v1.NodeSelectorTerm
@@ -8195,6 +8236,13 @@ If PodSelector is also set, then the NetworkPolicyPeer as a whole selects the Po
|
+runAsGroup |
+RunAsGroup is the strategy that will dictate the allowable RunAsGroup values that may be set. If this field is omitted, the pod’s RunAsGroup can take any value. This field requires the RunAsGroup feature gate to be enabled. |
+false |
+v1beta1.RunAsGroupStrategyOptions |
+ |
+
+
supplementalGroups |
supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext. |
true |
diff --git a/docs/api-reference/policy/v1beta1/definitions.html b/docs/api-reference/policy/v1beta1/definitions.html
index 7a5b56be2d..639b5d79d2 100755
--- a/docs/api-reference/policy/v1beta1/definitions.html
+++ b/docs/api-reference/policy/v1beta1/definitions.html
@@ -547,6 +547,47 @@ Examples: /foo would allow /foo, /foo/ an
+
+
+
v1beta1.RunAsGroupStrategyOptions
+
+
RunAsGroupStrategyOptions defines the strategy type and any options used to create the strategy.
+
+
+
+
+
+
+
+
+
+
+
+| Name |
+Description |
+Required |
+Schema |
+Default |
+
+
+
+
+rule |
+rule is the strategy that will dictate the allowable RunAsGroup values that may be set. |
+true |
+string |
+ |
+
+
+ranges |
+ranges are the allowed ranges of gids that may be used. If you would like to force a single gid then supply a single range with the same start and end. Required for MustRunAs. |
+false |
+v1beta1.IDRange array |
+ |
+
+
+
+
@@ -1442,6 +1483,13 @@ Examples: /foo would allow /foo, /foo/ an
|
+runAsGroup |
+RunAsGroup is the strategy that will dictate the allowable RunAsGroup values that may be set. If this field is omitted, the pod’s RunAsGroup can take any value. This field requires the RunAsGroup feature gate to be enabled. |
+false |
+v1beta1.RunAsGroupStrategyOptions |
+ |
+
+
supplementalGroups |
supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext. |
true |
diff --git a/pkg/api/podsecuritypolicy/util.go b/pkg/api/podsecuritypolicy/util.go
index 28a6d7f7d4..8c1f351181 100644
--- a/pkg/api/podsecuritypolicy/util.go
+++ b/pkg/api/podsecuritypolicy/util.go
@@ -28,4 +28,7 @@ func DropDisabledAlphaFields(pspSpec *policy.PodSecurityPolicySpec) {
if !utilfeature.DefaultFeatureGate.Enabled(features.ProcMountType) {
pspSpec.AllowedProcMountTypes = nil
}
+ if !utilfeature.DefaultFeatureGate.Enabled(features.RunAsGroup) {
+ pspSpec.RunAsGroup = nil
+ }
}
diff --git a/pkg/apis/extensions/v1beta1/zz_generated.conversion.go b/pkg/apis/extensions/v1beta1/zz_generated.conversion.go
index 1b35486b82..3e6764af44 100644
--- a/pkg/apis/extensions/v1beta1/zz_generated.conversion.go
+++ b/pkg/apis/extensions/v1beta1/zz_generated.conversion.go
@@ -483,6 +483,16 @@ func RegisterConversions(s *runtime.Scheme) error {
}); err != nil {
return err
}
+ if err := s.AddGeneratedConversionFunc((*v1beta1.RunAsGroupStrategyOptions)(nil), (*policy.RunAsGroupStrategyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error {
+ return Convert_v1beta1_RunAsGroupStrategyOptions_To_policy_RunAsGroupStrategyOptions(a.(*v1beta1.RunAsGroupStrategyOptions), b.(*policy.RunAsGroupStrategyOptions), scope)
+ }); err != nil {
+ return err
+ }
+ if err := s.AddGeneratedConversionFunc((*policy.RunAsGroupStrategyOptions)(nil), (*v1beta1.RunAsGroupStrategyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error {
+ return Convert_policy_RunAsGroupStrategyOptions_To_v1beta1_RunAsGroupStrategyOptions(a.(*policy.RunAsGroupStrategyOptions), b.(*v1beta1.RunAsGroupStrategyOptions), scope)
+ }); err != nil {
+ return err
+ }
if err := s.AddGeneratedConversionFunc((*v1beta1.RunAsUserStrategyOptions)(nil), (*policy.RunAsUserStrategyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1beta1_RunAsUserStrategyOptions_To_policy_RunAsUserStrategyOptions(a.(*v1beta1.RunAsUserStrategyOptions), b.(*policy.RunAsUserStrategyOptions), scope)
}); err != nil {
@@ -1650,6 +1660,7 @@ func autoConvert_v1beta1_PodSecurityPolicySpec_To_policy_PodSecurityPolicySpec(i
if err := Convert_v1beta1_RunAsUserStrategyOptions_To_policy_RunAsUserStrategyOptions(&in.RunAsUser, &out.RunAsUser, s); err != nil {
return err
}
+ out.RunAsGroup = (*policy.RunAsGroupStrategyOptions)(unsafe.Pointer(in.RunAsGroup))
if err := Convert_v1beta1_SupplementalGroupsStrategyOptions_To_policy_SupplementalGroupsStrategyOptions(&in.SupplementalGroups, &out.SupplementalGroups, s); err != nil {
return err
}
@@ -1690,6 +1701,7 @@ func autoConvert_policy_PodSecurityPolicySpec_To_v1beta1_PodSecurityPolicySpec(i
if err := Convert_policy_RunAsUserStrategyOptions_To_v1beta1_RunAsUserStrategyOptions(&in.RunAsUser, &out.RunAsUser, s); err != nil {
return err
}
+ out.RunAsGroup = (*v1beta1.RunAsGroupStrategyOptions)(unsafe.Pointer(in.RunAsGroup))
if err := Convert_policy_SupplementalGroupsStrategyOptions_To_v1beta1_SupplementalGroupsStrategyOptions(&in.SupplementalGroups, &out.SupplementalGroups, s); err != nil {
return err
}
@@ -1930,6 +1942,28 @@ func autoConvert_extensions_RollingUpdateDeployment_To_v1beta1_RollingUpdateDepl
return nil
}
+func autoConvert_v1beta1_RunAsGroupStrategyOptions_To_policy_RunAsGroupStrategyOptions(in *v1beta1.RunAsGroupStrategyOptions, out *policy.RunAsGroupStrategyOptions, s conversion.Scope) error {
+ out.Rule = policy.RunAsGroupStrategy(in.Rule)
+ out.Ranges = *(*[]policy.IDRange)(unsafe.Pointer(&in.Ranges))
+ return nil
+}
+
+// Convert_v1beta1_RunAsGroupStrategyOptions_To_policy_RunAsGroupStrategyOptions is an autogenerated conversion function.
+func Convert_v1beta1_RunAsGroupStrategyOptions_To_policy_RunAsGroupStrategyOptions(in *v1beta1.RunAsGroupStrategyOptions, out *policy.RunAsGroupStrategyOptions, s conversion.Scope) error {
+ return autoConvert_v1beta1_RunAsGroupStrategyOptions_To_policy_RunAsGroupStrategyOptions(in, out, s)
+}
+
+func autoConvert_policy_RunAsGroupStrategyOptions_To_v1beta1_RunAsGroupStrategyOptions(in *policy.RunAsGroupStrategyOptions, out *v1beta1.RunAsGroupStrategyOptions, s conversion.Scope) error {
+ out.Rule = v1beta1.RunAsGroupStrategy(in.Rule)
+ out.Ranges = *(*[]v1beta1.IDRange)(unsafe.Pointer(&in.Ranges))
+ return nil
+}
+
+// Convert_policy_RunAsGroupStrategyOptions_To_v1beta1_RunAsGroupStrategyOptions is an autogenerated conversion function.
+func Convert_policy_RunAsGroupStrategyOptions_To_v1beta1_RunAsGroupStrategyOptions(in *policy.RunAsGroupStrategyOptions, out *v1beta1.RunAsGroupStrategyOptions, s conversion.Scope) error {
+ return autoConvert_policy_RunAsGroupStrategyOptions_To_v1beta1_RunAsGroupStrategyOptions(in, out, s)
+}
+
func autoConvert_v1beta1_RunAsUserStrategyOptions_To_policy_RunAsUserStrategyOptions(in *v1beta1.RunAsUserStrategyOptions, out *policy.RunAsUserStrategyOptions, s conversion.Scope) error {
out.Rule = policy.RunAsUserStrategy(in.Rule)
out.Ranges = *(*[]policy.IDRange)(unsafe.Pointer(&in.Ranges))
diff --git a/pkg/apis/policy/fuzzer/fuzzer.go b/pkg/apis/policy/fuzzer/fuzzer.go
index 1e01120005..87e2306b8a 100644
--- a/pkg/apis/policy/fuzzer/fuzzer.go
+++ b/pkg/apis/policy/fuzzer/fuzzer.go
@@ -40,6 +40,13 @@ var Funcs = func(codecs runtimeserializer.CodecFactory) []interface{} {
}
psp.RunAsUser.Rule = runAsUserRules[c.Rand.Intn(len(runAsUserRules))]
+ runAsGroupRules := []policy.RunAsGroupStrategy{
+ policy.RunAsGroupStrategyMustRunAs,
+ policy.RunAsGroupStrategyRunAsAny,
+ policy.RunAsGroupStrategyMayRunAs,
+ }
+ psp.RunAsGroup = &policy.RunAsGroupStrategyOptions{}
+ psp.RunAsGroup.Rule = runAsGroupRules[c.Rand.Intn(len(runAsGroupRules))]
seLinuxRules := []policy.SELinuxStrategy{
policy.SELinuxStrategyMustRunAs,
policy.SELinuxStrategyRunAsAny,
diff --git a/pkg/apis/policy/types.go b/pkg/apis/policy/types.go
index d570059609..a94711bdb3 100644
--- a/pkg/apis/policy/types.go
+++ b/pkg/apis/policy/types.go
@@ -182,6 +182,10 @@ type PodSecurityPolicySpec struct {
SELinux SELinuxStrategyOptions
// RunAsUser is the strategy that will dictate the allowable RunAsUser values that may be set.
RunAsUser RunAsUserStrategyOptions
+ // RunAsGroup is the strategy that will dictate the allowable RunAsGroup values that may be set.
+ // If this field is omitted, the pod's RunAsGroup can take any value. This field requires the
+ // RunAsGroup feature gate to be enabled.
+ RunAsGroup *RunAsGroupStrategyOptions
// SupplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.
SupplementalGroups SupplementalGroupsStrategyOptions
// FSGroup is the strategy that will dictate what fs group is used by the SecurityContext.
@@ -335,6 +339,16 @@ type RunAsUserStrategyOptions struct {
Ranges []IDRange
}
+// RunAsGroupStrategyOptions defines the strategy type and any options used to create the strategy.
+type RunAsGroupStrategyOptions struct {
+ // Rule is the strategy that will dictate the allowable RunAsGroup values that may be set.
+ Rule RunAsGroupStrategy
+ // Ranges are the allowed ranges of gids that may be used. If you would like to force a single gid
+ // then supply a single range with the same start and end. Required for MustRunAs.
+ // +optional
+ Ranges []IDRange
+}
+
// IDRange provides a min/max of an allowed range of IDs.
type IDRange struct {
// Min is the start of the range, inclusive.
@@ -356,6 +370,20 @@ const (
RunAsUserStrategyRunAsAny RunAsUserStrategy = "RunAsAny"
)
+// RunAsGroupStrategy denotes strategy types for generating RunAsGroup values for a
+// SecurityContext.
+type RunAsGroupStrategy string
+
+const (
+ // RunAsGroupStrategyMayRunAs means that container does not need to run with a particular gid.
+ // However, when RunAsGroup are specified, they have to fall in the defined range.
+ RunAsGroupStrategyMayRunAs RunAsGroupStrategy = "MayRunAs"
+ // RunAsGroupStrategyMustRunAs means that container must run as a particular gid.
+ RunAsGroupStrategyMustRunAs RunAsGroupStrategy = "MustRunAs"
+ // RunAsGroupStrategyRunAsAny means that container may make requests for any gid.
+ RunAsGroupStrategyRunAsAny RunAsGroupStrategy = "RunAsAny"
+)
+
// FSGroupStrategyOptions defines the strategy type and options used to create the strategy.
type FSGroupStrategyOptions struct {
// Rule is the strategy that will dictate what FSGroup is used in the SecurityContext.
diff --git a/pkg/apis/policy/v1beta1/zz_generated.conversion.go b/pkg/apis/policy/v1beta1/zz_generated.conversion.go
index 572cbfe1b0..356cb47f3a 100644
--- a/pkg/apis/policy/v1beta1/zz_generated.conversion.go
+++ b/pkg/apis/policy/v1beta1/zz_generated.conversion.go
@@ -170,6 +170,16 @@ func RegisterConversions(s *runtime.Scheme) error {
}); err != nil {
return err
}
+ if err := s.AddGeneratedConversionFunc((*v1beta1.RunAsGroupStrategyOptions)(nil), (*policy.RunAsGroupStrategyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error {
+ return Convert_v1beta1_RunAsGroupStrategyOptions_To_policy_RunAsGroupStrategyOptions(a.(*v1beta1.RunAsGroupStrategyOptions), b.(*policy.RunAsGroupStrategyOptions), scope)
+ }); err != nil {
+ return err
+ }
+ if err := s.AddGeneratedConversionFunc((*policy.RunAsGroupStrategyOptions)(nil), (*v1beta1.RunAsGroupStrategyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error {
+ return Convert_policy_RunAsGroupStrategyOptions_To_v1beta1_RunAsGroupStrategyOptions(a.(*policy.RunAsGroupStrategyOptions), b.(*v1beta1.RunAsGroupStrategyOptions), scope)
+ }); err != nil {
+ return err
+ }
if err := s.AddGeneratedConversionFunc((*v1beta1.RunAsUserStrategyOptions)(nil), (*policy.RunAsUserStrategyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1beta1_RunAsUserStrategyOptions_To_policy_RunAsUserStrategyOptions(a.(*v1beta1.RunAsUserStrategyOptions), b.(*policy.RunAsUserStrategyOptions), scope)
}); err != nil {
@@ -525,6 +535,7 @@ func autoConvert_v1beta1_PodSecurityPolicySpec_To_policy_PodSecurityPolicySpec(i
if err := Convert_v1beta1_RunAsUserStrategyOptions_To_policy_RunAsUserStrategyOptions(&in.RunAsUser, &out.RunAsUser, s); err != nil {
return err
}
+ out.RunAsGroup = (*policy.RunAsGroupStrategyOptions)(unsafe.Pointer(in.RunAsGroup))
if err := Convert_v1beta1_SupplementalGroupsStrategyOptions_To_policy_SupplementalGroupsStrategyOptions(&in.SupplementalGroups, &out.SupplementalGroups, s); err != nil {
return err
}
@@ -565,6 +576,7 @@ func autoConvert_policy_PodSecurityPolicySpec_To_v1beta1_PodSecurityPolicySpec(i
if err := Convert_policy_RunAsUserStrategyOptions_To_v1beta1_RunAsUserStrategyOptions(&in.RunAsUser, &out.RunAsUser, s); err != nil {
return err
}
+ out.RunAsGroup = (*v1beta1.RunAsGroupStrategyOptions)(unsafe.Pointer(in.RunAsGroup))
if err := Convert_policy_SupplementalGroupsStrategyOptions_To_v1beta1_SupplementalGroupsStrategyOptions(&in.SupplementalGroups, &out.SupplementalGroups, s); err != nil {
return err
}
@@ -589,6 +601,28 @@ func Convert_policy_PodSecurityPolicySpec_To_v1beta1_PodSecurityPolicySpec(in *p
return autoConvert_policy_PodSecurityPolicySpec_To_v1beta1_PodSecurityPolicySpec(in, out, s)
}
+func autoConvert_v1beta1_RunAsGroupStrategyOptions_To_policy_RunAsGroupStrategyOptions(in *v1beta1.RunAsGroupStrategyOptions, out *policy.RunAsGroupStrategyOptions, s conversion.Scope) error {
+ out.Rule = policy.RunAsGroupStrategy(in.Rule)
+ out.Ranges = *(*[]policy.IDRange)(unsafe.Pointer(&in.Ranges))
+ return nil
+}
+
+// Convert_v1beta1_RunAsGroupStrategyOptions_To_policy_RunAsGroupStrategyOptions is an autogenerated conversion function.
+func Convert_v1beta1_RunAsGroupStrategyOptions_To_policy_RunAsGroupStrategyOptions(in *v1beta1.RunAsGroupStrategyOptions, out *policy.RunAsGroupStrategyOptions, s conversion.Scope) error {
+ return autoConvert_v1beta1_RunAsGroupStrategyOptions_To_policy_RunAsGroupStrategyOptions(in, out, s)
+}
+
+func autoConvert_policy_RunAsGroupStrategyOptions_To_v1beta1_RunAsGroupStrategyOptions(in *policy.RunAsGroupStrategyOptions, out *v1beta1.RunAsGroupStrategyOptions, s conversion.Scope) error {
+ out.Rule = v1beta1.RunAsGroupStrategy(in.Rule)
+ out.Ranges = *(*[]v1beta1.IDRange)(unsafe.Pointer(&in.Ranges))
+ return nil
+}
+
+// Convert_policy_RunAsGroupStrategyOptions_To_v1beta1_RunAsGroupStrategyOptions is an autogenerated conversion function.
+func Convert_policy_RunAsGroupStrategyOptions_To_v1beta1_RunAsGroupStrategyOptions(in *policy.RunAsGroupStrategyOptions, out *v1beta1.RunAsGroupStrategyOptions, s conversion.Scope) error {
+ return autoConvert_policy_RunAsGroupStrategyOptions_To_v1beta1_RunAsGroupStrategyOptions(in, out, s)
+}
+
func autoConvert_v1beta1_RunAsUserStrategyOptions_To_policy_RunAsUserStrategyOptions(in *v1beta1.RunAsUserStrategyOptions, out *policy.RunAsUserStrategyOptions, s conversion.Scope) error {
out.Rule = policy.RunAsUserStrategy(in.Rule)
out.Ranges = *(*[]policy.IDRange)(unsafe.Pointer(&in.Ranges))
diff --git a/pkg/apis/policy/validation/validation.go b/pkg/apis/policy/validation/validation.go
index 424bebc003..9911b55516 100644
--- a/pkg/apis/policy/validation/validation.go
+++ b/pkg/apis/policy/validation/validation.go
@@ -109,6 +109,7 @@ func ValidatePodSecurityPolicySpec(spec *policy.PodSecurityPolicySpec, fldPath *
allErrs := field.ErrorList{}
allErrs = append(allErrs, validatePSPRunAsUser(fldPath.Child("runAsUser"), &spec.RunAsUser)...)
+ allErrs = append(allErrs, validatePSPRunAsGroup(fldPath.Child("runAsGroup"), spec.RunAsGroup)...)
allErrs = append(allErrs, validatePSPSELinux(fldPath.Child("seLinux"), &spec.SELinux)...)
allErrs = append(allErrs, validatePSPSupplementalGroup(fldPath.Child("supplementalGroups"), &spec.SupplementalGroups)...)
allErrs = append(allErrs, validatePSPFSGroup(fldPath.Child("fsGroup"), &spec.FSGroup)...)
@@ -233,6 +234,38 @@ func validatePSPRunAsUser(fldPath *field.Path, runAsUser *policy.RunAsUserStrate
return allErrs
}
+// validatePSPRunAsGroup validates the RunAsGroup fields of PodSecurityPolicy.
+func validatePSPRunAsGroup(fldPath *field.Path, runAsGroup *policy.RunAsGroupStrategyOptions) field.ErrorList {
+ var allErrs field.ErrorList
+
+ if runAsGroup == nil {
+ return allErrs
+ }
+
+ switch runAsGroup.Rule {
+ case policy.RunAsGroupStrategyRunAsAny:
+ if len(runAsGroup.Ranges) != 0 {
+ allErrs = append(allErrs, field.Invalid(fldPath.Child("ranges"), runAsGroup.Ranges, "Ranges must be empty"))
+ }
+ case policy.RunAsGroupStrategyMustRunAs, policy.RunAsGroupStrategyMayRunAs:
+ if len(runAsGroup.Ranges) == 0 {
+ allErrs = append(allErrs, field.Invalid(fldPath.Child("ranges"), runAsGroup.Ranges, "must provide at least one range"))
+ }
+ // validate range settings
+ for idx, rng := range runAsGroup.Ranges {
+ allErrs = append(allErrs, validateGroupIDRange(fldPath.Child("ranges").Index(idx), rng)...)
+ }
+ default:
+ supportedRunAsGroupRules := []string{
+ string(policy.RunAsGroupStrategyMustRunAs),
+ string(policy.RunAsGroupStrategyRunAsAny),
+ string(policy.RunAsGroupStrategyMayRunAs),
+ }
+ allErrs = append(allErrs, field.NotSupported(fldPath.Child("rule"), runAsGroup.Rule, supportedRunAsGroupRules))
+ }
+ return allErrs
+}
+
// validatePSPFSGroup validates the FSGroupStrategyOptions fields of the PodSecurityPolicy.
func validatePSPFSGroup(fldPath *field.Path, groupOptions *policy.FSGroupStrategyOptions) field.ErrorList {
allErrs := field.ErrorList{}
diff --git a/pkg/apis/policy/validation/validation_test.go b/pkg/apis/policy/validation/validation_test.go
index 37cf667071..fea5d01fad 100644
--- a/pkg/apis/policy/validation/validation_test.go
+++ b/pkg/apis/policy/validation/validation_test.go
@@ -242,6 +242,9 @@ func TestValidatePodSecurityPolicy(t *testing.T) {
RunAsUser: policy.RunAsUserStrategyOptions{
Rule: policy.RunAsUserStrategyRunAsAny,
},
+ RunAsGroup: &policy.RunAsGroupStrategyOptions{
+ Rule: policy.RunAsGroupStrategyRunAsAny,
+ },
FSGroup: policy.FSGroupStrategyOptions{
Rule: policy.FSGroupStrategyRunAsAny,
},
@@ -259,12 +262,18 @@ func TestValidatePodSecurityPolicy(t *testing.T) {
noUserOptions := validPSP()
noUserOptions.Spec.RunAsUser.Rule = ""
+ noGroupOptions := validPSP()
+ noGroupOptions.Spec.RunAsGroup.Rule = ""
+
noSELinuxOptions := validPSP()
noSELinuxOptions.Spec.SELinux.Rule = ""
invalidUserStratType := validPSP()
invalidUserStratType.Spec.RunAsUser.Rule = "invalid"
+ invalidGroupStratType := validPSP()
+ invalidGroupStratType.Spec.RunAsGroup.Rule = "invalid"
+
invalidSELinuxStratType := validPSP()
invalidSELinuxStratType.Spec.SELinux.Rule = "invalid"
@@ -272,6 +281,10 @@ func TestValidatePodSecurityPolicy(t *testing.T) {
invalidUIDPSP.Spec.RunAsUser.Rule = policy.RunAsUserStrategyMustRunAs
invalidUIDPSP.Spec.RunAsUser.Ranges = []policy.IDRange{{Min: -1, Max: 1}}
+ invalidGIDPSP := validPSP()
+ invalidGIDPSP.Spec.RunAsGroup.Rule = policy.RunAsGroupStrategyMustRunAs
+ invalidGIDPSP.Spec.RunAsGroup.Ranges = []policy.IDRange{{Min: -1, Max: 1}}
+
missingObjectMetaName := validPSP()
missingObjectMetaName.ObjectMeta.Name = ""
@@ -382,6 +395,11 @@ func TestValidatePodSecurityPolicy(t *testing.T) {
errorType: field.ErrorTypeNotSupported,
errorDetail: `supported values: "MustRunAs", "MustRunAsNonRoot", "RunAsAny"`,
},
+ "no group options": {
+ psp: noGroupOptions,
+ errorType: field.ErrorTypeNotSupported,
+ errorDetail: `supported values: "MustRunAs", "RunAsAny", "MayRunAs"`,
+ },
"no selinux options": {
psp: noSELinuxOptions,
errorType: field.ErrorTypeNotSupported,
@@ -402,6 +420,11 @@ func TestValidatePodSecurityPolicy(t *testing.T) {
errorType: field.ErrorTypeNotSupported,
errorDetail: `supported values: "MustRunAs", "MustRunAsNonRoot", "RunAsAny"`,
},
+ "invalid group strategy type": {
+ psp: invalidGroupStratType,
+ errorType: field.ErrorTypeNotSupported,
+ errorDetail: `supported values: "MustRunAs", "RunAsAny", "MayRunAs"`,
+ },
"invalid selinux strategy type": {
psp: invalidSELinuxStratType,
errorType: field.ErrorTypeNotSupported,
@@ -422,6 +445,11 @@ func TestValidatePodSecurityPolicy(t *testing.T) {
errorType: field.ErrorTypeInvalid,
errorDetail: "min cannot be negative",
},
+ "invalid gid": {
+ psp: invalidGIDPSP,
+ errorType: field.ErrorTypeInvalid,
+ errorDetail: "min cannot be negative",
+ },
"missing object meta name": {
psp: missingObjectMetaName,
errorType: field.ErrorTypeRequired,
@@ -680,6 +708,9 @@ func TestValidatePSPVolumes(t *testing.T) {
RunAsUser: policy.RunAsUserStrategyOptions{
Rule: policy.RunAsUserStrategyRunAsAny,
},
+ RunAsGroup: &policy.RunAsGroupStrategyOptions{
+ Rule: policy.RunAsGroupStrategyRunAsAny,
+ },
FSGroup: policy.FSGroupStrategyOptions{
Rule: policy.FSGroupStrategyRunAsAny,
},
diff --git a/pkg/apis/policy/zz_generated.deepcopy.go b/pkg/apis/policy/zz_generated.deepcopy.go
index b0cfe75289..4b5eb45794 100644
--- a/pkg/apis/policy/zz_generated.deepcopy.go
+++ b/pkg/apis/policy/zz_generated.deepcopy.go
@@ -348,6 +348,11 @@ func (in *PodSecurityPolicySpec) DeepCopyInto(out *PodSecurityPolicySpec) {
}
in.SELinux.DeepCopyInto(&out.SELinux)
in.RunAsUser.DeepCopyInto(&out.RunAsUser)
+ if in.RunAsGroup != nil {
+ in, out := &in.RunAsGroup, &out.RunAsGroup
+ *out = new(RunAsGroupStrategyOptions)
+ (*in).DeepCopyInto(*out)
+ }
in.SupplementalGroups.DeepCopyInto(&out.SupplementalGroups)
in.FSGroup.DeepCopyInto(&out.FSGroup)
if in.DefaultAllowPrivilegeEscalation != nil {
@@ -393,6 +398,27 @@ func (in *PodSecurityPolicySpec) DeepCopy() *PodSecurityPolicySpec {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *RunAsGroupStrategyOptions) DeepCopyInto(out *RunAsGroupStrategyOptions) {
+ *out = *in
+ if in.Ranges != nil {
+ in, out := &in.Ranges, &out.Ranges
+ *out = make([]IDRange, len(*in))
+ copy(*out, *in)
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RunAsGroupStrategyOptions.
+func (in *RunAsGroupStrategyOptions) DeepCopy() *RunAsGroupStrategyOptions {
+ if in == nil {
+ return nil
+ }
+ out := new(RunAsGroupStrategyOptions)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *RunAsUserStrategyOptions) DeepCopyInto(out *RunAsUserStrategyOptions) {
*out = *in
diff --git a/pkg/customers.yaml b/pkg/customers.yaml
new file mode 100644
index 0000000000..98111a0c85
--- /dev/null
+++ b/pkg/customers.yaml
@@ -0,0 +1,16 @@
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+ annotations:
+ name: standard-rdi-hdd-pool
+parameters:
+ adminId: sam
+ adminSecretName: ceph-sec-admin-rdi
+ adminSecretNamespace: sam-system
+ monitors: 10.253.101.170:6789,10.253.101.154:6789,10.253.101.186:6789
+ pool: sam
+ userId: sam
+ userSecretName: ceph-sec-user-rdi
+provisioner: kubernetes.io/rbd
+reclaimPolicy: Retain
+volumeBindingMode: Immediate
diff --git a/pkg/registry/policy/podsecuritypolicy/storage/storage_test.go b/pkg/registry/policy/podsecuritypolicy/storage/storage_test.go
index 8cca24c743..19b62e1d70 100644
--- a/pkg/registry/policy/podsecuritypolicy/storage/storage_test.go
+++ b/pkg/registry/policy/podsecuritypolicy/storage/storage_test.go
@@ -55,6 +55,9 @@ func validNewPodSecurityPolicy() *policy.PodSecurityPolicy {
RunAsUser: policy.RunAsUserStrategyOptions{
Rule: policy.RunAsUserStrategyRunAsAny,
},
+ RunAsGroup: &policy.RunAsGroupStrategyOptions{
+ Rule: policy.RunAsGroupStrategyRunAsAny,
+ },
FSGroup: policy.FSGroupStrategyOptions{
Rule: policy.FSGroupStrategyRunAsAny,
},
diff --git a/pkg/security/podsecuritypolicy/BUILD b/pkg/security/podsecuritypolicy/BUILD
index 715f9bb694..38cbe10d41 100644
--- a/pkg/security/podsecuritypolicy/BUILD
+++ b/pkg/security/podsecuritypolicy/BUILD
@@ -18,6 +18,7 @@ go_library(
deps = [
"//pkg/apis/core:go_default_library",
"//pkg/apis/policy:go_default_library",
+ "//pkg/features:go_default_library",
"//pkg/security/podsecuritypolicy/apparmor:go_default_library",
"//pkg/security/podsecuritypolicy/capabilities:go_default_library",
"//pkg/security/podsecuritypolicy/group:go_default_library",
@@ -29,6 +30,7 @@ go_library(
"//pkg/securitycontext:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/util/errors:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/util/validation/field:go_default_library",
+ "//staging/src/k8s.io/apiserver/pkg/util/feature:go_default_library",
],
)
diff --git a/pkg/security/podsecuritypolicy/factory.go b/pkg/security/podsecuritypolicy/factory.go
index c429eaf6c8..cc447ded01 100644
--- a/pkg/security/podsecuritypolicy/factory.go
+++ b/pkg/security/podsecuritypolicy/factory.go
@@ -19,6 +19,9 @@ package podsecuritypolicy
import (
"fmt"
+ utilfeature "k8s.io/apiserver/pkg/util/feature"
+ "k8s.io/kubernetes/pkg/features"
+
"k8s.io/apimachinery/pkg/util/errors"
api "k8s.io/kubernetes/pkg/apis/core"
"k8s.io/kubernetes/pkg/apis/policy"
@@ -47,6 +50,14 @@ func (f *simpleStrategyFactory) CreateStrategies(psp *policy.PodSecurityPolicy,
errs = append(errs, err)
}
+ var groupStrat group.GroupStrategy
+ if utilfeature.DefaultFeatureGate.Enabled(features.RunAsGroup) {
+ groupStrat, err = createRunAsGroupStrategy(psp.Spec.RunAsGroup)
+ if err != nil {
+ errs = append(errs, err)
+ }
+ }
+
seLinuxStrat, err := createSELinuxStrategy(&psp.Spec.SELinux)
if err != nil {
errs = append(errs, err)
@@ -85,6 +96,7 @@ func (f *simpleStrategyFactory) CreateStrategies(psp *policy.PodSecurityPolicy,
strategies := &ProviderStrategies{
RunAsUserStrategy: userStrat,
+ RunAsGroupStrategy: groupStrat,
SELinuxStrategy: seLinuxStrat,
AppArmorStrategy: appArmorStrat,
FSGroupStrategy: fsGroupStrat,
@@ -111,6 +123,23 @@ func createUserStrategy(opts *policy.RunAsUserStrategyOptions) (user.RunAsUserSt
}
}
+// createRunAsGroupStrategy creates a new group strategy.
+func createRunAsGroupStrategy(opts *policy.RunAsGroupStrategyOptions) (group.GroupStrategy, error) {
+ if opts == nil {
+ return group.NewRunAsAny()
+ }
+ switch opts.Rule {
+ case policy.RunAsGroupStrategyMustRunAs:
+ return group.NewMustRunAs(opts.Ranges)
+ case policy.RunAsGroupStrategyRunAsAny:
+ return group.NewRunAsAny()
+ case policy.RunAsGroupStrategyMayRunAs:
+ return group.NewMayRunAs(opts.Ranges)
+ default:
+ return nil, fmt.Errorf("Unrecognized RunAsGroup strategy type %s", opts.Rule)
+ }
+}
+
// createSELinuxStrategy creates a new selinux strategy.
func createSELinuxStrategy(opts *policy.SELinuxStrategyOptions) (selinux.SELinuxStrategy, error) {
switch opts.Rule {
diff --git a/pkg/security/podsecuritypolicy/group/runasany_test.go b/pkg/security/podsecuritypolicy/group/runasany_test.go
index 788b6363ff..f7f1b40f33 100644
--- a/pkg/security/podsecuritypolicy/group/runasany_test.go
+++ b/pkg/security/podsecuritypolicy/group/runasany_test.go
@@ -50,7 +50,7 @@ func TestRunAsAnyGenerateSingle(t *testing.T) {
}
}
-func TestRunAsAnyValidte(t *testing.T) {
+func TestRunAsAnyValidate(t *testing.T) {
s, err := NewRunAsAny()
if err != nil {
t.Fatalf("unexpected error initializing NewRunAsAny %v", err)
diff --git a/pkg/security/podsecuritypolicy/provider.go b/pkg/security/podsecuritypolicy/provider.go
index 90d5f967b2..35259d7900 100644
--- a/pkg/security/podsecuritypolicy/provider.go
+++ b/pkg/security/podsecuritypolicy/provider.go
@@ -21,8 +21,10 @@ import (
"strings"
"k8s.io/apimachinery/pkg/util/validation/field"
+ utilfeature "k8s.io/apiserver/pkg/util/feature"
api "k8s.io/kubernetes/pkg/apis/core"
"k8s.io/kubernetes/pkg/apis/policy"
+ "k8s.io/kubernetes/pkg/features"
psputil "k8s.io/kubernetes/pkg/security/podsecuritypolicy/util"
"k8s.io/kubernetes/pkg/securitycontext"
)
@@ -121,6 +123,17 @@ func (s *simpleProvider) DefaultContainerSecurityContext(pod *api.Pod, container
sc.SetRunAsUser(uid)
}
+ if utilfeature.DefaultFeatureGate.Enabled(features.RunAsGroup) {
+ if sc.RunAsGroup() == nil {
+ gid, err := s.strategies.RunAsGroupStrategy.GenerateSingle(pod)
+ if err != nil {
+ return err
+ }
+ sc.SetRunAsGroup(gid)
+ }
+
+ }
+
if sc.SELinuxOptions() == nil {
seLinux, err := s.strategies.SELinuxStrategy.Generate(pod, container)
if err != nil {
@@ -280,6 +293,14 @@ func (s *simpleProvider) ValidateContainer(pod *api.Pod, container *api.Containe
scPath := containerPath.Child("securityContext")
allErrs = append(allErrs, s.strategies.RunAsUserStrategy.Validate(scPath, pod, container, sc.RunAsNonRoot(), sc.RunAsUser())...)
+
+ if utilfeature.DefaultFeatureGate.Enabled(features.RunAsGroup) {
+ var runAsGroups []int64
+ if sc.RunAsGroup() != nil {
+ runAsGroups = []int64{*sc.RunAsGroup()}
+ }
+ allErrs = append(allErrs, s.strategies.RunAsGroupStrategy.Validate(scPath, pod, runAsGroups)...)
+ }
allErrs = append(allErrs, s.strategies.SELinuxStrategy.Validate(scPath.Child("seLinuxOptions"), pod, container, sc.SELinuxOptions())...)
allErrs = append(allErrs, s.strategies.AppArmorStrategy.Validate(pod, container)...)
allErrs = append(allErrs, s.strategies.SeccompStrategy.ValidateContainer(pod, container)...)
diff --git a/pkg/security/podsecuritypolicy/provider_test.go b/pkg/security/podsecuritypolicy/provider_test.go
index 90049f460a..ace225ec92 100644
--- a/pkg/security/podsecuritypolicy/provider_test.go
+++ b/pkg/security/podsecuritypolicy/provider_test.go
@@ -65,6 +65,9 @@ func TestDefaultPodSecurityContextNonmutating(t *testing.T) {
RunAsUser: policy.RunAsUserStrategyOptions{
Rule: policy.RunAsUserStrategyRunAsAny,
},
+ RunAsGroup: &policy.RunAsGroupStrategyOptions{
+ Rule: policy.RunAsGroupStrategyRunAsAny,
+ },
SELinux: policy.SELinuxStrategyOptions{
Rule: policy.SELinuxStrategyRunAsAny,
},
@@ -137,6 +140,9 @@ func TestDefaultContainerSecurityContextNonmutating(t *testing.T) {
RunAsUser: policy.RunAsUserStrategyOptions{
Rule: policy.RunAsUserStrategyRunAsAny,
},
+ RunAsGroup: &policy.RunAsGroupStrategyOptions{
+ Rule: policy.RunAsGroupStrategyRunAsAny,
+ },
SELinux: policy.SELinuxStrategyOptions{
Rule: policy.SELinuxStrategyRunAsAny,
},
@@ -1168,6 +1174,9 @@ func defaultPSP() *policy.PodSecurityPolicy {
RunAsUser: policy.RunAsUserStrategyOptions{
Rule: policy.RunAsUserStrategyRunAsAny,
},
+ RunAsGroup: &policy.RunAsGroupStrategyOptions{
+ Rule: policy.RunAsGroupStrategyRunAsAny,
+ },
SELinux: policy.SELinuxStrategyOptions{
Rule: policy.SELinuxStrategyRunAsAny,
},
diff --git a/pkg/security/podsecuritypolicy/types.go b/pkg/security/podsecuritypolicy/types.go
index 1127337b4e..e541a345e3 100644
--- a/pkg/security/podsecuritypolicy/types.go
+++ b/pkg/security/podsecuritypolicy/types.go
@@ -60,6 +60,7 @@ type StrategyFactory interface {
// ProviderStrategies is a holder for all strategies that the provider requires to be populated.
type ProviderStrategies struct {
RunAsUserStrategy user.RunAsUserStrategy
+ RunAsGroupStrategy group.GroupStrategy
SELinuxStrategy selinux.SELinuxStrategy
AppArmorStrategy apparmor.Strategy
FSGroupStrategy group.GroupStrategy
diff --git a/pkg/securitycontext/accessors.go b/pkg/securitycontext/accessors.go
index cf372f2866..739ca126f6 100644
--- a/pkg/securitycontext/accessors.go
+++ b/pkg/securitycontext/accessors.go
@@ -29,6 +29,7 @@ type PodSecurityContextAccessor interface {
HostIPC() bool
SELinuxOptions() *api.SELinuxOptions
RunAsUser() *int64
+ RunAsGroup() *int64
RunAsNonRoot() *bool
SupplementalGroups() []int64
FSGroup() *int64
@@ -43,6 +44,7 @@ type PodSecurityContextMutator interface {
SetHostIPC(bool)
SetSELinuxOptions(*api.SELinuxOptions)
SetRunAsUser(*int64)
+ SetRunAsGroup(*int64)
SetRunAsNonRoot(*bool)
SetSupplementalGroups([]int64)
SetFSGroup(*int64)
@@ -142,6 +144,20 @@ func (w *podSecurityContextWrapper) SetRunAsUser(v *int64) {
w.ensurePodSC()
w.podSC.RunAsUser = v
}
+func (w *podSecurityContextWrapper) RunAsGroup() *int64 {
+ if w.podSC == nil {
+ return nil
+ }
+ return w.podSC.RunAsGroup
+}
+func (w *podSecurityContextWrapper) SetRunAsGroup(v *int64) {
+ if w.podSC == nil && v == nil {
+ return
+ }
+ w.ensurePodSC()
+ w.podSC.RunAsGroup = v
+}
+
func (w *podSecurityContextWrapper) RunAsNonRoot() *bool {
if w.podSC == nil {
return nil
@@ -191,6 +207,7 @@ type ContainerSecurityContextAccessor interface {
ProcMount() api.ProcMountType
SELinuxOptions() *api.SELinuxOptions
RunAsUser() *int64
+ RunAsGroup() *int64
RunAsNonRoot() *bool
ReadOnlyRootFilesystem() *bool
AllowPrivilegeEscalation() *bool
@@ -205,6 +222,7 @@ type ContainerSecurityContextMutator interface {
SetPrivileged(*bool)
SetSELinuxOptions(*api.SELinuxOptions)
SetRunAsUser(*int64)
+ SetRunAsGroup(*int64)
SetRunAsNonRoot(*bool)
SetReadOnlyRootFilesystem(*bool)
SetAllowPrivilegeEscalation(*bool)
@@ -293,6 +311,20 @@ func (w *containerSecurityContextWrapper) SetRunAsUser(v *int64) {
w.ensureContainerSC()
w.containerSC.RunAsUser = v
}
+func (w *containerSecurityContextWrapper) RunAsGroup() *int64 {
+ if w.containerSC == nil {
+ return nil
+ }
+ return w.containerSC.RunAsGroup
+}
+func (w *containerSecurityContextWrapper) SetRunAsGroup(v *int64) {
+ if w.containerSC == nil && v == nil {
+ return
+ }
+ w.ensureContainerSC()
+ w.containerSC.RunAsGroup = v
+}
+
func (w *containerSecurityContextWrapper) RunAsNonRoot() *bool {
if w.containerSC == nil {
return nil
@@ -391,6 +423,18 @@ func (w *effectiveContainerSecurityContextWrapper) SetRunAsUser(v *int64) {
w.containerSC.SetRunAsUser(v)
}
}
+func (w *effectiveContainerSecurityContextWrapper) RunAsGroup() *int64 {
+ if v := w.containerSC.RunAsGroup(); v != nil {
+ return v
+ }
+ return w.podSC.RunAsGroup()
+}
+func (w *effectiveContainerSecurityContextWrapper) SetRunAsGroup(v *int64) {
+ if !reflect.DeepEqual(w.RunAsGroup(), v) {
+ w.containerSC.SetRunAsGroup(v)
+ }
+}
+
func (w *effectiveContainerSecurityContextWrapper) RunAsNonRoot() *bool {
if v := w.containerSC.RunAsNonRoot(); v != nil {
return v
diff --git a/pkg/securitycontext/accessors_test.go b/pkg/securitycontext/accessors_test.go
index 68b129836a..0fde3eb84b 100644
--- a/pkg/securitycontext/accessors_test.go
+++ b/pkg/securitycontext/accessors_test.go
@@ -27,6 +27,7 @@ import (
func TestPodSecurityContextAccessor(t *testing.T) {
fsGroup := int64(2)
runAsUser := int64(1)
+ runAsGroup := int64(1)
runAsNonRoot := true
testcases := []*api.PodSecurityContext{
@@ -38,6 +39,7 @@ func TestPodSecurityContextAccessor(t *testing.T) {
{HostPID: true},
{RunAsNonRoot: &runAsNonRoot},
{RunAsUser: &runAsUser},
+ {RunAsGroup: &runAsGroup},
{SELinuxOptions: &api.SELinuxOptions{User: "bob"}},
{SupplementalGroups: []int64{1, 2, 3}},
}
@@ -68,6 +70,9 @@ func TestPodSecurityContextAccessor(t *testing.T) {
if v := a.RunAsUser(); !reflect.DeepEqual(expected.RunAsUser, v) {
t.Errorf("%d: expected %#v, got %#v", i, expected.RunAsUser, v)
}
+ if v := a.RunAsGroup(); !reflect.DeepEqual(expected.RunAsGroup, v) {
+ t.Errorf("%d: expected %#v, got %#v", i, expected.RunAsGroup, v)
+ }
if v := a.SELinuxOptions(); !reflect.DeepEqual(expected.SELinuxOptions, v) {
t.Errorf("%d: expected %#v, got %#v", i, expected.SELinuxOptions, v)
}
@@ -95,6 +100,7 @@ func TestPodSecurityContextMutator(t *testing.T) {
HostPID: true,
SELinuxOptions: &api.SELinuxOptions{},
RunAsUser: nil,
+ RunAsGroup: nil,
RunAsNonRoot: nil,
SupplementalGroups: nil,
FSGroup: nil,
@@ -123,6 +129,7 @@ func TestPodSecurityContextMutator(t *testing.T) {
m.SetHostPID(m.HostPID())
m.SetRunAsNonRoot(m.RunAsNonRoot())
m.SetRunAsUser(m.RunAsUser())
+ m.SetRunAsGroup(m.RunAsGroup())
m.SetSELinuxOptions(m.SELinuxOptions())
m.SetSupplementalGroups(m.SupplementalGroups())
if !reflect.DeepEqual(sc, originalSC) {
@@ -208,6 +215,19 @@ func TestPodSecurityContextMutator(t *testing.T) {
}
}
+ // RunAsGroup
+ {
+ modifiedSC := nonNilSC(tc.newSC())
+ m := NewPodSecurityContextMutator(tc.newSC())
+ i := int64(1123)
+ modifiedSC.RunAsGroup = &i
+ m.SetRunAsGroup(&i)
+ if !reflect.DeepEqual(m.PodSecurityContext(), modifiedSC) {
+ t.Errorf("%s: unexpected object:\n%s", k, diff.ObjectGoPrintSideBySide(modifiedSC, m.PodSecurityContext()))
+ continue
+ }
+ }
+
// SELinuxOptions
{
modifiedSC := nonNilSC(tc.newSC())
@@ -429,6 +449,8 @@ func TestEffectiveContainerSecurityContextAccessor(t *testing.T) {
privileged := true
runAsUser := int64(1)
runAsUserPod := int64(12)
+ runAsGroup := int64(1)
+ runAsGroupPod := int64(12)
runAsNonRoot := true
runAsNonRootPod := false
readOnlyRootFilesystem := true
@@ -500,6 +522,26 @@ func TestEffectiveContainerSecurityContextAccessor(t *testing.T) {
SELinuxOptions: &api.SELinuxOptions{User: "bob"},
},
},
+ {
+ PodSC: &api.PodSecurityContext{
+ RunAsGroup: &runAsGroup,
+ },
+ SC: nil,
+ Effective: &api.SecurityContext{
+ RunAsGroup: &runAsGroup,
+ },
+ },
+ {
+ PodSC: &api.PodSecurityContext{
+ RunAsGroup: &runAsGroupPod,
+ },
+ SC: &api.SecurityContext{
+ RunAsGroup: &runAsGroup,
+ },
+ Effective: &api.SecurityContext{
+ RunAsGroup: &runAsGroup,
+ },
+ },
}
for i, tc := range testcases {
diff --git a/plugin/pkg/admission/security/podsecuritypolicy/admission_test.go b/plugin/pkg/admission/security/podsecuritypolicy/admission_test.go
index 29f686994e..b3330c6ac0 100644
--- a/plugin/pkg/admission/security/podsecuritypolicy/admission_test.go
+++ b/plugin/pkg/admission/security/podsecuritypolicy/admission_test.go
@@ -1907,6 +1907,9 @@ func TestCreateProvidersFromConstraints(t *testing.T) {
RunAsUser: policy.RunAsUserStrategyOptions{
Rule: policy.RunAsUserStrategyRunAsAny,
},
+ RunAsGroup: &policy.RunAsGroupStrategyOptions{
+ Rule: policy.RunAsGroupStrategyRunAsAny,
+ },
FSGroup: policy.FSGroupStrategyOptions{
Rule: policy.FSGroupStrategyRunAsAny,
},
@@ -1930,6 +1933,9 @@ func TestCreateProvidersFromConstraints(t *testing.T) {
RunAsUser: policy.RunAsUserStrategyOptions{
Rule: policy.RunAsUserStrategyMustRunAs,
},
+ RunAsGroup: &policy.RunAsGroupStrategyOptions{
+ Rule: policy.RunAsGroupStrategyRunAsAny,
+ },
FSGroup: policy.FSGroupStrategyOptions{
Rule: policy.FSGroupStrategyRunAsAny,
},
@@ -2343,6 +2349,12 @@ func restrictivePSP() *policy.PodSecurityPolicy {
{Min: int64(999), Max: int64(999)},
},
},
+ RunAsGroup: &policy.RunAsGroupStrategyOptions{
+ Rule: policy.RunAsGroupStrategyMustRunAs,
+ Ranges: []policy.IDRange{
+ {Min: int64(999), Max: int64(999)},
+ },
+ },
SELinux: policy.SELinuxStrategyOptions{
Rule: policy.SELinuxStrategyMustRunAs,
SELinuxOptions: &kapi.SELinuxOptions{
@@ -2382,6 +2394,9 @@ func permissivePSP() *policy.PodSecurityPolicy {
RunAsUser: policy.RunAsUserStrategyOptions{
Rule: policy.RunAsUserStrategyRunAsAny,
},
+ RunAsGroup: &policy.RunAsGroupStrategyOptions{
+ Rule: policy.RunAsGroupStrategyRunAsAny,
+ },
SELinux: policy.SELinuxStrategyOptions{
Rule: policy.SELinuxStrategyRunAsAny,
},
diff --git a/staging/src/k8s.io/api/extensions/v1beta1/generated.pb.go b/staging/src/k8s.io/api/extensions/v1beta1/generated.pb.go
index 72d64db3ed..a41c7e57c1 100644
--- a/staging/src/k8s.io/api/extensions/v1beta1/generated.pb.go
+++ b/staging/src/k8s.io/api/extensions/v1beta1/generated.pb.go
@@ -77,6 +77,7 @@ limitations under the License.
RollbackConfig
RollingUpdateDaemonSet
RollingUpdateDeployment
+ RunAsGroupStrategyOptions
RunAsUserStrategyOptions
SELinuxStrategyOptions
Scale
@@ -336,32 +337,38 @@ func (*RollingUpdateDeployment) Descriptor() ([]byte, []int) {
return fileDescriptorGenerated, []int{51}
}
+func (m *RunAsGroupStrategyOptions) Reset() { *m = RunAsGroupStrategyOptions{} }
+func (*RunAsGroupStrategyOptions) ProtoMessage() {}
+func (*RunAsGroupStrategyOptions) Descriptor() ([]byte, []int) {
+ return fileDescriptorGenerated, []int{52}
+}
+
func (m *RunAsUserStrategyOptions) Reset() { *m = RunAsUserStrategyOptions{} }
func (*RunAsUserStrategyOptions) ProtoMessage() {}
func (*RunAsUserStrategyOptions) Descriptor() ([]byte, []int) {
- return fileDescriptorGenerated, []int{52}
+ return fileDescriptorGenerated, []int{53}
}
func (m *SELinuxStrategyOptions) Reset() { *m = SELinuxStrategyOptions{} }
func (*SELinuxStrategyOptions) ProtoMessage() {}
-func (*SELinuxStrategyOptions) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{53} }
+func (*SELinuxStrategyOptions) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{54} }
func (m *Scale) Reset() { *m = Scale{} }
func (*Scale) ProtoMessage() {}
-func (*Scale) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{54} }
+func (*Scale) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{55} }
func (m *ScaleSpec) Reset() { *m = ScaleSpec{} }
func (*ScaleSpec) ProtoMessage() {}
-func (*ScaleSpec) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{55} }
+func (*ScaleSpec) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{56} }
func (m *ScaleStatus) Reset() { *m = ScaleStatus{} }
func (*ScaleStatus) ProtoMessage() {}
-func (*ScaleStatus) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{56} }
+func (*ScaleStatus) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{57} }
func (m *SupplementalGroupsStrategyOptions) Reset() { *m = SupplementalGroupsStrategyOptions{} }
func (*SupplementalGroupsStrategyOptions) ProtoMessage() {}
func (*SupplementalGroupsStrategyOptions) Descriptor() ([]byte, []int) {
- return fileDescriptorGenerated, []int{57}
+ return fileDescriptorGenerated, []int{58}
}
func init() {
@@ -417,6 +424,7 @@ func init() {
proto.RegisterType((*RollbackConfig)(nil), "k8s.io.api.extensions.v1beta1.RollbackConfig")
proto.RegisterType((*RollingUpdateDaemonSet)(nil), "k8s.io.api.extensions.v1beta1.RollingUpdateDaemonSet")
proto.RegisterType((*RollingUpdateDeployment)(nil), "k8s.io.api.extensions.v1beta1.RollingUpdateDeployment")
+ proto.RegisterType((*RunAsGroupStrategyOptions)(nil), "k8s.io.api.extensions.v1beta1.RunAsGroupStrategyOptions")
proto.RegisterType((*RunAsUserStrategyOptions)(nil), "k8s.io.api.extensions.v1beta1.RunAsUserStrategyOptions")
proto.RegisterType((*SELinuxStrategyOptions)(nil), "k8s.io.api.extensions.v1beta1.SELinuxStrategyOptions")
proto.RegisterType((*Scale)(nil), "k8s.io.api.extensions.v1beta1.Scale")
@@ -2308,6 +2316,18 @@ func (m *PodSecurityPolicySpec) MarshalTo(dAtA []byte) (int, error) {
i += copy(dAtA[i:], s)
}
}
+ if m.RunAsGroup != nil {
+ dAtA[i] = 0xb2
+ i++
+ dAtA[i] = 0x1
+ i++
+ i = encodeVarintGenerated(dAtA, i, uint64(m.RunAsGroup.Size()))
+ n49, err := m.RunAsGroup.MarshalTo(dAtA[i:])
+ if err != nil {
+ return 0, err
+ }
+ i += n49
+ }
return i, nil
}
@@ -2329,27 +2349,27 @@ func (m *ReplicaSet) MarshalTo(dAtA []byte) (int, error) {
dAtA[i] = 0xa
i++
i = encodeVarintGenerated(dAtA, i, uint64(m.ObjectMeta.Size()))
- n49, err := m.ObjectMeta.MarshalTo(dAtA[i:])
- if err != nil {
- return 0, err
- }
- i += n49
- dAtA[i] = 0x12
- i++
- i = encodeVarintGenerated(dAtA, i, uint64(m.Spec.Size()))
- n50, err := m.Spec.MarshalTo(dAtA[i:])
+ n50, err := m.ObjectMeta.MarshalTo(dAtA[i:])
if err != nil {
return 0, err
}
i += n50
- dAtA[i] = 0x1a
+ dAtA[i] = 0x12
i++
- i = encodeVarintGenerated(dAtA, i, uint64(m.Status.Size()))
- n51, err := m.Status.MarshalTo(dAtA[i:])
+ i = encodeVarintGenerated(dAtA, i, uint64(m.Spec.Size()))
+ n51, err := m.Spec.MarshalTo(dAtA[i:])
if err != nil {
return 0, err
}
i += n51
+ dAtA[i] = 0x1a
+ i++
+ i = encodeVarintGenerated(dAtA, i, uint64(m.Status.Size()))
+ n52, err := m.Status.MarshalTo(dAtA[i:])
+ if err != nil {
+ return 0, err
+ }
+ i += n52
return i, nil
}
@@ -2379,11 +2399,11 @@ func (m *ReplicaSetCondition) MarshalTo(dAtA []byte) (int, error) {
dAtA[i] = 0x1a
i++
i = encodeVarintGenerated(dAtA, i, uint64(m.LastTransitionTime.Size()))
- n52, err := m.LastTransitionTime.MarshalTo(dAtA[i:])
+ n53, err := m.LastTransitionTime.MarshalTo(dAtA[i:])
if err != nil {
return 0, err
}
- i += n52
+ i += n53
dAtA[i] = 0x22
i++
i = encodeVarintGenerated(dAtA, i, uint64(len(m.Reason)))
@@ -2413,11 +2433,11 @@ func (m *ReplicaSetList) MarshalTo(dAtA []byte) (int, error) {
dAtA[i] = 0xa
i++
i = encodeVarintGenerated(dAtA, i, uint64(m.ListMeta.Size()))
- n53, err := m.ListMeta.MarshalTo(dAtA[i:])
+ n54, err := m.ListMeta.MarshalTo(dAtA[i:])
if err != nil {
return 0, err
}
- i += n53
+ i += n54
if len(m.Items) > 0 {
for _, msg := range m.Items {
dAtA[i] = 0x12
@@ -2457,20 +2477,20 @@ func (m *ReplicaSetSpec) MarshalTo(dAtA []byte) (int, error) {
dAtA[i] = 0x12
i++
i = encodeVarintGenerated(dAtA, i, uint64(m.Selector.Size()))
- n54, err := m.Selector.MarshalTo(dAtA[i:])
+ n55, err := m.Selector.MarshalTo(dAtA[i:])
if err != nil {
return 0, err
}
- i += n54
+ i += n55
}
dAtA[i] = 0x1a
i++
i = encodeVarintGenerated(dAtA, i, uint64(m.Template.Size()))
- n55, err := m.Template.MarshalTo(dAtA[i:])
+ n56, err := m.Template.MarshalTo(dAtA[i:])
if err != nil {
return 0, err
}
- i += n55
+ i += n56
dAtA[i] = 0x20
i++
i = encodeVarintGenerated(dAtA, i, uint64(m.MinReadySeconds))
@@ -2580,11 +2600,11 @@ func (m *RollingUpdateDaemonSet) MarshalTo(dAtA []byte) (int, error) {
dAtA[i] = 0xa
i++
i = encodeVarintGenerated(dAtA, i, uint64(m.MaxUnavailable.Size()))
- n56, err := m.MaxUnavailable.MarshalTo(dAtA[i:])
+ n57, err := m.MaxUnavailable.MarshalTo(dAtA[i:])
if err != nil {
return 0, err
}
- i += n56
+ i += n57
}
return i, nil
}
@@ -2608,21 +2628,55 @@ func (m *RollingUpdateDeployment) MarshalTo(dAtA []byte) (int, error) {
dAtA[i] = 0xa
i++
i = encodeVarintGenerated(dAtA, i, uint64(m.MaxUnavailable.Size()))
- n57, err := m.MaxUnavailable.MarshalTo(dAtA[i:])
+ n58, err := m.MaxUnavailable.MarshalTo(dAtA[i:])
if err != nil {
return 0, err
}
- i += n57
+ i += n58
}
if m.MaxSurge != nil {
dAtA[i] = 0x12
i++
i = encodeVarintGenerated(dAtA, i, uint64(m.MaxSurge.Size()))
- n58, err := m.MaxSurge.MarshalTo(dAtA[i:])
+ n59, err := m.MaxSurge.MarshalTo(dAtA[i:])
if err != nil {
return 0, err
}
- i += n58
+ i += n59
+ }
+ return i, nil
+}
+
+func (m *RunAsGroupStrategyOptions) Marshal() (dAtA []byte, err error) {
+ size := m.Size()
+ dAtA = make([]byte, size)
+ n, err := m.MarshalTo(dAtA)
+ if err != nil {
+ return nil, err
+ }
+ return dAtA[:n], nil
+}
+
+func (m *RunAsGroupStrategyOptions) MarshalTo(dAtA []byte) (int, error) {
+ var i int
+ _ = i
+ var l int
+ _ = l
+ dAtA[i] = 0xa
+ i++
+ i = encodeVarintGenerated(dAtA, i, uint64(len(m.Rule)))
+ i += copy(dAtA[i:], m.Rule)
+ if len(m.Ranges) > 0 {
+ for _, msg := range m.Ranges {
+ dAtA[i] = 0x12
+ i++
+ i = encodeVarintGenerated(dAtA, i, uint64(msg.Size()))
+ n, err := msg.MarshalTo(dAtA[i:])
+ if err != nil {
+ return 0, err
+ }
+ i += n
+ }
}
return i, nil
}
@@ -2684,11 +2738,11 @@ func (m *SELinuxStrategyOptions) MarshalTo(dAtA []byte) (int, error) {
dAtA[i] = 0x12
i++
i = encodeVarintGenerated(dAtA, i, uint64(m.SELinuxOptions.Size()))
- n59, err := m.SELinuxOptions.MarshalTo(dAtA[i:])
+ n60, err := m.SELinuxOptions.MarshalTo(dAtA[i:])
if err != nil {
return 0, err
}
- i += n59
+ i += n60
}
return i, nil
}
@@ -2711,27 +2765,27 @@ func (m *Scale) MarshalTo(dAtA []byte) (int, error) {
dAtA[i] = 0xa
i++
i = encodeVarintGenerated(dAtA, i, uint64(m.ObjectMeta.Size()))
- n60, err := m.ObjectMeta.MarshalTo(dAtA[i:])
- if err != nil {
- return 0, err
- }
- i += n60
- dAtA[i] = 0x12
- i++
- i = encodeVarintGenerated(dAtA, i, uint64(m.Spec.Size()))
- n61, err := m.Spec.MarshalTo(dAtA[i:])
+ n61, err := m.ObjectMeta.MarshalTo(dAtA[i:])
if err != nil {
return 0, err
}
i += n61
- dAtA[i] = 0x1a
+ dAtA[i] = 0x12
i++
- i = encodeVarintGenerated(dAtA, i, uint64(m.Status.Size()))
- n62, err := m.Status.MarshalTo(dAtA[i:])
+ i = encodeVarintGenerated(dAtA, i, uint64(m.Spec.Size()))
+ n62, err := m.Spec.MarshalTo(dAtA[i:])
if err != nil {
return 0, err
}
i += n62
+ dAtA[i] = 0x1a
+ i++
+ i = encodeVarintGenerated(dAtA, i, uint64(m.Status.Size()))
+ n63, err := m.Status.MarshalTo(dAtA[i:])
+ if err != nil {
+ return 0, err
+ }
+ i += n63
return i, nil
}
@@ -3535,6 +3589,10 @@ func (m *PodSecurityPolicySpec) Size() (n int) {
n += 2 + l + sovGenerated(uint64(l))
}
}
+ if m.RunAsGroup != nil {
+ l = m.RunAsGroup.Size()
+ n += 2 + l + sovGenerated(uint64(l))
+ }
return n
}
@@ -3650,6 +3708,20 @@ func (m *RollingUpdateDeployment) Size() (n int) {
return n
}
+func (m *RunAsGroupStrategyOptions) Size() (n int) {
+ var l int
+ _ = l
+ l = len(m.Rule)
+ n += 1 + l + sovGenerated(uint64(l))
+ if len(m.Ranges) > 0 {
+ for _, e := range m.Ranges {
+ l = e.Size()
+ n += 1 + l + sovGenerated(uint64(l))
+ }
+ }
+ return n
+}
+
func (m *RunAsUserStrategyOptions) Size() (n int) {
var l int
_ = l
@@ -4271,6 +4343,7 @@ func (this *PodSecurityPolicySpec) String() string {
`AllowedUnsafeSysctls:` + fmt.Sprintf("%v", this.AllowedUnsafeSysctls) + `,`,
`ForbiddenSysctls:` + fmt.Sprintf("%v", this.ForbiddenSysctls) + `,`,
`AllowedProcMountTypes:` + fmt.Sprintf("%v", this.AllowedProcMountTypes) + `,`,
+ `RunAsGroup:` + strings.Replace(fmt.Sprintf("%v", this.RunAsGroup), "RunAsGroupStrategyOptions", "RunAsGroupStrategyOptions", 1) + `,`,
`}`,
}, "")
return s
@@ -4380,6 +4453,17 @@ func (this *RollingUpdateDeployment) String() string {
}, "")
return s
}
+func (this *RunAsGroupStrategyOptions) String() string {
+ if this == nil {
+ return "nil"
+ }
+ s := strings.Join([]string{`&RunAsGroupStrategyOptions{`,
+ `Rule:` + fmt.Sprintf("%v", this.Rule) + `,`,
+ `Ranges:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Ranges), "IDRange", "IDRange", 1), `&`, ``, 1) + `,`,
+ `}`,
+ }, "")
+ return s
+}
func (this *RunAsUserStrategyOptions) String() string {
if this == nil {
return "nil"
@@ -10495,6 +10579,39 @@ func (m *PodSecurityPolicySpec) Unmarshal(dAtA []byte) error {
}
m.AllowedProcMountTypes = append(m.AllowedProcMountTypes, k8s_io_api_core_v1.ProcMountType(dAtA[iNdEx:postIndex]))
iNdEx = postIndex
+ case 22:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field RunAsGroup", wireType)
+ }
+ var msglen int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ msglen |= (int(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ if msglen < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ postIndex := iNdEx + msglen
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ if m.RunAsGroup == nil {
+ m.RunAsGroup = &RunAsGroupStrategyOptions{}
+ }
+ if err := m.RunAsGroup.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+ return err
+ }
+ iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipGenerated(dAtA[iNdEx:])
@@ -11609,6 +11726,116 @@ func (m *RollingUpdateDeployment) Unmarshal(dAtA []byte) error {
}
return nil
}
+func (m *RunAsGroupStrategyOptions) Unmarshal(dAtA []byte) error {
+ l := len(dAtA)
+ iNdEx := 0
+ for iNdEx < l {
+ preIndex := iNdEx
+ var wire uint64
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ wire |= (uint64(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ fieldNum := int32(wire >> 3)
+ wireType := int(wire & 0x7)
+ if wireType == 4 {
+ return fmt.Errorf("proto: RunAsGroupStrategyOptions: wiretype end group for non-group")
+ }
+ if fieldNum <= 0 {
+ return fmt.Errorf("proto: RunAsGroupStrategyOptions: illegal tag %d (wire type %d)", fieldNum, wire)
+ }
+ switch fieldNum {
+ case 1:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field Rule", wireType)
+ }
+ var stringLen uint64
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ stringLen |= (uint64(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ intStringLen := int(stringLen)
+ if intStringLen < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ postIndex := iNdEx + intStringLen
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ m.Rule = RunAsGroupStrategy(dAtA[iNdEx:postIndex])
+ iNdEx = postIndex
+ case 2:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field Ranges", wireType)
+ }
+ var msglen int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ msglen |= (int(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ if msglen < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ postIndex := iNdEx + msglen
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ m.Ranges = append(m.Ranges, IDRange{})
+ if err := m.Ranges[len(m.Ranges)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+ return err
+ }
+ iNdEx = postIndex
+ default:
+ iNdEx = preIndex
+ skippy, err := skipGenerated(dAtA[iNdEx:])
+ if err != nil {
+ return err
+ }
+ if skippy < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ if (iNdEx + skippy) > l {
+ return io.ErrUnexpectedEOF
+ }
+ iNdEx += skippy
+ }
+ }
+
+ if iNdEx > l {
+ return io.ErrUnexpectedEOF
+ }
+ return nil
+}
func (m *RunAsUserStrategyOptions) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
@@ -12474,235 +12701,237 @@ func init() {
}
var fileDescriptorGenerated = []byte{
- // 3665 bytes of a gzipped FileDescriptorProto
+ // 3709 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x5b, 0xcd, 0x6f, 0x24, 0x49,
- 0x56, 0xef, 0xac, 0x2a, 0xbb, 0xca, 0xcf, 0xed, 0xaf, 0xb0, 0xdb, 0x5d, 0xdb, 0x33, 0xed, 0xea,
- 0xcd, 0x91, 0x9a, 0x9e, 0xa1, 0xa7, 0x6a, 0xba, 0xe7, 0x63, 0x87, 0x69, 0xb1, 0xbb, 0x2e, 0xbb,
- 0xdd, 0xed, 0xc5, 0x1f, 0x35, 0x51, 0x76, 0xb3, 0x8c, 0x98, 0x65, 0xd2, 0x55, 0xe1, 0x72, 0x8e,
- 0xb3, 0x32, 0x73, 0x33, 0x22, 0xbd, 0x2e, 0x09, 0x21, 0x0e, 0x08, 0x09, 0x09, 0x04, 0x1c, 0x96,
- 0x0f, 0x71, 0x61, 0x2f, 0x9c, 0x40, 0x70, 0x83, 0xc3, 0x6a, 0x24, 0xa4, 0x45, 0x1a, 0xa1, 0x45,
- 0xda, 0x1b, 0x7b, 0xb2, 0x18, 0xcf, 0x09, 0xf1, 0x0f, 0xa0, 0x3e, 0x20, 0x14, 0x91, 0x91, 0xdf,
- 0x99, 0xae, 0x2a, 0x4f, 0xb7, 0x85, 0xd0, 0xde, 0x2a, 0xe3, 0xbd, 0xf7, 0x7b, 0x2f, 0x22, 0x5e,
- 0xbc, 0xf7, 0xe2, 0xa3, 0x60, 0xe3, 0xf8, 0x7d, 0x5a, 0xd7, 0xad, 0xc6, 0xb1, 0x7b, 0x40, 0x1c,
- 0x93, 0x30, 0x42, 0x1b, 0x27, 0xc4, 0xec, 0x5a, 0x4e, 0x43, 0x12, 0x34, 0x5b, 0x6f, 0x90, 0x53,
- 0x46, 0x4c, 0xaa, 0x5b, 0x26, 0x6d, 0x9c, 0x3c, 0x38, 0x20, 0x4c, 0x7b, 0xd0, 0xe8, 0x11, 0x93,
- 0x38, 0x1a, 0x23, 0xdd, 0xba, 0xed, 0x58, 0xcc, 0x42, 0xb7, 0x3d, 0xf6, 0xba, 0x66, 0xeb, 0xf5,
- 0x90, 0xbd, 0x2e, 0xd9, 0x6f, 0xbd, 0xd9, 0xd3, 0xd9, 0x91, 0x7b, 0x50, 0xef, 0x58, 0xfd, 0x46,
- 0xcf, 0xea, 0x59, 0x0d, 0x21, 0x75, 0xe0, 0x1e, 0x8a, 0x2f, 0xf1, 0x21, 0x7e, 0x79, 0x68, 0xb7,
- 0xd4, 0x88, 0xf2, 0x8e, 0xe5, 0x90, 0xc6, 0x49, 0x4a, 0xe3, 0xad, 0x77, 0x42, 0x9e, 0xbe, 0xd6,
- 0x39, 0xd2, 0x4d, 0xe2, 0x0c, 0x1a, 0xf6, 0x71, 0x4f, 0x08, 0x39, 0x84, 0x5a, 0xae, 0xd3, 0x21,
- 0x63, 0x49, 0xd1, 0x46, 0x9f, 0x30, 0x2d, 0x4b, 0x57, 0x23, 0x4f, 0xca, 0x71, 0x4d, 0xa6, 0xf7,
- 0xd3, 0x6a, 0xde, 0x1b, 0x26, 0x40, 0x3b, 0x47, 0xa4, 0xaf, 0xa5, 0xe4, 0xde, 0xce, 0x93, 0x73,
- 0x99, 0x6e, 0x34, 0x74, 0x93, 0x51, 0xe6, 0x24, 0x85, 0xd4, 0x47, 0xb0, 0xb0, 0x6a, 0x18, 0xd6,
- 0x0f, 0x48, 0x77, 0xc3, 0x20, 0xa7, 0xcf, 0x2c, 0xc3, 0xed, 0x13, 0x74, 0x17, 0x26, 0xbb, 0x8e,
- 0x7e, 0x42, 0x9c, 0xaa, 0x72, 0x47, 0xb9, 0x37, 0xd5, 0x9c, 0xfd, 0xfc, 0xac, 0x76, 0xed, 0xfc,
- 0xac, 0x36, 0xb9, 0x2e, 0x5a, 0xb1, 0xa4, 0xaa, 0x14, 0xe6, 0xa4, 0xf0, 0x53, 0x8b, 0xb2, 0x96,
- 0xc6, 0x8e, 0xd0, 0x43, 0x00, 0x5b, 0x63, 0x47, 0x2d, 0x87, 0x1c, 0xea, 0xa7, 0x52, 0x1c, 0x49,
- 0x71, 0x68, 0x05, 0x14, 0x1c, 0xe1, 0x42, 0xf7, 0xa1, 0xe2, 0x10, 0xad, 0xbb, 0x6b, 0x1a, 0x83,
- 0x6a, 0xe1, 0x8e, 0x72, 0xaf, 0xd2, 0x9c, 0x97, 0x12, 0x15, 0x2c, 0xdb, 0x71, 0xc0, 0xa1, 0xfe,
- 0xa5, 0x02, 0x5f, 0x5b, 0x73, 0x29, 0xb3, 0xfa, 0xdb, 0x84, 0x39, 0x7a, 0x67, 0xcd, 0x75, 0x1c,
- 0x62, 0xb2, 0x36, 0xd3, 0x98, 0x4b, 0xd1, 0x1d, 0x28, 0x99, 0x5a, 0x9f, 0x48, 0xcd, 0xd7, 0x25,
- 0x4e, 0x69, 0x47, 0xeb, 0x13, 0x2c, 0x28, 0xe8, 0x23, 0x98, 0x38, 0xd1, 0x0c, 0x97, 0x08, 0x55,
- 0xd3, 0x0f, 0xeb, 0xf5, 0xd0, 0xfb, 0x82, 0x61, 0xab, 0xdb, 0xc7, 0x3d, 0xe1, 0x8e, 0xbe, 0x2f,
- 0xd4, 0x3f, 0x74, 0x35, 0x93, 0xe9, 0x6c, 0xd0, 0x5c, 0x92, 0x90, 0xd7, 0xa5, 0xde, 0x67, 0x1c,
- 0x0b, 0x7b, 0x90, 0xea, 0xef, 0xc0, 0xed, 0x5c, 0xd3, 0xb6, 0x74, 0xca, 0xd0, 0xc7, 0x30, 0xa1,
- 0x33, 0xd2, 0xa7, 0x55, 0xe5, 0x4e, 0xf1, 0xde, 0xf4, 0xc3, 0xf7, 0xeb, 0x17, 0xba, 0x7e, 0x3d,
- 0x17, 0xac, 0x39, 0x23, 0xcd, 0x98, 0xd8, 0xe4, 0x70, 0xd8, 0x43, 0x55, 0xff, 0x54, 0x01, 0x14,
- 0x95, 0xd9, 0xd3, 0x9c, 0x1e, 0x61, 0x23, 0x0c, 0xca, 0x6f, 0x7c, 0xb5, 0x41, 0x59, 0x94, 0x90,
- 0xd3, 0x9e, 0xc2, 0xd8, 0x98, 0xd8, 0xb0, 0x9c, 0x36, 0x49, 0x0c, 0xc6, 0xb3, 0xf8, 0x60, 0x3c,
- 0x18, 0x63, 0x30, 0x3c, 0x94, 0x9c, 0x51, 0xf8, 0x61, 0x01, 0xa6, 0xd6, 0x35, 0xd2, 0xb7, 0xcc,
- 0x36, 0x61, 0xe8, 0x13, 0xa8, 0xf0, 0xa5, 0xd9, 0xd5, 0x98, 0x26, 0x06, 0x60, 0xfa, 0xe1, 0x5b,
- 0x17, 0xf5, 0x8e, 0xd6, 0x39, 0x77, 0xfd, 0xe4, 0x41, 0x7d, 0xf7, 0xe0, 0x53, 0xd2, 0x61, 0xdb,
- 0x84, 0x69, 0xa1, 0x07, 0x87, 0x6d, 0x38, 0x40, 0x45, 0x3b, 0x50, 0xa2, 0x36, 0xe9, 0xc8, 0xb1,
- 0xbb, 0x3f, 0xa4, 0x1b, 0x81, 0x65, 0x6d, 0x9b, 0x74, 0xc2, 0xc9, 0xe0, 0x5f, 0x58, 0xe0, 0xa0,
- 0x67, 0x30, 0x49, 0xc5, 0x2c, 0x57, 0x8b, 0xa9, 0xd9, 0xb8, 0x18, 0xd1, 0xf3, 0x8d, 0x60, 0xb9,
- 0x7a, 0xdf, 0x58, 0xa2, 0xa9, 0xff, 0x59, 0x00, 0x14, 0xf0, 0xae, 0x59, 0x66, 0x57, 0x67, 0xba,
- 0x65, 0xa2, 0x0f, 0xa0, 0xc4, 0x06, 0xb6, 0xef, 0x1d, 0x77, 0x7d, 0x83, 0xf6, 0x06, 0x36, 0x79,
- 0x7e, 0x56, 0x5b, 0x4e, 0x4b, 0x70, 0x0a, 0x16, 0x32, 0x68, 0x2b, 0x30, 0xb5, 0x20, 0xa4, 0xdf,
- 0x89, 0xab, 0x7e, 0x7e, 0x56, 0xcb, 0x08, 0xc7, 0xf5, 0x00, 0x29, 0x6e, 0x20, 0x3a, 0x01, 0x64,
- 0x68, 0x94, 0xed, 0x39, 0x9a, 0x49, 0x3d, 0x4d, 0x7a, 0x9f, 0xc8, 0x41, 0x78, 0x63, 0xb4, 0x49,
- 0xe3, 0x12, 0xcd, 0x5b, 0xd2, 0x0a, 0xb4, 0x95, 0x42, 0xc3, 0x19, 0x1a, 0x78, 0xbc, 0x73, 0x88,
- 0x46, 0x2d, 0xb3, 0x5a, 0x8a, 0xc7, 0x3b, 0x2c, 0x5a, 0xb1, 0xa4, 0xa2, 0xd7, 0xa1, 0xdc, 0x27,
- 0x94, 0x6a, 0x3d, 0x52, 0x9d, 0x10, 0x8c, 0x73, 0x92, 0xb1, 0xbc, 0xed, 0x35, 0x63, 0x9f, 0xae,
- 0xfe, 0x58, 0x81, 0x99, 0x60, 0xe4, 0x84, 0xb7, 0xff, 0x66, 0xca, 0x0f, 0xeb, 0xa3, 0x75, 0x89,
- 0x4b, 0x0b, 0x2f, 0x0c, 0xa2, 0xa2, 0xdf, 0x12, 0xf1, 0xc1, 0x6d, 0x7f, 0x2d, 0x15, 0xc4, 0x5a,
- 0xba, 0x37, 0xaa, 0xcb, 0xe4, 0x2c, 0xa1, 0x3f, 0x2b, 0x45, 0xcc, 0xe7, 0xae, 0x89, 0x3e, 0x86,
- 0x0a, 0x25, 0x06, 0xe9, 0x30, 0xcb, 0x91, 0xe6, 0xbf, 0x3d, 0xa2, 0xf9, 0xda, 0x01, 0x31, 0xda,
- 0x52, 0xb4, 0x79, 0x9d, 0xdb, 0xef, 0x7f, 0xe1, 0x00, 0x12, 0x7d, 0x08, 0x15, 0x46, 0xfa, 0xb6,
- 0xa1, 0x31, 0x3f, 0x06, 0xbd, 0x16, 0xed, 0x02, 0xf7, 0x1c, 0x0e, 0xd6, 0xb2, 0xba, 0x7b, 0x92,
- 0x4d, 0x2c, 0x9f, 0x60, 0x48, 0xfc, 0x56, 0x1c, 0xc0, 0xa0, 0x13, 0x98, 0x75, 0xed, 0x2e, 0xe7,
- 0x64, 0x3c, 0xe3, 0xf5, 0x06, 0xd2, 0x93, 0xde, 0x1b, 0x75, 0x6c, 0xf6, 0x63, 0xd2, 0xcd, 0x65,
- 0xa9, 0x6b, 0x36, 0xde, 0x8e, 0x13, 0x5a, 0xd0, 0x2a, 0xcc, 0xf5, 0x75, 0x93, 0x67, 0xae, 0x41,
- 0x9b, 0x74, 0x2c, 0xb3, 0x4b, 0x85, 0x5b, 0x4d, 0x34, 0x6f, 0x4a, 0x80, 0xb9, 0xed, 0x38, 0x19,
- 0x27, 0xf9, 0xd1, 0x77, 0x00, 0xf9, 0xdd, 0x78, 0xe2, 0x25, 0x6c, 0xdd, 0x32, 0x85, 0xcf, 0x15,
- 0x43, 0xe7, 0xde, 0x4b, 0x71, 0xe0, 0x0c, 0x29, 0xb4, 0x05, 0x4b, 0x0e, 0x39, 0xd1, 0x79, 0x1f,
- 0x9f, 0xea, 0x94, 0x59, 0xce, 0x60, 0x4b, 0xef, 0xeb, 0xac, 0x3a, 0x29, 0x6c, 0xaa, 0x9e, 0x9f,
- 0xd5, 0x96, 0x70, 0x06, 0x1d, 0x67, 0x4a, 0xa9, 0x7f, 0x3e, 0x09, 0x73, 0x89, 0x78, 0x83, 0x9e,
- 0xc1, 0x72, 0xc7, 0x4b, 0x4e, 0x3b, 0x6e, 0xff, 0x80, 0x38, 0xed, 0xce, 0x11, 0xe9, 0xba, 0x06,
- 0xe9, 0x0a, 0x47, 0x99, 0x68, 0xae, 0x48, 0x8b, 0x97, 0xd7, 0x32, 0xb9, 0x70, 0x8e, 0x34, 0x1f,
- 0x05, 0x53, 0x34, 0x6d, 0xeb, 0x94, 0x06, 0x98, 0x05, 0x81, 0x19, 0x8c, 0xc2, 0x4e, 0x8a, 0x03,
- 0x67, 0x48, 0x71, 0x1b, 0xbb, 0x84, 0xea, 0x0e, 0xe9, 0x26, 0x6d, 0x2c, 0xc6, 0x6d, 0x5c, 0xcf,
- 0xe4, 0xc2, 0x39, 0xd2, 0xe8, 0x5d, 0x98, 0xf6, 0xb4, 0x89, 0xf9, 0x93, 0x13, 0x1d, 0xa4, 0xc3,
- 0x9d, 0x90, 0x84, 0xa3, 0x7c, 0xbc, 0x6b, 0xd6, 0x01, 0x25, 0xce, 0x09, 0xe9, 0xe6, 0x4f, 0xf0,
- 0x6e, 0x8a, 0x03, 0x67, 0x48, 0xf1, 0xae, 0x79, 0x1e, 0x98, 0xea, 0xda, 0x64, 0xbc, 0x6b, 0xfb,
- 0x99, 0x5c, 0x38, 0x47, 0x9a, 0xfb, 0xb1, 0x67, 0xf2, 0xea, 0x89, 0xa6, 0x1b, 0xda, 0x81, 0x41,
- 0xaa, 0xe5, 0xb8, 0x1f, 0xef, 0xc4, 0xc9, 0x38, 0xc9, 0x8f, 0x9e, 0xc0, 0x82, 0xd7, 0xb4, 0x6f,
- 0x6a, 0x01, 0x48, 0x45, 0x80, 0x7c, 0x4d, 0x82, 0x2c, 0xec, 0x24, 0x19, 0x70, 0x5a, 0x06, 0x7d,
- 0x00, 0xb3, 0x1d, 0xcb, 0x30, 0x84, 0x3f, 0xae, 0x59, 0xae, 0xc9, 0xaa, 0x53, 0x02, 0x05, 0xf1,
- 0xf5, 0xb8, 0x16, 0xa3, 0xe0, 0x04, 0x27, 0x22, 0x00, 0x1d, 0x3f, 0xe1, 0xd0, 0x2a, 0x8c, 0x54,
- 0x6b, 0xa4, 0x93, 0x5e, 0x58, 0x03, 0x04, 0x4d, 0x14, 0x47, 0x80, 0xd5, 0x7f, 0x55, 0xe0, 0x66,
- 0x4e, 0xe8, 0x40, 0xdf, 0x8a, 0xa5, 0xd8, 0x5f, 0x4e, 0xa4, 0xd8, 0x57, 0x72, 0xc4, 0x22, 0x79,
- 0xd6, 0x84, 0x19, 0x87, 0xf7, 0xca, 0xec, 0x79, 0x2c, 0x32, 0x46, 0xbe, 0x3b, 0xa4, 0x1b, 0x38,
- 0x2a, 0x13, 0xc6, 0xfc, 0x85, 0xf3, 0xb3, 0xda, 0x4c, 0x8c, 0x86, 0xe3, 0xf0, 0xea, 0x5f, 0x14,
- 0x00, 0xd6, 0x89, 0x6d, 0x58, 0x83, 0x3e, 0x31, 0xaf, 0xa2, 0x86, 0xda, 0x8d, 0xd5, 0x50, 0x6f,
- 0x0e, 0x9b, 0x9e, 0xc0, 0xb4, 0xdc, 0x22, 0xea, 0xd7, 0x13, 0x45, 0x54, 0x63, 0x74, 0xc8, 0x8b,
- 0xab, 0xa8, 0x7f, 0x2f, 0xc2, 0x62, 0xc8, 0x1c, 0x96, 0x51, 0x8f, 0x62, 0x73, 0xfc, 0x4b, 0x89,
- 0x39, 0xbe, 0x99, 0x21, 0xf2, 0xd2, 0xea, 0xa8, 0x17, 0x5f, 0xcf, 0xa0, 0x4f, 0x61, 0x96, 0x17,
- 0x4e, 0x9e, 0x7b, 0x88, 0xb2, 0x6c, 0x72, 0xec, 0xb2, 0x2c, 0x48, 0xa0, 0x5b, 0x31, 0x24, 0x9c,
- 0x40, 0xce, 0x29, 0x03, 0xcb, 0x2f, 0xbb, 0x0c, 0x54, 0x3f, 0x53, 0x60, 0x36, 0x9c, 0xa6, 0x2b,
- 0x28, 0xda, 0x76, 0xe2, 0x45, 0xdb, 0xeb, 0x23, 0xbb, 0x68, 0x4e, 0xd5, 0xf6, 0xdf, 0xbc, 0xc0,
- 0x0f, 0x98, 0xf8, 0x02, 0x3f, 0xd0, 0x3a, 0xc7, 0x23, 0x6c, 0xff, 0x7e, 0xa8, 0x00, 0x92, 0x59,
- 0x60, 0xd5, 0x34, 0x2d, 0xa6, 0x79, 0xb1, 0xd2, 0x33, 0x6b, 0x73, 0x64, 0xb3, 0x7c, 0x8d, 0xf5,
- 0xfd, 0x14, 0xd6, 0x63, 0x93, 0x39, 0x83, 0x70, 0x46, 0xd2, 0x0c, 0x38, 0xc3, 0x00, 0xa4, 0x01,
- 0x38, 0x12, 0x73, 0xcf, 0x92, 0x0b, 0xf9, 0xcd, 0x11, 0x62, 0x1e, 0x17, 0x58, 0xb3, 0xcc, 0x43,
- 0xbd, 0x17, 0x86, 0x1d, 0x1c, 0x00, 0xe1, 0x08, 0xe8, 0xad, 0xc7, 0x70, 0x33, 0xc7, 0x5a, 0x34,
- 0x0f, 0xc5, 0x63, 0x32, 0xf0, 0x86, 0x0d, 0xf3, 0x9f, 0x68, 0x29, 0xba, 0x4d, 0x9e, 0x92, 0x3b,
- 0xdc, 0x0f, 0x0a, 0xef, 0x2b, 0xea, 0x8f, 0x27, 0xa2, 0xbe, 0x23, 0x2a, 0xe6, 0x7b, 0x50, 0x71,
- 0x88, 0x6d, 0xe8, 0x1d, 0x8d, 0xca, 0x42, 0xe8, 0xba, 0x77, 0xa4, 0xe1, 0xb5, 0xe1, 0x80, 0x1a,
- 0xab, 0xad, 0x0b, 0x2f, 0xb7, 0xb6, 0x2e, 0xbe, 0x98, 0xda, 0xfa, 0xb7, 0xa0, 0x42, 0xfd, 0xaa,
- 0xba, 0x24, 0x20, 0x1f, 0x8c, 0x11, 0x5f, 0x65, 0x41, 0x1d, 0x28, 0x08, 0x4a, 0xe9, 0x00, 0x34,
- 0xab, 0x88, 0x9e, 0x18, 0xb3, 0x88, 0x7e, 0xa1, 0x85, 0x2f, 0x8f, 0xa9, 0xb6, 0xe6, 0x52, 0xd2,
- 0x15, 0x81, 0xa8, 0x12, 0xc6, 0xd4, 0x96, 0x68, 0xc5, 0x92, 0x8a, 0x3e, 0x8e, 0xb9, 0x6c, 0xe5,
- 0x32, 0x2e, 0x3b, 0x9b, 0xef, 0xae, 0x68, 0x1f, 0x6e, 0xda, 0x8e, 0xd5, 0x73, 0x08, 0xa5, 0xeb,
- 0x44, 0xeb, 0x1a, 0xba, 0x49, 0xfc, 0xf1, 0xf1, 0x2a, 0xa2, 0x57, 0xce, 0xcf, 0x6a, 0x37, 0x5b,
- 0xd9, 0x2c, 0x38, 0x4f, 0x56, 0xfd, 0xbc, 0x04, 0xf3, 0xc9, 0x0c, 0x98, 0x53, 0xa4, 0x2a, 0x97,
- 0x2a, 0x52, 0xef, 0x47, 0x16, 0x83, 0x57, 0xc1, 0x47, 0xce, 0xf8, 0x52, 0x0b, 0x62, 0x15, 0xe6,
- 0x64, 0x34, 0xf0, 0x89, 0xb2, 0x4c, 0x0f, 0x66, 0x7f, 0x3f, 0x4e, 0xc6, 0x49, 0x7e, 0x5e, 0x7a,
- 0x86, 0x15, 0xa5, 0x0f, 0x52, 0x8a, 0x97, 0x9e, 0xab, 0x49, 0x06, 0x9c, 0x96, 0x41, 0xdb, 0xb0,
- 0xe8, 0x9a, 0x69, 0x28, 0xcf, 0x1b, 0x5f, 0x91, 0x50, 0x8b, 0xfb, 0x69, 0x16, 0x9c, 0x25, 0x87,
- 0x0e, 0x63, 0xd5, 0xe8, 0xa4, 0x88, 0xb0, 0x0f, 0x47, 0x5e, 0x3b, 0x23, 0x97, 0xa3, 0xe8, 0x11,
- 0xcc, 0x38, 0x62, 0xdf, 0xe1, 0x1b, 0xec, 0xd5, 0xee, 0x37, 0xa4, 0xd8, 0x0c, 0x8e, 0x12, 0x71,
- 0x9c, 0x37, 0xa3, 0xdc, 0xae, 0x8c, 0x5a, 0x6e, 0xab, 0xff, 0xac, 0x44, 0x93, 0x50, 0x50, 0x02,
- 0x0f, 0x3b, 0x65, 0x4a, 0x49, 0x44, 0xaa, 0x23, 0x2b, 0xbb, 0xfa, 0x7d, 0x6f, 0xac, 0xea, 0x37,
- 0x4c, 0x9e, 0xc3, 0xcb, 0xdf, 0x1f, 0x29, 0xb0, 0xbc, 0xd1, 0x7e, 0xe2, 0x58, 0xae, 0xed, 0x9b,
- 0xb3, 0x6b, 0x7b, 0xe3, 0xfa, 0x0d, 0x28, 0x39, 0xae, 0xe1, 0xf7, 0xe3, 0x35, 0xbf, 0x1f, 0xd8,
- 0x35, 0x78, 0x3f, 0x16, 0x13, 0x52, 0x5e, 0x27, 0xb8, 0x00, 0xda, 0x81, 0x49, 0x47, 0x33, 0x7b,
- 0xc4, 0x4f, 0xab, 0x77, 0x87, 0x58, 0xbf, 0xb9, 0x8e, 0x39, 0x7b, 0xa4, 0x78, 0x13, 0xd2, 0x58,
- 0xa2, 0xa8, 0x7f, 0xa4, 0xc0, 0xdc, 0xd3, 0xbd, 0xbd, 0xd6, 0xa6, 0x29, 0x56, 0xb4, 0x38, 0x7d,
- 0xbf, 0x03, 0x25, 0x5b, 0x63, 0x47, 0xc9, 0x4c, 0xcf, 0x69, 0x58, 0x50, 0xd0, 0x77, 0xa1, 0xcc,
- 0x23, 0x09, 0x31, 0xbb, 0x23, 0x96, 0xda, 0x12, 0xbe, 0xe9, 0x09, 0x85, 0x15, 0xa2, 0x6c, 0xc0,
- 0x3e, 0x9c, 0x7a, 0x0c, 0x4b, 0x11, 0x73, 0xf8, 0x78, 0x88, 0x63, 0x60, 0xd4, 0x86, 0x09, 0xae,
- 0xd9, 0x3f, 0xe5, 0x1d, 0x76, 0x98, 0x99, 0xe8, 0x52, 0x58, 0xe9, 0xf0, 0x2f, 0x8a, 0x3d, 0x2c,
- 0x75, 0x1b, 0x66, 0xc4, 0x95, 0x83, 0xe5, 0x30, 0x31, 0x2c, 0xe8, 0x36, 0x14, 0xfb, 0xba, 0x29,
- 0xf3, 0xec, 0xb4, 0x94, 0x29, 0xf2, 0x1c, 0xc1, 0xdb, 0x05, 0x59, 0x3b, 0x95, 0x91, 0x27, 0x24,
- 0x6b, 0xa7, 0x98, 0xb7, 0xab, 0x4f, 0xa0, 0x2c, 0x87, 0x3b, 0x0a, 0x54, 0xbc, 0x18, 0xa8, 0x98,
- 0x01, 0xb4, 0x0b, 0xe5, 0xcd, 0x56, 0xd3, 0xb0, 0xbc, 0xaa, 0xab, 0xa3, 0x77, 0x9d, 0xe4, 0x5c,
- 0xac, 0x6d, 0xae, 0x63, 0x2c, 0x28, 0x48, 0x85, 0x49, 0x72, 0xda, 0x21, 0x36, 0x13, 0x1e, 0x31,
- 0xd5, 0x04, 0x3e, 0xcb, 0x8f, 0x45, 0x0b, 0x96, 0x14, 0xf5, 0x8f, 0x0b, 0x50, 0x96, 0xc3, 0x71,
- 0x05, 0xbb, 0xb0, 0xad, 0xd8, 0x2e, 0xec, 0x8d, 0xd1, 0x5c, 0x23, 0x77, 0x0b, 0xb6, 0x97, 0xd8,
- 0x82, 0xdd, 0x1f, 0x11, 0xef, 0xe2, 0xfd, 0xd7, 0x3f, 0x28, 0x30, 0x1b, 0x77, 0x4a, 0xf4, 0x2e,
- 0x4c, 0xf3, 0x84, 0xa3, 0x77, 0xc8, 0x4e, 0x58, 0xe7, 0x06, 0x87, 0x30, 0xed, 0x90, 0x84, 0xa3,
- 0x7c, 0xa8, 0x17, 0x88, 0x71, 0x3f, 0x92, 0x9d, 0xce, 0x1f, 0x52, 0x97, 0xe9, 0x46, 0xdd, 0xbb,
- 0x46, 0xab, 0x6f, 0x9a, 0x6c, 0xd7, 0x69, 0x33, 0x47, 0x37, 0x7b, 0x29, 0x45, 0xc2, 0x29, 0xa3,
- 0xc8, 0xea, 0x3f, 0x29, 0x30, 0x2d, 0x4d, 0xbe, 0x82, 0x5d, 0xc5, 0xaf, 0xc5, 0x77, 0x15, 0x77,
- 0x47, 0x5c, 0xe0, 0xd9, 0x5b, 0x8a, 0xbf, 0x09, 0x4d, 0xe7, 0x4b, 0x9a, 0x7b, 0xf5, 0x91, 0x45,
- 0x59, 0xd2, 0xab, 0xf9, 0x62, 0xc4, 0x82, 0x82, 0x5c, 0x98, 0xd7, 0x13, 0x31, 0x40, 0x0e, 0x6d,
- 0x63, 0x34, 0x4b, 0x02, 0xb1, 0x66, 0x55, 0xc2, 0xcf, 0x27, 0x29, 0x38, 0xa5, 0x42, 0x25, 0x90,
- 0xe2, 0x42, 0x1f, 0x42, 0xe9, 0x88, 0x31, 0x3b, 0xe3, 0xbc, 0x7a, 0x48, 0xe4, 0x09, 0x4d, 0xa8,
- 0x88, 0xde, 0xed, 0xed, 0xb5, 0xb0, 0x80, 0x52, 0xff, 0x27, 0x1c, 0x8f, 0xb6, 0xe7, 0xe3, 0x41,
- 0x3c, 0x55, 0x2e, 0x13, 0x4f, 0xa7, 0xb3, 0x62, 0x29, 0x7a, 0x0a, 0x45, 0x66, 0x8c, 0xba, 0x2d,
- 0x94, 0x88, 0x7b, 0x5b, 0xed, 0x30, 0x20, 0xed, 0x6d, 0xb5, 0x31, 0x87, 0x40, 0xbb, 0x30, 0xc1,
- 0xb3, 0x0f, 0x5f, 0x82, 0xc5, 0xd1, 0x97, 0x34, 0xef, 0x7f, 0xe8, 0x10, 0xfc, 0x8b, 0x62, 0x0f,
- 0x47, 0xfd, 0x3e, 0xcc, 0xc4, 0xd6, 0x29, 0xfa, 0x04, 0xae, 0x1b, 0x96, 0xd6, 0x6d, 0x6a, 0x86,
- 0x66, 0x76, 0x88, 0x7f, 0x39, 0x70, 0x37, 0x6b, 0x87, 0xb1, 0x15, 0xe1, 0x93, 0xab, 0x3c, 0xb8,
- 0x4e, 0x8d, 0xd2, 0x70, 0x0c, 0x51, 0xd5, 0x00, 0xc2, 0x3e, 0xa2, 0x1a, 0x4c, 0x70, 0x3f, 0xf3,
- 0xf2, 0xc9, 0x54, 0x73, 0x8a, 0x5b, 0xc8, 0xdd, 0x8f, 0x62, 0xaf, 0x1d, 0x3d, 0x04, 0xa0, 0xa4,
- 0xe3, 0x10, 0x26, 0x82, 0x41, 0x21, 0x7e, 0x05, 0xdd, 0x0e, 0x28, 0x38, 0xc2, 0xa5, 0xfe, 0x8b,
- 0x02, 0x33, 0x3b, 0x84, 0xfd, 0xc0, 0x72, 0x8e, 0x5b, 0x96, 0xa1, 0x77, 0x06, 0x57, 0x10, 0x6c,
- 0x71, 0x2c, 0xd8, 0xbe, 0x35, 0x64, 0x66, 0x62, 0xd6, 0xe5, 0x85, 0x5c, 0xf5, 0x33, 0x05, 0x6e,
- 0xc6, 0x38, 0x1f, 0x87, 0x4b, 0x77, 0x1f, 0x26, 0x6c, 0xcb, 0x61, 0x7e, 0x22, 0x1e, 0x4b, 0x21,
- 0x0f, 0x63, 0x91, 0x54, 0xcc, 0x61, 0xb0, 0x87, 0x86, 0xb6, 0xa0, 0xc0, 0x2c, 0xe9, 0xaa, 0xe3,
- 0x61, 0x12, 0xe2, 0x34, 0x41, 0x62, 0x16, 0xf6, 0x2c, 0x5c, 0x60, 0x16, 0x9f, 0x88, 0x6a, 0x8c,
- 0x2b, 0x1a, 0x7c, 0x5e, 0x52, 0x0f, 0x30, 0x94, 0x0e, 0x1d, 0xab, 0x7f, 0xe9, 0x3e, 0x04, 0x13,
- 0xb1, 0xe1, 0x58, 0x7d, 0x2c, 0xb0, 0xd4, 0x9f, 0x28, 0xb0, 0x10, 0xe3, 0xbc, 0x82, 0xc0, 0xff,
- 0x61, 0x3c, 0xf0, 0xdf, 0x1f, 0xa7, 0x23, 0x39, 0xe1, 0xff, 0x27, 0x85, 0x44, 0x37, 0x78, 0x87,
- 0xd1, 0x21, 0x4c, 0xdb, 0x56, 0xb7, 0xfd, 0x02, 0xae, 0x03, 0xe7, 0x78, 0xde, 0x6c, 0x85, 0x58,
- 0x38, 0x0a, 0x8c, 0x4e, 0x61, 0xc1, 0xd4, 0xfa, 0x84, 0xda, 0x5a, 0x87, 0xb4, 0x5f, 0xc0, 0x01,
- 0xc9, 0x0d, 0x71, 0xdf, 0x90, 0x44, 0xc4, 0x69, 0x25, 0x68, 0x1b, 0xca, 0xba, 0x2d, 0xea, 0x38,
- 0x59, 0xbb, 0x0c, 0xcd, 0xa2, 0x5e, 0xd5, 0xe7, 0xc5, 0x73, 0xf9, 0x81, 0x7d, 0x0c, 0xf5, 0x6f,
- 0x93, 0xde, 0xc0, 0xfd, 0x0f, 0x3d, 0x81, 0x8a, 0x78, 0x84, 0xd3, 0xb1, 0x0c, 0xff, 0x66, 0x80,
- 0xcf, 0x6c, 0x4b, 0xb6, 0x3d, 0x3f, 0xab, 0xbd, 0x92, 0x71, 0xe8, 0xeb, 0x93, 0x71, 0x20, 0x8c,
- 0x76, 0xa0, 0x64, 0x7f, 0x95, 0x0a, 0x46, 0x24, 0x39, 0x51, 0xb6, 0x08, 0x1c, 0xf5, 0xf7, 0x8a,
- 0x09, 0x73, 0x45, 0xaa, 0xfb, 0xf4, 0x85, 0xcd, 0x7a, 0x50, 0x31, 0xe5, 0xce, 0xfc, 0x01, 0x94,
- 0x65, 0x86, 0x97, 0xce, 0xfc, 0x8d, 0x71, 0x9c, 0x39, 0x9a, 0xc5, 0x82, 0x0d, 0x8b, 0xdf, 0xe8,
- 0x03, 0xa3, 0xef, 0xc1, 0x24, 0xf1, 0x54, 0x78, 0xb9, 0xf1, 0xbd, 0x71, 0x54, 0x84, 0x71, 0x35,
- 0x2c, 0x54, 0x65, 0x9b, 0x44, 0x45, 0xdf, 0xe2, 0xe3, 0xc5, 0x79, 0xf9, 0x26, 0x90, 0x56, 0x4b,
- 0x22, 0x5d, 0xdd, 0xf6, 0xba, 0x1d, 0x34, 0x3f, 0x3f, 0xab, 0x41, 0xf8, 0x89, 0xa3, 0x12, 0xea,
- 0xbf, 0x29, 0xb0, 0x20, 0x46, 0xa8, 0xe3, 0x3a, 0x3a, 0x1b, 0x5c, 0x59, 0x62, 0x7a, 0x16, 0x4b,
- 0x4c, 0xef, 0x0c, 0x19, 0x96, 0x94, 0x85, 0xb9, 0xc9, 0xe9, 0xa7, 0x0a, 0xdc, 0x48, 0x71, 0x5f,
- 0x41, 0x5c, 0xdc, 0x8f, 0xc7, 0xc5, 0xb7, 0xc6, 0xed, 0x50, 0x4e, 0x6c, 0xfc, 0xab, 0xb9, 0x8c,
- 0xee, 0x88, 0x95, 0xf2, 0x10, 0xc0, 0x76, 0xf4, 0x13, 0xdd, 0x20, 0x3d, 0x79, 0x09, 0x5e, 0x89,
- 0x3c, 0x82, 0x0b, 0x28, 0x38, 0xc2, 0x85, 0x28, 0x2c, 0x77, 0xc9, 0xa1, 0xe6, 0x1a, 0x6c, 0xb5,
- 0xdb, 0x5d, 0xd3, 0x6c, 0xed, 0x40, 0x37, 0x74, 0xa6, 0xcb, 0xe3, 0x82, 0xa9, 0xe6, 0x23, 0xef,
- 0x72, 0x3a, 0x8b, 0xe3, 0xf9, 0x59, 0xed, 0x76, 0xd6, 0xed, 0x90, 0xcf, 0x32, 0xc0, 0x39, 0xd0,
- 0x68, 0x00, 0x55, 0x87, 0x7c, 0xdf, 0xd5, 0x1d, 0xd2, 0x5d, 0x77, 0x2c, 0x3b, 0xa6, 0xb6, 0x28,
- 0xd4, 0xfe, 0xea, 0xf9, 0x59, 0xad, 0x8a, 0x73, 0x78, 0x86, 0x2b, 0xce, 0x85, 0x47, 0x9f, 0xc2,
- 0xa2, 0xe6, 0xbd, 0x1d, 0x8c, 0x69, 0xf5, 0x56, 0xc9, 0xfb, 0xe7, 0x67, 0xb5, 0xc5, 0xd5, 0x34,
- 0x79, 0xb8, 0xc2, 0x2c, 0x50, 0xd4, 0x80, 0xf2, 0x89, 0x78, 0xd9, 0x48, 0xab, 0x13, 0x02, 0x9f,
- 0x27, 0x82, 0xb2, 0xf7, 0xd8, 0x91, 0x63, 0x4e, 0x6e, 0xb4, 0xc5, 0xea, 0xf3, 0xb9, 0xf8, 0x86,
- 0x92, 0xd7, 0x92, 0x72, 0xc5, 0x8b, 0x13, 0xe3, 0x4a, 0x18, 0xb5, 0x9e, 0x86, 0x24, 0x1c, 0xe5,
- 0x43, 0x1f, 0xc3, 0xd4, 0x91, 0x3c, 0x95, 0xa0, 0xd5, 0xf2, 0x48, 0x49, 0x38, 0x76, 0x8a, 0xd1,
- 0x5c, 0x90, 0x2a, 0xa6, 0xfc, 0x66, 0x8a, 0x43, 0x44, 0xf4, 0x3a, 0x94, 0xc5, 0xc7, 0xe6, 0xba,
- 0x38, 0x8e, 0xab, 0x84, 0xb1, 0xed, 0xa9, 0xd7, 0x8c, 0x7d, 0xba, 0xcf, 0xba, 0xd9, 0x5a, 0x13,
- 0xc7, 0xc2, 0x09, 0xd6, 0xcd, 0xd6, 0x1a, 0xf6, 0xe9, 0xe8, 0x13, 0x28, 0x53, 0xb2, 0xa5, 0x9b,
- 0xee, 0x69, 0x15, 0x46, 0xba, 0x54, 0x6e, 0x3f, 0x16, 0xdc, 0x89, 0x83, 0xb1, 0x50, 0x83, 0xa4,
- 0x63, 0x1f, 0x16, 0x1d, 0xc1, 0x94, 0xe3, 0x9a, 0xab, 0x74, 0x9f, 0x12, 0xa7, 0x3a, 0x2d, 0x74,
- 0x0c, 0x0b, 0xe7, 0xd8, 0xe7, 0x4f, 0x6a, 0x09, 0x46, 0x28, 0xe0, 0xc0, 0x21, 0x38, 0xfa, 0x43,
- 0x05, 0x10, 0x75, 0x6d, 0xdb, 0x20, 0x7d, 0x62, 0x32, 0xcd, 0x10, 0x67, 0x71, 0xb4, 0x7a, 0x5d,
- 0xe8, 0xfc, 0xf6, 0xb0, 0x7e, 0xa5, 0x04, 0x93, 0xca, 0x83, 0x43, 0xef, 0x34, 0x2b, 0xce, 0xd0,
- 0xcb, 0x87, 0xf6, 0x90, 0x8a, 0xdf, 0xd5, 0x99, 0x91, 0x86, 0x36, 0xfb, 0xcc, 0x31, 0x1c, 0x5a,
- 0x49, 0xc7, 0x3e, 0x2c, 0x7a, 0x06, 0xcb, 0xfe, 0xc3, 0x58, 0x6c, 0x59, 0x6c, 0x43, 0x37, 0x08,
- 0x1d, 0x50, 0x46, 0xfa, 0xd5, 0x59, 0x31, 0xed, 0xc1, 0xdb, 0x0f, 0x9c, 0xc9, 0x85, 0x73, 0xa4,
- 0x51, 0x1f, 0x6a, 0x7e, 0xc8, 0xe0, 0xeb, 0x29, 0x88, 0x59, 0x8f, 0x69, 0x47, 0x33, 0xbc, 0x7b,
- 0x80, 0x39, 0xa1, 0xe0, 0xb5, 0xf3, 0xb3, 0x5a, 0x6d, 0xfd, 0x62, 0x56, 0x3c, 0x0c, 0x0b, 0x7d,
- 0x17, 0xaa, 0x5a, 0x9e, 0x9e, 0x79, 0xa1, 0xe7, 0x55, 0x1e, 0x87, 0x72, 0x15, 0xe4, 0x4a, 0x23,
- 0x06, 0xf3, 0x5a, 0xfc, 0x89, 0x32, 0xad, 0x2e, 0x8c, 0x74, 0x10, 0x99, 0x78, 0xd9, 0x1c, 0x1e,
- 0x46, 0x24, 0x08, 0x14, 0xa7, 0x34, 0xa0, 0xdf, 0x06, 0xa4, 0x25, 0x5f, 0x55, 0xd3, 0x2a, 0x1a,
- 0x29, 0xfd, 0xa4, 0x9e, 0x63, 0x87, 0x6e, 0x97, 0x22, 0x51, 0x9c, 0xa1, 0x07, 0x6d, 0xc1, 0x92,
- 0x6c, 0xdd, 0x37, 0xa9, 0x76, 0x48, 0xda, 0x03, 0xda, 0x61, 0x06, 0xad, 0x2e, 0x8a, 0xd8, 0x27,
- 0x2e, 0xbe, 0x56, 0x33, 0xe8, 0x38, 0x53, 0x0a, 0x7d, 0x1b, 0xe6, 0x0f, 0x2d, 0xe7, 0x40, 0xef,
- 0x76, 0x89, 0xe9, 0x23, 0x2d, 0x09, 0xa4, 0x25, 0x3e, 0x1a, 0x1b, 0x09, 0x1a, 0x4e, 0x71, 0x23,
- 0x0a, 0x37, 0x24, 0x72, 0xcb, 0xb1, 0x3a, 0xdb, 0x96, 0x6b, 0x32, 0xaf, 0x24, 0xba, 0x11, 0xa4,
- 0x98, 0x1b, 0xab, 0x59, 0x0c, 0xcf, 0xcf, 0x6a, 0x77, 0xb2, 0x2b, 0xe0, 0x90, 0x09, 0x67, 0x63,
- 0x8b, 0x17, 0x2c, 0xf2, 0x3e, 0xe3, 0x6a, 0x5e, 0x01, 0x8f, 0xf7, 0x82, 0x25, 0x34, 0xed, 0x85,
- 0xbd, 0x60, 0x89, 0x40, 0x5e, 0x7c, 0x82, 0xfa, 0x5f, 0x05, 0x58, 0x0c, 0x99, 0x47, 0x7e, 0xc1,
- 0x92, 0x21, 0xf2, 0x8b, 0x97, 0xc0, 0xc3, 0x5f, 0x02, 0x7f, 0xa6, 0xc0, 0x6c, 0x38, 0x74, 0xff,
- 0xf7, 0x5e, 0x95, 0x84, 0xb6, 0xe5, 0xd4, 0xb9, 0x7f, 0x5f, 0x88, 0x76, 0xe0, 0xff, 0xfd, 0xd3,
- 0x86, 0xaf, 0xfe, 0x7c, 0x57, 0xfd, 0x69, 0x11, 0xe6, 0x93, 0xab, 0x31, 0x76, 0x03, 0xae, 0x0c,
- 0xbd, 0x01, 0x6f, 0xc1, 0xd2, 0xa1, 0x6b, 0x18, 0x03, 0x31, 0x0c, 0x91, 0x6b, 0x70, 0xef, 0x06,
- 0xeb, 0x55, 0x29, 0xb9, 0xb4, 0x91, 0xc1, 0x83, 0x33, 0x25, 0x73, 0x6e, 0xf3, 0x8b, 0x97, 0xba,
- 0xcd, 0x4f, 0x5d, 0x2e, 0x97, 0xc6, 0xb8, 0x5c, 0xce, 0xbc, 0x99, 0x9f, 0xb8, 0xc4, 0xcd, 0xfc,
- 0x65, 0xae, 0xd2, 0x33, 0x82, 0xd8, 0xd0, 0x97, 0x9d, 0xaf, 0xc2, 0x2d, 0x29, 0xc6, 0xc4, 0x2d,
- 0xb7, 0xc9, 0x1c, 0xcb, 0x30, 0x88, 0xb3, 0xee, 0xf6, 0xfb, 0x03, 0xf5, 0x9b, 0x30, 0x1b, 0x7f,
- 0xbf, 0xe1, 0xcd, 0xb4, 0xf7, 0x84, 0x44, 0xde, 0x23, 0x46, 0x66, 0xda, 0x6b, 0xc7, 0x01, 0x87,
- 0xfa, 0xfb, 0x0a, 0x2c, 0x67, 0xbf, 0xd3, 0x44, 0x06, 0xcc, 0xf6, 0xb5, 0xd3, 0xe8, 0xdb, 0x59,
- 0xe5, 0x92, 0x27, 0x3c, 0xe2, 0xe2, 0x7e, 0x3b, 0x86, 0x85, 0x13, 0xd8, 0xea, 0x97, 0x0a, 0xdc,
- 0xcc, 0xb9, 0x32, 0xbf, 0x5a, 0x4b, 0xd0, 0x47, 0x50, 0xe9, 0x6b, 0xa7, 0x6d, 0xd7, 0xe9, 0x91,
- 0x4b, 0x9f, 0x69, 0x89, 0x88, 0xb1, 0x2d, 0x51, 0x70, 0x80, 0xa7, 0xfe, 0x48, 0x81, 0x6a, 0xde,
- 0xee, 0x02, 0xbd, 0x1b, 0xbb, 0xdc, 0xff, 0x7a, 0xe2, 0x72, 0x7f, 0x21, 0x25, 0xf7, 0x92, 0xae,
- 0xf6, 0xff, 0x4e, 0x81, 0xe5, 0xec, 0x5d, 0x16, 0x7a, 0x3b, 0x66, 0x61, 0x2d, 0x61, 0xe1, 0x5c,
- 0x42, 0x4a, 0xda, 0xf7, 0x3d, 0x98, 0x95, 0x7b, 0x31, 0x09, 0x23, 0x47, 0x55, 0xcd, 0x8a, 0x95,
- 0x12, 0xc2, 0xdf, 0x7b, 0x88, 0xf9, 0x8a, 0xb7, 0xe1, 0x04, 0x9a, 0xfa, 0x07, 0x05, 0x98, 0x68,
- 0x77, 0x34, 0x83, 0x5c, 0x41, 0x99, 0xf5, 0x9d, 0x58, 0x99, 0x35, 0xec, 0x7f, 0x2e, 0xc2, 0xaa,
- 0xdc, 0x0a, 0x0b, 0x27, 0x2a, 0xac, 0x37, 0x46, 0x42, 0xbb, 0xb8, 0xb8, 0xfa, 0x15, 0x98, 0x0a,
- 0x94, 0x8e, 0x17, 0xf3, 0xd5, 0xbf, 0x2e, 0xc0, 0x74, 0x44, 0xc5, 0x98, 0x19, 0xe3, 0x30, 0x96,
- 0x69, 0x47, 0xf9, 0x77, 0x61, 0x44, 0x57, 0xdd, 0xcf, 0xad, 0xde, 0x3b, 0xcd, 0xf0, 0x65, 0x5e,
- 0x3a, 0xe5, 0x7e, 0x13, 0x66, 0x99, 0xf8, 0xf7, 0x5d, 0x70, 0x12, 0x5c, 0x14, 0xbe, 0x18, 0xbc,
- 0xee, 0xdd, 0x8b, 0x51, 0x71, 0x82, 0xfb, 0xd6, 0x23, 0x98, 0x89, 0x29, 0x1b, 0xeb, 0x99, 0xe5,
- 0x3f, 0x2a, 0xf0, 0xf5, 0xa1, 0xfb, 0x74, 0xd4, 0x8c, 0x2d, 0x92, 0x7a, 0x62, 0x91, 0xac, 0xe4,
- 0x03, 0xbc, 0xbc, 0xe7, 0x3a, 0xcd, 0x37, 0x3f, 0xff, 0x62, 0xe5, 0xda, 0xcf, 0xbe, 0x58, 0xb9,
- 0xf6, 0xf3, 0x2f, 0x56, 0xae, 0xfd, 0xee, 0xf9, 0x8a, 0xf2, 0xf9, 0xf9, 0x8a, 0xf2, 0xb3, 0xf3,
- 0x15, 0xe5, 0xe7, 0xe7, 0x2b, 0xca, 0x7f, 0x9c, 0xaf, 0x28, 0x7f, 0xf2, 0xe5, 0xca, 0xb5, 0x8f,
- 0xca, 0x12, 0xee, 0x7f, 0x03, 0x00, 0x00, 0xff, 0xff, 0xa7, 0xd7, 0xb5, 0x56, 0x5c, 0x3d, 0x00,
- 0x00,
+ 0x56, 0xef, 0xac, 0x2a, 0xbb, 0xca, 0xcf, 0xed, 0xaf, 0xb0, 0xdb, 0x5d, 0xd3, 0x33, 0xed, 0xea,
+ 0xcd, 0x91, 0x9a, 0x9e, 0xa1, 0xa7, 0x6a, 0xba, 0x67, 0xa6, 0xb7, 0x99, 0x16, 0xbb, 0xeb, 0xb2,
+ 0xfb, 0xc3, 0x8b, 0x3f, 0x6a, 0xa2, 0xec, 0x66, 0x19, 0x31, 0xcb, 0xa4, 0xab, 0xc2, 0xe5, 0x1c,
+ 0x67, 0x65, 0xe6, 0x66, 0x44, 0x7a, 0x5d, 0x12, 0x42, 0x1c, 0x00, 0x09, 0x09, 0x04, 0x1c, 0x96,
+ 0x8f, 0x1b, 0x2b, 0x24, 0x4e, 0x20, 0xb8, 0xc1, 0x61, 0x35, 0x12, 0xd2, 0x22, 0x8d, 0xd0, 0x22,
+ 0xed, 0x8d, 0x3d, 0x59, 0x8c, 0xf7, 0x84, 0xf8, 0x07, 0x50, 0x1f, 0x10, 0x8a, 0xc8, 0xc8, 0xef,
+ 0x4c, 0x57, 0x95, 0xa7, 0xdb, 0x42, 0x88, 0x9b, 0x2b, 0xde, 0x7b, 0xbf, 0xf7, 0x22, 0xe2, 0xc5,
+ 0x7b, 0x2f, 0x23, 0x9e, 0xe1, 0xc9, 0xd1, 0x43, 0x5a, 0xd7, 0xad, 0xc6, 0x91, 0xbb, 0x4f, 0x1c,
+ 0x93, 0x30, 0x42, 0x1b, 0xc7, 0xc4, 0xec, 0x5a, 0x4e, 0x43, 0x12, 0x34, 0x5b, 0x6f, 0x90, 0x13,
+ 0x46, 0x4c, 0xaa, 0x5b, 0x26, 0x6d, 0x1c, 0xdf, 0xdb, 0x27, 0x4c, 0xbb, 0xd7, 0xe8, 0x11, 0x93,
+ 0x38, 0x1a, 0x23, 0xdd, 0xba, 0xed, 0x58, 0xcc, 0x42, 0x37, 0x3d, 0xf6, 0xba, 0x66, 0xeb, 0xf5,
+ 0x90, 0xbd, 0x2e, 0xd9, 0x6f, 0xbc, 0xd3, 0xd3, 0xd9, 0xa1, 0xbb, 0x5f, 0xef, 0x58, 0xfd, 0x46,
+ 0xcf, 0xea, 0x59, 0x0d, 0x21, 0xb5, 0xef, 0x1e, 0x88, 0x5f, 0xe2, 0x87, 0xf8, 0xcb, 0x43, 0xbb,
+ 0xa1, 0x46, 0x94, 0x77, 0x2c, 0x87, 0x34, 0x8e, 0x53, 0x1a, 0x6f, 0xbc, 0x1f, 0xf2, 0xf4, 0xb5,
+ 0xce, 0xa1, 0x6e, 0x12, 0x67, 0xd0, 0xb0, 0x8f, 0x7a, 0x42, 0xc8, 0x21, 0xd4, 0x72, 0x9d, 0x0e,
+ 0x19, 0x4b, 0x8a, 0x36, 0xfa, 0x84, 0x69, 0x59, 0xba, 0x1a, 0x79, 0x52, 0x8e, 0x6b, 0x32, 0xbd,
+ 0x9f, 0x56, 0xf3, 0x60, 0x98, 0x00, 0xed, 0x1c, 0x92, 0xbe, 0x96, 0x92, 0x7b, 0x2f, 0x4f, 0xce,
+ 0x65, 0xba, 0xd1, 0xd0, 0x4d, 0x46, 0x99, 0x93, 0x14, 0x52, 0x1f, 0xc1, 0xc2, 0xaa, 0x61, 0x58,
+ 0xdf, 0x27, 0xdd, 0x27, 0x06, 0x39, 0x79, 0x6e, 0x19, 0x6e, 0x9f, 0xa0, 0xdb, 0x30, 0xd9, 0x75,
+ 0xf4, 0x63, 0xe2, 0x54, 0x95, 0x5b, 0xca, 0x9d, 0xa9, 0xe6, 0xec, 0x17, 0xa7, 0xb5, 0x2b, 0x67,
+ 0xa7, 0xb5, 0xc9, 0x75, 0x31, 0x8a, 0x25, 0x55, 0xa5, 0x30, 0x27, 0x85, 0x9f, 0x59, 0x94, 0xb5,
+ 0x34, 0x76, 0x88, 0xee, 0x03, 0xd8, 0x1a, 0x3b, 0x6c, 0x39, 0xe4, 0x40, 0x3f, 0x91, 0xe2, 0x48,
+ 0x8a, 0x43, 0x2b, 0xa0, 0xe0, 0x08, 0x17, 0xba, 0x0b, 0x15, 0x87, 0x68, 0xdd, 0x1d, 0xd3, 0x18,
+ 0x54, 0x0b, 0xb7, 0x94, 0x3b, 0x95, 0xe6, 0xbc, 0x94, 0xa8, 0x60, 0x39, 0x8e, 0x03, 0x0e, 0xf5,
+ 0x2f, 0x14, 0x78, 0x6d, 0xcd, 0xa5, 0xcc, 0xea, 0x6f, 0x11, 0xe6, 0xe8, 0x9d, 0x35, 0xd7, 0x71,
+ 0x88, 0xc9, 0xda, 0x4c, 0x63, 0x2e, 0x45, 0xb7, 0xa0, 0x64, 0x6a, 0x7d, 0x22, 0x35, 0x5f, 0x95,
+ 0x38, 0xa5, 0x6d, 0xad, 0x4f, 0xb0, 0xa0, 0xa0, 0x8f, 0x61, 0xe2, 0x58, 0x33, 0x5c, 0x22, 0x54,
+ 0x4d, 0xdf, 0xaf, 0xd7, 0x43, 0xef, 0x0b, 0x96, 0xad, 0x6e, 0x1f, 0xf5, 0x84, 0x3b, 0xfa, 0xbe,
+ 0x50, 0xff, 0xc8, 0xd5, 0x4c, 0xa6, 0xb3, 0x41, 0x73, 0x49, 0x42, 0x5e, 0x95, 0x7a, 0x9f, 0x73,
+ 0x2c, 0xec, 0x41, 0xaa, 0xbf, 0x05, 0x37, 0x73, 0x4d, 0xdb, 0xd4, 0x29, 0x43, 0x9f, 0xc0, 0x84,
+ 0xce, 0x48, 0x9f, 0x56, 0x95, 0x5b, 0xc5, 0x3b, 0xd3, 0xf7, 0x1f, 0xd6, 0xcf, 0x75, 0xfd, 0x7a,
+ 0x2e, 0x58, 0x73, 0x46, 0x9a, 0x31, 0xb1, 0xc1, 0xe1, 0xb0, 0x87, 0xaa, 0xfe, 0x89, 0x02, 0x28,
+ 0x2a, 0xb3, 0xab, 0x39, 0x3d, 0xc2, 0x46, 0x58, 0x94, 0x5f, 0xfb, 0x6a, 0x8b, 0xb2, 0x28, 0x21,
+ 0xa7, 0x3d, 0x85, 0xb1, 0x35, 0xb1, 0x61, 0x39, 0x6d, 0x92, 0x58, 0x8c, 0xe7, 0xf1, 0xc5, 0xb8,
+ 0x37, 0xc6, 0x62, 0x78, 0x28, 0x39, 0xab, 0xf0, 0x83, 0x02, 0x4c, 0xad, 0x6b, 0xa4, 0x6f, 0x99,
+ 0x6d, 0xc2, 0xd0, 0xa7, 0x50, 0xe1, 0x47, 0xb3, 0xab, 0x31, 0x4d, 0x2c, 0xc0, 0xf4, 0xfd, 0x77,
+ 0xcf, 0x9b, 0x1d, 0xad, 0x73, 0xee, 0xfa, 0xf1, 0xbd, 0xfa, 0xce, 0xfe, 0x67, 0xa4, 0xc3, 0xb6,
+ 0x08, 0xd3, 0x42, 0x0f, 0x0e, 0xc7, 0x70, 0x80, 0x8a, 0xb6, 0xa1, 0x44, 0x6d, 0xd2, 0x91, 0x6b,
+ 0x77, 0x77, 0xc8, 0x34, 0x02, 0xcb, 0xda, 0x36, 0xe9, 0x84, 0x9b, 0xc1, 0x7f, 0x61, 0x81, 0x83,
+ 0x9e, 0xc3, 0x24, 0x15, 0xbb, 0x5c, 0x2d, 0xa6, 0x76, 0xe3, 0x7c, 0x44, 0xcf, 0x37, 0x82, 0xe3,
+ 0xea, 0xfd, 0xc6, 0x12, 0x4d, 0xfd, 0x8f, 0x02, 0xa0, 0x80, 0x77, 0xcd, 0x32, 0xbb, 0x3a, 0xd3,
+ 0x2d, 0x13, 0x7d, 0x08, 0x25, 0x36, 0xb0, 0x7d, 0xef, 0xb8, 0xed, 0x1b, 0xb4, 0x3b, 0xb0, 0xc9,
+ 0x8b, 0xd3, 0xda, 0x72, 0x5a, 0x82, 0x53, 0xb0, 0x90, 0x41, 0x9b, 0x81, 0xa9, 0x05, 0x21, 0xfd,
+ 0x7e, 0x5c, 0xf5, 0x8b, 0xd3, 0x5a, 0x46, 0x38, 0xae, 0x07, 0x48, 0x71, 0x03, 0xd1, 0x31, 0x20,
+ 0x43, 0xa3, 0x6c, 0xd7, 0xd1, 0x4c, 0xea, 0x69, 0xd2, 0xfb, 0x44, 0x2e, 0xc2, 0xdb, 0xa3, 0x6d,
+ 0x1a, 0x97, 0x68, 0xde, 0x90, 0x56, 0xa0, 0xcd, 0x14, 0x1a, 0xce, 0xd0, 0xc0, 0xe3, 0x9d, 0x43,
+ 0x34, 0x6a, 0x99, 0xd5, 0x52, 0x3c, 0xde, 0x61, 0x31, 0x8a, 0x25, 0x15, 0xbd, 0x05, 0xe5, 0x3e,
+ 0xa1, 0x54, 0xeb, 0x91, 0xea, 0x84, 0x60, 0x9c, 0x93, 0x8c, 0xe5, 0x2d, 0x6f, 0x18, 0xfb, 0x74,
+ 0xf5, 0x47, 0x0a, 0xcc, 0x04, 0x2b, 0x27, 0xbc, 0xfd, 0xd7, 0x53, 0x7e, 0x58, 0x1f, 0x6d, 0x4a,
+ 0x5c, 0x5a, 0x78, 0x61, 0x10, 0x15, 0xfd, 0x91, 0x88, 0x0f, 0x6e, 0xf9, 0x67, 0xa9, 0x20, 0xce,
+ 0xd2, 0x9d, 0x51, 0x5d, 0x26, 0xe7, 0x08, 0xfd, 0x69, 0x29, 0x62, 0x3e, 0x77, 0x4d, 0xf4, 0x09,
+ 0x54, 0x28, 0x31, 0x48, 0x87, 0x59, 0x8e, 0x34, 0xff, 0xbd, 0x11, 0xcd, 0xd7, 0xf6, 0x89, 0xd1,
+ 0x96, 0xa2, 0xcd, 0xab, 0xdc, 0x7e, 0xff, 0x17, 0x0e, 0x20, 0xd1, 0x47, 0x50, 0x61, 0xa4, 0x6f,
+ 0x1b, 0x1a, 0xf3, 0x63, 0xd0, 0x9b, 0xd1, 0x29, 0x70, 0xcf, 0xe1, 0x60, 0x2d, 0xab, 0xbb, 0x2b,
+ 0xd9, 0xc4, 0xf1, 0x09, 0x96, 0xc4, 0x1f, 0xc5, 0x01, 0x0c, 0x3a, 0x86, 0x59, 0xd7, 0xee, 0x72,
+ 0x4e, 0xc6, 0x33, 0x5e, 0x6f, 0x20, 0x3d, 0xe9, 0xc1, 0xa8, 0x6b, 0xb3, 0x17, 0x93, 0x6e, 0x2e,
+ 0x4b, 0x5d, 0xb3, 0xf1, 0x71, 0x9c, 0xd0, 0x82, 0x56, 0x61, 0xae, 0xaf, 0x9b, 0x3c, 0x73, 0x0d,
+ 0xda, 0xa4, 0x63, 0x99, 0x5d, 0x2a, 0xdc, 0x6a, 0xa2, 0x79, 0x5d, 0x02, 0xcc, 0x6d, 0xc5, 0xc9,
+ 0x38, 0xc9, 0x8f, 0xbe, 0x0d, 0xc8, 0x9f, 0xc6, 0x53, 0x2f, 0x61, 0xeb, 0x96, 0x29, 0x7c, 0xae,
+ 0x18, 0x3a, 0xf7, 0x6e, 0x8a, 0x03, 0x67, 0x48, 0xa1, 0x4d, 0x58, 0x72, 0xc8, 0xb1, 0xce, 0xe7,
+ 0xf8, 0x4c, 0xa7, 0xcc, 0x72, 0x06, 0x9b, 0x7a, 0x5f, 0x67, 0xd5, 0x49, 0x61, 0x53, 0xf5, 0xec,
+ 0xb4, 0xb6, 0x84, 0x33, 0xe8, 0x38, 0x53, 0x4a, 0xfd, 0xb3, 0x49, 0x98, 0x4b, 0xc4, 0x1b, 0xf4,
+ 0x1c, 0x96, 0x3b, 0x5e, 0x72, 0xda, 0x76, 0xfb, 0xfb, 0xc4, 0x69, 0x77, 0x0e, 0x49, 0xd7, 0x35,
+ 0x48, 0x57, 0x38, 0xca, 0x44, 0x73, 0x45, 0x5a, 0xbc, 0xbc, 0x96, 0xc9, 0x85, 0x73, 0xa4, 0xf9,
+ 0x2a, 0x98, 0x62, 0x68, 0x4b, 0xa7, 0x34, 0xc0, 0x2c, 0x08, 0xcc, 0x60, 0x15, 0xb6, 0x53, 0x1c,
+ 0x38, 0x43, 0x8a, 0xdb, 0xd8, 0x25, 0x54, 0x77, 0x48, 0x37, 0x69, 0x63, 0x31, 0x6e, 0xe3, 0x7a,
+ 0x26, 0x17, 0xce, 0x91, 0x46, 0x1f, 0xc0, 0xb4, 0xa7, 0x4d, 0xec, 0x9f, 0xdc, 0xe8, 0x20, 0x1d,
+ 0x6e, 0x87, 0x24, 0x1c, 0xe5, 0xe3, 0x53, 0xb3, 0xf6, 0x29, 0x71, 0x8e, 0x49, 0x37, 0x7f, 0x83,
+ 0x77, 0x52, 0x1c, 0x38, 0x43, 0x8a, 0x4f, 0xcd, 0xf3, 0xc0, 0xd4, 0xd4, 0x26, 0xe3, 0x53, 0xdb,
+ 0xcb, 0xe4, 0xc2, 0x39, 0xd2, 0xdc, 0x8f, 0x3d, 0x93, 0x57, 0x8f, 0x35, 0xdd, 0xd0, 0xf6, 0x0d,
+ 0x52, 0x2d, 0xc7, 0xfd, 0x78, 0x3b, 0x4e, 0xc6, 0x49, 0x7e, 0xf4, 0x14, 0x16, 0xbc, 0xa1, 0x3d,
+ 0x53, 0x0b, 0x40, 0x2a, 0x02, 0xe4, 0x35, 0x09, 0xb2, 0xb0, 0x9d, 0x64, 0xc0, 0x69, 0x19, 0xf4,
+ 0x21, 0xcc, 0x76, 0x2c, 0xc3, 0x10, 0xfe, 0xb8, 0x66, 0xb9, 0x26, 0xab, 0x4e, 0x09, 0x14, 0xc4,
+ 0xcf, 0xe3, 0x5a, 0x8c, 0x82, 0x13, 0x9c, 0x88, 0x00, 0x74, 0xfc, 0x84, 0x43, 0xab, 0x30, 0x52,
+ 0xad, 0x91, 0x4e, 0x7a, 0x61, 0x0d, 0x10, 0x0c, 0x51, 0x1c, 0x01, 0x56, 0xff, 0x45, 0x81, 0xeb,
+ 0x39, 0xa1, 0x03, 0x7d, 0x33, 0x96, 0x62, 0x7f, 0x31, 0x91, 0x62, 0x5f, 0xcf, 0x11, 0x8b, 0xe4,
+ 0x59, 0x13, 0x66, 0x1c, 0x3e, 0x2b, 0xb3, 0xe7, 0xb1, 0xc8, 0x18, 0xf9, 0xc1, 0x90, 0x69, 0xe0,
+ 0xa8, 0x4c, 0x18, 0xf3, 0x17, 0xce, 0x4e, 0x6b, 0x33, 0x31, 0x1a, 0x8e, 0xc3, 0xab, 0x7f, 0x5e,
+ 0x00, 0x58, 0x27, 0xb6, 0x61, 0x0d, 0xfa, 0xc4, 0xbc, 0x8c, 0x1a, 0x6a, 0x27, 0x56, 0x43, 0xbd,
+ 0x33, 0x6c, 0x7b, 0x02, 0xd3, 0x72, 0x8b, 0xa8, 0x5f, 0x4d, 0x14, 0x51, 0x8d, 0xd1, 0x21, 0xcf,
+ 0xaf, 0xa2, 0xfe, 0xad, 0x08, 0x8b, 0x21, 0x73, 0x58, 0x46, 0x3d, 0x8a, 0xed, 0xf1, 0x2f, 0x24,
+ 0xf6, 0xf8, 0x7a, 0x86, 0xc8, 0x2b, 0xab, 0xa3, 0x5e, 0x7e, 0x3d, 0x83, 0x3e, 0x83, 0x59, 0x5e,
+ 0x38, 0x79, 0xee, 0x21, 0xca, 0xb2, 0xc9, 0xb1, 0xcb, 0xb2, 0x20, 0x81, 0x6e, 0xc6, 0x90, 0x70,
+ 0x02, 0x39, 0xa7, 0x0c, 0x2c, 0xbf, 0xea, 0x32, 0x50, 0xfd, 0x5c, 0x81, 0xd9, 0x70, 0x9b, 0x2e,
+ 0xa1, 0x68, 0xdb, 0x8e, 0x17, 0x6d, 0x6f, 0x8d, 0xec, 0xa2, 0x39, 0x55, 0xdb, 0x7f, 0xf1, 0x02,
+ 0x3f, 0x60, 0xe2, 0x07, 0x7c, 0x5f, 0xeb, 0x1c, 0x8d, 0xf0, 0xf9, 0xf7, 0x03, 0x05, 0x90, 0xcc,
+ 0x02, 0xab, 0xa6, 0x69, 0x31, 0xcd, 0x8b, 0x95, 0x9e, 0x59, 0x1b, 0x23, 0x9b, 0xe5, 0x6b, 0xac,
+ 0xef, 0xa5, 0xb0, 0x1e, 0x9b, 0xcc, 0x19, 0x84, 0x3b, 0x92, 0x66, 0xc0, 0x19, 0x06, 0x20, 0x0d,
+ 0xc0, 0x91, 0x98, 0xbb, 0x96, 0x3c, 0xc8, 0xef, 0x8c, 0x10, 0xf3, 0xb8, 0xc0, 0x9a, 0x65, 0x1e,
+ 0xe8, 0xbd, 0x30, 0xec, 0xe0, 0x00, 0x08, 0x47, 0x40, 0x6f, 0x3c, 0x86, 0xeb, 0x39, 0xd6, 0xa2,
+ 0x79, 0x28, 0x1e, 0x91, 0x81, 0xb7, 0x6c, 0x98, 0xff, 0x89, 0x96, 0xa2, 0x9f, 0xc9, 0x53, 0xf2,
+ 0x0b, 0xf7, 0xc3, 0xc2, 0x43, 0x45, 0xfd, 0xd1, 0x44, 0xd4, 0x77, 0x44, 0xc5, 0x7c, 0x07, 0x2a,
+ 0x0e, 0xb1, 0x0d, 0xbd, 0xa3, 0x51, 0x59, 0x08, 0x5d, 0xf5, 0xae, 0x34, 0xbc, 0x31, 0x1c, 0x50,
+ 0x63, 0xb5, 0x75, 0xe1, 0xd5, 0xd6, 0xd6, 0xc5, 0x97, 0x53, 0x5b, 0xff, 0x06, 0x54, 0xa8, 0x5f,
+ 0x55, 0x97, 0x04, 0xe4, 0xbd, 0x31, 0xe2, 0xab, 0x2c, 0xa8, 0x03, 0x05, 0x41, 0x29, 0x1d, 0x80,
+ 0x66, 0x15, 0xd1, 0x13, 0x63, 0x16, 0xd1, 0x2f, 0xb5, 0xf0, 0xe5, 0x31, 0xd5, 0xd6, 0x5c, 0x4a,
+ 0xba, 0x22, 0x10, 0x55, 0xc2, 0x98, 0xda, 0x12, 0xa3, 0x58, 0x52, 0xd1, 0x27, 0x31, 0x97, 0xad,
+ 0x5c, 0xc4, 0x65, 0x67, 0xf3, 0xdd, 0x15, 0xed, 0xc1, 0x75, 0xdb, 0xb1, 0x7a, 0x0e, 0xa1, 0x74,
+ 0x9d, 0x68, 0x5d, 0x43, 0x37, 0x89, 0xbf, 0x3e, 0x5e, 0x45, 0xf4, 0xfa, 0xd9, 0x69, 0xed, 0x7a,
+ 0x2b, 0x9b, 0x05, 0xe7, 0xc9, 0xaa, 0x5f, 0x94, 0x60, 0x3e, 0x99, 0x01, 0x73, 0x8a, 0x54, 0xe5,
+ 0x42, 0x45, 0xea, 0xdd, 0xc8, 0x61, 0xf0, 0x2a, 0xf8, 0xc8, 0x1d, 0x5f, 0xea, 0x40, 0xac, 0xc2,
+ 0x9c, 0x8c, 0x06, 0x3e, 0x51, 0x96, 0xe9, 0xc1, 0xee, 0xef, 0xc5, 0xc9, 0x38, 0xc9, 0xcf, 0x4b,
+ 0xcf, 0xb0, 0xa2, 0xf4, 0x41, 0x4a, 0xf1, 0xd2, 0x73, 0x35, 0xc9, 0x80, 0xd3, 0x32, 0x68, 0x0b,
+ 0x16, 0x5d, 0x33, 0x0d, 0xe5, 0x79, 0xe3, 0xeb, 0x12, 0x6a, 0x71, 0x2f, 0xcd, 0x82, 0xb3, 0xe4,
+ 0xd0, 0x41, 0xac, 0x1a, 0x9d, 0x14, 0x11, 0xf6, 0xfe, 0xc8, 0x67, 0x67, 0xe4, 0x72, 0x14, 0x3d,
+ 0x82, 0x19, 0x47, 0x7c, 0x77, 0xf8, 0x06, 0x7b, 0xb5, 0xfb, 0x35, 0x29, 0x36, 0x83, 0xa3, 0x44,
+ 0x1c, 0xe7, 0xcd, 0x28, 0xb7, 0x2b, 0xa3, 0x96, 0xdb, 0xea, 0x3f, 0x29, 0xd1, 0x24, 0x14, 0x94,
+ 0xc0, 0xc3, 0x6e, 0x99, 0x52, 0x12, 0x91, 0xea, 0xc8, 0xca, 0xae, 0x7e, 0x1f, 0x8c, 0x55, 0xfd,
+ 0x86, 0xc9, 0x73, 0x78, 0xf9, 0xfb, 0x43, 0x05, 0x96, 0x9f, 0xb4, 0x9f, 0x3a, 0x96, 0x6b, 0xfb,
+ 0xe6, 0xec, 0xd8, 0xde, 0xba, 0x7e, 0x1d, 0x4a, 0x8e, 0x6b, 0xf8, 0xf3, 0x78, 0xd3, 0x9f, 0x07,
+ 0x76, 0x0d, 0x3e, 0x8f, 0xc5, 0x84, 0x94, 0x37, 0x09, 0x2e, 0x80, 0xb6, 0x61, 0xd2, 0xd1, 0xcc,
+ 0x1e, 0xf1, 0xd3, 0xea, 0xed, 0x21, 0xd6, 0x6f, 0xac, 0x63, 0xce, 0x1e, 0x29, 0xde, 0x84, 0x34,
+ 0x96, 0x28, 0xea, 0x1f, 0x2a, 0x30, 0xf7, 0x6c, 0x77, 0xb7, 0xb5, 0x61, 0x8a, 0x13, 0x2d, 0x6e,
+ 0xdf, 0x6f, 0x41, 0xc9, 0xd6, 0xd8, 0x61, 0x32, 0xd3, 0x73, 0x1a, 0x16, 0x14, 0xf4, 0x1d, 0x28,
+ 0xf3, 0x48, 0x42, 0xcc, 0xee, 0x88, 0xa5, 0xb6, 0x84, 0x6f, 0x7a, 0x42, 0x61, 0x85, 0x28, 0x07,
+ 0xb0, 0x0f, 0xa7, 0x1e, 0xc1, 0x52, 0xc4, 0x1c, 0xbe, 0x1e, 0xe2, 0x1a, 0x18, 0xb5, 0x61, 0x82,
+ 0x6b, 0xf6, 0x6f, 0x79, 0x87, 0x5d, 0x66, 0x26, 0xa6, 0x14, 0x56, 0x3a, 0xfc, 0x17, 0xc5, 0x1e,
+ 0x96, 0xba, 0x05, 0x33, 0xe2, 0xc9, 0xc1, 0x72, 0x98, 0x58, 0x16, 0x74, 0x13, 0x8a, 0x7d, 0xdd,
+ 0x94, 0x79, 0x76, 0x5a, 0xca, 0x14, 0x79, 0x8e, 0xe0, 0xe3, 0x82, 0xac, 0x9d, 0xc8, 0xc8, 0x13,
+ 0x92, 0xb5, 0x13, 0xcc, 0xc7, 0xd5, 0xa7, 0x50, 0x96, 0xcb, 0x1d, 0x05, 0x2a, 0x9e, 0x0f, 0x54,
+ 0xcc, 0x00, 0xda, 0x81, 0xf2, 0x46, 0xab, 0x69, 0x58, 0x5e, 0xd5, 0xd5, 0xd1, 0xbb, 0x4e, 0x72,
+ 0x2f, 0xd6, 0x36, 0xd6, 0x31, 0x16, 0x14, 0xa4, 0xc2, 0x24, 0x39, 0xe9, 0x10, 0x9b, 0x09, 0x8f,
+ 0x98, 0x6a, 0x02, 0xdf, 0xe5, 0xc7, 0x62, 0x04, 0x4b, 0x8a, 0xfa, 0x47, 0x05, 0x28, 0xcb, 0xe5,
+ 0xb8, 0x84, 0xaf, 0xb0, 0xcd, 0xd8, 0x57, 0xd8, 0xdb, 0xa3, 0xb9, 0x46, 0xee, 0x27, 0xd8, 0x6e,
+ 0xe2, 0x13, 0xec, 0xee, 0x88, 0x78, 0xe7, 0x7f, 0x7f, 0xfd, 0xbd, 0x02, 0xb3, 0x71, 0xa7, 0x44,
+ 0x1f, 0xc0, 0x34, 0x4f, 0x38, 0x7a, 0x87, 0x6c, 0x87, 0x75, 0x6e, 0x70, 0x09, 0xd3, 0x0e, 0x49,
+ 0x38, 0xca, 0x87, 0x7a, 0x81, 0x18, 0xf7, 0x23, 0x39, 0xe9, 0xfc, 0x25, 0x75, 0x99, 0x6e, 0xd4,
+ 0xbd, 0x67, 0xb4, 0xfa, 0x86, 0xc9, 0x76, 0x9c, 0x36, 0x73, 0x74, 0xb3, 0x97, 0x52, 0x24, 0x9c,
+ 0x32, 0x8a, 0xac, 0xfe, 0xa3, 0x02, 0xd3, 0xd2, 0xe4, 0x4b, 0xf8, 0xaa, 0xf8, 0x95, 0xf8, 0x57,
+ 0xc5, 0xed, 0x11, 0x0f, 0x78, 0xf6, 0x27, 0xc5, 0x5f, 0x87, 0xa6, 0xf3, 0x23, 0xcd, 0xbd, 0xfa,
+ 0xd0, 0xa2, 0x2c, 0xe9, 0xd5, 0xfc, 0x30, 0x62, 0x41, 0x41, 0x2e, 0xcc, 0xeb, 0x89, 0x18, 0x20,
+ 0x97, 0xb6, 0x31, 0x9a, 0x25, 0x81, 0x58, 0xb3, 0x2a, 0xe1, 0xe7, 0x93, 0x14, 0x9c, 0x52, 0xa1,
+ 0x12, 0x48, 0x71, 0xa1, 0x8f, 0xa0, 0x74, 0xc8, 0x98, 0x9d, 0x71, 0x5f, 0x3d, 0x24, 0xf2, 0x84,
+ 0x26, 0x54, 0xc4, 0xec, 0x76, 0x77, 0x5b, 0x58, 0x40, 0xa9, 0xff, 0x1d, 0xae, 0x47, 0xdb, 0xf3,
+ 0xf1, 0x20, 0x9e, 0x2a, 0x17, 0x89, 0xa7, 0xd3, 0x59, 0xb1, 0x14, 0x3d, 0x83, 0x22, 0x33, 0x46,
+ 0xfd, 0x2c, 0x94, 0x88, 0xbb, 0x9b, 0xed, 0x30, 0x20, 0xed, 0x6e, 0xb6, 0x31, 0x87, 0x40, 0x3b,
+ 0x30, 0xc1, 0xb3, 0x0f, 0x3f, 0x82, 0xc5, 0xd1, 0x8f, 0x34, 0x9f, 0x7f, 0xe8, 0x10, 0xfc, 0x17,
+ 0xc5, 0x1e, 0x8e, 0xfa, 0x3d, 0x98, 0x89, 0x9d, 0x53, 0xf4, 0x29, 0x5c, 0x35, 0x2c, 0xad, 0xdb,
+ 0xd4, 0x0c, 0xcd, 0xec, 0x10, 0xff, 0x71, 0xe0, 0x76, 0xd6, 0x17, 0xc6, 0x66, 0x84, 0x4f, 0x9e,
+ 0xf2, 0xe0, 0x39, 0x35, 0x4a, 0xc3, 0x31, 0x44, 0x55, 0x03, 0x08, 0xe7, 0x88, 0x6a, 0x30, 0xc1,
+ 0xfd, 0xcc, 0xcb, 0x27, 0x53, 0xcd, 0x29, 0x6e, 0x21, 0x77, 0x3f, 0x8a, 0xbd, 0x71, 0x74, 0x1f,
+ 0x80, 0x92, 0x8e, 0x43, 0x98, 0x08, 0x06, 0x85, 0xf8, 0x13, 0x74, 0x3b, 0xa0, 0xe0, 0x08, 0x97,
+ 0xfa, 0xcf, 0x0a, 0xcc, 0x6c, 0x13, 0xf6, 0x7d, 0xcb, 0x39, 0x6a, 0x59, 0x86, 0xde, 0x19, 0x5c,
+ 0x42, 0xb0, 0xc5, 0xb1, 0x60, 0xfb, 0xee, 0x90, 0x9d, 0x89, 0x59, 0x97, 0x17, 0x72, 0xd5, 0xcf,
+ 0x15, 0xb8, 0x1e, 0xe3, 0x7c, 0x1c, 0x1e, 0xdd, 0x3d, 0x98, 0xb0, 0x2d, 0x87, 0xf9, 0x89, 0x78,
+ 0x2c, 0x85, 0x3c, 0x8c, 0x45, 0x52, 0x31, 0x87, 0xc1, 0x1e, 0x1a, 0xda, 0x84, 0x02, 0xb3, 0xa4,
+ 0xab, 0x8e, 0x87, 0x49, 0x88, 0xd3, 0x04, 0x89, 0x59, 0xd8, 0xb5, 0x70, 0x81, 0x59, 0x7c, 0x23,
+ 0xaa, 0x31, 0xae, 0x68, 0xf0, 0x79, 0x45, 0x33, 0xc0, 0x50, 0x3a, 0x70, 0xac, 0xfe, 0x85, 0xe7,
+ 0x10, 0x6c, 0xc4, 0x13, 0xc7, 0xea, 0x63, 0x81, 0xa5, 0xfe, 0x58, 0x81, 0x85, 0x18, 0xe7, 0x25,
+ 0x04, 0xfe, 0x8f, 0xe2, 0x81, 0xff, 0xee, 0x38, 0x13, 0xc9, 0x09, 0xff, 0x3f, 0x2e, 0x24, 0xa6,
+ 0xc1, 0x27, 0x8c, 0x0e, 0x60, 0xda, 0xb6, 0xba, 0xed, 0x97, 0xf0, 0x1c, 0x38, 0xc7, 0xf3, 0x66,
+ 0x2b, 0xc4, 0xc2, 0x51, 0x60, 0x74, 0x02, 0x0b, 0xa6, 0xd6, 0x27, 0xd4, 0xd6, 0x3a, 0xa4, 0xfd,
+ 0x12, 0x2e, 0x48, 0xae, 0x89, 0xf7, 0x86, 0x24, 0x22, 0x4e, 0x2b, 0x41, 0x5b, 0x50, 0xd6, 0x6d,
+ 0x51, 0xc7, 0xc9, 0xda, 0x65, 0x68, 0x16, 0xf5, 0xaa, 0x3e, 0x2f, 0x9e, 0xcb, 0x1f, 0xd8, 0xc7,
+ 0x50, 0xff, 0x26, 0xe9, 0x0d, 0xdc, 0xff, 0xd0, 0x53, 0xa8, 0x88, 0x26, 0x9c, 0x8e, 0x65, 0xf8,
+ 0x2f, 0x03, 0x7c, 0x67, 0x5b, 0x72, 0xec, 0xc5, 0x69, 0xed, 0xf5, 0x8c, 0x4b, 0x5f, 0x9f, 0x8c,
+ 0x03, 0x61, 0xb4, 0x0d, 0x25, 0xfb, 0xab, 0x54, 0x30, 0x22, 0xc9, 0x89, 0xb2, 0x45, 0xe0, 0xa8,
+ 0xbf, 0x53, 0x4c, 0x98, 0x2b, 0x52, 0xdd, 0x67, 0x2f, 0x6d, 0xd7, 0x83, 0x8a, 0x29, 0x77, 0xe7,
+ 0xf7, 0xa1, 0x2c, 0x33, 0xbc, 0x74, 0xe6, 0xaf, 0x8f, 0xe3, 0xcc, 0xd1, 0x2c, 0x16, 0x7c, 0xb0,
+ 0xf8, 0x83, 0x3e, 0x30, 0xfa, 0x2e, 0x4c, 0x12, 0x4f, 0x85, 0x97, 0x1b, 0x1f, 0x8c, 0xa3, 0x22,
+ 0x8c, 0xab, 0x61, 0xa1, 0x2a, 0xc7, 0x24, 0x2a, 0xfa, 0x26, 0x5f, 0x2f, 0xce, 0xcb, 0x3f, 0x02,
+ 0x69, 0xb5, 0x24, 0xd2, 0xd5, 0x4d, 0x6f, 0xda, 0xc1, 0xf0, 0x8b, 0xd3, 0x1a, 0x84, 0x3f, 0x71,
+ 0x54, 0x42, 0xfd, 0x57, 0x05, 0x16, 0xc4, 0x0a, 0x75, 0x5c, 0x47, 0x67, 0x83, 0x4b, 0x4b, 0x4c,
+ 0xcf, 0x63, 0x89, 0xe9, 0xfd, 0x21, 0xcb, 0x92, 0xb2, 0x30, 0x37, 0x39, 0xfd, 0x44, 0x81, 0x6b,
+ 0x29, 0xee, 0x4b, 0x88, 0x8b, 0x7b, 0xf1, 0xb8, 0xf8, 0xee, 0xb8, 0x13, 0xca, 0x89, 0x8d, 0xbf,
+ 0x3b, 0x9f, 0x31, 0x1d, 0x71, 0x52, 0xee, 0x03, 0xd8, 0x8e, 0x7e, 0xac, 0x1b, 0xa4, 0x27, 0x1f,
+ 0xc1, 0x2b, 0x91, 0x26, 0xb8, 0x80, 0x82, 0x23, 0x5c, 0x88, 0xc2, 0x72, 0x97, 0x1c, 0x68, 0xae,
+ 0xc1, 0x56, 0xbb, 0xdd, 0x35, 0xcd, 0xd6, 0xf6, 0x75, 0x43, 0x67, 0xba, 0xbc, 0x2e, 0x98, 0x6a,
+ 0x3e, 0xf2, 0x1e, 0xa7, 0xb3, 0x38, 0x5e, 0x9c, 0xd6, 0x6e, 0x66, 0xbd, 0x0e, 0xf9, 0x2c, 0x03,
+ 0x9c, 0x03, 0x8d, 0x06, 0x50, 0x75, 0xc8, 0xf7, 0x5c, 0xdd, 0x21, 0xdd, 0x75, 0xc7, 0xb2, 0x63,
+ 0x6a, 0x8b, 0x42, 0xed, 0x2f, 0x9f, 0x9d, 0xd6, 0xaa, 0x38, 0x87, 0x67, 0xb8, 0xe2, 0x5c, 0x78,
+ 0xf4, 0x19, 0x2c, 0x6a, 0x5e, 0xef, 0x60, 0x4c, 0xab, 0x77, 0x4a, 0x1e, 0x9e, 0x9d, 0xd6, 0x16,
+ 0x57, 0xd3, 0xe4, 0xe1, 0x0a, 0xb3, 0x40, 0x51, 0x03, 0xca, 0xc7, 0xa2, 0xb3, 0x91, 0x56, 0x27,
+ 0x04, 0x3e, 0x4f, 0x04, 0x65, 0xaf, 0xd9, 0x91, 0x63, 0x4e, 0x3e, 0x69, 0x8b, 0xd3, 0xe7, 0x73,
+ 0xf1, 0x0f, 0x4a, 0x5e, 0x4b, 0xca, 0x13, 0x2f, 0x6e, 0x8c, 0x2b, 0x61, 0xd4, 0x7a, 0x16, 0x92,
+ 0x70, 0x94, 0x0f, 0x7d, 0x02, 0x53, 0x87, 0xf2, 0x56, 0x82, 0x56, 0xcb, 0x23, 0x25, 0xe1, 0xd8,
+ 0x2d, 0x46, 0x73, 0x41, 0xaa, 0x98, 0xf2, 0x87, 0x29, 0x0e, 0x11, 0xd1, 0x5b, 0x50, 0x16, 0x3f,
+ 0x36, 0xd6, 0xc5, 0x75, 0x5c, 0x25, 0x8c, 0x6d, 0xcf, 0xbc, 0x61, 0xec, 0xd3, 0x7d, 0xd6, 0x8d,
+ 0xd6, 0x9a, 0xb8, 0x16, 0x4e, 0xb0, 0x6e, 0xb4, 0xd6, 0xb0, 0x4f, 0x47, 0x9f, 0x42, 0x99, 0x92,
+ 0x4d, 0xdd, 0x74, 0x4f, 0xaa, 0x30, 0xd2, 0xa3, 0x72, 0xfb, 0xb1, 0xe0, 0x4e, 0x5c, 0x8c, 0x85,
+ 0x1a, 0x24, 0x1d, 0xfb, 0xb0, 0xe8, 0x10, 0xa6, 0x1c, 0xd7, 0x5c, 0xa5, 0x7b, 0x94, 0x38, 0xd5,
+ 0x69, 0xa1, 0x63, 0x58, 0x38, 0xc7, 0x3e, 0x7f, 0x52, 0x4b, 0xb0, 0x42, 0x01, 0x07, 0x0e, 0xc1,
+ 0xd1, 0x1f, 0x28, 0x80, 0xa8, 0x6b, 0xdb, 0x06, 0xe9, 0x13, 0x93, 0x69, 0x86, 0xb8, 0x8b, 0xa3,
+ 0xd5, 0xab, 0x42, 0xe7, 0xb7, 0x86, 0xcd, 0x2b, 0x25, 0x98, 0x54, 0x1e, 0x5c, 0x7a, 0xa7, 0x59,
+ 0x71, 0x86, 0x5e, 0xbe, 0xb4, 0x07, 0x54, 0xfc, 0x5d, 0x9d, 0x19, 0x69, 0x69, 0xb3, 0xef, 0x1c,
+ 0xc3, 0xa5, 0x95, 0x74, 0xec, 0xc3, 0xa2, 0xe7, 0xb0, 0xec, 0x37, 0xc6, 0x62, 0xcb, 0x62, 0x4f,
+ 0x74, 0x83, 0xd0, 0x01, 0x65, 0xa4, 0x5f, 0x9d, 0x15, 0xdb, 0x1e, 0xf4, 0x7e, 0xe0, 0x4c, 0x2e,
+ 0x9c, 0x23, 0x8d, 0xfa, 0x50, 0xf3, 0x43, 0x06, 0x3f, 0x4f, 0x41, 0xcc, 0x7a, 0x4c, 0x3b, 0x9a,
+ 0xe1, 0xbd, 0x03, 0xcc, 0x09, 0x05, 0x6f, 0x9e, 0x9d, 0xd6, 0x6a, 0xeb, 0xe7, 0xb3, 0xe2, 0x61,
+ 0x58, 0xe8, 0x3b, 0x50, 0xd5, 0xf2, 0xf4, 0xcc, 0x0b, 0x3d, 0x6f, 0xf0, 0x38, 0x94, 0xab, 0x20,
+ 0x57, 0x1a, 0x31, 0x98, 0xd7, 0xe2, 0x2d, 0xca, 0xb4, 0xba, 0x30, 0xd2, 0x45, 0x64, 0xa2, 0xb3,
+ 0x39, 0xbc, 0x8c, 0x48, 0x10, 0x28, 0x4e, 0x69, 0x40, 0xbf, 0x09, 0x48, 0x4b, 0x76, 0x55, 0xd3,
+ 0x2a, 0x1a, 0x29, 0xfd, 0xa4, 0xda, 0xb1, 0x43, 0xb7, 0x4b, 0x91, 0x28, 0xce, 0xd0, 0x83, 0x36,
+ 0x61, 0x49, 0x8e, 0xee, 0x99, 0x54, 0x3b, 0x20, 0xed, 0x01, 0xed, 0x30, 0x83, 0x56, 0x17, 0x45,
+ 0xec, 0x13, 0x0f, 0x5f, 0xab, 0x19, 0x74, 0x9c, 0x29, 0x85, 0xbe, 0x05, 0xf3, 0x07, 0x96, 0xb3,
+ 0xaf, 0x77, 0xbb, 0xc4, 0xf4, 0x91, 0x96, 0x04, 0xd2, 0x12, 0x5f, 0x8d, 0x27, 0x09, 0x1a, 0x4e,
+ 0x71, 0x23, 0x0a, 0xd7, 0x24, 0x72, 0xcb, 0xb1, 0x3a, 0x5b, 0x96, 0x6b, 0x32, 0xaf, 0x24, 0xba,
+ 0x16, 0xa4, 0x98, 0x6b, 0xab, 0x59, 0x0c, 0x2f, 0x4e, 0x6b, 0xb7, 0xb2, 0x2b, 0xe0, 0x90, 0x09,
+ 0x67, 0x63, 0xa3, 0x43, 0x00, 0x11, 0x17, 0xbc, 0xe3, 0xb7, 0x2c, 0x8e, 0xdf, 0xc3, 0x51, 0xa2,
+ 0x4e, 0xe6, 0x09, 0xf4, 0x9e, 0xe4, 0x02, 0x32, 0x8e, 0x60, 0x8b, 0x5e, 0x19, 0xf9, 0x72, 0x72,
+ 0x39, 0xfd, 0xc6, 0xe3, 0xf5, 0xca, 0x84, 0xa6, 0xbd, 0xb4, 0x5e, 0x99, 0x08, 0xe4, 0xf9, 0x77,
+ 0xb5, 0xff, 0x59, 0x80, 0xc5, 0x90, 0x79, 0xe4, 0x5e, 0x99, 0x0c, 0x91, 0xff, 0xef, 0x39, 0x1e,
+ 0xde, 0x73, 0xfc, 0xb9, 0x02, 0xb3, 0xe1, 0xd2, 0xfd, 0xef, 0xeb, 0x5f, 0x09, 0x6d, 0xcb, 0xa9,
+ 0xa8, 0xff, 0xae, 0x10, 0x9d, 0xc0, 0xff, 0xf9, 0x26, 0x8a, 0xaf, 0xde, 0x28, 0xac, 0xfe, 0xa4,
+ 0x08, 0xf3, 0xc9, 0xd3, 0x18, 0x7b, 0x6b, 0x57, 0x86, 0xbe, 0xb5, 0xb7, 0x60, 0xe9, 0xc0, 0x35,
+ 0x8c, 0x81, 0x58, 0x86, 0xc8, 0x83, 0xbb, 0xf7, 0x56, 0xf6, 0x86, 0x94, 0x5c, 0x7a, 0x92, 0xc1,
+ 0x83, 0x33, 0x25, 0x73, 0xfa, 0x06, 0x8a, 0x17, 0xea, 0x1b, 0x48, 0x3d, 0x63, 0x97, 0xc6, 0x78,
+ 0xc6, 0xce, 0xec, 0x01, 0x98, 0xb8, 0x40, 0x0f, 0xc0, 0x45, 0x1e, 0xed, 0x33, 0x82, 0xd8, 0xd0,
+ 0x1e, 0xd2, 0x37, 0xe0, 0x86, 0x14, 0x63, 0xe2, 0x3d, 0xdd, 0x64, 0x8e, 0x65, 0x18, 0xc4, 0x59,
+ 0x77, 0xfb, 0xfd, 0x81, 0xfa, 0x0d, 0x98, 0x8d, 0x77, 0x8a, 0x78, 0x3b, 0xed, 0x35, 0xab, 0xc8,
+ 0x17, 0xcb, 0xc8, 0x4e, 0x7b, 0xe3, 0x38, 0xe0, 0x50, 0x7f, 0x4f, 0x81, 0xe5, 0xec, 0x8e, 0x50,
+ 0x64, 0xc0, 0x6c, 0x5f, 0x3b, 0x89, 0x76, 0xe9, 0x2a, 0x17, 0xbc, 0x4b, 0x12, 0x2d, 0x02, 0x5b,
+ 0x31, 0x2c, 0x9c, 0xc0, 0x56, 0x7f, 0xae, 0xc0, 0xf5, 0x9c, 0xc7, 0xf9, 0xcb, 0xb5, 0x04, 0x7d,
+ 0x0c, 0x95, 0xbe, 0x76, 0xd2, 0x76, 0x9d, 0x1e, 0xb9, 0xf0, 0xed, 0x99, 0x88, 0x18, 0x5b, 0x12,
+ 0x05, 0x07, 0x78, 0xea, 0x5f, 0x29, 0xf0, 0x5a, 0x6e, 0x45, 0x81, 0x1e, 0xc4, 0xfa, 0x08, 0xd4,
+ 0x44, 0x1f, 0x01, 0x4a, 0x0b, 0xbe, 0xa2, 0x36, 0x82, 0x1f, 0x2a, 0x50, 0xcd, 0xfb, 0xda, 0x42,
+ 0x1f, 0xc4, 0x8c, 0xfc, 0x5a, 0xc2, 0xc8, 0x85, 0x94, 0xdc, 0x2b, 0xb2, 0xf1, 0x6f, 0x15, 0x58,
+ 0xce, 0xfe, 0xea, 0x44, 0xef, 0xc5, 0x2c, 0xac, 0x25, 0x2c, 0x9c, 0x4b, 0x48, 0x49, 0xfb, 0xbe,
+ 0x0b, 0xb3, 0xf2, 0xdb, 0x54, 0xc2, 0xc8, 0xbd, 0x57, 0xb3, 0x22, 0xba, 0x84, 0xf0, 0x2b, 0x41,
+ 0xe1, 0x55, 0xf1, 0x31, 0x9c, 0x40, 0x53, 0x7f, 0xbf, 0x00, 0x13, 0xed, 0x8e, 0x66, 0x90, 0x4b,
+ 0x28, 0x06, 0xbf, 0x1d, 0x2b, 0x06, 0x87, 0xfd, 0xdf, 0x8f, 0xb0, 0x2a, 0xb7, 0x0e, 0xc4, 0x89,
+ 0x3a, 0xf0, 0xed, 0x91, 0xd0, 0xce, 0x2f, 0x01, 0x7f, 0x09, 0xa6, 0x02, 0xa5, 0xe3, 0x65, 0x26,
+ 0xf5, 0x2f, 0x0b, 0x30, 0x1d, 0x51, 0x31, 0x66, 0x5e, 0x3b, 0x88, 0xd5, 0x03, 0xa3, 0xfc, 0xb7,
+ 0x65, 0x44, 0x57, 0xdd, 0xaf, 0x00, 0xbc, 0xbe, 0xd5, 0xb0, 0x53, 0x31, 0x5d, 0x18, 0x7c, 0x03,
+ 0x66, 0x99, 0xf8, 0x6f, 0xc4, 0xe0, 0x66, 0xbc, 0x28, 0x7c, 0x31, 0xe8, 0x76, 0xde, 0x8d, 0x51,
+ 0x71, 0x82, 0xfb, 0xc6, 0x23, 0x98, 0x89, 0x29, 0x1b, 0xab, 0xed, 0xf4, 0x1f, 0x14, 0xf8, 0xda,
+ 0xd0, 0x7b, 0x0b, 0xd4, 0x8c, 0x1d, 0x92, 0x7a, 0xe2, 0x90, 0xac, 0xe4, 0x03, 0xbc, 0xba, 0xf6,
+ 0xa5, 0xe6, 0x3b, 0x5f, 0x7c, 0xb9, 0x72, 0xe5, 0xa7, 0x5f, 0xae, 0x5c, 0xf9, 0xd9, 0x97, 0x2b,
+ 0x57, 0x7e, 0xfb, 0x6c, 0x45, 0xf9, 0xe2, 0x6c, 0x45, 0xf9, 0xe9, 0xd9, 0x8a, 0xf2, 0xb3, 0xb3,
+ 0x15, 0xe5, 0xdf, 0xcf, 0x56, 0x94, 0x3f, 0xfe, 0xf9, 0xca, 0x95, 0x8f, 0xcb, 0x12, 0xee, 0x7f,
+ 0x02, 0x00, 0x00, 0xff, 0xff, 0x73, 0x7f, 0xfe, 0x70, 0x6c, 0x3e, 0x00, 0x00,
}
diff --git a/staging/src/k8s.io/api/extensions/v1beta1/generated.proto b/staging/src/k8s.io/api/extensions/v1beta1/generated.proto
index 18652ba19a..84fe2a7037 100644
--- a/staging/src/k8s.io/api/extensions/v1beta1/generated.proto
+++ b/staging/src/k8s.io/api/extensions/v1beta1/generated.proto
@@ -849,6 +849,12 @@ message PodSecurityPolicySpec {
// runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set.
optional RunAsUserStrategyOptions runAsUser = 11;
+ // RunAsGroup is the strategy that will dictate the allowable RunAsGroup values that may be set.
+ // If this field is omitted, the pod's RunAsGroup can take any value. This field requires the
+ // RunAsGroup feature gate to be enabled.
+ // +optional
+ optional RunAsGroupStrategyOptions runAsGroup = 22;
+
// supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.
optional SupplementalGroupsStrategyOptions supplementalGroups = 12;
@@ -1088,6 +1094,18 @@ message RollingUpdateDeployment {
optional k8s.io.apimachinery.pkg.util.intstr.IntOrString maxSurge = 2;
}
+// RunAsGroupStrategyOptions defines the strategy type and any options used to create the strategy.
+// Deprecated: use RunAsGroupStrategyOptions from policy API Group instead.
+message RunAsGroupStrategyOptions {
+ // rule is the strategy that will dictate the allowable RunAsGroup values that may be set.
+ optional string rule = 1;
+
+ // ranges are the allowed ranges of gids that may be used. If you would like to force a single gid
+ // then supply a single range with the same start and end. Required for MustRunAs.
+ // +optional
+ repeated IDRange ranges = 2;
+}
+
// RunAsUserStrategyOptions defines the strategy type and any options used to create the strategy.
// Deprecated: use RunAsUserStrategyOptions from policy API Group instead.
message RunAsUserStrategyOptions {
diff --git a/staging/src/k8s.io/api/extensions/v1beta1/types.go b/staging/src/k8s.io/api/extensions/v1beta1/types.go
index 9384b16fbc..63c78e2f58 100644
--- a/staging/src/k8s.io/api/extensions/v1beta1/types.go
+++ b/staging/src/k8s.io/api/extensions/v1beta1/types.go
@@ -920,6 +920,11 @@ type PodSecurityPolicySpec struct {
SELinux SELinuxStrategyOptions `json:"seLinux" protobuf:"bytes,10,opt,name=seLinux"`
// runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set.
RunAsUser RunAsUserStrategyOptions `json:"runAsUser" protobuf:"bytes,11,opt,name=runAsUser"`
+ // RunAsGroup is the strategy that will dictate the allowable RunAsGroup values that may be set.
+ // If this field is omitted, the pod's RunAsGroup can take any value. This field requires the
+ // RunAsGroup feature gate to be enabled.
+ // +optional
+ RunAsGroup *RunAsGroupStrategyOptions `json:"runAsGroup,omitempty" protobuf:"bytes,22,opt,name=runAsGroup"`
// supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.
SupplementalGroups SupplementalGroupsStrategyOptions `json:"supplementalGroups" protobuf:"bytes,12,opt,name=supplementalGroups"`
// fsGroup is the strategy that will dictate what fs group is used by the SecurityContext.
@@ -1074,6 +1079,17 @@ type RunAsUserStrategyOptions struct {
Ranges []IDRange `json:"ranges,omitempty" protobuf:"bytes,2,rep,name=ranges"`
}
+// RunAsGroupStrategyOptions defines the strategy type and any options used to create the strategy.
+// Deprecated: use RunAsGroupStrategyOptions from policy API Group instead.
+type RunAsGroupStrategyOptions struct {
+ // rule is the strategy that will dictate the allowable RunAsGroup values that may be set.
+ Rule RunAsGroupStrategy `json:"rule" protobuf:"bytes,1,opt,name=rule,casttype=RunAsGroupStrategy"`
+ // ranges are the allowed ranges of gids that may be used. If you would like to force a single gid
+ // then supply a single range with the same start and end. Required for MustRunAs.
+ // +optional
+ Ranges []IDRange `json:"ranges,omitempty" protobuf:"bytes,2,rep,name=ranges"`
+}
+
// IDRange provides a min/max of an allowed range of IDs.
// Deprecated: use IDRange from policy API Group instead.
type IDRange struct {
@@ -1100,6 +1116,23 @@ const (
RunAsUserStrategyRunAsAny RunAsUserStrategy = "RunAsAny"
)
+// RunAsGroupStrategy denotes strategy types for generating RunAsGroup values for a
+// Security Context.
+// Deprecated: use RunAsGroupStrategy from policy API Group instead.
+type RunAsGroupStrategy string
+
+const (
+ // RunAsGroupStrategyMayRunAs means that container does not need to run with a particular gid.
+ // However, when RunAsGroup are specified, they have to fall in the defined range.
+ RunAsGroupStrategyMayRunAs RunAsGroupStrategy = "MayRunAs"
+ // RunAsGroupStrategyMustRunAs means that container must run as a particular gid.
+ // Deprecated: use RunAsGroupStrategyMustRunAs from policy API Group instead.
+ RunAsGroupStrategyMustRunAs RunAsGroupStrategy = "MustRunAs"
+ // RunAsGroupStrategyRunAsAny means that container may make requests for any gid.
+ // Deprecated: use RunAsGroupStrategyRunAsAny from policy API Group instead.
+ RunAsGroupStrategyRunAsAny RunAsGroupStrategy = "RunAsAny"
+)
+
// FSGroupStrategyOptions defines the strategy type and options used to create the strategy.
// Deprecated: use FSGroupStrategyOptions from policy API Group instead.
type FSGroupStrategyOptions struct {
diff --git a/staging/src/k8s.io/api/extensions/v1beta1/types_swagger_doc_generated.go b/staging/src/k8s.io/api/extensions/v1beta1/types_swagger_doc_generated.go
index c535e96368..a6f5aaeeed 100644
--- a/staging/src/k8s.io/api/extensions/v1beta1/types_swagger_doc_generated.go
+++ b/staging/src/k8s.io/api/extensions/v1beta1/types_swagger_doc_generated.go
@@ -472,6 +472,7 @@ var map_PodSecurityPolicySpec = map[string]string{
"hostIPC": "hostIPC determines if the policy allows the use of HostIPC in the pod spec.",
"seLinux": "seLinux is the strategy that will dictate the allowable labels that may be set.",
"runAsUser": "runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set.",
+ "runAsGroup": "RunAsGroup is the strategy that will dictate the allowable RunAsGroup values that may be set. If this field is omitted, the pod's RunAsGroup can take any value. This field requires the RunAsGroup feature gate to be enabled.",
"supplementalGroups": "supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.",
"fsGroup": "fsGroup is the strategy that will dictate what fs group is used by the SecurityContext.",
"readOnlyRootFilesystem": "readOnlyRootFilesystem when set to true will force containers to run with a read only root file system. If the container specifically requests to run with a non-read only root file system the PSP should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to.",
@@ -584,6 +585,16 @@ func (RollingUpdateDeployment) SwaggerDoc() map[string]string {
return map_RollingUpdateDeployment
}
+var map_RunAsGroupStrategyOptions = map[string]string{
+ "": "RunAsGroupStrategyOptions defines the strategy type and any options used to create the strategy. Deprecated: use RunAsGroupStrategyOptions from policy API Group instead.",
+ "rule": "rule is the strategy that will dictate the allowable RunAsGroup values that may be set.",
+ "ranges": "ranges are the allowed ranges of gids that may be used. If you would like to force a single gid then supply a single range with the same start and end. Required for MustRunAs.",
+}
+
+func (RunAsGroupStrategyOptions) SwaggerDoc() map[string]string {
+ return map_RunAsGroupStrategyOptions
+}
+
var map_RunAsUserStrategyOptions = map[string]string{
"": "RunAsUserStrategyOptions defines the strategy type and any options used to create the strategy. Deprecated: use RunAsUserStrategyOptions from policy API Group instead.",
"rule": "rule is the strategy that will dictate the allowable RunAsUser values that may be set.",
diff --git a/staging/src/k8s.io/api/extensions/v1beta1/zz_generated.deepcopy.go b/staging/src/k8s.io/api/extensions/v1beta1/zz_generated.deepcopy.go
index 65801c23ed..0e4e82fafb 100644
--- a/staging/src/k8s.io/api/extensions/v1beta1/zz_generated.deepcopy.go
+++ b/staging/src/k8s.io/api/extensions/v1beta1/zz_generated.deepcopy.go
@@ -1102,6 +1102,11 @@ func (in *PodSecurityPolicySpec) DeepCopyInto(out *PodSecurityPolicySpec) {
}
in.SELinux.DeepCopyInto(&out.SELinux)
in.RunAsUser.DeepCopyInto(&out.RunAsUser)
+ if in.RunAsGroup != nil {
+ in, out := &in.RunAsGroup, &out.RunAsGroup
+ *out = new(RunAsGroupStrategyOptions)
+ (*in).DeepCopyInto(*out)
+ }
in.SupplementalGroups.DeepCopyInto(&out.SupplementalGroups)
in.FSGroup.DeepCopyInto(&out.FSGroup)
if in.DefaultAllowPrivilegeEscalation != nil {
@@ -1368,6 +1373,27 @@ func (in *RollingUpdateDeployment) DeepCopy() *RollingUpdateDeployment {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *RunAsGroupStrategyOptions) DeepCopyInto(out *RunAsGroupStrategyOptions) {
+ *out = *in
+ if in.Ranges != nil {
+ in, out := &in.Ranges, &out.Ranges
+ *out = make([]IDRange, len(*in))
+ copy(*out, *in)
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RunAsGroupStrategyOptions.
+func (in *RunAsGroupStrategyOptions) DeepCopy() *RunAsGroupStrategyOptions {
+ if in == nil {
+ return nil
+ }
+ out := new(RunAsGroupStrategyOptions)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *RunAsUserStrategyOptions) DeepCopyInto(out *RunAsUserStrategyOptions) {
*out = *in
diff --git a/staging/src/k8s.io/api/policy/v1beta1/generated.pb.go b/staging/src/k8s.io/api/policy/v1beta1/generated.pb.go
index d7d62dd3ab..b320bd158e 100644
--- a/staging/src/k8s.io/api/policy/v1beta1/generated.pb.go
+++ b/staging/src/k8s.io/api/policy/v1beta1/generated.pb.go
@@ -38,6 +38,7 @@ limitations under the License.
PodSecurityPolicy
PodSecurityPolicyList
PodSecurityPolicySpec
+ RunAsGroupStrategyOptions
RunAsUserStrategyOptions
SELinuxStrategyOptions
SupplementalGroupsStrategyOptions
@@ -125,20 +126,26 @@ func (m *PodSecurityPolicySpec) Reset() { *m = PodSecurityPol
func (*PodSecurityPolicySpec) ProtoMessage() {}
func (*PodSecurityPolicySpec) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{12} }
+func (m *RunAsGroupStrategyOptions) Reset() { *m = RunAsGroupStrategyOptions{} }
+func (*RunAsGroupStrategyOptions) ProtoMessage() {}
+func (*RunAsGroupStrategyOptions) Descriptor() ([]byte, []int) {
+ return fileDescriptorGenerated, []int{13}
+}
+
func (m *RunAsUserStrategyOptions) Reset() { *m = RunAsUserStrategyOptions{} }
func (*RunAsUserStrategyOptions) ProtoMessage() {}
func (*RunAsUserStrategyOptions) Descriptor() ([]byte, []int) {
- return fileDescriptorGenerated, []int{13}
+ return fileDescriptorGenerated, []int{14}
}
func (m *SELinuxStrategyOptions) Reset() { *m = SELinuxStrategyOptions{} }
func (*SELinuxStrategyOptions) ProtoMessage() {}
-func (*SELinuxStrategyOptions) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{14} }
+func (*SELinuxStrategyOptions) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{15} }
func (m *SupplementalGroupsStrategyOptions) Reset() { *m = SupplementalGroupsStrategyOptions{} }
func (*SupplementalGroupsStrategyOptions) ProtoMessage() {}
func (*SupplementalGroupsStrategyOptions) Descriptor() ([]byte, []int) {
- return fileDescriptorGenerated, []int{15}
+ return fileDescriptorGenerated, []int{16}
}
func init() {
@@ -155,6 +162,7 @@ func init() {
proto.RegisterType((*PodSecurityPolicy)(nil), "k8s.io.api.policy.v1beta1.PodSecurityPolicy")
proto.RegisterType((*PodSecurityPolicyList)(nil), "k8s.io.api.policy.v1beta1.PodSecurityPolicyList")
proto.RegisterType((*PodSecurityPolicySpec)(nil), "k8s.io.api.policy.v1beta1.PodSecurityPolicySpec")
+ proto.RegisterType((*RunAsGroupStrategyOptions)(nil), "k8s.io.api.policy.v1beta1.RunAsGroupStrategyOptions")
proto.RegisterType((*RunAsUserStrategyOptions)(nil), "k8s.io.api.policy.v1beta1.RunAsUserStrategyOptions")
proto.RegisterType((*SELinuxStrategyOptions)(nil), "k8s.io.api.policy.v1beta1.SELinuxStrategyOptions")
proto.RegisterType((*SupplementalGroupsStrategyOptions)(nil), "k8s.io.api.policy.v1beta1.SupplementalGroupsStrategyOptions")
@@ -853,6 +861,52 @@ func (m *PodSecurityPolicySpec) MarshalTo(dAtA []byte) (int, error) {
i += copy(dAtA[i:], s)
}
}
+ if m.RunAsGroup != nil {
+ dAtA[i] = 0xb2
+ i++
+ dAtA[i] = 0x1
+ i++
+ i = encodeVarintGenerated(dAtA, i, uint64(m.RunAsGroup.Size()))
+ n18, err := m.RunAsGroup.MarshalTo(dAtA[i:])
+ if err != nil {
+ return 0, err
+ }
+ i += n18
+ }
+ return i, nil
+}
+
+func (m *RunAsGroupStrategyOptions) Marshal() (dAtA []byte, err error) {
+ size := m.Size()
+ dAtA = make([]byte, size)
+ n, err := m.MarshalTo(dAtA)
+ if err != nil {
+ return nil, err
+ }
+ return dAtA[:n], nil
+}
+
+func (m *RunAsGroupStrategyOptions) MarshalTo(dAtA []byte) (int, error) {
+ var i int
+ _ = i
+ var l int
+ _ = l
+ dAtA[i] = 0xa
+ i++
+ i = encodeVarintGenerated(dAtA, i, uint64(len(m.Rule)))
+ i += copy(dAtA[i:], m.Rule)
+ if len(m.Ranges) > 0 {
+ for _, msg := range m.Ranges {
+ dAtA[i] = 0x12
+ i++
+ i = encodeVarintGenerated(dAtA, i, uint64(msg.Size()))
+ n, err := msg.MarshalTo(dAtA[i:])
+ if err != nil {
+ return 0, err
+ }
+ i += n
+ }
+ }
return i, nil
}
@@ -913,11 +967,11 @@ func (m *SELinuxStrategyOptions) MarshalTo(dAtA []byte) (int, error) {
dAtA[i] = 0x12
i++
i = encodeVarintGenerated(dAtA, i, uint64(m.SELinuxOptions.Size()))
- n18, err := m.SELinuxOptions.MarshalTo(dAtA[i:])
+ n19, err := m.SELinuxOptions.MarshalTo(dAtA[i:])
if err != nil {
return 0, err
}
- i += n18
+ i += n19
}
return i, nil
}
@@ -1212,6 +1266,24 @@ func (m *PodSecurityPolicySpec) Size() (n int) {
n += 2 + l + sovGenerated(uint64(l))
}
}
+ if m.RunAsGroup != nil {
+ l = m.RunAsGroup.Size()
+ n += 2 + l + sovGenerated(uint64(l))
+ }
+ return n
+}
+
+func (m *RunAsGroupStrategyOptions) Size() (n int) {
+ var l int
+ _ = l
+ l = len(m.Rule)
+ n += 1 + l + sovGenerated(uint64(l))
+ if len(m.Ranges) > 0 {
+ for _, e := range m.Ranges {
+ l = e.Size()
+ n += 1 + l + sovGenerated(uint64(l))
+ }
+ }
return n
}
@@ -1441,6 +1513,18 @@ func (this *PodSecurityPolicySpec) String() string {
`AllowedUnsafeSysctls:` + fmt.Sprintf("%v", this.AllowedUnsafeSysctls) + `,`,
`ForbiddenSysctls:` + fmt.Sprintf("%v", this.ForbiddenSysctls) + `,`,
`AllowedProcMountTypes:` + fmt.Sprintf("%v", this.AllowedProcMountTypes) + `,`,
+ `RunAsGroup:` + strings.Replace(fmt.Sprintf("%v", this.RunAsGroup), "RunAsGroupStrategyOptions", "RunAsGroupStrategyOptions", 1) + `,`,
+ `}`,
+ }, "")
+ return s
+}
+func (this *RunAsGroupStrategyOptions) String() string {
+ if this == nil {
+ return "nil"
+ }
+ s := strings.Join([]string{`&RunAsGroupStrategyOptions{`,
+ `Rule:` + fmt.Sprintf("%v", this.Rule) + `,`,
+ `Ranges:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Ranges), "IDRange", "IDRange", 1), `&`, ``, 1) + `,`,
`}`,
}, "")
return s
@@ -3537,6 +3621,149 @@ func (m *PodSecurityPolicySpec) Unmarshal(dAtA []byte) error {
}
m.AllowedProcMountTypes = append(m.AllowedProcMountTypes, k8s_io_api_core_v1.ProcMountType(dAtA[iNdEx:postIndex]))
iNdEx = postIndex
+ case 22:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field RunAsGroup", wireType)
+ }
+ var msglen int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ msglen |= (int(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ if msglen < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ postIndex := iNdEx + msglen
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ if m.RunAsGroup == nil {
+ m.RunAsGroup = &RunAsGroupStrategyOptions{}
+ }
+ if err := m.RunAsGroup.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+ return err
+ }
+ iNdEx = postIndex
+ default:
+ iNdEx = preIndex
+ skippy, err := skipGenerated(dAtA[iNdEx:])
+ if err != nil {
+ return err
+ }
+ if skippy < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ if (iNdEx + skippy) > l {
+ return io.ErrUnexpectedEOF
+ }
+ iNdEx += skippy
+ }
+ }
+
+ if iNdEx > l {
+ return io.ErrUnexpectedEOF
+ }
+ return nil
+}
+func (m *RunAsGroupStrategyOptions) Unmarshal(dAtA []byte) error {
+ l := len(dAtA)
+ iNdEx := 0
+ for iNdEx < l {
+ preIndex := iNdEx
+ var wire uint64
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ wire |= (uint64(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ fieldNum := int32(wire >> 3)
+ wireType := int(wire & 0x7)
+ if wireType == 4 {
+ return fmt.Errorf("proto: RunAsGroupStrategyOptions: wiretype end group for non-group")
+ }
+ if fieldNum <= 0 {
+ return fmt.Errorf("proto: RunAsGroupStrategyOptions: illegal tag %d (wire type %d)", fieldNum, wire)
+ }
+ switch fieldNum {
+ case 1:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field Rule", wireType)
+ }
+ var stringLen uint64
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ stringLen |= (uint64(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ intStringLen := int(stringLen)
+ if intStringLen < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ postIndex := iNdEx + intStringLen
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ m.Rule = RunAsGroupStrategy(dAtA[iNdEx:postIndex])
+ iNdEx = postIndex
+ case 2:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field Ranges", wireType)
+ }
+ var msglen int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ msglen |= (int(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ if msglen < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ postIndex := iNdEx + msglen
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ m.Ranges = append(m.Ranges, IDRange{})
+ if err := m.Ranges[len(m.Ranges)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+ return err
+ }
+ iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipGenerated(dAtA[iNdEx:])
@@ -4000,113 +4227,115 @@ func init() {
}
var fileDescriptorGenerated = []byte{
- // 1715 bytes of a gzipped FileDescriptorProto
- 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x58, 0x4f, 0x6f, 0x1b, 0xc7,
- 0x15, 0xd7, 0x9a, 0x92, 0x48, 0x8d, 0x24, 0x5a, 0x1a, 0xfd, 0xe9, 0x46, 0xa8, 0xb9, 0x0e, 0x03,
- 0x14, 0x6e, 0x90, 0x2c, 0x63, 0x39, 0x69, 0x8d, 0xa6, 0x2d, 0xa2, 0x35, 0x25, 0x5b, 0x81, 0x55,
- 0xb1, 0x43, 0x3b, 0x68, 0x0b, 0xb7, 0xe8, 0x70, 0x77, 0x44, 0x4e, 0xb4, 0xdc, 0xdd, 0xce, 0xcc,
- 0x32, 0xe4, 0xad, 0x87, 0x1e, 0x7a, 0xec, 0x17, 0xc8, 0x27, 0x28, 0x7a, 0xea, 0x97, 0x50, 0x81,
- 0xa2, 0xc8, 0x31, 0xe8, 0x81, 0xa8, 0x59, 0xf4, 0x4b, 0xf8, 0xd2, 0x60, 0x87, 0xb3, 0x24, 0xf7,
- 0x0f, 0x29, 0x2b, 0x40, 0x7c, 0xdb, 0x9d, 0xf7, 0xfb, 0xfd, 0xde, 0x9b, 0x37, 0x6f, 0xde, 0xce,
- 0x0e, 0xb0, 0x2e, 0x1f, 0x72, 0x93, 0xfa, 0xb5, 0xcb, 0xb0, 0x45, 0x98, 0x47, 0x04, 0xe1, 0xb5,
- 0x1e, 0xf1, 0x1c, 0x9f, 0xd5, 0x94, 0x01, 0x07, 0xb4, 0x16, 0xf8, 0x2e, 0xb5, 0x07, 0xb5, 0xde,
- 0xfd, 0x16, 0x11, 0xf8, 0x7e, 0xad, 0x4d, 0x3c, 0xc2, 0xb0, 0x20, 0x8e, 0x19, 0x30, 0x5f, 0xf8,
- 0xf0, 0xad, 0x31, 0xd4, 0xc4, 0x01, 0x35, 0xc7, 0x50, 0x53, 0x41, 0x0f, 0xde, 0x6f, 0x53, 0xd1,
- 0x09, 0x5b, 0xa6, 0xed, 0x77, 0x6b, 0x6d, 0xbf, 0xed, 0xd7, 0x24, 0xa3, 0x15, 0x5e, 0xc8, 0x37,
- 0xf9, 0x22, 0x9f, 0xc6, 0x4a, 0x07, 0xd5, 0x19, 0xa7, 0xb6, 0xcf, 0x48, 0xad, 0x97, 0xf1, 0x76,
- 0xf0, 0xe1, 0x14, 0xd3, 0xc5, 0x76, 0x87, 0x7a, 0x84, 0x0d, 0x6a, 0xc1, 0x65, 0x3b, 0x1a, 0xe0,
- 0xb5, 0x2e, 0x11, 0x38, 0x8f, 0x55, 0x9b, 0xc7, 0x62, 0xa1, 0x27, 0x68, 0x97, 0x64, 0x08, 0x3f,
- 0xba, 0x8e, 0xc0, 0xed, 0x0e, 0xe9, 0xe2, 0x0c, 0xef, 0xc1, 0x3c, 0x5e, 0x28, 0xa8, 0x5b, 0xa3,
- 0x9e, 0xe0, 0x82, 0xa5, 0x49, 0xd5, 0x8f, 0xc1, 0xf6, 0x91, 0xeb, 0xfa, 0x5f, 0x10, 0xe7, 0xc4,
- 0x25, 0xfd, 0xcf, 0x7c, 0x37, 0xec, 0x12, 0xf8, 0x03, 0xb0, 0xea, 0x30, 0xda, 0x23, 0x4c, 0xd7,
- 0xee, 0x6a, 0xf7, 0xd6, 0xac, 0xf2, 0xd5, 0xd0, 0x58, 0x1a, 0x0d, 0x8d, 0xd5, 0xba, 0x1c, 0x45,
- 0xca, 0x5a, 0xe5, 0xe0, 0xb6, 0x22, 0x3f, 0xf1, 0xb9, 0x68, 0x60, 0xd1, 0x81, 0x87, 0x00, 0x04,
- 0x58, 0x74, 0x1a, 0x8c, 0x5c, 0xd0, 0xbe, 0xa2, 0x43, 0x45, 0x07, 0x8d, 0x89, 0x05, 0xcd, 0xa0,
- 0xe0, 0x7b, 0xa0, 0xc4, 0x08, 0x76, 0xce, 0x3d, 0x77, 0xa0, 0xdf, 0xba, 0xab, 0xdd, 0x2b, 0x59,
- 0x5b, 0x8a, 0x51, 0x42, 0x6a, 0x1c, 0x4d, 0x10, 0xd5, 0x7f, 0x6b, 0xa0, 0x74, 0xdc, 0xa3, 0xb6,
- 0xa0, 0xbe, 0x07, 0x7f, 0x0f, 0x4a, 0x51, 0xde, 0x1d, 0x2c, 0xb0, 0x74, 0xb6, 0x7e, 0xf8, 0x81,
- 0x39, 0xad, 0x89, 0x49, 0x1a, 0xcc, 0xe0, 0xb2, 0x1d, 0x0d, 0x70, 0x33, 0x42, 0x9b, 0xbd, 0xfb,
- 0xe6, 0x79, 0xeb, 0x73, 0x62, 0x8b, 0x33, 0x22, 0xf0, 0x34, 0xbc, 0xe9, 0x18, 0x9a, 0xa8, 0x42,
- 0x17, 0x6c, 0x3a, 0xc4, 0x25, 0x82, 0x9c, 0x07, 0x91, 0x47, 0x2e, 0x23, 0x5c, 0x3f, 0x7c, 0xf0,
- 0x7a, 0x6e, 0xea, 0xb3, 0x54, 0x6b, 0x7b, 0x34, 0x34, 0x36, 0x13, 0x43, 0x28, 0x29, 0x5e, 0xfd,
- 0x52, 0x03, 0xfb, 0x27, 0xcd, 0xc7, 0xcc, 0x0f, 0x83, 0xa6, 0x88, 0xd6, 0xa9, 0x3d, 0x50, 0x26,
- 0xf8, 0x63, 0xb0, 0xcc, 0x42, 0x97, 0xa8, 0x9c, 0xbe, 0xa3, 0x82, 0x5e, 0x46, 0xa1, 0x4b, 0x5e,
- 0x0d, 0x8d, 0x9d, 0x14, 0xeb, 0xd9, 0x20, 0x20, 0x48, 0x12, 0xe0, 0xa7, 0x60, 0x95, 0x61, 0xaf,
- 0x4d, 0xa2, 0xd0, 0x0b, 0xf7, 0xd6, 0x0f, 0xab, 0xe6, 0xdc, 0x5d, 0x63, 0x9e, 0xd6, 0x51, 0x04,
- 0x9d, 0xae, 0xb8, 0x7c, 0xe5, 0x48, 0x29, 0x54, 0xcf, 0xc0, 0xa6, 0x5c, 0x6a, 0x9f, 0x09, 0x69,
- 0x81, 0x77, 0x40, 0xa1, 0x4b, 0x3d, 0x19, 0xd4, 0x8a, 0xb5, 0xae, 0x58, 0x85, 0x33, 0xea, 0xa1,
- 0x68, 0x5c, 0x9a, 0x71, 0x5f, 0xe6, 0x6c, 0xd6, 0x8c, 0xfb, 0x28, 0x1a, 0xaf, 0x3e, 0x06, 0x45,
- 0xe5, 0x71, 0x56, 0xa8, 0xb0, 0x58, 0xa8, 0x90, 0x23, 0xf4, 0xd7, 0x5b, 0x60, 0xa7, 0xe1, 0x3b,
- 0x75, 0xca, 0x59, 0x28, 0xf3, 0x65, 0x85, 0x4e, 0x9b, 0x88, 0x37, 0x50, 0x1f, 0xcf, 0xc0, 0x32,
- 0x0f, 0x88, 0xad, 0xca, 0xe2, 0x70, 0x41, 0x6e, 0x73, 0xe2, 0x6b, 0x06, 0xc4, 0xb6, 0x36, 0xe2,
- 0xa5, 0x8c, 0xde, 0x90, 0x54, 0x83, 0x2f, 0xc0, 0x2a, 0x17, 0x58, 0x84, 0x5c, 0x2f, 0x48, 0xdd,
- 0x0f, 0x6f, 0xa8, 0x2b, 0xb9, 0xd3, 0x55, 0x1c, 0xbf, 0x23, 0xa5, 0x59, 0xfd, 0xa7, 0x06, 0xbe,
- 0x97, 0xc3, 0x7a, 0x4a, 0xb9, 0x80, 0x2f, 0x32, 0x19, 0x33, 0x5f, 0x2f, 0x63, 0x11, 0x5b, 0xe6,
- 0x6b, 0xb2, 0x79, 0xe3, 0x91, 0x99, 0x6c, 0x35, 0xc1, 0x0a, 0x15, 0xa4, 0x1b, 0x97, 0xa2, 0x79,
- 0xb3, 0x69, 0x59, 0x9b, 0x4a, 0x7a, 0xe5, 0x34, 0x12, 0x41, 0x63, 0xad, 0xea, 0xbf, 0x6e, 0xe5,
- 0x4e, 0x27, 0x4a, 0x27, 0xbc, 0x00, 0x1b, 0x5d, 0xea, 0x1d, 0xf5, 0x30, 0x75, 0x71, 0x4b, 0xed,
- 0x9e, 0x45, 0x45, 0x10, 0xf5, 0x4a, 0x73, 0xdc, 0x2b, 0xcd, 0x53, 0x4f, 0x9c, 0xb3, 0xa6, 0x60,
- 0xd4, 0x6b, 0x5b, 0x5b, 0xa3, 0xa1, 0xb1, 0x71, 0x36, 0xa3, 0x84, 0x12, 0xba, 0xf0, 0xb7, 0xa0,
- 0xc4, 0x89, 0x4b, 0x6c, 0xe1, 0xb3, 0x9b, 0x75, 0x88, 0xa7, 0xb8, 0x45, 0xdc, 0xa6, 0xa2, 0x5a,
- 0x1b, 0x51, 0xde, 0xe2, 0x37, 0x34, 0x91, 0x84, 0x2e, 0x28, 0x77, 0x71, 0xff, 0xb9, 0x87, 0x27,
- 0x13, 0x29, 0x7c, 0xcb, 0x89, 0xc0, 0xd1, 0xd0, 0x28, 0x9f, 0x25, 0xb4, 0x50, 0x4a, 0xbb, 0xfa,
- 0xbf, 0x65, 0xf0, 0xd6, 0xdc, 0xaa, 0x82, 0x9f, 0x02, 0xe8, 0xb7, 0x38, 0x61, 0x3d, 0xe2, 0x3c,
- 0x1e, 0x7f, 0x4d, 0xa8, 0x1f, 0x6f, 0xdc, 0x03, 0xb5, 0x40, 0xf0, 0x3c, 0x83, 0x40, 0x39, 0x2c,
- 0xf8, 0x27, 0x0d, 0x6c, 0x3a, 0x63, 0x37, 0xc4, 0x69, 0xf8, 0x4e, 0x5c, 0x18, 0x8f, 0xbf, 0x4d,
- 0xbd, 0x9b, 0xf5, 0x59, 0xa5, 0x63, 0x4f, 0xb0, 0x81, 0xb5, 0xa7, 0x02, 0xda, 0x4c, 0xd8, 0x50,
- 0xd2, 0x29, 0x3c, 0x03, 0xd0, 0x99, 0x48, 0x72, 0xf5, 0x4d, 0x93, 0x29, 0x5e, 0xb1, 0xee, 0x28,
- 0x85, 0xbd, 0x84, 0xdf, 0x18, 0x84, 0x72, 0x88, 0xf0, 0xe7, 0xa0, 0x6c, 0x87, 0x8c, 0x11, 0x4f,
- 0x3c, 0x21, 0xd8, 0x15, 0x9d, 0x81, 0xbe, 0x2c, 0xa5, 0xf6, 0x95, 0x54, 0xf9, 0x51, 0xc2, 0x8a,
- 0x52, 0xe8, 0x88, 0xef, 0x10, 0x4e, 0x19, 0x71, 0x62, 0xfe, 0x4a, 0x92, 0x5f, 0x4f, 0x58, 0x51,
- 0x0a, 0x0d, 0x1f, 0x82, 0x0d, 0xd2, 0x0f, 0x88, 0x1d, 0xe7, 0x74, 0x55, 0xb2, 0x77, 0x15, 0x7b,
- 0xe3, 0x78, 0xc6, 0x86, 0x12, 0xc8, 0x03, 0x17, 0xc0, 0x6c, 0x12, 0xe1, 0x16, 0x28, 0x5c, 0x92,
- 0xc1, 0xf8, 0xcb, 0x83, 0xa2, 0x47, 0xf8, 0x09, 0x58, 0xe9, 0x61, 0x37, 0x24, 0xaa, 0xd6, 0xdf,
- 0x7d, 0xbd, 0x5a, 0x7f, 0x46, 0xbb, 0x04, 0x8d, 0x89, 0x3f, 0xb9, 0xf5, 0x50, 0xab, 0xfe, 0x43,
- 0x03, 0xdb, 0x0d, 0xdf, 0x69, 0x12, 0x3b, 0x64, 0x54, 0x0c, 0x1a, 0x72, 0x9d, 0xdf, 0x40, 0xcf,
- 0x46, 0x89, 0x9e, 0xfd, 0xc1, 0xe2, 0x5a, 0x4b, 0x46, 0x37, 0xaf, 0x63, 0x57, 0xaf, 0x34, 0xb0,
- 0x97, 0x41, 0xbf, 0x81, 0x8e, 0xfa, 0xcb, 0x64, 0x47, 0x7d, 0xef, 0x26, 0x93, 0x99, 0xd3, 0x4f,
- 0xff, 0x5f, 0xce, 0x99, 0x8a, 0xec, 0xa6, 0xd1, 0xe9, 0x8e, 0xd1, 0x1e, 0x75, 0x49, 0x9b, 0x38,
- 0x72, 0x32, 0xa5, 0x99, 0xd3, 0xdd, 0xc4, 0x82, 0x66, 0x50, 0x90, 0x83, 0x7d, 0x87, 0x5c, 0xe0,
- 0xd0, 0x15, 0x47, 0x8e, 0xf3, 0x08, 0x07, 0xb8, 0x45, 0x5d, 0x2a, 0xa8, 0x3a, 0x8e, 0xac, 0x59,
- 0x1f, 0x8f, 0x86, 0xc6, 0x7e, 0x3d, 0x17, 0xf1, 0x6a, 0x68, 0xdc, 0xc9, 0x9e, 0xcb, 0xcd, 0x09,
- 0x64, 0x80, 0xe6, 0x48, 0xc3, 0x01, 0xd0, 0x19, 0xf9, 0x43, 0x18, 0x6d, 0x8a, 0x3a, 0xf3, 0x83,
- 0x84, 0xdb, 0x82, 0x74, 0xfb, 0xb3, 0xd1, 0xd0, 0xd0, 0xd1, 0x1c, 0xcc, 0xf5, 0x8e, 0xe7, 0xca,
- 0xc3, 0xcf, 0xc1, 0x0e, 0x1e, 0xf7, 0x81, 0x84, 0xd7, 0x65, 0xe9, 0xf5, 0xe1, 0x68, 0x68, 0xec,
- 0x1c, 0x65, 0xcd, 0xd7, 0x3b, 0xcc, 0x13, 0x85, 0x35, 0x50, 0xec, 0xc9, 0x23, 0x3b, 0xd7, 0x57,
- 0xa4, 0xfe, 0xde, 0x68, 0x68, 0x14, 0xc7, 0xa7, 0xf8, 0x48, 0x73, 0xf5, 0xa4, 0x29, 0x0f, 0x82,
- 0x31, 0x0a, 0x7e, 0x04, 0xd6, 0x3b, 0x3e, 0x17, 0xbf, 0x20, 0xe2, 0x0b, 0x9f, 0x5d, 0xca, 0xc6,
- 0x50, 0xb2, 0x76, 0xd4, 0x0a, 0xae, 0x3f, 0x99, 0x9a, 0xd0, 0x2c, 0x0e, 0xfe, 0x1a, 0xac, 0x75,
- 0xd4, 0xb1, 0x8f, 0xeb, 0x45, 0x59, 0x68, 0xf7, 0x16, 0x14, 0x5a, 0xe2, 0x88, 0x68, 0x6d, 0x2b,
- 0xf9, 0xb5, 0x78, 0x98, 0xa3, 0xa9, 0x1a, 0xfc, 0x21, 0x28, 0xca, 0x97, 0xd3, 0xba, 0x5e, 0x92,
- 0xd1, 0xdc, 0x56, 0xf0, 0xe2, 0x93, 0xf1, 0x30, 0x8a, 0xed, 0x31, 0xf4, 0xb4, 0xf1, 0x48, 0x5f,
- 0xcb, 0x42, 0x4f, 0x1b, 0x8f, 0x50, 0x6c, 0x87, 0x2f, 0x40, 0x91, 0x93, 0xa7, 0xd4, 0x0b, 0xfb,
- 0x3a, 0x90, 0x5b, 0xee, 0xfe, 0x82, 0x70, 0x9b, 0xc7, 0x12, 0x99, 0x3a, 0x70, 0x4f, 0xd5, 0x95,
- 0x1d, 0xc5, 0x92, 0xd0, 0x01, 0x6b, 0x2c, 0xf4, 0x8e, 0xf8, 0x73, 0x4e, 0x98, 0xbe, 0x9e, 0xf9,
- 0xda, 0xa7, 0xf5, 0x51, 0x8c, 0x4d, 0x7b, 0x98, 0x64, 0x66, 0x82, 0x40, 0x53, 0x61, 0xf8, 0x67,
- 0x0d, 0x40, 0x1e, 0x06, 0x81, 0x4b, 0xba, 0xc4, 0x13, 0xd8, 0x95, 0xe7, 0x7b, 0xae, 0x6f, 0x48,
- 0x7f, 0x3f, 0x5d, 0x34, 0x9f, 0x0c, 0x29, 0xed, 0x78, 0xf2, 0x99, 0xce, 0x42, 0x51, 0x8e, 0xcf,
- 0x28, 0x9d, 0x17, 0x5c, 0x3e, 0xeb, 0x9b, 0xd7, 0xa6, 0x33, 0xff, 0xff, 0x65, 0x9a, 0x4e, 0x65,
- 0x47, 0xb1, 0x24, 0xfc, 0x0c, 0xec, 0xc7, 0x7f, 0x77, 0xc8, 0xf7, 0xc5, 0x09, 0x75, 0x09, 0x1f,
- 0x70, 0x41, 0xba, 0x7a, 0x59, 0x2e, 0x73, 0x45, 0x31, 0xf7, 0x51, 0x2e, 0x0a, 0xcd, 0x61, 0xc3,
- 0x2e, 0x30, 0xe2, 0xf6, 0x10, 0xed, 0x9d, 0x49, 0x7f, 0x3a, 0xe6, 0x36, 0x76, 0xc7, 0xa7, 0x96,
- 0xdb, 0xd2, 0xc1, 0x3b, 0xa3, 0xa1, 0x61, 0xd4, 0x17, 0x43, 0xd1, 0x75, 0x5a, 0xf0, 0x57, 0x40,
- 0xc7, 0xf3, 0xfc, 0x6c, 0x49, 0x3f, 0xdf, 0x8f, 0x7a, 0xce, 0x5c, 0x07, 0x73, 0xd9, 0x30, 0x00,
- 0x5b, 0x38, 0xf9, 0x9f, 0xcd, 0xf5, 0x6d, 0xb9, 0x0b, 0xdf, 0x5d, 0xb0, 0x0e, 0xa9, 0x5f, 0x73,
- 0x4b, 0x57, 0x69, 0xdc, 0x4a, 0x19, 0x38, 0xca, 0xa8, 0xc3, 0x3e, 0x80, 0x38, 0x7d, 0x2d, 0xc0,
- 0x75, 0x78, 0xed, 0x27, 0x26, 0x73, 0x97, 0x30, 0x2d, 0xb5, 0x8c, 0x89, 0xa3, 0x1c, 0x1f, 0xf0,
- 0x29, 0xd8, 0x55, 0xa3, 0xcf, 0x3d, 0x8e, 0x2f, 0x48, 0x73, 0xc0, 0x6d, 0xe1, 0x72, 0x7d, 0x47,
- 0xf6, 0x37, 0x7d, 0x34, 0x34, 0x76, 0x8f, 0x72, 0xec, 0x28, 0x97, 0x05, 0x3f, 0x01, 0x5b, 0x17,
- 0x3e, 0x6b, 0x51, 0xc7, 0x21, 0x5e, 0xac, 0xb4, 0x2b, 0x95, 0x76, 0xa3, 0x4c, 0x9c, 0xa4, 0x6c,
- 0x28, 0x83, 0x86, 0x1c, 0xec, 0x29, 0xe5, 0x06, 0xf3, 0xed, 0x33, 0x3f, 0xf4, 0x44, 0xd4, 0x52,
- 0xb9, 0xbe, 0x37, 0xf9, 0x8c, 0xec, 0x1d, 0xe5, 0x01, 0x5e, 0x0d, 0x8d, 0xbb, 0x39, 0x2d, 0x3d,
- 0x01, 0x42, 0xf9, 0xda, 0xd5, 0x2f, 0x35, 0xa0, 0xcf, 0xeb, 0x1a, 0xf0, 0xa3, 0xc4, 0x45, 0xc0,
- 0xdb, 0xa9, 0x8b, 0x80, 0xed, 0x0c, 0xef, 0x3b, 0xb8, 0x06, 0xf8, 0x9b, 0x06, 0xf6, 0xf3, 0xbb,
- 0x26, 0x7c, 0x90, 0x88, 0xce, 0x48, 0x45, 0x77, 0x3b, 0xc5, 0x52, 0xb1, 0xfd, 0x0e, 0x94, 0x55,
- 0x6f, 0x4d, 0xde, 0xb2, 0x24, 0x62, 0x8c, 0x32, 0x18, 0x1d, 0x8b, 0x94, 0x44, 0xdc, 0x57, 0xe4,
- 0x0f, 0x4d, 0x72, 0x0c, 0xa5, 0xd4, 0xaa, 0x7f, 0xd7, 0xc0, 0xdb, 0xd7, 0x76, 0x45, 0x68, 0x25,
- 0x42, 0x37, 0x53, 0xa1, 0x57, 0xe6, 0x0b, 0x7c, 0x37, 0x97, 0x2d, 0xd6, 0xfb, 0x57, 0x2f, 0x2b,
- 0x4b, 0x5f, 0xbd, 0xac, 0x2c, 0x7d, 0xfd, 0xb2, 0xb2, 0xf4, 0xc7, 0x51, 0x45, 0xbb, 0x1a, 0x55,
- 0xb4, 0xaf, 0x46, 0x15, 0xed, 0xeb, 0x51, 0x45, 0xfb, 0xcf, 0xa8, 0xa2, 0xfd, 0xe5, 0xbf, 0x95,
- 0xa5, 0xdf, 0x14, 0x95, 0xdc, 0x37, 0x01, 0x00, 0x00, 0xff, 0xff, 0xa8, 0xba, 0x23, 0xa4, 0x51,
- 0x15, 0x00, 0x00,
+ // 1756 bytes of a gzipped FileDescriptorProto
+ 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x58, 0xdd, 0x8e, 0xdb, 0xc6,
+ 0x15, 0x5e, 0x5a, 0xfb, 0xa3, 0x9d, 0xfd, 0x9f, 0xfd, 0x29, 0xbd, 0xa8, 0x45, 0x47, 0x01, 0x0a,
+ 0x37, 0x48, 0xa8, 0x78, 0x9d, 0xa4, 0x46, 0xd3, 0x16, 0x59, 0x5a, 0xbb, 0xf6, 0x06, 0xde, 0xae,
+ 0x3a, 0xb2, 0x83, 0xb6, 0x70, 0x8b, 0x8e, 0xc4, 0x59, 0xed, 0x64, 0x29, 0x92, 0x9d, 0x19, 0x2a,
+ 0xab, 0xbb, 0x5e, 0xf4, 0xa2, 0x97, 0x7d, 0x81, 0xa0, 0x0f, 0x50, 0xf4, 0xaa, 0x2f, 0xe1, 0x02,
+ 0x45, 0x91, 0xcb, 0xa0, 0x17, 0x42, 0xad, 0x22, 0x2f, 0xe1, 0xab, 0x80, 0xa3, 0x21, 0x25, 0xfe,
+ 0x49, 0x5e, 0x03, 0xf6, 0x1d, 0x39, 0xe7, 0xfb, 0xbe, 0x73, 0xe6, 0xcc, 0x99, 0x33, 0x43, 0x02,
+ 0xeb, 0xf2, 0x3e, 0x37, 0xa9, 0x57, 0xbb, 0x0c, 0x5a, 0x84, 0xb9, 0x44, 0x10, 0x5e, 0xeb, 0x11,
+ 0xd7, 0xf6, 0x58, 0x4d, 0x19, 0xb0, 0x4f, 0x6b, 0xbe, 0xe7, 0xd0, 0x76, 0xbf, 0xd6, 0xbb, 0xdb,
+ 0x22, 0x02, 0xdf, 0xad, 0x75, 0x88, 0x4b, 0x18, 0x16, 0xc4, 0x36, 0x7d, 0xe6, 0x09, 0x0f, 0xde,
+ 0x1c, 0x41, 0x4d, 0xec, 0x53, 0x73, 0x04, 0x35, 0x15, 0x74, 0xff, 0x83, 0x0e, 0x15, 0x17, 0x41,
+ 0xcb, 0x6c, 0x7b, 0xdd, 0x5a, 0xc7, 0xeb, 0x78, 0x35, 0xc9, 0x68, 0x05, 0xe7, 0xf2, 0x4d, 0xbe,
+ 0xc8, 0xa7, 0x91, 0xd2, 0x7e, 0x75, 0xc2, 0x69, 0xdb, 0x63, 0xa4, 0xd6, 0xcb, 0x78, 0xdb, 0xff,
+ 0x68, 0x8c, 0xe9, 0xe2, 0xf6, 0x05, 0x75, 0x09, 0xeb, 0xd7, 0xfc, 0xcb, 0x4e, 0x38, 0xc0, 0x6b,
+ 0x5d, 0x22, 0x70, 0x1e, 0xab, 0x56, 0xc4, 0x62, 0x81, 0x2b, 0x68, 0x97, 0x64, 0x08, 0x9f, 0xcc,
+ 0x22, 0xf0, 0xf6, 0x05, 0xe9, 0xe2, 0x0c, 0xef, 0x5e, 0x11, 0x2f, 0x10, 0xd4, 0xa9, 0x51, 0x57,
+ 0x70, 0xc1, 0xd2, 0xa4, 0xea, 0xa7, 0x60, 0xeb, 0xd0, 0x71, 0xbc, 0xaf, 0x88, 0x7d, 0xec, 0x90,
+ 0xab, 0x2f, 0x3c, 0x27, 0xe8, 0x12, 0xf8, 0x23, 0xb0, 0x68, 0x33, 0xda, 0x23, 0x4c, 0xd7, 0x6e,
+ 0x6b, 0x77, 0x96, 0xad, 0xf5, 0xe7, 0x03, 0x63, 0x6e, 0x38, 0x30, 0x16, 0xeb, 0x72, 0x14, 0x29,
+ 0x6b, 0x95, 0x83, 0x0d, 0x45, 0x7e, 0xe4, 0x71, 0xd1, 0xc0, 0xe2, 0x02, 0x1e, 0x00, 0xe0, 0x63,
+ 0x71, 0xd1, 0x60, 0xe4, 0x9c, 0x5e, 0x29, 0x3a, 0x54, 0x74, 0xd0, 0x88, 0x2d, 0x68, 0x02, 0x05,
+ 0xdf, 0x07, 0x65, 0x46, 0xb0, 0x7d, 0xe6, 0x3a, 0x7d, 0xfd, 0xc6, 0x6d, 0xed, 0x4e, 0xd9, 0xda,
+ 0x54, 0x8c, 0x32, 0x52, 0xe3, 0x28, 0x46, 0x54, 0xff, 0xab, 0x81, 0xf2, 0x51, 0x8f, 0xb6, 0x05,
+ 0xf5, 0x5c, 0xf8, 0x07, 0x50, 0x0e, 0xf3, 0x6e, 0x63, 0x81, 0xa5, 0xb3, 0x95, 0x83, 0x0f, 0xcd,
+ 0x71, 0x4d, 0xc4, 0x69, 0x30, 0xfd, 0xcb, 0x4e, 0x38, 0xc0, 0xcd, 0x10, 0x6d, 0xf6, 0xee, 0x9a,
+ 0x67, 0xad, 0x2f, 0x49, 0x5b, 0x9c, 0x12, 0x81, 0xc7, 0xe1, 0x8d, 0xc7, 0x50, 0xac, 0x0a, 0x1d,
+ 0xb0, 0x66, 0x13, 0x87, 0x08, 0x72, 0xe6, 0x87, 0x1e, 0xb9, 0x8c, 0x70, 0xe5, 0xe0, 0xde, 0xab,
+ 0xb9, 0xa9, 0x4f, 0x52, 0xad, 0xad, 0xe1, 0xc0, 0x58, 0x4b, 0x0c, 0xa1, 0xa4, 0x78, 0xf5, 0x6b,
+ 0x0d, 0xec, 0x1d, 0x37, 0x1f, 0x32, 0x2f, 0xf0, 0x9b, 0x22, 0x5c, 0xa7, 0x4e, 0x5f, 0x99, 0xe0,
+ 0x4f, 0xc0, 0x3c, 0x0b, 0x1c, 0xa2, 0x72, 0xfa, 0xae, 0x0a, 0x7a, 0x1e, 0x05, 0x0e, 0x79, 0x39,
+ 0x30, 0xb6, 0x53, 0xac, 0x27, 0x7d, 0x9f, 0x20, 0x49, 0x80, 0x9f, 0x83, 0x45, 0x86, 0xdd, 0x0e,
+ 0x09, 0x43, 0x2f, 0xdd, 0x59, 0x39, 0xa8, 0x9a, 0x85, 0xbb, 0xc6, 0x3c, 0xa9, 0xa3, 0x10, 0x3a,
+ 0x5e, 0x71, 0xf9, 0xca, 0x91, 0x52, 0xa8, 0x9e, 0x82, 0x35, 0xb9, 0xd4, 0x1e, 0x13, 0xd2, 0x02,
+ 0x6f, 0x81, 0x52, 0x97, 0xba, 0x32, 0xa8, 0x05, 0x6b, 0x45, 0xb1, 0x4a, 0xa7, 0xd4, 0x45, 0xe1,
+ 0xb8, 0x34, 0xe3, 0x2b, 0x99, 0xb3, 0x49, 0x33, 0xbe, 0x42, 0xe1, 0x78, 0xf5, 0x21, 0x58, 0x52,
+ 0x1e, 0x27, 0x85, 0x4a, 0xd3, 0x85, 0x4a, 0x39, 0x42, 0x7f, 0xbf, 0x01, 0xb6, 0x1b, 0x9e, 0x5d,
+ 0xa7, 0x9c, 0x05, 0x32, 0x5f, 0x56, 0x60, 0x77, 0x88, 0x78, 0x0b, 0xf5, 0xf1, 0x04, 0xcc, 0x73,
+ 0x9f, 0xb4, 0x55, 0x59, 0x1c, 0x4c, 0xc9, 0x6d, 0x4e, 0x7c, 0x4d, 0x9f, 0xb4, 0xad, 0xd5, 0x68,
+ 0x29, 0xc3, 0x37, 0x24, 0xd5, 0xe0, 0x33, 0xb0, 0xc8, 0x05, 0x16, 0x01, 0xd7, 0x4b, 0x52, 0xf7,
+ 0xa3, 0x6b, 0xea, 0x4a, 0xee, 0x78, 0x15, 0x47, 0xef, 0x48, 0x69, 0x56, 0xff, 0xad, 0x81, 0x1f,
+ 0xe4, 0xb0, 0x1e, 0x53, 0x2e, 0xe0, 0xb3, 0x4c, 0xc6, 0xcc, 0x57, 0xcb, 0x58, 0xc8, 0x96, 0xf9,
+ 0x8a, 0x37, 0x6f, 0x34, 0x32, 0x91, 0xad, 0x26, 0x58, 0xa0, 0x82, 0x74, 0xa3, 0x52, 0x34, 0xaf,
+ 0x37, 0x2d, 0x6b, 0x4d, 0x49, 0x2f, 0x9c, 0x84, 0x22, 0x68, 0xa4, 0x55, 0xfd, 0xcf, 0x8d, 0xdc,
+ 0xe9, 0x84, 0xe9, 0x84, 0xe7, 0x60, 0xb5, 0x4b, 0xdd, 0xc3, 0x1e, 0xa6, 0x0e, 0x6e, 0xa9, 0xdd,
+ 0x33, 0xad, 0x08, 0xc2, 0x5e, 0x69, 0x8e, 0x7a, 0xa5, 0x79, 0xe2, 0x8a, 0x33, 0xd6, 0x14, 0x8c,
+ 0xba, 0x1d, 0x6b, 0x73, 0x38, 0x30, 0x56, 0x4f, 0x27, 0x94, 0x50, 0x42, 0x17, 0xfe, 0x0e, 0x94,
+ 0x39, 0x71, 0x48, 0x5b, 0x78, 0xec, 0x7a, 0x1d, 0xe2, 0x31, 0x6e, 0x11, 0xa7, 0xa9, 0xa8, 0xd6,
+ 0x6a, 0x98, 0xb7, 0xe8, 0x0d, 0xc5, 0x92, 0xd0, 0x01, 0xeb, 0x5d, 0x7c, 0xf5, 0xd4, 0xc5, 0xf1,
+ 0x44, 0x4a, 0xaf, 0x39, 0x11, 0x38, 0x1c, 0x18, 0xeb, 0xa7, 0x09, 0x2d, 0x94, 0xd2, 0xae, 0x7e,
+ 0x37, 0x0f, 0x6e, 0x16, 0x56, 0x15, 0xfc, 0x1c, 0x40, 0xaf, 0xc5, 0x09, 0xeb, 0x11, 0xfb, 0xe1,
+ 0xe8, 0x34, 0xa1, 0x5e, 0xb4, 0x71, 0xf7, 0xd5, 0x02, 0xc1, 0xb3, 0x0c, 0x02, 0xe5, 0xb0, 0xe0,
+ 0x9f, 0x35, 0xb0, 0x66, 0x8f, 0xdc, 0x10, 0xbb, 0xe1, 0xd9, 0x51, 0x61, 0x3c, 0x7c, 0x9d, 0x7a,
+ 0x37, 0xeb, 0x93, 0x4a, 0x47, 0xae, 0x60, 0x7d, 0x6b, 0x57, 0x05, 0xb4, 0x96, 0xb0, 0xa1, 0xa4,
+ 0x53, 0x78, 0x0a, 0xa0, 0x1d, 0x4b, 0x72, 0x75, 0xa6, 0xc9, 0x14, 0x2f, 0x58, 0xb7, 0x94, 0xc2,
+ 0x6e, 0xc2, 0x6f, 0x04, 0x42, 0x39, 0x44, 0xf8, 0x0b, 0xb0, 0xde, 0x0e, 0x18, 0x23, 0xae, 0x78,
+ 0x44, 0xb0, 0x23, 0x2e, 0xfa, 0xfa, 0xbc, 0x94, 0xda, 0x53, 0x52, 0xeb, 0x0f, 0x12, 0x56, 0x94,
+ 0x42, 0x87, 0x7c, 0x9b, 0x70, 0xca, 0x88, 0x1d, 0xf1, 0x17, 0x92, 0xfc, 0x7a, 0xc2, 0x8a, 0x52,
+ 0x68, 0x78, 0x1f, 0xac, 0x92, 0x2b, 0x9f, 0xb4, 0xa3, 0x9c, 0x2e, 0x4a, 0xf6, 0x8e, 0x62, 0xaf,
+ 0x1e, 0x4d, 0xd8, 0x50, 0x02, 0xb9, 0xef, 0x00, 0x98, 0x4d, 0x22, 0xdc, 0x04, 0xa5, 0x4b, 0xd2,
+ 0x1f, 0x9d, 0x3c, 0x28, 0x7c, 0x84, 0x9f, 0x81, 0x85, 0x1e, 0x76, 0x02, 0xa2, 0x6a, 0xfd, 0xbd,
+ 0x57, 0xab, 0xf5, 0x27, 0xb4, 0x4b, 0xd0, 0x88, 0xf8, 0xd3, 0x1b, 0xf7, 0xb5, 0xea, 0xbf, 0x34,
+ 0xb0, 0xd5, 0xf0, 0xec, 0x26, 0x69, 0x07, 0x8c, 0x8a, 0x7e, 0x43, 0xae, 0xf3, 0x5b, 0xe8, 0xd9,
+ 0x28, 0xd1, 0xb3, 0x3f, 0x9c, 0x5e, 0x6b, 0xc9, 0xe8, 0x8a, 0x3a, 0x76, 0xf5, 0xb9, 0x06, 0x76,
+ 0x33, 0xe8, 0xb7, 0xd0, 0x51, 0x7f, 0x95, 0xec, 0xa8, 0xef, 0x5f, 0x67, 0x32, 0x05, 0xfd, 0xf4,
+ 0xbb, 0x8d, 0x9c, 0xa9, 0xc8, 0x6e, 0x1a, 0xde, 0xee, 0x18, 0xed, 0x51, 0x87, 0x74, 0x88, 0x2d,
+ 0x27, 0x53, 0x9e, 0xb8, 0xdd, 0xc5, 0x16, 0x34, 0x81, 0x82, 0x1c, 0xec, 0xd9, 0xe4, 0x1c, 0x07,
+ 0x8e, 0x38, 0xb4, 0xed, 0x07, 0xd8, 0xc7, 0x2d, 0xea, 0x50, 0x41, 0xd5, 0x75, 0x64, 0xd9, 0xfa,
+ 0x74, 0x38, 0x30, 0xf6, 0xea, 0xb9, 0x88, 0x97, 0x03, 0xe3, 0x56, 0xf6, 0x5e, 0x6e, 0xc6, 0x90,
+ 0x3e, 0x2a, 0x90, 0x86, 0x7d, 0xa0, 0x33, 0xf2, 0xc7, 0x20, 0xdc, 0x14, 0x75, 0xe6, 0xf9, 0x09,
+ 0xb7, 0x25, 0xe9, 0xf6, 0xe7, 0xc3, 0x81, 0xa1, 0xa3, 0x02, 0xcc, 0x6c, 0xc7, 0x85, 0xf2, 0xf0,
+ 0x4b, 0xb0, 0x8d, 0x47, 0x7d, 0x20, 0xe1, 0x75, 0x5e, 0x7a, 0xbd, 0x3f, 0x1c, 0x18, 0xdb, 0x87,
+ 0x59, 0xf3, 0x6c, 0x87, 0x79, 0xa2, 0xb0, 0x06, 0x96, 0x7a, 0xf2, 0xca, 0xce, 0xf5, 0x05, 0xa9,
+ 0xbf, 0x3b, 0x1c, 0x18, 0x4b, 0xa3, 0x5b, 0x7c, 0xa8, 0xb9, 0x78, 0xdc, 0x94, 0x17, 0xc1, 0x08,
+ 0x05, 0x3f, 0x06, 0x2b, 0x17, 0x1e, 0x17, 0xbf, 0x24, 0xe2, 0x2b, 0x8f, 0x5d, 0xca, 0xc6, 0x50,
+ 0xb6, 0xb6, 0xd5, 0x0a, 0xae, 0x3c, 0x1a, 0x9b, 0xd0, 0x24, 0x0e, 0xfe, 0x06, 0x2c, 0x5f, 0xa8,
+ 0x6b, 0x1f, 0xd7, 0x97, 0x64, 0xa1, 0xdd, 0x99, 0x52, 0x68, 0x89, 0x2b, 0xa2, 0xb5, 0xa5, 0xe4,
+ 0x97, 0xa3, 0x61, 0x8e, 0xc6, 0x6a, 0xf0, 0xc7, 0x60, 0x49, 0xbe, 0x9c, 0xd4, 0xf5, 0xb2, 0x8c,
+ 0x66, 0x43, 0xc1, 0x97, 0x1e, 0x8d, 0x86, 0x51, 0x64, 0x8f, 0xa0, 0x27, 0x8d, 0x07, 0xfa, 0x72,
+ 0x16, 0x7a, 0xd2, 0x78, 0x80, 0x22, 0x3b, 0x7c, 0x06, 0x96, 0x38, 0x79, 0x4c, 0xdd, 0xe0, 0x4a,
+ 0x07, 0x72, 0xcb, 0xdd, 0x9d, 0x12, 0x6e, 0xf3, 0x48, 0x22, 0x53, 0x17, 0xee, 0xb1, 0xba, 0xb2,
+ 0xa3, 0x48, 0x12, 0xda, 0x60, 0x99, 0x05, 0xee, 0x21, 0x7f, 0xca, 0x09, 0xd3, 0x57, 0x32, 0xa7,
+ 0x7d, 0x5a, 0x1f, 0x45, 0xd8, 0xb4, 0x87, 0x38, 0x33, 0x31, 0x02, 0x8d, 0x85, 0xe1, 0x5f, 0x34,
+ 0x00, 0x79, 0xe0, 0xfb, 0x0e, 0xe9, 0x12, 0x57, 0x60, 0x47, 0xde, 0xef, 0xb9, 0xbe, 0x2a, 0xfd,
+ 0xfd, 0x6c, 0xda, 0x7c, 0x32, 0xa4, 0xb4, 0xe3, 0xf8, 0x98, 0xce, 0x42, 0x51, 0x8e, 0xcf, 0x30,
+ 0x9d, 0xe7, 0x5c, 0x3e, 0xeb, 0x6b, 0x33, 0xd3, 0x99, 0xff, 0xfd, 0x32, 0x4e, 0xa7, 0xb2, 0xa3,
+ 0x48, 0x12, 0x7e, 0x01, 0xf6, 0xa2, 0xaf, 0x3b, 0xe4, 0x79, 0xe2, 0x98, 0x3a, 0x84, 0xf7, 0xb9,
+ 0x20, 0x5d, 0x7d, 0x5d, 0x2e, 0x73, 0x45, 0x31, 0xf7, 0x50, 0x2e, 0x0a, 0x15, 0xb0, 0x61, 0x17,
+ 0x18, 0x51, 0x7b, 0x08, 0xf7, 0x4e, 0xdc, 0x9f, 0x8e, 0x78, 0x1b, 0x3b, 0xa3, 0x5b, 0xcb, 0x86,
+ 0x74, 0xf0, 0xee, 0x70, 0x60, 0x18, 0xf5, 0xe9, 0x50, 0x34, 0x4b, 0x0b, 0xfe, 0x1a, 0xe8, 0xb8,
+ 0xc8, 0xcf, 0xa6, 0xf4, 0xf3, 0xc3, 0xb0, 0xe7, 0x14, 0x3a, 0x28, 0x64, 0x43, 0x1f, 0x6c, 0xe2,
+ 0xe4, 0x77, 0x36, 0xd7, 0xb7, 0xe4, 0x2e, 0x7c, 0x6f, 0xca, 0x3a, 0xa4, 0x3e, 0xcd, 0x2d, 0x5d,
+ 0xa5, 0x71, 0x33, 0x65, 0xe0, 0x28, 0xa3, 0x0e, 0xaf, 0x00, 0xc4, 0xe9, 0xdf, 0x02, 0x5c, 0x87,
+ 0x33, 0x8f, 0x98, 0xcc, 0xbf, 0x84, 0x71, 0xa9, 0x65, 0x4c, 0x1c, 0xe5, 0xf8, 0x80, 0x8f, 0xc1,
+ 0x8e, 0x1a, 0x7d, 0xea, 0x72, 0x7c, 0x4e, 0x9a, 0x7d, 0xde, 0x16, 0x0e, 0xd7, 0xb7, 0x65, 0x7f,
+ 0xd3, 0x87, 0x03, 0x63, 0xe7, 0x30, 0xc7, 0x8e, 0x72, 0x59, 0xf0, 0x33, 0xb0, 0x79, 0xee, 0xb1,
+ 0x16, 0xb5, 0x6d, 0xe2, 0x46, 0x4a, 0x3b, 0x52, 0x69, 0x27, 0xcc, 0xc4, 0x71, 0xca, 0x86, 0x32,
+ 0x68, 0xc8, 0xc1, 0xae, 0x52, 0x6e, 0x30, 0xaf, 0x7d, 0xea, 0x05, 0xae, 0x08, 0x5b, 0x2a, 0xd7,
+ 0x77, 0xe3, 0x63, 0x64, 0xf7, 0x30, 0x0f, 0xf0, 0x72, 0x60, 0xdc, 0xce, 0x69, 0xe9, 0x09, 0x10,
+ 0xca, 0xd7, 0x86, 0x36, 0x00, 0xb2, 0x0f, 0x8c, 0xb6, 0xdc, 0xde, 0xcc, 0x4f, 0x40, 0x14, 0x83,
+ 0xd3, 0xbb, 0x6e, 0x3d, 0x3c, 0x99, 0xc7, 0x66, 0x34, 0xa1, 0x5b, 0xfd, 0x9b, 0x06, 0x6e, 0x16,
+ 0x32, 0xe1, 0x27, 0x89, 0xff, 0x0d, 0xd5, 0xd4, 0xff, 0x06, 0x98, 0x25, 0xbe, 0x81, 0xdf, 0x0d,
+ 0x5f, 0x6b, 0x40, 0x2f, 0xea, 0x9e, 0xf0, 0xe3, 0x44, 0x80, 0xef, 0xa4, 0x02, 0xdc, 0xca, 0xf0,
+ 0xde, 0x40, 0x7c, 0xff, 0xd0, 0xc0, 0x5e, 0xfe, 0xe9, 0x01, 0xef, 0x25, 0xa2, 0x33, 0x52, 0xd1,
+ 0x6d, 0xa4, 0x58, 0x2a, 0xb6, 0xdf, 0x83, 0x75, 0x75, 0xc6, 0x24, 0xff, 0x36, 0x25, 0x62, 0x0c,
+ 0x2b, 0x29, 0xbc, 0x1e, 0x2a, 0x89, 0x68, 0xa5, 0xe5, 0x87, 0x5d, 0x72, 0x0c, 0xa5, 0xd4, 0xaa,
+ 0xff, 0xd4, 0xc0, 0x3b, 0x33, 0x4f, 0x07, 0x68, 0x25, 0x42, 0x37, 0x53, 0xa1, 0x57, 0x8a, 0x05,
+ 0xde, 0xcc, 0x4f, 0x27, 0xeb, 0x83, 0xe7, 0x2f, 0x2a, 0x73, 0xdf, 0xbc, 0xa8, 0xcc, 0x7d, 0xfb,
+ 0xa2, 0x32, 0xf7, 0xa7, 0x61, 0x45, 0x7b, 0x3e, 0xac, 0x68, 0xdf, 0x0c, 0x2b, 0xda, 0xb7, 0xc3,
+ 0x8a, 0xf6, 0xbf, 0x61, 0x45, 0xfb, 0xeb, 0xff, 0x2b, 0x73, 0xbf, 0x5d, 0x52, 0x72, 0xdf, 0x07,
+ 0x00, 0x00, 0xff, 0xff, 0x15, 0x2e, 0xf4, 0x72, 0x59, 0x16, 0x00, 0x00,
}
diff --git a/staging/src/k8s.io/api/policy/v1beta1/generated.proto b/staging/src/k8s.io/api/policy/v1beta1/generated.proto
index aa37d948f5..b6f147d1b5 100644
--- a/staging/src/k8s.io/api/policy/v1beta1/generated.proto
+++ b/staging/src/k8s.io/api/policy/v1beta1/generated.proto
@@ -242,6 +242,12 @@ message PodSecurityPolicySpec {
// runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set.
optional RunAsUserStrategyOptions runAsUser = 11;
+ // RunAsGroup is the strategy that will dictate the allowable RunAsGroup values that may be set.
+ // If this field is omitted, the pod's RunAsGroup can take any value. This field requires the
+ // RunAsGroup feature gate to be enabled.
+ // +optional
+ optional RunAsGroupStrategyOptions runAsGroup = 22;
+
// supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.
optional SupplementalGroupsStrategyOptions supplementalGroups = 12;
@@ -305,6 +311,17 @@ message PodSecurityPolicySpec {
repeated string allowedProcMountTypes = 21;
}
+// RunAsGroupStrategyOptions defines the strategy type and any options used to create the strategy.
+message RunAsGroupStrategyOptions {
+ // rule is the strategy that will dictate the allowable RunAsGroup values that may be set.
+ optional string rule = 1;
+
+ // ranges are the allowed ranges of gids that may be used. If you would like to force a single gid
+ // then supply a single range with the same start and end. Required for MustRunAs.
+ // +optional
+ repeated IDRange ranges = 2;
+}
+
// RunAsUserStrategyOptions defines the strategy type and any options used to create the strategy.
message RunAsUserStrategyOptions {
// rule is the strategy that will dictate the allowable RunAsUser values that may be set.
diff --git a/staging/src/k8s.io/api/policy/v1beta1/types.go b/staging/src/k8s.io/api/policy/v1beta1/types.go
index c1a2727509..52f50752ac 100644
--- a/staging/src/k8s.io/api/policy/v1beta1/types.go
+++ b/staging/src/k8s.io/api/policy/v1beta1/types.go
@@ -174,6 +174,11 @@ type PodSecurityPolicySpec struct {
SELinux SELinuxStrategyOptions `json:"seLinux" protobuf:"bytes,10,opt,name=seLinux"`
// runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set.
RunAsUser RunAsUserStrategyOptions `json:"runAsUser" protobuf:"bytes,11,opt,name=runAsUser"`
+ // RunAsGroup is the strategy that will dictate the allowable RunAsGroup values that may be set.
+ // If this field is omitted, the pod's RunAsGroup can take any value. This field requires the
+ // RunAsGroup feature gate to be enabled.
+ // +optional
+ RunAsGroup *RunAsGroupStrategyOptions `json:"runAsGroup,omitempty" protobuf:"bytes,22,opt,name=runAsGroup"`
// supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.
SupplementalGroups SupplementalGroupsStrategyOptions `json:"supplementalGroups" protobuf:"bytes,12,opt,name=supplementalGroups"`
// fsGroup is the strategy that will dictate what fs group is used by the SecurityContext.
@@ -319,6 +324,16 @@ type RunAsUserStrategyOptions struct {
Ranges []IDRange `json:"ranges,omitempty" protobuf:"bytes,2,rep,name=ranges"`
}
+// RunAsGroupStrategyOptions defines the strategy type and any options used to create the strategy.
+type RunAsGroupStrategyOptions struct {
+ // rule is the strategy that will dictate the allowable RunAsGroup values that may be set.
+ Rule RunAsGroupStrategy `json:"rule" protobuf:"bytes,1,opt,name=rule,casttype=RunAsGroupStrategy"`
+ // ranges are the allowed ranges of gids that may be used. If you would like to force a single gid
+ // then supply a single range with the same start and end. Required for MustRunAs.
+ // +optional
+ Ranges []IDRange `json:"ranges,omitempty" protobuf:"bytes,2,rep,name=ranges"`
+}
+
// IDRange provides a min/max of an allowed range of IDs.
type IDRange struct {
// min is the start of the range, inclusive.
@@ -340,6 +355,20 @@ const (
RunAsUserStrategyRunAsAny RunAsUserStrategy = "RunAsAny"
)
+// RunAsGroupStrategy denotes strategy types for generating RunAsGroup values for a
+// Security Context.
+type RunAsGroupStrategy string
+
+const (
+ // RunAsGroupStrategyMayRunAs means that container does not need to run with a particular gid.
+ // However, when RunAsGroup are specified, they have to fall in the defined range.
+ RunAsGroupStrategyMayRunAs RunAsGroupStrategy = "MayRunAs"
+ // RunAsGroupStrategyMustRunAs means that container must run as a particular gid.
+ RunAsGroupStrategyMustRunAs RunAsGroupStrategy = "MustRunAs"
+ // RunAsUserStrategyRunAsAny means that container may make requests for any gid.
+ RunAsGroupStrategyRunAsAny RunAsGroupStrategy = "RunAsAny"
+)
+
// FSGroupStrategyOptions defines the strategy type and options used to create the strategy.
type FSGroupStrategyOptions struct {
// rule is the strategy that will dictate what FSGroup is used in the SecurityContext.
diff --git a/staging/src/k8s.io/api/policy/v1beta1/types_swagger_doc_generated.go b/staging/src/k8s.io/api/policy/v1beta1/types_swagger_doc_generated.go
index df10b2a29b..547ef18ea4 100644
--- a/staging/src/k8s.io/api/policy/v1beta1/types_swagger_doc_generated.go
+++ b/staging/src/k8s.io/api/policy/v1beta1/types_swagger_doc_generated.go
@@ -162,6 +162,7 @@ var map_PodSecurityPolicySpec = map[string]string{
"hostIPC": "hostIPC determines if the policy allows the use of HostIPC in the pod spec.",
"seLinux": "seLinux is the strategy that will dictate the allowable labels that may be set.",
"runAsUser": "runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set.",
+ "runAsGroup": "RunAsGroup is the strategy that will dictate the allowable RunAsGroup values that may be set. If this field is omitted, the pod's RunAsGroup can take any value. This field requires the RunAsGroup feature gate to be enabled.",
"supplementalGroups": "supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.",
"fsGroup": "fsGroup is the strategy that will dictate what fs group is used by the SecurityContext.",
"readOnlyRootFilesystem": "readOnlyRootFilesystem when set to true will force containers to run with a read only root file system. If the container specifically requests to run with a non-read only root file system the PSP should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to.",
@@ -178,6 +179,16 @@ func (PodSecurityPolicySpec) SwaggerDoc() map[string]string {
return map_PodSecurityPolicySpec
}
+var map_RunAsGroupStrategyOptions = map[string]string{
+ "": "RunAsGroupStrategyOptions defines the strategy type and any options used to create the strategy.",
+ "rule": "rule is the strategy that will dictate the allowable RunAsGroup values that may be set.",
+ "ranges": "ranges are the allowed ranges of gids that may be used. If you would like to force a single gid then supply a single range with the same start and end. Required for MustRunAs.",
+}
+
+func (RunAsGroupStrategyOptions) SwaggerDoc() map[string]string {
+ return map_RunAsGroupStrategyOptions
+}
+
var map_RunAsUserStrategyOptions = map[string]string{
"": "RunAsUserStrategyOptions defines the strategy type and any options used to create the strategy.",
"rule": "rule is the strategy that will dictate the allowable RunAsUser values that may be set.",
diff --git a/staging/src/k8s.io/api/policy/v1beta1/zz_generated.deepcopy.go b/staging/src/k8s.io/api/policy/v1beta1/zz_generated.deepcopy.go
index 9af268a438..1a02ae6007 100644
--- a/staging/src/k8s.io/api/policy/v1beta1/zz_generated.deepcopy.go
+++ b/staging/src/k8s.io/api/policy/v1beta1/zz_generated.deepcopy.go
@@ -348,6 +348,11 @@ func (in *PodSecurityPolicySpec) DeepCopyInto(out *PodSecurityPolicySpec) {
}
in.SELinux.DeepCopyInto(&out.SELinux)
in.RunAsUser.DeepCopyInto(&out.RunAsUser)
+ if in.RunAsGroup != nil {
+ in, out := &in.RunAsGroup, &out.RunAsGroup
+ *out = new(RunAsGroupStrategyOptions)
+ (*in).DeepCopyInto(*out)
+ }
in.SupplementalGroups.DeepCopyInto(&out.SupplementalGroups)
in.FSGroup.DeepCopyInto(&out.FSGroup)
if in.DefaultAllowPrivilegeEscalation != nil {
@@ -398,6 +403,27 @@ func (in *PodSecurityPolicySpec) DeepCopy() *PodSecurityPolicySpec {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *RunAsGroupStrategyOptions) DeepCopyInto(out *RunAsGroupStrategyOptions) {
+ *out = *in
+ if in.Ranges != nil {
+ in, out := &in.Ranges, &out.Ranges
+ *out = make([]IDRange, len(*in))
+ copy(*out, *in)
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RunAsGroupStrategyOptions.
+func (in *RunAsGroupStrategyOptions) DeepCopy() *RunAsGroupStrategyOptions {
+ if in == nil {
+ return nil
+ }
+ out := new(RunAsGroupStrategyOptions)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *RunAsUserStrategyOptions) DeepCopyInto(out *RunAsUserStrategyOptions) {
*out = *in