diff --git a/api/v1alpha1/userconfig/service/cassandra/cassandra.go b/api/v1alpha1/userconfig/service/cassandra/cassandra.go index 19fe1239..d92d07e7 100644 --- a/api/v1alpha1/userconfig/service/cassandra/cassandra.go +++ b/api/v1alpha1/userconfig/service/cassandra/cassandra.go @@ -44,7 +44,8 @@ type PublicAccess struct { } type CassandraUserConfig struct { // +kubebuilder:validation:MaxItems=1 - // Additional Cloud Regions for Backup Replication + // +kubebuilder:deprecatedversion:warning="additional_backup_regions is deprecated" + // Deprecated. Additional Cloud Regions for Backup Replication AdditionalBackupRegions []string `groups:"create,update" json:"additional_backup_regions,omitempty"` // +kubebuilder:validation:Minimum=0 diff --git a/api/v1alpha1/userconfig/service/kafka/kafka.go b/api/v1alpha1/userconfig/service/kafka/kafka.go index 01335562..17b8905f 100644 --- a/api/v1alpha1/userconfig/service/kafka/kafka.go +++ b/api/v1alpha1/userconfig/service/kafka/kafka.go @@ -88,6 +88,14 @@ type Kafka struct { // The maximum size in bytes of the offset index LogIndexSizeMaxBytes *int `groups:"create,update" json:"log_index_size_max_bytes,omitempty"` + // +kubebuilder:validation:Minimum=-2 + // The maximum size of local log segments that can grow for a partition before it gets eligible for deletion. If set to -2, the value of log.retention.bytes is used. The effective value should always be less than or equal to log.retention.bytes value. + LogLocalRetentionBytes *int `groups:"create,update" json:"log_local_retention_bytes,omitempty"` + + // +kubebuilder:validation:Minimum=-2 + // The number of milliseconds to keep the local log segments before it gets eligible for deletion. If set to -2, the value of log.retention.ms is used. The effective value should always be less than or equal to log.retention.ms value. + LogLocalRetentionMs *int `groups:"create,update" json:"log_local_retention_ms,omitempty"` + // This configuration controls whether down-conversion of message formats is enabled to satisfy consume requests. LogMessageDownconversionEnable *bool `groups:"create,update" json:"log_message_downconversion_enable,omitempty"` @@ -168,9 +176,6 @@ type Kafka struct { // The purge interval (in number of requests) of the producer request purgatory(defaults to 1000). ProducerPurgatoryPurgeIntervalRequests *int `groups:"create,update" json:"producer_purgatory_purge_interval_requests,omitempty"` - // Whether to enable the tiered storage functionality - RemoteLogStorageSystemEnable *bool `groups:"create,update" json:"remote_log_storage_system_enable,omitempty"` - // +kubebuilder:validation:Minimum=1048576 // +kubebuilder:validation:Maximum=104857600 // The number of bytes of messages to attempt to fetch for each partition (defaults to 1048576). This is not an absolute maximum, if the first record batch in the first non-empty partition of the fetch is larger than this value, the record batch will still be returned to ensure that progress can be made. diff --git a/api/v1alpha1/userconfig/service/kafka/zz_generated.deepcopy.go b/api/v1alpha1/userconfig/service/kafka/zz_generated.deepcopy.go index 9816618e..a411b013 100644 --- a/api/v1alpha1/userconfig/service/kafka/zz_generated.deepcopy.go +++ b/api/v1alpha1/userconfig/service/kafka/zz_generated.deepcopy.go @@ -112,6 +112,16 @@ func (in *Kafka) DeepCopyInto(out *Kafka) { *out = new(int) **out = **in } + if in.LogLocalRetentionBytes != nil { + in, out := &in.LogLocalRetentionBytes, &out.LogLocalRetentionBytes + *out = new(int) + **out = **in + } + if in.LogLocalRetentionMs != nil { + in, out := &in.LogLocalRetentionMs, &out.LogLocalRetentionMs + *out = new(int) + **out = **in + } if in.LogMessageDownconversionEnable != nil { in, out := &in.LogMessageDownconversionEnable, &out.LogMessageDownconversionEnable *out = new(bool) @@ -202,11 +212,6 @@ func (in *Kafka) DeepCopyInto(out *Kafka) { *out = new(int) **out = **in } - if in.RemoteLogStorageSystemEnable != nil { - in, out := &in.RemoteLogStorageSystemEnable, &out.RemoteLogStorageSystemEnable - *out = new(bool) - **out = **in - } if in.ReplicaFetchMaxBytes != nil { in, out := &in.ReplicaFetchMaxBytes, &out.ReplicaFetchMaxBytes *out = new(int) diff --git a/api/v1alpha1/userconfig/service/opensearch/opensearch.go b/api/v1alpha1/userconfig/service/opensearch/opensearch.go index baed611a..4d549750 100644 --- a/api/v1alpha1/userconfig/service/opensearch/opensearch.go +++ b/api/v1alpha1/userconfig/service/opensearch/opensearch.go @@ -105,6 +105,80 @@ type Openid struct { // The key in the JSON payload that stores the user’s name. If not defined, the subject registered claim is used. Most IdP providers use the preferred_username claim. Optional. SubjectKey *string `groups:"create,update" json:"subject_key,omitempty"` } +type InternalAuthenticationBackendLimiting struct { + // +kubebuilder:validation:Minimum=0 + // +kubebuilder:validation:Maximum=2147483647 + // The number of login attempts allowed before login is blocked + AllowedTries *int `groups:"create,update" json:"allowed_tries,omitempty"` + + // +kubebuilder:validation:MaxLength=1024 + // internal_authentication_backend_limiting.authentication_backend + AuthenticationBackend *string `groups:"create,update" json:"authentication_backend,omitempty"` + + // +kubebuilder:validation:Minimum=0 + // +kubebuilder:validation:Maximum=2147483647 + // The duration of time that login remains blocked after a failed login + BlockExpirySeconds *int `groups:"create,update" json:"block_expiry_seconds,omitempty"` + + // +kubebuilder:validation:Minimum=0 + // +kubebuilder:validation:Maximum=2147483647 + // internal_authentication_backend_limiting.max_blocked_clients + MaxBlockedClients *int `groups:"create,update" json:"max_blocked_clients,omitempty"` + + // +kubebuilder:validation:Minimum=0 + // +kubebuilder:validation:Maximum=2147483647 + // The maximum number of tracked IP addresses that have failed login + MaxTrackedClients *int `groups:"create,update" json:"max_tracked_clients,omitempty"` + + // +kubebuilder:validation:Minimum=0 + // +kubebuilder:validation:Maximum=2147483647 + // The window of time in which the value for `allowed_tries` is enforced + TimeWindowSeconds *int `groups:"create,update" json:"time_window_seconds,omitempty"` + + // +kubebuilder:validation:MaxLength=1024 + // internal_authentication_backend_limiting.type + Type *string `groups:"create,update" json:"type,omitempty"` +} + +// IP address rate limiting settings +type IpRateLimiting struct { + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=2147483647 + // The number of login attempts allowed before login is blocked + AllowedTries *int `groups:"create,update" json:"allowed_tries,omitempty"` + + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=36000 + // The duration of time that login remains blocked after a failed login + BlockExpirySeconds *int `groups:"create,update" json:"block_expiry_seconds,omitempty"` + + // +kubebuilder:validation:Minimum=0 + // +kubebuilder:validation:Maximum=2147483647 + // The maximum number of blocked IP addresses + MaxBlockedClients *int `groups:"create,update" json:"max_blocked_clients,omitempty"` + + // +kubebuilder:validation:Minimum=0 + // +kubebuilder:validation:Maximum=2147483647 + // The maximum number of tracked IP addresses that have failed login + MaxTrackedClients *int `groups:"create,update" json:"max_tracked_clients,omitempty"` + + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=36000 + // The window of time in which the value for `allowed_tries` is enforced + TimeWindowSeconds *int `groups:"create,update" json:"time_window_seconds,omitempty"` + + // +kubebuilder:validation:MaxLength=1024 + // The type of rate limiting + Type *string `groups:"create,update" json:"type,omitempty"` +} + +// Opensearch Security Plugin Settings +type AuthFailureListeners struct { + InternalAuthenticationBackendLimiting *InternalAuthenticationBackendLimiting `groups:"create,update" json:"internal_authentication_backend_limiting,omitempty"` + + // IP address rate limiting settings + IpRateLimiting *IpRateLimiting `groups:"create,update" json:"ip_rate_limiting,omitempty"` +} // OpenSearch settings type Opensearch struct { @@ -114,6 +188,9 @@ type Opensearch struct { // Require explicit index names when deleting ActionDestructiveRequiresName *bool `groups:"create,update" json:"action_destructive_requires_name,omitempty"` + // Opensearch Security Plugin Settings + AuthFailureListeners *AuthFailureListeners `groups:"create,update" json:"auth_failure_listeners,omitempty"` + // +kubebuilder:validation:Minimum=100 // +kubebuilder:validation:Maximum=10000 // Controls the number of shards allowed in the cluster per data node @@ -184,6 +261,31 @@ type Opensearch struct { // Number of file chunks sent in parallel for each recovery. Defaults to 2. IndicesRecoveryMaxConcurrentFileChunks *int `groups:"create,update" json:"indices_recovery_max_concurrent_file_chunks,omitempty"` + // Specifies whether ISM is enabled or not + IsmEnabled *bool `groups:"create,update" json:"ism_enabled,omitempty"` + + // Specifies whether audit history is enabled or not. The logs from ISM are automatically indexed to a logs document. + IsmHistoryEnabled *bool `groups:"create,update" json:"ism_history_enabled,omitempty"` + + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=2147483647 + // The maximum age before rolling over the audit history index in hours + IsmHistoryMaxAge *int `groups:"create,update" json:"ism_history_max_age,omitempty"` + + // +kubebuilder:validation:Minimum=1 + // The maximum number of documents before rolling over the audit history index. + IsmHistoryMaxDocs *int `groups:"create,update" json:"ism_history_max_docs,omitempty"` + + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=2147483647 + // The time between rollover checks for the audit history index in hours. + IsmHistoryRolloverCheckPeriod *int `groups:"create,update" json:"ism_history_rollover_check_period,omitempty"` + + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=2147483647 + // How long audit history indices are kept in days. + IsmHistoryRolloverRetentionPeriod *int `groups:"create,update" json:"ism_history_rollover_retention_period,omitempty"` + // Compatibility mode sets OpenSearch to report its version as 7.10 so clients continue to work. Default is false OverrideMainResponseVersion *bool `groups:"create,update" json:"override_main_response_version,omitempty"` diff --git a/api/v1alpha1/userconfig/service/opensearch/zz_generated.deepcopy.go b/api/v1alpha1/userconfig/service/opensearch/zz_generated.deepcopy.go index fc2b8fce..d0c30684 100644 --- a/api/v1alpha1/userconfig/service/opensearch/zz_generated.deepcopy.go +++ b/api/v1alpha1/userconfig/service/opensearch/zz_generated.deepcopy.go @@ -9,6 +9,31 @@ package opensearchuserconfig import () +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AuthFailureListeners) DeepCopyInto(out *AuthFailureListeners) { + *out = *in + if in.InternalAuthenticationBackendLimiting != nil { + in, out := &in.InternalAuthenticationBackendLimiting, &out.InternalAuthenticationBackendLimiting + *out = new(InternalAuthenticationBackendLimiting) + (*in).DeepCopyInto(*out) + } + if in.IpRateLimiting != nil { + in, out := &in.IpRateLimiting, &out.IpRateLimiting + *out = new(IpRateLimiting) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthFailureListeners. +func (in *AuthFailureListeners) DeepCopy() *AuthFailureListeners { + if in == nil { + return nil + } + out := new(AuthFailureListeners) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IndexPatterns) DeepCopyInto(out *IndexPatterns) { *out = *in @@ -59,6 +84,56 @@ func (in *IndexTemplate) DeepCopy() *IndexTemplate { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InternalAuthenticationBackendLimiting) DeepCopyInto(out *InternalAuthenticationBackendLimiting) { + *out = *in + if in.AllowedTries != nil { + in, out := &in.AllowedTries, &out.AllowedTries + *out = new(int) + **out = **in + } + if in.AuthenticationBackend != nil { + in, out := &in.AuthenticationBackend, &out.AuthenticationBackend + *out = new(string) + **out = **in + } + if in.BlockExpirySeconds != nil { + in, out := &in.BlockExpirySeconds, &out.BlockExpirySeconds + *out = new(int) + **out = **in + } + if in.MaxBlockedClients != nil { + in, out := &in.MaxBlockedClients, &out.MaxBlockedClients + *out = new(int) + **out = **in + } + if in.MaxTrackedClients != nil { + in, out := &in.MaxTrackedClients, &out.MaxTrackedClients + *out = new(int) + **out = **in + } + if in.TimeWindowSeconds != nil { + in, out := &in.TimeWindowSeconds, &out.TimeWindowSeconds + *out = new(int) + **out = **in + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InternalAuthenticationBackendLimiting. +func (in *InternalAuthenticationBackendLimiting) DeepCopy() *InternalAuthenticationBackendLimiting { + if in == nil { + return nil + } + out := new(InternalAuthenticationBackendLimiting) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IpFilter) DeepCopyInto(out *IpFilter) { *out = *in @@ -79,6 +154,51 @@ func (in *IpFilter) DeepCopy() *IpFilter { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IpRateLimiting) DeepCopyInto(out *IpRateLimiting) { + *out = *in + if in.AllowedTries != nil { + in, out := &in.AllowedTries, &out.AllowedTries + *out = new(int) + **out = **in + } + if in.BlockExpirySeconds != nil { + in, out := &in.BlockExpirySeconds, &out.BlockExpirySeconds + *out = new(int) + **out = **in + } + if in.MaxBlockedClients != nil { + in, out := &in.MaxBlockedClients, &out.MaxBlockedClients + *out = new(int) + **out = **in + } + if in.MaxTrackedClients != nil { + in, out := &in.MaxTrackedClients, &out.MaxTrackedClients + *out = new(int) + **out = **in + } + if in.TimeWindowSeconds != nil { + in, out := &in.TimeWindowSeconds, &out.TimeWindowSeconds + *out = new(int) + **out = **in + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IpRateLimiting. +func (in *IpRateLimiting) DeepCopy() *IpRateLimiting { + if in == nil { + return nil + } + out := new(IpRateLimiting) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Openid) DeepCopyInto(out *Openid) { *out = *in @@ -152,6 +272,11 @@ func (in *Opensearch) DeepCopyInto(out *Opensearch) { *out = new(bool) **out = **in } + if in.AuthFailureListeners != nil { + in, out := &in.AuthFailureListeners, &out.AuthFailureListeners + *out = new(AuthFailureListeners) + (*in).DeepCopyInto(*out) + } if in.ClusterMaxShardsPerNode != nil { in, out := &in.ClusterMaxShardsPerNode, &out.ClusterMaxShardsPerNode *out = new(int) @@ -222,6 +347,36 @@ func (in *Opensearch) DeepCopyInto(out *Opensearch) { *out = new(int) **out = **in } + if in.IsmEnabled != nil { + in, out := &in.IsmEnabled, &out.IsmEnabled + *out = new(bool) + **out = **in + } + if in.IsmHistoryEnabled != nil { + in, out := &in.IsmHistoryEnabled, &out.IsmHistoryEnabled + *out = new(bool) + **out = **in + } + if in.IsmHistoryMaxAge != nil { + in, out := &in.IsmHistoryMaxAge, &out.IsmHistoryMaxAge + *out = new(int) + **out = **in + } + if in.IsmHistoryMaxDocs != nil { + in, out := &in.IsmHistoryMaxDocs, &out.IsmHistoryMaxDocs + *out = new(int) + **out = **in + } + if in.IsmHistoryRolloverCheckPeriod != nil { + in, out := &in.IsmHistoryRolloverCheckPeriod, &out.IsmHistoryRolloverCheckPeriod + *out = new(int) + **out = **in + } + if in.IsmHistoryRolloverRetentionPeriod != nil { + in, out := &in.IsmHistoryRolloverRetentionPeriod, &out.IsmHistoryRolloverRetentionPeriod + *out = new(int) + **out = **in + } if in.OverrideMainResponseVersion != nil { in, out := &in.OverrideMainResponseVersion, &out.OverrideMainResponseVersion *out = new(bool) diff --git a/charts/aiven-operator-crds/templates/aiven.io_cassandras.yaml b/charts/aiven-operator-crds/templates/aiven.io_cassandras.yaml index b6bb97c6..f317a50c 100644 --- a/charts/aiven-operator-crds/templates/aiven.io_cassandras.yaml +++ b/charts/aiven-operator-crds/templates/aiven.io_cassandras.yaml @@ -184,7 +184,7 @@ spec: description: Cassandra specific user configuration options properties: additional_backup_regions: - description: Additional Cloud Regions for Backup Replication + description: Deprecated. Additional Cloud Regions for Backup Replication items: type: string maxItems: 1 diff --git a/charts/aiven-operator-crds/templates/aiven.io_kafkas.yaml b/charts/aiven-operator-crds/templates/aiven.io_kafkas.yaml index 33522fcd..13b6a94c 100644 --- a/charts/aiven-operator-crds/templates/aiven.io_kafkas.yaml +++ b/charts/aiven-operator-crds/templates/aiven.io_kafkas.yaml @@ -334,6 +334,22 @@ spec: maximum: 104857600 minimum: 1048576 type: integer + log_local_retention_bytes: + description: The maximum size of local log segments that can + grow for a partition before it gets eligible for deletion. + If set to -2, the value of log.retention.bytes is used. + The effective value should always be less than or equal + to log.retention.bytes value. + minimum: -2 + type: integer + log_local_retention_ms: + description: The number of milliseconds to keep the local + log segments before it gets eligible for deletion. If set + to -2, the value of log.retention.ms is used. The effective + value should always be less than or equal to log.retention.ms + value. + minimum: -2 + type: integer log_message_downconversion_enable: description: This configuration controls whether down-conversion of message formats is enabled to satisfy consume requests. @@ -435,9 +451,6 @@ spec: maximum: 10000 minimum: 10 type: integer - remote_log_storage_system_enable: - description: Whether to enable the tiered storage functionality - type: boolean replica_fetch_max_bytes: description: The number of bytes of messages to attempt to fetch for each partition (defaults to 1048576). This is diff --git a/charts/aiven-operator-crds/templates/aiven.io_opensearches.yaml b/charts/aiven-operator-crds/templates/aiven.io_opensearches.yaml index 51482a99..e73b2776 100644 --- a/charts/aiven-operator-crds/templates/aiven.io_opensearches.yaml +++ b/charts/aiven-operator-crds/templates/aiven.io_opensearches.yaml @@ -366,6 +366,87 @@ spec: action_destructive_requires_name: description: Require explicit index names when deleting type: boolean + auth_failure_listeners: + description: Opensearch Security Plugin Settings + properties: + internal_authentication_backend_limiting: + properties: + allowed_tries: + description: The number of login attempts allowed + before login is blocked + maximum: 2147483647 + minimum: 0 + type: integer + authentication_backend: + description: internal_authentication_backend_limiting.authentication_backend + maxLength: 1024 + type: string + block_expiry_seconds: + description: The duration of time that login remains + blocked after a failed login + maximum: 2147483647 + minimum: 0 + type: integer + max_blocked_clients: + description: internal_authentication_backend_limiting.max_blocked_clients + maximum: 2147483647 + minimum: 0 + type: integer + max_tracked_clients: + description: The maximum number of tracked IP addresses + that have failed login + maximum: 2147483647 + minimum: 0 + type: integer + time_window_seconds: + description: The window of time in which the value + for `allowed_tries` is enforced + maximum: 2147483647 + minimum: 0 + type: integer + type: + description: internal_authentication_backend_limiting.type + maxLength: 1024 + type: string + type: object + ip_rate_limiting: + description: IP address rate limiting settings + properties: + allowed_tries: + description: The number of login attempts allowed + before login is blocked + maximum: 2147483647 + minimum: 1 + type: integer + block_expiry_seconds: + description: The duration of time that login remains + blocked after a failed login + maximum: 36000 + minimum: 1 + type: integer + max_blocked_clients: + description: The maximum number of blocked IP addresses + maximum: 2147483647 + minimum: 0 + type: integer + max_tracked_clients: + description: The maximum number of tracked IP addresses + that have failed login + maximum: 2147483647 + minimum: 0 + type: integer + time_window_seconds: + description: The window of time in which the value + for `allowed_tries` is enforced + maximum: 36000 + minimum: 1 + type: integer + type: + description: The type of rate limiting + maxLength: 1024 + type: string + type: object + type: object cluster_max_shards_per_node: description: Controls the number of shards allowed in the cluster per data node @@ -461,6 +542,36 @@ spec: maximum: 5 minimum: 2 type: integer + ism_enabled: + description: Specifies whether ISM is enabled or not + type: boolean + ism_history_enabled: + description: Specifies whether audit history is enabled or + not. The logs from ISM are automatically indexed to a logs + document. + type: boolean + ism_history_max_age: + description: The maximum age before rolling over the audit + history index in hours + maximum: 2147483647 + minimum: 1 + type: integer + ism_history_max_docs: + description: The maximum number of documents before rolling + over the audit history index. + minimum: 1 + type: integer + ism_history_rollover_check_period: + description: The time between rollover checks for the audit + history index in hours. + maximum: 2147483647 + minimum: 1 + type: integer + ism_history_rollover_retention_period: + description: How long audit history indices are kept in days. + maximum: 2147483647 + minimum: 1 + type: integer override_main_response_version: description: Compatibility mode sets OpenSearch to report its version as 7.10 so clients continue to work. Default diff --git a/config/crd/bases/aiven.io_cassandras.yaml b/config/crd/bases/aiven.io_cassandras.yaml index b6bb97c6..f317a50c 100644 --- a/config/crd/bases/aiven.io_cassandras.yaml +++ b/config/crd/bases/aiven.io_cassandras.yaml @@ -184,7 +184,7 @@ spec: description: Cassandra specific user configuration options properties: additional_backup_regions: - description: Additional Cloud Regions for Backup Replication + description: Deprecated. Additional Cloud Regions for Backup Replication items: type: string maxItems: 1 diff --git a/config/crd/bases/aiven.io_kafkas.yaml b/config/crd/bases/aiven.io_kafkas.yaml index 33522fcd..13b6a94c 100644 --- a/config/crd/bases/aiven.io_kafkas.yaml +++ b/config/crd/bases/aiven.io_kafkas.yaml @@ -334,6 +334,22 @@ spec: maximum: 104857600 minimum: 1048576 type: integer + log_local_retention_bytes: + description: The maximum size of local log segments that can + grow for a partition before it gets eligible for deletion. + If set to -2, the value of log.retention.bytes is used. + The effective value should always be less than or equal + to log.retention.bytes value. + minimum: -2 + type: integer + log_local_retention_ms: + description: The number of milliseconds to keep the local + log segments before it gets eligible for deletion. If set + to -2, the value of log.retention.ms is used. The effective + value should always be less than or equal to log.retention.ms + value. + minimum: -2 + type: integer log_message_downconversion_enable: description: This configuration controls whether down-conversion of message formats is enabled to satisfy consume requests. @@ -435,9 +451,6 @@ spec: maximum: 10000 minimum: 10 type: integer - remote_log_storage_system_enable: - description: Whether to enable the tiered storage functionality - type: boolean replica_fetch_max_bytes: description: The number of bytes of messages to attempt to fetch for each partition (defaults to 1048576). This is diff --git a/config/crd/bases/aiven.io_opensearches.yaml b/config/crd/bases/aiven.io_opensearches.yaml index 51482a99..e73b2776 100644 --- a/config/crd/bases/aiven.io_opensearches.yaml +++ b/config/crd/bases/aiven.io_opensearches.yaml @@ -366,6 +366,87 @@ spec: action_destructive_requires_name: description: Require explicit index names when deleting type: boolean + auth_failure_listeners: + description: Opensearch Security Plugin Settings + properties: + internal_authentication_backend_limiting: + properties: + allowed_tries: + description: The number of login attempts allowed + before login is blocked + maximum: 2147483647 + minimum: 0 + type: integer + authentication_backend: + description: internal_authentication_backend_limiting.authentication_backend + maxLength: 1024 + type: string + block_expiry_seconds: + description: The duration of time that login remains + blocked after a failed login + maximum: 2147483647 + minimum: 0 + type: integer + max_blocked_clients: + description: internal_authentication_backend_limiting.max_blocked_clients + maximum: 2147483647 + minimum: 0 + type: integer + max_tracked_clients: + description: The maximum number of tracked IP addresses + that have failed login + maximum: 2147483647 + minimum: 0 + type: integer + time_window_seconds: + description: The window of time in which the value + for `allowed_tries` is enforced + maximum: 2147483647 + minimum: 0 + type: integer + type: + description: internal_authentication_backend_limiting.type + maxLength: 1024 + type: string + type: object + ip_rate_limiting: + description: IP address rate limiting settings + properties: + allowed_tries: + description: The number of login attempts allowed + before login is blocked + maximum: 2147483647 + minimum: 1 + type: integer + block_expiry_seconds: + description: The duration of time that login remains + blocked after a failed login + maximum: 36000 + minimum: 1 + type: integer + max_blocked_clients: + description: The maximum number of blocked IP addresses + maximum: 2147483647 + minimum: 0 + type: integer + max_tracked_clients: + description: The maximum number of tracked IP addresses + that have failed login + maximum: 2147483647 + minimum: 0 + type: integer + time_window_seconds: + description: The window of time in which the value + for `allowed_tries` is enforced + maximum: 36000 + minimum: 1 + type: integer + type: + description: The type of rate limiting + maxLength: 1024 + type: string + type: object + type: object cluster_max_shards_per_node: description: Controls the number of shards allowed in the cluster per data node @@ -461,6 +542,36 @@ spec: maximum: 5 minimum: 2 type: integer + ism_enabled: + description: Specifies whether ISM is enabled or not + type: boolean + ism_history_enabled: + description: Specifies whether audit history is enabled or + not. The logs from ISM are automatically indexed to a logs + document. + type: boolean + ism_history_max_age: + description: The maximum age before rolling over the audit + history index in hours + maximum: 2147483647 + minimum: 1 + type: integer + ism_history_max_docs: + description: The maximum number of documents before rolling + over the audit history index. + minimum: 1 + type: integer + ism_history_rollover_check_period: + description: The time between rollover checks for the audit + history index in hours. + maximum: 2147483647 + minimum: 1 + type: integer + ism_history_rollover_retention_period: + description: How long audit history indices are kept in days. + maximum: 2147483647 + minimum: 1 + type: integer override_main_response_version: description: Compatibility mode sets OpenSearch to report its version as 7.10 so clients continue to work. Default diff --git a/docs/docs/api-reference/cassandra.md b/docs/docs/api-reference/cassandra.md index 52639ebb..5a5bdff6 100644 --- a/docs/docs/api-reference/cassandra.md +++ b/docs/docs/api-reference/cassandra.md @@ -136,7 +136,7 @@ Cassandra specific user configuration options. **Optional** -- [`additional_backup_regions`](#spec.userConfig.additional_backup_regions-property){: name='spec.userConfig.additional_backup_regions-property'} (array of strings, MaxItems: 1). Additional Cloud Regions for Backup Replication. +- [`additional_backup_regions`](#spec.userConfig.additional_backup_regions-property){: name='spec.userConfig.additional_backup_regions-property'} (array of strings, MaxItems: 1). Deprecated. Additional Cloud Regions for Backup Replication. - [`backup_hour`](#spec.userConfig.backup_hour-property){: name='spec.userConfig.backup_hour-property'} (integer, Minimum: 0, Maximum: 23). The hour of day (in UTC) when backup for the service is started. New backup is only started if previous backup has already completed. - [`backup_minute`](#spec.userConfig.backup_minute-property){: name='spec.userConfig.backup_minute-property'} (integer, Minimum: 0, Maximum: 59). The minute of an hour when backup for the service is started. New backup is only started if previous backup has already completed. - [`cassandra`](#spec.userConfig.cassandra-property){: name='spec.userConfig.cassandra-property'} (object). cassandra configuration values. See below for [nested schema](#spec.userConfig.cassandra). diff --git a/docs/docs/api-reference/kafka.md b/docs/docs/api-reference/kafka.md index 99ef9808..6a792cb3 100644 --- a/docs/docs/api-reference/kafka.md +++ b/docs/docs/api-reference/kafka.md @@ -185,6 +185,8 @@ Kafka broker configuration values. - [`log_flush_interval_ms`](#spec.userConfig.kafka.log_flush_interval_ms-property){: name='spec.userConfig.kafka.log_flush_interval_ms-property'} (integer, Minimum: 0). The maximum time in ms that a message in any topic is kept in memory before flushed to disk. If not set, the value in log.flush.scheduler.interval.ms is used. - [`log_index_interval_bytes`](#spec.userConfig.kafka.log_index_interval_bytes-property){: name='spec.userConfig.kafka.log_index_interval_bytes-property'} (integer, Minimum: 0, Maximum: 104857600). The interval with which Kafka adds an entry to the offset index. - [`log_index_size_max_bytes`](#spec.userConfig.kafka.log_index_size_max_bytes-property){: name='spec.userConfig.kafka.log_index_size_max_bytes-property'} (integer, Minimum: 1048576, Maximum: 104857600). The maximum size in bytes of the offset index. +- [`log_local_retention_bytes`](#spec.userConfig.kafka.log_local_retention_bytes-property){: name='spec.userConfig.kafka.log_local_retention_bytes-property'} (integer, Minimum: -2). The maximum size of local log segments that can grow for a partition before it gets eligible for deletion. If set to -2, the value of log.retention.bytes is used. The effective value should always be less than or equal to log.retention.bytes value. +- [`log_local_retention_ms`](#spec.userConfig.kafka.log_local_retention_ms-property){: name='spec.userConfig.kafka.log_local_retention_ms-property'} (integer, Minimum: -2). The number of milliseconds to keep the local log segments before it gets eligible for deletion. If set to -2, the value of log.retention.ms is used. The effective value should always be less than or equal to log.retention.ms value. - [`log_message_downconversion_enable`](#spec.userConfig.kafka.log_message_downconversion_enable-property){: name='spec.userConfig.kafka.log_message_downconversion_enable-property'} (boolean). This configuration controls whether down-conversion of message formats is enabled to satisfy consume requests. - [`log_message_timestamp_difference_max_ms`](#spec.userConfig.kafka.log_message_timestamp_difference_max_ms-property){: name='spec.userConfig.kafka.log_message_timestamp_difference_max_ms-property'} (integer, Minimum: 0). The maximum difference allowed between the timestamp when a broker receives a message and the timestamp specified in the message. - [`log_message_timestamp_type`](#spec.userConfig.kafka.log_message_timestamp_type-property){: name='spec.userConfig.kafka.log_message_timestamp_type-property'} (string, Enum: `CreateTime`, `LogAppendTime`). Define whether the timestamp in the message is message create time or log append time. @@ -203,7 +205,6 @@ Kafka broker configuration values. - [`num_partitions`](#spec.userConfig.kafka.num_partitions-property){: name='spec.userConfig.kafka.num_partitions-property'} (integer, Minimum: 1, Maximum: 1000). Number of partitions for autocreated topics. - [`offsets_retention_minutes`](#spec.userConfig.kafka.offsets_retention_minutes-property){: name='spec.userConfig.kafka.offsets_retention_minutes-property'} (integer, Minimum: 1, Maximum: 2147483647). Log retention window in minutes for offsets topic. - [`producer_purgatory_purge_interval_requests`](#spec.userConfig.kafka.producer_purgatory_purge_interval_requests-property){: name='spec.userConfig.kafka.producer_purgatory_purge_interval_requests-property'} (integer, Minimum: 10, Maximum: 10000). The purge interval (in number of requests) of the producer request purgatory(defaults to 1000). -- [`remote_log_storage_system_enable`](#spec.userConfig.kafka.remote_log_storage_system_enable-property){: name='spec.userConfig.kafka.remote_log_storage_system_enable-property'} (boolean). Whether to enable the tiered storage functionality. - [`replica_fetch_max_bytes`](#spec.userConfig.kafka.replica_fetch_max_bytes-property){: name='spec.userConfig.kafka.replica_fetch_max_bytes-property'} (integer, Minimum: 1048576, Maximum: 104857600). The number of bytes of messages to attempt to fetch for each partition (defaults to 1048576). This is not an absolute maximum, if the first record batch in the first non-empty partition of the fetch is larger than this value, the record batch will still be returned to ensure that progress can be made. - [`replica_fetch_response_max_bytes`](#spec.userConfig.kafka.replica_fetch_response_max_bytes-property){: name='spec.userConfig.kafka.replica_fetch_response_max_bytes-property'} (integer, Minimum: 10485760, Maximum: 1048576000). Maximum bytes expected for the entire fetch response (defaults to 10485760). Records are fetched in batches, and if the first record batch in the first non-empty partition of the fetch is larger than this value, the record batch will still be returned to ensure that progress can be made. As such, this is not an absolute maximum. - [`socket_request_max_bytes`](#spec.userConfig.kafka.socket_request_max_bytes-property){: name='spec.userConfig.kafka.socket_request_max_bytes-property'} (integer, Minimum: 10485760, Maximum: 209715200). The maximum number of bytes in a socket request (defaults to 104857600). diff --git a/docs/docs/api-reference/opensearch.md b/docs/docs/api-reference/opensearch.md index 95984afd..d1c1bfc0 100644 --- a/docs/docs/api-reference/opensearch.md +++ b/docs/docs/api-reference/opensearch.md @@ -224,6 +224,7 @@ OpenSearch settings. - [`action_auto_create_index_enabled`](#spec.userConfig.opensearch.action_auto_create_index_enabled-property){: name='spec.userConfig.opensearch.action_auto_create_index_enabled-property'} (boolean). Explicitly allow or block automatic creation of indices. Defaults to true. - [`action_destructive_requires_name`](#spec.userConfig.opensearch.action_destructive_requires_name-property){: name='spec.userConfig.opensearch.action_destructive_requires_name-property'} (boolean). Require explicit index names when deleting. +- [`auth_failure_listeners`](#spec.userConfig.opensearch.auth_failure_listeners-property){: name='spec.userConfig.opensearch.auth_failure_listeners-property'} (object). Opensearch Security Plugin Settings. See below for [nested schema](#spec.userConfig.opensearch.auth_failure_listeners). - [`cluster_max_shards_per_node`](#spec.userConfig.opensearch.cluster_max_shards_per_node-property){: name='spec.userConfig.opensearch.cluster_max_shards_per_node-property'} (integer, Minimum: 100, Maximum: 10000). Controls the number of shards allowed in the cluster per data node. - [`cluster_routing_allocation_node_concurrent_recoveries`](#spec.userConfig.opensearch.cluster_routing_allocation_node_concurrent_recoveries-property){: name='spec.userConfig.opensearch.cluster_routing_allocation_node_concurrent_recoveries-property'} (integer, Minimum: 2, Maximum: 16). How many concurrent incoming/outgoing shard recoveries (normally replicas) are allowed to happen on a node. Defaults to 2. - [`email_sender_name`](#spec.userConfig.opensearch.email_sender_name-property){: name='spec.userConfig.opensearch.email_sender_name-property'} (string, Pattern: `^[a-zA-Z0-9-_]+$`, MaxLength: 40). Sender name placeholder to be used in Opensearch Dashboards and Opensearch keystore. @@ -238,6 +239,12 @@ OpenSearch settings. - [`indices_query_bool_max_clause_count`](#spec.userConfig.opensearch.indices_query_bool_max_clause_count-property){: name='spec.userConfig.opensearch.indices_query_bool_max_clause_count-property'} (integer, Minimum: 64, Maximum: 4096). Maximum number of clauses Lucene BooleanQuery can have. The default value (1024) is relatively high, and increasing it may cause performance issues. Investigate other approaches first before increasing this value. - [`indices_recovery_max_bytes_per_sec`](#spec.userConfig.opensearch.indices_recovery_max_bytes_per_sec-property){: name='spec.userConfig.opensearch.indices_recovery_max_bytes_per_sec-property'} (integer, Minimum: 40, Maximum: 400). Limits total inbound and outbound recovery traffic for each node. Applies to both peer recoveries as well as snapshot recoveries (i.e., restores from a snapshot). Defaults to 40mb. - [`indices_recovery_max_concurrent_file_chunks`](#spec.userConfig.opensearch.indices_recovery_max_concurrent_file_chunks-property){: name='spec.userConfig.opensearch.indices_recovery_max_concurrent_file_chunks-property'} (integer, Minimum: 2, Maximum: 5). Number of file chunks sent in parallel for each recovery. Defaults to 2. +- [`ism_enabled`](#spec.userConfig.opensearch.ism_enabled-property){: name='spec.userConfig.opensearch.ism_enabled-property'} (boolean). Specifies whether ISM is enabled or not. +- [`ism_history_enabled`](#spec.userConfig.opensearch.ism_history_enabled-property){: name='spec.userConfig.opensearch.ism_history_enabled-property'} (boolean). Specifies whether audit history is enabled or not. The logs from ISM are automatically indexed to a logs document. +- [`ism_history_max_age`](#spec.userConfig.opensearch.ism_history_max_age-property){: name='spec.userConfig.opensearch.ism_history_max_age-property'} (integer, Minimum: 1, Maximum: 2147483647). The maximum age before rolling over the audit history index in hours. +- [`ism_history_max_docs`](#spec.userConfig.opensearch.ism_history_max_docs-property){: name='spec.userConfig.opensearch.ism_history_max_docs-property'} (integer, Minimum: 1). The maximum number of documents before rolling over the audit history index. +- [`ism_history_rollover_check_period`](#spec.userConfig.opensearch.ism_history_rollover_check_period-property){: name='spec.userConfig.opensearch.ism_history_rollover_check_period-property'} (integer, Minimum: 1, Maximum: 2147483647). The time between rollover checks for the audit history index in hours. +- [`ism_history_rollover_retention_period`](#spec.userConfig.opensearch.ism_history_rollover_retention_period-property){: name='spec.userConfig.opensearch.ism_history_rollover_retention_period-property'} (integer, Minimum: 1, Maximum: 2147483647). How long audit history indices are kept in days. - [`override_main_response_version`](#spec.userConfig.opensearch.override_main_response_version-property){: name='spec.userConfig.opensearch.override_main_response_version-property'} (boolean). Compatibility mode sets OpenSearch to report its version as 7.10 so clients continue to work. Default is false. - [`reindex_remote_whitelist`](#spec.userConfig.opensearch.reindex_remote_whitelist-property){: name='spec.userConfig.opensearch.reindex_remote_whitelist-property'} (array of strings, MaxItems: 32). Whitelisted addresses for reindexing. Changing this value will cause all OpenSearch instances to restart. - [`script_max_compilations_rate`](#spec.userConfig.opensearch.script_max_compilations_rate-property){: name='spec.userConfig.opensearch.script_max_compilations_rate-property'} (string, MaxLength: 1024). Script compilation circuit breaker limits the number of inline script compilations within a period of time. Default is use-context. @@ -254,6 +261,46 @@ OpenSearch settings. - [`thread_pool_write_queue_size`](#spec.userConfig.opensearch.thread_pool_write_queue_size-property){: name='spec.userConfig.opensearch.thread_pool_write_queue_size-property'} (integer, Minimum: 10, Maximum: 2000). Size for the thread pool queue. See documentation for exact details. - [`thread_pool_write_size`](#spec.userConfig.opensearch.thread_pool_write_size-property){: name='spec.userConfig.opensearch.thread_pool_write_size-property'} (integer, Minimum: 1, Maximum: 128). Size for the thread pool. See documentation for exact details. Do note this may have maximum value depending on CPU count - value is automatically lowered if set to higher than maximum value. +#### auth_failure_listeners {: #spec.userConfig.opensearch.auth_failure_listeners } + +_Appears on [`spec.userConfig.opensearch`](#spec.userConfig.opensearch)._ + +Opensearch Security Plugin Settings. + +**Optional** + +- [`internal_authentication_backend_limiting`](#spec.userConfig.opensearch.auth_failure_listeners.internal_authentication_backend_limiting-property){: name='spec.userConfig.opensearch.auth_failure_listeners.internal_authentication_backend_limiting-property'} (object). See below for [nested schema](#spec.userConfig.opensearch.auth_failure_listeners.internal_authentication_backend_limiting). +- [`ip_rate_limiting`](#spec.userConfig.opensearch.auth_failure_listeners.ip_rate_limiting-property){: name='spec.userConfig.opensearch.auth_failure_listeners.ip_rate_limiting-property'} (object). IP address rate limiting settings. See below for [nested schema](#spec.userConfig.opensearch.auth_failure_listeners.ip_rate_limiting). + +##### internal_authentication_backend_limiting {: #spec.userConfig.opensearch.auth_failure_listeners.internal_authentication_backend_limiting } + +_Appears on [`spec.userConfig.opensearch.auth_failure_listeners`](#spec.userConfig.opensearch.auth_failure_listeners)._ + +**Optional** + +- [`allowed_tries`](#spec.userConfig.opensearch.auth_failure_listeners.internal_authentication_backend_limiting.allowed_tries-property){: name='spec.userConfig.opensearch.auth_failure_listeners.internal_authentication_backend_limiting.allowed_tries-property'} (integer, Minimum: 0, Maximum: 2147483647). The number of login attempts allowed before login is blocked. +- [`authentication_backend`](#spec.userConfig.opensearch.auth_failure_listeners.internal_authentication_backend_limiting.authentication_backend-property){: name='spec.userConfig.opensearch.auth_failure_listeners.internal_authentication_backend_limiting.authentication_backend-property'} (string, MaxLength: 1024). internal_authentication_backend_limiting.authentication_backend. +- [`block_expiry_seconds`](#spec.userConfig.opensearch.auth_failure_listeners.internal_authentication_backend_limiting.block_expiry_seconds-property){: name='spec.userConfig.opensearch.auth_failure_listeners.internal_authentication_backend_limiting.block_expiry_seconds-property'} (integer, Minimum: 0, Maximum: 2147483647). The duration of time that login remains blocked after a failed login. +- [`max_blocked_clients`](#spec.userConfig.opensearch.auth_failure_listeners.internal_authentication_backend_limiting.max_blocked_clients-property){: name='spec.userConfig.opensearch.auth_failure_listeners.internal_authentication_backend_limiting.max_blocked_clients-property'} (integer, Minimum: 0, Maximum: 2147483647). internal_authentication_backend_limiting.max_blocked_clients. +- [`max_tracked_clients`](#spec.userConfig.opensearch.auth_failure_listeners.internal_authentication_backend_limiting.max_tracked_clients-property){: name='spec.userConfig.opensearch.auth_failure_listeners.internal_authentication_backend_limiting.max_tracked_clients-property'} (integer, Minimum: 0, Maximum: 2147483647). The maximum number of tracked IP addresses that have failed login. +- [`time_window_seconds`](#spec.userConfig.opensearch.auth_failure_listeners.internal_authentication_backend_limiting.time_window_seconds-property){: name='spec.userConfig.opensearch.auth_failure_listeners.internal_authentication_backend_limiting.time_window_seconds-property'} (integer, Minimum: 0, Maximum: 2147483647). The window of time in which the value for `allowed_tries` is enforced. +- [`type`](#spec.userConfig.opensearch.auth_failure_listeners.internal_authentication_backend_limiting.type-property){: name='spec.userConfig.opensearch.auth_failure_listeners.internal_authentication_backend_limiting.type-property'} (string, MaxLength: 1024). internal_authentication_backend_limiting.type. + +##### ip_rate_limiting {: #spec.userConfig.opensearch.auth_failure_listeners.ip_rate_limiting } + +_Appears on [`spec.userConfig.opensearch.auth_failure_listeners`](#spec.userConfig.opensearch.auth_failure_listeners)._ + +IP address rate limiting settings. + +**Optional** + +- [`allowed_tries`](#spec.userConfig.opensearch.auth_failure_listeners.ip_rate_limiting.allowed_tries-property){: name='spec.userConfig.opensearch.auth_failure_listeners.ip_rate_limiting.allowed_tries-property'} (integer, Minimum: 1, Maximum: 2147483647). The number of login attempts allowed before login is blocked. +- [`block_expiry_seconds`](#spec.userConfig.opensearch.auth_failure_listeners.ip_rate_limiting.block_expiry_seconds-property){: name='spec.userConfig.opensearch.auth_failure_listeners.ip_rate_limiting.block_expiry_seconds-property'} (integer, Minimum: 1, Maximum: 36000). The duration of time that login remains blocked after a failed login. +- [`max_blocked_clients`](#spec.userConfig.opensearch.auth_failure_listeners.ip_rate_limiting.max_blocked_clients-property){: name='spec.userConfig.opensearch.auth_failure_listeners.ip_rate_limiting.max_blocked_clients-property'} (integer, Minimum: 0, Maximum: 2147483647). The maximum number of blocked IP addresses. +- [`max_tracked_clients`](#spec.userConfig.opensearch.auth_failure_listeners.ip_rate_limiting.max_tracked_clients-property){: name='spec.userConfig.opensearch.auth_failure_listeners.ip_rate_limiting.max_tracked_clients-property'} (integer, Minimum: 0, Maximum: 2147483647). The maximum number of tracked IP addresses that have failed login. +- [`time_window_seconds`](#spec.userConfig.opensearch.auth_failure_listeners.ip_rate_limiting.time_window_seconds-property){: name='spec.userConfig.opensearch.auth_failure_listeners.ip_rate_limiting.time_window_seconds-property'} (integer, Minimum: 1, Maximum: 36000). The window of time in which the value for `allowed_tries` is enforced. +- [`type`](#spec.userConfig.opensearch.auth_failure_listeners.ip_rate_limiting.type-property){: name='spec.userConfig.opensearch.auth_failure_listeners.ip_rate_limiting.type-property'} (string, MaxLength: 1024). The type of rate limiting. + ### opensearch_dashboards {: #spec.userConfig.opensearch_dashboards } _Appears on [`spec.userConfig`](#spec.userConfig)._ diff --git a/generators/docs/generator.go b/generators/docs/generator.go index 601853ec..3ce1fef1 100644 --- a/generators/docs/generator.go +++ b/generators/docs/generator.go @@ -6,6 +6,7 @@ import ( "os" "path" "regexp" + "sort" "strings" "text/template" @@ -179,10 +180,9 @@ func (s *schemaType) init() { s.properties = append(s.properties, v) } - slices.SortFunc(s.properties, func(a, b *schemaType) bool { - return a.Name < b.Name + sort.Slice(s.properties, func(i, j int) bool { + return s.properties[i].Name < s.properties[j].Name }) - } // ListProperties lists all object properties diff --git a/go.mod b/go.mod index db8705b9..a4c4127c 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,7 @@ require ( github.com/stoewer/go-strcase v1.3.0 github.com/stretchr/testify v1.8.4 github.com/xeipuuv/gojsonschema v1.2.0 - golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e + golang.org/x/exp v0.0.0-20230905200255-921286631fa9 golang.org/x/sync v0.3.0 golang.org/x/tools v0.13.0 gopkg.in/yaml.v3 v3.0.1 @@ -54,7 +54,7 @@ require ( github.com/google/uuid v1.3.0 // indirect github.com/hashicorp/errwrap v1.0.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect - github.com/hashicorp/go-retryablehttp v0.7.2 // indirect + github.com/hashicorp/go-retryablehttp v0.7.4 // indirect github.com/hashicorp/go-version v0.0.0-20161031182605-e96d38404026 // indirect github.com/imdario/mergo v0.3.12 // indirect github.com/josharian/intern v1.0.0 // indirect diff --git a/go.sum b/go.sum index 45bdaad8..d78b526b 100644 --- a/go.sum +++ b/go.sum @@ -241,8 +241,8 @@ github.com/hashicorp/go-hclog v0.9.2 h1:CG6TE5H9/JXsFWJCfoIVpKFIkFe6ysEuHirp4DxC github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= -github.com/hashicorp/go-retryablehttp v0.7.2 h1:AcYqCvkpalPnPF2pn0KamgwamS42TqUDDYFRKq/RAd0= -github.com/hashicorp/go-retryablehttp v0.7.2/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8= +github.com/hashicorp/go-retryablehttp v0.7.4 h1:ZQgVdpTdAL7WpMIwLzCfbalOcSUdkDZnpUv3/+BxzFA= +github.com/hashicorp/go-retryablehttp v0.7.4/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8= github.com/hashicorp/go-version v0.0.0-20161031182605-e96d38404026 h1:qWx/DcC6l4ZzuS+JBAzI5XjtLFDCc08zYeZ0kLnaH2g= github.com/hashicorp/go-version v0.0.0-20161031182605-e96d38404026/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= @@ -412,8 +412,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e h1:+WEEuIdZHnUeJJmEUjyYC2gfUMj69yZXw17EnHg/otA= -golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e/go.mod h1:Kr81I6Kryrl9sr8s2FK3vxD90NdsKWRuOIl2O4CvYbA= +golang.org/x/exp v0.0.0-20230905200255-921286631fa9 h1:GoHiUyI/Tp2nVkLI2mCxVkOjsbSXD66ic0XW0js0R9g= +golang.org/x/exp v0.0.0-20230905200255-921286631fa9/go.mod h1:S2oDrQGGwySpoQPVqRShND87VCbxmc6bL1Yd2oYrm6k= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=