status:
lastVersion:
diff --git a/api/protobuf-spec/github_com_openshift_api_build_v1.proto b/api/protobuf-spec/github_com_openshift_api_build_v1.proto
index 2f6b987b077a..e4b3b50e961a 100644
--- a/api/protobuf-spec/github_com_openshift_api_build_v1.proto
+++ b/api/protobuf-spec/github_com_openshift_api_build_v1.proto
@@ -780,6 +780,9 @@ message ImageChangeTrigger {
// will be used. Only one ImageChangeTrigger with an empty From reference is allowed in
// a build configuration.
optional k8s.io.api.core.v1.ObjectReference from = 2;
+
+ // paused is true if this trigger is temporarily disabled. Optional.
+ optional bool paused = 3;
}
// ImageLabel represents a label applied to the resulting image.
diff --git a/api/protobuf-spec/github_com_openshift_api_security_v1.proto b/api/protobuf-spec/github_com_openshift_api_security_v1.proto
index f539332db854..ee508a8851c5 100644
--- a/api/protobuf-spec/github_com_openshift_api_security_v1.proto
+++ b/api/protobuf-spec/github_com_openshift_api_security_v1.proto
@@ -238,6 +238,16 @@ message SecurityContextConstraints {
// AllowHostIPC determines if the policy allows host ipc in the containers.
optional bool allowHostIPC = 12;
+ // DefaultAllowPrivilegeEscalation controls the default setting for whether a
+ // process can gain more privileges than its parent process.
+ // +optional
+ optional bool defaultAllowPrivilegeEscalation = 22;
+
+ // AllowPrivilegeEscalation determines if a pod can request to allow
+ // privilege escalation. If unspecified, defaults to true.
+ // +optional
+ optional bool allowPrivilegeEscalation = 23;
+
// SELinuxContext is the strategy that will dictate what labels will be set in the SecurityContext.
optional SELinuxContextStrategyOptions seLinuxContext = 13;
diff --git a/api/swagger-spec/api-v1.json b/api/swagger-spec/api-v1.json
index 2791347e2998..7659c9255be4 100644
--- a/api/swagger-spec/api-v1.json
+++ b/api/swagger-spec/api-v1.json
@@ -24147,6 +24147,14 @@
"type": "boolean",
"description": "AllowHostIPC determines if the policy allows host ipc in the containers."
},
+ "defaultAllowPrivilegeEscalation": {
+ "type": "boolean",
+ "description": "DefaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process."
+ },
+ "allowPrivilegeEscalation": {
+ "type": "boolean",
+ "description": "AllowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true."
+ },
"seLinuxContext": {
"$ref": "v1.SELinuxContextStrategyOptions",
"description": "SELinuxContext is the strategy that will dictate what labels will be set in the SecurityContext."
diff --git a/api/swagger-spec/oapi-v1.json b/api/swagger-spec/oapi-v1.json
index f1121d41e253..ad52333ad9d6 100644
--- a/api/swagger-spec/oapi-v1.json
+++ b/api/swagger-spec/oapi-v1.json
@@ -24164,6 +24164,10 @@
"from": {
"$ref": "v1.ObjectReference",
"description": "from is a reference to an ImageStreamTag that will trigger a build when updated It is optional. If no From is specified, the From image from the build strategy will be used. Only one ImageChangeTrigger with an empty From reference is allowed in a build configuration."
+ },
+ "paused": {
+ "type": "boolean",
+ "description": "paused is true if this trigger is temporarily disabled. Optional."
}
}
},
diff --git a/api/swagger-spec/openshift-openapi-spec.json b/api/swagger-spec/openshift-openapi-spec.json
index 946e698fac10..a9f363285e8b 100644
--- a/api/swagger-spec/openshift-openapi-spec.json
+++ b/api/swagger-spec/openshift-openapi-spec.json
@@ -120503,6 +120503,10 @@
"lastTriggeredImageID": {
"description": "lastTriggeredImageID is used internally by the ImageChangeController to save last used image ID for build",
"type": "string"
+ },
+ "paused": {
+ "description": "paused is true if this trigger is temporarily disabled. Optional.",
+ "type": "boolean"
}
}
},
@@ -123580,6 +123584,10 @@
"description": "AllowHostPorts determines if the policy allows host ports in the containers.",
"type": "boolean"
},
+ "allowPrivilegeEscalation": {
+ "description": "AllowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true.",
+ "type": "boolean"
+ },
"allowPrivilegedContainer": {
"description": "AllowPrivilegedContainer determines if a container can request to be run as privileged.",
"type": "boolean"
@@ -123609,6 +123617,10 @@
"type": "string"
}
},
+ "defaultAllowPrivilegeEscalation": {
+ "description": "DefaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process.",
+ "type": "boolean"
+ },
"fsGroup": {
"description": "FSGroup is the strategy that will dictate what fs group is used by the SecurityContext.",
"$ref": "#/definitions/com.github.openshift.api.security.v1.FSGroupStrategyOptions"
diff --git a/glide.lock b/glide.lock
index 6cb308885231..fe0355c5ea6d 100644
--- a/glide.lock
+++ b/glide.lock
@@ -1,5 +1,5 @@
-hash: 214343c22df4983a3bf7817d728277d35a9d8a446d24752f6205fb24b8ab59fa
-updated: 2018-06-28T07:22:57.030219253-04:00
+hash: b037282c60c5cd3b4ba7ecf88a883884e23b2f73543ff66d9c589c02b66c2e91
+updated: 2018-06-29T00:08:46.493459085-04:00
imports:
- name: bitbucket.org/ww/goautoneg
version: 75cd24fc2f2c2a2088577d12123ddee5f54e0675
@@ -86,7 +86,7 @@ imports:
subpackages:
- quantile
- name: github.com/blang/semver
- version: c5e971dbed7850a93c23aa6ff69db5771d8e23b3
+ version: b38d23b8782a487059e8fc8773e9a5b228a77cb6
- name: github.com/certifi/gocertifi
version: deb3ae2ef2610fde3330947281941c562861188b
- name: github.com/chai2010/gettext-go
@@ -812,7 +812,7 @@ imports:
- go-selinux
- go-selinux/label
- name: github.com/openshift/api
- version: 0ce1df2db7debb15eddb25f3ae76df4180777221
+ version: a93a22bdd4ff0e883bcc5a5417a80c47e2459b7f
subpackages:
- apps/v1
- authorization/v1
@@ -1406,13 +1406,14 @@ imports:
- pkg/registry/customresourcedefinition
- test/integration/testserver
- name: k8s.io/apimachinery
- version: 1369ad3fdc6dcb2c933d7e570b349d71bd3052cf
+ version: 57fac7393e28c8a5745e8266da1ab9ad148a6b48
repo: https://github.com/openshift/kubernetes-apimachinery.git
subpackages:
- pkg/api/equality
- pkg/api/errors
- pkg/api/meta
- pkg/api/meta/table
+ - pkg/api/meta/testrestmapper
- pkg/api/resource
- pkg/api/testing
- pkg/api/testing/fuzzer
@@ -1472,7 +1473,7 @@ imports:
- third_party/forked/golang/netutil
- third_party/forked/golang/reflect
- name: k8s.io/apiserver
- version: 18a7bea1ce92a746c1a4cc7fa5838741657856ea
+ version: 6e2d018b0fd7115e80f7075578de3cf42b46dd42
repo: https://github.com/openshift/kubernetes-apiserver.git
subpackages:
- pkg/admission
@@ -1555,7 +1556,6 @@ imports:
- pkg/storage/etcd/testing/testingcert
- pkg/storage/etcd/util
- pkg/storage/etcd3
- - pkg/storage/etcd3/preflight
- pkg/storage/names
- pkg/storage/storagebackend
- pkg/storage/storagebackend/factory
@@ -1585,13 +1585,14 @@ imports:
- plugin/pkg/authenticator/token/webhook
- plugin/pkg/authorizer/webhook
- name: k8s.io/client-go
- version: 74dcea03361412e1f631eaf6d4d4a71d4066b934
+ version: 4e185c74a08006b22fad3a390c764b642cf1fb35
repo: https://github.com/openshift/kubernetes-client-go.git
subpackages:
- discovery
- discovery/cached
- discovery/fake
- dynamic
+ - dynamic/fake
- informers
- informers/admissionregistration
- informers/admissionregistration/v1alpha1
@@ -1776,7 +1777,7 @@ imports:
- util/testing
- util/workqueue
- name: k8s.io/code-generator
- version: a8dc310c260365c47d38b035b24454e623ed72cf
+ version: e564af3c98bc317ea3df3658b09f2ecd701840f8
repo: https://github.com/openshift/kubernetes-code-generator.git
- name: k8s.io/gengo
version: 01a732e01d00cb9a81bb0ca050d3e6d2b947927b
@@ -1785,7 +1786,7 @@ imports:
subpackages:
- metrics/api/v1/types
- name: k8s.io/kube-aggregator
- version: 3c8662aed7ac17889e6afa4c4c185e3ed591f9f2
+ version: 7b15cf2c25b08e57aa3a15da137e461cb0c65696
repo: https://github.com/openshift/kube-aggregator.git
subpackages:
- pkg/apis/apiregistration
@@ -1823,9 +1824,10 @@ imports:
- pkg/handler
- pkg/util
- pkg/util/proto
+ - pkg/util/proto/testing
- pkg/util/proto/validation
- name: k8s.io/kubernetes
- version: 808f4a0e9d88e9e44522d694ce29d914dc496868
+ version: 55bb5105903b718c63a80556dd2ff5a8d4ce51b8
repo: https://github.com/openshift/kubernetes.git
subpackages:
- cmd/controller-manager/app
@@ -1845,7 +1847,6 @@ imports:
- cmd/kubeadm/app/util
- cmd/kubelet/app
- cmd/kubelet/app/options
- - pkg/api
- pkg/api/endpoints
- pkg/api/events
- pkg/api/legacyscheme
@@ -2150,10 +2151,12 @@ imports:
- pkg/kubectl/cmd/set
- pkg/kubectl/cmd/set/env
- pkg/kubectl/cmd/templates
+ - pkg/kubectl/cmd/testing
- pkg/kubectl/cmd/util
- pkg/kubectl/cmd/util/editor
- pkg/kubectl/cmd/util/editor/crlf
- pkg/kubectl/cmd/util/openapi
+ - pkg/kubectl/cmd/util/openapi/testing
- pkg/kubectl/cmd/util/openapi/validation
- pkg/kubectl/cmd/wait
- pkg/kubectl/explain
diff --git a/glide.yaml b/glide.yaml
index 683ca98b27df..96637ed1b286 100644
--- a/glide.yaml
+++ b/glide.yaml
@@ -38,7 +38,7 @@ import:
# openshift second
- package: github.com/openshift/api
- version: 0ce1df2db7debb15eddb25f3ae76df4180777221
+ version: master
- package: github.com/openshift/client-go
version: master
- package: github.com/openshift/imagebuilder
diff --git a/pkg/api/serialization_test.go b/pkg/api/serialization_test.go
index 3fd63c63b737..a8606c121db2 100644
--- a/pkg/api/serialization_test.go
+++ b/pkg/api/serialization_test.go
@@ -479,6 +479,9 @@ func originFuzzer(t *testing.T, seed int64) *fuzz.Fuzzer {
scc.SupplementalGroups.Type = supGroupTypes[c.Rand.Intn(len(supGroupTypes))]
fsGroupTypes := []securityapi.FSGroupStrategyType{securityapi.FSGroupStrategyMustRunAs, securityapi.FSGroupStrategyRunAsAny}
scc.FSGroup.Type = fsGroupTypes[c.Rand.Intn(len(fsGroupTypes))]
+ // avoid the defaulting logic for this field by making it never nil
+ allowPrivilegeEscalation := c.RandBool()
+ scc.AllowPrivilegeEscalation = &allowPrivilegeEscalation
// when fuzzing the volume types ensure it is set to avoid the defaulter's expansion.
// Do not use FSTypeAll or host dir setting to steer clear of defaulting mechanics
diff --git a/pkg/apps/generated/informers/internalversion/factory.go b/pkg/apps/generated/informers/internalversion/factory.go
index d48bc7253605..5ddc62cf717b 100644
--- a/pkg/apps/generated/informers/internalversion/factory.go
+++ b/pkg/apps/generated/informers/internalversion/factory.go
@@ -16,12 +16,16 @@ import (
cache "k8s.io/client-go/tools/cache"
)
+// SharedInformerOption defines the functional option type for SharedInformerFactory.
+type SharedInformerOption func(*sharedInformerFactory) *sharedInformerFactory
+
type sharedInformerFactory struct {
client internalclientset.Interface
namespace string
tweakListOptions internalinterfaces.TweakListOptionsFunc
lock sync.Mutex
defaultResync time.Duration
+ customResync map[reflect.Type]time.Duration
informers map[reflect.Type]cache.SharedIndexInformer
// startedInformers is used for tracking which informers have been started.
@@ -29,23 +33,62 @@ type sharedInformerFactory struct {
startedInformers map[reflect.Type]bool
}
-// NewSharedInformerFactory constructs a new instance of sharedInformerFactory
+// WithCustomResyncConfig sets a custom resync period for the specified informer types.
+func WithCustomResyncConfig(resyncConfig map[v1.Object]time.Duration) SharedInformerOption {
+ return func(factory *sharedInformerFactory) *sharedInformerFactory {
+ for k, v := range resyncConfig {
+ factory.customResync[reflect.TypeOf(k)] = v
+ }
+ return factory
+ }
+}
+
+// WithTweakListOptions sets a custom filter on all listers of the configured SharedInformerFactory.
+func WithTweakListOptions(tweakListOptions internalinterfaces.TweakListOptionsFunc) SharedInformerOption {
+ return func(factory *sharedInformerFactory) *sharedInformerFactory {
+ factory.tweakListOptions = tweakListOptions
+ return factory
+ }
+}
+
+// WithNamespace limits the SharedInformerFactory to the specified namespace.
+func WithNamespace(namespace string) SharedInformerOption {
+ return func(factory *sharedInformerFactory) *sharedInformerFactory {
+ factory.namespace = namespace
+ return factory
+ }
+}
+
+// NewSharedInformerFactory constructs a new instance of sharedInformerFactory for all namespaces.
func NewSharedInformerFactory(client internalclientset.Interface, defaultResync time.Duration) SharedInformerFactory {
- return NewFilteredSharedInformerFactory(client, defaultResync, v1.NamespaceAll, nil)
+ return NewSharedInformerFactoryWithOptions(client, defaultResync)
}
// NewFilteredSharedInformerFactory constructs a new instance of sharedInformerFactory.
// Listers obtained via this SharedInformerFactory will be subject to the same filters
// as specified here.
+// Deprecated: Please use NewSharedInformerFactoryWithOptions instead
func NewFilteredSharedInformerFactory(client internalclientset.Interface, defaultResync time.Duration, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) SharedInformerFactory {
- return &sharedInformerFactory{
+ return NewSharedInformerFactoryWithOptions(client, defaultResync, WithNamespace(namespace), WithTweakListOptions(tweakListOptions))
+}
+
+// NewSharedInformerFactoryWithOptions constructs a new instance of a SharedInformerFactory with additional options.
+func NewSharedInformerFactoryWithOptions(client internalclientset.Interface, defaultResync time.Duration, options ...SharedInformerOption) SharedInformerFactory {
+ factory := &sharedInformerFactory{
client: client,
- namespace: namespace,
- tweakListOptions: tweakListOptions,
+ namespace: v1.NamespaceAll,
defaultResync: defaultResync,
informers: make(map[reflect.Type]cache.SharedIndexInformer),
startedInformers: make(map[reflect.Type]bool),
+ customResync: make(map[reflect.Type]time.Duration),
+ }
+
+ // Apply all options
+ for _, opt := range options {
+ factory = opt(factory)
}
+
+ return factory
}
// Start initializes all requested informers.
@@ -94,7 +137,13 @@ func (f *sharedInformerFactory) InformerFor(obj runtime.Object, newFunc internal
if exists {
return informer
}
- informer = newFunc(f.client, f.defaultResync)
+
+ resyncPeriod, exists := f.customResync[informerType]
+ if !exists {
+ resyncPeriod = f.defaultResync
+ }
+
+ informer = newFunc(f.client, resyncPeriod)
f.informers[informerType] = informer
return informer
diff --git a/pkg/authorization/generated/informers/internalversion/factory.go b/pkg/authorization/generated/informers/internalversion/factory.go
index ab23a3508365..5788981a4292 100644
--- a/pkg/authorization/generated/informers/internalversion/factory.go
+++ b/pkg/authorization/generated/informers/internalversion/factory.go
@@ -16,12 +16,16 @@ import (
cache "k8s.io/client-go/tools/cache"
)
+// SharedInformerOption defines the functional option type for SharedInformerFactory.
+type SharedInformerOption func(*sharedInformerFactory) *sharedInformerFactory
+
type sharedInformerFactory struct {
client internalclientset.Interface
namespace string
tweakListOptions internalinterfaces.TweakListOptionsFunc
lock sync.Mutex
defaultResync time.Duration
+ customResync map[reflect.Type]time.Duration
informers map[reflect.Type]cache.SharedIndexInformer
// startedInformers is used for tracking which informers have been started.
@@ -29,23 +33,62 @@ type sharedInformerFactory struct {
startedInformers map[reflect.Type]bool
}
-// NewSharedInformerFactory constructs a new instance of sharedInformerFactory
+// WithCustomResyncConfig sets a custom resync period for the specified informer types.
+func WithCustomResyncConfig(resyncConfig map[v1.Object]time.Duration) SharedInformerOption {
+ return func(factory *sharedInformerFactory) *sharedInformerFactory {
+ for k, v := range resyncConfig {
+ factory.customResync[reflect.TypeOf(k)] = v
+ }
+ return factory
+ }
+}
+
+// WithTweakListOptions sets a custom filter on all listers of the configured SharedInformerFactory.
+func WithTweakListOptions(tweakListOptions internalinterfaces.TweakListOptionsFunc) SharedInformerOption {
+ return func(factory *sharedInformerFactory) *sharedInformerFactory {
+ factory.tweakListOptions = tweakListOptions
+ return factory
+ }
+}
+
+// WithNamespace limits the SharedInformerFactory to the specified namespace.
+func WithNamespace(namespace string) SharedInformerOption {
+ return func(factory *sharedInformerFactory) *sharedInformerFactory {
+ factory.namespace = namespace
+ return factory
+ }
+}
+
+// NewSharedInformerFactory constructs a new instance of sharedInformerFactory for all namespaces.
func NewSharedInformerFactory(client internalclientset.Interface, defaultResync time.Duration) SharedInformerFactory {
- return NewFilteredSharedInformerFactory(client, defaultResync, v1.NamespaceAll, nil)
+ return NewSharedInformerFactoryWithOptions(client, defaultResync)
}
// NewFilteredSharedInformerFactory constructs a new instance of sharedInformerFactory.
// Listers obtained via this SharedInformerFactory will be subject to the same filters
// as specified here.
+// Deprecated: Please use NewSharedInformerFactoryWithOptions instead
func NewFilteredSharedInformerFactory(client internalclientset.Interface, defaultResync time.Duration, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) SharedInformerFactory {
- return &sharedInformerFactory{
+ return NewSharedInformerFactoryWithOptions(client, defaultResync, WithNamespace(namespace), WithTweakListOptions(tweakListOptions))
+}
+
+// NewSharedInformerFactoryWithOptions constructs a new instance of a SharedInformerFactory with additional options.
+func NewSharedInformerFactoryWithOptions(client internalclientset.Interface, defaultResync time.Duration, options ...SharedInformerOption) SharedInformerFactory {
+ factory := &sharedInformerFactory{
client: client,
- namespace: namespace,
- tweakListOptions: tweakListOptions,
+ namespace: v1.NamespaceAll,
defaultResync: defaultResync,
informers: make(map[reflect.Type]cache.SharedIndexInformer),
startedInformers: make(map[reflect.Type]bool),
+ customResync: make(map[reflect.Type]time.Duration),
+ }
+
+ // Apply all options
+ for _, opt := range options {
+ factory = opt(factory)
}
+
+ return factory
}
// Start initializes all requested informers.
@@ -94,7 +137,13 @@ func (f *sharedInformerFactory) InformerFor(obj runtime.Object, newFunc internal
if exists {
return informer
}
- informer = newFunc(f.client, f.defaultResync)
+
+ resyncPeriod, exists := f.customResync[informerType]
+ if !exists {
+ resyncPeriod = f.defaultResync
+ }
+
+ informer = newFunc(f.client, resyncPeriod)
f.informers[informerType] = informer
return informer
diff --git a/pkg/build/apis/build/types.go b/pkg/build/apis/build/types.go
index 9eca34dcd84c..3a92c2b262d1 100644
--- a/pkg/build/apis/build/types.go
+++ b/pkg/build/apis/build/types.go
@@ -1125,6 +1125,9 @@ type ImageChangeTrigger struct {
// will be used. Only one ImageChangeTrigger with an empty From reference is allowed in
// a build configuration.
From *kapi.ObjectReference
+
+ // Paused is true if this trigger is temporarily disabled. Optional.
+ Paused bool
}
// BuildTriggerPolicy describes a policy for a single trigger that results in a new Build.
diff --git a/pkg/build/apis/build/v1/zz_generated.conversion.go b/pkg/build/apis/build/v1/zz_generated.conversion.go
index 03c92cf4e683..001fbea78919 100644
--- a/pkg/build/apis/build/v1/zz_generated.conversion.go
+++ b/pkg/build/apis/build/v1/zz_generated.conversion.go
@@ -1875,6 +1875,7 @@ func autoConvert_v1_ImageChangeTrigger_To_build_ImageChangeTrigger(in *v1.ImageC
} else {
out.From = nil
}
+ out.Paused = in.Paused
return nil
}
@@ -1894,6 +1895,7 @@ func autoConvert_build_ImageChangeTrigger_To_v1_ImageChangeTrigger(in *build.Ima
} else {
out.From = nil
}
+ out.Paused = in.Paused
return nil
}
diff --git a/pkg/build/generated/informers/internalversion/factory.go b/pkg/build/generated/informers/internalversion/factory.go
index b0e424cf65a6..cabce81972c7 100644
--- a/pkg/build/generated/informers/internalversion/factory.go
+++ b/pkg/build/generated/informers/internalversion/factory.go
@@ -16,12 +16,16 @@ import (
cache "k8s.io/client-go/tools/cache"
)
+// SharedInformerOption defines the functional option type for SharedInformerFactory.
+type SharedInformerOption func(*sharedInformerFactory) *sharedInformerFactory
+
type sharedInformerFactory struct {
client internalclientset.Interface
namespace string
tweakListOptions internalinterfaces.TweakListOptionsFunc
lock sync.Mutex
defaultResync time.Duration
+ customResync map[reflect.Type]time.Duration
informers map[reflect.Type]cache.SharedIndexInformer
// startedInformers is used for tracking which informers have been started.
@@ -29,23 +33,62 @@ type sharedInformerFactory struct {
startedInformers map[reflect.Type]bool
}
-// NewSharedInformerFactory constructs a new instance of sharedInformerFactory
+// WithCustomResyncConfig sets a custom resync period for the specified informer types.
+func WithCustomResyncConfig(resyncConfig map[v1.Object]time.Duration) SharedInformerOption {
+ return func(factory *sharedInformerFactory) *sharedInformerFactory {
+ for k, v := range resyncConfig {
+ factory.customResync[reflect.TypeOf(k)] = v
+ }
+ return factory
+ }
+}
+
+// WithTweakListOptions sets a custom filter on all listers of the configured SharedInformerFactory.
+func WithTweakListOptions(tweakListOptions internalinterfaces.TweakListOptionsFunc) SharedInformerOption {
+ return func(factory *sharedInformerFactory) *sharedInformerFactory {
+ factory.tweakListOptions = tweakListOptions
+ return factory
+ }
+}
+
+// WithNamespace limits the SharedInformerFactory to the specified namespace.
+func WithNamespace(namespace string) SharedInformerOption {
+ return func(factory *sharedInformerFactory) *sharedInformerFactory {
+ factory.namespace = namespace
+ return factory
+ }
+}
+
+// NewSharedInformerFactory constructs a new instance of sharedInformerFactory for all namespaces.
func NewSharedInformerFactory(client internalclientset.Interface, defaultResync time.Duration) SharedInformerFactory {
- return NewFilteredSharedInformerFactory(client, defaultResync, v1.NamespaceAll, nil)
+ return NewSharedInformerFactoryWithOptions(client, defaultResync)
}
// NewFilteredSharedInformerFactory constructs a new instance of sharedInformerFactory.
// Listers obtained via this SharedInformerFactory will be subject to the same filters
// as specified here.
+// Deprecated: Please use NewSharedInformerFactoryWithOptions instead
func NewFilteredSharedInformerFactory(client internalclientset.Interface, defaultResync time.Duration, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) SharedInformerFactory {
- return &sharedInformerFactory{
+ return NewSharedInformerFactoryWithOptions(client, defaultResync, WithNamespace(namespace), WithTweakListOptions(tweakListOptions))
+}
+
+// NewSharedInformerFactoryWithOptions constructs a new instance of a SharedInformerFactory with additional options.
+func NewSharedInformerFactoryWithOptions(client internalclientset.Interface, defaultResync time.Duration, options ...SharedInformerOption) SharedInformerFactory {
+ factory := &sharedInformerFactory{
client: client,
- namespace: namespace,
- tweakListOptions: tweakListOptions,
+ namespace: v1.NamespaceAll,
defaultResync: defaultResync,
informers: make(map[reflect.Type]cache.SharedIndexInformer),
startedInformers: make(map[reflect.Type]bool),
+ customResync: make(map[reflect.Type]time.Duration),
+ }
+
+ // Apply all options
+ for _, opt := range options {
+ factory = opt(factory)
}
+
+ return factory
}
// Start initializes all requested informers.
@@ -94,7 +137,13 @@ func (f *sharedInformerFactory) InformerFor(obj runtime.Object, newFunc internal
if exists {
return informer
}
- informer = newFunc(f.client, f.defaultResync)
+
+ resyncPeriod, exists := f.customResync[informerType]
+ if !exists {
+ resyncPeriod = f.defaultResync
+ }
+
+ informer = newFunc(f.client, resyncPeriod)
f.informers[informerType] = informer
return informer
diff --git a/pkg/image/generated/informers/internalversion/factory.go b/pkg/image/generated/informers/internalversion/factory.go
index e94af065ca5a..9b333df6aa18 100644
--- a/pkg/image/generated/informers/internalversion/factory.go
+++ b/pkg/image/generated/informers/internalversion/factory.go
@@ -16,12 +16,16 @@ import (
cache "k8s.io/client-go/tools/cache"
)
+// SharedInformerOption defines the functional option type for SharedInformerFactory.
+type SharedInformerOption func(*sharedInformerFactory) *sharedInformerFactory
+
type sharedInformerFactory struct {
client internalclientset.Interface
namespace string
tweakListOptions internalinterfaces.TweakListOptionsFunc
lock sync.Mutex
defaultResync time.Duration
+ customResync map[reflect.Type]time.Duration
informers map[reflect.Type]cache.SharedIndexInformer
// startedInformers is used for tracking which informers have been started.
@@ -29,23 +33,62 @@ type sharedInformerFactory struct {
startedInformers map[reflect.Type]bool
}
-// NewSharedInformerFactory constructs a new instance of sharedInformerFactory
+// WithCustomResyncConfig sets a custom resync period for the specified informer types.
+func WithCustomResyncConfig(resyncConfig map[v1.Object]time.Duration) SharedInformerOption {
+ return func(factory *sharedInformerFactory) *sharedInformerFactory {
+ for k, v := range resyncConfig {
+ factory.customResync[reflect.TypeOf(k)] = v
+ }
+ return factory
+ }
+}
+
+// WithTweakListOptions sets a custom filter on all listers of the configured SharedInformerFactory.
+func WithTweakListOptions(tweakListOptions internalinterfaces.TweakListOptionsFunc) SharedInformerOption {
+ return func(factory *sharedInformerFactory) *sharedInformerFactory {
+ factory.tweakListOptions = tweakListOptions
+ return factory
+ }
+}
+
+// WithNamespace limits the SharedInformerFactory to the specified namespace.
+func WithNamespace(namespace string) SharedInformerOption {
+ return func(factory *sharedInformerFactory) *sharedInformerFactory {
+ factory.namespace = namespace
+ return factory
+ }
+}
+
+// NewSharedInformerFactory constructs a new instance of sharedInformerFactory for all namespaces.
func NewSharedInformerFactory(client internalclientset.Interface, defaultResync time.Duration) SharedInformerFactory {
- return NewFilteredSharedInformerFactory(client, defaultResync, v1.NamespaceAll, nil)
+ return NewSharedInformerFactoryWithOptions(client, defaultResync)
}
// NewFilteredSharedInformerFactory constructs a new instance of sharedInformerFactory.
// Listers obtained via this SharedInformerFactory will be subject to the same filters
// as specified here.
+// Deprecated: Please use NewSharedInformerFactoryWithOptions instead
func NewFilteredSharedInformerFactory(client internalclientset.Interface, defaultResync time.Duration, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) SharedInformerFactory {
- return &sharedInformerFactory{
+ return NewSharedInformerFactoryWithOptions(client, defaultResync, WithNamespace(namespace), WithTweakListOptions(tweakListOptions))
+}
+
+// NewSharedInformerFactoryWithOptions constructs a new instance of a SharedInformerFactory with additional options.
+func NewSharedInformerFactoryWithOptions(client internalclientset.Interface, defaultResync time.Duration, options ...SharedInformerOption) SharedInformerFactory {
+ factory := &sharedInformerFactory{
client: client,
- namespace: namespace,
- tweakListOptions: tweakListOptions,
+ namespace: v1.NamespaceAll,
defaultResync: defaultResync,
informers: make(map[reflect.Type]cache.SharedIndexInformer),
startedInformers: make(map[reflect.Type]bool),
+ customResync: make(map[reflect.Type]time.Duration),
+ }
+
+ // Apply all options
+ for _, opt := range options {
+ factory = opt(factory)
}
+
+ return factory
}
// Start initializes all requested informers.
@@ -94,7 +137,13 @@ func (f *sharedInformerFactory) InformerFor(obj runtime.Object, newFunc internal
if exists {
return informer
}
- informer = newFunc(f.client, f.defaultResync)
+
+ resyncPeriod, exists := f.customResync[informerType]
+ if !exists {
+ resyncPeriod = f.defaultResync
+ }
+
+ informer = newFunc(f.client, resyncPeriod)
f.informers[informerType] = informer
return informer
diff --git a/pkg/image/trigger/buildconfigs/buildconfigs.go b/pkg/image/trigger/buildconfigs/buildconfigs.go
index 05c99b0d022f..7276544eac10 100644
--- a/pkg/image/trigger/buildconfigs/buildconfigs.go
+++ b/pkg/image/trigger/buildconfigs/buildconfigs.go
@@ -143,6 +143,10 @@ func (r *buildConfigReactor) ImageChanged(obj runtime.Object, tagRetriever trigg
if p == nil || (p.From != nil && p.From.Kind != "ImageStreamTag") {
continue
}
+ if p.Paused {
+ glog.V(5).Infof("Skipping paused build on bc: %s/%s for trigger: %s", bc.Namespace, bc.Name, t)
+ continue
+ }
var from *kapi.ObjectReference
if p.From != nil {
from = p.From
diff --git a/pkg/image/trigger/buildconfigs/buildconfigs_test.go b/pkg/image/trigger/buildconfigs/buildconfigs_test.go
index dc01ce240b71..a3432cce628f 100644
--- a/pkg/image/trigger/buildconfigs/buildconfigs_test.go
+++ b/pkg/image/trigger/buildconfigs/buildconfigs_test.go
@@ -242,6 +242,40 @@ func TestBuildConfigReactor(t *testing.T) {
map[string]string{"stream-1:1": "image-lookup-1"},
),
},
+
+ {
+ // won't fire because it is paused
+ tags: []fakeTagResponse{{Namespace: "other", Name: "stream-1:1", Ref: "image-lookup-1", RV: 2}},
+ obj: testBuildConfig([]buildapi.ImageChangeTrigger{
+ {
+ From: &kapi.ObjectReference{Name: "stream-1:1", Namespace: "other", Kind: "ImageStreamTag"},
+ Paused: true,
+ },
+ }),
+ },
+
+ {
+ // will fire only for unpaused if multiple triggers are resolved
+ tags: []fakeTagResponse{
+ {Namespace: "other", Name: "stream-1:1", Ref: "image-lookup-1", RV: 2},
+ {Namespace: "other", Name: "stream-2:1", Ref: "image-lookup-2", RV: 2},
+ },
+ obj: testBuildConfig([]buildapi.ImageChangeTrigger{
+ {
+ From: &kapi.ObjectReference{Name: "stream-1:1", Namespace: "other", Kind: "ImageStreamTag"},
+ Paused: true,
+ },
+ {
+ From: &kapi.ObjectReference{Name: "stream-2:1", Namespace: "other", Kind: "ImageStreamTag"},
+ },
+ }),
+ response: &buildapi.Build{},
+ expected: testBuildRequest(
+ &kapi.ObjectReference{Name: "stream-2:1", Namespace: "other", Kind: "ImageStreamTag"},
+ "image-lookup-2",
+ map[string]string{"stream-2:1": "image-lookup-2"},
+ ),
+ },
}
for i, test := range testCases {
diff --git a/pkg/network/generated/informers/internalversion/factory.go b/pkg/network/generated/informers/internalversion/factory.go
index b352a21e291b..6f3d178fd0f4 100644
--- a/pkg/network/generated/informers/internalversion/factory.go
+++ b/pkg/network/generated/informers/internalversion/factory.go
@@ -16,12 +16,16 @@ import (
cache "k8s.io/client-go/tools/cache"
)
+// SharedInformerOption defines the functional option type for SharedInformerFactory.
+type SharedInformerOption func(*sharedInformerFactory) *sharedInformerFactory
+
type sharedInformerFactory struct {
client internalclientset.Interface
namespace string
tweakListOptions internalinterfaces.TweakListOptionsFunc
lock sync.Mutex
defaultResync time.Duration
+ customResync map[reflect.Type]time.Duration
informers map[reflect.Type]cache.SharedIndexInformer
// startedInformers is used for tracking which informers have been started.
@@ -29,23 +33,62 @@ type sharedInformerFactory struct {
startedInformers map[reflect.Type]bool
}
-// NewSharedInformerFactory constructs a new instance of sharedInformerFactory
+// WithCustomResyncConfig sets a custom resync period for the specified informer types.
+func WithCustomResyncConfig(resyncConfig map[v1.Object]time.Duration) SharedInformerOption {
+ return func(factory *sharedInformerFactory) *sharedInformerFactory {
+ for k, v := range resyncConfig {
+ factory.customResync[reflect.TypeOf(k)] = v
+ }
+ return factory
+ }
+}
+
+// WithTweakListOptions sets a custom filter on all listers of the configured SharedInformerFactory.
+func WithTweakListOptions(tweakListOptions internalinterfaces.TweakListOptionsFunc) SharedInformerOption {
+ return func(factory *sharedInformerFactory) *sharedInformerFactory {
+ factory.tweakListOptions = tweakListOptions
+ return factory
+ }
+}
+
+// WithNamespace limits the SharedInformerFactory to the specified namespace.
+func WithNamespace(namespace string) SharedInformerOption {
+ return func(factory *sharedInformerFactory) *sharedInformerFactory {
+ factory.namespace = namespace
+ return factory
+ }
+}
+
+// NewSharedInformerFactory constructs a new instance of sharedInformerFactory for all namespaces.
func NewSharedInformerFactory(client internalclientset.Interface, defaultResync time.Duration) SharedInformerFactory {
- return NewFilteredSharedInformerFactory(client, defaultResync, v1.NamespaceAll, nil)
+ return NewSharedInformerFactoryWithOptions(client, defaultResync)
}
// NewFilteredSharedInformerFactory constructs a new instance of sharedInformerFactory.
// Listers obtained via this SharedInformerFactory will be subject to the same filters
// as specified here.
+// Deprecated: Please use NewSharedInformerFactoryWithOptions instead
func NewFilteredSharedInformerFactory(client internalclientset.Interface, defaultResync time.Duration, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) SharedInformerFactory {
- return &sharedInformerFactory{
+ return NewSharedInformerFactoryWithOptions(client, defaultResync, WithNamespace(namespace), WithTweakListOptions(tweakListOptions))
+}
+
+// NewSharedInformerFactoryWithOptions constructs a new instance of a SharedInformerFactory with additional options.
+func NewSharedInformerFactoryWithOptions(client internalclientset.Interface, defaultResync time.Duration, options ...SharedInformerOption) SharedInformerFactory {
+ factory := &sharedInformerFactory{
client: client,
- namespace: namespace,
- tweakListOptions: tweakListOptions,
+ namespace: v1.NamespaceAll,
defaultResync: defaultResync,
informers: make(map[reflect.Type]cache.SharedIndexInformer),
startedInformers: make(map[reflect.Type]bool),
+ customResync: make(map[reflect.Type]time.Duration),
+ }
+
+ // Apply all options
+ for _, opt := range options {
+ factory = opt(factory)
}
+
+ return factory
}
// Start initializes all requested informers.
@@ -94,7 +137,13 @@ func (f *sharedInformerFactory) InformerFor(obj runtime.Object, newFunc internal
if exists {
return informer
}
- informer = newFunc(f.client, f.defaultResync)
+
+ resyncPeriod, exists := f.customResync[informerType]
+ if !exists {
+ resyncPeriod = f.defaultResync
+ }
+
+ informer = newFunc(f.client, resyncPeriod)
f.informers[informerType] = informer
return informer
diff --git a/pkg/oauth/generated/informers/internalversion/factory.go b/pkg/oauth/generated/informers/internalversion/factory.go
index 20d2357ac35f..832ac42e47a7 100644
--- a/pkg/oauth/generated/informers/internalversion/factory.go
+++ b/pkg/oauth/generated/informers/internalversion/factory.go
@@ -16,12 +16,16 @@ import (
cache "k8s.io/client-go/tools/cache"
)
+// SharedInformerOption defines the functional option type for SharedInformerFactory.
+type SharedInformerOption func(*sharedInformerFactory) *sharedInformerFactory
+
type sharedInformerFactory struct {
client internalclientset.Interface
namespace string
tweakListOptions internalinterfaces.TweakListOptionsFunc
lock sync.Mutex
defaultResync time.Duration
+ customResync map[reflect.Type]time.Duration
informers map[reflect.Type]cache.SharedIndexInformer
// startedInformers is used for tracking which informers have been started.
@@ -29,23 +33,62 @@ type sharedInformerFactory struct {
startedInformers map[reflect.Type]bool
}
-// NewSharedInformerFactory constructs a new instance of sharedInformerFactory
+// WithCustomResyncConfig sets a custom resync period for the specified informer types.
+func WithCustomResyncConfig(resyncConfig map[v1.Object]time.Duration) SharedInformerOption {
+ return func(factory *sharedInformerFactory) *sharedInformerFactory {
+ for k, v := range resyncConfig {
+ factory.customResync[reflect.TypeOf(k)] = v
+ }
+ return factory
+ }
+}
+
+// WithTweakListOptions sets a custom filter on all listers of the configured SharedInformerFactory.
+func WithTweakListOptions(tweakListOptions internalinterfaces.TweakListOptionsFunc) SharedInformerOption {
+ return func(factory *sharedInformerFactory) *sharedInformerFactory {
+ factory.tweakListOptions = tweakListOptions
+ return factory
+ }
+}
+
+// WithNamespace limits the SharedInformerFactory to the specified namespace.
+func WithNamespace(namespace string) SharedInformerOption {
+ return func(factory *sharedInformerFactory) *sharedInformerFactory {
+ factory.namespace = namespace
+ return factory
+ }
+}
+
+// NewSharedInformerFactory constructs a new instance of sharedInformerFactory for all namespaces.
func NewSharedInformerFactory(client internalclientset.Interface, defaultResync time.Duration) SharedInformerFactory {
- return NewFilteredSharedInformerFactory(client, defaultResync, v1.NamespaceAll, nil)
+ return NewSharedInformerFactoryWithOptions(client, defaultResync)
}
// NewFilteredSharedInformerFactory constructs a new instance of sharedInformerFactory.
// Listers obtained via this SharedInformerFactory will be subject to the same filters
// as specified here.
+// Deprecated: Please use NewSharedInformerFactoryWithOptions instead
func NewFilteredSharedInformerFactory(client internalclientset.Interface, defaultResync time.Duration, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) SharedInformerFactory {
- return &sharedInformerFactory{
+ return NewSharedInformerFactoryWithOptions(client, defaultResync, WithNamespace(namespace), WithTweakListOptions(tweakListOptions))
+}
+
+// NewSharedInformerFactoryWithOptions constructs a new instance of a SharedInformerFactory with additional options.
+func NewSharedInformerFactoryWithOptions(client internalclientset.Interface, defaultResync time.Duration, options ...SharedInformerOption) SharedInformerFactory {
+ factory := &sharedInformerFactory{
client: client,
- namespace: namespace,
- tweakListOptions: tweakListOptions,
+ namespace: v1.NamespaceAll,
defaultResync: defaultResync,
informers: make(map[reflect.Type]cache.SharedIndexInformer),
startedInformers: make(map[reflect.Type]bool),
+ customResync: make(map[reflect.Type]time.Duration),
+ }
+
+ // Apply all options
+ for _, opt := range options {
+ factory = opt(factory)
}
+
+ return factory
}
// Start initializes all requested informers.
@@ -94,7 +137,13 @@ func (f *sharedInformerFactory) InformerFor(obj runtime.Object, newFunc internal
if exists {
return informer
}
- informer = newFunc(f.client, f.defaultResync)
+
+ resyncPeriod, exists := f.customResync[informerType]
+ if !exists {
+ resyncPeriod = f.defaultResync
+ }
+
+ informer = newFunc(f.client, resyncPeriod)
f.informers[informerType] = informer
return informer
diff --git a/pkg/oc/cli/describe/describer.go b/pkg/oc/cli/describe/describer.go
index f8223b7ae658..f0b4509d1021 100644
--- a/pkg/oc/cli/describe/describer.go
+++ b/pkg/oc/cli/describe/describer.go
@@ -1873,6 +1873,7 @@ func describeSecurityContextConstraints(scc *securityapi.SecurityContextConstrai
fmt.Fprintf(out, "Settings:\t\n")
fmt.Fprintf(out, " Allow Privileged:\t%t\n", scc.AllowPrivilegedContainer)
+ fmt.Fprintf(out, " Allow Privilege Escalation:\t%t\n", scc.AllowPrivilegeEscalation)
fmt.Fprintf(out, " Default Add Capabilities:\t%s\n", capsToString(scc.DefaultAddCapabilities))
fmt.Fprintf(out, " Required Drop Capabilities:\t%s\n", capsToString(scc.RequiredDropCapabilities))
fmt.Fprintf(out, " Allowed Capabilities:\t%s\n", capsToString(scc.AllowedCapabilities))
diff --git a/pkg/openapi/zz_generated.openapi.go b/pkg/openapi/zz_generated.openapi.go
index 768793cc71ae..692ed868e1e2 100644
--- a/pkg/openapi/zz_generated.openapi.go
+++ b/pkg/openapi/zz_generated.openapi.go
@@ -5830,6 +5830,13 @@ func schema_openshift_api_build_v1_ImageChangeTrigger(ref common.ReferenceCallba
Ref: ref("k8s.io/api/core/v1.ObjectReference"),
},
},
+ "paused": {
+ SchemaProps: spec.SchemaProps{
+ Description: "paused is true if this trigger is temporarily disabled. Optional.",
+ Type: []string{"boolean"},
+ Format: "",
+ },
+ },
},
},
},
@@ -11425,6 +11432,20 @@ func schema_openshift_api_security_v1_SecurityContextConstraints(ref common.Refe
Format: "",
},
},
+ "defaultAllowPrivilegeEscalation": {
+ SchemaProps: spec.SchemaProps{
+ Description: "DefaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process.",
+ Type: []string{"boolean"},
+ Format: "",
+ },
+ },
+ "allowPrivilegeEscalation": {
+ SchemaProps: spec.SchemaProps{
+ Description: "AllowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true.",
+ Type: []string{"boolean"},
+ Format: "",
+ },
+ },
"seLinuxContext": {
SchemaProps: spec.SchemaProps{
Description: "SELinuxContext is the strategy that will dictate what labels will be set in the SecurityContext.",
diff --git a/pkg/project/generated/informers/internalversion/factory.go b/pkg/project/generated/informers/internalversion/factory.go
index f61f84785cd6..350fdc6dd528 100644
--- a/pkg/project/generated/informers/internalversion/factory.go
+++ b/pkg/project/generated/informers/internalversion/factory.go
@@ -16,12 +16,16 @@ import (
cache "k8s.io/client-go/tools/cache"
)
+// SharedInformerOption defines the functional option type for SharedInformerFactory.
+type SharedInformerOption func(*sharedInformerFactory) *sharedInformerFactory
+
type sharedInformerFactory struct {
client internalclientset.Interface
namespace string
tweakListOptions internalinterfaces.TweakListOptionsFunc
lock sync.Mutex
defaultResync time.Duration
+ customResync map[reflect.Type]time.Duration
informers map[reflect.Type]cache.SharedIndexInformer
// startedInformers is used for tracking which informers have been started.
@@ -29,23 +33,62 @@ type sharedInformerFactory struct {
startedInformers map[reflect.Type]bool
}
-// NewSharedInformerFactory constructs a new instance of sharedInformerFactory
+// WithCustomResyncConfig sets a custom resync period for the specified informer types.
+func WithCustomResyncConfig(resyncConfig map[v1.Object]time.Duration) SharedInformerOption {
+ return func(factory *sharedInformerFactory) *sharedInformerFactory {
+ for k, v := range resyncConfig {
+ factory.customResync[reflect.TypeOf(k)] = v
+ }
+ return factory
+ }
+}
+
+// WithTweakListOptions sets a custom filter on all listers of the configured SharedInformerFactory.
+func WithTweakListOptions(tweakListOptions internalinterfaces.TweakListOptionsFunc) SharedInformerOption {
+ return func(factory *sharedInformerFactory) *sharedInformerFactory {
+ factory.tweakListOptions = tweakListOptions
+ return factory
+ }
+}
+
+// WithNamespace limits the SharedInformerFactory to the specified namespace.
+func WithNamespace(namespace string) SharedInformerOption {
+ return func(factory *sharedInformerFactory) *sharedInformerFactory {
+ factory.namespace = namespace
+ return factory
+ }
+}
+
+// NewSharedInformerFactory constructs a new instance of sharedInformerFactory for all namespaces.
func NewSharedInformerFactory(client internalclientset.Interface, defaultResync time.Duration) SharedInformerFactory {
- return NewFilteredSharedInformerFactory(client, defaultResync, v1.NamespaceAll, nil)
+ return NewSharedInformerFactoryWithOptions(client, defaultResync)
}
// NewFilteredSharedInformerFactory constructs a new instance of sharedInformerFactory.
// Listers obtained via this SharedInformerFactory will be subject to the same filters
// as specified here.
+// Deprecated: Please use NewSharedInformerFactoryWithOptions instead
func NewFilteredSharedInformerFactory(client internalclientset.Interface, defaultResync time.Duration, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) SharedInformerFactory {
- return &sharedInformerFactory{
+ return NewSharedInformerFactoryWithOptions(client, defaultResync, WithNamespace(namespace), WithTweakListOptions(tweakListOptions))
+}
+
+// NewSharedInformerFactoryWithOptions constructs a new instance of a SharedInformerFactory with additional options.
+func NewSharedInformerFactoryWithOptions(client internalclientset.Interface, defaultResync time.Duration, options ...SharedInformerOption) SharedInformerFactory {
+ factory := &sharedInformerFactory{
client: client,
- namespace: namespace,
- tweakListOptions: tweakListOptions,
+ namespace: v1.NamespaceAll,
defaultResync: defaultResync,
informers: make(map[reflect.Type]cache.SharedIndexInformer),
startedInformers: make(map[reflect.Type]bool),
+ customResync: make(map[reflect.Type]time.Duration),
+ }
+
+ // Apply all options
+ for _, opt := range options {
+ factory = opt(factory)
}
+
+ return factory
}
// Start initializes all requested informers.
@@ -94,7 +137,13 @@ func (f *sharedInformerFactory) InformerFor(obj runtime.Object, newFunc internal
if exists {
return informer
}
- informer = newFunc(f.client, f.defaultResync)
+
+ resyncPeriod, exists := f.customResync[informerType]
+ if !exists {
+ resyncPeriod = f.defaultResync
+ }
+
+ informer = newFunc(f.client, resyncPeriod)
f.informers[informerType] = informer
return informer
diff --git a/pkg/quota/generated/informers/internalversion/factory.go b/pkg/quota/generated/informers/internalversion/factory.go
index 0f95f6aae3b5..743dbc6b4bff 100644
--- a/pkg/quota/generated/informers/internalversion/factory.go
+++ b/pkg/quota/generated/informers/internalversion/factory.go
@@ -16,12 +16,16 @@ import (
cache "k8s.io/client-go/tools/cache"
)
+// SharedInformerOption defines the functional option type for SharedInformerFactory.
+type SharedInformerOption func(*sharedInformerFactory) *sharedInformerFactory
+
type sharedInformerFactory struct {
client internalclientset.Interface
namespace string
tweakListOptions internalinterfaces.TweakListOptionsFunc
lock sync.Mutex
defaultResync time.Duration
+ customResync map[reflect.Type]time.Duration
informers map[reflect.Type]cache.SharedIndexInformer
// startedInformers is used for tracking which informers have been started.
@@ -29,23 +33,62 @@ type sharedInformerFactory struct {
startedInformers map[reflect.Type]bool
}
-// NewSharedInformerFactory constructs a new instance of sharedInformerFactory
+// WithCustomResyncConfig sets a custom resync period for the specified informer types.
+func WithCustomResyncConfig(resyncConfig map[v1.Object]time.Duration) SharedInformerOption {
+ return func(factory *sharedInformerFactory) *sharedInformerFactory {
+ for k, v := range resyncConfig {
+ factory.customResync[reflect.TypeOf(k)] = v
+ }
+ return factory
+ }
+}
+
+// WithTweakListOptions sets a custom filter on all listers of the configured SharedInformerFactory.
+func WithTweakListOptions(tweakListOptions internalinterfaces.TweakListOptionsFunc) SharedInformerOption {
+ return func(factory *sharedInformerFactory) *sharedInformerFactory {
+ factory.tweakListOptions = tweakListOptions
+ return factory
+ }
+}
+
+// WithNamespace limits the SharedInformerFactory to the specified namespace.
+func WithNamespace(namespace string) SharedInformerOption {
+ return func(factory *sharedInformerFactory) *sharedInformerFactory {
+ factory.namespace = namespace
+ return factory
+ }
+}
+
+// NewSharedInformerFactory constructs a new instance of sharedInformerFactory for all namespaces.
func NewSharedInformerFactory(client internalclientset.Interface, defaultResync time.Duration) SharedInformerFactory {
- return NewFilteredSharedInformerFactory(client, defaultResync, v1.NamespaceAll, nil)
+ return NewSharedInformerFactoryWithOptions(client, defaultResync)
}
// NewFilteredSharedInformerFactory constructs a new instance of sharedInformerFactory.
// Listers obtained via this SharedInformerFactory will be subject to the same filters
// as specified here.
+// Deprecated: Please use NewSharedInformerFactoryWithOptions instead
func NewFilteredSharedInformerFactory(client internalclientset.Interface, defaultResync time.Duration, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) SharedInformerFactory {
- return &sharedInformerFactory{
+ return NewSharedInformerFactoryWithOptions(client, defaultResync, WithNamespace(namespace), WithTweakListOptions(tweakListOptions))
+}
+
+// NewSharedInformerFactoryWithOptions constructs a new instance of a SharedInformerFactory with additional options.
+func NewSharedInformerFactoryWithOptions(client internalclientset.Interface, defaultResync time.Duration, options ...SharedInformerOption) SharedInformerFactory {
+ factory := &sharedInformerFactory{
client: client,
- namespace: namespace,
- tweakListOptions: tweakListOptions,
+ namespace: v1.NamespaceAll,
defaultResync: defaultResync,
informers: make(map[reflect.Type]cache.SharedIndexInformer),
startedInformers: make(map[reflect.Type]bool),
+ customResync: make(map[reflect.Type]time.Duration),
+ }
+
+ // Apply all options
+ for _, opt := range options {
+ factory = opt(factory)
}
+
+ return factory
}
// Start initializes all requested informers.
@@ -94,7 +137,13 @@ func (f *sharedInformerFactory) InformerFor(obj runtime.Object, newFunc internal
if exists {
return informer
}
- informer = newFunc(f.client, f.defaultResync)
+
+ resyncPeriod, exists := f.customResync[informerType]
+ if !exists {
+ resyncPeriod = f.defaultResync
+ }
+
+ informer = newFunc(f.client, resyncPeriod)
f.informers[informerType] = informer
return informer
diff --git a/pkg/route/generated/informers/internalversion/factory.go b/pkg/route/generated/informers/internalversion/factory.go
index 41e50bc689c3..abab8151c085 100644
--- a/pkg/route/generated/informers/internalversion/factory.go
+++ b/pkg/route/generated/informers/internalversion/factory.go
@@ -16,12 +16,16 @@ import (
cache "k8s.io/client-go/tools/cache"
)
+// SharedInformerOption defines the functional option type for SharedInformerFactory.
+type SharedInformerOption func(*sharedInformerFactory) *sharedInformerFactory
+
type sharedInformerFactory struct {
client internalclientset.Interface
namespace string
tweakListOptions internalinterfaces.TweakListOptionsFunc
lock sync.Mutex
defaultResync time.Duration
+ customResync map[reflect.Type]time.Duration
informers map[reflect.Type]cache.SharedIndexInformer
// startedInformers is used for tracking which informers have been started.
@@ -29,23 +33,62 @@ type sharedInformerFactory struct {
startedInformers map[reflect.Type]bool
}
-// NewSharedInformerFactory constructs a new instance of sharedInformerFactory
+// WithCustomResyncConfig sets a custom resync period for the specified informer types.
+func WithCustomResyncConfig(resyncConfig map[v1.Object]time.Duration) SharedInformerOption {
+ return func(factory *sharedInformerFactory) *sharedInformerFactory {
+ for k, v := range resyncConfig {
+ factory.customResync[reflect.TypeOf(k)] = v
+ }
+ return factory
+ }
+}
+
+// WithTweakListOptions sets a custom filter on all listers of the configured SharedInformerFactory.
+func WithTweakListOptions(tweakListOptions internalinterfaces.TweakListOptionsFunc) SharedInformerOption {
+ return func(factory *sharedInformerFactory) *sharedInformerFactory {
+ factory.tweakListOptions = tweakListOptions
+ return factory
+ }
+}
+
+// WithNamespace limits the SharedInformerFactory to the specified namespace.
+func WithNamespace(namespace string) SharedInformerOption {
+ return func(factory *sharedInformerFactory) *sharedInformerFactory {
+ factory.namespace = namespace
+ return factory
+ }
+}
+
+// NewSharedInformerFactory constructs a new instance of sharedInformerFactory for all namespaces.
func NewSharedInformerFactory(client internalclientset.Interface, defaultResync time.Duration) SharedInformerFactory {
- return NewFilteredSharedInformerFactory(client, defaultResync, v1.NamespaceAll, nil)
+ return NewSharedInformerFactoryWithOptions(client, defaultResync)
}
// NewFilteredSharedInformerFactory constructs a new instance of sharedInformerFactory.
// Listers obtained via this SharedInformerFactory will be subject to the same filters
// as specified here.
+// Deprecated: Please use NewSharedInformerFactoryWithOptions instead
func NewFilteredSharedInformerFactory(client internalclientset.Interface, defaultResync time.Duration, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) SharedInformerFactory {
- return &sharedInformerFactory{
+ return NewSharedInformerFactoryWithOptions(client, defaultResync, WithNamespace(namespace), WithTweakListOptions(tweakListOptions))
+}
+
+// NewSharedInformerFactoryWithOptions constructs a new instance of a SharedInformerFactory with additional options.
+func NewSharedInformerFactoryWithOptions(client internalclientset.Interface, defaultResync time.Duration, options ...SharedInformerOption) SharedInformerFactory {
+ factory := &sharedInformerFactory{
client: client,
- namespace: namespace,
- tweakListOptions: tweakListOptions,
+ namespace: v1.NamespaceAll,
defaultResync: defaultResync,
informers: make(map[reflect.Type]cache.SharedIndexInformer),
startedInformers: make(map[reflect.Type]bool),
+ customResync: make(map[reflect.Type]time.Duration),
+ }
+
+ // Apply all options
+ for _, opt := range options {
+ factory = opt(factory)
}
+
+ return factory
}
// Start initializes all requested informers.
@@ -94,7 +137,13 @@ func (f *sharedInformerFactory) InformerFor(obj runtime.Object, newFunc internal
if exists {
return informer
}
- informer = newFunc(f.client, f.defaultResync)
+
+ resyncPeriod, exists := f.customResync[informerType]
+ if !exists {
+ resyncPeriod = f.defaultResync
+ }
+
+ informer = newFunc(f.client, resyncPeriod)
f.informers[informerType] = informer
return informer
diff --git a/pkg/security/apis/security/types.go b/pkg/security/apis/security/types.go
index 494326492df9..8bc90ddff238 100644
--- a/pkg/security/apis/security/types.go
+++ b/pkg/security/apis/security/types.go
@@ -59,6 +59,14 @@ type SecurityContextConstraints struct {
AllowHostPID bool
// AllowHostIPC determines if the policy allows host ipc in the containers.
AllowHostIPC bool
+ // DefaultAllowPrivilegeEscalation controls the default setting for whether a
+ // process can gain more privileges than its parent process.
+ // +optional
+ DefaultAllowPrivilegeEscalation *bool
+ // AllowPrivilegeEscalation determines if a pod can request to allow
+ // privilege escalation. If unspecified, defaults to true.
+ // +optional
+ AllowPrivilegeEscalation *bool
// SELinuxContext is the strategy that will dictate what labels will be set in the SecurityContext.
SELinuxContext SELinuxContextStrategyOptions
// RunAsUser is the strategy that will dictate what RunAsUser is used in the SecurityContext.
diff --git a/pkg/security/apis/security/v1/defaults.go b/pkg/security/apis/security/v1/defaults.go
index 6ffaac4df310..266ac78ef342 100644
--- a/pkg/security/apis/security/v1/defaults.go
+++ b/pkg/security/apis/security/v1/defaults.go
@@ -74,6 +74,14 @@ func SetDefaults_SCC(scc *v1.SecurityContextConstraints) {
}
scc.Volumes = StringSetToFSType(defaultAllowedVolumes)
+
+ // Constraints that do not include this field must remain as permissive as
+ // they were prior to the introduction of this field.
+ if scc.AllowPrivilegeEscalation == nil {
+ t := true
+ scc.AllowPrivilegeEscalation = &t
+ }
+
}
func StringSetToFSType(set sets.String) []v1.FSType {
diff --git a/pkg/security/apis/security/v1/defaults_test.go b/pkg/security/apis/security/v1/defaults_test.go
index 251efd2a9716..89951dc4717a 100644
--- a/pkg/security/apis/security/v1/defaults_test.go
+++ b/pkg/security/apis/security/v1/defaults_test.go
@@ -203,3 +203,12 @@ func TestDefaultSCCVolumes(t *testing.T) {
}
}
}
+
+func TestDefaultAllowPrivilegeEscalation(t *testing.T) {
+ scc := &versioned.SecurityContextConstraints{}
+ output := roundTrip(t, runtime.Object(scc))
+ scc2 := output.(*versioned.SecurityContextConstraints)
+ if scc2.AllowPrivilegeEscalation == nil || *scc2.AllowPrivilegeEscalation != true {
+ t.Errorf("Expected default to true, got: %#v", scc2.AllowPrivilegeEscalation)
+ }
+}
diff --git a/pkg/security/apis/security/v1/zz_generated.conversion.go b/pkg/security/apis/security/v1/zz_generated.conversion.go
index 11983b9d22bb..c1691643c7dd 100644
--- a/pkg/security/apis/security/v1/zz_generated.conversion.go
+++ b/pkg/security/apis/security/v1/zz_generated.conversion.go
@@ -505,6 +505,8 @@ func autoConvert_v1_SecurityContextConstraints_To_security_SecurityContextConstr
out.AllowHostPorts = in.AllowHostPorts
out.AllowHostPID = in.AllowHostPID
out.AllowHostIPC = in.AllowHostIPC
+ out.DefaultAllowPrivilegeEscalation = (*bool)(unsafe.Pointer(in.DefaultAllowPrivilegeEscalation))
+ out.AllowPrivilegeEscalation = (*bool)(unsafe.Pointer(in.AllowPrivilegeEscalation))
if err := Convert_v1_SELinuxContextStrategyOptions_To_security_SELinuxContextStrategyOptions(&in.SELinuxContext, &out.SELinuxContext, s); err != nil {
return err
}
@@ -537,6 +539,8 @@ func autoConvert_security_SecurityContextConstraints_To_v1_SecurityContextConstr
out.AllowHostPorts = in.AllowHostPorts
out.AllowHostPID = in.AllowHostPID
out.AllowHostIPC = in.AllowHostIPC
+ out.DefaultAllowPrivilegeEscalation = (*bool)(unsafe.Pointer(in.DefaultAllowPrivilegeEscalation))
+ out.AllowPrivilegeEscalation = (*bool)(unsafe.Pointer(in.AllowPrivilegeEscalation))
if err := Convert_security_SELinuxContextStrategyOptions_To_v1_SELinuxContextStrategyOptions(&in.SELinuxContext, &out.SELinuxContext, s); err != nil {
return err
}
diff --git a/pkg/security/apis/security/validation/validation.go b/pkg/security/apis/security/validation/validation.go
index f31a55510255..3fb258b391d8 100644
--- a/pkg/security/apis/security/validation/validation.go
+++ b/pkg/security/apis/security/validation/validation.go
@@ -77,6 +77,8 @@ func ValidateSecurityContextConstraints(scc *securityapi.SecurityContextConstrai
"required capabilities must be empty when all capabilities are allowed by a wildcard"))
}
+ allErrs = append(allErrs, validateSCCDefaultAllowPrivilegeEscalation(field.NewPath("defaultAllowPrivilegeEscalation"), scc.DefaultAllowPrivilegeEscalation, scc.AllowPrivilegeEscalation)...)
+
allowsFlexVolumes := false
hasNoneVolume := false
@@ -128,6 +130,16 @@ func validateSCCCapsAgainstDrops(requiredDrops []kapi.Capability, capsToCheck []
return allErrs
}
+// validateSCCDefaultAllowPrivilegeEscalation validates the DefaultAllowPrivilegeEscalation field against the AllowPrivilegeEscalation field of a SecurityContextConstraints.
+func validateSCCDefaultAllowPrivilegeEscalation(fldPath *field.Path, defaultAllowPrivilegeEscalation, allowPrivilegeEscalation *bool) field.ErrorList {
+ allErrs := field.ErrorList{}
+ if defaultAllowPrivilegeEscalation != nil && allowPrivilegeEscalation != nil && *defaultAllowPrivilegeEscalation && !*allowPrivilegeEscalation {
+ allErrs = append(allErrs, field.Invalid(fldPath, defaultAllowPrivilegeEscalation, "Cannot set DefaultAllowPrivilegeEscalation to true without also setting AllowPrivilegeEscalation to true"))
+ }
+
+ return allErrs
+}
+
// hasCap checks for needle in haystack.
func hasCap(needle kapi.Capability, haystack []kapi.Capability) bool {
for _, c := range haystack {
diff --git a/pkg/security/apis/security/validation/validation_test.go b/pkg/security/apis/security/validation/validation_test.go
index 8a0bd60ba088..e258218cd161 100644
--- a/pkg/security/apis/security/validation/validation_test.go
+++ b/pkg/security/apis/security/validation/validation_test.go
@@ -14,6 +14,8 @@ func TestValidateSecurityContextConstraints(t *testing.T) {
var invalidUID int64 = -1
var invalidPriority int32 = -1
var validPriority int32 = 1
+ yes := true
+ no := false
validSCC := func() *securityapi.SecurityContextConstraints {
return &securityapi.SecurityContextConstraints{
@@ -102,6 +104,10 @@ func TestValidateSecurityContextConstraints(t *testing.T) {
nonEmptyFlexVolumes := validSCC()
nonEmptyFlexVolumes.AllowedFlexVolumes = []securityapi.AllowedFlexVolume{{Driver: "example/driver"}}
+ invalidDefaultAllowPrivilegeEscalation := validSCC()
+ invalidDefaultAllowPrivilegeEscalation.DefaultAllowPrivilegeEscalation = &yes
+ invalidDefaultAllowPrivilegeEscalation.AllowPrivilegeEscalation = &no
+
errorCases := map[string]struct {
scc *securityapi.SecurityContextConstraints
errorType field.ErrorType
@@ -202,6 +208,11 @@ func TestValidateSecurityContextConstraints(t *testing.T) {
errorType: field.ErrorTypeInvalid,
errorDetail: "volumes does not include 'flexVolume' or '*', so no flex volumes are allowed",
},
+ "invalid defaultAllowPrivilegeEscalation": {
+ scc: invalidDefaultAllowPrivilegeEscalation,
+ errorType: field.ErrorTypeInvalid,
+ errorDetail: "Cannot set DefaultAllowPrivilegeEscalation to true without also setting AllowPrivilegeEscalation to true",
+ },
}
for k, v := range errorCases {
@@ -244,6 +255,10 @@ func TestValidateSecurityContextConstraints(t *testing.T) {
{Driver: "example/driver2"},
}
+ validDefaultAllowPrivilegeEscalation := validSCC()
+ validDefaultAllowPrivilegeEscalation.DefaultAllowPrivilegeEscalation = &yes
+ validDefaultAllowPrivilegeEscalation.AllowPrivilegeEscalation = &yes
+
successCases := map[string]struct {
scc *securityapi.SecurityContextConstraints
}{
@@ -268,6 +283,9 @@ func TestValidateSecurityContextConstraints(t *testing.T) {
"allow white-listed flexVolume when all volumes are allowed": {
scc: flexvolumeWhenAllVolumesAllowed,
},
+ "valid defaultAllowPrivilegeEscalation as true": {
+ scc: validDefaultAllowPrivilegeEscalation,
+ },
}
for k, v := range successCases {
diff --git a/pkg/security/apis/security/zz_generated.deepcopy.go b/pkg/security/apis/security/zz_generated.deepcopy.go
index 868dbcca7b88..f3bed48970e0 100644
--- a/pkg/security/apis/security/zz_generated.deepcopy.go
+++ b/pkg/security/apis/security/zz_generated.deepcopy.go
@@ -424,6 +424,24 @@ func (in *SecurityContextConstraints) DeepCopyInto(out *SecurityContextConstrain
*out = make([]AllowedFlexVolume, len(*in))
copy(*out, *in)
}
+ if in.DefaultAllowPrivilegeEscalation != nil {
+ in, out := &in.DefaultAllowPrivilegeEscalation, &out.DefaultAllowPrivilegeEscalation
+ if *in == nil {
+ *out = nil
+ } else {
+ *out = new(bool)
+ **out = **in
+ }
+ }
+ if in.AllowPrivilegeEscalation != nil {
+ in, out := &in.AllowPrivilegeEscalation, &out.AllowPrivilegeEscalation
+ if *in == nil {
+ *out = nil
+ } else {
+ *out = new(bool)
+ **out = **in
+ }
+ }
in.SELinuxContext.DeepCopyInto(&out.SELinuxContext)
in.RunAsUser.DeepCopyInto(&out.RunAsUser)
in.SupplementalGroups.DeepCopyInto(&out.SupplementalGroups)
diff --git a/pkg/security/generated/informers/internalversion/factory.go b/pkg/security/generated/informers/internalversion/factory.go
index 3b55b64c5c0f..ba75a39b5a0f 100644
--- a/pkg/security/generated/informers/internalversion/factory.go
+++ b/pkg/security/generated/informers/internalversion/factory.go
@@ -16,12 +16,16 @@ import (
cache "k8s.io/client-go/tools/cache"
)
+// SharedInformerOption defines the functional option type for SharedInformerFactory.
+type SharedInformerOption func(*sharedInformerFactory) *sharedInformerFactory
+
type sharedInformerFactory struct {
client internalclientset.Interface
namespace string
tweakListOptions internalinterfaces.TweakListOptionsFunc
lock sync.Mutex
defaultResync time.Duration
+ customResync map[reflect.Type]time.Duration
informers map[reflect.Type]cache.SharedIndexInformer
// startedInformers is used for tracking which informers have been started.
@@ -29,23 +33,62 @@ type sharedInformerFactory struct {
startedInformers map[reflect.Type]bool
}
-// NewSharedInformerFactory constructs a new instance of sharedInformerFactory
+// WithCustomResyncConfig sets a custom resync period for the specified informer types.
+func WithCustomResyncConfig(resyncConfig map[v1.Object]time.Duration) SharedInformerOption {
+ return func(factory *sharedInformerFactory) *sharedInformerFactory {
+ for k, v := range resyncConfig {
+ factory.customResync[reflect.TypeOf(k)] = v
+ }
+ return factory
+ }
+}
+
+// WithTweakListOptions sets a custom filter on all listers of the configured SharedInformerFactory.
+func WithTweakListOptions(tweakListOptions internalinterfaces.TweakListOptionsFunc) SharedInformerOption {
+ return func(factory *sharedInformerFactory) *sharedInformerFactory {
+ factory.tweakListOptions = tweakListOptions
+ return factory
+ }
+}
+
+// WithNamespace limits the SharedInformerFactory to the specified namespace.
+func WithNamespace(namespace string) SharedInformerOption {
+ return func(factory *sharedInformerFactory) *sharedInformerFactory {
+ factory.namespace = namespace
+ return factory
+ }
+}
+
+// NewSharedInformerFactory constructs a new instance of sharedInformerFactory for all namespaces.
func NewSharedInformerFactory(client internalclientset.Interface, defaultResync time.Duration) SharedInformerFactory {
- return NewFilteredSharedInformerFactory(client, defaultResync, v1.NamespaceAll, nil)
+ return NewSharedInformerFactoryWithOptions(client, defaultResync)
}
// NewFilteredSharedInformerFactory constructs a new instance of sharedInformerFactory.
// Listers obtained via this SharedInformerFactory will be subject to the same filters
// as specified here.
+// Deprecated: Please use NewSharedInformerFactoryWithOptions instead
func NewFilteredSharedInformerFactory(client internalclientset.Interface, defaultResync time.Duration, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) SharedInformerFactory {
- return &sharedInformerFactory{
+ return NewSharedInformerFactoryWithOptions(client, defaultResync, WithNamespace(namespace), WithTweakListOptions(tweakListOptions))
+}
+
+// NewSharedInformerFactoryWithOptions constructs a new instance of a SharedInformerFactory with additional options.
+func NewSharedInformerFactoryWithOptions(client internalclientset.Interface, defaultResync time.Duration, options ...SharedInformerOption) SharedInformerFactory {
+ factory := &sharedInformerFactory{
client: client,
- namespace: namespace,
- tweakListOptions: tweakListOptions,
+ namespace: v1.NamespaceAll,
defaultResync: defaultResync,
informers: make(map[reflect.Type]cache.SharedIndexInformer),
startedInformers: make(map[reflect.Type]bool),
+ customResync: make(map[reflect.Type]time.Duration),
+ }
+
+ // Apply all options
+ for _, opt := range options {
+ factory = opt(factory)
}
+
+ return factory
}
// Start initializes all requested informers.
@@ -94,7 +137,13 @@ func (f *sharedInformerFactory) InformerFor(obj runtime.Object, newFunc internal
if exists {
return informer
}
- informer = newFunc(f.client, f.defaultResync)
+
+ resyncPeriod, exists := f.customResync[informerType]
+ if !exists {
+ resyncPeriod = f.defaultResync
+ }
+
+ informer = newFunc(f.client, resyncPeriod)
f.informers[informerType] = informer
return informer
diff --git a/pkg/security/securitycontextconstraints/provider.go b/pkg/security/securitycontextconstraints/provider.go
index f72974855a32..06e77969a5eb 100644
--- a/pkg/security/securitycontextconstraints/provider.go
+++ b/pkg/security/securitycontextconstraints/provider.go
@@ -200,6 +200,17 @@ func (s *simpleProvider) CreateContainerSecurityContext(pod *api.Pod, container
sc.SetReadOnlyRootFilesystem(&readOnlyRootFS)
}
+ // if the SCC sets DefaultAllowPrivilegeEscalation and the container security context
+ // allowPrivilegeEscalation is not set, then default to that set by the SCC.
+ if s.scc.DefaultAllowPrivilegeEscalation != nil && sc.AllowPrivilegeEscalation() == nil {
+ sc.SetAllowPrivilegeEscalation(s.scc.DefaultAllowPrivilegeEscalation)
+ }
+
+ // if the SCC sets AllowPrivilegeEscalation to false set that as the default
+ if s.scc.AllowPrivilegeEscalation != nil && !*s.scc.AllowPrivilegeEscalation && sc.AllowPrivilegeEscalation() == nil {
+ sc.SetAllowPrivilegeEscalation(s.scc.AllowPrivilegeEscalation)
+ }
+
return sc.ContainerSecurityContext(), nil
}
@@ -328,6 +339,17 @@ func (s *simpleProvider) ValidateContainerSecurityContext(pod *api.Pod, containe
}
}
+ allowEscalation := sc.AllowPrivilegeEscalation()
+ if s.scc.AllowPrivilegeEscalation != nil && !*s.scc.AllowPrivilegeEscalation {
+ if allowEscalation == nil {
+ allErrs = append(allErrs, field.Invalid(fldPath.Child("allowPrivilegeEscalation"), allowEscalation, "Allowing privilege escalation for containers is not allowed"))
+ }
+
+ if allowEscalation != nil && *allowEscalation {
+ allErrs = append(allErrs, field.Invalid(fldPath.Child("allowPrivilegeEscalation"), *allowEscalation, "Allowing privilege escalation for containers is not allowed"))
+ }
+ }
+
return allErrs
}
diff --git a/pkg/security/securitycontextconstraints/provider_test.go b/pkg/security/securitycontextconstraints/provider_test.go
index d02bbbb666a7..0ac958841dd3 100644
--- a/pkg/security/securitycontextconstraints/provider_test.go
+++ b/pkg/security/securitycontextconstraints/provider_test.go
@@ -934,3 +934,60 @@ func TestValidateAllowedVolumes(t *testing.T) {
}
}
}
+
+// TestValidateAllowPrivilegeEscalation will test that when the SecurityContextConstraints
+// AllowPrivilegeEscalation is false we cannot set a container's securityContext
+// to allowPrivilegeEscalation, but when it is true we can.
+func TestValidateAllowPrivilegeEscalation(t *testing.T) {
+ yes := true
+ no := false
+
+ pod := defaultPod()
+ pod.Spec.Containers[0].SecurityContext.AllowPrivilegeEscalation = &yes
+
+ // create a SCC that does not allow privilege escalation
+ scc := defaultSCC()
+ scc.AllowPrivilegeEscalation = &no
+
+ provider, err := NewSimpleProvider(scc)
+ if err != nil {
+ t.Errorf("error creating provider: %v", err.Error())
+ }
+
+ // expect a denial for this SCC and test the error message to ensure it's related to allowPrivilegeEscalation
+ errs := provider.ValidateContainerSecurityContext(pod, &pod.Spec.Containers[0], field.NewPath(""))
+ if len(errs) != 1 {
+ t.Errorf("expected exactly 1 error but got %v", errs)
+ } else {
+ if !strings.Contains(errs.ToAggregate().Error(), "Allowing privilege escalation for containers is not allowed") {
+ t.Errorf("did not find the expected error, received: %v", errs)
+ }
+ }
+
+ // Now set AllowPrivilegeEscalation
+ scc.AllowPrivilegeEscalation = &yes
+ errs = provider.ValidateContainerSecurityContext(pod, &pod.Spec.Containers[0], field.NewPath(""))
+ if len(errs) != 0 {
+ t.Errorf("directly allowing privilege escalation expected no errors but got %v", errs)
+ }
+
+ // Now set the scc spec to false and reset AllowPrivilegeEscalation
+ scc.AllowPrivilegeEscalation = &no
+ pod.Spec.Containers[0].SecurityContext.AllowPrivilegeEscalation = nil
+ errs = provider.ValidateContainerSecurityContext(pod, &pod.Spec.Containers[0], field.NewPath(""))
+ if len(errs) != 1 {
+ t.Errorf("expected exactly 1 error but got %v", errs)
+ } else {
+ if !strings.Contains(errs.ToAggregate().Error(), "Allowing privilege escalation for containers is not allowed") {
+ t.Errorf("did not find the expected error, received: %v", errs)
+ }
+ }
+
+ // Now unset both AllowPrivilegeEscalation
+ scc.AllowPrivilegeEscalation = &yes
+ pod.Spec.Containers[0].SecurityContext.AllowPrivilegeEscalation = nil
+ errs = provider.ValidateContainerSecurityContext(pod, &pod.Spec.Containers[0], field.NewPath(""))
+ if len(errs) != 0 {
+ t.Errorf("resetting allowing privilege escalation expected no errors but got %v", errs)
+ }
+}
diff --git a/pkg/template/generated/informers/internalversion/factory.go b/pkg/template/generated/informers/internalversion/factory.go
index 7065e42d62f4..f266c0e44c91 100644
--- a/pkg/template/generated/informers/internalversion/factory.go
+++ b/pkg/template/generated/informers/internalversion/factory.go
@@ -16,12 +16,16 @@ import (
cache "k8s.io/client-go/tools/cache"
)
+// SharedInformerOption defines the functional option type for SharedInformerFactory.
+type SharedInformerOption func(*sharedInformerFactory) *sharedInformerFactory
+
type sharedInformerFactory struct {
client internalclientset.Interface
namespace string
tweakListOptions internalinterfaces.TweakListOptionsFunc
lock sync.Mutex
defaultResync time.Duration
+ customResync map[reflect.Type]time.Duration
informers map[reflect.Type]cache.SharedIndexInformer
// startedInformers is used for tracking which informers have been started.
@@ -29,23 +33,62 @@ type sharedInformerFactory struct {
startedInformers map[reflect.Type]bool
}
-// NewSharedInformerFactory constructs a new instance of sharedInformerFactory
+// WithCustomResyncConfig sets a custom resync period for the specified informer types.
+func WithCustomResyncConfig(resyncConfig map[v1.Object]time.Duration) SharedInformerOption {
+ return func(factory *sharedInformerFactory) *sharedInformerFactory {
+ for k, v := range resyncConfig {
+ factory.customResync[reflect.TypeOf(k)] = v
+ }
+ return factory
+ }
+}
+
+// WithTweakListOptions sets a custom filter on all listers of the configured SharedInformerFactory.
+func WithTweakListOptions(tweakListOptions internalinterfaces.TweakListOptionsFunc) SharedInformerOption {
+ return func(factory *sharedInformerFactory) *sharedInformerFactory {
+ factory.tweakListOptions = tweakListOptions
+ return factory
+ }
+}
+
+// WithNamespace limits the SharedInformerFactory to the specified namespace.
+func WithNamespace(namespace string) SharedInformerOption {
+ return func(factory *sharedInformerFactory) *sharedInformerFactory {
+ factory.namespace = namespace
+ return factory
+ }
+}
+
+// NewSharedInformerFactory constructs a new instance of sharedInformerFactory for all namespaces.
func NewSharedInformerFactory(client internalclientset.Interface, defaultResync time.Duration) SharedInformerFactory {
- return NewFilteredSharedInformerFactory(client, defaultResync, v1.NamespaceAll, nil)
+ return NewSharedInformerFactoryWithOptions(client, defaultResync)
}
// NewFilteredSharedInformerFactory constructs a new instance of sharedInformerFactory.
// Listers obtained via this SharedInformerFactory will be subject to the same filters
// as specified here.
+// Deprecated: Please use NewSharedInformerFactoryWithOptions instead
func NewFilteredSharedInformerFactory(client internalclientset.Interface, defaultResync time.Duration, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) SharedInformerFactory {
- return &sharedInformerFactory{
+ return NewSharedInformerFactoryWithOptions(client, defaultResync, WithNamespace(namespace), WithTweakListOptions(tweakListOptions))
+}
+
+// NewSharedInformerFactoryWithOptions constructs a new instance of a SharedInformerFactory with additional options.
+func NewSharedInformerFactoryWithOptions(client internalclientset.Interface, defaultResync time.Duration, options ...SharedInformerOption) SharedInformerFactory {
+ factory := &sharedInformerFactory{
client: client,
- namespace: namespace,
- tweakListOptions: tweakListOptions,
+ namespace: v1.NamespaceAll,
defaultResync: defaultResync,
informers: make(map[reflect.Type]cache.SharedIndexInformer),
startedInformers: make(map[reflect.Type]bool),
+ customResync: make(map[reflect.Type]time.Duration),
+ }
+
+ // Apply all options
+ for _, opt := range options {
+ factory = opt(factory)
}
+
+ return factory
}
// Start initializes all requested informers.
@@ -94,7 +137,13 @@ func (f *sharedInformerFactory) InformerFor(obj runtime.Object, newFunc internal
if exists {
return informer
}
- informer = newFunc(f.client, f.defaultResync)
+
+ resyncPeriod, exists := f.customResync[informerType]
+ if !exists {
+ resyncPeriod = f.defaultResync
+ }
+
+ informer = newFunc(f.client, resyncPeriod)
f.informers[informerType] = informer
return informer
diff --git a/pkg/user/generated/informers/internalversion/factory.go b/pkg/user/generated/informers/internalversion/factory.go
index 28da0e3aa8b7..5c15373acfbd 100644
--- a/pkg/user/generated/informers/internalversion/factory.go
+++ b/pkg/user/generated/informers/internalversion/factory.go
@@ -16,12 +16,16 @@ import (
cache "k8s.io/client-go/tools/cache"
)
+// SharedInformerOption defines the functional option type for SharedInformerFactory.
+type SharedInformerOption func(*sharedInformerFactory) *sharedInformerFactory
+
type sharedInformerFactory struct {
client internalclientset.Interface
namespace string
tweakListOptions internalinterfaces.TweakListOptionsFunc
lock sync.Mutex
defaultResync time.Duration
+ customResync map[reflect.Type]time.Duration
informers map[reflect.Type]cache.SharedIndexInformer
// startedInformers is used for tracking which informers have been started.
@@ -29,23 +33,62 @@ type sharedInformerFactory struct {
startedInformers map[reflect.Type]bool
}
-// NewSharedInformerFactory constructs a new instance of sharedInformerFactory
+// WithCustomResyncConfig sets a custom resync period for the specified informer types.
+func WithCustomResyncConfig(resyncConfig map[v1.Object]time.Duration) SharedInformerOption {
+ return func(factory *sharedInformerFactory) *sharedInformerFactory {
+ for k, v := range resyncConfig {
+ factory.customResync[reflect.TypeOf(k)] = v
+ }
+ return factory
+ }
+}
+
+// WithTweakListOptions sets a custom filter on all listers of the configured SharedInformerFactory.
+func WithTweakListOptions(tweakListOptions internalinterfaces.TweakListOptionsFunc) SharedInformerOption {
+ return func(factory *sharedInformerFactory) *sharedInformerFactory {
+ factory.tweakListOptions = tweakListOptions
+ return factory
+ }
+}
+
+// WithNamespace limits the SharedInformerFactory to the specified namespace.
+func WithNamespace(namespace string) SharedInformerOption {
+ return func(factory *sharedInformerFactory) *sharedInformerFactory {
+ factory.namespace = namespace
+ return factory
+ }
+}
+
+// NewSharedInformerFactory constructs a new instance of sharedInformerFactory for all namespaces.
func NewSharedInformerFactory(client internalclientset.Interface, defaultResync time.Duration) SharedInformerFactory {
- return NewFilteredSharedInformerFactory(client, defaultResync, v1.NamespaceAll, nil)
+ return NewSharedInformerFactoryWithOptions(client, defaultResync)
}
// NewFilteredSharedInformerFactory constructs a new instance of sharedInformerFactory.
// Listers obtained via this SharedInformerFactory will be subject to the same filters
// as specified here.
+// Deprecated: Please use NewSharedInformerFactoryWithOptions instead
func NewFilteredSharedInformerFactory(client internalclientset.Interface, defaultResync time.Duration, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) SharedInformerFactory {
- return &sharedInformerFactory{
+ return NewSharedInformerFactoryWithOptions(client, defaultResync, WithNamespace(namespace), WithTweakListOptions(tweakListOptions))
+}
+
+// NewSharedInformerFactoryWithOptions constructs a new instance of a SharedInformerFactory with additional options.
+func NewSharedInformerFactoryWithOptions(client internalclientset.Interface, defaultResync time.Duration, options ...SharedInformerOption) SharedInformerFactory {
+ factory := &sharedInformerFactory{
client: client,
- namespace: namespace,
- tweakListOptions: tweakListOptions,
+ namespace: v1.NamespaceAll,
defaultResync: defaultResync,
informers: make(map[reflect.Type]cache.SharedIndexInformer),
startedInformers: make(map[reflect.Type]bool),
+ customResync: make(map[reflect.Type]time.Duration),
+ }
+
+ // Apply all options
+ for _, opt := range options {
+ factory = opt(factory)
}
+
+ return factory
}
// Start initializes all requested informers.
@@ -94,7 +137,13 @@ func (f *sharedInformerFactory) InformerFor(obj runtime.Object, newFunc internal
if exists {
return informer
}
- informer = newFunc(f.client, f.defaultResync)
+
+ resyncPeriod, exists := f.customResync[informerType]
+ if !exists {
+ resyncPeriod = f.defaultResync
+ }
+
+ informer = newFunc(f.client, resyncPeriod)
f.informers[informerType] = informer
return informer
diff --git a/vendor/github.com/blang/semver/.gx/lastpubver b/vendor/github.com/blang/semver/.gx/lastpubver
index 27ed26783817..073ce1eff629 100644
--- a/vendor/github.com/blang/semver/.gx/lastpubver
+++ b/vendor/github.com/blang/semver/.gx/lastpubver
@@ -1 +1 @@
-3.5.1: QmYRGECuvQnRX73fcvPnGbYijBcGN2HbKZQ7jh26qmLiHG
+3.4.0: QmZTgGMg34JKEvF1hjr7wwYESvFhg9Khv2WFibDAi5dhno
diff --git a/vendor/github.com/blang/semver/.travis.yml b/vendor/github.com/blang/semver/.travis.yml
deleted file mode 100644
index 102fb9a691b6..000000000000
--- a/vendor/github.com/blang/semver/.travis.yml
+++ /dev/null
@@ -1,21 +0,0 @@
-language: go
-matrix:
- include:
- - go: 1.4.3
- - go: 1.5.4
- - go: 1.6.3
- - go: 1.7
- - go: tip
- allow_failures:
- - go: tip
-install:
-- go get golang.org/x/tools/cmd/cover
-- go get github.com/mattn/goveralls
-script:
-- echo "Test and track coverage" ; $HOME/gopath/bin/goveralls -package "." -service=travis-ci
- -repotoken $COVERALLS_TOKEN
-- echo "Build examples" ; cd examples && go build
-- echo "Check if gofmt'd" ; diff -u <(echo -n) <(gofmt -d -s .)
-env:
- global:
- secure: HroGEAUQpVq9zX1b1VIkraLiywhGbzvNnTZq2TMxgK7JHP8xqNplAeF1izrR2i4QLL9nsY+9WtYss4QuPvEtZcVHUobw6XnL6radF7jS1LgfYZ9Y7oF+zogZ2I5QUMRLGA7rcxQ05s7mKq3XZQfeqaNts4bms/eZRefWuaFZbkw=
diff --git a/vendor/github.com/blang/semver/README.md b/vendor/github.com/blang/semver/README.md
index 6af4dde752e9..4399639e230f 100644
--- a/vendor/github.com/blang/semver/README.md
+++ b/vendor/github.com/blang/semver/README.md
@@ -1,4 +1,4 @@
-semver for golang [](https://travis-ci.org/blang/semver) [](https://godoc.org/github.com/blang/semver) [](https://coveralls.io/r/blang/semver?branch=master) [](https://goreportcard.com/report/github.com/blang/semver)
+semver for golang [](https://drone.io/github.com/blang/semver/latest) [](https://godoc.org/github.com/blang/semver) [](https://coveralls.io/r/blang/semver?branch=master)
======
semver is a [Semantic Versioning](http://semver.org/) library written in golang. It fully covers spec version `2.0.0`.
@@ -41,7 +41,6 @@ Features
- Compare Helper Methods
- InPlace manipulation
- Ranges `>=1.0.0 <2.0.0 || >=3.0.0 !3.0.1-beta.1`
-- Wildcards `>=1.x`, `<=2.5.x`
- Sortable (implements sort.Interface)
- database/sql compatible (sql.Scanner/Valuer)
- encoding/json compatible (json.Marshaler/Unmarshaler)
@@ -60,8 +59,6 @@ A condition is composed of an operator and a version. The supported operators ar
- `1.0.0`, `=1.0.0`, `==1.0.0` Equal to `1.0.0`
- `!1.0.0`, `!=1.0.0` Not equal to `1.0.0`. Excludes version `1.0.0`.
-Note that spaces between the operator and the version will be gracefully tolerated.
-
A `Range` can link multiple `Ranges` separated by space:
Ranges can be linked by logical AND:
diff --git a/vendor/github.com/blang/semver/package.json b/vendor/github.com/blang/semver/package.json
index 1cf8ebdd9c18..568be8d9431d 100644
--- a/vendor/github.com/blang/semver/package.json
+++ b/vendor/github.com/blang/semver/package.json
@@ -12,6 +12,6 @@
"license": "MIT",
"name": "semver",
"releaseCmd": "git commit -a -m \"gx publish $VERSION\"",
- "version": "3.5.1"
+ "version": "3.4.0"
}
diff --git a/vendor/github.com/blang/semver/range_test.go b/vendor/github.com/blang/semver/range_test.go
index fc116704f903..83ee9c7878fe 100644
--- a/vendor/github.com/blang/semver/range_test.go
+++ b/vendor/github.com/blang/semver/range_test.go
@@ -175,13 +175,13 @@ func TestSplitORParts(t *testing.T) {
o [][]string
}{
{[]string{">1.2.3", "||", "<1.2.3", "||", "=1.2.3"}, [][]string{
- {">1.2.3"},
- {"<1.2.3"},
- {"=1.2.3"},
+ []string{">1.2.3"},
+ []string{"<1.2.3"},
+ []string{"=1.2.3"},
}},
{[]string{">1.2.3", "<1.2.3", "||", "=1.2.3"}, [][]string{
- {">1.2.3", "<1.2.3"},
- {"=1.2.3"},
+ []string{">1.2.3", "<1.2.3"},
+ []string{"=1.2.3"},
}},
{[]string{">1.2.3", "||"}, nil},
{[]string{"||", ">1.2.3"}, nil},
@@ -271,19 +271,19 @@ func TestExpandWildcardVersion(t *testing.T) {
i [][]string
o [][]string
}{
- {[][]string{{"foox"}}, nil},
- {[][]string{{">=1.2.x"}}, [][]string{{">=1.2.0"}}},
- {[][]string{{"<=1.2.x"}}, [][]string{{"<1.3.0"}}},
- {[][]string{{">1.2.x"}}, [][]string{{">=1.3.0"}}},
- {[][]string{{"<1.2.x"}}, [][]string{{"<1.2.0"}}},
- {[][]string{{"!=1.2.x"}}, [][]string{{"<1.2.0", ">=1.3.0"}}},
- {[][]string{{">=1.x"}}, [][]string{{">=1.0.0"}}},
- {[][]string{{"<=1.x"}}, [][]string{{"<2.0.0"}}},
- {[][]string{{">1.x"}}, [][]string{{">=2.0.0"}}},
- {[][]string{{"<1.x"}}, [][]string{{"<1.0.0"}}},
- {[][]string{{"!=1.x"}}, [][]string{{"<1.0.0", ">=2.0.0"}}},
- {[][]string{{"1.2.x"}}, [][]string{{">=1.2.0", "<1.3.0"}}},
- {[][]string{{"1.x"}}, [][]string{{">=1.0.0", "<2.0.0"}}},
+ {[][]string{[]string{"foox"}}, nil},
+ {[][]string{[]string{">=1.2.x"}}, [][]string{[]string{">=1.2.0"}}},
+ {[][]string{[]string{"<=1.2.x"}}, [][]string{[]string{"<1.3.0"}}},
+ {[][]string{[]string{">1.2.x"}}, [][]string{[]string{">=1.3.0"}}},
+ {[][]string{[]string{"<1.2.x"}}, [][]string{[]string{"<1.2.0"}}},
+ {[][]string{[]string{"!=1.2.x"}}, [][]string{[]string{"<1.2.0", ">=1.3.0"}}},
+ {[][]string{[]string{">=1.x"}}, [][]string{[]string{">=1.0.0"}}},
+ {[][]string{[]string{"<=1.x"}}, [][]string{[]string{"<2.0.0"}}},
+ {[][]string{[]string{">1.x"}}, [][]string{[]string{">=2.0.0"}}},
+ {[][]string{[]string{"<1.x"}}, [][]string{[]string{"<1.0.0"}}},
+ {[][]string{[]string{"!=1.x"}}, [][]string{[]string{"<1.0.0", ">=2.0.0"}}},
+ {[][]string{[]string{"1.2.x"}}, [][]string{[]string{">=1.2.0", "<1.3.0"}}},
+ {[][]string{[]string{"1.x"}}, [][]string{[]string{">=1.0.0", "<2.0.0"}}},
}
for _, tc := range tests {
diff --git a/vendor/github.com/blang/semver/semver.go b/vendor/github.com/blang/semver/semver.go
index ec26aa03fd8a..8ee0842e6ac7 100644
--- a/vendor/github.com/blang/semver/semver.go
+++ b/vendor/github.com/blang/semver/semver.go
@@ -26,7 +26,7 @@ type Version struct {
Minor uint64
Patch uint64
Pre []PRVersion
- Build []string //No Precedence
+ Build []string //No Precendence
}
// Version to string
diff --git a/vendor/github.com/openshift/api/build/v1/generated.pb.go b/vendor/github.com/openshift/api/build/v1/generated.pb.go
index 2e83d48c165b..8cc4518e3305 100644
--- a/vendor/github.com/openshift/api/build/v1/generated.pb.go
+++ b/vendor/github.com/openshift/api/build/v1/generated.pb.go
@@ -2181,6 +2181,14 @@ func (m *ImageChangeTrigger) MarshalTo(dAtA []byte) (int, error) {
}
i += n69
}
+ dAtA[i] = 0x18
+ i++
+ if m.Paused {
+ dAtA[i] = 1
+ } else {
+ dAtA[i] = 0
+ }
+ i++
return i, nil
}
@@ -3469,6 +3477,7 @@ func (m *ImageChangeTrigger) Size() (n int) {
l = m.From.Size()
n += 1 + l + sovGenerated(uint64(l))
}
+ n += 2
return n
}
@@ -4176,6 +4185,7 @@ func (this *ImageChangeTrigger) String() string {
s := strings.Join([]string{`&ImageChangeTrigger{`,
`LastTriggeredImageID:` + fmt.Sprintf("%v", this.LastTriggeredImageID) + `,`,
`From:` + strings.Replace(fmt.Sprintf("%v", this.From), "ObjectReference", "k8s_io_api_core_v1.ObjectReference", 1) + `,`,
+ `Paused:` + fmt.Sprintf("%v", this.Paused) + `,`,
`}`,
}, "")
return s
@@ -10476,6 +10486,26 @@ func (m *ImageChangeTrigger) Unmarshal(dAtA []byte) error {
return err
}
iNdEx = postIndex
+ case 3:
+ if wireType != 0 {
+ return fmt.Errorf("proto: wrong wireType = %d for field Paused", wireType)
+ }
+ var v int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ v |= (int(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ m.Paused = bool(v != 0)
default:
iNdEx = preIndex
skippy, err := skipGenerated(dAtA[iNdEx:])
@@ -12662,248 +12692,249 @@ func init() {
}
var fileDescriptorGenerated = []byte{
- // 3879 bytes of a gzipped FileDescriptorProto
- 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xdc, 0x5b, 0xcd, 0x6f, 0x1b, 0x49,
- 0x76, 0x77, 0x93, 0x14, 0x45, 0x3e, 0xca, 0xfa, 0x28, 0xc9, 0x63, 0x5a, 0xeb, 0x15, 0x3d, 0x3d,
- 0x98, 0x85, 0x27, 0xe3, 0xa1, 0x56, 0x1a, 0xdb, 0xf1, 0xee, 0x22, 0x1b, 0x88, 0x92, 0x6c, 0xcb,
- 0x2b, 0xdb, 0x42, 0x51, 0x6b, 0x3b, 0x3b, 0xc6, 0x26, 0xad, 0x56, 0x91, 0xea, 0x51, 0xb3, 0x9b,
- 0xee, 0x6a, 0x6a, 0x46, 0x0b, 0x04, 0x18, 0x04, 0x58, 0x0c, 0x76, 0xf7, 0x92, 0xbd, 0x2c, 0x92,
- 0x5c, 0x92, 0x20, 0xc8, 0x21, 0xc8, 0x29, 0x87, 0x00, 0x0b, 0xec, 0x25, 0x40, 0xf6, 0xe0, 0x43,
- 0x0e, 0x03, 0x24, 0x87, 0x01, 0x32, 0x20, 0x32, 0xcc, 0x21, 0xff, 0x83, 0x73, 0x09, 0xea, 0xa3,
- 0xbb, 0xab, 0x9b, 0x4d, 0xb9, 0x29, 0x79, 0x9c, 0x49, 0x6e, 0xe2, 0xfb, 0xf8, 0xbd, 0xaa, 0xea,
- 0x57, 0xf5, 0x3e, 0xaa, 0x04, 0x2b, 0x6d, 0xcb, 0x3f, 0xe8, 0xed, 0xd5, 0x4d, 0xb7, 0xb3, 0xec,
- 0x76, 0x89, 0x43, 0x0f, 0xac, 0x96, 0xbf, 0x6c, 0x74, 0xad, 0xe5, 0xbd, 0x9e, 0x65, 0xef, 0x2f,
- 0x1f, 0xad, 0x2c, 0xb7, 0x89, 0x43, 0x3c, 0xc3, 0x27, 0xfb, 0xf5, 0xae, 0xe7, 0xfa, 0x2e, 0x7a,
- 0x33, 0x52, 0xa9, 0x87, 0x2a, 0x75, 0xa3, 0x6b, 0xd5, 0xb9, 0x4a, 0xfd, 0x68, 0x65, 0xf1, 0x3d,
- 0x05, 0xb5, 0xed, 0xb6, 0xdd, 0x65, 0xae, 0xb9, 0xd7, 0x6b, 0xf1, 0x5f, 0xfc, 0x07, 0xff, 0x4b,
- 0x20, 0x2e, 0xea, 0x87, 0xb7, 0x68, 0xdd, 0x72, 0xb9, 0x59, 0xd3, 0xf5, 0x48, 0x8a, 0xd5, 0xc5,
- 0xeb, 0x91, 0x4c, 0xc7, 0x30, 0x0f, 0x2c, 0x87, 0x78, 0xc7, 0xcb, 0xdd, 0xc3, 0x36, 0x23, 0xd0,
- 0xe5, 0x0e, 0xf1, 0x8d, 0x34, 0xad, 0xe5, 0x51, 0x5a, 0x5e, 0xcf, 0xf1, 0xad, 0x0e, 0x19, 0x52,
- 0xb8, 0xf9, 0x32, 0x05, 0x6a, 0x1e, 0x90, 0x8e, 0x31, 0xa4, 0xf7, 0xfe, 0x28, 0xbd, 0x9e, 0x6f,
- 0xd9, 0xcb, 0x96, 0xe3, 0x53, 0xdf, 0x4b, 0x2a, 0xe9, 0xff, 0x54, 0x80, 0x4b, 0x0d, 0xcb, 0x31,
- 0xbc, 0xe3, 0x06, 0x5b, 0x39, 0x4c, 0x9e, 0xf5, 0x08, 0xf5, 0x1f, 0x76, 0x7d, 0xcb, 0x75, 0x28,
- 0xfa, 0x23, 0x28, 0xb1, 0x69, 0xed, 0x1b, 0xbe, 0x51, 0xd5, 0xae, 0x68, 0x57, 0x2b, 0xab, 0xdf,
- 0xae, 0x0b, 0x2b, 0x75, 0xd5, 0x4a, 0xbd, 0x7b, 0xd8, 0x66, 0x04, 0x5a, 0x67, 0xd2, 0xf5, 0xa3,
- 0x95, 0xfa, 0xc3, 0xbd, 0x0f, 0x89, 0xe9, 0xdf, 0x27, 0xbe, 0xd1, 0x40, 0xcf, 0xfb, 0xb5, 0x73,
- 0x83, 0x7e, 0x0d, 0x22, 0x1a, 0x0e, 0x51, 0xd1, 0xb7, 0xa0, 0x68, 0xd0, 0xdb, 0x96, 0x4d, 0xaa,
- 0xb9, 0x2b, 0xda, 0xd5, 0x72, 0x63, 0x5a, 0x4a, 0x17, 0xd7, 0x38, 0x15, 0x4b, 0x2e, 0xba, 0x09,
- 0xd3, 0x1e, 0x39, 0xb2, 0xa8, 0xe5, 0x3a, 0xeb, 0x6e, 0xa7, 0x63, 0xf9, 0xd5, 0x7c, 0x5c, 0x5e,
- 0x50, 0x71, 0x42, 0x0a, 0x7d, 0x07, 0x66, 0x02, 0xca, 0x7d, 0x42, 0xa9, 0xd1, 0x26, 0xd5, 0x02,
- 0x57, 0x9c, 0x91, 0x8a, 0x93, 0x92, 0x8c, 0x93, 0x72, 0xa8, 0x01, 0x28, 0x20, 0xad, 0xf5, 0xfc,
- 0x03, 0xd7, 0x7b, 0x60, 0x74, 0x48, 0x75, 0x82, 0x6b, 0x87, 0x93, 0x8a, 0x38, 0x38, 0x45, 0x1a,
- 0x6d, 0xc2, 0x7c, 0x9c, 0xba, 0xd9, 0x31, 0x2c, 0xbb, 0x5a, 0xe4, 0x20, 0xf3, 0x12, 0xa4, 0xa2,
- 0xb0, 0x70, 0x9a, 0x3c, 0xfa, 0x01, 0x5c, 0x88, 0xcf, 0xcb, 0x27, 0x62, 0x34, 0x93, 0x1c, 0xe8,
- 0x82, 0x04, 0x3a, 0x1f, 0x63, 0xe2, 0x74, 0x1d, 0xf4, 0x00, 0xde, 0x18, 0x62, 0x88, 0x61, 0x95,
- 0x38, 0xda, 0x1b, 0x12, 0x6d, 0x3a, 0xce, 0xc5, 0x23, 0xb4, 0xf4, 0xef, 0xc1, 0x9c, 0xe2, 0x41,
- 0x4d, 0xb7, 0xe7, 0x99, 0x44, 0xf9, 0xae, 0xda, 0x49, 0xdf, 0x55, 0xff, 0xb9, 0x06, 0x17, 0x1a,
- 0x96, 0xbf, 0xd7, 0x33, 0x0f, 0x89, 0xff, 0x98, 0xec, 0xdd, 0x75, 0xdd, 0xc3, 0x75, 0xa3, 0x47,
- 0x09, 0x7a, 0x06, 0x60, 0xba, 0x9d, 0x8e, 0xeb, 0x34, 0xbb, 0xc4, 0x94, 0xde, 0x77, 0xa3, 0xfe,
- 0xd2, 0x8d, 0x5f, 0x5f, 0xe7, 0x4a, 0x2a, 0x54, 0x63, 0x51, 0x1a, 0x47, 0xc3, 0x3c, 0xac, 0x18,
- 0xd1, 0x7f, 0x99, 0x83, 0x09, 0x3e, 0x89, 0xd7, 0xe0, 0xf8, 0x0f, 0xa0, 0x40, 0xd9, 0xc4, 0x72,
- 0x1c, 0xfd, 0x5a, 0x86, 0x89, 0x89, 0xe5, 0xed, 0x12, 0xb3, 0x31, 0x25, 0x91, 0x0b, 0xec, 0x17,
- 0xe6, 0x38, 0xe8, 0x11, 0x14, 0xa9, 0x6f, 0xf8, 0x3d, 0xca, 0x37, 0x46, 0x65, 0xb5, 0x9e, 0x19,
- 0x91, 0x6b, 0x45, 0x1f, 0x48, 0xfc, 0xc6, 0x12, 0x4d, 0xff, 0x9b, 0x1c, 0x54, 0xb8, 0xdc, 0xba,
- 0xeb, 0xb4, 0xac, 0xf6, 0x6b, 0x58, 0x99, 0xdd, 0xd8, 0xca, 0xac, 0x66, 0x9d, 0x87, 0x18, 0xdf,
- 0xc8, 0xf5, 0x79, 0x9a, 0x58, 0x9f, 0xeb, 0x63, 0xe2, 0x9e, 0xbc, 0x4a, 0xbf, 0xd5, 0x60, 0x46,
- 0x91, 0xde, 0xb6, 0xa8, 0x8f, 0x9e, 0x0e, 0xad, 0x54, 0x3d, 0xdb, 0x4a, 0x31, 0x6d, 0xbe, 0x4e,
- 0xb3, 0xd2, 0x5a, 0x29, 0xa0, 0x28, 0xab, 0xd4, 0x84, 0x09, 0xcb, 0x27, 0x1d, 0x5a, 0xcd, 0x5d,
- 0xc9, 0x8f, 0xf3, 0xb9, 0xc5, 0x00, 0x1b, 0xe7, 0x25, 0xf4, 0xc4, 0x16, 0x03, 0xc1, 0x02, 0x4b,
- 0xff, 0x22, 0x1f, 0x9b, 0x06, 0x5b, 0x3e, 0x64, 0x42, 0xc9, 0xf7, 0xac, 0x76, 0x9b, 0x78, 0xb4,
- 0xaa, 0x71, 0x5b, 0x37, 0xb2, 0xda, 0xda, 0x15, 0x7a, 0x3b, 0xae, 0x6d, 0x99, 0xc7, 0xd1, 0x6c,
- 0x24, 0x99, 0xe2, 0x10, 0x18, 0xad, 0x41, 0xd9, 0xeb, 0x39, 0x42, 0x50, 0x46, 0x82, 0xb7, 0xa4,
- 0x78, 0x19, 0x07, 0x8c, 0x17, 0xfd, 0xda, 0xb4, 0x88, 0x52, 0x01, 0x05, 0x47, 0x5a, 0xc8, 0x88,
- 0x9d, 0x17, 0xe2, 0x23, 0xbf, 0x97, 0xf9, 0xbc, 0xe0, 0x7e, 0x13, 0xfa, 0x65, 0x44, 0x53, 0xcf,
- 0x07, 0xb4, 0x0f, 0x97, 0x69, 0xcf, 0x34, 0x09, 0xa5, 0xad, 0x9e, 0xcd, 0x47, 0x42, 0xef, 0x5a,
- 0xd4, 0x77, 0xbd, 0xe3, 0x6d, 0x8b, 0x85, 0x24, 0x16, 0x59, 0x26, 0x1a, 0x57, 0x06, 0xfd, 0xda,
- 0xe5, 0xe6, 0x09, 0x72, 0xf8, 0x44, 0x14, 0xf4, 0x04, 0xaa, 0x2d, 0xc3, 0xb2, 0xc9, 0x7e, 0x8a,
- 0x85, 0x09, 0x6e, 0xe1, 0xf2, 0xa0, 0x5f, 0xab, 0xde, 0x1e, 0x21, 0x83, 0x47, 0x6a, 0xeb, 0xf7,
- 0x60, 0x6e, 0xc8, 0xa5, 0xd1, 0x0d, 0xa8, 0xd8, 0x06, 0xf5, 0x1f, 0x11, 0x8f, 0x9d, 0xed, 0xdc,
- 0x53, 0xf3, 0x51, 0x68, 0xda, 0x8e, 0x58, 0x58, 0x95, 0xd3, 0x7f, 0xad, 0x41, 0x99, 0x83, 0xbd,
- 0x06, 0x5f, 0xbf, 0x1f, 0xf7, 0xf5, 0xab, 0x59, 0xfd, 0x6f, 0x84, 0x97, 0x03, 0x94, 0xc4, 0xc8,
- 0xdd, 0xb6, 0xfe, 0x69, 0x41, 0x7a, 0xfc, 0xb6, 0xdb, 0x0e, 0xb2, 0x9e, 0x65, 0x28, 0x9b, 0xae,
- 0xe3, 0x1b, 0x6c, 0xc8, 0x32, 0x7c, 0xcd, 0x05, 0xce, 0xb8, 0x1e, 0x30, 0x70, 0x24, 0xc3, 0x82,
- 0x5d, 0xcb, 0xb5, 0x6d, 0xf7, 0x23, 0xee, 0xba, 0xa5, 0xe8, 0x94, 0xb8, 0xcd, 0xa9, 0x58, 0x72,
- 0xd1, 0x35, 0x28, 0x75, 0x59, 0x10, 0x75, 0xe5, 0x29, 0x54, 0x8a, 0x66, 0xbd, 0x23, 0xe9, 0x38,
- 0x94, 0x40, 0xd7, 0x61, 0x8a, 0x5a, 0x8e, 0x49, 0x9a, 0xc4, 0x74, 0x9d, 0x7d, 0xca, 0xbd, 0x2b,
- 0xdf, 0x98, 0x1d, 0xf4, 0x6b, 0x53, 0x4d, 0x85, 0x8e, 0x63, 0x52, 0xe8, 0x31, 0x94, 0xf9, 0xef,
- 0x5d, 0x4b, 0x26, 0x2b, 0x95, 0xd5, 0xdf, 0xc9, 0xf6, 0x29, 0x98, 0x46, 0xe3, 0x3c, 0x9b, 0x64,
- 0x33, 0x00, 0xc0, 0x11, 0x16, 0x5a, 0x05, 0x60, 0xd9, 0x27, 0xf5, 0x8d, 0x4e, 0x97, 0xf2, 0x0c,
- 0xa6, 0x14, 0x6d, 0x98, 0xdd, 0x90, 0x83, 0x15, 0x29, 0xf4, 0x2e, 0x94, 0x7d, 0xc3, 0xb2, 0xb7,
- 0x2d, 0x87, 0x50, 0x9e, 0xab, 0xe4, 0x85, 0x81, 0xdd, 0x80, 0x88, 0x23, 0x3e, 0xaa, 0x03, 0xd8,
- 0xcc, 0x4d, 0x1b, 0xc7, 0x3e, 0xa1, 0x3c, 0x17, 0xc9, 0x37, 0xa6, 0x19, 0xf8, 0x76, 0x48, 0xc5,
- 0x8a, 0x04, 0x5b, 0x75, 0xc7, 0xfd, 0xc8, 0xb0, 0xfc, 0x6a, 0x39, 0xbe, 0xea, 0x0f, 0xdc, 0xc7,
- 0x86, 0xe5, 0x63, 0xc9, 0x45, 0x6f, 0xc3, 0xe4, 0x91, 0x74, 0x6e, 0xe0, 0xa0, 0x15, 0x96, 0xf6,
- 0x05, 0x4e, 0x1d, 0xf0, 0xf4, 0x9f, 0x07, 0x81, 0xee, 0x61, 0xcf, 0xef, 0xf6, 0x7c, 0xf4, 0x3d,
- 0xc8, 0xf9, 0xae, 0x74, 0xe6, 0xb7, 0x94, 0x15, 0xac, 0xb3, 0xf2, 0x20, 0x0a, 0x68, 0x98, 0xb4,
- 0x88, 0x47, 0x1c, 0x93, 0x34, 0x8a, 0x83, 0x7e, 0x2d, 0xb7, 0xeb, 0xe2, 0x9c, 0xef, 0xa2, 0x27,
- 0x00, 0xdd, 0x1e, 0x3d, 0x68, 0x12, 0xd3, 0x23, 0xbe, 0x8c, 0x64, 0x57, 0xd3, 0x40, 0xb6, 0x5d,
- 0xd3, 0xb0, 0x93, 0x48, 0x7c, 0xd6, 0x3b, 0xa1, 0x3e, 0x56, 0xb0, 0xd0, 0x3e, 0x54, 0xac, 0x8e,
- 0xd1, 0x26, 0xdb, 0xc6, 0x1e, 0xb1, 0x99, 0x1b, 0xe5, 0x33, 0x9e, 0x73, 0x5b, 0xa1, 0x56, 0xb4,
- 0xbb, 0x23, 0x1a, 0xc5, 0x2a, 0xac, 0xfe, 0x27, 0x1a, 0xcc, 0xf3, 0xc5, 0xd8, 0x71, 0xa9, 0x2f,
- 0xf2, 0x3d, 0x7e, 0x02, 0xbe, 0x0d, 0x93, 0xec, 0x3c, 0x34, 0x9c, 0x7d, 0x1e, 0x0b, 0xca, 0x62,
- 0x2d, 0xd7, 0x05, 0x09, 0x07, 0x3c, 0x74, 0x19, 0x0a, 0x86, 0xd7, 0x16, 0xfb, 0xb5, 0xdc, 0x28,
- 0xb1, 0x50, 0xbc, 0xe6, 0xb5, 0x29, 0xe6, 0x54, 0xf6, 0xe1, 0xa8, 0xe9, 0x59, 0xdd, 0xa1, 0x1c,
- 0xbe, 0xc9, 0xa9, 0x58, 0x72, 0xf5, 0xdf, 0x4e, 0xc2, 0x94, 0x5a, 0x95, 0xbc, 0x86, 0xdc, 0xe3,
- 0x03, 0x28, 0x05, 0x59, 0xae, 0xfc, 0x6a, 0x2b, 0x19, 0x96, 0x56, 0xe4, 0xbc, 0x58, 0x2a, 0x36,
- 0xa6, 0xd8, 0x86, 0x0e, 0x7e, 0xe1, 0x10, 0x10, 0x11, 0x98, 0x95, 0x01, 0x8f, 0xec, 0x37, 0x8e,
- 0xf9, 0xda, 0xcb, 0x38, 0x95, 0xc9, 0xbf, 0x16, 0x06, 0xfd, 0xda, 0xec, 0x6e, 0x02, 0x00, 0x0f,
- 0x41, 0xa2, 0x35, 0x28, 0xb4, 0x3c, 0xb7, 0xc3, 0xcf, 0x8b, 0x8c, 0xd0, 0xfc, 0x0b, 0xdd, 0xf6,
- 0xdc, 0x0e, 0xe6, 0xaa, 0xe8, 0x09, 0x14, 0xf7, 0x78, 0x4a, 0x2f, 0x4f, 0x90, 0x4c, 0xc9, 0x52,
- 0xb2, 0x06, 0x68, 0x00, 0xfb, 0xa6, 0x82, 0x8c, 0x25, 0x1e, 0x5a, 0x89, 0x47, 0x9b, 0x22, 0xdf,
- 0x90, 0x33, 0x27, 0x45, 0x1a, 0xf4, 0x1d, 0xc8, 0x13, 0xe7, 0xa8, 0x3a, 0xc9, 0x3d, 0x7d, 0x31,
- 0x6d, 0x3a, 0x9b, 0xce, 0xd1, 0x23, 0xc3, 0x6b, 0x54, 0xe4, 0xa7, 0xcd, 0x6f, 0x3a, 0x47, 0x98,
- 0xe9, 0xa0, 0x43, 0xa8, 0x28, 0xcb, 0x53, 0x2d, 0x71, 0x88, 0xeb, 0x63, 0xa6, 0x2f, 0xa2, 0x86,
- 0x08, 0xf7, 0x8c, 0xf2, 0x05, 0xb0, 0x8a, 0x8e, 0x7e, 0xa6, 0xc1, 0x85, 0x7d, 0xd7, 0x3c, 0x24,
- 0x5e, 0xd3, 0x67, 0x25, 0x76, 0xfb, 0x58, 0x06, 0x14, 0x7e, 0x3e, 0x55, 0x56, 0x6f, 0x65, 0xb0,
- 0xbb, 0x91, 0xa6, 0xdf, 0xb8, 0x34, 0xe8, 0xd7, 0x2e, 0xa4, 0xb2, 0x70, 0xba, 0x45, 0x3e, 0x16,
- 0xca, 0xbf, 0x42, 0x72, 0x2c, 0x90, 0x79, 0x2c, 0xcd, 0x34, 0x7d, 0x31, 0x96, 0x54, 0x16, 0x4e,
- 0xb7, 0xa8, 0xff, 0xdb, 0x84, 0x3c, 0x58, 0x65, 0x69, 0xf8, 0x3e, 0x14, 0xfc, 0xe3, 0x6e, 0x50,
- 0x18, 0xd6, 0x82, 0x5c, 0x7d, 0xf7, 0xb8, 0x4b, 0x5e, 0xf4, 0x6b, 0x33, 0x8a, 0x28, 0x23, 0x61,
- 0x2e, 0xac, 0x78, 0x64, 0xee, 0x15, 0x7b, 0x64, 0x1d, 0x40, 0xac, 0x61, 0x8b, 0x55, 0xab, 0xf2,
- 0x44, 0x62, 0x07, 0xc4, 0x46, 0x48, 0xc5, 0x8a, 0x04, 0xda, 0x86, 0x7c, 0x5b, 0xe6, 0x7a, 0xd9,
- 0x4e, 0x87, 0x3b, 0x96, 0xaf, 0x8e, 0x61, 0x92, 0x79, 0xe8, 0x1d, 0xcb, 0xc7, 0x0c, 0x86, 0x95,
- 0x6d, 0xfc, 0xdc, 0xa5, 0xd5, 0x89, 0xcc, 0x79, 0x3c, 0xdf, 0xe6, 0x12, 0x2d, 0x3c, 0x3b, 0x39,
- 0x91, 0x62, 0x89, 0xc6, 0xa2, 0x35, 0xcb, 0x4f, 0xc8, 0xc7, 0xfe, 0x86, 0xe5, 0xc9, 0x7e, 0x83,
- 0x92, 0xde, 0x06, 0x1c, 0xac, 0x48, 0xa1, 0x1f, 0xc3, 0x94, 0xfc, 0x82, 0x22, 0x6c, 0x4d, 0x8e,
- 0x19, 0xb6, 0x44, 0x6a, 0xa2, 0x20, 0xe0, 0x18, 0x1e, 0xfa, 0x43, 0x98, 0xa4, 0xfc, 0x2f, 0x3a,
- 0xc6, 0x4e, 0x14, 0xba, 0xea, 0x02, 0x86, 0x9d, 0x1b, 0xc1, 0xa2, 0x38, 0x40, 0x45, 0x87, 0x7c,
- 0xd2, 0x2d, 0xab, 0x7d, 0xdf, 0xe8, 0xb2, 0x5d, 0xc7, 0x6c, 0xfc, 0x6e, 0xa6, 0x12, 0x40, 0x2a,
- 0xa9, 0x66, 0xd4, 0xd5, 0x92, 0x90, 0x58, 0x81, 0xd7, 0xff, 0x3d, 0x48, 0x80, 0x79, 0x60, 0x34,
- 0x52, 0xba, 0x15, 0xaf, 0xb8, 0xfa, 0x48, 0x1c, 0x66, 0xb9, 0xaf, 0xf2, 0x30, 0xd3, 0x3f, 0x9d,
- 0x0c, 0x36, 0xad, 0xa8, 0x12, 0x56, 0x60, 0xa2, 0x7b, 0x60, 0xd0, 0x60, 0xd7, 0x7e, 0x23, 0x48,
- 0xac, 0x77, 0x18, 0xf1, 0x45, 0xbf, 0x06, 0x22, 0x5b, 0x60, 0xbf, 0xb0, 0x90, 0xe4, 0x69, 0xb4,
- 0xe1, 0x98, 0xc4, 0xb6, 0xc9, 0xbe, 0x4c, 0x8c, 0xa3, 0x34, 0x3a, 0x60, 0xe0, 0x48, 0x06, 0xdd,
- 0x84, 0xa2, 0x47, 0x0c, 0xea, 0x3a, 0x72, 0x17, 0x2e, 0x05, 0xbe, 0x8d, 0x39, 0xf5, 0x05, 0xf3,
- 0x2e, 0x51, 0x76, 0xf3, 0xdf, 0x58, 0x4a, 0xa3, 0x77, 0x60, 0xb2, 0x73, 0x72, 0x6f, 0x2f, 0xe0,
- 0xa3, 0x16, 0x4c, 0x53, 0xdf, 0xf0, 0xfc, 0x30, 0x5f, 0x3d, 0x45, 0x8a, 0x8c, 0x06, 0xfd, 0xda,
- 0x74, 0x33, 0x86, 0x82, 0x13, 0xa8, 0xa8, 0x07, 0xf3, 0xa6, 0xdb, 0xe9, 0xda, 0x84, 0x1d, 0x81,
- 0x91, 0xb1, 0xe2, 0xd8, 0xc6, 0x2e, 0x0e, 0xfa, 0xb5, 0xf9, 0xf5, 0x61, 0x28, 0x9c, 0x86, 0x8f,
- 0x7e, 0x0f, 0x4a, 0xfb, 0x3d, 0xcf, 0x60, 0x44, 0x99, 0x6e, 0xbf, 0x19, 0x14, 0x18, 0x1b, 0x92,
- 0xfe, 0xa2, 0x5f, 0x3b, 0xcf, 0x32, 0xf4, 0x7a, 0x40, 0xc0, 0xa1, 0x0a, 0xda, 0x83, 0x45, 0x97,
- 0x27, 0xbf, 0xe2, 0xe8, 0x13, 0x09, 0x46, 0xb0, 0xbd, 0x65, 0x77, 0x50, 0x97, 0x80, 0x8b, 0x0f,
- 0x47, 0x4a, 0xe2, 0x13, 0x50, 0xd0, 0x1d, 0x28, 0x8a, 0x4d, 0x24, 0xa3, 0x62, 0xa6, 0xfc, 0x04,
- 0x44, 0x87, 0x97, 0xa9, 0x61, 0xa9, 0x8e, 0x9e, 0x42, 0x51, 0x98, 0x91, 0x21, 0xed, 0xfa, 0x78,
- 0x0d, 0x2f, 0x31, 0xfc, 0xe8, 0xfc, 0x14, 0xbf, 0xb1, 0xc4, 0x44, 0xbb, 0xbc, 0x5d, 0xc4, 0xce,
- 0xe5, 0x0a, 0xdf, 0x67, 0x59, 0x1a, 0x74, 0x4d, 0xa6, 0xb0, 0xe5, 0xb4, 0xdc, 0x58, 0x9b, 0x88,
- 0x9f, 0xca, 0x02, 0x8b, 0x9d, 0xca, 0xb6, 0xdb, 0x6e, 0x3a, 0x56, 0xb7, 0x4b, 0xfc, 0xea, 0x54,
- 0xfc, 0x54, 0xde, 0x0e, 0x39, 0x58, 0x91, 0xd2, 0x4d, 0x59, 0xb4, 0xab, 0xc3, 0x46, 0x0f, 0x94,
- 0xe2, 0xe4, 0xe6, 0x69, 0x26, 0xbe, 0xeb, 0xaa, 0xf5, 0x8a, 0xbe, 0x2d, 0xd3, 0xfd, 0xb8, 0x08,
- 0xba, 0x21, 0x8b, 0x8d, 0x0d, 0xab, 0x4d, 0xa8, 0x2f, 0xf7, 0x7e, 0xbc, 0x7a, 0x10, 0x2c, 0xac,
- 0xca, 0xe9, 0xbf, 0x29, 0xc0, 0x79, 0x09, 0x27, 0x52, 0x01, 0x74, 0x23, 0x16, 0xf3, 0xdf, 0x4c,
- 0xc4, 0xfc, 0xb9, 0x98, 0xb0, 0x12, 0xf5, 0x3d, 0x98, 0x8e, 0xe7, 0x37, 0x32, 0xfa, 0xdf, 0xcc,
- 0x9c, 0x4a, 0xc5, 0x90, 0xc5, 0xd6, 0x8d, 0x27, 0x52, 0x38, 0x61, 0x81, 0xd9, 0x8c, 0xe7, 0x31,
- 0x32, 0x47, 0xbf, 0x99, 0x39, 0x65, 0x4a, 0xb1, 0x19, 0x4f, 0x98, 0x70, 0xc2, 0x02, 0xb3, 0x69,
- 0xf6, 0xa8, 0xef, 0x76, 0x42, 0x9b, 0x85, 0xcc, 0x36, 0xd7, 0xb9, 0x62, 0x8a, 0xcd, 0xf5, 0x18,
- 0x22, 0x4e, 0x58, 0x40, 0xbf, 0xd2, 0xe0, 0xe2, 0x87, 0xc4, 0x39, 0xb4, 0x1c, 0xba, 0x63, 0x75,
- 0x89, 0x6d, 0x39, 0xd1, 0x8c, 0xc5, 0xa1, 0xf8, 0xfb, 0x19, 0xac, 0xdf, 0x8b, 0x23, 0xc4, 0x87,
- 0xf1, 0x8d, 0x41, 0xbf, 0x76, 0xf1, 0x5e, 0xba, 0x0d, 0x3c, 0xca, 0xb8, 0xfe, 0xd3, 0x09, 0xe9,
- 0xf1, 0x6a, 0xc8, 0x52, 0x0f, 0x79, 0xed, 0x25, 0x87, 0xbc, 0x07, 0xd3, 0xfc, 0x9a, 0xcb, 0x32,
- 0x65, 0xa7, 0x7f, 0x0c, 0xaf, 0xb9, 0x13, 0x53, 0x14, 0xd1, 0x92, 0xaf, 0x66, 0x9c, 0x81, 0x13,
- 0x16, 0x90, 0x03, 0xe7, 0x05, 0x78, 0x60, 0x32, 0x9f, 0xf9, 0xc2, 0xe2, 0x8e, 0xe5, 0xdf, 0x0d,
- 0xf5, 0x84, 0xc5, 0xb9, 0x41, 0xbf, 0x76, 0x3e, 0x46, 0xc7, 0x71, 0x78, 0xd4, 0x83, 0x59, 0xbe,
- 0xe3, 0xd6, 0x0f, 0x0c, 0xa7, 0x2d, 0x96, 0x5d, 0xfa, 0xcc, 0xfb, 0x59, 0x33, 0x48, 0xa1, 0x2a,
- 0x0c, 0xf2, 0xda, 0x72, 0x2b, 0x01, 0x88, 0x87, 0x4c, 0xc8, 0x69, 0xda, 0x46, 0x38, 0xcd, 0x89,
- 0x71, 0xa6, 0xb9, 0x6d, 0xa4, 0x4f, 0x33, 0xa2, 0xe3, 0x38, 0x3c, 0xfa, 0x09, 0xcc, 0xee, 0x25,
- 0x6e, 0x87, 0x64, 0x10, 0xbd, 0x95, 0xa9, 0x00, 0x48, 0xb9, 0x58, 0x12, 0x73, 0x4d, 0xb2, 0xf0,
- 0x90, 0x1d, 0xfd, 0xd7, 0x05, 0x40, 0xc3, 0x6d, 0x6c, 0x74, 0x3d, 0x76, 0x94, 0x5d, 0x49, 0x1c,
- 0x65, 0xb3, 0xaa, 0x86, 0x72, 0x92, 0x3d, 0x85, 0xa2, 0x18, 0xef, 0x18, 0x6d, 0x05, 0x39, 0x10,
- 0x09, 0x96, 0xe6, 0x14, 0x12, 0x93, 0x65, 0xd6, 0xd2, 0x1f, 0xa5, 0xdf, 0x9d, 0x02, 0x3e, 0xcd,
- 0xcb, 0x03, 0x54, 0x74, 0x20, 0x03, 0x81, 0xf0, 0x05, 0xe9, 0x69, 0x37, 0xc6, 0xf3, 0xb4, 0xc0,
- 0xd0, 0x4c, 0x18, 0x3b, 0x04, 0x1d, 0xab, 0xd0, 0x72, 0xa1, 0x6c, 0x63, 0x4f, 0xba, 0xd6, 0x19,
- 0x16, 0x4a, 0x71, 0x2b, 0x89, 0x89, 0x08, 0x94, 0xc3, 0xef, 0x2c, 0x1d, 0xe9, 0x14, 0x06, 0xd2,
- 0x3d, 0x28, 0x42, 0xd6, 0xff, 0xa5, 0x08, 0x4a, 0x16, 0x8f, 0xbe, 0x0f, 0xd3, 0x94, 0x78, 0x47,
- 0x96, 0x49, 0xd6, 0x4c, 0xd3, 0xed, 0x39, 0x41, 0x24, 0x0d, 0x6f, 0x5a, 0x9b, 0x31, 0x2e, 0x4e,
- 0x48, 0xf3, 0xbb, 0x3d, 0x1e, 0x30, 0xa4, 0xf3, 0x64, 0xbf, 0xdb, 0x4b, 0x14, 0x89, 0xb2, 0x51,
- 0x25, 0xd1, 0x62, 0xdd, 0xae, 0xfc, 0xab, 0xee, 0x76, 0xfd, 0x18, 0x4a, 0x34, 0x1e, 0xcd, 0xbe,
- 0x9d, 0x3d, 0x51, 0x91, 0x01, 0x24, 0x6c, 0x8f, 0x87, 0x51, 0x23, 0xc4, 0x64, 0x8b, 0x22, 0xf3,
- 0xbf, 0x89, 0xf1, 0x16, 0xe5, 0x25, 0x99, 0xdf, 0x1f, 0x40, 0xd9, 0x23, 0x62, 0x81, 0xa8, 0x74,
- 0x91, 0xd4, 0x12, 0x18, 0x4b, 0x21, 0x4c, 0x9e, 0xf5, 0x2c, 0x8f, 0x74, 0x88, 0xe3, 0xd3, 0xa8,
- 0xc0, 0x09, 0xb8, 0x14, 0x47, 0x68, 0xe8, 0x43, 0x80, 0x6e, 0xd8, 0x4f, 0x95, 0xe5, 0x75, 0xe6,
- 0xec, 0x2d, 0xde, 0x89, 0x8d, 0xd2, 0xc6, 0x88, 0x8e, 0x15, 0x74, 0xf4, 0x01, 0x5c, 0x8a, 0x2a,
- 0x84, 0x0d, 0x62, 0xec, 0xf3, 0x18, 0x2b, 0xaf, 0x12, 0x44, 0x73, 0xfd, 0x9b, 0x83, 0x7e, 0xed,
- 0xd2, 0xfa, 0x28, 0x21, 0x3c, 0x5a, 0x1f, 0x75, 0x60, 0xca, 0x71, 0xf7, 0x49, 0x93, 0xd8, 0xc4,
- 0xf4, 0x5d, 0x4f, 0xa6, 0xf2, 0x59, 0x4a, 0x6d, 0xd1, 0x14, 0x32, 0xec, 0x07, 0x8a, 0xba, 0x68,
- 0x1c, 0xa8, 0x14, 0x1c, 0x83, 0xd7, 0xff, 0x5c, 0x83, 0x94, 0xab, 0xfb, 0x98, 0xfb, 0x6a, 0xaf,
- 0xda, 0x7d, 0xbf, 0x05, 0x45, 0x1a, 0x75, 0xef, 0xd5, 0x26, 0xb5, 0x68, 0x6d, 0x48, 0xae, 0xfe,
- 0x0f, 0x1a, 0x2c, 0xa4, 0xf5, 0x0f, 0x98, 0x1f, 0x85, 0xdd, 0x02, 0x39, 0xbc, 0xec, 0xad, 0x14,
- 0xf5, 0xbe, 0x49, 0x40, 0xe0, 0x08, 0x8d, 0x9d, 0x27, 0xfb, 0x84, 0xfa, 0x96, 0xc3, 0xcb, 0xb6,
- 0x0d, 0xcb, 0x93, 0x63, 0x0c, 0xcf, 0x93, 0x8d, 0x18, 0x17, 0x27, 0xa4, 0xf5, 0x5f, 0x14, 0x60,
- 0x3e, 0x25, 0x6d, 0x44, 0x9b, 0xb2, 0x73, 0x3c, 0xc6, 0xa5, 0x47, 0x78, 0xd5, 0x1e, 0xeb, 0x1e,
- 0x43, 0xb7, 0x67, 0xdb, 0x67, 0xbb, 0xfc, 0x08, 0xf4, 0xb1, 0x82, 0x15, 0xb4, 0x82, 0xf3, 0xa7,
- 0x68, 0x05, 0xdf, 0x03, 0x44, 0x3e, 0xee, 0xba, 0x94, 0xc8, 0xf4, 0xdf, 0xe5, 0x21, 0xa0, 0xc0,
- 0xdb, 0x12, 0xe1, 0xfb, 0x90, 0xcd, 0x21, 0x09, 0x9c, 0xa2, 0x85, 0x96, 0xa1, 0xdc, 0x72, 0x3d,
- 0x93, 0xb0, 0x51, 0xf2, 0xd3, 0x47, 0xe9, 0x6c, 0xdc, 0x0e, 0x18, 0x38, 0x92, 0x41, 0x4f, 0xa2,
- 0xce, 0x57, 0x31, 0xf3, 0x85, 0x8d, 0x98, 0x33, 0xdf, 0xec, 0xa3, 0x5b, 0x5e, 0x6b, 0x30, 0xc3,
- 0x15, 0xd6, 0x76, 0xb6, 0x82, 0x9e, 0xba, 0x78, 0x13, 0x74, 0x51, 0xaa, 0x88, 0x7e, 0x6a, 0xc4,
- 0xc6, 0x49, 0x79, 0xfd, 0x79, 0x01, 0xe6, 0x53, 0x8a, 0xa5, 0xf0, 0x1e, 0x41, 0x3b, 0xcb, 0x3d,
- 0xc2, 0x57, 0xe5, 0x09, 0xef, 0xc0, 0xa4, 0xe3, 0xae, 0x1b, 0xe6, 0x01, 0x91, 0x37, 0xa9, 0xe1,
- 0x12, 0x3d, 0x10, 0x64, 0x1c, 0xf0, 0x03, 0xa7, 0x29, 0x9c, 0xc2, 0x69, 0xc6, 0xfe, 0xd0, 0xdf,
- 0x0f, 0x0a, 0xd6, 0x96, 0x65, 0x93, 0x1d, 0xc3, 0x3f, 0x90, 0xad, 0xd7, 0x68, 0x67, 0xc6, 0xb8,
- 0x38, 0x21, 0x8d, 0x7e, 0x00, 0x65, 0xf1, 0x79, 0xbc, 0x36, 0xcd, 0x70, 0xe3, 0x11, 0x0e, 0xa6,
- 0x11, 0x28, 0xe1, 0x48, 0x1f, 0x75, 0xe1, 0x22, 0xcf, 0xac, 0xd8, 0x99, 0xdb, 0xb1, 0x7e, 0xc2,
- 0xb7, 0xbf, 0x7c, 0x62, 0x21, 0x7a, 0x39, 0x37, 0x59, 0x7d, 0xb6, 0x95, 0x2e, 0xf2, 0x62, 0x34,
- 0x0b, 0x8f, 0x82, 0xd5, 0x7f, 0xa1, 0x41, 0xfa, 0x3d, 0x45, 0x7c, 0x62, 0xda, 0x19, 0x27, 0xf6,
- 0x76, 0xf4, 0xf1, 0x45, 0x5f, 0xb1, 0x92, 0xf6, 0xe1, 0xf5, 0xbf, 0xd0, 0x60, 0x3e, 0xa5, 0x9e,
- 0xfb, 0x7a, 0xc4, 0x8d, 0xcf, 0x73, 0xc9, 0xc1, 0x6d, 0x1e, 0x11, 0xc7, 0x3f, 0xdd, 0xed, 0xc8,
- 0xa6, 0xb8, 0x93, 0xc8, 0xc9, 0xf6, 0x62, 0xa6, 0x62, 0x8c, 0x37, 0xaa, 0xe2, 0x97, 0x11, 0x67,
- 0x38, 0x5e, 0x47, 0x5f, 0x7e, 0x15, 0x5e, 0xf7, 0xe5, 0x97, 0xfe, 0x8f, 0x1a, 0x4c, 0xc7, 0x2f,
- 0x5d, 0xd0, 0x37, 0x21, 0xdf, 0xf3, 0x2c, 0xb9, 0xa8, 0xe1, 0xe8, 0x7f, 0x88, 0xb7, 0x30, 0xa3,
- 0x33, 0xb6, 0x47, 0x5a, 0xf2, 0x8b, 0x85, 0x6c, 0x4c, 0x5a, 0x98, 0xd1, 0x11, 0x81, 0x4a, 0xd7,
- 0x73, 0x3f, 0x3e, 0x16, 0xc1, 0x78, 0x8c, 0x07, 0x76, 0x3b, 0x91, 0x56, 0xd4, 0x36, 0x53, 0x88,
- 0x58, 0xc5, 0xe5, 0x69, 0xce, 0x70, 0x33, 0xe0, 0xeb, 0xe1, 0xae, 0xff, 0xad, 0xc1, 0xa4, 0x74,
- 0x1a, 0xf4, 0x0c, 0xa6, 0xdb, 0xb1, 0xe5, 0x1d, 0x63, 0x58, 0x89, 0xcb, 0xb0, 0xf0, 0x5c, 0x8c,
- 0xd3, 0x71, 0xc2, 0x00, 0xfa, 0x63, 0x98, 0x6b, 0x5b, 0x7e, 0x7c, 0x4e, 0x63, 0xdc, 0x04, 0xde,
- 0x49, 0xea, 0x36, 0x2e, 0x49, 0xc3, 0x73, 0x43, 0x2c, 0x3c, 0x6c, 0x49, 0xff, 0x54, 0x7c, 0x99,
- 0x44, 0xff, 0xe2, 0x7f, 0xe3, 0x89, 0xea, 0xdf, 0xe7, 0x60, 0x78, 0xc8, 0xec, 0x2b, 0x9a, 0xa2,
- 0xa8, 0xd0, 0x52, 0x5f, 0x45, 0x4b, 0x2e, 0x2b, 0xae, 0x0d, 0xfe, 0xac, 0x78, 0x8c, 0xb5, 0x13,
- 0xa6, 0xd6, 0x5d, 0xc7, 0xf7, 0x5c, 0xfb, 0x87, 0x94, 0x78, 0xca, 0x5b, 0x5e, 0x8e, 0x85, 0x25,
- 0x26, 0x2b, 0xae, 0xcd, 0xe0, 0x69, 0xf0, 0x18, 0xaf, 0x2c, 0x87, 0x0d, 0x28, 0xd9, 0xaf, 0x84,
- 0xc3, 0x11, 0xf2, 0x18, 0xd7, 0x3d, 0xfa, 0xcf, 0x34, 0x98, 0x4d, 0xf6, 0xba, 0x98, 0x3e, 0x8f,
- 0x5f, 0x5b, 0x1b, 0xc9, 0x4e, 0xe2, 0x96, 0x20, 0xe3, 0x80, 0x8f, 0xee, 0xc1, 0x24, 0xcb, 0x63,
- 0xb0, 0x3c, 0x1b, 0x32, 0x66, 0x41, 0x3c, 0x1a, 0xdd, 0x16, 0x7a, 0x38, 0x00, 0xd0, 0xff, 0x4e,
- 0x03, 0x34, 0xdc, 0x0d, 0x41, 0x3b, 0xb0, 0x60, 0x1b, 0xd4, 0x0f, 0x2f, 0xe2, 0xb6, 0x62, 0x43,
- 0xbb, 0x2c, 0x87, 0xb6, 0xb0, 0x9d, 0x22, 0x83, 0x53, 0x35, 0xc3, 0xbc, 0x2d, 0x77, 0xea, 0xbc,
- 0x4d, 0x6f, 0x02, 0x44, 0x4f, 0x83, 0xd0, 0x15, 0x28, 0x38, 0x46, 0x27, 0x08, 0x49, 0x61, 0xc6,
- 0xcf, 0xdf, 0x98, 0x73, 0x0e, 0x7a, 0x0b, 0x26, 0x8e, 0x0c, 0xbb, 0x17, 0x3c, 0xe2, 0x0f, 0x9f,
- 0xdd, 0x3d, 0x62, 0x44, 0x2c, 0x78, 0xfa, 0x5f, 0xe6, 0xa0, 0xa2, 0x5c, 0x5d, 0xbf, 0xaa, 0x6a,
- 0xe3, 0x31, 0x4c, 0x74, 0x0d, 0xff, 0x20, 0x78, 0x1c, 0xb8, 0x3a, 0xde, 0x05, 0x3a, 0xcb, 0xba,
- 0xa2, 0xf1, 0xb2, 0x5f, 0x14, 0x0b, 0xbc, 0x44, 0xf2, 0x9a, 0x7f, 0x85, 0xc9, 0xeb, 0x1b, 0x90,
- 0x33, 0x28, 0x4f, 0x48, 0xcb, 0xe2, 0x16, 0x66, 0x8d, 0xe2, 0x9c, 0x41, 0xf5, 0x9f, 0x6a, 0x30,
- 0x93, 0x18, 0x1b, 0x5a, 0x05, 0xa0, 0xe1, 0x2f, 0xf9, 0x09, 0xc2, 0xda, 0x3f, 0x92, 0xc3, 0x8a,
- 0xd4, 0x99, 0xeb, 0xc3, 0x7f, 0xd5, 0xe0, 0xf2, 0x49, 0x8d, 0x7d, 0x56, 0x75, 0xc8, 0xee, 0x7d,
- 0x98, 0xe7, 0x6a, 0xf1, 0xaa, 0xe3, 0x5e, 0x9c, 0x8d, 0x93, 0xf2, 0xe8, 0x06, 0x54, 0x14, 0x92,
- 0x1c, 0x60, 0x18, 0x23, 0x15, 0x75, 0xac, 0xca, 0x9d, 0x21, 0x45, 0xd1, 0xff, 0x59, 0x83, 0x85,
- 0xb4, 0xf6, 0x03, 0x6a, 0x07, 0xcf, 0x4b, 0x45, 0x5e, 0xda, 0x38, 0x65, 0x1b, 0xa3, 0xce, 0x1f,
- 0x99, 0x6e, 0x3a, 0xbe, 0x77, 0x9c, 0xfe, 0xf0, 0x74, 0xf1, 0x16, 0x40, 0x24, 0x83, 0x66, 0x21,
- 0x7f, 0x48, 0x8e, 0xc5, 0xc2, 0x61, 0xf6, 0x27, 0x5a, 0x88, 0x6d, 0x23, 0xb9, 0x6f, 0xbe, 0x9b,
- 0xbb, 0xa5, 0x7d, 0xb7, 0xf4, 0x67, 0x7f, 0x55, 0x3b, 0xf7, 0xc9, 0x17, 0x57, 0xce, 0xe9, 0xbf,
- 0xd4, 0x40, 0xcd, 0x20, 0xd0, 0xbb, 0x50, 0x3e, 0xf0, 0xfd, 0x2e, 0x27, 0xc9, 0x7b, 0x73, 0xfe,
- 0xc4, 0xf2, 0xee, 0xee, 0xee, 0x0e, 0x27, 0xe2, 0x88, 0x8f, 0xea, 0x00, 0xec, 0x07, 0x15, 0xd2,
- 0x85, 0xe8, 0xad, 0x0b, 0x93, 0x6e, 0x0a, 0x71, 0x45, 0x42, 0x24, 0xda, 0x42, 0x58, 0xfc, 0xdf,
- 0x8b, 0x4c, 0xb4, 0x85, 0x64, 0xc0, 0xd3, 0xff, 0x56, 0x83, 0xb9, 0xa1, 0x77, 0x1a, 0x68, 0x27,
- 0x4c, 0x2d, 0xc6, 0xed, 0x7e, 0x8c, 0x48, 0x42, 0xce, 0xec, 0xd7, 0xb7, 0x60, 0x41, 0x20, 0x72,
- 0xab, 0xd1, 0x9d, 0xf4, 0x4b, 0x0f, 0x38, 0xfd, 0xaf, 0x35, 0x80, 0xa8, 0x1e, 0x47, 0x7b, 0x30,
- 0x25, 0x86, 0x14, 0xcb, 0x7f, 0xb2, 0x4f, 0x70, 0x41, 0x9a, 0x98, 0x6a, 0x2a, 0x28, 0x38, 0x86,
- 0xc9, 0x6a, 0xcf, 0x8e, 0xdb, 0x73, 0x7c, 0xbe, 0xbb, 0x72, 0xf1, 0x57, 0xc8, 0xf7, 0x03, 0x06,
- 0x8e, 0x64, 0xf4, 0x4f, 0xf2, 0x30, 0x9f, 0x72, 0x01, 0xf9, 0xff, 0xba, 0xab, 0xf3, 0x0e, 0x4c,
- 0x8a, 0xc7, 0xa2, 0x34, 0x99, 0x0b, 0x88, 0xb7, 0xa4, 0x14, 0x07, 0x7c, 0xb4, 0x02, 0x15, 0xcb,
- 0x31, 0x45, 0xa3, 0xd6, 0x08, 0xaa, 0x79, 0x71, 0x17, 0x11, 0x91, 0xb1, 0x2a, 0x13, 0x2f, 0xff,
- 0x8b, 0x2f, 0x2f, 0xff, 0xf5, 0x1f, 0xc1, 0xdc, 0x50, 0x36, 0x93, 0x2d, 0x7c, 0x12, 0xfe, 0x0f,
- 0x58, 0x89, 0xf0, 0x29, 0xfe, 0xef, 0x4a, 0xf0, 0xf4, 0x5f, 0x69, 0x30, 0x9d, 0x48, 0xfb, 0x4e,
- 0x55, 0x2b, 0x3e, 0x54, 0x6b, 0xc5, 0xd3, 0x25, 0xcf, 0xb1, 0xaa, 0x51, 0xbf, 0x07, 0xe9, 0xef,
- 0x01, 0x93, 0x2b, 0xae, 0xbd, 0x7c, 0xc5, 0xf5, 0xdf, 0xe4, 0xa0, 0x1c, 0x3e, 0xa3, 0x40, 0xef,
- 0xc5, 0x56, 0xee, 0x92, 0xba, 0x72, 0x2f, 0xfa, 0x35, 0x21, 0xa8, 0x2c, 0xe3, 0x07, 0x50, 0x0e,
- 0x9f, 0xe1, 0x84, 0xb5, 0x70, 0xf6, 0xa7, 0x36, 0xe1, 0xa7, 0x0d, 0xdf, 0xf6, 0xe0, 0x08, 0x8f,
- 0xe5, 0x69, 0xc1, 0x3b, 0x99, 0xfb, 0x96, 0x6d, 0x5b, 0x54, 0xb6, 0xd2, 0xf3, 0xbc, 0x95, 0x1e,
- 0xe6, 0x69, 0x1b, 0x29, 0x32, 0x38, 0x55, 0x13, 0xed, 0xc0, 0x04, 0xf5, 0x49, 0x97, 0xca, 0xce,
- 0xd4, 0xbb, 0x99, 0x5e, 0x98, 0x90, 0x2e, 0xaf, 0xdb, 0x43, 0x17, 0x61, 0x14, 0x8a, 0x05, 0x90,
- 0xfe, 0x5f, 0x1a, 0x94, 0x02, 0x11, 0x74, 0x2d, 0xb6, 0x78, 0xd5, 0xc4, 0xe2, 0x71, 0xb9, 0xff,
- 0xb3, 0x6b, 0xa7, 0xf7, 0x35, 0x98, 0x8e, 0x5f, 0xca, 0x29, 0x95, 0xac, 0x76, 0x52, 0x25, 0x8b,
- 0xae, 0x41, 0xc9, 0xb0, 0x6d, 0xf7, 0xa3, 0x4d, 0xe7, 0x48, 0x76, 0x8f, 0xc2, 0x5b, 0xa6, 0x35,
- 0x49, 0xc7, 0xa1, 0x04, 0x3a, 0x82, 0x19, 0xa1, 0x17, 0xbd, 0x83, 0xca, 0x67, 0xbe, 0xec, 0x48,
- 0x0b, 0x36, 0x8d, 0x79, 0x96, 0x1e, 0x35, 0xe3, 0x98, 0x38, 0x69, 0xa4, 0x71, 0xf5, 0xf9, 0x97,
- 0x4b, 0xe7, 0x3e, 0xfb, 0x72, 0xe9, 0xdc, 0xe7, 0x5f, 0x2e, 0x9d, 0xfb, 0x64, 0xb0, 0xa4, 0x3d,
- 0x1f, 0x2c, 0x69, 0x9f, 0x0d, 0x96, 0xb4, 0xcf, 0x07, 0x4b, 0xda, 0x7f, 0x0c, 0x96, 0xb4, 0x3f,
- 0xfd, 0xcf, 0xa5, 0x73, 0x3f, 0xca, 0x1d, 0xad, 0xfc, 0x4f, 0x00, 0x00, 0x00, 0xff, 0xff, 0xf6,
- 0x63, 0xae, 0x93, 0x3f, 0x3d, 0x00, 0x00,
+ // 3895 bytes of a gzipped FileDescriptorProto
+ 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xdc, 0x5b, 0xcd, 0x6f, 0x1c, 0x47,
+ 0x76, 0x57, 0xcf, 0x0c, 0x87, 0x33, 0x6f, 0x28, 0x7e, 0x14, 0x25, 0x6b, 0xa4, 0xd5, 0x72, 0xe4,
+ 0x36, 0x6c, 0xc8, 0xb1, 0x3d, 0x5c, 0xd2, 0x92, 0xa2, 0xdd, 0x45, 0x36, 0xe0, 0x90, 0x94, 0x4c,
+ 0x2d, 0x25, 0x11, 0x35, 0x5c, 0xdb, 0x59, 0x1b, 0x9b, 0x34, 0x7b, 0x6a, 0x86, 0x6d, 0xf6, 0x74,
+ 0xb7, 0xbb, 0x7a, 0x68, 0x73, 0x81, 0x00, 0x46, 0x80, 0x85, 0xb1, 0xbb, 0x97, 0xec, 0x65, 0x91,
+ 0xe4, 0x92, 0x04, 0x41, 0x4e, 0x39, 0xe5, 0x10, 0x60, 0x81, 0xbd, 0x04, 0xc8, 0x1e, 0x74, 0xc8,
+ 0x61, 0x83, 0xe4, 0x60, 0x20, 0x8b, 0x41, 0x3c, 0x39, 0xe4, 0x7f, 0x50, 0x2e, 0x41, 0x7d, 0x74,
+ 0x77, 0x75, 0x4f, 0x0f, 0xd5, 0x43, 0x6a, 0x15, 0x27, 0x37, 0xce, 0xfb, 0xf8, 0xbd, 0xaa, 0xea,
+ 0x57, 0xf5, 0x3e, 0xaa, 0x08, 0x6b, 0x3d, 0x2b, 0x38, 0x1c, 0x1c, 0x34, 0x4d, 0xb7, 0xbf, 0xea,
+ 0x7a, 0xc4, 0xa1, 0x87, 0x56, 0x37, 0x58, 0x35, 0x3c, 0x6b, 0xf5, 0x60, 0x60, 0xd9, 0x9d, 0xd5,
+ 0xe3, 0xb5, 0xd5, 0x1e, 0x71, 0x88, 0x6f, 0x04, 0xa4, 0xd3, 0xf4, 0x7c, 0x37, 0x70, 0xd1, 0xcb,
+ 0xb1, 0x4a, 0x33, 0x52, 0x69, 0x1a, 0x9e, 0xd5, 0xe4, 0x2a, 0xcd, 0xe3, 0xb5, 0x6b, 0x6f, 0x29,
+ 0xa8, 0x3d, 0xb7, 0xe7, 0xae, 0x72, 0xcd, 0x83, 0x41, 0x97, 0xff, 0xe2, 0x3f, 0xf8, 0x5f, 0x02,
+ 0xf1, 0x9a, 0x7e, 0x74, 0x97, 0x36, 0x2d, 0x97, 0x9b, 0x35, 0x5d, 0x9f, 0x64, 0x58, 0xbd, 0x76,
+ 0x2b, 0x96, 0xe9, 0x1b, 0xe6, 0xa1, 0xe5, 0x10, 0xff, 0x64, 0xd5, 0x3b, 0xea, 0x31, 0x02, 0x5d,
+ 0xed, 0x93, 0xc0, 0xc8, 0xd2, 0x5a, 0x9d, 0xa4, 0xe5, 0x0f, 0x9c, 0xc0, 0xea, 0x93, 0x31, 0x85,
+ 0x3b, 0xcf, 0x52, 0xa0, 0xe6, 0x21, 0xe9, 0x1b, 0x63, 0x7a, 0x6f, 0x4f, 0xd2, 0x1b, 0x04, 0x96,
+ 0xbd, 0x6a, 0x39, 0x01, 0x0d, 0xfc, 0xb4, 0x92, 0xfe, 0x8f, 0x25, 0xb8, 0xda, 0xb2, 0x1c, 0xc3,
+ 0x3f, 0x69, 0xb1, 0x95, 0xc3, 0xe4, 0xe3, 0x01, 0xa1, 0xc1, 0x63, 0x2f, 0xb0, 0x5c, 0x87, 0xa2,
+ 0x3f, 0x82, 0x0a, 0x9b, 0x56, 0xc7, 0x08, 0x8c, 0xba, 0x76, 0x43, 0xbb, 0x59, 0x5b, 0xff, 0x46,
+ 0x53, 0x58, 0x69, 0xaa, 0x56, 0x9a, 0xde, 0x51, 0x8f, 0x11, 0x68, 0x93, 0x49, 0x37, 0x8f, 0xd7,
+ 0x9a, 0x8f, 0x0f, 0x3e, 0x22, 0x66, 0xf0, 0x90, 0x04, 0x46, 0x0b, 0x3d, 0x19, 0x36, 0x2e, 0x8c,
+ 0x86, 0x0d, 0x88, 0x69, 0x38, 0x42, 0x45, 0xaf, 0x41, 0xd9, 0xa0, 0xf7, 0x2c, 0x9b, 0xd4, 0x0b,
+ 0x37, 0xb4, 0x9b, 0xd5, 0xd6, 0xbc, 0x94, 0x2e, 0x6f, 0x70, 0x2a, 0x96, 0x5c, 0x74, 0x07, 0xe6,
+ 0x7d, 0x72, 0x6c, 0x51, 0xcb, 0x75, 0x36, 0xdd, 0x7e, 0xdf, 0x0a, 0xea, 0xc5, 0xa4, 0xbc, 0xa0,
+ 0xe2, 0x94, 0x14, 0xfa, 0x26, 0x2c, 0x84, 0x94, 0x87, 0x84, 0x52, 0xa3, 0x47, 0xea, 0x25, 0xae,
+ 0xb8, 0x20, 0x15, 0x67, 0x25, 0x19, 0xa7, 0xe5, 0x50, 0x0b, 0x50, 0x48, 0xda, 0x18, 0x04, 0x87,
+ 0xae, 0xff, 0xc8, 0xe8, 0x93, 0xfa, 0x0c, 0xd7, 0x8e, 0x26, 0x15, 0x73, 0x70, 0x86, 0x34, 0xda,
+ 0x86, 0xe5, 0x24, 0x75, 0xbb, 0x6f, 0x58, 0x76, 0xbd, 0xcc, 0x41, 0x96, 0x25, 0x48, 0x4d, 0x61,
+ 0xe1, 0x2c, 0x79, 0xf4, 0x5d, 0xb8, 0x9c, 0x9c, 0x57, 0x40, 0xc4, 0x68, 0x66, 0x39, 0xd0, 0x65,
+ 0x09, 0x74, 0x31, 0xc1, 0xc4, 0xd9, 0x3a, 0xe8, 0x11, 0xbc, 0x34, 0xc6, 0x10, 0xc3, 0xaa, 0x70,
+ 0xb4, 0x97, 0x24, 0xda, 0x7c, 0x92, 0x8b, 0x27, 0x68, 0xe9, 0xdf, 0x86, 0x25, 0xc5, 0x83, 0xda,
+ 0xee, 0xc0, 0x37, 0x89, 0xf2, 0x5d, 0xb5, 0xd3, 0xbe, 0xab, 0xfe, 0x13, 0x0d, 0x2e, 0xb7, 0xac,
+ 0xe0, 0x60, 0x60, 0x1e, 0x91, 0xe0, 0x3d, 0x72, 0xf0, 0x8e, 0xeb, 0x1e, 0x6d, 0x1a, 0x03, 0x4a,
+ 0xd0, 0xc7, 0x00, 0xa6, 0xdb, 0xef, 0xbb, 0x4e, 0xdb, 0x23, 0xa6, 0xf4, 0xbe, 0xdb, 0xcd, 0x67,
+ 0x6e, 0xfc, 0xe6, 0x26, 0x57, 0x52, 0xa1, 0x5a, 0xd7, 0xa4, 0x71, 0x34, 0xce, 0xc3, 0x8a, 0x11,
+ 0xfd, 0x67, 0x05, 0x98, 0xe1, 0x93, 0x78, 0x01, 0x8e, 0xff, 0x08, 0x4a, 0x94, 0x4d, 0xac, 0xc0,
+ 0xd1, 0xdf, 0xcc, 0x31, 0x31, 0xb1, 0xbc, 0x1e, 0x31, 0x5b, 0x73, 0x12, 0xb9, 0xc4, 0x7e, 0x61,
+ 0x8e, 0x83, 0xde, 0x85, 0x32, 0x0d, 0x8c, 0x60, 0x40, 0xf9, 0xc6, 0xa8, 0xad, 0x37, 0x73, 0x23,
+ 0x72, 0xad, 0xf8, 0x03, 0x89, 0xdf, 0x58, 0xa2, 0xe9, 0x7f, 0x53, 0x80, 0x1a, 0x97, 0xdb, 0x74,
+ 0x9d, 0xae, 0xd5, 0x7b, 0x01, 0x2b, 0xb3, 0x9f, 0x58, 0x99, 0xf5, 0xbc, 0xf3, 0x10, 0xe3, 0x9b,
+ 0xb8, 0x3e, 0x1f, 0xa6, 0xd6, 0xe7, 0xd6, 0x94, 0xb8, 0xa7, 0xaf, 0xd2, 0xaf, 0x34, 0x58, 0x50,
+ 0xa4, 0x77, 0x2d, 0x1a, 0xa0, 0x0f, 0xc7, 0x56, 0xaa, 0x99, 0x6f, 0xa5, 0x98, 0x36, 0x5f, 0xa7,
+ 0x45, 0x69, 0xad, 0x12, 0x52, 0x94, 0x55, 0x6a, 0xc3, 0x8c, 0x15, 0x90, 0x3e, 0xad, 0x17, 0x6e,
+ 0x14, 0xa7, 0xf9, 0xdc, 0x62, 0x80, 0xad, 0x8b, 0x12, 0x7a, 0x66, 0x87, 0x81, 0x60, 0x81, 0xa5,
+ 0xff, 0xa6, 0x98, 0x98, 0x06, 0x5b, 0x3e, 0x64, 0x42, 0x25, 0xf0, 0xad, 0x5e, 0x8f, 0xf8, 0xb4,
+ 0xae, 0x71, 0x5b, 0xb7, 0xf3, 0xda, 0xda, 0x17, 0x7a, 0x7b, 0xae, 0x6d, 0x99, 0x27, 0xf1, 0x6c,
+ 0x24, 0x99, 0xe2, 0x08, 0x18, 0x6d, 0x40, 0xd5, 0x1f, 0x38, 0x42, 0x50, 0x46, 0x82, 0x57, 0xa4,
+ 0x78, 0x15, 0x87, 0x8c, 0xa7, 0xc3, 0xc6, 0xbc, 0x88, 0x52, 0x21, 0x05, 0xc7, 0x5a, 0xc8, 0x48,
+ 0x9c, 0x17, 0xe2, 0x23, 0xbf, 0x95, 0xfb, 0xbc, 0xe0, 0x7e, 0x13, 0xf9, 0x65, 0x4c, 0x53, 0xcf,
+ 0x07, 0xd4, 0x81, 0xeb, 0x74, 0x60, 0x9a, 0x84, 0xd2, 0xee, 0xc0, 0xe6, 0x23, 0xa1, 0xef, 0x58,
+ 0x34, 0x70, 0xfd, 0x93, 0x5d, 0x8b, 0x85, 0x24, 0x16, 0x59, 0x66, 0x5a, 0x37, 0x46, 0xc3, 0xc6,
+ 0xf5, 0xf6, 0x29, 0x72, 0xf8, 0x54, 0x14, 0xf4, 0x3e, 0xd4, 0xbb, 0x86, 0x65, 0x93, 0x4e, 0x86,
+ 0x85, 0x19, 0x6e, 0xe1, 0xfa, 0x68, 0xd8, 0xa8, 0xdf, 0x9b, 0x20, 0x83, 0x27, 0x6a, 0xeb, 0x0f,
+ 0x60, 0x69, 0xcc, 0xa5, 0xd1, 0x6d, 0xa8, 0xd9, 0x06, 0x0d, 0xde, 0x25, 0x3e, 0x3b, 0xdb, 0xb9,
+ 0xa7, 0x16, 0xe3, 0xd0, 0xb4, 0x1b, 0xb3, 0xb0, 0x2a, 0xa7, 0xff, 0x42, 0x83, 0x2a, 0x07, 0x7b,
+ 0x01, 0xbe, 0xfe, 0x30, 0xe9, 0xeb, 0x37, 0xf3, 0xfa, 0xdf, 0x04, 0x2f, 0x07, 0xa8, 0x88, 0x91,
+ 0xbb, 0x3d, 0xfd, 0xf3, 0x92, 0xf4, 0xf8, 0x5d, 0xb7, 0x17, 0x66, 0x3d, 0xab, 0x50, 0x35, 0x5d,
+ 0x27, 0x30, 0xd8, 0x90, 0x65, 0xf8, 0x5a, 0x0a, 0x9d, 0x71, 0x33, 0x64, 0xe0, 0x58, 0x86, 0x05,
+ 0xbb, 0xae, 0x6b, 0xdb, 0xee, 0x27, 0xdc, 0x75, 0x2b, 0xf1, 0x29, 0x71, 0x8f, 0x53, 0xb1, 0xe4,
+ 0xa2, 0x37, 0xa1, 0xe2, 0xb1, 0x20, 0xea, 0xca, 0x53, 0xa8, 0x12, 0xcf, 0x7a, 0x4f, 0xd2, 0x71,
+ 0x24, 0x81, 0x6e, 0xc1, 0x1c, 0xb5, 0x1c, 0x93, 0xb4, 0x89, 0xe9, 0x3a, 0x1d, 0xca, 0xbd, 0xab,
+ 0xd8, 0x5a, 0x1c, 0x0d, 0x1b, 0x73, 0x6d, 0x85, 0x8e, 0x13, 0x52, 0xe8, 0x3d, 0xa8, 0xf2, 0xdf,
+ 0xfb, 0x96, 0x4c, 0x56, 0x6a, 0xeb, 0xbf, 0x93, 0xef, 0x53, 0x30, 0x8d, 0xd6, 0x45, 0x36, 0xc9,
+ 0x76, 0x08, 0x80, 0x63, 0x2c, 0xb4, 0x0e, 0xc0, 0xb2, 0x4f, 0x1a, 0x18, 0x7d, 0x8f, 0xf2, 0x0c,
+ 0xa6, 0x12, 0x6f, 0x98, 0xfd, 0x88, 0x83, 0x15, 0x29, 0xf4, 0x06, 0x54, 0x03, 0xc3, 0xb2, 0x77,
+ 0x2d, 0x87, 0x50, 0x9e, 0xab, 0x14, 0x85, 0x81, 0xfd, 0x90, 0x88, 0x63, 0x3e, 0x6a, 0x02, 0xd8,
+ 0xcc, 0x4d, 0x5b, 0x27, 0x01, 0xa1, 0x3c, 0x17, 0x29, 0xb6, 0xe6, 0x19, 0xf8, 0x6e, 0x44, 0xc5,
+ 0x8a, 0x04, 0x5b, 0x75, 0xc7, 0xfd, 0xc4, 0xb0, 0x82, 0x7a, 0x35, 0xb9, 0xea, 0x8f, 0xdc, 0xf7,
+ 0x0c, 0x2b, 0xc0, 0x92, 0x8b, 0x5e, 0x85, 0xd9, 0x63, 0xe9, 0xdc, 0xc0, 0x41, 0x6b, 0x2c, 0xed,
+ 0x0b, 0x9d, 0x3a, 0xe4, 0xe9, 0x3f, 0x09, 0x03, 0xdd, 0xe3, 0x41, 0xe0, 0x0d, 0x02, 0xf4, 0x6d,
+ 0x28, 0x04, 0xae, 0x74, 0xe6, 0x57, 0x94, 0x15, 0x6c, 0xb2, 0xf2, 0x20, 0x0e, 0x68, 0x98, 0x74,
+ 0x89, 0x4f, 0x1c, 0x93, 0xb4, 0xca, 0xa3, 0x61, 0xa3, 0xb0, 0xef, 0xe2, 0x42, 0xe0, 0xa2, 0xf7,
+ 0x01, 0xbc, 0x01, 0x3d, 0x6c, 0x13, 0xd3, 0x27, 0x81, 0x8c, 0x64, 0x37, 0xb3, 0x40, 0x76, 0x5d,
+ 0xd3, 0xb0, 0xd3, 0x48, 0x7c, 0xd6, 0x7b, 0x91, 0x3e, 0x56, 0xb0, 0x50, 0x07, 0x6a, 0x56, 0xdf,
+ 0xe8, 0x91, 0x5d, 0xe3, 0x80, 0xd8, 0xcc, 0x8d, 0x8a, 0x39, 0xcf, 0xb9, 0x9d, 0x48, 0x2b, 0xde,
+ 0xdd, 0x31, 0x8d, 0x62, 0x15, 0x56, 0xff, 0x13, 0x0d, 0x96, 0xf9, 0x62, 0xec, 0xb9, 0x34, 0x10,
+ 0xf9, 0x1e, 0x3f, 0x01, 0x5f, 0x85, 0x59, 0x76, 0x1e, 0x1a, 0x4e, 0x87, 0xc7, 0x82, 0xaa, 0x58,
+ 0xcb, 0x4d, 0x41, 0xc2, 0x21, 0x0f, 0x5d, 0x87, 0x92, 0xe1, 0xf7, 0xc4, 0x7e, 0xad, 0xb6, 0x2a,
+ 0x2c, 0x14, 0x6f, 0xf8, 0x3d, 0x8a, 0x39, 0x95, 0x7d, 0x38, 0x6a, 0xfa, 0x96, 0x37, 0x96, 0xc3,
+ 0xb7, 0x39, 0x15, 0x4b, 0xae, 0xfe, 0xab, 0x59, 0x98, 0x53, 0xab, 0x92, 0x17, 0x90, 0x7b, 0x7c,
+ 0x00, 0x95, 0x30, 0xcb, 0x95, 0x5f, 0x6d, 0x2d, 0xc7, 0xd2, 0x8a, 0x9c, 0x17, 0x4b, 0xc5, 0xd6,
+ 0x1c, 0xdb, 0xd0, 0xe1, 0x2f, 0x1c, 0x01, 0x22, 0x02, 0x8b, 0x32, 0xe0, 0x91, 0x4e, 0xeb, 0x84,
+ 0xaf, 0xbd, 0x8c, 0x53, 0xb9, 0xfc, 0xeb, 0xd2, 0x68, 0xd8, 0x58, 0xdc, 0x4f, 0x01, 0xe0, 0x31,
+ 0x48, 0xb4, 0x01, 0xa5, 0xae, 0xef, 0xf6, 0xf9, 0x79, 0x91, 0x13, 0x9a, 0x7f, 0xa1, 0x7b, 0xbe,
+ 0xdb, 0xc7, 0x5c, 0x15, 0xbd, 0x0f, 0xe5, 0x03, 0x9e, 0xd2, 0xcb, 0x13, 0x24, 0x57, 0xb2, 0x94,
+ 0xae, 0x01, 0x5a, 0xc0, 0xbe, 0xa9, 0x20, 0x63, 0x89, 0x87, 0xd6, 0x92, 0xd1, 0xa6, 0xcc, 0x37,
+ 0xe4, 0xc2, 0x69, 0x91, 0x06, 0x7d, 0x13, 0x8a, 0xc4, 0x39, 0xae, 0xcf, 0x72, 0x4f, 0xbf, 0x96,
+ 0x35, 0x9d, 0x6d, 0xe7, 0xf8, 0x5d, 0xc3, 0x6f, 0xd5, 0xe4, 0xa7, 0x2d, 0x6e, 0x3b, 0xc7, 0x98,
+ 0xe9, 0xa0, 0x23, 0xa8, 0x29, 0xcb, 0x53, 0xaf, 0x70, 0x88, 0x5b, 0x53, 0xa6, 0x2f, 0xa2, 0x86,
+ 0x88, 0xf6, 0x8c, 0xf2, 0x05, 0xb0, 0x8a, 0x8e, 0x7e, 0xac, 0xc1, 0xe5, 0x8e, 0x6b, 0x1e, 0x11,
+ 0xbf, 0x1d, 0xb0, 0x12, 0xbb, 0x77, 0x22, 0x03, 0x0a, 0x3f, 0x9f, 0x6a, 0xeb, 0x77, 0x73, 0xd8,
+ 0xdd, 0xca, 0xd2, 0x6f, 0x5d, 0x1d, 0x0d, 0x1b, 0x97, 0x33, 0x59, 0x38, 0xdb, 0x22, 0x1f, 0x0b,
+ 0xe5, 0x5f, 0x21, 0x3d, 0x16, 0xc8, 0x3d, 0x96, 0x76, 0x96, 0xbe, 0x18, 0x4b, 0x26, 0x0b, 0x67,
+ 0x5b, 0xd4, 0xff, 0x6d, 0x46, 0x1e, 0xac, 0xb2, 0x34, 0x7c, 0x1b, 0x4a, 0xc1, 0x89, 0x17, 0x16,
+ 0x86, 0x8d, 0x30, 0x57, 0xdf, 0x3f, 0xf1, 0xc8, 0xd3, 0x61, 0x63, 0x41, 0x11, 0x65, 0x24, 0xcc,
+ 0x85, 0x15, 0x8f, 0x2c, 0x3c, 0x67, 0x8f, 0x6c, 0x02, 0x88, 0x35, 0xec, 0xb2, 0x6a, 0x55, 0x9e,
+ 0x48, 0xec, 0x80, 0xd8, 0x8a, 0xa8, 0x58, 0x91, 0x40, 0xbb, 0x50, 0xec, 0xc9, 0x5c, 0x2f, 0xdf,
+ 0xe9, 0x70, 0xdf, 0x0a, 0xd4, 0x31, 0xcc, 0x32, 0x0f, 0xbd, 0x6f, 0x05, 0x98, 0xc1, 0xb0, 0xb2,
+ 0x8d, 0x9f, 0xbb, 0xb4, 0x3e, 0x93, 0x3b, 0x8f, 0xe7, 0xdb, 0x5c, 0xa2, 0x45, 0x67, 0x27, 0x27,
+ 0x52, 0x2c, 0xd1, 0x58, 0xb4, 0x66, 0xf9, 0x09, 0xf9, 0x34, 0xd8, 0xb2, 0x7c, 0xd9, 0x6f, 0x50,
+ 0xd2, 0xdb, 0x90, 0x83, 0x15, 0x29, 0xf4, 0x03, 0x98, 0x93, 0x5f, 0x50, 0x84, 0xad, 0xd9, 0x29,
+ 0xc3, 0x96, 0x48, 0x4d, 0x14, 0x04, 0x9c, 0xc0, 0x43, 0x7f, 0x08, 0xb3, 0x94, 0xff, 0x45, 0xa7,
+ 0xd8, 0x89, 0x42, 0x57, 0x5d, 0xc0, 0xa8, 0x73, 0x23, 0x58, 0x14, 0x87, 0xa8, 0xe8, 0x88, 0x4f,
+ 0xba, 0x6b, 0xf5, 0x1e, 0x1a, 0x1e, 0xdb, 0x75, 0xcc, 0xc6, 0xef, 0xe6, 0x2a, 0x01, 0xa4, 0x92,
+ 0x6a, 0x46, 0x5d, 0x2d, 0x09, 0x89, 0x15, 0x78, 0xfd, 0xdf, 0xc3, 0x04, 0x98, 0x07, 0x46, 0x23,
+ 0xa3, 0x5b, 0xf1, 0x9c, 0xab, 0x8f, 0xd4, 0x61, 0x56, 0xf8, 0x6d, 0x1e, 0x66, 0xfa, 0xe7, 0xb3,
+ 0xe1, 0xa6, 0x15, 0x55, 0xc2, 0x1a, 0xcc, 0x78, 0x87, 0x06, 0x0d, 0x77, 0xed, 0xd7, 0xc2, 0xc4,
+ 0x7a, 0x8f, 0x11, 0x9f, 0x0e, 0x1b, 0x20, 0xb2, 0x05, 0xf6, 0x0b, 0x0b, 0x49, 0x9e, 0x46, 0x1b,
+ 0x8e, 0x49, 0x6c, 0x9b, 0x74, 0x64, 0x62, 0x1c, 0xa7, 0xd1, 0x21, 0x03, 0xc7, 0x32, 0xe8, 0x0e,
+ 0x94, 0x7d, 0x62, 0x50, 0xd7, 0x91, 0xbb, 0x70, 0x25, 0xf4, 0x6d, 0xcc, 0xa9, 0x4f, 0x99, 0x77,
+ 0x89, 0xb2, 0x9b, 0xff, 0xc6, 0x52, 0x1a, 0xbd, 0x0e, 0xb3, 0xfd, 0xd3, 0x7b, 0x7b, 0x21, 0x1f,
+ 0x75, 0x61, 0x9e, 0x06, 0x86, 0x1f, 0x44, 0xf9, 0xea, 0x19, 0x52, 0x64, 0x34, 0x1a, 0x36, 0xe6,
+ 0xdb, 0x09, 0x14, 0x9c, 0x42, 0x45, 0x03, 0x58, 0x36, 0xdd, 0xbe, 0x67, 0x13, 0x76, 0x04, 0xc6,
+ 0xc6, 0xca, 0x53, 0x1b, 0xbb, 0x32, 0x1a, 0x36, 0x96, 0x37, 0xc7, 0xa1, 0x70, 0x16, 0x3e, 0xfa,
+ 0x3d, 0xa8, 0x74, 0x06, 0xbe, 0xc1, 0x88, 0x32, 0xdd, 0x7e, 0x39, 0x2c, 0x30, 0xb6, 0x24, 0xfd,
+ 0xe9, 0xb0, 0x71, 0x91, 0x65, 0xe8, 0xcd, 0x90, 0x80, 0x23, 0x15, 0x74, 0x00, 0xd7, 0x5c, 0x9e,
+ 0xfc, 0x8a, 0xa3, 0x4f, 0x24, 0x18, 0xe1, 0xf6, 0x96, 0xdd, 0x41, 0x5d, 0x02, 0x5e, 0x7b, 0x3c,
+ 0x51, 0x12, 0x9f, 0x82, 0x82, 0xee, 0x43, 0x59, 0x6c, 0x22, 0x19, 0x15, 0x73, 0xe5, 0x27, 0x20,
+ 0x3a, 0xbc, 0x4c, 0x0d, 0x4b, 0x75, 0xf4, 0x21, 0x94, 0x85, 0x19, 0x19, 0xd2, 0x6e, 0x4d, 0xd7,
+ 0xf0, 0x12, 0xc3, 0x8f, 0xcf, 0x4f, 0xf1, 0x1b, 0x4b, 0x4c, 0xb4, 0xcf, 0xdb, 0x45, 0xec, 0x5c,
+ 0xae, 0xf1, 0x7d, 0x96, 0xa7, 0x41, 0xd7, 0x66, 0x0a, 0x3b, 0x4e, 0xd7, 0x4d, 0xb4, 0x89, 0xf8,
+ 0xa9, 0x2c, 0xb0, 0xd8, 0xa9, 0x6c, 0xbb, 0xbd, 0xb6, 0x63, 0x79, 0x1e, 0x09, 0xea, 0x73, 0xc9,
+ 0x53, 0x79, 0x37, 0xe2, 0x60, 0x45, 0x4a, 0x37, 0x65, 0xd1, 0xae, 0x0e, 0x1b, 0x3d, 0x52, 0x8a,
+ 0x93, 0x3b, 0x67, 0x99, 0xf8, 0xbe, 0xab, 0xd6, 0x2b, 0xfa, 0xae, 0x4c, 0xf7, 0x93, 0x22, 0xe8,
+ 0xb6, 0x2c, 0x36, 0xb6, 0xac, 0x1e, 0xa1, 0x81, 0xdc, 0xfb, 0xc9, 0xea, 0x41, 0xb0, 0xb0, 0x2a,
+ 0xa7, 0xff, 0xb2, 0x04, 0x17, 0x25, 0x9c, 0x48, 0x05, 0xd0, 0xed, 0x44, 0xcc, 0x7f, 0x39, 0x15,
+ 0xf3, 0x97, 0x12, 0xc2, 0x4a, 0xd4, 0xf7, 0x61, 0x3e, 0x99, 0xdf, 0xc8, 0xe8, 0x7f, 0x27, 0x77,
+ 0x2a, 0x95, 0x40, 0x16, 0x5b, 0x37, 0x99, 0x48, 0xe1, 0x94, 0x05, 0x66, 0x33, 0x99, 0xc7, 0xc8,
+ 0x1c, 0xfd, 0x4e, 0xee, 0x94, 0x29, 0xc3, 0x66, 0x32, 0x61, 0xc2, 0x29, 0x0b, 0xcc, 0xa6, 0x39,
+ 0xa0, 0x81, 0xdb, 0x8f, 0x6c, 0x96, 0x72, 0xdb, 0xdc, 0xe4, 0x8a, 0x19, 0x36, 0x37, 0x13, 0x88,
+ 0x38, 0x65, 0x01, 0xfd, 0x5c, 0x83, 0x2b, 0x1f, 0x11, 0xe7, 0xc8, 0x72, 0xe8, 0x9e, 0xe5, 0x11,
+ 0xdb, 0x72, 0xe2, 0x19, 0x8b, 0x43, 0xf1, 0xf7, 0x73, 0x58, 0x7f, 0x90, 0x44, 0x48, 0x0e, 0xe3,
+ 0x6b, 0xa3, 0x61, 0xe3, 0xca, 0x83, 0x6c, 0x1b, 0x78, 0x92, 0x71, 0xfd, 0x47, 0x33, 0xd2, 0xe3,
+ 0xd5, 0x90, 0xa5, 0x1e, 0xf2, 0xda, 0x33, 0x0e, 0x79, 0x1f, 0xe6, 0xf9, 0x35, 0x97, 0x65, 0xca,
+ 0x4e, 0xff, 0x14, 0x5e, 0x73, 0x3f, 0xa1, 0x28, 0xa2, 0x25, 0x5f, 0xcd, 0x24, 0x03, 0xa7, 0x2c,
+ 0x20, 0x07, 0x2e, 0x0a, 0xf0, 0xd0, 0x64, 0x31, 0xf7, 0x85, 0xc5, 0x7d, 0x2b, 0x78, 0x27, 0xd2,
+ 0x13, 0x16, 0x97, 0x46, 0xc3, 0xc6, 0xc5, 0x04, 0x1d, 0x27, 0xe1, 0xd1, 0x00, 0x16, 0xf9, 0x8e,
+ 0xdb, 0x3c, 0x34, 0x9c, 0x9e, 0x58, 0x76, 0xe9, 0x33, 0x6f, 0xe7, 0xcd, 0x20, 0x85, 0xaa, 0x30,
+ 0xc8, 0x6b, 0xcb, 0x9d, 0x14, 0x20, 0x1e, 0x33, 0x21, 0xa7, 0x69, 0x1b, 0xd1, 0x34, 0x67, 0xa6,
+ 0x99, 0xe6, 0xae, 0x91, 0x3d, 0xcd, 0x98, 0x8e, 0x93, 0xf0, 0xe8, 0x87, 0xb0, 0x78, 0x90, 0xba,
+ 0x1d, 0x92, 0x41, 0xf4, 0x6e, 0xae, 0x02, 0x20, 0xe3, 0x62, 0x49, 0xcc, 0x35, 0xcd, 0xc2, 0x63,
+ 0x76, 0xf4, 0x5f, 0x94, 0x00, 0x8d, 0xb7, 0xb1, 0xd1, 0xad, 0xc4, 0x51, 0x76, 0x23, 0x75, 0x94,
+ 0x2d, 0xaa, 0x1a, 0xca, 0x49, 0xf6, 0x21, 0x94, 0xc5, 0x78, 0xa7, 0x68, 0x2b, 0xc8, 0x81, 0x48,
+ 0xb0, 0x2c, 0xa7, 0x90, 0x98, 0x2c, 0xb3, 0x96, 0xfe, 0x28, 0xfd, 0xee, 0x0c, 0xf0, 0x59, 0x5e,
+ 0x1e, 0xa2, 0xa2, 0x43, 0x19, 0x08, 0x84, 0x2f, 0x48, 0x4f, 0xbb, 0x3d, 0x9d, 0xa7, 0x85, 0x86,
+ 0x16, 0xa2, 0xd8, 0x21, 0xe8, 0x58, 0x85, 0x96, 0x0b, 0x65, 0x1b, 0x07, 0xd2, 0xb5, 0xce, 0xb1,
+ 0x50, 0x8a, 0x5b, 0x49, 0x4c, 0x44, 0xa0, 0x1a, 0x7d, 0x67, 0xe9, 0x48, 0x67, 0x30, 0x90, 0xed,
+ 0x41, 0x31, 0xb2, 0xfe, 0xcf, 0x65, 0x50, 0xb2, 0x78, 0xf4, 0x1d, 0x98, 0xa7, 0xc4, 0x3f, 0xb6,
+ 0x4c, 0xb2, 0x61, 0x9a, 0xee, 0xc0, 0x09, 0x23, 0x69, 0x74, 0xd3, 0xda, 0x4e, 0x70, 0x71, 0x4a,
+ 0x9a, 0xdf, 0xed, 0xf1, 0x80, 0x21, 0x9d, 0x27, 0xff, 0xdd, 0x5e, 0xaa, 0x48, 0x94, 0x8d, 0x2a,
+ 0x89, 0x96, 0xe8, 0x76, 0x15, 0x9f, 0x77, 0xb7, 0xeb, 0x07, 0x50, 0xa1, 0xc9, 0x68, 0xf6, 0x8d,
+ 0xfc, 0x89, 0x8a, 0x0c, 0x20, 0x51, 0x7b, 0x3c, 0x8a, 0x1a, 0x11, 0x26, 0x5b, 0x14, 0x99, 0xff,
+ 0xcd, 0x4c, 0xb7, 0x28, 0xcf, 0xc8, 0xfc, 0xfe, 0x00, 0xaa, 0x3e, 0x11, 0x0b, 0x44, 0xa5, 0x8b,
+ 0x64, 0x96, 0xc0, 0x58, 0x0a, 0x61, 0xf2, 0xf1, 0xc0, 0xf2, 0x49, 0x9f, 0x38, 0x01, 0x8d, 0x0b,
+ 0x9c, 0x90, 0x4b, 0x71, 0x8c, 0x86, 0x3e, 0x02, 0xf0, 0xa2, 0x7e, 0xaa, 0x2c, 0xaf, 0x73, 0x67,
+ 0x6f, 0xc9, 0x4e, 0x6c, 0x9c, 0x36, 0xc6, 0x74, 0xac, 0xa0, 0xa3, 0x0f, 0xe0, 0x6a, 0x5c, 0x21,
+ 0x6c, 0x11, 0xa3, 0xc3, 0x63, 0xac, 0xbc, 0x4a, 0x10, 0xcd, 0xf5, 0xaf, 0x8f, 0x86, 0x8d, 0xab,
+ 0x9b, 0x93, 0x84, 0xf0, 0x64, 0x7d, 0xd4, 0x87, 0x39, 0xc7, 0xed, 0x90, 0x36, 0xb1, 0x89, 0x19,
+ 0xb8, 0xbe, 0x4c, 0xe5, 0xf3, 0x94, 0xda, 0xa2, 0x29, 0x64, 0xd8, 0x8f, 0x14, 0x75, 0xd1, 0x38,
+ 0x50, 0x29, 0x38, 0x01, 0xaf, 0xff, 0xb9, 0x06, 0x19, 0x57, 0xf7, 0x09, 0xf7, 0xd5, 0x9e, 0xb7,
+ 0xfb, 0xbe, 0x06, 0x65, 0x1a, 0x77, 0xef, 0xd5, 0x26, 0xb5, 0x68, 0x6d, 0x48, 0xae, 0xfe, 0xf7,
+ 0x1a, 0x5c, 0xca, 0xea, 0x1f, 0x30, 0x3f, 0x8a, 0xba, 0x05, 0x72, 0x78, 0xf9, 0x5b, 0x29, 0xea,
+ 0x7d, 0x93, 0x80, 0xc0, 0x31, 0x1a, 0x3b, 0x4f, 0x3a, 0x84, 0x06, 0x96, 0xc3, 0xcb, 0xb6, 0x2d,
+ 0xcb, 0x97, 0x63, 0x8c, 0xce, 0x93, 0xad, 0x04, 0x17, 0xa7, 0xa4, 0xf5, 0x9f, 0x96, 0x60, 0x39,
+ 0x23, 0x6d, 0x44, 0xdb, 0xb2, 0x73, 0x3c, 0xc5, 0xa5, 0x47, 0x74, 0xd5, 0x9e, 0xe8, 0x1e, 0x83,
+ 0x37, 0xb0, 0xed, 0xf3, 0x5d, 0x7e, 0x84, 0xfa, 0x58, 0xc1, 0x0a, 0x5b, 0xc1, 0xc5, 0x33, 0xb4,
+ 0x82, 0x1f, 0x00, 0x22, 0x9f, 0x7a, 0x2e, 0x25, 0x32, 0xfd, 0x77, 0x79, 0x08, 0x28, 0xf1, 0xb6,
+ 0x44, 0xf4, 0x3e, 0x64, 0x7b, 0x4c, 0x02, 0x67, 0x68, 0xa1, 0x55, 0xa8, 0x76, 0x5d, 0xdf, 0x24,
+ 0x6c, 0x94, 0xfc, 0xf4, 0x51, 0x3a, 0x1b, 0xf7, 0x42, 0x06, 0x8e, 0x65, 0xd0, 0xfb, 0x71, 0xe7,
+ 0xab, 0x9c, 0xfb, 0xc2, 0x46, 0xcc, 0x99, 0x6f, 0xf6, 0xc9, 0x2d, 0xaf, 0x0d, 0x58, 0xe0, 0x0a,
+ 0x1b, 0x7b, 0x3b, 0x61, 0x4f, 0x5d, 0xbc, 0x09, 0xba, 0x22, 0x55, 0x44, 0x3f, 0x35, 0x66, 0xe3,
+ 0xb4, 0xbc, 0xfe, 0xa4, 0x04, 0xcb, 0x19, 0xc5, 0x52, 0x74, 0x8f, 0xa0, 0x9d, 0xe7, 0x1e, 0xe1,
+ 0xb7, 0xe5, 0x09, 0xaf, 0xc3, 0xac, 0xe3, 0x6e, 0x1a, 0xe6, 0x21, 0x91, 0x37, 0xa9, 0xd1, 0x12,
+ 0x3d, 0x12, 0x64, 0x1c, 0xf2, 0x43, 0xa7, 0x29, 0x9d, 0xc1, 0x69, 0xa6, 0xfe, 0xd0, 0xdf, 0x09,
+ 0x0b, 0xd6, 0xae, 0x65, 0x93, 0x3d, 0x23, 0x38, 0x94, 0xad, 0xd7, 0x78, 0x67, 0x26, 0xb8, 0x38,
+ 0x25, 0x8d, 0xbe, 0x0b, 0x55, 0xf1, 0x79, 0xfc, 0x1e, 0xcd, 0x71, 0xe3, 0x11, 0x0d, 0xa6, 0x15,
+ 0x2a, 0xe1, 0x58, 0x1f, 0x79, 0x70, 0x85, 0x67, 0x56, 0xec, 0xcc, 0xed, 0x5b, 0x3f, 0xe4, 0xdb,
+ 0x5f, 0x3e, 0xb1, 0x10, 0xbd, 0x9c, 0x3b, 0xac, 0x3e, 0xdb, 0xc9, 0x16, 0x79, 0x3a, 0x99, 0x85,
+ 0x27, 0xc1, 0xea, 0x3f, 0xd5, 0x20, 0xfb, 0x9e, 0x22, 0x39, 0x31, 0xed, 0x9c, 0x13, 0x7b, 0x35,
+ 0xfe, 0xf8, 0xa2, 0xaf, 0x58, 0xcb, 0xfa, 0xf0, 0xfa, 0x5f, 0x68, 0xb0, 0x9c, 0x51, 0xcf, 0x7d,
+ 0x35, 0xe2, 0xc6, 0x17, 0x85, 0xf4, 0xe0, 0xb6, 0x8f, 0x89, 0x13, 0x9c, 0xed, 0x76, 0x64, 0x5b,
+ 0xdc, 0x49, 0x14, 0x64, 0x7b, 0x31, 0x57, 0x31, 0xc6, 0x1b, 0x55, 0xc9, 0xcb, 0x88, 0x73, 0x1c,
+ 0xaf, 0x93, 0x2f, 0xbf, 0x4a, 0x2f, 0xfa, 0xf2, 0x4b, 0xff, 0x07, 0x0d, 0xe6, 0x93, 0x97, 0x2e,
+ 0xe8, 0xeb, 0x50, 0x1c, 0xf8, 0x96, 0x5c, 0xd4, 0x68, 0xf4, 0xdf, 0xc3, 0x3b, 0x98, 0xd1, 0x19,
+ 0xdb, 0x27, 0x5d, 0xf9, 0xc5, 0x22, 0x36, 0x26, 0x5d, 0xcc, 0xe8, 0x88, 0x40, 0xcd, 0xf3, 0xdd,
+ 0x4f, 0x4f, 0x44, 0x30, 0x9e, 0xe2, 0x81, 0xdd, 0x5e, 0xac, 0x15, 0xb7, 0xcd, 0x14, 0x22, 0x56,
+ 0x71, 0x79, 0x9a, 0x33, 0xde, 0x0c, 0xf8, 0x6a, 0xb8, 0xeb, 0x7f, 0x6b, 0x30, 0x2b, 0x9d, 0x06,
+ 0x7d, 0x0c, 0xf3, 0xbd, 0xc4, 0xf2, 0x4e, 0x31, 0xac, 0xd4, 0x65, 0x58, 0x74, 0x2e, 0x26, 0xe9,
+ 0x38, 0x65, 0x00, 0xfd, 0x31, 0x2c, 0xf5, 0xac, 0x20, 0x39, 0xa7, 0x29, 0x6e, 0x02, 0xef, 0xa7,
+ 0x75, 0x5b, 0x57, 0xa5, 0xe1, 0xa5, 0x31, 0x16, 0x1e, 0xb7, 0xa4, 0x7f, 0x2e, 0xbe, 0x4c, 0xaa,
+ 0x7f, 0xf1, 0xbf, 0xf1, 0x44, 0xf5, 0xef, 0x0a, 0x30, 0x3e, 0x64, 0xf6, 0x15, 0x4d, 0x51, 0x54,
+ 0x68, 0x99, 0xaf, 0xa2, 0x25, 0x97, 0x15, 0xd7, 0x06, 0x7f, 0x56, 0x3c, 0xc5, 0xda, 0x09, 0x53,
+ 0x9b, 0xae, 0x13, 0xf8, 0xae, 0xfd, 0x3d, 0x4a, 0x7c, 0xe5, 0x2d, 0x2f, 0xc7, 0xc2, 0x12, 0x93,
+ 0x15, 0xd7, 0x66, 0xf8, 0x34, 0x78, 0x8a, 0x57, 0x96, 0xe3, 0x06, 0x94, 0xec, 0x57, 0xc2, 0xe1,
+ 0x18, 0x79, 0x8a, 0xeb, 0x1e, 0xfd, 0xc7, 0x1a, 0x2c, 0xa6, 0x7b, 0x5d, 0x4c, 0x9f, 0xc7, 0xaf,
+ 0x9d, 0xad, 0x74, 0x27, 0x71, 0x47, 0x90, 0x71, 0xc8, 0x47, 0x0f, 0x60, 0x96, 0xe5, 0x31, 0x58,
+ 0x9e, 0x0d, 0x39, 0xb3, 0x20, 0x1e, 0x8d, 0xee, 0x09, 0x3d, 0x1c, 0x02, 0xe8, 0xff, 0xa2, 0x01,
+ 0x1a, 0xef, 0x86, 0xa0, 0x3d, 0xb8, 0x64, 0x1b, 0x34, 0x88, 0x2e, 0xe2, 0x76, 0x12, 0x43, 0xbb,
+ 0x2e, 0x87, 0x76, 0x69, 0x37, 0x43, 0x06, 0x67, 0x6a, 0x46, 0x79, 0x5b, 0xe1, 0xec, 0x79, 0xdb,
+ 0x6b, 0x50, 0xf6, 0xd8, 0x5a, 0x75, 0x64, 0x72, 0x15, 0x7d, 0xf1, 0x3d, 0x4e, 0xc5, 0x92, 0xab,
+ 0xb7, 0x01, 0xe2, 0x27, 0x44, 0xe8, 0x06, 0x94, 0x1c, 0xa3, 0x1f, 0x86, 0xae, 0xa8, 0x32, 0xe0,
+ 0x6f, 0xd1, 0x39, 0x07, 0xbd, 0x02, 0x33, 0xc7, 0x86, 0x3d, 0x08, 0x1f, 0xfb, 0x47, 0xcf, 0xf3,
+ 0xde, 0x65, 0x44, 0x2c, 0x78, 0xfa, 0x5f, 0x16, 0xa0, 0xa6, 0x5c, 0x71, 0x3f, 0xaf, 0xaa, 0xe4,
+ 0x3d, 0x98, 0xf1, 0x8c, 0xe0, 0x30, 0x7c, 0x44, 0xb8, 0x3e, 0xdd, 0x45, 0x3b, 0xcb, 0xce, 0xe2,
+ 0xf1, 0xb2, 0x5f, 0x14, 0x0b, 0xbc, 0x54, 0x92, 0x5b, 0x7c, 0x8e, 0x49, 0xee, 0x4b, 0x50, 0x30,
+ 0x28, 0x4f, 0x5c, 0xab, 0xe2, 0xb6, 0x66, 0x83, 0xe2, 0x82, 0x41, 0xf5, 0x1f, 0x69, 0xb0, 0x90,
+ 0x1a, 0x1b, 0x5a, 0x07, 0xa0, 0xd1, 0x2f, 0xf9, 0x09, 0xa2, 0x1e, 0x41, 0x2c, 0x87, 0x15, 0xa9,
+ 0x73, 0xd7, 0x91, 0xff, 0xaa, 0xc1, 0xf5, 0xd3, 0x2e, 0x00, 0x58, 0x75, 0x22, 0xbb, 0xfc, 0x51,
+ 0x3e, 0xac, 0x25, 0xab, 0x93, 0x07, 0x49, 0x36, 0x4e, 0xcb, 0xa3, 0xdb, 0x50, 0x53, 0x48, 0x72,
+ 0x80, 0x51, 0x2c, 0x55, 0xd4, 0xb1, 0x2a, 0x77, 0x8e, 0x54, 0x46, 0xff, 0x27, 0x0d, 0x2e, 0x65,
+ 0xb5, 0x29, 0x50, 0x2f, 0x7c, 0x86, 0x2a, 0xf2, 0xd7, 0xd6, 0x19, 0xdb, 0x1d, 0x4d, 0xfe, 0x18,
+ 0x75, 0xdb, 0x09, 0xfc, 0x93, 0xec, 0x07, 0xaa, 0xd7, 0xee, 0x02, 0xc4, 0x32, 0x68, 0x11, 0x8a,
+ 0x47, 0xe4, 0x44, 0x2c, 0x1c, 0x66, 0x7f, 0xa2, 0x4b, 0x89, 0x6d, 0x24, 0xf7, 0xcd, 0xb7, 0x0a,
+ 0x77, 0xb5, 0x6f, 0x55, 0xfe, 0xec, 0xaf, 0x1a, 0x17, 0x3e, 0xfb, 0xcd, 0x8d, 0x0b, 0xfa, 0xcf,
+ 0x34, 0x50, 0x33, 0x0d, 0xf4, 0x06, 0x54, 0x0f, 0x83, 0xc0, 0xe3, 0x24, 0x79, 0xbf, 0xce, 0x9f,
+ 0x62, 0xbe, 0xb3, 0xbf, 0xbf, 0xc7, 0x89, 0x38, 0xe6, 0xa3, 0x26, 0x00, 0xfb, 0x41, 0x85, 0x74,
+ 0x29, 0x7e, 0x13, 0xc3, 0xa4, 0xdb, 0x42, 0x5c, 0x91, 0x10, 0x09, 0xb9, 0x10, 0x16, 0xff, 0x1f,
+ 0x23, 0x13, 0x72, 0x21, 0x19, 0xf2, 0xf4, 0xbf, 0xd5, 0x60, 0x69, 0xec, 0x3d, 0x07, 0xda, 0x8b,
+ 0x52, 0x90, 0x69, 0xbb, 0x24, 0x13, 0x92, 0x95, 0x73, 0xfb, 0xf5, 0x5d, 0xb8, 0x24, 0x10, 0xb9,
+ 0xd5, 0xf8, 0xee, 0xfa, 0x99, 0x07, 0x9c, 0xfe, 0xd7, 0x1a, 0x40, 0x5c, 0xb7, 0xa3, 0x03, 0x98,
+ 0x13, 0x43, 0x4a, 0xe4, 0x49, 0xf9, 0x27, 0x78, 0x49, 0x9a, 0x98, 0x6b, 0x2b, 0x28, 0x38, 0x81,
+ 0xc9, 0x6a, 0xd4, 0xbe, 0x3b, 0x70, 0x02, 0xbe, 0xbb, 0x0a, 0xc9, 0xd7, 0xca, 0x0f, 0x43, 0x06,
+ 0x8e, 0x65, 0xf4, 0xcf, 0x8a, 0xb0, 0x9c, 0x71, 0x51, 0xf9, 0xff, 0xba, 0xfb, 0xf3, 0x3a, 0xcc,
+ 0x8a, 0x47, 0xa5, 0x34, 0x9d, 0x33, 0x88, 0x37, 0xa7, 0x14, 0x87, 0x7c, 0xb4, 0x06, 0x35, 0xcb,
+ 0x31, 0x45, 0x43, 0xd7, 0x08, 0xab, 0x7e, 0x71, 0x67, 0x11, 0x93, 0xb1, 0x2a, 0x93, 0x6c, 0x13,
+ 0x94, 0x9f, 0xdd, 0x26, 0xd0, 0xbf, 0x0f, 0x4b, 0x63, 0x59, 0x4f, 0xbe, 0xf0, 0x49, 0xf8, 0x3f,
+ 0x6a, 0xa5, 0xc2, 0xa7, 0xf8, 0xff, 0x2c, 0xc1, 0xd3, 0x7f, 0xae, 0xc1, 0x7c, 0x2a, 0x3d, 0x3c,
+ 0x53, 0x4d, 0xf9, 0x58, 0xad, 0x29, 0xcf, 0x96, 0x64, 0x27, 0xaa, 0x4b, 0xfd, 0x01, 0x64, 0xbf,
+ 0x1b, 0x4c, 0xaf, 0xb8, 0xf6, 0xec, 0x15, 0xd7, 0x7f, 0x59, 0x80, 0x6a, 0xf4, 0xdc, 0x02, 0xbd,
+ 0x95, 0x58, 0xb9, 0xab, 0xea, 0xca, 0x3d, 0x1d, 0x36, 0x84, 0xa0, 0xb2, 0x8c, 0x1f, 0x40, 0x35,
+ 0x7a, 0xae, 0x13, 0xd5, 0xcc, 0xf9, 0x9f, 0xe4, 0x44, 0x9f, 0x36, 0x7a, 0x03, 0x84, 0x63, 0x3c,
+ 0x96, 0xcf, 0x85, 0xef, 0x69, 0x1e, 0x5a, 0xb6, 0x6d, 0x51, 0xd9, 0x72, 0x2f, 0xf2, 0x96, 0x7b,
+ 0x94, 0xcf, 0x6d, 0x65, 0xc8, 0xe0, 0x4c, 0x4d, 0xb4, 0x07, 0x33, 0x34, 0x20, 0x1e, 0x95, 0x1d,
+ 0xac, 0x37, 0x72, 0xbd, 0x44, 0x21, 0x1e, 0xaf, 0xef, 0x23, 0x17, 0x61, 0x14, 0x8a, 0x05, 0x90,
+ 0xfe, 0x5f, 0x1a, 0x54, 0x42, 0x11, 0xf4, 0x66, 0x62, 0xf1, 0xea, 0xa9, 0xc5, 0xe3, 0x72, 0xff,
+ 0x67, 0xd7, 0x4e, 0x1f, 0x6a, 0x30, 0x9f, 0xbc, 0xbc, 0x53, 0x2a, 0x5e, 0xed, 0xb4, 0x8a, 0x17,
+ 0xbd, 0x09, 0x15, 0xc3, 0xb6, 0xdd, 0x4f, 0xb6, 0x9d, 0x63, 0xd9, 0x65, 0x8a, 0x6e, 0xa3, 0x36,
+ 0x24, 0x1d, 0x47, 0x12, 0xe8, 0x18, 0x16, 0x84, 0x5e, 0xfc, 0x5e, 0xaa, 0x98, 0xfb, 0x52, 0x24,
+ 0x2b, 0xd8, 0xb4, 0x96, 0x59, 0x7a, 0xd4, 0x4e, 0x62, 0xe2, 0xb4, 0x91, 0xd6, 0xcd, 0x27, 0x5f,
+ 0xae, 0x5c, 0xf8, 0xf5, 0x97, 0x2b, 0x17, 0xbe, 0xf8, 0x72, 0xe5, 0xc2, 0x67, 0xa3, 0x15, 0xed,
+ 0xc9, 0x68, 0x45, 0xfb, 0xf5, 0x68, 0x45, 0xfb, 0x62, 0xb4, 0xa2, 0xfd, 0xc7, 0x68, 0x45, 0xfb,
+ 0xd3, 0xff, 0x5c, 0xb9, 0xf0, 0xfd, 0xc2, 0xf1, 0xda, 0xff, 0x04, 0x00, 0x00, 0xff, 0xff, 0x3d,
+ 0xc4, 0x8b, 0x1e, 0x67, 0x3d, 0x00, 0x00,
}
diff --git a/vendor/github.com/openshift/api/build/v1/generated.proto b/vendor/github.com/openshift/api/build/v1/generated.proto
index 2f6b987b077a..e4b3b50e961a 100644
--- a/vendor/github.com/openshift/api/build/v1/generated.proto
+++ b/vendor/github.com/openshift/api/build/v1/generated.proto
@@ -780,6 +780,9 @@ message ImageChangeTrigger {
// will be used. Only one ImageChangeTrigger with an empty From reference is allowed in
// a build configuration.
optional k8s.io.api.core.v1.ObjectReference from = 2;
+
+ // paused is true if this trigger is temporarily disabled. Optional.
+ optional bool paused = 3;
}
// ImageLabel represents a label applied to the resulting image.
diff --git a/vendor/github.com/openshift/api/build/v1/types.go b/vendor/github.com/openshift/api/build/v1/types.go
index 7b1fe2a70aea..a33d9307cce1 100644
--- a/vendor/github.com/openshift/api/build/v1/types.go
+++ b/vendor/github.com/openshift/api/build/v1/types.go
@@ -968,6 +968,9 @@ type ImageChangeTrigger struct {
// will be used. Only one ImageChangeTrigger with an empty From reference is allowed in
// a build configuration.
From *corev1.ObjectReference `json:"from,omitempty" protobuf:"bytes,2,opt,name=from"`
+
+ // paused is true if this trigger is temporarily disabled. Optional.
+ Paused bool `json:"paused,omitempty" protobuf:"varint,3,opt,name=paused"`
}
// BuildTriggerPolicy describes a policy for a single trigger that results in a new Build.
diff --git a/vendor/github.com/openshift/api/build/v1/types_swagger_doc_generated.go b/vendor/github.com/openshift/api/build/v1/types_swagger_doc_generated.go
index fd52fe793bf3..013a3a9a4b2d 100644
--- a/vendor/github.com/openshift/api/build/v1/types_swagger_doc_generated.go
+++ b/vendor/github.com/openshift/api/build/v1/types_swagger_doc_generated.go
@@ -440,6 +440,7 @@ var map_ImageChangeTrigger = map[string]string{
"": "ImageChangeTrigger allows builds to be triggered when an ImageStream changes",
"lastTriggeredImageID": "lastTriggeredImageID is used internally by the ImageChangeController to save last used image ID for build",
"from": "from is a reference to an ImageStreamTag that will trigger a build when updated It is optional. If no From is specified, the From image from the build strategy will be used. Only one ImageChangeTrigger with an empty From reference is allowed in a build configuration.",
+ "paused": "paused is true if this trigger is temporarily disabled. Optional.",
}
func (ImageChangeTrigger) SwaggerDoc() map[string]string {
diff --git a/vendor/github.com/openshift/api/security/v1/generated.pb.go b/vendor/github.com/openshift/api/security/v1/generated.pb.go
index 8b4fd88e782a..ac9cd63ba9f9 100644
--- a/vendor/github.com/openshift/api/security/v1/generated.pb.go
+++ b/vendor/github.com/openshift/api/security/v1/generated.pb.go
@@ -932,6 +932,30 @@ func (m *SecurityContextConstraints) MarshalTo(dAtA []byte) (int, error) {
i += n
}
}
+ if m.DefaultAllowPrivilegeEscalation != nil {
+ dAtA[i] = 0xb0
+ i++
+ dAtA[i] = 0x1
+ i++
+ if *m.DefaultAllowPrivilegeEscalation {
+ dAtA[i] = 1
+ } else {
+ dAtA[i] = 0
+ }
+ i++
+ }
+ if m.AllowPrivilegeEscalation != nil {
+ dAtA[i] = 0xb8
+ i++
+ dAtA[i] = 0x1
+ i++
+ if *m.AllowPrivilegeEscalation {
+ dAtA[i] = 1
+ } else {
+ dAtA[i] = 0
+ }
+ i++
+ }
return i, nil
}
@@ -1316,6 +1340,12 @@ func (m *SecurityContextConstraints) Size() (n int) {
n += 2 + l + sovGenerated(uint64(l))
}
}
+ if m.DefaultAllowPrivilegeEscalation != nil {
+ n += 3
+ }
+ if m.AllowPrivilegeEscalation != nil {
+ n += 3
+ }
return n
}
@@ -1563,6 +1593,8 @@ func (this *SecurityContextConstraints) String() string {
`Groups:` + fmt.Sprintf("%v", this.Groups) + `,`,
`SeccompProfiles:` + fmt.Sprintf("%v", this.SeccompProfiles) + `,`,
`AllowedFlexVolumes:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.AllowedFlexVolumes), "AllowedFlexVolume", "AllowedFlexVolume", 1), `&`, ``, 1) + `,`,
+ `DefaultAllowPrivilegeEscalation:` + valueToStringGenerated(this.DefaultAllowPrivilegeEscalation) + `,`,
+ `AllowPrivilegeEscalation:` + valueToStringGenerated(this.AllowPrivilegeEscalation) + `,`,
`}`,
}, "")
return s
@@ -3840,6 +3872,48 @@ func (m *SecurityContextConstraints) Unmarshal(dAtA []byte) error {
return err
}
iNdEx = postIndex
+ case 22:
+ if wireType != 0 {
+ return fmt.Errorf("proto: wrong wireType = %d for field DefaultAllowPrivilegeEscalation", wireType)
+ }
+ var v int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ v |= (int(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ b := bool(v != 0)
+ m.DefaultAllowPrivilegeEscalation = &b
+ case 23:
+ if wireType != 0 {
+ return fmt.Errorf("proto: wrong wireType = %d for field AllowPrivilegeEscalation", wireType)
+ }
+ var v int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ v |= (int(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ b := bool(v != 0)
+ m.AllowPrivilegeEscalation = &b
default:
iNdEx = preIndex
skippy, err := skipGenerated(dAtA[iNdEx:])
@@ -4301,110 +4375,112 @@ func init() {
}
var fileDescriptorGenerated = []byte{
- // 1665 bytes of a gzipped FileDescriptorProto
- 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xcc, 0x58, 0xcd, 0x6f, 0xdb, 0x46,
- 0x16, 0x37, 0x2d, 0x7f, 0x69, 0xec, 0xd8, 0xce, 0x38, 0x71, 0xb8, 0xde, 0xb5, 0xe4, 0x65, 0xb2,
- 0x81, 0xb1, 0xbb, 0x91, 0xd6, 0xd9, 0xec, 0x26, 0x45, 0x9a, 0xa0, 0xa2, 0x55, 0x27, 0x2e, 0xf2,
- 0xa1, 0x8c, 0xe2, 0x1c, 0x82, 0xa0, 0xe8, 0x98, 0x1a, 0xcb, 0x13, 0x53, 0x24, 0xcb, 0x19, 0x2a,
- 0x16, 0x7a, 0x09, 0xd0, 0x4b, 0x8f, 0x05, 0x7a, 0xef, 0xb9, 0xfd, 0x07, 0x7a, 0x29, 0xda, 0x1e,
- 0x7a, 0x09, 0xd0, 0x02, 0xcd, 0xa9, 0xc8, 0x49, 0x68, 0x54, 0xf4, 0xd4, 0x63, 0x6f, 0x39, 0x15,
- 0x33, 0x1a, 0x7d, 0x90, 0x22, 0x6d, 0x25, 0x4d, 0x82, 0xde, 0xc4, 0xf7, 0xde, 0xef, 0xf7, 0x7e,
- 0x6f, 0xf8, 0x38, 0xf3, 0x46, 0xe0, 0x5c, 0x95, 0xf2, 0xdd, 0x60, 0x3b, 0x67, 0xb9, 0xb5, 0xbc,
- 0xeb, 0x11, 0x87, 0xed, 0xd2, 0x1d, 0x9e, 0xc7, 0x1e, 0xcd, 0x33, 0x62, 0x05, 0x3e, 0xe5, 0x8d,
- 0x7c, 0x7d, 0x2d, 0x5f, 0x25, 0x0e, 0xf1, 0x31, 0x27, 0x95, 0x9c, 0xe7, 0xbb, 0xdc, 0x85, 0xa7,
- 0x7a, 0xa8, 0x5c, 0x17, 0x95, 0xc3, 0x1e, 0xcd, 0x75, 0x50, 0xb9, 0xfa, 0xda, 0xd2, 0x99, 0x3e,
- 0xee, 0xaa, 0x5b, 0x75, 0xf3, 0x12, 0xbc, 0x1d, 0xec, 0xc8, 0x27, 0xf9, 0x20, 0x7f, 0xb5, 0x49,
- 0x97, 0x8c, 0xbd, 0x0b, 0x2c, 0x47, 0x5d, 0x99, 0xdc, 0x72, 0x7d, 0x12, 0x93, 0x78, 0xe9, 0x5c,
- 0x2f, 0xa6, 0x86, 0xad, 0x5d, 0xea, 0x10, 0xbf, 0x91, 0xf7, 0xf6, 0xaa, 0xc2, 0xc0, 0xf2, 0x35,
- 0xc2, 0x71, 0x1c, 0x2a, 0x9f, 0x84, 0xf2, 0x03, 0x87, 0xd3, 0x1a, 0x19, 0x00, 0xfc, 0xff, 0x30,
- 0x00, 0xb3, 0x76, 0x49, 0x0d, 0x0f, 0xe0, 0xfe, 0x9b, 0x84, 0x0b, 0x38, 0xb5, 0xf3, 0xd4, 0xe1,
- 0x8c, 0xfb, 0x51, 0x90, 0x71, 0x11, 0x1c, 0x2d, 0xd8, 0xb6, 0xfb, 0x80, 0x54, 0x36, 0x6c, 0xb2,
- 0x7f, 0xc7, 0xb5, 0x83, 0x1a, 0x81, 0xa7, 0xc1, 0x44, 0xc5, 0xa7, 0x75, 0xe2, 0xeb, 0xda, 0x8a,
- 0xb6, 0x9a, 0x36, 0x67, 0x1f, 0x35, 0xb3, 0x23, 0xad, 0x66, 0x76, 0xa2, 0x28, 0xad, 0x48, 0x79,
- 0x8d, 0xcf, 0x34, 0xb0, 0xb8, 0x51, 0xbe, 0xe2, 0xbb, 0x81, 0x57, 0xe6, 0x82, 0xb5, 0xda, 0xb8,
- 0xe9, 0x71, 0xea, 0x3a, 0x0c, 0x9e, 0x07, 0x63, 0xbc, 0xe1, 0x11, 0x45, 0x70, 0x52, 0x11, 0x8c,
- 0xdd, 0x6e, 0x78, 0xe4, 0x59, 0x33, 0xbb, 0x10, 0x41, 0x09, 0x33, 0x92, 0x00, 0xb8, 0x05, 0x26,
- 0x7c, 0xec, 0x54, 0x09, 0xd3, 0x47, 0x57, 0x52, 0xab, 0xd3, 0x67, 0xcf, 0xe4, 0x86, 0x79, 0xdd,
- 0xb9, 0xcd, 0x22, 0x12, 0xa8, 0x9e, 0x54, 0xf9, 0xc8, 0x90, 0x22, 0x33, 0xae, 0x80, 0x49, 0x15,
- 0x02, 0x97, 0x41, 0xaa, 0x46, 0x1d, 0xa9, 0x2c, 0x65, 0x4e, 0xab, 0xf8, 0xd4, 0x75, 0xea, 0x20,
- 0x61, 0x97, 0x6e, 0xbc, 0xaf, 0x8f, 0x46, 0xdc, 0x78, 0x1f, 0x09, 0xbb, 0xf1, 0xab, 0x06, 0x4e,
- 0x94, 0xdc, 0x4a, 0x59, 0xe5, 0x2e, 0xb9, 0x36, 0xb5, 0x1a, 0x88, 0xd4, 0x29, 0x79, 0x00, 0x2d,
- 0x30, 0xc6, 0x3c, 0x62, 0x49, 0xea, 0xe9, 0xb3, 0x85, 0xe1, 0x94, 0x27, 0x90, 0x95, 0x3d, 0x62,
- 0x99, 0x33, 0x9d, 0x75, 0x13, 0x4f, 0x48, 0x92, 0xc3, 0x3d, 0x30, 0xc1, 0x38, 0xe6, 0x01, 0x93,
- 0x12, 0xa7, 0xcf, 0xae, 0xff, 0xb1, 0x34, 0x92, 0xaa, 0xb7, 0x6c, 0xed, 0x67, 0xa4, 0x52, 0x18,
- 0x5f, 0x6a, 0xe0, 0xaf, 0x07, 0x08, 0x84, 0xb7, 0xc0, 0x14, 0x27, 0x35, 0xcf, 0xc6, 0x9c, 0xa8,
- 0xaa, 0x4f, 0xe6, 0xda, 0x6d, 0x28, 0x05, 0x88, 0x2f, 0x49, 0x25, 0xbf, 0xad, 0xc2, 0x64, 0x5d,
- 0xf3, 0x2a, 0xdd, 0x54, 0xc7, 0x8a, 0xba, 0x34, 0x70, 0x13, 0x2c, 0x30, 0xe2, 0xd7, 0xa9, 0x45,
- 0x0a, 0x96, 0xe5, 0x06, 0x0e, 0xbf, 0x81, 0x6b, 0xaa, 0x1b, 0xd2, 0xe6, 0x89, 0x56, 0x33, 0xbb,
- 0x50, 0x1e, 0x74, 0xa3, 0x38, 0x8c, 0xf1, 0x9d, 0x06, 0x96, 0x0f, 0xac, 0x1b, 0x7e, 0xae, 0x81,
- 0x45, 0xdc, 0xee, 0xff, 0x30, 0x2b, 0xd3, 0x35, 0xd9, 0x7e, 0xb7, 0x86, 0x5b, 0xdd, 0x30, 0xf8,
- 0xe0, 0xb5, 0xce, 0xa8, 0xe2, 0x17, 0x0b, 0xb1, 0x89, 0x51, 0x82, 0x20, 0xe3, 0xa3, 0x51, 0x60,
- 0x0c, 0x30, 0x97, 0x89, 0xbd, 0x53, 0x0e, 0xb6, 0xef, 0x13, 0x8b, 0xab, 0x26, 0x74, 0x42, 0x4d,
- 0x78, 0xed, 0x05, 0xbb, 0x63, 0x80, 0x37, 0xb1, 0x1f, 0xfd, 0x48, 0x3f, 0xbe, 0xf3, 0xa2, 0x19,
- 0x43, 0xd9, 0x0e, 0x6e, 0xcb, 0x0f, 0xc0, 0xe9, 0xe1, 0x14, 0xbf, 0x82, 0x06, 0x35, 0x1e, 0x8e,
- 0x82, 0xcc, 0xc1, 0xea, 0xe1, 0xfd, 0xd0, 0x3b, 0xb8, 0xfa, 0x52, 0x56, 0xe4, 0xcf, 0xb4, 0xfe,
- 0x5f, 0x69, 0x71, 0xad, 0xf8, 0x1a, 0x16, 0x1f, 0xae, 0x80, 0xb1, 0x80, 0x11, 0x5f, 0xd6, 0x9a,
- 0xee, 0xad, 0xc7, 0x16, 0x23, 0x3e, 0x92, 0x1e, 0x68, 0x80, 0x89, 0xaa, 0x38, 0x5b, 0x98, 0x9e,
- 0x92, 0x5b, 0x06, 0x10, 0xfa, 0xe5, 0x69, 0xc3, 0x90, 0xf2, 0x18, 0xbf, 0x69, 0xe0, 0xd4, 0x30,
- 0x0b, 0x00, 0x4b, 0x20, 0xad, 0xbe, 0x46, 0xb3, 0x71, 0x50, 0x09, 0x37, 0x15, 0x74, 0x87, 0xf8,
- 0xc4, 0xb1, 0x88, 0x79, 0xa4, 0xd5, 0xcc, 0xa6, 0x0b, 0x1d, 0x24, 0xea, 0x91, 0x88, 0xb3, 0xd5,
- 0x27, 0x98, 0xb9, 0x8e, 0x2a, 0xa1, 0x77, 0x60, 0x49, 0x2b, 0x52, 0xde, 0xd0, 0xda, 0xa5, 0x5e,
- 0x4e, 0xe3, 0x7e, 0xa1, 0x81, 0x39, 0x79, 0x04, 0x0a, 0x61, 0x16, 0x16, 0x07, 0x35, 0x7c, 0x0f,
- 0x4c, 0x89, 0xc1, 0xa5, 0x82, 0x39, 0x56, 0xf5, 0xfd, 0xa7, 0x2f, 0x4d, 0x77, 0x8e, 0xc8, 0x79,
- 0x7b, 0x55, 0x61, 0x60, 0x39, 0x11, 0xdd, 0xab, 0xf8, 0x3a, 0xe1, 0xd8, 0x84, 0x2a, 0x27, 0xe8,
- 0xd9, 0x50, 0x97, 0x15, 0x9e, 0x04, 0xe3, 0xf2, 0x0c, 0x56, 0xf5, 0x1e, 0x51, 0xc1, 0xe3, 0x52,
- 0x09, 0x6a, 0xfb, 0xe0, 0xdf, 0xc0, 0x98, 0x94, 0x20, 0x2a, 0x9d, 0x31, 0xa7, 0xc4, 0x2b, 0x2d,
- 0x62, 0x8e, 0x91, 0xb4, 0x1a, 0x3f, 0x68, 0x60, 0x21, 0x22, 0xfc, 0x1a, 0x65, 0x1c, 0xde, 0x1b,
- 0x10, 0x9f, 0x1b, 0x4e, 0xbc, 0x40, 0x4b, 0xe9, 0xdd, 0xe5, 0xea, 0x58, 0xfa, 0x84, 0xdf, 0x05,
- 0xe3, 0x94, 0x93, 0x5a, 0x67, 0x10, 0xf9, 0xdf, 0x70, 0xdf, 0x55, 0x44, 0x67, 0xaf, 0xde, 0x4d,
- 0xc1, 0x85, 0xda, 0x94, 0xc6, 0x8f, 0x1a, 0xd0, 0x51, 0xe0, 0x14, 0x98, 0x68, 0xdc, 0xe8, 0xec,
- 0xf4, 0x46, 0x68, 0x76, 0xfa, 0x47, 0x64, 0x76, 0x3a, 0x3e, 0x80, 0xeb, 0x9b, 0x9e, 0xfe, 0x02,
- 0x52, 0x01, 0xad, 0xa8, 0xe1, 0x65, 0x52, 0x0c, 0x2e, 0x5b, 0x9b, 0x45, 0x24, 0x6c, 0x70, 0x0d,
- 0x4c, 0x07, 0xb4, 0x22, 0xe5, 0x5d, 0xa7, 0x8e, 0x5c, 0xe9, 0x94, 0x39, 0xd7, 0x6a, 0x66, 0xa7,
- 0xb7, 0xd4, 0x64, 0x24, 0x46, 0xa0, 0xfe, 0x98, 0x10, 0x04, 0xef, 0xeb, 0x63, 0x31, 0x10, 0xbc,
- 0x8f, 0xfa, 0x63, 0x8c, 0x6f, 0x34, 0xb0, 0x5c, 0x7e, 0xfb, 0x1a, 0x75, 0x82, 0xfd, 0x75, 0xd7,
- 0xe1, 0x64, 0x9f, 0x47, 0xab, 0xbb, 0x1c, 0xaa, 0xee, 0x9f, 0x91, 0xea, 0x96, 0xe2, 0xc1, 0x7d,
- 0x25, 0xbe, 0x0b, 0x66, 0x19, 0x91, 0x31, 0x8a, 0x51, 0xed, 0x7b, 0x46, 0xdc, 0xe7, 0xa1, 0xd8,
- 0x54, 0xa4, 0x09, 0x5b, 0xcd, 0xec, 0x6c, 0xd8, 0x86, 0x22, 0x6c, 0xc6, 0xb7, 0xb3, 0x60, 0xa9,
- 0xb3, 0x31, 0x28, 0x15, 0xeb, 0xae, 0xc3, 0xb8, 0x8f, 0xc5, 0x08, 0xfd, 0x1a, 0x3e, 0x98, 0x55,
- 0x30, 0xe5, 0xf9, 0xd4, 0x15, 0xf9, 0x65, 0x69, 0xe3, 0xe6, 0x8c, 0xe8, 0xd0, 0x92, 0xb2, 0xa1,
- 0xae, 0x17, 0xde, 0x03, 0xba, 0xdc, 0x58, 0x4a, 0x3e, 0xad, 0x53, 0x9b, 0x54, 0x49, 0x45, 0x08,
- 0xc6, 0x42, 0x80, 0x7c, 0xbf, 0x53, 0xe6, 0x8a, 0xca, 0xa4, 0x17, 0x12, 0xe2, 0x50, 0x22, 0x03,
- 0x64, 0x60, 0xb1, 0x42, 0x76, 0x70, 0x60, 0xf3, 0x42, 0xa5, 0xb2, 0x8e, 0x3d, 0xbc, 0x4d, 0x6d,
- 0xca, 0x29, 0x61, 0xfa, 0x98, 0xdc, 0x58, 0x2f, 0x8a, 0x19, 0xa6, 0x18, 0x1b, 0xf1, 0xac, 0x99,
- 0x5d, 0x1e, 0xbc, 0x50, 0xe5, 0xba, 0x21, 0x0d, 0x94, 0x40, 0x0d, 0x1b, 0x40, 0xf7, 0xc9, 0xfb,
- 0x01, 0xf5, 0x49, 0xa5, 0xe8, 0xbb, 0x5e, 0x28, 0xed, 0xb8, 0x4c, 0x7b, 0x49, 0x94, 0x83, 0x12,
- 0x62, 0x0e, 0x4f, 0x9c, 0x48, 0x0f, 0xef, 0x83, 0x05, 0xb5, 0x4d, 0x87, 0xb2, 0x4e, 0xc8, 0xac,
- 0x17, 0xc4, 0xe0, 0x59, 0x18, 0x74, 0x1f, 0x9e, 0x30, 0x8e, 0xb4, 0xfb, 0xe6, 0xae, 0xba, 0x8c,
- 0x17, 0xa9, 0xdf, 0xbe, 0x77, 0x95, 0xec, 0xa0, 0x4a, 0x1d, 0x7d, 0x32, 0xe6, 0xcd, 0xc5, 0xc4,
- 0xa1, 0x44, 0x06, 0x98, 0x07, 0x93, 0x75, 0xf9, 0xcc, 0xf4, 0x29, 0xa9, 0xfe, 0x78, 0xab, 0x99,
- 0x9d, 0x6c, 0x87, 0x08, 0xc5, 0x13, 0x1b, 0x65, 0xf9, 0x41, 0x75, 0xa2, 0x60, 0x11, 0xcc, 0x77,
- 0xc9, 0x6e, 0x10, 0xfe, 0xc0, 0xf5, 0xf7, 0xf4, 0xb4, 0x94, 0xa1, 0x2b, 0x19, 0xf3, 0x85, 0x88,
- 0x1f, 0x0d, 0x20, 0xe0, 0x65, 0x30, 0xdb, 0xb5, 0x95, 0x5c, 0x9f, 0x33, 0x1d, 0x48, 0x8e, 0x45,
- 0xc5, 0x31, 0x5b, 0x08, 0x79, 0x51, 0x24, 0x1a, 0x5e, 0x00, 0x33, 0x3d, 0xcb, 0x66, 0x51, 0x9f,
- 0x96, 0xe8, 0x63, 0x0a, 0x3d, 0x53, 0xe8, 0xf3, 0xa1, 0x50, 0x64, 0x08, 0xb9, 0x59, 0x5a, 0xd7,
- 0x67, 0x12, 0x90, 0x9b, 0xa5, 0x75, 0x14, 0x8a, 0x84, 0x1f, 0x6a, 0xdd, 0xed, 0x44, 0x7d, 0xec,
- 0xfa, 0x91, 0xe7, 0xb9, 0x56, 0x1d, 0xb8, 0xd7, 0xf5, 0x2a, 0x0f, 0x87, 0xa1, 0x48, 0x4a, 0xe8,
- 0x82, 0xb4, 0xdf, 0xd9, 0xd5, 0xf5, 0x59, 0x99, 0xff, 0xf2, 0x90, 0xc7, 0x4d, 0xc2, 0x21, 0x62,
- 0x1e, 0x55, 0xa9, 0xd3, 0xdd, 0x08, 0xd4, 0xcb, 0x01, 0x3f, 0xd1, 0x00, 0x64, 0x81, 0xe7, 0xd9,
- 0xa4, 0x46, 0x1c, 0x8e, 0xed, 0xf6, 0x7c, 0xa4, 0xcf, 0xc9, 0xd4, 0x57, 0x86, 0x2c, 0x7d, 0x00,
- 0x1f, 0xd5, 0xb0, 0xa4, 0x34, 0xc0, 0xc1, 0x50, 0x14, 0x93, 0x1e, 0x56, 0xc1, 0xe4, 0x0e, 0x93,
- 0xbf, 0xf5, 0x79, 0xa9, 0xe4, 0xcd, 0xe1, 0x94, 0xc4, 0xff, 0x07, 0x61, 0xce, 0xa9, 0xf4, 0x93,
- 0xca, 0x8f, 0x3a, 0xec, 0xf0, 0x0e, 0x58, 0xf4, 0x09, 0xae, 0xdc, 0x74, 0xec, 0x06, 0x72, 0x5d,
- 0xbe, 0x41, 0x6d, 0xc2, 0x1a, 0x8c, 0x93, 0x9a, 0x7e, 0x54, 0x76, 0x4e, 0xf7, 0x8a, 0x86, 0x62,
- 0xa3, 0x50, 0x02, 0x1a, 0x66, 0xc1, 0xb8, 0x98, 0x41, 0x99, 0x0e, 0xe5, 0x67, 0x97, 0x16, 0xe7,
- 0xbe, 0x58, 0x6f, 0x86, 0xda, 0xf6, 0xbe, 0xe1, 0x74, 0x21, 0x69, 0x38, 0x85, 0x97, 0xc0, 0x1c,
- 0x23, 0x96, 0xe5, 0xd6, 0xbc, 0x92, 0xef, 0xee, 0x08, 0x72, 0xfd, 0x98, 0x0c, 0x5e, 0x68, 0x35,
- 0xb3, 0x73, 0xe5, 0xb0, 0x0b, 0x45, 0x63, 0x45, 0x47, 0x43, 0x1c, 0xfd, 0x4b, 0x87, 0xe9, 0xc7,
- 0xe5, 0x10, 0x73, 0x7e, 0xb8, 0x05, 0x1d, 0xf8, 0x4b, 0xa8, 0xf7, 0x2a, 0x07, 0x5c, 0x0c, 0xc5,
- 0xa4, 0x33, 0x7e, 0xd1, 0x40, 0x26, 0xf9, 0x14, 0x7d, 0x0d, 0xd3, 0x1b, 0x09, 0x4f, 0x6f, 0x6f,
- 0x0d, 0x7b, 0x8f, 0x4f, 0x92, 0x9c, 0x30, 0xc8, 0x7d, 0x3a, 0x0a, 0xfe, 0xf5, 0x1c, 0x97, 0x7f,
- 0xf8, 0xbd, 0x06, 0x4e, 0x79, 0x43, 0xdc, 0x3c, 0xd4, 0x8a, 0xbc, 0xcc, 0xcb, 0xdc, 0xbf, 0x55,
- 0x01, 0x43, 0xdd, 0x7c, 0xd0, 0x50, 0x2a, 0xc5, 0x75, 0xcc, 0xc1, 0x35, 0x12, 0xbd, 0x8e, 0xdd,
- 0xc0, 0x35, 0x82, 0xa4, 0xc7, 0xf8, 0x5a, 0x03, 0x7f, 0x3f, 0x74, 0xa7, 0x80, 0x66, 0x68, 0x28,
- 0xcc, 0x45, 0x86, 0xc2, 0x4c, 0x32, 0xc1, 0x2b, 0xff, 0xe7, 0xd0, 0x5c, 0x7d, 0xf4, 0x34, 0x33,
- 0xf2, 0xf8, 0x69, 0x66, 0xe4, 0xc9, 0xd3, 0xcc, 0xc8, 0xc3, 0x56, 0x46, 0x7b, 0xd4, 0xca, 0x68,
- 0x8f, 0x5b, 0x19, 0xed, 0x49, 0x2b, 0xa3, 0xfd, 0xd4, 0xca, 0x68, 0x1f, 0xff, 0x9c, 0x19, 0xb9,
- 0x3b, 0x5a, 0x5f, 0xfb, 0x3d, 0x00, 0x00, 0xff, 0xff, 0x9c, 0xe4, 0x50, 0xb7, 0xcf, 0x16, 0x00,
- 0x00,
+ // 1708 bytes of a gzipped FileDescriptorProto
+ 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xcc, 0x58, 0xcd, 0x6f, 0x1b, 0x4d,
+ 0x19, 0xcf, 0xc6, 0xf9, 0xf2, 0x24, 0x4d, 0xd2, 0xc9, 0xdb, 0x74, 0x09, 0x8d, 0x1d, 0x36, 0xa5,
+ 0x8a, 0x80, 0xda, 0xa4, 0x14, 0x5a, 0x54, 0x5a, 0xe1, 0x8d, 0x9b, 0x36, 0xa8, 0x1f, 0xee, 0xb8,
+ 0xa9, 0x50, 0x55, 0x21, 0x26, 0xeb, 0x89, 0x33, 0xcd, 0x7e, 0xb1, 0x33, 0xeb, 0xc6, 0xe2, 0x52,
+ 0x89, 0x0b, 0x07, 0x0e, 0x48, 0xdc, 0x39, 0xc3, 0x3f, 0xc0, 0x05, 0x01, 0xd7, 0x4a, 0x20, 0xd1,
+ 0x13, 0xea, 0xc9, 0xa2, 0x46, 0x9c, 0x38, 0x72, 0xeb, 0x09, 0xcd, 0x78, 0xfc, 0xb1, 0xeb, 0x5d,
+ 0xc7, 0x2d, 0x6d, 0xf5, 0xde, 0x76, 0x9f, 0x8f, 0xdf, 0xf3, 0x7b, 0x9e, 0x7d, 0x66, 0xe6, 0x99,
+ 0x05, 0x57, 0xeb, 0x94, 0x1f, 0x85, 0x07, 0x05, 0xcb, 0x73, 0x8a, 0x9e, 0x4f, 0x5c, 0x76, 0x44,
+ 0x0f, 0x79, 0x11, 0xfb, 0xb4, 0xc8, 0x88, 0x15, 0x06, 0x94, 0x37, 0x8b, 0x8d, 0xed, 0x62, 0x9d,
+ 0xb8, 0x24, 0xc0, 0x9c, 0xd4, 0x0a, 0x7e, 0xe0, 0x71, 0x0f, 0x5e, 0xec, 0x7b, 0x15, 0x7a, 0x5e,
+ 0x05, 0xec, 0xd3, 0x42, 0xd7, 0xab, 0xd0, 0xd8, 0x5e, 0xbb, 0x3c, 0x80, 0x5d, 0xf7, 0xea, 0x5e,
+ 0x51, 0x3a, 0x1f, 0x84, 0x87, 0xf2, 0x4d, 0xbe, 0xc8, 0xa7, 0x0e, 0xe8, 0x9a, 0x71, 0x7c, 0x9d,
+ 0x15, 0xa8, 0x27, 0x83, 0x5b, 0x5e, 0x40, 0x12, 0x02, 0xaf, 0x5d, 0xed, 0xdb, 0x38, 0xd8, 0x3a,
+ 0xa2, 0x2e, 0x09, 0x9a, 0x45, 0xff, 0xb8, 0x2e, 0x04, 0xac, 0xe8, 0x10, 0x8e, 0x93, 0xbc, 0x8a,
+ 0x69, 0x5e, 0x41, 0xe8, 0x72, 0xea, 0x90, 0x21, 0x87, 0xef, 0x9d, 0xe6, 0xc0, 0xac, 0x23, 0xe2,
+ 0xe0, 0x21, 0xbf, 0xef, 0xa4, 0xf9, 0x85, 0x9c, 0xda, 0x45, 0xea, 0x72, 0xc6, 0x83, 0xb8, 0x93,
+ 0x71, 0x03, 0x9c, 0x2d, 0xd9, 0xb6, 0xf7, 0x82, 0xd4, 0x76, 0x6d, 0x72, 0xf2, 0xc4, 0xb3, 0x43,
+ 0x87, 0xc0, 0x4b, 0x60, 0xa6, 0x16, 0xd0, 0x06, 0x09, 0x74, 0x6d, 0x43, 0xdb, 0xca, 0x9a, 0x8b,
+ 0xaf, 0x5a, 0xf9, 0x89, 0x76, 0x2b, 0x3f, 0x53, 0x96, 0x52, 0xa4, 0xb4, 0xc6, 0xef, 0x34, 0xb0,
+ 0xba, 0x5b, 0xbd, 0x13, 0x78, 0xa1, 0x5f, 0xe5, 0x02, 0xb5, 0xde, 0x7c, 0xe8, 0x73, 0xea, 0xb9,
+ 0x0c, 0x5e, 0x03, 0x53, 0xbc, 0xe9, 0x13, 0x05, 0xb0, 0xa9, 0x00, 0xa6, 0x1e, 0x37, 0x7d, 0xf2,
+ 0xae, 0x95, 0x5f, 0x89, 0x79, 0x09, 0x31, 0x92, 0x0e, 0x70, 0x1f, 0xcc, 0x04, 0xd8, 0xad, 0x13,
+ 0xa6, 0x4f, 0x6e, 0x64, 0xb6, 0xe6, 0xaf, 0x5c, 0x2e, 0x8c, 0xf3, 0xb9, 0x0b, 0x7b, 0x65, 0x24,
+ 0xbc, 0xfa, 0x54, 0xe5, 0x2b, 0x43, 0x0a, 0xcc, 0xb8, 0x03, 0x66, 0x95, 0x09, 0x5c, 0x07, 0x19,
+ 0x87, 0xba, 0x92, 0x59, 0xc6, 0x9c, 0x57, 0xf6, 0x99, 0xfb, 0xd4, 0x45, 0x42, 0x2e, 0xd5, 0xf8,
+ 0x44, 0x9f, 0x8c, 0xa9, 0xf1, 0x09, 0x12, 0x72, 0xe3, 0x3f, 0x1a, 0x38, 0x5f, 0xf1, 0x6a, 0x55,
+ 0x15, 0xbb, 0xe2, 0xd9, 0xd4, 0x6a, 0x22, 0xd2, 0xa0, 0xe4, 0x05, 0xb4, 0xc0, 0x14, 0xf3, 0x89,
+ 0x25, 0xa1, 0xe7, 0xaf, 0x94, 0xc6, 0x63, 0x9e, 0x02, 0x56, 0xf5, 0x89, 0x65, 0x2e, 0x74, 0xeb,
+ 0x26, 0xde, 0x90, 0x04, 0x87, 0xc7, 0x60, 0x86, 0x71, 0xcc, 0x43, 0x26, 0x29, 0xce, 0x5f, 0xd9,
+ 0xf9, 0xff, 0xc2, 0x48, 0xa8, 0x7e, 0xd9, 0x3a, 0xef, 0x48, 0x85, 0x30, 0xfe, 0xa8, 0x81, 0xaf,
+ 0x8e, 0x20, 0x08, 0x1f, 0x81, 0x39, 0x4e, 0x1c, 0xdf, 0xc6, 0x9c, 0xa8, 0xac, 0x37, 0x0b, 0x9d,
+ 0x36, 0x94, 0x04, 0xc4, 0x4a, 0x52, 0xc1, 0x1f, 0x2b, 0x33, 0x99, 0xd7, 0xb2, 0x0a, 0x37, 0xd7,
+ 0x95, 0xa2, 0x1e, 0x0c, 0xdc, 0x03, 0x2b, 0x8c, 0x04, 0x0d, 0x6a, 0x91, 0x92, 0x65, 0x79, 0xa1,
+ 0xcb, 0x1f, 0x60, 0x47, 0x75, 0x43, 0xd6, 0x3c, 0xdf, 0x6e, 0xe5, 0x57, 0xaa, 0xc3, 0x6a, 0x94,
+ 0xe4, 0x63, 0xfc, 0x55, 0x03, 0xeb, 0x23, 0xf3, 0x86, 0xbf, 0xd7, 0xc0, 0x2a, 0xee, 0xf4, 0x7f,
+ 0x14, 0x95, 0xe9, 0x9a, 0x6c, 0xbf, 0x47, 0xe3, 0x55, 0x37, 0xea, 0x3c, 0xba, 0xd6, 0x39, 0x95,
+ 0xfc, 0x6a, 0x29, 0x31, 0x30, 0x4a, 0x21, 0x64, 0xfc, 0x72, 0x12, 0x18, 0x43, 0xc8, 0x55, 0x62,
+ 0x1f, 0x56, 0xc3, 0x83, 0xe7, 0xc4, 0xe2, 0xaa, 0x09, 0xdd, 0x48, 0x13, 0xde, 0xfb, 0xc0, 0xee,
+ 0x18, 0xc2, 0x4d, 0xed, 0xc7, 0x20, 0xd6, 0x8f, 0x3f, 0xfa, 0xd0, 0x88, 0x91, 0x68, 0xa3, 0xdb,
+ 0xf2, 0xe7, 0xe0, 0xd2, 0x78, 0x8c, 0x3f, 0x41, 0x83, 0x1a, 0x2f, 0x27, 0x41, 0x6e, 0x34, 0x7b,
+ 0xf8, 0x3c, 0xf2, 0x0d, 0xee, 0x7e, 0x94, 0x8a, 0x7c, 0x99, 0xea, 0xff, 0x27, 0x2d, 0xa9, 0x15,
+ 0x3f, 0x43, 0xf1, 0xe1, 0x06, 0x98, 0x0a, 0x19, 0x09, 0x64, 0xae, 0xd9, 0x7e, 0x3d, 0xf6, 0x19,
+ 0x09, 0x90, 0xd4, 0x40, 0x03, 0xcc, 0xd4, 0xc5, 0xd9, 0xc2, 0xf4, 0x8c, 0xdc, 0x32, 0x80, 0xe0,
+ 0x2f, 0x4f, 0x1b, 0x86, 0x94, 0xc6, 0xf8, 0xaf, 0x06, 0x2e, 0x8e, 0x53, 0x00, 0x58, 0x01, 0x59,
+ 0xb5, 0x1a, 0xcd, 0xe6, 0xa8, 0x14, 0x1e, 0x2a, 0xd7, 0x43, 0x12, 0x10, 0xd7, 0x22, 0xe6, 0x99,
+ 0x76, 0x2b, 0x9f, 0x2d, 0x75, 0x3d, 0x51, 0x1f, 0x44, 0x9c, 0xad, 0x01, 0xc1, 0xcc, 0x73, 0x55,
+ 0x0a, 0xfd, 0x03, 0x4b, 0x4a, 0x91, 0xd2, 0x46, 0x6a, 0x97, 0xf9, 0x38, 0x8d, 0xfb, 0x07, 0x0d,
+ 0x2c, 0xc9, 0x23, 0x50, 0x10, 0xb3, 0xb0, 0x38, 0xa8, 0xe1, 0x4f, 0xc1, 0x9c, 0x18, 0x5c, 0x6a,
+ 0x98, 0x63, 0x95, 0xdf, 0xb7, 0x07, 0xc2, 0xf4, 0xe6, 0x88, 0x82, 0x7f, 0x5c, 0x17, 0x02, 0x56,
+ 0x10, 0xd6, 0xfd, 0x8c, 0xef, 0x13, 0x8e, 0x4d, 0xa8, 0x62, 0x82, 0xbe, 0x0c, 0xf5, 0x50, 0xe1,
+ 0x26, 0x98, 0x96, 0x67, 0xb0, 0xca, 0xf7, 0x8c, 0x32, 0x9e, 0x96, 0x4c, 0x50, 0x47, 0x07, 0x2f,
+ 0x80, 0x29, 0x49, 0x41, 0x64, 0xba, 0x60, 0xce, 0x89, 0x4f, 0x5a, 0xc6, 0x1c, 0x23, 0x29, 0x35,
+ 0xfe, 0xae, 0x81, 0x95, 0x18, 0xf1, 0x7b, 0x94, 0x71, 0xf8, 0x6c, 0x88, 0x7c, 0x61, 0x3c, 0xf2,
+ 0xc2, 0x5b, 0x52, 0xef, 0x95, 0xab, 0x2b, 0x19, 0x20, 0xfe, 0x14, 0x4c, 0x53, 0x4e, 0x9c, 0xee,
+ 0x20, 0xf2, 0xdd, 0xf1, 0xd6, 0x55, 0x8c, 0x67, 0x3f, 0xdf, 0x3d, 0x81, 0x85, 0x3a, 0x90, 0xc6,
+ 0x3f, 0x34, 0xa0, 0xa3, 0xd0, 0x2d, 0x31, 0xd1, 0xb8, 0xf1, 0xd9, 0xe9, 0xfb, 0x91, 0xd9, 0xe9,
+ 0xeb, 0xb1, 0xd9, 0xe9, 0xdc, 0x90, 0xdf, 0xc0, 0xf4, 0xf4, 0x15, 0x90, 0x09, 0x69, 0x4d, 0x0d,
+ 0x2f, 0xb3, 0x62, 0x70, 0xd9, 0xdf, 0x2b, 0x23, 0x21, 0x83, 0xdb, 0x60, 0x3e, 0xa4, 0x35, 0x49,
+ 0xef, 0x3e, 0x75, 0x65, 0xa5, 0x33, 0xe6, 0x52, 0xbb, 0x95, 0x9f, 0xdf, 0x57, 0x93, 0x91, 0x18,
+ 0x81, 0x06, 0x6d, 0x22, 0x2e, 0xf8, 0x44, 0x9f, 0x4a, 0x70, 0xc1, 0x27, 0x68, 0xd0, 0xc6, 0xf8,
+ 0x8b, 0x06, 0xd6, 0xab, 0xb7, 0xef, 0x51, 0x37, 0x3c, 0xd9, 0xf1, 0x5c, 0x4e, 0x4e, 0x78, 0x3c,
+ 0xbb, 0x5b, 0x91, 0xec, 0xbe, 0x11, 0xcb, 0x6e, 0x2d, 0xd9, 0x79, 0x20, 0xc5, 0x9f, 0x80, 0x45,
+ 0x46, 0xa4, 0x8d, 0x42, 0x54, 0xfb, 0x9e, 0x91, 0xb4, 0x3c, 0x14, 0x9a, 0xb2, 0x34, 0x61, 0xbb,
+ 0x95, 0x5f, 0x8c, 0xca, 0x50, 0x0c, 0xcd, 0xf8, 0xd5, 0x32, 0x58, 0xeb, 0x6e, 0x0c, 0x8a, 0xc5,
+ 0x8e, 0xe7, 0x32, 0x1e, 0x60, 0x31, 0x42, 0x7f, 0x86, 0x05, 0xb3, 0x05, 0xe6, 0xfc, 0x80, 0x7a,
+ 0x22, 0xbe, 0x4c, 0x6d, 0xda, 0x5c, 0x10, 0x1d, 0x5a, 0x51, 0x32, 0xd4, 0xd3, 0xc2, 0x67, 0x40,
+ 0x97, 0x1b, 0x4b, 0x25, 0xa0, 0x0d, 0x6a, 0x93, 0x3a, 0xa9, 0x09, 0xc2, 0x58, 0x10, 0x90, 0xdf,
+ 0x77, 0xce, 0xdc, 0x50, 0x91, 0xf4, 0x52, 0x8a, 0x1d, 0x4a, 0x45, 0x80, 0x0c, 0xac, 0xd6, 0xc8,
+ 0x21, 0x0e, 0x6d, 0x5e, 0xaa, 0xd5, 0x76, 0xb0, 0x8f, 0x0f, 0xa8, 0x4d, 0x39, 0x25, 0x4c, 0x9f,
+ 0x92, 0x1b, 0xeb, 0x0d, 0x31, 0xc3, 0x94, 0x13, 0x2d, 0xde, 0xb5, 0xf2, 0xeb, 0xc3, 0x17, 0xaa,
+ 0x42, 0xcf, 0xa4, 0x89, 0x52, 0xa0, 0x61, 0x13, 0xe8, 0x01, 0xf9, 0x59, 0x48, 0x03, 0x52, 0x2b,
+ 0x07, 0x9e, 0x1f, 0x09, 0x3b, 0x2d, 0xc3, 0xde, 0x14, 0xe9, 0xa0, 0x14, 0x9b, 0xd3, 0x03, 0xa7,
+ 0xc2, 0xc3, 0xe7, 0x60, 0x45, 0x6d, 0xd3, 0x91, 0xa8, 0x33, 0x32, 0xea, 0x75, 0x31, 0x78, 0x96,
+ 0x86, 0xd5, 0xa7, 0x07, 0x4c, 0x02, 0xed, 0x7d, 0xb9, 0xbb, 0x1e, 0xe3, 0x65, 0x1a, 0x74, 0xee,
+ 0x5d, 0x15, 0x3b, 0xac, 0x53, 0x57, 0x9f, 0x4d, 0xf8, 0x72, 0x09, 0x76, 0x28, 0x15, 0x01, 0x16,
+ 0xc1, 0x6c, 0x43, 0xbe, 0x33, 0x7d, 0x4e, 0xb2, 0x3f, 0xd7, 0x6e, 0xe5, 0x67, 0x3b, 0x26, 0x82,
+ 0xf1, 0xcc, 0x6e, 0x55, 0x2e, 0xa8, 0xae, 0x15, 0x2c, 0x83, 0xe5, 0x1e, 0xd8, 0x03, 0xc2, 0x5f,
+ 0x78, 0xc1, 0xb1, 0x9e, 0x95, 0x34, 0x74, 0x45, 0x63, 0xb9, 0x14, 0xd3, 0xa3, 0x21, 0x0f, 0x78,
+ 0x0b, 0x2c, 0xf6, 0x64, 0x15, 0x2f, 0xe0, 0x4c, 0x07, 0x12, 0x63, 0x55, 0x61, 0x2c, 0x96, 0x22,
+ 0x5a, 0x14, 0xb3, 0x86, 0xd7, 0xc1, 0x42, 0x5f, 0xb2, 0x57, 0xd6, 0xe7, 0xa5, 0xf7, 0x17, 0xca,
+ 0x7b, 0xa1, 0x34, 0xa0, 0x43, 0x11, 0xcb, 0x88, 0xe7, 0x5e, 0x65, 0x47, 0x5f, 0x48, 0xf1, 0xdc,
+ 0xab, 0xec, 0xa0, 0x88, 0x25, 0xfc, 0x85, 0xd6, 0xdb, 0x4e, 0xd4, 0x62, 0xd7, 0xcf, 0xbc, 0xcf,
+ 0xb5, 0x6a, 0xe4, 0x5e, 0xd7, 0xcf, 0x3c, 0x6a, 0x86, 0x62, 0x21, 0xa1, 0x07, 0xb2, 0x41, 0x77,
+ 0x57, 0xd7, 0x17, 0x65, 0xfc, 0x5b, 0x63, 0x1e, 0x37, 0x29, 0x87, 0x88, 0x79, 0x56, 0x85, 0xce,
+ 0xf6, 0x2c, 0x50, 0x3f, 0x06, 0xfc, 0x8d, 0x06, 0x20, 0x0b, 0x7d, 0xdf, 0x26, 0x0e, 0x71, 0x39,
+ 0xb6, 0x3b, 0xf3, 0x91, 0xbe, 0x24, 0x43, 0xdf, 0x19, 0x33, 0xf5, 0x21, 0xff, 0x38, 0x87, 0x35,
+ 0xc5, 0x01, 0x0e, 0x9b, 0xa2, 0x84, 0xf0, 0xb0, 0x0e, 0x66, 0x0f, 0x99, 0x7c, 0xd6, 0x97, 0x25,
+ 0x93, 0x1f, 0x8c, 0xc7, 0x24, 0xf9, 0x1f, 0x84, 0xb9, 0xa4, 0xc2, 0xcf, 0x2a, 0x3d, 0xea, 0xa2,
+ 0xc3, 0x27, 0x60, 0x35, 0x20, 0xb8, 0xf6, 0xd0, 0xb5, 0x9b, 0xc8, 0xf3, 0xf8, 0x2e, 0xb5, 0x09,
+ 0x6b, 0x32, 0x4e, 0x1c, 0xfd, 0xac, 0xec, 0x9c, 0xde, 0x15, 0x0d, 0x25, 0x5a, 0xa1, 0x14, 0x6f,
+ 0x98, 0x07, 0xd3, 0x62, 0x06, 0x65, 0x3a, 0x94, 0xcb, 0x2e, 0x2b, 0xce, 0x7d, 0x51, 0x6f, 0x86,
+ 0x3a, 0xf2, 0x81, 0xe1, 0x74, 0x25, 0x6d, 0x38, 0x85, 0x37, 0xc1, 0x12, 0x23, 0x96, 0xe5, 0x39,
+ 0x7e, 0x25, 0xf0, 0x0e, 0x05, 0xb8, 0xfe, 0x85, 0x34, 0x5e, 0x69, 0xb7, 0xf2, 0x4b, 0xd5, 0xa8,
+ 0x0a, 0xc5, 0x6d, 0x45, 0x47, 0x43, 0x1c, 0xff, 0xa5, 0xc3, 0xf4, 0x73, 0x72, 0x88, 0xb9, 0x36,
+ 0x5e, 0x41, 0x87, 0x7e, 0x09, 0xf5, 0x3f, 0xe5, 0x90, 0x8a, 0xa1, 0x84, 0x70, 0xd0, 0x01, 0xf9,
+ 0xee, 0x0e, 0x1f, 0x39, 0x5f, 0x6e, 0x33, 0x0b, 0xdb, 0x72, 0x32, 0xd2, 0x57, 0x65, 0xa9, 0x37,
+ 0xdb, 0xad, 0x7c, 0xbe, 0x3c, 0xda, 0x14, 0x9d, 0x86, 0x05, 0x7f, 0x1c, 0x3f, 0x09, 0x07, 0xe2,
+ 0x9c, 0x97, 0x71, 0x2e, 0x0c, 0x9f, 0x82, 0x03, 0x01, 0x52, 0xbd, 0x8d, 0x7f, 0x6b, 0x20, 0x97,
+ 0x3e, 0x0e, 0x7c, 0x86, 0x31, 0x94, 0x44, 0xc7, 0xd0, 0x1f, 0x8e, 0xfb, 0x43, 0x22, 0x8d, 0x72,
+ 0xca, 0x44, 0xfa, 0xdb, 0x49, 0xf0, 0xcd, 0xf7, 0xf8, 0x8b, 0x01, 0xff, 0xa6, 0x81, 0x8b, 0xfe,
+ 0x18, 0x57, 0x28, 0x55, 0x91, 0x8f, 0x79, 0x2b, 0xfd, 0x96, 0x4a, 0x60, 0xac, 0x2b, 0x1c, 0x1a,
+ 0x8b, 0xa5, 0xb8, 0x57, 0xba, 0xd8, 0x21, 0xf1, 0x7b, 0xe5, 0x03, 0xec, 0x10, 0x24, 0x35, 0xc6,
+ 0x9f, 0x35, 0xf0, 0xb5, 0x53, 0xb7, 0x3c, 0x68, 0x46, 0xa6, 0xdb, 0x42, 0x6c, 0xba, 0xcd, 0xa5,
+ 0x03, 0x7c, 0xf2, 0x5f, 0xa0, 0xe6, 0xd6, 0xab, 0xb7, 0xb9, 0x89, 0xd7, 0x6f, 0x73, 0x13, 0x6f,
+ 0xde, 0xe6, 0x26, 0x5e, 0xb6, 0x73, 0xda, 0xab, 0x76, 0x4e, 0x7b, 0xdd, 0xce, 0x69, 0x6f, 0xda,
+ 0x39, 0xed, 0x9f, 0xed, 0x9c, 0xf6, 0xeb, 0x7f, 0xe5, 0x26, 0x9e, 0x4e, 0x36, 0xb6, 0xff, 0x17,
+ 0x00, 0x00, 0xff, 0xff, 0x73, 0x3b, 0x40, 0x35, 0x98, 0x17, 0x00, 0x00,
}
diff --git a/vendor/github.com/openshift/api/security/v1/generated.proto b/vendor/github.com/openshift/api/security/v1/generated.proto
index f539332db854..ee508a8851c5 100644
--- a/vendor/github.com/openshift/api/security/v1/generated.proto
+++ b/vendor/github.com/openshift/api/security/v1/generated.proto
@@ -238,6 +238,16 @@ message SecurityContextConstraints {
// AllowHostIPC determines if the policy allows host ipc in the containers.
optional bool allowHostIPC = 12;
+ // DefaultAllowPrivilegeEscalation controls the default setting for whether a
+ // process can gain more privileges than its parent process.
+ // +optional
+ optional bool defaultAllowPrivilegeEscalation = 22;
+
+ // AllowPrivilegeEscalation determines if a pod can request to allow
+ // privilege escalation. If unspecified, defaults to true.
+ // +optional
+ optional bool allowPrivilegeEscalation = 23;
+
// SELinuxContext is the strategy that will dictate what labels will be set in the SecurityContext.
optional SELinuxContextStrategyOptions seLinuxContext = 13;
diff --git a/vendor/github.com/openshift/api/security/v1/types.go b/vendor/github.com/openshift/api/security/v1/types.go
index b1dc48940f88..c5cde5842955 100644
--- a/vendor/github.com/openshift/api/security/v1/types.go
+++ b/vendor/github.com/openshift/api/security/v1/types.go
@@ -68,6 +68,14 @@ type SecurityContextConstraints struct {
AllowHostPID bool `json:"allowHostPID" protobuf:"varint,11,opt,name=allowHostPID"`
// AllowHostIPC determines if the policy allows host ipc in the containers.
AllowHostIPC bool `json:"allowHostIPC" protobuf:"varint,12,opt,name=allowHostIPC"`
+ // DefaultAllowPrivilegeEscalation controls the default setting for whether a
+ // process can gain more privileges than its parent process.
+ // +optional
+ DefaultAllowPrivilegeEscalation *bool `json:"defaultAllowPrivilegeEscalation,omitempty" protobuf:"varint,22,rep,name=defaultAllowPrivilegeEscalation"`
+ // AllowPrivilegeEscalation determines if a pod can request to allow
+ // privilege escalation. If unspecified, defaults to true.
+ // +optional
+ AllowPrivilegeEscalation *bool `json:"allowPrivilegeEscalation,omitempty" protobuf:"varint,23,rep,name=allowPrivilegeEscalation"`
// SELinuxContext is the strategy that will dictate what labels will be set in the SecurityContext.
SELinuxContext SELinuxContextStrategyOptions `json:"seLinuxContext,omitempty" protobuf:"bytes,13,opt,name=seLinuxContext"`
// RunAsUser is the strategy that will dictate what RunAsUser is used in the SecurityContext.
diff --git a/vendor/github.com/openshift/api/security/v1/types_swagger_doc_generated.go b/vendor/github.com/openshift/api/security/v1/types_swagger_doc_generated.go
index 9fbd8e847628..9a84ba4a6068 100644
--- a/vendor/github.com/openshift/api/security/v1/types_swagger_doc_generated.go
+++ b/vendor/github.com/openshift/api/security/v1/types_swagger_doc_generated.go
@@ -164,28 +164,30 @@ func (SELinuxContextStrategyOptions) SwaggerDoc() map[string]string {
}
var map_SecurityContextConstraints = map[string]string{
- "": "SecurityContextConstraints governs the ability to make requests that affect the SecurityContext that will be applied to a container. For historical reasons SCC was exposed under the core Kubernetes API group. That exposure is deprecated and will be removed in a future release - users should instead use the security.openshift.io group to manage SecurityContextConstraints.",
- "metadata": "Standard object's metadata. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata",
- "priority": "Priority influences the sort order of SCCs when evaluating which SCCs to try first for a given pod request based on access in the Users and Groups fields. The higher the int, the higher priority. An unset value is considered a 0 priority. If scores for multiple SCCs are equal they will be sorted from most restrictive to least restrictive. If both priorities and restrictions are equal the SCCs will be sorted by name.",
- "allowPrivilegedContainer": "AllowPrivilegedContainer determines if a container can request to be run as privileged.",
- "defaultAddCapabilities": "DefaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capabiility in both DefaultAddCapabilities and RequiredDropCapabilities.",
- "requiredDropCapabilities": "RequiredDropCapabilities are the capabilities that will be dropped from the container. These are required to be dropped and cannot be added.",
- "allowedCapabilities": "AllowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field maybe added at the pod author's discretion. You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities. To allow all capabilities you may use '*'.",
- "allowHostDirVolumePlugin": "AllowHostDirVolumePlugin determines if the policy allow containers to use the HostDir volume plugin",
- "volumes": "Volumes is a white list of allowed volume plugins. FSType corresponds directly with the field names of a VolumeSource (azureFile, configMap, emptyDir). To allow all volumes you may use \"*\". To allow no volumes, set to [\"none\"].",
- "allowedFlexVolumes": "AllowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil indicates that all Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes is allowed in the \"Volumes\" field.",
- "allowHostNetwork": "AllowHostNetwork determines if the policy allows the use of HostNetwork in the pod spec.",
- "allowHostPorts": "AllowHostPorts determines if the policy allows host ports in the containers.",
- "allowHostPID": "AllowHostPID determines if the policy allows host pid in the containers.",
- "allowHostIPC": "AllowHostIPC determines if the policy allows host ipc in the containers.",
- "seLinuxContext": "SELinuxContext is the strategy that will dictate what labels will be set in the SecurityContext.",
- "runAsUser": "RunAsUser is the strategy that will dictate what RunAsUser is used in the SecurityContext.",
- "supplementalGroups": "SupplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.",
- "fsGroup": "FSGroup is the strategy that will dictate what fs group is used by the SecurityContext.",
- "readOnlyRootFilesystem": "ReadOnlyRootFilesystem when set to true will force containers to run with a read only root file system. If the container specifically requests to run with a non-read only root file system the SCC should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to.",
- "users": "The users who have permissions to use this security context constraints",
- "groups": "The groups that have permission to use this security context constraints",
- "seccompProfiles": "SeccompProfiles lists the allowed profiles that may be set for the pod or container's seccomp annotations. An unset (nil) or empty value means that no profiles may be specifid by the pod or container.\tThe wildcard '*' may be used to allow all profiles. When used to generate a value for a pod the first non-wildcard profile will be used as the default.",
+ "": "SecurityContextConstraints governs the ability to make requests that affect the SecurityContext that will be applied to a container. For historical reasons SCC was exposed under the core Kubernetes API group. That exposure is deprecated and will be removed in a future release - users should instead use the security.openshift.io group to manage SecurityContextConstraints.",
+ "metadata": "Standard object's metadata. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata",
+ "priority": "Priority influences the sort order of SCCs when evaluating which SCCs to try first for a given pod request based on access in the Users and Groups fields. The higher the int, the higher priority. An unset value is considered a 0 priority. If scores for multiple SCCs are equal they will be sorted from most restrictive to least restrictive. If both priorities and restrictions are equal the SCCs will be sorted by name.",
+ "allowPrivilegedContainer": "AllowPrivilegedContainer determines if a container can request to be run as privileged.",
+ "defaultAddCapabilities": "DefaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capabiility in both DefaultAddCapabilities and RequiredDropCapabilities.",
+ "requiredDropCapabilities": "RequiredDropCapabilities are the capabilities that will be dropped from the container. These are required to be dropped and cannot be added.",
+ "allowedCapabilities": "AllowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field maybe added at the pod author's discretion. You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities. To allow all capabilities you may use '*'.",
+ "allowHostDirVolumePlugin": "AllowHostDirVolumePlugin determines if the policy allow containers to use the HostDir volume plugin",
+ "volumes": "Volumes is a white list of allowed volume plugins. FSType corresponds directly with the field names of a VolumeSource (azureFile, configMap, emptyDir). To allow all volumes you may use \"*\". To allow no volumes, set to [\"none\"].",
+ "allowedFlexVolumes": "AllowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil indicates that all Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes is allowed in the \"Volumes\" field.",
+ "allowHostNetwork": "AllowHostNetwork determines if the policy allows the use of HostNetwork in the pod spec.",
+ "allowHostPorts": "AllowHostPorts determines if the policy allows host ports in the containers.",
+ "allowHostPID": "AllowHostPID determines if the policy allows host pid in the containers.",
+ "allowHostIPC": "AllowHostIPC determines if the policy allows host ipc in the containers.",
+ "defaultAllowPrivilegeEscalation": "DefaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process.",
+ "allowPrivilegeEscalation": "AllowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true.",
+ "seLinuxContext": "SELinuxContext is the strategy that will dictate what labels will be set in the SecurityContext.",
+ "runAsUser": "RunAsUser is the strategy that will dictate what RunAsUser is used in the SecurityContext.",
+ "supplementalGroups": "SupplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.",
+ "fsGroup": "FSGroup is the strategy that will dictate what fs group is used by the SecurityContext.",
+ "readOnlyRootFilesystem": "ReadOnlyRootFilesystem when set to true will force containers to run with a read only root file system. If the container specifically requests to run with a non-read only root file system the SCC should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to.",
+ "users": "The users who have permissions to use this security context constraints",
+ "groups": "The groups that have permission to use this security context constraints",
+ "seccompProfiles": "SeccompProfiles lists the allowed profiles that may be set for the pod or container's seccomp annotations. An unset (nil) or empty value means that no profiles may be specifid by the pod or container.\tThe wildcard '*' may be used to allow all profiles. When used to generate a value for a pod the first non-wildcard profile will be used as the default.",
}
func (SecurityContextConstraints) SwaggerDoc() map[string]string {
diff --git a/vendor/github.com/openshift/api/security/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/security/v1/zz_generated.deepcopy.go
index f0f9e4bdf68b..6c76c28414d4 100644
--- a/vendor/github.com/openshift/api/security/v1/zz_generated.deepcopy.go
+++ b/vendor/github.com/openshift/api/security/v1/zz_generated.deepcopy.go
@@ -424,6 +424,24 @@ func (in *SecurityContextConstraints) DeepCopyInto(out *SecurityContextConstrain
*out = make([]AllowedFlexVolume, len(*in))
copy(*out, *in)
}
+ if in.DefaultAllowPrivilegeEscalation != nil {
+ in, out := &in.DefaultAllowPrivilegeEscalation, &out.DefaultAllowPrivilegeEscalation
+ if *in == nil {
+ *out = nil
+ } else {
+ *out = new(bool)
+ **out = **in
+ }
+ }
+ if in.AllowPrivilegeEscalation != nil {
+ in, out := &in.AllowPrivilegeEscalation, &out.AllowPrivilegeEscalation
+ if *in == nil {
+ *out = nil
+ } else {
+ *out = new(bool)
+ **out = **in
+ }
+ }
in.SELinuxContext.DeepCopyInto(&out.SELinuxContext)
in.RunAsUser.DeepCopyInto(&out.RunAsUser)
in.SupplementalGroups.DeepCopyInto(&out.SupplementalGroups)