err } reqHeaders.Set("Content-Type", "application/json") c.urlParams_.Set("alt", alt) - urls := googleapi.ResolveRelative(c.s.BasePath, "{project}/zones/{zone}/instances/{instance}/setMinCpuPlatform") + urls := googleapi.ResolveRelative(c.s.BasePath, "{project}/zones/{zone}/instances/{instance}/setServiceAccount") urls += "?" + c.urlParams_.Encode() req, _ := http.NewRequest("POST", urls, body) req.Header = reqHeaders @@ -48585,14 +49458,14 @@ func (c *InstancesSetMinCpuPlatformCall) doRequest(alt string) (*http.Response, return gensupport.SendRequest(c.ctx_, c.s.client, req) } -// Do executes the "compute.instances.setMinCpuPlatform" call. +// Do executes the "compute.instances.setServiceAccount" call. // Exactly one of *Operation or error will be non-nil. Any non-2xx // status code is an error. Response headers are in either // *Operation.ServerResponse.Header or (if a response was returned at // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified // to check whether the returned error was because // http.StatusNotModified was returned. -func (c *InstancesSetMinCpuPlatformCall) Do(opts ...googleapi.CallOption) (*Operation, error) { +func (c *InstancesSetServiceAccountCall) Do(opts ...googleapi.CallOption) (*Operation, error) { gensupport.SetOptions(c.urlParams_, opts...) res, err := c.doRequest("json") if res != nil && res.StatusCode == http.StatusNotModified { @@ -48623,9 +49496,9 @@ func (c *InstancesSetMinCpuPlatformCall) Do(opts ...googleapi.CallOption) (*Oper } return ret, nil // { - // "description": "Changes the minimum CPU platform that this instance should use. This method can only be called on a stopped instance. For more information, read Specifying a Minimum CPU Platform.", + // "description": "Sets the service account on the instance. For more information, read Changing the service account and access scopes for an instance.", // "httpMethod": "POST", - // "id": "compute.instances.setMinCpuPlatform", + // "id": "compute.instances.setServiceAccount", // "parameterOrder": [ // "project", // "zone", @@ -48633,7 +49506,7 @@ func (c *InstancesSetMinCpuPlatformCall) Do(opts ...googleapi.CallOption) (*Oper // ], // "parameters": { // "instance": { - // "description": "Name of the instance scoping this request.", + // "description": "Name of the instance resource to start.", // "location": "path", // "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", // "required": true, @@ -48659,9 +49532,9 @@ func (c *InstancesSetMinCpuPlatformCall) Do(opts ...googleapi.CallOption) (*Oper // "type": "string" // } // }, - // "path": "{project}/zones/{zone}/instances/{instance}/setMinCpuPlatform", + // "path": "{project}/zones/{zone}/instances/{instance}/setServiceAccount", // "request": { - // "$ref": "InstancesSetMinCpuPlatformRequest" + // "$ref": "InstancesSetServiceAccountRequest" // }, // "response": { // "$ref": "Operation" @@ -48674,27 +49547,28 @@ func (c *InstancesSetMinCpuPlatformCall) Do(opts ...googleapi.CallOption) (*Oper } -// method id "compute.instances.setScheduling": +// method id "compute.instances.setTags": -type InstancesSetSchedulingCall struct { +type InstancesSetTagsCall struct { s *Service project string zone string instance string - scheduling *Scheduling + tags *Tags urlParams_ gensupport.URLParams ctx_ context.Context header_ http.Header } -// SetScheduling: Sets an instance's scheduling options. -// For details, see https://cloud.google.com/compute/docs/reference/latest/instances/setScheduling -func (r *InstancesService) SetScheduling(project string, zone string, instance string, scheduling *Scheduling) *InstancesSetSchedulingCall { - c := &InstancesSetSchedulingCall{s: r.s, urlParams_: make(gensupport.URLParams)} +// SetTags: Sets tags for the specified instance to the data included in +// the request. +// For details, see https://cloud.google.com/compute/docs/reference/latest/instances/setTags +func (r *InstancesService) SetTags(project string, zone string, instance string, tags *Tags) *InstancesSetTagsCall { + c := &InstancesSetTagsCall{s: r.s, urlParams_: make(gensupport.URLParams)} c.project = project c.zone = zone c.instance = instance - c.scheduling = scheduling + c.tags = tags return c } @@ -48712,7 +49586,7 @@ func (r *InstancesService) SetScheduling(project string, zone string, instance s // // The request ID must be a valid UUID with the exception that zero UUID // is not supported (00000000-0000-0000-0000-000000000000). -func (c *InstancesSetSchedulingCall) RequestId(requestId string) *InstancesSetSchedulingCall { +func (c *InstancesSetTagsCall) RequestId(requestId string) *InstancesSetTagsCall { c.urlParams_.Set("requestId", requestId) return c } @@ -48720,7 +49594,7 @@ func (c *InstancesSetSchedulingCall) RequestId(requestId string) *InstancesSetSc // Fields allows partial responses to be retrieved. See // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse // for more information. -func (c *InstancesSetSchedulingCall) Fields(s ...googleapi.Field) *InstancesSetSchedulingCall { +func (c *InstancesSetTagsCall) Fields(s ...googleapi.Field) *InstancesSetTagsCall { c.urlParams_.Set("fields", googleapi.CombineFields(s)) return c } @@ -48728,34 +49602,34 @@ func (c *InstancesSetSchedulingCall) Fields(s ...googleapi.Field) *InstancesSetS // Context sets the context to be used in this call's Do method. Any // pending HTTP request will be aborted if the provided context is // canceled. -func (c *InstancesSetSchedulingCall) Context(ctx context.Context) *InstancesSetSchedulingCall { +func (c *InstancesSetTagsCall) Context(ctx context.Context) *InstancesSetTagsCall { c.ctx_ = ctx return c } // Header returns an http.Header that can be modified by the caller to // add HTTP headers to the request. -func (c *InstancesSetSchedulingCall) Header() http.Header { +func (c *InstancesSetTagsCall) Header() http.Header { if c.header_ == nil { c.header_ = make(http.Header) } return c.header_ } -func (c *InstancesSetSchedulingCall) doRequest(alt string) (*http.Response, error) { +func (c *InstancesSetTagsCall) doRequest(alt string) (*http.Response, error) { reqHeaders := make(http.Header) for k, v := range c.header_ { reqHeaders[k] = v } reqHeaders.Set("User-Agent", c.s.userAgent()) var body io.Reader = nil - body, err := googleapi.WithoutDataWrapper.JSONReader(c.scheduling) + body, err := googleapi.WithoutDataWrapper.JSONReader(c.tags) if err != nil { return nil, err } reqHeaders.Set("Content-Type", "application/json") c.urlParams_.Set("alt", alt) - urls := googleapi.ResolveRelative(c.s.BasePath, "{project}/zones/{zone}/instances/{instance}/setScheduling") + urls := googleapi.ResolveRelative(c.s.BasePath, "{project}/zones/{zone}/instances/{instance}/setTags") urls += "?" + c.urlParams_.Encode() req, _ := http.NewRequest("POST", urls, body) req.Header = reqHeaders @@ -48767,14 +49641,14 @@ func (c *InstancesSetSchedulingCall) doRequest(alt string) (*http.Response, erro return gensupport.SendRequest(c.ctx_, c.s.client, req) } -// Do executes the "compute.instances.setScheduling" call. +// Do executes the "compute.instances.setTags" call. // Exactly one of *Operation or error will be non-nil. Any non-2xx // status code is an error. Response headers are in either // *Operation.ServerResponse.Header or (if a response was returned at // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified // to check whether the returned error was because // http.StatusNotModified was returned. -func (c *InstancesSetSchedulingCall) Do(opts ...googleapi.CallOption) (*Operation, error) { +func (c *InstancesSetTagsCall) Do(opts ...googleapi.CallOption) (*Operation, error) { gensupport.SetOptions(c.urlParams_, opts...) res, err := c.doRequest("json") if res != nil && res.StatusCode == http.StatusNotModified { @@ -48805,9 +49679,9 @@ func (c *InstancesSetSchedulingCall) Do(opts ...googleapi.CallOption) (*Operatio } return ret, nil // { - // "description": "Sets an instance's scheduling options.", + // "description": "Sets tags for the specified instance to the data included in the request.", // "httpMethod": "POST", - // "id": "compute.instances.setScheduling", + // "id": "compute.instances.setTags", // "parameterOrder": [ // "project", // "zone", @@ -48815,7 +49689,7 @@ func (c *InstancesSetSchedulingCall) Do(opts ...googleapi.CallOption) (*Operatio // ], // "parameters": { // "instance": { - // "description": "Instance name.", + // "description": "Name of the instance scoping this request.", // "location": "path", // "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", // "required": true, @@ -48841,9 +49715,9 @@ func (c *InstancesSetSchedulingCall) Do(opts ...googleapi.CallOption) (*Operatio // "type": "string" // } // }, - // "path": "{project}/zones/{zone}/instances/{instance}/setScheduling", + // "path": "{project}/zones/{zone}/instances/{instance}/setTags", // "request": { - // "$ref": "Scheduling" + // "$ref": "Tags" // }, // "response": { // "$ref": "Operation" @@ -48856,28 +49730,27 @@ func (c *InstancesSetSchedulingCall) Do(opts ...googleapi.CallOption) (*Operatio } -// method id "compute.instances.setServiceAccount": +// method id "compute.instances.start": -type InstancesSetServiceAccountCall struct { - s *Service - project string - zone string - instance string - instancessetserviceaccountrequest *InstancesSetServiceAccountRequest - urlParams_ gensupport.URLParams - ctx_ context.Context - header_ http.Header +type InstancesStartCall struct { + s *Service + project string + zone string + instance string + urlParams_ gensupport.URLParams + ctx_ context.Context + header_ http.Header } -// SetServiceAccount: Sets the service account on the instance. For more -// information, read Changing the service account and access scopes for -// an instance. -func (r *InstancesService) SetServiceAccount(project string, zone string, instance string, instancessetserviceaccountrequest *InstancesSetServiceAccountRequest) *InstancesSetServiceAccountCall { - c := &InstancesSetServiceAccountCall{s: r.s, urlParams_: make(gensupport.URLParams)} +// Start: Starts an instance that was stopped using the using the +// instances().stop method. For more information, see Restart an +// instance. +// For details, see https://cloud.google.com/compute/docs/reference/latest/instances/start +func (r *InstancesService) Start(project string, zone string, instance string) *InstancesStartCall { + c := &InstancesStartCall{s: r.s, urlParams_: make(gensupport.URLParams)} c.project = project c.zone = zone c.instance = instance - c.instancessetserviceaccountrequest = instancessetserviceaccountrequest return c } @@ -48895,7 +49768,7 @@ func (r *InstancesService) SetServiceAccount(project string, zone string, instan // // The request ID must be a valid UUID with the exception that zero UUID // is not supported (00000000-0000-0000-0000-000000000000). -func (c *InstancesSetServiceAccountCall) RequestId(requestId string) *InstancesSetServiceAccountCall { +func (c *InstancesStartCall) RequestId(requestId string) *InstancesStartCall { c.urlParams_.Set("requestId", requestId) return c } @@ -48903,7 +49776,7 @@ func (c *InstancesSetServiceAccountCall) RequestId(requestId string) *InstancesS // Fields allows partial responses to be retrieved. See // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse // for more information. -func (c *InstancesSetServiceAccountCall) Fields(s ...googleapi.Field) *InstancesSetServiceAccountCall { +func (c *InstancesStartCall) Fields(s ...googleapi.Field) *InstancesStartCall { c.urlParams_.Set("fields", googleapi.CombineFields(s)) return c } @@ -48911,34 +49784,29 @@ func (c *InstancesSetServiceAccountCall) Fields(s ...googleapi.Field) *Instances // Context sets the context to be used in this call's Do method. Any // pending HTTP request will be aborted if the provided context is // canceled. -func (c *InstancesSetServiceAccountCall) Context(ctx context.Context) *InstancesSetServiceAccountCall { +func (c *InstancesStartCall) Context(ctx context.Context) *InstancesStartCall { c.ctx_ = ctx return c } // Header returns an http.Header that can be modified by the caller to // add HTTP headers to the request. -func (c *InstancesSetServiceAccountCall) Header() http.Header { +func (c *InstancesStartCall) Header() http.Header { if c.header_ == nil { c.header_ = make(http.Header) } return c.header_ } -func (c *InstancesSetServiceAccountCall) doRequest(alt string) (*http.Response, error) { +func (c *InstancesStartCall) doRequest(alt string) (*http.Response, error) { reqHeaders := make(http.Header) for k, v := range c.header_ { reqHeaders[k] = v } reqHeaders.Set("User-Agent", c.s.userAgent()) var body io.Reader = nil - body, err := googleapi.WithoutDataWrapper.JSONReader(c.instancessetserviceaccountrequest) - if err != nil { - return nil, err - } - reqHeaders.Set("Content-Type", "application/json") c.urlParams_.Set("alt", alt) - urls := googleapi.ResolveRelative(c.s.BasePath, "{project}/zones/{zone}/instances/{instance}/setServiceAccount") + urls := googleapi.ResolveRelative(c.s.BasePath, "{project}/zones/{zone}/instances/{instance}/start") urls += "?" + c.urlParams_.Encode() req, _ := http.NewRequest("POST", urls, body) req.Header = reqHeaders @@ -48950,14 +49818,14 @@ func (c *InstancesSetServiceAccountCall) doRequest(alt string) (*http.Response, return gensupport.SendRequest(c.ctx_, c.s.client, req) } -// Do executes the "compute.instances.setServiceAccount" call. +// Do executes the "compute.instances.start" call. // Exactly one of *Operation or error will be non-nil. Any non-2xx // status code is an error. Response headers are in either // *Operation.ServerResponse.Header or (if a response was returned at // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified // to check whether the returned error was because // http.StatusNotModified was returned. -func (c *InstancesSetServiceAccountCall) Do(opts ...googleapi.CallOption) (*Operation, error) { +func (c *InstancesStartCall) Do(opts ...googleapi.CallOption) (*Operation, error) { gensupport.SetOptions(c.urlParams_, opts...) res, err := c.doRequest("json") if res != nil && res.StatusCode == http.StatusNotModified { @@ -48988,9 +49856,9 @@ func (c *InstancesSetServiceAccountCall) Do(opts ...googleapi.CallOption) (*Oper } return ret, nil // { - // "description": "Sets the service account on the instance. For more information, read Changing the service account and access scopes for an instance.", + // "description": "Starts an instance that was stopped using the using the instances().stop method. For more information, see Restart an instance.", // "httpMethod": "POST", - // "id": "compute.instances.setServiceAccount", + // "id": "compute.instances.start", // "parameterOrder": [ // "project", // "zone", @@ -49024,10 +49892,7 @@ func (c *InstancesSetServiceAccountCall) Do(opts ...googleapi.CallOption) (*Oper // "type": "string" // } // }, - // "path": "{project}/zones/{zone}/instances/{instance}/setServiceAccount", - // "request": { - // "$ref": "InstancesSetServiceAccountRequest" - // }, + // "path": "{project}/zones/{zone}/instances/{instance}/start", // "response": { // "$ref": "Operation" // }, @@ -49039,28 +49904,28 @@ func (c *InstancesSetServiceAccountCall) Do(opts ...googleapi.CallOption) (*Oper } -// method id "compute.instances.setTags": +// method id "compute.instances.startWithEncryptionKey": -type InstancesSetTagsCall struct { - s *Service - project string - zone string - instance string - tags *Tags - urlParams_ gensupport.URLParams - ctx_ context.Context - header_ http.Header +type InstancesStartWithEncryptionKeyCall struct { + s *Service + project string + zone string + instance string + instancesstartwithencryptionkeyrequest *InstancesStartWithEncryptionKeyRequest + urlParams_ gensupport.URLParams + ctx_ context.Context + header_ http.Header } -// SetTags: Sets tags for the specified instance to the data included in -// the request. -// For details, see https://cloud.google.com/compute/docs/reference/latest/instances/setTags -func (r *InstancesService) SetTags(project string, zone string, instance string, tags *Tags) *InstancesSetTagsCall { - c := &InstancesSetTagsCall{s: r.s, urlParams_: make(gensupport.URLParams)} +// StartWithEncryptionKey: Starts an instance that was stopped using the +// using the instances().stop method. For more information, see Restart +// an instance. +func (r *InstancesService) StartWithEncryptionKey(project string, zone string, instance string, instancesstartwithencryptionkeyrequest *InstancesStartWithEncryptionKeyRequest) *InstancesStartWithEncryptionKeyCall { + c := &InstancesStartWithEncryptionKeyCall{s: r.s, urlParams_: make(gensupport.URLParams)} c.project = project c.zone = zone c.instance = instance - c.tags = tags + c.instancesstartwithencryptionkeyrequest = instancesstartwithencryptionkeyrequest return c } @@ -49078,7 +49943,7 @@ func (r *InstancesService) SetTags(project string, zone string, instance string, // // The request ID must be a valid UUID with the exception that zero UUID // is not supported (00000000-0000-0000-0000-000000000000). -func (c *InstancesSetTagsCall) RequestId(requestId string) *InstancesSetTagsCall { +func (c *InstancesStartWithEncryptionKeyCall) RequestId(requestId string) *InstancesStartWithEncryptionKeyCall { c.urlParams_.Set("requestId", requestId) return c } @@ -49086,7 +49951,7 @@ func (c *InstancesSetTagsCall) RequestId(requestId string) *InstancesSetTagsCall // Fields allows partial responses to be retrieved. See // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse // for more information. -func (c *InstancesSetTagsCall) Fields(s ...googleapi.Field) *InstancesSetTagsCall { +func (c *InstancesStartWithEncryptionKeyCall) Fields(s ...googleapi.Field) *InstancesStartWithEncryptionKeyCall { c.urlParams_.Set("fields", googleapi.CombineFields(s)) return c } @@ -49094,34 +49959,34 @@ func (c *InstancesSetTagsCall) Fields(s ...googleapi.Field) *InstancesSetTagsCal // Context sets the context to be used in this call's Do method. Any // pending HTTP request will be aborted if the provided context is // canceled. -func (c *InstancesSetTagsCall) Context(ctx context.Context) *InstancesSetTagsCall { +func (c *InstancesStartWithEncryptionKeyCall) Context(ctx context.Context) *InstancesStartWithEncryptionKeyCall { c.ctx_ = ctx return c } // Header returns an http.Header that can be modified by the caller to // add HTTP headers to the request. -func (c *InstancesSetTagsCall) Header() http.Header { +func (c *InstancesStartWithEncryptionKeyCall) Header() http.Header { if c.header_ == nil { c.header_ = make(http.Header) } return c.header_ } -func (c *InstancesSetTagsCall) doRequest(alt string) (*http.Response, error) { +func (c *InstancesStartWithEncryptionKeyCall) doRequest(alt string) (*http.Response, error) { reqHeaders := make(http.Header) for k, v := range c.header_ { reqHeaders[k] = v } reqHeaders.Set("User-Agent", c.s.userAgent()) var body io.Reader = nil - body, err := googleapi.WithoutDataWrapper.JSONReader(c.tags) + body, err := googleapi.WithoutDataWrapper.JSONReader(c.instancesstartwithencryptionkeyrequest) if err != nil { return nil, err } reqHeaders.Set("Content-Type", "application/json") c.urlParams_.Set("alt", alt) - urls := googleapi.ResolveRelative(c.s.BasePath, "{project}/zones/{zone}/instances/{instance}/setTags") + urls := googleapi.ResolveRelative(c.s.BasePath, "{project}/zones/{zone}/instances/{instance}/startWithEncryptionKey") urls += "?" + c.urlParams_.Encode() req, _ := http.NewRequest("POST", urls, body) req.Header = reqHeaders @@ -49133,14 +49998,14 @@ func (c *InstancesSetTagsCall) doRequest(alt string) (*http.Response, error) { return gensupport.SendRequest(c.ctx_, c.s.client, req) } -// Do executes the "compute.instances.setTags" call. +// Do executes the "compute.instances.startWithEncryptionKey" call. // Exactly one of *Operation or error will be non-nil. Any non-2xx // status code is an error. Response headers are in either // *Operation.ServerResponse.Header or (if a response was returned at // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified // to check whether the returned error was because // http.StatusNotModified was returned. -func (c *InstancesSetTagsCall) Do(opts ...googleapi.CallOption) (*Operation, error) { +func (c *InstancesStartWithEncryptionKeyCall) Do(opts ...googleapi.CallOption) (*Operation, error) { gensupport.SetOptions(c.urlParams_, opts...) res, err := c.doRequest("json") if res != nil && res.StatusCode == http.StatusNotModified { @@ -49171,9 +50036,9 @@ func (c *InstancesSetTagsCall) Do(opts ...googleapi.CallOption) (*Operation, err } return ret, nil // { - // "description": "Sets tags for the specified instance to the data included in the request.", + // "description": "Starts an instance that was stopped using the using the instances().stop method. For more information, see Restart an instance.", // "httpMethod": "POST", - // "id": "compute.instances.setTags", + // "id": "compute.instances.startWithEncryptionKey", // "parameterOrder": [ // "project", // "zone", @@ -49181,7 +50046,7 @@ func (c *InstancesSetTagsCall) Do(opts ...googleapi.CallOption) (*Operation, err // ], // "parameters": { // "instance": { - // "description": "Name of the instance scoping this request.", + // "description": "Name of the instance resource to start.", // "location": "path", // "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", // "required": true, @@ -49207,9 +50072,9 @@ func (c *InstancesSetTagsCall) Do(opts ...googleapi.CallOption) (*Operation, err // "type": "string" // } // }, - // "path": "{project}/zones/{zone}/instances/{instance}/setTags", + // "path": "{project}/zones/{zone}/instances/{instance}/startWithEncryptionKey", // "request": { - // "$ref": "Tags" + // "$ref": "InstancesStartWithEncryptionKeyRequest" // }, // "response": { // "$ref": "Operation" @@ -49222,9 +50087,9 @@ func (c *InstancesSetTagsCall) Do(opts ...googleapi.CallOption) (*Operation, err } -// method id "compute.instances.start": +// method id "compute.instances.stop": -type InstancesStartCall struct { +type InstancesStopCall struct { s *Service project string zone string @@ -49234,12 +50099,15 @@ type InstancesStartCall struct { header_ http.Header } -// Start: Starts an instance that was stopped using the using the -// instances().stop method. For more information, see Restart an -// instance. -// For details, see https://cloud.google.com/compute/docs/reference/latest/instances/start -func (r *InstancesService) Start(project string, zone string, instance string) *InstancesStartCall { - c := &InstancesStartCall{s: r.s, urlParams_: make(gensupport.URLParams)} +// Stop: Stops a running instance, shutting it down cleanly, and allows +// you to restart the instance at a later time. Stopped instances do not +// incur VM usage charges while they are stopped. However, resources +// that the VM is using, such as persistent disks and static IP +// addresses, will continue to be charged until they are deleted. For +// more information, see Stopping an instance. +// For details, see https://cloud.google.com/compute/docs/reference/latest/instances/stop +func (r *InstancesService) Stop(project string, zone string, instance string) *InstancesStopCall { + c := &InstancesStopCall{s: r.s, urlParams_: make(gensupport.URLParams)} c.project = project c.zone = zone c.instance = instance @@ -49260,7 +50128,7 @@ func (r *InstancesService) Start(project string, zone string, instance string) * // // The request ID must be a valid UUID with the exception that zero UUID // is not supported (00000000-0000-0000-0000-000000000000). -func (c *InstancesStartCall) RequestId(requestId string) *InstancesStartCall { +func (c *InstancesStopCall) RequestId(requestId string) *InstancesStopCall { c.urlParams_.Set("requestId", requestId) return c } @@ -49268,7 +50136,7 @@ func (c *InstancesStartCall) RequestId(requestId string) *InstancesStartCall { // Fields allows partial responses to be retrieved. See // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse // for more information. -func (c *InstancesStartCall) Fields(s ...googleapi.Field) *InstancesStartCall { +func (c *InstancesStopCall) Fields(s ...googleapi.Field) *InstancesStopCall { c.urlParams_.Set("fields", googleapi.CombineFields(s)) return c } @@ -49276,21 +50144,21 @@ func (c *InstancesStartCall) Fields(s ...googleapi.Field) *InstancesStartCall { // Context sets the context to be used in this call's Do method. Any // pending HTTP request will be aborted if the provided context is // canceled. -func (c *InstancesStartCall) Context(ctx context.Context) *InstancesStartCall { +func (c *InstancesStopCall) Context(ctx context.Context) *InstancesStopCall { c.ctx_ = ctx return c } // Header returns an http.Header that can be modified by the caller to // add HTTP headers to the request. -func (c *InstancesStartCall) Header() http.Header { +func (c *InstancesStopCall) Header() http.Header { if c.header_ == nil { c.header_ = make(http.Header) } return c.header_ } -func (c *InstancesStartCall) doRequest(alt string) (*http.Response, error) { +func (c *InstancesStopCall) doRequest(alt string) (*http.Response, error) { reqHeaders := make(http.Header) for k, v := range c.header_ { reqHeaders[k] = v @@ -49298,7 +50166,7 @@ func (c *InstancesStartCall) doRequest(alt string) (*http.Response, error) { reqHeaders.Set("User-Agent", c.s.userAgent()) var body io.Reader = nil c.urlParams_.Set("alt", alt) - urls := googleapi.ResolveRelative(c.s.BasePath, "{project}/zones/{zone}/instances/{instance}/start") + urls := googleapi.ResolveRelative(c.s.BasePath, "{project}/zones/{zone}/instances/{instance}/stop") urls += "?" + c.urlParams_.Encode() req, _ := http.NewRequest("POST", urls, body) req.Header = reqHeaders @@ -49310,14 +50178,14 @@ func (c *InstancesStartCall) doRequest(alt string) (*http.Response, error) { return gensupport.SendRequest(c.ctx_, c.s.client, req) } -// Do executes the "compute.instances.start" call. +// Do executes the "compute.instances.stop" call. // Exactly one of *Operation or error will be non-nil. Any non-2xx // status code is an error. Response headers are in either // *Operation.ServerResponse.Header or (if a response was returned at // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified // to check whether the returned error was because // http.StatusNotModified was returned. -func (c *InstancesStartCall) Do(opts ...googleapi.CallOption) (*Operation, error) { +func (c *InstancesStopCall) Do(opts ...googleapi.CallOption) (*Operation, error) { gensupport.SetOptions(c.urlParams_, opts...) res, err := c.doRequest("json") if res != nil && res.StatusCode == http.StatusNotModified { @@ -49348,9 +50216,9 @@ func (c *InstancesStartCall) Do(opts ...googleapi.CallOption) (*Operation, error } return ret, nil // { - // "description": "Starts an instance that was stopped using the using the instances().stop method. For more information, see Restart an instance.", + // "description": "Stops a running instance, shutting it down cleanly, and allows you to restart the instance at a later time. Stopped instances do not incur VM usage charges while they are stopped. However, resources that the VM is using, such as persistent disks and static IP addresses, will continue to be charged until they are deleted. For more information, see Stopping an instance.", // "httpMethod": "POST", - // "id": "compute.instances.start", + // "id": "compute.instances.stop", // "parameterOrder": [ // "project", // "zone", @@ -49358,7 +50226,7 @@ func (c *InstancesStartCall) Do(opts ...googleapi.CallOption) (*Operation, error // ], // "parameters": { // "instance": { - // "description": "Name of the instance resource to start.", + // "description": "Name of the instance resource to stop.", // "location": "path", // "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", // "required": true, @@ -49384,7 +50252,7 @@ func (c *InstancesStartCall) Do(opts ...googleapi.CallOption) (*Operation, error // "type": "string" // } // }, - // "path": "{project}/zones/{zone}/instances/{instance}/start", + // "path": "{project}/zones/{zone}/instances/{instance}/stop", // "response": { // "$ref": "Operation" // }, @@ -49396,28 +50264,30 @@ func (c *InstancesStartCall) Do(opts ...googleapi.CallOption) (*Operation, error } -// method id "compute.instances.startWithEncryptionKey": +// method id "compute.instances.updateAccessConfig": -type InstancesStartWithEncryptionKeyCall struct { - s *Service - project string - zone string - instance string - instancesstartwithencryptionkeyrequest *InstancesStartWithEncryptionKeyRequest - urlParams_ gensupport.URLParams - ctx_ context.Context - header_ http.Header +type InstancesUpdateAccessConfigCall struct { + s *Service + project string + zone string + instance string + accessconfig *AccessConfig + urlParams_ gensupport.URLParams + ctx_ context.Context + header_ http.Header } -// StartWithEncryptionKey: Starts an instance that was stopped using the -// using the instances().stop method. For more information, see Restart -// an instance. -func (r *InstancesService) StartWithEncryptionKey(project string, zone string, instance string, instancesstartwithencryptionkeyrequest *InstancesStartWithEncryptionKeyRequest) *InstancesStartWithEncryptionKeyCall { - c := &InstancesStartWithEncryptionKeyCall{s: r.s, urlParams_: make(gensupport.URLParams)} +// UpdateAccessConfig: Updates the specified access config from an +// instance's network interface with the data included in the request. +// This method supports PATCH semantics and uses the JSON merge patch +// format and processing rules. +func (r *InstancesService) UpdateAccessConfig(project string, zone string, instance string, networkInterface string, accessconfig *AccessConfig) *InstancesUpdateAccessConfigCall { + c := &InstancesUpdateAccessConfigCall{s: r.s, urlParams_: make(gensupport.URLParams)} c.project = project c.zone = zone c.instance = instance - c.instancesstartwithencryptionkeyrequest = instancesstartwithencryptionkeyrequest + c.urlParams_.Set("networkInterface", networkInterface) + c.accessconfig = accessconfig return c } @@ -49435,7 +50305,7 @@ func (r *InstancesService) StartWithEncryptionKey(project string, zone string, i // // The request ID must be a valid UUID with the exception that zero UUID // is not supported (00000000-0000-0000-0000-000000000000). -func (c *InstancesStartWithEncryptionKeyCall) RequestId(requestId string) *InstancesStartWithEncryptionKeyCall { +func (c *InstancesUpdateAccessConfigCall) RequestId(requestId string) *InstancesUpdateAccessConfigCall { c.urlParams_.Set("requestId", requestId) return c } @@ -49443,7 +50313,7 @@ func (c *InstancesStartWithEncryptionKeyCall) RequestId(requestId string) *Insta // Fields allows partial responses to be retrieved. See // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse // for more information. -func (c *InstancesStartWithEncryptionKeyCall) Fields(s ...googleapi.Field) *InstancesStartWithEncryptionKeyCall { +func (c *InstancesUpdateAccessConfigCall) Fields(s ...googleapi.Field) *InstancesUpdateAccessConfigCall { c.urlParams_.Set("fields", googleapi.CombineFields(s)) return c } @@ -49451,34 +50321,34 @@ func (c *InstancesStartWithEncryptionKeyCall) Fields(s ...googleapi.Field) *Inst // Context sets the context to be used in this call's Do method. Any // pending HTTP request will be aborted if the provided context is // canceled. -func (c *InstancesStartWithEncryptionKeyCall) Context(ctx context.Context) *InstancesStartWithEncryptionKeyCall { +func (c *InstancesUpdateAccessConfigCall) Context(ctx context.Context) *InstancesUpdateAccessConfigCall { c.ctx_ = ctx return c } // Header returns an http.Header that can be modified by the caller to // add HTTP headers to the request. -func (c *InstancesStartWithEncryptionKeyCall) Header() http.Header { +func (c *InstancesUpdateAccessConfigCall) Header() http.Header { if c.header_ == nil { c.header_ = make(http.Header) } return c.header_ } -func (c *InstancesStartWithEncryptionKeyCall) doRequest(alt string) (*http.Response, error) { +func (c *InstancesUpdateAccessConfigCall) doRequest(alt string) (*http.Response, error) { reqHeaders := make(http.Header) for k, v := range c.header_ { reqHeaders[k] = v } reqHeaders.Set("User-Agent", c.s.userAgent()) var body io.Reader = nil - body, err := googleapi.WithoutDataWrapper.JSONReader(c.instancesstartwithencryptionkeyrequest) + body, err := googleapi.WithoutDataWrapper.JSONReader(c.accessconfig) if err != nil { return nil, err } reqHeaders.Set("Content-Type", "application/json") c.urlParams_.Set("alt", alt) - urls := googleapi.ResolveRelative(c.s.BasePath, "{project}/zones/{zone}/instances/{instance}/startWithEncryptionKey") + urls := googleapi.ResolveRelative(c.s.BasePath, "{project}/zones/{zone}/instances/{instance}/updateAccessConfig") urls += "?" + c.urlParams_.Encode() req, _ := http.NewRequest("POST", urls, body) req.Header = reqHeaders @@ -49490,14 +50360,14 @@ func (c *InstancesStartWithEncryptionKeyCall) doRequest(alt string) (*http.Respo return gensupport.SendRequest(c.ctx_, c.s.client, req) } -// Do executes the "compute.instances.startWithEncryptionKey" call. +// Do executes the "compute.instances.updateAccessConfig" call. // Exactly one of *Operation or error will be non-nil. Any non-2xx // status code is an error. Response headers are in either // *Operation.ServerResponse.Header or (if a response was returned at // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified // to check whether the returned error was because // http.StatusNotModified was returned. -func (c *InstancesStartWithEncryptionKeyCall) Do(opts ...googleapi.CallOption) (*Operation, error) { +func (c *InstancesUpdateAccessConfigCall) Do(opts ...googleapi.CallOption) (*Operation, error) { gensupport.SetOptions(c.urlParams_, opts...) res, err := c.doRequest("json") if res != nil && res.StatusCode == http.StatusNotModified { @@ -49528,199 +50398,26 @@ func (c *InstancesStartWithEncryptionKeyCall) Do(opts ...googleapi.CallOption) ( } return ret, nil // { - // "description": "Starts an instance that was stopped using the using the instances().stop method. For more information, see Restart an instance.", + // "description": "Updates the specified access config from an instance's network interface with the data included in the request. This method supports PATCH semantics and uses the JSON merge patch format and processing rules.", // "httpMethod": "POST", - // "id": "compute.instances.startWithEncryptionKey", + // "id": "compute.instances.updateAccessConfig", // "parameterOrder": [ // "project", // "zone", - // "instance" + // "instance", + // "networkInterface" // ], // "parameters": { // "instance": { - // "description": "Name of the instance resource to start.", + // "description": "The instance name for this request.", // "location": "path", // "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", // "required": true, // "type": "string" // }, - // "project": { - // "description": "Project ID for this request.", - // "location": "path", - // "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))", - // "required": true, - // "type": "string" - // }, - // "requestId": { - // "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.\n\nFor example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.\n\nThe request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).", + // "networkInterface": { + // "description": "The name of the network interface where the access config is attached.", // "location": "query", - // "type": "string" - // }, - // "zone": { - // "description": "The name of the zone for this request.", - // "location": "path", - // "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", - // "required": true, - // "type": "string" - // } - // }, - // "path": "{project}/zones/{zone}/instances/{instance}/startWithEncryptionKey", - // "request": { - // "$ref": "InstancesStartWithEncryptionKeyRequest" - // }, - // "response": { - // "$ref": "Operation" - // }, - // "scopes": [ - // "https://www.googleapis.com/auth/cloud-platform", - // "https://www.googleapis.com/auth/compute" - // ] - // } - -} - -// method id "compute.instances.stop": - -type InstancesStopCall struct { - s *Service - project string - zone string - instance string - urlParams_ gensupport.URLParams - ctx_ context.Context - header_ http.Header -} - -// Stop: Stops a running instance, shutting it down cleanly, and allows -// you to restart the instance at a later time. Stopped instances do not -// incur VM usage charges while they are stopped. However, resources -// that the VM is using, such as persistent disks and static IP -// addresses, will continue to be charged until they are deleted. For -// more information, see Stopping an instance. -// For details, see https://cloud.google.com/compute/docs/reference/latest/instances/stop -func (r *InstancesService) Stop(project string, zone string, instance string) *InstancesStopCall { - c := &InstancesStopCall{s: r.s, urlParams_: make(gensupport.URLParams)} - c.project = project - c.zone = zone - c.instance = instance - return c -} - -// RequestId sets the optional parameter "requestId": An optional -// request ID to identify requests. Specify a unique request ID so that -// if you must retry your request, the server will know to ignore the -// request if it has already been completed. -// -// For example, consider a situation where you make an initial request -// and the request times out. If you make the request again with the -// same request ID, the server can check if original operation with the -// same request ID was received, and if so, will ignore the second -// request. This prevents clients from accidentally creating duplicate -// commitments. -// -// The request ID must be a valid UUID with the exception that zero UUID -// is not supported (00000000-0000-0000-0000-000000000000). -func (c *InstancesStopCall) RequestId(requestId string) *InstancesStopCall { - c.urlParams_.Set("requestId", requestId) - return c -} - -// Fields allows partial responses to be retrieved. See -// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse -// for more information. -func (c *InstancesStopCall) Fields(s ...googleapi.Field) *InstancesStopCall { - c.urlParams_.Set("fields", googleapi.CombineFields(s)) - return c -} - -// Context sets the context to be used in this call's Do method. Any -// pending HTTP request will be aborted if the provided context is -// canceled. -func (c *InstancesStopCall) Context(ctx context.Context) *InstancesStopCall { - c.ctx_ = ctx - return c -} - -// Header returns an http.Header that can be modified by the caller to -// add HTTP headers to the request. -func (c *InstancesStopCall) Header() http.Header { - if c.header_ == nil { - c.header_ = make(http.Header) - } - return c.header_ -} - -func (c *InstancesStopCall) doRequest(alt string) (*http.Response, error) { - reqHeaders := make(http.Header) - for k, v := range c.header_ { - reqHeaders[k] = v - } - reqHeaders.Set("User-Agent", c.s.userAgent()) - var body io.Reader = nil - c.urlParams_.Set("alt", alt) - urls := googleapi.ResolveRelative(c.s.BasePath, "{project}/zones/{zone}/instances/{instance}/stop") - urls += "?" + c.urlParams_.Encode() - req, _ := http.NewRequest("POST", urls, body) - req.Header = reqHeaders - googleapi.Expand(req.URL, map[string]string{ - "project": c.project, - "zone": c.zone, - "instance": c.instance, - }) - return gensupport.SendRequest(c.ctx_, c.s.client, req) -} - -// Do executes the "compute.instances.stop" call. -// Exactly one of *Operation or error will be non-nil. Any non-2xx -// status code is an error. Response headers are in either -// *Operation.ServerResponse.Header or (if a response was returned at -// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified -// to check whether the returned error was because -// http.StatusNotModified was returned. -func (c *InstancesStopCall) Do(opts ...googleapi.CallOption) (*Operation, error) { - gensupport.SetOptions(c.urlParams_, opts...) - res, err := c.doRequest("json") - if res != nil && res.StatusCode == http.StatusNotModified { - if res.Body != nil { - res.Body.Close() - } - return nil, &googleapi.Error{ - Code: res.StatusCode, - Header: res.Header, - } - } - if err != nil { - return nil, err - } - defer googleapi.CloseBody(res) - if err := googleapi.CheckResponse(res); err != nil { - return nil, err - } - ret := &Operation{ - ServerResponse: googleapi.ServerResponse{ - Header: res.Header, - HTTPStatusCode: res.StatusCode, - }, - } - target := &ret - if err := gensupport.DecodeResponse(target, res); err != nil { - return nil, err - } - return ret, nil - // { - // "description": "Stops a running instance, shutting it down cleanly, and allows you to restart the instance at a later time. Stopped instances do not incur VM usage charges while they are stopped. However, resources that the VM is using, such as persistent disks and static IP addresses, will continue to be charged until they are deleted. For more information, see Stopping an instance.", - // "httpMethod": "POST", - // "id": "compute.instances.stop", - // "parameterOrder": [ - // "project", - // "zone", - // "instance" - // ], - // "parameters": { - // "instance": { - // "description": "Name of the instance resource to stop.", - // "location": "path", - // "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", // "required": true, // "type": "string" // }, @@ -49744,7 +50441,10 @@ func (c *InstancesStopCall) Do(opts ...googleapi.CallOption) (*Operation, error) // "type": "string" // } // }, - // "path": "{project}/zones/{zone}/instances/{instance}/stop", + // "path": "{project}/zones/{zone}/instances/{instance}/updateAccessConfig", + // "request": { + // "$ref": "AccessConfig" + // }, // "response": { // "$ref": "Operation" // }, @@ -57851,7 +58551,7 @@ func (c *RegionBackendServicesGetHealthCall) Do(opts ...googleapi.CallOption) (* // ], // "parameters": { // "backendService": { - // "description": "Name of the BackendService resource to which the queried instance belongs.", + // "description": "Name of the BackendService resource for which to get health.", // "location": "path", // "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", // "required": true, diff --git a/vendor/google.golang.org/api/gensupport/go18.go b/vendor/google.golang.org/api/gensupport/go18.go new file mode 100644 index 000000000000..c76cb8f20bb6 --- /dev/null +++ b/vendor/google.golang.org/api/gensupport/go18.go @@ -0,0 +1,17 @@ +// Copyright 2018 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build go1.8 + +package gensupport + +import ( + "io" + "net/http" +) + +// SetGetBody sets the GetBody field of req to f. +func SetGetBody(req *http.Request, f func() (io.ReadCloser, error)) { + req.GetBody = f +} diff --git a/vendor/google.golang.org/api/gensupport/media.go b/vendor/google.golang.org/api/gensupport/media.go index f3e77fc52979..5a2674104ef4 100644 --- a/vendor/google.golang.org/api/gensupport/media.go +++ b/vendor/google.golang.org/api/gensupport/media.go @@ -5,12 +5,14 @@ package gensupport import ( + "bytes" "fmt" "io" "io/ioutil" "mime/multipart" "net/http" "net/textproto" + "strings" "google.golang.org/api/googleapi" ) @@ -251,11 +253,11 @@ func (mi *MediaInfo) UploadType() string { } // UploadRequest sets up an HTTP request for media upload. It adds headers -// as necessary, and returns a replacement for the body. -func (mi *MediaInfo) UploadRequest(reqHeaders http.Header, body io.Reader) (newBody io.Reader, cleanup func()) { +// as necessary, and returns a replacement for the body and a function for http.Request.GetBody. +func (mi *MediaInfo) UploadRequest(reqHeaders http.Header, body io.Reader) (newBody io.Reader, getBody func() (io.ReadCloser, error), cleanup func()) { cleanup = func() {} if mi == nil { - return body, cleanup + return body, nil, cleanup } var media io.Reader if mi.media != nil { @@ -269,7 +271,17 @@ func (mi *MediaInfo) UploadRequest(reqHeaders http.Header, body io.Reader) (newB media, _, _, _ = mi.buffer.Chunk() } if media != nil { + fb := readerFunc(body) + fm := readerFunc(media) combined, ctype := CombineBodyMedia(body, "application/json", media, mi.mType) + if fb != nil && fm != nil { + getBody = func() (io.ReadCloser, error) { + rb := ioutil.NopCloser(fb()) + rm := ioutil.NopCloser(fm()) + r, _ := CombineBodyMedia(rb, "application/json", rm, mi.mType) + return r, nil + } + } cleanup = func() { combined.Close() } reqHeaders.Set("Content-Type", ctype) body = combined @@ -277,7 +289,27 @@ func (mi *MediaInfo) UploadRequest(reqHeaders http.Header, body io.Reader) (newB if mi.buffer != nil && mi.mType != "" && !mi.singleChunk { reqHeaders.Set("X-Upload-Content-Type", mi.mType) } - return body, cleanup + return body, getBody, cleanup +} + +// readerFunc returns a function that always returns an io.Reader that has the same +// contents as r, provided that can be done without consuming r. Otherwise, it +// returns nil. +// See http.NewRequest (in net/http/request.go). +func readerFunc(r io.Reader) func() io.Reader { + switch r := r.(type) { + case *bytes.Buffer: + buf := r.Bytes() + return func() io.Reader { return bytes.NewReader(buf) } + case *bytes.Reader: + snapshot := *r + return func() io.Reader { r := snapshot; return &r } + case *strings.Reader: + snapshot := *r + return func() io.Reader { r := snapshot; return &r } + default: + return nil + } } // ResumableUpload returns an appropriately configured ResumableUpload value if the diff --git a/vendor/google.golang.org/api/gensupport/not_go18.go b/vendor/google.golang.org/api/gensupport/not_go18.go new file mode 100644 index 000000000000..2536501cecf3 --- /dev/null +++ b/vendor/google.golang.org/api/gensupport/not_go18.go @@ -0,0 +1,14 @@ +// Copyright 2018 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build !go1.8 + +package gensupport + +import ( + "io" + "net/http" +) + +func SetGetBody(req *http.Request, f func() (io.ReadCloser, error)) {} diff --git a/vendor/google.golang.org/api/iam/v1/iam-api.json b/vendor/google.golang.org/api/iam/v1/iam-api.json index bcc80f9fac44..c30d9d9adbf7 100644 --- a/vendor/google.golang.org/api/iam/v1/iam-api.json +++ b/vendor/google.golang.org/api/iam/v1/iam-api.json @@ -1,1737 +1,1797 @@ { - "schemas": { - "BindingDelta": { - "description": "One delta entry for Binding. Each individual change (only one member in each\nentry) to a binding will be a separate entry.", - "type": "object", - "properties": { - "role": { - "description": "Role that is assigned to `members`.\nFor example, `roles/viewer`, `roles/editor`, or `roles/owner`.\nRequired", - "type": "string" - }, - "action": { - "description": "The action that was performed on a Binding.\nRequired", - "type": "string", - "enumDescriptions": [ - "Unspecified.", - "Addition of a Binding.", - "Removal of a Binding." - ], - "enum": [ - "ACTION_UNSPECIFIED", - "ADD", - "REMOVE" - ] - }, - "member": { - "description": "A single identity requesting access for a Cloud Platform resource.\nFollows the same format of Binding.members.\nRequired", - "type": "string" + "auth": { + "oauth2": { + "scopes": { + "https://www.googleapis.com/auth/cloud-platform": { + "description": "View and manage your data across Google Cloud Platform services" } - }, - "id": "BindingDelta" + } + } + }, + "basePath": "", + "baseUrl": "https://iam.googleapis.com/", + "batchPath": "batch", + "canonicalName": "iam", + "description": "Manages identity and access control for Google Cloud Platform resources, including the creation of service accounts, which you can use to authenticate to Google and make API calls.", + "discoveryVersion": "v1", + "documentationLink": "https://cloud.google.com/iam/", + "fullyEncodeReservedExpansion": true, + "icons": { + "x16": "http://www.google.com/images/icons/product/search-16.gif", + "x32": "http://www.google.com/images/icons/product/search-32.gif" + }, + "id": "iam:v1", + "kind": "discovery#restDescription", + "name": "iam", + "ownerDomain": "google.com", + "ownerName": "Google", + "parameters": { + "$.xgafv": { + "description": "V1 error format.", + "enum": [ + "1", + "2" + ], + "enumDescriptions": [ + "v1 error format", + "v2 error format" + ], + "location": "query", + "type": "string" }, - "QueryAuditableServicesRequest": { - "description": "A request to get the list of auditable services for a resource.", - "type": "object", - "properties": { - "fullResourceName": { - "description": "Required. The full resource name to query from the list of auditable\nservices.\n\nThe name follows the Google Cloud Platform resource format.\nFor example, a Cloud Platform project with id `my-project` will be named\n`//cloudresourcemanager.googleapis.com/projects/my-project`.", - "type": "string" - } - }, - "id": "QueryAuditableServicesRequest" + "access_token": { + "description": "OAuth access token.", + "location": "query", + "type": "string" }, - "UndeleteRoleRequest": { - "description": "The request to undelete an existing role.", - "type": "object", - "properties": { - "etag": { - "description": "Used to perform a consistent read-modify-write.", - "format": "byte", - "type": "string" - } - }, - "id": "UndeleteRoleRequest" + "alt": { + "default": "json", + "description": "Data format for response.", + "enum": [ + "json", + "media", + "proto" + ], + "enumDescriptions": [ + "Responses with Content-Type of application/json", + "Media download with context-dependent Content-Type", + "Responses with Content-Type of application/x-protobuf" + ], + "location": "query", + "type": "string" }, - "CreateServiceAccountRequest": { - "description": "The service account create request.", - "type": "object", - "properties": { - "serviceAccount": { - "$ref": "ServiceAccount", - "description": "The ServiceAccount resource to create.\nCurrently, only the following values are user assignable:\n`display_name` ." - }, - "accountId": { - "description": "Required. The account id that is used to generate the service account\nemail address and a stable unique id. It is unique within a project,\nmust be 6-30 characters long, and match the regular expression\n`[a-z]([-a-z0-9]*[a-z0-9])` to comply with RFC1035.", - "type": "string" - } - }, - "id": "CreateServiceAccountRequest" + "bearer_token": { + "description": "OAuth bearer token.", + "location": "query", + "type": "string" }, - "Role": { - "id": "Role", - "description": "A role in the Identity and Access Management API.", - "type": "object", - "properties": { - "title": { - "description": "Optional. A human-readable title for the role. Typically this\nis limited to 100 UTF-8 bytes.", - "type": "string" - }, - "includedPermissions": { - "description": "The names of the permissions this role grants when bound in an IAM policy.", - "type": "array", - "items": { - "type": "string" - } - }, - "description": { - "description": "Optional. A human-readable description for the role.", - "type": "string" - }, - "etag": { - "description": "Used to perform a consistent read-modify-write.", - "format": "byte", - "type": "string" - }, - "stage": { - "description": "The current launch stage of the role.", - "type": "string", - "enumDescriptions": [ - "The user has indicated this role is currently in an alpha phase.", - "The user has indicated this role is currently in a beta phase.", - "The user has indicated this role is generally available.", - "The user has indicated this role is being deprecated.", - "This role is disabled and will not contribute permissions to any members\nit is granted to in policies.", - "The user has indicated this role is currently in an eap phase." - ], - "enum": [ - "ALPHA", - "BETA", - "GA", - "DEPRECATED", - "DISABLED", - "EAP" - ] - }, - "name": { - "description": "The name of the role.\n\nWhen Role is used in CreateRole, the role name must not be set.\n\nWhen Role is used in output and other input such as UpdateRole, the role\nname is the complete path, e.g., roles/logging.viewer for curated roles\nand organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.", - "type": "string" - }, - "deleted": { - "description": "The current deleted state of the role. This field is read only.\nIt will be ignored in calls to CreateRole and UpdateRole.", - "type": "boolean" - } - } + "callback": { + "description": "JSONP", + "location": "query", + "type": "string" }, - "QueryAuditableServicesResponse": { - "id": "QueryAuditableServicesResponse", - "description": "A response containing a list of auditable services for a resource.", - "type": "object", - "properties": { - "services": { - "description": "The auditable services for a resource.", - "type": "array", - "items": { - "$ref": "AuditableService" - } - } - } + "fields": { + "description": "Selector specifying which fields to include in a partial response.", + "location": "query", + "type": "string" }, - "Binding": { - "description": "Associates `members` with a `role`.", - "type": "object", - "properties": { - "members": { - "description": "Specifies the identities requesting access for a Cloud Platform resource.\n`members` can have the following values:\n\n* `allUsers`: A special identifier that represents anyone who is\n on the internet; with or without a Google account.\n\n* `allAuthenticatedUsers`: A special identifier that represents anyone\n who is authenticated with a Google account or a service account.\n\n* `user:{emailid}`: An email address that represents a specific Google\n account. For example, `alice@gmail.com` or `joe@example.com`.\n\n\n* `serviceAccount:{emailid}`: An email address that represents a service\n account. For example, `my-other-app@appspot.gserviceaccount.com`.\n\n* `group:{emailid}`: An email address that represents a Google group.\n For example, `admins@example.com`.\n\n\n* `domain:{domain}`: A Google Apps domain name that represents all the\n users of that domain. For example, `google.com` or `example.com`.\n\n", - "type": "array", - "items": { - "type": "string" - } - }, - "role": { - "description": "Role that is assigned to `members`.\nFor example, `roles/viewer`, `roles/editor`, or `roles/owner`.\nRequired", - "type": "string" - } - }, - "id": "Binding" + "key": { + "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.", + "location": "query", + "type": "string" }, - "QueryGrantableRolesRequest": { - "description": "The grantable role query request.", - "type": "object", - "properties": { - "pageToken": { - "description": "Optional pagination token returned in an earlier\nQueryGrantableRolesResponse.", - "type": "string" - }, - "pageSize": { - "description": "Optional limit on the number of roles to include in the response.", - "format": "int32", - "type": "integer" - }, - "view": { - "enumDescriptions": [ - "Omits the `included_permissions` field.\nThis is the default value.", - "Returns all fields." - ], - "enum": [ - "BASIC", - "FULL" - ], - "type": "string" - }, - "fullResourceName": { - "description": "Required. The full resource name to query from the list of grantable roles.\n\nThe name follows the Google Cloud Platform resource format.\nFor example, a Cloud Platform project with id `my-project` will be named\n`//cloudresourcemanager.googleapis.com/projects/my-project`.", - "type": "string" - } - }, - "id": "QueryGrantableRolesRequest" + "oauth_token": { + "description": "OAuth 2.0 token for the current user.", + "location": "query", + "type": "string" }, - "ServiceAccount": { - "id": "ServiceAccount", - "description": "A service account in the Identity and Access Management API.\n\nTo create a service account, specify the `project_id` and the `account_id`\nfor the account. The `account_id` is unique within the project, and is used\nto generate the service account email address and a stable\n`unique_id`.\n\nIf the account already exists, the account's resource name is returned\nin the format of projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. The caller\ncan use the name in other methods to access the account.\n\nAll other methods can identify the service account using the format\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.\nUsing `-` as a wildcard for the `PROJECT_ID` will infer the project from\nthe account. The `ACCOUNT` value can be the `email` address or the\n`unique_id` of the service account.", - "type": "object", - "properties": { - "name": { - "description": "The resource name of the service account in the following format:\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.\n\nRequests using `-` as a wildcard for the `PROJECT_ID` will infer the\nproject from the `account` and the `ACCOUNT` value can be the `email`\naddress or the `unique_id` of the service account.\n\nIn responses the resource name will always be in the format\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.", - "type": "string" - }, - "email": { - "description": "@OutputOnly The email address of the service account.", - "type": "string" - }, - "projectId": { - "description": "@OutputOnly The id of the project that owns the service account.", - "type": "string" - }, - "uniqueId": { - "description": "@OutputOnly The unique and stable id of the service account.", - "type": "string" - }, - "oauth2ClientId": { - "description": "@OutputOnly The OAuth2 client id for the service account.\nThis is used in conjunction with the OAuth2 clientconfig API to make\nthree legged OAuth2 (3LO) flows to access the data of Google users.", - "type": "string" - }, - "displayName": { - "description": "Optional. A user-specified description of the service account. Must be\nfewer than 100 UTF-8 bytes.", - "type": "string" - }, - "etag": { - "description": "Used to perform a consistent read-modify-write.", - "format": "byte", - "type": "string" - } - } - }, - "CreateRoleRequest": { - "description": "The request to create a new role.", - "type": "object", - "properties": { - "roleId": { - "description": "The role id to use for this role.", - "type": "string" - }, - "role": { - "$ref": "Role", - "description": "The Role resource to create." - } - }, - "id": "CreateRoleRequest" - }, - "ListServiceAccountKeysResponse": { - "description": "The service account keys list response.", - "type": "object", - "properties": { - "keys": { - "description": "The public keys for the service account.", - "type": "array", - "items": { - "$ref": "ServiceAccountKey" - } - } - }, - "id": "ListServiceAccountKeysResponse" - }, - "TestIamPermissionsResponse": { - "description": "Response message for `TestIamPermissions` method.", - "type": "object", - "properties": { - "permissions": { - "description": "A subset of `TestPermissionsRequest.permissions` that the caller is\nallowed.", - "type": "array", - "items": { - "type": "string" - } - } - }, - "id": "TestIamPermissionsResponse" - }, - "QueryTestablePermissionsRequest": { - "id": "QueryTestablePermissionsRequest", - "description": "A request to get permissions which can be tested on a resource.", - "type": "object", - "properties": { - "pageToken": { - "description": "Optional pagination token returned in an earlier\nQueryTestablePermissionsRequest.", - "type": "string" - }, - "pageSize": { - "description": "Optional limit on the number of permissions to include in the response.", - "format": "int32", - "type": "integer" - }, - "fullResourceName": { - "description": "Required. The full resource name to query from the list of testable\npermissions.\n\nThe name follows the Google Cloud Platform resource format.\nFor example, a Cloud Platform project with id `my-project` will be named\n`//cloudresourcemanager.googleapis.com/projects/my-project`.", - "type": "string" - } - } + "pp": { + "default": "true", + "description": "Pretty-print response.", + "location": "query", + "type": "boolean" }, - "ServiceAccountKey": { - "description": "Represents a service account key.\n\nA service account has two sets of key-pairs: user-managed, and\nsystem-managed.\n\nUser-managed key-pairs can be created and deleted by users. Users are\nresponsible for rotating these keys periodically to ensure security of\ntheir service accounts. Users retain the private key of these key-pairs,\nand Google retains ONLY the public key.\n\nSystem-managed key-pairs are managed automatically by Google, and rotated\ndaily without user intervention. The private key never leaves Google's\nservers to maximize security.\n\nPublic keys for all service accounts are also published at the OAuth2\nService Account API.", - "type": "object", - "properties": { - "privateKeyData": { - "description": "The private key data. Only provided in `CreateServiceAccountKey`\nresponses. Make sure to keep the private key data secure because it\nallows for the assertion of the service account identity.\nWhen decoded, the private key data can be used to authenticate with\nGoogle API client libraries and with\n\u003ca href=\"/sdk/gcloud/reference/auth/activate-service-account\"\u003egcloud\nauth activate-service-account\u003c/a\u003e.", - "format": "byte", - "type": "string" - }, - "publicKeyData": { - "description": "The public key data. Only provided in `GetServiceAccountKey` responses.", - "format": "byte", - "type": "string" - }, - "name": { - "description": "The resource name of the service account key in the following format\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`.", - "type": "string" - }, - "validBeforeTime": { - "description": "The key can be used before this timestamp.", - "format": "google-datetime", - "type": "string" - }, - "keyAlgorithm": { - "description": "Specifies the algorithm (and possibly key size) for the key.", - "type": "string", - "enumDescriptions": [ - "An unspecified key algorithm.", - "1k RSA Key.", - "2k RSA Key." - ], - "enum": [ - "KEY_ALG_UNSPECIFIED", - "KEY_ALG_RSA_1024", - "KEY_ALG_RSA_2048" - ] - }, - "validAfterTime": { - "description": "The key can be used after this timestamp.", - "format": "google-datetime", - "type": "string" - }, - "privateKeyType": { - "enumDescriptions": [ - "Unspecified. Equivalent to `TYPE_GOOGLE_CREDENTIALS_FILE`.", - "PKCS12 format.\nThe password for the PKCS12 file is `notasecret`.\nFor more information, see https://tools.ietf.org/html/rfc7292.", - "Google Credentials File format." - ], - "enum": [ - "TYPE_UNSPECIFIED", - "TYPE_PKCS12_FILE", - "TYPE_GOOGLE_CREDENTIALS_FILE" - ], - "description": "The output format for the private key.\nOnly provided in `CreateServiceAccountKey` responses, not\nin `GetServiceAccountKey` or `ListServiceAccountKey` responses.\n\nGoogle never exposes system-managed private keys, and never retains\nuser-managed private keys.", - "type": "string" - } - }, - "id": "ServiceAccountKey" + "prettyPrint": { + "default": "true", + "description": "Returns response with indentations and line breaks.", + "location": "query", + "type": "boolean" }, - "SignBlobResponse": { - "description": "The service account sign blob response.", - "type": "object", - "properties": { - "keyId": { - "description": "The id of the key used to sign the blob.", - "type": "string" - }, - "signature": { - "description": "The signed blob.", - "format": "byte", - "type": "string" - } - }, - "id": "SignBlobResponse" + "quotaUser": { + "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.", + "location": "query", + "type": "string" }, - "SignJwtRequest": { - "id": "SignJwtRequest", - "description": "The service account sign JWT request.", - "type": "object", - "properties": { - "payload": { - "description": "The JWT payload to sign, a JSON JWT Claim set.", - "type": "string" - } - } + "uploadType": { + "description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").", + "location": "query", + "type": "string" }, - "Permission": { - "description": "A permission which can be included by a role.", - "type": "object", - "properties": { - "onlyInPredefinedRoles": { - "description": "This permission can ONLY be used in predefined roles.", - "type": "boolean" - }, - "title": { - "description": "The title of this Permission.", - "type": "string" - }, - "description": { - "description": "A brief description of what this Permission is used for.", - "type": "string" - }, - "customRolesSupportLevel": { - "enumDescriptions": [ - "Permission is fully supported for custom role use.", - "Permission is being tested to check custom role compatibility.", - "Permission is not supported for custom role use." - ], - "enum": [ - "SUPPORTED", - "TESTING", - "NOT_SUPPORTED" - ], - "description": "The current custom role support level.", - "type": "string" - }, - "apiDisabled": { - "description": "The service API associated with the permission is not enabled.", - "type": "boolean" - }, - "stage": { - "description": "The current launch stage of the permission.", - "type": "string", - "enumDescriptions": [ - "The permission is currently in an alpha phase.", - "The permission is currently in a beta phase.", - "The permission is generally available.", - "The permission is being deprecated." - ], - "enum": [ - "ALPHA", - "BETA", - "GA", - "DEPRECATED" + "upload_protocol": { + "description": "Upload protocol for media (e.g. \"raw\", \"multipart\").", + "location": "query", + "type": "string" + } + }, + "protocol": "rest", + "resources": { + "iamPolicies": { + "methods": { + "queryAuditableServices": { + "description": "Returns a list of services that support service level audit logging\nconfiguration for the given resource.", + "flatPath": "v1/iamPolicies:queryAuditableServices", + "httpMethod": "POST", + "id": "iam.iamPolicies.queryAuditableServices", + "parameterOrder": [], + "parameters": {}, + "path": "v1/iamPolicies:queryAuditableServices", + "request": { + "$ref": "QueryAuditableServicesRequest" + }, + "response": { + "$ref": "QueryAuditableServicesResponse" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" ] - }, - "name": { - "description": "The name of this Permission.", - "type": "string" - } - }, - "id": "Permission" - }, - "AuditableService": { - "id": "AuditableService", - "description": "Contains information about an auditable service.", - "type": "object", - "properties": { - "name": { - "description": "Public name of the service.\nFor example, the service name for Cloud IAM is 'iam.googleapis.com'.", - "type": "string" - } - } - }, - "PolicyDelta": { - "id": "PolicyDelta", - "description": "The difference delta between two policies.", - "type": "object", - "properties": { - "bindingDeltas": { - "description": "The delta for Bindings between two policies.", - "type": "array", - "items": { - "$ref": "BindingDelta" - } } } }, - "ListServiceAccountsResponse": { - "id": "ListServiceAccountsResponse", - "description": "The service account list response.", - "type": "object", - "properties": { - "nextPageToken": { - "description": "To retrieve the next page of results, set\nListServiceAccountsRequest.page_token\nto this value.", - "type": "string" - }, - "accounts": { - "description": "The list of matching service accounts.", - "type": "array", - "items": { - "$ref": "ServiceAccount" - } - } - } - }, - "QueryGrantableRolesResponse": { - "description": "The grantable role query response.", - "type": "object", - "properties": { - "roles": { - "description": "The list of matching roles.", - "type": "array", - "items": { - "$ref": "Role" - } - }, - "nextPageToken": { - "description": "To retrieve the next page of results, set\n`QueryGrantableRolesRequest.page_token` to this value.", - "type": "string" - } - }, - "id": "QueryGrantableRolesResponse" - }, - "SignBlobRequest": { - "description": "The service account sign blob request.", - "type": "object", - "properties": { - "bytesToSign": { - "description": "The bytes to sign.", - "format": "byte", - "type": "string" - } - }, - "id": "SignBlobRequest" - }, - "SetIamPolicyRequest": { - "id": "SetIamPolicyRequest", - "description": "Request message for `SetIamPolicy` method.", - "type": "object", - "properties": { - "policy": { - "$ref": "Policy", - "description": "REQUIRED: The complete policy to be applied to the `resource`. The size of\nthe policy is limited to a few 10s of KB. An empty policy is a\nvalid policy but certain Cloud Platform services (such as Projects)\nmight reject them." - } - } - }, - "QueryTestablePermissionsResponse": { - "description": "The response containing permissions which can be tested on a resource.", - "type": "object", - "properties": { - "permissions": { - "description": "The Permissions testable on the requested resource.", - "type": "array", - "items": { - "$ref": "Permission" - } - }, - "nextPageToken": { - "description": "To retrieve the next page of results, set\n`QueryTestableRolesRequest.page_token` to this value.", - "type": "string" - } - }, - "id": "QueryTestablePermissionsResponse" - }, - "Empty": { - "description": "A generic empty message that you can re-use to avoid defining duplicated\nempty messages in your APIs. A typical example is to use it as the request\nor the response type of an API method. For instance:\n\n service Foo {\n rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);\n }\n\nThe JSON representation for `Empty` is empty JSON object `{}`.", - "type": "object", - "properties": {}, - "id": "Empty" - }, - "CreateServiceAccountKeyRequest": { - "id": "CreateServiceAccountKeyRequest", - "description": "The service account key create request.", - "type": "object", - "properties": { - "keyAlgorithm": { - "description": "Which type of key and algorithm to use for the key.\nThe default is currently a 2K RSA key. However this may change in the\nfuture.", - "type": "string", - "enumDescriptions": [ - "An unspecified key algorithm.", - "1k RSA Key.", - "2k RSA Key." - ], - "enum": [ - "KEY_ALG_UNSPECIFIED", - "KEY_ALG_RSA_1024", - "KEY_ALG_RSA_2048" - ] - }, - "privateKeyType": { - "description": "The output format of the private key. The default value is\n`TYPE_GOOGLE_CREDENTIALS_FILE`, which is the Google Credentials File\nformat.", - "type": "string", - "enumDescriptions": [ - "Unspecified. Equivalent to `TYPE_GOOGLE_CREDENTIALS_FILE`.", - "PKCS12 format.\nThe password for the PKCS12 file is `notasecret`.\nFor more information, see https://tools.ietf.org/html/rfc7292.", - "Google Credentials File format." - ], - "enum": [ - "TYPE_UNSPECIFIED", - "TYPE_PKCS12_FILE", - "TYPE_GOOGLE_CREDENTIALS_FILE" - ] - } - } - }, - "SignJwtResponse": { - "id": "SignJwtResponse", - "description": "The service account sign JWT response.", - "type": "object", - "properties": { - "keyId": { - "description": "The id of the key used to sign the JWT.", - "type": "string" - }, - "signedJwt": { - "description": "The signed JWT.", - "type": "string" - } - } - }, - "TestIamPermissionsRequest": { - "description": "Request message for `TestIamPermissions` method.", - "type": "object", - "properties": { - "permissions": { - "description": "The set of permissions to check for the `resource`. Permissions with\nwildcards (such as '*' or 'storage.*') are not allowed. For more\ninformation see\n[IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).", - "type": "array", - "items": { - "type": "string" - } - } - }, - "id": "TestIamPermissionsRequest" - }, - "Policy": { - "description": "Defines an Identity and Access Management (IAM) policy. It is used to\nspecify access control policies for Cloud Platform resources.\n\n\nA `Policy` consists of a list of `bindings`. A `Binding` binds a list of\n`members` to a `role`, where the members can be user accounts, Google groups,\nGoogle domains, and service accounts. A `role` is a named list of permissions\ndefined by IAM.\n\n**Example**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/owner\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-other-app@appspot.gserviceaccount.com\",\n ]\n },\n {\n \"role\": \"roles/viewer\",\n \"members\": [\"user:sean@example.com\"]\n }\n ]\n }\n\nFor a description of IAM and its features, see the\n[IAM developer's guide](https://cloud.google.com/iam/docs).", - "type": "object", - "properties": { - "etag": { - "description": "`etag` is used for optimistic concurrency control as a way to help\nprevent simultaneous updates of a policy from overwriting each other.\nIt is strongly suggested that systems make use of the `etag` in the\nread-modify-write cycle to perform policy updates in order to avoid race\nconditions: An `etag` is returned in the response to `getIamPolicy`, and\nsystems are expected to put that etag in the request to `setIamPolicy` to\nensure that their change will be applied to the same version of the policy.\n\nIf no `etag` is provided in the call to `setIamPolicy`, then the existing\npolicy is overwritten blindly.", - "format": "byte", - "type": "string" - }, - "version": { - "description": "Deprecated.", - "format": "int32", - "type": "integer" - }, - "bindings": { - "description": "Associates a list of `members` to a `role`.\n`bindings` with no members will result in an error.", - "type": "array", - "items": { - "$ref": "Binding" - } - } - }, - "id": "Policy" - }, - "ListRolesResponse": { - "id": "ListRolesResponse", - "description": "The response containing the roles defined under a resource.", - "type": "object", - "properties": { - "roles": { - "description": "The Roles defined on this resource.", - "type": "array", - "items": { - "$ref": "Role" - } - }, - "nextPageToken": { - "description": "To retrieve the next page of results, set\n`ListRolesRequest.page_token` to this value.", - "type": "string" - } - } - }, - "AuditData": { - "description": "Audit log information specific to Cloud IAM. This message is serialized\nas an `Any` type in the `ServiceData` message of an\n`AuditLog` message.", - "type": "object", - "properties": { - "policyDelta": { - "description": "Policy delta between the original policy and the newly set policy.", - "$ref": "PolicyDelta" - } - }, - "id": "AuditData" - } - }, - "icons": { - "x32": "http://www.google.com/images/icons/product/search-32.gif", - "x16": "http://www.google.com/images/icons/product/search-16.gif" - }, - "protocol": "rest", - "canonicalName": "iam", - "auth": { - "oauth2": { - "scopes": { - "https://www.googleapis.com/auth/cloud-platform": { - "description": "View and manage your data across Google Cloud Platform services" - } - } - } - }, - "rootUrl": "https://iam.googleapis.com/", - "ownerDomain": "google.com", - "name": "iam", - "batchPath": "batch", - "fullyEncodeReservedExpansion": true, - "title": "Google Identity and Access Management (IAM) API", - "ownerName": "Google", - "resources": { - "iamPolicies": { - "methods": { - "queryAuditableServices": { - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform" - ], - "parameters": {}, - "flatPath": "v1/iamPolicies:queryAuditableServices", - "path": "v1/iamPolicies:queryAuditableServices", - "id": "iam.iamPolicies.queryAuditableServices", - "description": "Returns a list of services that support service level audit logging\nconfiguration for the given resource.", - "request": { - "$ref": "QueryAuditableServicesRequest" - }, - "response": { - "$ref": "QueryAuditableServicesResponse" - }, - "parameterOrder": [], - "httpMethod": "POST" - } - } - }, - "projects": { + "organizations": { "resources": { - "serviceAccounts": { + "roles": { "methods": { - "getIamPolicy": { + "create": { + "description": "Creates a new Role.", + "flatPath": "v1/organizations/{organizationsId}/roles", "httpMethod": "POST", - "response": { - "$ref": "Policy" - }, + "id": "iam.organizations.roles.create", "parameterOrder": [ - "resource" - ], - "parameters": { - "resource": { - "description": "REQUIRED: The resource for which the policy is being requested.\nSee the operation documentation for the appropriate value for this field.", - "required": true, - "type": "string", - "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$", - "location": "path" - } - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform" + "parent" ], - "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}:getIamPolicy", - "id": "iam.projects.serviceAccounts.getIamPolicy", - "path": "v1/{+resource}:getIamPolicy", - "description": "Returns the IAM access control policy for a\nServiceAccount." - }, - "get": { "parameters": { - "name": { - "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$", + "parent": { + "description": "The resource name of the parent resource in one of the following formats:\n`organizations/{ORGANIZATION_ID}`\n`projects/{PROJECT_ID}`", "location": "path", - "description": "The resource name of the service account in the following format:\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.\nUsing `-` as a wildcard for the `PROJECT_ID` will infer the project from\nthe account. The `ACCOUNT` value can be the `email` address or the\n`unique_id` of the service account.", + "pattern": "^organizations/[^/]+$", "required": true, "type": "string" } }, + "path": "v1/{+parent}/roles", + "request": { + "$ref": "CreateRoleRequest" + }, + "response": { + "$ref": "Role" + }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" - ], - "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}", - "path": "v1/{+name}", - "id": "iam.projects.serviceAccounts.get", - "description": "Gets a ServiceAccount.", - "response": { - "$ref": "ServiceAccount" - }, - "parameterOrder": [ - "name" - ], - "httpMethod": "GET" + ] }, - "update": { - "response": { - "$ref": "ServiceAccount" - }, + "delete": { + "description": "Soft deletes a role. The role is suspended and cannot be used to create new\nIAM Policy Bindings.\nThe Role will not be included in `ListRoles()` unless `show_deleted` is set\nin the `ListRolesRequest`. The Role contains the deleted boolean set.\nExisting Bindings remains, but are inactive. The Role can be undeleted\nwithin 7 days. After 7 days the Role is deleted and all Bindings associated\nwith the role are removed.", + "flatPath": "v1/organizations/{organizationsId}/roles/{rolesId}", + "httpMethod": "DELETE", + "id": "iam.organizations.roles.delete", "parameterOrder": [ "name" ], - "httpMethod": "PUT", - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform" - ], - "parameters": { - "name": { - "description": "The resource name of the service account in the following format:\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.\n\nRequests using `-` as a wildcard for the `PROJECT_ID` will infer the\nproject from the `account` and the `ACCOUNT` value can be the `email`\naddress or the `unique_id` of the service account.\n\nIn responses the resource name will always be in the format\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.", - "required": true, - "type": "string", - "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$", - "location": "path" - } - }, - "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}", - "path": "v1/{+name}", - "id": "iam.projects.serviceAccounts.update", - "description": "Updates a ServiceAccount.\n\nCurrently, only the following fields are updatable:\n`display_name` .\nThe `etag` is mandatory.", - "request": { - "$ref": "ServiceAccount" - } - }, - "testIamPermissions": { - "path": "v1/{+resource}:testIamPermissions", - "id": "iam.projects.serviceAccounts.testIamPermissions", - "request": { - "$ref": "TestIamPermissionsRequest" - }, - "description": "Tests the specified permissions against the IAM access control policy\nfor a ServiceAccount.", - "response": { - "$ref": "TestIamPermissionsResponse" - }, - "parameterOrder": [ - "resource" - ], - "httpMethod": "POST", - "parameters": { - "resource": { - "description": "REQUIRED: The resource for which the policy detail is being requested.\nSee the operation documentation for the appropriate value for this field.", - "required": true, - "type": "string", - "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$", - "location": "path" - } - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform" - ], - "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}:testIamPermissions" - }, - "delete": { "parameters": { + "etag": { + "description": "Used to perform a consistent read-modify-write.", + "format": "byte", + "location": "query", + "type": "string" + }, "name": { - "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$", + "description": "The resource name of the role in one of the following formats:\n`organizations/{ORGANIZATION_ID}/roles/{ROLE_NAME}`\n`projects/{PROJECT_ID}/roles/{ROLE_NAME}`", "location": "path", - "description": "The resource name of the service account in the following format:\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.\nUsing `-` as a wildcard for the `PROJECT_ID` will infer the project from\nthe account. The `ACCOUNT` value can be the `email` address or the\n`unique_id` of the service account.", + "pattern": "^organizations/[^/]+/roles/[^/]+$", "required": true, "type": "string" } }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform" - ], - "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}", - "id": "iam.projects.serviceAccounts.delete", "path": "v1/{+name}", - "description": "Deletes a ServiceAccount.", - "httpMethod": "DELETE", "response": { - "$ref": "Empty" + "$ref": "Role" }, - "parameterOrder": [ - "name" + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" ] }, - "signBlob": { - "request": { - "$ref": "SignBlobRequest" - }, - "description": "Signs a blob using a service account's system-managed private key.", - "httpMethod": "POST", + "get": { + "description": "Gets a Role definition.", + "flatPath": "v1/organizations/{organizationsId}/roles/{rolesId}", + "httpMethod": "GET", + "id": "iam.organizations.roles.get", "parameterOrder": [ "name" ], - "response": { - "$ref": "SignBlobResponse" - }, "parameters": { "name": { - "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$", + "description": "The resource name of the role in one of the following formats:\n`roles/{ROLE_NAME}`\n`organizations/{ORGANIZATION_ID}/roles/{ROLE_NAME}`\n`projects/{PROJECT_ID}/roles/{ROLE_NAME}`", "location": "path", - "description": "The resource name of the service account in the following format:\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.\nUsing `-` as a wildcard for the `PROJECT_ID` will infer the project from\nthe account. The `ACCOUNT` value can be the `email` address or the\n`unique_id` of the service account.", + "pattern": "^organizations/[^/]+/roles/[^/]+$", "required": true, "type": "string" } }, + "path": "v1/{+name}", + "response": { + "$ref": "Role" + }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" - ], - "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}:signBlob", - "id": "iam.projects.serviceAccounts.signBlob", - "path": "v1/{+name}:signBlob" + ] }, "list": { - "description": "Lists ServiceAccounts for a project.", + "description": "Lists the Roles defined on a resource.", + "flatPath": "v1/organizations/{organizationsId}/roles", "httpMethod": "GET", + "id": "iam.organizations.roles.list", "parameterOrder": [ - "name" + "parent" ], - "response": { - "$ref": "ListServiceAccountsResponse" - }, "parameters": { - "name": { - "pattern": "^projects/[^/]+$", + "pageSize": { + "description": "Optional limit on the number of roles to include in the response.", + "format": "int32", + "location": "query", + "type": "integer" + }, + "pageToken": { + "description": "Optional pagination token returned in an earlier ListRolesResponse.", + "location": "query", + "type": "string" + }, + "parent": { + "description": "The resource name of the parent resource in one of the following formats:\n`` (empty string) -- this refers to curated roles.\n`organizations/{ORGANIZATION_ID}`\n`projects/{PROJECT_ID}`", "location": "path", - "description": "Required. The resource name of the project associated with the service\naccounts, such as `projects/my-project-123`.", + "pattern": "^organizations/[^/]+$", "required": true, "type": "string" }, - "pageToken": { - "description": "Optional pagination token returned in an earlier\nListServiceAccountsResponse.next_page_token.", - "type": "string", - "location": "query" + "showDeleted": { + "description": "Include Roles that have been deleted.", + "location": "query", + "type": "boolean" }, - "pageSize": { - "description": "Optional limit on the number of service accounts to include in the\nresponse. Further accounts can subsequently be obtained by including the\nListServiceAccountsResponse.next_page_token\nin a subsequent request.", - "format": "int32", - "type": "integer", - "location": "query" + "view": { + "description": "Optional view for the returned Role objects.", + "enum": [ + "BASIC", + "FULL" + ], + "location": "query", + "type": "string" } }, + "path": "v1/{+parent}/roles", + "response": { + "$ref": "ListRolesResponse" + }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" - ], - "flatPath": "v1/projects/{projectsId}/serviceAccounts", - "id": "iam.projects.serviceAccounts.list", - "path": "v1/{+name}/serviceAccounts" + ] }, - "create": { + "patch": { + "description": "Updates a Role definition.", + "flatPath": "v1/organizations/{organizationsId}/roles/{rolesId}", + "httpMethod": "PATCH", + "id": "iam.organizations.roles.patch", + "parameterOrder": [ + "name" + ], "parameters": { "name": { - "description": "Required. The resource name of the project associated with the service\naccounts, such as `projects/my-project-123`.", + "description": "The resource name of the role in one of the following formats:\n`roles/{ROLE_NAME}`\n`organizations/{ORGANIZATION_ID}/roles/{ROLE_NAME}`\n`projects/{PROJECT_ID}/roles/{ROLE_NAME}`", + "location": "path", + "pattern": "^organizations/[^/]+/roles/[^/]+$", "required": true, - "type": "string", - "pattern": "^projects/[^/]+$", - "location": "path" + "type": "string" + }, + "updateMask": { + "description": "A mask describing which fields in the Role have changed.", + "format": "google-fieldmask", + "location": "query", + "type": "string" } }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform" - ], - "flatPath": "v1/projects/{projectsId}/serviceAccounts", - "id": "iam.projects.serviceAccounts.create", - "path": "v1/{+name}/serviceAccounts", - "request": { - "$ref": "CreateServiceAccountRequest" - }, - "description": "Creates a ServiceAccount\nand returns it.", - "httpMethod": "POST", - "parameterOrder": [ - "name" - ], - "response": { - "$ref": "ServiceAccount" - } - }, - "signJwt": { - "path": "v1/{+name}:signJwt", - "id": "iam.projects.serviceAccounts.signJwt", - "description": "Signs a JWT using a service account's system-managed private key.\n\nIf no expiry time (`exp`) is provided in the `SignJwtRequest`, IAM sets an\nan expiry time of one hour by default. If you request an expiry time of\nmore than one hour, the request will fail.", + "path": "v1/{+name}", "request": { - "$ref": "SignJwtRequest" + "$ref": "Role" }, "response": { - "$ref": "SignJwtResponse" + "$ref": "Role" }, - "parameterOrder": [ - "name" - ], - "httpMethod": "POST", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" + ] + }, + "undelete": { + "description": "Undelete a Role, bringing it back in its previous state.", + "flatPath": "v1/organizations/{organizationsId}/roles/{rolesId}:undelete", + "httpMethod": "POST", + "id": "iam.organizations.roles.undelete", + "parameterOrder": [ + "name" ], "parameters": { "name": { - "description": "The resource name of the service account in the following format:\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.\nUsing `-` as a wildcard for the `PROJECT_ID` will infer the project from\nthe account. The `ACCOUNT` value can be the `email` address or the\n`unique_id` of the service account.", + "description": "The resource name of the role in one of the following formats:\n`organizations/{ORGANIZATION_ID}/roles/{ROLE_NAME}`\n`projects/{PROJECT_ID}/roles/{ROLE_NAME}`", + "location": "path", + "pattern": "^organizations/[^/]+/roles/[^/]+$", "required": true, - "type": "string", - "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$", - "location": "path" + "type": "string" } }, - "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}:signJwt" - }, - "setIamPolicy": { - "path": "v1/{+resource}:setIamPolicy", - "id": "iam.projects.serviceAccounts.setIamPolicy", + "path": "v1/{+name}:undelete", "request": { - "$ref": "SetIamPolicyRequest" + "$ref": "UndeleteRoleRequest" }, - "description": "Sets the IAM access control policy for a\nServiceAccount.", "response": { - "$ref": "Policy" - }, - "parameterOrder": [ - "resource" - ], - "httpMethod": "POST", - "parameters": { - "resource": { - "description": "REQUIRED: The resource for which the policy is being specified.\nSee the operation documentation for the appropriate value for this field.", - "required": true, - "type": "string", - "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$", - "location": "path" - } + "$ref": "Role" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" - ], - "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}:setIamPolicy" - } - }, - "resources": { - "keys": { - "methods": { - "delete": { - "id": "iam.projects.serviceAccounts.keys.delete", - "path": "v1/{+name}", - "description": "Deletes a ServiceAccountKey.", - "httpMethod": "DELETE", - "response": { - "$ref": "Empty" - }, - "parameterOrder": [ - "name" - ], - "parameters": { - "name": { - "description": "The resource name of the service account key in the following format:\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`.\nUsing `-` as a wildcard for the `PROJECT_ID` will infer the project from\nthe account. The `ACCOUNT` value can be the `email` address or the\n`unique_id` of the service account.", - "required": true, - "type": "string", - "pattern": "^projects/[^/]+/serviceAccounts/[^/]+/keys/[^/]+$", - "location": "path" - } - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform" - ], - "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}/keys/{keysId}" - }, - "list": { - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform" - ], - "parameters": { - "name": { - "description": "The resource name of the service account in the following format:\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.\n\nUsing `-` as a wildcard for the `PROJECT_ID`, will infer the project from\nthe account. The `ACCOUNT` value can be the `email` address or the\n`unique_id` of the service account.", - "required": true, - "type": "string", - "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$", - "location": "path" - }, - "keyTypes": { - "description": "Filters the types of keys the user wants to include in the list\nresponse. Duplicate key types are not allowed. If no key type\nis provided, all keys are returned.", - "type": "string", - "repeated": true, - "location": "query", - "enum": [ - "KEY_TYPE_UNSPECIFIED", - "USER_MANAGED", - "SYSTEM_MANAGED" - ] - } - }, - "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}/keys", - "path": "v1/{+name}/keys", - "id": "iam.projects.serviceAccounts.keys.list", - "description": "Lists ServiceAccountKeys.", - "response": { - "$ref": "ListServiceAccountKeysResponse" - }, - "parameterOrder": [ - "name" - ], - "httpMethod": "GET" - }, - "get": { - "parameters": { - "name": { - "description": "The resource name of the service account key in the following format:\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`.\n\nUsing `-` as a wildcard for the `PROJECT_ID` will infer the project from\nthe account. The `ACCOUNT` value can be the `email` address or the\n`unique_id` of the service account.", - "required": true, - "type": "string", - "pattern": "^projects/[^/]+/serviceAccounts/[^/]+/keys/[^/]+$", - "location": "path" - }, - "publicKeyType": { - "location": "query", - "enum": [ - "TYPE_NONE", - "TYPE_X509_PEM_FILE", - "TYPE_RAW_PUBLIC_KEY" - ], - "description": "The output format of the public key requested.\nX509_PEM is the default output format.", - "type": "string" - } - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform" - ], - "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}/keys/{keysId}", - "path": "v1/{+name}", - "id": "iam.projects.serviceAccounts.keys.get", - "description": "Gets the ServiceAccountKey\nby key id.", - "response": { - "$ref": "ServiceAccountKey" - }, - "parameterOrder": [ - "name" - ], - "httpMethod": "GET" - }, - "create": { - "path": "v1/{+name}/keys", - "id": "iam.projects.serviceAccounts.keys.create", - "request": { - "$ref": "CreateServiceAccountKeyRequest" - }, - "description": "Creates a ServiceAccountKey\nand returns it.", - "response": { - "$ref": "ServiceAccountKey" - }, - "parameterOrder": [ - "name" - ], - "httpMethod": "POST", - "parameters": { - "name": { - "description": "The resource name of the service account in the following format:\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.\nUsing `-` as a wildcard for the `PROJECT_ID` will infer the project from\nthe account. The `ACCOUNT` value can be the `email` address or the\n`unique_id` of the service account.", - "required": true, - "type": "string", - "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$", - "location": "path" - } - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform" - ], - "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}/keys" - } - } + ] } } - }, + } + } + }, + "permissions": { + "methods": { + "queryTestablePermissions": { + "description": "Lists the permissions testable on a resource.\nA permission is testable if it can be tested for an identity on a resource.", + "flatPath": "v1/permissions:queryTestablePermissions", + "httpMethod": "POST", + "id": "iam.permissions.queryTestablePermissions", + "parameterOrder": [], + "parameters": {}, + "path": "v1/permissions:queryTestablePermissions", + "request": { + "$ref": "QueryTestablePermissionsRequest" + }, + "response": { + "$ref": "QueryTestablePermissionsResponse" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ] + } + } + }, + "projects": { + "resources": { "roles": { "methods": { "create": { - "path": "v1/{+parent}/roles", - "id": "iam.projects.roles.create", "description": "Creates a new Role.", - "request": { - "$ref": "CreateRoleRequest" - }, - "response": { - "$ref": "Role" - }, + "flatPath": "v1/projects/{projectsId}/roles", + "httpMethod": "POST", + "id": "iam.projects.roles.create", "parameterOrder": [ "parent" ], - "httpMethod": "POST", - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform" - ], "parameters": { "parent": { "description": "The resource name of the parent resource in one of the following formats:\n`organizations/{ORGANIZATION_ID}`\n`projects/{PROJECT_ID}`", - "required": true, - "type": "string", - "pattern": "^projects/[^/]+$", - "location": "path" - } - }, - "flatPath": "v1/projects/{projectsId}/roles" - }, - "patch": { - "parameters": { - "name": { - "pattern": "^projects/[^/]+/roles/[^/]+$", "location": "path", - "description": "The resource name of the role in one of the following formats:\n`roles/{ROLE_NAME}`\n`organizations/{ORGANIZATION_ID}/roles/{ROLE_NAME}`\n`projects/{PROJECT_ID}/roles/{ROLE_NAME}`", + "pattern": "^projects/[^/]+$", "required": true, "type": "string" - }, - "updateMask": { - "description": "A mask describing which fields in the Role have changed.", - "format": "google-fieldmask", - "type": "string", - "location": "query" } }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform" - ], - "flatPath": "v1/projects/{projectsId}/roles/{rolesId}", - "path": "v1/{+name}", - "id": "iam.projects.roles.patch", + "path": "v1/{+parent}/roles", "request": { - "$ref": "Role" + "$ref": "CreateRoleRequest" }, - "description": "Updates a Role definition.", "response": { "$ref": "Role" }, - "parameterOrder": [ - "name" - ], - "httpMethod": "PATCH" + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ] }, - "undelete": { - "description": "Undelete a Role, bringing it back in its previous state.", - "request": { - "$ref": "UndeleteRoleRequest" - }, - "response": { - "$ref": "Role" - }, + "delete": { + "description": "Soft deletes a role. The role is suspended and cannot be used to create new\nIAM Policy Bindings.\nThe Role will not be included in `ListRoles()` unless `show_deleted` is set\nin the `ListRolesRequest`. The Role contains the deleted boolean set.\nExisting Bindings remains, but are inactive. The Role can be undeleted\nwithin 7 days. After 7 days the Role is deleted and all Bindings associated\nwith the role are removed.", + "flatPath": "v1/projects/{projectsId}/roles/{rolesId}", + "httpMethod": "DELETE", + "id": "iam.projects.roles.delete", "parameterOrder": [ "name" ], - "httpMethod": "POST", - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform" - ], "parameters": { + "etag": { + "description": "Used to perform a consistent read-modify-write.", + "format": "byte", + "location": "query", + "type": "string" + }, "name": { "description": "The resource name of the role in one of the following formats:\n`organizations/{ORGANIZATION_ID}/roles/{ROLE_NAME}`\n`projects/{PROJECT_ID}/roles/{ROLE_NAME}`", - "required": true, - "type": "string", + "location": "path", "pattern": "^projects/[^/]+/roles/[^/]+$", - "location": "path" + "required": true, + "type": "string" } }, - "flatPath": "v1/projects/{projectsId}/roles/{rolesId}:undelete", - "path": "v1/{+name}:undelete", - "id": "iam.projects.roles.undelete" - }, - "get": { - "httpMethod": "GET", + "path": "v1/{+name}", "response": { "$ref": "Role" }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ] + }, + "get": { + "description": "Gets a Role definition.", + "flatPath": "v1/projects/{projectsId}/roles/{rolesId}", + "httpMethod": "GET", + "id": "iam.projects.roles.get", "parameterOrder": [ "name" ], "parameters": { "name": { - "pattern": "^projects/[^/]+/roles/[^/]+$", - "location": "path", "description": "The resource name of the role in one of the following formats:\n`roles/{ROLE_NAME}`\n`organizations/{ORGANIZATION_ID}/roles/{ROLE_NAME}`\n`projects/{PROJECT_ID}/roles/{ROLE_NAME}`", + "location": "path", + "pattern": "^projects/[^/]+/roles/[^/]+$", "required": true, "type": "string" } }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform" - ], - "flatPath": "v1/projects/{projectsId}/roles/{rolesId}", - "id": "iam.projects.roles.get", "path": "v1/{+name}", - "description": "Gets a Role definition." - }, - "delete": { - "description": "Soft deletes a role. The role is suspended and cannot be used to create new\nIAM Policy Bindings.\nThe Role will not be included in `ListRoles()` unless `show_deleted` is set\nin the `ListRolesRequest`. The Role contains the deleted boolean set.\nExisting Bindings remains, but are inactive. The Role can be undeleted\nwithin 7 days. After 7 days the Role is deleted and all Bindings associated\nwith the role are removed.", "response": { "$ref": "Role" }, - "parameterOrder": [ - "name" - ], - "httpMethod": "DELETE", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" + ] + }, + "list": { + "description": "Lists the Roles defined on a resource.", + "flatPath": "v1/projects/{projectsId}/roles", + "httpMethod": "GET", + "id": "iam.projects.roles.list", + "parameterOrder": [ + "parent" ], "parameters": { - "name": { - "pattern": "^projects/[^/]+/roles/[^/]+$", - "location": "path", - "description": "The resource name of the role in one of the following formats:\n`organizations/{ORGANIZATION_ID}/roles/{ROLE_NAME}`\n`projects/{PROJECT_ID}/roles/{ROLE_NAME}`", - "required": true, - "type": "string" - }, - "etag": { - "location": "query", - "description": "Used to perform a consistent read-modify-write.", - "format": "byte", - "type": "string" - } - }, - "flatPath": "v1/projects/{projectsId}/roles/{rolesId}", - "path": "v1/{+name}", - "id": "iam.projects.roles.delete" - }, - "list": { - "id": "iam.projects.roles.list", - "path": "v1/{+parent}/roles", - "description": "Lists the Roles defined on a resource.", - "httpMethod": "GET", - "response": { - "$ref": "ListRolesResponse" - }, - "parameterOrder": [ - "parent" - ], - "parameters": { - "pageToken": { - "location": "query", - "description": "Optional pagination token returned in an earlier ListRolesResponse.", - "type": "string" - }, "pageSize": { "description": "Optional limit on the number of roles to include in the response.", "format": "int32", - "type": "integer", - "location": "query" + "location": "query", + "type": "integer" }, - "view": { + "pageToken": { + "description": "Optional pagination token returned in an earlier ListRolesResponse.", "location": "query", - "enum": [ - "BASIC", - "FULL" - ], - "description": "Optional view for the returned Role objects.", "type": "string" }, "parent": { - "pattern": "^projects/[^/]+$", - "location": "path", "description": "The resource name of the parent resource in one of the following formats:\n`` (empty string) -- this refers to curated roles.\n`organizations/{ORGANIZATION_ID}`\n`projects/{PROJECT_ID}`", + "location": "path", + "pattern": "^projects/[^/]+$", "required": true, "type": "string" }, "showDeleted": { - "location": "query", "description": "Include Roles that have been deleted.", + "location": "query", "type": "boolean" + }, + "view": { + "description": "Optional view for the returned Role objects.", + "enum": [ + "BASIC", + "FULL" + ], + "location": "query", + "type": "string" } }, + "path": "v1/{+parent}/roles", + "response": { + "$ref": "ListRolesResponse" + }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" - ], - "flatPath": "v1/projects/{projectsId}/roles" - } - } - } - } - }, - "roles": { - "methods": { - "queryGrantableRoles": { - "parameters": {}, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform" - ], - "flatPath": "v1/roles:queryGrantableRoles", - "path": "v1/roles:queryGrantableRoles", - "id": "iam.roles.queryGrantableRoles", - "request": { - "$ref": "QueryGrantableRolesRequest" - }, - "description": "Queries roles that can be granted on a particular resource.\nA role is grantable if it can be used as the role in a binding for a policy\nfor that resource.", - "response": { - "$ref": "QueryGrantableRolesResponse" - }, - "parameterOrder": [], - "httpMethod": "POST" - }, - "list": { - "description": "Lists the Roles defined on a resource.", - "response": { - "$ref": "ListRolesResponse" - }, - "parameterOrder": [], - "httpMethod": "GET", - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform" - ], - "parameters": { - "parent": { - "description": "The resource name of the parent resource in one of the following formats:\n`` (empty string) -- this refers to curated roles.\n`organizations/{ORGANIZATION_ID}`\n`projects/{PROJECT_ID}`", - "type": "string", - "location": "query" - }, - "showDeleted": { - "description": "Include Roles that have been deleted.", - "type": "boolean", - "location": "query" - }, - "pageToken": { - "description": "Optional pagination token returned in an earlier ListRolesResponse.", - "type": "string", - "location": "query" - }, - "pageSize": { - "description": "Optional limit on the number of roles to include in the response.", - "format": "int32", - "type": "integer", - "location": "query" + ] }, - "view": { - "location": "query", - "enum": [ - "BASIC", - "FULL" + "patch": { + "description": "Updates a Role definition.", + "flatPath": "v1/projects/{projectsId}/roles/{rolesId}", + "httpMethod": "PATCH", + "id": "iam.projects.roles.patch", + "parameterOrder": [ + "name" ], - "description": "Optional view for the returned Role objects.", - "type": "string" - } - }, - "flatPath": "v1/roles", - "path": "v1/roles", - "id": "iam.roles.list" - }, - "get": { - "path": "v1/{+name}", - "id": "iam.roles.get", - "description": "Gets a Role definition.", - "response": { - "$ref": "Role" - }, - "parameterOrder": [ - "name" - ], - "httpMethod": "GET", - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform" - ], - "parameters": { - "name": { - "description": "The resource name of the role in one of the following formats:\n`roles/{ROLE_NAME}`\n`organizations/{ORGANIZATION_ID}/roles/{ROLE_NAME}`\n`projects/{PROJECT_ID}/roles/{ROLE_NAME}`", - "required": true, - "type": "string", - "pattern": "^roles/[^/]+$", - "location": "path" - } - }, - "flatPath": "v1/roles/{rolesId}" - } - } - }, - "permissions": { - "methods": { - "queryTestablePermissions": { - "response": { - "$ref": "QueryTestablePermissionsResponse" - }, - "parameterOrder": [], - "httpMethod": "POST", - "parameters": {}, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform" - ], - "flatPath": "v1/permissions:queryTestablePermissions", - "path": "v1/permissions:queryTestablePermissions", - "id": "iam.permissions.queryTestablePermissions", - "request": { - "$ref": "QueryTestablePermissionsRequest" - }, - "description": "Lists the permissions testable on a resource.\nA permission is testable if it can be tested for an identity on a resource." - } - } - }, - "organizations": { - "resources": { - "roles": { - "methods": { - "create": { + "parameters": { + "name": { + "description": "The resource name of the role in one of the following formats:\n`roles/{ROLE_NAME}`\n`organizations/{ORGANIZATION_ID}/roles/{ROLE_NAME}`\n`projects/{PROJECT_ID}/roles/{ROLE_NAME}`", + "location": "path", + "pattern": "^projects/[^/]+/roles/[^/]+$", + "required": true, + "type": "string" + }, + "updateMask": { + "description": "A mask describing which fields in the Role have changed.", + "format": "google-fieldmask", + "location": "query", + "type": "string" + } + }, + "path": "v1/{+name}", + "request": { + "$ref": "Role" + }, "response": { "$ref": "Role" }, - "parameterOrder": [ - "parent" - ], - "httpMethod": "POST", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" + ] + }, + "undelete": { + "description": "Undelete a Role, bringing it back in its previous state.", + "flatPath": "v1/projects/{projectsId}/roles/{rolesId}:undelete", + "httpMethod": "POST", + "id": "iam.projects.roles.undelete", + "parameterOrder": [ + "name" ], "parameters": { - "parent": { - "description": "The resource name of the parent resource in one of the following formats:\n`organizations/{ORGANIZATION_ID}`\n`projects/{PROJECT_ID}`", + "name": { + "description": "The resource name of the role in one of the following formats:\n`organizations/{ORGANIZATION_ID}/roles/{ROLE_NAME}`\n`projects/{PROJECT_ID}/roles/{ROLE_NAME}`", + "location": "path", + "pattern": "^projects/[^/]+/roles/[^/]+$", "required": true, - "type": "string", - "pattern": "^organizations/[^/]+$", - "location": "path" + "type": "string" } }, - "flatPath": "v1/organizations/{organizationsId}/roles", - "path": "v1/{+parent}/roles", - "id": "iam.organizations.roles.create", - "description": "Creates a new Role.", - "request": { - "$ref": "CreateRoleRequest" - } - }, - "undelete": { "path": "v1/{+name}:undelete", - "id": "iam.organizations.roles.undelete", - "description": "Undelete a Role, bringing it back in its previous state.", "request": { "$ref": "UndeleteRoleRequest" }, "response": { "$ref": "Role" }, - "parameterOrder": [ - "name" - ], - "httpMethod": "POST", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" + ] + } + } + }, + "serviceAccounts": { + "methods": { + "create": { + "description": "Creates a ServiceAccount\nand returns it.", + "flatPath": "v1/projects/{projectsId}/serviceAccounts", + "httpMethod": "POST", + "id": "iam.projects.serviceAccounts.create", + "parameterOrder": [ + "name" ], "parameters": { "name": { - "pattern": "^organizations/[^/]+/roles/[^/]+$", + "description": "Required. The resource name of the project associated with the service\naccounts, such as `projects/my-project-123`.", "location": "path", - "description": "The resource name of the role in one of the following formats:\n`organizations/{ORGANIZATION_ID}/roles/{ROLE_NAME}`\n`projects/{PROJECT_ID}/roles/{ROLE_NAME}`", + "pattern": "^projects/[^/]+$", "required": true, "type": "string" } }, - "flatPath": "v1/organizations/{organizationsId}/roles/{rolesId}:undelete" + "path": "v1/{+name}/serviceAccounts", + "request": { + "$ref": "CreateServiceAccountRequest" + }, + "response": { + "$ref": "ServiceAccount" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ] }, - "get": { - "id": "iam.organizations.roles.get", - "path": "v1/{+name}", - "description": "Gets a Role definition.", - "httpMethod": "GET", + "delete": { + "description": "Deletes a ServiceAccount.", + "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}", + "httpMethod": "DELETE", + "id": "iam.projects.serviceAccounts.delete", "parameterOrder": [ "name" ], - "response": { - "$ref": "Role" - }, "parameters": { "name": { - "description": "The resource name of the role in one of the following formats:\n`roles/{ROLE_NAME}`\n`organizations/{ORGANIZATION_ID}/roles/{ROLE_NAME}`\n`projects/{PROJECT_ID}/roles/{ROLE_NAME}`", + "description": "The resource name of the service account in the following format:\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.\nUsing `-` as a wildcard for the `PROJECT_ID` will infer the project from\nthe account. The `ACCOUNT` value can be the `email` address or the\n`unique_id` of the service account.", + "location": "path", + "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$", "required": true, - "type": "string", - "pattern": "^organizations/[^/]+/roles/[^/]+$", - "location": "path" + "type": "string" } }, + "path": "v1/{+name}", + "response": { + "$ref": "Empty" + }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" - ], - "flatPath": "v1/organizations/{organizationsId}/roles/{rolesId}" + ] }, - "patch": { - "path": "v1/{+name}", - "id": "iam.organizations.roles.patch", - "description": "Updates a Role definition.", - "request": { - "$ref": "Role" + "get": { + "description": "Gets a ServiceAccount.", + "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}", + "httpMethod": "GET", + "id": "iam.projects.serviceAccounts.get", + "parameterOrder": [ + "name" + ], + "parameters": { + "name": { + "description": "The resource name of the service account in the following format:\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.\nUsing `-` as a wildcard for the `PROJECT_ID` will infer the project from\nthe account. The `ACCOUNT` value can be the `email` address or the\n`unique_id` of the service account.", + "location": "path", + "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$", + "required": true, + "type": "string" + } }, + "path": "v1/{+name}", "response": { - "$ref": "Role" + "$ref": "ServiceAccount" }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ] + }, + "getIamPolicy": { + "description": "Returns the IAM access control policy for a\nServiceAccount.", + "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}:getIamPolicy", + "httpMethod": "POST", + "id": "iam.projects.serviceAccounts.getIamPolicy", "parameterOrder": [ - "name" + "resource" ], - "httpMethod": "PATCH", + "parameters": { + "resource": { + "description": "REQUIRED: The resource for which the policy is being requested.\nSee the operation documentation for the appropriate value for this field.", + "location": "path", + "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$", + "required": true, + "type": "string" + } + }, + "path": "v1/{+resource}:getIamPolicy", + "response": { + "$ref": "Policy" + }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" + ] + }, + "list": { + "description": "Lists ServiceAccounts for a project.", + "flatPath": "v1/projects/{projectsId}/serviceAccounts", + "httpMethod": "GET", + "id": "iam.projects.serviceAccounts.list", + "parameterOrder": [ + "name" ], "parameters": { "name": { - "pattern": "^organizations/[^/]+/roles/[^/]+$", + "description": "Required. The resource name of the project associated with the service\naccounts, such as `projects/my-project-123`.", "location": "path", - "description": "The resource name of the role in one of the following formats:\n`roles/{ROLE_NAME}`\n`organizations/{ORGANIZATION_ID}/roles/{ROLE_NAME}`\n`projects/{PROJECT_ID}/roles/{ROLE_NAME}`", + "pattern": "^projects/[^/]+$", "required": true, "type": "string" }, - "updateMask": { + "pageSize": { + "description": "Optional limit on the number of service accounts to include in the\nresponse. Further accounts can subsequently be obtained by including the\nListServiceAccountsResponse.next_page_token\nin a subsequent request.", + "format": "int32", + "location": "query", + "type": "integer" + }, + "pageToken": { + "description": "Optional pagination token returned in an earlier\nListServiceAccountsResponse.next_page_token.", "location": "query", - "description": "A mask describing which fields in the Role have changed.", - "format": "google-fieldmask", "type": "string" } }, - "flatPath": "v1/organizations/{organizationsId}/roles/{rolesId}" + "path": "v1/{+name}/serviceAccounts", + "response": { + "$ref": "ListServiceAccountsResponse" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ] }, - "delete": { + "setIamPolicy": { + "description": "Sets the IAM access control policy for a\nServiceAccount.", + "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}:setIamPolicy", + "httpMethod": "POST", + "id": "iam.projects.serviceAccounts.setIamPolicy", + "parameterOrder": [ + "resource" + ], "parameters": { - "name": { - "pattern": "^organizations/[^/]+/roles/[^/]+$", + "resource": { + "description": "REQUIRED: The resource for which the policy is being specified.\nSee the operation documentation for the appropriate value for this field.", "location": "path", - "description": "The resource name of the role in one of the following formats:\n`organizations/{ORGANIZATION_ID}/roles/{ROLE_NAME}`\n`projects/{PROJECT_ID}/roles/{ROLE_NAME}`", + "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$", "required": true, "type": "string" - }, - "etag": { - "location": "query", - "description": "Used to perform a consistent read-modify-write.", - "format": "byte", - "type": "string" } }, + "path": "v1/{+resource}:setIamPolicy", + "request": { + "$ref": "SetIamPolicyRequest" + }, + "response": { + "$ref": "Policy" + }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" - ], - "flatPath": "v1/organizations/{organizationsId}/roles/{rolesId}", - "id": "iam.organizations.roles.delete", - "path": "v1/{+name}", - "description": "Soft deletes a role. The role is suspended and cannot be used to create new\nIAM Policy Bindings.\nThe Role will not be included in `ListRoles()` unless `show_deleted` is set\nin the `ListRolesRequest`. The Role contains the deleted boolean set.\nExisting Bindings remains, but are inactive. The Role can be undeleted\nwithin 7 days. After 7 days the Role is deleted and all Bindings associated\nwith the role are removed.", - "httpMethod": "DELETE", + ] + }, + "signBlob": { + "description": "Signs a blob using a service account's system-managed private key.", + "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}:signBlob", + "httpMethod": "POST", + "id": "iam.projects.serviceAccounts.signBlob", "parameterOrder": [ "name" ], + "parameters": { + "name": { + "description": "The resource name of the service account in the following format:\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.\nUsing `-` as a wildcard for the `PROJECT_ID` will infer the project from\nthe account. The `ACCOUNT` value can be the `email` address or the\n`unique_id` of the service account.", + "location": "path", + "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$", + "required": true, + "type": "string" + } + }, + "path": "v1/{+name}:signBlob", + "request": { + "$ref": "SignBlobRequest" + }, "response": { - "$ref": "Role" - } + "$ref": "SignBlobResponse" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ] }, - "list": { + "signJwt": { + "description": "Signs a JWT using a service account's system-managed private key.\n\nIf no expiry time (`exp`) is provided in the `SignJwtRequest`, IAM sets an\nan expiry time of one hour by default. If you request an expiry time of\nmore than one hour, the request will fail.", + "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}:signJwt", + "httpMethod": "POST", + "id": "iam.projects.serviceAccounts.signJwt", + "parameterOrder": [ + "name" + ], "parameters": { - "parent": { - "pattern": "^organizations/[^/]+$", + "name": { + "description": "The resource name of the service account in the following format:\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.\nUsing `-` as a wildcard for the `PROJECT_ID` will infer the project from\nthe account. The `ACCOUNT` value can be the `email` address or the\n`unique_id` of the service account.", "location": "path", - "description": "The resource name of the parent resource in one of the following formats:\n`` (empty string) -- this refers to curated roles.\n`organizations/{ORGANIZATION_ID}`\n`projects/{PROJECT_ID}`", + "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$", "required": true, "type": "string" - }, - "showDeleted": { - "location": "query", - "description": "Include Roles that have been deleted.", - "type": "boolean" - }, - "pageToken": { - "location": "query", - "description": "Optional pagination token returned in an earlier ListRolesResponse.", - "type": "string" - }, - "pageSize": { - "location": "query", - "description": "Optional limit on the number of roles to include in the response.", - "format": "int32", - "type": "integer" - }, - "view": { - "description": "Optional view for the returned Role objects.", - "type": "string", - "location": "query", - "enum": [ - "BASIC", - "FULL" - ] } }, + "path": "v1/{+name}:signJwt", + "request": { + "$ref": "SignJwtRequest" + }, + "response": { + "$ref": "SignJwtResponse" + }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" + ] + }, + "testIamPermissions": { + "description": "Tests the specified permissions against the IAM access control policy\nfor a ServiceAccount.", + "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}:testIamPermissions", + "httpMethod": "POST", + "id": "iam.projects.serviceAccounts.testIamPermissions", + "parameterOrder": [ + "resource" ], - "flatPath": "v1/organizations/{organizationsId}/roles", - "path": "v1/{+parent}/roles", - "id": "iam.organizations.roles.list", - "description": "Lists the Roles defined on a resource.", + "parameters": { + "resource": { + "description": "REQUIRED: The resource for which the policy detail is being requested.\nSee the operation documentation for the appropriate value for this field.", + "location": "path", + "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$", + "required": true, + "type": "string" + } + }, + "path": "v1/{+resource}:testIamPermissions", + "request": { + "$ref": "TestIamPermissionsRequest" + }, "response": { - "$ref": "ListRolesResponse" + "$ref": "TestIamPermissionsResponse" }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ] + }, + "update": { + "description": "Updates a ServiceAccount.\n\nCurrently, only the following fields are updatable:\n`display_name` .\nThe `etag` is mandatory.", + "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}", + "httpMethod": "PUT", + "id": "iam.projects.serviceAccounts.update", "parameterOrder": [ - "parent" + "name" ], - "httpMethod": "GET" - } - } + "parameters": { + "name": { + "description": "The resource name of the service account in the following format:\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.\n\nRequests using `-` as a wildcard for the `PROJECT_ID` will infer the\nproject from the `account` and the `ACCOUNT` value can be the `email`\naddress or the `unique_id` of the service account.\n\nIn responses the resource name will always be in the format\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.", + "location": "path", + "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$", + "required": true, + "type": "string" + } + }, + "path": "v1/{+name}", + "request": { + "$ref": "ServiceAccount" + }, + "response": { + "$ref": "ServiceAccount" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ] + } + }, + "resources": { + "keys": { + "methods": { + "create": { + "description": "Creates a ServiceAccountKey\nand returns it.", + "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}/keys", + "httpMethod": "POST", + "id": "iam.projects.serviceAccounts.keys.create", + "parameterOrder": [ + "name" + ], + "parameters": { + "name": { + "description": "The resource name of the service account in the following format:\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.\nUsing `-` as a wildcard for the `PROJECT_ID` will infer the project from\nthe account. The `ACCOUNT` value can be the `email` address or the\n`unique_id` of the service account.", + "location": "path", + "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$", + "required": true, + "type": "string" + } + }, + "path": "v1/{+name}/keys", + "request": { + "$ref": "CreateServiceAccountKeyRequest" + }, + "response": { + "$ref": "ServiceAccountKey" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ] + }, + "delete": { + "description": "Deletes a ServiceAccountKey.", + "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}/keys/{keysId}", + "httpMethod": "DELETE", + "id": "iam.projects.serviceAccounts.keys.delete", + "parameterOrder": [ + "name" + ], + "parameters": { + "name": { + "description": "The resource name of the service account key in the following format:\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`.\nUsing `-` as a wildcard for the `PROJECT_ID` will infer the project from\nthe account. The `ACCOUNT` value can be the `email` address or the\n`unique_id` of the service account.", + "location": "path", + "pattern": "^projects/[^/]+/serviceAccounts/[^/]+/keys/[^/]+$", + "required": true, + "type": "string" + } + }, + "path": "v1/{+name}", + "response": { + "$ref": "Empty" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ] + }, + "get": { + "description": "Gets the ServiceAccountKey\nby key id.", + "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}/keys/{keysId}", + "httpMethod": "GET", + "id": "iam.projects.serviceAccounts.keys.get", + "parameterOrder": [ + "name" + ], + "parameters": { + "name": { + "description": "The resource name of the service account key in the following format:\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`.\n\nUsing `-` as a wildcard for the `PROJECT_ID` will infer the project from\nthe account. The `ACCOUNT` value can be the `email` address or the\n`unique_id` of the service account.", + "location": "path", + "pattern": "^projects/[^/]+/serviceAccounts/[^/]+/keys/[^/]+$", + "required": true, + "type": "string" + }, + "publicKeyType": { + "description": "The output format of the public key requested.\nX509_PEM is the default output format.", + "enum": [ + "TYPE_NONE", + "TYPE_X509_PEM_FILE", + "TYPE_RAW_PUBLIC_KEY" + ], + "location": "query", + "type": "string" + } + }, + "path": "v1/{+name}", + "response": { + "$ref": "ServiceAccountKey" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ] + }, + "list": { + "description": "Lists ServiceAccountKeys.", + "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}/keys", + "httpMethod": "GET", + "id": "iam.projects.serviceAccounts.keys.list", + "parameterOrder": [ + "name" + ], + "parameters": { + "keyTypes": { + "description": "Filters the types of keys the user wants to include in the list\nresponse. Duplicate key types are not allowed. If no key type\nis provided, all keys are returned.", + "enum": [ + "KEY_TYPE_UNSPECIFIED", + "USER_MANAGED", + "SYSTEM_MANAGED" + ], + "location": "query", + "repeated": true, + "type": "string" + }, + "name": { + "description": "The resource name of the service account in the following format:\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.\n\nUsing `-` as a wildcard for the `PROJECT_ID`, will infer the project from\nthe account. The `ACCOUNT` value can be the `email` address or the\n`unique_id` of the service account.", + "location": "path", + "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$", + "required": true, + "type": "string" + } + }, + "path": "v1/{+name}/keys", + "response": { + "$ref": "ListServiceAccountKeysResponse" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ] + } + } + } + } + } + } + }, + "roles": { + "methods": { + "get": { + "description": "Gets a Role definition.", + "flatPath": "v1/roles/{rolesId}", + "httpMethod": "GET", + "id": "iam.roles.get", + "parameterOrder": [ + "name" + ], + "parameters": { + "name": { + "description": "The resource name of the role in one of the following formats:\n`roles/{ROLE_NAME}`\n`organizations/{ORGANIZATION_ID}/roles/{ROLE_NAME}`\n`projects/{PROJECT_ID}/roles/{ROLE_NAME}`", + "location": "path", + "pattern": "^roles/[^/]+$", + "required": true, + "type": "string" + } + }, + "path": "v1/{+name}", + "response": { + "$ref": "Role" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ] + }, + "list": { + "description": "Lists the Roles defined on a resource.", + "flatPath": "v1/roles", + "httpMethod": "GET", + "id": "iam.roles.list", + "parameterOrder": [], + "parameters": { + "pageSize": { + "description": "Optional limit on the number of roles to include in the response.", + "format": "int32", + "location": "query", + "type": "integer" + }, + "pageToken": { + "description": "Optional pagination token returned in an earlier ListRolesResponse.", + "location": "query", + "type": "string" + }, + "parent": { + "description": "The resource name of the parent resource in one of the following formats:\n`` (empty string) -- this refers to curated roles.\n`organizations/{ORGANIZATION_ID}`\n`projects/{PROJECT_ID}`", + "location": "query", + "type": "string" + }, + "showDeleted": { + "description": "Include Roles that have been deleted.", + "location": "query", + "type": "boolean" + }, + "view": { + "description": "Optional view for the returned Role objects.", + "enum": [ + "BASIC", + "FULL" + ], + "location": "query", + "type": "string" + } + }, + "path": "v1/roles", + "response": { + "$ref": "ListRolesResponse" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ] + }, + "queryGrantableRoles": { + "description": "Queries roles that can be granted on a particular resource.\nA role is grantable if it can be used as the role in a binding for a policy\nfor that resource.", + "flatPath": "v1/roles:queryGrantableRoles", + "httpMethod": "POST", + "id": "iam.roles.queryGrantableRoles", + "parameterOrder": [], + "parameters": {}, + "path": "v1/roles:queryGrantableRoles", + "request": { + "$ref": "QueryGrantableRolesRequest" + }, + "response": { + "$ref": "QueryGrantableRolesResponse" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ] + } + } + } + }, + "revision": "20180202", + "rootUrl": "https://iam.googleapis.com/", + "schemas": { + "AuditConfig": { + "description": "Specifies the audit configuration for a service.\nThe configuration determines which permission types are logged, and what\nidentities, if any, are exempted from logging.\nAn AuditConfig must have one or more AuditLogConfigs.\n\nIf there are AuditConfigs for both `allServices` and a specific service,\nthe union of the two AuditConfigs is used for that service: the log_types\nspecified in each AuditConfig are enabled, and the exempted_members in each\nAuditLogConfig are exempted.\n\nExample Policy with multiple AuditConfigs:\n\n {\n \"audit_configs\": [\n {\n \"service\": \"allServices\"\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:foo@gmail.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n },\n {\n \"log_type\": \"ADMIN_READ\",\n }\n ]\n },\n {\n \"service\": \"fooservice.googleapis.com\"\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n },\n {\n \"log_type\": \"DATA_WRITE\",\n \"exempted_members\": [\n \"user:bar@gmail.com\"\n ]\n }\n ]\n }\n ]\n }\n\nFor fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ\nlogging. It also exempts foo@gmail.com from DATA_READ logging, and\nbar@gmail.com from DATA_WRITE logging.", + "id": "AuditConfig", + "properties": { + "auditLogConfigs": { + "description": "The configuration for logging of each type of permission.\nNext ID: 4", + "items": { + "$ref": "AuditLogConfig" + }, + "type": "array" + }, + "service": { + "description": "Specifies a service that will be enabled for audit logging.\nFor example, `storage.googleapis.com`, `cloudsql.googleapis.com`.\n`allServices` is a special value that covers all services.", + "type": "string" + } + }, + "type": "object" + }, + "AuditData": { + "description": "Audit log information specific to Cloud IAM. This message is serialized\nas an `Any` type in the `ServiceData` message of an\n`AuditLog` message.", + "id": "AuditData", + "properties": { + "policyDelta": { + "$ref": "PolicyDelta", + "description": "Policy delta between the original policy and the newly set policy." + } + }, + "type": "object" + }, + "AuditLogConfig": { + "description": "Provides the configuration for logging a type of permissions.\nExample:\n\n {\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:foo@gmail.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n }\n ]\n }\n\nThis enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting\nfoo@gmail.com from DATA_READ logging.", + "id": "AuditLogConfig", + "properties": { + "exemptedMembers": { + "description": "Specifies the identities that do not cause logging for this type of\npermission.\nFollows the same format of Binding.members.", + "items": { + "type": "string" + }, + "type": "array" + }, + "logType": { + "description": "The log type that this config enables.", + "enum": [ + "LOG_TYPE_UNSPECIFIED", + "ADMIN_READ", + "DATA_WRITE", + "DATA_READ" + ], + "enumDescriptions": [ + "Default case. Should never be this.", + "Admin reads. Example: CloudIAM getIamPolicy", + "Data writes. Example: CloudSQL Users create", + "Data reads. Example: CloudSQL Users list" + ], + "type": "string" + } + }, + "type": "object" + }, + "AuditableService": { + "description": "Contains information about an auditable service.", + "id": "AuditableService", + "properties": { + "name": { + "description": "Public name of the service.\nFor example, the service name for Cloud IAM is 'iam.googleapis.com'.", + "type": "string" + } + }, + "type": "object" + }, + "Binding": { + "description": "Associates `members` with a `role`.", + "id": "Binding", + "properties": { + "members": { + "description": "Specifies the identities requesting access for a Cloud Platform resource.\n`members` can have the following values:\n\n* `allUsers`: A special identifier that represents anyone who is\n on the internet; with or without a Google account.\n\n* `allAuthenticatedUsers`: A special identifier that represents anyone\n who is authenticated with a Google account or a service account.\n\n* `user:{emailid}`: An email address that represents a specific Google\n account. For example, `alice@gmail.com` or `joe@example.com`.\n\n\n* `serviceAccount:{emailid}`: An email address that represents a service\n account. For example, `my-other-app@appspot.gserviceaccount.com`.\n\n* `group:{emailid}`: An email address that represents a Google group.\n For example, `admins@example.com`.\n\n\n* `domain:{domain}`: A Google Apps domain name that represents all the\n users of that domain. For example, `google.com` or `example.com`.\n\n", + "items": { + "type": "string" + }, + "type": "array" + }, + "role": { + "description": "Role that is assigned to `members`.\nFor example, `roles/viewer`, `roles/editor`, or `roles/owner`.\nRequired", + "type": "string" + } + }, + "type": "object" + }, + "BindingDelta": { + "description": "One delta entry for Binding. Each individual change (only one member in each\nentry) to a binding will be a separate entry.", + "id": "BindingDelta", + "properties": { + "action": { + "description": "The action that was performed on a Binding.\nRequired", + "enum": [ + "ACTION_UNSPECIFIED", + "ADD", + "REMOVE" + ], + "enumDescriptions": [ + "Unspecified.", + "Addition of a Binding.", + "Removal of a Binding." + ], + "type": "string" + }, + "member": { + "description": "A single identity requesting access for a Cloud Platform resource.\nFollows the same format of Binding.members.\nRequired", + "type": "string" + }, + "role": { + "description": "Role that is assigned to `members`.\nFor example, `roles/viewer`, `roles/editor`, or `roles/owner`.\nRequired", + "type": "string" + } + }, + "type": "object" + }, + "CreateRoleRequest": { + "description": "The request to create a new role.", + "id": "CreateRoleRequest", + "properties": { + "role": { + "$ref": "Role", + "description": "The Role resource to create." + }, + "roleId": { + "description": "The role id to use for this role.", + "type": "string" + } + }, + "type": "object" + }, + "CreateServiceAccountKeyRequest": { + "description": "The service account key create request.", + "id": "CreateServiceAccountKeyRequest", + "properties": { + "keyAlgorithm": { + "description": "Which type of key and algorithm to use for the key.\nThe default is currently a 2K RSA key. However this may change in the\nfuture.", + "enum": [ + "KEY_ALG_UNSPECIFIED", + "KEY_ALG_RSA_1024", + "KEY_ALG_RSA_2048" + ], + "enumDescriptions": [ + "An unspecified key algorithm.", + "1k RSA Key.", + "2k RSA Key." + ], + "type": "string" + }, + "privateKeyType": { + "description": "The output format of the private key. The default value is\n`TYPE_GOOGLE_CREDENTIALS_FILE`, which is the Google Credentials File\nformat.", + "enum": [ + "TYPE_UNSPECIFIED", + "TYPE_PKCS12_FILE", + "TYPE_GOOGLE_CREDENTIALS_FILE" + ], + "enumDescriptions": [ + "Unspecified. Equivalent to `TYPE_GOOGLE_CREDENTIALS_FILE`.", + "PKCS12 format.\nThe password for the PKCS12 file is `notasecret`.\nFor more information, see https://tools.ietf.org/html/rfc7292.", + "Google Credentials File format." + ], + "type": "string" + } + }, + "type": "object" + }, + "CreateServiceAccountRequest": { + "description": "The service account create request.", + "id": "CreateServiceAccountRequest", + "properties": { + "accountId": { + "description": "Required. The account id that is used to generate the service account\nemail address and a stable unique id. It is unique within a project,\nmust be 6-30 characters long, and match the regular expression\n`[a-z]([-a-z0-9]*[a-z0-9])` to comply with RFC1035.", + "type": "string" + }, + "serviceAccount": { + "$ref": "ServiceAccount", + "description": "The ServiceAccount resource to create.\nCurrently, only the following values are user assignable:\n`display_name` ." + } + }, + "type": "object" + }, + "Empty": { + "description": "A generic empty message that you can re-use to avoid defining duplicated\nempty messages in your APIs. A typical example is to use it as the request\nor the response type of an API method. For instance:\n\n service Foo {\n rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);\n }\n\nThe JSON representation for `Empty` is empty JSON object `{}`.", + "id": "Empty", + "properties": {}, + "type": "object" + }, + "ListRolesResponse": { + "description": "The response containing the roles defined under a resource.", + "id": "ListRolesResponse", + "properties": { + "nextPageToken": { + "description": "To retrieve the next page of results, set\n`ListRolesRequest.page_token` to this value.", + "type": "string" + }, + "roles": { + "description": "The Roles defined on this resource.", + "items": { + "$ref": "Role" + }, + "type": "array" + } + }, + "type": "object" + }, + "ListServiceAccountKeysResponse": { + "description": "The service account keys list response.", + "id": "ListServiceAccountKeysResponse", + "properties": { + "keys": { + "description": "The public keys for the service account.", + "items": { + "$ref": "ServiceAccountKey" + }, + "type": "array" + } + }, + "type": "object" + }, + "ListServiceAccountsResponse": { + "description": "The service account list response.", + "id": "ListServiceAccountsResponse", + "properties": { + "accounts": { + "description": "The list of matching service accounts.", + "items": { + "$ref": "ServiceAccount" + }, + "type": "array" + }, + "nextPageToken": { + "description": "To retrieve the next page of results, set\nListServiceAccountsRequest.page_token\nto this value.", + "type": "string" + } + }, + "type": "object" + }, + "Permission": { + "description": "A permission which can be included by a role.", + "id": "Permission", + "properties": { + "apiDisabled": { + "description": "The service API associated with the permission is not enabled.", + "type": "boolean" + }, + "customRolesSupportLevel": { + "description": "The current custom role support level.", + "enum": [ + "SUPPORTED", + "TESTING", + "NOT_SUPPORTED" + ], + "enumDescriptions": [ + "Permission is fully supported for custom role use.", + "Permission is being tested to check custom role compatibility.", + "Permission is not supported for custom role use." + ], + "type": "string" + }, + "description": { + "description": "A brief description of what this Permission is used for.", + "type": "string" + }, + "name": { + "description": "The name of this Permission.", + "type": "string" + }, + "onlyInPredefinedRoles": { + "description": "This permission can ONLY be used in predefined roles.", + "type": "boolean" + }, + "stage": { + "description": "The current launch stage of the permission.", + "enum": [ + "ALPHA", + "BETA", + "GA", + "DEPRECATED" + ], + "enumDescriptions": [ + "The permission is currently in an alpha phase.", + "The permission is currently in a beta phase.", + "The permission is generally available.", + "The permission is being deprecated." + ], + "type": "string" + }, + "title": { + "description": "The title of this Permission.", + "type": "string" + } + }, + "type": "object" + }, + "Policy": { + "description": "Defines an Identity and Access Management (IAM) policy. It is used to\nspecify access control policies for Cloud Platform resources.\n\n\nA `Policy` consists of a list of `bindings`. A `Binding` binds a list of\n`members` to a `role`, where the members can be user accounts, Google groups,\nGoogle domains, and service accounts. A `role` is a named list of permissions\ndefined by IAM.\n\n**Example**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/owner\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-other-app@appspot.gserviceaccount.com\",\n ]\n },\n {\n \"role\": \"roles/viewer\",\n \"members\": [\"user:sean@example.com\"]\n }\n ]\n }\n\nFor a description of IAM and its features, see the\n[IAM developer's guide](https://cloud.google.com/iam/docs).", + "id": "Policy", + "properties": { + "auditConfigs": { + "description": "Specifies cloud audit logging configuration for this policy.", + "items": { + "$ref": "AuditConfig" + }, + "type": "array" + }, + "bindings": { + "description": "Associates a list of `members` to a `role`.\n`bindings` with no members will result in an error.", + "items": { + "$ref": "Binding" + }, + "type": "array" + }, + "etag": { + "description": "`etag` is used for optimistic concurrency control as a way to help\nprevent simultaneous updates of a policy from overwriting each other.\nIt is strongly suggested that systems make use of the `etag` in the\nread-modify-write cycle to perform policy updates in order to avoid race\nconditions: An `etag` is returned in the response to `getIamPolicy`, and\nsystems are expected to put that etag in the request to `setIamPolicy` to\nensure that their change will be applied to the same version of the policy.\n\nIf no `etag` is provided in the call to `setIamPolicy`, then the existing\npolicy is overwritten blindly.", + "format": "byte", + "type": "string" + }, + "version": { + "description": "Deprecated.", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "PolicyDelta": { + "description": "The difference delta between two policies.", + "id": "PolicyDelta", + "properties": { + "bindingDeltas": { + "description": "The delta for Bindings between two policies.", + "items": { + "$ref": "BindingDelta" + }, + "type": "array" + } + }, + "type": "object" + }, + "QueryAuditableServicesRequest": { + "description": "A request to get the list of auditable services for a resource.", + "id": "QueryAuditableServicesRequest", + "properties": { + "fullResourceName": { + "description": "Required. The full resource name to query from the list of auditable\nservices.\n\nThe name follows the Google Cloud Platform resource format.\nFor example, a Cloud Platform project with id `my-project` will be named\n`//cloudresourcemanager.googleapis.com/projects/my-project`.", + "type": "string" + } + }, + "type": "object" + }, + "QueryAuditableServicesResponse": { + "description": "A response containing a list of auditable services for a resource.", + "id": "QueryAuditableServicesResponse", + "properties": { + "services": { + "description": "The auditable services for a resource.", + "items": { + "$ref": "AuditableService" + }, + "type": "array" + } + }, + "type": "object" + }, + "QueryGrantableRolesRequest": { + "description": "The grantable role query request.", + "id": "QueryGrantableRolesRequest", + "properties": { + "fullResourceName": { + "description": "Required. The full resource name to query from the list of grantable roles.\n\nThe name follows the Google Cloud Platform resource format.\nFor example, a Cloud Platform project with id `my-project` will be named\n`//cloudresourcemanager.googleapis.com/projects/my-project`.", + "type": "string" + }, + "pageSize": { + "description": "Optional limit on the number of roles to include in the response.", + "format": "int32", + "type": "integer" + }, + "pageToken": { + "description": "Optional pagination token returned in an earlier\nQueryGrantableRolesResponse.", + "type": "string" + }, + "view": { + "enum": [ + "BASIC", + "FULL" + ], + "enumDescriptions": [ + "Omits the `included_permissions` field.\nThis is the default value.", + "Returns all fields." + ], + "type": "string" + } + }, + "type": "object" + }, + "QueryGrantableRolesResponse": { + "description": "The grantable role query response.", + "id": "QueryGrantableRolesResponse", + "properties": { + "nextPageToken": { + "description": "To retrieve the next page of results, set\n`QueryGrantableRolesRequest.page_token` to this value.", + "type": "string" + }, + "roles": { + "description": "The list of matching roles.", + "items": { + "$ref": "Role" + }, + "type": "array" + } + }, + "type": "object" + }, + "QueryTestablePermissionsRequest": { + "description": "A request to get permissions which can be tested on a resource.", + "id": "QueryTestablePermissionsRequest", + "properties": { + "fullResourceName": { + "description": "Required. The full resource name to query from the list of testable\npermissions.\n\nThe name follows the Google Cloud Platform resource format.\nFor example, a Cloud Platform project with id `my-project` will be named\n`//cloudresourcemanager.googleapis.com/projects/my-project`.", + "type": "string" + }, + "pageSize": { + "description": "Optional limit on the number of permissions to include in the response.", + "format": "int32", + "type": "integer" + }, + "pageToken": { + "description": "Optional pagination token returned in an earlier\nQueryTestablePermissionsRequest.", + "type": "string" + } + }, + "type": "object" + }, + "QueryTestablePermissionsResponse": { + "description": "The response containing permissions which can be tested on a resource.", + "id": "QueryTestablePermissionsResponse", + "properties": { + "nextPageToken": { + "description": "To retrieve the next page of results, set\n`QueryTestableRolesRequest.page_token` to this value.", + "type": "string" + }, + "permissions": { + "description": "The Permissions testable on the requested resource.", + "items": { + "$ref": "Permission" + }, + "type": "array" + } + }, + "type": "object" + }, + "Role": { + "description": "A role in the Identity and Access Management API.", + "id": "Role", + "properties": { + "deleted": { + "description": "The current deleted state of the role. This field is read only.\nIt will be ignored in calls to CreateRole and UpdateRole.", + "type": "boolean" + }, + "description": { + "description": "Optional. A human-readable description for the role.", + "type": "string" + }, + "etag": { + "description": "Used to perform a consistent read-modify-write.", + "format": "byte", + "type": "string" + }, + "includedPermissions": { + "description": "The names of the permissions this role grants when bound in an IAM policy.", + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "description": "The name of the role.\n\nWhen Role is used in CreateRole, the role name must not be set.\n\nWhen Role is used in output and other input such as UpdateRole, the role\nname is the complete path, e.g., roles/logging.viewer for curated roles\nand organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.", + "type": "string" + }, + "stage": { + "description": "The current launch stage of the role.", + "enum": [ + "ALPHA", + "BETA", + "GA", + "DEPRECATED", + "DISABLED", + "EAP" + ], + "enumDescriptions": [ + "The user has indicated this role is currently in an alpha phase.", + "The user has indicated this role is currently in a beta phase.", + "The user has indicated this role is generally available.", + "The user has indicated this role is being deprecated.", + "This role is disabled and will not contribute permissions to any members\nit is granted to in policies.", + "The user has indicated this role is currently in an eap phase." + ], + "type": "string" + }, + "title": { + "description": "Optional. A human-readable title for the role. Typically this\nis limited to 100 UTF-8 bytes.", + "type": "string" } - } - } - }, - "parameters": { - "access_token": { - "description": "OAuth access token.", - "type": "string", - "location": "query" - }, - "key": { - "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.", - "type": "string", - "location": "query" - }, - "quotaUser": { - "location": "query", - "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.", - "type": "string" + }, + "type": "object" }, - "pp": { - "location": "query", - "description": "Pretty-print response.", - "type": "boolean", - "default": "true" + "ServiceAccount": { + "description": "A service account in the Identity and Access Management API.\n\nTo create a service account, specify the `project_id` and the `account_id`\nfor the account. The `account_id` is unique within the project, and is used\nto generate the service account email address and a stable\n`unique_id`.\n\nIf the account already exists, the account's resource name is returned\nin the format of projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. The caller\ncan use the name in other methods to access the account.\n\nAll other methods can identify the service account using the format\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.\nUsing `-` as a wildcard for the `PROJECT_ID` will infer the project from\nthe account. The `ACCOUNT` value can be the `email` address or the\n`unique_id` of the service account.", + "id": "ServiceAccount", + "properties": { + "displayName": { + "description": "Optional. A user-specified description of the service account. Must be\nfewer than 100 UTF-8 bytes.", + "type": "string" + }, + "email": { + "description": "@OutputOnly The email address of the service account.", + "type": "string" + }, + "etag": { + "description": "Used to perform a consistent read-modify-write.", + "format": "byte", + "type": "string" + }, + "name": { + "description": "The resource name of the service account in the following format:\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.\n\nRequests using `-` as a wildcard for the `PROJECT_ID` will infer the\nproject from the `account` and the `ACCOUNT` value can be the `email`\naddress or the `unique_id` of the service account.\n\nIn responses the resource name will always be in the format\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.", + "type": "string" + }, + "oauth2ClientId": { + "description": "@OutputOnly The OAuth2 client id for the service account.\nThis is used in conjunction with the OAuth2 clientconfig API to make\nthree legged OAuth2 (3LO) flows to access the data of Google users.", + "type": "string" + }, + "projectId": { + "description": "@OutputOnly The id of the project that owns the service account.", + "type": "string" + }, + "uniqueId": { + "description": "@OutputOnly The unique and stable id of the service account.", + "type": "string" + } + }, + "type": "object" }, - "bearer_token": { - "location": "query", - "description": "OAuth bearer token.", - "type": "string" + "ServiceAccountKey": { + "description": "Represents a service account key.\n\nA service account has two sets of key-pairs: user-managed, and\nsystem-managed.\n\nUser-managed key-pairs can be created and deleted by users. Users are\nresponsible for rotating these keys periodically to ensure security of\ntheir service accounts. Users retain the private key of these key-pairs,\nand Google retains ONLY the public key.\n\nSystem-managed key-pairs are managed automatically by Google, and rotated\ndaily without user intervention. The private key never leaves Google's\nservers to maximize security.\n\nPublic keys for all service accounts are also published at the OAuth2\nService Account API.", + "id": "ServiceAccountKey", + "properties": { + "keyAlgorithm": { + "description": "Specifies the algorithm (and possibly key size) for the key.", + "enum": [ + "KEY_ALG_UNSPECIFIED", + "KEY_ALG_RSA_1024", + "KEY_ALG_RSA_2048" + ], + "enumDescriptions": [ + "An unspecified key algorithm.", + "1k RSA Key.", + "2k RSA Key." + ], + "type": "string" + }, + "name": { + "description": "The resource name of the service account key in the following format\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`.", + "type": "string" + }, + "privateKeyData": { + "description": "The private key data. Only provided in `CreateServiceAccountKey`\nresponses. Make sure to keep the private key data secure because it\nallows for the assertion of the service account identity.\nWhen decoded, the private key data can be used to authenticate with\nGoogle API client libraries and with\n\u003ca href=\"/sdk/gcloud/reference/auth/activate-service-account\"\u003egcloud\nauth activate-service-account\u003c/a\u003e.", + "format": "byte", + "type": "string" + }, + "privateKeyType": { + "description": "The output format for the private key.\nOnly provided in `CreateServiceAccountKey` responses, not\nin `GetServiceAccountKey` or `ListServiceAccountKey` responses.\n\nGoogle never exposes system-managed private keys, and never retains\nuser-managed private keys.", + "enum": [ + "TYPE_UNSPECIFIED", + "TYPE_PKCS12_FILE", + "TYPE_GOOGLE_CREDENTIALS_FILE" + ], + "enumDescriptions": [ + "Unspecified. Equivalent to `TYPE_GOOGLE_CREDENTIALS_FILE`.", + "PKCS12 format.\nThe password for the PKCS12 file is `notasecret`.\nFor more information, see https://tools.ietf.org/html/rfc7292.", + "Google Credentials File format." + ], + "type": "string" + }, + "publicKeyData": { + "description": "The public key data. Only provided in `GetServiceAccountKey` responses.", + "format": "byte", + "type": "string" + }, + "validAfterTime": { + "description": "The key can be used after this timestamp.", + "format": "google-datetime", + "type": "string" + }, + "validBeforeTime": { + "description": "The key can be used before this timestamp.", + "format": "google-datetime", + "type": "string" + } + }, + "type": "object" }, - "oauth_token": { - "description": "OAuth 2.0 token for the current user.", - "type": "string", - "location": "query" + "SetIamPolicyRequest": { + "description": "Request message for `SetIamPolicy` method.", + "id": "SetIamPolicyRequest", + "properties": { + "policy": { + "$ref": "Policy", + "description": "REQUIRED: The complete policy to be applied to the `resource`. The size of\nthe policy is limited to a few 10s of KB. An empty policy is a\nvalid policy but certain Cloud Platform services (such as Projects)\nmight reject them." + }, + "updateMask": { + "description": "OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only\nthe fields in the mask will be modified. If no mask is provided, the\nfollowing default mask is used:\npaths: \"bindings, etag\"\nThis field is only used by Cloud IAM.", + "format": "google-fieldmask", + "type": "string" + } + }, + "type": "object" }, - "upload_protocol": { - "location": "query", - "description": "Upload protocol for media (e.g. \"raw\", \"multipart\").", - "type": "string" + "SignBlobRequest": { + "description": "The service account sign blob request.", + "id": "SignBlobRequest", + "properties": { + "bytesToSign": { + "description": "The bytes to sign.", + "format": "byte", + "type": "string" + } + }, + "type": "object" }, - "prettyPrint": { - "location": "query", - "description": "Returns response with indentations and line breaks.", - "type": "boolean", - "default": "true" + "SignBlobResponse": { + "description": "The service account sign blob response.", + "id": "SignBlobResponse", + "properties": { + "keyId": { + "description": "The id of the key used to sign the blob.", + "type": "string" + }, + "signature": { + "description": "The signed blob.", + "format": "byte", + "type": "string" + } + }, + "type": "object" }, - "fields": { - "location": "query", - "description": "Selector specifying which fields to include in a partial response.", - "type": "string" + "SignJwtRequest": { + "description": "The service account sign JWT request.", + "id": "SignJwtRequest", + "properties": { + "payload": { + "description": "The JWT payload to sign, a JSON JWT Claim set.", + "type": "string" + } + }, + "type": "object" }, - "uploadType": { - "description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").", - "type": "string", - "location": "query" + "SignJwtResponse": { + "description": "The service account sign JWT response.", + "id": "SignJwtResponse", + "properties": { + "keyId": { + "description": "The id of the key used to sign the JWT.", + "type": "string" + }, + "signedJwt": { + "description": "The signed JWT.", + "type": "string" + } + }, + "type": "object" }, - "callback": { - "description": "JSONP", - "type": "string", - "location": "query" + "TestIamPermissionsRequest": { + "description": "Request message for `TestIamPermissions` method.", + "id": "TestIamPermissionsRequest", + "properties": { + "permissions": { + "description": "The set of permissions to check for the `resource`. Permissions with\nwildcards (such as '*' or 'storage.*') are not allowed. For more\ninformation see\n[IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" }, - "$.xgafv": { - "description": "V1 error format.", - "type": "string", - "enumDescriptions": [ - "v1 error format", - "v2 error format" - ], - "location": "query", - "enum": [ - "1", - "2" - ] + "TestIamPermissionsResponse": { + "description": "Response message for `TestIamPermissions` method.", + "id": "TestIamPermissionsResponse", + "properties": { + "permissions": { + "description": "A subset of `TestPermissionsRequest.permissions` that the caller is\nallowed.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" }, - "alt": { - "enum": [ - "json", - "media", - "proto" - ], - "type": "string", - "enumDescriptions": [ - "Responses with Content-Type of application/json", - "Media download with context-dependent Content-Type", - "Responses with Content-Type of application/x-protobuf" - ], - "location": "query", - "description": "Data format for response.", - "default": "json" + "UndeleteRoleRequest": { + "description": "The request to undelete an existing role.", + "id": "UndeleteRoleRequest", + "properties": { + "etag": { + "description": "Used to perform a consistent read-modify-write.", + "format": "byte", + "type": "string" + } + }, + "type": "object" } }, - "version": "v1", - "baseUrl": "https://iam.googleapis.com/", "servicePath": "", - "description": "Manages identity and access control for Google Cloud Platform resources, including the creation of service accounts, which you can use to authenticate to Google and make API calls.", - "kind": "discovery#restDescription", - "basePath": "", - "id": "iam:v1", - "documentationLink": "https://cloud.google.com/iam/", - "revision": "20180118", - "discoveryVersion": "v1", + "title": "Google Identity and Access Management (IAM) API", + "version": "v1", "version_module": true -} +} \ No newline at end of file diff --git a/vendor/google.golang.org/api/iam/v1/iam-gen.go b/vendor/google.golang.org/api/iam/v1/iam-gen.go index 2e6eab6738b7..480409431ba1 100644 --- a/vendor/google.golang.org/api/iam/v1/iam-gen.go +++ b/vendor/google.golang.org/api/iam/v1/iam-gen.go @@ -180,6 +180,100 @@ type RolesService struct { s *Service } +// AuditConfig: Specifies the audit configuration for a service. +// The configuration determines which permission types are logged, and +// what +// identities, if any, are exempted from logging. +// An AuditConfig must have one or more AuditLogConfigs. +// +// If there are AuditConfigs for both `allServices` and a specific +// service, +// the union of the two AuditConfigs is used for that service: the +// log_types +// specified in each AuditConfig are enabled, and the exempted_members +// in each +// AuditLogConfig are exempted. +// +// Example Policy with multiple AuditConfigs: +// +// { +// "audit_configs": [ +// { +// "service": "allServices" +// "audit_log_configs": [ +// { +// "log_type": "DATA_READ", +// "exempted_members": [ +// "user:foo@gmail.com" +// ] +// }, +// { +// "log_type": "DATA_WRITE", +// }, +// { +// "log_type": "ADMIN_READ", +// } +// ] +// }, +// { +// "service": "fooservice.googleapis.com" +// "audit_log_configs": [ +// { +// "log_type": "DATA_READ", +// }, +// { +// "log_type": "DATA_WRITE", +// "exempted_members": [ +// "user:bar@gmail.com" +// ] +// } +// ] +// } +// ] +// } +// +// For fooservice, this policy enables DATA_READ, DATA_WRITE and +// ADMIN_READ +// logging. It also exempts foo@gmail.com from DATA_READ logging, +// and +// bar@gmail.com from DATA_WRITE logging. +type AuditConfig struct { + // AuditLogConfigs: The configuration for logging of each type of + // permission. + // Next ID: 4 + AuditLogConfigs []*AuditLogConfig `json:"auditLogConfigs,omitempty"` + + // Service: Specifies a service that will be enabled for audit + // logging. + // For example, `storage.googleapis.com`, + // `cloudsql.googleapis.com`. + // `allServices` is a special value that covers all services. + Service string `json:"service,omitempty"` + + // ForceSendFields is a list of field names (e.g. "AuditLogConfigs") to + // unconditionally include in API requests. By default, fields with + // empty values are omitted from API requests. However, any non-pointer, + // non-interface field appearing in ForceSendFields will be sent to the + // server regardless of whether the field is empty or not. This may be + // used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "AuditLogConfigs") to + // include in API requests with the JSON null value. By default, fields + // with empty values are omitted from API requests. However, any field + // with an empty value appearing in NullFields will be sent to the + // server as null. It is an error if a field in this list has a + // non-empty value. This may be used to include null fields in Patch + // requests. + NullFields []string `json:"-"` +} + +func (s *AuditConfig) MarshalJSON() ([]byte, error) { + type NoMethod AuditConfig + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // AuditData: Audit log information specific to Cloud IAM. This message // is serialized // as an `Any` type in the `ServiceData` message of an @@ -212,6 +306,67 @@ func (s *AuditData) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// AuditLogConfig: Provides the configuration for logging a type of +// permissions. +// Example: +// +// { +// "audit_log_configs": [ +// { +// "log_type": "DATA_READ", +// "exempted_members": [ +// "user:foo@gmail.com" +// ] +// }, +// { +// "log_type": "DATA_WRITE", +// } +// ] +// } +// +// This enables 'DATA_READ' and 'DATA_WRITE' logging, while +// exempting +// foo@gmail.com from DATA_READ logging. +type AuditLogConfig struct { + // ExemptedMembers: Specifies the identities that do not cause logging + // for this type of + // permission. + // Follows the same format of Binding.members. + ExemptedMembers []string `json:"exemptedMembers,omitempty"` + + // LogType: The log type that this config enables. + // + // Possible values: + // "LOG_TYPE_UNSPECIFIED" - Default case. Should never be this. + // "ADMIN_READ" - Admin reads. Example: CloudIAM getIamPolicy + // "DATA_WRITE" - Data writes. Example: CloudSQL Users create + // "DATA_READ" - Data reads. Example: CloudSQL Users list + LogType string `json:"logType,omitempty"` + + // ForceSendFields is a list of field names (e.g. "ExemptedMembers") to + // unconditionally include in API requests. By default, fields with + // empty values are omitted from API requests. However, any non-pointer, + // non-interface field appearing in ForceSendFields will be sent to the + // server regardless of whether the field is empty or not. This may be + // used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "ExemptedMembers") to + // include in API requests with the JSON null value. By default, fields + // with empty values are omitted from API requests. However, any field + // with an empty value appearing in NullFields will be sent to the + // server as null. It is an error if a field in this list has a + // non-empty value. This may be used to include null fields in Patch + // requests. + NullFields []string `json:"-"` +} + +func (s *AuditLogConfig) MarshalJSON() ([]byte, error) { + type NoMethod AuditLogConfig + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // AuditableService: Contains information about an auditable service. type AuditableService struct { // Name: Public name of the service. @@ -702,6 +857,10 @@ func (s *Permission) MarshalJSON() ([]byte, error) { // For a description of IAM and its features, see the // [IAM developer's guide](https://cloud.google.com/iam/docs). type Policy struct { + // AuditConfigs: Specifies cloud audit logging configuration for this + // policy. + AuditConfigs []*AuditConfig `json:"auditConfigs,omitempty"` + // Bindings: Associates a list of `members` to a `role`. // `bindings` with no members will result in an error. Bindings []*Binding `json:"bindings,omitempty"` @@ -733,7 +892,7 @@ type Policy struct { // server. googleapi.ServerResponse `json:"-"` - // ForceSendFields is a list of field names (e.g. "Bindings") to + // ForceSendFields is a list of field names (e.g. "AuditConfigs") to // unconditionally include in API requests. By default, fields with // empty values are omitted from API requests. However, any non-pointer, // non-interface field appearing in ForceSendFields will be sent to the @@ -741,10 +900,10 @@ type Policy struct { // used to include empty fields in Patch requests. ForceSendFields []string `json:"-"` - // NullFields is a list of field names (e.g. "Bindings") to include in - // API requests with the JSON null value. By default, fields with empty - // values are omitted from API requests. However, any field with an - // empty value appearing in NullFields will be sent to the server as + // NullFields is a list of field names (e.g. "AuditConfigs") to include + // in API requests with the JSON null value. By default, fields with + // empty values are omitted from API requests. However, any field with + // an empty value appearing in NullFields will be sent to the server as // null. It is an error if a field in this list has a non-empty value. // This may be used to include null fields in Patch requests. NullFields []string `json:"-"` @@ -1314,6 +1473,15 @@ type SetIamPolicyRequest struct { // might reject them. Policy *Policy `json:"policy,omitempty"` + // UpdateMask: OPTIONAL: A FieldMask specifying which fields of the + // policy to modify. Only + // the fields in the mask will be modified. If no mask is provided, + // the + // following default mask is used: + // paths: "bindings, etag" + // This field is only used by Cloud IAM. + UpdateMask string `json:"updateMask,omitempty"` + // ForceSendFields is a list of field names (e.g. "Policy") to // unconditionally include in API requests. By default, fields with // empty values are omitted from API requests. However, any non-pointer, diff --git a/vendor/google.golang.org/api/oauth2/v2/oauth2-api.json b/vendor/google.golang.org/api/oauth2/v2/oauth2-api.json index 67a03786587c..9cae4a86637b 100644 --- a/vendor/google.golang.org/api/oauth2/v2/oauth2-api.json +++ b/vendor/google.golang.org/api/oauth2/v2/oauth2-api.json @@ -1,294 +1,294 @@ { - "kind": "discovery#restDescription", - "etag": "\"YWOzh2SDasdU84ArJnpYek-OMdg/UI_PjeJG3puXfKEXm-20UHWIhYQ\"", - "discoveryVersion": "v1", - "id": "oauth2:v2", - "name": "oauth2", - "version": "v2", - "revision": "20170807", - "title": "Google OAuth2 API", - "description": "Obtains end-user authorization grants for use with other Google APIs.", - "ownerDomain": "google.com", - "ownerName": "Google", - "icons": { - "x16": "https://www.gstatic.com/images/branding/product/1x/googleg_16dp.png", - "x32": "https://www.gstatic.com/images/branding/product/1x/googleg_32dp.png" - }, - "documentationLink": "https://developers.google.com/accounts/docs/OAuth2", - "protocol": "rest", - "baseUrl": "https://www.googleapis.com/", - "basePath": "/", - "rootUrl": "https://www.googleapis.com/", - "servicePath": "", - "batchPath": "batch/oauth2/v2", - "parameters": { - "alt": { - "type": "string", - "description": "Data format for the response.", - "default": "json", - "enum": [ - "json" - ], - "enumDescriptions": [ - "Responses with Content-Type of application/json" - ], - "location": "query" - }, - "fields": { - "type": "string", - "description": "Selector specifying which fields to include in a partial response.", - "location": "query" - }, - "key": { - "type": "string", - "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.", - "location": "query" - }, - "oauth_token": { - "type": "string", - "description": "OAuth 2.0 token for the current user.", - "location": "query" - }, - "prettyPrint": { - "type": "boolean", - "description": "Returns response with indentations and line breaks.", - "default": "true", - "location": "query" + "auth": { + "oauth2": { + "scopes": { + "https://www.googleapis.com/auth/plus.login": { + "description": "Know the list of people in your circles, your age range, and language" + }, + "https://www.googleapis.com/auth/plus.me": { + "description": "Know who you are on Google" + }, + "https://www.googleapis.com/auth/userinfo.email": { + "description": "View your email address" + }, + "https://www.googleapis.com/auth/userinfo.profile": { + "description": "View your basic profile info" + } + } + } }, - "quotaUser": { - "type": "string", - "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. Overrides userIp if both are provided.", - "location": "query" + "basePath": "/", + "baseUrl": "https://www.googleapis.com/", + "batchPath": "batch/oauth2/v2", + "description": "Obtains end-user authorization grants for use with other Google APIs.", + "discoveryVersion": "v1", + "documentationLink": "https://developers.google.com/accounts/docs/OAuth2", + "etag": "\"-iA1DTNe4s-I6JZXPt1t1Ypy8IU/aptYwkK59DHRE1vI13GjvaLFO4s\"", + "icons": { + "x16": "https://www.gstatic.com/images/branding/product/1x/googleg_16dp.png", + "x32": "https://www.gstatic.com/images/branding/product/1x/googleg_32dp.png" }, - "userIp": { - "type": "string", - "description": "IP address of the site where the request originates. Use this if you want to enforce per-user limits.", - "location": "query" - } - }, - "auth": { - "oauth2": { - "scopes": { - "https://www.googleapis.com/auth/plus.login": { - "description": "Know the list of people in your circles, your age range, and language" - }, - "https://www.googleapis.com/auth/plus.me": { - "description": "Know who you are on Google" - }, - "https://www.googleapis.com/auth/userinfo.email": { - "description": "View your email address" + "id": "oauth2:v2", + "kind": "discovery#restDescription", + "methods": { + "getCertForOpenIdConnect": { + "httpMethod": "GET", + "id": "oauth2.getCertForOpenIdConnect", + "path": "oauth2/v2/certs", + "response": { + "$ref": "Jwk" + } }, - "https://www.googleapis.com/auth/userinfo.profile": { - "description": "View your basic profile info" - } - } - } - }, - "schemas": { - "Jwk": { - "id": "Jwk", - "type": "object", - "properties": { - "keys": { - "type": "array", - "items": { - "type": "object", - "properties": { - "alg": { - "type": "string", - "default": "RS256" - }, - "e": { - "type": "string" - }, - "kid": { - "type": "string" - }, - "kty": { - "type": "string", - "default": "RSA" - }, - "n": { - "type": "string" - }, - "use": { - "type": "string", - "default": "sig" - } + "tokeninfo": { + "httpMethod": "POST", + "id": "oauth2.tokeninfo", + "parameters": { + "access_token": { + "location": "query", + "type": "string" + }, + "id_token": { + "location": "query", + "type": "string" + }, + "token_handle": { + "location": "query", + "type": "string" + } + }, + "path": "oauth2/v2/tokeninfo", + "response": { + "$ref": "Tokeninfo" } - } } - } }, - "Tokeninfo": { - "id": "Tokeninfo", - "type": "object", - "properties": { - "access_type": { - "type": "string", - "description": "The access type granted with this token. It can be offline or online." - }, - "audience": { - "type": "string", - "description": "Who is the intended audience for this token. In general the same as issued_to." - }, - "email": { - "type": "string", - "description": "The email address of the user. Present only if the email scope is present in the request." + "name": "oauth2", + "ownerDomain": "google.com", + "ownerName": "Google", + "parameters": { + "alt": { + "default": "json", + "description": "Data format for the response.", + "enum": [ + "json" + ], + "enumDescriptions": [ + "Responses with Content-Type of application/json" + ], + "location": "query", + "type": "string" }, - "expires_in": { - "type": "integer", - "description": "The expiry time of the token, as number of seconds left until expiry.", - "format": "int32" + "fields": { + "description": "Selector specifying which fields to include in a partial response.", + "location": "query", + "type": "string" }, - "issued_to": { - "type": "string", - "description": "To whom was the token issued to. In general the same as audience." + "key": { + "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.", + "location": "query", + "type": "string" }, - "scope": { - "type": "string", - "description": "The space separated list of scopes granted to this token." + "oauth_token": { + "description": "OAuth 2.0 token for the current user.", + "location": "query", + "type": "string" }, - "token_handle": { - "type": "string", - "description": "The token handle associated with this token." + "prettyPrint": { + "default": "true", + "description": "Returns response with indentations and line breaks.", + "location": "query", + "type": "boolean" }, - "user_id": { - "type": "string", - "description": "The obfuscated user id." + "quotaUser": { + "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. Overrides userIp if both are provided.", + "location": "query", + "type": "string" }, - "verified_email": { - "type": "boolean", - "description": "Boolean flag which is true if the email address is verified. Present only if the email scope is present in the request." + "userIp": { + "description": "IP address of the site where the request originates. Use this if you want to enforce per-user limits.", + "location": "query", + "type": "string" } - } }, - "Userinfoplus": { - "id": "Userinfoplus", - "type": "object", - "properties": { - "email": { - "type": "string", - "description": "The user's email address." - }, - "family_name": { - "type": "string", - "description": "The user's last name." - }, - "gender": { - "type": "string", - "description": "The user's gender." - }, - "given_name": { - "type": "string", - "description": "The user's first name." - }, - "hd": { - "type": "string", - "description": "The hosted domain e.g. example.com if the user is Google apps user." - }, - "id": { - "type": "string", - "description": "The obfuscated ID of the user." - }, - "link": { - "type": "string", - "description": "URL of the profile page." - }, - "locale": { - "type": "string", - "description": "The user's preferred locale." - }, - "name": { - "type": "string", - "description": "The user's full name." - }, - "picture": { - "type": "string", - "description": "URL of the user's picture image." - }, - "verified_email": { - "type": "boolean", - "description": "Boolean flag which is true if the email address is verified. Always verified because we only return the user's primary email address.", - "default": "true" + "protocol": "rest", + "resources": { + "userinfo": { + "methods": { + "get": { + "httpMethod": "GET", + "id": "oauth2.userinfo.get", + "path": "oauth2/v2/userinfo", + "response": { + "$ref": "Userinfoplus" + }, + "scopes": [ + "https://www.googleapis.com/auth/plus.login", + "https://www.googleapis.com/auth/plus.me", + "https://www.googleapis.com/auth/userinfo.email", + "https://www.googleapis.com/auth/userinfo.profile" + ] + } + }, + "resources": { + "v2": { + "resources": { + "me": { + "methods": { + "get": { + "httpMethod": "GET", + "id": "oauth2.userinfo.v2.me.get", + "path": "userinfo/v2/me", + "response": { + "$ref": "Userinfoplus" + }, + "scopes": [ + "https://www.googleapis.com/auth/plus.login", + "https://www.googleapis.com/auth/plus.me", + "https://www.googleapis.com/auth/userinfo.email", + "https://www.googleapis.com/auth/userinfo.profile" + ] + } + } + } + } + } + } } - } - } - }, - "methods": { - "getCertForOpenIdConnect": { - "id": "oauth2.getCertForOpenIdConnect", - "path": "oauth2/v2/certs", - "httpMethod": "GET", - "response": { - "$ref": "Jwk" - } }, - "tokeninfo": { - "id": "oauth2.tokeninfo", - "path": "oauth2/v2/tokeninfo", - "httpMethod": "POST", - "parameters": { - "access_token": { - "type": "string", - "location": "query" + "revision": "20180108", + "rootUrl": "https://www.googleapis.com/", + "schemas": { + "Jwk": { + "id": "Jwk", + "properties": { + "keys": { + "items": { + "properties": { + "alg": { + "default": "RS256", + "type": "string" + }, + "e": { + "type": "string" + }, + "kid": { + "type": "string" + }, + "kty": { + "default": "RSA", + "type": "string" + }, + "n": { + "type": "string" + }, + "use": { + "default": "sig", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" }, - "id_token": { - "type": "string", - "location": "query" + "Tokeninfo": { + "id": "Tokeninfo", + "properties": { + "access_type": { + "description": "The access type granted with this token. It can be offline or online.", + "type": "string" + }, + "audience": { + "description": "Who is the intended audience for this token. In general the same as issued_to.", + "type": "string" + }, + "email": { + "description": "The email address of the user. Present only if the email scope is present in the request.", + "type": "string" + }, + "expires_in": { + "description": "The expiry time of the token, as number of seconds left until expiry.", + "format": "int32", + "type": "integer" + }, + "issued_to": { + "description": "To whom was the token issued to. In general the same as audience.", + "type": "string" + }, + "scope": { + "description": "The space separated list of scopes granted to this token.", + "type": "string" + }, + "token_handle": { + "description": "The token handle associated with this token.", + "type": "string" + }, + "user_id": { + "description": "The obfuscated user id.", + "type": "string" + }, + "verified_email": { + "description": "Boolean flag which is true if the email address is verified. Present only if the email scope is present in the request.", + "type": "boolean" + } + }, + "type": "object" }, - "token_handle": { - "type": "string", - "location": "query" - } - }, - "response": { - "$ref": "Tokeninfo" - } - } - }, - "resources": { - "userinfo": { - "methods": { - "get": { - "id": "oauth2.userinfo.get", - "path": "oauth2/v2/userinfo", - "httpMethod": "GET", - "response": { - "$ref": "Userinfoplus" - }, - "scopes": [ - "https://www.googleapis.com/auth/plus.login", - "https://www.googleapis.com/auth/plus.me", - "https://www.googleapis.com/auth/userinfo.email", - "https://www.googleapis.com/auth/userinfo.profile" - ] - } - }, - "resources": { - "v2": { - "resources": { - "me": { - "methods": { - "get": { - "id": "oauth2.userinfo.v2.me.get", - "path": "userinfo/v2/me", - "httpMethod": "GET", - "response": { - "$ref": "Userinfoplus" - }, - "scopes": [ - "https://www.googleapis.com/auth/plus.login", - "https://www.googleapis.com/auth/plus.me", - "https://www.googleapis.com/auth/userinfo.email", - "https://www.googleapis.com/auth/userinfo.profile" - ] + "Userinfoplus": { + "id": "Userinfoplus", + "properties": { + "email": { + "description": "The user's email address.", + "type": "string" + }, + "family_name": { + "description": "The user's last name.", + "type": "string" + }, + "gender": { + "description": "The user's gender.", + "type": "string" + }, + "given_name": { + "description": "The user's first name.", + "type": "string" + }, + "hd": { + "description": "The hosted domain e.g. example.com if the user is Google apps user.", + "type": "string" + }, + "id": { + "description": "The obfuscated ID of the user.", + "type": "string" + }, + "link": { + "description": "URL of the profile page.", + "type": "string" + }, + "locale": { + "description": "The user's preferred locale.", + "type": "string" + }, + "name": { + "description": "The user's full name.", + "type": "string" + }, + "picture": { + "description": "URL of the user's picture image.", + "type": "string" + }, + "verified_email": { + "default": "true", + "description": "Boolean flag which is true if the email address is verified. Always verified because we only return the user's primary email address.", + "type": "boolean" } - } - } - } + }, + "type": "object" } - } - } - } -} + }, + "servicePath": "", + "title": "Google OAuth2 API", + "version": "v2" +} \ No newline at end of file diff --git a/vendor/google.golang.org/api/storage/v1/storage-api.json b/vendor/google.golang.org/api/storage/v1/storage-api.json index 595989a7d9ad..9531065d5f2d 100644 --- a/vendor/google.golang.org/api/storage/v1/storage-api.json +++ b/vendor/google.golang.org/api/storage/v1/storage-api.json @@ -1,3784 +1,3784 @@ { - "kind": "discovery#restDescription", - "etag": "\"YWOzh2SDasdU84ArJnpYek-OMdg/aE5XnXblJMQy68d2aZIGrlTQ05U\"", - "discoveryVersion": "v1", - "id": "storage:v1", - "name": "storage", - "version": "v1", - "revision": "20171212", - "title": "Cloud Storage JSON API", - "description": "Stores and retrieves potentially large, immutable data objects.", - "ownerDomain": "google.com", - "ownerName": "Google", - "icons": { - "x16": "https://www.google.com/images/icons/product/cloud_storage-16.png", - "x32": "https://www.google.com/images/icons/product/cloud_storage-32.png" - }, - "documentationLink": "https://developers.google.com/storage/docs/json_api/", - "labels": [ - "labs" - ], - "protocol": "rest", - "baseUrl": "https://www.googleapis.com/storage/v1/", - "basePath": "/storage/v1/", - "rootUrl": "https://www.googleapis.com/", - "servicePath": "storage/v1/", - "batchPath": "batch/storage/v1", - "parameters": { - "alt": { - "type": "string", - "description": "Data format for the response.", - "default": "json", - "enum": [ - "json" - ], - "enumDescriptions": [ - "Responses with Content-Type of application/json" - ], - "location": "query" - }, - "fields": { - "type": "string", - "description": "Selector specifying which fields to include in a partial response.", - "location": "query" - }, - "key": { - "type": "string", - "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.", - "location": "query" - }, - "oauth_token": { - "type": "string", - "description": "OAuth 2.0 token for the current user.", - "location": "query" - }, - "prettyPrint": { - "type": "boolean", - "description": "Returns response with indentations and line breaks.", - "default": "true", - "location": "query" + "auth": { + "oauth2": { + "scopes": { + "https://www.googleapis.com/auth/cloud-platform": { + "description": "View and manage your data across Google Cloud Platform services" + }, + "https://www.googleapis.com/auth/cloud-platform.read-only": { + "description": "View your data across Google Cloud Platform services" + }, + "https://www.googleapis.com/auth/devstorage.full_control": { + "description": "Manage your data and permissions in Google Cloud Storage" + }, + "https://www.googleapis.com/auth/devstorage.read_only": { + "description": "View your data in Google Cloud Storage" + }, + "https://www.googleapis.com/auth/devstorage.read_write": { + "description": "Manage your data in Google Cloud Storage" + } + } + } }, - "quotaUser": { - "type": "string", - "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. Overrides userIp if both are provided.", - "location": "query" + "basePath": "/storage/v1/", + "baseUrl": "https://www.googleapis.com/storage/v1/", + "batchPath": "batch/storage/v1", + "description": "Stores and retrieves potentially large, immutable data objects.", + "discoveryVersion": "v1", + "documentationLink": "https://developers.google.com/storage/docs/json_api/", + "etag": "\"-iA1DTNe4s-I6JZXPt1t1Ypy8IU/jLupXEh5MvYeA2ibX_aBxLuxU28\"", + "icons": { + "x16": "https://www.google.com/images/icons/product/cloud_storage-16.png", + "x32": "https://www.google.com/images/icons/product/cloud_storage-32.png" }, - "userIp": { - "type": "string", - "description": "IP address of the site where the request originates. Use this if you want to enforce per-user limits.", - "location": "query" - } - }, - "auth": { - "oauth2": { - "scopes": { - "https://www.googleapis.com/auth/cloud-platform": { - "description": "View and manage your data across Google Cloud Platform services" + "id": "storage:v1", + "kind": "discovery#restDescription", + "labels": [ + "labs" + ], + "name": "storage", + "ownerDomain": "google.com", + "ownerName": "Google", + "parameters": { + "alt": { + "default": "json", + "description": "Data format for the response.", + "enum": [ + "json" + ], + "enumDescriptions": [ + "Responses with Content-Type of application/json" + ], + "location": "query", + "type": "string" }, - "https://www.googleapis.com/auth/cloud-platform.read-only": { - "description": "View your data across Google Cloud Platform services" + "fields": { + "description": "Selector specifying which fields to include in a partial response.", + "location": "query", + "type": "string" }, - "https://www.googleapis.com/auth/devstorage.full_control": { - "description": "Manage your data and permissions in Google Cloud Storage" + "key": { + "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.", + "location": "query", + "type": "string" }, - "https://www.googleapis.com/auth/devstorage.read_only": { - "description": "View your data in Google Cloud Storage" + "oauth_token": { + "description": "OAuth 2.0 token for the current user.", + "location": "query", + "type": "string" }, - "https://www.googleapis.com/auth/devstorage.read_write": { - "description": "Manage your data in Google Cloud Storage" - } - } - } - }, - "schemas": { - "Bucket": { - "id": "Bucket", - "type": "object", - "description": "A bucket.", - "properties": { - "acl": { - "type": "array", - "description": "Access controls on the bucket.", - "items": { - "$ref": "BucketAccessControl" - }, - "annotations": { - "required": [ - "storage.buckets.update" - ] - } + "prettyPrint": { + "default": "true", + "description": "Returns response with indentations and line breaks.", + "location": "query", + "type": "boolean" }, - "billing": { - "type": "object", - "description": "The bucket's billing configuration.", - "properties": { - "requesterPays": { - "type": "boolean", - "description": "When set to true, Requester Pays is enabled for this bucket." - } - } + "quotaUser": { + "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. Overrides userIp if both are provided.", + "location": "query", + "type": "string" }, - "cors": { - "type": "array", - "description": "The bucket's Cross-Origin Resource Sharing (CORS) configuration.", - "items": { - "type": "object", - "properties": { - "maxAgeSeconds": { - "type": "integer", - "description": "The value, in seconds, to return in the Access-Control-Max-Age header used in preflight responses.", - "format": "int32" - }, - "method": { - "type": "array", - "description": "The list of HTTP methods on which to include CORS response headers, (GET, OPTIONS, POST, etc) Note: \"*\" is permitted in the list of methods, and means \"any method\".", - "items": { - "type": "string" - } - }, - "origin": { - "type": "array", - "description": "The list of Origins eligible to receive CORS response headers. Note: \"*\" is permitted in the list of origins, and means \"any Origin\".", - "items": { - "type": "string" - } - }, - "responseHeader": { - "type": "array", - "description": "The list of HTTP headers other than the simple response headers to give permission for the user-agent to share across domains.", - "items": { - "type": "string" + "userIp": { + "description": "IP address of the site where the request originates. Use this if you want to enforce per-user limits.", + "location": "query", + "type": "string" + } + }, + "protocol": "rest", + "resources": { + "bucketAccessControls": { + "methods": { + "delete": { + "description": "Permanently deletes the ACL entry for the specified entity on the specified bucket.", + "httpMethod": "DELETE", + "id": "storage.bucketAccessControls.delete", + "parameterOrder": [ + "bucket", + "entity" + ], + "parameters": { + "bucket": { + "description": "Name of a bucket.", + "location": "path", + "required": true, + "type": "string" + }, + "entity": { + "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.", + "location": "path", + "required": true, + "type": "string" + }, + "userProject": { + "description": "The project to be billed for this request. Required for Requester Pays buckets.", + "location": "query", + "type": "string" + } + }, + "path": "b/{bucket}/acl/{entity}", + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control" + ] + }, + "get": { + "description": "Returns the ACL entry for the specified entity on the specified bucket.", + "httpMethod": "GET", + "id": "storage.bucketAccessControls.get", + "parameterOrder": [ + "bucket", + "entity" + ], + "parameters": { + "bucket": { + "description": "Name of a bucket.", + "location": "path", + "required": true, + "type": "string" + }, + "entity": { + "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.", + "location": "path", + "required": true, + "type": "string" + }, + "userProject": { + "description": "The project to be billed for this request. Required for Requester Pays buckets.", + "location": "query", + "type": "string" + } + }, + "path": "b/{bucket}/acl/{entity}", + "response": { + "$ref": "BucketAccessControl" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control" + ] + }, + "insert": { + "description": "Creates a new ACL entry on the specified bucket.", + "httpMethod": "POST", + "id": "storage.bucketAccessControls.insert", + "parameterOrder": [ + "bucket" + ], + "parameters": { + "bucket": { + "description": "Name of a bucket.", + "location": "path", + "required": true, + "type": "string" + }, + "userProject": { + "description": "The project to be billed for this request. Required for Requester Pays buckets.", + "location": "query", + "type": "string" + } + }, + "path": "b/{bucket}/acl", + "request": { + "$ref": "BucketAccessControl" + }, + "response": { + "$ref": "BucketAccessControl" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control" + ] + }, + "list": { + "description": "Retrieves ACL entries on the specified bucket.", + "httpMethod": "GET", + "id": "storage.bucketAccessControls.list", + "parameterOrder": [ + "bucket" + ], + "parameters": { + "bucket": { + "description": "Name of a bucket.", + "location": "path", + "required": true, + "type": "string" + }, + "userProject": { + "description": "The project to be billed for this request. Required for Requester Pays buckets.", + "location": "query", + "type": "string" + } + }, + "path": "b/{bucket}/acl", + "response": { + "$ref": "BucketAccessControls" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control" + ] + }, + "patch": { + "description": "Updates an ACL entry on the specified bucket. This method supports patch semantics.", + "httpMethod": "PATCH", + "id": "storage.bucketAccessControls.patch", + "parameterOrder": [ + "bucket", + "entity" + ], + "parameters": { + "bucket": { + "description": "Name of a bucket.", + "location": "path", + "required": true, + "type": "string" + }, + "entity": { + "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.", + "location": "path", + "required": true, + "type": "string" + }, + "userProject": { + "description": "The project to be billed for this request. Required for Requester Pays buckets.", + "location": "query", + "type": "string" + } + }, + "path": "b/{bucket}/acl/{entity}", + "request": { + "$ref": "BucketAccessControl" + }, + "response": { + "$ref": "BucketAccessControl" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control" + ] + }, + "update": { + "description": "Updates an ACL entry on the specified bucket.", + "httpMethod": "PUT", + "id": "storage.bucketAccessControls.update", + "parameterOrder": [ + "bucket", + "entity" + ], + "parameters": { + "bucket": { + "description": "Name of a bucket.", + "location": "path", + "required": true, + "type": "string" + }, + "entity": { + "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.", + "location": "path", + "required": true, + "type": "string" + }, + "userProject": { + "description": "The project to be billed for this request. Required for Requester Pays buckets.", + "location": "query", + "type": "string" + } + }, + "path": "b/{bucket}/acl/{entity}", + "request": { + "$ref": "BucketAccessControl" + }, + "response": { + "$ref": "BucketAccessControl" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control" + ] } - } } - } - }, - "defaultEventBasedHold": { - "type": "boolean", - "description": "Defines the default value for Event-Based hold on newly created objects in this bucket. Event-Based hold is a way to retain objects indefinitely until an event occurs, signified by the hold's release. After being released, such objects will be subject to bucket-level retention (if any). One sample use case of this flag is for banks to hold loan documents for at least 3 years after loan is paid in full. Here bucket-level retention is 3 years and the event is loan being paid in full. In this example these objects will be held intact for any number of years until the event has occurred (hold is released) and then 3 more years after that. Objects under Event-Based hold cannot be deleted, overwritten or archived until the hold is removed." - }, - "defaultObjectAcl": { - "type": "array", - "description": "Default access controls to apply to new objects when no ACL is provided.", - "items": { - "$ref": "ObjectAccessControl" - } - }, - "encryption": { - "type": "object", - "description": "Encryption configuration used by default for newly inserted objects, when no encryption config is specified.", - "properties": { - "defaultKmsKeyName": { - "type": "string", - "description": "A Cloud KMS key that will be used to encrypt objects inserted into this bucket, if no encryption method is specified. Limited availability; usable only by enabled projects." - } - } - }, - "etag": { - "type": "string", - "description": "HTTP 1.1 Entity tag for the bucket." - }, - "id": { - "type": "string", - "description": "The ID of the bucket. For buckets, the id and name properties are the same." - }, - "kind": { - "type": "string", - "description": "The kind of item this is. For buckets, this is always storage#bucket.", - "default": "storage#bucket" - }, - "labels": { - "type": "object", - "description": "User-provided labels, in key/value pairs.", - "additionalProperties": { - "type": "string", - "description": "An individual label entry." - } }, - "lifecycle": { - "type": "object", - "description": "The bucket's lifecycle configuration. See lifecycle management for more information.", - "properties": { - "rule": { - "type": "array", - "description": "A lifecycle management rule, which is made of an action to take and the condition(s) under which the action will be taken.", - "items": { - "type": "object", - "properties": { - "action": { - "type": "object", - "description": "The action to take.", - "properties": { - "storageClass": { - "type": "string", - "description": "Target storage class. Required iff the type of the action is SetStorageClass." - }, - "type": { - "type": "string", - "description": "Type of the action. Currently, only Delete and SetStorageClass are supported." - } - } - }, - "condition": { - "type": "object", - "description": "The condition(s) under which the action will be taken.", - "properties": { - "age": { - "type": "integer", - "description": "Age of an object (in days). This condition is satisfied when an object reaches the specified age.", - "format": "int32" - }, - "createdBefore": { - "type": "string", - "description": "A date in RFC 3339 format with only the date part (for instance, \"2013-01-15\"). This condition is satisfied when an object is created before midnight of the specified date in UTC.", - "format": "date" - }, - "isLive": { - "type": "boolean", - "description": "Relevant only for versioned objects. If the value is true, this condition matches live objects; if the value is false, it matches archived objects." - }, - "matchesStorageClass": { - "type": "array", - "description": "Objects having any of the storage classes specified by this condition will be matched. Values include MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, STANDARD, and DURABLE_REDUCED_AVAILABILITY.", - "items": { - "type": "string" + "buckets": { + "methods": { + "delete": { + "description": "Permanently deletes an empty bucket.", + "httpMethod": "DELETE", + "id": "storage.buckets.delete", + "parameterOrder": [ + "bucket" + ], + "parameters": { + "bucket": { + "description": "Name of a bucket.", + "location": "path", + "required": true, + "type": "string" + }, + "ifMetagenerationMatch": { + "description": "If set, only deletes the bucket if its metageneration matches this value.", + "format": "int64", + "location": "query", + "type": "string" + }, + "ifMetagenerationNotMatch": { + "description": "If set, only deletes the bucket if its metageneration does not match this value.", + "format": "int64", + "location": "query", + "type": "string" + }, + "userProject": { + "description": "The project to be billed for this request. Required for Requester Pays buckets.", + "location": "query", + "type": "string" } - }, - "numNewerVersions": { - "type": "integer", - "description": "Relevant only for versioned objects. If the value is N, this condition is satisfied when there are at least N versions (including the live version) newer than this version of the object.", - "format": "int32" - } - } - } + }, + "path": "b/{bucket}", + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control", + "https://www.googleapis.com/auth/devstorage.read_write" + ] + }, + "get": { + "description": "Returns metadata for the specified bucket.", + "httpMethod": "GET", + "id": "storage.buckets.get", + "parameterOrder": [ + "bucket" + ], + "parameters": { + "bucket": { + "description": "Name of a bucket.", + "location": "path", + "required": true, + "type": "string" + }, + "ifMetagenerationMatch": { + "description": "Makes the return of the bucket metadata conditional on whether the bucket's current metageneration matches the given value.", + "format": "int64", + "location": "query", + "type": "string" + }, + "ifMetagenerationNotMatch": { + "description": "Makes the return of the bucket metadata conditional on whether the bucket's current metageneration does not match the given value.", + "format": "int64", + "location": "query", + "type": "string" + }, + "projection": { + "description": "Set of properties to return. Defaults to noAcl.", + "enum": [ + "full", + "noAcl" + ], + "enumDescriptions": [ + "Include all properties.", + "Omit owner, acl and defaultObjectAcl properties." + ], + "location": "query", + "type": "string" + }, + "userProject": { + "description": "The project to be billed for this request. Required for Requester Pays buckets.", + "location": "query", + "type": "string" + } + }, + "path": "b/{bucket}", + "response": { + "$ref": "Bucket" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/cloud-platform.read-only", + "https://www.googleapis.com/auth/devstorage.full_control", + "https://www.googleapis.com/auth/devstorage.read_only", + "https://www.googleapis.com/auth/devstorage.read_write" + ] + }, + "getIamPolicy": { + "description": "Returns an IAM policy for the specified bucket.", + "httpMethod": "GET", + "id": "storage.buckets.getIamPolicy", + "parameterOrder": [ + "bucket" + ], + "parameters": { + "bucket": { + "description": "Name of a bucket.", + "location": "path", + "required": true, + "type": "string" + }, + "userProject": { + "description": "The project to be billed for this request. Required for Requester Pays buckets.", + "location": "query", + "type": "string" + } + }, + "path": "b/{bucket}/iam", + "response": { + "$ref": "Policy" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/cloud-platform.read-only", + "https://www.googleapis.com/auth/devstorage.full_control", + "https://www.googleapis.com/auth/devstorage.read_only", + "https://www.googleapis.com/auth/devstorage.read_write" + ] + }, + "insert": { + "description": "Creates a new bucket.", + "httpMethod": "POST", + "id": "storage.buckets.insert", + "parameterOrder": [ + "project" + ], + "parameters": { + "predefinedAcl": { + "description": "Apply a predefined set of access controls to this bucket.", + "enum": [ + "authenticatedRead", + "private", + "projectPrivate", + "publicRead", + "publicReadWrite" + ], + "enumDescriptions": [ + "Project team owners get OWNER access, and allAuthenticatedUsers get READER access.", + "Project team owners get OWNER access.", + "Project team members get access according to their roles.", + "Project team owners get OWNER access, and allUsers get READER access.", + "Project team owners get OWNER access, and allUsers get WRITER access." + ], + "location": "query", + "type": "string" + }, + "predefinedDefaultObjectAcl": { + "description": "Apply a predefined set of default object access controls to this bucket.", + "enum": [ + "authenticatedRead", + "bucketOwnerFullControl", + "bucketOwnerRead", + "private", + "projectPrivate", + "publicRead" + ], + "enumDescriptions": [ + "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.", + "Object owner gets OWNER access, and project team owners get OWNER access.", + "Object owner gets OWNER access, and project team owners get READER access.", + "Object owner gets OWNER access.", + "Object owner gets OWNER access, and project team members get access according to their roles.", + "Object owner gets OWNER access, and allUsers get READER access." + ], + "location": "query", + "type": "string" + }, + "project": { + "description": "A valid API project identifier.", + "location": "query", + "required": true, + "type": "string" + }, + "projection": { + "description": "Set of properties to return. Defaults to noAcl, unless the bucket resource specifies acl or defaultObjectAcl properties, when it defaults to full.", + "enum": [ + "full", + "noAcl" + ], + "enumDescriptions": [ + "Include all properties.", + "Omit owner, acl and defaultObjectAcl properties." + ], + "location": "query", + "type": "string" + }, + "userProject": { + "description": "The project to be billed for this request.", + "location": "query", + "type": "string" + } + }, + "path": "b", + "request": { + "$ref": "Bucket" + }, + "response": { + "$ref": "Bucket" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control", + "https://www.googleapis.com/auth/devstorage.read_write" + ] + }, + "list": { + "description": "Retrieves a list of buckets for a given project.", + "httpMethod": "GET", + "id": "storage.buckets.list", + "parameterOrder": [ + "project" + ], + "parameters": { + "maxResults": { + "default": "1000", + "description": "Maximum number of buckets to return in a single response. The service will use this parameter or 1,000 items, whichever is smaller.", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "pageToken": { + "description": "A previously-returned page token representing part of the larger set of results to view.", + "location": "query", + "type": "string" + }, + "prefix": { + "description": "Filter results to buckets whose names begin with this prefix.", + "location": "query", + "type": "string" + }, + "project": { + "description": "A valid API project identifier.", + "location": "query", + "required": true, + "type": "string" + }, + "projection": { + "description": "Set of properties to return. Defaults to noAcl.", + "enum": [ + "full", + "noAcl" + ], + "enumDescriptions": [ + "Include all properties.", + "Omit owner, acl and defaultObjectAcl properties." + ], + "location": "query", + "type": "string" + }, + "userProject": { + "description": "The project to be billed for this request.", + "location": "query", + "type": "string" + } + }, + "path": "b", + "response": { + "$ref": "Buckets" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/cloud-platform.read-only", + "https://www.googleapis.com/auth/devstorage.full_control", + "https://www.googleapis.com/auth/devstorage.read_only", + "https://www.googleapis.com/auth/devstorage.read_write" + ] + }, + "lockRetentionPolicy": { + "description": "Locks retention policy on a bucket.", + "httpMethod": "POST", + "id": "storage.buckets.lockRetentionPolicy", + "parameterOrder": [ + "bucket", + "ifMetagenerationMatch" + ], + "parameters": { + "bucket": { + "description": "Name of a bucket.", + "location": "path", + "required": true, + "type": "string" + }, + "ifMetagenerationMatch": { + "description": "Makes the operation conditional on whether bucket's current metageneration matches the given value.", + "format": "int64", + "location": "query", + "required": true, + "type": "string" + }, + "userProject": { + "description": "The project to be billed for this request. Required for Requester Pays buckets.", + "location": "query", + "type": "string" + } + }, + "path": "b/{bucket}/lockRetentionPolicy", + "response": { + "$ref": "Bucket" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control", + "https://www.googleapis.com/auth/devstorage.read_write" + ] + }, + "patch": { + "description": "Updates a bucket. Changes to the bucket will be readable immediately after writing, but configuration changes may take time to propagate. This method supports patch semantics.", + "httpMethod": "PATCH", + "id": "storage.buckets.patch", + "parameterOrder": [ + "bucket" + ], + "parameters": { + "bucket": { + "description": "Name of a bucket.", + "location": "path", + "required": true, + "type": "string" + }, + "ifMetagenerationMatch": { + "description": "Makes the return of the bucket metadata conditional on whether the bucket's current metageneration matches the given value.", + "format": "int64", + "location": "query", + "type": "string" + }, + "ifMetagenerationNotMatch": { + "description": "Makes the return of the bucket metadata conditional on whether the bucket's current metageneration does not match the given value.", + "format": "int64", + "location": "query", + "type": "string" + }, + "predefinedAcl": { + "description": "Apply a predefined set of access controls to this bucket.", + "enum": [ + "authenticatedRead", + "private", + "projectPrivate", + "publicRead", + "publicReadWrite" + ], + "enumDescriptions": [ + "Project team owners get OWNER access, and allAuthenticatedUsers get READER access.", + "Project team owners get OWNER access.", + "Project team members get access according to their roles.", + "Project team owners get OWNER access, and allUsers get READER access.", + "Project team owners get OWNER access, and allUsers get WRITER access." + ], + "location": "query", + "type": "string" + }, + "predefinedDefaultObjectAcl": { + "description": "Apply a predefined set of default object access controls to this bucket.", + "enum": [ + "authenticatedRead", + "bucketOwnerFullControl", + "bucketOwnerRead", + "private", + "projectPrivate", + "publicRead" + ], + "enumDescriptions": [ + "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.", + "Object owner gets OWNER access, and project team owners get OWNER access.", + "Object owner gets OWNER access, and project team owners get READER access.", + "Object owner gets OWNER access.", + "Object owner gets OWNER access, and project team members get access according to their roles.", + "Object owner gets OWNER access, and allUsers get READER access." + ], + "location": "query", + "type": "string" + }, + "projection": { + "description": "Set of properties to return. Defaults to full.", + "enum": [ + "full", + "noAcl" + ], + "enumDescriptions": [ + "Include all properties.", + "Omit owner, acl and defaultObjectAcl properties." + ], + "location": "query", + "type": "string" + }, + "userProject": { + "description": "The project to be billed for this request. Required for Requester Pays buckets.", + "location": "query", + "type": "string" + } + }, + "path": "b/{bucket}", + "request": { + "$ref": "Bucket" + }, + "response": { + "$ref": "Bucket" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control" + ] + }, + "setIamPolicy": { + "description": "Updates an IAM policy for the specified bucket.", + "httpMethod": "PUT", + "id": "storage.buckets.setIamPolicy", + "parameterOrder": [ + "bucket" + ], + "parameters": { + "bucket": { + "description": "Name of a bucket.", + "location": "path", + "required": true, + "type": "string" + }, + "userProject": { + "description": "The project to be billed for this request. Required for Requester Pays buckets.", + "location": "query", + "type": "string" + } + }, + "path": "b/{bucket}/iam", + "request": { + "$ref": "Policy" + }, + "response": { + "$ref": "Policy" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control", + "https://www.googleapis.com/auth/devstorage.read_write" + ] + }, + "testIamPermissions": { + "description": "Tests a set of permissions on the given bucket to see which, if any, are held by the caller.", + "httpMethod": "GET", + "id": "storage.buckets.testIamPermissions", + "parameterOrder": [ + "bucket", + "permissions" + ], + "parameters": { + "bucket": { + "description": "Name of a bucket.", + "location": "path", + "required": true, + "type": "string" + }, + "permissions": { + "description": "Permissions to test.", + "location": "query", + "repeated": true, + "required": true, + "type": "string" + }, + "userProject": { + "description": "The project to be billed for this request. Required for Requester Pays buckets.", + "location": "query", + "type": "string" + } + }, + "path": "b/{bucket}/iam/testPermissions", + "response": { + "$ref": "TestIamPermissionsResponse" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/cloud-platform.read-only", + "https://www.googleapis.com/auth/devstorage.full_control", + "https://www.googleapis.com/auth/devstorage.read_only", + "https://www.googleapis.com/auth/devstorage.read_write" + ] + }, + "update": { + "description": "Updates a bucket. Changes to the bucket will be readable immediately after writing, but configuration changes may take time to propagate.", + "httpMethod": "PUT", + "id": "storage.buckets.update", + "parameterOrder": [ + "bucket" + ], + "parameters": { + "bucket": { + "description": "Name of a bucket.", + "location": "path", + "required": true, + "type": "string" + }, + "ifMetagenerationMatch": { + "description": "Makes the return of the bucket metadata conditional on whether the bucket's current metageneration matches the given value.", + "format": "int64", + "location": "query", + "type": "string" + }, + "ifMetagenerationNotMatch": { + "description": "Makes the return of the bucket metadata conditional on whether the bucket's current metageneration does not match the given value.", + "format": "int64", + "location": "query", + "type": "string" + }, + "predefinedAcl": { + "description": "Apply a predefined set of access controls to this bucket.", + "enum": [ + "authenticatedRead", + "private", + "projectPrivate", + "publicRead", + "publicReadWrite" + ], + "enumDescriptions": [ + "Project team owners get OWNER access, and allAuthenticatedUsers get READER access.", + "Project team owners get OWNER access.", + "Project team members get access according to their roles.", + "Project team owners get OWNER access, and allUsers get READER access.", + "Project team owners get OWNER access, and allUsers get WRITER access." + ], + "location": "query", + "type": "string" + }, + "predefinedDefaultObjectAcl": { + "description": "Apply a predefined set of default object access controls to this bucket.", + "enum": [ + "authenticatedRead", + "bucketOwnerFullControl", + "bucketOwnerRead", + "private", + "projectPrivate", + "publicRead" + ], + "enumDescriptions": [ + "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.", + "Object owner gets OWNER access, and project team owners get OWNER access.", + "Object owner gets OWNER access, and project team owners get READER access.", + "Object owner gets OWNER access.", + "Object owner gets OWNER access, and project team members get access according to their roles.", + "Object owner gets OWNER access, and allUsers get READER access." + ], + "location": "query", + "type": "string" + }, + "projection": { + "description": "Set of properties to return. Defaults to full.", + "enum": [ + "full", + "noAcl" + ], + "enumDescriptions": [ + "Include all properties.", + "Omit owner, acl and defaultObjectAcl properties." + ], + "location": "query", + "type": "string" + }, + "userProject": { + "description": "The project to be billed for this request. Required for Requester Pays buckets.", + "location": "query", + "type": "string" + } + }, + "path": "b/{bucket}", + "request": { + "$ref": "Bucket" + }, + "response": { + "$ref": "Bucket" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control" + ] } - } } - } }, - "location": { - "type": "string", - "description": "The location of the bucket. Object data for objects in the bucket resides in physical storage within this region. Defaults to US. See the developer's guide for the authoritative list." - }, - "logging": { - "type": "object", - "description": "The bucket's logging configuration, which defines the destination bucket and optional name prefix for the current bucket's logs.", - "properties": { - "logBucket": { - "type": "string", - "description": "The destination bucket where the current bucket's logs should be placed." - }, - "logObjectPrefix": { - "type": "string", - "description": "A prefix for log object names." + "channels": { + "methods": { + "stop": { + "description": "Stop watching resources through this channel", + "httpMethod": "POST", + "id": "storage.channels.stop", + "path": "channels/stop", + "request": { + "$ref": "Channel", + "parameterName": "resource" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/cloud-platform.read-only", + "https://www.googleapis.com/auth/devstorage.full_control", + "https://www.googleapis.com/auth/devstorage.read_only", + "https://www.googleapis.com/auth/devstorage.read_write" + ] + } } - } - }, - "metageneration": { - "type": "string", - "description": "The metadata generation of this bucket.", - "format": "int64" }, - "name": { - "type": "string", - "description": "The name of the bucket.", - "annotations": { - "required": [ - "storage.buckets.insert" - ] - } - }, - "owner": { - "type": "object", - "description": "The owner of the bucket. This is always the project team's owner group.", - "properties": { - "entity": { - "type": "string", - "description": "The entity, in the form project-owner-projectId." - }, - "entityId": { - "type": "string", - "description": "The ID for the entity." + "defaultObjectAccessControls": { + "methods": { + "delete": { + "description": "Permanently deletes the default object ACL entry for the specified entity on the specified bucket.", + "httpMethod": "DELETE", + "id": "storage.defaultObjectAccessControls.delete", + "parameterOrder": [ + "bucket", + "entity" + ], + "parameters": { + "bucket": { + "description": "Name of a bucket.", + "location": "path", + "required": true, + "type": "string" + }, + "entity": { + "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.", + "location": "path", + "required": true, + "type": "string" + }, + "userProject": { + "description": "The project to be billed for this request. Required for Requester Pays buckets.", + "location": "query", + "type": "string" + } + }, + "path": "b/{bucket}/defaultObjectAcl/{entity}", + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control" + ] + }, + "get": { + "description": "Returns the default object ACL entry for the specified entity on the specified bucket.", + "httpMethod": "GET", + "id": "storage.defaultObjectAccessControls.get", + "parameterOrder": [ + "bucket", + "entity" + ], + "parameters": { + "bucket": { + "description": "Name of a bucket.", + "location": "path", + "required": true, + "type": "string" + }, + "entity": { + "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.", + "location": "path", + "required": true, + "type": "string" + }, + "userProject": { + "description": "The project to be billed for this request. Required for Requester Pays buckets.", + "location": "query", + "type": "string" + } + }, + "path": "b/{bucket}/defaultObjectAcl/{entity}", + "response": { + "$ref": "ObjectAccessControl" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control" + ] + }, + "insert": { + "description": "Creates a new default object ACL entry on the specified bucket.", + "httpMethod": "POST", + "id": "storage.defaultObjectAccessControls.insert", + "parameterOrder": [ + "bucket" + ], + "parameters": { + "bucket": { + "description": "Name of a bucket.", + "location": "path", + "required": true, + "type": "string" + }, + "userProject": { + "description": "The project to be billed for this request. Required for Requester Pays buckets.", + "location": "query", + "type": "string" + } + }, + "path": "b/{bucket}/defaultObjectAcl", + "request": { + "$ref": "ObjectAccessControl" + }, + "response": { + "$ref": "ObjectAccessControl" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control" + ] + }, + "list": { + "description": "Retrieves default object ACL entries on the specified bucket.", + "httpMethod": "GET", + "id": "storage.defaultObjectAccessControls.list", + "parameterOrder": [ + "bucket" + ], + "parameters": { + "bucket": { + "description": "Name of a bucket.", + "location": "path", + "required": true, + "type": "string" + }, + "ifMetagenerationMatch": { + "description": "If present, only return default ACL listing if the bucket's current metageneration matches this value.", + "format": "int64", + "location": "query", + "type": "string" + }, + "ifMetagenerationNotMatch": { + "description": "If present, only return default ACL listing if the bucket's current metageneration does not match the given value.", + "format": "int64", + "location": "query", + "type": "string" + }, + "userProject": { + "description": "The project to be billed for this request. Required for Requester Pays buckets.", + "location": "query", + "type": "string" + } + }, + "path": "b/{bucket}/defaultObjectAcl", + "response": { + "$ref": "ObjectAccessControls" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control" + ] + }, + "patch": { + "description": "Updates a default object ACL entry on the specified bucket. This method supports patch semantics.", + "httpMethod": "PATCH", + "id": "storage.defaultObjectAccessControls.patch", + "parameterOrder": [ + "bucket", + "entity" + ], + "parameters": { + "bucket": { + "description": "Name of a bucket.", + "location": "path", + "required": true, + "type": "string" + }, + "entity": { + "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.", + "location": "path", + "required": true, + "type": "string" + }, + "userProject": { + "description": "The project to be billed for this request. Required for Requester Pays buckets.", + "location": "query", + "type": "string" + } + }, + "path": "b/{bucket}/defaultObjectAcl/{entity}", + "request": { + "$ref": "ObjectAccessControl" + }, + "response": { + "$ref": "ObjectAccessControl" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control" + ] + }, + "update": { + "description": "Updates a default object ACL entry on the specified bucket.", + "httpMethod": "PUT", + "id": "storage.defaultObjectAccessControls.update", + "parameterOrder": [ + "bucket", + "entity" + ], + "parameters": { + "bucket": { + "description": "Name of a bucket.", + "location": "path", + "required": true, + "type": "string" + }, + "entity": { + "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.", + "location": "path", + "required": true, + "type": "string" + }, + "userProject": { + "description": "The project to be billed for this request. Required for Requester Pays buckets.", + "location": "query", + "type": "string" + } + }, + "path": "b/{bucket}/defaultObjectAcl/{entity}", + "request": { + "$ref": "ObjectAccessControl" + }, + "response": { + "$ref": "ObjectAccessControl" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control" + ] + } } - } }, - "projectNumber": { - "type": "string", - "description": "The project number of the project the bucket belongs to.", - "format": "uint64" - }, - "retentionPolicy": { - "type": "object", - "description": "Defines the retention policy for a bucket. The Retention policy enforces a minimum retention time for all objects contained in the bucket, based on their creation time. Any attempt to overwrite or delete objects younger than the retention period will result in a PERMISSION_DENIED error. An unlocked retention policy can be modified or removed from the bucket via the UpdateBucketMetadata RPC. A locked retention policy cannot be removed or shortened in duration for the lifetime of the bucket. Attempting to remove or decrease period of a locked retention policy will result in a PERMISSION_DENIED error.", - "properties": { - "effectiveTime": { - "type": "string", - "description": "The time from which policy was enforced and effective. RFC 3339 format.", - "format": "date-time" - }, - "isLocked": { - "type": "boolean", - "description": "Once locked, an object retention policy cannot be modified." - }, - "retentionPeriod": { - "type": "string", - "description": "Specifies the duration that objects need to be retained. Retention duration must be greater than zero and less than 100 years. Note that enforcement of retention periods less than a day is not guaranteed. Such periods should only be used for testing purposes.", - "format": "int64" + "notifications": { + "methods": { + "delete": { + "description": "Permanently deletes a notification subscription.", + "httpMethod": "DELETE", + "id": "storage.notifications.delete", + "parameterOrder": [ + "bucket", + "notification" + ], + "parameters": { + "bucket": { + "description": "The parent bucket of the notification.", + "location": "path", + "required": true, + "type": "string" + }, + "notification": { + "description": "ID of the notification to delete.", + "location": "path", + "required": true, + "type": "string" + }, + "userProject": { + "description": "The project to be billed for this request. Required for Requester Pays buckets.", + "location": "query", + "type": "string" + } + }, + "path": "b/{bucket}/notificationConfigs/{notification}", + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control", + "https://www.googleapis.com/auth/devstorage.read_write" + ] + }, + "get": { + "description": "View a notification configuration.", + "httpMethod": "GET", + "id": "storage.notifications.get", + "parameterOrder": [ + "bucket", + "notification" + ], + "parameters": { + "bucket": { + "description": "The parent bucket of the notification.", + "location": "path", + "required": true, + "type": "string" + }, + "notification": { + "description": "Notification ID", + "location": "path", + "required": true, + "type": "string" + }, + "userProject": { + "description": "The project to be billed for this request. Required for Requester Pays buckets.", + "location": "query", + "type": "string" + } + }, + "path": "b/{bucket}/notificationConfigs/{notification}", + "response": { + "$ref": "Notification" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/cloud-platform.read-only", + "https://www.googleapis.com/auth/devstorage.full_control", + "https://www.googleapis.com/auth/devstorage.read_only", + "https://www.googleapis.com/auth/devstorage.read_write" + ] + }, + "insert": { + "description": "Creates a notification subscription for a given bucket.", + "httpMethod": "POST", + "id": "storage.notifications.insert", + "parameterOrder": [ + "bucket" + ], + "parameters": { + "bucket": { + "description": "The parent bucket of the notification.", + "location": "path", + "required": true, + "type": "string" + }, + "userProject": { + "description": "The project to be billed for this request. Required for Requester Pays buckets.", + "location": "query", + "type": "string" + } + }, + "path": "b/{bucket}/notificationConfigs", + "request": { + "$ref": "Notification" + }, + "response": { + "$ref": "Notification" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control", + "https://www.googleapis.com/auth/devstorage.read_write" + ] + }, + "list": { + "description": "Retrieves a list of notification subscriptions for a given bucket.", + "httpMethod": "GET", + "id": "storage.notifications.list", + "parameterOrder": [ + "bucket" + ], + "parameters": { + "bucket": { + "description": "Name of a Google Cloud Storage bucket.", + "location": "path", + "required": true, + "type": "string" + }, + "userProject": { + "description": "The project to be billed for this request. Required for Requester Pays buckets.", + "location": "query", + "type": "string" + } + }, + "path": "b/{bucket}/notificationConfigs", + "response": { + "$ref": "Notifications" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/cloud-platform.read-only", + "https://www.googleapis.com/auth/devstorage.full_control", + "https://www.googleapis.com/auth/devstorage.read_only", + "https://www.googleapis.com/auth/devstorage.read_write" + ] + } } - } - }, - "selfLink": { - "type": "string", - "description": "The URI of this bucket." }, - "storageClass": { - "type": "string", - "description": "The bucket's default storage class, used whenever no storageClass is specified for a newly-created object. This defines how objects in the bucket are stored and determines the SLA and the cost of storage. Values include MULTI_REGIONAL, REGIONAL, STANDARD, NEARLINE, COLDLINE, and DURABLE_REDUCED_AVAILABILITY. If this value is not specified when the bucket is created, it will default to STANDARD. For more information, see storage classes." - }, - "timeCreated": { - "type": "string", - "description": "The creation time of the bucket in RFC 3339 format.", - "format": "date-time" - }, - "updated": { - "type": "string", - "description": "The modification time of the bucket in RFC 3339 format.", - "format": "date-time" + "objectAccessControls": { + "methods": { + "delete": { + "description": "Permanently deletes the ACL entry for the specified entity on the specified object.", + "httpMethod": "DELETE", + "id": "storage.objectAccessControls.delete", + "parameterOrder": [ + "bucket", + "object", + "entity" + ], + "parameters": { + "bucket": { + "description": "Name of a bucket.", + "location": "path", + "required": true, + "type": "string" + }, + "entity": { + "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.", + "location": "path", + "required": true, + "type": "string" + }, + "generation": { + "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).", + "format": "int64", + "location": "query", + "type": "string" + }, + "object": { + "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", + "location": "path", + "required": true, + "type": "string" + }, + "userProject": { + "description": "The project to be billed for this request. Required for Requester Pays buckets.", + "location": "query", + "type": "string" + } + }, + "path": "b/{bucket}/o/{object}/acl/{entity}", + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control" + ] + }, + "get": { + "description": "Returns the ACL entry for the specified entity on the specified object.", + "httpMethod": "GET", + "id": "storage.objectAccessControls.get", + "parameterOrder": [ + "bucket", + "object", + "entity" + ], + "parameters": { + "bucket": { + "description": "Name of a bucket.", + "location": "path", + "required": true, + "type": "string" + }, + "entity": { + "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.", + "location": "path", + "required": true, + "type": "string" + }, + "generation": { + "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).", + "format": "int64", + "location": "query", + "type": "string" + }, + "object": { + "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", + "location": "path", + "required": true, + "type": "string" + }, + "userProject": { + "description": "The project to be billed for this request. Required for Requester Pays buckets.", + "location": "query", + "type": "string" + } + }, + "path": "b/{bucket}/o/{object}/acl/{entity}", + "response": { + "$ref": "ObjectAccessControl" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control" + ] + }, + "insert": { + "description": "Creates a new ACL entry on the specified object.", + "httpMethod": "POST", + "id": "storage.objectAccessControls.insert", + "parameterOrder": [ + "bucket", + "object" + ], + "parameters": { + "bucket": { + "description": "Name of a bucket.", + "location": "path", + "required": true, + "type": "string" + }, + "generation": { + "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).", + "format": "int64", + "location": "query", + "type": "string" + }, + "object": { + "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", + "location": "path", + "required": true, + "type": "string" + }, + "userProject": { + "description": "The project to be billed for this request. Required for Requester Pays buckets.", + "location": "query", + "type": "string" + } + }, + "path": "b/{bucket}/o/{object}/acl", + "request": { + "$ref": "ObjectAccessControl" + }, + "response": { + "$ref": "ObjectAccessControl" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control" + ] + }, + "list": { + "description": "Retrieves ACL entries on the specified object.", + "httpMethod": "GET", + "id": "storage.objectAccessControls.list", + "parameterOrder": [ + "bucket", + "object" + ], + "parameters": { + "bucket": { + "description": "Name of a bucket.", + "location": "path", + "required": true, + "type": "string" + }, + "generation": { + "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).", + "format": "int64", + "location": "query", + "type": "string" + }, + "object": { + "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", + "location": "path", + "required": true, + "type": "string" + }, + "userProject": { + "description": "The project to be billed for this request. Required for Requester Pays buckets.", + "location": "query", + "type": "string" + } + }, + "path": "b/{bucket}/o/{object}/acl", + "response": { + "$ref": "ObjectAccessControls" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control" + ] + }, + "patch": { + "description": "Updates an ACL entry on the specified object. This method supports patch semantics.", + "httpMethod": "PATCH", + "id": "storage.objectAccessControls.patch", + "parameterOrder": [ + "bucket", + "object", + "entity" + ], + "parameters": { + "bucket": { + "description": "Name of a bucket.", + "location": "path", + "required": true, + "type": "string" + }, + "entity": { + "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.", + "location": "path", + "required": true, + "type": "string" + }, + "generation": { + "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).", + "format": "int64", + "location": "query", + "type": "string" + }, + "object": { + "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", + "location": "path", + "required": true, + "type": "string" + }, + "userProject": { + "description": "The project to be billed for this request. Required for Requester Pays buckets.", + "location": "query", + "type": "string" + } + }, + "path": "b/{bucket}/o/{object}/acl/{entity}", + "request": { + "$ref": "ObjectAccessControl" + }, + "response": { + "$ref": "ObjectAccessControl" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control" + ] + }, + "update": { + "description": "Updates an ACL entry on the specified object.", + "httpMethod": "PUT", + "id": "storage.objectAccessControls.update", + "parameterOrder": [ + "bucket", + "object", + "entity" + ], + "parameters": { + "bucket": { + "description": "Name of a bucket.", + "location": "path", + "required": true, + "type": "string" + }, + "entity": { + "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.", + "location": "path", + "required": true, + "type": "string" + }, + "generation": { + "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).", + "format": "int64", + "location": "query", + "type": "string" + }, + "object": { + "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", + "location": "path", + "required": true, + "type": "string" + }, + "userProject": { + "description": "The project to be billed for this request. Required for Requester Pays buckets.", + "location": "query", + "type": "string" + } + }, + "path": "b/{bucket}/o/{object}/acl/{entity}", + "request": { + "$ref": "ObjectAccessControl" + }, + "response": { + "$ref": "ObjectAccessControl" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control" + ] + } + } }, - "versioning": { - "type": "object", - "description": "The bucket's versioning configuration.", - "properties": { - "enabled": { - "type": "boolean", - "description": "While set to true, versioning is fully enabled for this bucket." + "objects": { + "methods": { + "compose": { + "description": "Concatenates a list of existing objects into a new object in the same bucket.", + "httpMethod": "POST", + "id": "storage.objects.compose", + "parameterOrder": [ + "destinationBucket", + "destinationObject" + ], + "parameters": { + "destinationBucket": { + "description": "Name of the bucket in which to store the new object.", + "location": "path", + "required": true, + "type": "string" + }, + "destinationObject": { + "description": "Name of the new object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", + "location": "path", + "required": true, + "type": "string" + }, + "destinationPredefinedAcl": { + "description": "Apply a predefined set of access controls to the destination object.", + "enum": [ + "authenticatedRead", + "bucketOwnerFullControl", + "bucketOwnerRead", + "private", + "projectPrivate", + "publicRead" + ], + "enumDescriptions": [ + "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.", + "Object owner gets OWNER access, and project team owners get OWNER access.", + "Object owner gets OWNER access, and project team owners get READER access.", + "Object owner gets OWNER access.", + "Object owner gets OWNER access, and project team members get access according to their roles.", + "Object owner gets OWNER access, and allUsers get READER access." + ], + "location": "query", + "type": "string" + }, + "ifGenerationMatch": { + "description": "Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.", + "format": "int64", + "location": "query", + "type": "string" + }, + "ifMetagenerationMatch": { + "description": "Makes the operation conditional on whether the object's current metageneration matches the given value.", + "format": "int64", + "location": "query", + "type": "string" + }, + "kmsKeyName": { + "description": "Resource name of the Cloud KMS key, of the form projects/my-project/locations/global/keyRings/my-kr/cryptoKeys/my-key, that will be used to encrypt the object. Overrides the object metadata's kms_key_name value, if any.", + "location": "query", + "type": "string" + }, + "userProject": { + "description": "The project to be billed for this request. Required for Requester Pays buckets.", + "location": "query", + "type": "string" + } + }, + "path": "b/{destinationBucket}/o/{destinationObject}/compose", + "request": { + "$ref": "ComposeRequest" + }, + "response": { + "$ref": "Object" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control", + "https://www.googleapis.com/auth/devstorage.read_write" + ] + }, + "copy": { + "description": "Copies a source object to a destination object. Optionally overrides metadata.", + "httpMethod": "POST", + "id": "storage.objects.copy", + "parameterOrder": [ + "sourceBucket", + "sourceObject", + "destinationBucket", + "destinationObject" + ], + "parameters": { + "destinationBucket": { + "description": "Name of the bucket in which to store the new object. Overrides the provided object metadata's bucket value, if any.For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", + "location": "path", + "required": true, + "type": "string" + }, + "destinationObject": { + "description": "Name of the new object. Required when the object metadata is not otherwise provided. Overrides the object metadata's name value, if any.", + "location": "path", + "required": true, + "type": "string" + }, + "destinationPredefinedAcl": { + "description": "Apply a predefined set of access controls to the destination object.", + "enum": [ + "authenticatedRead", + "bucketOwnerFullControl", + "bucketOwnerRead", + "private", + "projectPrivate", + "publicRead" + ], + "enumDescriptions": [ + "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.", + "Object owner gets OWNER access, and project team owners get OWNER access.", + "Object owner gets OWNER access, and project team owners get READER access.", + "Object owner gets OWNER access.", + "Object owner gets OWNER access, and project team members get access according to their roles.", + "Object owner gets OWNER access, and allUsers get READER access." + ], + "location": "query", + "type": "string" + }, + "ifGenerationMatch": { + "description": "Makes the operation conditional on whether the destination object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.", + "format": "int64", + "location": "query", + "type": "string" + }, + "ifGenerationNotMatch": { + "description": "Makes the operation conditional on whether the destination object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.", + "format": "int64", + "location": "query", + "type": "string" + }, + "ifMetagenerationMatch": { + "description": "Makes the operation conditional on whether the destination object's current metageneration matches the given value.", + "format": "int64", + "location": "query", + "type": "string" + }, + "ifMetagenerationNotMatch": { + "description": "Makes the operation conditional on whether the destination object's current metageneration does not match the given value.", + "format": "int64", + "location": "query", + "type": "string" + }, + "ifSourceGenerationMatch": { + "description": "Makes the operation conditional on whether the source object's current generation matches the given value.", + "format": "int64", + "location": "query", + "type": "string" + }, + "ifSourceGenerationNotMatch": { + "description": "Makes the operation conditional on whether the source object's current generation does not match the given value.", + "format": "int64", + "location": "query", + "type": "string" + }, + "ifSourceMetagenerationMatch": { + "description": "Makes the operation conditional on whether the source object's current metageneration matches the given value.", + "format": "int64", + "location": "query", + "type": "string" + }, + "ifSourceMetagenerationNotMatch": { + "description": "Makes the operation conditional on whether the source object's current metageneration does not match the given value.", + "format": "int64", + "location": "query", + "type": "string" + }, + "projection": { + "description": "Set of properties to return. Defaults to noAcl, unless the object resource specifies the acl property, when it defaults to full.", + "enum": [ + "full", + "noAcl" + ], + "enumDescriptions": [ + "Include all properties.", + "Omit the owner, acl property." + ], + "location": "query", + "type": "string" + }, + "sourceBucket": { + "description": "Name of the bucket in which to find the source object.", + "location": "path", + "required": true, + "type": "string" + }, + "sourceGeneration": { + "description": "If present, selects a specific revision of the source object (as opposed to the latest version, the default).", + "format": "int64", + "location": "query", + "type": "string" + }, + "sourceObject": { + "description": "Name of the source object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", + "location": "path", + "required": true, + "type": "string" + }, + "userProject": { + "description": "The project to be billed for this request. Required for Requester Pays buckets.", + "location": "query", + "type": "string" + } + }, + "path": "b/{sourceBucket}/o/{sourceObject}/copyTo/b/{destinationBucket}/o/{destinationObject}", + "request": { + "$ref": "Object" + }, + "response": { + "$ref": "Object" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control", + "https://www.googleapis.com/auth/devstorage.read_write" + ] + }, + "delete": { + "description": "Deletes an object and its metadata. Deletions are permanent if versioning is not enabled for the bucket, or if the generation parameter is used.", + "httpMethod": "DELETE", + "id": "storage.objects.delete", + "parameterOrder": [ + "bucket", + "object" + ], + "parameters": { + "bucket": { + "description": "Name of the bucket in which the object resides.", + "location": "path", + "required": true, + "type": "string" + }, + "generation": { + "description": "If present, permanently deletes a specific revision of this object (as opposed to the latest version, the default).", + "format": "int64", + "location": "query", + "type": "string" + }, + "ifGenerationMatch": { + "description": "Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.", + "format": "int64", + "location": "query", + "type": "string" + }, + "ifGenerationNotMatch": { + "description": "Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.", + "format": "int64", + "location": "query", + "type": "string" + }, + "ifMetagenerationMatch": { + "description": "Makes the operation conditional on whether the object's current metageneration matches the given value.", + "format": "int64", + "location": "query", + "type": "string" + }, + "ifMetagenerationNotMatch": { + "description": "Makes the operation conditional on whether the object's current metageneration does not match the given value.", + "format": "int64", + "location": "query", + "type": "string" + }, + "object": { + "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", + "location": "path", + "required": true, + "type": "string" + }, + "userProject": { + "description": "The project to be billed for this request. Required for Requester Pays buckets.", + "location": "query", + "type": "string" + } + }, + "path": "b/{bucket}/o/{object}", + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control", + "https://www.googleapis.com/auth/devstorage.read_write" + ] + }, + "get": { + "description": "Retrieves an object or its metadata.", + "httpMethod": "GET", + "id": "storage.objects.get", + "parameterOrder": [ + "bucket", + "object" + ], + "parameters": { + "bucket": { + "description": "Name of the bucket in which the object resides.", + "location": "path", + "required": true, + "type": "string" + }, + "generation": { + "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).", + "format": "int64", + "location": "query", + "type": "string" + }, + "ifGenerationMatch": { + "description": "Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.", + "format": "int64", + "location": "query", + "type": "string" + }, + "ifGenerationNotMatch": { + "description": "Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.", + "format": "int64", + "location": "query", + "type": "string" + }, + "ifMetagenerationMatch": { + "description": "Makes the operation conditional on whether the object's current metageneration matches the given value.", + "format": "int64", + "location": "query", + "type": "string" + }, + "ifMetagenerationNotMatch": { + "description": "Makes the operation conditional on whether the object's current metageneration does not match the given value.", + "format": "int64", + "location": "query", + "type": "string" + }, + "object": { + "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", + "location": "path", + "required": true, + "type": "string" + }, + "projection": { + "description": "Set of properties to return. Defaults to noAcl.", + "enum": [ + "full", + "noAcl" + ], + "enumDescriptions": [ + "Include all properties.", + "Omit the owner, acl property." + ], + "location": "query", + "type": "string" + }, + "userProject": { + "description": "The project to be billed for this request. Required for Requester Pays buckets.", + "location": "query", + "type": "string" + } + }, + "path": "b/{bucket}/o/{object}", + "response": { + "$ref": "Object" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/cloud-platform.read-only", + "https://www.googleapis.com/auth/devstorage.full_control", + "https://www.googleapis.com/auth/devstorage.read_only", + "https://www.googleapis.com/auth/devstorage.read_write" + ], + "supportsMediaDownload": true, + "useMediaDownloadService": true + }, + "getIamPolicy": { + "description": "Returns an IAM policy for the specified object.", + "httpMethod": "GET", + "id": "storage.objects.getIamPolicy", + "parameterOrder": [ + "bucket", + "object" + ], + "parameters": { + "bucket": { + "description": "Name of the bucket in which the object resides.", + "location": "path", + "required": true, + "type": "string" + }, + "generation": { + "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).", + "format": "int64", + "location": "query", + "type": "string" + }, + "object": { + "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", + "location": "path", + "required": true, + "type": "string" + }, + "userProject": { + "description": "The project to be billed for this request. Required for Requester Pays buckets.", + "location": "query", + "type": "string" + } + }, + "path": "b/{bucket}/o/{object}/iam", + "response": { + "$ref": "Policy" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/cloud-platform.read-only", + "https://www.googleapis.com/auth/devstorage.full_control", + "https://www.googleapis.com/auth/devstorage.read_only", + "https://www.googleapis.com/auth/devstorage.read_write" + ] + }, + "insert": { + "description": "Stores a new object and metadata.", + "httpMethod": "POST", + "id": "storage.objects.insert", + "mediaUpload": { + "accept": [ + "*/*" + ], + "protocols": { + "resumable": { + "multipart": true, + "path": "/resumable/upload/storage/v1/b/{bucket}/o" + }, + "simple": { + "multipart": true, + "path": "/upload/storage/v1/b/{bucket}/o" + } + } + }, + "parameterOrder": [ + "bucket" + ], + "parameters": { + "bucket": { + "description": "Name of the bucket in which to store the new object. Overrides the provided object metadata's bucket value, if any.", + "location": "path", + "required": true, + "type": "string" + }, + "contentEncoding": { + "description": "If set, sets the contentEncoding property of the final object to this value. Setting this parameter is equivalent to setting the contentEncoding metadata property. This can be useful when uploading an object with uploadType=media to indicate the encoding of the content being uploaded.", + "location": "query", + "type": "string" + }, + "ifGenerationMatch": { + "description": "Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.", + "format": "int64", + "location": "query", + "type": "string" + }, + "ifGenerationNotMatch": { + "description": "Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.", + "format": "int64", + "location": "query", + "type": "string" + }, + "ifMetagenerationMatch": { + "description": "Makes the operation conditional on whether the object's current metageneration matches the given value.", + "format": "int64", + "location": "query", + "type": "string" + }, + "ifMetagenerationNotMatch": { + "description": "Makes the operation conditional on whether the object's current metageneration does not match the given value.", + "format": "int64", + "location": "query", + "type": "string" + }, + "kmsKeyName": { + "description": "Resource name of the Cloud KMS key, of the form projects/my-project/locations/global/keyRings/my-kr/cryptoKeys/my-key, that will be used to encrypt the object. Overrides the object metadata's kms_key_name value, if any. Limited availability; usable only by enabled projects.", + "location": "query", + "type": "string" + }, + "name": { + "description": "Name of the object. Required when the object metadata is not otherwise provided. Overrides the object metadata's name value, if any. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", + "location": "query", + "type": "string" + }, + "predefinedAcl": { + "description": "Apply a predefined set of access controls to this object.", + "enum": [ + "authenticatedRead", + "bucketOwnerFullControl", + "bucketOwnerRead", + "private", + "projectPrivate", + "publicRead" + ], + "enumDescriptions": [ + "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.", + "Object owner gets OWNER access, and project team owners get OWNER access.", + "Object owner gets OWNER access, and project team owners get READER access.", + "Object owner gets OWNER access.", + "Object owner gets OWNER access, and project team members get access according to their roles.", + "Object owner gets OWNER access, and allUsers get READER access." + ], + "location": "query", + "type": "string" + }, + "projection": { + "description": "Set of properties to return. Defaults to noAcl, unless the object resource specifies the acl property, when it defaults to full.", + "enum": [ + "full", + "noAcl" + ], + "enumDescriptions": [ + "Include all properties.", + "Omit the owner, acl property." + ], + "location": "query", + "type": "string" + }, + "userProject": { + "description": "The project to be billed for this request. Required for Requester Pays buckets.", + "location": "query", + "type": "string" + } + }, + "path": "b/{bucket}/o", + "request": { + "$ref": "Object" + }, + "response": { + "$ref": "Object" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control", + "https://www.googleapis.com/auth/devstorage.read_write" + ], + "supportsMediaUpload": true + }, + "list": { + "description": "Retrieves a list of objects matching the criteria.", + "httpMethod": "GET", + "id": "storage.objects.list", + "parameterOrder": [ + "bucket" + ], + "parameters": { + "bucket": { + "description": "Name of the bucket in which to look for objects.", + "location": "path", + "required": true, + "type": "string" + }, + "delimiter": { + "description": "Returns results in a directory-like mode. items will contain only objects whose names, aside from the prefix, do not contain delimiter. Objects whose names, aside from the prefix, contain delimiter will have their name, truncated after the delimiter, returned in prefixes. Duplicate prefixes are omitted.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "1000", + "description": "Maximum number of items plus prefixes to return in a single page of responses. As duplicate prefixes are omitted, fewer total results may be returned than requested. The service will use this parameter or 1,000 items, whichever is smaller.", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "pageToken": { + "description": "A previously-returned page token representing part of the larger set of results to view.", + "location": "query", + "type": "string" + }, + "prefix": { + "description": "Filter results to objects whose names begin with this prefix.", + "location": "query", + "type": "string" + }, + "projection": { + "description": "Set of properties to return. Defaults to noAcl.", + "enum": [ + "full", + "noAcl" + ], + "enumDescriptions": [ + "Include all properties.", + "Omit the owner, acl property." + ], + "location": "query", + "type": "string" + }, + "userProject": { + "description": "The project to be billed for this request. Required for Requester Pays buckets.", + "location": "query", + "type": "string" + }, + "versions": { + "description": "If true, lists all versions of an object as distinct results. The default is false. For more information, see Object Versioning.", + "location": "query", + "type": "boolean" + } + }, + "path": "b/{bucket}/o", + "response": { + "$ref": "Objects" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/cloud-platform.read-only", + "https://www.googleapis.com/auth/devstorage.full_control", + "https://www.googleapis.com/auth/devstorage.read_only", + "https://www.googleapis.com/auth/devstorage.read_write" + ], + "supportsSubscription": true + }, + "patch": { + "description": "Patches an object's metadata.", + "httpMethod": "PATCH", + "id": "storage.objects.patch", + "parameterOrder": [ + "bucket", + "object" + ], + "parameters": { + "bucket": { + "description": "Name of the bucket in which the object resides.", + "location": "path", + "required": true, + "type": "string" + }, + "generation": { + "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).", + "format": "int64", + "location": "query", + "type": "string" + }, + "ifGenerationMatch": { + "description": "Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.", + "format": "int64", + "location": "query", + "type": "string" + }, + "ifGenerationNotMatch": { + "description": "Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.", + "format": "int64", + "location": "query", + "type": "string" + }, + "ifMetagenerationMatch": { + "description": "Makes the operation conditional on whether the object's current metageneration matches the given value.", + "format": "int64", + "location": "query", + "type": "string" + }, + "ifMetagenerationNotMatch": { + "description": "Makes the operation conditional on whether the object's current metageneration does not match the given value.", + "format": "int64", + "location": "query", + "type": "string" + }, + "object": { + "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", + "location": "path", + "required": true, + "type": "string" + }, + "predefinedAcl": { + "description": "Apply a predefined set of access controls to this object.", + "enum": [ + "authenticatedRead", + "bucketOwnerFullControl", + "bucketOwnerRead", + "private", + "projectPrivate", + "publicRead" + ], + "enumDescriptions": [ + "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.", + "Object owner gets OWNER access, and project team owners get OWNER access.", + "Object owner gets OWNER access, and project team owners get READER access.", + "Object owner gets OWNER access.", + "Object owner gets OWNER access, and project team members get access according to their roles.", + "Object owner gets OWNER access, and allUsers get READER access." + ], + "location": "query", + "type": "string" + }, + "projection": { + "description": "Set of properties to return. Defaults to full.", + "enum": [ + "full", + "noAcl" + ], + "enumDescriptions": [ + "Include all properties.", + "Omit the owner, acl property." + ], + "location": "query", + "type": "string" + }, + "userProject": { + "description": "The project to be billed for this request, for Requester Pays buckets.", + "location": "query", + "type": "string" + } + }, + "path": "b/{bucket}/o/{object}", + "request": { + "$ref": "Object" + }, + "response": { + "$ref": "Object" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control" + ] + }, + "rewrite": { + "description": "Rewrites a source object to a destination object. Optionally overrides metadata.", + "httpMethod": "POST", + "id": "storage.objects.rewrite", + "parameterOrder": [ + "sourceBucket", + "sourceObject", + "destinationBucket", + "destinationObject" + ], + "parameters": { + "destinationBucket": { + "description": "Name of the bucket in which to store the new object. Overrides the provided object metadata's bucket value, if any.", + "location": "path", + "required": true, + "type": "string" + }, + "destinationKmsKeyName": { + "description": "Resource name of the Cloud KMS key, of the form projects/my-project/locations/global/keyRings/my-kr/cryptoKeys/my-key, that will be used to encrypt the object. Overrides the object metadata's kms_key_name value, if any.", + "location": "query", + "type": "string" + }, + "destinationObject": { + "description": "Name of the new object. Required when the object metadata is not otherwise provided. Overrides the object metadata's name value, if any. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", + "location": "path", + "required": true, + "type": "string" + }, + "destinationPredefinedAcl": { + "description": "Apply a predefined set of access controls to the destination object.", + "enum": [ + "authenticatedRead", + "bucketOwnerFullControl", + "bucketOwnerRead", + "private", + "projectPrivate", + "publicRead" + ], + "enumDescriptions": [ + "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.", + "Object owner gets OWNER access, and project team owners get OWNER access.", + "Object owner gets OWNER access, and project team owners get READER access.", + "Object owner gets OWNER access.", + "Object owner gets OWNER access, and project team members get access according to their roles.", + "Object owner gets OWNER access, and allUsers get READER access." + ], + "location": "query", + "type": "string" + }, + "ifGenerationMatch": { + "description": "Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.", + "format": "int64", + "location": "query", + "type": "string" + }, + "ifGenerationNotMatch": { + "description": "Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.", + "format": "int64", + "location": "query", + "type": "string" + }, + "ifMetagenerationMatch": { + "description": "Makes the operation conditional on whether the destination object's current metageneration matches the given value.", + "format": "int64", + "location": "query", + "type": "string" + }, + "ifMetagenerationNotMatch": { + "description": "Makes the operation conditional on whether the destination object's current metageneration does not match the given value.", + "format": "int64", + "location": "query", + "type": "string" + }, + "ifSourceGenerationMatch": { + "description": "Makes the operation conditional on whether the source object's current generation matches the given value.", + "format": "int64", + "location": "query", + "type": "string" + }, + "ifSourceGenerationNotMatch": { + "description": "Makes the operation conditional on whether the source object's current generation does not match the given value.", + "format": "int64", + "location": "query", + "type": "string" + }, + "ifSourceMetagenerationMatch": { + "description": "Makes the operation conditional on whether the source object's current metageneration matches the given value.", + "format": "int64", + "location": "query", + "type": "string" + }, + "ifSourceMetagenerationNotMatch": { + "description": "Makes the operation conditional on whether the source object's current metageneration does not match the given value.", + "format": "int64", + "location": "query", + "type": "string" + }, + "maxBytesRewrittenPerCall": { + "description": "The maximum number of bytes that will be rewritten per rewrite request. Most callers shouldn't need to specify this parameter - it is primarily in place to support testing. If specified the value must be an integral multiple of 1 MiB (1048576). Also, this only applies to requests where the source and destination span locations and/or storage classes. Finally, this value must not change across rewrite calls else you'll get an error that the rewriteToken is invalid.", + "format": "int64", + "location": "query", + "type": "string" + }, + "projection": { + "description": "Set of properties to return. Defaults to noAcl, unless the object resource specifies the acl property, when it defaults to full.", + "enum": [ + "full", + "noAcl" + ], + "enumDescriptions": [ + "Include all properties.", + "Omit the owner, acl property." + ], + "location": "query", + "type": "string" + }, + "rewriteToken": { + "description": "Include this field (from the previous rewrite response) on each rewrite request after the first one, until the rewrite response 'done' flag is true. Calls that provide a rewriteToken can omit all other request fields, but if included those fields must match the values provided in the first rewrite request.", + "location": "query", + "type": "string" + }, + "sourceBucket": { + "description": "Name of the bucket in which to find the source object.", + "location": "path", + "required": true, + "type": "string" + }, + "sourceGeneration": { + "description": "If present, selects a specific revision of the source object (as opposed to the latest version, the default).", + "format": "int64", + "location": "query", + "type": "string" + }, + "sourceObject": { + "description": "Name of the source object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", + "location": "path", + "required": true, + "type": "string" + }, + "userProject": { + "description": "The project to be billed for this request. Required for Requester Pays buckets.", + "location": "query", + "type": "string" + } + }, + "path": "b/{sourceBucket}/o/{sourceObject}/rewriteTo/b/{destinationBucket}/o/{destinationObject}", + "request": { + "$ref": "Object" + }, + "response": { + "$ref": "RewriteResponse" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control", + "https://www.googleapis.com/auth/devstorage.read_write" + ] + }, + "setIamPolicy": { + "description": "Updates an IAM policy for the specified object.", + "httpMethod": "PUT", + "id": "storage.objects.setIamPolicy", + "parameterOrder": [ + "bucket", + "object" + ], + "parameters": { + "bucket": { + "description": "Name of the bucket in which the object resides.", + "location": "path", + "required": true, + "type": "string" + }, + "generation": { + "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).", + "format": "int64", + "location": "query", + "type": "string" + }, + "object": { + "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", + "location": "path", + "required": true, + "type": "string" + }, + "userProject": { + "description": "The project to be billed for this request. Required for Requester Pays buckets.", + "location": "query", + "type": "string" + } + }, + "path": "b/{bucket}/o/{object}/iam", + "request": { + "$ref": "Policy" + }, + "response": { + "$ref": "Policy" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control", + "https://www.googleapis.com/auth/devstorage.read_write" + ] + }, + "testIamPermissions": { + "description": "Tests a set of permissions on the given object to see which, if any, are held by the caller.", + "httpMethod": "GET", + "id": "storage.objects.testIamPermissions", + "parameterOrder": [ + "bucket", + "object", + "permissions" + ], + "parameters": { + "bucket": { + "description": "Name of the bucket in which the object resides.", + "location": "path", + "required": true, + "type": "string" + }, + "generation": { + "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).", + "format": "int64", + "location": "query", + "type": "string" + }, + "object": { + "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", + "location": "path", + "required": true, + "type": "string" + }, + "permissions": { + "description": "Permissions to test.", + "location": "query", + "repeated": true, + "required": true, + "type": "string" + }, + "userProject": { + "description": "The project to be billed for this request. Required for Requester Pays buckets.", + "location": "query", + "type": "string" + } + }, + "path": "b/{bucket}/o/{object}/iam/testPermissions", + "response": { + "$ref": "TestIamPermissionsResponse" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/cloud-platform.read-only", + "https://www.googleapis.com/auth/devstorage.full_control", + "https://www.googleapis.com/auth/devstorage.read_only", + "https://www.googleapis.com/auth/devstorage.read_write" + ] + }, + "update": { + "description": "Updates an object's metadata.", + "httpMethod": "PUT", + "id": "storage.objects.update", + "parameterOrder": [ + "bucket", + "object" + ], + "parameters": { + "bucket": { + "description": "Name of the bucket in which the object resides.", + "location": "path", + "required": true, + "type": "string" + }, + "generation": { + "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).", + "format": "int64", + "location": "query", + "type": "string" + }, + "ifGenerationMatch": { + "description": "Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.", + "format": "int64", + "location": "query", + "type": "string" + }, + "ifGenerationNotMatch": { + "description": "Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.", + "format": "int64", + "location": "query", + "type": "string" + }, + "ifMetagenerationMatch": { + "description": "Makes the operation conditional on whether the object's current metageneration matches the given value.", + "format": "int64", + "location": "query", + "type": "string" + }, + "ifMetagenerationNotMatch": { + "description": "Makes the operation conditional on whether the object's current metageneration does not match the given value.", + "format": "int64", + "location": "query", + "type": "string" + }, + "object": { + "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", + "location": "path", + "required": true, + "type": "string" + }, + "predefinedAcl": { + "description": "Apply a predefined set of access controls to this object.", + "enum": [ + "authenticatedRead", + "bucketOwnerFullControl", + "bucketOwnerRead", + "private", + "projectPrivate", + "publicRead" + ], + "enumDescriptions": [ + "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.", + "Object owner gets OWNER access, and project team owners get OWNER access.", + "Object owner gets OWNER access, and project team owners get READER access.", + "Object owner gets OWNER access.", + "Object owner gets OWNER access, and project team members get access according to their roles.", + "Object owner gets OWNER access, and allUsers get READER access." + ], + "location": "query", + "type": "string" + }, + "projection": { + "description": "Set of properties to return. Defaults to full.", + "enum": [ + "full", + "noAcl" + ], + "enumDescriptions": [ + "Include all properties.", + "Omit the owner, acl property." + ], + "location": "query", + "type": "string" + }, + "userProject": { + "description": "The project to be billed for this request. Required for Requester Pays buckets.", + "location": "query", + "type": "string" + } + }, + "path": "b/{bucket}/o/{object}", + "request": { + "$ref": "Object" + }, + "response": { + "$ref": "Object" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control" + ] + }, + "watchAll": { + "description": "Watch for changes on all objects in a bucket.", + "httpMethod": "POST", + "id": "storage.objects.watchAll", + "parameterOrder": [ + "bucket" + ], + "parameters": { + "bucket": { + "description": "Name of the bucket in which to look for objects.", + "location": "path", + "required": true, + "type": "string" + }, + "delimiter": { + "description": "Returns results in a directory-like mode. items will contain only objects whose names, aside from the prefix, do not contain delimiter. Objects whose names, aside from the prefix, contain delimiter will have their name, truncated after the delimiter, returned in prefixes. Duplicate prefixes are omitted.", + "location": "query", + "type": "string" + }, + "maxResults": { + "default": "1000", + "description": "Maximum number of items plus prefixes to return in a single page of responses. As duplicate prefixes are omitted, fewer total results may be returned than requested. The service will use this parameter or 1,000 items, whichever is smaller.", + "format": "uint32", + "location": "query", + "minimum": "0", + "type": "integer" + }, + "pageToken": { + "description": "A previously-returned page token representing part of the larger set of results to view.", + "location": "query", + "type": "string" + }, + "prefix": { + "description": "Filter results to objects whose names begin with this prefix.", + "location": "query", + "type": "string" + }, + "projection": { + "description": "Set of properties to return. Defaults to noAcl.", + "enum": [ + "full", + "noAcl" + ], + "enumDescriptions": [ + "Include all properties.", + "Omit the owner, acl property." + ], + "location": "query", + "type": "string" + }, + "userProject": { + "description": "The project to be billed for this request. Required for Requester Pays buckets.", + "location": "query", + "type": "string" + }, + "versions": { + "description": "If true, lists all versions of an object as distinct results. The default is false. For more information, see Object Versioning.", + "location": "query", + "type": "boolean" + } + }, + "path": "b/{bucket}/o/watch", + "request": { + "$ref": "Channel", + "parameterName": "resource" + }, + "response": { + "$ref": "Channel" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/cloud-platform.read-only", + "https://www.googleapis.com/auth/devstorage.full_control", + "https://www.googleapis.com/auth/devstorage.read_only", + "https://www.googleapis.com/auth/devstorage.read_write" + ], + "supportsSubscription": true + } } - } }, - "website": { - "type": "object", - "description": "The bucket's website configuration, controlling how the service behaves when accessing bucket contents as a web site. See the Static Website Examples for more information.", - "properties": { - "mainPageSuffix": { - "type": "string", - "description": "If the requested object path is missing, the service will ensure the path has a trailing '/', append this suffix, and attempt to retrieve the resulting object. This allows the creation of index.html objects to represent directory pages." - }, - "notFoundPage": { - "type": "string", - "description": "If the requested object path is missing, and any mainPageSuffix object is missing, if applicable, the service will return the named object from this bucket as the content for a 404 Not Found result." + "projects": { + "resources": { + "serviceAccount": { + "methods": { + "get": { + "description": "Get the email address of this project's Google Cloud Storage service account.", + "httpMethod": "GET", + "id": "storage.projects.serviceAccount.get", + "parameterOrder": [ + "projectId" + ], + "parameters": { + "projectId": { + "description": "Project ID", + "location": "path", + "required": true, + "type": "string" + }, + "userProject": { + "description": "The project to be billed for this request.", + "location": "query", + "type": "string" + } + }, + "path": "projects/{projectId}/serviceAccount", + "response": { + "$ref": "ServiceAccount" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/cloud-platform.read-only", + "https://www.googleapis.com/auth/devstorage.full_control", + "https://www.googleapis.com/auth/devstorage.read_only", + "https://www.googleapis.com/auth/devstorage.read_write" + ] + } + } + } } - } } - } }, - "BucketAccessControl": { - "id": "BucketAccessControl", - "type": "object", - "description": "An access-control entry.", - "properties": { - "bucket": { - "type": "string", - "description": "The name of the bucket." - }, - "domain": { - "type": "string", - "description": "The domain associated with the entity, if any." - }, - "email": { - "type": "string", - "description": "The email address associated with the entity, if any." - }, - "entity": { - "type": "string", - "description": "The entity holding the permission, in one of the following forms: \n- user-userId \n- user-email \n- group-groupId \n- group-email \n- domain-domain \n- project-team-projectId \n- allUsers \n- allAuthenticatedUsers Examples: \n- The user liz@example.com would be user-liz@example.com. \n- The group example@googlegroups.com would be group-example@googlegroups.com. \n- To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.", - "annotations": { - "required": [ - "storage.bucketAccessControls.insert" - ] - } - }, - "entityId": { - "type": "string", - "description": "The ID for the entity, if any." - }, - "etag": { - "type": "string", - "description": "HTTP 1.1 Entity tag for the access-control entry." + "revision": "20180118", + "rootUrl": "https://www.googleapis.com/", + "schemas": { + "Bucket": { + "description": "A bucket.", + "id": "Bucket", + "properties": { + "acl": { + "annotations": { + "required": [ + "storage.buckets.update" + ] + }, + "description": "Access controls on the bucket.", + "items": { + "$ref": "BucketAccessControl" + }, + "type": "array" + }, + "billing": { + "description": "The bucket's billing configuration.", + "properties": { + "requesterPays": { + "description": "When set to true, Requester Pays is enabled for this bucket.", + "type": "boolean" + } + }, + "type": "object" + }, + "cors": { + "description": "The bucket's Cross-Origin Resource Sharing (CORS) configuration.", + "items": { + "properties": { + "maxAgeSeconds": { + "description": "The value, in seconds, to return in the Access-Control-Max-Age header used in preflight responses.", + "format": "int32", + "type": "integer" + }, + "method": { + "description": "The list of HTTP methods on which to include CORS response headers, (GET, OPTIONS, POST, etc) Note: \"*\" is permitted in the list of methods, and means \"any method\".", + "items": { + "type": "string" + }, + "type": "array" + }, + "origin": { + "description": "The list of Origins eligible to receive CORS response headers. Note: \"*\" is permitted in the list of origins, and means \"any Origin\".", + "items": { + "type": "string" + }, + "type": "array" + }, + "responseHeader": { + "description": "The list of HTTP headers other than the simple response headers to give permission for the user-agent to share across domains.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "defaultEventBasedHold": { + "description": "Defines the default value for Event-Based hold on newly created objects in this bucket. Event-Based hold is a way to retain objects indefinitely until an event occurs, signified by the hold's release. After being released, such objects will be subject to bucket-level retention (if any). One sample use case of this flag is for banks to hold loan documents for at least 3 years after loan is paid in full. Here bucket-level retention is 3 years and the event is loan being paid in full. In this example these objects will be held intact for any number of years until the event has occurred (hold is released) and then 3 more years after that. Objects under Event-Based hold cannot be deleted, overwritten or archived until the hold is removed.", + "type": "boolean" + }, + "defaultObjectAcl": { + "description": "Default access controls to apply to new objects when no ACL is provided.", + "items": { + "$ref": "ObjectAccessControl" + }, + "type": "array" + }, + "encryption": { + "description": "Encryption configuration used by default for newly inserted objects, when no encryption config is specified.", + "properties": { + "defaultKmsKeyName": { + "description": "A Cloud KMS key that will be used to encrypt objects inserted into this bucket, if no encryption method is specified. Limited availability; usable only by enabled projects.", + "type": "string" + } + }, + "type": "object" + }, + "etag": { + "description": "HTTP 1.1 Entity tag for the bucket.", + "type": "string" + }, + "id": { + "description": "The ID of the bucket. For buckets, the id and name properties are the same.", + "type": "string" + }, + "kind": { + "default": "storage#bucket", + "description": "The kind of item this is. For buckets, this is always storage#bucket.", + "type": "string" + }, + "labels": { + "additionalProperties": { + "description": "An individual label entry.", + "type": "string" + }, + "description": "User-provided labels, in key/value pairs.", + "type": "object" + }, + "lifecycle": { + "description": "The bucket's lifecycle configuration. See lifecycle management for more information.", + "properties": { + "rule": { + "description": "A lifecycle management rule, which is made of an action to take and the condition(s) under which the action will be taken.", + "items": { + "properties": { + "action": { + "description": "The action to take.", + "properties": { + "storageClass": { + "description": "Target storage class. Required iff the type of the action is SetStorageClass.", + "type": "string" + }, + "type": { + "description": "Type of the action. Currently, only Delete and SetStorageClass are supported.", + "type": "string" + } + }, + "type": "object" + }, + "condition": { + "description": "The condition(s) under which the action will be taken.", + "properties": { + "age": { + "description": "Age of an object (in days). This condition is satisfied when an object reaches the specified age.", + "format": "int32", + "type": "integer" + }, + "createdBefore": { + "description": "A date in RFC 3339 format with only the date part (for instance, \"2013-01-15\"). This condition is satisfied when an object is created before midnight of the specified date in UTC.", + "format": "date", + "type": "string" + }, + "isLive": { + "description": "Relevant only for versioned objects. If the value is true, this condition matches live objects; if the value is false, it matches archived objects.", + "type": "boolean" + }, + "matchesStorageClass": { + "description": "Objects having any of the storage classes specified by this condition will be matched. Values include MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, STANDARD, and DURABLE_REDUCED_AVAILABILITY.", + "items": { + "type": "string" + }, + "type": "array" + }, + "numNewerVersions": { + "description": "Relevant only for versioned objects. If the value is N, this condition is satisfied when there are at least N versions (including the live version) newer than this version of the object.", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "location": { + "description": "The location of the bucket. Object data for objects in the bucket resides in physical storage within this region. Defaults to US. See the developer's guide for the authoritative list.", + "type": "string" + }, + "logging": { + "description": "The bucket's logging configuration, which defines the destination bucket and optional name prefix for the current bucket's logs.", + "properties": { + "logBucket": { + "description": "The destination bucket where the current bucket's logs should be placed.", + "type": "string" + }, + "logObjectPrefix": { + "description": "A prefix for log object names.", + "type": "string" + } + }, + "type": "object" + }, + "metageneration": { + "description": "The metadata generation of this bucket.", + "format": "int64", + "type": "string" + }, + "name": { + "annotations": { + "required": [ + "storage.buckets.insert" + ] + }, + "description": "The name of the bucket.", + "type": "string" + }, + "owner": { + "description": "The owner of the bucket. This is always the project team's owner group.", + "properties": { + "entity": { + "description": "The entity, in the form project-owner-projectId.", + "type": "string" + }, + "entityId": { + "description": "The ID for the entity.", + "type": "string" + } + }, + "type": "object" + }, + "projectNumber": { + "description": "The project number of the project the bucket belongs to.", + "format": "uint64", + "type": "string" + }, + "retentionPolicy": { + "description": "Defines the retention policy for a bucket. The Retention policy enforces a minimum retention time for all objects contained in the bucket, based on their creation time. Any attempt to overwrite or delete objects younger than the retention period will result in a PERMISSION_DENIED error. An unlocked retention policy can be modified or removed from the bucket via the UpdateBucketMetadata RPC. A locked retention policy cannot be removed or shortened in duration for the lifetime of the bucket. Attempting to remove or decrease period of a locked retention policy will result in a PERMISSION_DENIED error.", + "properties": { + "effectiveTime": { + "description": "The time from which policy was enforced and effective. RFC 3339 format.", + "format": "date-time", + "type": "string" + }, + "isLocked": { + "description": "Once locked, an object retention policy cannot be modified.", + "type": "boolean" + }, + "retentionPeriod": { + "description": "Specifies the duration that objects need to be retained. Retention duration must be greater than zero and less than 100 years. Note that enforcement of retention periods less than a day is not guaranteed. Such periods should only be used for testing purposes.", + "format": "int64", + "type": "string" + } + }, + "type": "object" + }, + "selfLink": { + "description": "The URI of this bucket.", + "type": "string" + }, + "storageClass": { + "description": "The bucket's default storage class, used whenever no storageClass is specified for a newly-created object. This defines how objects in the bucket are stored and determines the SLA and the cost of storage. Values include MULTI_REGIONAL, REGIONAL, STANDARD, NEARLINE, COLDLINE, and DURABLE_REDUCED_AVAILABILITY. If this value is not specified when the bucket is created, it will default to STANDARD. For more information, see storage classes.", + "type": "string" + }, + "timeCreated": { + "description": "The creation time of the bucket in RFC 3339 format.", + "format": "date-time", + "type": "string" + }, + "updated": { + "description": "The modification time of the bucket in RFC 3339 format.", + "format": "date-time", + "type": "string" + }, + "versioning": { + "description": "The bucket's versioning configuration.", + "properties": { + "enabled": { + "description": "While set to true, versioning is fully enabled for this bucket.", + "type": "boolean" + } + }, + "type": "object" + }, + "website": { + "description": "The bucket's website configuration, controlling how the service behaves when accessing bucket contents as a web site. See the Static Website Examples for more information.", + "properties": { + "mainPageSuffix": { + "description": "If the requested object path is missing, the service will ensure the path has a trailing '/', append this suffix, and attempt to retrieve the resulting object. This allows the creation of index.html objects to represent directory pages.", + "type": "string" + }, + "notFoundPage": { + "description": "If the requested object path is missing, and any mainPageSuffix object is missing, if applicable, the service will return the named object from this bucket as the content for a 404 Not Found result.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" }, - "id": { - "type": "string", - "description": "The ID of the access-control entry." + "BucketAccessControl": { + "description": "An access-control entry.", + "id": "BucketAccessControl", + "properties": { + "bucket": { + "description": "The name of the bucket.", + "type": "string" + }, + "domain": { + "description": "The domain associated with the entity, if any.", + "type": "string" + }, + "email": { + "description": "The email address associated with the entity, if any.", + "type": "string" + }, + "entity": { + "annotations": { + "required": [ + "storage.bucketAccessControls.insert" + ] + }, + "description": "The entity holding the permission, in one of the following forms: \n- user-userId \n- user-email \n- group-groupId \n- group-email \n- domain-domain \n- project-team-projectId \n- allUsers \n- allAuthenticatedUsers Examples: \n- The user liz@example.com would be user-liz@example.com. \n- The group example@googlegroups.com would be group-example@googlegroups.com. \n- To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.", + "type": "string" + }, + "entityId": { + "description": "The ID for the entity, if any.", + "type": "string" + }, + "etag": { + "description": "HTTP 1.1 Entity tag for the access-control entry.", + "type": "string" + }, + "id": { + "description": "The ID of the access-control entry.", + "type": "string" + }, + "kind": { + "default": "storage#bucketAccessControl", + "description": "The kind of item this is. For bucket access control entries, this is always storage#bucketAccessControl.", + "type": "string" + }, + "projectTeam": { + "description": "The project team associated with the entity, if any.", + "properties": { + "projectNumber": { + "description": "The project number.", + "type": "string" + }, + "team": { + "description": "The team.", + "type": "string" + } + }, + "type": "object" + }, + "role": { + "annotations": { + "required": [ + "storage.bucketAccessControls.insert" + ] + }, + "description": "The access permission for the entity.", + "type": "string" + }, + "selfLink": { + "description": "The link to this access-control entry.", + "type": "string" + } + }, + "type": "object" }, - "kind": { - "type": "string", - "description": "The kind of item this is. For bucket access control entries, this is always storage#bucketAccessControl.", - "default": "storage#bucketAccessControl" + "BucketAccessControls": { + "description": "An access-control list.", + "id": "BucketAccessControls", + "properties": { + "items": { + "description": "The list of items.", + "items": { + "$ref": "BucketAccessControl" + }, + "type": "array" + }, + "kind": { + "default": "storage#bucketAccessControls", + "description": "The kind of item this is. For lists of bucket access control entries, this is always storage#bucketAccessControls.", + "type": "string" + } + }, + "type": "object" }, - "projectTeam": { - "type": "object", - "description": "The project team associated with the entity, if any.", - "properties": { - "projectNumber": { - "type": "string", - "description": "The project number." + "Buckets": { + "description": "A list of buckets.", + "id": "Buckets", + "properties": { + "items": { + "description": "The list of items.", + "items": { + "$ref": "Bucket" + }, + "type": "array" + }, + "kind": { + "default": "storage#buckets", + "description": "The kind of item this is. For lists of buckets, this is always storage#buckets.", + "type": "string" + }, + "nextPageToken": { + "description": "The continuation token, used to page through large result sets. Provide this value in a subsequent request to return the next page of results.", + "type": "string" + } }, - "team": { - "type": "string", - "description": "The team." - } - } + "type": "object" }, - "role": { - "type": "string", - "description": "The access permission for the entity.", - "annotations": { - "required": [ - "storage.bucketAccessControls.insert" - ] - } + "Channel": { + "description": "An notification channel used to watch for resource changes.", + "id": "Channel", + "properties": { + "address": { + "description": "The address where notifications are delivered for this channel.", + "type": "string" + }, + "expiration": { + "description": "Date and time of notification channel expiration, expressed as a Unix timestamp, in milliseconds. Optional.", + "format": "int64", + "type": "string" + }, + "id": { + "description": "A UUID or similar unique string that identifies this channel.", + "type": "string" + }, + "kind": { + "default": "api#channel", + "description": "Identifies this as a notification channel used to watch for changes to a resource. Value: the fixed string \"api#channel\".", + "type": "string" + }, + "params": { + "additionalProperties": { + "description": "Declares a new parameter by name.", + "type": "string" + }, + "description": "Additional parameters controlling delivery channel behavior. Optional.", + "type": "object" + }, + "payload": { + "description": "A Boolean value to indicate whether payload is wanted. Optional.", + "type": "boolean" + }, + "resourceId": { + "description": "An opaque ID that identifies the resource being watched on this channel. Stable across different API versions.", + "type": "string" + }, + "resourceUri": { + "description": "A version-specific identifier for the watched resource.", + "type": "string" + }, + "token": { + "description": "An arbitrary string delivered to the target address with each notification delivered over this channel. Optional.", + "type": "string" + }, + "type": { + "description": "The type of delivery mechanism used for this channel.", + "type": "string" + } + }, + "type": "object" }, - "selfLink": { - "type": "string", - "description": "The link to this access-control entry." - } - } - }, - "BucketAccessControls": { - "id": "BucketAccessControls", - "type": "object", - "description": "An access-control list.", - "properties": { - "items": { - "type": "array", - "description": "The list of items.", - "items": { - "$ref": "BucketAccessControl" - } + "ComposeRequest": { + "description": "A Compose request.", + "id": "ComposeRequest", + "properties": { + "destination": { + "$ref": "Object", + "description": "Properties of the resulting object." + }, + "kind": { + "default": "storage#composeRequest", + "description": "The kind of item this is.", + "type": "string" + }, + "sourceObjects": { + "annotations": { + "required": [ + "storage.objects.compose" + ] + }, + "description": "The list of source objects that will be concatenated into a single object.", + "items": { + "properties": { + "generation": { + "description": "The generation of this object to use as the source.", + "format": "int64", + "type": "string" + }, + "name": { + "annotations": { + "required": [ + "storage.objects.compose" + ] + }, + "description": "The source object's name. The source object's bucket is implicitly the destination bucket.", + "type": "string" + }, + "objectPreconditions": { + "description": "Conditions that must be met for this operation to execute.", + "properties": { + "ifGenerationMatch": { + "description": "Only perform the composition if the generation of the source object that would be used matches this value. If this value and a generation are both specified, they must be the same value or the call will fail.", + "format": "int64", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" }, - "kind": { - "type": "string", - "description": "The kind of item this is. For lists of bucket access control entries, this is always storage#bucketAccessControls.", - "default": "storage#bucketAccessControls" - } - } - }, - "Buckets": { - "id": "Buckets", - "type": "object", - "description": "A list of buckets.", - "properties": { - "items": { - "type": "array", - "description": "The list of items.", - "items": { - "$ref": "Bucket" - } + "Notification": { + "description": "A subscription to receive Google PubSub notifications.", + "id": "Notification", + "properties": { + "custom_attributes": { + "additionalProperties": { + "type": "string" + }, + "description": "An optional list of additional attributes to attach to each Cloud PubSub message published for this notification subscription.", + "type": "object" + }, + "etag": { + "description": "HTTP 1.1 Entity tag for this subscription notification.", + "type": "string" + }, + "event_types": { + "description": "If present, only send notifications about listed event types. If empty, sent notifications for all event types.", + "items": { + "type": "string" + }, + "type": "array" + }, + "id": { + "description": "The ID of the notification.", + "type": "string" + }, + "kind": { + "default": "storage#notification", + "description": "The kind of item this is. For notifications, this is always storage#notification.", + "type": "string" + }, + "object_name_prefix": { + "description": "If present, only apply this notification configuration to object names that begin with this prefix.", + "type": "string" + }, + "payload_format": { + "annotations": { + "required": [ + "storage.notifications.insert" + ] + }, + "default": "JSON_API_V1", + "description": "The desired content of the Payload.", + "type": "string" + }, + "selfLink": { + "description": "The canonical URL of this notification.", + "type": "string" + }, + "topic": { + "annotations": { + "required": [ + "storage.notifications.insert" + ] + }, + "description": "The Cloud PubSub topic to which this subscription publishes. Formatted as: '//pubsub.googleapis.com/projects/{project-identifier}/topics/{my-topic}'", + "type": "string" + } + }, + "type": "object" }, - "kind": { - "type": "string", - "description": "The kind of item this is. For lists of buckets, this is always storage#buckets.", - "default": "storage#buckets" + "Notifications": { + "description": "A list of notification subscriptions.", + "id": "Notifications", + "properties": { + "items": { + "description": "The list of items.", + "items": { + "$ref": "Notification" + }, + "type": "array" + }, + "kind": { + "default": "storage#notifications", + "description": "The kind of item this is. For lists of notifications, this is always storage#notifications.", + "type": "string" + } + }, + "type": "object" }, - "nextPageToken": { - "type": "string", - "description": "The continuation token, used to page through large result sets. Provide this value in a subsequent request to return the next page of results." - } - } - }, - "Channel": { - "id": "Channel", - "type": "object", - "description": "An notification channel used to watch for resource changes.", - "properties": { - "address": { - "type": "string", - "description": "The address where notifications are delivered for this channel." - }, - "expiration": { - "type": "string", - "description": "Date and time of notification channel expiration, expressed as a Unix timestamp, in milliseconds. Optional.", - "format": "int64" - }, - "id": { - "type": "string", - "description": "A UUID or similar unique string that identifies this channel." - }, - "kind": { - "type": "string", - "description": "Identifies this as a notification channel used to watch for changes to a resource. Value: the fixed string \"api#channel\".", - "default": "api#channel" - }, - "params": { - "type": "object", - "description": "Additional parameters controlling delivery channel behavior. Optional.", - "additionalProperties": { - "type": "string", - "description": "Declares a new parameter by name." - } - }, - "payload": { - "type": "boolean", - "description": "A Boolean value to indicate whether payload is wanted. Optional." - }, - "resourceId": { - "type": "string", - "description": "An opaque ID that identifies the resource being watched on this channel. Stable across different API versions." - }, - "resourceUri": { - "type": "string", - "description": "A version-specific identifier for the watched resource." - }, - "token": { - "type": "string", - "description": "An arbitrary string delivered to the target address with each notification delivered over this channel. Optional." - }, - "type": { - "type": "string", - "description": "The type of delivery mechanism used for this channel." - } - } - }, - "ComposeRequest": { - "id": "ComposeRequest", - "type": "object", - "description": "A Compose request.", - "properties": { - "destination": { - "$ref": "Object", - "description": "Properties of the resulting object." - }, - "kind": { - "type": "string", - "description": "The kind of item this is.", - "default": "storage#composeRequest" - }, - "sourceObjects": { - "type": "array", - "description": "The list of source objects that will be concatenated into a single object.", - "items": { - "type": "object", + "Object": { + "description": "An object.", + "id": "Object", "properties": { - "generation": { - "type": "string", - "description": "The generation of this object to use as the source.", - "format": "int64" - }, - "name": { - "type": "string", - "description": "The source object's name. The source object's bucket is implicitly the destination bucket.", - "annotations": { - "required": [ - "storage.objects.compose" - ] - } - }, - "objectPreconditions": { - "type": "object", - "description": "Conditions that must be met for this operation to execute.", - "properties": { - "ifGenerationMatch": { - "type": "string", - "description": "Only perform the composition if the generation of the source object that would be used matches this value. If this value and a generation are both specified, they must be the same value or the call will fail.", - "format": "int64" - } + "acl": { + "annotations": { + "required": [ + "storage.objects.update" + ] + }, + "description": "Access controls on the object.", + "items": { + "$ref": "ObjectAccessControl" + }, + "type": "array" + }, + "bucket": { + "description": "The name of the bucket containing this object.", + "type": "string" + }, + "cacheControl": { + "description": "Cache-Control directive for the object data. If omitted, and the object is accessible to all anonymous users, the default will be public, max-age=3600.", + "type": "string" + }, + "componentCount": { + "description": "Number of underlying components that make up this object. Components are accumulated by compose operations.", + "format": "int32", + "type": "integer" + }, + "contentDisposition": { + "description": "Content-Disposition of the object data.", + "type": "string" + }, + "contentEncoding": { + "description": "Content-Encoding of the object data.", + "type": "string" + }, + "contentLanguage": { + "description": "Content-Language of the object data.", + "type": "string" + }, + "contentType": { + "description": "Content-Type of the object data. If an object is stored without a Content-Type, it is served as application/octet-stream.", + "type": "string" + }, + "crc32c": { + "description": "CRC32c checksum, as described in RFC 4960, Appendix B; encoded using base64 in big-endian byte order. For more information about using the CRC32c checksum, see Hashes and ETags: Best Practices.", + "type": "string" + }, + "customerEncryption": { + "description": "Metadata of customer-supplied encryption key, if the object is encrypted by such a key.", + "properties": { + "encryptionAlgorithm": { + "description": "The encryption algorithm.", + "type": "string" + }, + "keySha256": { + "description": "SHA256 hash value of the encryption key.", + "type": "string" + } + }, + "type": "object" + }, + "etag": { + "description": "HTTP 1.1 Entity tag for the object.", + "type": "string" + }, + "eventBasedHold": { + "description": "Defines the Event-Based hold for an object. Event-Based hold is a way to retain objects indefinitely until an event occurs, signified by the hold's release. After being released, such objects will be subject to bucket-level retention (if any). One sample use case of this flag is for banks to hold loan documents for at least 3 years after loan is paid in full. Here bucket-level retention is 3 years and the event is loan being paid in full. In this example these objects will be held intact for any number of years until the event has occurred (hold is released) and then 3 more years after that.", + "type": "boolean" + }, + "generation": { + "description": "The content generation of this object. Used for object versioning.", + "format": "int64", + "type": "string" + }, + "id": { + "description": "The ID of the object, including the bucket name, object name, and generation number.", + "type": "string" + }, + "kind": { + "default": "storage#object", + "description": "The kind of item this is. For objects, this is always storage#object.", + "type": "string" + }, + "kmsKeyName": { + "description": "Cloud KMS Key used to encrypt this object, if the object is encrypted by such a key. Limited availability; usable only by enabled projects.", + "type": "string" + }, + "md5Hash": { + "description": "MD5 hash of the data; encoded using base64. For more information about using the MD5 hash, see Hashes and ETags: Best Practices.", + "type": "string" + }, + "mediaLink": { + "description": "Media download link.", + "type": "string" + }, + "metadata": { + "additionalProperties": { + "description": "An individual metadata entry.", + "type": "string" + }, + "description": "User-provided metadata, in key/value pairs.", + "type": "object" + }, + "metageneration": { + "description": "The version of the metadata for this object at this generation. Used for preconditions and for detecting changes in metadata. A metageneration number is only meaningful in the context of a particular generation of a particular object.", + "format": "int64", + "type": "string" + }, + "name": { + "description": "The name of the object. Required if not specified by URL parameter.", + "type": "string" + }, + "owner": { + "description": "The owner of the object. This will always be the uploader of the object.", + "properties": { + "entity": { + "description": "The entity, in the form user-userId.", + "type": "string" + }, + "entityId": { + "description": "The ID for the entity.", + "type": "string" + } + }, + "type": "object" + }, + "retentionExpirationTime": { + "description": "Specifies the earliest time that the object's retention period expires. This value is server-determined and is in RFC 3339 format. Note 1: This field is not provided for objects with an active Event-Based hold, since retention expiration is unknown until the hold is removed. Note 2: This value can be provided even when TemporaryHold is set (so that the user can reason about policy without having to first unset the TemporaryHold).", + "format": "date-time", + "type": "string" + }, + "selfLink": { + "description": "The link to this object.", + "type": "string" + }, + "size": { + "description": "Content-Length of the data in bytes.", + "format": "uint64", + "type": "string" + }, + "storageClass": { + "description": "Storage class of the object.", + "type": "string" + }, + "temporaryHold": { + "description": "Defines the temporary hold for an object. This flag is used to enforce a temporary hold on an object. While it is set to true, the object is protected against deletion and overwrites. A common use case of this flag is regulatory investigations where objects need to be retained while the investigation is ongoing.", + "type": "boolean" + }, + "timeCreated": { + "description": "The creation time of the object in RFC 3339 format.", + "format": "date-time", + "type": "string" + }, + "timeDeleted": { + "description": "The deletion time of the object in RFC 3339 format. Will be returned if and only if this version of the object has been deleted.", + "format": "date-time", + "type": "string" + }, + "timeStorageClassUpdated": { + "description": "The time at which the object's storage class was last changed. When the object is initially created, it will be set to timeCreated.", + "format": "date-time", + "type": "string" + }, + "updated": { + "description": "The modification time of the object metadata in RFC 3339 format.", + "format": "date-time", + "type": "string" } - } - } - }, - "annotations": { - "required": [ - "storage.objects.compose" - ] - } - } - } - }, - "Notification": { - "id": "Notification", - "type": "object", - "description": "A subscription to receive Google PubSub notifications.", - "properties": { - "custom_attributes": { - "type": "object", - "description": "An optional list of additional attributes to attach to each Cloud PubSub message published for this notification subscription.", - "additionalProperties": { - "type": "string" - } - }, - "etag": { - "type": "string", - "description": "HTTP 1.1 Entity tag for this subscription notification." - }, - "event_types": { - "type": "array", - "description": "If present, only send notifications about listed event types. If empty, sent notifications for all event types.", - "items": { - "type": "string" - } - }, - "id": { - "type": "string", - "description": "The ID of the notification." - }, - "kind": { - "type": "string", - "description": "The kind of item this is. For notifications, this is always storage#notification.", - "default": "storage#notification" - }, - "object_name_prefix": { - "type": "string", - "description": "If present, only apply this notification configuration to object names that begin with this prefix." - }, - "payload_format": { - "type": "string", - "description": "The desired content of the Payload.", - "default": "JSON_API_V1", - "annotations": { - "required": [ - "storage.notifications.insert" - ] - } - }, - "selfLink": { - "type": "string", - "description": "The canonical URL of this notification." - }, - "topic": { - "type": "string", - "description": "The Cloud PubSub topic to which this subscription publishes. Formatted as: '//pubsub.googleapis.com/projects/{project-identifier}/topics/{my-topic}'", - "annotations": { - "required": [ - "storage.notifications.insert" - ] - } - } - } - }, - "Notifications": { - "id": "Notifications", - "type": "object", - "description": "A list of notification subscriptions.", - "properties": { - "items": { - "type": "array", - "description": "The list of items.", - "items": { - "$ref": "Notification" - } - }, - "kind": { - "type": "string", - "description": "The kind of item this is. For lists of notifications, this is always storage#notifications.", - "default": "storage#notifications" - } - } - }, - "Object": { - "id": "Object", - "type": "object", - "description": "An object.", - "properties": { - "acl": { - "type": "array", - "description": "Access controls on the object.", - "items": { - "$ref": "ObjectAccessControl" - }, - "annotations": { - "required": [ - "storage.objects.update" - ] - } - }, - "bucket": { - "type": "string", - "description": "The name of the bucket containing this object." - }, - "cacheControl": { - "type": "string", - "description": "Cache-Control directive for the object data. If omitted, and the object is accessible to all anonymous users, the default will be public, max-age=3600." - }, - "componentCount": { - "type": "integer", - "description": "Number of underlying components that make up this object. Components are accumulated by compose operations.", - "format": "int32" - }, - "contentDisposition": { - "type": "string", - "description": "Content-Disposition of the object data." - }, - "contentEncoding": { - "type": "string", - "description": "Content-Encoding of the object data." - }, - "contentLanguage": { - "type": "string", - "description": "Content-Language of the object data." - }, - "contentType": { - "type": "string", - "description": "Content-Type of the object data. If an object is stored without a Content-Type, it is served as application/octet-stream." - }, - "crc32c": { - "type": "string", - "description": "CRC32c checksum, as described in RFC 4960, Appendix B; encoded using base64 in big-endian byte order. For more information about using the CRC32c checksum, see Hashes and ETags: Best Practices." - }, - "customerEncryption": { - "type": "object", - "description": "Metadata of customer-supplied encryption key, if the object is encrypted by such a key.", - "properties": { - "encryptionAlgorithm": { - "type": "string", - "description": "The encryption algorithm." - }, - "keySha256": { - "type": "string", - "description": "SHA256 hash value of the encryption key." - } - } - }, - "etag": { - "type": "string", - "description": "HTTP 1.1 Entity tag for the object." - }, - "eventBasedHold": { - "type": "boolean", - "description": "Defines the Event-Based hold for an object. Event-Based hold is a way to retain objects indefinitely until an event occurs, signified by the hold's release. After being released, such objects will be subject to bucket-level retention (if any). One sample use case of this flag is for banks to hold loan documents for at least 3 years after loan is paid in full. Here bucket-level retention is 3 years and the event is loan being paid in full. In this example these objects will be held intact for any number of years until the event has occurred (hold is released) and then 3 more years after that." - }, - "generation": { - "type": "string", - "description": "The content generation of this object. Used for object versioning.", - "format": "int64" - }, - "id": { - "type": "string", - "description": "The ID of the object, including the bucket name, object name, and generation number." - }, - "kind": { - "type": "string", - "description": "The kind of item this is. For objects, this is always storage#object.", - "default": "storage#object" - }, - "kmsKeyName": { - "type": "string", - "description": "Cloud KMS Key used to encrypt this object, if the object is encrypted by such a key. Limited availability; usable only by enabled projects." - }, - "md5Hash": { - "type": "string", - "description": "MD5 hash of the data; encoded using base64. For more information about using the MD5 hash, see Hashes and ETags: Best Practices." - }, - "mediaLink": { - "type": "string", - "description": "Media download link." - }, - "metadata": { - "type": "object", - "description": "User-provided metadata, in key/value pairs.", - "additionalProperties": { - "type": "string", - "description": "An individual metadata entry." - } - }, - "metageneration": { - "type": "string", - "description": "The version of the metadata for this object at this generation. Used for preconditions and for detecting changes in metadata. A metageneration number is only meaningful in the context of a particular generation of a particular object.", - "format": "int64" - }, - "name": { - "type": "string", - "description": "The name of the object. Required if not specified by URL parameter." - }, - "owner": { - "type": "object", - "description": "The owner of the object. This will always be the uploader of the object.", - "properties": { - "entity": { - "type": "string", - "description": "The entity, in the form user-userId." }, - "entityId": { - "type": "string", - "description": "The ID for the entity." - } - } - }, - "retentionExpirationTime": { - "type": "string", - "description": "Specifies the earliest time that the object's retention period expires. This value is server-determined and is in RFC 3339 format. Note 1: This field is not provided for objects with an active Event-Based hold, since retention expiration is unknown until the hold is removed. Note 2: This value can be provided even when TemporaryHold is set (so that the user can reason about policy without having to first unset the TemporaryHold).", - "format": "date-time" - }, - "selfLink": { - "type": "string", - "description": "The link to this object." - }, - "size": { - "type": "string", - "description": "Content-Length of the data in bytes.", - "format": "uint64" - }, - "storageClass": { - "type": "string", - "description": "Storage class of the object." - }, - "temporaryHold": { - "type": "boolean", - "description": "Defines the temporary hold for an object. This flag is used to enforce a temporary hold on an object. While it is set to true, the object is protected against deletion and overwrites. A common use case of this flag is regulatory investigations where objects need to be retained while the investigation is ongoing." - }, - "timeCreated": { - "type": "string", - "description": "The creation time of the object in RFC 3339 format.", - "format": "date-time" - }, - "timeDeleted": { - "type": "string", - "description": "The deletion time of the object in RFC 3339 format. Will be returned if and only if this version of the object has been deleted.", - "format": "date-time" - }, - "timeStorageClassUpdated": { - "type": "string", - "description": "The time at which the object's storage class was last changed. When the object is initially created, it will be set to timeCreated.", - "format": "date-time" - }, - "updated": { - "type": "string", - "description": "The modification time of the object metadata in RFC 3339 format.", - "format": "date-time" - } - } - }, - "ObjectAccessControl": { - "id": "ObjectAccessControl", - "type": "object", - "description": "An access-control entry.", - "properties": { - "bucket": { - "type": "string", - "description": "The name of the bucket." + "type": "object" }, - "domain": { - "type": "string", - "description": "The domain associated with the entity, if any." - }, - "email": { - "type": "string", - "description": "The email address associated with the entity, if any." - }, - "entity": { - "type": "string", - "description": "The entity holding the permission, in one of the following forms: \n- user-userId \n- user-email \n- group-groupId \n- group-email \n- domain-domain \n- project-team-projectId \n- allUsers \n- allAuthenticatedUsers Examples: \n- The user liz@example.com would be user-liz@example.com. \n- The group example@googlegroups.com would be group-example@googlegroups.com. \n- To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.", - "annotations": { - "required": [ - "storage.defaultObjectAccessControls.insert", - "storage.objectAccessControls.insert" - ] - } - }, - "entityId": { - "type": "string", - "description": "The ID for the entity, if any." - }, - "etag": { - "type": "string", - "description": "HTTP 1.1 Entity tag for the access-control entry." - }, - "generation": { - "type": "string", - "description": "The content generation of the object, if applied to an object.", - "format": "int64" - }, - "id": { - "type": "string", - "description": "The ID of the access-control entry." - }, - "kind": { - "type": "string", - "description": "The kind of item this is. For object access control entries, this is always storage#objectAccessControl.", - "default": "storage#objectAccessControl" - }, - "object": { - "type": "string", - "description": "The name of the object, if applied to an object." - }, - "projectTeam": { - "type": "object", - "description": "The project team associated with the entity, if any.", - "properties": { - "projectNumber": { - "type": "string", - "description": "The project number." + "ObjectAccessControl": { + "description": "An access-control entry.", + "id": "ObjectAccessControl", + "properties": { + "bucket": { + "description": "The name of the bucket.", + "type": "string" + }, + "domain": { + "description": "The domain associated with the entity, if any.", + "type": "string" + }, + "email": { + "description": "The email address associated with the entity, if any.", + "type": "string" + }, + "entity": { + "annotations": { + "required": [ + "storage.defaultObjectAccessControls.insert", + "storage.objectAccessControls.insert" + ] + }, + "description": "The entity holding the permission, in one of the following forms: \n- user-userId \n- user-email \n- group-groupId \n- group-email \n- domain-domain \n- project-team-projectId \n- allUsers \n- allAuthenticatedUsers Examples: \n- The user liz@example.com would be user-liz@example.com. \n- The group example@googlegroups.com would be group-example@googlegroups.com. \n- To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.", + "type": "string" + }, + "entityId": { + "description": "The ID for the entity, if any.", + "type": "string" + }, + "etag": { + "description": "HTTP 1.1 Entity tag for the access-control entry.", + "type": "string" + }, + "generation": { + "description": "The content generation of the object, if applied to an object.", + "format": "int64", + "type": "string" + }, + "id": { + "description": "The ID of the access-control entry.", + "type": "string" + }, + "kind": { + "default": "storage#objectAccessControl", + "description": "The kind of item this is. For object access control entries, this is always storage#objectAccessControl.", + "type": "string" + }, + "object": { + "description": "The name of the object, if applied to an object.", + "type": "string" + }, + "projectTeam": { + "description": "The project team associated with the entity, if any.", + "properties": { + "projectNumber": { + "description": "The project number.", + "type": "string" + }, + "team": { + "description": "The team.", + "type": "string" + } + }, + "type": "object" + }, + "role": { + "annotations": { + "required": [ + "storage.defaultObjectAccessControls.insert", + "storage.objectAccessControls.insert" + ] + }, + "description": "The access permission for the entity.", + "type": "string" + }, + "selfLink": { + "description": "The link to this access-control entry.", + "type": "string" + } }, - "team": { - "type": "string", - "description": "The team." - } - } + "type": "object" }, - "role": { - "type": "string", - "description": "The access permission for the entity.", - "annotations": { - "required": [ - "storage.defaultObjectAccessControls.insert", - "storage.objectAccessControls.insert" - ] - } - }, - "selfLink": { - "type": "string", - "description": "The link to this access-control entry." - } - } - }, - "ObjectAccessControls": { - "id": "ObjectAccessControls", - "type": "object", - "description": "An access-control list.", - "properties": { - "items": { - "type": "array", - "description": "The list of items.", - "items": { - "$ref": "ObjectAccessControl" - } - }, - "kind": { - "type": "string", - "description": "The kind of item this is. For lists of object access control entries, this is always storage#objectAccessControls.", - "default": "storage#objectAccessControls" - } - } - }, - "Objects": { - "id": "Objects", - "type": "object", - "description": "A list of objects.", - "properties": { - "items": { - "type": "array", - "description": "The list of items.", - "items": { - "$ref": "Object" - } - }, - "kind": { - "type": "string", - "description": "The kind of item this is. For lists of objects, this is always storage#objects.", - "default": "storage#objects" - }, - "nextPageToken": { - "type": "string", - "description": "The continuation token, used to page through large result sets. Provide this value in a subsequent request to return the next page of results." - }, - "prefixes": { - "type": "array", - "description": "The list of prefixes of objects matching-but-not-listed up to and including the requested delimiter.", - "items": { - "type": "string" - } - } - } - }, - "Policy": { - "id": "Policy", - "type": "object", - "description": "A bucket/object IAM policy.", - "properties": { - "bindings": { - "type": "array", - "description": "An association between a role, which comes with a set of permissions, and members who may assume that role.", - "items": { - "type": "object", + "ObjectAccessControls": { + "description": "An access-control list.", + "id": "ObjectAccessControls", "properties": { - "condition": { - "type": "any" - }, - "members": { - "type": "array", - "description": "A collection of identifiers for members who may assume the provided role. Recognized identifiers are as follows: \n- allUsers — A special identifier that represents anyone on the internet; with or without a Google account. \n- allAuthenticatedUsers — A special identifier that represents anyone who is authenticated with a Google account or a service account. \n- user:emailid — An email address that represents a specific account. For example, user:alice@gmail.com or user:joe@example.com. \n- serviceAccount:emailid — An email address that represents a service account. For example, serviceAccount:my-other-app@appspot.gserviceaccount.com . \n- group:emailid — An email address that represents a Google group. For example, group:admins@example.com. \n- domain:domain — A Google Apps domain name that represents all the users of that domain. For example, domain:google.com or domain:example.com. \n- projectOwner:projectid — Owners of the given project. For example, projectOwner:my-example-project \n- projectEditor:projectid — Editors of the given project. For example, projectEditor:my-example-project \n- projectViewer:projectid — Viewers of the given project. For example, projectViewer:my-example-project", "items": { - "type": "string" + "description": "The list of items.", + "items": { + "$ref": "ObjectAccessControl" + }, + "type": "array" }, - "annotations": { - "required": [ - "storage.buckets.setIamPolicy", - "storage.objects.setIamPolicy" - ] + "kind": { + "default": "storage#objectAccessControls", + "description": "The kind of item this is. For lists of object access control entries, this is always storage#objectAccessControls.", + "type": "string" } - }, - "role": { - "type": "string", - "description": "The role to which members belong. Two types of roles are supported: new IAM roles, which grant permissions that do not map directly to those provided by ACLs, and legacy IAM roles, which do map directly to ACL permissions. All roles are of the format roles/storage.specificRole.\nThe new IAM roles are: \n- roles/storage.admin — Full control of Google Cloud Storage resources. \n- roles/storage.objectViewer — Read-Only access to Google Cloud Storage objects. \n- roles/storage.objectCreator — Access to create objects in Google Cloud Storage. \n- roles/storage.objectAdmin — Full control of Google Cloud Storage objects. The legacy IAM roles are: \n- roles/storage.legacyObjectReader — Read-only access to objects without listing. Equivalent to an ACL entry on an object with the READER role. \n- roles/storage.legacyObjectOwner — Read/write access to existing objects without listing. Equivalent to an ACL entry on an object with the OWNER role. \n- roles/storage.legacyBucketReader — Read access to buckets with object listing. Equivalent to an ACL entry on a bucket with the READER role. \n- roles/storage.legacyBucketWriter — Read access to buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the WRITER role. \n- roles/storage.legacyBucketOwner — Read and write access to existing buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the OWNER role.", - "annotations": { - "required": [ - "storage.buckets.setIamPolicy", - "storage.objects.setIamPolicy" - ] - } - } - } - }, - "annotations": { - "required": [ - "storage.buckets.setIamPolicy", - "storage.objects.setIamPolicy" - ] - } - }, - "etag": { - "type": "string", - "description": "HTTP 1.1 Entity tag for the policy.", - "format": "byte" - }, - "kind": { - "type": "string", - "description": "The kind of item this is. For policies, this is always storage#policy. This field is ignored on input.", - "default": "storage#policy" - }, - "resourceId": { - "type": "string", - "description": "The ID of the resource to which this policy belongs. Will be of the form projects/_/buckets/bucket for buckets, and projects/_/buckets/bucket/objects/object for objects. A specific generation may be specified by appending #generationNumber to the end of the object name, e.g. projects/_/buckets/my-bucket/objects/data.txt#17. The current generation can be denoted with #0. This field is ignored on input." - } - } - }, - "RewriteResponse": { - "id": "RewriteResponse", - "type": "object", - "description": "A rewrite response.", - "properties": { - "done": { - "type": "boolean", - "description": "true if the copy is finished; otherwise, false if the copy is in progress. This property is always present in the response." - }, - "kind": { - "type": "string", - "description": "The kind of item this is.", - "default": "storage#rewriteResponse" - }, - "objectSize": { - "type": "string", - "description": "The total size of the object being copied in bytes. This property is always present in the response.", - "format": "int64" - }, - "resource": { - "$ref": "Object", - "description": "A resource containing the metadata for the copied-to object. This property is present in the response only when copying completes." - }, - "rewriteToken": { - "type": "string", - "description": "A token to use in subsequent requests to continue copying data. This token is present in the response only when there is more data to copy." - }, - "totalBytesRewritten": { - "type": "string", - "description": "The total bytes written so far, which can be used to provide a waiting user with a progress indicator. This property is always present in the response.", - "format": "int64" - } - } - }, - "ServiceAccount": { - "id": "ServiceAccount", - "type": "object", - "description": "A subscription to receive Google PubSub notifications.", - "properties": { - "email_address": { - "type": "string", - "description": "The ID of the notification." - }, - "kind": { - "type": "string", - "description": "The kind of item this is. For notifications, this is always storage#notification.", - "default": "storage#serviceAccount" - } - } - }, - "TestIamPermissionsResponse": { - "id": "TestIamPermissionsResponse", - "type": "object", - "description": "A storage.(buckets|objects).testIamPermissions response.", - "properties": { - "kind": { - "type": "string", - "description": "The kind of item this is.", - "default": "storage#testIamPermissionsResponse" - }, - "permissions": { - "type": "array", - "description": "The permissions held by the caller. Permissions are always of the format storage.resource.capability, where resource is one of buckets or objects. The supported permissions are as follows: \n- storage.buckets.delete — Delete bucket. \n- storage.buckets.get — Read bucket metadata. \n- storage.buckets.getIamPolicy — Read bucket IAM policy. \n- storage.buckets.create — Create bucket. \n- storage.buckets.list — List buckets. \n- storage.buckets.setIamPolicy — Update bucket IAM policy. \n- storage.buckets.update — Update bucket metadata. \n- storage.objects.delete — Delete object. \n- storage.objects.get — Read object data and metadata. \n- storage.objects.getIamPolicy — Read object IAM policy. \n- storage.objects.create — Create object. \n- storage.objects.list — List objects. \n- storage.objects.setIamPolicy — Update object IAM policy. \n- storage.objects.update — Update object metadata.", - "items": { - "type": "string" - } - } - } - } - }, - "resources": { - "bucketAccessControls": { - "methods": { - "delete": { - "id": "storage.bucketAccessControls.delete", - "path": "b/{bucket}/acl/{entity}", - "httpMethod": "DELETE", - "description": "Permanently deletes the ACL entry for the specified entity on the specified bucket.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of a bucket.", - "required": true, - "location": "path" - }, - "entity": { - "type": "string", - "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.", - "required": true, - "location": "path" - }, - "userProject": { - "type": "string", - "description": "The project to be billed for this request. Required for Requester Pays buckets.", - "location": "query" - } - }, - "parameterOrder": [ - "bucket", - "entity" - ], - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control" - ] - }, - "get": { - "id": "storage.bucketAccessControls.get", - "path": "b/{bucket}/acl/{entity}", - "httpMethod": "GET", - "description": "Returns the ACL entry for the specified entity on the specified bucket.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of a bucket.", - "required": true, - "location": "path" - }, - "entity": { - "type": "string", - "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.", - "required": true, - "location": "path" - }, - "userProject": { - "type": "string", - "description": "The project to be billed for this request. Required for Requester Pays buckets.", - "location": "query" - } - }, - "parameterOrder": [ - "bucket", - "entity" - ], - "response": { - "$ref": "BucketAccessControl" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control" - ] - }, - "insert": { - "id": "storage.bucketAccessControls.insert", - "path": "b/{bucket}/acl", - "httpMethod": "POST", - "description": "Creates a new ACL entry on the specified bucket.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of a bucket.", - "required": true, - "location": "path" - }, - "userProject": { - "type": "string", - "description": "The project to be billed for this request. Required for Requester Pays buckets.", - "location": "query" - } - }, - "parameterOrder": [ - "bucket" - ], - "request": { - "$ref": "BucketAccessControl" - }, - "response": { - "$ref": "BucketAccessControl" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control" - ] - }, - "list": { - "id": "storage.bucketAccessControls.list", - "path": "b/{bucket}/acl", - "httpMethod": "GET", - "description": "Retrieves ACL entries on the specified bucket.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of a bucket.", - "required": true, - "location": "path" - }, - "userProject": { - "type": "string", - "description": "The project to be billed for this request. Required for Requester Pays buckets.", - "location": "query" - } - }, - "parameterOrder": [ - "bucket" - ], - "response": { - "$ref": "BucketAccessControls" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control" - ] - }, - "patch": { - "id": "storage.bucketAccessControls.patch", - "path": "b/{bucket}/acl/{entity}", - "httpMethod": "PATCH", - "description": "Updates an ACL entry on the specified bucket. This method supports patch semantics.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of a bucket.", - "required": true, - "location": "path" }, - "entity": { - "type": "string", - "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.", - "required": true, - "location": "path" - }, - "userProject": { - "type": "string", - "description": "The project to be billed for this request. Required for Requester Pays buckets.", - "location": "query" - } - }, - "parameterOrder": [ - "bucket", - "entity" - ], - "request": { - "$ref": "BucketAccessControl" - }, - "response": { - "$ref": "BucketAccessControl" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control" - ] - }, - "update": { - "id": "storage.bucketAccessControls.update", - "path": "b/{bucket}/acl/{entity}", - "httpMethod": "PUT", - "description": "Updates an ACL entry on the specified bucket.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of a bucket.", - "required": true, - "location": "path" - }, - "entity": { - "type": "string", - "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.", - "required": true, - "location": "path" - }, - "userProject": { - "type": "string", - "description": "The project to be billed for this request. Required for Requester Pays buckets.", - "location": "query" - } - }, - "parameterOrder": [ - "bucket", - "entity" - ], - "request": { - "$ref": "BucketAccessControl" - }, - "response": { - "$ref": "BucketAccessControl" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control" - ] - } - } - }, - "buckets": { - "methods": { - "delete": { - "id": "storage.buckets.delete", - "path": "b/{bucket}", - "httpMethod": "DELETE", - "description": "Permanently deletes an empty bucket.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of a bucket.", - "required": true, - "location": "path" - }, - "ifMetagenerationMatch": { - "type": "string", - "description": "If set, only deletes the bucket if its metageneration matches this value.", - "format": "int64", - "location": "query" - }, - "ifMetagenerationNotMatch": { - "type": "string", - "description": "If set, only deletes the bucket if its metageneration does not match this value.", - "format": "int64", - "location": "query" - }, - "userProject": { - "type": "string", - "description": "The project to be billed for this request. Required for Requester Pays buckets.", - "location": "query" - } - }, - "parameterOrder": [ - "bucket" - ], - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control", - "https://www.googleapis.com/auth/devstorage.read_write" - ] - }, - "get": { - "id": "storage.buckets.get", - "path": "b/{bucket}", - "httpMethod": "GET", - "description": "Returns metadata for the specified bucket.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of a bucket.", - "required": true, - "location": "path" - }, - "ifMetagenerationMatch": { - "type": "string", - "description": "Makes the return of the bucket metadata conditional on whether the bucket's current metageneration matches the given value.", - "format": "int64", - "location": "query" - }, - "ifMetagenerationNotMatch": { - "type": "string", - "description": "Makes the return of the bucket metadata conditional on whether the bucket's current metageneration does not match the given value.", - "format": "int64", - "location": "query" - }, - "projection": { - "type": "string", - "description": "Set of properties to return. Defaults to noAcl.", - "enum": [ - "full", - "noAcl" - ], - "enumDescriptions": [ - "Include all properties.", - "Omit owner, acl and defaultObjectAcl properties." - ], - "location": "query" - }, - "userProject": { - "type": "string", - "description": "The project to be billed for this request. Required for Requester Pays buckets.", - "location": "query" - } - }, - "parameterOrder": [ - "bucket" - ], - "response": { - "$ref": "Bucket" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/cloud-platform.read-only", - "https://www.googleapis.com/auth/devstorage.full_control", - "https://www.googleapis.com/auth/devstorage.read_only", - "https://www.googleapis.com/auth/devstorage.read_write" - ] - }, - "getIamPolicy": { - "id": "storage.buckets.getIamPolicy", - "path": "b/{bucket}/iam", - "httpMethod": "GET", - "description": "Returns an IAM policy for the specified bucket.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of a bucket.", - "required": true, - "location": "path" - }, - "userProject": { - "type": "string", - "description": "The project to be billed for this request. Required for Requester Pays buckets.", - "location": "query" - } - }, - "parameterOrder": [ - "bucket" - ], - "response": { - "$ref": "Policy" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/cloud-platform.read-only", - "https://www.googleapis.com/auth/devstorage.full_control", - "https://www.googleapis.com/auth/devstorage.read_only", - "https://www.googleapis.com/auth/devstorage.read_write" - ] - }, - "insert": { - "id": "storage.buckets.insert", - "path": "b", - "httpMethod": "POST", - "description": "Creates a new bucket.", - "parameters": { - "predefinedAcl": { - "type": "string", - "description": "Apply a predefined set of access controls to this bucket.", - "enum": [ - "authenticatedRead", - "private", - "projectPrivate", - "publicRead", - "publicReadWrite" - ], - "enumDescriptions": [ - "Project team owners get OWNER access, and allAuthenticatedUsers get READER access.", - "Project team owners get OWNER access.", - "Project team members get access according to their roles.", - "Project team owners get OWNER access, and allUsers get READER access.", - "Project team owners get OWNER access, and allUsers get WRITER access." - ], - "location": "query" - }, - "predefinedDefaultObjectAcl": { - "type": "string", - "description": "Apply a predefined set of default object access controls to this bucket.", - "enum": [ - "authenticatedRead", - "bucketOwnerFullControl", - "bucketOwnerRead", - "private", - "projectPrivate", - "publicRead" - ], - "enumDescriptions": [ - "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.", - "Object owner gets OWNER access, and project team owners get OWNER access.", - "Object owner gets OWNER access, and project team owners get READER access.", - "Object owner gets OWNER access.", - "Object owner gets OWNER access, and project team members get access according to their roles.", - "Object owner gets OWNER access, and allUsers get READER access." - ], - "location": "query" - }, - "project": { - "type": "string", - "description": "A valid API project identifier.", - "required": true, - "location": "query" - }, - "projection": { - "type": "string", - "description": "Set of properties to return. Defaults to noAcl, unless the bucket resource specifies acl or defaultObjectAcl properties, when it defaults to full.", - "enum": [ - "full", - "noAcl" - ], - "enumDescriptions": [ - "Include all properties.", - "Omit owner, acl and defaultObjectAcl properties." - ], - "location": "query" - }, - "userProject": { - "type": "string", - "description": "The project to be billed for this request.", - "location": "query" - } - }, - "parameterOrder": [ - "project" - ], - "request": { - "$ref": "Bucket" - }, - "response": { - "$ref": "Bucket" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control", - "https://www.googleapis.com/auth/devstorage.read_write" - ] - }, - "list": { - "id": "storage.buckets.list", - "path": "b", - "httpMethod": "GET", - "description": "Retrieves a list of buckets for a given project.", - "parameters": { - "maxResults": { - "type": "integer", - "description": "Maximum number of buckets to return in a single response. The service will use this parameter or 1,000 items, whichever is smaller.", - "default": "1000", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "A previously-returned page token representing part of the larger set of results to view.", - "location": "query" - }, - "prefix": { - "type": "string", - "description": "Filter results to buckets whose names begin with this prefix.", - "location": "query" - }, - "project": { - "type": "string", - "description": "A valid API project identifier.", - "required": true, - "location": "query" - }, - "projection": { - "type": "string", - "description": "Set of properties to return. Defaults to noAcl.", - "enum": [ - "full", - "noAcl" - ], - "enumDescriptions": [ - "Include all properties.", - "Omit owner, acl and defaultObjectAcl properties." - ], - "location": "query" - }, - "userProject": { - "type": "string", - "description": "The project to be billed for this request.", - "location": "query" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "Buckets" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/cloud-platform.read-only", - "https://www.googleapis.com/auth/devstorage.full_control", - "https://www.googleapis.com/auth/devstorage.read_only", - "https://www.googleapis.com/auth/devstorage.read_write" - ] + "type": "object" }, - "lockRetentionPolicy": { - "id": "storage.buckets.lockRetentionPolicy", - "path": "b/{bucket}/lockRetentionPolicy", - "httpMethod": "POST", - "description": "Locks retention policy on a bucket.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of a bucket.", - "required": true, - "location": "path" - }, - "ifMetagenerationMatch": { - "type": "string", - "description": "Makes the operation conditional on whether bucket's current metageneration matches the given value.", - "required": true, - "format": "int64", - "location": "query" - }, - "userProject": { - "type": "string", - "description": "The project to be billed for this request. Required for Requester Pays buckets.", - "location": "query" - } - }, - "parameterOrder": [ - "bucket", - "ifMetagenerationMatch" - ], - "response": { - "$ref": "Bucket" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control", - "https://www.googleapis.com/auth/devstorage.read_write" - ] - }, - "patch": { - "id": "storage.buckets.patch", - "path": "b/{bucket}", - "httpMethod": "PATCH", - "description": "Updates a bucket. Changes to the bucket will be readable immediately after writing, but configuration changes may take time to propagate. This method supports patch semantics.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of a bucket.", - "required": true, - "location": "path" - }, - "ifMetagenerationMatch": { - "type": "string", - "description": "Makes the return of the bucket metadata conditional on whether the bucket's current metageneration matches the given value.", - "format": "int64", - "location": "query" - }, - "ifMetagenerationNotMatch": { - "type": "string", - "description": "Makes the return of the bucket metadata conditional on whether the bucket's current metageneration does not match the given value.", - "format": "int64", - "location": "query" - }, - "predefinedAcl": { - "type": "string", - "description": "Apply a predefined set of access controls to this bucket.", - "enum": [ - "authenticatedRead", - "private", - "projectPrivate", - "publicRead", - "publicReadWrite" - ], - "enumDescriptions": [ - "Project team owners get OWNER access, and allAuthenticatedUsers get READER access.", - "Project team owners get OWNER access.", - "Project team members get access according to their roles.", - "Project team owners get OWNER access, and allUsers get READER access.", - "Project team owners get OWNER access, and allUsers get WRITER access." - ], - "location": "query" - }, - "predefinedDefaultObjectAcl": { - "type": "string", - "description": "Apply a predefined set of default object access controls to this bucket.", - "enum": [ - "authenticatedRead", - "bucketOwnerFullControl", - "bucketOwnerRead", - "private", - "projectPrivate", - "publicRead" - ], - "enumDescriptions": [ - "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.", - "Object owner gets OWNER access, and project team owners get OWNER access.", - "Object owner gets OWNER access, and project team owners get READER access.", - "Object owner gets OWNER access.", - "Object owner gets OWNER access, and project team members get access according to their roles.", - "Object owner gets OWNER access, and allUsers get READER access." - ], - "location": "query" - }, - "projection": { - "type": "string", - "description": "Set of properties to return. Defaults to full.", - "enum": [ - "full", - "noAcl" - ], - "enumDescriptions": [ - "Include all properties.", - "Omit owner, acl and defaultObjectAcl properties." - ], - "location": "query" - }, - "userProject": { - "type": "string", - "description": "The project to be billed for this request. Required for Requester Pays buckets.", - "location": "query" - } - }, - "parameterOrder": [ - "bucket" - ], - "request": { - "$ref": "Bucket" - }, - "response": { - "$ref": "Bucket" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control" - ] - }, - "setIamPolicy": { - "id": "storage.buckets.setIamPolicy", - "path": "b/{bucket}/iam", - "httpMethod": "PUT", - "description": "Updates an IAM policy for the specified bucket.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of a bucket.", - "required": true, - "location": "path" - }, - "userProject": { - "type": "string", - "description": "The project to be billed for this request. Required for Requester Pays buckets.", - "location": "query" - } - }, - "parameterOrder": [ - "bucket" - ], - "request": { - "$ref": "Policy" - }, - "response": { - "$ref": "Policy" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control", - "https://www.googleapis.com/auth/devstorage.read_write" - ] - }, - "testIamPermissions": { - "id": "storage.buckets.testIamPermissions", - "path": "b/{bucket}/iam/testPermissions", - "httpMethod": "GET", - "description": "Tests a set of permissions on the given bucket to see which, if any, are held by the caller.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of a bucket.", - "required": true, - "location": "path" - }, - "permissions": { - "type": "string", - "description": "Permissions to test.", - "required": true, - "repeated": true, - "location": "query" - }, - "userProject": { - "type": "string", - "description": "The project to be billed for this request. Required for Requester Pays buckets.", - "location": "query" - } - }, - "parameterOrder": [ - "bucket", - "permissions" - ], - "response": { - "$ref": "TestIamPermissionsResponse" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/cloud-platform.read-only", - "https://www.googleapis.com/auth/devstorage.full_control", - "https://www.googleapis.com/auth/devstorage.read_only", - "https://www.googleapis.com/auth/devstorage.read_write" - ] - }, - "update": { - "id": "storage.buckets.update", - "path": "b/{bucket}", - "httpMethod": "PUT", - "description": "Updates a bucket. Changes to the bucket will be readable immediately after writing, but configuration changes may take time to propagate.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of a bucket.", - "required": true, - "location": "path" - }, - "ifMetagenerationMatch": { - "type": "string", - "description": "Makes the return of the bucket metadata conditional on whether the bucket's current metageneration matches the given value.", - "format": "int64", - "location": "query" - }, - "ifMetagenerationNotMatch": { - "type": "string", - "description": "Makes the return of the bucket metadata conditional on whether the bucket's current metageneration does not match the given value.", - "format": "int64", - "location": "query" - }, - "predefinedAcl": { - "type": "string", - "description": "Apply a predefined set of access controls to this bucket.", - "enum": [ - "authenticatedRead", - "private", - "projectPrivate", - "publicRead", - "publicReadWrite" - ], - "enumDescriptions": [ - "Project team owners get OWNER access, and allAuthenticatedUsers get READER access.", - "Project team owners get OWNER access.", - "Project team members get access according to their roles.", - "Project team owners get OWNER access, and allUsers get READER access.", - "Project team owners get OWNER access, and allUsers get WRITER access." - ], - "location": "query" - }, - "predefinedDefaultObjectAcl": { - "type": "string", - "description": "Apply a predefined set of default object access controls to this bucket.", - "enum": [ - "authenticatedRead", - "bucketOwnerFullControl", - "bucketOwnerRead", - "private", - "projectPrivate", - "publicRead" - ], - "enumDescriptions": [ - "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.", - "Object owner gets OWNER access, and project team owners get OWNER access.", - "Object owner gets OWNER access, and project team owners get READER access.", - "Object owner gets OWNER access.", - "Object owner gets OWNER access, and project team members get access according to their roles.", - "Object owner gets OWNER access, and allUsers get READER access." - ], - "location": "query" - }, - "projection": { - "type": "string", - "description": "Set of properties to return. Defaults to full.", - "enum": [ - "full", - "noAcl" - ], - "enumDescriptions": [ - "Include all properties.", - "Omit owner, acl and defaultObjectAcl properties." - ], - "location": "query" - }, - "userProject": { - "type": "string", - "description": "The project to be billed for this request. Required for Requester Pays buckets.", - "location": "query" - } - }, - "parameterOrder": [ - "bucket" - ], - "request": { - "$ref": "Bucket" - }, - "response": { - "$ref": "Bucket" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control" - ] - } - } - }, - "channels": { - "methods": { - "stop": { - "id": "storage.channels.stop", - "path": "channels/stop", - "httpMethod": "POST", - "description": "Stop watching resources through this channel", - "request": { - "$ref": "Channel", - "parameterName": "resource" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/cloud-platform.read-only", - "https://www.googleapis.com/auth/devstorage.full_control", - "https://www.googleapis.com/auth/devstorage.read_only", - "https://www.googleapis.com/auth/devstorage.read_write" - ] - } - } - }, - "defaultObjectAccessControls": { - "methods": { - "delete": { - "id": "storage.defaultObjectAccessControls.delete", - "path": "b/{bucket}/defaultObjectAcl/{entity}", - "httpMethod": "DELETE", - "description": "Permanently deletes the default object ACL entry for the specified entity on the specified bucket.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of a bucket.", - "required": true, - "location": "path" - }, - "entity": { - "type": "string", - "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.", - "required": true, - "location": "path" - }, - "userProject": { - "type": "string", - "description": "The project to be billed for this request. Required for Requester Pays buckets.", - "location": "query" - } - }, - "parameterOrder": [ - "bucket", - "entity" - ], - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control" - ] - }, - "get": { - "id": "storage.defaultObjectAccessControls.get", - "path": "b/{bucket}/defaultObjectAcl/{entity}", - "httpMethod": "GET", - "description": "Returns the default object ACL entry for the specified entity on the specified bucket.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of a bucket.", - "required": true, - "location": "path" - }, - "entity": { - "type": "string", - "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.", - "required": true, - "location": "path" - }, - "userProject": { - "type": "string", - "description": "The project to be billed for this request. Required for Requester Pays buckets.", - "location": "query" - } - }, - "parameterOrder": [ - "bucket", - "entity" - ], - "response": { - "$ref": "ObjectAccessControl" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control" - ] - }, - "insert": { - "id": "storage.defaultObjectAccessControls.insert", - "path": "b/{bucket}/defaultObjectAcl", - "httpMethod": "POST", - "description": "Creates a new default object ACL entry on the specified bucket.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of a bucket.", - "required": true, - "location": "path" - }, - "userProject": { - "type": "string", - "description": "The project to be billed for this request. Required for Requester Pays buckets.", - "location": "query" - } - }, - "parameterOrder": [ - "bucket" - ], - "request": { - "$ref": "ObjectAccessControl" - }, - "response": { - "$ref": "ObjectAccessControl" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control" - ] - }, - "list": { - "id": "storage.defaultObjectAccessControls.list", - "path": "b/{bucket}/defaultObjectAcl", - "httpMethod": "GET", - "description": "Retrieves default object ACL entries on the specified bucket.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of a bucket.", - "required": true, - "location": "path" - }, - "ifMetagenerationMatch": { - "type": "string", - "description": "If present, only return default ACL listing if the bucket's current metageneration matches this value.", - "format": "int64", - "location": "query" - }, - "ifMetagenerationNotMatch": { - "type": "string", - "description": "If present, only return default ACL listing if the bucket's current metageneration does not match the given value.", - "format": "int64", - "location": "query" - }, - "userProject": { - "type": "string", - "description": "The project to be billed for this request. Required for Requester Pays buckets.", - "location": "query" - } - }, - "parameterOrder": [ - "bucket" - ], - "response": { - "$ref": "ObjectAccessControls" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control" - ] - }, - "patch": { - "id": "storage.defaultObjectAccessControls.patch", - "path": "b/{bucket}/defaultObjectAcl/{entity}", - "httpMethod": "PATCH", - "description": "Updates a default object ACL entry on the specified bucket. This method supports patch semantics.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of a bucket.", - "required": true, - "location": "path" - }, - "entity": { - "type": "string", - "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.", - "required": true, - "location": "path" - }, - "userProject": { - "type": "string", - "description": "The project to be billed for this request. Required for Requester Pays buckets.", - "location": "query" - } - }, - "parameterOrder": [ - "bucket", - "entity" - ], - "request": { - "$ref": "ObjectAccessControl" - }, - "response": { - "$ref": "ObjectAccessControl" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control" - ] - }, - "update": { - "id": "storage.defaultObjectAccessControls.update", - "path": "b/{bucket}/defaultObjectAcl/{entity}", - "httpMethod": "PUT", - "description": "Updates a default object ACL entry on the specified bucket.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of a bucket.", - "required": true, - "location": "path" - }, - "entity": { - "type": "string", - "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.", - "required": true, - "location": "path" - }, - "userProject": { - "type": "string", - "description": "The project to be billed for this request. Required for Requester Pays buckets.", - "location": "query" - } - }, - "parameterOrder": [ - "bucket", - "entity" - ], - "request": { - "$ref": "ObjectAccessControl" - }, - "response": { - "$ref": "ObjectAccessControl" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control" - ] - } - } - }, - "notifications": { - "methods": { - "delete": { - "id": "storage.notifications.delete", - "path": "b/{bucket}/notificationConfigs/{notification}", - "httpMethod": "DELETE", - "description": "Permanently deletes a notification subscription.", - "parameters": { - "bucket": { - "type": "string", - "description": "The parent bucket of the notification.", - "required": true, - "location": "path" - }, - "notification": { - "type": "string", - "description": "ID of the notification to delete.", - "required": true, - "location": "path" - }, - "userProject": { - "type": "string", - "description": "The project to be billed for this request. Required for Requester Pays buckets.", - "location": "query" - } - }, - "parameterOrder": [ - "bucket", - "notification" - ], - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control", - "https://www.googleapis.com/auth/devstorage.read_write" - ] - }, - "get": { - "id": "storage.notifications.get", - "path": "b/{bucket}/notificationConfigs/{notification}", - "httpMethod": "GET", - "description": "View a notification configuration.", - "parameters": { - "bucket": { - "type": "string", - "description": "The parent bucket of the notification.", - "required": true, - "location": "path" - }, - "notification": { - "type": "string", - "description": "Notification ID", - "required": true, - "location": "path" - }, - "userProject": { - "type": "string", - "description": "The project to be billed for this request. Required for Requester Pays buckets.", - "location": "query" - } - }, - "parameterOrder": [ - "bucket", - "notification" - ], - "response": { - "$ref": "Notification" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/cloud-platform.read-only", - "https://www.googleapis.com/auth/devstorage.full_control", - "https://www.googleapis.com/auth/devstorage.read_only", - "https://www.googleapis.com/auth/devstorage.read_write" - ] - }, - "insert": { - "id": "storage.notifications.insert", - "path": "b/{bucket}/notificationConfigs", - "httpMethod": "POST", - "description": "Creates a notification subscription for a given bucket.", - "parameters": { - "bucket": { - "type": "string", - "description": "The parent bucket of the notification.", - "required": true, - "location": "path" - }, - "userProject": { - "type": "string", - "description": "The project to be billed for this request. Required for Requester Pays buckets.", - "location": "query" - } - }, - "parameterOrder": [ - "bucket" - ], - "request": { - "$ref": "Notification" - }, - "response": { - "$ref": "Notification" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control", - "https://www.googleapis.com/auth/devstorage.read_write" - ] - }, - "list": { - "id": "storage.notifications.list", - "path": "b/{bucket}/notificationConfigs", - "httpMethod": "GET", - "description": "Retrieves a list of notification subscriptions for a given bucket.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of a Google Cloud Storage bucket.", - "required": true, - "location": "path" - }, - "userProject": { - "type": "string", - "description": "The project to be billed for this request. Required for Requester Pays buckets.", - "location": "query" - } - }, - "parameterOrder": [ - "bucket" - ], - "response": { - "$ref": "Notifications" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/cloud-platform.read-only", - "https://www.googleapis.com/auth/devstorage.full_control", - "https://www.googleapis.com/auth/devstorage.read_only", - "https://www.googleapis.com/auth/devstorage.read_write" - ] - } - } - }, - "objectAccessControls": { - "methods": { - "delete": { - "id": "storage.objectAccessControls.delete", - "path": "b/{bucket}/o/{object}/acl/{entity}", - "httpMethod": "DELETE", - "description": "Permanently deletes the ACL entry for the specified entity on the specified object.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of a bucket.", - "required": true, - "location": "path" - }, - "entity": { - "type": "string", - "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.", - "required": true, - "location": "path" - }, - "generation": { - "type": "string", - "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).", - "format": "int64", - "location": "query" - }, - "object": { - "type": "string", - "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", - "required": true, - "location": "path" - }, - "userProject": { - "type": "string", - "description": "The project to be billed for this request. Required for Requester Pays buckets.", - "location": "query" - } - }, - "parameterOrder": [ - "bucket", - "object", - "entity" - ], - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control" - ] - }, - "get": { - "id": "storage.objectAccessControls.get", - "path": "b/{bucket}/o/{object}/acl/{entity}", - "httpMethod": "GET", - "description": "Returns the ACL entry for the specified entity on the specified object.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of a bucket.", - "required": true, - "location": "path" - }, - "entity": { - "type": "string", - "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.", - "required": true, - "location": "path" - }, - "generation": { - "type": "string", - "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).", - "format": "int64", - "location": "query" - }, - "object": { - "type": "string", - "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", - "required": true, - "location": "path" - }, - "userProject": { - "type": "string", - "description": "The project to be billed for this request. Required for Requester Pays buckets.", - "location": "query" - } - }, - "parameterOrder": [ - "bucket", - "object", - "entity" - ], - "response": { - "$ref": "ObjectAccessControl" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control" - ] - }, - "insert": { - "id": "storage.objectAccessControls.insert", - "path": "b/{bucket}/o/{object}/acl", - "httpMethod": "POST", - "description": "Creates a new ACL entry on the specified object.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of a bucket.", - "required": true, - "location": "path" - }, - "generation": { - "type": "string", - "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).", - "format": "int64", - "location": "query" - }, - "object": { - "type": "string", - "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", - "required": true, - "location": "path" - }, - "userProject": { - "type": "string", - "description": "The project to be billed for this request. Required for Requester Pays buckets.", - "location": "query" - } - }, - "parameterOrder": [ - "bucket", - "object" - ], - "request": { - "$ref": "ObjectAccessControl" - }, - "response": { - "$ref": "ObjectAccessControl" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control" - ] - }, - "list": { - "id": "storage.objectAccessControls.list", - "path": "b/{bucket}/o/{object}/acl", - "httpMethod": "GET", - "description": "Retrieves ACL entries on the specified object.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of a bucket.", - "required": true, - "location": "path" - }, - "generation": { - "type": "string", - "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).", - "format": "int64", - "location": "query" - }, - "object": { - "type": "string", - "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", - "required": true, - "location": "path" - }, - "userProject": { - "type": "string", - "description": "The project to be billed for this request. Required for Requester Pays buckets.", - "location": "query" - } - }, - "parameterOrder": [ - "bucket", - "object" - ], - "response": { - "$ref": "ObjectAccessControls" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control" - ] - }, - "patch": { - "id": "storage.objectAccessControls.patch", - "path": "b/{bucket}/o/{object}/acl/{entity}", - "httpMethod": "PATCH", - "description": "Updates an ACL entry on the specified object. This method supports patch semantics.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of a bucket.", - "required": true, - "location": "path" - }, - "entity": { - "type": "string", - "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.", - "required": true, - "location": "path" - }, - "generation": { - "type": "string", - "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).", - "format": "int64", - "location": "query" - }, - "object": { - "type": "string", - "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", - "required": true, - "location": "path" - }, - "userProject": { - "type": "string", - "description": "The project to be billed for this request. Required for Requester Pays buckets.", - "location": "query" - } - }, - "parameterOrder": [ - "bucket", - "object", - "entity" - ], - "request": { - "$ref": "ObjectAccessControl" - }, - "response": { - "$ref": "ObjectAccessControl" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control" - ] - }, - "update": { - "id": "storage.objectAccessControls.update", - "path": "b/{bucket}/o/{object}/acl/{entity}", - "httpMethod": "PUT", - "description": "Updates an ACL entry on the specified object.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of a bucket.", - "required": true, - "location": "path" - }, - "entity": { - "type": "string", - "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.", - "required": true, - "location": "path" - }, - "generation": { - "type": "string", - "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).", - "format": "int64", - "location": "query" - }, - "object": { - "type": "string", - "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", - "required": true, - "location": "path" - }, - "userProject": { - "type": "string", - "description": "The project to be billed for this request. Required for Requester Pays buckets.", - "location": "query" - } - }, - "parameterOrder": [ - "bucket", - "object", - "entity" - ], - "request": { - "$ref": "ObjectAccessControl" - }, - "response": { - "$ref": "ObjectAccessControl" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control" - ] - } - } - }, - "objects": { - "methods": { - "compose": { - "id": "storage.objects.compose", - "path": "b/{destinationBucket}/o/{destinationObject}/compose", - "httpMethod": "POST", - "description": "Concatenates a list of existing objects into a new object in the same bucket.", - "parameters": { - "destinationBucket": { - "type": "string", - "description": "Name of the bucket in which to store the new object.", - "required": true, - "location": "path" - }, - "destinationObject": { - "type": "string", - "description": "Name of the new object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", - "required": true, - "location": "path" - }, - "destinationPredefinedAcl": { - "type": "string", - "description": "Apply a predefined set of access controls to the destination object.", - "enum": [ - "authenticatedRead", - "bucketOwnerFullControl", - "bucketOwnerRead", - "private", - "projectPrivate", - "publicRead" - ], - "enumDescriptions": [ - "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.", - "Object owner gets OWNER access, and project team owners get OWNER access.", - "Object owner gets OWNER access, and project team owners get READER access.", - "Object owner gets OWNER access.", - "Object owner gets OWNER access, and project team members get access according to their roles.", - "Object owner gets OWNER access, and allUsers get READER access." - ], - "location": "query" - }, - "ifGenerationMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.", - "format": "int64", - "location": "query" - }, - "ifMetagenerationMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the object's current metageneration matches the given value.", - "format": "int64", - "location": "query" - }, - "kmsKeyName": { - "type": "string", - "description": "Resource name of the Cloud KMS key, of the form projects/my-project/locations/global/keyRings/my-kr/cryptoKeys/my-key, that will be used to encrypt the object. Overrides the object metadata's kms_key_name value, if any.", - "location": "query" - }, - "userProject": { - "type": "string", - "description": "The project to be billed for this request. Required for Requester Pays buckets.", - "location": "query" - } - }, - "parameterOrder": [ - "destinationBucket", - "destinationObject" - ], - "request": { - "$ref": "ComposeRequest" - }, - "response": { - "$ref": "Object" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control", - "https://www.googleapis.com/auth/devstorage.read_write" - ] - }, - "copy": { - "id": "storage.objects.copy", - "path": "b/{sourceBucket}/o/{sourceObject}/copyTo/b/{destinationBucket}/o/{destinationObject}", - "httpMethod": "POST", - "description": "Copies a source object to a destination object. Optionally overrides metadata.", - "parameters": { - "destinationBucket": { - "type": "string", - "description": "Name of the bucket in which to store the new object. Overrides the provided object metadata's bucket value, if any.For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", - "required": true, - "location": "path" - }, - "destinationObject": { - "type": "string", - "description": "Name of the new object. Required when the object metadata is not otherwise provided. Overrides the object metadata's name value, if any.", - "required": true, - "location": "path" - }, - "destinationPredefinedAcl": { - "type": "string", - "description": "Apply a predefined set of access controls to the destination object.", - "enum": [ - "authenticatedRead", - "bucketOwnerFullControl", - "bucketOwnerRead", - "private", - "projectPrivate", - "publicRead" - ], - "enumDescriptions": [ - "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.", - "Object owner gets OWNER access, and project team owners get OWNER access.", - "Object owner gets OWNER access, and project team owners get READER access.", - "Object owner gets OWNER access.", - "Object owner gets OWNER access, and project team members get access according to their roles.", - "Object owner gets OWNER access, and allUsers get READER access." - ], - "location": "query" - }, - "ifGenerationMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the destination object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.", - "format": "int64", - "location": "query" - }, - "ifGenerationNotMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the destination object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.", - "format": "int64", - "location": "query" - }, - "ifMetagenerationMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the destination object's current metageneration matches the given value.", - "format": "int64", - "location": "query" - }, - "ifMetagenerationNotMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the destination object's current metageneration does not match the given value.", - "format": "int64", - "location": "query" - }, - "ifSourceGenerationMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the source object's current generation matches the given value.", - "format": "int64", - "location": "query" - }, - "ifSourceGenerationNotMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the source object's current generation does not match the given value.", - "format": "int64", - "location": "query" - }, - "ifSourceMetagenerationMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the source object's current metageneration matches the given value.", - "format": "int64", - "location": "query" - }, - "ifSourceMetagenerationNotMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the source object's current metageneration does not match the given value.", - "format": "int64", - "location": "query" - }, - "projection": { - "type": "string", - "description": "Set of properties to return. Defaults to noAcl, unless the object resource specifies the acl property, when it defaults to full.", - "enum": [ - "full", - "noAcl" - ], - "enumDescriptions": [ - "Include all properties.", - "Omit the owner, acl property." - ], - "location": "query" - }, - "sourceBucket": { - "type": "string", - "description": "Name of the bucket in which to find the source object.", - "required": true, - "location": "path" - }, - "sourceGeneration": { - "type": "string", - "description": "If present, selects a specific revision of the source object (as opposed to the latest version, the default).", - "format": "int64", - "location": "query" - }, - "sourceObject": { - "type": "string", - "description": "Name of the source object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", - "required": true, - "location": "path" - }, - "userProject": { - "type": "string", - "description": "The project to be billed for this request. Required for Requester Pays buckets.", - "location": "query" - } - }, - "parameterOrder": [ - "sourceBucket", - "sourceObject", - "destinationBucket", - "destinationObject" - ], - "request": { - "$ref": "Object" - }, - "response": { - "$ref": "Object" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control", - "https://www.googleapis.com/auth/devstorage.read_write" - ] - }, - "delete": { - "id": "storage.objects.delete", - "path": "b/{bucket}/o/{object}", - "httpMethod": "DELETE", - "description": "Deletes an object and its metadata. Deletions are permanent if versioning is not enabled for the bucket, or if the generation parameter is used.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of the bucket in which the object resides.", - "required": true, - "location": "path" - }, - "generation": { - "type": "string", - "description": "If present, permanently deletes a specific revision of this object (as opposed to the latest version, the default).", - "format": "int64", - "location": "query" - }, - "ifGenerationMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.", - "format": "int64", - "location": "query" - }, - "ifGenerationNotMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.", - "format": "int64", - "location": "query" - }, - "ifMetagenerationMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the object's current metageneration matches the given value.", - "format": "int64", - "location": "query" - }, - "ifMetagenerationNotMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the object's current metageneration does not match the given value.", - "format": "int64", - "location": "query" - }, - "object": { - "type": "string", - "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", - "required": true, - "location": "path" - }, - "userProject": { - "type": "string", - "description": "The project to be billed for this request. Required for Requester Pays buckets.", - "location": "query" - } - }, - "parameterOrder": [ - "bucket", - "object" - ], - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control", - "https://www.googleapis.com/auth/devstorage.read_write" - ] - }, - "get": { - "id": "storage.objects.get", - "path": "b/{bucket}/o/{object}", - "httpMethod": "GET", - "description": "Retrieves an object or its metadata.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of the bucket in which the object resides.", - "required": true, - "location": "path" - }, - "generation": { - "type": "string", - "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).", - "format": "int64", - "location": "query" - }, - "ifGenerationMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.", - "format": "int64", - "location": "query" - }, - "ifGenerationNotMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.", - "format": "int64", - "location": "query" - }, - "ifMetagenerationMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the object's current metageneration matches the given value.", - "format": "int64", - "location": "query" - }, - "ifMetagenerationNotMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the object's current metageneration does not match the given value.", - "format": "int64", - "location": "query" - }, - "object": { - "type": "string", - "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", - "required": true, - "location": "path" - }, - "projection": { - "type": "string", - "description": "Set of properties to return. Defaults to noAcl.", - "enum": [ - "full", - "noAcl" - ], - "enumDescriptions": [ - "Include all properties.", - "Omit the owner, acl property." - ], - "location": "query" - }, - "userProject": { - "type": "string", - "description": "The project to be billed for this request. Required for Requester Pays buckets.", - "location": "query" - } - }, - "parameterOrder": [ - "bucket", - "object" - ], - "response": { - "$ref": "Object" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/cloud-platform.read-only", - "https://www.googleapis.com/auth/devstorage.full_control", - "https://www.googleapis.com/auth/devstorage.read_only", - "https://www.googleapis.com/auth/devstorage.read_write" - ], - "supportsMediaDownload": true, - "useMediaDownloadService": true - }, - "getIamPolicy": { - "id": "storage.objects.getIamPolicy", - "path": "b/{bucket}/o/{object}/iam", - "httpMethod": "GET", - "description": "Returns an IAM policy for the specified object.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of the bucket in which the object resides.", - "required": true, - "location": "path" - }, - "generation": { - "type": "string", - "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).", - "format": "int64", - "location": "query" - }, - "object": { - "type": "string", - "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", - "required": true, - "location": "path" - }, - "userProject": { - "type": "string", - "description": "The project to be billed for this request. Required for Requester Pays buckets.", - "location": "query" - } - }, - "parameterOrder": [ - "bucket", - "object" - ], - "response": { - "$ref": "Policy" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/cloud-platform.read-only", - "https://www.googleapis.com/auth/devstorage.full_control", - "https://www.googleapis.com/auth/devstorage.read_only", - "https://www.googleapis.com/auth/devstorage.read_write" - ] - }, - "insert": { - "id": "storage.objects.insert", - "path": "b/{bucket}/o", - "httpMethod": "POST", - "description": "Stores a new object and metadata.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of the bucket in which to store the new object. Overrides the provided object metadata's bucket value, if any.", - "required": true, - "location": "path" - }, - "contentEncoding": { - "type": "string", - "description": "If set, sets the contentEncoding property of the final object to this value. Setting this parameter is equivalent to setting the contentEncoding metadata property. This can be useful when uploading an object with uploadType=media to indicate the encoding of the content being uploaded.", - "location": "query" - }, - "ifGenerationMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.", - "format": "int64", - "location": "query" - }, - "ifGenerationNotMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.", - "format": "int64", - "location": "query" - }, - "ifMetagenerationMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the object's current metageneration matches the given value.", - "format": "int64", - "location": "query" - }, - "ifMetagenerationNotMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the object's current metageneration does not match the given value.", - "format": "int64", - "location": "query" - }, - "kmsKeyName": { - "type": "string", - "description": "Resource name of the Cloud KMS key, of the form projects/my-project/locations/global/keyRings/my-kr/cryptoKeys/my-key, that will be used to encrypt the object. Overrides the object metadata's kms_key_name value, if any. Limited availability; usable only by enabled projects.", - "location": "query" - }, - "name": { - "type": "string", - "description": "Name of the object. Required when the object metadata is not otherwise provided. Overrides the object metadata's name value, if any. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", - "location": "query" - }, - "predefinedAcl": { - "type": "string", - "description": "Apply a predefined set of access controls to this object.", - "enum": [ - "authenticatedRead", - "bucketOwnerFullControl", - "bucketOwnerRead", - "private", - "projectPrivate", - "publicRead" - ], - "enumDescriptions": [ - "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.", - "Object owner gets OWNER access, and project team owners get OWNER access.", - "Object owner gets OWNER access, and project team owners get READER access.", - "Object owner gets OWNER access.", - "Object owner gets OWNER access, and project team members get access according to their roles.", - "Object owner gets OWNER access, and allUsers get READER access." - ], - "location": "query" - }, - "projection": { - "type": "string", - "description": "Set of properties to return. Defaults to noAcl, unless the object resource specifies the acl property, when it defaults to full.", - "enum": [ - "full", - "noAcl" - ], - "enumDescriptions": [ - "Include all properties.", - "Omit the owner, acl property." - ], - "location": "query" - }, - "userProject": { - "type": "string", - "description": "The project to be billed for this request. Required for Requester Pays buckets.", - "location": "query" - } - }, - "parameterOrder": [ - "bucket" - ], - "request": { - "$ref": "Object" - }, - "response": { - "$ref": "Object" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control", - "https://www.googleapis.com/auth/devstorage.read_write" - ], - "supportsMediaUpload": true, - "mediaUpload": { - "accept": [ - "*/*" - ], - "protocols": { - "simple": { - "multipart": true, - "path": "/upload/storage/v1/b/{bucket}/o" - }, - "resumable": { - "multipart": true, - "path": "/resumable/upload/storage/v1/b/{bucket}/o" - } - } - } - }, - "list": { - "id": "storage.objects.list", - "path": "b/{bucket}/o", - "httpMethod": "GET", - "description": "Retrieves a list of objects matching the criteria.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of the bucket in which to look for objects.", - "required": true, - "location": "path" - }, - "delimiter": { - "type": "string", - "description": "Returns results in a directory-like mode. items will contain only objects whose names, aside from the prefix, do not contain delimiter. Objects whose names, aside from the prefix, contain delimiter will have their name, truncated after the delimiter, returned in prefixes. Duplicate prefixes are omitted.", - "location": "query" - }, - "maxResults": { - "type": "integer", - "description": "Maximum number of items plus prefixes to return in a single page of responses. As duplicate prefixes are omitted, fewer total results may be returned than requested. The service will use this parameter or 1,000 items, whichever is smaller.", - "default": "1000", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "A previously-returned page token representing part of the larger set of results to view.", - "location": "query" - }, - "prefix": { - "type": "string", - "description": "Filter results to objects whose names begin with this prefix.", - "location": "query" - }, - "projection": { - "type": "string", - "description": "Set of properties to return. Defaults to noAcl.", - "enum": [ - "full", - "noAcl" - ], - "enumDescriptions": [ - "Include all properties.", - "Omit the owner, acl property." - ], - "location": "query" - }, - "userProject": { - "type": "string", - "description": "The project to be billed for this request. Required for Requester Pays buckets.", - "location": "query" - }, - "versions": { - "type": "boolean", - "description": "If true, lists all versions of an object as distinct results. The default is false. For more information, see Object Versioning.", - "location": "query" - } - }, - "parameterOrder": [ - "bucket" - ], - "response": { - "$ref": "Objects" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/cloud-platform.read-only", - "https://www.googleapis.com/auth/devstorage.full_control", - "https://www.googleapis.com/auth/devstorage.read_only", - "https://www.googleapis.com/auth/devstorage.read_write" - ], - "supportsSubscription": true - }, - "patch": { - "id": "storage.objects.patch", - "path": "b/{bucket}/o/{object}", - "httpMethod": "PATCH", - "description": "Patches an object's metadata.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of the bucket in which the object resides.", - "required": true, - "location": "path" - }, - "generation": { - "type": "string", - "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).", - "format": "int64", - "location": "query" - }, - "ifGenerationMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.", - "format": "int64", - "location": "query" - }, - "ifGenerationNotMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.", - "format": "int64", - "location": "query" - }, - "ifMetagenerationMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the object's current metageneration matches the given value.", - "format": "int64", - "location": "query" - }, - "ifMetagenerationNotMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the object's current metageneration does not match the given value.", - "format": "int64", - "location": "query" - }, - "object": { - "type": "string", - "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", - "required": true, - "location": "path" - }, - "predefinedAcl": { - "type": "string", - "description": "Apply a predefined set of access controls to this object.", - "enum": [ - "authenticatedRead", - "bucketOwnerFullControl", - "bucketOwnerRead", - "private", - "projectPrivate", - "publicRead" - ], - "enumDescriptions": [ - "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.", - "Object owner gets OWNER access, and project team owners get OWNER access.", - "Object owner gets OWNER access, and project team owners get READER access.", - "Object owner gets OWNER access.", - "Object owner gets OWNER access, and project team members get access according to their roles.", - "Object owner gets OWNER access, and allUsers get READER access." - ], - "location": "query" - }, - "projection": { - "type": "string", - "description": "Set of properties to return. Defaults to full.", - "enum": [ - "full", - "noAcl" - ], - "enumDescriptions": [ - "Include all properties.", - "Omit the owner, acl property." - ], - "location": "query" - }, - "userProject": { - "type": "string", - "description": "The project to be billed for this request, for Requester Pays buckets.", - "location": "query" - } - }, - "parameterOrder": [ - "bucket", - "object" - ], - "request": { - "$ref": "Object" - }, - "response": { - "$ref": "Object" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control" - ] - }, - "rewrite": { - "id": "storage.objects.rewrite", - "path": "b/{sourceBucket}/o/{sourceObject}/rewriteTo/b/{destinationBucket}/o/{destinationObject}", - "httpMethod": "POST", - "description": "Rewrites a source object to a destination object. Optionally overrides metadata.", - "parameters": { - "destinationBucket": { - "type": "string", - "description": "Name of the bucket in which to store the new object. Overrides the provided object metadata's bucket value, if any.", - "required": true, - "location": "path" - }, - "destinationKmsKeyName": { - "type": "string", - "description": "Resource name of the Cloud KMS key, of the form projects/my-project/locations/global/keyRings/my-kr/cryptoKeys/my-key, that will be used to encrypt the object. Overrides the object metadata's kms_key_name value, if any.", - "location": "query" - }, - "destinationObject": { - "type": "string", - "description": "Name of the new object. Required when the object metadata is not otherwise provided. Overrides the object metadata's name value, if any. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", - "required": true, - "location": "path" - }, - "destinationPredefinedAcl": { - "type": "string", - "description": "Apply a predefined set of access controls to the destination object.", - "enum": [ - "authenticatedRead", - "bucketOwnerFullControl", - "bucketOwnerRead", - "private", - "projectPrivate", - "publicRead" - ], - "enumDescriptions": [ - "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.", - "Object owner gets OWNER access, and project team owners get OWNER access.", - "Object owner gets OWNER access, and project team owners get READER access.", - "Object owner gets OWNER access.", - "Object owner gets OWNER access, and project team members get access according to their roles.", - "Object owner gets OWNER access, and allUsers get READER access." - ], - "location": "query" - }, - "ifGenerationMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.", - "format": "int64", - "location": "query" - }, - "ifGenerationNotMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.", - "format": "int64", - "location": "query" - }, - "ifMetagenerationMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the destination object's current metageneration matches the given value.", - "format": "int64", - "location": "query" - }, - "ifMetagenerationNotMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the destination object's current metageneration does not match the given value.", - "format": "int64", - "location": "query" - }, - "ifSourceGenerationMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the source object's current generation matches the given value.", - "format": "int64", - "location": "query" - }, - "ifSourceGenerationNotMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the source object's current generation does not match the given value.", - "format": "int64", - "location": "query" - }, - "ifSourceMetagenerationMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the source object's current metageneration matches the given value.", - "format": "int64", - "location": "query" - }, - "ifSourceMetagenerationNotMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the source object's current metageneration does not match the given value.", - "format": "int64", - "location": "query" - }, - "maxBytesRewrittenPerCall": { - "type": "string", - "description": "The maximum number of bytes that will be rewritten per rewrite request. Most callers shouldn't need to specify this parameter - it is primarily in place to support testing. If specified the value must be an integral multiple of 1 MiB (1048576). Also, this only applies to requests where the source and destination span locations and/or storage classes. Finally, this value must not change across rewrite calls else you'll get an error that the rewriteToken is invalid.", - "format": "int64", - "location": "query" - }, - "projection": { - "type": "string", - "description": "Set of properties to return. Defaults to noAcl, unless the object resource specifies the acl property, when it defaults to full.", - "enum": [ - "full", - "noAcl" - ], - "enumDescriptions": [ - "Include all properties.", - "Omit the owner, acl property." - ], - "location": "query" - }, - "rewriteToken": { - "type": "string", - "description": "Include this field (from the previous rewrite response) on each rewrite request after the first one, until the rewrite response 'done' flag is true. Calls that provide a rewriteToken can omit all other request fields, but if included those fields must match the values provided in the first rewrite request.", - "location": "query" - }, - "sourceBucket": { - "type": "string", - "description": "Name of the bucket in which to find the source object.", - "required": true, - "location": "path" - }, - "sourceGeneration": { - "type": "string", - "description": "If present, selects a specific revision of the source object (as opposed to the latest version, the default).", - "format": "int64", - "location": "query" - }, - "sourceObject": { - "type": "string", - "description": "Name of the source object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", - "required": true, - "location": "path" + "Objects": { + "description": "A list of objects.", + "id": "Objects", + "properties": { + "items": { + "description": "The list of items.", + "items": { + "$ref": "Object" + }, + "type": "array" + }, + "kind": { + "default": "storage#objects", + "description": "The kind of item this is. For lists of objects, this is always storage#objects.", + "type": "string" + }, + "nextPageToken": { + "description": "The continuation token, used to page through large result sets. Provide this value in a subsequent request to return the next page of results.", + "type": "string" + }, + "prefixes": { + "description": "The list of prefixes of objects matching-but-not-listed up to and including the requested delimiter.", + "items": { + "type": "string" + }, + "type": "array" + } }, - "userProject": { - "type": "string", - "description": "The project to be billed for this request. Required for Requester Pays buckets.", - "location": "query" - } - }, - "parameterOrder": [ - "sourceBucket", - "sourceObject", - "destinationBucket", - "destinationObject" - ], - "request": { - "$ref": "Object" - }, - "response": { - "$ref": "RewriteResponse" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control", - "https://www.googleapis.com/auth/devstorage.read_write" - ] + "type": "object" }, - "setIamPolicy": { - "id": "storage.objects.setIamPolicy", - "path": "b/{bucket}/o/{object}/iam", - "httpMethod": "PUT", - "description": "Updates an IAM policy for the specified object.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of the bucket in which the object resides.", - "required": true, - "location": "path" - }, - "generation": { - "type": "string", - "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).", - "format": "int64", - "location": "query" - }, - "object": { - "type": "string", - "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", - "required": true, - "location": "path" + "Policy": { + "description": "A bucket/object IAM policy.", + "id": "Policy", + "properties": { + "bindings": { + "annotations": { + "required": [ + "storage.buckets.setIamPolicy", + "storage.objects.setIamPolicy" + ] + }, + "description": "An association between a role, which comes with a set of permissions, and members who may assume that role.", + "items": { + "properties": { + "condition": { + "type": "any" + }, + "members": { + "annotations": { + "required": [ + "storage.buckets.setIamPolicy", + "storage.objects.setIamPolicy" + ] + }, + "description": "A collection of identifiers for members who may assume the provided role. Recognized identifiers are as follows: \n- allUsers — A special identifier that represents anyone on the internet; with or without a Google account. \n- allAuthenticatedUsers — A special identifier that represents anyone who is authenticated with a Google account or a service account. \n- user:emailid — An email address that represents a specific account. For example, user:alice@gmail.com or user:joe@example.com. \n- serviceAccount:emailid — An email address that represents a service account. For example, serviceAccount:my-other-app@appspot.gserviceaccount.com . \n- group:emailid — An email address that represents a Google group. For example, group:admins@example.com. \n- domain:domain — A Google Apps domain name that represents all the users of that domain. For example, domain:google.com or domain:example.com. \n- projectOwner:projectid — Owners of the given project. For example, projectOwner:my-example-project \n- projectEditor:projectid — Editors of the given project. For example, projectEditor:my-example-project \n- projectViewer:projectid — Viewers of the given project. For example, projectViewer:my-example-project", + "items": { + "type": "string" + }, + "type": "array" + }, + "role": { + "annotations": { + "required": [ + "storage.buckets.setIamPolicy", + "storage.objects.setIamPolicy" + ] + }, + "description": "The role to which members belong. Two types of roles are supported: new IAM roles, which grant permissions that do not map directly to those provided by ACLs, and legacy IAM roles, which do map directly to ACL permissions. All roles are of the format roles/storage.specificRole.\nThe new IAM roles are: \n- roles/storage.admin — Full control of Google Cloud Storage resources. \n- roles/storage.objectViewer — Read-Only access to Google Cloud Storage objects. \n- roles/storage.objectCreator — Access to create objects in Google Cloud Storage. \n- roles/storage.objectAdmin — Full control of Google Cloud Storage objects. The legacy IAM roles are: \n- roles/storage.legacyObjectReader — Read-only access to objects without listing. Equivalent to an ACL entry on an object with the READER role. \n- roles/storage.legacyObjectOwner — Read/write access to existing objects without listing. Equivalent to an ACL entry on an object with the OWNER role. \n- roles/storage.legacyBucketReader — Read access to buckets with object listing. Equivalent to an ACL entry on a bucket with the READER role. \n- roles/storage.legacyBucketWriter — Read access to buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the WRITER role. \n- roles/storage.legacyBucketOwner — Read and write access to existing buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the OWNER role.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "etag": { + "description": "HTTP 1.1 Entity tag for the policy.", + "format": "byte", + "type": "string" + }, + "kind": { + "default": "storage#policy", + "description": "The kind of item this is. For policies, this is always storage#policy. This field is ignored on input.", + "type": "string" + }, + "resourceId": { + "description": "The ID of the resource to which this policy belongs. Will be of the form projects/_/buckets/bucket for buckets, and projects/_/buckets/bucket/objects/object for objects. A specific generation may be specified by appending #generationNumber to the end of the object name, e.g. projects/_/buckets/my-bucket/objects/data.txt#17. The current generation can be denoted with #0. This field is ignored on input.", + "type": "string" + } }, - "userProject": { - "type": "string", - "description": "The project to be billed for this request. Required for Requester Pays buckets.", - "location": "query" - } - }, - "parameterOrder": [ - "bucket", - "object" - ], - "request": { - "$ref": "Policy" - }, - "response": { - "$ref": "Policy" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control", - "https://www.googleapis.com/auth/devstorage.read_write" - ] + "type": "object" }, - "testIamPermissions": { - "id": "storage.objects.testIamPermissions", - "path": "b/{bucket}/o/{object}/iam/testPermissions", - "httpMethod": "GET", - "description": "Tests a set of permissions on the given object to see which, if any, are held by the caller.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of the bucket in which the object resides.", - "required": true, - "location": "path" - }, - "generation": { - "type": "string", - "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).", - "format": "int64", - "location": "query" - }, - "object": { - "type": "string", - "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", - "required": true, - "location": "path" - }, - "permissions": { - "type": "string", - "description": "Permissions to test.", - "required": true, - "repeated": true, - "location": "query" + "RewriteResponse": { + "description": "A rewrite response.", + "id": "RewriteResponse", + "properties": { + "done": { + "description": "true if the copy is finished; otherwise, false if the copy is in progress. This property is always present in the response.", + "type": "boolean" + }, + "kind": { + "default": "storage#rewriteResponse", + "description": "The kind of item this is.", + "type": "string" + }, + "objectSize": { + "description": "The total size of the object being copied in bytes. This property is always present in the response.", + "format": "int64", + "type": "string" + }, + "resource": { + "$ref": "Object", + "description": "A resource containing the metadata for the copied-to object. This property is present in the response only when copying completes." + }, + "rewriteToken": { + "description": "A token to use in subsequent requests to continue copying data. This token is present in the response only when there is more data to copy.", + "type": "string" + }, + "totalBytesRewritten": { + "description": "The total bytes written so far, which can be used to provide a waiting user with a progress indicator. This property is always present in the response.", + "format": "int64", + "type": "string" + } }, - "userProject": { - "type": "string", - "description": "The project to be billed for this request. Required for Requester Pays buckets.", - "location": "query" - } - }, - "parameterOrder": [ - "bucket", - "object", - "permissions" - ], - "response": { - "$ref": "TestIamPermissionsResponse" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/cloud-platform.read-only", - "https://www.googleapis.com/auth/devstorage.full_control", - "https://www.googleapis.com/auth/devstorage.read_only", - "https://www.googleapis.com/auth/devstorage.read_write" - ] + "type": "object" }, - "update": { - "id": "storage.objects.update", - "path": "b/{bucket}/o/{object}", - "httpMethod": "PUT", - "description": "Updates an object's metadata.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of the bucket in which the object resides.", - "required": true, - "location": "path" - }, - "generation": { - "type": "string", - "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).", - "format": "int64", - "location": "query" - }, - "ifGenerationMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.", - "format": "int64", - "location": "query" - }, - "ifGenerationNotMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.", - "format": "int64", - "location": "query" - }, - "ifMetagenerationMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the object's current metageneration matches the given value.", - "format": "int64", - "location": "query" - }, - "ifMetagenerationNotMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the object's current metageneration does not match the given value.", - "format": "int64", - "location": "query" - }, - "object": { - "type": "string", - "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", - "required": true, - "location": "path" - }, - "predefinedAcl": { - "type": "string", - "description": "Apply a predefined set of access controls to this object.", - "enum": [ - "authenticatedRead", - "bucketOwnerFullControl", - "bucketOwnerRead", - "private", - "projectPrivate", - "publicRead" - ], - "enumDescriptions": [ - "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.", - "Object owner gets OWNER access, and project team owners get OWNER access.", - "Object owner gets OWNER access, and project team owners get READER access.", - "Object owner gets OWNER access.", - "Object owner gets OWNER access, and project team members get access according to their roles.", - "Object owner gets OWNER access, and allUsers get READER access." - ], - "location": "query" - }, - "projection": { - "type": "string", - "description": "Set of properties to return. Defaults to full.", - "enum": [ - "full", - "noAcl" - ], - "enumDescriptions": [ - "Include all properties.", - "Omit the owner, acl property." - ], - "location": "query" + "ServiceAccount": { + "description": "A subscription to receive Google PubSub notifications.", + "id": "ServiceAccount", + "properties": { + "email_address": { + "description": "The ID of the notification.", + "type": "string" + }, + "kind": { + "default": "storage#serviceAccount", + "description": "The kind of item this is. For notifications, this is always storage#notification.", + "type": "string" + } }, - "userProject": { - "type": "string", - "description": "The project to be billed for this request. Required for Requester Pays buckets.", - "location": "query" - } - }, - "parameterOrder": [ - "bucket", - "object" - ], - "request": { - "$ref": "Object" - }, - "response": { - "$ref": "Object" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control" - ] + "type": "object" }, - "watchAll": { - "id": "storage.objects.watchAll", - "path": "b/{bucket}/o/watch", - "httpMethod": "POST", - "description": "Watch for changes on all objects in a bucket.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of the bucket in which to look for objects.", - "required": true, - "location": "path" - }, - "delimiter": { - "type": "string", - "description": "Returns results in a directory-like mode. items will contain only objects whose names, aside from the prefix, do not contain delimiter. Objects whose names, aside from the prefix, contain delimiter will have their name, truncated after the delimiter, returned in prefixes. Duplicate prefixes are omitted.", - "location": "query" - }, - "maxResults": { - "type": "integer", - "description": "Maximum number of items plus prefixes to return in a single page of responses. As duplicate prefixes are omitted, fewer total results may be returned than requested. The service will use this parameter or 1,000 items, whichever is smaller.", - "default": "1000", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "A previously-returned page token representing part of the larger set of results to view.", - "location": "query" - }, - "prefix": { - "type": "string", - "description": "Filter results to objects whose names begin with this prefix.", - "location": "query" - }, - "projection": { - "type": "string", - "description": "Set of properties to return. Defaults to noAcl.", - "enum": [ - "full", - "noAcl" - ], - "enumDescriptions": [ - "Include all properties.", - "Omit the owner, acl property." - ], - "location": "query" - }, - "userProject": { - "type": "string", - "description": "The project to be billed for this request. Required for Requester Pays buckets.", - "location": "query" + "TestIamPermissionsResponse": { + "description": "A storage.(buckets|objects).testIamPermissions response.", + "id": "TestIamPermissionsResponse", + "properties": { + "kind": { + "default": "storage#testIamPermissionsResponse", + "description": "The kind of item this is.", + "type": "string" + }, + "permissions": { + "description": "The permissions held by the caller. Permissions are always of the format storage.resource.capability, where resource is one of buckets or objects. The supported permissions are as follows: \n- storage.buckets.delete — Delete bucket. \n- storage.buckets.get — Read bucket metadata. \n- storage.buckets.getIamPolicy — Read bucket IAM policy. \n- storage.buckets.create — Create bucket. \n- storage.buckets.list — List buckets. \n- storage.buckets.setIamPolicy — Update bucket IAM policy. \n- storage.buckets.update — Update bucket metadata. \n- storage.objects.delete — Delete object. \n- storage.objects.get — Read object data and metadata. \n- storage.objects.getIamPolicy — Read object IAM policy. \n- storage.objects.create — Create object. \n- storage.objects.list — List objects. \n- storage.objects.setIamPolicy — Update object IAM policy. \n- storage.objects.update — Update object metadata.", + "items": { + "type": "string" + }, + "type": "array" + } }, - "versions": { - "type": "boolean", - "description": "If true, lists all versions of an object as distinct results. The default is false. For more information, see Object Versioning.", - "location": "query" - } - }, - "parameterOrder": [ - "bucket" - ], - "request": { - "$ref": "Channel", - "parameterName": "resource" - }, - "response": { - "$ref": "Channel" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/cloud-platform.read-only", - "https://www.googleapis.com/auth/devstorage.full_control", - "https://www.googleapis.com/auth/devstorage.read_only", - "https://www.googleapis.com/auth/devstorage.read_write" - ], - "supportsSubscription": true + "type": "object" } - } }, - "projects": { - "resources": { - "serviceAccount": { - "methods": { - "get": { - "id": "storage.projects.serviceAccount.get", - "path": "projects/{projectId}/serviceAccount", - "httpMethod": "GET", - "description": "Get the email address of this project's Google Cloud Storage service account.", - "parameters": { - "projectId": { - "type": "string", - "description": "Project ID", - "required": true, - "location": "path" - }, - "userProject": { - "type": "string", - "description": "The project to be billed for this request.", - "location": "query" - } - }, - "parameterOrder": [ - "projectId" - ], - "response": { - "$ref": "ServiceAccount" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/cloud-platform.read-only", - "https://www.googleapis.com/auth/devstorage.full_control", - "https://www.googleapis.com/auth/devstorage.read_only", - "https://www.googleapis.com/auth/devstorage.read_write" - ] - } - } - } - } - } - } -} + "servicePath": "storage/v1/", + "title": "Cloud Storage JSON API", + "version": "v1" +} \ No newline at end of file diff --git a/vendor/google.golang.org/api/storage/v1/storage-gen.go b/vendor/google.golang.org/api/storage/v1/storage-gen.go index 283f55cb21c9..0db77531185d 100644 --- a/vendor/google.golang.org/api/storage/v1/storage-gen.go +++ b/vendor/google.golang.org/api/storage/v1/storage-gen.go @@ -8931,11 +8931,12 @@ func (c *ObjectsInsertCall) doRequest(alt string) (*http.Response, error) { body = new(bytes.Buffer) reqHeaders.Set("Content-Type", "application/json") } - body, cleanup := c.mediaInfo_.UploadRequest(reqHeaders, body) + body, getBody, cleanup := c.mediaInfo_.UploadRequest(reqHeaders, body) defer cleanup() urls += "?" + c.urlParams_.Encode() req, _ := http.NewRequest("POST", urls, body) req.Header = reqHeaders + gensupport.SetGetBody(req, getBody) googleapi.Expand(req.URL, map[string]string{ "bucket": c.bucket, }) diff --git a/vendor/google.golang.org/grpc/call.go b/vendor/google.golang.org/grpc/call.go index 8fa542a7ee3b..a66e3c2d9581 100644 --- a/vendor/google.golang.org/grpc/call.go +++ b/vendor/google.golang.org/grpc/call.go @@ -19,123 +19,9 @@ package grpc import ( - "io" - "time" - "golang.org/x/net/context" - "golang.org/x/net/trace" - "google.golang.org/grpc/balancer" - "google.golang.org/grpc/codes" - "google.golang.org/grpc/encoding" - "google.golang.org/grpc/stats" - "google.golang.org/grpc/status" - "google.golang.org/grpc/transport" ) -// recvResponse receives and parses an RPC response. -// On error, it returns the error and indicates whether the call should be retried. -// -// TODO(zhaoq): Check whether the received message sequence is valid. -// TODO ctx is used for stats collection and processing. It is the context passed from the application. -func recvResponse(ctx context.Context, dopts dialOptions, t transport.ClientTransport, c *callInfo, stream *transport.Stream, reply interface{}) (err error) { - // Try to acquire header metadata from the server if there is any. - defer func() { - if err != nil { - if _, ok := err.(transport.ConnectionError); !ok { - t.CloseStream(stream, err) - } - } - }() - p := &parser{r: stream} - var inPayload *stats.InPayload - if dopts.copts.StatsHandler != nil { - inPayload = &stats.InPayload{ - Client: true, - } - } - for { - if c.maxReceiveMessageSize == nil { - return status.Errorf(codes.Internal, "callInfo maxReceiveMessageSize field uninitialized(nil)") - } - - // Set dc if it exists and matches the message compression type used, - // otherwise set comp if a registered compressor exists for it. - var comp encoding.Compressor - var dc Decompressor - if rc := stream.RecvCompress(); dopts.dc != nil && dopts.dc.Type() == rc { - dc = dopts.dc - } else if rc != "" && rc != encoding.Identity { - comp = encoding.GetCompressor(rc) - } - if err = recv(p, c.codec, stream, dc, reply, *c.maxReceiveMessageSize, inPayload, comp); err != nil { - if err == io.EOF { - break - } - return - } - } - if inPayload != nil && err == io.EOF && stream.Status().Code() == codes.OK { - // TODO in the current implementation, inTrailer may be handled before inPayload in some cases. - // Fix the order if necessary. - dopts.copts.StatsHandler.HandleRPC(ctx, inPayload) - } - return nil -} - -// sendRequest writes out various information of an RPC such as Context and Message. -func sendRequest(ctx context.Context, dopts dialOptions, compressor Compressor, c *callInfo, callHdr *transport.CallHdr, stream *transport.Stream, t transport.ClientTransport, args interface{}, opts *transport.Options) (err error) { - defer func() { - if err != nil { - // If err is connection error, t will be closed, no need to close stream here. - if _, ok := err.(transport.ConnectionError); !ok { - t.CloseStream(stream, err) - } - } - }() - var ( - outPayload *stats.OutPayload - ) - if dopts.copts.StatsHandler != nil { - outPayload = &stats.OutPayload{ - Client: true, - } - } - // Set comp and clear compressor if a registered compressor matches the type - // specified via UseCompressor. (And error if a matching compressor is not - // registered.) - var comp encoding.Compressor - if ct := c.compressorType; ct != "" && ct != encoding.Identity { - compressor = nil // Disable the legacy compressor. - comp = encoding.GetCompressor(ct) - if comp == nil { - return status.Errorf(codes.Internal, "grpc: Compressor is not installed for grpc-encoding %q", ct) - } - } - hdr, data, err := encode(c.codec, args, compressor, outPayload, comp) - if err != nil { - return err - } - if c.maxSendMessageSize == nil { - return status.Errorf(codes.Internal, "callInfo maxSendMessageSize field uninitialized(nil)") - } - if len(data) > *c.maxSendMessageSize { - return status.Errorf(codes.ResourceExhausted, "grpc: trying to send message larger than max (%d vs. %d)", len(data), *c.maxSendMessageSize) - } - err = t.Write(stream, hdr, data, opts) - if err == nil && outPayload != nil { - outPayload.SentTime = time.Now() - dopts.copts.StatsHandler.HandleRPC(ctx, outPayload) - } - // t.NewStream(...) could lead to an early rejection of the RPC (e.g., the service/method - // does not exist.) so that t.Write could get io.EOF from wait(...). Leave the following - // recvResponse to get the final status. - if err != nil && err != io.EOF { - return err - } - // Sent successfully. - return nil -} - // Invoke sends the RPC request on the wire and returns after response is // received. This is typically called by generated code. // @@ -155,189 +41,34 @@ func Invoke(ctx context.Context, method string, args, reply interface{}, cc *Cli return cc.Invoke(ctx, method, args, reply, opts...) } -func invoke(ctx context.Context, method string, args, reply interface{}, cc *ClientConn, opts ...CallOption) (e error) { - c := defaultCallInfo() - mc := cc.GetMethodConfig(method) - if mc.WaitForReady != nil { - c.failFast = !*mc.WaitForReady - } - - if mc.Timeout != nil && *mc.Timeout >= 0 { - var cancel context.CancelFunc - ctx, cancel = context.WithTimeout(ctx, *mc.Timeout) - defer cancel() - } - - opts = append(cc.dopts.callOptions, opts...) - for _, o := range opts { - if err := o.before(c); err != nil { - return toRPCErr(err) - } - } - defer func() { - for _, o := range opts { - o.after(c) - } - }() - - c.maxSendMessageSize = getMaxSize(mc.MaxReqSize, c.maxSendMessageSize, defaultClientMaxSendMessageSize) - c.maxReceiveMessageSize = getMaxSize(mc.MaxRespSize, c.maxReceiveMessageSize, defaultClientMaxReceiveMessageSize) - if err := setCallInfoCodec(c); err != nil { - return err - } +var unaryStreamDesc = &StreamDesc{ServerStreams: false, ClientStreams: false} - if EnableTracing { - c.traceInfo.tr = trace.New("grpc.Sent."+methodFamily(method), method) - defer c.traceInfo.tr.Finish() - c.traceInfo.firstLine.client = true - if deadline, ok := ctx.Deadline(); ok { - c.traceInfo.firstLine.deadline = deadline.Sub(time.Now()) - } - c.traceInfo.tr.LazyLog(&c.traceInfo.firstLine, false) - // TODO(dsymonds): Arrange for c.traceInfo.firstLine.remoteAddr to be set. - defer func() { - if e != nil { - c.traceInfo.tr.LazyLog(&fmtStringer{"%v", []interface{}{e}}, true) - c.traceInfo.tr.SetError() - } - }() - } - ctx = newContextWithRPCInfo(ctx, c.failFast) - sh := cc.dopts.copts.StatsHandler - if sh != nil { - ctx = sh.TagRPC(ctx, &stats.RPCTagInfo{FullMethodName: method, FailFast: c.failFast}) - begin := &stats.Begin{ - Client: true, - BeginTime: time.Now(), - FailFast: c.failFast, - } - sh.HandleRPC(ctx, begin) - defer func() { - end := &stats.End{ - Client: true, - EndTime: time.Now(), - Error: e, - } - sh.HandleRPC(ctx, end) - }() - } - topts := &transport.Options{ - Last: true, - Delay: false, - } - callHdr := &transport.CallHdr{ - Host: cc.authority, - Method: method, - } - if c.creds != nil { - callHdr.Creds = c.creds - } - if c.compressorType != "" { - callHdr.SendCompress = c.compressorType - } else if cc.dopts.cp != nil { - callHdr.SendCompress = cc.dopts.cp.Type() - } +func invoke(ctx context.Context, method string, req, reply interface{}, cc *ClientConn, opts ...CallOption) error { + // TODO: implement retries in clientStream and make this simply + // newClientStream, SendMsg, RecvMsg. firstAttempt := true - for { - // Check to make sure the context has expired. This will prevent us from - // looping forever if an error occurs for wait-for-ready RPCs where no data - // is sent on the wire. - select { - case <-ctx.Done(): - return toRPCErr(ctx.Err()) - default: - } - - // Record the done handler from Balancer.Get(...). It is called once the - // RPC has completed or failed. - t, done, err := cc.getTransport(ctx, c.failFast) + csInt, err := newClientStream(ctx, unaryStreamDesc, cc, method, opts...) if err != nil { return err } - stream, err := t.NewStream(ctx, callHdr) - if err != nil { - if done != nil { - done(balancer.DoneInfo{Err: err}) - } - // In the event of any error from NewStream, we never attempted to write - // anything to the wire, so we can retry indefinitely for non-fail-fast - // RPCs. - if !c.failFast { + cs := csInt.(*clientStream) + if err := cs.SendMsg(req); err != nil { + if !cs.c.failFast && cs.s.Unprocessed() && firstAttempt { + // TODO: Add a field to header for grpc-transparent-retry-attempts + firstAttempt = false continue } - return toRPCErr(err) - } - c.stream = stream - if c.traceInfo.tr != nil { - c.traceInfo.tr.LazyLog(&payload{sent: true, msg: args}, true) - } - err = sendRequest(ctx, cc.dopts, cc.dopts.cp, c, callHdr, stream, t, args, topts) - if err != nil { - if done != nil { - done(balancer.DoneInfo{ - Err: err, - BytesSent: true, - BytesReceived: stream.BytesReceived(), - }) - } - // Retry a non-failfast RPC when - // i) the server started to drain before this RPC was initiated. - // ii) the server refused the stream. - if !c.failFast && stream.Unprocessed() { - // In this case, the server did not receive the data, but we still - // created wire traffic, so we should not retry indefinitely. - if firstAttempt { - // TODO: Add a field to header for grpc-transparent-retry-attempts - firstAttempt = false - continue - } - // Otherwise, give up and return an error anyway. - } - return toRPCErr(err) - } - err = recvResponse(ctx, cc.dopts, t, c, stream, reply) - if err != nil { - if done != nil { - done(balancer.DoneInfo{ - Err: err, - BytesSent: true, - BytesReceived: stream.BytesReceived(), - }) - } - if !c.failFast && stream.Unprocessed() { - // In these cases, the server did not receive the data, but we still - // created wire traffic, so we should not retry indefinitely. - if firstAttempt { - // TODO: Add a field to header for grpc-transparent-retry-attempts - firstAttempt = false - continue - } - // Otherwise, give up and return an error anyway. - } - return toRPCErr(err) - } - if c.traceInfo.tr != nil { - c.traceInfo.tr.LazyLog(&payload{sent: false, msg: reply}, true) - } - t.CloseStream(stream, nil) - err = stream.Status().Err() - if done != nil { - done(balancer.DoneInfo{ - Err: err, - BytesSent: true, - BytesReceived: stream.BytesReceived(), - }) + return err } - if !c.failFast && stream.Unprocessed() { - // In these cases, the server did not receive the data, but we still - // created wire traffic, so we should not retry indefinitely. - if firstAttempt { + if err := cs.RecvMsg(reply); err != nil { + if !cs.c.failFast && cs.s.Unprocessed() && firstAttempt { // TODO: Add a field to header for grpc-transparent-retry-attempts firstAttempt = false continue } + return err } - return err + return nil } } diff --git a/vendor/google.golang.org/grpc/clientconn.go b/vendor/google.golang.org/grpc/clientconn.go index 0cbb38ad9be1..2c22d628dba9 100644 --- a/vendor/google.golang.org/grpc/clientconn.go +++ b/vendor/google.golang.org/grpc/clientconn.go @@ -32,6 +32,7 @@ import ( "golang.org/x/net/trace" "google.golang.org/grpc/balancer" _ "google.golang.org/grpc/balancer/roundrobin" // To register roundrobin. + "google.golang.org/grpc/codes" "google.golang.org/grpc/connectivity" "google.golang.org/grpc/credentials" "google.golang.org/grpc/grpclog" @@ -40,17 +41,17 @@ import ( _ "google.golang.org/grpc/resolver/dns" // To register dns resolver. _ "google.golang.org/grpc/resolver/passthrough" // To register passthrough resolver. "google.golang.org/grpc/stats" + "google.golang.org/grpc/status" "google.golang.org/grpc/transport" ) var ( // ErrClientConnClosing indicates that the operation is illegal because // the ClientConn is closing. - ErrClientConnClosing = errors.New("grpc: the client connection is closing") - // ErrClientConnTimeout indicates that the ClientConn cannot establish the - // underlying connections within the specified timeout. - // DEPRECATED: Please use context.DeadlineExceeded instead. - ErrClientConnTimeout = errors.New("grpc: timed out when dialing") + // + // Deprecated: this error should not be relied upon by users; use the status + // code of Canceled instead. + ErrClientConnClosing = status.Error(codes.Canceled, "grpc: the client connection is closing") // errConnDrain indicates that the connection starts to be drained and does not accept any new RPCs. errConnDrain = errors.New("grpc: the connection is drained") // errConnClosing indicates that the connection is closing. @@ -98,10 +99,8 @@ type dialOptions struct { // balancer, and also by WithBalancerName dial option. balancerBuilder balancer.Builder // This is to support grpclb. - resolverBuilder resolver.Builder - // Custom user options for resolver.Build. - resolverBuildUserOptions interface{} - waitForHandshake bool + resolverBuilder resolver.Builder + waitForHandshake bool } const ( @@ -235,14 +234,6 @@ func withResolverBuilder(b resolver.Builder) DialOption { } } -// WithResolverUserOptions returns a DialOption which sets the UserOptions -// field of resolver's BuildOption. -func WithResolverUserOptions(userOpt interface{}) DialOption { - return func(o *dialOptions) { - o.resolverBuildUserOptions = userOpt - } -} - // WithServiceConfig returns a DialOption which has a channel to read the service configuration. // DEPRECATED: service config should be received through name resolver, as specified here. // https://github.com/grpc/grpc/blob/master/doc/service_config.md @@ -1384,3 +1375,10 @@ func (ac *addrConn) getState() connectivity.State { defer ac.mu.Unlock() return ac.state } + +// ErrClientConnTimeout indicates that the ClientConn cannot establish the +// underlying connections within the specified timeout. +// +// Deprecated: This error is never returned by grpc and should not be +// referenced by users. +var ErrClientConnTimeout = errors.New("grpc: timed out when dialing") diff --git a/vendor/google.golang.org/grpc/encoding/proto/proto.go b/vendor/google.golang.org/grpc/encoding/proto/proto.go index a0c6ee930386..66b97a6f692a 100644 --- a/vendor/google.golang.org/grpc/encoding/proto/proto.go +++ b/vendor/google.golang.org/grpc/encoding/proto/proto.go @@ -16,6 +16,8 @@ * */ +// Package proto defines the protobuf codec. Importing this package will +// register the codec. package proto import ( diff --git a/vendor/google.golang.org/grpc/go16.go b/vendor/google.golang.org/grpc/go16.go index f3dbf21700fd..0ae4dbda9e6f 100644 --- a/vendor/google.golang.org/grpc/go16.go +++ b/vendor/google.golang.org/grpc/go16.go @@ -48,6 +48,9 @@ func sendHTTPRequest(ctx context.Context, req *http.Request, conn net.Conn) erro // toRPCErr converts an error into an error from the status package. func toRPCErr(err error) error { + if err == nil || err == io.EOF { + return err + } if _, ok := status.FromError(err); ok { return err } @@ -62,8 +65,6 @@ func toRPCErr(err error) error { return status.Error(codes.DeadlineExceeded, err.Error()) case context.Canceled: return status.Error(codes.Canceled, err.Error()) - case ErrClientConnClosing: - return status.Error(codes.FailedPrecondition, err.Error()) } } return status.Error(codes.Unknown, err.Error()) diff --git a/vendor/google.golang.org/grpc/go17.go b/vendor/google.golang.org/grpc/go17.go index de23098eb9a1..539088280838 100644 --- a/vendor/google.golang.org/grpc/go17.go +++ b/vendor/google.golang.org/grpc/go17.go @@ -49,6 +49,9 @@ func sendHTTPRequest(ctx context.Context, req *http.Request, conn net.Conn) erro // toRPCErr converts an error into an error from the status package. func toRPCErr(err error) error { + if err == nil || err == io.EOF { + return err + } if _, ok := status.FromError(err); ok { return err } @@ -63,8 +66,6 @@ func toRPCErr(err error) error { return status.Error(codes.DeadlineExceeded, err.Error()) case context.Canceled, netctx.Canceled: return status.Error(codes.Canceled, err.Error()) - case ErrClientConnClosing: - return status.Error(codes.FailedPrecondition, err.Error()) } } return status.Error(codes.Unknown, err.Error()) diff --git a/vendor/google.golang.org/grpc/resolver/resolver.go b/vendor/google.golang.org/grpc/resolver/resolver.go index df097eedf79a..9efcffb3aa06 100644 --- a/vendor/google.golang.org/grpc/resolver/resolver.go +++ b/vendor/google.golang.org/grpc/resolver/resolver.go @@ -90,9 +90,6 @@ type Address struct { // BuildOption includes additional information for the builder to create // the resolver. type BuildOption struct { - // UserOptions can be used to pass configuration between DialOptions and the - // resolver. - UserOptions interface{} } // ClientConn contains the callbacks for resolver to notify any updates diff --git a/vendor/google.golang.org/grpc/resolver_conn_wrapper.go b/vendor/google.golang.org/grpc/resolver_conn_wrapper.go index ef5d4c286926..1a1591e8f62b 100644 --- a/vendor/google.golang.org/grpc/resolver_conn_wrapper.go +++ b/vendor/google.golang.org/grpc/resolver_conn_wrapper.go @@ -83,9 +83,7 @@ func newCCResolverWrapper(cc *ClientConn) (*ccResolverWrapper, error) { } var err error - ccr.resolver, err = rb.Build(cc.parsedTarget, ccr, resolver.BuildOption{ - UserOptions: cc.dopts.resolverBuildUserOptions, - }) + ccr.resolver, err = rb.Build(cc.parsedTarget, ccr, resolver.BuildOption{}) if err != nil { return nil, err } diff --git a/vendor/google.golang.org/grpc/server.go b/vendor/google.golang.org/grpc/server.go index b80594f9538b..0f7ff5d6022a 100644 --- a/vendor/google.golang.org/grpc/server.go +++ b/vendor/google.golang.org/grpc/server.go @@ -694,7 +694,7 @@ func (s *Server) serveUsingHandler(conn net.Conn) { // available through grpc-go's HTTP/2 server, and it is currently EXPERIMENTAL // and subject to change. func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) { - st, err := transport.NewServerHandlerTransport(w, r) + st, err := transport.NewServerHandlerTransport(w, r, s.opts.statsHandler) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return diff --git a/vendor/google.golang.org/grpc/status/status.go b/vendor/google.golang.org/grpc/status/status.go index d9defaebcf54..3a42dc6de027 100644 --- a/vendor/google.golang.org/grpc/status/status.go +++ b/vendor/google.golang.org/grpc/status/status.go @@ -120,7 +120,8 @@ func FromProto(s *spb.Status) *Status { } // FromError returns a Status representing err if it was produced from this -// package, otherwise it returns nil, false. +// package. Otherwise, ok is false and a Status is returned with codes.Unknown +// and the original error message. func FromError(err error) (s *Status, ok bool) { if err == nil { return &Status{s: &spb.Status{Code: int32(codes.OK)}}, true @@ -128,7 +129,14 @@ func FromError(err error) (s *Status, ok bool) { if se, ok := err.(*statusError); ok { return se.status(), true } - return nil, false + return New(codes.Unknown, err.Error()), false +} + +// Convert is a convenience function which removes the need to handle the +// boolean return value from FromError. +func Convert(err error) *Status { + s, _ := FromError(err) + return s } // WithDetails returns a new status with the provided details messages appended to the status. diff --git a/vendor/google.golang.org/grpc/stream.go b/vendor/google.golang.org/grpc/stream.go index 8189e8327d9e..deb735927288 100644 --- a/vendor/google.golang.org/grpc/stream.go +++ b/vendor/google.golang.org/grpc/stream.go @@ -90,8 +90,9 @@ type ClientStream interface { // Stream.SendMsg() may return a non-nil error when something wrong happens sending // the request. The returned error indicates the status of this sending, not the final // status of the RPC. - // Always call Stream.RecvMsg() to get the final status if you care about the status of - // the RPC. + // + // Always call Stream.RecvMsg() to drain the stream and get the final + // status, otherwise there could be leaked resources. Stream } @@ -113,26 +114,28 @@ func NewClientStream(ctx context.Context, desc *StreamDesc, cc *ClientConn, meth } func newClientStream(ctx context.Context, desc *StreamDesc, cc *ClientConn, method string, opts ...CallOption) (_ ClientStream, err error) { - var ( - t transport.ClientTransport - s *transport.Stream - done func(balancer.DoneInfo) - cancel context.CancelFunc - ) c := defaultCallInfo() mc := cc.GetMethodConfig(method) if mc.WaitForReady != nil { c.failFast = !*mc.WaitForReady } + // Possible context leak: + // The cancel function for the child context we create will only be called + // when RecvMsg returns a non-nil error, if the ClientConn is closed, or if + // an error is generated by SendMsg. + // https://github.com/grpc/grpc-go/issues/1818. + var cancel context.CancelFunc if mc.Timeout != nil && *mc.Timeout >= 0 { ctx, cancel = context.WithTimeout(ctx, *mc.Timeout) - defer func() { - if err != nil { - cancel() - } - }() + } else { + ctx, cancel = context.WithCancel(ctx) } + defer func() { + if err != nil { + cancel() + } + }() opts = append(cc.dopts.callOptions, opts...) for _, o := range opts { @@ -219,6 +222,11 @@ func newClientStream(ctx context.Context, desc *StreamDesc, cc *ClientConn, meth }() } + var ( + t transport.ClientTransport + s *transport.Stream + done func(balancer.DoneInfo) + ) for { // Check to make sure the context has expired. This will prevent us from // looping forever if an error occurs for wait-for-ready RPCs where no data @@ -237,14 +245,7 @@ func newClientStream(ctx context.Context, desc *StreamDesc, cc *ClientConn, meth s, err = t.NewStream(ctx, callHdr) if err != nil { if done != nil { - doneInfo := balancer.DoneInfo{Err: err} - if _, ok := err.(transport.ConnectionError); ok { - // If error is connection error, transport was sending data on wire, - // and we are not sure if anything has been sent on wire. - // If error is not connection error, we are sure nothing has been sent. - doneInfo.BytesSent = true - } - done(doneInfo) + done(balancer.DoneInfo{Err: err}) done = nil } // In the event of any error from NewStream, we never attempted to write @@ -280,29 +281,21 @@ func newClientStream(ctx context.Context, desc *StreamDesc, cc *ClientConn, meth statsCtx: ctx, statsHandler: cc.dopts.copts.StatsHandler, } - // Listen on s.Context().Done() to detect cancellation and s.Done() to detect - // normal termination when there is no pending I/O operations on this stream. - go func() { - select { - case <-t.Error(): - // Incur transport error, simply exit. - case <-cc.ctx.Done(): - cs.finish(ErrClientConnClosing) - cs.closeTransportStream(ErrClientConnClosing) - case <-s.Done(): - // TODO: The trace of the RPC is terminated here when there is no pending - // I/O, which is probably not the optimal solution. - cs.finish(s.Status().Err()) - cs.closeTransportStream(nil) - case <-s.GoAway(): - cs.finish(errConnDrain) - cs.closeTransportStream(errConnDrain) - case <-s.Context().Done(): - err := s.Context().Err() - cs.finish(err) - cs.closeTransportStream(transport.ContextErr(err)) - } - }() + if desc != unaryStreamDesc { + // Listen on cc and stream contexts to cleanup when the user closes the + // ClientConn or cancels the stream context. In all other cases, an error + // should already be injected into the recv buffer by the transport, which + // the client will eventually receive, and then we will cancel the stream's + // context in clientStream.finish. + go func() { + select { + case <-cc.ctx.Done(): + cs.finish(ErrClientConnClosing) + case <-ctx.Done(): + cs.finish(toRPCErr(s.Context().Err())) + } + }() + } return cs, nil } @@ -322,13 +315,15 @@ type clientStream struct { decomp encoding.Compressor decompSet bool + // cancel is only called when RecvMsg() returns non-nil error, which means + // the stream finishes with error or with io.EOF. cancel context.CancelFunc tracing bool // set to EnableTracing when the clientStream is created. mu sync.Mutex done func(balancer.DoneInfo) - closed bool + sentLast bool // sent an end stream finished bool // trInfo.tr is set when the clientStream is created (if EnableTracing is true), // and is set to nil when the clientStream's finish method is called. @@ -348,9 +343,8 @@ func (cs *clientStream) Context() context.Context { func (cs *clientStream) Header() (metadata.MD, error) { m, err := cs.s.Header() if err != nil { - if _, ok := err.(transport.ConnectionError); !ok { - cs.closeTransportStream(err) - } + err = toRPCErr(err) + cs.finish(err) } return m, err } @@ -360,6 +354,7 @@ func (cs *clientStream) Trailer() metadata.MD { } func (cs *clientStream) SendMsg(m interface{}) (err error) { + // TODO: Check cs.sentLast and error if we already ended the stream. if cs.tracing { cs.mu.Lock() if cs.trInfo.tr != nil { @@ -370,26 +365,18 @@ func (cs *clientStream) SendMsg(m interface{}) (err error) { // TODO Investigate how to signal the stats handling party. // generate error stats if err != nil && err != io.EOF? defer func() { - if err != nil { - cs.finish(err) + // For non-client-streaming RPCs, we return nil instead of EOF on success + // because the generated code requires it. finish is not called; RecvMsg() + // will call it with the stream's status independently. + if err == io.EOF && !cs.desc.ClientStreams { + err = nil } - if err == nil { - return - } - if err == io.EOF { - // Specialize the process for server streaming. SendMsg is only called - // once when creating the stream object. io.EOF needs to be skipped when - // the rpc is early finished (before the stream object is created.). - // TODO: It is probably better to move this into the generated code. - if !cs.desc.ClientStreams && cs.desc.ServerStreams { - err = nil - } - return - } - if _, ok := err.(transport.ConnectionError); !ok { - cs.closeTransportStream(err) + if err != nil && err != io.EOF { + // Call finish for errors generated by this SendMsg call. (Transport + // errors are converted to an io.EOF error below; the real error will be + // returned from RecvMsg eventually in that case.) + cs.finish(err) } - err = toRPCErr(err) }() var outPayload *stats.OutPayload if cs.statsHandler != nil { @@ -401,30 +388,36 @@ func (cs *clientStream) SendMsg(m interface{}) (err error) { if err != nil { return err } - if cs.c.maxSendMessageSize == nil { - return status.Errorf(codes.Internal, "callInfo maxSendMessageSize field uninitialized(nil)") - } if len(data) > *cs.c.maxSendMessageSize { return status.Errorf(codes.ResourceExhausted, "trying to send message larger than max (%d vs. %d)", len(data), *cs.c.maxSendMessageSize) } - err = cs.t.Write(cs.s, hdr, data, &transport.Options{Last: false}) - if err == nil && outPayload != nil { - outPayload.SentTime = time.Now() - cs.statsHandler.HandleRPC(cs.statsCtx, outPayload) + if !cs.desc.ClientStreams { + cs.sentLast = true + } + err = cs.t.Write(cs.s, hdr, data, &transport.Options{Last: !cs.desc.ClientStreams}) + if err == nil { + if outPayload != nil { + outPayload.SentTime = time.Now() + cs.statsHandler.HandleRPC(cs.statsCtx, outPayload) + } + return nil } - return err + return io.EOF } func (cs *clientStream) RecvMsg(m interface{}) (err error) { + defer func() { + if err != nil || !cs.desc.ServerStreams { + // err != nil or non-server-streaming indicates end of stream. + cs.finish(err) + } + }() var inPayload *stats.InPayload if cs.statsHandler != nil { inPayload = &stats.InPayload{ Client: true, } } - if cs.c.maxReceiveMessageSize == nil { - return status.Errorf(codes.Internal, "callInfo maxReceiveMessageSize field uninitialized(nil)") - } if !cs.decompSet { // Block until we receive headers containing received message encoding. if ct := cs.s.RecvCompress(); ct != "" && ct != encoding.Identity { @@ -442,98 +435,67 @@ func (cs *clientStream) RecvMsg(m interface{}) (err error) { cs.decompSet = true } err = recv(cs.p, cs.codec, cs.s, cs.dc, m, *cs.c.maxReceiveMessageSize, inPayload, cs.decomp) - defer func() { - // err != nil indicates the termination of the stream. - if err != nil { - cs.finish(err) - } - }() - if err == nil { - if cs.tracing { - cs.mu.Lock() - if cs.trInfo.tr != nil { - cs.trInfo.tr.LazyLog(&payload{sent: false, msg: m}, true) - } - cs.mu.Unlock() - } - if inPayload != nil { - cs.statsHandler.HandleRPC(cs.statsCtx, inPayload) - } - if !cs.desc.ClientStreams || cs.desc.ServerStreams { - return - } - // Special handling for client streaming rpc. - // This recv expects EOF or errors, so we don't collect inPayload. - if cs.c.maxReceiveMessageSize == nil { - return status.Errorf(codes.Internal, "callInfo maxReceiveMessageSize field uninitialized(nil)") - } - err = recv(cs.p, cs.codec, cs.s, cs.dc, m, *cs.c.maxReceiveMessageSize, nil, cs.decomp) - cs.closeTransportStream(err) - if err == nil { - return toRPCErr(errors.New("grpc: client streaming protocol violation: get , want ")) - } + if err != nil { if err == io.EOF { - if se := cs.s.Status().Err(); se != nil { - return se + if statusErr := cs.s.Status().Err(); statusErr != nil { + return statusErr } - cs.finish(err) - return nil + return io.EOF // indicates successful end of stream. } return toRPCErr(err) } - if _, ok := err.(transport.ConnectionError); !ok { - cs.closeTransportStream(err) - } - if err == io.EOF { - if statusErr := cs.s.Status().Err(); statusErr != nil { - return statusErr + if cs.tracing { + cs.mu.Lock() + if cs.trInfo.tr != nil { + cs.trInfo.tr.LazyLog(&payload{sent: false, msg: m}, true) } - // Returns io.EOF to indicate the end of the stream. - return + cs.mu.Unlock() } - return toRPCErr(err) -} - -func (cs *clientStream) CloseSend() (err error) { - err = cs.t.Write(cs.s, nil, nil, &transport.Options{Last: true}) - defer func() { - if err != nil { - cs.finish(err) - } - }() - if err == nil || err == io.EOF { + if inPayload != nil { + cs.statsHandler.HandleRPC(cs.statsCtx, inPayload) + } + if cs.desc.ServerStreams { + // Subsequent messages should be received by subsequent RecvMsg calls. return nil } - if _, ok := err.(transport.ConnectionError); !ok { - cs.closeTransportStream(err) + + // Special handling for non-server-stream rpcs. + // This recv expects EOF or errors, so we don't collect inPayload. + err = recv(cs.p, cs.codec, cs.s, cs.dc, m, *cs.c.maxReceiveMessageSize, nil, cs.decomp) + if err == nil { + return toRPCErr(errors.New("grpc: client streaming protocol violation: get , want ")) } - err = toRPCErr(err) - return + if err == io.EOF { + return cs.s.Status().Err() // non-server streaming Recv returns nil on success + } + return toRPCErr(err) } -func (cs *clientStream) closeTransportStream(err error) { - cs.mu.Lock() - if cs.closed { - cs.mu.Unlock() - return +func (cs *clientStream) CloseSend() error { + if cs.sentLast { + return nil } - cs.closed = true - cs.mu.Unlock() - cs.t.CloseStream(cs.s, err) + cs.sentLast = true + cs.t.Write(cs.s, nil, nil, &transport.Options{Last: true}) + // We ignore errors from Write and always return nil here. Any error it + // would return would also be returned by a subsequent RecvMsg call, and the + // user is supposed to always finish the stream by calling RecvMsg until it + // returns err != nil. + return nil } func (cs *clientStream) finish(err error) { + if err == io.EOF { + // Ending a stream with EOF indicates a success. + err = nil + } cs.mu.Lock() defer cs.mu.Unlock() if cs.finished { return } cs.finished = true - defer func() { - if cs.cancel != nil { - cs.cancel() - } - }() + cs.t.CloseStream(cs.s, err) for _, o := range cs.opts { o.after(cs.c) } @@ -549,18 +511,16 @@ func (cs *clientStream) finish(err error) { end := &stats.End{ Client: true, EndTime: time.Now(), - } - if err != io.EOF { - // end.Error is nil if the RPC finished successfully. - end.Error = toRPCErr(err) + Error: err, } cs.statsHandler.HandleRPC(cs.statsCtx, end) } + cs.cancel() if !cs.tracing { return } if cs.trInfo.tr != nil { - if err == nil || err == io.EOF { + if err == nil { cs.trInfo.tr.LazyPrintf("RPC: [OK]") } else { cs.trInfo.tr.LazyPrintf("RPC: [%v]", err) diff --git a/vendor/google.golang.org/grpc/transport/handler_server.go b/vendor/google.golang.org/grpc/transport/handler_server.go index ce8ebece3fd8..451d7e629df5 100644 --- a/vendor/google.golang.org/grpc/transport/handler_server.go +++ b/vendor/google.golang.org/grpc/transport/handler_server.go @@ -40,13 +40,14 @@ import ( "google.golang.org/grpc/credentials" "google.golang.org/grpc/metadata" "google.golang.org/grpc/peer" + "google.golang.org/grpc/stats" "google.golang.org/grpc/status" ) // NewServerHandlerTransport returns a ServerTransport handling gRPC // from inside an http.Handler. It requires that the http Server // supports HTTP/2. -func NewServerHandlerTransport(w http.ResponseWriter, r *http.Request) (ServerTransport, error) { +func NewServerHandlerTransport(w http.ResponseWriter, r *http.Request, stats stats.Handler) (ServerTransport, error) { if r.ProtoMajor != 2 { return nil, errors.New("gRPC requires HTTP/2") } @@ -73,6 +74,7 @@ func NewServerHandlerTransport(w http.ResponseWriter, r *http.Request) (ServerTr writes: make(chan func()), contentType: contentType, contentSubtype: contentSubtype, + stats: stats, } if v := r.Header.Get("grpc-timeout"); v != "" { @@ -137,6 +139,8 @@ type serverHandlerTransport struct { // we store both contentType and contentSubtype so we don't keep recreating them // TODO make sure this is consistent across handler_server and http2_server contentSubtype string + + stats stats.Handler } func (ht *serverHandlerTransport) Close() error { @@ -230,6 +234,9 @@ func (ht *serverHandlerTransport) WriteStatus(s *Stream, st *status.Status) erro }) if err == nil { // transport has not been closed + if ht.stats != nil { + ht.stats.HandleRPC(s.Context(), &stats.OutTrailer{}) + } ht.Close() close(ht.writes) } @@ -274,7 +281,7 @@ func (ht *serverHandlerTransport) Write(s *Stream, hdr []byte, data []byte, opts } func (ht *serverHandlerTransport) WriteHeader(s *Stream, md metadata.MD) error { - return ht.do(func() { + err := ht.do(func() { ht.writeCommonHeaders(s) h := ht.rw.Header() for k, vv := range md { @@ -290,6 +297,13 @@ func (ht *serverHandlerTransport) WriteHeader(s *Stream, md metadata.MD) error { ht.rw.WriteHeader(200) ht.rw.(http.Flusher).Flush() }) + + if err == nil { + if ht.stats != nil { + ht.stats.HandleRPC(s.Context(), &stats.OutHeader{}) + } + } + return err } func (ht *serverHandlerTransport) HandleStreams(startStream func(*Stream), traceCtx func(context.Context, string) context.Context) { @@ -342,6 +356,15 @@ func (ht *serverHandlerTransport) HandleStreams(startStream func(*Stream), trace ctx = metadata.NewIncomingContext(ctx, ht.headerMD) ctx = peer.NewContext(ctx, pr) s.ctx = newContextWithStream(ctx, s) + if ht.stats != nil { + s.ctx = ht.stats.TagRPC(s.ctx, &stats.RPCTagInfo{FullMethodName: s.method}) + inHeader := &stats.InHeader{ + FullMethod: s.method, + RemoteAddr: ht.RemoteAddr(), + Compression: s.recvCompress, + } + ht.stats.HandleRPC(s.ctx, inHeader) + } s.trReader = &transportReader{ reader: &recvBufferReader{ctx: s.ctx, recv: s.buf}, windowHandler: func(int) {}, diff --git a/vendor/google.golang.org/grpc/transport/transport.go b/vendor/google.golang.org/grpc/transport/transport.go index f6cd62c4c5f1..e68f89ec4599 100644 --- a/vendor/google.golang.org/grpc/transport/transport.go +++ b/vendor/google.golang.org/grpc/transport/transport.go @@ -697,13 +697,13 @@ func (e ConnectionError) Origin() error { var ( // ErrConnClosing indicates that the transport is closing. ErrConnClosing = connectionErrorf(true, nil, "transport is closing") - // errStreamDrain indicates that the stream is rejected by the server because - // the server stops accepting new RPCs. - // TODO: delete this error; it is no longer necessary. - errStreamDrain = streamErrorf(codes.Unavailable, "the server stops accepting new RPCs") + // errStreamDrain indicates that the stream is rejected because the + // connection is draining. This could be caused by goaway or balancer + // removing the address. + errStreamDrain = streamErrorf(codes.Unavailable, "the connection is draining") // StatusGoAway indicates that the server sent a GOAWAY that included this // stream's ID in unprocessed RPCs. - statusGoAway = status.New(codes.Unavailable, "the server stopped accepting new RPCs") + statusGoAway = status.New(codes.Unavailable, "the stream is rejected because server is draining the connection") ) // TODO: See if we can replace StreamError with status package errors. diff --git a/vendor/gopkg.in/ory-am/dockertest.v3/Gopkg.lock b/vendor/gopkg.in/ory-am/dockertest.v3/Gopkg.lock index 2c5666f15674..3249930e59e5 100644 --- a/vendor/gopkg.in/ory-am/dockertest.v3/Gopkg.lock +++ b/vendor/gopkg.in/ory-am/dockertest.v3/Gopkg.lock @@ -20,7 +20,7 @@ revision = "cd527374f1e5bff4938207604a14f2e38a9cf512" [[projects]] - name = "github.com/cenk/backoff" + name = "github.com/cenkalti/backoff" packages = ["."] revision = "61153c768f31ee5f130071d08fc82b85208528de" version = "v1.1.0" diff --git a/vendor/gopkg.in/ory-am/dockertest.v3/Gopkg.toml b/vendor/gopkg.in/ory-am/dockertest.v3/Gopkg.toml index 6f4bd7e1e2a3..69826e6c5c27 100644 --- a/vendor/gopkg.in/ory-am/dockertest.v3/Gopkg.toml +++ b/vendor/gopkg.in/ory-am/dockertest.v3/Gopkg.toml @@ -22,7 +22,7 @@ [[constraint]] - name = "github.com/cenk/backoff" + name = "github.com/cenkalti/backoff" version = "1.1.0" [[constraint]] diff --git a/vendor/gopkg.in/ory-am/dockertest.v3/dockertest.go b/vendor/gopkg.in/ory-am/dockertest.v3/dockertest.go index f4afb414a32e..6e1fd2bd5272 100644 --- a/vendor/gopkg.in/ory-am/dockertest.v3/dockertest.go +++ b/vendor/gopkg.in/ory-am/dockertest.v3/dockertest.go @@ -9,7 +9,7 @@ import ( "strings" "time" - "github.com/cenk/backoff" + "github.com/cenkalti/backoff" dc "github.com/fsouza/go-dockerclient" "github.com/pkg/errors" ) @@ -83,17 +83,17 @@ func NewTLSPool(endpoint, certpath string) (*Pool, error) { // TLS pools are automatically configured if the DOCKER_CERT_PATH environment variable exists. func NewPool(endpoint string) (*Pool, error) { if endpoint == "" { - if os.Getenv("DOCKER_HOST") != "" { - endpoint = os.Getenv("DOCKER_HOST") - } else if os.Getenv("DOCKER_URL") != "" { - endpoint = os.Getenv("DOCKER_URL") - } else if os.Getenv("DOCKER_MACHINE_NAME") != "" { + if os.Getenv("DOCKER_MACHINE_NAME") != "" { client, err := dc.NewClientFromEnv() if err != nil { - return nil, errors.Wrap(err, "") + return nil, errors.Wrap(err, "failed to create client from environment") } return &Pool{Client: client}, nil + } else if os.Getenv("DOCKER_HOST") != "" { + endpoint = os.Getenv("DOCKER_HOST") + } else if os.Getenv("DOCKER_URL") != "" { + endpoint = os.Getenv("DOCKER_URL") } else if runtime.GOOS == "windows" { endpoint = "http://localhost:2375" } else { @@ -101,7 +101,7 @@ func NewPool(endpoint string) (*Pool, error) { } } - if os.Getenv("DOCKER_CERT_PATH") == "" && shouldPreferTls(endpoint) { + if os.Getenv("DOCKER_CERT_PATH") != "" && shouldPreferTls(endpoint) { return NewTLSPool(endpoint, os.Getenv("DOCKER_CERT_PATH")) } @@ -131,6 +131,7 @@ type RunOptions struct { Mounts []string Links []string ExposedPorts []string + ExtraHosts []string Auth dc.AuthConfiguration PortBindings map[dc.Port][]dc.PortBinding } @@ -224,6 +225,7 @@ func (d *Pool) RunWithOptions(opts *RunOptions) (*Resource, error) { Binds: opts.Mounts, Links: opts.Links, PortBindings: opts.PortBindings, + ExtraHosts: opts.ExtraHosts, }, }) if err != nil { diff --git a/vendor/k8s.io/api/authentication/v1/BUILD b/vendor/k8s.io/api/authentication/v1/BUILD index f2e2b1a989c1..26e557e469fd 100644 --- a/vendor/k8s.io/api/authentication/v1/BUILD +++ b/vendor/k8s.io/api/authentication/v1/BUILD @@ -22,6 +22,7 @@ go_library( "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", "//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library", "//vendor/k8s.io/apimachinery/pkg/runtime/schema:go_default_library", + "//vendor/k8s.io/apimachinery/pkg/types:go_default_library", ], ) diff --git a/vendor/k8s.io/api/authentication/v1/generated.pb.go b/vendor/k8s.io/api/authentication/v1/generated.pb.go index 2e66666eb019..d090ce579b67 100644 --- a/vendor/k8s.io/api/authentication/v1/generated.pb.go +++ b/vendor/k8s.io/api/authentication/v1/generated.pb.go @@ -25,7 +25,11 @@ limitations under the License. k8s.io/kubernetes/vendor/k8s.io/api/authentication/v1/generated.proto It has these top-level messages: + BoundObjectReference ExtraValue + TokenRequest + TokenRequestSpec + TokenRequestStatus TokenReview TokenReviewSpec TokenReviewStatus @@ -37,6 +41,8 @@ import proto "github.com/gogo/protobuf/proto" import fmt "fmt" import math "math" +import k8s_io_apimachinery_pkg_types "k8s.io/apimachinery/pkg/types" + import github_com_gogo_protobuf_sortkeys "github.com/gogo/protobuf/sortkeys" import strings "strings" @@ -55,33 +61,87 @@ var _ = math.Inf // proto package needs to be updated. const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package +func (m *BoundObjectReference) Reset() { *m = BoundObjectReference{} } +func (*BoundObjectReference) ProtoMessage() {} +func (*BoundObjectReference) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{0} } + func (m *ExtraValue) Reset() { *m = ExtraValue{} } func (*ExtraValue) ProtoMessage() {} -func (*ExtraValue) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{0} } +func (*ExtraValue) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{1} } + +func (m *TokenRequest) Reset() { *m = TokenRequest{} } +func (*TokenRequest) ProtoMessage() {} +func (*TokenRequest) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{2} } + +func (m *TokenRequestSpec) Reset() { *m = TokenRequestSpec{} } +func (*TokenRequestSpec) ProtoMessage() {} +func (*TokenRequestSpec) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{3} } + +func (m *TokenRequestStatus) Reset() { *m = TokenRequestStatus{} } +func (*TokenRequestStatus) ProtoMessage() {} +func (*TokenRequestStatus) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{4} } func (m *TokenReview) Reset() { *m = TokenReview{} } func (*TokenReview) ProtoMessage() {} -func (*TokenReview) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{1} } +func (*TokenReview) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{5} } func (m *TokenReviewSpec) Reset() { *m = TokenReviewSpec{} } func (*TokenReviewSpec) ProtoMessage() {} -func (*TokenReviewSpec) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{2} } +func (*TokenReviewSpec) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{6} } func (m *TokenReviewStatus) Reset() { *m = TokenReviewStatus{} } func (*TokenReviewStatus) ProtoMessage() {} -func (*TokenReviewStatus) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{3} } +func (*TokenReviewStatus) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{7} } func (m *UserInfo) Reset() { *m = UserInfo{} } func (*UserInfo) ProtoMessage() {} -func (*UserInfo) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{4} } +func (*UserInfo) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{8} } func init() { + proto.RegisterType((*BoundObjectReference)(nil), "k8s.io.api.authentication.v1.BoundObjectReference") proto.RegisterType((*ExtraValue)(nil), "k8s.io.api.authentication.v1.ExtraValue") + proto.RegisterType((*TokenRequest)(nil), "k8s.io.api.authentication.v1.TokenRequest") + proto.RegisterType((*TokenRequestSpec)(nil), "k8s.io.api.authentication.v1.TokenRequestSpec") + proto.RegisterType((*TokenRequestStatus)(nil), "k8s.io.api.authentication.v1.TokenRequestStatus") proto.RegisterType((*TokenReview)(nil), "k8s.io.api.authentication.v1.TokenReview") proto.RegisterType((*TokenReviewSpec)(nil), "k8s.io.api.authentication.v1.TokenReviewSpec") proto.RegisterType((*TokenReviewStatus)(nil), "k8s.io.api.authentication.v1.TokenReviewStatus") proto.RegisterType((*UserInfo)(nil), "k8s.io.api.authentication.v1.UserInfo") } +func (m *BoundObjectReference) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalTo(dAtA) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *BoundObjectReference) MarshalTo(dAtA []byte) (int, error) { + var i int + _ = i + var l int + _ = l + dAtA[i] = 0xa + i++ + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Kind))) + i += copy(dAtA[i:], m.Kind) + dAtA[i] = 0x12 + i++ + i = encodeVarintGenerated(dAtA, i, uint64(len(m.APIVersion))) + i += copy(dAtA[i:], m.APIVersion) + dAtA[i] = 0x1a + i++ + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Name))) + i += copy(dAtA[i:], m.Name) + dAtA[i] = 0x22 + i++ + i = encodeVarintGenerated(dAtA, i, uint64(len(m.UID))) + i += copy(dAtA[i:], m.UID) + return i, nil +} + func (m ExtraValue) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -115,7 +175,7 @@ func (m ExtraValue) MarshalTo(dAtA []byte) (int, error) { return i, nil } -func (m *TokenReview) Marshal() (dAtA []byte, err error) { +func (m *TokenRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalTo(dAtA) @@ -125,7 +185,7 @@ func (m *TokenReview) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *TokenReview) MarshalTo(dAtA []byte) (int, error) { +func (m *TokenRequest) MarshalTo(dAtA []byte) (int, error) { var i int _ = i var l int @@ -157,6 +217,126 @@ func (m *TokenReview) MarshalTo(dAtA []byte) (int, error) { return i, nil } +func (m *TokenRequestSpec) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalTo(dAtA) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *TokenRequestSpec) MarshalTo(dAtA []byte) (int, error) { + var i int + _ = i + var l int + _ = l + if len(m.Audiences) > 0 { + for _, s := range m.Audiences { + dAtA[i] = 0xa + i++ + l = len(s) + for l >= 1<<7 { + dAtA[i] = uint8(uint64(l)&0x7f | 0x80) + l >>= 7 + i++ + } + dAtA[i] = uint8(l) + i++ + i += copy(dAtA[i:], s) + } + } + if m.BoundObjectRef != nil { + dAtA[i] = 0x1a + i++ + i = encodeVarintGenerated(dAtA, i, uint64(m.BoundObjectRef.Size())) + n4, err := m.BoundObjectRef.MarshalTo(dAtA[i:]) + if err != nil { + return 0, err + } + i += n4 + } + if m.ExpirationSeconds != nil { + dAtA[i] = 0x20 + i++ + i = encodeVarintGenerated(dAtA, i, uint64(*m.ExpirationSeconds)) + } + return i, nil +} + +func (m *TokenRequestStatus) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalTo(dAtA) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *TokenRequestStatus) MarshalTo(dAtA []byte) (int, error) { + var i int + _ = i + var l int + _ = l + dAtA[i] = 0xa + i++ + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Token))) + i += copy(dAtA[i:], m.Token) + dAtA[i] = 0x12 + i++ + i = encodeVarintGenerated(dAtA, i, uint64(m.ExpirationTimestamp.Size())) + n5, err := m.ExpirationTimestamp.MarshalTo(dAtA[i:]) + if err != nil { + return 0, err + } + i += n5 + return i, nil +} + +func (m *TokenReview) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalTo(dAtA) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *TokenReview) MarshalTo(dAtA []byte) (int, error) { + var i int + _ = i + var l int + _ = l + dAtA[i] = 0xa + i++ + i = encodeVarintGenerated(dAtA, i, uint64(m.ObjectMeta.Size())) + n6, err := m.ObjectMeta.MarshalTo(dAtA[i:]) + if err != nil { + return 0, err + } + i += n6 + dAtA[i] = 0x12 + i++ + i = encodeVarintGenerated(dAtA, i, uint64(m.Spec.Size())) + n7, err := m.Spec.MarshalTo(dAtA[i:]) + if err != nil { + return 0, err + } + i += n7 + dAtA[i] = 0x1a + i++ + i = encodeVarintGenerated(dAtA, i, uint64(m.Status.Size())) + n8, err := m.Status.MarshalTo(dAtA[i:]) + if err != nil { + return 0, err + } + i += n8 + return i, nil +} + func (m *TokenReviewSpec) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -205,11 +385,11 @@ func (m *TokenReviewStatus) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0x12 i++ i = encodeVarintGenerated(dAtA, i, uint64(m.User.Size())) - n4, err := m.User.MarshalTo(dAtA[i:]) + n9, err := m.User.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n4 + i += n9 dAtA[i] = 0x1a i++ i = encodeVarintGenerated(dAtA, i, uint64(len(m.Error))) @@ -279,11 +459,11 @@ func (m *UserInfo) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0x12 i++ i = encodeVarintGenerated(dAtA, i, uint64((&v).Size())) - n5, err := (&v).MarshalTo(dAtA[i:]) + n10, err := (&v).MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n5 + i += n10 } } return i, nil @@ -316,6 +496,20 @@ func encodeVarintGenerated(dAtA []byte, offset int, v uint64) int { dAtA[offset] = uint8(v) return offset + 1 } +func (m *BoundObjectReference) Size() (n int) { + var l int + _ = l + l = len(m.Kind) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.APIVersion) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.Name) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.UID) + n += 1 + l + sovGenerated(uint64(l)) + return n +} + func (m ExtraValue) Size() (n int) { var l int _ = l @@ -328,6 +522,47 @@ func (m ExtraValue) Size() (n int) { return n } +func (m *TokenRequest) Size() (n int) { + var l int + _ = l + l = m.ObjectMeta.Size() + n += 1 + l + sovGenerated(uint64(l)) + l = m.Spec.Size() + n += 1 + l + sovGenerated(uint64(l)) + l = m.Status.Size() + n += 1 + l + sovGenerated(uint64(l)) + return n +} + +func (m *TokenRequestSpec) Size() (n int) { + var l int + _ = l + if len(m.Audiences) > 0 { + for _, s := range m.Audiences { + l = len(s) + n += 1 + l + sovGenerated(uint64(l)) + } + } + if m.BoundObjectRef != nil { + l = m.BoundObjectRef.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + if m.ExpirationSeconds != nil { + n += 1 + sovGenerated(uint64(*m.ExpirationSeconds)) + } + return n +} + +func (m *TokenRequestStatus) Size() (n int) { + var l int + _ = l + l = len(m.Token) + n += 1 + l + sovGenerated(uint64(l)) + l = m.ExpirationTimestamp.Size() + n += 1 + l + sovGenerated(uint64(l)) + return n +} + func (m *TokenReview) Size() (n int) { var l int _ = l @@ -397,6 +632,54 @@ func sovGenerated(x uint64) (n int) { func sozGenerated(x uint64) (n int) { return sovGenerated(uint64((x << 1) ^ uint64((int64(x) >> 63)))) } +func (this *BoundObjectReference) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&BoundObjectReference{`, + `Kind:` + fmt.Sprintf("%v", this.Kind) + `,`, + `APIVersion:` + fmt.Sprintf("%v", this.APIVersion) + `,`, + `Name:` + fmt.Sprintf("%v", this.Name) + `,`, + `UID:` + fmt.Sprintf("%v", this.UID) + `,`, + `}`, + }, "") + return s +} +func (this *TokenRequest) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&TokenRequest{`, + `ObjectMeta:` + strings.Replace(strings.Replace(this.ObjectMeta.String(), "ObjectMeta", "k8s_io_apimachinery_pkg_apis_meta_v1.ObjectMeta", 1), `&`, ``, 1) + `,`, + `Spec:` + strings.Replace(strings.Replace(this.Spec.String(), "TokenRequestSpec", "TokenRequestSpec", 1), `&`, ``, 1) + `,`, + `Status:` + strings.Replace(strings.Replace(this.Status.String(), "TokenRequestStatus", "TokenRequestStatus", 1), `&`, ``, 1) + `,`, + `}`, + }, "") + return s +} +func (this *TokenRequestSpec) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&TokenRequestSpec{`, + `Audiences:` + fmt.Sprintf("%v", this.Audiences) + `,`, + `BoundObjectRef:` + strings.Replace(fmt.Sprintf("%v", this.BoundObjectRef), "BoundObjectReference", "BoundObjectReference", 1) + `,`, + `ExpirationSeconds:` + valueToStringGenerated(this.ExpirationSeconds) + `,`, + `}`, + }, "") + return s +} +func (this *TokenRequestStatus) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&TokenRequestStatus{`, + `Token:` + fmt.Sprintf("%v", this.Token) + `,`, + `ExpirationTimestamp:` + strings.Replace(strings.Replace(this.ExpirationTimestamp.String(), "Time", "k8s_io_apimachinery_pkg_apis_meta_v1.Time", 1), `&`, ``, 1) + `,`, + `}`, + }, "") + return s +} func (this *TokenReview) String() string { if this == nil { return "nil" @@ -462,7 +745,7 @@ func valueToStringGenerated(v interface{}) string { pv := reflect.Indirect(rv).Interface() return fmt.Sprintf("*%v", pv) } -func (m *ExtraValue) Unmarshal(dAtA []byte) error { +func (m *BoundObjectReference) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -485,15 +768,15 @@ func (m *ExtraValue) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: ExtraValue: wiretype end group for non-group") + return fmt.Errorf("proto: BoundObjectReference: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: ExtraValue: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: BoundObjectReference: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Items", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Kind", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -518,7 +801,554 @@ func (m *ExtraValue) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - *m = append(*m, string(dAtA[iNdEx:postIndex])) + m.Kind = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field APIVersion", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.APIVersion = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Name = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field UID", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.UID = k8s_io_apimachinery_pkg_types.UID(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *ExtraValue) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: ExtraValue: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: ExtraValue: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Items", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + *m = append(*m, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *TokenRequest) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: TokenRequest: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: TokenRequest: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ObjectMeta", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= (int(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ObjectMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Spec", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= (int(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.Spec.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Status", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= (int(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.Status.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *TokenRequestSpec) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: TokenRequestSpec: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: TokenRequestSpec: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Audiences", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Audiences = append(m.Audiences, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field BoundObjectRef", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= (int(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.BoundObjectRef == nil { + m.BoundObjectRef = &BoundObjectReference{} + } + if err := m.BoundObjectRef.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 4: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field ExpirationSeconds", wireType) + } + var v int64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= (int64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + m.ExpirationSeconds = &v + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *TokenRequestStatus) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: TokenRequestStatus: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: TokenRequestStatus: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Token", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Token = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ExpirationTimestamp", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= (int(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ExpirationTimestamp.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex default: iNdEx = preIndex @@ -1257,46 +2087,62 @@ func init() { } var fileDescriptorGenerated = []byte{ - // 642 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x53, 0x4d, 0x6f, 0xd3, 0x40, - 0x10, 0xb5, 0xf3, 0x51, 0x25, 0x1b, 0x0a, 0x65, 0x25, 0xa4, 0x28, 0x02, 0x27, 0x0a, 0x12, 0xca, - 0x81, 0xae, 0x49, 0x41, 0xa5, 0x2a, 0x12, 0x12, 0x16, 0x11, 0xf4, 0x80, 0x2a, 0x2d, 0xb4, 0x48, - 0x9c, 0xd8, 0x38, 0x53, 0xc7, 0xa4, 0xfe, 0xd0, 0x7a, 0x6d, 0xe8, 0xad, 0x3f, 0x81, 0x23, 0xdc, - 0xf8, 0x17, 0x1c, 0xb9, 0xf6, 0xd8, 0x63, 0x0f, 0xa8, 0xa2, 0xe6, 0x8f, 0xa0, 0x5d, 0x2f, 0x4d, - 0xda, 0xd2, 0xd0, 0x9b, 0xf7, 0xcd, 0x7b, 0x6f, 0x67, 0x9e, 0x77, 0xd0, 0x60, 0xb2, 0x96, 0x10, - 0x3f, 0xb2, 0x27, 0xe9, 0x10, 0x78, 0x08, 0x02, 0x12, 0x3b, 0x83, 0x70, 0x14, 0x71, 0x5b, 0x17, - 0x58, 0xec, 0xdb, 0x2c, 0x15, 0x63, 0x08, 0x85, 0xef, 0x32, 0xe1, 0x47, 0xa1, 0x9d, 0xf5, 0x6d, - 0x0f, 0x42, 0xe0, 0x4c, 0xc0, 0x88, 0xc4, 0x3c, 0x12, 0x11, 0xbe, 0x5d, 0xb0, 0x09, 0x8b, 0x7d, - 0x72, 0x96, 0x4d, 0xb2, 0x7e, 0x6b, 0xd9, 0xf3, 0xc5, 0x38, 0x1d, 0x12, 0x37, 0x0a, 0x6c, 0x2f, - 0xf2, 0x22, 0x5b, 0x89, 0x86, 0xe9, 0x8e, 0x3a, 0xa9, 0x83, 0xfa, 0x2a, 0xcc, 0x5a, 0x8f, 0xa6, - 0x57, 0x07, 0xcc, 0x1d, 0xfb, 0x21, 0xf0, 0x3d, 0x3b, 0x9e, 0x78, 0x12, 0x48, 0xec, 0x00, 0x04, - 0xfb, 0x47, 0x0b, 0x2d, 0xfb, 0x32, 0x15, 0x4f, 0x43, 0xe1, 0x07, 0x70, 0x41, 0xb0, 0xfa, 0x3f, - 0x41, 0xe2, 0x8e, 0x21, 0x60, 0x17, 0x74, 0x0f, 0x2f, 0xd3, 0xa5, 0xc2, 0xdf, 0xb5, 0xfd, 0x50, - 0x24, 0x82, 0x9f, 0x17, 0x75, 0x1f, 0x23, 0x34, 0xf8, 0x24, 0x38, 0xdb, 0x66, 0xbb, 0x29, 0xe0, - 0x36, 0xaa, 0xfa, 0x02, 0x82, 0xa4, 0x69, 0x76, 0xca, 0xbd, 0xba, 0x53, 0xcf, 0x8f, 0xdb, 0xd5, - 0x0d, 0x09, 0xd0, 0x02, 0x5f, 0xaf, 0x7d, 0xf9, 0xd6, 0x36, 0xf6, 0x7f, 0x76, 0x8c, 0xee, 0xd7, - 0x12, 0x6a, 0xbc, 0x89, 0x26, 0x10, 0x52, 0xc8, 0x7c, 0xf8, 0x88, 0xdf, 0xa3, 0x9a, 0x4c, 0x60, - 0xc4, 0x04, 0x6b, 0x9a, 0x1d, 0xb3, 0xd7, 0x58, 0x79, 0x40, 0xa6, 0xe1, 0x9f, 0x36, 0x44, 0xe2, - 0x89, 0x27, 0x81, 0x84, 0x48, 0x36, 0xc9, 0xfa, 0x64, 0x73, 0xf8, 0x01, 0x5c, 0xf1, 0x0a, 0x04, - 0x73, 0xf0, 0xc1, 0x71, 0xdb, 0xc8, 0x8f, 0xdb, 0x68, 0x8a, 0xd1, 0x53, 0x57, 0xbc, 0x89, 0x2a, - 0x49, 0x0c, 0x6e, 0xb3, 0xa4, 0xdc, 0x97, 0xc9, 0xbc, 0x5f, 0x4b, 0x66, 0x5a, 0x7b, 0x1d, 0x83, - 0xeb, 0x5c, 0xd3, 0xd6, 0x15, 0x79, 0xa2, 0xca, 0x08, 0xbf, 0x45, 0x0b, 0x89, 0x60, 0x22, 0x4d, - 0x9a, 0x65, 0x65, 0x69, 0x5f, 0xdd, 0x52, 0xc9, 0x9c, 0xeb, 0xda, 0x74, 0xa1, 0x38, 0x53, 0x6d, - 0xd7, 0x5d, 0x45, 0x37, 0xce, 0xdd, 0x8f, 0xef, 0xa2, 0xaa, 0x90, 0x90, 0xca, 0xa6, 0xee, 0x2c, - 0x6a, 0x65, 0xb5, 0xe0, 0x15, 0xb5, 0xee, 0x0f, 0x13, 0xdd, 0xbc, 0x70, 0x0b, 0x7e, 0x82, 0x16, - 0x67, 0x9a, 0x81, 0x91, 0xb2, 0xa8, 0x39, 0xb7, 0xb4, 0xc5, 0xe2, 0xb3, 0xd9, 0x22, 0x3d, 0xcb, - 0xc5, 0x2f, 0x51, 0x25, 0x4d, 0x80, 0xeb, 0xd0, 0xee, 0xcd, 0x9f, 0x70, 0x2b, 0x01, 0xbe, 0x11, - 0xee, 0x44, 0xd3, 0xb4, 0x24, 0x42, 0x95, 0x83, 0x9c, 0x00, 0x38, 0x8f, 0xb8, 0x0a, 0x6b, 0x66, - 0x82, 0x81, 0x04, 0x69, 0x51, 0xeb, 0x7e, 0x2f, 0xa1, 0xda, 0x5f, 0x17, 0x7c, 0x1f, 0xd5, 0xa4, - 0x32, 0x64, 0x01, 0xe8, 0xb1, 0x97, 0xb4, 0x48, 0x71, 0x24, 0x4e, 0x4f, 0x19, 0xf8, 0x0e, 0x2a, - 0xa7, 0xfe, 0x48, 0x35, 0x5a, 0x77, 0x1a, 0x9a, 0x58, 0xde, 0xda, 0x78, 0x4e, 0x25, 0x8e, 0xbb, - 0x68, 0xc1, 0xe3, 0x51, 0x1a, 0xcb, 0x9f, 0x25, 0xdf, 0x26, 0x92, 0xb9, 0xbf, 0x50, 0x08, 0xd5, - 0x15, 0xbc, 0x8d, 0xaa, 0x20, 0x1f, 0x73, 0xb3, 0xd2, 0x29, 0xf7, 0x1a, 0x2b, 0xfd, 0xab, 0x4d, - 0x4b, 0xd4, 0x02, 0x0c, 0x42, 0xc1, 0xf7, 0x66, 0xa6, 0x92, 0x18, 0x2d, 0xec, 0x5a, 0x43, 0xbd, - 0x24, 0x8a, 0x83, 0x97, 0x50, 0x79, 0x02, 0x7b, 0xc5, 0x44, 0x54, 0x7e, 0xe2, 0xa7, 0xa8, 0x9a, - 0xc9, 0xfd, 0xd1, 0x29, 0xf7, 0xe6, 0xdf, 0x3b, 0xdd, 0x37, 0x5a, 0xc8, 0xd6, 0x4b, 0x6b, 0xa6, - 0xd3, 0x3b, 0x38, 0xb1, 0x8c, 0xc3, 0x13, 0xcb, 0x38, 0x3a, 0xb1, 0x8c, 0xfd, 0xdc, 0x32, 0x0f, - 0x72, 0xcb, 0x3c, 0xcc, 0x2d, 0xf3, 0x28, 0xb7, 0xcc, 0x5f, 0xb9, 0x65, 0x7e, 0xfe, 0x6d, 0x19, - 0xef, 0x4a, 0x59, 0xff, 0x4f, 0x00, 0x00, 0x00, 0xff, 0xff, 0xeb, 0x3a, 0x3c, 0x31, 0x1b, 0x05, - 0x00, 0x00, + // 905 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x55, 0xcf, 0x6f, 0x1b, 0x45, + 0x14, 0xf6, 0xfa, 0x47, 0x64, 0x8f, 0x9b, 0x90, 0x4c, 0xa9, 0x64, 0x05, 0xb0, 0x8d, 0x91, 0x90, + 0x05, 0x74, 0xb7, 0x36, 0xa8, 0x54, 0x45, 0x42, 0xca, 0x12, 0x0b, 0x2c, 0x04, 0xad, 0xa6, 0x4d, + 0x40, 0x9c, 0x18, 0xdb, 0x2f, 0xce, 0xe0, 0xee, 0xec, 0x32, 0x3b, 0x6b, 0xea, 0x5b, 0xff, 0x04, + 0x8e, 0x20, 0x71, 0xe0, 0x8f, 0x40, 0xe2, 0xc8, 0x35, 0xc7, 0x8a, 0x53, 0x0f, 0xc8, 0x22, 0xcb, + 0xbf, 0xc0, 0x89, 0x13, 0x9a, 0xd9, 0x89, 0xd7, 0x3f, 0x12, 0xc7, 0xa7, 0xde, 0x3c, 0xef, 0x7d, + 0xef, 0x9b, 0xf7, 0xbe, 0xf9, 0xfc, 0x16, 0x75, 0x46, 0xf7, 0x42, 0x9b, 0xf9, 0xce, 0x28, 0xea, + 0x81, 0xe0, 0x20, 0x21, 0x74, 0xc6, 0xc0, 0x07, 0xbe, 0x70, 0x4c, 0x82, 0x06, 0xcc, 0xa1, 0x91, + 0x3c, 0x05, 0x2e, 0x59, 0x9f, 0x4a, 0xe6, 0x73, 0x67, 0xdc, 0x72, 0x86, 0xc0, 0x41, 0x50, 0x09, + 0x03, 0x3b, 0x10, 0xbe, 0xf4, 0xf1, 0xeb, 0x09, 0xda, 0xa6, 0x01, 0xb3, 0x17, 0xd1, 0xf6, 0xb8, + 0xb5, 0x7f, 0x7b, 0xc8, 0xe4, 0x69, 0xd4, 0xb3, 0xfb, 0xbe, 0xe7, 0x0c, 0xfd, 0xa1, 0xef, 0xe8, + 0xa2, 0x5e, 0x74, 0xa2, 0x4f, 0xfa, 0xa0, 0x7f, 0x25, 0x64, 0xfb, 0x1f, 0xa4, 0x57, 0x7b, 0xb4, + 0x7f, 0xca, 0x38, 0x88, 0x89, 0x13, 0x8c, 0x86, 0x2a, 0x10, 0x3a, 0x1e, 0x48, 0x7a, 0x49, 0x0b, + 0xfb, 0xce, 0x55, 0x55, 0x22, 0xe2, 0x92, 0x79, 0xb0, 0x52, 0x70, 0xf7, 0xba, 0x82, 0xb0, 0x7f, + 0x0a, 0x1e, 0x5d, 0xa9, 0x7b, 0xff, 0xaa, 0xba, 0x48, 0xb2, 0x27, 0x0e, 0xe3, 0x32, 0x94, 0x62, + 0xb9, 0xa8, 0xf1, 0xa7, 0x85, 0x5e, 0x75, 0xfd, 0x88, 0x0f, 0x1e, 0xf4, 0xbe, 0x83, 0xbe, 0x24, + 0x70, 0x02, 0x02, 0x78, 0x1f, 0x70, 0x1d, 0xe5, 0x47, 0x8c, 0x0f, 0x2a, 0x56, 0xdd, 0x6a, 0x96, + 0xdc, 0x1b, 0x67, 0xd3, 0x5a, 0x26, 0x9e, 0xd6, 0xf2, 0x9f, 0x33, 0x3e, 0x20, 0x3a, 0x83, 0xdb, + 0x08, 0xd1, 0x87, 0xdd, 0x63, 0x10, 0x21, 0xf3, 0x79, 0x25, 0xab, 0x71, 0xd8, 0xe0, 0xd0, 0xc1, + 0x2c, 0x43, 0xe6, 0x50, 0x8a, 0x95, 0x53, 0x0f, 0x2a, 0xb9, 0x45, 0xd6, 0x2f, 0xa9, 0x07, 0x44, + 0x67, 0xb0, 0x8b, 0x72, 0x51, 0xf7, 0xb0, 0x92, 0xd7, 0x80, 0x3b, 0x06, 0x90, 0x3b, 0xea, 0x1e, + 0xfe, 0x37, 0xad, 0xbd, 0x79, 0xd5, 0x84, 0x72, 0x12, 0x40, 0x68, 0x1f, 0x75, 0x0f, 0x89, 0x2a, + 0x6e, 0x7c, 0x88, 0x50, 0xe7, 0xa9, 0x14, 0xf4, 0x98, 0x3e, 0x89, 0x00, 0xd7, 0x50, 0x81, 0x49, + 0xf0, 0xc2, 0x8a, 0x55, 0xcf, 0x35, 0x4b, 0x6e, 0x29, 0x9e, 0xd6, 0x0a, 0x5d, 0x15, 0x20, 0x49, + 0xfc, 0x7e, 0xf1, 0xa7, 0x5f, 0x6b, 0x99, 0x67, 0x7f, 0xd5, 0x33, 0x8d, 0x5f, 0xb2, 0xe8, 0xc6, + 0x63, 0x7f, 0x04, 0x9c, 0xc0, 0xf7, 0x11, 0x84, 0x12, 0x7f, 0x8b, 0x8a, 0xea, 0x5d, 0x07, 0x54, + 0x52, 0xad, 0x44, 0xb9, 0x7d, 0xc7, 0x4e, 0x2d, 0x35, 0x6b, 0xc2, 0x0e, 0x46, 0x43, 0x15, 0x08, + 0x6d, 0x85, 0xb6, 0xc7, 0x2d, 0x3b, 0x91, 0xf3, 0x0b, 0x90, 0x34, 0xd5, 0x24, 0x8d, 0x91, 0x19, + 0x2b, 0x7e, 0x88, 0xf2, 0x61, 0x00, 0x7d, 0xad, 0x5f, 0xb9, 0x6d, 0xdb, 0xeb, 0x0c, 0x6b, 0xcf, + 0xf7, 0xf6, 0x28, 0x80, 0x7e, 0xaa, 0xa0, 0x3a, 0x11, 0xcd, 0x84, 0xbf, 0x46, 0x5b, 0xa1, 0xa4, + 0x32, 0x0a, 0xb5, 0xca, 0x8b, 0x1d, 0x5f, 0xc7, 0xa9, 0xeb, 0xdc, 0x1d, 0xc3, 0xba, 0x95, 0x9c, + 0x89, 0xe1, 0x6b, 0xfc, 0x6b, 0xa1, 0xdd, 0xe5, 0x16, 0xf0, 0xbb, 0xa8, 0x44, 0xa3, 0x01, 0x53, + 0xa6, 0xb9, 0x90, 0x78, 0x3b, 0x9e, 0xd6, 0x4a, 0x07, 0x17, 0x41, 0x92, 0xe6, 0x31, 0x47, 0x3b, + 0xbd, 0x05, 0xb7, 0x99, 0x1e, 0xdb, 0xeb, 0x7b, 0xbc, 0xcc, 0xa1, 0x2e, 0x8e, 0xa7, 0xb5, 0x9d, + 0xc5, 0x0c, 0x59, 0x62, 0xc7, 0x9f, 0xa0, 0x3d, 0x78, 0x1a, 0x30, 0xa1, 0x99, 0x1e, 0x41, 0xdf, + 0xe7, 0x83, 0x50, 0x7b, 0x2b, 0xe7, 0xde, 0x8a, 0xa7, 0xb5, 0xbd, 0xce, 0x72, 0x92, 0xac, 0xe2, + 0x1b, 0xbf, 0x59, 0x08, 0xaf, 0xaa, 0x84, 0xdf, 0x42, 0x05, 0xa9, 0xa2, 0xe6, 0x2f, 0xb2, 0x6d, + 0x44, 0x2b, 0x24, 0xd0, 0x24, 0x87, 0x27, 0xe8, 0x66, 0x4a, 0xf8, 0x98, 0x79, 0x10, 0x4a, 0xea, + 0x05, 0xe6, 0xb5, 0xdf, 0xd9, 0xcc, 0x4b, 0xaa, 0xcc, 0x7d, 0xcd, 0xd0, 0xdf, 0xec, 0xac, 0xd2, + 0x91, 0xcb, 0xee, 0x68, 0xfc, 0x9c, 0x45, 0x65, 0xd3, 0xf6, 0x98, 0xc1, 0x0f, 0x2f, 0xc1, 0xcb, + 0x0f, 0x16, 0xbc, 0x7c, 0x7b, 0x23, 0xdf, 0xa9, 0xd6, 0xae, 0xb4, 0xf2, 0x57, 0x4b, 0x56, 0x76, + 0x36, 0xa7, 0x5c, 0xef, 0xe4, 0xbb, 0xe8, 0x95, 0xa5, 0xfb, 0x37, 0x7a, 0xce, 0xc6, 0x1f, 0x16, + 0xda, 0x5b, 0xb9, 0x05, 0x7f, 0x84, 0xb6, 0xe7, 0x9a, 0x81, 0x64, 0x69, 0x16, 0xdd, 0x5b, 0x86, + 0x62, 0xfb, 0x60, 0x3e, 0x49, 0x16, 0xb1, 0xf8, 0x33, 0x94, 0x8f, 0x42, 0x10, 0x46, 0xb4, 0xb7, + 0xd7, 0x4f, 0x78, 0x14, 0x82, 0xe8, 0xf2, 0x13, 0x3f, 0x55, 0x4b, 0x45, 0x88, 0x66, 0x50, 0x13, + 0x80, 0x10, 0xbe, 0x30, 0xdb, 0x75, 0x36, 0x41, 0x47, 0x05, 0x49, 0x92, 0x6b, 0xfc, 0x9e, 0x45, + 0xc5, 0x0b, 0x16, 0xfc, 0x1e, 0x2a, 0xaa, 0x4a, 0xbd, 0x92, 0x93, 0xb1, 0x77, 0x4d, 0x91, 0xc6, + 0xa8, 0x38, 0x99, 0x21, 0xf0, 0x1b, 0x28, 0x17, 0xb1, 0x81, 0xd9, 0xf4, 0xe5, 0xb9, 0xd5, 0x4c, + 0x54, 0x1c, 0x37, 0xd0, 0xd6, 0x50, 0xf8, 0x51, 0xa0, 0x1e, 0x4b, 0x6d, 0x01, 0xa4, 0x74, 0xff, + 0x54, 0x47, 0x88, 0xc9, 0xe0, 0x63, 0x54, 0x00, 0xb5, 0x99, 0x2b, 0xf9, 0x7a, 0xae, 0x59, 0x6e, + 0xb7, 0x36, 0x9b, 0xd6, 0xd6, 0xdb, 0xbc, 0xc3, 0xa5, 0x98, 0xcc, 0x4d, 0xa5, 0x62, 0x24, 0xa1, + 0xdb, 0xef, 0x99, 0x8d, 0xaf, 0x31, 0x78, 0x17, 0xe5, 0x46, 0x30, 0x49, 0x26, 0x22, 0xea, 0x27, + 0xfe, 0x18, 0x15, 0xc6, 0xea, 0x63, 0x60, 0x54, 0x6e, 0xae, 0xbf, 0x37, 0xfd, 0x78, 0x90, 0xa4, + 0xec, 0x7e, 0xf6, 0x9e, 0xe5, 0x36, 0xcf, 0xce, 0xab, 0x99, 0xe7, 0xe7, 0xd5, 0xcc, 0x8b, 0xf3, + 0x6a, 0xe6, 0x59, 0x5c, 0xb5, 0xce, 0xe2, 0xaa, 0xf5, 0x3c, 0xae, 0x5a, 0x2f, 0xe2, 0xaa, 0xf5, + 0x77, 0x5c, 0xb5, 0x7e, 0xfc, 0xa7, 0x9a, 0xf9, 0x26, 0x3b, 0x6e, 0xfd, 0x1f, 0x00, 0x00, 0xff, + 0xff, 0x5f, 0x39, 0x60, 0xb1, 0xbd, 0x08, 0x00, 0x00, } diff --git a/vendor/k8s.io/api/authentication/v1/generated.proto b/vendor/k8s.io/api/authentication/v1/generated.proto index ea7b3b2885ab..1fd432a70d62 100644 --- a/vendor/k8s.io/api/authentication/v1/generated.proto +++ b/vendor/k8s.io/api/authentication/v1/generated.proto @@ -29,6 +29,25 @@ import "k8s.io/apimachinery/pkg/util/intstr/generated.proto"; // Package-wide variables from generator "generated". option go_package = "v1"; +// BoundObjectReference is a reference to an object that a token is bound to. +message BoundObjectReference { + // Kind of the referent. Valid kinds are 'Pod' and 'Secret'. + // +optional + optional string kind = 1; + + // API version of the referent. + // +optional + optional string aPIVersion = 2; + + // Name of the referent. + // +optional + optional string name = 3; + + // UID of the referent. + // +optional + optional string uID = 4; +} + // ExtraValue masks the value so protobuf can generate // +protobuf.nullable=true // +protobuf.options.(gogoproto.goproto_stringer)=false @@ -38,6 +57,48 @@ message ExtraValue { repeated string items = 1; } +// TokenRequest requests a token for a given service account. +message TokenRequest { + // +optional + optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + + optional TokenRequestSpec spec = 2; + + // +optional + optional TokenRequestStatus status = 3; +} + +// TokenRequestSpec contains client provided parameters of a token request. +message TokenRequestSpec { + // Audiences are the intendend audiences of the token. A recipient of a + // token must identitfy themself with an identifier in the list of + // audiences of the token, and otherwise should reject the token. A + // token issued for multiple audiences may be used to authenticate + // against any of the audiences listed but implies a high degree of + // trust between the target audiences. + repeated string audiences = 1; + + // ExpirationSeconds is the requested duration of validity of the request. The + // token issuer may return a token with a different validity duration so a + // client needs to check the 'expiration' field in a response. + // +optional + optional int64 expirationSeconds = 4; + + // BoundObjectRef is a reference to an object that the token will be bound to. + // The token will only be valid for as long as the bound objet exists. + // +optional + optional BoundObjectReference boundObjectRef = 3; +} + +// TokenRequestStatus is the result of a token request. +message TokenRequestStatus { + // Token is the opaque bearer token. + optional string token = 1; + + // ExpirationTimestamp is the time of expiration of the returned token. + optional k8s.io.apimachinery.pkg.apis.meta.v1.Time expirationTimestamp = 2; +} + // TokenReview attempts to authenticate a token to a known user. // Note: TokenReview requests may be cached by the webhook token authenticator // plugin in the kube-apiserver. diff --git a/vendor/k8s.io/api/authentication/v1/register.go b/vendor/k8s.io/api/authentication/v1/register.go index 2ca79a620a55..c522e4a46d71 100644 --- a/vendor/k8s.io/api/authentication/v1/register.go +++ b/vendor/k8s.io/api/authentication/v1/register.go @@ -45,6 +45,7 @@ var ( func addKnownTypes(scheme *runtime.Scheme) error { scheme.AddKnownTypes(SchemeGroupVersion, &TokenReview{}, + &TokenRequest{}, ) metav1.AddToGroupVersion(scheme, SchemeGroupVersion) return nil diff --git a/vendor/k8s.io/api/authentication/v1/types.go b/vendor/k8s.io/api/authentication/v1/types.go index b6d30bbe6132..723457a3dd21 100644 --- a/vendor/k8s.io/api/authentication/v1/types.go +++ b/vendor/k8s.io/api/authentication/v1/types.go @@ -20,6 +20,7 @@ import ( "fmt" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/types" ) const ( @@ -105,3 +106,63 @@ type ExtraValue []string func (t ExtraValue) String() string { return fmt.Sprintf("%v", []string(t)) } + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// TokenRequest requests a token for a given service account. +type TokenRequest struct { + metav1.TypeMeta `json:",inline"` + // +optional + metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + + Spec TokenRequestSpec `json:"spec" protobuf:"bytes,2,opt,name=spec"` + // +optional + Status TokenRequestStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"` +} + +// TokenRequestSpec contains client provided parameters of a token request. +type TokenRequestSpec struct { + // Audiences are the intendend audiences of the token. A recipient of a + // token must identitfy themself with an identifier in the list of + // audiences of the token, and otherwise should reject the token. A + // token issued for multiple audiences may be used to authenticate + // against any of the audiences listed but implies a high degree of + // trust between the target audiences. + Audiences []string `json:"audiences" protobuf:"bytes,1,rep,name=audiences"` + + // ExpirationSeconds is the requested duration of validity of the request. The + // token issuer may return a token with a different validity duration so a + // client needs to check the 'expiration' field in a response. + // +optional + ExpirationSeconds *int64 `json:"expirationSeconds" protobuf:"varint,4,opt,name=expirationSeconds"` + + // BoundObjectRef is a reference to an object that the token will be bound to. + // The token will only be valid for as long as the bound objet exists. + // +optional + BoundObjectRef *BoundObjectReference `json:"boundObjectRef" protobuf:"bytes,3,opt,name=boundObjectRef"` +} + +// TokenRequestStatus is the result of a token request. +type TokenRequestStatus struct { + // Token is the opaque bearer token. + Token string `json:"token" protobuf:"bytes,1,opt,name=token"` + // ExpirationTimestamp is the time of expiration of the returned token. + ExpirationTimestamp metav1.Time `json:"expirationTimestamp" protobuf:"bytes,2,opt,name=expirationTimestamp"` +} + +// BoundObjectReference is a reference to an object that a token is bound to. +type BoundObjectReference struct { + // Kind of the referent. Valid kinds are 'Pod' and 'Secret'. + // +optional + Kind string `json:"kind,omitempty" protobuf:"bytes,1,opt,name=kind"` + // API version of the referent. + // +optional + APIVersion string `json:"apiVersion,omitempty" protobuf:"bytes,2,opt,name=aPIVersion"` + + // Name of the referent. + // +optional + Name string `json:"name,omitempty" protobuf:"bytes,3,opt,name=name"` + // UID of the referent. + // +optional + UID types.UID `json:"uid,omitempty" protobuf:"bytes,4,opt,name=uID,casttype=k8s.io/apimachinery/pkg/types.UID"` +} diff --git a/vendor/k8s.io/api/authentication/v1/types_swagger_doc_generated.go b/vendor/k8s.io/api/authentication/v1/types_swagger_doc_generated.go index bb235e4eaa93..68ecea8eaf05 100644 --- a/vendor/k8s.io/api/authentication/v1/types_swagger_doc_generated.go +++ b/vendor/k8s.io/api/authentication/v1/types_swagger_doc_generated.go @@ -27,6 +27,47 @@ package v1 // Those methods can be generated by using hack/update-generated-swagger-docs.sh // AUTO-GENERATED FUNCTIONS START HERE +var map_BoundObjectReference = map[string]string{ + "": "BoundObjectReference is a reference to an object that a token is bound to.", + "kind": "Kind of the referent. Valid kinds are 'Pod' and 'Secret'.", + "apiVersion": "API version of the referent.", + "name": "Name of the referent.", + "uid": "UID of the referent.", +} + +func (BoundObjectReference) SwaggerDoc() map[string]string { + return map_BoundObjectReference +} + +var map_TokenRequest = map[string]string{ + "": "TokenRequest requests a token for a given service account.", +} + +func (TokenRequest) SwaggerDoc() map[string]string { + return map_TokenRequest +} + +var map_TokenRequestSpec = map[string]string{ + "": "TokenRequestSpec contains client provided parameters of a token request.", + "audiences": "Audiences are the intendend audiences of the token. A recipient of a token must identitfy themself with an identifier in the list of audiences of the token, and otherwise should reject the token. A token issued for multiple audiences may be used to authenticate against any of the audiences listed but implies a high degree of trust between the target audiences.", + "expirationSeconds": "ExpirationSeconds is the requested duration of validity of the request. The token issuer may return a token with a different validity duration so a client needs to check the 'expiration' field in a response.", + "boundObjectRef": "BoundObjectRef is a reference to an object that the token will be bound to. The token will only be valid for as long as the bound objet exists.", +} + +func (TokenRequestSpec) SwaggerDoc() map[string]string { + return map_TokenRequestSpec +} + +var map_TokenRequestStatus = map[string]string{ + "": "TokenRequestStatus is the result of a token request.", + "token": "Token is the opaque bearer token.", + "expirationTimestamp": "ExpirationTimestamp is the time of expiration of the returned token.", +} + +func (TokenRequestStatus) SwaggerDoc() map[string]string { + return map_TokenRequestStatus +} + var map_TokenReview = map[string]string{ "": "TokenReview attempts to authenticate a token to a known user. Note: TokenReview requests may be cached by the webhook token authenticator plugin in the kube-apiserver.", "spec": "Spec holds information about the request being evaluated", diff --git a/vendor/k8s.io/api/authentication/v1/zz_generated.deepcopy.go b/vendor/k8s.io/api/authentication/v1/zz_generated.deepcopy.go index f9b32192c3db..807866dd1843 100644 --- a/vendor/k8s.io/api/authentication/v1/zz_generated.deepcopy.go +++ b/vendor/k8s.io/api/authentication/v1/zz_generated.deepcopy.go @@ -24,6 +24,107 @@ import ( runtime "k8s.io/apimachinery/pkg/runtime" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BoundObjectReference) DeepCopyInto(out *BoundObjectReference) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BoundObjectReference. +func (in *BoundObjectReference) DeepCopy() *BoundObjectReference { + if in == nil { + return nil + } + out := new(BoundObjectReference) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TokenRequest) DeepCopyInto(out *TokenRequest) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenRequest. +func (in *TokenRequest) DeepCopy() *TokenRequest { + if in == nil { + return nil + } + out := new(TokenRequest) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *TokenRequest) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } else { + return nil + } +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TokenRequestSpec) DeepCopyInto(out *TokenRequestSpec) { + *out = *in + if in.Audiences != nil { + in, out := &in.Audiences, &out.Audiences + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.ExpirationSeconds != nil { + in, out := &in.ExpirationSeconds, &out.ExpirationSeconds + if *in == nil { + *out = nil + } else { + *out = new(int64) + **out = **in + } + } + if in.BoundObjectRef != nil { + in, out := &in.BoundObjectRef, &out.BoundObjectRef + if *in == nil { + *out = nil + } else { + *out = new(BoundObjectReference) + **out = **in + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenRequestSpec. +func (in *TokenRequestSpec) DeepCopy() *TokenRequestSpec { + if in == nil { + return nil + } + out := new(TokenRequestSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TokenRequestStatus) DeepCopyInto(out *TokenRequestStatus) { + *out = *in + in.ExpirationTimestamp.DeepCopyInto(&out.ExpirationTimestamp) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenRequestStatus. +func (in *TokenRequestStatus) DeepCopy() *TokenRequestStatus { + if in == nil { + return nil + } + out := new(TokenRequestStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TokenReview) DeepCopyInto(out *TokenReview) { *out = *in diff --git a/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/conversion.go b/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/conversion.go index c62f853351ed..cd651bcd56d5 100644 --- a/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/conversion.go +++ b/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/conversion.go @@ -65,6 +65,9 @@ func AddConversionFuncs(scheme *runtime.Scheme) error { Convert_Pointer_int32_To_int32, Convert_int32_To_Pointer_int32, + Convert_Pointer_int64_To_int64, + Convert_int64_To_Pointer_int64, + Convert_Pointer_float64_To_float64, Convert_float64_To_Pointer_float64, @@ -105,6 +108,21 @@ func Convert_int32_To_Pointer_int32(in *int32, out **int32, s conversion.Scope) return nil } +func Convert_Pointer_int64_To_int64(in **int64, out *int64, s conversion.Scope) error { + if *in == nil { + *out = 0 + return nil + } + *out = int64(**in) + return nil +} + +func Convert_int64_To_Pointer_int64(in *int64, out **int64, s conversion.Scope) error { + temp := int64(*in) + *out = &temp + return nil +} + func Convert_Pointer_int64_To_int(in **int64, out *int, s conversion.Scope) error { if *in == nil { *out = 0 diff --git a/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto b/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto index b37a445c2a8f..bd5abcb79188 100644 --- a/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto +++ b/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto @@ -375,6 +375,7 @@ message ListOptions { optional string resourceVersion = 4; // Timeout for the list/watch call. + // This limits the duration of the call, regardless of any activity or inactivity. // +optional optional int64 timeoutSeconds = 5; diff --git a/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/labels.go b/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/labels.go index 8b4c0423e689..9b45145da669 100644 --- a/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/labels.go +++ b/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/labels.go @@ -25,33 +25,13 @@ func CloneSelectorAndAddLabel(selector *LabelSelector, labelKey, labelValue stri } // Clone. - newSelector := new(LabelSelector) + newSelector := selector.DeepCopy() - // TODO(madhusudancs): Check if you can use deepCopy_extensions_LabelSelector here. - newSelector.MatchLabels = make(map[string]string) - if selector.MatchLabels != nil { - for key, val := range selector.MatchLabels { - newSelector.MatchLabels[key] = val - } + if newSelector.MatchLabels == nil { + newSelector.MatchLabels = make(map[string]string) } - newSelector.MatchLabels[labelKey] = labelValue - if selector.MatchExpressions != nil { - newMExps := make([]LabelSelectorRequirement, len(selector.MatchExpressions)) - for i, me := range selector.MatchExpressions { - newMExps[i].Key = me.Key - newMExps[i].Operator = me.Operator - if me.Values != nil { - newMExps[i].Values = make([]string, len(me.Values)) - copy(newMExps[i].Values, me.Values) - } else { - newMExps[i].Values = nil - } - } - newSelector.MatchExpressions = newMExps - } else { - newSelector.MatchExpressions = nil - } + newSelector.MatchLabels[labelKey] = labelValue return newSelector } diff --git a/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/types.go b/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/types.go index 750080770c4e..917efb37f754 100644 --- a/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/types.go +++ b/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/types.go @@ -342,6 +342,7 @@ type ListOptions struct { // +optional ResourceVersion string `json:"resourceVersion,omitempty" protobuf:"bytes,4,opt,name=resourceVersion"` // Timeout for the list/watch call. + // This limits the duration of the call, regardless of any activity or inactivity. // +optional TimeoutSeconds *int64 `json:"timeoutSeconds,omitempty" protobuf:"varint,5,opt,name=timeoutSeconds"` diff --git a/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/types_swagger_doc_generated.go b/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/types_swagger_doc_generated.go index 5dbba4b02f51..caf929ee0e96 100644 --- a/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/types_swagger_doc_generated.go +++ b/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/types_swagger_doc_generated.go @@ -195,7 +195,7 @@ var map_ListOptions = map[string]string{ "includeUninitialized": "If true, partially initialized resources are included in the response.", "watch": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", "resourceVersion": "When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it's 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.", - "timeoutSeconds": "Timeout for the list/watch call.", + "timeoutSeconds": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", "limit": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", "continue": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server the server will respond with a 410 ResourceExpired error indicating the client must restart their list without the continue field. This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", } diff --git a/vendor/layeh.com/radius/README.md b/vendor/layeh.com/radius/README.md index 3a5af32a27df..60d705cddfbf 100644 --- a/vendor/layeh.com/radius/README.md +++ b/vendor/layeh.com/radius/README.md @@ -42,7 +42,7 @@ Included in this package is the command line program `radius-dict-gen`. It can b go get -u layeh.com/radius/cmd/radius-dict-gen -This program will generate helper functions and types for reading and manipulating RADIUS attributes in a packet. It is recommended that generated code be used for any RADIUS dictionary you would like to consume. +Given a FreeRADIUS dictionary, the program will generate helper functions and types for reading and manipulating RADIUS attributes in a packet. It is recommended that generated code be used for any RADIUS dictionary you would like to consume. Included in this repository are sub-packages of generated helpers for commonly used RADIUS attributes, including [`rfc2865`](https://godoc.org/layeh.com/radius/rfc2865) and [`rfc2866`](https://godoc.org/layeh.com/radius/rfc2866). diff --git a/vendor/layeh.com/radius/client.go b/vendor/layeh.com/radius/client.go index daf7d9837dd0..7f8c5eeaa0bf 100644 --- a/vendor/layeh.com/radius/client.go +++ b/vendor/layeh.com/radius/client.go @@ -18,6 +18,14 @@ type Client struct { // retry). Retry time.Duration + // MaxPacketErrors controls how many packet parsing and validation errors + // the client will ignore before returning the error from Exchange. + // + // If zero, Exchange will drop all packet parsing errors. + MaxPacketErrors int + + // InsecureSkipVerify controls whether the client should skip verifying + // response packets received. InsecureSkipVerify bool } @@ -78,15 +86,32 @@ func (c *Client) Exchange(ctx context.Context, packet *Packet, addr string) (*Pa }() } + var packetErrorCount int + var incoming [MaxPacketLength]byte for { n, err := conn.Read(incoming[:]) if err != nil { return nil, err } + received, err := Parse(incoming[:n], packet.Secret) - if err == nil && (!c.InsecureSkipVerify && IsAuthenticResponse(incoming[:n], wire, packet.Secret)) { - return received, nil + if err != nil { + packetErrorCount++ + if c.MaxPacketErrors > 0 && packetErrorCount >= c.MaxPacketErrors { + return nil, err + } + continue } + + if !c.InsecureSkipVerify && !IsAuthenticResponse(incoming[:n], wire, packet.Secret) { + packetErrorCount++ + if c.MaxPacketErrors > 0 && packetErrorCount >= c.MaxPacketErrors { + return nil, &NonAuthenticResponseError{} + } + continue + } + + return received, nil } } diff --git a/vendor/layeh.com/radius/errors.go b/vendor/layeh.com/radius/errors.go new file mode 100644 index 000000000000..e6f3a5d47c90 --- /dev/null +++ b/vendor/layeh.com/radius/errors.go @@ -0,0 +1,10 @@ +package radius + +// NonAuthenticResponseError is returned when a client was expecting +// a valid response but did not receive one. +type NonAuthenticResponseError struct { +} + +func (e *NonAuthenticResponseError) Error() string { + return `radius: non-authentic response` +} diff --git a/vendor/layeh.com/radius/packet.go b/vendor/layeh.com/radius/packet.go index 18201de1b66f..75da233ff090 100644 --- a/vendor/layeh.com/radius/packet.go +++ b/vendor/layeh.com/radius/packet.go @@ -21,8 +21,10 @@ type Packet struct { } // New creates a new packet with the Code, Secret fields set to the given -// values. The returned packet's Identifier, Authenticator are filled with -// random values. +// values. The returned packet's Identifier and Authenticator fields are filled +// with random values. +// +// The function panics if not enough random data could be generated. func New(code Code, secret []byte) *Packet { var buff [17]byte if _, err := rand.Read(buff[:]); err != nil { diff --git a/vendor/layeh.com/radius/rfc2865/generated.go b/vendor/layeh.com/radius/rfc2865/generated.go index d3b210b3d428..73b50d78455c 100644 --- a/vendor/layeh.com/radius/rfc2865/generated.go +++ b/vendor/layeh.com/radius/rfc2865/generated.go @@ -5,6 +5,7 @@ package rfc2865 import ( "net" "strconv" + "time" "layeh.com/radius" ) @@ -12,6 +13,7 @@ import ( var _ = radius.Type(0) var _ = strconv.Itoa var _ = net.ParseIP +var _ = time.Time{} const ( UserName_Type radius.Type = 1 diff --git a/vendor/layeh.com/radius/server.go b/vendor/layeh.com/radius/server.go index b7484ca0bf9f..06534ab6cc57 100644 --- a/vendor/layeh.com/radius/server.go +++ b/vendor/layeh.com/radius/server.go @@ -26,9 +26,14 @@ func (h HandlerFunc) ServeRADIUS(w ResponseWriter, r *Request) { // Request is an incoming RADIUS request that is being handled by the server. type Request struct { - LocalAddr net.Addr + // LocalAddr is the local address on which the incoming RADIUS request + // was received. + LocalAddr net.Addr + // RemoteAddr is the address from which the incoming RADIUS request + // was sent. RemoteAddr net.Addr + // Packet is the RADIUS packet sent in the request. *Packet ctx context.Context diff --git a/vendor/vendor.json b/vendor/vendor.json index db66169493bf..8efe5ab28ca3 100644 --- a/vendor/vendor.json +++ b/vendor/vendor.json @@ -21,44 +21,44 @@ { "checksumSHA1": "AH7jcN7pvaPDU6UjHdpT081DDGk=", "path": "cloud.google.com/go/compute/metadata", - "revision": "90bed45ceade066ca2d7c9b9954649f9822e46c6", - "revisionTime": "2018-01-24T22:13:42Z" + "revision": "fd7767e8876b52efa597af4d0ec944e9b2574120", + "revisionTime": "2018-02-08T13:53:52Z" }, { - "checksumSHA1": "/ixPd+hSgsbAjBI/fPqmHtTFRM8=", + "checksumSHA1": "aqFDO9WeVSY63xx/sf5X7txTN4c=", "path": "cloud.google.com/go/iam", - "revision": "90bed45ceade066ca2d7c9b9954649f9822e46c6", - "revisionTime": "2018-01-24T22:13:42Z" + "revision": "fd7767e8876b52efa597af4d0ec944e9b2574120", + "revisionTime": "2018-02-08T13:53:52Z" }, { "checksumSHA1": "+2A2Mazq65iiT8xIDgSh5cypBSQ=", "path": "cloud.google.com/go/internal", - "revision": "90bed45ceade066ca2d7c9b9954649f9822e46c6", - "revisionTime": "2018-01-24T22:13:42Z" + "revision": "fd7767e8876b52efa597af4d0ec944e9b2574120", + "revisionTime": "2018-02-08T13:53:52Z" }, { "checksumSHA1": "MCns2LLZtUZEx6JWyYBrcbSuTXg=", "path": "cloud.google.com/go/internal/optional", - "revision": "90bed45ceade066ca2d7c9b9954649f9822e46c6", - "revisionTime": "2018-01-24T22:13:42Z" + "revision": "fd7767e8876b52efa597af4d0ec944e9b2574120", + "revisionTime": "2018-02-08T13:53:52Z" }, { "checksumSHA1": "Kiv6zkk0B9R4wmWX2nizyU4FqBs=", "path": "cloud.google.com/go/internal/version", - "revision": "90bed45ceade066ca2d7c9b9954649f9822e46c6", - "revisionTime": "2018-01-24T22:13:42Z" + "revision": "fd7767e8876b52efa597af4d0ec944e9b2574120", + "revisionTime": "2018-02-08T13:53:52Z" }, { - "checksumSHA1": "dVOYlRYTRNnt+xJGOePg61Fwcp8=", + "checksumSHA1": "PkbOqDgZwhkn4iTXLQGM6tURyEg=", "path": "cloud.google.com/go/storage", - "revision": "90bed45ceade066ca2d7c9b9954649f9822e46c6", - "revisionTime": "2018-01-24T22:13:42Z" + "revision": "fd7767e8876b52efa597af4d0ec944e9b2574120", + "revisionTime": "2018-02-08T13:53:52Z" }, { - "checksumSHA1": "YDEw1uWzG+8V7KAaJfr4jKs1cM0=", + "checksumSHA1": "9rVzyatzpDEQc/CQJjjdtldkER8=", "path": "github.com/Azure/azure-sdk-for-go/storage", - "revision": "a49674fdba11173ce3bc934d020634e3366464de", - "revisionTime": "2017-12-12T18:23:29Z" + "revision": "f111fc2fa3861c5fdced76cae4c9c71821969577", + "revisionTime": "2018-02-03T00:15:51Z" }, { "checksumSHA1": "9NFR6RG8H2fNyKHscGmuGLQhRm4=", @@ -73,34 +73,34 @@ "revisionTime": "2017-09-29T23:40:23Z" }, { - "checksumSHA1": "gF1N5rxCk+rx7oCAzxKvrUjtsx0=", + "checksumSHA1": "sM9XTbrCfgS5BPxpFLeM5YwOZWg=", "path": "github.com/Azure/go-autorest/autorest", - "revision": "c2a68353555b68de3ee8455a4fd3e890a0ac6d99", - "revisionTime": "2018-01-19T19:03:13Z" + "revision": "5a06e9ddbe3c22262059b8e061777b9934f982bd", + "revisionTime": "2018-02-08T22:49:56Z" }, { - "checksumSHA1": "OxKbGGQUfsDtM4Fz4ysBpallhOE=", + "checksumSHA1": "xmsYFX1qHpwvXbqnT9yg4UQ2MlA=", "path": "github.com/Azure/go-autorest/autorest/adal", - "revision": "c2a68353555b68de3ee8455a4fd3e890a0ac6d99", - "revisionTime": "2018-01-19T19:03:13Z" + "revision": "5a06e9ddbe3c22262059b8e061777b9934f982bd", + "revisionTime": "2018-02-08T22:49:56Z" }, { - "checksumSHA1": "3xE3L8S3TMLhkTJS69P8tFANvLQ=", + "checksumSHA1": "KFHzaLA4zo34W0FJ5ah/1WBbB9Q=", "path": "github.com/Azure/go-autorest/autorest/azure", - "revision": "c2a68353555b68de3ee8455a4fd3e890a0ac6d99", - "revisionTime": "2018-01-19T19:03:13Z" + "revision": "5a06e9ddbe3c22262059b8e061777b9934f982bd", + "revisionTime": "2018-02-08T22:49:56Z" }, { "checksumSHA1": "9nXCi9qQsYjxCeajJKWttxgEt0I=", "path": "github.com/Azure/go-autorest/autorest/date", - "revision": "c2a68353555b68de3ee8455a4fd3e890a0ac6d99", - "revisionTime": "2018-01-19T19:03:13Z" + "revision": "5a06e9ddbe3c22262059b8e061777b9934f982bd", + "revisionTime": "2018-02-08T22:49:56Z" }, { - "checksumSHA1": "6aVylorTzM3zjH7VUCzYk+C1NYM=", + "checksumSHA1": "0Wny2oC77TqXIrxuqERTQYaOfDM=", "path": "github.com/DataDog/datadog-go/statsd", - "revision": "f00b998766d86bddcd1834cd59d336808e282060", - "revisionTime": "2018-01-25T13:18:19Z" + "revision": "9487d3a9d3be5bf3cf60b86ae810b97926964515", + "revisionTime": "2018-01-29T10:51:49Z" }, { "checksumSHA1": "0wdHgfg/Zj50H6FMbN2MnuR6YXA=", @@ -199,10 +199,10 @@ "revisionTime": "2017-11-17T18:41:20Z" }, { - "checksumSHA1": "MzSim/5A5kPO2q0n3aKq8H5qJvU=", + "checksumSHA1": "+9FZihevG7Sm0XLvdER/UpALuy0=", "path": "github.com/armon/go-proxyproto", - "revision": "48572f11356f1843b694f21a290d4f1006bc5e47", - "revisionTime": "2017-06-20T22:09:30Z" + "revision": "5b7edb60ff5f69b60d1950397f7bde6171f1807d", + "revisionTime": "2018-02-02T20:17:50Z" }, { "checksumSHA1": "GCTVJ1J/SGZstNZauuLAnTFOhGA=", @@ -217,196 +217,196 @@ "revisionTime": "2018-01-15T10:24:50Z" }, { - "checksumSHA1": "1ut07UM6BTI5LyMIxcK0C17huyQ=", + "checksumSHA1": "DQNOlncuykm7PoycI6AeHkuD97s=", "path": "github.com/aws/aws-sdk-go/aws", - "revision": "c7d34a368b19f9d8ab9022b92aec55f297baf574", - "revisionTime": "2018-01-26T20:58:33Z" + "revision": "fb9d53b0db7e801eb0d4fa021f5860794d845da3", + "revisionTime": "2018-02-09T23:01:02Z" }, { "checksumSHA1": "Y9W+4GimK4Fuxq+vyIskVYFRnX4=", "path": "github.com/aws/aws-sdk-go/aws/awserr", - "revision": "00cca3f093a8236a93fbbeeae7d28ad83811683c", - "revisionTime": "2018-01-26T23:19:01Z" + "revision": "fb9d53b0db7e801eb0d4fa021f5860794d845da3", + "revisionTime": "2018-02-09T23:01:02Z" }, { "checksumSHA1": "yyYr41HZ1Aq0hWc3J5ijXwYEcac=", "path": "github.com/aws/aws-sdk-go/aws/awsutil", - "revision": "00cca3f093a8236a93fbbeeae7d28ad83811683c", - "revisionTime": "2018-01-26T23:19:01Z" + "revision": "fb9d53b0db7e801eb0d4fa021f5860794d845da3", + "revisionTime": "2018-02-09T23:01:02Z" }, { "checksumSHA1": "9nE/FjZ4pYrT883KtV2/aI+Gayo=", "path": "github.com/aws/aws-sdk-go/aws/client", - "revision": "00cca3f093a8236a93fbbeeae7d28ad83811683c", - "revisionTime": "2018-01-26T23:19:01Z" + "revision": "fb9d53b0db7e801eb0d4fa021f5860794d845da3", + "revisionTime": "2018-02-09T23:01:02Z" }, { "checksumSHA1": "ieAJ+Cvp/PKv1LpUEnUXpc3OI6E=", "path": "github.com/aws/aws-sdk-go/aws/client/metadata", - "revision": "00cca3f093a8236a93fbbeeae7d28ad83811683c", - "revisionTime": "2018-01-26T23:19:01Z" + "revision": "fb9d53b0db7e801eb0d4fa021f5860794d845da3", + "revisionTime": "2018-02-09T23:01:02Z" }, { "checksumSHA1": "7/8j/q0TWtOgXyvEcv4B2Dhl00o=", "path": "github.com/aws/aws-sdk-go/aws/corehandlers", - "revision": "00cca3f093a8236a93fbbeeae7d28ad83811683c", - "revisionTime": "2018-01-26T23:19:01Z" + "revision": "fb9d53b0db7e801eb0d4fa021f5860794d845da3", + "revisionTime": "2018-02-09T23:01:02Z" }, { "checksumSHA1": "Y+cPwQL0dZMyqp3wI+KJWmA9KQ8=", "path": "github.com/aws/aws-sdk-go/aws/credentials", - "revision": "00cca3f093a8236a93fbbeeae7d28ad83811683c", - "revisionTime": "2018-01-26T23:19:01Z" + "revision": "fb9d53b0db7e801eb0d4fa021f5860794d845da3", + "revisionTime": "2018-02-09T23:01:02Z" }, { "checksumSHA1": "u3GOAJLmdvbuNUeUEcZSEAOeL/0=", "path": "github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds", - "revision": "00cca3f093a8236a93fbbeeae7d28ad83811683c", - "revisionTime": "2018-01-26T23:19:01Z" + "revision": "fb9d53b0db7e801eb0d4fa021f5860794d845da3", + "revisionTime": "2018-02-09T23:01:02Z" }, { "checksumSHA1": "NUJUTWlc1sV8b7WjfiYc4JZbXl0=", "path": "github.com/aws/aws-sdk-go/aws/credentials/endpointcreds", - "revision": "00cca3f093a8236a93fbbeeae7d28ad83811683c", - "revisionTime": "2018-01-26T23:19:01Z" + "revision": "fb9d53b0db7e801eb0d4fa021f5860794d845da3", + "revisionTime": "2018-02-09T23:01:02Z" }, { "checksumSHA1": "JEYqmF83O5n5bHkupAzA6STm0no=", "path": "github.com/aws/aws-sdk-go/aws/credentials/stscreds", - "revision": "c7d34a368b19f9d8ab9022b92aec55f297baf574", - "revisionTime": "2018-01-26T20:58:33Z" + "revision": "fb9d53b0db7e801eb0d4fa021f5860794d845da3", + "revisionTime": "2018-02-09T23:01:02Z" }, { "checksumSHA1": "OnU/n7R33oYXiB4SAGd5pK7I0Bs=", "path": "github.com/aws/aws-sdk-go/aws/defaults", - "revision": "c7d34a368b19f9d8ab9022b92aec55f297baf574", - "revisionTime": "2018-01-26T20:58:33Z" + "revision": "fb9d53b0db7e801eb0d4fa021f5860794d845da3", + "revisionTime": "2018-02-09T23:01:02Z" }, { "checksumSHA1": "/EXbk/z2TWjWc1Hvb4QYs3Wmhb8=", "path": "github.com/aws/aws-sdk-go/aws/ec2metadata", - "revision": "00cca3f093a8236a93fbbeeae7d28ad83811683c", - "revisionTime": "2018-01-26T23:19:01Z" + "revision": "fb9d53b0db7e801eb0d4fa021f5860794d845da3", + "revisionTime": "2018-02-09T23:01:02Z" }, { - "checksumSHA1": "QzwFDjKBl8XUPtQ3Sgd7+rRestk=", + "checksumSHA1": "CJNEM69cgdO9tZi6c5Lj07jI+dk=", "path": "github.com/aws/aws-sdk-go/aws/endpoints", - "revision": "00cca3f093a8236a93fbbeeae7d28ad83811683c", - "revisionTime": "2018-01-26T23:19:01Z" + "revision": "fb9d53b0db7e801eb0d4fa021f5860794d845da3", + "revisionTime": "2018-02-09T23:01:02Z" }, { "checksumSHA1": "657ICMok3uC5dm5e9bKcVF2HaxE=", "path": "github.com/aws/aws-sdk-go/aws/request", - "revision": "00cca3f093a8236a93fbbeeae7d28ad83811683c", - "revisionTime": "2018-01-26T23:19:01Z" + "revision": "fb9d53b0db7e801eb0d4fa021f5860794d845da3", + "revisionTime": "2018-02-09T23:01:02Z" }, { - "checksumSHA1": "HcGL4e6Uep4/80eCUI5xkcWjpQ0=", + "checksumSHA1": "DIn7B+oP++/nw603OB95fmupzu8=", "path": "github.com/aws/aws-sdk-go/aws/session", - "revision": "c7d34a368b19f9d8ab9022b92aec55f297baf574", - "revisionTime": "2018-01-26T20:58:33Z" + "revision": "fb9d53b0db7e801eb0d4fa021f5860794d845da3", + "revisionTime": "2018-02-09T23:01:02Z" }, { "checksumSHA1": "iU00ZjhAml/13g+1YXT21IqoXqg=", "path": "github.com/aws/aws-sdk-go/aws/signer/v4", - "revision": "00cca3f093a8236a93fbbeeae7d28ad83811683c", - "revisionTime": "2018-01-26T23:19:01Z" + "revision": "fb9d53b0db7e801eb0d4fa021f5860794d845da3", + "revisionTime": "2018-02-09T23:01:02Z" }, { "checksumSHA1": "04ypv4x12l4q0TksA1zEVsmgpvw=", "path": "github.com/aws/aws-sdk-go/internal/shareddefaults", - "revision": "00cca3f093a8236a93fbbeeae7d28ad83811683c", - "revisionTime": "2018-01-26T23:19:01Z" + "revision": "fb9d53b0db7e801eb0d4fa021f5860794d845da3", + "revisionTime": "2018-02-09T23:01:02Z" }, { "checksumSHA1": "NStHCXEvYqG72GknZyv1jaKaeH0=", "path": "github.com/aws/aws-sdk-go/private/protocol", - "revision": "00cca3f093a8236a93fbbeeae7d28ad83811683c", - "revisionTime": "2018-01-26T23:19:01Z" + "revision": "fb9d53b0db7e801eb0d4fa021f5860794d845da3", + "revisionTime": "2018-02-09T23:01:02Z" }, { "checksumSHA1": "1QmQ3FqV37w0Zi44qv8pA1GeR0A=", "path": "github.com/aws/aws-sdk-go/private/protocol/ec2query", - "revision": "00cca3f093a8236a93fbbeeae7d28ad83811683c", - "revisionTime": "2018-01-26T23:19:01Z" + "revision": "fb9d53b0db7e801eb0d4fa021f5860794d845da3", + "revisionTime": "2018-02-09T23:01:02Z" }, { "checksumSHA1": "yHfT5DTbeCLs4NE2Rgnqrhe15ls=", "path": "github.com/aws/aws-sdk-go/private/protocol/json/jsonutil", - "revision": "00cca3f093a8236a93fbbeeae7d28ad83811683c", - "revisionTime": "2018-01-26T23:19:01Z" + "revision": "fb9d53b0db7e801eb0d4fa021f5860794d845da3", + "revisionTime": "2018-02-09T23:01:02Z" }, { "checksumSHA1": "R00RL5jJXRYq1iiK1+PGvMfvXyM=", "path": "github.com/aws/aws-sdk-go/private/protocol/jsonrpc", - "revision": "00cca3f093a8236a93fbbeeae7d28ad83811683c", - "revisionTime": "2018-01-26T23:19:01Z" + "revision": "fb9d53b0db7e801eb0d4fa021f5860794d845da3", + "revisionTime": "2018-02-09T23:01:02Z" }, { "checksumSHA1": "ZqY5RWavBLWTo6j9xqdyBEaNFRk=", "path": "github.com/aws/aws-sdk-go/private/protocol/query", - "revision": "00cca3f093a8236a93fbbeeae7d28ad83811683c", - "revisionTime": "2018-01-26T23:19:01Z" + "revision": "fb9d53b0db7e801eb0d4fa021f5860794d845da3", + "revisionTime": "2018-02-09T23:01:02Z" }, { "checksumSHA1": "9V1PvtFQ9MObZTc3sa86WcuOtOU=", "path": "github.com/aws/aws-sdk-go/private/protocol/query/queryutil", - "revision": "00cca3f093a8236a93fbbeeae7d28ad83811683c", - "revisionTime": "2018-01-26T23:19:01Z" + "revision": "fb9d53b0db7e801eb0d4fa021f5860794d845da3", + "revisionTime": "2018-02-09T23:01:02Z" }, { "checksumSHA1": "pkeoOfZpHRvFG/AOZeTf0lwtsFg=", "path": "github.com/aws/aws-sdk-go/private/protocol/rest", - "revision": "00cca3f093a8236a93fbbeeae7d28ad83811683c", - "revisionTime": "2018-01-26T23:19:01Z" + "revision": "fb9d53b0db7e801eb0d4fa021f5860794d845da3", + "revisionTime": "2018-02-09T23:01:02Z" }, { "checksumSHA1": "ODo+ko8D6unAxZuN1jGzMcN4QCc=", "path": "github.com/aws/aws-sdk-go/private/protocol/restxml", - "revision": "00cca3f093a8236a93fbbeeae7d28ad83811683c", - "revisionTime": "2018-01-26T23:19:01Z" + "revision": "fb9d53b0db7e801eb0d4fa021f5860794d845da3", + "revisionTime": "2018-02-09T23:01:02Z" }, { "checksumSHA1": "0qYPUga28aQVkxZgBR3Z86AbGUQ=", "path": "github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil", - "revision": "00cca3f093a8236a93fbbeeae7d28ad83811683c", - "revisionTime": "2018-01-26T23:19:01Z" + "revision": "fb9d53b0db7e801eb0d4fa021f5860794d845da3", + "revisionTime": "2018-02-09T23:01:02Z" }, { - "checksumSHA1": "0TXXUPjrbOCHpX555B6suH36Nnk=", + "checksumSHA1": "8JiVrxMjFSdBOfVWCy1QU+JzB08=", "path": "github.com/aws/aws-sdk-go/service/dynamodb", - "revision": "c7d34a368b19f9d8ab9022b92aec55f297baf574", - "revisionTime": "2018-01-26T20:58:33Z" + "revision": "fb9d53b0db7e801eb0d4fa021f5860794d845da3", + "revisionTime": "2018-02-09T23:01:02Z" }, { "checksumSHA1": "/I6I2nR59isqKtSpEnTfLRWZ8Mc=", "path": "github.com/aws/aws-sdk-go/service/dynamodb/dynamodbattribute", - "revision": "c7d34a368b19f9d8ab9022b92aec55f297baf574", - "revisionTime": "2018-01-26T20:58:33Z" + "revision": "fb9d53b0db7e801eb0d4fa021f5860794d845da3", + "revisionTime": "2018-02-09T23:01:02Z" }, { - "checksumSHA1": "4igS6faf4hrhDj6Jj9ErVcN1qKo=", + "checksumSHA1": "6m97gyHt25GPBhd48PdPaAXCT9Y=", "path": "github.com/aws/aws-sdk-go/service/ec2", - "revision": "c7d34a368b19f9d8ab9022b92aec55f297baf574", - "revisionTime": "2018-01-26T20:58:33Z" + "revision": "fb9d53b0db7e801eb0d4fa021f5860794d845da3", + "revisionTime": "2018-02-09T23:01:02Z" }, { - "checksumSHA1": "oZaxMqnwl2rA+V/W0tJ3uownORI=", + "checksumSHA1": "I8CWKTI9BLrIF9ZKf6SpWhG+LXM=", "path": "github.com/aws/aws-sdk-go/service/iam", - "revision": "c7d34a368b19f9d8ab9022b92aec55f297baf574", - "revisionTime": "2018-01-26T20:58:33Z" + "revision": "fb9d53b0db7e801eb0d4fa021f5860794d845da3", + "revisionTime": "2018-02-09T23:01:02Z" }, { - "checksumSHA1": "sCaHoPWsJXRHFbilUKwN71qFTOI=", + "checksumSHA1": "fXQn3V0ZRBZpTXUEHl4/yOjR4mQ=", "path": "github.com/aws/aws-sdk-go/service/s3", - "revision": "c7d34a368b19f9d8ab9022b92aec55f297baf574", - "revisionTime": "2018-01-26T20:58:33Z" + "revision": "fb9d53b0db7e801eb0d4fa021f5860794d845da3", + "revisionTime": "2018-02-09T23:01:02Z" }, { - "checksumSHA1": "W1oFtpaT4TWIIJrAvFcn/XdcT7g=", + "checksumSHA1": "x7HCNPJnQi+4P6FKpBTY1hm3m6o=", "path": "github.com/aws/aws-sdk-go/service/sts", - "revision": "00cca3f093a8236a93fbbeeae7d28ad83811683c", - "revisionTime": "2018-01-26T23:19:01Z" + "revision": "fb9d53b0db7e801eb0d4fa021f5860794d845da3", + "revisionTime": "2018-02-09T23:01:02Z" }, { "checksumSHA1": "oTmBS67uxM6OXB/+OJUAG9LK4jw=", @@ -417,24 +417,24 @@ { "checksumSHA1": "Fnz7xSfgecNEaVi+I5a7HA1cl3I=", "path": "github.com/boombuler/barcode", - "revision": "3cfea5ab600ae37946be2b763b8ec2c1cf2d272d", - "revisionTime": "2017-09-22T10:33:52Z" + "revision": "5a7395f62784d17e29056e861ebd448ac1096261", + "revisionTime": "2018-02-03T08:01:48Z" }, { "checksumSHA1": "jWsoIeAcg4+QlCJLZ8jXHiJ5a3s=", "path": "github.com/boombuler/barcode/qr", - "revision": "3cfea5ab600ae37946be2b763b8ec2c1cf2d272d", - "revisionTime": "2017-09-22T10:33:52Z" + "revision": "5a7395f62784d17e29056e861ebd448ac1096261", + "revisionTime": "2018-02-03T08:01:48Z" }, { "checksumSHA1": "axe0OTdOjYa+XKDUYqzOv7FGaWo=", "path": "github.com/boombuler/barcode/utils", - "revision": "3cfea5ab600ae37946be2b763b8ec2c1cf2d272d", - "revisionTime": "2017-09-22T10:33:52Z" + "revision": "5a7395f62784d17e29056e861ebd448ac1096261", + "revisionTime": "2018-02-03T08:01:48Z" }, { - "checksumSHA1": "MsfvQZcBtSZeatCqbSZRHVsb9yU=", - "path": "github.com/cenk/backoff", + "checksumSHA1": "Zlk5zPiw+3u9pyy4kNThpKDaYmE=", + "path": "github.com/cenkalti/backoff", "revision": "2ea60e5f094469f9e65adb9cd103795b73ae743e", "revisionTime": "2017-12-24T16:42:12Z" }, @@ -457,28 +457,28 @@ "revisionTime": "2017-09-11T15:31:29Z" }, { - "checksumSHA1": "1+wh7HBBExMeHebpcxtDOIrIlCs=", + "checksumSHA1": "l8gIVOjlnOrceuJLONvgA8p4FI4=", "path": "github.com/circonus-labs/circonus-gometrics", - "revision": "b25d14eeef390159289ad3e8521eff3162c59685", - "revisionTime": "2017-10-19T13:11:15Z" + "revision": "b5b9c6e8f93c67411193a170108e951e642c453c", + "revisionTime": "2018-02-07T19:24:15Z" }, { - "checksumSHA1": "AeoKS438naDrZxFIVU8u8tVGyLg=", + "checksumSHA1": "I6MmriS6eBxiKW9g+p23t0YFDVg=", "path": "github.com/circonus-labs/circonus-gometrics/api", - "revision": "b25d14eeef390159289ad3e8521eff3162c59685", - "revisionTime": "2017-10-19T13:11:15Z" + "revision": "b5b9c6e8f93c67411193a170108e951e642c453c", + "revisionTime": "2018-02-07T19:24:15Z" }, { "checksumSHA1": "bQhz/fcyZPmuHSH2qwC4ZtATy5c=", "path": "github.com/circonus-labs/circonus-gometrics/api/config", - "revision": "b25d14eeef390159289ad3e8521eff3162c59685", - "revisionTime": "2017-10-19T13:11:15Z" + "revision": "b5b9c6e8f93c67411193a170108e951e642c453c", + "revisionTime": "2018-02-07T19:24:15Z" }, { - "checksumSHA1": "yMRPGEGVO916uQ/YIEhPC14Qqek=", + "checksumSHA1": "YCRBAIvGNWV9L59Wu7GjUVwpK7Q=", "path": "github.com/circonus-labs/circonus-gometrics/checkmgr", - "revision": "b25d14eeef390159289ad3e8521eff3162c59685", - "revisionTime": "2017-10-19T13:11:15Z" + "revision": "b5b9c6e8f93c67411193a170108e951e642c453c", + "revisionTime": "2018-02-07T19:24:15Z" }, { "checksumSHA1": "518zyXg+PdukgJ00+uWAOZXDhHc=", @@ -495,86 +495,92 @@ { "checksumSHA1": "GqIrOttKaO7k6HIaHQLPr3cY7rY=", "path": "github.com/containerd/continuity/pathdriver", - "revision": "b2b946a77f5973f420514090d6f6dd58b08303f0", - "revisionTime": "2017-12-15T19:55:39Z" + "revision": "1a794c0014a7b786879312d1dab309ba96ead8bc", + "revisionTime": "2018-02-05T19:53:30Z" }, { - "checksumSHA1": "SVDbxtq6zlRJ/mB0EAau/f9r4Hc=", - "path": "github.com/coreos/etcd/auth/authpb", - "revision": "1153e43b347575106f6946d80359b999f24b6823", - "revisionTime": "2018-01-26T20:56:51Z" - }, - { - "checksumSHA1": "3Sr7cI/2HAnSbL2rHFZKexEwJ9Y=", + "checksumSHA1": "BGSFbXfIYy0Honqo/ZXbg9NB9SI=", "path": "github.com/coreos/etcd/client", - "revision": "1153e43b347575106f6946d80359b999f24b6823", - "revisionTime": "2018-01-26T20:56:51Z" + "revision": "9c6d93056575da4da94382f473b0ecfcd9c1443b", + "revisionTime": "2018-02-10T00:12:50Z" }, { - "checksumSHA1": "w62CfKEj1M3VJOro37iE9efycgc=", + "checksumSHA1": "MsFmcSBht07KsPPRjfdzF30WmrY=", "path": "github.com/coreos/etcd/clientv3", - "revision": "1153e43b347575106f6946d80359b999f24b6823", - "revisionTime": "2018-01-26T20:56:51Z" + "revision": "9c6d93056575da4da94382f473b0ecfcd9c1443b", + "revisionTime": "2018-02-10T00:12:50Z" }, { "checksumSHA1": "OcytKWV9sQArUOu4WTt+cxouxqY=", "path": "github.com/coreos/etcd/clientv3/concurrency", - "revision": "1153e43b347575106f6946d80359b999f24b6823", - "revisionTime": "2018-01-26T20:56:51Z" + "revision": "9c6d93056575da4da94382f473b0ecfcd9c1443b", + "revisionTime": "2018-02-10T00:12:50Z" }, { "checksumSHA1": "VMC9J0rMVk3Fv8r8Bj7qqLlXc3E=", "path": "github.com/coreos/etcd/etcdserver/api/v3rpc/rpctypes", - "revision": "1153e43b347575106f6946d80359b999f24b6823", - "revisionTime": "2018-01-26T20:56:51Z" + "revision": "9c6d93056575da4da94382f473b0ecfcd9c1443b", + "revisionTime": "2018-02-10T00:12:50Z" }, { - "checksumSHA1": "h/DK/opTUEoSYtEkFCO5NYV58r8=", + "checksumSHA1": "PnvfikM9hSV+vOZq0zjawPiunOk=", "path": "github.com/coreos/etcd/etcdserver/etcdserverpb", - "revision": "1153e43b347575106f6946d80359b999f24b6823", - "revisionTime": "2018-01-26T20:56:51Z" + "revision": "9c6d93056575da4da94382f473b0ecfcd9c1443b", + "revisionTime": "2018-02-10T00:12:50Z" + }, + { + "checksumSHA1": "dC7K64IQzxWe2x1+9fdolXNIPOs=", + "path": "github.com/coreos/etcd/internal/auth/authpb", + "revision": "9c6d93056575da4da94382f473b0ecfcd9c1443b", + "revisionTime": "2018-02-10T00:12:50Z" }, { "checksumSHA1": "LeX3njuZTuHdxp3MIbAo/QiDcOo=", "path": "github.com/coreos/etcd/internal/mvcc/mvccpb", - "revision": "1153e43b347575106f6946d80359b999f24b6823", - "revisionTime": "2018-01-26T20:56:51Z" + "revision": "9c6d93056575da4da94382f473b0ecfcd9c1443b", + "revisionTime": "2018-02-10T00:12:50Z" + }, + { + "checksumSHA1": "Bem627j4vuQFfGOfwVWpW3gnjog=", + "path": "github.com/coreos/etcd/internal/version", + "revision": "9c6d93056575da4da94382f473b0ecfcd9c1443b", + "revisionTime": "2018-02-10T00:12:50Z" + }, + { + "checksumSHA1": "tHGCCzG9LjNl1itFCrJKm18ZJVo=", + "path": "github.com/coreos/etcd/pkg/logger", + "revision": "9c6d93056575da4da94382f473b0ecfcd9c1443b", + "revisionTime": "2018-02-10T00:12:50Z" }, { "checksumSHA1": "mKIXx1kDwmVmdIpZ3pJtRBuUKso=", "path": "github.com/coreos/etcd/pkg/pathutil", - "revision": "1153e43b347575106f6946d80359b999f24b6823", - "revisionTime": "2018-01-26T20:56:51Z" + "revision": "9c6d93056575da4da94382f473b0ecfcd9c1443b", + "revisionTime": "2018-02-10T00:12:50Z" }, { "checksumSHA1": "wAOmJuqYSwbVNGdofRaxF1jm1ak=", "path": "github.com/coreos/etcd/pkg/srv", - "revision": "1153e43b347575106f6946d80359b999f24b6823", - "revisionTime": "2018-01-26T20:56:51Z" + "revision": "9c6d93056575da4da94382f473b0ecfcd9c1443b", + "revisionTime": "2018-02-10T00:12:50Z" }, { "checksumSHA1": "rMyIh9PsSvPs6Yd+YgKITQzQJx8=", "path": "github.com/coreos/etcd/pkg/tlsutil", - "revision": "1153e43b347575106f6946d80359b999f24b6823", - "revisionTime": "2018-01-26T20:56:51Z" + "revision": "9c6d93056575da4da94382f473b0ecfcd9c1443b", + "revisionTime": "2018-02-10T00:12:50Z" }, { - "checksumSHA1": "PoTXn5yRFx7RyFeBgjoPoAbx2C0=", + "checksumSHA1": "x2ysIuwHfN8dh+kFEl7K6fDhXNE=", "path": "github.com/coreos/etcd/pkg/transport", - "revision": "1153e43b347575106f6946d80359b999f24b6823", - "revisionTime": "2018-01-26T20:56:51Z" + "revision": "9c6d93056575da4da94382f473b0ecfcd9c1443b", + "revisionTime": "2018-02-10T00:12:50Z" }, { "checksumSHA1": "fqju8lgR+3vLJLAEPxhV6P7JAHY=", "path": "github.com/coreos/etcd/pkg/types", - "revision": "1153e43b347575106f6946d80359b999f24b6823", - "revisionTime": "2018-01-26T20:56:51Z" - }, - { - "checksumSHA1": "SCXhykntdCkvDe22S/RNButQ0C0=", - "path": "github.com/coreos/etcd/version", - "revision": "1153e43b347575106f6946d80359b999f24b6823", - "revisionTime": "2018-01-26T20:56:51Z" + "revision": "9c6d93056575da4da94382f473b0ecfcd9c1443b", + "revisionTime": "2018-02-10T00:12:50Z" }, { "checksumSHA1": "97BsbXOiZ8+Kr+LIuZkQFtSj7H4=", @@ -583,10 +589,22 @@ "revisionTime": "2018-01-08T23:09:05Z" }, { - "checksumSHA1": "cfIp4rlS5RF0k1LFfcFHvTzt9KY=", + "checksumSHA1": "d50/+u/LFlXvEV10HiEoXB9OsGg=", + "path": "github.com/coreos/go-systemd/journal", + "revision": "40e2722dffead74698ca12a750f64ef313ddce05", + "revisionTime": "2018-02-02T09:23:58Z" + }, + { + "checksumSHA1": "Ss3L7r3JRrP+BGfrrwzatrTfHqc=", + "path": "github.com/coreos/pkg/capnslog", + "revision": "97fdf19511ea361ae1c100dd393cc47f8dcfa1e1", + "revisionTime": "2018-01-08T23:06:52Z" + }, + { + "checksumSHA1": "43Ygz6Mqr/Fzf7phWVD0uMh9sMc=", "path": "github.com/denisenkom/go-mssqldb", - "revision": "7deea793d3c7703dd74a1a38f09223b8c2cd0501", - "revisionTime": "2018-01-23T03:08:19Z" + "revision": "ee492709d4324cdcb051d2ac266b77ddc380f5c5", + "revisionTime": "2018-01-27T14:41:57Z" }, { "checksumSHA1": "+TKtBzv23ywvmmqRiGEjUba4YmI=", @@ -595,160 +613,160 @@ "revisionTime": "2017-10-19T21:57:19Z" }, { - "checksumSHA1": "b91BIyJbqy05pXpEh1eGCJkdjYc=", + "checksumSHA1": "iYT7abLMy0Vfyy8nwoDZYirLrI4=", "path": "github.com/docker/docker/api/types", - "revision": "2c05aefc99d33edde47b08e38978b6c2f4178648", - "revisionTime": "2018-01-26T18:54:30Z" + "revision": "d07d3e71171ea3125d4462e8e509170f7c3e3370", + "revisionTime": "2018-02-10T20:57:58Z" }, { - "checksumSHA1": "jVJDbe0IcyjoKc2xbohwzQr+FF0=", + "checksumSHA1": "/jF0HVFiLzUUuywSjp4F/piM7BM=", "path": "github.com/docker/docker/api/types/blkiodev", - "revision": "2c05aefc99d33edde47b08e38978b6c2f4178648", - "revisionTime": "2018-01-26T18:54:30Z" + "revision": "d07d3e71171ea3125d4462e8e509170f7c3e3370", + "revisionTime": "2018-02-10T20:57:58Z" }, { - "checksumSHA1": "DuOqFTQ95vKSuSE/Va88yRN/wb8=", + "checksumSHA1": "LdXOEC1pDlFHWCWx8s2tYYyZb4w=", "path": "github.com/docker/docker/api/types/container", - "revision": "2c05aefc99d33edde47b08e38978b6c2f4178648", - "revisionTime": "2018-01-26T18:54:30Z" + "revision": "d07d3e71171ea3125d4462e8e509170f7c3e3370", + "revisionTime": "2018-02-10T20:57:58Z" }, { - "checksumSHA1": "S4SWOa0XduRd8ene8Alwih2Nwcw=", + "checksumSHA1": "y9EA6+kZQLx6kCM277CFHTm4eiw=", "path": "github.com/docker/docker/api/types/filters", - "revision": "2c05aefc99d33edde47b08e38978b6c2f4178648", - "revisionTime": "2018-01-26T18:54:30Z" + "revision": "d07d3e71171ea3125d4462e8e509170f7c3e3370", + "revisionTime": "2018-02-10T20:57:58Z" }, { - "checksumSHA1": "uJeLBKpHZXP+bWhXP4HhpyUTWYI=", + "checksumSHA1": "k9CaJVvYL7SxcIP72ng/YcOuF9k=", "path": "github.com/docker/docker/api/types/mount", - "revision": "2c05aefc99d33edde47b08e38978b6c2f4178648", - "revisionTime": "2018-01-26T18:54:30Z" + "revision": "d07d3e71171ea3125d4462e8e509170f7c3e3370", + "revisionTime": "2018-02-10T20:57:58Z" }, { - "checksumSHA1": "Gskp+nvbVe8Gk1xPLHylZvNmqTg=", + "checksumSHA1": "IggTTG/yCDaV9SjtQz5SSarqUtc=", "path": "github.com/docker/docker/api/types/network", - "revision": "2c05aefc99d33edde47b08e38978b6c2f4178648", - "revisionTime": "2018-01-26T18:54:30Z" + "revision": "d07d3e71171ea3125d4462e8e509170f7c3e3370", + "revisionTime": "2018-02-10T20:57:58Z" }, { - "checksumSHA1": "r2vWq7Uc3ExKzMqYgH0b4AKjLKY=", + "checksumSHA1": "m4Jg5WnW75I65nvkEno8PElSXik=", "path": "github.com/docker/docker/api/types/registry", - "revision": "2c05aefc99d33edde47b08e38978b6c2f4178648", - "revisionTime": "2018-01-26T18:54:30Z" + "revision": "d07d3e71171ea3125d4462e8e509170f7c3e3370", + "revisionTime": "2018-02-10T20:57:58Z" }, { - "checksumSHA1": "VTxWyFud/RedrpllGdQonVtGM/A=", + "checksumSHA1": "OQEUS/2J2xVHpfvcsxcXzYqBSeY=", "path": "github.com/docker/docker/api/types/strslice", - "revision": "2c05aefc99d33edde47b08e38978b6c2f4178648", - "revisionTime": "2018-01-26T18:54:30Z" + "revision": "d07d3e71171ea3125d4462e8e509170f7c3e3370", + "revisionTime": "2018-02-10T20:57:58Z" }, { - "checksumSHA1": "Q0U3queMsCw+rPPztXnRHwAxQEc=", + "checksumSHA1": "l72gWvVDBAW6WerF+Whlk5AR6L8=", "path": "github.com/docker/docker/api/types/swarm", - "revision": "2c05aefc99d33edde47b08e38978b6c2f4178648", - "revisionTime": "2018-01-26T18:54:30Z" + "revision": "d07d3e71171ea3125d4462e8e509170f7c3e3370", + "revisionTime": "2018-02-10T20:57:58Z" }, { - "checksumSHA1": "kVfD1e4Gak7k6tqDX5nrgQ57EYY=", + "checksumSHA1": "txs5EKTbKgVyKmKKSnaH3fr+odA=", "path": "github.com/docker/docker/api/types/swarm/runtime", - "revision": "2c05aefc99d33edde47b08e38978b6c2f4178648", - "revisionTime": "2018-01-26T18:54:30Z" + "revision": "d07d3e71171ea3125d4462e8e509170f7c3e3370", + "revisionTime": "2018-02-10T20:57:58Z" }, { - "checksumSHA1": "uDPQ3nHsrvGQc9tg/J9OSC4N5dQ=", + "checksumSHA1": "MZsgRjJJ0D/gAsXfKiEys+op6dE=", "path": "github.com/docker/docker/api/types/versions", - "revision": "2c05aefc99d33edde47b08e38978b6c2f4178648", - "revisionTime": "2018-01-26T18:54:30Z" + "revision": "d07d3e71171ea3125d4462e8e509170f7c3e3370", + "revisionTime": "2018-02-10T20:57:58Z" }, { - "checksumSHA1": "9xiU8BO5sr2SRoDI3+UPOxMPJHw=", + "checksumSHA1": "7anxTh5qUD5FqLFzmNylsfGdh9g=", "path": "github.com/docker/docker/opts", - "revision": "2c05aefc99d33edde47b08e38978b6c2f4178648", - "revisionTime": "2018-01-26T18:54:30Z" + "revision": "d07d3e71171ea3125d4462e8e509170f7c3e3370", + "revisionTime": "2018-02-10T20:57:58Z" }, { - "checksumSHA1": "nA4OAKi339v9bTP/pqAiabyjnkQ=", + "checksumSHA1": "jd0djZoHinAY4euoC1hQ2fGPVvY=", "path": "github.com/docker/docker/pkg/archive", - "revision": "2c05aefc99d33edde47b08e38978b6c2f4178648", - "revisionTime": "2018-01-26T18:54:30Z" + "revision": "d07d3e71171ea3125d4462e8e509170f7c3e3370", + "revisionTime": "2018-02-10T20:57:58Z" }, { - "checksumSHA1": "cHtl1iwPIEobY8Hj9Ww6vJeDlu8=", + "checksumSHA1": "Grn01ilcclpxebiubtvOie9cJOs=", "path": "github.com/docker/docker/pkg/fileutils", - "revision": "2c05aefc99d33edde47b08e38978b6c2f4178648", - "revisionTime": "2018-01-26T18:54:30Z" + "revision": "d07d3e71171ea3125d4462e8e509170f7c3e3370", + "revisionTime": "2018-02-10T20:57:58Z" }, { - "checksumSHA1": "C2+kD5a23ae1xgIwiogqTyPcahA=", + "checksumSHA1": "y37I+5AS96wQSiAxOayiMgnZawA=", "path": "github.com/docker/docker/pkg/homedir", - "revision": "2c05aefc99d33edde47b08e38978b6c2f4178648", - "revisionTime": "2018-01-26T18:54:30Z" + "revision": "d07d3e71171ea3125d4462e8e509170f7c3e3370", + "revisionTime": "2018-02-10T20:57:58Z" }, { - "checksumSHA1": "1Ph3iTUD8qltjH/epRUekhZJtpE=", + "checksumSHA1": "2K1kJ8yH2sMzuGH2aBpvbaXE+ao=", "path": "github.com/docker/docker/pkg/idtools", - "revision": "2c05aefc99d33edde47b08e38978b6c2f4178648", - "revisionTime": "2018-01-26T18:54:30Z" + "revision": "d07d3e71171ea3125d4462e8e509170f7c3e3370", + "revisionTime": "2018-02-10T20:57:58Z" }, { - "checksumSHA1": "wKmQTsMHTMj8ptkg1PS8zphChQk=", + "checksumSHA1": "4fV83jYhuLK2IGZBakU8ze5gv8g=", "path": "github.com/docker/docker/pkg/ioutils", - "revision": "2c05aefc99d33edde47b08e38978b6c2f4178648", - "revisionTime": "2018-01-26T18:54:30Z" + "revision": "d07d3e71171ea3125d4462e8e509170f7c3e3370", + "revisionTime": "2018-02-10T20:57:58Z" }, { - "checksumSHA1": "g3RZfMeU7DDreHT4gQcdc3Bf784=", + "checksumSHA1": "oyPIJ8MIaiUkzXR++FBLUWMME1w=", "path": "github.com/docker/docker/pkg/jsonmessage", - "revision": "2c05aefc99d33edde47b08e38978b6c2f4178648", - "revisionTime": "2018-01-26T18:54:30Z" + "revision": "d07d3e71171ea3125d4462e8e509170f7c3e3370", + "revisionTime": "2018-02-10T20:57:58Z" }, { - "checksumSHA1": "ndnAFCfsGC3upNQ6jAEwzxcurww=", + "checksumSHA1": "EXiIm2xIL7Ds+YsQUx8Z3eUYPtI=", "path": "github.com/docker/docker/pkg/longpath", - "revision": "2c05aefc99d33edde47b08e38978b6c2f4178648", - "revisionTime": "2018-01-26T18:54:30Z" + "revision": "d07d3e71171ea3125d4462e8e509170f7c3e3370", + "revisionTime": "2018-02-10T20:57:58Z" }, { - "checksumSHA1": "frV26dc+5KCDfzgsnn6a6reStmo=", + "checksumSHA1": "xECKp9YgkjBo5Sfe+QdQF6F4mAs=", "path": "github.com/docker/docker/pkg/mount", - "revision": "2c05aefc99d33edde47b08e38978b6c2f4178648", - "revisionTime": "2018-01-26T18:54:30Z" + "revision": "d07d3e71171ea3125d4462e8e509170f7c3e3370", + "revisionTime": "2018-02-10T20:57:58Z" }, { - "checksumSHA1": "cS0+jrjme0j9GX8LLcioQ7ZOBsQ=", + "checksumSHA1": "dj8atalGWftfM9vdzCsh9YF1Seg=", "path": "github.com/docker/docker/pkg/pools", - "revision": "2c05aefc99d33edde47b08e38978b6c2f4178648", - "revisionTime": "2018-01-26T18:54:30Z" + "revision": "d07d3e71171ea3125d4462e8e509170f7c3e3370", + "revisionTime": "2018-02-10T20:57:58Z" }, { - "checksumSHA1": "H1rrbVmeE1z2TnkF7tSrfh+qUOY=", + "checksumSHA1": "qSXbkyhz4Q4QOhfZbes8/WK0w/Q=", "path": "github.com/docker/docker/pkg/stdcopy", - "revision": "2c05aefc99d33edde47b08e38978b6c2f4178648", - "revisionTime": "2018-01-26T18:54:30Z" + "revision": "d07d3e71171ea3125d4462e8e509170f7c3e3370", + "revisionTime": "2018-02-10T20:57:58Z" }, { - "checksumSHA1": "K2cj8fAeVtWaHC1TjD3QMn/wdcs=", + "checksumSHA1": "Eigpda7D/3vh5GLFD/UqsqvKSiE=", "path": "github.com/docker/docker/pkg/system", - "revision": "2c05aefc99d33edde47b08e38978b6c2f4178648", - "revisionTime": "2018-01-26T18:54:30Z" + "revision": "d07d3e71171ea3125d4462e8e509170f7c3e3370", + "revisionTime": "2018-02-10T20:57:58Z" }, { - "checksumSHA1": "loYZQ9ub/tR5Wi3WR/tF9SJ6DuU=", + "checksumSHA1": "dYvOgXOXzosSiK6gaZDGnb5Uv2A=", "path": "github.com/docker/docker/pkg/term", - "revision": "2c05aefc99d33edde47b08e38978b6c2f4178648", - "revisionTime": "2018-01-26T18:54:30Z" + "revision": "d07d3e71171ea3125d4462e8e509170f7c3e3370", + "revisionTime": "2018-02-10T20:57:58Z" }, { - "checksumSHA1": "NcljihOPc95QOyQAdufyy3eqKSU=", + "checksumSHA1": "RbKd6O8P1UnaoxbdmV6eukac69M=", "path": "github.com/docker/docker/pkg/term/windows", - "revision": "2c05aefc99d33edde47b08e38978b6c2f4178648", - "revisionTime": "2018-01-26T18:54:30Z" + "revision": "d07d3e71171ea3125d4462e8e509170f7c3e3370", + "revisionTime": "2018-02-10T20:57:58Z" }, { - "checksumSHA1": "JbiWTzH699Sqz25XmDlsARpMN9w=", + "checksumSHA1": "1IPGX6/BnX7QN4DjbBk0UafTB2U=", "path": "github.com/docker/go-connections/nat", - "revision": "3ede32e2033de7505e6500d6c868c2b9ed9f169d", - "revisionTime": "2017-06-23T20:36:43Z" + "revision": "f93969bf7d9f98c09610cc485214a6300944bd18", + "revisionTime": "2018-02-05T06:57:25Z" }, { "checksumSHA1": "kP4hqQGUNNXhgYxgB4AMWfNvmnA=", @@ -768,6 +786,12 @@ "revision": "2b2d787eb38e28ce4fd906321d717af19fad26a6", "revisionTime": "2016-06-27T13:04:34Z" }, + { + "checksumSHA1": "tJd2T/eyW6ejAev7WzGxTeUVOPQ=", + "path": "github.com/dustin/go-humanize", + "revision": "bb3d318650d48840a39aa21a027c6630e198e626", + "revisionTime": "2017-11-10T20:55:13Z" + }, { "checksumSHA1": "5BP5xofo0GoFi6FtgqFFbmHyUKI=", "path": "github.com/fatih/structs", @@ -775,10 +799,10 @@ "revisionTime": "2018-01-23T06:50:59Z" }, { - "checksumSHA1": "J4QLTT1+aWGSEm9NQX0Lh+bt854=", + "checksumSHA1": "ppCfV9U+QopXJ0Pq1cYAGU7wsuI=", "path": "github.com/fsouza/go-dockerclient", - "revision": "baaca7fd31e6f5f73b7b44421759f1035a0a5fa3", - "revisionTime": "2018-01-26T01:49:09Z" + "revision": "a2e072cb4fe7c4b5962e74e38e3c256c053f6132", + "revisionTime": "2018-02-02T13:34:58Z" }, { "checksumSHA1": "BjjcPf2i7KfBnVazHZCAe9xn6jY=", @@ -817,52 +841,52 @@ "revisionTime": "2018-01-25T05:47:45Z" }, { - "checksumSHA1": "zQExLKHzTZIidp3KhhOivIUyxJM=", + "checksumSHA1": "989p8YX+h2GxOFWhUMvh1O/K3rc=", "path": "github.com/gocql/gocql", - "revision": "dd47639f787e8583e1a13e17e20a9f6c4332bc29", - "revisionTime": "2018-01-23T13:03:47Z" + "revision": "1303a32993a1242a6fb58dc497a3b8a54ffd257d", + "revisionTime": "2018-02-05T13:46:42Z" }, { "checksumSHA1": "7RlYIbPYgPkxDDCSEuE6bvYEEeU=", "path": "github.com/gocql/gocql/internal/lru", - "revision": "dd47639f787e8583e1a13e17e20a9f6c4332bc29", - "revisionTime": "2018-01-23T13:03:47Z" + "revision": "1303a32993a1242a6fb58dc497a3b8a54ffd257d", + "revisionTime": "2018-02-05T13:46:42Z" }, { "checksumSHA1": "puCAbQOdeajpTEFssPsgeskXB+8=", "path": "github.com/gocql/gocql/internal/murmur", - "revision": "dd47639f787e8583e1a13e17e20a9f6c4332bc29", - "revisionTime": "2018-01-23T13:03:47Z" + "revision": "1303a32993a1242a6fb58dc497a3b8a54ffd257d", + "revisionTime": "2018-02-05T13:46:42Z" }, { "checksumSHA1": "tZQDfMMTKrYMXqen0zjJWLtOf1A=", "path": "github.com/gocql/gocql/internal/streams", - "revision": "dd47639f787e8583e1a13e17e20a9f6c4332bc29", - "revisionTime": "2018-01-23T13:03:47Z" + "revision": "1303a32993a1242a6fb58dc497a3b8a54ffd257d", + "revisionTime": "2018-02-05T13:46:42Z" }, { "checksumSHA1": "FhLvgtYfuKY0ow9wtLJRoeg7d6w=", "path": "github.com/gogo/protobuf/gogoproto", - "revision": "26de2f9a7d3b1826f275e7a97c8cad5080589426", - "revisionTime": "2018-01-21T16:00:31Z" + "revision": "43a6153f8c1fc6068a7797e53f8a640222248e0e", + "revisionTime": "2018-02-08T20:01:35Z" }, { - "checksumSHA1": "wn2shNJMwRZpvuvkf1s7h0wvqHI=", + "checksumSHA1": "nTHr8B2CPLP8kcJRtBEXluFvzUY=", "path": "github.com/gogo/protobuf/proto", - "revision": "26de2f9a7d3b1826f275e7a97c8cad5080589426", - "revisionTime": "2018-01-21T16:00:31Z" + "revision": "43a6153f8c1fc6068a7797e53f8a640222248e0e", + "revisionTime": "2018-02-08T20:01:35Z" }, { - "checksumSHA1": "F+PKpdY6PyIrxQ8b20TzsM+1JuI=", + "checksumSHA1": "Vym+ueo+9xbr7CjKbXjxIkUw5cI=", "path": "github.com/gogo/protobuf/protoc-gen-gogo/descriptor", - "revision": "26de2f9a7d3b1826f275e7a97c8cad5080589426", - "revisionTime": "2018-01-21T16:00:31Z" + "revision": "43a6153f8c1fc6068a7797e53f8a640222248e0e", + "revisionTime": "2018-02-08T20:01:35Z" }, { "checksumSHA1": "HPVQZu059/Rfw2bAWM538bVTcUc=", "path": "github.com/gogo/protobuf/sortkeys", - "revision": "26de2f9a7d3b1826f275e7a97c8cad5080589426", - "revisionTime": "2018-01-21T16:00:31Z" + "revision": "43a6153f8c1fc6068a7797e53f8a640222248e0e", + "revisionTime": "2018-02-08T20:01:35Z" }, { "checksumSHA1": "HmbftipkadrLlCfzzVQ+iFHbl6g=", @@ -873,38 +897,38 @@ { "checksumSHA1": "WX1+2gktHcBmE9MGwFSGs7oqexU=", "path": "github.com/golang/protobuf/proto", - "revision": "925541529c1fa6821df4e44ce2723319eb2be768", - "revisionTime": "2018-01-25T21:43:03Z" + "revision": "bbd03ef6da3a115852eaf24c8a1c46aeb39aa175", + "revisionTime": "2018-02-02T18:43:18Z" }, { "checksumSHA1": "XNHQiRltA7NQJV0RvUroY+cf+zg=", "path": "github.com/golang/protobuf/protoc-gen-go/descriptor", - "revision": "925541529c1fa6821df4e44ce2723319eb2be768", - "revisionTime": "2018-01-25T21:43:03Z" + "revision": "bbd03ef6da3a115852eaf24c8a1c46aeb39aa175", + "revisionTime": "2018-02-02T18:43:18Z" }, { "checksumSHA1": "VfkiItDBFFkZluaAMAzJipDXNBY=", "path": "github.com/golang/protobuf/ptypes", - "revision": "925541529c1fa6821df4e44ce2723319eb2be768", - "revisionTime": "2018-01-25T21:43:03Z" + "revision": "bbd03ef6da3a115852eaf24c8a1c46aeb39aa175", + "revisionTime": "2018-02-02T18:43:18Z" }, { "checksumSHA1": "UB9scpDxeFjQe5tEthuR4zCLRu4=", "path": "github.com/golang/protobuf/ptypes/any", - "revision": "925541529c1fa6821df4e44ce2723319eb2be768", - "revisionTime": "2018-01-25T21:43:03Z" + "revision": "bbd03ef6da3a115852eaf24c8a1c46aeb39aa175", + "revisionTime": "2018-02-02T18:43:18Z" }, { "checksumSHA1": "hUjAj0dheFVDl84BAnSWj9qy2iY=", "path": "github.com/golang/protobuf/ptypes/duration", - "revision": "925541529c1fa6821df4e44ce2723319eb2be768", - "revisionTime": "2018-01-25T21:43:03Z" + "revision": "bbd03ef6da3a115852eaf24c8a1c46aeb39aa175", + "revisionTime": "2018-02-02T18:43:18Z" }, { "checksumSHA1": "O2ItP5rmfrgxPufhjJXbFlXuyL8=", "path": "github.com/golang/protobuf/ptypes/timestamp", - "revision": "925541529c1fa6821df4e44ce2723319eb2be768", - "revisionTime": "2018-01-25T21:43:03Z" + "revision": "bbd03ef6da3a115852eaf24c8a1c46aeb39aa175", + "revisionTime": "2018-02-02T18:43:18Z" }, { "checksumSHA1": "p/8vSviYF91gFflhrt5vkyksroo=", @@ -913,10 +937,10 @@ "revisionTime": "2017-02-15T23:32:05Z" }, { - "checksumSHA1": "JnNT0F64A0ldFIgTWCrMM8lttuE=", + "checksumSHA1": "u0rj5HBwrAYx7nbYg4Hsfppf7B4=", "path": "github.com/google/go-github/github", - "revision": "e48060a28fac52d0f1cb758bc8b87c07bac4a87d", - "revisionTime": "2018-01-25T18:59:44Z" + "revision": "08e68b58d6369e25c2375020353d0d642aa4b2b1", + "revisionTime": "2018-02-05T18:50:56Z" }, { "checksumSHA1": "p3IB18uJRs4dL2K5yx24MrLYE9A=", @@ -949,16 +973,16 @@ "revisionTime": "2016-01-25T11:53:50Z" }, { - "checksumSHA1": "B7N8ClCrkhPc4G13oY4NxXZPm90=", + "checksumSHA1": "hfyI2np1b0xbIvh091FkDQcNgSc=", "path": "github.com/hashicorp/consul/api", - "revision": "842ae5a248a48a7216998ee8d7c5f271356c9fcf", - "revisionTime": "2018-01-26T16:45:13Z" + "revision": "c3e94970a09db21b1a3de947ae28577980a18161", + "revisionTime": "2018-02-10T00:02:27Z" }, { - "checksumSHA1": "TVMLsjjhvvLoL51C/AJ33uttQQ4=", + "checksumSHA1": "Nrh9BhiivRyJiuPzttstmq9xl/w=", "path": "github.com/hashicorp/consul/lib", - "revision": "842ae5a248a48a7216998ee8d7c5f271356c9fcf", - "revisionTime": "2018-01-26T16:45:13Z" + "revision": "c3e94970a09db21b1a3de947ae28577980a18161", + "revisionTime": "2018-02-10T00:02:27Z" }, { "checksumSHA1": "cdOCt0Yb+hdErz8NAQqayxPmRsY=", @@ -979,10 +1003,10 @@ "revisionTime": "2018-01-22T23:24:01Z" }, { - "checksumSHA1": "Cas2nprG6pWzf05A2F/OlnjUu2Y=", + "checksumSHA1": "y+AeKVZoX0gB+DZW4Arzkb3tTVc=", "path": "github.com/hashicorp/go-immutable-radix", - "revision": "59b67882ec612f43b9d4c4fd97cebd507be4b3ee", - "revisionTime": "2018-01-16T18:04:02Z" + "revision": "7f3cd4390caab3250a57f30efdb2a65dd7649ecf", + "revisionTime": "2018-01-29T17:09:00Z" }, { "checksumSHA1": "2JVfMLNCW8hfVlPAwAHlOX4HW2s=", @@ -1021,10 +1045,10 @@ "revisionTime": "2016-05-03T14:34:40Z" }, { - "checksumSHA1": "eCWvhgknHMj5K19ePPjIA3l401Q=", + "checksumSHA1": "pTsxSJWLs/MPY8yOHNsVoZ/0yaA=", "path": "github.com/hashicorp/go-sockaddr", - "revision": "9b4c5fa5b10a683339a270d664474b9f4aee62fc", - "revisionTime": "2017-10-30T10:43:12Z" + "revision": "7165ee14aff120ee3642aa2bcf2dea8eebef29c3", + "revisionTime": "2018-02-07T23:16:36Z" }, { "checksumSHA1": "qh5vA7tAEfJWJTkJm6H+kWg+ztU=", @@ -1045,16 +1069,16 @@ "revisionTime": "2017-11-29T15:08:20Z" }, { - "checksumSHA1": "d9PxF1XQGLMJZRct2R8qVM/eYlE=", + "checksumSHA1": "UquR8kc0nKU285HwLbkievlLQz4=", "path": "github.com/hashicorp/golang-lru", - "revision": "0a025b7e63adc15a622f29b0b2c4c3848243bbf6", - "revisionTime": "2016-08-13T22:13:03Z" + "revision": "0fb14efe8c47ae851c0034ed7a448854d3d34cf3", + "revisionTime": "2018-02-01T23:52:37Z" }, { - "checksumSHA1": "9hffs0bAIU6CquiRhKQdzjHnKt0=", + "checksumSHA1": "8Z637dcPkbR5HdLQQBp/9jTbx9Y=", "path": "github.com/hashicorp/golang-lru/simplelru", - "revision": "0a025b7e63adc15a622f29b0b2c4c3848243bbf6", - "revisionTime": "2016-08-13T22:13:03Z" + "revision": "0fb14efe8c47ae851c0034ed7a448854d3d34cf3", + "revisionTime": "2018-02-01T23:52:37Z" }, { "checksumSHA1": "HtpYAWHvd9mq+mHkpo7z8PGzMik=", @@ -1117,46 +1141,46 @@ "revisionTime": "2017-10-17T18:19:29Z" }, { - "checksumSHA1": "Lm9qPECkL3yJ2pleU+Lzjlr29e0=", + "checksumSHA1": "rqMUsuunjuk0tI9MzUO2sddI38Y=", "path": "github.com/hashicorp/memberlist", - "revision": "3d8438da9589e7b608a83ffac1ef8211486bcb7c", - "revisionTime": "2017-12-01T18:43:01Z" + "revision": "2288bf30e9c8d7b5f6549bf62e07120d72fd4b6c", + "revisionTime": "2018-02-09T03:39:01Z" }, { - "checksumSHA1": "M+xwxeCV2cTrHxrxMUHDD6X/ReU=", + "checksumSHA1": "5ePeYzR8cWZsOQ836Q1zn5Fw5pU=", "path": "github.com/hashicorp/nomad/api", - "revision": "71f89bb1bbe37453b6698d945e36efd2eab8bebe", - "revisionTime": "2018-01-25T00:12:21Z" + "revision": "c7c4564f1d51426fa0c309987a06f83705889e4c", + "revisionTime": "2018-02-09T04:40:38Z" }, { "checksumSHA1": "fqswK1Rf5F7cRNG+UHgY/gQFC78=", "path": "github.com/hashicorp/nomad/api/contexts", - "revision": "71f89bb1bbe37453b6698d945e36efd2eab8bebe", - "revisionTime": "2018-01-25T00:12:21Z" + "revision": "c7c4564f1d51426fa0c309987a06f83705889e4c", + "revisionTime": "2018-02-09T04:40:38Z" }, { "checksumSHA1": "kc17FtLJc0ZNuYc1bdAoiVSkChc=", "path": "github.com/hashicorp/nomad/helper", - "revision": "71f89bb1bbe37453b6698d945e36efd2eab8bebe", - "revisionTime": "2018-01-25T00:12:21Z" + "revision": "c7c4564f1d51426fa0c309987a06f83705889e4c", + "revisionTime": "2018-02-09T04:40:38Z" }, { "checksumSHA1": "mSCo/iZUEOSpeX5NsGZZzFMJqto=", "path": "github.com/hashicorp/nomad/helper/uuid", - "revision": "71f89bb1bbe37453b6698d945e36efd2eab8bebe", - "revisionTime": "2018-01-25T00:12:21Z" + "revision": "c7c4564f1d51426fa0c309987a06f83705889e4c", + "revisionTime": "2018-02-09T04:40:38Z" }, { "checksumSHA1": "0PeWsO2aI+2PgVYlYlDPKfzCLEQ=", "path": "github.com/hashicorp/serf/coordinate", - "revision": "b6017ae61f4420ed0c02d5eeeb9ff3fc02953f14", - "revisionTime": "2018-01-19T22:43:00Z" + "revision": "f691397e8ac68567567febc6dc1db9d9da0161ec", + "revisionTime": "2018-02-03T00:31:27Z" }, { "checksumSHA1": "QGImnWfhk0ILLZszcf3vRs/Ft7g=", "path": "github.com/hashicorp/serf/serf", - "revision": "b6017ae61f4420ed0c02d5eeeb9ff3fc02953f14", - "revisionTime": "2018-01-19T22:43:00Z" + "revision": "f691397e8ac68567567febc6dc1db9d9da0161ec", + "revisionTime": "2018-02-03T00:31:27Z" }, { "checksumSHA1": "Dse2mmAcxZoMoe6xjhP1uZ6zbiU=", @@ -1195,88 +1219,88 @@ "revisionTime": "2016-07-21T23:51:17Z" }, { - "checksumSHA1": "Adg9cGxAPUBM/TQa7ukfYEoZJAA=", + "checksumSHA1": "blwbl9vPvRLtL5QlZgfpLvsFiZ4=", "path": "github.com/jmespath/go-jmespath", - "revision": "dd801d4f4ce7ac746e7e7b4489d2fa600b3b096b", - "revisionTime": "2017-11-20T06:35:26Z" + "revision": "c2b33e8439af944379acbdd9c3a5fe0bc44bd8a5", + "revisionTime": "2018-02-06T20:15:40Z" }, { "checksumSHA1": "VJk3rOWfxEV9Ilig5lgzH1qg8Ss=", "path": "github.com/keybase/go-crypto/brainpool", - "revision": "2d22b6e67049389f2b93ab4bcb4e2694f844db62", - "revisionTime": "2018-01-03T17:24:28Z" + "revision": "8bab6ce2ea76875dcf28c287110f9cdf17fee30c", + "revisionTime": "2018-01-30T15:54:09Z" }, { "checksumSHA1": "rnRjEJs5luF+DIXp2J6LFcQk8Gg=", "path": "github.com/keybase/go-crypto/cast5", - "revision": "2d22b6e67049389f2b93ab4bcb4e2694f844db62", - "revisionTime": "2018-01-03T17:24:28Z" + "revision": "8bab6ce2ea76875dcf28c287110f9cdf17fee30c", + "revisionTime": "2018-01-30T15:54:09Z" }, { "checksumSHA1": "F5++ZQS5Vt7hd6lxPCKTffvph1A=", "path": "github.com/keybase/go-crypto/curve25519", - "revision": "2d22b6e67049389f2b93ab4bcb4e2694f844db62", - "revisionTime": "2018-01-03T17:24:28Z" + "revision": "8bab6ce2ea76875dcf28c287110f9cdf17fee30c", + "revisionTime": "2018-01-30T15:54:09Z" }, { "checksumSHA1": "IvrDXwIixB5yPPbo6tq1/1cSn78=", "path": "github.com/keybase/go-crypto/ed25519", - "revision": "2d22b6e67049389f2b93ab4bcb4e2694f844db62", - "revisionTime": "2018-01-03T17:24:28Z" + "revision": "8bab6ce2ea76875dcf28c287110f9cdf17fee30c", + "revisionTime": "2018-01-30T15:54:09Z" }, { "checksumSHA1": "4+fslB6pCbplNq4viy6CrOkkY6Y=", "path": "github.com/keybase/go-crypto/ed25519/internal/edwards25519", - "revision": "2d22b6e67049389f2b93ab4bcb4e2694f844db62", - "revisionTime": "2018-01-03T17:24:28Z" + "revision": "8bab6ce2ea76875dcf28c287110f9cdf17fee30c", + "revisionTime": "2018-01-30T15:54:09Z" }, { "checksumSHA1": "ZpRdb5OIjExm3FCm7CTc8TtSBy8=", "path": "github.com/keybase/go-crypto/openpgp", - "revision": "2d22b6e67049389f2b93ab4bcb4e2694f844db62", - "revisionTime": "2018-01-03T17:24:28Z" + "revision": "8bab6ce2ea76875dcf28c287110f9cdf17fee30c", + "revisionTime": "2018-01-30T15:54:09Z" }, { - "checksumSHA1": "cdgDXvGPDDsu5OwRLxYeHRdb8hI=", + "checksumSHA1": "tin/wcIHur1IM0n5f5u8nlZ/J6U=", "path": "github.com/keybase/go-crypto/openpgp/armor", - "revision": "2d22b6e67049389f2b93ab4bcb4e2694f844db62", - "revisionTime": "2018-01-03T17:24:28Z" + "revision": "8bab6ce2ea76875dcf28c287110f9cdf17fee30c", + "revisionTime": "2018-01-30T15:54:09Z" }, { "checksumSHA1": "nWhmwjBJqPSvkCWqaap2Z9EiS1k=", "path": "github.com/keybase/go-crypto/openpgp/ecdh", - "revision": "2d22b6e67049389f2b93ab4bcb4e2694f844db62", - "revisionTime": "2018-01-03T17:24:28Z" + "revision": "8bab6ce2ea76875dcf28c287110f9cdf17fee30c", + "revisionTime": "2018-01-30T15:54:09Z" }, { "checksumSHA1": "uxXG9IC/XF8jwwvZUbW65+x8/+M=", "path": "github.com/keybase/go-crypto/openpgp/elgamal", - "revision": "2d22b6e67049389f2b93ab4bcb4e2694f844db62", - "revisionTime": "2018-01-03T17:24:28Z" + "revision": "8bab6ce2ea76875dcf28c287110f9cdf17fee30c", + "revisionTime": "2018-01-30T15:54:09Z" }, { "checksumSHA1": "ofZhU2758YZAAGSEJ8UjFMQLc+k=", "path": "github.com/keybase/go-crypto/openpgp/errors", - "revision": "2d22b6e67049389f2b93ab4bcb4e2694f844db62", - "revisionTime": "2018-01-03T17:24:28Z" + "revision": "8bab6ce2ea76875dcf28c287110f9cdf17fee30c", + "revisionTime": "2018-01-30T15:54:09Z" }, { "checksumSHA1": "T7jstUu+oy2AVhZT/Md7R2lY8LM=", "path": "github.com/keybase/go-crypto/openpgp/packet", - "revision": "2d22b6e67049389f2b93ab4bcb4e2694f844db62", - "revisionTime": "2018-01-03T17:24:28Z" + "revision": "8bab6ce2ea76875dcf28c287110f9cdf17fee30c", + "revisionTime": "2018-01-30T15:54:09Z" }, { "checksumSHA1": "BGDxg1Xtsz0DSPzdQGJLLQqfYc8=", "path": "github.com/keybase/go-crypto/openpgp/s2k", - "revision": "2d22b6e67049389f2b93ab4bcb4e2694f844db62", - "revisionTime": "2018-01-03T17:24:28Z" + "revision": "8bab6ce2ea76875dcf28c287110f9cdf17fee30c", + "revisionTime": "2018-01-30T15:54:09Z" }, { "checksumSHA1": "rE3pp7b3gfcmBregzpIvN5IdFhY=", "path": "github.com/keybase/go-crypto/rsa", - "revision": "2d22b6e67049389f2b93ab4bcb4e2694f844db62", - "revisionTime": "2018-01-03T17:24:28Z" + "revision": "8bab6ce2ea76875dcf28c287110f9cdf17fee30c", + "revisionTime": "2018-01-30T15:54:09Z" }, { "checksumSHA1": "uulQHQ7IsRKqDudBC8Go9J0gtAc=", @@ -1287,14 +1311,14 @@ { "checksumSHA1": "V1a5/Ra9HXKNuArt5WKUqu+Jxt8=", "path": "github.com/lib/pq", - "revision": "19c8e9ad00952ce0c64489b60e8df88bb16dd514", - "revisionTime": "2018-01-19T15:11:48Z" + "revision": "88edab0803230a3898347e77b474f8c1820a1f20", + "revisionTime": "2018-02-01T18:47:07Z" }, { "checksumSHA1": "AU3fA8Sm33Vj9PBoRPSeYfxLRuE=", "path": "github.com/lib/pq/oid", - "revision": "19c8e9ad00952ce0c64489b60e8df88bb16dd514", - "revisionTime": "2018-01-19T15:11:48Z" + "revision": "88edab0803230a3898347e77b474f8c1820a1f20", + "revisionTime": "2018-02-01T18:47:07Z" }, { "checksumSHA1": "T9E+5mKBQ/BX4wlNxgaPfetxdeI=", @@ -1303,10 +1327,10 @@ "revisionTime": "2017-04-27T23:51:15Z" }, { - "checksumSHA1": "xpXl7e5TljYukrkekbCHh7uMyk8=", + "checksumSHA1": "SEnjvwVyfuU2xBaOfXfwPD5MZqk=", "path": "github.com/mattn/go-colorable", - "revision": "6cc8b475d4682021d75d2cbe2bc481bec4ce98e5", - "revisionTime": "2018-01-15T15:56:39Z" + "revision": "7dc3415be66d7cc68bf0182f35c8d31f8d2ad8a7", + "revisionTime": "2018-02-05T07:01:58Z" }, { "checksumSHA1": "w5RcOnfv5YDr3j2bd1YydkPiZx4=", @@ -1363,10 +1387,10 @@ "revisionTime": "2017-10-04T22:19:16Z" }, { - "checksumSHA1": "1JtAhgmRN0x794LRNhs0DJ5t8io=", + "checksumSHA1": "FpgODaspeA2JtrcagXl9JRY/i88=", "path": "github.com/mitchellh/mapstructure", - "revision": "b4575eea38cca1123ec2dc90c26529b5c5acfcff", - "revisionTime": "2018-01-11T00:07:20Z" + "revision": "a4e142e9c047c904fa2f1e144d9a84e6133024bc", + "revisionTime": "2018-02-03T10:28:30Z" }, { "checksumSHA1": "AMU63CNOg4XmIhVR/S/Xttt1/f0=", @@ -1395,26 +1419,26 @@ { "checksumSHA1": "ZGlIwSRjdLYCUII7JLE++N4w7Xc=", "path": "github.com/opencontainers/image-spec/specs-go", - "revision": "577479e4dc273d3779f00c223c7e0dba4cd6b8b0", - "revisionTime": "2017-11-25T02:40:18Z" + "revision": "149252121d044fddff670adcdc67f33148e16226", + "revisionTime": "2018-02-08T19:11:08Z" }, { "checksumSHA1": "jdbXRRzeu0njLE9/nCEZG+Yg/Jk=", "path": "github.com/opencontainers/image-spec/specs-go/v1", - "revision": "577479e4dc273d3779f00c223c7e0dba4cd6b8b0", - "revisionTime": "2017-11-25T02:40:18Z" + "revision": "149252121d044fddff670adcdc67f33148e16226", + "revisionTime": "2018-02-08T19:11:08Z" }, { "checksumSHA1": "tsnOAtUqj1ZRWilpG3Ovq/IyPDk=", "path": "github.com/opencontainers/runc/libcontainer/system", - "revision": "c4e4bb0df2fc7d1f3cd578a847b1c252d15b5702", - "revisionTime": "2018-01-25T15:09:09Z" + "revision": "a618ab5a0186905949ee463dbb762c3d23e12a80", + "revisionTime": "2018-02-08T15:28:41Z" }, { "checksumSHA1": "2qNNJI8F5B8fG9RU4cxrJy43I8s=", "path": "github.com/opencontainers/runc/libcontainer/user", - "revision": "c4e4bb0df2fc7d1f3cd578a847b1c252d15b5702", - "revisionTime": "2018-01-25T15:09:09Z" + "revision": "a618ab5a0186905949ee463dbb762c3d23e12a80", + "revisionTime": "2018-02-08T15:28:41Z" }, { "checksumSHA1": "wJWRH5ORhyIO29LxvA/Sug1skF0=", @@ -1435,10 +1459,10 @@ "revisionTime": "2018-01-22T19:00:07Z" }, { - "checksumSHA1": "xCv4GBFyw07vZkVtKF/XrUnkHRk=", + "checksumSHA1": "ljd3FhYRJ91cLZz3wsH9BQQ2JbA=", "path": "github.com/pkg/errors", - "revision": "e881fd58d78e04cf6d0de1217f8707c8cc2249bc", - "revisionTime": "2017-12-16T07:03:16Z" + "revision": "30136e27e2ac8d167177e8a583aa4c3fea5be833", + "revisionTime": "2018-01-27T01:58:12Z" }, { "checksumSHA1": "eKclqCehbe7JsvlemLF7TfjMWf0=", @@ -1513,22 +1537,22 @@ "revisionTime": "2017-03-13T16:33:22Z" }, { - "checksumSHA1": "0V9YhjDv2UlkQaAbSK41fzlx3JA=", + "checksumSHA1": "WKM6mnULSA223qnzHiuketiTzEw=", "path": "github.com/sethgrid/pester", - "revision": "760f8913c0483b776294e1bee43f1d687527127b", - "revisionTime": "2017-11-27T02:50:28Z" + "revision": "1808e6f72af9682aaae9189a91c6bb9b416297ca", + "revisionTime": "2018-02-01T15:35:47Z" }, { - "checksumSHA1": "ySaT8G3I3y4MmnoXOYAAX0rC+p8=", + "checksumSHA1": "7VrRVHHEc37zSSPAQaj+5jRWhzo=", "path": "github.com/sirupsen/logrus", - "revision": "d682213848ed68c0a260ca37d6dd5ace8423f5ba", - "revisionTime": "2017-12-05T20:32:29Z" + "revision": "9f91ab2ef97544cdca176a1fb9165f2cf6fd709b", + "revisionTime": "2018-02-07T18:27:17Z" }, { - "checksumSHA1": "fKq6NiaqP3DFxnCRF5mmpJWTSUA=", + "checksumSHA1": "OJsSYyzbBLtTqWayX2cvg/zI68o=", "path": "github.com/spf13/pflag", - "revision": "4c012f6dcd9546820e378d0bdda4d8fc772cdfea", - "revisionTime": "2017-11-06T14:28:49Z" + "revision": "6a877ebacf28c5fc79846f4fcd380a5d9872b997", + "revisionTime": "2018-02-08T21:53:15Z" }, { "checksumSHA1": "2xcr/mhxBFlDjpxe/Mc2Wb4RGR8=", @@ -1537,112 +1561,112 @@ "revisionTime": "2015-04-27T01:28:21Z" }, { - "checksumSHA1": "s+pk+d9XCjBkyUdHOwdB39FHaPQ=", + "checksumSHA1": "UQlV1TiV2ICpxFR7zPGmTD5Yj+Y=", "path": "github.com/ugorji/go/codec", - "revision": "9831f2c3ac1068a78f50999a30db84270f647af6", - "revisionTime": "2018-01-12T14:19:27Z" + "revision": "b5b949564861e43a03568a0b134c135cf318e5c8", + "revisionTime": "2018-02-05T16:51:14Z" }, { "checksumSHA1": "oCH3J96RWvO8W4xjix47PModpio=", "path": "golang.org/x/crypto/bcrypt", - "revision": "0efb9460aaf800c6376acf625be2853bceac2e06", - "revisionTime": "2018-01-24T03:37:23Z" + "revision": "5119cf507ed5294cc409c092980c7497ee5d6fd2", + "revisionTime": "2018-01-22T10:39:14Z" }, { "checksumSHA1": "oVPHWesOmZ02vLq2fglGvf+AMgk=", "path": "golang.org/x/crypto/blowfish", - "revision": "0efb9460aaf800c6376acf625be2853bceac2e06", - "revisionTime": "2018-01-24T03:37:23Z" + "revision": "5119cf507ed5294cc409c092980c7497ee5d6fd2", + "revisionTime": "2018-01-22T10:39:14Z" }, { "checksumSHA1": "IQkUIOnvlf0tYloFx9mLaXSvXWQ=", "path": "golang.org/x/crypto/curve25519", - "revision": "0efb9460aaf800c6376acf625be2853bceac2e06", - "revisionTime": "2018-01-24T03:37:23Z" + "revision": "5119cf507ed5294cc409c092980c7497ee5d6fd2", + "revisionTime": "2018-01-22T10:39:14Z" }, { "checksumSHA1": "1hwn8cgg4EVXhCpJIqmMbzqnUo0=", "path": "golang.org/x/crypto/ed25519", - "revision": "0efb9460aaf800c6376acf625be2853bceac2e06", - "revisionTime": "2018-01-24T03:37:23Z" + "revision": "5119cf507ed5294cc409c092980c7497ee5d6fd2", + "revisionTime": "2018-01-22T10:39:14Z" }, { "checksumSHA1": "LXFcVx8I587SnWmKycSDEq9yvK8=", "path": "golang.org/x/crypto/ed25519/internal/edwards25519", - "revision": "0efb9460aaf800c6376acf625be2853bceac2e06", - "revisionTime": "2018-01-24T03:37:23Z" + "revision": "5119cf507ed5294cc409c092980c7497ee5d6fd2", + "revisionTime": "2018-01-22T10:39:14Z" }, { "checksumSHA1": "4D8hxMIaSDEW5pCQk22Xj4DcDh4=", "path": "golang.org/x/crypto/hkdf", - "revision": "0efb9460aaf800c6376acf625be2853bceac2e06", - "revisionTime": "2018-01-24T03:37:23Z" + "revision": "5119cf507ed5294cc409c092980c7497ee5d6fd2", + "revisionTime": "2018-01-22T10:39:14Z" }, { "checksumSHA1": "hfABw6DX9B4Ma+88qDDGz9qY45s=", "path": "golang.org/x/crypto/internal/chacha20", - "revision": "0efb9460aaf800c6376acf625be2853bceac2e06", - "revisionTime": "2018-01-24T03:37:23Z" + "revision": "5119cf507ed5294cc409c092980c7497ee5d6fd2", + "revisionTime": "2018-01-22T10:39:14Z" }, { "checksumSHA1": "MCeXr2RNeiG1XG6V+er1OR0qyeo=", "path": "golang.org/x/crypto/md4", - "revision": "0efb9460aaf800c6376acf625be2853bceac2e06", - "revisionTime": "2018-01-24T03:37:23Z" + "revision": "5119cf507ed5294cc409c092980c7497ee5d6fd2", + "revisionTime": "2018-01-22T10:39:14Z" }, { "checksumSHA1": "kVKE0OX1Xdw5mG7XKT86DLLKE2I=", "path": "golang.org/x/crypto/poly1305", - "revision": "0efb9460aaf800c6376acf625be2853bceac2e06", - "revisionTime": "2018-01-24T03:37:23Z" + "revision": "5119cf507ed5294cc409c092980c7497ee5d6fd2", + "revisionTime": "2018-01-22T10:39:14Z" }, { - "checksumSHA1": "Wy1ExvSqSli5OSnOwCknLUR77o4=", + "checksumSHA1": "ZK4HWtg3hJzayz0RRcc6qHpkums=", "path": "golang.org/x/crypto/ssh", - "revision": "0efb9460aaf800c6376acf625be2853bceac2e06", - "revisionTime": "2018-01-24T03:37:23Z" + "revision": "5119cf507ed5294cc409c092980c7497ee5d6fd2", + "revisionTime": "2018-01-22T10:39:14Z" }, { "checksumSHA1": "NMRX0onGReaL9IfLr0XQ3kl5Id0=", "path": "golang.org/x/crypto/ssh/agent", - "revision": "0efb9460aaf800c6376acf625be2853bceac2e06", - "revisionTime": "2018-01-24T03:37:23Z" + "revision": "5119cf507ed5294cc409c092980c7497ee5d6fd2", + "revisionTime": "2018-01-22T10:39:14Z" }, { "checksumSHA1": "6U7dCaxxIMjf5V02iWgyAwppczw=", "path": "golang.org/x/crypto/ssh/terminal", - "revision": "0efb9460aaf800c6376acf625be2853bceac2e06", - "revisionTime": "2018-01-24T03:37:23Z" + "revision": "5119cf507ed5294cc409c092980c7497ee5d6fd2", + "revisionTime": "2018-01-22T10:39:14Z" }, { "checksumSHA1": "uX2McdP4VcQ6zkAF0Q4oyd0rFtU=", "path": "golang.org/x/net/bpf", - "revision": "0ed95abb35c445290478a5348a7b38bb154135fd", - "revisionTime": "2018-01-24T06:08:02Z" + "revision": "f5dfe339be1d06f81b22525fe34671ee7d2c8904", + "revisionTime": "2018-02-04T03:50:36Z" }, { "checksumSHA1": "GtamqiJoL7PGHsN454AoffBFMa8=", "path": "golang.org/x/net/context", - "revision": "0ed95abb35c445290478a5348a7b38bb154135fd", - "revisionTime": "2018-01-24T06:08:02Z" + "revision": "f5dfe339be1d06f81b22525fe34671ee7d2c8904", + "revisionTime": "2018-02-04T03:50:36Z" }, { "checksumSHA1": "WHc3uByvGaMcnSoI21fhzYgbOgg=", "path": "golang.org/x/net/context/ctxhttp", - "revision": "0ed95abb35c445290478a5348a7b38bb154135fd", - "revisionTime": "2018-01-24T06:08:02Z" + "revision": "f5dfe339be1d06f81b22525fe34671ee7d2c8904", + "revisionTime": "2018-02-04T03:50:36Z" }, { "checksumSHA1": "uL4gYOb0zwNKV0/2r/Wt8r3mwvE=", "path": "golang.org/x/net/http2", - "revision": "0ed95abb35c445290478a5348a7b38bb154135fd", - "revisionTime": "2018-01-24T06:08:02Z" + "revision": "f5dfe339be1d06f81b22525fe34671ee7d2c8904", + "revisionTime": "2018-02-04T03:50:36Z" }, { "checksumSHA1": "ezWhc7n/FtqkLDQKeU2JbW+80tE=", "path": "golang.org/x/net/http2/hpack", - "revision": "0ed95abb35c445290478a5348a7b38bb154135fd", - "revisionTime": "2018-01-24T06:08:02Z" + "revision": "f5dfe339be1d06f81b22525fe34671ee7d2c8904", + "revisionTime": "2018-02-04T03:50:36Z" }, { "checksumSHA1": "RcrB7tgYS/GMW4QrwVdMOTNqIU8=", @@ -1653,182 +1677,182 @@ { "checksumSHA1": "5JWn/wMC+EWNDKI/AYE4JifQF54=", "path": "golang.org/x/net/internal/iana", - "revision": "0ed95abb35c445290478a5348a7b38bb154135fd", - "revisionTime": "2018-01-24T06:08:02Z" + "revision": "f5dfe339be1d06f81b22525fe34671ee7d2c8904", + "revisionTime": "2018-02-04T03:50:36Z" }, { "checksumSHA1": "WnI4058Oj6W4YSvyXAnK3qCKqvo=", "path": "golang.org/x/net/internal/socket", - "revision": "0ed95abb35c445290478a5348a7b38bb154135fd", - "revisionTime": "2018-01-24T06:08:02Z" + "revision": "f5dfe339be1d06f81b22525fe34671ee7d2c8904", + "revisionTime": "2018-02-04T03:50:36Z" }, { "checksumSHA1": "UxahDzW2v4mf/+aFxruuupaoIwo=", "path": "golang.org/x/net/internal/timeseries", - "revision": "0ed95abb35c445290478a5348a7b38bb154135fd", - "revisionTime": "2018-01-24T06:08:02Z" + "revision": "f5dfe339be1d06f81b22525fe34671ee7d2c8904", + "revisionTime": "2018-02-04T03:50:36Z" }, { "checksumSHA1": "zPTKyZ1C55w1fk1W+/qGE15jaek=", "path": "golang.org/x/net/ipv4", - "revision": "0ed95abb35c445290478a5348a7b38bb154135fd", - "revisionTime": "2018-01-24T06:08:02Z" + "revision": "f5dfe339be1d06f81b22525fe34671ee7d2c8904", + "revisionTime": "2018-02-04T03:50:36Z" }, { "checksumSHA1": "3L3n7qKMO9X8E1ibA5mExKvwbmI=", "path": "golang.org/x/net/ipv6", - "revision": "0ed95abb35c445290478a5348a7b38bb154135fd", - "revisionTime": "2018-01-24T06:08:02Z" + "revision": "f5dfe339be1d06f81b22525fe34671ee7d2c8904", + "revisionTime": "2018-02-04T03:50:36Z" }, { "checksumSHA1": "3xyuaSNmClqG4YWC7g0isQIbUTc=", "path": "golang.org/x/net/lex/httplex", - "revision": "0ed95abb35c445290478a5348a7b38bb154135fd", - "revisionTime": "2018-01-24T06:08:02Z" + "revision": "f5dfe339be1d06f81b22525fe34671ee7d2c8904", + "revisionTime": "2018-02-04T03:50:36Z" }, { "checksumSHA1": "u/r66lwYfgg682u5hZG7/E7+VCY=", "path": "golang.org/x/net/trace", - "revision": "0ed95abb35c445290478a5348a7b38bb154135fd", - "revisionTime": "2018-01-24T06:08:02Z" + "revision": "f5dfe339be1d06f81b22525fe34671ee7d2c8904", + "revisionTime": "2018-02-04T03:50:36Z" }, { "checksumSHA1": "njV1GJojWGOLSQqXB34S35ct190=", "path": "golang.org/x/oauth2", - "revision": "a032972e28060ca4f5644acffae3dfc268cc09db", - "revisionTime": "2017-10-11T17:22:33Z" + "revision": "543e37812f10c46c622c9575afd7ad22f22a12ba", + "revisionTime": "2018-02-07T16:52:40Z" }, { "checksumSHA1": "oSg3tdOtNm3xxj6X9FNxikU4w14=", "path": "golang.org/x/oauth2/google", - "revision": "a032972e28060ca4f5644acffae3dfc268cc09db", - "revisionTime": "2017-10-11T17:22:33Z" + "revision": "543e37812f10c46c622c9575afd7ad22f22a12ba", + "revisionTime": "2018-02-07T16:52:40Z" }, { - "checksumSHA1": "Mf9Ha0R/QhPvL5aBhHLIurfGlEw=", + "checksumSHA1": "HafQhz54b0AN4dLqSzLddVuOV6Y=", "path": "golang.org/x/oauth2/internal", - "revision": "a032972e28060ca4f5644acffae3dfc268cc09db", - "revisionTime": "2017-10-11T17:22:33Z" + "revision": "543e37812f10c46c622c9575afd7ad22f22a12ba", + "revisionTime": "2018-02-07T16:52:40Z" }, { "checksumSHA1": "huVltYnXdRFDJLgp/ZP9IALzG7g=", "path": "golang.org/x/oauth2/jws", - "revision": "a032972e28060ca4f5644acffae3dfc268cc09db", - "revisionTime": "2017-10-11T17:22:33Z" + "revision": "543e37812f10c46c622c9575afd7ad22f22a12ba", + "revisionTime": "2018-02-07T16:52:40Z" }, { "checksumSHA1": "QPndO4ODVdEBILRhJ6869UDAoHc=", "path": "golang.org/x/oauth2/jwt", - "revision": "a032972e28060ca4f5644acffae3dfc268cc09db", - "revisionTime": "2017-10-11T17:22:33Z" + "revision": "543e37812f10c46c622c9575afd7ad22f22a12ba", + "revisionTime": "2018-02-07T16:52:40Z" }, { - "checksumSHA1": "b/GxJlD7Iy7nvtGdwpKTnsFMY3s=", + "checksumSHA1": "CNHEeGnucEUlTHJrLS2kHtfNbws=", "path": "golang.org/x/sys/unix", - "revision": "ff2a66f350cefa5c93a634eadb5d25bb60c85a9c", - "revisionTime": "2018-01-26T08:34:12Z" + "revision": "37707fdb30a5b38865cfb95e5aab41707daec7fd", + "revisionTime": "2018-02-02T13:35:31Z" }, { "checksumSHA1": "eQq+ZoTWPjyizS9XalhZwfGjQao=", "path": "golang.org/x/sys/windows", - "revision": "ff2a66f350cefa5c93a634eadb5d25bb60c85a9c", - "revisionTime": "2018-01-26T08:34:12Z" + "revision": "37707fdb30a5b38865cfb95e5aab41707daec7fd", + "revisionTime": "2018-02-02T13:35:31Z" }, { "checksumSHA1": "CbpjEkkOeh0fdM/V8xKDdI0AA88=", "path": "golang.org/x/text/secure/bidirule", - "revision": "e19ae1496984b1c655b8044a65c0300a3c878dd3", - "revisionTime": "2017-12-24T20:31:28Z" + "revision": "4e4a3210bb54bb31f6ab2cdca2edcc0b50c420c1", + "revisionTime": "2018-02-04T03:07:25Z" }, { "checksumSHA1": "ziMb9+ANGRJSSIuxYdRbA+cDRBQ=", "path": "golang.org/x/text/transform", - "revision": "e19ae1496984b1c655b8044a65c0300a3c878dd3", - "revisionTime": "2017-12-24T20:31:28Z" + "revision": "4e4a3210bb54bb31f6ab2cdca2edcc0b50c420c1", + "revisionTime": "2018-02-04T03:07:25Z" }, { "checksumSHA1": "w8kDfZ1Ug+qAcVU0v8obbu3aDOY=", "path": "golang.org/x/text/unicode/bidi", - "revision": "e19ae1496984b1c655b8044a65c0300a3c878dd3", - "revisionTime": "2017-12-24T20:31:28Z" + "revision": "4e4a3210bb54bb31f6ab2cdca2edcc0b50c420c1", + "revisionTime": "2018-02-04T03:07:25Z" }, { "checksumSHA1": "BCNYmf4Ek93G4lk5x3ucNi/lTwA=", "path": "golang.org/x/text/unicode/norm", - "revision": "e19ae1496984b1c655b8044a65c0300a3c878dd3", - "revisionTime": "2017-12-24T20:31:28Z" + "revision": "4e4a3210bb54bb31f6ab2cdca2edcc0b50c420c1", + "revisionTime": "2018-02-04T03:07:25Z" }, { - "checksumSHA1": "0fb+UOz7w9LYI+cZXH2vBJA31XI=", + "checksumSHA1": "KyEmBCK45zndyQMJOYygiWCcwy0=", "path": "google.golang.org/api/compute/v1", - "revision": "61a5611191ce37af3dca50af6d9265cb273ccb88", - "revisionTime": "2018-01-26T00:03:17Z" + "revision": "068431dcab1a5817548dd244d9795788a98329f4", + "revisionTime": "2018-02-11T00:03:39Z" }, { - "checksumSHA1": "QG/4r7h0fWCSM4tn8932h02tSIo=", + "checksumSHA1": "EooPqEpEyY/7NCRwHDMWhhlkQNw=", "path": "google.golang.org/api/gensupport", - "revision": "61a5611191ce37af3dca50af6d9265cb273ccb88", - "revisionTime": "2018-01-26T00:03:17Z" + "revision": "068431dcab1a5817548dd244d9795788a98329f4", + "revisionTime": "2018-02-11T00:03:39Z" }, { "checksumSHA1": "BWKmb7kGYbfbvXO6E7tCpTh9zKE=", "path": "google.golang.org/api/googleapi", - "revision": "61a5611191ce37af3dca50af6d9265cb273ccb88", - "revisionTime": "2018-01-26T00:03:17Z" + "revision": "068431dcab1a5817548dd244d9795788a98329f4", + "revisionTime": "2018-02-11T00:03:39Z" }, { "checksumSHA1": "1K0JxrUfDqAB3MyRiU1LKjfHyf4=", "path": "google.golang.org/api/googleapi/internal/uritemplates", - "revision": "61a5611191ce37af3dca50af6d9265cb273ccb88", - "revisionTime": "2018-01-26T00:03:17Z" + "revision": "068431dcab1a5817548dd244d9795788a98329f4", + "revisionTime": "2018-02-11T00:03:39Z" }, { "checksumSHA1": "Mr2fXhMRzlQCgANFm91s536pG7E=", "path": "google.golang.org/api/googleapi/transport", - "revision": "61a5611191ce37af3dca50af6d9265cb273ccb88", - "revisionTime": "2018-01-26T00:03:17Z" + "revision": "068431dcab1a5817548dd244d9795788a98329f4", + "revisionTime": "2018-02-11T00:03:39Z" }, { - "checksumSHA1": "e9Gz9MlRNcTEhzq/PD8XguJeYpc=", + "checksumSHA1": "OTQ46APwXv3vwSMaS6YcFWf1LzE=", "path": "google.golang.org/api/iam/v1", - "revision": "61a5611191ce37af3dca50af6d9265cb273ccb88", - "revisionTime": "2018-01-26T00:03:17Z" + "revision": "068431dcab1a5817548dd244d9795788a98329f4", + "revisionTime": "2018-02-11T00:03:39Z" }, { "checksumSHA1": "CpjSGeyQJbLLPxVl/CWs5o9p+jU=", "path": "google.golang.org/api/internal", - "revision": "61a5611191ce37af3dca50af6d9265cb273ccb88", - "revisionTime": "2018-01-26T00:03:17Z" + "revision": "068431dcab1a5817548dd244d9795788a98329f4", + "revisionTime": "2018-02-11T00:03:39Z" }, { "checksumSHA1": "HXuMQALvqd+ZLG0pC1l7gX8nNyE=", "path": "google.golang.org/api/iterator", - "revision": "61a5611191ce37af3dca50af6d9265cb273ccb88", - "revisionTime": "2018-01-26T00:03:17Z" + "revision": "068431dcab1a5817548dd244d9795788a98329f4", + "revisionTime": "2018-02-11T00:03:39Z" }, { - "checksumSHA1": "gV6mxpNvB/Uaj00cK1bS1GrWIjQ=", + "checksumSHA1": "Oc3OwZNxDwxBdmGNbfJ2ED/bjyA=", "path": "google.golang.org/api/oauth2/v2", - "revision": "61a5611191ce37af3dca50af6d9265cb273ccb88", - "revisionTime": "2018-01-26T00:03:17Z" + "revision": "068431dcab1a5817548dd244d9795788a98329f4", + "revisionTime": "2018-02-11T00:03:39Z" }, { "checksumSHA1": "Z9LQvCPO0WV9PdjgIXlfVOGZRlM=", "path": "google.golang.org/api/option", - "revision": "61a5611191ce37af3dca50af6d9265cb273ccb88", - "revisionTime": "2018-01-26T00:03:17Z" + "revision": "068431dcab1a5817548dd244d9795788a98329f4", + "revisionTime": "2018-02-11T00:03:39Z" }, { - "checksumSHA1": "O9H64ZYY2KZDte7FlQiLK+6WTw0=", + "checksumSHA1": "IGJavZBkjuaTbwLBE7PnrQr8Wo4=", "path": "google.golang.org/api/storage/v1", - "revision": "61a5611191ce37af3dca50af6d9265cb273ccb88", - "revisionTime": "2018-01-26T00:03:17Z" + "revision": "068431dcab1a5817548dd244d9795788a98329f4", + "revisionTime": "2018-02-11T00:03:39Z" }, { "checksumSHA1": "ykzqoYJiMCS6LGBq/zszKFbxGeA=", "path": "google.golang.org/api/transport/http", - "revision": "61a5611191ce37af3dca50af6d9265cb273ccb88", - "revisionTime": "2018-01-26T00:03:17Z" + "revision": "068431dcab1a5817548dd244d9795788a98329f4", + "revisionTime": "2018-02-11T00:03:39Z" }, { "checksumSHA1": "QoM8iwt2FVbTHR+Lav3dXmEu/7o=", @@ -1899,170 +1923,170 @@ { "checksumSHA1": "GkjRB7ms/necD0ePmzqT6gDsu+4=", "path": "google.golang.org/genproto/googleapis/api/annotations", - "revision": "4eb30f4778eed4c258ba66527a0d4f9ec8a36c45", - "revisionTime": "2018-01-25T08:06:56Z" + "revision": "2b5a72b8730b0b16380010cfe5286c42108d88e7", + "revisionTime": "2018-02-06T00:51:23Z" }, { "checksumSHA1": "auPKasjLqxoK/Du/izQcyKCjE7c=", "path": "google.golang.org/genproto/googleapis/iam/v1", - "revision": "4eb30f4778eed4c258ba66527a0d4f9ec8a36c45", - "revisionTime": "2018-01-25T08:06:56Z" + "revision": "2b5a72b8730b0b16380010cfe5286c42108d88e7", + "revisionTime": "2018-02-06T00:51:23Z" }, { "checksumSHA1": "Tc3BU26zThLzcyqbVtiSEp7EpU8=", "path": "google.golang.org/genproto/googleapis/rpc/status", - "revision": "4eb30f4778eed4c258ba66527a0d4f9ec8a36c45", - "revisionTime": "2018-01-25T08:06:56Z" + "revision": "2b5a72b8730b0b16380010cfe5286c42108d88e7", + "revisionTime": "2018-02-06T00:51:23Z" }, { - "checksumSHA1": "0+ixS0s6A6gdRBpBe+6pmOSQoVk=", + "checksumSHA1": "YUtkD7piacEhvoNBOekphNdNK9A=", "path": "google.golang.org/grpc", - "revision": "0bd008f5fadb62d228f12b18d016709e8139a7af", - "revisionTime": "2018-01-25T21:54:11Z" + "revision": "d50734d1d6ca477a72646f3022216ec39639f4cd", + "revisionTime": "2018-02-08T21:15:38Z" }, { "checksumSHA1": "xBhmO0Vn4kzbmySioX+2gBImrkk=", "path": "google.golang.org/grpc/balancer", - "revision": "0bd008f5fadb62d228f12b18d016709e8139a7af", - "revisionTime": "2018-01-25T21:54:11Z" + "revision": "d50734d1d6ca477a72646f3022216ec39639f4cd", + "revisionTime": "2018-02-08T21:15:38Z" }, { "checksumSHA1": "CPWX/IgaQSR3+78j4sPrvHNkW+U=", "path": "google.golang.org/grpc/balancer/base", - "revision": "0bd008f5fadb62d228f12b18d016709e8139a7af", - "revisionTime": "2018-01-25T21:54:11Z" + "revision": "d50734d1d6ca477a72646f3022216ec39639f4cd", + "revisionTime": "2018-02-08T21:15:38Z" }, { "checksumSHA1": "DJ1AtOk4Pu7bqtUMob95Hw8HPNw=", "path": "google.golang.org/grpc/balancer/roundrobin", - "revision": "0bd008f5fadb62d228f12b18d016709e8139a7af", - "revisionTime": "2018-01-25T21:54:11Z" + "revision": "d50734d1d6ca477a72646f3022216ec39639f4cd", + "revisionTime": "2018-02-08T21:15:38Z" }, { "checksumSHA1": "j8Qs+yfgwYYOtodB/1bSlbzV5rs=", "path": "google.golang.org/grpc/codes", - "revision": "0bd008f5fadb62d228f12b18d016709e8139a7af", - "revisionTime": "2018-01-25T21:54:11Z" + "revision": "d50734d1d6ca477a72646f3022216ec39639f4cd", + "revisionTime": "2018-02-08T21:15:38Z" }, { "checksumSHA1": "XH2WYcDNwVO47zYShREJjcYXm0Y=", "path": "google.golang.org/grpc/connectivity", - "revision": "0bd008f5fadb62d228f12b18d016709e8139a7af", - "revisionTime": "2018-01-25T21:54:11Z" + "revision": "d50734d1d6ca477a72646f3022216ec39639f4cd", + "revisionTime": "2018-02-08T21:15:38Z" }, { "checksumSHA1": "KthiDKNPHMeIu967enqtE4NaZzI=", "path": "google.golang.org/grpc/credentials", - "revision": "0bd008f5fadb62d228f12b18d016709e8139a7af", - "revisionTime": "2018-01-25T21:54:11Z" + "revision": "d50734d1d6ca477a72646f3022216ec39639f4cd", + "revisionTime": "2018-02-08T21:15:38Z" }, { "checksumSHA1": "mJTBJC0n9J2CV+tHX+dJosYOZmg=", "path": "google.golang.org/grpc/encoding", - "revision": "0bd008f5fadb62d228f12b18d016709e8139a7af", - "revisionTime": "2018-01-25T21:54:11Z" + "revision": "d50734d1d6ca477a72646f3022216ec39639f4cd", + "revisionTime": "2018-02-08T21:15:38Z" }, { - "checksumSHA1": "1DWDE9IMzwnUD8Wa6RvmG+4ZbQg=", + "checksumSHA1": "LKKkn7EYA+Do9Qwb2/SUKLFNxoo=", "path": "google.golang.org/grpc/encoding/proto", - "revision": "0bd008f5fadb62d228f12b18d016709e8139a7af", - "revisionTime": "2018-01-25T21:54:11Z" + "revision": "d50734d1d6ca477a72646f3022216ec39639f4cd", + "revisionTime": "2018-02-08T21:15:38Z" }, { "checksumSHA1": "H7SuPUqbPcdbNqgl+k3ohuwMAwE=", "path": "google.golang.org/grpc/grpclb/grpc_lb_v1/messages", - "revision": "0bd008f5fadb62d228f12b18d016709e8139a7af", - "revisionTime": "2018-01-25T21:54:11Z" + "revision": "d50734d1d6ca477a72646f3022216ec39639f4cd", + "revisionTime": "2018-02-08T21:15:38Z" }, { "checksumSHA1": "ntHev01vgZgeIh5VFRmbLx/BSTo=", "path": "google.golang.org/grpc/grpclog", - "revision": "0bd008f5fadb62d228f12b18d016709e8139a7af", - "revisionTime": "2018-01-25T21:54:11Z" + "revision": "d50734d1d6ca477a72646f3022216ec39639f4cd", + "revisionTime": "2018-02-08T21:15:38Z" }, { "checksumSHA1": "DyM0uqLtknaI4THSc3spn9XlL+g=", "path": "google.golang.org/grpc/health", - "revision": "0bd008f5fadb62d228f12b18d016709e8139a7af", - "revisionTime": "2018-01-25T21:54:11Z" + "revision": "d50734d1d6ca477a72646f3022216ec39639f4cd", + "revisionTime": "2018-02-08T21:15:38Z" }, { "checksumSHA1": "6vY7tYjV84pnr3sDctzx53Bs8b0=", "path": "google.golang.org/grpc/health/grpc_health_v1", - "revision": "0bd008f5fadb62d228f12b18d016709e8139a7af", - "revisionTime": "2018-01-25T21:54:11Z" + "revision": "d50734d1d6ca477a72646f3022216ec39639f4cd", + "revisionTime": "2018-02-08T21:15:38Z" }, { "checksumSHA1": "Qvf3zdmRCSsiM/VoBv0qB/naHtU=", "path": "google.golang.org/grpc/internal", - "revision": "0bd008f5fadb62d228f12b18d016709e8139a7af", - "revisionTime": "2018-01-25T21:54:11Z" + "revision": "d50734d1d6ca477a72646f3022216ec39639f4cd", + "revisionTime": "2018-02-08T21:15:38Z" }, { "checksumSHA1": "hcuHgKp8W0wIzoCnNfKI8NUss5o=", "path": "google.golang.org/grpc/keepalive", - "revision": "0bd008f5fadb62d228f12b18d016709e8139a7af", - "revisionTime": "2018-01-25T21:54:11Z" + "revision": "d50734d1d6ca477a72646f3022216ec39639f4cd", + "revisionTime": "2018-02-08T21:15:38Z" }, { "checksumSHA1": "4UsKpzk7AgcAISi3p11vW66nbJI=", "path": "google.golang.org/grpc/metadata", - "revision": "0bd008f5fadb62d228f12b18d016709e8139a7af", - "revisionTime": "2018-01-25T21:54:11Z" + "revision": "d50734d1d6ca477a72646f3022216ec39639f4cd", + "revisionTime": "2018-02-08T21:15:38Z" }, { "checksumSHA1": "5dwF592DPvhF2Wcex3m7iV6aGRQ=", "path": "google.golang.org/grpc/naming", - "revision": "0bd008f5fadb62d228f12b18d016709e8139a7af", - "revisionTime": "2018-01-25T21:54:11Z" + "revision": "d50734d1d6ca477a72646f3022216ec39639f4cd", + "revisionTime": "2018-02-08T21:15:38Z" }, { "checksumSHA1": "n5EgDdBqFMa2KQFhtl+FF/4gIFo=", "path": "google.golang.org/grpc/peer", - "revision": "0bd008f5fadb62d228f12b18d016709e8139a7af", - "revisionTime": "2018-01-25T21:54:11Z" + "revision": "d50734d1d6ca477a72646f3022216ec39639f4cd", + "revisionTime": "2018-02-08T21:15:38Z" }, { - "checksumSHA1": "y8Ta+ctMP9CUTiPyPyxiD154d8w=", + "checksumSHA1": "IKIaz1gx/CgosQ6U709XWiPPRXA=", "path": "google.golang.org/grpc/resolver", - "revision": "0bd008f5fadb62d228f12b18d016709e8139a7af", - "revisionTime": "2018-01-25T21:54:11Z" + "revision": "d50734d1d6ca477a72646f3022216ec39639f4cd", + "revisionTime": "2018-02-08T21:15:38Z" }, { "checksumSHA1": "WpWF+bDzObsHf+bjoGpb/abeFxo=", "path": "google.golang.org/grpc/resolver/dns", - "revision": "0bd008f5fadb62d228f12b18d016709e8139a7af", - "revisionTime": "2018-01-25T21:54:11Z" + "revision": "d50734d1d6ca477a72646f3022216ec39639f4cd", + "revisionTime": "2018-02-08T21:15:38Z" }, { "checksumSHA1": "zs9M4xE8Lyg4wvuYvR00XoBxmuw=", "path": "google.golang.org/grpc/resolver/passthrough", - "revision": "0bd008f5fadb62d228f12b18d016709e8139a7af", - "revisionTime": "2018-01-25T21:54:11Z" + "revision": "d50734d1d6ca477a72646f3022216ec39639f4cd", + "revisionTime": "2018-02-08T21:15:38Z" }, { "checksumSHA1": "G9lgXNi7qClo5sM2s6TbTHLFR3g=", "path": "google.golang.org/grpc/stats", - "revision": "0bd008f5fadb62d228f12b18d016709e8139a7af", - "revisionTime": "2018-01-25T21:54:11Z" + "revision": "d50734d1d6ca477a72646f3022216ec39639f4cd", + "revisionTime": "2018-02-08T21:15:38Z" }, { - "checksumSHA1": "tUo+M0Cb0W9ZEIt5BH30wJz/Kjc=", + "checksumSHA1": "/7i6dC0tFTtGMxykj9VduLEfBCU=", "path": "google.golang.org/grpc/status", - "revision": "0bd008f5fadb62d228f12b18d016709e8139a7af", - "revisionTime": "2018-01-25T21:54:11Z" + "revision": "d50734d1d6ca477a72646f3022216ec39639f4cd", + "revisionTime": "2018-02-08T21:15:38Z" }, { "checksumSHA1": "qvArRhlrww5WvRmbyMF2mUfbJew=", "path": "google.golang.org/grpc/tap", - "revision": "0bd008f5fadb62d228f12b18d016709e8139a7af", - "revisionTime": "2018-01-25T21:54:11Z" + "revision": "d50734d1d6ca477a72646f3022216ec39639f4cd", + "revisionTime": "2018-02-08T21:15:38Z" }, { - "checksumSHA1": "rk9Qbb14xfXM91p41SU1APrgP98=", + "checksumSHA1": "W1ZMSC6cqz4e7YMQ0ozZoLoidJQ=", "path": "google.golang.org/grpc/transport", - "revision": "0bd008f5fadb62d228f12b18d016709e8139a7af", - "revisionTime": "2018-01-25T21:54:11Z" + "revision": "d50734d1d6ca477a72646f3022216ec39639f4cd", + "revisionTime": "2018-02-08T21:15:38Z" }, { "checksumSHA1": "xsaHqy6/sonLV6xIxTNh4FfkWbU=", @@ -2113,10 +2137,10 @@ "revisionTime": "2016-10-18T17:13:38Z" }, { - "checksumSHA1": "84wZTSV23ueDcf6XRuZUz9JkREA=", + "checksumSHA1": "4Rb4+h7RMBqxt8QpzyM8zOGO21k=", "path": "gopkg.in/ory-am/dockertest.v3", - "revision": "59e045640952457da1046932eae73e20cb3afe70", - "revisionTime": "2017-12-14T17:33:48Z" + "revision": "15c8e8835bba04e0d7c2b57958ffe294d5e643dc", + "revisionTime": "2018-02-06T16:44:33Z" }, { "checksumSHA1": "Qq9iBb+/Hjnydxe0Ait/ouqX7yE=", @@ -2149,154 +2173,154 @@ "revisionTime": "2018-01-09T11:43:31Z" }, { - "checksumSHA1": "NoDXYHzX8uieDLr52syLB9yA0b4=", + "checksumSHA1": "EfZeIVylBV1b/MNZrKI4sXHE7aY=", "path": "k8s.io/api/authentication/v1", - "revision": "dc0dd48d5a5cae9f8736bb0643cfe6052e450f1b", - "revisionTime": "2018-01-26T12:34:33Z" + "revision": "a1d6dce6736a6c75929bb75111e89077e35a5856", + "revisionTime": "2018-02-08T11:29:32Z" }, { "checksumSHA1": "2ni6G3kZsJYmkeu24SWb3r5UBqc=", "path": "k8s.io/apimachinery/pkg/api/errors", - "revision": "b621949a1923cee3fce8bca9613e9a83609f0bbc", - "revisionTime": "2018-01-25T14:14:21Z" + "revision": "8259d997cf059cd83dc47e5f8074b7a7d7967c09", + "revisionTime": "2018-02-08T11:29:39Z" }, { "checksumSHA1": "StsRjeXDXdGkNiI6aiv4fyf/SG4=", "path": "k8s.io/apimachinery/pkg/api/resource", - "revision": "b621949a1923cee3fce8bca9613e9a83609f0bbc", - "revisionTime": "2018-01-25T14:14:21Z" + "revision": "8259d997cf059cd83dc47e5f8074b7a7d7967c09", + "revisionTime": "2018-02-08T11:29:39Z" }, { - "checksumSHA1": "14Q87RzqO+6/lD5ww38G1NwRGKk=", + "checksumSHA1": "CoRv/7WByjUu54l7+A4FZrMCD8I=", "path": "k8s.io/apimachinery/pkg/apis/meta/v1", - "revision": "b621949a1923cee3fce8bca9613e9a83609f0bbc", - "revisionTime": "2018-01-25T14:14:21Z" + "revision": "8259d997cf059cd83dc47e5f8074b7a7d7967c09", + "revisionTime": "2018-02-08T11:29:39Z" }, { "checksumSHA1": "8/jsASpUUea0tYX1SUbi3Gf3Zmw=", "path": "k8s.io/apimachinery/pkg/conversion", - "revision": "b621949a1923cee3fce8bca9613e9a83609f0bbc", - "revisionTime": "2018-01-25T14:14:21Z" + "revision": "8259d997cf059cd83dc47e5f8074b7a7d7967c09", + "revisionTime": "2018-02-08T11:29:39Z" }, { "checksumSHA1": "GA82FBmiCzVIXGUnTZtz5z5Er0s=", "path": "k8s.io/apimachinery/pkg/conversion/queryparams", - "revision": "b621949a1923cee3fce8bca9613e9a83609f0bbc", - "revisionTime": "2018-01-25T14:14:21Z" + "revision": "8259d997cf059cd83dc47e5f8074b7a7d7967c09", + "revisionTime": "2018-02-08T11:29:39Z" }, { "checksumSHA1": "pyFP2BSujiQD/RYsbGGmZx79A8Q=", "path": "k8s.io/apimachinery/pkg/fields", - "revision": "b621949a1923cee3fce8bca9613e9a83609f0bbc", - "revisionTime": "2018-01-25T14:14:21Z" + "revision": "8259d997cf059cd83dc47e5f8074b7a7d7967c09", + "revisionTime": "2018-02-08T11:29:39Z" }, { "checksumSHA1": "md8IGAefWwvIwtVtUapLU6lgMIY=", "path": "k8s.io/apimachinery/pkg/labels", - "revision": "b621949a1923cee3fce8bca9613e9a83609f0bbc", - "revisionTime": "2018-01-25T14:14:21Z" + "revision": "8259d997cf059cd83dc47e5f8074b7a7d7967c09", + "revisionTime": "2018-02-08T11:29:39Z" }, { "checksumSHA1": "lFDZ7mmY13sFR0+prLXkLoJPNxQ=", "path": "k8s.io/apimachinery/pkg/runtime", - "revision": "b621949a1923cee3fce8bca9613e9a83609f0bbc", - "revisionTime": "2018-01-25T14:14:21Z" + "revision": "8259d997cf059cd83dc47e5f8074b7a7d7967c09", + "revisionTime": "2018-02-08T11:29:39Z" }, { "checksumSHA1": "EjzjJiLgSXPivrW76JHie+YVIOs=", "path": "k8s.io/apimachinery/pkg/runtime/schema", - "revision": "b621949a1923cee3fce8bca9613e9a83609f0bbc", - "revisionTime": "2018-01-25T14:14:21Z" + "revision": "8259d997cf059cd83dc47e5f8074b7a7d7967c09", + "revisionTime": "2018-02-08T11:29:39Z" }, { "checksumSHA1": "jjMq79D66L64Ku50azu5VuL6J+I=", "path": "k8s.io/apimachinery/pkg/selection", - "revision": "b621949a1923cee3fce8bca9613e9a83609f0bbc", - "revisionTime": "2018-01-25T14:14:21Z" + "revision": "8259d997cf059cd83dc47e5f8074b7a7d7967c09", + "revisionTime": "2018-02-08T11:29:39Z" }, { "checksumSHA1": "bw1ACevKtvhp8qmK/V3A7+JkpAM=", "path": "k8s.io/apimachinery/pkg/types", - "revision": "b621949a1923cee3fce8bca9613e9a83609f0bbc", - "revisionTime": "2018-01-25T14:14:21Z" + "revision": "8259d997cf059cd83dc47e5f8074b7a7d7967c09", + "revisionTime": "2018-02-08T11:29:39Z" }, { "checksumSHA1": "z7+edW1vpIThK3r+9Gg5B3UT0/c=", "path": "k8s.io/apimachinery/pkg/util/errors", - "revision": "b621949a1923cee3fce8bca9613e9a83609f0bbc", - "revisionTime": "2018-01-25T14:14:21Z" + "revision": "8259d997cf059cd83dc47e5f8074b7a7d7967c09", + "revisionTime": "2018-02-08T11:29:39Z" }, { "checksumSHA1": "dkuLzrDsqWY5cDasu8yE3j3spVA=", "path": "k8s.io/apimachinery/pkg/util/intstr", - "revision": "b621949a1923cee3fce8bca9613e9a83609f0bbc", - "revisionTime": "2018-01-25T14:14:21Z" + "revision": "8259d997cf059cd83dc47e5f8074b7a7d7967c09", + "revisionTime": "2018-02-08T11:29:39Z" }, { "checksumSHA1": "B6/w3Sqv099K6S4douuDV6z16Ag=", "path": "k8s.io/apimachinery/pkg/util/json", - "revision": "b621949a1923cee3fce8bca9613e9a83609f0bbc", - "revisionTime": "2018-01-25T14:14:21Z" + "revision": "8259d997cf059cd83dc47e5f8074b7a7d7967c09", + "revisionTime": "2018-02-08T11:29:39Z" }, { "checksumSHA1": "ZIXbEtfhobtnI/UvZ012LzMPPFs=", "path": "k8s.io/apimachinery/pkg/util/net", - "revision": "b621949a1923cee3fce8bca9613e9a83609f0bbc", - "revisionTime": "2018-01-25T14:14:21Z" + "revision": "8259d997cf059cd83dc47e5f8074b7a7d7967c09", + "revisionTime": "2018-02-08T11:29:39Z" }, { "checksumSHA1": "jHtNCm82xBKuRXSPqhrecG8z++k=", "path": "k8s.io/apimachinery/pkg/util/runtime", - "revision": "b621949a1923cee3fce8bca9613e9a83609f0bbc", - "revisionTime": "2018-01-25T14:14:21Z" + "revision": "8259d997cf059cd83dc47e5f8074b7a7d7967c09", + "revisionTime": "2018-02-08T11:29:39Z" }, { "checksumSHA1": "V3b6ZnsQa3n//jEDwg8B5pUCKxY=", "path": "k8s.io/apimachinery/pkg/util/sets", - "revision": "b621949a1923cee3fce8bca9613e9a83609f0bbc", - "revisionTime": "2018-01-25T14:14:21Z" + "revision": "8259d997cf059cd83dc47e5f8074b7a7d7967c09", + "revisionTime": "2018-02-08T11:29:39Z" }, { "checksumSHA1": "8jnl/y9k2bLcFFCq6aKUyTw2Py8=", "path": "k8s.io/apimachinery/pkg/util/validation", - "revision": "b621949a1923cee3fce8bca9613e9a83609f0bbc", - "revisionTime": "2018-01-25T14:14:21Z" + "revision": "8259d997cf059cd83dc47e5f8074b7a7d7967c09", + "revisionTime": "2018-02-08T11:29:39Z" }, { "checksumSHA1": "9cpn91utS1MhWegqH3EvpTX1EIk=", "path": "k8s.io/apimachinery/pkg/util/validation/field", - "revision": "b621949a1923cee3fce8bca9613e9a83609f0bbc", - "revisionTime": "2018-01-25T14:14:21Z" + "revision": "8259d997cf059cd83dc47e5f8074b7a7d7967c09", + "revisionTime": "2018-02-08T11:29:39Z" }, { "checksumSHA1": "srQir2Jt8f2IhWAmwHEvh95O0c0=", "path": "k8s.io/apimachinery/pkg/util/wait", - "revision": "b621949a1923cee3fce8bca9613e9a83609f0bbc", - "revisionTime": "2018-01-25T14:14:21Z" + "revision": "8259d997cf059cd83dc47e5f8074b7a7d7967c09", + "revisionTime": "2018-02-08T11:29:39Z" }, { "checksumSHA1": "efxvfslrw90rUudevkwL1+a3UKo=", "path": "k8s.io/apimachinery/pkg/watch", - "revision": "b621949a1923cee3fce8bca9613e9a83609f0bbc", - "revisionTime": "2018-01-25T14:14:21Z" + "revision": "8259d997cf059cd83dc47e5f8074b7a7d7967c09", + "revisionTime": "2018-02-08T11:29:39Z" }, { "checksumSHA1": "Em6ydl/jshjHox/GmcbhzLiG6v0=", "path": "k8s.io/apimachinery/third_party/forked/golang/reflect", - "revision": "b621949a1923cee3fce8bca9613e9a83609f0bbc", - "revisionTime": "2018-01-25T14:14:21Z" + "revision": "8259d997cf059cd83dc47e5f8074b7a7d7967c09", + "revisionTime": "2018-02-08T11:29:39Z" }, { - "checksumSHA1": "ZvQY5el69QNsU44pzNTx6+LsK0o=", + "checksumSHA1": "ncZRcWAeQvL5uJJoQH9s6pZcxtk=", "path": "layeh.com/radius", - "revision": "38e2cda15058f4ce69c39eaf2fbdab2b01e9cf55", - "revisionTime": "2018-01-23T16:43:51Z" + "revision": "04c7e6b2818affa6cf1cca6e0ffa0758762290bf", + "revisionTime": "2018-02-09T13:03:57Z" }, { - "checksumSHA1": "22quNIMjAZLECr9WDOniwcfL8kg=", + "checksumSHA1": "ljqJTsJxmifQecPcIKrMCR/F+w4=", "path": "layeh.com/radius/rfc2865", - "revision": "38e2cda15058f4ce69c39eaf2fbdab2b01e9cf55", - "revisionTime": "2018-01-23T16:43:51Z" + "revision": "04c7e6b2818affa6cf1cca6e0ffa0758762290bf", + "revisionTime": "2018-02-09T13:03:57Z" } ], "rootPath": "github.com/hashicorp/vault" From 313844f306aeb22057c493c0bbc86afab4c07f3b Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Mon, 12 Feb 2018 11:04:58 -0500 Subject: [PATCH 101/178] Remove package level variables from transit policy test, makes it easier to parallelize later and less magical --- helper/keysutil/policy_test.go | 31 ++++++++++--------------------- 1 file changed, 10 insertions(+), 21 deletions(-) diff --git a/helper/keysutil/policy_test.go b/helper/keysutil/policy_test.go index 87f3f7aed0b9..4d2513889366 100644 --- a/helper/keysutil/policy_test.go +++ b/helper/keysutil/policy_test.go @@ -11,14 +11,6 @@ import ( "github.com/hashicorp/vault/logical" ) -var ( - keysArchive []KeyEntry -) - -func resetKeysArchive() { - keysArchive = []KeyEntry{KeyEntry{}} -} - func TestPolicy_KeyEntryMapUpgrade(t *testing.T) { now := time.Now() old := map[int]KeyEntry{ @@ -107,8 +99,6 @@ func Test_ArchivingUpgrade(t *testing.T) { } func testArchivingUpgradeCommon(t *testing.T, lm *LockManager) { - resetKeysArchive() - ctx := context.Background() // First, we generate a policy and rotate it a number of times. Each time @@ -131,8 +121,8 @@ func testArchivingUpgradeCommon(t *testing.T, lm *LockManager) { lock.RUnlock() // Store the initial key in the archive - keysArchive = append(keysArchive, p.Keys["1"]) - checkKeys(t, ctx, p, storage, "initial", 1, 1, 1) + keysArchive := []KeyEntry{KeyEntry{}, p.Keys["1"]} + checkKeys(t, ctx, p, storage, keysArchive, "initial", 1, 1, 1) for i := 2; i <= 10; i++ { err = p.Rotate(ctx, storage) @@ -140,7 +130,7 @@ func testArchivingUpgradeCommon(t *testing.T, lm *LockManager) { t.Fatal(err) } keysArchive = append(keysArchive, p.Keys[strconv.Itoa(i)]) - checkKeys(t, ctx, p, storage, "rotate", i, i, i) + checkKeys(t, ctx, p, storage, keysArchive, "rotate", i, i, i) } // Now, wipe the archive and set the archive version to zero @@ -182,7 +172,7 @@ func testArchivingUpgradeCommon(t *testing.T, lm *LockManager) { } lock.RUnlock() - checkKeys(t, ctx, p, storage, "upgrade", 10, 10, 10) + checkKeys(t, ctx, p, storage, keysArchive, "upgrade", 10, 10, 10) // Let's check some deletion logic while we're at it @@ -242,8 +232,6 @@ func Test_Archiving(t *testing.T) { } func testArchivingCommon(t *testing.T, lm *LockManager) { - resetKeysArchive() - ctx := context.Background() // First, we generate a policy and rotate it a number of times. Each time @@ -268,8 +256,8 @@ func testArchivingCommon(t *testing.T, lm *LockManager) { } // Store the initial key in the archive - keysArchive = append(keysArchive, p.Keys["1"]) - checkKeys(t, ctx, p, storage, "initial", 1, 1, 1) + keysArchive := []KeyEntry{KeyEntry{}, p.Keys["1"]} + checkKeys(t, ctx, p, storage, keysArchive, "initial", 1, 1, 1) for i := 2; i <= 10; i++ { err = p.Rotate(ctx, storage) @@ -277,7 +265,7 @@ func testArchivingCommon(t *testing.T, lm *LockManager) { t.Fatal(err) } keysArchive = append(keysArchive, p.Keys[strconv.Itoa(i)]) - checkKeys(t, ctx, p, storage, "rotate", i, i, i) + checkKeys(t, ctx, p, storage, keysArchive, "rotate", i, i, i) } // Move the min decryption version up @@ -296,7 +284,7 @@ func testArchivingCommon(t *testing.T, lm *LockManager) { // 10, you'd need 7, 8, 9, and 10 -- IOW, latest version - min // decryption version plus 1 (the min decryption version key // itself) - checkKeys(t, ctx, p, storage, "minadd", 10, 10, p.LatestVersion-p.MinDecryptionVersion+1) + checkKeys(t, ctx, p, storage, keysArchive, "minadd", 10, 10, p.LatestVersion-p.MinDecryptionVersion+1) } // Move the min decryption version down @@ -315,7 +303,7 @@ func testArchivingCommon(t *testing.T, lm *LockManager) { // 10, you'd need 7, 8, 9, and 10 -- IOW, latest version - min // decryption version plus 1 (the min decryption version key // itself) - checkKeys(t, ctx, p, storage, "minsub", 10, 10, p.LatestVersion-p.MinDecryptionVersion+1) + checkKeys(t, ctx, p, storage, keysArchive, "minsub", 10, 10, p.LatestVersion-p.MinDecryptionVersion+1) } } @@ -323,6 +311,7 @@ func checkKeys(t *testing.T, ctx context.Context, p *Policy, storage logical.Storage, + keysArchive []KeyEntry, action string, archiveVer, latestVer, keysSize int) { From 5f776f660a954490987ce4112399209cd09420ca Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Mon, 12 Feb 2018 11:16:13 -0500 Subject: [PATCH 102/178] Convert logical.InmemStorage to a wrapper around physical/inmem. The original reason for the split was physical's dependencies, but those haven't been onerous for a long time. Meanwhile it's a totally separate implementation so we could be getting faulty results from tests. Get rid of it and use the unified physical/inmem. --- logical/storage_inmem.go | 76 ++++++++++++++-------------------------- physical/inmem/inmem.go | 37 +++++++++++++++++++ 2 files changed, 63 insertions(+), 50 deletions(-) diff --git a/logical/storage_inmem.go b/logical/storage_inmem.go index 03e60118a50e..e0ff75f14444 100644 --- a/logical/storage_inmem.go +++ b/logical/storage_inmem.go @@ -2,10 +2,10 @@ package logical import ( "context" - "strings" "sync" - radix "github.com/armon/go-radix" + "github.com/hashicorp/vault/physical" + "github.com/hashicorp/vault/physical/inmem" ) // InmemStorage implements Storage and stores all data in memory. It is @@ -13,79 +13,55 @@ import ( // having to load all of physical's dependencies (which are legion) just to // have some testing storage. type InmemStorage struct { - sync.RWMutex - root *radix.Tree - once sync.Once + underlying physical.Backend + once sync.Once } func (s *InmemStorage) Get(ctx context.Context, key string) (*StorageEntry, error) { s.once.Do(s.init) - s.RLock() - defer s.RUnlock() - - if raw, ok := s.root.Get(key); ok { - se := raw.(*StorageEntry) - return &StorageEntry{ - Key: se.Key, - Value: se.Value, - }, nil + entry, err := s.underlying.Get(ctx, key) + if err != nil { + return nil, err } - - return nil, nil + if entry == nil { + return nil, nil + } + return &StorageEntry{ + Key: entry.Key, + Value: entry.Value, + SealWrap: entry.SealWrap, + }, nil } func (s *InmemStorage) Put(ctx context.Context, entry *StorageEntry) error { s.once.Do(s.init) - s.Lock() - defer s.Unlock() - - s.root.Insert(entry.Key, &StorageEntry{ - Key: entry.Key, - Value: entry.Value, + return s.underlying.Put(ctx, &physical.Entry{ + Key: entry.Key, + Value: entry.Value, + SealWrap: entry.SealWrap, }) - return nil } func (s *InmemStorage) Delete(ctx context.Context, key string) error { s.once.Do(s.init) - s.Lock() - defer s.Unlock() - - s.root.Delete(key) - return nil + return s.underlying.Delete(ctx, key) } func (s *InmemStorage) List(ctx context.Context, prefix string) ([]string, error) { s.once.Do(s.init) - s.RLock() - defer s.RUnlock() - - var out []string - seen := make(map[string]interface{}) - walkFn := func(s string, v interface{}) bool { - trimmed := strings.TrimPrefix(s, prefix) - sep := strings.Index(trimmed, "/") - if sep == -1 { - out = append(out, trimmed) - } else { - trimmed = trimmed[:sep+1] - if _, ok := seen[trimmed]; !ok { - out = append(out, trimmed) - seen[trimmed] = struct{}{} - } - } - return false - } - s.root.WalkPrefix(prefix, walkFn) + return s.underlying.List(ctx, prefix) +} - return out, nil +func (s *InmemStorage) Underlying() *inmem.InmemBackend { + s.once.Do(s.init) + return s.underlying.(*inmem.InmemBackend) } func (s *InmemStorage) init() { - s.root = radix.New() + s.underlying, _ = inmem.NewInmem(nil, nil) } diff --git a/physical/inmem/inmem.go b/physical/inmem/inmem.go index 4501bab32d4c..4bd5772776d5 100644 --- a/physical/inmem/inmem.go +++ b/physical/inmem/inmem.go @@ -2,8 +2,10 @@ package inmem import ( "context" + "errors" "strings" "sync" + "sync/atomic" "github.com/hashicorp/vault/physical" log "github.com/mgutz/logxi/v1" @@ -19,6 +21,13 @@ var _ physical.Lock = (*InmemLock)(nil) var _ physical.Transactional = (*TransactionalInmemBackend)(nil) var _ physical.Transactional = (*TransactionalInmemHABackend)(nil) +var ( + PutDisabledError = errors.New("put operations disabled in inmem backend") + GetDisabledError = errors.New("get operations disabled in inmem backend") + DeleteDisabledError = errors.New("delete operations disabled in inmem backend") + ListDisabledError = errors.New("list operations disabled in inmem backend") +) + // InmemBackend is an in-memory only physical backend. It is useful // for testing and development situations where the data is not // expected to be durable. @@ -27,6 +36,10 @@ type InmemBackend struct { root *radix.Tree permitPool *physical.PermitPool logger log.Logger + FailGet *uint32 + FailPut *uint32 + FailDelete *uint32 + FailList *uint32 } type TransactionalInmemBackend struct { @@ -39,6 +52,10 @@ func NewInmem(_ map[string]string, logger log.Logger) (physical.Backend, error) root: radix.New(), permitPool: physical.NewPermitPool(physical.DefaultParallelOperations), logger: logger, + FailGet: new(uint32), + FailPut: new(uint32), + FailDelete: new(uint32), + FailList: new(uint32), } return in, nil } @@ -51,6 +68,10 @@ func NewTransactionalInmem(_ map[string]string, logger log.Logger) (physical.Bac root: radix.New(), permitPool: physical.NewPermitPool(1), logger: logger, + FailGet: new(uint32), + FailPut: new(uint32), + FailDelete: new(uint32), + FailList: new(uint32), }, } return in, nil @@ -68,6 +89,10 @@ func (i *InmemBackend) Put(ctx context.Context, entry *physical.Entry) error { } func (i *InmemBackend) PutInternal(ctx context.Context, entry *physical.Entry) error { + if i.FailPut != nil && atomic.LoadUint32(i.FailPut) != 0 { + return PutDisabledError + } + i.root.Insert(entry.Key, entry.Value) return nil } @@ -84,6 +109,10 @@ func (i *InmemBackend) Get(ctx context.Context, key string) (*physical.Entry, er } func (i *InmemBackend) GetInternal(ctx context.Context, key string) (*physical.Entry, error) { + if i.FailGet != nil && atomic.LoadUint32(i.FailGet) != 0 { + return nil, GetDisabledError + } + if raw, ok := i.root.Get(key); ok { return &physical.Entry{ Key: key, @@ -105,6 +134,10 @@ func (i *InmemBackend) Delete(ctx context.Context, key string) error { } func (i *InmemBackend) DeleteInternal(ctx context.Context, key string) error { + if i.FailDelete != nil && atomic.LoadUint32(i.FailDelete) != 0 { + return DeleteDisabledError + } + i.root.Delete(key) return nil } @@ -122,6 +155,10 @@ func (i *InmemBackend) List(ctx context.Context, prefix string) ([]string, error } func (i *InmemBackend) ListInternal(prefix string) ([]string, error) { + if i.FailList != nil && atomic.LoadUint32(i.FailList) != 0 { + return nil, ListDisabledError + } + var out []string seen := make(map[string]interface{}) walkFn := func(s string, v interface{}) bool { From d343b8750bfbc92b3e8f368fa1c8d7dedd8cae37 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Mon, 12 Feb 2018 11:25:48 -0500 Subject: [PATCH 103/178] Refactor fail logic in inmem --- physical/inmem/inmem.go | 56 +++++++++++++++++++++++++++++------------ 1 file changed, 40 insertions(+), 16 deletions(-) diff --git a/physical/inmem/inmem.go b/physical/inmem/inmem.go index 4bd5772776d5..54ce7bec4ae3 100644 --- a/physical/inmem/inmem.go +++ b/physical/inmem/inmem.go @@ -36,10 +36,10 @@ type InmemBackend struct { root *radix.Tree permitPool *physical.PermitPool logger log.Logger - FailGet *uint32 - FailPut *uint32 - FailDelete *uint32 - FailList *uint32 + failGet uint32 + failPut uint32 + failDelete uint32 + failList uint32 } type TransactionalInmemBackend struct { @@ -52,10 +52,6 @@ func NewInmem(_ map[string]string, logger log.Logger) (physical.Backend, error) root: radix.New(), permitPool: physical.NewPermitPool(physical.DefaultParallelOperations), logger: logger, - FailGet: new(uint32), - FailPut: new(uint32), - FailDelete: new(uint32), - FailList: new(uint32), } return in, nil } @@ -68,10 +64,6 @@ func NewTransactionalInmem(_ map[string]string, logger log.Logger) (physical.Bac root: radix.New(), permitPool: physical.NewPermitPool(1), logger: logger, - FailGet: new(uint32), - FailPut: new(uint32), - FailDelete: new(uint32), - FailList: new(uint32), }, } return in, nil @@ -89,7 +81,7 @@ func (i *InmemBackend) Put(ctx context.Context, entry *physical.Entry) error { } func (i *InmemBackend) PutInternal(ctx context.Context, entry *physical.Entry) error { - if i.FailPut != nil && atomic.LoadUint32(i.FailPut) != 0 { + if atomic.LoadUint32(&i.failPut) != 0 { return PutDisabledError } @@ -97,6 +89,14 @@ func (i *InmemBackend) PutInternal(ctx context.Context, entry *physical.Entry) e return nil } +func (i *InmemBackend) FailPut(fail bool) { + var val uint32 + if fail { + val = 1 + } + atomic.StoreUint32(&i.failPut, val) +} + // Get is used to fetch an entry func (i *InmemBackend) Get(ctx context.Context, key string) (*physical.Entry, error) { i.permitPool.Acquire() @@ -109,7 +109,7 @@ func (i *InmemBackend) Get(ctx context.Context, key string) (*physical.Entry, er } func (i *InmemBackend) GetInternal(ctx context.Context, key string) (*physical.Entry, error) { - if i.FailGet != nil && atomic.LoadUint32(i.FailGet) != 0 { + if atomic.LoadUint32(&i.failGet) != 0 { return nil, GetDisabledError } @@ -122,6 +122,14 @@ func (i *InmemBackend) GetInternal(ctx context.Context, key string) (*physical.E return nil, nil } +func (i *InmemBackend) FailGet(fail bool) { + var val uint32 + if fail { + val = 1 + } + atomic.StoreUint32(&i.failGet, val) +} + // Delete is used to permanently delete an entry func (i *InmemBackend) Delete(ctx context.Context, key string) error { i.permitPool.Acquire() @@ -134,7 +142,7 @@ func (i *InmemBackend) Delete(ctx context.Context, key string) error { } func (i *InmemBackend) DeleteInternal(ctx context.Context, key string) error { - if i.FailDelete != nil && atomic.LoadUint32(i.FailDelete) != 0 { + if atomic.LoadUint32(&i.failDelete) != 0 { return DeleteDisabledError } @@ -142,6 +150,14 @@ func (i *InmemBackend) DeleteInternal(ctx context.Context, key string) error { return nil } +func (i *InmemBackend) FailDelete(fail bool) { + var val uint32 + if fail { + val = 1 + } + atomic.StoreUint32(&i.failDelete, val) +} + // List is used ot list all the keys under a given // prefix, up to the next prefix. func (i *InmemBackend) List(ctx context.Context, prefix string) ([]string, error) { @@ -155,7 +171,7 @@ func (i *InmemBackend) List(ctx context.Context, prefix string) ([]string, error } func (i *InmemBackend) ListInternal(prefix string) ([]string, error) { - if i.FailList != nil && atomic.LoadUint32(i.FailList) != 0 { + if atomic.LoadUint32(&i.failList) != 0 { return nil, ListDisabledError } @@ -180,6 +196,14 @@ func (i *InmemBackend) ListInternal(prefix string) ([]string, error) { return out, nil } +func (i *InmemBackend) FailList(fail bool) { + var val uint32 + if fail { + val = 1 + } + atomic.StoreUint32(&i.failList, val) +} + // Implements the transaction interface func (t *TransactionalInmemBackend) Transaction(ctx context.Context, txns []*physical.TxnEntry) error { t.permitPool.Acquire() From ce025b953f0ed16fd2693e66e646a090e6b98c03 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Mon, 12 Feb 2018 15:20:07 -0500 Subject: [PATCH 104/178] Document the disable_sealwrap parameter --- .../source/docs/configuration/index.html.md | 15 ++++++++++----- .../docs/enterprise/sealwrap/index.html.md | 18 ++++++++++++++++++ 2 files changed, 28 insertions(+), 5 deletions(-) diff --git a/website/source/docs/configuration/index.html.md b/website/source/docs/configuration/index.html.md index 83d69e07fa2b..8587d3051df5 100644 --- a/website/source/docs/configuration/index.html.md +++ b/website/source/docs/configuration/index.html.md @@ -51,16 +51,17 @@ to specify where the configuration is. storage backend supports HA coordination and if HA specific options are already specified with `storage` parameter. -- `cluster_name` `(string: )` – Specifies the identifier for the - Vault cluster. If omitted, Vault will generate a value. When connecting to - Vault Enterprise, this value will be used in the interface. - - `listener` ([Listener][listener]: \) – Configures how Vault is listening for API requests. - `seal` ([Seal][seal]: nil) – Configures the seal type to use for + auto-unsealing, as well as for [seal wrapping][sealwrap] as an additional layer of data protection. +- `cluster_name` `(string: )` – Specifies the identifier for the + Vault cluster. If omitted, Vault will generate a value. When connecting to + Vault Enterprise, this value will be used in the interface. + - `cache_size` `(string: "32000")` – Specifies the size of the read cache used by the physical storage subsystem. The value is in number of entries, so the total cache size depends on the size of stored entries. @@ -95,6 +96,10 @@ to specify where the configuration is. LimitMEMLOCK=infinity ``` +- `disable_sealwrap` `(bool: false)` – Disables using seal wrapping for any + value except the master key. If this value is toggled, the new behavior will + happen lazily (as values are read or written). + - `plugin_directory` `(string: "")` – A directory from which plugins are allowed to be loaded. Vault must have permission to read files in this directory to successfully load plugins. @@ -147,4 +152,4 @@ The following parameters are used on backends that support [high availability][h [sealwrap]: /docs/enterprise/sealwrap/index.html [telemetry]: /docs/configuration/telemetry.html [high-availability]: /docs/concepts/ha.html -[plugins]: /docs/plugin/index.html \ No newline at end of file +[plugins]: /docs/plugin/index.html diff --git a/website/source/docs/enterprise/sealwrap/index.html.md b/website/source/docs/enterprise/sealwrap/index.html.md index 5b33558fe21b..9a3425d204c6 100644 --- a/website/source/docs/enterprise/sealwrap/index.html.md +++ b/website/source/docs/enterprise/sealwrap/index.html.md @@ -18,6 +18,24 @@ To use this feature, you must have an active or trial license for Vault Enterprise (HSMs) or Vault Pro (AWS KMS). To start a trial, contact [HashiCorp sales](mailto:sales@hashicorp.com). +## Enabling/Disabling + +Seal Wrapping is enabled by default on supporting seals. This implies that the +seal must be available throughout Vault's runtime. Most cloud-based seals +should be quite reliable, but, for instance, if using an HSM in a non-HA setup +a connection interruption to the HSM will result in issues with Vault +functionality. + +To disable seal wrapping, set `disable_sealwrap = true` in Vault's +configuration file. This will not affect auto-unsealing functionality; Vault's +master key will still be protected by the seal wrapping mechanism. It will +simply prevent other storage entries within Vault from being seal wrapped. + +*N.B.*: This is a lazy downgrade; as keys are accessed or written their seal +wrapping status will change. Similarly, if the flag is removed, it will be a +lazy upgrade (which is the case when initially upgrading to a Seal Wrap +supporting version of Vault). + ## FIPS 140-2 Compliance Vault's Seal Wrap feature has been evaluated by Leidos for compliance with From f125cda32426c4cc455e9a1d433a606a028cdae3 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Mon, 12 Feb 2018 15:28:06 -0500 Subject: [PATCH 105/178] Minor website wording updates --- website/source/docs/configuration/index.html.md | 6 +++--- .../docs/enterprise/sealwrap/index.html.md | 16 +++++++++------- 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/website/source/docs/configuration/index.html.md b/website/source/docs/configuration/index.html.md index 8587d3051df5..f36ca109aa4d 100644 --- a/website/source/docs/configuration/index.html.md +++ b/website/source/docs/configuration/index.html.md @@ -96,9 +96,9 @@ to specify where the configuration is. LimitMEMLOCK=infinity ``` -- `disable_sealwrap` `(bool: false)` – Disables using seal wrapping for any - value except the master key. If this value is toggled, the new behavior will - happen lazily (as values are read or written). +- `disable_sealwrap` `(bool: false)` – Disables using [seal wrapping][sealwrap] + for any value except the master key. If this value is toggled, the new + behavior will happen lazily (as values are read or written). - `plugin_directory` `(string: "")` – A directory from which plugins are allowed to be loaded. Vault must have permission to read files in this diff --git a/website/source/docs/enterprise/sealwrap/index.html.md b/website/source/docs/enterprise/sealwrap/index.html.md index 9a3425d204c6..e53e56e17d47 100644 --- a/website/source/docs/enterprise/sealwrap/index.html.md +++ b/website/source/docs/enterprise/sealwrap/index.html.md @@ -20,21 +20,21 @@ sales](mailto:sales@hashicorp.com). ## Enabling/Disabling -Seal Wrapping is enabled by default on supporting seals. This implies that the -seal must be available throughout Vault's runtime. Most cloud-based seals -should be quite reliable, but, for instance, if using an HSM in a non-HA setup -a connection interruption to the HSM will result in issues with Vault +Seal Wrap is enabled by default on supporting seals. This implies that the seal +must be available throughout Vault's runtime. Most cloud-based seals should be +quite reliable, but, for instance, if using an HSM in a non-HA setup a +connection interruption to the HSM will result in issues with Vault functionality. To disable seal wrapping, set `disable_sealwrap = true` in Vault's -configuration file. This will not affect auto-unsealing functionality; Vault's +[configuration file][configuration]. This will not affect auto-unsealing functionality; Vault's master key will still be protected by the seal wrapping mechanism. It will simply prevent other storage entries within Vault from being seal wrapped. *N.B.*: This is a lazy downgrade; as keys are accessed or written their seal wrapping status will change. Similarly, if the flag is removed, it will be a -lazy upgrade (which is the case when initially upgrading to a Seal Wrap -supporting version of Vault). +lazy upgrade (which is the case when initially upgrading to a seal +wrap-supporting version of Vault). ## FIPS 140-2 Compliance @@ -106,3 +106,5 @@ replication traffic; in the meantime, a transparent TCP proxy that supports certified FIPS 140-2 TLS (such as [stunnel](https://www.stunnel.org/index.html)) can be used for replication traffic if meeting KeyTransit requirements for replication is necessary. + +[configuration]: /docs/configuration/index.html From a946443711162457f2df832ff9a968fed6cff26e Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Mon, 12 Feb 2018 16:11:59 -0500 Subject: [PATCH 106/178] Validate Consul service name is RFC 1123 compliant (#3961) --- physical/consul/consul.go | 8 ++++++++ physical/consul/consul_test.go | 35 ++++++++++++++++++++++++++++++---- 2 files changed, 39 insertions(+), 4 deletions(-) diff --git a/physical/consul/consul.go b/physical/consul/consul.go index 3286209c7448..4609d9eff4bc 100644 --- a/physical/consul/consul.go +++ b/physical/consul/consul.go @@ -8,6 +8,7 @@ import ( "net" "net/http" "net/url" + "regexp" "strconv" "strings" "sync" @@ -73,6 +74,10 @@ var _ physical.HABackend = (*ConsulBackend)(nil) var _ physical.Lock = (*ConsulLock)(nil) var _ physical.Transactional = (*ConsulBackend)(nil) +var ( + hostnameRegex = regexp.MustCompile(`^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$`) +) + // ConsulBackend is a physical backend that stores data at specific // prefix within Consul. It is used for most production situations as // it allows Vault to run on multiple machines in a highly-available manner. @@ -136,6 +141,9 @@ func NewConsulBackend(conf map[string]string, logger log.Logger) (physical.Backe if !ok { service = DefaultServiceName } + if !hostnameRegex.MatchString(service) { + return nil, errors.New("service name must be valid per RFC 1123 and can contain only alphanumeric characters or dashes") + } if logger.IsDebug() { logger.Debug("physical/consul: config service set", "service", service) } diff --git a/physical/consul/consul_test.go b/physical/consul/consul_test.go index 4d3230c75481..8be1fe956d21 100644 --- a/physical/consul/consul_test.go +++ b/physical/consul/consul_test.go @@ -343,36 +343,63 @@ func TestConsul_NotifySealedStateChange(t *testing.T) { } func TestConsul_serviceID(t *testing.T) { - passingTests := []struct { + tests := []struct { name string redirectAddr string serviceName string expected string + valid bool }{ { name: "valid host w/o slash", redirectAddr: "http://127.0.0.1:8200", serviceName: "sea-tech-astronomy", expected: "sea-tech-astronomy:127.0.0.1:8200", + valid: true, }, { name: "valid host w/ slash", redirectAddr: "http://127.0.0.1:8200/", serviceName: "sea-tech-astronomy", expected: "sea-tech-astronomy:127.0.0.1:8200", + valid: true, }, { name: "valid https host w/ slash", redirectAddr: "https://127.0.0.1:8200/", serviceName: "sea-tech-astronomy", expected: "sea-tech-astronomy:127.0.0.1:8200", + valid: true, + }, + { + name: "invalid host name", + redirectAddr: "https://127.0.0.1:8200/", + serviceName: "sea_tech_astronomy", + expected: "", + valid: false, }, } - for _, test := range passingTests { - c := testConsulBackendConfig(t, &consulConf{ + logger := logformat.NewVaultLogger(log.LevelTrace) + + for _, test := range tests { + be, err := NewConsulBackend(consulConf{ "service": test.serviceName, - }) + }, logger) + if !test.valid { + if err == nil { + t.Fatalf("expected an error initializing for name %q", test.serviceName) + } + continue + } + if test.valid && err != nil { + t.Fatalf("expected Consul to initialize: %v", err) + } + + c, ok := be.(*ConsulBackend) + if !ok { + t.Fatalf("Expected ConsulBackend") + } if err := c.setRedirectAddr(test.redirectAddr); err != nil { t.Fatalf("bad: %s %v", test.name, err) From c3c4d6f62e2bd42453dd0125907999d43673740d Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Mon, 12 Feb 2018 16:12:42 -0500 Subject: [PATCH 107/178] changelog++ --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index ed5d5b5d8db2..7f7c47cf30d9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -30,6 +30,7 @@ BUG FIXES: [GH-3918] * secret/transit: Fix auditing when reading a key after it has been backed up or restored [GH-3919] + * storage/consul: Validate that service names are RFC 1123 compliant [GH-3960] * storage/etcd3: Fix memory ballooning with standby instances [GH-3798] * storage/etcd3: Fix large lists (like token loading at startup) not being handled [GH-3772] From 3ce120e0f9b5204a1085028b979ee5234f21898c Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Mon, 12 Feb 2018 17:27:28 -0500 Subject: [PATCH 108/178] Add transaction-like behavior for Transit persists. (#3959) --- helper/keysutil/policy.go | 81 ++++++- helper/keysutil/policy_test.go | 197 +++++++++++++++++- .../source/docs/secrets/transit/index.html.md | 19 ++ 3 files changed, 287 insertions(+), 10 deletions(-) diff --git a/helper/keysutil/policy.go b/helper/keysutil/policy.go index a45b1a772b71..fc7a674b5d3d 100644 --- a/helper/keysutil/policy.go +++ b/helper/keysutil/policy.go @@ -325,7 +325,6 @@ func (p *Policy) handleArchiving(ctx context.Context, storage logical.Storage) e if !keysContainsMinimum { // Need to move keys *from* archive - for i := p.MinDecryptionVersion; i <= p.LatestVersion; i++ { p.Keys[strconv.Itoa(i)] = archive.Keys[i] } @@ -366,7 +365,29 @@ func (p *Policy) handleArchiving(ctx context.Context, storage logical.Storage) e return nil } -func (p *Policy) Persist(ctx context.Context, storage logical.Storage) error { +func (p *Policy) Persist(ctx context.Context, storage logical.Storage) (retErr error) { + // Other functions will take care of restoring other values; this is just + // responsible for archiving and keys since the archive function can modify + // keys. At the moment one of the other functions calling persist will also + // roll back keys, but better safe than sorry and this doesn't happen + // enough to worry about the speed tradeoff. + priorArchiveVersion := p.ArchiveVersion + var priorKeys keyEntryMap + + if p.Keys != nil { + priorKeys = keyEntryMap{} + for k, v := range p.Keys { + priorKeys[k] = v + } + } + + defer func() { + if retErr != nil { + p.ArchiveVersion = priorArchiveVersion + p.Keys = priorKeys + } + }() + err := p.handleArchiving(ctx, storage) if err != nil { return err @@ -429,7 +450,30 @@ func (p *Policy) NeedsUpgrade() bool { return false } -func (p *Policy) Upgrade(ctx context.Context, storage logical.Storage) error { +func (p *Policy) Upgrade(ctx context.Context, storage logical.Storage) (retErr error) { + priorKey := p.Key + priorLatestVersion := p.LatestVersion + priorMinDecryptionVersion := p.MinDecryptionVersion + priorConvergentVersion := p.ConvergentVersion + var priorKeys keyEntryMap + + if p.Keys != nil { + priorKeys = keyEntryMap{} + for k, v := range p.Keys { + priorKeys[k] = v + } + } + + defer func() { + if retErr != nil { + p.Key = priorKey + p.LatestVersion = priorLatestVersion + p.MinDecryptionVersion = priorMinDecryptionVersion + p.ConvergentVersion = priorConvergentVersion + p.Keys = priorKeys + } + }() + persistNeeded := false // Ensure we've moved from Key -> Keys if p.Key != nil && len(p.Key) > 0 { @@ -955,7 +999,26 @@ func (p *Policy) VerifySignature(context, input []byte, sig, algorithm string) ( } } -func (p *Policy) Rotate(ctx context.Context, storage logical.Storage) error { +func (p *Policy) Rotate(ctx context.Context, storage logical.Storage) (retErr error) { + priorLatestVersion := p.LatestVersion + priorMinDecryptionVersion := p.MinDecryptionVersion + var priorKeys keyEntryMap + + if p.Keys != nil { + priorKeys = keyEntryMap{} + for k, v := range p.Keys { + priorKeys[k] = v + } + } + + defer func() { + if retErr != nil { + p.LatestVersion = priorLatestVersion + p.MinDecryptionVersion = priorMinDecryptionVersion + p.Keys = priorKeys + } + }() + if p.Keys == nil { // This is an initial key rotation when generating a new policy. We // don't need to call migrate here because if we've called getPolicy to @@ -1052,7 +1115,7 @@ func (p *Policy) MigrateKeyToKeysMap() { } // Backup should be called with an exclusive lock held on the policy -func (p *Policy) Backup(ctx context.Context, storage logical.Storage) (string, error) { +func (p *Policy) Backup(ctx context.Context, storage logical.Storage) (out string, retErr error) { if !p.Exportable { return "", fmt.Errorf("exporting is disallowed on the policy") } @@ -1061,6 +1124,14 @@ func (p *Policy) Backup(ctx context.Context, storage logical.Storage) (string, e return "", fmt.Errorf("plaintext backup is disallowed on the policy") } + priorBackupInfo := p.BackupInfo + + defer func() { + if retErr != nil { + p.BackupInfo = priorBackupInfo + } + }() + // Create a record of this backup operation in the policy p.BackupInfo = &BackupInfo{ Time: time.Now(), diff --git a/helper/keysutil/policy_test.go b/helper/keysutil/policy_test.go index 4d2513889366..d1e745fea17f 100644 --- a/helper/keysutil/policy_test.go +++ b/helper/keysutil/policy_test.go @@ -9,6 +9,7 @@ import ( "github.com/hashicorp/vault/helper/jsonutil" "github.com/hashicorp/vault/logical" + "github.com/mitchellh/copystructure" ) func TestPolicy_KeyEntryMapUpgrade(t *testing.T) { @@ -245,15 +246,13 @@ func testArchivingCommon(t *testing.T, lm *LockManager) { KeyType: KeyType_AES256_GCM96, Name: "test", }) - if lock != nil { - defer lock.RUnlock() - } if err != nil { t.Fatal(err) } - if p == nil { - t.Fatal("nil policy") + if p == nil || lock == nil { + t.Fatal("nil policy or lock") } + lock.RUnlock() // Store the initial key in the archive keysArchive := []KeyEntry{KeyEntry{}, p.Keys["1"]} @@ -388,3 +387,191 @@ func checkKeys(t *testing.T, } } } + +func Test_StorageErrorSafety(t *testing.T) { + ctx := context.Background() + lm := NewLockManager(false) + + storage := &logical.InmemStorage{} + p, lock, _, err := lm.GetPolicyUpsert(ctx, PolicyRequest{ + Storage: storage, + KeyType: KeyType_AES256_GCM96, + Name: "test", + }) + if err != nil { + t.Fatal(err) + } + if p == nil || lock == nil { + t.Fatal("nil policy or lock") + } + lock.RUnlock() + + // Store the initial key in the archive + keysArchive := []KeyEntry{KeyEntry{}, p.Keys["1"]} + checkKeys(t, ctx, p, storage, keysArchive, "initial", 1, 1, 1) + + // We use checkKeys here just for sanity; it doesn't really handle cases of + // errors below so we do more targeted testing later + for i := 2; i <= 5; i++ { + err = p.Rotate(ctx, storage) + if err != nil { + t.Fatal(err) + } + keysArchive = append(keysArchive, p.Keys[strconv.Itoa(i)]) + checkKeys(t, ctx, p, storage, keysArchive, "rotate", i, i, i) + } + + underlying := storage.Underlying() + underlying.FailPut(true) + + priorLen := len(p.Keys) + + err = p.Rotate(ctx, storage) + if err == nil { + t.Fatal("expected error") + } + + if len(p.Keys) != priorLen { + t.Fatal("length of keys should not have changed") + } +} + +func Test_BadUpgrade(t *testing.T) { + ctx := context.Background() + lm := NewLockManager(false) + storage := &logical.InmemStorage{} + p, lock, _, err := lm.GetPolicyUpsert(ctx, PolicyRequest{ + Storage: storage, + KeyType: KeyType_AES256_GCM96, + Name: "test", + }) + if err != nil { + t.Fatal(err) + } + if p == nil || lock == nil { + t.Fatal("nil policy or lock") + } + lock.RUnlock() + + orig, err := copystructure.Copy(p) + if err != nil { + t.Fatal(err) + } + + p.Key = p.Keys["1"].Key + p.Keys = nil + p.MinDecryptionVersion = 0 + + if err := p.Upgrade(ctx, storage); err != nil { + t.Fatal(err) + } + + k := p.Keys["1"] + o := orig.(*Policy).Keys["1"] + k.CreationTime = o.CreationTime + k.HMACKey = o.HMACKey + p.Keys["1"] = k + + if !reflect.DeepEqual(orig, p) { + t.Fatalf("not equal:\n%#v\n%#v", orig, p) + } + + // Do it again with a failing storage call + underlying := storage.Underlying() + underlying.FailPut(true) + + p.Key = p.Keys["1"].Key + p.Keys = nil + p.MinDecryptionVersion = 0 + + if err := p.Upgrade(ctx, storage); err == nil { + t.Fatal("expected error") + } + + if p.MinDecryptionVersion == 1 { + t.Fatal("min decryption version was changed") + } + if p.Keys != nil { + t.Fatal("found upgraded keys") + } + if p.Key == nil { + t.Fatal("non-upgraded key not found") + } +} + +func Test_BadArchive(t *testing.T) { + ctx := context.Background() + lm := NewLockManager(false) + storage := &logical.InmemStorage{} + p, lock, _, err := lm.GetPolicyUpsert(ctx, PolicyRequest{ + Storage: storage, + KeyType: KeyType_AES256_GCM96, + Name: "test", + }) + if err != nil { + t.Fatal(err) + } + if p == nil || lock == nil { + t.Fatal("nil policy or lock") + } + lock.RUnlock() + + for i := 2; i <= 10; i++ { + err = p.Rotate(ctx, storage) + if err != nil { + t.Fatal(err) + } + } + + p.MinDecryptionVersion = 5 + if err := p.Persist(ctx, storage); err != nil { + t.Fatal(err) + } + if p.ArchiveVersion != 10 { + t.Fatalf("unexpected archive version %d", p.ArchiveVersion) + } + if len(p.Keys) != 6 { + t.Fatalf("unexpected key length %d", len(p.Keys)) + } + + // Set back + p.MinDecryptionVersion = 1 + if err := p.Persist(ctx, storage); err != nil { + t.Fatal(err) + } + if p.ArchiveVersion != 10 { + t.Fatalf("unexpected archive version %d", p.ArchiveVersion) + } + if len(p.Keys) != 10 { + t.Fatalf("unexpected key length %d", len(p.Keys)) + } + + // Run it again but we'll turn off storage along the way + p.MinDecryptionVersion = 5 + if err := p.Persist(ctx, storage); err != nil { + t.Fatal(err) + } + if p.ArchiveVersion != 10 { + t.Fatalf("unexpected archive version %d", p.ArchiveVersion) + } + if len(p.Keys) != 6 { + t.Fatalf("unexpected key length %d", len(p.Keys)) + } + + underlying := storage.Underlying() + underlying.FailPut(true) + + // Set back, which should cause p.Keys to be changed if the persist works, + // but it doesn't + p.MinDecryptionVersion = 1 + if err := p.Persist(ctx, storage); err == nil { + t.Fatal("expected error during put") + } + if p.ArchiveVersion != 10 { + t.Fatalf("unexpected archive version %d", p.ArchiveVersion) + } + // Here's the expected change + if len(p.Keys) != 6 { + t.Fatalf("unexpected key length %d", len(p.Keys)) + } +} diff --git a/website/source/docs/secrets/transit/index.html.md b/website/source/docs/secrets/transit/index.html.md index ed712cd9a4ca..a238afe7a762 100644 --- a/website/source/docs/secrets/transit/index.html.md +++ b/website/source/docs/secrets/transit/index.html.md @@ -29,6 +29,25 @@ bit length be returned to them, encrypted with the named key. Normally this will also return the key in plaintext to allow for immediate use, but this can be disabled to accommodate auditing requirements. +## Working Set Management + +This secrets engine does not currently delete keys. Keys that are out of the +working set (earlier than a key's specified `min_decryption_version` are +instead archived. This is a performance consideration to keep key loading fast, +as well as a security consideration: by disallowing decryption of old versions +of keys, found ciphertext corresponding to obsolete (but sensitive) data can +not be decrypted by most users, but in an emergency the +`min_decryption_version` can be moved back to allow for legitimate decryption. + +Currently this archive is stored in a single storage entry. With some storage +backends, notably those using Raft or Paxos for HA capabilities, frequent +rotation may lead to a storage entry size for the archive that is larger than +the storage backend can handle. For frequent rotation needs, using named keys +that correspond to time bounds (e.g. five-minute periods floored to the closest +multiple of five) may provide a good alternative, allowing for several keys to +be live at once and a deterministic way to decide which key to use at any given +time. + ## Setup Most secrets engines must be configured in advance before they can perform their From a8a6fda23653999a5e7f754d330c8f2bae383b32 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Mon, 12 Feb 2018 17:28:11 -0500 Subject: [PATCH 109/178] changelog++ --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7f7c47cf30d9..2efe2bbddadb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -30,6 +30,8 @@ BUG FIXES: [GH-3918] * secret/transit: Fix auditing when reading a key after it has been backed up or restored [GH-3919] + * secret/transit: Fix storage/memory consistency when persistence fails + [GH-3959] * storage/consul: Validate that service names are RFC 1123 compliant [GH-3960] * storage/etcd3: Fix memory ballooning with standby instances [GH-3798] * storage/etcd3: Fix large lists (like token loading at startup) not being From d4465fdfcdc13c5777c3308561581c02e6af8511 Mon Sep 17 00:00:00 2001 From: Joel Thompson Date: Mon, 12 Feb 2018 15:39:17 -0700 Subject: [PATCH 110/178] auth/aws: Improve role tag docs as suggested on mailing list (#3915) Fixes the ambiguity called out in https://groups.google.com/forum/#!msg/vault-tool/X3s7YY0An_w/yH0KFQxlBgAJ --- website/source/api/auth/aws/index.html.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/website/source/api/auth/aws/index.html.md b/website/source/api/auth/aws/index.html.md index 9182ec41eef2..9a2f13c0d5f6 100644 --- a/website/source/api/auth/aws/index.html.md +++ b/website/source/api/auth/aws/index.html.md @@ -821,7 +821,7 @@ given instance can be allowed to gain in a worst-case scenario. ```json { - "policies": ["default", "prod"] + "policies": ["default", "dev-api"] } ``` @@ -832,7 +832,7 @@ $ curl \ --header "X-Vault-Token: ..." \ --request POST \ --data @payload.json \ - https://vault.rocks/v1/auth/aws/role/dev-role/tag + https://vault.rocks/v1/auth/aws/role/dev-api-and-web-role/tag ``` ### Sample Response @@ -840,7 +840,7 @@ $ curl \ ```json { "data": { - "tag_value": "v1:09Vp0qGuyB8=:r=dev-role:p=default,prod:d=false:t=300h0m0s:uPLKCQxqsefRhrp1qmVa1wsQVUXXJG8UZP/pJIdVyOI=", + "tag_value": "v1:09Vp0qGuyB8=:r=dev-role:p=default,dev-api:d=false:t=300h0m0s:uPLKCQxqsefRhrp1qmVa1wsQVUXXJG8UZP/pJIdVyOI=", "tag_key": "VaultRole" } } From 51a2aaee4cb0e5e0f69666e2b5846b81357a77af Mon Sep 17 00:00:00 2001 From: rmbrad Date: Mon, 12 Feb 2018 17:53:34 -0500 Subject: [PATCH 111/178] Fixes for SSH command CA mode (#3922) * Add `valid-principals` flag to SSH command CA mode options * Fix SSH command CA mode host certificate validation --- command/ssh.go | 36 ++++++++++++++++++++++++++---------- 1 file changed, 26 insertions(+), 10 deletions(-) diff --git a/command/ssh.go b/command/ssh.go index 8d2922cecda3..b0e43a7070cb 100644 --- a/command/ssh.go +++ b/command/ssh.go @@ -38,6 +38,7 @@ type SSHCommand struct { flagPrivateKeyPath string flagHostKeyMountPoint string flagHostKeyHostnames string + flagValidPrincipals string } func (c *SSHCommand) Synopsis() string { @@ -191,6 +192,16 @@ func (c *SSHCommand) Flags() *FlagSets { "list of values.", }) + f.StringVar(&StringVar{ + Name: "valid-principals", + Target: &c.flagValidPrincipals, + Default: "", + EnvVar: "", + Completion: complete.PredictAnything, + Usage: "List of valid principal names to include in the generated " + + "user certificate. This is specified as a comma-separated list of values.", + }) + return set } @@ -232,7 +243,7 @@ func (c *SSHCommand) Run(args []string) int { } // Extract the username and IP. - username, ip, err := c.userAndIP(args[0]) + username, hostname, ip, err := c.userHostAndIP(args[0]) if err != nil { c.UI.Error(fmt.Sprintf("Error parsing user and IP: %s", err)) return 1 @@ -317,7 +328,7 @@ func (c *SSHCommand) Run(args []string) int { switch strings.ToLower(c.flagMode) { case ssh.KeyTypeCA: - return c.handleTypeCA(username, ip, sshArgs) + return c.handleTypeCA(username, hostname, ip, sshArgs) case ssh.KeyTypeOTP: return c.handleTypeOTP(username, ip, sshArgs) case ssh.KeyTypeDynamic: @@ -329,7 +340,7 @@ func (c *SSHCommand) Run(args []string) int { } // handleTypeCA is used to handle SSH logins using the "CA" key type. -func (c *SSHCommand) handleTypeCA(username, ip string, sshArgs []string) int { +func (c *SSHCommand) handleTypeCA(username, hostname, ip string, sshArgs []string) int { // Read the key from disk publicKey, err := ioutil.ReadFile(c.flagPublicKeyPath) if err != nil { @@ -340,12 +351,17 @@ func (c *SSHCommand) handleTypeCA(username, ip string, sshArgs []string) int { sshClient := c.client.SSHWithMountPoint(c.flagMountPoint) + var principals = username + if c.flagValidPrincipals != "" { + principals = c.flagValidPrincipals + } + // Attempt to sign the public key secret, err := sshClient.SignKey(c.flagRole, map[string]interface{}{ // WARNING: publicKey is []byte, which is b64 encoded on JSON upload. We // have to convert it to a string. SV lost many hours to this... "public_key": string(publicKey), - "valid_principals": username, + "valid_principals": principals, "cert_type": "user", // TODO: let the user configure these. In the interim, if users want to @@ -436,7 +452,7 @@ func (c *SSHCommand) handleTypeCA(username, ip string, sshArgs []string) int { "-i", signedPublicKeyPath, "-o UserKnownHostsFile=" + userKnownHostsFile, "-o StrictHostKeyChecking=" + strictHostKeyChecking, - username + "@" + ip, + username + "@" + hostname, }, sshArgs...) cmd := exec.Command("ssh", args...) @@ -709,7 +725,7 @@ func (c *SSHCommand) defaultRole(mountPoint, ip string) (string, error) { // userAndIP takes an argument in the format foo@1.2.3.4 and separates the IP // and user parts, returning any errors. -func (c *SSHCommand) userAndIP(s string) (string, string, error) { +func (c *SSHCommand) userHostAndIP(s string) (string, string, string, error) { // split the parameter username@ip input := strings.Split(s, "@") var username, address string @@ -722,22 +738,22 @@ func (c *SSHCommand) userAndIP(s string) (string, string, error) { case 1: u, err := user.Current() if err != nil { - return "", "", errors.Wrap(err, "failed to fetch current user") + return "", "", "", errors.Wrap(err, "failed to fetch current user") } username, address = u.Username, input[0] case 2: username, address = input[0], input[1] default: - return "", "", fmt.Errorf("invalid arguments: %q", s) + return "", "", "", fmt.Errorf("invalid arguments: %q", s) } // Resolving domain names to IP address on the client side. // Vault only deals with IP addresses. ipAddr, err := net.ResolveIPAddr("ip", address) if err != nil { - return "", "", errors.Wrap(err, "failed to resolve IP address") + return "", "", "", errors.Wrap(err, "failed to resolve IP address") } ip := ipAddr.String() - return username, ip, nil + return username, address, ip, nil } From d2324066c4235f305d4ef6637ea4fcb48a08f49c Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Mon, 12 Feb 2018 17:54:15 -0500 Subject: [PATCH 112/178] changelog++ --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2efe2bbddadb..9636367d46e5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ IMPROVEMENTS: * secret/pki: Add a flag to make the common name optional on certs [GH-3940] * secret/pki: Ensure only DNS-compatible names go into DNS SANs; additionally, properly handle IDNA transformations for these DNS names [GH-3953] + * secret/ssh: Add `valid-principles` flag to CLI for CA mode [GH-3922] BUG FIXES: From 3189278c847abf8e8053905302f63f184309dd7f Mon Sep 17 00:00:00 2001 From: Calvin Leung Huang Date: Mon, 12 Feb 2018 18:12:16 -0500 Subject: [PATCH 113/178] CLI Enhancements (#3897) * Use Colored UI if stdout is a tty * Add format options to operator unseal * Add format test on operator unseal * Add -no-color output flag, and use BasicUi if no-color flag is provided * Move seal status formatting logic to OutputSealStatus * Apply no-color to warnings from DeprecatedCommands as well * Add OutputWithFormat to support arbitrary data, add format option to auth list * Add ability to output arbitrary list data on TableFormatter * Clear up switch logic on format * Add format option for list-related commands * Add format option to rest of commands that returns a client API response * Remove initOutputYAML and initOutputJSON, and use OutputWithFormat instead * Remove outputAsYAML and outputAsJSON, and use OutputWithFormat instead * Remove -no-color flag, use env var exclusively to toggle colored output * Fix compile * Remove -no-color flag in main.go * Add missing FlagSetOutputFormat * Fix generate-root/decode test * Migrate init functions to main.go * Add no-color flag back as hidden * Handle non-supported data types for TableFormatter.OutputList * Pull formatting much further up to remove the need to use c.flagFormat (#3950) * Pull formatting much further up to remove the need to use c.flagFormat Also remove OutputWithFormat as the logic can cause issues. * Use const for env var * Minor updates * Remove unnecessary check * Fix SSH output and some tests * Fix tests * Make race detector not run on generate root since it kills Travis these days * Update docs * Update docs * Address review feedback * Handle --format as well as -format --- api/sys_generate_root.go | 10 +- api/sys_rekey.go | 26 ++--- command/audit_list.go | 16 ++- command/auth_list.go | 19 +-- command/base.go | 12 +- command/commands.go | 32 ++---- command/format.go | 86 ++++++++++---- command/format_test.go | 65 ++++++++++- command/lease_renew.go | 2 +- command/lease_renew_test.go | 12 -- command/list.go | 4 +- command/list_test.go | 18 --- command/login.go | 8 +- command/main.go | 108 +++++++++++++++++- command/operator_generate_root.go | 24 +++- command/operator_generate_root_test.go | 14 +++ command/operator_init.go | 31 +---- command/operator_key_status.go | 11 +- command/operator_rekey.go | 19 ++- command/operator_unseal.go | 2 +- command/operator_unseal_test.go | 35 ++++++ command/policies_deprecated.go | 1 + command/policy_list.go | 15 ++- command/policy_read.go | 14 ++- command/read.go | 2 +- command/read_test.go | 18 --- command/rotate.go | 15 ++- command/secrets_list.go | 16 ++- command/ssh.go | 12 +- command/status.go | 10 +- command/token_capabilities.go | 13 ++- command/token_create.go | 2 +- command/token_create_test.go | 16 --- command/token_lookup.go | 2 +- command/token_lookup_test.go | 12 -- command/token_renew.go | 2 +- command/token_renew_test.go | 12 -- command/unwrap.go | 4 +- command/unwrap_test.go | 12 -- command/util.go | 2 + command/write.go | 4 +- .../source/docs/commands/audit/list.html.md | 8 ++ .../source/docs/commands/auth/list.html.md | 8 ++ website/source/docs/commands/index.html.md | 4 + website/source/docs/commands/login.html.md | 4 +- .../commands/operator/generate-root.html.md | 8 ++ .../docs/commands/operator/key-status.html.md | 10 +- .../docs/commands/operator/rekey.html.md | 8 +- .../docs/commands/operator/rotate.html.md | 10 +- .../docs/commands/operator/unseal.html.md | 8 ++ .../source/docs/commands/policy/list.html.md | 11 +- .../source/docs/commands/policy/read.html.md | 10 +- website/source/docs/commands/read.html.md | 2 +- .../source/docs/commands/secrets/list.html.md | 8 ++ website/source/docs/commands/ssh.html.md | 2 +- website/source/docs/commands/status.html.md | 10 +- .../docs/commands/token/capabilities.html.md | 10 +- .../source/docs/commands/token/create.html.md | 2 +- website/source/docs/commands/unwrap.html.md | 2 +- website/source/docs/commands/write.html.md | 2 +- 60 files changed, 578 insertions(+), 287 deletions(-) diff --git a/api/sys_generate_root.go b/api/sys_generate_root.go index 410ccf4c6078..adb5496d4e4f 100644 --- a/api/sys_generate_root.go +++ b/api/sys_generate_root.go @@ -99,11 +99,11 @@ func (c *Sys) generateRootUpdateCommon(path, shard, nonce string) (*GenerateRoot } type GenerateRootStatusResponse struct { - Nonce string - Started bool - Progress int - Required int - Complete bool + Nonce string `json:"nonce"` + Started bool `json:"started"` + Progress int `json:"progress"` + Required int `json:"required"` + Complete bool `json:"complete"` EncodedToken string `json:"encoded_token"` EncodedRootToken string `json:"encoded_root_token"` PGPFingerprint string `json:"pgp_fingerprint"` diff --git a/api/sys_rekey.go b/api/sys_rekey.go index 61002224a52a..8b2d0435d042 100644 --- a/api/sys_rekey.go +++ b/api/sys_rekey.go @@ -177,27 +177,27 @@ type RekeyInitRequest struct { } type RekeyStatusResponse struct { - Nonce string - Started bool - T int - N int - Progress int - Required int + Nonce string `json:"nonce"` + Started bool `json:"started"` + T int `json:"t"` + N int `json:"n"` + Progress int `json:"progress"` + Required int `json:"required"` PGPFingerprints []string `json:"pgp_fingerprints"` - Backup bool + Backup bool `json:"backup"` } type RekeyUpdateResponse struct { - Nonce string - Complete bool - Keys []string + Nonce string `json:"nonce"` + Complete bool `json:"complete"` + Keys []string `json:"keys"` KeysB64 []string `json:"keys_base64"` PGPFingerprints []string `json:"pgp_fingerprints"` - Backup bool + Backup bool `json:"backup"` } type RekeyRetrieveResponse struct { - Nonce string - Keys map[string][]string + Nonce string `json:"nonce"` + Keys map[string][]string `json:"keys"` KeysB64 map[string][]string `json:"keys_base64"` } diff --git a/command/audit_list.go b/command/audit_list.go index 0012426e416b..3a88b908c012 100644 --- a/command/audit_list.go +++ b/command/audit_list.go @@ -44,7 +44,7 @@ Usage: vault audit list [options] } func (c *AuditListCommand) Flags() *FlagSets { - set := c.flagSet(FlagSetHTTP) + set := c.flagSet(FlagSetHTTP | FlagSetOutputFormat) f := set.NewFlagSet("Command Options") @@ -99,13 +99,17 @@ func (c *AuditListCommand) Run(args []string) int { return 0 } - if c.flagDetailed { - c.UI.Output(tableOutput(c.detailedAudits(audits), nil)) + switch Format(c.UI) { + case "table": + if c.flagDetailed { + c.UI.Output(tableOutput(c.detailedAudits(audits), nil)) + return 0 + } + c.UI.Output(tableOutput(c.simpleAudits(audits), nil)) return 0 + default: + return OutputData(c.UI, audits) } - - c.UI.Output(tableOutput(c.simpleAudits(audits), nil)) - return 0 } func (c *AuditListCommand) simpleAudits(audits map[string]*api.Audit) []string { diff --git a/command/auth_list.go b/command/auth_list.go index ff56b8e02242..809540822c6e 100644 --- a/command/auth_list.go +++ b/command/auth_list.go @@ -46,7 +46,7 @@ Usage: vault auth list [options] } func (c *AuthListCommand) Flags() *FlagSets { - set := c.flagSet(FlagSetHTTP) + set := c.flagSet(FlagSetHTTP | FlagSetOutputFormat) f := set.NewFlagSet("Command Options") @@ -55,7 +55,8 @@ func (c *AuthListCommand) Flags() *FlagSets { Target: &c.flagDetailed, Default: false, Usage: "Print detailed information such as configuration and replication " + - "status about each auth method.", + "status about each auth method. This option is only applicable to " + + "table-formatted output.", }) return set @@ -95,13 +96,17 @@ func (c *AuthListCommand) Run(args []string) int { return 2 } - if c.flagDetailed { - c.UI.Output(tableOutput(c.detailedMounts(auths), nil)) + switch Format(c.UI) { + case "table": + if c.flagDetailed { + c.UI.Output(tableOutput(c.detailedMounts(auths), nil)) + return 0 + } + c.UI.Output(tableOutput(c.simpleMounts(auths), nil)) return 0 + default: + return OutputData(c.UI, auths) } - - c.UI.Output(tableOutput(c.simpleMounts(auths), nil)) - return 0 } func (c *AuthListCommand) simpleMounts(auths map[string]*api.AuthMount) []string { diff --git a/command/base.go b/command/base.go index be6925b3e0d8..26c62dd64fdb 100644 --- a/command/base.go +++ b/command/base.go @@ -152,6 +152,11 @@ func (c *BaseCommand) flagSet(bit FlagSetBit) *FlagSets { c.flagsOnce.Do(func() { set := NewFlagSets(c.UI) + // These flag sets will apply to all leaf subcommands. + // TODO: Optional, but FlagSetHTTP can be safely removed from the individual + // Flags() subcommands. + bit = bit | FlagSetHTTP + if bit&FlagSetHTTP != 0 { f := set.NewFlagSet("HTTP Options") @@ -260,7 +265,7 @@ func (c *BaseCommand) flagSet(bit FlagSetBit) *FlagSets { Name: "format", Target: &c.flagFormat, Default: "table", - EnvVar: "VAULT_FORMAT", + EnvVar: EnvVaultFormat, Completion: complete.PredictSet("table", "json", "yaml"), Usage: "Print the output in the given format. Valid formats " + "are \"table\", \"json\", or \"yaml\".", @@ -317,6 +322,11 @@ func (f *FlagSets) Parse(args []string) error { return f.mainSet.Parse(args) } +// Parsed reports whether the command-line flags have been parsed. +func (f *FlagSets) Parsed() bool { + return f.mainSet.Parsed() +} + // Args returns the remaining args after parsing. func (f *FlagSets) Args() []string { return f.mainSet.Args() diff --git a/command/commands.go b/command/commands.go index 7a8204dd9c2c..c80c973a6348 100644 --- a/command/commands.go +++ b/command/commands.go @@ -64,6 +64,13 @@ import ( physZooKeeper "github.com/hashicorp/vault/physical/zookeeper" ) +const ( + // EnvVaultCLINoColor is an env var that toggles colored UI output. + EnvVaultCLINoColor = `VAULT_CLI_NO_COLOR` + // EnvVaultFormat is the output format + EnvVaultFormat = `VAULT_FORMAT` +) + var ( auditBackends = map[string]audit.Factory{ "file": auditFile.Factory, @@ -149,7 +156,9 @@ func (c *DeprecatedCommand) Help() string { // Run wraps the embedded Run command and prints a warning about deprecation. func (c *DeprecatedCommand) Run(args []string) int { - c.warn() + if Format(c.UI) == "table" { + c.warn() + } return c.Command.Run(args) } @@ -166,24 +175,7 @@ func (c *DeprecatedCommand) warn() { var Commands map[string]cli.CommandFactory var DeprecatedCommands map[string]cli.CommandFactory -func init() { - ui := &cli.ColoredUi{ - ErrorColor: cli.UiColorRed, - WarnColor: cli.UiColorYellow, - Ui: &cli.BasicUi{ - Writer: os.Stdout, - ErrorWriter: os.Stderr, - }, - } - - serverCmdUi := &cli.ColoredUi{ - ErrorColor: cli.UiColorRed, - WarnColor: cli.UiColorYellow, - Ui: &cli.BasicUi{ - Writer: os.Stdout, - }, - } - +func initCommands(ui, serverCmdUi cli.Ui) { loginHandlers := map[string]LoginHandler{ "aws": &credAws.CLIHandler{}, "centrify": &credCentrify.CLIHandler{}, @@ -572,7 +564,7 @@ func init() { // Deprecated commands // - // TODO: Remove in 0.9.0 + // TODO: Remove not before 0.11.0 DeprecatedCommands = map[string]cli.CommandFactory{ "audit-disable": func() (cli.Command, error) { return &DeprecatedCommand{ diff --git a/command/format.go b/command/format.go index c1397b3383ac..76d018acd5ca 100644 --- a/command/format.go +++ b/command/format.go @@ -4,6 +4,7 @@ import ( "encoding/json" "errors" "fmt" + "os" "sort" "strings" @@ -19,29 +20,38 @@ const ( hopeDelim = "♨" ) -func OutputSecret(ui cli.Ui, format string, secret *api.Secret) int { - return outputWithFormat(ui, format, secret, secret) +type FormatOptions struct { + Format string } -func OutputList(ui cli.Ui, format string, secret *api.Secret) int { - return outputWithFormat(ui, format, secret, secret.Data["keys"]) +func OutputSecret(ui cli.Ui, secret *api.Secret) int { + return outputWithFormat(ui, secret, secret) } -func outputWithFormat(ui cli.Ui, format string, secret *api.Secret, data interface{}) int { - // If we had a colored UI, pull out the nested ui so we don't add escape - // sequences for outputting json, etc. - colorUI, ok := ui.(*cli.ColoredUi) - if ok { - ui = colorUI.Ui +func OutputList(ui cli.Ui, data interface{}) int { + switch data.(type) { + case *api.Secret: + secret := data.(*api.Secret) + return outputWithFormat(ui, secret, secret.Data["keys"]) + default: + return outputWithFormat(ui, nil, data) } +} + +func OutputData(ui cli.Ui, data interface{}) int { + return outputWithFormat(ui, nil, data) +} - formatter, ok := Formatters[strings.ToLower(format)] +func outputWithFormat(ui cli.Ui, secret *api.Secret, data interface{}) int { + format := Format(ui) + formatter, ok := Formatters[format] if !ok { ui.Error(fmt.Sprintf("Invalid output format: %s", format)) return 1 } + if err := formatter.Output(ui, secret, data); err != nil { - ui.Error(fmt.Sprintf("Could not output secret: %s", err.Error())) + ui.Error(fmt.Sprintf("Could not parse output: %s", err.Error())) return 1 } return 0 @@ -58,6 +68,22 @@ var Formatters = map[string]Formatter{ "yml": YamlFormatter{}, } +func format() string { + format := os.Getenv(EnvVaultFormat) + if format == "" { + format = "table" + } + return format +} + +func Format(ui cli.Ui) string { + switch ui.(type) { + case *VaultUI: + return ui.(*VaultUI).format + } + return format() +} + // An output formatter for json output of an object type JsonFormatter struct{} @@ -87,19 +113,32 @@ type TableFormatter struct { } func (t TableFormatter) Output(ui cli.Ui, secret *api.Secret, data interface{}) error { - // TODO: this should really use reflection like the other formatters do - if s, ok := data.(*api.Secret); ok { - return t.OutputSecret(ui, s) - } - if s, ok := data.([]interface{}); ok { - return t.OutputList(ui, secret, s) + switch data.(type) { + case *api.Secret: + return t.OutputSecret(ui, secret) + case []interface{}: + return t.OutputList(ui, secret, data) + case []string: + return t.OutputList(ui, nil, data) + default: + return errors.New("Cannot use the table formatter for this type") } - return errors.New("Cannot use the table formatter for this type") } -func (t TableFormatter) OutputList(ui cli.Ui, secret *api.Secret, list []interface{}) error { +func (t TableFormatter) OutputList(ui cli.Ui, secret *api.Secret, data interface{}) error { t.printWarnings(ui, secret) + switch data.(type) { + case []interface{}: + case []string: + ui.Output(tableOutput(data.([]string), nil)) + return nil + default: + return errors.New("Error: table formatter cannot output list for this data type") + } + + list := data.([]interface{}) + if len(list) > 0 { keys := make([]string, len(list)) for i, v := range list { @@ -208,7 +247,14 @@ func (t TableFormatter) OutputSecret(ui cli.Ui, secret *api.Secret) error { return nil } +// OutputSealStatus will print *api.SealStatusResponse in the CLI according to the format provided func OutputSealStatus(ui cli.Ui, client *api.Client, status *api.SealStatusResponse) int { + switch Format(ui) { + case "table": + default: + return OutputData(ui, status) + } + var sealPrefix string if status.RecoverySeal { sealPrefix = "Recovery " diff --git a/command/format_test.go b/command/format_test.go index 44020a1aa663..b97ca27315c6 100644 --- a/command/format_test.go +++ b/command/format_test.go @@ -1,6 +1,7 @@ package command import ( + "os" "strings" "testing" @@ -30,8 +31,9 @@ func (m mockUi) Error(s string) { m.t.Log(s) } func (m mockUi) Warn(s string) { m.t.Log(s) } func TestJsonFormatter(t *testing.T) { + os.Setenv(EnvVaultFormat, "json") ui := mockUi{t: t, SampleData: "something"} - if err := outputWithFormat(ui, "json", nil, ui); err != 0 { + if err := outputWithFormat(ui, nil, ui); err != 0 { t.Fatal(err) } var newUi mockUi @@ -46,8 +48,9 @@ func TestJsonFormatter(t *testing.T) { } func TestYamlFormatter(t *testing.T) { + os.Setenv(EnvVaultFormat, "yaml") ui := mockUi{t: t, SampleData: "something"} - if err := outputWithFormat(ui, "yaml", nil, ui); err != 0 { + if err := outputWithFormat(ui, nil, ui); err != 0 { t.Fatal(err) } var newUi mockUi @@ -63,12 +66,68 @@ func TestYamlFormatter(t *testing.T) { } func TestTableFormatter(t *testing.T) { + os.Setenv(EnvVaultFormat, "table") ui := mockUi{t: t} s := api.Secret{Data: map[string]interface{}{"k": "something"}} - if err := outputWithFormat(ui, "table", &s, &s); err != 0 { + if err := outputWithFormat(ui, &s, &s); err != 0 { t.Fatal(err) } if !strings.Contains(output, "something") { t.Fatal("did not find 'something'") } } + +func Test_Format_Parsing(t *testing.T) { + defer func() { + os.Setenv(EnvVaultCLINoColor, "") + os.Setenv(EnvVaultFormat, "") + }() + + cases := []struct { + name string + args []string + out string + code int + }{ + { + "format", + []string{"-format", "json"}, + "{", + 0, + }, + { + "format_bad", + []string{"-format", "nope-not-real"}, + "Invalid output format", + 1, + }, + } + + for _, tc := range cases { + tc := tc + + t.Run(tc.name, func(t *testing.T) { + client, closer := testVaultServer(t) + defer closer() + + // Login with the token so we can renew-self. + token, _ := testTokenAndAccessor(t, client) + client.SetToken(token) + + ui, cmd := testTokenRenewCommand(t) + cmd.client = client + + tc.args = setupEnv(tc.args) + + code := cmd.Run(tc.args) + if code != tc.code { + t.Errorf("expected %d to be %d", code, tc.code) + } + + combined := ui.OutputWriter.String() + ui.ErrorWriter.String() + if !strings.Contains(combined, tc.out) { + t.Errorf("expected %q to contain %q", combined, tc.out) + } + }) + } +} diff --git a/command/lease_renew.go b/command/lease_renew.go index 4dd2e1c573c0..c12f53d2e883 100644 --- a/command/lease_renew.go +++ b/command/lease_renew.go @@ -123,5 +123,5 @@ func (c *LeaseRenewCommand) Run(args []string) int { return 2 } - return OutputSecret(c.UI, c.flagFormat, secret) + return OutputSecret(c.UI, secret) } diff --git a/command/lease_renew_test.go b/command/lease_renew_test.go index 166e5156be6b..aa3b32d0d8b3 100644 --- a/command/lease_renew_test.go +++ b/command/lease_renew_test.go @@ -74,18 +74,6 @@ func TestLeaseRenewCommand_Run(t *testing.T) { "foo", 0, }, - { - "format", - []string{"-format", "json"}, - "{", - 0, - }, - { - "format_bad", - []string{"-format", "nope-not-real"}, - "Invalid output format", - 1, - }, } t.Run("group", func(t *testing.T) { diff --git a/command/list.go b/command/list.go index ecfa0acb5646..151b46fc5b5e 100644 --- a/command/list.go +++ b/command/list.go @@ -89,7 +89,7 @@ func (c *ListCommand) Run(args []string) int { // If the secret is wrapped, return the wrapped response. if secret.WrapInfo != nil && secret.WrapInfo.TTL != 0 { - return OutputSecret(c.UI, c.flagFormat, secret) + return OutputSecret(c.UI, secret) } if _, ok := extractListData(secret); !ok { @@ -97,5 +97,5 @@ func (c *ListCommand) Run(args []string) int { return 2 } - return OutputList(c.UI, c.flagFormat, secret) + return OutputList(c.UI, secret) } diff --git a/command/list_test.go b/command/list_test.go index e5a77c532bb1..375f9a82afb4 100644 --- a/command/list_test.go +++ b/command/list_test.go @@ -57,24 +57,6 @@ func TestListCommand_Run(t *testing.T) { "bar\nbaz\nfoo", 0, }, - { - "format", - []string{ - "-format", "json", - "secret/list/", - }, - "[", - 0, - }, - { - "format_bad", - []string{ - "-format", "nope-not-real", - "secret/list/", - }, - "Invalid output format", - 1, - }, } t.Run("validations", func(t *testing.T) { diff --git a/command/login.go b/command/login.go index 564b893bb899..2aeb5f62e993 100644 --- a/command/login.go +++ b/command/login.go @@ -274,7 +274,7 @@ func (c *LoginCommand) Run(args []string) int { return PrintRawField(c.UI, secret, "wrapping_token") } if c.flagNoStore { - return OutputSecret(c.UI, c.flagFormat, secret) + return OutputSecret(c.UI, secret) } } @@ -308,7 +308,7 @@ func (c *LoginCommand) Run(args []string) int { c.UI.Error(wrapAtLength( "Authentication was successful, but the token was not persisted. The "+ "resulting token is shown below for your records.") + "\n") - OutputSecret(c.UI, c.flagFormat, secret) + OutputSecret(c.UI, secret) return 2 } @@ -335,7 +335,7 @@ func (c *LoginCommand) Run(args []string) int { } // Print some yay! text, but only in table mode. - if c.flagFormat == "table" { + if Format(c.UI) == "table" { c.UI.Output(wrapAtLength( "Success! You are now authenticated. The token information displayed "+ "below is already stored in the token helper. You do NOT need to run "+ @@ -343,7 +343,7 @@ func (c *LoginCommand) Run(args []string) int { "this token.") + "\n") } - return OutputSecret(c.UI, c.flagFormat, secret) + return OutputSecret(c.UI, secret) } // extractToken extracts the token from the given secret, automatically diff --git a/command/main.go b/command/main.go index 6cc9d43da41c..824b80fa6cd2 100644 --- a/command/main.go +++ b/command/main.go @@ -10,11 +10,36 @@ import ( "text/tabwriter" "github.com/mitchellh/cli" + "golang.org/x/crypto/ssh/terminal" ) -func Run(args []string) int { - // Handle -v shorthand +type VaultUI struct { + cli.Ui + isTerminal bool + format string +} + +func (u *VaultUI) Output(m string) { + if u.isTerminal { + u.Ui.Output(m) + } else { + getWriterFromUI(u.Ui).Write([]byte(m)) + } +} + +// setupEnv parses args and may replace them and sets some env vars to known +// values based on format options +func setupEnv(args []string) []string { + var format string + var nextArgFormat bool + for _, arg := range args { + if nextArgFormat { + nextArgFormat = false + format = arg + continue + } + if arg == "--" { break } @@ -23,8 +48,87 @@ func Run(args []string) int { args = []string{"version"} break } + + // Parse a given flag here, which overrides the env var + if strings.HasPrefix(arg, "--format=") { + format = strings.TrimPrefix(arg, "--format=") + } + if strings.HasPrefix(arg, "-format=") { + format = strings.TrimPrefix(arg, "-format=") + } + // For backwards compat, it could be specified without an equal sign + if arg == "-format" || arg == "--format" { + nextArgFormat = true + } + } + + envVaultFormat := os.Getenv(EnvVaultFormat) + // If we did not parse a value, fetch the env var + if format == "" && envVaultFormat != "" { + format = envVaultFormat + } + // Lowercase for consistency + format = strings.ToLower(format) + if format == "" { + format = "table" + } + // Put back into the env for later + os.Setenv(EnvVaultFormat, format) + + return args +} + +func Run(args []string) int { + args = setupEnv(args) + + // Don't use color if disabled + color := true + if os.Getenv(EnvVaultCLINoColor) != "" { + color = false + } + + format := format() + + isTerminal := terminal.IsTerminal(int(os.Stdout.Fd())) + + ui := &VaultUI{ + Ui: &cli.BasicUi{ + Writer: os.Stdout, + ErrorWriter: os.Stderr, + }, + isTerminal: isTerminal, + format: format, + } + serverCmdUi := &VaultUI{ + Ui: &cli.BasicUi{ + Writer: os.Stdout, + }, + isTerminal: isTerminal, + format: format, + } + + if _, ok := Formatters[format]; !ok { + ui.Error(fmt.Sprintf("Invalid output format: %s", format)) + return 1 + } + + // Only use colored UI if stdoout is a tty, and not disabled + if isTerminal && color && format == "table" { + ui.Ui = &cli.ColoredUi{ + ErrorColor: cli.UiColorRed, + WarnColor: cli.UiColorYellow, + Ui: ui.Ui, + } + + serverCmdUi.Ui = &cli.ColoredUi{ + ErrorColor: cli.UiColorRed, + WarnColor: cli.UiColorYellow, + Ui: serverCmdUi.Ui, + } } + initCommands(ui, serverCmdUi) + // Calculate hidden commands from the deprecated ones hiddenCommands := make([]string, 0, len(DeprecatedCommands)+1) for k := range DeprecatedCommands { diff --git a/command/operator_generate_root.go b/command/operator_generate_root.go index 1329343b7ce4..693aff3419b6 100644 --- a/command/operator_generate_root.go +++ b/command/operator_generate_root.go @@ -82,7 +82,7 @@ Usage: vault operator generate-root [options] [KEY] } func (c *OperatorGenerateRootCommand) Flags() *FlagSets { - set := c.flagSet(FlagSetHTTP) + set := c.flagSet(FlagSetHTTP | FlagSetOutputFormat) f := set.NewFlagSet("Command Options") @@ -337,7 +337,13 @@ func (c *OperatorGenerateRootCommand) init(client *api.Client, otp, pgpKey strin c.UI.Error(fmt.Sprintf("Error initializing root generation: %s", err)) return 2 } - return c.printStatus(status) + + switch Format(c.UI) { + case "table": + return c.printStatus(status) + default: + return OutputData(c.UI, status) + } } // provide prompts the user for the seal key and posts it to the update root @@ -428,7 +434,12 @@ func (c *OperatorGenerateRootCommand) provide(client *api.Client, key string, dr c.UI.Error(fmt.Sprintf("Error posting unseal key: %s", err)) return 2 } - return c.printStatus(status) + switch Format(c.UI) { + case "table": + return c.printStatus(status) + default: + return OutputData(c.UI, status) + } } // cancel cancels the root token generation @@ -456,7 +467,12 @@ func (c *OperatorGenerateRootCommand) status(client *api.Client, drToken bool) i c.UI.Error(fmt.Sprintf("Error getting root generation status: %s", err)) return 2 } - return c.printStatus(status) + switch Format(c.UI) { + case "table": + return c.printStatus(status) + default: + return OutputData(c.UI, status) + } } // printStatus dumps the status to output diff --git a/command/operator_generate_root_test.go b/command/operator_generate_root_test.go index ad5e67e23962..5050218a3818 100644 --- a/command/operator_generate_root_test.go +++ b/command/operator_generate_root_test.go @@ -1,7 +1,10 @@ +// +build !race + package command import ( "io" + "os" "regexp" "strings" "testing" @@ -129,6 +132,14 @@ func TestOperatorGenerateRootCommand_Run(t *testing.T) { ui, cmd := testOperatorGenerateRootCommand(t) + // Simulate piped output to print raw output + old := os.Stdout + _, w, err := os.Pipe() + if err != nil { + t.Fatal(err) + } + os.Stdout = w + code := cmd.Run([]string{ "-decode", encoded, "-otp", otp, @@ -137,6 +148,9 @@ func TestOperatorGenerateRootCommand_Run(t *testing.T) { t.Errorf("expected %d to be %d", code, exp) } + w.Close() + os.Stdout = old + expected := "5b54841c-c705-e59c-c6e4-a22b48e4b2cf" combined := ui.OutputWriter.String() + ui.ErrorWriter.String() if combined != expected { diff --git a/command/operator_init.go b/command/operator_init.go index 80a23de07d11..07651148596b 100644 --- a/command/operator_init.go +++ b/command/operator_init.go @@ -1,13 +1,11 @@ package command import ( - "encoding/json" "fmt" "net/url" "runtime" "strings" - "github.com/ghodss/yaml" "github.com/hashicorp/vault/api" "github.com/hashicorp/vault/helper/pgpkeys" "github.com/mitchellh/cli" @@ -434,15 +432,10 @@ func (c *OperatorInitCommand) init(client *api.Client, req *api.InitRequest) int return 2 } - switch c.flagFormat { - case "yaml", "yml": - return c.initOutputYAML(req, resp) - case "json": - return c.initOutputJSON(req, resp) + switch Format(c.UI) { case "table": default: - c.UI.Error(fmt.Sprintf("Unknown format: %s", c.flagFormat)) - return 1 + return OutputData(c.UI, newMachineInit(req, resp)) } for i, key := range resp.Keys { @@ -503,26 +496,6 @@ func (c *OperatorInitCommand) init(client *api.Client, req *api.InitRequest) int return 0 } -// initOutputYAML outputs the init output as YAML. -func (c *OperatorInitCommand) initOutputYAML(req *api.InitRequest, resp *api.InitResponse) int { - b, err := yaml.Marshal(newMachineInit(req, resp)) - if err != nil { - c.UI.Error(fmt.Sprintf("Error marshaling YAML: %s", err)) - return 2 - } - return PrintRaw(c.UI, strings.TrimSpace(string(b))) -} - -// initOutputJSON outputs the init output as JSON. -func (c *OperatorInitCommand) initOutputJSON(req *api.InitRequest, resp *api.InitResponse) int { - b, err := json.Marshal(newMachineInit(req, resp)) - if err != nil { - c.UI.Error(fmt.Sprintf("Error marshaling JSON: %s", err)) - return 2 - } - return PrintRaw(c.UI, strings.TrimSpace(string(b))) -} - // status inspects the init status of vault and returns an appropriate error // code and message. func (c *OperatorInitCommand) status(client *api.Client) int { diff --git a/command/operator_key_status.go b/command/operator_key_status.go index 6558290ca74c..c5b61c8c0a8e 100644 --- a/command/operator_key_status.go +++ b/command/operator_key_status.go @@ -32,7 +32,7 @@ Usage: vault operator key-status [options] } func (c *OperatorKeyStatusCommand) Flags() *FlagSets { - return c.flagSet(FlagSetHTTP) + return c.flagSet(FlagSetHTTP | FlagSetOutputFormat) } func (c *OperatorKeyStatusCommand) AutocompleteArgs() complete.Predictor { @@ -69,6 +69,11 @@ func (c *OperatorKeyStatusCommand) Run(args []string) int { return 2 } - c.UI.Output(printKeyStatus(status)) - return 0 + switch Format(c.UI) { + case "table": + c.UI.Output(printKeyStatus(status)) + return 0 + default: + return OutputData(c.UI, status) + } } diff --git a/command/operator_rekey.go b/command/operator_rekey.go index dd713f157f33..972676fcf2bf 100644 --- a/command/operator_rekey.go +++ b/command/operator_rekey.go @@ -96,7 +96,7 @@ Usage: vault rekey [options] [KEY] } func (c *OperatorRekeyCommand) Flags() *FlagSets { - set := c.flagSet(FlagSetHTTP) + set := c.flagSet(FlagSetHTTP | FlagSetOutputFormat) f := set.NewFlagSet("Common Options") @@ -534,7 +534,7 @@ func (c *OperatorRekeyCommand) backupRetrieve(client *api.Client) int { Data: structs.New(storedKeys).Map(), } - return OutputSecret(c.UI, "table", secret) + return OutputSecret(c.UI, secret) } // backupDelete deletes the stored backup keys. @@ -579,11 +579,22 @@ func (c *OperatorRekeyCommand) printStatus(status *api.RekeyStatusResponse) int out = append(out, fmt.Sprintf("Backup | %t", status.Backup)) } - c.UI.Output(tableOutput(out, nil)) - return 0 + switch Format(c.UI) { + case "table": + c.UI.Output(tableOutput(out, nil)) + return 0 + default: + return OutputData(c.UI, status) + } } func (c *OperatorRekeyCommand) printUnsealKeys(status *api.RekeyStatusResponse, resp *api.RekeyUpdateResponse) int { + switch Format(c.UI) { + case "table": + default: + return OutputData(c.UI, resp) + } + // Space between the key prompt, if any, and the output c.UI.Output("") diff --git a/command/operator_unseal.go b/command/operator_unseal.go index e2957647d1e9..c93a272ada2e 100644 --- a/command/operator_unseal.go +++ b/command/operator_unseal.go @@ -50,7 +50,7 @@ Usage: vault operator unseal [options] [KEY] } func (c *OperatorUnsealCommand) Flags() *FlagSets { - set := c.flagSet(FlagSetHTTP) + set := c.flagSet(FlagSetHTTP | FlagSetOutputFormat) f := set.NewFlagSet("Command Options") diff --git a/command/operator_unseal_test.go b/command/operator_unseal_test.go index e2222fc73b2d..aa6afe694307 100644 --- a/command/operator_unseal_test.go +++ b/command/operator_unseal_test.go @@ -1,7 +1,9 @@ package command import ( + "encoding/json" "io/ioutil" + "os" "strings" "testing" @@ -138,3 +140,36 @@ func TestOperatorUnsealCommand_Run(t *testing.T) { assertNoTabs(t, cmd) }) } + +func TestOperatorUnsealCommand_Format(t *testing.T) { + defer func() { + os.Setenv(EnvVaultFormat, "") + os.Setenv(EnvVaultCLINoColor, "") + }() + + client, keys, closer := testVaultServerUnseal(t) + defer closer() + + // Seal so we can unseal + if err := client.Sys().Seal(); err != nil { + t.Fatal(err) + } + + ui, cmd := testOperatorUnsealCommand(t) + cmd.client = client + cmd.testOutput = ioutil.Discard + + args := setupEnv([]string{"-format", "json"}) + + // Unseal with one key + code := cmd.Run(append(args, []string{ + keys[0], + }...)) + if exp := 0; code != exp { + t.Errorf("expected %d to be %d: %s", code, exp, ui.ErrorWriter.String()) + } + + if !json.Valid(ui.OutputWriter.Bytes()) { + t.Error("expected output to be valid JSON") + } +} diff --git a/command/policies_deprecated.go b/command/policies_deprecated.go index b7b5f5cf17a1..427efa9bc04c 100644 --- a/command/policies_deprecated.go +++ b/command/policies_deprecated.go @@ -29,6 +29,7 @@ func (c *PoliciesDeprecatedCommand) Run(args []string) int { c.UI.Error(err.Error()) return 1 } + args = f.Args() // Got an arg, this is trying to read a policy diff --git a/command/policy_list.go b/command/policy_list.go index 1a61136ff1ef..43bd5287da14 100644 --- a/command/policy_list.go +++ b/command/policy_list.go @@ -31,7 +31,7 @@ Usage: vault policy list [options] } func (c *PolicyListCommand) Flags() *FlagSets { - return c.flagSet(FlagSetHTTP) + return c.flagSet(FlagSetHTTP | FlagSetOutputFormat) } func (c *PolicyListCommand) AutocompleteArgs() complete.Predictor { @@ -68,9 +68,14 @@ func (c *PolicyListCommand) Run(args []string) int { c.UI.Error(fmt.Sprintf("Error listing policies: %s", err)) return 2 } - for _, p := range policies { - c.UI.Output(p) - } - return 0 + switch Format(c.UI) { + case "table": + for _, p := range policies { + c.UI.Output(p) + } + return 0 + default: + return OutputData(c.UI, policies) + } } diff --git a/command/policy_read.go b/command/policy_read.go index 324615935a84..d10a5d1027e7 100644 --- a/command/policy_read.go +++ b/command/policy_read.go @@ -36,7 +36,7 @@ Usage: vault policy read [options] [NAME] } func (c *PolicyReadCommand) Flags() *FlagSets { - return c.flagSet(FlagSetHTTP) + return c.flagSet(FlagSetHTTP | FlagSetOutputFormat) } func (c *PolicyReadCommand) AutocompleteArgs() complete.Predictor { @@ -81,7 +81,15 @@ func (c *PolicyReadCommand) Run(args []string) int { c.UI.Error(fmt.Sprintf("No policy named: %s", name)) return 2 } - c.UI.Output(strings.TrimSpace(rules)) - return 0 + switch Format(c.UI) { + case "table": + c.UI.Output(strings.TrimSpace(rules)) + return 0 + default: + resp := map[string]string{ + "policy": rules, + } + return OutputData(c.UI, &resp) + } } diff --git a/command/read.go b/command/read.go index 6dc2b5337bc7..47d8e707444b 100644 --- a/command/read.go +++ b/command/read.go @@ -90,5 +90,5 @@ func (c *ReadCommand) Run(args []string) int { return PrintRawField(c.UI, secret, c.flagField) } - return OutputSecret(c.UI, c.flagFormat, secret) + return OutputSecret(c.UI, secret) } diff --git a/command/read_test.go b/command/read_test.go index 1a45ed28a689..8e2c50f2d46f 100644 --- a/command/read_test.go +++ b/command/read_test.go @@ -69,24 +69,6 @@ func TestReadCommand_Run(t *testing.T) { "not present in secret", 1, }, - { - "format", - []string{ - "-format", "json", - "secret/read/foo", - }, - "{", - 0, - }, - { - "format_bad", - []string{ - "-format", "nope-not-real", - "secret/read/foo", - }, - "Invalid output format", - 1, - }, } t.Run("validations", func(t *testing.T) { diff --git a/command/rotate.go b/command/rotate.go index 77bc0602b731..4eca04adf7c4 100644 --- a/command/rotate.go +++ b/command/rotate.go @@ -44,7 +44,7 @@ Usage: vault rotate [options] } func (c *OperatorRotateCommand) Flags() *FlagSets { - return c.flagSet(FlagSetHTTP) + return c.flagSet(FlagSetHTTP | FlagSetOutputFormat) } func (c *OperatorRotateCommand) AutocompleteArgs() complete.Predictor { @@ -89,8 +89,13 @@ func (c *OperatorRotateCommand) Run(args []string) int { return 2 } - c.UI.Output("Success! Rotated key") - c.UI.Output("") - c.UI.Output(printKeyStatus(status)) - return 0 + switch Format(c.UI) { + case "table": + c.UI.Output("Success! Rotated key") + c.UI.Output("") + c.UI.Output(printKeyStatus(status)) + return 0 + default: + return OutputData(c.UI, status) + } } diff --git a/command/secrets_list.go b/command/secrets_list.go index f50f61808533..17f52fd9ad60 100644 --- a/command/secrets_list.go +++ b/command/secrets_list.go @@ -47,7 +47,7 @@ Usage: vault secrets list [options] } func (c *SecretsListCommand) Flags() *FlagSets { - set := c.flagSet(FlagSetHTTP) + set := c.flagSet(FlagSetHTTP | FlagSetOutputFormat) f := set.NewFlagSet("Command Options") @@ -96,13 +96,17 @@ func (c *SecretsListCommand) Run(args []string) int { return 2 } - if c.flagDetailed { - c.UI.Output(tableOutput(c.detailedMounts(mounts), nil)) + switch Format(c.UI) { + case "table": + if c.flagDetailed { + c.UI.Output(tableOutput(c.detailedMounts(mounts), nil)) + return 0 + } + c.UI.Output(tableOutput(c.simpleMounts(mounts), nil)) return 0 + default: + return OutputData(c.UI, mounts) } - - c.UI.Output(tableOutput(c.simpleMounts(mounts), nil)) - return 0 } func (c *SecretsListCommand) simpleMounts(mounts map[string]*api.MountOutput) []string { diff --git a/command/ssh.go b/command/ssh.go index b0e43a7070cb..d36aac4ba902 100644 --- a/command/ssh.go +++ b/command/ssh.go @@ -386,10 +386,10 @@ func (c *SSHCommand) handleTypeCA(username, hostname, ip string, sshArgs []strin // Handle no-exec if c.flagNoExec { - if c.flagFormat != "" { + if c.flagField != "" { return PrintRawField(c.UI, secret, c.flagField) } - return OutputSecret(c.UI, c.flagFormat, secret) + return OutputSecret(c.UI, secret) } // Extract public key @@ -490,10 +490,10 @@ func (c *SSHCommand) handleTypeOTP(username, ip string, sshArgs []string) int { // Handle no-exec if c.flagNoExec { - if c.flagFormat != "" { + if c.flagField != "" { return PrintRawField(c.UI, secret, c.flagField) } - return OutputSecret(c.UI, c.flagFormat, secret) + return OutputSecret(c.UI, secret) } var cmd *exec.Cmd @@ -572,10 +572,10 @@ func (c *SSHCommand) handleTypeDynamic(username, ip string, sshArgs []string) in // Handle no-exec if c.flagNoExec { - if c.flagFormat != "" { + if c.flagField != "" { return PrintRawField(c.UI, secret, c.flagField) } - return OutputSecret(c.UI, c.flagFormat, secret) + return OutputSecret(c.UI, secret) } // Write the dynamic key to disk diff --git a/command/status.go b/command/status.go index b31b093c17e9..0e6be18f75aa 100644 --- a/command/status.go +++ b/command/status.go @@ -39,7 +39,7 @@ Usage: vault status [options] } func (c *StatusCommand) Flags() *FlagSets { - return c.flagSet(FlagSetHTTP) + return c.flagSet(FlagSetHTTP | FlagSetOutputFormat) } func (c *StatusCommand) AutocompleteArgs() complete.Predictor { @@ -77,13 +77,13 @@ func (c *StatusCommand) Run(args []string) int { return 1 } - // Do not return the int here, since we want to return a custom error code - // depending on the seal status. - OutputSealStatus(c.UI, client, status) + // Do not return the int here yet, since we may want to return a custom error + // code depending on the seal status. + code := OutputSealStatus(c.UI, client, status) if status.Sealed { return 2 } - return 0 + return code } diff --git a/command/token_capabilities.go b/command/token_capabilities.go index 3212546b430b..68ec32af18a0 100644 --- a/command/token_capabilities.go +++ b/command/token_capabilities.go @@ -45,7 +45,7 @@ Usage: vault token capabilities [options] [TOKEN] PATH } func (c *TokenCapabilitiesCommand) Flags() *FlagSets { - return c.flagSet(FlagSetHTTP) + return c.flagSet(FlagSetHTTP | FlagSetOutputFormat) } func (c *TokenCapabilitiesCommand) AutocompleteArgs() complete.Predictor { @@ -94,7 +94,12 @@ func (c *TokenCapabilitiesCommand) Run(args []string) int { return 2 } - sort.Strings(capabilities) - c.UI.Output(strings.Join(capabilities, ", ")) - return 0 + switch Format(c.UI) { + case "table": + sort.Strings(capabilities) + c.UI.Output(strings.Join(capabilities, ", ")) + return 0 + default: + return OutputData(c.UI, capabilities) + } } diff --git a/command/token_create.go b/command/token_create.go index a75a6066ff22..738030406ee8 100644 --- a/command/token_create.go +++ b/command/token_create.go @@ -246,5 +246,5 @@ func (c *TokenCreateCommand) Run(args []string) int { return PrintRawField(c.UI, secret, c.flagField) } - return OutputSecret(c.UI, c.flagFormat, secret) + return OutputSecret(c.UI, secret) } diff --git a/command/token_create_test.go b/command/token_create_test.go index ec0cc79fb59a..1fd11b1e9f84 100644 --- a/command/token_create_test.go +++ b/command/token_create_test.go @@ -68,22 +68,6 @@ func TestTokenCreateCommand_Run(t *testing.T) { "not present in secret", 1, }, - { - "format", - []string{ - "-format", "json", - }, - "{", - 0, - }, - { - "format_bad", - []string{ - "-format", "nope-not-real", - }, - "Invalid output format", - 1, - }, } t.Run("validations", func(t *testing.T) { diff --git a/command/token_lookup.go b/command/token_lookup.go index 2c885eaee9bb..83b65f574e5c 100644 --- a/command/token_lookup.go +++ b/command/token_lookup.go @@ -124,5 +124,5 @@ func (c *TokenLookupCommand) Run(args []string) int { return 2 } - return OutputSecret(c.UI, c.flagFormat, secret) + return OutputSecret(c.UI, secret) } diff --git a/command/token_lookup_test.go b/command/token_lookup_test.go index eeeaefd2b335..e027b3f7c97b 100644 --- a/command/token_lookup_test.go +++ b/command/token_lookup_test.go @@ -45,18 +45,6 @@ func TestTokenLookupCommand_Run(t *testing.T) { "Too many arguments", 1, }, - { - "format", - []string{"-format", "json"}, - "{", - 0, - }, - { - "format_bad", - []string{"-format", "nope-not-real"}, - "Invalid output format", - 1, - }, } t.Run("validations", func(t *testing.T) { diff --git a/command/token_renew.go b/command/token_renew.go index 6505ce328dab..7e7f00775bc8 100644 --- a/command/token_renew.go +++ b/command/token_renew.go @@ -132,5 +132,5 @@ func (c *TokenRenewCommand) Run(args []string) int { return 2 } - return OutputSecret(c.UI, c.flagFormat, secret) + return OutputSecret(c.UI, secret) } diff --git a/command/token_renew_test.go b/command/token_renew_test.go index 2c36412932de..4ed9a4d6dc47 100644 --- a/command/token_renew_test.go +++ b/command/token_renew_test.go @@ -53,18 +53,6 @@ func TestTokenRenewCommand_Run(t *testing.T) { "", 0, }, - { - "format", - []string{"-format", "json"}, - "{", - 0, - }, - { - "format_bad", - []string{"-format", "nope-not-real"}, - "Invalid output format", - 1, - }, } t.Run("validations", func(t *testing.T) { diff --git a/command/unwrap.go b/command/unwrap.go index 824676838338..dbb8b46d17a9 100644 --- a/command/unwrap.go +++ b/command/unwrap.go @@ -100,7 +100,7 @@ func (c *UnwrapCommand) Run(args []string) int { // Check if the original was a list response and format as a list if _, ok := extractListData(secret); ok { - return OutputList(c.UI, c.flagFormat, secret) + return OutputList(c.UI, secret) } - return OutputSecret(c.UI, c.flagFormat, secret) + return OutputSecret(c.UI, secret) } diff --git a/command/unwrap_test.go b/command/unwrap_test.go index 2d90d47d42d8..9da77a502639 100644 --- a/command/unwrap_test.go +++ b/command/unwrap_test.go @@ -65,18 +65,6 @@ func TestUnwrapCommand_Run(t *testing.T) { "not present in secret", 1, }, - { - "format", - []string{"-format", "json"}, - "{", - 0, - }, - { - "format_bad", - []string{"-format", "nope-not-real"}, - "Invalid output format", - 1, - }, } t.Run("validations", func(t *testing.T) { diff --git a/command/util.go b/command/util.go index a51999205fe9..f6268d392771 100644 --- a/command/util.go +++ b/command/util.go @@ -115,6 +115,8 @@ func PrintRaw(ui cli.Ui, str string) int { // type, this falls back to os.Stdout. func getWriterFromUI(ui cli.Ui) io.Writer { switch t := ui.(type) { + case *VaultUI: + return getWriterFromUI(t.Ui) case *cli.BasicUi: return t.Writer case *cli.ColoredUi: diff --git a/command/write.go b/command/write.go index ed25ba6ce72e..05766f83626f 100644 --- a/command/write.go +++ b/command/write.go @@ -135,7 +135,7 @@ func (c *WriteCommand) Run(args []string) int { } if secret == nil { // Don't output anything unless using the "table" format - if c.flagFormat == "table" { + if Format(c.UI) == "table" { c.UI.Info(fmt.Sprintf("Success! Data written to: %s", path)) } return 0 @@ -146,5 +146,5 @@ func (c *WriteCommand) Run(args []string) int { return PrintRawField(c.UI, secret, c.flagField) } - return OutputSecret(c.UI, c.flagFormat, secret) + return OutputSecret(c.UI, secret) } diff --git a/website/source/docs/commands/audit/list.html.md b/website/source/docs/commands/audit/list.html.md index cbcf0b3deb91..5b06227199e9 100644 --- a/website/source/docs/commands/audit/list.html.md +++ b/website/source/docs/commands/audit/list.html.md @@ -37,5 +37,13 @@ file/ file n/a replicated file_path=/var/log/audit.log The following flags are available in addition to the [standard set of flags](/docs/commands/index.html) included on all commands. +### Output Options + +- `-format` `(string: "table")` - Print the output in the given format. Valid + formats are "table", "json", or "yaml". This can also be specified via the + `VAULT_FORMAT` environment variable. + +### Command Options + - `-detailed` `(bool: false)` - Print detailed information such as options and replication status about each auth device. diff --git a/website/source/docs/commands/auth/list.html.md b/website/source/docs/commands/auth/list.html.md index 27d8d803639f..45b557c0fcf5 100644 --- a/website/source/docs/commands/auth/list.html.md +++ b/website/source/docs/commands/auth/list.html.md @@ -39,5 +39,13 @@ userpass/ userpass auth_userpass_eea6507e n/a system syst The following flags are available in addition to the [standard set of flags](/docs/commands/index.html) included on all commands. +### Output Options + +- `-format` `(string: "table")` - Print the output in the given format. Valid + formats are "table", "json", or "yaml". This can also be specified via the + `VAULT_FORMAT` environment variable. + +### Command Options + - `-detailed` `(bool: false)` - Print detailed information such as configuration and replication status about each auth method. diff --git a/website/source/docs/commands/index.html.md b/website/source/docs/commands/index.html.md index f9b218bf6553..95cf761e9ace 100644 --- a/website/source/docs/commands/index.html.md +++ b/website/source/docs/commands/index.html.md @@ -212,6 +212,10 @@ model](/docs/internals/security.html). Name to use as the SNI host when connecting via TLS. +### `VAULT_CLI_NO_COLOR` + +If provided, Vault output will not include ANSI color escape sequence characters. + ### `VAULT_MFA` **ENTERPRISE ONLY** diff --git a/website/source/docs/commands/login.html.md b/website/source/docs/commands/login.html.md index c3a1ddbb8fe9..800e49a37a20 100644 --- a/website/source/docs/commands/login.html.md +++ b/website/source/docs/commands/login.html.md @@ -89,13 +89,13 @@ flags](/docs/commands/index.html) included on all commands. - `-field` `(string: "")` - Print only the field with the given name. Specifying this option will take precedence over other formatting directives. The result - will not have a trailing newline making it idea for piping to other processes. + will not have a trailing newline making it ideal for piping to other processes. - `-format` `(string: "table")` - Print the output in the given format. Valid formats are "table", "json", or "yaml". This can also be specified via the `VAULT_FORMAT` environment variable. -## Command Options +### Command Options - `-method` `(string "token")` - Type of authentication to use such as "userpass" or "ldap". Note this corresponds to the TYPE, not the enabled path. diff --git a/website/source/docs/commands/operator/generate-root.html.md b/website/source/docs/commands/operator/generate-root.html.md index 70f0f6da2bd1..7965860fa531 100644 --- a/website/source/docs/commands/operator/generate-root.html.md +++ b/website/source/docs/commands/operator/generate-root.html.md @@ -55,6 +55,14 @@ $ vault operator generate-root -otp="..." The following flags are available in addition to the [standard set of flags](/docs/commands/index.html) included on all commands. +### Output Options + +- `-format` `(string: "table")` - Print the output in the given format. Valid + formats are "table", "json", or "yaml". This can also be specified via the + `VAULT_FORMAT` environment variable. + +### Command Options + - `-cancel` `(bool: false)` - Reset the root token generation progress. This will discard any submitted unseal keys or configuration. diff --git a/website/source/docs/commands/operator/key-status.html.md b/website/source/docs/commands/operator/key-status.html.md index 640235564089..7070a8227759 100644 --- a/website/source/docs/commands/operator/key-status.html.md +++ b/website/source/docs/commands/operator/key-status.html.md @@ -24,5 +24,11 @@ Install Time 01 Jan 17 12:30 UTC ## Usage -There are no flags beyond the [standard set of flags](/docs/commands/index.html) -included on all commands. +The following flags are available in addition to the [standard set of +flags](/docs/commands/index.html) included on all commands. + +### Output Options + +- `-format` `(string: "table")` - Print the output in the given format. Valid + formats are "table", "json", or "yaml". This can also be specified via the + `VAULT_FORMAT` environment variable. diff --git a/website/source/docs/commands/operator/rekey.html.md b/website/source/docs/commands/operator/rekey.html.md index 2635d0923b09..6ff0c493bd17 100644 --- a/website/source/docs/commands/operator/rekey.html.md +++ b/website/source/docs/commands/operator/rekey.html.md @@ -72,7 +72,13 @@ $ vault operator rekey -backup-delete The following flags are available in addition to the [standard set of flags](/docs/commands/index.html) included on all commands. -## Common Options +### Output Options + +- `-format` `(string: "table")` - Print the output in the given format. Valid + formats are "table", "json", or "yaml". This can also be specified via the + `VAULT_FORMAT` environment variable. + +### Command Options - `-cancel` `(bool: false)` - Reset the rekeying progress. This will discard any submitted unseal keys or configuration. The default is false. diff --git a/website/source/docs/commands/operator/rotate.html.md b/website/source/docs/commands/operator/rotate.html.md index 80f356e6559d..21b2dc4ce052 100644 --- a/website/source/docs/commands/operator/rotate.html.md +++ b/website/source/docs/commands/operator/rotate.html.md @@ -32,5 +32,11 @@ Install Time 01 May 17 10:30 UTC ## Usage -There are no flags beyond the [standard set of flags](/docs/commands/index.html) -included on all commands. +The following flags are available in addition to the [standard set of +flags](/docs/commands/index.html) included on all commands. + +### Output Options + +- `-format` `(string: "table")` - Print the output in the given format. Valid + formats are "table", "json", or "yaml". This can also be specified via the + `VAULT_FORMAT` environment variable. diff --git a/website/source/docs/commands/operator/unseal.html.md b/website/source/docs/commands/operator/unseal.html.md index ecdee34c6192..f036ac7d429d 100644 --- a/website/source/docs/commands/operator/unseal.html.md +++ b/website/source/docs/commands/operator/unseal.html.md @@ -50,5 +50,13 @@ Unseal Progress: 0 The following flags are available in addition to the [standard set of flags](/docs/commands/index.html) included on all commands. +### Output Options + +- `-format` `(string: "table")` - Print the output in the given format. Valid + formats are "table", "json", or "yaml". This can also be specified via the + `VAULT_FORMAT` environment variable. + +### Command Options + - `-reset` `(bool: false)` - Discard any previously entered keys to the unseal process. diff --git a/website/source/docs/commands/policy/list.html.md b/website/source/docs/commands/policy/list.html.md index 4ba30291f21f..b195a657e793 100644 --- a/website/source/docs/commands/policy/list.html.md +++ b/website/source/docs/commands/policy/list.html.md @@ -24,5 +24,12 @@ root ## Usage -There are no flags beyond the [standard set of flags](/docs/commands/index.html) -included on all commands. +The following flags are available in addition to the [standard set of +flags](/docs/commands/index.html) included on all commands. + +### Output Options + +- `-format` `(string: "table")` - Print the output in the given format. Valid + formats are "table", "json", or "yaml". This can also be specified via the + `VAULT_FORMAT` environment variable. + diff --git a/website/source/docs/commands/policy/read.html.md b/website/source/docs/commands/policy/read.html.md index 3f9e31956d9f..90912286275e 100644 --- a/website/source/docs/commands/policy/read.html.md +++ b/website/source/docs/commands/policy/read.html.md @@ -22,5 +22,11 @@ $ vault policy read my-policy ## Usage -There are no flags beyond the [standard set of flags](/docs/commands/index.html) -included on all commands. +The following flags are available in addition to the [standard set of +flags](/docs/commands/index.html) included on all commands. + +### Output Options + +- `-format` `(string: "table")` - Print the output in the given format. Valid + formats are "table", "json", or "yaml". This can also be specified via the + `VAULT_FORMAT` environment variable. diff --git a/website/source/docs/commands/read.html.md b/website/source/docs/commands/read.html.md index d37520ac171d..3d8ca690a61c 100644 --- a/website/source/docs/commands/read.html.md +++ b/website/source/docs/commands/read.html.md @@ -37,7 +37,7 @@ flags](/docs/commands/index.html) included on all commands. - `-field` `(string: "")` - Print only the field with the given name. Specifying this option will take precedence over other formatting directives. The result - will not have a trailing newline making it idea for piping to other processes. + will not have a trailing newline making it ideal for piping to other processes. - `-format` `(string: "table")` - Print the output in the given format. Valid formats are "table", "json", or "yaml". This can also be specified via the diff --git a/website/source/docs/commands/secrets/list.html.md b/website/source/docs/commands/secrets/list.html.md index ce8d6cb22923..4edf7fa369f8 100644 --- a/website/source/docs/commands/secrets/list.html.md +++ b/website/source/docs/commands/secrets/list.html.md @@ -45,5 +45,13 @@ sys/ system system_a9fd745d n/a n/a n/a The following flags are available in addition to the [standard set of flags](/docs/commands/index.html) included on all commands. +### Output Options + +- `-format` `(string: "table")` - Print the output in the given format. Valid + formats are "table", "json", or "yaml". This can also be specified via the + `VAULT_FORMAT` environment variable. + +### Command Options + - `-detailed` `(bool: false)` - Print detailed information such as configuration and replication status about each secrets engine. diff --git a/website/source/docs/commands/ssh.html.md b/website/source/docs/commands/ssh.html.md index 140e73146c7d..609c69f9a1f5 100644 --- a/website/source/docs/commands/ssh.html.md +++ b/website/source/docs/commands/ssh.html.md @@ -57,7 +57,7 @@ flags](/docs/commands/index.html) included on all commands. - `-field` `(string: "")` - Print only the field with the given name. Specifying this option will take precedence over other formatting directives. The result - will not have a trailing newline making it idea for piping to other processes. + will not have a trailing newline making it ideal for piping to other processes. - `-format` `(string: "table")` - Print the output in the given format. Valid formats are "table", "json", or "yaml". This can also be specified via the diff --git a/website/source/docs/commands/status.html.md b/website/source/docs/commands/status.html.md index abb2f2846a91..5ce352331ae1 100644 --- a/website/source/docs/commands/status.html.md +++ b/website/source/docs/commands/status.html.md @@ -40,5 +40,11 @@ High-Availability Enabled: false ## Usage -There are no flags beyond the [standard set of flags](/docs/commands/index.html) -included on all commands. +The following flags are available in addition to the [standard set of +flags](/docs/commands/index.html) included on all commands. + +### Output Options + +- `-format` `(string: "table")` - Print the output in the given format. Valid + formats are "table", "json", or "yaml". This can also be specified via the + `VAULT_FORMAT` environment variable. \ No newline at end of file diff --git a/website/source/docs/commands/token/capabilities.html.md b/website/source/docs/commands/token/capabilities.html.md index 393e801afb9f..9581478c3639 100644 --- a/website/source/docs/commands/token/capabilities.html.md +++ b/website/source/docs/commands/token/capabilities.html.md @@ -35,5 +35,11 @@ deny ## Usage -There are no flags beyond the [standard set of flags](/docs/commands/index.html) -included on all commands. +The following flags are available in addition to the [standard set of +flags](/docs/commands/index.html) included on all commands. + +### Output Options + +- `-format` `(string: "table")` - Print the output in the given format. Valid + formats are "table", "json", or "yaml". This can also be specified via the + `VAULT_FORMAT` environment variable. \ No newline at end of file diff --git a/website/source/docs/commands/token/create.html.md b/website/source/docs/commands/token/create.html.md index ea475ce648bd..6667cb50e6d6 100644 --- a/website/source/docs/commands/token/create.html.md +++ b/website/source/docs/commands/token/create.html.md @@ -64,7 +64,7 @@ flags](/docs/commands/index.html) included on all commands. - `-field` `(string: "")` - Print only the field with the given name. Specifying this option will take precedence over other formatting directives. The result - will not have a trailing newline making it idea for piping to other processes. + will not have a trailing newline making it ideal for piping to other processes. - `-format` `(string: "table")` - Print the output in the given format. Valid formats are "table", "json", or "yaml". This can also be specified via the diff --git a/website/source/docs/commands/unwrap.html.md b/website/source/docs/commands/unwrap.html.md index 55c3d0e29e98..2c4bea2062a9 100644 --- a/website/source/docs/commands/unwrap.html.md +++ b/website/source/docs/commands/unwrap.html.md @@ -39,7 +39,7 @@ flags](/docs/commands/index.html) included on all commands. - `-field` `(string: "")` - Print only the field with the given name. Specifying this option will take precedence over other formatting directives. The result - will not have a trailing newline making it idea for piping to other processes. + will not have a trailing newline making it ideal for piping to other processes. - `-format` `(string: "table")` - Print the output in the given format. Valid formats are "table", "json", or "yaml". This can also be specified via the diff --git a/website/source/docs/commands/write.html.md b/website/source/docs/commands/write.html.md index 1c6bb0bd60dc..c61a86a7704f 100644 --- a/website/source/docs/commands/write.html.md +++ b/website/source/docs/commands/write.html.md @@ -56,7 +56,7 @@ flags](/docs/commands/index.html) included on all commands. - `-field` `(string: "")` - Print only the field with the given name. Specifying this option will take precedence over other formatting directives. The result - will not have a trailing newline making it idea for piping to other processes. + will not have a trailing newline making it ideal for piping to other processes. - `-format` `(string: "table")` - Print the output in the given format. Valid formats are "table", "json", or "yaml". This can also be specified via the From 7181749031038abe561ef99ddf070c8da71f3154 Mon Sep 17 00:00:00 2001 From: Paul Stack Date: Tue, 13 Feb 2018 01:22:41 +0200 Subject: [PATCH 114/178] Adding Manta Storage Backend (#3720) This PR adds a new Storage Backend for Triton's Object Storage - Manta ``` make testacc TEST=./physical/manta ==> Checking that code complies with gofmt requirements... ==> Checking that build is using go version >= 1.9.1... go generate VAULT_ACC=1 go test -tags='vault' ./physical/manta -v -timeout 45m === RUN TestMantaBackend --- PASS: TestMantaBackend (61.18s) PASS ok github.com/hashicorp/vault/physical/manta 61.210s ``` Manta behaves differently to how S3 works - it has no such concepts of Buckets - it is merely a filesystem style object store Therefore, we have chosen the approach of when writing a secret `foo` it will actually map (on disk) as foo/.vault_value The reason for this is because if we write the secret `foo/bar` and then try and Delete a key using the name `foo` then Manta will complain that the folder is not empty because `foo/bar` exists. Therefore, `foo/bar` is written as `foo/bar/.vault_value` The value of the key is *always* written to a directory tree of the name and put in a `.vault_value` file. --- command/commands.go | 2 + physical/manta/manta.go | 265 +++++++++++ physical/manta/manta_test.go | 86 ++++ .../github.com/joyent/triton-go/CHANGELOG.md | 64 +++ .../github.com/joyent/triton-go/GNUmakefile | 46 ++ vendor/github.com/joyent/triton-go/Gopkg.lock | 33 ++ vendor/github.com/joyent/triton-go/Gopkg.toml | 38 ++ vendor/github.com/joyent/triton-go/LICENSE | 373 +++++++++++++++ vendor/github.com/joyent/triton-go/README.md | 238 ++++++++++ .../joyent/triton-go/authentication/dummy.go | 80 ++++ .../authentication/ecdsa_signature.go | 74 +++ .../authentication/private_key_signer.go | 132 ++++++ .../triton-go/authentication/rsa_signature.go | 33 ++ .../triton-go/authentication/signature.go | 35 ++ .../joyent/triton-go/authentication/signer.go | 18 + .../authentication/ssh_agent_signer.go | 190 ++++++++ .../triton-go/authentication/test_signer.go | 35 ++ .../joyent/triton-go/authentication/util.go | 37 ++ .../joyent/triton-go/client/client.go | 444 +++++++++++++++++ .../joyent/triton-go/errors/errors.go | 297 ++++++++++++ .../joyent/triton-go/storage/client.go | 59 +++ .../joyent/triton-go/storage/directory.go | 207 ++++++++ .../joyent/triton-go/storage/job.go | 448 ++++++++++++++++++ .../joyent/triton-go/storage/objects.go | 391 +++++++++++++++ .../joyent/triton-go/storage/signing.go | 90 ++++ .../joyent/triton-go/storage/snaplink.go | 54 +++ vendor/github.com/joyent/triton-go/triton.go | 27 ++ vendor/github.com/joyent/triton-go/version.go | 32 ++ vendor/vendor.json | 30 ++ .../docs/configuration/storage/manta.html.md | 66 +++ website/source/layouts/docs.erb | 3 + 31 files changed, 3927 insertions(+) create mode 100644 physical/manta/manta.go create mode 100644 physical/manta/manta_test.go create mode 100644 vendor/github.com/joyent/triton-go/CHANGELOG.md create mode 100644 vendor/github.com/joyent/triton-go/GNUmakefile create mode 100644 vendor/github.com/joyent/triton-go/Gopkg.lock create mode 100644 vendor/github.com/joyent/triton-go/Gopkg.toml create mode 100644 vendor/github.com/joyent/triton-go/LICENSE create mode 100644 vendor/github.com/joyent/triton-go/README.md create mode 100644 vendor/github.com/joyent/triton-go/authentication/dummy.go create mode 100644 vendor/github.com/joyent/triton-go/authentication/ecdsa_signature.go create mode 100644 vendor/github.com/joyent/triton-go/authentication/private_key_signer.go create mode 100644 vendor/github.com/joyent/triton-go/authentication/rsa_signature.go create mode 100644 vendor/github.com/joyent/triton-go/authentication/signature.go create mode 100644 vendor/github.com/joyent/triton-go/authentication/signer.go create mode 100644 vendor/github.com/joyent/triton-go/authentication/ssh_agent_signer.go create mode 100644 vendor/github.com/joyent/triton-go/authentication/test_signer.go create mode 100644 vendor/github.com/joyent/triton-go/authentication/util.go create mode 100644 vendor/github.com/joyent/triton-go/client/client.go create mode 100644 vendor/github.com/joyent/triton-go/errors/errors.go create mode 100644 vendor/github.com/joyent/triton-go/storage/client.go create mode 100644 vendor/github.com/joyent/triton-go/storage/directory.go create mode 100644 vendor/github.com/joyent/triton-go/storage/job.go create mode 100644 vendor/github.com/joyent/triton-go/storage/objects.go create mode 100644 vendor/github.com/joyent/triton-go/storage/signing.go create mode 100644 vendor/github.com/joyent/triton-go/storage/snaplink.go create mode 100644 vendor/github.com/joyent/triton-go/triton.go create mode 100644 vendor/github.com/joyent/triton-go/version.go create mode 100644 website/source/docs/configuration/storage/manta.html.md diff --git a/command/commands.go b/command/commands.go index c80c973a6348..9a9e54472208 100644 --- a/command/commands.go +++ b/command/commands.go @@ -56,6 +56,7 @@ import ( physFile "github.com/hashicorp/vault/physical/file" physGCS "github.com/hashicorp/vault/physical/gcs" physInmem "github.com/hashicorp/vault/physical/inmem" + physManta "github.com/hashicorp/vault/physical/manta" physMSSQL "github.com/hashicorp/vault/physical/mssql" physMySQL "github.com/hashicorp/vault/physical/mysql" physPostgreSQL "github.com/hashicorp/vault/physical/postgresql" @@ -128,6 +129,7 @@ var ( "inmem_transactional_ha": physInmem.NewTransactionalInmemHA, "inmem_transactional": physInmem.NewTransactionalInmem, "inmem": physInmem.NewInmem, + "manta": physManta.NewMantaBackend, "mssql": physMSSQL.NewMSSQLBackend, "mysql": physMySQL.NewMySQLBackend, "postgresql": physPostgreSQL.NewPostgreSQLBackend, diff --git a/physical/manta/manta.go b/physical/manta/manta.go new file mode 100644 index 000000000000..2d97663e83ca --- /dev/null +++ b/physical/manta/manta.go @@ -0,0 +1,265 @@ +package manta + +import ( + "bytes" + "context" + "fmt" + "io" + "os" + "path" + "sort" + "strconv" + "strings" + "time" + + "github.com/armon/go-metrics" + "github.com/hashicorp/errwrap" + "github.com/hashicorp/vault/physical" + "github.com/joyent/triton-go" + "github.com/joyent/triton-go/authentication" + "github.com/joyent/triton-go/errors" + "github.com/joyent/triton-go/storage" + log "github.com/mgutz/logxi/v1" +) + +const mantaDefaultRootStore = "/stor" + +type MantaBackend struct { + logger log.Logger + permitPool *physical.PermitPool + client *storage.StorageClient + directory string +} + +func NewMantaBackend(conf map[string]string, logger log.Logger) (physical.Backend, error) { + + user := os.Getenv("MANTA_USER") + if user == "" { + user = conf["user"] + } + + keyId := os.Getenv("MANTA_KEY_ID") + if keyId == "" { + keyId = conf["key_id"] + } + + url := os.Getenv("MANTA_URL") + if url == "" { + url = conf["url"] + } else { + url = "https://us-east.manta.joyent.com" + } + + subuser := os.Getenv("MANTA_SUBUSER") + if subuser == "" { + if confUser, ok := conf["subuser"]; ok { + subuser = confUser + } + } + + input := authentication.SSHAgentSignerInput{ + KeyID: keyId, + AccountName: user, + Username: subuser, + } + signer, err := authentication.NewSSHAgentSigner(input) + if err != nil { + return nil, errwrap.Wrapf("Error Creating SSH Agent Signer: {{err}}", err) + } + + maxParStr, ok := conf["max_parallel"] + var maxParInt int + if ok { + maxParInt, err = strconv.Atoi(maxParStr) + if err != nil { + return nil, errwrap.Wrapf("failed parsing max_parallel parameter: {{err}}", err) + } + if logger.IsDebug() { + logger.Debug("manta: max_parallel set", "max_parallel", maxParInt) + } + } + + config := &triton.ClientConfig{ + MantaURL: url, + AccountName: user, + Signers: []authentication.Signer{signer}, + } + + client, err := storage.NewClient(config) + if err != nil { + return nil, errwrap.Wrapf("failed initialising Storage client: {{err}}", err) + } + + return &MantaBackend{ + client: client, + directory: conf["directory"], + logger: logger, + permitPool: physical.NewPermitPool(maxParInt), + }, nil +} + +// Put is used to insert or update an entry +func (m *MantaBackend) Put(entry *physical.Entry) error { + defer metrics.MeasureSince([]string{"manta", "put"}, time.Now()) + + m.permitPool.Acquire() + defer m.permitPool.Release() + + r := bytes.NewReader(entry.Value) + r.Seek(0, 0) + + return m.client.Objects().Put(context.Background(), &storage.PutObjectInput{ + ObjectPath: path.Join(mantaDefaultRootStore, m.directory, entry.Key, ".vault_value"), + ObjectReader: r, + ContentLength: uint64(len(entry.Value)), + ForceInsert: true, + }) +} + +// Get is used to fetch an entry +func (m *MantaBackend) Get(key string) (*physical.Entry, error) { + defer metrics.MeasureSince([]string{"manta", "get"}, time.Now()) + + m.permitPool.Acquire() + defer m.permitPool.Release() + + output, err := m.client.Objects().Get(context.Background(), &storage.GetObjectInput{ + ObjectPath: path.Join(mantaDefaultRootStore, m.directory, key, ".vault_value"), + }) + if err != nil { + if strings.Contains(err.Error(), "ResourceNotFound") { + return nil, nil + } + return nil, err + } + + defer output.ObjectReader.Close() + + data := make([]byte, output.ContentLength) + _, err = io.ReadFull(output.ObjectReader, data) + if err != nil { + return nil, err + } + + ent := &physical.Entry{ + Key: key, + Value: data, + } + + return ent, nil +} + +// Delete is used to permanently delete an entry +func (m *MantaBackend) Delete(key string) error { + defer metrics.MeasureSince([]string{"manta", "delete"}, time.Now()) + + m.permitPool.Acquire() + defer m.permitPool.Release() + + if strings.HasSuffix(key, "/") { + err := m.client.Dir().Delete(context.Background(), &storage.DeleteDirectoryInput{ + DirectoryName: path.Join(mantaDefaultRootStore, m.directory, key), + ForceDelete: true, + }) + if err != nil { + return err + } + } else { + err := m.client.Objects().Delete(context.Background(), &storage.DeleteObjectInput{ + ObjectPath: path.Join(mantaDefaultRootStore, m.directory, key, ".vault_value"), + }) + if err != nil { + if errors.IsResourceNotFound(err) { + return nil + } + return err + } + + return tryDeleteDirectory(m, path.Join(mantaDefaultRootStore, m.directory, key)) + } + + return nil +} + +func tryDeleteDirectory(m *MantaBackend, directoryPath string) error { + objs, err := m.client.Dir().List(context.Background(), &storage.ListDirectoryInput{ + DirectoryName: directoryPath, + }) + if err != nil { + if errors.IsResourceNotFound(err) { + return nil + } + return err + } + if objs != nil && len(objs.Entries) == 0 { + err := m.client.Dir().Delete(context.Background(), &storage.DeleteDirectoryInput{ + DirectoryName: directoryPath, + }) + if err != nil { + return err + } + + return tryDeleteDirectory(m, path.Dir(directoryPath)) + } + return nil +} + +// List is used to list all the keys under a given +// prefix, up to the next prefix. +func (m *MantaBackend) List(prefix string) ([]string, error) { + defer metrics.MeasureSince([]string{"manta", "list"}, time.Now()) + + m.permitPool.Acquire() + defer m.permitPool.Release() + + objs, err := m.client.Dir().List(context.Background(), &storage.ListDirectoryInput{ + DirectoryName: path.Join(mantaDefaultRootStore, m.directory, prefix), + }) + if err != nil { + if errors.IsResourceNotFound(err) { + return []string{}, nil + } + return nil, err + } + + keys := []string{} + for _, obj := range objs.Entries { + if obj.Type == "directory" { + objs, err := m.client.Dir().List(context.Background(), &storage.ListDirectoryInput{ + DirectoryName: path.Join(mantaDefaultRootStore, m.directory, prefix, obj.Name), + }) + if err != nil { + if !errors.IsResourceNotFound(err) { + return nil, err + } + } + + //We need to check to see if there is something more than just the `value` file + //if the length of the children is: + // > 1 and includes the value `index` then we need to add foo and foo/ + // = 1 and the value is `index` then we need to add foo + // = 1 and the value is not `index` then we need to add foo/ + if len(objs.Entries) == 1 { + if objs.Entries[0].Name != ".vault_value" { + keys = append(keys, fmt.Sprintf("%s/", obj.Name)) + } else { + keys = append(keys, obj.Name) + } + } else if len(objs.Entries) > 1 { + for _, childObj := range objs.Entries { + if childObj.Name == ".vault_value" { + keys = append(keys, obj.Name) + } else { + keys = append(keys, fmt.Sprintf("%s/", obj.Name)) + } + } + } else { + keys = append(keys, obj.Name) + } + } + } + + sort.Strings(keys) + + return keys, nil +} diff --git a/physical/manta/manta_test.go b/physical/manta/manta_test.go new file mode 100644 index 000000000000..c39683c174d1 --- /dev/null +++ b/physical/manta/manta_test.go @@ -0,0 +1,86 @@ +package manta + +import ( + "context" + "fmt" + "math/rand" + "os" + "path" + "testing" + "time" + + "github.com/hashicorp/vault/helper/logformat" + "github.com/hashicorp/vault/physical" + "github.com/joyent/triton-go" + "github.com/joyent/triton-go/authentication" + tclient "github.com/joyent/triton-go/client" + "github.com/joyent/triton-go/storage" + log "github.com/mgutz/logxi/v1" +) + +func TestMantaBackend(t *testing.T) { + user := os.Getenv("MANTA_USER") + keyId := os.Getenv("MANTA_KEY_ID") + url := "https://us-east.manta.joyent.com" + testHarnessBucket := fmt.Sprintf("test-bucket-%d", randInt()) + + if user == "" || keyId == "" { + t.SkipNow() + } + + input := authentication.SSHAgentSignerInput{ + KeyID: keyId, + AccountName: user, + Username: "", + } + signer, err := authentication.NewSSHAgentSigner(input) + if err != nil { + t.Fatalf("Error Creating SSH Agent Signer: %s", err.Error()) + } + + config := &triton.ClientConfig{ + MantaURL: url, + AccountName: user, + Signers: []authentication.Signer{signer}, + } + + client, err := storage.NewClient(config) + if err != nil { + t.Fatalf("failed initialising Storage client: %s", err.Error()) + } + + logger := logformat.NewVaultLogger(log.LevelTrace) + mb := &MantaBackend{ + client: client, + directory: testHarnessBucket, + logger: logger, + permitPool: physical.NewPermitPool(128), + } + + err = mb.client.Dir().Put(context.Background(), &storage.PutDirectoryInput{ + DirectoryName: path.Join(mantaDefaultRootStore), + }) + if err != nil { + t.Fatal("Error creating test harness directory") + } + + defer func() { + err = mb.client.Dir().Delete(context.Background(), &storage.DeleteDirectoryInput{ + DirectoryName: path.Join(mantaDefaultRootStore, testHarnessBucket), + ForceDelete: true, + }) + if err != nil { + if !tclient.IsResourceNotFoundError(err) { + t.Fatal("failed to delete test harness directory") + } + } + }() + + physical.ExerciseBackend(t, mb) + physical.ExerciseBackend_ListPrefix(t, mb) +} + +func randInt() int { + rand.Seed(time.Now().UTC().UnixNano()) + return rand.New(rand.NewSource(time.Now().UnixNano())).Int() +} diff --git a/vendor/github.com/joyent/triton-go/CHANGELOG.md b/vendor/github.com/joyent/triton-go/CHANGELOG.md new file mode 100644 index 000000000000..7b2df2e8a219 --- /dev/null +++ b/vendor/github.com/joyent/triton-go/CHANGELOG.md @@ -0,0 +1,64 @@ +## Unreleased + +- Add support for managing columes in Triton [#100] +- identity/policies: Add support for managing policies in Triton [#86] +- addition of triton-go errors package to expose unwraping of internal errors +- Migration from hashicorp/errwrap to pkg/errors +- Using path.Join() for URL structures rather than fmt.Sprintf() + +## 0.5.2 (December 28) + +- Standardise the API SSH Signers input casing and naming + +## 0.5.1 (December 28) + +- Include leading '/' when working with SSH Agent signers + +## 0.5.0 (December 28) + +- Add support for RBAC in triton-go [#82] +This is a breaking change. No longer do we pass individual parameters to the SSH Signer funcs, but we now pass an input Struct. This will guard from from additional parameter changes in the future. +We also now add support for using `SDC_*` and `TRITON_*` env vars when working with the Default agent signer + +## 0.4.2 (December 22) + +- Fixing a panic when the user loses network connectivity when making a GET request to instance [#81] + +## 0.4.1 (December 15) + +- Clean up the handling of directory sanitization. Use abs paths everywhere [#79] + +## 0.4.0 (December 15) + +- Fix an issue where Manta HEAD requests do not return an error resp body [#77] +- Add support for recursively creating child directories [#78] + +## 0.3.0 (December 14) + +- Introduce CloudAPI's ListRulesMachines under networking +- Enable HTTP KeepAlives by default in the client. 15s idle timeout, 2x + connections per host, total of 10x connections per client. +- Expose an optional Headers attribute to clients to allow them to customize + HTTP headers when making Object requests. +- Fix a bug in Directory ListIndex [#69](https://github.com/joyent/issues/69) +- Inputs to Object inputs have been relaxed to `io.Reader` (formerly a + `io.ReadSeeker`) [#73](https://github.com/joyent/issues/73). +- Add support for ForceDelete of all children of a directory [#71](https://github.com/joyent/issues/71) +- storage: Introduce `Objects.GetInfo` and `Objects.IsDir` using HEAD requests [#74](https://github.com/joyent/triton-go/issues/74) + +## 0.2.1 (November 8) + +- Fixing a bug where CreateUser and UpdateUser didn't return the UserID + +## 0.2.0 (November 7) + +- Introduce CloudAPI's Ping under compute +- Introduce CloudAPI's RebootMachine under compute instances +- Introduce CloudAPI's ListUsers, GetUser, CreateUser, UpdateUser and DeleteUser under identity package +- Introduce CloudAPI's ListMachineSnapshots, GetMachineSnapshot, CreateSnapshot, DeleteMachineSnapshot and StartMachineFromSnapshot under compute package +- tools: Introduce unit testing and scripts for linting, etc. +- bug: Fix the `compute.ListMachineRules` endpoint + +## 0.1.0 (November 2) + +- Initial release of a versioned SDK diff --git a/vendor/github.com/joyent/triton-go/GNUmakefile b/vendor/github.com/joyent/triton-go/GNUmakefile new file mode 100644 index 000000000000..f996b99514b4 --- /dev/null +++ b/vendor/github.com/joyent/triton-go/GNUmakefile @@ -0,0 +1,46 @@ +TEST?=$$(go list ./... |grep -Ev 'vendor|examples|testutils') +GOFMT_FILES?=$$(find . -name '*.go' |grep -v vendor) + +default: vet errcheck test + +tools:: ## Download and install all dev/code tools + @echo "==> Installing dev tools" + go get -u github.com/golang/dep/cmd/dep + go get -u github.com/golang/lint/golint + go get -u github.com/kisielk/errcheck + @echo "==> Installing test package dependencies" + go test -i $(TEST) || exit 1 + +test:: ## Run unit tests + @echo "==> Running unit test with coverage" + @./scripts/go-test-with-coverage.sh + +testacc:: ## Run acceptance tests + @echo "==> Running acceptance tests" + TRITON_TEST=1 go test $(TEST) -v $(TESTARGS) -run -timeout 120m + +vet:: ## Check for unwanted code constructs + @echo "go vet ." + @go vet $$(go list ./... | grep -v vendor/) ; if [ $$? -eq 1 ]; then \ + echo ""; \ + echo "Vet found suspicious constructs. Please check the reported constructs"; \ + echo "and fix them if necessary before submitting the code for review."; \ + exit 1; \ + fi + +lint:: ## Lint and vet code by common Go standards + @bash $(CURDIR)/scripts/lint.sh + +fmt:: ## Format as canonical Go code + gofmt -w $(GOFMT_FILES) + +fmtcheck:: ## Check if code format is canonical Go + @bash $(CURDIR)/scripts/gofmtcheck.sh + +errcheck:: ## Check for unhandled errors + @bash $(CURDIR)/scripts/errcheck.sh + +.PHONY: help +help:: ## Display this help message + @echo "GNU make(1) targets:" + @grep -E '^[a-zA-Z_.-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-15s\033[0m %s\n", $$1, $$2}' diff --git a/vendor/github.com/joyent/triton-go/Gopkg.lock b/vendor/github.com/joyent/triton-go/Gopkg.lock new file mode 100644 index 000000000000..858574604eed --- /dev/null +++ b/vendor/github.com/joyent/triton-go/Gopkg.lock @@ -0,0 +1,33 @@ +# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'. + + +[[projects]] + branch = "master" + name = "github.com/abdullin/seq" + packages = ["."] + revision = "d5467c17e7afe8d8f08f556c6c811a50c3feb28d" + +[[projects]] + branch = "master" + name = "github.com/pkg/errors" + packages = ["."] + revision = "e881fd58d78e04cf6d0de1217f8707c8cc2249bc" + +[[projects]] + branch = "master" + name = "github.com/sean-/seed" + packages = ["."] + revision = "e2103e2c35297fb7e17febb81e49b312087a2372" + +[[projects]] + branch = "master" + name = "golang.org/x/crypto" + packages = ["curve25519","ed25519","ed25519/internal/edwards25519","ssh","ssh/agent"] + revision = "0fcca4842a8d74bfddc2c96a073bd2a4d2a7a2e8" + +[solve-meta] + analyzer-name = "dep" + analyzer-version = 1 + inputs-digest = "f7efd974ae38e2ee077c4d2698df74128a04797460b5f9c833853ddfaa86a0a0" + solver-name = "gps-cdcl" + solver-version = 1 diff --git a/vendor/github.com/joyent/triton-go/Gopkg.toml b/vendor/github.com/joyent/triton-go/Gopkg.toml new file mode 100644 index 000000000000..3d3f322e6ba1 --- /dev/null +++ b/vendor/github.com/joyent/triton-go/Gopkg.toml @@ -0,0 +1,38 @@ + +# Gopkg.toml example +# +# Refer to https://github.com/golang/dep/blob/master/docs/Gopkg.toml.md +# for detailed Gopkg.toml documentation. +# +# required = ["github.com/user/thing/cmd/thing"] +# ignored = ["github.com/user/project/pkgX", "bitbucket.org/user/project/pkgA/pkgY"] +# +# [[constraint]] +# name = "github.com/user/project" +# version = "1.0.0" +# +# [[constraint]] +# name = "github.com/user/project2" +# branch = "dev" +# source = "github.com/myfork/project2" +# +# [[override]] +# name = "github.com/x/y" +# version = "2.4.0" + + +[[constraint]] + branch = "master" + name = "github.com/abdullin/seq" + +[[constraint]] + branch = "master" + name = "github.com/sean-/seed" + +[[constraint]] + branch = "master" + name = "golang.org/x/crypto" + +[[constraint]] + branch = "master" + name = "github.com/pkg/errors" diff --git a/vendor/github.com/joyent/triton-go/LICENSE b/vendor/github.com/joyent/triton-go/LICENSE new file mode 100644 index 000000000000..14e2f777f6c3 --- /dev/null +++ b/vendor/github.com/joyent/triton-go/LICENSE @@ -0,0 +1,373 @@ +Mozilla Public License Version 2.0 +================================== + +1. Definitions +-------------- + +1.1. "Contributor" + means each individual or legal entity that creates, contributes to + the creation of, or owns Covered Software. + +1.2. "Contributor Version" + means the combination of the Contributions of others (if any) used + by a Contributor and that particular Contributor's Contribution. + +1.3. "Contribution" + means Covered Software of a particular Contributor. + +1.4. "Covered Software" + means Source Code Form to which the initial Contributor has attached + the notice in Exhibit A, the Executable Form of such Source Code + Form, and Modifications of such Source Code Form, in each case + including portions thereof. + +1.5. "Incompatible With Secondary Licenses" + means + + (a) that the initial Contributor has attached the notice described + in Exhibit B to the Covered Software; or + + (b) that the Covered Software was made available under the terms of + version 1.1 or earlier of the License, but not also under the + terms of a Secondary License. + +1.6. "Executable Form" + means any form of the work other than Source Code Form. + +1.7. "Larger Work" + means a work that combines Covered Software with other material, in + a separate file or files, that is not Covered Software. + +1.8. "License" + means this document. + +1.9. "Licensable" + means having the right to grant, to the maximum extent possible, + whether at the time of the initial grant or subsequently, any and + all of the rights conveyed by this License. + +1.10. "Modifications" + means any of the following: + + (a) any file in Source Code Form that results from an addition to, + deletion from, or modification of the contents of Covered + Software; or + + (b) any new file in Source Code Form that contains any Covered + Software. + +1.11. "Patent Claims" of a Contributor + means any patent claim(s), including without limitation, method, + process, and apparatus claims, in any patent Licensable by such + Contributor that would be infringed, but for the grant of the + License, by the making, using, selling, offering for sale, having + made, import, or transfer of either its Contributions or its + Contributor Version. + +1.12. "Secondary License" + means either the GNU General Public License, Version 2.0, the GNU + Lesser General Public License, Version 2.1, the GNU Affero General + Public License, Version 3.0, or any later versions of those + licenses. + +1.13. "Source Code Form" + means the form of the work preferred for making modifications. + +1.14. "You" (or "Your") + means an individual or a legal entity exercising rights under this + License. For legal entities, "You" includes any entity that + controls, is controlled by, or is under common control with You. For + purposes of this definition, "control" means (a) the power, direct + or indirect, to cause the direction or management of such entity, + whether by contract or otherwise, or (b) ownership of more than + fifty percent (50%) of the outstanding shares or beneficial + ownership of such entity. + +2. License Grants and Conditions +-------------------------------- + +2.1. Grants + +Each Contributor hereby grants You a world-wide, royalty-free, +non-exclusive license: + +(a) under intellectual property rights (other than patent or trademark) + Licensable by such Contributor to use, reproduce, make available, + modify, display, perform, distribute, and otherwise exploit its + Contributions, either on an unmodified basis, with Modifications, or + as part of a Larger Work; and + +(b) under Patent Claims of such Contributor to make, use, sell, offer + for sale, have made, import, and otherwise transfer either its + Contributions or its Contributor Version. + +2.2. Effective Date + +The licenses granted in Section 2.1 with respect to any Contribution +become effective for each Contribution on the date the Contributor first +distributes such Contribution. + +2.3. Limitations on Grant Scope + +The licenses granted in this Section 2 are the only rights granted under +this License. No additional rights or licenses will be implied from the +distribution or licensing of Covered Software under this License. +Notwithstanding Section 2.1(b) above, no patent license is granted by a +Contributor: + +(a) for any code that a Contributor has removed from Covered Software; + or + +(b) for infringements caused by: (i) Your and any other third party's + modifications of Covered Software, or (ii) the combination of its + Contributions with other software (except as part of its Contributor + Version); or + +(c) under Patent Claims infringed by Covered Software in the absence of + its Contributions. + +This License does not grant any rights in the trademarks, service marks, +or logos of any Contributor (except as may be necessary to comply with +the notice requirements in Section 3.4). + +2.4. Subsequent Licenses + +No Contributor makes additional grants as a result of Your choice to +distribute the Covered Software under a subsequent version of this +License (see Section 10.2) or under the terms of a Secondary License (if +permitted under the terms of Section 3.3). + +2.5. Representation + +Each Contributor represents that the Contributor believes its +Contributions are its original creation(s) or it has sufficient rights +to grant the rights to its Contributions conveyed by this License. + +2.6. Fair Use + +This License is not intended to limit any rights You have under +applicable copyright doctrines of fair use, fair dealing, or other +equivalents. + +2.7. Conditions + +Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted +in Section 2.1. + +3. Responsibilities +------------------- + +3.1. Distribution of Source Form + +All distribution of Covered Software in Source Code Form, including any +Modifications that You create or to which You contribute, must be under +the terms of this License. You must inform recipients that the Source +Code Form of the Covered Software is governed by the terms of this +License, and how they can obtain a copy of this License. You may not +attempt to alter or restrict the recipients' rights in the Source Code +Form. + +3.2. Distribution of Executable Form + +If You distribute Covered Software in Executable Form then: + +(a) such Covered Software must also be made available in Source Code + Form, as described in Section 3.1, and You must inform recipients of + the Executable Form how they can obtain a copy of such Source Code + Form by reasonable means in a timely manner, at a charge no more + than the cost of distribution to the recipient; and + +(b) You may distribute such Executable Form under the terms of this + License, or sublicense it under different terms, provided that the + license for the Executable Form does not attempt to limit or alter + the recipients' rights in the Source Code Form under this License. + +3.3. Distribution of a Larger Work + +You may create and distribute a Larger Work under terms of Your choice, +provided that You also comply with the requirements of this License for +the Covered Software. If the Larger Work is a combination of Covered +Software with a work governed by one or more Secondary Licenses, and the +Covered Software is not Incompatible With Secondary Licenses, this +License permits You to additionally distribute such Covered Software +under the terms of such Secondary License(s), so that the recipient of +the Larger Work may, at their option, further distribute the Covered +Software under the terms of either this License or such Secondary +License(s). + +3.4. Notices + +You may not remove or alter the substance of any license notices +(including copyright notices, patent notices, disclaimers of warranty, +or limitations of liability) contained within the Source Code Form of +the Covered Software, except that You may alter any license notices to +the extent required to remedy known factual inaccuracies. + +3.5. Application of Additional Terms + +You may choose to offer, and to charge a fee for, warranty, support, +indemnity or liability obligations to one or more recipients of Covered +Software. However, You may do so only on Your own behalf, and not on +behalf of any Contributor. You must make it absolutely clear that any +such warranty, support, indemnity, or liability obligation is offered by +You alone, and You hereby agree to indemnify every Contributor for any +liability incurred by such Contributor as a result of warranty, support, +indemnity or liability terms You offer. You may include additional +disclaimers of warranty and limitations of liability specific to any +jurisdiction. + +4. Inability to Comply Due to Statute or Regulation +--------------------------------------------------- + +If it is impossible for You to comply with any of the terms of this +License with respect to some or all of the Covered Software due to +statute, judicial order, or regulation then You must: (a) comply with +the terms of this License to the maximum extent possible; and (b) +describe the limitations and the code they affect. Such description must +be placed in a text file included with all distributions of the Covered +Software under this License. Except to the extent prohibited by statute +or regulation, such description must be sufficiently detailed for a +recipient of ordinary skill to be able to understand it. + +5. Termination +-------------- + +5.1. The rights granted under this License will terminate automatically +if You fail to comply with any of its terms. However, if You become +compliant, then the rights granted under this License from a particular +Contributor are reinstated (a) provisionally, unless and until such +Contributor explicitly and finally terminates Your grants, and (b) on an +ongoing basis, if such Contributor fails to notify You of the +non-compliance by some reasonable means prior to 60 days after You have +come back into compliance. Moreover, Your grants from a particular +Contributor are reinstated on an ongoing basis if such Contributor +notifies You of the non-compliance by some reasonable means, this is the +first time You have received notice of non-compliance with this License +from such Contributor, and You become compliant prior to 30 days after +Your receipt of the notice. + +5.2. If You initiate litigation against any entity by asserting a patent +infringement claim (excluding declaratory judgment actions, +counter-claims, and cross-claims) alleging that a Contributor Version +directly or indirectly infringes any patent, then the rights granted to +You by any and all Contributors for the Covered Software under Section +2.1 of this License shall terminate. + +5.3. In the event of termination under Sections 5.1 or 5.2 above, all +end user license agreements (excluding distributors and resellers) which +have been validly granted by You or Your distributors under this License +prior to termination shall survive termination. + +************************************************************************ +* * +* 6. Disclaimer of Warranty * +* ------------------------- * +* * +* Covered Software is provided under this License on an "as is" * +* basis, without warranty of any kind, either expressed, implied, or * +* statutory, including, without limitation, warranties that the * +* Covered Software is free of defects, merchantable, fit for a * +* particular purpose or non-infringing. The entire risk as to the * +* quality and performance of the Covered Software is with You. * +* Should any Covered Software prove defective in any respect, You * +* (not any Contributor) assume the cost of any necessary servicing, * +* repair, or correction. This disclaimer of warranty constitutes an * +* essential part of this License. No use of any Covered Software is * +* authorized under this License except under this disclaimer. * +* * +************************************************************************ + +************************************************************************ +* * +* 7. Limitation of Liability * +* -------------------------- * +* * +* Under no circumstances and under no legal theory, whether tort * +* (including negligence), contract, or otherwise, shall any * +* Contributor, or anyone who distributes Covered Software as * +* permitted above, be liable to You for any direct, indirect, * +* special, incidental, or consequential damages of any character * +* including, without limitation, damages for lost profits, loss of * +* goodwill, work stoppage, computer failure or malfunction, or any * +* and all other commercial damages or losses, even if such party * +* shall have been informed of the possibility of such damages. This * +* limitation of liability shall not apply to liability for death or * +* personal injury resulting from such party's negligence to the * +* extent applicable law prohibits such limitation. Some * +* jurisdictions do not allow the exclusion or limitation of * +* incidental or consequential damages, so this exclusion and * +* limitation may not apply to You. * +* * +************************************************************************ + +8. Litigation +------------- + +Any litigation relating to this License may be brought only in the +courts of a jurisdiction where the defendant maintains its principal +place of business and such litigation shall be governed by laws of that +jurisdiction, without reference to its conflict-of-law provisions. +Nothing in this Section shall prevent a party's ability to bring +cross-claims or counter-claims. + +9. Miscellaneous +---------------- + +This License represents the complete agreement concerning the subject +matter hereof. If any provision of this License is held to be +unenforceable, such provision shall be reformed only to the extent +necessary to make it enforceable. Any law or regulation which provides +that the language of a contract shall be construed against the drafter +shall not be used to construe this License against a Contributor. + +10. Versions of the License +--------------------------- + +10.1. New Versions + +Mozilla Foundation is the license steward. Except as provided in Section +10.3, no one other than the license steward has the right to modify or +publish new versions of this License. Each version will be given a +distinguishing version number. + +10.2. Effect of New Versions + +You may distribute the Covered Software under the terms of the version +of the License under which You originally received the Covered Software, +or under the terms of any subsequent version published by the license +steward. + +10.3. Modified Versions + +If you create software not governed by this License, and you want to +create a new license for such software, you may create and use a +modified version of this License if you rename the license and remove +any references to the name of the license steward (except to note that +such modified license differs from this License). + +10.4. Distributing Source Code Form that is Incompatible With Secondary +Licenses + +If You choose to distribute Source Code Form that is Incompatible With +Secondary Licenses under the terms of this version of the License, the +notice described in Exhibit B of this License must be attached. + +Exhibit A - Source Code Form License Notice +------------------------------------------- + + This Source Code Form is subject to the terms of the Mozilla Public + License, v. 2.0. If a copy of the MPL was not distributed with this + file, You can obtain one at http://mozilla.org/MPL/2.0/. + +If it is not possible or desirable to put the notice in a particular +file, then You may include the notice in a location (such as a LICENSE +file in a relevant directory) where a recipient would be likely to look +for such a notice. + +You may add additional accurate notices of copyright ownership. + +Exhibit B - "Incompatible With Secondary Licenses" Notice +--------------------------------------------------------- + + This Source Code Form is "Incompatible With Secondary Licenses", as + defined by the Mozilla Public License, v. 2.0. diff --git a/vendor/github.com/joyent/triton-go/README.md b/vendor/github.com/joyent/triton-go/README.md new file mode 100644 index 000000000000..5dbd5de0f1ba --- /dev/null +++ b/vendor/github.com/joyent/triton-go/README.md @@ -0,0 +1,238 @@ +# triton-go + +`triton-go` is an idiomatic library exposing a client SDK for Go applications +using Joyent's Triton Compute and Storage (Manta) APIs. + +[![Build Status](https://travis-ci.org/joyent/triton-go.svg?branch=master)](https://travis-ci.org/joyent/triton-go) [![Go Report Card](https://goreportcard.com/badge/github.com/joyent/triton-go)](https://goreportcard.com/report/github.com/joyent/triton-go) + +## Usage + +Triton uses [HTTP Signature][4] to sign the Date header in each HTTP request +made to the Triton API. Currently, requests can be signed using either a private +key file loaded from disk (using an [`authentication.PrivateKeySigner`][5]), or +using a key stored with the local SSH Agent (using an [`SSHAgentSigner`][6]. + +To construct a Signer, use the `New*` range of methods in the `authentication` +package. In the case of `authentication.NewSSHAgentSigner`, the parameters are +the fingerprint of the key with which to sign, and the account name (normally +stored in the `TRITON_ACCOUNT` environment variable). There is also support for +passing in a username, this will allow you to use an account other than the main +Triton account. For example: + +```go +input := authentication.SSHAgentSignerInput{ + KeyID: "a4:c6:f3:75:80:27:e0:03:a9:98:79:ef:c5:0a:06:11", + AccountName: "AccountName", + Username: "Username", +} +sshKeySigner, err := authentication.NewSSHAgentSigner(input) +if err != nil { + log.Fatalf("NewSSHAgentSigner: %s", err) +} +``` + +An appropriate key fingerprint can be generated using `ssh-keygen`. + +``` +ssh-keygen -Emd5 -lf ~/.ssh/id_rsa.pub | cut -d " " -f 2 | sed 's/MD5://' +``` + +Each top level package, `account`, `compute`, `identity`, `network`, all have +their own seperate client. In order to initialize a package client, simply pass +the global `triton.ClientConfig` struct into the client's constructor function. + +```go +config := &triton.ClientConfig{ + TritonURL: os.Getenv("TRITON_URL"), + MantaURL: os.Getenv("MANTA_URL"), + AccountName: accountName, + Username: os.Getenv("TRITON_USER"), + Signers: []authentication.Signer{sshKeySigner}, +} + +c, err := compute.NewClient(config) +if err != nil { + log.Fatalf("compute.NewClient: %s", err) +} +``` + +Constructing `compute.Client` returns an interface which exposes `compute` API +resources. The same goes for all other packages. Reference their unique +documentation for more information. + +The same `triton.ClientConfig` will initialize the Manta `storage` client as +well... + +```go +c, err := storage.NewClient(config) +if err != nil { + log.Fatalf("storage.NewClient: %s", err) +} +``` + +## Error Handling + +If an error is returned by the HTTP API, the `error` returned from the function +will contain an instance of `compute.TritonError` in the chain. Error wrapping +is performed using the [errwrap][7] library from HashiCorp. + +## Acceptance Tests + +Acceptance Tests run directly against the Triton API, so you will need either a +local installation of Triton or an account with Joyent's Public Cloud offering +in order to run them. The tests create real resources (and thus cost real +money)! + +In order to run acceptance tests, the following environment variables must be +set: + +- `TRITON_TEST` - must be set to any value in order to indicate desire to create + resources +- `TRITON_URL` - the base endpoint for the Triton API +- `TRITON_ACCOUNT` - the account name for the Triton API +- `TRITON_KEY_ID` - the fingerprint of the SSH key identifying the key + +Additionally, you may set `TRITON_KEY_MATERIAL` to the contents of an unencrypted +private key. If this is set, the PrivateKeySigner (see above) will be used - if +not the SSHAgentSigner will be used. You can also set `TRITON_USER` to run the tests +against an account other than the main Triton account + +### Example Run + +The verbose output has been removed for brevity here. + +``` +$ HTTP_PROXY=http://localhost:8888 \ + TRITON_TEST=1 \ + TRITON_URL=https://us-sw-1.api.joyent.com \ + TRITON_ACCOUNT=AccountName \ + TRITON_KEY_ID=a4:c6:f3:75:80:27:e0:03:a9:98:79:ef:c5:0a:06:11 \ + go test -v -run "TestAccKey" +=== RUN TestAccKey_Create +--- PASS: TestAccKey_Create (12.46s) +=== RUN TestAccKey_Get +--- PASS: TestAccKey_Get (4.30s) +=== RUN TestAccKey_Delete +--- PASS: TestAccKey_Delete (15.08s) +PASS +ok github.com/joyent/triton-go 31.861s +``` + +## Example API + +There's an `examples/` directory available with sample code setup for many of +the APIs within this library. Most of these can be run using `go run` and +referencing your SSH key file use by your active `triton` CLI profile. + +```sh +$ eval "$(triton env us-sw-1)" +$ TRITON_KEY_FILE=~/.ssh/triton-id_rsa go run examples/compute/instances.go +``` + +The following is a complete example of how to initialize the `compute` package +client and list all instances under an account. More detailed usage of this +library follows. + +```go + + +package main + +import ( + "context" + "fmt" + "io/ioutil" + "log" + "os" + "time" + + triton "github.com/joyent/triton-go" + "github.com/joyent/triton-go/authentication" + "github.com/joyent/triton-go/compute" +) + +func main() { + keyID := os.Getenv("TRITON_KEY_ID") + accountName := os.Getenv("TRITON_ACCOUNT") + keyMaterial := os.Getenv("TRITON_KEY_MATERIAL") + userName := os.Getenv("TRITON_USER") + + var signer authentication.Signer + var err error + + if keyMaterial == "" { + input := authentication.SSHAgentSignerInput{ + KeyID: keyID, + AccountName: accountName, + Username: userName, + } + signer, err = authentication.NewSSHAgentSigner(input) + if err != nil { + log.Fatalf("Error Creating SSH Agent Signer: {{err}}", err) + } + } else { + var keyBytes []byte + if _, err = os.Stat(keyMaterial); err == nil { + keyBytes, err = ioutil.ReadFile(keyMaterial) + if err != nil { + log.Fatalf("Error reading key material from %s: %s", + keyMaterial, err) + } + block, _ := pem.Decode(keyBytes) + if block == nil { + log.Fatalf( + "Failed to read key material '%s': no key found", keyMaterial) + } + + if block.Headers["Proc-Type"] == "4,ENCRYPTED" { + log.Fatalf( + "Failed to read key '%s': password protected keys are\n"+ + "not currently supported. Please decrypt the key prior to use.", keyMaterial) + } + + } else { + keyBytes = []byte(keyMaterial) + } + + input := authentication.PrivateKeySignerInput{ + KeyID: keyID, + PrivateKeyMaterial: keyBytes, + AccountName: accountName, + Username: userName, + } + signer, err = authentication.NewPrivateKeySigner(input) + if err != nil { + log.Fatalf("Error Creating SSH Private Key Signer: {{err}}", err) + } + } + + config := &triton.ClientConfig{ + TritonURL: os.Getenv("TRITON_URL"), + AccountName: accountName, + Username: userName, + Signers: []authentication.Signer{signer}, + } + + c, err := compute.NewClient(config) + if err != nil { + log.Fatalf("compute.NewClient: %s", err) + } + + listInput := &compute.ListInstancesInput{} + instances, err := c.Instances().List(context.Background(), listInput) + if err != nil { + log.Fatalf("compute.Instances.List: %v", err) + } + numInstances := 0 + for _, instance := range instances { + numInstances++ + fmt.Println(fmt.Sprintf("-- Instance: %v", instance.Name)) + } +} + +``` + +[4]: https://github.com/joyent/node-http-signature/blob/master/http_signing.md +[5]: https://godoc.org/github.com/joyent/triton-go/authentication +[6]: https://godoc.org/github.com/joyent/triton-go/authentication +[7]: https://github.com/hashicorp/go-errwrap diff --git a/vendor/github.com/joyent/triton-go/authentication/dummy.go b/vendor/github.com/joyent/triton-go/authentication/dummy.go new file mode 100644 index 000000000000..797e0047b7f6 --- /dev/null +++ b/vendor/github.com/joyent/triton-go/authentication/dummy.go @@ -0,0 +1,80 @@ +// +// Copyright (c) 2018, Joyent, Inc. All rights reserved. +// +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. +// + +package authentication + +// DON'T USE THIS OUTSIDE TESTING ~ This key was only created to use for +// internal unit testing. It should never be used for acceptance testing either. +// +// This is just a randomly generated key pair. +var Dummy = struct { + Fingerprint string + PrivateKey []byte + PublicKey []byte + Signer Signer +}{ + "9f:d6:65:fc:d6:60:dc:d0:4e:db:2d:75:f7:92:8c:31", + []byte(`-----BEGIN RSA PRIVATE KEY----- +MIIJKAIBAAKCAgEAui9lNjCJahHeFSFC6HXi/CNX588C/L2gJUx65bnNphVC98hW +1wzoRvPXHx5aWnb7lEbpNhP6B0UoCBDTaPgt9hHfD/oNQ+6HT1QpDIGfZmXI91/t +cjGVSBbxN7WaYt/HsPrGjbalwvQPChN53sMVmFkMTEDR5G3zOBOAGrOimlCT80wI +2S5Xg0spd8jjKM5I1swDR0xtuDWnHTR1Ohin+pEQIE6glLTfYq7oQx6nmMXXBNmk ++SaPD1FAyjkF/81im2EHXBygNEwraVrDcAxK2mKlU2XMJiogQKNYWlm3UkbNB6WP +Le12+Ka02rmIVsSqIpc/ZCBraAlCaSWlYCkU+vJ2hH/+ypy5bXNlbaTiWZK+vuI7 +PC87T50yLNeXVuNZAynzDpBCvsjiiHrB/ZFRfVfF6PviV8CV+m7GTzfAwJhVeSbl +rR6nts16K0HTD48v57DU0b0t5VOvC7cWPShs+afdSL3Z8ReL5EWMgU1wfvtycRKe +hiDVGj3Ms2cf83RIANr387G+1LcTQYP7JJuB7Svy5j+R6+HjI0cgu4EMUPdWfCNG +GyrlxwJNtPmUSfasH1xUKpqr7dC+0sN4/gfJw75WTAYrATkPzexoYNaMsGDfhuoh +kYa3Tn2q1g3kqhsX/R0Fd5d8d5qc137qcRCxiZYz9f3bVkXQbhYmO9da3KsCAwEA +AQKCAgAeEAURqOinPddUJhi9nDtYZwSMo3piAORY4W5+pW+1P32esLSE6MqgmkLD +/YytSsT4fjKtzq/yeJIsKztXmasiLmSMGd4Gd/9VKcuu/0cTq5+1gcG/TI5EI6Az +VJlnGacOxo9E1pcRUYMUJ2zoMSvNe6NmtJivf6lkBpIKvbKlpBkfkclj9/2db4d0 +lfVH43cTZ8Gnw4l70v320z+Sb+S/qqil7swy9rmTH5bVL5/0JQ3A9LuUl0tGN+J0 +RJzZXvprCFG958leaGYiDsu7zeBQPtlfC/LYvriSd02O2SmmmVQFxg/GZK9vGsvc +/VQsXnjyOOW9bxaop8YXYELBsiB21ipTHzOwoqHT8wFnjgU9Y/7iZIv7YbZKQsCS +DrwdlZ/Yw90wiif+ldYryIVinWfytt6ERv4Dgezc98+1XPi1Z/WB74/lIaDXFl3M +3ypjtvLYbKew2IkIjeAwjvZJg/QpC/50RrrPtVDgeAI1Ni01ikixUhMYsHJ1kRih +0tqLvLqSPoHmr6luFlaoKdc2eBqb+8U6K/TrXhKtT7BeUFiSbvnVfdbrH9r+AY/2 +zYtG6llzkE5DH8ZR3Qp+dx7QEDtvYhGftWhx9uasd79AN7CuGYnL54YFLKGRrWKN +ylysqfUyOQYiitdWdNCw9PP2vGRx5JAsMMSy+ft18jjTJvNQ0QKCAQEA28M11EE6 +MpnHxfyP00Dl1+3wl2lRyNXZnZ4hgkk1f83EJGpoB2amiMTF8P1qJb7US1fXtf7l +gkJMMk6t6iccexV1/NBh/7tDZHH/v4HPirFTXQFizflaghD8dEADy9DY4BpQYFRe +8zGsv4/4U0txCXkUIfKcENt/FtXv2T9blJT6cDV0yTx9IAyd4Kor7Ly2FIYroSME +uqnOQt5PwB+2qkE+9hdg4xBhFs9sW5dvyBvQvlBfX/xOmMw2ygH6vsaJlNfZ5VPa +EP/wFP/qHyhDlCfbHdL6qF2//wUoM2QM9RgBdZNhcKU7zWuf7Ev199tmlLC5O14J +PkQxUGftMfmWxQKCAQEA2OLKD8dwOzpwGJiPQdBmGpwCamfcCY4nDwqEaCu4vY1R +OJR+rpYdC2hgl5PTXWH7qzJVdT/ZAz2xUQOgB1hD3Ltk7DQ+EZIA8+vJdaicQOme +vfpMPNDxCEX9ee0AXAmAC3aET82B4cMFnjXjl1WXLLTowF/Jp/hMorm6tl2m15A2 +oTyWlB/i/W/cxHl2HFWK7o8uCNoKpKJjheNYn+emEcH1bkwrk8sxQ78cBNmqe/gk +MLgu8qfXQ0LLKIL7wqmIUHeUpkepOod8uXcTmmN2X9saCIwFKx4Jal5hh5v5cy0G +MkyZcUIhhnmzr7lXbepauE5V2Sj5Qp040AfRVjZcrwKCAQANe8OwuzPL6P2F20Ij +zwaLIhEx6QdYkC5i6lHaAY3jwoc3SMQLODQdjh0q9RFvMW8rFD+q7fG89T5hk8w9 +4ppvvthXY52vqBixcAEmCdvnAYxA15XtV1BDTLGAnHDfL3gu/85QqryMpU6ZDkdJ +LQbJcwFWN+F1c1Iv335w0N9YlW9sNQtuUWTH8544K5i4VLfDOJwyrchbf5GlLqir +/AYkGg634KVUKSwbzywxzm/QUkyTcLD5Xayg2V6/NDHjRKEqXbgDxwpJIrrjPvRp +ZvoGfA+Im+o/LElcZz+ZL5lP7GIiiaFf3PN3XhQY1mxIAdEgbFthFhrxFBQGf+ng +uBSVAoIBAHl12K8pg8LHoUtE9MVoziWMxRWOAH4ha+JSg4BLK/SLlbbYAnIHg1CG +LcH1eWNMokJnt9An54KXJBw4qYAzgB23nHdjcncoivwPSg1oVclMjCfcaqGMac+2 +UpPblF32vAyvXL3MWzZxn03Q5Bo2Rqk0zzwc6LP2rARdeyDyJaOHEfEOG03s5ZQE +91/YnbqUdW/QI3m1kkxM3Ot4PIOgmTJMqwQQCD+GhZppBmn49C7k8m+OVkxyjm0O +lPOlFxUXGE3oCgltDGrIwaKj+wh1Ny/LZjLvJ13UPnWhUYE+al6EEnpMx4nT/S5w +LZ71bu8RVajtxcoN1jnmDpECL8vWOeUCggEBAIEuKoY7pVHfs5gr5dXfQeVZEtqy +LnSdsd37/aqQZRlUpVmBrPNl1JBLiEVhk2SL3XJIDU4Er7f0idhtYLY3eE7wqZ4d +38Iaj5tv3zBc/wb1bImPgOgXCH7QrrbW7uTiYMLScuUbMR4uSpfubLaV8Zc9WHT8 +kTJ2pKKtA1GPJ4V7HCIxuTjD2iyOK1CRkaqSC+5VUuq5gHf92CEstv9AIvvy5cWg +gnfBQoS89m3aO035henSfRFKVJkHaEoasj8hB3pwl9FGZUJp1c2JxiKzONqZhyGa +6tcIAM3od0QtAfDJ89tWJ5D31W8KNNysobFSQxZ62WgLUUtXrkN1LGodxGQ= +-----END RSA PRIVATE KEY-----`), + []byte(`ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6L2U2MIlqEd4VIULodeL8I1fnzwL8vaAlTHrluc2mFUL3yFbXDOhG89cfHlpadvuURuk2E/oHRSgIENNo+C32Ed8P+g1D7odPVCkMgZ9mZcj3X+1yMZVIFvE3tZpi38ew+saNtqXC9A8KE3newxWYWQxMQNHkbfM4E4Aas6KaUJPzTAjZLleDSyl3yOMozkjWzANHTG24NacdNHU6GKf6kRAgTqCUtN9iruhDHqeYxdcE2aT5Jo8PUUDKOQX/zWKbYQdcHKA0TCtpWsNwDEraYqVTZcwmKiBAo1haWbdSRs0HpY8t7Xb4prTauYhWxKoilz9kIGtoCUJpJaVgKRT68naEf/7KnLltc2VtpOJZkr6+4js8LztPnTIs15dW41kDKfMOkEK+yOKIesH9kVF9V8Xo++JXwJX6bsZPN8DAmFV5JuWtHqe2zXorQdMPjy/nsNTRvS3lU68LtxY9KGz5p91IvdnxF4vkRYyBTXB++3JxEp6GINUaPcyzZx/zdEgA2vfzsb7UtxNBg/skm4HtK/LmP5Hr4eMjRyC7gQxQ91Z8I0YbKuXHAk20+ZRJ9qwfXFQqmqvt0L7Sw3j+B8nDvlZMBisBOQ/N7Ghg1oywYN+G6iGRhrdOfarWDeSqGxf9HQV3l3x3mpzXfupxELGJljP1/dtWRdBuFiY711rcqw== test-dummy-20171002140848`), + nil, +} + +func init() { + testSigner, _ := NewTestSigner() + Dummy.Signer = testSigner +} diff --git a/vendor/github.com/joyent/triton-go/authentication/ecdsa_signature.go b/vendor/github.com/joyent/triton-go/authentication/ecdsa_signature.go new file mode 100644 index 000000000000..7fb5a5ab882c --- /dev/null +++ b/vendor/github.com/joyent/triton-go/authentication/ecdsa_signature.go @@ -0,0 +1,74 @@ +// +// Copyright (c) 2018, Joyent, Inc. All rights reserved. +// +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. +// + +package authentication + +import ( + "encoding/asn1" + "encoding/base64" + "fmt" + "math/big" + + "github.com/pkg/errors" + "golang.org/x/crypto/ssh" +) + +type ecdsaSignature struct { + hashAlgorithm string + R *big.Int + S *big.Int +} + +func (s *ecdsaSignature) SignatureType() string { + return fmt.Sprintf("ecdsa-%s", s.hashAlgorithm) +} + +func (s *ecdsaSignature) String() string { + toEncode := struct { + R *big.Int + S *big.Int + }{ + R: s.R, + S: s.S, + } + + signatureBytes, err := asn1.Marshal(toEncode) + if err != nil { + panic(fmt.Sprintf("Error marshaling signature: %s", err)) + } + + return base64.StdEncoding.EncodeToString(signatureBytes) +} + +func newECDSASignature(signatureBlob []byte) (*ecdsaSignature, error) { + var ecSig struct { + R *big.Int + S *big.Int + } + + if err := ssh.Unmarshal(signatureBlob, &ecSig); err != nil { + return nil, errors.Wrap(err, "unable to unmarshall signature") + } + + rValue := ecSig.R.Bytes() + var hashAlgorithm string + switch len(rValue) { + case 31, 32: + hashAlgorithm = "sha256" + case 65, 66: + hashAlgorithm = "sha512" + default: + return nil, fmt.Errorf("Unsupported key length: %d", len(rValue)) + } + + return &ecdsaSignature{ + hashAlgorithm: hashAlgorithm, + R: ecSig.R, + S: ecSig.S, + }, nil +} diff --git a/vendor/github.com/joyent/triton-go/authentication/private_key_signer.go b/vendor/github.com/joyent/triton-go/authentication/private_key_signer.go new file mode 100644 index 000000000000..6e5a67331e5c --- /dev/null +++ b/vendor/github.com/joyent/triton-go/authentication/private_key_signer.go @@ -0,0 +1,132 @@ +// +// Copyright (c) 2018, Joyent, Inc. All rights reserved. +// +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. +// + +package authentication + +import ( + "crypto" + "crypto/rand" + "crypto/rsa" + "crypto/x509" + "encoding/base64" + "encoding/pem" + "fmt" + "path" + "strings" + + "github.com/pkg/errors" + "golang.org/x/crypto/ssh" +) + +type PrivateKeySigner struct { + formattedKeyFingerprint string + keyFingerprint string + algorithm string + accountName string + userName string + hashFunc crypto.Hash + + privateKey *rsa.PrivateKey +} + +type PrivateKeySignerInput struct { + KeyID string + PrivateKeyMaterial []byte + AccountName string + Username string +} + +func NewPrivateKeySigner(input PrivateKeySignerInput) (*PrivateKeySigner, error) { + keyFingerprintMD5 := strings.Replace(input.KeyID, ":", "", -1) + + block, _ := pem.Decode(input.PrivateKeyMaterial) + if block == nil { + return nil, errors.New("Error PEM-decoding private key material: nil block received") + } + + rsakey, err := x509.ParsePKCS1PrivateKey(block.Bytes) + if err != nil { + return nil, errors.Wrap(err, "unable to parse private key") + } + + sshPublicKey, err := ssh.NewPublicKey(rsakey.Public()) + if err != nil { + return nil, errors.Wrap(err, "unable to parse SSH key from private key") + } + + matchKeyFingerprint := formatPublicKeyFingerprint(sshPublicKey, false) + displayKeyFingerprint := formatPublicKeyFingerprint(sshPublicKey, true) + if matchKeyFingerprint != keyFingerprintMD5 { + return nil, errors.New("Private key file does not match public key fingerprint") + } + + signer := &PrivateKeySigner{ + formattedKeyFingerprint: displayKeyFingerprint, + keyFingerprint: input.KeyID, + accountName: input.AccountName, + + hashFunc: crypto.SHA1, + privateKey: rsakey, + } + + if input.Username != "" { + signer.userName = input.Username + } + + _, algorithm, err := signer.SignRaw("HelloWorld") + if err != nil { + return nil, fmt.Errorf("Cannot sign using ssh agent: %s", err) + } + signer.algorithm = algorithm + + return signer, nil +} + +func (s *PrivateKeySigner) Sign(dateHeader string) (string, error) { + const headerName = "date" + + hash := s.hashFunc.New() + hash.Write([]byte(fmt.Sprintf("%s: %s", headerName, dateHeader))) + digest := hash.Sum(nil) + + signed, err := rsa.SignPKCS1v15(rand.Reader, s.privateKey, s.hashFunc, digest) + if err != nil { + return "", errors.Wrap(err, "unable to sign date header") + } + signedBase64 := base64.StdEncoding.EncodeToString(signed) + + var keyID string + if s.userName != "" { + + keyID = path.Join("/", s.accountName, "users", s.userName, "keys", s.formattedKeyFingerprint) + } else { + keyID = path.Join("/", s.accountName, "keys", s.formattedKeyFingerprint) + } + return fmt.Sprintf(authorizationHeaderFormat, keyID, "rsa-sha1", headerName, signedBase64), nil +} + +func (s *PrivateKeySigner) SignRaw(toSign string) (string, string, error) { + hash := s.hashFunc.New() + hash.Write([]byte(toSign)) + digest := hash.Sum(nil) + + signed, err := rsa.SignPKCS1v15(rand.Reader, s.privateKey, s.hashFunc, digest) + if err != nil { + return "", "", errors.Wrap(err, "unable to sign date header") + } + signedBase64 := base64.StdEncoding.EncodeToString(signed) + return signedBase64, "rsa-sha1", nil +} + +func (s *PrivateKeySigner) KeyFingerprint() string { + return s.formattedKeyFingerprint +} + +func (s *PrivateKeySigner) DefaultAlgorithm() string { + return s.algorithm +} diff --git a/vendor/github.com/joyent/triton-go/authentication/rsa_signature.go b/vendor/github.com/joyent/triton-go/authentication/rsa_signature.go new file mode 100644 index 000000000000..81b735eb1991 --- /dev/null +++ b/vendor/github.com/joyent/triton-go/authentication/rsa_signature.go @@ -0,0 +1,33 @@ +// +// Copyright (c) 2018, Joyent, Inc. All rights reserved. +// +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. +// + +package authentication + +import ( + "encoding/base64" +) + +type rsaSignature struct { + hashAlgorithm string + signature []byte +} + +func (s *rsaSignature) SignatureType() string { + return s.hashAlgorithm +} + +func (s *rsaSignature) String() string { + return base64.StdEncoding.EncodeToString(s.signature) +} + +func newRSASignature(signatureBlob []byte) (*rsaSignature, error) { + return &rsaSignature{ + hashAlgorithm: "rsa-sha1", + signature: signatureBlob, + }, nil +} diff --git a/vendor/github.com/joyent/triton-go/authentication/signature.go b/vendor/github.com/joyent/triton-go/authentication/signature.go new file mode 100644 index 000000000000..8cc18d964818 --- /dev/null +++ b/vendor/github.com/joyent/triton-go/authentication/signature.go @@ -0,0 +1,35 @@ +// +// Copyright (c) 2018, Joyent, Inc. All rights reserved. +// +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. +// + +package authentication + +import ( + "fmt" + "regexp" +) + +type httpAuthSignature interface { + SignatureType() string + String() string +} + +func keyFormatToKeyType(keyFormat string) (string, error) { + if keyFormat == "ssh-rsa" { + return "rsa", nil + } + + if keyFormat == "ssh-ed25519" { + return "ed25519", nil + } + + if regexp.MustCompile("^ecdsa-sha2-*").Match([]byte(keyFormat)) { + return "ecdsa", nil + } + + return "", fmt.Errorf("Unknown key format: %s", keyFormat) +} diff --git a/vendor/github.com/joyent/triton-go/authentication/signer.go b/vendor/github.com/joyent/triton-go/authentication/signer.go new file mode 100644 index 000000000000..f1e114194f6f --- /dev/null +++ b/vendor/github.com/joyent/triton-go/authentication/signer.go @@ -0,0 +1,18 @@ +// +// Copyright (c) 2018, Joyent, Inc. All rights reserved. +// +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. +// + +package authentication + +const authorizationHeaderFormat = `Signature keyId="%s",algorithm="%s",headers="%s",signature="%s"` + +type Signer interface { + DefaultAlgorithm() string + KeyFingerprint() string + Sign(dateHeader string) (string, error) + SignRaw(toSign string) (string, string, error) +} diff --git a/vendor/github.com/joyent/triton-go/authentication/ssh_agent_signer.go b/vendor/github.com/joyent/triton-go/authentication/ssh_agent_signer.go new file mode 100644 index 000000000000..304e7fb3b08b --- /dev/null +++ b/vendor/github.com/joyent/triton-go/authentication/ssh_agent_signer.go @@ -0,0 +1,190 @@ +// +// Copyright (c) 2018, Joyent, Inc. All rights reserved. +// +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. +// + +package authentication + +import ( + "crypto/md5" + "crypto/sha256" + "encoding/base64" + "fmt" + "net" + "os" + "path" + "strings" + + pkgerrors "github.com/pkg/errors" + "golang.org/x/crypto/ssh" + "golang.org/x/crypto/ssh/agent" +) + +var ( + ErrUnsetEnvVar = pkgerrors.New("environment variable SSH_AUTH_SOCK not set") +) + +type SSHAgentSigner struct { + formattedKeyFingerprint string + keyFingerprint string + algorithm string + accountName string + userName string + keyIdentifier string + + agent agent.Agent + key ssh.PublicKey +} + +type SSHAgentSignerInput struct { + KeyID string + AccountName string + Username string +} + +func NewSSHAgentSigner(input SSHAgentSignerInput) (*SSHAgentSigner, error) { + sshAgentAddress, agentOk := os.LookupEnv("SSH_AUTH_SOCK") + if !agentOk { + return nil, ErrUnsetEnvVar + } + + conn, err := net.Dial("unix", sshAgentAddress) + if err != nil { + return nil, pkgerrors.Wrap(err, "unable to dial SSH agent") + } + + ag := agent.NewClient(conn) + + signer := &SSHAgentSigner{ + keyFingerprint: input.KeyID, + accountName: input.AccountName, + agent: ag, + } + + matchingKey, err := signer.MatchKey() + if err != nil { + return nil, err + } + signer.key = matchingKey + signer.formattedKeyFingerprint = formatPublicKeyFingerprint(signer.key, true) + if input.Username != "" { + signer.userName = input.Username + signer.keyIdentifier = path.Join("/", signer.accountName, "users", input.Username, "keys", signer.formattedKeyFingerprint) + } else { + signer.keyIdentifier = path.Join("/", signer.accountName, "keys", signer.formattedKeyFingerprint) + } + + _, algorithm, err := signer.SignRaw("HelloWorld") + if err != nil { + return nil, fmt.Errorf("Cannot sign using ssh agent: %s", err) + } + signer.algorithm = algorithm + + return signer, nil +} + +func (s *SSHAgentSigner) MatchKey() (ssh.PublicKey, error) { + keys, err := s.agent.List() + if err != nil { + return nil, pkgerrors.Wrap(err, "unable to list keys in SSH Agent") + } + + keyFingerprintStripped := strings.TrimPrefix(s.keyFingerprint, "MD5:") + keyFingerprintStripped = strings.TrimPrefix(keyFingerprintStripped, "SHA256:") + keyFingerprintStripped = strings.Replace(keyFingerprintStripped, ":", "", -1) + + var matchingKey ssh.PublicKey + for _, key := range keys { + keyMD5 := md5.New() + keyMD5.Write(key.Marshal()) + finalizedMD5 := fmt.Sprintf("%x", keyMD5.Sum(nil)) + + keySHA256 := sha256.New() + keySHA256.Write(key.Marshal()) + finalizedSHA256 := base64.RawStdEncoding.EncodeToString(keySHA256.Sum(nil)) + + if keyFingerprintStripped == finalizedMD5 || keyFingerprintStripped == finalizedSHA256 { + matchingKey = key + } + } + + if matchingKey == nil { + return nil, fmt.Errorf("No key in the SSH Agent matches fingerprint: %s", s.keyFingerprint) + } + + return matchingKey, nil +} + +func (s *SSHAgentSigner) Sign(dateHeader string) (string, error) { + const headerName = "date" + + signature, err := s.agent.Sign(s.key, []byte(fmt.Sprintf("%s: %s", headerName, dateHeader))) + if err != nil { + return "", pkgerrors.Wrap(err, "unable to sign date header") + } + + keyFormat, err := keyFormatToKeyType(signature.Format) + if err != nil { + return "", pkgerrors.Wrap(err, "unable to format signature") + } + + var authSignature httpAuthSignature + switch keyFormat { + case "rsa": + authSignature, err = newRSASignature(signature.Blob) + if err != nil { + return "", pkgerrors.Wrap(err, "unable to read RSA signature") + } + case "ecdsa": + authSignature, err = newECDSASignature(signature.Blob) + if err != nil { + return "", pkgerrors.Wrap(err, "unable to read ECDSA signature") + } + default: + return "", fmt.Errorf("Unsupported algorithm from SSH agent: %s", signature.Format) + } + + return fmt.Sprintf(authorizationHeaderFormat, s.keyIdentifier, + authSignature.SignatureType(), headerName, authSignature.String()), nil +} + +func (s *SSHAgentSigner) SignRaw(toSign string) (string, string, error) { + signature, err := s.agent.Sign(s.key, []byte(toSign)) + if err != nil { + return "", "", pkgerrors.Wrap(err, "unable to sign string") + } + + keyFormat, err := keyFormatToKeyType(signature.Format) + if err != nil { + return "", "", pkgerrors.Wrap(err, "unable to format key") + } + + var authSignature httpAuthSignature + switch keyFormat { + case "rsa": + authSignature, err = newRSASignature(signature.Blob) + if err != nil { + return "", "", pkgerrors.Wrap(err, "unable to read RSA signature") + } + case "ecdsa": + authSignature, err = newECDSASignature(signature.Blob) + if err != nil { + return "", "", pkgerrors.Wrap(err, "unable to read ECDSA signature") + } + default: + return "", "", fmt.Errorf("Unsupported algorithm from SSH agent: %s", signature.Format) + } + + return authSignature.String(), authSignature.SignatureType(), nil +} + +func (s *SSHAgentSigner) KeyFingerprint() string { + return s.formattedKeyFingerprint +} + +func (s *SSHAgentSigner) DefaultAlgorithm() string { + return s.algorithm +} diff --git a/vendor/github.com/joyent/triton-go/authentication/test_signer.go b/vendor/github.com/joyent/triton-go/authentication/test_signer.go new file mode 100644 index 000000000000..4ccfd3847513 --- /dev/null +++ b/vendor/github.com/joyent/triton-go/authentication/test_signer.go @@ -0,0 +1,35 @@ +// +// Copyright (c) 2018, Joyent, Inc. All rights reserved. +// +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. +// + +package authentication + +// TestSigner represents an authentication key signer which we can use for +// testing purposes only. This will largely be a stub to send through client +// unit tests. +type TestSigner struct{} + +// NewTestSigner constructs a new instance of test signer +func NewTestSigner() (Signer, error) { + return &TestSigner{}, nil +} + +func (s *TestSigner) DefaultAlgorithm() string { + return "" +} + +func (s *TestSigner) KeyFingerprint() string { + return "" +} + +func (s *TestSigner) Sign(dateHeader string) (string, error) { + return "", nil +} + +func (s *TestSigner) SignRaw(toSign string) (string, string, error) { + return "", "", nil +} diff --git a/vendor/github.com/joyent/triton-go/authentication/util.go b/vendor/github.com/joyent/triton-go/authentication/util.go new file mode 100644 index 000000000000..95918439f6d1 --- /dev/null +++ b/vendor/github.com/joyent/triton-go/authentication/util.go @@ -0,0 +1,37 @@ +// +// Copyright (c) 2018, Joyent, Inc. All rights reserved. +// +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. +// + +package authentication + +import ( + "crypto/md5" + "fmt" + "strings" + + "golang.org/x/crypto/ssh" +) + +// formatPublicKeyFingerprint produces the MD5 fingerprint of the given SSH +// public key. If display is true, the fingerprint is formatted with colons +// between each byte, as per the output of OpenSSL. +func formatPublicKeyFingerprint(key ssh.PublicKey, display bool) string { + publicKeyFingerprint := md5.New() + publicKeyFingerprint.Write(key.Marshal()) + publicKeyFingerprintString := fmt.Sprintf("%x", publicKeyFingerprint.Sum(nil)) + + if !display { + return publicKeyFingerprintString + } + + formatted := "" + for i := 0; i < len(publicKeyFingerprintString); i = i + 2 { + formatted = fmt.Sprintf("%s%s:", formatted, publicKeyFingerprintString[i:i+2]) + } + + return strings.TrimSuffix(formatted, ":") +} diff --git a/vendor/github.com/joyent/triton-go/client/client.go b/vendor/github.com/joyent/triton-go/client/client.go new file mode 100644 index 000000000000..0d8bc8931fbf --- /dev/null +++ b/vendor/github.com/joyent/triton-go/client/client.go @@ -0,0 +1,444 @@ +// +// Copyright (c) 2018, Joyent, Inc. All rights reserved. +// +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. +// + +package client + +import ( + "bytes" + "context" + "crypto/tls" + "encoding/json" + "fmt" + "io" + "net" + "net/http" + "net/url" + "os" + "time" + + "github.com/joyent/triton-go" + "github.com/joyent/triton-go/authentication" + "github.com/joyent/triton-go/errors" + pkgerrors "github.com/pkg/errors" +) + +const nilContext = "nil context" + +var ( + ErrDefaultAuth = pkgerrors.New("default SSH agent authentication requires SDC_KEY_ID / TRITON_KEY_ID and SSH_AUTH_SOCK") + ErrAccountName = pkgerrors.New("missing account name") + ErrMissingURL = pkgerrors.New("missing API URL") + + InvalidTritonURL = "invalid format of Triton URL" + InvalidMantaURL = "invalid format of Manta URL" +) + +// Client represents a connection to the Triton Compute or Object Storage APIs. +type Client struct { + HTTPClient *http.Client + Authorizers []authentication.Signer + TritonURL url.URL + MantaURL url.URL + AccountName string + Username string +} + +// New is used to construct a Client in order to make API +// requests to the Triton API. +// +// At least one signer must be provided - example signers include +// authentication.PrivateKeySigner and authentication.SSHAgentSigner. +func New(tritonURL string, mantaURL string, accountName string, signers ...authentication.Signer) (*Client, error) { + if accountName == "" { + return nil, ErrAccountName + } + + if tritonURL == "" && mantaURL == "" { + return nil, ErrMissingURL + } + + cloudURL, err := url.Parse(tritonURL) + if err != nil { + return nil, pkgerrors.Wrapf(err, InvalidTritonURL) + } + + storageURL, err := url.Parse(mantaURL) + if err != nil { + return nil, pkgerrors.Wrapf(err, InvalidMantaURL) + } + + authorizers := make([]authentication.Signer, 0) + for _, key := range signers { + if key != nil { + authorizers = append(authorizers, key) + } + } + + newClient := &Client{ + HTTPClient: &http.Client{ + Transport: httpTransport(false), + CheckRedirect: doNotFollowRedirects, + }, + Authorizers: authorizers, + TritonURL: *cloudURL, + MantaURL: *storageURL, + AccountName: accountName, + } + + // Default to constructing an SSHAgentSigner if there are no other signers + // passed into NewClient and there's an TRITON_KEY_ID and SSH_AUTH_SOCK + // available in the user's environ(7). + if len(newClient.Authorizers) == 0 { + if err := newClient.DefaultAuth(); err != nil { + return nil, err + } + } + + return newClient, nil +} + +var envPrefixes = []string{"TRITON", "SDC"} + +// GetTritonEnv looks up environment variables using the preferred "TRITON" +// prefix, but falls back to the SDC prefix. For example, looking up "USER" +// will search for "TRITON_USER" followed by "SDC_USER". If the environment +// variable is not set, an empty string is returned. GetTritonEnv() is used to +// aid in the transition and deprecation of the SDC_* environment variables. +func GetTritonEnv(name string) string { + for _, prefix := range envPrefixes { + if val, found := os.LookupEnv(prefix + "_" + name); found { + return val + } + } + + return "" +} + +// initDefaultAuth provides a default key signer for a client. This should only +// be used internally if the client has no other key signer for authenticating +// with Triton. We first look for both `SDC_KEY_ID` and `SSH_AUTH_SOCK` in the +// user's environ(7). If so we default to the SSH agent key signer. +func (c *Client) DefaultAuth() error { + tritonKeyId := GetTritonEnv("KEY_ID") + if tritonKeyId != "" { + input := authentication.SSHAgentSignerInput{ + KeyID: tritonKeyId, + AccountName: c.AccountName, + Username: c.Username, + } + defaultSigner, err := authentication.NewSSHAgentSigner(input) + if err != nil { + return pkgerrors.Wrapf(err, "unable to initialize NewSSHAgentSigner") + } + c.Authorizers = append(c.Authorizers, defaultSigner) + } + + return ErrDefaultAuth +} + +// InsecureSkipTLSVerify turns off TLS verification for the client connection. This +// allows connection to an endpoint with a certificate which was signed by a non- +// trusted CA, such as self-signed certificates. This can be useful when connecting +// to temporary Triton installations such as Triton Cloud-On-A-Laptop. +func (c *Client) InsecureSkipTLSVerify() { + if c.HTTPClient == nil { + return + } + + c.HTTPClient.Transport = httpTransport(true) +} + +func httpTransport(insecureSkipTLSVerify bool) *http.Transport { + return &http.Transport{ + Proxy: http.ProxyFromEnvironment, + Dial: (&net.Dialer{ + Timeout: 30 * time.Second, + KeepAlive: 30 * time.Second, + }).Dial, + TLSHandshakeTimeout: 10 * time.Second, + MaxIdleConns: 10, + IdleConnTimeout: 15 * time.Second, + TLSClientConfig: &tls.Config{ + InsecureSkipVerify: insecureSkipTLSVerify, + }, + } +} + +func doNotFollowRedirects(*http.Request, []*http.Request) error { + return http.ErrUseLastResponse +} + +func (c *Client) DecodeError(resp *http.Response, requestMethod string) error { + err := &errors.APIError{ + StatusCode: resp.StatusCode, + } + + if requestMethod != http.MethodHead && resp.Body != nil { + errorDecoder := json.NewDecoder(resp.Body) + if err := errorDecoder.Decode(err); err != nil { + return pkgerrors.Wrapf(err, "unable to decode error response") + } + } + + if err.Message == "" { + err.Message = fmt.Sprintf("HTTP response returned status code %d", err.StatusCode) + } + + return err +} + +// ----------------------------------------------------------------------------- + +type RequestInput struct { + Method string + Path string + Query *url.Values + Headers *http.Header + Body interface{} +} + +func (c *Client) ExecuteRequestURIParams(ctx context.Context, inputs RequestInput) (io.ReadCloser, error) { + method := inputs.Method + path := inputs.Path + body := inputs.Body + query := inputs.Query + + var requestBody io.Reader + if body != nil { + marshaled, err := json.MarshalIndent(body, "", " ") + if err != nil { + return nil, err + } + requestBody = bytes.NewReader(marshaled) + } + + endpoint := c.TritonURL + endpoint.Path = path + if query != nil { + endpoint.RawQuery = query.Encode() + } + + req, err := http.NewRequest(method, endpoint.String(), requestBody) + if err != nil { + return nil, pkgerrors.Wrapf(err, "unable to construct HTTP request") + } + + dateHeader := time.Now().UTC().Format(time.RFC1123) + req.Header.Set("date", dateHeader) + + // NewClient ensures there's always an authorizer (unless this is called + // outside that constructor). + authHeader, err := c.Authorizers[0].Sign(dateHeader) + if err != nil { + return nil, pkgerrors.Wrapf(err, "unable to sign HTTP request") + } + req.Header.Set("Authorization", authHeader) + req.Header.Set("Accept", "application/json") + req.Header.Set("Accept-Version", triton.CloudAPIMajorVersion) + req.Header.Set("User-Agent", triton.UserAgent()) + + if body != nil { + req.Header.Set("Content-Type", "application/json") + } + + resp, err := c.HTTPClient.Do(req.WithContext(ctx)) + if err != nil { + return nil, pkgerrors.Wrapf(err, "unable to execute HTTP request") + } + + // We will only return a response from the API it is in the HTTP StatusCode 2xx range + // StatusMultipleChoices is StatusCode 300 + if resp.StatusCode >= http.StatusOK && resp.StatusCode < http.StatusMultipleChoices { + return resp.Body, nil + } + + return nil, c.DecodeError(resp, req.Method) +} + +func (c *Client) ExecuteRequest(ctx context.Context, inputs RequestInput) (io.ReadCloser, error) { + return c.ExecuteRequestURIParams(ctx, inputs) +} + +func (c *Client) ExecuteRequestRaw(ctx context.Context, inputs RequestInput) (*http.Response, error) { + method := inputs.Method + path := inputs.Path + body := inputs.Body + + var requestBody io.Reader + if body != nil { + marshaled, err := json.MarshalIndent(body, "", " ") + if err != nil { + return nil, err + } + requestBody = bytes.NewReader(marshaled) + } + + endpoint := c.TritonURL + endpoint.Path = path + + req, err := http.NewRequest(method, endpoint.String(), requestBody) + if err != nil { + return nil, pkgerrors.Wrapf(err, "unable to construct HTTP request") + } + + dateHeader := time.Now().UTC().Format(time.RFC1123) + req.Header.Set("date", dateHeader) + + // NewClient ensures there's always an authorizer (unless this is called + // outside that constructor). + authHeader, err := c.Authorizers[0].Sign(dateHeader) + if err != nil { + return nil, pkgerrors.Wrapf(err, "unable to sign HTTP request") + } + req.Header.Set("Authorization", authHeader) + req.Header.Set("Accept", "application/json") + req.Header.Set("Accept-Version", triton.CloudAPIMajorVersion) + req.Header.Set("User-Agent", triton.UserAgent()) + + if body != nil { + req.Header.Set("Content-Type", "application/json") + } + + resp, err := c.HTTPClient.Do(req.WithContext(ctx)) + if err != nil { + return nil, pkgerrors.Wrapf(err, "unable to execute HTTP request") + } + + // We will only return a response from the API it is in the HTTP StatusCode 2xx range + // StatusMultipleChoices is StatusCode 300 + if resp.StatusCode >= http.StatusOK && resp.StatusCode < http.StatusMultipleChoices { + return resp, nil + } + + return nil, c.DecodeError(resp, req.Method) +} + +func (c *Client) ExecuteRequestStorage(ctx context.Context, inputs RequestInput) (io.ReadCloser, http.Header, error) { + method := inputs.Method + path := inputs.Path + query := inputs.Query + headers := inputs.Headers + body := inputs.Body + + endpoint := c.MantaURL + endpoint.Path = path + + var requestBody io.Reader + if body != nil { + marshaled, err := json.MarshalIndent(body, "", " ") + if err != nil { + return nil, nil, err + } + requestBody = bytes.NewReader(marshaled) + } + + req, err := http.NewRequest(method, endpoint.String(), requestBody) + if err != nil { + return nil, nil, pkgerrors.Wrapf(err, "unable to construct HTTP request") + } + + if body != nil && (headers == nil || headers.Get("Content-Type") == "") { + req.Header.Set("Content-Type", "application/json") + } + if headers != nil { + for key, values := range *headers { + for _, value := range values { + req.Header.Set(key, value) + } + } + } + + dateHeader := time.Now().UTC().Format(time.RFC1123) + req.Header.Set("date", dateHeader) + + authHeader, err := c.Authorizers[0].Sign(dateHeader) + if err != nil { + return nil, nil, pkgerrors.Wrapf(err, "unable to sign HTTP request") + } + req.Header.Set("Authorization", authHeader) + req.Header.Set("Accept", "*/*") + req.Header.Set("User-Agent", triton.UserAgent()) + + if query != nil { + req.URL.RawQuery = query.Encode() + } + + resp, err := c.HTTPClient.Do(req.WithContext(ctx)) + if err != nil { + return nil, nil, pkgerrors.Wrapf(err, "unable to execute HTTP request") + } + + // We will only return a response from the API it is in the HTTP StatusCode 2xx range + // StatusMultipleChoices is StatusCode 300 + if resp.StatusCode >= http.StatusOK && resp.StatusCode < http.StatusMultipleChoices { + return resp.Body, resp.Header, nil + } + + return nil, nil, c.DecodeError(resp, req.Method) +} + +type RequestNoEncodeInput struct { + Method string + Path string + Query *url.Values + Headers *http.Header + Body io.Reader +} + +func (c *Client) ExecuteRequestNoEncode(ctx context.Context, inputs RequestNoEncodeInput) (io.ReadCloser, http.Header, error) { + method := inputs.Method + path := inputs.Path + query := inputs.Query + headers := inputs.Headers + body := inputs.Body + + endpoint := c.MantaURL + endpoint.Path = path + + req, err := http.NewRequest(method, endpoint.String(), body) + if err != nil { + return nil, nil, pkgerrors.Wrapf(err, "unable to construct HTTP request") + } + + if headers != nil { + for key, values := range *headers { + for _, value := range values { + req.Header.Set(key, value) + } + } + } + + dateHeader := time.Now().UTC().Format(time.RFC1123) + req.Header.Set("date", dateHeader) + + authHeader, err := c.Authorizers[0].Sign(dateHeader) + if err != nil { + return nil, nil, pkgerrors.Wrapf(err, "unable to sign HTTP request") + } + req.Header.Set("Authorization", authHeader) + req.Header.Set("Accept", "*/*") + req.Header.Set("Accept-Version", triton.CloudAPIMajorVersion) + req.Header.Set("User-Agent", triton.UserAgent()) + + if query != nil { + req.URL.RawQuery = query.Encode() + } + + resp, err := c.HTTPClient.Do(req.WithContext(ctx)) + if err != nil { + return nil, nil, pkgerrors.Wrapf(err, "unable to execute HTTP request") + } + + // We will only return a response from the API it is in the HTTP StatusCode 2xx range + // StatusMultipleChoices is StatusCode 300 + if resp.StatusCode >= http.StatusOK && resp.StatusCode < http.StatusMultipleChoices { + return resp.Body, resp.Header, nil + } + + return nil, nil, c.DecodeError(resp, req.Method) +} diff --git a/vendor/github.com/joyent/triton-go/errors/errors.go b/vendor/github.com/joyent/triton-go/errors/errors.go new file mode 100644 index 000000000000..8f2719738f24 --- /dev/null +++ b/vendor/github.com/joyent/triton-go/errors/errors.go @@ -0,0 +1,297 @@ +// +// Copyright (c) 2018, Joyent, Inc. All rights reserved. +// +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. +// + +package errors + +import ( + "fmt" + "net/http" + "strings" + + "github.com/pkg/errors" +) + +// APIError represents an error code and message along with +// the status code of the HTTP request which resulted in the error +// message. Error codes used by the Triton API are listed at +// https://apidocs.joyent.com/cloudapi/#cloudapi-http-responses +// Error codes used by the Manta API are listed at +// https://apidocs.joyent.com/manta/api.html#errors +type APIError struct { + StatusCode int + Code string `json:"code"` + Message string `json:"message"` +} + +// Error implements interface Error on the APIError type. +func (e APIError) Error() string { + return strings.Trim(fmt.Sprintf("%+q", e.Code), `"`) + ": " + strings.Trim(fmt.Sprintf("%+q", e.Message), `"`) +} + +// ClientError represents an error code and message returned +// when connecting to the triton-go client +type ClientError struct { + StatusCode int + Code string `json:"code"` + Message string `json:"message"` +} + +// Error implements interface Error on the ClientError type. +func (e ClientError) Error() string { + return strings.Trim(fmt.Sprintf("%+q", e.Code), `"`) + ": " + strings.Trim(fmt.Sprintf("%+q", e.Message), `"`) +} + +func IsAuthSchemeError(err error) bool { + return IsSpecificError(err, "AuthScheme") +} + +func IsAuthorizationError(err error) bool { + return IsSpecificError(err, "Authorization") +} + +func IsBadRequestError(err error) bool { + return IsSpecificError(err, "BadRequest") +} + +func IsChecksumError(err error) bool { + return IsSpecificError(err, "Checksum") +} + +func IsConcurrentRequestError(err error) bool { + return IsSpecificError(err, "ConcurrentRequest") +} + +func IsContentLengthError(err error) bool { + return IsSpecificError(err, "ContentLength") +} + +func IsContentMD5MismatchError(err error) bool { + return IsSpecificError(err, "ContentMD5Mismatch") +} + +func IsEntityExistsError(err error) bool { + return IsSpecificError(err, "EntityExists") +} + +func IsInvalidArgumentError(err error) bool { + return IsSpecificError(err, "InvalidArgument") +} + +func IsInvalidAuthTokenError(err error) bool { + return IsSpecificError(err, "InvalidAuthToken") +} + +func IsInvalidCredentialsError(err error) bool { + return IsSpecificError(err, "InvalidCredentials") +} + +func IsInvalidDurabilityLevelError(err error) bool { + return IsSpecificError(err, "InvalidDurabilityLevel") +} + +func IsInvalidKeyIdError(err error) bool { + return IsSpecificError(err, "InvalidKeyId") +} + +func IsInvalidJobError(err error) bool { + return IsSpecificError(err, "InvalidJob") +} + +func IsInvalidLinkError(err error) bool { + return IsSpecificError(err, "InvalidLink") +} + +func IsInvalidLimitError(err error) bool { + return IsSpecificError(err, "InvalidLimit") +} + +func IsInvalidSignatureError(err error) bool { + return IsSpecificError(err, "InvalidSignature") +} + +func IsInvalidUpdateError(err error) bool { + return IsSpecificError(err, "InvalidUpdate") +} + +func IsDirectoryDoesNotExistError(err error) bool { + return IsSpecificError(err, "DirectoryDoesNotExist") +} + +func IsDirectoryExistsError(err error) bool { + return IsSpecificError(err, "DirectoryExists") +} + +func IsDirectoryNotEmptyError(err error) bool { + return IsSpecificError(err, "DirectoryNotEmpty") +} + +func IsDirectoryOperationError(err error) bool { + return IsSpecificError(err, "DirectoryOperation") +} + +func IsInternalError(err error) bool { + return IsSpecificError(err, "Internal") +} + +func IsJobNotFoundError(err error) bool { + return IsSpecificError(err, "JobNotFound") +} + +func IsJobStateError(err error) bool { + return IsSpecificError(err, "JobState") +} + +func IsKeyDoesNotExistError(err error) bool { + return IsSpecificError(err, "KeyDoesNotExist") +} + +func IsNotAcceptableError(err error) bool { + return IsSpecificError(err, "NotAcceptable") +} + +func IsNotEnoughSpaceError(err error) bool { + return IsSpecificError(err, "NotEnoughSpace") +} + +func IsLinkNotFoundError(err error) bool { + return IsSpecificError(err, "LinkNotFound") +} + +func IsLinkNotObjectError(err error) bool { + return IsSpecificError(err, "LinkNotObject") +} + +func IsLinkRequiredError(err error) bool { + return IsSpecificError(err, "LinkRequired") +} + +func IsParentNotDirectoryError(err error) bool { + return IsSpecificError(err, "ParentNotDirectory") +} + +func IsPreconditionFailedError(err error) bool { + return IsSpecificError(err, "PreconditionFailed") +} + +func IsPreSignedRequestError(err error) bool { + return IsSpecificError(err, "PreSignedRequest") +} + +func IsRequestEntityTooLargeError(err error) bool { + return IsSpecificError(err, "RequestEntityTooLarge") +} + +func IsResourceNotFoundError(err error) bool { + return IsSpecificError(err, "ResourceNotFound") +} + +func IsRootDirectoryError(err error) bool { + return IsSpecificError(err, "RootDirectory") +} + +func IsServiceUnavailableError(err error) bool { + return IsSpecificError(err, "ServiceUnavailable") +} + +func IsSSLRequiredError(err error) bool { + return IsSpecificError(err, "SSLRequired") +} + +func IsUploadTimeoutError(err error) bool { + return IsSpecificError(err, "UploadTimeout") +} + +func IsUserDoesNotExistError(err error) bool { + return IsSpecificError(err, "UserDoesNotExist") +} + +func IsBadRequest(err error) bool { + return IsSpecificError(err, "BadRequest") +} + +func IsInUseError(err error) bool { + return IsSpecificError(err, "InUseError") +} + +func IsInvalidArgument(err error) bool { + return IsSpecificError(err, "InvalidArgument") +} + +func IsInvalidCredentials(err error) bool { + return IsSpecificError(err, "InvalidCredentials") +} + +func IsInvalidHeader(err error) bool { + return IsSpecificError(err, "InvalidHeader") +} + +func IsInvalidVersion(err error) bool { + return IsSpecificError(err, "InvalidVersion") +} + +func IsMissingParameter(err error) bool { + return IsSpecificError(err, "MissingParameter") +} + +func IsNotAuthorized(err error) bool { + return IsSpecificError(err, "NotAuthorized") +} + +func IsRequestThrottled(err error) bool { + return IsSpecificError(err, "RequestThrottled") +} + +func IsRequestTooLarge(err error) bool { + return IsSpecificError(err, "RequestTooLarge") +} + +func IsRequestMoved(err error) bool { + return IsSpecificError(err, "RequestMoved") +} + +func IsResourceFound(err error) bool { + return IsSpecificError(err, "ResourceFound") +} + +func IsResourceNotFound(err error) bool { + return IsSpecificError(err, "ResourceNotFound") +} + +func IsUnknownError(err error) bool { + return IsSpecificError(err, "UnknownError") +} + +func IsEmptyResponse(err error) bool { + return IsSpecificError(err, "EmptyResponse") +} + +func IsStatusNotFoundCode(err error) bool { + return IsSpecificStatusCode(err, http.StatusNotFound) +} + +func IsSpecificError(myError error, errorCode string) bool { + switch err := errors.Cause(myError).(type) { + case *APIError: + if err.Code == errorCode { + return true + } + } + + return false +} + +func IsSpecificStatusCode(myError error, statusCode int) bool { + switch err := errors.Cause(myError).(type) { + case *APIError: + if err.StatusCode == statusCode { + return true + } + } + + return false +} diff --git a/vendor/github.com/joyent/triton-go/storage/client.go b/vendor/github.com/joyent/triton-go/storage/client.go new file mode 100644 index 000000000000..e38569fbc58d --- /dev/null +++ b/vendor/github.com/joyent/triton-go/storage/client.go @@ -0,0 +1,59 @@ +// +// Copyright (c) 2018, Joyent, Inc. All rights reserved. +// +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. +// + +package storage + +import ( + triton "github.com/joyent/triton-go" + "github.com/joyent/triton-go/client" +) + +type StorageClient struct { + Client *client.Client +} + +func newStorageClient(client *client.Client) *StorageClient { + return &StorageClient{ + Client: client, + } +} + +// NewClient returns a new client for working with Storage endpoints and +// resources within CloudAPI +func NewClient(config *triton.ClientConfig) (*StorageClient, error) { + // TODO: Utilize config interface within the function itself + client, err := client.New(config.TritonURL, config.MantaURL, config.AccountName, config.Signers...) + if err != nil { + return nil, err + } + return newStorageClient(client), nil +} + +// Dir returns a DirectoryClient used for accessing functions pertaining to +// Directories functionality of the Manta API. +func (c *StorageClient) Dir() *DirectoryClient { + return &DirectoryClient{c.Client} +} + +// Jobs returns a JobClient used for accessing functions pertaining to Jobs +// functionality of the Triton Object Storage API. +func (c *StorageClient) Jobs() *JobClient { + return &JobClient{c.Client} +} + +// Objects returns an ObjectsClient used for accessing functions pertaining to +// Objects functionality of the Triton Object Storage API. +func (c *StorageClient) Objects() *ObjectsClient { + return &ObjectsClient{c.Client} +} + +// SnapLinks returns an SnapLinksClient used for accessing functions pertaining to +// SnapLinks functionality of the Triton Object Storage API. +func (c *StorageClient) SnapLinks() *SnapLinksClient { + return &SnapLinksClient{c.Client} +} diff --git a/vendor/github.com/joyent/triton-go/storage/directory.go b/vendor/github.com/joyent/triton-go/storage/directory.go new file mode 100644 index 000000000000..865b56483a28 --- /dev/null +++ b/vendor/github.com/joyent/triton-go/storage/directory.go @@ -0,0 +1,207 @@ +// +// Copyright (c) 2018, Joyent, Inc. All rights reserved. +// +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. +// + +package storage + +import ( + "bufio" + "context" + "encoding/json" + "net/http" + "net/url" + "path" + "strconv" + "time" + + "github.com/joyent/triton-go/client" + "github.com/pkg/errors" +) + +type DirectoryClient struct { + client *client.Client +} + +// DirectoryEntry represents an object or directory in Manta. +type DirectoryEntry struct { + ETag string `json:"etag"` + ModifiedTime time.Time `json:"mtime"` + Name string `json:"name"` + Size uint64 `json:"size"` + Type string `json:"type"` +} + +// ListDirectoryInput represents parameters to a List operation. +type ListDirectoryInput struct { + DirectoryName string + Limit uint64 + Marker string +} + +// ListDirectoryOutput contains the outputs of a List operation. +type ListDirectoryOutput struct { + Entries []*DirectoryEntry + ResultSetSize uint64 +} + +// List lists the contents of a directory on the Triton Object Store service. +func (s *DirectoryClient) List(ctx context.Context, input *ListDirectoryInput) (*ListDirectoryOutput, error) { + absPath := absFileInput(s.client.AccountName, input.DirectoryName) + query := &url.Values{} + if input.Limit != 0 { + query.Set("limit", strconv.FormatUint(input.Limit, 10)) + } + if input.Marker != "" { + query.Set("manta_path", input.Marker) + } + + reqInput := client.RequestInput{ + Method: http.MethodGet, + Path: string(absPath), + Query: query, + } + respBody, respHeader, err := s.client.ExecuteRequestStorage(ctx, reqInput) + if err != nil { + return nil, errors.Wrap(err, "unable to list directory") + } + defer respBody.Close() + + var results []*DirectoryEntry + scanner := bufio.NewScanner(respBody) + for scanner.Scan() { + current := &DirectoryEntry{} + if err := json.Unmarshal(scanner.Bytes(), current); err != nil { + return nil, errors.Wrap(err, "unable to decode list directories response") + } + + results = append(results, current) + } + + if err := scanner.Err(); err != nil { + return nil, errors.Wrap(err, "unable to decode list directories response") + } + + output := &ListDirectoryOutput{ + Entries: results, + } + + resultSetSize, err := strconv.ParseUint(respHeader.Get("Result-Set-Size"), 10, 64) + if err == nil { + output.ResultSetSize = resultSetSize + } + + return output, nil +} + +// PutDirectoryInput represents parameters to a Put operation. +type PutDirectoryInput struct { + DirectoryName string +} + +// Put puts a directoy into the Triton Object Storage service is an idempotent +// create-or-update operation. Your private namespace starts at /:login, and you +// can create any nested set of directories or objects within it. +func (s *DirectoryClient) Put(ctx context.Context, input *PutDirectoryInput) error { + absPath := absFileInput(s.client.AccountName, input.DirectoryName) + + headers := &http.Header{} + headers.Set("Content-Type", "application/json; type=directory") + + reqInput := client.RequestInput{ + Method: http.MethodPut, + Path: string(absPath), + Headers: headers, + } + respBody, _, err := s.client.ExecuteRequestStorage(ctx, reqInput) + if respBody != nil { + defer respBody.Close() + } + if err != nil { + return errors.Wrap(err, "unable to put directory") + } + + return nil +} + +// DeleteDirectoryInput represents parameters to a Delete operation. +type DeleteDirectoryInput struct { + DirectoryName string + ForceDelete bool //Will recursively delete all child directories and objects +} + +// Delete deletes a directory on the Triton Object Storage. The directory must +// be empty. +func (s *DirectoryClient) Delete(ctx context.Context, input *DeleteDirectoryInput) error { + absPath := absFileInput(s.client.AccountName, input.DirectoryName) + + if input.ForceDelete { + err := deleteAll(*s, ctx, absPath) + if err != nil { + return err + } + } else { + err := deleteDirectory(*s, ctx, absPath) + if err != nil { + return err + } + } + + return nil +} + +func deleteAll(c DirectoryClient, ctx context.Context, directoryPath _AbsCleanPath) error { + objs, err := c.List(ctx, &ListDirectoryInput{ + DirectoryName: string(directoryPath), + }) + if err != nil { + return err + } + for _, obj := range objs.Entries { + newPath := absFileInput(c.client.AccountName, path.Join(string(directoryPath), obj.Name)) + if obj.Type == "directory" { + err := deleteDirectory(c, ctx, newPath) + if err != nil { + return deleteAll(c, ctx, newPath) + } + } else { + return deleteObject(c, ctx, newPath) + } + } + + return nil +} + +func deleteDirectory(c DirectoryClient, ctx context.Context, directoryPath _AbsCleanPath) error { + reqInput := client.RequestInput{ + Method: http.MethodDelete, + Path: string(directoryPath), + } + respBody, _, err := c.client.ExecuteRequestStorage(ctx, reqInput) + if respBody != nil { + defer respBody.Close() + } + if err != nil { + return errors.Wrap(err, "unable to delete directory") + } + + return nil +} + +func deleteObject(c DirectoryClient, ctx context.Context, path _AbsCleanPath) error { + objClient := &ObjectsClient{ + client: c.client, + } + + err := objClient.Delete(ctx, &DeleteObjectInput{ + ObjectPath: string(path), + }) + if err != nil { + return err + } + + return nil +} diff --git a/vendor/github.com/joyent/triton-go/storage/job.go b/vendor/github.com/joyent/triton-go/storage/job.go new file mode 100644 index 000000000000..51084a4392c1 --- /dev/null +++ b/vendor/github.com/joyent/triton-go/storage/job.go @@ -0,0 +1,448 @@ +// +// Copyright (c) 2018, Joyent, Inc. All rights reserved. +// +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. +// + +package storage + +import ( + "context" + "encoding/json" + "io" + "net/http" + "net/url" + "path" + "strconv" + "strings" + "time" + + "github.com/joyent/triton-go/client" + "github.com/pkg/errors" +) + +type JobClient struct { + client *client.Client +} + +const ( + JobStateDone = "done" + JobStateRunning = "running" +) + +// JobPhase represents the specification for a map or reduce phase of a Manta +// job. +type JobPhase struct { + // Type is the type of phase. Must be `map` or `reduce`. + Type string `json:"type,omitempty"` + + // Assets is an array of objects to be placed in your compute zones. + Assets []string `json:"assets,omitempty"` + + // Exec is the shell statement to execute. It may be any valid shell + // command, including pipelines and other shell syntax. You can also + // execute programs stored in the service by including them in "assets" + // and referencing them as /assets/$manta_path. + Exec string `json:"exec"` + + // Init is a shell statement to execute in each compute zone before + // any tasks are executed. The same constraints apply as to Exec. + Init string `json:"init"` + + // ReducerCount is an optional number of reducers for this phase. The + // default value if not specified is 1. The maximum value is 1024. + ReducerCount uint `json:"count,omitempty"` + + // Memory is the amount of DRAM in MB to be allocated to the compute + // zone. Valid values are 256, 512, 1024, 2048, 4096 or 8192. + Memory uint64 `json:"memory,omitempty"` + + // Disk is the amount of disk space in GB to be allocated to the compute + // zone. Valid values are 2, 4, 8, 16, 32, 64, 128, 256, 512 or 1024. + Disk uint64 `json:"disk,omitempty"` +} + +// JobSummary represents the summary of a compute job in Manta. +type JobSummary struct { + ModifiedTime time.Time `json:"mtime"` + ID string `json:"name"` +} + +// Job represents a compute job in Manta. +type Job struct { + ID string `json:"id"` + Name string `json:"name"` + Phases []*JobPhase `json:"phases"` + State string `json:"state"` + Cancelled bool `json:"cancelled"` + InputDone bool `json:"inputDone"` + CreatedTime time.Time `json:"timeCreated"` + DoneTime time.Time `json:"timeDone"` + Transient bool `json:"transient"` + Stats *JobStats `json:"stats"` +} + +// JobStats represents statistics for a compute job in Manta. +type JobStats struct { + Errors uint64 `json:"errors"` + Outputs uint64 `json:"outputs"` + Retries uint64 `json:"retries"` + Tasks uint64 `json:"tasks"` + TasksDone uint64 `json:"tasksDone"` +} + +// CreateJobInput represents parameters to a CreateJob operation. +type CreateJobInput struct { + Name string `json:"name"` + Phases []*JobPhase `json:"phases"` +} + +// CreateJobOutput contains the outputs of a CreateJob operation. +type CreateJobOutput struct { + JobID string +} + +// CreateJob submits a new job to be executed. This call is not +// idempotent, so calling it twice will create two jobs. +func (s *JobClient) Create(ctx context.Context, input *CreateJobInput) (*CreateJobOutput, error) { + fullPath := path.Join("/", s.client.AccountName, "jobs") + + reqInput := client.RequestInput{ + Method: http.MethodPost, + Path: fullPath, + Body: input, + } + respBody, respHeaders, err := s.client.ExecuteRequestStorage(ctx, reqInput) + if respBody != nil { + defer respBody.Close() + } + if err != nil { + return nil, errors.Wrap(err, "unable to create job") + } + + jobURI := respHeaders.Get("Location") + parts := strings.Split(jobURI, "/") + jobID := parts[len(parts)-1] + + response := &CreateJobOutput{ + JobID: jobID, + } + + return response, nil +} + +// AddJobInputs represents parameters to a AddJobInputs operation. +type AddJobInputsInput struct { + JobID string + ObjectPaths []string +} + +// AddJobInputs submits inputs to an already created job. +func (s *JobClient) AddInputs(ctx context.Context, input *AddJobInputsInput) error { + fullPath := path.Join("/", s.client.AccountName, "jobs", input.JobID, "live", "in") + headers := &http.Header{} + headers.Set("Content-Type", "text/plain") + + reader := strings.NewReader(strings.Join(input.ObjectPaths, "\n")) + + reqInput := client.RequestNoEncodeInput{ + Method: http.MethodPost, + Path: fullPath, + Headers: headers, + Body: reader, + } + respBody, _, err := s.client.ExecuteRequestNoEncode(ctx, reqInput) + if respBody != nil { + defer respBody.Close() + } + if err != nil { + return errors.Wrap(err, "unable to add job inputs") + } + + return nil +} + +// EndJobInputInput represents parameters to a EndJobInput operation. +type EndJobInputInput struct { + JobID string +} + +// EndJobInput submits inputs to an already created job. +func (s *JobClient) EndInput(ctx context.Context, input *EndJobInputInput) error { + fullPath := path.Join("/", s.client.AccountName, "jobs", input.JobID, "live", "in", "end") + + reqInput := client.RequestNoEncodeInput{ + Method: http.MethodPost, + Path: fullPath, + } + respBody, _, err := s.client.ExecuteRequestNoEncode(ctx, reqInput) + if respBody != nil { + defer respBody.Close() + } + if err != nil { + return errors.Wrap(err, "unable to end job inputs") + } + + return nil +} + +// CancelJobInput represents parameters to a CancelJob operation. +type CancelJobInput struct { + JobID string +} + +// CancelJob cancels a job from doing any further work. Cancellation +// is asynchronous and "best effort"; there is no guarantee the job +// will actually stop. For example, short jobs where input is already +// closed will likely still run to completion. +// +// This is however useful when: +// - input is still open +// - you have a long-running job +func (s *JobClient) Cancel(ctx context.Context, input *CancelJobInput) error { + fullPath := path.Join("/", s.client.AccountName, "jobs", input.JobID, "live", "cancel") + + reqInput := client.RequestNoEncodeInput{ + Method: http.MethodPost, + Path: fullPath, + } + respBody, _, err := s.client.ExecuteRequestNoEncode(ctx, reqInput) + if respBody != nil { + defer respBody.Close() + } + if err != nil { + return errors.Wrap(err, "unable to cancel job") + } + + return nil +} + +// ListJobsInput represents parameters to a ListJobs operation. +type ListJobsInput struct { + RunningOnly bool + Limit uint64 + Marker string +} + +// ListJobsOutput contains the outputs of a ListJobs operation. +type ListJobsOutput struct { + Jobs []*JobSummary + ResultSetSize uint64 +} + +// ListJobs returns the list of jobs you currently have. +func (s *JobClient) List(ctx context.Context, input *ListJobsInput) (*ListJobsOutput, error) { + fullPath := path.Join("/", s.client.AccountName, "jobs") + query := &url.Values{} + if input.RunningOnly { + query.Set("state", "running") + } + if input.Limit != 0 { + query.Set("limit", strconv.FormatUint(input.Limit, 10)) + } + if input.Marker != "" { + query.Set("manta_path", input.Marker) + } + + reqInput := client.RequestInput{ + Method: http.MethodGet, + Path: fullPath, + Query: query, + } + respBody, respHeader, err := s.client.ExecuteRequestStorage(ctx, reqInput) + if respBody != nil { + defer respBody.Close() + } + if err != nil { + return nil, errors.Wrap(err, "unable to list jobs") + } + + var results []*JobSummary + for { + current := &JobSummary{} + decoder := json.NewDecoder(respBody) + if err = decoder.Decode(¤t); err != nil { + if err == io.EOF { + break + } + return nil, errors.Wrap(err, "unable to decode list jobs response") + } + results = append(results, current) + } + + output := &ListJobsOutput{ + Jobs: results, + } + + resultSetSize, err := strconv.ParseUint(respHeader.Get("Result-Set-Size"), 10, 64) + if err == nil { + output.ResultSetSize = resultSetSize + } + + return output, nil +} + +// GetJobInput represents parameters to a GetJob operation. +type GetJobInput struct { + JobID string +} + +// GetJobOutput contains the outputs of a GetJob operation. +type GetJobOutput struct { + Job *Job +} + +// GetJob returns the list of jobs you currently have. +func (s *JobClient) Get(ctx context.Context, input *GetJobInput) (*GetJobOutput, error) { + fullPath := path.Join("/", s.client.AccountName, "jobs", input.JobID, "live", "status") + + reqInput := client.RequestInput{ + Method: http.MethodGet, + Path: fullPath, + } + respBody, _, err := s.client.ExecuteRequestStorage(ctx, reqInput) + if respBody != nil { + defer respBody.Close() + } + if err != nil { + return nil, errors.Wrap(err, "unable to get job") + } + + job := &Job{} + decoder := json.NewDecoder(respBody) + if err = decoder.Decode(&job); err != nil { + return nil, errors.Wrap(err, "unable to decode get job response") + } + + return &GetJobOutput{ + Job: job, + }, nil +} + +// GetJobOutputInput represents parameters to a GetJobOutput operation. +type GetJobOutputInput struct { + JobID string +} + +// GetJobOutputOutput contains the outputs for a GetJobOutput operation. It is your +// responsibility to ensure that the io.ReadCloser Items is closed. +type GetJobOutputOutput struct { + ResultSetSize uint64 + Items io.ReadCloser +} + +// GetJobOutput returns the current "live" set of outputs from a job. Think of +// this like `tail -f`. If error is nil (i.e. the operation is successful), it is +// your responsibility to close the io.ReadCloser named Items in the output. +func (s *JobClient) GetOutput(ctx context.Context, input *GetJobOutputInput) (*GetJobOutputOutput, error) { + fullPath := path.Join("/", s.client.AccountName, "jobs", input.JobID, "live", "out") + + reqInput := client.RequestInput{ + Method: http.MethodGet, + Path: fullPath, + } + respBody, respHeader, err := s.client.ExecuteRequestStorage(ctx, reqInput) + if respBody != nil { + defer respBody.Close() + } + if err != nil { + return nil, errors.Wrap(err, "unable to get job output") + } + + output := &GetJobOutputOutput{ + Items: respBody, + } + + resultSetSize, err := strconv.ParseUint(respHeader.Get("Result-Set-Size"), 10, 64) + if err == nil { + output.ResultSetSize = resultSetSize + } + + return output, nil +} + +// GetJobInputInput represents parameters to a GetJobOutput operation. +type GetJobInputInput struct { + JobID string +} + +// GetJobInputOutput contains the outputs for a GetJobOutput operation. It is your +// responsibility to ensure that the io.ReadCloser Items is closed. +type GetJobInputOutput struct { + ResultSetSize uint64 + Items io.ReadCloser +} + +// GetJobInput returns the current "live" set of inputs from a job. Think of +// this like `tail -f`. If error is nil (i.e. the operation is successful), it is +// your responsibility to close the io.ReadCloser named Items in the output. +func (s *JobClient) GetInput(ctx context.Context, input *GetJobInputInput) (*GetJobInputOutput, error) { + fullPath := path.Join("/", s.client.AccountName, "jobs", input.JobID, "live", "in") + + reqInput := client.RequestInput{ + Method: http.MethodGet, + Path: fullPath, + } + respBody, respHeader, err := s.client.ExecuteRequestStorage(ctx, reqInput) + if respBody != nil { + defer respBody.Close() + } + if err != nil { + return nil, errors.Wrap(err, "unable to get job input") + } + + output := &GetJobInputOutput{ + Items: respBody, + } + + resultSetSize, err := strconv.ParseUint(respHeader.Get("Result-Set-Size"), 10, 64) + if err == nil { + output.ResultSetSize = resultSetSize + } + + return output, nil +} + +// GetJobFailuresInput represents parameters to a GetJobFailures operation. +type GetJobFailuresInput struct { + JobID string +} + +// GetJobFailuresOutput contains the outputs for a GetJobFailures operation. It is your +// responsibility to ensure that the io.ReadCloser Items is closed. +type GetJobFailuresOutput struct { + ResultSetSize uint64 + Items io.ReadCloser +} + +// GetJobFailures returns the current "live" set of outputs from a job. Think of +// this like `tail -f`. If error is nil (i.e. the operation is successful), it is +// your responsibility to close the io.ReadCloser named Items in the output. +func (s *JobClient) GetFailures(ctx context.Context, input *GetJobFailuresInput) (*GetJobFailuresOutput, error) { + fullPath := path.Join("/", s.client.AccountName, "jobs", input.JobID, "live", "fail") + + reqInput := client.RequestInput{ + Method: http.MethodGet, + Path: fullPath, + } + respBody, respHeader, err := s.client.ExecuteRequestStorage(ctx, reqInput) + if respBody != nil { + defer respBody.Close() + } + if err != nil { + return nil, errors.Wrap(err, "unable to get job failures") + } + + output := &GetJobFailuresOutput{ + Items: respBody, + } + + resultSetSize, err := strconv.ParseUint(respHeader.Get("Result-Set-Size"), 10, 64) + if err == nil { + output.ResultSetSize = resultSetSize + } + + return output, nil +} diff --git a/vendor/github.com/joyent/triton-go/storage/objects.go b/vendor/github.com/joyent/triton-go/storage/objects.go new file mode 100644 index 000000000000..ad71e31602ca --- /dev/null +++ b/vendor/github.com/joyent/triton-go/storage/objects.go @@ -0,0 +1,391 @@ +// +// Copyright (c) 2018, Joyent, Inc. All rights reserved. +// +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. +// + +package storage + +import ( + "context" + "io" + "net/http" + "net/url" + "path" + "strconv" + "strings" + "time" + + "github.com/joyent/triton-go/client" + tt "github.com/joyent/triton-go/errors" + "github.com/pkg/errors" +) + +type ObjectsClient struct { + client *client.Client +} + +// GetObjectInput represents parameters to a GetObject operation. +type GetInfoInput struct { + ObjectPath string + Headers map[string]string +} + +// GetObjectOutput contains the outputs for a GetObject operation. It is your +// responsibility to ensure that the io.ReadCloser ObjectReader is closed. +type GetInfoOutput struct { + ContentLength uint64 + ContentType string + LastModified time.Time + ContentMD5 string + ETag string + Metadata map[string]string +} + +// GetInfo sends a HEAD request to an object in the Manta service. This function +// does not return a response body. +func (s *ObjectsClient) GetInfo(ctx context.Context, input *GetInfoInput) (*GetInfoOutput, error) { + absPath := absFileInput(s.client.AccountName, input.ObjectPath) + + headers := &http.Header{} + for key, value := range input.Headers { + headers.Set(key, value) + } + + reqInput := client.RequestInput{ + Method: http.MethodHead, + Path: string(absPath), + Headers: headers, + } + _, respHeaders, err := s.client.ExecuteRequestStorage(ctx, reqInput) + if err != nil { + return nil, errors.Wrap(err, "unable to get info") + } + + response := &GetInfoOutput{ + ContentType: respHeaders.Get("Content-Type"), + ContentMD5: respHeaders.Get("Content-MD5"), + ETag: respHeaders.Get("Etag"), + } + + lastModified, err := time.Parse(time.RFC1123, respHeaders.Get("Last-Modified")) + if err == nil { + response.LastModified = lastModified + } + + contentLength, err := strconv.ParseUint(respHeaders.Get("Content-Length"), 10, 64) + if err == nil { + response.ContentLength = contentLength + } + + metadata := map[string]string{} + for key, values := range respHeaders { + if strings.HasPrefix(key, "m-") { + metadata[key] = strings.Join(values, ", ") + } + } + response.Metadata = metadata + + return response, nil +} + +// IsDir is a convenience wrapper around the GetInfo function which takes an +// ObjectPath and returns a boolean whether or not the object is a directory +// type in Manta. Returns an error if GetInfo failed upstream for some reason. +func (s *ObjectsClient) IsDir(ctx context.Context, objectPath string) (bool, error) { + info, err := s.GetInfo(ctx, &GetInfoInput{ + ObjectPath: objectPath, + }) + if err != nil { + return false, err + } + if info != nil { + return strings.HasSuffix(info.ContentType, "type=directory"), nil + } + return false, nil +} + +// GetObjectInput represents parameters to a GetObject operation. +type GetObjectInput struct { + ObjectPath string + Headers map[string]string +} + +// GetObjectOutput contains the outputs for a GetObject operation. It is your +// responsibility to ensure that the io.ReadCloser ObjectReader is closed. +type GetObjectOutput struct { + ContentLength uint64 + ContentType string + LastModified time.Time + ContentMD5 string + ETag string + Metadata map[string]string + ObjectReader io.ReadCloser +} + +// Get retrieves an object from the Manta service. If error is nil (i.e. the +// call returns successfully), it is your responsibility to close the +// io.ReadCloser named ObjectReader in the operation output. +func (s *ObjectsClient) Get(ctx context.Context, input *GetObjectInput) (*GetObjectOutput, error) { + absPath := absFileInput(s.client.AccountName, input.ObjectPath) + + headers := &http.Header{} + for key, value := range input.Headers { + headers.Set(key, value) + } + + reqInput := client.RequestInput{ + Method: http.MethodGet, + Path: string(absPath), + Headers: headers, + } + respBody, respHeaders, err := s.client.ExecuteRequestStorage(ctx, reqInput) + if err != nil { + return nil, errors.Wrap(err, "unable to get object") + } + + response := &GetObjectOutput{ + ContentType: respHeaders.Get("Content-Type"), + ContentMD5: respHeaders.Get("Content-MD5"), + ETag: respHeaders.Get("Etag"), + ObjectReader: respBody, + } + + lastModified, err := time.Parse(time.RFC1123, respHeaders.Get("Last-Modified")) + if err == nil { + response.LastModified = lastModified + } + + contentLength, err := strconv.ParseUint(respHeaders.Get("Content-Length"), 10, 64) + if err == nil { + response.ContentLength = contentLength + } + + metadata := map[string]string{} + for key, values := range respHeaders { + if strings.HasPrefix(key, "m-") { + metadata[key] = strings.Join(values, ", ") + } + } + response.Metadata = metadata + + return response, nil +} + +// DeleteObjectInput represents parameters to a DeleteObject operation. +type DeleteObjectInput struct { + ObjectPath string + Headers map[string]string +} + +// DeleteObject deletes an object. +func (s *ObjectsClient) Delete(ctx context.Context, input *DeleteObjectInput) error { + absPath := absFileInput(s.client.AccountName, input.ObjectPath) + + headers := &http.Header{} + for key, value := range input.Headers { + headers.Set(key, value) + } + + reqInput := client.RequestInput{ + Method: http.MethodDelete, + Path: string(absPath), + Headers: headers, + } + respBody, _, err := s.client.ExecuteRequestStorage(ctx, reqInput) + if respBody != nil { + defer respBody.Close() + } + if err != nil { + return errors.Wrap(err, "unable to delete object") + } + + return nil +} + +// PutObjectMetadataInput represents parameters to a PutObjectMetadata operation. +type PutObjectMetadataInput struct { + ObjectPath string + ContentType string + Metadata map[string]string +} + +// PutObjectMetadata allows you to overwrite the HTTP headers for an already +// existing object, without changing the data. Note this is an idempotent "replace" +// operation, so you must specify the complete set of HTTP headers you want +// stored on each request. +// +// You cannot change "critical" headers: +// - Content-Length +// - Content-MD5 +// - Durability-Level +func (s *ObjectsClient) PutMetadata(ctx context.Context, input *PutObjectMetadataInput) error { + absPath := absFileInput(s.client.AccountName, input.ObjectPath) + query := &url.Values{} + query.Set("metadata", "true") + + headers := &http.Header{} + headers.Set("Content-Type", input.ContentType) + for key, value := range input.Metadata { + headers.Set(key, value) + } + + reqInput := client.RequestInput{ + Method: http.MethodPut, + Path: string(absPath), + Query: query, + Headers: headers, + } + respBody, _, err := s.client.ExecuteRequestStorage(ctx, reqInput) + if respBody != nil { + defer respBody.Close() + } + if err != nil { + return errors.Wrap(err, "unable to put metadata") + } + + return nil +} + +// PutObjectInput represents parameters to a PutObject operation. +type PutObjectInput struct { + ObjectPath string + DurabilityLevel uint64 + ContentType string + ContentMD5 string + IfMatch string + IfModifiedSince *time.Time + ContentLength uint64 + MaxContentLength uint64 + ObjectReader io.Reader + Headers map[string]string + ForceInsert bool //Force the creation of the directory tree +} + +func (s *ObjectsClient) Put(ctx context.Context, input *PutObjectInput) error { + absPath := absFileInput(s.client.AccountName, input.ObjectPath) + + if input.ForceInsert { + absDirName := _AbsCleanPath(path.Dir(string(absPath))) + exists, err := checkDirectoryTreeExists(*s, ctx, absDirName) + if err != nil { + return err + } + if !exists { + err := createDirectory(*s, ctx, absDirName) + if err != nil { + return err + } + return putObject(*s, ctx, input, absPath) + } + } + + return putObject(*s, ctx, input, absPath) +} + +// _AbsCleanPath is an internal type that means the input has been +// path.Clean()'ed and is an absolute path. +type _AbsCleanPath string + +func absFileInput(accountName, objPath string) _AbsCleanPath { + cleanInput := path.Clean(objPath) + if strings.HasPrefix(cleanInput, path.Join("/", accountName, "/")) { + return _AbsCleanPath(cleanInput) + } + + cleanAbs := path.Clean(path.Join("/", accountName, objPath)) + return _AbsCleanPath(cleanAbs) +} + +func putObject(c ObjectsClient, ctx context.Context, input *PutObjectInput, absPath _AbsCleanPath) error { + if input.MaxContentLength != 0 && input.ContentLength != 0 { + return errors.New("ContentLength and MaxContentLength may not both be set to non-zero values.") + } + + headers := &http.Header{} + for key, value := range input.Headers { + headers.Set(key, value) + } + if input.DurabilityLevel != 0 { + headers.Set("Durability-Level", strconv.FormatUint(input.DurabilityLevel, 10)) + } + if input.ContentType != "" { + headers.Set("Content-Type", input.ContentType) + } + if input.ContentMD5 != "" { + headers.Set("Content-MD$", input.ContentMD5) + } + if input.IfMatch != "" { + headers.Set("If-Match", input.IfMatch) + } + if input.IfModifiedSince != nil { + headers.Set("If-Modified-Since", input.IfModifiedSince.Format(time.RFC1123)) + } + if input.ContentLength != 0 { + headers.Set("Content-Length", strconv.FormatUint(input.ContentLength, 10)) + } + if input.MaxContentLength != 0 { + headers.Set("Max-Content-Length", strconv.FormatUint(input.MaxContentLength, 10)) + } + + reqInput := client.RequestNoEncodeInput{ + Method: http.MethodPut, + Path: string(absPath), + Headers: headers, + Body: input.ObjectReader, + } + respBody, _, err := c.client.ExecuteRequestNoEncode(ctx, reqInput) + if respBody != nil { + defer respBody.Close() + } + if err != nil { + return errors.Wrap(err, "unable to put object") + } + + return nil +} + +func createDirectory(c ObjectsClient, ctx context.Context, absPath _AbsCleanPath) error { + dirClient := &DirectoryClient{ + client: c.client, + } + + // An abspath starts w/ a leading "/" which gets added to the slice as an + // empty string. Start all array math at 1. + parts := strings.Split(string(absPath), "/") + if len(parts) < 2 { + return errors.New("no path components to create directory") + } + + folderPath := parts[1] + // Don't attempt to create a manta account as a directory + for i := 2; i < len(parts); i++ { + part := parts[i] + folderPath = path.Clean(path.Join("/", folderPath, part)) + err := dirClient.Put(ctx, &PutDirectoryInput{ + DirectoryName: folderPath, + }) + if err != nil { + return err + } + } + + return nil +} + +func checkDirectoryTreeExists(c ObjectsClient, ctx context.Context, absPath _AbsCleanPath) (bool, error) { + exists, err := c.IsDir(ctx, string(absPath)) + if err != nil { + if tt.IsResourceNotFoundError(err) { + return false, nil + } + return false, err + } + if exists { + return true, nil + } + + return false, nil +} diff --git a/vendor/github.com/joyent/triton-go/storage/signing.go b/vendor/github.com/joyent/triton-go/storage/signing.go new file mode 100644 index 000000000000..81111c32c33d --- /dev/null +++ b/vendor/github.com/joyent/triton-go/storage/signing.go @@ -0,0 +1,90 @@ +// +// Copyright (c) 2018, Joyent, Inc. All rights reserved. +// +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. +// + +package storage + +import ( + "bytes" + "fmt" + "net/url" + "path" + "strconv" + "strings" + "time" + + "github.com/pkg/errors" +) + +// SignURLInput represents parameters to a SignURL operation. +type SignURLInput struct { + ValidityPeriod time.Duration + Method string + ObjectPath string +} + +// SignURLOutput contains the outputs of a SignURL operation. To simply +// access the signed URL, use the SignedURL method. +type SignURLOutput struct { + host string + objectPath string + Method string + Algorithm string + Signature string + Expires string + KeyID string +} + +// SignedURL returns a signed URL for the given scheme. Valid schemes are +// `http` and `https`. +func (output *SignURLOutput) SignedURL(scheme string) string { + query := &url.Values{} + query.Set("algorithm", output.Algorithm) + query.Set("expires", output.Expires) + query.Set("keyId", output.KeyID) + query.Set("signature", output.Signature) + + sUrl := url.URL{} + sUrl.Scheme = scheme + sUrl.Host = output.host + sUrl.Path = output.objectPath + sUrl.RawQuery = query.Encode() + + return sUrl.String() +} + +// SignURL creates a time-expiring URL that can be shared with others. +// This is useful to generate HTML links, for example. +func (s *StorageClient) SignURL(input *SignURLInput) (*SignURLOutput, error) { + output := &SignURLOutput{ + host: s.Client.MantaURL.Host, + objectPath: fmt.Sprintf("/%s%s", s.Client.AccountName, input.ObjectPath), + Method: input.Method, + Algorithm: strings.ToUpper(s.Client.Authorizers[0].DefaultAlgorithm()), + Expires: strconv.FormatInt(time.Now().Add(input.ValidityPeriod).Unix(), 10), + KeyID: path.Join("/", s.Client.AccountName, "keys", s.Client.Authorizers[0].KeyFingerprint()), + } + + toSign := bytes.Buffer{} + toSign.WriteString(input.Method + "\n") + toSign.WriteString(s.Client.MantaURL.Host + "\n") + toSign.WriteString(fmt.Sprintf("/%s%s\n", s.Client.AccountName, input.ObjectPath)) + + query := &url.Values{} + query.Set("algorithm", output.Algorithm) + query.Set("expires", output.Expires) + query.Set("keyId", output.KeyID) + toSign.WriteString(query.Encode()) + + signature, _, err := s.Client.Authorizers[0].SignRaw(toSign.String()) + if err != nil { + return nil, errors.Wrapf(err, "error signing string") + } + + output.Signature = signature + return output, nil +} diff --git a/vendor/github.com/joyent/triton-go/storage/snaplink.go b/vendor/github.com/joyent/triton-go/storage/snaplink.go new file mode 100644 index 000000000000..ec8510a68fac --- /dev/null +++ b/vendor/github.com/joyent/triton-go/storage/snaplink.go @@ -0,0 +1,54 @@ +// +// Copyright (c) 2018, Joyent, Inc. All rights reserved. +// +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. +// + +package storage + +import ( + "context" + "fmt" + "net/http" + + "github.com/joyent/triton-go/client" + "github.com/pkg/errors" +) + +type SnapLinksClient struct { + client *client.Client +} + +// PutSnapLinkInput represents parameters to a PutSnapLink operation. +type PutSnapLinkInput struct { + LinkPath string + SourcePath string +} + +// PutSnapLink creates a SnapLink to an object. +func (s *SnapLinksClient) Put(ctx context.Context, input *PutSnapLinkInput) error { + linkPath := fmt.Sprintf("/%s%s", s.client.AccountName, input.LinkPath) + sourcePath := fmt.Sprintf("/%s%s", s.client.AccountName, input.SourcePath) + headers := &http.Header{} + headers.Set("Content-Type", "application/json; type=link") + headers.Set("location", sourcePath) + headers.Set("Accept", "~1.0") + headers.Set("Accept-Version", "application/json, */*") + + reqInput := client.RequestInput{ + Method: http.MethodPut, + Path: linkPath, + Headers: headers, + } + respBody, _, err := s.client.ExecuteRequestStorage(ctx, reqInput) + if respBody != nil { + defer respBody.Close() + } + if err != nil { + return errors.Wrapf(err, "unable to put snaplink") + } + + return nil +} diff --git a/vendor/github.com/joyent/triton-go/triton.go b/vendor/github.com/joyent/triton-go/triton.go new file mode 100644 index 000000000000..5d74258d441e --- /dev/null +++ b/vendor/github.com/joyent/triton-go/triton.go @@ -0,0 +1,27 @@ +// +// Copyright (c) 2018, Joyent, Inc. All rights reserved. +// +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. +// + +package triton + +import ( + "github.com/joyent/triton-go/authentication" +) + +// Universal package used for defining configuration used across all client +// constructors. + +// ClientConfig is a placeholder/input struct around the behavior of configuring +// a client constructor through the implementation's runtime environment +// (SDC/MANTA env vars). +type ClientConfig struct { + TritonURL string + MantaURL string + AccountName string + Username string + Signers []authentication.Signer +} diff --git a/vendor/github.com/joyent/triton-go/version.go b/vendor/github.com/joyent/triton-go/version.go new file mode 100644 index 000000000000..0c1bc8680bd3 --- /dev/null +++ b/vendor/github.com/joyent/triton-go/version.go @@ -0,0 +1,32 @@ +// +// Copyright (c) 2018, Joyent, Inc. All rights reserved. +// +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. +// + +package triton + +import ( + "fmt" + "runtime" +) + +// The main version number of the current released Triton-go SDK. +const Version = "0.9.0" + +// A pre-release marker for the version. If this is "" (empty string) +// then it means that it is a final release. Otherwise, this is a pre-release +// such as "dev" (in development), "beta", "rc1", etc. +var Prerelease = "" + +func UserAgent() string { + if Prerelease != "" { + return fmt.Sprintf("triton-go/%s-%s (%s-%s; %s)", Version, Prerelease, runtime.GOARCH, runtime.GOOS, runtime.Version()) + } else { + return fmt.Sprintf("triton-go/%s (%s-%s; %s)", Version, runtime.GOARCH, runtime.GOOS, runtime.Version()) + } +} + +const CloudAPIMajorVersion = "8" diff --git a/vendor/vendor.json b/vendor/vendor.json index 8efe5ab28ca3..2e16785a835f 100644 --- a/vendor/vendor.json +++ b/vendor/vendor.json @@ -1224,6 +1224,36 @@ "revision": "c2b33e8439af944379acbdd9c3a5fe0bc44bd8a5", "revisionTime": "2018-02-06T20:15:40Z" }, + { + "checksumSHA1": "Lg8OHK87XRGCaipG+5+zFyN8OMw=", + "path": "github.com/joyent/triton-go", + "revision": "545edbe0d564f075ac576f1ad177f4ff39c9adaf", + "revisionTime": "2018-01-16T16:57:42Z" + }, + { + "checksumSHA1": "Y03+L+I0FVZ2bMGWt1MHTDEyWM4=", + "path": "github.com/joyent/triton-go/authentication", + "revision": "545edbe0d564f075ac576f1ad177f4ff39c9adaf", + "revisionTime": "2018-01-16T16:57:42Z" + }, + { + "checksumSHA1": "MuJsGBr6HlXQYxZY9cM5rBk+Lns=", + "path": "github.com/joyent/triton-go/client", + "revision": "545edbe0d564f075ac576f1ad177f4ff39c9adaf", + "revisionTime": "2018-01-16T16:57:42Z" + }, + { + "checksumSHA1": "d/Py6j/uMgOAFNFGpsQrNnSsO+k=", + "path": "github.com/joyent/triton-go/errors", + "revision": "545edbe0d564f075ac576f1ad177f4ff39c9adaf", + "revisionTime": "2018-01-16T16:57:42Z" + }, + { + "checksumSHA1": "5v533ELM047YOiwHsyMaVzITpR0=", + "path": "github.com/joyent/triton-go/storage", + "revision": "545edbe0d564f075ac576f1ad177f4ff39c9adaf", + "revisionTime": "2018-01-16T16:57:42Z" + }, { "checksumSHA1": "VJk3rOWfxEV9Ilig5lgzH1qg8Ss=", "path": "github.com/keybase/go-crypto/brainpool", diff --git a/website/source/docs/configuration/storage/manta.html.md b/website/source/docs/configuration/storage/manta.html.md new file mode 100644 index 000000000000..4f837e5952c5 --- /dev/null +++ b/website/source/docs/configuration/storage/manta.html.md @@ -0,0 +1,66 @@ +--- +layout: "docs" +page_title: "Manta - Storage Backends - Configuration" +sidebar_current: "docs-configuration-storage-manta" +description: |- + The Manta storage backend is used to persist Vault's data in Triton's Manta Object + Storage. The storage folder must already exist. +--- + +# Manta Storage Backend + +The Manta storage backend is used to persist Vault's data in [Triton's Manta Object +Storage][manta-object-store]. The storage folder must already exist. + +- **No High Availability** – the Manta storage backend does not support high + availability. + +- **Community Supported** – the Manta storage backend is supported by the + community. While it has undergone review by HashiCorp employees, they may not + be as knowledgeable about the technology. If you encounter problems with them, + you may be referred to the original author. + +```hcl +storage "manta" { + directory = "manta-directory" + user = "myuser" + key_id = "40:9d:d3:f9:0b:86:62:48:f4:2e:a5:8e:43:00:2a:9b" +} +``` + +## `manta` Parameters + +- `directory` `(string: )` – Specifies the name of the manta directory to use. +This will be in the `/stor/` folder in the specific manta account + +The following settings are used for authenticating to Manta. + +- `user` `(string: )` – Specifies the Manta user account name. This can also be provided via + the environment variable `MANTA_USER`. + +- `key_id` `(string: )` – The fingerprint of the public key of the SSH key pair to use for authentication with the Manta API. + It is assumed that the SSH agent has the private key corresponding to this key ID loaded. This can also be provided + via the environment variable `MANTA_KEY_ID`. + +- `subuser` - The name of a subuser that has been granted access to the Manta account. This can also be + provided via the environment variable `MANTA_SUBUSER`. + +- `url` – Specifies the Manta URL. Defaults to `https://us-east.manta.joyent.com`. This can also be provided via + the environment variable `MANTA_URL`. + +- `max_parallel` `(string: "128")` – Specifies The maximum number of concurrent + requests to Manta. + +## `manta` Examples + +This example shows configuring the Azure storage backend with a custom number of +maximum parallel connections. + +```hcl +storage "manta" { + directory = "vault-storage-directory" + max_parallel = 512 +} +``` + +[manta-object-store]: https://www.joyent.com/triton/object-storage diff --git a/website/source/layouts/docs.erb b/website/source/layouts/docs.erb index 2e3f8affdf9a..7490fcff6be6 100644 --- a/website/source/layouts/docs.erb +++ b/website/source/layouts/docs.erb @@ -138,6 +138,9 @@ > In-Memory + > + Manta + > MySQL From 6ae03f296531ff7d80ec3abed102dde4828d076e Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Mon, 12 Feb 2018 18:24:55 -0500 Subject: [PATCH 115/178] changelog++ --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9636367d46e5..24a7724eebd0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,10 @@ IMPROVEMENTS: * auth/centrify: Add CLI helper * audit: Always log failure metrics, even if zero, to ensure the values appear on dashboards [GH-3937] + * cli: Disable color when output is not a TTY [GH-3897] + * cli: Add `-format` flag to all subcommands [GH-3897] + * cli: Do not display deprecation warnings when the format is not table + [GH-3897] * secret/pki: Add a flag to make the common name optional on certs [GH-3940] * secret/pki: Ensure only DNS-compatible names go into DNS SANs; additionally, properly handle IDNA transformations for these DNS names [GH-3953] From de1ee7fbb9ff6c83791fdcba6d0786c297922511 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Mon, 12 Feb 2018 18:26:27 -0500 Subject: [PATCH 116/178] changelog++ --- CHANGELOG.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 24a7724eebd0..aa8061510e07 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ ## 0.9.4 (Unreleased) +FEATURES: + + * **Manta Storage**: Manta can now be used for Vault storage + IMPROVEMENTS: * auth/centrify: Add CLI helper @@ -13,6 +17,7 @@ IMPROVEMENTS: * secret/pki: Ensure only DNS-compatible names go into DNS SANs; additionally, properly handle IDNA transformations for these DNS names [GH-3953] * secret/ssh: Add `valid-principles` flag to CLI for CA mode [GH-3922] + * storage/manta: Add Manta storage [GH-3270] BUG FIXES: From bd8f461f17655b17d4ffa8987636489d1c8f068f Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Mon, 12 Feb 2018 18:27:18 -0500 Subject: [PATCH 117/178] Update triton version --- .../github.com/joyent/triton-go/CHANGELOG.md | 11 ++++++-- .../github.com/joyent/triton-go/GNUmakefile | 8 +++--- vendor/github.com/joyent/triton-go/README.md | 8 +++--- .../joyent/triton-go/storage/directory.go | 2 +- vendor/github.com/joyent/triton-go/version.go | 28 +++++++++++++------ vendor/vendor.json | 24 ++++++++-------- 6 files changed, 49 insertions(+), 32 deletions(-) diff --git a/vendor/github.com/joyent/triton-go/CHANGELOG.md b/vendor/github.com/joyent/triton-go/CHANGELOG.md index 7b2df2e8a219..71ea4f10ce87 100644 --- a/vendor/github.com/joyent/triton-go/CHANGELOG.md +++ b/vendor/github.com/joyent/triton-go/CHANGELOG.md @@ -1,8 +1,15 @@ ## Unreleased -- Add support for managing columes in Triton [#100] +- Add support for ChangeUserPassword [#111] +- Add support for passing a list of tags to filter List instances [#116] + +## 0.9.0 (January 23) + +**Please Note:** This is a precursor release to marking triton-go as 1.0.0. We are going to wait and fix any bugs that occur from this large set of changes that has happened since 0.5.2 + +- Add support for managing volumes in Triton [#100] - identity/policies: Add support for managing policies in Triton [#86] -- addition of triton-go errors package to expose unwraping of internal errors +- addition of triton-go errors package to expose unwrapping of internal errors - Migration from hashicorp/errwrap to pkg/errors - Using path.Join() for URL structures rather than fmt.Sprintf() diff --git a/vendor/github.com/joyent/triton-go/GNUmakefile b/vendor/github.com/joyent/triton-go/GNUmakefile index f996b99514b4..c5cf617d9d51 100644 --- a/vendor/github.com/joyent/triton-go/GNUmakefile +++ b/vendor/github.com/joyent/triton-go/GNUmakefile @@ -1,7 +1,7 @@ TEST?=$$(go list ./... |grep -Ev 'vendor|examples|testutils') GOFMT_FILES?=$$(find . -name '*.go' |grep -v vendor) -default: vet errcheck test +default: vet fmtcheck errcheck test tools:: ## Download and install all dev/code tools @echo "==> Installing dev tools" @@ -29,16 +29,16 @@ vet:: ## Check for unwanted code constructs fi lint:: ## Lint and vet code by common Go standards - @bash $(CURDIR)/scripts/lint.sh + @./scripts/lint.sh fmt:: ## Format as canonical Go code gofmt -w $(GOFMT_FILES) fmtcheck:: ## Check if code format is canonical Go - @bash $(CURDIR)/scripts/gofmtcheck.sh + @./scripts/gofmtcheck.sh errcheck:: ## Check for unhandled errors - @bash $(CURDIR)/scripts/errcheck.sh + @./scripts/errcheck.sh .PHONY: help help:: ## Display this help message diff --git a/vendor/github.com/joyent/triton-go/README.md b/vendor/github.com/joyent/triton-go/README.md index 5dbd5de0f1ba..33e0d0496fa2 100644 --- a/vendor/github.com/joyent/triton-go/README.md +++ b/vendor/github.com/joyent/triton-go/README.md @@ -38,7 +38,7 @@ ssh-keygen -Emd5 -lf ~/.ssh/id_rsa.pub | cut -d " " -f 2 | sed 's/MD5://' ``` Each top level package, `account`, `compute`, `identity`, `network`, all have -their own seperate client. In order to initialize a package client, simply pass +their own separate client. In order to initialize a package client, simply pass the global `triton.ClientConfig` struct into the client's constructor function. ```go @@ -73,8 +73,8 @@ if err != nil { ## Error Handling If an error is returned by the HTTP API, the `error` returned from the function -will contain an instance of `compute.TritonError` in the chain. Error wrapping -is performed using the [errwrap][7] library from HashiCorp. +will contain an instance of `errors.APIError` in the chain. Error wrapping +is performed using the [pkg/errors][7] library. ## Acceptance Tests @@ -235,4 +235,4 @@ func main() { [4]: https://github.com/joyent/node-http-signature/blob/master/http_signing.md [5]: https://godoc.org/github.com/joyent/triton-go/authentication [6]: https://godoc.org/github.com/joyent/triton-go/authentication -[7]: https://github.com/hashicorp/go-errwrap +[7]: https://github.com/pkg/errors diff --git a/vendor/github.com/joyent/triton-go/storage/directory.go b/vendor/github.com/joyent/triton-go/storage/directory.go index 865b56483a28..90c4f4a57d1f 100644 --- a/vendor/github.com/joyent/triton-go/storage/directory.go +++ b/vendor/github.com/joyent/triton-go/storage/directory.go @@ -102,7 +102,7 @@ type PutDirectoryInput struct { DirectoryName string } -// Put puts a directoy into the Triton Object Storage service is an idempotent +// Put puts a director into the Triton Object Storage service is an idempotent // create-or-update operation. Your private namespace starts at /:login, and you // can create any nested set of directories or objects within it. func (s *DirectoryClient) Put(ctx context.Context, input *PutDirectoryInput) error { diff --git a/vendor/github.com/joyent/triton-go/version.go b/vendor/github.com/joyent/triton-go/version.go index 0c1bc8680bd3..344aab560a6c 100644 --- a/vendor/github.com/joyent/triton-go/version.go +++ b/vendor/github.com/joyent/triton-go/version.go @@ -13,20 +13,30 @@ import ( "runtime" ) -// The main version number of the current released Triton-go SDK. -const Version = "0.9.0" +// Version represents main version number of the current release +// of the Triton-go SDK. +const Version = "1.0.0" -// A pre-release marker for the version. If this is "" (empty string) -// then it means that it is a final release. Otherwise, this is a pre-release -// such as "dev" (in development), "beta", "rc1", etc. -var Prerelease = "" +// Prerelease adds a pre-release marker to the version. +// +// If this is "" (empty string) then it means that it is a final release. +// Otherwise, this is a pre-release such as "dev" (in development), "beta", +// "rc1", etc. +var Prerelease = "dev" +// UserAgent returns a Triton-go characteristic string that allows the +// network protocol peers to identify the version, release and runtime +// of the Triton-go client from which the requests originate. func UserAgent() string { if Prerelease != "" { - return fmt.Sprintf("triton-go/%s-%s (%s-%s; %s)", Version, Prerelease, runtime.GOARCH, runtime.GOOS, runtime.Version()) - } else { - return fmt.Sprintf("triton-go/%s (%s-%s; %s)", Version, runtime.GOARCH, runtime.GOOS, runtime.Version()) + return fmt.Sprintf("triton-go/%s-%s (%s-%s; %s)", Version, Prerelease, + runtime.GOARCH, runtime.GOOS, runtime.Version()) } + + return fmt.Sprintf("triton-go/%s (%s-%s; %s)", Version, runtime.GOARCH, + runtime.GOOS, runtime.Version()) } +// CloudAPIMajorVersion specifies the CloudAPI version compatibility +// for current release of the Triton-go SDK. const CloudAPIMajorVersion = "8" diff --git a/vendor/vendor.json b/vendor/vendor.json index 2e16785a835f..547c17523bb1 100644 --- a/vendor/vendor.json +++ b/vendor/vendor.json @@ -1225,34 +1225,34 @@ "revisionTime": "2018-02-06T20:15:40Z" }, { - "checksumSHA1": "Lg8OHK87XRGCaipG+5+zFyN8OMw=", + "checksumSHA1": "QMy7OtWBVChgvZg52PojtXuGRTA=", "path": "github.com/joyent/triton-go", - "revision": "545edbe0d564f075ac576f1ad177f4ff39c9adaf", - "revisionTime": "2018-01-16T16:57:42Z" + "revision": "8b12b82dc02a9395ca1506bc6a8ed0dbfc46977a", + "revisionTime": "2018-02-12T15:06:50Z" }, { "checksumSHA1": "Y03+L+I0FVZ2bMGWt1MHTDEyWM4=", "path": "github.com/joyent/triton-go/authentication", - "revision": "545edbe0d564f075ac576f1ad177f4ff39c9adaf", - "revisionTime": "2018-01-16T16:57:42Z" + "revision": "8b12b82dc02a9395ca1506bc6a8ed0dbfc46977a", + "revisionTime": "2018-02-12T15:06:50Z" }, { "checksumSHA1": "MuJsGBr6HlXQYxZY9cM5rBk+Lns=", "path": "github.com/joyent/triton-go/client", - "revision": "545edbe0d564f075ac576f1ad177f4ff39c9adaf", - "revisionTime": "2018-01-16T16:57:42Z" + "revision": "8b12b82dc02a9395ca1506bc6a8ed0dbfc46977a", + "revisionTime": "2018-02-12T15:06:50Z" }, { "checksumSHA1": "d/Py6j/uMgOAFNFGpsQrNnSsO+k=", "path": "github.com/joyent/triton-go/errors", - "revision": "545edbe0d564f075ac576f1ad177f4ff39c9adaf", - "revisionTime": "2018-01-16T16:57:42Z" + "revision": "8b12b82dc02a9395ca1506bc6a8ed0dbfc46977a", + "revisionTime": "2018-02-12T15:06:50Z" }, { - "checksumSHA1": "5v533ELM047YOiwHsyMaVzITpR0=", + "checksumSHA1": "ZN94TTnBIL3l/gTUdmm+a3jEE24=", "path": "github.com/joyent/triton-go/storage", - "revision": "545edbe0d564f075ac576f1ad177f4ff39c9adaf", - "revisionTime": "2018-01-16T16:57:42Z" + "revision": "8b12b82dc02a9395ca1506bc6a8ed0dbfc46977a", + "revisionTime": "2018-02-12T15:06:50Z" }, { "checksumSHA1": "VJk3rOWfxEV9Ilig5lgzH1qg8Ss=", From effb396185d9e0291d5b1333349071aba33de869 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Mon, 12 Feb 2018 21:01:14 -0500 Subject: [PATCH 118/178] Make fmt --- command/commands.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/command/commands.go b/command/commands.go index 9a9e54472208..92785aa29bbf 100644 --- a/command/commands.go +++ b/command/commands.go @@ -129,7 +129,7 @@ var ( "inmem_transactional_ha": physInmem.NewTransactionalInmemHA, "inmem_transactional": physInmem.NewTransactionalInmem, "inmem": physInmem.NewInmem, - "manta": physManta.NewMantaBackend, + "manta": physManta.NewMantaBackend, "mssql": physMSSQL.NewMSSQLBackend, "mysql": physMySQL.NewMySQLBackend, "postgresql": physPostgreSQL.NewPostgreSQLBackend, From 6e6b0eb08662cefae0dfd20148a2dda174e56488 Mon Sep 17 00:00:00 2001 From: Nicolas Troncoso Date: Tue, 13 Feb 2018 05:18:43 -0800 Subject: [PATCH 119/178] Turns the okta groups array into a coma separated string (#3956) --- builtin/credential/okta/backend.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/builtin/credential/okta/backend.go b/builtin/credential/okta/backend.go index 95829a9a1249..dbba93a59945 100644 --- a/builtin/credential/okta/backend.go +++ b/builtin/credential/okta/backend.go @@ -218,7 +218,7 @@ func (b *backend) getOktaGroups(client *okta.Client, user *okta.User) ([]string, oktaGroups = append(oktaGroups, group.Profile.Name) } if b.Logger().IsDebug() { - b.Logger().Debug("auth/okta: Groups fetched from Okta", "num_groups", len(oktaGroups), "groups", oktaGroups) + b.Logger().Debug("auth/okta: Groups fetched from Okta", "num_groups", len(oktaGroups), "groups", fmt.Sprintf("%#v", oktaGroups)) } return oktaGroups, nil } From a0ccf7bab4b4aa0a846b63f3dae8dfdd7f9c23e8 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Tue, 13 Feb 2018 10:03:12 -0500 Subject: [PATCH 120/178] Plumb context through manta --- physical/manta/manta.go | 31 +++++++++++++++---------------- 1 file changed, 15 insertions(+), 16 deletions(-) diff --git a/physical/manta/manta.go b/physical/manta/manta.go index 2d97663e83ca..c868ed635891 100644 --- a/physical/manta/manta.go +++ b/physical/manta/manta.go @@ -32,7 +32,6 @@ type MantaBackend struct { } func NewMantaBackend(conf map[string]string, logger log.Logger) (physical.Backend, error) { - user := os.Getenv("MANTA_USER") if user == "" { user = conf["user"] @@ -99,7 +98,7 @@ func NewMantaBackend(conf map[string]string, logger log.Logger) (physical.Backen } // Put is used to insert or update an entry -func (m *MantaBackend) Put(entry *physical.Entry) error { +func (m *MantaBackend) Put(ctx context.Context, entry *physical.Entry) error { defer metrics.MeasureSince([]string{"manta", "put"}, time.Now()) m.permitPool.Acquire() @@ -108,7 +107,7 @@ func (m *MantaBackend) Put(entry *physical.Entry) error { r := bytes.NewReader(entry.Value) r.Seek(0, 0) - return m.client.Objects().Put(context.Background(), &storage.PutObjectInput{ + return m.client.Objects().Put(ctx, &storage.PutObjectInput{ ObjectPath: path.Join(mantaDefaultRootStore, m.directory, entry.Key, ".vault_value"), ObjectReader: r, ContentLength: uint64(len(entry.Value)), @@ -117,13 +116,13 @@ func (m *MantaBackend) Put(entry *physical.Entry) error { } // Get is used to fetch an entry -func (m *MantaBackend) Get(key string) (*physical.Entry, error) { +func (m *MantaBackend) Get(ctx context.Context, key string) (*physical.Entry, error) { defer metrics.MeasureSince([]string{"manta", "get"}, time.Now()) m.permitPool.Acquire() defer m.permitPool.Release() - output, err := m.client.Objects().Get(context.Background(), &storage.GetObjectInput{ + output, err := m.client.Objects().Get(ctx, &storage.GetObjectInput{ ObjectPath: path.Join(mantaDefaultRootStore, m.directory, key, ".vault_value"), }) if err != nil { @@ -150,14 +149,14 @@ func (m *MantaBackend) Get(key string) (*physical.Entry, error) { } // Delete is used to permanently delete an entry -func (m *MantaBackend) Delete(key string) error { +func (m *MantaBackend) Delete(ctx context.Context, key string) error { defer metrics.MeasureSince([]string{"manta", "delete"}, time.Now()) m.permitPool.Acquire() defer m.permitPool.Release() if strings.HasSuffix(key, "/") { - err := m.client.Dir().Delete(context.Background(), &storage.DeleteDirectoryInput{ + err := m.client.Dir().Delete(ctx, &storage.DeleteDirectoryInput{ DirectoryName: path.Join(mantaDefaultRootStore, m.directory, key), ForceDelete: true, }) @@ -165,7 +164,7 @@ func (m *MantaBackend) Delete(key string) error { return err } } else { - err := m.client.Objects().Delete(context.Background(), &storage.DeleteObjectInput{ + err := m.client.Objects().Delete(ctx, &storage.DeleteObjectInput{ ObjectPath: path.Join(mantaDefaultRootStore, m.directory, key, ".vault_value"), }) if err != nil { @@ -175,14 +174,14 @@ func (m *MantaBackend) Delete(key string) error { return err } - return tryDeleteDirectory(m, path.Join(mantaDefaultRootStore, m.directory, key)) + return tryDeleteDirectory(ctx, m, path.Join(mantaDefaultRootStore, m.directory, key)) } return nil } -func tryDeleteDirectory(m *MantaBackend, directoryPath string) error { - objs, err := m.client.Dir().List(context.Background(), &storage.ListDirectoryInput{ +func tryDeleteDirectory(ctx context.Context, m *MantaBackend, directoryPath string) error { + objs, err := m.client.Dir().List(ctx, &storage.ListDirectoryInput{ DirectoryName: directoryPath, }) if err != nil { @@ -192,27 +191,27 @@ func tryDeleteDirectory(m *MantaBackend, directoryPath string) error { return err } if objs != nil && len(objs.Entries) == 0 { - err := m.client.Dir().Delete(context.Background(), &storage.DeleteDirectoryInput{ + err := m.client.Dir().Delete(ctx, &storage.DeleteDirectoryInput{ DirectoryName: directoryPath, }) if err != nil { return err } - return tryDeleteDirectory(m, path.Dir(directoryPath)) + return tryDeleteDirectory(ctx, m, path.Dir(directoryPath)) } return nil } // List is used to list all the keys under a given // prefix, up to the next prefix. -func (m *MantaBackend) List(prefix string) ([]string, error) { +func (m *MantaBackend) List(ctx context.Context, prefix string) ([]string, error) { defer metrics.MeasureSince([]string{"manta", "list"}, time.Now()) m.permitPool.Acquire() defer m.permitPool.Release() - objs, err := m.client.Dir().List(context.Background(), &storage.ListDirectoryInput{ + objs, err := m.client.Dir().List(ctx, &storage.ListDirectoryInput{ DirectoryName: path.Join(mantaDefaultRootStore, m.directory, prefix), }) if err != nil { @@ -225,7 +224,7 @@ func (m *MantaBackend) List(prefix string) ([]string, error) { keys := []string{} for _, obj := range objs.Entries { if obj.Type == "directory" { - objs, err := m.client.Dir().List(context.Background(), &storage.ListDirectoryInput{ + objs, err := m.client.Dir().List(ctx, &storage.ListDirectoryInput{ DirectoryName: path.Join(mantaDefaultRootStore, m.directory, prefix, obj.Name), }) if err != nil { From bea612135957227f859673f55345757cf6978f5d Mon Sep 17 00:00:00 2001 From: Brian Shumate Date: Tue, 13 Feb 2018 10:15:19 -0500 Subject: [PATCH 121/178] DOCS: update Telemetry (#3964) - Correct time to millis - Correct storage backend summaries from # ops to duration of ops --- .../source/docs/internals/telemetry.html.md | 175 +++++++++--------- 1 file changed, 87 insertions(+), 88 deletions(-) diff --git a/website/source/docs/internals/telemetry.html.md b/website/source/docs/internals/telemetry.html.md index cdb0e119f795..78613e8c5746 100644 --- a/website/source/docs/internals/telemetry.html.md +++ b/website/source/docs/internals/telemetry.html.md @@ -190,7 +190,7 @@ This includes what is being used by Vault's heap and what has been reclaimed but ### vault.runtime.total_gc_pause_ns -**[S]** Summary (Nanoseconds): The total garbage collector pause time since Vault was last started +**[S]** Summary (Milliseconds): The total garbage collector pause time since Vault was last started ### vault.runtime.total_gc_runs @@ -202,11 +202,11 @@ These metrics relate to policies and tokens. ### vault.expire.fetch-lease-times -**[S]** Summary (Nanoseconds): Time taken to fetch lease times +**[S]** Summary (Milliseconds): Time taken to fetch lease times ### vault.expire.fetch-lease-times-by-token -**[S]** Summary (Nanoseconds): Time taken to fetch lease times by token +**[S]** Summary (Milliseconds): Time taken to fetch lease times by token ### vault.expire.num_leases @@ -214,77 +214,77 @@ These metrics relate to policies and tokens. ### vault.expire.revoke -**[S]** Summary (Nanoseconds): Time taken to revoke a token +**[S]** Summary (Milliseconds): Time taken to revoke a token ### vault.expire.revoke-force -**[S]** Summary (Nanoseconds): Time taken to forcibly revoke a token +**[S]** Summary (Milliseconds): Time taken to forcibly revoke a token ### vault.expire.revoke-prefix -**[S]** Summary (Nanoseconds): Time taken to revoke tokens on a prefix +**[S]** Summary (Milliseconds): Time taken to revoke tokens on a prefix ### vault.expire.revoke-by-token -**[S]** Summary (Nanoseconds): Time taken to revoke all secrets issued with a given token +**[S]** Summary (Milliseconds): Time taken to revoke all secrets issued with a given token ### vault.expire.renew -**[S]** Summary (Nanoseconds): Time taken to renew a lease +**[S]** Summary (Milliseconds): Time taken to renew a lease ### vault.expire.renew-token -**[S]** Summary (Nanoseconds): Time taken to renew a token which does not need to invoke a logical backend +**[S]** Summary (Milliseconds): Time taken to renew a token which does not need to invoke a logical backend ### vault.expire.register -**[S]** Summary (Nanoseconds): Time taken for register operations +**[S]** Summary (Milliseconds): Time taken for register operations Thes operations take a request and response with an associated lease and register a lease entry with lease ID ### vault.expire.register-auth -**[S]** Summary (Nanoseconds): Time taken for register authentication operations which create lease entries without lease ID +**[S]** Summary (Milliseconds): Time taken for register authentication operations which create lease entries without lease ID ### vault.policy.get_policy -**[S]** Summary (Nanoseconds): Time taken to get a policy +**[S]** Summary (Milliseconds): Time taken to get a policy ### vault.policy.list_policies -**[S]** Summary (Nanoseconds): Time taken to list policies +**[S]** Summary (Milliseconds): Time taken to list policies ### vault.policy.delete_policy -**[S]** Summary (Nanoseconds): Time taken to delete a policy +**[S]** Summary (Milliseconds): Time taken to delete a policy ### vault.policy.set_policy -**[S]** Summary (Nanoseconds): Time taken to set a policy +**[S]** Summary (Milliseconds): Time taken to set a policy ### vault.token.create -**[S]** Summary (Nanoseconds): The time taken to create a token +**[S]** Summary (Milliseconds): The time taken to create a token ### vault.token.createAccessor -**[S]** Summary (Nanoseconds): The time taken to create a token +**[S]** Summary (Milliseconds): The time taken to create a token ### vault.token.lookup -**[S]** Summary (Nanoseconds): The time taken to look up a token +**[S]** Summary (Milliseconds): The time taken to look up a token ### vault.token.revoke -**[S]** Summary (Nanoseconds): Time taken to revoke a token +**[S]** Summary (Milliseconds): Time taken to revoke a token ### vault.token.revoke-tree -**[S]** Summary (Nanoseconds): Time taken to revoke a token tree +**[S]** Summary (Milliseconds): Time taken to revoke a token tree ### vault.token.store -**[S]** Summary (Nanoseconds): Time taken to store an updated token entry without writing to the secondary index +**[S]** Summary (Milliseconds): Time taken to store an updated token entry without writing to the secondary index ## Authentication Backend Metrics @@ -292,43 +292,43 @@ These metrics relate to supported authentication methods. ### vault.rollback.attempt.auth-token- -**[S]** Summary (Nanoseconds): Time taken to perform a rollback operation for the [token authentication backend][token-auth-backend] +**[S]** Summary (Milliseconds): Time taken to perform a rollback operation for the [token authentication backend][token-auth-backend] ### vault.rollback.attempt.auth-ldap- -**[S]** Summary (Nanoseconds): Time taken to perform a rollback operation for the [LDAP authentication backend][ldap-auth-backend] +**[S]** Summary (Milliseconds): Time taken to perform a rollback operation for the [LDAP authentication backend][ldap-auth-backend] ### vault.rollback.attempt.cubbyhole- -**[S]** Summary (Nanoseconds): Time taken to perform a rollback operation for the [Cubbyhole secret backend][cubbyhole-secret-backend] +**[S]** Summary (Milliseconds): Time taken to perform a rollback operation for the [Cubbyhole secret backend][cubbyhole-secret-backend] ### vault.rollback.attempt.secret- -**[S]** Summary (Nanoseconds): Time taken to perform a rollback operation for the [K/V secret backend][kv-secret-backend] +**[S]** Summary (Milliseconds): Time taken to perform a rollback operation for the [K/V secret backend][kv-secret-backend] ### vault.rollback.attempt.sys- -**[S]** Summary (Nanoseconds): Time taken to perform a rollback operation for the system backend +**[S]** Summary (Milliseconds): Time taken to perform a rollback operation for the system backend ### vault.route.rollback.auth-ldap- -**[S]** Summary (Nanoseconds): Time taken to perform a route rollback operation for the [LDAP authentication backend][ldap-auth-backend] +**[S]** Summary (Milliseconds): Time taken to perform a route rollback operation for the [LDAP authentication backend][ldap-auth-backend] ### vault.route.rollback.auth-token- -**[S]** Summary (Nanoseconds): Time taken to perform a route rollback operation for the [token authentication backend][token-auth-backend] +**[S]** Summary (Milliseconds): Time taken to perform a route rollback operation for the [token authentication backend][token-auth-backend] ### vault.route.rollback.cubbyhole- -**[S]** Summary (Nanoseconds): Time taken to perform a route rollback operation for the [Cubbyhole secret backend][cubbyhole-secret-backend] +**[S]** Summary (Milliseconds): Time taken to perform a route rollback operation for the [Cubbyhole secret backend][cubbyhole-secret-backend] ### vault.route.rollback.secret- -**[S]** Summary (Nanoseconds): Time taken to perform a route rollback operation for the [K/V secret backend][kv-secret-backend] +**[S]** Summary (Milliseconds): Time taken to perform a route rollback operation for the [K/V secret backend][kv-secret-backend] ### vault.route.rollback.sys- -**[S]** Summary (Nanoseconds): Time taken to perform a route rollback operation for the system backend +**[S]** Summary (Milliseconds): Time taken to perform a route rollback operation for the system backend ## Storage Backend Metrics @@ -336,228 +336,227 @@ These metrics relate to the supported storage backends. ### vault.azure.put -**[S]** Summary (Number of operations): Number of put operations against the [Azure storage backend][azure-storage-backend] +**[S]** Summary (Milliseconds): Duration of a PUT operation against the [Azure storage backend][azure-storage-backend] ### vault.azure.get -**[S]** Summary (Number of operations):Number of get operations against the [ -Azure storage backend][azure-storage-backend] +**[S]** Summary (Milliseconds): Duration of a GET operation against the [Azure storage backend][azure-storage-backend] ### vault.azure.delete -**[S]** Summary (Number of operations):Number of delete operations against the [Azure storage backend][azure-storage-backend] +**[S]** Summary (Milliseconds): Duration of a DELETE operation against the [Azure storage backend][azure-storage-backend] ### vault.azure.list -**[S]** Summary (Number of operations):Number of list operations against the [Azure storage backend][azure-storage-backend] +**[S]** Summary (Milliseconds): Duration of a LIST operation against the [Azure storage backend][azure-storage-backend] ### vault.cassandra.put -**[S]** Summary (Number of operations): Number of PUT operations against the [Cassandra storage backend][cassandra-storage-backend] +**[S]** Summary (Milliseconds): Duration of a PUT operation against the [Cassandra storage backend][cassandra-storage-backend] ### vault.cassandra.get -**[S]** Summary (Number of operations): Number of GET operations against the [Cassandra storage backend][cassandra-storage-backend] +**[S]** Summary (Milliseconds): Duration of a GET operation against the [Cassandra storage backend][cassandra-storage-backend] ### vault.cassandra.delete -**[S]** Summary (Number of operations): Number of DELETE operations against the [Cassandra storage backend][cassandra-storage-backend] +**[S]** Summary (Milliseconds): Duration of a DELETE operation against the [Cassandra storage backend][cassandra-storage-backend] ### vault.cassandra.list -**[S]** Summary (Number of operations): Number of LIST operations against the [Cassandra storage backend][cassandra-storage-backend] +**[S]** Summary (Milliseconds): Duration of a LIST operation against the [Cassandra storage backend][cassandra-storage-backend] ### vault.cockroachdb.put -**[S]** Summary (Number of operations): Number of PUT operations against the [CockroachDB storage backend][cockroachdb-storage-backend] +**[S]** Summary (Milliseconds): Duration of a PUT operation against the [CockroachDB storage backend][cockroachdb-storage-backend] ### vault.cockroachdb.get -**[S]** Summary (Number of operations): Number of GET operations against the [CockroachDB storage backend][cockroachdb-storage-backend] +**[S]** Summary (Milliseconds): Duration of a GET operation against the [CockroachDB storage backend][cockroachdb-storage-backend] ### vault.cockroachdb.delete -**[S]** Summary (Number of operations): Number of DELETE operations against the [CockroachDB storage backend][cockroachdb-storage-backend] +**[S]** Summary (Milliseconds): Duration of a DELETE operation against the [CockroachDB storage backend][cockroachdb-storage-backend] ### vault.cockroachdb.list -**[S]** Summary (Number of operations): Number of LIST operations against the [CockroachDB storage backend][cockroachdb-storage-backend] +**[S]** Summary (Milliseconds): Duration of a LIST operation against the [CockroachDB storage backend][cockroachdb-storage-backend] ### vault.consul.put -**[S]** Summary (Number of operations): Number of PUT operations against the [Consul storage backend][consul-storage-backend] +**[S]** Summary (Milliseconds): Duration of a PUT operation against the [Consul storage backend][consul-storage-backend] ### vault.consul.get -**[S]** Summary (Number of operations): Number of GET operations against the [Consul storage backend][consul-storage-backend] +**[S]** Summary (Milliseconds): Duration of a GET operation against the [Consul storage backend][consul-storage-backend] ### vault.consul.delete -**[S]** Summary (Number of operations): Number of DELETE operations against the [Consul storage backend][consul-storage-backend] +**[S]** Summary (Milliseconds): Duration of a DELETE operation against the [Consul storage backend][consul-storage-backend] ### vault.consul.list -**[S]** Summary (Number of operations): Number of LIST operations against the [Consul storage backend][consul-storage-backend] +**[S]** Summary (Milliseconds): Duration of a LIST operation against the [Consul storage backend][consul-storage-backend] ### vault.couchdb.put -**[S]** Summary (Number of operations): Number of PUT operations against the [CouchDB storage backend][couchdb-storage-backend] +**[S]** Summary (Milliseconds): Duration of a PUT operation against the [CouchDB storage backend][couchdb-storage-backend] ### vault.couchdb.get -**[S]** Summary (Number of operations): Number of GET operations against the [CouchDB storage backend][couchdb-storage-backend] +**[S]** Summary (Milliseconds): Duration of a GET operation against the [CouchDB storage backend][couchdb-storage-backend] ### vault.couchdb.delete -**[S]** Summary (Number of operations): Number of DELETE operations against the [CouchDB storage backend][couchdb-storage-backend] +**[S]** Summary (Milliseconds): Duration of a DELETE operation against the [CouchDB storage backend][couchdb-storage-backend] ### vault.couchdb.list -**[S]** Summary (Number of operations): Number of LIST operations against the [CouchDB storage backend][couchdb-storage-backend] +**[S]** Summary (Milliseconds): Duration of a LIST operation against the [CouchDB storage backend][couchdb-storage-backend] ### vault.dynamodb.put -**[S]** Summary (Number of operations): Number of PUT operations against the [DynamoDB storage backend][dynamodb-storage-backend] +**[S]** Summary (Milliseconds): Duration of a PUT operation against the [DynamoDB storage backend][dynamodb-storage-backend] ### vault.dynamodb.get -**[S]** Summary (Number of operations): Number of GET operations against the [DynamoDB storage backend][dynamodb-storage-backend] +**[S]** Summary (Milliseconds): Duration of a GET operation against the [DynamoDB storage backend][dynamodb-storage-backend] ### vault.dynamodb.delete -**[S]** Summary (Number of operations): Number of DELETE operations against the [DynamoDB storage backend][dynamodb-storage-backend] +**[S]** Summary (Milliseconds): Duration of a DELETE operation against the [DynamoDB storage backend][dynamodb-storage-backend] ### vault.dynamodb.list -**[S]** Summary (Number of operations): Number of LIST operations against the [DynamoDB storage backend][dynamodb-storage-backend] +**[S]** Summary (Milliseconds): Duration of a LIST operation against the [DynamoDB storage backend][dynamodb-storage-backend] ### vault.etcd.put -**[S]** Summary (Number of operations): Number of PUT operations against the [etcd storage backend][etcd-storage-backend] +**[S]** Summary (Milliseconds): Duration of a PUT operation against the [etcd storage backend][etcd-storage-backend] ### vault.etcd.get -**[S]** Summary (Number of operations): Number of GET operations against the [etcd storage backend][etcd-storage-backend] +**[S]** Summary (Milliseconds): Duration of a GET operation against the [etcd storage backend][etcd-storage-backend] ### vault.etcd.delete -**[S]** Summary (Number of operations): Number of DELETE operations against the [etcd storage backend][etcd-storage-backend] +**[S]** Summary (Milliseconds): Duration of a DELETE operation against the [etcd storage backend][etcd-storage-backend] ### vault.etcd.list -**[S]** Summary (Number of operations): Number of LIST operations against the [etcd storage backend][etcd-storage-backend] +**[S]** Summary (Milliseconds): Duration of a LIST operation against the [etcd storage backend][etcd-storage-backend] ### vault.gcs.put -**[S]** Summary (Number of operations): Number of PUT operations against the [Google Cloud Storage storage backend][gcs-storage-backend] +**[S]** Summary (Milliseconds): Duration of a PUT operation against the [Google Cloud Storage storage backend][gcs-storage-backend] ### vault.gcs.get -**[S]** Summary (Number of operations): Number of GET operations against the [Google Cloud Storage storage backend][gcs-storage-backend] +**[S]** Summary (Milliseconds): Duration of a GET operation against the [Google Cloud Storage storage backend][gcs-storage-backend] ### vault.gcs.delete -**[S]** Summary (Number of operations): Number of DELETE operations against the [Google Cloud Storage storage backend][gcs-storage-backend] +**[S]** Summary (Milliseconds): Duration of a DELETE operation against the [Google Cloud Storage storage backend][gcs-storage-backend] ### vault.gcs.list -**[S]** Summary (Number of operations): Number of LIST operations against the [Google Cloud Storage storage backend][gcs-storage-backend] +**[S]** Summary (Milliseconds): Duration of a LIST operation against the [Google Cloud Storage storage backend][gcs-storage-backend] ### vault.mssql.put -**[S]** Summary (Number of operations): Number of PUT operations against the [MS-SQL storage backend][mssql-storage-backend] +**[S]** Summary (Milliseconds): Duration of a PUT operation against the [MS-SQL storage backend][mssql-storage-backend] ### vault.mssql.get -**[S]** Summary (Number of operations): Number of GET operations against the [MS-SQL storage backend][mssql-storage-backend] +**[S]** Summary (Milliseconds): Duration of a GET operation against the [MS-SQL storage backend][mssql-storage-backend] ### vault.mssql.delete -**[S]** Summary (Number of operations): Number of DELETE operations against the [MS-SQL storage backend][mssql-storage-backend] +**[S]** Summary (Milliseconds): Duration of a DELETE operation against the [MS-SQL storage backend][mssql-storage-backend] ### vault.mssql.list -**[S]** Summary (Number of operations): Number of LIST operations against the [MS-SQL storage backend][mssql-storage-backend] +**[S]** Summary (Milliseconds): Duration of a LIST operation against the [MS-SQL storage backend][mssql-storage-backend] ### vault.mysql.put -**[S]** Summary (Number of operations): Number of PUT operations against the [MySQL storage backend][mysql-storage-backend] +**[S]** Summary (Milliseconds): Duration of a PUT operation against the [MySQL storage backend][mysql-storage-backend] ### vault.mysql.get -**[S]** Summary (Number of operations): Number of GET operations against the [MySQL storage backend][mysql-storage-backend] +**[S]** Summary (Milliseconds): Duration of a GET operation against the [MySQL storage backend][mysql-storage-backend] ### vault.mysql.delete -**[S]** Summary (Number of operations): Number of DELETE operations against the [MySQL storage backend][mysql-storage-backend] +**[S]** Summary (Milliseconds): Duration of a DELETE operation against the [MySQL storage backend][mysql-storage-backend] ### vault.mysql.list -**[S]** Summary (Number of operations): Number of LIST operations against the [MySQL storage backend][mysql-storage-backend] +**[S]** Summary (Milliseconds): Duration of a LIST operation against the [MySQL storage backend][mysql-storage-backend] ### vault.postgres.put -**[S]** Summary (Number of operations): Number of PUT operations against the [PostgreSQL storage backend][postgresql-storage-backend] +**[S]** Summary (Milliseconds): Duration of a PUT operation against the [PostgreSQL storage backend][postgresql-storage-backend] ### vault.postgres.get -**[S]** Summary (Number of operations): Number of GET operations against the [PostgreSQL storage backend][postgresql-storage-backend] +**[S]** Summary (Milliseconds): Duration of a GET operation against the [PostgreSQL storage backend][postgresql-storage-backend] ### vault.postgres.delete -**[S]** Summary (Number of operations): Number of DELETE operations against the [PostgreSQL storage backend][postgresql-storage-backend] +**[S]** Summary (Milliseconds): Duration of a DELETE operation against the [PostgreSQL storage backend][postgresql-storage-backend] ### vault.postgres.list -**[S]** Summary (Number of operations): Number of LIST operations against the [PostgreSQL storage backend][postgresql-storage-backend] +**[S]** Summary (Milliseconds): Duration of a LIST operation against the [PostgreSQL storage backend][postgresql-storage-backend] ### vault.s3.put -**[S]** Summary (Number of operations): Number of PUT operations against the [Amazon S3 storage backend][s3-storage-backend] +**[S]** Summary (Milliseconds): Duration of a PUT operation against the [Amazon S3 storage backend][s3-storage-backend] ### vault.s3.get -**[S]** Summary (Number of operations): Number of GET operations against the [Amazon S3 storage backend][s3-storage-backend] +**[S]** Summary (Milliseconds): Duration of a GET operation against the [Amazon S3 storage backend][s3-storage-backend] ### vault.s3.delete -**[S]** Summary (Number of operations): Number of DELETE operations against the [Amazon S3 storage backend][s3-storage-backend] +**[S]** Summary (Milliseconds): Duration of a DELETE operation against the [Amazon S3 storage backend][s3-storage-backend] ### vault.s3.list -**[S]** Summary (Number of operations): Number of LIST operations against the [Amazon S3 storage backend][s3-storage-backend] +**[S]** Summary (Milliseconds): Duration of a LIST operation against the [Amazon S3 storage backend][s3-storage-backend] ### vault.swift.put -**[S]** Summary (Number of operations): Number of PUT operations against the [Swift storage backend][swift-storage-backend] +**[S]** Summary (Milliseconds): Duration of a PUT operation against the [Swift storage backend][swift-storage-backend] ### vault.swift.get -**[S]** Summary (Number of operations): Number of GET operations against the [Swift storage backend][swift-storage-backend] +**[S]** Summary (Milliseconds): Duration of a GET operation against the [Swift storage backend][swift-storage-backend] ### vault.swift.delete -**[S]** Summary (Number of operations): Number of DELETE operations against the [Swift storage backend][swift-storage-backend] +**[S]** Summary (Milliseconds): Duration of a DELETE operation against the [Swift storage backend][swift-storage-backend] ### vault.swift.list -**[S]** Summary (Number of operations): Number of LIST operations against the [Swift storage backend][swift-storage-backend] +**[S]** Summary (Milliseconds): Duration of a LIST operation against the [Swift storage backend][swift-storage-backend] ### vault.zookeeper.put -**[S]** Summary (Number of operations): Number of PUT operations against the [ZooKeeper storage backend][zookeeper-storage-backend] +**[S]** Summary (Milliseconds): Duration of a PUT operation against the [ZooKeeper storage backend][zookeeper-storage-backend] ### vault.zookeeper.get -**[S]** Summary (Number of operations): Number of GET operations against the [ZooKeeper storage backend][zookeeper-storage-backend] +**[S]** Summary (Milliseconds): Duration of a GET operation against the [ZooKeeper storage backend][zookeeper-storage-backend] ### vault.zookeeper.delete -**[S]** Summary (Number of operations): Number of DELETE operations against the [ZooKeeper storage backend][zookeeper-storage-backend] +**[S]** Summary (Milliseconds): Duration of a DELETE operation against the [ZooKeeper storage backend][zookeeper-storage-backend] ### vault.zookeeper.list -**[S]** Summary (Number of operations): Number of LIST operations against the [ZooKeeper storage backend][zookeeper-storage-backend] +**[S]** Summary (Milliseconds): Duration of a LIST operation against the [ZooKeeper storage backend][zookeeper-storage-backend] [telemetry-stanza]: /docs/configuration/telemetry.html [cubbyhole-secret-backend]: /docs/secrets/cubbyhole/index.html From dba4bc10b9d950bf721113880ae3ce53d1382d81 Mon Sep 17 00:00:00 2001 From: George Perez Date: Tue, 13 Feb 2018 11:03:35 -0500 Subject: [PATCH 122/178] Update generate-root.html.md (#3894) Fix typo: "providers" to "provides" --- website/source/guides/generate-root.html.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/source/guides/generate-root.html.md b/website/source/guides/generate-root.html.md index ba7c119368b9..998a5ce84aea 100644 --- a/website/source/guides/generate-root.html.md +++ b/website/source/guides/generate-root.html.md @@ -48,7 +48,7 @@ In this method, an OTP is XORed with the generated token on final output. The nonce value should be distributed to all unseal key holders. -1. Each unseal key holder providers their unseal key: +1. Each unseal key holder provides their unseal key: ```text $ vault operator generate-root From c400463298955a1a790d2a59d4ae5c398d81ce6c Mon Sep 17 00:00:00 2001 From: Brian Shumate Date: Tue, 13 Feb 2018 11:04:11 -0500 Subject: [PATCH 123/178] Clarify with example of file-backend specific metrics (#3913) --- website/source/docs/internals/telemetry.html.md | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/website/source/docs/internals/telemetry.html.md b/website/source/docs/internals/telemetry.html.md index 78613e8c5746..ad9d03aae2cb 100644 --- a/website/source/docs/internals/telemetry.html.md +++ b/website/source/docs/internals/telemetry.html.md @@ -64,11 +64,21 @@ These metrics represent operational aspects of the running Vault instance. ### vault.audit.log_request -**[S]** Summary (Number of requests): Number of audit log requests +**[S]** Summary (Nanoseconds): Duration of time taken by all audit log requests across all audit log backends ### vault.audit.log_response -**[S]** Summary (Number of responses): Number of audit log responses +**[S]** Summary (Nanoseconds): Duration of time taken by audit log responses across all audit log backends + +Additionally, per audit log backend metrics such as those for a specific backend like `file` will be present as: + +### vault.audit.file.log_request + +**[S]** Summary (Nanoseconds): Duration of time taken by audit log requests for the file based audit backend mounted as `file` + +### vault.audit.file.log_response + +**[S]** Summary (Nanoseconds): Duration of time taken by audit log responses for the file based audit backend mounted as `file` ### vault.audit.log_request_failure From 89dbe2deffaf7a89e8e099886a15c286a46b73ae Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Tue, 13 Feb 2018 14:46:57 -0500 Subject: [PATCH 124/178] Add newline on non-ttl output (#3967) Output is formatted with newlines in mind, so without this those get lost and things get funky due to multiple outputs running together. --- command/main.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/command/main.go b/command/main.go index 824b80fa6cd2..6ed2236dd319 100644 --- a/command/main.go +++ b/command/main.go @@ -23,7 +23,9 @@ func (u *VaultUI) Output(m string) { if u.isTerminal { u.Ui.Output(m) } else { - getWriterFromUI(u.Ui).Write([]byte(m)) + writer := getWriterFromUI(u.Ui) + writer.Write([]byte(m)) + writer.Write([]byte("\n")) } } From 4ae1310b8bef8133bef61e25c53d93fdc8d5d81e Mon Sep 17 00:00:00 2001 From: Seth Vargo Date: Tue, 13 Feb 2018 22:17:51 -0500 Subject: [PATCH 125/178] Fix code in header font size (#3970) * Fix code in header font size This fixes the tiny code font in header names. * Update _global.scss --- website/source/assets/stylesheets/_global.scss | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/website/source/assets/stylesheets/_global.scss b/website/source/assets/stylesheets/_global.scss index 3b69c05ddce8..87c1708c6695 100755 --- a/website/source/assets/stylesheets/_global.scss +++ b/website/source/assets/stylesheets/_global.scss @@ -19,6 +19,10 @@ body { h1, h2, h3, h4, h5 { font-family: $font-family-klavika; -webkit-font-smoothing: antialiased; + + code, tt { + font-size: inherit !important; + } } h1 { From 632a5f37a946517765b5a7e31c031cb5f3df2088 Mon Sep 17 00:00:00 2001 From: Gobin Sougrakpam Date: Thu, 15 Feb 2018 01:22:46 +1100 Subject: [PATCH 126/178] Log warnings when too many leases are active (#3957) --- vault/expiration.go | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/vault/expiration.go b/vault/expiration.go index d8d84bba51db..006ff001df0e 100644 --- a/vault/expiration.go +++ b/vault/expiration.go @@ -45,6 +45,9 @@ const ( // defaultLeaseDuration is the default lease duration used when no lease is specified defaultLeaseTTL = maxLeaseTTL + + //maxLeaseThreshold is the maximum lease count before generating log warning + maxLeaseThreshold = 256000 ) // ExpirationManager is used by the Core to manage leases. Secrets @@ -70,8 +73,9 @@ type ExpirationManager struct { restoreLoaded sync.Map quitCh chan struct{} - coreStateLock *sync.RWMutex - quitContext context.Context + coreStateLock *sync.RWMutex + quitContext context.Context + leaseCheckCounter uint32 } // NewExpirationManager creates a new ExpirationManager that is backed @@ -91,8 +95,9 @@ func NewExpirationManager(c *Core, view *BarrierView) *ExpirationManager { restoreLocks: locksutil.CreateLocks(), quitCh: make(chan struct{}), - coreStateLock: &c.stateLock, - quitContext: c.activeContext, + coreStateLock: &c.stateLock, + quitContext: c.activeContext, + leaseCheckCounter: 0, } if exp.logger == nil { @@ -1269,6 +1274,15 @@ func (m *ExpirationManager) emitMetrics() { num := len(m.pending) m.pendingLock.RUnlock() metrics.SetGauge([]string{"expire", "num_leases"}, float32(num)) + // Check if lease count is greater than the threshold + if num > maxLeaseThreshold { + if atomic.LoadUint32(&m.leaseCheckCounter) > 59 { + m.logger.Warn("expiration: lease count exceeds warning lease threshold") + atomic.StoreUint32(&m.leaseCheckCounter, 0) + } else { + atomic.AddUint32(&m.leaseCheckCounter, 1) + } + } } // leaseEntry is used to structure the values the expiration From 0822882eeebda01d93fb1fce9969e9d9e0db6c44 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Wed, 14 Feb 2018 09:24:26 -0500 Subject: [PATCH 127/178] changelog++ --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index aa8061510e07..391320ad14c5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,10 @@ IMPROVEMENTS: * cli: Add `-format` flag to all subcommands [GH-3897] * cli: Do not display deprecation warnings when the format is not table [GH-3897] + * core: If over a predefined lease count (256k), log a warning not more than + once a minute. Too many leases can be problematic for many of the storage + backends and often this number of leases is indicative of a need for + workflow improvements. [GH-3957] * secret/pki: Add a flag to make the common name optional on certs [GH-3940] * secret/pki: Ensure only DNS-compatible names go into DNS SANs; additionally, properly handle IDNA transformations for these DNS names [GH-3953] From dddf5e726e22295c79025ffe64a93d8a376a8411 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Wed, 14 Feb 2018 09:38:46 -0500 Subject: [PATCH 128/178] Update Okta dep. Fixes #3963 --- .../chrismalek/oktasdk-go/okta/apps.go | 8 +-- .../chrismalek/oktasdk-go/okta/groups.go | 11 ++-- .../chrismalek/oktasdk-go/okta/users.go | 51 ++++++++++++++----- vendor/vendor.json | 6 +-- 4 files changed, 51 insertions(+), 25 deletions(-) diff --git a/vendor/github.com/chrismalek/oktasdk-go/okta/apps.go b/vendor/github.com/chrismalek/oktasdk-go/okta/apps.go index d198606758d6..cf1d1205f30e 100644 --- a/vendor/github.com/chrismalek/oktasdk-go/okta/apps.go +++ b/vendor/github.com/chrismalek/oktasdk-go/okta/apps.go @@ -6,6 +6,7 @@ import ( "time" ) +// AppsService is a service to retreives applications from OKTA. type AppsService service // AppFilterOptions is used to generate a "Filter" to search for different Apps @@ -17,6 +18,7 @@ type AppFilterOptions struct { Limit int `url:"limit,omitempty"` } +// App is the Model for an OKTA Application type App struct { ID string `json:"id"` Name string `json:"name"` @@ -138,6 +140,7 @@ func (a *AppsService) GetByID(appID string) (*App, *Response, error) { return app, resp, err } +// AppUser is the model for a user of an OKTA App type AppUser struct { ID string `json:"id"` ExternalID string `json:"externalId"` @@ -227,10 +230,9 @@ func (a *AppsService) GetUsers(appID string, opt *AppFilterOptions) (appUsers [] if err != nil { return appUsers, resp, err - } else { - appUsers = append(appUsers, userPage...) - pagesRetreived++ } + appUsers = append(appUsers, userPage...) + pagesRetreived++ } else { break } diff --git a/vendor/github.com/chrismalek/oktasdk-go/okta/groups.go b/vendor/github.com/chrismalek/oktasdk-go/okta/groups.go index 5c9b58086238..7744f63bc474 100644 --- a/vendor/github.com/chrismalek/oktasdk-go/okta/groups.go +++ b/vendor/github.com/chrismalek/oktasdk-go/okta/groups.go @@ -141,10 +141,10 @@ func (g *GroupsService) ListWithFilter(opt *GroupFilterOptions) ([]Group, *Respo groupPage, resp, err = g.ListWithFilter(pageOption) if err != nil { return groups, resp, err - } else { - groups = append(groups, groupPage...) - pagesRetreived++ } + groups = append(groups, groupPage...) + pagesRetreived++ + } else { break } @@ -222,10 +222,9 @@ func (g *GroupsService) GetUsers(groupID string, opt *GroupUserFilterOptions) (u userPage, resp, err = g.GetUsers(groupID, pageOpts) if err != nil { return users, resp, err - } else { - users = append(users, userPage...) - pagesRetreived++ } + users = append(users, userPage...) + pagesRetreived++ } else { break } diff --git a/vendor/github.com/chrismalek/oktasdk-go/okta/users.go b/vendor/github.com/chrismalek/oktasdk-go/okta/users.go index 73448f50326d..8102a819eece 100644 --- a/vendor/github.com/chrismalek/oktasdk-go/okta/users.go +++ b/vendor/github.com/chrismalek/oktasdk-go/okta/users.go @@ -40,7 +40,7 @@ const ( type UsersService service // ActivationResponse - Response coming back from a user activation -type activationResponse struct { +type ActivationResponse struct { ActivationURL string `json:"activationUrl"` } @@ -128,8 +128,8 @@ type User struct { Status string `json:"status,omitempty"` StatusChanged string `json:"statusChanged,omitempty"` Links userLinks `json:"_links,omitempty"` - MFAFactors []userMFAFactor `json:"-,omitempty"` - Groups []Group `json:"-,omitempty"` + MFAFactors []userMFAFactor `json:"-,"` + Groups []Group `json:"-"` } type userMFAFactor struct { @@ -155,7 +155,8 @@ type newPasswordSet struct { Credentials credentials `json:"credentials"` } -type resetPasswordResponse struct { +// ResetPasswordResponse struct that returns data about the password reset +type ResetPasswordResponse struct { ResetPasswordURL string `json:"resetPasswordUrl"` } @@ -267,13 +268,38 @@ func (s *UsersService) PopulateGroups(user *User) (*Response, error) { if err != nil { return nil, err } - // TODO: If user has more than 200 groups this will only return those first 200 + // Get first page of users. resp, err := s.client.Do(req, &user.Groups) if err != nil { return resp, err } + // Look for any remaining user group pages. + var nextURL string + if resp.NextURL != nil { + nextURL = resp.NextURL.String() + } + for { + + if nextURL != "" { + req, err := s.client.NewRequest("GET", nextURL, nil) + userGroupsPages := []Group{} + + resp, err := s.client.Do(req, &userGroupsPages) + nextURL = "" + if err != nil { + return resp, err + } + user.Groups = append(user.Groups, userGroupsPages...) + if resp.NextURL != nil { + nextURL = resp.NextURL.String() + } + + } else { + return resp, err + } + + } - return resp, err } // PopulateEnrolledFactors will populate the Enrolled MFA Factors a user is a member of. @@ -404,10 +430,9 @@ func (s *UsersService) ListWithFilter(opt *UserListFilterOptions) ([]User, *Resp userPage, resp, err = s.ListWithFilter(pageOption) if err != nil { return users, resp, err - } else { - users = append(users, userPage...) - pagesRetreived++ } + users = append(users, userPage...) + pagesRetreived++ } else { break } @@ -440,7 +465,7 @@ func (s *UsersService) Create(userIn NewUser, createAsActive bool) (*User, *Resp // Activate Activates a user. You can have OKTA send an email by including a "sendEmail=true" // If you pass in sendEmail=false, then activationResponse.ActivationURL will have a string URL that // can be sent to the end user. You can discard response if sendEmail=true -func (s *UsersService) Activate(id string, sendEmail bool) (*activationResponse, *Response, error) { +func (s *UsersService) Activate(id string, sendEmail bool) (*ActivationResponse, *Response, error) { u := fmt.Sprintf("users/%v/lifecycle/activate?sendEmail=%v", id, sendEmail) req, err := s.client.NewRequest("POST", u, nil) @@ -448,7 +473,7 @@ func (s *UsersService) Activate(id string, sendEmail bool) (*activationResponse, return nil, nil, err } - activationInfo := new(activationResponse) + activationInfo := new(ActivationResponse) resp, err := s.client.Do(req, activationInfo) if err != nil { @@ -563,7 +588,7 @@ func (s *UsersService) SetPassword(id string, newPassword string) (*User, *Respo // http://developer.okta.com/docs/api/resources/users.html#reset-password // If you pass in sendEmail=false, then resetPasswordResponse.resetPasswordUrl will have a string URL that // can be sent to the end user. You can discard response if sendEmail=true -func (s *UsersService) ResetPassword(id string, sendEmail bool) (*resetPasswordResponse, *Response, error) { +func (s *UsersService) ResetPassword(id string, sendEmail bool) (*ResetPasswordResponse, *Response, error) { u := fmt.Sprintf("users/%v/lifecycle/reset_password?sendEmail=%v", id, sendEmail) req, err := s.client.NewRequest("POST", u, nil) @@ -571,7 +596,7 @@ func (s *UsersService) ResetPassword(id string, sendEmail bool) (*resetPasswordR return nil, nil, err } - resetInfo := new(resetPasswordResponse) + resetInfo := new(ResetPasswordResponse) resp, err := s.client.Do(req, resetInfo) if err != nil { diff --git a/vendor/vendor.json b/vendor/vendor.json index 547c17523bb1..844c08665211 100644 --- a/vendor/vendor.json +++ b/vendor/vendor.json @@ -451,10 +451,10 @@ "revisionTime": "2018-01-19T17:31:02Z" }, { - "checksumSHA1": "sFjc2R+KS9AeXIPMV4KCw+GwX5I=", + "checksumSHA1": "1Rvwxu0e4go24iSScwsszMUHjKQ=", "path": "github.com/chrismalek/oktasdk-go/okta", - "revision": "ae553c909ca06a4c34eb41ee435e83871a7c2496", - "revisionTime": "2017-09-11T15:31:29Z" + "revision": "d0c464c6e7d0c3407d2ec2da7a5818536e600515", + "revisionTime": "2018-02-13T20:42:57Z" }, { "checksumSHA1": "l8gIVOjlnOrceuJLONvgA8p4FI4=", From 2b617f305a0ccdc2d8dc517aada0be23b1a50852 Mon Sep 17 00:00:00 2001 From: Brian Shumate Date: Wed, 14 Feb 2018 09:39:51 -0500 Subject: [PATCH 129/178] DOCS: update Telemetry with more coverage (#3968) - Add initial secrets engines metrics - Update metrics types/values - Update language for auth methods, secrets engines, audit devices - Add more linking to relevant documentation --- .../source/docs/internals/telemetry.html.md | 180 ++++++++++++++---- 1 file changed, 143 insertions(+), 37 deletions(-) diff --git a/website/source/docs/internals/telemetry.html.md b/website/source/docs/internals/telemetry.html.md index ad9d03aae2cb..57f04cb21cba 100644 --- a/website/source/docs/internals/telemetry.html.md +++ b/website/source/docs/internals/telemetry.html.md @@ -64,107 +64,107 @@ These metrics represent operational aspects of the running Vault instance. ### vault.audit.log_request -**[S]** Summary (Nanoseconds): Duration of time taken by all audit log requests across all audit log backends +**[S]** Summary (Milliseconds): Duration of time taken by all audit log requests across all audit log devices ### vault.audit.log_response -**[S]** Summary (Nanoseconds): Duration of time taken by audit log responses across all audit log backends +**[S]** Summary (Milliseconds): Duration of time taken by audit log responses across all audit log devices -Additionally, per audit log backend metrics such as those for a specific backend like `file` will be present as: +Additionally, per audit log device metrics such as those for a specific backend like `file` will be present as: ### vault.audit.file.log_request -**[S]** Summary (Nanoseconds): Duration of time taken by audit log requests for the file based audit backend mounted as `file` +**[S]** Summary (Milliseconds): Duration of time taken by audit log requests for the file based audit device mounted as `file` ### vault.audit.file.log_response -**[S]** Summary (Nanoseconds): Duration of time taken by audit log responses for the file based audit backend mounted as `file` +**[S]** Summary (Milliseconds): Duration of time taken by audit log responses for the file based audit device mounted as `file` ### vault.audit.log_request_failure **[C]** Counter (Number of failures): Number of audit log request failures -**NOTE**: This is a particularly important metric. Any non-zero value here indicates that there was a failure to make an audit log request to any of the configured audit log backends; **when Vault cannot log to any of the configured audit log backends it ceases all user operations**, and you should begin troubleshooting the audit log backends immediately if this metric continually increases. +**NOTE**: This is a particularly important metric. Any non-zero value here indicates that there was a failure to make an audit log request to any of the configured audit log devices; **when Vault cannot log to any of the configured audit log devices it ceases all user operations**, and you should begin troubleshooting the audit log devices immediately if this metric continually increases. ### vault.audit.log_response_failure **[C]** Counter (Number of failures): Number of audit log response failures -**NOTE**: This is a particularly important metric. Any non-zero value here indicates that there was a failure to receive a response to a request made to one of the configured audit log backends; **when Vault cannot log to any of the configured audit log backends it ceases all user operations**, and you should begin troubleshooting the audit log backends immediately if this metric continually increases. +**NOTE**: This is a particularly important metric. Any non-zero value here indicates that there was a failure to receive a response to a request made to one of the configured audit log devices; **when Vault cannot log to any of the configured audit log devices it ceases all user operations**, and you should begin troubleshooting the audit log devices immediately if this metric continually increases. ### vault.barrier.delete -**[S]** Summary (Number of operations): Number of DELETE operations at the barrier +**[S]** Summary (Milliseconds): Duration of time taken by DELETE operations at the barrier ### vault.barrier.get -**[S]** Summary (Number of operations): Number of GET operations at the barrier +**[S]** Summary (Milliseconds): Duration of time taken by GET operations at the barrier ### vault.barrier.put -**[S]** Summary (Number of operations): Number of PUT operations at the barrier +**[S]** Summary (Milliseconds)): Duration of time taken by PUT operations at the barrier ### vault.barrier.list -**[S]** Summary (Number of operations): Number of LIST operations at the barrier +**[S]** Summary (Milliseconds): Duration of time taken by LIST operations at the barrier ### vault.core.check_token -**[S]** Summary (Number of checks): Number of token checks handled by Vault core +**[S]** Summary (Milliseconds): Duration of time taken by token checks handled by Vault core ### vault.core.fetch_acl_and_token -**[S]** Summary (Number of fetches): Number of ACL and corresponding token entry fetches handled by Vault core +**[S]** Summary (Milliseconds): Duration of time taken by ACL and corresponding token entry fetches handled by Vault core ### vault.core.handle_request -**[S]** Summary (Number of requests) Number of requests handled by Vault core +**[S]** Summary (Milliseconds) Duration of time taken by requests handled by Vault core ### vault.core.handle_login_request -**[S]** Summary (Number of requests): Number of login requests handled by Vault core +**[S]** Summary (Milliseconds): Duration of time taken by login requests handled by Vault core ### vault.core.leadership_setup_failed -**[S]** Summary (Number of failures): Number of cluster leadership setup failures which have occurred in a highly available Vault cluster +**[S]** Summary (Milliseconds): Duration of time taken by cluster leadership setup failures which have occurred in a highly available Vault cluster This should be monitored and alerted on for overall cluster leadership status ### vault.core.leadership_lost -**[S]** Summary (Number of losses): Number of cluster leadership losses which have occurred in a highly available Vault cluster +**[S]** Summary (Milliseconds): Duration of time taken by cluster leadership losses which have occurred in a highly available Vault cluster This should be monitored and alerted on for overall cluster leadership status ### vault.core.post_unseal -**[G]** Gauge (Number of operations): Number of post-unseal operations handled by Vault core +**[G]** Gauge (Milliseconds): Duration of time taken by post-unseal operations handled by Vault core ### vault.core.pre_seal -**[G]** Gauge (Number of operations) Number of pre-seal operations +**[G]** Gauge (Milliseconds): Duration of time taken by pre-seal operations ### vault.core.seal-with-request -**[G]** Gauge (Number of operations): Number of requested seal operations +**[G]** Gauge (Milliseconds): Duration of time taken by requested seal operations ### vault.core.seal -**[G]** Gauge (Number of operations): Number of seal operations +**[G]** Gauge (Milliseconds): Duration of time taken by seal operations ### vault.core.seal-internal -**[G]** Gauge (Number of operations): Number of internal seal operations +**[G]** Gauge (Milliseconds): Duration of time taken by internal seal operations ### vault.core.step_down -**[S]** Summary (Number of step downs): Number of cluster leadership step downs +**[S]** Summary (Milliseconds):Duration of time taken by cluster leadership step downs This should be monitored and alerted on for overall cluster leadership status ### vault.core.unseal -**[S]** Summary (Number of operations): Number of unseal operations +**[S]** Summary (Milliseconds): Duration of time taken by unseal operations ### vault.runtime.alloc_bytes @@ -278,7 +278,7 @@ Thes operations take a request and response with an associated lease and registe ### vault.token.createAccessor -**[S]** Summary (Milliseconds): The time taken to create a token +**[S]** Summary (Milliseconds): The time taken to create a token accessor ### vault.token.lookup @@ -296,25 +296,25 @@ Thes operations take a request and response with an associated lease and registe **[S]** Summary (Milliseconds): Time taken to store an updated token entry without writing to the secondary index -## Authentication Backend Metrics +## Auth Methods Metrics These metrics relate to supported authentication methods. ### vault.rollback.attempt.auth-token- -**[S]** Summary (Milliseconds): Time taken to perform a rollback operation for the [token authentication backend][token-auth-backend] +**[S]** Summary (Milliseconds): Time taken to perform a rollback operation for the [token auth method][token-auth-backend] ### vault.rollback.attempt.auth-ldap- -**[S]** Summary (Milliseconds): Time taken to perform a rollback operation for the [LDAP authentication backend][ldap-auth-backend] +**[S]** Summary (Milliseconds): Time taken to perform a rollback operation for the [LDAP auth method][ldap-auth-backend] ### vault.rollback.attempt.cubbyhole- -**[S]** Summary (Milliseconds): Time taken to perform a rollback operation for the [Cubbyhole secret backend][cubbyhole-secret-backend] +**[S]** Summary (Milliseconds): Time taken to perform a rollback operation for the [Cubbyhole secret backend][cubbyhole-secrets-engine] ### vault.rollback.attempt.secret- -**[S]** Summary (Milliseconds): Time taken to perform a rollback operation for the [K/V secret backend][kv-secret-backend] +**[S]** Summary (Milliseconds): Time taken to perform a rollback operation for the [K/V secret backend][kv-secrets-engine] ### vault.rollback.attempt.sys- @@ -322,27 +322,131 @@ These metrics relate to supported authentication methods. ### vault.route.rollback.auth-ldap- -**[S]** Summary (Milliseconds): Time taken to perform a route rollback operation for the [LDAP authentication backend][ldap-auth-backend] +**[S]** Summary (Milliseconds): Time taken to perform a route rollback operation for the [LDAP auth method][ldap-auth-backend] ### vault.route.rollback.auth-token- -**[S]** Summary (Milliseconds): Time taken to perform a route rollback operation for the [token authentication backend][token-auth-backend] +**[S]** Summary (Milliseconds): Time taken to perform a route rollback operation for the [token auth method][token-auth-backend] ### vault.route.rollback.cubbyhole- -**[S]** Summary (Milliseconds): Time taken to perform a route rollback operation for the [Cubbyhole secret backend][cubbyhole-secret-backend] +**[S]** Summary (Milliseconds): Time taken to perform a route rollback operation for the [Cubbyhole secret backend][cubbyhole-secrets-engine] ### vault.route.rollback.secret- -**[S]** Summary (Milliseconds): Time taken to perform a route rollback operation for the [K/V secret backend][kv-secret-backend] +**[S]** Summary (Milliseconds): Time taken to perform a route rollback operation for the [K/V secret backend][kv-secrets-engine] ### vault.route.rollback.sys- **[S]** Summary (Milliseconds): Time taken to perform a route rollback operation for the system backend +## Secrets Engines Metrics + +These metrics relate to the supported [secrets engines][secrets-engines]. + +### database.Initialize + +**[S]** Summary (Milliseconds): Time taken to initialize a database secret engine across all database secrets engines + +**[C]** Counter (Number of operations): Number of database secrets engine initialization operations across database secrets engines + +### database..Initialize + +**[S]** Summary (Milliseconds): Time taken to initialize a database secret engine for the named database secrets engine ``, for example: `database.postgresql-prod.Initialize` + +**[C]** Counter (Number of operations): Number of database secrets engine initialization operations for the named database secrets engine ``, for example: `database.postgresql-prod.Initialize` + +### database.Initialize.error + +**[C]** Counter (Number of errors): Number of database secrets engine initialization operation errors across all database secrets engines + +### database..Initialize.error + +**[C]** Counter (Number of errors): Number of database secrets engine initialization operation errors for the named database secrets engine ``, for example: `database.postgresql-prod.Initialize.error` + +### database.Close + +**[S]** Summary (Milliseconds): Time taken to close a database secret engine across all database secrets engines + +**[C]** Counter (Number of operations): Number of database secrets engine close operations across database secrets engines + +### database..Close + +**[S]** Summary (Milliseconds): Time taken to close a database secret engine for the named database secrets engine ``, for example: `database.postgresql-prod.Close` + +**[C]** Counter (Number of operations): Number of database secrets engine close operations for the named database secrets engine ``, for example: `database.postgresql-prod.Close` + +### database.Close.error + +**[C]** Counter (Number of errors): Number of database secrets engine close operation errors across all database secrets engines + +### database..Close.error + +**[C]** Counter (Number of errors): Number of database secrets engine close operation errors for the named database secrets engine ``, for example: `database.postgresql-prod.Close.error` + +### database.CreateUser + +**[S]** Summary (Milliseconds): Time taken to create a user across all database secrets engines + +**[C]** Counter (Number of operations): Number of user creation operations across database secrets engines + +### database..CreateUser + +**[S]** Summary (Milliseconds): Time taken to create a user for the named database secrets engine `` + +**[C]** Counter (Number of operations): Number of user creation operations for the named database secrets engine ``, for example: `database.postgresql-prod.CreateUser` + +### database.CreateUser.error + +**[C]** Counter (Number of errors): Number of user creation operation errors across all database secrets engines + +### database..CreateUser.error + +**[C]** Counter (Number of operations): Number of user creation operation errors for the named database secrets engine ``, for example: `database.postgresql-prod.CreateUser.error` + +### database.RenewUser + +**[S]** Summary (Milliseconds): Time taken to renew a user across all database secrets engines + +**[C]** Counter (Number of operations): Number of user renewal operations across database secrets engines + +### database..RenewUser + +**[S]** Summary (Milliseconds): Time taken to renew a user for the named database secrets engine ``, for example: `database.postgresql-prod.RenewUser` + +**[C]** Counter (Number of operations): Number of user renewal operations for the named database secrets engine `` + +### database.RenewUser.error + +**[C]** Counter (Number of errors): Number of user renewal operation errors across all database secrets engines + +### database..RenewUser.error + +**[C]** Counter (Number of errors): Number of user renewal operations for the named database secrets engine ``, for example: `database.postgresql-prod.RenewUser.error` + +### database.RevokeUser + +**[S]** Summary (Milliseconds): Time taken to revoke a user across all database secrets engines + +**[C]** Counter (Number of operations): Number of user revocation operations across database secrets engines + +### database..RevokeUser + +**[S]** Summary (Milliseconds): Time taken to revoke a user for the named database secrets engine ``, for example: `database.postgresql-prod.RevokeUser` + +**[C]** Counter (Number of operations): Number of user revocation operations for the named database secrets engine `` + +### database.RevokeUser.error + +**[C]** Counter (Number of errors): Number of user revocation operation errors across all database secrets engines + +### database..RevokeUser.error + +**[C]** Counter (Number of errors): Number of user revocation operations for the named database secrets engine ``, for example: `database.postgresql-prod.RevokeUser.error` + ## Storage Backend Metrics -These metrics relate to the supported storage backends. +These metrics relate to the supported [storage backends][storage-backends]. ### vault.azure.put @@ -568,9 +672,11 @@ These metrics relate to the supported storage backends. **[S]** Summary (Milliseconds): Duration of a LIST operation against the [ZooKeeper storage backend][zookeeper-storage-backend] +[secrets-engines]: /docs/secrets/index.html +[storage-backends]: /docs/configuration/storage/index.html [telemetry-stanza]: /docs/configuration/telemetry.html -[cubbyhole-secret-backend]: /docs/secrets/cubbyhole/index.html -[kv-secret-backend]: /docs/secrets/kv/index.html +[cubbyhole-secrets-engine]: /docs/secrets/cubbyhole/index.html +[kv-secrets-engine]: /docs/secrets/kv/index.html [ldap-auth-backend]: /docs/auth/ldap.html [token-auth-backend]: /docs/auth/token.html [azure-storage-backend]: /docs/configuration/storage/azure.html From 1489c08ea0c19602278cdc1e670edd24b04bd7ee Mon Sep 17 00:00:00 2001 From: Nick Date: Wed, 14 Feb 2018 09:44:34 -0500 Subject: [PATCH 130/178] Update lease.html.md (#3759) --- website/source/docs/concepts/lease.html.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/source/docs/concepts/lease.html.md b/website/source/docs/concepts/lease.html.md index 4b36c0322b11..25ea3caa2f1e 100644 --- a/website/source/docs/concepts/lease.html.md +++ b/website/source/docs/concepts/lease.html.md @@ -27,7 +27,7 @@ to check in routinely. In addition to renewals, a lease can be _revoked_. When a lease is revoked, it invalidates that secret immediately and prevents any further renewals. For example, with the [AWS secrets engine](/docs/secrets/aws/index.html), the -access keys will be deleted from AWS the moment a secret is revoked. This +access keys will be deleted from AWS the moment a lease is revoked. This renders the access keys invalid from that point forward. Revocation can happen manually via the API, via the `vault revoke` cli command, From 901f98f3ce0e90133661ad39800bc2a5c57c6865 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Wed, 14 Feb 2018 10:39:52 -0500 Subject: [PATCH 131/178] Fix manta test --- physical/manta/manta_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/physical/manta/manta_test.go b/physical/manta/manta_test.go index c39683c174d1..2bf0759cf90e 100644 --- a/physical/manta/manta_test.go +++ b/physical/manta/manta_test.go @@ -13,7 +13,7 @@ import ( "github.com/hashicorp/vault/physical" "github.com/joyent/triton-go" "github.com/joyent/triton-go/authentication" - tclient "github.com/joyent/triton-go/client" + tt "github.com/joyent/triton-go/errors" "github.com/joyent/triton-go/storage" log "github.com/mgutz/logxi/v1" ) @@ -70,7 +70,7 @@ func TestMantaBackend(t *testing.T) { ForceDelete: true, }) if err != nil { - if !tclient.IsResourceNotFoundError(err) { + if !tt.IsResourceNotFoundError(err) { t.Fatal("failed to delete test harness directory") } } From ef00a69f113120f8ba107d5052cc7d897f22dc0b Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Wed, 14 Feb 2018 11:59:46 -0500 Subject: [PATCH 132/178] Add ChaCha20-Poly1305 support to transit (#3975) --- builtin/logical/transit/backend_test.go | 36 +- builtin/logical/transit/path_backup_test.go | 2 + builtin/logical/transit/path_encrypt.go | 2 + builtin/logical/transit/path_export.go | 2 +- builtin/logical/transit/path_export_test.go | 2 + builtin/logical/transit/path_keys.go | 4 +- helper/keysutil/lock_manager.go | 2 +- helper/keysutil/policy.go | 104 +- .../chacha20poly1305/chacha20poly1305.go | 83 + .../chacha20poly1305_amd64.go | 127 + .../chacha20poly1305/chacha20poly1305_amd64.s | 2714 +++++++++++++++++ .../chacha20poly1305_generic.go | 70 + .../chacha20poly1305_noasm.go | 15 + vendor/vendor.json | 6 + .../source/api/secret/transit/index.html.md | 11 +- .../source/docs/secrets/transit/index.html.md | 18 + 16 files changed, 3147 insertions(+), 51 deletions(-) create mode 100644 vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305.go create mode 100644 vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.go create mode 100644 vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.s create mode 100644 vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_generic.go create mode 100644 vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_noasm.go diff --git a/builtin/logical/transit/backend_test.go b/builtin/logical/transit/backend_test.go index 1ba38ffb8b31..493fea1cc8bb 100644 --- a/builtin/logical/transit/backend_test.go +++ b/builtin/logical/transit/backend_test.go @@ -5,6 +5,7 @@ import ( "encoding/base64" "fmt" "math/rand" + "os" "reflect" "strconv" "strings" @@ -283,6 +284,13 @@ func TestBackend_datakey(t *testing.T) { } func TestBackend_rotation(t *testing.T) { + defer os.Setenv("TRANSIT_ACC_KEY_TYPE", "") + testBackendRotation(t) + os.Setenv("TRANSIT_ACC_KEY_TYPE", "CHACHA") + testBackendRotation(t) +} + +func testBackendRotation(t *testing.T) { decryptData := make(map[string]interface{}) encryptHistory := make(map[int]map[string]interface{}) logicaltest.Test(t, logicaltest.TestCase{ @@ -365,13 +373,17 @@ func TestBackend_basic_derived(t *testing.T) { } func testAccStepWritePolicy(t *testing.T, name string, derived bool) logicaltest.TestStep { - return logicaltest.TestStep{ + ts := logicaltest.TestStep{ Operation: logical.UpdateOperation, Path: "keys/" + name, Data: map[string]interface{}{ "derived": derived, }, } + if os.Getenv("TRANSIT_ACC_KEY_TYPE") == "CHACHA" { + ts.Data["type"] = "chacha20-poly1305" + } + return ts } func testAccStepListPolicy(t *testing.T, name string, expectNone bool) logicaltest.TestStep { @@ -509,7 +521,11 @@ func testAccStepReadPolicyWithVersions(t *testing.T, name string, expectNone, de if d.Name != name { return fmt.Errorf("bad name: %#v", d) } - if d.Type != keysutil.KeyType(keysutil.KeyType_AES256_GCM96).String() { + if os.Getenv("TRANSIT_ACC_KEY_TYPE") == "CHACHA" { + if d.Type != keysutil.KeyType(keysutil.KeyType_ChaCha20_Poly1305).String() { + return fmt.Errorf("bad key type: %#v", d) + } + } else if d.Type != keysutil.KeyType(keysutil.KeyType_AES256_GCM96).String() { return fmt.Errorf("bad key type: %#v", d) } // Should NOT get a key back @@ -826,6 +842,11 @@ func TestKeyUpgrade(t *testing.T) { } func TestDerivedKeyUpgrade(t *testing.T) { + testDerivedKeyUpgrade(t, keysutil.KeyType_AES256_GCM96) + testDerivedKeyUpgrade(t, keysutil.KeyType_ChaCha20_Poly1305) +} + +func testDerivedKeyUpgrade(t *testing.T, keyType keysutil.KeyType) { storage := &logical.InmemStorage{} key, _ := uuid.GenerateRandomBytes(32) keyContext, _ := uuid.GenerateRandomBytes(32) @@ -833,7 +854,7 @@ func TestDerivedKeyUpgrade(t *testing.T) { p := &keysutil.Policy{ Name: "test", Key: key, - Type: keysutil.KeyType_AES256_GCM96, + Type: keyType, Derived: true, } @@ -883,11 +904,12 @@ func TestDerivedKeyUpgrade(t *testing.T) { } func TestConvergentEncryption(t *testing.T) { - testConvergentEncryptionCommon(t, 0) - testConvergentEncryptionCommon(t, 2) + testConvergentEncryptionCommon(t, 0, keysutil.KeyType_AES256_GCM96) + testConvergentEncryptionCommon(t, 2, keysutil.KeyType_AES256_GCM96) + testConvergentEncryptionCommon(t, 2, keysutil.KeyType_ChaCha20_Poly1305) } -func testConvergentEncryptionCommon(t *testing.T, ver int) { +func testConvergentEncryptionCommon(t *testing.T, ver int, keyType keysutil.KeyType) { var b *backend sysView := logical.TestSystemView() storage := &logical.InmemStorage{} @@ -920,7 +942,7 @@ func testConvergentEncryptionCommon(t *testing.T, ver int) { p := &keysutil.Policy{ Name: "testkey", - Type: keysutil.KeyType_AES256_GCM96, + Type: keyType, Derived: true, ConvergentEncryption: true, ConvergentVersion: ver, diff --git a/builtin/logical/transit/path_backup_test.go b/builtin/logical/transit/path_backup_test.go index bd26a53322ee..24df517e2482 100644 --- a/builtin/logical/transit/path_backup_test.go +++ b/builtin/logical/transit/path_backup_test.go @@ -10,6 +10,7 @@ import ( func TestTransit_BackupRestore(t *testing.T) { // Test encryption/decryption after a restore for supported keys testBackupRestore(t, "aes256-gcm96", "encrypt-decrypt") + testBackupRestore(t, "chacha20-poly1305", "encrypt-decrypt") testBackupRestore(t, "rsa-2048", "encrypt-decrypt") testBackupRestore(t, "rsa-4096", "encrypt-decrypt") @@ -21,6 +22,7 @@ func TestTransit_BackupRestore(t *testing.T) { // Test HMAC/verification after a restore for all key types testBackupRestore(t, "aes256-gcm96", "hmac-verify") + testBackupRestore(t, "chacha20-poly1305", "hmac-verify") testBackupRestore(t, "ecdsa-p256", "hmac-verify") testBackupRestore(t, "ed25519", "hmac-verify") testBackupRestore(t, "rsa-2048", "hmac-verify") diff --git a/builtin/logical/transit/path_encrypt.go b/builtin/logical/transit/path_encrypt.go index a579e548b307..17a6427b463e 100644 --- a/builtin/logical/transit/path_encrypt.go +++ b/builtin/logical/transit/path_encrypt.go @@ -225,6 +225,8 @@ func (b *backend) pathEncryptWrite(ctx context.Context, req *logical.Request, d switch keyType { case "aes256-gcm96": polReq.KeyType = keysutil.KeyType_AES256_GCM96 + case "chacha20-poly1305": + polReq.KeyType = keysutil.KeyType_ChaCha20_Poly1305 case "ecdsa-p256": return logical.ErrorResponse(fmt.Sprintf("key type %v not supported for this operation", keyType)), logical.ErrInvalidRequest default: diff --git a/builtin/logical/transit/path_export.go b/builtin/logical/transit/path_export.go index c58d6cd006cb..98832c263f13 100644 --- a/builtin/logical/transit/path_export.go +++ b/builtin/logical/transit/path_export.go @@ -151,7 +151,7 @@ func getExportKey(policy *keysutil.Policy, key *keysutil.KeyEntry, exportType st case exportTypeEncryptionKey: switch policy.Type { - case keysutil.KeyType_AES256_GCM96: + case keysutil.KeyType_AES256_GCM96, keysutil.KeyType_ChaCha20_Poly1305: return strings.TrimSpace(base64.StdEncoding.EncodeToString(key.Key)), nil case keysutil.KeyType_RSA2048, keysutil.KeyType_RSA4096: diff --git a/builtin/logical/transit/path_export_test.go b/builtin/logical/transit/path_export_test.go index cc31cda1ce16..3230593908e8 100644 --- a/builtin/logical/transit/path_export_test.go +++ b/builtin/logical/transit/path_export_test.go @@ -12,9 +12,11 @@ import ( func TestTransit_Export_KeyVersion_ExportsCorrectVersion(t *testing.T) { verifyExportsCorrectVersion(t, "encryption-key", "aes256-gcm96") + verifyExportsCorrectVersion(t, "encryption-key", "chacha20-poly1305") verifyExportsCorrectVersion(t, "signing-key", "ecdsa-p256") verifyExportsCorrectVersion(t, "signing-key", "ed25519") verifyExportsCorrectVersion(t, "hmac-key", "aes256-gcm96") + verifyExportsCorrectVersion(t, "hmac-key", "chacha20-poly1305") verifyExportsCorrectVersion(t, "hmac-key", "ecdsa-p256") verifyExportsCorrectVersion(t, "hmac-key", "ed25519") } diff --git a/builtin/logical/transit/path_keys.go b/builtin/logical/transit/path_keys.go index 30951a7b04b0..7dc7f0a97039 100644 --- a/builtin/logical/transit/path_keys.go +++ b/builtin/logical/transit/path_keys.go @@ -139,6 +139,8 @@ func (b *backend) pathPolicyWrite(ctx context.Context, req *logical.Request, d * switch keyType { case "aes256-gcm96": polReq.KeyType = keysutil.KeyType_AES256_GCM96 + case "chacha20-poly1305": + polReq.KeyType = keysutil.KeyType_ChaCha20_Poly1305 case "ecdsa-p256": polReq.KeyType = keysutil.KeyType_ECDSA_P256 case "ed25519": @@ -247,7 +249,7 @@ func (b *backend) pathPolicyRead(ctx context.Context, req *logical.Request, d *f } switch p.Type { - case keysutil.KeyType_AES256_GCM96: + case keysutil.KeyType_AES256_GCM96, keysutil.KeyType_ChaCha20_Poly1305: retKeys := map[string]int64{} for k, v := range p.Keys { retKeys[k] = v.DeprecatedCreationTime diff --git a/helper/keysutil/lock_manager.go b/helper/keysutil/lock_manager.go index 86b3631bc8ed..f1c505a7b49c 100644 --- a/helper/keysutil/lock_manager.go +++ b/helper/keysutil/lock_manager.go @@ -352,7 +352,7 @@ func (lm *LockManager) getPolicyCommon(ctx context.Context, req PolicyRequest, l } switch req.KeyType { - case KeyType_AES256_GCM96: + case KeyType_AES256_GCM96, KeyType_ChaCha20_Poly1305: if req.Convergent && !req.Derived { lm.UnlockPolicy(lock, lockType) return nil, nil, false, fmt.Errorf("convergent encryption requires derivation to be enabled") diff --git a/helper/keysutil/policy.go b/helper/keysutil/policy.go index fc7a674b5d3d..e5770904a072 100644 --- a/helper/keysutil/policy.go +++ b/helper/keysutil/policy.go @@ -24,6 +24,7 @@ import ( "strings" "time" + "golang.org/x/crypto/chacha20poly1305" "golang.org/x/crypto/ed25519" "golang.org/x/crypto/hkdf" @@ -48,6 +49,7 @@ const ( KeyType_ED25519 KeyType_RSA2048 KeyType_RSA4096 + KeyType_ChaCha20_Poly1305 ) const ErrTooOld = "ciphertext or signature version is disallowed by policy (too old)" @@ -75,7 +77,7 @@ type KeyType int func (kt KeyType) EncryptionSupported() bool { switch kt { - case KeyType_AES256_GCM96, KeyType_RSA2048, KeyType_RSA4096: + case KeyType_AES256_GCM96, KeyType_ChaCha20_Poly1305, KeyType_RSA2048, KeyType_RSA4096: return true } return false @@ -83,7 +85,7 @@ func (kt KeyType) EncryptionSupported() bool { func (kt KeyType) DecryptionSupported() bool { switch kt { - case KeyType_AES256_GCM96, KeyType_RSA2048, KeyType_RSA4096: + case KeyType_AES256_GCM96, KeyType_ChaCha20_Poly1305, KeyType_RSA2048, KeyType_RSA4096: return true } return false @@ -107,7 +109,7 @@ func (kt KeyType) HashSignatureInput() bool { func (kt KeyType) DerivationSupported() bool { switch kt { - case KeyType_AES256_GCM96, KeyType_ED25519: + case KeyType_AES256_GCM96, KeyType_ChaCha20_Poly1305, KeyType_ED25519: return true } return false @@ -117,6 +119,8 @@ func (kt KeyType) String() string { switch kt { case KeyType_AES256_GCM96: return "aes256-gcm96" + case KeyType_ChaCha20_Poly1305: + return "chacha20-poly1305" case KeyType_ECDSA_P256: return "ecdsa-p256" case KeyType_ED25519: @@ -569,7 +573,7 @@ func (p *Policy) DeriveKey(context []byte, ver int) ([]byte, error) { } switch p.Type { - case KeyType_AES256_GCM96: + case KeyType_AES256_GCM96, KeyType_ChaCha20_Poly1305: n, err := derBytes.ReadFrom(limReader) if err != nil { return nil, errutil.InternalError{Err: fmt.Sprintf("error reading returned derived bytes: %v", err)} @@ -622,47 +626,62 @@ func (p *Policy) Encrypt(ver int, context, nonce []byte, value string) (string, var ciphertext []byte switch p.Type { - case KeyType_AES256_GCM96: + case KeyType_AES256_GCM96, KeyType_ChaCha20_Poly1305: // Derive the key that should be used key, err := p.DeriveKey(context, ver) if err != nil { return "", err } - // Setup the cipher - aesCipher, err := aes.NewCipher(key) - if err != nil { - return "", errutil.InternalError{Err: err.Error()} - } + var aead cipher.AEAD - // Setup the GCM AEAD - gcm, err := cipher.NewGCM(aesCipher) - if err != nil { - return "", errutil.InternalError{Err: err.Error()} + switch p.Type { + case KeyType_AES256_GCM96: + // Setup the cipher + aesCipher, err := aes.NewCipher(key) + if err != nil { + return "", errutil.InternalError{Err: err.Error()} + } + + // Setup the GCM AEAD + gcm, err := cipher.NewGCM(aesCipher) + if err != nil { + return "", errutil.InternalError{Err: err.Error()} + } + + aead = gcm + + case KeyType_ChaCha20_Poly1305: + cha, err := chacha20poly1305.New(key) + if err != nil { + return "", errutil.InternalError{Err: err.Error()} + } + + aead = cha } if p.ConvergentEncryption { switch p.ConvergentVersion { case 1: - if len(nonce) != gcm.NonceSize() { - return "", errutil.UserError{Err: fmt.Sprintf("base64-decoded nonce must be %d bytes long when using convergent encryption with this key", gcm.NonceSize())} + if len(nonce) != aead.NonceSize() { + return "", errutil.UserError{Err: fmt.Sprintf("base64-decoded nonce must be %d bytes long when using convergent encryption with this key", aead.NonceSize())} } default: nonceHmac := hmac.New(sha256.New, context) nonceHmac.Write(plaintext) nonceSum := nonceHmac.Sum(nil) - nonce = nonceSum[:gcm.NonceSize()] + nonce = nonceSum[:aead.NonceSize()] } } else { // Compute random nonce - nonce, err = uuid.GenerateRandomBytes(gcm.NonceSize()) + nonce, err = uuid.GenerateRandomBytes(aead.NonceSize()) if err != nil { return "", errutil.InternalError{Err: err.Error()} } } - // Encrypt and tag with GCM - ciphertext = gcm.Seal(nil, nonce, plaintext, nil) + // Encrypt and tag with AEAD + ciphertext = aead.Seal(nil, nonce, plaintext, nil) // Place the encrypted data after the nonce if !p.ConvergentEncryption || p.ConvergentVersion > 1 { @@ -736,25 +755,40 @@ func (p *Policy) Decrypt(context, nonce []byte, value string) (string, error) { var plain []byte switch p.Type { - case KeyType_AES256_GCM96: + case KeyType_AES256_GCM96, KeyType_ChaCha20_Poly1305: key, err := p.DeriveKey(context, ver) if err != nil { return "", err } - // Setup the cipher - aesCipher, err := aes.NewCipher(key) - if err != nil { - return "", errutil.InternalError{Err: err.Error()} - } + var aead cipher.AEAD - // Setup the GCM AEAD - gcm, err := cipher.NewGCM(aesCipher) - if err != nil { - return "", errutil.InternalError{Err: err.Error()} + switch p.Type { + case KeyType_AES256_GCM96: + // Setup the cipher + aesCipher, err := aes.NewCipher(key) + if err != nil { + return "", errutil.InternalError{Err: err.Error()} + } + + // Setup the GCM AEAD + gcm, err := cipher.NewGCM(aesCipher) + if err != nil { + return "", errutil.InternalError{Err: err.Error()} + } + + aead = gcm + + case KeyType_ChaCha20_Poly1305: + cha, err := chacha20poly1305.New(key) + if err != nil { + return "", errutil.InternalError{Err: err.Error()} + } + + aead = cha } - if len(decoded) < gcm.NonceSize() { + if len(decoded) < aead.NonceSize() { return "", errutil.UserError{Err: "invalid ciphertext length"} } @@ -763,12 +797,12 @@ func (p *Policy) Decrypt(context, nonce []byte, value string) (string, error) { if p.ConvergentEncryption && p.ConvergentVersion < 2 { ciphertext = decoded } else { - nonce = decoded[:gcm.NonceSize()] - ciphertext = decoded[gcm.NonceSize():] + nonce = decoded[:aead.NonceSize()] + ciphertext = decoded[aead.NonceSize():] } // Verify and Decrypt - plain, err = gcm.Open(nil, nonce, ciphertext, nil) + plain, err = aead.Open(nil, nonce, ciphertext, nil) if err != nil { return "", errutil.UserError{Err: "invalid ciphertext: unable to decrypt"} } @@ -1040,7 +1074,7 @@ func (p *Policy) Rotate(ctx context.Context, storage logical.Storage) (retErr er entry.HMACKey = hmacKey switch p.Type { - case KeyType_AES256_GCM96: + case KeyType_AES256_GCM96, KeyType_ChaCha20_Poly1305: // Generate a 256bit key newKey, err := uuid.GenerateRandomBytes(32) if err != nil { diff --git a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305.go b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305.go new file mode 100644 index 000000000000..3f0dcb9d8cfa --- /dev/null +++ b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305.go @@ -0,0 +1,83 @@ +// Copyright 2016 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Package chacha20poly1305 implements the ChaCha20-Poly1305 AEAD as specified in RFC 7539. +package chacha20poly1305 // import "golang.org/x/crypto/chacha20poly1305" + +import ( + "crypto/cipher" + "errors" +) + +const ( + // KeySize is the size of the key used by this AEAD, in bytes. + KeySize = 32 + // NonceSize is the size of the nonce used with this AEAD, in bytes. + NonceSize = 12 +) + +type chacha20poly1305 struct { + key [32]byte +} + +// New returns a ChaCha20-Poly1305 AEAD that uses the given, 256-bit key. +func New(key []byte) (cipher.AEAD, error) { + if len(key) != KeySize { + return nil, errors.New("chacha20poly1305: bad key length") + } + ret := new(chacha20poly1305) + copy(ret.key[:], key) + return ret, nil +} + +func (c *chacha20poly1305) NonceSize() int { + return NonceSize +} + +func (c *chacha20poly1305) Overhead() int { + return 16 +} + +func (c *chacha20poly1305) Seal(dst, nonce, plaintext, additionalData []byte) []byte { + if len(nonce) != NonceSize { + panic("chacha20poly1305: bad nonce length passed to Seal") + } + + if uint64(len(plaintext)) > (1<<38)-64 { + panic("chacha20poly1305: plaintext too large") + } + + return c.seal(dst, nonce, plaintext, additionalData) +} + +var errOpen = errors.New("chacha20poly1305: message authentication failed") + +func (c *chacha20poly1305) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) { + if len(nonce) != NonceSize { + panic("chacha20poly1305: bad nonce length passed to Open") + } + if len(ciphertext) < 16 { + return nil, errOpen + } + if uint64(len(ciphertext)) > (1<<38)-48 { + panic("chacha20poly1305: ciphertext too large") + } + + return c.open(dst, nonce, ciphertext, additionalData) +} + +// sliceForAppend takes a slice and a requested number of bytes. It returns a +// slice with the contents of the given slice followed by that many bytes and a +// second slice that aliases into it and contains only the extra bytes. If the +// original slice has sufficient capacity then no allocation is performed. +func sliceForAppend(in []byte, n int) (head, tail []byte) { + if total := len(in) + n; cap(in) >= total { + head = in[:total] + } else { + head = make([]byte, total) + copy(head, in) + } + tail = head[len(in):] + return +} diff --git a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.go b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.go new file mode 100644 index 000000000000..7cd7ad834f0b --- /dev/null +++ b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.go @@ -0,0 +1,127 @@ +// Copyright 2016 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build go1.7,amd64,!gccgo,!appengine + +package chacha20poly1305 + +import "encoding/binary" + +//go:noescape +func chacha20Poly1305Open(dst []byte, key []uint32, src, ad []byte) bool + +//go:noescape +func chacha20Poly1305Seal(dst []byte, key []uint32, src, ad []byte) + +// cpuid is implemented in chacha20poly1305_amd64.s. +func cpuid(eaxArg, ecxArg uint32) (eax, ebx, ecx, edx uint32) + +// xgetbv with ecx = 0 is implemented in chacha20poly1305_amd64.s. +func xgetbv() (eax, edx uint32) + +var ( + useASM bool + useAVX2 bool +) + +func init() { + detectCPUFeatures() +} + +// detectCPUFeatures is used to detect if cpu instructions +// used by the functions implemented in assembler in +// chacha20poly1305_amd64.s are supported. +func detectCPUFeatures() { + maxID, _, _, _ := cpuid(0, 0) + if maxID < 1 { + return + } + + _, _, ecx1, _ := cpuid(1, 0) + + haveSSSE3 := isSet(9, ecx1) + useASM = haveSSSE3 + + haveOSXSAVE := isSet(27, ecx1) + + osSupportsAVX := false + // For XGETBV, OSXSAVE bit is required and sufficient. + if haveOSXSAVE { + eax, _ := xgetbv() + // Check if XMM and YMM registers have OS support. + osSupportsAVX = isSet(1, eax) && isSet(2, eax) + } + haveAVX := isSet(28, ecx1) && osSupportsAVX + + if maxID < 7 { + return + } + + _, ebx7, _, _ := cpuid(7, 0) + haveAVX2 := isSet(5, ebx7) && haveAVX + haveBMI2 := isSet(8, ebx7) + + useAVX2 = haveAVX2 && haveBMI2 +} + +// isSet checks if bit at bitpos is set in value. +func isSet(bitpos uint, value uint32) bool { + return value&(1<+0x00(SB)/4, $0x61707865 +DATA ·chacha20Constants<>+0x04(SB)/4, $0x3320646e +DATA ·chacha20Constants<>+0x08(SB)/4, $0x79622d32 +DATA ·chacha20Constants<>+0x0c(SB)/4, $0x6b206574 +DATA ·chacha20Constants<>+0x10(SB)/4, $0x61707865 +DATA ·chacha20Constants<>+0x14(SB)/4, $0x3320646e +DATA ·chacha20Constants<>+0x18(SB)/4, $0x79622d32 +DATA ·chacha20Constants<>+0x1c(SB)/4, $0x6b206574 +// <<< 16 with PSHUFB +DATA ·rol16<>+0x00(SB)/8, $0x0504070601000302 +DATA ·rol16<>+0x08(SB)/8, $0x0D0C0F0E09080B0A +DATA ·rol16<>+0x10(SB)/8, $0x0504070601000302 +DATA ·rol16<>+0x18(SB)/8, $0x0D0C0F0E09080B0A +// <<< 8 with PSHUFB +DATA ·rol8<>+0x00(SB)/8, $0x0605040702010003 +DATA ·rol8<>+0x08(SB)/8, $0x0E0D0C0F0A09080B +DATA ·rol8<>+0x10(SB)/8, $0x0605040702010003 +DATA ·rol8<>+0x18(SB)/8, $0x0E0D0C0F0A09080B + +DATA ·avx2InitMask<>+0x00(SB)/8, $0x0 +DATA ·avx2InitMask<>+0x08(SB)/8, $0x0 +DATA ·avx2InitMask<>+0x10(SB)/8, $0x1 +DATA ·avx2InitMask<>+0x18(SB)/8, $0x0 + +DATA ·avx2IncMask<>+0x00(SB)/8, $0x2 +DATA ·avx2IncMask<>+0x08(SB)/8, $0x0 +DATA ·avx2IncMask<>+0x10(SB)/8, $0x2 +DATA ·avx2IncMask<>+0x18(SB)/8, $0x0 +// Poly1305 key clamp +DATA ·polyClampMask<>+0x00(SB)/8, $0x0FFFFFFC0FFFFFFF +DATA ·polyClampMask<>+0x08(SB)/8, $0x0FFFFFFC0FFFFFFC +DATA ·polyClampMask<>+0x10(SB)/8, $0xFFFFFFFFFFFFFFFF +DATA ·polyClampMask<>+0x18(SB)/8, $0xFFFFFFFFFFFFFFFF + +DATA ·sseIncMask<>+0x00(SB)/8, $0x1 +DATA ·sseIncMask<>+0x08(SB)/8, $0x0 +// To load/store the last < 16 bytes in a buffer +DATA ·andMask<>+0x00(SB)/8, $0x00000000000000ff +DATA ·andMask<>+0x08(SB)/8, $0x0000000000000000 +DATA ·andMask<>+0x10(SB)/8, $0x000000000000ffff +DATA ·andMask<>+0x18(SB)/8, $0x0000000000000000 +DATA ·andMask<>+0x20(SB)/8, $0x0000000000ffffff +DATA ·andMask<>+0x28(SB)/8, $0x0000000000000000 +DATA ·andMask<>+0x30(SB)/8, $0x00000000ffffffff +DATA ·andMask<>+0x38(SB)/8, $0x0000000000000000 +DATA ·andMask<>+0x40(SB)/8, $0x000000ffffffffff +DATA ·andMask<>+0x48(SB)/8, $0x0000000000000000 +DATA ·andMask<>+0x50(SB)/8, $0x0000ffffffffffff +DATA ·andMask<>+0x58(SB)/8, $0x0000000000000000 +DATA ·andMask<>+0x60(SB)/8, $0x00ffffffffffffff +DATA ·andMask<>+0x68(SB)/8, $0x0000000000000000 +DATA ·andMask<>+0x70(SB)/8, $0xffffffffffffffff +DATA ·andMask<>+0x78(SB)/8, $0x0000000000000000 +DATA ·andMask<>+0x80(SB)/8, $0xffffffffffffffff +DATA ·andMask<>+0x88(SB)/8, $0x00000000000000ff +DATA ·andMask<>+0x90(SB)/8, $0xffffffffffffffff +DATA ·andMask<>+0x98(SB)/8, $0x000000000000ffff +DATA ·andMask<>+0xa0(SB)/8, $0xffffffffffffffff +DATA ·andMask<>+0xa8(SB)/8, $0x0000000000ffffff +DATA ·andMask<>+0xb0(SB)/8, $0xffffffffffffffff +DATA ·andMask<>+0xb8(SB)/8, $0x00000000ffffffff +DATA ·andMask<>+0xc0(SB)/8, $0xffffffffffffffff +DATA ·andMask<>+0xc8(SB)/8, $0x000000ffffffffff +DATA ·andMask<>+0xd0(SB)/8, $0xffffffffffffffff +DATA ·andMask<>+0xd8(SB)/8, $0x0000ffffffffffff +DATA ·andMask<>+0xe0(SB)/8, $0xffffffffffffffff +DATA ·andMask<>+0xe8(SB)/8, $0x00ffffffffffffff + +GLOBL ·chacha20Constants<>(SB), (NOPTR+RODATA), $32 +GLOBL ·rol16<>(SB), (NOPTR+RODATA), $32 +GLOBL ·rol8<>(SB), (NOPTR+RODATA), $32 +GLOBL ·sseIncMask<>(SB), (NOPTR+RODATA), $16 +GLOBL ·avx2IncMask<>(SB), (NOPTR+RODATA), $32 +GLOBL ·avx2InitMask<>(SB), (NOPTR+RODATA), $32 +GLOBL ·polyClampMask<>(SB), (NOPTR+RODATA), $32 +GLOBL ·andMask<>(SB), (NOPTR+RODATA), $240 +// No PALIGNR in Go ASM yet (but VPALIGNR is present). +#define shiftB0Left BYTE $0x66; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xdb; BYTE $0x04 // PALIGNR $4, X3, X3 +#define shiftB1Left BYTE $0x66; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xe4; BYTE $0x04 // PALIGNR $4, X4, X4 +#define shiftB2Left BYTE $0x66; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xed; BYTE $0x04 // PALIGNR $4, X5, X5 +#define shiftB3Left BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xed; BYTE $0x04 // PALIGNR $4, X13, X13 +#define shiftC0Left BYTE $0x66; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xf6; BYTE $0x08 // PALIGNR $8, X6, X6 +#define shiftC1Left BYTE $0x66; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xff; BYTE $0x08 // PALIGNR $8, X7, X7 +#define shiftC2Left BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xc0; BYTE $0x08 // PALIGNR $8, X8, X8 +#define shiftC3Left BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xf6; BYTE $0x08 // PALIGNR $8, X14, X14 +#define shiftD0Left BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xc9; BYTE $0x0c // PALIGNR $12, X9, X9 +#define shiftD1Left BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xd2; BYTE $0x0c // PALIGNR $12, X10, X10 +#define shiftD2Left BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xdb; BYTE $0x0c // PALIGNR $12, X11, X11 +#define shiftD3Left BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xff; BYTE $0x0c // PALIGNR $12, X15, X15 +#define shiftB0Right BYTE $0x66; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xdb; BYTE $0x0c // PALIGNR $12, X3, X3 +#define shiftB1Right BYTE $0x66; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xe4; BYTE $0x0c // PALIGNR $12, X4, X4 +#define shiftB2Right BYTE $0x66; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xed; BYTE $0x0c // PALIGNR $12, X5, X5 +#define shiftB3Right BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xed; BYTE $0x0c // PALIGNR $12, X13, X13 +#define shiftC0Right shiftC0Left +#define shiftC1Right shiftC1Left +#define shiftC2Right shiftC2Left +#define shiftC3Right shiftC3Left +#define shiftD0Right BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xc9; BYTE $0x04 // PALIGNR $4, X9, X9 +#define shiftD1Right BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xd2; BYTE $0x04 // PALIGNR $4, X10, X10 +#define shiftD2Right BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xdb; BYTE $0x04 // PALIGNR $4, X11, X11 +#define shiftD3Right BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xff; BYTE $0x04 // PALIGNR $4, X15, X15 +// Some macros +#define chachaQR(A, B, C, D, T) \ + PADDD B, A; PXOR A, D; PSHUFB ·rol16<>(SB), D \ + PADDD D, C; PXOR C, B; MOVO B, T; PSLLL $12, T; PSRLL $20, B; PXOR T, B \ + PADDD B, A; PXOR A, D; PSHUFB ·rol8<>(SB), D \ + PADDD D, C; PXOR C, B; MOVO B, T; PSLLL $7, T; PSRLL $25, B; PXOR T, B + +#define chachaQR_AVX2(A, B, C, D, T) \ + VPADDD B, A, A; VPXOR A, D, D; VPSHUFB ·rol16<>(SB), D, D \ + VPADDD D, C, C; VPXOR C, B, B; VPSLLD $12, B, T; VPSRLD $20, B, B; VPXOR T, B, B \ + VPADDD B, A, A; VPXOR A, D, D; VPSHUFB ·rol8<>(SB), D, D \ + VPADDD D, C, C; VPXOR C, B, B; VPSLLD $7, B, T; VPSRLD $25, B, B; VPXOR T, B, B + +#define polyAdd(S) ADDQ S, acc0; ADCQ 8+S, acc1; ADCQ $1, acc2 +#define polyMulStage1 MOVQ (0*8)(BP), AX; MOVQ AX, t2; MULQ acc0; MOVQ AX, t0; MOVQ DX, t1; MOVQ (0*8)(BP), AX; MULQ acc1; IMULQ acc2, t2; ADDQ AX, t1; ADCQ DX, t2 +#define polyMulStage2 MOVQ (1*8)(BP), AX; MOVQ AX, t3; MULQ acc0; ADDQ AX, t1; ADCQ $0, DX; MOVQ DX, acc0; MOVQ (1*8)(BP), AX; MULQ acc1; ADDQ AX, t2; ADCQ $0, DX +#define polyMulStage3 IMULQ acc2, t3; ADDQ acc0, t2; ADCQ DX, t3 +#define polyMulReduceStage MOVQ t0, acc0; MOVQ t1, acc1; MOVQ t2, acc2; ANDQ $3, acc2; MOVQ t2, t0; ANDQ $-4, t0; MOVQ t3, t1; SHRQ $2, t2:t3; SHRQ $2, t3; ADDQ t0, acc0; ADCQ t1, acc1; ADCQ $0, acc2; ADDQ t2, acc0; ADCQ t3, acc1; ADCQ $0, acc2 + +#define polyMulStage1_AVX2 MOVQ (0*8)(BP), DX; MOVQ DX, t2; MULXQ acc0, t0, t1; IMULQ acc2, t2; MULXQ acc1, AX, DX; ADDQ AX, t1; ADCQ DX, t2 +#define polyMulStage2_AVX2 MOVQ (1*8)(BP), DX; MULXQ acc0, acc0, AX; ADDQ acc0, t1; MULXQ acc1, acc1, t3; ADCQ acc1, t2; ADCQ $0, t3 +#define polyMulStage3_AVX2 IMULQ acc2, DX; ADDQ AX, t2; ADCQ DX, t3 + +#define polyMul polyMulStage1; polyMulStage2; polyMulStage3; polyMulReduceStage +#define polyMulAVX2 polyMulStage1_AVX2; polyMulStage2_AVX2; polyMulStage3_AVX2; polyMulReduceStage +// ---------------------------------------------------------------------------- +TEXT polyHashADInternal<>(SB), NOSPLIT, $0 + // adp points to beginning of additional data + // itr2 holds ad length + XORQ acc0, acc0 + XORQ acc1, acc1 + XORQ acc2, acc2 + CMPQ itr2, $13 + JNE hashADLoop + +openFastTLSAD: + // Special treatment for the TLS case of 13 bytes + MOVQ (adp), acc0 + MOVQ 5(adp), acc1 + SHRQ $24, acc1 + MOVQ $1, acc2 + polyMul + RET + +hashADLoop: + // Hash in 16 byte chunks + CMPQ itr2, $16 + JB hashADTail + polyAdd(0(adp)) + LEAQ (1*16)(adp), adp + SUBQ $16, itr2 + polyMul + JMP hashADLoop + +hashADTail: + CMPQ itr2, $0 + JE hashADDone + + // Hash last < 16 byte tail + XORQ t0, t0 + XORQ t1, t1 + XORQ t2, t2 + ADDQ itr2, adp + +hashADTailLoop: + SHLQ $8, t1:t0 + SHLQ $8, t0 + MOVB -1(adp), t2 + XORQ t2, t0 + DECQ adp + DECQ itr2 + JNE hashADTailLoop + +hashADTailFinish: + ADDQ t0, acc0; ADCQ t1, acc1; ADCQ $1, acc2 + polyMul + + // Finished AD +hashADDone: + RET + +// ---------------------------------------------------------------------------- +// func chacha20Poly1305Open(dst, key, src, ad []byte) bool +TEXT ·chacha20Poly1305Open(SB), 0, $288-97 + // For aligned stack access + MOVQ SP, BP + ADDQ $32, BP + ANDQ $-32, BP + MOVQ dst+0(FP), oup + MOVQ key+24(FP), keyp + MOVQ src+48(FP), inp + MOVQ src_len+56(FP), inl + MOVQ ad+72(FP), adp + + // Check for AVX2 support + CMPB ·useAVX2(SB), $1 + JE chacha20Poly1305Open_AVX2 + + // Special optimization, for very short buffers + CMPQ inl, $128 + JBE openSSE128 // About 16% faster + + // For long buffers, prepare the poly key first + MOVOU ·chacha20Constants<>(SB), A0 + MOVOU (1*16)(keyp), B0 + MOVOU (2*16)(keyp), C0 + MOVOU (3*16)(keyp), D0 + MOVO D0, T1 + + // Store state on stack for future use + MOVO B0, state1Store + MOVO C0, state2Store + MOVO D0, ctr3Store + MOVQ $10, itr2 + +openSSEPreparePolyKey: + chachaQR(A0, B0, C0, D0, T0) + shiftB0Left; shiftC0Left; shiftD0Left + chachaQR(A0, B0, C0, D0, T0) + shiftB0Right; shiftC0Right; shiftD0Right + DECQ itr2 + JNE openSSEPreparePolyKey + + // A0|B0 hold the Poly1305 32-byte key, C0,D0 can be discarded + PADDL ·chacha20Constants<>(SB), A0; PADDL state1Store, B0 + + // Clamp and store the key + PAND ·polyClampMask<>(SB), A0 + MOVO A0, rStore; MOVO B0, sStore + + // Hash AAD + MOVQ ad_len+80(FP), itr2 + CALL polyHashADInternal<>(SB) + +openSSEMainLoop: + CMPQ inl, $256 + JB openSSEMainLoopDone + + // Load state, increment counter blocks + MOVO ·chacha20Constants<>(SB), A0; MOVO state1Store, B0; MOVO state2Store, C0; MOVO ctr3Store, D0; PADDL ·sseIncMask<>(SB), D0 + MOVO A0, A1; MOVO B0, B1; MOVO C0, C1; MOVO D0, D1; PADDL ·sseIncMask<>(SB), D1 + MOVO A1, A2; MOVO B1, B2; MOVO C1, C2; MOVO D1, D2; PADDL ·sseIncMask<>(SB), D2 + MOVO A2, A3; MOVO B2, B3; MOVO C2, C3; MOVO D2, D3; PADDL ·sseIncMask<>(SB), D3 + + // Store counters + MOVO D0, ctr0Store; MOVO D1, ctr1Store; MOVO D2, ctr2Store; MOVO D3, ctr3Store + + // There are 10 ChaCha20 iterations of 2QR each, so for 6 iterations we hash 2 blocks, and for the remaining 4 only 1 block - for a total of 16 + MOVQ $4, itr1 + MOVQ inp, itr2 + +openSSEInternalLoop: + MOVO C3, tmpStore + chachaQR(A0, B0, C0, D0, C3); chachaQR(A1, B1, C1, D1, C3); chachaQR(A2, B2, C2, D2, C3) + MOVO tmpStore, C3 + MOVO C1, tmpStore + chachaQR(A3, B3, C3, D3, C1) + MOVO tmpStore, C1 + polyAdd(0(itr2)) + shiftB0Left; shiftB1Left; shiftB2Left; shiftB3Left + shiftC0Left; shiftC1Left; shiftC2Left; shiftC3Left + shiftD0Left; shiftD1Left; shiftD2Left; shiftD3Left + polyMulStage1 + polyMulStage2 + LEAQ (2*8)(itr2), itr2 + MOVO C3, tmpStore + chachaQR(A0, B0, C0, D0, C3); chachaQR(A1, B1, C1, D1, C3); chachaQR(A2, B2, C2, D2, C3) + MOVO tmpStore, C3 + MOVO C1, tmpStore + polyMulStage3 + chachaQR(A3, B3, C3, D3, C1) + MOVO tmpStore, C1 + polyMulReduceStage + shiftB0Right; shiftB1Right; shiftB2Right; shiftB3Right + shiftC0Right; shiftC1Right; shiftC2Right; shiftC3Right + shiftD0Right; shiftD1Right; shiftD2Right; shiftD3Right + DECQ itr1 + JGE openSSEInternalLoop + + polyAdd(0(itr2)) + polyMul + LEAQ (2*8)(itr2), itr2 + + CMPQ itr1, $-6 + JG openSSEInternalLoop + + // Add in the state + PADDD ·chacha20Constants<>(SB), A0; PADDD ·chacha20Constants<>(SB), A1; PADDD ·chacha20Constants<>(SB), A2; PADDD ·chacha20Constants<>(SB), A3 + PADDD state1Store, B0; PADDD state1Store, B1; PADDD state1Store, B2; PADDD state1Store, B3 + PADDD state2Store, C0; PADDD state2Store, C1; PADDD state2Store, C2; PADDD state2Store, C3 + PADDD ctr0Store, D0; PADDD ctr1Store, D1; PADDD ctr2Store, D2; PADDD ctr3Store, D3 + + // Load - xor - store + MOVO D3, tmpStore + MOVOU (0*16)(inp), D3; PXOR D3, A0; MOVOU A0, (0*16)(oup) + MOVOU (1*16)(inp), D3; PXOR D3, B0; MOVOU B0, (1*16)(oup) + MOVOU (2*16)(inp), D3; PXOR D3, C0; MOVOU C0, (2*16)(oup) + MOVOU (3*16)(inp), D3; PXOR D3, D0; MOVOU D0, (3*16)(oup) + MOVOU (4*16)(inp), D0; PXOR D0, A1; MOVOU A1, (4*16)(oup) + MOVOU (5*16)(inp), D0; PXOR D0, B1; MOVOU B1, (5*16)(oup) + MOVOU (6*16)(inp), D0; PXOR D0, C1; MOVOU C1, (6*16)(oup) + MOVOU (7*16)(inp), D0; PXOR D0, D1; MOVOU D1, (7*16)(oup) + MOVOU (8*16)(inp), D0; PXOR D0, A2; MOVOU A2, (8*16)(oup) + MOVOU (9*16)(inp), D0; PXOR D0, B2; MOVOU B2, (9*16)(oup) + MOVOU (10*16)(inp), D0; PXOR D0, C2; MOVOU C2, (10*16)(oup) + MOVOU (11*16)(inp), D0; PXOR D0, D2; MOVOU D2, (11*16)(oup) + MOVOU (12*16)(inp), D0; PXOR D0, A3; MOVOU A3, (12*16)(oup) + MOVOU (13*16)(inp), D0; PXOR D0, B3; MOVOU B3, (13*16)(oup) + MOVOU (14*16)(inp), D0; PXOR D0, C3; MOVOU C3, (14*16)(oup) + MOVOU (15*16)(inp), D0; PXOR tmpStore, D0; MOVOU D0, (15*16)(oup) + LEAQ 256(inp), inp + LEAQ 256(oup), oup + SUBQ $256, inl + JMP openSSEMainLoop + +openSSEMainLoopDone: + // Handle the various tail sizes efficiently + TESTQ inl, inl + JE openSSEFinalize + CMPQ inl, $64 + JBE openSSETail64 + CMPQ inl, $128 + JBE openSSETail128 + CMPQ inl, $192 + JBE openSSETail192 + JMP openSSETail256 + +openSSEFinalize: + // Hash in the PT, AAD lengths + ADDQ ad_len+80(FP), acc0; ADCQ src_len+56(FP), acc1; ADCQ $1, acc2 + polyMul + + // Final reduce + MOVQ acc0, t0 + MOVQ acc1, t1 + MOVQ acc2, t2 + SUBQ $-5, acc0 + SBBQ $-1, acc1 + SBBQ $3, acc2 + CMOVQCS t0, acc0 + CMOVQCS t1, acc1 + CMOVQCS t2, acc2 + + // Add in the "s" part of the key + ADDQ 0+sStore, acc0 + ADCQ 8+sStore, acc1 + + // Finally, constant time compare to the tag at the end of the message + XORQ AX, AX + MOVQ $1, DX + XORQ (0*8)(inp), acc0 + XORQ (1*8)(inp), acc1 + ORQ acc1, acc0 + CMOVQEQ DX, AX + + // Return true iff tags are equal + MOVB AX, ret+96(FP) + RET + +// ---------------------------------------------------------------------------- +// Special optimization for buffers smaller than 129 bytes +openSSE128: + // For up to 128 bytes of ciphertext and 64 bytes for the poly key, we require to process three blocks + MOVOU ·chacha20Constants<>(SB), A0; MOVOU (1*16)(keyp), B0; MOVOU (2*16)(keyp), C0; MOVOU (3*16)(keyp), D0 + MOVO A0, A1; MOVO B0, B1; MOVO C0, C1; MOVO D0, D1; PADDL ·sseIncMask<>(SB), D1 + MOVO A1, A2; MOVO B1, B2; MOVO C1, C2; MOVO D1, D2; PADDL ·sseIncMask<>(SB), D2 + MOVO B0, T1; MOVO C0, T2; MOVO D1, T3 + MOVQ $10, itr2 + +openSSE128InnerCipherLoop: + chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0); chachaQR(A2, B2, C2, D2, T0) + shiftB0Left; shiftB1Left; shiftB2Left + shiftC0Left; shiftC1Left; shiftC2Left + shiftD0Left; shiftD1Left; shiftD2Left + chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0); chachaQR(A2, B2, C2, D2, T0) + shiftB0Right; shiftB1Right; shiftB2Right + shiftC0Right; shiftC1Right; shiftC2Right + shiftD0Right; shiftD1Right; shiftD2Right + DECQ itr2 + JNE openSSE128InnerCipherLoop + + // A0|B0 hold the Poly1305 32-byte key, C0,D0 can be discarded + PADDL ·chacha20Constants<>(SB), A0; PADDL ·chacha20Constants<>(SB), A1; PADDL ·chacha20Constants<>(SB), A2 + PADDL T1, B0; PADDL T1, B1; PADDL T1, B2 + PADDL T2, C1; PADDL T2, C2 + PADDL T3, D1; PADDL ·sseIncMask<>(SB), T3; PADDL T3, D2 + + // Clamp and store the key + PAND ·polyClampMask<>(SB), A0 + MOVOU A0, rStore; MOVOU B0, sStore + + // Hash + MOVQ ad_len+80(FP), itr2 + CALL polyHashADInternal<>(SB) + +openSSE128Open: + CMPQ inl, $16 + JB openSSETail16 + SUBQ $16, inl + + // Load for hashing + polyAdd(0(inp)) + + // Load for decryption + MOVOU (inp), T0; PXOR T0, A1; MOVOU A1, (oup) + LEAQ (1*16)(inp), inp + LEAQ (1*16)(oup), oup + polyMul + + // Shift the stream "left" + MOVO B1, A1 + MOVO C1, B1 + MOVO D1, C1 + MOVO A2, D1 + MOVO B2, A2 + MOVO C2, B2 + MOVO D2, C2 + JMP openSSE128Open + +openSSETail16: + TESTQ inl, inl + JE openSSEFinalize + + // We can safely load the CT from the end, because it is padded with the MAC + MOVQ inl, itr2 + SHLQ $4, itr2 + LEAQ ·andMask<>(SB), t0 + MOVOU (inp), T0 + ADDQ inl, inp + PAND -16(t0)(itr2*1), T0 + MOVO T0, 0+tmpStore + MOVQ T0, t0 + MOVQ 8+tmpStore, t1 + PXOR A1, T0 + + // We can only store one byte at a time, since plaintext can be shorter than 16 bytes +openSSETail16Store: + MOVQ T0, t3 + MOVB t3, (oup) + PSRLDQ $1, T0 + INCQ oup + DECQ inl + JNE openSSETail16Store + ADDQ t0, acc0; ADCQ t1, acc1; ADCQ $1, acc2 + polyMul + JMP openSSEFinalize + +// ---------------------------------------------------------------------------- +// Special optimization for the last 64 bytes of ciphertext +openSSETail64: + // Need to decrypt up to 64 bytes - prepare single block + MOVO ·chacha20Constants<>(SB), A0; MOVO state1Store, B0; MOVO state2Store, C0; MOVO ctr3Store, D0; PADDL ·sseIncMask<>(SB), D0; MOVO D0, ctr0Store + XORQ itr2, itr2 + MOVQ inl, itr1 + CMPQ itr1, $16 + JB openSSETail64LoopB + +openSSETail64LoopA: + // Perform ChaCha rounds, while hashing the remaining input + polyAdd(0(inp)(itr2*1)) + polyMul + SUBQ $16, itr1 + +openSSETail64LoopB: + ADDQ $16, itr2 + chachaQR(A0, B0, C0, D0, T0) + shiftB0Left; shiftC0Left; shiftD0Left + chachaQR(A0, B0, C0, D0, T0) + shiftB0Right; shiftC0Right; shiftD0Right + + CMPQ itr1, $16 + JAE openSSETail64LoopA + + CMPQ itr2, $160 + JNE openSSETail64LoopB + + PADDL ·chacha20Constants<>(SB), A0; PADDL state1Store, B0; PADDL state2Store, C0; PADDL ctr0Store, D0 + +openSSETail64DecLoop: + CMPQ inl, $16 + JB openSSETail64DecLoopDone + SUBQ $16, inl + MOVOU (inp), T0 + PXOR T0, A0 + MOVOU A0, (oup) + LEAQ 16(inp), inp + LEAQ 16(oup), oup + MOVO B0, A0 + MOVO C0, B0 + MOVO D0, C0 + JMP openSSETail64DecLoop + +openSSETail64DecLoopDone: + MOVO A0, A1 + JMP openSSETail16 + +// ---------------------------------------------------------------------------- +// Special optimization for the last 128 bytes of ciphertext +openSSETail128: + // Need to decrypt up to 128 bytes - prepare two blocks + MOVO ·chacha20Constants<>(SB), A1; MOVO state1Store, B1; MOVO state2Store, C1; MOVO ctr3Store, D1; PADDL ·sseIncMask<>(SB), D1; MOVO D1, ctr0Store + MOVO A1, A0; MOVO B1, B0; MOVO C1, C0; MOVO D1, D0; PADDL ·sseIncMask<>(SB), D0; MOVO D0, ctr1Store + XORQ itr2, itr2 + MOVQ inl, itr1 + ANDQ $-16, itr1 + +openSSETail128LoopA: + // Perform ChaCha rounds, while hashing the remaining input + polyAdd(0(inp)(itr2*1)) + polyMul + +openSSETail128LoopB: + ADDQ $16, itr2 + chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0) + shiftB0Left; shiftC0Left; shiftD0Left + shiftB1Left; shiftC1Left; shiftD1Left + chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0) + shiftB0Right; shiftC0Right; shiftD0Right + shiftB1Right; shiftC1Right; shiftD1Right + + CMPQ itr2, itr1 + JB openSSETail128LoopA + + CMPQ itr2, $160 + JNE openSSETail128LoopB + + PADDL ·chacha20Constants<>(SB), A0; PADDL ·chacha20Constants<>(SB), A1 + PADDL state1Store, B0; PADDL state1Store, B1 + PADDL state2Store, C0; PADDL state2Store, C1 + PADDL ctr1Store, D0; PADDL ctr0Store, D1 + + MOVOU (0*16)(inp), T0; MOVOU (1*16)(inp), T1; MOVOU (2*16)(inp), T2; MOVOU (3*16)(inp), T3 + PXOR T0, A1; PXOR T1, B1; PXOR T2, C1; PXOR T3, D1 + MOVOU A1, (0*16)(oup); MOVOU B1, (1*16)(oup); MOVOU C1, (2*16)(oup); MOVOU D1, (3*16)(oup) + + SUBQ $64, inl + LEAQ 64(inp), inp + LEAQ 64(oup), oup + JMP openSSETail64DecLoop + +// ---------------------------------------------------------------------------- +// Special optimization for the last 192 bytes of ciphertext +openSSETail192: + // Need to decrypt up to 192 bytes - prepare three blocks + MOVO ·chacha20Constants<>(SB), A2; MOVO state1Store, B2; MOVO state2Store, C2; MOVO ctr3Store, D2; PADDL ·sseIncMask<>(SB), D2; MOVO D2, ctr0Store + MOVO A2, A1; MOVO B2, B1; MOVO C2, C1; MOVO D2, D1; PADDL ·sseIncMask<>(SB), D1; MOVO D1, ctr1Store + MOVO A1, A0; MOVO B1, B0; MOVO C1, C0; MOVO D1, D0; PADDL ·sseIncMask<>(SB), D0; MOVO D0, ctr2Store + + MOVQ inl, itr1 + MOVQ $160, itr2 + CMPQ itr1, $160 + CMOVQGT itr2, itr1 + ANDQ $-16, itr1 + XORQ itr2, itr2 + +openSSLTail192LoopA: + // Perform ChaCha rounds, while hashing the remaining input + polyAdd(0(inp)(itr2*1)) + polyMul + +openSSLTail192LoopB: + ADDQ $16, itr2 + chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0); chachaQR(A2, B2, C2, D2, T0) + shiftB0Left; shiftC0Left; shiftD0Left + shiftB1Left; shiftC1Left; shiftD1Left + shiftB2Left; shiftC2Left; shiftD2Left + + chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0); chachaQR(A2, B2, C2, D2, T0) + shiftB0Right; shiftC0Right; shiftD0Right + shiftB1Right; shiftC1Right; shiftD1Right + shiftB2Right; shiftC2Right; shiftD2Right + + CMPQ itr2, itr1 + JB openSSLTail192LoopA + + CMPQ itr2, $160 + JNE openSSLTail192LoopB + + CMPQ inl, $176 + JB openSSLTail192Store + + polyAdd(160(inp)) + polyMul + + CMPQ inl, $192 + JB openSSLTail192Store + + polyAdd(176(inp)) + polyMul + +openSSLTail192Store: + PADDL ·chacha20Constants<>(SB), A0; PADDL ·chacha20Constants<>(SB), A1; PADDL ·chacha20Constants<>(SB), A2 + PADDL state1Store, B0; PADDL state1Store, B1; PADDL state1Store, B2 + PADDL state2Store, C0; PADDL state2Store, C1; PADDL state2Store, C2 + PADDL ctr2Store, D0; PADDL ctr1Store, D1; PADDL ctr0Store, D2 + + MOVOU (0*16)(inp), T0; MOVOU (1*16)(inp), T1; MOVOU (2*16)(inp), T2; MOVOU (3*16)(inp), T3 + PXOR T0, A2; PXOR T1, B2; PXOR T2, C2; PXOR T3, D2 + MOVOU A2, (0*16)(oup); MOVOU B2, (1*16)(oup); MOVOU C2, (2*16)(oup); MOVOU D2, (3*16)(oup) + + MOVOU (4*16)(inp), T0; MOVOU (5*16)(inp), T1; MOVOU (6*16)(inp), T2; MOVOU (7*16)(inp), T3 + PXOR T0, A1; PXOR T1, B1; PXOR T2, C1; PXOR T3, D1 + MOVOU A1, (4*16)(oup); MOVOU B1, (5*16)(oup); MOVOU C1, (6*16)(oup); MOVOU D1, (7*16)(oup) + + SUBQ $128, inl + LEAQ 128(inp), inp + LEAQ 128(oup), oup + JMP openSSETail64DecLoop + +// ---------------------------------------------------------------------------- +// Special optimization for the last 256 bytes of ciphertext +openSSETail256: + // Need to decrypt up to 256 bytes - prepare four blocks + MOVO ·chacha20Constants<>(SB), A0; MOVO state1Store, B0; MOVO state2Store, C0; MOVO ctr3Store, D0; PADDL ·sseIncMask<>(SB), D0 + MOVO A0, A1; MOVO B0, B1; MOVO C0, C1; MOVO D0, D1; PADDL ·sseIncMask<>(SB), D1 + MOVO A1, A2; MOVO B1, B2; MOVO C1, C2; MOVO D1, D2; PADDL ·sseIncMask<>(SB), D2 + MOVO A2, A3; MOVO B2, B3; MOVO C2, C3; MOVO D2, D3; PADDL ·sseIncMask<>(SB), D3 + + // Store counters + MOVO D0, ctr0Store; MOVO D1, ctr1Store; MOVO D2, ctr2Store; MOVO D3, ctr3Store + XORQ itr2, itr2 + +openSSETail256Loop: + // This loop inteleaves 8 ChaCha quarter rounds with 1 poly multiplication + polyAdd(0(inp)(itr2*1)) + MOVO C3, tmpStore + chachaQR(A0, B0, C0, D0, C3); chachaQR(A1, B1, C1, D1, C3); chachaQR(A2, B2, C2, D2, C3) + MOVO tmpStore, C3 + MOVO C1, tmpStore + chachaQR(A3, B3, C3, D3, C1) + MOVO tmpStore, C1 + shiftB0Left; shiftB1Left; shiftB2Left; shiftB3Left + shiftC0Left; shiftC1Left; shiftC2Left; shiftC3Left + shiftD0Left; shiftD1Left; shiftD2Left; shiftD3Left + polyMulStage1 + polyMulStage2 + MOVO C3, tmpStore + chachaQR(A0, B0, C0, D0, C3); chachaQR(A1, B1, C1, D1, C3); chachaQR(A2, B2, C2, D2, C3) + MOVO tmpStore, C3 + MOVO C1, tmpStore + chachaQR(A3, B3, C3, D3, C1) + MOVO tmpStore, C1 + polyMulStage3 + polyMulReduceStage + shiftB0Right; shiftB1Right; shiftB2Right; shiftB3Right + shiftC0Right; shiftC1Right; shiftC2Right; shiftC3Right + shiftD0Right; shiftD1Right; shiftD2Right; shiftD3Right + ADDQ $2*8, itr2 + CMPQ itr2, $160 + JB openSSETail256Loop + MOVQ inl, itr1 + ANDQ $-16, itr1 + +openSSETail256HashLoop: + polyAdd(0(inp)(itr2*1)) + polyMul + ADDQ $2*8, itr2 + CMPQ itr2, itr1 + JB openSSETail256HashLoop + + // Add in the state + PADDD ·chacha20Constants<>(SB), A0; PADDD ·chacha20Constants<>(SB), A1; PADDD ·chacha20Constants<>(SB), A2; PADDD ·chacha20Constants<>(SB), A3 + PADDD state1Store, B0; PADDD state1Store, B1; PADDD state1Store, B2; PADDD state1Store, B3 + PADDD state2Store, C0; PADDD state2Store, C1; PADDD state2Store, C2; PADDD state2Store, C3 + PADDD ctr0Store, D0; PADDD ctr1Store, D1; PADDD ctr2Store, D2; PADDD ctr3Store, D3 + MOVO D3, tmpStore + + // Load - xor - store + MOVOU (0*16)(inp), D3; PXOR D3, A0 + MOVOU (1*16)(inp), D3; PXOR D3, B0 + MOVOU (2*16)(inp), D3; PXOR D3, C0 + MOVOU (3*16)(inp), D3; PXOR D3, D0 + MOVOU A0, (0*16)(oup) + MOVOU B0, (1*16)(oup) + MOVOU C0, (2*16)(oup) + MOVOU D0, (3*16)(oup) + MOVOU (4*16)(inp), A0; MOVOU (5*16)(inp), B0; MOVOU (6*16)(inp), C0; MOVOU (7*16)(inp), D0 + PXOR A0, A1; PXOR B0, B1; PXOR C0, C1; PXOR D0, D1 + MOVOU A1, (4*16)(oup); MOVOU B1, (5*16)(oup); MOVOU C1, (6*16)(oup); MOVOU D1, (7*16)(oup) + MOVOU (8*16)(inp), A0; MOVOU (9*16)(inp), B0; MOVOU (10*16)(inp), C0; MOVOU (11*16)(inp), D0 + PXOR A0, A2; PXOR B0, B2; PXOR C0, C2; PXOR D0, D2 + MOVOU A2, (8*16)(oup); MOVOU B2, (9*16)(oup); MOVOU C2, (10*16)(oup); MOVOU D2, (11*16)(oup) + LEAQ 192(inp), inp + LEAQ 192(oup), oup + SUBQ $192, inl + MOVO A3, A0 + MOVO B3, B0 + MOVO C3, C0 + MOVO tmpStore, D0 + + JMP openSSETail64DecLoop + +// ---------------------------------------------------------------------------- +// ------------------------- AVX2 Code ---------------------------------------- +chacha20Poly1305Open_AVX2: + VZEROUPPER + VMOVDQU ·chacha20Constants<>(SB), AA0 + BYTE $0xc4; BYTE $0x42; BYTE $0x7d; BYTE $0x5a; BYTE $0x70; BYTE $0x10 // broadcasti128 16(r8), ymm14 + BYTE $0xc4; BYTE $0x42; BYTE $0x7d; BYTE $0x5a; BYTE $0x60; BYTE $0x20 // broadcasti128 32(r8), ymm12 + BYTE $0xc4; BYTE $0xc2; BYTE $0x7d; BYTE $0x5a; BYTE $0x60; BYTE $0x30 // broadcasti128 48(r8), ymm4 + VPADDD ·avx2InitMask<>(SB), DD0, DD0 + + // Special optimization, for very short buffers + CMPQ inl, $192 + JBE openAVX2192 + CMPQ inl, $320 + JBE openAVX2320 + + // For the general key prepare the key first - as a byproduct we have 64 bytes of cipher stream + VMOVDQA BB0, state1StoreAVX2 + VMOVDQA CC0, state2StoreAVX2 + VMOVDQA DD0, ctr3StoreAVX2 + MOVQ $10, itr2 + +openAVX2PreparePolyKey: + chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0) + VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $12, DD0, DD0, DD0 + chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0) + VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $4, DD0, DD0, DD0 + DECQ itr2 + JNE openAVX2PreparePolyKey + + VPADDD ·chacha20Constants<>(SB), AA0, AA0 + VPADDD state1StoreAVX2, BB0, BB0 + VPADDD state2StoreAVX2, CC0, CC0 + VPADDD ctr3StoreAVX2, DD0, DD0 + + VPERM2I128 $0x02, AA0, BB0, TT0 + + // Clamp and store poly key + VPAND ·polyClampMask<>(SB), TT0, TT0 + VMOVDQA TT0, rsStoreAVX2 + + // Stream for the first 64 bytes + VPERM2I128 $0x13, AA0, BB0, AA0 + VPERM2I128 $0x13, CC0, DD0, BB0 + + // Hash AD + first 64 bytes + MOVQ ad_len+80(FP), itr2 + CALL polyHashADInternal<>(SB) + XORQ itr1, itr1 + +openAVX2InitialHash64: + polyAdd(0(inp)(itr1*1)) + polyMulAVX2 + ADDQ $16, itr1 + CMPQ itr1, $64 + JNE openAVX2InitialHash64 + + // Decrypt the first 64 bytes + VPXOR (0*32)(inp), AA0, AA0 + VPXOR (1*32)(inp), BB0, BB0 + VMOVDQU AA0, (0*32)(oup) + VMOVDQU BB0, (1*32)(oup) + LEAQ (2*32)(inp), inp + LEAQ (2*32)(oup), oup + SUBQ $64, inl + +openAVX2MainLoop: + CMPQ inl, $512 + JB openAVX2MainLoopDone + + // Load state, increment counter blocks, store the incremented counters + VMOVDQU ·chacha20Constants<>(SB), AA0; VMOVDQA AA0, AA1; VMOVDQA AA0, AA2; VMOVDQA AA0, AA3 + VMOVDQA state1StoreAVX2, BB0; VMOVDQA BB0, BB1; VMOVDQA BB0, BB2; VMOVDQA BB0, BB3 + VMOVDQA state2StoreAVX2, CC0; VMOVDQA CC0, CC1; VMOVDQA CC0, CC2; VMOVDQA CC0, CC3 + VMOVDQA ctr3StoreAVX2, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD1; VPADDD ·avx2IncMask<>(SB), DD1, DD2; VPADDD ·avx2IncMask<>(SB), DD2, DD3 + VMOVDQA DD0, ctr0StoreAVX2; VMOVDQA DD1, ctr1StoreAVX2; VMOVDQA DD2, ctr2StoreAVX2; VMOVDQA DD3, ctr3StoreAVX2 + XORQ itr1, itr1 + +openAVX2InternalLoop: + // Lets just say this spaghetti loop interleaves 2 quarter rounds with 3 poly multiplications + // Effectively per 512 bytes of stream we hash 480 bytes of ciphertext + polyAdd(0*8(inp)(itr1*1)) + VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3 + polyMulStage1_AVX2 + VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3 + VPSHUFB ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3 + polyMulStage2_AVX2 + VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3 + VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3 + polyMulStage3_AVX2 + VMOVDQA CC3, tmpStoreAVX2 + VPSLLD $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0 + VPSLLD $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1 + VPSLLD $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2 + VPSLLD $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3 + VMOVDQA tmpStoreAVX2, CC3 + polyMulReduceStage + VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3 + VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3 + VPSHUFB ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), DD3, DD3 + polyAdd(2*8(inp)(itr1*1)) + VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3 + polyMulStage1_AVX2 + VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3 + VMOVDQA CC3, tmpStoreAVX2 + VPSLLD $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0 + VPSLLD $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1 + VPSLLD $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2 + VPSLLD $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3 + VMOVDQA tmpStoreAVX2, CC3 + polyMulStage2_AVX2 + VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $4, BB2, BB2, BB2; VPALIGNR $4, BB3, BB3, BB3 + VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $8, CC3, CC3, CC3 + VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1; VPALIGNR $12, DD2, DD2, DD2; VPALIGNR $12, DD3, DD3, DD3 + VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3 + polyMulStage3_AVX2 + VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3 + VPSHUFB ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3 + polyMulReduceStage + VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3 + VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3 + polyAdd(4*8(inp)(itr1*1)) + LEAQ (6*8)(itr1), itr1 + VMOVDQA CC3, tmpStoreAVX2 + VPSLLD $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0 + VPSLLD $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1 + VPSLLD $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2 + VPSLLD $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3 + VMOVDQA tmpStoreAVX2, CC3 + polyMulStage1_AVX2 + VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3 + VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3 + polyMulStage2_AVX2 + VPSHUFB ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), DD3, DD3 + VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3 + polyMulStage3_AVX2 + VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3 + VMOVDQA CC3, tmpStoreAVX2 + VPSLLD $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0 + VPSLLD $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1 + VPSLLD $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2 + VPSLLD $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3 + VMOVDQA tmpStoreAVX2, CC3 + polyMulReduceStage + VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $12, BB2, BB2, BB2; VPALIGNR $12, BB3, BB3, BB3 + VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $8, CC3, CC3, CC3 + VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1; VPALIGNR $4, DD2, DD2, DD2; VPALIGNR $4, DD3, DD3, DD3 + CMPQ itr1, $480 + JNE openAVX2InternalLoop + + VPADDD ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1; VPADDD ·chacha20Constants<>(SB), AA2, AA2; VPADDD ·chacha20Constants<>(SB), AA3, AA3 + VPADDD state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1; VPADDD state1StoreAVX2, BB2, BB2; VPADDD state1StoreAVX2, BB3, BB3 + VPADDD state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1; VPADDD state2StoreAVX2, CC2, CC2; VPADDD state2StoreAVX2, CC3, CC3 + VPADDD ctr0StoreAVX2, DD0, DD0; VPADDD ctr1StoreAVX2, DD1, DD1; VPADDD ctr2StoreAVX2, DD2, DD2; VPADDD ctr3StoreAVX2, DD3, DD3 + VMOVDQA CC3, tmpStoreAVX2 + + // We only hashed 480 of the 512 bytes available - hash the remaining 32 here + polyAdd(480(inp)) + polyMulAVX2 + VPERM2I128 $0x02, AA0, BB0, CC3; VPERM2I128 $0x13, AA0, BB0, BB0; VPERM2I128 $0x02, CC0, DD0, AA0; VPERM2I128 $0x13, CC0, DD0, CC0 + VPXOR (0*32)(inp), CC3, CC3; VPXOR (1*32)(inp), AA0, AA0; VPXOR (2*32)(inp), BB0, BB0; VPXOR (3*32)(inp), CC0, CC0 + VMOVDQU CC3, (0*32)(oup); VMOVDQU AA0, (1*32)(oup); VMOVDQU BB0, (2*32)(oup); VMOVDQU CC0, (3*32)(oup) + VPERM2I128 $0x02, AA1, BB1, AA0; VPERM2I128 $0x02, CC1, DD1, BB0; VPERM2I128 $0x13, AA1, BB1, CC0; VPERM2I128 $0x13, CC1, DD1, DD0 + VPXOR (4*32)(inp), AA0, AA0; VPXOR (5*32)(inp), BB0, BB0; VPXOR (6*32)(inp), CC0, CC0; VPXOR (7*32)(inp), DD0, DD0 + VMOVDQU AA0, (4*32)(oup); VMOVDQU BB0, (5*32)(oup); VMOVDQU CC0, (6*32)(oup); VMOVDQU DD0, (7*32)(oup) + + // and here + polyAdd(496(inp)) + polyMulAVX2 + VPERM2I128 $0x02, AA2, BB2, AA0; VPERM2I128 $0x02, CC2, DD2, BB0; VPERM2I128 $0x13, AA2, BB2, CC0; VPERM2I128 $0x13, CC2, DD2, DD0 + VPXOR (8*32)(inp), AA0, AA0; VPXOR (9*32)(inp), BB0, BB0; VPXOR (10*32)(inp), CC0, CC0; VPXOR (11*32)(inp), DD0, DD0 + VMOVDQU AA0, (8*32)(oup); VMOVDQU BB0, (9*32)(oup); VMOVDQU CC0, (10*32)(oup); VMOVDQU DD0, (11*32)(oup) + VPERM2I128 $0x02, AA3, BB3, AA0; VPERM2I128 $0x02, tmpStoreAVX2, DD3, BB0; VPERM2I128 $0x13, AA3, BB3, CC0; VPERM2I128 $0x13, tmpStoreAVX2, DD3, DD0 + VPXOR (12*32)(inp), AA0, AA0; VPXOR (13*32)(inp), BB0, BB0; VPXOR (14*32)(inp), CC0, CC0; VPXOR (15*32)(inp), DD0, DD0 + VMOVDQU AA0, (12*32)(oup); VMOVDQU BB0, (13*32)(oup); VMOVDQU CC0, (14*32)(oup); VMOVDQU DD0, (15*32)(oup) + LEAQ (32*16)(inp), inp + LEAQ (32*16)(oup), oup + SUBQ $(32*16), inl + JMP openAVX2MainLoop + +openAVX2MainLoopDone: + // Handle the various tail sizes efficiently + TESTQ inl, inl + JE openSSEFinalize + CMPQ inl, $128 + JBE openAVX2Tail128 + CMPQ inl, $256 + JBE openAVX2Tail256 + CMPQ inl, $384 + JBE openAVX2Tail384 + JMP openAVX2Tail512 + +// ---------------------------------------------------------------------------- +// Special optimization for buffers smaller than 193 bytes +openAVX2192: + // For up to 192 bytes of ciphertext and 64 bytes for the poly key, we process four blocks + VMOVDQA AA0, AA1 + VMOVDQA BB0, BB1 + VMOVDQA CC0, CC1 + VPADDD ·avx2IncMask<>(SB), DD0, DD1 + VMOVDQA AA0, AA2 + VMOVDQA BB0, BB2 + VMOVDQA CC0, CC2 + VMOVDQA DD0, DD2 + VMOVDQA DD1, TT3 + MOVQ $10, itr2 + +openAVX2192InnerCipherLoop: + chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0) + VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1 + VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1 + VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1 + chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0) + VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1 + VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1 + VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1 + DECQ itr2 + JNE openAVX2192InnerCipherLoop + VPADDD AA2, AA0, AA0; VPADDD AA2, AA1, AA1 + VPADDD BB2, BB0, BB0; VPADDD BB2, BB1, BB1 + VPADDD CC2, CC0, CC0; VPADDD CC2, CC1, CC1 + VPADDD DD2, DD0, DD0; VPADDD TT3, DD1, DD1 + VPERM2I128 $0x02, AA0, BB0, TT0 + + // Clamp and store poly key + VPAND ·polyClampMask<>(SB), TT0, TT0 + VMOVDQA TT0, rsStoreAVX2 + + // Stream for up to 192 bytes + VPERM2I128 $0x13, AA0, BB0, AA0 + VPERM2I128 $0x13, CC0, DD0, BB0 + VPERM2I128 $0x02, AA1, BB1, CC0 + VPERM2I128 $0x02, CC1, DD1, DD0 + VPERM2I128 $0x13, AA1, BB1, AA1 + VPERM2I128 $0x13, CC1, DD1, BB1 + +openAVX2ShortOpen: + // Hash + MOVQ ad_len+80(FP), itr2 + CALL polyHashADInternal<>(SB) + +openAVX2ShortOpenLoop: + CMPQ inl, $32 + JB openAVX2ShortTail32 + SUBQ $32, inl + + // Load for hashing + polyAdd(0*8(inp)) + polyMulAVX2 + polyAdd(2*8(inp)) + polyMulAVX2 + + // Load for decryption + VPXOR (inp), AA0, AA0 + VMOVDQU AA0, (oup) + LEAQ (1*32)(inp), inp + LEAQ (1*32)(oup), oup + + // Shift stream left + VMOVDQA BB0, AA0 + VMOVDQA CC0, BB0 + VMOVDQA DD0, CC0 + VMOVDQA AA1, DD0 + VMOVDQA BB1, AA1 + VMOVDQA CC1, BB1 + VMOVDQA DD1, CC1 + VMOVDQA AA2, DD1 + VMOVDQA BB2, AA2 + JMP openAVX2ShortOpenLoop + +openAVX2ShortTail32: + CMPQ inl, $16 + VMOVDQA A0, A1 + JB openAVX2ShortDone + + SUBQ $16, inl + + // Load for hashing + polyAdd(0*8(inp)) + polyMulAVX2 + + // Load for decryption + VPXOR (inp), A0, T0 + VMOVDQU T0, (oup) + LEAQ (1*16)(inp), inp + LEAQ (1*16)(oup), oup + VPERM2I128 $0x11, AA0, AA0, AA0 + VMOVDQA A0, A1 + +openAVX2ShortDone: + VZEROUPPER + JMP openSSETail16 + +// ---------------------------------------------------------------------------- +// Special optimization for buffers smaller than 321 bytes +openAVX2320: + // For up to 320 bytes of ciphertext and 64 bytes for the poly key, we process six blocks + VMOVDQA AA0, AA1; VMOVDQA BB0, BB1; VMOVDQA CC0, CC1; VPADDD ·avx2IncMask<>(SB), DD0, DD1 + VMOVDQA AA0, AA2; VMOVDQA BB0, BB2; VMOVDQA CC0, CC2; VPADDD ·avx2IncMask<>(SB), DD1, DD2 + VMOVDQA BB0, TT1; VMOVDQA CC0, TT2; VMOVDQA DD0, TT3 + MOVQ $10, itr2 + +openAVX2320InnerCipherLoop: + chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, TT0) + VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $4, BB2, BB2, BB2 + VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2 + VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1; VPALIGNR $12, DD2, DD2, DD2 + chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, TT0) + VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $12, BB2, BB2, BB2 + VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2 + VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1; VPALIGNR $4, DD2, DD2, DD2 + DECQ itr2 + JNE openAVX2320InnerCipherLoop + + VMOVDQA ·chacha20Constants<>(SB), TT0 + VPADDD TT0, AA0, AA0; VPADDD TT0, AA1, AA1; VPADDD TT0, AA2, AA2 + VPADDD TT1, BB0, BB0; VPADDD TT1, BB1, BB1; VPADDD TT1, BB2, BB2 + VPADDD TT2, CC0, CC0; VPADDD TT2, CC1, CC1; VPADDD TT2, CC2, CC2 + VMOVDQA ·avx2IncMask<>(SB), TT0 + VPADDD TT3, DD0, DD0; VPADDD TT0, TT3, TT3 + VPADDD TT3, DD1, DD1; VPADDD TT0, TT3, TT3 + VPADDD TT3, DD2, DD2 + + // Clamp and store poly key + VPERM2I128 $0x02, AA0, BB0, TT0 + VPAND ·polyClampMask<>(SB), TT0, TT0 + VMOVDQA TT0, rsStoreAVX2 + + // Stream for up to 320 bytes + VPERM2I128 $0x13, AA0, BB0, AA0 + VPERM2I128 $0x13, CC0, DD0, BB0 + VPERM2I128 $0x02, AA1, BB1, CC0 + VPERM2I128 $0x02, CC1, DD1, DD0 + VPERM2I128 $0x13, AA1, BB1, AA1 + VPERM2I128 $0x13, CC1, DD1, BB1 + VPERM2I128 $0x02, AA2, BB2, CC1 + VPERM2I128 $0x02, CC2, DD2, DD1 + VPERM2I128 $0x13, AA2, BB2, AA2 + VPERM2I128 $0x13, CC2, DD2, BB2 + JMP openAVX2ShortOpen + +// ---------------------------------------------------------------------------- +// Special optimization for the last 128 bytes of ciphertext +openAVX2Tail128: + // Need to decrypt up to 128 bytes - prepare two blocks + VMOVDQA ·chacha20Constants<>(SB), AA1 + VMOVDQA state1StoreAVX2, BB1 + VMOVDQA state2StoreAVX2, CC1 + VMOVDQA ctr3StoreAVX2, DD1 + VPADDD ·avx2IncMask<>(SB), DD1, DD1 + VMOVDQA DD1, DD0 + + XORQ itr2, itr2 + MOVQ inl, itr1 + ANDQ $-16, itr1 + TESTQ itr1, itr1 + JE openAVX2Tail128LoopB + +openAVX2Tail128LoopA: + // Perform ChaCha rounds, while hashing the remaining input + polyAdd(0(inp)(itr2*1)) + polyMulAVX2 + +openAVX2Tail128LoopB: + ADDQ $16, itr2 + chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0) + VPALIGNR $4, BB1, BB1, BB1 + VPALIGNR $8, CC1, CC1, CC1 + VPALIGNR $12, DD1, DD1, DD1 + chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0) + VPALIGNR $12, BB1, BB1, BB1 + VPALIGNR $8, CC1, CC1, CC1 + VPALIGNR $4, DD1, DD1, DD1 + CMPQ itr2, itr1 + JB openAVX2Tail128LoopA + CMPQ itr2, $160 + JNE openAVX2Tail128LoopB + + VPADDD ·chacha20Constants<>(SB), AA1, AA1 + VPADDD state1StoreAVX2, BB1, BB1 + VPADDD state2StoreAVX2, CC1, CC1 + VPADDD DD0, DD1, DD1 + VPERM2I128 $0x02, AA1, BB1, AA0; VPERM2I128 $0x02, CC1, DD1, BB0; VPERM2I128 $0x13, AA1, BB1, CC0; VPERM2I128 $0x13, CC1, DD1, DD0 + +openAVX2TailLoop: + CMPQ inl, $32 + JB openAVX2Tail + SUBQ $32, inl + + // Load for decryption + VPXOR (inp), AA0, AA0 + VMOVDQU AA0, (oup) + LEAQ (1*32)(inp), inp + LEAQ (1*32)(oup), oup + VMOVDQA BB0, AA0 + VMOVDQA CC0, BB0 + VMOVDQA DD0, CC0 + JMP openAVX2TailLoop + +openAVX2Tail: + CMPQ inl, $16 + VMOVDQA A0, A1 + JB openAVX2TailDone + SUBQ $16, inl + + // Load for decryption + VPXOR (inp), A0, T0 + VMOVDQU T0, (oup) + LEAQ (1*16)(inp), inp + LEAQ (1*16)(oup), oup + VPERM2I128 $0x11, AA0, AA0, AA0 + VMOVDQA A0, A1 + +openAVX2TailDone: + VZEROUPPER + JMP openSSETail16 + +// ---------------------------------------------------------------------------- +// Special optimization for the last 256 bytes of ciphertext +openAVX2Tail256: + // Need to decrypt up to 256 bytes - prepare four blocks + VMOVDQA ·chacha20Constants<>(SB), AA0; VMOVDQA AA0, AA1 + VMOVDQA state1StoreAVX2, BB0; VMOVDQA BB0, BB1 + VMOVDQA state2StoreAVX2, CC0; VMOVDQA CC0, CC1 + VMOVDQA ctr3StoreAVX2, DD0 + VPADDD ·avx2IncMask<>(SB), DD0, DD0 + VPADDD ·avx2IncMask<>(SB), DD0, DD1 + VMOVDQA DD0, TT1 + VMOVDQA DD1, TT2 + + // Compute the number of iterations that will hash data + MOVQ inl, tmpStoreAVX2 + MOVQ inl, itr1 + SUBQ $128, itr1 + SHRQ $4, itr1 + MOVQ $10, itr2 + CMPQ itr1, $10 + CMOVQGT itr2, itr1 + MOVQ inp, inl + XORQ itr2, itr2 + +openAVX2Tail256LoopA: + polyAdd(0(inl)) + polyMulAVX2 + LEAQ 16(inl), inl + + // Perform ChaCha rounds, while hashing the remaining input +openAVX2Tail256LoopB: + chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0) + VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1 + VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1 + VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1 + INCQ itr2 + chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0) + VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1 + VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1 + VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1 + CMPQ itr2, itr1 + JB openAVX2Tail256LoopA + + CMPQ itr2, $10 + JNE openAVX2Tail256LoopB + + MOVQ inl, itr2 + SUBQ inp, inl + MOVQ inl, itr1 + MOVQ tmpStoreAVX2, inl + + // Hash the remainder of data (if any) +openAVX2Tail256Hash: + ADDQ $16, itr1 + CMPQ itr1, inl + JGT openAVX2Tail256HashEnd + polyAdd (0(itr2)) + polyMulAVX2 + LEAQ 16(itr2), itr2 + JMP openAVX2Tail256Hash + +// Store 128 bytes safely, then go to store loop +openAVX2Tail256HashEnd: + VPADDD ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1 + VPADDD state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1 + VPADDD state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1 + VPADDD TT1, DD0, DD0; VPADDD TT2, DD1, DD1 + VPERM2I128 $0x02, AA0, BB0, AA2; VPERM2I128 $0x02, CC0, DD0, BB2; VPERM2I128 $0x13, AA0, BB0, CC2; VPERM2I128 $0x13, CC0, DD0, DD2 + VPERM2I128 $0x02, AA1, BB1, AA0; VPERM2I128 $0x02, CC1, DD1, BB0; VPERM2I128 $0x13, AA1, BB1, CC0; VPERM2I128 $0x13, CC1, DD1, DD0 + + VPXOR (0*32)(inp), AA2, AA2; VPXOR (1*32)(inp), BB2, BB2; VPXOR (2*32)(inp), CC2, CC2; VPXOR (3*32)(inp), DD2, DD2 + VMOVDQU AA2, (0*32)(oup); VMOVDQU BB2, (1*32)(oup); VMOVDQU CC2, (2*32)(oup); VMOVDQU DD2, (3*32)(oup) + LEAQ (4*32)(inp), inp + LEAQ (4*32)(oup), oup + SUBQ $4*32, inl + + JMP openAVX2TailLoop + +// ---------------------------------------------------------------------------- +// Special optimization for the last 384 bytes of ciphertext +openAVX2Tail384: + // Need to decrypt up to 384 bytes - prepare six blocks + VMOVDQA ·chacha20Constants<>(SB), AA0; VMOVDQA AA0, AA1; VMOVDQA AA0, AA2 + VMOVDQA state1StoreAVX2, BB0; VMOVDQA BB0, BB1; VMOVDQA BB0, BB2 + VMOVDQA state2StoreAVX2, CC0; VMOVDQA CC0, CC1; VMOVDQA CC0, CC2 + VMOVDQA ctr3StoreAVX2, DD0 + VPADDD ·avx2IncMask<>(SB), DD0, DD0 + VPADDD ·avx2IncMask<>(SB), DD0, DD1 + VPADDD ·avx2IncMask<>(SB), DD1, DD2 + VMOVDQA DD0, ctr0StoreAVX2 + VMOVDQA DD1, ctr1StoreAVX2 + VMOVDQA DD2, ctr2StoreAVX2 + + // Compute the number of iterations that will hash two blocks of data + MOVQ inl, tmpStoreAVX2 + MOVQ inl, itr1 + SUBQ $256, itr1 + SHRQ $4, itr1 + ADDQ $6, itr1 + MOVQ $10, itr2 + CMPQ itr1, $10 + CMOVQGT itr2, itr1 + MOVQ inp, inl + XORQ itr2, itr2 + + // Perform ChaCha rounds, while hashing the remaining input +openAVX2Tail384LoopB: + polyAdd(0(inl)) + polyMulAVX2 + LEAQ 16(inl), inl + +openAVX2Tail384LoopA: + chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, TT0) + VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $4, BB2, BB2, BB2 + VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2 + VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1; VPALIGNR $12, DD2, DD2, DD2 + polyAdd(0(inl)) + polyMulAVX2 + LEAQ 16(inl), inl + INCQ itr2 + chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, TT0) + VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $12, BB2, BB2, BB2 + VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2 + VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1; VPALIGNR $4, DD2, DD2, DD2 + + CMPQ itr2, itr1 + JB openAVX2Tail384LoopB + + CMPQ itr2, $10 + JNE openAVX2Tail384LoopA + + MOVQ inl, itr2 + SUBQ inp, inl + MOVQ inl, itr1 + MOVQ tmpStoreAVX2, inl + +openAVX2Tail384Hash: + ADDQ $16, itr1 + CMPQ itr1, inl + JGT openAVX2Tail384HashEnd + polyAdd(0(itr2)) + polyMulAVX2 + LEAQ 16(itr2), itr2 + JMP openAVX2Tail384Hash + +// Store 256 bytes safely, then go to store loop +openAVX2Tail384HashEnd: + VPADDD ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1; VPADDD ·chacha20Constants<>(SB), AA2, AA2 + VPADDD state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1; VPADDD state1StoreAVX2, BB2, BB2 + VPADDD state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1; VPADDD state2StoreAVX2, CC2, CC2 + VPADDD ctr0StoreAVX2, DD0, DD0; VPADDD ctr1StoreAVX2, DD1, DD1; VPADDD ctr2StoreAVX2, DD2, DD2 + VPERM2I128 $0x02, AA0, BB0, TT0; VPERM2I128 $0x02, CC0, DD0, TT1; VPERM2I128 $0x13, AA0, BB0, TT2; VPERM2I128 $0x13, CC0, DD0, TT3 + VPXOR (0*32)(inp), TT0, TT0; VPXOR (1*32)(inp), TT1, TT1; VPXOR (2*32)(inp), TT2, TT2; VPXOR (3*32)(inp), TT3, TT3 + VMOVDQU TT0, (0*32)(oup); VMOVDQU TT1, (1*32)(oup); VMOVDQU TT2, (2*32)(oup); VMOVDQU TT3, (3*32)(oup) + VPERM2I128 $0x02, AA1, BB1, TT0; VPERM2I128 $0x02, CC1, DD1, TT1; VPERM2I128 $0x13, AA1, BB1, TT2; VPERM2I128 $0x13, CC1, DD1, TT3 + VPXOR (4*32)(inp), TT0, TT0; VPXOR (5*32)(inp), TT1, TT1; VPXOR (6*32)(inp), TT2, TT2; VPXOR (7*32)(inp), TT3, TT3 + VMOVDQU TT0, (4*32)(oup); VMOVDQU TT1, (5*32)(oup); VMOVDQU TT2, (6*32)(oup); VMOVDQU TT3, (7*32)(oup) + VPERM2I128 $0x02, AA2, BB2, AA0; VPERM2I128 $0x02, CC2, DD2, BB0; VPERM2I128 $0x13, AA2, BB2, CC0; VPERM2I128 $0x13, CC2, DD2, DD0 + LEAQ (8*32)(inp), inp + LEAQ (8*32)(oup), oup + SUBQ $8*32, inl + JMP openAVX2TailLoop + +// ---------------------------------------------------------------------------- +// Special optimization for the last 512 bytes of ciphertext +openAVX2Tail512: + VMOVDQU ·chacha20Constants<>(SB), AA0; VMOVDQA AA0, AA1; VMOVDQA AA0, AA2; VMOVDQA AA0, AA3 + VMOVDQA state1StoreAVX2, BB0; VMOVDQA BB0, BB1; VMOVDQA BB0, BB2; VMOVDQA BB0, BB3 + VMOVDQA state2StoreAVX2, CC0; VMOVDQA CC0, CC1; VMOVDQA CC0, CC2; VMOVDQA CC0, CC3 + VMOVDQA ctr3StoreAVX2, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD1; VPADDD ·avx2IncMask<>(SB), DD1, DD2; VPADDD ·avx2IncMask<>(SB), DD2, DD3 + VMOVDQA DD0, ctr0StoreAVX2; VMOVDQA DD1, ctr1StoreAVX2; VMOVDQA DD2, ctr2StoreAVX2; VMOVDQA DD3, ctr3StoreAVX2 + XORQ itr1, itr1 + MOVQ inp, itr2 + +openAVX2Tail512LoopB: + polyAdd(0(itr2)) + polyMulAVX2 + LEAQ (2*8)(itr2), itr2 + +openAVX2Tail512LoopA: + VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3 + VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3 + VPSHUFB ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3 + VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3 + VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3 + VMOVDQA CC3, tmpStoreAVX2 + VPSLLD $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0 + VPSLLD $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1 + VPSLLD $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2 + VPSLLD $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3 + VMOVDQA tmpStoreAVX2, CC3 + polyAdd(0*8(itr2)) + polyMulAVX2 + VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3 + VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3 + VPSHUFB ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), DD3, DD3 + VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3 + VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3 + VMOVDQA CC3, tmpStoreAVX2 + VPSLLD $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0 + VPSLLD $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1 + VPSLLD $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2 + VPSLLD $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3 + VMOVDQA tmpStoreAVX2, CC3 + VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $4, BB2, BB2, BB2; VPALIGNR $4, BB3, BB3, BB3 + VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $8, CC3, CC3, CC3 + VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1; VPALIGNR $12, DD2, DD2, DD2; VPALIGNR $12, DD3, DD3, DD3 + VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3 + VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3 + VPSHUFB ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3 + VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3 + VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3 + polyAdd(2*8(itr2)) + polyMulAVX2 + LEAQ (4*8)(itr2), itr2 + VMOVDQA CC3, tmpStoreAVX2 + VPSLLD $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0 + VPSLLD $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1 + VPSLLD $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2 + VPSLLD $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3 + VMOVDQA tmpStoreAVX2, CC3 + VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3 + VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3 + VPSHUFB ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), DD3, DD3 + VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3 + VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3 + VMOVDQA CC3, tmpStoreAVX2 + VPSLLD $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0 + VPSLLD $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1 + VPSLLD $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2 + VPSLLD $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3 + VMOVDQA tmpStoreAVX2, CC3 + VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $12, BB2, BB2, BB2; VPALIGNR $12, BB3, BB3, BB3 + VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $8, CC3, CC3, CC3 + VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1; VPALIGNR $4, DD2, DD2, DD2; VPALIGNR $4, DD3, DD3, DD3 + INCQ itr1 + CMPQ itr1, $4 + JLT openAVX2Tail512LoopB + + CMPQ itr1, $10 + JNE openAVX2Tail512LoopA + + MOVQ inl, itr1 + SUBQ $384, itr1 + ANDQ $-16, itr1 + +openAVX2Tail512HashLoop: + TESTQ itr1, itr1 + JE openAVX2Tail512HashEnd + polyAdd(0(itr2)) + polyMulAVX2 + LEAQ 16(itr2), itr2 + SUBQ $16, itr1 + JMP openAVX2Tail512HashLoop + +openAVX2Tail512HashEnd: + VPADDD ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1; VPADDD ·chacha20Constants<>(SB), AA2, AA2; VPADDD ·chacha20Constants<>(SB), AA3, AA3 + VPADDD state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1; VPADDD state1StoreAVX2, BB2, BB2; VPADDD state1StoreAVX2, BB3, BB3 + VPADDD state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1; VPADDD state2StoreAVX2, CC2, CC2; VPADDD state2StoreAVX2, CC3, CC3 + VPADDD ctr0StoreAVX2, DD0, DD0; VPADDD ctr1StoreAVX2, DD1, DD1; VPADDD ctr2StoreAVX2, DD2, DD2; VPADDD ctr3StoreAVX2, DD3, DD3 + VMOVDQA CC3, tmpStoreAVX2 + VPERM2I128 $0x02, AA0, BB0, CC3; VPERM2I128 $0x13, AA0, BB0, BB0; VPERM2I128 $0x02, CC0, DD0, AA0; VPERM2I128 $0x13, CC0, DD0, CC0 + VPXOR (0*32)(inp), CC3, CC3; VPXOR (1*32)(inp), AA0, AA0; VPXOR (2*32)(inp), BB0, BB0; VPXOR (3*32)(inp), CC0, CC0 + VMOVDQU CC3, (0*32)(oup); VMOVDQU AA0, (1*32)(oup); VMOVDQU BB0, (2*32)(oup); VMOVDQU CC0, (3*32)(oup) + VPERM2I128 $0x02, AA1, BB1, AA0; VPERM2I128 $0x02, CC1, DD1, BB0; VPERM2I128 $0x13, AA1, BB1, CC0; VPERM2I128 $0x13, CC1, DD1, DD0 + VPXOR (4*32)(inp), AA0, AA0; VPXOR (5*32)(inp), BB0, BB0; VPXOR (6*32)(inp), CC0, CC0; VPXOR (7*32)(inp), DD0, DD0 + VMOVDQU AA0, (4*32)(oup); VMOVDQU BB0, (5*32)(oup); VMOVDQU CC0, (6*32)(oup); VMOVDQU DD0, (7*32)(oup) + VPERM2I128 $0x02, AA2, BB2, AA0; VPERM2I128 $0x02, CC2, DD2, BB0; VPERM2I128 $0x13, AA2, BB2, CC0; VPERM2I128 $0x13, CC2, DD2, DD0 + VPXOR (8*32)(inp), AA0, AA0; VPXOR (9*32)(inp), BB0, BB0; VPXOR (10*32)(inp), CC0, CC0; VPXOR (11*32)(inp), DD0, DD0 + VMOVDQU AA0, (8*32)(oup); VMOVDQU BB0, (9*32)(oup); VMOVDQU CC0, (10*32)(oup); VMOVDQU DD0, (11*32)(oup) + VPERM2I128 $0x02, AA3, BB3, AA0; VPERM2I128 $0x02, tmpStoreAVX2, DD3, BB0; VPERM2I128 $0x13, AA3, BB3, CC0; VPERM2I128 $0x13, tmpStoreAVX2, DD3, DD0 + + LEAQ (12*32)(inp), inp + LEAQ (12*32)(oup), oup + SUBQ $12*32, inl + + JMP openAVX2TailLoop + +// ---------------------------------------------------------------------------- +// ---------------------------------------------------------------------------- +// func chacha20Poly1305Seal(dst, key, src, ad []byte) +TEXT ·chacha20Poly1305Seal(SB), 0, $288-96 + // For aligned stack access + MOVQ SP, BP + ADDQ $32, BP + ANDQ $-32, BP + MOVQ dst+0(FP), oup + MOVQ key+24(FP), keyp + MOVQ src+48(FP), inp + MOVQ src_len+56(FP), inl + MOVQ ad+72(FP), adp + + CMPB ·useAVX2(SB), $1 + JE chacha20Poly1305Seal_AVX2 + + // Special optimization, for very short buffers + CMPQ inl, $128 + JBE sealSSE128 // About 15% faster + + // In the seal case - prepare the poly key + 3 blocks of stream in the first iteration + MOVOU ·chacha20Constants<>(SB), A0 + MOVOU (1*16)(keyp), B0 + MOVOU (2*16)(keyp), C0 + MOVOU (3*16)(keyp), D0 + + // Store state on stack for future use + MOVO B0, state1Store + MOVO C0, state2Store + + // Load state, increment counter blocks + MOVO A0, A1; MOVO B0, B1; MOVO C0, C1; MOVO D0, D1; PADDL ·sseIncMask<>(SB), D1 + MOVO A1, A2; MOVO B1, B2; MOVO C1, C2; MOVO D1, D2; PADDL ·sseIncMask<>(SB), D2 + MOVO A2, A3; MOVO B2, B3; MOVO C2, C3; MOVO D2, D3; PADDL ·sseIncMask<>(SB), D3 + + // Store counters + MOVO D0, ctr0Store; MOVO D1, ctr1Store; MOVO D2, ctr2Store; MOVO D3, ctr3Store + MOVQ $10, itr2 + +sealSSEIntroLoop: + MOVO C3, tmpStore + chachaQR(A0, B0, C0, D0, C3); chachaQR(A1, B1, C1, D1, C3); chachaQR(A2, B2, C2, D2, C3) + MOVO tmpStore, C3 + MOVO C1, tmpStore + chachaQR(A3, B3, C3, D3, C1) + MOVO tmpStore, C1 + shiftB0Left; shiftB1Left; shiftB2Left; shiftB3Left + shiftC0Left; shiftC1Left; shiftC2Left; shiftC3Left + shiftD0Left; shiftD1Left; shiftD2Left; shiftD3Left + + MOVO C3, tmpStore + chachaQR(A0, B0, C0, D0, C3); chachaQR(A1, B1, C1, D1, C3); chachaQR(A2, B2, C2, D2, C3) + MOVO tmpStore, C3 + MOVO C1, tmpStore + chachaQR(A3, B3, C3, D3, C1) + MOVO tmpStore, C1 + shiftB0Right; shiftB1Right; shiftB2Right; shiftB3Right + shiftC0Right; shiftC1Right; shiftC2Right; shiftC3Right + shiftD0Right; shiftD1Right; shiftD2Right; shiftD3Right + DECQ itr2 + JNE sealSSEIntroLoop + + // Add in the state + PADDD ·chacha20Constants<>(SB), A0; PADDD ·chacha20Constants<>(SB), A1; PADDD ·chacha20Constants<>(SB), A2; PADDD ·chacha20Constants<>(SB), A3 + PADDD state1Store, B0; PADDD state1Store, B1; PADDD state1Store, B2; PADDD state1Store, B3 + PADDD state2Store, C1; PADDD state2Store, C2; PADDD state2Store, C3 + PADDD ctr1Store, D1; PADDD ctr2Store, D2; PADDD ctr3Store, D3 + + // Clamp and store the key + PAND ·polyClampMask<>(SB), A0 + MOVO A0, rStore + MOVO B0, sStore + + // Hash AAD + MOVQ ad_len+80(FP), itr2 + CALL polyHashADInternal<>(SB) + + MOVOU (0*16)(inp), A0; MOVOU (1*16)(inp), B0; MOVOU (2*16)(inp), C0; MOVOU (3*16)(inp), D0 + PXOR A0, A1; PXOR B0, B1; PXOR C0, C1; PXOR D0, D1 + MOVOU A1, (0*16)(oup); MOVOU B1, (1*16)(oup); MOVOU C1, (2*16)(oup); MOVOU D1, (3*16)(oup) + MOVOU (4*16)(inp), A0; MOVOU (5*16)(inp), B0; MOVOU (6*16)(inp), C0; MOVOU (7*16)(inp), D0 + PXOR A0, A2; PXOR B0, B2; PXOR C0, C2; PXOR D0, D2 + MOVOU A2, (4*16)(oup); MOVOU B2, (5*16)(oup); MOVOU C2, (6*16)(oup); MOVOU D2, (7*16)(oup) + + MOVQ $128, itr1 + SUBQ $128, inl + LEAQ 128(inp), inp + + MOVO A3, A1; MOVO B3, B1; MOVO C3, C1; MOVO D3, D1 + + CMPQ inl, $64 + JBE sealSSE128SealHash + + MOVOU (0*16)(inp), A0; MOVOU (1*16)(inp), B0; MOVOU (2*16)(inp), C0; MOVOU (3*16)(inp), D0 + PXOR A0, A3; PXOR B0, B3; PXOR C0, C3; PXOR D0, D3 + MOVOU A3, (8*16)(oup); MOVOU B3, (9*16)(oup); MOVOU C3, (10*16)(oup); MOVOU D3, (11*16)(oup) + + ADDQ $64, itr1 + SUBQ $64, inl + LEAQ 64(inp), inp + + MOVQ $2, itr1 + MOVQ $8, itr2 + + CMPQ inl, $64 + JBE sealSSETail64 + CMPQ inl, $128 + JBE sealSSETail128 + CMPQ inl, $192 + JBE sealSSETail192 + +sealSSEMainLoop: + // Load state, increment counter blocks + MOVO ·chacha20Constants<>(SB), A0; MOVO state1Store, B0; MOVO state2Store, C0; MOVO ctr3Store, D0; PADDL ·sseIncMask<>(SB), D0 + MOVO A0, A1; MOVO B0, B1; MOVO C0, C1; MOVO D0, D1; PADDL ·sseIncMask<>(SB), D1 + MOVO A1, A2; MOVO B1, B2; MOVO C1, C2; MOVO D1, D2; PADDL ·sseIncMask<>(SB), D2 + MOVO A2, A3; MOVO B2, B3; MOVO C2, C3; MOVO D2, D3; PADDL ·sseIncMask<>(SB), D3 + + // Store counters + MOVO D0, ctr0Store; MOVO D1, ctr1Store; MOVO D2, ctr2Store; MOVO D3, ctr3Store + +sealSSEInnerLoop: + MOVO C3, tmpStore + chachaQR(A0, B0, C0, D0, C3); chachaQR(A1, B1, C1, D1, C3); chachaQR(A2, B2, C2, D2, C3) + MOVO tmpStore, C3 + MOVO C1, tmpStore + chachaQR(A3, B3, C3, D3, C1) + MOVO tmpStore, C1 + polyAdd(0(oup)) + shiftB0Left; shiftB1Left; shiftB2Left; shiftB3Left + shiftC0Left; shiftC1Left; shiftC2Left; shiftC3Left + shiftD0Left; shiftD1Left; shiftD2Left; shiftD3Left + polyMulStage1 + polyMulStage2 + LEAQ (2*8)(oup), oup + MOVO C3, tmpStore + chachaQR(A0, B0, C0, D0, C3); chachaQR(A1, B1, C1, D1, C3); chachaQR(A2, B2, C2, D2, C3) + MOVO tmpStore, C3 + MOVO C1, tmpStore + polyMulStage3 + chachaQR(A3, B3, C3, D3, C1) + MOVO tmpStore, C1 + polyMulReduceStage + shiftB0Right; shiftB1Right; shiftB2Right; shiftB3Right + shiftC0Right; shiftC1Right; shiftC2Right; shiftC3Right + shiftD0Right; shiftD1Right; shiftD2Right; shiftD3Right + DECQ itr2 + JGE sealSSEInnerLoop + polyAdd(0(oup)) + polyMul + LEAQ (2*8)(oup), oup + DECQ itr1 + JG sealSSEInnerLoop + + // Add in the state + PADDD ·chacha20Constants<>(SB), A0; PADDD ·chacha20Constants<>(SB), A1; PADDD ·chacha20Constants<>(SB), A2; PADDD ·chacha20Constants<>(SB), A3 + PADDD state1Store, B0; PADDD state1Store, B1; PADDD state1Store, B2; PADDD state1Store, B3 + PADDD state2Store, C0; PADDD state2Store, C1; PADDD state2Store, C2; PADDD state2Store, C3 + PADDD ctr0Store, D0; PADDD ctr1Store, D1; PADDD ctr2Store, D2; PADDD ctr3Store, D3 + MOVO D3, tmpStore + + // Load - xor - store + MOVOU (0*16)(inp), D3; PXOR D3, A0 + MOVOU (1*16)(inp), D3; PXOR D3, B0 + MOVOU (2*16)(inp), D3; PXOR D3, C0 + MOVOU (3*16)(inp), D3; PXOR D3, D0 + MOVOU A0, (0*16)(oup) + MOVOU B0, (1*16)(oup) + MOVOU C0, (2*16)(oup) + MOVOU D0, (3*16)(oup) + MOVO tmpStore, D3 + + MOVOU (4*16)(inp), A0; MOVOU (5*16)(inp), B0; MOVOU (6*16)(inp), C0; MOVOU (7*16)(inp), D0 + PXOR A0, A1; PXOR B0, B1; PXOR C0, C1; PXOR D0, D1 + MOVOU A1, (4*16)(oup); MOVOU B1, (5*16)(oup); MOVOU C1, (6*16)(oup); MOVOU D1, (7*16)(oup) + MOVOU (8*16)(inp), A0; MOVOU (9*16)(inp), B0; MOVOU (10*16)(inp), C0; MOVOU (11*16)(inp), D0 + PXOR A0, A2; PXOR B0, B2; PXOR C0, C2; PXOR D0, D2 + MOVOU A2, (8*16)(oup); MOVOU B2, (9*16)(oup); MOVOU C2, (10*16)(oup); MOVOU D2, (11*16)(oup) + ADDQ $192, inp + MOVQ $192, itr1 + SUBQ $192, inl + MOVO A3, A1 + MOVO B3, B1 + MOVO C3, C1 + MOVO D3, D1 + CMPQ inl, $64 + JBE sealSSE128SealHash + MOVOU (0*16)(inp), A0; MOVOU (1*16)(inp), B0; MOVOU (2*16)(inp), C0; MOVOU (3*16)(inp), D0 + PXOR A0, A3; PXOR B0, B3; PXOR C0, C3; PXOR D0, D3 + MOVOU A3, (12*16)(oup); MOVOU B3, (13*16)(oup); MOVOU C3, (14*16)(oup); MOVOU D3, (15*16)(oup) + LEAQ 64(inp), inp + SUBQ $64, inl + MOVQ $6, itr1 + MOVQ $4, itr2 + CMPQ inl, $192 + JG sealSSEMainLoop + + MOVQ inl, itr1 + TESTQ inl, inl + JE sealSSE128SealHash + MOVQ $6, itr1 + CMPQ inl, $64 + JBE sealSSETail64 + CMPQ inl, $128 + JBE sealSSETail128 + JMP sealSSETail192 + +// ---------------------------------------------------------------------------- +// Special optimization for the last 64 bytes of plaintext +sealSSETail64: + // Need to encrypt up to 64 bytes - prepare single block, hash 192 or 256 bytes + MOVO ·chacha20Constants<>(SB), A1 + MOVO state1Store, B1 + MOVO state2Store, C1 + MOVO ctr3Store, D1 + PADDL ·sseIncMask<>(SB), D1 + MOVO D1, ctr0Store + +sealSSETail64LoopA: + // Perform ChaCha rounds, while hashing the previously encrypted ciphertext + polyAdd(0(oup)) + polyMul + LEAQ 16(oup), oup + +sealSSETail64LoopB: + chachaQR(A1, B1, C1, D1, T1) + shiftB1Left; shiftC1Left; shiftD1Left + chachaQR(A1, B1, C1, D1, T1) + shiftB1Right; shiftC1Right; shiftD1Right + polyAdd(0(oup)) + polyMul + LEAQ 16(oup), oup + + DECQ itr1 + JG sealSSETail64LoopA + + DECQ itr2 + JGE sealSSETail64LoopB + PADDL ·chacha20Constants<>(SB), A1 + PADDL state1Store, B1 + PADDL state2Store, C1 + PADDL ctr0Store, D1 + + JMP sealSSE128Seal + +// ---------------------------------------------------------------------------- +// Special optimization for the last 128 bytes of plaintext +sealSSETail128: + // Need to encrypt up to 128 bytes - prepare two blocks, hash 192 or 256 bytes + MOVO ·chacha20Constants<>(SB), A0; MOVO state1Store, B0; MOVO state2Store, C0; MOVO ctr3Store, D0; PADDL ·sseIncMask<>(SB), D0; MOVO D0, ctr0Store + MOVO A0, A1; MOVO B0, B1; MOVO C0, C1; MOVO D0, D1; PADDL ·sseIncMask<>(SB), D1; MOVO D1, ctr1Store + +sealSSETail128LoopA: + // Perform ChaCha rounds, while hashing the previously encrypted ciphertext + polyAdd(0(oup)) + polyMul + LEAQ 16(oup), oup + +sealSSETail128LoopB: + chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0) + shiftB0Left; shiftC0Left; shiftD0Left + shiftB1Left; shiftC1Left; shiftD1Left + polyAdd(0(oup)) + polyMul + LEAQ 16(oup), oup + chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0) + shiftB0Right; shiftC0Right; shiftD0Right + shiftB1Right; shiftC1Right; shiftD1Right + + DECQ itr1 + JG sealSSETail128LoopA + + DECQ itr2 + JGE sealSSETail128LoopB + + PADDL ·chacha20Constants<>(SB), A0; PADDL ·chacha20Constants<>(SB), A1 + PADDL state1Store, B0; PADDL state1Store, B1 + PADDL state2Store, C0; PADDL state2Store, C1 + PADDL ctr0Store, D0; PADDL ctr1Store, D1 + + MOVOU (0*16)(inp), T0; MOVOU (1*16)(inp), T1; MOVOU (2*16)(inp), T2; MOVOU (3*16)(inp), T3 + PXOR T0, A0; PXOR T1, B0; PXOR T2, C0; PXOR T3, D0 + MOVOU A0, (0*16)(oup); MOVOU B0, (1*16)(oup); MOVOU C0, (2*16)(oup); MOVOU D0, (3*16)(oup) + + MOVQ $64, itr1 + LEAQ 64(inp), inp + SUBQ $64, inl + + JMP sealSSE128SealHash + +// ---------------------------------------------------------------------------- +// Special optimization for the last 192 bytes of plaintext +sealSSETail192: + // Need to encrypt up to 192 bytes - prepare three blocks, hash 192 or 256 bytes + MOVO ·chacha20Constants<>(SB), A0; MOVO state1Store, B0; MOVO state2Store, C0; MOVO ctr3Store, D0; PADDL ·sseIncMask<>(SB), D0; MOVO D0, ctr0Store + MOVO A0, A1; MOVO B0, B1; MOVO C0, C1; MOVO D0, D1; PADDL ·sseIncMask<>(SB), D1; MOVO D1, ctr1Store + MOVO A1, A2; MOVO B1, B2; MOVO C1, C2; MOVO D1, D2; PADDL ·sseIncMask<>(SB), D2; MOVO D2, ctr2Store + +sealSSETail192LoopA: + // Perform ChaCha rounds, while hashing the previously encrypted ciphertext + polyAdd(0(oup)) + polyMul + LEAQ 16(oup), oup + +sealSSETail192LoopB: + chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0); chachaQR(A2, B2, C2, D2, T0) + shiftB0Left; shiftC0Left; shiftD0Left + shiftB1Left; shiftC1Left; shiftD1Left + shiftB2Left; shiftC2Left; shiftD2Left + + polyAdd(0(oup)) + polyMul + LEAQ 16(oup), oup + + chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0); chachaQR(A2, B2, C2, D2, T0) + shiftB0Right; shiftC0Right; shiftD0Right + shiftB1Right; shiftC1Right; shiftD1Right + shiftB2Right; shiftC2Right; shiftD2Right + + DECQ itr1 + JG sealSSETail192LoopA + + DECQ itr2 + JGE sealSSETail192LoopB + + PADDL ·chacha20Constants<>(SB), A0; PADDL ·chacha20Constants<>(SB), A1; PADDL ·chacha20Constants<>(SB), A2 + PADDL state1Store, B0; PADDL state1Store, B1; PADDL state1Store, B2 + PADDL state2Store, C0; PADDL state2Store, C1; PADDL state2Store, C2 + PADDL ctr0Store, D0; PADDL ctr1Store, D1; PADDL ctr2Store, D2 + + MOVOU (0*16)(inp), T0; MOVOU (1*16)(inp), T1; MOVOU (2*16)(inp), T2; MOVOU (3*16)(inp), T3 + PXOR T0, A0; PXOR T1, B0; PXOR T2, C0; PXOR T3, D0 + MOVOU A0, (0*16)(oup); MOVOU B0, (1*16)(oup); MOVOU C0, (2*16)(oup); MOVOU D0, (3*16)(oup) + MOVOU (4*16)(inp), T0; MOVOU (5*16)(inp), T1; MOVOU (6*16)(inp), T2; MOVOU (7*16)(inp), T3 + PXOR T0, A1; PXOR T1, B1; PXOR T2, C1; PXOR T3, D1 + MOVOU A1, (4*16)(oup); MOVOU B1, (5*16)(oup); MOVOU C1, (6*16)(oup); MOVOU D1, (7*16)(oup) + + MOVO A2, A1 + MOVO B2, B1 + MOVO C2, C1 + MOVO D2, D1 + MOVQ $128, itr1 + LEAQ 128(inp), inp + SUBQ $128, inl + + JMP sealSSE128SealHash + +// ---------------------------------------------------------------------------- +// Special seal optimization for buffers smaller than 129 bytes +sealSSE128: + // For up to 128 bytes of ciphertext and 64 bytes for the poly key, we require to process three blocks + MOVOU ·chacha20Constants<>(SB), A0; MOVOU (1*16)(keyp), B0; MOVOU (2*16)(keyp), C0; MOVOU (3*16)(keyp), D0 + MOVO A0, A1; MOVO B0, B1; MOVO C0, C1; MOVO D0, D1; PADDL ·sseIncMask<>(SB), D1 + MOVO A1, A2; MOVO B1, B2; MOVO C1, C2; MOVO D1, D2; PADDL ·sseIncMask<>(SB), D2 + MOVO B0, T1; MOVO C0, T2; MOVO D1, T3 + MOVQ $10, itr2 + +sealSSE128InnerCipherLoop: + chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0); chachaQR(A2, B2, C2, D2, T0) + shiftB0Left; shiftB1Left; shiftB2Left + shiftC0Left; shiftC1Left; shiftC2Left + shiftD0Left; shiftD1Left; shiftD2Left + chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0); chachaQR(A2, B2, C2, D2, T0) + shiftB0Right; shiftB1Right; shiftB2Right + shiftC0Right; shiftC1Right; shiftC2Right + shiftD0Right; shiftD1Right; shiftD2Right + DECQ itr2 + JNE sealSSE128InnerCipherLoop + + // A0|B0 hold the Poly1305 32-byte key, C0,D0 can be discarded + PADDL ·chacha20Constants<>(SB), A0; PADDL ·chacha20Constants<>(SB), A1; PADDL ·chacha20Constants<>(SB), A2 + PADDL T1, B0; PADDL T1, B1; PADDL T1, B2 + PADDL T2, C1; PADDL T2, C2 + PADDL T3, D1; PADDL ·sseIncMask<>(SB), T3; PADDL T3, D2 + PAND ·polyClampMask<>(SB), A0 + MOVOU A0, rStore + MOVOU B0, sStore + + // Hash + MOVQ ad_len+80(FP), itr2 + CALL polyHashADInternal<>(SB) + XORQ itr1, itr1 + +sealSSE128SealHash: + // itr1 holds the number of bytes encrypted but not yet hashed + CMPQ itr1, $16 + JB sealSSE128Seal + polyAdd(0(oup)) + polyMul + + SUBQ $16, itr1 + ADDQ $16, oup + + JMP sealSSE128SealHash + +sealSSE128Seal: + CMPQ inl, $16 + JB sealSSETail + SUBQ $16, inl + + // Load for decryption + MOVOU (inp), T0 + PXOR T0, A1 + MOVOU A1, (oup) + LEAQ (1*16)(inp), inp + LEAQ (1*16)(oup), oup + + // Extract for hashing + MOVQ A1, t0 + PSRLDQ $8, A1 + MOVQ A1, t1 + ADDQ t0, acc0; ADCQ t1, acc1; ADCQ $1, acc2 + polyMul + + // Shift the stream "left" + MOVO B1, A1 + MOVO C1, B1 + MOVO D1, C1 + MOVO A2, D1 + MOVO B2, A2 + MOVO C2, B2 + MOVO D2, C2 + JMP sealSSE128Seal + +sealSSETail: + TESTQ inl, inl + JE sealSSEFinalize + + // We can only load the PT one byte at a time to avoid read after end of buffer + MOVQ inl, itr2 + SHLQ $4, itr2 + LEAQ ·andMask<>(SB), t0 + MOVQ inl, itr1 + LEAQ -1(inp)(inl*1), inp + XORQ t2, t2 + XORQ t3, t3 + XORQ AX, AX + +sealSSETailLoadLoop: + SHLQ $8, t2, t3 + SHLQ $8, t2 + MOVB (inp), AX + XORQ AX, t2 + LEAQ -1(inp), inp + DECQ itr1 + JNE sealSSETailLoadLoop + MOVQ t2, 0+tmpStore + MOVQ t3, 8+tmpStore + PXOR 0+tmpStore, A1 + MOVOU A1, (oup) + MOVOU -16(t0)(itr2*1), T0 + PAND T0, A1 + MOVQ A1, t0 + PSRLDQ $8, A1 + MOVQ A1, t1 + ADDQ t0, acc0; ADCQ t1, acc1; ADCQ $1, acc2 + polyMul + + ADDQ inl, oup + +sealSSEFinalize: + // Hash in the buffer lengths + ADDQ ad_len+80(FP), acc0 + ADCQ src_len+56(FP), acc1 + ADCQ $1, acc2 + polyMul + + // Final reduce + MOVQ acc0, t0 + MOVQ acc1, t1 + MOVQ acc2, t2 + SUBQ $-5, acc0 + SBBQ $-1, acc1 + SBBQ $3, acc2 + CMOVQCS t0, acc0 + CMOVQCS t1, acc1 + CMOVQCS t2, acc2 + + // Add in the "s" part of the key + ADDQ 0+sStore, acc0 + ADCQ 8+sStore, acc1 + + // Finally store the tag at the end of the message + MOVQ acc0, (0*8)(oup) + MOVQ acc1, (1*8)(oup) + RET + +// ---------------------------------------------------------------------------- +// ------------------------- AVX2 Code ---------------------------------------- +chacha20Poly1305Seal_AVX2: + VZEROUPPER + VMOVDQU ·chacha20Constants<>(SB), AA0 + BYTE $0xc4; BYTE $0x42; BYTE $0x7d; BYTE $0x5a; BYTE $0x70; BYTE $0x10 // broadcasti128 16(r8), ymm14 + BYTE $0xc4; BYTE $0x42; BYTE $0x7d; BYTE $0x5a; BYTE $0x60; BYTE $0x20 // broadcasti128 32(r8), ymm12 + BYTE $0xc4; BYTE $0xc2; BYTE $0x7d; BYTE $0x5a; BYTE $0x60; BYTE $0x30 // broadcasti128 48(r8), ymm4 + VPADDD ·avx2InitMask<>(SB), DD0, DD0 + + // Special optimizations, for very short buffers + CMPQ inl, $192 + JBE seal192AVX2 // 33% faster + CMPQ inl, $320 + JBE seal320AVX2 // 17% faster + + // For the general key prepare the key first - as a byproduct we have 64 bytes of cipher stream + VMOVDQA AA0, AA1; VMOVDQA AA0, AA2; VMOVDQA AA0, AA3 + VMOVDQA BB0, BB1; VMOVDQA BB0, BB2; VMOVDQA BB0, BB3; VMOVDQA BB0, state1StoreAVX2 + VMOVDQA CC0, CC1; VMOVDQA CC0, CC2; VMOVDQA CC0, CC3; VMOVDQA CC0, state2StoreAVX2 + VPADDD ·avx2IncMask<>(SB), DD0, DD1; VMOVDQA DD0, ctr0StoreAVX2 + VPADDD ·avx2IncMask<>(SB), DD1, DD2; VMOVDQA DD1, ctr1StoreAVX2 + VPADDD ·avx2IncMask<>(SB), DD2, DD3; VMOVDQA DD2, ctr2StoreAVX2 + VMOVDQA DD3, ctr3StoreAVX2 + MOVQ $10, itr2 + +sealAVX2IntroLoop: + VMOVDQA CC3, tmpStoreAVX2 + chachaQR_AVX2(AA0, BB0, CC0, DD0, CC3); chachaQR_AVX2(AA1, BB1, CC1, DD1, CC3); chachaQR_AVX2(AA2, BB2, CC2, DD2, CC3) + VMOVDQA tmpStoreAVX2, CC3 + VMOVDQA CC1, tmpStoreAVX2 + chachaQR_AVX2(AA3, BB3, CC3, DD3, CC1) + VMOVDQA tmpStoreAVX2, CC1 + + VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $12, DD0, DD0, DD0 + VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $12, DD1, DD1, DD1 + VPALIGNR $4, BB2, BB2, BB2; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $12, DD2, DD2, DD2 + VPALIGNR $4, BB3, BB3, BB3; VPALIGNR $8, CC3, CC3, CC3; VPALIGNR $12, DD3, DD3, DD3 + + VMOVDQA CC3, tmpStoreAVX2 + chachaQR_AVX2(AA0, BB0, CC0, DD0, CC3); chachaQR_AVX2(AA1, BB1, CC1, DD1, CC3); chachaQR_AVX2(AA2, BB2, CC2, DD2, CC3) + VMOVDQA tmpStoreAVX2, CC3 + VMOVDQA CC1, tmpStoreAVX2 + chachaQR_AVX2(AA3, BB3, CC3, DD3, CC1) + VMOVDQA tmpStoreAVX2, CC1 + + VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $4, DD0, DD0, DD0 + VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $4, DD1, DD1, DD1 + VPALIGNR $12, BB2, BB2, BB2; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $4, DD2, DD2, DD2 + VPALIGNR $12, BB3, BB3, BB3; VPALIGNR $8, CC3, CC3, CC3; VPALIGNR $4, DD3, DD3, DD3 + DECQ itr2 + JNE sealAVX2IntroLoop + + VPADDD ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1; VPADDD ·chacha20Constants<>(SB), AA2, AA2; VPADDD ·chacha20Constants<>(SB), AA3, AA3 + VPADDD state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1; VPADDD state1StoreAVX2, BB2, BB2; VPADDD state1StoreAVX2, BB3, BB3 + VPADDD state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1; VPADDD state2StoreAVX2, CC2, CC2; VPADDD state2StoreAVX2, CC3, CC3 + VPADDD ctr0StoreAVX2, DD0, DD0; VPADDD ctr1StoreAVX2, DD1, DD1; VPADDD ctr2StoreAVX2, DD2, DD2; VPADDD ctr3StoreAVX2, DD3, DD3 + + VPERM2I128 $0x13, CC0, DD0, CC0 // Stream bytes 96 - 127 + VPERM2I128 $0x02, AA0, BB0, DD0 // The Poly1305 key + VPERM2I128 $0x13, AA0, BB0, AA0 // Stream bytes 64 - 95 + + // Clamp and store poly key + VPAND ·polyClampMask<>(SB), DD0, DD0 + VMOVDQA DD0, rsStoreAVX2 + + // Hash AD + MOVQ ad_len+80(FP), itr2 + CALL polyHashADInternal<>(SB) + + // Can store at least 320 bytes + VPXOR (0*32)(inp), AA0, AA0 + VPXOR (1*32)(inp), CC0, CC0 + VMOVDQU AA0, (0*32)(oup) + VMOVDQU CC0, (1*32)(oup) + + VPERM2I128 $0x02, AA1, BB1, AA0; VPERM2I128 $0x02, CC1, DD1, BB0; VPERM2I128 $0x13, AA1, BB1, CC0; VPERM2I128 $0x13, CC1, DD1, DD0 + VPXOR (2*32)(inp), AA0, AA0; VPXOR (3*32)(inp), BB0, BB0; VPXOR (4*32)(inp), CC0, CC0; VPXOR (5*32)(inp), DD0, DD0 + VMOVDQU AA0, (2*32)(oup); VMOVDQU BB0, (3*32)(oup); VMOVDQU CC0, (4*32)(oup); VMOVDQU DD0, (5*32)(oup) + VPERM2I128 $0x02, AA2, BB2, AA0; VPERM2I128 $0x02, CC2, DD2, BB0; VPERM2I128 $0x13, AA2, BB2, CC0; VPERM2I128 $0x13, CC2, DD2, DD0 + VPXOR (6*32)(inp), AA0, AA0; VPXOR (7*32)(inp), BB0, BB0; VPXOR (8*32)(inp), CC0, CC0; VPXOR (9*32)(inp), DD0, DD0 + VMOVDQU AA0, (6*32)(oup); VMOVDQU BB0, (7*32)(oup); VMOVDQU CC0, (8*32)(oup); VMOVDQU DD0, (9*32)(oup) + + MOVQ $320, itr1 + SUBQ $320, inl + LEAQ 320(inp), inp + + VPERM2I128 $0x02, AA3, BB3, AA0; VPERM2I128 $0x02, CC3, DD3, BB0; VPERM2I128 $0x13, AA3, BB3, CC0; VPERM2I128 $0x13, CC3, DD3, DD0 + CMPQ inl, $128 + JBE sealAVX2SealHash + + VPXOR (0*32)(inp), AA0, AA0; VPXOR (1*32)(inp), BB0, BB0; VPXOR (2*32)(inp), CC0, CC0; VPXOR (3*32)(inp), DD0, DD0 + VMOVDQU AA0, (10*32)(oup); VMOVDQU BB0, (11*32)(oup); VMOVDQU CC0, (12*32)(oup); VMOVDQU DD0, (13*32)(oup) + SUBQ $128, inl + LEAQ 128(inp), inp + + MOVQ $8, itr1 + MOVQ $2, itr2 + + CMPQ inl, $128 + JBE sealAVX2Tail128 + CMPQ inl, $256 + JBE sealAVX2Tail256 + CMPQ inl, $384 + JBE sealAVX2Tail384 + CMPQ inl, $512 + JBE sealAVX2Tail512 + + // We have 448 bytes to hash, but main loop hashes 512 bytes at a time - perform some rounds, before the main loop + VMOVDQA ·chacha20Constants<>(SB), AA0; VMOVDQA AA0, AA1; VMOVDQA AA0, AA2; VMOVDQA AA0, AA3 + VMOVDQA state1StoreAVX2, BB0; VMOVDQA BB0, BB1; VMOVDQA BB0, BB2; VMOVDQA BB0, BB3 + VMOVDQA state2StoreAVX2, CC0; VMOVDQA CC0, CC1; VMOVDQA CC0, CC2; VMOVDQA CC0, CC3 + VMOVDQA ctr3StoreAVX2, DD0 + VPADDD ·avx2IncMask<>(SB), DD0, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD1; VPADDD ·avx2IncMask<>(SB), DD1, DD2; VPADDD ·avx2IncMask<>(SB), DD2, DD3 + VMOVDQA DD0, ctr0StoreAVX2; VMOVDQA DD1, ctr1StoreAVX2; VMOVDQA DD2, ctr2StoreAVX2; VMOVDQA DD3, ctr3StoreAVX2 + + VMOVDQA CC3, tmpStoreAVX2 + chachaQR_AVX2(AA0, BB0, CC0, DD0, CC3); chachaQR_AVX2(AA1, BB1, CC1, DD1, CC3); chachaQR_AVX2(AA2, BB2, CC2, DD2, CC3) + VMOVDQA tmpStoreAVX2, CC3 + VMOVDQA CC1, tmpStoreAVX2 + chachaQR_AVX2(AA3, BB3, CC3, DD3, CC1) + VMOVDQA tmpStoreAVX2, CC1 + + VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $12, DD0, DD0, DD0 + VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $12, DD1, DD1, DD1 + VPALIGNR $4, BB2, BB2, BB2; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $12, DD2, DD2, DD2 + VPALIGNR $4, BB3, BB3, BB3; VPALIGNR $8, CC3, CC3, CC3; VPALIGNR $12, DD3, DD3, DD3 + + VMOVDQA CC3, tmpStoreAVX2 + chachaQR_AVX2(AA0, BB0, CC0, DD0, CC3); chachaQR_AVX2(AA1, BB1, CC1, DD1, CC3); chachaQR_AVX2(AA2, BB2, CC2, DD2, CC3) + VMOVDQA tmpStoreAVX2, CC3 + VMOVDQA CC1, tmpStoreAVX2 + chachaQR_AVX2(AA3, BB3, CC3, DD3, CC1) + VMOVDQA tmpStoreAVX2, CC1 + + VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $4, DD0, DD0, DD0 + VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $4, DD1, DD1, DD1 + VPALIGNR $12, BB2, BB2, BB2; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $4, DD2, DD2, DD2 + VPALIGNR $12, BB3, BB3, BB3; VPALIGNR $8, CC3, CC3, CC3; VPALIGNR $4, DD3, DD3, DD3 + VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3 + VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3 + VPSHUFB ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3 + VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3 + VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3 + VMOVDQA CC3, tmpStoreAVX2 + VPSLLD $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0 + VPSLLD $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1 + VPSLLD $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2 + VPSLLD $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3 + VMOVDQA tmpStoreAVX2, CC3 + + SUBQ $16, oup // Adjust the pointer + MOVQ $9, itr1 + JMP sealAVX2InternalLoopStart + +sealAVX2MainLoop: + // Load state, increment counter blocks, store the incremented counters + VMOVDQU ·chacha20Constants<>(SB), AA0; VMOVDQA AA0, AA1; VMOVDQA AA0, AA2; VMOVDQA AA0, AA3 + VMOVDQA state1StoreAVX2, BB0; VMOVDQA BB0, BB1; VMOVDQA BB0, BB2; VMOVDQA BB0, BB3 + VMOVDQA state2StoreAVX2, CC0; VMOVDQA CC0, CC1; VMOVDQA CC0, CC2; VMOVDQA CC0, CC3 + VMOVDQA ctr3StoreAVX2, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD1; VPADDD ·avx2IncMask<>(SB), DD1, DD2; VPADDD ·avx2IncMask<>(SB), DD2, DD3 + VMOVDQA DD0, ctr0StoreAVX2; VMOVDQA DD1, ctr1StoreAVX2; VMOVDQA DD2, ctr2StoreAVX2; VMOVDQA DD3, ctr3StoreAVX2 + MOVQ $10, itr1 + +sealAVX2InternalLoop: + polyAdd(0*8(oup)) + VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3 + polyMulStage1_AVX2 + VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3 + VPSHUFB ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3 + polyMulStage2_AVX2 + VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3 + VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3 + polyMulStage3_AVX2 + VMOVDQA CC3, tmpStoreAVX2 + VPSLLD $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0 + VPSLLD $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1 + VPSLLD $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2 + VPSLLD $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3 + VMOVDQA tmpStoreAVX2, CC3 + polyMulReduceStage + +sealAVX2InternalLoopStart: + VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3 + VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3 + VPSHUFB ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), DD3, DD3 + polyAdd(2*8(oup)) + VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3 + polyMulStage1_AVX2 + VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3 + VMOVDQA CC3, tmpStoreAVX2 + VPSLLD $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0 + VPSLLD $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1 + VPSLLD $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2 + VPSLLD $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3 + VMOVDQA tmpStoreAVX2, CC3 + polyMulStage2_AVX2 + VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $4, BB2, BB2, BB2; VPALIGNR $4, BB3, BB3, BB3 + VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $8, CC3, CC3, CC3 + VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1; VPALIGNR $12, DD2, DD2, DD2; VPALIGNR $12, DD3, DD3, DD3 + VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3 + polyMulStage3_AVX2 + VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3 + VPSHUFB ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3 + polyMulReduceStage + VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3 + VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3 + polyAdd(4*8(oup)) + LEAQ (6*8)(oup), oup + VMOVDQA CC3, tmpStoreAVX2 + VPSLLD $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0 + VPSLLD $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1 + VPSLLD $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2 + VPSLLD $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3 + VMOVDQA tmpStoreAVX2, CC3 + polyMulStage1_AVX2 + VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3 + VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3 + polyMulStage2_AVX2 + VPSHUFB ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), DD3, DD3 + VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3 + polyMulStage3_AVX2 + VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3 + VMOVDQA CC3, tmpStoreAVX2 + VPSLLD $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0 + VPSLLD $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1 + VPSLLD $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2 + VPSLLD $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3 + VMOVDQA tmpStoreAVX2, CC3 + polyMulReduceStage + VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $12, BB2, BB2, BB2; VPALIGNR $12, BB3, BB3, BB3 + VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $8, CC3, CC3, CC3 + VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1; VPALIGNR $4, DD2, DD2, DD2; VPALIGNR $4, DD3, DD3, DD3 + DECQ itr1 + JNE sealAVX2InternalLoop + + VPADDD ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1; VPADDD ·chacha20Constants<>(SB), AA2, AA2; VPADDD ·chacha20Constants<>(SB), AA3, AA3 + VPADDD state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1; VPADDD state1StoreAVX2, BB2, BB2; VPADDD state1StoreAVX2, BB3, BB3 + VPADDD state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1; VPADDD state2StoreAVX2, CC2, CC2; VPADDD state2StoreAVX2, CC3, CC3 + VPADDD ctr0StoreAVX2, DD0, DD0; VPADDD ctr1StoreAVX2, DD1, DD1; VPADDD ctr2StoreAVX2, DD2, DD2; VPADDD ctr3StoreAVX2, DD3, DD3 + VMOVDQA CC3, tmpStoreAVX2 + + // We only hashed 480 of the 512 bytes available - hash the remaining 32 here + polyAdd(0*8(oup)) + polyMulAVX2 + LEAQ (4*8)(oup), oup + VPERM2I128 $0x02, AA0, BB0, CC3; VPERM2I128 $0x13, AA0, BB0, BB0; VPERM2I128 $0x02, CC0, DD0, AA0; VPERM2I128 $0x13, CC0, DD0, CC0 + VPXOR (0*32)(inp), CC3, CC3; VPXOR (1*32)(inp), AA0, AA0; VPXOR (2*32)(inp), BB0, BB0; VPXOR (3*32)(inp), CC0, CC0 + VMOVDQU CC3, (0*32)(oup); VMOVDQU AA0, (1*32)(oup); VMOVDQU BB0, (2*32)(oup); VMOVDQU CC0, (3*32)(oup) + VPERM2I128 $0x02, AA1, BB1, AA0; VPERM2I128 $0x02, CC1, DD1, BB0; VPERM2I128 $0x13, AA1, BB1, CC0; VPERM2I128 $0x13, CC1, DD1, DD0 + VPXOR (4*32)(inp), AA0, AA0; VPXOR (5*32)(inp), BB0, BB0; VPXOR (6*32)(inp), CC0, CC0; VPXOR (7*32)(inp), DD0, DD0 + VMOVDQU AA0, (4*32)(oup); VMOVDQU BB0, (5*32)(oup); VMOVDQU CC0, (6*32)(oup); VMOVDQU DD0, (7*32)(oup) + + // and here + polyAdd(-2*8(oup)) + polyMulAVX2 + VPERM2I128 $0x02, AA2, BB2, AA0; VPERM2I128 $0x02, CC2, DD2, BB0; VPERM2I128 $0x13, AA2, BB2, CC0; VPERM2I128 $0x13, CC2, DD2, DD0 + VPXOR (8*32)(inp), AA0, AA0; VPXOR (9*32)(inp), BB0, BB0; VPXOR (10*32)(inp), CC0, CC0; VPXOR (11*32)(inp), DD0, DD0 + VMOVDQU AA0, (8*32)(oup); VMOVDQU BB0, (9*32)(oup); VMOVDQU CC0, (10*32)(oup); VMOVDQU DD0, (11*32)(oup) + VPERM2I128 $0x02, AA3, BB3, AA0; VPERM2I128 $0x02, tmpStoreAVX2, DD3, BB0; VPERM2I128 $0x13, AA3, BB3, CC0; VPERM2I128 $0x13, tmpStoreAVX2, DD3, DD0 + VPXOR (12*32)(inp), AA0, AA0; VPXOR (13*32)(inp), BB0, BB0; VPXOR (14*32)(inp), CC0, CC0; VPXOR (15*32)(inp), DD0, DD0 + VMOVDQU AA0, (12*32)(oup); VMOVDQU BB0, (13*32)(oup); VMOVDQU CC0, (14*32)(oup); VMOVDQU DD0, (15*32)(oup) + LEAQ (32*16)(inp), inp + SUBQ $(32*16), inl + CMPQ inl, $512 + JG sealAVX2MainLoop + + // Tail can only hash 480 bytes + polyAdd(0*8(oup)) + polyMulAVX2 + polyAdd(2*8(oup)) + polyMulAVX2 + LEAQ 32(oup), oup + + MOVQ $10, itr1 + MOVQ $0, itr2 + CMPQ inl, $128 + JBE sealAVX2Tail128 + CMPQ inl, $256 + JBE sealAVX2Tail256 + CMPQ inl, $384 + JBE sealAVX2Tail384 + JMP sealAVX2Tail512 + +// ---------------------------------------------------------------------------- +// Special optimization for buffers smaller than 193 bytes +seal192AVX2: + // For up to 192 bytes of ciphertext and 64 bytes for the poly key, we process four blocks + VMOVDQA AA0, AA1 + VMOVDQA BB0, BB1 + VMOVDQA CC0, CC1 + VPADDD ·avx2IncMask<>(SB), DD0, DD1 + VMOVDQA AA0, AA2 + VMOVDQA BB0, BB2 + VMOVDQA CC0, CC2 + VMOVDQA DD0, DD2 + VMOVDQA DD1, TT3 + MOVQ $10, itr2 + +sealAVX2192InnerCipherLoop: + chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0) + VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1 + VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1 + VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1 + chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0) + VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1 + VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1 + VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1 + DECQ itr2 + JNE sealAVX2192InnerCipherLoop + VPADDD AA2, AA0, AA0; VPADDD AA2, AA1, AA1 + VPADDD BB2, BB0, BB0; VPADDD BB2, BB1, BB1 + VPADDD CC2, CC0, CC0; VPADDD CC2, CC1, CC1 + VPADDD DD2, DD0, DD0; VPADDD TT3, DD1, DD1 + VPERM2I128 $0x02, AA0, BB0, TT0 + + // Clamp and store poly key + VPAND ·polyClampMask<>(SB), TT0, TT0 + VMOVDQA TT0, rsStoreAVX2 + + // Stream for up to 192 bytes + VPERM2I128 $0x13, AA0, BB0, AA0 + VPERM2I128 $0x13, CC0, DD0, BB0 + VPERM2I128 $0x02, AA1, BB1, CC0 + VPERM2I128 $0x02, CC1, DD1, DD0 + VPERM2I128 $0x13, AA1, BB1, AA1 + VPERM2I128 $0x13, CC1, DD1, BB1 + +sealAVX2ShortSeal: + // Hash aad + MOVQ ad_len+80(FP), itr2 + CALL polyHashADInternal<>(SB) + XORQ itr1, itr1 + +sealAVX2SealHash: + // itr1 holds the number of bytes encrypted but not yet hashed + CMPQ itr1, $16 + JB sealAVX2ShortSealLoop + polyAdd(0(oup)) + polyMul + SUBQ $16, itr1 + ADDQ $16, oup + JMP sealAVX2SealHash + +sealAVX2ShortSealLoop: + CMPQ inl, $32 + JB sealAVX2ShortTail32 + SUBQ $32, inl + + // Load for encryption + VPXOR (inp), AA0, AA0 + VMOVDQU AA0, (oup) + LEAQ (1*32)(inp), inp + + // Now can hash + polyAdd(0*8(oup)) + polyMulAVX2 + polyAdd(2*8(oup)) + polyMulAVX2 + LEAQ (1*32)(oup), oup + + // Shift stream left + VMOVDQA BB0, AA0 + VMOVDQA CC0, BB0 + VMOVDQA DD0, CC0 + VMOVDQA AA1, DD0 + VMOVDQA BB1, AA1 + VMOVDQA CC1, BB1 + VMOVDQA DD1, CC1 + VMOVDQA AA2, DD1 + VMOVDQA BB2, AA2 + JMP sealAVX2ShortSealLoop + +sealAVX2ShortTail32: + CMPQ inl, $16 + VMOVDQA A0, A1 + JB sealAVX2ShortDone + + SUBQ $16, inl + + // Load for encryption + VPXOR (inp), A0, T0 + VMOVDQU T0, (oup) + LEAQ (1*16)(inp), inp + + // Hash + polyAdd(0*8(oup)) + polyMulAVX2 + LEAQ (1*16)(oup), oup + VPERM2I128 $0x11, AA0, AA0, AA0 + VMOVDQA A0, A1 + +sealAVX2ShortDone: + VZEROUPPER + JMP sealSSETail + +// ---------------------------------------------------------------------------- +// Special optimization for buffers smaller than 321 bytes +seal320AVX2: + // For up to 320 bytes of ciphertext and 64 bytes for the poly key, we process six blocks + VMOVDQA AA0, AA1; VMOVDQA BB0, BB1; VMOVDQA CC0, CC1; VPADDD ·avx2IncMask<>(SB), DD0, DD1 + VMOVDQA AA0, AA2; VMOVDQA BB0, BB2; VMOVDQA CC0, CC2; VPADDD ·avx2IncMask<>(SB), DD1, DD2 + VMOVDQA BB0, TT1; VMOVDQA CC0, TT2; VMOVDQA DD0, TT3 + MOVQ $10, itr2 + +sealAVX2320InnerCipherLoop: + chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, TT0) + VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $4, BB2, BB2, BB2 + VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2 + VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1; VPALIGNR $12, DD2, DD2, DD2 + chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, TT0) + VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $12, BB2, BB2, BB2 + VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2 + VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1; VPALIGNR $4, DD2, DD2, DD2 + DECQ itr2 + JNE sealAVX2320InnerCipherLoop + + VMOVDQA ·chacha20Constants<>(SB), TT0 + VPADDD TT0, AA0, AA0; VPADDD TT0, AA1, AA1; VPADDD TT0, AA2, AA2 + VPADDD TT1, BB0, BB0; VPADDD TT1, BB1, BB1; VPADDD TT1, BB2, BB2 + VPADDD TT2, CC0, CC0; VPADDD TT2, CC1, CC1; VPADDD TT2, CC2, CC2 + VMOVDQA ·avx2IncMask<>(SB), TT0 + VPADDD TT3, DD0, DD0; VPADDD TT0, TT3, TT3 + VPADDD TT3, DD1, DD1; VPADDD TT0, TT3, TT3 + VPADDD TT3, DD2, DD2 + + // Clamp and store poly key + VPERM2I128 $0x02, AA0, BB0, TT0 + VPAND ·polyClampMask<>(SB), TT0, TT0 + VMOVDQA TT0, rsStoreAVX2 + + // Stream for up to 320 bytes + VPERM2I128 $0x13, AA0, BB0, AA0 + VPERM2I128 $0x13, CC0, DD0, BB0 + VPERM2I128 $0x02, AA1, BB1, CC0 + VPERM2I128 $0x02, CC1, DD1, DD0 + VPERM2I128 $0x13, AA1, BB1, AA1 + VPERM2I128 $0x13, CC1, DD1, BB1 + VPERM2I128 $0x02, AA2, BB2, CC1 + VPERM2I128 $0x02, CC2, DD2, DD1 + VPERM2I128 $0x13, AA2, BB2, AA2 + VPERM2I128 $0x13, CC2, DD2, BB2 + JMP sealAVX2ShortSeal + +// ---------------------------------------------------------------------------- +// Special optimization for the last 128 bytes of ciphertext +sealAVX2Tail128: + // Need to decrypt up to 128 bytes - prepare two blocks + // If we got here after the main loop - there are 512 encrypted bytes waiting to be hashed + // If we got here before the main loop - there are 448 encrpyred bytes waiting to be hashed + VMOVDQA ·chacha20Constants<>(SB), AA0 + VMOVDQA state1StoreAVX2, BB0 + VMOVDQA state2StoreAVX2, CC0 + VMOVDQA ctr3StoreAVX2, DD0 + VPADDD ·avx2IncMask<>(SB), DD0, DD0 + VMOVDQA DD0, DD1 + +sealAVX2Tail128LoopA: + polyAdd(0(oup)) + polyMul + LEAQ 16(oup), oup + +sealAVX2Tail128LoopB: + chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0) + polyAdd(0(oup)) + polyMul + VPALIGNR $4, BB0, BB0, BB0 + VPALIGNR $8, CC0, CC0, CC0 + VPALIGNR $12, DD0, DD0, DD0 + chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0) + polyAdd(16(oup)) + polyMul + LEAQ 32(oup), oup + VPALIGNR $12, BB0, BB0, BB0 + VPALIGNR $8, CC0, CC0, CC0 + VPALIGNR $4, DD0, DD0, DD0 + DECQ itr1 + JG sealAVX2Tail128LoopA + DECQ itr2 + JGE sealAVX2Tail128LoopB + + VPADDD ·chacha20Constants<>(SB), AA0, AA1 + VPADDD state1StoreAVX2, BB0, BB1 + VPADDD state2StoreAVX2, CC0, CC1 + VPADDD DD1, DD0, DD1 + + VPERM2I128 $0x02, AA1, BB1, AA0 + VPERM2I128 $0x02, CC1, DD1, BB0 + VPERM2I128 $0x13, AA1, BB1, CC0 + VPERM2I128 $0x13, CC1, DD1, DD0 + JMP sealAVX2ShortSealLoop + +// ---------------------------------------------------------------------------- +// Special optimization for the last 256 bytes of ciphertext +sealAVX2Tail256: + // Need to decrypt up to 256 bytes - prepare two blocks + // If we got here after the main loop - there are 512 encrypted bytes waiting to be hashed + // If we got here before the main loop - there are 448 encrpyred bytes waiting to be hashed + VMOVDQA ·chacha20Constants<>(SB), AA0; VMOVDQA ·chacha20Constants<>(SB), AA1 + VMOVDQA state1StoreAVX2, BB0; VMOVDQA state1StoreAVX2, BB1 + VMOVDQA state2StoreAVX2, CC0; VMOVDQA state2StoreAVX2, CC1 + VMOVDQA ctr3StoreAVX2, DD0 + VPADDD ·avx2IncMask<>(SB), DD0, DD0 + VPADDD ·avx2IncMask<>(SB), DD0, DD1 + VMOVDQA DD0, TT1 + VMOVDQA DD1, TT2 + +sealAVX2Tail256LoopA: + polyAdd(0(oup)) + polyMul + LEAQ 16(oup), oup + +sealAVX2Tail256LoopB: + chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0) + polyAdd(0(oup)) + polyMul + VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1 + VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1 + VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1 + chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0) + polyAdd(16(oup)) + polyMul + LEAQ 32(oup), oup + VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1 + VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1 + VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1 + DECQ itr1 + JG sealAVX2Tail256LoopA + DECQ itr2 + JGE sealAVX2Tail256LoopB + + VPADDD ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1 + VPADDD state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1 + VPADDD state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1 + VPADDD TT1, DD0, DD0; VPADDD TT2, DD1, DD1 + VPERM2I128 $0x02, AA0, BB0, TT0 + VPERM2I128 $0x02, CC0, DD0, TT1 + VPERM2I128 $0x13, AA0, BB0, TT2 + VPERM2I128 $0x13, CC0, DD0, TT3 + VPXOR (0*32)(inp), TT0, TT0; VPXOR (1*32)(inp), TT1, TT1; VPXOR (2*32)(inp), TT2, TT2; VPXOR (3*32)(inp), TT3, TT3 + VMOVDQU TT0, (0*32)(oup); VMOVDQU TT1, (1*32)(oup); VMOVDQU TT2, (2*32)(oup); VMOVDQU TT3, (3*32)(oup) + MOVQ $128, itr1 + LEAQ 128(inp), inp + SUBQ $128, inl + VPERM2I128 $0x02, AA1, BB1, AA0 + VPERM2I128 $0x02, CC1, DD1, BB0 + VPERM2I128 $0x13, AA1, BB1, CC0 + VPERM2I128 $0x13, CC1, DD1, DD0 + + JMP sealAVX2SealHash + +// ---------------------------------------------------------------------------- +// Special optimization for the last 384 bytes of ciphertext +sealAVX2Tail384: + // Need to decrypt up to 384 bytes - prepare two blocks + // If we got here after the main loop - there are 512 encrypted bytes waiting to be hashed + // If we got here before the main loop - there are 448 encrpyred bytes waiting to be hashed + VMOVDQA ·chacha20Constants<>(SB), AA0; VMOVDQA AA0, AA1; VMOVDQA AA0, AA2 + VMOVDQA state1StoreAVX2, BB0; VMOVDQA BB0, BB1; VMOVDQA BB0, BB2 + VMOVDQA state2StoreAVX2, CC0; VMOVDQA CC0, CC1; VMOVDQA CC0, CC2 + VMOVDQA ctr3StoreAVX2, DD0 + VPADDD ·avx2IncMask<>(SB), DD0, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD1; VPADDD ·avx2IncMask<>(SB), DD1, DD2 + VMOVDQA DD0, TT1; VMOVDQA DD1, TT2; VMOVDQA DD2, TT3 + +sealAVX2Tail384LoopA: + polyAdd(0(oup)) + polyMul + LEAQ 16(oup), oup + +sealAVX2Tail384LoopB: + chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, TT0) + polyAdd(0(oup)) + polyMul + VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $4, BB2, BB2, BB2 + VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2 + VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1; VPALIGNR $12, DD2, DD2, DD2 + chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, TT0) + polyAdd(16(oup)) + polyMul + LEAQ 32(oup), oup + VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $12, BB2, BB2, BB2 + VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2 + VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1; VPALIGNR $4, DD2, DD2, DD2 + DECQ itr1 + JG sealAVX2Tail384LoopA + DECQ itr2 + JGE sealAVX2Tail384LoopB + + VPADDD ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1; VPADDD ·chacha20Constants<>(SB), AA2, AA2 + VPADDD state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1; VPADDD state1StoreAVX2, BB2, BB2 + VPADDD state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1; VPADDD state2StoreAVX2, CC2, CC2 + VPADDD TT1, DD0, DD0; VPADDD TT2, DD1, DD1; VPADDD TT3, DD2, DD2 + VPERM2I128 $0x02, AA0, BB0, TT0 + VPERM2I128 $0x02, CC0, DD0, TT1 + VPERM2I128 $0x13, AA0, BB0, TT2 + VPERM2I128 $0x13, CC0, DD0, TT3 + VPXOR (0*32)(inp), TT0, TT0; VPXOR (1*32)(inp), TT1, TT1; VPXOR (2*32)(inp), TT2, TT2; VPXOR (3*32)(inp), TT3, TT3 + VMOVDQU TT0, (0*32)(oup); VMOVDQU TT1, (1*32)(oup); VMOVDQU TT2, (2*32)(oup); VMOVDQU TT3, (3*32)(oup) + VPERM2I128 $0x02, AA1, BB1, TT0 + VPERM2I128 $0x02, CC1, DD1, TT1 + VPERM2I128 $0x13, AA1, BB1, TT2 + VPERM2I128 $0x13, CC1, DD1, TT3 + VPXOR (4*32)(inp), TT0, TT0; VPXOR (5*32)(inp), TT1, TT1; VPXOR (6*32)(inp), TT2, TT2; VPXOR (7*32)(inp), TT3, TT3 + VMOVDQU TT0, (4*32)(oup); VMOVDQU TT1, (5*32)(oup); VMOVDQU TT2, (6*32)(oup); VMOVDQU TT3, (7*32)(oup) + MOVQ $256, itr1 + LEAQ 256(inp), inp + SUBQ $256, inl + VPERM2I128 $0x02, AA2, BB2, AA0 + VPERM2I128 $0x02, CC2, DD2, BB0 + VPERM2I128 $0x13, AA2, BB2, CC0 + VPERM2I128 $0x13, CC2, DD2, DD0 + + JMP sealAVX2SealHash + +// ---------------------------------------------------------------------------- +// Special optimization for the last 512 bytes of ciphertext +sealAVX2Tail512: + // Need to decrypt up to 512 bytes - prepare two blocks + // If we got here after the main loop - there are 512 encrypted bytes waiting to be hashed + // If we got here before the main loop - there are 448 encrpyred bytes waiting to be hashed + VMOVDQA ·chacha20Constants<>(SB), AA0; VMOVDQA AA0, AA1; VMOVDQA AA0, AA2; VMOVDQA AA0, AA3 + VMOVDQA state1StoreAVX2, BB0; VMOVDQA BB0, BB1; VMOVDQA BB0, BB2; VMOVDQA BB0, BB3 + VMOVDQA state2StoreAVX2, CC0; VMOVDQA CC0, CC1; VMOVDQA CC0, CC2; VMOVDQA CC0, CC3 + VMOVDQA ctr3StoreAVX2, DD0 + VPADDD ·avx2IncMask<>(SB), DD0, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD1; VPADDD ·avx2IncMask<>(SB), DD1, DD2; VPADDD ·avx2IncMask<>(SB), DD2, DD3 + VMOVDQA DD0, ctr0StoreAVX2; VMOVDQA DD1, ctr1StoreAVX2; VMOVDQA DD2, ctr2StoreAVX2; VMOVDQA DD3, ctr3StoreAVX2 + +sealAVX2Tail512LoopA: + polyAdd(0(oup)) + polyMul + LEAQ 16(oup), oup + +sealAVX2Tail512LoopB: + VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3 + VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3 + VPSHUFB ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3 + VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3 + VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3 + VMOVDQA CC3, tmpStoreAVX2 + VPSLLD $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0 + VPSLLD $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1 + VPSLLD $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2 + VPSLLD $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3 + VMOVDQA tmpStoreAVX2, CC3 + polyAdd(0*8(oup)) + polyMulAVX2 + VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3 + VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3 + VPSHUFB ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), DD3, DD3 + VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3 + VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3 + VMOVDQA CC3, tmpStoreAVX2 + VPSLLD $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0 + VPSLLD $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1 + VPSLLD $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2 + VPSLLD $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3 + VMOVDQA tmpStoreAVX2, CC3 + VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $4, BB2, BB2, BB2; VPALIGNR $4, BB3, BB3, BB3 + VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $8, CC3, CC3, CC3 + VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1; VPALIGNR $12, DD2, DD2, DD2; VPALIGNR $12, DD3, DD3, DD3 + VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3 + VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3 + VPSHUFB ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3 + VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3 + VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3 + polyAdd(2*8(oup)) + polyMulAVX2 + LEAQ (4*8)(oup), oup + VMOVDQA CC3, tmpStoreAVX2 + VPSLLD $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0 + VPSLLD $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1 + VPSLLD $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2 + VPSLLD $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3 + VMOVDQA tmpStoreAVX2, CC3 + VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3 + VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3 + VPSHUFB ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), DD3, DD3 + VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3 + VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3 + VMOVDQA CC3, tmpStoreAVX2 + VPSLLD $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0 + VPSLLD $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1 + VPSLLD $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2 + VPSLLD $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3 + VMOVDQA tmpStoreAVX2, CC3 + VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $12, BB2, BB2, BB2; VPALIGNR $12, BB3, BB3, BB3 + VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $8, CC3, CC3, CC3 + VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1; VPALIGNR $4, DD2, DD2, DD2; VPALIGNR $4, DD3, DD3, DD3 + + DECQ itr1 + JG sealAVX2Tail512LoopA + DECQ itr2 + JGE sealAVX2Tail512LoopB + + VPADDD ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1; VPADDD ·chacha20Constants<>(SB), AA2, AA2; VPADDD ·chacha20Constants<>(SB), AA3, AA3 + VPADDD state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1; VPADDD state1StoreAVX2, BB2, BB2; VPADDD state1StoreAVX2, BB3, BB3 + VPADDD state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1; VPADDD state2StoreAVX2, CC2, CC2; VPADDD state2StoreAVX2, CC3, CC3 + VPADDD ctr0StoreAVX2, DD0, DD0; VPADDD ctr1StoreAVX2, DD1, DD1; VPADDD ctr2StoreAVX2, DD2, DD2; VPADDD ctr3StoreAVX2, DD3, DD3 + VMOVDQA CC3, tmpStoreAVX2 + VPERM2I128 $0x02, AA0, BB0, CC3 + VPXOR (0*32)(inp), CC3, CC3 + VMOVDQU CC3, (0*32)(oup) + VPERM2I128 $0x02, CC0, DD0, CC3 + VPXOR (1*32)(inp), CC3, CC3 + VMOVDQU CC3, (1*32)(oup) + VPERM2I128 $0x13, AA0, BB0, CC3 + VPXOR (2*32)(inp), CC3, CC3 + VMOVDQU CC3, (2*32)(oup) + VPERM2I128 $0x13, CC0, DD0, CC3 + VPXOR (3*32)(inp), CC3, CC3 + VMOVDQU CC3, (3*32)(oup) + + VPERM2I128 $0x02, AA1, BB1, AA0 + VPERM2I128 $0x02, CC1, DD1, BB0 + VPERM2I128 $0x13, AA1, BB1, CC0 + VPERM2I128 $0x13, CC1, DD1, DD0 + VPXOR (4*32)(inp), AA0, AA0; VPXOR (5*32)(inp), BB0, BB0; VPXOR (6*32)(inp), CC0, CC0; VPXOR (7*32)(inp), DD0, DD0 + VMOVDQU AA0, (4*32)(oup); VMOVDQU BB0, (5*32)(oup); VMOVDQU CC0, (6*32)(oup); VMOVDQU DD0, (7*32)(oup) + + VPERM2I128 $0x02, AA2, BB2, AA0 + VPERM2I128 $0x02, CC2, DD2, BB0 + VPERM2I128 $0x13, AA2, BB2, CC0 + VPERM2I128 $0x13, CC2, DD2, DD0 + VPXOR (8*32)(inp), AA0, AA0; VPXOR (9*32)(inp), BB0, BB0; VPXOR (10*32)(inp), CC0, CC0; VPXOR (11*32)(inp), DD0, DD0 + VMOVDQU AA0, (8*32)(oup); VMOVDQU BB0, (9*32)(oup); VMOVDQU CC0, (10*32)(oup); VMOVDQU DD0, (11*32)(oup) + + MOVQ $384, itr1 + LEAQ 384(inp), inp + SUBQ $384, inl + VPERM2I128 $0x02, AA3, BB3, AA0 + VPERM2I128 $0x02, tmpStoreAVX2, DD3, BB0 + VPERM2I128 $0x13, AA3, BB3, CC0 + VPERM2I128 $0x13, tmpStoreAVX2, DD3, DD0 + + JMP sealAVX2SealHash + +// func cpuid(eaxArg, ecxArg uint32) (eax, ebx, ecx, edx uint32) +TEXT ·cpuid(SB), NOSPLIT, $0-24 + MOVL eaxArg+0(FP), AX + MOVL ecxArg+4(FP), CX + CPUID + MOVL AX, eax+8(FP) + MOVL BX, ebx+12(FP) + MOVL CX, ecx+16(FP) + MOVL DX, edx+20(FP) + RET + +// func xgetbv() (eax, edx uint32) +TEXT ·xgetbv(SB),NOSPLIT,$0-8 + MOVL $0, CX + XGETBV + MOVL AX, eax+0(FP) + MOVL DX, edx+4(FP) + RET diff --git a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_generic.go b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_generic.go new file mode 100644 index 000000000000..4ac014f525cb --- /dev/null +++ b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_generic.go @@ -0,0 +1,70 @@ +// Copyright 2016 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package chacha20poly1305 + +import ( + "encoding/binary" + + "golang.org/x/crypto/internal/chacha20" + "golang.org/x/crypto/poly1305" +) + +func roundTo16(n int) int { + return 16 * ((n + 15) / 16) +} + +func (c *chacha20poly1305) sealGeneric(dst, nonce, plaintext, additionalData []byte) []byte { + var counter [16]byte + copy(counter[4:], nonce) + + var polyKey [32]byte + chacha20.XORKeyStream(polyKey[:], polyKey[:], &counter, &c.key) + + ret, out := sliceForAppend(dst, len(plaintext)+poly1305.TagSize) + counter[0] = 1 + chacha20.XORKeyStream(out, plaintext, &counter, &c.key) + + polyInput := make([]byte, roundTo16(len(additionalData))+roundTo16(len(plaintext))+8+8) + copy(polyInput, additionalData) + copy(polyInput[roundTo16(len(additionalData)):], out[:len(plaintext)]) + binary.LittleEndian.PutUint64(polyInput[len(polyInput)-16:], uint64(len(additionalData))) + binary.LittleEndian.PutUint64(polyInput[len(polyInput)-8:], uint64(len(plaintext))) + + var tag [poly1305.TagSize]byte + poly1305.Sum(&tag, polyInput, &polyKey) + copy(out[len(plaintext):], tag[:]) + + return ret +} + +func (c *chacha20poly1305) openGeneric(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) { + var tag [poly1305.TagSize]byte + copy(tag[:], ciphertext[len(ciphertext)-16:]) + ciphertext = ciphertext[:len(ciphertext)-16] + + var counter [16]byte + copy(counter[4:], nonce) + + var polyKey [32]byte + chacha20.XORKeyStream(polyKey[:], polyKey[:], &counter, &c.key) + + polyInput := make([]byte, roundTo16(len(additionalData))+roundTo16(len(ciphertext))+8+8) + copy(polyInput, additionalData) + copy(polyInput[roundTo16(len(additionalData)):], ciphertext) + binary.LittleEndian.PutUint64(polyInput[len(polyInput)-16:], uint64(len(additionalData))) + binary.LittleEndian.PutUint64(polyInput[len(polyInput)-8:], uint64(len(ciphertext))) + + ret, out := sliceForAppend(dst, len(ciphertext)) + if !poly1305.Verify(&tag, polyInput, &polyKey) { + for i := range out { + out[i] = 0 + } + return nil, errOpen + } + + counter[0] = 1 + chacha20.XORKeyStream(out, ciphertext, &counter, &c.key) + return ret, nil +} diff --git a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_noasm.go b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_noasm.go new file mode 100644 index 000000000000..4c2eb703c327 --- /dev/null +++ b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_noasm.go @@ -0,0 +1,15 @@ +// Copyright 2016 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build !amd64 !go1.7 gccgo appengine + +package chacha20poly1305 + +func (c *chacha20poly1305) seal(dst, nonce, plaintext, additionalData []byte) []byte { + return c.sealGeneric(dst, nonce, plaintext, additionalData) +} + +func (c *chacha20poly1305) open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) { + return c.openGeneric(dst, nonce, ciphertext, additionalData) +} diff --git a/vendor/vendor.json b/vendor/vendor.json index 844c08665211..51102adc8e5d 100644 --- a/vendor/vendor.json +++ b/vendor/vendor.json @@ -1608,6 +1608,12 @@ "revision": "5119cf507ed5294cc409c092980c7497ee5d6fd2", "revisionTime": "2018-01-22T10:39:14Z" }, + { + "checksumSHA1": "1zB843WyoSh8oMdbeDfgByEa2TE=", + "path": "golang.org/x/crypto/chacha20poly1305", + "revision": "650f4a345ab4e5b245a3034b110ebc7299e68186", + "revisionTime": "2017-09-27T09:16:38Z" + }, { "checksumSHA1": "IQkUIOnvlf0tYloFx9mLaXSvXWQ=", "path": "golang.org/x/crypto/curve25519", diff --git a/website/source/api/secret/transit/index.html.md b/website/source/api/secret/transit/index.html.md index c9efea83ef1d..b1bdc9ba3336 100644 --- a/website/source/api/secret/transit/index.html.md +++ b/website/source/api/secret/transit/index.html.md @@ -34,10 +34,7 @@ values set here cannot be changed after key creation. convergent encryption, where the same plaintext creates the same ciphertext. This requires _derived_ to be set to `true`. When enabled, each encryption(/decryption/rewrap/datakey) operation will derive a `nonce` value - rather than randomly generate it. Note that while this is useful for - particular situations, all nonce values used with a given context value **must - be unique** or it will compromise the security of your key, and the key space - for nonces is 96 bit -- not as large as the AES key itself. + rather than randomly generate it. - `derived` `(bool: false)` – Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this named key must provide a context @@ -53,8 +50,10 @@ values set here cannot be changed after key creation. - `type` `(string: "aes256-gcm96")` – Specifies the type of key to create. The currently-supported types are: - - `aes256-gcm96` – AES-256 wrapped with GCM using a 12-byte nonce size - (symmetric, supports derivation) + - `aes256-gcm96` – AES-256 wrapped with GCM using a 96-bit nonce size AEAD + (symmetric, supports derivation and convergent encryption) + - `chacha20-poly1305` – ChaCha20-Poly1305 AEAD (symmetric, supports + derivation and convergent encryption) - `ecdsa-p256` – ECDSA using the P-256 elliptic curve (asymmetric) - `ed25519` – ED25519 (asymmetric, supports derivation) - `rsa-2048` - RSA with bit size of 2048 (asymmetric) diff --git a/website/source/docs/secrets/transit/index.html.md b/website/source/docs/secrets/transit/index.html.md index a238afe7a762..4bbf716a3cb0 100644 --- a/website/source/docs/secrets/transit/index.html.md +++ b/website/source/docs/secrets/transit/index.html.md @@ -48,6 +48,24 @@ multiple of five) may provide a good alternative, allowing for several keys to be live at once and a deterministic way to decide which key to use at any given time. +## Key Types + +As of now, the transit secrets engine supports the following key types (all key +types also generate separate HMAC keys): + +* `aes256-gcm96`: AES-GCM with a 256-bit AES key and a 96-bit nonce; supports + encryption, decryption, key derivation, and convergent encryption +* `chacha20-poly1305`: ChaCha20-Poly1305 with a 256-bit key; supports + encryption, decryption, key derivation, and convergent encryption +* `ed25519`: Ed25519; supports signing, signature verification, and key + derivation +* `ecdsa-p256`: ECDSA using curve P256; supports signing and signature + verification +* `rsa-2048`: 2048-bit RSA key; supports encryption, decryption, signing, and + signature verification +* `rsa-4096`: 4096-bit RSA key; supports encryption, decryption, signing, and + signature verification + ## Setup Most secrets engines must be configured in advance before they can perform their From 3c1c80972dd0fe6d3c82230f86b6d1702ff1aeb3 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Wed, 14 Feb 2018 12:00:39 -0500 Subject: [PATCH 133/178] changelog++ --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 391320ad14c5..2e1a26db5fb1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,9 @@ FEATURES: + * **ChaCha20-Poly1305 support in `transit`**: You can now encrypt and decrypt + with ChaCha20-Poly1305 in `transit`. Key derivation and convergent + encryption is also supported. * **Manta Storage**: Manta can now be used for Vault storage IMPROVEMENTS: From ee4327d71b0bea5fce0c3b954e3ad224f06514b7 Mon Sep 17 00:00:00 2001 From: Seth Vargo Date: Wed, 14 Feb 2018 15:11:33 -0500 Subject: [PATCH 134/178] Remove mlock warning when mlock is explicitly disabled (#3979) --- command/server.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/command/server.go b/command/server.go index 2df9b77f6141..ad9d2573e052 100644 --- a/command/server.go +++ b/command/server.go @@ -369,9 +369,10 @@ func (c *ServerCommand) Run(args []string) int { return 1 } - // If mlockall(2) isn't supported, show a warning. We disable this - // in dev because it is quite scary to see when first using Vault. - if !c.flagDev && !mlock.Supported() { + // If mlockall(2) isn't supported, show a warning. We disable this in dev + // because it is quite scary to see when first using Vault. We also disable + // this if the user has explicitly disabled mlock in configuration. + if !c.flagDev && !config.DisableMlock && !mlock.Supported() { c.UI.Warn(wrapAtLength( "WARNING! mlock is not supported on this system! An mlockall(2)-like " + "syscall to prevent memory from being swapped to disk is not " + From 7ddc025dee620a48e4fd674b8d24919faf4d25c9 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Wed, 14 Feb 2018 16:10:45 -0500 Subject: [PATCH 135/178] Re-add lost stored-shares parameter to operator rekey command. (#3974) Also change the rekey API to not require explicitly setting values to 1. Fixes #3969 --- command/operator_init.go | 20 ++++++++++---------- command/operator_rekey.go | 17 ++++++++++++++--- http/sys_init.go | 24 ++++++++---------------- http/sys_rekey.go | 17 +++++++++++------ 4 files changed, 43 insertions(+), 35 deletions(-) diff --git a/command/operator_init.go b/command/operator_init.go index 07651148596b..213702a1a4a8 100644 --- a/command/operator_init.go +++ b/command/operator_init.go @@ -196,15 +196,6 @@ func (c *OperatorInitCommand) Flags() *FlagSets { "is only used in HSM mode.", }) - f.IntVar(&IntVar{ - Name: "stored-shares", - Target: &c.flagStoredShares, - Default: 0, // No default, because we need to check if was supplied - Completion: complete.PredictAnything, - Usage: "Number of unseal keys to store on an HSM. This must be equal to " + - "-key-shares. This is only used in HSM mode.", - }) - // Deprecations // TODO: remove in 0.9.0 f.BoolVar(&BoolVar{ @@ -222,6 +213,15 @@ func (c *OperatorInitCommand) Flags() *FlagSets { Usage: "", }) + // Kept to keep scripts passing the flag working, but not used + f.IntVar(&IntVar{ + Name: "stored-shares", + Target: &c.flagStoredShares, + Default: 0, + Hidden: true, + Usage: "", + }) + return set } @@ -456,7 +456,7 @@ func (c *OperatorInitCommand) init(client *api.Client, req *api.InitRequest) int c.UI.Output("") c.UI.Output(fmt.Sprintf("Initial Root Token: %s", resp.RootToken)) - if req.StoredShares < 1 { + if len(resp.Keys) > 0 { c.UI.Output("") c.UI.Output(wrapAtLength(fmt.Sprintf( "Vault initialized with %d key shares and a key threshold of %d. Please "+ diff --git a/command/operator_rekey.go b/command/operator_rekey.go index 972676fcf2bf..4cc23fadc7ff 100644 --- a/command/operator_rekey.go +++ b/command/operator_rekey.go @@ -37,9 +37,10 @@ type OperatorRekeyCommand struct { // Deprecations // TODO: remove in 0.9.0 - flagDelete bool - flagRecoveryKey bool - flagRetrieve bool + flagDelete bool + flagRecoveryKey bool + flagRetrieve bool + flagStoredShares int testStdin io.Reader // for tests } @@ -231,6 +232,15 @@ func (c *OperatorRekeyCommand) Flags() *FlagSets { Usage: "", }) + // Kept to keep scripts passing the flag working, but not used + f.IntVar(&IntVar{ + Name: "stored-shares", + Target: &c.flagStoredShares, + Default: 0, + Hidden: true, + Usage: "", + }) + return set } @@ -323,6 +333,7 @@ func (c *OperatorRekeyCommand) init(client *api.Client) int { status, err := fn(&api.RekeyInitRequest{ SecretShares: c.flagKeyShares, SecretThreshold: c.flagKeyThreshold, + StoredShares: c.flagStoredShares, PGPKeys: c.flagPGPKeys, Backup: c.flagBackup, }) diff --git a/http/sys_init.go b/http/sys_init.go index 908d719f683d..f13ff5d3b665 100644 --- a/http/sys_init.go +++ b/http/sys_init.go @@ -69,36 +69,28 @@ func handleSysInitPut(core *vault.Core, w http.ResponseWriter, r *http.Request) // need to be a way to actually allow fetching of the generated keys by // operators. if core.SealAccess().StoredKeysSupported() { - if barrierConfig.SecretShares != 1 { - respondError(w, http.StatusBadRequest, fmt.Errorf("secret shares must be 1")) - return - } - if barrierConfig.SecretThreshold != barrierConfig.SecretShares { - respondError(w, http.StatusBadRequest, fmt.Errorf("secret threshold must be same as secret shares")) - return - } - if barrierConfig.StoredShares != barrierConfig.SecretShares { - respondError(w, http.StatusBadRequest, fmt.Errorf("stored shares must be same as secret shares")) - return - } - if barrierConfig.PGPKeys != nil && len(barrierConfig.PGPKeys) > 0 { + if len(barrierConfig.PGPKeys) > 0 { respondError(w, http.StatusBadRequest, fmt.Errorf("PGP keys not supported when storing shares")) return } + barrierConfig.SecretShares = 1 + barrierConfig.SecretThreshold = 1 + barrierConfig.StoredShares = 1 + core.Logger().Warn("init: stored keys supported, forcing shares/threshold to 1") } else { if barrierConfig.StoredShares > 0 { - respondError(w, http.StatusBadRequest, fmt.Errorf("stored keys are not supported")) + respondError(w, http.StatusBadRequest, fmt.Errorf("stored keys are not supported by the current seal type")) return } } - if len(barrierConfig.PGPKeys) > 0 && len(barrierConfig.PGPKeys) != barrierConfig.SecretShares-barrierConfig.StoredShares { + if len(barrierConfig.PGPKeys) > 0 && len(barrierConfig.PGPKeys) != barrierConfig.SecretShares { respondError(w, http.StatusBadRequest, fmt.Errorf("incorrect number of PGP keys")) return } if core.SealAccess().RecoveryKeySupported() { - if len(recoveryConfig.PGPKeys) > 0 && len(recoveryConfig.PGPKeys) != recoveryConfig.SecretShares-recoveryConfig.StoredShares { + if len(recoveryConfig.PGPKeys) > 0 && len(recoveryConfig.PGPKeys) != recoveryConfig.SecretShares { respondError(w, http.StatusBadRequest, fmt.Errorf("incorrect number of PGP keys for recovery")) return } diff --git a/http/sys_rekey.go b/http/sys_rekey.go index 23caf2b25c50..e3637eb0de09 100644 --- a/http/sys_rekey.go +++ b/http/sys_rekey.go @@ -117,16 +117,21 @@ func handleSysRekeyInitPut(ctx context.Context, core *vault.Core, recovery bool, return } - // If the seal supports recovery keys and stored keys, then we allow rekeying the barrier key - // iff the secret shares, secret threshold, and stored shares are set to 1. - if !recovery && core.SealAccess().RecoveryKeySupported() && core.SealAccess().StoredKeysSupported() { - if req.SecretShares != 1 || req.SecretThreshold != 1 || req.StoredShares != 1 { - respondError(w, http.StatusBadRequest, fmt.Errorf("secret shares, secret threshold, and stored shares must be set to 1")) + // If the seal supports stored keys, and we are rekeying the barrier key, + // force the shares to 1 + if !recovery && core.SealAccess().StoredKeysSupported() { + req.SecretShares = 1 + req.SecretThreshold = 1 + req.StoredShares = 1 + core.Logger().Warn("rekey: stored keys supported, forcing shares/threshold to 1") + } else { + if req.StoredShares != 0 { + respondError(w, http.StatusBadRequest, fmt.Errorf("stored keys are not supported by the current seal type")) return } } - if len(req.PGPKeys) > 0 && len(req.PGPKeys) != req.SecretShares-req.StoredShares { + if len(req.PGPKeys) > 0 && len(req.PGPKeys) != req.SecretShares { respondError(w, http.StatusBadRequest, fmt.Errorf("incorrect number of PGP keys for rekey")) return } From 83e397451e0e10aa165acf7e92867766ca7ed87b Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Wed, 14 Feb 2018 16:11:55 -0500 Subject: [PATCH 136/178] changelog++ --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2e1a26db5fb1..72ced886bb60 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -38,6 +38,7 @@ BUG FIXES: * auth/token: Token creation via the CLI no longer forces periodic token creation. Passing an explicit zero value for the period no longer create periodic tokens. [GH-3880] + * command/rekey: Re-add lost `stored-shares` parameter [GH-3974] * command/ssh: Create and reuse the api client [GH-3909] * identity: Fix race when creating entities [GH-3932] * plugin/gRPC: Fixed an issue with list requests and raw responses coming from From 7a628e64ca523478f4f4e3fa26a22f4b3ed723e3 Mon Sep 17 00:00:00 2001 From: Brian Nuszkowski Date: Wed, 14 Feb 2018 17:27:13 -0800 Subject: [PATCH 137/178] Disable redirects on the http client that calls AWS STS api, which (#3983) is used in the AWS IAM auth method. Co-authored-by: Max Justicz --- builtin/credential/aws/path_login.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/builtin/credential/aws/path_login.go b/builtin/credential/aws/path_login.go index 40ceee9bdc39..d643427c3769 100644 --- a/builtin/credential/aws/path_login.go +++ b/builtin/credential/aws/path_login.go @@ -1505,6 +1505,9 @@ func submitCallerIdentityRequest(method, endpoint string, parsedUrl *url.URL, bo // the endpoint to talk to alternate web addresses request := buildHttpRequest(method, endpoint, parsedUrl, body, headers) client := cleanhttp.DefaultClient() + client.CheckRedirect = func(req *http.Request, via []*http.Request) error { + return http.ErrUseLastResponse + } response, err := client.Do(request) if err != nil { return nil, fmt.Errorf("error making request: %v", err) From 0e2d21486425641ffe88341aa7afb24934aeb4f2 Mon Sep 17 00:00:00 2001 From: Brian Nuszkowski Date: Wed, 14 Feb 2018 17:28:19 -0800 Subject: [PATCH 138/178] Add Okta specific MFA workflow to Okta auth method (#3980) * Add Okta specific MFA workflow to Okta auth method. Note this only supports Okta Push. --- builtin/credential/okta/backend.go | 103 +++++++++++++++++++++++++++-- 1 file changed, 97 insertions(+), 6 deletions(-) diff --git a/builtin/credential/okta/backend.go b/builtin/credential/okta/backend.go index dbba93a59945..19718ff501d1 100644 --- a/builtin/credential/okta/backend.go +++ b/builtin/credential/okta/backend.go @@ -3,6 +3,7 @@ package okta import ( "context" "fmt" + "time" "github.com/chrismalek/oktasdk-go/okta" "github.com/hashicorp/vault/helper/mfa" @@ -66,13 +67,22 @@ func (b *backend) Login(ctx context.Context, req *logical.Request, username stri client := cfg.OktaClient() + type mfaFactor struct { + Id string `json:"id"` + Type string `json:"factorType"` + Provider string `json:"provider"` + } + type embeddedResult struct { - User okta.User `json:"user"` + User okta.User `json:"user"` + Factors []mfaFactor `json:"factors"` } type authResult struct { - Embedded embeddedResult `json:"_embedded"` - Status string `json:"status"` + Embedded embeddedResult `json:"_embedded"` + Status string `json:"status"` + FactorResult string `json:"factorResult"` + StateToken string `json:"stateToken"` } authReq, err := client.NewRequest("POST", "authn", map[string]interface{}{ @@ -96,6 +106,9 @@ func (b *backend) Login(ctx context.Context, req *logical.Request, username stri Data: map[string]interface{}{}, } + // More about Okta's Auth transation state here: + // https://developer.okta.com/docs/api/resources/authn#transaction-state + // If lockout failures are not configured to be hidden, the status needs to // be inspected for LOCKED_OUT status. Otherwise, it is handled above by an // error returned during the authentication request. @@ -115,9 +128,86 @@ func (b *backend) Login(ctx context.Context, req *logical.Request, username stri case "PASSWORD_WARN": oktaResponse.AddWarning("Your Okta password is in warning state and needs to be changed soon.") - case "MFA_REQUIRED", "MFA_ENROLL": + case "MFA_ENROLL", "MFA_ENROLL_ACTIVATE": if !cfg.BypassOktaMFA { - return nil, logical.ErrorResponse("okta mfa required for this account but mfa bypass not set in config"), nil, nil + if b.Logger().IsDebug() { + b.Logger().Debug("auth/okta: user must enroll or complete mfa enrollment", "user", username) + } + return nil, logical.ErrorResponse("okta authentication failed: you must complete MFA enrollment to continue"), nil, nil + } + + case "MFA_REQUIRED": + // Per Okta documentation: Users are challenged for MFA (MFA_REQUIRED) + // before the Status of PASSWORD_EXPIRED is exposed (if they have an + // active factor enrollment). This bypass removes visibility + // into the authenticating user's password expiry, but still ensures the + // credentials are valid and the user is not locked out. + if cfg.BypassOktaMFA { + result.Status = "SUCCESS" + break + } + + factorAvailable := false + + var selectedFactor mfaFactor + // only okta push is currently supported + for _, v := range result.Embedded.Factors { + if v.Type == "push" && v.Provider == "OKTA" { + factorAvailable = true + selectedFactor = v + } + } + + if !factorAvailable { + return nil, logical.ErrorResponse("Okta Verify Push factor is required in order to perform MFA"), nil, nil + } + + requestPath := fmt.Sprintf("authn/factors/%s/verify", selectedFactor.Id) + payload := map[string]interface{}{ + "stateToken": result.StateToken, + } + verifyReq, err := client.NewRequest("POST", requestPath, payload) + if err != nil { + return nil, nil, nil, err + } + + rsp, err := client.Do(verifyReq, &result) + if err != nil { + return nil, logical.ErrorResponse(fmt.Sprintf("Okta auth failed: %v", err)), nil, nil + } + if rsp == nil { + return nil, logical.ErrorResponse("okta auth backend unexpected failure"), nil, nil + } + for result.Status == "MFA_CHALLENGE" { + switch result.FactorResult { + case "WAITING": + verifyReq, err := client.NewRequest("POST", requestPath, payload) + rsp, err := client.Do(verifyReq, &result) + if err != nil { + return nil, logical.ErrorResponse(fmt.Sprintf("Okta auth failed checking loop: %v", err)), nil, nil + } + if rsp == nil { + return nil, logical.ErrorResponse("okta auth backend unexpected failure"), nil, nil + } + + select { + case <-time.After(500 * time.Millisecond): + // Continue + case <-ctx.Done(): + return nil, logical.ErrorResponse("exiting pending mfa challenge"), nil, nil + } + case "REJECTED": + return nil, logical.ErrorResponse("multi-factor authentication denied"), nil, nil + case "TIMEOUT": + return nil, logical.ErrorResponse("failed to complete multi-factor authentication"), nil, nil + case "SUCCESS": + // Allowed + default: + if b.Logger().IsDebug() { + b.Logger().Debug("auth/okta: unhandled result status", "status", result.Status, "factorstatus", result.FactorResult) + } + return nil, logical.ErrorResponse("okta authentication failed"), nil, nil + } } case "SUCCESS": @@ -135,7 +225,8 @@ func (b *backend) Login(ctx context.Context, req *logical.Request, username stri case result.Status == "SUCCESS", result.Status == "PASSWORD_WARN", result.Status == "MFA_REQUIRED" && cfg.BypassOktaMFA, - result.Status == "MFA_ENROLL" && cfg.BypassOktaMFA: + result.Status == "MFA_ENROLL" && cfg.BypassOktaMFA, + result.Status == "MFA_ENROLL_ACTIVATE" && cfg.BypassOktaMFA: // Allowed default: if b.Logger().IsDebug() { From 6420c5510b15b6c85c9f49e3865db8d5f9b14056 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Wed, 14 Feb 2018 20:30:36 -0500 Subject: [PATCH 139/178] changelog++ --- CHANGELOG.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 72ced886bb60..4573bcdd4c20 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,10 @@ FEATURES: * **ChaCha20-Poly1305 support in `transit`**: You can now encrypt and decrypt with ChaCha20-Poly1305 in `transit`. Key derivation and convergent encryption is also supported. - * **Manta Storage**: Manta can now be used for Vault storage + * **Okta Push support in Okta Auth Backend**: If a user account has MFA + required within Okta, an Okta Push MFA flow can be used to successfully + finish authentication. + * **Manta Storage**: Joyent Triton Manta can now be used for Vault storage IMPROVEMENTS: From 7af2bdc5a493d373b2832e06758c201d6c82ecc6 Mon Sep 17 00:00:00 2001 From: Seth Vargo Date: Wed, 14 Feb 2018 20:31:20 -0500 Subject: [PATCH 140/178] Add support for Google Cloud Spanner (#3977) --- command/commands.go | 2 + physical/spanner/spanner.go | 343 +++ physical/spanner/spanner_ha.go | 411 ++++ physical/spanner/spanner_ha_test.go | 57 + physical/spanner/spanner_test.go | 57 + physical/testing.go | 170 +- vendor/cloud.google.com/go/civil/civil.go | 277 +++ .../go/internal/atomiccache/atomiccache.go | 58 + .../go/internal/fields/fields.go | 468 +++++ .../go/internal/fields/fold.go | 156 ++ .../go/internal/protostruct/protostruct.go | 56 + .../cloud.google.com/go/spanner/appengine.go | 20 + vendor/cloud.google.com/go/spanner/backoff.go | 58 + vendor/cloud.google.com/go/spanner/client.go | 336 +++ vendor/cloud.google.com/go/spanner/doc.go | 316 +++ vendor/cloud.google.com/go/spanner/errors.go | 115 + vendor/cloud.google.com/go/spanner/go18.go | 68 + vendor/cloud.google.com/go/spanner/key.go | 400 ++++ .../cloud.google.com/go/spanner/mutation.go | 431 ++++ .../go/spanner/not_appengine.go | 20 + .../cloud.google.com/go/spanner/not_go18.go | 36 + .../cloud.google.com/go/spanner/protoutils.go | 113 + vendor/cloud.google.com/go/spanner/read.go | 704 +++++++ vendor/cloud.google.com/go/spanner/retry.go | 198 ++ vendor/cloud.google.com/go/spanner/row.go | 303 +++ vendor/cloud.google.com/go/spanner/session.go | 1075 ++++++++++ .../cloud.google.com/go/spanner/statement.go | 90 + .../go/spanner/timestampbound.go | 245 +++ .../go/spanner/transaction.go | 879 ++++++++ vendor/cloud.google.com/go/spanner/util.go | 33 + vendor/cloud.google.com/go/spanner/value.go | 1425 +++++++++++++ .../golang/protobuf/ptypes/empty/empty.pb.go | 66 + .../golang/protobuf/ptypes/empty/empty.proto | 52 + .../protobuf/ptypes/struct/struct.pb.go | 380 ++++ .../protobuf/ptypes/struct/struct.proto | 96 + vendor/go.opencensus.io/LICENSE | 202 ++ vendor/go.opencensus.io/internal/internal.go | 19 + vendor/go.opencensus.io/internal/sanitize.go | 50 + .../internal/tagencoding/tagencoding.go | 72 + .../internal/traceinternals.go | 48 + vendor/go.opencensus.io/plugin/grpc/grpc.go | 74 + .../plugin/grpc/grpcstats/client_handler.go | 157 ++ .../plugin/grpc/grpcstats/client_metrics.go | 138 ++ .../plugin/grpc/grpcstats/grpcstats.go | 89 + .../plugin/grpc/grpcstats/server_handler.go | 164 ++ .../plugin/grpc/grpcstats/server_metrics.go | 135 ++ .../plugin/grpc/grpctrace/grpc.go | 157 ++ vendor/go.opencensus.io/stats/doc.go | 55 + .../go.opencensus.io/stats/internal/record.go | 12 + .../stats/internal/validation.go | 14 + vendor/go.opencensus.io/stats/measure.go | 84 + .../go.opencensus.io/stats/measure_float64.go | 63 + .../go.opencensus.io/stats/measure_int64.go | 63 + vendor/go.opencensus.io/stats/record.go | 32 + .../stats/view/aggregation.go | 87 + .../stats/view/aggregation_data.go | 372 ++++ .../go.opencensus.io/stats/view/collector.go | 85 + vendor/go.opencensus.io/stats/view/doc.go | 47 + vendor/go.opencensus.io/stats/view/export.go | 53 + vendor/go.opencensus.io/stats/view/view.go | 179 ++ vendor/go.opencensus.io/stats/view/worker.go | 266 +++ .../stats/view/worker_commands.go | 186 ++ vendor/go.opencensus.io/tag/context.go | 41 + vendor/go.opencensus.io/tag/doc.go | 26 + vendor/go.opencensus.io/tag/key.go | 35 + vendor/go.opencensus.io/tag/map.go | 191 ++ vendor/go.opencensus.io/tag/map_codec.go | 223 ++ vendor/go.opencensus.io/tag/profile_19.go | 31 + vendor/go.opencensus.io/tag/profile_not19.go | 23 + vendor/go.opencensus.io/tag/validate.go | 56 + vendor/go.opencensus.io/trace/basetypes.go | 121 ++ vendor/go.opencensus.io/trace/doc.go | 55 + vendor/go.opencensus.io/trace/export.go | 73 + .../trace/propagation/propagation.go | 108 + vendor/go.opencensus.io/trace/sampling.go | 115 + vendor/go.opencensus.io/trace/spanbucket.go | 130 ++ vendor/go.opencensus.io/trace/spanstore.go | 306 +++ vendor/go.opencensus.io/trace/trace.go | 463 ++++ .../api/transport/grpc/dial.go | 83 + .../api/transport/grpc/dial_appengine.go | 41 + .../internal/socket/socket_service.pb.go | 1858 +++++++++++++++++ .../internal/socket/socket_service.proto | 460 ++++ .../google.golang.org/appengine/socket/doc.go | 10 + .../appengine/socket/socket_classic.go | 290 +++ .../appengine/socket/socket_vm.go | 64 + .../rpc/errdetails/error_details.pb.go | 495 +++++ .../genproto/googleapis/spanner/v1/keys.pb.go | 441 ++++ .../googleapis/spanner/v1/mutation.pb.go | 347 +++ .../googleapis/spanner/v1/query_plan.pb.go | 286 +++ .../googleapis/spanner/v1/result_set.pb.go | 312 +++ .../googleapis/spanner/v1/spanner.pb.go | 1396 +++++++++++++ .../googleapis/spanner/v1/transaction.pb.go | 835 ++++++++ .../genproto/googleapis/spanner/v1/type.pb.go | 217 ++ .../grpc/credentials/oauth/oauth.go | 173 ++ vendor/vendor.json | 144 ++ .../configuration/storage/spanner.html.md | 145 ++ website/source/layouts/docs.erb | 3 + 97 files changed, 21916 insertions(+), 98 deletions(-) create mode 100644 physical/spanner/spanner.go create mode 100644 physical/spanner/spanner_ha.go create mode 100644 physical/spanner/spanner_ha_test.go create mode 100644 physical/spanner/spanner_test.go create mode 100644 vendor/cloud.google.com/go/civil/civil.go create mode 100644 vendor/cloud.google.com/go/internal/atomiccache/atomiccache.go create mode 100644 vendor/cloud.google.com/go/internal/fields/fields.go create mode 100644 vendor/cloud.google.com/go/internal/fields/fold.go create mode 100644 vendor/cloud.google.com/go/internal/protostruct/protostruct.go create mode 100644 vendor/cloud.google.com/go/spanner/appengine.go create mode 100644 vendor/cloud.google.com/go/spanner/backoff.go create mode 100644 vendor/cloud.google.com/go/spanner/client.go create mode 100644 vendor/cloud.google.com/go/spanner/doc.go create mode 100644 vendor/cloud.google.com/go/spanner/errors.go create mode 100644 vendor/cloud.google.com/go/spanner/go18.go create mode 100644 vendor/cloud.google.com/go/spanner/key.go create mode 100644 vendor/cloud.google.com/go/spanner/mutation.go create mode 100644 vendor/cloud.google.com/go/spanner/not_appengine.go create mode 100644 vendor/cloud.google.com/go/spanner/not_go18.go create mode 100644 vendor/cloud.google.com/go/spanner/protoutils.go create mode 100644 vendor/cloud.google.com/go/spanner/read.go create mode 100644 vendor/cloud.google.com/go/spanner/retry.go create mode 100644 vendor/cloud.google.com/go/spanner/row.go create mode 100644 vendor/cloud.google.com/go/spanner/session.go create mode 100644 vendor/cloud.google.com/go/spanner/statement.go create mode 100644 vendor/cloud.google.com/go/spanner/timestampbound.go create mode 100644 vendor/cloud.google.com/go/spanner/transaction.go create mode 100644 vendor/cloud.google.com/go/spanner/util.go create mode 100644 vendor/cloud.google.com/go/spanner/value.go create mode 100644 vendor/github.com/golang/protobuf/ptypes/empty/empty.pb.go create mode 100644 vendor/github.com/golang/protobuf/ptypes/empty/empty.proto create mode 100644 vendor/github.com/golang/protobuf/ptypes/struct/struct.pb.go create mode 100644 vendor/github.com/golang/protobuf/ptypes/struct/struct.proto create mode 100644 vendor/go.opencensus.io/LICENSE create mode 100644 vendor/go.opencensus.io/internal/internal.go create mode 100644 vendor/go.opencensus.io/internal/sanitize.go create mode 100644 vendor/go.opencensus.io/internal/tagencoding/tagencoding.go create mode 100644 vendor/go.opencensus.io/internal/traceinternals.go create mode 100644 vendor/go.opencensus.io/plugin/grpc/grpc.go create mode 100644 vendor/go.opencensus.io/plugin/grpc/grpcstats/client_handler.go create mode 100644 vendor/go.opencensus.io/plugin/grpc/grpcstats/client_metrics.go create mode 100644 vendor/go.opencensus.io/plugin/grpc/grpcstats/grpcstats.go create mode 100644 vendor/go.opencensus.io/plugin/grpc/grpcstats/server_handler.go create mode 100644 vendor/go.opencensus.io/plugin/grpc/grpcstats/server_metrics.go create mode 100644 vendor/go.opencensus.io/plugin/grpc/grpctrace/grpc.go create mode 100644 vendor/go.opencensus.io/stats/doc.go create mode 100644 vendor/go.opencensus.io/stats/internal/record.go create mode 100644 vendor/go.opencensus.io/stats/internal/validation.go create mode 100644 vendor/go.opencensus.io/stats/measure.go create mode 100644 vendor/go.opencensus.io/stats/measure_float64.go create mode 100644 vendor/go.opencensus.io/stats/measure_int64.go create mode 100644 vendor/go.opencensus.io/stats/record.go create mode 100644 vendor/go.opencensus.io/stats/view/aggregation.go create mode 100644 vendor/go.opencensus.io/stats/view/aggregation_data.go create mode 100644 vendor/go.opencensus.io/stats/view/collector.go create mode 100644 vendor/go.opencensus.io/stats/view/doc.go create mode 100644 vendor/go.opencensus.io/stats/view/export.go create mode 100644 vendor/go.opencensus.io/stats/view/view.go create mode 100644 vendor/go.opencensus.io/stats/view/worker.go create mode 100644 vendor/go.opencensus.io/stats/view/worker_commands.go create mode 100644 vendor/go.opencensus.io/tag/context.go create mode 100644 vendor/go.opencensus.io/tag/doc.go create mode 100644 vendor/go.opencensus.io/tag/key.go create mode 100644 vendor/go.opencensus.io/tag/map.go create mode 100644 vendor/go.opencensus.io/tag/map_codec.go create mode 100644 vendor/go.opencensus.io/tag/profile_19.go create mode 100644 vendor/go.opencensus.io/tag/profile_not19.go create mode 100644 vendor/go.opencensus.io/tag/validate.go create mode 100644 vendor/go.opencensus.io/trace/basetypes.go create mode 100644 vendor/go.opencensus.io/trace/doc.go create mode 100644 vendor/go.opencensus.io/trace/export.go create mode 100644 vendor/go.opencensus.io/trace/propagation/propagation.go create mode 100644 vendor/go.opencensus.io/trace/sampling.go create mode 100644 vendor/go.opencensus.io/trace/spanbucket.go create mode 100644 vendor/go.opencensus.io/trace/spanstore.go create mode 100644 vendor/go.opencensus.io/trace/trace.go create mode 100644 vendor/google.golang.org/api/transport/grpc/dial.go create mode 100644 vendor/google.golang.org/api/transport/grpc/dial_appengine.go create mode 100644 vendor/google.golang.org/appengine/internal/socket/socket_service.pb.go create mode 100644 vendor/google.golang.org/appengine/internal/socket/socket_service.proto create mode 100644 vendor/google.golang.org/appengine/socket/doc.go create mode 100644 vendor/google.golang.org/appengine/socket/socket_classic.go create mode 100644 vendor/google.golang.org/appengine/socket/socket_vm.go create mode 100644 vendor/google.golang.org/genproto/googleapis/rpc/errdetails/error_details.pb.go create mode 100644 vendor/google.golang.org/genproto/googleapis/spanner/v1/keys.pb.go create mode 100644 vendor/google.golang.org/genproto/googleapis/spanner/v1/mutation.pb.go create mode 100644 vendor/google.golang.org/genproto/googleapis/spanner/v1/query_plan.pb.go create mode 100644 vendor/google.golang.org/genproto/googleapis/spanner/v1/result_set.pb.go create mode 100644 vendor/google.golang.org/genproto/googleapis/spanner/v1/spanner.pb.go create mode 100644 vendor/google.golang.org/genproto/googleapis/spanner/v1/transaction.pb.go create mode 100644 vendor/google.golang.org/genproto/googleapis/spanner/v1/type.pb.go create mode 100644 vendor/google.golang.org/grpc/credentials/oauth/oauth.go create mode 100644 website/source/docs/configuration/storage/spanner.html.md diff --git a/command/commands.go b/command/commands.go index 92785aa29bbf..71d7d5bfd0b0 100644 --- a/command/commands.go +++ b/command/commands.go @@ -61,6 +61,7 @@ import ( physMySQL "github.com/hashicorp/vault/physical/mysql" physPostgreSQL "github.com/hashicorp/vault/physical/postgresql" physS3 "github.com/hashicorp/vault/physical/s3" + physSpanner "github.com/hashicorp/vault/physical/spanner" physSwift "github.com/hashicorp/vault/physical/swift" physZooKeeper "github.com/hashicorp/vault/physical/zookeeper" ) @@ -134,6 +135,7 @@ var ( "mysql": physMySQL.NewMySQLBackend, "postgresql": physPostgreSQL.NewPostgreSQLBackend, "s3": physS3.NewS3Backend, + "spanner": physSpanner.NewBackend, "swift": physSwift.NewSwiftBackend, "zookeeper": physZooKeeper.NewZooKeeperBackend, } diff --git a/physical/spanner/spanner.go b/physical/spanner/spanner.go new file mode 100644 index 000000000000..e6428e655b5c --- /dev/null +++ b/physical/spanner/spanner.go @@ -0,0 +1,343 @@ +package spanner + +import ( + "fmt" + "os" + "sort" + "strconv" + "strings" + "time" + + metrics "github.com/armon/go-metrics" + "github.com/hashicorp/errwrap" + "github.com/hashicorp/vault/helper/strutil" + "github.com/hashicorp/vault/physical" + log "github.com/mgutz/logxi/v1" + "google.golang.org/api/iterator" + "google.golang.org/grpc/codes" + + "cloud.google.com/go/spanner" + "github.com/pkg/errors" + "golang.org/x/net/context" +) + +// Verify Backend satisfies the correct interfaces +var _ physical.Backend = (*Backend)(nil) +var _ physical.Transactional = (*Backend)(nil) + +const ( + // envDatabase is the name of the environment variable to search for the + // database name. + envDatabase = "GOOGLE_SPANNER_DATABASE" + + // envHAEnabled is the name of the environment variable to search for the + // boolean indicating if HA is enabled. + envHAEnabled = "GOOGLE_SPANNER_HA_ENABLED" + + // envHATable is the name of the environment variable to search for the table + // name to use for HA. + envHATable = "GOOGLE_SPANNER_HA_TABLE" + + // envTable is the name of the environment variable to search for the table + // name. + envTable = "GOOGLE_SPANNER_TABLE" + + // defaultTable is the default table name if none is specified. + defaultTable = "Vault" + + // defaultHASuffix is the default suffix to apply to the table name if no + // HA table is provided. + defaultHASuffix = "HA" +) + +var ( + // metricDelete is the key for the metric for measuring a Delete call. + metricDelete = []string{"spanner", "delete"} + + // metricGet is the key for the metric for measuring a Get call. + metricGet = []string{"spanner", "get"} + + // metricList is the key for the metric for measuring a List call. + metricList = []string{"spanner", "list"} + + // metricPut is the key for the metric for measuring a Put call. + metricPut = []string{"spanner", "put"} +) + +// Backend implements physical.Backend and describes the steps necessary to +// persist data using Google Cloud Spanner. +type Backend struct { + // database is the name of the database to use for data storage and retrieval. + // This is supplied as part of user configuration. + database string + + // table is the name of the table in the database. + table string + + // haTable is the name of the table to use for HA in the database. + haTable string + + // haEnabled indicates if high availability is enabled. Default: true. + haEnabled bool + + // client is the underlying API client for talking to spanner. + client *spanner.Client + + // logger and permitPool are internal constructs. + logger log.Logger + permitPool *physical.PermitPool +} + +// NewBackend creates a new Google Spanner storage backend with the given +// configuration. This uses the official Golang Cloud SDK and therefore supports +// specifying credentials via envvars, credential files, etc. +func NewBackend(c map[string]string, logger log.Logger) (physical.Backend, error) { + logger.Debug("physical/spanner: configuring backend") + + // Database name + database := os.Getenv(envDatabase) + if database == "" { + database = c["database"] + } + if database == "" { + return nil, errors.New("missing database name") + } + + // Table name + table := os.Getenv(envTable) + if table == "" { + table = c["table"] + } + if table == "" { + table = defaultTable + } + + // HA table name + haTable := os.Getenv(envHATable) + if haTable == "" { + haTable = c["ha_table"] + } + if haTable == "" { + haTable = table + defaultHASuffix + } + + // HA configuration + haEnabled := false + haEnabledStr := os.Getenv(envHAEnabled) + if haEnabledStr == "" { + haEnabledStr = c["ha_enabled"] + } + if haEnabledStr != "" { + var err error + haEnabled, err = strconv.ParseBool(haEnabledStr) + if err != nil { + return nil, errwrap.Wrapf("failed to parse HA enabled: {{err}}", err) + } + } + + // Max parallel + maxParallel, err := extractInt(c["max_parallel"]) + if err != nil { + return nil, errwrap.Wrapf("failed to parse max_parallel: {{err}}", err) + } + + logger.Debug("physical/spanner: configuration", + "database", database, + "table", table, + "haEnabled", haEnabled, + "haTable", haTable, + "maxParallel", maxParallel, + ) + logger.Debug("physical/spanner: creating client") + + ctx := context.Background() + client, err := spanner.NewClient(ctx, database) + if err != nil { + return nil, errwrap.Wrapf("failed to create spanner client: {{err}}", err) + } + + return &Backend{ + database: database, + table: table, + haEnabled: haEnabled, + haTable: haTable, + + client: client, + permitPool: physical.NewPermitPool(maxParallel), + logger: logger, + }, nil +} + +// Put creates or updates an entry. +func (b *Backend) Put(ctx context.Context, entry *physical.Entry) error { + defer metrics.MeasureSince(metricPut, time.Now()) + + // Pooling + b.permitPool.Acquire() + defer b.permitPool.Release() + + // Insert + m := spanner.InsertOrUpdateMap(b.table, map[string]interface{}{ + "Key": entry.Key, + "Value": entry.Value, + }) + if _, err := b.client.Apply(ctx, []*spanner.Mutation{m}); err != nil { + return errwrap.Wrapf("failed to put data: {{err}}", err) + } + return nil +} + +// Get fetches an entry. If there is no entry, this function returns nil. +func (b *Backend) Get(ctx context.Context, key string) (*physical.Entry, error) { + defer metrics.MeasureSince(metricList, time.Now()) + + // Pooling + b.permitPool.Acquire() + defer b.permitPool.Release() + + // Read + row, err := b.client.Single().ReadRow(ctx, b.table, spanner.Key{key}, []string{"Value"}) + if spanner.ErrCode(err) == codes.NotFound { + return nil, nil + } + if err != nil { + return nil, errwrap.Wrapf(fmt.Sprintf("failed to read value for %q: {{err}}", key), err) + } + + var value []byte + if err := row.Column(0, &value); err != nil { + return nil, errwrap.Wrapf("failed to decode value into bytes: {{err}}", err) + } + + return &physical.Entry{ + Key: key, + Value: value, + }, nil +} + +// Delete deletes an entry with the given key. +func (b *Backend) Delete(ctx context.Context, key string) error { + defer metrics.MeasureSince(metricDelete, time.Now()) + + // Pooling + b.permitPool.Acquire() + defer b.permitPool.Release() + + // Delete + m := spanner.Delete(b.table, spanner.Key{key}) + if _, err := b.client.Apply(ctx, []*spanner.Mutation{m}); err != nil { + return errwrap.Wrapf("failed to delete key: {{err}}", err) + } + + return nil +} + +// List enumerates all keys with the given prefix. +func (b *Backend) List(ctx context.Context, prefix string) ([]string, error) { + defer metrics.MeasureSince(metricList, time.Now()) + + // Pooling + b.permitPool.Acquire() + defer b.permitPool.Release() + + // Sanitize + safeTable := sanitizeTable(b.table) + + // List + iter := b.client.Single().Query(ctx, spanner.Statement{ + SQL: "SELECT Key FROM " + safeTable + " WHERE STARTS_WITH(Key, @prefix)", + Params: map[string]interface{}{ + "prefix": prefix, + }, + }) + defer iter.Stop() + + var keys []string + + for { + row, err := iter.Next() + if err == iterator.Done { + break + } + if err != nil { + return nil, errwrap.Wrapf("failed to read row: {{err}}", err) + } + + var key string + if err := row.Column(0, &key); err != nil { + return nil, errwrap.Wrapf("failed to decode key into string: {{err}}", err) + } + + // The results will include the full prefix (folder) and any deeply-nested + // prefixes (subfolders). Vault expects only the top-most things to be + // included. + key = strings.TrimPrefix(key, prefix) + if i := strings.Index(key, "/"); i == -1 { + // Add objects only from the current 'folder' + keys = append(keys, key) + } else { + // Add truncated 'folder' paths + keys = strutil.AppendIfMissing(keys, string(key[:i+1])) + } + } + + // Sort because the resulting order is not predictable + sort.Strings(keys) + + return keys, nil +} + +// Transaction runs multiple entries via a single transaction. +func (b *Backend) Transaction(ctx context.Context, txns []*physical.TxnEntry) error { + // Quit early if we can + if len(txns) == 0 { + return nil + } + + // Build all the ops before taking out the pool + ms := make([]*spanner.Mutation, len(txns)) + for i, tx := range txns { + op, key, value := tx.Operation, tx.Entry.Key, tx.Entry.Value + + switch op { + case physical.DeleteOperation: + ms[i] = spanner.Delete(b.table, spanner.Key{key}) + case physical.PutOperation: + ms[i] = spanner.InsertOrUpdateMap(b.table, map[string]interface{}{ + "Key": key, + "Value": value, + }) + default: + return fmt.Errorf("unsupported transaction operation: %q", op) + } + } + + // Pooling + b.permitPool.Acquire() + defer b.permitPool.Release() + + // Transactivate! + if _, err := b.client.Apply(ctx, ms); err != nil { + return errwrap.Wrapf("failed to commit transaction: {{err}}", err) + } + + return nil +} + +// extractInt is a helper function that takes a string and converts that string +// to an int, but accounts for the empty string. +func extractInt(s string) (int, error) { + if s == "" { + return 0, nil + } + return strconv.Atoi(s) +} + +// sanitizeTable attempts to sanitize the table name. +func sanitizeTable(s string) string { + end := strings.IndexRune(s, 0) + if end > -1 { + s = s[:end] + } + return strings.Replace(s, `"`, `""`, -1) +} diff --git a/physical/spanner/spanner_ha.go b/physical/spanner/spanner_ha.go new file mode 100644 index 000000000000..5a1a9207d940 --- /dev/null +++ b/physical/spanner/spanner_ha.go @@ -0,0 +1,411 @@ +package spanner + +import ( + "fmt" + "sync" + "time" + + "cloud.google.com/go/spanner" + metrics "github.com/armon/go-metrics" + "github.com/hashicorp/errwrap" + uuid "github.com/hashicorp/go-uuid" + "github.com/hashicorp/vault/physical" + "github.com/pkg/errors" + "golang.org/x/net/context" + "google.golang.org/grpc/codes" +) + +// Verify Backend satisfies the correct interfaces +var _ physical.HABackend = (*Backend)(nil) +var _ physical.Lock = (*Lock)(nil) + +const ( + // LockRenewInterval is the time to wait between lock renewals. + LockRenewInterval = 5 * time.Second + + // LockRetryInterval is the amount of time to wait if the lock fails before + // trying again. + LockRetryInterval = 5 * time.Second + + // LockTTL is the default lock TTL. + LockTTL = 15 * time.Second + + // LockWatchRetryInterval is the amount of time to wait if a watch fails + // before trying again. + LockWatchRetryInterval = 5 * time.Second + + // LockWatchRetryMax is the number of times to retry a failed watch before + // signaling that leadership is lost. + LockWatchRetryMax = 5 +) + +var ( + // metricLockUnlock is the metric to register for a lock delete. + metricLockUnlock = []string{"spanner", "lock", "unlock"} + + // metricLockGet is the metric to register for a lock get. + metricLockLock = []string{"spanner", "lock", "lock"} + + // metricLockValue is the metric to register for a lock create/update. + metricLockValue = []string{"spanner", "lock", "value"} +) + +// Lock is the HA lock. +type Lock struct { + // backend is the underlying physical backend. + backend *Backend + + // key is the name of the key. value is the value of the key. + key, value string + + // held is a boolean indicating if the lock is currently held. + held bool + + // identity is the internal identity of this key (unique to this server + // instance). + identity string + + // lock is an internal lock + lock sync.Mutex + + // stopCh is the channel that stops all operations. It may be closed in the + // event of a leader loss or graceful shutdown. stopped is a boolean + // indicating if we are stopped - it exists to prevent double closing the + // channel. stopLock is a mutex around the locks. + stopCh chan struct{} + stopped bool + stopLock sync.Mutex + + // Allow modifying the Lock durations for ease of unit testing. + renewInterval time.Duration + retryInterval time.Duration + ttl time.Duration + watchRetryInterval time.Duration + watchRetryMax int +} + +// LockRecord is the struct that corresponds to a lock. +type LockRecord struct { + Key string + Value string + Identity string + Timestamp time.Time +} + +// HAEnabled implements HABackend and indicates that this backend supports high +// availability. +func (b *Backend) HAEnabled() bool { + return b.haEnabled +} + +// LockWith acquires a mutual exclusion based on the given key. +func (b *Backend) LockWith(key, value string) (physical.Lock, error) { + identity, err := uuid.GenerateUUID() + if err != nil { + return nil, errwrap.Wrapf("lock with: {{err}}", err) + } + return &Lock{ + backend: b, + key: key, + value: value, + identity: identity, + stopped: true, + + renewInterval: LockRenewInterval, + retryInterval: LockRetryInterval, + ttl: LockTTL, + watchRetryInterval: LockWatchRetryInterval, + watchRetryMax: LockWatchRetryMax, + }, nil +} + +// Lock acquires the given lock. The stopCh is optional. If closed, it +// interrupts the lock acquisition attempt. The returned channel should be +// closed when leadership is lost. +func (l *Lock) Lock(stopCh <-chan struct{}) (<-chan struct{}, error) { + defer metrics.MeasureSince(metricLockLock, time.Now()) + + l.lock.Lock() + defer l.lock.Unlock() + if l.held { + return nil, errors.New("lock already held") + } + + // Attempt to lock - this function blocks until a lock is acquired or an error + // occurs. + acquired, err := l.attemptLock(stopCh) + if err != nil { + return nil, errwrap.Wrapf("lock: {{err}}", err) + } + if !acquired { + return nil, nil + } + + // We have the lock now + l.held = true + + // Build the locks + l.stopLock.Lock() + l.stopCh = make(chan struct{}) + l.stopped = false + l.stopLock.Unlock() + + // Periodically renew and watch the lock + go l.renewLock() + go l.watchLock() + + return l.stopCh, nil +} + +// Unlock releases the lock. +func (l *Lock) Unlock() error { + defer metrics.MeasureSince(metricLockUnlock, time.Now()) + + l.lock.Lock() + defer l.lock.Unlock() + if !l.held { + return nil + } + + // Stop any existing locking or renewal attempts + l.stopLock.Lock() + if !l.stopped { + l.stopped = true + close(l.stopCh) + } + l.stopLock.Unlock() + + // Pooling + l.backend.permitPool.Acquire() + defer l.backend.permitPool.Release() + + // Delete + ctx := context.Background() + if _, err := l.backend.client.ReadWriteTransaction(ctx, func(ctx context.Context, txn *spanner.ReadWriteTransaction) error { + row, err := txn.ReadRow(ctx, l.backend.haTable, spanner.Key{l.key}, []string{"Identity"}) + if err != nil { + if spanner.ErrCode(err) != codes.NotFound { + return nil + } + return err + } + + var r LockRecord + if derr := row.ToStruct(&r); derr != nil { + return errwrap.Wrapf("failed to decode to struct: {{err}}", derr) + } + + // If the identity is different, that means that between the time that after + // we stopped acquisition, the TTL expired and someone else grabbed the + // lock. We do not want to delete a lock that is not our own. + if r.Identity != l.identity { + return nil + } + + return txn.BufferWrite([]*spanner.Mutation{ + spanner.Delete(l.backend.haTable, spanner.Key{l.key}), + }) + }); err != nil { + return errwrap.Wrapf("unlock: {{err}}", err) + } + + // We are no longer holding the lock + l.held = false + + return nil +} + +// Value returns the value of the lock and if it is held. +func (l *Lock) Value() (bool, string, error) { + defer metrics.MeasureSince(metricLockValue, time.Now()) + + r, err := l.get(context.Background()) + if err != nil { + return false, "", err + } + if r == nil { + return false, "", err + } + return true, string(r.Value), nil +} + +// attemptLock attempts to acquire a lock. If the given channel is closed, the +// acquisition attempt stops. This function returns when a lock is acquired or +// an error occurs. +func (l *Lock) attemptLock(stopCh <-chan struct{}) (bool, error) { + ticker := time.NewTicker(l.retryInterval) + defer ticker.Stop() + + for { + select { + case <-ticker.C: + acquired, err := l.writeLock() + if err != nil { + return false, errwrap.Wrapf("attempt lock: {{err}}", err) + } + if !acquired { + continue + } + + return true, nil + case <-stopCh: + return false, nil + } + } +} + +// renewLock renews the given lock until the channel is closed. +func (l *Lock) renewLock() { + ticker := time.NewTicker(l.renewInterval) + defer ticker.Stop() + + for { + select { + case <-ticker.C: + l.writeLock() + case <-l.stopCh: + return + } + } +} + +// watchLock checks whether the lock has changed in the table and closes the +// leader channel accordingly. If an error occurs during the check, watchLock +// will retry the operation and then close the leader channel if it can't +// succeed after retries. +func (l *Lock) watchLock() { + retries := 0 + ticker := time.NewTicker(l.watchRetryInterval) + + for { + // Check if the channel is already closed + select { + case <-l.stopCh: + default: + } + + // Check if we've exceeded retries + if retries >= l.watchRetryMax-1 { + break + } + + // Wait for the timer + <-ticker.C + + // Attempt to read the key + r, err := l.get(context.Background()) + if err != nil { + retries++ + continue + } + + // Verify the identity is the same + if r == nil || r.Identity != l.identity { + break + } + } + + l.stopLock.Lock() + defer l.stopLock.Unlock() + if !l.stopped { + l.stopped = true + close(l.stopCh) + } +} + +// writeLock writes the given lock using the following algorith: +// +// - lock does not exist +// - write the lock +// - lock exists +// - if key is empty or identity is the same or timestamp exceeds TTL +// - update the lock to self +func (l *Lock) writeLock() (bool, error) { + // Pooling + l.backend.permitPool.Acquire() + defer l.backend.permitPool.Release() + + // Keep track of whether the lock was written + lockWritten := false + + // Create a transaction to read and the update (maybe) + ctx, cancel := context.WithCancel(context.Background()) + defer cancel() + + // The transaction will be retried, and it could sit in a queue behind, say, + // the delete operation. To stop the transaction, we close the context when + // the associated stopCh is received. + go func() { + select { + case <-l.stopCh: + cancel() + case <-ctx.Done(): + } + }() + + _, err := l.backend.client.ReadWriteTransaction(ctx, func(ctx context.Context, txn *spanner.ReadWriteTransaction) error { + row, err := txn.ReadRow(ctx, l.backend.haTable, spanner.Key{l.key}, []string{"Key", "Identity", "Timestamp"}) + if err != nil && spanner.ErrCode(err) != codes.NotFound { + return err + } + + // If there was a record, verify that the record is still trustable. + if row != nil { + var r LockRecord + if derr := row.ToStruct(&r); derr != nil { + return errwrap.Wrapf("failed to decode to struct: {{err}}", derr) + } + + // If the key is empty or the identity is ours or the ttl expired, we can + // write. Otherwise, return now because we cannot. + if r.Key != "" && r.Identity != l.identity && time.Now().UTC().Sub(r.Timestamp) < l.ttl { + return nil + } + } + + m, err := spanner.InsertOrUpdateStruct(l.backend.haTable, &LockRecord{ + Key: l.key, + Value: l.value, + Identity: l.identity, + Timestamp: time.Now().UTC(), + }) + if err != nil { + return errwrap.Wrapf("failed to generate struct: {{err}}", err) + } + if err := txn.BufferWrite([]*spanner.Mutation{m}); err != nil { + return errwrap.Wrapf("failed to write: {{err}}", err) + } + + // Mark that the lock was acquired + lockWritten = true + + return nil + }) + if err != nil { + return false, errwrap.Wrapf("write lock: {{err}}", err) + } + + return lockWritten, nil +} + +// get retrieves the value for the lock. +func (l *Lock) get(ctx context.Context) (*LockRecord, error) { + // Pooling + l.backend.permitPool.Acquire() + defer l.backend.permitPool.Release() + + // Read + row, err := l.backend.client.Single().ReadRow(ctx, l.backend.haTable, spanner.Key{l.key}, []string{"Key", "Value", "Timestamp", "Identity"}) + if spanner.ErrCode(err) == codes.NotFound { + return nil, nil + } + if err != nil { + return nil, errwrap.Wrapf(fmt.Sprintf("failed to read value for %q: {{err}}", l.key), err) + } + + var r LockRecord + if err := row.ToStruct(&r); err != nil { + return nil, errwrap.Wrapf("failed to decode lock: {{err}}", err) + } + return &r, nil +} diff --git a/physical/spanner/spanner_ha_test.go b/physical/spanner/spanner_ha_test.go new file mode 100644 index 000000000000..8c17c680164f --- /dev/null +++ b/physical/spanner/spanner_ha_test.go @@ -0,0 +1,57 @@ +package spanner + +import ( + "os" + "testing" + + "cloud.google.com/go/spanner" + "github.com/hashicorp/vault/helper/logformat" + "github.com/hashicorp/vault/physical" + log "github.com/mgutz/logxi/v1" + "golang.org/x/net/context" +) + +func TestHABackend(t *testing.T) { + database := os.Getenv("GOOGLE_SPANNER_DATABASE") + if database == "" { + t.Skip("GOOGLE_SPANNER_DATABASE not set") + } + + table := os.Getenv("GOOGLE_SPANNER_TABLE") + if table == "" { + t.Skip("GOOGLE_SPANNER_TABLE not set") + } + + haTable := os.Getenv("GOOGLE_SPANNER_HA_TABLE") + if haTable == "" { + t.Skip("GOOGLE_SPANNER_HA_TABLE not set") + } + + ctx := context.Background() + client, err := spanner.NewClient(ctx, database) + if err != nil { + t.Fatal(err) + } + + testCleanup(t, client, table) + defer testCleanup(t, client, table) + testCleanup(t, client, haTable) + defer testCleanup(t, client, haTable) + + backend, err := NewBackend(map[string]string{ + "database": database, + "table": table, + "ha_table": haTable, + "ha_enabled": "true", + }, logformat.NewVaultLogger(log.LevelTrace)) + if err != nil { + t.Fatal(err) + } + + ha, ok := backend.(physical.HABackend) + if !ok { + t.Fatalf("does not implement") + } + + physical.ExerciseHABackend(t, ha, ha) +} diff --git a/physical/spanner/spanner_test.go b/physical/spanner/spanner_test.go new file mode 100644 index 000000000000..59e784942bb1 --- /dev/null +++ b/physical/spanner/spanner_test.go @@ -0,0 +1,57 @@ +package spanner + +import ( + "os" + "testing" + + "cloud.google.com/go/spanner" + "github.com/hashicorp/vault/helper/logformat" + "github.com/hashicorp/vault/physical" + log "github.com/mgutz/logxi/v1" + "golang.org/x/net/context" +) + +func testCleanup(t testing.TB, client *spanner.Client, table string) { + t.Helper() + + // Delete all data in the table + ctx := context.Background() + m := spanner.Delete(table, spanner.AllKeys()) + if _, err := client.Apply(ctx, []*spanner.Mutation{m}); err != nil { + t.Fatal(err) + } +} + +func TestBackend(t *testing.T) { + database := os.Getenv("GOOGLE_SPANNER_DATABASE") + if database == "" { + t.Skip("GOOGLE_SPANNER_DATABASE not set") + } + + table := os.Getenv("GOOGLE_SPANNER_TABLE") + if table == "" { + t.Skip("GOOGLE_SPANNER_TABLE not set") + } + + ctx := context.Background() + client, err := spanner.NewClient(ctx, database) + if err != nil { + t.Fatal(err) + } + + testCleanup(t, client, table) + defer testCleanup(t, client, table) + + backend, err := NewBackend(map[string]string{ + "database": database, + "table": table, + "ha_enabled": "false", + }, logformat.NewVaultLogger(log.LevelTrace)) + if err != nil { + t.Fatal(err) + } + + physical.ExerciseBackend(t, backend) + physical.ExerciseBackend_ListPrefix(t, backend) + physical.ExerciseTransactionalBackend(t, backend) +} diff --git a/physical/testing.go b/physical/testing.go index f304abab5896..9022f2c0eb8b 100644 --- a/physical/testing.go +++ b/physical/testing.go @@ -8,197 +8,184 @@ import ( "time" ) -func ExerciseBackend(t *testing.T, b Backend) { +func ExerciseBackend(t testing.TB, b Backend) { t.Helper() + // Should be empty keys, err := b.List(context.Background(), "") if err != nil { - t.Fatalf("err: %v", err) + t.Fatalf("initial list failed: %v", err) } if len(keys) != 0 { - t.Fatalf("bad: %v", keys) + t.Errorf("initial not empty: %v", keys) } // Delete should work if it does not exist err = b.Delete(context.Background(), "foo") if err != nil { - t.Fatalf("err: %v", err) + t.Fatalf("idempotent delete: %v", err) } - // Get should fail + // Get should not fail, but be nil out, err := b.Get(context.Background(), "foo") if err != nil { - t.Fatalf("err: %v", err) + t.Fatal("initial get failed: %v", err) } if out != nil { - t.Fatalf("bad: %v", out) + t.Errorf("initial get was not nil: %v", out) } // Make an entry e := &Entry{Key: "foo", Value: []byte("test")} err = b.Put(context.Background(), e) if err != nil { - t.Fatalf("err: %v", err) + t.Fatalf("put failed: %v", err) } // Get should work out, err = b.Get(context.Background(), "foo") if err != nil { - t.Fatalf("err: %v", err) + t.Fatalf("get failed: %v", err) } if !reflect.DeepEqual(out, e) { - t.Fatalf("bad: %v expected: %v", out, e) + t.Errorf("bad: %v expected: %v", out, e) } // List should not be empty keys, err = b.List(context.Background(), "") if err != nil { - t.Fatalf("err: %v", err) - } - if len(keys) != 1 { - t.Fatalf("bad: %v", keys) + t.Fatalf("list failed: %v", err) } - if keys[0] != "foo" { - t.Fatalf("bad: %v", keys) + if len(keys) != 1 || keys[0] != "foo" { + t.Errorf("keys[0] did not equal foo: %v", keys) } // Delete should work err = b.Delete(context.Background(), "foo") if err != nil { - t.Fatalf("err: %v", err) + t.Fatalf("delete: %v", err) } // Should be empty keys, err = b.List(context.Background(), "") if err != nil { - t.Fatalf("err: %v", err) + t.Fatalf("list after delete: %v", err) } if len(keys) != 0 { - t.Fatalf("bad: %v", keys) + t.Errorf("list after delete not empty: %v", keys) } // Get should fail out, err = b.Get(context.Background(), "foo") if err != nil { - t.Fatalf("err: %v", err) + t.Fatalf("get after delete: %v", err) } if out != nil { - t.Fatalf("bad: %v", out) + t.Errorf("get after delete not nil: %v", out) } // Multiple Puts should work; GH-189 e = &Entry{Key: "foo", Value: []byte("test")} err = b.Put(context.Background(), e) if err != nil { - t.Fatalf("err: %v", err) + t.Fatalf("multi put 1 failed: %v", err) } e = &Entry{Key: "foo", Value: []byte("test")} err = b.Put(context.Background(), e) if err != nil { - t.Fatalf("err: %v", err) + t.Fatalf("multi put 2 failed: %v", err) } // Make a nested entry e = &Entry{Key: "foo/bar", Value: []byte("baz")} err = b.Put(context.Background(), e) if err != nil { - t.Fatalf("err: %v", err) + t.Fatalf("nested put failed: %v", err) } keys, err = b.List(context.Background(), "") if err != nil { - t.Fatalf("err: %v", err) - } - if len(keys) != 2 { - t.Fatalf("bad: %v", keys) + t.Fatalf("list multi failed: %v", err) } sort.Strings(keys) - if keys[0] != "foo" || keys[1] != "foo/" { - t.Fatalf("bad: %v", keys) + if len(keys) != 2 || keys[0] != "foo" || keys[1] != "foo/" { + t.Errorf("expected 2 keys [foo, foo/]: %v", keys) } // Delete with children should work err = b.Delete(context.Background(), "foo") if err != nil { - t.Fatalf("err: %v", err) + t.Fatalf("delete after multi: %v", err) } // Get should return the child out, err = b.Get(context.Background(), "foo/bar") if err != nil { - t.Fatalf("err: %v", err) + t.Fatalf("get after multi delete: %v", err) } if out == nil { - t.Fatalf("missing child") + t.Errorf("get after multi delete not nil: %v", out) } // Removal of nested secret should not leave artifacts e = &Entry{Key: "foo/nested1/nested2/nested3", Value: []byte("baz")} err = b.Put(context.Background(), e) if err != nil { - t.Fatalf("err: %v", err) + t.Fatalf("deep nest: %v", err) } err = b.Delete(context.Background(), "foo/nested1/nested2/nested3") if err != nil { - t.Fatalf("failed to remove nested secret: %v", err) + t.Fatalf("failed to remove deep nest: %v", err) } keys, err = b.List(context.Background(), "foo/") if err != nil { t.Fatalf("err: %v", err) } - - if len(keys) != 1 { - t.Fatalf("there should be only one key left after deleting nested "+ - "secret: %v", keys) - } - - if keys[0] != "bar" { - t.Fatalf("bad keys after deleting nested: %v", keys) + if len(keys) != 1 || keys[0] != "bar" { + t.Errorf("should be exactly 1 key == bar: %v", keys) } // Make a second nested entry to test prefix removal e = &Entry{Key: "foo/zip", Value: []byte("zap")} err = b.Put(context.Background(), e) if err != nil { - t.Fatalf("err: %v", err) + t.Fatalf("failed to create second nested: %v", err) } // Delete should not remove the prefix err = b.Delete(context.Background(), "foo/bar") if err != nil { - t.Fatalf("err: %v", err) + t.Fatalf("failed to delete nested prefix: %v", err) } keys, err = b.List(context.Background(), "") if err != nil { - t.Fatalf("err: %v", err) - } - if len(keys) != 1 { - t.Fatalf("bad: %v", keys) + t.Fatalf("list nested prefix: %v", err) } - if keys[0] != "foo/" { - t.Fatalf("bad: %v", keys) + if len(keys) != 1 || keys[0] != "foo/" { + t.Errorf("should be exactly 1 key == foo/: %v", keys) } // Delete should remove the prefix err = b.Delete(context.Background(), "foo/zip") if err != nil { - t.Fatalf("err: %v", err) + t.Fatalf("failed to delete second prefix: %v", err) } keys, err = b.List(context.Background(), "") if err != nil { - t.Fatalf("err: %v", err) + t.Fatalf("listing after second delete failed: %v", err) } if len(keys) != 0 { - t.Fatalf("bad: %v", keys) + t.Errorf("should be empty at end: %v", keys) } } -func ExerciseBackend_ListPrefix(t *testing.T, b Backend) { +func ExerciseBackend_ListPrefix(t testing.TB, b Backend) { t.Helper() + e1 := &Entry{Key: "foo", Value: []byte("test")} e2 := &Entry{Key: "foo/bar", Value: []byte("test")} e3 := &Entry{Key: "foo/bar/baz", Value: []byte("test")} @@ -211,78 +198,64 @@ func ExerciseBackend_ListPrefix(t *testing.T, b Backend) { err := b.Put(context.Background(), e1) if err != nil { - t.Fatalf("err: %v", err) + t.Fatalf("failed to put entry 1: %v", err) } err = b.Put(context.Background(), e2) if err != nil { - t.Fatalf("err: %v", err) + t.Fatalf("failed to put entry 2: %v", err) } err = b.Put(context.Background(), e3) if err != nil { - t.Fatalf("err: %v", err) + t.Fatalf("failed to put entry 3: %v", err) } // Scan the root keys, err := b.List(context.Background(), "") if err != nil { - t.Fatalf("err: %v", err) - } - if len(keys) != 2 { - t.Fatalf("bad: %v", keys) + t.Fatalf("list root: %v", err) } sort.Strings(keys) - if keys[0] != "foo" { - t.Fatalf("bad: %v", keys) - } - if keys[1] != "foo/" { - t.Fatalf("bad: %v", keys) + if len(keys) != 2 || keys[0] != "foo" || keys[1] != "foo/" { + t.Errorf("root expected [foo foo/]: %v", keys) } // Scan foo/ keys, err = b.List(context.Background(), "foo/") if err != nil { - t.Fatalf("err: %v", err) - } - if len(keys) != 2 { - t.Fatalf("bad: %v", keys) + t.Fatalf("list level 1: %v", err) } sort.Strings(keys) - if keys[0] != "bar" { - t.Fatalf("bad: %v", keys) - } - if keys[1] != "bar/" { - t.Fatalf("bad: %v", keys) + if len(keys) != 2 || keys[0] != "bar" || keys[1] != "bar/" { + t.Errorf("level 1 expected [bar bar/]: %v", keys) } // Scan foo/bar/ keys, err = b.List(context.Background(), "foo/bar/") if err != nil { - t.Fatalf("err: %v", err) + t.Fatalf("list level 2: %v", err) } sort.Strings(keys) - if len(keys) != 1 { - t.Fatalf("bad: %v", keys) - } - if keys[0] != "baz" { - t.Fatalf("bad: %v", keys) + if len(keys) != 1 || keys[0] != "baz" { + t.Errorf("level 1 expected [baz]: %v", keys) } } -func ExerciseHABackend(t *testing.T, b HABackend, b2 HABackend) { +func ExerciseHABackend(t testing.TB, b HABackend, b2 HABackend) { t.Helper() + // Get the lock lock, err := b.LockWith("foo", "bar") if err != nil { - t.Fatalf("err: %v", err) + t.Fatalf("initial lock: %v", err) } // Attempt to lock leaderCh, err := lock.Lock(nil) if err != nil { - t.Fatalf("err: %v", err) + t.Fatalf("lock attempt 1: %v", err) } if leaderCh == nil { - t.Fatalf("failed to get leader ch") + t.Fatalf("missing leaderCh") } // Check the value @@ -291,16 +264,16 @@ func ExerciseHABackend(t *testing.T, b HABackend, b2 HABackend) { t.Fatalf("err: %v", err) } if !held { - t.Fatalf("should be held") + t.Errorf("should be held") } if val != "bar" { - t.Fatalf("bad value: %v", err) + t.Errorf("expected value bar: %v", err) } // Second acquisition should fail lock2, err := b2.LockWith("foo", "baz") if err != nil { - t.Fatalf("err: %v", err) + t.Fatalf("lock 2: %v", err) } // Cancel attempt in 50 msec @@ -312,10 +285,10 @@ func ExerciseHABackend(t *testing.T, b HABackend, b2 HABackend) { // Attempt to lock leaderCh2, err := lock2.Lock(stopCh) if err != nil { - t.Fatalf("err: %v", err) + t.Fatalf("stop lock 2: %v", err) } if leaderCh2 != nil { - t.Fatalf("should not get leader ch") + t.Errorf("should not have gotten leaderCh: %v", leaderCh) } // Release the first lock @@ -324,28 +297,29 @@ func ExerciseHABackend(t *testing.T, b HABackend, b2 HABackend) { // Attempt to lock should work leaderCh2, err = lock2.Lock(nil) if err != nil { - t.Fatalf("err: %v", err) + t.Fatalf("lock 2 lock: %v", err) } if leaderCh2 == nil { - t.Fatalf("should get leader ch") + t.Errorf("should get leaderCh") } // Check the value held, val, err = lock.Value() if err != nil { - t.Fatalf("err: %v", err) + t.Fatalf("value: %v", err) } if !held { - t.Fatalf("should be held") + t.Errorf("should still be held") } if val != "baz" { - t.Fatalf("bad value: %v", err) + t.Errorf("expected value baz: %v", err) } + // Cleanup lock2.Unlock() } -func ExerciseTransactionalBackend(t *testing.T, b Backend) { +func ExerciseTransactionalBackend(t testing.TB, b Backend) { t.Helper() tb, ok := b.(Transactional) if !ok { @@ -400,7 +374,7 @@ func ExerciseTransactionalBackend(t *testing.T, b Backend) { } } -func SetupTestingTransactions(t *testing.T, b Backend) []*TxnEntry { +func SetupTestingTransactions(t testing.TB, b Backend) []*TxnEntry { t.Helper() // Add a few keys so that we test rollback with deletion if err := b.Put(context.Background(), &Entry{ diff --git a/vendor/cloud.google.com/go/civil/civil.go b/vendor/cloud.google.com/go/civil/civil.go new file mode 100644 index 000000000000..1cb2675bdf29 --- /dev/null +++ b/vendor/cloud.google.com/go/civil/civil.go @@ -0,0 +1,277 @@ +// Copyright 2016 Google Inc. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Package civil implements types for civil time, a time-zone-independent +// representation of time that follows the rules of the proleptic +// Gregorian calendar with exactly 24-hour days, 60-minute hours, and 60-second +// minutes. +// +// Because they lack location information, these types do not represent unique +// moments or intervals of time. Use time.Time for that purpose. +package civil + +import ( + "fmt" + "time" +) + +// A Date represents a date (year, month, day). +// +// This type does not include location information, and therefore does not +// describe a unique 24-hour timespan. +type Date struct { + Year int // Year (e.g., 2014). + Month time.Month // Month of the year (January = 1, ...). + Day int // Day of the month, starting at 1. +} + +// DateOf returns the Date in which a time occurs in that time's location. +func DateOf(t time.Time) Date { + var d Date + d.Year, d.Month, d.Day = t.Date() + return d +} + +// ParseDate parses a string in RFC3339 full-date format and returns the date value it represents. +func ParseDate(s string) (Date, error) { + t, err := time.Parse("2006-01-02", s) + if err != nil { + return Date{}, err + } + return DateOf(t), nil +} + +// String returns the date in RFC3339 full-date format. +func (d Date) String() string { + return fmt.Sprintf("%04d-%02d-%02d", d.Year, d.Month, d.Day) +} + +// IsValid reports whether the date is valid. +func (d Date) IsValid() bool { + return DateOf(d.In(time.UTC)) == d +} + +// In returns the time corresponding to time 00:00:00 of the date in the location. +// +// In is always consistent with time.Date, even when time.Date returns a time +// on a different day. For example, if loc is America/Indiana/Vincennes, then both +// time.Date(1955, time.May, 1, 0, 0, 0, 0, loc) +// and +// civil.Date{Year: 1955, Month: time.May, Day: 1}.In(loc) +// return 23:00:00 on April 30, 1955. +// +// In panics if loc is nil. +func (d Date) In(loc *time.Location) time.Time { + return time.Date(d.Year, d.Month, d.Day, 0, 0, 0, 0, loc) +} + +// AddDays returns the date that is n days in the future. +// n can also be negative to go into the past. +func (d Date) AddDays(n int) Date { + return DateOf(d.In(time.UTC).AddDate(0, 0, n)) +} + +// DaysSince returns the signed number of days between the date and s, not including the end day. +// This is the inverse operation to AddDays. +func (d Date) DaysSince(s Date) (days int) { + // We convert to Unix time so we do not have to worry about leap seconds: + // Unix time increases by exactly 86400 seconds per day. + deltaUnix := d.In(time.UTC).Unix() - s.In(time.UTC).Unix() + return int(deltaUnix / 86400) +} + +// Before reports whether d1 occurs before d2. +func (d1 Date) Before(d2 Date) bool { + if d1.Year != d2.Year { + return d1.Year < d2.Year + } + if d1.Month != d2.Month { + return d1.Month < d2.Month + } + return d1.Day < d2.Day +} + +// After reports whether d1 occurs after d2. +func (d1 Date) After(d2 Date) bool { + return d2.Before(d1) +} + +// MarshalText implements the encoding.TextMarshaler interface. +// The output is the result of d.String(). +func (d Date) MarshalText() ([]byte, error) { + return []byte(d.String()), nil +} + +// UnmarshalText implements the encoding.TextUnmarshaler interface. +// The date is expected to be a string in a format accepted by ParseDate. +func (d *Date) UnmarshalText(data []byte) error { + var err error + *d, err = ParseDate(string(data)) + return err +} + +// A Time represents a time with nanosecond precision. +// +// This type does not include location information, and therefore does not +// describe a unique moment in time. +// +// This type exists to represent the TIME type in storage-based APIs like BigQuery. +// Most operations on Times are unlikely to be meaningful. Prefer the DateTime type. +type Time struct { + Hour int // The hour of the day in 24-hour format; range [0-23] + Minute int // The minute of the hour; range [0-59] + Second int // The second of the minute; range [0-59] + Nanosecond int // The nanosecond of the second; range [0-999999999] +} + +// TimeOf returns the Time representing the time of day in which a time occurs +// in that time's location. It ignores the date. +func TimeOf(t time.Time) Time { + var tm Time + tm.Hour, tm.Minute, tm.Second = t.Clock() + tm.Nanosecond = t.Nanosecond() + return tm +} + +// ParseTime parses a string and returns the time value it represents. +// ParseTime accepts an extended form of the RFC3339 partial-time format. After +// the HH:MM:SS part of the string, an optional fractional part may appear, +// consisting of a decimal point followed by one to nine decimal digits. +// (RFC3339 admits only one digit after the decimal point). +func ParseTime(s string) (Time, error) { + t, err := time.Parse("15:04:05.999999999", s) + if err != nil { + return Time{}, err + } + return TimeOf(t), nil +} + +// String returns the date in the format described in ParseTime. If Nanoseconds +// is zero, no fractional part will be generated. Otherwise, the result will +// end with a fractional part consisting of a decimal point and nine digits. +func (t Time) String() string { + s := fmt.Sprintf("%02d:%02d:%02d", t.Hour, t.Minute, t.Second) + if t.Nanosecond == 0 { + return s + } + return s + fmt.Sprintf(".%09d", t.Nanosecond) +} + +// IsValid reports whether the time is valid. +func (t Time) IsValid() bool { + // Construct a non-zero time. + tm := time.Date(2, 2, 2, t.Hour, t.Minute, t.Second, t.Nanosecond, time.UTC) + return TimeOf(tm) == t +} + +// MarshalText implements the encoding.TextMarshaler interface. +// The output is the result of t.String(). +func (t Time) MarshalText() ([]byte, error) { + return []byte(t.String()), nil +} + +// UnmarshalText implements the encoding.TextUnmarshaler interface. +// The time is expected to be a string in a format accepted by ParseTime. +func (t *Time) UnmarshalText(data []byte) error { + var err error + *t, err = ParseTime(string(data)) + return err +} + +// A DateTime represents a date and time. +// +// This type does not include location information, and therefore does not +// describe a unique moment in time. +type DateTime struct { + Date Date + Time Time +} + +// Note: We deliberately do not embed Date into DateTime, to avoid promoting AddDays and Sub. + +// DateTimeOf returns the DateTime in which a time occurs in that time's location. +func DateTimeOf(t time.Time) DateTime { + return DateTime{ + Date: DateOf(t), + Time: TimeOf(t), + } +} + +// ParseDateTime parses a string and returns the DateTime it represents. +// ParseDateTime accepts a variant of the RFC3339 date-time format that omits +// the time offset but includes an optional fractional time, as described in +// ParseTime. Informally, the accepted format is +// YYYY-MM-DDTHH:MM:SS[.FFFFFFFFF] +// where the 'T' may be a lower-case 't'. +func ParseDateTime(s string) (DateTime, error) { + t, err := time.Parse("2006-01-02T15:04:05.999999999", s) + if err != nil { + t, err = time.Parse("2006-01-02t15:04:05.999999999", s) + if err != nil { + return DateTime{}, err + } + } + return DateTimeOf(t), nil +} + +// String returns the date in the format described in ParseDate. +func (dt DateTime) String() string { + return dt.Date.String() + "T" + dt.Time.String() +} + +// IsValid reports whether the datetime is valid. +func (dt DateTime) IsValid() bool { + return dt.Date.IsValid() && dt.Time.IsValid() +} + +// In returns the time corresponding to the DateTime in the given location. +// +// If the time is missing or ambigous at the location, In returns the same +// result as time.Date. For example, if loc is America/Indiana/Vincennes, then +// both +// time.Date(1955, time.May, 1, 0, 30, 0, 0, loc) +// and +// civil.DateTime{ +// civil.Date{Year: 1955, Month: time.May, Day: 1}}, +// civil.Time{Minute: 30}}.In(loc) +// return 23:30:00 on April 30, 1955. +// +// In panics if loc is nil. +func (dt DateTime) In(loc *time.Location) time.Time { + return time.Date(dt.Date.Year, dt.Date.Month, dt.Date.Day, dt.Time.Hour, dt.Time.Minute, dt.Time.Second, dt.Time.Nanosecond, loc) +} + +// Before reports whether dt1 occurs before dt2. +func (dt1 DateTime) Before(dt2 DateTime) bool { + return dt1.In(time.UTC).Before(dt2.In(time.UTC)) +} + +// After reports whether dt1 occurs after dt2. +func (dt1 DateTime) After(dt2 DateTime) bool { + return dt2.Before(dt1) +} + +// MarshalText implements the encoding.TextMarshaler interface. +// The output is the result of dt.String(). +func (dt DateTime) MarshalText() ([]byte, error) { + return []byte(dt.String()), nil +} + +// UnmarshalText implements the encoding.TextUnmarshaler interface. +// The datetime is expected to be a string in a format accepted by ParseDateTime +func (dt *DateTime) UnmarshalText(data []byte) error { + var err error + *dt, err = ParseDateTime(string(data)) + return err +} diff --git a/vendor/cloud.google.com/go/internal/atomiccache/atomiccache.go b/vendor/cloud.google.com/go/internal/atomiccache/atomiccache.go new file mode 100644 index 000000000000..2bea8a150238 --- /dev/null +++ b/vendor/cloud.google.com/go/internal/atomiccache/atomiccache.go @@ -0,0 +1,58 @@ +// Copyright 2016 Google Inc. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Package atomiccache provides a map-based cache that supports very fast +// reads. +package atomiccache + +import ( + "sync" + "sync/atomic" +) + +type mapType map[interface{}]interface{} + +// Cache is a map-based cache that supports fast reads via use of atomics. +// Writes are slow, requiring a copy of the entire cache. +// The zero Cache is an empty cache, ready for use. +type Cache struct { + val atomic.Value // mapType + mu sync.Mutex // used only by writers +} + +// Get returns the value of the cache at key. If there is no value, +// getter is called to provide one, and the cache is updated. +// The getter function may be called concurrently. It should be pure, +// returning the same value for every call. +func (c *Cache) Get(key interface{}, getter func() interface{}) interface{} { + mp, _ := c.val.Load().(mapType) + if v, ok := mp[key]; ok { + return v + } + + // Compute value without lock. + // Might duplicate effort but won't hold other computations back. + newV := getter() + + c.mu.Lock() + mp, _ = c.val.Load().(mapType) + newM := make(mapType, len(mp)+1) + for k, v := range mp { + newM[k] = v + } + newM[key] = newV + c.val.Store(newM) + c.mu.Unlock() + return newV +} diff --git a/vendor/cloud.google.com/go/internal/fields/fields.go b/vendor/cloud.google.com/go/internal/fields/fields.go new file mode 100644 index 000000000000..882820f6e69a --- /dev/null +++ b/vendor/cloud.google.com/go/internal/fields/fields.go @@ -0,0 +1,468 @@ +// Copyright 2016 Google Inc. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Package fields provides a view of the fields of a struct that follows the Go +// rules, amended to consider tags and case insensitivity. +// +// Usage +// +// First define a function that interprets tags: +// +// func parseTag(st reflect.StructTag) (name string, keep bool, other interface{}, err error) { ... } +// +// The function's return values describe whether to ignore the field +// completely or provide an alternate name, as well as other data from the +// parse that is stored to avoid re-parsing. +// +// Then define a function to validate the type: +// +// func validate(t reflect.Type) error { ... } +// +// Then, if necessary, define a function to specify leaf types - types +// which should be considered one field and not be recursed into: +// +// func isLeafType(t reflect.Type) bool { ... } +// +// eg: +// +// func isLeafType(t reflect.Type) bool { +// return t == reflect.TypeOf(time.Time{}) +// } +// +// Next, construct a Cache, passing your functions. As its name suggests, a +// Cache remembers validation and field information for a type, so subsequent +// calls with the same type are very fast. +// +// cache := fields.NewCache(parseTag, validate, isLeafType) +// +// To get the fields of a struct type as determined by the above rules, call +// the Fields method: +// +// fields, err := cache.Fields(reflect.TypeOf(MyStruct{})) +// +// The return value can be treated as a slice of Fields. +// +// Given a string, such as a key or column name obtained during unmarshalling, +// call Match on the list of fields to find a field whose name is the best +// match: +// +// field := fields.Match(name) +// +// Match looks for an exact match first, then falls back to a case-insensitive +// comparison. +package fields + +import ( + "bytes" + "errors" + "reflect" + "sort" + "strings" + + "cloud.google.com/go/internal/atomiccache" +) + +// A Field records information about a struct field. +type Field struct { + Name string // effective field name + NameFromTag bool // did Name come from a tag? + Type reflect.Type // field type + Index []int // index sequence, for reflect.Value.FieldByIndex + ParsedTag interface{} // third return value of the parseTag function + + nameBytes []byte + equalFold func(s, t []byte) bool +} + +type ParseTagFunc func(reflect.StructTag) (name string, keep bool, other interface{}, err error) + +type ValidateFunc func(reflect.Type) error + +type LeafTypesFunc func(reflect.Type) bool + +// A Cache records information about the fields of struct types. +// +// A Cache is safe for use by multiple goroutines. +type Cache struct { + parseTag ParseTagFunc + validate ValidateFunc + leafTypes LeafTypesFunc + cache atomiccache.Cache // from reflect.Type to cacheValue +} + +// NewCache constructs a Cache. +// +// Its first argument should be a function that accepts +// a struct tag and returns four values: an alternative name for the field +// extracted from the tag, a boolean saying whether to keep the field or ignore +// it, additional data that is stored with the field information to avoid +// having to parse the tag again, and an error. +// +// Its second argument should be a function that accepts a reflect.Type and +// returns an error if the struct type is invalid in any way. For example, it +// may check that all of the struct field tags are valid, or that all fields +// are of an appropriate type. +func NewCache(parseTag ParseTagFunc, validate ValidateFunc, leafTypes LeafTypesFunc) *Cache { + if parseTag == nil { + parseTag = func(reflect.StructTag) (string, bool, interface{}, error) { + return "", true, nil, nil + } + } + if validate == nil { + validate = func(reflect.Type) error { + return nil + } + } + if leafTypes == nil { + leafTypes = func(reflect.Type) bool { + return false + } + } + + return &Cache{ + parseTag: parseTag, + validate: validate, + leafTypes: leafTypes, + } +} + +// A fieldScan represents an item on the fieldByNameFunc scan work list. +type fieldScan struct { + typ reflect.Type + index []int +} + +// Fields returns all the exported fields of t, which must be a struct type. It +// follows the standard Go rules for embedded fields, modified by the presence +// of tags. The result is sorted lexicographically by index. +// +// These rules apply in the absence of tags: +// Anonymous struct fields are treated as if their inner exported fields were +// fields in the outer struct (embedding). The result includes all fields that +// aren't shadowed by fields at higher level of embedding. If more than one +// field with the same name exists at the same level of embedding, it is +// excluded. An anonymous field that is not of struct type is treated as having +// its type as its name. +// +// Tags modify these rules as follows: +// A field's tag is used as its name. +// An anonymous struct field with a name given in its tag is treated as +// a field having that name, rather than an embedded struct (the struct's +// fields will not be returned). +// If more than one field with the same name exists at the same level of embedding, +// but exactly one of them is tagged, then the tagged field is reported and the others +// are ignored. +func (c *Cache) Fields(t reflect.Type) (List, error) { + if t.Kind() != reflect.Struct { + panic("fields: Fields of non-struct type") + } + return c.cachedTypeFields(t) +} + +// A List is a list of Fields. +type List []Field + +// Match returns the field in the list whose name best matches the supplied +// name, nor nil if no field does. If there is a field with the exact name, it +// is returned. Otherwise the first field (sorted by index) whose name matches +// case-insensitively is returned. +func (l List) Match(name string) *Field { + return l.MatchBytes([]byte(name)) +} + +// MatchBytes is identical to Match, except that the argument is a byte slice. +func (l List) MatchBytes(name []byte) *Field { + var f *Field + for i := range l { + ff := &l[i] + if bytes.Equal(ff.nameBytes, name) { + return ff + } + if f == nil && ff.equalFold(ff.nameBytes, name) { + f = ff + } + } + return f +} + +type cacheValue struct { + fields List + err error +} + +// cachedTypeFields is like typeFields but uses a cache to avoid repeated work. +// This code has been copied and modified from +// https://go.googlesource.com/go/+/go1.7.3/src/encoding/json/encode.go. +func (c *Cache) cachedTypeFields(t reflect.Type) (List, error) { + cv := c.cache.Get(t, func() interface{} { + if err := c.validate(t); err != nil { + return cacheValue{nil, err} + } + f, err := c.typeFields(t) + return cacheValue{List(f), err} + }).(cacheValue) + return cv.fields, cv.err +} + +func (c *Cache) typeFields(t reflect.Type) ([]Field, error) { + fields, err := c.listFields(t) + if err != nil { + return nil, err + } + sort.Sort(byName(fields)) + // Delete all fields that are hidden by the Go rules for embedded fields. + + // The fields are sorted in primary order of name, secondary order of field + // index length. So the first field with a given name is the dominant one. + var out []Field + for advance, i := 0, 0; i < len(fields); i += advance { + // One iteration per name. + // Find the sequence of fields with the name of this first field. + fi := fields[i] + name := fi.Name + for advance = 1; i+advance < len(fields); advance++ { + fj := fields[i+advance] + if fj.Name != name { + break + } + } + // Find the dominant field, if any, out of all fields that have the same name. + dominant, ok := dominantField(fields[i : i+advance]) + if ok { + out = append(out, dominant) + } + } + sort.Sort(byIndex(out)) + return out, nil +} + +func (c *Cache) listFields(t reflect.Type) ([]Field, error) { + // This uses the same condition that the Go language does: there must be a unique instance + // of the match at a given depth level. If there are multiple instances of a match at the + // same depth, they annihilate each other and inhibit any possible match at a lower level. + // The algorithm is breadth first search, one depth level at a time. + + // The current and next slices are work queues: + // current lists the fields to visit on this depth level, + // and next lists the fields on the next lower level. + current := []fieldScan{} + next := []fieldScan{{typ: t}} + + // nextCount records the number of times an embedded type has been + // encountered and considered for queueing in the 'next' slice. + // We only queue the first one, but we increment the count on each. + // If a struct type T can be reached more than once at a given depth level, + // then it annihilates itself and need not be considered at all when we + // process that next depth level. + var nextCount map[reflect.Type]int + + // visited records the structs that have been considered already. + // Embedded pointer fields can create cycles in the graph of + // reachable embedded types; visited avoids following those cycles. + // It also avoids duplicated effort: if we didn't find the field in an + // embedded type T at level 2, we won't find it in one at level 4 either. + visited := map[reflect.Type]bool{} + + var fields []Field // Fields found. + + for len(next) > 0 { + current, next = next, current[:0] + count := nextCount + nextCount = nil + + // Process all the fields at this depth, now listed in 'current'. + // The loop queues embedded fields found in 'next', for processing during the next + // iteration. The multiplicity of the 'current' field counts is recorded + // in 'count'; the multiplicity of the 'next' field counts is recorded in 'nextCount'. + for _, scan := range current { + t := scan.typ + if visited[t] { + // We've looked through this type before, at a higher level. + // That higher level would shadow the lower level we're now at, + // so this one can't be useful to us. Ignore it. + continue + } + visited[t] = true + for i := 0; i < t.NumField(); i++ { + f := t.Field(i) + + exported := (f.PkgPath == "") + + // If a named field is unexported, ignore it. An anonymous + // unexported field is processed, because it may contain + // exported fields, which are visible. + if !exported && !f.Anonymous { + continue + } + + // Examine the tag. + tagName, keep, other, err := c.parseTag(f.Tag) + if err != nil { + return nil, err + } + if !keep { + continue + } + if c.leafTypes(f.Type) { + fields = append(fields, newField(f, tagName, other, scan.index, i)) + continue + } + + var ntyp reflect.Type + if f.Anonymous { + // Anonymous field of type T or *T. + ntyp = f.Type + if ntyp.Kind() == reflect.Ptr { + ntyp = ntyp.Elem() + } + } + + // Record fields with a tag name, non-anonymous fields, or + // anonymous non-struct fields. + if tagName != "" || ntyp == nil || ntyp.Kind() != reflect.Struct { + if !exported { + continue + } + fields = append(fields, newField(f, tagName, other, scan.index, i)) + if count[t] > 1 { + // If there were multiple instances, add a second, + // so that the annihilation code will see a duplicate. + fields = append(fields, fields[len(fields)-1]) + } + continue + } + + // Queue embedded struct fields for processing with next level, + // but only if the embedded types haven't already been queued. + if nextCount[ntyp] > 0 { + nextCount[ntyp] = 2 // exact multiple doesn't matter + continue + } + if nextCount == nil { + nextCount = map[reflect.Type]int{} + } + nextCount[ntyp] = 1 + if count[t] > 1 { + nextCount[ntyp] = 2 // exact multiple doesn't matter + } + var index []int + index = append(index, scan.index...) + index = append(index, i) + next = append(next, fieldScan{ntyp, index}) + } + } + } + return fields, nil +} + +func newField(f reflect.StructField, tagName string, other interface{}, index []int, i int) Field { + name := tagName + if name == "" { + name = f.Name + } + sf := Field{ + Name: name, + NameFromTag: tagName != "", + Type: f.Type, + ParsedTag: other, + nameBytes: []byte(name), + } + sf.equalFold = foldFunc(sf.nameBytes) + sf.Index = append(sf.Index, index...) + sf.Index = append(sf.Index, i) + return sf +} + +// byName sorts fields using the following criteria, in order: +// 1. name +// 2. embedding depth +// 3. tag presence (preferring a tagged field) +// 4. index sequence. +type byName []Field + +func (x byName) Len() int { return len(x) } + +func (x byName) Swap(i, j int) { x[i], x[j] = x[j], x[i] } + +func (x byName) Less(i, j int) bool { + if x[i].Name != x[j].Name { + return x[i].Name < x[j].Name + } + if len(x[i].Index) != len(x[j].Index) { + return len(x[i].Index) < len(x[j].Index) + } + if x[i].NameFromTag != x[j].NameFromTag { + return x[i].NameFromTag + } + return byIndex(x).Less(i, j) +} + +// byIndex sorts field by index sequence. +type byIndex []Field + +func (x byIndex) Len() int { return len(x) } + +func (x byIndex) Swap(i, j int) { x[i], x[j] = x[j], x[i] } + +func (x byIndex) Less(i, j int) bool { + xi := x[i].Index + xj := x[j].Index + ln := len(xi) + if l := len(xj); l < ln { + ln = l + } + for k := 0; k < ln; k++ { + if xi[k] != xj[k] { + return xi[k] < xj[k] + } + } + return len(xi) < len(xj) +} + +// dominantField looks through the fields, all of which are known to have the +// same name, to find the single field that dominates the others using Go's +// embedding rules, modified by the presence of tags. If there are multiple +// top-level fields, the boolean will be false: This condition is an error in +// Go and we skip all the fields. +func dominantField(fs []Field) (Field, bool) { + // The fields are sorted in increasing index-length order, then by presence of tag. + // That means that the first field is the dominant one. We need only check + // for error cases: two fields at top level, either both tagged or neither tagged. + if len(fs) > 1 && len(fs[0].Index) == len(fs[1].Index) && fs[0].NameFromTag == fs[1].NameFromTag { + return Field{}, false + } + return fs[0], true +} + +// ParseStandardTag extracts the sub-tag named by key, then parses it using the +// de facto standard format introduced in encoding/json: +// "-" means "ignore this tag". It must occur by itself. (parseStandardTag returns an error +// in this case, whereas encoding/json accepts the "-" even if it is not alone.) +// "" provides an alternative name for the field +// ",opt1,opt2,..." specifies options after the name. +// The options are returned as a []string. +func ParseStandardTag(key string, t reflect.StructTag) (name string, keep bool, options []string, err error) { + s := t.Get(key) + parts := strings.Split(s, ",") + if parts[0] == "-" { + if len(parts) > 1 { + return "", false, nil, errors.New(`"-" field tag with options`) + } + return "", false, nil, nil + } + if len(parts) > 1 { + options = parts[1:] + } + return parts[0], true, options, nil +} diff --git a/vendor/cloud.google.com/go/internal/fields/fold.go b/vendor/cloud.google.com/go/internal/fields/fold.go new file mode 100644 index 000000000000..10a68189c702 --- /dev/null +++ b/vendor/cloud.google.com/go/internal/fields/fold.go @@ -0,0 +1,156 @@ +// Copyright 2016 Google Inc. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package fields + +// This file was copied from https://go.googlesource.com/go/+/go1.7.3/src/encoding/json/fold.go. +// Only the license and package were changed. + +import ( + "bytes" + "unicode/utf8" +) + +const ( + caseMask = ^byte(0x20) // Mask to ignore case in ASCII. + kelvin = '\u212a' + smallLongEss = '\u017f' +) + +// foldFunc returns one of four different case folding equivalence +// functions, from most general (and slow) to fastest: +// +// 1) bytes.EqualFold, if the key s contains any non-ASCII UTF-8 +// 2) equalFoldRight, if s contains special folding ASCII ('k', 'K', 's', 'S') +// 3) asciiEqualFold, no special, but includes non-letters (including _) +// 4) simpleLetterEqualFold, no specials, no non-letters. +// +// The letters S and K are special because they map to 3 runes, not just 2: +// * S maps to s and to U+017F 'ſ' Latin small letter long s +// * k maps to K and to U+212A 'K' Kelvin sign +// See https://play.golang.org/p/tTxjOc0OGo +// +// The returned function is specialized for matching against s and +// should only be given s. It's not curried for performance reasons. +func foldFunc(s []byte) func(s, t []byte) bool { + nonLetter := false + special := false // special letter + for _, b := range s { + if b >= utf8.RuneSelf { + return bytes.EqualFold + } + upper := b & caseMask + if upper < 'A' || upper > 'Z' { + nonLetter = true + } else if upper == 'K' || upper == 'S' { + // See above for why these letters are special. + special = true + } + } + if special { + return equalFoldRight + } + if nonLetter { + return asciiEqualFold + } + return simpleLetterEqualFold +} + +// equalFoldRight is a specialization of bytes.EqualFold when s is +// known to be all ASCII (including punctuation), but contains an 's', +// 'S', 'k', or 'K', requiring a Unicode fold on the bytes in t. +// See comments on foldFunc. +func equalFoldRight(s, t []byte) bool { + for _, sb := range s { + if len(t) == 0 { + return false + } + tb := t[0] + if tb < utf8.RuneSelf { + if sb != tb { + sbUpper := sb & caseMask + if 'A' <= sbUpper && sbUpper <= 'Z' { + if sbUpper != tb&caseMask { + return false + } + } else { + return false + } + } + t = t[1:] + continue + } + // sb is ASCII and t is not. t must be either kelvin + // sign or long s; sb must be s, S, k, or K. + tr, size := utf8.DecodeRune(t) + switch sb { + case 's', 'S': + if tr != smallLongEss { + return false + } + case 'k', 'K': + if tr != kelvin { + return false + } + default: + return false + } + t = t[size:] + + } + if len(t) > 0 { + return false + } + return true +} + +// asciiEqualFold is a specialization of bytes.EqualFold for use when +// s is all ASCII (but may contain non-letters) and contains no +// special-folding letters. +// See comments on foldFunc. +func asciiEqualFold(s, t []byte) bool { + if len(s) != len(t) { + return false + } + for i, sb := range s { + tb := t[i] + if sb == tb { + continue + } + if ('a' <= sb && sb <= 'z') || ('A' <= sb && sb <= 'Z') { + if sb&caseMask != tb&caseMask { + return false + } + } else { + return false + } + } + return true +} + +// simpleLetterEqualFold is a specialization of bytes.EqualFold for +// use when s is all ASCII letters (no underscores, etc) and also +// doesn't contain 'k', 'K', 's', or 'S'. +// See comments on foldFunc. +func simpleLetterEqualFold(s, t []byte) bool { + if len(s) != len(t) { + return false + } + for i, b := range s { + if b&caseMask != t[i]&caseMask { + return false + } + } + return true +} diff --git a/vendor/cloud.google.com/go/internal/protostruct/protostruct.go b/vendor/cloud.google.com/go/internal/protostruct/protostruct.go new file mode 100644 index 000000000000..5c6f326180e9 --- /dev/null +++ b/vendor/cloud.google.com/go/internal/protostruct/protostruct.go @@ -0,0 +1,56 @@ +// Copyright 2017 Google Inc. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Package protostruct supports operations on the protocol buffer Struct message. +package protostruct + +import ( + pb "github.com/golang/protobuf/ptypes/struct" +) + +// DecodeToMap converts a pb.Struct to a map from strings to Go types. +// DecodeToMap panics if s is invalid. +func DecodeToMap(s *pb.Struct) map[string]interface{} { + if s == nil { + return nil + } + m := map[string]interface{}{} + for k, v := range s.Fields { + m[k] = decodeValue(v) + } + return m +} + +func decodeValue(v *pb.Value) interface{} { + switch k := v.Kind.(type) { + case *pb.Value_NullValue: + return nil + case *pb.Value_NumberValue: + return k.NumberValue + case *pb.Value_StringValue: + return k.StringValue + case *pb.Value_BoolValue: + return k.BoolValue + case *pb.Value_StructValue: + return DecodeToMap(k.StructValue) + case *pb.Value_ListValue: + s := make([]interface{}, len(k.ListValue.Values)) + for i, e := range k.ListValue.Values { + s[i] = decodeValue(e) + } + return s + default: + panic("protostruct: unknown kind") + } +} diff --git a/vendor/cloud.google.com/go/spanner/appengine.go b/vendor/cloud.google.com/go/spanner/appengine.go new file mode 100644 index 000000000000..c8526f140cc5 --- /dev/null +++ b/vendor/cloud.google.com/go/spanner/appengine.go @@ -0,0 +1,20 @@ +// Copyright 2017 Google Inc. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// +build appengine + +package spanner + +// numChannels is the default value for NumChannels of client +const numChannels = 1 diff --git a/vendor/cloud.google.com/go/spanner/backoff.go b/vendor/cloud.google.com/go/spanner/backoff.go new file mode 100644 index 000000000000..d38723843857 --- /dev/null +++ b/vendor/cloud.google.com/go/spanner/backoff.go @@ -0,0 +1,58 @@ +/* +Copyright 2017 Google Inc. All Rights Reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package spanner + +import ( + "math/rand" + "time" +) + +const ( + // minBackoff is the minimum backoff used by default. + minBackoff = 1 * time.Second + // maxBackoff is the maximum backoff used by default. + maxBackoff = 32 * time.Second + // jitter is the jitter factor. + jitter = 0.4 + // rate is the rate of exponential increase in the backoff. + rate = 1.3 +) + +var defaultBackoff = exponentialBackoff{minBackoff, maxBackoff} + +type exponentialBackoff struct { + min, max time.Duration +} + +// delay calculates the delay that should happen at n-th +// exponential backoff in a series. +func (b exponentialBackoff) delay(retries int) time.Duration { + min, max := float64(b.min), float64(b.max) + delay := min + for delay < max && retries > 0 { + delay *= rate + retries-- + } + if delay > max { + delay = max + } + delay -= delay * jitter * rand.Float64() + if delay < min { + delay = min + } + return time.Duration(delay) +} diff --git a/vendor/cloud.google.com/go/spanner/client.go b/vendor/cloud.google.com/go/spanner/client.go new file mode 100644 index 000000000000..2d7191b5c5f1 --- /dev/null +++ b/vendor/cloud.google.com/go/spanner/client.go @@ -0,0 +1,336 @@ +/* +Copyright 2017 Google Inc. All Rights Reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package spanner + +import ( + "fmt" + "regexp" + "sync/atomic" + "time" + + "cloud.google.com/go/internal/version" + "golang.org/x/net/context" + "google.golang.org/api/option" + gtransport "google.golang.org/api/transport/grpc" + sppb "google.golang.org/genproto/googleapis/spanner/v1" + "google.golang.org/grpc" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/metadata" +) + +const ( + prodAddr = "spanner.googleapis.com:443" + + // resourcePrefixHeader is the name of the metadata header used to indicate + // the resource being operated on. + resourcePrefixHeader = "google-cloud-resource-prefix" + // xGoogHeaderKey is the name of the metadata header used to indicate client + // information. + xGoogHeaderKey = "x-goog-api-client" +) + +const ( + // Scope is the scope for Cloud Spanner Data API. + Scope = "https://www.googleapis.com/auth/spanner.data" + + // AdminScope is the scope for Cloud Spanner Admin APIs. + AdminScope = "https://www.googleapis.com/auth/spanner.admin" +) + +var ( + validDBPattern = regexp.MustCompile("^projects/[^/]+/instances/[^/]+/databases/[^/]+$") + xGoogHeaderVal = fmt.Sprintf("gl-go/%s gccl/%s grpc/%s", version.Go(), version.Repo, grpc.Version) +) + +func validDatabaseName(db string) error { + if matched := validDBPattern.MatchString(db); !matched { + return fmt.Errorf("database name %q should conform to pattern %q", + db, validDBPattern.String()) + } + return nil +} + +// Client is a client for reading and writing data to a Cloud Spanner database. A +// client is safe to use concurrently, except for its Close method. +type Client struct { + // rr must be accessed through atomic operations. + rr uint32 + conns []*grpc.ClientConn + clients []sppb.SpannerClient + database string + // Metadata to be sent with each request. + md metadata.MD + idleSessions *sessionPool +} + +// ClientConfig has configurations for the client. +type ClientConfig struct { + // NumChannels is the number of gRPC channels. + // If zero, a reasonable default is used based on the execution environment. + NumChannels int + co []option.ClientOption + // SessionPoolConfig is the configuration for session pool. + SessionPoolConfig +} + +// errDial returns error for dialing to Cloud Spanner. +func errDial(ci int, err error) error { + e := toSpannerError(err).(*Error) + e.decorate(fmt.Sprintf("dialing fails for channel[%v]", ci)) + return e +} + +func contextWithOutgoingMetadata(ctx context.Context, md metadata.MD) context.Context { + existing, ok := metadata.FromOutgoingContext(ctx) + if ok { + md = metadata.Join(existing, md) + } + return metadata.NewOutgoingContext(ctx, md) +} + +// NewClient creates a client to a database. A valid database name has the +// form projects/PROJECT_ID/instances/INSTANCE_ID/databases/DATABASE_ID. It uses a default +// configuration. +func NewClient(ctx context.Context, database string, opts ...option.ClientOption) (*Client, error) { + return NewClientWithConfig(ctx, database, ClientConfig{}, opts...) +} + +// NewClientWithConfig creates a client to a database. A valid database name has the +// form projects/PROJECT_ID/instances/INSTANCE_ID/databases/DATABASE_ID. +func NewClientWithConfig(ctx context.Context, database string, config ClientConfig, opts ...option.ClientOption) (_ *Client, err error) { + ctx = traceStartSpan(ctx, "cloud.google.com/go/spanner.NewClient") + defer func() { traceEndSpan(ctx, err) }() + + // Validate database path. + if err := validDatabaseName(database); err != nil { + return nil, err + } + c := &Client{ + database: database, + md: metadata.Pairs( + resourcePrefixHeader, database, + xGoogHeaderKey, xGoogHeaderVal), + } + allOpts := []option.ClientOption{ + option.WithEndpoint(prodAddr), + option.WithScopes(Scope), + option.WithGRPCDialOption( + grpc.WithDefaultCallOptions( + grpc.MaxCallSendMsgSize(100<<20), + grpc.MaxCallRecvMsgSize(100<<20), + ), + ), + } + allOpts = append(allOpts, openCensusOptions()...) + allOpts = append(allOpts, opts...) + // Prepare gRPC channels. + if config.NumChannels == 0 { + config.NumChannels = numChannels + } + // Default MaxOpened sessions + if config.MaxOpened == 0 { + config.MaxOpened = uint64(config.NumChannels * 100) + } + if config.MaxBurst == 0 { + config.MaxBurst = 10 + } + for i := 0; i < config.NumChannels; i++ { + conn, err := gtransport.Dial(ctx, allOpts...) + if err != nil { + return nil, errDial(i, err) + } + c.conns = append(c.conns, conn) + c.clients = append(c.clients, sppb.NewSpannerClient(conn)) + } + // Prepare session pool. + config.SessionPoolConfig.getRPCClient = func() (sppb.SpannerClient, error) { + // TODO: support more loadbalancing options. + return c.rrNext(), nil + } + sp, err := newSessionPool(database, config.SessionPoolConfig, c.md) + if err != nil { + c.Close() + return nil, err + } + c.idleSessions = sp + return c, nil +} + +// rrNext returns the next available Cloud Spanner RPC client in a round-robin manner. +func (c *Client) rrNext() sppb.SpannerClient { + return c.clients[atomic.AddUint32(&c.rr, 1)%uint32(len(c.clients))] +} + +// Close closes the client. +func (c *Client) Close() { + if c.idleSessions != nil { + c.idleSessions.close() + } + for _, conn := range c.conns { + conn.Close() + } +} + +// Single provides a read-only snapshot transaction optimized for the case +// where only a single read or query is needed. This is more efficient than +// using ReadOnlyTransaction() for a single read or query. +// +// Single will use a strong TimestampBound by default. Use +// ReadOnlyTransaction.WithTimestampBound to specify a different +// TimestampBound. A non-strong bound can be used to reduce latency, or +// "time-travel" to prior versions of the database, see the documentation of +// TimestampBound for details. +func (c *Client) Single() *ReadOnlyTransaction { + t := &ReadOnlyTransaction{singleUse: true, sp: c.idleSessions} + t.txReadOnly.txReadEnv = t + return t +} + +// ReadOnlyTransaction returns a ReadOnlyTransaction that can be used for +// multiple reads from the database. You must call Close() when the +// ReadOnlyTransaction is no longer needed to release resources on the server. +// +// ReadOnlyTransaction will use a strong TimestampBound by default. Use +// ReadOnlyTransaction.WithTimestampBound to specify a different +// TimestampBound. A non-strong bound can be used to reduce latency, or +// "time-travel" to prior versions of the database, see the documentation of +// TimestampBound for details. +func (c *Client) ReadOnlyTransaction() *ReadOnlyTransaction { + t := &ReadOnlyTransaction{ + singleUse: false, + sp: c.idleSessions, + txReadyOrClosed: make(chan struct{}), + } + t.txReadOnly.txReadEnv = t + return t +} + +type transactionInProgressKey struct{} + +func checkNestedTxn(ctx context.Context) error { + if ctx.Value(transactionInProgressKey{}) != nil { + return spannerErrorf(codes.FailedPrecondition, "Cloud Spanner does not support nested transactions") + } + return nil +} + +// ReadWriteTransaction executes a read-write transaction, with retries as +// necessary. +// +// The function f will be called one or more times. It must not maintain +// any state between calls. +// +// If the transaction cannot be committed or if f returns an IsAborted error, +// ReadWriteTransaction will call f again. It will continue to call f until the +// transaction can be committed or the Context times out or is cancelled. If f +// returns an error other than IsAborted, ReadWriteTransaction will abort the +// transaction and return the error. +// +// To limit the number of retries, set a deadline on the Context rather than +// using a fixed limit on the number of attempts. ReadWriteTransaction will +// retry as needed until that deadline is met. +func (c *Client) ReadWriteTransaction(ctx context.Context, f func(context.Context, *ReadWriteTransaction) error) (commitTimestamp time.Time, err error) { + ctx = traceStartSpan(ctx, "cloud.google.com/go/spanner.ReadWriteTransaction") + defer func() { traceEndSpan(ctx, err) }() + if err := checkNestedTxn(ctx); err != nil { + return time.Time{}, err + } + var ( + ts time.Time + sh *sessionHandle + ) + err = runRetryableNoWrap(ctx, func(ctx context.Context) error { + var ( + err error + t *ReadWriteTransaction + ) + if sh == nil || sh.getID() == "" || sh.getClient() == nil { + // Session handle hasn't been allocated or has been destroyed. + sh, err = c.idleSessions.takeWriteSession(ctx) + if err != nil { + // If session retrieval fails, just fail the transaction. + return err + } + t = &ReadWriteTransaction{ + sh: sh, + tx: sh.getTransactionID(), + } + } else { + t = &ReadWriteTransaction{ + sh: sh, + } + } + t.txReadOnly.txReadEnv = t + tracePrintf(ctx, map[string]interface{}{"transactionID": string(sh.getTransactionID())}, + "Starting transaction attempt") + if err = t.begin(ctx); err != nil { + // Mask error from begin operation as retryable error. + return errRetry(err) + } + ts, err = t.runInTransaction(ctx, f) + return err + }) + if sh != nil { + sh.recycle() + } + return ts, err +} + +// applyOption controls the behavior of Client.Apply. +type applyOption struct { + // If atLeastOnce == true, Client.Apply will execute the mutations on Cloud Spanner at least once. + atLeastOnce bool +} + +// An ApplyOption is an optional argument to Apply. +type ApplyOption func(*applyOption) + +// ApplyAtLeastOnce returns an ApplyOption that removes replay protection. +// +// With this option, Apply may attempt to apply mutations more than once; if +// the mutations are not idempotent, this may lead to a failure being reported +// when the mutation was applied more than once. For example, an insert may +// fail with ALREADY_EXISTS even though the row did not exist before Apply was +// called. For this reason, most users of the library will prefer not to use +// this option. However, ApplyAtLeastOnce requires only a single RPC, whereas +// Apply's default replay protection may require an additional RPC. So this +// option may be appropriate for latency sensitive and/or high throughput blind +// writing. +func ApplyAtLeastOnce() ApplyOption { + return func(ao *applyOption) { + ao.atLeastOnce = true + } +} + +// Apply applies a list of mutations atomically to the database. +func (c *Client) Apply(ctx context.Context, ms []*Mutation, opts ...ApplyOption) (commitTimestamp time.Time, err error) { + ao := &applyOption{} + for _, opt := range opts { + opt(ao) + } + if !ao.atLeastOnce { + return c.ReadWriteTransaction(ctx, func(ctx context.Context, t *ReadWriteTransaction) error { + t.BufferWrite(ms) + return nil + }) + } + + ctx = traceStartSpan(ctx, "cloud.google.com/go/spanner.Apply") + defer func() { traceEndSpan(ctx, err) }() + t := &writeOnlyTransaction{c.idleSessions} + return t.applyAtLeastOnce(ctx, ms...) +} diff --git a/vendor/cloud.google.com/go/spanner/doc.go b/vendor/cloud.google.com/go/spanner/doc.go new file mode 100644 index 000000000000..2f800e96e5ac --- /dev/null +++ b/vendor/cloud.google.com/go/spanner/doc.go @@ -0,0 +1,316 @@ +/* +Copyright 2017 Google Inc. All Rights Reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +/* +Package spanner provides a client for reading and writing to Cloud Spanner +databases. See the packages under admin for clients that operate on databases +and instances. + +Note: This package is in beta. Some backwards-incompatible changes may occur. + +See https://cloud.google.com/spanner/docs/getting-started/go/ for an introduction +to Cloud Spanner and additional help on using this API. + +Creating a Client + +To start working with this package, create a client that refers to the database +of interest: + + ctx := context.Background() + client, err := spanner.NewClient(ctx, "projects/P/instances/I/databases/D") + if err != nil { + // TODO: Handle error. + } + defer client.Close() + +Remember to close the client after use to free up the sessions in the session +pool. + + +Simple Reads and Writes + +Two Client methods, Apply and Single, work well for simple reads and writes. As +a quick introduction, here we write a new row to the database and read it back: + + _, err := client.Apply(ctx, []*spanner.Mutation{ + spanner.Insert("Users", + []string{"name", "email"}, + []interface{}{"alice", "a@example.com"})}) + if err != nil { + // TODO: Handle error. + } + row, err := client.Single().ReadRow(ctx, "Users", + spanner.Key{"alice"}, []string{"email"}) + if err != nil { + // TODO: Handle error. + } + +All the methods used above are discussed in more detail below. + + +Keys + +Every Cloud Spanner row has a unique key, composed of one or more columns. +Construct keys with a literal of type Key: + + key1 := spanner.Key{"alice"} + + +KeyRanges + +The keys of a Cloud Spanner table are ordered. You can specify ranges of keys +using the KeyRange type: + + kr1 := spanner.KeyRange{Start: key1, End: key2} + +By default, a KeyRange includes its start key but not its end key. Use +the Kind field to specify other boundary conditions: + + // include both keys + kr2 := spanner.KeyRange{Start: key1, End: key2, Kind: spanner.ClosedClosed} + + +KeySets + +A KeySet represents a set of keys. A single Key or KeyRange can act as a KeySet. Use +the KeySets function to build the union of several KeySets: + + ks1 := spanner.KeySets(key1, key2, kr1, kr2) + +AllKeys returns a KeySet that refers to all the keys in a table: + + ks2 := spanner.AllKeys() + + +Transactions + +All Cloud Spanner reads and writes occur inside transactions. There are two +types of transactions, read-only and read-write. Read-only transactions cannot +change the database, do not acquire locks, and may access either the current +database state or states in the past. Read-write transactions can read the +database before writing to it, and always apply to the most recent database +state. + + +Single Reads + +The simplest and fastest transaction is a ReadOnlyTransaction that supports a +single read operation. Use Client.Single to create such a transaction. You can +chain the call to Single with a call to a Read method. + +When you only want one row whose key you know, use ReadRow. Provide the table +name, key, and the columns you want to read: + + row, err := client.Single().ReadRow(ctx, "Accounts", spanner.Key{"alice"}, []string{"balance"}) + +Read multiple rows with the Read method. It takes a table name, KeySet, and list +of columns: + + iter := client.Single().Read(ctx, "Accounts", keyset1, columns) + +Read returns a RowIterator. You can call the Do method on the iterator and pass +a callback: + + err := iter.Do(func(row *Row) error { + // TODO: use row + return nil + }) + +RowIterator also follows the standard pattern for the Google +Cloud Client Libraries: + + defer iter.Stop() + for { + row, err := iter.Next() + if err == iterator.Done { + break + } + if err != nil { + // TODO: Handle error. + } + // TODO: use row + } + +Always call Stop when you finish using an iterator this way, whether or not you +iterate to the end. (Failing to call Stop could lead you to exhaust the +database's session quota.) + +To read rows with an index, use ReadUsingIndex. + +Statements + +The most general form of reading uses SQL statements. Construct a Statement +with NewStatement, setting any parameters using the Statement's Params map: + + stmt := spanner.NewStatement("SELECT First, Last FROM SINGERS WHERE Last >= @start") + stmt.Params["start"] = "Dylan" + +You can also construct a Statement directly with a struct literal, providing +your own map of parameters. + +Use the Query method to run the statement and obtain an iterator: + + iter := client.Single().Query(ctx, stmt) + + +Rows + +Once you have a Row, via an iterator or a call to ReadRow, you can extract +column values in several ways. Pass in a pointer to a Go variable of the +appropriate type when you extract a value. + +You can extract by column position or name: + + err := row.Column(0, &name) + err = row.ColumnByName("balance", &balance) + +You can extract all the columns at once: + + err = row.Columns(&name, &balance) + +Or you can define a Go struct that corresponds to your columns, and extract +into that: + + var s struct { Name string; Balance int64 } + err = row.ToStruct(&s) + + +For Cloud Spanner columns that may contain NULL, use one of the NullXXX types, +like NullString: + + var ns spanner.NullString + if err =: row.Column(0, &ns); err != nil { + // TODO: Handle error. + } + if ns.Valid { + fmt.Println(ns.StringVal) + } else { + fmt.Println("column is NULL") + } + + +Multiple Reads + +To perform more than one read in a transaction, use ReadOnlyTransaction: + + txn := client.ReadOnlyTransaction() + defer txn.Close() + iter := txn.Query(ctx, stmt1) + // ... + iter = txn.Query(ctx, stmt2) + // ... + +You must call Close when you are done with the transaction. + + +Timestamps and Timestamp Bounds + +Cloud Spanner read-only transactions conceptually perform all their reads at a +single moment in time, called the transaction's read timestamp. Once a read has +started, you can call ReadOnlyTransaction's Timestamp method to obtain the read +timestamp. + +By default, a transaction will pick the most recent time (a time where all +previously committed transactions are visible) for its reads. This provides the +freshest data, but may involve some delay. You can often get a quicker response +if you are willing to tolerate "stale" data. You can control the read timestamp +selected by a transaction by calling the WithTimestampBound method on the +transaction before using it. For example, to perform a query on data that is at +most one minute stale, use + + client.Single(). + WithTimestampBound(spanner.MaxStaleness(1*time.Minute)). + Query(ctx, stmt) + +See the documentation of TimestampBound for more details. + + +Mutations + +To write values to a Cloud Spanner database, construct a Mutation. The spanner +package has functions for inserting, updating and deleting rows. Except for the +Delete methods, which take a Key or KeyRange, each mutation-building function +comes in three varieties. + +One takes lists of columns and values along with the table name: + + m1 := spanner.Insert("Users", + []string{"name", "email"}, + []interface{}{"alice", "a@example.com"}) + +One takes a map from column names to values: + + m2 := spanner.InsertMap("Users", map[string]interface{}{ + "name": "alice", + "email": "a@example.com", + }) + +And the third accepts a struct value, and determines the columns from the +struct field names: + + type User struct { Name, Email string } + u := User{Name: "alice", Email: "a@example.com"} + m3, err := spanner.InsertStruct("Users", u) + + +Writes + +To apply a list of mutations to the database, use Apply: + + _, err := client.Apply(ctx, []*spanner.Mutation{m1, m2, m3}) + +If you need to read before writing in a single transaction, use a +ReadWriteTransaction. ReadWriteTransactions may abort and need to be retried. +You pass in a function to ReadWriteTransaction, and the client will handle the +retries automatically. Use the transaction's BufferWrite method to buffer +mutations, which will all be executed at the end of the transaction: + + _, err := client.ReadWriteTransaction(ctx, func(ctx context.Context, txn *spanner.ReadWriteTransaction) error { + var balance int64 + row, err := txn.ReadRow(ctx, "Accounts", spanner.Key{"alice"}, []string{"balance"}) + if err != nil { + // This function will be called again if this is an IsAborted error. + return err + } + if err := row.Column(0, &balance); err != nil { + return err + } + + if balance <= 10 { + return errors.New("insufficient funds in account") + } + balance -= 10 + m := spanner.Update("Accounts", []string{"user", "balance"}, []interface{}{"alice", balance}) + txn.BufferWrite([]*spanner.Mutation{m}) + + // The buffered mutation will be committed. If the commit + // fails with an IsAborted error, this function will be called + // again. + return nil + }) + +Tracing + +This client has been instrumented to use OpenCensus tracing (http://opencensus.io). +To enable tracing, see "Enabling Tracing for a Program" at +https://godoc.org/go.opencensus.io/trace. OpenCensus tracing requires Go 1.8 or higher. + +Authentication + +See examples of authorization and authentication at +https://godoc.org/cloud.google.com/go#pkg-examples. +*/ +package spanner // import "cloud.google.com/go/spanner" diff --git a/vendor/cloud.google.com/go/spanner/errors.go b/vendor/cloud.google.com/go/spanner/errors.go new file mode 100644 index 000000000000..9b53bde98d2a --- /dev/null +++ b/vendor/cloud.google.com/go/spanner/errors.go @@ -0,0 +1,115 @@ +/* +Copyright 2017 Google Inc. All Rights Reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package spanner + +import ( + "fmt" + + "golang.org/x/net/context" + "google.golang.org/grpc" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/metadata" +) + +// Error is the structured error returned by Cloud Spanner client. +type Error struct { + // Code is the canonical error code for describing the nature of a + // particular error. + Code codes.Code + // Desc explains more details of the error. + Desc string + // trailers are the trailers returned in the response, if any. + trailers metadata.MD +} + +// Error implements error.Error. +func (e *Error) Error() string { + if e == nil { + return fmt.Sprintf("spanner: OK") + } + return fmt.Sprintf("spanner: code = %q, desc = %q", e.Code, e.Desc) +} + +// decorate decorates an existing spanner.Error with more information. +func (e *Error) decorate(info string) { + e.Desc = fmt.Sprintf("%v, %v", info, e.Desc) +} + +// spannerErrorf generates a *spanner.Error with the given error code and +// description. +func spannerErrorf(ec codes.Code, format string, args ...interface{}) error { + return &Error{ + Code: ec, + Desc: fmt.Sprintf(format, args...), + } +} + +// toSpannerError converts general Go error to *spanner.Error. +func toSpannerError(err error) error { + return toSpannerErrorWithMetadata(err, nil) +} + +// toSpannerErrorWithMetadata converts general Go error and grpc trailers to *spanner.Error. +// Note: modifies original error if trailers aren't nil +func toSpannerErrorWithMetadata(err error, trailers metadata.MD) error { + if err == nil { + return nil + } + if se, ok := err.(*Error); ok { + if trailers != nil { + se.trailers = metadata.Join(se.trailers, trailers) + } + return se + } + switch { + case err == context.DeadlineExceeded: + return &Error{codes.DeadlineExceeded, err.Error(), trailers} + case err == context.Canceled: + return &Error{codes.Canceled, err.Error(), trailers} + case grpc.Code(err) == codes.Unknown: + return &Error{codes.Unknown, err.Error(), trailers} + default: + return &Error{grpc.Code(err), grpc.ErrorDesc(err), trailers} + } +} + +// ErrCode extracts the canonical error code from a Go error. +func ErrCode(err error) codes.Code { + se, ok := toSpannerError(err).(*Error) + if !ok { + return codes.Unknown + } + return se.Code +} + +// ErrDesc extracts the Cloud Spanner error description from a Go error. +func ErrDesc(err error) string { + se, ok := toSpannerError(err).(*Error) + if !ok { + return err.Error() + } + return se.Desc +} + +// errTrailers extracts the grpc trailers if present from a Go error. +func errTrailers(err error) metadata.MD { + se, ok := err.(*Error) + if !ok { + return nil + } + return se.trailers +} diff --git a/vendor/cloud.google.com/go/spanner/go18.go b/vendor/cloud.google.com/go/spanner/go18.go new file mode 100644 index 000000000000..5ccf65a96648 --- /dev/null +++ b/vendor/cloud.google.com/go/spanner/go18.go @@ -0,0 +1,68 @@ +// Copyright 2017 Google Inc. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// +build go1.8 + +package spanner + +import ( + "fmt" + + ocgrpc "go.opencensus.io/plugin/grpc" + "go.opencensus.io/trace" + "golang.org/x/net/context" + "google.golang.org/api/option" + "google.golang.org/grpc" +) + +func openCensusOptions() []option.ClientOption { + return []option.ClientOption{ + option.WithGRPCDialOption(grpc.WithStatsHandler(ocgrpc.NewClientStatsHandler())), + } +} + +func traceStartSpan(ctx context.Context, name string) context.Context { + ctx, _ = trace.StartSpan(ctx, name) + return ctx +} + +func traceEndSpan(ctx context.Context, err error) { + span := trace.FromContext(ctx) + if err != nil { + // TODO(jba): Add error code to the status. + span.SetStatus(trace.Status{Message: err.Error()}) + } + span.End() +} + +func tracePrintf(ctx context.Context, attrMap map[string]interface{}, format string, args ...interface{}) { + var attrs []trace.Attribute + for k, v := range attrMap { + var a trace.Attribute + switch v := v.(type) { + case string: + a = trace.StringAttribute{k, v} + case bool: + a = trace.BoolAttribute{k, v} + case int: + a = trace.Int64Attribute{k, int64(v)} + case int64: + a = trace.Int64Attribute{k, v} + default: + a = trace.StringAttribute{k, fmt.Sprintf("%#v", v)} + } + attrs = append(attrs, a) + } + trace.FromContext(ctx).Annotatef(attrs, format, args...) +} diff --git a/vendor/cloud.google.com/go/spanner/key.go b/vendor/cloud.google.com/go/spanner/key.go new file mode 100644 index 000000000000..5b332f4dc7ca --- /dev/null +++ b/vendor/cloud.google.com/go/spanner/key.go @@ -0,0 +1,400 @@ +/* +Copyright 2017 Google Inc. All Rights Reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package spanner + +import ( + "bytes" + "fmt" + "time" + + "google.golang.org/grpc/codes" + + "cloud.google.com/go/civil" + proto3 "github.com/golang/protobuf/ptypes/struct" + sppb "google.golang.org/genproto/googleapis/spanner/v1" +) + +// A Key can be either a Cloud Spanner row's primary key or a secondary index key. +// It is essentially an interface{} array, which represents a set of Cloud Spanner +// columns. A Key type has the following usages: +// +// - Used as primary key which uniquely identifies a Cloud Spanner row. +// - Used as secondary index key which maps to a set of Cloud Spanner rows +// indexed under it. +// - Used as endpoints of primary key/secondary index ranges, +// see also the KeyRange type. +// +// Rows that are identified by the Key type are outputs of read operation or targets of +// delete operation in a mutation. Note that for Insert/Update/InsertOrUpdate/Update +// mutation types, although they don't require a primary key explicitly, the column list +// provided must contain enough columns that can comprise a primary key. +// +// Keys are easy to construct. For example, suppose you have a table with a +// primary key of username and product ID. To make a key for this table: +// +// key := spanner.Key{"john", 16} +// +// See the description of Row and Mutation types for how Go types are +// mapped to Cloud Spanner types. For convenience, Key type supports a wide range +// of Go types: +// - int, int8, int16, int32, int64, and NullInt64 are mapped to Cloud Spanner's INT64 type. +// - uint8, uint16 and uint32 are also mapped to Cloud Spanner's INT64 type. +// - float32, float64, NullFloat64 are mapped to Cloud Spanner's FLOAT64 type. +// - bool and NullBool are mapped to Cloud Spanner's BOOL type. +// - []byte is mapped to Cloud Spanner's BYTES type. +// - string and NullString are mapped to Cloud Spanner's STRING type. +// - time.Time and NullTime are mapped to Cloud Spanner's TIMESTAMP type. +// - civil.Date and NullDate are mapped to Cloud Spanner's DATE type. +type Key []interface{} + +// errInvdKeyPartType returns error for unsupported key part type. +func errInvdKeyPartType(part interface{}) error { + return spannerErrorf(codes.InvalidArgument, "key part has unsupported type %T", part) +} + +// keyPartValue converts a part of the Key (which is a valid Cloud Spanner type) +// into a proto3.Value. Used for encoding Key type into protobuf. +func keyPartValue(part interface{}) (pb *proto3.Value, err error) { + switch v := part.(type) { + case int: + pb, _, err = encodeValue(int64(v)) + case int8: + pb, _, err = encodeValue(int64(v)) + case int16: + pb, _, err = encodeValue(int64(v)) + case int32: + pb, _, err = encodeValue(int64(v)) + case uint8: + pb, _, err = encodeValue(int64(v)) + case uint16: + pb, _, err = encodeValue(int64(v)) + case uint32: + pb, _, err = encodeValue(int64(v)) + case float32: + pb, _, err = encodeValue(float64(v)) + case int64, float64, NullInt64, NullFloat64, bool, NullBool, []byte, string, NullString, time.Time, civil.Date, NullTime, NullDate: + pb, _, err = encodeValue(v) + default: + return nil, errInvdKeyPartType(v) + } + return pb, err +} + +// proto converts a spanner.Key into a proto3.ListValue. +func (key Key) proto() (*proto3.ListValue, error) { + lv := &proto3.ListValue{} + lv.Values = make([]*proto3.Value, 0, len(key)) + for _, part := range key { + v, err := keyPartValue(part) + if err != nil { + return nil, err + } + lv.Values = append(lv.Values, v) + } + return lv, nil +} + +// keySetProto lets a single Key act as a KeySet. +func (key Key) keySetProto() (*sppb.KeySet, error) { + kp, err := key.proto() + if err != nil { + return nil, err + } + return &sppb.KeySet{Keys: []*proto3.ListValue{kp}}, nil +} + +// String implements fmt.Stringer for Key. For string, []byte and NullString, it +// prints the uninterpreted bytes of their contents, leaving caller with the +// opportunity to escape the output. +func (key Key) String() string { + b := &bytes.Buffer{} + fmt.Fprint(b, "(") + for i, part := range []interface{}(key) { + if i != 0 { + fmt.Fprint(b, ",") + } + switch v := part.(type) { + case int, int8, int16, int32, int64, uint, uint8, uint16, uint32, float32, float64, bool: + // Use %v to print numeric types and bool. + fmt.Fprintf(b, "%v", v) + case string: + fmt.Fprintf(b, "%q", v) + case []byte: + if v != nil { + fmt.Fprintf(b, "%q", v) + } else { + fmt.Fprint(b, "") + } + case NullInt64, NullFloat64, NullBool, NullString, NullTime, NullDate: + // The above types implement fmt.Stringer. + fmt.Fprintf(b, "%s", v) + case civil.Date: + fmt.Fprintf(b, "%q", v) + case time.Time: + fmt.Fprintf(b, "%q", v.Format(time.RFC3339Nano)) + default: + fmt.Fprintf(b, "%v", v) + } + } + fmt.Fprint(b, ")") + return b.String() +} + +// AsPrefix returns a KeyRange for all keys where k is the prefix. +func (key Key) AsPrefix() KeyRange { + return KeyRange{ + Start: key, + End: key, + Kind: ClosedClosed, + } +} + +// KeyRangeKind describes the kind of interval represented by a KeyRange: +// whether it is open or closed on the left and right. +type KeyRangeKind int + +const ( + // ClosedOpen is closed on the left and open on the right: the Start + // key is included, the End key is excluded. + ClosedOpen KeyRangeKind = iota + + // ClosedClosed is closed on the left and the right: both keys are included. + ClosedClosed + + // OpenClosed is open on the left and closed on the right: the Start + // key is excluded, the End key is included. + OpenClosed + + // OpenOpen is open on the left and the right: neither key is included. + OpenOpen +) + +// A KeyRange represents a range of rows in a table or index. +// +// A range has a Start key and an End key. IncludeStart and IncludeEnd +// indicate whether the Start and End keys are included in the range. +// +// For example, consider the following table definition: +// +// CREATE TABLE UserEvents ( +// UserName STRING(MAX), +// EventDate STRING(10), +// ) PRIMARY KEY(UserName, EventDate); +// +// The following keys name rows in this table: +// +// spanner.Key{"Bob", "2014-09-23"} +// spanner.Key{"Alfred", "2015-06-12"} +// +// Since the UserEvents table's PRIMARY KEY clause names two columns, each +// UserEvents key has two elements; the first is the UserName, and the second +// is the EventDate. +// +// Key ranges with multiple components are interpreted lexicographically by +// component using the table or index key's declared sort order. For example, +// the following range returns all events for user "Bob" that occurred in the +// year 2015: +// +// spanner.KeyRange{ +// Start: spanner.Key{"Bob", "2015-01-01"}, +// End: spanner.Key{"Bob", "2015-12-31"}, +// Kind: ClosedClosed, +// } +// +// Start and end keys can omit trailing key components. This affects the +// inclusion and exclusion of rows that exactly match the provided key +// components: if IncludeStart is true, then rows that exactly match the +// provided components of the Start key are included; if IncludeStart is false +// then rows that exactly match are not included. IncludeEnd and End key +// behave in the same fashion. +// +// For example, the following range includes all events for "Bob" that occurred +// during and after the year 2000: +// +// spanner.KeyRange{ +// Start: spanner.Key{"Bob", "2000-01-01"}, +// End: spanner.Key{"Bob"}, +// Kind: ClosedClosed, +// } +// +// The next example retrieves all events for "Bob": +// +// spanner.Key{"Bob"}.AsPrefix() +// +// To retrieve events before the year 2000: +// +// spanner.KeyRange{ +// Start: spanner.Key{"Bob"}, +// End: spanner.Key{"Bob", "2000-01-01"}, +// Kind: ClosedOpen, +// } +// +// Although we specified a Kind for this KeyRange, we didn't need to, because +// the default is ClosedOpen. In later examples we'll omit Kind if it is +// ClosedOpen. +// +// The following range includes all rows in a table or under a +// index: +// +// spanner.AllKeys() +// +// This range returns all users whose UserName begins with any +// character from A to C: +// +// spanner.KeyRange{ +// Start: spanner.Key{"A"}, +// End: spanner.Key{"D"}, +// } +// +// This range returns all users whose UserName begins with B: +// +// spanner.KeyRange{ +// Start: spanner.Key{"B"}, +// End: spanner.Key{"C"}, +// } +// +// Key ranges honor column sort order. For example, suppose a table is defined +// as follows: +// +// CREATE TABLE DescendingSortedTable { +// Key INT64, +// ... +// ) PRIMARY KEY(Key DESC); +// +// The following range retrieves all rows with key values between 1 and 100 +// inclusive: +// +// spanner.KeyRange{ +// Start: spanner.Key{100}, +// End: spanner.Key{1}, +// Kind: ClosedClosed, +// } +// +// Note that 100 is passed as the start, and 1 is passed as the end, because +// Key is a descending column in the schema. +type KeyRange struct { + // Start specifies the left boundary of the key range; End specifies + // the right boundary of the key range. + Start, End Key + + // Kind describes whether the boundaries of the key range include + // their keys. + Kind KeyRangeKind +} + +// String implements fmt.Stringer for KeyRange type. +func (r KeyRange) String() string { + var left, right string + switch r.Kind { + case ClosedClosed: + left, right = "[", "]" + case ClosedOpen: + left, right = "[", ")" + case OpenClosed: + left, right = "(", "]" + case OpenOpen: + left, right = "(", ")" + default: + left, right = "?", "?" + } + return fmt.Sprintf("%s%s,%s%s", left, r.Start, r.End, right) +} + +// proto converts KeyRange into sppb.KeyRange. +func (r KeyRange) proto() (*sppb.KeyRange, error) { + var err error + var start, end *proto3.ListValue + pb := &sppb.KeyRange{} + if start, err = r.Start.proto(); err != nil { + return nil, err + } + if end, err = r.End.proto(); err != nil { + return nil, err + } + if r.Kind == ClosedClosed || r.Kind == ClosedOpen { + pb.StartKeyType = &sppb.KeyRange_StartClosed{StartClosed: start} + } else { + pb.StartKeyType = &sppb.KeyRange_StartOpen{StartOpen: start} + } + if r.Kind == ClosedClosed || r.Kind == OpenClosed { + pb.EndKeyType = &sppb.KeyRange_EndClosed{EndClosed: end} + } else { + pb.EndKeyType = &sppb.KeyRange_EndOpen{EndOpen: end} + } + return pb, nil +} + +// keySetProto lets a KeyRange act as a KeySet. +func (r KeyRange) keySetProto() (*sppb.KeySet, error) { + rp, err := r.proto() + if err != nil { + return nil, err + } + return &sppb.KeySet{Ranges: []*sppb.KeyRange{rp}}, nil +} + +// A KeySet defines a collection of Cloud Spanner keys and/or key ranges. All the +// keys are expected to be in the same table or index. The keys need not be sorted in +// any particular way. +// +// An individual Key can act as a KeySet, as can a KeyRange. Use the KeySets function +// to create a KeySet consisting of multiple Keys and KeyRanges. To obtain an empty +// KeySet, call KeySets with no arguments. +// +// If the same key is specified multiple times in the set (for example if two +// ranges, two keys, or a key and a range overlap), the Cloud Spanner backend behaves +// as if the key were only specified once. +type KeySet interface { + keySetProto() (*sppb.KeySet, error) +} + +// AllKeys returns a KeySet that represents all Keys of a table or a index. +func AllKeys() KeySet { + return all{} +} + +type all struct{} + +func (all) keySetProto() (*sppb.KeySet, error) { + return &sppb.KeySet{All: true}, nil +} + +// KeySets returns the union of the KeySets. If any of the KeySets is AllKeys, then +// the resulting KeySet will be equivalent to AllKeys. +func KeySets(keySets ...KeySet) KeySet { + u := make(union, len(keySets)) + copy(u, keySets) + return u +} + +type union []KeySet + +func (u union) keySetProto() (*sppb.KeySet, error) { + upb := &sppb.KeySet{} + for _, ks := range u { + pb, err := ks.keySetProto() + if err != nil { + return nil, err + } + if pb.All { + return pb, nil + } + upb.Keys = append(upb.Keys, pb.Keys...) + upb.Ranges = append(upb.Ranges, pb.Ranges...) + } + return upb, nil +} diff --git a/vendor/cloud.google.com/go/spanner/mutation.go b/vendor/cloud.google.com/go/spanner/mutation.go new file mode 100644 index 000000000000..4eac915688c3 --- /dev/null +++ b/vendor/cloud.google.com/go/spanner/mutation.go @@ -0,0 +1,431 @@ +/* +Copyright 2017 Google Inc. All Rights Reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package spanner + +import ( + "reflect" + + proto3 "github.com/golang/protobuf/ptypes/struct" + + sppb "google.golang.org/genproto/googleapis/spanner/v1" + "google.golang.org/grpc/codes" +) + +// op is the mutation operation. +type op int + +const ( + // opDelete removes a row from a table. Succeeds whether or not the + // key was present. + opDelete op = iota + // opInsert inserts a row into a table. If the row already exists, the + // write or transaction fails. + opInsert + // opInsertOrUpdate inserts a row into a table. If the row already + // exists, it updates it instead. Any column values not explicitly + // written are preserved. + opInsertOrUpdate + // opReplace inserts a row into a table, deleting any existing row. + // Unlike InsertOrUpdate, this means any values not explicitly written + // become NULL. + opReplace + // opUpdate updates a row in a table. If the row does not already + // exist, the write or transaction fails. + opUpdate +) + +// A Mutation describes a modification to one or more Cloud Spanner rows. The +// mutation represents an insert, update, delete, etc on a table. +// +// Many mutations can be applied in a single atomic commit. For purposes of +// constraint checking (such as foreign key constraints), the operations can be +// viewed as applying in same order as the mutations are supplied in (so that +// e.g., a row and its logical "child" can be inserted in the same commit). +// +// - The Apply function applies series of mutations. +// - A ReadWriteTransaction applies a series of mutations as part of an +// atomic read-modify-write operation. +// Example: +// +// m := spanner.Insert("User", +// []string{"user_id", "profile"}, +// []interface{}{UserID, profile}) +// _, err := client.Apply(ctx, []*spanner.Mutation{m}) +// +// In this example, we insert a new row into the User table. The primary key +// for the new row is UserID (presuming that "user_id" has been declared as the +// primary key of the "User" table). +// +// Updating a row +// +// Changing the values of columns in an existing row is very similar to +// inserting a new row: +// +// m := spanner.Update("User", +// []string{"user_id", "profile"}, +// []interface{}{UserID, profile}) +// _, err := client.Apply(ctx, []*spanner.Mutation{m}) +// +// Deleting a row +// +// To delete a row, use spanner.Delete: +// +// m := spanner.Delete("User", spanner.Key{UserId}) +// _, err := client.Apply(ctx, []*spanner.Mutation{m}) +// +// spanner.Delete accepts a KeySet, so you can also pass in a KeyRange, or use the +// spanner.KeySets function to build any combination of Keys and KeyRanges. +// +// Note that deleting a row in a table may also delete rows from other tables +// if cascading deletes are specified in those tables' schemas. Delete does +// nothing if the named row does not exist (does not yield an error). +// +// Deleting a field +// +// To delete/clear a field within a row, use spanner.Update with the value nil: +// +// m := spanner.Update("User", +// []string{"user_id", "profile"}, +// []interface{}{UserID, nil}) +// _, err := client.Apply(ctx, []*spanner.Mutation{m}) +// +// The valid Go types and their corresponding Cloud Spanner types that can be +// used in the Insert/Update/InsertOrUpdate functions are: +// +// string, NullString - STRING +// []string, []NullString - STRING ARRAY +// []byte - BYTES +// [][]byte - BYTES ARRAY +// int, int64, NullInt64 - INT64 +// []int, []int64, []NullInt64 - INT64 ARRAY +// bool, NullBool - BOOL +// []bool, []NullBool - BOOL ARRAY +// float64, NullFloat64 - FLOAT64 +// []float64, []NullFloat64 - FLOAT64 ARRAY +// time.Time, NullTime - TIMESTAMP +// []time.Time, []NullTime - TIMESTAMP ARRAY +// Date, NullDate - DATE +// []Date, []NullDate - DATE ARRAY +// +// To compare two Mutations for testing purposes, use reflect.DeepEqual. +type Mutation struct { + // op is the operation type of the mutation. + // See documentation for spanner.op for more details. + op op + // Table is the name of the target table to be modified. + table string + // keySet is a set of primary keys that names the rows + // in a delete operation. + keySet KeySet + // columns names the set of columns that are going to be + // modified by Insert, InsertOrUpdate, Replace or Update + // operations. + columns []string + // values specifies the new values for the target columns + // named by Columns. + values []interface{} +} + +// mapToMutationParams converts Go map into mutation parameters. +func mapToMutationParams(in map[string]interface{}) ([]string, []interface{}) { + cols := []string{} + vals := []interface{}{} + for k, v := range in { + cols = append(cols, k) + vals = append(vals, v) + } + return cols, vals +} + +// errNotStruct returns error for not getting a go struct type. +func errNotStruct(in interface{}) error { + return spannerErrorf(codes.InvalidArgument, "%T is not a go struct type", in) +} + +// structToMutationParams converts Go struct into mutation parameters. +// If the input is not a valid Go struct type, structToMutationParams +// returns error. +func structToMutationParams(in interface{}) ([]string, []interface{}, error) { + if in == nil { + return nil, nil, errNotStruct(in) + } + v := reflect.ValueOf(in) + t := v.Type() + if t.Kind() == reflect.Ptr && t.Elem().Kind() == reflect.Struct { + // t is a pointer to a struct. + if v.IsNil() { + // Return empty results. + return nil, nil, nil + } + // Get the struct value that in points to. + v = v.Elem() + t = t.Elem() + } + if t.Kind() != reflect.Struct { + return nil, nil, errNotStruct(in) + } + fields, err := fieldCache.Fields(t) + if err != nil { + return nil, nil, toSpannerError(err) + } + var cols []string + var vals []interface{} + for _, f := range fields { + cols = append(cols, f.Name) + vals = append(vals, v.FieldByIndex(f.Index).Interface()) + } + return cols, vals, nil +} + +// Insert returns a Mutation to insert a row into a table. If the row already +// exists, the write or transaction fails. +func Insert(table string, cols []string, vals []interface{}) *Mutation { + return &Mutation{ + op: opInsert, + table: table, + columns: cols, + values: vals, + } +} + +// InsertMap returns a Mutation to insert a row into a table, specified by +// a map of column name to value. If the row already exists, the write or +// transaction fails. +func InsertMap(table string, in map[string]interface{}) *Mutation { + cols, vals := mapToMutationParams(in) + return Insert(table, cols, vals) +} + +// InsertStruct returns a Mutation to insert a row into a table, specified by +// a Go struct. If the row already exists, the write or transaction fails. +// +// The in argument must be a struct or a pointer to a struct. Its exported +// fields specify the column names and values. Use a field tag like "spanner:name" +// to provide an alternative column name, or use "spanner:-" to ignore the field. +func InsertStruct(table string, in interface{}) (*Mutation, error) { + cols, vals, err := structToMutationParams(in) + if err != nil { + return nil, err + } + return Insert(table, cols, vals), nil +} + +// Update returns a Mutation to update a row in a table. If the row does not +// already exist, the write or transaction fails. +func Update(table string, cols []string, vals []interface{}) *Mutation { + return &Mutation{ + op: opUpdate, + table: table, + columns: cols, + values: vals, + } +} + +// UpdateMap returns a Mutation to update a row in a table, specified by +// a map of column to value. If the row does not already exist, the write or +// transaction fails. +func UpdateMap(table string, in map[string]interface{}) *Mutation { + cols, vals := mapToMutationParams(in) + return Update(table, cols, vals) +} + +// UpdateStruct returns a Mutation to update a row in a table, specified by a Go +// struct. If the row does not already exist, the write or transaction fails. +func UpdateStruct(table string, in interface{}) (*Mutation, error) { + cols, vals, err := structToMutationParams(in) + if err != nil { + return nil, err + } + return Update(table, cols, vals), nil +} + +// InsertOrUpdate returns a Mutation to insert a row into a table. If the row +// already exists, it updates it instead. Any column values not explicitly +// written are preserved. +// +// For a similar example, See Update. +func InsertOrUpdate(table string, cols []string, vals []interface{}) *Mutation { + return &Mutation{ + op: opInsertOrUpdate, + table: table, + columns: cols, + values: vals, + } +} + +// InsertOrUpdateMap returns a Mutation to insert a row into a table, +// specified by a map of column to value. If the row already exists, it +// updates it instead. Any column values not explicitly written are preserved. +// +// For a similar example, See UpdateMap. +func InsertOrUpdateMap(table string, in map[string]interface{}) *Mutation { + cols, vals := mapToMutationParams(in) + return InsertOrUpdate(table, cols, vals) +} + +// InsertOrUpdateStruct returns a Mutation to insert a row into a table, +// specified by a Go struct. If the row already exists, it updates it instead. +// Any column values not explicitly written are preserved. +// +// The in argument must be a struct or a pointer to a struct. Its exported +// fields specify the column names and values. Use a field tag like "spanner:name" +// to provide an alternative column name, or use "spanner:-" to ignore the field. +// +// For a similar example, See UpdateStruct. +func InsertOrUpdateStruct(table string, in interface{}) (*Mutation, error) { + cols, vals, err := structToMutationParams(in) + if err != nil { + return nil, err + } + return InsertOrUpdate(table, cols, vals), nil +} + +// Replace returns a Mutation to insert a row into a table, deleting any +// existing row. Unlike InsertOrUpdate, this means any values not explicitly +// written become NULL. +// +// For a similar example, See Update. +func Replace(table string, cols []string, vals []interface{}) *Mutation { + return &Mutation{ + op: opReplace, + table: table, + columns: cols, + values: vals, + } +} + +// ReplaceMap returns a Mutation to insert a row into a table, deleting any +// existing row. Unlike InsertOrUpdateMap, this means any values not explicitly +// written become NULL. The row is specified by a map of column to value. +// +// For a similar example, See UpdateMap. +func ReplaceMap(table string, in map[string]interface{}) *Mutation { + cols, vals := mapToMutationParams(in) + return Replace(table, cols, vals) +} + +// ReplaceStruct returns a Mutation to insert a row into a table, deleting any +// existing row. Unlike InsertOrUpdateMap, this means any values not explicitly +// written become NULL. The row is specified by a Go struct. +// +// The in argument must be a struct or a pointer to a struct. Its exported +// fields specify the column names and values. Use a field tag like "spanner:name" +// to provide an alternative column name, or use "spanner:-" to ignore the field. +// +// For a similar example, See UpdateStruct. +func ReplaceStruct(table string, in interface{}) (*Mutation, error) { + cols, vals, err := structToMutationParams(in) + if err != nil { + return nil, err + } + return Replace(table, cols, vals), nil +} + +// Delete removes the rows described by the KeySet from the table. It succeeds +// whether or not the keys were present. +func Delete(table string, ks KeySet) *Mutation { + return &Mutation{ + op: opDelete, + table: table, + keySet: ks, + } +} + +// prepareWrite generates sppb.Mutation_Write from table name, column names +// and new column values. +func prepareWrite(table string, columns []string, vals []interface{}) (*sppb.Mutation_Write, error) { + v, err := encodeValueArray(vals) + if err != nil { + return nil, err + } + return &sppb.Mutation_Write{ + Table: table, + Columns: columns, + Values: []*proto3.ListValue{v}, + }, nil +} + +// errInvdMutationOp returns error for unrecognized mutation operation. +func errInvdMutationOp(m Mutation) error { + return spannerErrorf(codes.InvalidArgument, "Unknown op type: %d", m.op) +} + +// proto converts spanner.Mutation to sppb.Mutation, in preparation to send +// RPCs. +func (m Mutation) proto() (*sppb.Mutation, error) { + var pb *sppb.Mutation + switch m.op { + case opDelete: + var kp *sppb.KeySet + if m.keySet != nil { + var err error + kp, err = m.keySet.keySetProto() + if err != nil { + return nil, err + } + } + pb = &sppb.Mutation{ + Operation: &sppb.Mutation_Delete_{ + Delete: &sppb.Mutation_Delete{ + Table: m.table, + KeySet: kp, + }, + }, + } + case opInsert: + w, err := prepareWrite(m.table, m.columns, m.values) + if err != nil { + return nil, err + } + pb = &sppb.Mutation{Operation: &sppb.Mutation_Insert{Insert: w}} + case opInsertOrUpdate: + w, err := prepareWrite(m.table, m.columns, m.values) + if err != nil { + return nil, err + } + pb = &sppb.Mutation{Operation: &sppb.Mutation_InsertOrUpdate{InsertOrUpdate: w}} + case opReplace: + w, err := prepareWrite(m.table, m.columns, m.values) + if err != nil { + return nil, err + } + pb = &sppb.Mutation{Operation: &sppb.Mutation_Replace{Replace: w}} + case opUpdate: + w, err := prepareWrite(m.table, m.columns, m.values) + if err != nil { + return nil, err + } + pb = &sppb.Mutation{Operation: &sppb.Mutation_Update{Update: w}} + default: + return nil, errInvdMutationOp(m) + } + return pb, nil +} + +// mutationsProto turns a spanner.Mutation array into a sppb.Mutation array, +// it is convenient for sending batch mutations to Cloud Spanner. +func mutationsProto(ms []*Mutation) ([]*sppb.Mutation, error) { + l := make([]*sppb.Mutation, 0, len(ms)) + for _, m := range ms { + pb, err := m.proto() + if err != nil { + return nil, err + } + l = append(l, pb) + } + return l, nil +} diff --git a/vendor/cloud.google.com/go/spanner/not_appengine.go b/vendor/cloud.google.com/go/spanner/not_appengine.go new file mode 100644 index 000000000000..2ef265d79c73 --- /dev/null +++ b/vendor/cloud.google.com/go/spanner/not_appengine.go @@ -0,0 +1,20 @@ +// Copyright 2017 Google Inc. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// +build !appengine + +package spanner + +// numChannels is the default value for NumChannels of client +const numChannels = 4 diff --git a/vendor/cloud.google.com/go/spanner/not_go18.go b/vendor/cloud.google.com/go/spanner/not_go18.go new file mode 100644 index 000000000000..4e077d4953e3 --- /dev/null +++ b/vendor/cloud.google.com/go/spanner/not_go18.go @@ -0,0 +1,36 @@ +// Copyright 2017 Google Inc. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// +build !go1.8 + +package spanner + +import ( + "golang.org/x/net/context" + "google.golang.org/api/option" +) + +// OpenCensus only supports go 1.8 and higher. + +func openCensusOptions() []option.ClientOption { return nil } + +func traceStartSpan(ctx context.Context, _ string) context.Context { + return ctx +} + +func traceEndSpan(context.Context, error) { +} + +func tracePrintf(context.Context, map[string]interface{}, string, ...interface{}) { +} diff --git a/vendor/cloud.google.com/go/spanner/protoutils.go b/vendor/cloud.google.com/go/spanner/protoutils.go new file mode 100644 index 000000000000..a6fcdd70175f --- /dev/null +++ b/vendor/cloud.google.com/go/spanner/protoutils.go @@ -0,0 +1,113 @@ +/* +Copyright 2017 Google Inc. All Rights Reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package spanner + +import ( + "encoding/base64" + "strconv" + "time" + + "cloud.google.com/go/civil" + proto3 "github.com/golang/protobuf/ptypes/struct" + sppb "google.golang.org/genproto/googleapis/spanner/v1" +) + +// Helpers to generate protobuf values and Cloud Spanner types. + +func stringProto(s string) *proto3.Value { + return &proto3.Value{Kind: stringKind(s)} +} + +func stringKind(s string) *proto3.Value_StringValue { + return &proto3.Value_StringValue{StringValue: s} +} + +func stringType() *sppb.Type { + return &sppb.Type{Code: sppb.TypeCode_STRING} +} + +func boolProto(b bool) *proto3.Value { + return &proto3.Value{Kind: &proto3.Value_BoolValue{BoolValue: b}} +} + +func boolType() *sppb.Type { + return &sppb.Type{Code: sppb.TypeCode_BOOL} +} + +func intProto(n int64) *proto3.Value { + return &proto3.Value{Kind: &proto3.Value_StringValue{StringValue: strconv.FormatInt(n, 10)}} +} + +func intType() *sppb.Type { + return &sppb.Type{Code: sppb.TypeCode_INT64} +} + +func floatProto(n float64) *proto3.Value { + return &proto3.Value{Kind: &proto3.Value_NumberValue{NumberValue: n}} +} + +func floatType() *sppb.Type { + return &sppb.Type{Code: sppb.TypeCode_FLOAT64} +} + +func bytesProto(b []byte) *proto3.Value { + return &proto3.Value{Kind: &proto3.Value_StringValue{StringValue: base64.StdEncoding.EncodeToString(b)}} +} + +func bytesType() *sppb.Type { + return &sppb.Type{Code: sppb.TypeCode_BYTES} +} + +func timeProto(t time.Time) *proto3.Value { + return stringProto(t.UTC().Format(time.RFC3339Nano)) +} + +func timeType() *sppb.Type { + return &sppb.Type{Code: sppb.TypeCode_TIMESTAMP} +} + +func dateProto(d civil.Date) *proto3.Value { + return stringProto(d.String()) +} + +func dateType() *sppb.Type { + return &sppb.Type{Code: sppb.TypeCode_DATE} +} + +func listProto(p ...*proto3.Value) *proto3.Value { + return &proto3.Value{Kind: &proto3.Value_ListValue{ListValue: &proto3.ListValue{Values: p}}} +} + +func listValueProto(p ...*proto3.Value) *proto3.ListValue { + return &proto3.ListValue{Values: p} +} + +func listType(t *sppb.Type) *sppb.Type { + return &sppb.Type{Code: sppb.TypeCode_ARRAY, ArrayElementType: t} +} + +func mkField(n string, t *sppb.Type) *sppb.StructType_Field { + return &sppb.StructType_Field{Name: n, Type: t} +} + +func structType(fields ...*sppb.StructType_Field) *sppb.Type { + return &sppb.Type{Code: sppb.TypeCode_STRUCT, StructType: &sppb.StructType{Fields: fields}} +} + +func nullProto() *proto3.Value { + return &proto3.Value{Kind: &proto3.Value_NullValue{NullValue: proto3.NullValue_NULL_VALUE}} +} diff --git a/vendor/cloud.google.com/go/spanner/read.go b/vendor/cloud.google.com/go/spanner/read.go new file mode 100644 index 000000000000..645c84d5a5cd --- /dev/null +++ b/vendor/cloud.google.com/go/spanner/read.go @@ -0,0 +1,704 @@ +/* +Copyright 2017 Google Inc. All Rights Reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package spanner + +import ( + "bytes" + "io" + "log" + "sync/atomic" + "time" + + "cloud.google.com/go/internal/protostruct" + proto "github.com/golang/protobuf/proto" + proto3 "github.com/golang/protobuf/ptypes/struct" + "golang.org/x/net/context" + "google.golang.org/api/iterator" + sppb "google.golang.org/genproto/googleapis/spanner/v1" + "google.golang.org/grpc/codes" +) + +// streamingReceiver is the interface for receiving data from a client side +// stream. +type streamingReceiver interface { + Recv() (*sppb.PartialResultSet, error) +} + +// errEarlyReadEnd returns error for read finishes when gRPC stream is still active. +func errEarlyReadEnd() error { + return spannerErrorf(codes.FailedPrecondition, "read completed with active stream") +} + +// stream is the internal fault tolerant method for streaming data from +// Cloud Spanner. +func stream(ctx context.Context, rpc func(ct context.Context, resumeToken []byte) (streamingReceiver, error), setTimestamp func(time.Time), release func(error)) *RowIterator { + ctx, cancel := context.WithCancel(ctx) + ctx = traceStartSpan(ctx, "cloud.google.com/go/spanner.RowIterator") + return &RowIterator{ + streamd: newResumableStreamDecoder(ctx, rpc), + rowd: &partialResultSetDecoder{}, + setTimestamp: setTimestamp, + release: release, + cancel: cancel, + } +} + +// RowIterator is an iterator over Rows. +type RowIterator struct { + // The plan for the query. Available after RowIterator.Next returns iterator.Done + // if QueryWithStats was called. + QueryPlan *sppb.QueryPlan + + // Execution statistics for the query. Available after RowIterator.Next returns iterator.Done + // if QueryWithStats was called. + QueryStats map[string]interface{} + + streamd *resumableStreamDecoder + rowd *partialResultSetDecoder + setTimestamp func(time.Time) + release func(error) + cancel func() + err error + rows []*Row +} + +// Next returns the next result. Its second return value is iterator.Done if +// there are no more results. Once Next returns Done, all subsequent calls +// will return Done. +func (r *RowIterator) Next() (*Row, error) { + if r.err != nil { + return nil, r.err + } + for len(r.rows) == 0 && r.streamd.next() { + prs := r.streamd.get() + if prs.Stats != nil { + r.QueryPlan = prs.Stats.QueryPlan + r.QueryStats = protostruct.DecodeToMap(prs.Stats.QueryStats) + } + r.rows, r.err = r.rowd.add(prs) + if r.err != nil { + return nil, r.err + } + if !r.rowd.ts.IsZero() && r.setTimestamp != nil { + r.setTimestamp(r.rowd.ts) + r.setTimestamp = nil + } + } + if len(r.rows) > 0 { + row := r.rows[0] + r.rows = r.rows[1:] + return row, nil + } + if err := r.streamd.lastErr(); err != nil { + r.err = toSpannerError(err) + } else if !r.rowd.done() { + r.err = errEarlyReadEnd() + } else { + r.err = iterator.Done + } + return nil, r.err +} + +// Do calls the provided function once in sequence for each row in the iteration. If the +// function returns a non-nil error, Do immediately returns that error. +// +// If there are no rows in the iterator, Do will return nil without calling the +// provided function. +// +// Do always calls Stop on the iterator. +func (r *RowIterator) Do(f func(r *Row) error) error { + defer r.Stop() + for { + row, err := r.Next() + switch err { + case iterator.Done: + return nil + case nil: + if err = f(row); err != nil { + return err + } + default: + return err + } + } +} + +// Stop terminates the iteration. It should be called after every iteration. +func (r *RowIterator) Stop() { + if r.streamd != nil { + defer traceEndSpan(r.streamd.ctx, r.err) + } + if r.cancel != nil { + r.cancel() + } + if r.release != nil { + r.release(r.err) + if r.err == nil { + r.err = spannerErrorf(codes.FailedPrecondition, "Next called after Stop") + } + r.release = nil + + } +} + +// partialResultQueue implements a simple FIFO queue. The zero value is a +// valid queue. +type partialResultQueue struct { + q []*sppb.PartialResultSet + first int + last int + n int // number of elements in queue +} + +// empty returns if the partialResultQueue is empty. +func (q *partialResultQueue) empty() bool { + return q.n == 0 +} + +// errEmptyQueue returns error for dequeuing an empty queue. +func errEmptyQueue() error { + return spannerErrorf(codes.OutOfRange, "empty partialResultQueue") +} + +// peekLast returns the last item in partialResultQueue; if the queue +// is empty, it returns error. +func (q *partialResultQueue) peekLast() (*sppb.PartialResultSet, error) { + if q.empty() { + return nil, errEmptyQueue() + } + return q.q[(q.last+cap(q.q)-1)%cap(q.q)], nil +} + +// push adds an item to the tail of partialResultQueue. +func (q *partialResultQueue) push(r *sppb.PartialResultSet) { + if q.q == nil { + q.q = make([]*sppb.PartialResultSet, 8 /* arbitrary */) + } + if q.n == cap(q.q) { + buf := make([]*sppb.PartialResultSet, cap(q.q)*2) + for i := 0; i < q.n; i++ { + buf[i] = q.q[(q.first+i)%cap(q.q)] + } + q.q = buf + q.first = 0 + q.last = q.n + } + q.q[q.last] = r + q.last = (q.last + 1) % cap(q.q) + q.n++ +} + +// pop removes an item from the head of partialResultQueue and returns +// it. +func (q *partialResultQueue) pop() *sppb.PartialResultSet { + if q.n == 0 { + return nil + } + r := q.q[q.first] + q.q[q.first] = nil + q.first = (q.first + 1) % cap(q.q) + q.n-- + return r +} + +// clear empties partialResultQueue. +func (q *partialResultQueue) clear() { + *q = partialResultQueue{} +} + +// dump retrieves all items from partialResultQueue and return them in a slice. +// It is used only in tests. +func (q *partialResultQueue) dump() []*sppb.PartialResultSet { + var dq []*sppb.PartialResultSet + for i := q.first; len(dq) < q.n; i = (i + 1) % cap(q.q) { + dq = append(dq, q.q[i]) + } + return dq +} + +// resumableStreamDecoderState encodes resumableStreamDecoder's status. +// See also the comments for resumableStreamDecoder.Next. +type resumableStreamDecoderState int + +const ( + unConnected resumableStreamDecoderState = iota // 0 + queueingRetryable // 1 + queueingUnretryable // 2 + aborted // 3 + finished // 4 +) + +// resumableStreamDecoder provides a resumable interface for receiving +// sppb.PartialResultSet(s) from a given query wrapped by +// resumableStreamDecoder.rpc(). +type resumableStreamDecoder struct { + // state is the current status of resumableStreamDecoder, see also + // the comments for resumableStreamDecoder.Next. + state resumableStreamDecoderState + // stateWitness when non-nil is called to observe state change, + // used for testing. + stateWitness func(resumableStreamDecoderState) + // ctx is the caller's context, used for cancel/timeout Next(). + ctx context.Context + // rpc is a factory of streamingReceiver, which might resume + // a pervious stream from the point encoded in restartToken. + // rpc is always a wrapper of a Cloud Spanner query which is + // resumable. + rpc func(ctx context.Context, restartToken []byte) (streamingReceiver, error) + // stream is the current RPC streaming receiver. + stream streamingReceiver + // q buffers received yet undecoded partial results. + q partialResultQueue + // bytesBetweenResumeTokens is the proxy of the byte size of PartialResultSets being queued + // between two resume tokens. Once bytesBetweenResumeTokens is greater than + // maxBytesBetweenResumeTokens, resumableStreamDecoder goes into queueingUnretryable state. + bytesBetweenResumeTokens int32 + // maxBytesBetweenResumeTokens is the max number of bytes that can be buffered + // between two resume tokens. It is always copied from the global maxBytesBetweenResumeTokens + // atomically. + maxBytesBetweenResumeTokens int32 + // np is the next sppb.PartialResultSet ready to be returned + // to caller of resumableStreamDecoder.Get(). + np *sppb.PartialResultSet + // resumeToken stores the resume token that resumableStreamDecoder has + // last revealed to caller. + resumeToken []byte + // retryCount is the number of retries that have been carried out so far + retryCount int + // err is the last error resumableStreamDecoder has encountered so far. + err error + // backoff to compute delays between retries. + backoff exponentialBackoff +} + +// newResumableStreamDecoder creates a new resumeableStreamDecoder instance. +// Parameter rpc should be a function that creates a new stream +// beginning at the restartToken if non-nil. +func newResumableStreamDecoder(ctx context.Context, rpc func(ct context.Context, restartToken []byte) (streamingReceiver, error)) *resumableStreamDecoder { + return &resumableStreamDecoder{ + ctx: ctx, + rpc: rpc, + maxBytesBetweenResumeTokens: atomic.LoadInt32(&maxBytesBetweenResumeTokens), + backoff: defaultBackoff, + } +} + +// changeState fulfills state transition for resumableStateDecoder. +func (d *resumableStreamDecoder) changeState(target resumableStreamDecoderState) { + if d.state == queueingRetryable && d.state != target { + // Reset bytesBetweenResumeTokens because it is only meaningful/changed under + // queueingRetryable state. + d.bytesBetweenResumeTokens = 0 + } + d.state = target + if d.stateWitness != nil { + d.stateWitness(target) + } +} + +// isNewResumeToken returns if the observed resume token is different from +// the one returned from server last time. +func (d *resumableStreamDecoder) isNewResumeToken(rt []byte) bool { + if rt == nil { + return false + } + if bytes.Compare(rt, d.resumeToken) == 0 { + return false + } + return true +} + +// Next advances to the next available partial result set. If error or no +// more, returns false, call Err to determine if an error was encountered. +// The following diagram illustrates the state machine of resumableStreamDecoder +// that Next() implements. Note that state transition can be only triggered by +// RPC activities. +/* + rpc() fails retryable + +---------+ + | | rpc() fails unretryable/ctx timeouts or cancelled + | | +------------------------------------------------+ + | | | | + | v | v + | +---+---+---+ +--------+ +------+--+ + +-----+unConnected| |finished| | aborted |<----+ + | | ++-----+-+ +------+--+ | + +---+----+--+ ^ ^ ^ | + | ^ | | | | + | | | | recv() fails | + | | | | | | + | |recv() fails retryable | | | | + | |with valid ctx | | | | + | | | | | | + rpc() succeeds | +-----------------------+ | | | + | | | recv EOF recv EOF | | + | | | | | | + v | | Queue size exceeds | | | + +---+----+---+----+threshold +-------+-----------+ | | ++---------->+ +--------------->+ +-+ | +| |queueingRetryable| |queueingUnretryable| | +| | +<---------------+ | | +| +---+----------+--+ pop() returns +--+----+-----------+ | +| | | resume token | ^ | +| | | | | | +| | | | | | ++---------------+ | | | | + recv() succeeds | +----+ | + | recv() succeeds | + | | + | | + | | + | | + | | + +--------------------------------------------------+ + recv() fails unretryable + +*/ +var ( + // maxBytesBetweenResumeTokens is the maximum amount of bytes that resumableStreamDecoder + // in queueingRetryable state can use to queue PartialResultSets before getting + // into queueingUnretryable state. + maxBytesBetweenResumeTokens = int32(128 * 1024 * 1024) +) + +func (d *resumableStreamDecoder) next() bool { + for { + select { + case <-d.ctx.Done(): + // Do context check here so that even gRPC failed to do + // so, resumableStreamDecoder can still break the loop + // as expected. + d.err = errContextCanceled(d.ctx, d.err) + d.changeState(aborted) + default: + } + switch d.state { + case unConnected: + // If no gRPC stream is available, try to initiate one. + if d.stream, d.err = d.rpc(d.ctx, d.resumeToken); d.err != nil { + if isRetryable(d.err) { + d.doBackOff() + // Be explicit about state transition, although the + // state doesn't actually change. State transition + // will be triggered only by RPC activity, regardless of + // whether there is an actual state change or not. + d.changeState(unConnected) + continue + } + d.changeState(aborted) + continue + } + d.resetBackOff() + d.changeState(queueingRetryable) + continue + case queueingRetryable: + fallthrough + case queueingUnretryable: + // Receiving queue is not empty. + last, err := d.q.peekLast() + if err != nil { + // Only the case that receiving queue is empty could cause peekLast to + // return error and in such case, we should try to receive from stream. + d.tryRecv() + continue + } + if d.isNewResumeToken(last.ResumeToken) { + // Got new resume token, return buffered sppb.PartialResultSets to caller. + d.np = d.q.pop() + if d.q.empty() { + d.bytesBetweenResumeTokens = 0 + // The new resume token was just popped out from queue, record it. + d.resumeToken = d.np.ResumeToken + d.changeState(queueingRetryable) + } + return true + } + if d.bytesBetweenResumeTokens >= d.maxBytesBetweenResumeTokens && d.state == queueingRetryable { + d.changeState(queueingUnretryable) + continue + } + if d.state == queueingUnretryable { + // When there is no resume token observed, + // only yield sppb.PartialResultSets to caller under + // queueingUnretryable state. + d.np = d.q.pop() + return true + } + // Needs to receive more from gRPC stream till a new resume token + // is observed. + d.tryRecv() + continue + case aborted: + // Discard all pending items because none of them + // should be yield to caller. + d.q.clear() + return false + case finished: + // If query has finished, check if there are still buffered messages. + if d.q.empty() { + // No buffered PartialResultSet. + return false + } + // Although query has finished, there are still buffered PartialResultSets. + d.np = d.q.pop() + return true + + default: + log.Printf("Unexpected resumableStreamDecoder.state: %v", d.state) + return false + } + } +} + +// tryRecv attempts to receive a PartialResultSet from gRPC stream. +func (d *resumableStreamDecoder) tryRecv() { + var res *sppb.PartialResultSet + if res, d.err = d.stream.Recv(); d.err != nil { + if d.err == io.EOF { + d.err = nil + d.changeState(finished) + return + } + if isRetryable(d.err) && d.state == queueingRetryable { + d.err = nil + // Discard all queue items (none have resume tokens). + d.q.clear() + d.stream = nil + d.changeState(unConnected) + d.doBackOff() + return + } + d.changeState(aborted) + return + } + d.q.push(res) + if d.state == queueingRetryable && !d.isNewResumeToken(res.ResumeToken) { + // adjusting d.bytesBetweenResumeTokens + d.bytesBetweenResumeTokens += int32(proto.Size(res)) + } + d.resetBackOff() + d.changeState(d.state) +} + +// resetBackOff clears the internal retry counter of +// resumableStreamDecoder so that the next exponential +// backoff will start at a fresh state. +func (d *resumableStreamDecoder) resetBackOff() { + d.retryCount = 0 +} + +// doBackoff does an exponential backoff sleep. +func (d *resumableStreamDecoder) doBackOff() { + delay := d.backoff.delay(d.retryCount) + tracePrintf(d.ctx, nil, "Backing off stream read for %s", delay) + ticker := time.NewTicker(delay) + defer ticker.Stop() + d.retryCount++ + select { + case <-d.ctx.Done(): + case <-ticker.C: + } +} + +// get returns the most recent PartialResultSet generated by a call to next. +func (d *resumableStreamDecoder) get() *sppb.PartialResultSet { + return d.np +} + +// lastErr returns the last non-EOF error encountered. +func (d *resumableStreamDecoder) lastErr() error { + return d.err +} + +// partialResultSetDecoder assembles PartialResultSet(s) into Cloud Spanner +// Rows. +type partialResultSetDecoder struct { + row Row + tx *sppb.Transaction + chunked bool // if true, next value should be merged with last values entry. + ts time.Time // read timestamp +} + +// yield checks we have a complete row, and if so returns it. A row is not +// complete if it doesn't have enough columns, or if this is a chunked response +// and there are no further values to process. +func (p *partialResultSetDecoder) yield(chunked, last bool) *Row { + if len(p.row.vals) == len(p.row.fields) && (!chunked || !last) { + // When partialResultSetDecoder gets enough number of + // Column values, There are two cases that a new Row + // should be yield: + // 1. The incoming PartialResultSet is not chunked; + // 2. The incoming PartialResultSet is chunked, but the + // proto3.Value being merged is not the last one in + // the PartialResultSet. + // + // Use a fresh Row to simplify clients that want to use yielded results + // after the next row is retrieved. Note that fields is never changed + // so it doesn't need to be copied. + fresh := Row{ + fields: p.row.fields, + vals: make([]*proto3.Value, len(p.row.vals)), + } + copy(fresh.vals, p.row.vals) + p.row.vals = p.row.vals[:0] // empty and reuse slice + return &fresh + } + return nil +} + +// yieldTx returns transaction information via caller supplied callback. +func errChunkedEmptyRow() error { + return spannerErrorf(codes.FailedPrecondition, "got invalid chunked PartialResultSet with empty Row") +} + +// add tries to merge a new PartialResultSet into buffered Row. It returns +// any rows that have been completed as a result. +func (p *partialResultSetDecoder) add(r *sppb.PartialResultSet) ([]*Row, error) { + var rows []*Row + if r.Metadata != nil { + // Metadata should only be returned in the first result. + if p.row.fields == nil { + p.row.fields = r.Metadata.RowType.Fields + } + if p.tx == nil && r.Metadata.Transaction != nil { + p.tx = r.Metadata.Transaction + if p.tx.ReadTimestamp != nil { + p.ts = time.Unix(p.tx.ReadTimestamp.Seconds, int64(p.tx.ReadTimestamp.Nanos)) + } + } + } + if len(r.Values) == 0 { + return nil, nil + } + if p.chunked { + p.chunked = false + // Try to merge first value in r.Values into + // uncompleted row. + last := len(p.row.vals) - 1 + if last < 0 { // sanity check + return nil, errChunkedEmptyRow() + } + var err error + // If p is chunked, then we should always try to merge p.last with r.first. + if p.row.vals[last], err = p.merge(p.row.vals[last], r.Values[0]); err != nil { + return nil, err + } + r.Values = r.Values[1:] + // Merge is done, try to yield a complete Row. + if row := p.yield(r.ChunkedValue, len(r.Values) == 0); row != nil { + rows = append(rows, row) + } + } + for i, v := range r.Values { + // The rest values in r can be appened into p directly. + p.row.vals = append(p.row.vals, v) + // Again, check to see if a complete Row can be yielded because of + // the newly added value. + if row := p.yield(r.ChunkedValue, i == len(r.Values)-1); row != nil { + rows = append(rows, row) + } + } + if r.ChunkedValue { + // After dealing with all values in r, if r is chunked then p must + // be also chunked. + p.chunked = true + } + return rows, nil +} + +// isMergeable returns if a protobuf Value can be potentially merged with +// other protobuf Values. +func (p *partialResultSetDecoder) isMergeable(a *proto3.Value) bool { + switch a.Kind.(type) { + case *proto3.Value_StringValue: + return true + case *proto3.Value_ListValue: + return true + default: + return false + } +} + +// errIncompatibleMergeTypes returns error for incompatible protobuf types +// that cannot be merged by partialResultSetDecoder. +func errIncompatibleMergeTypes(a, b *proto3.Value) error { + return spannerErrorf(codes.FailedPrecondition, "incompatible type in chunked PartialResultSet. expected (%T), got (%T)", a.Kind, b.Kind) +} + +// errUnsupportedMergeType returns error for protobuf type that cannot be +// merged to other protobufs. +func errUnsupportedMergeType(a *proto3.Value) error { + return spannerErrorf(codes.FailedPrecondition, "unsupported type merge (%T)", a.Kind) +} + +// merge tries to combine two protobuf Values if possible. +func (p *partialResultSetDecoder) merge(a, b *proto3.Value) (*proto3.Value, error) { + var err error + typeErr := errIncompatibleMergeTypes(a, b) + switch t := a.Kind.(type) { + case *proto3.Value_StringValue: + s, ok := b.Kind.(*proto3.Value_StringValue) + if !ok { + return nil, typeErr + } + return &proto3.Value{ + Kind: &proto3.Value_StringValue{StringValue: t.StringValue + s.StringValue}, + }, nil + case *proto3.Value_ListValue: + l, ok := b.Kind.(*proto3.Value_ListValue) + if !ok { + return nil, typeErr + } + if l.ListValue == nil || len(l.ListValue.Values) <= 0 { + // b is an empty list, just return a. + return a, nil + } + if t.ListValue == nil || len(t.ListValue.Values) <= 0 { + // a is an empty list, just return b. + return b, nil + } + if la := len(t.ListValue.Values) - 1; p.isMergeable(t.ListValue.Values[la]) { + // When the last item in a is of type String, + // List or Struct(encoded into List by Cloud Spanner), + // try to Merge last item in a and first item in b. + t.ListValue.Values[la], err = p.merge(t.ListValue.Values[la], l.ListValue.Values[0]) + if err != nil { + return nil, err + } + l.ListValue.Values = l.ListValue.Values[1:] + } + return &proto3.Value{ + Kind: &proto3.Value_ListValue{ + ListValue: &proto3.ListValue{ + Values: append(t.ListValue.Values, l.ListValue.Values...), + }, + }, + }, nil + default: + return nil, errUnsupportedMergeType(a) + } + +} + +// Done returns if partialResultSetDecoder has already done with all buffered +// values. +func (p *partialResultSetDecoder) done() bool { + // There is no explicit end of stream marker, but ending part way + // through a row is obviously bad, or ending with the last column still + // awaiting completion. + return len(p.row.vals) == 0 && !p.chunked +} diff --git a/vendor/cloud.google.com/go/spanner/retry.go b/vendor/cloud.google.com/go/spanner/retry.go new file mode 100644 index 000000000000..288c985f2ceb --- /dev/null +++ b/vendor/cloud.google.com/go/spanner/retry.go @@ -0,0 +1,198 @@ +/* +Copyright 2017 Google Inc. All Rights Reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package spanner + +import ( + "fmt" + "strings" + "time" + + "github.com/golang/protobuf/proto" + "github.com/golang/protobuf/ptypes" + "golang.org/x/net/context" + edpb "google.golang.org/genproto/googleapis/rpc/errdetails" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/metadata" +) + +const ( + retryInfoKey = "google.rpc.retryinfo-bin" +) + +// errRetry returns an unavailable error under error namespace EsOther. It is a +// generic retryable error that is used to mask and recover unretryable errors +// in a retry loop. +func errRetry(err error) error { + if se, ok := err.(*Error); ok { + return &Error{codes.Unavailable, fmt.Sprintf("generic Cloud Spanner retryable error: { %v }", se.Error()), se.trailers} + } + return spannerErrorf(codes.Unavailable, "generic Cloud Spanner retryable error: { %v }", err.Error()) +} + +// isErrorClosing reports whether the error is generated by gRPC layer talking to a closed server. +func isErrorClosing(err error) bool { + if err == nil { + return false + } + if ErrCode(err) == codes.Internal && strings.Contains(ErrDesc(err), "transport is closing") { + // Handle the case when connection is closed unexpectedly. + // TODO: once gRPC is able to categorize + // this as retryable error, we should stop parsing the + // error message here. + return true + } + return false +} + +// isErrorRST reports whether the error is generated by gRPC client receiving a RST frame from server. +func isErrorRST(err error) bool { + if err == nil { + return false + } + if ErrCode(err) == codes.Internal && strings.Contains(ErrDesc(err), "stream terminated by RST_STREAM") { + // TODO: once gRPC is able to categorize this error as "go away" or "retryable", + // we should stop parsing the error message. + return true + } + return false +} + +// isErrorUnexpectedEOF returns true if error is generated by gRPC layer +// receiving io.EOF unexpectedly. +func isErrorUnexpectedEOF(err error) bool { + if err == nil { + return false + } + if ErrCode(err) == codes.Unknown && strings.Contains(ErrDesc(err), "unexpected EOF") { + // Unexpected EOF is an transport layer issue that + // could be recovered by retries. The most likely + // scenario is a flaky RecvMsg() call due to network + // issues. + // TODO: once gRPC is able to categorize + // this as retryable error, we should stop parsing the + // error message here. + return true + } + return false +} + +// isErrorUnavailable returns true if the error is about server being unavailable. +func isErrorUnavailable(err error) bool { + if err == nil { + return false + } + if ErrCode(err) == codes.Unavailable { + return true + } + return false +} + +// isRetryable returns true if the Cloud Spanner error being checked is a retryable error. +func isRetryable(err error) bool { + if isErrorClosing(err) { + return true + } + if isErrorUnexpectedEOF(err) { + return true + } + if isErrorRST(err) { + return true + } + if isErrorUnavailable(err) { + return true + } + return false +} + +// errContextCanceled returns *spanner.Error for canceled context. +func errContextCanceled(ctx context.Context, lastErr error) error { + if ctx.Err() == context.DeadlineExceeded { + return spannerErrorf(codes.DeadlineExceeded, "%v, lastErr is <%v>", ctx.Err(), lastErr) + } + return spannerErrorf(codes.Canceled, "%v, lastErr is <%v>", ctx.Err(), lastErr) +} + +// extractRetryDelay extracts retry backoff if present. +func extractRetryDelay(err error) (time.Duration, bool) { + trailers := errTrailers(err) + if trailers == nil { + return 0, false + } + elem, ok := trailers[retryInfoKey] + if !ok || len(elem) <= 0 { + return 0, false + } + _, b, err := metadata.DecodeKeyValue(retryInfoKey, elem[0]) + if err != nil { + return 0, false + } + var retryInfo edpb.RetryInfo + if proto.Unmarshal([]byte(b), &retryInfo) != nil { + return 0, false + } + delay, err := ptypes.Duration(retryInfo.RetryDelay) + if err != nil { + return 0, false + } + return delay, true +} + +// runRetryable keeps attempting to run f until one of the following happens: +// 1) f returns nil error or an unretryable error; +// 2) context is cancelled or timeout. +// TODO: consider using https://github.com/googleapis/gax-go once it +// becomes available internally. +func runRetryable(ctx context.Context, f func(context.Context) error) error { + return toSpannerError(runRetryableNoWrap(ctx, f)) +} + +// Like runRetryable, but doesn't wrap the returned error in a spanner.Error. +func runRetryableNoWrap(ctx context.Context, f func(context.Context) error) error { + var funcErr error + retryCount := 0 + for { + select { + case <-ctx.Done(): + // Do context check here so that even f() failed to do + // so (for example, gRPC implementation bug), the loop + // can still have a chance to exit as expected. + return errContextCanceled(ctx, funcErr) + default: + } + funcErr = f(ctx) + if funcErr == nil { + return nil + } + if isRetryable(funcErr) { + // Error is retryable, do exponential backoff and continue. + b, ok := extractRetryDelay(funcErr) + if !ok { + b = defaultBackoff.delay(retryCount) + } + tracePrintf(ctx, nil, "Backing off for %s, then retrying", b) + select { + case <-ctx.Done(): + return errContextCanceled(ctx, funcErr) + case <-time.After(b): + } + retryCount++ + continue + } + // Error isn't retryable / no error, return immediately. + return funcErr + } +} diff --git a/vendor/cloud.google.com/go/spanner/row.go b/vendor/cloud.google.com/go/spanner/row.go new file mode 100644 index 000000000000..200fda55a5cf --- /dev/null +++ b/vendor/cloud.google.com/go/spanner/row.go @@ -0,0 +1,303 @@ +/* +Copyright 2017 Google Inc. All Rights Reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package spanner + +import ( + "fmt" + "reflect" + + proto3 "github.com/golang/protobuf/ptypes/struct" + + sppb "google.golang.org/genproto/googleapis/spanner/v1" + "google.golang.org/grpc/codes" +) + +// A Row is a view of a row of data returned by a Cloud Spanner read. +// It consists of a number of columns; the number depends on the columns +// used to construct the read. +// +// The column values can be accessed by index. For instance, if the read specified +// []string{"photo_id", "caption"}, then each row will contain two +// columns: "photo_id" with index 0, and "caption" with index 1. +// +// Column values are decoded by using one of the Column, ColumnByName, or +// Columns methods. The valid values passed to these methods depend on the +// column type. For example: +// +// var photoID int64 +// err := row.Column(0, &photoID) // Decode column 0 as an integer. +// +// var caption string +// err := row.Column(1, &caption) // Decode column 1 as a string. +// +// // Decode all the columns. +// err := row.Columns(&photoID, &caption) +// +// Supported types and their corresponding Cloud Spanner column type(s) are: +// +// *string(not NULL), *NullString - STRING +// *[]string, *[]NullString - STRING ARRAY +// *[]byte - BYTES +// *[][]byte - BYTES ARRAY +// *int64(not NULL), *NullInt64 - INT64 +// *[]int64, *[]NullInt64 - INT64 ARRAY +// *bool(not NULL), *NullBool - BOOL +// *[]bool, *[]NullBool - BOOL ARRAY +// *float64(not NULL), *NullFloat64 - FLOAT64 +// *[]float64, *[]NullFloat64 - FLOAT64 ARRAY +// *time.Time(not NULL), *NullTime - TIMESTAMP +// *[]time.Time, *[]NullTime - TIMESTAMP ARRAY +// *Date(not NULL), *NullDate - DATE +// *[]civil.Date, *[]NullDate - DATE ARRAY +// *[]*some_go_struct, *[]NullRow - STRUCT ARRAY +// *GenericColumnValue - any Cloud Spanner type +// +// For TIMESTAMP columns, the returned time.Time object will be in UTC. +// +// To fetch an array of BYTES, pass a *[][]byte. To fetch an array of (sub)rows, pass +// a *[]spanner.NullRow or a *[]*some_go_struct where some_go_struct holds all +// information of the subrow, see spanner.Row.ToStruct for the mapping between a +// Cloud Spanner row and a Go struct. To fetch an array of other types, pass a +// *[]spanner.NullXXX type of the appropriate type. Use GenericColumnValue when you +// don't know in advance what column type to expect. +// +// Row decodes the row contents lazily; as a result, each call to a getter has +// a chance of returning an error. +// +// A column value may be NULL if the corresponding value is not present in +// Cloud Spanner. The spanner.NullXXX types (spanner.NullInt64 et al.) allow fetching +// values that may be null. A NULL BYTES can be fetched into a *[]byte as nil. +// It is an error to fetch a NULL value into any other type. +type Row struct { + fields []*sppb.StructType_Field + vals []*proto3.Value // keep decoded for now +} + +// errNamesValuesMismatch returns error for when columnNames count is not equal +// to columnValues count. +func errNamesValuesMismatch(columnNames []string, columnValues []interface{}) error { + return spannerErrorf(codes.FailedPrecondition, + "different number of names(%v) and values(%v)", len(columnNames), len(columnValues)) +} + +// NewRow returns a Row containing the supplied data. This can be useful for +// mocking Cloud Spanner Read and Query responses for unit testing. +func NewRow(columnNames []string, columnValues []interface{}) (*Row, error) { + if len(columnValues) != len(columnNames) { + return nil, errNamesValuesMismatch(columnNames, columnValues) + } + r := Row{ + fields: make([]*sppb.StructType_Field, len(columnValues)), + vals: make([]*proto3.Value, len(columnValues)), + } + for i := range columnValues { + val, typ, err := encodeValue(columnValues[i]) + if err != nil { + return nil, err + } + r.fields[i] = &sppb.StructType_Field{ + Name: columnNames[i], + Type: typ, + } + r.vals[i] = val + } + return &r, nil +} + +// Size is the number of columns in the row. +func (r *Row) Size() int { + return len(r.fields) +} + +// ColumnName returns the name of column i, or empty string for invalid column. +func (r *Row) ColumnName(i int) string { + if i < 0 || i >= len(r.fields) { + return "" + } + return r.fields[i].Name +} + +// ColumnIndex returns the index of the column with the given name. The +// comparison is case-sensitive. +func (r *Row) ColumnIndex(name string) (int, error) { + found := false + var index int + if len(r.vals) != len(r.fields) { + return 0, errFieldsMismatchVals(r) + } + for i, f := range r.fields { + if f == nil { + return 0, errNilColType(i) + } + if name == f.Name { + if found { + return 0, errDupColName(name) + } + found = true + index = i + } + } + if !found { + return 0, errColNotFound(name) + } + return index, nil +} + +// ColumnNames returns all column names of the row. +func (r *Row) ColumnNames() []string { + var n []string + for _, c := range r.fields { + n = append(n, c.Name) + } + return n +} + +// errColIdxOutOfRange returns error for requested column index is out of the +// range of the target Row's columns. +func errColIdxOutOfRange(i int, r *Row) error { + return spannerErrorf(codes.OutOfRange, "column index %d out of range [0,%d)", i, len(r.vals)) +} + +// errDecodeColumn returns error for not being able to decode a indexed column. +func errDecodeColumn(i int, err error) error { + if err == nil { + return nil + } + se, ok := toSpannerError(err).(*Error) + if !ok { + return spannerErrorf(codes.InvalidArgument, "failed to decode column %v, error = <%v>", i, err) + } + se.decorate(fmt.Sprintf("failed to decode column %v", i)) + return se +} + +// errFieldsMismatchVals returns error for field count isn't equal to value count in a Row. +func errFieldsMismatchVals(r *Row) error { + return spannerErrorf(codes.FailedPrecondition, "row has different number of fields(%v) and values(%v)", + len(r.fields), len(r.vals)) +} + +// errNilColType returns error for column type for column i being nil in the row. +func errNilColType(i int) error { + return spannerErrorf(codes.FailedPrecondition, "column(%v)'s type is nil", i) +} + +// Column fetches the value from the ith column, decoding it into ptr. +// See the Row documentation for the list of acceptable argument types. +// see Client.ReadWriteTransaction for an example. +func (r *Row) Column(i int, ptr interface{}) error { + if len(r.vals) != len(r.fields) { + return errFieldsMismatchVals(r) + } + if i < 0 || i >= len(r.fields) { + return errColIdxOutOfRange(i, r) + } + if r.fields[i] == nil { + return errNilColType(i) + } + if err := decodeValue(r.vals[i], r.fields[i].Type, ptr); err != nil { + return errDecodeColumn(i, err) + } + return nil +} + +// errDupColName returns error for duplicated column name in the same row. +func errDupColName(n string) error { + return spannerErrorf(codes.FailedPrecondition, "ambiguous column name %q", n) +} + +// errColNotFound returns error for not being able to find a named column. +func errColNotFound(n string) error { + return spannerErrorf(codes.NotFound, "column %q not found", n) +} + +// ColumnByName fetches the value from the named column, decoding it into ptr. +// See the Row documentation for the list of acceptable argument types. +func (r *Row) ColumnByName(name string, ptr interface{}) error { + index, err := r.ColumnIndex(name) + if err != nil { + return err + } + return r.Column(index, ptr) +} + +// errNumOfColValue returns error for providing wrong number of values to Columns. +func errNumOfColValue(n int, r *Row) error { + return spannerErrorf(codes.InvalidArgument, + "Columns(): number of arguments (%d) does not match row size (%d)", n, len(r.vals)) +} + +// Columns fetches all the columns in the row at once. +// +// The value of the kth column will be decoded into the kth argument to Columns. See +// Row for the list of acceptable argument types. The number of arguments must be +// equal to the number of columns. Pass nil to specify that a column should be +// ignored. +func (r *Row) Columns(ptrs ...interface{}) error { + if len(ptrs) != len(r.vals) { + return errNumOfColValue(len(ptrs), r) + } + if len(r.vals) != len(r.fields) { + return errFieldsMismatchVals(r) + } + for i, p := range ptrs { + if p == nil { + continue + } + if err := r.Column(i, p); err != nil { + return err + } + } + return nil +} + +// errToStructArgType returns error for p not having the correct data type(pointer to Go struct) to +// be the argument of Row.ToStruct. +func errToStructArgType(p interface{}) error { + return spannerErrorf(codes.InvalidArgument, "ToStruct(): type %T is not a valid pointer to Go struct", p) +} + +// ToStruct fetches the columns in a row into the fields of a struct. +// The rules for mapping a row's columns into a struct's exported fields +// are as the following: +// 1. If a field has a `spanner: "column_name"` tag, then decode column +// 'column_name' into the field. A special case is the `spanner: "-"` +// tag, which instructs ToStruct to ignore the field during decoding. +// 2. Otherwise, if the name of a field matches the name of a column (ignoring case), +// decode the column into the field. +// +// The fields of the destination struct can be of any type that is acceptable +// to spanner.Row.Column. +// +// Slice and pointer fields will be set to nil if the source column is NULL, and a +// non-nil value if the column is not NULL. To decode NULL values of other types, use +// one of the spanner.NullXXX types as the type of the destination field. +func (r *Row) ToStruct(p interface{}) error { + // Check if p is a pointer to a struct + if t := reflect.TypeOf(p); t == nil || t.Kind() != reflect.Ptr || t.Elem().Kind() != reflect.Struct { + return errToStructArgType(p) + } + if len(r.vals) != len(r.fields) { + return errFieldsMismatchVals(r) + } + // Call decodeStruct directly to decode the row as a typed proto.ListValue. + return decodeStruct( + &sppb.StructType{Fields: r.fields}, + &proto3.ListValue{Values: r.vals}, + p, + ) +} diff --git a/vendor/cloud.google.com/go/spanner/session.go b/vendor/cloud.google.com/go/spanner/session.go new file mode 100644 index 000000000000..216e139e32a3 --- /dev/null +++ b/vendor/cloud.google.com/go/spanner/session.go @@ -0,0 +1,1075 @@ +/* +Copyright 2017 Google Inc. All Rights Reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package spanner + +import ( + "container/heap" + "container/list" + "fmt" + "log" + "math/rand" + "strings" + "sync" + "time" + + "golang.org/x/net/context" + + sppb "google.golang.org/genproto/googleapis/spanner/v1" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/metadata" +) + +// sessionHandle is an interface for transactions to access Cloud Spanner sessions safely. It is generated by sessionPool.take(). +type sessionHandle struct { + // mu guarantees that the inner session object is returned / destroyed only once. + mu sync.Mutex + // session is a pointer to a session object. Transactions never need to access it directly. + session *session +} + +// recycle gives the inner session object back to its home session pool. It is safe to call recycle multiple times but only the first one would take effect. +func (sh *sessionHandle) recycle() { + sh.mu.Lock() + defer sh.mu.Unlock() + if sh.session == nil { + // sessionHandle has already been recycled. + return + } + sh.session.recycle() + sh.session = nil +} + +// getID gets the Cloud Spanner session ID from the internal session object. getID returns empty string if the sessionHandle is nil or the inner session +// object has been released by recycle / destroy. +func (sh *sessionHandle) getID() string { + sh.mu.Lock() + defer sh.mu.Unlock() + if sh.session == nil { + // sessionHandle has already been recycled/destroyed. + return "" + } + return sh.session.getID() +} + +// getClient gets the Cloud Spanner RPC client associated with the session ID in sessionHandle. +func (sh *sessionHandle) getClient() sppb.SpannerClient { + sh.mu.Lock() + defer sh.mu.Unlock() + if sh.session == nil { + return nil + } + return sh.session.client +} + +// getMetadata returns the metadata associated with the session in sessionHandle. +func (sh *sessionHandle) getMetadata() metadata.MD { + sh.mu.Lock() + defer sh.mu.Unlock() + if sh.session == nil { + return nil + } + return sh.session.md +} + +// getTransactionID returns the transaction id in the session if available. +func (sh *sessionHandle) getTransactionID() transactionID { + sh.mu.Lock() + defer sh.mu.Unlock() + if sh.session == nil { + return nil + } + return sh.session.tx +} + +// destroy destroys the inner session object. It is safe to call destroy multiple times and only the first call would attempt to +// destroy the inner session object. +func (sh *sessionHandle) destroy() { + sh.mu.Lock() + s := sh.session + sh.session = nil + sh.mu.Unlock() + if s == nil { + // sessionHandle has already been destroyed. + return + } + s.destroy(false) +} + +// session wraps a Cloud Spanner session ID through which transactions are created and executed. +type session struct { + // client is the RPC channel to Cloud Spanner. It is set only once during session's creation. + client sppb.SpannerClient + // id is the unique id of the session in Cloud Spanner. It is set only once during session's creation. + id string + // pool is the session's home session pool where it was created. It is set only once during session's creation. + pool *sessionPool + // createTime is the timestamp of the session's creation. It is set only once during session's creation. + createTime time.Time + + // mu protects the following fields from concurrent access: both healthcheck workers and transactions can modify them. + mu sync.Mutex + // valid marks the validity of a session. + valid bool + // hcIndex is the index of the session inside the global healthcheck queue. If hcIndex < 0, session has been unregistered from the queue. + hcIndex int + // idleList is the linkedlist node which links the session to its home session pool's idle list. If idleList == nil, the + // session is not in idle list. + idleList *list.Element + // nextCheck is the timestamp of next scheduled healthcheck of the session. It is maintained by the global health checker. + nextCheck time.Time + // checkingHelath is true if currently this session is being processed by health checker. Must be modified under health checker lock. + checkingHealth bool + // md is the Metadata to be sent with each request. + md metadata.MD + // tx contains the transaction id if the session has been prepared for write. + tx transactionID +} + +// isValid returns true if the session is still valid for use. +func (s *session) isValid() bool { + s.mu.Lock() + defer s.mu.Unlock() + return s.valid +} + +// isWritePrepared returns true if the session is prepared for write. +func (s *session) isWritePrepared() bool { + s.mu.Lock() + defer s.mu.Unlock() + return s.tx != nil +} + +// String implements fmt.Stringer for session. +func (s *session) String() string { + s.mu.Lock() + defer s.mu.Unlock() + return fmt.Sprintf("", + s.id, s.hcIndex, s.idleList, s.valid, s.createTime, s.nextCheck) +} + +// ping verifies if the session is still alive in Cloud Spanner. +func (s *session) ping() error { + ctx, cancel := context.WithTimeout(context.Background(), time.Second) + defer cancel() + return runRetryable(ctx, func(ctx context.Context) error { + _, err := s.client.GetSession(contextWithOutgoingMetadata(ctx, s.pool.md), &sppb.GetSessionRequest{Name: s.getID()}) // s.getID is safe even when s is invalid. + return err + }) +} + +// setHcIndex atomically sets the session's index in the healthcheck queue and returns the old index. +func (s *session) setHcIndex(i int) int { + s.mu.Lock() + defer s.mu.Unlock() + oi := s.hcIndex + s.hcIndex = i + return oi +} + +// setIdleList atomically sets the session's idle list link and returns the old link. +func (s *session) setIdleList(le *list.Element) *list.Element { + s.mu.Lock() + defer s.mu.Unlock() + old := s.idleList + s.idleList = le + return old +} + +// invalidate marks a session as invalid and returns the old validity. +func (s *session) invalidate() bool { + s.mu.Lock() + defer s.mu.Unlock() + ov := s.valid + s.valid = false + return ov +} + +// setNextCheck sets the timestamp for next healthcheck on the session. +func (s *session) setNextCheck(t time.Time) { + s.mu.Lock() + defer s.mu.Unlock() + s.nextCheck = t +} + +// setTransactionID sets the transaction id in the session +func (s *session) setTransactionID(tx transactionID) { + s.mu.Lock() + defer s.mu.Unlock() + s.tx = tx +} + +// getID returns the session ID which uniquely identifies the session in Cloud Spanner. +func (s *session) getID() string { + s.mu.Lock() + defer s.mu.Unlock() + return s.id +} + +// getHcIndex returns the session's index into the global healthcheck priority queue. +func (s *session) getHcIndex() int { + s.mu.Lock() + defer s.mu.Unlock() + return s.hcIndex +} + +// getIdleList returns the session's link in its home session pool's idle list. +func (s *session) getIdleList() *list.Element { + s.mu.Lock() + defer s.mu.Unlock() + return s.idleList +} + +// getNextCheck returns the timestamp for next healthcheck on the session. +func (s *session) getNextCheck() time.Time { + s.mu.Lock() + defer s.mu.Unlock() + return s.nextCheck +} + +// recycle turns the session back to its home session pool. +func (s *session) recycle() { + s.setTransactionID(nil) + if !s.pool.recycle(s) { + // s is rejected by its home session pool because it expired and the session pool currently has enough open sessions. + s.destroy(false) + } +} + +// destroy removes the session from its home session pool, healthcheck queue and Cloud Spanner service. +func (s *session) destroy(isExpire bool) bool { + // Remove s from session pool. + if !s.pool.remove(s, isExpire) { + return false + } + // Unregister s from healthcheck queue. + s.pool.hc.unregister(s) + // Remove s from Cloud Spanner service. + ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) + defer cancel() + // Ignore the error returned by runRetryable because even if we fail to explicitly destroy the session, + // it will be eventually garbage collected by Cloud Spanner. + err := runRetryable(ctx, func(ctx context.Context) error { + _, e := s.client.DeleteSession(ctx, &sppb.DeleteSessionRequest{Name: s.getID()}) + return e + }) + if err != nil { + log.Printf("Failed to delete session %v. Error: %v", s.getID(), err) + } + return true +} + +// prepareForWrite prepares the session for write if it is not already in that state. +func (s *session) prepareForWrite(ctx context.Context) error { + if s.isWritePrepared() { + return nil + } + tx, err := beginTransaction(ctx, s.getID(), s.client) + if err != nil { + return err + } + s.setTransactionID(tx) + return nil +} + +// SessionPoolConfig stores configurations of a session pool. +type SessionPoolConfig struct { + // getRPCClient is the caller supplied method for getting a gRPC client to Cloud Spanner, this makes session pool able to use client pooling. + getRPCClient func() (sppb.SpannerClient, error) + // MaxOpened is the maximum number of opened sessions allowed by the + // session pool. Defaults to NumChannels * 100. + MaxOpened uint64 + // MinOpened is the minimum number of opened sessions that the session pool + // tries to maintain. Session pool won't continue to expire sessions if number + // of opened connections drops below MinOpened. However, if session is found + // to be broken, it will still be evicted from session pool, therefore it is + // posssible that the number of opened sessions drops below MinOpened. + MinOpened uint64 + // MaxIdle is the maximum number of idle sessions, pool is allowed to keep. Defaults to 0. + MaxIdle uint64 + // MaxBurst is the maximum number of concurrent session creation requests. Defaults to 10. + MaxBurst uint64 + // WriteSessions is the fraction of sessions we try to keep prepared for write. + WriteSessions float64 + // HealthCheckWorkers is number of workers used by health checker for this pool. + HealthCheckWorkers int + // HealthCheckInterval is how often the health checker pings a session. Defaults to 5 min. + HealthCheckInterval time.Duration + // healthCheckSampleInterval is how often the health checker samples live session (for use in maintaining session pool size). Defaults to 1 min. + healthCheckSampleInterval time.Duration +} + +// errNoRPCGetter returns error for SessionPoolConfig missing getRPCClient method. +func errNoRPCGetter() error { + return spannerErrorf(codes.InvalidArgument, "require SessionPoolConfig.getRPCClient != nil, got nil") +} + +// errMinOpenedGTMapOpened returns error for SessionPoolConfig.MaxOpened < SessionPoolConfig.MinOpened when SessionPoolConfig.MaxOpened is set. +func errMinOpenedGTMaxOpened(spc *SessionPoolConfig) error { + return spannerErrorf(codes.InvalidArgument, + "require SessionPoolConfig.MaxOpened >= SessionPoolConfig.MinOpened, got %v and %v", spc.MaxOpened, spc.MinOpened) +} + +// validate verifies that the SessionPoolConfig is good for use. +func (spc *SessionPoolConfig) validate() error { + if spc.getRPCClient == nil { + return errNoRPCGetter() + } + if spc.MinOpened > spc.MaxOpened && spc.MaxOpened > 0 { + return errMinOpenedGTMaxOpened(spc) + } + return nil +} + +// sessionPool creates and caches Cloud Spanner sessions. +type sessionPool struct { + // mu protects sessionPool from concurrent access. + mu sync.Mutex + // valid marks the validity of the session pool. + valid bool + // db is the database name that all sessions in the pool are associated with. + db string + // idleList caches idle session IDs. Session IDs in this list can be allocated for use. + idleList list.List + // idleWriteList caches idle sessions which have been prepared for write. + idleWriteList list.List + // mayGetSession is for broadcasting that session retrival/creation may proceed. + mayGetSession chan struct{} + // numOpened is the total number of open sessions from the session pool. + numOpened uint64 + // createReqs is the number of ongoing session creation requests. + createReqs uint64 + // prepareReqs is the number of ongoing session preparation request. + prepareReqs uint64 + // configuration of the session pool. + SessionPoolConfig + // Metadata to be sent with each request + md metadata.MD + // hc is the health checker + hc *healthChecker +} + +// newSessionPool creates a new session pool. +func newSessionPool(db string, config SessionPoolConfig, md metadata.MD) (*sessionPool, error) { + if err := config.validate(); err != nil { + return nil, err + } + pool := &sessionPool{ + db: db, + valid: true, + mayGetSession: make(chan struct{}), + SessionPoolConfig: config, + md: md, + } + if config.HealthCheckWorkers == 0 { + // With 10 workers and assuming average latency of 5 ms for BeginTransaction, we will be able to + // prepare 2000 tx/sec in advance. If the rate of takeWriteSession is more than that, it will + // degrade to doing BeginTransaction inline. + // TODO: consider resizing the worker pool dynamically according to the load. + config.HealthCheckWorkers = 10 + } + if config.HealthCheckInterval == 0 { + config.HealthCheckInterval = 5 * time.Minute + } + if config.healthCheckSampleInterval == 0 { + config.healthCheckSampleInterval = time.Minute + } + // On GCE VM, within the same region an healthcheck ping takes on average 10ms to finish, given a 5 minutes interval and + // 10 healthcheck workers, a healthChecker can effectively mantain 100 checks_per_worker/sec * 10 workers * 300 seconds = 300K sessions. + pool.hc = newHealthChecker(config.HealthCheckInterval, config.HealthCheckWorkers, config.healthCheckSampleInterval, pool) + close(pool.hc.ready) + return pool, nil +} + +// isValid checks if the session pool is still valid. +func (p *sessionPool) isValid() bool { + if p == nil { + return false + } + p.mu.Lock() + defer p.mu.Unlock() + return p.valid +} + +// close marks the session pool as closed. +func (p *sessionPool) close() { + if p == nil { + return + } + p.mu.Lock() + if !p.valid { + p.mu.Unlock() + return + } + p.valid = false + p.mu.Unlock() + p.hc.close() + // destroy all the sessions + p.hc.mu.Lock() + allSessions := make([]*session, len(p.hc.queue.sessions)) + copy(allSessions, p.hc.queue.sessions) + p.hc.mu.Unlock() + for _, s := range allSessions { + s.destroy(false) + } +} + +// errInvalidSessionPool returns error for using an invalid session pool. +func errInvalidSessionPool() error { + return spannerErrorf(codes.InvalidArgument, "invalid session pool") +} + +// errGetSessionTimeout returns error for context timeout during sessionPool.take(). +func errGetSessionTimeout() error { + return spannerErrorf(codes.Canceled, "timeout / context canceled during getting session") +} + +// shouldPrepareWrite returns true if we should prepare more sessions for write. +func (p *sessionPool) shouldPrepareWrite() bool { + return float64(p.numOpened)*p.WriteSessions > float64(p.idleWriteList.Len()+int(p.prepareReqs)) +} + +func (p *sessionPool) createSession(ctx context.Context) (*session, error) { + tracePrintf(ctx, nil, "Creating a new session") + doneCreate := func(done bool) { + p.mu.Lock() + if !done { + // Session creation failed, give budget back. + p.numOpened-- + } + p.createReqs-- + // Notify other waiters blocking on session creation. + close(p.mayGetSession) + p.mayGetSession = make(chan struct{}) + p.mu.Unlock() + } + sc, err := p.getRPCClient() + if err != nil { + doneCreate(false) + return nil, err + } + var s *session + err = runRetryable(ctx, func(ctx context.Context) error { + sid, e := sc.CreateSession(ctx, &sppb.CreateSessionRequest{Database: p.db}) + if e != nil { + return e + } + // If no error, construct the new session. + s = &session{valid: true, client: sc, id: sid.Name, pool: p, createTime: time.Now(), md: p.md} + p.hc.register(s) + return nil + }) + if err != nil { + doneCreate(false) + // Should return error directly because of the previous retries on CreateSession RPC. + return nil, err + } + doneCreate(true) + return s, nil +} + +func (p *sessionPool) isHealthy(s *session) bool { + if s.getNextCheck().Add(2 * p.hc.getInterval()).Before(time.Now()) { + // TODO: figure out if we need to schedule a new healthcheck worker here. + if err := s.ping(); shouldDropSession(err) { + // The session is already bad, continue to fetch/create a new one. + s.destroy(false) + return false + } + p.hc.scheduledHC(s) + } + return true +} + +// take returns a cached session if there are available ones; if there isn't any, it tries to allocate a new one. +// Session returned by take should be used for read operations. +func (p *sessionPool) take(ctx context.Context) (*sessionHandle, error) { + tracePrintf(ctx, nil, "Acquiring a read-only session") + ctx = contextWithOutgoingMetadata(ctx, p.md) + for { + var ( + s *session + err error + ) + + p.mu.Lock() + if !p.valid { + p.mu.Unlock() + return nil, errInvalidSessionPool() + } + if p.idleList.Len() > 0 { + // Idle sessions are available, get one from the top of the idle list. + s = p.idleList.Remove(p.idleList.Front()).(*session) + tracePrintf(ctx, map[string]interface{}{"sessionID": s.getID()}, + "Acquired read-only session") + } else if p.idleWriteList.Len() > 0 { + s = p.idleWriteList.Remove(p.idleWriteList.Front()).(*session) + tracePrintf(ctx, map[string]interface{}{"sessionID": s.getID()}, + "Acquired read-write session") + } + if s != nil { + s.setIdleList(nil) + p.mu.Unlock() + // From here, session is no longer in idle list, so healthcheck workers won't destroy it. + // If healthcheck workers failed to schedule healthcheck for the session timely, do the check here. + // Because session check is still much cheaper than session creation, they should be reused as much as possible. + if !p.isHealthy(s) { + continue + } + return &sessionHandle{session: s}, nil + } + // Idle list is empty, block if session pool has reached max session creation concurrency or max number of open sessions. + if (p.MaxOpened > 0 && p.numOpened >= p.MaxOpened) || (p.MaxBurst > 0 && p.createReqs >= p.MaxBurst) { + mayGetSession := p.mayGetSession + p.mu.Unlock() + tracePrintf(ctx, nil, "Waiting for read-only session to become available") + select { + case <-ctx.Done(): + tracePrintf(ctx, nil, "Context done waiting for session") + return nil, errGetSessionTimeout() + case <-mayGetSession: + } + continue + } + // Take budget before the actual session creation. + p.numOpened++ + p.createReqs++ + p.mu.Unlock() + if s, err = p.createSession(ctx); err != nil { + tracePrintf(ctx, nil, "Error creating session: %v", err) + return nil, toSpannerError(err) + } + tracePrintf(ctx, map[string]interface{}{"sessionID": s.getID()}, + "Created session") + return &sessionHandle{session: s}, nil + } +} + +// takeWriteSession returns a write prepared cached session if there are available ones; if there isn't any, it tries to allocate a new one. +// Session returned should be used for read write transactions. +func (p *sessionPool) takeWriteSession(ctx context.Context) (*sessionHandle, error) { + tracePrintf(ctx, nil, "Acquiring a read-write session") + ctx = contextWithOutgoingMetadata(ctx, p.md) + for { + var ( + s *session + err error + ) + + p.mu.Lock() + if !p.valid { + p.mu.Unlock() + return nil, errInvalidSessionPool() + } + if p.idleWriteList.Len() > 0 { + // Idle sessions are available, get one from the top of the idle list. + s = p.idleWriteList.Remove(p.idleWriteList.Front()).(*session) + tracePrintf(ctx, map[string]interface{}{"sessionID": s.getID()}, "Acquired read-write session") + } else if p.idleList.Len() > 0 { + s = p.idleList.Remove(p.idleList.Front()).(*session) + tracePrintf(ctx, map[string]interface{}{"sessionID": s.getID()}, "Acquired read-only session") + } + if s != nil { + s.setIdleList(nil) + p.mu.Unlock() + // From here, session is no longer in idle list, so healthcheck workers won't destroy it. + // If healthcheck workers failed to schedule healthcheck for the session timely, do the check here. + // Because session check is still much cheaper than session creation, they should be reused as much as possible. + if !p.isHealthy(s) { + continue + } + } else { + // Idle list is empty, block if session pool has reached max session creation concurrency or max number of open sessions. + if (p.MaxOpened > 0 && p.numOpened >= p.MaxOpened) || (p.MaxBurst > 0 && p.createReqs >= p.MaxBurst) { + mayGetSession := p.mayGetSession + p.mu.Unlock() + tracePrintf(ctx, nil, "Waiting for read-write session to become available") + select { + case <-ctx.Done(): + tracePrintf(ctx, nil, "Context done waiting for session") + return nil, errGetSessionTimeout() + case <-mayGetSession: + } + continue + } + + // Take budget before the actual session creation. + p.numOpened++ + p.createReqs++ + p.mu.Unlock() + if s, err = p.createSession(ctx); err != nil { + tracePrintf(ctx, nil, "Error creating session: %v", err) + return nil, toSpannerError(err) + } + tracePrintf(ctx, map[string]interface{}{"sessionID": s.getID()}, + "Created session") + } + if !s.isWritePrepared() { + if err = s.prepareForWrite(ctx); err != nil { + s.recycle() + tracePrintf(ctx, map[string]interface{}{"sessionID": s.getID()}, + "Error preparing session for write") + return nil, toSpannerError(err) + } + } + return &sessionHandle{session: s}, nil + } +} + +// recycle puts session s back to the session pool's idle list, it returns true if the session pool successfully recycles session s. +func (p *sessionPool) recycle(s *session) bool { + p.mu.Lock() + defer p.mu.Unlock() + if !s.isValid() || !p.valid { + // Reject the session if session is invalid or pool itself is invalid. + return false + } + // Put session at the back of the list to round robin for load balancing across channels. + if s.isWritePrepared() { + s.setIdleList(p.idleWriteList.PushBack(s)) + } else { + s.setIdleList(p.idleList.PushBack(s)) + } + // Broadcast that a session has been returned to idle list. + close(p.mayGetSession) + p.mayGetSession = make(chan struct{}) + return true +} + +// remove atomically removes session s from the session pool and invalidates s. +// If isExpire == true, the removal is triggered by session expiration and in such cases, only idle sessions can be removed. +func (p *sessionPool) remove(s *session, isExpire bool) bool { + p.mu.Lock() + defer p.mu.Unlock() + if isExpire && (p.numOpened <= p.MinOpened || s.getIdleList() == nil) { + // Don't expire session if the session is not in idle list (in use), or if number of open sessions is going below p.MinOpened. + return false + } + ol := s.setIdleList(nil) + // If the session is in the idlelist, remove it. + if ol != nil { + // Remove from whichever list it is in. + p.idleList.Remove(ol) + p.idleWriteList.Remove(ol) + } + if s.invalidate() { + // Decrease the number of opened sessions. + p.numOpened-- + // Broadcast that a session has been destroyed. + close(p.mayGetSession) + p.mayGetSession = make(chan struct{}) + return true + } + return false +} + +// hcHeap implements heap.Interface. It is used to create the priority queue for session healthchecks. +type hcHeap struct { + sessions []*session +} + +// Len impelemnts heap.Interface.Len. +func (h hcHeap) Len() int { + return len(h.sessions) +} + +// Less implements heap.Interface.Less. +func (h hcHeap) Less(i, j int) bool { + return h.sessions[i].getNextCheck().Before(h.sessions[j].getNextCheck()) +} + +// Swap implements heap.Interface.Swap. +func (h hcHeap) Swap(i, j int) { + h.sessions[i], h.sessions[j] = h.sessions[j], h.sessions[i] + h.sessions[i].setHcIndex(i) + h.sessions[j].setHcIndex(j) +} + +// Push implements heap.Interface.Push. +func (h *hcHeap) Push(s interface{}) { + ns := s.(*session) + ns.setHcIndex(len(h.sessions)) + h.sessions = append(h.sessions, ns) +} + +// Pop implements heap.Interface.Pop. +func (h *hcHeap) Pop() interface{} { + old := h.sessions + n := len(old) + s := old[n-1] + h.sessions = old[:n-1] + s.setHcIndex(-1) + return s +} + +// healthChecker performs periodical healthchecks on registered sessions. +type healthChecker struct { + // mu protects concurrent access to hcQueue. + mu sync.Mutex + // queue is the priority queue for session healthchecks. Sessions with lower nextCheck rank higher in the queue. + queue hcHeap + // interval is the average interval between two healthchecks on a session. + interval time.Duration + // workers is the number of concurrent healthcheck workers. + workers int + // waitWorkers waits for all healthcheck workers to exit + waitWorkers sync.WaitGroup + // pool is the underlying session pool. + pool *sessionPool + // sampleInterval is the interval of sampling by the maintainer. + sampleInterval time.Duration + // ready is used to signal that maintainer can start running. + ready chan struct{} + // done is used to signal that health checker should be closed. + done chan struct{} + // once is used for closing channel done only once. + once sync.Once +} + +// newHealthChecker initializes new instance of healthChecker. +func newHealthChecker(interval time.Duration, workers int, sampleInterval time.Duration, pool *sessionPool) *healthChecker { + if workers <= 0 { + workers = 1 + } + hc := &healthChecker{ + interval: interval, + workers: workers, + pool: pool, + sampleInterval: sampleInterval, + ready: make(chan struct{}), + done: make(chan struct{}), + } + hc.waitWorkers.Add(1) + go hc.maintainer() + for i := 1; i <= hc.workers; i++ { + hc.waitWorkers.Add(1) + go hc.worker(i) + } + return hc +} + +// close closes the healthChecker and waits for all healthcheck workers to exit. +func (hc *healthChecker) close() { + hc.once.Do(func() { close(hc.done) }) + hc.waitWorkers.Wait() +} + +// isClosing checks if a healthChecker is already closing. +func (hc *healthChecker) isClosing() bool { + select { + case <-hc.done: + return true + default: + return false + } +} + +// getInterval gets the healthcheck interval. +func (hc *healthChecker) getInterval() time.Duration { + hc.mu.Lock() + defer hc.mu.Unlock() + return hc.interval +} + +// scheduledHCLocked schedules next healthcheck on session s with the assumption that hc.mu is being held. +func (hc *healthChecker) scheduledHCLocked(s *session) { + // The next healthcheck will be scheduled after [interval*0.5, interval*1.5) nanoseconds. + nsFromNow := rand.Int63n(int64(hc.interval)) + int64(hc.interval)/2 + s.setNextCheck(time.Now().Add(time.Duration(nsFromNow))) + if hi := s.getHcIndex(); hi != -1 { + // Session is still being tracked by healthcheck workers. + heap.Fix(&hc.queue, hi) + } +} + +// scheduledHC schedules next healthcheck on session s. It is safe to be called concurrently. +func (hc *healthChecker) scheduledHC(s *session) { + hc.mu.Lock() + defer hc.mu.Unlock() + hc.scheduledHCLocked(s) +} + +// register registers a session with healthChecker for periodical healthcheck. +func (hc *healthChecker) register(s *session) { + hc.mu.Lock() + defer hc.mu.Unlock() + hc.scheduledHCLocked(s) + heap.Push(&hc.queue, s) +} + +// unregister unregisters a session from healthcheck queue. +func (hc *healthChecker) unregister(s *session) { + hc.mu.Lock() + defer hc.mu.Unlock() + oi := s.setHcIndex(-1) + if oi >= 0 { + heap.Remove(&hc.queue, oi) + } +} + +// markDone marks that health check for session has been performed. +func (hc *healthChecker) markDone(s *session) { + hc.mu.Lock() + defer hc.mu.Unlock() + s.checkingHealth = false +} + +// healthCheck checks the health of the session and pings it if needed. +func (hc *healthChecker) healthCheck(s *session) { + defer hc.markDone(s) + if !s.pool.isValid() { + // Session pool is closed, perform a garbage collection. + s.destroy(false) + return + } + if err := s.ping(); shouldDropSession(err) { + // Ping failed, destroy the session. + s.destroy(false) + } +} + +// worker performs the healthcheck on sessions in healthChecker's priority queue. +func (hc *healthChecker) worker(i int) { + // Returns a session which we should ping to keep it alive. + getNextForPing := func() *session { + hc.pool.mu.Lock() + defer hc.pool.mu.Unlock() + hc.mu.Lock() + defer hc.mu.Unlock() + if hc.queue.Len() <= 0 { + // Queue is empty. + return nil + } + s := hc.queue.sessions[0] + if s.getNextCheck().After(time.Now()) && hc.pool.valid { + // All sessions have been checked recently. + return nil + } + hc.scheduledHCLocked(s) + if !s.checkingHealth { + s.checkingHealth = true + return s + } + return nil + } + + // Returns a session which we should prepare for write. + getNextForTx := func() *session { + hc.pool.mu.Lock() + defer hc.pool.mu.Unlock() + if hc.pool.shouldPrepareWrite() { + if hc.pool.idleList.Len() > 0 && hc.pool.valid { + hc.mu.Lock() + defer hc.mu.Unlock() + if hc.pool.idleList.Front().Value.(*session).checkingHealth { + return nil + } + session := hc.pool.idleList.Remove(hc.pool.idleList.Front()).(*session) + session.checkingHealth = true + hc.pool.prepareReqs++ + return session + } + } + return nil + } + + for { + if hc.isClosing() { + // Exit when the pool has been closed and all sessions have been destroyed + // or when health checker has been closed. + hc.waitWorkers.Done() + return + } + ws := getNextForTx() + if ws != nil { + ctx, cancel := context.WithTimeout(context.Background(), time.Second) + err := ws.prepareForWrite(contextWithOutgoingMetadata(ctx, hc.pool.md)) + cancel() + if err != nil { + // Skip handling prepare error, session can be prepared in next cycle + log.Printf("Failed to prepare session, error: %v", toSpannerError(err)) + } + hc.pool.recycle(ws) + hc.pool.mu.Lock() + hc.pool.prepareReqs-- + hc.pool.mu.Unlock() + hc.markDone(ws) + } + rs := getNextForPing() + if rs == nil { + if ws == nil { + // No work to be done so sleep to avoid burning cpu + pause := int64(100 * time.Millisecond) + if pause > int64(hc.interval) { + pause = int64(hc.interval) + } + select { + case <-time.After(time.Duration(rand.Int63n(pause) + pause/2)): + break + case <-hc.done: + break + } + + } + continue + } + hc.healthCheck(rs) + } +} + +// maintainer maintains the maxSessionsInUse by a window of kWindowSize * sampleInterval. +// Based on this information, health checker will try to maintain the number of sessions by hc.. +func (hc *healthChecker) maintainer() { + // Wait so that pool is ready. + <-hc.ready + + var ( + windowSize uint64 = 10 + iteration uint64 + timeout <-chan time.Time + ) + + // replenishPool is run if numOpened is less than sessionsToKeep, timeouts on sampleInterval. + replenishPool := func(sessionsToKeep uint64) { + ctx, _ := context.WithTimeout(context.Background(), hc.sampleInterval) + for { + select { + case <-timeout: + return + default: + break + } + + p := hc.pool + p.mu.Lock() + // Take budget before the actual session creation. + if sessionsToKeep <= p.numOpened { + p.mu.Unlock() + break + } + p.numOpened++ + p.createReqs++ + shouldPrepareWrite := p.shouldPrepareWrite() + p.mu.Unlock() + var ( + s *session + err error + ) + if s, err = p.createSession(ctx); err != nil { + log.Printf("Failed to create session, error: %v", toSpannerError(err)) + continue + } + if shouldPrepareWrite { + if err = s.prepareForWrite(ctx); err != nil { + p.recycle(s) + log.Printf("Failed to prepare session, error: %v", toSpannerError(err)) + continue + } + } + p.recycle(s) + } + } + + // shrinkPool, scales down the session pool. + shrinkPool := func(sessionsToKeep uint64) { + for { + select { + case <-timeout: + return + default: + break + } + + p := hc.pool + p.mu.Lock() + + if sessionsToKeep >= p.numOpened { + p.mu.Unlock() + break + } + + var s *session + if p.idleList.Len() > 0 { + s = p.idleList.Front().Value.(*session) + } else if p.idleWriteList.Len() > 0 { + s = p.idleWriteList.Front().Value.(*session) + } + p.mu.Unlock() + if s != nil { + // destroy session as expire. + s.destroy(true) + } else { + break + } + } + } + + for { + if hc.isClosing() { + hc.waitWorkers.Done() + return + } + + // maxSessionsInUse is the maximum number of sessions in use concurrently over a period of time. + var maxSessionsInUse uint64 + + // Updates metrics. + hc.pool.mu.Lock() + currSessionsInUse := hc.pool.numOpened - uint64(hc.pool.idleList.Len()) - uint64(hc.pool.idleWriteList.Len()) + currSessionsOpened := hc.pool.numOpened + hc.pool.mu.Unlock() + + hc.mu.Lock() + if iteration%windowSize == 0 || maxSessionsInUse < currSessionsInUse { + maxSessionsInUse = currSessionsInUse + } + sessionsToKeep := maxUint64(hc.pool.MinOpened, + minUint64(currSessionsOpened, hc.pool.MaxIdle+maxSessionsInUse)) + hc.mu.Unlock() + + timeout = time.After(hc.sampleInterval) + // Replenish or Shrink pool if needed. + // Note: we don't need to worry about pending create session requests, we only need to sample the current sessions in use. + // the routines will not try to create extra / delete creating sessions. + if sessionsToKeep > currSessionsOpened { + replenishPool(sessionsToKeep) + } else { + shrinkPool(sessionsToKeep) + } + + select { + case <-timeout: + break + case <-hc.done: + break + } + iteration++ + } +} + +// shouldDropSession returns true if a particular error leads to the removal of a session +func shouldDropSession(err error) bool { + if err == nil { + return false + } + // If a Cloud Spanner can no longer locate the session (for example, if session is garbage collected), then caller + // should not try to return the session back into the session pool. + // TODO: once gRPC can return auxilary error information, stop parsing the error message. + if ErrCode(err) == codes.NotFound && strings.Contains(ErrDesc(err), "Session not found:") { + return true + } + return false +} diff --git a/vendor/cloud.google.com/go/spanner/statement.go b/vendor/cloud.google.com/go/spanner/statement.go new file mode 100644 index 000000000000..d04c2003f5d3 --- /dev/null +++ b/vendor/cloud.google.com/go/spanner/statement.go @@ -0,0 +1,90 @@ +/* +Copyright 2017 Google Inc. All Rights Reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package spanner + +import ( + "errors" + "fmt" + + proto3 "github.com/golang/protobuf/ptypes/struct" + + sppb "google.golang.org/genproto/googleapis/spanner/v1" + "google.golang.org/grpc/codes" +) + +// A Statement is a SQL query with named parameters. +// +// A parameter placeholder consists of '@' followed by the parameter name. +// Parameter names consist of any combination of letters, numbers, and +// underscores. Names may be entirely numeric (e.g., "WHERE m.id = @5"). +// Parameters may appear anywhere that a literal value is expected. The same +// parameter name may be used more than once. It is an error to execute a +// statement with unbound parameters. On the other hand, it is allowable to +// bind parameter names that are not used. +// +// See the documentation of the Row type for how Go types are mapped to Cloud +// Spanner types. +type Statement struct { + SQL string + Params map[string]interface{} +} + +// NewStatement returns a Statement with the given SQL and an empty Params map. +func NewStatement(sql string) Statement { + return Statement{SQL: sql, Params: map[string]interface{}{}} +} + +// errBindParam returns error for not being able to bind parameter to query request. +func errBindParam(k string, v interface{}, err error) error { + if err == nil { + return nil + } + se, ok := toSpannerError(err).(*Error) + if !ok { + return spannerErrorf(codes.InvalidArgument, "failed to bind query parameter(name: %q, value: %v), error = <%v>", k, v, err) + } + se.decorate(fmt.Sprintf("failed to bind query parameter(name: %q, value: %v)", k, v)) + return se +} + +var ( + errNilParam = errors.New("use T(nil), not nil") + errNoType = errors.New("no type information") +) + +// bindParams binds parameters in a Statement to a sppb.ExecuteSqlRequest. +func (s *Statement) bindParams(r *sppb.ExecuteSqlRequest) error { + r.Params = &proto3.Struct{ + Fields: map[string]*proto3.Value{}, + } + r.ParamTypes = map[string]*sppb.Type{} + for k, v := range s.Params { + if v == nil { + return errBindParam(k, v, errNilParam) + } + val, t, err := encodeValue(v) + if err != nil { + return errBindParam(k, v, err) + } + if t == nil { // should not happen, because of nil check above + return errBindParam(k, v, errNoType) + } + r.Params.Fields[k] = val + r.ParamTypes[k] = t + } + return nil +} diff --git a/vendor/cloud.google.com/go/spanner/timestampbound.go b/vendor/cloud.google.com/go/spanner/timestampbound.go new file mode 100644 index 000000000000..068d966002a7 --- /dev/null +++ b/vendor/cloud.google.com/go/spanner/timestampbound.go @@ -0,0 +1,245 @@ +/* +Copyright 2017 Google Inc. All Rights Reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package spanner + +import ( + "fmt" + "time" + + pbd "github.com/golang/protobuf/ptypes/duration" + pbt "github.com/golang/protobuf/ptypes/timestamp" + sppb "google.golang.org/genproto/googleapis/spanner/v1" +) + +// timestampBoundType specifies the timestamp bound mode. +type timestampBoundType int + +const ( + strong timestampBoundType = iota // strong reads + exactStaleness // read with exact staleness + maxStaleness // read with max staleness + minReadTimestamp // read with min freshness + readTimestamp // read data at exact timestamp +) + +// TimestampBound defines how Cloud Spanner will choose a timestamp for a single +// read/query or read-only transaction. +// +// The types of timestamp bound are: +// +// - Strong (the default). +// - Bounded staleness. +// - Exact staleness. +// +// If the Cloud Spanner database to be read is geographically distributed, stale +// read-only transactions can execute more quickly than strong or read-write +// transactions, because they are able to execute far from the leader replica. +// +// Each type of timestamp bound is discussed in detail below. A TimestampBound +// can be specified when creating transactions, see the documentation of +// spanner.Client for an example. +// +// Strong reads +// +// Strong reads are guaranteed to see the effects of all transactions that have +// committed before the start of the read. Furthermore, all rows yielded by a +// single read are consistent with each other - if any part of the read +// observes a transaction, all parts of the read see the transaction. +// +// Strong reads are not repeatable: two consecutive strong read-only +// transactions might return inconsistent results if there are concurrent +// writes. If consistency across reads is required, the reads should be +// executed within a transaction or at an exact read timestamp. +// +// Use StrongRead() to create a bound of this type. +// +// Exact staleness +// +// These timestamp bounds execute reads at a user-specified timestamp. Reads at +// a timestamp are guaranteed to see a consistent prefix of the global +// transaction history: they observe modifications done by all transactions +// with a commit timestamp less than or equal to the read timestamp, and +// observe none of the modifications done by transactions with a larger commit +// timestamp. They will block until all conflicting transactions that may be +// assigned commit timestamps less than or equal to the read timestamp have +// finished. +// +// The timestamp can either be expressed as an absolute Cloud Spanner commit +// timestamp or a staleness relative to the current time. +// +// These modes do not require a "negotiation phase" to pick a timestamp. As a +// result, they execute slightly faster than the equivalent boundedly stale +// concurrency modes. On the other hand, boundedly stale reads usually return +// fresher results. +// +// Use ReadTimestamp() and ExactStaleness() to create a bound of this type. +// +// Bounded staleness +// +// Bounded staleness modes allow Cloud Spanner to pick the read timestamp, subject to +// a user-provided staleness bound. Cloud Spanner chooses the newest timestamp within +// the staleness bound that allows execution of the reads at the closest +// available replica without blocking. +// +// All rows yielded are consistent with each other -- if any part of the read +// observes a transaction, all parts of the read see the transaction. Boundedly +// stale reads are not repeatable: two stale reads, even if they use the same +// staleness bound, can execute at different timestamps and thus return +// inconsistent results. +// +// Boundedly stale reads execute in two phases: the first phase negotiates a +// timestamp among all replicas needed to serve the read. In the second phase, +// reads are executed at the negotiated timestamp. +// +// As a result of the two phase execution, bounded staleness reads are usually +// a little slower than comparable exact staleness reads. However, they are +// typically able to return fresher results, and are more likely to execute at +// the closest replica. +// +// Because the timestamp negotiation requires up-front knowledge of which rows +// will be read, it can only be used with single-use reads and single-use +// read-only transactions. +// +// Use MinReadTimestamp() and MaxStaleness() to create a bound of this type. +// +// Old read timestamps and garbage collection +// +// Cloud Spanner continuously garbage collects deleted and overwritten data in the +// background to reclaim storage space. This process is known as "version +// GC". By default, version GC reclaims versions after they are four hours +// old. Because of this, Cloud Spanner cannot perform reads at read timestamps more +// than four hours in the past. This restriction also applies to in-progress +// reads and/or SQL queries whose timestamp become too old while +// executing. Reads and SQL queries with too-old read timestamps fail with the +// error ErrorCode.FAILED_PRECONDITION. +type TimestampBound struct { + mode timestampBoundType + d time.Duration + t time.Time +} + +// StrongRead returns a TimestampBound that will perform reads and queries at a +// timestamp where all previously committed transactions are visible. +func StrongRead() TimestampBound { + return TimestampBound{mode: strong} +} + +// ExactStaleness returns a TimestampBound that will perform reads and queries +// at an exact staleness. +func ExactStaleness(d time.Duration) TimestampBound { + return TimestampBound{ + mode: exactStaleness, + d: d, + } +} + +// MaxStaleness returns a TimestampBound that will perform reads and queries at +// a time chosen to be at most "d" stale. +func MaxStaleness(d time.Duration) TimestampBound { + return TimestampBound{ + mode: maxStaleness, + d: d, + } +} + +// MinReadTimestamp returns a TimestampBound that bound that will perform reads +// and queries at a time chosen to be at least "t". +func MinReadTimestamp(t time.Time) TimestampBound { + return TimestampBound{ + mode: minReadTimestamp, + t: t, + } +} + +// ReadTimestamp returns a TimestampBound that will peform reads and queries at +// the given time. +func ReadTimestamp(t time.Time) TimestampBound { + return TimestampBound{ + mode: readTimestamp, + t: t, + } +} + +// String implements fmt.Stringer. +func (tb TimestampBound) String() string { + switch tb.mode { + case strong: + return fmt.Sprintf("(strong)") + case exactStaleness: + return fmt.Sprintf("(exactStaleness: %s)", tb.d) + case maxStaleness: + return fmt.Sprintf("(maxStaleness: %s)", tb.d) + case minReadTimestamp: + return fmt.Sprintf("(minReadTimestamp: %s)", tb.t) + case readTimestamp: + return fmt.Sprintf("(readTimestamp: %s)", tb.t) + default: + return fmt.Sprintf("{mode=%v, d=%v, t=%v}", tb.mode, tb.d, tb.t) + } +} + +// durationProto takes a time.Duration and converts it into pdb.Duration for +// calling gRPC APIs. +func durationProto(d time.Duration) *pbd.Duration { + n := d.Nanoseconds() + return &pbd.Duration{ + Seconds: n / int64(time.Second), + Nanos: int32(n % int64(time.Second)), + } +} + +// timestampProto takes a time.Time and converts it into pbt.Timestamp for calling +// gRPC APIs. +func timestampProto(t time.Time) *pbt.Timestamp { + return &pbt.Timestamp{ + Seconds: t.Unix(), + Nanos: int32(t.Nanosecond()), + } +} + +// buildTransactionOptionsReadOnly converts a spanner.TimestampBound into a sppb.TransactionOptions_ReadOnly +// transaction option, which is then used in transactional reads. +func buildTransactionOptionsReadOnly(tb TimestampBound, returnReadTimestamp bool) *sppb.TransactionOptions_ReadOnly { + pb := &sppb.TransactionOptions_ReadOnly{ + ReturnReadTimestamp: returnReadTimestamp, + } + switch tb.mode { + case strong: + pb.TimestampBound = &sppb.TransactionOptions_ReadOnly_Strong{ + Strong: true, + } + case exactStaleness: + pb.TimestampBound = &sppb.TransactionOptions_ReadOnly_ExactStaleness{ + ExactStaleness: durationProto(tb.d), + } + case maxStaleness: + pb.TimestampBound = &sppb.TransactionOptions_ReadOnly_MaxStaleness{ + MaxStaleness: durationProto(tb.d), + } + case minReadTimestamp: + pb.TimestampBound = &sppb.TransactionOptions_ReadOnly_MinReadTimestamp{ + MinReadTimestamp: timestampProto(tb.t), + } + case readTimestamp: + pb.TimestampBound = &sppb.TransactionOptions_ReadOnly_ReadTimestamp{ + ReadTimestamp: timestampProto(tb.t), + } + default: + panic(fmt.Sprintf("buildTransactionOptionsReadOnly(%v,%v)", tb, returnReadTimestamp)) + } + return pb +} diff --git a/vendor/cloud.google.com/go/spanner/transaction.go b/vendor/cloud.google.com/go/spanner/transaction.go new file mode 100644 index 000000000000..8d7ac10ce89f --- /dev/null +++ b/vendor/cloud.google.com/go/spanner/transaction.go @@ -0,0 +1,879 @@ +/* +Copyright 2017 Google Inc. All Rights Reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package spanner + +import ( + "sync" + "time" + + "golang.org/x/net/context" + + "google.golang.org/api/iterator" + sppb "google.golang.org/genproto/googleapis/spanner/v1" + "google.golang.org/grpc" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/metadata" +) + +// transactionID stores a transaction ID which uniquely identifies a transaction in Cloud Spanner. +type transactionID []byte + +// txReadEnv manages a read-transaction environment consisting of a session handle and a transaction selector. +type txReadEnv interface { + // acquire returns a read-transaction environment that can be used to perform a transactional read. + acquire(ctx context.Context) (*sessionHandle, *sppb.TransactionSelector, error) + // sets the transaction's read timestamp + setTimestamp(time.Time) + // release should be called at the end of every transactional read to deal with session recycling. + release(error) +} + +// txReadOnly contains methods for doing transactional reads. +type txReadOnly struct { + // read-transaction environment for performing transactional read operations. + txReadEnv +} + +// errSessionClosed returns error for using a recycled/destroyed session +func errSessionClosed(sh *sessionHandle) error { + return spannerErrorf(codes.FailedPrecondition, + "session is already recycled / destroyed: session_id = %q, rpc_client = %v", sh.getID(), sh.getClient()) +} + +// Read returns a RowIterator for reading multiple rows from the database. +func (t *txReadOnly) Read(ctx context.Context, table string, keys KeySet, columns []string) *RowIterator { + return t.ReadWithOptions(ctx, table, keys, columns, nil) +} + +// ReadUsingIndex calls ReadWithOptions with ReadOptions{Index: index}. +func (t *txReadOnly) ReadUsingIndex(ctx context.Context, table, index string, keys KeySet, columns []string) (ri *RowIterator) { + return t.ReadWithOptions(ctx, table, keys, columns, &ReadOptions{Index: index}) +} + +// ReadOptions provides options for reading rows from a database. +type ReadOptions struct { + // The index to use for reading. If non-empty, you can only read columns that are + // part of the index key, part of the primary key, or stored in the index due to + // a STORING clause in the index definition. + Index string + + // The maximum number of rows to read. A limit value less than 1 means no limit. + Limit int +} + +// ReadWithOptions returns a RowIterator for reading multiple rows from the database. +// Pass a ReadOptions to modify the read operation. +func (t *txReadOnly) ReadWithOptions(ctx context.Context, table string, keys KeySet, columns []string, opts *ReadOptions) (ri *RowIterator) { + ctx = traceStartSpan(ctx, "cloud.google.com/go/spanner.Read") + defer func() { traceEndSpan(ctx, ri.err) }() + var ( + sh *sessionHandle + ts *sppb.TransactionSelector + err error + ) + kset, err := keys.keySetProto() + if err != nil { + return &RowIterator{err: err} + } + if sh, ts, err = t.acquire(ctx); err != nil { + return &RowIterator{err: err} + } + // Cloud Spanner will return "Session not found" on bad sessions. + sid, client := sh.getID(), sh.getClient() + if sid == "" || client == nil { + // Might happen if transaction is closed in the middle of a API call. + return &RowIterator{err: errSessionClosed(sh)} + } + index := "" + limit := 0 + if opts != nil { + index = opts.Index + if opts.Limit > 0 { + limit = opts.Limit + } + } + return stream( + contextWithOutgoingMetadata(ctx, sh.getMetadata()), + func(ctx context.Context, resumeToken []byte) (streamingReceiver, error) { + return client.StreamingRead(ctx, + &sppb.ReadRequest{ + Session: sid, + Transaction: ts, + Table: table, + Index: index, + Columns: columns, + KeySet: kset, + ResumeToken: resumeToken, + Limit: int64(limit), + }) + }, + t.setTimestamp, + t.release, + ) +} + +// errRowNotFound returns error for not being able to read the row identified by key. +func errRowNotFound(table string, key Key) error { + return spannerErrorf(codes.NotFound, "row not found(Table: %v, PrimaryKey: %v)", table, key) +} + +// ReadRow reads a single row from the database. +// +// If no row is present with the given key, then ReadRow returns an error where +// spanner.ErrCode(err) is codes.NotFound. +func (t *txReadOnly) ReadRow(ctx context.Context, table string, key Key, columns []string) (*Row, error) { + iter := t.Read(ctx, table, key, columns) + defer iter.Stop() + row, err := iter.Next() + switch err { + case iterator.Done: + return nil, errRowNotFound(table, key) + case nil: + return row, nil + default: + return nil, err + } +} + +// Query executes a query against the database. It returns a RowIterator +// for retrieving the resulting rows. +// +// Query returns only row data, without a query plan or execution statistics. +// Use QueryWithStats to get rows along with the plan and statistics. +// Use AnalyzeQuery to get just the plan. +func (t *txReadOnly) Query(ctx context.Context, statement Statement) *RowIterator { + return t.query(ctx, statement, sppb.ExecuteSqlRequest_NORMAL) +} + +// Query executes a query against the database. It returns a RowIterator +// for retrieving the resulting rows. The RowIterator will also be populated +// with a query plan and execution statistics. +func (t *txReadOnly) QueryWithStats(ctx context.Context, statement Statement) *RowIterator { + return t.query(ctx, statement, sppb.ExecuteSqlRequest_PROFILE) +} + +// AnalyzeQuery returns the query plan for statement. +func (t *txReadOnly) AnalyzeQuery(ctx context.Context, statement Statement) (*sppb.QueryPlan, error) { + iter := t.query(ctx, statement, sppb.ExecuteSqlRequest_PLAN) + for { + _, err := iter.Next() + if err == iterator.Done { + break + } + if err != nil { + return nil, err + } + } + if iter.QueryPlan == nil { + return nil, spannerErrorf(codes.Internal, "query plan unavailable") + } + return iter.QueryPlan, nil +} + +func (t *txReadOnly) query(ctx context.Context, statement Statement, mode sppb.ExecuteSqlRequest_QueryMode) (ri *RowIterator) { + ctx = traceStartSpan(ctx, "cloud.google.com/go/spanner.Query") + defer func() { traceEndSpan(ctx, ri.err) }() + var ( + sh *sessionHandle + ts *sppb.TransactionSelector + err error + ) + if sh, ts, err = t.acquire(ctx); err != nil { + return &RowIterator{err: err} + } + // Cloud Spanner will return "Session not found" on bad sessions. + sid, client := sh.getID(), sh.getClient() + if sid == "" || client == nil { + // Might happen if transaction is closed in the middle of a API call. + return &RowIterator{err: errSessionClosed(sh)} + } + req := &sppb.ExecuteSqlRequest{ + Session: sid, + Transaction: ts, + Sql: statement.SQL, + QueryMode: mode, + } + if err := statement.bindParams(req); err != nil { + return &RowIterator{err: err} + } + return stream( + contextWithOutgoingMetadata(ctx, sh.getMetadata()), + func(ctx context.Context, resumeToken []byte) (streamingReceiver, error) { + req.ResumeToken = resumeToken + return client.ExecuteStreamingSql(ctx, req) + }, + t.setTimestamp, + t.release) +} + +// txState is the status of a transaction. +type txState int + +const ( + // transaction is new, waiting to be initialized. + txNew txState = iota + // transaction is being initialized. + txInit + // transaction is active and can perform read/write. + txActive + // transaction is closed, cannot be used anymore. + txClosed +) + +// errRtsUnavailable returns error for read transaction's read timestamp being unavailable. +func errRtsUnavailable() error { + return spannerErrorf(codes.Internal, "read timestamp is unavailable") +} + +// errTxNotInitialized returns error for using an uninitialized transaction. +func errTxNotInitialized() error { + return spannerErrorf(codes.InvalidArgument, "cannot use a uninitialized transaction") +} + +// errTxClosed returns error for using a closed transaction. +func errTxClosed() error { + return spannerErrorf(codes.InvalidArgument, "cannot use a closed transaction") +} + +// errUnexpectedTxState returns error for transaction enters an unexpected state. +func errUnexpectedTxState(ts txState) error { + return spannerErrorf(codes.FailedPrecondition, "unexpected transaction state: %v", ts) +} + +// ReadOnlyTransaction provides a snapshot transaction with guaranteed +// consistency across reads, but does not allow writes. Read-only +// transactions can be configured to read at timestamps in the past. +// +// Read-only transactions do not take locks. Instead, they work by choosing a +// Cloud Spanner timestamp, then executing all reads at that timestamp. Since they do +// not acquire locks, they do not block concurrent read-write transactions. +// +// Unlike locking read-write transactions, read-only transactions never +// abort. They can fail if the chosen read timestamp is garbage collected; +// however, the default garbage collection policy is generous enough that most +// applications do not need to worry about this in practice. See the +// documentation of TimestampBound for more details. +// +// A ReadOnlyTransaction consumes resources on the server until Close() is +// called. +type ReadOnlyTransaction struct { + // txReadOnly contains methods for performing transactional reads. + txReadOnly + + // singleUse indicates that the transaction can be used for only one read. + singleUse bool + + // sp is the session pool for allocating a session to execute the read-only transaction. It is set only once during initialization of the ReadOnlyTransaction. + sp *sessionPool + // mu protects concurrent access to the internal states of ReadOnlyTransaction. + mu sync.Mutex + // tx is the transaction ID in Cloud Spanner that uniquely identifies the ReadOnlyTransaction. + tx transactionID + // txReadyOrClosed is for broadcasting that transaction ID has been returned by Cloud Spanner or that transaction is closed. + txReadyOrClosed chan struct{} + // state is the current transaction status of the ReadOnly transaction. + state txState + // sh is the sessionHandle allocated from sp. + sh *sessionHandle + // rts is the read timestamp returned by transactional reads. + rts time.Time + // tb is the read staleness bound specification for transactional reads. + tb TimestampBound +} + +// errTxInitTimeout returns error for timeout in waiting for initialization of the transaction. +func errTxInitTimeout() error { + return spannerErrorf(codes.Canceled, "timeout/context canceled in waiting for transaction's initialization") +} + +// getTimestampBound returns the read staleness bound specified for the ReadOnlyTransaction. +func (t *ReadOnlyTransaction) getTimestampBound() TimestampBound { + t.mu.Lock() + defer t.mu.Unlock() + return t.tb +} + +// begin starts a snapshot read-only Transaction on Cloud Spanner. +func (t *ReadOnlyTransaction) begin(ctx context.Context) error { + var ( + locked bool + tx transactionID + rts time.Time + sh *sessionHandle + err error + ) + defer func() { + if !locked { + t.mu.Lock() + // Not necessary, just to make it clear that t.mu is being held when locked == true. + locked = true + } + if t.state != txClosed { + // Signal other initialization routines. + close(t.txReadyOrClosed) + t.txReadyOrClosed = make(chan struct{}) + } + t.mu.Unlock() + if err != nil && sh != nil { + // Got a valid session handle, but failed to initalize transaction on Cloud Spanner. + if shouldDropSession(err) { + sh.destroy() + } + // If sh.destroy was already executed, this becomes a noop. + sh.recycle() + } + }() + sh, err = t.sp.take(ctx) + if err != nil { + return err + } + err = runRetryable(contextWithOutgoingMetadata(ctx, sh.getMetadata()), func(ctx context.Context) error { + res, e := sh.getClient().BeginTransaction(ctx, &sppb.BeginTransactionRequest{ + Session: sh.getID(), + Options: &sppb.TransactionOptions{ + Mode: &sppb.TransactionOptions_ReadOnly_{ + ReadOnly: buildTransactionOptionsReadOnly(t.getTimestampBound(), true), + }, + }, + }) + if e != nil { + return e + } + tx = res.Id + if res.ReadTimestamp != nil { + rts = time.Unix(res.ReadTimestamp.Seconds, int64(res.ReadTimestamp.Nanos)) + } + return nil + }) + t.mu.Lock() + locked = true // defer function will be executed with t.mu being held. + if t.state == txClosed { // During the execution of t.begin(), t.Close() was invoked. + return errSessionClosed(sh) + } + // If begin() fails, this allows other queries to take over the initialization. + t.tx = nil + if err == nil { + t.tx = tx + t.rts = rts + t.sh = sh + // State transite to txActive. + t.state = txActive + } + return err +} + +// acquire implements txReadEnv.acquire. +func (t *ReadOnlyTransaction) acquire(ctx context.Context) (*sessionHandle, *sppb.TransactionSelector, error) { + if err := checkNestedTxn(ctx); err != nil { + return nil, nil, err + } + if t.singleUse { + return t.acquireSingleUse(ctx) + } + return t.acquireMultiUse(ctx) +} + +func (t *ReadOnlyTransaction) acquireSingleUse(ctx context.Context) (*sessionHandle, *sppb.TransactionSelector, error) { + t.mu.Lock() + defer t.mu.Unlock() + switch t.state { + case txClosed: + // A closed single-use transaction can never be reused. + return nil, nil, errTxClosed() + case txNew: + t.state = txClosed + ts := &sppb.TransactionSelector{ + Selector: &sppb.TransactionSelector_SingleUse{ + SingleUse: &sppb.TransactionOptions{ + Mode: &sppb.TransactionOptions_ReadOnly_{ + ReadOnly: buildTransactionOptionsReadOnly(t.tb, true), + }, + }, + }, + } + sh, err := t.sp.take(ctx) + if err != nil { + return nil, nil, err + } + // Install session handle into t, which can be used for readonly operations later. + t.sh = sh + return sh, ts, nil + } + us := t.state + // SingleUse transaction should only be in either txNew state or txClosed state. + return nil, nil, errUnexpectedTxState(us) +} + +func (t *ReadOnlyTransaction) acquireMultiUse(ctx context.Context) (*sessionHandle, *sppb.TransactionSelector, error) { + for { + t.mu.Lock() + switch t.state { + case txClosed: + t.mu.Unlock() + return nil, nil, errTxClosed() + case txNew: + // State transit to txInit so that no further TimestampBound change is accepted. + t.state = txInit + t.mu.Unlock() + continue + case txInit: + if t.tx != nil { + // Wait for a transaction ID to become ready. + txReadyOrClosed := t.txReadyOrClosed + t.mu.Unlock() + select { + case <-txReadyOrClosed: + // Need to check transaction state again. + continue + case <-ctx.Done(): + // The waiting for initialization is timeout, return error directly. + return nil, nil, errTxInitTimeout() + } + } + // Take the ownership of initializing the transaction. + t.tx = transactionID{} + t.mu.Unlock() + // Begin a read-only transaction. + // TODO: consider adding a transaction option which allow queries to initiate transactions by themselves. Note that this option might not be + // always good because the ID of the new transaction won't be ready till the query returns some data or completes. + if err := t.begin(ctx); err != nil { + return nil, nil, err + } + // If t.begin() succeeded, t.state should have been changed to txActive, so we can just continue here. + continue + case txActive: + sh := t.sh + ts := &sppb.TransactionSelector{ + Selector: &sppb.TransactionSelector_Id{ + Id: t.tx, + }, + } + t.mu.Unlock() + return sh, ts, nil + } + state := t.state + t.mu.Unlock() + return nil, nil, errUnexpectedTxState(state) + } +} + +func (t *ReadOnlyTransaction) setTimestamp(ts time.Time) { + t.mu.Lock() + defer t.mu.Unlock() + if t.rts.IsZero() { + t.rts = ts + } +} + +// release implements txReadEnv.release. +func (t *ReadOnlyTransaction) release(err error) { + t.mu.Lock() + sh := t.sh + t.mu.Unlock() + if sh != nil { // sh could be nil if t.acquire() fails. + if shouldDropSession(err) { + sh.destroy() + } + if t.singleUse { + // If session handle is already destroyed, this becomes a noop. + sh.recycle() + } + } +} + +// Close closes a ReadOnlyTransaction, the transaction cannot perform any reads after being closed. +func (t *ReadOnlyTransaction) Close() { + if t.singleUse { + return + } + t.mu.Lock() + if t.state != txClosed { + t.state = txClosed + close(t.txReadyOrClosed) + } + sh := t.sh + t.mu.Unlock() + if sh == nil { + return + } + // If session handle is already destroyed, this becomes a noop. + // If there are still active queries and if the recycled session is reused before they complete, Cloud Spanner will cancel them + // on behalf of the new transaction on the session. + if sh != nil { + sh.recycle() + } +} + +// Timestamp returns the timestamp chosen to perform reads and +// queries in this transaction. The value can only be read after some +// read or query has either returned some data or completed without +// returning any data. +func (t *ReadOnlyTransaction) Timestamp() (time.Time, error) { + t.mu.Lock() + defer t.mu.Unlock() + if t.rts.IsZero() { + return t.rts, errRtsUnavailable() + } + return t.rts, nil +} + +// WithTimestampBound specifies the TimestampBound to use for read or query. +// This can only be used before the first read or query is invoked. Note: +// bounded staleness is not available with general ReadOnlyTransactions; use a +// single-use ReadOnlyTransaction instead. +// +// The returned value is the ReadOnlyTransaction so calls can be chained. +func (t *ReadOnlyTransaction) WithTimestampBound(tb TimestampBound) *ReadOnlyTransaction { + t.mu.Lock() + defer t.mu.Unlock() + if t.state == txNew { + // Only allow to set TimestampBound before the first query. + t.tb = tb + } + return t +} + +// ReadWriteTransaction provides a locking read-write transaction. +// +// This type of transaction is the only way to write data into Cloud Spanner; +// (*Client).Apply and (*Client).ApplyAtLeastOnce use transactions +// internally. These transactions rely on pessimistic locking and, if +// necessary, two-phase commit. Locking read-write transactions may abort, +// requiring the application to retry. However, the interface exposed by +// (*Client).ReadWriteTransaction eliminates the need for applications to write +// retry loops explicitly. +// +// Locking transactions may be used to atomically read-modify-write data +// anywhere in a database. This type of transaction is externally consistent. +// +// Clients should attempt to minimize the amount of time a transaction is +// active. Faster transactions commit with higher probability and cause less +// contention. Cloud Spanner attempts to keep read locks active as long as the +// transaction continues to do reads. Long periods of inactivity at the client +// may cause Cloud Spanner to release a transaction's locks and abort it. +// +// Reads performed within a transaction acquire locks on the data being +// read. Writes can only be done at commit time, after all reads have been +// completed. Conceptually, a read-write transaction consists of zero or more +// reads or SQL queries followed by a commit. +// +// See (*Client).ReadWriteTransaction for an example. +// +// Semantics +// +// Cloud Spanner can commit the transaction if all read locks it acquired are still +// valid at commit time, and it is able to acquire write locks for all +// writes. Cloud Spanner can abort the transaction for any reason. If a commit +// attempt returns ABORTED, Cloud Spanner guarantees that the transaction has not +// modified any user data in Cloud Spanner. +// +// Unless the transaction commits, Cloud Spanner makes no guarantees about how long +// the transaction's locks were held for. It is an error to use Cloud Spanner locks +// for any sort of mutual exclusion other than between Cloud Spanner transactions +// themselves. +// +// Aborted transactions +// +// Application code does not need to retry explicitly; RunInTransaction will +// automatically retry a transaction if an attempt results in an abort. The +// lock priority of a transaction increases after each prior aborted +// transaction, meaning that the next attempt has a slightly better chance of +// success than before. +// +// Under some circumstances (e.g., many transactions attempting to modify the +// same row(s)), a transaction can abort many times in a short period before +// successfully committing. Thus, it is not a good idea to cap the number of +// retries a transaction can attempt; instead, it is better to limit the total +// amount of wall time spent retrying. +// +// Idle transactions +// +// A transaction is considered idle if it has no outstanding reads or SQL +// queries and has not started a read or SQL query within the last 10 +// seconds. Idle transactions can be aborted by Cloud Spanner so that they don't hold +// on to locks indefinitely. In that case, the commit will fail with error +// ABORTED. +// +// If this behavior is undesirable, periodically executing a simple SQL query +// in the transaction (e.g., SELECT 1) prevents the transaction from becoming +// idle. +type ReadWriteTransaction struct { + // txReadOnly contains methods for performing transactional reads. + txReadOnly + // sh is the sessionHandle allocated from sp. It is set only once during the initialization of ReadWriteTransaction. + sh *sessionHandle + // tx is the transaction ID in Cloud Spanner that uniquely identifies the ReadWriteTransaction. + // It is set only once in ReadWriteTransaction.begin() during the initialization of ReadWriteTransaction. + tx transactionID + // mu protects concurrent access to the internal states of ReadWriteTransaction. + mu sync.Mutex + // state is the current transaction status of the read-write transaction. + state txState + // wb is the set of buffered mutations waiting to be commited. + wb []*Mutation +} + +// BufferWrite adds a list of mutations to the set of updates that will be +// applied when the transaction is committed. It does not actually apply the +// write until the transaction is committed, so the operation does not +// block. The effects of the write won't be visible to any reads (including +// reads done in the same transaction) until the transaction commits. +// +// See the example for Client.ReadWriteTransaction. +func (t *ReadWriteTransaction) BufferWrite(ms []*Mutation) error { + t.mu.Lock() + defer t.mu.Unlock() + if t.state == txClosed { + return errTxClosed() + } + if t.state != txActive { + return errUnexpectedTxState(t.state) + } + t.wb = append(t.wb, ms...) + return nil +} + +// acquire implements txReadEnv.acquire. +func (t *ReadWriteTransaction) acquire(ctx context.Context) (*sessionHandle, *sppb.TransactionSelector, error) { + ts := &sppb.TransactionSelector{ + Selector: &sppb.TransactionSelector_Id{ + Id: t.tx, + }, + } + t.mu.Lock() + defer t.mu.Unlock() + switch t.state { + case txClosed: + return nil, nil, errTxClosed() + case txActive: + return t.sh, ts, nil + } + return nil, nil, errUnexpectedTxState(t.state) +} + +// release implements txReadEnv.release. +func (t *ReadWriteTransaction) release(err error) { + t.mu.Lock() + sh := t.sh + t.mu.Unlock() + if sh != nil && shouldDropSession(err) { + sh.destroy() + } +} + +func beginTransaction(ctx context.Context, sid string, client sppb.SpannerClient) (transactionID, error) { + var tx transactionID + err := runRetryable(ctx, func(ctx context.Context) error { + res, e := client.BeginTransaction(ctx, &sppb.BeginTransactionRequest{ + Session: sid, + Options: &sppb.TransactionOptions{ + Mode: &sppb.TransactionOptions_ReadWrite_{ + ReadWrite: &sppb.TransactionOptions_ReadWrite{}, + }, + }, + }) + if e != nil { + return e + } + tx = res.Id + return nil + }) + if err != nil { + return nil, err + } + return tx, nil +} + +// begin starts a read-write transacton on Cloud Spanner, it is always called before any of the public APIs. +func (t *ReadWriteTransaction) begin(ctx context.Context) error { + if t.tx != nil { + t.state = txActive + return nil + } + tx, err := beginTransaction(contextWithOutgoingMetadata(ctx, t.sh.getMetadata()), t.sh.getID(), t.sh.getClient()) + if err == nil { + t.tx = tx + t.state = txActive + return nil + } + if shouldDropSession(err) { + t.sh.destroy() + } + return err +} + +// commit tries to commit a readwrite transaction to Cloud Spanner. It also returns the commit timestamp for the transactions. +func (t *ReadWriteTransaction) commit(ctx context.Context) (time.Time, error) { + var ts time.Time + t.mu.Lock() + t.state = txClosed // No futher operations after commit. + mPb, err := mutationsProto(t.wb) + t.mu.Unlock() + if err != nil { + return ts, err + } + // In case that sessionHandle was destroyed but transaction body fails to report it. + sid, client := t.sh.getID(), t.sh.getClient() + if sid == "" || client == nil { + return ts, errSessionClosed(t.sh) + } + err = runRetryable(contextWithOutgoingMetadata(ctx, t.sh.getMetadata()), func(ctx context.Context) error { + var trailer metadata.MD + res, e := client.Commit(ctx, &sppb.CommitRequest{ + Session: sid, + Transaction: &sppb.CommitRequest_TransactionId{ + TransactionId: t.tx, + }, + Mutations: mPb, + }, grpc.Trailer(&trailer)) + if e != nil { + return toSpannerErrorWithMetadata(e, trailer) + } + if tstamp := res.GetCommitTimestamp(); tstamp != nil { + ts = time.Unix(tstamp.Seconds, int64(tstamp.Nanos)) + } + return nil + }) + if shouldDropSession(err) { + t.sh.destroy() + } + return ts, err +} + +// rollback is called when a commit is aborted or the transaction body runs into error. +func (t *ReadWriteTransaction) rollback(ctx context.Context) { + t.mu.Lock() + // Forbid further operations on rollbacked transaction. + t.state = txClosed + t.mu.Unlock() + // In case that sessionHandle was destroyed but transaction body fails to report it. + sid, client := t.sh.getID(), t.sh.getClient() + if sid == "" || client == nil { + return + } + err := runRetryable(contextWithOutgoingMetadata(ctx, t.sh.getMetadata()), func(ctx context.Context) error { + _, e := client.Rollback(ctx, &sppb.RollbackRequest{ + Session: sid, + TransactionId: t.tx, + }) + return e + }) + if shouldDropSession(err) { + t.sh.destroy() + } + return +} + +// runInTransaction executes f under a read-write transaction context. +func (t *ReadWriteTransaction) runInTransaction(ctx context.Context, f func(context.Context, *ReadWriteTransaction) error) (time.Time, error) { + var ( + ts time.Time + err error + ) + if err = f(context.WithValue(ctx, transactionInProgressKey{}, 1), t); err == nil { + // Try to commit if transaction body returns no error. + ts, err = t.commit(ctx) + } + if err != nil { + if isAbortErr(err) { + // Retry the transaction using the same session on ABORT error. + // Cloud Spanner will create the new transaction with the previous one's wound-wait priority. + err = errRetry(err) + return ts, err + } + // Not going to commit, according to API spec, should rollback the transaction. + t.rollback(ctx) + return ts, err + } + // err == nil, return commit timestamp. + return ts, nil +} + +// writeOnlyTransaction provides the most efficient way of doing write-only transactions. It essentially does blind writes to Cloud Spanner. +type writeOnlyTransaction struct { + // sp is the session pool which writeOnlyTransaction uses to get Cloud Spanner sessions for blind writes. + sp *sessionPool +} + +// applyAtLeastOnce commits a list of mutations to Cloud Spanner for at least once, unless one of the following happends: +// 1) Context is timeout. +// 2) An unretryable error(e.g. database not found) occurs. +// 3) There is a malformed Mutation object. +func (t *writeOnlyTransaction) applyAtLeastOnce(ctx context.Context, ms ...*Mutation) (time.Time, error) { + var ( + ts time.Time + sh *sessionHandle + ) + mPb, err := mutationsProto(ms) + if err != nil { + // Malformed mutation found, just return the error. + return ts, err + } + err = runRetryable(ctx, func(ct context.Context) error { + var e error + var trailers metadata.MD + if sh == nil || sh.getID() == "" || sh.getClient() == nil { + // No usable session for doing the commit, take one from pool. + sh, e = t.sp.take(ctx) + if e != nil { + // sessionPool.Take already retries for session creations/retrivals. + return e + } + } + res, e := sh.getClient().Commit(contextWithOutgoingMetadata(ctx, sh.getMetadata()), &sppb.CommitRequest{ + Session: sh.getID(), + Transaction: &sppb.CommitRequest_SingleUseTransaction{ + SingleUseTransaction: &sppb.TransactionOptions{ + Mode: &sppb.TransactionOptions_ReadWrite_{ + ReadWrite: &sppb.TransactionOptions_ReadWrite{}, + }, + }, + }, + Mutations: mPb, + }, grpc.Trailer(&trailers)) + if e != nil { + if isAbortErr(e) { + // Mask ABORT error as retryable, because aborted transactions are allowed to be retried. + return errRetry(toSpannerErrorWithMetadata(e, trailers)) + } + if shouldDropSession(e) { + // Discard the bad session. + sh.destroy() + } + return e + } + if tstamp := res.GetCommitTimestamp(); tstamp != nil { + ts = time.Unix(tstamp.Seconds, int64(tstamp.Nanos)) + } + return nil + }) + if sh != nil { + sh.recycle() + } + return ts, err +} + +// isAbortedErr returns true if the error indicates that an gRPC call is aborted on the server side. +func isAbortErr(err error) bool { + if err == nil { + return false + } + if ErrCode(err) == codes.Aborted { + return true + } + return false +} diff --git a/vendor/cloud.google.com/go/spanner/util.go b/vendor/cloud.google.com/go/spanner/util.go new file mode 100644 index 000000000000..d35fec291a5c --- /dev/null +++ b/vendor/cloud.google.com/go/spanner/util.go @@ -0,0 +1,33 @@ +/* +Copyright 2017 Google Inc. All Rights Reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package spanner + +// maxUint64 returns the maximum of two uint64 +func maxUint64(a, b uint64) uint64 { + if a > b { + return a + } + return b +} + +// minUint64 returns the minimum of two uint64 +func minUint64(a, b uint64) uint64 { + if a > b { + return b + } + return a +} diff --git a/vendor/cloud.google.com/go/spanner/value.go b/vendor/cloud.google.com/go/spanner/value.go new file mode 100644 index 000000000000..86d9f71b250a --- /dev/null +++ b/vendor/cloud.google.com/go/spanner/value.go @@ -0,0 +1,1425 @@ +/* +Copyright 2017 Google Inc. All Rights Reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package spanner + +import ( + "encoding/base64" + "fmt" + "math" + "reflect" + "strconv" + "time" + + "cloud.google.com/go/civil" + "cloud.google.com/go/internal/fields" + proto "github.com/golang/protobuf/proto" + proto3 "github.com/golang/protobuf/ptypes/struct" + sppb "google.golang.org/genproto/googleapis/spanner/v1" + "google.golang.org/grpc/codes" +) + +// NullInt64 represents a Cloud Spanner INT64 that may be NULL. +type NullInt64 struct { + Int64 int64 + Valid bool // Valid is true if Int64 is not NULL. +} + +// String implements Stringer.String for NullInt64 +func (n NullInt64) String() string { + if !n.Valid { + return fmt.Sprintf("%v", "") + } + return fmt.Sprintf("%v", n.Int64) +} + +// NullString represents a Cloud Spanner STRING that may be NULL. +type NullString struct { + StringVal string + Valid bool // Valid is true if StringVal is not NULL. +} + +// String implements Stringer.String for NullString +func (n NullString) String() string { + if !n.Valid { + return fmt.Sprintf("%v", "") + } + return fmt.Sprintf("%q", n.StringVal) +} + +// NullFloat64 represents a Cloud Spanner FLOAT64 that may be NULL. +type NullFloat64 struct { + Float64 float64 + Valid bool // Valid is true if Float64 is not NULL. +} + +// String implements Stringer.String for NullFloat64 +func (n NullFloat64) String() string { + if !n.Valid { + return fmt.Sprintf("%v", "") + } + return fmt.Sprintf("%v", n.Float64) +} + +// NullBool represents a Cloud Spanner BOOL that may be NULL. +type NullBool struct { + Bool bool + Valid bool // Valid is true if Bool is not NULL. +} + +// String implements Stringer.String for NullBool +func (n NullBool) String() string { + if !n.Valid { + return fmt.Sprintf("%v", "") + } + return fmt.Sprintf("%v", n.Bool) +} + +// NullTime represents a Cloud Spanner TIMESTAMP that may be null. +type NullTime struct { + Time time.Time + Valid bool // Valid is true if Time is not NULL. +} + +// String implements Stringer.String for NullTime +func (n NullTime) String() string { + if !n.Valid { + return fmt.Sprintf("%s", "") + } + return fmt.Sprintf("%q", n.Time.Format(time.RFC3339Nano)) +} + +// NullDate represents a Cloud Spanner DATE that may be null. +type NullDate struct { + Date civil.Date + Valid bool // Valid is true if Date is not NULL. +} + +// String implements Stringer.String for NullDate +func (n NullDate) String() string { + if !n.Valid { + return fmt.Sprintf("%s", "") + } + return fmt.Sprintf("%q", n.Date) +} + +// NullRow represents a Cloud Spanner STRUCT that may be NULL. +// See also the document for Row. +// Note that NullRow is not a valid Cloud Spanner column Type. +type NullRow struct { + Row Row + Valid bool // Valid is true if Row is not NULL. +} + +// GenericColumnValue represents the generic encoded value and type of the +// column. See google.spanner.v1.ResultSet proto for details. This can be +// useful for proxying query results when the result types are not known in +// advance. +// +// If you populate a GenericColumnValue from a row using Row.Column or related +// methods, do not modify the contents of Type and Value. +type GenericColumnValue struct { + Type *sppb.Type + Value *proto3.Value +} + +// Decode decodes a GenericColumnValue. The ptr argument should be a pointer +// to a Go value that can accept v. +func (v GenericColumnValue) Decode(ptr interface{}) error { + return decodeValue(v.Value, v.Type, ptr) +} + +// NewGenericColumnValue creates a GenericColumnValue from Go value that is +// valid for Cloud Spanner. +func newGenericColumnValue(v interface{}) (*GenericColumnValue, error) { + value, typ, err := encodeValue(v) + if err != nil { + return nil, err + } + return &GenericColumnValue{Value: value, Type: typ}, nil +} + +// errTypeMismatch returns error for destination not having a compatible type +// with source Cloud Spanner type. +func errTypeMismatch(srcCode, elCode sppb.TypeCode, dst interface{}) error { + s := srcCode.String() + if srcCode == sppb.TypeCode_ARRAY { + s = fmt.Sprintf("%v[%v]", srcCode, elCode) + } + return spannerErrorf(codes.InvalidArgument, "type %T cannot be used for decoding %s", dst, s) +} + +// errNilSpannerType returns error for nil Cloud Spanner type in decoding. +func errNilSpannerType() error { + return spannerErrorf(codes.FailedPrecondition, "unexpected nil Cloud Spanner data type in decoding") +} + +// errNilSrc returns error for decoding from nil proto value. +func errNilSrc() error { + return spannerErrorf(codes.FailedPrecondition, "unexpected nil Cloud Spanner value in decoding") +} + +// errNilDst returns error for decoding into nil interface{}. +func errNilDst(dst interface{}) error { + return spannerErrorf(codes.InvalidArgument, "cannot decode into nil type %T", dst) +} + +// errNilArrElemType returns error for input Cloud Spanner data type being a array but without a +// non-nil array element type. +func errNilArrElemType(t *sppb.Type) error { + return spannerErrorf(codes.FailedPrecondition, "array type %v is with nil array element type", t) +} + +// errDstNotForNull returns error for decoding a SQL NULL value into a destination which doesn't +// support NULL values. +func errDstNotForNull(dst interface{}) error { + return spannerErrorf(codes.InvalidArgument, "destination %T cannot support NULL SQL values", dst) +} + +// errBadEncoding returns error for decoding wrongly encoded types. +func errBadEncoding(v *proto3.Value, err error) error { + return spannerErrorf(codes.FailedPrecondition, "%v wasn't correctly encoded: <%v>", v, err) +} + +func parseNullTime(v *proto3.Value, p *NullTime, code sppb.TypeCode, isNull bool) error { + if p == nil { + return errNilDst(p) + } + if code != sppb.TypeCode_TIMESTAMP { + return errTypeMismatch(code, sppb.TypeCode_TYPE_CODE_UNSPECIFIED, p) + } + if isNull { + *p = NullTime{} + return nil + } + x, err := getStringValue(v) + if err != nil { + return err + } + y, err := time.Parse(time.RFC3339Nano, x) + if err != nil { + return errBadEncoding(v, err) + } + p.Valid = true + p.Time = y + return nil +} + +// decodeValue decodes a protobuf Value into a pointer to a Go value, as +// specified by sppb.Type. +func decodeValue(v *proto3.Value, t *sppb.Type, ptr interface{}) error { + if v == nil { + return errNilSrc() + } + if t == nil { + return errNilSpannerType() + } + code := t.Code + acode := sppb.TypeCode_TYPE_CODE_UNSPECIFIED + if code == sppb.TypeCode_ARRAY { + if t.ArrayElementType == nil { + return errNilArrElemType(t) + } + acode = t.ArrayElementType.Code + } + _, isNull := v.Kind.(*proto3.Value_NullValue) + + // Do the decoding based on the type of ptr. + switch p := ptr.(type) { + case nil: + return errNilDst(nil) + case *string: + if p == nil { + return errNilDst(p) + } + if code != sppb.TypeCode_STRING { + return errTypeMismatch(code, acode, ptr) + } + if isNull { + return errDstNotForNull(ptr) + } + x, err := getStringValue(v) + if err != nil { + return err + } + *p = x + case *NullString: + if p == nil { + return errNilDst(p) + } + if code != sppb.TypeCode_STRING { + return errTypeMismatch(code, acode, ptr) + } + if isNull { + *p = NullString{} + break + } + x, err := getStringValue(v) + if err != nil { + return err + } + p.Valid = true + p.StringVal = x + case *[]NullString: + if p == nil { + return errNilDst(p) + } + if acode != sppb.TypeCode_STRING { + return errTypeMismatch(code, acode, ptr) + } + if isNull { + *p = nil + break + } + x, err := getListValue(v) + if err != nil { + return err + } + y, err := decodeNullStringArray(x) + if err != nil { + return err + } + *p = y + case *[]string: + if p == nil { + return errNilDst(p) + } + if acode != sppb.TypeCode_STRING { + return errTypeMismatch(code, acode, ptr) + } + if isNull { + *p = nil + break + } + x, err := getListValue(v) + if err != nil { + return err + } + y, err := decodeStringArray(x) + if err != nil { + return err + } + *p = y + case *[]byte: + if p == nil { + return errNilDst(p) + } + if code != sppb.TypeCode_BYTES { + return errTypeMismatch(code, acode, ptr) + } + if isNull { + *p = nil + break + } + x, err := getStringValue(v) + if err != nil { + return err + } + y, err := base64.StdEncoding.DecodeString(x) + if err != nil { + return errBadEncoding(v, err) + } + *p = y + case *[][]byte: + if p == nil { + return errNilDst(p) + } + if acode != sppb.TypeCode_BYTES { + return errTypeMismatch(code, acode, ptr) + } + if isNull { + *p = nil + break + } + x, err := getListValue(v) + if err != nil { + return err + } + y, err := decodeByteArray(x) + if err != nil { + return err + } + *p = y + case *int64: + if p == nil { + return errNilDst(p) + } + if code != sppb.TypeCode_INT64 { + return errTypeMismatch(code, acode, ptr) + } + if isNull { + return errDstNotForNull(ptr) + } + x, err := getStringValue(v) + if err != nil { + return err + } + y, err := strconv.ParseInt(x, 10, 64) + if err != nil { + return errBadEncoding(v, err) + } + *p = y + case *NullInt64: + if p == nil { + return errNilDst(p) + } + if code != sppb.TypeCode_INT64 { + return errTypeMismatch(code, acode, ptr) + } + if isNull { + *p = NullInt64{} + break + } + x, err := getStringValue(v) + if err != nil { + return err + } + y, err := strconv.ParseInt(x, 10, 64) + if err != nil { + return errBadEncoding(v, err) + } + p.Valid = true + p.Int64 = y + case *[]NullInt64: + if p == nil { + return errNilDst(p) + } + if acode != sppb.TypeCode_INT64 { + return errTypeMismatch(code, acode, ptr) + } + if isNull { + *p = nil + break + } + x, err := getListValue(v) + if err != nil { + return err + } + y, err := decodeNullInt64Array(x) + if err != nil { + return err + } + *p = y + case *[]int64: + if p == nil { + return errNilDst(p) + } + if acode != sppb.TypeCode_INT64 { + return errTypeMismatch(code, acode, ptr) + } + if isNull { + *p = nil + break + } + x, err := getListValue(v) + if err != nil { + return err + } + y, err := decodeInt64Array(x) + if err != nil { + return err + } + *p = y + case *bool: + if p == nil { + return errNilDst(p) + } + if code != sppb.TypeCode_BOOL { + return errTypeMismatch(code, acode, ptr) + } + if isNull { + return errDstNotForNull(ptr) + } + x, err := getBoolValue(v) + if err != nil { + return err + } + *p = x + case *NullBool: + if p == nil { + return errNilDst(p) + } + if code != sppb.TypeCode_BOOL { + return errTypeMismatch(code, acode, ptr) + } + if isNull { + *p = NullBool{} + break + } + x, err := getBoolValue(v) + if err != nil { + return err + } + p.Valid = true + p.Bool = x + case *[]NullBool: + if p == nil { + return errNilDst(p) + } + if acode != sppb.TypeCode_BOOL { + return errTypeMismatch(code, acode, ptr) + } + if isNull { + *p = nil + break + } + x, err := getListValue(v) + if err != nil { + return err + } + y, err := decodeNullBoolArray(x) + if err != nil { + return err + } + *p = y + case *[]bool: + if p == nil { + return errNilDst(p) + } + if acode != sppb.TypeCode_BOOL { + return errTypeMismatch(code, acode, ptr) + } + if isNull { + *p = nil + break + } + x, err := getListValue(v) + if err != nil { + return err + } + y, err := decodeBoolArray(x) + if err != nil { + return err + } + *p = y + case *float64: + if p == nil { + return errNilDst(p) + } + if code != sppb.TypeCode_FLOAT64 { + return errTypeMismatch(code, acode, ptr) + } + if isNull { + return errDstNotForNull(ptr) + } + x, err := getFloat64Value(v) + if err != nil { + return err + } + *p = x + case *NullFloat64: + if p == nil { + return errNilDst(p) + } + if code != sppb.TypeCode_FLOAT64 { + return errTypeMismatch(code, acode, ptr) + } + if isNull { + *p = NullFloat64{} + break + } + x, err := getFloat64Value(v) + if err != nil { + return err + } + p.Valid = true + p.Float64 = x + case *[]NullFloat64: + if p == nil { + return errNilDst(p) + } + if acode != sppb.TypeCode_FLOAT64 { + return errTypeMismatch(code, acode, ptr) + } + if isNull { + *p = nil + break + } + x, err := getListValue(v) + if err != nil { + return err + } + y, err := decodeNullFloat64Array(x) + if err != nil { + return err + } + *p = y + case *[]float64: + if p == nil { + return errNilDst(p) + } + if acode != sppb.TypeCode_FLOAT64 { + return errTypeMismatch(code, acode, ptr) + } + if isNull { + *p = nil + break + } + x, err := getListValue(v) + if err != nil { + return err + } + y, err := decodeFloat64Array(x) + if err != nil { + return err + } + *p = y + case *time.Time: + var nt NullTime + if isNull { + return errDstNotForNull(ptr) + } + err := parseNullTime(v, &nt, code, isNull) + if err != nil { + return nil + } + *p = nt.Time + case *NullTime: + err := parseNullTime(v, p, code, isNull) + if err != nil { + return err + } + case *[]NullTime: + if p == nil { + return errNilDst(p) + } + if acode != sppb.TypeCode_TIMESTAMP { + return errTypeMismatch(code, acode, ptr) + } + if isNull { + *p = nil + break + } + x, err := getListValue(v) + if err != nil { + return err + } + y, err := decodeNullTimeArray(x) + if err != nil { + return err + } + *p = y + case *[]time.Time: + if p == nil { + return errNilDst(p) + } + if acode != sppb.TypeCode_TIMESTAMP { + return errTypeMismatch(code, acode, ptr) + } + if isNull { + *p = nil + break + } + x, err := getListValue(v) + if err != nil { + return err + } + y, err := decodeTimeArray(x) + if err != nil { + return err + } + *p = y + case *civil.Date: + if p == nil { + return errNilDst(p) + } + if code != sppb.TypeCode_DATE { + return errTypeMismatch(code, acode, ptr) + } + if isNull { + return errDstNotForNull(ptr) + } + x, err := getStringValue(v) + if err != nil { + return err + } + y, err := civil.ParseDate(x) + if err != nil { + return errBadEncoding(v, err) + } + *p = y + case *NullDate: + if p == nil { + return errNilDst(p) + } + if code != sppb.TypeCode_DATE { + return errTypeMismatch(code, acode, ptr) + } + if isNull { + *p = NullDate{} + break + } + x, err := getStringValue(v) + if err != nil { + return err + } + y, err := civil.ParseDate(x) + if err != nil { + return errBadEncoding(v, err) + } + p.Valid = true + p.Date = y + case *[]NullDate: + if p == nil { + return errNilDst(p) + } + if acode != sppb.TypeCode_DATE { + return errTypeMismatch(code, acode, ptr) + } + if isNull { + *p = nil + break + } + x, err := getListValue(v) + if err != nil { + return err + } + y, err := decodeNullDateArray(x) + if err != nil { + return err + } + *p = y + case *[]civil.Date: + if p == nil { + return errNilDst(p) + } + if acode != sppb.TypeCode_DATE { + return errTypeMismatch(code, acode, ptr) + } + if isNull { + *p = nil + break + } + x, err := getListValue(v) + if err != nil { + return err + } + y, err := decodeDateArray(x) + if err != nil { + return err + } + *p = y + case *[]NullRow: + if p == nil { + return errNilDst(p) + } + if acode != sppb.TypeCode_STRUCT { + return errTypeMismatch(code, acode, ptr) + } + if isNull { + *p = nil + break + } + x, err := getListValue(v) + if err != nil { + return err + } + y, err := decodeRowArray(t.ArrayElementType.StructType, x) + if err != nil { + return err + } + *p = y + case *GenericColumnValue: + *p = GenericColumnValue{Type: t, Value: v} + default: + // Check if the proto encoding is for an array of structs. + if !(code == sppb.TypeCode_ARRAY && acode == sppb.TypeCode_STRUCT) { + return errTypeMismatch(code, acode, ptr) + } + vp := reflect.ValueOf(p) + if !vp.IsValid() { + return errNilDst(p) + } + if !isPtrStructPtrSlice(vp.Type()) { + // The container is not a pointer to a struct pointer slice. + return errTypeMismatch(code, acode, ptr) + } + // Only use reflection for nil detection on slow path. + // Also, IsNil panics on many types, so check it after the type check. + if vp.IsNil() { + return errNilDst(p) + } + if isNull { + // The proto Value is encoding NULL, set the pointer to struct + // slice to nil as well. + vp.Elem().Set(reflect.Zero(vp.Elem().Type())) + break + } + x, err := getListValue(v) + if err != nil { + return err + } + if err = decodeStructArray(t.ArrayElementType.StructType, x, p); err != nil { + return err + } + } + return nil +} + +// errSrvVal returns an error for getting a wrong source protobuf value in decoding. +func errSrcVal(v *proto3.Value, want string) error { + return spannerErrorf(codes.FailedPrecondition, "cannot use %v(Kind: %T) as %s Value", + v, v.GetKind(), want) +} + +// getStringValue returns the string value encoded in proto3.Value v whose +// kind is proto3.Value_StringValue. +func getStringValue(v *proto3.Value) (string, error) { + if x, ok := v.GetKind().(*proto3.Value_StringValue); ok && x != nil { + return x.StringValue, nil + } + return "", errSrcVal(v, "String") +} + +// getBoolValue returns the bool value encoded in proto3.Value v whose +// kind is proto3.Value_BoolValue. +func getBoolValue(v *proto3.Value) (bool, error) { + if x, ok := v.GetKind().(*proto3.Value_BoolValue); ok && x != nil { + return x.BoolValue, nil + } + return false, errSrcVal(v, "Bool") +} + +// getListValue returns the proto3.ListValue contained in proto3.Value v whose +// kind is proto3.Value_ListValue. +func getListValue(v *proto3.Value) (*proto3.ListValue, error) { + if x, ok := v.GetKind().(*proto3.Value_ListValue); ok && x != nil { + return x.ListValue, nil + } + return nil, errSrcVal(v, "List") +} + +// errUnexpectedNumStr returns error for decoder getting a unexpected string for +// representing special float values. +func errUnexpectedNumStr(s string) error { + return spannerErrorf(codes.FailedPrecondition, "unexpected string value %q for number", s) +} + +// getFloat64Value returns the float64 value encoded in proto3.Value v whose +// kind is proto3.Value_NumberValue / proto3.Value_StringValue. +// Cloud Spanner uses string to encode NaN, Infinity and -Infinity. +func getFloat64Value(v *proto3.Value) (float64, error) { + switch x := v.GetKind().(type) { + case *proto3.Value_NumberValue: + if x == nil { + break + } + return x.NumberValue, nil + case *proto3.Value_StringValue: + if x == nil { + break + } + switch x.StringValue { + case "NaN": + return math.NaN(), nil + case "Infinity": + return math.Inf(1), nil + case "-Infinity": + return math.Inf(-1), nil + default: + return 0, errUnexpectedNumStr(x.StringValue) + } + } + return 0, errSrcVal(v, "Number") +} + +// errNilListValue returns error for unexpected nil ListValue in decoding Cloud Spanner ARRAYs. +func errNilListValue(sqlType string) error { + return spannerErrorf(codes.FailedPrecondition, "unexpected nil ListValue in decoding %v array", sqlType) +} + +// errDecodeArrayElement returns error for failure in decoding single array element. +func errDecodeArrayElement(i int, v proto.Message, sqlType string, err error) error { + se, ok := toSpannerError(err).(*Error) + if !ok { + return spannerErrorf(codes.Unknown, + "cannot decode %v(array element %v) as %v, error = <%v>", v, i, sqlType, err) + } + se.decorate(fmt.Sprintf("cannot decode %v(array element %v) as %v", v, i, sqlType)) + return se +} + +// decodeNullStringArray decodes proto3.ListValue pb into a NullString slice. +func decodeNullStringArray(pb *proto3.ListValue) ([]NullString, error) { + if pb == nil { + return nil, errNilListValue("STRING") + } + a := make([]NullString, len(pb.Values)) + for i, v := range pb.Values { + if err := decodeValue(v, stringType(), &a[i]); err != nil { + return nil, errDecodeArrayElement(i, v, "STRING", err) + } + } + return a, nil +} + +// decodeStringArray decodes proto3.ListValue pb into a string slice. +func decodeStringArray(pb *proto3.ListValue) ([]string, error) { + if pb == nil { + return nil, errNilListValue("STRING") + } + a := make([]string, len(pb.Values)) + st := stringType() + for i, v := range pb.Values { + if err := decodeValue(v, st, &a[i]); err != nil { + return nil, errDecodeArrayElement(i, v, "STRING", err) + } + } + return a, nil +} + +// decodeNullInt64Array decodes proto3.ListValue pb into a NullInt64 slice. +func decodeNullInt64Array(pb *proto3.ListValue) ([]NullInt64, error) { + if pb == nil { + return nil, errNilListValue("INT64") + } + a := make([]NullInt64, len(pb.Values)) + for i, v := range pb.Values { + if err := decodeValue(v, intType(), &a[i]); err != nil { + return nil, errDecodeArrayElement(i, v, "INT64", err) + } + } + return a, nil +} + +// decodeInt64Array decodes proto3.ListValue pb into a int64 slice. +func decodeInt64Array(pb *proto3.ListValue) ([]int64, error) { + if pb == nil { + return nil, errNilListValue("INT64") + } + a := make([]int64, len(pb.Values)) + for i, v := range pb.Values { + if err := decodeValue(v, intType(), &a[i]); err != nil { + return nil, errDecodeArrayElement(i, v, "INT64", err) + } + } + return a, nil +} + +// decodeNullBoolArray decodes proto3.ListValue pb into a NullBool slice. +func decodeNullBoolArray(pb *proto3.ListValue) ([]NullBool, error) { + if pb == nil { + return nil, errNilListValue("BOOL") + } + a := make([]NullBool, len(pb.Values)) + for i, v := range pb.Values { + if err := decodeValue(v, boolType(), &a[i]); err != nil { + return nil, errDecodeArrayElement(i, v, "BOOL", err) + } + } + return a, nil +} + +// decodeBoolArray decodes proto3.ListValue pb into a bool slice. +func decodeBoolArray(pb *proto3.ListValue) ([]bool, error) { + if pb == nil { + return nil, errNilListValue("BOOL") + } + a := make([]bool, len(pb.Values)) + for i, v := range pb.Values { + if err := decodeValue(v, boolType(), &a[i]); err != nil { + return nil, errDecodeArrayElement(i, v, "BOOL", err) + } + } + return a, nil +} + +// decodeNullFloat64Array decodes proto3.ListValue pb into a NullFloat64 slice. +func decodeNullFloat64Array(pb *proto3.ListValue) ([]NullFloat64, error) { + if pb == nil { + return nil, errNilListValue("FLOAT64") + } + a := make([]NullFloat64, len(pb.Values)) + for i, v := range pb.Values { + if err := decodeValue(v, floatType(), &a[i]); err != nil { + return nil, errDecodeArrayElement(i, v, "FLOAT64", err) + } + } + return a, nil +} + +// decodeFloat64Array decodes proto3.ListValue pb into a float64 slice. +func decodeFloat64Array(pb *proto3.ListValue) ([]float64, error) { + if pb == nil { + return nil, errNilListValue("FLOAT64") + } + a := make([]float64, len(pb.Values)) + for i, v := range pb.Values { + if err := decodeValue(v, floatType(), &a[i]); err != nil { + return nil, errDecodeArrayElement(i, v, "FLOAT64", err) + } + } + return a, nil +} + +// decodeByteArray decodes proto3.ListValue pb into a slice of byte slice. +func decodeByteArray(pb *proto3.ListValue) ([][]byte, error) { + if pb == nil { + return nil, errNilListValue("BYTES") + } + a := make([][]byte, len(pb.Values)) + for i, v := range pb.Values { + if err := decodeValue(v, bytesType(), &a[i]); err != nil { + return nil, errDecodeArrayElement(i, v, "BYTES", err) + } + } + return a, nil +} + +// decodeNullTimeArray decodes proto3.ListValue pb into a NullTime slice. +func decodeNullTimeArray(pb *proto3.ListValue) ([]NullTime, error) { + if pb == nil { + return nil, errNilListValue("TIMESTAMP") + } + a := make([]NullTime, len(pb.Values)) + for i, v := range pb.Values { + if err := decodeValue(v, timeType(), &a[i]); err != nil { + return nil, errDecodeArrayElement(i, v, "TIMESTAMP", err) + } + } + return a, nil +} + +// decodeTimeArray decodes proto3.ListValue pb into a time.Time slice. +func decodeTimeArray(pb *proto3.ListValue) ([]time.Time, error) { + if pb == nil { + return nil, errNilListValue("TIMESTAMP") + } + a := make([]time.Time, len(pb.Values)) + for i, v := range pb.Values { + if err := decodeValue(v, timeType(), &a[i]); err != nil { + return nil, errDecodeArrayElement(i, v, "TIMESTAMP", err) + } + } + return a, nil +} + +// decodeNullDateArray decodes proto3.ListValue pb into a NullDate slice. +func decodeNullDateArray(pb *proto3.ListValue) ([]NullDate, error) { + if pb == nil { + return nil, errNilListValue("DATE") + } + a := make([]NullDate, len(pb.Values)) + for i, v := range pb.Values { + if err := decodeValue(v, dateType(), &a[i]); err != nil { + return nil, errDecodeArrayElement(i, v, "DATE", err) + } + } + return a, nil +} + +// decodeDateArray decodes proto3.ListValue pb into a civil.Date slice. +func decodeDateArray(pb *proto3.ListValue) ([]civil.Date, error) { + if pb == nil { + return nil, errNilListValue("DATE") + } + a := make([]civil.Date, len(pb.Values)) + for i, v := range pb.Values { + if err := decodeValue(v, dateType(), &a[i]); err != nil { + return nil, errDecodeArrayElement(i, v, "DATE", err) + } + } + return a, nil +} + +func errNotStructElement(i int, v *proto3.Value) error { + return errDecodeArrayElement(i, v, "STRUCT", + spannerErrorf(codes.FailedPrecondition, "%v(type: %T) doesn't encode Cloud Spanner STRUCT", v, v)) +} + +// decodeRowArray decodes proto3.ListValue pb into a NullRow slice according to +// the structual information given in sppb.StructType ty. +func decodeRowArray(ty *sppb.StructType, pb *proto3.ListValue) ([]NullRow, error) { + if pb == nil { + return nil, errNilListValue("STRUCT") + } + a := make([]NullRow, len(pb.Values)) + for i := range pb.Values { + switch v := pb.Values[i].GetKind().(type) { + case *proto3.Value_ListValue: + a[i] = NullRow{ + Row: Row{ + fields: ty.Fields, + vals: v.ListValue.Values, + }, + Valid: true, + } + // Null elements not currently supported by the server, see + // https://cloud.google.com/spanner/docs/query-syntax#using-structs-with-select + case *proto3.Value_NullValue: + // no-op, a[i] is NullRow{} already + default: + return nil, errNotStructElement(i, pb.Values[i]) + } + } + return a, nil +} + +// errNilSpannerStructType returns error for unexpected nil Cloud Spanner STRUCT schema type in decoding. +func errNilSpannerStructType() error { + return spannerErrorf(codes.FailedPrecondition, "unexpected nil StructType in decoding Cloud Spanner STRUCT") +} + +// errUnnamedField returns error for decoding a Cloud Spanner STRUCT with unnamed field into a Go struct. +func errUnnamedField(ty *sppb.StructType, i int) error { + return spannerErrorf(codes.InvalidArgument, "unnamed field %v in Cloud Spanner STRUCT %+v", i, ty) +} + +// errNoOrDupGoField returns error for decoding a Cloud Spanner +// STRUCT into a Go struct which is either missing a field, or has duplicate fields. +func errNoOrDupGoField(s interface{}, f string) error { + return spannerErrorf(codes.InvalidArgument, "Go struct %+v(type %T) has no or duplicate fields for Cloud Spanner STRUCT field %v", s, s, f) +} + +// errDupColNames returns error for duplicated Cloud Spanner STRUCT field names found in decoding a Cloud Spanner STRUCT into a Go struct. +func errDupSpannerField(f string, ty *sppb.StructType) error { + return spannerErrorf(codes.InvalidArgument, "duplicated field name %q in Cloud Spanner STRUCT %+v", f, ty) +} + +// errDecodeStructField returns error for failure in decoding a single field of a Cloud Spanner STRUCT. +func errDecodeStructField(ty *sppb.StructType, f string, err error) error { + se, ok := toSpannerError(err).(*Error) + if !ok { + return spannerErrorf(codes.Unknown, + "cannot decode field %v of Cloud Spanner STRUCT %+v, error = <%v>", f, ty, err) + } + se.decorate(fmt.Sprintf("cannot decode field %v of Cloud Spanner STRUCT %+v", f, ty)) + return se +} + +// decodeStruct decodes proto3.ListValue pb into struct referenced by pointer ptr, according to +// the structual information given in sppb.StructType ty. +func decodeStruct(ty *sppb.StructType, pb *proto3.ListValue, ptr interface{}) error { + if reflect.ValueOf(ptr).IsNil() { + return errNilDst(ptr) + } + if ty == nil { + return errNilSpannerStructType() + } + // t holds the structual information of ptr. + t := reflect.TypeOf(ptr).Elem() + // v is the actual value that ptr points to. + v := reflect.ValueOf(ptr).Elem() + + fields, err := fieldCache.Fields(t) + if err != nil { + return toSpannerError(err) + } + seen := map[string]bool{} + for i, f := range ty.Fields { + if f.Name == "" { + return errUnnamedField(ty, i) + } + sf := fields.Match(f.Name) + if sf == nil { + return errNoOrDupGoField(ptr, f.Name) + } + if seen[f.Name] { + // We don't allow duplicated field name. + return errDupSpannerField(f.Name, ty) + } + // Try to decode a single field. + if err := decodeValue(pb.Values[i], f.Type, v.FieldByIndex(sf.Index).Addr().Interface()); err != nil { + return errDecodeStructField(ty, f.Name, err) + } + // Mark field f.Name as processed. + seen[f.Name] = true + } + return nil +} + +// isPtrStructPtrSlice returns true if ptr is a pointer to a slice of struct pointers. +func isPtrStructPtrSlice(t reflect.Type) bool { + if t.Kind() != reflect.Ptr || t.Elem().Kind() != reflect.Slice { + // t is not a pointer to a slice. + return false + } + if t = t.Elem(); t.Elem().Kind() != reflect.Ptr || t.Elem().Elem().Kind() != reflect.Struct { + // the slice that t points to is not a slice of struct pointers. + return false + } + return true +} + +// decodeStructArray decodes proto3.ListValue pb into struct slice referenced by pointer ptr, according to the +// structual information given in a sppb.StructType. +func decodeStructArray(ty *sppb.StructType, pb *proto3.ListValue, ptr interface{}) error { + if pb == nil { + return errNilListValue("STRUCT") + } + // Type of the struct pointers stored in the slice that ptr points to. + ts := reflect.TypeOf(ptr).Elem().Elem() + // The slice that ptr points to, might be nil at this point. + v := reflect.ValueOf(ptr).Elem() + // Allocate empty slice. + v.Set(reflect.MakeSlice(v.Type(), 0, len(pb.Values))) + // Decode every struct in pb.Values. + for i, pv := range pb.Values { + // Check if pv is a NULL value. + if _, isNull := pv.Kind.(*proto3.Value_NullValue); isNull { + // Append a nil pointer to the slice. + v.Set(reflect.Append(v, reflect.New(ts).Elem())) + continue + } + // Allocate empty struct. + s := reflect.New(ts.Elem()) + // Get proto3.ListValue l from proto3.Value pv. + l, err := getListValue(pv) + if err != nil { + return errDecodeArrayElement(i, pv, "STRUCT", err) + } + // Decode proto3.ListValue l into struct referenced by s.Interface(). + if err = decodeStruct(ty, l, s.Interface()); err != nil { + return errDecodeArrayElement(i, pv, "STRUCT", err) + } + // Append the decoded struct back into the slice. + v.Set(reflect.Append(v, s)) + } + return nil +} + +// errEncoderUnsupportedType returns error for not being able to encode a value of +// certain type. +func errEncoderUnsupportedType(v interface{}) error { + return spannerErrorf(codes.InvalidArgument, "client doesn't support type %T", v) +} + +// encodeValue encodes a Go native type into a proto3.Value. +func encodeValue(v interface{}) (*proto3.Value, *sppb.Type, error) { + pb := &proto3.Value{ + Kind: &proto3.Value_NullValue{NullValue: proto3.NullValue_NULL_VALUE}, + } + var pt *sppb.Type + var err error + switch v := v.(type) { + case nil: + case string: + pb.Kind = stringKind(v) + pt = stringType() + case NullString: + if v.Valid { + return encodeValue(v.StringVal) + } + pt = stringType() + case []string: + if v != nil { + pb, err = encodeArray(len(v), func(i int) interface{} { return v[i] }) + if err != nil { + return nil, nil, err + } + } + pt = listType(stringType()) + case []NullString: + if v != nil { + pb, err = encodeArray(len(v), func(i int) interface{} { return v[i] }) + if err != nil { + return nil, nil, err + } + } + pt = listType(stringType()) + case []byte: + if v != nil { + pb.Kind = stringKind(base64.StdEncoding.EncodeToString(v)) + } + pt = bytesType() + case [][]byte: + if v != nil { + pb, err = encodeArray(len(v), func(i int) interface{} { return v[i] }) + if err != nil { + return nil, nil, err + } + } + pt = listType(bytesType()) + case int: + pb.Kind = stringKind(strconv.FormatInt(int64(v), 10)) + pt = intType() + case []int: + if v != nil { + pb, err = encodeArray(len(v), func(i int) interface{} { return v[i] }) + if err != nil { + return nil, nil, err + } + } + pt = listType(intType()) + case int64: + pb.Kind = stringKind(strconv.FormatInt(v, 10)) + pt = intType() + case []int64: + if v != nil { + pb, err = encodeArray(len(v), func(i int) interface{} { return v[i] }) + if err != nil { + return nil, nil, err + } + } + pt = listType(intType()) + case NullInt64: + if v.Valid { + return encodeValue(v.Int64) + } + pt = intType() + case []NullInt64: + if v != nil { + pb, err = encodeArray(len(v), func(i int) interface{} { return v[i] }) + if err != nil { + return nil, nil, err + } + } + pt = listType(intType()) + case bool: + pb.Kind = &proto3.Value_BoolValue{BoolValue: v} + pt = boolType() + case []bool: + if v != nil { + pb, err = encodeArray(len(v), func(i int) interface{} { return v[i] }) + if err != nil { + return nil, nil, err + } + } + pt = listType(boolType()) + case NullBool: + if v.Valid { + return encodeValue(v.Bool) + } + pt = boolType() + case []NullBool: + if v != nil { + pb, err = encodeArray(len(v), func(i int) interface{} { return v[i] }) + if err != nil { + return nil, nil, err + } + } + pt = listType(boolType()) + case float64: + pb.Kind = &proto3.Value_NumberValue{NumberValue: v} + pt = floatType() + case []float64: + if v != nil { + pb, err = encodeArray(len(v), func(i int) interface{} { return v[i] }) + if err != nil { + return nil, nil, err + } + } + pt = listType(floatType()) + case NullFloat64: + if v.Valid { + return encodeValue(v.Float64) + } + pt = floatType() + case []NullFloat64: + if v != nil { + pb, err = encodeArray(len(v), func(i int) interface{} { return v[i] }) + if err != nil { + return nil, nil, err + } + } + pt = listType(floatType()) + case time.Time: + pb.Kind = stringKind(v.UTC().Format(time.RFC3339Nano)) + pt = timeType() + case []time.Time: + if v != nil { + pb, err = encodeArray(len(v), func(i int) interface{} { return v[i] }) + if err != nil { + return nil, nil, err + } + } + pt = listType(timeType()) + case NullTime: + if v.Valid { + return encodeValue(v.Time) + } + pt = timeType() + case []NullTime: + if v != nil { + pb, err = encodeArray(len(v), func(i int) interface{} { return v[i] }) + if err != nil { + return nil, nil, err + } + } + pt = listType(timeType()) + case civil.Date: + pb.Kind = stringKind(v.String()) + pt = dateType() + case []civil.Date: + if v != nil { + pb, err = encodeArray(len(v), func(i int) interface{} { return v[i] }) + if err != nil { + return nil, nil, err + } + } + pt = listType(dateType()) + case NullDate: + if v.Valid { + return encodeValue(v.Date) + } + pt = dateType() + case []NullDate: + if v != nil { + pb, err = encodeArray(len(v), func(i int) interface{} { return v[i] }) + if err != nil { + return nil, nil, err + } + } + pt = listType(dateType()) + case GenericColumnValue: + // Deep clone to ensure subsequent changes to v before + // transmission don't affect our encoded value. + pb = proto.Clone(v.Value).(*proto3.Value) + pt = proto.Clone(v.Type).(*sppb.Type) + default: + return nil, nil, errEncoderUnsupportedType(v) + } + return pb, pt, nil +} + +// encodeValueArray encodes a Value array into a proto3.ListValue. +func encodeValueArray(vs []interface{}) (*proto3.ListValue, error) { + lv := &proto3.ListValue{} + lv.Values = make([]*proto3.Value, 0, len(vs)) + for _, v := range vs { + pb, _, err := encodeValue(v) + if err != nil { + return nil, err + } + lv.Values = append(lv.Values, pb) + } + return lv, nil +} + +// encodeArray assumes that all values of the array element type encode without error. +func encodeArray(len int, at func(int) interface{}) (*proto3.Value, error) { + vs := make([]*proto3.Value, len) + var err error + for i := 0; i < len; i++ { + vs[i], _, err = encodeValue(at(i)) + if err != nil { + return nil, err + } + } + return listProto(vs...), nil +} + +func spannerTagParser(t reflect.StructTag) (name string, keep bool, other interface{}, err error) { + if s := t.Get("spanner"); s != "" { + if s == "-" { + return "", false, nil, nil + } + return s, true, nil, nil + } + return "", true, nil, nil +} + +var fieldCache = fields.NewCache(spannerTagParser, nil, nil) diff --git a/vendor/github.com/golang/protobuf/ptypes/empty/empty.pb.go b/vendor/github.com/golang/protobuf/ptypes/empty/empty.pb.go new file mode 100644 index 000000000000..e877b72c3f50 --- /dev/null +++ b/vendor/github.com/golang/protobuf/ptypes/empty/empty.pb.go @@ -0,0 +1,66 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// source: google/protobuf/empty.proto + +/* +Package empty is a generated protocol buffer package. + +It is generated from these files: + google/protobuf/empty.proto + +It has these top-level messages: + Empty +*/ +package empty + +import proto "github.com/golang/protobuf/proto" +import fmt "fmt" +import math "math" + +// Reference imports to suppress errors if they are not otherwise used. +var _ = proto.Marshal +var _ = fmt.Errorf +var _ = math.Inf + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the proto package it is being compiled against. +// A compilation error at this line likely means your copy of the +// proto package needs to be updated. +const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package + +// A generic empty message that you can re-use to avoid defining duplicated +// empty messages in your APIs. A typical example is to use it as the request +// or the response type of an API method. For instance: +// +// service Foo { +// rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); +// } +// +// The JSON representation for `Empty` is empty JSON object `{}`. +type Empty struct { +} + +func (m *Empty) Reset() { *m = Empty{} } +func (m *Empty) String() string { return proto.CompactTextString(m) } +func (*Empty) ProtoMessage() {} +func (*Empty) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{0} } +func (*Empty) XXX_WellKnownType() string { return "Empty" } + +func init() { + proto.RegisterType((*Empty)(nil), "google.protobuf.Empty") +} + +func init() { proto.RegisterFile("google/protobuf/empty.proto", fileDescriptor0) } + +var fileDescriptor0 = []byte{ + // 148 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x92, 0x4e, 0xcf, 0xcf, 0x4f, + 0xcf, 0x49, 0xd5, 0x2f, 0x28, 0xca, 0x2f, 0xc9, 0x4f, 0x2a, 0x4d, 0xd3, 0x4f, 0xcd, 0x2d, 0x28, + 0xa9, 0xd4, 0x03, 0x73, 0x85, 0xf8, 0x21, 0x92, 0x7a, 0x30, 0x49, 0x25, 0x76, 0x2e, 0x56, 0x57, + 0x90, 0xbc, 0x53, 0x19, 0x97, 0x70, 0x72, 0x7e, 0xae, 0x1e, 0x9a, 0xbc, 0x13, 0x17, 0x58, 0x36, + 0x00, 0xc4, 0x0d, 0x60, 0x8c, 0x52, 0x4f, 0xcf, 0x2c, 0xc9, 0x28, 0x4d, 0xd2, 0x4b, 0xce, 0xcf, + 0xd5, 0x4f, 0xcf, 0xcf, 0x49, 0xcc, 0x4b, 0x47, 0x58, 0x53, 0x50, 0x52, 0x59, 0x90, 0x5a, 0x0c, + 0xb1, 0xed, 0x07, 0x23, 0xe3, 0x22, 0x26, 0x66, 0xf7, 0x00, 0xa7, 0x55, 0x4c, 0x72, 0xee, 0x10, + 0x13, 0x03, 0xa0, 0xea, 0xf4, 0xc2, 0x53, 0x73, 0x72, 0xbc, 0xf3, 0xf2, 0xcb, 0xf3, 0x42, 0x40, + 0xea, 0x93, 0xd8, 0xc0, 0x06, 0x18, 0x03, 0x02, 0x00, 0x00, 0xff, 0xff, 0x64, 0xd4, 0xb3, 0xa6, + 0xb7, 0x00, 0x00, 0x00, +} diff --git a/vendor/github.com/golang/protobuf/ptypes/empty/empty.proto b/vendor/github.com/golang/protobuf/ptypes/empty/empty.proto new file mode 100644 index 000000000000..03cacd233088 --- /dev/null +++ b/vendor/github.com/golang/protobuf/ptypes/empty/empty.proto @@ -0,0 +1,52 @@ +// Protocol Buffers - Google's data interchange format +// Copyright 2008 Google Inc. All rights reserved. +// https://developers.google.com/protocol-buffers/ +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are +// met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following disclaimer +// in the documentation and/or other materials provided with the +// distribution. +// * Neither the name of Google Inc. nor the names of its +// contributors may be used to endorse or promote products derived from +// this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +syntax = "proto3"; + +package google.protobuf; + +option csharp_namespace = "Google.Protobuf.WellKnownTypes"; +option go_package = "github.com/golang/protobuf/ptypes/empty"; +option java_package = "com.google.protobuf"; +option java_outer_classname = "EmptyProto"; +option java_multiple_files = true; +option objc_class_prefix = "GPB"; +option cc_enable_arenas = true; + +// A generic empty message that you can re-use to avoid defining duplicated +// empty messages in your APIs. A typical example is to use it as the request +// or the response type of an API method. For instance: +// +// service Foo { +// rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); +// } +// +// The JSON representation for `Empty` is empty JSON object `{}`. +message Empty {} diff --git a/vendor/github.com/golang/protobuf/ptypes/struct/struct.pb.go b/vendor/github.com/golang/protobuf/ptypes/struct/struct.pb.go new file mode 100644 index 000000000000..4cfe60818798 --- /dev/null +++ b/vendor/github.com/golang/protobuf/ptypes/struct/struct.pb.go @@ -0,0 +1,380 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// source: google/protobuf/struct.proto + +/* +Package structpb is a generated protocol buffer package. + +It is generated from these files: + google/protobuf/struct.proto + +It has these top-level messages: + Struct + Value + ListValue +*/ +package structpb + +import proto "github.com/golang/protobuf/proto" +import fmt "fmt" +import math "math" + +// Reference imports to suppress errors if they are not otherwise used. +var _ = proto.Marshal +var _ = fmt.Errorf +var _ = math.Inf + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the proto package it is being compiled against. +// A compilation error at this line likely means your copy of the +// proto package needs to be updated. +const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package + +// `NullValue` is a singleton enumeration to represent the null value for the +// `Value` type union. +// +// The JSON representation for `NullValue` is JSON `null`. +type NullValue int32 + +const ( + // Null value. + NullValue_NULL_VALUE NullValue = 0 +) + +var NullValue_name = map[int32]string{ + 0: "NULL_VALUE", +} +var NullValue_value = map[string]int32{ + "NULL_VALUE": 0, +} + +func (x NullValue) String() string { + return proto.EnumName(NullValue_name, int32(x)) +} +func (NullValue) EnumDescriptor() ([]byte, []int) { return fileDescriptor0, []int{0} } +func (NullValue) XXX_WellKnownType() string { return "NullValue" } + +// `Struct` represents a structured data value, consisting of fields +// which map to dynamically typed values. In some languages, `Struct` +// might be supported by a native representation. For example, in +// scripting languages like JS a struct is represented as an +// object. The details of that representation are described together +// with the proto support for the language. +// +// The JSON representation for `Struct` is JSON object. +type Struct struct { + // Unordered map of dynamically typed values. + Fields map[string]*Value `protobuf:"bytes,1,rep,name=fields" json:"fields,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"` +} + +func (m *Struct) Reset() { *m = Struct{} } +func (m *Struct) String() string { return proto.CompactTextString(m) } +func (*Struct) ProtoMessage() {} +func (*Struct) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{0} } +func (*Struct) XXX_WellKnownType() string { return "Struct" } + +func (m *Struct) GetFields() map[string]*Value { + if m != nil { + return m.Fields + } + return nil +} + +// `Value` represents a dynamically typed value which can be either +// null, a number, a string, a boolean, a recursive struct value, or a +// list of values. A producer of value is expected to set one of that +// variants, absence of any variant indicates an error. +// +// The JSON representation for `Value` is JSON value. +type Value struct { + // The kind of value. + // + // Types that are valid to be assigned to Kind: + // *Value_NullValue + // *Value_NumberValue + // *Value_StringValue + // *Value_BoolValue + // *Value_StructValue + // *Value_ListValue + Kind isValue_Kind `protobuf_oneof:"kind"` +} + +func (m *Value) Reset() { *m = Value{} } +func (m *Value) String() string { return proto.CompactTextString(m) } +func (*Value) ProtoMessage() {} +func (*Value) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{1} } +func (*Value) XXX_WellKnownType() string { return "Value" } + +type isValue_Kind interface { + isValue_Kind() +} + +type Value_NullValue struct { + NullValue NullValue `protobuf:"varint,1,opt,name=null_value,json=nullValue,enum=google.protobuf.NullValue,oneof"` +} +type Value_NumberValue struct { + NumberValue float64 `protobuf:"fixed64,2,opt,name=number_value,json=numberValue,oneof"` +} +type Value_StringValue struct { + StringValue string `protobuf:"bytes,3,opt,name=string_value,json=stringValue,oneof"` +} +type Value_BoolValue struct { + BoolValue bool `protobuf:"varint,4,opt,name=bool_value,json=boolValue,oneof"` +} +type Value_StructValue struct { + StructValue *Struct `protobuf:"bytes,5,opt,name=struct_value,json=structValue,oneof"` +} +type Value_ListValue struct { + ListValue *ListValue `protobuf:"bytes,6,opt,name=list_value,json=listValue,oneof"` +} + +func (*Value_NullValue) isValue_Kind() {} +func (*Value_NumberValue) isValue_Kind() {} +func (*Value_StringValue) isValue_Kind() {} +func (*Value_BoolValue) isValue_Kind() {} +func (*Value_StructValue) isValue_Kind() {} +func (*Value_ListValue) isValue_Kind() {} + +func (m *Value) GetKind() isValue_Kind { + if m != nil { + return m.Kind + } + return nil +} + +func (m *Value) GetNullValue() NullValue { + if x, ok := m.GetKind().(*Value_NullValue); ok { + return x.NullValue + } + return NullValue_NULL_VALUE +} + +func (m *Value) GetNumberValue() float64 { + if x, ok := m.GetKind().(*Value_NumberValue); ok { + return x.NumberValue + } + return 0 +} + +func (m *Value) GetStringValue() string { + if x, ok := m.GetKind().(*Value_StringValue); ok { + return x.StringValue + } + return "" +} + +func (m *Value) GetBoolValue() bool { + if x, ok := m.GetKind().(*Value_BoolValue); ok { + return x.BoolValue + } + return false +} + +func (m *Value) GetStructValue() *Struct { + if x, ok := m.GetKind().(*Value_StructValue); ok { + return x.StructValue + } + return nil +} + +func (m *Value) GetListValue() *ListValue { + if x, ok := m.GetKind().(*Value_ListValue); ok { + return x.ListValue + } + return nil +} + +// XXX_OneofFuncs is for the internal use of the proto package. +func (*Value) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{}) { + return _Value_OneofMarshaler, _Value_OneofUnmarshaler, _Value_OneofSizer, []interface{}{ + (*Value_NullValue)(nil), + (*Value_NumberValue)(nil), + (*Value_StringValue)(nil), + (*Value_BoolValue)(nil), + (*Value_StructValue)(nil), + (*Value_ListValue)(nil), + } +} + +func _Value_OneofMarshaler(msg proto.Message, b *proto.Buffer) error { + m := msg.(*Value) + // kind + switch x := m.Kind.(type) { + case *Value_NullValue: + b.EncodeVarint(1<<3 | proto.WireVarint) + b.EncodeVarint(uint64(x.NullValue)) + case *Value_NumberValue: + b.EncodeVarint(2<<3 | proto.WireFixed64) + b.EncodeFixed64(math.Float64bits(x.NumberValue)) + case *Value_StringValue: + b.EncodeVarint(3<<3 | proto.WireBytes) + b.EncodeStringBytes(x.StringValue) + case *Value_BoolValue: + t := uint64(0) + if x.BoolValue { + t = 1 + } + b.EncodeVarint(4<<3 | proto.WireVarint) + b.EncodeVarint(t) + case *Value_StructValue: + b.EncodeVarint(5<<3 | proto.WireBytes) + if err := b.EncodeMessage(x.StructValue); err != nil { + return err + } + case *Value_ListValue: + b.EncodeVarint(6<<3 | proto.WireBytes) + if err := b.EncodeMessage(x.ListValue); err != nil { + return err + } + case nil: + default: + return fmt.Errorf("Value.Kind has unexpected type %T", x) + } + return nil +} + +func _Value_OneofUnmarshaler(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error) { + m := msg.(*Value) + switch tag { + case 1: // kind.null_value + if wire != proto.WireVarint { + return true, proto.ErrInternalBadWireType + } + x, err := b.DecodeVarint() + m.Kind = &Value_NullValue{NullValue(x)} + return true, err + case 2: // kind.number_value + if wire != proto.WireFixed64 { + return true, proto.ErrInternalBadWireType + } + x, err := b.DecodeFixed64() + m.Kind = &Value_NumberValue{math.Float64frombits(x)} + return true, err + case 3: // kind.string_value + if wire != proto.WireBytes { + return true, proto.ErrInternalBadWireType + } + x, err := b.DecodeStringBytes() + m.Kind = &Value_StringValue{x} + return true, err + case 4: // kind.bool_value + if wire != proto.WireVarint { + return true, proto.ErrInternalBadWireType + } + x, err := b.DecodeVarint() + m.Kind = &Value_BoolValue{x != 0} + return true, err + case 5: // kind.struct_value + if wire != proto.WireBytes { + return true, proto.ErrInternalBadWireType + } + msg := new(Struct) + err := b.DecodeMessage(msg) + m.Kind = &Value_StructValue{msg} + return true, err + case 6: // kind.list_value + if wire != proto.WireBytes { + return true, proto.ErrInternalBadWireType + } + msg := new(ListValue) + err := b.DecodeMessage(msg) + m.Kind = &Value_ListValue{msg} + return true, err + default: + return false, nil + } +} + +func _Value_OneofSizer(msg proto.Message) (n int) { + m := msg.(*Value) + // kind + switch x := m.Kind.(type) { + case *Value_NullValue: + n += proto.SizeVarint(1<<3 | proto.WireVarint) + n += proto.SizeVarint(uint64(x.NullValue)) + case *Value_NumberValue: + n += proto.SizeVarint(2<<3 | proto.WireFixed64) + n += 8 + case *Value_StringValue: + n += proto.SizeVarint(3<<3 | proto.WireBytes) + n += proto.SizeVarint(uint64(len(x.StringValue))) + n += len(x.StringValue) + case *Value_BoolValue: + n += proto.SizeVarint(4<<3 | proto.WireVarint) + n += 1 + case *Value_StructValue: + s := proto.Size(x.StructValue) + n += proto.SizeVarint(5<<3 | proto.WireBytes) + n += proto.SizeVarint(uint64(s)) + n += s + case *Value_ListValue: + s := proto.Size(x.ListValue) + n += proto.SizeVarint(6<<3 | proto.WireBytes) + n += proto.SizeVarint(uint64(s)) + n += s + case nil: + default: + panic(fmt.Sprintf("proto: unexpected type %T in oneof", x)) + } + return n +} + +// `ListValue` is a wrapper around a repeated field of values. +// +// The JSON representation for `ListValue` is JSON array. +type ListValue struct { + // Repeated field of dynamically typed values. + Values []*Value `protobuf:"bytes,1,rep,name=values" json:"values,omitempty"` +} + +func (m *ListValue) Reset() { *m = ListValue{} } +func (m *ListValue) String() string { return proto.CompactTextString(m) } +func (*ListValue) ProtoMessage() {} +func (*ListValue) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{2} } +func (*ListValue) XXX_WellKnownType() string { return "ListValue" } + +func (m *ListValue) GetValues() []*Value { + if m != nil { + return m.Values + } + return nil +} + +func init() { + proto.RegisterType((*Struct)(nil), "google.protobuf.Struct") + proto.RegisterType((*Value)(nil), "google.protobuf.Value") + proto.RegisterType((*ListValue)(nil), "google.protobuf.ListValue") + proto.RegisterEnum("google.protobuf.NullValue", NullValue_name, NullValue_value) +} + +func init() { proto.RegisterFile("google/protobuf/struct.proto", fileDescriptor0) } + +var fileDescriptor0 = []byte{ + // 417 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x74, 0x92, 0x41, 0x8b, 0xd3, 0x40, + 0x14, 0xc7, 0x3b, 0xc9, 0x36, 0x98, 0x17, 0x59, 0x97, 0x11, 0xb4, 0xac, 0xa2, 0xa1, 0x7b, 0x09, + 0x22, 0x29, 0xd6, 0x8b, 0x18, 0x2f, 0x06, 0xd6, 0x5d, 0x30, 0x2c, 0x31, 0xba, 0x15, 0xbc, 0x94, + 0x26, 0x4d, 0x63, 0xe8, 0x74, 0x26, 0x24, 0x33, 0x4a, 0x8f, 0x7e, 0x0b, 0xcf, 0x1e, 0x3d, 0xfa, + 0xe9, 0x3c, 0xca, 0xcc, 0x24, 0xa9, 0xb4, 0xf4, 0x94, 0xbc, 0xf7, 0x7e, 0xef, 0x3f, 0xef, 0xff, + 0x66, 0xe0, 0x71, 0xc1, 0x58, 0x41, 0xf2, 0x49, 0x55, 0x33, 0xce, 0x52, 0xb1, 0x9a, 0x34, 0xbc, + 0x16, 0x19, 0xf7, 0x55, 0x8c, 0xef, 0xe9, 0xaa, 0xdf, 0x55, 0xc7, 0x3f, 0x11, 0x58, 0x1f, 0x15, + 0x81, 0x03, 0xb0, 0x56, 0x65, 0x4e, 0x96, 0xcd, 0x08, 0xb9, 0xa6, 0xe7, 0x4c, 0x2f, 0xfc, 0x3d, + 0xd8, 0xd7, 0xa0, 0xff, 0x4e, 0x51, 0x97, 0x94, 0xd7, 0xdb, 0xa4, 0x6d, 0x39, 0xff, 0x00, 0xce, + 0x7f, 0x69, 0x7c, 0x06, 0xe6, 0x3a, 0xdf, 0x8e, 0x90, 0x8b, 0x3c, 0x3b, 0x91, 0xbf, 0xf8, 0x39, + 0x0c, 0xbf, 0x2d, 0x88, 0xc8, 0x47, 0x86, 0x8b, 0x3c, 0x67, 0xfa, 0xe0, 0x40, 0x7c, 0x26, 0xab, + 0x89, 0x86, 0x5e, 0x1b, 0xaf, 0xd0, 0xf8, 0x8f, 0x01, 0x43, 0x95, 0xc4, 0x01, 0x00, 0x15, 0x84, + 0xcc, 0xb5, 0x80, 0x14, 0x3d, 0x9d, 0x9e, 0x1f, 0x08, 0xdc, 0x08, 0x42, 0x14, 0x7f, 0x3d, 0x48, + 0x6c, 0xda, 0x05, 0xf8, 0x02, 0xee, 0x52, 0xb1, 0x49, 0xf3, 0x7a, 0xbe, 0x3b, 0x1f, 0x5d, 0x0f, + 0x12, 0x47, 0x67, 0x7b, 0xa8, 0xe1, 0x75, 0x49, 0x8b, 0x16, 0x32, 0xe5, 0xe0, 0x12, 0xd2, 0x59, + 0x0d, 0x3d, 0x05, 0x48, 0x19, 0xeb, 0xc6, 0x38, 0x71, 0x91, 0x77, 0x47, 0x1e, 0x25, 0x73, 0x1a, + 0x78, 0xa3, 0x54, 0x44, 0xc6, 0x5b, 0x64, 0xa8, 0xac, 0x3e, 0x3c, 0xb2, 0xc7, 0x56, 0x5e, 0x64, + 0xbc, 0x77, 0x49, 0xca, 0xa6, 0xeb, 0xb5, 0x54, 0xef, 0xa1, 0xcb, 0xa8, 0x6c, 0x78, 0xef, 0x92, + 0x74, 0x41, 0x68, 0xc1, 0xc9, 0xba, 0xa4, 0xcb, 0x71, 0x00, 0x76, 0x4f, 0x60, 0x1f, 0x2c, 0x25, + 0xd6, 0xdd, 0xe8, 0xb1, 0xa5, 0xb7, 0xd4, 0xb3, 0x47, 0x60, 0xf7, 0x4b, 0xc4, 0xa7, 0x00, 0x37, + 0xb7, 0x51, 0x34, 0x9f, 0xbd, 0x8d, 0x6e, 0x2f, 0xcf, 0x06, 0xe1, 0x0f, 0x04, 0xf7, 0x33, 0xb6, + 0xd9, 0x97, 0x08, 0x1d, 0xed, 0x26, 0x96, 0x71, 0x8c, 0xbe, 0xbc, 0x28, 0x4a, 0xfe, 0x55, 0xa4, + 0x7e, 0xc6, 0x36, 0x93, 0x82, 0x91, 0x05, 0x2d, 0x76, 0x4f, 0xb1, 0xe2, 0xdb, 0x2a, 0x6f, 0xda, + 0x17, 0x19, 0xe8, 0x4f, 0x95, 0xfe, 0x45, 0xe8, 0x97, 0x61, 0x5e, 0xc5, 0xe1, 0x6f, 0xe3, 0xc9, + 0x95, 0x16, 0x8f, 0xbb, 0xf9, 0x3e, 0xe7, 0x84, 0xbc, 0xa7, 0xec, 0x3b, 0xfd, 0x24, 0x3b, 0x53, + 0x4b, 0x49, 0xbd, 0xfc, 0x17, 0x00, 0x00, 0xff, 0xff, 0xe8, 0x1b, 0x59, 0xf8, 0xe5, 0x02, 0x00, + 0x00, +} diff --git a/vendor/github.com/golang/protobuf/ptypes/struct/struct.proto b/vendor/github.com/golang/protobuf/ptypes/struct/struct.proto new file mode 100644 index 000000000000..7d7808e7fbb6 --- /dev/null +++ b/vendor/github.com/golang/protobuf/ptypes/struct/struct.proto @@ -0,0 +1,96 @@ +// Protocol Buffers - Google's data interchange format +// Copyright 2008 Google Inc. All rights reserved. +// https://developers.google.com/protocol-buffers/ +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are +// met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following disclaimer +// in the documentation and/or other materials provided with the +// distribution. +// * Neither the name of Google Inc. nor the names of its +// contributors may be used to endorse or promote products derived from +// this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +syntax = "proto3"; + +package google.protobuf; + +option csharp_namespace = "Google.Protobuf.WellKnownTypes"; +option cc_enable_arenas = true; +option go_package = "github.com/golang/protobuf/ptypes/struct;structpb"; +option java_package = "com.google.protobuf"; +option java_outer_classname = "StructProto"; +option java_multiple_files = true; +option objc_class_prefix = "GPB"; + + +// `Struct` represents a structured data value, consisting of fields +// which map to dynamically typed values. In some languages, `Struct` +// might be supported by a native representation. For example, in +// scripting languages like JS a struct is represented as an +// object. The details of that representation are described together +// with the proto support for the language. +// +// The JSON representation for `Struct` is JSON object. +message Struct { + // Unordered map of dynamically typed values. + map fields = 1; +} + +// `Value` represents a dynamically typed value which can be either +// null, a number, a string, a boolean, a recursive struct value, or a +// list of values. A producer of value is expected to set one of that +// variants, absence of any variant indicates an error. +// +// The JSON representation for `Value` is JSON value. +message Value { + // The kind of value. + oneof kind { + // Represents a null value. + NullValue null_value = 1; + // Represents a double value. + double number_value = 2; + // Represents a string value. + string string_value = 3; + // Represents a boolean value. + bool bool_value = 4; + // Represents a structured value. + Struct struct_value = 5; + // Represents a repeated `Value`. + ListValue list_value = 6; + } +} + +// `NullValue` is a singleton enumeration to represent the null value for the +// `Value` type union. +// +// The JSON representation for `NullValue` is JSON `null`. +enum NullValue { + // Null value. + NULL_VALUE = 0; +} + +// `ListValue` is a wrapper around a repeated field of values. +// +// The JSON representation for `ListValue` is JSON array. +message ListValue { + // Repeated field of dynamically typed values. + repeated Value values = 1; +} diff --git a/vendor/go.opencensus.io/LICENSE b/vendor/go.opencensus.io/LICENSE new file mode 100644 index 000000000000..7a4a3ea2424c --- /dev/null +++ b/vendor/go.opencensus.io/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. \ No newline at end of file diff --git a/vendor/go.opencensus.io/internal/internal.go b/vendor/go.opencensus.io/internal/internal.go new file mode 100644 index 000000000000..022752eb9b5e --- /dev/null +++ b/vendor/go.opencensus.io/internal/internal.go @@ -0,0 +1,19 @@ +// Copyright 2017, OpenCensus Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package internal + +// UserAgent is the user agent to be added to the outgoing +// requests from the exporters. +const UserAgent = "opencensus-go-v0.1.0" diff --git a/vendor/go.opencensus.io/internal/sanitize.go b/vendor/go.opencensus.io/internal/sanitize.go new file mode 100644 index 000000000000..de8ccf236c4b --- /dev/null +++ b/vendor/go.opencensus.io/internal/sanitize.go @@ -0,0 +1,50 @@ +// Copyright 2017, OpenCensus Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package internal + +import ( + "strings" + "unicode" +) + +const labelKeySizeLimit = 100 + +// Sanitize returns a string that is trunacated to 100 characters if it's too +// long, and replaces non-alphanumeric characters to underscores. +func Sanitize(s string) string { + if len(s) == 0 { + return s + } + if len(s) > labelKeySizeLimit { + s = s[:labelKeySizeLimit] + } + s = strings.Map(sanitizeRune, s) + if unicode.IsDigit(rune(s[0])) { + s = "key_" + s + } + if s[0] == '_' { + s = "key" + s + } + return s +} + +// converts anything that is not a letter or digit to an underscore +func sanitizeRune(r rune) rune { + if unicode.IsLetter(r) || unicode.IsDigit(r) { + return r + } + // Everything else turns into an underscore + return '_' +} diff --git a/vendor/go.opencensus.io/internal/tagencoding/tagencoding.go b/vendor/go.opencensus.io/internal/tagencoding/tagencoding.go new file mode 100644 index 000000000000..d9f23abee2c4 --- /dev/null +++ b/vendor/go.opencensus.io/internal/tagencoding/tagencoding.go @@ -0,0 +1,72 @@ +// Copyright 2017, OpenCensus Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +// Package tagencoding contains the tag encoding +// used interally by the stats collector. +package tagencoding + +type Values struct { + Buffer []byte + WriteIndex int + ReadIndex int +} + +func (vb *Values) growIfRequired(expected int) { + if len(vb.Buffer)-vb.WriteIndex < expected { + tmp := make([]byte, 2*(len(vb.Buffer)+1)+expected) + copy(tmp, vb.Buffer) + vb.Buffer = tmp + } +} + +func (vb *Values) WriteValue(v []byte) { + length := len(v) & 0xff + vb.growIfRequired(1 + length) + + // writing length of v + vb.Buffer[vb.WriteIndex] = byte(length) + vb.WriteIndex++ + + if length == 0 { + // No value was encoded for this key + return + } + + // writing v + copy(vb.Buffer[vb.WriteIndex:], v[:length]) + vb.WriteIndex += length +} + +// ReadValue is the helper method to read the values when decoding valuesBytes to a map[Key][]byte. +func (vb *Values) ReadValue() []byte { + // read length of v + length := int(vb.Buffer[vb.ReadIndex]) + vb.ReadIndex++ + if length == 0 { + // No value was encoded for this key + return nil + } + + // read value of v + v := make([]byte, length) + endIdx := vb.ReadIndex + length + copy(v, vb.Buffer[vb.ReadIndex:endIdx]) + vb.ReadIndex = endIdx + return v +} + +func (vb *Values) Bytes() []byte { + return vb.Buffer[:vb.WriteIndex] +} diff --git a/vendor/go.opencensus.io/internal/traceinternals.go b/vendor/go.opencensus.io/internal/traceinternals.go new file mode 100644 index 000000000000..440ec7465429 --- /dev/null +++ b/vendor/go.opencensus.io/internal/traceinternals.go @@ -0,0 +1,48 @@ +// Copyright 2017, OpenCensus Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package internal + +import "time" + +// Trace allows internal access to some trace functionality. +// TODO(#412): remove this +var Trace interface{} + +// BucketConfiguration stores the number of samples to store for span buckets +// for successful and failed spans for a particular span name. +type BucketConfiguration struct { + Name string + MaxRequestsSucceeded int + MaxRequestsErrors int +} + +// PerMethodSummary is a summary of the spans stored for a single span name. +type PerMethodSummary struct { + Active int + LatencyBuckets []LatencyBucketSummary + ErrorBuckets []ErrorBucketSummary +} + +// LatencyBucketSummary is a summary of a latency bucket. +type LatencyBucketSummary struct { + MinLatency, MaxLatency time.Duration + Size int +} + +// ErrorBucketSummary is a summary of an error bucket. +type ErrorBucketSummary struct { + ErrorCode int32 + Size int +} diff --git a/vendor/go.opencensus.io/plugin/grpc/grpc.go b/vendor/go.opencensus.io/plugin/grpc/grpc.go new file mode 100644 index 000000000000..eccadcbef3ad --- /dev/null +++ b/vendor/go.opencensus.io/plugin/grpc/grpc.go @@ -0,0 +1,74 @@ +// Copyright 2017, OpenCensus Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Package grpc contains OpenCensus stats and trace +// integrations with gRPC. +package grpc + +import ( + "golang.org/x/net/context" + + "go.opencensus.io/plugin/grpc/grpcstats" + "go.opencensus.io/plugin/grpc/grpctrace" + + "google.golang.org/grpc/stats" +) + +// NewClientStatsHandler enables OpenCensus stats and trace +// for gRPC clients. If these features need to be indiviually turned +// on, see grpcstats and grpctrace packages. +func NewClientStatsHandler() stats.Handler { + return handler{ + grpcstats.NewClientStatsHandler(), + grpctrace.NewClientStatsHandler(), + } +} + +// NewServerStatsHandler enables OpenCensus stats and trace +// for gRPC servers. If these features need to be indiviually turned +// on, see grpcstats and grpctrace packages. +func NewServerStatsHandler() stats.Handler { + return handler{ + grpcstats.NewServerStatsHandler(), + grpctrace.NewServerStatsHandler(), + } +} + +type handler []stats.Handler + +func (h handler) HandleConn(ctx context.Context, cs stats.ConnStats) { + for _, hh := range h { + hh.HandleConn(ctx, cs) + } +} + +func (h handler) HandleRPC(ctx context.Context, rs stats.RPCStats) { + for _, hh := range h { + hh.HandleRPC(ctx, rs) + } +} + +func (h handler) TagConn(ctx context.Context, cti *stats.ConnTagInfo) context.Context { + for _, hh := range h { + ctx = hh.TagConn(ctx, cti) + } + return ctx +} + +func (h handler) TagRPC(ctx context.Context, rti *stats.RPCTagInfo) context.Context { + for _, hh := range h { + ctx = hh.TagRPC(ctx, rti) + } + return ctx +} diff --git a/vendor/go.opencensus.io/plugin/grpc/grpcstats/client_handler.go b/vendor/go.opencensus.io/plugin/grpc/grpcstats/client_handler.go new file mode 100644 index 000000000000..ed02a4e4d928 --- /dev/null +++ b/vendor/go.opencensus.io/plugin/grpc/grpcstats/client_handler.go @@ -0,0 +1,157 @@ +// Copyright 2017, OpenCensus Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +package grpcstats + +import ( + "sync/atomic" + "time" + + ocstats "go.opencensus.io/stats" + "go.opencensus.io/tag" + "golang.org/x/net/context" + "google.golang.org/grpc/grpclog" + "google.golang.org/grpc/stats" + "google.golang.org/grpc/status" +) + +// ClientStatsHandler is a stats.Handler implementation +// that collects stats for a gRPC client. Predefined +// measures and views can be used to access the collected data. +type ClientStatsHandler struct{} + +var _ stats.Handler = &ClientStatsHandler{} + +// NewClientStatsHandler returns a stats.Handler implementation +// that collects stats for a gRPC client. Predefined +// measures and views can be used to access the collected data. +func NewClientStatsHandler() *ClientStatsHandler { + return &ClientStatsHandler{} +} + +// TODO(jbd): Remove NewClientStatsHandler and NewServerStatsHandler +// given they are not doing anything than returning a zero value pointer. + +// TagConn adds connection related data to the given context and returns the +// new context. +func (h *ClientStatsHandler) TagConn(ctx context.Context, info *stats.ConnTagInfo) context.Context { + // Do nothing. This is here to satisfy the interface "google.golang.org/grpc/stats.Handler" + return ctx +} + +// HandleConn processes the connection events. +func (h *ClientStatsHandler) HandleConn(ctx context.Context, s stats.ConnStats) { + // Do nothing. This is here to satisfy the interface "google.golang.org/grpc/stats.Handler" +} + +// TagRPC gets the tag.Map populated by the application code, serializes +// its tags into the GRPC metadata in order to be sent to the server. +func (h *ClientStatsHandler) TagRPC(ctx context.Context, info *stats.RPCTagInfo) context.Context { + startTime := time.Now() + if info == nil { + if grpclog.V(2) { + grpclog.Infof("clientHandler.TagRPC called with nil info.", info.FullMethodName) + } + return ctx + } + + d := &rpcData{startTime: startTime} + ts := tag.FromContext(ctx) + encoded := tag.Encode(ts) + ctx = stats.SetTags(ctx, encoded) + ctx, _ = tag.New(ctx, + tag.Upsert(KeyMethod, methodName(info.FullMethodName)), + ) + // TODO(acetechnologist): should we be recording this later? What is the + // point of updating d.reqLen & d.reqCount if we update now? + ocstats.Record(ctx, RPCClientStartedCount.M(1)) + + return context.WithValue(ctx, grpcClientRPCKey, d) +} + +// HandleRPC processes the RPC events. +func (h *ClientStatsHandler) HandleRPC(ctx context.Context, s stats.RPCStats) { + switch st := s.(type) { + case *stats.Begin, *stats.OutHeader, *stats.InHeader, *stats.InTrailer, *stats.OutTrailer: + // do nothing for client + case *stats.OutPayload: + h.handleRPCOutPayload(ctx, st) + case *stats.InPayload: + h.handleRPCInPayload(ctx, st) + case *stats.End: + h.handleRPCEnd(ctx, st) + default: + grpclog.Infof("unexpected stats: %T", st) + } +} + +func (h *ClientStatsHandler) handleRPCOutPayload(ctx context.Context, s *stats.OutPayload) { + d, ok := ctx.Value(grpcClientRPCKey).(*rpcData) + if !ok { + if grpclog.V(2) { + grpclog.Infoln("clientHandler.handleRPCOutPayload failed to retrieve *rpcData from context") + } + return + } + + ocstats.Record(ctx, RPCClientRequestBytes.M(int64(s.Length))) + atomic.AddInt64(&d.reqCount, 1) +} + +func (h *ClientStatsHandler) handleRPCInPayload(ctx context.Context, s *stats.InPayload) { + d, ok := ctx.Value(grpcClientRPCKey).(*rpcData) + if !ok { + if grpclog.V(2) { + grpclog.Infoln("clientHandler.handleRPCInPayload failed to retrieve *rpcData from context") + } + return + } + + ocstats.Record(ctx, RPCClientResponseBytes.M(int64(s.Length))) + atomic.AddInt64(&d.respCount, 1) +} + +func (h *ClientStatsHandler) handleRPCEnd(ctx context.Context, s *stats.End) { + d, ok := ctx.Value(grpcClientRPCKey).(*rpcData) + if !ok { + if grpclog.V(2) { + grpclog.Infoln("clientHandler.handleRPCEnd failed to retrieve *rpcData from context") + } + return + } + + elapsedTime := time.Since(d.startTime) + reqCount := atomic.LoadInt64(&d.reqCount) + respCount := atomic.LoadInt64(&d.respCount) + + m := []ocstats.Measurement{ + RPCClientRequestCount.M(reqCount), + RPCClientResponseCount.M(respCount), + RPCClientFinishedCount.M(1), + RPCClientRoundTripLatency.M(float64(elapsedTime) / float64(time.Millisecond)), + } + + if s.Error != nil { + s, ok := status.FromError(s.Error) + if ok { + ctx, _ = tag.New(ctx, + tag.Upsert(KeyStatus, s.Code().String()), + ) + } + m = append(m, RPCClientErrorCount.M(1)) + } + + ocstats.Record(ctx, m...) +} diff --git a/vendor/go.opencensus.io/plugin/grpc/grpcstats/client_metrics.go b/vendor/go.opencensus.io/plugin/grpc/grpcstats/client_metrics.go new file mode 100644 index 000000000000..8d858e1c4dae --- /dev/null +++ b/vendor/go.opencensus.io/plugin/grpc/grpcstats/client_metrics.go @@ -0,0 +1,138 @@ +// Copyright 2017, OpenCensus Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +package grpcstats + +import ( + "log" + + "go.opencensus.io/stats" + "go.opencensus.io/stats/view" + "go.opencensus.io/tag" +) + +// The following variables are measures and views made available for gRPC clients. +// Client connection needs to use a ClientStatsHandler in order to enable collection. +var ( + // Available client measures + RPCClientErrorCount *stats.Int64Measure + RPCClientRoundTripLatency *stats.Float64Measure + RPCClientRequestBytes *stats.Int64Measure + RPCClientResponseBytes *stats.Int64Measure + RPCClientStartedCount *stats.Int64Measure + RPCClientFinishedCount *stats.Int64Measure + RPCClientRequestCount *stats.Int64Measure + RPCClientResponseCount *stats.Int64Measure + + // Predefined client views + RPCClientErrorCountView *view.View + RPCClientRoundTripLatencyView *view.View + RPCClientRequestBytesView *view.View + RPCClientResponseBytesView *view.View + RPCClientRequestCountView *view.View + RPCClientResponseCountView *view.View +) + +// TODO(acetechnologist): This is temporary and will need to be replaced by a +// mechanism to load these defaults from a common repository/config shared by +// all supported languages. Likely a serialized protobuf of these defaults. + +func defaultClientMeasures() { + var err error + + // Creating client measures + if RPCClientErrorCount, err = stats.Int64("grpc.io/client/error_count", "RPC Errors", unitCount); err != nil { + log.Fatalf("Cannot create measure grpc.io/client/error_count: %v", err) + } + if RPCClientRoundTripLatency, err = stats.Float64("grpc.io/client/roundtrip_latency", "RPC roundtrip latency in msecs", unitMillisecond); err != nil { + log.Fatalf("Cannot create measure grpc.io/client/roundtrip_latency: %v", err) + } + if RPCClientRequestBytes, err = stats.Int64("grpc.io/client/request_bytes", "Request bytes", unitByte); err != nil { + log.Fatalf("Cannot create measure grpc.io/client/request_bytes: %v", err) + } + if RPCClientResponseBytes, err = stats.Int64("grpc.io/client/response_bytes", "Response bytes", unitByte); err != nil { + log.Fatalf("Cannot create measure grpc.io/client/response_bytes: %v", err) + } + if RPCClientStartedCount, err = stats.Int64("grpc.io/client/started_count", "Number of client RPCs (streams) started", unitCount); err != nil { + log.Fatalf("Cannot create measure grpc.io/client/started_count: %v", err) + } + if RPCClientFinishedCount, err = stats.Int64("grpc.io/client/finished_count", "Number of client RPCs (streams) finished", unitCount); err != nil { + log.Fatalf("Cannot create measure grpc.io/client/finished_count: %v", err) + } + if RPCClientRequestCount, err = stats.Int64("grpc.io/client/request_count", "Number of client RPC request messages", unitCount); err != nil { + log.Fatalf("Cannot create measure grpc.io/client/request_count: %v", err) + } + if RPCClientResponseCount, err = stats.Int64("grpc.io/client/response_count", "Number of client RPC response messages", unitCount); err != nil { + log.Fatalf("Cannot create measure grpc.io/client/response_count: %v", err) + } +} + +func defaultClientViews() { + RPCClientErrorCountView, _ = view.New( + "grpc.io/client/error_count/cumulative", + "RPC Errors", + []tag.Key{KeyStatus, KeyMethod}, + RPCClientErrorCount, + aggMean) + RPCClientRoundTripLatencyView, _ = view.New( + "grpc.io/client/roundtrip_latency/cumulative", + "Latency in msecs", + []tag.Key{KeyMethod}, + RPCClientRoundTripLatency, + aggDistMillis) + RPCClientRequestBytesView, _ = view.New( + "grpc.io/client/request_bytes/cumulative", + "Request bytes", + []tag.Key{KeyMethod}, + RPCClientRequestBytes, + aggDistBytes) + RPCClientResponseBytesView, _ = view.New( + "grpc.io/client/response_bytes/cumulative", + "Response bytes", + []tag.Key{KeyMethod}, + RPCClientResponseBytes, + aggDistBytes) + RPCClientRequestCountView, _ = view.New( + "grpc.io/client/request_count/cumulative", + "Count of request messages per client RPC", + []tag.Key{KeyMethod}, + RPCClientRequestCount, + aggDistCounts) + RPCClientResponseCountView, _ = view.New( + "grpc.io/client/response_count/cumulative", + "Count of response messages per client RPC", + []tag.Key{KeyMethod}, + RPCClientResponseCount, + aggDistCounts) + + clientViews = append(clientViews, + RPCClientErrorCountView, + RPCClientRoundTripLatencyView, + RPCClientRequestBytesView, + RPCClientResponseBytesView, + RPCClientRequestCountView, + RPCClientResponseCountView, + ) + // TODO(jbd): Add roundtrip_latency, uncompressed_request_bytes, uncompressed_response_bytes, request_count, response_count. +} + +// initClient registers the default metrics (measures and views) +// for a GRPC client. +func initClient() { + defaultClientMeasures() + defaultClientViews() +} + +var clientViews []*view.View diff --git a/vendor/go.opencensus.io/plugin/grpc/grpcstats/grpcstats.go b/vendor/go.opencensus.io/plugin/grpc/grpcstats/grpcstats.go new file mode 100644 index 000000000000..3d52a04730f1 --- /dev/null +++ b/vendor/go.opencensus.io/plugin/grpc/grpcstats/grpcstats.go @@ -0,0 +1,89 @@ +// Copyright 2017, OpenCensus Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +// Package grpcstats provides OpenCensus stats support for gRPC clients and servers. +package grpcstats // import "go.opencensus.io/plugin/grpc/grpcstats" + +import ( + "log" + "strings" + "time" + + "go.opencensus.io/stats/view" + "go.opencensus.io/tag" +) + +type grpcInstrumentationKey string + +// rpcData holds the instrumentation RPC data that is needed between the start +// and end of an call. It holds the info that this package needs to keep track +// of between the various GRPC events. +type rpcData struct { + // startTime represents the time at which TagRPC was invoked at the + // beginning of an RPC. It is an appoximation of the time when the + // application code invoked GRPC code. + startTime time.Time + reqCount, respCount int64 // access atomically +} + +// The following variables define the default hard-coded auxiliary data used by +// both the default GRPC client and GRPC server metrics. +// These are Go objects instances mirroring the some of the proto definitions +// found at "github.com/google/instrumentation-proto/census.proto". +// A complete description of each can be found there. +// TODO(acetechnologist): This is temporary and will need to be replaced by a +// mechanism to load these defaults from a common repository/config shared by +// all supported languages. Likely a serialized protobuf of these defaults. +var ( + unitByte = "By" + unitCount = "1" + unitMillisecond = "ms" + slidingTimeSubuckets = 6 + + rpcBytesBucketBoundaries = []float64{0, 1024, 2048, 4096, 16384, 65536, 262144, 1048576, 4194304, 16777216, 67108864, 268435456, 1073741824, 4294967296} + rpcMillisBucketBoundaries = []float64{0, 1, 2, 3, 4, 5, 6, 8, 10, 13, 16, 20, 25, 30, 40, 50, 65, 80, 100, 130, 160, 200, 250, 300, 400, 500, 650, 800, 1000, 2000, 5000, 10000, 20000, 50000, 100000} + rpcCountBucketBoundaries = []float64{0, 1, 2, 4, 8, 16, 32, 64, 128, 256, 512, 1024, 2048, 4096, 8192, 16384, 32768, 65536} + + aggCount = view.CountAggregation{} + aggMean = view.MeanAggregation{} + aggDistBytes = view.DistributionAggregation(rpcBytesBucketBoundaries) + aggDistMillis = view.DistributionAggregation(rpcMillisBucketBoundaries) + aggDistCounts = view.DistributionAggregation(rpcCountBucketBoundaries) + + KeyMethod tag.Key + KeyStatus tag.Key +) + +func init() { + var err error + if KeyMethod, err = tag.NewKey("method"); err != nil { + log.Fatalf("Cannot create method key: %v", err) + } + if KeyStatus, err = tag.NewKey("canonical_status"); err != nil { + log.Fatalf("Cannot create canonical_status key: %v", err) + } + initServer() + initClient() +} + +var ( + grpcServerConnKey = grpcInstrumentationKey("server-conn") + grpcServerRPCKey = grpcInstrumentationKey("server-rpc") + grpcClientRPCKey = grpcInstrumentationKey("client-rpc") +) + +func methodName(fullname string) string { + return strings.TrimLeft(fullname, "/") +} diff --git a/vendor/go.opencensus.io/plugin/grpc/grpcstats/server_handler.go b/vendor/go.opencensus.io/plugin/grpc/grpcstats/server_handler.go new file mode 100644 index 000000000000..857328837332 --- /dev/null +++ b/vendor/go.opencensus.io/plugin/grpc/grpcstats/server_handler.go @@ -0,0 +1,164 @@ +// Copyright 2017, OpenCensus Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +package grpcstats + +import ( + "fmt" + "sync/atomic" + "time" + + "golang.org/x/net/context" + + ocstats "go.opencensus.io/stats" + "go.opencensus.io/tag" + "google.golang.org/grpc/grpclog" + "google.golang.org/grpc/stats" + "google.golang.org/grpc/status" +) + +// ServerStatsHandler is a stats.Handler implementation +// that collects stats for a gRPC server. Predefined +// measures and views can be used to access the collected data. +type ServerStatsHandler struct{} + +var _ stats.Handler = &ServerStatsHandler{} + +// NewServerStatsHandler returns a stats.Handler implementation +// that collects stats for a gRPC server. Predefined +// measures and views can be used to access the collected data. +func NewServerStatsHandler() *ServerStatsHandler { + return &ServerStatsHandler{} +} + +// TagConn adds connection related data to the given context and returns the +// new context. +func (h *ServerStatsHandler) TagConn(ctx context.Context, info *stats.ConnTagInfo) context.Context { + // Do nothing. This is here to satisfy the interface "google.golang.org/grpc/stats.Handler" + return ctx +} + +// HandleConn processes the connection events. +func (h *ServerStatsHandler) HandleConn(ctx context.Context, s stats.ConnStats) { + // Do nothing. This is here to satisfy the interface "google.golang.org/grpc/stats.Handler" +} + +// TagRPC gets the metadata from gRPC context, extracts the encoded tags from +// it and creates a new tag.Map and puts them into the returned context. +func (h *ServerStatsHandler) TagRPC(ctx context.Context, info *stats.RPCTagInfo) context.Context { + startTime := time.Now() + if info == nil { + if grpclog.V(2) { + grpclog.Infof("serverHandler.TagRPC called with nil info.", info.FullMethodName) + } + return ctx + } + d := &rpcData{startTime: startTime} + ctx, _ = h.createTags(ctx, info.FullMethodName) + ocstats.Record(ctx, RPCServerStartedCount.M(1)) + return context.WithValue(ctx, grpcServerRPCKey, d) +} + +// HandleRPC processes the RPC events. +func (h *ServerStatsHandler) HandleRPC(ctx context.Context, s stats.RPCStats) { + switch st := s.(type) { + case *stats.Begin, *stats.InHeader, *stats.InTrailer, *stats.OutHeader, *stats.OutTrailer: + // Do nothing for server + case *stats.InPayload: + h.handleRPCInPayload(ctx, st) + case *stats.OutPayload: + // For stream it can be called multiple times per RPC. + h.handleRPCOutPayload(ctx, st) + case *stats.End: + h.handleRPCEnd(ctx, st) + default: + grpclog.Infof("unexpected stats: %T", st) + } +} + +func (h *ServerStatsHandler) handleRPCInPayload(ctx context.Context, s *stats.InPayload) { + d, ok := ctx.Value(grpcServerRPCKey).(*rpcData) + if !ok { + if grpclog.V(2) { + grpclog.Infoln("serverHandler.handleRPCInPayload failed to retrieve *rpcData from context") + } + return + } + + ocstats.Record(ctx, RPCServerRequestBytes.M(int64(s.Length))) + atomic.AddInt64(&d.reqCount, 1) +} + +func (h *ServerStatsHandler) handleRPCOutPayload(ctx context.Context, s *stats.OutPayload) { + d, ok := ctx.Value(grpcServerRPCKey).(*rpcData) + if !ok { + if grpclog.V(2) { + grpclog.Infoln("serverHandler.handleRPCOutPayload failed to retrieve *rpcData from context") + } + return + } + + ocstats.Record(ctx, RPCServerResponseBytes.M(int64(s.Length))) + atomic.AddInt64(&d.respCount, 1) +} + +func (h *ServerStatsHandler) handleRPCEnd(ctx context.Context, s *stats.End) { + d, ok := ctx.Value(grpcServerRPCKey).(*rpcData) + if !ok { + if grpclog.V(2) { + grpclog.Infoln("serverHandler.handleRPCEnd failed to retrieve *rpcData from context") + } + return + } + + elapsedTime := time.Since(d.startTime) + reqCount := atomic.LoadInt64(&d.reqCount) + respCount := atomic.LoadInt64(&d.respCount) + + m := []ocstats.Measurement{ + RPCServerRequestCount.M(reqCount), + RPCServerResponseCount.M(respCount), + RPCServerFinishedCount.M(1), + RPCServerServerElapsedTime.M(float64(elapsedTime) / float64(time.Millisecond)), + } + + if s.Error != nil { + s, ok := status.FromError(s.Error) + if ok { + ctx, _ = tag.New(ctx, + tag.Upsert(KeyStatus, s.Code().String()), + ) + } + m = append(m, RPCServerErrorCount.M(1)) + } + + ocstats.Record(ctx, m...) +} + +// createTags creates a new tag map containing the tags extracted from the +// gRPC metadata. +func (h *ServerStatsHandler) createTags(ctx context.Context, fullinfo string) (context.Context, error) { + mods := []tag.Mutator{ + tag.Upsert(KeyMethod, methodName(fullinfo)), + } + if tagsBin := stats.Tags(ctx); tagsBin != nil { + old, err := tag.Decode([]byte(tagsBin)) + if err != nil { + return nil, fmt.Errorf("serverHandler.createTags failed to decode tagsBin %v: %v", tagsBin, err) + } + return tag.New(tag.NewContext(ctx, old), mods...) + } + return tag.New(ctx, mods...) +} diff --git a/vendor/go.opencensus.io/plugin/grpc/grpcstats/server_metrics.go b/vendor/go.opencensus.io/plugin/grpc/grpcstats/server_metrics.go new file mode 100644 index 000000000000..1e875a75bb33 --- /dev/null +++ b/vendor/go.opencensus.io/plugin/grpc/grpcstats/server_metrics.go @@ -0,0 +1,135 @@ +// Copyright 2017, OpenCensus Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +package grpcstats + +import ( + "log" + + "go.opencensus.io/stats" + "go.opencensus.io/stats/view" + "go.opencensus.io/tag" +) + +// The following variables are measures and views made available for gRPC clients. +// Server needs to use a ServerStatsHandler in order to enable collection. +var ( + // Available server measures + RPCServerErrorCount *stats.Int64Measure + RPCServerServerElapsedTime *stats.Float64Measure + RPCServerRequestBytes *stats.Int64Measure + RPCServerResponseBytes *stats.Int64Measure + RPCServerStartedCount *stats.Int64Measure + RPCServerFinishedCount *stats.Int64Measure + RPCServerRequestCount *stats.Int64Measure + RPCServerResponseCount *stats.Int64Measure + + // Predefined server views + RPCServerErrorCountView *view.View + RPCServerServerElapsedTimeView *view.View + RPCServerRequestBytesView *view.View + RPCServerResponseBytesView *view.View + RPCServerRequestCountView *view.View + RPCServerResponseCountView *view.View +) + +// TODO(acetechnologist): This is temporary and will need to be replaced by a +// mechanism to load these defaults from a common repository/config shared by +// all supported languages. Likely a serialized protobuf of these defaults. + +func defaultServerMeasures() { + var err error + + if RPCServerErrorCount, err = stats.Int64("grpc.io/server/error_count", "RPC Errors", unitCount); err != nil { + log.Fatalf("Cannot create measure grpc.io/server/error_count: %v", err) + } + if RPCServerServerElapsedTime, err = stats.Float64("grpc.io/server/server_elapsed_time", "Server elapsed time in msecs", unitMillisecond); err != nil { + log.Fatalf("Cannot create measure grpc.io/server/server_elapsed_time: %v", err) + } + if RPCServerRequestBytes, err = stats.Int64("grpc.io/server/request_bytes", "Request bytes", unitByte); err != nil { + log.Fatalf("Cannot create measure grpc.io/server/request_bytes: %v", err) + } + if RPCServerResponseBytes, err = stats.Int64("grpc.io/server/response_bytes", "Response bytes", unitByte); err != nil { + log.Fatalf("Cannot create measure grpc.io/server/response_bytes: %v", err) + } + if RPCServerStartedCount, err = stats.Int64("grpc.io/server/started_count", "Number of server RPCs (streams) started", unitCount); err != nil { + log.Fatalf("Cannot create measure grpc.io/server/started_count: %v", err) + } + if RPCServerFinishedCount, err = stats.Int64("grpc.io/server/finished_count", "Number of server RPCs (streams) finished", unitCount); err != nil { + log.Fatalf("Cannot create measure grpc.io/server/finished_count: %v", err) + } + if RPCServerRequestCount, err = stats.Int64("grpc.io/server/request_count", "Number of server RPC request messages", unitCount); err != nil { + log.Fatalf("Cannot create measure grpc.io/server/request_count: %v", err) + } + if RPCServerResponseCount, err = stats.Int64("grpc.io/server/response_count", "Number of server RPC response messages", unitCount); err != nil { + log.Fatalf("Cannot create measure grpc.io/server/response_count: %v", err) + } +} + +func defaultServerViews() { + RPCServerErrorCountView, _ = view.New( + "grpc.io/server/error_count/cumulative", + "RPC Errors", + []tag.Key{KeyMethod, KeyStatus}, + RPCServerErrorCount, + aggCount) + RPCServerServerElapsedTimeView, _ = view.New( + "grpc.io/server/server_elapsed_time/cumulative", + "Server elapsed time in msecs", + []tag.Key{KeyMethod}, + RPCServerServerElapsedTime, + aggDistMillis) + RPCServerRequestBytesView, _ = view.New( + "grpc.io/server/request_bytes/cumulative", + "Request bytes", + []tag.Key{KeyMethod}, + RPCServerRequestBytes, + aggDistBytes) + RPCServerResponseBytesView, _ = view.New( + "grpc.io/server/response_bytes/cumulative", + "Response bytes", + []tag.Key{KeyMethod}, + RPCServerResponseBytes, + aggDistBytes) + RPCServerRequestCountView, _ = view.New( + "grpc.io/server/request_count/cumulative", + "Count of request messages per server RPC", + []tag.Key{KeyMethod}, + RPCServerRequestCount, + aggDistCounts) + RPCServerResponseCountView, _ = view.New( + "grpc.io/server/response_count/cumulative", + "Count of response messages per server RPC", + []tag.Key{KeyMethod}, + RPCServerResponseCount, + aggDistCounts) + + serverViews = append(serverViews, + RPCServerErrorCountView, + RPCServerServerElapsedTimeView, + RPCServerRequestBytesView, + RPCServerResponseBytesView, + RPCServerRequestCountView, + RPCServerResponseCountView) + + // TODO(jbd): Add roundtrip_latency, uncompressed_request_bytes, uncompressed_response_bytes, request_count, response_count. +} + +func initServer() { + defaultServerMeasures() + defaultServerViews() +} + +var serverViews []*view.View diff --git a/vendor/go.opencensus.io/plugin/grpc/grpctrace/grpc.go b/vendor/go.opencensus.io/plugin/grpc/grpctrace/grpc.go new file mode 100644 index 000000000000..85f81c98bd02 --- /dev/null +++ b/vendor/go.opencensus.io/plugin/grpc/grpctrace/grpc.go @@ -0,0 +1,157 @@ +// Copyright 2017, OpenCensus Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Package grpctrace is a package to assist with tracing incoming and outgoing gRPC requests. +package grpctrace + +import ( + "strings" + + "go.opencensus.io/trace" + "go.opencensus.io/trace/propagation" + "golang.org/x/net/context" + "google.golang.org/grpc" + "google.golang.org/grpc/metadata" + "google.golang.org/grpc/stats" +) + +// ClientStatsHandler is a an implementation of grpc.StatsHandler +// that can be passed to grpc.Dial +// using grpc.WithStatsHandler to enable trace context propagation and +// automatic span creation for outgoing gRPC requests. +type ClientStatsHandler struct{} + +var _ stats.Handler = &ClientStatsHandler{} + +// NewClientStatsHandler returns a StatsHandler that can be passed to grpc.Dial +// using grpc.WithStatsHandler to enable trace context propagation and +// automatic span creation for outgoing gRPC requests. +func NewClientStatsHandler() *ClientStatsHandler { + return &ClientStatsHandler{} +} + +// TODO(jbd): Remove NewClientStatsHandler and NewServerStatsHandler +// given they are not doing anything than returning a zero value pointer. + +// ServerStatsHandler is a an implementation of grpc.StatsHandler +// that can be passed to grpc.NewServer using grpc.StatsHandler +// to enable trace context propagation and automatic span creation +// for incoming gRPC requests.. +type ServerStatsHandler struct{} + +// NewServerStatsHandler returns a StatsHandler that can be passed to +// grpc.NewServer using grpc.StatsHandler to enable trace context propagation +// and automatic span creation for incoming gRPC requests. +func NewServerStatsHandler() *ServerStatsHandler { + return &ServerStatsHandler{} +} + +var _ stats.Handler = &ServerStatsHandler{} + +const traceContextKey = "grpc-trace-bin" + +// TagRPC creates a new trace span for the client side of the RPC. +// +// It returns ctx with the new trace span added and a serialization of the +// SpanContext added to the outgoing gRPC metadata. +func (c *ClientStatsHandler) TagRPC(ctx context.Context, rti *stats.RPCTagInfo) context.Context { + name := "Sent" + strings.Replace(rti.FullMethodName, "/", ".", -1) + ctx, _ = trace.StartSpanWithOptions(ctx, name, trace.StartOptions{RecordEvents: true, RegisterNameForLocalSpanStore: true}) + traceContextBinary := propagation.Binary(trace.FromContext(ctx).SpanContext()) + if len(traceContextBinary) == 0 { + return ctx + } + md := metadata.Pairs(traceContextKey, string(traceContextBinary)) + if oldMD, ok := metadata.FromOutgoingContext(ctx); ok { + md = metadata.Join(oldMD, md) + } + return metadata.NewOutgoingContext(ctx, md) +} + +// TagRPC creates a new trace span for the server side of the RPC. +// +// It checks the incoming gRPC metadata in ctx for a SpanContext, and if +// it finds one, uses that SpanContext as the parent context of the new span. +// +// It returns ctx, with the new trace span added. +func (s *ServerStatsHandler) TagRPC(ctx context.Context, rti *stats.RPCTagInfo) context.Context { + md, _ := metadata.FromIncomingContext(ctx) + name := "Recv" + strings.Replace(rti.FullMethodName, "/", ".", -1) + opt := trace.StartOptions{RecordEvents: true, RegisterNameForLocalSpanStore: true} + if s := md[traceContextKey]; len(s) > 0 { + if parent, ok := propagation.FromBinary([]byte(s[0])); ok { + ctx, _ = trace.StartSpanWithRemoteParent(ctx, name, parent, opt) + return ctx + } + } + ctx, _ = trace.StartSpanWithOptions(ctx, name, opt) + return ctx +} + +// HandleRPC processes the RPC stats, adding information to the current trace span. +func (c *ClientStatsHandler) HandleRPC(ctx context.Context, rs stats.RPCStats) { + handleRPC(ctx, rs) +} + +// HandleRPC processes the RPC stats, adding information to the current trace span. +func (s *ServerStatsHandler) HandleRPC(ctx context.Context, rs stats.RPCStats) { + handleRPC(ctx, rs) +} + +func handleRPC(ctx context.Context, rs stats.RPCStats) { + span := trace.FromContext(ctx) + // TODO: compressed and uncompressed sizes are not populated in every message. + switch rs := rs.(type) { + case *stats.Begin: + span.SetAttributes( + trace.BoolAttribute{Key: "Client", Value: rs.Client}, + trace.BoolAttribute{Key: "FailFast", Value: rs.FailFast}) + case *stats.InPayload: + span.AddMessageReceiveEvent(0 /* TODO: messageID */, int64(rs.Length), int64(rs.WireLength)) + case *stats.InHeader: + span.AddMessageReceiveEvent(0, int64(rs.WireLength), int64(rs.WireLength)) + case *stats.InTrailer: + span.AddMessageReceiveEvent(0, int64(rs.WireLength), int64(rs.WireLength)) + case *stats.OutPayload: + span.AddMessageSendEvent(0, int64(rs.Length), int64(rs.WireLength)) + case *stats.OutHeader: + span.AddMessageSendEvent(0, 0, 0) + case *stats.OutTrailer: + span.AddMessageSendEvent(0, int64(rs.WireLength), int64(rs.WireLength)) + case *stats.End: + if rs.Error != nil { + code, desc := grpc.Code(rs.Error), grpc.ErrorDesc(rs.Error) + span.SetStatus(trace.Status{Code: int32(code), Message: desc}) + } + span.End() + } +} + +// TagConn is a no-op for this StatsHandler. +func (c *ClientStatsHandler) TagConn(ctx context.Context, cti *stats.ConnTagInfo) context.Context { + return ctx +} + +// TagConn is a no-op for this StatsHandler. +func (s *ServerStatsHandler) TagConn(ctx context.Context, cti *stats.ConnTagInfo) context.Context { + return ctx +} + +// HandleConn is a no-op for this StatsHandler. +func (c *ClientStatsHandler) HandleConn(ctx context.Context, cs stats.ConnStats) { +} + +// HandleConn is a no-op for this StatsHandler. +func (s *ServerStatsHandler) HandleConn(ctx context.Context, cs stats.ConnStats) { +} diff --git a/vendor/go.opencensus.io/stats/doc.go b/vendor/go.opencensus.io/stats/doc.go new file mode 100644 index 000000000000..7a8a62c1436c --- /dev/null +++ b/vendor/go.opencensus.io/stats/doc.go @@ -0,0 +1,55 @@ +// Copyright 2017, OpenCensus Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +/* +Package stats contains support for OpenCensus stats recording. + +OpenCensus allows users to create typed measures, record measurements, +aggregate the collected data, and export the aggregated data. + +Measures + +A measure represents a type of metric to be tracked and recorded. +For example, latency, request Mb/s, and response Mb/s are measures +to collect from a server. + +Each measure needs to be registered before being used. Measure +constructors such as Int64 and Float64 automatically +register the measure by the given name. Each registered measure needs +to be unique by name. Measures also have a description and a unit. + +Libraries can define and export measures for their end users to +create views and collect instrumentation data. + +Recording measurements + +Measurement is a data point to be collected for a measure. For example, +for a latency (ms) measure, 100 is a measurement that represents a 100ms +latency event. Users collect data points on the existing measures with +the current context. Tags from the current context are recorded with the +measurements if they are any. + +Recorded measurements are dropped immediately if user is not aggregating +them via views. Users don't necessarily need to conditionally enable/disable +recording to reduce cost. Recording of measurements is cheap. + +Libraries can always record measurements, and end-users can later decide +on which measurements they want to collect by registering views. This allows +libraries to turn on the instrumentation by default. +*/ +package stats // import "go.opencensus.io/stats" + +// TODO(acetechnologist): Add a link to the language independent OpenCensus +// spec when it is available. diff --git a/vendor/go.opencensus.io/stats/internal/record.go b/vendor/go.opencensus.io/stats/internal/record.go new file mode 100644 index 000000000000..84f6b3003a97 --- /dev/null +++ b/vendor/go.opencensus.io/stats/internal/record.go @@ -0,0 +1,12 @@ +package internal + +import ( + "time" + + "go.opencensus.io/tag" +) + +type Recorder func(*tag.Map, time.Time, interface{}) + +// DefaultRecorder will be called for each Record call. +var DefaultRecorder Recorder = nil diff --git a/vendor/go.opencensus.io/stats/internal/validation.go b/vendor/go.opencensus.io/stats/internal/validation.go new file mode 100644 index 000000000000..8fa3ee3b006b --- /dev/null +++ b/vendor/go.opencensus.io/stats/internal/validation.go @@ -0,0 +1,14 @@ +package internal + +const ( + MaxNameLength = 255 +) + +func IsPrintable(str string) bool { + for _, r := range str { + if !(r >= ' ' && r <= '~') { + return false + } + } + return true +} diff --git a/vendor/go.opencensus.io/stats/measure.go b/vendor/go.opencensus.io/stats/measure.go new file mode 100644 index 000000000000..2dc5e885ec3e --- /dev/null +++ b/vendor/go.opencensus.io/stats/measure.go @@ -0,0 +1,84 @@ +// Copyright 2017, OpenCensus Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +package stats + +import ( + "errors" + "fmt" + "sync" + + "go.opencensus.io/stats/internal" +) + +// Measure represents a type of metric to be tracked and recorded. +// For example, latency, request Mb/s, and response Mb/s are measures +// to collect from a server. +// +// Each measure needs to be registered before being used. +// Measure constructors such as Int64 and +// Float64 automatically registers the measure +// by the given name. +// Each registered measure needs to be unique by name. +// Measures also have a description and a unit. +type Measure interface { + Name() string + Description() string + Unit() string +} + +var ( + mu sync.RWMutex + measures = make(map[string]Measure) + errDuplicate = errors.New("duplicate measure name") +) + +func FindMeasure(name string) Measure { + mu.RLock() + defer mu.RUnlock() + if m, ok := measures[name]; ok { + return m + } + return nil +} + +func register(m Measure) (Measure, error) { + key := m.Name() + mu.Lock() + defer mu.Unlock() + if stored, ok := measures[key]; ok { + return stored, errDuplicate + } + measures[key] = m + return m, nil +} + +// Measurement is the numeric value measured when recording stats. Each measure +// provides methods to create measurements of their kind. For example, Int64Measure +// provides M to convert an int64 into a measurement. +type Measurement struct { + Value interface{} // int64 or float64 + Measure Measure +} + +func checkName(name string) error { + if len(name) > internal.MaxNameLength { + return fmt.Errorf("measure name cannot be larger than %v", internal.MaxNameLength) + } + if !internal.IsPrintable(name) { + return fmt.Errorf("measure name needs to be an ASCII string") + } + return nil +} diff --git a/vendor/go.opencensus.io/stats/measure_float64.go b/vendor/go.opencensus.io/stats/measure_float64.go new file mode 100644 index 000000000000..660ceb6ce48c --- /dev/null +++ b/vendor/go.opencensus.io/stats/measure_float64.go @@ -0,0 +1,63 @@ +// Copyright 2017, OpenCensus Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +package stats + +// Float64Measure is a measure of type float64. +type Float64Measure struct { + name string + unit string + description string +} + +// Name returns the name of the measure. +func (m *Float64Measure) Name() string { + return m.name +} + +// Description returns the description of the measure. +func (m *Float64Measure) Description() string { + return m.description +} + +// Unit returns the unit of the measure. +func (m *Float64Measure) Unit() string { + return m.unit +} + +// M creates a new float64 measurement. +// Use Record to record measurements. +func (m *Float64Measure) M(v float64) Measurement { + return Measurement{Measure: m, Value: v} +} + +// Float64 creates a new measure of type Float64Measure. It returns +// an error if a measure with the same name already exists. +func Float64(name, description, unit string) (*Float64Measure, error) { + if err := checkName(name); err != nil { + return nil, err + } + m := &Float64Measure{ + name: name, + description: description, + unit: unit, + } + _, err := register(m) + if err != nil { + return nil, err + } else { + return m, err + } +} diff --git a/vendor/go.opencensus.io/stats/measure_int64.go b/vendor/go.opencensus.io/stats/measure_int64.go new file mode 100644 index 000000000000..cf9ddd13ca88 --- /dev/null +++ b/vendor/go.opencensus.io/stats/measure_int64.go @@ -0,0 +1,63 @@ +// Copyright 2017, OpenCensus Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +package stats + +// Int64Measure is a measure of type int64. +type Int64Measure struct { + name string + unit string + description string +} + +// Name returns the name of the measure. +func (m *Int64Measure) Name() string { + return m.name +} + +// Description returns the description of the measure. +func (m *Int64Measure) Description() string { + return m.description +} + +// Unit returns the unit of the measure. +func (m *Int64Measure) Unit() string { + return m.unit +} + +// M creates a new int64 measurement. +// Use Record to record measurements. +func (m *Int64Measure) M(v int64) Measurement { + return Measurement{Measure: m, Value: v} +} + +// Int64 creates a new measure of type Int64Measure. It returns an +// error if a measure with the same name already exists. +func Int64(name, description, unit string) (*Int64Measure, error) { + if err := checkName(name); err != nil { + return nil, err + } + m := &Int64Measure{ + name: name, + description: description, + unit: unit, + } + _, err := register(m) + if err != nil { + return nil, err + } else { + return m, err + } +} diff --git a/vendor/go.opencensus.io/stats/record.go b/vendor/go.opencensus.io/stats/record.go new file mode 100644 index 000000000000..a4862e71c48d --- /dev/null +++ b/vendor/go.opencensus.io/stats/record.go @@ -0,0 +1,32 @@ +// Copyright 2018, OpenCensus Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +package stats + +import ( + "context" + "time" + + "go.opencensus.io/stats/internal" + "go.opencensus.io/tag" +) + +// Record records one or multiple measurements with the same tags at once. +// If there are any tags in the context, measurements will be tagged with them. +func Record(ctx context.Context, ms ...Measurement) { + if internal.DefaultRecorder != nil { + internal.DefaultRecorder(tag.FromContext(ctx), time.Now(), ms) + } +} diff --git a/vendor/go.opencensus.io/stats/view/aggregation.go b/vendor/go.opencensus.io/stats/view/aggregation.go new file mode 100644 index 000000000000..66fda6023ca7 --- /dev/null +++ b/vendor/go.opencensus.io/stats/view/aggregation.go @@ -0,0 +1,87 @@ +// Copyright 2017, OpenCensus Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +package view + +// Aggregation represents a data aggregation method. There are several +// aggregation methods made available in the package such as +// CountAggregation, SumAggregation, MeanAggregation and +// DistributionAggregation. +type Aggregation interface { + isAggregation() bool + newData() AggregationData +} + +// CountAggregation indicates that data collected and aggregated +// with this method will be turned into a count value. +// For example, total number of accepted requests can be +// aggregated by using CountAggregation. +type CountAggregation struct{} + +func (a CountAggregation) isAggregation() bool { return true } + +func (a CountAggregation) newData() AggregationData { + return newCountData(0) +} + +// SumAggregation indicates that data collected and aggregated +// with this method will be summed up. +// For example, accumulated request bytes can be aggregated by using +// SumAggregation. +type SumAggregation struct{} + +func (a SumAggregation) isAggregation() bool { return true } + +func (a SumAggregation) newData() AggregationData { + return newSumData(0) +} + +// MeanAggregation indicates that collect and aggregate data and maintain +// the mean value. +// For example, average latency in milliseconds can be aggregated by using +// MeanAggregation. +type MeanAggregation struct{} + +func (a MeanAggregation) isAggregation() bool { return true } + +func (a MeanAggregation) newData() AggregationData { + return newMeanData(0, 0) +} + +// DistributionAggregation indicates that the desired aggregation is +// a histogram distribution. +// An distribution aggregation may contain a histogram of the values in the +// population. The bucket boundaries for that histogram are described +// by DistributionAggregation slice. This defines length+1 buckets. +// +// If length >= 2 then the boundaries for bucket index i are: +// +// [-infinity, bounds[i]) for i = 0 +// [bounds[i-1], bounds[i]) for 0 < i < length +// [bounds[i-1], +infinity) for i = length +// +// If length is 0 then there is no histogram associated with the +// distribution. There will be a single bucket with boundaries +// (-infinity, +infinity). +// +// If length is 1 then there is no finite buckets, and that single +// element is the common boundary of the overflow and underflow buckets. +type DistributionAggregation []float64 + +func (a DistributionAggregation) isAggregation() bool { return true } + +func (a DistributionAggregation) newData() AggregationData { + return newDistributionData([]float64(a)) +} diff --git a/vendor/go.opencensus.io/stats/view/aggregation_data.go b/vendor/go.opencensus.io/stats/view/aggregation_data.go new file mode 100644 index 000000000000..572d187a1eea --- /dev/null +++ b/vendor/go.opencensus.io/stats/view/aggregation_data.go @@ -0,0 +1,372 @@ +// Copyright 2017, OpenCensus Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +package view + +import ( + "math" +) + +// AggregationData represents an aggregated value from a collection. +// They are reported on the view data during exporting. +// Mosts users won't directly access aggregration data. +type AggregationData interface { + isAggregationData() bool + addSample(v interface{}) + addOther(other AggregationData) + multiplyByFraction(fraction float64) AggregationData + clear() + clone() AggregationData + equal(other AggregationData) bool +} + +const epsilon = 1e-9 + +// CountData is the aggregated data for a CountAggregation. +// A count aggregation processes data and counts the recordings. +// +// Most users won't directly access count data. +type CountData int64 + +func newCountData(v int64) *CountData { + tmp := CountData(v) + return &tmp +} + +func (a *CountData) isAggregationData() bool { return true } + +func (a *CountData) addSample(v interface{}) { + *a = *a + 1 +} + +func (a *CountData) clone() AggregationData { + return newCountData(int64(*a)) +} + +func (a *CountData) multiplyByFraction(fraction float64) AggregationData { + return newCountData(int64(float64(int64(*a))*fraction + 0.5)) // adding 0.5 because go runtime will take floor instead of rounding +} + +func (a *CountData) addOther(av AggregationData) { + other, ok := av.(*CountData) + if !ok { + return + } + *a = *a + *other +} + +func (a *CountData) clear() { + *a = 0 +} + +func (a *CountData) equal(other AggregationData) bool { + a2, ok := other.(*CountData) + if !ok { + return false + } + + return int64(*a) == int64(*a2) +} + +// SumData is the aggregated data for a SumAggregation. +// A sum aggregation processes data and sums up the recordings. +// +// Most users won't directly access sum data. +type SumData float64 + +func newSumData(v float64) *SumData { + tmp := SumData(v) + return &tmp +} + +func (a *SumData) isAggregationData() bool { return true } + +func (a *SumData) addSample(v interface{}) { + // Both float64 and int64 values will be cast to float64 + var f float64 + switch x := v.(type) { + case int64: + f = float64(x) + case float64: + f = x + default: + return + } + *a += SumData(f) +} + +func (a *SumData) multiplyByFraction(fraction float64) AggregationData { + return newSumData(float64(*a) * fraction) +} + +func (a *SumData) clone() AggregationData { + return newSumData(float64(*a)) +} + +func (a *SumData) addOther(av AggregationData) { + other, ok := av.(*SumData) + if !ok { + return + } + *a = *a + *other +} + +func (a *SumData) clear() { + *a = 0 +} + +func (a *SumData) equal(other AggregationData) bool { + a2, ok := other.(*SumData) + if !ok { + return false + } + return math.Pow(float64(*a)-float64(*a2), 2) < epsilon +} + +// MeanData is the aggregated data for a MeanAggregation. +// A mean aggregation processes data and maintains the mean value. +// +// Most users won't directly access mean data. +type MeanData struct { + Count float64 // number of data points aggregated + Mean float64 // mean of all data points +} + +func newMeanData(mean float64, count float64) *MeanData { + return &MeanData{ + Mean: mean, + Count: count, + } +} + +// Sum returns the sum of all samples collected. +func (a *MeanData) Sum() float64 { return a.Mean * float64(a.Count) } + +func (a *MeanData) isAggregationData() bool { return true } + +func (a *MeanData) addSample(v interface{}) { + var f float64 + switch x := v.(type) { + case int64: + f = float64(x) + case float64: + f = x + default: + return + } + + a.Count++ + if a.Count == 1 { + a.Mean = f + return + } + a.Mean = a.Mean + (f-a.Mean)/float64(a.Count) +} + +func (a *MeanData) clone() AggregationData { + return newMeanData(a.Mean, a.Count) +} + +// Only Count will be mutiplied by the fraction, Mean will remain the same. +func (a *MeanData) multiplyByFraction(fraction float64) AggregationData { + return newMeanData(a.Mean, a.Count*fraction) +} + +func (a *MeanData) addOther(av AggregationData) { + other, ok := av.(*MeanData) + if !ok { + return + } + + if other.Count == 0 { + return + } + + a.Mean = (a.Sum() + other.Sum()) / (a.Count + other.Count) + a.Count = a.Count + other.Count +} + +func (a *MeanData) clear() { + a.Count = 0 + a.Mean = 0 +} + +func (a *MeanData) equal(other AggregationData) bool { + a2, ok := other.(*MeanData) + if !ok { + return false + } + return a.Count == a2.Count && math.Pow(a.Mean-a2.Mean, 2) < epsilon +} + +// DistributionData is the aggregated data for an +// DistributionAggregation. +// +// Most users won't directly access distribution data. +type DistributionData struct { + Count int64 // number of data points aggregated + Min float64 // minimum value in the distribution + Max float64 // max value in the distribution + Mean float64 // mean of the distribution + SumOfSquaredDev float64 // sum of the squared deviation from the mean + CountPerBucket []int64 // number of occurrences per bucket + bounds []float64 // histogram distribution of the values +} + +func newDistributionData(bounds []float64) *DistributionData { + return &DistributionData{ + CountPerBucket: make([]int64, len(bounds)+1), + bounds: bounds, + Min: math.MaxFloat64, + Max: math.SmallestNonzeroFloat64, + } +} + +// Sum returns the sum of all samples collected. +func (a *DistributionData) Sum() float64 { return a.Mean * float64(a.Count) } + +func (a *DistributionData) variance() float64 { + if a.Count <= 1 { + return 0 + } + return a.SumOfSquaredDev / float64(a.Count-1) +} + +func (a *DistributionData) isAggregationData() bool { return true } + +func (a *DistributionData) addSample(v interface{}) { + var f float64 + switch x := v.(type) { + case int64: + f = float64(x) + case float64: + f = x + default: + return + } + + if f < a.Min { + a.Min = f + } + if f > a.Max { + a.Max = f + } + a.Count++ + a.incrementBucketCount(f) + + if a.Count == 1 { + a.Mean = f + return + } + + oldMean := a.Mean + a.Mean = a.Mean + (f-a.Mean)/float64(a.Count) + a.SumOfSquaredDev = a.SumOfSquaredDev + (f-oldMean)*(f-a.Mean) +} + +func (a *DistributionData) incrementBucketCount(f float64) { + if len(a.bounds) == 0 { + a.CountPerBucket[0]++ + return + } + + for i, b := range a.bounds { + if f < b { + a.CountPerBucket[i]++ + return + } + } + a.CountPerBucket[len(a.bounds)]++ +} + +// DistributionData will not multiply by the fraction for this type +// of aggregation. The 'fraction' argument is there just to satisfy the +// interface 'AggregationData'. For simplicity, we include the oldest partial +// bucket in its entirety when the aggregation is a distribution. We do not try +// to multiply it by the fraction as it would make the calculation too complex +// and will create inconsistencies between sumOfSquaredDev, min, max and the +// various buckets of the histogram. +func (a *DistributionData) multiplyByFraction(fraction float64) AggregationData { + ret := newDistributionData(a.bounds) + copy(ret.CountPerBucket, a.CountPerBucket) + ret.Count = a.Count + ret.Min = a.Min + ret.Max = a.Max + ret.Mean = a.Mean + ret.SumOfSquaredDev = a.SumOfSquaredDev + return ret +} + +func (a *DistributionData) addOther(av AggregationData) { + other, ok := av.(*DistributionData) + if !ok { + return + } + if other.Count == 0 { + return + } + if other.Min < a.Min { + a.Min = other.Min + } + if other.Max > a.Max { + a.Max = other.Max + } + delta := other.Mean - a.Mean + a.SumOfSquaredDev = a.SumOfSquaredDev + other.SumOfSquaredDev + math.Pow(delta, 2)*float64(a.Count*other.Count)/(float64(a.Count+other.Count)) + + a.Mean = (a.Sum() + other.Sum()) / float64(a.Count+other.Count) + a.Count = a.Count + other.Count + for i := range other.CountPerBucket { + a.CountPerBucket[i] = a.CountPerBucket[i] + other.CountPerBucket[i] + } +} + +func (a *DistributionData) clear() { + a.Count = 0 + a.Min = math.MaxFloat64 + a.Max = math.SmallestNonzeroFloat64 + a.Mean = 0 + a.SumOfSquaredDev = 0 + for i := range a.CountPerBucket { + a.CountPerBucket[i] = 0 + } +} + +func (a *DistributionData) clone() AggregationData { + counts := make([]int64, len(a.CountPerBucket)) + copy(counts, a.CountPerBucket) + c := *a + c.CountPerBucket = counts + return &c +} + +func (a *DistributionData) equal(other AggregationData) bool { + a2, ok := other.(*DistributionData) + if !ok { + return false + } + if a2 == nil { + return false + } + if len(a.CountPerBucket) != len(a2.CountPerBucket) { + return false + } + for i := range a.CountPerBucket { + if a.CountPerBucket[i] != a2.CountPerBucket[i] { + return false + } + } + return a.Count == a2.Count && a.Min == a2.Min && a.Max == a2.Max && math.Pow(a.Mean-a2.Mean, 2) < epsilon && math.Pow(a.variance()-a2.variance(), 2) < epsilon +} diff --git a/vendor/go.opencensus.io/stats/view/collector.go b/vendor/go.opencensus.io/stats/view/collector.go new file mode 100644 index 000000000000..10584a841eca --- /dev/null +++ b/vendor/go.opencensus.io/stats/view/collector.go @@ -0,0 +1,85 @@ +// Copyright 2017, OpenCensus Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +package view + +import ( + "sort" + "time" + + "go.opencensus.io/internal/tagencoding" + "go.opencensus.io/tag" +) + +type collector struct { + // signatures holds the aggregations values for each unique tag signature + // (values for all keys) to its aggregator. + signatures map[string]AggregationData + // Aggregation is the description of the aggregation to perform for this + // view. + a Aggregation +} + +func (c *collector) addSample(s string, v interface{}, now time.Time) { + aggregator, ok := c.signatures[s] + if !ok { + aggregator = c.a.newData() + c.signatures[s] = aggregator + } + aggregator.addSample(v) +} + +func (c *collector) collectedRows(keys []tag.Key, now time.Time) []*Row { + var rows []*Row + for sig, aggregator := range c.signatures { + tags := decodeTags([]byte(sig), keys) + row := &Row{tags, aggregator} + rows = append(rows, row) + } + return rows +} + +func (c *collector) clearRows() { + c.signatures = make(map[string]AggregationData) +} + +// encodeWithKeys encodes the map by using values +// only associated with the keys provided. +func encodeWithKeys(m *tag.Map, keys []tag.Key) []byte { + vb := &tagencoding.Values{ + Buffer: make([]byte, len(keys)), + } + for _, k := range keys { + v, _ := m.Value(k) + vb.WriteValue([]byte(v)) + } + return vb.Bytes() +} + +// decodeTags decodes tags from the buffer and +// orders them by the keys. +func decodeTags(buf []byte, keys []tag.Key) []tag.Tag { + vb := &tagencoding.Values{Buffer: buf} + var tags []tag.Tag + for _, k := range keys { + v := vb.ReadValue() + if v != nil { + tags = append(tags, tag.Tag{Key: k, Value: string(v)}) + } + } + vb.ReadIndex = 0 + sort.Slice(tags, func(i, j int) bool { return tags[i].Key.Name() < tags[j].Key.Name() }) + return tags +} diff --git a/vendor/go.opencensus.io/stats/view/doc.go b/vendor/go.opencensus.io/stats/view/doc.go new file mode 100644 index 000000000000..fcaae6efc39c --- /dev/null +++ b/vendor/go.opencensus.io/stats/view/doc.go @@ -0,0 +1,47 @@ +// Copyright 2017, OpenCensus Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +/* +Package view contains support for collecting and exposing aggregates over stats. + +In order to collect measurements, views need to be defined and registered. +A view allows recorded measurements to be filtered and aggregated over a time window. + +All recorded measurements can be filtered by a list of tags. + +OpenCensus provides several aggregation methods: count, distribution, sum and mean. +Count aggregation only counts the number of measurement points. Distribution +aggregation provides statistical summary of the aggregated data. Sum distribution +sums up the measurement points. Mean provides the mean of the recorded measurements. +Aggregations can either happen cumulatively or over an interval. + +Users can dynamically create and delete views. + +Libraries can export their own views and claim the view names +by registering them themselves. + +Exporting + +Collected and aggregated data can be exported to a metric collection +backend by registering its exporter. + +Multiple exporters can be registered to upload the data to various +different backends. Users need to unregister the exporters once they +no longer are needed. +*/ +package view // import "go.opencensus.io/stats/view" + +// TODO(acetechnologist): Add a link to the language independent OpenCensus +// spec when it is available. diff --git a/vendor/go.opencensus.io/stats/view/export.go b/vendor/go.opencensus.io/stats/view/export.go new file mode 100644 index 000000000000..fac37871b75c --- /dev/null +++ b/vendor/go.opencensus.io/stats/view/export.go @@ -0,0 +1,53 @@ +// Copyright 2017, OpenCensus Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package view + +import "sync" + +var ( + exportersMu sync.RWMutex // guards exporters + exporters = make(map[Exporter]struct{}) +) + +// Exporter exports the collected records as view data. +// +// The ExportView method should return quickly; if an +// Exporter takes a significant amount of time to +// process a Data, that work should be done on another goroutine. +// +// The Data should not be modified. +type Exporter interface { + ExportView(viewData *Data) +} + +// RegisterExporter registers an exporter. +// Collected data will be reported via all the +// registered exporters. Once you no longer +// want data to be exported, invoke UnregisterExporter +// with the previously registered exporter. +func RegisterExporter(e Exporter) { + exportersMu.Lock() + defer exportersMu.Unlock() + + exporters[e] = struct{}{} +} + +// UnregisterExporter unregisters an exporter. +func UnregisterExporter(e Exporter) { + exportersMu.Lock() + defer exportersMu.Unlock() + + delete(exporters, e) +} diff --git a/vendor/go.opencensus.io/stats/view/view.go b/vendor/go.opencensus.io/stats/view/view.go new file mode 100644 index 000000000000..1ef805d98a82 --- /dev/null +++ b/vendor/go.opencensus.io/stats/view/view.go @@ -0,0 +1,179 @@ +// Copyright 2017, OpenCensus Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +package view + +import ( + "bytes" + "fmt" + "reflect" + "sort" + "sync/atomic" + "time" + + "go.opencensus.io/stats" + "go.opencensus.io/stats/internal" + "go.opencensus.io/tag" +) + +// View allows users to filter and aggregate the recorded events. +// Each view has to be registered to enable data retrieval. Use New to +// initiate new views. Unregister views once you don't want to collect any more +// events. +type View struct { + name string // name of View. Must be unique. + description string + + // tagKeys to perform the aggregation on. + tagKeys []tag.Key + + // Examples of measures are cpu:tickCount, diskio:time... + m stats.Measure + + subscribed uint32 // 1 if someone is subscribed and data need to be exported, use atomic to access + + collector *collector +} + +// New creates a new view with the given name and description. +// View names need to be unique globally in the entire system. +// +// Data collection will only filter measurements recorded by the given keys. +// Collected data will be processed by the given aggregation algorithm. +// +// Views need to be subscribed toin order to retrieve collection data. +// +// Once the view is no longer required, the view can be unregistered. +func New(name, description string, keys []tag.Key, measure stats.Measure, agg Aggregation) (*View, error) { + if err := checkViewName(name); err != nil { + return nil, err + } + var ks []tag.Key + if len(keys) > 0 { + ks = make([]tag.Key, len(keys)) + copy(ks, keys) + sort.Slice(ks, func(i, j int) bool { return ks[i].Name() < ks[j].Name() }) + } + return &View{ + name: name, + description: description, + tagKeys: ks, + m: measure, + collector: &collector{make(map[string]AggregationData), agg}, + }, nil +} + +// Name returns the name of the view. +func (v *View) Name() string { + return v.name +} + +// Description returns the name of the view. +func (v *View) Description() string { + return v.description +} + +func (v *View) subscribe() { + atomic.StoreUint32(&v.subscribed, 1) +} + +func (v *View) unsubscribe() { + atomic.StoreUint32(&v.subscribed, 0) +} + +// isSubscribed returns true if the view is exporting +// data by subscription. +func (v *View) isSubscribed() bool { + return atomic.LoadUint32(&v.subscribed) == 1 +} + +func (v *View) clearRows() { + v.collector.clearRows() +} + +// TagKeys returns the list of tag keys associated with this view. +func (v *View) TagKeys() []tag.Key { + return v.tagKeys +} + +// Aggregation returns the data aggregation method used to aggregate +// the measurements collected by this view. +func (v *View) Aggregation() Aggregation { + return v.collector.a +} + +// Measure returns the measure the view is collecting measurements for. +func (v *View) Measure() stats.Measure { + return v.m +} + +func (v *View) collectedRows(now time.Time) []*Row { + return v.collector.collectedRows(v.tagKeys, now) +} + +func (v *View) addSample(m *tag.Map, val interface{}, now time.Time) { + if !v.isSubscribed() { + return + } + sig := string(encodeWithKeys(m, v.tagKeys)) + v.collector.addSample(sig, val, now) +} + +// A Data is a set of rows about usage of the single measure associated +// with the given view. Each row is specific to a unique set of tags. +type Data struct { + View *View + Start, End time.Time + Rows []*Row +} + +// Row is the collected value for a specific set of key value pairs a.k.a tags. +type Row struct { + Tags []tag.Tag + Data AggregationData +} + +func (r *Row) String() string { + var buffer bytes.Buffer + buffer.WriteString("{ ") + buffer.WriteString("{ ") + for _, t := range r.Tags { + buffer.WriteString(fmt.Sprintf("{%v %v}", t.Key.Name(), t.Value)) + } + buffer.WriteString(" }") + buffer.WriteString(fmt.Sprintf("%v", r.Data)) + buffer.WriteString(" }") + return buffer.String() +} + +// Equal returns true if both Rows are equal. Tags are expected to be ordered +// by the key name. Even both rows have the same tags but the tags appear in +// different orders it will return false. +func (r *Row) Equal(other *Row) bool { + if r == other { + return true + } + return reflect.DeepEqual(r.Tags, other.Tags) && r.Data.equal(other.Data) +} + +func checkViewName(name string) error { + if len(name) > internal.MaxNameLength { + return fmt.Errorf("view name cannot be larger than %v", internal.MaxNameLength) + } + if !internal.IsPrintable(name) { + return fmt.Errorf("view name needs to be an ASCII string") + } + return nil +} diff --git a/vendor/go.opencensus.io/stats/view/worker.go b/vendor/go.opencensus.io/stats/view/worker.go new file mode 100644 index 000000000000..0e842dfad004 --- /dev/null +++ b/vendor/go.opencensus.io/stats/view/worker.go @@ -0,0 +1,266 @@ +// Copyright 2017, OpenCensus Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +package view + +import ( + "errors" + "fmt" + "time" + + "go.opencensus.io/stats" + "go.opencensus.io/stats/internal" + "go.opencensus.io/tag" +) + +func init() { + defaultWorker = newWorker() + go defaultWorker.start() + internal.DefaultRecorder = record +} + +type measureRef struct { + measure stats.Measure + views map[*View]struct{} +} + +type worker struct { + measures map[string]*measureRef + views map[string]*View + startTimes map[*View]time.Time + + timer *time.Ticker + c chan command + quit, done chan bool +} + +var defaultWorker *worker + +var defaultReportingDuration = 10 * time.Second + +// FindMeasure returns a registered view associated with this name. +// If no registered view is found, nil is returned. +func Find(name string) (v *View) { + req := &getViewByNameReq{ + name: name, + c: make(chan *getViewByNameResp), + } + defaultWorker.c <- req + resp := <-req.c + return resp.v +} + +// Register registers view. It returns an error if the view is already registered. +// +// Subscription automatically registers a view. +// Most users will not register directly but register via subscription. +// Registration can be used by libraries to claim a view name. +// +// Unregister the view once the view is not required anymore. +func Register(v *View) error { + req := ®isterViewReq{ + v: v, + err: make(chan error), + } + defaultWorker.c <- req + return <-req.err +} + +// Unregister removes the previously registered view. It returns an error +// if the view wasn't registered. All data collected and not reported for the +// corresponding view will be lost. The view is automatically be unsubscribed. +func Unregister(v *View) error { + req := &unregisterViewReq{ + v: v, + err: make(chan error), + } + defaultWorker.c <- req + return <-req.err +} + +// Subscribe subscribes a view. Once a view is subscribed, it reports data +// via the exporters. +// During subscription, if the view wasn't registered, it will be automatically +// registered. Once the view is no longer needed to export data, +// user should unsubscribe from the view. +func (v *View) Subscribe() error { + req := &subscribeToViewReq{ + v: v, + err: make(chan error), + } + defaultWorker.c <- req + return <-req.err +} + +// Unsubscribe unsubscribes a previously subscribed view. +// Data will not be exported from this view once unsubscription happens. +func (v *View) Unsubscribe() error { + req := &unsubscribeFromViewReq{ + v: v, + err: make(chan error), + } + defaultWorker.c <- req + return <-req.err +} + +// RetrieveData returns the current collected data for the view. +func (v *View) RetrieveData() ([]*Row, error) { + if v == nil { + return nil, errors.New("cannot retrieve data from nil view") + } + req := &retrieveDataReq{ + now: time.Now(), + v: v, + c: make(chan *retrieveDataResp), + } + defaultWorker.c <- req + resp := <-req.c + return resp.rows, resp.err +} + +func record(tags *tag.Map, now time.Time, ms interface{}) { + req := &recordReq{ + now: now, + tm: tags, + ms: ms.([]stats.Measurement), + } + defaultWorker.c <- req +} + +// SetReportingPeriod sets the interval between reporting aggregated views in +// the program. If duration is less than or +// equal to zero, it enables the default behavior. +func SetReportingPeriod(d time.Duration) { + // TODO(acetechnologist): ensure that the duration d is more than a certain + // value. e.g. 1s + req := &setReportingPeriodReq{ + d: d, + c: make(chan bool), + } + defaultWorker.c <- req + <-req.c // don't return until the timer is set to the new duration. +} + +func newWorker() *worker { + return &worker{ + measures: make(map[string]*measureRef), + views: make(map[string]*View), + startTimes: make(map[*View]time.Time), + timer: time.NewTicker(defaultReportingDuration), + c: make(chan command), + quit: make(chan bool), + done: make(chan bool), + } +} + +func (w *worker) start() { + for { + select { + case cmd := <-w.c: + if cmd != nil { + cmd.handleCommand(w) + } + case <-w.timer.C: + w.reportUsage(time.Now()) + case <-w.quit: + w.timer.Stop() + close(w.c) + w.done <- true + return + } + } +} + +func (w *worker) stop() { + w.quit <- true + <-w.done +} + +func (w *worker) getMeasureRef(m stats.Measure) *measureRef { + if mr, ok := w.measures[m.Name()]; ok { + return mr + } + mr := &measureRef{ + measure: m, + views: make(map[*View]struct{}), + } + w.measures[m.Name()] = mr + return mr +} + +func (w *worker) tryRegisterView(v *View) error { + if err := checkViewName(v.name); err != nil { + return err + } + if x, ok := w.views[v.Name()]; ok { + if x != v { + return fmt.Errorf("cannot register view %q; another view with the same name is already registered", v.Name()) + } + + // the view is already registered so there is nothing to do and the + // command is considered successful. + return nil + } + + if v.Measure() == nil { + return fmt.Errorf("cannot register view %q: measure not defined", v.Name()) + } + + w.views[v.Name()] = v + ref := w.getMeasureRef(v.Measure()) + ref.views[v] = struct{}{} + + return nil +} + +func (w *worker) reportUsage(start time.Time) { + for _, v := range w.views { + if !v.isSubscribed() { + continue + } + rows := v.collectedRows(start) + s, ok := w.startTimes[v] + if !ok { + w.startTimes[v] = start + } else { + start = s + } + // Make sure collector is never going + // to mutate the exported data. + rows = deepCopyRowData(rows) + viewData := &Data{ + View: v, + Start: start, + End: time.Now(), + Rows: rows, + } + exportersMu.Lock() + for e := range exporters { + e.ExportView(viewData) + } + exportersMu.Unlock() + } +} + +func deepCopyRowData(rows []*Row) []*Row { + newRows := make([]*Row, 0, len(rows)) + for _, r := range rows { + newRows = append(newRows, &Row{ + Data: r.Data.clone(), + Tags: r.Tags, + }) + } + return newRows +} diff --git a/vendor/go.opencensus.io/stats/view/worker_commands.go b/vendor/go.opencensus.io/stats/view/worker_commands.go new file mode 100644 index 000000000000..ae21e753a3fc --- /dev/null +++ b/vendor/go.opencensus.io/stats/view/worker_commands.go @@ -0,0 +1,186 @@ +// Copyright 2017, OpenCensus Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +package view + +import ( + "fmt" + "time" + + "go.opencensus.io/stats" + "go.opencensus.io/tag" +) + +type command interface { + handleCommand(w *worker) +} + +// getViewByNameReq is the command to get a view given its name. +type getViewByNameReq struct { + name string + c chan *getViewByNameResp +} + +type getViewByNameResp struct { + v *View +} + +func (cmd *getViewByNameReq) handleCommand(w *worker) { + cmd.c <- &getViewByNameResp{w.views[cmd.name]} +} + +// registerViewReq is the command to register a view with the library. +type registerViewReq struct { + v *View + err chan error +} + +func (cmd *registerViewReq) handleCommand(w *worker) { + cmd.err <- w.tryRegisterView(cmd.v) +} + +// unregisterViewReq is the command to unregister a view from the library. +type unregisterViewReq struct { + v *View + err chan error +} + +func (cmd *unregisterViewReq) handleCommand(w *worker) { + v, ok := w.views[cmd.v.Name()] + if !ok { + cmd.err <- nil + return + } + if v != cmd.v { + cmd.err <- nil + return + } + if v.isSubscribed() { + cmd.err <- fmt.Errorf("cannot unregister view %q; all subscriptions must be unsubscribed first", cmd.v.Name()) + return + } + delete(w.views, cmd.v.Name()) + ref := w.getMeasureRef(v.Measure()) + delete(ref.views, v) + cmd.err <- nil +} + +// subscribeToViewReq is the command to subscribe to a view. +type subscribeToViewReq struct { + v *View + err chan error +} + +func (cmd *subscribeToViewReq) handleCommand(w *worker) { + if cmd.v.isSubscribed() { + cmd.err <- nil + return + } + if err := w.tryRegisterView(cmd.v); err != nil { + cmd.err <- fmt.Errorf("cannot subscribe to view: %v", err) + return + } + cmd.v.subscribe() + cmd.err <- nil +} + +// unsubscribeFromViewReq is the command to unsubscribe to a view. Has no +// impact on the data collection for client that are pulling data from the +// library. +type unsubscribeFromViewReq struct { + v *View + err chan error +} + +func (cmd *unsubscribeFromViewReq) handleCommand(w *worker) { + cmd.v.unsubscribe() + if !cmd.v.isSubscribed() { + // this was the last subscription and view is not collecting anymore. + // The collected data can be cleared. + cmd.v.clearRows() + } + // we always return nil because this operation never fails. However we + // still need to return something on the channel to signal to the waiting + // go routine that the operation completed. + cmd.err <- nil +} + +// retrieveDataReq is the command to retrieve data for a view. +type retrieveDataReq struct { + now time.Time + v *View + c chan *retrieveDataResp +} + +type retrieveDataResp struct { + rows []*Row + err error +} + +func (cmd *retrieveDataReq) handleCommand(w *worker) { + if _, ok := w.views[cmd.v.Name()]; !ok { + cmd.c <- &retrieveDataResp{ + nil, + fmt.Errorf("cannot retrieve data; view %q is not registered", cmd.v.Name()), + } + return + } + + if !cmd.v.isSubscribed() { + cmd.c <- &retrieveDataResp{ + nil, + fmt.Errorf("cannot retrieve data; view %q has no subscriptions or collection is not forcibly started", cmd.v.Name()), + } + return + } + cmd.c <- &retrieveDataResp{ + cmd.v.collectedRows(cmd.now), + nil, + } +} + +// recordReq is the command to record data related to multiple measures +// at once. +type recordReq struct { + now time.Time + tm *tag.Map + ms []stats.Measurement +} + +func (cmd *recordReq) handleCommand(w *worker) { + for _, m := range cmd.ms { + ref := w.getMeasureRef(m.Measure) + for v := range ref.views { + v.addSample(cmd.tm, m.Value, cmd.now) + } + } +} + +// setReportingPeriodReq is the command to modify the duration between +// reporting the collected data to the subscribed clients. +type setReportingPeriodReq struct { + d time.Duration + c chan bool +} + +func (cmd *setReportingPeriodReq) handleCommand(w *worker) { + w.timer.Stop() + if cmd.d <= 0 { + w.timer = time.NewTicker(defaultReportingDuration) + } else { + w.timer = time.NewTicker(cmd.d) + } + cmd.c <- true +} diff --git a/vendor/go.opencensus.io/tag/context.go b/vendor/go.opencensus.io/tag/context.go new file mode 100644 index 000000000000..9fe32e4bb3ef --- /dev/null +++ b/vendor/go.opencensus.io/tag/context.go @@ -0,0 +1,41 @@ +// Copyright 2017, OpenCensus Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +package tag + +import "context" + +// FromContext returns the tag map stored in the context. +func FromContext(ctx context.Context) *Map { + // The returned tag map shouldn't be mutated. + ts := ctx.Value(mapCtxKey) + if ts == nil { + return newMap(0) + } + return ts.(*Map) +} + +// NewContext creates a new context with the given tag map. +// To propagate a tag map to downstream methods and downstream RPCs, add a tag map +// to the current context. NewContext will return a copy of the current context, +// and put the tag map into the returned one. +// If there is already a tag map in the current context, it will be replaced with m. +func NewContext(ctx context.Context, m *Map) context.Context { + return context.WithValue(ctx, mapCtxKey, m) +} + +type ctxKey struct{} + +var mapCtxKey = ctxKey{} diff --git a/vendor/go.opencensus.io/tag/doc.go b/vendor/go.opencensus.io/tag/doc.go new file mode 100644 index 000000000000..da16b74e4deb --- /dev/null +++ b/vendor/go.opencensus.io/tag/doc.go @@ -0,0 +1,26 @@ +// Copyright 2017, OpenCensus Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +/* +Package tag contains OpenCensus tags. + +Tags are key-value pairs. Tags provide additional cardinality to +the OpenCensus instrumentation data. + +Tags can be propagated on the wire and in the same +process via context.Context. Encode and Decode should be +used to represent tags into their binary propagation form. +*/ +package tag // import "go.opencensus.io/tag" diff --git a/vendor/go.opencensus.io/tag/key.go b/vendor/go.opencensus.io/tag/key.go new file mode 100644 index 000000000000..ebbed9500062 --- /dev/null +++ b/vendor/go.opencensus.io/tag/key.go @@ -0,0 +1,35 @@ +// Copyright 2017, OpenCensus Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +package tag + +// Key represents a tag key. +type Key struct { + name string +} + +// NewKey creates or retrieves a string key identified by name. +// Calling NewKey consequently with the same name returns the same key. +func NewKey(name string) (Key, error) { + if !checkKeyName(name) { + return Key{}, errInvalidKeyName + } + return Key{name: name}, nil +} + +// Name returns the name of the key. +func (k Key) Name() string { + return k.name +} diff --git a/vendor/go.opencensus.io/tag/map.go b/vendor/go.opencensus.io/tag/map.go new file mode 100644 index 000000000000..c9f5ebb26544 --- /dev/null +++ b/vendor/go.opencensus.io/tag/map.go @@ -0,0 +1,191 @@ +// Copyright 2017, OpenCensus Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +package tag + +import ( + "bytes" + "context" + "fmt" + "sort" +) + +// Tag is a key value pair that can be propagated on wire. +type Tag struct { + Key Key + Value string +} + +// Map is a map of tags. Use NewMap to build tag maps. +type Map struct { + m map[Key]string +} + +// Value returns the value for the key if a value +// for the key exists. +func (m *Map) Value(k Key) (string, bool) { + v, ok := m.m[k] + return v, ok +} + +func (m *Map) String() string { + var keys []Key + for k := range m.m { + keys = append(keys, k) + } + sort.Slice(keys, func(i, j int) bool { return keys[i].Name() < keys[j].Name() }) + + var buffer bytes.Buffer + buffer.WriteString("{ ") + for _, k := range keys { + buffer.WriteString(fmt.Sprintf("{%v %v}", k.name, m.m[k])) + } + buffer.WriteString(" }") + return buffer.String() +} + +func (m *Map) insert(k Key, v string) { + if _, ok := m.m[k]; ok { + return + } + m.m[k] = v +} + +func (m *Map) update(k Key, v string) { + if _, ok := m.m[k]; ok { + m.m[k] = v + } +} + +func (m *Map) upsert(k Key, v string) { + m.m[k] = v +} + +func (m *Map) delete(k Key) { + delete(m.m, k) +} + +func newMap(sizeHint int) *Map { + return &Map{m: make(map[Key]string, sizeHint)} +} + +// Mutator modifies a tag map. +type Mutator interface { + Mutate(t *Map) (*Map, error) +} + +// Insert returns a mutator that inserts a +// value associated with k. If k already exists in the tag map, +// mutator doesn't update the value. +func Insert(k Key, v string) Mutator { + return &mutator{ + fn: func(m *Map) (*Map, error) { + if !checkValue(v) { + return nil, errInvalidValue + } + m.insert(k, v) + return m, nil + }, + } +} + +// Update returns a mutator that updates the +// value of the tag associated with k with v. If k doesn't +// exists in the tag map, the mutator doesn't insert the value. +func Update(k Key, v string) Mutator { + return &mutator{ + fn: func(m *Map) (*Map, error) { + if !checkValue(v) { + return nil, errInvalidValue + } + m.update(k, v) + return m, nil + }, + } +} + +// Upsert returns a mutator that upserts the +// value of the tag associated with k with v. It inserts the +// value if k doesn't exist already. It mutates the value +// if k already exists. +func Upsert(k Key, v string) Mutator { + return &mutator{ + fn: func(m *Map) (*Map, error) { + if !checkValue(v) { + return nil, errInvalidValue + } + m.upsert(k, v) + return m, nil + }, + } +} + +// Delete returns a mutator that deletes +// the value associated with k. +func Delete(k Key) Mutator { + return &mutator{ + fn: func(m *Map) (*Map, error) { + m.delete(k) + return m, nil + }, + } +} + +// New returns a new context that contains a tag map +// originated from the incoming context and modified +// with the provided mutators. +func New(ctx context.Context, mutator ...Mutator) (context.Context, error) { + m := newMap(0) + orig := FromContext(ctx) + if orig != nil { + for k, v := range orig.m { + if !checkKeyName(k.Name()) { + return ctx, fmt.Errorf("key:%q: %v", k, errInvalidKeyName) + } + if !checkValue(v) { + return ctx, fmt.Errorf("key:%q value:%q: %v", k.Name(), v, errInvalidValue) + } + m.insert(k, v) + } + } + var err error + for _, mod := range mutator { + m, err = mod.Mutate(m) + if err != nil { + return ctx, err + } + } + return NewContext(ctx, m), nil +} + +// Do is similar to pprof.Do: a convenience for installing the tags +// from the context as Go profiler labels. This allows you to +// correlated runtime profiling with stats. +// +// It converts the key/values from the given map to Go profiler labels +// and calls pprof.Do. +// +// Do is going to do nothing if your Go version is below 1.9. +func Do(ctx context.Context, f func(ctx context.Context)) { + do(ctx, f) +} + +type mutator struct { + fn func(t *Map) (*Map, error) +} + +func (m *mutator) Mutate(t *Map) (*Map, error) { + return m.fn(t) +} diff --git a/vendor/go.opencensus.io/tag/map_codec.go b/vendor/go.opencensus.io/tag/map_codec.go new file mode 100644 index 000000000000..4b45497d3df2 --- /dev/null +++ b/vendor/go.opencensus.io/tag/map_codec.go @@ -0,0 +1,223 @@ +// Copyright 2017, OpenCensus Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +package tag + +import ( + "encoding/binary" + "fmt" +) + +// KeyType defines the types of keys allowed. Currently only keyTypeString is +// supported. +type keyType byte + +const ( + keyTypeString keyType = iota + keyTypeInt64 + keyTypeTrue + keyTypeFalse + + tagsVersionID = byte(0) +) + +type encoderGRPC struct { + buf []byte + writeIdx, readIdx int +} + +// writeKeyString writes the fieldID '0' followed by the key string and value +// string. +func (eg *encoderGRPC) writeTagString(k, v string) { + eg.writeByte(byte(keyTypeString)) + eg.writeStringWithVarintLen(k) + eg.writeStringWithVarintLen(v) +} + +func (eg *encoderGRPC) writeTagUint64(k string, i uint64) { + eg.writeByte(byte(keyTypeInt64)) + eg.writeStringWithVarintLen(k) + eg.writeUint64(i) +} + +func (eg *encoderGRPC) writeTagTrue(k string) { + eg.writeByte(byte(keyTypeTrue)) + eg.writeStringWithVarintLen(k) +} + +func (eg *encoderGRPC) writeTagFalse(k string) { + eg.writeByte(byte(keyTypeFalse)) + eg.writeStringWithVarintLen(k) +} + +func (eg *encoderGRPC) writeBytesWithVarintLen(bytes []byte) { + length := len(bytes) + + eg.growIfRequired(binary.MaxVarintLen64 + length) + eg.writeIdx += binary.PutUvarint(eg.buf[eg.writeIdx:], uint64(length)) + copy(eg.buf[eg.writeIdx:], bytes) + eg.writeIdx += length +} + +func (eg *encoderGRPC) writeStringWithVarintLen(s string) { + length := len(s) + + eg.growIfRequired(binary.MaxVarintLen64 + length) + eg.writeIdx += binary.PutUvarint(eg.buf[eg.writeIdx:], uint64(length)) + copy(eg.buf[eg.writeIdx:], s) + eg.writeIdx += length +} + +func (eg *encoderGRPC) writeByte(v byte) { + eg.growIfRequired(1) + eg.buf[eg.writeIdx] = v + eg.writeIdx++ +} + +func (eg *encoderGRPC) writeUint32(i uint32) { + eg.growIfRequired(4) + binary.LittleEndian.PutUint32(eg.buf[eg.writeIdx:], i) + eg.writeIdx += 4 +} + +func (eg *encoderGRPC) writeUint64(i uint64) { + eg.growIfRequired(8) + binary.LittleEndian.PutUint64(eg.buf[eg.writeIdx:], i) + eg.writeIdx += 8 +} + +func (eg *encoderGRPC) readByte() byte { + b := eg.buf[eg.readIdx] + eg.readIdx++ + return b +} + +func (eg *encoderGRPC) readUint32() uint32 { + i := binary.LittleEndian.Uint32(eg.buf[eg.readIdx:]) + eg.readIdx += 4 + return i +} + +func (eg *encoderGRPC) readUint64() uint64 { + i := binary.LittleEndian.Uint64(eg.buf[eg.readIdx:]) + eg.readIdx += 8 + return i +} + +func (eg *encoderGRPC) readBytesWithVarintLen() ([]byte, error) { + if eg.readEnded() { + return nil, fmt.Errorf("unexpected end while readBytesWithVarintLen '%x' starting at idx '%v'", eg.buf, eg.readIdx) + } + length, valueStart := binary.Uvarint(eg.buf[eg.readIdx:]) + if valueStart <= 0 { + return nil, fmt.Errorf("unexpected end while readBytesWithVarintLen '%x' starting at idx '%v'", eg.buf, eg.readIdx) + } + + valueStart += eg.readIdx + valueEnd := valueStart + int(length) + if valueEnd > len(eg.buf) { + return nil, fmt.Errorf("malformed encoding: length:%v, upper:%v, maxLength:%v", length, valueEnd, len(eg.buf)) + } + + eg.readIdx = valueEnd + return eg.buf[valueStart:valueEnd], nil +} + +func (eg *encoderGRPC) readStringWithVarintLen() (string, error) { + bytes, err := eg.readBytesWithVarintLen() + if err != nil { + return "", err + } + return string(bytes), nil +} + +func (eg *encoderGRPC) growIfRequired(expected int) { + if len(eg.buf)-eg.writeIdx < expected { + tmp := make([]byte, 2*(len(eg.buf)+1)+expected) + copy(tmp, eg.buf) + eg.buf = tmp + } +} + +func (eg *encoderGRPC) readEnded() bool { + return eg.readIdx >= len(eg.buf) +} + +func (eg *encoderGRPC) bytes() []byte { + return eg.buf[:eg.writeIdx] +} + +// Encode encodes the tag map into a []byte. It is useful to propagate +// the tag maps on wire in binary format. +func Encode(m *Map) []byte { + eg := &encoderGRPC{ + buf: make([]byte, len(m.m)), + } + + eg.writeByte(byte(tagsVersionID)) + for k, v := range m.m { + eg.writeByte(byte(keyTypeString)) + eg.writeStringWithVarintLen(k.name) + eg.writeBytesWithVarintLen([]byte(v)) + } + + return eg.bytes() +} + +// Decode decodes the given []byte into a tag map. +func Decode(bytes []byte) (*Map, error) { + ts := newMap(0) + + eg := &encoderGRPC{ + buf: bytes, + } + if len(eg.buf) == 0 { + return ts, nil + } + + version := eg.readByte() + if version > tagsVersionID { + return nil, fmt.Errorf("cannot decode: unsupported version: %q; supports only up to: %q", version, tagsVersionID) + } + + for !eg.readEnded() { + typ := keyType(eg.readByte()) + + if typ != keyTypeString { + return nil, fmt.Errorf("cannot decode: invalid key type: %q", typ) + } + + k, err := eg.readBytesWithVarintLen() + if err != nil { + return nil, err + } + + v, err := eg.readBytesWithVarintLen() + if err != nil { + return nil, err + } + + key, err := NewKey(string(k)) + if err != nil { + return nil, err // no partial failures + } + val := string(v) + if !checkValue(val) { + return nil, errInvalidValue // no partial failures + } + ts.upsert(key, val) + } + return ts, nil +} diff --git a/vendor/go.opencensus.io/tag/profile_19.go b/vendor/go.opencensus.io/tag/profile_19.go new file mode 100644 index 000000000000..f81cd0b4a78e --- /dev/null +++ b/vendor/go.opencensus.io/tag/profile_19.go @@ -0,0 +1,31 @@ +// Copyright 2018, OpenCensus Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// +build go1.9 + +package tag + +import ( + "context" + "runtime/pprof" +) + +func do(ctx context.Context, f func(ctx context.Context)) { + m := FromContext(ctx) + keyvals := make([]string, 0, 2*len(m.m)) + for k, v := range m.m { + keyvals = append(keyvals, k.Name(), v) + } + pprof.Do(ctx, pprof.Labels(keyvals...), f) +} diff --git a/vendor/go.opencensus.io/tag/profile_not19.go b/vendor/go.opencensus.io/tag/profile_not19.go new file mode 100644 index 000000000000..83adbce56b72 --- /dev/null +++ b/vendor/go.opencensus.io/tag/profile_not19.go @@ -0,0 +1,23 @@ +// Copyright 2018, OpenCensus Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// +build !go1.9 + +package tag + +import "context" + +func do(ctx context.Context, f func(ctx context.Context)) { + f(ctx) +} diff --git a/vendor/go.opencensus.io/tag/validate.go b/vendor/go.opencensus.io/tag/validate.go new file mode 100644 index 000000000000..0939fc67483a --- /dev/null +++ b/vendor/go.opencensus.io/tag/validate.go @@ -0,0 +1,56 @@ +// Copyright 2017, OpenCensus Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package tag + +import "errors" + +const ( + maxKeyLength = 255 + + // valid are restricted to US-ASCII subset (range 0x20 (' ') to 0x7e ('~')). + validKeyValueMin = 32 + validKeyValueMax = 126 +) + +var ( + errInvalidKeyName = errors.New("invalid key name: only ASCII characters accepted; max length must be 255 characters") + errInvalidValue = errors.New("invalid value: only ASCII characters accepted; max length must be 255 characters") +) + +func checkKeyName(name string) bool { + if len(name) == 0 { + return false + } + if len(name) > maxKeyLength { + return false + } + return isASCII(name) +} + +func isASCII(s string) bool { + for _, c := range s { + if (c < validKeyValueMin) || (c > validKeyValueMax) { + return false + } + } + return true +} + +func checkValue(v string) bool { + if len(v) > maxKeyLength { + return false + } + return isASCII(v) +} diff --git a/vendor/go.opencensus.io/trace/basetypes.go b/vendor/go.opencensus.io/trace/basetypes.go new file mode 100644 index 000000000000..5ce66e62c25a --- /dev/null +++ b/vendor/go.opencensus.io/trace/basetypes.go @@ -0,0 +1,121 @@ +// Copyright 2017, OpenCensus Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package trace + +import ( + "fmt" + "time" +) + +type ( + // TraceID is a 16-byte identifier for a set of spans. + TraceID [16]byte + // SpanID is an 8-byte identifier for a single span. + SpanID [8]byte +) + +func (t TraceID) String() string { + return fmt.Sprintf("%02x", [16]byte(t)) +} + +func (s SpanID) String() string { + return fmt.Sprintf("%02x", [8]byte(s)) +} + +// Annotation represents a text annotation with a set of attributes and a timestamp. +type Annotation struct { + Time time.Time + Message string + Attributes map[string]interface{} +} + +// Attribute is an interface for attributes; +// it is implemented by BoolAttribute, IntAttribute, and StringAttribute. +type Attribute interface { + isAttribute() +} + +// BoolAttribute represents a bool-valued attribute. +type BoolAttribute struct { + Key string + Value bool +} + +func (b BoolAttribute) isAttribute() {} + +// Int64Attribute represents an int64-valued attribute. +type Int64Attribute struct { + Key string + Value int64 +} + +func (i Int64Attribute) isAttribute() {} + +// StringAttribute represents a string-valued attribute. +type StringAttribute struct { + Key string + Value string +} + +func (s StringAttribute) isAttribute() {} + +// LinkType specifies the relationship between the span that had the link +// added, and the linked span. +type LinkType int32 + +// LinkType values. +const ( + LinkTypeUnspecified LinkType = iota // The relationship of the two spans is unknown. + LinkTypeChild // The current span is a child of the linked span. + LinkTypeParent // The current span is the parent of the linked span. +) + +// Link represents a reference from one span to another span. +type Link struct { + TraceID TraceID + SpanID SpanID + Type LinkType + // Attributes is a set of attributes on the link. + Attributes map[string]interface{} +} + +// MessageEventType specifies the type of message event. +type MessageEventType int32 + +// MessageEventType values. +const ( + MessageEventTypeUnspecified MessageEventType = iota // Unknown event type. + MessageEventTypeSent // Indicates a sent RPC message. + MessageEventTypeRecv // Indicates a received RPC message. +) + +// MessageEvent represents an event describing a message sent or received on the network. +type MessageEvent struct { + Time time.Time + EventType MessageEventType + MessageID int64 + UncompressedByteSize int64 + CompressedByteSize int64 +} + +// Status is the status of a Span. +type Status struct { + // Code is a status code. Zero indicates success. + // + // If Code will be propagated to Google APIs, it ideally should be a value from + // https://github.com/googleapis/googleapis/blob/master/google/rpc/code.proto . + Code int32 + Message string +} diff --git a/vendor/go.opencensus.io/trace/doc.go b/vendor/go.opencensus.io/trace/doc.go new file mode 100644 index 000000000000..6e96240870c6 --- /dev/null +++ b/vendor/go.opencensus.io/trace/doc.go @@ -0,0 +1,55 @@ +// Copyright 2017, OpenCensus Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +/* +Package trace contains types for representing trace information, and +functions for global configuration of tracing. + +The following assumes a basic familiarity with OpenCensus concepts. +See http://opencensus.io. + + +Enabling Tracing for a Program + +To use OpenCensus tracing, register at least one Exporter. You can use +one of the provided exporters or write your own. + + trace.RegisterExporter(anExporter) + +By default, traces will be sampled relatively rarely. To change the sampling +frequency for your entire program, call SetDefaultSampler. Use a ProbabilitySampler +to sample a subset of traces, or use AlwaysSample to collect a trace on every run: + + trace.SetDefaultSampler(trace.AlwaysSample()) + + +Adding Spans to a Trace + +A trace consists of a tree of spans. In Go, the current span is carried in a +context.Context. + +It is common to want to capture all the activity of a function call in a span. For +this to work, the function must take a context.Context as a parameter. Add these two +lines to the top of the function: + + ctx, span := trace.StartSpan(ctx, "your choice of name") + defer span.End() + +StartSpan will create a new top-level span if the context +doesn't contain another span, otherwise it will create a child span. + +As a suggestion, use the fully-qualified function name as the span name, e.g. +"github.com/me/mypackage.Run". +*/ +package trace // import "go.opencensus.io/trace" diff --git a/vendor/go.opencensus.io/trace/export.go b/vendor/go.opencensus.io/trace/export.go new file mode 100644 index 000000000000..db5d275a2ccf --- /dev/null +++ b/vendor/go.opencensus.io/trace/export.go @@ -0,0 +1,73 @@ +// Copyright 2017, OpenCensus Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package trace + +import ( + "sync" + "time" +) + +// Exporter is a type for functions that receive sampled trace spans. +// +// The ExportSpan method should be safe for concurrent use and should return +// quickly; if an Exporter takes a significant amount of time to process a +// SpanData, that work should be done on another goroutine. +// +// The SpanData should not be modified, but a pointer to it can be kept. +type Exporter interface { + ExportSpan(s *SpanData) +} + +var ( + exportersMu sync.Mutex + exporters map[Exporter]struct{} +) + +// RegisterExporter adds to the list of Exporters that will receive sampled +// trace spans. +func RegisterExporter(e Exporter) { + exportersMu.Lock() + if exporters == nil { + exporters = make(map[Exporter]struct{}) + } + exporters[e] = struct{}{} + exportersMu.Unlock() +} + +// UnregisterExporter removes from the list of Exporters the Exporter that was +// registered with the given name. +func UnregisterExporter(e Exporter) { + exportersMu.Lock() + delete(exporters, e) + exportersMu.Unlock() +} + +// SpanData contains all the information collected by a Span. +type SpanData struct { + SpanContext + ParentSpanID SpanID + Name string + StartTime time.Time + // The wall clock time of EndTime will be adjusted to always be offset + // from StartTime by the duration of the span. + EndTime time.Time + // The values of Attributes each have type string, bool, or int64. + Attributes map[string]interface{} + Annotations []Annotation + MessageEvents []MessageEvent + Status + Links []Link + HasRemoteParent bool +} diff --git a/vendor/go.opencensus.io/trace/propagation/propagation.go b/vendor/go.opencensus.io/trace/propagation/propagation.go new file mode 100644 index 000000000000..744b1d5a2220 --- /dev/null +++ b/vendor/go.opencensus.io/trace/propagation/propagation.go @@ -0,0 +1,108 @@ +// Copyright 2017, OpenCensus Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Package propagation implements the binary trace context format. +package propagation + +// TODO: link to external spec document. + +// BinaryFormat format: +// +// Binary value: +// version_id: 1 byte representing the version id. +// +// For version_id = 0: +// +// version_format: +// field_format: +// +// Fields: +// +// TraceId: (field_id = 0, len = 16, default = "0000000000000000") - 16-byte array representing the trace_id. +// SpanId: (field_id = 1, len = 8, default = "00000000") - 8-byte array representing the span_id. +// TraceOptions: (field_id = 2, len = 1, default = "0") - 1-byte array representing the trace_options. +// +// Fields MUST be encoded using the field id order (smaller to higher). +// +// Valid value example: +// +// {0, 0, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 1, 97, +// 98, 99, 100, 101, 102, 103, 104, 2, 1} +// +// version_id = 0; +// trace_id = {64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79} +// span_id = {97, 98, 99, 100, 101, 102, 103, 104}; +// trace_options = {1}; + +import ( + "net/http" + + "go.opencensus.io/trace" +) + +// Binary returns the binary format representation of a SpanContext. +// +// If sc is the zero value, Binary returns nil. +func Binary(sc trace.SpanContext) []byte { + if sc == (trace.SpanContext{}) { + return nil + } + var b [29]byte + copy(b[2:18], sc.TraceID[:]) + b[18] = 1 + copy(b[19:27], sc.SpanID[:]) + b[27] = 2 + b[28] = uint8(sc.TraceOptions) + return b[:] +} + +// FromBinary returns the SpanContext represented by b. +// +// If b has an unsupported version ID or contains no TraceID, FromBinary +// returns with ok==false. +func FromBinary(b []byte) (sc trace.SpanContext, ok bool) { + if len(b) == 0 || b[0] != 0 { + return trace.SpanContext{}, false + } + b = b[1:] + if len(b) >= 17 && b[0] == 0 { + copy(sc.TraceID[:], b[1:17]) + b = b[17:] + } else { + return trace.SpanContext{}, false + } + if len(b) >= 9 && b[0] == 1 { + copy(sc.SpanID[:], b[1:9]) + b = b[9:] + } + if len(b) >= 2 && b[0] == 2 { + sc.TraceOptions = trace.TraceOptions(b[1]) + } + return sc, true +} + +// HTTPFormat implementations propagate span contexts +// in HTTP requests. +// +// FromRequest extracts a span context from incoming +// requests. +// +// ToRequest modifies the given request to include the given +// span context. +type HTTPFormat interface { + FromRequest(req *http.Request) (sc trace.SpanContext, ok bool) + ToRequest(sc trace.SpanContext, req *http.Request) +} + +// TODO(jbd): Find a more representative but short name for HTTPFormat. diff --git a/vendor/go.opencensus.io/trace/sampling.go b/vendor/go.opencensus.io/trace/sampling.go new file mode 100644 index 000000000000..a5847e3d4e41 --- /dev/null +++ b/vendor/go.opencensus.io/trace/sampling.go @@ -0,0 +1,115 @@ +// Copyright 2017, OpenCensus Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package trace + +import ( + "encoding/binary" +) + +const defaultSamplingProbability = 1e-4 + +var defaultSampler Sampler + +func init() { + defaultSampler = newDefaultSampler() +} + +func newDefaultSampler() Sampler { + return ProbabilitySampler(defaultSamplingProbability) +} + +// SetDefaultSampler sets the default sampler used when creating new spans. +func SetDefaultSampler(sampler Sampler) { + if sampler == nil { + sampler = newDefaultSampler() + } + mu.Lock() + defaultSampler = sampler + mu.Unlock() +} + +// Sampler is an interface for values that have a method that the trace library +// can call to determine whether to export a trace's spans. +type Sampler interface { + Sample(p SamplingParameters) SamplingDecision +} + +// SamplingParameters contains the values passed to a Sampler. +type SamplingParameters struct { + ParentContext SpanContext + TraceID TraceID + SpanID SpanID + Name string + HasRemoteParent bool +} + +// SamplingDecision is the value returned by a Sampler. +type SamplingDecision struct { + Sample bool +} + +// ProbabilitySampler returns a Sampler that samples a given fraction of traces. +// +// It also samples spans whose parents are sampled. +func ProbabilitySampler(fraction float64) Sampler { + if !(fraction >= 0) { + fraction = 0 + } else if fraction >= 1 { + return AlwaysSample() + } + return probabilitySampler{ + traceIDUpperBound: uint64(fraction * (1 << 63)), + } +} + +type probabilitySampler struct { + traceIDUpperBound uint64 +} + +var _ Sampler = (*probabilitySampler)(nil) + +func (s probabilitySampler) Sample(p SamplingParameters) (d SamplingDecision) { + if p.ParentContext.IsSampled() { + return SamplingDecision{Sample: true} + } + x := binary.BigEndian.Uint64(p.TraceID[0:8]) >> 1 + return SamplingDecision{Sample: x < s.traceIDUpperBound} +} + +// AlwaysSample returns a Sampler that samples every trace. +func AlwaysSample() Sampler { + return always{} +} + +type always struct{} + +var _ Sampler = always{} + +func (a always) Sample(p SamplingParameters) SamplingDecision { + return SamplingDecision{Sample: true} +} + +// NeverSample returns a Sampler that samples no traces. +func NeverSample() Sampler { + return never{} +} + +type never struct{} + +var _ Sampler = never{} + +func (n never) Sample(p SamplingParameters) SamplingDecision { + return SamplingDecision{Sample: false} +} diff --git a/vendor/go.opencensus.io/trace/spanbucket.go b/vendor/go.opencensus.io/trace/spanbucket.go new file mode 100644 index 000000000000..fbabad34c000 --- /dev/null +++ b/vendor/go.opencensus.io/trace/spanbucket.go @@ -0,0 +1,130 @@ +// Copyright 2017, OpenCensus Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package trace + +import ( + "time" +) + +// samplePeriod is the minimum time between accepting spans in a single bucket. +const samplePeriod = time.Second + +// defaultLatencies contains the default latency bucket bounds. +// TODO: consider defaults, make configurable +var defaultLatencies = [...]time.Duration{ + 10 * time.Microsecond, + 100 * time.Microsecond, + time.Millisecond, + 10 * time.Millisecond, + 100 * time.Millisecond, + time.Second, + 10 * time.Second, + time.Minute, +} + +// bucket is a container for a set of spans for a particular error code or latency range. +type bucket struct { + nextTime time.Time // next time we can accept a span + buffer []*SpanData // circular buffer of spans + nextIndex int // location next SpanData should be placed in buffer + overflow bool // whether the circular buffer has wrapped around +} + +func makeBucket(bufferSize int) bucket { + return bucket{ + buffer: make([]*SpanData, bufferSize), + } +} + +// add adds a span to the bucket, if nextTime has been reached. +func (b *bucket) add(s *SpanData) { + if s.EndTime.Before(b.nextTime) { + return + } + if len(b.buffer) == 0 { + return + } + b.nextTime = s.EndTime.Add(samplePeriod) + b.buffer[b.nextIndex] = s + b.nextIndex++ + if b.nextIndex == len(b.buffer) { + b.nextIndex = 0 + b.overflow = true + } +} + +// size returns the number of spans in the bucket. +func (b *bucket) size() int { + if b.overflow { + return len(b.buffer) + } + return b.nextIndex +} + +// span returns the ith span in the bucket. +func (b *bucket) span(i int) *SpanData { + if !b.overflow { + return b.buffer[i] + } + if i < len(b.buffer)-b.nextIndex { + return b.buffer[b.nextIndex+i] + } + return b.buffer[b.nextIndex+i-len(b.buffer)] +} + +// resize changes the size of the bucket to n, keeping up to n existing spans. +func (b *bucket) resize(n int) { + cur := b.size() + newBuffer := make([]*SpanData, n) + if cur < n { + for i := 0; i < cur; i++ { + newBuffer[i] = b.span(i) + } + b.buffer = newBuffer + b.nextIndex = cur + b.overflow = false + return + } + for i := 0; i < n; i++ { + newBuffer[i] = b.span(i + cur - n) + } + b.buffer = newBuffer + b.nextIndex = 0 + b.overflow = true +} + +// latencyBucket returns the appropriate bucket number for a given latency. +func latencyBucket(latency time.Duration) int { + i := 0 + for i < len(defaultLatencies) && latency >= defaultLatencies[i] { + i++ + } + return i +} + +// latencyBucketBounds returns the lower and upper bounds for a latency bucket +// number. +// +// The lower bound is inclusive, the upper bound is exclusive (except for the +// last bucket.) +func latencyBucketBounds(index int) (lower time.Duration, upper time.Duration) { + if index == 0 { + return 0, defaultLatencies[index] + } + if index == len(defaultLatencies) { + return defaultLatencies[index-1], 1<<63 - 1 + } + return defaultLatencies[index-1], defaultLatencies[index] +} diff --git a/vendor/go.opencensus.io/trace/spanstore.go b/vendor/go.opencensus.io/trace/spanstore.go new file mode 100644 index 000000000000..c442d990218a --- /dev/null +++ b/vendor/go.opencensus.io/trace/spanstore.go @@ -0,0 +1,306 @@ +// Copyright 2017, OpenCensus Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package trace + +import ( + "sync" + "time" + + "go.opencensus.io/internal" +) + +const ( + maxBucketSize = 100000 + defaultBucketSize = 10 +) + +var ( + ssmu sync.RWMutex // protects spanStores + spanStores = make(map[string]*spanStore) +) + +// This exists purely to avoid exposing internal methods used by z-Pages externally. +type internalOnly struct{} + +func init() { + //TODO(#412): remove + internal.Trace = &internalOnly{} +} + +// ReportActiveSpans returns the active spans for the given name. +func (i internalOnly) ReportActiveSpans(name string) []*SpanData { + s := spanStoreForName(name) + if s == nil { + return nil + } + var out []*SpanData + s.mu.Lock() + defer s.mu.Unlock() + for span := range s.active { + out = append(out, span.makeSpanData()) + } + return out +} + +// ReportSpansByError returns a sample of error spans. +// +// If code is nonzero, only spans with that status code are returned. +func (i internalOnly) ReportSpansByError(name string, code int32) []*SpanData { + s := spanStoreForName(name) + if s == nil { + return nil + } + var out []*SpanData + s.mu.Lock() + defer s.mu.Unlock() + if code != 0 { + if b, ok := s.errors[code]; ok { + for _, sd := range b.buffer { + if sd == nil { + break + } + out = append(out, sd) + } + } + } else { + for _, b := range s.errors { + for _, sd := range b.buffer { + if sd == nil { + break + } + out = append(out, sd) + } + } + } + return out +} + +// ConfigureBucketSizes sets the number of spans to keep per latency and error +// bucket for different span names. +func (i internalOnly) ConfigureBucketSizes(bcs []internal.BucketConfiguration) { + for _, bc := range bcs { + latencyBucketSize := bc.MaxRequestsSucceeded + if latencyBucketSize < 0 { + latencyBucketSize = 0 + } + if latencyBucketSize > maxBucketSize { + latencyBucketSize = maxBucketSize + } + errorBucketSize := bc.MaxRequestsErrors + if errorBucketSize < 0 { + errorBucketSize = 0 + } + if errorBucketSize > maxBucketSize { + errorBucketSize = maxBucketSize + } + spanStoreSetSize(bc.Name, latencyBucketSize, errorBucketSize) + } +} + +// ReportSpansPerMethod returns a summary of what spans are being stored for each span name. +func (i internalOnly) ReportSpansPerMethod() map[string]internal.PerMethodSummary { + out := make(map[string]internal.PerMethodSummary) + ssmu.RLock() + defer ssmu.RUnlock() + for name, s := range spanStores { + s.mu.Lock() + p := internal.PerMethodSummary{ + Active: len(s.active), + } + for code, b := range s.errors { + p.ErrorBuckets = append(p.ErrorBuckets, internal.ErrorBucketSummary{ + ErrorCode: code, + Size: b.size(), + }) + } + for i, b := range s.latency { + min, max := latencyBucketBounds(i) + p.LatencyBuckets = append(p.LatencyBuckets, internal.LatencyBucketSummary{ + MinLatency: min, + MaxLatency: max, + Size: b.size(), + }) + } + s.mu.Unlock() + out[name] = p + } + return out +} + +// ReportSpansByLatency returns a sample of successful spans. +// +// minLatency is the minimum latency of spans to be returned. +// maxLatency, if nonzero, is the maximum latency of spans to be returned. +func (i internalOnly) ReportSpansByLatency(name string, minLatency, maxLatency time.Duration) []*SpanData { + s := spanStoreForName(name) + if s == nil { + return nil + } + var out []*SpanData + s.mu.Lock() + defer s.mu.Unlock() + for i, b := range s.latency { + min, max := latencyBucketBounds(i) + if i+1 != len(s.latency) && max <= minLatency { + continue + } + if maxLatency != 0 && maxLatency < min { + continue + } + for _, sd := range b.buffer { + if sd == nil { + break + } + if minLatency != 0 || maxLatency != 0 { + d := sd.EndTime.Sub(sd.StartTime) + if d < minLatency { + continue + } + if maxLatency != 0 && d > maxLatency { + continue + } + } + out = append(out, sd) + } + } + return out +} + +// spanStore keeps track of spans stored for a particular span name. +// +// It contains all active spans; a sample of spans for failed requests, +// categorized by error code; and a sample of spans for successful requests, +// bucketed by latency. +type spanStore struct { + mu sync.Mutex // protects everything below. + active map[*Span]struct{} + errors map[int32]*bucket + latency []bucket + maxSpansPerErrorBucket int +} + +// newSpanStore creates a span store. +func newSpanStore(name string, latencyBucketSize int, errorBucketSize int) *spanStore { + s := &spanStore{ + active: make(map[*Span]struct{}), + latency: make([]bucket, len(defaultLatencies)+1), + maxSpansPerErrorBucket: errorBucketSize, + } + for i := range s.latency { + s.latency[i] = makeBucket(latencyBucketSize) + } + return s +} + +// spanStoreForName returns the spanStore for the given name. +// +// It returns nil if it doesn't exist. +func spanStoreForName(name string) *spanStore { + var s *spanStore + ssmu.RLock() + s, _ = spanStores[name] + ssmu.RUnlock() + return s +} + +// spanStoreForNameCreateIfNew returns the spanStore for the given name. +// +// It creates it if it didn't exist. +func spanStoreForNameCreateIfNew(name string) *spanStore { + ssmu.RLock() + s, ok := spanStores[name] + ssmu.RUnlock() + if ok { + return s + } + ssmu.Lock() + defer ssmu.Unlock() + s, ok = spanStores[name] + if ok { + return s + } + s = newSpanStore(name, defaultBucketSize, defaultBucketSize) + spanStores[name] = s + return s +} + +// spanStoreSetSize resizes the spanStore for the given name. +// +// It creates it if it didn't exist. +func spanStoreSetSize(name string, latencyBucketSize int, errorBucketSize int) { + ssmu.RLock() + s, ok := spanStores[name] + ssmu.RUnlock() + if ok { + s.resize(latencyBucketSize, errorBucketSize) + return + } + ssmu.Lock() + defer ssmu.Unlock() + s, ok = spanStores[name] + if ok { + s.resize(latencyBucketSize, errorBucketSize) + return + } + s = newSpanStore(name, latencyBucketSize, errorBucketSize) + spanStores[name] = s +} + +func (s *spanStore) resize(latencyBucketSize int, errorBucketSize int) { + s.mu.Lock() + for i := range s.latency { + s.latency[i].resize(latencyBucketSize) + } + for _, b := range s.errors { + b.resize(errorBucketSize) + } + s.maxSpansPerErrorBucket = errorBucketSize + s.mu.Unlock() +} + +// add adds a span to the active bucket of the spanStore. +func (s *spanStore) add(span *Span) { + s.mu.Lock() + s.active[span] = struct{}{} + s.mu.Unlock() +} + +// finished removes a span from the active set, and adds a corresponding +// SpanData to a latency or error bucket. +func (s *spanStore) finished(span *Span, sd *SpanData) { + latency := sd.EndTime.Sub(sd.StartTime) + if latency < 0 { + latency = 0 + } + code := sd.Status.Code + + s.mu.Lock() + delete(s.active, span) + if code == 0 { + s.latency[latencyBucket(latency)].add(sd) + } else { + if s.errors == nil { + s.errors = make(map[int32]*bucket) + } + if b := s.errors[code]; b != nil { + b.add(sd) + } else { + b := makeBucket(s.maxSpansPerErrorBucket) + s.errors[code] = &b + b.add(sd) + } + } + s.mu.Unlock() +} diff --git a/vendor/go.opencensus.io/trace/trace.go b/vendor/go.opencensus.io/trace/trace.go new file mode 100644 index 000000000000..dfcee60b38c2 --- /dev/null +++ b/vendor/go.opencensus.io/trace/trace.go @@ -0,0 +1,463 @@ +// Copyright 2017, OpenCensus Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package trace + +import ( + "context" + crand "crypto/rand" + "encoding/binary" + "fmt" + "math/rand" + "sync" + "time" +) + +// Span represents a span of a trace. It has an associated SpanContext, and +// stores data accumulated while the span is active. +// +// Ideally users should interact with Spans by calling the functions in this +// package that take a Context parameter. +type Span struct { + // data contains information recorded about the span. + // + // It will be non-nil if we are exporting the span or recording events for it. + // Otherwise, data is nil, and the Span is simply a carrier for the + // SpanContext, so that the trace ID is propagated. + data *SpanData + mu sync.Mutex // protects the contents of *data (but not the pointer value.) + spanContext SpanContext + // spanStore is the spanStore this span belongs to, if any, otherwise it is nil. + *spanStore + exportOnce sync.Once +} + +// IsRecordingEvents returns true if events are being recorded for this span. +func (s *Span) IsRecordingEvents() bool { + if s == nil { + return false + } + return s.data != nil +} + +// TraceOptions contains options associated with a trace span. +type TraceOptions uint32 + +// IsSampled returns true if the span will be exported. +func (sc SpanContext) IsSampled() bool { + return sc.TraceOptions.IsSampled() +} + +// setIsSampled sets the TraceOptions bit that determines whether the span will be exported. +func (sc *SpanContext) setIsSampled(sampled bool) { + if sampled { + sc.TraceOptions |= 1 + } else { + sc.TraceOptions &= ^TraceOptions(1) + } +} + +// IsSampled returns true if the span will be exported. +func (t TraceOptions) IsSampled() bool { + return t&1 == 1 +} + +// SpanContext contains the state that must propagate across process boundaries. +// +// SpanContext is not an implementation of context.Context. +// TODO: add reference to external Census docs for SpanContext. +type SpanContext struct { + TraceID TraceID + SpanID SpanID + TraceOptions TraceOptions +} + +type contextKey struct{} + +// FromContext returns the Span stored in a context, or nil if there isn't one. +func FromContext(ctx context.Context) *Span { + s, _ := ctx.Value(contextKey{}).(*Span) + return s +} + +// WithSpan returns a new context with the given Span attached. +func WithSpan(parent context.Context, s *Span) context.Context { + return context.WithValue(parent, contextKey{}, s) +} + +// StartOptions contains options concerning how a span is started. +type StartOptions struct { + // RecordEvents indicates whether to record data for this span, and include + // the span in a local span store. + // Events will also be recorded if the span will be exported. + RecordEvents bool + + Sampler Sampler // if non-nil, the Sampler to consult for this span. + + // RegisterNameForLocalSpanStore indicates that a local span store for spans + // of this name should be created, if one does not exist. + // If RecordEvents is false, this option has no effect. + RegisterNameForLocalSpanStore bool +} + +// TODO(jbd): Remove start options. + +// StartSpan starts a new child span of the current span in the context. +// +// If there is no span in the context, creates a new trace and span. +func StartSpan(ctx context.Context, name string) (context.Context, *Span) { + parentSpan, _ := ctx.Value(contextKey{}).(*Span) + span := NewSpan(name, parentSpan, StartOptions{}) + return WithSpan(ctx, span), span +} + +// StartSpanWithOptions starts a new child span of the current span in the context. +// +// If there is no span in the context, creates a new trace and span. +func StartSpanWithOptions(ctx context.Context, name string, o StartOptions) (context.Context, *Span) { + parentSpan, _ := ctx.Value(contextKey{}).(*Span) + span := NewSpan(name, parentSpan, o) + return WithSpan(ctx, span), span +} + +// StartSpanWithRemoteParent starts a new child span with the given parent SpanContext. +// +// If there is an existing span in ctx, it is ignored -- the returned Span is a +// child of the span specified by parent. +func StartSpanWithRemoteParent(ctx context.Context, name string, parent SpanContext, o StartOptions) (context.Context, *Span) { + span := NewSpanWithRemoteParent(name, parent, o) + return WithSpan(ctx, span), span +} + +// NewSpan returns a new span. +// +// If parent is not nil, created span will be a child of the parent. +func NewSpan(name string, parent *Span, o StartOptions) *Span { + hasParent := false + var parentSpanContext SpanContext + if parent != nil { + hasParent = true + parentSpanContext = parent.SpanContext() + } + return startSpanInternal(name, hasParent, parentSpanContext, false, o) +} + +// NewSpanWithRemoteParent returns a new span with the given parent SpanContext. +func NewSpanWithRemoteParent(name string, parent SpanContext, o StartOptions) *Span { + return startSpanInternal(name, true, parent, true, o) +} + +func startSpanInternal(name string, hasParent bool, parent SpanContext, remoteParent bool, o StartOptions) *Span { + span := &Span{} + span.spanContext = parent + mu.Lock() + if !hasParent { + span.spanContext.TraceID = newTraceIDLocked() + } + span.spanContext.SpanID = newSpanIDLocked() + sampler := defaultSampler + mu.Unlock() + + if !hasParent || remoteParent || o.Sampler != nil { + // If this span is the child of a local span and no Sampler is set in the + // options, keep the parent's TraceOptions. + // + // Otherwise, consult the Sampler in the options if it is non-nil, otherwise + // the default sampler. + if o.Sampler != nil { + sampler = o.Sampler + } + span.spanContext.setIsSampled(sampler.Sample(SamplingParameters{ + ParentContext: parent, + TraceID: span.spanContext.TraceID, + SpanID: span.spanContext.SpanID, + Name: name, + HasRemoteParent: remoteParent}).Sample) + } + + if !o.RecordEvents && !span.spanContext.IsSampled() { + return span + } + + span.data = &SpanData{ + SpanContext: span.spanContext, + StartTime: time.Now(), + Name: name, + HasRemoteParent: remoteParent, + } + if hasParent { + span.data.ParentSpanID = parent.SpanID + } + if o.RecordEvents { + var ss *spanStore + if o.RegisterNameForLocalSpanStore { + ss = spanStoreForNameCreateIfNew(name) + } else { + ss = spanStoreForName(name) + } + if ss != nil { + span.spanStore = ss + ss.add(span) + } + } + + return span +} + +// End ends the span. +func (s *Span) End() { + if !s.IsRecordingEvents() { + return + } + s.exportOnce.Do(func() { + // TODO: optimize to avoid this call if sd won't be used. + sd := s.makeSpanData() + sd.EndTime = sd.StartTime.Add(time.Since(sd.StartTime)) + if s.spanStore != nil { + s.spanStore.finished(s, sd) + } + if s.spanContext.IsSampled() { + // TODO: consider holding exportersMu for less time. + exportersMu.Lock() + defer exportersMu.Unlock() + for e := range exporters { + e.ExportSpan(sd) + } + } + }) +} + +// makeSpanData produces a SpanData representing the current state of the Span. +// It requires that s.data is non-nil. +func (s *Span) makeSpanData() *SpanData { + var sd SpanData + s.mu.Lock() + sd = *s.data + if s.data.Attributes != nil { + sd.Attributes = make(map[string]interface{}) + for k, v := range s.data.Attributes { + sd.Attributes[k] = v + } + } + s.mu.Unlock() + return &sd +} + +// SpanContext returns the SpanContext of the span. +func (s *Span) SpanContext() SpanContext { + if s == nil { + return SpanContext{} + } + return s.spanContext +} + +// SetStatus sets the status of the span, if it is recording events. +func (s *Span) SetStatus(status Status) { + if !s.IsRecordingEvents() { + return + } + s.mu.Lock() + s.data.Status = status + s.mu.Unlock() +} + +// SetAttributes sets attributes in the span. +// +// Existing attributes whose keys appear in the attributes parameter are overwritten. +func (s *Span) SetAttributes(attributes ...Attribute) { + if !s.IsRecordingEvents() { + return + } + s.mu.Lock() + if s.data.Attributes == nil { + s.data.Attributes = make(map[string]interface{}) + } + copyAttributes(s.data.Attributes, attributes) + s.mu.Unlock() +} + +// copyAttributes copies a slice of Attributes into a map. +func copyAttributes(m map[string]interface{}, attributes []Attribute) { + for _, a := range attributes { + switch a := a.(type) { + case BoolAttribute: + m[a.Key] = a.Value + case Int64Attribute: + m[a.Key] = a.Value + case StringAttribute: + m[a.Key] = a.Value + } + } +} + +func (s *Span) lazyPrintfInternal(attributes []Attribute, format string, a ...interface{}) { + now := time.Now() + msg := fmt.Sprintf(format, a...) + var m map[string]interface{} + s.mu.Lock() + if len(attributes) != 0 { + m = make(map[string]interface{}) + copyAttributes(m, attributes) + } + s.data.Annotations = append(s.data.Annotations, Annotation{ + Time: now, + Message: msg, + Attributes: m, + }) + s.mu.Unlock() +} + +func (s *Span) printStringInternal(attributes []Attribute, str string) { + now := time.Now() + var a map[string]interface{} + s.mu.Lock() + if len(attributes) != 0 { + a = make(map[string]interface{}) + copyAttributes(a, attributes) + } + s.data.Annotations = append(s.data.Annotations, Annotation{ + Time: now, + Message: str, + Attributes: a, + }) + s.mu.Unlock() +} + +// Annotate adds an annotation with attributes. +// Attributes can be nil. +func (s *Span) Annotate(attributes []Attribute, str string) { + if !s.IsRecordingEvents() { + return + } + s.printStringInternal(attributes, str) +} + +// Annotatef adds an annotation with attributes. +func (s *Span) Annotatef(attributes []Attribute, format string, a ...interface{}) { + if !s.IsRecordingEvents() { + return + } + s.lazyPrintfInternal(attributes, format, a...) +} + +// AddMessageSendEvent adds a message send event to the span. +// +// messageID is an identifier for the message, which is recommended to be +// unique in this span and the same between the send event and the receive +// event (this allows to identify a message between the sender and receiver). +// For example, this could be a sequence id. +func (s *Span) AddMessageSendEvent(messageID, uncompressedByteSize, compressedByteSize int64) { + if !s.IsRecordingEvents() { + return + } + now := time.Now() + s.mu.Lock() + s.data.MessageEvents = append(s.data.MessageEvents, MessageEvent{ + Time: now, + EventType: MessageEventTypeSent, + MessageID: messageID, + UncompressedByteSize: uncompressedByteSize, + CompressedByteSize: compressedByteSize, + }) + s.mu.Unlock() +} + +// AddMessageReceiveEvent adds a message receive event to the span. +// +// messageID is an identifier for the message, which is recommended to be +// unique in this span and the same between the send event and the receive +// event (this allows to identify a message between the sender and receiver). +// For example, this could be a sequence id. +func (s *Span) AddMessageReceiveEvent(messageID, uncompressedByteSize, compressedByteSize int64) { + if !s.IsRecordingEvents() { + return + } + now := time.Now() + s.mu.Lock() + s.data.MessageEvents = append(s.data.MessageEvents, MessageEvent{ + Time: now, + EventType: MessageEventTypeRecv, + MessageID: messageID, + UncompressedByteSize: uncompressedByteSize, + CompressedByteSize: compressedByteSize, + }) + s.mu.Unlock() +} + +// AddLink adds a link to the span. +func (s *Span) AddLink(l Link) { + if !s.IsRecordingEvents() { + return + } + s.mu.Lock() + s.data.Links = append(s.data.Links, l) + s.mu.Unlock() +} + +func (s *Span) String() string { + if s == nil { + return "" + } + if s.data == nil { + return fmt.Sprintf("span %s", s.spanContext.SpanID) + } + s.mu.Lock() + str := fmt.Sprintf("span %s %q", s.spanContext.SpanID, s.data.Name) + s.mu.Unlock() + return str +} + +var ( + mu sync.Mutex // protects the variables below + traceIDRand *rand.Rand + traceIDAdd [2]uint64 + nextSpanID uint64 + spanIDInc uint64 +) + +func init() { + // initialize traceID and spanID generators. + var rngSeed int64 + for _, p := range []interface{}{ + &rngSeed, &traceIDAdd, &nextSpanID, &spanIDInc, + } { + binary.Read(crand.Reader, binary.LittleEndian, p) + } + traceIDRand = rand.New(rand.NewSource(rngSeed)) + spanIDInc |= 1 +} + +// newSpanIDLocked returns a non-zero SpanID from a randomly-chosen sequence. +// mu should be held while this function is called. +func newSpanIDLocked() SpanID { + id := nextSpanID + nextSpanID += spanIDInc + if nextSpanID == 0 { + nextSpanID += spanIDInc + } + var sid SpanID + binary.LittleEndian.PutUint64(sid[:], id) + return sid +} + +// newTraceIDLocked returns a non-zero TraceID from a randomly-chosen sequence. +// mu should be held while this function is called. +func newTraceIDLocked() TraceID { + var tid TraceID + // Construct the trace ID from two outputs of traceIDRand, with a constant + // added to each half for additional entropy. + binary.LittleEndian.PutUint64(tid[0:8], traceIDRand.Uint64()+traceIDAdd[0]) + binary.LittleEndian.PutUint64(tid[8:16], traceIDRand.Uint64()+traceIDAdd[1]) + return tid +} diff --git a/vendor/google.golang.org/api/transport/grpc/dial.go b/vendor/google.golang.org/api/transport/grpc/dial.go new file mode 100644 index 000000000000..4d0c346f3f4c --- /dev/null +++ b/vendor/google.golang.org/api/transport/grpc/dial.go @@ -0,0 +1,83 @@ +// Copyright 2015 Google Inc. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Package transport/grpc supports network connections to GRPC servers. +// This package is not intended for use by end developers. Use the +// google.golang.org/api/option package to configure API clients. +package grpc + +import ( + "errors" + + "golang.org/x/net/context" + "google.golang.org/api/internal" + "google.golang.org/api/option" + "google.golang.org/grpc" + "google.golang.org/grpc/credentials" + "google.golang.org/grpc/credentials/oauth" +) + +// Set at init time by dial_appengine.go. If nil, we're not on App Engine. +var appengineDialerHook func(context.Context) grpc.DialOption + +// Dial returns a GRPC connection for use communicating with a Google cloud +// service, configured with the given ClientOptions. +func Dial(ctx context.Context, opts ...option.ClientOption) (*grpc.ClientConn, error) { + return dial(ctx, false, opts) +} + +// DialInsecure returns an insecure GRPC connection for use communicating +// with fake or mock Google cloud service implementations, such as emulators. +// The connection is configured with the given ClientOptions. +func DialInsecure(ctx context.Context, opts ...option.ClientOption) (*grpc.ClientConn, error) { + return dial(ctx, true, opts) +} + +func dial(ctx context.Context, insecure bool, opts []option.ClientOption) (*grpc.ClientConn, error) { + var o internal.DialSettings + for _, opt := range opts { + opt.Apply(&o) + } + if err := o.Validate(); err != nil { + return nil, err + } + if o.HTTPClient != nil { + return nil, errors.New("unsupported HTTP client specified") + } + if o.GRPCConn != nil { + return o.GRPCConn, nil + } + var grpcOpts []grpc.DialOption + if insecure { + grpcOpts = []grpc.DialOption{grpc.WithInsecure()} + } else if !o.NoAuth { + creds, err := internal.Creds(ctx, &o) + if err != nil { + return nil, err + } + grpcOpts = []grpc.DialOption{ + grpc.WithPerRPCCredentials(oauth.TokenSource{creds.TokenSource}), + grpc.WithTransportCredentials(credentials.NewClientTLSFromCert(nil, "")), + } + } + if appengineDialerHook != nil { + // Use the Socket API on App Engine. + grpcOpts = append(grpcOpts, appengineDialerHook(ctx)) + } + grpcOpts = append(grpcOpts, o.GRPCDialOpts...) + if o.UserAgent != "" { + grpcOpts = append(grpcOpts, grpc.WithUserAgent(o.UserAgent)) + } + return grpc.DialContext(ctx, o.Endpoint, grpcOpts...) +} diff --git a/vendor/google.golang.org/api/transport/grpc/dial_appengine.go b/vendor/google.golang.org/api/transport/grpc/dial_appengine.go new file mode 100644 index 000000000000..a40cef2506ad --- /dev/null +++ b/vendor/google.golang.org/api/transport/grpc/dial_appengine.go @@ -0,0 +1,41 @@ +// Copyright 2016 Google Inc. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// +build appengine + +package grpc + +import ( + "net" + "time" + + "golang.org/x/net/context" + "google.golang.org/appengine" + "google.golang.org/appengine/socket" + "google.golang.org/grpc" +) + +func init() { + // NOTE: dev_appserver doesn't currently support SSL. + // When it does, this code can be removed. + if appengine.IsDevAppServer() { + return + } + + appengineDialerHook = func(ctx context.Context) grpc.DialOption { + return grpc.WithDialer(func(addr string, timeout time.Duration) (net.Conn, error) { + return socket.DialTimeout(ctx, "tcp", addr, timeout) + }) + } +} diff --git a/vendor/google.golang.org/appengine/internal/socket/socket_service.pb.go b/vendor/google.golang.org/appengine/internal/socket/socket_service.pb.go new file mode 100644 index 000000000000..60628ec9b9c8 --- /dev/null +++ b/vendor/google.golang.org/appengine/internal/socket/socket_service.pb.go @@ -0,0 +1,1858 @@ +// Code generated by protoc-gen-go. +// source: google.golang.org/appengine/internal/socket/socket_service.proto +// DO NOT EDIT! + +/* +Package socket is a generated protocol buffer package. + +It is generated from these files: + google.golang.org/appengine/internal/socket/socket_service.proto + +It has these top-level messages: + RemoteSocketServiceError + AddressPort + CreateSocketRequest + CreateSocketReply + BindRequest + BindReply + GetSocketNameRequest + GetSocketNameReply + GetPeerNameRequest + GetPeerNameReply + SocketOption + SetSocketOptionsRequest + SetSocketOptionsReply + GetSocketOptionsRequest + GetSocketOptionsReply + ConnectRequest + ConnectReply + ListenRequest + ListenReply + AcceptRequest + AcceptReply + ShutDownRequest + ShutDownReply + CloseRequest + CloseReply + SendRequest + SendReply + ReceiveRequest + ReceiveReply + PollEvent + PollRequest + PollReply + ResolveRequest + ResolveReply +*/ +package socket + +import proto "github.com/golang/protobuf/proto" +import fmt "fmt" +import math "math" + +// Reference imports to suppress errors if they are not otherwise used. +var _ = proto.Marshal +var _ = fmt.Errorf +var _ = math.Inf + +type RemoteSocketServiceError_ErrorCode int32 + +const ( + RemoteSocketServiceError_SYSTEM_ERROR RemoteSocketServiceError_ErrorCode = 1 + RemoteSocketServiceError_GAI_ERROR RemoteSocketServiceError_ErrorCode = 2 + RemoteSocketServiceError_FAILURE RemoteSocketServiceError_ErrorCode = 4 + RemoteSocketServiceError_PERMISSION_DENIED RemoteSocketServiceError_ErrorCode = 5 + RemoteSocketServiceError_INVALID_REQUEST RemoteSocketServiceError_ErrorCode = 6 + RemoteSocketServiceError_SOCKET_CLOSED RemoteSocketServiceError_ErrorCode = 7 +) + +var RemoteSocketServiceError_ErrorCode_name = map[int32]string{ + 1: "SYSTEM_ERROR", + 2: "GAI_ERROR", + 4: "FAILURE", + 5: "PERMISSION_DENIED", + 6: "INVALID_REQUEST", + 7: "SOCKET_CLOSED", +} +var RemoteSocketServiceError_ErrorCode_value = map[string]int32{ + "SYSTEM_ERROR": 1, + "GAI_ERROR": 2, + "FAILURE": 4, + "PERMISSION_DENIED": 5, + "INVALID_REQUEST": 6, + "SOCKET_CLOSED": 7, +} + +func (x RemoteSocketServiceError_ErrorCode) Enum() *RemoteSocketServiceError_ErrorCode { + p := new(RemoteSocketServiceError_ErrorCode) + *p = x + return p +} +func (x RemoteSocketServiceError_ErrorCode) String() string { + return proto.EnumName(RemoteSocketServiceError_ErrorCode_name, int32(x)) +} +func (x *RemoteSocketServiceError_ErrorCode) UnmarshalJSON(data []byte) error { + value, err := proto.UnmarshalJSONEnum(RemoteSocketServiceError_ErrorCode_value, data, "RemoteSocketServiceError_ErrorCode") + if err != nil { + return err + } + *x = RemoteSocketServiceError_ErrorCode(value) + return nil +} + +type RemoteSocketServiceError_SystemError int32 + +const ( + RemoteSocketServiceError_SYS_SUCCESS RemoteSocketServiceError_SystemError = 0 + RemoteSocketServiceError_SYS_EPERM RemoteSocketServiceError_SystemError = 1 + RemoteSocketServiceError_SYS_ENOENT RemoteSocketServiceError_SystemError = 2 + RemoteSocketServiceError_SYS_ESRCH RemoteSocketServiceError_SystemError = 3 + RemoteSocketServiceError_SYS_EINTR RemoteSocketServiceError_SystemError = 4 + RemoteSocketServiceError_SYS_EIO RemoteSocketServiceError_SystemError = 5 + RemoteSocketServiceError_SYS_ENXIO RemoteSocketServiceError_SystemError = 6 + RemoteSocketServiceError_SYS_E2BIG RemoteSocketServiceError_SystemError = 7 + RemoteSocketServiceError_SYS_ENOEXEC RemoteSocketServiceError_SystemError = 8 + RemoteSocketServiceError_SYS_EBADF RemoteSocketServiceError_SystemError = 9 + RemoteSocketServiceError_SYS_ECHILD RemoteSocketServiceError_SystemError = 10 + RemoteSocketServiceError_SYS_EAGAIN RemoteSocketServiceError_SystemError = 11 + RemoteSocketServiceError_SYS_EWOULDBLOCK RemoteSocketServiceError_SystemError = 11 + RemoteSocketServiceError_SYS_ENOMEM RemoteSocketServiceError_SystemError = 12 + RemoteSocketServiceError_SYS_EACCES RemoteSocketServiceError_SystemError = 13 + RemoteSocketServiceError_SYS_EFAULT RemoteSocketServiceError_SystemError = 14 + RemoteSocketServiceError_SYS_ENOTBLK RemoteSocketServiceError_SystemError = 15 + RemoteSocketServiceError_SYS_EBUSY RemoteSocketServiceError_SystemError = 16 + RemoteSocketServiceError_SYS_EEXIST RemoteSocketServiceError_SystemError = 17 + RemoteSocketServiceError_SYS_EXDEV RemoteSocketServiceError_SystemError = 18 + RemoteSocketServiceError_SYS_ENODEV RemoteSocketServiceError_SystemError = 19 + RemoteSocketServiceError_SYS_ENOTDIR RemoteSocketServiceError_SystemError = 20 + RemoteSocketServiceError_SYS_EISDIR RemoteSocketServiceError_SystemError = 21 + RemoteSocketServiceError_SYS_EINVAL RemoteSocketServiceError_SystemError = 22 + RemoteSocketServiceError_SYS_ENFILE RemoteSocketServiceError_SystemError = 23 + RemoteSocketServiceError_SYS_EMFILE RemoteSocketServiceError_SystemError = 24 + RemoteSocketServiceError_SYS_ENOTTY RemoteSocketServiceError_SystemError = 25 + RemoteSocketServiceError_SYS_ETXTBSY RemoteSocketServiceError_SystemError = 26 + RemoteSocketServiceError_SYS_EFBIG RemoteSocketServiceError_SystemError = 27 + RemoteSocketServiceError_SYS_ENOSPC RemoteSocketServiceError_SystemError = 28 + RemoteSocketServiceError_SYS_ESPIPE RemoteSocketServiceError_SystemError = 29 + RemoteSocketServiceError_SYS_EROFS RemoteSocketServiceError_SystemError = 30 + RemoteSocketServiceError_SYS_EMLINK RemoteSocketServiceError_SystemError = 31 + RemoteSocketServiceError_SYS_EPIPE RemoteSocketServiceError_SystemError = 32 + RemoteSocketServiceError_SYS_EDOM RemoteSocketServiceError_SystemError = 33 + RemoteSocketServiceError_SYS_ERANGE RemoteSocketServiceError_SystemError = 34 + RemoteSocketServiceError_SYS_EDEADLK RemoteSocketServiceError_SystemError = 35 + RemoteSocketServiceError_SYS_EDEADLOCK RemoteSocketServiceError_SystemError = 35 + RemoteSocketServiceError_SYS_ENAMETOOLONG RemoteSocketServiceError_SystemError = 36 + RemoteSocketServiceError_SYS_ENOLCK RemoteSocketServiceError_SystemError = 37 + RemoteSocketServiceError_SYS_ENOSYS RemoteSocketServiceError_SystemError = 38 + RemoteSocketServiceError_SYS_ENOTEMPTY RemoteSocketServiceError_SystemError = 39 + RemoteSocketServiceError_SYS_ELOOP RemoteSocketServiceError_SystemError = 40 + RemoteSocketServiceError_SYS_ENOMSG RemoteSocketServiceError_SystemError = 42 + RemoteSocketServiceError_SYS_EIDRM RemoteSocketServiceError_SystemError = 43 + RemoteSocketServiceError_SYS_ECHRNG RemoteSocketServiceError_SystemError = 44 + RemoteSocketServiceError_SYS_EL2NSYNC RemoteSocketServiceError_SystemError = 45 + RemoteSocketServiceError_SYS_EL3HLT RemoteSocketServiceError_SystemError = 46 + RemoteSocketServiceError_SYS_EL3RST RemoteSocketServiceError_SystemError = 47 + RemoteSocketServiceError_SYS_ELNRNG RemoteSocketServiceError_SystemError = 48 + RemoteSocketServiceError_SYS_EUNATCH RemoteSocketServiceError_SystemError = 49 + RemoteSocketServiceError_SYS_ENOCSI RemoteSocketServiceError_SystemError = 50 + RemoteSocketServiceError_SYS_EL2HLT RemoteSocketServiceError_SystemError = 51 + RemoteSocketServiceError_SYS_EBADE RemoteSocketServiceError_SystemError = 52 + RemoteSocketServiceError_SYS_EBADR RemoteSocketServiceError_SystemError = 53 + RemoteSocketServiceError_SYS_EXFULL RemoteSocketServiceError_SystemError = 54 + RemoteSocketServiceError_SYS_ENOANO RemoteSocketServiceError_SystemError = 55 + RemoteSocketServiceError_SYS_EBADRQC RemoteSocketServiceError_SystemError = 56 + RemoteSocketServiceError_SYS_EBADSLT RemoteSocketServiceError_SystemError = 57 + RemoteSocketServiceError_SYS_EBFONT RemoteSocketServiceError_SystemError = 59 + RemoteSocketServiceError_SYS_ENOSTR RemoteSocketServiceError_SystemError = 60 + RemoteSocketServiceError_SYS_ENODATA RemoteSocketServiceError_SystemError = 61 + RemoteSocketServiceError_SYS_ETIME RemoteSocketServiceError_SystemError = 62 + RemoteSocketServiceError_SYS_ENOSR RemoteSocketServiceError_SystemError = 63 + RemoteSocketServiceError_SYS_ENONET RemoteSocketServiceError_SystemError = 64 + RemoteSocketServiceError_SYS_ENOPKG RemoteSocketServiceError_SystemError = 65 + RemoteSocketServiceError_SYS_EREMOTE RemoteSocketServiceError_SystemError = 66 + RemoteSocketServiceError_SYS_ENOLINK RemoteSocketServiceError_SystemError = 67 + RemoteSocketServiceError_SYS_EADV RemoteSocketServiceError_SystemError = 68 + RemoteSocketServiceError_SYS_ESRMNT RemoteSocketServiceError_SystemError = 69 + RemoteSocketServiceError_SYS_ECOMM RemoteSocketServiceError_SystemError = 70 + RemoteSocketServiceError_SYS_EPROTO RemoteSocketServiceError_SystemError = 71 + RemoteSocketServiceError_SYS_EMULTIHOP RemoteSocketServiceError_SystemError = 72 + RemoteSocketServiceError_SYS_EDOTDOT RemoteSocketServiceError_SystemError = 73 + RemoteSocketServiceError_SYS_EBADMSG RemoteSocketServiceError_SystemError = 74 + RemoteSocketServiceError_SYS_EOVERFLOW RemoteSocketServiceError_SystemError = 75 + RemoteSocketServiceError_SYS_ENOTUNIQ RemoteSocketServiceError_SystemError = 76 + RemoteSocketServiceError_SYS_EBADFD RemoteSocketServiceError_SystemError = 77 + RemoteSocketServiceError_SYS_EREMCHG RemoteSocketServiceError_SystemError = 78 + RemoteSocketServiceError_SYS_ELIBACC RemoteSocketServiceError_SystemError = 79 + RemoteSocketServiceError_SYS_ELIBBAD RemoteSocketServiceError_SystemError = 80 + RemoteSocketServiceError_SYS_ELIBSCN RemoteSocketServiceError_SystemError = 81 + RemoteSocketServiceError_SYS_ELIBMAX RemoteSocketServiceError_SystemError = 82 + RemoteSocketServiceError_SYS_ELIBEXEC RemoteSocketServiceError_SystemError = 83 + RemoteSocketServiceError_SYS_EILSEQ RemoteSocketServiceError_SystemError = 84 + RemoteSocketServiceError_SYS_ERESTART RemoteSocketServiceError_SystemError = 85 + RemoteSocketServiceError_SYS_ESTRPIPE RemoteSocketServiceError_SystemError = 86 + RemoteSocketServiceError_SYS_EUSERS RemoteSocketServiceError_SystemError = 87 + RemoteSocketServiceError_SYS_ENOTSOCK RemoteSocketServiceError_SystemError = 88 + RemoteSocketServiceError_SYS_EDESTADDRREQ RemoteSocketServiceError_SystemError = 89 + RemoteSocketServiceError_SYS_EMSGSIZE RemoteSocketServiceError_SystemError = 90 + RemoteSocketServiceError_SYS_EPROTOTYPE RemoteSocketServiceError_SystemError = 91 + RemoteSocketServiceError_SYS_ENOPROTOOPT RemoteSocketServiceError_SystemError = 92 + RemoteSocketServiceError_SYS_EPROTONOSUPPORT RemoteSocketServiceError_SystemError = 93 + RemoteSocketServiceError_SYS_ESOCKTNOSUPPORT RemoteSocketServiceError_SystemError = 94 + RemoteSocketServiceError_SYS_EOPNOTSUPP RemoteSocketServiceError_SystemError = 95 + RemoteSocketServiceError_SYS_ENOTSUP RemoteSocketServiceError_SystemError = 95 + RemoteSocketServiceError_SYS_EPFNOSUPPORT RemoteSocketServiceError_SystemError = 96 + RemoteSocketServiceError_SYS_EAFNOSUPPORT RemoteSocketServiceError_SystemError = 97 + RemoteSocketServiceError_SYS_EADDRINUSE RemoteSocketServiceError_SystemError = 98 + RemoteSocketServiceError_SYS_EADDRNOTAVAIL RemoteSocketServiceError_SystemError = 99 + RemoteSocketServiceError_SYS_ENETDOWN RemoteSocketServiceError_SystemError = 100 + RemoteSocketServiceError_SYS_ENETUNREACH RemoteSocketServiceError_SystemError = 101 + RemoteSocketServiceError_SYS_ENETRESET RemoteSocketServiceError_SystemError = 102 + RemoteSocketServiceError_SYS_ECONNABORTED RemoteSocketServiceError_SystemError = 103 + RemoteSocketServiceError_SYS_ECONNRESET RemoteSocketServiceError_SystemError = 104 + RemoteSocketServiceError_SYS_ENOBUFS RemoteSocketServiceError_SystemError = 105 + RemoteSocketServiceError_SYS_EISCONN RemoteSocketServiceError_SystemError = 106 + RemoteSocketServiceError_SYS_ENOTCONN RemoteSocketServiceError_SystemError = 107 + RemoteSocketServiceError_SYS_ESHUTDOWN RemoteSocketServiceError_SystemError = 108 + RemoteSocketServiceError_SYS_ETOOMANYREFS RemoteSocketServiceError_SystemError = 109 + RemoteSocketServiceError_SYS_ETIMEDOUT RemoteSocketServiceError_SystemError = 110 + RemoteSocketServiceError_SYS_ECONNREFUSED RemoteSocketServiceError_SystemError = 111 + RemoteSocketServiceError_SYS_EHOSTDOWN RemoteSocketServiceError_SystemError = 112 + RemoteSocketServiceError_SYS_EHOSTUNREACH RemoteSocketServiceError_SystemError = 113 + RemoteSocketServiceError_SYS_EALREADY RemoteSocketServiceError_SystemError = 114 + RemoteSocketServiceError_SYS_EINPROGRESS RemoteSocketServiceError_SystemError = 115 + RemoteSocketServiceError_SYS_ESTALE RemoteSocketServiceError_SystemError = 116 + RemoteSocketServiceError_SYS_EUCLEAN RemoteSocketServiceError_SystemError = 117 + RemoteSocketServiceError_SYS_ENOTNAM RemoteSocketServiceError_SystemError = 118 + RemoteSocketServiceError_SYS_ENAVAIL RemoteSocketServiceError_SystemError = 119 + RemoteSocketServiceError_SYS_EISNAM RemoteSocketServiceError_SystemError = 120 + RemoteSocketServiceError_SYS_EREMOTEIO RemoteSocketServiceError_SystemError = 121 + RemoteSocketServiceError_SYS_EDQUOT RemoteSocketServiceError_SystemError = 122 + RemoteSocketServiceError_SYS_ENOMEDIUM RemoteSocketServiceError_SystemError = 123 + RemoteSocketServiceError_SYS_EMEDIUMTYPE RemoteSocketServiceError_SystemError = 124 + RemoteSocketServiceError_SYS_ECANCELED RemoteSocketServiceError_SystemError = 125 + RemoteSocketServiceError_SYS_ENOKEY RemoteSocketServiceError_SystemError = 126 + RemoteSocketServiceError_SYS_EKEYEXPIRED RemoteSocketServiceError_SystemError = 127 + RemoteSocketServiceError_SYS_EKEYREVOKED RemoteSocketServiceError_SystemError = 128 + RemoteSocketServiceError_SYS_EKEYREJECTED RemoteSocketServiceError_SystemError = 129 + RemoteSocketServiceError_SYS_EOWNERDEAD RemoteSocketServiceError_SystemError = 130 + RemoteSocketServiceError_SYS_ENOTRECOVERABLE RemoteSocketServiceError_SystemError = 131 + RemoteSocketServiceError_SYS_ERFKILL RemoteSocketServiceError_SystemError = 132 +) + +var RemoteSocketServiceError_SystemError_name = map[int32]string{ + 0: "SYS_SUCCESS", + 1: "SYS_EPERM", + 2: "SYS_ENOENT", + 3: "SYS_ESRCH", + 4: "SYS_EINTR", + 5: "SYS_EIO", + 6: "SYS_ENXIO", + 7: "SYS_E2BIG", + 8: "SYS_ENOEXEC", + 9: "SYS_EBADF", + 10: "SYS_ECHILD", + 11: "SYS_EAGAIN", + // Duplicate value: 11: "SYS_EWOULDBLOCK", + 12: "SYS_ENOMEM", + 13: "SYS_EACCES", + 14: "SYS_EFAULT", + 15: "SYS_ENOTBLK", + 16: "SYS_EBUSY", + 17: "SYS_EEXIST", + 18: "SYS_EXDEV", + 19: "SYS_ENODEV", + 20: "SYS_ENOTDIR", + 21: "SYS_EISDIR", + 22: "SYS_EINVAL", + 23: "SYS_ENFILE", + 24: "SYS_EMFILE", + 25: "SYS_ENOTTY", + 26: "SYS_ETXTBSY", + 27: "SYS_EFBIG", + 28: "SYS_ENOSPC", + 29: "SYS_ESPIPE", + 30: "SYS_EROFS", + 31: "SYS_EMLINK", + 32: "SYS_EPIPE", + 33: "SYS_EDOM", + 34: "SYS_ERANGE", + 35: "SYS_EDEADLK", + // Duplicate value: 35: "SYS_EDEADLOCK", + 36: "SYS_ENAMETOOLONG", + 37: "SYS_ENOLCK", + 38: "SYS_ENOSYS", + 39: "SYS_ENOTEMPTY", + 40: "SYS_ELOOP", + 42: "SYS_ENOMSG", + 43: "SYS_EIDRM", + 44: "SYS_ECHRNG", + 45: "SYS_EL2NSYNC", + 46: "SYS_EL3HLT", + 47: "SYS_EL3RST", + 48: "SYS_ELNRNG", + 49: "SYS_EUNATCH", + 50: "SYS_ENOCSI", + 51: "SYS_EL2HLT", + 52: "SYS_EBADE", + 53: "SYS_EBADR", + 54: "SYS_EXFULL", + 55: "SYS_ENOANO", + 56: "SYS_EBADRQC", + 57: "SYS_EBADSLT", + 59: "SYS_EBFONT", + 60: "SYS_ENOSTR", + 61: "SYS_ENODATA", + 62: "SYS_ETIME", + 63: "SYS_ENOSR", + 64: "SYS_ENONET", + 65: "SYS_ENOPKG", + 66: "SYS_EREMOTE", + 67: "SYS_ENOLINK", + 68: "SYS_EADV", + 69: "SYS_ESRMNT", + 70: "SYS_ECOMM", + 71: "SYS_EPROTO", + 72: "SYS_EMULTIHOP", + 73: "SYS_EDOTDOT", + 74: "SYS_EBADMSG", + 75: "SYS_EOVERFLOW", + 76: "SYS_ENOTUNIQ", + 77: "SYS_EBADFD", + 78: "SYS_EREMCHG", + 79: "SYS_ELIBACC", + 80: "SYS_ELIBBAD", + 81: "SYS_ELIBSCN", + 82: "SYS_ELIBMAX", + 83: "SYS_ELIBEXEC", + 84: "SYS_EILSEQ", + 85: "SYS_ERESTART", + 86: "SYS_ESTRPIPE", + 87: "SYS_EUSERS", + 88: "SYS_ENOTSOCK", + 89: "SYS_EDESTADDRREQ", + 90: "SYS_EMSGSIZE", + 91: "SYS_EPROTOTYPE", + 92: "SYS_ENOPROTOOPT", + 93: "SYS_EPROTONOSUPPORT", + 94: "SYS_ESOCKTNOSUPPORT", + 95: "SYS_EOPNOTSUPP", + // Duplicate value: 95: "SYS_ENOTSUP", + 96: "SYS_EPFNOSUPPORT", + 97: "SYS_EAFNOSUPPORT", + 98: "SYS_EADDRINUSE", + 99: "SYS_EADDRNOTAVAIL", + 100: "SYS_ENETDOWN", + 101: "SYS_ENETUNREACH", + 102: "SYS_ENETRESET", + 103: "SYS_ECONNABORTED", + 104: "SYS_ECONNRESET", + 105: "SYS_ENOBUFS", + 106: "SYS_EISCONN", + 107: "SYS_ENOTCONN", + 108: "SYS_ESHUTDOWN", + 109: "SYS_ETOOMANYREFS", + 110: "SYS_ETIMEDOUT", + 111: "SYS_ECONNREFUSED", + 112: "SYS_EHOSTDOWN", + 113: "SYS_EHOSTUNREACH", + 114: "SYS_EALREADY", + 115: "SYS_EINPROGRESS", + 116: "SYS_ESTALE", + 117: "SYS_EUCLEAN", + 118: "SYS_ENOTNAM", + 119: "SYS_ENAVAIL", + 120: "SYS_EISNAM", + 121: "SYS_EREMOTEIO", + 122: "SYS_EDQUOT", + 123: "SYS_ENOMEDIUM", + 124: "SYS_EMEDIUMTYPE", + 125: "SYS_ECANCELED", + 126: "SYS_ENOKEY", + 127: "SYS_EKEYEXPIRED", + 128: "SYS_EKEYREVOKED", + 129: "SYS_EKEYREJECTED", + 130: "SYS_EOWNERDEAD", + 131: "SYS_ENOTRECOVERABLE", + 132: "SYS_ERFKILL", +} +var RemoteSocketServiceError_SystemError_value = map[string]int32{ + "SYS_SUCCESS": 0, + "SYS_EPERM": 1, + "SYS_ENOENT": 2, + "SYS_ESRCH": 3, + "SYS_EINTR": 4, + "SYS_EIO": 5, + "SYS_ENXIO": 6, + "SYS_E2BIG": 7, + "SYS_ENOEXEC": 8, + "SYS_EBADF": 9, + "SYS_ECHILD": 10, + "SYS_EAGAIN": 11, + "SYS_EWOULDBLOCK": 11, + "SYS_ENOMEM": 12, + "SYS_EACCES": 13, + "SYS_EFAULT": 14, + "SYS_ENOTBLK": 15, + "SYS_EBUSY": 16, + "SYS_EEXIST": 17, + "SYS_EXDEV": 18, + "SYS_ENODEV": 19, + "SYS_ENOTDIR": 20, + "SYS_EISDIR": 21, + "SYS_EINVAL": 22, + "SYS_ENFILE": 23, + "SYS_EMFILE": 24, + "SYS_ENOTTY": 25, + "SYS_ETXTBSY": 26, + "SYS_EFBIG": 27, + "SYS_ENOSPC": 28, + "SYS_ESPIPE": 29, + "SYS_EROFS": 30, + "SYS_EMLINK": 31, + "SYS_EPIPE": 32, + "SYS_EDOM": 33, + "SYS_ERANGE": 34, + "SYS_EDEADLK": 35, + "SYS_EDEADLOCK": 35, + "SYS_ENAMETOOLONG": 36, + "SYS_ENOLCK": 37, + "SYS_ENOSYS": 38, + "SYS_ENOTEMPTY": 39, + "SYS_ELOOP": 40, + "SYS_ENOMSG": 42, + "SYS_EIDRM": 43, + "SYS_ECHRNG": 44, + "SYS_EL2NSYNC": 45, + "SYS_EL3HLT": 46, + "SYS_EL3RST": 47, + "SYS_ELNRNG": 48, + "SYS_EUNATCH": 49, + "SYS_ENOCSI": 50, + "SYS_EL2HLT": 51, + "SYS_EBADE": 52, + "SYS_EBADR": 53, + "SYS_EXFULL": 54, + "SYS_ENOANO": 55, + "SYS_EBADRQC": 56, + "SYS_EBADSLT": 57, + "SYS_EBFONT": 59, + "SYS_ENOSTR": 60, + "SYS_ENODATA": 61, + "SYS_ETIME": 62, + "SYS_ENOSR": 63, + "SYS_ENONET": 64, + "SYS_ENOPKG": 65, + "SYS_EREMOTE": 66, + "SYS_ENOLINK": 67, + "SYS_EADV": 68, + "SYS_ESRMNT": 69, + "SYS_ECOMM": 70, + "SYS_EPROTO": 71, + "SYS_EMULTIHOP": 72, + "SYS_EDOTDOT": 73, + "SYS_EBADMSG": 74, + "SYS_EOVERFLOW": 75, + "SYS_ENOTUNIQ": 76, + "SYS_EBADFD": 77, + "SYS_EREMCHG": 78, + "SYS_ELIBACC": 79, + "SYS_ELIBBAD": 80, + "SYS_ELIBSCN": 81, + "SYS_ELIBMAX": 82, + "SYS_ELIBEXEC": 83, + "SYS_EILSEQ": 84, + "SYS_ERESTART": 85, + "SYS_ESTRPIPE": 86, + "SYS_EUSERS": 87, + "SYS_ENOTSOCK": 88, + "SYS_EDESTADDRREQ": 89, + "SYS_EMSGSIZE": 90, + "SYS_EPROTOTYPE": 91, + "SYS_ENOPROTOOPT": 92, + "SYS_EPROTONOSUPPORT": 93, + "SYS_ESOCKTNOSUPPORT": 94, + "SYS_EOPNOTSUPP": 95, + "SYS_ENOTSUP": 95, + "SYS_EPFNOSUPPORT": 96, + "SYS_EAFNOSUPPORT": 97, + "SYS_EADDRINUSE": 98, + "SYS_EADDRNOTAVAIL": 99, + "SYS_ENETDOWN": 100, + "SYS_ENETUNREACH": 101, + "SYS_ENETRESET": 102, + "SYS_ECONNABORTED": 103, + "SYS_ECONNRESET": 104, + "SYS_ENOBUFS": 105, + "SYS_EISCONN": 106, + "SYS_ENOTCONN": 107, + "SYS_ESHUTDOWN": 108, + "SYS_ETOOMANYREFS": 109, + "SYS_ETIMEDOUT": 110, + "SYS_ECONNREFUSED": 111, + "SYS_EHOSTDOWN": 112, + "SYS_EHOSTUNREACH": 113, + "SYS_EALREADY": 114, + "SYS_EINPROGRESS": 115, + "SYS_ESTALE": 116, + "SYS_EUCLEAN": 117, + "SYS_ENOTNAM": 118, + "SYS_ENAVAIL": 119, + "SYS_EISNAM": 120, + "SYS_EREMOTEIO": 121, + "SYS_EDQUOT": 122, + "SYS_ENOMEDIUM": 123, + "SYS_EMEDIUMTYPE": 124, + "SYS_ECANCELED": 125, + "SYS_ENOKEY": 126, + "SYS_EKEYEXPIRED": 127, + "SYS_EKEYREVOKED": 128, + "SYS_EKEYREJECTED": 129, + "SYS_EOWNERDEAD": 130, + "SYS_ENOTRECOVERABLE": 131, + "SYS_ERFKILL": 132, +} + +func (x RemoteSocketServiceError_SystemError) Enum() *RemoteSocketServiceError_SystemError { + p := new(RemoteSocketServiceError_SystemError) + *p = x + return p +} +func (x RemoteSocketServiceError_SystemError) String() string { + return proto.EnumName(RemoteSocketServiceError_SystemError_name, int32(x)) +} +func (x *RemoteSocketServiceError_SystemError) UnmarshalJSON(data []byte) error { + value, err := proto.UnmarshalJSONEnum(RemoteSocketServiceError_SystemError_value, data, "RemoteSocketServiceError_SystemError") + if err != nil { + return err + } + *x = RemoteSocketServiceError_SystemError(value) + return nil +} + +type CreateSocketRequest_SocketFamily int32 + +const ( + CreateSocketRequest_IPv4 CreateSocketRequest_SocketFamily = 1 + CreateSocketRequest_IPv6 CreateSocketRequest_SocketFamily = 2 +) + +var CreateSocketRequest_SocketFamily_name = map[int32]string{ + 1: "IPv4", + 2: "IPv6", +} +var CreateSocketRequest_SocketFamily_value = map[string]int32{ + "IPv4": 1, + "IPv6": 2, +} + +func (x CreateSocketRequest_SocketFamily) Enum() *CreateSocketRequest_SocketFamily { + p := new(CreateSocketRequest_SocketFamily) + *p = x + return p +} +func (x CreateSocketRequest_SocketFamily) String() string { + return proto.EnumName(CreateSocketRequest_SocketFamily_name, int32(x)) +} +func (x *CreateSocketRequest_SocketFamily) UnmarshalJSON(data []byte) error { + value, err := proto.UnmarshalJSONEnum(CreateSocketRequest_SocketFamily_value, data, "CreateSocketRequest_SocketFamily") + if err != nil { + return err + } + *x = CreateSocketRequest_SocketFamily(value) + return nil +} + +type CreateSocketRequest_SocketProtocol int32 + +const ( + CreateSocketRequest_TCP CreateSocketRequest_SocketProtocol = 1 + CreateSocketRequest_UDP CreateSocketRequest_SocketProtocol = 2 +) + +var CreateSocketRequest_SocketProtocol_name = map[int32]string{ + 1: "TCP", + 2: "UDP", +} +var CreateSocketRequest_SocketProtocol_value = map[string]int32{ + "TCP": 1, + "UDP": 2, +} + +func (x CreateSocketRequest_SocketProtocol) Enum() *CreateSocketRequest_SocketProtocol { + p := new(CreateSocketRequest_SocketProtocol) + *p = x + return p +} +func (x CreateSocketRequest_SocketProtocol) String() string { + return proto.EnumName(CreateSocketRequest_SocketProtocol_name, int32(x)) +} +func (x *CreateSocketRequest_SocketProtocol) UnmarshalJSON(data []byte) error { + value, err := proto.UnmarshalJSONEnum(CreateSocketRequest_SocketProtocol_value, data, "CreateSocketRequest_SocketProtocol") + if err != nil { + return err + } + *x = CreateSocketRequest_SocketProtocol(value) + return nil +} + +type SocketOption_SocketOptionLevel int32 + +const ( + SocketOption_SOCKET_SOL_IP SocketOption_SocketOptionLevel = 0 + SocketOption_SOCKET_SOL_SOCKET SocketOption_SocketOptionLevel = 1 + SocketOption_SOCKET_SOL_TCP SocketOption_SocketOptionLevel = 6 + SocketOption_SOCKET_SOL_UDP SocketOption_SocketOptionLevel = 17 +) + +var SocketOption_SocketOptionLevel_name = map[int32]string{ + 0: "SOCKET_SOL_IP", + 1: "SOCKET_SOL_SOCKET", + 6: "SOCKET_SOL_TCP", + 17: "SOCKET_SOL_UDP", +} +var SocketOption_SocketOptionLevel_value = map[string]int32{ + "SOCKET_SOL_IP": 0, + "SOCKET_SOL_SOCKET": 1, + "SOCKET_SOL_TCP": 6, + "SOCKET_SOL_UDP": 17, +} + +func (x SocketOption_SocketOptionLevel) Enum() *SocketOption_SocketOptionLevel { + p := new(SocketOption_SocketOptionLevel) + *p = x + return p +} +func (x SocketOption_SocketOptionLevel) String() string { + return proto.EnumName(SocketOption_SocketOptionLevel_name, int32(x)) +} +func (x *SocketOption_SocketOptionLevel) UnmarshalJSON(data []byte) error { + value, err := proto.UnmarshalJSONEnum(SocketOption_SocketOptionLevel_value, data, "SocketOption_SocketOptionLevel") + if err != nil { + return err + } + *x = SocketOption_SocketOptionLevel(value) + return nil +} + +type SocketOption_SocketOptionName int32 + +const ( + SocketOption_SOCKET_SO_DEBUG SocketOption_SocketOptionName = 1 + SocketOption_SOCKET_SO_REUSEADDR SocketOption_SocketOptionName = 2 + SocketOption_SOCKET_SO_TYPE SocketOption_SocketOptionName = 3 + SocketOption_SOCKET_SO_ERROR SocketOption_SocketOptionName = 4 + SocketOption_SOCKET_SO_DONTROUTE SocketOption_SocketOptionName = 5 + SocketOption_SOCKET_SO_BROADCAST SocketOption_SocketOptionName = 6 + SocketOption_SOCKET_SO_SNDBUF SocketOption_SocketOptionName = 7 + SocketOption_SOCKET_SO_RCVBUF SocketOption_SocketOptionName = 8 + SocketOption_SOCKET_SO_KEEPALIVE SocketOption_SocketOptionName = 9 + SocketOption_SOCKET_SO_OOBINLINE SocketOption_SocketOptionName = 10 + SocketOption_SOCKET_SO_LINGER SocketOption_SocketOptionName = 13 + SocketOption_SOCKET_SO_RCVTIMEO SocketOption_SocketOptionName = 20 + SocketOption_SOCKET_SO_SNDTIMEO SocketOption_SocketOptionName = 21 + SocketOption_SOCKET_IP_TOS SocketOption_SocketOptionName = 1 + SocketOption_SOCKET_IP_TTL SocketOption_SocketOptionName = 2 + SocketOption_SOCKET_IP_HDRINCL SocketOption_SocketOptionName = 3 + SocketOption_SOCKET_IP_OPTIONS SocketOption_SocketOptionName = 4 + SocketOption_SOCKET_TCP_NODELAY SocketOption_SocketOptionName = 1 + SocketOption_SOCKET_TCP_MAXSEG SocketOption_SocketOptionName = 2 + SocketOption_SOCKET_TCP_CORK SocketOption_SocketOptionName = 3 + SocketOption_SOCKET_TCP_KEEPIDLE SocketOption_SocketOptionName = 4 + SocketOption_SOCKET_TCP_KEEPINTVL SocketOption_SocketOptionName = 5 + SocketOption_SOCKET_TCP_KEEPCNT SocketOption_SocketOptionName = 6 + SocketOption_SOCKET_TCP_SYNCNT SocketOption_SocketOptionName = 7 + SocketOption_SOCKET_TCP_LINGER2 SocketOption_SocketOptionName = 8 + SocketOption_SOCKET_TCP_DEFER_ACCEPT SocketOption_SocketOptionName = 9 + SocketOption_SOCKET_TCP_WINDOW_CLAMP SocketOption_SocketOptionName = 10 + SocketOption_SOCKET_TCP_INFO SocketOption_SocketOptionName = 11 + SocketOption_SOCKET_TCP_QUICKACK SocketOption_SocketOptionName = 12 +) + +var SocketOption_SocketOptionName_name = map[int32]string{ + 1: "SOCKET_SO_DEBUG", + 2: "SOCKET_SO_REUSEADDR", + 3: "SOCKET_SO_TYPE", + 4: "SOCKET_SO_ERROR", + 5: "SOCKET_SO_DONTROUTE", + 6: "SOCKET_SO_BROADCAST", + 7: "SOCKET_SO_SNDBUF", + 8: "SOCKET_SO_RCVBUF", + 9: "SOCKET_SO_KEEPALIVE", + 10: "SOCKET_SO_OOBINLINE", + 13: "SOCKET_SO_LINGER", + 20: "SOCKET_SO_RCVTIMEO", + 21: "SOCKET_SO_SNDTIMEO", + // Duplicate value: 1: "SOCKET_IP_TOS", + // Duplicate value: 2: "SOCKET_IP_TTL", + // Duplicate value: 3: "SOCKET_IP_HDRINCL", + // Duplicate value: 4: "SOCKET_IP_OPTIONS", + // Duplicate value: 1: "SOCKET_TCP_NODELAY", + // Duplicate value: 2: "SOCKET_TCP_MAXSEG", + // Duplicate value: 3: "SOCKET_TCP_CORK", + // Duplicate value: 4: "SOCKET_TCP_KEEPIDLE", + // Duplicate value: 5: "SOCKET_TCP_KEEPINTVL", + // Duplicate value: 6: "SOCKET_TCP_KEEPCNT", + // Duplicate value: 7: "SOCKET_TCP_SYNCNT", + // Duplicate value: 8: "SOCKET_TCP_LINGER2", + // Duplicate value: 9: "SOCKET_TCP_DEFER_ACCEPT", + // Duplicate value: 10: "SOCKET_TCP_WINDOW_CLAMP", + 11: "SOCKET_TCP_INFO", + 12: "SOCKET_TCP_QUICKACK", +} +var SocketOption_SocketOptionName_value = map[string]int32{ + "SOCKET_SO_DEBUG": 1, + "SOCKET_SO_REUSEADDR": 2, + "SOCKET_SO_TYPE": 3, + "SOCKET_SO_ERROR": 4, + "SOCKET_SO_DONTROUTE": 5, + "SOCKET_SO_BROADCAST": 6, + "SOCKET_SO_SNDBUF": 7, + "SOCKET_SO_RCVBUF": 8, + "SOCKET_SO_KEEPALIVE": 9, + "SOCKET_SO_OOBINLINE": 10, + "SOCKET_SO_LINGER": 13, + "SOCKET_SO_RCVTIMEO": 20, + "SOCKET_SO_SNDTIMEO": 21, + "SOCKET_IP_TOS": 1, + "SOCKET_IP_TTL": 2, + "SOCKET_IP_HDRINCL": 3, + "SOCKET_IP_OPTIONS": 4, + "SOCKET_TCP_NODELAY": 1, + "SOCKET_TCP_MAXSEG": 2, + "SOCKET_TCP_CORK": 3, + "SOCKET_TCP_KEEPIDLE": 4, + "SOCKET_TCP_KEEPINTVL": 5, + "SOCKET_TCP_KEEPCNT": 6, + "SOCKET_TCP_SYNCNT": 7, + "SOCKET_TCP_LINGER2": 8, + "SOCKET_TCP_DEFER_ACCEPT": 9, + "SOCKET_TCP_WINDOW_CLAMP": 10, + "SOCKET_TCP_INFO": 11, + "SOCKET_TCP_QUICKACK": 12, +} + +func (x SocketOption_SocketOptionName) Enum() *SocketOption_SocketOptionName { + p := new(SocketOption_SocketOptionName) + *p = x + return p +} +func (x SocketOption_SocketOptionName) String() string { + return proto.EnumName(SocketOption_SocketOptionName_name, int32(x)) +} +func (x *SocketOption_SocketOptionName) UnmarshalJSON(data []byte) error { + value, err := proto.UnmarshalJSONEnum(SocketOption_SocketOptionName_value, data, "SocketOption_SocketOptionName") + if err != nil { + return err + } + *x = SocketOption_SocketOptionName(value) + return nil +} + +type ShutDownRequest_How int32 + +const ( + ShutDownRequest_SOCKET_SHUT_RD ShutDownRequest_How = 1 + ShutDownRequest_SOCKET_SHUT_WR ShutDownRequest_How = 2 + ShutDownRequest_SOCKET_SHUT_RDWR ShutDownRequest_How = 3 +) + +var ShutDownRequest_How_name = map[int32]string{ + 1: "SOCKET_SHUT_RD", + 2: "SOCKET_SHUT_WR", + 3: "SOCKET_SHUT_RDWR", +} +var ShutDownRequest_How_value = map[string]int32{ + "SOCKET_SHUT_RD": 1, + "SOCKET_SHUT_WR": 2, + "SOCKET_SHUT_RDWR": 3, +} + +func (x ShutDownRequest_How) Enum() *ShutDownRequest_How { + p := new(ShutDownRequest_How) + *p = x + return p +} +func (x ShutDownRequest_How) String() string { + return proto.EnumName(ShutDownRequest_How_name, int32(x)) +} +func (x *ShutDownRequest_How) UnmarshalJSON(data []byte) error { + value, err := proto.UnmarshalJSONEnum(ShutDownRequest_How_value, data, "ShutDownRequest_How") + if err != nil { + return err + } + *x = ShutDownRequest_How(value) + return nil +} + +type ReceiveRequest_Flags int32 + +const ( + ReceiveRequest_MSG_OOB ReceiveRequest_Flags = 1 + ReceiveRequest_MSG_PEEK ReceiveRequest_Flags = 2 +) + +var ReceiveRequest_Flags_name = map[int32]string{ + 1: "MSG_OOB", + 2: "MSG_PEEK", +} +var ReceiveRequest_Flags_value = map[string]int32{ + "MSG_OOB": 1, + "MSG_PEEK": 2, +} + +func (x ReceiveRequest_Flags) Enum() *ReceiveRequest_Flags { + p := new(ReceiveRequest_Flags) + *p = x + return p +} +func (x ReceiveRequest_Flags) String() string { + return proto.EnumName(ReceiveRequest_Flags_name, int32(x)) +} +func (x *ReceiveRequest_Flags) UnmarshalJSON(data []byte) error { + value, err := proto.UnmarshalJSONEnum(ReceiveRequest_Flags_value, data, "ReceiveRequest_Flags") + if err != nil { + return err + } + *x = ReceiveRequest_Flags(value) + return nil +} + +type PollEvent_PollEventFlag int32 + +const ( + PollEvent_SOCKET_POLLNONE PollEvent_PollEventFlag = 0 + PollEvent_SOCKET_POLLIN PollEvent_PollEventFlag = 1 + PollEvent_SOCKET_POLLPRI PollEvent_PollEventFlag = 2 + PollEvent_SOCKET_POLLOUT PollEvent_PollEventFlag = 4 + PollEvent_SOCKET_POLLERR PollEvent_PollEventFlag = 8 + PollEvent_SOCKET_POLLHUP PollEvent_PollEventFlag = 16 + PollEvent_SOCKET_POLLNVAL PollEvent_PollEventFlag = 32 + PollEvent_SOCKET_POLLRDNORM PollEvent_PollEventFlag = 64 + PollEvent_SOCKET_POLLRDBAND PollEvent_PollEventFlag = 128 + PollEvent_SOCKET_POLLWRNORM PollEvent_PollEventFlag = 256 + PollEvent_SOCKET_POLLWRBAND PollEvent_PollEventFlag = 512 + PollEvent_SOCKET_POLLMSG PollEvent_PollEventFlag = 1024 + PollEvent_SOCKET_POLLREMOVE PollEvent_PollEventFlag = 4096 + PollEvent_SOCKET_POLLRDHUP PollEvent_PollEventFlag = 8192 +) + +var PollEvent_PollEventFlag_name = map[int32]string{ + 0: "SOCKET_POLLNONE", + 1: "SOCKET_POLLIN", + 2: "SOCKET_POLLPRI", + 4: "SOCKET_POLLOUT", + 8: "SOCKET_POLLERR", + 16: "SOCKET_POLLHUP", + 32: "SOCKET_POLLNVAL", + 64: "SOCKET_POLLRDNORM", + 128: "SOCKET_POLLRDBAND", + 256: "SOCKET_POLLWRNORM", + 512: "SOCKET_POLLWRBAND", + 1024: "SOCKET_POLLMSG", + 4096: "SOCKET_POLLREMOVE", + 8192: "SOCKET_POLLRDHUP", +} +var PollEvent_PollEventFlag_value = map[string]int32{ + "SOCKET_POLLNONE": 0, + "SOCKET_POLLIN": 1, + "SOCKET_POLLPRI": 2, + "SOCKET_POLLOUT": 4, + "SOCKET_POLLERR": 8, + "SOCKET_POLLHUP": 16, + "SOCKET_POLLNVAL": 32, + "SOCKET_POLLRDNORM": 64, + "SOCKET_POLLRDBAND": 128, + "SOCKET_POLLWRNORM": 256, + "SOCKET_POLLWRBAND": 512, + "SOCKET_POLLMSG": 1024, + "SOCKET_POLLREMOVE": 4096, + "SOCKET_POLLRDHUP": 8192, +} + +func (x PollEvent_PollEventFlag) Enum() *PollEvent_PollEventFlag { + p := new(PollEvent_PollEventFlag) + *p = x + return p +} +func (x PollEvent_PollEventFlag) String() string { + return proto.EnumName(PollEvent_PollEventFlag_name, int32(x)) +} +func (x *PollEvent_PollEventFlag) UnmarshalJSON(data []byte) error { + value, err := proto.UnmarshalJSONEnum(PollEvent_PollEventFlag_value, data, "PollEvent_PollEventFlag") + if err != nil { + return err + } + *x = PollEvent_PollEventFlag(value) + return nil +} + +type ResolveReply_ErrorCode int32 + +const ( + ResolveReply_SOCKET_EAI_ADDRFAMILY ResolveReply_ErrorCode = 1 + ResolveReply_SOCKET_EAI_AGAIN ResolveReply_ErrorCode = 2 + ResolveReply_SOCKET_EAI_BADFLAGS ResolveReply_ErrorCode = 3 + ResolveReply_SOCKET_EAI_FAIL ResolveReply_ErrorCode = 4 + ResolveReply_SOCKET_EAI_FAMILY ResolveReply_ErrorCode = 5 + ResolveReply_SOCKET_EAI_MEMORY ResolveReply_ErrorCode = 6 + ResolveReply_SOCKET_EAI_NODATA ResolveReply_ErrorCode = 7 + ResolveReply_SOCKET_EAI_NONAME ResolveReply_ErrorCode = 8 + ResolveReply_SOCKET_EAI_SERVICE ResolveReply_ErrorCode = 9 + ResolveReply_SOCKET_EAI_SOCKTYPE ResolveReply_ErrorCode = 10 + ResolveReply_SOCKET_EAI_SYSTEM ResolveReply_ErrorCode = 11 + ResolveReply_SOCKET_EAI_BADHINTS ResolveReply_ErrorCode = 12 + ResolveReply_SOCKET_EAI_PROTOCOL ResolveReply_ErrorCode = 13 + ResolveReply_SOCKET_EAI_OVERFLOW ResolveReply_ErrorCode = 14 + ResolveReply_SOCKET_EAI_MAX ResolveReply_ErrorCode = 15 +) + +var ResolveReply_ErrorCode_name = map[int32]string{ + 1: "SOCKET_EAI_ADDRFAMILY", + 2: "SOCKET_EAI_AGAIN", + 3: "SOCKET_EAI_BADFLAGS", + 4: "SOCKET_EAI_FAIL", + 5: "SOCKET_EAI_FAMILY", + 6: "SOCKET_EAI_MEMORY", + 7: "SOCKET_EAI_NODATA", + 8: "SOCKET_EAI_NONAME", + 9: "SOCKET_EAI_SERVICE", + 10: "SOCKET_EAI_SOCKTYPE", + 11: "SOCKET_EAI_SYSTEM", + 12: "SOCKET_EAI_BADHINTS", + 13: "SOCKET_EAI_PROTOCOL", + 14: "SOCKET_EAI_OVERFLOW", + 15: "SOCKET_EAI_MAX", +} +var ResolveReply_ErrorCode_value = map[string]int32{ + "SOCKET_EAI_ADDRFAMILY": 1, + "SOCKET_EAI_AGAIN": 2, + "SOCKET_EAI_BADFLAGS": 3, + "SOCKET_EAI_FAIL": 4, + "SOCKET_EAI_FAMILY": 5, + "SOCKET_EAI_MEMORY": 6, + "SOCKET_EAI_NODATA": 7, + "SOCKET_EAI_NONAME": 8, + "SOCKET_EAI_SERVICE": 9, + "SOCKET_EAI_SOCKTYPE": 10, + "SOCKET_EAI_SYSTEM": 11, + "SOCKET_EAI_BADHINTS": 12, + "SOCKET_EAI_PROTOCOL": 13, + "SOCKET_EAI_OVERFLOW": 14, + "SOCKET_EAI_MAX": 15, +} + +func (x ResolveReply_ErrorCode) Enum() *ResolveReply_ErrorCode { + p := new(ResolveReply_ErrorCode) + *p = x + return p +} +func (x ResolveReply_ErrorCode) String() string { + return proto.EnumName(ResolveReply_ErrorCode_name, int32(x)) +} +func (x *ResolveReply_ErrorCode) UnmarshalJSON(data []byte) error { + value, err := proto.UnmarshalJSONEnum(ResolveReply_ErrorCode_value, data, "ResolveReply_ErrorCode") + if err != nil { + return err + } + *x = ResolveReply_ErrorCode(value) + return nil +} + +type RemoteSocketServiceError struct { + SystemError *int32 `protobuf:"varint,1,opt,name=system_error,def=0" json:"system_error,omitempty"` + ErrorDetail *string `protobuf:"bytes,2,opt,name=error_detail" json:"error_detail,omitempty"` + XXX_unrecognized []byte `json:"-"` +} + +func (m *RemoteSocketServiceError) Reset() { *m = RemoteSocketServiceError{} } +func (m *RemoteSocketServiceError) String() string { return proto.CompactTextString(m) } +func (*RemoteSocketServiceError) ProtoMessage() {} + +const Default_RemoteSocketServiceError_SystemError int32 = 0 + +func (m *RemoteSocketServiceError) GetSystemError() int32 { + if m != nil && m.SystemError != nil { + return *m.SystemError + } + return Default_RemoteSocketServiceError_SystemError +} + +func (m *RemoteSocketServiceError) GetErrorDetail() string { + if m != nil && m.ErrorDetail != nil { + return *m.ErrorDetail + } + return "" +} + +type AddressPort struct { + Port *int32 `protobuf:"varint,1,req,name=port" json:"port,omitempty"` + PackedAddress []byte `protobuf:"bytes,2,opt,name=packed_address" json:"packed_address,omitempty"` + HostnameHint *string `protobuf:"bytes,3,opt,name=hostname_hint" json:"hostname_hint,omitempty"` + XXX_unrecognized []byte `json:"-"` +} + +func (m *AddressPort) Reset() { *m = AddressPort{} } +func (m *AddressPort) String() string { return proto.CompactTextString(m) } +func (*AddressPort) ProtoMessage() {} + +func (m *AddressPort) GetPort() int32 { + if m != nil && m.Port != nil { + return *m.Port + } + return 0 +} + +func (m *AddressPort) GetPackedAddress() []byte { + if m != nil { + return m.PackedAddress + } + return nil +} + +func (m *AddressPort) GetHostnameHint() string { + if m != nil && m.HostnameHint != nil { + return *m.HostnameHint + } + return "" +} + +type CreateSocketRequest struct { + Family *CreateSocketRequest_SocketFamily `protobuf:"varint,1,req,name=family,enum=appengine.CreateSocketRequest_SocketFamily" json:"family,omitempty"` + Protocol *CreateSocketRequest_SocketProtocol `protobuf:"varint,2,req,name=protocol,enum=appengine.CreateSocketRequest_SocketProtocol" json:"protocol,omitempty"` + SocketOptions []*SocketOption `protobuf:"bytes,3,rep,name=socket_options" json:"socket_options,omitempty"` + ProxyExternalIp *AddressPort `protobuf:"bytes,4,opt,name=proxy_external_ip" json:"proxy_external_ip,omitempty"` + ListenBacklog *int32 `protobuf:"varint,5,opt,name=listen_backlog,def=0" json:"listen_backlog,omitempty"` + RemoteIp *AddressPort `protobuf:"bytes,6,opt,name=remote_ip" json:"remote_ip,omitempty"` + AppId *string `protobuf:"bytes,9,opt,name=app_id" json:"app_id,omitempty"` + ProjectId *int64 `protobuf:"varint,10,opt,name=project_id" json:"project_id,omitempty"` + XXX_unrecognized []byte `json:"-"` +} + +func (m *CreateSocketRequest) Reset() { *m = CreateSocketRequest{} } +func (m *CreateSocketRequest) String() string { return proto.CompactTextString(m) } +func (*CreateSocketRequest) ProtoMessage() {} + +const Default_CreateSocketRequest_ListenBacklog int32 = 0 + +func (m *CreateSocketRequest) GetFamily() CreateSocketRequest_SocketFamily { + if m != nil && m.Family != nil { + return *m.Family + } + return CreateSocketRequest_IPv4 +} + +func (m *CreateSocketRequest) GetProtocol() CreateSocketRequest_SocketProtocol { + if m != nil && m.Protocol != nil { + return *m.Protocol + } + return CreateSocketRequest_TCP +} + +func (m *CreateSocketRequest) GetSocketOptions() []*SocketOption { + if m != nil { + return m.SocketOptions + } + return nil +} + +func (m *CreateSocketRequest) GetProxyExternalIp() *AddressPort { + if m != nil { + return m.ProxyExternalIp + } + return nil +} + +func (m *CreateSocketRequest) GetListenBacklog() int32 { + if m != nil && m.ListenBacklog != nil { + return *m.ListenBacklog + } + return Default_CreateSocketRequest_ListenBacklog +} + +func (m *CreateSocketRequest) GetRemoteIp() *AddressPort { + if m != nil { + return m.RemoteIp + } + return nil +} + +func (m *CreateSocketRequest) GetAppId() string { + if m != nil && m.AppId != nil { + return *m.AppId + } + return "" +} + +func (m *CreateSocketRequest) GetProjectId() int64 { + if m != nil && m.ProjectId != nil { + return *m.ProjectId + } + return 0 +} + +type CreateSocketReply struct { + SocketDescriptor *string `protobuf:"bytes,1,opt,name=socket_descriptor" json:"socket_descriptor,omitempty"` + ServerAddress *AddressPort `protobuf:"bytes,3,opt,name=server_address" json:"server_address,omitempty"` + ProxyExternalIp *AddressPort `protobuf:"bytes,4,opt,name=proxy_external_ip" json:"proxy_external_ip,omitempty"` + XXX_extensions map[int32]proto.Extension `json:"-"` + XXX_unrecognized []byte `json:"-"` +} + +func (m *CreateSocketReply) Reset() { *m = CreateSocketReply{} } +func (m *CreateSocketReply) String() string { return proto.CompactTextString(m) } +func (*CreateSocketReply) ProtoMessage() {} + +var extRange_CreateSocketReply = []proto.ExtensionRange{ + {1000, 536870911}, +} + +func (*CreateSocketReply) ExtensionRangeArray() []proto.ExtensionRange { + return extRange_CreateSocketReply +} +func (m *CreateSocketReply) ExtensionMap() map[int32]proto.Extension { + if m.XXX_extensions == nil { + m.XXX_extensions = make(map[int32]proto.Extension) + } + return m.XXX_extensions +} + +func (m *CreateSocketReply) GetSocketDescriptor() string { + if m != nil && m.SocketDescriptor != nil { + return *m.SocketDescriptor + } + return "" +} + +func (m *CreateSocketReply) GetServerAddress() *AddressPort { + if m != nil { + return m.ServerAddress + } + return nil +} + +func (m *CreateSocketReply) GetProxyExternalIp() *AddressPort { + if m != nil { + return m.ProxyExternalIp + } + return nil +} + +type BindRequest struct { + SocketDescriptor *string `protobuf:"bytes,1,req,name=socket_descriptor" json:"socket_descriptor,omitempty"` + ProxyExternalIp *AddressPort `protobuf:"bytes,2,req,name=proxy_external_ip" json:"proxy_external_ip,omitempty"` + XXX_unrecognized []byte `json:"-"` +} + +func (m *BindRequest) Reset() { *m = BindRequest{} } +func (m *BindRequest) String() string { return proto.CompactTextString(m) } +func (*BindRequest) ProtoMessage() {} + +func (m *BindRequest) GetSocketDescriptor() string { + if m != nil && m.SocketDescriptor != nil { + return *m.SocketDescriptor + } + return "" +} + +func (m *BindRequest) GetProxyExternalIp() *AddressPort { + if m != nil { + return m.ProxyExternalIp + } + return nil +} + +type BindReply struct { + ProxyExternalIp *AddressPort `protobuf:"bytes,1,opt,name=proxy_external_ip" json:"proxy_external_ip,omitempty"` + XXX_unrecognized []byte `json:"-"` +} + +func (m *BindReply) Reset() { *m = BindReply{} } +func (m *BindReply) String() string { return proto.CompactTextString(m) } +func (*BindReply) ProtoMessage() {} + +func (m *BindReply) GetProxyExternalIp() *AddressPort { + if m != nil { + return m.ProxyExternalIp + } + return nil +} + +type GetSocketNameRequest struct { + SocketDescriptor *string `protobuf:"bytes,1,req,name=socket_descriptor" json:"socket_descriptor,omitempty"` + XXX_unrecognized []byte `json:"-"` +} + +func (m *GetSocketNameRequest) Reset() { *m = GetSocketNameRequest{} } +func (m *GetSocketNameRequest) String() string { return proto.CompactTextString(m) } +func (*GetSocketNameRequest) ProtoMessage() {} + +func (m *GetSocketNameRequest) GetSocketDescriptor() string { + if m != nil && m.SocketDescriptor != nil { + return *m.SocketDescriptor + } + return "" +} + +type GetSocketNameReply struct { + ProxyExternalIp *AddressPort `protobuf:"bytes,2,opt,name=proxy_external_ip" json:"proxy_external_ip,omitempty"` + XXX_unrecognized []byte `json:"-"` +} + +func (m *GetSocketNameReply) Reset() { *m = GetSocketNameReply{} } +func (m *GetSocketNameReply) String() string { return proto.CompactTextString(m) } +func (*GetSocketNameReply) ProtoMessage() {} + +func (m *GetSocketNameReply) GetProxyExternalIp() *AddressPort { + if m != nil { + return m.ProxyExternalIp + } + return nil +} + +type GetPeerNameRequest struct { + SocketDescriptor *string `protobuf:"bytes,1,req,name=socket_descriptor" json:"socket_descriptor,omitempty"` + XXX_unrecognized []byte `json:"-"` +} + +func (m *GetPeerNameRequest) Reset() { *m = GetPeerNameRequest{} } +func (m *GetPeerNameRequest) String() string { return proto.CompactTextString(m) } +func (*GetPeerNameRequest) ProtoMessage() {} + +func (m *GetPeerNameRequest) GetSocketDescriptor() string { + if m != nil && m.SocketDescriptor != nil { + return *m.SocketDescriptor + } + return "" +} + +type GetPeerNameReply struct { + PeerIp *AddressPort `protobuf:"bytes,2,opt,name=peer_ip" json:"peer_ip,omitempty"` + XXX_unrecognized []byte `json:"-"` +} + +func (m *GetPeerNameReply) Reset() { *m = GetPeerNameReply{} } +func (m *GetPeerNameReply) String() string { return proto.CompactTextString(m) } +func (*GetPeerNameReply) ProtoMessage() {} + +func (m *GetPeerNameReply) GetPeerIp() *AddressPort { + if m != nil { + return m.PeerIp + } + return nil +} + +type SocketOption struct { + Level *SocketOption_SocketOptionLevel `protobuf:"varint,1,req,name=level,enum=appengine.SocketOption_SocketOptionLevel" json:"level,omitempty"` + Option *SocketOption_SocketOptionName `protobuf:"varint,2,req,name=option,enum=appengine.SocketOption_SocketOptionName" json:"option,omitempty"` + Value []byte `protobuf:"bytes,3,req,name=value" json:"value,omitempty"` + XXX_unrecognized []byte `json:"-"` +} + +func (m *SocketOption) Reset() { *m = SocketOption{} } +func (m *SocketOption) String() string { return proto.CompactTextString(m) } +func (*SocketOption) ProtoMessage() {} + +func (m *SocketOption) GetLevel() SocketOption_SocketOptionLevel { + if m != nil && m.Level != nil { + return *m.Level + } + return SocketOption_SOCKET_SOL_IP +} + +func (m *SocketOption) GetOption() SocketOption_SocketOptionName { + if m != nil && m.Option != nil { + return *m.Option + } + return SocketOption_SOCKET_SO_DEBUG +} + +func (m *SocketOption) GetValue() []byte { + if m != nil { + return m.Value + } + return nil +} + +type SetSocketOptionsRequest struct { + SocketDescriptor *string `protobuf:"bytes,1,req,name=socket_descriptor" json:"socket_descriptor,omitempty"` + Options []*SocketOption `protobuf:"bytes,2,rep,name=options" json:"options,omitempty"` + XXX_unrecognized []byte `json:"-"` +} + +func (m *SetSocketOptionsRequest) Reset() { *m = SetSocketOptionsRequest{} } +func (m *SetSocketOptionsRequest) String() string { return proto.CompactTextString(m) } +func (*SetSocketOptionsRequest) ProtoMessage() {} + +func (m *SetSocketOptionsRequest) GetSocketDescriptor() string { + if m != nil && m.SocketDescriptor != nil { + return *m.SocketDescriptor + } + return "" +} + +func (m *SetSocketOptionsRequest) GetOptions() []*SocketOption { + if m != nil { + return m.Options + } + return nil +} + +type SetSocketOptionsReply struct { + XXX_unrecognized []byte `json:"-"` +} + +func (m *SetSocketOptionsReply) Reset() { *m = SetSocketOptionsReply{} } +func (m *SetSocketOptionsReply) String() string { return proto.CompactTextString(m) } +func (*SetSocketOptionsReply) ProtoMessage() {} + +type GetSocketOptionsRequest struct { + SocketDescriptor *string `protobuf:"bytes,1,req,name=socket_descriptor" json:"socket_descriptor,omitempty"` + Options []*SocketOption `protobuf:"bytes,2,rep,name=options" json:"options,omitempty"` + XXX_unrecognized []byte `json:"-"` +} + +func (m *GetSocketOptionsRequest) Reset() { *m = GetSocketOptionsRequest{} } +func (m *GetSocketOptionsRequest) String() string { return proto.CompactTextString(m) } +func (*GetSocketOptionsRequest) ProtoMessage() {} + +func (m *GetSocketOptionsRequest) GetSocketDescriptor() string { + if m != nil && m.SocketDescriptor != nil { + return *m.SocketDescriptor + } + return "" +} + +func (m *GetSocketOptionsRequest) GetOptions() []*SocketOption { + if m != nil { + return m.Options + } + return nil +} + +type GetSocketOptionsReply struct { + Options []*SocketOption `protobuf:"bytes,2,rep,name=options" json:"options,omitempty"` + XXX_unrecognized []byte `json:"-"` +} + +func (m *GetSocketOptionsReply) Reset() { *m = GetSocketOptionsReply{} } +func (m *GetSocketOptionsReply) String() string { return proto.CompactTextString(m) } +func (*GetSocketOptionsReply) ProtoMessage() {} + +func (m *GetSocketOptionsReply) GetOptions() []*SocketOption { + if m != nil { + return m.Options + } + return nil +} + +type ConnectRequest struct { + SocketDescriptor *string `protobuf:"bytes,1,req,name=socket_descriptor" json:"socket_descriptor,omitempty"` + RemoteIp *AddressPort `protobuf:"bytes,2,req,name=remote_ip" json:"remote_ip,omitempty"` + TimeoutSeconds *float64 `protobuf:"fixed64,3,opt,name=timeout_seconds,def=-1" json:"timeout_seconds,omitempty"` + XXX_unrecognized []byte `json:"-"` +} + +func (m *ConnectRequest) Reset() { *m = ConnectRequest{} } +func (m *ConnectRequest) String() string { return proto.CompactTextString(m) } +func (*ConnectRequest) ProtoMessage() {} + +const Default_ConnectRequest_TimeoutSeconds float64 = -1 + +func (m *ConnectRequest) GetSocketDescriptor() string { + if m != nil && m.SocketDescriptor != nil { + return *m.SocketDescriptor + } + return "" +} + +func (m *ConnectRequest) GetRemoteIp() *AddressPort { + if m != nil { + return m.RemoteIp + } + return nil +} + +func (m *ConnectRequest) GetTimeoutSeconds() float64 { + if m != nil && m.TimeoutSeconds != nil { + return *m.TimeoutSeconds + } + return Default_ConnectRequest_TimeoutSeconds +} + +type ConnectReply struct { + ProxyExternalIp *AddressPort `protobuf:"bytes,1,opt,name=proxy_external_ip" json:"proxy_external_ip,omitempty"` + XXX_extensions map[int32]proto.Extension `json:"-"` + XXX_unrecognized []byte `json:"-"` +} + +func (m *ConnectReply) Reset() { *m = ConnectReply{} } +func (m *ConnectReply) String() string { return proto.CompactTextString(m) } +func (*ConnectReply) ProtoMessage() {} + +var extRange_ConnectReply = []proto.ExtensionRange{ + {1000, 536870911}, +} + +func (*ConnectReply) ExtensionRangeArray() []proto.ExtensionRange { + return extRange_ConnectReply +} +func (m *ConnectReply) ExtensionMap() map[int32]proto.Extension { + if m.XXX_extensions == nil { + m.XXX_extensions = make(map[int32]proto.Extension) + } + return m.XXX_extensions +} + +func (m *ConnectReply) GetProxyExternalIp() *AddressPort { + if m != nil { + return m.ProxyExternalIp + } + return nil +} + +type ListenRequest struct { + SocketDescriptor *string `protobuf:"bytes,1,req,name=socket_descriptor" json:"socket_descriptor,omitempty"` + Backlog *int32 `protobuf:"varint,2,req,name=backlog" json:"backlog,omitempty"` + XXX_unrecognized []byte `json:"-"` +} + +func (m *ListenRequest) Reset() { *m = ListenRequest{} } +func (m *ListenRequest) String() string { return proto.CompactTextString(m) } +func (*ListenRequest) ProtoMessage() {} + +func (m *ListenRequest) GetSocketDescriptor() string { + if m != nil && m.SocketDescriptor != nil { + return *m.SocketDescriptor + } + return "" +} + +func (m *ListenRequest) GetBacklog() int32 { + if m != nil && m.Backlog != nil { + return *m.Backlog + } + return 0 +} + +type ListenReply struct { + XXX_unrecognized []byte `json:"-"` +} + +func (m *ListenReply) Reset() { *m = ListenReply{} } +func (m *ListenReply) String() string { return proto.CompactTextString(m) } +func (*ListenReply) ProtoMessage() {} + +type AcceptRequest struct { + SocketDescriptor *string `protobuf:"bytes,1,req,name=socket_descriptor" json:"socket_descriptor,omitempty"` + TimeoutSeconds *float64 `protobuf:"fixed64,2,opt,name=timeout_seconds,def=-1" json:"timeout_seconds,omitempty"` + XXX_unrecognized []byte `json:"-"` +} + +func (m *AcceptRequest) Reset() { *m = AcceptRequest{} } +func (m *AcceptRequest) String() string { return proto.CompactTextString(m) } +func (*AcceptRequest) ProtoMessage() {} + +const Default_AcceptRequest_TimeoutSeconds float64 = -1 + +func (m *AcceptRequest) GetSocketDescriptor() string { + if m != nil && m.SocketDescriptor != nil { + return *m.SocketDescriptor + } + return "" +} + +func (m *AcceptRequest) GetTimeoutSeconds() float64 { + if m != nil && m.TimeoutSeconds != nil { + return *m.TimeoutSeconds + } + return Default_AcceptRequest_TimeoutSeconds +} + +type AcceptReply struct { + NewSocketDescriptor []byte `protobuf:"bytes,2,opt,name=new_socket_descriptor" json:"new_socket_descriptor,omitempty"` + RemoteAddress *AddressPort `protobuf:"bytes,3,opt,name=remote_address" json:"remote_address,omitempty"` + XXX_unrecognized []byte `json:"-"` +} + +func (m *AcceptReply) Reset() { *m = AcceptReply{} } +func (m *AcceptReply) String() string { return proto.CompactTextString(m) } +func (*AcceptReply) ProtoMessage() {} + +func (m *AcceptReply) GetNewSocketDescriptor() []byte { + if m != nil { + return m.NewSocketDescriptor + } + return nil +} + +func (m *AcceptReply) GetRemoteAddress() *AddressPort { + if m != nil { + return m.RemoteAddress + } + return nil +} + +type ShutDownRequest struct { + SocketDescriptor *string `protobuf:"bytes,1,req,name=socket_descriptor" json:"socket_descriptor,omitempty"` + How *ShutDownRequest_How `protobuf:"varint,2,req,name=how,enum=appengine.ShutDownRequest_How" json:"how,omitempty"` + SendOffset *int64 `protobuf:"varint,3,req,name=send_offset" json:"send_offset,omitempty"` + XXX_unrecognized []byte `json:"-"` +} + +func (m *ShutDownRequest) Reset() { *m = ShutDownRequest{} } +func (m *ShutDownRequest) String() string { return proto.CompactTextString(m) } +func (*ShutDownRequest) ProtoMessage() {} + +func (m *ShutDownRequest) GetSocketDescriptor() string { + if m != nil && m.SocketDescriptor != nil { + return *m.SocketDescriptor + } + return "" +} + +func (m *ShutDownRequest) GetHow() ShutDownRequest_How { + if m != nil && m.How != nil { + return *m.How + } + return ShutDownRequest_SOCKET_SHUT_RD +} + +func (m *ShutDownRequest) GetSendOffset() int64 { + if m != nil && m.SendOffset != nil { + return *m.SendOffset + } + return 0 +} + +type ShutDownReply struct { + XXX_unrecognized []byte `json:"-"` +} + +func (m *ShutDownReply) Reset() { *m = ShutDownReply{} } +func (m *ShutDownReply) String() string { return proto.CompactTextString(m) } +func (*ShutDownReply) ProtoMessage() {} + +type CloseRequest struct { + SocketDescriptor *string `protobuf:"bytes,1,req,name=socket_descriptor" json:"socket_descriptor,omitempty"` + SendOffset *int64 `protobuf:"varint,2,opt,name=send_offset,def=-1" json:"send_offset,omitempty"` + XXX_unrecognized []byte `json:"-"` +} + +func (m *CloseRequest) Reset() { *m = CloseRequest{} } +func (m *CloseRequest) String() string { return proto.CompactTextString(m) } +func (*CloseRequest) ProtoMessage() {} + +const Default_CloseRequest_SendOffset int64 = -1 + +func (m *CloseRequest) GetSocketDescriptor() string { + if m != nil && m.SocketDescriptor != nil { + return *m.SocketDescriptor + } + return "" +} + +func (m *CloseRequest) GetSendOffset() int64 { + if m != nil && m.SendOffset != nil { + return *m.SendOffset + } + return Default_CloseRequest_SendOffset +} + +type CloseReply struct { + XXX_unrecognized []byte `json:"-"` +} + +func (m *CloseReply) Reset() { *m = CloseReply{} } +func (m *CloseReply) String() string { return proto.CompactTextString(m) } +func (*CloseReply) ProtoMessage() {} + +type SendRequest struct { + SocketDescriptor *string `protobuf:"bytes,1,req,name=socket_descriptor" json:"socket_descriptor,omitempty"` + Data []byte `protobuf:"bytes,2,req,name=data" json:"data,omitempty"` + StreamOffset *int64 `protobuf:"varint,3,req,name=stream_offset" json:"stream_offset,omitempty"` + Flags *int32 `protobuf:"varint,4,opt,name=flags,def=0" json:"flags,omitempty"` + SendTo *AddressPort `protobuf:"bytes,5,opt,name=send_to" json:"send_to,omitempty"` + TimeoutSeconds *float64 `protobuf:"fixed64,6,opt,name=timeout_seconds,def=-1" json:"timeout_seconds,omitempty"` + XXX_unrecognized []byte `json:"-"` +} + +func (m *SendRequest) Reset() { *m = SendRequest{} } +func (m *SendRequest) String() string { return proto.CompactTextString(m) } +func (*SendRequest) ProtoMessage() {} + +const Default_SendRequest_Flags int32 = 0 +const Default_SendRequest_TimeoutSeconds float64 = -1 + +func (m *SendRequest) GetSocketDescriptor() string { + if m != nil && m.SocketDescriptor != nil { + return *m.SocketDescriptor + } + return "" +} + +func (m *SendRequest) GetData() []byte { + if m != nil { + return m.Data + } + return nil +} + +func (m *SendRequest) GetStreamOffset() int64 { + if m != nil && m.StreamOffset != nil { + return *m.StreamOffset + } + return 0 +} + +func (m *SendRequest) GetFlags() int32 { + if m != nil && m.Flags != nil { + return *m.Flags + } + return Default_SendRequest_Flags +} + +func (m *SendRequest) GetSendTo() *AddressPort { + if m != nil { + return m.SendTo + } + return nil +} + +func (m *SendRequest) GetTimeoutSeconds() float64 { + if m != nil && m.TimeoutSeconds != nil { + return *m.TimeoutSeconds + } + return Default_SendRequest_TimeoutSeconds +} + +type SendReply struct { + DataSent *int32 `protobuf:"varint,1,opt,name=data_sent" json:"data_sent,omitempty"` + XXX_unrecognized []byte `json:"-"` +} + +func (m *SendReply) Reset() { *m = SendReply{} } +func (m *SendReply) String() string { return proto.CompactTextString(m) } +func (*SendReply) ProtoMessage() {} + +func (m *SendReply) GetDataSent() int32 { + if m != nil && m.DataSent != nil { + return *m.DataSent + } + return 0 +} + +type ReceiveRequest struct { + SocketDescriptor *string `protobuf:"bytes,1,req,name=socket_descriptor" json:"socket_descriptor,omitempty"` + DataSize *int32 `protobuf:"varint,2,req,name=data_size" json:"data_size,omitempty"` + Flags *int32 `protobuf:"varint,3,opt,name=flags,def=0" json:"flags,omitempty"` + TimeoutSeconds *float64 `protobuf:"fixed64,5,opt,name=timeout_seconds,def=-1" json:"timeout_seconds,omitempty"` + XXX_unrecognized []byte `json:"-"` +} + +func (m *ReceiveRequest) Reset() { *m = ReceiveRequest{} } +func (m *ReceiveRequest) String() string { return proto.CompactTextString(m) } +func (*ReceiveRequest) ProtoMessage() {} + +const Default_ReceiveRequest_Flags int32 = 0 +const Default_ReceiveRequest_TimeoutSeconds float64 = -1 + +func (m *ReceiveRequest) GetSocketDescriptor() string { + if m != nil && m.SocketDescriptor != nil { + return *m.SocketDescriptor + } + return "" +} + +func (m *ReceiveRequest) GetDataSize() int32 { + if m != nil && m.DataSize != nil { + return *m.DataSize + } + return 0 +} + +func (m *ReceiveRequest) GetFlags() int32 { + if m != nil && m.Flags != nil { + return *m.Flags + } + return Default_ReceiveRequest_Flags +} + +func (m *ReceiveRequest) GetTimeoutSeconds() float64 { + if m != nil && m.TimeoutSeconds != nil { + return *m.TimeoutSeconds + } + return Default_ReceiveRequest_TimeoutSeconds +} + +type ReceiveReply struct { + StreamOffset *int64 `protobuf:"varint,2,opt,name=stream_offset" json:"stream_offset,omitempty"` + Data []byte `protobuf:"bytes,3,opt,name=data" json:"data,omitempty"` + ReceivedFrom *AddressPort `protobuf:"bytes,4,opt,name=received_from" json:"received_from,omitempty"` + BufferSize *int32 `protobuf:"varint,5,opt,name=buffer_size" json:"buffer_size,omitempty"` + XXX_unrecognized []byte `json:"-"` +} + +func (m *ReceiveReply) Reset() { *m = ReceiveReply{} } +func (m *ReceiveReply) String() string { return proto.CompactTextString(m) } +func (*ReceiveReply) ProtoMessage() {} + +func (m *ReceiveReply) GetStreamOffset() int64 { + if m != nil && m.StreamOffset != nil { + return *m.StreamOffset + } + return 0 +} + +func (m *ReceiveReply) GetData() []byte { + if m != nil { + return m.Data + } + return nil +} + +func (m *ReceiveReply) GetReceivedFrom() *AddressPort { + if m != nil { + return m.ReceivedFrom + } + return nil +} + +func (m *ReceiveReply) GetBufferSize() int32 { + if m != nil && m.BufferSize != nil { + return *m.BufferSize + } + return 0 +} + +type PollEvent struct { + SocketDescriptor *string `protobuf:"bytes,1,req,name=socket_descriptor" json:"socket_descriptor,omitempty"` + RequestedEvents *int32 `protobuf:"varint,2,req,name=requested_events" json:"requested_events,omitempty"` + ObservedEvents *int32 `protobuf:"varint,3,req,name=observed_events" json:"observed_events,omitempty"` + XXX_unrecognized []byte `json:"-"` +} + +func (m *PollEvent) Reset() { *m = PollEvent{} } +func (m *PollEvent) String() string { return proto.CompactTextString(m) } +func (*PollEvent) ProtoMessage() {} + +func (m *PollEvent) GetSocketDescriptor() string { + if m != nil && m.SocketDescriptor != nil { + return *m.SocketDescriptor + } + return "" +} + +func (m *PollEvent) GetRequestedEvents() int32 { + if m != nil && m.RequestedEvents != nil { + return *m.RequestedEvents + } + return 0 +} + +func (m *PollEvent) GetObservedEvents() int32 { + if m != nil && m.ObservedEvents != nil { + return *m.ObservedEvents + } + return 0 +} + +type PollRequest struct { + Events []*PollEvent `protobuf:"bytes,1,rep,name=events" json:"events,omitempty"` + TimeoutSeconds *float64 `protobuf:"fixed64,2,opt,name=timeout_seconds,def=-1" json:"timeout_seconds,omitempty"` + XXX_unrecognized []byte `json:"-"` +} + +func (m *PollRequest) Reset() { *m = PollRequest{} } +func (m *PollRequest) String() string { return proto.CompactTextString(m) } +func (*PollRequest) ProtoMessage() {} + +const Default_PollRequest_TimeoutSeconds float64 = -1 + +func (m *PollRequest) GetEvents() []*PollEvent { + if m != nil { + return m.Events + } + return nil +} + +func (m *PollRequest) GetTimeoutSeconds() float64 { + if m != nil && m.TimeoutSeconds != nil { + return *m.TimeoutSeconds + } + return Default_PollRequest_TimeoutSeconds +} + +type PollReply struct { + Events []*PollEvent `protobuf:"bytes,2,rep,name=events" json:"events,omitempty"` + XXX_unrecognized []byte `json:"-"` +} + +func (m *PollReply) Reset() { *m = PollReply{} } +func (m *PollReply) String() string { return proto.CompactTextString(m) } +func (*PollReply) ProtoMessage() {} + +func (m *PollReply) GetEvents() []*PollEvent { + if m != nil { + return m.Events + } + return nil +} + +type ResolveRequest struct { + Name *string `protobuf:"bytes,1,req,name=name" json:"name,omitempty"` + AddressFamilies []CreateSocketRequest_SocketFamily `protobuf:"varint,2,rep,name=address_families,enum=appengine.CreateSocketRequest_SocketFamily" json:"address_families,omitempty"` + XXX_unrecognized []byte `json:"-"` +} + +func (m *ResolveRequest) Reset() { *m = ResolveRequest{} } +func (m *ResolveRequest) String() string { return proto.CompactTextString(m) } +func (*ResolveRequest) ProtoMessage() {} + +func (m *ResolveRequest) GetName() string { + if m != nil && m.Name != nil { + return *m.Name + } + return "" +} + +func (m *ResolveRequest) GetAddressFamilies() []CreateSocketRequest_SocketFamily { + if m != nil { + return m.AddressFamilies + } + return nil +} + +type ResolveReply struct { + PackedAddress [][]byte `protobuf:"bytes,2,rep,name=packed_address" json:"packed_address,omitempty"` + CanonicalName *string `protobuf:"bytes,3,opt,name=canonical_name" json:"canonical_name,omitempty"` + Aliases []string `protobuf:"bytes,4,rep,name=aliases" json:"aliases,omitempty"` + XXX_unrecognized []byte `json:"-"` +} + +func (m *ResolveReply) Reset() { *m = ResolveReply{} } +func (m *ResolveReply) String() string { return proto.CompactTextString(m) } +func (*ResolveReply) ProtoMessage() {} + +func (m *ResolveReply) GetPackedAddress() [][]byte { + if m != nil { + return m.PackedAddress + } + return nil +} + +func (m *ResolveReply) GetCanonicalName() string { + if m != nil && m.CanonicalName != nil { + return *m.CanonicalName + } + return "" +} + +func (m *ResolveReply) GetAliases() []string { + if m != nil { + return m.Aliases + } + return nil +} + +func init() { +} diff --git a/vendor/google.golang.org/appengine/internal/socket/socket_service.proto b/vendor/google.golang.org/appengine/internal/socket/socket_service.proto new file mode 100644 index 000000000000..2fcc7953dc0a --- /dev/null +++ b/vendor/google.golang.org/appengine/internal/socket/socket_service.proto @@ -0,0 +1,460 @@ +syntax = "proto2"; +option go_package = "socket"; + +package appengine; + +message RemoteSocketServiceError { + enum ErrorCode { + SYSTEM_ERROR = 1; + GAI_ERROR = 2; + FAILURE = 4; + PERMISSION_DENIED = 5; + INVALID_REQUEST = 6; + SOCKET_CLOSED = 7; + } + + enum SystemError { + option allow_alias = true; + + SYS_SUCCESS = 0; + SYS_EPERM = 1; + SYS_ENOENT = 2; + SYS_ESRCH = 3; + SYS_EINTR = 4; + SYS_EIO = 5; + SYS_ENXIO = 6; + SYS_E2BIG = 7; + SYS_ENOEXEC = 8; + SYS_EBADF = 9; + SYS_ECHILD = 10; + SYS_EAGAIN = 11; + SYS_EWOULDBLOCK = 11; + SYS_ENOMEM = 12; + SYS_EACCES = 13; + SYS_EFAULT = 14; + SYS_ENOTBLK = 15; + SYS_EBUSY = 16; + SYS_EEXIST = 17; + SYS_EXDEV = 18; + SYS_ENODEV = 19; + SYS_ENOTDIR = 20; + SYS_EISDIR = 21; + SYS_EINVAL = 22; + SYS_ENFILE = 23; + SYS_EMFILE = 24; + SYS_ENOTTY = 25; + SYS_ETXTBSY = 26; + SYS_EFBIG = 27; + SYS_ENOSPC = 28; + SYS_ESPIPE = 29; + SYS_EROFS = 30; + SYS_EMLINK = 31; + SYS_EPIPE = 32; + SYS_EDOM = 33; + SYS_ERANGE = 34; + SYS_EDEADLK = 35; + SYS_EDEADLOCK = 35; + SYS_ENAMETOOLONG = 36; + SYS_ENOLCK = 37; + SYS_ENOSYS = 38; + SYS_ENOTEMPTY = 39; + SYS_ELOOP = 40; + SYS_ENOMSG = 42; + SYS_EIDRM = 43; + SYS_ECHRNG = 44; + SYS_EL2NSYNC = 45; + SYS_EL3HLT = 46; + SYS_EL3RST = 47; + SYS_ELNRNG = 48; + SYS_EUNATCH = 49; + SYS_ENOCSI = 50; + SYS_EL2HLT = 51; + SYS_EBADE = 52; + SYS_EBADR = 53; + SYS_EXFULL = 54; + SYS_ENOANO = 55; + SYS_EBADRQC = 56; + SYS_EBADSLT = 57; + SYS_EBFONT = 59; + SYS_ENOSTR = 60; + SYS_ENODATA = 61; + SYS_ETIME = 62; + SYS_ENOSR = 63; + SYS_ENONET = 64; + SYS_ENOPKG = 65; + SYS_EREMOTE = 66; + SYS_ENOLINK = 67; + SYS_EADV = 68; + SYS_ESRMNT = 69; + SYS_ECOMM = 70; + SYS_EPROTO = 71; + SYS_EMULTIHOP = 72; + SYS_EDOTDOT = 73; + SYS_EBADMSG = 74; + SYS_EOVERFLOW = 75; + SYS_ENOTUNIQ = 76; + SYS_EBADFD = 77; + SYS_EREMCHG = 78; + SYS_ELIBACC = 79; + SYS_ELIBBAD = 80; + SYS_ELIBSCN = 81; + SYS_ELIBMAX = 82; + SYS_ELIBEXEC = 83; + SYS_EILSEQ = 84; + SYS_ERESTART = 85; + SYS_ESTRPIPE = 86; + SYS_EUSERS = 87; + SYS_ENOTSOCK = 88; + SYS_EDESTADDRREQ = 89; + SYS_EMSGSIZE = 90; + SYS_EPROTOTYPE = 91; + SYS_ENOPROTOOPT = 92; + SYS_EPROTONOSUPPORT = 93; + SYS_ESOCKTNOSUPPORT = 94; + SYS_EOPNOTSUPP = 95; + SYS_ENOTSUP = 95; + SYS_EPFNOSUPPORT = 96; + SYS_EAFNOSUPPORT = 97; + SYS_EADDRINUSE = 98; + SYS_EADDRNOTAVAIL = 99; + SYS_ENETDOWN = 100; + SYS_ENETUNREACH = 101; + SYS_ENETRESET = 102; + SYS_ECONNABORTED = 103; + SYS_ECONNRESET = 104; + SYS_ENOBUFS = 105; + SYS_EISCONN = 106; + SYS_ENOTCONN = 107; + SYS_ESHUTDOWN = 108; + SYS_ETOOMANYREFS = 109; + SYS_ETIMEDOUT = 110; + SYS_ECONNREFUSED = 111; + SYS_EHOSTDOWN = 112; + SYS_EHOSTUNREACH = 113; + SYS_EALREADY = 114; + SYS_EINPROGRESS = 115; + SYS_ESTALE = 116; + SYS_EUCLEAN = 117; + SYS_ENOTNAM = 118; + SYS_ENAVAIL = 119; + SYS_EISNAM = 120; + SYS_EREMOTEIO = 121; + SYS_EDQUOT = 122; + SYS_ENOMEDIUM = 123; + SYS_EMEDIUMTYPE = 124; + SYS_ECANCELED = 125; + SYS_ENOKEY = 126; + SYS_EKEYEXPIRED = 127; + SYS_EKEYREVOKED = 128; + SYS_EKEYREJECTED = 129; + SYS_EOWNERDEAD = 130; + SYS_ENOTRECOVERABLE = 131; + SYS_ERFKILL = 132; + } + + optional int32 system_error = 1 [default=0]; + optional string error_detail = 2; +} + +message AddressPort { + required int32 port = 1; + optional bytes packed_address = 2; + + optional string hostname_hint = 3; +} + + + +message CreateSocketRequest { + enum SocketFamily { + IPv4 = 1; + IPv6 = 2; + } + + enum SocketProtocol { + TCP = 1; + UDP = 2; + } + + required SocketFamily family = 1; + required SocketProtocol protocol = 2; + + repeated SocketOption socket_options = 3; + + optional AddressPort proxy_external_ip = 4; + + optional int32 listen_backlog = 5 [default=0]; + + optional AddressPort remote_ip = 6; + + optional string app_id = 9; + + optional int64 project_id = 10; +} + +message CreateSocketReply { + optional string socket_descriptor = 1; + + optional AddressPort server_address = 3; + + optional AddressPort proxy_external_ip = 4; + + extensions 1000 to max; +} + + + +message BindRequest { + required string socket_descriptor = 1; + required AddressPort proxy_external_ip = 2; +} + +message BindReply { + optional AddressPort proxy_external_ip = 1; +} + + + +message GetSocketNameRequest { + required string socket_descriptor = 1; +} + +message GetSocketNameReply { + optional AddressPort proxy_external_ip = 2; +} + + + +message GetPeerNameRequest { + required string socket_descriptor = 1; +} + +message GetPeerNameReply { + optional AddressPort peer_ip = 2; +} + + +message SocketOption { + + enum SocketOptionLevel { + SOCKET_SOL_IP = 0; + SOCKET_SOL_SOCKET = 1; + SOCKET_SOL_TCP = 6; + SOCKET_SOL_UDP = 17; + } + + enum SocketOptionName { + option allow_alias = true; + + SOCKET_SO_DEBUG = 1; + SOCKET_SO_REUSEADDR = 2; + SOCKET_SO_TYPE = 3; + SOCKET_SO_ERROR = 4; + SOCKET_SO_DONTROUTE = 5; + SOCKET_SO_BROADCAST = 6; + SOCKET_SO_SNDBUF = 7; + SOCKET_SO_RCVBUF = 8; + SOCKET_SO_KEEPALIVE = 9; + SOCKET_SO_OOBINLINE = 10; + SOCKET_SO_LINGER = 13; + SOCKET_SO_RCVTIMEO = 20; + SOCKET_SO_SNDTIMEO = 21; + + SOCKET_IP_TOS = 1; + SOCKET_IP_TTL = 2; + SOCKET_IP_HDRINCL = 3; + SOCKET_IP_OPTIONS = 4; + + SOCKET_TCP_NODELAY = 1; + SOCKET_TCP_MAXSEG = 2; + SOCKET_TCP_CORK = 3; + SOCKET_TCP_KEEPIDLE = 4; + SOCKET_TCP_KEEPINTVL = 5; + SOCKET_TCP_KEEPCNT = 6; + SOCKET_TCP_SYNCNT = 7; + SOCKET_TCP_LINGER2 = 8; + SOCKET_TCP_DEFER_ACCEPT = 9; + SOCKET_TCP_WINDOW_CLAMP = 10; + SOCKET_TCP_INFO = 11; + SOCKET_TCP_QUICKACK = 12; + } + + required SocketOptionLevel level = 1; + required SocketOptionName option = 2; + required bytes value = 3; +} + + +message SetSocketOptionsRequest { + required string socket_descriptor = 1; + repeated SocketOption options = 2; +} + +message SetSocketOptionsReply { +} + +message GetSocketOptionsRequest { + required string socket_descriptor = 1; + repeated SocketOption options = 2; +} + +message GetSocketOptionsReply { + repeated SocketOption options = 2; +} + + +message ConnectRequest { + required string socket_descriptor = 1; + required AddressPort remote_ip = 2; + optional double timeout_seconds = 3 [default=-1]; +} + +message ConnectReply { + optional AddressPort proxy_external_ip = 1; + + extensions 1000 to max; +} + + +message ListenRequest { + required string socket_descriptor = 1; + required int32 backlog = 2; +} + +message ListenReply { +} + + +message AcceptRequest { + required string socket_descriptor = 1; + optional double timeout_seconds = 2 [default=-1]; +} + +message AcceptReply { + optional bytes new_socket_descriptor = 2; + optional AddressPort remote_address = 3; +} + + + +message ShutDownRequest { + enum How { + SOCKET_SHUT_RD = 1; + SOCKET_SHUT_WR = 2; + SOCKET_SHUT_RDWR = 3; + } + required string socket_descriptor = 1; + required How how = 2; + required int64 send_offset = 3; +} + +message ShutDownReply { +} + + + +message CloseRequest { + required string socket_descriptor = 1; + optional int64 send_offset = 2 [default=-1]; +} + +message CloseReply { +} + + + +message SendRequest { + required string socket_descriptor = 1; + required bytes data = 2 [ctype=CORD]; + required int64 stream_offset = 3; + optional int32 flags = 4 [default=0]; + optional AddressPort send_to = 5; + optional double timeout_seconds = 6 [default=-1]; +} + +message SendReply { + optional int32 data_sent = 1; +} + + +message ReceiveRequest { + enum Flags { + MSG_OOB = 1; + MSG_PEEK = 2; + } + required string socket_descriptor = 1; + required int32 data_size = 2; + optional int32 flags = 3 [default=0]; + optional double timeout_seconds = 5 [default=-1]; +} + +message ReceiveReply { + optional int64 stream_offset = 2; + optional bytes data = 3 [ctype=CORD]; + optional AddressPort received_from = 4; + optional int32 buffer_size = 5; +} + + + +message PollEvent { + + enum PollEventFlag { + SOCKET_POLLNONE = 0; + SOCKET_POLLIN = 1; + SOCKET_POLLPRI = 2; + SOCKET_POLLOUT = 4; + SOCKET_POLLERR = 8; + SOCKET_POLLHUP = 16; + SOCKET_POLLNVAL = 32; + SOCKET_POLLRDNORM = 64; + SOCKET_POLLRDBAND = 128; + SOCKET_POLLWRNORM = 256; + SOCKET_POLLWRBAND = 512; + SOCKET_POLLMSG = 1024; + SOCKET_POLLREMOVE = 4096; + SOCKET_POLLRDHUP = 8192; + }; + + required string socket_descriptor = 1; + required int32 requested_events = 2; + required int32 observed_events = 3; +} + +message PollRequest { + repeated PollEvent events = 1; + optional double timeout_seconds = 2 [default=-1]; +} + +message PollReply { + repeated PollEvent events = 2; +} + +message ResolveRequest { + required string name = 1; + repeated CreateSocketRequest.SocketFamily address_families = 2; +} + +message ResolveReply { + enum ErrorCode { + SOCKET_EAI_ADDRFAMILY = 1; + SOCKET_EAI_AGAIN = 2; + SOCKET_EAI_BADFLAGS = 3; + SOCKET_EAI_FAIL = 4; + SOCKET_EAI_FAMILY = 5; + SOCKET_EAI_MEMORY = 6; + SOCKET_EAI_NODATA = 7; + SOCKET_EAI_NONAME = 8; + SOCKET_EAI_SERVICE = 9; + SOCKET_EAI_SOCKTYPE = 10; + SOCKET_EAI_SYSTEM = 11; + SOCKET_EAI_BADHINTS = 12; + SOCKET_EAI_PROTOCOL = 13; + SOCKET_EAI_OVERFLOW = 14; + SOCKET_EAI_MAX = 15; + }; + + repeated bytes packed_address = 2; + optional string canonical_name = 3; + repeated string aliases = 4; +} diff --git a/vendor/google.golang.org/appengine/socket/doc.go b/vendor/google.golang.org/appengine/socket/doc.go new file mode 100644 index 000000000000..3de46df826b2 --- /dev/null +++ b/vendor/google.golang.org/appengine/socket/doc.go @@ -0,0 +1,10 @@ +// Copyright 2012 Google Inc. All rights reserved. +// Use of this source code is governed by the Apache 2.0 +// license that can be found in the LICENSE file. + +// Package socket provides outbound network sockets. +// +// This package is only required in the classic App Engine environment. +// Applications running only in App Engine "flexible environment" should +// use the standard library's net package. +package socket diff --git a/vendor/google.golang.org/appengine/socket/socket_classic.go b/vendor/google.golang.org/appengine/socket/socket_classic.go new file mode 100644 index 000000000000..0ad50e2d36d7 --- /dev/null +++ b/vendor/google.golang.org/appengine/socket/socket_classic.go @@ -0,0 +1,290 @@ +// Copyright 2012 Google Inc. All rights reserved. +// Use of this source code is governed by the Apache 2.0 +// license that can be found in the LICENSE file. + +// +build appengine + +package socket + +import ( + "fmt" + "io" + "net" + "strconv" + "time" + + "github.com/golang/protobuf/proto" + "golang.org/x/net/context" + "google.golang.org/appengine/internal" + + pb "google.golang.org/appengine/internal/socket" +) + +// Dial connects to the address addr on the network protocol. +// The address format is host:port, where host may be a hostname or an IP address. +// Known protocols are "tcp" and "udp". +// The returned connection satisfies net.Conn, and is valid while ctx is valid; +// if the connection is to be used after ctx becomes invalid, invoke SetContext +// with the new context. +func Dial(ctx context.Context, protocol, addr string) (*Conn, error) { + return DialTimeout(ctx, protocol, addr, 0) +} + +var ipFamilies = []pb.CreateSocketRequest_SocketFamily{ + pb.CreateSocketRequest_IPv4, + pb.CreateSocketRequest_IPv6, +} + +// DialTimeout is like Dial but takes a timeout. +// The timeout includes name resolution, if required. +func DialTimeout(ctx context.Context, protocol, addr string, timeout time.Duration) (*Conn, error) { + dialCtx := ctx // Used for dialing and name resolution, but not stored in the *Conn. + if timeout > 0 { + var cancel context.CancelFunc + dialCtx, cancel = context.WithTimeout(ctx, timeout) + defer cancel() + } + + host, portStr, err := net.SplitHostPort(addr) + if err != nil { + return nil, err + } + port, err := strconv.Atoi(portStr) + if err != nil { + return nil, fmt.Errorf("socket: bad port %q: %v", portStr, err) + } + + var prot pb.CreateSocketRequest_SocketProtocol + switch protocol { + case "tcp": + prot = pb.CreateSocketRequest_TCP + case "udp": + prot = pb.CreateSocketRequest_UDP + default: + return nil, fmt.Errorf("socket: unknown protocol %q", protocol) + } + + packedAddrs, resolved, err := resolve(dialCtx, ipFamilies, host) + if err != nil { + return nil, fmt.Errorf("socket: failed resolving %q: %v", host, err) + } + if len(packedAddrs) == 0 { + return nil, fmt.Errorf("no addresses for %q", host) + } + + packedAddr := packedAddrs[0] // use first address + fam := pb.CreateSocketRequest_IPv4 + if len(packedAddr) == net.IPv6len { + fam = pb.CreateSocketRequest_IPv6 + } + + req := &pb.CreateSocketRequest{ + Family: fam.Enum(), + Protocol: prot.Enum(), + RemoteIp: &pb.AddressPort{ + Port: proto.Int32(int32(port)), + PackedAddress: packedAddr, + }, + } + if resolved { + req.RemoteIp.HostnameHint = &host + } + res := &pb.CreateSocketReply{} + if err := internal.Call(dialCtx, "remote_socket", "CreateSocket", req, res); err != nil { + return nil, err + } + + return &Conn{ + ctx: ctx, + desc: res.GetSocketDescriptor(), + prot: prot, + local: res.ProxyExternalIp, + remote: req.RemoteIp, + }, nil +} + +// LookupIP returns the given host's IP addresses. +func LookupIP(ctx context.Context, host string) (addrs []net.IP, err error) { + packedAddrs, _, err := resolve(ctx, ipFamilies, host) + if err != nil { + return nil, fmt.Errorf("socket: failed resolving %q: %v", host, err) + } + addrs = make([]net.IP, len(packedAddrs)) + for i, pa := range packedAddrs { + addrs[i] = net.IP(pa) + } + return addrs, nil +} + +func resolve(ctx context.Context, fams []pb.CreateSocketRequest_SocketFamily, host string) ([][]byte, bool, error) { + // Check if it's an IP address. + if ip := net.ParseIP(host); ip != nil { + if ip := ip.To4(); ip != nil { + return [][]byte{ip}, false, nil + } + return [][]byte{ip}, false, nil + } + + req := &pb.ResolveRequest{ + Name: &host, + AddressFamilies: fams, + } + res := &pb.ResolveReply{} + if err := internal.Call(ctx, "remote_socket", "Resolve", req, res); err != nil { + // XXX: need to map to pb.ResolveReply_ErrorCode? + return nil, false, err + } + return res.PackedAddress, true, nil +} + +// withDeadline is like context.WithDeadline, except it ignores the zero deadline. +func withDeadline(parent context.Context, deadline time.Time) (context.Context, context.CancelFunc) { + if deadline.IsZero() { + return parent, func() {} + } + return context.WithDeadline(parent, deadline) +} + +// Conn represents a socket connection. +// It implements net.Conn. +type Conn struct { + ctx context.Context + desc string + offset int64 + + prot pb.CreateSocketRequest_SocketProtocol + local, remote *pb.AddressPort + + readDeadline, writeDeadline time.Time // optional +} + +// SetContext sets the context that is used by this Conn. +// It is usually used only when using a Conn that was created in a different context, +// such as when a connection is created during a warmup request but used while +// servicing a user request. +func (cn *Conn) SetContext(ctx context.Context) { + cn.ctx = ctx +} + +func (cn *Conn) Read(b []byte) (n int, err error) { + const maxRead = 1 << 20 + if len(b) > maxRead { + b = b[:maxRead] + } + + req := &pb.ReceiveRequest{ + SocketDescriptor: &cn.desc, + DataSize: proto.Int32(int32(len(b))), + } + res := &pb.ReceiveReply{} + if !cn.readDeadline.IsZero() { + req.TimeoutSeconds = proto.Float64(cn.readDeadline.Sub(time.Now()).Seconds()) + } + ctx, cancel := withDeadline(cn.ctx, cn.readDeadline) + defer cancel() + if err := internal.Call(ctx, "remote_socket", "Receive", req, res); err != nil { + return 0, err + } + if len(res.Data) == 0 { + return 0, io.EOF + } + if len(res.Data) > len(b) { + return 0, fmt.Errorf("socket: internal error: read too much data: %d > %d", len(res.Data), len(b)) + } + return copy(b, res.Data), nil +} + +func (cn *Conn) Write(b []byte) (n int, err error) { + const lim = 1 << 20 // max per chunk + + for n < len(b) { + chunk := b[n:] + if len(chunk) > lim { + chunk = chunk[:lim] + } + + req := &pb.SendRequest{ + SocketDescriptor: &cn.desc, + Data: chunk, + StreamOffset: &cn.offset, + } + res := &pb.SendReply{} + if !cn.writeDeadline.IsZero() { + req.TimeoutSeconds = proto.Float64(cn.writeDeadline.Sub(time.Now()).Seconds()) + } + ctx, cancel := withDeadline(cn.ctx, cn.writeDeadline) + defer cancel() + if err = internal.Call(ctx, "remote_socket", "Send", req, res); err != nil { + // assume zero bytes were sent in this RPC + break + } + n += int(res.GetDataSent()) + cn.offset += int64(res.GetDataSent()) + } + + return +} + +func (cn *Conn) Close() error { + req := &pb.CloseRequest{ + SocketDescriptor: &cn.desc, + } + res := &pb.CloseReply{} + if err := internal.Call(cn.ctx, "remote_socket", "Close", req, res); err != nil { + return err + } + cn.desc = "CLOSED" + return nil +} + +func addr(prot pb.CreateSocketRequest_SocketProtocol, ap *pb.AddressPort) net.Addr { + if ap == nil { + return nil + } + switch prot { + case pb.CreateSocketRequest_TCP: + return &net.TCPAddr{ + IP: net.IP(ap.PackedAddress), + Port: int(*ap.Port), + } + case pb.CreateSocketRequest_UDP: + return &net.UDPAddr{ + IP: net.IP(ap.PackedAddress), + Port: int(*ap.Port), + } + } + panic("unknown protocol " + prot.String()) +} + +func (cn *Conn) LocalAddr() net.Addr { return addr(cn.prot, cn.local) } +func (cn *Conn) RemoteAddr() net.Addr { return addr(cn.prot, cn.remote) } + +func (cn *Conn) SetDeadline(t time.Time) error { + cn.readDeadline = t + cn.writeDeadline = t + return nil +} + +func (cn *Conn) SetReadDeadline(t time.Time) error { + cn.readDeadline = t + return nil +} + +func (cn *Conn) SetWriteDeadline(t time.Time) error { + cn.writeDeadline = t + return nil +} + +// KeepAlive signals that the connection is still in use. +// It may be called to prevent the socket being closed due to inactivity. +func (cn *Conn) KeepAlive() error { + req := &pb.GetSocketNameRequest{ + SocketDescriptor: &cn.desc, + } + res := &pb.GetSocketNameReply{} + return internal.Call(cn.ctx, "remote_socket", "GetSocketName", req, res) +} + +func init() { + internal.RegisterErrorCodeMap("remote_socket", pb.RemoteSocketServiceError_ErrorCode_name) +} diff --git a/vendor/google.golang.org/appengine/socket/socket_vm.go b/vendor/google.golang.org/appengine/socket/socket_vm.go new file mode 100644 index 000000000000..c804169a1c0b --- /dev/null +++ b/vendor/google.golang.org/appengine/socket/socket_vm.go @@ -0,0 +1,64 @@ +// Copyright 2015 Google Inc. All rights reserved. +// Use of this source code is governed by the Apache 2.0 +// license that can be found in the LICENSE file. + +// +build !appengine + +package socket + +import ( + "net" + "time" + + "golang.org/x/net/context" +) + +// Dial connects to the address addr on the network protocol. +// The address format is host:port, where host may be a hostname or an IP address. +// Known protocols are "tcp" and "udp". +// The returned connection satisfies net.Conn, and is valid while ctx is valid; +// if the connection is to be used after ctx becomes invalid, invoke SetContext +// with the new context. +func Dial(ctx context.Context, protocol, addr string) (*Conn, error) { + conn, err := net.Dial(protocol, addr) + if err != nil { + return nil, err + } + return &Conn{conn}, nil +} + +// DialTimeout is like Dial but takes a timeout. +// The timeout includes name resolution, if required. +func DialTimeout(ctx context.Context, protocol, addr string, timeout time.Duration) (*Conn, error) { + conn, err := net.DialTimeout(protocol, addr, timeout) + if err != nil { + return nil, err + } + return &Conn{conn}, nil +} + +// LookupIP returns the given host's IP addresses. +func LookupIP(ctx context.Context, host string) (addrs []net.IP, err error) { + return net.LookupIP(host) +} + +// Conn represents a socket connection. +// It implements net.Conn. +type Conn struct { + net.Conn +} + +// SetContext sets the context that is used by this Conn. +// It is usually used only when using a Conn that was created in a different context, +// such as when a connection is created during a warmup request but used while +// servicing a user request. +func (cn *Conn) SetContext(ctx context.Context) { + // This function is not required in App Engine "flexible environment". +} + +// KeepAlive signals that the connection is still in use. +// It may be called to prevent the socket being closed due to inactivity. +func (cn *Conn) KeepAlive() error { + // This function is not required in App Engine "flexible environment". + return nil +} diff --git a/vendor/google.golang.org/genproto/googleapis/rpc/errdetails/error_details.pb.go b/vendor/google.golang.org/genproto/googleapis/rpc/errdetails/error_details.pb.go new file mode 100644 index 000000000000..068bfb2ed94e --- /dev/null +++ b/vendor/google.golang.org/genproto/googleapis/rpc/errdetails/error_details.pb.go @@ -0,0 +1,495 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// source: google/rpc/error_details.proto + +/* +Package errdetails is a generated protocol buffer package. + +It is generated from these files: + google/rpc/error_details.proto + +It has these top-level messages: + RetryInfo + DebugInfo + QuotaFailure + PreconditionFailure + BadRequest + RequestInfo + ResourceInfo + Help + LocalizedMessage +*/ +package errdetails + +import proto "github.com/golang/protobuf/proto" +import fmt "fmt" +import math "math" +import google_protobuf "github.com/golang/protobuf/ptypes/duration" + +// Reference imports to suppress errors if they are not otherwise used. +var _ = proto.Marshal +var _ = fmt.Errorf +var _ = math.Inf + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the proto package it is being compiled against. +// A compilation error at this line likely means your copy of the +// proto package needs to be updated. +const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package + +// Describes when the clients can retry a failed request. Clients could ignore +// the recommendation here or retry when this information is missing from error +// responses. +// +// It's always recommended that clients should use exponential backoff when +// retrying. +// +// Clients should wait until `retry_delay` amount of time has passed since +// receiving the error response before retrying. If retrying requests also +// fail, clients should use an exponential backoff scheme to gradually increase +// the delay between retries based on `retry_delay`, until either a maximum +// number of retires have been reached or a maximum retry delay cap has been +// reached. +type RetryInfo struct { + // Clients should wait at least this long between retrying the same request. + RetryDelay *google_protobuf.Duration `protobuf:"bytes,1,opt,name=retry_delay,json=retryDelay" json:"retry_delay,omitempty"` +} + +func (m *RetryInfo) Reset() { *m = RetryInfo{} } +func (m *RetryInfo) String() string { return proto.CompactTextString(m) } +func (*RetryInfo) ProtoMessage() {} +func (*RetryInfo) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{0} } + +func (m *RetryInfo) GetRetryDelay() *google_protobuf.Duration { + if m != nil { + return m.RetryDelay + } + return nil +} + +// Describes additional debugging info. +type DebugInfo struct { + // The stack trace entries indicating where the error occurred. + StackEntries []string `protobuf:"bytes,1,rep,name=stack_entries,json=stackEntries" json:"stack_entries,omitempty"` + // Additional debugging information provided by the server. + Detail string `protobuf:"bytes,2,opt,name=detail" json:"detail,omitempty"` +} + +func (m *DebugInfo) Reset() { *m = DebugInfo{} } +func (m *DebugInfo) String() string { return proto.CompactTextString(m) } +func (*DebugInfo) ProtoMessage() {} +func (*DebugInfo) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{1} } + +func (m *DebugInfo) GetStackEntries() []string { + if m != nil { + return m.StackEntries + } + return nil +} + +func (m *DebugInfo) GetDetail() string { + if m != nil { + return m.Detail + } + return "" +} + +// Describes how a quota check failed. +// +// For example if a daily limit was exceeded for the calling project, +// a service could respond with a QuotaFailure detail containing the project +// id and the description of the quota limit that was exceeded. If the +// calling project hasn't enabled the service in the developer console, then +// a service could respond with the project id and set `service_disabled` +// to true. +// +// Also see RetryDetail and Help types for other details about handling a +// quota failure. +type QuotaFailure struct { + // Describes all quota violations. + Violations []*QuotaFailure_Violation `protobuf:"bytes,1,rep,name=violations" json:"violations,omitempty"` +} + +func (m *QuotaFailure) Reset() { *m = QuotaFailure{} } +func (m *QuotaFailure) String() string { return proto.CompactTextString(m) } +func (*QuotaFailure) ProtoMessage() {} +func (*QuotaFailure) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{2} } + +func (m *QuotaFailure) GetViolations() []*QuotaFailure_Violation { + if m != nil { + return m.Violations + } + return nil +} + +// A message type used to describe a single quota violation. For example, a +// daily quota or a custom quota that was exceeded. +type QuotaFailure_Violation struct { + // The subject on which the quota check failed. + // For example, "clientip:" or "project:". + Subject string `protobuf:"bytes,1,opt,name=subject" json:"subject,omitempty"` + // A description of how the quota check failed. Clients can use this + // description to find more about the quota configuration in the service's + // public documentation, or find the relevant quota limit to adjust through + // developer console. + // + // For example: "Service disabled" or "Daily Limit for read operations + // exceeded". + Description string `protobuf:"bytes,2,opt,name=description" json:"description,omitempty"` +} + +func (m *QuotaFailure_Violation) Reset() { *m = QuotaFailure_Violation{} } +func (m *QuotaFailure_Violation) String() string { return proto.CompactTextString(m) } +func (*QuotaFailure_Violation) ProtoMessage() {} +func (*QuotaFailure_Violation) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{2, 0} } + +func (m *QuotaFailure_Violation) GetSubject() string { + if m != nil { + return m.Subject + } + return "" +} + +func (m *QuotaFailure_Violation) GetDescription() string { + if m != nil { + return m.Description + } + return "" +} + +// Describes what preconditions have failed. +// +// For example, if an RPC failed because it required the Terms of Service to be +// acknowledged, it could list the terms of service violation in the +// PreconditionFailure message. +type PreconditionFailure struct { + // Describes all precondition violations. + Violations []*PreconditionFailure_Violation `protobuf:"bytes,1,rep,name=violations" json:"violations,omitempty"` +} + +func (m *PreconditionFailure) Reset() { *m = PreconditionFailure{} } +func (m *PreconditionFailure) String() string { return proto.CompactTextString(m) } +func (*PreconditionFailure) ProtoMessage() {} +func (*PreconditionFailure) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{3} } + +func (m *PreconditionFailure) GetViolations() []*PreconditionFailure_Violation { + if m != nil { + return m.Violations + } + return nil +} + +// A message type used to describe a single precondition failure. +type PreconditionFailure_Violation struct { + // The type of PreconditionFailure. We recommend using a service-specific + // enum type to define the supported precondition violation types. For + // example, "TOS" for "Terms of Service violation". + Type string `protobuf:"bytes,1,opt,name=type" json:"type,omitempty"` + // The subject, relative to the type, that failed. + // For example, "google.com/cloud" relative to the "TOS" type would + // indicate which terms of service is being referenced. + Subject string `protobuf:"bytes,2,opt,name=subject" json:"subject,omitempty"` + // A description of how the precondition failed. Developers can use this + // description to understand how to fix the failure. + // + // For example: "Terms of service not accepted". + Description string `protobuf:"bytes,3,opt,name=description" json:"description,omitempty"` +} + +func (m *PreconditionFailure_Violation) Reset() { *m = PreconditionFailure_Violation{} } +func (m *PreconditionFailure_Violation) String() string { return proto.CompactTextString(m) } +func (*PreconditionFailure_Violation) ProtoMessage() {} +func (*PreconditionFailure_Violation) Descriptor() ([]byte, []int) { + return fileDescriptor0, []int{3, 0} +} + +func (m *PreconditionFailure_Violation) GetType() string { + if m != nil { + return m.Type + } + return "" +} + +func (m *PreconditionFailure_Violation) GetSubject() string { + if m != nil { + return m.Subject + } + return "" +} + +func (m *PreconditionFailure_Violation) GetDescription() string { + if m != nil { + return m.Description + } + return "" +} + +// Describes violations in a client request. This error type focuses on the +// syntactic aspects of the request. +type BadRequest struct { + // Describes all violations in a client request. + FieldViolations []*BadRequest_FieldViolation `protobuf:"bytes,1,rep,name=field_violations,json=fieldViolations" json:"field_violations,omitempty"` +} + +func (m *BadRequest) Reset() { *m = BadRequest{} } +func (m *BadRequest) String() string { return proto.CompactTextString(m) } +func (*BadRequest) ProtoMessage() {} +func (*BadRequest) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{4} } + +func (m *BadRequest) GetFieldViolations() []*BadRequest_FieldViolation { + if m != nil { + return m.FieldViolations + } + return nil +} + +// A message type used to describe a single bad request field. +type BadRequest_FieldViolation struct { + // A path leading to a field in the request body. The value will be a + // sequence of dot-separated identifiers that identify a protocol buffer + // field. E.g., "field_violations.field" would identify this field. + Field string `protobuf:"bytes,1,opt,name=field" json:"field,omitempty"` + // A description of why the request element is bad. + Description string `protobuf:"bytes,2,opt,name=description" json:"description,omitempty"` +} + +func (m *BadRequest_FieldViolation) Reset() { *m = BadRequest_FieldViolation{} } +func (m *BadRequest_FieldViolation) String() string { return proto.CompactTextString(m) } +func (*BadRequest_FieldViolation) ProtoMessage() {} +func (*BadRequest_FieldViolation) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{4, 0} } + +func (m *BadRequest_FieldViolation) GetField() string { + if m != nil { + return m.Field + } + return "" +} + +func (m *BadRequest_FieldViolation) GetDescription() string { + if m != nil { + return m.Description + } + return "" +} + +// Contains metadata about the request that clients can attach when filing a bug +// or providing other forms of feedback. +type RequestInfo struct { + // An opaque string that should only be interpreted by the service generating + // it. For example, it can be used to identify requests in the service's logs. + RequestId string `protobuf:"bytes,1,opt,name=request_id,json=requestId" json:"request_id,omitempty"` + // Any data that was used to serve this request. For example, an encrypted + // stack trace that can be sent back to the service provider for debugging. + ServingData string `protobuf:"bytes,2,opt,name=serving_data,json=servingData" json:"serving_data,omitempty"` +} + +func (m *RequestInfo) Reset() { *m = RequestInfo{} } +func (m *RequestInfo) String() string { return proto.CompactTextString(m) } +func (*RequestInfo) ProtoMessage() {} +func (*RequestInfo) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{5} } + +func (m *RequestInfo) GetRequestId() string { + if m != nil { + return m.RequestId + } + return "" +} + +func (m *RequestInfo) GetServingData() string { + if m != nil { + return m.ServingData + } + return "" +} + +// Describes the resource that is being accessed. +type ResourceInfo struct { + // A name for the type of resource being accessed, e.g. "sql table", + // "cloud storage bucket", "file", "Google calendar"; or the type URL + // of the resource: e.g. "type.googleapis.com/google.pubsub.v1.Topic". + ResourceType string `protobuf:"bytes,1,opt,name=resource_type,json=resourceType" json:"resource_type,omitempty"` + // The name of the resource being accessed. For example, a shared calendar + // name: "example.com_4fghdhgsrgh@group.calendar.google.com", if the current + // error is [google.rpc.Code.PERMISSION_DENIED][google.rpc.Code.PERMISSION_DENIED]. + ResourceName string `protobuf:"bytes,2,opt,name=resource_name,json=resourceName" json:"resource_name,omitempty"` + // The owner of the resource (optional). + // For example, "user:" or "project:". + Owner string `protobuf:"bytes,3,opt,name=owner" json:"owner,omitempty"` + // Describes what error is encountered when accessing this resource. + // For example, updating a cloud project may require the `writer` permission + // on the developer console project. + Description string `protobuf:"bytes,4,opt,name=description" json:"description,omitempty"` +} + +func (m *ResourceInfo) Reset() { *m = ResourceInfo{} } +func (m *ResourceInfo) String() string { return proto.CompactTextString(m) } +func (*ResourceInfo) ProtoMessage() {} +func (*ResourceInfo) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{6} } + +func (m *ResourceInfo) GetResourceType() string { + if m != nil { + return m.ResourceType + } + return "" +} + +func (m *ResourceInfo) GetResourceName() string { + if m != nil { + return m.ResourceName + } + return "" +} + +func (m *ResourceInfo) GetOwner() string { + if m != nil { + return m.Owner + } + return "" +} + +func (m *ResourceInfo) GetDescription() string { + if m != nil { + return m.Description + } + return "" +} + +// Provides links to documentation or for performing an out of band action. +// +// For example, if a quota check failed with an error indicating the calling +// project hasn't enabled the accessed service, this can contain a URL pointing +// directly to the right place in the developer console to flip the bit. +type Help struct { + // URL(s) pointing to additional information on handling the current error. + Links []*Help_Link `protobuf:"bytes,1,rep,name=links" json:"links,omitempty"` +} + +func (m *Help) Reset() { *m = Help{} } +func (m *Help) String() string { return proto.CompactTextString(m) } +func (*Help) ProtoMessage() {} +func (*Help) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{7} } + +func (m *Help) GetLinks() []*Help_Link { + if m != nil { + return m.Links + } + return nil +} + +// Describes a URL link. +type Help_Link struct { + // Describes what the link offers. + Description string `protobuf:"bytes,1,opt,name=description" json:"description,omitempty"` + // The URL of the link. + Url string `protobuf:"bytes,2,opt,name=url" json:"url,omitempty"` +} + +func (m *Help_Link) Reset() { *m = Help_Link{} } +func (m *Help_Link) String() string { return proto.CompactTextString(m) } +func (*Help_Link) ProtoMessage() {} +func (*Help_Link) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{7, 0} } + +func (m *Help_Link) GetDescription() string { + if m != nil { + return m.Description + } + return "" +} + +func (m *Help_Link) GetUrl() string { + if m != nil { + return m.Url + } + return "" +} + +// Provides a localized error message that is safe to return to the user +// which can be attached to an RPC error. +type LocalizedMessage struct { + // The locale used following the specification defined at + // http://www.rfc-editor.org/rfc/bcp/bcp47.txt. + // Examples are: "en-US", "fr-CH", "es-MX" + Locale string `protobuf:"bytes,1,opt,name=locale" json:"locale,omitempty"` + // The localized error message in the above locale. + Message string `protobuf:"bytes,2,opt,name=message" json:"message,omitempty"` +} + +func (m *LocalizedMessage) Reset() { *m = LocalizedMessage{} } +func (m *LocalizedMessage) String() string { return proto.CompactTextString(m) } +func (*LocalizedMessage) ProtoMessage() {} +func (*LocalizedMessage) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{8} } + +func (m *LocalizedMessage) GetLocale() string { + if m != nil { + return m.Locale + } + return "" +} + +func (m *LocalizedMessage) GetMessage() string { + if m != nil { + return m.Message + } + return "" +} + +func init() { + proto.RegisterType((*RetryInfo)(nil), "google.rpc.RetryInfo") + proto.RegisterType((*DebugInfo)(nil), "google.rpc.DebugInfo") + proto.RegisterType((*QuotaFailure)(nil), "google.rpc.QuotaFailure") + proto.RegisterType((*QuotaFailure_Violation)(nil), "google.rpc.QuotaFailure.Violation") + proto.RegisterType((*PreconditionFailure)(nil), "google.rpc.PreconditionFailure") + proto.RegisterType((*PreconditionFailure_Violation)(nil), "google.rpc.PreconditionFailure.Violation") + proto.RegisterType((*BadRequest)(nil), "google.rpc.BadRequest") + proto.RegisterType((*BadRequest_FieldViolation)(nil), "google.rpc.BadRequest.FieldViolation") + proto.RegisterType((*RequestInfo)(nil), "google.rpc.RequestInfo") + proto.RegisterType((*ResourceInfo)(nil), "google.rpc.ResourceInfo") + proto.RegisterType((*Help)(nil), "google.rpc.Help") + proto.RegisterType((*Help_Link)(nil), "google.rpc.Help.Link") + proto.RegisterType((*LocalizedMessage)(nil), "google.rpc.LocalizedMessage") +} + +func init() { proto.RegisterFile("google/rpc/error_details.proto", fileDescriptor0) } + +var fileDescriptor0 = []byte{ + // 595 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x54, 0xcd, 0x6e, 0xd3, 0x4c, + 0x14, 0x95, 0x9b, 0xb4, 0x9f, 0x7c, 0x93, 0xaf, 0x14, 0xf3, 0xa3, 0x10, 0x09, 0x14, 0x8c, 0x90, + 0x8a, 0x90, 0x1c, 0xa9, 0xec, 0xca, 0x02, 0x29, 0xb8, 0x7f, 0x52, 0x81, 0x60, 0x21, 0x16, 0xb0, + 0xb0, 0x26, 0xf6, 0x8d, 0x35, 0x74, 0xe2, 0x31, 0x33, 0xe3, 0xa2, 0xf0, 0x14, 0xec, 0xd9, 0xb1, + 0xe2, 0x25, 0x78, 0x37, 0x34, 0x9e, 0x99, 0xc6, 0x6d, 0x0a, 0x62, 0x37, 0xe7, 0xcc, 0x99, 0xe3, + 0x73, 0xaf, 0xae, 0x2f, 0x3c, 0x28, 0x38, 0x2f, 0x18, 0x8e, 0x45, 0x95, 0x8d, 0x51, 0x08, 0x2e, + 0xd2, 0x1c, 0x15, 0xa1, 0x4c, 0x46, 0x95, 0xe0, 0x8a, 0x07, 0x60, 0xee, 0x23, 0x51, 0x65, 0x43, + 0xa7, 0x6d, 0x6e, 0x66, 0xf5, 0x7c, 0x9c, 0xd7, 0x82, 0x28, 0xca, 0x4b, 0xa3, 0x0d, 0x8f, 0xc0, + 0x4f, 0x50, 0x89, 0xe5, 0x49, 0x39, 0xe7, 0xc1, 0x3e, 0xf4, 0x84, 0x06, 0x69, 0x8e, 0x8c, 0x2c, + 0x07, 0xde, 0xc8, 0xdb, 0xed, 0xed, 0xdd, 0x8b, 0xac, 0x9d, 0xb3, 0x88, 0x62, 0x6b, 0x91, 0x40, + 0xa3, 0x8e, 0xb5, 0x38, 0x3c, 0x06, 0x3f, 0xc6, 0x59, 0x5d, 0x34, 0x46, 0x8f, 0xe0, 0x7f, 0xa9, + 0x48, 0x76, 0x96, 0x62, 0xa9, 0x04, 0x45, 0x39, 0xf0, 0x46, 0x9d, 0x5d, 0x3f, 0xe9, 0x37, 0xe4, + 0x81, 0xe1, 0x82, 0xbb, 0xb0, 0x65, 0x72, 0x0f, 0x36, 0x46, 0xde, 0xae, 0x9f, 0x58, 0x14, 0x7e, + 0xf7, 0xa0, 0xff, 0xb6, 0xe6, 0x8a, 0x1c, 0x12, 0xca, 0x6a, 0x81, 0xc1, 0x04, 0xe0, 0x9c, 0x72, + 0xd6, 0x7c, 0xd3, 0x58, 0xf5, 0xf6, 0xc2, 0x68, 0x55, 0x64, 0xd4, 0x56, 0x47, 0xef, 0x9d, 0x34, + 0x69, 0xbd, 0x1a, 0x1e, 0x81, 0x7f, 0x71, 0x11, 0x0c, 0xe0, 0x3f, 0x59, 0xcf, 0x3e, 0x61, 0xa6, + 0x9a, 0x1a, 0xfd, 0xc4, 0xc1, 0x60, 0x04, 0xbd, 0x1c, 0x65, 0x26, 0x68, 0xa5, 0x85, 0x36, 0x58, + 0x9b, 0x0a, 0x7f, 0x79, 0x70, 0x6b, 0x2a, 0x30, 0xe3, 0x65, 0x4e, 0x35, 0xe1, 0x42, 0x9e, 0x5c, + 0x13, 0xf2, 0x49, 0x3b, 0xe4, 0x35, 0x8f, 0xfe, 0x90, 0xf5, 0x63, 0x3b, 0x6b, 0x00, 0x5d, 0xb5, + 0xac, 0xd0, 0x06, 0x6d, 0xce, 0xed, 0xfc, 0x1b, 0x7f, 0xcd, 0xdf, 0x59, 0xcf, 0xff, 0xd3, 0x03, + 0x98, 0x90, 0x3c, 0xc1, 0xcf, 0x35, 0x4a, 0x15, 0x4c, 0x61, 0x67, 0x4e, 0x91, 0xe5, 0xe9, 0x5a, + 0xf8, 0xc7, 0xed, 0xf0, 0xab, 0x17, 0xd1, 0xa1, 0x96, 0xaf, 0x82, 0xdf, 0x98, 0x5f, 0xc2, 0x72, + 0x78, 0x0c, 0xdb, 0x97, 0x25, 0xc1, 0x6d, 0xd8, 0x6c, 0x44, 0xb6, 0x06, 0x03, 0xfe, 0xa1, 0xd5, + 0x6f, 0xa0, 0x67, 0x3f, 0xda, 0x0c, 0xd5, 0x7d, 0x00, 0x61, 0x60, 0x4a, 0x9d, 0x97, 0x6f, 0x99, + 0x93, 0x3c, 0x78, 0x08, 0x7d, 0x89, 0xe2, 0x9c, 0x96, 0x45, 0x9a, 0x13, 0x45, 0x9c, 0xa1, 0xe5, + 0x62, 0xa2, 0x48, 0xf8, 0xcd, 0x83, 0x7e, 0x82, 0x92, 0xd7, 0x22, 0x43, 0x37, 0xa7, 0xc2, 0xe2, + 0xb4, 0xd5, 0xe5, 0xbe, 0x23, 0xdf, 0xe9, 0x6e, 0xb7, 0x45, 0x25, 0x59, 0xa0, 0x75, 0xbe, 0x10, + 0xbd, 0x26, 0x0b, 0xd4, 0x35, 0xf2, 0x2f, 0x25, 0x0a, 0xdb, 0x72, 0x03, 0xae, 0xd6, 0xd8, 0x5d, + 0xaf, 0x91, 0x43, 0xf7, 0x18, 0x59, 0x15, 0x3c, 0x85, 0x4d, 0x46, 0xcb, 0x33, 0xd7, 0xfc, 0x3b, + 0xed, 0xe6, 0x6b, 0x41, 0x74, 0x4a, 0xcb, 0xb3, 0xc4, 0x68, 0x86, 0xfb, 0xd0, 0xd5, 0xf0, 0xaa, + 0xbd, 0xb7, 0x66, 0x1f, 0xec, 0x40, 0xa7, 0x16, 0xee, 0x07, 0xd3, 0xc7, 0x30, 0x86, 0x9d, 0x53, + 0x9e, 0x11, 0x46, 0xbf, 0x62, 0xfe, 0x0a, 0xa5, 0x24, 0x05, 0xea, 0x3f, 0x91, 0x69, 0xce, 0xd5, + 0x6f, 0x91, 0x9e, 0xb3, 0x85, 0x91, 0xb8, 0x39, 0xb3, 0x70, 0xc2, 0x60, 0x3b, 0xe3, 0x8b, 0x56, + 0xc8, 0xc9, 0xcd, 0x03, 0xbd, 0x89, 0x62, 0xb3, 0x88, 0xa6, 0x7a, 0x55, 0x4c, 0xbd, 0x0f, 0x2f, + 0xac, 0xa0, 0xe0, 0x8c, 0x94, 0x45, 0xc4, 0x45, 0x31, 0x2e, 0xb0, 0x6c, 0x16, 0xc9, 0xd8, 0x5c, + 0x91, 0x8a, 0x4a, 0xb7, 0xc8, 0xec, 0x16, 0x7b, 0xbe, 0x3a, 0xfe, 0xd8, 0xe8, 0x24, 0xd3, 0x97, + 0xb3, 0xad, 0xe6, 0xc5, 0xb3, 0xdf, 0x01, 0x00, 0x00, 0xff, 0xff, 0x90, 0x15, 0x46, 0x2d, 0xf9, + 0x04, 0x00, 0x00, +} diff --git a/vendor/google.golang.org/genproto/googleapis/spanner/v1/keys.pb.go b/vendor/google.golang.org/genproto/googleapis/spanner/v1/keys.pb.go new file mode 100644 index 000000000000..b865854690ff --- /dev/null +++ b/vendor/google.golang.org/genproto/googleapis/spanner/v1/keys.pb.go @@ -0,0 +1,441 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// source: google/spanner/v1/keys.proto + +/* +Package spanner is a generated protocol buffer package. + +It is generated from these files: + google/spanner/v1/keys.proto + google/spanner/v1/mutation.proto + google/spanner/v1/query_plan.proto + google/spanner/v1/result_set.proto + google/spanner/v1/spanner.proto + google/spanner/v1/transaction.proto + google/spanner/v1/type.proto + +It has these top-level messages: + KeyRange + KeySet + Mutation + PlanNode + QueryPlan + ResultSet + PartialResultSet + ResultSetMetadata + ResultSetStats + CreateSessionRequest + Session + GetSessionRequest + ListSessionsRequest + ListSessionsResponse + DeleteSessionRequest + ExecuteSqlRequest + ReadRequest + BeginTransactionRequest + CommitRequest + CommitResponse + RollbackRequest + TransactionOptions + Transaction + TransactionSelector + Type + StructType +*/ +package spanner + +import proto "github.com/golang/protobuf/proto" +import fmt "fmt" +import math "math" +import _ "google.golang.org/genproto/googleapis/api/annotations" +import google_protobuf1 "github.com/golang/protobuf/ptypes/struct" + +// Reference imports to suppress errors if they are not otherwise used. +var _ = proto.Marshal +var _ = fmt.Errorf +var _ = math.Inf + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the proto package it is being compiled against. +// A compilation error at this line likely means your copy of the +// proto package needs to be updated. +const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package + +// KeyRange represents a range of rows in a table or index. +// +// A range has a start key and an end key. These keys can be open or +// closed, indicating if the range includes rows with that key. +// +// Keys are represented by lists, where the ith value in the list +// corresponds to the ith component of the table or index primary key. +// Individual values are encoded as described [here][google.spanner.v1.TypeCode]. +// +// For example, consider the following table definition: +// +// CREATE TABLE UserEvents ( +// UserName STRING(MAX), +// EventDate STRING(10) +// ) PRIMARY KEY(UserName, EventDate); +// +// The following keys name rows in this table: +// +// ["Bob", "2014-09-23"] +// ["Alfred", "2015-06-12"] +// +// Since the `UserEvents` table's `PRIMARY KEY` clause names two +// columns, each `UserEvents` key has two elements; the first is the +// `UserName`, and the second is the `EventDate`. +// +// Key ranges with multiple components are interpreted +// lexicographically by component using the table or index key's declared +// sort order. For example, the following range returns all events for +// user `"Bob"` that occurred in the year 2015: +// +// "start_closed": ["Bob", "2015-01-01"] +// "end_closed": ["Bob", "2015-12-31"] +// +// Start and end keys can omit trailing key components. This affects the +// inclusion and exclusion of rows that exactly match the provided key +// components: if the key is closed, then rows that exactly match the +// provided components are included; if the key is open, then rows +// that exactly match are not included. +// +// For example, the following range includes all events for `"Bob"` that +// occurred during and after the year 2000: +// +// "start_closed": ["Bob", "2000-01-01"] +// "end_closed": ["Bob"] +// +// The next example retrieves all events for `"Bob"`: +// +// "start_closed": ["Bob"] +// "end_closed": ["Bob"] +// +// To retrieve events before the year 2000: +// +// "start_closed": ["Bob"] +// "end_open": ["Bob", "2000-01-01"] +// +// The following range includes all rows in the table: +// +// "start_closed": [] +// "end_closed": [] +// +// This range returns all users whose `UserName` begins with any +// character from A to C: +// +// "start_closed": ["A"] +// "end_open": ["D"] +// +// This range returns all users whose `UserName` begins with B: +// +// "start_closed": ["B"] +// "end_open": ["C"] +// +// Key ranges honor column sort order. For example, suppose a table is +// defined as follows: +// +// CREATE TABLE DescendingSortedTable { +// Key INT64, +// ... +// ) PRIMARY KEY(Key DESC); +// +// The following range retrieves all rows with key values between 1 +// and 100 inclusive: +// +// "start_closed": ["100"] +// "end_closed": ["1"] +// +// Note that 100 is passed as the start, and 1 is passed as the end, +// because `Key` is a descending column in the schema. +type KeyRange struct { + // The start key must be provided. It can be either closed or open. + // + // Types that are valid to be assigned to StartKeyType: + // *KeyRange_StartClosed + // *KeyRange_StartOpen + StartKeyType isKeyRange_StartKeyType `protobuf_oneof:"start_key_type"` + // The end key must be provided. It can be either closed or open. + // + // Types that are valid to be assigned to EndKeyType: + // *KeyRange_EndClosed + // *KeyRange_EndOpen + EndKeyType isKeyRange_EndKeyType `protobuf_oneof:"end_key_type"` +} + +func (m *KeyRange) Reset() { *m = KeyRange{} } +func (m *KeyRange) String() string { return proto.CompactTextString(m) } +func (*KeyRange) ProtoMessage() {} +func (*KeyRange) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{0} } + +type isKeyRange_StartKeyType interface { + isKeyRange_StartKeyType() +} +type isKeyRange_EndKeyType interface { + isKeyRange_EndKeyType() +} + +type KeyRange_StartClosed struct { + StartClosed *google_protobuf1.ListValue `protobuf:"bytes,1,opt,name=start_closed,json=startClosed,oneof"` +} +type KeyRange_StartOpen struct { + StartOpen *google_protobuf1.ListValue `protobuf:"bytes,2,opt,name=start_open,json=startOpen,oneof"` +} +type KeyRange_EndClosed struct { + EndClosed *google_protobuf1.ListValue `protobuf:"bytes,3,opt,name=end_closed,json=endClosed,oneof"` +} +type KeyRange_EndOpen struct { + EndOpen *google_protobuf1.ListValue `protobuf:"bytes,4,opt,name=end_open,json=endOpen,oneof"` +} + +func (*KeyRange_StartClosed) isKeyRange_StartKeyType() {} +func (*KeyRange_StartOpen) isKeyRange_StartKeyType() {} +func (*KeyRange_EndClosed) isKeyRange_EndKeyType() {} +func (*KeyRange_EndOpen) isKeyRange_EndKeyType() {} + +func (m *KeyRange) GetStartKeyType() isKeyRange_StartKeyType { + if m != nil { + return m.StartKeyType + } + return nil +} +func (m *KeyRange) GetEndKeyType() isKeyRange_EndKeyType { + if m != nil { + return m.EndKeyType + } + return nil +} + +func (m *KeyRange) GetStartClosed() *google_protobuf1.ListValue { + if x, ok := m.GetStartKeyType().(*KeyRange_StartClosed); ok { + return x.StartClosed + } + return nil +} + +func (m *KeyRange) GetStartOpen() *google_protobuf1.ListValue { + if x, ok := m.GetStartKeyType().(*KeyRange_StartOpen); ok { + return x.StartOpen + } + return nil +} + +func (m *KeyRange) GetEndClosed() *google_protobuf1.ListValue { + if x, ok := m.GetEndKeyType().(*KeyRange_EndClosed); ok { + return x.EndClosed + } + return nil +} + +func (m *KeyRange) GetEndOpen() *google_protobuf1.ListValue { + if x, ok := m.GetEndKeyType().(*KeyRange_EndOpen); ok { + return x.EndOpen + } + return nil +} + +// XXX_OneofFuncs is for the internal use of the proto package. +func (*KeyRange) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{}) { + return _KeyRange_OneofMarshaler, _KeyRange_OneofUnmarshaler, _KeyRange_OneofSizer, []interface{}{ + (*KeyRange_StartClosed)(nil), + (*KeyRange_StartOpen)(nil), + (*KeyRange_EndClosed)(nil), + (*KeyRange_EndOpen)(nil), + } +} + +func _KeyRange_OneofMarshaler(msg proto.Message, b *proto.Buffer) error { + m := msg.(*KeyRange) + // start_key_type + switch x := m.StartKeyType.(type) { + case *KeyRange_StartClosed: + b.EncodeVarint(1<<3 | proto.WireBytes) + if err := b.EncodeMessage(x.StartClosed); err != nil { + return err + } + case *KeyRange_StartOpen: + b.EncodeVarint(2<<3 | proto.WireBytes) + if err := b.EncodeMessage(x.StartOpen); err != nil { + return err + } + case nil: + default: + return fmt.Errorf("KeyRange.StartKeyType has unexpected type %T", x) + } + // end_key_type + switch x := m.EndKeyType.(type) { + case *KeyRange_EndClosed: + b.EncodeVarint(3<<3 | proto.WireBytes) + if err := b.EncodeMessage(x.EndClosed); err != nil { + return err + } + case *KeyRange_EndOpen: + b.EncodeVarint(4<<3 | proto.WireBytes) + if err := b.EncodeMessage(x.EndOpen); err != nil { + return err + } + case nil: + default: + return fmt.Errorf("KeyRange.EndKeyType has unexpected type %T", x) + } + return nil +} + +func _KeyRange_OneofUnmarshaler(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error) { + m := msg.(*KeyRange) + switch tag { + case 1: // start_key_type.start_closed + if wire != proto.WireBytes { + return true, proto.ErrInternalBadWireType + } + msg := new(google_protobuf1.ListValue) + err := b.DecodeMessage(msg) + m.StartKeyType = &KeyRange_StartClosed{msg} + return true, err + case 2: // start_key_type.start_open + if wire != proto.WireBytes { + return true, proto.ErrInternalBadWireType + } + msg := new(google_protobuf1.ListValue) + err := b.DecodeMessage(msg) + m.StartKeyType = &KeyRange_StartOpen{msg} + return true, err + case 3: // end_key_type.end_closed + if wire != proto.WireBytes { + return true, proto.ErrInternalBadWireType + } + msg := new(google_protobuf1.ListValue) + err := b.DecodeMessage(msg) + m.EndKeyType = &KeyRange_EndClosed{msg} + return true, err + case 4: // end_key_type.end_open + if wire != proto.WireBytes { + return true, proto.ErrInternalBadWireType + } + msg := new(google_protobuf1.ListValue) + err := b.DecodeMessage(msg) + m.EndKeyType = &KeyRange_EndOpen{msg} + return true, err + default: + return false, nil + } +} + +func _KeyRange_OneofSizer(msg proto.Message) (n int) { + m := msg.(*KeyRange) + // start_key_type + switch x := m.StartKeyType.(type) { + case *KeyRange_StartClosed: + s := proto.Size(x.StartClosed) + n += proto.SizeVarint(1<<3 | proto.WireBytes) + n += proto.SizeVarint(uint64(s)) + n += s + case *KeyRange_StartOpen: + s := proto.Size(x.StartOpen) + n += proto.SizeVarint(2<<3 | proto.WireBytes) + n += proto.SizeVarint(uint64(s)) + n += s + case nil: + default: + panic(fmt.Sprintf("proto: unexpected type %T in oneof", x)) + } + // end_key_type + switch x := m.EndKeyType.(type) { + case *KeyRange_EndClosed: + s := proto.Size(x.EndClosed) + n += proto.SizeVarint(3<<3 | proto.WireBytes) + n += proto.SizeVarint(uint64(s)) + n += s + case *KeyRange_EndOpen: + s := proto.Size(x.EndOpen) + n += proto.SizeVarint(4<<3 | proto.WireBytes) + n += proto.SizeVarint(uint64(s)) + n += s + case nil: + default: + panic(fmt.Sprintf("proto: unexpected type %T in oneof", x)) + } + return n +} + +// `KeySet` defines a collection of Cloud Spanner keys and/or key ranges. All +// the keys are expected to be in the same table or index. The keys need +// not be sorted in any particular way. +// +// If the same key is specified multiple times in the set (for example +// if two ranges, two keys, or a key and a range overlap), Cloud Spanner +// behaves as if the key were only specified once. +type KeySet struct { + // A list of specific keys. Entries in `keys` should have exactly as + // many elements as there are columns in the primary or index key + // with which this `KeySet` is used. Individual key values are + // encoded as described [here][google.spanner.v1.TypeCode]. + Keys []*google_protobuf1.ListValue `protobuf:"bytes,1,rep,name=keys" json:"keys,omitempty"` + // A list of key ranges. See [KeyRange][google.spanner.v1.KeyRange] for more information about + // key range specifications. + Ranges []*KeyRange `protobuf:"bytes,2,rep,name=ranges" json:"ranges,omitempty"` + // For convenience `all` can be set to `true` to indicate that this + // `KeySet` matches all keys in the table or index. Note that any keys + // specified in `keys` or `ranges` are only yielded once. + All bool `protobuf:"varint,3,opt,name=all" json:"all,omitempty"` +} + +func (m *KeySet) Reset() { *m = KeySet{} } +func (m *KeySet) String() string { return proto.CompactTextString(m) } +func (*KeySet) ProtoMessage() {} +func (*KeySet) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{1} } + +func (m *KeySet) GetKeys() []*google_protobuf1.ListValue { + if m != nil { + return m.Keys + } + return nil +} + +func (m *KeySet) GetRanges() []*KeyRange { + if m != nil { + return m.Ranges + } + return nil +} + +func (m *KeySet) GetAll() bool { + if m != nil { + return m.All + } + return false +} + +func init() { + proto.RegisterType((*KeyRange)(nil), "google.spanner.v1.KeyRange") + proto.RegisterType((*KeySet)(nil), "google.spanner.v1.KeySet") +} + +func init() { proto.RegisterFile("google/spanner/v1/keys.proto", fileDescriptor0) } + +var fileDescriptor0 = []byte{ + // 371 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x92, 0xc1, 0x6b, 0xea, 0x30, + 0x1c, 0xc7, 0x5f, 0xab, 0xf8, 0x34, 0x8a, 0xf8, 0x0a, 0x8f, 0x57, 0x7c, 0x3b, 0x88, 0xa7, 0x9d, + 0x52, 0x3a, 0x0f, 0x1b, 0x78, 0x18, 0xd4, 0xc3, 0x06, 0x0e, 0x26, 0x15, 0x3c, 0x0c, 0x41, 0xa2, + 0xfd, 0xad, 0x14, 0xb3, 0x24, 0x34, 0xa9, 0xd0, 0xd3, 0xfe, 0x87, 0xfd, 0x05, 0x3b, 0xef, 0x4f, + 0xd9, 0x5f, 0x35, 0x92, 0xa6, 0x63, 0x20, 0x6c, 0xde, 0x12, 0x3e, 0xbf, 0xcf, 0xf7, 0x9b, 0x26, + 0x45, 0x67, 0x29, 0xe7, 0x29, 0x85, 0x40, 0x0a, 0xc2, 0x18, 0xe4, 0xc1, 0x21, 0x0c, 0xf6, 0x50, + 0x4a, 0x2c, 0x72, 0xae, 0xb8, 0xf7, 0xa7, 0xa2, 0xd8, 0x52, 0x7c, 0x08, 0x87, 0xb5, 0x40, 0x44, + 0x16, 0x10, 0xc6, 0xb8, 0x22, 0x2a, 0xe3, 0xcc, 0x0a, 0x9f, 0xd4, 0xec, 0xb6, 0xc5, 0x63, 0x20, + 0x55, 0x5e, 0xec, 0x54, 0x45, 0xc7, 0xaf, 0x2e, 0x6a, 0xcf, 0xa1, 0x8c, 0x09, 0x4b, 0xc1, 0xbb, + 0x46, 0x3d, 0xa9, 0x48, 0xae, 0x36, 0x3b, 0xca, 0x25, 0x24, 0xbe, 0x33, 0x72, 0xce, 0xbb, 0x17, + 0x43, 0x6c, 0x2b, 0xeb, 0x04, 0x7c, 0x97, 0x49, 0xb5, 0x22, 0xb4, 0x80, 0xdb, 0x5f, 0x71, 0xd7, + 0x18, 0x33, 0x23, 0x78, 0x53, 0x84, 0xaa, 0x00, 0x2e, 0x80, 0xf9, 0xee, 0x09, 0x7a, 0xc7, 0xcc, + 0xdf, 0x0b, 0x60, 0x5a, 0x06, 0x96, 0xd4, 0xdd, 0x8d, 0x1f, 0x65, 0x27, 0xee, 0x00, 0x4b, 0x6c, + 0xf3, 0x25, 0x6a, 0x6b, 0xd9, 0xf4, 0x36, 0x4f, 0x50, 0x7f, 0x03, 0x4b, 0x74, 0x6b, 0x34, 0x40, + 0xfd, 0xea, 0xc8, 0x7b, 0x28, 0x37, 0xaa, 0x14, 0x10, 0xf5, 0x51, 0x4f, 0x47, 0xd5, 0xfb, 0xf1, + 0x33, 0x6a, 0xcd, 0xa1, 0x5c, 0x82, 0xf2, 0x30, 0x6a, 0xea, 0x97, 0xf0, 0x9d, 0x51, 0xe3, 0xfb, + 0x82, 0xd8, 0xcc, 0x79, 0x13, 0xd4, 0xca, 0xf5, 0xc5, 0x4a, 0xdf, 0x35, 0xc6, 0x7f, 0x7c, 0xf4, + 0x78, 0xb8, 0xbe, 0xfc, 0xd8, 0x8e, 0x7a, 0x03, 0xd4, 0x20, 0x94, 0x9a, 0xef, 0x6f, 0xc7, 0x7a, + 0x19, 0xbd, 0x38, 0xe8, 0xef, 0x8e, 0x3f, 0x1d, 0xcb, 0x51, 0x67, 0x0e, 0xa5, 0x5c, 0xe8, 0xfa, + 0x85, 0xf3, 0x70, 0x65, 0x79, 0xca, 0x29, 0x61, 0x29, 0xe6, 0x79, 0x1a, 0xa4, 0xc0, 0xcc, 0xe1, + 0x82, 0x0a, 0x11, 0x91, 0xc9, 0x2f, 0xbf, 0xd5, 0xd4, 0x2e, 0xdf, 0xdc, 0x7f, 0x37, 0x95, 0x3a, + 0xa3, 0xbc, 0x48, 0xf0, 0xd2, 0x16, 0xac, 0xc2, 0xf7, 0x9a, 0xac, 0x0d, 0x59, 0x5b, 0xb2, 0x5e, + 0x85, 0xdb, 0x96, 0x09, 0x9e, 0x7c, 0x04, 0x00, 0x00, 0xff, 0xff, 0x27, 0x88, 0xea, 0x11, 0xae, + 0x02, 0x00, 0x00, +} diff --git a/vendor/google.golang.org/genproto/googleapis/spanner/v1/mutation.pb.go b/vendor/google.golang.org/genproto/googleapis/spanner/v1/mutation.pb.go new file mode 100644 index 000000000000..8abef20cd60e --- /dev/null +++ b/vendor/google.golang.org/genproto/googleapis/spanner/v1/mutation.pb.go @@ -0,0 +1,347 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// source: google/spanner/v1/mutation.proto + +package spanner + +import proto "github.com/golang/protobuf/proto" +import fmt "fmt" +import math "math" +import _ "google.golang.org/genproto/googleapis/api/annotations" +import google_protobuf1 "github.com/golang/protobuf/ptypes/struct" + +// Reference imports to suppress errors if they are not otherwise used. +var _ = proto.Marshal +var _ = fmt.Errorf +var _ = math.Inf + +// A modification to one or more Cloud Spanner rows. Mutations can be +// applied to a Cloud Spanner database by sending them in a +// [Commit][google.spanner.v1.Spanner.Commit] call. +type Mutation struct { + // Required. The operation to perform. + // + // Types that are valid to be assigned to Operation: + // *Mutation_Insert + // *Mutation_Update + // *Mutation_InsertOrUpdate + // *Mutation_Replace + // *Mutation_Delete_ + Operation isMutation_Operation `protobuf_oneof:"operation"` +} + +func (m *Mutation) Reset() { *m = Mutation{} } +func (m *Mutation) String() string { return proto.CompactTextString(m) } +func (*Mutation) ProtoMessage() {} +func (*Mutation) Descriptor() ([]byte, []int) { return fileDescriptor1, []int{0} } + +type isMutation_Operation interface { + isMutation_Operation() +} + +type Mutation_Insert struct { + Insert *Mutation_Write `protobuf:"bytes,1,opt,name=insert,oneof"` +} +type Mutation_Update struct { + Update *Mutation_Write `protobuf:"bytes,2,opt,name=update,oneof"` +} +type Mutation_InsertOrUpdate struct { + InsertOrUpdate *Mutation_Write `protobuf:"bytes,3,opt,name=insert_or_update,json=insertOrUpdate,oneof"` +} +type Mutation_Replace struct { + Replace *Mutation_Write `protobuf:"bytes,4,opt,name=replace,oneof"` +} +type Mutation_Delete_ struct { + Delete *Mutation_Delete `protobuf:"bytes,5,opt,name=delete,oneof"` +} + +func (*Mutation_Insert) isMutation_Operation() {} +func (*Mutation_Update) isMutation_Operation() {} +func (*Mutation_InsertOrUpdate) isMutation_Operation() {} +func (*Mutation_Replace) isMutation_Operation() {} +func (*Mutation_Delete_) isMutation_Operation() {} + +func (m *Mutation) GetOperation() isMutation_Operation { + if m != nil { + return m.Operation + } + return nil +} + +func (m *Mutation) GetInsert() *Mutation_Write { + if x, ok := m.GetOperation().(*Mutation_Insert); ok { + return x.Insert + } + return nil +} + +func (m *Mutation) GetUpdate() *Mutation_Write { + if x, ok := m.GetOperation().(*Mutation_Update); ok { + return x.Update + } + return nil +} + +func (m *Mutation) GetInsertOrUpdate() *Mutation_Write { + if x, ok := m.GetOperation().(*Mutation_InsertOrUpdate); ok { + return x.InsertOrUpdate + } + return nil +} + +func (m *Mutation) GetReplace() *Mutation_Write { + if x, ok := m.GetOperation().(*Mutation_Replace); ok { + return x.Replace + } + return nil +} + +func (m *Mutation) GetDelete() *Mutation_Delete { + if x, ok := m.GetOperation().(*Mutation_Delete_); ok { + return x.Delete + } + return nil +} + +// XXX_OneofFuncs is for the internal use of the proto package. +func (*Mutation) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{}) { + return _Mutation_OneofMarshaler, _Mutation_OneofUnmarshaler, _Mutation_OneofSizer, []interface{}{ + (*Mutation_Insert)(nil), + (*Mutation_Update)(nil), + (*Mutation_InsertOrUpdate)(nil), + (*Mutation_Replace)(nil), + (*Mutation_Delete_)(nil), + } +} + +func _Mutation_OneofMarshaler(msg proto.Message, b *proto.Buffer) error { + m := msg.(*Mutation) + // operation + switch x := m.Operation.(type) { + case *Mutation_Insert: + b.EncodeVarint(1<<3 | proto.WireBytes) + if err := b.EncodeMessage(x.Insert); err != nil { + return err + } + case *Mutation_Update: + b.EncodeVarint(2<<3 | proto.WireBytes) + if err := b.EncodeMessage(x.Update); err != nil { + return err + } + case *Mutation_InsertOrUpdate: + b.EncodeVarint(3<<3 | proto.WireBytes) + if err := b.EncodeMessage(x.InsertOrUpdate); err != nil { + return err + } + case *Mutation_Replace: + b.EncodeVarint(4<<3 | proto.WireBytes) + if err := b.EncodeMessage(x.Replace); err != nil { + return err + } + case *Mutation_Delete_: + b.EncodeVarint(5<<3 | proto.WireBytes) + if err := b.EncodeMessage(x.Delete); err != nil { + return err + } + case nil: + default: + return fmt.Errorf("Mutation.Operation has unexpected type %T", x) + } + return nil +} + +func _Mutation_OneofUnmarshaler(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error) { + m := msg.(*Mutation) + switch tag { + case 1: // operation.insert + if wire != proto.WireBytes { + return true, proto.ErrInternalBadWireType + } + msg := new(Mutation_Write) + err := b.DecodeMessage(msg) + m.Operation = &Mutation_Insert{msg} + return true, err + case 2: // operation.update + if wire != proto.WireBytes { + return true, proto.ErrInternalBadWireType + } + msg := new(Mutation_Write) + err := b.DecodeMessage(msg) + m.Operation = &Mutation_Update{msg} + return true, err + case 3: // operation.insert_or_update + if wire != proto.WireBytes { + return true, proto.ErrInternalBadWireType + } + msg := new(Mutation_Write) + err := b.DecodeMessage(msg) + m.Operation = &Mutation_InsertOrUpdate{msg} + return true, err + case 4: // operation.replace + if wire != proto.WireBytes { + return true, proto.ErrInternalBadWireType + } + msg := new(Mutation_Write) + err := b.DecodeMessage(msg) + m.Operation = &Mutation_Replace{msg} + return true, err + case 5: // operation.delete + if wire != proto.WireBytes { + return true, proto.ErrInternalBadWireType + } + msg := new(Mutation_Delete) + err := b.DecodeMessage(msg) + m.Operation = &Mutation_Delete_{msg} + return true, err + default: + return false, nil + } +} + +func _Mutation_OneofSizer(msg proto.Message) (n int) { + m := msg.(*Mutation) + // operation + switch x := m.Operation.(type) { + case *Mutation_Insert: + s := proto.Size(x.Insert) + n += proto.SizeVarint(1<<3 | proto.WireBytes) + n += proto.SizeVarint(uint64(s)) + n += s + case *Mutation_Update: + s := proto.Size(x.Update) + n += proto.SizeVarint(2<<3 | proto.WireBytes) + n += proto.SizeVarint(uint64(s)) + n += s + case *Mutation_InsertOrUpdate: + s := proto.Size(x.InsertOrUpdate) + n += proto.SizeVarint(3<<3 | proto.WireBytes) + n += proto.SizeVarint(uint64(s)) + n += s + case *Mutation_Replace: + s := proto.Size(x.Replace) + n += proto.SizeVarint(4<<3 | proto.WireBytes) + n += proto.SizeVarint(uint64(s)) + n += s + case *Mutation_Delete_: + s := proto.Size(x.Delete) + n += proto.SizeVarint(5<<3 | proto.WireBytes) + n += proto.SizeVarint(uint64(s)) + n += s + case nil: + default: + panic(fmt.Sprintf("proto: unexpected type %T in oneof", x)) + } + return n +} + +// Arguments to [insert][google.spanner.v1.Mutation.insert], [update][google.spanner.v1.Mutation.update], [insert_or_update][google.spanner.v1.Mutation.insert_or_update], and +// [replace][google.spanner.v1.Mutation.replace] operations. +type Mutation_Write struct { + // Required. The table whose rows will be written. + Table string `protobuf:"bytes,1,opt,name=table" json:"table,omitempty"` + // The names of the columns in [table][google.spanner.v1.Mutation.Write.table] to be written. + // + // The list of columns must contain enough columns to allow + // Cloud Spanner to derive values for all primary key columns in the + // row(s) to be modified. + Columns []string `protobuf:"bytes,2,rep,name=columns" json:"columns,omitempty"` + // The values to be written. `values` can contain more than one + // list of values. If it does, then multiple rows are written, one + // for each entry in `values`. Each list in `values` must have + // exactly as many entries as there are entries in [columns][google.spanner.v1.Mutation.Write.columns] + // above. Sending multiple lists is equivalent to sending multiple + // `Mutation`s, each containing one `values` entry and repeating + // [table][google.spanner.v1.Mutation.Write.table] and [columns][google.spanner.v1.Mutation.Write.columns]. Individual values in each list are + // encoded as described [here][google.spanner.v1.TypeCode]. + Values []*google_protobuf1.ListValue `protobuf:"bytes,3,rep,name=values" json:"values,omitempty"` +} + +func (m *Mutation_Write) Reset() { *m = Mutation_Write{} } +func (m *Mutation_Write) String() string { return proto.CompactTextString(m) } +func (*Mutation_Write) ProtoMessage() {} +func (*Mutation_Write) Descriptor() ([]byte, []int) { return fileDescriptor1, []int{0, 0} } + +func (m *Mutation_Write) GetTable() string { + if m != nil { + return m.Table + } + return "" +} + +func (m *Mutation_Write) GetColumns() []string { + if m != nil { + return m.Columns + } + return nil +} + +func (m *Mutation_Write) GetValues() []*google_protobuf1.ListValue { + if m != nil { + return m.Values + } + return nil +} + +// Arguments to [delete][google.spanner.v1.Mutation.delete] operations. +type Mutation_Delete struct { + // Required. The table whose rows will be deleted. + Table string `protobuf:"bytes,1,opt,name=table" json:"table,omitempty"` + // Required. The primary keys of the rows within [table][google.spanner.v1.Mutation.Delete.table] to delete. + KeySet *KeySet `protobuf:"bytes,2,opt,name=key_set,json=keySet" json:"key_set,omitempty"` +} + +func (m *Mutation_Delete) Reset() { *m = Mutation_Delete{} } +func (m *Mutation_Delete) String() string { return proto.CompactTextString(m) } +func (*Mutation_Delete) ProtoMessage() {} +func (*Mutation_Delete) Descriptor() ([]byte, []int) { return fileDescriptor1, []int{0, 1} } + +func (m *Mutation_Delete) GetTable() string { + if m != nil { + return m.Table + } + return "" +} + +func (m *Mutation_Delete) GetKeySet() *KeySet { + if m != nil { + return m.KeySet + } + return nil +} + +func init() { + proto.RegisterType((*Mutation)(nil), "google.spanner.v1.Mutation") + proto.RegisterType((*Mutation_Write)(nil), "google.spanner.v1.Mutation.Write") + proto.RegisterType((*Mutation_Delete)(nil), "google.spanner.v1.Mutation.Delete") +} + +func init() { proto.RegisterFile("google/spanner/v1/mutation.proto", fileDescriptor1) } + +var fileDescriptor1 = []byte{ + // 413 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x92, 0xd1, 0xea, 0xd3, 0x30, + 0x14, 0xc6, 0xed, 0xba, 0x75, 0x2e, 0x43, 0xd1, 0xa2, 0x58, 0x8b, 0x17, 0x75, 0x57, 0xbb, 0x4a, + 0x69, 0xbd, 0x11, 0xa6, 0x37, 0x53, 0x50, 0xd0, 0xe1, 0xe8, 0x70, 0x82, 0x0c, 0x46, 0xd6, 0x1d, + 0x4b, 0x69, 0x96, 0x94, 0x24, 0x1d, 0xec, 0x45, 0xbc, 0xf4, 0x01, 0x7c, 0x14, 0x9f, 0x4a, 0x9a, + 0xa4, 0x32, 0x9c, 0xfe, 0xd9, 0xff, 0xaa, 0x3d, 0x7c, 0xdf, 0xef, 0x3b, 0xe7, 0x24, 0x41, 0x51, + 0xc1, 0x79, 0x41, 0x21, 0x96, 0x35, 0x61, 0x0c, 0x44, 0x7c, 0x4c, 0xe2, 0x43, 0xa3, 0x88, 0x2a, + 0x39, 0xc3, 0xb5, 0xe0, 0x8a, 0xfb, 0x0f, 0x8d, 0x03, 0x5b, 0x07, 0x3e, 0x26, 0xe1, 0x33, 0x0b, + 0x91, 0xba, 0x8c, 0x09, 0x63, 0xdc, 0xf8, 0xa5, 0x01, 0xfe, 0xa8, 0xba, 0xda, 0x35, 0xdf, 0x62, + 0xa9, 0x44, 0x93, 0xab, 0xbf, 0xd4, 0xb3, 0x86, 0x15, 0x9c, 0x2c, 0x3b, 0xf9, 0xd1, 0x47, 0x77, + 0x17, 0xb6, 0xbf, 0x3f, 0x43, 0x5e, 0xc9, 0x24, 0x08, 0x15, 0x38, 0x91, 0x33, 0x1d, 0xa7, 0xcf, + 0xf1, 0xc5, 0x28, 0xb8, 0x33, 0xe3, 0x2f, 0xa2, 0x54, 0xf0, 0xfe, 0x4e, 0x66, 0x91, 0x16, 0x6e, + 0xea, 0x3d, 0x51, 0x10, 0xf4, 0x6e, 0x01, 0x1b, 0xc4, 0x5f, 0xa0, 0x07, 0x26, 0x66, 0xcb, 0xc5, + 0xd6, 0xc6, 0xb8, 0xd7, 0xc7, 0xdc, 0x37, 0xf0, 0x27, 0xf1, 0xd9, 0xc4, 0xbd, 0x46, 0x43, 0x01, + 0x35, 0x25, 0x39, 0x04, 0xfd, 0xeb, 0x53, 0x3a, 0xc6, 0x7f, 0x85, 0xbc, 0x3d, 0x50, 0x50, 0x10, + 0x0c, 0x34, 0x3d, 0xb9, 0x89, 0x7e, 0xab, 0x9d, 0xed, 0x2e, 0x86, 0x09, 0x2b, 0x34, 0xd0, 0x89, + 0xfe, 0x23, 0x34, 0x50, 0x64, 0x47, 0x41, 0x9f, 0xe6, 0x28, 0x33, 0x85, 0x1f, 0xa0, 0x61, 0xce, + 0x69, 0x73, 0x60, 0x32, 0xe8, 0x45, 0xee, 0x74, 0x94, 0x75, 0xa5, 0x9f, 0x22, 0xef, 0x48, 0x68, + 0x03, 0x32, 0x70, 0x23, 0x77, 0x3a, 0x4e, 0xc3, 0xae, 0x6d, 0x77, 0xb1, 0xf8, 0x63, 0x29, 0xd5, + 0xba, 0xb5, 0x64, 0xd6, 0x19, 0x66, 0xc8, 0x33, 0x03, 0xfc, 0xa7, 0x5b, 0x8a, 0x86, 0x15, 0x9c, + 0xb6, 0x12, 0x94, 0xbd, 0x96, 0xa7, 0xff, 0xd8, 0xe5, 0x03, 0x9c, 0x56, 0xa0, 0x32, 0xaf, 0xd2, + 0xdf, 0xf9, 0x18, 0x8d, 0x78, 0x0d, 0x42, 0xaf, 0x37, 0xff, 0xee, 0xa0, 0xc7, 0x39, 0x3f, 0x5c, + 0x52, 0xf3, 0x7b, 0xdd, 0x11, 0x2c, 0xdb, 0xf1, 0x96, 0xce, 0xd7, 0x97, 0xd6, 0x53, 0x70, 0x4a, + 0x58, 0x81, 0xb9, 0x28, 0xe2, 0x02, 0x98, 0x1e, 0x3e, 0x36, 0x12, 0xa9, 0x4b, 0x79, 0xf6, 0x10, + 0x67, 0xf6, 0xf7, 0x67, 0xef, 0xc9, 0x3b, 0x83, 0xbe, 0xa1, 0xbc, 0xd9, 0xe3, 0x95, 0x6d, 0xb2, + 0x4e, 0x7e, 0x75, 0xca, 0x46, 0x2b, 0x1b, 0xab, 0x6c, 0xd6, 0xc9, 0xce, 0xd3, 0xc1, 0x2f, 0x7e, + 0x07, 0x00, 0x00, 0xff, 0xff, 0x6b, 0x69, 0x1c, 0xbc, 0x51, 0x03, 0x00, 0x00, +} diff --git a/vendor/google.golang.org/genproto/googleapis/spanner/v1/query_plan.pb.go b/vendor/google.golang.org/genproto/googleapis/spanner/v1/query_plan.pb.go new file mode 100644 index 000000000000..b42db0fea237 --- /dev/null +++ b/vendor/google.golang.org/genproto/googleapis/spanner/v1/query_plan.pb.go @@ -0,0 +1,286 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// source: google/spanner/v1/query_plan.proto + +package spanner + +import proto "github.com/golang/protobuf/proto" +import fmt "fmt" +import math "math" +import _ "google.golang.org/genproto/googleapis/api/annotations" +import google_protobuf1 "github.com/golang/protobuf/ptypes/struct" + +// Reference imports to suppress errors if they are not otherwise used. +var _ = proto.Marshal +var _ = fmt.Errorf +var _ = math.Inf + +// The kind of [PlanNode][google.spanner.v1.PlanNode]. Distinguishes between the two different kinds of +// nodes that can appear in a query plan. +type PlanNode_Kind int32 + +const ( + // Not specified. + PlanNode_KIND_UNSPECIFIED PlanNode_Kind = 0 + // Denotes a Relational operator node in the expression tree. Relational + // operators represent iterative processing of rows during query execution. + // For example, a `TableScan` operation that reads rows from a table. + PlanNode_RELATIONAL PlanNode_Kind = 1 + // Denotes a Scalar node in the expression tree. Scalar nodes represent + // non-iterable entities in the query plan. For example, constants or + // arithmetic operators appearing inside predicate expressions or references + // to column names. + PlanNode_SCALAR PlanNode_Kind = 2 +) + +var PlanNode_Kind_name = map[int32]string{ + 0: "KIND_UNSPECIFIED", + 1: "RELATIONAL", + 2: "SCALAR", +} +var PlanNode_Kind_value = map[string]int32{ + "KIND_UNSPECIFIED": 0, + "RELATIONAL": 1, + "SCALAR": 2, +} + +func (x PlanNode_Kind) String() string { + return proto.EnumName(PlanNode_Kind_name, int32(x)) +} +func (PlanNode_Kind) EnumDescriptor() ([]byte, []int) { return fileDescriptor2, []int{0, 0} } + +// Node information for nodes appearing in a [QueryPlan.plan_nodes][google.spanner.v1.QueryPlan.plan_nodes]. +type PlanNode struct { + // The `PlanNode`'s index in [node list][google.spanner.v1.QueryPlan.plan_nodes]. + Index int32 `protobuf:"varint,1,opt,name=index" json:"index,omitempty"` + // Used to determine the type of node. May be needed for visualizing + // different kinds of nodes differently. For example, If the node is a + // [SCALAR][google.spanner.v1.PlanNode.Kind.SCALAR] node, it will have a condensed representation + // which can be used to directly embed a description of the node in its + // parent. + Kind PlanNode_Kind `protobuf:"varint,2,opt,name=kind,enum=google.spanner.v1.PlanNode_Kind" json:"kind,omitempty"` + // The display name for the node. + DisplayName string `protobuf:"bytes,3,opt,name=display_name,json=displayName" json:"display_name,omitempty"` + // List of child node `index`es and their relationship to this parent. + ChildLinks []*PlanNode_ChildLink `protobuf:"bytes,4,rep,name=child_links,json=childLinks" json:"child_links,omitempty"` + // Condensed representation for [SCALAR][google.spanner.v1.PlanNode.Kind.SCALAR] nodes. + ShortRepresentation *PlanNode_ShortRepresentation `protobuf:"bytes,5,opt,name=short_representation,json=shortRepresentation" json:"short_representation,omitempty"` + // Attributes relevant to the node contained in a group of key-value pairs. + // For example, a Parameter Reference node could have the following + // information in its metadata: + // + // { + // "parameter_reference": "param1", + // "parameter_type": "array" + // } + Metadata *google_protobuf1.Struct `protobuf:"bytes,6,opt,name=metadata" json:"metadata,omitempty"` + // The execution statistics associated with the node, contained in a group of + // key-value pairs. Only present if the plan was returned as a result of a + // profile query. For example, number of executions, number of rows/time per + // execution etc. + ExecutionStats *google_protobuf1.Struct `protobuf:"bytes,7,opt,name=execution_stats,json=executionStats" json:"execution_stats,omitempty"` +} + +func (m *PlanNode) Reset() { *m = PlanNode{} } +func (m *PlanNode) String() string { return proto.CompactTextString(m) } +func (*PlanNode) ProtoMessage() {} +func (*PlanNode) Descriptor() ([]byte, []int) { return fileDescriptor2, []int{0} } + +func (m *PlanNode) GetIndex() int32 { + if m != nil { + return m.Index + } + return 0 +} + +func (m *PlanNode) GetKind() PlanNode_Kind { + if m != nil { + return m.Kind + } + return PlanNode_KIND_UNSPECIFIED +} + +func (m *PlanNode) GetDisplayName() string { + if m != nil { + return m.DisplayName + } + return "" +} + +func (m *PlanNode) GetChildLinks() []*PlanNode_ChildLink { + if m != nil { + return m.ChildLinks + } + return nil +} + +func (m *PlanNode) GetShortRepresentation() *PlanNode_ShortRepresentation { + if m != nil { + return m.ShortRepresentation + } + return nil +} + +func (m *PlanNode) GetMetadata() *google_protobuf1.Struct { + if m != nil { + return m.Metadata + } + return nil +} + +func (m *PlanNode) GetExecutionStats() *google_protobuf1.Struct { + if m != nil { + return m.ExecutionStats + } + return nil +} + +// Metadata associated with a parent-child relationship appearing in a +// [PlanNode][google.spanner.v1.PlanNode]. +type PlanNode_ChildLink struct { + // The node to which the link points. + ChildIndex int32 `protobuf:"varint,1,opt,name=child_index,json=childIndex" json:"child_index,omitempty"` + // The type of the link. For example, in Hash Joins this could be used to + // distinguish between the build child and the probe child, or in the case + // of the child being an output variable, to represent the tag associated + // with the output variable. + Type string `protobuf:"bytes,2,opt,name=type" json:"type,omitempty"` + // Only present if the child node is [SCALAR][google.spanner.v1.PlanNode.Kind.SCALAR] and corresponds + // to an output variable of the parent node. The field carries the name of + // the output variable. + // For example, a `TableScan` operator that reads rows from a table will + // have child links to the `SCALAR` nodes representing the output variables + // created for each column that is read by the operator. The corresponding + // `variable` fields will be set to the variable names assigned to the + // columns. + Variable string `protobuf:"bytes,3,opt,name=variable" json:"variable,omitempty"` +} + +func (m *PlanNode_ChildLink) Reset() { *m = PlanNode_ChildLink{} } +func (m *PlanNode_ChildLink) String() string { return proto.CompactTextString(m) } +func (*PlanNode_ChildLink) ProtoMessage() {} +func (*PlanNode_ChildLink) Descriptor() ([]byte, []int) { return fileDescriptor2, []int{0, 0} } + +func (m *PlanNode_ChildLink) GetChildIndex() int32 { + if m != nil { + return m.ChildIndex + } + return 0 +} + +func (m *PlanNode_ChildLink) GetType() string { + if m != nil { + return m.Type + } + return "" +} + +func (m *PlanNode_ChildLink) GetVariable() string { + if m != nil { + return m.Variable + } + return "" +} + +// Condensed representation of a node and its subtree. Only present for +// `SCALAR` [PlanNode(s)][google.spanner.v1.PlanNode]. +type PlanNode_ShortRepresentation struct { + // A string representation of the expression subtree rooted at this node. + Description string `protobuf:"bytes,1,opt,name=description" json:"description,omitempty"` + // A mapping of (subquery variable name) -> (subquery node id) for cases + // where the `description` string of this node references a `SCALAR` + // subquery contained in the expression subtree rooted at this node. The + // referenced `SCALAR` subquery may not necessarily be a direct child of + // this node. + Subqueries map[string]int32 `protobuf:"bytes,2,rep,name=subqueries" json:"subqueries,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"varint,2,opt,name=value"` +} + +func (m *PlanNode_ShortRepresentation) Reset() { *m = PlanNode_ShortRepresentation{} } +func (m *PlanNode_ShortRepresentation) String() string { return proto.CompactTextString(m) } +func (*PlanNode_ShortRepresentation) ProtoMessage() {} +func (*PlanNode_ShortRepresentation) Descriptor() ([]byte, []int) { return fileDescriptor2, []int{0, 1} } + +func (m *PlanNode_ShortRepresentation) GetDescription() string { + if m != nil { + return m.Description + } + return "" +} + +func (m *PlanNode_ShortRepresentation) GetSubqueries() map[string]int32 { + if m != nil { + return m.Subqueries + } + return nil +} + +// Contains an ordered list of nodes appearing in the query plan. +type QueryPlan struct { + // The nodes in the query plan. Plan nodes are returned in pre-order starting + // with the plan root. Each [PlanNode][google.spanner.v1.PlanNode]'s `id` corresponds to its index in + // `plan_nodes`. + PlanNodes []*PlanNode `protobuf:"bytes,1,rep,name=plan_nodes,json=planNodes" json:"plan_nodes,omitempty"` +} + +func (m *QueryPlan) Reset() { *m = QueryPlan{} } +func (m *QueryPlan) String() string { return proto.CompactTextString(m) } +func (*QueryPlan) ProtoMessage() {} +func (*QueryPlan) Descriptor() ([]byte, []int) { return fileDescriptor2, []int{1} } + +func (m *QueryPlan) GetPlanNodes() []*PlanNode { + if m != nil { + return m.PlanNodes + } + return nil +} + +func init() { + proto.RegisterType((*PlanNode)(nil), "google.spanner.v1.PlanNode") + proto.RegisterType((*PlanNode_ChildLink)(nil), "google.spanner.v1.PlanNode.ChildLink") + proto.RegisterType((*PlanNode_ShortRepresentation)(nil), "google.spanner.v1.PlanNode.ShortRepresentation") + proto.RegisterType((*QueryPlan)(nil), "google.spanner.v1.QueryPlan") + proto.RegisterEnum("google.spanner.v1.PlanNode_Kind", PlanNode_Kind_name, PlanNode_Kind_value) +} + +func init() { proto.RegisterFile("google/spanner/v1/query_plan.proto", fileDescriptor2) } + +var fileDescriptor2 = []byte{ + // 604 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x54, 0xdd, 0x6e, 0xd3, 0x4c, + 0x10, 0xfd, 0x9c, 0x26, 0xf9, 0x9a, 0x09, 0x4a, 0xc3, 0xb6, 0xa8, 0x56, 0x40, 0xc2, 0x44, 0x42, + 0xca, 0x95, 0xad, 0xb4, 0x5c, 0x54, 0x45, 0x08, 0xd2, 0x34, 0xad, 0xa2, 0x46, 0x21, 0xac, 0xa1, + 0x17, 0x28, 0x92, 0xb5, 0x89, 0x97, 0x74, 0x15, 0x67, 0xd7, 0x78, 0xed, 0xa8, 0x79, 0x09, 0x6e, + 0x79, 0x07, 0x1e, 0x85, 0x17, 0xe0, 0x75, 0xd0, 0xae, 0x7f, 0x28, 0x14, 0x45, 0xe2, 0x6e, 0x66, + 0xe7, 0xcc, 0xf1, 0xce, 0x39, 0xb3, 0x86, 0xf6, 0x42, 0x88, 0x45, 0x40, 0x1d, 0x19, 0x12, 0xce, + 0x69, 0xe4, 0xac, 0xbb, 0xce, 0xe7, 0x84, 0x46, 0x1b, 0x2f, 0x0c, 0x08, 0xb7, 0xc3, 0x48, 0xc4, + 0x02, 0x3d, 0x4c, 0x31, 0x76, 0x86, 0xb1, 0xd7, 0xdd, 0xd6, 0x93, 0xac, 0x8d, 0x84, 0xcc, 0x21, + 0x9c, 0x8b, 0x98, 0xc4, 0x4c, 0x70, 0x99, 0x36, 0x14, 0x55, 0x9d, 0xcd, 0x92, 0x4f, 0x8e, 0x8c, + 0xa3, 0x64, 0x1e, 0xa7, 0xd5, 0xf6, 0x97, 0x2a, 0xec, 0x4e, 0x02, 0xc2, 0xc7, 0xc2, 0xa7, 0xe8, + 0x00, 0x2a, 0x8c, 0xfb, 0xf4, 0xd6, 0x34, 0x2c, 0xa3, 0x53, 0xc1, 0x69, 0x82, 0x5e, 0x40, 0x79, + 0xc9, 0xb8, 0x6f, 0x96, 0x2c, 0xa3, 0xd3, 0x38, 0xb2, 0xec, 0x7b, 0x17, 0xb0, 0x73, 0x02, 0xfb, + 0x8a, 0x71, 0x1f, 0x6b, 0x34, 0x7a, 0x06, 0x0f, 0x7c, 0x26, 0xc3, 0x80, 0x6c, 0x3c, 0x4e, 0x56, + 0xd4, 0xdc, 0xb1, 0x8c, 0x4e, 0x0d, 0xd7, 0xb3, 0xb3, 0x31, 0x59, 0x51, 0x74, 0x01, 0xf5, 0xf9, + 0x0d, 0x0b, 0x7c, 0x2f, 0x60, 0x7c, 0x29, 0xcd, 0xb2, 0xb5, 0xd3, 0xa9, 0x1f, 0x3d, 0xdf, 0xc6, + 0xdf, 0x57, 0xf0, 0x11, 0xe3, 0x4b, 0x0c, 0xf3, 0x3c, 0x94, 0x68, 0x06, 0x07, 0xf2, 0x46, 0x44, + 0xb1, 0x17, 0xd1, 0x30, 0xa2, 0x92, 0xf2, 0x54, 0x00, 0xb3, 0x62, 0x19, 0x9d, 0xfa, 0x91, 0xb3, + 0x8d, 0xd0, 0x55, 0x7d, 0xf8, 0xb7, 0x36, 0xbc, 0x2f, 0xef, 0x1f, 0xa2, 0x63, 0xd8, 0x5d, 0xd1, + 0x98, 0xf8, 0x24, 0x26, 0x66, 0x55, 0xf3, 0x1e, 0xe6, 0xbc, 0xb9, 0xb0, 0xb6, 0xab, 0x85, 0xc5, + 0x05, 0x10, 0xbd, 0x81, 0x3d, 0x7a, 0x4b, 0xe7, 0x89, 0x62, 0xf0, 0x64, 0x4c, 0x62, 0x69, 0xfe, + 0xbf, 0xbd, 0xb7, 0x51, 0xe0, 0x5d, 0x05, 0x6f, 0x4d, 0xa1, 0x56, 0xcc, 0x8c, 0x9e, 0xe6, 0x7a, + 0xdd, 0x35, 0x29, 0x15, 0x62, 0xa8, 0x9d, 0x42, 0x50, 0x8e, 0x37, 0x21, 0xd5, 0x4e, 0xd5, 0xb0, + 0x8e, 0x51, 0x0b, 0x76, 0xd7, 0x24, 0x62, 0x64, 0x16, 0xe4, 0x1e, 0x14, 0x79, 0xeb, 0x87, 0x01, + 0xfb, 0x7f, 0x51, 0x00, 0x59, 0x50, 0xf7, 0xa9, 0x9c, 0x47, 0x2c, 0xd4, 0x3a, 0x1a, 0x99, 0x75, + 0xbf, 0x8e, 0x90, 0x07, 0x20, 0x93, 0x99, 0x5a, 0x4e, 0x46, 0xa5, 0x59, 0xd2, 0xce, 0xbd, 0xfe, + 0x47, 0xa1, 0x6d, 0xb7, 0x60, 0x18, 0xf0, 0x38, 0xda, 0xe0, 0x3b, 0x94, 0xad, 0x57, 0xb0, 0xf7, + 0x47, 0x19, 0x35, 0x61, 0x67, 0x49, 0x37, 0xd9, 0x6d, 0x54, 0xa8, 0xf6, 0x75, 0x4d, 0x82, 0x24, + 0x1d, 0xb8, 0x82, 0xd3, 0xe4, 0xb4, 0x74, 0x62, 0xb4, 0x4f, 0xa0, 0xac, 0x76, 0x11, 0x1d, 0x40, + 0xf3, 0x6a, 0x38, 0x3e, 0xf7, 0x3e, 0x8c, 0xdd, 0xc9, 0xa0, 0x3f, 0xbc, 0x18, 0x0e, 0xce, 0x9b, + 0xff, 0xa1, 0x06, 0x00, 0x1e, 0x8c, 0x7a, 0xef, 0x87, 0x6f, 0xc7, 0xbd, 0x51, 0xd3, 0x40, 0x00, + 0x55, 0xb7, 0xdf, 0x1b, 0xf5, 0x70, 0xb3, 0xd4, 0xbe, 0x84, 0xda, 0x3b, 0xf5, 0xe6, 0xd4, 0xcd, + 0xd1, 0x29, 0x80, 0x7a, 0x7a, 0x1e, 0x17, 0x3e, 0x95, 0xa6, 0xa1, 0xc7, 0x7c, 0xbc, 0x65, 0x4c, + 0x5c, 0x0b, 0xb3, 0x48, 0x9e, 0x7d, 0x35, 0xe0, 0xd1, 0x5c, 0xac, 0xee, 0xa3, 0xcf, 0x1a, 0xc5, + 0x07, 0x26, 0xca, 0xfe, 0x89, 0xf1, 0xf1, 0x24, 0x03, 0x2d, 0x44, 0x40, 0xf8, 0xc2, 0x16, 0xd1, + 0xc2, 0x59, 0x50, 0xae, 0x97, 0xc3, 0x49, 0x4b, 0x24, 0x64, 0xf2, 0xce, 0x7f, 0xe1, 0x65, 0x16, + 0x7e, 0x2b, 0x1d, 0x5e, 0xa6, 0xad, 0xfd, 0x40, 0x24, 0xbe, 0xed, 0x66, 0x5f, 0xb9, 0xee, 0x7e, + 0xcf, 0x2b, 0x53, 0x5d, 0x99, 0x66, 0x95, 0xe9, 0x75, 0x77, 0x56, 0xd5, 0xc4, 0xc7, 0x3f, 0x03, + 0x00, 0x00, 0xff, 0xff, 0x53, 0xdb, 0x51, 0xa6, 0x6f, 0x04, 0x00, 0x00, +} diff --git a/vendor/google.golang.org/genproto/googleapis/spanner/v1/result_set.pb.go b/vendor/google.golang.org/genproto/googleapis/spanner/v1/result_set.pb.go new file mode 100644 index 000000000000..18b53a03e363 --- /dev/null +++ b/vendor/google.golang.org/genproto/googleapis/spanner/v1/result_set.pb.go @@ -0,0 +1,312 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// source: google/spanner/v1/result_set.proto + +package spanner + +import proto "github.com/golang/protobuf/proto" +import fmt "fmt" +import math "math" +import _ "google.golang.org/genproto/googleapis/api/annotations" +import google_protobuf1 "github.com/golang/protobuf/ptypes/struct" + +// Reference imports to suppress errors if they are not otherwise used. +var _ = proto.Marshal +var _ = fmt.Errorf +var _ = math.Inf + +// Results from [Read][google.spanner.v1.Spanner.Read] or +// [ExecuteSql][google.spanner.v1.Spanner.ExecuteSql]. +type ResultSet struct { + // Metadata about the result set, such as row type information. + Metadata *ResultSetMetadata `protobuf:"bytes,1,opt,name=metadata" json:"metadata,omitempty"` + // Each element in `rows` is a row whose format is defined by + // [metadata.row_type][google.spanner.v1.ResultSetMetadata.row_type]. The ith element + // in each row matches the ith field in + // [metadata.row_type][google.spanner.v1.ResultSetMetadata.row_type]. Elements are + // encoded based on type as described + // [here][google.spanner.v1.TypeCode]. + Rows []*google_protobuf1.ListValue `protobuf:"bytes,2,rep,name=rows" json:"rows,omitempty"` + // Query plan and execution statistics for the query that produced this + // result set. These can be requested by setting + // [ExecuteSqlRequest.query_mode][google.spanner.v1.ExecuteSqlRequest.query_mode]. + Stats *ResultSetStats `protobuf:"bytes,3,opt,name=stats" json:"stats,omitempty"` +} + +func (m *ResultSet) Reset() { *m = ResultSet{} } +func (m *ResultSet) String() string { return proto.CompactTextString(m) } +func (*ResultSet) ProtoMessage() {} +func (*ResultSet) Descriptor() ([]byte, []int) { return fileDescriptor3, []int{0} } + +func (m *ResultSet) GetMetadata() *ResultSetMetadata { + if m != nil { + return m.Metadata + } + return nil +} + +func (m *ResultSet) GetRows() []*google_protobuf1.ListValue { + if m != nil { + return m.Rows + } + return nil +} + +func (m *ResultSet) GetStats() *ResultSetStats { + if m != nil { + return m.Stats + } + return nil +} + +// Partial results from a streaming read or SQL query. Streaming reads and +// SQL queries better tolerate large result sets, large rows, and large +// values, but are a little trickier to consume. +type PartialResultSet struct { + // Metadata about the result set, such as row type information. + // Only present in the first response. + Metadata *ResultSetMetadata `protobuf:"bytes,1,opt,name=metadata" json:"metadata,omitempty"` + // A streamed result set consists of a stream of values, which might + // be split into many `PartialResultSet` messages to accommodate + // large rows and/or large values. Every N complete values defines a + // row, where N is equal to the number of entries in + // [metadata.row_type.fields][google.spanner.v1.StructType.fields]. + // + // Most values are encoded based on type as described + // [here][google.spanner.v1.TypeCode]. + // + // It is possible that the last value in values is "chunked", + // meaning that the rest of the value is sent in subsequent + // `PartialResultSet`(s). This is denoted by the [chunked_value][google.spanner.v1.PartialResultSet.chunked_value] + // field. Two or more chunked values can be merged to form a + // complete value as follows: + // + // * `bool/number/null`: cannot be chunked + // * `string`: concatenate the strings + // * `list`: concatenate the lists. If the last element in a list is a + // `string`, `list`, or `object`, merge it with the first element in + // the next list by applying these rules recursively. + // * `object`: concatenate the (field name, field value) pairs. If a + // field name is duplicated, then apply these rules recursively + // to merge the field values. + // + // Some examples of merging: + // + // # Strings are concatenated. + // "foo", "bar" => "foobar" + // + // # Lists of non-strings are concatenated. + // [2, 3], [4] => [2, 3, 4] + // + // # Lists are concatenated, but the last and first elements are merged + // # because they are strings. + // ["a", "b"], ["c", "d"] => ["a", "bc", "d"] + // + // # Lists are concatenated, but the last and first elements are merged + // # because they are lists. Recursively, the last and first elements + // # of the inner lists are merged because they are strings. + // ["a", ["b", "c"]], [["d"], "e"] => ["a", ["b", "cd"], "e"] + // + // # Non-overlapping object fields are combined. + // {"a": "1"}, {"b": "2"} => {"a": "1", "b": 2"} + // + // # Overlapping object fields are merged. + // {"a": "1"}, {"a": "2"} => {"a": "12"} + // + // # Examples of merging objects containing lists of strings. + // {"a": ["1"]}, {"a": ["2"]} => {"a": ["12"]} + // + // For a more complete example, suppose a streaming SQL query is + // yielding a result set whose rows contain a single string + // field. The following `PartialResultSet`s might be yielded: + // + // { + // "metadata": { ... } + // "values": ["Hello", "W"] + // "chunked_value": true + // "resume_token": "Af65..." + // } + // { + // "values": ["orl"] + // "chunked_value": true + // "resume_token": "Bqp2..." + // } + // { + // "values": ["d"] + // "resume_token": "Zx1B..." + // } + // + // This sequence of `PartialResultSet`s encodes two rows, one + // containing the field value `"Hello"`, and a second containing the + // field value `"World" = "W" + "orl" + "d"`. + Values []*google_protobuf1.Value `protobuf:"bytes,2,rep,name=values" json:"values,omitempty"` + // If true, then the final value in [values][google.spanner.v1.PartialResultSet.values] is chunked, and must + // be combined with more values from subsequent `PartialResultSet`s + // to obtain a complete field value. + ChunkedValue bool `protobuf:"varint,3,opt,name=chunked_value,json=chunkedValue" json:"chunked_value,omitempty"` + // Streaming calls might be interrupted for a variety of reasons, such + // as TCP connection loss. If this occurs, the stream of results can + // be resumed by re-sending the original request and including + // `resume_token`. Note that executing any other transaction in the + // same session invalidates the token. + ResumeToken []byte `protobuf:"bytes,4,opt,name=resume_token,json=resumeToken,proto3" json:"resume_token,omitempty"` + // Query plan and execution statistics for the query that produced this + // streaming result set. These can be requested by setting + // [ExecuteSqlRequest.query_mode][google.spanner.v1.ExecuteSqlRequest.query_mode] and are sent + // only once with the last response in the stream. + Stats *ResultSetStats `protobuf:"bytes,5,opt,name=stats" json:"stats,omitempty"` +} + +func (m *PartialResultSet) Reset() { *m = PartialResultSet{} } +func (m *PartialResultSet) String() string { return proto.CompactTextString(m) } +func (*PartialResultSet) ProtoMessage() {} +func (*PartialResultSet) Descriptor() ([]byte, []int) { return fileDescriptor3, []int{1} } + +func (m *PartialResultSet) GetMetadata() *ResultSetMetadata { + if m != nil { + return m.Metadata + } + return nil +} + +func (m *PartialResultSet) GetValues() []*google_protobuf1.Value { + if m != nil { + return m.Values + } + return nil +} + +func (m *PartialResultSet) GetChunkedValue() bool { + if m != nil { + return m.ChunkedValue + } + return false +} + +func (m *PartialResultSet) GetResumeToken() []byte { + if m != nil { + return m.ResumeToken + } + return nil +} + +func (m *PartialResultSet) GetStats() *ResultSetStats { + if m != nil { + return m.Stats + } + return nil +} + +// Metadata about a [ResultSet][google.spanner.v1.ResultSet] or [PartialResultSet][google.spanner.v1.PartialResultSet]. +type ResultSetMetadata struct { + // Indicates the field names and types for the rows in the result + // set. For example, a SQL query like `"SELECT UserId, UserName FROM + // Users"` could return a `row_type` value like: + // + // "fields": [ + // { "name": "UserId", "type": { "code": "INT64" } }, + // { "name": "UserName", "type": { "code": "STRING" } }, + // ] + RowType *StructType `protobuf:"bytes,1,opt,name=row_type,json=rowType" json:"row_type,omitempty"` + // If the read or SQL query began a transaction as a side-effect, the + // information about the new transaction is yielded here. + Transaction *Transaction `protobuf:"bytes,2,opt,name=transaction" json:"transaction,omitempty"` +} + +func (m *ResultSetMetadata) Reset() { *m = ResultSetMetadata{} } +func (m *ResultSetMetadata) String() string { return proto.CompactTextString(m) } +func (*ResultSetMetadata) ProtoMessage() {} +func (*ResultSetMetadata) Descriptor() ([]byte, []int) { return fileDescriptor3, []int{2} } + +func (m *ResultSetMetadata) GetRowType() *StructType { + if m != nil { + return m.RowType + } + return nil +} + +func (m *ResultSetMetadata) GetTransaction() *Transaction { + if m != nil { + return m.Transaction + } + return nil +} + +// Additional statistics about a [ResultSet][google.spanner.v1.ResultSet] or [PartialResultSet][google.spanner.v1.PartialResultSet]. +type ResultSetStats struct { + // [QueryPlan][google.spanner.v1.QueryPlan] for the query associated with this result. + QueryPlan *QueryPlan `protobuf:"bytes,1,opt,name=query_plan,json=queryPlan" json:"query_plan,omitempty"` + // Aggregated statistics from the execution of the query. Only present when + // the query is profiled. For example, a query could return the statistics as + // follows: + // + // { + // "rows_returned": "3", + // "elapsed_time": "1.22 secs", + // "cpu_time": "1.19 secs" + // } + QueryStats *google_protobuf1.Struct `protobuf:"bytes,2,opt,name=query_stats,json=queryStats" json:"query_stats,omitempty"` +} + +func (m *ResultSetStats) Reset() { *m = ResultSetStats{} } +func (m *ResultSetStats) String() string { return proto.CompactTextString(m) } +func (*ResultSetStats) ProtoMessage() {} +func (*ResultSetStats) Descriptor() ([]byte, []int) { return fileDescriptor3, []int{3} } + +func (m *ResultSetStats) GetQueryPlan() *QueryPlan { + if m != nil { + return m.QueryPlan + } + return nil +} + +func (m *ResultSetStats) GetQueryStats() *google_protobuf1.Struct { + if m != nil { + return m.QueryStats + } + return nil +} + +func init() { + proto.RegisterType((*ResultSet)(nil), "google.spanner.v1.ResultSet") + proto.RegisterType((*PartialResultSet)(nil), "google.spanner.v1.PartialResultSet") + proto.RegisterType((*ResultSetMetadata)(nil), "google.spanner.v1.ResultSetMetadata") + proto.RegisterType((*ResultSetStats)(nil), "google.spanner.v1.ResultSetStats") +} + +func init() { proto.RegisterFile("google/spanner/v1/result_set.proto", fileDescriptor3) } + +var fileDescriptor3 = []byte{ + // 501 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x93, 0xcd, 0x6e, 0x13, 0x31, + 0x14, 0x85, 0xe5, 0xf4, 0x87, 0xd4, 0x13, 0x10, 0xb5, 0x04, 0x1d, 0x45, 0x05, 0xa5, 0x29, 0x8b, + 0xac, 0x3c, 0x4a, 0x59, 0x10, 0xa9, 0x9b, 0xaa, 0x2c, 0xd8, 0x80, 0x14, 0x9c, 0x28, 0x0b, 0x14, + 0x69, 0xe4, 0x26, 0x66, 0x18, 0x75, 0x62, 0x4f, 0x6d, 0x4f, 0xa2, 0x3c, 0x00, 0x62, 0xc9, 0x9e, + 0x47, 0xe0, 0x01, 0x78, 0x08, 0x9e, 0x88, 0x25, 0xf2, 0xcf, 0x24, 0x81, 0x19, 0x21, 0x21, 0x75, + 0xe7, 0xf8, 0x7e, 0xe7, 0x9e, 0x7b, 0x3c, 0x37, 0xb0, 0x9b, 0x08, 0x91, 0x64, 0x2c, 0x52, 0x39, + 0xe5, 0x9c, 0xc9, 0x68, 0xd9, 0x8f, 0x24, 0x53, 0x45, 0xa6, 0x63, 0xc5, 0x34, 0xce, 0xa5, 0xd0, + 0x02, 0x1d, 0x3b, 0x06, 0x7b, 0x06, 0x2f, 0xfb, 0xed, 0x53, 0x2f, 0xa3, 0x79, 0x1a, 0x51, 0xce, + 0x85, 0xa6, 0x3a, 0x15, 0x5c, 0x39, 0xc1, 0xa6, 0x6a, 0x7f, 0xdd, 0x14, 0x1f, 0x23, 0xa5, 0x65, + 0x31, 0xf3, 0xed, 0xda, 0x35, 0x96, 0x77, 0x05, 0x93, 0xeb, 0x38, 0xcf, 0x28, 0xf7, 0xcc, 0x79, + 0x95, 0xd1, 0x92, 0x72, 0x45, 0x67, 0xc6, 0xe7, 0x2f, 0x9b, 0x5d, 0x68, 0x9d, 0x33, 0x57, 0xed, + 0xfe, 0x00, 0xf0, 0x88, 0xd8, 0x28, 0x23, 0xa6, 0xd1, 0x15, 0x6c, 0x2e, 0x98, 0xa6, 0x73, 0xaa, + 0x69, 0x08, 0x3a, 0xa0, 0x17, 0x5c, 0xbc, 0xc0, 0x95, 0x58, 0x78, 0xc3, 0xbf, 0xf3, 0x2c, 0xd9, + 0xa8, 0x10, 0x86, 0xfb, 0x52, 0xac, 0x54, 0xd8, 0xe8, 0xec, 0xf5, 0x82, 0x8b, 0x76, 0xa9, 0x2e, + 0x33, 0xe2, 0xb7, 0xa9, 0xd2, 0x13, 0x9a, 0x15, 0x8c, 0x58, 0x0e, 0xbd, 0x82, 0x07, 0x4a, 0x53, + 0xad, 0xc2, 0x3d, 0x6b, 0x77, 0xf6, 0x2f, 0xbb, 0x91, 0x01, 0x89, 0xe3, 0xbb, 0x9f, 0x1b, 0xf0, + 0xf1, 0x90, 0x4a, 0x9d, 0xd2, 0xec, 0x7e, 0xe7, 0x3f, 0x5c, 0x9a, 0xf1, 0xca, 0x04, 0x4f, 0x2b, + 0x09, 0xdc, 0xf4, 0x9e, 0x42, 0xe7, 0xf0, 0xe1, 0xec, 0x53, 0xc1, 0x6f, 0xd9, 0x3c, 0xb6, 0x37, + 0x36, 0x47, 0x93, 0xb4, 0xfc, 0xa5, 0x85, 0xd1, 0x19, 0x6c, 0x99, 0x75, 0x59, 0xb0, 0x58, 0x8b, + 0x5b, 0xc6, 0xc3, 0xfd, 0x0e, 0xe8, 0xb5, 0x48, 0xe0, 0xee, 0xc6, 0xe6, 0x6a, 0xfb, 0x0e, 0x07, + 0xff, 0xf9, 0x0e, 0x5f, 0x01, 0x3c, 0xae, 0x04, 0x42, 0x03, 0xd8, 0x94, 0x62, 0x15, 0x9b, 0x0f, + 0xed, 0x1f, 0xe2, 0x59, 0x4d, 0xc7, 0x91, 0x5d, 0xb8, 0xf1, 0x3a, 0x67, 0xe4, 0x81, 0x14, 0x2b, + 0x73, 0x40, 0x57, 0x30, 0xd8, 0xd9, 0xa1, 0xb0, 0x61, 0xc5, 0xcf, 0x6b, 0xc4, 0xe3, 0x2d, 0x45, + 0x76, 0x25, 0xdd, 0x2f, 0x00, 0x3e, 0xfa, 0x73, 0x56, 0x74, 0x09, 0xe1, 0x76, 0x79, 0xfd, 0x40, + 0xa7, 0x35, 0x3d, 0xdf, 0x1b, 0x68, 0x98, 0x51, 0x4e, 0x8e, 0xee, 0xca, 0x23, 0x1a, 0xc0, 0xc0, + 0x89, 0xdd, 0x03, 0xb9, 0x89, 0x4e, 0x2a, 0xdf, 0xc5, 0x85, 0x21, 0xce, 0xc8, 0xda, 0x5e, 0x7f, + 0x03, 0xf0, 0xc9, 0x4c, 0x2c, 0xaa, 0x46, 0xd7, 0xdb, 0x01, 0x87, 0x46, 0x3f, 0x04, 0x1f, 0x06, + 0x1e, 0x4a, 0x44, 0x46, 0x79, 0x82, 0x85, 0x4c, 0xa2, 0x84, 0x71, 0xdb, 0x3d, 0x72, 0x25, 0x9a, + 0xa7, 0x6a, 0xe7, 0x5f, 0x74, 0xe9, 0x8f, 0xbf, 0x00, 0xf8, 0xde, 0x38, 0x79, 0xe3, 0xd4, 0xaf, + 0x33, 0x51, 0xcc, 0xf1, 0xc8, 0x1b, 0x4d, 0xfa, 0x3f, 0xcb, 0xca, 0xd4, 0x56, 0xa6, 0xbe, 0x32, + 0x9d, 0xf4, 0x6f, 0x0e, 0x6d, 0xef, 0x97, 0xbf, 0x03, 0x00, 0x00, 0xff, 0xff, 0x06, 0x67, 0x6c, + 0xee, 0x5c, 0x04, 0x00, 0x00, +} diff --git a/vendor/google.golang.org/genproto/googleapis/spanner/v1/spanner.pb.go b/vendor/google.golang.org/genproto/googleapis/spanner/v1/spanner.pb.go new file mode 100644 index 000000000000..2db458519765 --- /dev/null +++ b/vendor/google.golang.org/genproto/googleapis/spanner/v1/spanner.pb.go @@ -0,0 +1,1396 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// source: google/spanner/v1/spanner.proto + +package spanner + +import proto "github.com/golang/protobuf/proto" +import fmt "fmt" +import math "math" +import _ "google.golang.org/genproto/googleapis/api/annotations" +import google_protobuf4 "github.com/golang/protobuf/ptypes/empty" +import google_protobuf1 "github.com/golang/protobuf/ptypes/struct" +import google_protobuf3 "github.com/golang/protobuf/ptypes/timestamp" + +import ( + context "golang.org/x/net/context" + grpc "google.golang.org/grpc" +) + +// Reference imports to suppress errors if they are not otherwise used. +var _ = proto.Marshal +var _ = fmt.Errorf +var _ = math.Inf + +// Mode in which the query must be processed. +type ExecuteSqlRequest_QueryMode int32 + +const ( + // The default mode where only the query result, without any information + // about the query plan is returned. + ExecuteSqlRequest_NORMAL ExecuteSqlRequest_QueryMode = 0 + // This mode returns only the query plan, without any result rows or + // execution statistics information. + ExecuteSqlRequest_PLAN ExecuteSqlRequest_QueryMode = 1 + // This mode returns both the query plan and the execution statistics along + // with the result rows. + ExecuteSqlRequest_PROFILE ExecuteSqlRequest_QueryMode = 2 +) + +var ExecuteSqlRequest_QueryMode_name = map[int32]string{ + 0: "NORMAL", + 1: "PLAN", + 2: "PROFILE", +} +var ExecuteSqlRequest_QueryMode_value = map[string]int32{ + "NORMAL": 0, + "PLAN": 1, + "PROFILE": 2, +} + +func (x ExecuteSqlRequest_QueryMode) String() string { + return proto.EnumName(ExecuteSqlRequest_QueryMode_name, int32(x)) +} +func (ExecuteSqlRequest_QueryMode) EnumDescriptor() ([]byte, []int) { + return fileDescriptor4, []int{6, 0} +} + +// The request for [CreateSession][google.spanner.v1.Spanner.CreateSession]. +type CreateSessionRequest struct { + // Required. The database in which the new session is created. + Database string `protobuf:"bytes,1,opt,name=database" json:"database,omitempty"` + // The session to create. + Session *Session `protobuf:"bytes,2,opt,name=session" json:"session,omitempty"` +} + +func (m *CreateSessionRequest) Reset() { *m = CreateSessionRequest{} } +func (m *CreateSessionRequest) String() string { return proto.CompactTextString(m) } +func (*CreateSessionRequest) ProtoMessage() {} +func (*CreateSessionRequest) Descriptor() ([]byte, []int) { return fileDescriptor4, []int{0} } + +func (m *CreateSessionRequest) GetDatabase() string { + if m != nil { + return m.Database + } + return "" +} + +func (m *CreateSessionRequest) GetSession() *Session { + if m != nil { + return m.Session + } + return nil +} + +// A session in the Cloud Spanner API. +type Session struct { + // The name of the session. This is always system-assigned; values provided + // when creating a session are ignored. + Name string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"` + // The labels for the session. + // + // * Label keys must be between 1 and 63 characters long and must conform to + // the following regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`. + // * Label values must be between 0 and 63 characters long and must conform + // to the regular expression `([a-z]([-a-z0-9]*[a-z0-9])?)?`. + // * No more than 64 labels can be associated with a given session. + // + // See https://goo.gl/xmQnxf for more information on and examples of labels. + Labels map[string]string `protobuf:"bytes,2,rep,name=labels" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"` + // Output only. The timestamp when the session is created. + CreateTime *google_protobuf3.Timestamp `protobuf:"bytes,3,opt,name=create_time,json=createTime" json:"create_time,omitempty"` + // Output only. The approximate timestamp when the session is last used. It is + // typically earlier than the actual last use time. + ApproximateLastUseTime *google_protobuf3.Timestamp `protobuf:"bytes,4,opt,name=approximate_last_use_time,json=approximateLastUseTime" json:"approximate_last_use_time,omitempty"` +} + +func (m *Session) Reset() { *m = Session{} } +func (m *Session) String() string { return proto.CompactTextString(m) } +func (*Session) ProtoMessage() {} +func (*Session) Descriptor() ([]byte, []int) { return fileDescriptor4, []int{1} } + +func (m *Session) GetName() string { + if m != nil { + return m.Name + } + return "" +} + +func (m *Session) GetLabels() map[string]string { + if m != nil { + return m.Labels + } + return nil +} + +func (m *Session) GetCreateTime() *google_protobuf3.Timestamp { + if m != nil { + return m.CreateTime + } + return nil +} + +func (m *Session) GetApproximateLastUseTime() *google_protobuf3.Timestamp { + if m != nil { + return m.ApproximateLastUseTime + } + return nil +} + +// The request for [GetSession][google.spanner.v1.Spanner.GetSession]. +type GetSessionRequest struct { + // Required. The name of the session to retrieve. + Name string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"` +} + +func (m *GetSessionRequest) Reset() { *m = GetSessionRequest{} } +func (m *GetSessionRequest) String() string { return proto.CompactTextString(m) } +func (*GetSessionRequest) ProtoMessage() {} +func (*GetSessionRequest) Descriptor() ([]byte, []int) { return fileDescriptor4, []int{2} } + +func (m *GetSessionRequest) GetName() string { + if m != nil { + return m.Name + } + return "" +} + +// The request for [ListSessions][google.spanner.v1.Spanner.ListSessions]. +type ListSessionsRequest struct { + // Required. The database in which to list sessions. + Database string `protobuf:"bytes,1,opt,name=database" json:"database,omitempty"` + // Number of sessions to be returned in the response. If 0 or less, defaults + // to the server's maximum allowed page size. + PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize" json:"page_size,omitempty"` + // If non-empty, `page_token` should contain a + // [next_page_token][google.spanner.v1.ListSessionsResponse.next_page_token] from a previous + // [ListSessionsResponse][google.spanner.v1.ListSessionsResponse]. + PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken" json:"page_token,omitempty"` + // An expression for filtering the results of the request. Filter rules are + // case insensitive. The fields eligible for filtering are: + // + // * `labels.key` where key is the name of a label + // + // Some examples of using filters are: + // + // * `labels.env:*` --> The session has the label "env". + // * `labels.env:dev` --> The session has the label "env" and the value of + // the label contains the string "dev". + Filter string `protobuf:"bytes,4,opt,name=filter" json:"filter,omitempty"` +} + +func (m *ListSessionsRequest) Reset() { *m = ListSessionsRequest{} } +func (m *ListSessionsRequest) String() string { return proto.CompactTextString(m) } +func (*ListSessionsRequest) ProtoMessage() {} +func (*ListSessionsRequest) Descriptor() ([]byte, []int) { return fileDescriptor4, []int{3} } + +func (m *ListSessionsRequest) GetDatabase() string { + if m != nil { + return m.Database + } + return "" +} + +func (m *ListSessionsRequest) GetPageSize() int32 { + if m != nil { + return m.PageSize + } + return 0 +} + +func (m *ListSessionsRequest) GetPageToken() string { + if m != nil { + return m.PageToken + } + return "" +} + +func (m *ListSessionsRequest) GetFilter() string { + if m != nil { + return m.Filter + } + return "" +} + +// The response for [ListSessions][google.spanner.v1.Spanner.ListSessions]. +type ListSessionsResponse struct { + // The list of requested sessions. + Sessions []*Session `protobuf:"bytes,1,rep,name=sessions" json:"sessions,omitempty"` + // `next_page_token` can be sent in a subsequent + // [ListSessions][google.spanner.v1.Spanner.ListSessions] call to fetch more of the matching + // sessions. + NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken" json:"next_page_token,omitempty"` +} + +func (m *ListSessionsResponse) Reset() { *m = ListSessionsResponse{} } +func (m *ListSessionsResponse) String() string { return proto.CompactTextString(m) } +func (*ListSessionsResponse) ProtoMessage() {} +func (*ListSessionsResponse) Descriptor() ([]byte, []int) { return fileDescriptor4, []int{4} } + +func (m *ListSessionsResponse) GetSessions() []*Session { + if m != nil { + return m.Sessions + } + return nil +} + +func (m *ListSessionsResponse) GetNextPageToken() string { + if m != nil { + return m.NextPageToken + } + return "" +} + +// The request for [DeleteSession][google.spanner.v1.Spanner.DeleteSession]. +type DeleteSessionRequest struct { + // Required. The name of the session to delete. + Name string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"` +} + +func (m *DeleteSessionRequest) Reset() { *m = DeleteSessionRequest{} } +func (m *DeleteSessionRequest) String() string { return proto.CompactTextString(m) } +func (*DeleteSessionRequest) ProtoMessage() {} +func (*DeleteSessionRequest) Descriptor() ([]byte, []int) { return fileDescriptor4, []int{5} } + +func (m *DeleteSessionRequest) GetName() string { + if m != nil { + return m.Name + } + return "" +} + +// The request for [ExecuteSql][google.spanner.v1.Spanner.ExecuteSql] and +// [ExecuteStreamingSql][google.spanner.v1.Spanner.ExecuteStreamingSql]. +type ExecuteSqlRequest struct { + // Required. The session in which the SQL query should be performed. + Session string `protobuf:"bytes,1,opt,name=session" json:"session,omitempty"` + // The transaction to use. If none is provided, the default is a + // temporary read-only transaction with strong concurrency. + Transaction *TransactionSelector `protobuf:"bytes,2,opt,name=transaction" json:"transaction,omitempty"` + // Required. The SQL query string. + Sql string `protobuf:"bytes,3,opt,name=sql" json:"sql,omitempty"` + // The SQL query string can contain parameter placeholders. A parameter + // placeholder consists of `'@'` followed by the parameter + // name. Parameter names consist of any combination of letters, + // numbers, and underscores. + // + // Parameters can appear anywhere that a literal value is expected. The same + // parameter name can be used more than once, for example: + // `"WHERE id > @msg_id AND id < @msg_id + 100"` + // + // It is an error to execute an SQL query with unbound parameters. + // + // Parameter values are specified using `params`, which is a JSON + // object whose keys are parameter names, and whose values are the + // corresponding parameter values. + Params *google_protobuf1.Struct `protobuf:"bytes,4,opt,name=params" json:"params,omitempty"` + // It is not always possible for Cloud Spanner to infer the right SQL type + // from a JSON value. For example, values of type `BYTES` and values + // of type `STRING` both appear in [params][google.spanner.v1.ExecuteSqlRequest.params] as JSON strings. + // + // In these cases, `param_types` can be used to specify the exact + // SQL type for some or all of the SQL query parameters. See the + // definition of [Type][google.spanner.v1.Type] for more information + // about SQL types. + ParamTypes map[string]*Type `protobuf:"bytes,5,rep,name=param_types,json=paramTypes" json:"param_types,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"` + // If this request is resuming a previously interrupted SQL query + // execution, `resume_token` should be copied from the last + // [PartialResultSet][google.spanner.v1.PartialResultSet] yielded before the interruption. Doing this + // enables the new SQL query execution to resume where the last one left + // off. The rest of the request parameters must exactly match the + // request that yielded this token. + ResumeToken []byte `protobuf:"bytes,6,opt,name=resume_token,json=resumeToken,proto3" json:"resume_token,omitempty"` + // Used to control the amount of debugging information returned in + // [ResultSetStats][google.spanner.v1.ResultSetStats]. + QueryMode ExecuteSqlRequest_QueryMode `protobuf:"varint,7,opt,name=query_mode,json=queryMode,enum=google.spanner.v1.ExecuteSqlRequest_QueryMode" json:"query_mode,omitempty"` +} + +func (m *ExecuteSqlRequest) Reset() { *m = ExecuteSqlRequest{} } +func (m *ExecuteSqlRequest) String() string { return proto.CompactTextString(m) } +func (*ExecuteSqlRequest) ProtoMessage() {} +func (*ExecuteSqlRequest) Descriptor() ([]byte, []int) { return fileDescriptor4, []int{6} } + +func (m *ExecuteSqlRequest) GetSession() string { + if m != nil { + return m.Session + } + return "" +} + +func (m *ExecuteSqlRequest) GetTransaction() *TransactionSelector { + if m != nil { + return m.Transaction + } + return nil +} + +func (m *ExecuteSqlRequest) GetSql() string { + if m != nil { + return m.Sql + } + return "" +} + +func (m *ExecuteSqlRequest) GetParams() *google_protobuf1.Struct { + if m != nil { + return m.Params + } + return nil +} + +func (m *ExecuteSqlRequest) GetParamTypes() map[string]*Type { + if m != nil { + return m.ParamTypes + } + return nil +} + +func (m *ExecuteSqlRequest) GetResumeToken() []byte { + if m != nil { + return m.ResumeToken + } + return nil +} + +func (m *ExecuteSqlRequest) GetQueryMode() ExecuteSqlRequest_QueryMode { + if m != nil { + return m.QueryMode + } + return ExecuteSqlRequest_NORMAL +} + +// The request for [Read][google.spanner.v1.Spanner.Read] and +// [StreamingRead][google.spanner.v1.Spanner.StreamingRead]. +type ReadRequest struct { + // Required. The session in which the read should be performed. + Session string `protobuf:"bytes,1,opt,name=session" json:"session,omitempty"` + // The transaction to use. If none is provided, the default is a + // temporary read-only transaction with strong concurrency. + Transaction *TransactionSelector `protobuf:"bytes,2,opt,name=transaction" json:"transaction,omitempty"` + // Required. The name of the table in the database to be read. + Table string `protobuf:"bytes,3,opt,name=table" json:"table,omitempty"` + // If non-empty, the name of an index on [table][google.spanner.v1.ReadRequest.table]. This index is + // used instead of the table primary key when interpreting [key_set][google.spanner.v1.ReadRequest.key_set] + // and sorting result rows. See [key_set][google.spanner.v1.ReadRequest.key_set] for further information. + Index string `protobuf:"bytes,4,opt,name=index" json:"index,omitempty"` + // The columns of [table][google.spanner.v1.ReadRequest.table] to be returned for each row matching + // this request. + Columns []string `protobuf:"bytes,5,rep,name=columns" json:"columns,omitempty"` + // Required. `key_set` identifies the rows to be yielded. `key_set` names the + // primary keys of the rows in [table][google.spanner.v1.ReadRequest.table] to be yielded, unless [index][google.spanner.v1.ReadRequest.index] + // is present. If [index][google.spanner.v1.ReadRequest.index] is present, then [key_set][google.spanner.v1.ReadRequest.key_set] instead names + // index keys in [index][google.spanner.v1.ReadRequest.index]. + // + // Rows are yielded in table primary key order (if [index][google.spanner.v1.ReadRequest.index] is empty) + // or index key order (if [index][google.spanner.v1.ReadRequest.index] is non-empty). + // + // It is not an error for the `key_set` to name rows that do not + // exist in the database. Read yields nothing for nonexistent rows. + KeySet *KeySet `protobuf:"bytes,6,opt,name=key_set,json=keySet" json:"key_set,omitempty"` + // If greater than zero, only the first `limit` rows are yielded. If `limit` + // is zero, the default is no limit. + Limit int64 `protobuf:"varint,8,opt,name=limit" json:"limit,omitempty"` + // If this request is resuming a previously interrupted read, + // `resume_token` should be copied from the last + // [PartialResultSet][google.spanner.v1.PartialResultSet] yielded before the interruption. Doing this + // enables the new read to resume where the last read left off. The + // rest of the request parameters must exactly match the request + // that yielded this token. + ResumeToken []byte `protobuf:"bytes,9,opt,name=resume_token,json=resumeToken,proto3" json:"resume_token,omitempty"` +} + +func (m *ReadRequest) Reset() { *m = ReadRequest{} } +func (m *ReadRequest) String() string { return proto.CompactTextString(m) } +func (*ReadRequest) ProtoMessage() {} +func (*ReadRequest) Descriptor() ([]byte, []int) { return fileDescriptor4, []int{7} } + +func (m *ReadRequest) GetSession() string { + if m != nil { + return m.Session + } + return "" +} + +func (m *ReadRequest) GetTransaction() *TransactionSelector { + if m != nil { + return m.Transaction + } + return nil +} + +func (m *ReadRequest) GetTable() string { + if m != nil { + return m.Table + } + return "" +} + +func (m *ReadRequest) GetIndex() string { + if m != nil { + return m.Index + } + return "" +} + +func (m *ReadRequest) GetColumns() []string { + if m != nil { + return m.Columns + } + return nil +} + +func (m *ReadRequest) GetKeySet() *KeySet { + if m != nil { + return m.KeySet + } + return nil +} + +func (m *ReadRequest) GetLimit() int64 { + if m != nil { + return m.Limit + } + return 0 +} + +func (m *ReadRequest) GetResumeToken() []byte { + if m != nil { + return m.ResumeToken + } + return nil +} + +// The request for [BeginTransaction][google.spanner.v1.Spanner.BeginTransaction]. +type BeginTransactionRequest struct { + // Required. The session in which the transaction runs. + Session string `protobuf:"bytes,1,opt,name=session" json:"session,omitempty"` + // Required. Options for the new transaction. + Options *TransactionOptions `protobuf:"bytes,2,opt,name=options" json:"options,omitempty"` +} + +func (m *BeginTransactionRequest) Reset() { *m = BeginTransactionRequest{} } +func (m *BeginTransactionRequest) String() string { return proto.CompactTextString(m) } +func (*BeginTransactionRequest) ProtoMessage() {} +func (*BeginTransactionRequest) Descriptor() ([]byte, []int) { return fileDescriptor4, []int{8} } + +func (m *BeginTransactionRequest) GetSession() string { + if m != nil { + return m.Session + } + return "" +} + +func (m *BeginTransactionRequest) GetOptions() *TransactionOptions { + if m != nil { + return m.Options + } + return nil +} + +// The request for [Commit][google.spanner.v1.Spanner.Commit]. +type CommitRequest struct { + // Required. The session in which the transaction to be committed is running. + Session string `protobuf:"bytes,1,opt,name=session" json:"session,omitempty"` + // Required. The transaction in which to commit. + // + // Types that are valid to be assigned to Transaction: + // *CommitRequest_TransactionId + // *CommitRequest_SingleUseTransaction + Transaction isCommitRequest_Transaction `protobuf_oneof:"transaction"` + // The mutations to be executed when this transaction commits. All + // mutations are applied atomically, in the order they appear in + // this list. + Mutations []*Mutation `protobuf:"bytes,4,rep,name=mutations" json:"mutations,omitempty"` +} + +func (m *CommitRequest) Reset() { *m = CommitRequest{} } +func (m *CommitRequest) String() string { return proto.CompactTextString(m) } +func (*CommitRequest) ProtoMessage() {} +func (*CommitRequest) Descriptor() ([]byte, []int) { return fileDescriptor4, []int{9} } + +type isCommitRequest_Transaction interface { + isCommitRequest_Transaction() +} + +type CommitRequest_TransactionId struct { + TransactionId []byte `protobuf:"bytes,2,opt,name=transaction_id,json=transactionId,proto3,oneof"` +} +type CommitRequest_SingleUseTransaction struct { + SingleUseTransaction *TransactionOptions `protobuf:"bytes,3,opt,name=single_use_transaction,json=singleUseTransaction,oneof"` +} + +func (*CommitRequest_TransactionId) isCommitRequest_Transaction() {} +func (*CommitRequest_SingleUseTransaction) isCommitRequest_Transaction() {} + +func (m *CommitRequest) GetTransaction() isCommitRequest_Transaction { + if m != nil { + return m.Transaction + } + return nil +} + +func (m *CommitRequest) GetSession() string { + if m != nil { + return m.Session + } + return "" +} + +func (m *CommitRequest) GetTransactionId() []byte { + if x, ok := m.GetTransaction().(*CommitRequest_TransactionId); ok { + return x.TransactionId + } + return nil +} + +func (m *CommitRequest) GetSingleUseTransaction() *TransactionOptions { + if x, ok := m.GetTransaction().(*CommitRequest_SingleUseTransaction); ok { + return x.SingleUseTransaction + } + return nil +} + +func (m *CommitRequest) GetMutations() []*Mutation { + if m != nil { + return m.Mutations + } + return nil +} + +// XXX_OneofFuncs is for the internal use of the proto package. +func (*CommitRequest) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{}) { + return _CommitRequest_OneofMarshaler, _CommitRequest_OneofUnmarshaler, _CommitRequest_OneofSizer, []interface{}{ + (*CommitRequest_TransactionId)(nil), + (*CommitRequest_SingleUseTransaction)(nil), + } +} + +func _CommitRequest_OneofMarshaler(msg proto.Message, b *proto.Buffer) error { + m := msg.(*CommitRequest) + // transaction + switch x := m.Transaction.(type) { + case *CommitRequest_TransactionId: + b.EncodeVarint(2<<3 | proto.WireBytes) + b.EncodeRawBytes(x.TransactionId) + case *CommitRequest_SingleUseTransaction: + b.EncodeVarint(3<<3 | proto.WireBytes) + if err := b.EncodeMessage(x.SingleUseTransaction); err != nil { + return err + } + case nil: + default: + return fmt.Errorf("CommitRequest.Transaction has unexpected type %T", x) + } + return nil +} + +func _CommitRequest_OneofUnmarshaler(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error) { + m := msg.(*CommitRequest) + switch tag { + case 2: // transaction.transaction_id + if wire != proto.WireBytes { + return true, proto.ErrInternalBadWireType + } + x, err := b.DecodeRawBytes(true) + m.Transaction = &CommitRequest_TransactionId{x} + return true, err + case 3: // transaction.single_use_transaction + if wire != proto.WireBytes { + return true, proto.ErrInternalBadWireType + } + msg := new(TransactionOptions) + err := b.DecodeMessage(msg) + m.Transaction = &CommitRequest_SingleUseTransaction{msg} + return true, err + default: + return false, nil + } +} + +func _CommitRequest_OneofSizer(msg proto.Message) (n int) { + m := msg.(*CommitRequest) + // transaction + switch x := m.Transaction.(type) { + case *CommitRequest_TransactionId: + n += proto.SizeVarint(2<<3 | proto.WireBytes) + n += proto.SizeVarint(uint64(len(x.TransactionId))) + n += len(x.TransactionId) + case *CommitRequest_SingleUseTransaction: + s := proto.Size(x.SingleUseTransaction) + n += proto.SizeVarint(3<<3 | proto.WireBytes) + n += proto.SizeVarint(uint64(s)) + n += s + case nil: + default: + panic(fmt.Sprintf("proto: unexpected type %T in oneof", x)) + } + return n +} + +// The response for [Commit][google.spanner.v1.Spanner.Commit]. +type CommitResponse struct { + // The Cloud Spanner timestamp at which the transaction committed. + CommitTimestamp *google_protobuf3.Timestamp `protobuf:"bytes,1,opt,name=commit_timestamp,json=commitTimestamp" json:"commit_timestamp,omitempty"` +} + +func (m *CommitResponse) Reset() { *m = CommitResponse{} } +func (m *CommitResponse) String() string { return proto.CompactTextString(m) } +func (*CommitResponse) ProtoMessage() {} +func (*CommitResponse) Descriptor() ([]byte, []int) { return fileDescriptor4, []int{10} } + +func (m *CommitResponse) GetCommitTimestamp() *google_protobuf3.Timestamp { + if m != nil { + return m.CommitTimestamp + } + return nil +} + +// The request for [Rollback][google.spanner.v1.Spanner.Rollback]. +type RollbackRequest struct { + // Required. The session in which the transaction to roll back is running. + Session string `protobuf:"bytes,1,opt,name=session" json:"session,omitempty"` + // Required. The transaction to roll back. + TransactionId []byte `protobuf:"bytes,2,opt,name=transaction_id,json=transactionId,proto3" json:"transaction_id,omitempty"` +} + +func (m *RollbackRequest) Reset() { *m = RollbackRequest{} } +func (m *RollbackRequest) String() string { return proto.CompactTextString(m) } +func (*RollbackRequest) ProtoMessage() {} +func (*RollbackRequest) Descriptor() ([]byte, []int) { return fileDescriptor4, []int{11} } + +func (m *RollbackRequest) GetSession() string { + if m != nil { + return m.Session + } + return "" +} + +func (m *RollbackRequest) GetTransactionId() []byte { + if m != nil { + return m.TransactionId + } + return nil +} + +func init() { + proto.RegisterType((*CreateSessionRequest)(nil), "google.spanner.v1.CreateSessionRequest") + proto.RegisterType((*Session)(nil), "google.spanner.v1.Session") + proto.RegisterType((*GetSessionRequest)(nil), "google.spanner.v1.GetSessionRequest") + proto.RegisterType((*ListSessionsRequest)(nil), "google.spanner.v1.ListSessionsRequest") + proto.RegisterType((*ListSessionsResponse)(nil), "google.spanner.v1.ListSessionsResponse") + proto.RegisterType((*DeleteSessionRequest)(nil), "google.spanner.v1.DeleteSessionRequest") + proto.RegisterType((*ExecuteSqlRequest)(nil), "google.spanner.v1.ExecuteSqlRequest") + proto.RegisterType((*ReadRequest)(nil), "google.spanner.v1.ReadRequest") + proto.RegisterType((*BeginTransactionRequest)(nil), "google.spanner.v1.BeginTransactionRequest") + proto.RegisterType((*CommitRequest)(nil), "google.spanner.v1.CommitRequest") + proto.RegisterType((*CommitResponse)(nil), "google.spanner.v1.CommitResponse") + proto.RegisterType((*RollbackRequest)(nil), "google.spanner.v1.RollbackRequest") + proto.RegisterEnum("google.spanner.v1.ExecuteSqlRequest_QueryMode", ExecuteSqlRequest_QueryMode_name, ExecuteSqlRequest_QueryMode_value) +} + +// Reference imports to suppress errors if they are not otherwise used. +var _ context.Context +var _ grpc.ClientConn + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +const _ = grpc.SupportPackageIsVersion4 + +// Client API for Spanner service + +type SpannerClient interface { + // Creates a new session. A session can be used to perform + // transactions that read and/or modify data in a Cloud Spanner database. + // Sessions are meant to be reused for many consecutive + // transactions. + // + // Sessions can only execute one transaction at a time. To execute + // multiple concurrent read-write/write-only transactions, create + // multiple sessions. Note that standalone reads and queries use a + // transaction internally, and count toward the one transaction + // limit. + // + // Cloud Spanner limits the number of sessions that can exist at any given + // time; thus, it is a good idea to delete idle and/or unneeded sessions. + // Aside from explicit deletes, Cloud Spanner can delete sessions for which no + // operations are sent for more than an hour. If a session is deleted, + // requests to it return `NOT_FOUND`. + // + // Idle sessions can be kept alive by sending a trivial SQL query + // periodically, e.g., `"SELECT 1"`. + CreateSession(ctx context.Context, in *CreateSessionRequest, opts ...grpc.CallOption) (*Session, error) + // Gets a session. Returns `NOT_FOUND` if the session does not exist. + // This is mainly useful for determining whether a session is still + // alive. + GetSession(ctx context.Context, in *GetSessionRequest, opts ...grpc.CallOption) (*Session, error) + // Lists all sessions in a given database. + ListSessions(ctx context.Context, in *ListSessionsRequest, opts ...grpc.CallOption) (*ListSessionsResponse, error) + // Ends a session, releasing server resources associated with it. + DeleteSession(ctx context.Context, in *DeleteSessionRequest, opts ...grpc.CallOption) (*google_protobuf4.Empty, error) + // Executes an SQL query, returning all rows in a single reply. This + // method cannot be used to return a result set larger than 10 MiB; + // if the query yields more data than that, the query fails with + // a `FAILED_PRECONDITION` error. + // + // Queries inside read-write transactions might return `ABORTED`. If + // this occurs, the application should restart the transaction from + // the beginning. See [Transaction][google.spanner.v1.Transaction] for more details. + // + // Larger result sets can be fetched in streaming fashion by calling + // [ExecuteStreamingSql][google.spanner.v1.Spanner.ExecuteStreamingSql] instead. + ExecuteSql(ctx context.Context, in *ExecuteSqlRequest, opts ...grpc.CallOption) (*ResultSet, error) + // Like [ExecuteSql][google.spanner.v1.Spanner.ExecuteSql], except returns the result + // set as a stream. Unlike [ExecuteSql][google.spanner.v1.Spanner.ExecuteSql], there + // is no limit on the size of the returned result set. However, no + // individual row in the result set can exceed 100 MiB, and no + // column value can exceed 10 MiB. + ExecuteStreamingSql(ctx context.Context, in *ExecuteSqlRequest, opts ...grpc.CallOption) (Spanner_ExecuteStreamingSqlClient, error) + // Reads rows from the database using key lookups and scans, as a + // simple key/value style alternative to + // [ExecuteSql][google.spanner.v1.Spanner.ExecuteSql]. This method cannot be used to + // return a result set larger than 10 MiB; if the read matches more + // data than that, the read fails with a `FAILED_PRECONDITION` + // error. + // + // Reads inside read-write transactions might return `ABORTED`. If + // this occurs, the application should restart the transaction from + // the beginning. See [Transaction][google.spanner.v1.Transaction] for more details. + // + // Larger result sets can be yielded in streaming fashion by calling + // [StreamingRead][google.spanner.v1.Spanner.StreamingRead] instead. + Read(ctx context.Context, in *ReadRequest, opts ...grpc.CallOption) (*ResultSet, error) + // Like [Read][google.spanner.v1.Spanner.Read], except returns the result set as a + // stream. Unlike [Read][google.spanner.v1.Spanner.Read], there is no limit on the + // size of the returned result set. However, no individual row in + // the result set can exceed 100 MiB, and no column value can exceed + // 10 MiB. + StreamingRead(ctx context.Context, in *ReadRequest, opts ...grpc.CallOption) (Spanner_StreamingReadClient, error) + // Begins a new transaction. This step can often be skipped: + // [Read][google.spanner.v1.Spanner.Read], [ExecuteSql][google.spanner.v1.Spanner.ExecuteSql] and + // [Commit][google.spanner.v1.Spanner.Commit] can begin a new transaction as a + // side-effect. + BeginTransaction(ctx context.Context, in *BeginTransactionRequest, opts ...grpc.CallOption) (*Transaction, error) + // Commits a transaction. The request includes the mutations to be + // applied to rows in the database. + // + // `Commit` might return an `ABORTED` error. This can occur at any time; + // commonly, the cause is conflicts with concurrent + // transactions. However, it can also happen for a variety of other + // reasons. If `Commit` returns `ABORTED`, the caller should re-attempt + // the transaction from the beginning, re-using the same session. + Commit(ctx context.Context, in *CommitRequest, opts ...grpc.CallOption) (*CommitResponse, error) + // Rolls back a transaction, releasing any locks it holds. It is a good + // idea to call this for any transaction that includes one or more + // [Read][google.spanner.v1.Spanner.Read] or [ExecuteSql][google.spanner.v1.Spanner.ExecuteSql] requests and + // ultimately decides not to commit. + // + // `Rollback` returns `OK` if it successfully aborts the transaction, the + // transaction was already aborted, or the transaction is not + // found. `Rollback` never returns `ABORTED`. + Rollback(ctx context.Context, in *RollbackRequest, opts ...grpc.CallOption) (*google_protobuf4.Empty, error) +} + +type spannerClient struct { + cc *grpc.ClientConn +} + +func NewSpannerClient(cc *grpc.ClientConn) SpannerClient { + return &spannerClient{cc} +} + +func (c *spannerClient) CreateSession(ctx context.Context, in *CreateSessionRequest, opts ...grpc.CallOption) (*Session, error) { + out := new(Session) + err := grpc.Invoke(ctx, "/google.spanner.v1.Spanner/CreateSession", in, out, c.cc, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *spannerClient) GetSession(ctx context.Context, in *GetSessionRequest, opts ...grpc.CallOption) (*Session, error) { + out := new(Session) + err := grpc.Invoke(ctx, "/google.spanner.v1.Spanner/GetSession", in, out, c.cc, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *spannerClient) ListSessions(ctx context.Context, in *ListSessionsRequest, opts ...grpc.CallOption) (*ListSessionsResponse, error) { + out := new(ListSessionsResponse) + err := grpc.Invoke(ctx, "/google.spanner.v1.Spanner/ListSessions", in, out, c.cc, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *spannerClient) DeleteSession(ctx context.Context, in *DeleteSessionRequest, opts ...grpc.CallOption) (*google_protobuf4.Empty, error) { + out := new(google_protobuf4.Empty) + err := grpc.Invoke(ctx, "/google.spanner.v1.Spanner/DeleteSession", in, out, c.cc, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *spannerClient) ExecuteSql(ctx context.Context, in *ExecuteSqlRequest, opts ...grpc.CallOption) (*ResultSet, error) { + out := new(ResultSet) + err := grpc.Invoke(ctx, "/google.spanner.v1.Spanner/ExecuteSql", in, out, c.cc, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *spannerClient) ExecuteStreamingSql(ctx context.Context, in *ExecuteSqlRequest, opts ...grpc.CallOption) (Spanner_ExecuteStreamingSqlClient, error) { + stream, err := grpc.NewClientStream(ctx, &_Spanner_serviceDesc.Streams[0], c.cc, "/google.spanner.v1.Spanner/ExecuteStreamingSql", opts...) + if err != nil { + return nil, err + } + x := &spannerExecuteStreamingSqlClient{stream} + if err := x.ClientStream.SendMsg(in); err != nil { + return nil, err + } + if err := x.ClientStream.CloseSend(); err != nil { + return nil, err + } + return x, nil +} + +type Spanner_ExecuteStreamingSqlClient interface { + Recv() (*PartialResultSet, error) + grpc.ClientStream +} + +type spannerExecuteStreamingSqlClient struct { + grpc.ClientStream +} + +func (x *spannerExecuteStreamingSqlClient) Recv() (*PartialResultSet, error) { + m := new(PartialResultSet) + if err := x.ClientStream.RecvMsg(m); err != nil { + return nil, err + } + return m, nil +} + +func (c *spannerClient) Read(ctx context.Context, in *ReadRequest, opts ...grpc.CallOption) (*ResultSet, error) { + out := new(ResultSet) + err := grpc.Invoke(ctx, "/google.spanner.v1.Spanner/Read", in, out, c.cc, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *spannerClient) StreamingRead(ctx context.Context, in *ReadRequest, opts ...grpc.CallOption) (Spanner_StreamingReadClient, error) { + stream, err := grpc.NewClientStream(ctx, &_Spanner_serviceDesc.Streams[1], c.cc, "/google.spanner.v1.Spanner/StreamingRead", opts...) + if err != nil { + return nil, err + } + x := &spannerStreamingReadClient{stream} + if err := x.ClientStream.SendMsg(in); err != nil { + return nil, err + } + if err := x.ClientStream.CloseSend(); err != nil { + return nil, err + } + return x, nil +} + +type Spanner_StreamingReadClient interface { + Recv() (*PartialResultSet, error) + grpc.ClientStream +} + +type spannerStreamingReadClient struct { + grpc.ClientStream +} + +func (x *spannerStreamingReadClient) Recv() (*PartialResultSet, error) { + m := new(PartialResultSet) + if err := x.ClientStream.RecvMsg(m); err != nil { + return nil, err + } + return m, nil +} + +func (c *spannerClient) BeginTransaction(ctx context.Context, in *BeginTransactionRequest, opts ...grpc.CallOption) (*Transaction, error) { + out := new(Transaction) + err := grpc.Invoke(ctx, "/google.spanner.v1.Spanner/BeginTransaction", in, out, c.cc, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *spannerClient) Commit(ctx context.Context, in *CommitRequest, opts ...grpc.CallOption) (*CommitResponse, error) { + out := new(CommitResponse) + err := grpc.Invoke(ctx, "/google.spanner.v1.Spanner/Commit", in, out, c.cc, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *spannerClient) Rollback(ctx context.Context, in *RollbackRequest, opts ...grpc.CallOption) (*google_protobuf4.Empty, error) { + out := new(google_protobuf4.Empty) + err := grpc.Invoke(ctx, "/google.spanner.v1.Spanner/Rollback", in, out, c.cc, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +// Server API for Spanner service + +type SpannerServer interface { + // Creates a new session. A session can be used to perform + // transactions that read and/or modify data in a Cloud Spanner database. + // Sessions are meant to be reused for many consecutive + // transactions. + // + // Sessions can only execute one transaction at a time. To execute + // multiple concurrent read-write/write-only transactions, create + // multiple sessions. Note that standalone reads and queries use a + // transaction internally, and count toward the one transaction + // limit. + // + // Cloud Spanner limits the number of sessions that can exist at any given + // time; thus, it is a good idea to delete idle and/or unneeded sessions. + // Aside from explicit deletes, Cloud Spanner can delete sessions for which no + // operations are sent for more than an hour. If a session is deleted, + // requests to it return `NOT_FOUND`. + // + // Idle sessions can be kept alive by sending a trivial SQL query + // periodically, e.g., `"SELECT 1"`. + CreateSession(context.Context, *CreateSessionRequest) (*Session, error) + // Gets a session. Returns `NOT_FOUND` if the session does not exist. + // This is mainly useful for determining whether a session is still + // alive. + GetSession(context.Context, *GetSessionRequest) (*Session, error) + // Lists all sessions in a given database. + ListSessions(context.Context, *ListSessionsRequest) (*ListSessionsResponse, error) + // Ends a session, releasing server resources associated with it. + DeleteSession(context.Context, *DeleteSessionRequest) (*google_protobuf4.Empty, error) + // Executes an SQL query, returning all rows in a single reply. This + // method cannot be used to return a result set larger than 10 MiB; + // if the query yields more data than that, the query fails with + // a `FAILED_PRECONDITION` error. + // + // Queries inside read-write transactions might return `ABORTED`. If + // this occurs, the application should restart the transaction from + // the beginning. See [Transaction][google.spanner.v1.Transaction] for more details. + // + // Larger result sets can be fetched in streaming fashion by calling + // [ExecuteStreamingSql][google.spanner.v1.Spanner.ExecuteStreamingSql] instead. + ExecuteSql(context.Context, *ExecuteSqlRequest) (*ResultSet, error) + // Like [ExecuteSql][google.spanner.v1.Spanner.ExecuteSql], except returns the result + // set as a stream. Unlike [ExecuteSql][google.spanner.v1.Spanner.ExecuteSql], there + // is no limit on the size of the returned result set. However, no + // individual row in the result set can exceed 100 MiB, and no + // column value can exceed 10 MiB. + ExecuteStreamingSql(*ExecuteSqlRequest, Spanner_ExecuteStreamingSqlServer) error + // Reads rows from the database using key lookups and scans, as a + // simple key/value style alternative to + // [ExecuteSql][google.spanner.v1.Spanner.ExecuteSql]. This method cannot be used to + // return a result set larger than 10 MiB; if the read matches more + // data than that, the read fails with a `FAILED_PRECONDITION` + // error. + // + // Reads inside read-write transactions might return `ABORTED`. If + // this occurs, the application should restart the transaction from + // the beginning. See [Transaction][google.spanner.v1.Transaction] for more details. + // + // Larger result sets can be yielded in streaming fashion by calling + // [StreamingRead][google.spanner.v1.Spanner.StreamingRead] instead. + Read(context.Context, *ReadRequest) (*ResultSet, error) + // Like [Read][google.spanner.v1.Spanner.Read], except returns the result set as a + // stream. Unlike [Read][google.spanner.v1.Spanner.Read], there is no limit on the + // size of the returned result set. However, no individual row in + // the result set can exceed 100 MiB, and no column value can exceed + // 10 MiB. + StreamingRead(*ReadRequest, Spanner_StreamingReadServer) error + // Begins a new transaction. This step can often be skipped: + // [Read][google.spanner.v1.Spanner.Read], [ExecuteSql][google.spanner.v1.Spanner.ExecuteSql] and + // [Commit][google.spanner.v1.Spanner.Commit] can begin a new transaction as a + // side-effect. + BeginTransaction(context.Context, *BeginTransactionRequest) (*Transaction, error) + // Commits a transaction. The request includes the mutations to be + // applied to rows in the database. + // + // `Commit` might return an `ABORTED` error. This can occur at any time; + // commonly, the cause is conflicts with concurrent + // transactions. However, it can also happen for a variety of other + // reasons. If `Commit` returns `ABORTED`, the caller should re-attempt + // the transaction from the beginning, re-using the same session. + Commit(context.Context, *CommitRequest) (*CommitResponse, error) + // Rolls back a transaction, releasing any locks it holds. It is a good + // idea to call this for any transaction that includes one or more + // [Read][google.spanner.v1.Spanner.Read] or [ExecuteSql][google.spanner.v1.Spanner.ExecuteSql] requests and + // ultimately decides not to commit. + // + // `Rollback` returns `OK` if it successfully aborts the transaction, the + // transaction was already aborted, or the transaction is not + // found. `Rollback` never returns `ABORTED`. + Rollback(context.Context, *RollbackRequest) (*google_protobuf4.Empty, error) +} + +func RegisterSpannerServer(s *grpc.Server, srv SpannerServer) { + s.RegisterService(&_Spanner_serviceDesc, srv) +} + +func _Spanner_CreateSession_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(CreateSessionRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(SpannerServer).CreateSession(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/google.spanner.v1.Spanner/CreateSession", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(SpannerServer).CreateSession(ctx, req.(*CreateSessionRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _Spanner_GetSession_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(GetSessionRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(SpannerServer).GetSession(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/google.spanner.v1.Spanner/GetSession", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(SpannerServer).GetSession(ctx, req.(*GetSessionRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _Spanner_ListSessions_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(ListSessionsRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(SpannerServer).ListSessions(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/google.spanner.v1.Spanner/ListSessions", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(SpannerServer).ListSessions(ctx, req.(*ListSessionsRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _Spanner_DeleteSession_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(DeleteSessionRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(SpannerServer).DeleteSession(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/google.spanner.v1.Spanner/DeleteSession", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(SpannerServer).DeleteSession(ctx, req.(*DeleteSessionRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _Spanner_ExecuteSql_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(ExecuteSqlRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(SpannerServer).ExecuteSql(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/google.spanner.v1.Spanner/ExecuteSql", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(SpannerServer).ExecuteSql(ctx, req.(*ExecuteSqlRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _Spanner_ExecuteStreamingSql_Handler(srv interface{}, stream grpc.ServerStream) error { + m := new(ExecuteSqlRequest) + if err := stream.RecvMsg(m); err != nil { + return err + } + return srv.(SpannerServer).ExecuteStreamingSql(m, &spannerExecuteStreamingSqlServer{stream}) +} + +type Spanner_ExecuteStreamingSqlServer interface { + Send(*PartialResultSet) error + grpc.ServerStream +} + +type spannerExecuteStreamingSqlServer struct { + grpc.ServerStream +} + +func (x *spannerExecuteStreamingSqlServer) Send(m *PartialResultSet) error { + return x.ServerStream.SendMsg(m) +} + +func _Spanner_Read_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(ReadRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(SpannerServer).Read(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/google.spanner.v1.Spanner/Read", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(SpannerServer).Read(ctx, req.(*ReadRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _Spanner_StreamingRead_Handler(srv interface{}, stream grpc.ServerStream) error { + m := new(ReadRequest) + if err := stream.RecvMsg(m); err != nil { + return err + } + return srv.(SpannerServer).StreamingRead(m, &spannerStreamingReadServer{stream}) +} + +type Spanner_StreamingReadServer interface { + Send(*PartialResultSet) error + grpc.ServerStream +} + +type spannerStreamingReadServer struct { + grpc.ServerStream +} + +func (x *spannerStreamingReadServer) Send(m *PartialResultSet) error { + return x.ServerStream.SendMsg(m) +} + +func _Spanner_BeginTransaction_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(BeginTransactionRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(SpannerServer).BeginTransaction(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/google.spanner.v1.Spanner/BeginTransaction", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(SpannerServer).BeginTransaction(ctx, req.(*BeginTransactionRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _Spanner_Commit_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(CommitRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(SpannerServer).Commit(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/google.spanner.v1.Spanner/Commit", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(SpannerServer).Commit(ctx, req.(*CommitRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _Spanner_Rollback_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(RollbackRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(SpannerServer).Rollback(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/google.spanner.v1.Spanner/Rollback", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(SpannerServer).Rollback(ctx, req.(*RollbackRequest)) + } + return interceptor(ctx, in, info, handler) +} + +var _Spanner_serviceDesc = grpc.ServiceDesc{ + ServiceName: "google.spanner.v1.Spanner", + HandlerType: (*SpannerServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "CreateSession", + Handler: _Spanner_CreateSession_Handler, + }, + { + MethodName: "GetSession", + Handler: _Spanner_GetSession_Handler, + }, + { + MethodName: "ListSessions", + Handler: _Spanner_ListSessions_Handler, + }, + { + MethodName: "DeleteSession", + Handler: _Spanner_DeleteSession_Handler, + }, + { + MethodName: "ExecuteSql", + Handler: _Spanner_ExecuteSql_Handler, + }, + { + MethodName: "Read", + Handler: _Spanner_Read_Handler, + }, + { + MethodName: "BeginTransaction", + Handler: _Spanner_BeginTransaction_Handler, + }, + { + MethodName: "Commit", + Handler: _Spanner_Commit_Handler, + }, + { + MethodName: "Rollback", + Handler: _Spanner_Rollback_Handler, + }, + }, + Streams: []grpc.StreamDesc{ + { + StreamName: "ExecuteStreamingSql", + Handler: _Spanner_ExecuteStreamingSql_Handler, + ServerStreams: true, + }, + { + StreamName: "StreamingRead", + Handler: _Spanner_StreamingRead_Handler, + ServerStreams: true, + }, + }, + Metadata: "google/spanner/v1/spanner.proto", +} + +func init() { proto.RegisterFile("google/spanner/v1/spanner.proto", fileDescriptor4) } + +var fileDescriptor4 = []byte{ + // 1416 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x57, 0x4f, 0x6f, 0x13, 0x47, + 0x14, 0x67, 0x9d, 0xc4, 0x89, 0x9f, 0xf3, 0x8f, 0x21, 0x0d, 0xc6, 0x50, 0x30, 0x4b, 0x21, 0x91, + 0xa5, 0xda, 0x4d, 0x8a, 0x2a, 0x30, 0x6d, 0x81, 0x80, 0x81, 0x08, 0x87, 0x98, 0x75, 0x00, 0x09, + 0x51, 0x59, 0x63, 0x7b, 0x70, 0xb7, 0xd9, 0x7f, 0xd9, 0x19, 0x47, 0x31, 0x15, 0x97, 0x4a, 0x3d, + 0xf5, 0xd2, 0x52, 0x55, 0x3d, 0xb4, 0xb7, 0xf6, 0x54, 0x71, 0xef, 0xad, 0x1f, 0xa0, 0xd7, 0x7e, + 0x85, 0x7e, 0x8b, 0x5e, 0xaa, 0xf9, 0xe7, 0x6c, 0xec, 0xc5, 0x09, 0x72, 0xd5, 0x93, 0x67, 0xe6, + 0xbd, 0x79, 0xef, 0xb7, 0xbf, 0xf7, 0x66, 0x7e, 0x63, 0x38, 0xd7, 0xf6, 0xfd, 0xb6, 0x43, 0x8a, + 0x34, 0xc0, 0x9e, 0x47, 0xc2, 0xe2, 0xee, 0x8a, 0x1e, 0x16, 0x82, 0xd0, 0x67, 0x3e, 0x3a, 0x2e, + 0x1d, 0x0a, 0x7a, 0x75, 0x77, 0x25, 0x7b, 0x46, 0xed, 0xc1, 0x81, 0x5d, 0xc4, 0x9e, 0xe7, 0x33, + 0xcc, 0x6c, 0xdf, 0xa3, 0x72, 0x43, 0xf6, 0xb4, 0xb2, 0x8a, 0x59, 0xa3, 0xf3, 0xbc, 0x48, 0xdc, + 0x80, 0x75, 0x95, 0xf1, 0x4c, 0xbf, 0x91, 0xb2, 0xb0, 0xd3, 0x64, 0xca, 0x7a, 0xae, 0xdf, 0xca, + 0x6c, 0x97, 0x50, 0x86, 0xdd, 0xa0, 0x6f, 0x7b, 0x04, 0xed, 0x36, 0xe9, 0xea, 0xcc, 0xb9, 0x41, + 0xab, 0xdb, 0x91, 0xe0, 0x94, 0x87, 0x39, 0xe8, 0x11, 0x12, 0xda, 0x71, 0x58, 0x9d, 0x12, 0x0d, + 0xe2, 0xc2, 0xa0, 0x0f, 0x0b, 0xb1, 0x47, 0x71, 0x33, 0x12, 0x28, 0x06, 0x08, 0xeb, 0x06, 0x44, + 0x5a, 0xcd, 0xcf, 0x61, 0xe1, 0x56, 0x48, 0x30, 0x23, 0x35, 0x42, 0xa9, 0xed, 0x7b, 0x16, 0xd9, + 0xe9, 0x10, 0xca, 0x50, 0x16, 0xa6, 0x5a, 0x98, 0xe1, 0x06, 0xa6, 0x24, 0x63, 0xe4, 0x8c, 0xe5, + 0x94, 0xd5, 0x9b, 0xa3, 0xcb, 0x30, 0x49, 0xa5, 0x77, 0x26, 0x91, 0x33, 0x96, 0xd3, 0xab, 0xd9, + 0xc2, 0x00, 0xf3, 0x05, 0x1d, 0x4f, 0xbb, 0x9a, 0xaf, 0x13, 0x30, 0xa9, 0x16, 0x11, 0x82, 0x71, + 0x0f, 0xbb, 0x3a, 0xb2, 0x18, 0xa3, 0x4f, 0x21, 0xe9, 0xe0, 0x06, 0x71, 0x68, 0x26, 0x91, 0x1b, + 0x5b, 0x4e, 0xaf, 0x5e, 0x7a, 0x73, 0xd0, 0x42, 0x45, 0x38, 0x96, 0x3d, 0x16, 0x76, 0x2d, 0xb5, + 0x0b, 0x5d, 0x83, 0x74, 0x53, 0x7c, 0x49, 0x9d, 0x97, 0x22, 0x33, 0x76, 0x10, 0x99, 0xae, 0x53, + 0x61, 0x4b, 0xd7, 0xc9, 0x02, 0xe9, 0xce, 0x17, 0xd0, 0x23, 0x38, 0x85, 0x83, 0x20, 0xf4, 0xf7, + 0x6c, 0x97, 0x47, 0x70, 0x30, 0x65, 0xf5, 0x0e, 0x55, 0xa1, 0xc6, 0x0f, 0x0d, 0xb5, 0x18, 0xd9, + 0x5c, 0xc1, 0x94, 0x3d, 0xa2, 0x22, 0x6c, 0xf6, 0x2a, 0xa4, 0x23, 0x50, 0xd1, 0x3c, 0x8c, 0x6d, + 0x93, 0xae, 0xfa, 0x6a, 0x3e, 0x44, 0x0b, 0x30, 0xb1, 0x8b, 0x9d, 0x0e, 0x11, 0x44, 0xa6, 0x2c, + 0x39, 0x29, 0x25, 0xae, 0x18, 0xe6, 0x12, 0x1c, 0xbf, 0x4b, 0x58, 0x5f, 0x55, 0x62, 0x78, 0x33, + 0xbf, 0x36, 0xe0, 0x44, 0xc5, 0xa6, 0xda, 0x95, 0x1e, 0xa5, 0x82, 0xa7, 0x21, 0x15, 0xe0, 0x36, + 0xa9, 0x53, 0xfb, 0x85, 0x4c, 0x3d, 0x61, 0x4d, 0xf1, 0x85, 0x9a, 0xfd, 0x82, 0xa0, 0x77, 0x01, + 0x84, 0x91, 0xf9, 0xdb, 0xc4, 0x13, 0x3c, 0xa6, 0x2c, 0xe1, 0xbe, 0xc5, 0x17, 0xd0, 0x22, 0x24, + 0x9f, 0xdb, 0x0e, 0x23, 0xa1, 0xe0, 0x25, 0x65, 0xa9, 0x99, 0xb9, 0x0b, 0x0b, 0x07, 0x61, 0xd0, + 0xc0, 0xf7, 0x28, 0x41, 0x1f, 0xc1, 0x94, 0x6a, 0x01, 0x9a, 0x31, 0x44, 0x65, 0x87, 0xb5, 0x4b, + 0xcf, 0x17, 0x5d, 0x82, 0x39, 0x8f, 0xec, 0xb1, 0x7a, 0x04, 0x8b, 0x24, 0x69, 0x86, 0x2f, 0x57, + 0x35, 0x1e, 0x33, 0x0f, 0x0b, 0xb7, 0x89, 0x43, 0x06, 0x3a, 0x38, 0x8e, 0xab, 0x6f, 0xc6, 0xe1, + 0x78, 0x79, 0x8f, 0x34, 0x3b, 0x8c, 0xd4, 0x76, 0x1c, 0xed, 0x99, 0xd9, 0xef, 0x67, 0xe9, 0xac, + 0xa7, 0xe8, 0x1e, 0xa4, 0x23, 0x07, 0x4a, 0x75, 0x7b, 0x5c, 0x63, 0x6e, 0xed, 0x7b, 0xd5, 0x88, + 0x43, 0x9a, 0xcc, 0x0f, 0xad, 0xe8, 0x56, 0x5e, 0x7a, 0xba, 0xe3, 0x28, 0x36, 0xf9, 0x10, 0x15, + 0x21, 0x19, 0xe0, 0x10, 0xbb, 0x54, 0xf5, 0xd7, 0xc9, 0x81, 0xfe, 0xaa, 0x89, 0x0b, 0xc7, 0x52, + 0x6e, 0xe8, 0x11, 0xa4, 0xc5, 0xa8, 0xce, 0x8f, 0x2f, 0xcd, 0x4c, 0x08, 0x2e, 0x2f, 0xc7, 0x80, + 0x19, 0xf8, 0xc2, 0x42, 0x95, 0xef, 0xdb, 0xe2, 0xdb, 0xe4, 0x99, 0x81, 0xa0, 0xb7, 0x80, 0xce, + 0xc3, 0x34, 0xbf, 0x58, 0x5c, 0x4d, 0x72, 0x32, 0x67, 0x2c, 0x4f, 0x5b, 0x69, 0xb9, 0x26, 0x4b, + 0xbe, 0x01, 0xb0, 0xd3, 0x21, 0x61, 0xb7, 0xee, 0xfa, 0x2d, 0x92, 0x99, 0xcc, 0x19, 0xcb, 0xb3, + 0xab, 0x85, 0x23, 0x25, 0x7e, 0xc8, 0xb7, 0x6d, 0xf8, 0x2d, 0x62, 0xa5, 0x76, 0xf4, 0x30, 0xfb, + 0x18, 0xe6, 0xfa, 0x00, 0xc5, 0x9c, 0x8c, 0xf7, 0xa3, 0x27, 0x23, 0xc2, 0x4e, 0x94, 0xf4, 0x6e, + 0x40, 0xa2, 0x47, 0xa6, 0x00, 0xa9, 0x5e, 0x3e, 0x04, 0x90, 0x7c, 0xb0, 0x69, 0x6d, 0xdc, 0xac, + 0xcc, 0x1f, 0x43, 0x53, 0x30, 0x5e, 0xad, 0xdc, 0x7c, 0x30, 0x6f, 0xa0, 0x34, 0x4c, 0x56, 0xad, + 0xcd, 0x3b, 0xeb, 0x95, 0xf2, 0x7c, 0xc2, 0xfc, 0x35, 0x01, 0x69, 0x8b, 0xe0, 0xd6, 0xff, 0xd9, + 0x07, 0x0b, 0x30, 0xc1, 0x70, 0xc3, 0x21, 0xaa, 0x13, 0xe4, 0x84, 0xaf, 0xda, 0x5e, 0x8b, 0xec, + 0xa9, 0x23, 0x25, 0x27, 0x1c, 0x4f, 0xd3, 0x77, 0x3a, 0xae, 0x27, 0x8b, 0x9d, 0xb2, 0xf4, 0x14, + 0xad, 0xc2, 0xe4, 0x36, 0xe9, 0x72, 0x25, 0x10, 0xe5, 0x4a, 0xaf, 0x9e, 0x8a, 0xc1, 0x72, 0x9f, + 0x74, 0x6b, 0x84, 0x59, 0xc9, 0x6d, 0xf1, 0xcb, 0x73, 0x38, 0xb6, 0x6b, 0xb3, 0xcc, 0x54, 0xce, + 0x58, 0x1e, 0xb3, 0xe4, 0x64, 0xa0, 0xfa, 0xa9, 0x81, 0xea, 0x9b, 0x0c, 0x4e, 0xae, 0x91, 0xb6, + 0xed, 0x45, 0xbe, 0xed, 0x70, 0xc6, 0xae, 0xc3, 0xa4, 0x1f, 0x08, 0xad, 0x55, 0x6c, 0x5d, 0x1c, + 0xce, 0xd6, 0xa6, 0x74, 0xb6, 0xf4, 0x2e, 0xf3, 0x1f, 0x03, 0x66, 0x6e, 0xf9, 0xae, 0x6b, 0xb3, + 0xc3, 0x93, 0x2d, 0xc1, 0x6c, 0x84, 0xe3, 0xba, 0xdd, 0x12, 0x39, 0xa7, 0xef, 0x1d, 0xb3, 0x66, + 0x22, 0xeb, 0xeb, 0x2d, 0xf4, 0x19, 0x2c, 0x52, 0xdb, 0x6b, 0x3b, 0x44, 0x5e, 0xee, 0x91, 0x92, + 0x8e, 0xbd, 0x05, 0xc8, 0x7b, 0xc7, 0xac, 0x05, 0x19, 0x86, 0xdf, 0xf3, 0x91, 0xe2, 0x5e, 0x85, + 0x94, 0x56, 0x71, 0x7e, 0xaa, 0xf9, 0xf9, 0x3c, 0x1d, 0x13, 0x71, 0x43, 0xf9, 0x58, 0xfb, 0xde, + 0x6b, 0x33, 0x07, 0x3a, 0xcc, 0x7c, 0x02, 0xb3, 0xfa, 0xe3, 0xd5, 0x35, 0x5a, 0x86, 0xf9, 0xa6, + 0x58, 0xa9, 0xf7, 0x5e, 0x1a, 0x82, 0x86, 0xe1, 0xc2, 0x34, 0x27, 0xf7, 0xf4, 0x16, 0x4c, 0x0b, + 0xe6, 0x2c, 0xdf, 0x71, 0x1a, 0xb8, 0xb9, 0x7d, 0x38, 0xaf, 0x17, 0xe3, 0x79, 0xed, 0x63, 0x75, + 0xf5, 0xd5, 0x2c, 0x4c, 0xd6, 0xe4, 0xe7, 0xa1, 0x9f, 0x78, 0xd9, 0xa2, 0x0f, 0x0a, 0xb4, 0x14, + 0xc3, 0x40, 0xdc, 0x93, 0x23, 0x3b, 0x44, 0x16, 0xcc, 0xf2, 0x57, 0x7f, 0xfd, 0xfd, 0x7d, 0xe2, + 0xba, 0x59, 0xe2, 0xcf, 0x97, 0x2f, 0xb5, 0x8e, 0x7d, 0x12, 0x84, 0xfe, 0x17, 0xa4, 0xc9, 0x68, + 0x31, 0x5f, 0xb4, 0x3d, 0xca, 0xb0, 0xd7, 0x24, 0x7c, 0xac, 0xed, 0xb4, 0x98, 0x7f, 0x59, 0xd4, + 0x82, 0x52, 0x32, 0xf2, 0xe8, 0x5b, 0x03, 0x60, 0x5f, 0x55, 0xd1, 0x7b, 0x31, 0x19, 0x07, 0x44, + 0x77, 0x28, 0xae, 0x1b, 0x02, 0x57, 0x09, 0x5d, 0x11, 0xb8, 0xb8, 0xc6, 0x1c, 0x01, 0x53, 0x0f, + 0x52, 0x31, 0xff, 0x12, 0xfd, 0x62, 0xc0, 0x74, 0x54, 0x37, 0x51, 0xdc, 0xb5, 0x12, 0xa3, 0xef, + 0xd9, 0xa5, 0x43, 0xfd, 0x64, 0xe7, 0x98, 0x6b, 0x02, 0xe3, 0xc7, 0x68, 0x04, 0xee, 0xd0, 0x2b, + 0x03, 0x66, 0x0e, 0xa8, 0x6c, 0x6c, 0x59, 0xe3, 0x74, 0x38, 0xbb, 0x38, 0xd0, 0x9e, 0x65, 0xfe, + 0xca, 0xd6, 0xd4, 0xe5, 0x47, 0xa2, 0x0e, 0xf6, 0x25, 0x27, 0xb6, 0x9a, 0x03, 0x8a, 0x94, 0x3d, + 0x13, 0xe3, 0x65, 0x89, 0x87, 0x75, 0x8d, 0x30, 0xf3, 0xa1, 0x00, 0x75, 0xdf, 0xbc, 0x23, 0x40, + 0xa9, 0x64, 0x6f, 0x89, 0xab, 0x44, 0x7a, 0x49, 0x79, 0xcf, 0xfd, 0x61, 0xc0, 0x09, 0x0d, 0x83, + 0x85, 0x04, 0xbb, 0xb6, 0xd7, 0x3e, 0x3a, 0xdc, 0x0b, 0x31, 0x5e, 0x55, 0x1c, 0x32, 0x1b, 0x3b, + 0xfb, 0xa8, 0x9f, 0x0a, 0xd4, 0x5b, 0xe6, 0xe6, 0x7f, 0x81, 0x3a, 0x82, 0xb1, 0x64, 0xe4, 0x3f, + 0x30, 0xd0, 0x77, 0x06, 0x8c, 0x73, 0x99, 0x44, 0x67, 0x63, 0xa9, 0xeb, 0xe9, 0xe7, 0x21, 0xd4, + 0xde, 0x17, 0x20, 0xcb, 0xe6, 0x8d, 0x51, 0x40, 0x86, 0x04, 0xb7, 0x38, 0xa9, 0xaf, 0x0d, 0x98, + 0xe9, 0x21, 0x3d, 0x12, 0xb8, 0x23, 0x11, 0xb9, 0x25, 0x30, 0x3e, 0x30, 0xd7, 0x47, 0xc1, 0x48, + 0xa3, 0xb8, 0x24, 0x85, 0xbf, 0x1b, 0x30, 0xdf, 0xaf, 0xa1, 0x28, 0x1f, 0x83, 0xe8, 0x0d, 0x42, + 0x9b, 0x3d, 0x3b, 0x5c, 0x98, 0xcc, 0x27, 0x02, 0xf8, 0x43, 0xb3, 0x32, 0x0a, 0xf0, 0x46, 0x5f, + 0x72, 0x4e, 0xf4, 0xcf, 0x06, 0x24, 0xa5, 0x12, 0xa1, 0x5c, 0xdc, 0x45, 0x1e, 0x55, 0xe8, 0xec, + 0xf9, 0x21, 0x1e, 0xea, 0x32, 0xda, 0x10, 0x40, 0xef, 0x9a, 0x6b, 0xa3, 0x00, 0x95, 0xa2, 0xc6, + 0xe1, 0xfd, 0x68, 0xc0, 0x94, 0xd6, 0x33, 0x64, 0xc6, 0xb5, 0xc0, 0x41, 0xb1, 0x7b, 0xe3, 0x6d, + 0xb4, 0x29, 0x70, 0xad, 0x9b, 0xb7, 0x47, 0xea, 0x4e, 0x95, 0xac, 0x64, 0xe4, 0xd7, 0x7e, 0x30, + 0xe0, 0x9d, 0xa6, 0xef, 0x0e, 0x42, 0x5a, 0x9b, 0x56, 0x5a, 0x59, 0xe5, 0x08, 0xaa, 0xc6, 0xd3, + 0x2b, 0xca, 0xa5, 0xed, 0x3b, 0xd8, 0x6b, 0x17, 0xfc, 0xb0, 0x5d, 0x6c, 0x13, 0x4f, 0xe0, 0x2b, + 0x4a, 0x13, 0x0e, 0x6c, 0x1a, 0xf9, 0xff, 0x7e, 0x4d, 0x0d, 0x7f, 0x4b, 0x9c, 0xbc, 0x2b, 0xb7, + 0xde, 0x72, 0xfc, 0x4e, 0xab, 0xa0, 0xe2, 0x16, 0x1e, 0xaf, 0xfc, 0xa9, 0x2d, 0xcf, 0x84, 0xe5, + 0x99, 0xb2, 0x3c, 0x7b, 0xbc, 0xd2, 0x48, 0x8a, 0xc0, 0x1f, 0xfe, 0x1b, 0x00, 0x00, 0xff, 0xff, + 0x57, 0x35, 0x15, 0x7f, 0x4e, 0x11, 0x00, 0x00, +} diff --git a/vendor/google.golang.org/genproto/googleapis/spanner/v1/transaction.pb.go b/vendor/google.golang.org/genproto/googleapis/spanner/v1/transaction.pb.go new file mode 100644 index 000000000000..f63797d3697b --- /dev/null +++ b/vendor/google.golang.org/genproto/googleapis/spanner/v1/transaction.pb.go @@ -0,0 +1,835 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// source: google/spanner/v1/transaction.proto + +package spanner + +import proto "github.com/golang/protobuf/proto" +import fmt "fmt" +import math "math" +import _ "google.golang.org/genproto/googleapis/api/annotations" +import google_protobuf2 "github.com/golang/protobuf/ptypes/duration" +import google_protobuf3 "github.com/golang/protobuf/ptypes/timestamp" + +// Reference imports to suppress errors if they are not otherwise used. +var _ = proto.Marshal +var _ = fmt.Errorf +var _ = math.Inf + +// # Transactions +// +// +// Each session can have at most one active transaction at a time. After the +// active transaction is completed, the session can immediately be +// re-used for the next transaction. It is not necessary to create a +// new session for each transaction. +// +// # Transaction Modes +// +// Cloud Spanner supports two transaction modes: +// +// 1. Locking read-write. This type of transaction is the only way +// to write data into Cloud Spanner. These transactions rely on +// pessimistic locking and, if necessary, two-phase commit. +// Locking read-write transactions may abort, requiring the +// application to retry. +// +// 2. Snapshot read-only. This transaction type provides guaranteed +// consistency across several reads, but does not allow +// writes. Snapshot read-only transactions can be configured to +// read at timestamps in the past. Snapshot read-only +// transactions do not need to be committed. +// +// For transactions that only read, snapshot read-only transactions +// provide simpler semantics and are almost always faster. In +// particular, read-only transactions do not take locks, so they do +// not conflict with read-write transactions. As a consequence of not +// taking locks, they also do not abort, so retry loops are not needed. +// +// Transactions may only read/write data in a single database. They +// may, however, read/write data in different tables within that +// database. +// +// ## Locking Read-Write Transactions +// +// Locking transactions may be used to atomically read-modify-write +// data anywhere in a database. This type of transaction is externally +// consistent. +// +// Clients should attempt to minimize the amount of time a transaction +// is active. Faster transactions commit with higher probability +// and cause less contention. Cloud Spanner attempts to keep read locks +// active as long as the transaction continues to do reads, and the +// transaction has not been terminated by +// [Commit][google.spanner.v1.Spanner.Commit] or +// [Rollback][google.spanner.v1.Spanner.Rollback]. Long periods of +// inactivity at the client may cause Cloud Spanner to release a +// transaction's locks and abort it. +// +// Reads performed within a transaction acquire locks on the data +// being read. Writes can only be done at commit time, after all reads +// have been completed. +// Conceptually, a read-write transaction consists of zero or more +// reads or SQL queries followed by +// [Commit][google.spanner.v1.Spanner.Commit]. At any time before +// [Commit][google.spanner.v1.Spanner.Commit], the client can send a +// [Rollback][google.spanner.v1.Spanner.Rollback] request to abort the +// transaction. +// +// ### Semantics +// +// Cloud Spanner can commit the transaction if all read locks it acquired +// are still valid at commit time, and it is able to acquire write +// locks for all writes. Cloud Spanner can abort the transaction for any +// reason. If a commit attempt returns `ABORTED`, Cloud Spanner guarantees +// that the transaction has not modified any user data in Cloud Spanner. +// +// Unless the transaction commits, Cloud Spanner makes no guarantees about +// how long the transaction's locks were held for. It is an error to +// use Cloud Spanner locks for any sort of mutual exclusion other than +// between Cloud Spanner transactions themselves. +// +// ### Retrying Aborted Transactions +// +// When a transaction aborts, the application can choose to retry the +// whole transaction again. To maximize the chances of successfully +// committing the retry, the client should execute the retry in the +// same session as the original attempt. The original session's lock +// priority increases with each consecutive abort, meaning that each +// attempt has a slightly better chance of success than the previous. +// +// Under some circumstances (e.g., many transactions attempting to +// modify the same row(s)), a transaction can abort many times in a +// short period before successfully committing. Thus, it is not a good +// idea to cap the number of retries a transaction can attempt; +// instead, it is better to limit the total amount of wall time spent +// retrying. +// +// ### Idle Transactions +// +// A transaction is considered idle if it has no outstanding reads or +// SQL queries and has not started a read or SQL query within the last 10 +// seconds. Idle transactions can be aborted by Cloud Spanner so that they +// don't hold on to locks indefinitely. In that case, the commit will +// fail with error `ABORTED`. +// +// If this behavior is undesirable, periodically executing a simple +// SQL query in the transaction (e.g., `SELECT 1`) prevents the +// transaction from becoming idle. +// +// ## Snapshot Read-Only Transactions +// +// Snapshot read-only transactions provides a simpler method than +// locking read-write transactions for doing several consistent +// reads. However, this type of transaction does not support writes. +// +// Snapshot transactions do not take locks. Instead, they work by +// choosing a Cloud Spanner timestamp, then executing all reads at that +// timestamp. Since they do not acquire locks, they do not block +// concurrent read-write transactions. +// +// Unlike locking read-write transactions, snapshot read-only +// transactions never abort. They can fail if the chosen read +// timestamp is garbage collected; however, the default garbage +// collection policy is generous enough that most applications do not +// need to worry about this in practice. +// +// Snapshot read-only transactions do not need to call +// [Commit][google.spanner.v1.Spanner.Commit] or +// [Rollback][google.spanner.v1.Spanner.Rollback] (and in fact are not +// permitted to do so). +// +// To execute a snapshot transaction, the client specifies a timestamp +// bound, which tells Cloud Spanner how to choose a read timestamp. +// +// The types of timestamp bound are: +// +// - Strong (the default). +// - Bounded staleness. +// - Exact staleness. +// +// If the Cloud Spanner database to be read is geographically distributed, +// stale read-only transactions can execute more quickly than strong +// or read-write transaction, because they are able to execute far +// from the leader replica. +// +// Each type of timestamp bound is discussed in detail below. +// +// ### Strong +// +// Strong reads are guaranteed to see the effects of all transactions +// that have committed before the start of the read. Furthermore, all +// rows yielded by a single read are consistent with each other -- if +// any part of the read observes a transaction, all parts of the read +// see the transaction. +// +// Strong reads are not repeatable: two consecutive strong read-only +// transactions might return inconsistent results if there are +// concurrent writes. If consistency across reads is required, the +// reads should be executed within a transaction or at an exact read +// timestamp. +// +// See [TransactionOptions.ReadOnly.strong][google.spanner.v1.TransactionOptions.ReadOnly.strong]. +// +// ### Exact Staleness +// +// These timestamp bounds execute reads at a user-specified +// timestamp. Reads at a timestamp are guaranteed to see a consistent +// prefix of the global transaction history: they observe +// modifications done by all transactions with a commit timestamp <= +// the read timestamp, and observe none of the modifications done by +// transactions with a larger commit timestamp. They will block until +// all conflicting transactions that may be assigned commit timestamps +// <= the read timestamp have finished. +// +// The timestamp can either be expressed as an absolute Cloud Spanner commit +// timestamp or a staleness relative to the current time. +// +// These modes do not require a "negotiation phase" to pick a +// timestamp. As a result, they execute slightly faster than the +// equivalent boundedly stale concurrency modes. On the other hand, +// boundedly stale reads usually return fresher results. +// +// See [TransactionOptions.ReadOnly.read_timestamp][google.spanner.v1.TransactionOptions.ReadOnly.read_timestamp] and +// [TransactionOptions.ReadOnly.exact_staleness][google.spanner.v1.TransactionOptions.ReadOnly.exact_staleness]. +// +// ### Bounded Staleness +// +// Bounded staleness modes allow Cloud Spanner to pick the read timestamp, +// subject to a user-provided staleness bound. Cloud Spanner chooses the +// newest timestamp within the staleness bound that allows execution +// of the reads at the closest available replica without blocking. +// +// All rows yielded are consistent with each other -- if any part of +// the read observes a transaction, all parts of the read see the +// transaction. Boundedly stale reads are not repeatable: two stale +// reads, even if they use the same staleness bound, can execute at +// different timestamps and thus return inconsistent results. +// +// Boundedly stale reads execute in two phases: the first phase +// negotiates a timestamp among all replicas needed to serve the +// read. In the second phase, reads are executed at the negotiated +// timestamp. +// +// As a result of the two phase execution, bounded staleness reads are +// usually a little slower than comparable exact staleness +// reads. However, they are typically able to return fresher +// results, and are more likely to execute at the closest replica. +// +// Because the timestamp negotiation requires up-front knowledge of +// which rows will be read, it can only be used with single-use +// read-only transactions. +// +// See [TransactionOptions.ReadOnly.max_staleness][google.spanner.v1.TransactionOptions.ReadOnly.max_staleness] and +// [TransactionOptions.ReadOnly.min_read_timestamp][google.spanner.v1.TransactionOptions.ReadOnly.min_read_timestamp]. +// +// ### Old Read Timestamps and Garbage Collection +// +// Cloud Spanner continuously garbage collects deleted and overwritten data +// in the background to reclaim storage space. This process is known +// as "version GC". By default, version GC reclaims versions after they +// are one hour old. Because of this, Cloud Spanner cannot perform reads +// at read timestamps more than one hour in the past. This +// restriction also applies to in-progress reads and/or SQL queries whose +// timestamp become too old while executing. Reads and SQL queries with +// too-old read timestamps fail with the error `FAILED_PRECONDITION`. +type TransactionOptions struct { + // Required. The type of transaction. + // + // Types that are valid to be assigned to Mode: + // *TransactionOptions_ReadWrite_ + // *TransactionOptions_ReadOnly_ + Mode isTransactionOptions_Mode `protobuf_oneof:"mode"` +} + +func (m *TransactionOptions) Reset() { *m = TransactionOptions{} } +func (m *TransactionOptions) String() string { return proto.CompactTextString(m) } +func (*TransactionOptions) ProtoMessage() {} +func (*TransactionOptions) Descriptor() ([]byte, []int) { return fileDescriptor5, []int{0} } + +type isTransactionOptions_Mode interface { + isTransactionOptions_Mode() +} + +type TransactionOptions_ReadWrite_ struct { + ReadWrite *TransactionOptions_ReadWrite `protobuf:"bytes,1,opt,name=read_write,json=readWrite,oneof"` +} +type TransactionOptions_ReadOnly_ struct { + ReadOnly *TransactionOptions_ReadOnly `protobuf:"bytes,2,opt,name=read_only,json=readOnly,oneof"` +} + +func (*TransactionOptions_ReadWrite_) isTransactionOptions_Mode() {} +func (*TransactionOptions_ReadOnly_) isTransactionOptions_Mode() {} + +func (m *TransactionOptions) GetMode() isTransactionOptions_Mode { + if m != nil { + return m.Mode + } + return nil +} + +func (m *TransactionOptions) GetReadWrite() *TransactionOptions_ReadWrite { + if x, ok := m.GetMode().(*TransactionOptions_ReadWrite_); ok { + return x.ReadWrite + } + return nil +} + +func (m *TransactionOptions) GetReadOnly() *TransactionOptions_ReadOnly { + if x, ok := m.GetMode().(*TransactionOptions_ReadOnly_); ok { + return x.ReadOnly + } + return nil +} + +// XXX_OneofFuncs is for the internal use of the proto package. +func (*TransactionOptions) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{}) { + return _TransactionOptions_OneofMarshaler, _TransactionOptions_OneofUnmarshaler, _TransactionOptions_OneofSizer, []interface{}{ + (*TransactionOptions_ReadWrite_)(nil), + (*TransactionOptions_ReadOnly_)(nil), + } +} + +func _TransactionOptions_OneofMarshaler(msg proto.Message, b *proto.Buffer) error { + m := msg.(*TransactionOptions) + // mode + switch x := m.Mode.(type) { + case *TransactionOptions_ReadWrite_: + b.EncodeVarint(1<<3 | proto.WireBytes) + if err := b.EncodeMessage(x.ReadWrite); err != nil { + return err + } + case *TransactionOptions_ReadOnly_: + b.EncodeVarint(2<<3 | proto.WireBytes) + if err := b.EncodeMessage(x.ReadOnly); err != nil { + return err + } + case nil: + default: + return fmt.Errorf("TransactionOptions.Mode has unexpected type %T", x) + } + return nil +} + +func _TransactionOptions_OneofUnmarshaler(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error) { + m := msg.(*TransactionOptions) + switch tag { + case 1: // mode.read_write + if wire != proto.WireBytes { + return true, proto.ErrInternalBadWireType + } + msg := new(TransactionOptions_ReadWrite) + err := b.DecodeMessage(msg) + m.Mode = &TransactionOptions_ReadWrite_{msg} + return true, err + case 2: // mode.read_only + if wire != proto.WireBytes { + return true, proto.ErrInternalBadWireType + } + msg := new(TransactionOptions_ReadOnly) + err := b.DecodeMessage(msg) + m.Mode = &TransactionOptions_ReadOnly_{msg} + return true, err + default: + return false, nil + } +} + +func _TransactionOptions_OneofSizer(msg proto.Message) (n int) { + m := msg.(*TransactionOptions) + // mode + switch x := m.Mode.(type) { + case *TransactionOptions_ReadWrite_: + s := proto.Size(x.ReadWrite) + n += proto.SizeVarint(1<<3 | proto.WireBytes) + n += proto.SizeVarint(uint64(s)) + n += s + case *TransactionOptions_ReadOnly_: + s := proto.Size(x.ReadOnly) + n += proto.SizeVarint(2<<3 | proto.WireBytes) + n += proto.SizeVarint(uint64(s)) + n += s + case nil: + default: + panic(fmt.Sprintf("proto: unexpected type %T in oneof", x)) + } + return n +} + +// Message type to initiate a read-write transaction. Currently this +// transaction type has no options. +type TransactionOptions_ReadWrite struct { +} + +func (m *TransactionOptions_ReadWrite) Reset() { *m = TransactionOptions_ReadWrite{} } +func (m *TransactionOptions_ReadWrite) String() string { return proto.CompactTextString(m) } +func (*TransactionOptions_ReadWrite) ProtoMessage() {} +func (*TransactionOptions_ReadWrite) Descriptor() ([]byte, []int) { return fileDescriptor5, []int{0, 0} } + +// Message type to initiate a read-only transaction. +type TransactionOptions_ReadOnly struct { + // How to choose the timestamp for the read-only transaction. + // + // Types that are valid to be assigned to TimestampBound: + // *TransactionOptions_ReadOnly_Strong + // *TransactionOptions_ReadOnly_MinReadTimestamp + // *TransactionOptions_ReadOnly_MaxStaleness + // *TransactionOptions_ReadOnly_ReadTimestamp + // *TransactionOptions_ReadOnly_ExactStaleness + TimestampBound isTransactionOptions_ReadOnly_TimestampBound `protobuf_oneof:"timestamp_bound"` + // If true, the Cloud Spanner-selected read timestamp is included in + // the [Transaction][google.spanner.v1.Transaction] message that describes the transaction. + ReturnReadTimestamp bool `protobuf:"varint,6,opt,name=return_read_timestamp,json=returnReadTimestamp" json:"return_read_timestamp,omitempty"` +} + +func (m *TransactionOptions_ReadOnly) Reset() { *m = TransactionOptions_ReadOnly{} } +func (m *TransactionOptions_ReadOnly) String() string { return proto.CompactTextString(m) } +func (*TransactionOptions_ReadOnly) ProtoMessage() {} +func (*TransactionOptions_ReadOnly) Descriptor() ([]byte, []int) { return fileDescriptor5, []int{0, 1} } + +type isTransactionOptions_ReadOnly_TimestampBound interface { + isTransactionOptions_ReadOnly_TimestampBound() +} + +type TransactionOptions_ReadOnly_Strong struct { + Strong bool `protobuf:"varint,1,opt,name=strong,oneof"` +} +type TransactionOptions_ReadOnly_MinReadTimestamp struct { + MinReadTimestamp *google_protobuf3.Timestamp `protobuf:"bytes,2,opt,name=min_read_timestamp,json=minReadTimestamp,oneof"` +} +type TransactionOptions_ReadOnly_MaxStaleness struct { + MaxStaleness *google_protobuf2.Duration `protobuf:"bytes,3,opt,name=max_staleness,json=maxStaleness,oneof"` +} +type TransactionOptions_ReadOnly_ReadTimestamp struct { + ReadTimestamp *google_protobuf3.Timestamp `protobuf:"bytes,4,opt,name=read_timestamp,json=readTimestamp,oneof"` +} +type TransactionOptions_ReadOnly_ExactStaleness struct { + ExactStaleness *google_protobuf2.Duration `protobuf:"bytes,5,opt,name=exact_staleness,json=exactStaleness,oneof"` +} + +func (*TransactionOptions_ReadOnly_Strong) isTransactionOptions_ReadOnly_TimestampBound() {} +func (*TransactionOptions_ReadOnly_MinReadTimestamp) isTransactionOptions_ReadOnly_TimestampBound() {} +func (*TransactionOptions_ReadOnly_MaxStaleness) isTransactionOptions_ReadOnly_TimestampBound() {} +func (*TransactionOptions_ReadOnly_ReadTimestamp) isTransactionOptions_ReadOnly_TimestampBound() {} +func (*TransactionOptions_ReadOnly_ExactStaleness) isTransactionOptions_ReadOnly_TimestampBound() {} + +func (m *TransactionOptions_ReadOnly) GetTimestampBound() isTransactionOptions_ReadOnly_TimestampBound { + if m != nil { + return m.TimestampBound + } + return nil +} + +func (m *TransactionOptions_ReadOnly) GetStrong() bool { + if x, ok := m.GetTimestampBound().(*TransactionOptions_ReadOnly_Strong); ok { + return x.Strong + } + return false +} + +func (m *TransactionOptions_ReadOnly) GetMinReadTimestamp() *google_protobuf3.Timestamp { + if x, ok := m.GetTimestampBound().(*TransactionOptions_ReadOnly_MinReadTimestamp); ok { + return x.MinReadTimestamp + } + return nil +} + +func (m *TransactionOptions_ReadOnly) GetMaxStaleness() *google_protobuf2.Duration { + if x, ok := m.GetTimestampBound().(*TransactionOptions_ReadOnly_MaxStaleness); ok { + return x.MaxStaleness + } + return nil +} + +func (m *TransactionOptions_ReadOnly) GetReadTimestamp() *google_protobuf3.Timestamp { + if x, ok := m.GetTimestampBound().(*TransactionOptions_ReadOnly_ReadTimestamp); ok { + return x.ReadTimestamp + } + return nil +} + +func (m *TransactionOptions_ReadOnly) GetExactStaleness() *google_protobuf2.Duration { + if x, ok := m.GetTimestampBound().(*TransactionOptions_ReadOnly_ExactStaleness); ok { + return x.ExactStaleness + } + return nil +} + +func (m *TransactionOptions_ReadOnly) GetReturnReadTimestamp() bool { + if m != nil { + return m.ReturnReadTimestamp + } + return false +} + +// XXX_OneofFuncs is for the internal use of the proto package. +func (*TransactionOptions_ReadOnly) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{}) { + return _TransactionOptions_ReadOnly_OneofMarshaler, _TransactionOptions_ReadOnly_OneofUnmarshaler, _TransactionOptions_ReadOnly_OneofSizer, []interface{}{ + (*TransactionOptions_ReadOnly_Strong)(nil), + (*TransactionOptions_ReadOnly_MinReadTimestamp)(nil), + (*TransactionOptions_ReadOnly_MaxStaleness)(nil), + (*TransactionOptions_ReadOnly_ReadTimestamp)(nil), + (*TransactionOptions_ReadOnly_ExactStaleness)(nil), + } +} + +func _TransactionOptions_ReadOnly_OneofMarshaler(msg proto.Message, b *proto.Buffer) error { + m := msg.(*TransactionOptions_ReadOnly) + // timestamp_bound + switch x := m.TimestampBound.(type) { + case *TransactionOptions_ReadOnly_Strong: + t := uint64(0) + if x.Strong { + t = 1 + } + b.EncodeVarint(1<<3 | proto.WireVarint) + b.EncodeVarint(t) + case *TransactionOptions_ReadOnly_MinReadTimestamp: + b.EncodeVarint(2<<3 | proto.WireBytes) + if err := b.EncodeMessage(x.MinReadTimestamp); err != nil { + return err + } + case *TransactionOptions_ReadOnly_MaxStaleness: + b.EncodeVarint(3<<3 | proto.WireBytes) + if err := b.EncodeMessage(x.MaxStaleness); err != nil { + return err + } + case *TransactionOptions_ReadOnly_ReadTimestamp: + b.EncodeVarint(4<<3 | proto.WireBytes) + if err := b.EncodeMessage(x.ReadTimestamp); err != nil { + return err + } + case *TransactionOptions_ReadOnly_ExactStaleness: + b.EncodeVarint(5<<3 | proto.WireBytes) + if err := b.EncodeMessage(x.ExactStaleness); err != nil { + return err + } + case nil: + default: + return fmt.Errorf("TransactionOptions_ReadOnly.TimestampBound has unexpected type %T", x) + } + return nil +} + +func _TransactionOptions_ReadOnly_OneofUnmarshaler(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error) { + m := msg.(*TransactionOptions_ReadOnly) + switch tag { + case 1: // timestamp_bound.strong + if wire != proto.WireVarint { + return true, proto.ErrInternalBadWireType + } + x, err := b.DecodeVarint() + m.TimestampBound = &TransactionOptions_ReadOnly_Strong{x != 0} + return true, err + case 2: // timestamp_bound.min_read_timestamp + if wire != proto.WireBytes { + return true, proto.ErrInternalBadWireType + } + msg := new(google_protobuf3.Timestamp) + err := b.DecodeMessage(msg) + m.TimestampBound = &TransactionOptions_ReadOnly_MinReadTimestamp{msg} + return true, err + case 3: // timestamp_bound.max_staleness + if wire != proto.WireBytes { + return true, proto.ErrInternalBadWireType + } + msg := new(google_protobuf2.Duration) + err := b.DecodeMessage(msg) + m.TimestampBound = &TransactionOptions_ReadOnly_MaxStaleness{msg} + return true, err + case 4: // timestamp_bound.read_timestamp + if wire != proto.WireBytes { + return true, proto.ErrInternalBadWireType + } + msg := new(google_protobuf3.Timestamp) + err := b.DecodeMessage(msg) + m.TimestampBound = &TransactionOptions_ReadOnly_ReadTimestamp{msg} + return true, err + case 5: // timestamp_bound.exact_staleness + if wire != proto.WireBytes { + return true, proto.ErrInternalBadWireType + } + msg := new(google_protobuf2.Duration) + err := b.DecodeMessage(msg) + m.TimestampBound = &TransactionOptions_ReadOnly_ExactStaleness{msg} + return true, err + default: + return false, nil + } +} + +func _TransactionOptions_ReadOnly_OneofSizer(msg proto.Message) (n int) { + m := msg.(*TransactionOptions_ReadOnly) + // timestamp_bound + switch x := m.TimestampBound.(type) { + case *TransactionOptions_ReadOnly_Strong: + n += proto.SizeVarint(1<<3 | proto.WireVarint) + n += 1 + case *TransactionOptions_ReadOnly_MinReadTimestamp: + s := proto.Size(x.MinReadTimestamp) + n += proto.SizeVarint(2<<3 | proto.WireBytes) + n += proto.SizeVarint(uint64(s)) + n += s + case *TransactionOptions_ReadOnly_MaxStaleness: + s := proto.Size(x.MaxStaleness) + n += proto.SizeVarint(3<<3 | proto.WireBytes) + n += proto.SizeVarint(uint64(s)) + n += s + case *TransactionOptions_ReadOnly_ReadTimestamp: + s := proto.Size(x.ReadTimestamp) + n += proto.SizeVarint(4<<3 | proto.WireBytes) + n += proto.SizeVarint(uint64(s)) + n += s + case *TransactionOptions_ReadOnly_ExactStaleness: + s := proto.Size(x.ExactStaleness) + n += proto.SizeVarint(5<<3 | proto.WireBytes) + n += proto.SizeVarint(uint64(s)) + n += s + case nil: + default: + panic(fmt.Sprintf("proto: unexpected type %T in oneof", x)) + } + return n +} + +// A transaction. +type Transaction struct { + // `id` may be used to identify the transaction in subsequent + // [Read][google.spanner.v1.Spanner.Read], + // [ExecuteSql][google.spanner.v1.Spanner.ExecuteSql], + // [Commit][google.spanner.v1.Spanner.Commit], or + // [Rollback][google.spanner.v1.Spanner.Rollback] calls. + // + // Single-use read-only transactions do not have IDs, because + // single-use transactions do not support multiple requests. + Id []byte `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` + // For snapshot read-only transactions, the read timestamp chosen + // for the transaction. Not returned by default: see + // [TransactionOptions.ReadOnly.return_read_timestamp][google.spanner.v1.TransactionOptions.ReadOnly.return_read_timestamp]. + // + // A timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. + // Example: `"2014-10-02T15:01:23.045123456Z"`. + ReadTimestamp *google_protobuf3.Timestamp `protobuf:"bytes,2,opt,name=read_timestamp,json=readTimestamp" json:"read_timestamp,omitempty"` +} + +func (m *Transaction) Reset() { *m = Transaction{} } +func (m *Transaction) String() string { return proto.CompactTextString(m) } +func (*Transaction) ProtoMessage() {} +func (*Transaction) Descriptor() ([]byte, []int) { return fileDescriptor5, []int{1} } + +func (m *Transaction) GetId() []byte { + if m != nil { + return m.Id + } + return nil +} + +func (m *Transaction) GetReadTimestamp() *google_protobuf3.Timestamp { + if m != nil { + return m.ReadTimestamp + } + return nil +} + +// This message is used to select the transaction in which a +// [Read][google.spanner.v1.Spanner.Read] or +// [ExecuteSql][google.spanner.v1.Spanner.ExecuteSql] call runs. +// +// See [TransactionOptions][google.spanner.v1.TransactionOptions] for more information about transactions. +type TransactionSelector struct { + // If no fields are set, the default is a single use transaction + // with strong concurrency. + // + // Types that are valid to be assigned to Selector: + // *TransactionSelector_SingleUse + // *TransactionSelector_Id + // *TransactionSelector_Begin + Selector isTransactionSelector_Selector `protobuf_oneof:"selector"` +} + +func (m *TransactionSelector) Reset() { *m = TransactionSelector{} } +func (m *TransactionSelector) String() string { return proto.CompactTextString(m) } +func (*TransactionSelector) ProtoMessage() {} +func (*TransactionSelector) Descriptor() ([]byte, []int) { return fileDescriptor5, []int{2} } + +type isTransactionSelector_Selector interface { + isTransactionSelector_Selector() +} + +type TransactionSelector_SingleUse struct { + SingleUse *TransactionOptions `protobuf:"bytes,1,opt,name=single_use,json=singleUse,oneof"` +} +type TransactionSelector_Id struct { + Id []byte `protobuf:"bytes,2,opt,name=id,proto3,oneof"` +} +type TransactionSelector_Begin struct { + Begin *TransactionOptions `protobuf:"bytes,3,opt,name=begin,oneof"` +} + +func (*TransactionSelector_SingleUse) isTransactionSelector_Selector() {} +func (*TransactionSelector_Id) isTransactionSelector_Selector() {} +func (*TransactionSelector_Begin) isTransactionSelector_Selector() {} + +func (m *TransactionSelector) GetSelector() isTransactionSelector_Selector { + if m != nil { + return m.Selector + } + return nil +} + +func (m *TransactionSelector) GetSingleUse() *TransactionOptions { + if x, ok := m.GetSelector().(*TransactionSelector_SingleUse); ok { + return x.SingleUse + } + return nil +} + +func (m *TransactionSelector) GetId() []byte { + if x, ok := m.GetSelector().(*TransactionSelector_Id); ok { + return x.Id + } + return nil +} + +func (m *TransactionSelector) GetBegin() *TransactionOptions { + if x, ok := m.GetSelector().(*TransactionSelector_Begin); ok { + return x.Begin + } + return nil +} + +// XXX_OneofFuncs is for the internal use of the proto package. +func (*TransactionSelector) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{}) { + return _TransactionSelector_OneofMarshaler, _TransactionSelector_OneofUnmarshaler, _TransactionSelector_OneofSizer, []interface{}{ + (*TransactionSelector_SingleUse)(nil), + (*TransactionSelector_Id)(nil), + (*TransactionSelector_Begin)(nil), + } +} + +func _TransactionSelector_OneofMarshaler(msg proto.Message, b *proto.Buffer) error { + m := msg.(*TransactionSelector) + // selector + switch x := m.Selector.(type) { + case *TransactionSelector_SingleUse: + b.EncodeVarint(1<<3 | proto.WireBytes) + if err := b.EncodeMessage(x.SingleUse); err != nil { + return err + } + case *TransactionSelector_Id: + b.EncodeVarint(2<<3 | proto.WireBytes) + b.EncodeRawBytes(x.Id) + case *TransactionSelector_Begin: + b.EncodeVarint(3<<3 | proto.WireBytes) + if err := b.EncodeMessage(x.Begin); err != nil { + return err + } + case nil: + default: + return fmt.Errorf("TransactionSelector.Selector has unexpected type %T", x) + } + return nil +} + +func _TransactionSelector_OneofUnmarshaler(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error) { + m := msg.(*TransactionSelector) + switch tag { + case 1: // selector.single_use + if wire != proto.WireBytes { + return true, proto.ErrInternalBadWireType + } + msg := new(TransactionOptions) + err := b.DecodeMessage(msg) + m.Selector = &TransactionSelector_SingleUse{msg} + return true, err + case 2: // selector.id + if wire != proto.WireBytes { + return true, proto.ErrInternalBadWireType + } + x, err := b.DecodeRawBytes(true) + m.Selector = &TransactionSelector_Id{x} + return true, err + case 3: // selector.begin + if wire != proto.WireBytes { + return true, proto.ErrInternalBadWireType + } + msg := new(TransactionOptions) + err := b.DecodeMessage(msg) + m.Selector = &TransactionSelector_Begin{msg} + return true, err + default: + return false, nil + } +} + +func _TransactionSelector_OneofSizer(msg proto.Message) (n int) { + m := msg.(*TransactionSelector) + // selector + switch x := m.Selector.(type) { + case *TransactionSelector_SingleUse: + s := proto.Size(x.SingleUse) + n += proto.SizeVarint(1<<3 | proto.WireBytes) + n += proto.SizeVarint(uint64(s)) + n += s + case *TransactionSelector_Id: + n += proto.SizeVarint(2<<3 | proto.WireBytes) + n += proto.SizeVarint(uint64(len(x.Id))) + n += len(x.Id) + case *TransactionSelector_Begin: + s := proto.Size(x.Begin) + n += proto.SizeVarint(3<<3 | proto.WireBytes) + n += proto.SizeVarint(uint64(s)) + n += s + case nil: + default: + panic(fmt.Sprintf("proto: unexpected type %T in oneof", x)) + } + return n +} + +func init() { + proto.RegisterType((*TransactionOptions)(nil), "google.spanner.v1.TransactionOptions") + proto.RegisterType((*TransactionOptions_ReadWrite)(nil), "google.spanner.v1.TransactionOptions.ReadWrite") + proto.RegisterType((*TransactionOptions_ReadOnly)(nil), "google.spanner.v1.TransactionOptions.ReadOnly") + proto.RegisterType((*Transaction)(nil), "google.spanner.v1.Transaction") + proto.RegisterType((*TransactionSelector)(nil), "google.spanner.v1.TransactionSelector") +} + +func init() { proto.RegisterFile("google/spanner/v1/transaction.proto", fileDescriptor5) } + +var fileDescriptor5 = []byte{ + // 537 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x94, 0xd1, 0x8a, 0xd3, 0x40, + 0x14, 0x86, 0xd3, 0x6e, 0xb7, 0x74, 0x4f, 0xbb, 0xdd, 0xee, 0x2c, 0x8b, 0x35, 0x88, 0x4a, 0x45, + 0xf0, 0x2a, 0xa1, 0xeb, 0x8d, 0x20, 0x82, 0x76, 0x17, 0x0d, 0x82, 0x6c, 0x49, 0xd7, 0x15, 0xa4, + 0x10, 0xa7, 0xcd, 0x18, 0x06, 0x92, 0x99, 0x30, 0x33, 0x59, 0xbb, 0xf7, 0xbe, 0x84, 0xaf, 0xe0, + 0x23, 0xf8, 0x08, 0xde, 0xf9, 0x46, 0x92, 0xc9, 0xa4, 0xcd, 0x36, 0x17, 0xdb, 0xbb, 0x4c, 0xcf, + 0xff, 0xff, 0xe7, 0x9b, 0x73, 0x86, 0xc2, 0xb3, 0x88, 0xf3, 0x28, 0x26, 0xae, 0x4c, 0x31, 0x63, + 0x44, 0xb8, 0x37, 0x63, 0x57, 0x09, 0xcc, 0x24, 0x5e, 0x2a, 0xca, 0x99, 0x93, 0x0a, 0xae, 0x38, + 0x3a, 0x2e, 0x44, 0x8e, 0x11, 0x39, 0x37, 0x63, 0xfb, 0x91, 0xf1, 0xe1, 0x94, 0xba, 0x98, 0x31, + 0xae, 0x70, 0xae, 0x97, 0x85, 0xc1, 0x7e, 0x6c, 0xaa, 0xfa, 0xb4, 0xc8, 0xbe, 0xbb, 0x61, 0x26, + 0xf0, 0x26, 0xd0, 0x7e, 0xb2, 0x5d, 0x57, 0x34, 0x21, 0x52, 0xe1, 0x24, 0x2d, 0x04, 0xa3, 0x7f, + 0x2d, 0x40, 0x57, 0x1b, 0x8e, 0xcb, 0x54, 0xa7, 0xa3, 0x29, 0x80, 0x20, 0x38, 0x0c, 0x7e, 0x08, + 0xaa, 0xc8, 0xb0, 0xf1, 0xb4, 0xf1, 0xa2, 0x7b, 0xe6, 0x3a, 0x35, 0x3a, 0xa7, 0x6e, 0x75, 0x7c, + 0x82, 0xc3, 0x2f, 0xb9, 0xcd, 0xb3, 0xfc, 0x03, 0x51, 0x1e, 0xd0, 0x27, 0xd0, 0x87, 0x80, 0xb3, + 0xf8, 0x76, 0xd8, 0xd4, 0x81, 0xce, 0xee, 0x81, 0x97, 0x2c, 0xbe, 0xf5, 0x2c, 0xbf, 0x23, 0xcc, + 0xb7, 0xdd, 0x85, 0x83, 0x75, 0x23, 0xfb, 0xe7, 0x1e, 0x74, 0x4a, 0x15, 0x1a, 0x42, 0x5b, 0x2a, + 0xc1, 0x59, 0xa4, 0xb1, 0x3b, 0x9e, 0xe5, 0x9b, 0x33, 0xfa, 0x08, 0x28, 0xa1, 0x2c, 0xd0, 0x18, + 0xeb, 0x39, 0x18, 0x16, 0xbb, 0x64, 0x29, 0x27, 0xe5, 0x5c, 0x95, 0x0a, 0xcf, 0xf2, 0x07, 0x09, + 0x65, 0x79, 0x83, 0xf5, 0x6f, 0xe8, 0x2d, 0x1c, 0x26, 0x78, 0x15, 0x48, 0x85, 0x63, 0xc2, 0x88, + 0x94, 0xc3, 0x3d, 0x1d, 0xf3, 0xb0, 0x16, 0x73, 0x61, 0x16, 0xe2, 0x59, 0x7e, 0x2f, 0xc1, 0xab, + 0x59, 0x69, 0x40, 0xe7, 0xd0, 0xdf, 0x22, 0x69, 0xed, 0x40, 0x72, 0x28, 0xee, 0x60, 0x5c, 0xc0, + 0x11, 0x59, 0xe1, 0xa5, 0xaa, 0x80, 0xec, 0xdf, 0x0f, 0xd2, 0xd7, 0x9e, 0x0d, 0xca, 0x19, 0x9c, + 0x0a, 0xa2, 0x32, 0x51, 0x9b, 0x4d, 0x3b, 0x9f, 0xa0, 0x7f, 0x52, 0x14, 0xef, 0x0c, 0x60, 0x72, + 0x0c, 0x47, 0x6b, 0x5d, 0xb0, 0xe0, 0x19, 0x0b, 0x27, 0x6d, 0x68, 0x25, 0x3c, 0x24, 0xa3, 0x6f, + 0xd0, 0xad, 0xac, 0x11, 0xf5, 0xa1, 0x49, 0x43, 0xbd, 0x8c, 0x9e, 0xdf, 0xa4, 0x21, 0x7a, 0x57, + 0xbb, 0xf8, 0xbd, 0x2b, 0xd8, 0xba, 0xf6, 0xe8, 0x4f, 0x03, 0x4e, 0x2a, 0x2d, 0x66, 0x24, 0x26, + 0x4b, 0xc5, 0x05, 0x7a, 0x0f, 0x20, 0x29, 0x8b, 0x62, 0x12, 0x64, 0xb2, 0x7c, 0xb6, 0xcf, 0x77, + 0x7a, 0x65, 0xf9, 0x63, 0x2d, 0xac, 0x9f, 0x25, 0x41, 0x03, 0x8d, 0x9c, 0x63, 0xf5, 0x3c, 0x4b, + 0x43, 0xbf, 0x81, 0xfd, 0x05, 0x89, 0x28, 0x33, 0x7b, 0xde, 0x39, 0xb4, 0x70, 0x4d, 0x00, 0x3a, + 0xd2, 0x40, 0x4e, 0x7e, 0x35, 0xe0, 0x74, 0xc9, 0x93, 0x7a, 0xc2, 0x64, 0x50, 0x89, 0x98, 0xe6, + 0x43, 0x98, 0x36, 0xbe, 0xbe, 0x32, 0xb2, 0x88, 0xc7, 0x98, 0x45, 0x0e, 0x17, 0x91, 0x1b, 0x11, + 0xa6, 0x47, 0xe4, 0x16, 0x25, 0x9c, 0x52, 0x59, 0xf9, 0x5b, 0x79, 0x6d, 0x3e, 0x7f, 0x37, 0x1f, + 0x7c, 0x28, 0xac, 0xe7, 0x31, 0xcf, 0x42, 0x67, 0x66, 0xfa, 0x5c, 0x8f, 0xff, 0x96, 0x95, 0xb9, + 0xae, 0xcc, 0x4d, 0x65, 0x7e, 0x3d, 0x5e, 0xb4, 0x75, 0xf0, 0xcb, 0xff, 0x01, 0x00, 0x00, 0xff, + 0xff, 0xa6, 0x28, 0x2f, 0x4a, 0xae, 0x04, 0x00, 0x00, +} diff --git a/vendor/google.golang.org/genproto/googleapis/spanner/v1/type.pb.go b/vendor/google.golang.org/genproto/googleapis/spanner/v1/type.pb.go new file mode 100644 index 000000000000..499cad60f217 --- /dev/null +++ b/vendor/google.golang.org/genproto/googleapis/spanner/v1/type.pb.go @@ -0,0 +1,217 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// source: google/spanner/v1/type.proto + +package spanner + +import proto "github.com/golang/protobuf/proto" +import fmt "fmt" +import math "math" +import _ "google.golang.org/genproto/googleapis/api/annotations" + +// Reference imports to suppress errors if they are not otherwise used. +var _ = proto.Marshal +var _ = fmt.Errorf +var _ = math.Inf + +// `TypeCode` is used as part of [Type][google.spanner.v1.Type] to +// indicate the type of a Cloud Spanner value. +// +// Each legal value of a type can be encoded to or decoded from a JSON +// value, using the encodings described below. All Cloud Spanner values can +// be `null`, regardless of type; `null`s are always encoded as a JSON +// `null`. +type TypeCode int32 + +const ( + // Not specified. + TypeCode_TYPE_CODE_UNSPECIFIED TypeCode = 0 + // Encoded as JSON `true` or `false`. + TypeCode_BOOL TypeCode = 1 + // Encoded as `string`, in decimal format. + TypeCode_INT64 TypeCode = 2 + // Encoded as `number`, or the strings `"NaN"`, `"Infinity"`, or + // `"-Infinity"`. + TypeCode_FLOAT64 TypeCode = 3 + // Encoded as `string` in RFC 3339 timestamp format. The time zone + // must be present, and must be `"Z"`. + TypeCode_TIMESTAMP TypeCode = 4 + // Encoded as `string` in RFC 3339 date format. + TypeCode_DATE TypeCode = 5 + // Encoded as `string`. + TypeCode_STRING TypeCode = 6 + // Encoded as a base64-encoded `string`, as described in RFC 4648, + // section 4. + TypeCode_BYTES TypeCode = 7 + // Encoded as `list`, where the list elements are represented + // according to [array_element_type][google.spanner.v1.Type.array_element_type]. + TypeCode_ARRAY TypeCode = 8 + // Encoded as `list`, where list element `i` is represented according + // to [struct_type.fields[i]][google.spanner.v1.StructType.fields]. + TypeCode_STRUCT TypeCode = 9 +) + +var TypeCode_name = map[int32]string{ + 0: "TYPE_CODE_UNSPECIFIED", + 1: "BOOL", + 2: "INT64", + 3: "FLOAT64", + 4: "TIMESTAMP", + 5: "DATE", + 6: "STRING", + 7: "BYTES", + 8: "ARRAY", + 9: "STRUCT", +} +var TypeCode_value = map[string]int32{ + "TYPE_CODE_UNSPECIFIED": 0, + "BOOL": 1, + "INT64": 2, + "FLOAT64": 3, + "TIMESTAMP": 4, + "DATE": 5, + "STRING": 6, + "BYTES": 7, + "ARRAY": 8, + "STRUCT": 9, +} + +func (x TypeCode) String() string { + return proto.EnumName(TypeCode_name, int32(x)) +} +func (TypeCode) EnumDescriptor() ([]byte, []int) { return fileDescriptor6, []int{0} } + +// `Type` indicates the type of a Cloud Spanner value, as might be stored in a +// table cell or returned from an SQL query. +type Type struct { + // Required. The [TypeCode][google.spanner.v1.TypeCode] for this type. + Code TypeCode `protobuf:"varint,1,opt,name=code,enum=google.spanner.v1.TypeCode" json:"code,omitempty"` + // If [code][google.spanner.v1.Type.code] == [ARRAY][google.spanner.v1.TypeCode.ARRAY], then `array_element_type` + // is the type of the array elements. + ArrayElementType *Type `protobuf:"bytes,2,opt,name=array_element_type,json=arrayElementType" json:"array_element_type,omitempty"` + // If [code][google.spanner.v1.Type.code] == [STRUCT][google.spanner.v1.TypeCode.STRUCT], then `struct_type` + // provides type information for the struct's fields. + StructType *StructType `protobuf:"bytes,3,opt,name=struct_type,json=structType" json:"struct_type,omitempty"` +} + +func (m *Type) Reset() { *m = Type{} } +func (m *Type) String() string { return proto.CompactTextString(m) } +func (*Type) ProtoMessage() {} +func (*Type) Descriptor() ([]byte, []int) { return fileDescriptor6, []int{0} } + +func (m *Type) GetCode() TypeCode { + if m != nil { + return m.Code + } + return TypeCode_TYPE_CODE_UNSPECIFIED +} + +func (m *Type) GetArrayElementType() *Type { + if m != nil { + return m.ArrayElementType + } + return nil +} + +func (m *Type) GetStructType() *StructType { + if m != nil { + return m.StructType + } + return nil +} + +// `StructType` defines the fields of a [STRUCT][google.spanner.v1.TypeCode.STRUCT] type. +type StructType struct { + // The list of fields that make up this struct. Order is + // significant, because values of this struct type are represented as + // lists, where the order of field values matches the order of + // fields in the [StructType][google.spanner.v1.StructType]. In turn, the order of fields + // matches the order of columns in a read request, or the order of + // fields in the `SELECT` clause of a query. + Fields []*StructType_Field `protobuf:"bytes,1,rep,name=fields" json:"fields,omitempty"` +} + +func (m *StructType) Reset() { *m = StructType{} } +func (m *StructType) String() string { return proto.CompactTextString(m) } +func (*StructType) ProtoMessage() {} +func (*StructType) Descriptor() ([]byte, []int) { return fileDescriptor6, []int{1} } + +func (m *StructType) GetFields() []*StructType_Field { + if m != nil { + return m.Fields + } + return nil +} + +// Message representing a single field of a struct. +type StructType_Field struct { + // The name of the field. For reads, this is the column name. For + // SQL queries, it is the column alias (e.g., `"Word"` in the + // query `"SELECT 'hello' AS Word"`), or the column name (e.g., + // `"ColName"` in the query `"SELECT ColName FROM Table"`). Some + // columns might have an empty name (e.g., !"SELECT + // UPPER(ColName)"`). Note that a query result can contain + // multiple fields with the same name. + Name string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"` + // The type of the field. + Type *Type `protobuf:"bytes,2,opt,name=type" json:"type,omitempty"` +} + +func (m *StructType_Field) Reset() { *m = StructType_Field{} } +func (m *StructType_Field) String() string { return proto.CompactTextString(m) } +func (*StructType_Field) ProtoMessage() {} +func (*StructType_Field) Descriptor() ([]byte, []int) { return fileDescriptor6, []int{1, 0} } + +func (m *StructType_Field) GetName() string { + if m != nil { + return m.Name + } + return "" +} + +func (m *StructType_Field) GetType() *Type { + if m != nil { + return m.Type + } + return nil +} + +func init() { + proto.RegisterType((*Type)(nil), "google.spanner.v1.Type") + proto.RegisterType((*StructType)(nil), "google.spanner.v1.StructType") + proto.RegisterType((*StructType_Field)(nil), "google.spanner.v1.StructType.Field") + proto.RegisterEnum("google.spanner.v1.TypeCode", TypeCode_name, TypeCode_value) +} + +func init() { proto.RegisterFile("google/spanner/v1/type.proto", fileDescriptor6) } + +var fileDescriptor6 = []byte{ + // 444 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x92, 0xd1, 0x8a, 0xd3, 0x40, + 0x14, 0x86, 0x9d, 0x6d, 0xda, 0x6d, 0x4e, 0x51, 0xc6, 0x81, 0x65, 0xeb, 0xaa, 0x50, 0xd6, 0x9b, + 0xa2, 0x90, 0xd0, 0x2a, 0x22, 0x2c, 0x08, 0x69, 0x3a, 0x5d, 0x03, 0xbb, 0x6d, 0x48, 0x66, 0x17, + 0x2a, 0x85, 0x32, 0xb6, 0x63, 0x28, 0xa4, 0x33, 0x21, 0xc9, 0x2e, 0xf4, 0x25, 0xbc, 0xd0, 0xb7, + 0xf0, 0x21, 0x7c, 0x00, 0x9f, 0x4a, 0x66, 0x92, 0xaa, 0xb0, 0x2a, 0xde, 0x9d, 0xe4, 0xfb, 0xbf, + 0x33, 0x67, 0x86, 0x03, 0x4f, 0x12, 0xa5, 0x92, 0x54, 0xb8, 0x45, 0xc6, 0xa5, 0x14, 0xb9, 0x7b, + 0x3b, 0x70, 0xcb, 0x5d, 0x26, 0x9c, 0x2c, 0x57, 0xa5, 0x22, 0x0f, 0x2b, 0xea, 0xd4, 0xd4, 0xb9, + 0x1d, 0x9c, 0xec, 0x05, 0x9e, 0x6d, 0x5c, 0x2e, 0xa5, 0x2a, 0x79, 0xb9, 0x51, 0xb2, 0xa8, 0x84, + 0xd3, 0x6f, 0x08, 0x2c, 0xb6, 0xcb, 0x04, 0x71, 0xc1, 0x5a, 0xa9, 0xb5, 0xe8, 0xa2, 0x1e, 0xea, + 0x3f, 0x18, 0x3e, 0x76, 0xee, 0x34, 0x72, 0x74, 0xcc, 0x57, 0x6b, 0x11, 0x99, 0x20, 0xa1, 0x40, + 0x78, 0x9e, 0xf3, 0xdd, 0x52, 0xa4, 0x62, 0x2b, 0x64, 0xb9, 0xd4, 0x63, 0x74, 0x0f, 0x7a, 0xa8, + 0xdf, 0x19, 0x1e, 0xff, 0x45, 0x8f, 0xb0, 0x51, 0x68, 0x65, 0x98, 0x73, 0xdf, 0x42, 0xa7, 0x28, + 0xf3, 0x9b, 0x55, 0xed, 0x37, 0x8c, 0xff, 0xf4, 0x0f, 0x7e, 0x6c, 0x52, 0xa6, 0x0b, 0x14, 0x3f, + 0xeb, 0xd3, 0x2f, 0x08, 0xe0, 0x17, 0x22, 0x67, 0xd0, 0xfa, 0xb8, 0x11, 0xe9, 0xba, 0xe8, 0xa2, + 0x5e, 0xa3, 0xdf, 0x19, 0x3e, 0xfb, 0x67, 0x27, 0x67, 0xa2, 0xb3, 0x51, 0xad, 0x9c, 0xbc, 0x83, + 0xa6, 0xf9, 0x41, 0x08, 0x58, 0x92, 0x6f, 0xab, 0xc7, 0xb0, 0x23, 0x53, 0x93, 0x17, 0x60, 0xfd, + 0xcf, 0x0d, 0x4d, 0xe8, 0xf9, 0x27, 0x04, 0xed, 0xfd, 0x7b, 0x91, 0x47, 0x70, 0xc4, 0xe6, 0x21, + 0x5d, 0xfa, 0xb3, 0x31, 0x5d, 0x5e, 0x4d, 0xe3, 0x90, 0xfa, 0xc1, 0x24, 0xa0, 0x63, 0x7c, 0x8f, + 0xb4, 0xc1, 0x1a, 0xcd, 0x66, 0x17, 0x18, 0x11, 0x1b, 0x9a, 0xc1, 0x94, 0xbd, 0x7e, 0x85, 0x0f, + 0x48, 0x07, 0x0e, 0x27, 0x17, 0x33, 0x4f, 0x7f, 0x34, 0xc8, 0x7d, 0xb0, 0x59, 0x70, 0x49, 0x63, + 0xe6, 0x5d, 0x86, 0xd8, 0xd2, 0xc2, 0xd8, 0x63, 0x14, 0x37, 0x09, 0x40, 0x2b, 0x66, 0x51, 0x30, + 0x3d, 0xc7, 0x2d, 0x2d, 0x8f, 0xe6, 0x8c, 0xc6, 0xf8, 0x50, 0x97, 0x5e, 0x14, 0x79, 0x73, 0xdc, + 0xae, 0x13, 0x57, 0x3e, 0xc3, 0xf6, 0xe8, 0x33, 0x82, 0xa3, 0x95, 0xda, 0xde, 0x9d, 0x7a, 0x64, + 0xeb, 0x39, 0x43, 0xbd, 0x0c, 0x21, 0x7a, 0xff, 0xa6, 0xe6, 0x89, 0x4a, 0xb9, 0x4c, 0x1c, 0x95, + 0x27, 0x6e, 0x22, 0xa4, 0x59, 0x15, 0xb7, 0x42, 0x3c, 0xdb, 0x14, 0xbf, 0x2d, 0xdf, 0x59, 0x5d, + 0x7e, 0x3d, 0x38, 0x3e, 0xaf, 0x54, 0x3f, 0x55, 0x37, 0x6b, 0x27, 0xae, 0x0f, 0xb8, 0x1e, 0x7c, + 0xdf, 0x93, 0x85, 0x21, 0x8b, 0x9a, 0x2c, 0xae, 0x07, 0x1f, 0x5a, 0xa6, 0xf1, 0xcb, 0x1f, 0x01, + 0x00, 0x00, 0xff, 0xff, 0x55, 0xc4, 0x6e, 0xd4, 0xd4, 0x02, 0x00, 0x00, +} diff --git a/vendor/google.golang.org/grpc/credentials/oauth/oauth.go b/vendor/google.golang.org/grpc/credentials/oauth/oauth.go new file mode 100644 index 000000000000..f6d597a14fe6 --- /dev/null +++ b/vendor/google.golang.org/grpc/credentials/oauth/oauth.go @@ -0,0 +1,173 @@ +/* + * + * Copyright 2015 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +// Package oauth implements gRPC credentials using OAuth. +package oauth + +import ( + "fmt" + "io/ioutil" + "sync" + + "golang.org/x/net/context" + "golang.org/x/oauth2" + "golang.org/x/oauth2/google" + "golang.org/x/oauth2/jwt" + "google.golang.org/grpc/credentials" +) + +// TokenSource supplies PerRPCCredentials from an oauth2.TokenSource. +type TokenSource struct { + oauth2.TokenSource +} + +// GetRequestMetadata gets the request metadata as a map from a TokenSource. +func (ts TokenSource) GetRequestMetadata(ctx context.Context, uri ...string) (map[string]string, error) { + token, err := ts.Token() + if err != nil { + return nil, err + } + return map[string]string{ + "authorization": token.Type() + " " + token.AccessToken, + }, nil +} + +// RequireTransportSecurity indicates whether the credentials requires transport security. +func (ts TokenSource) RequireTransportSecurity() bool { + return true +} + +type jwtAccess struct { + jsonKey []byte +} + +// NewJWTAccessFromFile creates PerRPCCredentials from the given keyFile. +func NewJWTAccessFromFile(keyFile string) (credentials.PerRPCCredentials, error) { + jsonKey, err := ioutil.ReadFile(keyFile) + if err != nil { + return nil, fmt.Errorf("credentials: failed to read the service account key file: %v", err) + } + return NewJWTAccessFromKey(jsonKey) +} + +// NewJWTAccessFromKey creates PerRPCCredentials from the given jsonKey. +func NewJWTAccessFromKey(jsonKey []byte) (credentials.PerRPCCredentials, error) { + return jwtAccess{jsonKey}, nil +} + +func (j jwtAccess) GetRequestMetadata(ctx context.Context, uri ...string) (map[string]string, error) { + ts, err := google.JWTAccessTokenSourceFromJSON(j.jsonKey, uri[0]) + if err != nil { + return nil, err + } + token, err := ts.Token() + if err != nil { + return nil, err + } + return map[string]string{ + "authorization": token.Type() + " " + token.AccessToken, + }, nil +} + +func (j jwtAccess) RequireTransportSecurity() bool { + return true +} + +// oauthAccess supplies PerRPCCredentials from a given token. +type oauthAccess struct { + token oauth2.Token +} + +// NewOauthAccess constructs the PerRPCCredentials using a given token. +func NewOauthAccess(token *oauth2.Token) credentials.PerRPCCredentials { + return oauthAccess{token: *token} +} + +func (oa oauthAccess) GetRequestMetadata(ctx context.Context, uri ...string) (map[string]string, error) { + return map[string]string{ + "authorization": oa.token.Type() + " " + oa.token.AccessToken, + }, nil +} + +func (oa oauthAccess) RequireTransportSecurity() bool { + return true +} + +// NewComputeEngine constructs the PerRPCCredentials that fetches access tokens from +// Google Compute Engine (GCE)'s metadata server. It is only valid to use this +// if your program is running on a GCE instance. +// TODO(dsymonds): Deprecate and remove this. +func NewComputeEngine() credentials.PerRPCCredentials { + return TokenSource{google.ComputeTokenSource("")} +} + +// serviceAccount represents PerRPCCredentials via JWT signing key. +type serviceAccount struct { + mu sync.Mutex + config *jwt.Config + t *oauth2.Token +} + +func (s *serviceAccount) GetRequestMetadata(ctx context.Context, uri ...string) (map[string]string, error) { + s.mu.Lock() + defer s.mu.Unlock() + if !s.t.Valid() { + var err error + s.t, err = s.config.TokenSource(ctx).Token() + if err != nil { + return nil, err + } + } + return map[string]string{ + "authorization": s.t.Type() + " " + s.t.AccessToken, + }, nil +} + +func (s *serviceAccount) RequireTransportSecurity() bool { + return true +} + +// NewServiceAccountFromKey constructs the PerRPCCredentials using the JSON key slice +// from a Google Developers service account. +func NewServiceAccountFromKey(jsonKey []byte, scope ...string) (credentials.PerRPCCredentials, error) { + config, err := google.JWTConfigFromJSON(jsonKey, scope...) + if err != nil { + return nil, err + } + return &serviceAccount{config: config}, nil +} + +// NewServiceAccountFromFile constructs the PerRPCCredentials using the JSON key file +// of a Google Developers service account. +func NewServiceAccountFromFile(keyFile string, scope ...string) (credentials.PerRPCCredentials, error) { + jsonKey, err := ioutil.ReadFile(keyFile) + if err != nil { + return nil, fmt.Errorf("credentials: failed to read the service account key file: %v", err) + } + return NewServiceAccountFromKey(jsonKey, scope...) +} + +// NewApplicationDefault returns "Application Default Credentials". For more +// detail, see https://developers.google.com/accounts/docs/application-default-credentials. +func NewApplicationDefault(ctx context.Context, scope ...string) (credentials.PerRPCCredentials, error) { + t, err := google.DefaultTokenSource(ctx, scope...) + if err != nil { + return nil, err + } + return TokenSource{t}, nil +} diff --git a/vendor/vendor.json b/vendor/vendor.json index 51102adc8e5d..bd0e0a2525eb 100644 --- a/vendor/vendor.json +++ b/vendor/vendor.json @@ -18,6 +18,12 @@ "path": "appengine_internal/base", "revision": "" }, + { + "checksumSHA1": "BNPv4EWRcREufesk/mnsFWYNDEc=", + "path": "cloud.google.com/go/civil", + "revision": "02a2d936c7c22d0d585fb1e86ac05043bacb3a13", + "revisionTime": "2018-02-09T23:17:18Z" + }, { "checksumSHA1": "AH7jcN7pvaPDU6UjHdpT081DDGk=", "path": "cloud.google.com/go/compute/metadata", @@ -36,18 +42,42 @@ "revision": "fd7767e8876b52efa597af4d0ec944e9b2574120", "revisionTime": "2018-02-08T13:53:52Z" }, + { + "checksumSHA1": "CgYouHISABypWPadYPFgAzuv8MU=", + "path": "cloud.google.com/go/internal/atomiccache", + "revision": "02a2d936c7c22d0d585fb1e86ac05043bacb3a13", + "revisionTime": "2018-02-09T23:17:18Z" + }, + { + "checksumSHA1": "0YLwL10LdXwVsF/eNYZ0w6pF300=", + "path": "cloud.google.com/go/internal/fields", + "revision": "02a2d936c7c22d0d585fb1e86ac05043bacb3a13", + "revisionTime": "2018-02-09T23:17:18Z" + }, { "checksumSHA1": "MCns2LLZtUZEx6JWyYBrcbSuTXg=", "path": "cloud.google.com/go/internal/optional", "revision": "fd7767e8876b52efa597af4d0ec944e9b2574120", "revisionTime": "2018-02-08T13:53:52Z" }, + { + "checksumSHA1": "/fpiWdoT0OklWfWV/oZDrBxMpiQ=", + "path": "cloud.google.com/go/internal/protostruct", + "revision": "02a2d936c7c22d0d585fb1e86ac05043bacb3a13", + "revisionTime": "2018-02-09T23:17:18Z" + }, { "checksumSHA1": "Kiv6zkk0B9R4wmWX2nizyU4FqBs=", "path": "cloud.google.com/go/internal/version", "revision": "fd7767e8876b52efa597af4d0ec944e9b2574120", "revisionTime": "2018-02-08T13:53:52Z" }, + { + "checksumSHA1": "FCVJTw3jcQyTWedDG+m/w0HxW8U=", + "path": "cloud.google.com/go/spanner", + "revision": "02a2d936c7c22d0d585fb1e86ac05043bacb3a13", + "revisionTime": "2018-02-09T23:17:18Z" + }, { "checksumSHA1": "PkbOqDgZwhkn4iTXLQGM6tURyEg=", "path": "cloud.google.com/go/storage", @@ -924,6 +954,18 @@ "revision": "bbd03ef6da3a115852eaf24c8a1c46aeb39aa175", "revisionTime": "2018-02-02T18:43:18Z" }, + { + "checksumSHA1": "K61Qz4x9QeD2mACYgMP9fcpBqNg=", + "path": "github.com/golang/protobuf/ptypes/empty", + "revision": "bbd03ef6da3a115852eaf24c8a1c46aeb39aa175", + "revisionTime": "2018-02-02T18:43:18Z" + }, + { + "checksumSHA1": "Ylq6kq3KWBy6mu68oyEwenhNMdg=", + "path": "github.com/golang/protobuf/ptypes/struct", + "revision": "bbd03ef6da3a115852eaf24c8a1c46aeb39aa175", + "revisionTime": "2018-02-02T18:43:18Z" + }, { "checksumSHA1": "O2ItP5rmfrgxPufhjJXbFlXuyL8=", "path": "github.com/golang/protobuf/ptypes/timestamp", @@ -1596,6 +1638,72 @@ "revision": "b5b949564861e43a03568a0b134c135cf318e5c8", "revisionTime": "2018-02-05T16:51:14Z" }, + { + "checksumSHA1": "T6E5WE4ya5+xxdVM17GHEQagVBQ=", + "path": "go.opencensus.io/internal", + "revision": "c677fadc62beb6e789a19936910b8fd27d58b120", + "revisionTime": "2018-02-12T21:33:49Z" + }, + { + "checksumSHA1": "E5bJQ0feeTxO/UhYNXf8OhtIPCE=", + "path": "go.opencensus.io/internal/tagencoding", + "revision": "c677fadc62beb6e789a19936910b8fd27d58b120", + "revisionTime": "2018-02-12T21:33:49Z" + }, + { + "checksumSHA1": "TULyPTxHCf/O9TuCSdPOEFPrc7s=", + "path": "go.opencensus.io/plugin/grpc", + "revision": "c677fadc62beb6e789a19936910b8fd27d58b120", + "revisionTime": "2018-02-12T21:33:49Z" + }, + { + "checksumSHA1": "FpK3sNmeorx2cMCTlw9WRjSzkNk=", + "path": "go.opencensus.io/plugin/grpc/grpcstats", + "revision": "c677fadc62beb6e789a19936910b8fd27d58b120", + "revisionTime": "2018-02-12T21:33:49Z" + }, + { + "checksumSHA1": "H6vlQPy7AUc9FhNXJTRqUuZ/c10=", + "path": "go.opencensus.io/plugin/grpc/grpctrace", + "revision": "c677fadc62beb6e789a19936910b8fd27d58b120", + "revisionTime": "2018-02-12T21:33:49Z" + }, + { + "checksumSHA1": "vwjikcMeiQbk9jMacUBRgUtzSn4=", + "path": "go.opencensus.io/stats", + "revision": "c677fadc62beb6e789a19936910b8fd27d58b120", + "revisionTime": "2018-02-12T21:33:49Z" + }, + { + "checksumSHA1": "/Tp4ALEPuirxky1fK+48lQ0nX6s=", + "path": "go.opencensus.io/stats/internal", + "revision": "c677fadc62beb6e789a19936910b8fd27d58b120", + "revisionTime": "2018-02-12T21:33:49Z" + }, + { + "checksumSHA1": "JNSo4L16+5Etp9IG0AbAmEooAIU=", + "path": "go.opencensus.io/stats/view", + "revision": "c677fadc62beb6e789a19936910b8fd27d58b120", + "revisionTime": "2018-02-12T21:33:49Z" + }, + { + "checksumSHA1": "1bDiJUvD1xTmU/fVyLyy8RDIVZI=", + "path": "go.opencensus.io/tag", + "revision": "c677fadc62beb6e789a19936910b8fd27d58b120", + "revisionTime": "2018-02-12T21:33:49Z" + }, + { + "checksumSHA1": "6eXRvHxEgcHRArULJ18ytme2oVQ=", + "path": "go.opencensus.io/trace", + "revision": "c677fadc62beb6e789a19936910b8fd27d58b120", + "revisionTime": "2018-02-12T21:33:49Z" + }, + { + "checksumSHA1": "8BOq75KaUUwoxmDEXYUneF4XzgU=", + "path": "go.opencensus.io/trace/propagation", + "revision": "c677fadc62beb6e789a19936910b8fd27d58b120", + "revisionTime": "2018-02-12T21:33:49Z" + }, { "checksumSHA1": "oCH3J96RWvO8W4xjix47PModpio=", "path": "golang.org/x/crypto/bcrypt", @@ -1884,6 +1992,12 @@ "revision": "068431dcab1a5817548dd244d9795788a98329f4", "revisionTime": "2018-02-11T00:03:39Z" }, + { + "checksumSHA1": "aCztDqR0dcYCRMQd2/stuphdl4A=", + "path": "google.golang.org/api/transport/grpc", + "revision": "068431dcab1a5817548dd244d9795788a98329f4", + "revisionTime": "2018-02-11T00:03:39Z" + }, { "checksumSHA1": "ykzqoYJiMCS6LGBq/zszKFbxGeA=", "path": "google.golang.org/api/transport/http", @@ -1944,12 +2058,24 @@ "revision": "5bee14b453b4c71be47ec1781b0fa61c2ea182db", "revisionTime": "2017-12-12T22:30:47Z" }, + { + "checksumSHA1": "VA88sOHmVuIslrbHaWx9yEvjGjM=", + "path": "google.golang.org/appengine/internal/socket", + "revision": "5bee14b453b4c71be47ec1781b0fa61c2ea182db", + "revisionTime": "2017-12-12T22:30:47Z" + }, { "checksumSHA1": "QtAbHtHmDzcf6vOV9eqlCpKgjiw=", "path": "google.golang.org/appengine/internal/urlfetch", "revision": "5bee14b453b4c71be47ec1781b0fa61c2ea182db", "revisionTime": "2017-12-12T22:30:47Z" }, + { + "checksumSHA1": "MharNMGnQusRPdmBYXDxz2cCHPU=", + "path": "google.golang.org/appengine/socket", + "revision": "5bee14b453b4c71be47ec1781b0fa61c2ea182db", + "revisionTime": "2017-12-12T22:30:47Z" + }, { "checksumSHA1": "akOV9pYnCbcPA8wJUutSQVibdyg=", "path": "google.golang.org/appengine/urlfetch", @@ -1968,12 +2094,24 @@ "revision": "2b5a72b8730b0b16380010cfe5286c42108d88e7", "revisionTime": "2018-02-06T00:51:23Z" }, + { + "checksumSHA1": "jFYcF4oESOue0Vr+QBXiybMioog=", + "path": "google.golang.org/genproto/googleapis/rpc/errdetails", + "revision": "2b5a72b8730b0b16380010cfe5286c42108d88e7", + "revisionTime": "2018-02-06T00:51:23Z" + }, { "checksumSHA1": "Tc3BU26zThLzcyqbVtiSEp7EpU8=", "path": "google.golang.org/genproto/googleapis/rpc/status", "revision": "2b5a72b8730b0b16380010cfe5286c42108d88e7", "revisionTime": "2018-02-06T00:51:23Z" }, + { + "checksumSHA1": "a+4KHsX9NXEgy4uoFbokjCDs99k=", + "path": "google.golang.org/genproto/googleapis/spanner/v1", + "revision": "2b5a72b8730b0b16380010cfe5286c42108d88e7", + "revisionTime": "2018-02-06T00:51:23Z" + }, { "checksumSHA1": "YUtkD7piacEhvoNBOekphNdNK9A=", "path": "google.golang.org/grpc", @@ -2016,6 +2154,12 @@ "revision": "d50734d1d6ca477a72646f3022216ec39639f4cd", "revisionTime": "2018-02-08T21:15:38Z" }, + { + "checksumSHA1": "QbufP1o0bXrtd5XecqdRCK/Vl0M=", + "path": "google.golang.org/grpc/credentials/oauth", + "revision": "08d626137c87d1df11c1a0d5cb59207ce5ade4e6", + "revisionTime": "2018-02-12T19:10:37Z" + }, { "checksumSHA1": "mJTBJC0n9J2CV+tHX+dJosYOZmg=", "path": "google.golang.org/grpc/encoding", diff --git a/website/source/docs/configuration/storage/spanner.html.md b/website/source/docs/configuration/storage/spanner.html.md new file mode 100644 index 000000000000..dd6232f23004 --- /dev/null +++ b/website/source/docs/configuration/storage/spanner.html.md @@ -0,0 +1,145 @@ +--- +layout: "docs" +page_title: "Google Cloud Spanner - Storage Backends - Configuration" +sidebar_current: "docs-configuration-storage-spanner" +description: |- + The Google Cloud Spanner storage backend is used to persist Vault's data in + Spanner, a fully managed, mission-critical, relational database service that + offers transactional consistency at global scale. +--- + +# Spanner Storage Backend + +The Google Cloud Spanner storage backend is used to persist Vault's data in +[Spanner][spanner-docs], a fully managed, mission-critical, relational database +service that offers transactional consistency at global scale, schemas, SQL, and +automatic, synchronous replication for high availability. + +- **High Availability** – the Google Cloud Spanner storage backend supports high + availability. Because the Google Cloud Spanner storage backend uses the system + time on the Vault node to acquire sessions, clock skew across Vault servers + can cause lock contention. + +- **Community Supported** – the Google Cloud Spanner storage backend is + supported by the community. While it has undergone review by HashiCorp + employees, they may not be as knowledgeable about the technology. If you + encounter problems with them, you may be referred to the original author. + +```hcl +storage "spanner" { + database = "projects/my-project/instances/my-instance/databases/my-database" +} +``` + +For more information on schemas or Google Cloud Spanner, please see the [Google +Cloud Spanner documentation][spanner-docs]. + +## `spanner` Setup + +To use the Google Cloud Spanner Vault storage backend, you must have a Google +Cloud Platform account. Either using the API or web interface, create a database +and the following tables: + +-> You can choose "Edit as text" and copy-paste the following as the schema. +These are the default table names. If you choose to use different table names, +you will need to update the configuration accordingly. + +```sql +CREATE TABLE Vault ( + Key STRING(MAX) NOT NULL, + Value BYTES(MAX), +) PRIMARY KEY (Key); + +CREATE TABLE VaultHA ( + Key STRING(MAX) NOT NULL, + Value STRING(MAX), + Identity STRING(36) NOT NULL, + Timestamp TIMESTAMP NOT NULL, +) PRIMARY KEY (Key); +``` + +The Google Cloud Spanner storage backend does not support creating the table +automatically at this time, but this could be a future enhancement. For more +information on schemas or Google Cloud Spanner, please see the [Google Cloud +Spanner documentation][spanner-docs]. + +## `spanner` Authentication + +The Google Cloud Spanner Vault storage backend uses the official Google Cloud +Golang SDK. This means it supports the common ways of [providing credentials to +Google Cloud][cloud-creds]. + +1. The environment variable `GOOGLE_APPLICATION_CREDENTIALS`. This is specified +as the **path** to a Google Cloud credentials file, typically for a service +account. If this environment variable is present, the resulting credentials are +used. If the credentials are invalid, an error is returned. + +1. Default instance credentials. When no environment variable is present, the +default service account credentials are used. + +For more information on service accounts, please see the [Google Cloud Service +Accounts documentation][service-accounts]. + +To use this storage backend, the service account must have the following +minimum scope(s): + +```text +https://www.googleapis.com/auth/spanner.data +``` + +## `spanner` Parameters + +- `database` `(string: )` – Specifies the name of the database. Note + that this is specified as a "path" including the project ID and instance, for + example: + + ```text + projects/my-project/instances/my-instance/databases/my-database + ``` + +- `table` `(string: "Vault")` - Specifies the name of the table where + data will be stored and retrieved. + +- `max_parallel` `(int: 128)` - Specifies the maximum number of parallel + operations to take place. + +### High Availability Parameters + +- `ha_enabled` `(string: "false")` - Specifies if high availability mode is + enabled. This is a boolean value, but it is specified as a string like "true" + or "false". + +- `ha_table` `(string: "VaultHA")` - Specifies the name of the table to use for + storing high availability information. By default, this is the name of the + `table` suffixed with "HA". + +## `spanner` Examples + +### High Availability + +This example shows configuring Google Cloud Spanner with high availability +enabled. + +```hcl +storage "spanner" { + database = "projects/demo/instances/abc123/databases/vault-data" + ha_enabled = "true" +} +``` + +### Custom Tables + +This example shows listing custom table names for data and HA with the Google +Cloud Spanner Vault storage backend. + +```hcl +storage "spanner" { + database = "projects/demo/instances/abc123/databases/vault-data" + table = "VaultData" + ha_table = "VaultLeader" +} +``` + +[cloud-creds]: https://cloud.google.com/docs/authentication/production#providing_credentials_to_your_application +[service-accounts]: https://cloud.google.com/compute/docs/access/service-accounts +[spanner-docs]: https://cloud.google.com/spanner/docs/ diff --git a/website/source/layouts/docs.erb b/website/source/layouts/docs.erb index 7490fcff6be6..1a299eb7b3ed 100644 --- a/website/source/layouts/docs.erb +++ b/website/source/layouts/docs.erb @@ -147,6 +147,9 @@ > PostgreSQL + > + Spanner + > Cassandra From 32c81ea8c878b2ea29809c8d6f4b2305fafbf8f3 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Wed, 14 Feb 2018 20:31:45 -0500 Subject: [PATCH 141/178] changelog++ --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4573bcdd4c20..2abfa00c3463 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,8 @@ FEATURES: required within Okta, an Okta Push MFA flow can be used to successfully finish authentication. * **Manta Storage**: Joyent Triton Manta can now be used for Vault storage + * **Google Cloud Spanner Storage**: Google Cloud Spanner can now be used for + Vault storage IMPROVEMENTS: From b24cf9a8af2190e96c614205b8cdf06d8c4b6718 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Thu, 15 Feb 2018 09:11:56 -0500 Subject: [PATCH 142/178] Allow formatted data when using -field and -format together. (#3987) * Allow formatted data when using -field and -format together. As a special case, allows "data" to be passed in to get the entire data struct output. * If data exists in the output map use that instead when special casing --- command/format.go | 18 ++++++++++++++++-- command/util.go | 33 ++++++++++++++++++++++++++++----- 2 files changed, 44 insertions(+), 7 deletions(-) diff --git a/command/format.go b/command/format.go index 76d018acd5ca..d20e785bfedb 100644 --- a/command/format.go +++ b/command/format.go @@ -59,6 +59,7 @@ func outputWithFormat(ui cli.Ui, secret *api.Secret, data interface{}) int { type Formatter interface { Output(ui cli.Ui, secret *api.Secret, data interface{}) error + Format(data interface{}) ([]byte, error) } var Formatters = map[string]Formatter{ @@ -87,8 +88,12 @@ func Format(ui cli.Ui) string { // An output formatter for json output of an object type JsonFormatter struct{} +func (j JsonFormatter) Format(data interface{}) ([]byte, error) { + return json.MarshalIndent(data, "", " ") +} + func (j JsonFormatter) Output(ui cli.Ui, secret *api.Secret, data interface{}) error { - b, err := json.MarshalIndent(data, "", " ") + b, err := j.Format(data) if err != nil { return err } @@ -100,8 +105,12 @@ func (j JsonFormatter) Output(ui cli.Ui, secret *api.Secret, data interface{}) e type YamlFormatter struct { } +func (y YamlFormatter) Format(data interface{}) ([]byte, error) { + return yaml.Marshal(data) +} + func (y YamlFormatter) Output(ui cli.Ui, secret *api.Secret, data interface{}) error { - b, err := yaml.Marshal(data) + b, err := y.Format(data) if err == nil { ui.Output(strings.TrimSpace(string(b))) } @@ -112,6 +121,11 @@ func (y YamlFormatter) Output(ui cli.Ui, secret *api.Secret, data interface{}) e type TableFormatter struct { } +// We don't use this +func (t TableFormatter) Format(data interface{}) ([]byte, error) { + return nil, nil +} + func (t TableFormatter) Output(ui cli.Ui, secret *api.Secret, data interface{}) error { switch data.(type) { case *api.Secret: diff --git a/command/util.go b/command/util.go index f6268d392771..04e04fc6a9d1 100644 --- a/command/util.go +++ b/command/util.go @@ -34,7 +34,7 @@ func DefaultTokenHelper() (token.TokenHelper, error) { // RawField extracts the raw field from the given data and returns it as a // string for printing purposes. -func RawField(secret *api.Secret, field string) (string, bool) { +func RawField(secret *api.Secret, field string) (interface{}, bool) { var val interface{} switch { case secret.Auth != nil: @@ -75,24 +75,47 @@ func RawField(secret *api.Secret, field string) (string, bool) { switch field { case "refresh_interval": val = secret.LeaseDuration + case "data": + var ok bool + val, ok = secret.Data["data"] + if !ok { + val = secret.Data + } default: val = secret.Data[field] } } - str := fmt.Sprintf("%v", val) - return str, val != nil + return val, val != nil } // PrintRawField prints raw field from the secret. func PrintRawField(ui cli.Ui, secret *api.Secret, field string) int { - str, ok := RawField(secret, field) + val, ok := RawField(secret, field) if !ok { ui.Error(fmt.Sprintf("Field %q not present in secret", field)) return 1 } - return PrintRaw(ui, str) + format := Format(ui) + if format == "" || format == "table" { + return PrintRaw(ui, fmt.Sprintf("%v", val)) + } + + // Handle specific format flags as best as possible + formatter, ok := Formatters[format] + if !ok { + ui.Error(fmt.Sprintf("Invalid output format: %s", format)) + return 1 + } + + b, err := formatter.Format(val) + if err != nil { + ui.Error(fmt.Sprintf("Error formatting output: %s", err)) + return 1 + } + + return PrintRaw(ui, string(b)) } // PrintRaw prints a raw value to the terminal. If the process is being "piped" From e36a49fdf19055f0281f0c3e4c1b13e83373cea8 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Thu, 15 Feb 2018 17:11:48 -0500 Subject: [PATCH 143/178] Add some info about cert reloading behavior on SIGHUP CC #3990 --- website/source/docs/configuration/listener/tcp.html.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/website/source/docs/configuration/listener/tcp.html.md b/website/source/docs/configuration/listener/tcp.html.md index c18684d72265..45d70a982e69 100644 --- a/website/source/docs/configuration/listener/tcp.html.md +++ b/website/source/docs/configuration/listener/tcp.html.md @@ -50,13 +50,17 @@ listener "tcp" { Specifies the path to the certificate for TLS. To configure the listener to use a CA certificate, concatenate the primary certificate and the CA certificate together. The primary certificate should appear first in the - combined file. + combined file. On `SIGHUP`, the path set here _at Vault startup_ will be used + for reloading the certificate; modifying this value while Vault is running + will have no effect for `SIGHUP`s. - `tls_key_file` `(string: , reloads-on-SIGHUP)` – Specifies the path to the private key for the certificate. If the key file is encrypted, you will be prompted to enter the passphrase on server startup. The passphrase must stay the same between key files when reloading your - configuration using SIGHUP. + configuration using `SIGHUP`. On `SIGHUP`, the path set here _at Vault + startup_ will be used for reloading the certificate; modifying this value + while Vault is running will have no effect for `SIGHUP`s. - `tls_min_version` `(string: "tls12")` – Specifies the minimum supported version of TLS. Accepted values are "tls10", "tls11" or "tls12". From a2139a1d8ebcf5ccad6386e8abdf7d1871c82721 Mon Sep 17 00:00:00 2001 From: Matthew Irish Date: Thu, 15 Feb 2018 16:15:53 -0600 Subject: [PATCH 144/178] changelog ++ --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2abfa00c3463..692613b95e9c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -30,6 +30,7 @@ IMPROVEMENTS: properly handle IDNA transformations for these DNS names [GH-3953] * secret/ssh: Add `valid-principles` flag to CLI for CA mode [GH-3922] * storage/manta: Add Manta storage [GH-3270] + * ui (Enterprise): Support for ChaCha20-Poly1305 keys in the transit engine. BUG FIXES: @@ -60,6 +61,8 @@ BUG FIXES: * storage/etcd3: Fix large lists (like token loading at startup) not being handled [GH-3772] * storage/zookeeper: Update vendoring to fix freezing issues [GH-3896] + * ui (Enterprise): Decoding the replication token should no longer error and prevent enabling + of a secondary replication cluster via the ui. ## 0.9.3 (January 28th, 2018) From e8c5d89ec06095217b87358860935a4086a8c5e9 Mon Sep 17 00:00:00 2001 From: Brian Kassouf Date: Thu, 15 Feb 2018 14:20:50 -0800 Subject: [PATCH 145/178] plugin/gRPC: Add more documentation to the proto file (#3988) * plugin/gRPC: Add more documentation to the proto file * Fix typo * Update comments --- logical/plugin/pb/backend.pb.go | 107 +++++++++++++++++ logical/plugin/pb/backend.proto | 202 ++++++++++++++++++++++---------- 2 files changed, 248 insertions(+), 61 deletions(-) diff --git a/logical/plugin/pb/backend.pb.go b/logical/plugin/pb/backend.pb.go index 10279e9ac5f8..622cf17babb2 100644 --- a/logical/plugin/pb/backend.pb.go +++ b/logical/plugin/pb/backend.pb.go @@ -97,6 +97,17 @@ func (m *Header) GetHeader() []string { } type ProtoError struct { + // Error type can be one of: + // ErrTypeUnknown uint32 = iota + // ErrTypeUserError + // ErrTypeInternalError + // ErrTypeCodedError + // ErrTypeStatusBadRequest + // ErrTypeUnsupportedOperation + // ErrTypeUnsupportedPath + // ErrTypeInvalidRequest + // ErrTypePermissionDenied + // ErrTypeMultiAuthzPending ErrType uint32 `sentinel:"" protobuf:"varint,1,opt,name=err_type,json=errType" json:"err_type,omitempty"` ErrMsg string `sentinel:"" protobuf:"bytes,2,opt,name=err_msg,json=errMsg" json:"err_msg,omitempty"` ErrCode int64 `sentinel:"" protobuf:"varint,3,opt,name=err_code,json=errCode" json:"err_code,omitempty"` @@ -1455,12 +1466,37 @@ const _ = grpc.SupportPackageIsVersion4 // Client API for Backend service type BackendClient interface { + // HandleRequest is used to handle a request and generate a response. + // The plugins must check the operation type and handle appropriately. HandleRequest(ctx context.Context, in *HandleRequestArgs, opts ...grpc.CallOption) (*HandleRequestReply, error) + // SpecialPaths is a list of paths that are special in some way. + // See PathType for the types of special paths. The key is the type + // of the special path, and the value is a list of paths for this type. + // This is not a regular expression but is an exact match. If the path + // ends in '*' then it is a prefix-based match. The '*' can only appear + // at the end. SpecialPaths(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*SpecialPathsReply, error) + // HandleExistenceCheck is used to handle a request and generate a response + // indicating whether the given path exists or not; this is used to + // understand whether the request must have a Create or Update capability + // ACL applied. The first bool indicates whether an existence check + // function was found for the backend; the second indicates whether, if an + // existence check function was found, the item exists or not. HandleExistenceCheck(ctx context.Context, in *HandleExistenceCheckArgs, opts ...grpc.CallOption) (*HandleExistenceCheckReply, error) + // Cleanup is invoked during an unmount of a backend to allow it to + // handle any cleanup like connection closing or releasing of file handles. + // Cleanup is called right before Vault closes the plugin process. Cleanup(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) + // InvalidateKey may be invoked when an object is modified that belongs + // to the backend. The backend can use this to clear any caches or reset + // internal state as needed. InvalidateKey(ctx context.Context, in *InvalidateKeyArgs, opts ...grpc.CallOption) (*Empty, error) + // Setup is used to set up the backend based on the provided backend + // configuration. The plugin's setup implementation should use the provided + // broker_id to create a connection back to Vault for use with the Storage + // and SystemView clients. Setup(ctx context.Context, in *SetupArgs, opts ...grpc.CallOption) (*SetupReply, error) + // Type returns the BackendType for the particular backend Type(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*TypeReply, error) } @@ -1538,12 +1574,37 @@ func (c *backendClient) Type(ctx context.Context, in *Empty, opts ...grpc.CallOp // Server API for Backend service type BackendServer interface { + // HandleRequest is used to handle a request and generate a response. + // The plugins must check the operation type and handle appropriately. HandleRequest(context.Context, *HandleRequestArgs) (*HandleRequestReply, error) + // SpecialPaths is a list of paths that are special in some way. + // See PathType for the types of special paths. The key is the type + // of the special path, and the value is a list of paths for this type. + // This is not a regular expression but is an exact match. If the path + // ends in '*' then it is a prefix-based match. The '*' can only appear + // at the end. SpecialPaths(context.Context, *Empty) (*SpecialPathsReply, error) + // HandleExistenceCheck is used to handle a request and generate a response + // indicating whether the given path exists or not; this is used to + // understand whether the request must have a Create or Update capability + // ACL applied. The first bool indicates whether an existence check + // function was found for the backend; the second indicates whether, if an + // existence check function was found, the item exists or not. HandleExistenceCheck(context.Context, *HandleExistenceCheckArgs) (*HandleExistenceCheckReply, error) + // Cleanup is invoked during an unmount of a backend to allow it to + // handle any cleanup like connection closing or releasing of file handles. + // Cleanup is called right before Vault closes the plugin process. Cleanup(context.Context, *Empty) (*Empty, error) + // InvalidateKey may be invoked when an object is modified that belongs + // to the backend. The backend can use this to clear any caches or reset + // internal state as needed. InvalidateKey(context.Context, *InvalidateKeyArgs) (*Empty, error) + // Setup is used to set up the backend based on the provided backend + // configuration. The plugin's setup implementation should use the provided + // broker_id to create a connection back to Vault for use with the Storage + // and SystemView clients. Setup(context.Context, *SetupArgs) (*SetupReply, error) + // Type returns the BackendType for the particular backend Type(context.Context, *Empty) (*TypeReply, error) } @@ -1880,14 +1941,37 @@ var _Storage_serviceDesc = grpc.ServiceDesc{ // Client API for SystemView service type SystemViewClient interface { + // DefaultLeaseTTL returns the default lease TTL set in Vault configuration DefaultLeaseTTL(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*TTLReply, error) + // MaxLeaseTTL returns the max lease TTL set in Vault configuration; backend + // authors should take care not to issue credentials that last longer than + // this value, as Vault will revoke them MaxLeaseTTL(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*TTLReply, error) + // SudoPrivilege returns true if given path has sudo privileges + // for the given client token SudoPrivilege(ctx context.Context, in *SudoPrivilegeArgs, opts ...grpc.CallOption) (*SudoPrivilegeReply, error) + // Returns true if the mount is tainted. A mount is tainted if it is in the + // process of being unmounted. This should only be used in special + // circumstances; a primary use-case is as a guard in revocation functions. + // If revocation of a backend's leases fails it can keep the unmounting + // process from being successful. If the reason for this failure is not + // relevant when the mount is tainted (for instance, saving a CRL to disk + // when the stored CRL will be removed during the unmounting process + // anyways), we can ignore the errors to allow unmounting to complete. Tainted(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*TaintedReply, error) + // Returns true if caching is disabled. If true, no caches should be used, + // despite known slowdowns. CachingDisabled(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*CachingDisabledReply, error) + // ReplicationState indicates the state of cluster replication ReplicationState(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*ReplicationStateReply, error) + // ResponseWrapData wraps the given data in a cubbyhole and returns the + // token used to unwrap. ResponseWrapData(ctx context.Context, in *ResponseWrapDataArgs, opts ...grpc.CallOption) (*ResponseWrapDataReply, error) + // MlockEnabled returns the configuration setting for enabling mlock on + // plugins. MlockEnabled(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*MlockEnabledReply, error) + // When run from a system view attached to a request, indicates whether the + // request is affecting a local mount or not LocalMount(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*LocalMountReply, error) } @@ -1983,14 +2067,37 @@ func (c *systemViewClient) LocalMount(ctx context.Context, in *Empty, opts ...gr // Server API for SystemView service type SystemViewServer interface { + // DefaultLeaseTTL returns the default lease TTL set in Vault configuration DefaultLeaseTTL(context.Context, *Empty) (*TTLReply, error) + // MaxLeaseTTL returns the max lease TTL set in Vault configuration; backend + // authors should take care not to issue credentials that last longer than + // this value, as Vault will revoke them MaxLeaseTTL(context.Context, *Empty) (*TTLReply, error) + // SudoPrivilege returns true if given path has sudo privileges + // for the given client token SudoPrivilege(context.Context, *SudoPrivilegeArgs) (*SudoPrivilegeReply, error) + // Returns true if the mount is tainted. A mount is tainted if it is in the + // process of being unmounted. This should only be used in special + // circumstances; a primary use-case is as a guard in revocation functions. + // If revocation of a backend's leases fails it can keep the unmounting + // process from being successful. If the reason for this failure is not + // relevant when the mount is tainted (for instance, saving a CRL to disk + // when the stored CRL will be removed during the unmounting process + // anyways), we can ignore the errors to allow unmounting to complete. Tainted(context.Context, *Empty) (*TaintedReply, error) + // Returns true if caching is disabled. If true, no caches should be used, + // despite known slowdowns. CachingDisabled(context.Context, *Empty) (*CachingDisabledReply, error) + // ReplicationState indicates the state of cluster replication ReplicationState(context.Context, *Empty) (*ReplicationStateReply, error) + // ResponseWrapData wraps the given data in a cubbyhole and returns the + // token used to unwrap. ResponseWrapData(context.Context, *ResponseWrapDataArgs) (*ResponseWrapDataReply, error) + // MlockEnabled returns the configuration setting for enabling mlock on + // plugins. MlockEnabled(context.Context, *Empty) (*MlockEnabledReply, error) + // When run from a system view attached to a request, indicates whether the + // request is affecting a local mount or not LocalMount(context.Context, *Empty) (*LocalMountReply, error) } diff --git a/logical/plugin/pb/backend.proto b/logical/plugin/pb/backend.proto index 64ef52e4da15..2758bfd7e877 100644 --- a/logical/plugin/pb/backend.proto +++ b/logical/plugin/pb/backend.proto @@ -6,13 +6,24 @@ import "google/protobuf/timestamp.proto"; message Empty {} message Header { - repeated string header = 1; + repeated string header = 1; } message ProtoError { - uint32 err_type = 1; - string err_msg = 2; - int64 err_code = 3; + // Error type can be one of: + // ErrTypeUnknown uint32 = iota + // ErrTypeUserError + // ErrTypeInternalError + // ErrTypeCodedError + // ErrTypeStatusBadRequest + // ErrTypeUnsupportedOperation + // ErrTypeUnsupportedPath + // ErrTypeInvalidRequest + // ErrTypePermissionDenied + // ErrTypeMultiAuthzPending + uint32 err_type = 1; + string err_msg = 2; + int64 err_code = 3; } // Paths is the structure of special paths that is used for SpecialPaths. @@ -51,7 +62,7 @@ message Request { string path = 4; // Request data is a JSON object that must have keys with string type. - string data = 5; + string data = 5; // Secret will be non-nil only for Revoke and Renew operations // to represent the secret that was returned prior. @@ -129,9 +140,9 @@ message Alias { } message Auth { - LeaseOptions lease_options = 1; + LeaseOptions lease_options = 1; - // InternalData is a JSON object that is stored with the auth struct. + // InternalData is a JSON object that is stored with the auth struct. // This will be sent back during a Renew/Revoke for storing internal data // used for those operations. string internal_data = 2; @@ -189,17 +200,17 @@ message Auth { } message LeaseOptions { - int64 TTL = 1; - - bool renewable = 2; + int64 TTL = 1; + + bool renewable = 2; - int64 increment = 3; + int64 increment = 3; - google.protobuf.Timestamp issue_time = 4; + google.protobuf.Timestamp issue_time = 4; } message Secret { - LeaseOptions lease_options = 1; + LeaseOptions lease_options = 1; // InternalData is a JSON object that is stored with the secret. // This will be sent back during a Renew/Revoke for storing internal data @@ -241,7 +252,7 @@ message Response { } message ResponseWrapInfo { - // Setting to non-zero specifies that the response should be wrapped. + // Setting to non-zero specifies that the response should be wrapped. // Specifies the desired TTL of the wrapping token. int64 TTL = 1; @@ -275,7 +286,7 @@ message ResponseWrapInfo { } message RequestWrapInfo { - // Setting to non-zero specifies that the response should be wrapped. + // Setting to non-zero specifies that the response should be wrapped. // Specifies the desired TTL of the wrapping token. int64 TTL = 1; @@ -285,7 +296,7 @@ message RequestWrapInfo { // A flag to conforming backends that data for a given request should be // seal wrapped - bool seal_wrap = 3; + bool seal_wrap = 3; } // HandleRequestArgs is the args for HandleRequest method. @@ -335,17 +346,51 @@ message TypeReply { } message InvalidateKeyArgs { - string key = 1; + string key = 1; } +// Backend is the interface that plugins must satisfy. The plugin should +// implement the server for this service. Requests will first run the +// HandleExistanceCheck rpc then run the HandleRequests rpc. service Backend { - rpc HandleRequest(HandleRequestArgs) returns (HandleRequestReply); - rpc SpecialPaths(Empty) returns (SpecialPathsReply); - rpc HandleExistenceCheck(HandleExistenceCheckArgs) returns (HandleExistenceCheckReply); - rpc Cleanup(Empty) returns (Empty); - rpc InvalidateKey(InvalidateKeyArgs) returns (Empty); - rpc Setup(SetupArgs) returns (SetupReply); - rpc Type(Empty) returns (TypeReply); + // HandleRequest is used to handle a request and generate a response. + // The plugins must check the operation type and handle appropriately. + rpc HandleRequest(HandleRequestArgs) returns (HandleRequestReply); + + // SpecialPaths is a list of paths that are special in some way. + // See PathType for the types of special paths. The key is the type + // of the special path, and the value is a list of paths for this type. + // This is not a regular expression but is an exact match. If the path + // ends in '*' then it is a prefix-based match. The '*' can only appear + // at the end. + rpc SpecialPaths(Empty) returns (SpecialPathsReply); + + // HandleExistenceCheck is used to handle a request and generate a response + // indicating whether the given path exists or not; this is used to + // understand whether the request must have a Create or Update capability + // ACL applied. The first bool indicates whether an existence check + // function was found for the backend; the second indicates whether, if an + // existence check function was found, the item exists or not. + rpc HandleExistenceCheck(HandleExistenceCheckArgs) returns (HandleExistenceCheckReply); + + // Cleanup is invoked during an unmount of a backend to allow it to + // handle any cleanup like connection closing or releasing of file handles. + // Cleanup is called right before Vault closes the plugin process. + rpc Cleanup(Empty) returns (Empty); + + // InvalidateKey may be invoked when an object is modified that belongs + // to the backend. The backend can use this to clear any caches or reset + // internal state as needed. + rpc InvalidateKey(InvalidateKeyArgs) returns (Empty); + + // Setup is used to set up the backend based on the provided backend + // configuration. The plugin's setup implementation should use the provided + // broker_id to create a connection back to Vault for use with the Storage + // and SystemView clients. + rpc Setup(SetupArgs) returns (SetupReply); + + // Type returns the BackendType for the particular backend + rpc Type(Empty) returns (TypeReply); } message StorageEntry { @@ -355,98 +400,133 @@ message StorageEntry { } message StorageListArgs { - string prefix = 1; + string prefix = 1; } message StorageListReply { - repeated string keys = 1; - string err = 2; + repeated string keys = 1; + string err = 2; } message StorageGetArgs { - string key = 1; + string key = 1; } message StorageGetReply { - StorageEntry entry = 1; - string err = 2; + StorageEntry entry = 1; + string err = 2; } message StoragePutArgs { - StorageEntry entry = 1; + StorageEntry entry = 1; } message StoragePutReply { - string err = 1; + string err = 1; } message StorageDeleteArgs { - string key = 1; + string key = 1; } message StorageDeleteReply { - string err = 1; + string err = 1; } +// Storage is the way that plugins are able read/write data. Plugins should +// implement the client for this service. service Storage { - rpc List(StorageListArgs) returns (StorageListReply); - rpc Get(StorageGetArgs) returns (StorageGetReply); - rpc Put(StoragePutArgs) returns (StoragePutReply); - rpc Delete(StorageDeleteArgs) returns (StorageDeleteReply); + rpc List(StorageListArgs) returns (StorageListReply); + rpc Get(StorageGetArgs) returns (StorageGetReply); + rpc Put(StoragePutArgs) returns (StoragePutReply); + rpc Delete(StorageDeleteArgs) returns (StorageDeleteReply); } message TTLReply { - int64 TTL = 1; + int64 TTL = 1; } message SudoPrivilegeArgs { - string path = 1; - string token = 2; + string path = 1; + string token = 2; } message SudoPrivilegeReply { - bool sudo = 1; + bool sudo = 1; } message TaintedReply { - bool tainted = 1; + bool tainted = 1; } message CachingDisabledReply { - bool disabled = 1; + bool disabled = 1; } message ReplicationStateReply { - int32 state = 1; + int32 state = 1; } message ResponseWrapDataArgs { - string data = 1; - int64 TTL = 2; - bool JWT = 3; + string data = 1; + int64 TTL = 2; + bool JWT = 3; } message ResponseWrapDataReply { - ResponseWrapInfo wrap_info = 1; - string err = 2; + ResponseWrapInfo wrap_info = 1; + string err = 2; } message MlockEnabledReply { - bool enabled = 1; + bool enabled = 1; } message LocalMountReply { - bool local = 1; + bool local = 1; } +// SystemView exposes system configuration information in a safe way for plugins +// to consume. Plugins should implement the client for this service. service SystemView { - rpc DefaultLeaseTTL(Empty) returns (TTLReply); - rpc MaxLeaseTTL(Empty) returns (TTLReply); - rpc SudoPrivilege(SudoPrivilegeArgs) returns (SudoPrivilegeReply); - rpc Tainted(Empty) returns (TaintedReply); - rpc CachingDisabled(Empty) returns (CachingDisabledReply); - rpc ReplicationState(Empty) returns (ReplicationStateReply); - rpc ResponseWrapData(ResponseWrapDataArgs) returns (ResponseWrapDataReply); - rpc MlockEnabled(Empty) returns (MlockEnabledReply); - rpc LocalMount(Empty) returns (LocalMountReply); + // DefaultLeaseTTL returns the default lease TTL set in Vault configuration + rpc DefaultLeaseTTL(Empty) returns (TTLReply); + + // MaxLeaseTTL returns the max lease TTL set in Vault configuration; backend + // authors should take care not to issue credentials that last longer than + // this value, as Vault will revoke them + rpc MaxLeaseTTL(Empty) returns (TTLReply); + + // SudoPrivilege returns true if given path has sudo privileges + // for the given client token + rpc SudoPrivilege(SudoPrivilegeArgs) returns (SudoPrivilegeReply); + + // Tainted, returns true if the mount is tainted. A mount is tainted if it is in the + // process of being unmounted. This should only be used in special + // circumstances; a primary use-case is as a guard in revocation functions. + // If revocation of a backend's leases fails it can keep the unmounting + // process from being successful. If the reason for this failure is not + // relevant when the mount is tainted (for instance, saving a CRL to disk + // when the stored CRL will be removed during the unmounting process + // anyways), we can ignore the errors to allow unmounting to complete. + rpc Tainted(Empty) returns (TaintedReply); + + // CachingDisabled returns true if caching is disabled. If true, no caches + // should be used, despite known slowdowns. + rpc CachingDisabled(Empty) returns (CachingDisabledReply); + + // ReplicationState indicates the state of cluster replication + rpc ReplicationState(Empty) returns (ReplicationStateReply); + + // ResponseWrapData wraps the given data in a cubbyhole and returns the + // token used to unwrap. + rpc ResponseWrapData(ResponseWrapDataArgs) returns (ResponseWrapDataReply); + + // MlockEnabled returns the configuration setting for enabling mlock on + // plugins. + rpc MlockEnabled(Empty) returns (MlockEnabledReply); + + // LocalMount, when run from a system view attached to a request, indicates + // whether the request is affecting a local mount or not + rpc LocalMount(Empty) returns (LocalMountReply); } From 40445b7d7335f3597749e5d03ee2d4d4bcbbd1f7 Mon Sep 17 00:00:00 2001 From: Seth Vargo Date: Thu, 15 Feb 2018 18:30:31 -0500 Subject: [PATCH 146/178] Add useragent helper (#3991) * Add useragent package This helper provides a consistent user-agent header for Vault, taking into account different versions. * Add user-agent headers to spanner and gcs --- helper/useragent/useragent.go | 29 +++++++++++++++++++++++++++++ helper/useragent/useragent_test.go | 18 ++++++++++++++++++ physical/gcs/gcs.go | 9 ++++++--- physical/spanner/spanner.go | 6 +++++- 4 files changed, 58 insertions(+), 4 deletions(-) create mode 100644 helper/useragent/useragent.go create mode 100644 helper/useragent/useragent_test.go diff --git a/helper/useragent/useragent.go b/helper/useragent/useragent.go new file mode 100644 index 000000000000..e81325448209 --- /dev/null +++ b/helper/useragent/useragent.go @@ -0,0 +1,29 @@ +package useragent + +import ( + "fmt" + "runtime" + + "github.com/hashicorp/vault/version" +) + +var ( + // projectURL is the project URL. + projectURL = "https://www.vaultproject.io/" + + // rt is the runtime - variable for tests. + rt = runtime.Version() + + // versionFunc is the func that returns the current version. This is a + // function to take into account the different build processes and distinguish + // between enterprise and oss builds. + versionFunc = func() string { + return version.GetVersion().VersionNumber() + } +) + +// String returns the consistent user-agent string for Vault. +func String() string { + return fmt.Sprintf("Vault/%s (+%s; %s)", + versionFunc(), projectURL, rt) +} diff --git a/helper/useragent/useragent_test.go b/helper/useragent/useragent_test.go new file mode 100644 index 000000000000..cb0cf32942c9 --- /dev/null +++ b/helper/useragent/useragent_test.go @@ -0,0 +1,18 @@ +package useragent + +import ( + "testing" +) + +func TestUserAgent(t *testing.T) { + projectURL = "https://vault-test.com" + rt = "go5.0" + versionFunc = func() string { return "1.2.3" } + + act := String() + + exp := "Vault/1.2.3 (+https://vault-test.com; go5.0)" + if exp != act { + t.Errorf("expected %q to be %q", act, exp) + } +} diff --git a/physical/gcs/gcs.go b/physical/gcs/gcs.go index e9748a5209dd..c81e0489699f 100644 --- a/physical/gcs/gcs.go +++ b/physical/gcs/gcs.go @@ -10,6 +10,7 @@ import ( "time" "github.com/hashicorp/errwrap" + "github.com/hashicorp/vault/helper/useragent" "github.com/hashicorp/vault/physical" log "github.com/mgutz/logxi/v1" @@ -84,8 +85,8 @@ func newGCSClient(ctx context.Context, conf map[string]string, logger log.Logger // else use application default credentials credentialsFile, ok := conf["credentials_file"] if ok { - client, err := storage.NewClient( - ctx, + client, err := storage.NewClient(ctx, + option.WithUserAgent(useragent.String()), option.WithServiceAccountFile(credentialsFile), ) @@ -95,7 +96,9 @@ func newGCSClient(ctx context.Context, conf map[string]string, logger log.Logger return client, nil } - client, err := storage.NewClient(ctx) + client, err := storage.NewClient(ctx, + option.WithUserAgent(useragent.String()), + ) if err != nil { return nil, errwrap.Wrapf("error with application default credentials: {{err}}", err) } diff --git a/physical/spanner/spanner.go b/physical/spanner/spanner.go index e6428e655b5c..48f654494df8 100644 --- a/physical/spanner/spanner.go +++ b/physical/spanner/spanner.go @@ -11,9 +11,11 @@ import ( metrics "github.com/armon/go-metrics" "github.com/hashicorp/errwrap" "github.com/hashicorp/vault/helper/strutil" + "github.com/hashicorp/vault/helper/useragent" "github.com/hashicorp/vault/physical" log "github.com/mgutz/logxi/v1" "google.golang.org/api/iterator" + "google.golang.org/api/option" "google.golang.org/grpc/codes" "cloud.google.com/go/spanner" @@ -151,7 +153,9 @@ func NewBackend(c map[string]string, logger log.Logger) (physical.Backend, error logger.Debug("physical/spanner: creating client") ctx := context.Background() - client, err := spanner.NewClient(ctx, database) + client, err := spanner.NewClient(ctx, database, + option.WithUserAgent(useragent.String()), + ) if err != nil { return nil, errwrap.Wrapf("failed to create spanner client: {{err}}", err) } From 324422162ae7844f8d17b6a2c97090f990345826 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Fri, 16 Feb 2018 11:09:36 -0500 Subject: [PATCH 147/178] Also exclude init command from race detector --- command/operator_init_test.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/command/operator_init_test.go b/command/operator_init_test.go index f398dd37560f..2698c1ae7825 100644 --- a/command/operator_init_test.go +++ b/command/operator_init_test.go @@ -1,3 +1,5 @@ +// +build !race + package command import ( From 9db39c8d09bdf235045deccb64b580ccc230f201 Mon Sep 17 00:00:00 2001 From: Mohsen Date: Fri, 16 Feb 2018 16:11:17 +0000 Subject: [PATCH 148/178] Maximum number of retries aws sdk attempts for recoverable exceptions. (#3965) --- builtin/credential/aws/client.go | 3 +++ builtin/credential/aws/path_config_client.go | 14 ++++++++++++++ builtin/logical/aws/client.go | 3 +++ builtin/logical/aws/path_config_root.go | 9 +++++++++ 4 files changed, 29 insertions(+) diff --git a/builtin/credential/aws/client.go b/builtin/credential/aws/client.go index 761ddeb55acf..13bc17ba7b24 100644 --- a/builtin/credential/aws/client.go +++ b/builtin/credential/aws/client.go @@ -34,6 +34,7 @@ func (b *backend) getRawClientConfig(ctx context.Context, s logical.Storage, reg } endpoint := aws.String("") + var maxRetries int = aws.UseServiceDefaultRetries if config != nil { // Override the default endpoint with the configured endpoint. switch { @@ -47,6 +48,7 @@ func (b *backend) getRawClientConfig(ctx context.Context, s logical.Storage, reg credsConfig.AccessKey = config.AccessKey credsConfig.SecretKey = config.SecretKey + maxRetries = config.MaxRetries } credsConfig.HTTPClient = cleanhttp.DefaultClient() @@ -65,6 +67,7 @@ func (b *backend) getRawClientConfig(ctx context.Context, s logical.Storage, reg Region: aws.String(region), HTTPClient: cleanhttp.DefaultClient(), Endpoint: endpoint, + MaxRetries: aws.Int(maxRetries), }, nil } diff --git a/builtin/credential/aws/path_config_client.go b/builtin/credential/aws/path_config_client.go index 0d7532ce4b00..05e080af5b78 100644 --- a/builtin/credential/aws/path_config_client.go +++ b/builtin/credential/aws/path_config_client.go @@ -3,6 +3,7 @@ package awsauth import ( "context" + "github.com/aws/aws-sdk-go/aws" "github.com/fatih/structs" "github.com/hashicorp/vault/logical" "github.com/hashicorp/vault/logical/framework" @@ -47,6 +48,11 @@ func pathConfigClient(b *backend) *framework.Path { Default: "", Description: "Value to require in the X-Vault-AWS-IAM-Server-ID request header", }, + "max_retries": &framework.FieldSchema{ + Type: framework.TypeInt, + Default: aws.UseServiceDefaultRetries, + Description: "Maximum number of retries for recoverable exceptions of AWS APIs", + }, }, ExistenceCheck: b.pathConfigClientExistenceCheck, @@ -220,6 +226,13 @@ func (b *backend) pathConfigClientCreateUpdate(ctx context.Context, req *logical configEntry.IAMServerIdHeaderValue = data.Get("iam_server_id_header_value").(string) } + maxRetriesInt, ok := data.GetOk("max_retries") + if ok { + configEntry.MaxRetries = maxRetriesInt.(int) + } else if req.Operation == logical.CreateOperation { + configEntry.MaxRetries = data.Get("max_retries").(int) + } + // Since this endpoint supports both create operation and update operation, // the error checks for access_key and secret_key not being set are not present. // This allows calling this endpoint multiple times to provide the values. @@ -254,6 +267,7 @@ type clientConfig struct { IAMEndpoint string `json:"iam_endpoint" structs:"iam_endpoint" mapstructure:"iam_endpoint"` STSEndpoint string `json:"sts_endpoint" structs:"sts_endpoint" mapstructure:"sts_endpoint"` IAMServerIdHeaderValue string `json:"iam_server_id_header_value" structs:"iam_server_id_header_value" mapstructure:"iam_server_id_header_value"` + MaxRetries int `json:"max_retries"` } const pathConfigClientHelpSyn = ` diff --git a/builtin/logical/aws/client.go b/builtin/logical/aws/client.go index 91309ad28aae..7787cfa679d2 100644 --- a/builtin/logical/aws/client.go +++ b/builtin/logical/aws/client.go @@ -17,6 +17,7 @@ import ( func getRootConfig(ctx context.Context, s logical.Storage, clientType string) (*aws.Config, error) { credsConfig := &awsutil.CredentialsConfig{} var endpoint string + var maxRetries int = aws.UseServiceDefaultRetries entry, err := s.Get(ctx, "config/root") if err != nil { @@ -31,6 +32,7 @@ func getRootConfig(ctx context.Context, s logical.Storage, clientType string) (* credsConfig.AccessKey = config.AccessKey credsConfig.SecretKey = config.SecretKey credsConfig.Region = config.Region + maxRetries = config.MaxRetries switch { case clientType == "iam" && config.IAMEndpoint != "": endpoint = *aws.String(config.IAMEndpoint) @@ -61,6 +63,7 @@ func getRootConfig(ctx context.Context, s logical.Storage, clientType string) (* Region: aws.String(credsConfig.Region), Endpoint: &endpoint, HTTPClient: cleanhttp.DefaultClient(), + MaxRetries: aws.Int(maxRetries), }, nil } diff --git a/builtin/logical/aws/path_config_root.go b/builtin/logical/aws/path_config_root.go index d420c1ef10f0..12d8142928ca 100644 --- a/builtin/logical/aws/path_config_root.go +++ b/builtin/logical/aws/path_config_root.go @@ -3,6 +3,7 @@ package aws import ( "context" + "github.com/aws/aws-sdk-go/aws" "github.com/hashicorp/vault/logical" "github.com/hashicorp/vault/logical/framework" ) @@ -33,6 +34,11 @@ func pathConfigRoot() *framework.Path { Type: framework.TypeString, Description: "Endpoint to custom STS server URL", }, + "max_retries": &framework.FieldSchema{ + Type: framework.TypeInt, + Default: aws.UseServiceDefaultRetries, + Description: "Maximum number of retries for recoverable exceptions of AWS APIs", + }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ @@ -48,6 +54,7 @@ func pathConfigRootWrite(ctx context.Context, req *logical.Request, data *framew region := data.Get("region").(string) iamendpoint := data.Get("iam_endpoint").(string) stsendpoint := data.Get("sts_endpoint").(string) + maxretries := data.Get("max_retries").(int) entry, err := logical.StorageEntryJSON("config/root", rootConfig{ AccessKey: data.Get("access_key").(string), @@ -55,6 +62,7 @@ func pathConfigRootWrite(ctx context.Context, req *logical.Request, data *framew IAMEndpoint: iamendpoint, STSEndpoint: stsendpoint, Region: region, + MaxRetries: maxretries, }) if err != nil { return nil, err @@ -73,6 +81,7 @@ type rootConfig struct { IAMEndpoint string `json:"iam_endpoint"` STSEndpoint string `json:"sts_endpoint"` Region string `json:"region"` + MaxRetries int `json:"max_retries"` } const pathConfigRootHelpSyn = ` From 143c8d4672175c56cb560c1e91be88428f89cb5f Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Fri, 16 Feb 2018 11:12:19 -0500 Subject: [PATCH 149/178] changelog++ --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 692613b95e9c..317c276d022a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -368,10 +368,12 @@ IMPROVEMENTS: * api: Add ability to set custom headers on each call [GH-3394] * command/server: Add config option to disable requesting client certificates [GH-3373] + * auth/aws: Max retries can now be customized for the AWS client [GH-3965] * core: Disallow mounting underneath an existing path, not just over [GH-2919] * physical/file: Use `700` as permissions when creating directories. The files themselves were `600` and are all encrypted, but this doesn't hurt. * secret/aws: Add ability to use custom IAM/STS endpoints [GH-3416] + * secret/aws: Max retries can now be customized for the AWS client [GH-3965] * secret/cassandra: Work around Cassandra ignoring consistency levels for a user listing query [GH-3469] * secret/pki: Private keys can now be marshalled as PKCS#8 [GH-3518] From d325b32a9d8b71cea3ef05889495b2633c32aee1 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Fri, 16 Feb 2018 11:13:55 -0500 Subject: [PATCH 150/178] Update website for AWS client max_retries --- website/source/api/auth/aws/index.html.md | 3 +++ website/source/api/secret/aws/index.html.md | 4 ++++ 2 files changed, 7 insertions(+) diff --git a/website/source/api/auth/aws/index.html.md b/website/source/api/auth/aws/index.html.md index 9a2f13c0d5f6..551abaeec87f 100644 --- a/website/source/api/auth/aws/index.html.md +++ b/website/source/api/auth/aws/index.html.md @@ -35,6 +35,9 @@ capabilities, the credentials are fetched automatically. ### Parameters +- `max_retries` `(int: -1)` - Number of max retries the client should use for + recoverable errors. The default (`-1`) falls back to the AWS SDK's default + behavior. - `access_key` `(string: "")` - AWS Access key with permissions to query AWS APIs. The permissions required depend on the specific configurations. If using the `iam` auth method without inferencing, then no credentials are necessary. diff --git a/website/source/api/secret/aws/index.html.md b/website/source/api/secret/aws/index.html.md index 8dbbde0c138c..0736841780e9 100644 --- a/website/source/api/secret/aws/index.html.md +++ b/website/source/api/secret/aws/index.html.md @@ -44,6 +44,10 @@ valid AWS credentials with proper permissions. ### Parameters +- `max_retries` `(int: -1)` - Number of max retries the client should use for + recoverable errors. The default (`-1`) falls back to the AWS SDK's default + behavior. + - `access_key` `(string: )` – Specifies the AWS access key ID. - `secret_key` `(string: )` – Specifies the AWS secret access key. From 3a8ca5fec4f676cc8082ba82d592161660ee0532 Mon Sep 17 00:00:00 2001 From: Vitya Date: Fri, 16 Feb 2018 20:52:34 +0300 Subject: [PATCH 151/178] Fix compatibility with some Postgres versions (#3986) use server_version_num instead of parsing the text version. See: https://www.postgresql.org/docs/10/static/functions-info.html --- physical/postgresql/postgresql.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/physical/postgresql/postgresql.go b/physical/postgresql/postgresql.go index d54598f34674..cc75e8e3056f 100644 --- a/physical/postgresql/postgresql.go +++ b/physical/postgresql/postgresql.go @@ -71,7 +71,7 @@ func NewPostgreSQLBackend(conf map[string]string, logger log.Logger) (physical.B // Determine if we should use an upsert function (versions < 9.5) var upsert_required bool - upsert_required_query := "SELECT string_to_array(setting, '.')::int[] < '{9,5}' FROM pg_settings WHERE name = 'server_version'" + upsert_required_query := "SELECT current_setting('server_version_num')::int < 90500" if err := db.QueryRow(upsert_required_query).Scan(&upsert_required); err != nil { return nil, fmt.Errorf("failed to check for native upsert: %v", err) } From e95b0d01b06a655113cf53c2be713422789eb8f7 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Fri, 16 Feb 2018 12:53:43 -0500 Subject: [PATCH 152/178] changelog++ --- CHANGELOG.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 317c276d022a..a66936cd791b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -60,9 +60,11 @@ BUG FIXES: * storage/etcd3: Fix memory ballooning with standby instances [GH-3798] * storage/etcd3: Fix large lists (like token loading at startup) not being handled [GH-3772] + * storage/postgresql: Fix compatibility with versions using custom string + version tags [GH-3949] * storage/zookeeper: Update vendoring to fix freezing issues [GH-3896] - * ui (Enterprise): Decoding the replication token should no longer error and prevent enabling - of a secondary replication cluster via the ui. + * ui (Enterprise): Decoding the replication token should no longer error and + prevent enabling of a secondary replication cluster via the ui. ## 0.9.3 (January 28th, 2018) From a43a854740b07f041018d8aa355f425ff68fe07e Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Fri, 16 Feb 2018 17:19:34 -0500 Subject: [PATCH 153/178] Support other names in SANs (#3889) --- builtin/logical/pki/backend_test.go | 247 ++++++ builtin/logical/pki/ca_util.go | 7 + builtin/logical/pki/cert_util.go | 656 ++++++++++------ builtin/logical/pki/fields.go | 48 ++ builtin/logical/pki/path_intermediate.go | 7 +- builtin/logical/pki/path_issue_sign.go | 10 +- builtin/logical/pki/path_roles.go | 66 +- builtin/logical/pki/path_root.go | 22 +- helper/parseutil/parseutil.go | 18 + logical/framework/field_data.go | 13 +- vendor/golang.org/x/crypto/cryptobyte/asn1.go | 732 ++++++++++++++++++ .../x/crypto/cryptobyte/asn1/asn1.go | 46 ++ .../golang.org/x/crypto/cryptobyte/builder.go | 309 ++++++++ .../golang.org/x/crypto/cryptobyte/string.go | 167 ++++ vendor/vendor.json | 12 + website/source/api/secret/pki/index.html.md | 146 +++- 16 files changed, 2258 insertions(+), 248 deletions(-) create mode 100644 vendor/golang.org/x/crypto/cryptobyte/asn1.go create mode 100644 vendor/golang.org/x/crypto/cryptobyte/asn1/asn1.go create mode 100644 vendor/golang.org/x/crypto/cryptobyte/builder.go create mode 100644 vendor/golang.org/x/crypto/cryptobyte/string.go diff --git a/builtin/logical/pki/backend_test.go b/builtin/logical/pki/backend_test.go index 0684ee5555fa..02088e045184 100644 --- a/builtin/logical/pki/backend_test.go +++ b/builtin/logical/pki/backend_test.go @@ -2801,6 +2801,253 @@ func TestBackend_SignSelfIssued(t *testing.T) { } } +// This is a really tricky test because the Go stdlib asn1 package is incapable +// of doing the right thing with custom OID SANs (see comments in the package, +// it's readily admitted that it's too magic) but that means that any +// validation logic written for this test isn't being independently verified, +// as in, if cryptobytes is used to decode it to make the test work, that +// doesn't mean we're encoding and decoding correctly, only that we made the +// test pass. Instead, when run verbosely it will first perform a bunch of +// checks to verify that the OID SAN logic doesn't screw up other SANs, then +// will spit out the PEM. This can be validated independently. +// +// You want the hex dump of the octet string corresponding to the X509v3 +// Subject Alternative Name. There's a nice online utility at +// https://lapo.it/asn1js that can be used to view the structure of an +// openssl-generated other SAN at +// https://lapo.it/asn1js/#3022A020060A2B060104018237140203A0120C106465766F7073406C6F63616C686F7374 +// (openssl asn1parse can also be used with -strparse using an offset of the +// hex blob for the subject alternative names extension). +// +// The structure output from here should match that precisely (even if the OID +// itself doesn't) in the second test. +// +// The test that encodes two should have them be in separate elements in the +// top-level sequence; see +// https://lapo.it/asn1js/#3046A020060A2B060104018237140203A0120C106465766F7073406C6F63616C686F7374A022060A2B060104018237140204A0140C12322D6465766F7073406C6F63616C686F7374 for an openssl-generated example. +// +// The good news is that it's valid to simply copy and paste the PEM ouput from +// here into the form at that site as it will do the right thing so it's pretty +// easy to validate. +func TestBackend_OID_SANs(t *testing.T) { + coreConfig := &vault.CoreConfig{ + LogicalBackends: map[string]logical.Factory{ + "pki": Factory, + }, + } + cluster := vault.NewTestCluster(t, coreConfig, &vault.TestClusterOptions{ + HandlerFunc: vaulthttp.Handler, + }) + cluster.Start() + defer cluster.Cleanup() + + client := cluster.Cores[0].Client + var err error + err = client.Sys().Mount("root", &api.MountInput{ + Type: "pki", + Config: api.MountConfigInput{ + DefaultLeaseTTL: "16h", + MaxLeaseTTL: "60h", + }, + }) + if err != nil { + t.Fatal(err) + } + + var resp *api.Secret + var certStr string + var block *pem.Block + var cert *x509.Certificate + + _, err = client.Logical().Write("root/root/generate/internal", map[string]interface{}{ + "ttl": "40h", + "common_name": "myvault.com", + }) + if err != nil { + t.Fatal(err) + } + + _, err = client.Logical().Write("root/roles/test", map[string]interface{}{ + "allowed_domains": []string{"foobar.com", "zipzap.com"}, + "allow_bare_domains": true, + "allow_subdomains": true, + "allow_ip_sans": true, + "allowed_other_sans": "1.3.6.1.4.1.311.20.2.3;UTF8:devops@*,1.3.6.1.4.1.311.20.2.4;utf8:d*e@foobar.com", + }) + if err != nil { + t.Fatal(err) + } + + // Get a baseline before adding OID SANs. In the next sections we'll verify + // that the SANs are all added even as the OID SAN inclusion forces other + // adding logic (custom rather than built-in Golang logic) + resp, err = client.Logical().Write("root/issue/test", map[string]interface{}{ + "common_name": "foobar.com", + "ip_sans": "1.2.3.4", + "alt_names": "foo.foobar.com,bar.foobar.com", + "ttl": "1h", + }) + if err != nil { + t.Fatal(err) + } + certStr = resp.Data["certificate"].(string) + block, _ = pem.Decode([]byte(certStr)) + cert, err = x509.ParseCertificate(block.Bytes) + if err != nil { + t.Fatal(err) + } + if cert.IPAddresses[0].String() != "1.2.3.4" { + t.Fatalf("unexpected IP SAN %q", cert.IPAddresses[0].String()) + } + if cert.DNSNames[0] != "foobar.com" || + cert.DNSNames[1] != "bar.foobar.com" || + cert.DNSNames[2] != "foo.foobar.com" { + t.Fatalf("unexpected DNS SANs %v", cert.DNSNames) + } + + // First test some bad stuff that shouldn't work + resp, err = client.Logical().Write("root/issue/test", map[string]interface{}{ + "common_name": "foobar.com", + "ip_sans": "1.2.3.4", + "alt_names": "foo.foobar.com,bar.foobar.com", + "ttl": "1h", + // Not a valid value for the first possibility + "other_sans": "1.3.6.1.4.1.311.20.2.3;UTF8:devop@nope.com", + }) + if err == nil { + t.Fatal("expected error") + } + + resp, err = client.Logical().Write("root/issue/test", map[string]interface{}{ + "common_name": "foobar.com", + "ip_sans": "1.2.3.4", + "alt_names": "foo.foobar.com,bar.foobar.com", + "ttl": "1h", + // Not a valid OID for the first possibility + "other_sans": "1.3.6.1.4.1.311.20.2.5;UTF8:devops@nope.com", + }) + if err == nil { + t.Fatal("expected error") + } + + resp, err = client.Logical().Write("root/issue/test", map[string]interface{}{ + "common_name": "foobar.com", + "ip_sans": "1.2.3.4", + "alt_names": "foo.foobar.com,bar.foobar.com", + "ttl": "1h", + // Not a valid name for the second possibility + "other_sans": "1.3.6.1.4.1.311.20.2.4;UTF8:d34g@foobar.com", + }) + if err == nil { + t.Fatal("expected error") + } + + resp, err = client.Logical().Write("root/issue/test", map[string]interface{}{ + "common_name": "foobar.com", + "ip_sans": "1.2.3.4", + "alt_names": "foo.foobar.com,bar.foobar.com", + "ttl": "1h", + // Not a valid OID for the second possibility + "other_sans": "1.3.6.1.4.1.311.20.2.5;UTF8:d34e@foobar.com", + }) + if err == nil { + t.Fatal("expected error") + } + + resp, err = client.Logical().Write("root/issue/test", map[string]interface{}{ + "common_name": "foobar.com", + "ip_sans": "1.2.3.4", + "alt_names": "foo.foobar.com,bar.foobar.com", + "ttl": "1h", + // Not a valid type + "other_sans": "1.3.6.1.4.1.311.20.2.5;UTF2:d34e@foobar.com", + }) + if err == nil { + t.Fatal("expected error") + } + + // Valid for first possibility + resp, err = client.Logical().Write("root/issue/test", map[string]interface{}{ + "common_name": "foobar.com", + "ip_sans": "1.2.3.4", + "alt_names": "foo.foobar.com,bar.foobar.com", + "ttl": "1h", + "other_sans": "1.3.6.1.4.1.311.20.2.3;utf8:devops@nope.com", + }) + if err != nil { + t.Fatal(err) + } + certStr = resp.Data["certificate"].(string) + block, _ = pem.Decode([]byte(certStr)) + cert, err = x509.ParseCertificate(block.Bytes) + if err != nil { + t.Fatal(err) + } + if cert.IPAddresses[0].String() != "1.2.3.4" { + t.Fatalf("unexpected IP SAN %q", cert.IPAddresses[0].String()) + } + if cert.DNSNames[0] != "foobar.com" || + cert.DNSNames[1] != "bar.foobar.com" || + cert.DNSNames[2] != "foo.foobar.com" { + t.Fatalf("unexpected DNS SANs %v", cert.DNSNames) + } + t.Logf("certificate 1 to check:\n%s", certStr) + + // Valid for second possibility + resp, err = client.Logical().Write("root/issue/test", map[string]interface{}{ + "common_name": "foobar.com", + "ip_sans": "1.2.3.4", + "alt_names": "foo.foobar.com,bar.foobar.com", + "ttl": "1h", + "other_sans": "1.3.6.1.4.1.311.20.2.4;UTF8:d234e@foobar.com", + }) + if err != nil { + t.Fatal(err) + } + certStr = resp.Data["certificate"].(string) + block, _ = pem.Decode([]byte(certStr)) + cert, err = x509.ParseCertificate(block.Bytes) + if err != nil { + t.Fatal(err) + } + if cert.IPAddresses[0].String() != "1.2.3.4" { + t.Fatalf("unexpected IP SAN %q", cert.IPAddresses[0].String()) + } + if cert.DNSNames[0] != "foobar.com" || + cert.DNSNames[1] != "bar.foobar.com" || + cert.DNSNames[2] != "foo.foobar.com" { + t.Fatalf("unexpected DNS SANs %v", cert.DNSNames) + } + t.Logf("certificate 2 to check:\n%s", certStr) + + // Valid for both + resp, err = client.Logical().Write("root/issue/test", map[string]interface{}{ + "common_name": "foobar.com", + "ip_sans": "1.2.3.4", + "alt_names": "foo.foobar.com,bar.foobar.com", + "ttl": "1h", + "other_sans": "1.3.6.1.4.1.311.20.2.3;utf8:devops@nope.com,1.3.6.1.4.1.311.20.2.4;utf8:d234e@foobar.com", + }) + if err != nil { + t.Fatal(err) + } + certStr = resp.Data["certificate"].(string) + block, _ = pem.Decode([]byte(certStr)) + cert, err = x509.ParseCertificate(block.Bytes) + if err != nil { + t.Fatal(err) + } + if cert.IPAddresses[0].String() != "1.2.3.4" { + t.Fatalf("unexpected IP SAN %q", cert.IPAddresses[0].String()) + } + if cert.DNSNames[0] != "foobar.com" || + cert.DNSNames[1] != "bar.foobar.com" || + cert.DNSNames[2] != "foo.foobar.com" { + t.Fatalf("unexpected DNS SANs %v", cert.DNSNames) + } + t.Logf("certificate 3 to check:\n%s", certStr) +} + const ( rsaCAKey string = `-----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEAmPQlK7xD5p+E8iLQ8XlVmll5uU2NKMxKY3UF5tbh+0vkc+Fy diff --git a/builtin/logical/pki/ca_util.go b/builtin/logical/pki/ca_util.go index f0024a84cc57..384f440d8bf5 100644 --- a/builtin/logical/pki/ca_util.go +++ b/builtin/logical/pki/ca_util.go @@ -36,6 +36,13 @@ func (b *backend) getGenerationParams( AllowAnyName: true, AllowIPSANs: true, EnforceHostnames: false, + OU: data.Get("ou").([]string), + Organization: data.Get("organization").([]string), + Country: data.Get("country").([]string), + Locality: data.Get("locality").([]string), + Province: data.Get("province").([]string), + StreetAddress: data.Get("street_address").([]string), + PostalCode: data.Get("postal_code").([]string), } if role.KeyType == "rsa" && role.KeyBits < 2048 { diff --git a/builtin/logical/pki/cert_util.go b/builtin/logical/pki/cert_util.go index a02a4c229231..09b0317b3aa1 100644 --- a/builtin/logical/pki/cert_util.go +++ b/builtin/logical/pki/cert_util.go @@ -16,6 +16,7 @@ import ( "fmt" "net" "regexp" + "strconv" "strings" "time" @@ -27,6 +28,8 @@ import ( "github.com/hashicorp/vault/logical" "github.com/hashicorp/vault/logical/framework" "github.com/ryanuber/go-glob" + "golang.org/x/crypto/cryptobyte" + cbbasn1 "golang.org/x/crypto/cryptobyte/asn1" "golang.org/x/net/idna" ) @@ -39,17 +42,24 @@ const ( emailProtectionExtKeyUsage ) -type creationBundle struct { - CommonName string - OU []string - Organization []string +type dataBundle struct { + params *creationParameters + signingBundle *caInfoBundle + csr *x509.CertificateRequest + role *roleEntry + req *logical.Request + apiData *framework.FieldData +} + +type creationParameters struct { + Subject pkix.Name DNSNames []string EmailAddresses []string IPAddresses []net.IP + OtherSANs map[string][]string IsCA bool KeyType string KeyBits int - SigningBundle *caInfoBundle NotAfter time.Time KeyUsage x509.KeyUsage ExtKeyUsage certExtKeyUsage @@ -261,7 +271,7 @@ func fetchCertBySerial(ctx context.Context, req *logical.Request, prefix, serial // Given a set of requested names for a certificate, verifies that all of them // match the various toggles set in the role for controlling issuance. // If one does not pass, it is returned in the string argument. -func validateNames(req *logical.Request, names []string, role *roleEntry) string { +func validateNames(data *dataBundle, names []string) string { for _, name := range names { sanitizedName := name emailDomain := name @@ -301,7 +311,7 @@ func validateNames(req *logical.Request, names []string, role *roleEntry) string // applies when allowing any name. Also, we check the sanitized name to // ensure that we are not either checking a full email address or a // wildcard prefix. - if role.EnforceHostnames { + if data.role.EnforceHostnames { p := idna.New( idna.StrictDomainName(true), idna.VerifyDNSLength(true), @@ -316,7 +326,7 @@ func validateNames(req *logical.Request, names []string, role *roleEntry) string } // Self-explanatory - if role.AllowAnyName { + if data.role.AllowAnyName { continue } @@ -336,7 +346,7 @@ func validateNames(req *logical.Request, names []string, role *roleEntry) string // // Variances are noted in-line - if role.AllowLocalhost { + if data.role.AllowLocalhost { if name == "localhost" || name == "localdomain" || (isEmail && emailDomain == "localhost") || @@ -344,7 +354,7 @@ func validateNames(req *logical.Request, names []string, role *roleEntry) string continue } - if role.AllowSubdomains { + if data.role.AllowSubdomains { // It is possible, if unlikely, to have a subdomain of "localhost" if strings.HasSuffix(sanitizedName, ".localhost") || (isWildcard && sanitizedName == "localhost") { @@ -359,18 +369,18 @@ func validateNames(req *logical.Request, names []string, role *roleEntry) string } } - if role.AllowTokenDisplayName { - if name == req.DisplayName { + if data.role.AllowTokenDisplayName { + if name == data.req.DisplayName { continue } - if role.AllowSubdomains { + if data.role.AllowSubdomains { if isEmail { // If it's an email address, we need to parse the token // display name in order to do a proper comparison of the // subdomain - if strings.Contains(req.DisplayName, "@") { - splitDisplay := strings.Split(req.DisplayName, "@") + if strings.Contains(data.req.DisplayName, "@") { + splitDisplay := strings.Split(data.req.DisplayName, "@") if len(splitDisplay) == 2 { // Compare the sanitized name against the hostname // portion of the email address in the roken @@ -382,16 +392,16 @@ func validateNames(req *logical.Request, names []string, role *roleEntry) string } } - if strings.HasSuffix(sanitizedName, "."+req.DisplayName) || - (isWildcard && sanitizedName == req.DisplayName) { + if strings.HasSuffix(sanitizedName, "."+data.req.DisplayName) || + (isWildcard && sanitizedName == data.req.DisplayName) { continue } } } - if len(role.AllowedDomains) > 0 { + if len(data.role.AllowedDomains) > 0 { valid := false - for _, currDomain := range role.AllowedDomains { + for _, currDomain := range data.role.AllowedDomains { // If there is, say, a trailing comma, ignore it if currDomain == "" { continue @@ -399,14 +409,14 @@ func validateNames(req *logical.Request, names []string, role *roleEntry) string // First, allow an exact match of the base domain if that role flag // is enabled - if role.AllowBareDomains && + if data.role.AllowBareDomains && (name == currDomain || (isEmail && emailDomain == currDomain)) { valid = true break } - if role.AllowSubdomains { + if data.role.AllowSubdomains { if strings.HasSuffix(sanitizedName, "."+currDomain) || (isWildcard && sanitizedName == currDomain) { valid = true @@ -414,7 +424,7 @@ func validateNames(req *logical.Request, names []string, role *roleEntry) string } } - if role.AllowGlobDomains && + if data.role.AllowGlobDomains && strings.Contains(currDomain, "*") && glob.Glob(currDomain, name) { valid = true @@ -432,31 +442,88 @@ func validateNames(req *logical.Request, names []string, role *roleEntry) string return "" } +// validateOtherSANs checks if the values requested are allowed. If an OID +// isn't allowed, it will be returned as the first string. If a value isn't +// allowed, it will be returned as the second string. Empty strings + error +// means everything is okay. +func validateOtherSANs(data *dataBundle, requested map[string][]string) (string, string, error) { + allowed, err := parseOtherSANs(data.role.AllowedOtherSANs) + if err != nil { + return "", "", errwrap.Wrapf("error parsing role's allowed SANs: {{err}}", err) + } + for oid, names := range requested { + for _, name := range names { + allowedNames, ok := allowed[oid] + if !ok { + return oid, "", nil + } + + valid := false + for _, allowedName := range allowedNames { + if glob.Glob(allowedName, name) { + valid = true + break + } + } + + if !valid { + return oid, name, nil + } + } + } + + return "", "", nil +} + +func parseOtherSANs(others []string) (map[string][]string, error) { + result := map[string][]string{} + for _, other := range others { + splitOther := strings.SplitN(other, ";", 2) + if len(splitOther) != 2 { + return nil, fmt.Errorf("expected a semicolon in other SAN %q", other) + } + splitType := strings.SplitN(splitOther[1], ":", 2) + if len(splitType) != 2 { + return nil, fmt.Errorf("expected a colon in other SAN %q", other) + } + if strings.ToLower(splitType[0]) != "utf8" { + return nil, fmt.Errorf("only utf8 other SANs are supported; found non-supported type in other SAN %q", other) + } + result[splitOther[0]] = append(result[splitOther[0]], splitType[1]) + } + + return result, nil +} + func generateCert(ctx context.Context, b *backend, - role *roleEntry, - signingBundle *caInfoBundle, - isCA bool, - req *logical.Request, - data *framework.FieldData) (*certutil.ParsedCertBundle, error) { + data *dataBundle, + isCA bool) (*certutil.ParsedCertBundle, error) { - if role.KeyType == "rsa" && role.KeyBits < 2048 { + if data.role == nil { + return nil, errutil.InternalError{Err: "no role found in data bundle"} + } + + if data.role.KeyType == "rsa" && data.role.KeyBits < 2048 { return nil, errutil.UserError{Err: "RSA keys < 2048 bits are unsafe and not supported"} } - creationBundle, err := generateCreationBundle(b, role, signingBundle, nil, req, data) + err := generateCreationBundle(b, data) if err != nil { return nil, err } + if data.params == nil { + return nil, errutil.InternalError{Err: "nil paramaters received from parameter bundle generation"} + } if isCA { - creationBundle.IsCA = isCA + data.params.IsCA = isCA - creationBundle.PermittedDNSDomains = data.Get("permitted_dns_domains").([]string) + data.params.PermittedDNSDomains = data.apiData.Get("permitted_dns_domains").([]string) - if signingBundle == nil { + if data.signingBundle == nil { // Generating a self-signed root certificate - entries, err := getURLs(ctx, req) + entries, err := getURLs(ctx, data.req) if err != nil { return nil, errutil.InternalError{Err: fmt.Sprintf("unable to fetch URL information: %v", err)} } @@ -467,17 +534,17 @@ func generateCert(ctx context.Context, OCSPServers: []string{}, } } - creationBundle.URLs = entries + data.params.URLs = entries - if role.MaxPathLength == nil { - creationBundle.MaxPathLength = -1 + if data.role.MaxPathLength == nil { + data.params.MaxPathLength = -1 } else { - creationBundle.MaxPathLength = *role.MaxPathLength + data.params.MaxPathLength = *data.role.MaxPathLength } } } - parsedBundle, err := createCertificate(creationBundle) + parsedBundle, err := createCertificate(data) if err != nil { return nil, err } @@ -487,18 +554,16 @@ func generateCert(ctx context.Context, // N.B.: This is only meant to be used for generating intermediate CAs. // It skips some sanity checks. -func generateIntermediateCSR(b *backend, - role *roleEntry, - signingBundle *caInfoBundle, - req *logical.Request, - data *framework.FieldData) (*certutil.ParsedCSRBundle, error) { - - creationBundle, err := generateCreationBundle(b, role, signingBundle, nil, req, data) +func generateIntermediateCSR(b *backend, data *dataBundle) (*certutil.ParsedCSRBundle, error) { + err := generateCreationBundle(b, data) if err != nil { return nil, err } + if data.params == nil { + return nil, errutil.InternalError{Err: "nil paramaters received from parameter bundle generation"} + } - parsedBundle, err := createCSR(creationBundle) + parsedBundle, err := createCSR(data) if err != nil { return nil, err } @@ -507,14 +572,15 @@ func generateIntermediateCSR(b *backend, } func signCert(b *backend, - role *roleEntry, - signingBundle *caInfoBundle, + data *dataBundle, isCA bool, - useCSRValues bool, - req *logical.Request, - data *framework.FieldData) (*certutil.ParsedCertBundle, error) { + useCSRValues bool) (*certutil.ParsedCertBundle, error) { + + if data.role == nil { + return nil, errutil.InternalError{Err: "no role found in data bundle"} + } - csrString := data.Get("csr").(string) + csrString := data.apiData.Get("csr").(string) if csrString == "" { return nil, errutil.UserError{Err: fmt.Sprintf("\"csr\" is empty")} } @@ -529,13 +595,13 @@ func signCert(b *backend, return nil, errutil.UserError{Err: fmt.Sprintf("certificate request could not be parsed: %v", err)} } - switch role.KeyType { + switch data.role.KeyType { case "rsa": // Verify that the key matches the role type if csr.PublicKeyAlgorithm != x509.RSA { return nil, errutil.UserError{Err: fmt.Sprintf( "role requires keys of type %s", - role.KeyType)} + data.role.KeyType)} } pubKey, ok := csr.PublicKey.(*rsa.PublicKey) if !ok { @@ -548,10 +614,10 @@ func signCert(b *backend, } // Verify that the bit size is at least the size specified in the role - if pubKey.N.BitLen() < role.KeyBits { + if pubKey.N.BitLen() < data.role.KeyBits { return nil, errutil.UserError{Err: fmt.Sprintf( "role requires a minimum of a %d-bit key, but CSR's key is %d bits", - role.KeyBits, + data.role.KeyBits, pubKey.N.BitLen())} } @@ -560,7 +626,7 @@ func signCert(b *backend, if csr.PublicKeyAlgorithm != x509.ECDSA { return nil, errutil.UserError{Err: fmt.Sprintf( "role requires keys of type %s", - role.KeyType)} + data.role.KeyType)} } pubKey, ok := csr.PublicKey.(*ecdsa.PublicKey) if !ok { @@ -568,10 +634,10 @@ func signCert(b *backend, } // Verify that the bit size is at least the size specified in the role - if pubKey.Params().BitSize < role.KeyBits { + if pubKey.Params().BitSize < data.role.KeyBits { return nil, errutil.UserError{Err: fmt.Sprintf( "role requires a minimum of a %d-bit key, but CSR's key is %d bits", - role.KeyBits, + data.role.KeyBits, pubKey.Params().BitSize)} } @@ -593,19 +659,24 @@ func signCert(b *backend, } - creationBundle, err := generateCreationBundle(b, role, signingBundle, csr, req, data) + data.csr = csr + + err = generateCreationBundle(b, data) if err != nil { return nil, err } + if data.params == nil { + return nil, errutil.InternalError{Err: "nil paramaters received from parameter bundle generation"} + } - creationBundle.IsCA = isCA - creationBundle.UseCSRValues = useCSRValues + data.params.IsCA = isCA + data.params.UseCSRValues = useCSRValues if isCA { - creationBundle.PermittedDNSDomains = data.Get("permitted_dns_domains").([]string) + data.params.PermittedDNSDomains = data.apiData.Get("permitted_dns_domains").([]string) } - parsedBundle, err := signCertificate(creationBundle, csr) + parsedBundle, err := signCertificate(data) if err != nil { return nil, err } @@ -614,14 +685,9 @@ func signCert(b *backend, } // generateCreationBundle is a shared function that reads parameters supplied -// from the various endpoints and generates a creationBundle with the +// from the various endpoints and generates a creationParameters with the // parameters that can be used to issue or sign -func generateCreationBundle(b *backend, - role *roleEntry, - signingBundle *caInfoBundle, - csr *x509.CertificateRequest, - req *logical.Request, - data *framework.FieldData) (*creationBundle, error) { +func generateCreationBundle(b *backend, data *dataBundle) error { var err error var ok bool @@ -630,22 +696,22 @@ func generateCreationBundle(b *backend, dnsNames := []string{} emailAddresses := []string{} { - if csr != nil && role.UseCSRCommonName { - cn = csr.Subject.CommonName + if data.csr != nil && data.role.UseCSRCommonName { + cn = data.csr.Subject.CommonName } if cn == "" { - cn = data.Get("common_name").(string) - if cn == "" && role.RequireCN { - return nil, errutil.UserError{Err: `the common_name field is required, or must be provided in a CSR with "use_csr_common_name" set to true, unless "require_cn" is set to false`} + cn = data.apiData.Get("common_name").(string) + if cn == "" && data.role.RequireCN { + return errutil.UserError{Err: `the common_name field is required, or must be provided in a CSR with "use_csr_common_name" set to true, unless "require_cn" is set to false`} } } - if csr != nil && role.UseCSRSANs { - dnsNames = csr.DNSNames - emailAddresses = csr.EmailAddresses + if data.csr != nil && data.role.UseCSRSANs { + dnsNames = data.csr.DNSNames + emailAddresses = data.csr.EmailAddresses } - if cn != "" && !data.Get("exclude_cn_from_sans").(bool) { + if cn != "" && !data.apiData.Get("exclude_cn_from_sans").(bool) { if strings.Contains(cn, "@") { // Note: emails are not disallowed if the role's email protection // flag is false, because they may well be included for @@ -662,7 +728,7 @@ func generateCreationBundle(b *backend, ) converted, err := p.ToASCII(cn) if err != nil { - return nil, errutil.UserError{Err: err.Error()} + return errutil.UserError{Err: err.Error()} } if hostnameRegex.MatchString(converted) { dnsNames = append(dnsNames, converted) @@ -670,8 +736,8 @@ func generateCreationBundle(b *backend, } } - if csr == nil || !role.UseCSRSANs { - cnAltRaw, ok := data.GetOk("alt_names") + if data.csr == nil || !data.role.UseCSRSANs { + cnAltRaw, ok := data.apiData.GetOk("alt_names") if ok { cnAlt := strutil.ParseDedupLowercaseAndSortStrings(cnAltRaw.(string), ",") for _, v := range cnAlt { @@ -686,7 +752,7 @@ func generateCreationBundle(b *backend, ) converted, err := p.ToASCII(v) if err != nil { - return nil, errutil.UserError{Err: err.Error()} + return errutil.UserError{Err: err.Error()} } if hostnameRegex.MatchString(converted) { dnsNames = append(dnsNames, converted) @@ -699,52 +765,73 @@ func generateCreationBundle(b *backend, // Check the CN. This ensures that the CN is checked even if it's // excluded from SANs. if cn != "" { - badName := validateNames(req, []string{cn}, role) + badName := validateNames(data, []string{cn}) if len(badName) != 0 { - return nil, errutil.UserError{Err: fmt.Sprintf( + return errutil.UserError{Err: fmt.Sprintf( "common name %s not allowed by this role", badName)} } } // Check for bad email and/or DNS names - badName := validateNames(req, dnsNames, role) + badName := validateNames(data, dnsNames) if len(badName) != 0 { - return nil, errutil.UserError{Err: fmt.Sprintf( + return errutil.UserError{Err: fmt.Sprintf( "subject alternate name %s not allowed by this role", badName)} } - badName = validateNames(req, emailAddresses, role) + badName = validateNames(data, emailAddresses) if len(badName) != 0 { - return nil, errutil.UserError{Err: fmt.Sprintf( + return errutil.UserError{Err: fmt.Sprintf( "email address %s not allowed by this role", badName)} } } + var otherSANs map[string][]string + if sans := data.apiData.Get("other_sans").([]string); len(sans) > 0 { + requested, err := parseOtherSANs(sans) + if err != nil { + return errutil.UserError{Err: errwrap.Wrapf("could not parse requested other SAN: {{err}}", err).Error()} + } + badOID, badName, err := validateOtherSANs(data, requested) + switch { + case err != nil: + return errutil.UserError{Err: err.Error()} + case len(badName) > 0: + return errutil.UserError{Err: fmt.Sprintf( + "other SAN %s not allowed for OID %s by this role", badName, badOID)} + case len(badOID) > 0: + return errutil.UserError{Err: fmt.Sprintf( + "other SAN OID %s not allowed by this role", badOID)} + default: + otherSANs = requested + } + } + // Get and verify any IP SANs ipAddresses := []net.IP{} var ipAltInt interface{} { - if csr != nil && role.UseCSRSANs { - if len(csr.IPAddresses) > 0 { - if !role.AllowIPSANs { - return nil, errutil.UserError{Err: fmt.Sprintf( + if data.csr != nil && data.role.UseCSRSANs { + if len(data.csr.IPAddresses) > 0 { + if !data.role.AllowIPSANs { + return errutil.UserError{Err: fmt.Sprintf( "IP Subject Alternative Names are not allowed in this role, but was provided some via CSR")} } - ipAddresses = csr.IPAddresses + ipAddresses = data.csr.IPAddresses } } else { - ipAltInt, ok = data.GetOk("ip_sans") + ipAltInt, ok = data.apiData.GetOk("ip_sans") if ok { ipAlt := ipAltInt.(string) if len(ipAlt) != 0 { - if !role.AllowIPSANs { - return nil, errutil.UserError{Err: fmt.Sprintf( + if !data.role.AllowIPSANs { + return errutil.UserError{Err: fmt.Sprintf( "IP Subject Alternative Names are not allowed in this role, but was provided %s", ipAlt)} } for _, v := range strings.Split(ipAlt, ",") { parsedIP := net.ParseIP(v) if parsedIP == nil { - return nil, errutil.UserError{Err: fmt.Sprintf( + return errutil.UserError{Err: fmt.Sprintf( "the value '%s' is not a valid IP address", v)} } ipAddresses = append(ipAddresses, parsedIP) @@ -754,32 +841,37 @@ func generateCreationBundle(b *backend, } } - // Set OU (organizationalUnit) values if specified in the role - ou := strutil.RemoveDuplicates(role.OU, false) - // Set O (organization) values if specified in the role - organization := strutil.RemoveDuplicates(role.Organization, false) + subject := pkix.Name{ + Country: strutil.RemoveDuplicates(data.role.Country, false), + Organization: strutil.RemoveDuplicates(data.role.Organization, false), + OrganizationalUnit: strutil.RemoveDuplicates(data.role.OU, false), + Locality: strutil.RemoveDuplicates(data.role.Locality, false), + Province: strutil.RemoveDuplicates(data.role.Province, false), + StreetAddress: strutil.RemoveDuplicates(data.role.StreetAddress, false), + PostalCode: strutil.RemoveDuplicates(data.role.PostalCode, false), + } // Get the TTL and verify it against the max allowed var ttl time.Duration var maxTTL time.Duration var notAfter time.Time { - ttl = time.Duration(data.Get("ttl").(int)) * time.Second + ttl = time.Duration(data.apiData.Get("ttl").(int)) * time.Second if ttl == 0 { - if role.TTL != "" { - ttl, err = parseutil.ParseDurationSecond(role.TTL) + if data.role.TTL != "" { + ttl, err = parseutil.ParseDurationSecond(data.role.TTL) if err != nil { - return nil, errutil.UserError{Err: fmt.Sprintf( + return errutil.UserError{Err: fmt.Sprintf( "invalid role ttl: %s", err)} } } } - if role.MaxTTL != "" { - maxTTL, err = parseutil.ParseDurationSecond(role.MaxTTL) + if data.role.MaxTTL != "" { + maxTTL, err = parseutil.ParseDurationSecond(data.role.MaxTTL) if err != nil { - return nil, errutil.UserError{Err: fmt.Sprintf( + return errutil.UserError{Err: fmt.Sprintf( "invalid role max_ttl: %s", err)} } } @@ -798,10 +890,10 @@ func generateCreationBundle(b *backend, // If it's not self-signed, verify that the issued certificate won't be // valid past the lifetime of the CA certificate - if signingBundle != nil && - notAfter.After(signingBundle.Certificate.NotAfter) && !role.AllowExpirationPastCA { + if data.signingBundle != nil && + notAfter.After(data.signingBundle.Certificate.NotAfter) && !data.role.AllowExpirationPastCA { - return nil, errutil.UserError{Err: fmt.Sprintf( + return errutil.UserError{Err: fmt.Sprintf( "cannot satisfy request, as TTL is beyond the expiration of the CA certificate")} } } @@ -809,94 +901,92 @@ func generateCreationBundle(b *backend, // Build up usages var extUsage certExtKeyUsage { - if role.ServerFlag { + if data.role.ServerFlag { extUsage = extUsage | serverExtKeyUsage } - if role.ClientFlag { + if data.role.ClientFlag { extUsage = extUsage | clientExtKeyUsage } - if role.CodeSigningFlag { + if data.role.CodeSigningFlag { extUsage = extUsage | codeSigningExtKeyUsage } - if role.EmailProtectionFlag { + if data.role.EmailProtectionFlag { extUsage = extUsage | emailProtectionExtKeyUsage } } - creationBundle := &creationBundle{ - CommonName: cn, - OU: ou, - Organization: organization, + data.params = &creationParameters{ + Subject: subject, DNSNames: dnsNames, EmailAddresses: emailAddresses, IPAddresses: ipAddresses, - KeyType: role.KeyType, - KeyBits: role.KeyBits, - SigningBundle: signingBundle, + OtherSANs: otherSANs, + KeyType: data.role.KeyType, + KeyBits: data.role.KeyBits, NotAfter: notAfter, - KeyUsage: x509.KeyUsage(parseKeyUsages(role.KeyUsage)), + KeyUsage: x509.KeyUsage(parseKeyUsages(data.role.KeyUsage)), ExtKeyUsage: extUsage, } // Don't deal with URLs or max path length if it's self-signed, as these // normally come from the signing bundle - if signingBundle == nil { - return creationBundle, nil + if data.signingBundle == nil { + return nil } // This will have been read in from the getURLs function - creationBundle.URLs = signingBundle.URLs + data.params.URLs = data.signingBundle.URLs // If the max path length in the role is not nil, it was specified at // generation time with the max_path_length parameter; otherwise derive it // from the signing certificate - if role.MaxPathLength != nil { - creationBundle.MaxPathLength = *role.MaxPathLength + if data.role.MaxPathLength != nil { + data.params.MaxPathLength = *data.role.MaxPathLength } else { switch { - case signingBundle.Certificate.MaxPathLen < 0: - creationBundle.MaxPathLength = -1 - case signingBundle.Certificate.MaxPathLen == 0 && - signingBundle.Certificate.MaxPathLenZero: + case data.signingBundle.Certificate.MaxPathLen < 0: + data.params.MaxPathLength = -1 + case data.signingBundle.Certificate.MaxPathLen == 0 && + data.signingBundle.Certificate.MaxPathLenZero: // The signing function will ensure that we do not issue a CA cert - creationBundle.MaxPathLength = 0 + data.params.MaxPathLength = 0 default: // If this takes it to zero, we handle this case later if // necessary - creationBundle.MaxPathLength = signingBundle.Certificate.MaxPathLen - 1 + data.params.MaxPathLength = data.signingBundle.Certificate.MaxPathLen - 1 } } - return creationBundle, nil + return nil } // addKeyUsages adds approrpiate key usages to the template given the creation // information -func addKeyUsages(creationInfo *creationBundle, certTemplate *x509.Certificate) { - if creationInfo.IsCA { +func addKeyUsages(data *dataBundle, certTemplate *x509.Certificate) { + if data.params.IsCA { certTemplate.KeyUsage = x509.KeyUsage(x509.KeyUsageCertSign | x509.KeyUsageCRLSign) return } - certTemplate.KeyUsage = creationInfo.KeyUsage + certTemplate.KeyUsage = data.params.KeyUsage - if creationInfo.ExtKeyUsage&serverExtKeyUsage != 0 { + if data.params.ExtKeyUsage&serverExtKeyUsage != 0 { certTemplate.ExtKeyUsage = append(certTemplate.ExtKeyUsage, x509.ExtKeyUsageServerAuth) } - if creationInfo.ExtKeyUsage&clientExtKeyUsage != 0 { + if data.params.ExtKeyUsage&clientExtKeyUsage != 0 { certTemplate.ExtKeyUsage = append(certTemplate.ExtKeyUsage, x509.ExtKeyUsageClientAuth) } - if creationInfo.ExtKeyUsage&codeSigningExtKeyUsage != 0 { + if data.params.ExtKeyUsage&codeSigningExtKeyUsage != 0 { certTemplate.ExtKeyUsage = append(certTemplate.ExtKeyUsage, x509.ExtKeyUsageCodeSigning) } - if creationInfo.ExtKeyUsage&emailProtectionExtKeyUsage != 0 { + if data.params.ExtKeyUsage&emailProtectionExtKeyUsage != 0 { certTemplate.ExtKeyUsage = append(certTemplate.ExtKeyUsage, x509.ExtKeyUsageEmailProtection) } } // Performs the heavy lifting of creating a certificate. Returns // a fully-filled-in ParsedCertBundle. -func createCertificate(creationInfo *creationBundle) (*certutil.ParsedCertBundle, error) { +func createCertificate(data *dataBundle) (*certutil.ParsedCertBundle, error) { var err error result := &certutil.ParsedCertBundle{} @@ -905,8 +995,8 @@ func createCertificate(creationInfo *creationBundle) (*certutil.ParsedCertBundle return nil, err } - if err := certutil.GeneratePrivateKey(creationInfo.KeyType, - creationInfo.KeyBits, + if err := certutil.GeneratePrivateKey(data.params.KeyType, + data.params.KeyBits, result); err != nil { return nil, err } @@ -916,51 +1006,49 @@ func createCertificate(creationInfo *creationBundle) (*certutil.ParsedCertBundle return nil, errutil.InternalError{Err: fmt.Sprintf("error getting subject key ID: %s", err)} } - subject := pkix.Name{ - CommonName: creationInfo.CommonName, - OrganizationalUnit: creationInfo.OU, - Organization: creationInfo.Organization, - } - certTemplate := &x509.Certificate{ SerialNumber: serialNumber, - Subject: subject, NotBefore: time.Now().Add(-30 * time.Second), - NotAfter: creationInfo.NotAfter, + NotAfter: data.params.NotAfter, IsCA: false, SubjectKeyId: subjKeyID, - DNSNames: creationInfo.DNSNames, - EmailAddresses: creationInfo.EmailAddresses, - IPAddresses: creationInfo.IPAddresses, + Subject: data.params.Subject, + DNSNames: data.params.DNSNames, + EmailAddresses: data.params.EmailAddresses, + IPAddresses: data.params.IPAddresses, + } + + if err := handleOtherSANs(certTemplate, data.params.OtherSANs); err != nil { + return nil, errutil.InternalError{Err: errwrap.Wrapf("error marshaling other SANs: {{err}}", err).Error()} } // Add this before calling addKeyUsages - if creationInfo.SigningBundle == nil { + if data.signingBundle == nil { certTemplate.IsCA = true } // This will only be filled in from the generation paths - if len(creationInfo.PermittedDNSDomains) > 0 { - certTemplate.PermittedDNSDomains = creationInfo.PermittedDNSDomains + if len(data.params.PermittedDNSDomains) > 0 { + certTemplate.PermittedDNSDomains = data.params.PermittedDNSDomains certTemplate.PermittedDNSDomainsCritical = true } - addKeyUsages(creationInfo, certTemplate) + addKeyUsages(data, certTemplate) - certTemplate.IssuingCertificateURL = creationInfo.URLs.IssuingCertificates - certTemplate.CRLDistributionPoints = creationInfo.URLs.CRLDistributionPoints - certTemplate.OCSPServer = creationInfo.URLs.OCSPServers + certTemplate.IssuingCertificateURL = data.params.URLs.IssuingCertificates + certTemplate.CRLDistributionPoints = data.params.URLs.CRLDistributionPoints + certTemplate.OCSPServer = data.params.URLs.OCSPServers var certBytes []byte - if creationInfo.SigningBundle != nil { - switch creationInfo.SigningBundle.PrivateKeyType { + if data.signingBundle != nil { + switch data.signingBundle.PrivateKeyType { case certutil.RSAPrivateKey: certTemplate.SignatureAlgorithm = x509.SHA256WithRSA case certutil.ECPrivateKey: certTemplate.SignatureAlgorithm = x509.ECDSAWithSHA256 } - caCert := creationInfo.SigningBundle.Certificate + caCert := data.signingBundle.Certificate certTemplate.AuthorityKeyId = caCert.SubjectKeyId err = checkPermittedDNSDomains(certTemplate, caCert) @@ -968,17 +1056,17 @@ func createCertificate(creationInfo *creationBundle) (*certutil.ParsedCertBundle return nil, errutil.UserError{Err: err.Error()} } - certBytes, err = x509.CreateCertificate(rand.Reader, certTemplate, caCert, result.PrivateKey.Public(), creationInfo.SigningBundle.PrivateKey) + certBytes, err = x509.CreateCertificate(rand.Reader, certTemplate, caCert, result.PrivateKey.Public(), data.signingBundle.PrivateKey) } else { // Creating a self-signed root - if creationInfo.MaxPathLength == 0 { + if data.params.MaxPathLength == 0 { certTemplate.MaxPathLen = 0 certTemplate.MaxPathLenZero = true } else { - certTemplate.MaxPathLen = creationInfo.MaxPathLength + certTemplate.MaxPathLen = data.params.MaxPathLength } - switch creationInfo.KeyType { + switch data.params.KeyType { case "rsa": certTemplate.SignatureAlgorithm = x509.SHA256WithRSA case "ec": @@ -1000,17 +1088,17 @@ func createCertificate(creationInfo *creationBundle) (*certutil.ParsedCertBundle return nil, errutil.InternalError{Err: fmt.Sprintf("unable to parse created certificate: %s", err)} } - if creationInfo.SigningBundle != nil { - if len(creationInfo.SigningBundle.Certificate.AuthorityKeyId) > 0 && - !bytes.Equal(creationInfo.SigningBundle.Certificate.AuthorityKeyId, creationInfo.SigningBundle.Certificate.SubjectKeyId) { + if data.signingBundle != nil { + if len(data.signingBundle.Certificate.AuthorityKeyId) > 0 && + !bytes.Equal(data.signingBundle.Certificate.AuthorityKeyId, data.signingBundle.Certificate.SubjectKeyId) { result.CAChain = []*certutil.CertBlock{ &certutil.CertBlock{ - Certificate: creationInfo.SigningBundle.Certificate, - Bytes: creationInfo.SigningBundle.CertificateBytes, + Certificate: data.signingBundle.Certificate, + Bytes: data.signingBundle.CertificateBytes, }, } - result.CAChain = append(result.CAChain, creationInfo.SigningBundle.CAChain...) + result.CAChain = append(result.CAChain, data.signingBundle.CAChain...) } } @@ -1019,29 +1107,29 @@ func createCertificate(creationInfo *creationBundle) (*certutil.ParsedCertBundle // Creates a CSR. This is currently only meant for use when // generating an intermediate certificate. -func createCSR(creationInfo *creationBundle) (*certutil.ParsedCSRBundle, error) { +func createCSR(data *dataBundle) (*certutil.ParsedCSRBundle, error) { var err error result := &certutil.ParsedCSRBundle{} - if err := certutil.GeneratePrivateKey(creationInfo.KeyType, - creationInfo.KeyBits, + if err := certutil.GeneratePrivateKey(data.params.KeyType, + data.params.KeyBits, result); err != nil { return nil, err } // Like many root CAs, other information is ignored - subject := pkix.Name{ - CommonName: creationInfo.CommonName, + csrTemplate := &x509.CertificateRequest{ + Subject: data.params.Subject, + DNSNames: data.params.DNSNames, + EmailAddresses: data.params.EmailAddresses, + IPAddresses: data.params.IPAddresses, } - csrTemplate := &x509.CertificateRequest{ - Subject: subject, - DNSNames: creationInfo.DNSNames, - EmailAddresses: creationInfo.EmailAddresses, - IPAddresses: creationInfo.IPAddresses, + if err := handleOtherCSRSANs(csrTemplate, data.params.OtherSANs); err != nil { + return nil, errutil.InternalError{Err: errwrap.Wrapf("error marshaling other SANs: {{err}}", err).Error()} } - switch creationInfo.KeyType { + switch data.params.KeyType { case "rsa": csrTemplate.SignatureAlgorithm = x509.SHA256WithRSA case "ec": @@ -1064,18 +1152,19 @@ func createCSR(creationInfo *creationBundle) (*certutil.ParsedCSRBundle, error) // Performs the heavy lifting of generating a certificate from a CSR. // Returns a ParsedCertBundle sans private keys. -func signCertificate(creationInfo *creationBundle, - csr *x509.CertificateRequest) (*certutil.ParsedCertBundle, error) { +func signCertificate(data *dataBundle) (*certutil.ParsedCertBundle, error) { switch { - case creationInfo == nil: - return nil, errutil.UserError{Err: "nil creation info given to signCertificate"} - case creationInfo.SigningBundle == nil: + case data == nil: + return nil, errutil.UserError{Err: "nil data bundle given to signCertificate"} + case data.params == nil: + return nil, errutil.UserError{Err: "nil parameters given to signCertificate"} + case data.signingBundle == nil: return nil, errutil.UserError{Err: "nil signing bundle given to signCertificate"} - case csr == nil: + case data.csr == nil: return nil, errutil.UserError{Err: "nil csr given to signCertificate"} } - err := csr.CheckSignature() + err := data.csr.CheckSignature() if err != nil { return nil, errutil.UserError{Err: "request signature invalid"} } @@ -1087,75 +1176,73 @@ func signCertificate(creationInfo *creationBundle, return nil, err } - marshaledKey, err := x509.MarshalPKIXPublicKey(csr.PublicKey) + marshaledKey, err := x509.MarshalPKIXPublicKey(data.csr.PublicKey) if err != nil { return nil, errutil.InternalError{Err: fmt.Sprintf("error marshalling public key: %s", err)} } subjKeyID := sha1.Sum(marshaledKey) - caCert := creationInfo.SigningBundle.Certificate - - subject := pkix.Name{ - CommonName: creationInfo.CommonName, - OrganizationalUnit: creationInfo.OU, - Organization: creationInfo.Organization, - } + caCert := data.signingBundle.Certificate certTemplate := &x509.Certificate{ SerialNumber: serialNumber, - Subject: subject, + Subject: data.params.Subject, NotBefore: time.Now().Add(-30 * time.Second), - NotAfter: creationInfo.NotAfter, + NotAfter: data.params.NotAfter, SubjectKeyId: subjKeyID[:], AuthorityKeyId: caCert.SubjectKeyId, } - switch creationInfo.SigningBundle.PrivateKeyType { + switch data.signingBundle.PrivateKeyType { case certutil.RSAPrivateKey: certTemplate.SignatureAlgorithm = x509.SHA256WithRSA case certutil.ECPrivateKey: certTemplate.SignatureAlgorithm = x509.ECDSAWithSHA256 } - if creationInfo.UseCSRValues { - certTemplate.Subject = csr.Subject + if data.params.UseCSRValues { + certTemplate.Subject = data.csr.Subject - certTemplate.DNSNames = csr.DNSNames - certTemplate.EmailAddresses = csr.EmailAddresses - certTemplate.IPAddresses = csr.IPAddresses + certTemplate.DNSNames = data.csr.DNSNames + certTemplate.EmailAddresses = data.csr.EmailAddresses + certTemplate.IPAddresses = data.csr.IPAddresses - certTemplate.ExtraExtensions = csr.Extensions + certTemplate.ExtraExtensions = data.csr.Extensions } else { - certTemplate.DNSNames = creationInfo.DNSNames - certTemplate.EmailAddresses = creationInfo.EmailAddresses - certTemplate.IPAddresses = creationInfo.IPAddresses + certTemplate.DNSNames = data.params.DNSNames + certTemplate.EmailAddresses = data.params.EmailAddresses + certTemplate.IPAddresses = data.params.IPAddresses } - addKeyUsages(creationInfo, certTemplate) + if err := handleOtherSANs(certTemplate, data.params.OtherSANs); err != nil { + return nil, errutil.InternalError{Err: errwrap.Wrapf("error marshaling other SANs: {{err}}", err).Error()} + } + + addKeyUsages(data, certTemplate) var certBytes []byte - certTemplate.IssuingCertificateURL = creationInfo.URLs.IssuingCertificates - certTemplate.CRLDistributionPoints = creationInfo.URLs.CRLDistributionPoints - certTemplate.OCSPServer = creationInfo.SigningBundle.URLs.OCSPServers + certTemplate.IssuingCertificateURL = data.params.URLs.IssuingCertificates + certTemplate.CRLDistributionPoints = data.params.URLs.CRLDistributionPoints + certTemplate.OCSPServer = data.signingBundle.URLs.OCSPServers - if creationInfo.IsCA { + if data.params.IsCA { certTemplate.BasicConstraintsValid = true certTemplate.IsCA = true - if creationInfo.SigningBundle.Certificate.MaxPathLen == 0 && - creationInfo.SigningBundle.Certificate.MaxPathLenZero { + if data.signingBundle.Certificate.MaxPathLen == 0 && + data.signingBundle.Certificate.MaxPathLenZero { return nil, errutil.UserError{Err: "signing certificate has a max path length of zero, and cannot issue further CA certificates"} } - certTemplate.MaxPathLen = creationInfo.MaxPathLength + certTemplate.MaxPathLen = data.params.MaxPathLength if certTemplate.MaxPathLen == 0 { certTemplate.MaxPathLenZero = true } } - if len(creationInfo.PermittedDNSDomains) > 0 { - certTemplate.PermittedDNSDomains = creationInfo.PermittedDNSDomains + if len(data.params.PermittedDNSDomains) > 0 { + certTemplate.PermittedDNSDomains = data.params.PermittedDNSDomains certTemplate.PermittedDNSDomainsCritical = true } err = checkPermittedDNSDomains(certTemplate, caCert) @@ -1163,7 +1250,7 @@ func signCertificate(creationInfo *creationBundle, return nil, errutil.UserError{Err: err.Error()} } - certBytes, err = x509.CreateCertificate(rand.Reader, certTemplate, caCert, csr.PublicKey, creationInfo.SigningBundle.PrivateKey) + certBytes, err = x509.CreateCertificate(rand.Reader, certTemplate, caCert, data.csr.PublicKey, data.signingBundle.PrivateKey) if err != nil { return nil, errutil.InternalError{Err: fmt.Sprintf("unable to create certificate: %s", err)} @@ -1175,7 +1262,7 @@ func signCertificate(creationInfo *creationBundle, return nil, errutil.InternalError{Err: fmt.Sprintf("unable to parse created certificate: %s", err)} } - result.CAChain = creationInfo.SigningBundle.GetCAChain() + result.CAChain = data.signingBundle.GetCAChain() return result, nil } @@ -1278,3 +1365,116 @@ func convertRespToPKCS8(resp *logical.Response) error { return nil } + +func handleOtherCSRSANs(in *x509.CertificateRequest, sans map[string][]string) error { + certTemplate := &x509.Certificate{ + DNSNames: in.DNSNames, + IPAddresses: in.IPAddresses, + EmailAddresses: in.EmailAddresses, + } + if err := handleOtherSANs(certTemplate, sans); err != nil { + return err + } + if len(certTemplate.ExtraExtensions) > 0 { + for _, v := range certTemplate.ExtraExtensions { + in.ExtraExtensions = append(in.ExtraExtensions, v) + } + } + return nil +} + +func handleOtherSANs(in *x509.Certificate, sans map[string][]string) error { + // If other SANs is empty we return which causes normal Go stdlib parsing + // of the other SAN types + if len(sans) == 0 { + return nil + } + + var rawValues []asn1.RawValue + + // We need to generate an IMPLICIT sequence for compatibility with OpenSSL + // -- it's an open question what the default for RFC 5280 actually is, see + // https://github.com/openssl/openssl/issues/5091 -- so we have to use + // cryptobyte because using the asn1 package's marshaling always produces + // an EXPLICIT sequence. Note that asn1 is way too magical according to + // agl, and cryptobyte is modeled after the CBB/CBS bits that agl put into + // boringssl. + for oid, vals := range sans { + for _, val := range vals { + var b cryptobyte.Builder + oidStr, err := stringToOid(oid) + if err != nil { + return err + } + b.AddASN1ObjectIdentifier(oidStr) + b.AddASN1(cbbasn1.Tag(0).ContextSpecific().Constructed(), func(b *cryptobyte.Builder) { + b.AddASN1(cbbasn1.UTF8String, func(b *cryptobyte.Builder) { + b.AddBytes([]byte(val)) + }) + }) + m, err := b.Bytes() + if err != nil { + return err + } + rawValues = append(rawValues, asn1.RawValue{Tag: 0, Class: 2, IsCompound: true, Bytes: m}) + } + } + + // If other SANs is empty we return which causes normal Go stdlib parsing + // of the other SAN types + if len(rawValues) == 0 { + return nil + } + + // Append any existing SANs, sans marshalling + rawValues = append(rawValues, marshalSANs(in.DNSNames, in.EmailAddresses, in.IPAddresses)...) + + // Marshal and add to ExtraExtensions + ext := pkix.Extension{ + // This is the defined OID for subjectAltName + Id: asn1.ObjectIdentifier{2, 5, 29, 17}, + } + var err error + ext.Value, err = asn1.Marshal(rawValues) + if err != nil { + return err + } + in.ExtraExtensions = append(in.ExtraExtensions, ext) + + return nil +} + +// Note: Taken from the Go source code since it's not public, plus changed to not marshal +// marshalSANs marshals a list of addresses into a the contents of an X.509 +// SubjectAlternativeName extension. +func marshalSANs(dnsNames, emailAddresses []string, ipAddresses []net.IP) []asn1.RawValue { + var rawValues []asn1.RawValue + for _, name := range dnsNames { + rawValues = append(rawValues, asn1.RawValue{Tag: 2, Class: 2, Bytes: []byte(name)}) + } + for _, email := range emailAddresses { + rawValues = append(rawValues, asn1.RawValue{Tag: 1, Class: 2, Bytes: []byte(email)}) + } + for _, rawIP := range ipAddresses { + // If possible, we always want to encode IPv4 addresses in 4 bytes. + ip := rawIP.To4() + if ip == nil { + ip = rawIP + } + rawValues = append(rawValues, asn1.RawValue{Tag: 7, Class: 2, Bytes: ip}) + } + return rawValues +} + +func stringToOid(in string) (asn1.ObjectIdentifier, error) { + split := strings.Split(in, ".") + ret := make(asn1.ObjectIdentifier, 0, len(split)) + for _, v := range split { + i, err := strconv.Atoi(v) + if err != nil { + return nil, err + } + ret = append(ret, i) + } + return asn1.ObjectIdentifier(ret), nil +} diff --git a/builtin/logical/pki/fields.go b/builtin/logical/pki/fields.go index 9aa1d4b556db..a236a1d05389 100644 --- a/builtin/logical/pki/fields.go +++ b/builtin/logical/pki/fields.go @@ -39,6 +39,12 @@ pkcs8 instead. Defaults to "der".`, comma-delimited list`, } + fields["other_sans"] = &framework.FieldSchema{ + Type: framework.TypeCommaStringSlice, + Description: `Requested other SANs, in an array with the format +;UTF8: for each entry.`, + } + return fields } @@ -114,6 +120,48 @@ a CA cert or signing a CA cert, not when generating a CSR for an intermediate CA.`, } + fields["ou"] = &framework.FieldSchema{ + Type: framework.TypeCommaStringSlice, + Description: `If set, OU (OrganizationalUnit) will be set to +this value.`, + } + + fields["organization"] = &framework.FieldSchema{ + Type: framework.TypeCommaStringSlice, + Description: `If set, O (Organization) will be set to +this value.`, + } + + fields["country"] = &framework.FieldSchema{ + Type: framework.TypeCommaStringSlice, + Description: `If set, Country will be set to +this value.`, + } + + fields["locality"] = &framework.FieldSchema{ + Type: framework.TypeCommaStringSlice, + Description: `If set, Locality will be set to +this value.`, + } + + fields["province"] = &framework.FieldSchema{ + Type: framework.TypeCommaStringSlice, + Description: `If set, Province will be set to +this value.`, + } + + fields["street_address"] = &framework.FieldSchema{ + Type: framework.TypeCommaStringSlice, + Description: `If set, Street Address will be set to +this value.`, + } + + fields["postal_code"] = &framework.FieldSchema{ + Type: framework.TypeCommaStringSlice, + Description: `If set, Postal Code will be set to +this value.`, + } + return fields } diff --git a/builtin/logical/pki/path_intermediate.go b/builtin/logical/pki/path_intermediate.go index 3ff1cbb4e6c0..9eb98a06bbb0 100644 --- a/builtin/logical/pki/path_intermediate.go +++ b/builtin/logical/pki/path_intermediate.go @@ -63,7 +63,12 @@ func (b *backend) pathGenerateIntermediate(ctx context.Context, req *logical.Req } var resp *logical.Response - parsedBundle, err := generateIntermediateCSR(b, role, nil, req, data) + input := &dataBundle{ + role: role, + req: req, + apiData: data, + } + parsedBundle, err := generateIntermediateCSR(b, input) if err != nil { switch err.(type) { case errutil.UserError: diff --git a/builtin/logical/pki/path_issue_sign.go b/builtin/logical/pki/path_issue_sign.go index a9daa35a12e2..df249c847ec6 100644 --- a/builtin/logical/pki/path_issue_sign.go +++ b/builtin/logical/pki/path_issue_sign.go @@ -175,12 +175,18 @@ func (b *backend) pathIssueSignCert(ctx context.Context, req *logical.Request, d "error fetching CA certificate: %s", caErr)} } + input := &dataBundle{ + req: req, + apiData: data, + role: role, + signingBundle: signingBundle, + } var parsedBundle *certutil.ParsedCertBundle var err error if useCSR { - parsedBundle, err = signCert(b, role, signingBundle, false, useCSRValues, req, data) + parsedBundle, err = signCert(b, input, false, useCSRValues) } else { - parsedBundle, err = generateCert(ctx, b, role, signingBundle, false, req, data) + parsedBundle, err = generateCert(ctx, b, input, false) } if err != nil { switch err.(type) { diff --git a/builtin/logical/pki/path_roles.go b/builtin/logical/pki/path_roles.go index d3a32e9983d6..be33be9298c6 100644 --- a/builtin/logical/pki/path_roles.go +++ b/builtin/logical/pki/path_roles.go @@ -7,6 +7,7 @@ import ( "strings" "time" + "github.com/hashicorp/errwrap" "github.com/hashicorp/vault/helper/consts" "github.com/hashicorp/vault/helper/parseutil" "github.com/hashicorp/vault/logical" @@ -114,6 +115,11 @@ CN and SANs. Defaults to true.`, Any valid IP is accepted.`, }, + "allowed_other_sans": &framework.FieldSchema{ + Type: framework.TypeCommaStringSlice, + Description: `If set, an array of allowed other names to put in SANs. These values support globbing.`, + }, + "server_flag": &framework.FieldSchema{ Type: framework.TypeBool, Default: true, @@ -187,13 +193,43 @@ include the Common Name (cn). Defaults to true.`, "ou": &framework.FieldSchema{ Type: framework.TypeCommaStringSlice, - Description: `If set, the OU (OrganizationalUnit) will be set to + Description: `If set, OU (OrganizationalUnit) will be set to this value in certificates issued by this role.`, }, "organization": &framework.FieldSchema{ Type: framework.TypeCommaStringSlice, - Description: `If set, the O (Organization) will be set to + Description: `If set, O (Organization) will be set to +this value in certificates issued by this role.`, + }, + + "country": &framework.FieldSchema{ + Type: framework.TypeCommaStringSlice, + Description: `If set, Country will be set to +this value in certificates issued by this role.`, + }, + + "locality": &framework.FieldSchema{ + Type: framework.TypeCommaStringSlice, + Description: `If set, Locality will be set to +this value in certificates issued by this role.`, + }, + + "province": &framework.FieldSchema{ + Type: framework.TypeCommaStringSlice, + Description: `If set, Province will be set to +this value in certificates issued by this role.`, + }, + + "street_address": &framework.FieldSchema{ + Type: framework.TypeCommaStringSlice, + Description: `If set, Street Address will be set to +this value in certificates issued by this role.`, + }, + + "postal_code": &framework.FieldSchema{ + Type: framework.TypeCommaStringSlice, + Description: `If set, Postal Code will be set to this value in certificates issued by this role.`, }, @@ -414,11 +450,25 @@ func (b *backend) pathRoleCreate(ctx context.Context, req *logical.Request, data KeyUsage: data.Get("key_usage").([]string), OU: data.Get("ou").([]string), Organization: data.Get("organization").([]string), + Country: data.Get("country").([]string), + Locality: data.Get("locality").([]string), + Province: data.Get("province").([]string), + StreetAddress: data.Get("street_address").([]string), + PostalCode: data.Get("postal_code").([]string), GenerateLease: new(bool), NoStore: data.Get("no_store").(bool), RequireCN: data.Get("require_cn").(bool), } + otherSANs := data.Get("allowed_other_sans").([]string) + if len(otherSANs) > 0 { + _, err := parseOtherSANs(otherSANs) + if err != nil { + return logical.ErrorResponse(errwrap.Wrapf("error parsing allowed_other_sans: {{err}}", err).Error()), nil + } + entry.AllowedOtherSANs = otherSANs + } + // no_store implies generate_lease := false if entry.NoStore { *entry.GenerateLease = false @@ -545,9 +595,15 @@ type roleEntry struct { OU []string `json:"ou_list" mapstructure:"ou"` OrganizationOld string `json:"organization,omitempty"` Organization []string `json:"organization_list" mapstructure:"organization"` + Country []string `json:"country" mapstructure:"country"` + Locality []string `json:"locality" mapstructure:"locality"` + Province []string `json:"province" mapstructure:"province"` + StreetAddress []string `json:"street_address" mapstructure:"street_address"` + PostalCode []string `json:"postal_code" mapstructure:"postal_code"` GenerateLease *bool `json:"generate_lease,omitempty"` NoStore bool `json:"no_store" mapstructure:"no_store"` RequireCN bool `json:"require_cn" mapstructure:"require_cn"` + AllowedOtherSANs []string `json:"allowed_other_sans" mapstructure:"allowed_other_sans"` // Used internally for signing intermediates AllowExpirationPastCA bool @@ -577,7 +633,13 @@ func (r *roleEntry) ToResponseData() map[string]interface{} { "key_usage": r.KeyUsage, "ou": r.OU, "organization": r.Organization, + "country": r.Country, + "locality": r.Locality, + "province": r.Province, + "street_address": r.StreetAddress, + "postal_code": r.PostalCode, "no_store": r.NoStore, + "allowed_other_sans": r.AllowedOtherSANs, } if r.MaxPathLength != nil { responseData["max_path_length"] = r.MaxPathLength diff --git a/builtin/logical/pki/path_root.go b/builtin/logical/pki/path_root.go index b271764c07e7..ce89fd2bfe8f 100644 --- a/builtin/logical/pki/path_root.go +++ b/builtin/logical/pki/path_root.go @@ -136,7 +136,12 @@ func (b *backend) pathCAGenerateRoot(ctx context.Context, req *logical.Request, role.MaxPathLength = &maxPathLength } - parsedBundle, err := generateCert(ctx, b, role, nil, true, req, data) + input := &dataBundle{ + req: req, + apiData: data, + role: role, + } + parsedBundle, err := generateCert(ctx, b, input, true) if err != nil { switch err.(type) { case errutil.UserError: @@ -247,6 +252,13 @@ func (b *backend) pathCASignIntermediate(ctx context.Context, req *logical.Reque } role := &roleEntry{ + OU: data.Get("ou").([]string), + Organization: data.Get("organization").([]string), + Country: data.Get("country").([]string), + Locality: data.Get("locality").([]string), + Province: data.Get("province").([]string), + StreetAddress: data.Get("street_address").([]string), + PostalCode: data.Get("postal_code").([]string), TTL: (time.Duration(data.Get("ttl").(int)) * time.Second).String(), AllowLocalhost: true, AllowAnyName: true, @@ -279,7 +291,13 @@ func (b *backend) pathCASignIntermediate(ctx context.Context, req *logical.Reque role.MaxPathLength = &maxPathLength } - parsedBundle, err := signCert(b, role, signingBundle, true, useCSRValues, req, data) + input := &dataBundle{ + req: req, + apiData: data, + signingBundle: signingBundle, + role: role, + } + parsedBundle, err := signCert(b, input, true, useCSRValues) if err != nil { switch err.(type) { case errutil.UserError: diff --git a/helper/parseutil/parseutil.go b/helper/parseutil/parseutil.go index ad5a96f641ae..464b50899cf9 100644 --- a/helper/parseutil/parseutil.go +++ b/helper/parseutil/parseutil.go @@ -7,6 +7,7 @@ import ( "strings" "time" + "github.com/hashicorp/vault/helper/strutil" "github.com/mitchellh/mapstructure" ) @@ -100,3 +101,20 @@ func ParseBool(in interface{}) (bool, error) { } return result, nil } + +func ParseCommaStringSlice(in interface{}) ([]string, error) { + var result []string + config := &mapstructure.DecoderConfig{ + Result: &result, + WeaklyTypedInput: true, + DecodeHook: mapstructure.StringToSliceHookFunc(","), + } + decoder, err := mapstructure.NewDecoder(config) + if err != nil { + return nil, err + } + if err := decoder.Decode(in); err != nil { + return nil, err + } + return strutil.TrimStrings(result), nil +} diff --git a/logical/framework/field_data.go b/logical/framework/field_data.go index 1d03c335e8d6..ac28a545220a 100644 --- a/logical/framework/field_data.go +++ b/logical/framework/field_data.go @@ -224,20 +224,11 @@ func (d *FieldData) getPrimitive( return strutil.TrimStrings(result), true, nil case TypeCommaStringSlice: - var result []string - config := &mapstructure.DecoderConfig{ - Result: &result, - WeaklyTypedInput: true, - DecodeHook: mapstructure.StringToSliceHookFunc(","), - } - decoder, err := mapstructure.NewDecoder(config) + res, err := parseutil.ParseCommaStringSlice(raw) if err != nil { return nil, false, err } - if err := decoder.Decode(raw); err != nil { - return nil, false, err - } - return strutil.TrimStrings(result), true, nil + return res, true, nil case TypeKVPairs: // First try to parse this as a map diff --git a/vendor/golang.org/x/crypto/cryptobyte/asn1.go b/vendor/golang.org/x/crypto/cryptobyte/asn1.go new file mode 100644 index 000000000000..88ec8b4fbf85 --- /dev/null +++ b/vendor/golang.org/x/crypto/cryptobyte/asn1.go @@ -0,0 +1,732 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package cryptobyte + +import ( + encoding_asn1 "encoding/asn1" + "fmt" + "math/big" + "reflect" + "time" + + "golang.org/x/crypto/cryptobyte/asn1" +) + +// This file contains ASN.1-related methods for String and Builder. + +// Builder + +// AddASN1Int64 appends a DER-encoded ASN.1 INTEGER. +func (b *Builder) AddASN1Int64(v int64) { + b.addASN1Signed(asn1.INTEGER, v) +} + +// AddASN1Enum appends a DER-encoded ASN.1 ENUMERATION. +func (b *Builder) AddASN1Enum(v int64) { + b.addASN1Signed(asn1.ENUM, v) +} + +func (b *Builder) addASN1Signed(tag asn1.Tag, v int64) { + b.AddASN1(tag, func(c *Builder) { + length := 1 + for i := v; i >= 0x80 || i < -0x80; i >>= 8 { + length++ + } + + for ; length > 0; length-- { + i := v >> uint((length-1)*8) & 0xff + c.AddUint8(uint8(i)) + } + }) +} + +// AddASN1Uint64 appends a DER-encoded ASN.1 INTEGER. +func (b *Builder) AddASN1Uint64(v uint64) { + b.AddASN1(asn1.INTEGER, func(c *Builder) { + length := 1 + for i := v; i >= 0x80; i >>= 8 { + length++ + } + + for ; length > 0; length-- { + i := v >> uint((length-1)*8) & 0xff + c.AddUint8(uint8(i)) + } + }) +} + +// AddASN1BigInt appends a DER-encoded ASN.1 INTEGER. +func (b *Builder) AddASN1BigInt(n *big.Int) { + if b.err != nil { + return + } + + b.AddASN1(asn1.INTEGER, func(c *Builder) { + if n.Sign() < 0 { + // A negative number has to be converted to two's-complement form. So we + // invert and subtract 1. If the most-significant-bit isn't set then + // we'll need to pad the beginning with 0xff in order to keep the number + // negative. + nMinus1 := new(big.Int).Neg(n) + nMinus1.Sub(nMinus1, bigOne) + bytes := nMinus1.Bytes() + for i := range bytes { + bytes[i] ^= 0xff + } + if bytes[0]&0x80 == 0 { + c.add(0xff) + } + c.add(bytes...) + } else if n.Sign() == 0 { + c.add(0) + } else { + bytes := n.Bytes() + if bytes[0]&0x80 != 0 { + c.add(0) + } + c.add(bytes...) + } + }) +} + +// AddASN1OctetString appends a DER-encoded ASN.1 OCTET STRING. +func (b *Builder) AddASN1OctetString(bytes []byte) { + b.AddASN1(asn1.OCTET_STRING, func(c *Builder) { + c.AddBytes(bytes) + }) +} + +const generalizedTimeFormatStr = "20060102150405Z0700" + +// AddASN1GeneralizedTime appends a DER-encoded ASN.1 GENERALIZEDTIME. +func (b *Builder) AddASN1GeneralizedTime(t time.Time) { + if t.Year() < 0 || t.Year() > 9999 { + b.err = fmt.Errorf("cryptobyte: cannot represent %v as a GeneralizedTime", t) + return + } + b.AddASN1(asn1.GeneralizedTime, func(c *Builder) { + c.AddBytes([]byte(t.Format(generalizedTimeFormatStr))) + }) +} + +// AddASN1BitString appends a DER-encoded ASN.1 BIT STRING. This does not +// support BIT STRINGs that are not a whole number of bytes. +func (b *Builder) AddASN1BitString(data []byte) { + b.AddASN1(asn1.BIT_STRING, func(b *Builder) { + b.AddUint8(0) + b.AddBytes(data) + }) +} + +func (b *Builder) addBase128Int(n int64) { + var length int + if n == 0 { + length = 1 + } else { + for i := n; i > 0; i >>= 7 { + length++ + } + } + + for i := length - 1; i >= 0; i-- { + o := byte(n >> uint(i*7)) + o &= 0x7f + if i != 0 { + o |= 0x80 + } + + b.add(o) + } +} + +func isValidOID(oid encoding_asn1.ObjectIdentifier) bool { + if len(oid) < 2 { + return false + } + + if oid[0] > 2 || (oid[0] <= 1 && oid[1] >= 40) { + return false + } + + for _, v := range oid { + if v < 0 { + return false + } + } + + return true +} + +func (b *Builder) AddASN1ObjectIdentifier(oid encoding_asn1.ObjectIdentifier) { + b.AddASN1(asn1.OBJECT_IDENTIFIER, func(b *Builder) { + if !isValidOID(oid) { + b.err = fmt.Errorf("cryptobyte: invalid OID: %v", oid) + return + } + + b.addBase128Int(int64(oid[0])*40 + int64(oid[1])) + for _, v := range oid[2:] { + b.addBase128Int(int64(v)) + } + }) +} + +func (b *Builder) AddASN1Boolean(v bool) { + b.AddASN1(asn1.BOOLEAN, func(b *Builder) { + if v { + b.AddUint8(0xff) + } else { + b.AddUint8(0) + } + }) +} + +func (b *Builder) AddASN1NULL() { + b.add(uint8(asn1.NULL), 0) +} + +// MarshalASN1 calls encoding_asn1.Marshal on its input and appends the result if +// successful or records an error if one occurred. +func (b *Builder) MarshalASN1(v interface{}) { + // NOTE(martinkr): This is somewhat of a hack to allow propagation of + // encoding_asn1.Marshal errors into Builder.err. N.B. if you call MarshalASN1 with a + // value embedded into a struct, its tag information is lost. + if b.err != nil { + return + } + bytes, err := encoding_asn1.Marshal(v) + if err != nil { + b.err = err + return + } + b.AddBytes(bytes) +} + +// AddASN1 appends an ASN.1 object. The object is prefixed with the given tag. +// Tags greater than 30 are not supported and result in an error (i.e. +// low-tag-number form only). The child builder passed to the +// BuilderContinuation can be used to build the content of the ASN.1 object. +func (b *Builder) AddASN1(tag asn1.Tag, f BuilderContinuation) { + if b.err != nil { + return + } + // Identifiers with the low five bits set indicate high-tag-number format + // (two or more octets), which we don't support. + if tag&0x1f == 0x1f { + b.err = fmt.Errorf("cryptobyte: high-tag number identifier octects not supported: 0x%x", tag) + return + } + b.AddUint8(uint8(tag)) + b.addLengthPrefixed(1, true, f) +} + +// String + +func (s *String) ReadASN1Boolean(out *bool) bool { + var bytes String + if !s.ReadASN1(&bytes, asn1.INTEGER) || len(bytes) != 1 { + return false + } + + switch bytes[0] { + case 0: + *out = false + case 0xff: + *out = true + default: + return false + } + + return true +} + +var bigIntType = reflect.TypeOf((*big.Int)(nil)).Elem() + +// ReadASN1Integer decodes an ASN.1 INTEGER into out and advances. If out does +// not point to an integer or to a big.Int, it panics. It returns true on +// success and false on error. +func (s *String) ReadASN1Integer(out interface{}) bool { + if reflect.TypeOf(out).Kind() != reflect.Ptr { + panic("out is not a pointer") + } + switch reflect.ValueOf(out).Elem().Kind() { + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + var i int64 + if !s.readASN1Int64(&i) || reflect.ValueOf(out).Elem().OverflowInt(i) { + return false + } + reflect.ValueOf(out).Elem().SetInt(i) + return true + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64: + var u uint64 + if !s.readASN1Uint64(&u) || reflect.ValueOf(out).Elem().OverflowUint(u) { + return false + } + reflect.ValueOf(out).Elem().SetUint(u) + return true + case reflect.Struct: + if reflect.TypeOf(out).Elem() == bigIntType { + return s.readASN1BigInt(out.(*big.Int)) + } + } + panic("out does not point to an integer type") +} + +func checkASN1Integer(bytes []byte) bool { + if len(bytes) == 0 { + // An INTEGER is encoded with at least one octet. + return false + } + if len(bytes) == 1 { + return true + } + if bytes[0] == 0 && bytes[1]&0x80 == 0 || bytes[0] == 0xff && bytes[1]&0x80 == 0x80 { + // Value is not minimally encoded. + return false + } + return true +} + +var bigOne = big.NewInt(1) + +func (s *String) readASN1BigInt(out *big.Int) bool { + var bytes String + if !s.ReadASN1(&bytes, asn1.INTEGER) || !checkASN1Integer(bytes) { + return false + } + if bytes[0]&0x80 == 0x80 { + // Negative number. + neg := make([]byte, len(bytes)) + for i, b := range bytes { + neg[i] = ^b + } + out.SetBytes(neg) + out.Add(out, bigOne) + out.Neg(out) + } else { + out.SetBytes(bytes) + } + return true +} + +func (s *String) readASN1Int64(out *int64) bool { + var bytes String + if !s.ReadASN1(&bytes, asn1.INTEGER) || !checkASN1Integer(bytes) || !asn1Signed(out, bytes) { + return false + } + return true +} + +func asn1Signed(out *int64, n []byte) bool { + length := len(n) + if length > 8 { + return false + } + for i := 0; i < length; i++ { + *out <<= 8 + *out |= int64(n[i]) + } + // Shift up and down in order to sign extend the result. + *out <<= 64 - uint8(length)*8 + *out >>= 64 - uint8(length)*8 + return true +} + +func (s *String) readASN1Uint64(out *uint64) bool { + var bytes String + if !s.ReadASN1(&bytes, asn1.INTEGER) || !checkASN1Integer(bytes) || !asn1Unsigned(out, bytes) { + return false + } + return true +} + +func asn1Unsigned(out *uint64, n []byte) bool { + length := len(n) + if length > 9 || length == 9 && n[0] != 0 { + // Too large for uint64. + return false + } + if n[0]&0x80 != 0 { + // Negative number. + return false + } + for i := 0; i < length; i++ { + *out <<= 8 + *out |= uint64(n[i]) + } + return true +} + +// ReadASN1Enum decodes an ASN.1 ENUMERATION into out and advances. It returns +// true on success and false on error. +func (s *String) ReadASN1Enum(out *int) bool { + var bytes String + var i int64 + if !s.ReadASN1(&bytes, asn1.ENUM) || !checkASN1Integer(bytes) || !asn1Signed(&i, bytes) { + return false + } + if int64(int(i)) != i { + return false + } + *out = int(i) + return true +} + +func (s *String) readBase128Int(out *int) bool { + ret := 0 + for i := 0; len(*s) > 0; i++ { + if i == 4 { + return false + } + ret <<= 7 + b := s.read(1)[0] + ret |= int(b & 0x7f) + if b&0x80 == 0 { + *out = ret + return true + } + } + return false // truncated +} + +// ReadASN1ObjectIdentifier decodes an ASN.1 OBJECT IDENTIFIER into out and +// advances. It returns true on success and false on error. +func (s *String) ReadASN1ObjectIdentifier(out *encoding_asn1.ObjectIdentifier) bool { + var bytes String + if !s.ReadASN1(&bytes, asn1.OBJECT_IDENTIFIER) || len(bytes) == 0 { + return false + } + + // In the worst case, we get two elements from the first byte (which is + // encoded differently) and then every varint is a single byte long. + components := make([]int, len(bytes)+1) + + // The first varint is 40*value1 + value2: + // According to this packing, value1 can take the values 0, 1 and 2 only. + // When value1 = 0 or value1 = 1, then value2 is <= 39. When value1 = 2, + // then there are no restrictions on value2. + var v int + if !bytes.readBase128Int(&v) { + return false + } + if v < 80 { + components[0] = v / 40 + components[1] = v % 40 + } else { + components[0] = 2 + components[1] = v - 80 + } + + i := 2 + for ; len(bytes) > 0; i++ { + if !bytes.readBase128Int(&v) { + return false + } + components[i] = v + } + *out = components[:i] + return true +} + +// ReadASN1GeneralizedTime decodes an ASN.1 GENERALIZEDTIME into out and +// advances. It returns true on success and false on error. +func (s *String) ReadASN1GeneralizedTime(out *time.Time) bool { + var bytes String + if !s.ReadASN1(&bytes, asn1.GeneralizedTime) { + return false + } + t := string(bytes) + res, err := time.Parse(generalizedTimeFormatStr, t) + if err != nil { + return false + } + if serialized := res.Format(generalizedTimeFormatStr); serialized != t { + return false + } + *out = res + return true +} + +// ReadASN1BitString decodes an ASN.1 BIT STRING into out and advances. It +// returns true on success and false on error. +func (s *String) ReadASN1BitString(out *encoding_asn1.BitString) bool { + var bytes String + if !s.ReadASN1(&bytes, asn1.BIT_STRING) || len(bytes) == 0 { + return false + } + + paddingBits := uint8(bytes[0]) + bytes = bytes[1:] + if paddingBits > 7 || + len(bytes) == 0 && paddingBits != 0 || + len(bytes) > 0 && bytes[len(bytes)-1]&(1< 4 || len(*s) < int(2+lenLen) { + return false + } + + lenBytes := String((*s)[2 : 2+lenLen]) + if !lenBytes.readUnsigned(&len32, int(lenLen)) { + return false + } + + // ITU-T X.690 section 10.1 (DER length forms) requires encoding the length + // with the minimum number of octets. + if len32 < 128 { + // Length should have used short-form encoding. + return false + } + if len32>>((lenLen-1)*8) == 0 { + // Leading octet is 0. Length should have been at least one byte shorter. + return false + } + + headerLen = 2 + uint32(lenLen) + if headerLen+len32 < len32 { + // Overflow. + return false + } + length = headerLen + len32 + } + + if uint32(int(length)) != length || !s.ReadBytes((*[]byte)(out), int(length)) { + return false + } + if skipHeader && !out.Skip(int(headerLen)) { + panic("cryptobyte: internal error") + } + + return true +} diff --git a/vendor/golang.org/x/crypto/cryptobyte/asn1/asn1.go b/vendor/golang.org/x/crypto/cryptobyte/asn1/asn1.go new file mode 100644 index 000000000000..cda8e3edfd5e --- /dev/null +++ b/vendor/golang.org/x/crypto/cryptobyte/asn1/asn1.go @@ -0,0 +1,46 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Package asn1 contains supporting types for parsing and building ASN.1 +// messages with the cryptobyte package. +package asn1 // import "golang.org/x/crypto/cryptobyte/asn1" + +// Tag represents an ASN.1 identifier octet, consisting of a tag number +// (indicating a type) and class (such as context-specific or constructed). +// +// Methods in the cryptobyte package only support the low-tag-number form, i.e. +// a single identifier octet with bits 7-8 encoding the class and bits 1-6 +// encoding the tag number. +type Tag uint8 + +const ( + classConstructed = 0x20 + classContextSpecific = 0x80 +) + +// Constructed returns t with the constructed class bit set. +func (t Tag) Constructed() Tag { return t | classConstructed } + +// ContextSpecific returns t with the context-specific class bit set. +func (t Tag) ContextSpecific() Tag { return t | classContextSpecific } + +// The following is a list of standard tag and class combinations. +const ( + BOOLEAN = Tag(1) + INTEGER = Tag(2) + BIT_STRING = Tag(3) + OCTET_STRING = Tag(4) + NULL = Tag(5) + OBJECT_IDENTIFIER = Tag(6) + ENUM = Tag(10) + UTF8String = Tag(12) + SEQUENCE = Tag(16 | classConstructed) + SET = Tag(17 | classConstructed) + PrintableString = Tag(19) + T61String = Tag(20) + IA5String = Tag(22) + UTCTime = Tag(23) + GeneralizedTime = Tag(24) + GeneralString = Tag(27) +) diff --git a/vendor/golang.org/x/crypto/cryptobyte/builder.go b/vendor/golang.org/x/crypto/cryptobyte/builder.go new file mode 100644 index 000000000000..29b4c7641279 --- /dev/null +++ b/vendor/golang.org/x/crypto/cryptobyte/builder.go @@ -0,0 +1,309 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package cryptobyte + +import ( + "errors" + "fmt" +) + +// A Builder builds byte strings from fixed-length and length-prefixed values. +// Builders either allocate space as needed, or are ‘fixed’, which means that +// they write into a given buffer and produce an error if it's exhausted. +// +// The zero value is a usable Builder that allocates space as needed. +// +// Simple values are marshaled and appended to a Builder using methods on the +// Builder. Length-prefixed values are marshaled by providing a +// BuilderContinuation, which is a function that writes the inner contents of +// the value to a given Builder. See the documentation for BuilderContinuation +// for details. +type Builder struct { + err error + result []byte + fixedSize bool + child *Builder + offset int + pendingLenLen int + pendingIsASN1 bool + inContinuation *bool +} + +// NewBuilder creates a Builder that appends its output to the given buffer. +// Like append(), the slice will be reallocated if its capacity is exceeded. +// Use Bytes to get the final buffer. +func NewBuilder(buffer []byte) *Builder { + return &Builder{ + result: buffer, + } +} + +// NewFixedBuilder creates a Builder that appends its output into the given +// buffer. This builder does not reallocate the output buffer. Writes that +// would exceed the buffer's capacity are treated as an error. +func NewFixedBuilder(buffer []byte) *Builder { + return &Builder{ + result: buffer, + fixedSize: true, + } +} + +// Bytes returns the bytes written by the builder or an error if one has +// occurred during during building. +func (b *Builder) Bytes() ([]byte, error) { + if b.err != nil { + return nil, b.err + } + return b.result[b.offset:], nil +} + +// BytesOrPanic returns the bytes written by the builder or panics if an error +// has occurred during building. +func (b *Builder) BytesOrPanic() []byte { + if b.err != nil { + panic(b.err) + } + return b.result[b.offset:] +} + +// AddUint8 appends an 8-bit value to the byte string. +func (b *Builder) AddUint8(v uint8) { + b.add(byte(v)) +} + +// AddUint16 appends a big-endian, 16-bit value to the byte string. +func (b *Builder) AddUint16(v uint16) { + b.add(byte(v>>8), byte(v)) +} + +// AddUint24 appends a big-endian, 24-bit value to the byte string. The highest +// byte of the 32-bit input value is silently truncated. +func (b *Builder) AddUint24(v uint32) { + b.add(byte(v>>16), byte(v>>8), byte(v)) +} + +// AddUint32 appends a big-endian, 32-bit value to the byte string. +func (b *Builder) AddUint32(v uint32) { + b.add(byte(v>>24), byte(v>>16), byte(v>>8), byte(v)) +} + +// AddBytes appends a sequence of bytes to the byte string. +func (b *Builder) AddBytes(v []byte) { + b.add(v...) +} + +// BuilderContinuation is continuation-passing interface for building +// length-prefixed byte sequences. Builder methods for length-prefixed +// sequences (AddUint8LengthPrefixed etc) will invoke the BuilderContinuation +// supplied to them. The child builder passed to the continuation can be used +// to build the content of the length-prefixed sequence. For example: +// +// parent := cryptobyte.NewBuilder() +// parent.AddUint8LengthPrefixed(func (child *Builder) { +// child.AddUint8(42) +// child.AddUint8LengthPrefixed(func (grandchild *Builder) { +// grandchild.AddUint8(5) +// }) +// }) +// +// It is an error to write more bytes to the child than allowed by the reserved +// length prefix. After the continuation returns, the child must be considered +// invalid, i.e. users must not store any copies or references of the child +// that outlive the continuation. +// +// If the continuation panics with a value of type BuildError then the inner +// error will be returned as the error from Bytes. If the child panics +// otherwise then Bytes will repanic with the same value. +type BuilderContinuation func(child *Builder) + +// BuildError wraps an error. If a BuilderContinuation panics with this value, +// the panic will be recovered and the inner error will be returned from +// Builder.Bytes. +type BuildError struct { + Err error +} + +// AddUint8LengthPrefixed adds a 8-bit length-prefixed byte sequence. +func (b *Builder) AddUint8LengthPrefixed(f BuilderContinuation) { + b.addLengthPrefixed(1, false, f) +} + +// AddUint16LengthPrefixed adds a big-endian, 16-bit length-prefixed byte sequence. +func (b *Builder) AddUint16LengthPrefixed(f BuilderContinuation) { + b.addLengthPrefixed(2, false, f) +} + +// AddUint24LengthPrefixed adds a big-endian, 24-bit length-prefixed byte sequence. +func (b *Builder) AddUint24LengthPrefixed(f BuilderContinuation) { + b.addLengthPrefixed(3, false, f) +} + +// AddUint32LengthPrefixed adds a big-endian, 32-bit length-prefixed byte sequence. +func (b *Builder) AddUint32LengthPrefixed(f BuilderContinuation) { + b.addLengthPrefixed(4, false, f) +} + +func (b *Builder) callContinuation(f BuilderContinuation, arg *Builder) { + if !*b.inContinuation { + *b.inContinuation = true + + defer func() { + *b.inContinuation = false + + r := recover() + if r == nil { + return + } + + if buildError, ok := r.(BuildError); ok { + b.err = buildError.Err + } else { + panic(r) + } + }() + } + + f(arg) +} + +func (b *Builder) addLengthPrefixed(lenLen int, isASN1 bool, f BuilderContinuation) { + // Subsequent writes can be ignored if the builder has encountered an error. + if b.err != nil { + return + } + + offset := len(b.result) + b.add(make([]byte, lenLen)...) + + if b.inContinuation == nil { + b.inContinuation = new(bool) + } + + b.child = &Builder{ + result: b.result, + fixedSize: b.fixedSize, + offset: offset, + pendingLenLen: lenLen, + pendingIsASN1: isASN1, + inContinuation: b.inContinuation, + } + + b.callContinuation(f, b.child) + b.flushChild() + if b.child != nil { + panic("cryptobyte: internal error") + } +} + +func (b *Builder) flushChild() { + if b.child == nil { + return + } + b.child.flushChild() + child := b.child + b.child = nil + + if child.err != nil { + b.err = child.err + return + } + + length := len(child.result) - child.pendingLenLen - child.offset + + if length < 0 { + panic("cryptobyte: internal error") // result unexpectedly shrunk + } + + if child.pendingIsASN1 { + // For ASN.1, we reserved a single byte for the length. If that turned out + // to be incorrect, we have to move the contents along in order to make + // space. + if child.pendingLenLen != 1 { + panic("cryptobyte: internal error") + } + var lenLen, lenByte uint8 + if int64(length) > 0xfffffffe { + b.err = errors.New("pending ASN.1 child too long") + return + } else if length > 0xffffff { + lenLen = 5 + lenByte = 0x80 | 4 + } else if length > 0xffff { + lenLen = 4 + lenByte = 0x80 | 3 + } else if length > 0xff { + lenLen = 3 + lenByte = 0x80 | 2 + } else if length > 0x7f { + lenLen = 2 + lenByte = 0x80 | 1 + } else { + lenLen = 1 + lenByte = uint8(length) + length = 0 + } + + // Insert the initial length byte, make space for successive length bytes, + // and adjust the offset. + child.result[child.offset] = lenByte + extraBytes := int(lenLen - 1) + if extraBytes != 0 { + child.add(make([]byte, extraBytes)...) + childStart := child.offset + child.pendingLenLen + copy(child.result[childStart+extraBytes:], child.result[childStart:]) + } + child.offset++ + child.pendingLenLen = extraBytes + } + + l := length + for i := child.pendingLenLen - 1; i >= 0; i-- { + child.result[child.offset+i] = uint8(l) + l >>= 8 + } + if l != 0 { + b.err = fmt.Errorf("cryptobyte: pending child length %d exceeds %d-byte length prefix", length, child.pendingLenLen) + return + } + + if !b.fixedSize { + b.result = child.result // In case child reallocated result. + } +} + +func (b *Builder) add(bytes ...byte) { + if b.err != nil { + return + } + if b.child != nil { + panic("attempted write while child is pending") + } + if len(b.result)+len(bytes) < len(bytes) { + b.err = errors.New("cryptobyte: length overflow") + } + if b.fixedSize && len(b.result)+len(bytes) > cap(b.result) { + b.err = errors.New("cryptobyte: Builder is exceeding its fixed-size buffer") + return + } + b.result = append(b.result, bytes...) +} + +// A MarshalingValue marshals itself into a Builder. +type MarshalingValue interface { + // Marshal is called by Builder.AddValue. It receives a pointer to a builder + // to marshal itself into. It may return an error that occurred during + // marshaling, such as unset or invalid values. + Marshal(b *Builder) error +} + +// AddValue calls Marshal on v, passing a pointer to the builder to append to. +// If Marshal returns an error, it is set on the Builder so that subsequent +// appends don't have an effect. +func (b *Builder) AddValue(v MarshalingValue) { + err := v.Marshal(b) + if err != nil { + b.err = err + } +} diff --git a/vendor/golang.org/x/crypto/cryptobyte/string.go b/vendor/golang.org/x/crypto/cryptobyte/string.go new file mode 100644 index 000000000000..7636fb9c8a87 --- /dev/null +++ b/vendor/golang.org/x/crypto/cryptobyte/string.go @@ -0,0 +1,167 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Package cryptobyte contains types that help with parsing and constructing +// length-prefixed, binary messages, including ASN.1 DER. (The asn1 subpackage +// contains useful ASN.1 constants.) +// +// The String type is for parsing. It wraps a []byte slice and provides helper +// functions for consuming structures, value by value. +// +// The Builder type is for constructing messages. It providers helper functions +// for appending values and also for appending length-prefixed submessages – +// without having to worry about calculating the length prefix ahead of time. +// +// See the documentation and examples for the Builder and String types to get +// started. +package cryptobyte // import "golang.org/x/crypto/cryptobyte" + +// String represents a string of bytes. It provides methods for parsing +// fixed-length and length-prefixed values from it. +type String []byte + +// read advances a String by n bytes and returns them. If less than n bytes +// remain, it returns nil. +func (s *String) read(n int) []byte { + if len(*s) < n { + return nil + } + v := (*s)[:n] + *s = (*s)[n:] + return v +} + +// Skip advances the String by n byte and reports whether it was successful. +func (s *String) Skip(n int) bool { + return s.read(n) != nil +} + +// ReadUint8 decodes an 8-bit value into out and advances over it. It +// returns true on success and false on error. +func (s *String) ReadUint8(out *uint8) bool { + v := s.read(1) + if v == nil { + return false + } + *out = uint8(v[0]) + return true +} + +// ReadUint16 decodes a big-endian, 16-bit value into out and advances over it. +// It returns true on success and false on error. +func (s *String) ReadUint16(out *uint16) bool { + v := s.read(2) + if v == nil { + return false + } + *out = uint16(v[0])<<8 | uint16(v[1]) + return true +} + +// ReadUint24 decodes a big-endian, 24-bit value into out and advances over it. +// It returns true on success and false on error. +func (s *String) ReadUint24(out *uint32) bool { + v := s.read(3) + if v == nil { + return false + } + *out = uint32(v[0])<<16 | uint32(v[1])<<8 | uint32(v[2]) + return true +} + +// ReadUint32 decodes a big-endian, 32-bit value into out and advances over it. +// It returns true on success and false on error. +func (s *String) ReadUint32(out *uint32) bool { + v := s.read(4) + if v == nil { + return false + } + *out = uint32(v[0])<<24 | uint32(v[1])<<16 | uint32(v[2])<<8 | uint32(v[3]) + return true +} + +func (s *String) readUnsigned(out *uint32, length int) bool { + v := s.read(length) + if v == nil { + return false + } + var result uint32 + for i := 0; i < length; i++ { + result <<= 8 + result |= uint32(v[i]) + } + *out = result + return true +} + +func (s *String) readLengthPrefixed(lenLen int, outChild *String) bool { + lenBytes := s.read(lenLen) + if lenBytes == nil { + return false + } + var length uint32 + for _, b := range lenBytes { + length = length << 8 + length = length | uint32(b) + } + if int(length) < 0 { + // This currently cannot overflow because we read uint24 at most, but check + // anyway in case that changes in the future. + return false + } + v := s.read(int(length)) + if v == nil { + return false + } + *outChild = v + return true +} + +// ReadUint8LengthPrefixed reads the content of an 8-bit length-prefixed value +// into out and advances over it. It returns true on success and false on +// error. +func (s *String) ReadUint8LengthPrefixed(out *String) bool { + return s.readLengthPrefixed(1, out) +} + +// ReadUint16LengthPrefixed reads the content of a big-endian, 16-bit +// length-prefixed value into out and advances over it. It returns true on +// success and false on error. +func (s *String) ReadUint16LengthPrefixed(out *String) bool { + return s.readLengthPrefixed(2, out) +} + +// ReadUint24LengthPrefixed reads the content of a big-endian, 24-bit +// length-prefixed value into out and advances over it. It returns true on +// success and false on error. +func (s *String) ReadUint24LengthPrefixed(out *String) bool { + return s.readLengthPrefixed(3, out) +} + +// ReadBytes reads n bytes into out and advances over them. It returns true on +// success and false and error. +func (s *String) ReadBytes(out *[]byte, n int) bool { + v := s.read(n) + if v == nil { + return false + } + *out = v + return true +} + +// CopyBytes copies len(out) bytes into out and advances over them. It returns +// true on success and false on error. +func (s *String) CopyBytes(out []byte) bool { + n := len(out) + v := s.read(n) + if v == nil { + return false + } + return copy(out, v) == n +} + +// Empty reports whether the string does not contain any bytes. +func (s String) Empty() bool { + return len(s) == 0 +} diff --git a/vendor/vendor.json b/vendor/vendor.json index bd0e0a2525eb..80d06e8b3355 100644 --- a/vendor/vendor.json +++ b/vendor/vendor.json @@ -1716,6 +1716,18 @@ "revision": "5119cf507ed5294cc409c092980c7497ee5d6fd2", "revisionTime": "2018-01-22T10:39:14Z" }, + { + "checksumSHA1": "t3UubYn5RuLw3vTUghV1Q1Q9VEY=", + "path": "golang.org/x/crypto/cryptobyte", + "revision": "1875d0a70c90e57f11972aefd42276df65e895b9", + "revisionTime": "2018-01-27T19:02:20Z" + }, + { + "checksumSHA1": "YEoV2AiZZPDuF7pMVzDt7buS9gc=", + "path": "golang.org/x/crypto/cryptobyte/asn1", + "revision": "1875d0a70c90e57f11972aefd42276df65e895b9", + "revisionTime": "2018-01-27T19:02:20Z" + }, { "checksumSHA1": "1zB843WyoSh8oMdbeDfgByEa2TE=", "path": "golang.org/x/crypto/chacha20poly1305", diff --git a/website/source/api/secret/pki/index.html.md b/website/source/api/secret/pki/index.html.md index 3b704c2af55d..0a660ae296fe 100644 --- a/website/source/api/secret/pki/index.html.md +++ b/website/source/api/secret/pki/index.html.md @@ -435,6 +435,12 @@ can be set in a CSR are supported. - `ip_sans` `(string: "")` – Specifies the requested IP Subject Alternative Names, in a comma-delimited list. +- `other_sans` `(string: "")` – Specifies custom OID/UTF8-string SANs. These + must match values specified on the role in `allowed_other_sans` (globbing + allowed). The format is the same as OpenSSL: `;:` where the + only current valid type is `UTF8`. This can be a comma-delimited list or a + JSON string slice. + - `format` `(string: "")` – Specifies the format for returned data. This can be `pem`, `der`, or `pem_bundle`; defaults to `pem`. If `der`, the output is base64 encoded. If `pem_bundle`, the `csr` field will contain the private key @@ -456,6 +462,34 @@ can be set in a CSR are supported. Useful if the CN is not a hostname or email address, but is instead some human-readable identifier. +- `ou` `(string: "")` – Specifies the OU (OrganizationalUnit) values in the + subject field of the resulting CSR. This is a comma-separated string + or JSON array. + +- `organization` `(string: "")` – Specifies the O (Organization) values in the + subject field of the resulting CSR. This is a comma-separated string + or JSON array. + +- `country` `(string: "")` – Specifies the C (Country) values in the subject + field of the resulting CSR. This is a comma-separated string or JSON + array. + +- `locality` `(string: "")` – Specifies the L (Locality) values in the subject + field of the resulting CSR. This is a comma-separated string or JSON + array. + +- `province` `(string: "")` – Specifies the ST (Province) values in the subject + field of the resulting CSR. This is a comma-separated string or JSON + array. + +- `street_address` `(string: "")` – Specifies the Street Address values in the + subject field of the resulting CSR. This is a comma-separated string + or JSON array. + +- `postal_code` `(string: "")` – Specifies the Postal Code values in the + subject field of the resulting CSR. This is a comma-separated string + or JSON array. + ### Sample Payload ```json @@ -553,6 +587,12 @@ need to request a new certificate.** in a comma-delimited list. Only valid if the role allows IP SANs (which is the default). +- `other_sans` `(string: "")` – Specifies custom OID/UTF8-string SANs. These + must match values specified on the role in `allowed_other_sans` (globbing + allowed). The format is the same as OpenSSL: `;:` where the + only current valid type is `UTF8`. This can be a comma-delimited list or a + JSON string slice. + - `ttl` `(string: "")` – Specifies requested Time To Live. Cannot be greater than the role's `max_ttl` value. If not provided, the role's `ttl` value will be used. Note that the role values default to system values if not explicitly @@ -720,6 +760,11 @@ request is denied. Alternative Names. No authorization checking is performed except to verify that the given values are valid IP addresses. +- `allowed_other_sans` `(string: "")` – Defines allowed custom OID/UTF8-string + SANs. This field supports globbing. The format is the same as OpenSSL: + `;:` where the only current valid type is `UTF8`. This can + be a comma-delimited list or a JSON string slice. + - `server_flag` `(bool: true)` – Specifies if certificates are flagged for server use. @@ -757,10 +802,32 @@ request is denied. `use_csr_common_name` for that. - `ou` `(string: "")` – Specifies the OU (OrganizationalUnit) values in the - subject field of issued certificates. This is a comma-separated string. + subject field of issued certificates. This is a comma-separated string or + JSON array. - `organization` `(string: "")` – Specifies the O (Organization) values in the - subject field of issued certificates. This is a comma-separated string. + subject field of issued certificates. This is a comma-separated string or + JSON array. + +- `country` `(string: "")` – Specifies the C (Country) values in the + subject field of issued certificates. This is a comma-separated string or + JSON array. + +- `locality` `(string: "")` – Specifies the L (Locality) values in the + subject field of issued certificates. This is a comma-separated string or + JSON array. + +- `province` `(string: "")` – Specifies the ST (Province) values in the + subject field of issued certificates. This is a comma-separated string or + JSON array. + +- `street_address` `(string: "")` – Specifies the Street Address values in the + subject field of issued certificates. This is a comma-separated string or + JSON array. + +- `postal_code` `(string: "")` – Specifies the Postal Code values in the + subject field of issued certificates. This is a comma-separated string or + JSON array. - `generate_lease` `(bool: false)` – Specifies if certificates issued/signed against this role will have Vault leases attached to them. Certificates can be @@ -935,6 +1002,12 @@ existing cert/key with new values. - `ip_sans` `(string: "")` – Specifies the requested IP Subject Alternative Names, in a comma-delimited list. +- `other_sans` `(string: "")` – Specifies custom OID/UTF8-string SANs. These + must match values specified on the role in `allowed_other_sans` (globbing + allowed). The format is the same as OpenSSL: `;:` where the + only current valid type is `UTF8`. This can be a comma-delimited list or a + JSON string slice. + - `ttl` `(string: "")` – Specifies the requested Time To Live (after which the certificate will be expired). This cannot be larger than the engine's max (or, if not set, the system max). @@ -973,6 +1046,34 @@ existing cert/key with new values. the domain, as per [RFC](https://tools.ietf.org/html/rfc5280#section-4.2.1.10). +- `ou` `(string: "")` – Specifies the OU (OrganizationalUnit) values in the + subject field of the resulting certificate. This is a comma-separated string + or JSON array. + +- `organization` `(string: "")` – Specifies the O (Organization) values in the + subject field of the resulting certificate. This is a comma-separated string + or JSON array. + +- `country` `(string: "")` – Specifies the C (Country) values in the subject + field of the resulting certificate. This is a comma-separated string or JSON + array. + +- `locality` `(string: "")` – Specifies the L (Locality) values in the subject + field of the resulting certificate. This is a comma-separated string or JSON + array. + +- `province` `(string: "")` – Specifies the ST (Province) values in the subject + field of the resulting certificate. This is a comma-separated string or JSON + array. + +- `street_address` `(string: "")` – Specifies the Street Address values in the + subject field of the resulting certificate. This is a comma-separated string + or JSON array. + +- `postal_code` `(string: "")` – Specifies the Postal Code values in the + subject field of the resulting certificate. This is a comma-separated string + or JSON array. + ### Sample Payload ```json @@ -1053,6 +1154,12 @@ verbatim. - `ip_sans` `(string: "")` – Specifies the requested IP Subject Alternative Names, in a comma-delimited list. +- `other_sans` `(string: "")` – Specifies custom OID/UTF8-string SANs. These + must match values specified on the role in `allowed_other_sans` (globbing + allowed). The format is the same as OpenSSL: `;:` where the + only current valid type is `UTF8`. This can be a comma-delimited list or a + JSON string slice. + - `ttl` `(string: "")` – Specifies the requested Time To Live (after which the certificate will be expired). This cannot be larger than the engine's max (or, if not set, the system max). However, this can be after the expiration of the @@ -1089,6 +1196,35 @@ verbatim. the domain, as per [RFC](https://tools.ietf.org/html/rfc5280#section-4.2.1.10). +- `ou` `(string: "")` – Specifies the OU (OrganizationalUnit) values in the + subject field of the resulting certificate. This is a comma-separated string + or JSON array. + +- `organization` `(string: "")` – Specifies the O (Organization) values in the + subject field of the resulting certificate. This is a comma-separated string + or JSON array. + +- `country` `(string: "")` – Specifies the C (Country) values in the subject + field of the resulting certificate. This is a comma-separated string or JSON + array. + +- `locality` `(string: "")` – Specifies the L (Locality) values in the subject + field of the resulting certificate. This is a comma-separated string or JSON + array. + +- `province` `(string: "")` – Specifies the ST (Province) values in the subject + field of the resulting certificate. This is a comma-separated string or JSON + array. + +- `street_address` `(string: "")` – Specifies the Street Address values in the + subject field of the resulting certificate. This is a comma-separated string + or JSON array. + +- `postal_code` `(string: "")` – Specifies the Postal Code values in the + subject field of the resulting certificate. This is a comma-separated string + or JSON array. + + ### Sample Payload ```json @@ -1207,6 +1343,12 @@ root CA need be in a client's trust store. they will be parsed into their respective fields. If any requested names do not match role policy, the entire request will be denied. +- `other_sans` `(string: "")` – Specifies custom OID/UTF8-string SANs. These + must match values specified on the role in `allowed_other_sans` (globbing + allowed). The format is the same as OpenSSL: `;:` where the + only current valid type is `UTF8`. This can be a comma-delimited list or a + JSON string slice. + - `ip_sans` `(string: "")` – Specifies the requested IP Subject Alternative Names, in a comma-delimited list. Only valid if the role allows IP SANs (which is the default). From 04eb86b799d1af84a268cee2ef9bbeba08f8d67f Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Fri, 16 Feb 2018 17:22:57 -0500 Subject: [PATCH 154/178] changelog++ --- CHANGELOG.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a66936cd791b..a2c7fec9dfa0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,10 @@ FEATURES: * **Manta Storage**: Joyent Triton Manta can now be used for Vault storage * **Google Cloud Spanner Storage**: Google Cloud Spanner can now be used for Vault storage + * **PKI Improvements**: Custom OID subject alternate names can now be set, + subject to allow restrictions that support globbing. Additionally, Country, + Locality, Province, Street Address, and Postal Code can now be set in + certificate subjects. IMPROVEMENTS: @@ -25,6 +29,11 @@ IMPROVEMENTS: once a minute. Too many leases can be problematic for many of the storage backends and often this number of leases is indicative of a need for workflow improvements. [GH-3957] + * secret/pki: Country, Locality, Province, Street Address, and Postal Code can + now be set on certificates [GH-3992] + * secret/pki: UTF-8 Other Names can now be set in Subject Alternate Names in + issued certs; allowed values can be set per role and support globbing + [GH-3889] * secret/pki: Add a flag to make the common name optional on certs [GH-3940] * secret/pki: Ensure only DNS-compatible names go into DNS SANs; additionally, properly handle IDNA transformations for these DNS names [GH-3953] From 1deaed2ffe2ba3c09e0121e771b24f6e258f46de Mon Sep 17 00:00:00 2001 From: Vishal Nayak Date: Fri, 16 Feb 2018 17:42:29 -0500 Subject: [PATCH 155/178] Verify DNS SANs if PermittedDNSDomains is set (#3982) * Verify DNS SANs if PermittedDNSDomains is set * Use DNSNames check and not PermittedDNSDomains on leaf certificate * Document the check * Add RFC link * Test for success case * fix the parameter name * rename the test * remove unneeded commented code --- builtin/credential/cert/backend_test.go | 224 +++++++++++++++++++++ builtin/credential/cert/path_login.go | 27 ++- website/source/api/auth/cert/index.html.md | 6 +- 3 files changed, 251 insertions(+), 6 deletions(-) diff --git a/builtin/credential/cert/backend_test.go b/builtin/credential/cert/backend_test.go index 62f1b4646081..1e23ee007588 100644 --- a/builtin/credential/cert/backend_test.go +++ b/builtin/credential/cert/backend_test.go @@ -3,6 +3,10 @@ package cert import ( "context" "crypto/rand" + "net/http" + + "golang.org/x/net/http2" + "crypto/rsa" "crypto/tls" "crypto/x509" @@ -17,11 +21,19 @@ import ( "testing" "time" + logxi "github.com/mgutz/logxi/v1" + + cleanhttp "github.com/hashicorp/go-cleanhttp" + "github.com/hashicorp/vault/api" + vaulthttp "github.com/hashicorp/vault/http" + "github.com/hashicorp/go-rootcerts" + "github.com/hashicorp/vault/builtin/logical/pki" "github.com/hashicorp/vault/helper/certutil" "github.com/hashicorp/vault/logical" "github.com/hashicorp/vault/logical/framework" logicaltest "github.com/hashicorp/vault/logical/testing" + "github.com/hashicorp/vault/vault" "github.com/mitchellh/mapstructure" ) @@ -142,6 +154,218 @@ func connectionState(serverCAPath, serverCertPath, serverKeyPath, clientCertPath return <-connState, nil } +func TestBackend_PermittedDNSDomainsIntermediateCA(t *testing.T) { + // Enable PKI secret engine and Cert auth method + coreConfig := &vault.CoreConfig{ + DisableMlock: true, + DisableCache: true, + Logger: logxi.NullLog, + CredentialBackends: map[string]logical.Factory{ + "cert": Factory, + }, + LogicalBackends: map[string]logical.Factory{ + "pki": pki.Factory, + }, + } + cluster := vault.NewTestCluster(t, coreConfig, &vault.TestClusterOptions{ + HandlerFunc: vaulthttp.Handler, + }) + cluster.Start() + defer cluster.Cleanup() + cores := cluster.Cores + vault.TestWaitActive(t, cores[0].Core) + client := cores[0].Client + + var err error + + // Mount /pki as a root CA + err = client.Sys().Mount("pki", &api.MountInput{ + Type: "pki", + Config: api.MountConfigInput{ + DefaultLeaseTTL: "16h", + MaxLeaseTTL: "32h", + }, + }) + if err != nil { + t.Fatal(err) + } + + // Set the cluster's certificate as the root CA in /pki + pemBundleRootCA := string(cluster.CACertPEM) + string(cluster.CAKeyPEM) + _, err = client.Logical().Write("pki/config/ca", map[string]interface{}{ + "pem_bundle": pemBundleRootCA, + }) + if err != nil { + t.Fatal(err) + } + + // Mount /pki2 to operate as an intermediate CA + err = client.Sys().Mount("pki2", &api.MountInput{ + Type: "pki", + Config: api.MountConfigInput{ + DefaultLeaseTTL: "16h", + MaxLeaseTTL: "32h", + }, + }) + if err != nil { + t.Fatal(err) + } + + // Create a CSR for the intermediate CA + secret, err := client.Logical().Write("pki2/intermediate/generate/internal", nil) + if err != nil { + t.Fatal(err) + } + intermediateCSR := secret.Data["csr"].(string) + + // Sign the intermediate CSR using /pki + secret, err = client.Logical().Write("pki/root/sign-intermediate", map[string]interface{}{ + "permitted_dns_domains": ".myvault.com", + "csr": intermediateCSR, + }) + if err != nil { + t.Fatal(err) + } + intermediateCertPEM := secret.Data["certificate"].(string) + + // Configure the intermediate cert as the CA in /pki2 + _, err = client.Logical().Write("pki2/intermediate/set-signed", map[string]interface{}{ + "certificate": intermediateCertPEM, + }) + if err != nil { + t.Fatal(err) + } + + // Create a role on the intermediate CA mount + _, err = client.Logical().Write("pki2/roles/myvault-dot-com", map[string]interface{}{ + "allowed_domains": "myvault.com", + "allow_subdomains": "true", + "max_ttl": "5m", + }) + if err != nil { + t.Fatal(err) + } + + // Issue a leaf cert using the intermediate CA + secret, err = client.Logical().Write("pki2/issue/myvault-dot-com", map[string]interface{}{ + "common_name": "cert.myvault.com", + "format": "pem", + "ip_sans": "127.0.0.1", + }) + if err != nil { + t.Fatal(err) + } + leafCertPEM := secret.Data["certificate"].(string) + leafCertKeyPEM := secret.Data["private_key"].(string) + + // Enable the cert auth method + err = client.Sys().EnableAuthWithOptions("cert", &api.EnableAuthOptions{ + Type: "cert", + }) + if err != nil { + t.Fatal(err) + } + + // Set the intermediate CA cert as a trusted certificate in the backend + _, err = client.Logical().Write("auth/cert/certs/myvault-dot-com", map[string]interface{}{ + "display_name": "myvault.com", + "policies": "default", + "certificate": intermediateCertPEM, + }) + if err != nil { + t.Fatal(err) + } + + // Create temporary files for CA cert, client cert and client cert key. + // This is used to configure TLS in the api client. + caCertFile, err := ioutil.TempFile("", "caCert") + if err != nil { + t.Fatal(err) + } + defer os.Remove(caCertFile.Name()) + if _, err := caCertFile.Write([]byte(cluster.CACertPEM)); err != nil { + t.Fatal(err) + } + if err := caCertFile.Close(); err != nil { + t.Fatal(err) + } + + leafCertFile, err := ioutil.TempFile("", "leafCert") + if err != nil { + t.Fatal(err) + } + defer os.Remove(leafCertFile.Name()) + if _, err := leafCertFile.Write([]byte(leafCertPEM)); err != nil { + t.Fatal(err) + } + if err := leafCertFile.Close(); err != nil { + t.Fatal(err) + } + + leafCertKeyFile, err := ioutil.TempFile("", "leafCertKey") + if err != nil { + t.Fatal(err) + } + defer os.Remove(leafCertKeyFile.Name()) + if _, err := leafCertKeyFile.Write([]byte(leafCertKeyPEM)); err != nil { + t.Fatal(err) + } + if err := leafCertKeyFile.Close(); err != nil { + t.Fatal(err) + } + + // This function is a copy-pasta from the NewTestCluster, with the + // modification to reconfigure the TLS on the api client with the leaf + // certificate generated above. + getAPIClient := func(port int, tlsConfig *tls.Config) *api.Client { + transport := cleanhttp.DefaultPooledTransport() + transport.TLSClientConfig = tlsConfig.Clone() + if err := http2.ConfigureTransport(transport); err != nil { + t.Fatal(err) + } + client := &http.Client{ + Transport: transport, + CheckRedirect: func(*http.Request, []*http.Request) error { + // This can of course be overridden per-test by using its own client + return fmt.Errorf("redirects not allowed in these tests") + }, + } + config := api.DefaultConfig() + if config.Error != nil { + t.Fatal(config.Error) + } + config.Address = fmt.Sprintf("https://127.0.0.1:%d", port) + config.HttpClient = client + + // Set the above issued certificates as the client certificates + config.ConfigureTLS(&api.TLSConfig{ + CACert: caCertFile.Name(), + ClientCert: leafCertFile.Name(), + ClientKey: leafCertKeyFile.Name(), + }) + + apiClient, err := api.NewClient(config) + if err != nil { + t.Fatal(err) + } + return apiClient + } + + // Create a new api client with the desired TLS configuration + newClient := getAPIClient(cores[0].Listeners[0].Address.Port, cores[0].TLSConfig) + + // Set the intermediate CA cert as a trusted certificate in the backend + secret, err = newClient.Logical().Write("auth/cert/login", map[string]interface{}{ + "name": "myvault-dot-com", + }) + if err != nil { + t.Fatal(err) + } + if secret.Auth == nil || secret.Auth.ClientToken == "" { + t.Fatalf("expected a successful authentication") + } +} + func TestBackend_NonCAExpiry(t *testing.T) { var resp *logical.Response var err error diff --git a/builtin/credential/cert/path_login.go b/builtin/credential/cert/path_login.go index d37e6c62300a..51f7b59fb526 100644 --- a/builtin/credential/cert/path_login.go +++ b/builtin/credential/cert/path_login.go @@ -439,12 +439,29 @@ func validateConnState(roots *x509.CertPool, cs *tls.ConnectionState) ([][]*x509 } } - chains, err := certs[0].Verify(opts) - if err != nil { - if _, ok := err.(x509.UnknownAuthorityError); ok { - return nil, nil + var chains [][]*x509.Certificate + var err error + switch { + case len(certs[0].DNSNames) > 0: + for _, dnsName := range certs[0].DNSNames { + opts.DNSName = dnsName + chains, err = certs[0].Verify(opts) + if err != nil { + if _, ok := err.(x509.UnknownAuthorityError); ok { + return nil, nil + } + return nil, errors.New("failed to verify client's certificate: " + err.Error()) + } + } + default: + chains, err = certs[0].Verify(opts) + if err != nil { + if _, ok := err.(x509.UnknownAuthorityError); ok { + return nil, nil + } + return nil, errors.New("failed to verify client's certificate: " + err.Error()) } - return nil, errors.New("failed to verify client's certificate: " + err.Error()) } + return chains, nil } diff --git a/website/source/api/auth/cert/index.html.md b/website/source/api/auth/cert/index.html.md index 7bba0ba32467..f1c6e4e998e6 100644 --- a/website/source/api/auth/cert/index.html.md +++ b/website/source/api/auth/cert/index.html.md @@ -299,7 +299,11 @@ $ curl \ ## Login with TLS Certificate Method Log in and fetch a token. If there is a valid chain to a CA configured in the -method and all role constraints are matched, a token will be issued. +method and all role constraints are matched, a token will be issued. If the +certificate has DNS SANs in it, each of those will be verified. If Common Name +is required to be verified, then it should be a fully qualified DNS domain name +and must be duplicated as a DNS SAN (see +https://tools.ietf.org/html/rfc6125#section-2.3) | Method | Path | Produces | | :------- | :--------------------------- | :--------------------- | From bd20fb9e8a9b08a5f784ee2f75dfc1bdb4c6b412 Mon Sep 17 00:00:00 2001 From: vishalnayak Date: Fri, 16 Feb 2018 17:46:04 -0500 Subject: [PATCH 156/178] changelog++ --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a2c7fec9dfa0..33955fd88397 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -49,6 +49,7 @@ BUG FIXES: * auth/approle: Cleanup of secret ID accessors during tidy and removal of dangling accessor entries [GH-3924] * auth/aws-ec2: Avoid masking of role tag response [GH-3941] + * auth/cert: Verify DNS SANs in the authenticating certificate [GH-3982] * auth/okta: Return configured durations as seconds, not nanoseconds [GH-3871] * auth/token: Token creation via the CLI no longer forces periodic token creation. Passing an explicit zero value for the period no longer create From d9be0e070779af58bf1e3fceb75788d842b61931 Mon Sep 17 00:00:00 2001 From: Brian Kassouf Date: Fri, 16 Feb 2018 17:41:01 -0800 Subject: [PATCH 157/178] plugin/grpc: Add RemoteAddr to the request object (#3997) --- logical/plugin/pb/backend.pb.go | 311 ++++++++++++++------------ logical/plugin/pb/backend.proto | 18 +- logical/plugin/pb/translation.go | 36 ++- logical/plugin/pb/translation_test.go | 3 + 4 files changed, 217 insertions(+), 151 deletions(-) diff --git a/logical/plugin/pb/backend.pb.go b/logical/plugin/pb/backend.pb.go index 622cf17babb2..7cebdd539e7b 100644 --- a/logical/plugin/pb/backend.pb.go +++ b/logical/plugin/pb/backend.pb.go @@ -48,6 +48,7 @@ It has these top-level messages: ResponseWrapDataReply MlockEnabledReply LocalMountReply + Connection */ package pb @@ -250,6 +251,10 @@ type Request struct { // attached. Useful in some situations where the client token is not made // accessible. Unauthenticated bool `sentinel:"" protobuf:"varint,19,opt,name=unauthenticated" json:"unauthenticated,omitempty"` + // Connection will be non-nil only for credential providers to + // inspect the connection information and potentially use it for + // authentication/protection. + Connection *Connection `sentinel:"" protobuf:"bytes,20,opt,name=connection" json:"connection,omitempty"` } func (m *Request) Reset() { *m = Request{} } @@ -390,6 +395,13 @@ func (m *Request) GetUnauthenticated() bool { return false } +func (m *Request) GetConnection() *Connection { + if m != nil { + return m.Connection + } + return nil +} + type Alias struct { // MountType is the backend mount's type to which this identity belongs MountType string `sentinel:"" protobuf:"bytes,1,opt,name=mount_type,json=mountType" json:"mount_type,omitempty"` @@ -1412,6 +1424,23 @@ func (m *LocalMountReply) GetLocal() bool { return false } +type Connection struct { + // RemoteAddr is the network address that sent the request. + RemoteAddr string `sentinel:"" protobuf:"bytes,1,opt,name=remote_addr,json=remoteAddr" json:"remote_addr,omitempty"` +} + +func (m *Connection) Reset() { *m = Connection{} } +func (m *Connection) String() string { return proto.CompactTextString(m) } +func (*Connection) ProtoMessage() {} +func (*Connection) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{40} } + +func (m *Connection) GetRemoteAddr() string { + if m != nil { + return m.RemoteAddr + } + return "" +} + func init() { proto.RegisterType((*Empty)(nil), "pb.Empty") proto.RegisterType((*Header)(nil), "pb.Header") @@ -1453,6 +1482,7 @@ func init() { proto.RegisterType((*ResponseWrapDataReply)(nil), "pb.ResponseWrapDataReply") proto.RegisterType((*MlockEnabledReply)(nil), "pb.MlockEnabledReply") proto.RegisterType((*LocalMountReply)(nil), "pb.LocalMountReply") + proto.RegisterType((*Connection)(nil), "pb.Connection") } // Reference imports to suppress errors if they are not otherwise used. @@ -1950,7 +1980,7 @@ type SystemViewClient interface { // SudoPrivilege returns true if given path has sudo privileges // for the given client token SudoPrivilege(ctx context.Context, in *SudoPrivilegeArgs, opts ...grpc.CallOption) (*SudoPrivilegeReply, error) - // Returns true if the mount is tainted. A mount is tainted if it is in the + // Tainted, returns true if the mount is tainted. A mount is tainted if it is in the // process of being unmounted. This should only be used in special // circumstances; a primary use-case is as a guard in revocation functions. // If revocation of a backend's leases fails it can keep the unmounting @@ -1959,8 +1989,8 @@ type SystemViewClient interface { // when the stored CRL will be removed during the unmounting process // anyways), we can ignore the errors to allow unmounting to complete. Tainted(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*TaintedReply, error) - // Returns true if caching is disabled. If true, no caches should be used, - // despite known slowdowns. + // CachingDisabled returns true if caching is disabled. If true, no caches + // should be used, despite known slowdowns. CachingDisabled(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*CachingDisabledReply, error) // ReplicationState indicates the state of cluster replication ReplicationState(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*ReplicationStateReply, error) @@ -1970,8 +2000,8 @@ type SystemViewClient interface { // MlockEnabled returns the configuration setting for enabling mlock on // plugins. MlockEnabled(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*MlockEnabledReply, error) - // When run from a system view attached to a request, indicates whether the - // request is affecting a local mount or not + // LocalMount, when run from a system view attached to a request, indicates + // whether the request is affecting a local mount or not LocalMount(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*LocalMountReply, error) } @@ -2076,7 +2106,7 @@ type SystemViewServer interface { // SudoPrivilege returns true if given path has sudo privileges // for the given client token SudoPrivilege(context.Context, *SudoPrivilegeArgs) (*SudoPrivilegeReply, error) - // Returns true if the mount is tainted. A mount is tainted if it is in the + // Tainted, returns true if the mount is tainted. A mount is tainted if it is in the // process of being unmounted. This should only be used in special // circumstances; a primary use-case is as a guard in revocation functions. // If revocation of a backend's leases fails it can keep the unmounting @@ -2085,8 +2115,8 @@ type SystemViewServer interface { // when the stored CRL will be removed during the unmounting process // anyways), we can ignore the errors to allow unmounting to complete. Tainted(context.Context, *Empty) (*TaintedReply, error) - // Returns true if caching is disabled. If true, no caches should be used, - // despite known slowdowns. + // CachingDisabled returns true if caching is disabled. If true, no caches + // should be used, despite known slowdowns. CachingDisabled(context.Context, *Empty) (*CachingDisabledReply, error) // ReplicationState indicates the state of cluster replication ReplicationState(context.Context, *Empty) (*ReplicationStateReply, error) @@ -2096,8 +2126,8 @@ type SystemViewServer interface { // MlockEnabled returns the configuration setting for enabling mlock on // plugins. MlockEnabled(context.Context, *Empty) (*MlockEnabledReply, error) - // When run from a system view attached to a request, indicates whether the - // request is affecting a local mount or not + // LocalMount, when run from a system view attached to a request, indicates + // whether the request is affecting a local mount or not LocalMount(context.Context, *Empty) (*LocalMountReply, error) } @@ -2315,133 +2345,136 @@ var _SystemView_serviceDesc = grpc.ServiceDesc{ func init() { proto.RegisterFile("logical/plugin/pb/backend.proto", fileDescriptor0) } var fileDescriptor0 = []byte{ - // 2042 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x58, 0x5f, 0x73, 0xdb, 0xc6, - 0x11, 0x1f, 0x92, 0x22, 0x09, 0x2e, 0x49, 0xfd, 0x39, 0xcb, 0x2e, 0x44, 0x3b, 0x15, 0x8b, 0x8c, - 0x15, 0xc6, 0xd3, 0x50, 0x36, 0xfb, 0xcf, 0x69, 0x27, 0xe9, 0xa8, 0xb2, 0xe2, 0xa8, 0x91, 0x12, - 0x0d, 0xa4, 0x36, 0xed, 0xb4, 0x33, 0xcc, 0x09, 0x58, 0x51, 0x18, 0x81, 0x00, 0x7a, 0x38, 0x48, - 0xe6, 0x53, 0x3f, 0x42, 0xdf, 0xd2, 0xaf, 0xd4, 0x99, 0x3e, 0xf7, 0x13, 0xf4, 0xbd, 0x0f, 0xfd, - 0x04, 0x9d, 0xfb, 0x03, 0xf0, 0x40, 0x52, 0xb5, 0x3b, 0xd3, 0xbc, 0xdd, 0xfe, 0x76, 0xef, 0xf6, - 0x6e, 0xb1, 0xfb, 0xdb, 0x3b, 0xc0, 0x6e, 0x18, 0x4f, 0x02, 0x8f, 0x86, 0xfb, 0x49, 0x98, 0x4d, - 0x82, 0x68, 0x3f, 0xb9, 0xdc, 0xbf, 0xa4, 0xde, 0x0d, 0x46, 0xfe, 0x30, 0x61, 0x31, 0x8f, 0x49, - 0x35, 0xb9, 0xec, 0xed, 0x4e, 0xe2, 0x78, 0x12, 0xe2, 0xbe, 0x44, 0x2e, 0xb3, 0xab, 0x7d, 0x1e, - 0x4c, 0x31, 0xe5, 0x74, 0x9a, 0x28, 0x23, 0xa7, 0x09, 0xf5, 0xa3, 0x69, 0xc2, 0x67, 0x4e, 0x1f, - 0x1a, 0x9f, 0x23, 0xf5, 0x91, 0x91, 0x47, 0xd0, 0xb8, 0x96, 0x23, 0xbb, 0xd2, 0xaf, 0x0d, 0x5a, - 0xae, 0x96, 0x9c, 0x3f, 0x00, 0x9c, 0x89, 0x39, 0x47, 0x8c, 0xc5, 0x8c, 0xec, 0x80, 0x85, 0x8c, - 0x8d, 0xf9, 0x2c, 0x41, 0xbb, 0xd2, 0xaf, 0x0c, 0xba, 0x6e, 0x13, 0x19, 0xbb, 0x98, 0x25, 0x48, - 0xbe, 0x07, 0x62, 0x38, 0x9e, 0xa6, 0x13, 0xbb, 0xda, 0xaf, 0x88, 0x15, 0x90, 0xb1, 0xd3, 0x74, - 0x92, 0xcf, 0xf1, 0x62, 0x1f, 0xed, 0x5a, 0xbf, 0x32, 0xa8, 0xc9, 0x39, 0x87, 0xb1, 0x8f, 0xce, - 0xb7, 0x15, 0xa8, 0x9f, 0x51, 0x7e, 0x9d, 0x12, 0x02, 0x6b, 0x2c, 0x8e, 0xb9, 0x76, 0x2e, 0xc7, - 0x64, 0x00, 0x1b, 0x59, 0x44, 0x33, 0x7e, 0x8d, 0x11, 0x0f, 0x3c, 0xca, 0xd1, 0xb7, 0xab, 0x52, - 0xbd, 0x08, 0x93, 0xf7, 0xa1, 0x1b, 0xc6, 0x1e, 0x0d, 0xc7, 0x29, 0x8f, 0x19, 0x9d, 0x08, 0x3f, - 0xc2, 0xae, 0x23, 0xc1, 0x73, 0x85, 0x91, 0x67, 0xb0, 0x95, 0x22, 0x0d, 0xc7, 0x77, 0x8c, 0x26, - 0x85, 0xe1, 0x9a, 0x5a, 0x50, 0x28, 0xbe, 0x66, 0x34, 0xd1, 0xb6, 0xce, 0x5f, 0x1a, 0xd0, 0x74, - 0xf1, 0x4f, 0x19, 0xa6, 0x9c, 0xac, 0x43, 0x35, 0xf0, 0xe5, 0x69, 0x5b, 0x6e, 0x35, 0xf0, 0xc9, - 0x10, 0x88, 0x8b, 0x49, 0x28, 0x5c, 0x07, 0x71, 0x74, 0x18, 0x66, 0x29, 0x47, 0xa6, 0xcf, 0xbc, - 0x42, 0x43, 0x9e, 0x40, 0x2b, 0x4e, 0x90, 0x49, 0x4c, 0x06, 0xa0, 0xe5, 0xce, 0x01, 0x71, 0xf0, - 0x84, 0xf2, 0x6b, 0x7b, 0x4d, 0x2a, 0xe4, 0x58, 0x60, 0x3e, 0xe5, 0xd4, 0xae, 0x2b, 0x4c, 0x8c, - 0x89, 0x03, 0x8d, 0x14, 0x3d, 0x86, 0xdc, 0x6e, 0xf4, 0x2b, 0x83, 0xf6, 0x08, 0x86, 0xc9, 0xe5, - 0xf0, 0x5c, 0x22, 0xae, 0xd6, 0x90, 0x27, 0xb0, 0x26, 0xe2, 0x62, 0x37, 0xa5, 0x85, 0x25, 0x2c, - 0x0e, 0x32, 0x7e, 0xed, 0x4a, 0x94, 0x8c, 0xa0, 0xa9, 0xbe, 0x69, 0x6a, 0x5b, 0xfd, 0xda, 0xa0, - 0x3d, 0xb2, 0x85, 0x81, 0x3e, 0xe5, 0x50, 0xa5, 0x41, 0x7a, 0x14, 0x71, 0x36, 0x73, 0x73, 0x43, - 0xf2, 0x03, 0xe8, 0x78, 0x61, 0x80, 0x11, 0x1f, 0xf3, 0xf8, 0x06, 0x23, 0xbb, 0x25, 0x77, 0xd4, - 0x56, 0xd8, 0x85, 0x80, 0xc8, 0x08, 0x1e, 0x9a, 0x26, 0x63, 0xea, 0x79, 0x98, 0xa6, 0x31, 0xb3, - 0x41, 0xda, 0x3e, 0x30, 0x6c, 0x0f, 0xb4, 0x4a, 0x2c, 0xeb, 0x07, 0x69, 0x12, 0xd2, 0xd9, 0x38, - 0xa2, 0x53, 0xb4, 0xdb, 0x6a, 0x59, 0x8d, 0x7d, 0x49, 0xa7, 0x48, 0x76, 0xa1, 0x3d, 0x8d, 0xb3, - 0x88, 0x8f, 0x93, 0x38, 0x88, 0xb8, 0xdd, 0x91, 0x16, 0x20, 0xa1, 0x33, 0x81, 0x90, 0xf7, 0x40, - 0x49, 0x2a, 0x19, 0xbb, 0x2a, 0xae, 0x12, 0x91, 0xe9, 0xf8, 0x14, 0xd6, 0x95, 0xba, 0xd8, 0xcf, - 0xba, 0x34, 0xe9, 0x4a, 0xb4, 0xd8, 0xc9, 0x73, 0x68, 0xc9, 0x7c, 0x08, 0xa2, 0xab, 0xd8, 0xde, - 0x90, 0x71, 0x7b, 0x60, 0x84, 0x45, 0xe4, 0xc4, 0x71, 0x74, 0x15, 0xbb, 0xd6, 0x9d, 0x1e, 0x91, - 0x4f, 0xe0, 0x71, 0xe9, 0xbc, 0x0c, 0xa7, 0x34, 0x88, 0x82, 0x68, 0x32, 0xce, 0x52, 0x4c, 0xed, - 0x4d, 0x99, 0xe1, 0xb6, 0x71, 0x6a, 0x37, 0x37, 0xf8, 0x4d, 0x8a, 0x29, 0x79, 0x0c, 0x2d, 0x91, - 0xb7, 0x7c, 0x36, 0x0e, 0x7c, 0x7b, 0x4b, 0x6e, 0xc9, 0x52, 0xc0, 0xb1, 0x4f, 0x3e, 0x80, 0x8d, - 0x24, 0x0e, 0x03, 0x6f, 0x36, 0x8e, 0x6f, 0x91, 0xb1, 0xc0, 0x47, 0x9b, 0xf4, 0x2b, 0x03, 0xcb, - 0x5d, 0x57, 0xf0, 0x57, 0x1a, 0x5d, 0x55, 0x1a, 0x0f, 0xa4, 0xe1, 0x22, 0xdc, 0xfb, 0x0c, 0x3a, - 0xe6, 0xa7, 0x25, 0x9b, 0x50, 0xbb, 0xc1, 0x99, 0x4e, 0x67, 0x31, 0x24, 0x7d, 0xa8, 0xdf, 0xd2, - 0x30, 0x43, 0x99, 0xc2, 0x3a, 0xb1, 0xd4, 0x14, 0x57, 0x29, 0x7e, 0x5e, 0x7d, 0x59, 0x71, 0x28, - 0xd4, 0x0f, 0xc2, 0x80, 0xa6, 0x0b, 0x71, 0xaf, 0xbc, 0x3d, 0xee, 0xd5, 0x55, 0x71, 0x27, 0xb0, - 0x26, 0xbf, 0xbc, 0xaa, 0x07, 0x39, 0x76, 0xfe, 0x5d, 0x83, 0x35, 0x91, 0xaf, 0xe4, 0x27, 0xd0, - 0x0d, 0x91, 0xa6, 0x38, 0x8e, 0x13, 0x51, 0x23, 0xa9, 0xf4, 0xd2, 0x1e, 0x6d, 0x8a, 0x9d, 0x9d, - 0x08, 0xc5, 0x57, 0x0a, 0x77, 0x3b, 0xa1, 0x21, 0x09, 0x16, 0x08, 0x22, 0x8e, 0x2c, 0xa2, 0xe1, - 0x58, 0xd6, 0x8f, 0xf2, 0xdc, 0xc9, 0xc1, 0x57, 0xa2, 0x8e, 0x16, 0x53, 0xaf, 0xb6, 0x9c, 0x7a, - 0x3d, 0xb0, 0x64, 0xb8, 0x03, 0x4c, 0x35, 0x3f, 0x14, 0x32, 0x19, 0x81, 0x35, 0x45, 0x4e, 0x75, - 0x79, 0x8a, 0x2a, 0x7a, 0x94, 0x97, 0xd9, 0xf0, 0x54, 0x2b, 0x54, 0x0d, 0x15, 0x76, 0x4b, 0x45, - 0xd4, 0x58, 0x2e, 0xa2, 0x1e, 0x58, 0x45, 0xbc, 0x9a, 0x2a, 0x29, 0x72, 0x59, 0x30, 0x73, 0x82, - 0x2c, 0x88, 0x7d, 0xdb, 0x92, 0xb9, 0xa5, 0x25, 0xc1, 0xab, 0x51, 0x36, 0x55, 0x59, 0xd7, 0x52, - 0xbc, 0x1a, 0x65, 0xd3, 0xe5, 0x24, 0x83, 0x85, 0x24, 0xdb, 0x85, 0x3a, 0x15, 0x5f, 0x52, 0x56, - 0x5d, 0x7b, 0xd4, 0x92, 0xfb, 0x17, 0x80, 0xab, 0x70, 0x32, 0x84, 0xee, 0x84, 0xc5, 0x59, 0x32, - 0x96, 0x22, 0xa6, 0x76, 0x47, 0x1e, 0xd4, 0x30, 0xec, 0x48, 0xfd, 0x81, 0x52, 0xf7, 0x7e, 0x01, - 0xdd, 0xd2, 0xd1, 0x57, 0xe4, 0xd8, 0xb6, 0x99, 0x63, 0x2d, 0x33, 0xaf, 0xfe, 0x5a, 0x81, 0x8e, - 0xf9, 0x4d, 0xc5, 0xe4, 0x8b, 0x8b, 0x13, 0x39, 0xb9, 0xe6, 0x8a, 0xa1, 0x20, 0x50, 0x86, 0x11, - 0xde, 0xd1, 0xcb, 0x50, 0x2d, 0x60, 0xb9, 0x73, 0x40, 0x68, 0x83, 0xc8, 0x63, 0x38, 0xc5, 0x88, - 0xeb, 0xfe, 0x32, 0x07, 0xc8, 0xc7, 0x00, 0x41, 0x9a, 0x66, 0x38, 0x16, 0x2d, 0x50, 0x92, 0x6c, - 0x7b, 0xd4, 0x1b, 0xaa, 0xfe, 0x38, 0xcc, 0xfb, 0xe3, 0xf0, 0x22, 0xef, 0x8f, 0x6e, 0x4b, 0x5a, - 0x0b, 0xd9, 0xf9, 0x33, 0x34, 0x14, 0xbf, 0x7e, 0xa7, 0xf9, 0xb8, 0x03, 0x96, 0x5a, 0x3b, 0xf0, - 0x75, 0x2e, 0x36, 0xa5, 0x7c, 0xec, 0x3b, 0x7f, 0xaf, 0x80, 0xe5, 0x62, 0x9a, 0xc4, 0x51, 0x8a, - 0x06, 0xff, 0x57, 0xde, 0xca, 0xff, 0xd5, 0x95, 0xfc, 0x9f, 0x77, 0x95, 0x9a, 0xd1, 0x55, 0x7a, - 0x60, 0x31, 0xf4, 0x03, 0x86, 0x1e, 0xd7, 0x1d, 0xa8, 0x90, 0x85, 0xee, 0x8e, 0x32, 0x41, 0x5c, - 0xa9, 0x4c, 0xf5, 0x96, 0x5b, 0xc8, 0xe4, 0x85, 0x49, 0x9b, 0xaa, 0x21, 0x6d, 0x2b, 0xda, 0x54, - 0xdb, 0x5d, 0xe6, 0x4d, 0xe7, 0x6f, 0x55, 0xd8, 0x5c, 0x54, 0xaf, 0xf8, 0xd8, 0xdb, 0x50, 0x57, - 0x55, 0xa2, 0x33, 0x85, 0x2f, 0xd5, 0x47, 0x6d, 0xa1, 0x3e, 0x7e, 0x09, 0x5d, 0x8f, 0xa1, 0xec, - 0xa6, 0xef, 0xfa, 0x95, 0x3b, 0xf9, 0x04, 0x01, 0x91, 0x0f, 0x61, 0x53, 0xec, 0x32, 0x41, 0x7f, - 0x4e, 0x5a, 0xaa, 0xf5, 0x6e, 0x68, 0xbc, 0xa0, 0xad, 0x67, 0xb0, 0x95, 0x9b, 0xce, 0x0b, 0xac, - 0x51, 0xb2, 0x3d, 0xca, 0xeb, 0xec, 0x11, 0x34, 0xae, 0x62, 0x36, 0xa5, 0x5c, 0x57, 0xb4, 0x96, - 0x44, 0x5a, 0x14, 0xfb, 0x95, 0xad, 0xdf, 0x52, 0x69, 0x91, 0x83, 0xe2, 0x42, 0x24, 0x2a, 0xb8, - 0xb8, 0xac, 0xc8, 0xea, 0xb6, 0x5c, 0x2b, 0xbf, 0xa4, 0x38, 0xbf, 0x83, 0x8d, 0x85, 0xfe, 0xb4, - 0x22, 0x90, 0x73, 0xf7, 0xd5, 0x92, 0xfb, 0xd2, 0xca, 0xb5, 0x85, 0x95, 0x7f, 0x0f, 0x5b, 0x9f, - 0xd3, 0xc8, 0x0f, 0x51, 0xaf, 0x7f, 0xc0, 0x26, 0x92, 0xf1, 0xf5, 0x75, 0x69, 0xac, 0x2f, 0x42, - 0x5d, 0xb7, 0xa5, 0x91, 0x63, 0x9f, 0x3c, 0x85, 0x26, 0x53, 0xd6, 0x3a, 0xf1, 0xda, 0x46, 0x03, - 0x75, 0x73, 0x9d, 0xf3, 0x0d, 0x90, 0xd2, 0xd2, 0xe2, 0xa6, 0x34, 0x23, 0x03, 0x91, 0x80, 0x2a, - 0x29, 0x74, 0x62, 0x77, 0xcc, 0x3c, 0x72, 0x0b, 0x2d, 0xe9, 0x43, 0x0d, 0x19, 0xd3, 0x2e, 0xd6, - 0x85, 0xd1, 0xfc, 0x5e, 0xea, 0x0a, 0x95, 0xf3, 0x63, 0xd8, 0x3a, 0x4f, 0xd0, 0x0b, 0x68, 0x28, - 0xef, 0x94, 0xca, 0xc1, 0x2e, 0xd4, 0x45, 0x90, 0xf3, 0x9a, 0x95, 0x24, 0xa6, 0xd4, 0x0a, 0x77, - 0xbe, 0x01, 0x5b, 0xed, 0xeb, 0xe8, 0x4d, 0x90, 0x72, 0x8c, 0x3c, 0x3c, 0xbc, 0x46, 0xef, 0xe6, - 0xff, 0x78, 0xf2, 0x5b, 0xd8, 0x59, 0xe5, 0x21, 0xdf, 0x5f, 0xdb, 0x13, 0xd2, 0xf8, 0x2a, 0xce, - 0x22, 0xe5, 0xc3, 0x72, 0x41, 0x42, 0x9f, 0x09, 0x44, 0x7c, 0x47, 0x14, 0xf3, 0x52, 0x4d, 0x7d, - 0x5a, 0xca, 0xe3, 0x51, 0xbb, 0x3f, 0x1e, 0xdf, 0x56, 0xa0, 0x75, 0x8e, 0x3c, 0x4b, 0xe4, 0x59, - 0x1e, 0x43, 0xeb, 0x92, 0xc5, 0x37, 0xc8, 0xe6, 0x47, 0xb1, 0x14, 0x70, 0xec, 0x93, 0x17, 0xd0, - 0x38, 0x8c, 0xa3, 0xab, 0x60, 0x22, 0x6f, 0xd8, 0xed, 0xd1, 0x8e, 0x62, 0x17, 0x3d, 0x77, 0xa8, - 0x74, 0xaa, 0xaf, 0x69, 0xc3, 0xde, 0xc7, 0xd0, 0x36, 0xe0, 0xff, 0x89, 0xf3, 0xbf, 0x0f, 0x20, - 0xd7, 0x56, 0x11, 0xd8, 0x54, 0x07, 0xd1, 0x33, 0xc5, 0xc6, 0x77, 0xa1, 0x25, 0xee, 0x12, 0x4a, - 0x4d, 0x60, 0xcd, 0x78, 0x6e, 0xc8, 0xb1, 0xf3, 0x14, 0xb6, 0x8e, 0xa3, 0x5b, 0x1a, 0x06, 0x3e, - 0xe5, 0xf8, 0x05, 0xce, 0xe4, 0x01, 0x97, 0x76, 0xe0, 0x9c, 0x43, 0x47, 0x5f, 0xe8, 0xdf, 0x69, - 0x8f, 0x1d, 0xbd, 0xc7, 0xff, 0x5e, 0x22, 0x1f, 0xc2, 0x86, 0x5e, 0xf4, 0x24, 0xd0, 0x05, 0x22, - 0x3a, 0x34, 0xc3, 0xab, 0xe0, 0x8d, 0x5e, 0x5a, 0x4b, 0xce, 0x4b, 0xd8, 0x34, 0x4c, 0x8b, 0xe3, - 0xdc, 0xe0, 0x2c, 0xcd, 0x1f, 0x3a, 0x62, 0x9c, 0x47, 0xa0, 0x3a, 0x8f, 0x80, 0x03, 0xeb, 0x7a, - 0xe6, 0x6b, 0xe4, 0xf7, 0x9c, 0xee, 0x8b, 0x62, 0x23, 0xaf, 0x51, 0x2f, 0xbe, 0x07, 0x75, 0x14, - 0x27, 0x35, 0x1b, 0x94, 0x19, 0x01, 0x57, 0xa9, 0x57, 0x38, 0x7c, 0x59, 0x38, 0x3c, 0xcb, 0x94, - 0xc3, 0x77, 0x5c, 0xcb, 0x79, 0xbf, 0xd8, 0xc6, 0x59, 0xc6, 0xef, 0xfb, 0xa2, 0x4f, 0x61, 0x4b, - 0x1b, 0xbd, 0xc2, 0x10, 0x39, 0xde, 0x73, 0xa4, 0x3d, 0x20, 0x25, 0xb3, 0xfb, 0x96, 0x7b, 0x02, - 0xd6, 0xc5, 0xc5, 0x49, 0xa1, 0x2d, 0x33, 0x9f, 0xf3, 0x09, 0x6c, 0x9d, 0x67, 0x7e, 0x7c, 0xc6, - 0x82, 0xdb, 0x20, 0xc4, 0x89, 0x72, 0x96, 0xbf, 0xb3, 0x2a, 0xc6, 0x3b, 0x6b, 0x65, 0xaf, 0x71, - 0x06, 0x40, 0x4a, 0xd3, 0x8b, 0xef, 0x96, 0x66, 0x7e, 0xac, 0x0b, 0x54, 0x8e, 0x9d, 0x01, 0x74, - 0x2e, 0xa8, 0xe8, 0xe6, 0xbe, 0xb2, 0xb1, 0xa1, 0xc9, 0x95, 0xac, 0xcd, 0x72, 0xd1, 0x19, 0xc1, - 0xf6, 0x21, 0xf5, 0xae, 0x83, 0x68, 0xf2, 0x2a, 0x48, 0xc5, 0xb5, 0x45, 0xcf, 0xe8, 0x81, 0xe5, - 0x6b, 0x40, 0x4f, 0x29, 0x64, 0xe7, 0x23, 0x78, 0x68, 0xbc, 0x26, 0xcf, 0x39, 0xcd, 0xe3, 0xb1, - 0x0d, 0xf5, 0x54, 0x48, 0x72, 0x46, 0xdd, 0x55, 0x82, 0xf3, 0x25, 0x6c, 0x9b, 0xed, 0x55, 0x5c, - 0x2e, 0xf2, 0x83, 0xcb, 0xb6, 0x5f, 0x31, 0xda, 0xbe, 0x8e, 0x59, 0x75, 0xde, 0x2d, 0x36, 0xa1, - 0xf6, 0xeb, 0xaf, 0x2f, 0x74, 0xb2, 0x8b, 0xa1, 0xf3, 0x47, 0xe1, 0xbe, 0xbc, 0x9e, 0x72, 0x5f, - 0xea, 0xfd, 0x95, 0x77, 0xe9, 0xfd, 0x2b, 0xf2, 0xed, 0x23, 0xd8, 0x3a, 0x0d, 0x63, 0xef, 0xe6, - 0x28, 0x32, 0xa2, 0x61, 0x43, 0x13, 0x23, 0x33, 0x18, 0xb9, 0xe8, 0x7c, 0x00, 0x1b, 0x27, 0xe2, - 0x2d, 0x7f, 0x2a, 0x1e, 0x11, 0x45, 0x14, 0xe4, 0xf3, 0x5e, 0x9b, 0x2a, 0x61, 0xf4, 0xaf, 0x2a, - 0x34, 0x7f, 0xa5, 0x7e, 0x88, 0x90, 0x4f, 0xa1, 0x5b, 0xea, 0x38, 0xe4, 0xa1, 0x7c, 0xda, 0x2c, - 0xf6, 0xb7, 0xde, 0xa3, 0x25, 0x58, 0x79, 0x78, 0x0e, 0x1d, 0xb3, 0x9f, 0x10, 0xd9, 0x3b, 0xe4, - 0x7f, 0x93, 0x9e, 0x5c, 0x69, 0xb9, 0xd9, 0x9c, 0xc3, 0xf6, 0x2a, 0xa6, 0x27, 0x4f, 0xe6, 0x1e, - 0x96, 0xbb, 0x4c, 0xef, 0xbd, 0xfb, 0xb4, 0x79, 0x87, 0x68, 0x1e, 0x86, 0x48, 0xa3, 0x2c, 0x31, - 0x77, 0x30, 0x1f, 0x92, 0x17, 0xd0, 0x2d, 0xb1, 0xa1, 0x3a, 0xe7, 0x12, 0x41, 0x9a, 0x53, 0xf6, - 0xa0, 0x2e, 0x19, 0x98, 0x74, 0x4b, 0x44, 0xdf, 0x5b, 0x2f, 0x44, 0xe5, 0xbb, 0x0f, 0x6b, 0xf2, - 0x55, 0x67, 0x38, 0x96, 0x33, 0x0a, 0x7a, 0x1e, 0xfd, 0xa3, 0x02, 0xcd, 0xfc, 0x0f, 0xcb, 0x0b, - 0x58, 0x13, 0x44, 0x47, 0x1e, 0x18, 0x5c, 0x91, 0x93, 0x64, 0x6f, 0x7b, 0x01, 0x54, 0x0e, 0x86, - 0x50, 0x7b, 0x8d, 0x9c, 0x10, 0x43, 0xa9, 0x19, 0xaf, 0xf7, 0xa0, 0x8c, 0x15, 0xf6, 0x67, 0x59, - 0xd9, 0x5e, 0x13, 0x56, 0xc9, 0xbe, 0xa0, 0xa2, 0x9f, 0x41, 0x43, 0x51, 0x89, 0x0a, 0xca, 0x12, - 0x09, 0xa9, 0x8f, 0xbf, 0x4c, 0x3a, 0xa3, 0x7f, 0xd6, 0x00, 0xce, 0x67, 0x29, 0xc7, 0xe9, 0x6f, - 0x03, 0xbc, 0x23, 0xcf, 0x60, 0xe3, 0x15, 0x5e, 0xd1, 0x2c, 0xe4, 0xf2, 0xc2, 0x2f, 0x4a, 0xc6, - 0x88, 0x89, 0xbc, 0xb3, 0x14, 0x8c, 0xb4, 0x07, 0xed, 0x53, 0xfa, 0xe6, 0xed, 0x76, 0x9f, 0x42, - 0xb7, 0x44, 0x34, 0x7a, 0x8b, 0x8b, 0xd4, 0xa5, 0xb7, 0xb8, 0x4c, 0x49, 0x7b, 0xd0, 0xd4, 0xf4, - 0x63, 0xfa, 0x90, 0x44, 0x5d, 0xa2, 0xa5, 0x9f, 0xc2, 0xc6, 0x02, 0xf9, 0x98, 0xf6, 0xf2, 0x2f, - 0xd0, 0x4a, 0x72, 0x7a, 0x29, 0x2e, 0xec, 0x65, 0x02, 0x32, 0x27, 0xee, 0xa8, 0xa2, 0x5f, 0xc5, - 0x50, 0xaf, 0xcb, 0x57, 0x7d, 0xf9, 0xd0, 0xb1, 0x17, 0x39, 0x22, 0x67, 0xa8, 0x7c, 0xa1, 0x55, - 0x5c, 0xf3, 0x1c, 0x3a, 0x26, 0x4d, 0x2c, 0x95, 0xe0, 0x32, 0x87, 0xfc, 0x10, 0x60, 0xce, 0x14, - 0xa6, 0xbd, 0x4c, 0x8f, 0x05, 0x12, 0xb9, 0x6c, 0xc8, 0xc7, 0xc1, 0x8f, 0xfe, 0x13, 0x00, 0x00, - 0xff, 0xff, 0x54, 0xbe, 0x6c, 0x5a, 0x57, 0x15, 0x00, 0x00, + // 2085 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x58, 0x5b, 0x73, 0xdb, 0xc6, + 0xf5, 0x1f, 0x92, 0x22, 0x09, 0x1e, 0x92, 0xba, 0xac, 0x65, 0xff, 0x21, 0xda, 0xf9, 0x8b, 0x45, + 0xc6, 0x0a, 0xe3, 0xa9, 0x29, 0x9b, 0xbd, 0x39, 0xed, 0x24, 0x1d, 0x55, 0x56, 0x1c, 0x35, 0x52, + 0xa2, 0x81, 0xd4, 0xa6, 0x9d, 0x76, 0x86, 0x59, 0x01, 0x47, 0x14, 0x46, 0x20, 0x80, 0x2e, 0x16, + 0x92, 0xf9, 0xd4, 0x6f, 0x91, 0x7e, 0x9c, 0xbe, 0x76, 0xa6, 0xcf, 0xfd, 0x04, 0x7d, 0xef, 0x43, + 0x3f, 0x41, 0x67, 0x2f, 0x00, 0x17, 0x24, 0x55, 0xbb, 0x33, 0xed, 0xdb, 0x9e, 0xcb, 0xee, 0xb9, + 0xe0, 0x9c, 0xdf, 0xd9, 0x05, 0xec, 0x86, 0xf1, 0x24, 0xf0, 0x68, 0xb8, 0x9f, 0x84, 0xd9, 0x24, + 0x88, 0xf6, 0x93, 0xcb, 0xfd, 0x4b, 0xea, 0xdd, 0x60, 0xe4, 0x0f, 0x13, 0x16, 0xf3, 0x98, 0x54, + 0x93, 0xcb, 0xde, 0xee, 0x24, 0x8e, 0x27, 0x21, 0xee, 0x4b, 0xce, 0x65, 0x76, 0xb5, 0xcf, 0x83, + 0x29, 0xa6, 0x9c, 0x4e, 0x13, 0xa5, 0xe4, 0x34, 0xa1, 0x7e, 0x34, 0x4d, 0xf8, 0xcc, 0xe9, 0x43, + 0xe3, 0x0b, 0xa4, 0x3e, 0x32, 0xf2, 0x08, 0x1a, 0xd7, 0x72, 0x65, 0x57, 0xfa, 0xb5, 0x41, 0xcb, + 0xd5, 0x94, 0xf3, 0x3b, 0x80, 0x33, 0xb1, 0xe7, 0x88, 0xb1, 0x98, 0x91, 0x1d, 0xb0, 0x90, 0xb1, + 0x31, 0x9f, 0x25, 0x68, 0x57, 0xfa, 0x95, 0x41, 0xd7, 0x6d, 0x22, 0x63, 0x17, 0xb3, 0x04, 0xc9, + 0xff, 0x81, 0x58, 0x8e, 0xa7, 0xe9, 0xc4, 0xae, 0xf6, 0x2b, 0xe2, 0x04, 0x64, 0xec, 0x34, 0x9d, + 0xe4, 0x7b, 0xbc, 0xd8, 0x47, 0xbb, 0xd6, 0xaf, 0x0c, 0x6a, 0x72, 0xcf, 0x61, 0xec, 0xa3, 0xf3, + 0x5d, 0x05, 0xea, 0x67, 0x94, 0x5f, 0xa7, 0x84, 0xc0, 0x1a, 0x8b, 0x63, 0xae, 0x8d, 0xcb, 0x35, + 0x19, 0xc0, 0x46, 0x16, 0xd1, 0x8c, 0x5f, 0x63, 0xc4, 0x03, 0x8f, 0x72, 0xf4, 0xed, 0xaa, 0x14, + 0x2f, 0xb2, 0xc9, 0x87, 0xd0, 0x0d, 0x63, 0x8f, 0x86, 0xe3, 0x94, 0xc7, 0x8c, 0x4e, 0x84, 0x1d, + 0xa1, 0xd7, 0x91, 0xcc, 0x73, 0xc5, 0x23, 0xcf, 0x60, 0x2b, 0x45, 0x1a, 0x8e, 0xef, 0x18, 0x4d, + 0x0a, 0xc5, 0x35, 0x75, 0xa0, 0x10, 0x7c, 0xc3, 0x68, 0xa2, 0x75, 0x9d, 0x3f, 0x37, 0xa0, 0xe9, + 0xe2, 0x1f, 0x32, 0x4c, 0x39, 0x59, 0x87, 0x6a, 0xe0, 0xcb, 0x68, 0x5b, 0x6e, 0x35, 0xf0, 0xc9, + 0x10, 0x88, 0x8b, 0x49, 0x28, 0x4c, 0x07, 0x71, 0x74, 0x18, 0x66, 0x29, 0x47, 0xa6, 0x63, 0x5e, + 0x21, 0x21, 0x4f, 0xa0, 0x15, 0x27, 0xc8, 0x24, 0x4f, 0x26, 0xa0, 0xe5, 0xce, 0x19, 0x22, 0xf0, + 0x84, 0xf2, 0x6b, 0x7b, 0x4d, 0x0a, 0xe4, 0x5a, 0xf0, 0x7c, 0xca, 0xa9, 0x5d, 0x57, 0x3c, 0xb1, + 0x26, 0x0e, 0x34, 0x52, 0xf4, 0x18, 0x72, 0xbb, 0xd1, 0xaf, 0x0c, 0xda, 0x23, 0x18, 0x26, 0x97, + 0xc3, 0x73, 0xc9, 0x71, 0xb5, 0x84, 0x3c, 0x81, 0x35, 0x91, 0x17, 0xbb, 0x29, 0x35, 0x2c, 0xa1, + 0x71, 0x90, 0xf1, 0x6b, 0x57, 0x72, 0xc9, 0x08, 0x9a, 0xea, 0x9b, 0xa6, 0xb6, 0xd5, 0xaf, 0x0d, + 0xda, 0x23, 0x5b, 0x28, 0xe8, 0x28, 0x87, 0xaa, 0x0c, 0xd2, 0xa3, 0x88, 0xb3, 0x99, 0x9b, 0x2b, + 0x92, 0xef, 0x41, 0xc7, 0x0b, 0x03, 0x8c, 0xf8, 0x98, 0xc7, 0x37, 0x18, 0xd9, 0x2d, 0xe9, 0x51, + 0x5b, 0xf1, 0x2e, 0x04, 0x8b, 0x8c, 0xe0, 0xa1, 0xa9, 0x32, 0xa6, 0x9e, 0x87, 0x69, 0x1a, 0x33, + 0x1b, 0xa4, 0xee, 0x03, 0x43, 0xf7, 0x40, 0x8b, 0xc4, 0xb1, 0x7e, 0x90, 0x26, 0x21, 0x9d, 0x8d, + 0x23, 0x3a, 0x45, 0xbb, 0xad, 0x8e, 0xd5, 0xbc, 0xaf, 0xe8, 0x14, 0xc9, 0x2e, 0xb4, 0xa7, 0x71, + 0x16, 0xf1, 0x71, 0x12, 0x07, 0x11, 0xb7, 0x3b, 0x52, 0x03, 0x24, 0xeb, 0x4c, 0x70, 0xc8, 0x07, + 0xa0, 0x28, 0x55, 0x8c, 0x5d, 0x95, 0x57, 0xc9, 0x91, 0xe5, 0xf8, 0x14, 0xd6, 0x95, 0xb8, 0xf0, + 0x67, 0x5d, 0xaa, 0x74, 0x25, 0xb7, 0xf0, 0xe4, 0x05, 0xb4, 0x64, 0x3d, 0x04, 0xd1, 0x55, 0x6c, + 0x6f, 0xc8, 0xbc, 0x3d, 0x30, 0xd2, 0x22, 0x6a, 0xe2, 0x38, 0xba, 0x8a, 0x5d, 0xeb, 0x4e, 0xaf, + 0xc8, 0xa7, 0xf0, 0xb8, 0x14, 0x2f, 0xc3, 0x29, 0x0d, 0xa2, 0x20, 0x9a, 0x8c, 0xb3, 0x14, 0x53, + 0x7b, 0x53, 0x56, 0xb8, 0x6d, 0x44, 0xed, 0xe6, 0x0a, 0xbf, 0x4a, 0x31, 0x25, 0x8f, 0xa1, 0x25, + 0xea, 0x96, 0xcf, 0xc6, 0x81, 0x6f, 0x6f, 0x49, 0x97, 0x2c, 0xc5, 0x38, 0xf6, 0xc9, 0x47, 0xb0, + 0x91, 0xc4, 0x61, 0xe0, 0xcd, 0xc6, 0xf1, 0x2d, 0x32, 0x16, 0xf8, 0x68, 0x93, 0x7e, 0x65, 0x60, + 0xb9, 0xeb, 0x8a, 0xfd, 0xb5, 0xe6, 0xae, 0x6a, 0x8d, 0x07, 0x52, 0x71, 0xa9, 0x35, 0x86, 0x00, + 0x5e, 0x1c, 0x45, 0xe8, 0xc9, 0xf2, 0xdb, 0x96, 0x11, 0xae, 0x8b, 0x08, 0x0f, 0x0b, 0xae, 0x6b, + 0x68, 0xf4, 0x3e, 0x87, 0x8e, 0x59, 0x0a, 0x64, 0x13, 0x6a, 0x37, 0x38, 0xd3, 0xe5, 0x2f, 0x96, + 0xa4, 0x0f, 0xf5, 0x5b, 0x1a, 0x66, 0x28, 0x4b, 0x5e, 0x17, 0xa2, 0xda, 0xe2, 0x2a, 0xc1, 0x4f, + 0xab, 0xaf, 0x2a, 0x0e, 0x85, 0xfa, 0x41, 0x18, 0xd0, 0x74, 0xe1, 0x3b, 0x55, 0xde, 0xfd, 0x9d, + 0xaa, 0xab, 0xbe, 0x13, 0x81, 0x35, 0x59, 0x29, 0xaa, 0x7f, 0xe4, 0xda, 0xf9, 0x67, 0x0d, 0xd6, + 0x44, 0x7d, 0x93, 0x1f, 0x41, 0x37, 0x44, 0x9a, 0xe2, 0x38, 0x4e, 0x44, 0x0c, 0xa9, 0xb4, 0xd2, + 0x1e, 0x6d, 0x0a, 0xcf, 0x4e, 0x84, 0xe0, 0x6b, 0xc5, 0x77, 0x3b, 0xa1, 0x41, 0x09, 0xd4, 0x08, + 0x22, 0x8e, 0x2c, 0xa2, 0xe1, 0x58, 0xf6, 0x9b, 0xb2, 0xdc, 0xc9, 0x99, 0xaf, 0x45, 0xdf, 0x2d, + 0x96, 0x6a, 0x6d, 0xb9, 0x54, 0x7b, 0x60, 0xc9, 0xcf, 0x13, 0x60, 0xaa, 0xf1, 0xa4, 0xa0, 0xc9, + 0x08, 0xac, 0x29, 0x72, 0xaa, 0xdb, 0x59, 0x74, 0xdd, 0xa3, 0xbc, 0x2d, 0x87, 0xa7, 0x5a, 0xa0, + 0x7a, 0xae, 0xd0, 0x5b, 0x6a, 0xba, 0xc6, 0x72, 0xd3, 0xf5, 0xc0, 0x2a, 0xf2, 0xd5, 0x54, 0x45, + 0x94, 0xd3, 0x02, 0xc9, 0x13, 0x64, 0x41, 0xec, 0xdb, 0x96, 0xac, 0x45, 0x4d, 0x09, 0x1c, 0x8e, + 0xb2, 0xa9, 0xaa, 0xd2, 0x96, 0xc2, 0xe1, 0x28, 0x9b, 0x2e, 0x17, 0x25, 0x2c, 0x14, 0xe5, 0x2e, + 0xd4, 0xa9, 0xf8, 0x92, 0xb2, 0x4b, 0xdb, 0xa3, 0x96, 0xf4, 0x5f, 0x30, 0x5c, 0xc5, 0x27, 0x43, + 0xe8, 0x4e, 0x58, 0x9c, 0x25, 0x63, 0x49, 0x62, 0x6a, 0x77, 0x64, 0xa0, 0x86, 0x62, 0x47, 0xca, + 0x0f, 0x94, 0xb8, 0xf7, 0x33, 0xe8, 0x96, 0x42, 0x5f, 0x51, 0x63, 0xdb, 0x66, 0x8d, 0xb5, 0xcc, + 0xba, 0xfa, 0x53, 0x05, 0x3a, 0xe6, 0x37, 0x15, 0x9b, 0x2f, 0x2e, 0x4e, 0xe4, 0xe6, 0x9a, 0x2b, + 0x96, 0x02, 0x70, 0x19, 0x46, 0x78, 0x47, 0x2f, 0x43, 0x75, 0x80, 0xe5, 0xce, 0x19, 0x42, 0x1a, + 0x44, 0x1e, 0xc3, 0x29, 0x46, 0x5c, 0xcf, 0xa3, 0x39, 0x83, 0x7c, 0x02, 0x10, 0xa4, 0x69, 0x86, + 0x63, 0x31, 0x32, 0x25, 0x28, 0xb7, 0x47, 0xbd, 0xa1, 0x9a, 0xa7, 0xc3, 0x7c, 0x9e, 0x0e, 0x2f, + 0xf2, 0x79, 0xea, 0xb6, 0xa4, 0xb6, 0xa0, 0x9d, 0x3f, 0x42, 0x43, 0xe1, 0xf1, 0xff, 0xb4, 0x1e, + 0x77, 0xc0, 0x52, 0x67, 0x07, 0xbe, 0xae, 0xc5, 0xa6, 0xa4, 0x8f, 0x7d, 0xe7, 0xaf, 0x15, 0xb0, + 0x5c, 0x4c, 0x93, 0x38, 0x4a, 0xd1, 0x98, 0x17, 0x95, 0x77, 0xce, 0x8b, 0xea, 0xca, 0x79, 0x91, + 0x4f, 0xa1, 0x9a, 0x31, 0x85, 0x7a, 0x60, 0x31, 0xf4, 0x03, 0x86, 0x1e, 0xd7, 0x13, 0xab, 0xa0, + 0x85, 0xec, 0x8e, 0x32, 0x01, 0x74, 0xa9, 0x2c, 0xf5, 0x96, 0x5b, 0xd0, 0xe4, 0xa5, 0x09, 0xb3, + 0x6a, 0x80, 0x6d, 0x2b, 0x98, 0x55, 0xee, 0x2e, 0xe3, 0xac, 0xf3, 0x97, 0x2a, 0x6c, 0x2e, 0x8a, + 0x57, 0x7c, 0xec, 0x6d, 0xa8, 0xab, 0x2e, 0xd1, 0x95, 0xc2, 0x97, 0xfa, 0xa3, 0xb6, 0xd0, 0x1f, + 0x3f, 0x87, 0xae, 0xc7, 0x50, 0x4e, 0xdf, 0xf7, 0xfd, 0xca, 0x9d, 0x7c, 0x83, 0x60, 0x91, 0x8f, + 0x61, 0x53, 0x78, 0x99, 0xa0, 0x3f, 0x07, 0x2d, 0x35, 0xaa, 0x37, 0x34, 0xbf, 0x80, 0xad, 0x67, + 0xb0, 0x95, 0xab, 0xce, 0x1b, 0xac, 0x51, 0xd2, 0x3d, 0xca, 0xfb, 0xec, 0x11, 0x34, 0xae, 0x62, + 0x36, 0xa5, 0x5c, 0x77, 0xb4, 0xa6, 0x44, 0x59, 0x14, 0xfe, 0xca, 0xab, 0x82, 0xa5, 0xca, 0x22, + 0x67, 0x8a, 0x0b, 0x94, 0xe8, 0xe0, 0xe2, 0x72, 0x23, 0xbb, 0xdb, 0x72, 0xad, 0xfc, 0x52, 0xe3, + 0xfc, 0x06, 0x36, 0x16, 0xe6, 0xd9, 0x8a, 0x44, 0xce, 0xcd, 0x57, 0x4b, 0xe6, 0x4b, 0x27, 0xd7, + 0x16, 0x4e, 0xfe, 0x2d, 0x6c, 0x7d, 0x41, 0x23, 0x3f, 0x44, 0x7d, 0xfe, 0x01, 0x9b, 0x48, 0xc4, + 0xd7, 0xd7, 0xab, 0xb1, 0xbe, 0x38, 0x75, 0xdd, 0x96, 0xe6, 0x1c, 0xfb, 0xe4, 0x29, 0x34, 0x99, + 0xd2, 0xd6, 0x85, 0xd7, 0x36, 0x06, 0xae, 0x9b, 0xcb, 0x9c, 0x6f, 0x81, 0x94, 0x8e, 0x16, 0x37, + 0xab, 0x19, 0x19, 0x88, 0x02, 0x54, 0x45, 0xa1, 0x0b, 0xbb, 0x63, 0xd6, 0x91, 0x5b, 0x48, 0x49, + 0x1f, 0x6a, 0xc8, 0x98, 0x36, 0x21, 0x27, 0xde, 0xfc, 0x1e, 0xeb, 0x0a, 0x91, 0xf3, 0x43, 0xd8, + 0x3a, 0x4f, 0xd0, 0x0b, 0x68, 0x28, 0xef, 0xa0, 0xca, 0xc0, 0x2e, 0xd4, 0x45, 0x92, 0xf3, 0x9e, + 0x95, 0x20, 0xa6, 0xc4, 0x8a, 0xef, 0x7c, 0x0b, 0xb6, 0xf2, 0xeb, 0xe8, 0x6d, 0x90, 0x72, 0x8c, + 0x3c, 0x3c, 0xbc, 0x46, 0xef, 0xe6, 0xbf, 0x18, 0xf9, 0x2d, 0xec, 0xac, 0xb2, 0x90, 0xfb, 0xd7, + 0xf6, 0x04, 0x35, 0xbe, 0x8a, 0xb3, 0x48, 0xd9, 0xb0, 0x5c, 0x90, 0xac, 0xcf, 0x05, 0x47, 0x7c, + 0x47, 0x14, 0xfb, 0x52, 0x0d, 0x7d, 0x9a, 0xca, 0xf3, 0x51, 0xbb, 0x3f, 0x1f, 0xdf, 0x55, 0xa0, + 0x75, 0x8e, 0x3c, 0x4b, 0x64, 0x2c, 0x8f, 0xa1, 0x75, 0xc9, 0xe2, 0x1b, 0x64, 0xf3, 0x50, 0x2c, + 0xc5, 0x38, 0xf6, 0xc9, 0x4b, 0x68, 0x1c, 0xc6, 0xd1, 0x55, 0x30, 0x91, 0x37, 0xf2, 0xf6, 0x68, + 0x47, 0xa1, 0x8b, 0xde, 0x3b, 0x54, 0x32, 0x35, 0xd7, 0xb4, 0x62, 0xef, 0x13, 0x68, 0x1b, 0xec, + 0xff, 0x08, 0xf3, 0xff, 0x1f, 0x40, 0x9e, 0xad, 0x32, 0xb0, 0xa9, 0x02, 0xd1, 0x3b, 0x85, 0xe3, + 0xbb, 0xd0, 0x12, 0x77, 0x09, 0x25, 0x26, 0xb0, 0x66, 0x3c, 0x4f, 0xe4, 0xda, 0x79, 0x0a, 0x5b, + 0xc7, 0xd1, 0x2d, 0x0d, 0x03, 0x9f, 0x72, 0xfc, 0x12, 0x67, 0x32, 0xc0, 0x25, 0x0f, 0x9c, 0x73, + 0xe8, 0xe8, 0x07, 0xc0, 0x7b, 0xf9, 0xd8, 0xd1, 0x3e, 0xfe, 0xfb, 0x16, 0xf9, 0x18, 0x36, 0xf4, + 0xa1, 0x27, 0x81, 0x6e, 0x10, 0x31, 0xa1, 0x19, 0x5e, 0x05, 0x6f, 0xf5, 0xd1, 0x9a, 0x72, 0x5e, + 0xc1, 0xa6, 0xa1, 0x5a, 0x84, 0x73, 0x83, 0xb3, 0x34, 0x7f, 0x18, 0x89, 0x75, 0x9e, 0x81, 0xea, + 0x3c, 0x03, 0x0e, 0xac, 0xeb, 0x9d, 0x6f, 0x90, 0xdf, 0x13, 0xdd, 0x97, 0x85, 0x23, 0x6f, 0x50, + 0x1f, 0xbe, 0x07, 0x75, 0x14, 0x91, 0x9a, 0x03, 0xca, 0xcc, 0x80, 0xab, 0xc4, 0x2b, 0x0c, 0xbe, + 0x2a, 0x0c, 0x9e, 0x65, 0xca, 0xe0, 0x7b, 0x9e, 0xe5, 0x7c, 0x58, 0xb8, 0x71, 0x96, 0xf1, 0xfb, + 0xbe, 0xe8, 0x53, 0xd8, 0xd2, 0x4a, 0xaf, 0x31, 0x44, 0x8e, 0xf7, 0x84, 0xb4, 0x07, 0xa4, 0xa4, + 0x76, 0xdf, 0x71, 0x4f, 0xc0, 0xba, 0xb8, 0x38, 0x29, 0xa4, 0x65, 0xe4, 0x73, 0x3e, 0x85, 0xad, + 0xf3, 0xcc, 0x8f, 0xcf, 0x58, 0x70, 0x1b, 0x84, 0x38, 0x51, 0xc6, 0xf2, 0x77, 0x59, 0xc5, 0x78, + 0x97, 0xad, 0x9c, 0x35, 0xce, 0x00, 0x48, 0x69, 0x7b, 0xf1, 0xdd, 0xd2, 0xcc, 0x8f, 0x75, 0x83, + 0xca, 0xb5, 0x33, 0x80, 0xce, 0x05, 0x15, 0xd3, 0xdc, 0x57, 0x3a, 0x36, 0x34, 0xb9, 0xa2, 0xb5, + 0x5a, 0x4e, 0x3a, 0x23, 0xd8, 0x3e, 0xa4, 0xde, 0x75, 0x10, 0x4d, 0x5e, 0x07, 0xa9, 0xb8, 0xb6, + 0xe8, 0x1d, 0x3d, 0xb0, 0x7c, 0xcd, 0xd0, 0x5b, 0x0a, 0xda, 0x79, 0x0e, 0x0f, 0x8d, 0xd7, 0xe7, + 0x39, 0xa7, 0x79, 0x3e, 0xb6, 0xa1, 0x9e, 0x0a, 0x4a, 0xee, 0xa8, 0xbb, 0x8a, 0x70, 0xbe, 0x82, + 0x6d, 0x73, 0xbc, 0x8a, 0xcb, 0x45, 0x1e, 0xb8, 0x1c, 0xfb, 0x15, 0x63, 0xec, 0xeb, 0x9c, 0x55, + 0xe7, 0xd3, 0x62, 0x13, 0x6a, 0xbf, 0xfc, 0xe6, 0x42, 0x17, 0xbb, 0x58, 0x3a, 0xbf, 0x17, 0xe6, + 0xcb, 0xe7, 0x29, 0xf3, 0xa5, 0xd9, 0x5f, 0x79, 0x9f, 0xd9, 0xbf, 0xa2, 0xde, 0x9e, 0xc3, 0xd6, + 0x69, 0x18, 0x7b, 0x37, 0x47, 0x91, 0x91, 0x0d, 0x1b, 0x9a, 0x18, 0x99, 0xc9, 0xc8, 0x49, 0xe7, + 0x23, 0xd8, 0x38, 0x11, 0x6f, 0xff, 0x53, 0xf1, 0x88, 0x28, 0xb2, 0x20, 0x7f, 0x07, 0x68, 0x55, + 0x45, 0x38, 0xcf, 0x01, 0xe6, 0x0f, 0x21, 0x01, 0xae, 0x0c, 0xa7, 0x31, 0xc7, 0x31, 0xf5, 0xfd, + 0xbc, 0x82, 0x40, 0xb1, 0x0e, 0x7c, 0x9f, 0x8d, 0xfe, 0x51, 0x85, 0xe6, 0x2f, 0xd4, 0xff, 0x16, + 0xf2, 0x19, 0x74, 0x4b, 0x03, 0x8a, 0x3c, 0x94, 0x2f, 0xa1, 0xc5, 0x71, 0xd8, 0x7b, 0xb4, 0xc4, + 0x56, 0x0e, 0xbd, 0x80, 0x8e, 0x39, 0x7e, 0x88, 0x1c, 0x35, 0xf2, 0xb7, 0x4c, 0x4f, 0x9e, 0xb4, + 0x3c, 0x9b, 0xce, 0x61, 0x7b, 0xd5, 0x60, 0x20, 0x4f, 0xe6, 0x16, 0x96, 0x87, 0x52, 0xef, 0x83, + 0xfb, 0xa4, 0xf9, 0x40, 0x69, 0x1e, 0x86, 0x48, 0xa3, 0x2c, 0x31, 0x3d, 0x98, 0x2f, 0xc9, 0x4b, + 0xe8, 0x96, 0xc0, 0x53, 0xc5, 0xb9, 0x84, 0xa7, 0xe6, 0x96, 0x3d, 0xa8, 0x4b, 0xc0, 0x26, 0xdd, + 0xd2, 0x5c, 0xe8, 0xad, 0x17, 0xa4, 0xb2, 0xdd, 0x87, 0x35, 0xf9, 0x08, 0x34, 0x0c, 0xcb, 0x1d, + 0x05, 0x9a, 0x8f, 0xfe, 0x56, 0x81, 0x66, 0xfe, 0x03, 0xe7, 0x25, 0xac, 0x09, 0x5c, 0x24, 0x0f, + 0x0c, 0x68, 0xc9, 0x31, 0xb5, 0xb7, 0xbd, 0xc0, 0x54, 0x06, 0x86, 0x50, 0x7b, 0x83, 0x9c, 0x10, + 0x43, 0xa8, 0x01, 0xb2, 0xf7, 0xa0, 0xcc, 0x2b, 0xf4, 0xcf, 0xb2, 0xb2, 0xbe, 0xc6, 0xb7, 0x92, + 0x7e, 0x81, 0x5c, 0x3f, 0x81, 0x86, 0x42, 0x1e, 0x95, 0x94, 0x25, 0xcc, 0x52, 0x1f, 0x7f, 0x19, + 0xa3, 0x46, 0x7f, 0xaf, 0x01, 0x9c, 0xcf, 0x52, 0x8e, 0xd3, 0x5f, 0x07, 0x78, 0x47, 0x9e, 0xc1, + 0xc6, 0x6b, 0xbc, 0xa2, 0x59, 0xc8, 0xe5, 0xfb, 0x40, 0x74, 0x98, 0x91, 0x13, 0x79, 0xc5, 0x29, + 0x00, 0x6c, 0x0f, 0xda, 0xa7, 0xf4, 0xed, 0xbb, 0xf5, 0x3e, 0x83, 0x6e, 0x09, 0x97, 0xb4, 0x8b, + 0x8b, 0x48, 0xa7, 0x5d, 0x5c, 0x46, 0xb0, 0x3d, 0x68, 0x6a, 0xb4, 0x32, 0x6d, 0x48, 0x5c, 0x2f, + 0xa1, 0xd8, 0x8f, 0x61, 0x63, 0x01, 0xab, 0x4c, 0x7d, 0xf9, 0x93, 0x69, 0x25, 0x96, 0xbd, 0x12, + 0xf7, 0xfb, 0x32, 0x5e, 0x99, 0x1b, 0x77, 0x14, 0x46, 0xac, 0x02, 0xb4, 0x37, 0xe5, 0x97, 0x81, + 0x7c, 0x17, 0xd9, 0x8b, 0x90, 0x92, 0x03, 0x5a, 0x7e, 0xd0, 0x2a, 0x68, 0x7a, 0x01, 0x1d, 0x13, + 0x55, 0x96, 0x5a, 0x70, 0x19, 0x72, 0xbe, 0x0f, 0x30, 0x07, 0x16, 0x53, 0x5f, 0x96, 0xc7, 0x02, + 0xe6, 0x5c, 0x36, 0xe4, 0x5b, 0xe2, 0x07, 0xff, 0x0a, 0x00, 0x00, 0xff, 0xff, 0xe5, 0x31, 0x02, + 0x9d, 0xb6, 0x15, 0x00, 0x00, } diff --git a/logical/plugin/pb/backend.proto b/logical/plugin/pb/backend.proto index 2758bfd7e877..b94da727ac4a 100644 --- a/logical/plugin/pb/backend.proto +++ b/logical/plugin/pb/backend.proto @@ -125,6 +125,11 @@ message Request { // attached. Useful in some situations where the client token is not made // accessible. bool unauthenticated = 19; + + // Connection will be non-nil only for credential providers to + // inspect the connection information and potentially use it for + // authentication/protection. + Connection connection = 20; } message Alias { @@ -511,8 +516,8 @@ service SystemView { // anyways), we can ignore the errors to allow unmounting to complete. rpc Tainted(Empty) returns (TaintedReply); - // CachingDisabled returns true if caching is disabled. If true, no caches - // should be used, despite known slowdowns. + // CachingDisabled returns true if caching is disabled. If true, no caches + // should be used, despite known slowdowns. rpc CachingDisabled(Empty) returns (CachingDisabledReply); // ReplicationState indicates the state of cluster replication @@ -526,7 +531,12 @@ service SystemView { // plugins. rpc MlockEnabled(Empty) returns (MlockEnabledReply); - // LocalMount, when run from a system view attached to a request, indicates - // whether the request is affecting a local mount or not + // LocalMount, when run from a system view attached to a request, indicates + // whether the request is affecting a local mount or not rpc LocalMount(Empty) returns (LocalMountReply); } + +message Connection { + // RemoteAddr is the network address that sent the request. + string remote_addr = 1; +} diff --git a/logical/plugin/pb/translation.go b/logical/plugin/pb/translation.go index c60559f08aa9..3d227ba45d0a 100644 --- a/logical/plugin/pb/translation.go +++ b/logical/plugin/pb/translation.go @@ -240,10 +240,10 @@ func LogicalRequestToProtoRequest(r *logical.Request) (*Request, error) { MountAccessor: r.MountAccessor, WrapInfo: LogicalRequestWrapInfoToProtoRequestWrapInfo(r.WrapInfo), ClientTokenRemainingUses: int64(r.ClientTokenRemainingUses), - //MFACreds: MFACreds, - EntityID: r.EntityID, - PolicyOverride: r.PolicyOverride, - Unauthenticated: r.Unauthenticated, + Connection: LogicalConnectionToProtoConnection(r.Connection), + EntityID: r.EntityID, + PolicyOverride: r.PolicyOverride, + Unauthenticated: r.Unauthenticated, }, nil } @@ -293,13 +293,33 @@ func ProtoRequestToLogicalRequest(r *Request) (*logical.Request, error) { MountAccessor: r.MountAccessor, WrapInfo: ProtoRequestWrapInfoToLogicalRequestWrapInfo(r.WrapInfo), ClientTokenRemainingUses: int(r.ClientTokenRemainingUses), - //MFACreds: MFACreds, - EntityID: r.EntityID, - PolicyOverride: r.PolicyOverride, - Unauthenticated: r.Unauthenticated, + Connection: ProtoConnectionToLogicalConnection(r.Connection), + EntityID: r.EntityID, + PolicyOverride: r.PolicyOverride, + Unauthenticated: r.Unauthenticated, }, nil } +func LogicalConnectionToProtoConnection(c *logical.Connection) *Connection { + if c == nil { + return nil + } + + return &Connection{ + RemoteAddr: c.RemoteAddr, + } +} + +func ProtoConnectionToLogicalConnection(c *Connection) *logical.Connection { + if c == nil { + return nil + } + + return &logical.Connection{ + RemoteAddr: c.RemoteAddr, + } +} + func LogicalRequestWrapInfoToProtoRequestWrapInfo(i *logical.RequestWrapInfo) *RequestWrapInfo { if i == nil { return nil diff --git a/logical/plugin/pb/translation_test.go b/logical/plugin/pb/translation_test.go index f829f687d60c..c55f36eac2c9 100644 --- a/logical/plugin/pb/translation_test.go +++ b/logical/plugin/pb/translation_test.go @@ -72,6 +72,9 @@ func TestTranslation_Request(t *testing.T) { EntityID: "tester", PolicyOverride: true, Unauthenticated: true, + Connection: &logical.Connection{ + RemoteAddr: "localhost", + }, }, &logical.Request{ ID: "ID", From 8ded4d2a37ede444e95498867244a147b24f956d Mon Sep 17 00:00:00 2001 From: Brian Kassouf Date: Fri, 16 Feb 2018 17:44:51 -0800 Subject: [PATCH 158/178] changelogg++ --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 33955fd88397..c29d666a3528 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -75,6 +75,7 @@ BUG FIXES: * storage/zookeeper: Update vendoring to fix freezing issues [GH-3896] * ui (Enterprise): Decoding the replication token should no longer error and prevent enabling of a secondary replication cluster via the ui. + * plugin/gRPC: Add connection info to the request object [GH-3997] ## 0.9.3 (January 28th, 2018) From 9c88c9ddac86d473856d9ecab22fca873cfd9898 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Sat, 17 Feb 2018 20:52:42 -0500 Subject: [PATCH 159/178] Handle missed error case in seal status output format (#4001) Fixes #3998 --- command/format.go | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/command/format.go b/command/format.go index d20e785bfedb..d6e4171dfc3b 100644 --- a/command/format.go +++ b/command/format.go @@ -298,6 +298,11 @@ func OutputSealStatus(ui cli.Ui, client *api.Client, status *api.SealStatusRespo leaderStatus, err := client.Sys().Leader() if err != nil && strings.Contains(err.Error(), "Vault is sealed") { leaderStatus = &api.LeaderResponse{HAEnabled: true} + err = nil + } + if err != nil { + ui.Error(fmt.Sprintf("Error checking leader status: %s", err)) + return 1 } // Output if HA is enabled @@ -305,16 +310,23 @@ func OutputSealStatus(ui cli.Ui, client *api.Client, status *api.SealStatusRespo if leaderStatus.HAEnabled { mode := "sealed" if !status.Sealed { + out = append(out, fmt.Sprintf("HA Cluster | %s", leaderStatus.LeaderClusterAddress)) mode = "standby" + showLeaderAddr := false if leaderStatus.IsSelf { mode = "active" + } else { + if leaderStatus.LeaderAddress == "" { + leaderStatus.LeaderAddress = "" + } + showLeaderAddr = true } - } + out = append(out, fmt.Sprintf("HA Mode | %s", mode)) - out = append(out, fmt.Sprintf("HA Mode | %s", mode)) - - if !status.Sealed { - out = append(out, fmt.Sprintf("HA Cluster | %s", leaderStatus.LeaderClusterAddress)) + // This is down here just to keep ordering consistent + if showLeaderAddr { + out = append(out, fmt.Sprintf("Active Node Address: | %s", leaderStatus.LeaderAddress)) + } } } From 9b8dfd43fa59080514a5e5cd57c3571f85ae3afe Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Sat, 17 Feb 2018 20:53:29 -0500 Subject: [PATCH 160/178] changelog++ --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index c29d666a3528..019e16ba2d72 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -56,6 +56,8 @@ BUG FIXES: periodic tokens. [GH-3880] * command/rekey: Re-add lost `stored-shares` parameter [GH-3974] * command/ssh: Create and reuse the api client [GH-3909] + * command/status: Fix panic when status returns 500 from leadership lookup + [GH-3998] * identity: Fix race when creating entities [GH-3932] * plugin/gRPC: Fixed an issue with list requests and raw responses coming from plugins using gRPC transport [GH-3881] From fbcad150aa3dba3b33ab2f5474fac8bc3752f97d Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Sat, 17 Feb 2018 21:01:36 -0500 Subject: [PATCH 161/178] Fix missing CommonName in subject generation --- builtin/logical/pki/cert_util.go | 1 + 1 file changed, 1 insertion(+) diff --git a/builtin/logical/pki/cert_util.go b/builtin/logical/pki/cert_util.go index 09b0317b3aa1..ee1d0f970246 100644 --- a/builtin/logical/pki/cert_util.go +++ b/builtin/logical/pki/cert_util.go @@ -842,6 +842,7 @@ func generateCreationBundle(b *backend, data *dataBundle) error { } subject := pkix.Name{ + CommonName: cn, Country: strutil.RemoveDuplicates(data.role.Country, false), Organization: strutil.RemoveDuplicates(data.role.Organization, false), OrganizationalUnit: strutil.RemoveDuplicates(data.role.OU, false), From 45a90a9fe36ea0aa9e43c74054736f62ac524f04 Mon Sep 17 00:00:00 2001 From: Robison Jacka Date: Sun, 18 Feb 2018 10:21:54 -0800 Subject: [PATCH 162/178] Add test coverage for recently-added PKIX fields. (#4002) --- builtin/logical/pki/backend_test.go | 145 ++++++++++++++++++++++++++++ 1 file changed, 145 insertions(+) diff --git a/builtin/logical/pki/backend_test.go b/builtin/logical/pki/backend_test.go index 02088e045184..8ef5f2eea8e6 100644 --- a/builtin/logical/pki/backend_test.go +++ b/builtin/logical/pki/backend_test.go @@ -1555,6 +1555,27 @@ func generateRoleSteps(t *testing.T, useCSRs bool) []logicaltest.TestStep { ret = append(ret, issueTestStep) } + getCountryCheck := func(role roleEntry) logicaltest.TestCheckFunc { + var certBundle certutil.CertBundle + return func(resp *logical.Response) error { + err := mapstructure.Decode(resp.Data, &certBundle) + if err != nil { + return err + } + parsedCertBundle, err := certBundle.ToParsedCertBundle() + if err != nil { + return fmt.Errorf("Error checking generated certificate: %s", err) + } + cert := parsedCertBundle.Certificate + + expected := strutil.RemoveDuplicates(role.Country, true) + if !reflect.DeepEqual(cert.Subject.Country, expected) { + return fmt.Errorf("Error: returned certificate has Country of %s but %s was specified in the role.", cert.Subject.Country, expected) + } + return nil + } + } + getOuCheck := func(role roleEntry) logicaltest.TestCheckFunc { var certBundle certutil.CertBundle return func(resp *logical.Response) error { @@ -1597,6 +1618,90 @@ func generateRoleSteps(t *testing.T, useCSRs bool) []logicaltest.TestStep { } } + getLocalityCheck := func(role roleEntry) logicaltest.TestCheckFunc { + var certBundle certutil.CertBundle + return func(resp *logical.Response) error { + err := mapstructure.Decode(resp.Data, &certBundle) + if err != nil { + return err + } + parsedCertBundle, err := certBundle.ToParsedCertBundle() + if err != nil { + return fmt.Errorf("Error checking generated certificate: %s", err) + } + cert := parsedCertBundle.Certificate + + expected := strutil.RemoveDuplicates(role.Locality, true) + if !reflect.DeepEqual(cert.Subject.Locality, expected) { + return fmt.Errorf("Error: returned certificate has Locality of %s but %s was specified in the role.", cert.Subject.Locality, expected) + } + return nil + } + } + + getProvinceCheck := func(role roleEntry) logicaltest.TestCheckFunc { + var certBundle certutil.CertBundle + return func(resp *logical.Response) error { + err := mapstructure.Decode(resp.Data, &certBundle) + if err != nil { + return err + } + parsedCertBundle, err := certBundle.ToParsedCertBundle() + if err != nil { + return fmt.Errorf("Error checking generated certificate: %s", err) + } + cert := parsedCertBundle.Certificate + + expected := strutil.RemoveDuplicates(role.Province, true) + if !reflect.DeepEqual(cert.Subject.Province, expected) { + return fmt.Errorf("Error: returned certificate has Province of %s but %s was specified in the role.", cert.Subject.Province, expected) + } + return nil + } + } + + getStreetAddressCheck := func(role roleEntry) logicaltest.TestCheckFunc { + var certBundle certutil.CertBundle + return func(resp *logical.Response) error { + err := mapstructure.Decode(resp.Data, &certBundle) + if err != nil { + return err + } + parsedCertBundle, err := certBundle.ToParsedCertBundle() + if err != nil { + return fmt.Errorf("Error checking generated certificate: %s", err) + } + cert := parsedCertBundle.Certificate + + expected := strutil.RemoveDuplicates(role.StreetAddress, true) + if !reflect.DeepEqual(cert.Subject.StreetAddress, expected) { + return fmt.Errorf("Error: returned certificate has StreetAddress of %s but %s was specified in the role.", cert.Subject.StreetAddress, expected) + } + return nil + } + } + + getPostalCodeCheck := func(role roleEntry) logicaltest.TestCheckFunc { + var certBundle certutil.CertBundle + return func(resp *logical.Response) error { + err := mapstructure.Decode(resp.Data, &certBundle) + if err != nil { + return err + } + parsedCertBundle, err := certBundle.ToParsedCertBundle() + if err != nil { + return fmt.Errorf("Error checking generated certificate: %s", err) + } + cert := parsedCertBundle.Certificate + + expected := strutil.RemoveDuplicates(role.PostalCode, true) + if !reflect.DeepEqual(cert.Subject.PostalCode, expected) { + return fmt.Errorf("Error: returned certificate has PostalCode of %s but %s was specified in the role.", cert.Subject.PostalCode, expected) + } + return nil + } + } + // Returns a TestCheckFunc that performs various validity checks on the // returned certificate information, mostly within checkCertsAndPrivateKey getCnCheck := func(name string, role roleEntry, key crypto.Signer, usage x509.KeyUsage, extUsage x509.ExtKeyUsage, validity time.Duration) logicaltest.TestCheckFunc { @@ -1883,6 +1988,14 @@ func generateRoleSteps(t *testing.T, useCSRs bool) []logicaltest.TestStep { keybitSizeRandOff = true addCnTests() } + // Country tests + { + roleVals.Country = []string{"foo"} + addTests(getCountryCheck(roleVals)) + + roleVals.Country = []string{"foo", "bar"} + addTests(getCountryCheck(roleVals)) + } // OU tests { roleVals.OU = []string{"foo"} @@ -1899,6 +2012,38 @@ func generateRoleSteps(t *testing.T, useCSRs bool) []logicaltest.TestStep { roleVals.Organization = []string{"foo", "bar"} addTests(getOrganizationCheck(roleVals)) } + // Locality tests + { + roleVals.Locality = []string{"foo"} + addTests(getLocalityCheck(roleVals)) + + roleVals.Locality = []string{"foo", "bar"} + addTests(getLocalityCheck(roleVals)) + } + // Province tests + { + roleVals.Province = []string{"foo"} + addTests(getProvinceCheck(roleVals)) + + roleVals.Province = []string{"foo", "bar"} + addTests(getProvinceCheck(roleVals)) + } + // StreetAddress tests + { + roleVals.StreetAddress = []string{"123 foo street"} + addTests(getStreetAddressCheck(roleVals)) + + roleVals.StreetAddress = []string{"123 foo street", "456 bar avenue"} + addTests(getStreetAddressCheck(roleVals)) + } + // PostalCode tests + { + roleVals.PostalCode = []string{"f00"} + addTests(getPostalCodeCheck(roleVals)) + + roleVals.PostalCode = []string{"f00", "b4r"} + addTests(getPostalCodeCheck(roleVals)) + } // IP SAN tests { roleVals.UseCSRSANs = true From 7a46918f8c80c039a5d85909d457e8b11119bdb8 Mon Sep 17 00:00:00 2001 From: Robison Jacka Date: Sun, 18 Feb 2018 13:22:35 -0800 Subject: [PATCH 163/178] Adding path roles test coverage for storing PKIX fields (#4003) --- builtin/logical/pki/path_roles_test.go | 92 ++++++++++++++++++++++++++ 1 file changed, 92 insertions(+) diff --git a/builtin/logical/pki/path_roles_test.go b/builtin/logical/pki/path_roles_test.go index 3f7e9cb2713c..ed101fd0cac2 100644 --- a/builtin/logical/pki/path_roles_test.go +++ b/builtin/logical/pki/path_roles_test.go @@ -4,6 +4,7 @@ import ( "context" "testing" + "github.com/hashicorp/vault/helper/strutil" "github.com/hashicorp/vault/logical" "github.com/mitchellh/mapstructure" ) @@ -404,6 +405,97 @@ func TestPki_RoleAllowedDomains(t *testing.T) { } } +func TestPki_RolePkixFields(t *testing.T) { + var resp *logical.Response + var err error + b, storage := createBackendWithStorage(t) + + roleData := map[string]interface{}{ + "ttl": "5h", + "country": []string{"c1", "c2"}, + "ou": []string{"abc", "123"}, + "organization": []string{"org1", "org2"}, + "locality": []string{"foocity", "bartown"}, + "province": []string{"bar", "foo"}, + "street_address": []string{"123 foo street", "789 bar avenue"}, + "postal_code": []string{"f00", "b4r"}, + } + + roleReq := &logical.Request{ + Operation: logical.UpdateOperation, + Path: "roles/testrole_pkixfields", + Storage: storage, + Data: roleData, + } + + resp, err = b.HandleRequest(context.Background(), roleReq) + if err != nil || (resp != nil && resp.IsError()) { + t.Fatalf("bad: err: %v resp: %#v", err, resp) + } + + roleReq.Operation = logical.ReadOperation + resp, err = b.HandleRequest(context.Background(), roleReq) + if err != nil || (resp != nil && resp.IsError()) { + t.Fatalf("bad: err: %v resp: %#v", err, resp) + } + + origCountry := roleData["country"].([]string) + respCountry := resp.Data["country"].([]string) + if !strutil.StrListSubset(origCountry, respCountry) { + t.Fatalf("country did not match values set in role") + } else if len(origCountry) != len(respCountry) { + t.Fatalf("country did not have same number of values set in role") + } + + origOU := roleData["ou"].([]string) + respOU := resp.Data["ou"].([]string) + if !strutil.StrListSubset(origOU, respOU) { + t.Fatalf("ou did not match values set in role") + } else if len(origOU) != len(respOU) { + t.Fatalf("ou did not have same number of values set in role") + } + + origOrganization := roleData["organization"].([]string) + respOrganization := resp.Data["organization"].([]string) + if !strutil.StrListSubset(origOrganization, respOrganization) { + t.Fatalf("organization did not match values set in role") + } else if len(origOrganization) != len(respOrganization) { + t.Fatalf("organization did not have same number of values set in role") + } + + origLocality := roleData["locality"].([]string) + respLocality := resp.Data["locality"].([]string) + if !strutil.StrListSubset(origLocality, respLocality) { + t.Fatalf("locality did not match values set in role") + } else if len(origLocality) != len(respLocality) { + t.Fatalf("locality did not have same number of values set in role: ") + } + + origProvince := roleData["province"].([]string) + respProvince := resp.Data["province"].([]string) + if !strutil.StrListSubset(origProvince, respProvince) { + t.Fatalf("province did not match values set in role") + } else if len(origProvince) != len(respProvince) { + t.Fatalf("province did not have same number of values set in role") + } + + origStreetAddress := roleData["street_address"].([]string) + respStreetAddress := resp.Data["street_address"].([]string) + if !strutil.StrListSubset(origStreetAddress, respStreetAddress) { + t.Fatalf("street_address did not match values set in role") + } else if len(origStreetAddress) != len(respStreetAddress) { + t.Fatalf("street_address did not have same number of values set in role") + } + + origPostalCode := roleData["postal_code"].([]string) + respPostalCode := resp.Data["postal_code"].([]string) + if !strutil.StrListSubset(origPostalCode, respPostalCode) { + t.Fatalf("postal_code did not match values set in role") + } else if len(origPostalCode) != len(respPostalCode) { + t.Fatalf("postal_code did not have same number of values set in role") + } +} + func TestPki_RoleNoStore(t *testing.T) { var resp *logical.Response var err error From 1c9f1736fbb1b12792b009779460fe1282de7f2a Mon Sep 17 00:00:00 2001 From: Max Walther Date: Mon, 19 Feb 2018 15:29:45 +0100 Subject: [PATCH 164/178] Fix bug with vault cli when reading an individual field containing a Printf formatting verb (#4005) --- command/util.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/command/util.go b/command/util.go index 04e04fc6a9d1..8055ae2445ec 100644 --- a/command/util.go +++ b/command/util.go @@ -128,7 +128,7 @@ func PrintRaw(ui cli.Ui, str string) int { // The cli.Ui prints a CR, which is not wanted since the user probably wants // just the raw value. w := getWriterFromUI(ui) - fmt.Fprintf(w, str) + fmt.Fprint(w, str) } return 0 } From 12ce833d6bf8026d63652f0c4ade172e0ce63515 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Mon, 19 Feb 2018 20:29:26 -0500 Subject: [PATCH 165/178] Bump Travis to Go 1.10 --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index fb29df5f6f44..54a6b81981a7 100644 --- a/.travis.yml +++ b/.travis.yml @@ -7,7 +7,7 @@ services: - docker go: - - 1.9.1 + - "1.10" matrix: allow_failures: From 87d9ac8b0a9761a7c4cf7ea407037338a873a696 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Mon, 19 Feb 2018 20:37:38 -0500 Subject: [PATCH 166/178] Kick Travis From 83f6b21d3ef930df0352a4ae7b1e971790e3eb22 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Mon, 19 Feb 2018 22:46:17 -0500 Subject: [PATCH 167/178] Remove now-unneeded PKCS8 code and update certutil tests for Go 1.10 --- builtin/logical/pki/cert_util.go | 2 +- helper/certutil/certutil_test.go | 445 +++++++++++++++++-------------- helper/certutil/pkcs8.go | 119 --------- helper/certutil/pkcs8_test.go | 110 -------- helper/certutil/types.go | 8 +- helper/pgpkeys/keybase.go | 14 +- 6 files changed, 256 insertions(+), 442 deletions(-) delete mode 100644 helper/certutil/pkcs8.go delete mode 100644 helper/certutil/pkcs8_test.go diff --git a/builtin/logical/pki/cert_util.go b/builtin/logical/pki/cert_util.go index ee1d0f970246..be083a57e168 100644 --- a/builtin/logical/pki/cert_util.go +++ b/builtin/logical/pki/cert_util.go @@ -1351,7 +1351,7 @@ func convertRespToPKCS8(resp *logical.Response) error { return errwrap.Wrapf("error converting response to pkcs8: error parsing previous key: {{err}}", err) } - keyData, err = certutil.MarshalPKCS8PrivateKey(signer) + keyData, err = x509.MarshalPKCS8PrivateKey(signer) if err != nil { return errwrap.Wrapf("error converting response to pkcs8: error marshaling pkcs8 key: {{err}}", err) } diff --git a/helper/certutil/certutil_test.go b/helper/certutil/certutil_test.go index 06769ffec0d4..14bcc27c0a12 100644 --- a/helper/certutil/certutil_test.go +++ b/helper/certutil/certutil_test.go @@ -2,10 +2,22 @@ package certutil import ( "bytes" + "crypto/ecdsa" + "crypto/elliptic" + "crypto/rand" + "crypto/rsa" + "crypto/x509" + "crypto/x509/pkix" "encoding/json" + "encoding/pem" "fmt" + "math/big" + mathrand "math/rand" "reflect" + "strings" + "sync" "testing" + "time" "github.com/fatih/structs" "github.com/hashicorp/vault/api" @@ -179,7 +191,7 @@ func compareCertBundleToParsedCertBundle(cbut *CertBundle, pcbut *ParsedCertBund return fmt.Errorf("Error when getting subject key id: %s", err) } if bytes.Compare(subjKeyID, pcbut.Certificate.SubjectKeyId) != 0 { - return fmt.Errorf("Parsed bundle private key does not match subject key id") + return fmt.Errorf("Parsed bundle private key does not match subject key id\nGot\n%#v\nExpected\n%#v\nCert\n%#v", subjKeyID, pcbut.Certificate.SubjectKeyId, *pcbut.Certificate) } switch { @@ -307,14 +319,14 @@ func compareCSRBundleToParsedCSRBundle(csrbut *CSRBundle, pcsrbut *ParsedCSRBund return fmt.Errorf("Bundle has wrong private key type") } if csrb.PrivateKey != privRSAKeyPem { - return fmt.Errorf("Bundle private key does not match") + return fmt.Errorf("Bundle rsa private key does not match\nGot\n%#v\nExpected\n%#v", csrb.PrivateKey, privRSAKeyPem) } case "ec": if pcsrbut.PrivateKeyType != ECPrivateKey { return fmt.Errorf("Bundle has wrong private key type") } if csrb.PrivateKey != privECKeyPem { - return fmt.Errorf("Bundle private key does not match") + return fmt.Errorf("Bundle ec private key does not match") } default: return fmt.Errorf("Bundle has unknown private key type") @@ -395,6 +407,7 @@ func TestTLSConfig(t *testing.T) { } func refreshRSA8CertBundle() *CertBundle { + initTest.Do(setCerts) return &CertBundle{ Certificate: certRSAPem, PrivateKey: privRSA8KeyPem, @@ -403,12 +416,14 @@ func refreshRSA8CertBundle() *CertBundle { } func refreshRSA8CertBundleWithChain() *CertBundle { + initTest.Do(setCerts) ret := refreshRSA8CertBundle() ret.CAChain = issuingCaChainPem return ret } func refreshRSACertBundle() *CertBundle { + initTest.Do(setCerts) return &CertBundle{ Certificate: certRSAPem, CAChain: []string{issuingCaChainPem[0]}, @@ -417,12 +432,14 @@ func refreshRSACertBundle() *CertBundle { } func refreshRSACertBundleWithChain() *CertBundle { + initTest.Do(setCerts) ret := refreshRSACertBundle() ret.CAChain = issuingCaChainPem return ret } func refreshECCertBundle() *CertBundle { + initTest.Do(setCerts) return &CertBundle{ Certificate: certECPem, CAChain: []string{issuingCaChainPem[0]}, @@ -431,12 +448,14 @@ func refreshECCertBundle() *CertBundle { } func refreshECCertBundleWithChain() *CertBundle { + initTest.Do(setCerts) ret := refreshECCertBundle() ret.CAChain = issuingCaChainPem return ret } func refreshRSACSRBundle() *CSRBundle { + initTest.Do(setCerts) return &CSRBundle{ CSR: csrRSAPem, PrivateKey: privRSAKeyPem, @@ -444,6 +463,7 @@ func refreshRSACSRBundle() *CSRBundle { } func refreshECCSRBundle() *CSRBundle { + initTest.Do(setCerts) return &CSRBundle{ CSR: csrECPem, PrivateKey: privECKeyPem, @@ -451,6 +471,7 @@ func refreshECCSRBundle() *CSRBundle { } func refreshEC8CertBundle() *CertBundle { + initTest.Do(setCerts) return &CertBundle{ Certificate: certECPem, PrivateKey: privEC8KeyPem, @@ -459,208 +480,230 @@ func refreshEC8CertBundle() *CertBundle { } func refreshEC8CertBundleWithChain() *CertBundle { + initTest.Do(setCerts) ret := refreshEC8CertBundle() ret.CAChain = issuingCaChainPem return ret } +func setCerts() { + caKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + if err != nil { + panic(err) + } + subjKeyID, err := GetSubjKeyID(caKey) + if err != nil { + panic(err) + } + caCertTemplate := &x509.Certificate{ + Subject: pkix.Name{ + CommonName: "root.localhost", + }, + SubjectKeyId: subjKeyID, + DNSNames: []string{"root.localhost"}, + KeyUsage: x509.KeyUsage(x509.KeyUsageCertSign | x509.KeyUsageCRLSign), + SerialNumber: big.NewInt(mathrand.Int63()), + NotBefore: time.Now().Add(-30 * time.Second), + NotAfter: time.Now().Add(262980 * time.Hour), + BasicConstraintsValid: true, + IsCA: true, + } + caBytes, err := x509.CreateCertificate(rand.Reader, caCertTemplate, caCertTemplate, caKey.Public(), caKey) + if err != nil { + panic(err) + } + caCert, err := x509.ParseCertificate(caBytes) + if err != nil { + panic(err) + } + caCertPEMBlock := &pem.Block{ + Type: "CERTIFICATE", + Bytes: caBytes, + } + caCertPEM := strings.TrimSpace(string(pem.EncodeToMemory(caCertPEMBlock))) + + intKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + if err != nil { + panic(err) + } + subjKeyID, err = GetSubjKeyID(intKey) + if err != nil { + panic(err) + } + intCertTemplate := &x509.Certificate{ + Subject: pkix.Name{ + CommonName: "int.localhost", + }, + SubjectKeyId: subjKeyID, + DNSNames: []string{"int.localhost"}, + KeyUsage: x509.KeyUsage(x509.KeyUsageCertSign | x509.KeyUsageCRLSign), + SerialNumber: big.NewInt(mathrand.Int63()), + NotBefore: time.Now().Add(-30 * time.Second), + NotAfter: time.Now().Add(262980 * time.Hour), + BasicConstraintsValid: true, + IsCA: true, + } + intBytes, err := x509.CreateCertificate(rand.Reader, intCertTemplate, caCert, intKey.Public(), caKey) + if err != nil { + panic(err) + } + intCert, err := x509.ParseCertificate(intBytes) + if err != nil { + panic(err) + } + intCertPEMBlock := &pem.Block{ + Type: "CERTIFICATE", + Bytes: intBytes, + } + intCertPEM := strings.TrimSpace(string(pem.EncodeToMemory(intCertPEMBlock))) + + // EC generation + { + key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + if err != nil { + panic(err) + } + subjKeyID, err := GetSubjKeyID(key) + if err != nil { + panic(err) + } + certTemplate := &x509.Certificate{ + Subject: pkix.Name{ + CommonName: "localhost", + }, + SubjectKeyId: subjKeyID, + DNSNames: []string{"localhost"}, + ExtKeyUsage: []x509.ExtKeyUsage{ + x509.ExtKeyUsageServerAuth, + x509.ExtKeyUsageClientAuth, + }, + KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment | x509.KeyUsageKeyAgreement, + SerialNumber: big.NewInt(mathrand.Int63()), + NotBefore: time.Now().Add(-30 * time.Second), + NotAfter: time.Now().Add(262980 * time.Hour), + } + csrTemplate := &x509.CertificateRequest{ + Subject: pkix.Name{ + CommonName: "localhost", + }, + DNSNames: []string{"localhost"}, + } + csrBytes, err := x509.CreateCertificateRequest(rand.Reader, csrTemplate, key) + if err != nil { + panic(err) + } + csrPEMBlock := &pem.Block{ + Type: "CERTIFICATE REQUEST", + Bytes: csrBytes, + } + csrECPem = strings.TrimSpace(string(pem.EncodeToMemory(csrPEMBlock))) + certBytes, err := x509.CreateCertificate(rand.Reader, certTemplate, intCert, key.Public(), intKey) + if err != nil { + panic(err) + } + certPEMBlock := &pem.Block{ + Type: "CERTIFICATE", + Bytes: certBytes, + } + certECPem = strings.TrimSpace(string(pem.EncodeToMemory(certPEMBlock))) + marshaledKey, err := x509.MarshalECPrivateKey(key) + if err != nil { + panic(err) + } + keyPEMBlock := &pem.Block{ + Type: "EC PRIVATE KEY", + Bytes: marshaledKey, + } + privECKeyPem = strings.TrimSpace(string(pem.EncodeToMemory(keyPEMBlock))) + marshaledKey, err = x509.MarshalPKCS8PrivateKey(key) + if err != nil { + panic(err) + } + keyPEMBlock = &pem.Block{ + Type: "PRIVATE KEY", + Bytes: marshaledKey, + } + privEC8KeyPem = strings.TrimSpace(string(pem.EncodeToMemory(keyPEMBlock))) + } + + // RSA generation + { + key, err := rsa.GenerateKey(rand.Reader, 2048) + if err != nil { + panic(err) + } + subjKeyID, err := GetSubjKeyID(key) + if err != nil { + panic(err) + } + certTemplate := &x509.Certificate{ + Subject: pkix.Name{ + CommonName: "localhost", + }, + SubjectKeyId: subjKeyID, + DNSNames: []string{"localhost"}, + ExtKeyUsage: []x509.ExtKeyUsage{ + x509.ExtKeyUsageServerAuth, + x509.ExtKeyUsageClientAuth, + }, + KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment | x509.KeyUsageKeyAgreement, + SerialNumber: big.NewInt(mathrand.Int63()), + NotBefore: time.Now().Add(-30 * time.Second), + NotAfter: time.Now().Add(262980 * time.Hour), + } + csrTemplate := &x509.CertificateRequest{ + Subject: pkix.Name{ + CommonName: "localhost", + }, + DNSNames: []string{"localhost"}, + } + csrBytes, err := x509.CreateCertificateRequest(rand.Reader, csrTemplate, key) + if err != nil { + panic(err) + } + csrPEMBlock := &pem.Block{ + Type: "CERTIFICATE REQUEST", + Bytes: csrBytes, + } + csrRSAPem = strings.TrimSpace(string(pem.EncodeToMemory(csrPEMBlock))) + certBytes, err := x509.CreateCertificate(rand.Reader, certTemplate, intCert, key.Public(), intKey) + if err != nil { + panic(err) + } + certPEMBlock := &pem.Block{ + Type: "CERTIFICATE", + Bytes: certBytes, + } + certRSAPem = strings.TrimSpace(string(pem.EncodeToMemory(certPEMBlock))) + marshaledKey := x509.MarshalPKCS1PrivateKey(key) + keyPEMBlock := &pem.Block{ + Type: "RSA PRIVATE KEY", + Bytes: marshaledKey, + } + privRSAKeyPem = strings.TrimSpace(string(pem.EncodeToMemory(keyPEMBlock))) + marshaledKey, err = x509.MarshalPKCS8PrivateKey(key) + if err != nil { + panic(err) + } + keyPEMBlock = &pem.Block{ + Type: "PRIVATE KEY", + Bytes: marshaledKey, + } + privRSA8KeyPem = strings.TrimSpace(string(pem.EncodeToMemory(keyPEMBlock))) + } + + issuingCaChainPem = []string{intCertPEM, caCertPEM} +} + var ( - privRSA8KeyPem = `-----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC92mr7+D/tGkW5 -nvDH/fYkOLywbxsU9wU7lKVPCdj+zNzQYHiixTZtmZPYVTBj27lZgaUDUXuiw9Ru -BWHTuAb/Cpn1I+71qJbh8FgWot+MRDFKuV0PLkgHz5eRVC4JmKy9hbcgo1q0FfGf -qxL+VQmI0GcQ4IYK/ppVMrKbn4ndIg70uR46vPiU11GqRIz5wkiPeLklrhoWa5qE -IHINnR83eHUbijaCuqPEcz0QTz0iLM8dfubVaJ+Gn/DseUtku+qBdcYcUK2hQyCc -NRKtu953gr5hhEX0N9x5JBb10WaI1UL5HGa2wa6ndZ7yVb42B2WTHzNQRR5Cr4N4 -ve31//gRAgMBAAECggEAfEvyvTLDz5zix2tK4vTfYMmQp8amKWysjVx9eijNW8yO -SRLQCGkrgEgLJphnjQk+6V3axjhjxKWHf9ygNrgGRJYRRBCZk1YkKpprYa6Sw0em -KfD//z9iw1JjPi+p0HiXp6FSytiIOt0fC1U6oy7ThjJDOCZ3O92C94KwsviZjx9r -DZbTLDm7Ya2LF4jGCq0dQ+AVqZ65QJ3yjdxm87PSE6q2eiV9wdMUx9RDOmFy+Meq -Mm3L9TW1QzyFtFMXeIF5QYGpmxWP/iii5V0CP573apXMIqQ+wTNpwK3WU5iURypZ -kJ1Iaxbzjfok6wpwLj7SJytF+fOVcygUxud7GPH8UQKBgQDPhQhB3+o+y+bwkUTx -Qdj/YNKcA/bjo/b9KMq+3rufwN9u/DK5z7vVfVklidbh5DVqhlLREsdSuZvb/IHc -OdCYwNeDxk1rLr+1W/iPYSBJod4eWDteIH1U9lts+/mH+u+iSsWVuikbeA8/MUJ3 -nnAYu4FR1nz8I/CrvGbQL/KCdQKBgQDqNNI562Ch+4dJ407F3MC4gNPwPgksfLXn -ZRcPVVwGagil9oIIte0BIT0rAG/jVACfghGxfrj719uwjcFFxnUaSHGQcATseSf6 -SgoruIVF15lI4e8lEcWrOypsW8Id2/amwUiIWYCgwlYG2Q7dggpXfgjmKfjSlvJ8 -+yKR/Y6zrQKBgQCkx2aqICm5mWEUbtWGmJm9Ft3FQqSdV4n8tZJgAy6KiLUiRKHm -x1vIBtNtqkj1b6c2odhK6ZVaS8XF5XgcLdBEKwQ2P5Uj4agaUyBIgYAI174u7DKf -6D58423vWRln70qu3J6N6JdRl4DL1cqIf0dVbDYgjKcL82HcjCo7b4cqLQKBgFGU -TJX4MxS5NIq8LrglCMw7s5c/RJrGZeZQBBRHO2LQlGqazviRxhhap5/O6ypYHE9z -Uw5sgarXqaJ5/hR76FZbXZNeMZjdKtu35osMHwAQ9Ue5yz8yTZQza7eKzrbv4556 -PPWhl3hnuOdxvAfUQB3xvM/PVuijw5tdLtGDbK2RAoGBAKB7OsTgF7wVEkzccJTE -hrbVKD+KBZz8WKnEgNoyyTIT0Kaugk15MCXkGrXIY8bW0IzYAw69qhTOgaWkcu4E -JbTK5UerP8V+X7XPBiw72StPVM4bxaXx2/B+78IuMOI/GR0tHQCF8S6DwTHeBXnl -ke8GFExnXHTPqG6Bku0r/G47 ------END PRIVATE KEY-----` - - privRSAKeyPem = `-----BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAvdpq+/g/7RpFuZ7wx/32JDi8sG8bFPcFO5SlTwnY/szc0GB4 -osU2bZmT2FUwY9u5WYGlA1F7osPUbgVh07gG/wqZ9SPu9aiW4fBYFqLfjEQxSrld -Dy5IB8+XkVQuCZisvYW3IKNatBXxn6sS/lUJiNBnEOCGCv6aVTKym5+J3SIO9Lke -Orz4lNdRqkSM+cJIj3i5Ja4aFmuahCByDZ0fN3h1G4o2grqjxHM9EE89IizPHX7m -1Wifhp/w7HlLZLvqgXXGHFCtoUMgnDUSrbved4K+YYRF9DfceSQW9dFmiNVC+Rxm -tsGup3We8lW+Ngdlkx8zUEUeQq+DeL3t9f/4EQIDAQABAoIBAHxL8r0yw8+c4sdr -SuL032DJkKfGpilsrI1cfXoozVvMjkkS0AhpK4BICyaYZ40JPuld2sY4Y8Slh3/c -oDa4BkSWEUQQmZNWJCqaa2GuksNHpinw//8/YsNSYz4vqdB4l6ehUsrYiDrdHwtV -OqMu04YyQzgmdzvdgveCsLL4mY8faw2W0yw5u2GtixeIxgqtHUPgFameuUCd8o3c -ZvOz0hOqtnolfcHTFMfUQzphcvjHqjJty/U1tUM8hbRTF3iBeUGBqZsVj/4oouVd -Aj+e92qVzCKkPsEzacCt1lOYlEcqWZCdSGsW8436JOsKcC4+0icrRfnzlXMoFMbn -exjx/FECgYEAz4UIQd/qPsvm8JFE8UHY/2DSnAP246P2/SjKvt67n8Dfbvwyuc+7 -1X1ZJYnW4eQ1aoZS0RLHUrmb2/yB3DnQmMDXg8ZNay6/tVv4j2EgSaHeHlg7XiB9 -VPZbbPv5h/rvokrFlbopG3gPPzFCd55wGLuBUdZ8/CPwq7xm0C/ygnUCgYEA6jTS -OetgofuHSeNOxdzAuIDT8D4JLHy152UXD1VcBmoIpfaCCLXtASE9KwBv41QAn4IR -sX64+9fbsI3BRcZ1GkhxkHAE7Hkn+koKK7iFRdeZSOHvJRHFqzsqbFvCHdv2psFI -iFmAoMJWBtkO3YIKV34I5in40pbyfPsikf2Os60CgYEApMdmqiApuZlhFG7VhpiZ -vRbdxUKknVeJ/LWSYAMuioi1IkSh5sdbyAbTbapI9W+nNqHYSumVWkvFxeV4HC3Q -RCsENj+VI+GoGlMgSIGACNe+Luwyn+g+fONt71kZZ+9KrtyejeiXUZeAy9XKiH9H -VWw2IIynC/Nh3IwqO2+HKi0CgYBRlEyV+DMUuTSKvC64JQjMO7OXP0SaxmXmUAQU -Rzti0JRqms74kcYYWqefzusqWBxPc1MObIGq16mief4Ue+hWW12TXjGY3Srbt+aL -DB8AEPVHucs/Mk2UM2u3is627+Oeejz1oZd4Z7jncbwH1EAd8bzPz1boo8ObXS7R -g2ytkQKBgQCgezrE4Be8FRJM3HCUxIa21Sg/igWc/FipxIDaMskyE9CmroJNeTAl -5Bq1yGPG1tCM2AMOvaoUzoGlpHLuBCW0yuVHqz/Ffl+1zwYsO9krT1TOG8Wl8dvw -fu/CLjDiPxkdLR0AhfEug8Ex3gV55ZHvBhRMZ1x0z6hugZLtK/xuOw== ------END RSA PRIVATE KEY-----` - - csrRSAPem = `-----BEGIN CERTIFICATE REQUEST----- -MIICijCCAXICAQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx -ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcN -AQEBBQADggEPADCCAQoCggEBALd2SVGs7QkYlYPOz9MvE+0DDRUIutQQkiCnqcV1 -1nO84uSSUjH0ALLVyRKgWIkobEqWJurKIk+oV9O+Le8EABxkt/ru6jaIFqZkwFE1 -JzSDPkAsR9jXP5M2MWlmo7qVc4Bry3oqlN3eLSFJP2ZH7b1ia8q9oWXPMxDdwuKR -kv9hfkUPszr/gaQCNQXW0BoRe5vdr5+ikv4lrKpsBxvaAoYL1ngR41lCPKhmrgXP -oreEuUcXzfCSSAV1CGbW2qhWc4I7/JFA8qqEBr5GP+AntStGxSbDO8JjD7/uULHC -AReCloDdJE0jDz1355/0CAH4WmEJE/TI8Bq+vgd0jgzRgk0CAwEAAaAAMA0GCSqG -SIb3DQEBCwUAA4IBAQAR8U1vZMJf7YFvGU69QvoWPTDe/o8SwYy1j+++AAO9Y7H2 -C7nb+9tnEMtXm+3pkY0aJIecAnq8H4QWimOrJa/ZsoZLzz9LKW2nzARdWo63j4nB -jKld/EDBzQ/nQSTyoX7s9JiDiSC9yqTXBrPHSXruPbh7sE0yXROar+6atjNdCpDp -uLw86gwewDJrMaB1aFAmDvwaRQQDONwRy0zG1UdMxLQxsxpKOHaGM/ZvV3FPir2B -7mKupki/dvap5UW0lTMJBlKf3qhoeHKMHFo9i5vGCIkWUIv+XgTF0NjbYv9i7bfq -WdW905v4wiuWRlddNwqFtLx9Pf1/fRJVT5mBbjIx ------END CERTIFICATE REQUEST-----` - - certRSAPem = `-----BEGIN CERTIFICATE----- -MIIDfDCCAmSgAwIBAgIUad4Q9EhVvqc06H7fCfKaLGcyDw0wDQYJKoZIhvcNAQEL -BQAwNzE1MDMGA1UEAxMsVmF1bHQgVGVzdGluZyBJbnRlcm1lZGlhdGUgU3ViIFN1 -YiBBdXRob3JpdHkwHhcNMTYwODA0MTkyMjAyWhcNMTYwODA0MjAyMjMyWjAhMR8w -HQYDVQQDExZWYXVsdCBUZXN0IENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEF -AAOCAQ8AMIIBCgKCAQEAvdpq+/g/7RpFuZ7wx/32JDi8sG8bFPcFO5SlTwnY/szc -0GB4osU2bZmT2FUwY9u5WYGlA1F7osPUbgVh07gG/wqZ9SPu9aiW4fBYFqLfjEQx -SrldDy5IB8+XkVQuCZisvYW3IKNatBXxn6sS/lUJiNBnEOCGCv6aVTKym5+J3SIO -9LkeOrz4lNdRqkSM+cJIj3i5Ja4aFmuahCByDZ0fN3h1G4o2grqjxHM9EE89IizP -HX7m1Wifhp/w7HlLZLvqgXXGHFCtoUMgnDUSrbved4K+YYRF9DfceSQW9dFmiNVC -+RxmtsGup3We8lW+Ngdlkx8zUEUeQq+DeL3t9f/4EQIDAQABo4GVMIGSMA4GA1Ud -DwEB/wQEAwIDqDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0O -BBYEFMKLVTrdDyyF0kTxkxcAMcGNcGWlMB8GA1UdIwQYMBaAFNmGqFL215GlYyD0 -mWVIoMB71s+NMCEGA1UdEQQaMBiCFlZhdWx0IFRlc3QgQ2VydGlmaWNhdGUwDQYJ -KoZIhvcNAQELBQADggEBAJJP9OWG3W5uUluKdeFYCzKMIY+rsCUb86QrKRqQ5xYR -w4pKC3yuryEfreBs3iQA4NNw2mMWxuI8t/i+km2H7NzQytTRn6L0sxTa8ThNZ3e7 -xCdWaZZzd1O6Xwq/pDbE1MZ/4z5nvsKaKJVVIvVFL5algi4A8njiFMVSww035c1e -waLww4AOHydlLky/RJBJPOkQNoDBToC9ojDqPtNJVWWaQL2TsUCu+Q+L5QL5djgj -LxPwqGOiM4SLSUrXSXMpHNLX1rhBH1/sNb3Kn1FDBaZ+M9kZglCDwuQyQuH8xKwB -qukeKfgFUp7rH0yoQTZa0eaXAYTFoRLjnTQ+fS7e19s= ------END CERTIFICATE-----` - - privECKeyPem = `-----BEGIN EC PRIVATE KEY----- -MHcCAQEEICC2XihYLxEYEseFesZEXjV1va6rMAdtkpkaxT4hGu5boAoGCCqGSM49 -AwEHoUQDQgAEti0uWkq7MAkQevNNrBpYY0FLni8OAZroHXkij2x6Vo0xIvClftbC -L33BU/520t23TcewtQYsNqv86Bvhx9PeAw== ------END EC PRIVATE KEY-----` - - csrECPem = `-----BEGIN CERTIFICATE REQUEST----- -MIHsMIGcAgEAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw -HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwTjAQBgcqhkjOPQIBBgUr -gQQAIQM6AATBZ3VXwBE9oeSREpM5b25PW6WiuLb4EXWpKZyjj552QYKYe7QBuGe9 -wvvgOeCBovN3tSuGKzTiUKAAMAoGCCqGSM49BAMCAz8AMDwCHFap/5XDuqtXCG1g -ljbYH5OWGBqGYCfL2k2+/6cCHAuk1bmOkGx7JAq/fSPd09i0DQIqUu7WHQHms48= ------END CERTIFICATE REQUEST-----` - - privEC8KeyPem = `-----BEGIN PRIVATE KEY----- -MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgILZeKFgvERgSx4V6 -xkReNXW9rqswB22SmRrFPiEa7luhRANCAAS2LS5aSrswCRB6802sGlhjQUueLw4B -mugdeSKPbHpWjTEi8KV+1sIvfcFT/nbS3bdNx7C1Biw2q/zoG+HH094D ------END PRIVATE KEY-----` - - certECPem = `-----BEGIN CERTIFICATE----- -MIICtzCCAZ+gAwIBAgIUNDYMWd9SOGVMs4I1hezvRnGDMyUwDQYJKoZIhvcNAQEL -BQAwNzE1MDMGA1UEAxMsVmF1bHQgVGVzdGluZyBJbnRlcm1lZGlhdGUgU3ViIFN1 -YiBBdXRob3JpdHkwHhcNMTYwODA0MTkyOTM0WhcNMTYwODA0MjAzMDA0WjAkMSIw -IAYDVQQDExlWYXVsdCBUZXN0IEVDIENlcnRpZmljYXRlMFkwEwYHKoZIzj0CAQYI -KoZIzj0DAQcDQgAEti0uWkq7MAkQevNNrBpYY0FLni8OAZroHXkij2x6Vo0xIvCl -ftbCL33BU/520t23TcewtQYsNqv86Bvhx9PeA6OBmDCBlTAOBgNVHQ8BAf8EBAMC -A6gwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBStnbW/ -ga2/dz4FyRNafwhTzM1UbzAfBgNVHSMEGDAWgBTZhqhS9teRpWMg9JllSKDAe9bP -jTAkBgNVHREEHTAbghlWYXVsdCBUZXN0IEVDIENlcnRpZmljYXRlMA0GCSqGSIb3 -DQEBCwUAA4IBAQBsPhwRB51de3sGBMnjDiOMViYpRH7kKhUWAY1W2W/1hqk5HgZw -4c3r0LmdIQ94gShaXng8ojYRDW/5D7LeXJdbtLy9U29xfeCb+vqKDc2oN7Ps3/HB -4YLnseqDiZFKPEAdOE4rtwyFWJI7JR9sOSG1B5El6duN0i9FWOLSklQ4EbV5R45r -cy/fJq0DOYje7MXsFuNl5iQ92gfDjPD2P98DK9lCIquSzB3WkpjE41UtKJ0IKPeD -wYoyl0J33Alxq2eC2subR7xISR3MzZFcdkzNNrBddeaSviYlR4SgTUiqOldAcdR4 -QZxtxazcUqQDZ+wZFOpBOnp94bzVeXT9BF+L ------END CERTIFICATE-----` - - issuingCaChainPem = []string{`-----BEGIN CERTIFICATE----- -MIIDljCCAn6gAwIBAgIUHjciEzUzeNVqI9mwFJeduNtXWzMwDQYJKoZIhvcNAQEL -BQAwMzExMC8GA1UEAxMoVmF1bHQgVGVzdGluZyBJbnRlcm1lZGlhdGUgU3ViIEF1 -dGhvcml0eTAeFw0xNjA4MDQxOTEyNTdaFw0xNjA4MDUyMDEzMjdaMDcxNTAzBgNV -BAMTLFZhdWx0IFRlc3RpbmcgSW50ZXJtZWRpYXRlIFN1YiBTdWIgQXV0aG9yaXR5 -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy2pAH1U8KzhjO+MLRPTb -ic7Iyk57d0TFnj6CAJWqZaKNGXoTkwD8wRCirY8mQv8YrfBy3hwGqSLYj6oxwA0R -8FxsiWdf4gFTX2cJpxThFnIllGbzqIXnEZLvCIMydp44Ls9eYxoXfZQ9X24u/Wmf -kWEQFGUzrpyklkIOx2Yo5g7OHbFLl3OfPz89/TDM8VeymlGzCTJZ+Y+iNGDBPT0L -X9aE65lL76dUx/bcKnfQEgAcH4nkE4K/Kgjnj5umZKQUH4+6wKFwDCQT2RwaBkve -WyAiz0LY9a1WFXt7RYCPs+QWLJAhv7wJL8l4gnxYA1k+ovLXDjUqYweU+WHV6/lR -7wIDAQABo4GdMIGaMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0G -A1UdDgQWBBTZhqhS9teRpWMg9JllSKDAe9bPjTAfBgNVHSMEGDAWgBRTY6430DXg -cIDAnEnA+fostjcbqDA3BgNVHREEMDAugixWYXVsdCBUZXN0aW5nIEludGVybWVk -aWF0ZSBTdWIgU3ViIEF1dGhvcml0eTANBgkqhkiG9w0BAQsFAAOCAQEAZp3VwrUw -jw6TzjZJEnXkfRxLWZNmqMPAXYOtBl/+5FjAfehifTTzIdIxR4mfdgH5YZnSQpzY -m/w17BXElao8uOX6CUaX+sLTVzwsl2csswpcGlNwHooVREoMq9X187qxSr1HS7zF -O550XgDVIf5e7sXrVuV1rd1XUo3xZLaSLUhU70y/343mcN2TRUslXO4QrIE5lo2v -awyQl0NW0hSO0F9VZYzOvPPVwu7mf1ijTzbkPtUbAXDnmlvOCrlx2JZd/BqXb75e -UgYDq7hIyQ109FBOjv0weAM5tZCdesyvro4/43Krd8pa74zHdZMjfQAsTr66WOi4 -yedj8LnWl66JOA== ------END CERTIFICATE-----`, - `-----BEGIN CERTIFICATE----- -MIIDijCCAnKgAwIBAgIUBNDYCUsOT2Wth8Fz3layfjEVbcIwDQYJKoZIhvcNAQEL -BQAwLzEtMCsGA1UEAxMkVmF1bHQgVGVzdGluZyBJbnRlcm1lZGlhdGUgQXV0aG9y -aXR5MB4XDTE2MDgwNDE5MTI1NloXDTE2MDgwNjIxMTMyNlowMzExMC8GA1UEAxMo -VmF1bHQgVGVzdGluZyBJbnRlcm1lZGlhdGUgU3ViIEF1dGhvcml0eTCCASIwDQYJ -KoZIhvcNAQEBBQADggEPADCCAQoCggEBALHoD7g5YYu2akO8hkFlUCF45Bxjckq4 -WTyDIcDwv/wr7vhZnngCClnP+7Rc30XTmkq2RnH6N7iuqowGM5RNcBV/C9R1weVx -9esXtWr/AUMyuNb3HSjwDwQGuiAVEgk67fXYy08Ii78+ap3uY3CKC1AFDkHdgDZt -e946rJ3Nps00TcH0KwyP5voitLgt6dMBR9ttuUdSoQ4uLQDdDf0HRw/IAQswO4Av -lgUgQObBecnLGhh7e3PM5VVz5f0IqG2ZYnDs3ncl2UYOrj0/JqOMDIMvSQMc2pzS -Hjty0d1wKWWPC9waguL/24oQR4VG5b7TL62elc2kcEg7r8u5L/sCi/8CAwEAAaOB -mTCBljAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU -U2OuN9A14HCAwJxJwPn6LLY3G6gwHwYDVR0jBBgwFoAUgAz80p6Pkzk6Cb7lYmTI -T1jc7iYwMwYDVR0RBCwwKoIoVmF1bHQgVGVzdGluZyBJbnRlcm1lZGlhdGUgU3Vi -IEF1dGhvcml0eTANBgkqhkiG9w0BAQsFAAOCAQEACXjzGVqRZi6suHwBqvXwVxlS -nf5YwudfBDJ4LfNd5nTCypsvHkfXnaki6LZMCS1rwPvxzssZ5Wp/7zO5fu6lpSTx -yjuiH5fBUGHy+f1Ygu6tlAZtUnxAi6pU4eoCDNZpqunJMM4IdaahHeICdjPhx/bH -AlmwaN0FsNvOlgUuPTjQ3z6jMZn3p2lXI3HiRlcz+nR7gQizPb2L7u8mQ+5EZFmC -AmXMj40g3bTJVmKoGeAR7cb0pYG/GUELmERjEjCfP7W15eYfuu1j7EYTUAVuPAlJ -34HDxCuM8cPJwCGMDKfb3Q39AYRmLT6sE3/sq2CZ5xlj8wfwDpVfpXikRDpI0A== ------END CERTIFICATE-----`, - `-----BEGIN CERTIFICATE----- -MIIDejCCAmKgAwIBAgIUEtjlbdzIth3U71TELA0PVW7HvaEwDQYJKoZIhvcNAQEL -BQAwJzElMCMGA1UEAxMcVmF1bHQgVGVzdGluZyBSb290IEF1dGhvcml0eTAeFw0x -NjA4MDQxOTEyNTVaFw0xNjA4MDgyMzEzMjVaMC8xLTArBgNVBAMTJFZhdWx0IFRl -c3RpbmcgSW50ZXJtZWRpYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQAD -ggEPADCCAQoCggEBAMYAQAHCm9V9062NF/UuAa6z6aYqsS5g2YGkd9DvgYxfU5JI -yIdSz7rkp9QprlQYl2abptZocq+1C9yRVmRJWKjZYDckSwXdmQam/sOfNuiw6Gbd -3OJGdQ82jhx3v3mIQp+3u9E43wXX0StaJ44+9DgkgwG8iybiv4fh0LzuHPSeKsXe -/IvJZ0YAInWuzFNegYxU32UT2CEvLtZdru8+sLr4NFWRu/nYIMPJDeZ2JEQVi9IF -lcB3dP63c6vMBrn4Wn2xBo12JPsQp+ezf5Z5zmtAe68PwRmIXZVAUa2q+CfEuJ36 -66756Ypa0Z3brhPWfX2ahhxSg8DjqFGmZZ5Gfl8CAwEAAaOBlTCBkjAOBgNVHQ8B -Af8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUgAz80p6Pkzk6Cb7l -YmTIT1jc7iYwHwYDVR0jBBgwFoAU6dC1U32HZp7iq97KSu2i+g8+rf4wLwYDVR0R -BCgwJoIkVmF1bHQgVGVzdGluZyBJbnRlcm1lZGlhdGUgQXV0aG9yaXR5MA0GCSqG -SIb3DQEBCwUAA4IBAQA6xVMyuZgpJhIQnG2LwwD5Zcbmm4+rHkGVNSpwkUH8ga8X -b4Owog+MvBw8R7ADVwAh/aOh1/qsRfHv8KkMWW+SAQ84ICVXJiPBzEUJaMWujpyr -SDkbaD05avRtfvSrPCagaUGVRt+wK24g8hpJqQ+trkufzjq9ySU018+NNX9yGRyA -VjwZAqALlNEAkdcvd4adEBpZqum2x1Fl9EXnjp6NEWQ7nuGkp3X2DP4gDtQPxgmn -omOo4GHhO0U57exEIl0d4kiy9WU0qcIISOr6I+gzesMooX6aI43CaqJoZKsHXYY6 -1uxFLss+/wDtvIcyXdTdjPrgD38YIgk1/iKNIgKO ------END CERTIFICATE-----`} + initTest sync.Once + privRSA8KeyPem string + privRSAKeyPem string + csrRSAPem string + certRSAPem string + privECKeyPem string + csrECPem string + privEC8KeyPem string + certECPem string + issuingCaChainPem []string ) diff --git a/helper/certutil/pkcs8.go b/helper/certutil/pkcs8.go deleted file mode 100644 index 22585de0ccb4..000000000000 --- a/helper/certutil/pkcs8.go +++ /dev/null @@ -1,119 +0,0 @@ -// Copyright 2011 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package certutil - -import ( - "crypto/ecdsa" - "crypto/elliptic" - "crypto/rsa" - "crypto/x509" - "crypto/x509/pkix" - "encoding/asn1" - "errors" - "fmt" -) - -var ( - oidNamedCurveP224 = asn1.ObjectIdentifier{1, 3, 132, 0, 33} - oidNamedCurveP256 = asn1.ObjectIdentifier{1, 2, 840, 10045, 3, 1, 7} - oidNamedCurveP384 = asn1.ObjectIdentifier{1, 3, 132, 0, 34} - oidNamedCurveP521 = asn1.ObjectIdentifier{1, 3, 132, 0, 35} - - oidPublicKeyRSA = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1} - oidPublicKeyDSA = asn1.ObjectIdentifier{1, 2, 840, 10040, 4, 1} - oidPublicKeyECDSA = asn1.ObjectIdentifier{1, 2, 840, 10045, 2, 1} -) - -// pkcs8 reflects an ASN.1, PKCS#8 PrivateKey. See -// ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-8/pkcs-8v1_2.asn -// and RFC 5208. -type pkcs8 struct { - Version int - Algo pkix.AlgorithmIdentifier - PrivateKey []byte - // optional attributes omitted. -} - -type ecPrivateKey struct { - Version int - PrivateKey []byte - NamedCurveOID asn1.ObjectIdentifier `asn1:"optional,explicit,tag:0"` - PublicKey asn1.BitString `asn1:"optional,explicit,tag:1"` -} - -// MarshalPKCS8PrivateKey converts a private key to PKCS#8 encoded form. -// The following key types are supported: *rsa.PrivateKey, *ecdsa.PublicKey. -// Unsupported key types result in an error. -// -// See RFC 5208. -func MarshalPKCS8PrivateKey(key interface{}) ([]byte, error) { - var privKey pkcs8 - - switch k := key.(type) { - case *rsa.PrivateKey: - privKey.Algo = pkix.AlgorithmIdentifier{ - Algorithm: oidPublicKeyRSA, - Parameters: asn1.NullRawValue, - } - privKey.PrivateKey = x509.MarshalPKCS1PrivateKey(k) - - case *ecdsa.PrivateKey: - oid, ok := oidFromNamedCurve(k.Curve) - if !ok { - return nil, errors.New("x509: unknown curve while marshalling to PKCS#8") - } - - oidBytes, err := asn1.Marshal(oid) - if err != nil { - return nil, errors.New("x509: failed to marshal curve OID: " + err.Error()) - } - - privKey.Algo = pkix.AlgorithmIdentifier{ - Algorithm: oidPublicKeyECDSA, - Parameters: asn1.RawValue{ - FullBytes: oidBytes, - }, - } - - if privKey.PrivateKey, err = marshalECPrivateKeyWithOID(k, nil); err != nil { - return nil, errors.New("x509: failed to marshal EC private key while building PKCS#8: " + err.Error()) - } - - default: - return nil, fmt.Errorf("x509: unknown key type while marshalling PKCS#8: %T", key) - } - - return asn1.Marshal(privKey) -} - -func oidFromNamedCurve(curve elliptic.Curve) (asn1.ObjectIdentifier, bool) { - switch curve { - case elliptic.P224(): - return oidNamedCurveP224, true - case elliptic.P256(): - return oidNamedCurveP256, true - case elliptic.P384(): - return oidNamedCurveP384, true - case elliptic.P521(): - return oidNamedCurveP521, true - } - - return nil, false -} - -// marshalECPrivateKey marshals an EC private key into ASN.1, DER format and -// sets the curve ID to the given OID, or omits it if OID is nil. -func marshalECPrivateKeyWithOID(key *ecdsa.PrivateKey, oid asn1.ObjectIdentifier) ([]byte, error) { - privateKeyBytes := key.D.Bytes() - paddedPrivateKey := make([]byte, (key.Curve.Params().N.BitLen()+7)/8) - copy(paddedPrivateKey[len(paddedPrivateKey)-len(privateKeyBytes):], privateKeyBytes) - - return asn1.Marshal(ecPrivateKey{ - Version: 1, - PrivateKey: paddedPrivateKey, - NamedCurveOID: oid, - PublicKey: asn1.BitString{Bytes: elliptic.Marshal(key.Curve, key.X, key.Y)}, - }) -} diff --git a/helper/certutil/pkcs8_test.go b/helper/certutil/pkcs8_test.go deleted file mode 100644 index df350ead4137..000000000000 --- a/helper/certutil/pkcs8_test.go +++ /dev/null @@ -1,110 +0,0 @@ -// Copyright 2011 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package certutil - -import ( - "bytes" - "crypto/ecdsa" - "crypto/elliptic" - "crypto/rsa" - "crypto/x509" - "encoding/hex" - "reflect" - "testing" -) - -// Generated using: -// openssl genrsa 1024 | openssl pkcs8 -topk8 -nocrypt -var pkcs8RSAPrivateKeyHex = `30820278020100300d06092a864886f70d0101010500048202623082025e02010002818100cfb1b5bf9685ffa97b4f99df4ff122b70e59ac9b992f3bc2b3dde17d53c1a34928719b02e8fd17839499bfbd515bd6ef99c7a1c47a239718fe36bfd824c0d96060084b5f67f0273443007a24dfaf5634f7772c9346e10eb294c2306671a5a5e719ae24b4de467291bc571014b0e02dec04534d66a9bb171d644b66b091780e8d020301000102818100b595778383c4afdbab95d2bfed12b3f93bb0a73a7ad952f44d7185fd9ec6c34de8f03a48770f2009c8580bcd275e9632714e9a5e3f32f29dc55474b2329ff0ebc08b3ffcb35bc96e6516b483df80a4a59cceb71918cbabf91564e64a39d7e35dce21cb3031824fdbc845dba6458852ec16af5dddf51a8397a8797ae0337b1439024100ea0eb1b914158c70db39031dd8904d6f18f408c85fbbc592d7d20dee7986969efbda081fdf8bc40e1b1336d6b638110c836bfdc3f314560d2e49cd4fbde1e20b024100e32a4e793b574c9c4a94c8803db5152141e72d03de64e54ef2c8ed104988ca780cd11397bc359630d01b97ebd87067c5451ba777cf045ca23f5912f1031308c702406dfcdbbd5a57c9f85abc4edf9e9e29153507b07ce0a7ef6f52e60dcfebe1b8341babd8b789a837485da6c8d55b29bbb142ace3c24a1f5b54b454d01b51e2ad03024100bd6a2b60dee01e1b3bfcef6a2f09ed027c273cdbbaf6ba55a80f6dcc64e4509ee560f84b4f3e076bd03b11e42fe71a3fdd2dffe7e0902c8584f8cad877cdc945024100aa512fa4ada69881f1d8bb8ad6614f192b83200aef5edf4811313d5ef30a86cbd0a90f7b025c71ea06ec6b34db6306c86b1040670fd8654ad7291d066d06d031` - -// Generated using: -// openssl ecparam -genkey -name secp224r1 | openssl pkcs8 -topk8 -nocrypt -var pkcs8P224PrivateKeyHex = `3078020100301006072a8648ce3d020106052b810400210461305f020101041cca3d72b3e88fed2684576dad9b80a9180363a5424986900e3abcab3fa13c033a0004f8f2a6372872a4e61263ed893afb919576a4cacfecd6c081a2cbc76873cf4ba8530703c6042b3a00e2205087e87d2435d2e339e25702fae1` - -// Generated using: -// openssl ecparam -genkey -name secp256r1 | openssl pkcs8 -topk8 -nocrypt -var pkcs8P256PrivateKeyHex = `308187020100301306072a8648ce3d020106082a8648ce3d030107046d306b0201010420dad6b2f49ca774c36d8ae9517e935226f667c929498f0343d2424d0b9b591b43a14403420004b9c9b90095476afe7b860d8bd43568cab7bcb2eed7b8bf2fa0ce1762dd20b04193f859d2d782b1e4cbfd48492f1f533113a6804903f292258513837f07fda735` - -// Generated using: -// openssl ecparam -genkey -name secp384r1 | openssl pkcs8 -topk8 -nocrypt -var pkcs8P384PrivateKeyHex = `3081b6020100301006072a8648ce3d020106052b8104002204819e30819b02010104309bf832f6aaaeacb78ce47ffb15e6fd0fd48683ae79df6eca39bfb8e33829ac94aa29d08911568684c2264a08a4ceb679a164036200049070ad4ed993c7770d700e9f6dc2baa83f63dd165b5507f98e8ff29b5d2e78ccbe05c8ddc955dbf0f7497e8222cfa49314fe4e269459f8e880147f70d785e530f2939e4bf9f838325bb1a80ad4cf59272ae0e5efe9a9dc33d874492596304bd3` - -// Generated using: -// openssl ecparam -genkey -name secp521r1 | openssl pkcs8 -topk8 -nocrypt -// -// Note that OpenSSL will truncate the private key if it can (i.e. it emits it -// like an integer, even though it's an OCTET STRING field). Thus if you -// regenerate this you may, randomly, find that it's a byte shorter than -// expected and the Go test will fail to recreate it exactly. -var pkcs8P521PrivateKeyHex = `3081ee020100301006072a8648ce3d020106052b810400230481d63081d3020101044200cfe0b87113a205cf291bb9a8cd1a74ac6c7b2ebb8199aaa9a5010d8b8012276fa3c22ac913369fa61beec2a3b8b4516bc049bde4fb3b745ac11b56ab23ac52e361a1818903818600040138f75acdd03fbafa4f047a8e4b272ba9d555c667962b76f6f232911a5786a0964e5edea6bd21a6f8725720958de049c6e3e6661c1c91b227cebee916c0319ed6ca003db0a3206d372229baf9dd25d868bf81140a518114803ce40c1855074d68c4e9dab9e65efba7064c703b400f1767f217dac82715ac1f6d88c74baf47a7971de4ea` - -func TestPKCS8(t *testing.T) { - tests := []struct { - name string - keyHex string - keyType reflect.Type - curve elliptic.Curve - }{ - { - name: "RSA private key", - keyHex: pkcs8RSAPrivateKeyHex, - keyType: reflect.TypeOf(&rsa.PrivateKey{}), - }, - { - name: "P-224 private key", - keyHex: pkcs8P224PrivateKeyHex, - keyType: reflect.TypeOf(&ecdsa.PrivateKey{}), - curve: elliptic.P224(), - }, - { - name: "P-256 private key", - keyHex: pkcs8P256PrivateKeyHex, - keyType: reflect.TypeOf(&ecdsa.PrivateKey{}), - curve: elliptic.P256(), - }, - { - name: "P-384 private key", - keyHex: pkcs8P384PrivateKeyHex, - keyType: reflect.TypeOf(&ecdsa.PrivateKey{}), - curve: elliptic.P384(), - }, - { - name: "P-521 private key", - keyHex: pkcs8P521PrivateKeyHex, - keyType: reflect.TypeOf(&ecdsa.PrivateKey{}), - curve: elliptic.P521(), - }, - } - - for _, test := range tests { - derBytes, err := hex.DecodeString(test.keyHex) - if err != nil { - t.Errorf("%s: failed to decode hex: %s", test.name, err) - continue - } - privKey, err := x509.ParsePKCS8PrivateKey(derBytes) - if err != nil { - t.Errorf("%s: failed to decode PKCS#8: %s", test.name, err) - continue - } - if reflect.TypeOf(privKey) != test.keyType { - t.Errorf("%s: decoded PKCS#8 returned unexpected key type: %T", test.name, privKey) - continue - } - if ecKey, isEC := privKey.(*ecdsa.PrivateKey); isEC && ecKey.Curve != test.curve { - t.Errorf("%s: decoded PKCS#8 returned unexpected curve %#v", test.name, ecKey.Curve) - continue - } - reserialised, err := MarshalPKCS8PrivateKey(privKey) - if err != nil { - t.Errorf("%s: failed to marshal into PKCS#8: %s", test.name, err) - continue - } - if !bytes.Equal(derBytes, reserialised) { - t.Errorf("%s: marshalled PKCS#8 didn't match original: got %x, want %x", test.name, reserialised, derBytes) - continue - } - } -} diff --git a/helper/certutil/types.go b/helper/certutil/types.go index dbf607f5c0cb..372af68888a5 100644 --- a/helper/certutil/types.go +++ b/helper/certutil/types.go @@ -188,7 +188,7 @@ func (c *CertBundle) ToParsedCertBundle() (*ParsedCertBundle, error) { result.CertificateBytes = pemBlock.Bytes result.Certificate, err = x509.ParseCertificate(result.CertificateBytes) if err != nil { - return nil, errutil.UserError{Err: "Error encountered parsing certificate bytes from raw bundle"} + return nil, errutil.UserError{Err: fmt.Sprintf("Error encountered parsing certificate bytes from raw bundle: %v", err)} } } switch { @@ -201,7 +201,7 @@ func (c *CertBundle) ToParsedCertBundle() (*ParsedCertBundle, error) { parsedCert, err := x509.ParseCertificate(pemBlock.Bytes) if err != nil { - return nil, errutil.UserError{Err: "Error encountered parsing certificate bytes from raw bundle"} + return nil, errutil.UserError{Err: fmt.Sprintf("Error encountered parsing certificate bytes from raw bundle via CA chain: %v", err)} } certBlock := &CertBlock{ @@ -220,7 +220,7 @@ func (c *CertBundle) ToParsedCertBundle() (*ParsedCertBundle, error) { parsedCert, err := x509.ParseCertificate(pemBlock.Bytes) if err != nil { - return nil, errutil.UserError{Err: "Error encountered parsing certificate bytes from raw bundle3"} + return nil, errutil.UserError{Err: fmt.Sprintf("Error encountered parsing certificate bytes from raw bundle via issuing CA: %v", err)} } result.SerialNumber = result.Certificate.SerialNumber @@ -444,7 +444,7 @@ func (c *CSRBundle) ToParsedCSRBundle() (*ParsedCSRBundle, error) { result.CSRBytes = pemBlock.Bytes result.CSR, err = x509.ParseCertificateRequest(result.CSRBytes) if err != nil { - return nil, errutil.UserError{Err: fmt.Sprintf("Error encountered parsing certificate bytes from raw bundle: %v", err)} + return nil, errutil.UserError{Err: fmt.Sprintf("Error encountered parsing certificate bytes from raw bundle via CSR: %v", err)} } } diff --git a/helper/pgpkeys/keybase.go b/helper/pgpkeys/keybase.go index 5c14cbcedc91..c116194b0bd7 100644 --- a/helper/pgpkeys/keybase.go +++ b/helper/pgpkeys/keybase.go @@ -49,25 +49,25 @@ func FetchKeybasePubkeys(input []string) (map[string]string, error) { } defer resp.Body.Close() - type publicKeys struct { + type PublicKeys struct { Primary struct { Bundle string } } - type them struct { - publicKeys `json:"public_keys"` + type LThem struct { + PublicKeys `json:"public_keys"` } - type kbResp struct { + type KbResp struct { Status struct { Name string } - Them []them + Them []LThem } - out := &kbResp{ - Them: []them{}, + out := &KbResp{ + Them: []LThem{}, } if err := jsonutil.DecodeJSONFromReader(resp.Body, out); err != nil { From 5b14b464ff999d968dfa1b1833d72697f0307815 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Tue, 20 Feb 2018 00:12:05 -0500 Subject: [PATCH 168/178] Sanitize pem encoding to Go default of a newline at the end rather than break backwards compat --- helper/certutil/certutil_test.go | 21 ++++++++++----------- helper/certutil/helpers.go | 2 +- helper/certutil/types.go | 10 +++++----- 3 files changed, 16 insertions(+), 17 deletions(-) diff --git a/helper/certutil/certutil_test.go b/helper/certutil/certutil_test.go index 14bcc27c0a12..d3f9e2083df0 100644 --- a/helper/certutil/certutil_test.go +++ b/helper/certutil/certutil_test.go @@ -14,7 +14,6 @@ import ( "math/big" mathrand "math/rand" "reflect" - "strings" "sync" "testing" "time" @@ -520,7 +519,7 @@ func setCerts() { Type: "CERTIFICATE", Bytes: caBytes, } - caCertPEM := strings.TrimSpace(string(pem.EncodeToMemory(caCertPEMBlock))) + caCertPEM := string(pem.EncodeToMemory(caCertPEMBlock)) intKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) if err != nil { @@ -555,7 +554,7 @@ func setCerts() { Type: "CERTIFICATE", Bytes: intBytes, } - intCertPEM := strings.TrimSpace(string(pem.EncodeToMemory(intCertPEMBlock))) + intCertPEM := string(pem.EncodeToMemory(intCertPEMBlock)) // EC generation { @@ -596,7 +595,7 @@ func setCerts() { Type: "CERTIFICATE REQUEST", Bytes: csrBytes, } - csrECPem = strings.TrimSpace(string(pem.EncodeToMemory(csrPEMBlock))) + csrECPem = string(pem.EncodeToMemory(csrPEMBlock)) certBytes, err := x509.CreateCertificate(rand.Reader, certTemplate, intCert, key.Public(), intKey) if err != nil { panic(err) @@ -605,7 +604,7 @@ func setCerts() { Type: "CERTIFICATE", Bytes: certBytes, } - certECPem = strings.TrimSpace(string(pem.EncodeToMemory(certPEMBlock))) + certECPem = string(pem.EncodeToMemory(certPEMBlock)) marshaledKey, err := x509.MarshalECPrivateKey(key) if err != nil { panic(err) @@ -614,7 +613,7 @@ func setCerts() { Type: "EC PRIVATE KEY", Bytes: marshaledKey, } - privECKeyPem = strings.TrimSpace(string(pem.EncodeToMemory(keyPEMBlock))) + privECKeyPem = string(pem.EncodeToMemory(keyPEMBlock)) marshaledKey, err = x509.MarshalPKCS8PrivateKey(key) if err != nil { panic(err) @@ -623,7 +622,7 @@ func setCerts() { Type: "PRIVATE KEY", Bytes: marshaledKey, } - privEC8KeyPem = strings.TrimSpace(string(pem.EncodeToMemory(keyPEMBlock))) + privEC8KeyPem = string(pem.EncodeToMemory(keyPEMBlock)) } // RSA generation @@ -665,7 +664,7 @@ func setCerts() { Type: "CERTIFICATE REQUEST", Bytes: csrBytes, } - csrRSAPem = strings.TrimSpace(string(pem.EncodeToMemory(csrPEMBlock))) + csrRSAPem = string(pem.EncodeToMemory(csrPEMBlock)) certBytes, err := x509.CreateCertificate(rand.Reader, certTemplate, intCert, key.Public(), intKey) if err != nil { panic(err) @@ -674,13 +673,13 @@ func setCerts() { Type: "CERTIFICATE", Bytes: certBytes, } - certRSAPem = strings.TrimSpace(string(pem.EncodeToMemory(certPEMBlock))) + certRSAPem = string(pem.EncodeToMemory(certPEMBlock)) marshaledKey := x509.MarshalPKCS1PrivateKey(key) keyPEMBlock := &pem.Block{ Type: "RSA PRIVATE KEY", Bytes: marshaledKey, } - privRSAKeyPem = strings.TrimSpace(string(pem.EncodeToMemory(keyPEMBlock))) + privRSAKeyPem = string(pem.EncodeToMemory(keyPEMBlock)) marshaledKey, err = x509.MarshalPKCS8PrivateKey(key) if err != nil { panic(err) @@ -689,7 +688,7 @@ func setCerts() { Type: "PRIVATE KEY", Bytes: marshaledKey, } - privRSA8KeyPem = strings.TrimSpace(string(pem.EncodeToMemory(keyPEMBlock))) + privRSA8KeyPem = string(pem.EncodeToMemory(keyPEMBlock)) } issuingCaChainPem = []string{intCertPEM, caCertPEM} diff --git a/helper/certutil/helpers.go b/helper/certutil/helpers.go index 4488f1b1d80f..50213137cc9e 100644 --- a/helper/certutil/helpers.go +++ b/helper/certutil/helpers.go @@ -109,7 +109,7 @@ func ParsePEMBundle(pemBundle string) (*ParsedCertBundle, error) { return nil, errutil.UserError{Err: "empty pem bundle"} } - pemBundle = strings.TrimSpace(pemBundle) + pemBundle = pemBundle pemBytes := []byte(pemBundle) var pemBlock *pem.Block diff --git a/helper/certutil/types.go b/helper/certutil/types.go index 372af68888a5..3fe674009382 100644 --- a/helper/certutil/types.go +++ b/helper/certutil/types.go @@ -254,12 +254,12 @@ func (p *ParsedCertBundle) ToCertBundle() (*CertBundle, error) { if p.CertificateBytes != nil && len(p.CertificateBytes) > 0 { block.Bytes = p.CertificateBytes - result.Certificate = strings.TrimSpace(string(pem.EncodeToMemory(&block))) + result.Certificate = string(pem.EncodeToMemory(&block)) } for _, caCert := range p.CAChain { block.Bytes = caCert.Bytes - certificate := strings.TrimSpace(string(pem.EncodeToMemory(&block))) + certificate := string(pem.EncodeToMemory(&block)) result.CAChain = append(result.CAChain, certificate) } @@ -279,7 +279,7 @@ func (p *ParsedCertBundle) ToCertBundle() (*CertBundle, error) { } } - result.PrivateKey = strings.TrimSpace(string(pem.EncodeToMemory(&block))) + result.PrivateKey = string(pem.EncodeToMemory(&block)) } return result, nil @@ -461,7 +461,7 @@ func (p *ParsedCSRBundle) ToCSRBundle() (*CSRBundle, error) { if p.CSRBytes != nil && len(p.CSRBytes) > 0 { block.Bytes = p.CSRBytes - result.CSR = strings.TrimSpace(string(pem.EncodeToMemory(&block))) + result.CSR = string(pem.EncodeToMemory(&block)) } if p.PrivateKeyBytes != nil && len(p.PrivateKeyBytes) > 0 { @@ -476,7 +476,7 @@ func (p *ParsedCSRBundle) ToCSRBundle() (*CSRBundle, error) { default: return nil, errutil.InternalError{Err: "Could not determine private key type when creating block"} } - result.PrivateKey = strings.TrimSpace(string(pem.EncodeToMemory(&block))) + result.PrivateKey = string(pem.EncodeToMemory(&block)) } return result, nil From 2d22d8a99ac998d9e0e47a0e7553d9374525844c Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Tue, 20 Feb 2018 00:03:45 -0500 Subject: [PATCH 169/178] Fix PKI tests by generating on-demand --- Makefile | 2 +- README.md | 2 +- builtin/logical/pki/backend_test.go | 230 +++++++++++--------------- builtin/logical/pki/path_config_ca.go | 4 + builtin/logical/pki/path_fetch.go | 4 +- helper/certutil/helpers.go | 2 +- 6 files changed, 109 insertions(+), 135 deletions(-) diff --git a/Makefile b/Makefile index 32ee68939644..6940a97771e4 100644 --- a/Makefile +++ b/Makefile @@ -11,7 +11,7 @@ EXTERNAL_TOOLS=\ BUILD_TAGS?=vault GOFMT_FILES?=$$(find . -name '*.go' | grep -v vendor) -GO_VERSION_MIN=1.9.1 +GO_VERSION_MIN=1.10 default: dev diff --git a/README.md b/README.md index d3fa4a931dd3..3c50e6c33da1 100644 --- a/README.md +++ b/README.md @@ -59,7 +59,7 @@ Developing Vault -------------------- If you wish to work on Vault itself or any of its built-in systems, you'll -first need [Go](https://www.golang.org) installed on your machine (version 1.9+ +first need [Go](https://www.golang.org) installed on your machine (version 1.10+ is *required*). For local dev first make sure Go is properly installed, including setting up a diff --git a/builtin/logical/pki/backend_test.go b/builtin/logical/pki/backend_test.go index 8ef5f2eea8e6..530df25a5ccd 100644 --- a/builtin/logical/pki/backend_test.go +++ b/builtin/logical/pki/backend_test.go @@ -21,6 +21,7 @@ import ( "reflect" "strconv" "strings" + "sync" "testing" "time" @@ -136,6 +137,7 @@ func TestPKI_RequireCN(t *testing.T) { // Performs basic tests on CA functionality // Uses the RSA CA key func TestBackend_RSAKey(t *testing.T) { + initTest.Do(setCerts) defaultLeaseTTLVal := time.Hour * 24 maxLeaseTTLVal := time.Hour * 24 * 32 b, err := Factory(context.Background(), &logical.BackendConfig{ @@ -164,6 +166,7 @@ func TestBackend_RSAKey(t *testing.T) { // Performs basic tests on CA functionality // Uses the EC CA key func TestBackend_ECKey(t *testing.T) { + initTest.Do(setCerts) defaultLeaseTTLVal := time.Hour * 24 maxLeaseTTLVal := time.Hour * 24 * 32 b, err := Factory(context.Background(), &logical.BackendConfig{ @@ -190,6 +193,7 @@ func TestBackend_ECKey(t *testing.T) { } func TestBackend_CSRValues(t *testing.T) { + initTest.Do(setCerts) defaultLeaseTTLVal := time.Hour * 24 maxLeaseTTLVal := time.Hour * 24 * 32 b, err := Factory(context.Background(), &logical.BackendConfig{ @@ -216,6 +220,7 @@ func TestBackend_CSRValues(t *testing.T) { } func TestBackend_URLsCRUD(t *testing.T) { + initTest.Do(setCerts) defaultLeaseTTLVal := time.Hour * 24 maxLeaseTTLVal := time.Hour * 24 * 32 b, err := Factory(context.Background(), &logical.BackendConfig{ @@ -245,6 +250,7 @@ func TestBackend_URLsCRUD(t *testing.T) { // of role flags to ensure that they are properly restricted // Uses the RSA CA key func TestBackend_RSARoles(t *testing.T) { + initTest.Do(setCerts) defaultLeaseTTLVal := time.Hour * 24 maxLeaseTTLVal := time.Hour * 24 * 32 b, err := Factory(context.Background(), &logical.BackendConfig{ @@ -285,6 +291,7 @@ func TestBackend_RSARoles(t *testing.T) { // of role flags to ensure that they are properly restricted // Uses the RSA CA key func TestBackend_RSARoles_CSR(t *testing.T) { + initTest.Do(setCerts) defaultLeaseTTLVal := time.Hour * 24 maxLeaseTTLVal := time.Hour * 24 * 32 b, err := Factory(context.Background(), &logical.BackendConfig{ @@ -305,7 +312,7 @@ func TestBackend_RSARoles_CSR(t *testing.T) { Operation: logical.UpdateOperation, Path: "config/ca", Data: map[string]interface{}{ - "pem_bundle": rsaCAKey + rsaCACert + rsaCAChain, + "pem_bundle": rsaCAKey + rsaCACert, }, }, }, @@ -325,6 +332,7 @@ func TestBackend_RSARoles_CSR(t *testing.T) { // of role flags to ensure that they are properly restricted // Uses the EC CA key func TestBackend_ECRoles(t *testing.T) { + initTest.Do(setCerts) defaultLeaseTTLVal := time.Hour * 24 maxLeaseTTLVal := time.Hour * 24 * 32 b, err := Factory(context.Background(), &logical.BackendConfig{ @@ -365,6 +373,7 @@ func TestBackend_ECRoles(t *testing.T) { // of role flags to ensure that they are properly restricted // Uses the EC CA key func TestBackend_ECRoles_CSR(t *testing.T) { + initTest.Do(setCerts) defaultLeaseTTLVal := time.Hour * 24 maxLeaseTTLVal := time.Hour * 24 * 32 b, err := Factory(context.Background(), &logical.BackendConfig{ @@ -840,8 +849,8 @@ func generateCATestingSteps(t *testing.T, caCert, caKey, otherCaCert string, int Unauthenticated: true, Check: func(resp *logical.Response) error { rawBytes := resp.Data["http_raw_body"].([]byte) - if string(rawBytes) != caCert { - return fmt.Errorf("CA certificate:\n%s\ndoes not match original:\n%s\n", string(rawBytes), caCert) + if !reflect.DeepEqual(rawBytes, []byte(caCert)) { + return fmt.Errorf("CA certificate:\n%#v\ndoes not match original:\n%#v\n", rawBytes, []byte(caCert)) } if resp.Data["http_content_type"].(string) != "application/pkix-cert" { return fmt.Errorf("Expected application/pkix-cert as content-type, but got %s", resp.Data["http_content_type"].(string)) @@ -1827,8 +1836,14 @@ func generateRoleSteps(t *testing.T, useCSRs bool) []logicaltest.TestStep { i := mathRand.Int() % 4 switch { case i == 0: - extUsage = x509.ExtKeyUsageEmailProtection - roleVals.EmailProtectionFlag = true + // Punt on this for now since I'm not clear the actual proper + // way to format these + if name != "daɪˈɛrɨsɨs" { + extUsage = x509.ExtKeyUsageEmailProtection + roleVals.EmailProtectionFlag = true + break + } + fallthrough case i == 1: extUsage = x509.ExtKeyUsageServerAuth roleVals.ServerFlag = true @@ -1929,7 +1944,7 @@ func generateRoleSteps(t *testing.T, useCSRs bool) []logicaltest.TestStep { Type: "CERTIFICATE REQUEST", Bytes: csr, } - issueVals.CSR = strings.TrimSpace(string(pem.EncodeToMemory(&block))) + issueVals.CSR = string(pem.EncodeToMemory(&block)) addTests(getCnCheck(issueVals.CommonName, roleVals, privKey, x509.KeyUsage(parsedKeyUsage), extUsage, validity)) } else { @@ -3193,129 +3208,82 @@ func TestBackend_OID_SANs(t *testing.T) { t.Logf("certificate 3 to check:\n%s", certStr) } -const ( - rsaCAKey string = `-----BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAmPQlK7xD5p+E8iLQ8XlVmll5uU2NKMxKY3UF5tbh+0vkc+Fy -XmutLxxXAyYRPoztZ1g7ocr8XBFYsQPK26TFc3TzrLL7bBEYHQArd8M+VUHjziB7 -zwwpbV7tG8WPqIScDKMNncavDcT8sDg3DUqb8/zWkBD8WEYmsVr1VfKY5pFdxIZU -kHP3/MkDpGmfrED9K5qPu17dIHTL2VYi4KxKhtIryapZTk6vDwRNfIYJD23QbQnt -Si1j0X9MTRUf3BIcd0Ch60aGvv0VSL+1NTafsZQD+z1RY/zNp9IUHz5bNIiePZ6l -JrlddodAAXZ4sN1CMetf4bA2RXssxBEIb5FyiQIDAQABAoIBAGMScSk9DvZJCUIV -zyU6JHqPzkp6sx5kBSMa37HAKiwt4lI1C3GhaVIEl0/Qzoannfa8rhOEeaXhDoPK -IxHWTpcUf+mzHSvIfsf6Hi2655stzLLtU4SvKf5P6GF+vCi5jKKa0u0JjsXqfIpg -Pzh6xT1q3kf+2JUNC28Brbv4IZXmPmqWwu21VN+t3GsMGYgOnEOzBjXMhvNnm9kN -kznV9Y2y0UIcT4dhbe2VRs4Dp8dGEyrFM7/Ovb3hIJrTkPcxjBbL5eMqpXnIkiW2 -7NyPMWFvX2lGnGdZ1Erh65SVtMjnHFwnSJ8jD+x9RAH9c1LQrYASws3MvMV8Bdzg -2iljNqECgYEAw3Ow0clLx2alj9qFXcS2ap1lUCJxXZ9UiIU5lOcPxpCpHPloua14 -46rj2EJ9SD1L2kyB5gCq4nGK5uUIx37AJryy1SGzUmtmIVxQLnm6XK6zKnTBk0gx -gevS6D7fHLDiVGGl3oGw4evibUFCk7dFOb/I/uBRb1zyaJrqOIlDS7UCgYEAyFYi -RYQbYJJ0k18fUWDKy/P/Rl7uy9D67Qa9+wxoYN2Kh/aQwnNxYHAbwG7Pupd0oGcW -Yl4bgUliAX3IFGs/cCkPJAIHzwWBPjUDhsJ020TGxKfL4SWP9OaxOpN5TOAixvBY -ar9aSaKEl7QShmzc/Dknxu58LcoZUwI82pKIGAUCgYAxaHJ/ZcpxOsKJjez+2jZe -1zEAQ+SyjQ96f2sh+BMl1/XYLDhMD80qiE2WoqA2/b/KDGMd+Hc6TQeW/LjubV03 -raXreNxy7lFgB40BYqY4vbTu+5rfl3VkaW/kY9hU0WY1fIXIrLJBOjb/9WpWGxM1 -2QR/YcdURoPE67xf1FsdrQKBgE8KdNEakzah8e6nLBMOblTTutcH4410sVvNOi2P -sqrtHZgRNwIRTB0xfjGJRtomoXQb2CANYyq6SjmuZ79upQPan0ekqXILiPeDMRX9 -KN/OHeI/FdiJ2mdUkX476zLih7YX47qSLsw4m7nC6UAyOWomHsSFGWdzglRW4K2X -/KwFAoGAYQUEWhXp5vpKzAly1ivSH9+sGC59Cujdy50oJSjaw9J+W1fM5WO9z+MH -CoEpRt8epIgvCBBP2IM7uJUu8i2jQgJ/rrn3NTJgZn2UEPzyxUxbuWnSyueyUsD6 -uhTwBDf8LWOpvdZHMI4CPZ5WJwxAGkvde9xtlzuZUSAlyI2X8m0= ------END RSA PRIVATE KEY----- -` - rsaCACert string = `-----BEGIN CERTIFICATE----- -MIIDljCCAn6gAwIBAgIUQVapfgyAeDH9rAmpw3PQrhMcjRMwDQYJKoZIhvcNAQEL -BQAwMzExMC8GA1UEAxMoVmF1bHQgVGVzdGluZyBJbnRlcm1lZGlhdGUgU3ViIEF1 -dGhvcml0eTAeFw0xNjA4MDcyMjUzNTRaFw0yNjA3MjQxMDU0MjRaMDcxNTAzBgNV -BAMTLFZhdWx0IFRlc3RpbmcgSW50ZXJtZWRpYXRlIFN1YiBTdWIgQXV0aG9yaXR5 -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmPQlK7xD5p+E8iLQ8XlV -mll5uU2NKMxKY3UF5tbh+0vkc+FyXmutLxxXAyYRPoztZ1g7ocr8XBFYsQPK26TF -c3TzrLL7bBEYHQArd8M+VUHjziB7zwwpbV7tG8WPqIScDKMNncavDcT8sDg3DUqb -8/zWkBD8WEYmsVr1VfKY5pFdxIZUkHP3/MkDpGmfrED9K5qPu17dIHTL2VYi4KxK -htIryapZTk6vDwRNfIYJD23QbQntSi1j0X9MTRUf3BIcd0Ch60aGvv0VSL+1NTaf -sZQD+z1RY/zNp9IUHz5bNIiePZ6lJrlddodAAXZ4sN1CMetf4bA2RXssxBEIb5Fy -iQIDAQABo4GdMIGaMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0G -A1UdDgQWBBRMeQTX9VkLqb1wzrvN/vFG09yhUTAfBgNVHSMEGDAWgBR0Oq2VTUBE -dOm6a1sKJTvdZMV5LjA3BgNVHREEMDAugixWYXVsdCBUZXN0aW5nIEludGVybWVk -aWF0ZSBTdWIgU3ViIEF1dGhvcml0eTANBgkqhkiG9w0BAQsFAAOCAQEAagYM7uFa -tUziraBkuU7cIyX83y7lYFsDhUse2hkpqmgO14oEOwFsDox1Jg2QGt4FEfJoCOXf -oCZZN8XmaWdSrfgs1nDmtE0xwXiX1z7JuJZ+Ygt3dcRHO1zs5tmuHLxrvMnKfIfG -bsGmES4mknt0qQ7tGhpyC+KgEmcVL1QQJXNjzCrw5iQ9sgvQt+oCqV28pxOUSYkq -FdrozmNdJwMgVADywiY/FqYJWgkixlFHQkPR7eiXwpahON+zRMk1JSgr/8N8fRDj -aqVBRppPzVU9joUME0vOc8cK3VozNe4iRkKNZFelHU2NPPJSDjRLVH9tJ7jPVOEA -/k6w2PwdoRom7Q== ------END CERTIFICATE----- -` - - rsaCAChain string = `-----BEGIN CERTIFICATE----- -MIIDijCCAnKgAwIBAgIUOiGo/1EOhRhuupTRGDYnqdALk/swDQYJKoZIhvcNAQEL -BQAwLzEtMCsGA1UEAxMkVmF1bHQgVGVzdGluZyBJbnRlcm1lZGlhdGUgQXV0aG9y -aXR5MB4XDTE2MDgwNzIyNTA1MloXDTI2MDcyODE0NTEyMlowMzExMC8GA1UEAxMo -VmF1bHQgVGVzdGluZyBJbnRlcm1lZGlhdGUgU3ViIEF1dGhvcml0eTCCASIwDQYJ -KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMTPRQREwW3BEifNcm0XElMRB0GNTXHr -XCuNoFVsVBlIEsNVQkka+SHZcmNBdEcZLBXP/W3tBT82B48GVN8jyxAGfYZ5hoOQ -ed3GVft1A7lAnxcGvf5e9kfecKDcBB4G4rBhqdDNcAtklS2hV4uZUcVcEJKggpsQ -a1wZkCn8eg6sqEYG/SxPouwL52PblxIN+Dd57sBeqx4qdL297XR8LuLkxqftwUCZ -l2iFBnSDID/06ZmHDXA38I0n3jT2ZGjgPGFnIFKxRGq1vpVc3F5ga8qk+u66ybBu -xWHzINQrrryjELbl2YBTr6i0R9HnZle6OPcXMWp0JuGjtDC1xb5NmnkCAwEAAaOB -mTCBljAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU -dDqtlU1ARHTpumtbCiU73WTFeS4wHwYDVR0jBBgwFoAU+UO/nrlKr4COZCxLZSY/ -ul+YMvMwMwYDVR0RBCwwKoIoVmF1bHQgVGVzdGluZyBJbnRlcm1lZGlhdGUgU3Vi -IEF1dGhvcml0eTANBgkqhkiG9w0BAQsFAAOCAQEAjgCuTXsLFkf0DVkfSsKReNwI -U/yBcP8Ttbx/ltanJGIVfD5TZoCnNTWm6RkML29ohfxI27sHTUhj+/6Ba0MRiLeI -FXdclXmHOU2dTHlrmUa0m/4cb5uYoiiEnpmyWL5k94fqPOZAvJcFHnP3db4vsaUW -47YcOvJbPSJqFXZHadqnsf3Fur5NCeTkIk6yZSvwTaZJT0JIWcqfE5LK3mYAMMC3 -iPaIa1cYqOZhWx9ilQfW6u6WxWeOphGuDIusP7Q4qc2Dr9sekyD59dfIYsroK5TP -QVJb69nIYINpYdg3l3VNmmkY4G30N9QNs6acaH49rYzLcRX6tLBgPklO6d+TPA== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDejCCAmKgAwIBAgIUULdIdrdK4Y8d+XM9fuOpDlNcJIYwDQYJKoZIhvcNAQEL -BQAwJzElMCMGA1UEAxMcVmF1bHQgVGVzdGluZyBSb290IEF1dGhvcml0eTAeFw0x -NjA4MDcyMjUwNTFaFw0yNjA4MDExODUxMjFaMC8xLTArBgNVBAMTJFZhdWx0IFRl -c3RpbmcgSW50ZXJtZWRpYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQAD -ggEPADCCAQoCggEBANXa6U+MDiUrryeZeGxgkmAZdrm9wCKz/6SmxYSebKr8aZwD -nfbsPLRFxU6BXp9Nc6pP7e8HLBv6PtFTQG389zxOBwAHxZQvUsFESumUd64oTLRG -J+AErTh7rtSWbLZsgDtQVvpx+6mKkvm53f/aKcq+DbqAFOg6slYOaQix0ZvP/qL0 -iWGIPr1JZk9uBJOUuIUBJdbsgTk+KQqJL9M6up8bCnM0noCafwrNKwZWtsbkfOZE -OLSycdzCEBeHejpHTIU0vgAkdj63oEy2AbK3hMPxKzNthL3DX6W0tssoVgL//92i -oSfpDTxiXqqdr+J3accpsAvA+F+D2TqaxdAfjLcCAwEAAaOBlTCBkjAOBgNVHQ8B -Af8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU+UO/nrlKr4COZCxL -ZSY/ul+YMvMwHwYDVR0jBBgwFoAUA3jY4OUWi1Y7zQgM7S9QeXjNgIQwLwYDVR0R -BCgwJoIkVmF1bHQgVGVzdGluZyBJbnRlcm1lZGlhdGUgQXV0aG9yaXR5MA0GCSqG -SIb3DQEBCwUAA4IBAQA9VJt92LsOOegtAx35rr41LSSfPWB2SCKg0fphL2gMPO5y -fE2u8O5TF5dJWJ1fF3cg9/XK30Ohdl1/ujfHbVcX+O6Sb3cgwKTQQOhTdsAZKFRT -RPHaf/Ja8uqAXMITApxOp7YiYQwukwZr+OsKi66s+zhlfI790PoQbC3UJvgmNDmv -V5oP63mw4yhqRNPn4NOjzoC/hJSIM0AIdRB1nx2rsSUw0P354R1j9gO43L/Lj33S -NEaPmw+SC3Tbcx4yxeKnTvGdu3sw/ndmZkCjaq5jxgTy9FONqT45TPJOyk29o5gl -+AVQz5fD2M3C1L/sZIPH2OQbXxePHcsvUZVgaKyk ------END CERTIFICATE----- -` - - ecCAKey string = `-----BEGIN EC PRIVATE KEY----- -MIGkAgEBBDBP/t89wrC0RFVs0N+jiRuGPptoxI1Iyu42/PzzZWMKYnO7yCWFG/Qv -zC8cRa8PDqegBwYFK4EEACKhZANiAAQI9e8n9RD6gOd5YpWpDi5AoPbskxQSogxx -dYFzzHwS0RYIucmlcJ2CuJQNc+9E4dUCMsYr2cAnCgA4iUHzGaje3Fa4O667LVH1 -imAyAj5nbfSd89iNzg4XNPkFjuVNBlE= ------END EC PRIVATE KEY----- -` - - ecCACert string = `-----BEGIN CERTIFICATE----- -MIIDHzCCAqSgAwIBAgIUEQ4L+8Xl9+/uxU3MMCrd3Bw0HMcwCgYIKoZIzj0EAwIw -XzEjMCEGA1UEAxMaVmF1bHQgRUMgdGVzdGluZyByb290IGNlcnQxODA2BgNVBAUT -Lzk3MzY2MDk3NDQ1ODU2MDI3MDY5MDQ0MTkxNjIxODI4NjI0NjM0NTI5MTkzMTU5 -MB4XDTE1MTAwNTE2MzAwMFoXDTM1MDkzMDE2MzAwMFowXzEjMCEGA1UEAxMaVmF1 -bHQgRUMgdGVzdGluZyByb290IGNlcnQxODA2BgNVBAUTLzk3MzY2MDk3NDQ1ODU2 -MDI3MDY5MDQ0MTkxNjIxODI4NjI0NjM0NTI5MTkzMTU5MHYwEAYHKoZIzj0CAQYF -K4EEACIDYgAECPXvJ/UQ+oDneWKVqQ4uQKD27JMUEqIMcXWBc8x8EtEWCLnJpXCd -griUDXPvROHVAjLGK9nAJwoAOIlB8xmo3txWuDuuuy1R9YpgMgI+Z230nfPYjc4O -FzT5BY7lTQZRo4IBHzCCARswDgYDVR0PAQH/BAQDAgGuMBMGA1UdJQQMMAoGCCsG -AQUFBwMJMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFCIBqs15CiKuj7vqmIW5 -L07WSeLhMB8GA1UdIwQYMBaAFCIBqs15CiKuj7vqmIW5L07WSeLhMEIGCCsGAQUF -BwEBBDYwNDAyBggrBgEFBQcwAoYmaHR0cDovL3ZhdWx0LmV4YW1wbGUuY29tL3Yx -L3Jvb3Rwa2kvY2EwJQYDVR0RBB4wHIIaVmF1bHQgRUMgdGVzdGluZyByb290IGNl -cnQwOAYDVR0fBDEwLzAtoCugKYYnaHR0cDovL3ZhdWx0LmV4YW1wbGUuY29tL3Yx -L3Jvb3Rwa2kvY3JsMAoGCCqGSM49BAMCA2kAMGYCMQDRrxXskBtXjuZ1tUTk+qae -3bNVE1oeTDJhe0m3KN7qTykSGslxfEjlv83GYXziiv0CMQDsqu1U9uXPn3ezSbgG -O30prQ/sanDzNAeJhftoGtNPJDspwx0fzclHvKIhgl3JVUc= ------END CERTIFICATE----- -` +func setCerts() { + cak, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + if err != nil { + panic(err) + } + marshaledKey, err := x509.MarshalECPrivateKey(cak) + if err != nil { + panic(err) + } + keyPEMBlock := &pem.Block{ + Type: "EC PRIVATE KEY", + Bytes: marshaledKey, + } + ecCAKey = string(pem.EncodeToMemory(keyPEMBlock)) + if err != nil { + panic(err) + } + subjKeyID, err := certutil.GetSubjKeyID(cak) + if err != nil { + panic(err) + } + caCertTemplate := &x509.Certificate{ + Subject: pkix.Name{ + CommonName: "root.localhost", + }, + SubjectKeyId: subjKeyID, + DNSNames: []string{"root.localhost"}, + KeyUsage: x509.KeyUsage(x509.KeyUsageCertSign | x509.KeyUsageCRLSign), + SerialNumber: big.NewInt(mathrand.Int63()), + NotBefore: time.Now().Add(-30 * time.Second), + NotAfter: time.Now().Add(262980 * time.Hour), + BasicConstraintsValid: true, + IsCA: true, + } + caBytes, err := x509.CreateCertificate(rand.Reader, caCertTemplate, caCertTemplate, cak.Public(), cak) + if err != nil { + panic(err) + } + caCertPEMBlock := &pem.Block{ + Type: "CERTIFICATE", + Bytes: caBytes, + } + ecCACert = string(pem.EncodeToMemory(caCertPEMBlock)) + + rak, err := rsa.GenerateKey(rand.Reader, 2048) + if err != nil { + panic(err) + } + marshaledKey = x509.MarshalPKCS1PrivateKey(rak) + keyPEMBlock = &pem.Block{ + Type: "RSA PRIVATE KEY", + Bytes: marshaledKey, + } + rsaCAKey = string(pem.EncodeToMemory(keyPEMBlock)) + if err != nil { + panic(err) + } + subjKeyID, err = certutil.GetSubjKeyID(rak) + if err != nil { + panic(err) + } + caBytes, err = x509.CreateCertificate(rand.Reader, caCertTemplate, caCertTemplate, rak.Public(), rak) + if err != nil { + panic(err) + } + caCertPEMBlock = &pem.Block{ + Type: "CERTIFICATE", + Bytes: caBytes, + } + rsaCACert = string(pem.EncodeToMemory(caCertPEMBlock)) +} + +var ( + initTest sync.Once + rsaCAKey string + rsaCACert string + ecCAKey string + ecCACert string ) diff --git a/builtin/logical/pki/path_config_ca.go b/builtin/logical/pki/path_config_ca.go index 94be89d47872..11cbf955384b 100644 --- a/builtin/logical/pki/path_config_ca.go +++ b/builtin/logical/pki/path_config_ca.go @@ -33,6 +33,10 @@ secret key and certificate.`, func (b *backend) pathCAWrite(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) { pemBundle := data.Get("pem_bundle").(string) + if pemBundle == "" { + return logical.ErrorResponse("'pem_bundle' was empty"), nil + } + parsedBundle, err := certutil.ParsePEMBundle(pemBundle) if err != nil { switch err.(type) { diff --git a/builtin/logical/pki/path_fetch.go b/builtin/logical/pki/path_fetch.go index 0e4fd008d9f4..e386e4312e49 100644 --- a/builtin/logical/pki/path_fetch.go +++ b/builtin/logical/pki/path_fetch.go @@ -168,13 +168,15 @@ func (b *backend) pathFetchRead(ctx context.Context, req *logical.Request, data } caChain := caInfo.GetCAChain() + var certStr string for _, ca := range caChain { block := pem.Block{ Type: "CERTIFICATE", Bytes: ca.Bytes, } - certificate = append(certificate, pem.EncodeToMemory(&block)...) + certStr = certStr + string(pem.EncodeToMemory(&block)) } + certificate = []byte(certStr) goto reply } diff --git a/helper/certutil/helpers.go b/helper/certutil/helpers.go index 50213137cc9e..053e46c58cdb 100644 --- a/helper/certutil/helpers.go +++ b/helper/certutil/helpers.go @@ -119,7 +119,7 @@ func ParsePEMBundle(pemBundle string) (*ParsedCertBundle, error) { for len(pemBytes) > 0 { pemBlock, pemBytes = pem.Decode(pemBytes) if pemBlock == nil { - return nil, errutil.UserError{Err: "no data found"} + return nil, errutil.UserError{Err: "no data found in PEM block"} } if signer, err := x509.ParseECPrivateKey(pemBlock.Bytes); err == nil { From f73e11089f2038335f3558ad0b72e391f0a8232c Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Tue, 20 Feb 2018 00:26:41 -0500 Subject: [PATCH 170/178] Fix test statement with formatting in fatal call --- physical/testing.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/physical/testing.go b/physical/testing.go index 9022f2c0eb8b..c64b55ea4435 100644 --- a/physical/testing.go +++ b/physical/testing.go @@ -29,7 +29,7 @@ func ExerciseBackend(t testing.TB, b Backend) { // Get should not fail, but be nil out, err := b.Get(context.Background(), "foo") if err != nil { - t.Fatal("initial get failed: %v", err) + t.Fatalf("initial get failed: %v", err) } if out != nil { t.Errorf("initial get was not nil: %v", out) From 8aeba427d239613bf78b7d1ce96900da74d2bd5d Mon Sep 17 00:00:00 2001 From: Vishal Nayak Date: Tue, 20 Feb 2018 07:34:55 -0500 Subject: [PATCH 171/178] Remove unneeded looping since Go 1.10 cover it already (#4010) --- builtin/credential/cert/path_login.go | 26 +++++--------------------- 1 file changed, 5 insertions(+), 21 deletions(-) diff --git a/builtin/credential/cert/path_login.go b/builtin/credential/cert/path_login.go index 51f7b59fb526..f517cbb4cf70 100644 --- a/builtin/credential/cert/path_login.go +++ b/builtin/credential/cert/path_login.go @@ -439,28 +439,12 @@ func validateConnState(roots *x509.CertPool, cs *tls.ConnectionState) ([][]*x509 } } - var chains [][]*x509.Certificate - var err error - switch { - case len(certs[0].DNSNames) > 0: - for _, dnsName := range certs[0].DNSNames { - opts.DNSName = dnsName - chains, err = certs[0].Verify(opts) - if err != nil { - if _, ok := err.(x509.UnknownAuthorityError); ok { - return nil, nil - } - return nil, errors.New("failed to verify client's certificate: " + err.Error()) - } - } - default: - chains, err = certs[0].Verify(opts) - if err != nil { - if _, ok := err.(x509.UnknownAuthorityError); ok { - return nil, nil - } - return nil, errors.New("failed to verify client's certificate: " + err.Error()) + chains, err := certs[0].Verify(opts) + if err != nil { + if _, ok := err.(x509.UnknownAuthorityError); ok { + return nil, nil } + return nil, errors.New("failed to verify client's certificate: " + err.Error()) } return chains, nil From 8bb4bdab4df16138ea0cd34ceb19c77d73e0ccc1 Mon Sep 17 00:00:00 2001 From: Andrei Burd Date: Tue, 20 Feb 2018 17:16:37 +0200 Subject: [PATCH 172/178] Handling nomad maxTokenNameLength = 64 (#4009) --- builtin/logical/nomad/path_creds_create.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/builtin/logical/nomad/path_creds_create.go b/builtin/logical/nomad/path_creds_create.go index ceae67abf26c..cb5930c75c75 100644 --- a/builtin/logical/nomad/path_creds_create.go +++ b/builtin/logical/nomad/path_creds_create.go @@ -56,6 +56,12 @@ func (b *backend) pathTokenRead(ctx context.Context, req *logical.Request, d *fr // Generate a name for the token tokenName := fmt.Sprintf("vault-%s-%s-%d", name, req.DisplayName, time.Now().UnixNano()) + // Handling nomad maximum token lenght + // https://github.com/hashicorp/nomad/blob/d9276e22b3b74674996fb548cdb6bc4c70d5b0e4/nomad/structs/structs.go#L115 + if len(tokenName) > 64 { + tokenName = tokenName[0:63] + } + // Create it token, _, err := c.ACLTokens().Create(&api.ACLToken{ Name: tokenName, From fe6272fa1c19c2938038d1f491c5a67a349a3817 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Tue, 20 Feb 2018 11:16:28 -0500 Subject: [PATCH 173/178] changelog++ --- CHANGELOG.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 019e16ba2d72..ba87d6be1ee1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,13 +8,13 @@ FEATURES: * **Okta Push support in Okta Auth Backend**: If a user account has MFA required within Okta, an Okta Push MFA flow can be used to successfully finish authentication. - * **Manta Storage**: Joyent Triton Manta can now be used for Vault storage - * **Google Cloud Spanner Storage**: Google Cloud Spanner can now be used for - Vault storage * **PKI Improvements**: Custom OID subject alternate names can now be set, subject to allow restrictions that support globbing. Additionally, Country, Locality, Province, Street Address, and Postal Code can now be set in certificate subjects. + * **Manta Storage**: Joyent Triton Manta can now be used for Vault storage + * **Google Cloud Spanner Storage**: Google Cloud Spanner can now be used for + Vault storage IMPROVEMENTS: @@ -29,6 +29,7 @@ IMPROVEMENTS: once a minute. Too many leases can be problematic for many of the storage backends and often this number of leases is indicative of a need for workflow improvements. [GH-3957] + * secret/nomad: Have generated ACL tokens cap out at 64 characters [GH-4009] * secret/pki: Country, Locality, Province, Street Address, and Postal Code can now be set on certificates [GH-3992] * secret/pki: UTF-8 Other Names can now be set in Subject Alternate Names in From 49ca5ef5b3e1cb04c6fba0153cc1103b2889dd17 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Tue, 20 Feb 2018 14:07:29 -0500 Subject: [PATCH 174/178] Update go-plugin --- vendor/vendor.json | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/vendor/vendor.json b/vendor/vendor.json index 80d06e8b3355..a02d5f4554c2 100644 --- a/vendor/vendor.json +++ b/vendor/vendor.json @@ -1071,8 +1071,8 @@ { "checksumSHA1": "7SheX5w6+xGsTMxPI3LiJx0iz7s=", "path": "github.com/hashicorp/go-plugin", - "revision": "4b17561773d85e482ea040884ee3e288425d4174", - "revisionTime": "2018-02-06T18:30:35Z" + "revision": "baa83ead6ff956b3f99bcd609ae3499c028e019e", + "revisionTime": "2018-02-16T15:44:16Z" }, { "checksumSHA1": "yzoWV7yrS/TvOrKy5ZrdUjsYaOA=", @@ -1716,6 +1716,12 @@ "revision": "5119cf507ed5294cc409c092980c7497ee5d6fd2", "revisionTime": "2018-01-22T10:39:14Z" }, + { + "checksumSHA1": "1zB843WyoSh8oMdbeDfgByEa2TE=", + "path": "golang.org/x/crypto/chacha20poly1305", + "revision": "650f4a345ab4e5b245a3034b110ebc7299e68186", + "revisionTime": "2017-09-27T09:16:38Z" + }, { "checksumSHA1": "t3UubYn5RuLw3vTUghV1Q1Q9VEY=", "path": "golang.org/x/crypto/cryptobyte", @@ -1728,12 +1734,6 @@ "revision": "1875d0a70c90e57f11972aefd42276df65e895b9", "revisionTime": "2018-01-27T19:02:20Z" }, - { - "checksumSHA1": "1zB843WyoSh8oMdbeDfgByEa2TE=", - "path": "golang.org/x/crypto/chacha20poly1305", - "revision": "650f4a345ab4e5b245a3034b110ebc7299e68186", - "revisionTime": "2017-09-27T09:16:38Z" - }, { "checksumSHA1": "IQkUIOnvlf0tYloFx9mLaXSvXWQ=", "path": "golang.org/x/crypto/curve25519", From eecb4edf2a7f2ec8c3930a2b3df086f2bd6f8580 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Tue, 20 Feb 2018 14:15:43 -0500 Subject: [PATCH 175/178] Update plugins --- .../vault-plugin-auth-centrify/Gopkg.lock | 37 ++++++++++----- .../vault-plugin-auth-kubernetes/Gopkg.lock | 47 ++++++++++++------- vendor/vendor.json | 20 ++++---- 3 files changed, 65 insertions(+), 39 deletions(-) diff --git a/vendor/github.com/hashicorp/vault-plugin-auth-centrify/Gopkg.lock b/vendor/github.com/hashicorp/vault-plugin-auth-centrify/Gopkg.lock index ea2c783c5bfb..b8ec47d6927c 100644 --- a/vendor/github.com/hashicorp/vault-plugin-auth-centrify/Gopkg.lock +++ b/vendor/github.com/hashicorp/vault-plugin-auth-centrify/Gopkg.lock @@ -34,7 +34,6 @@ version = "v1.0" [[projects]] - branch = "master" name = "github.com/golang/protobuf" packages = [ "proto", @@ -44,6 +43,7 @@ "ptypes/timestamp" ] revision = "925541529c1fa6821df4e44ce2723319eb2be768" + version = "v1.0.0" [[projects]] branch = "master" @@ -79,7 +79,7 @@ branch = "master" name = "github.com/hashicorp/go-plugin" packages = ["."] - revision = "e53f54cbf51efde642d4711313e829a1ff0c236d" + revision = "baa83ead6ff956b3f99bcd609ae3499c028e019e" [[projects]] branch = "master" @@ -99,6 +99,15 @@ packages = ["."] revision = "4fe82ae3040f80a03d04d2cccb5606a626b8e1ee" +[[projects]] + branch = "master" + name = "github.com/hashicorp/golang-lru" + packages = [ + ".", + "simplelru" + ] + revision = "0fb14efe8c47ae851c0034ed7a448854d3d34cf3" + [[projects]] branch = "master" name = "github.com/hashicorp/hcl" @@ -125,6 +134,7 @@ "helper/consts", "helper/errutil", "helper/jsonutil", + "helper/locksutil", "helper/logbridge", "helper/logformat", "helper/mlock", @@ -139,9 +149,11 @@ "logical/framework", "logical/plugin", "logical/plugin/pb", + "physical", + "physical/inmem", "version" ] - revision = "a612abcf70231e6d6415c73ccddc1dbc5215dc36" + revision = "49ca5ef5b3e1cb04c6fba0153cc1103b2889dd17" [[projects]] branch = "master" @@ -189,7 +201,7 @@ branch = "master" name = "github.com/mitchellh/mapstructure" packages = ["."] - revision = "b4575eea38cca1123ec2dc90c26529b5c5acfcff" + revision = "a4e142e9c047c904fa2f1e144d9a84e6133024bc" [[projects]] name = "github.com/oklog/run" @@ -207,13 +219,13 @@ branch = "master" name = "github.com/sethgrid/pester" packages = ["."] - revision = "760f8913c0483b776294e1bee43f1d687527127b" + revision = "b18953f5db2922a73aaf89652abf7b5ee95cb516" [[projects]] branch = "master" name = "golang.org/x/crypto" packages = ["ssh/terminal"] - revision = "0efb9460aaf800c6376acf625be2853bceac2e06" + revision = "432090b8f568c018896cd8a0fb0345872bbac6ce" [[projects]] branch = "master" @@ -227,7 +239,7 @@ "lex/httplex", "trace" ] - revision = "0ed95abb35c445290478a5348a7b38bb154135fd" + revision = "cbe0f9307d0156177f9dd5dc85da1a31abc5f2fb" [[projects]] branch = "master" @@ -236,7 +248,7 @@ "unix", "windows" ] - revision = "03467258950d845cd1877eab69461b98e8c09219" + revision = "37707fdb30a5b38865cfb95e5aab41707daec7fd" [[projects]] branch = "master" @@ -257,13 +269,13 @@ "unicode/norm", "unicode/rangetable" ] - revision = "e19ae1496984b1c655b8044a65c0300a3c878dd3" + revision = "4e4a3210bb54bb31f6ab2cdca2edcc0b50c420c1" [[projects]] branch = "master" name = "google.golang.org/genproto" packages = ["googleapis/rpc/status"] - revision = "4eb30f4778eed4c258ba66527a0d4f9ec8a36c45" + revision = "2b5a72b8730b0b16380010cfe5286c42108d88e7" [[projects]] name = "google.golang.org/grpc" @@ -276,6 +288,7 @@ "connectivity", "credentials", "encoding", + "encoding/proto", "grpclb/grpc_lb_v1/messages", "grpclog", "health", @@ -293,8 +306,8 @@ "tap", "transport" ] - revision = "6b51017f791ae1cfbec89c52efdf444b13b550ef" - version = "v1.9.2" + revision = "8e4536a86ab602859c20df5ebfd0bd4228d08655" + version = "v1.10.0" [solve-meta] analyzer-name = "dep" diff --git a/vendor/github.com/hashicorp/vault-plugin-auth-kubernetes/Gopkg.lock b/vendor/github.com/hashicorp/vault-plugin-auth-kubernetes/Gopkg.lock index 66a1f6439cff..820590637191 100644 --- a/vendor/github.com/hashicorp/vault-plugin-auth-kubernetes/Gopkg.lock +++ b/vendor/github.com/hashicorp/vault-plugin-auth-kubernetes/Gopkg.lock @@ -36,8 +36,8 @@ ".", "log" ] - revision = "2dd44038f0b95ae693b266c5f87593b5d2fdd78d" - version = "v2.5.0" + revision = "26b41036311f2da8242db402557a0dbd09dc83da" + version = "v2.6.0" [[projects]] name = "github.com/fatih/structs" @@ -61,7 +61,7 @@ branch = "master" name = "github.com/go-openapi/spec" packages = ["."] - revision = "fa03337d7da5735229ee8f5e9d5d0b996014b7f8" + revision = "1de3e0542de65ad8d75452a595886fdd0befb363" [[projects]] branch = "master" @@ -75,8 +75,8 @@ "proto", "sortkeys" ] - revision = "342cbe0a04158f6dcb03ca0079991a51a4248c02" - version = "v0.5" + revision = "1adfc126b41513cc696b209667c8656ea7aac67c" + version = "v1.0.0" [[projects]] branch = "master" @@ -85,7 +85,6 @@ revision = "23def4e6c14b4da8ac2ed8007337bc5eb5007998" [[projects]] - branch = "master" name = "github.com/golang/protobuf" packages = [ "proto", @@ -95,6 +94,7 @@ "ptypes/timestamp" ] revision = "925541529c1fa6821df4e44ce2723319eb2be768" + version = "v1.0.0" [[projects]] branch = "master" @@ -136,7 +136,7 @@ branch = "master" name = "github.com/hashicorp/go-plugin" packages = ["."] - revision = "e53f54cbf51efde642d4711313e829a1ff0c236d" + revision = "baa83ead6ff956b3f99bcd609ae3499c028e019e" [[projects]] branch = "master" @@ -156,6 +156,15 @@ packages = ["."] revision = "4fe82ae3040f80a03d04d2cccb5606a626b8e1ee" +[[projects]] + branch = "master" + name = "github.com/hashicorp/golang-lru" + packages = [ + ".", + "simplelru" + ] + revision = "0fb14efe8c47ae851c0034ed7a448854d3d34cf3" + [[projects]] branch = "master" name = "github.com/hashicorp/hcl" @@ -182,6 +191,7 @@ "helper/consts", "helper/errutil", "helper/jsonutil", + "helper/locksutil", "helper/logbridge", "helper/logformat", "helper/mlock", @@ -195,9 +205,11 @@ "logical/framework", "logical/plugin", "logical/plugin/pb", + "physical", + "physical/inmem", "version" ] - revision = "a612abcf70231e6d6415c73ccddc1dbc5215dc36" + revision = "49ca5ef5b3e1cb04c6fba0153cc1103b2889dd17" [[projects]] branch = "master" @@ -255,7 +267,7 @@ branch = "master" name = "github.com/mitchellh/mapstructure" packages = ["."] - revision = "b4575eea38cca1123ec2dc90c26529b5c5acfcff" + revision = "a4e142e9c047c904fa2f1e144d9a84e6133024bc" [[projects]] name = "github.com/oklog/run" @@ -273,7 +285,7 @@ branch = "master" name = "github.com/sethgrid/pester" packages = ["."] - revision = "760f8913c0483b776294e1bee43f1d687527127b" + revision = "b18953f5db2922a73aaf89652abf7b5ee95cb516" [[projects]] name = "github.com/spf13/pflag" @@ -293,13 +305,13 @@ "lex/httplex", "trace" ] - revision = "0ed95abb35c445290478a5348a7b38bb154135fd" + revision = "cbe0f9307d0156177f9dd5dc85da1a31abc5f2fb" [[projects]] branch = "master" name = "golang.org/x/sys" packages = ["unix"] - revision = "03467258950d845cd1877eab69461b98e8c09219" + revision = "37707fdb30a5b38865cfb95e5aab41707daec7fd" [[projects]] branch = "master" @@ -321,13 +333,13 @@ "unicode/rangetable", "width" ] - revision = "e19ae1496984b1c655b8044a65c0300a3c878dd3" + revision = "4e4a3210bb54bb31f6ab2cdca2edcc0b50c420c1" [[projects]] branch = "master" name = "google.golang.org/genproto" packages = ["googleapis/rpc/status"] - revision = "4eb30f4778eed4c258ba66527a0d4f9ec8a36c45" + revision = "2b5a72b8730b0b16380010cfe5286c42108d88e7" [[projects]] name = "google.golang.org/grpc" @@ -340,6 +352,7 @@ "connectivity", "credentials", "encoding", + "encoding/proto", "grpclb/grpc_lb_v1/messages", "grpclog", "health", @@ -357,8 +370,8 @@ "tap", "transport" ] - revision = "6b51017f791ae1cfbec89c52efdf444b13b550ef" - version = "v1.9.2" + revision = "8e4536a86ab602859c20df5ebfd0bd4228d08655" + version = "v1.10.0" [[projects]] name = "gopkg.in/inf.v0" @@ -410,7 +423,7 @@ branch = "master" name = "k8s.io/kube-openapi" packages = ["pkg/common"] - revision = "a07b7bbb58e7fdc5144f8d7046331d29fc9ad3b3" + revision = "50ae88d24ede7b8bad68e23c805b5d3da5c8abaf" [solve-meta] analyzer-name = "dep" diff --git a/vendor/vendor.json b/vendor/vendor.json index a02d5f4554c2..65a24f048682 100644 --- a/vendor/vendor.json +++ b/vendor/vendor.json @@ -1225,28 +1225,28 @@ "revisionTime": "2018-02-03T00:31:27Z" }, { - "checksumSHA1": "Dse2mmAcxZoMoe6xjhP1uZ6zbiU=", + "checksumSHA1": "fMVB9N2Oq1yEvuJEXXoaHhU+/1w=", "path": "github.com/hashicorp/vault-plugin-auth-centrify", - "revision": "9a63465d76159256de5dbdb8b23a213d48977fe0", - "revisionTime": "2018-01-26T13:58:44Z" + "revision": "8df2ab0af558697b167f5d946ef2bf100461339f", + "revisionTime": "2018-02-20T19:13:32Z" }, { "checksumSHA1": "eVlMWanJ2W+/9c1kz72iefRcrYM=", "path": "github.com/hashicorp/vault-plugin-auth-gcp/plugin", - "revision": "94cc987530e1fc757cdcacf8a057120165234970", - "revisionTime": "2018-01-26T14:00:40Z" + "revision": "f4b9d381481e2976a5ed9460f835979330bef28c", + "revisionTime": "2018-02-20T19:14:07Z" }, { "checksumSHA1": "ffJQvzbQvmCG/PdaElGSfGnDgNM=", "path": "github.com/hashicorp/vault-plugin-auth-gcp/plugin/util", - "revision": "94cc987530e1fc757cdcacf8a057120165234970", - "revisionTime": "2018-01-26T14:00:40Z" + "revision": "f4b9d381481e2976a5ed9460f835979330bef28c", + "revisionTime": "2018-02-20T19:14:07Z" }, { - "checksumSHA1": "mUY/3RGGEigHFro0reomV6ePRjA=", + "checksumSHA1": "Sx2Ezwlt8NFTkibr/sOaCYheM8c=", "path": "github.com/hashicorp/vault-plugin-auth-kubernetes", - "revision": "f33ac92b41e4634a4f70d48cf6fd3501c133ad1a", - "revisionTime": "2018-01-26T14:02:57Z" + "revision": "40c3fdcf46f52806d9c53b8de66f261e21f7fd59", + "revisionTime": "2018-02-20T19:14:46Z" }, { "checksumSHA1": "vTfeYxi0Z1y176bjQaYh1/FpQ9s=", From d6366e5f240b85a0758e82b2d94867fc270558e2 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Tue, 20 Feb 2018 14:51:20 -0500 Subject: [PATCH 176/178] Bump files for new version --- CHANGELOG.md | 10 +++++++++- scripts/cross/Dockerfile | 2 +- terraform/aws/variables.tf | 2 +- version/version_base.go | 2 +- website/config.rb | 2 +- 5 files changed, 13 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ba87d6be1ee1..1f024426de05 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,12 @@ -## 0.9.4 (Unreleased) +## 0.9.4 (February 20th, 2018) + +SECURITY: + + * Role Tags used with the EC2 style of AWS auth were being improperly parsed; + as a result they were not being used to properly restrict values. + Implementations following our suggestion of using these as defense-in-depth + rather than the only source of restriction should not have significant + impact. FEATURES: diff --git a/scripts/cross/Dockerfile b/scripts/cross/Dockerfile index 5f2d9794bc15..00c48addeecc 100644 --- a/scripts/cross/Dockerfile +++ b/scripts/cross/Dockerfile @@ -10,7 +10,7 @@ RUN apt-get update -y && apt-get install --no-install-recommends -y -q \ git mercurial bzr \ && rm -rf /var/lib/apt/lists/* -ENV GOVERSION 1.9.3 +ENV GOVERSION 1.10 RUN mkdir /goroot && mkdir /gopath RUN curl https://storage.googleapis.com/golang/go${GOVERSION}.linux-amd64.tar.gz \ | tar xvzf - -C /goroot --strip-components=1 diff --git a/terraform/aws/variables.tf b/terraform/aws/variables.tf index f06ae18c11d6..5760dffbe294 100644 --- a/terraform/aws/variables.tf +++ b/terraform/aws/variables.tf @@ -3,7 +3,7 @@ //------------------------------------------------------------------- variable "download-url" { - default = "https://releases.hashicorp.com/vault/0.9.3/vault_0.9.3_linux_amd64.zip" + default = "https://releases.hashicorp.com/vault/0.9.4/vault_0.9.4_linux_amd64.zip" description = "URL to download Vault" } diff --git a/version/version_base.go b/version/version_base.go index 089a8cda1bba..72ba855a8ba0 100644 --- a/version/version_base.go +++ b/version/version_base.go @@ -2,7 +2,7 @@ package version func init() { // The main version number that is being run at the moment. - Version = "0.9.3" + Version = "0.9.4" // A pre-release marker for the version. If this is "" (empty string) // then it means that it is a final release. Otherwise, this is a pre-release diff --git a/website/config.rb b/website/config.rb index 8602bcacc55a..d561fadc916d 100644 --- a/website/config.rb +++ b/website/config.rb @@ -2,7 +2,7 @@ activate :hashicorp do |h| h.name = "vault" - h.version = "0.9.3" + h.version = "0.9.4" h.github_slug = "hashicorp/vault" h.website_root = "website" end From 3d4bd6f3cb083e8ee5dac980db58474382a99834 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Tue, 20 Feb 2018 15:27:33 -0500 Subject: [PATCH 177/178] Remove netbsd/arm as it won't compile --- scripts/build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/build.sh b/scripts/build.sh index 35596244b68f..32ffe74dadc7 100755 --- a/scripts/build.sh +++ b/scripts/build.sh @@ -21,7 +21,7 @@ GIT_DIRTY="$(test -n "`git status --porcelain`" && echo "+CHANGES" || true)" # Determine the arch/os combos we're building for XC_ARCH=${XC_ARCH:-"386 amd64"} XC_OS=${XC_OS:-linux darwin windows freebsd openbsd netbsd solaris} -XC_OSARCH=${XC_OSARCH:-"linux/386 linux/amd64 linux/arm linux/arm64 darwin/386 darwin/amd64 windows/386 windows/amd64 freebsd/386 freebsd/amd64 freebsd/arm openbsd/386 openbsd/amd64 openbsd/arm netbsd/386 netbsd/amd64 netbsd/arm solaris/amd64"} +XC_OSARCH=${XC_OSARCH:-"linux/386 linux/amd64 linux/arm linux/arm64 darwin/386 darwin/amd64 windows/386 windows/amd64 freebsd/386 freebsd/amd64 freebsd/arm openbsd/386 openbsd/amd64 openbsd/arm netbsd/386 netbsd/amd64 solaris/amd64"} GOPATH=${GOPATH:-$(go env GOPATH)} case $(uname) in From 2e2c89a3d8d2f4876c64dee6ba3d4a5e08691aee Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Tue, 20 Feb 2018 15:27:37 -0500 Subject: [PATCH 178/178] Cut version 0.9.4