pepr 0.0.9 → 0.1.0

package/src/lib/k8s/kinds.ts

@@ -0,0 +1,470 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2023-Present The Pepr Authors
+
+import { GroupVersionKind } from "./types";
+
+export const gvkMap: Record<string, GroupVersionKind> = {
+  /**
+   * Represents a K8s ConfigMap resource.
+   * ConfigMap holds configuration data for pods to consume.
+   * @see {@link https://kubernetes.io/docs/concepts/configuration/configmap/}
+   */
+  V1ConfigMap: {
+    kind: "ConfigMap",
+    version: "v1",
+    group: "",
+  },
+
+  /**
+   * Represents a K8s Endpoints resource.
+   * Endpoints expose a service's IP addresses and ports to other resources.
+   * @see {@link https://kubernetes.io/docs/concepts/services-networking/service/#endpoints}
+   */
+  V1Endpoint: {
+    kind: "Endpoints",
+    version: "v1",
+    group: "",
+  },
+
+  /**
+   * Represents a K8s LimitRange resource.
+   * LimitRange enforces constraints on the resource consumption of objects in a namespace.
+   * @see {@link https://kubernetes.io/docs/concepts/policy/limit-range/}
+   */
+  V1LimitRange: {
+    kind: "LimitRange",
+    version: "v1",
+    group: "",
+  },
+
+  /**
+   * Represents a K8s Namespace resource.
+   * Namespace is a way to divide cluster resources between multiple users.
+   * @see {@link https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/}
+   */
+  V1Namespace: {
+    kind: "Namespace",
+    version: "v1",
+    group: "",
+  },
+
+  /**
+   * Represents a K8s Node resource.
+   * Node is a worker machine in Kubernetes.
+   * @see {@link https://kubernetes.io/docs/concepts/architecture/nodes/}
+   */
+  V1Node: {
+    kind: "Node",
+    version: "v1",
+    group: "",
+  },
+
+  /**
+   * Represents a K8s PersistentVolumeClaim resource.
+   * PersistentVolumeClaim is a user's request for and claim to a persistent volume.
+   * @see {@link https://kubernetes.io/docs/concepts/storage/persistent-volumes/#persistentvolumeclaims}
+   */
+  V1PersistentVolumeClaim: {
+    kind: "PersistentVolumeClaim",
+    version: "v1",
+    group: "",
+  },
+
+  /**
+   * Represents a K8s PersistentVolume resource.
+   * PersistentVolume is a piece of storage in the cluster that has been provisioned by an administrator.
+   * @see {@link https://kubernetes.io/docs/concepts/storage/persistent-volumes/}
+   */
+  V1PersistentVolume: {
+    kind: "PersistentVolume",
+    version: "v1",
+    group: "",
+  },
+
+  /**
+   * Represents a K8s Pod resource.
+   * Pod is the smallest and simplest unit in the Kubernetes object model.
+   * @see {@link https://kubernetes.io/docs/concepts/workloads/pods/}
+   */
+  V1Pod: {
+    kind: "Pod",
+    version: "v1",
+    group: "",
+  },
+  /**
+   * Represents a K8s PodTemplate resource.
+   * PodTemplate is an object that describes the pod that will be created from a higher level abstraction.
+   * @see {@link https://kubernetes.io/docs/concepts/workloads/controllers/#pod-template}
+   */
+  V1PodTemplate: {
+    kind: "PodTemplate",
+    version: "v1",
+    group: "",
+  },
+
+  /**
+   * Represents a K8s ReplicationController resource.
+   * ReplicationController ensures that a specified number of pod replicas are running at any given time.
+   * @see {@link https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/}
+   */
+  V1ReplicationController: {
+    kind: "ReplicationController",
+    version: "v1",
+    group: "",
+  },
+
+  /**
+   * Represents a K8s ResourceQuota resource.
+   * ResourceQuota provides constraints that limit resource consumption per namespace.
+   * @see {@link https://kubernetes.io/docs/concepts/policy/resource-quotas/}
+   */
+  V1ResourceQuota: {
+    kind: "ResourceQuota",
+    version: "v1",
+    group: "",
+  },
+
+  /**
+   * Represents a K8s Secret resource.
+   * Secret holds secret data of a certain type.
+   * @see {@link https://kubernetes.io/docs/concepts/configuration/secret/}
+   */
+  V1Secret: {
+    kind: "Secret",
+    version: "v1",
+    group: "",
+  },
+
+  /**
+   * Represents a K8s ServiceAccount resource.
+   * ServiceAccount is an identity that processes in a pod can use to access the Kubernetes API.
+   * @see {@link https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/}
+   */
+  V1ServiceAccount: {
+    kind: "ServiceAccount",
+    version: "v1",
+    group: "",
+  },
+
+  /**
+   * Represents a K8s Service resource.
+   * Service is an abstraction which defines a logical set of Pods and a policy by which to access them.
+   * @see {@link https://kubernetes.io/docs/concepts/services-networking/service/}
+   */
+  V1Service: {
+    kind: "Service",
+    version: "v1",
+    group: "",
+  },
+
+  /**
+   * Represents a K8s MutatingWebhookConfiguration resource.
+   * MutatingWebhookConfiguration configures a mutating admission webhook.
+   * @see {@link https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#configure-admission-webhooks-on-the-fly}
+   */
+  V1MutatingWebhookConfiguration: {
+    kind: "MutatingWebhookConfiguration",
+    version: "v1",
+    group: "admissionregistration.k8s.io",
+  },
+
+  /**
+   * Represents a K8s ValidatingWebhookConfiguration resource.
+   * ValidatingWebhookConfiguration configures a validating admission webhook.
+   * @see {@link https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#configure-admission-webhooks-on-the-fly}
+   */
+  V1ValidatingWebhookConfiguration: {
+    kind: "ValidatingWebhookConfiguration",
+    version: "v1",
+    group: "admissionregistration.k8s.io",
+  },
+  /**
+   * Represents a K8s CustomResourceDefinition resource.
+   * CustomResourceDefinition is a custom resource in a Kubernetes cluster.
+   * @see {@link https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/}
+   */
+  V1CustomResourceDefinition: {
+    kind: "CustomResourceDefinition",
+    version: "v1",
+    group: "apiextensions.k8s.io",
+  },
+
+  /**
+   * Represents a K8s APIService resource.
+   * APIService represents a server for a particular API version and group.
+   * @see {@link https://kubernetes.io/docs/tasks/access-kubernetes-api/setup-extension-api-server/}
+   */
+  V1APIService: {
+    kind: "APIService",
+    version: "v1",
+    group: "apiregistration.k8s.io",
+  },
+
+  /**
+   * Represents a K8s ControllerRevision resource.
+   * ControllerRevision is used to manage the history of a StatefulSet or DaemonSet.
+   * @see {@link https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#revision-history}
+   */
+  V1ControllerRevision: {
+    kind: "ControllerRevision",
+    version: "v1",
+    group: "apps",
+  },
+
+  /**
+   * Represents a K8s DaemonSet resource.
+   * DaemonSet ensures that all (or some) nodes run a copy of a Pod.
+   * @see {@link https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/}
+   */
+  V1DaemonSet: {
+    kind: "DaemonSet",
+    version: "v1",
+    group: "apps",
+  },
+
+  /**
+   * Represents a K8s Deployment resource.
+   * Deployment provides declarative updates for Pods and ReplicaSets.
+   * @see {@link https://kubernetes.io/docs/concepts/workloads/controllers/deployment/}
+   */
+  V1Deployment: {
+    kind: "Deployment",
+    version: "v1",
+    group: "apps",
+  },
+
+  /**
+   * Represents a K8s ReplicaSet resource.
+   * ReplicaSet ensures that a specified number of pod replicas are running at any given time.
+   * @see {@link https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/}
+   */
+  V1ReplicaSet: {
+    kind: "ReplicaSet",
+    version: "v1",
+    group: "apps",
+  },
+
+  /**
+   * Represents a K8s StatefulSet resource.
+   * StatefulSet is used to manage stateful applications.
+   * @see {@link https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/}
+   */
+  V1StatefulSet: {
+    kind: "StatefulSet",
+    version: "v1",
+    group: "apps",
+  },
+
+  /**
+   * Represents a K8s TokenReview resource.
+   * TokenReview attempts to authenticate a token to a known user.
+   * @see {@link https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#tokenreview-v1-authentication-k8s-io}
+   */
+  V1TokenReview: {
+    kind: "TokenReview",
+    version: "v1",
+    group: "authentication.k8s.io",
+  },
+
+  /**
+   * Represents a K8s LocalSubjectAccessReview resource.
+   * LocalSubjectAccessReview checks whether a specific user can perform a specific action in a specific namespace.
+   * @see {@link https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#localsubjectaccessreview-v1-authorization-k8s-io}
+   */
+  V1LocalSubjectAccessReview: {
+    kind: "LocalSubjectAccessReview",
+    version: "v1",
+    group: "authorization.k8s.io",
+  },
+
+  /**
+   * Represents a K8s SelfSubjectAccessReview resource.
+   * SelfSubjectAccessReview checks whether the current user can perform a specific action.
+   * @see {@link https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#selfsubjectaccessreview-v1-authorization-k8s-io}
+   */
+  V1SelfSubjectAccessReview: {
+    kind: "SelfSubjectAccessReview",
+    version: "v1",
+    group: "authorization.k8s.io",
+  },
+
+  /**
+   * Represents a K8s SelfSubjectRulesReview resource.
+   * SelfSubjectRulesReview lists the permissions a specific user has within a namespace.
+   * @see {@link https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#selfsubjectrulesreview-v1-authorization-k8s-io}
+   */
+  V1SelfSubjectRulesReview: {
+    kind: "SelfSubjectRulesReview",
+    version: "v1",
+    group: "authorization.k8s.io",
+  },
+
+  /**
+   * Represents a K8s SubjectAccessReview resource.
+   * SubjectAccessReview checks whether a specific user can perform a specific action.
+   * @see {@link https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#subjectaccessreview-v1-authorization-k8s-io}
+   */
+  V1SubjectAccessReview: {
+    kind: "SubjectAccessReview",
+    version: "v1",
+    group: "authorization.k8s.io",
+  },
+
+  /**
+   * Represents a K8s HorizontalPodAutoscaler resource.
+   * HorizontalPodAutoscaler automatically scales the number of Pods in a replication controller, deployment, or replica set.
+   * @see {@link https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/}
+   */
+  V1HorizontalPodAutoscaler: {
+    kind: "HorizontalPodAutoscaler",
+    version: "v2",
+    group: "autoscaling",
+  },
+
+  /**
+   * Represents a K8s CronJob resource.
+   * CronJob manages time-based jobs, specifically those that run periodically and complete after a successful execution.
+   * @see {@link https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/}
+   */
+  V1CronJob: {
+    kind: "CronJob",
+    version: "v1",
+    group: "batch",
+  },
+
+  /**
+   * Represents a K8s Job resource.
+   * Job represents the configuration of a single job.
+   * @see {@link https://kubernetes.io/docs/concepts/workloads/controllers/job/}
+   */
+  V1Job: {
+    kind: "Job",
+    version: "v1",
+    group: "batch",
+  },
+
+  /**
+   * Represents a K8s CertificateSigningRequest resource.
+   * CertificateSigningRequest represents a certificate signing request.
+   * @see {@link https://kubernetes.io/docs/reference/access-authn-authz/certificate-signing-requests/}
+   */
+  V1CertificateSigningRequest: {
+    kind: "CertificateSigningRequest",
+    version: "v1",
+    group: "certificates.k8s.io",
+  },
+
+  /**
+   * Represents a K8s EndpointSlice resource.
+   * EndpointSlice represents a scalable set of network endpoints for a Kubernetes Service.
+   * @see {@link https://kubernetes.io/docs/concepts/services-networking/endpoint-slices/}
+   */
+  V1EndpointSlice: {
+    kind: "EndpointSlice",
+    version: "v1",
+    group: "discovery.k8s.io",
+  },
+
+  /**
+   * Represents a K8s IngressClass resource.
+   * IngressClass represents the class of the Ingress, referenced by the Ingress spec.
+   * @see {@link https://kubernetes.io/docs/concepts/services-networking/ingress/}
+   */
+  V1IngressClass: {
+    kind: "IngressClass",
+    version: "v1",
+    group: "networking.k8s.io",
+  },
+
+  /**
+   * Represents a K8s Ingress resource.
+   * Ingress exposes HTTP and HTTPS routes from outside the cluster to services within the cluster.
+   * @see {@link https://kubernetes.io/docs/concepts/services-networking/ingress/}
+   */
+  V1Ingress: {
+    kind: "Ingress",
+    version: "v1",
+    group: "networking.k8s.io",
+  },
+
+  /**
+   * Represents a K8s NetworkPolicy resource.
+   * NetworkPolicy defines a set of rules for how pods communicate with each other.
+   * @see {@link https://kubernetes.io/docs/concepts/services-networking/network-policies/}
+   */
+  V1NetworkPolicy: {
+    kind: "NetworkPolicy",
+    version: "v1",
+    group: "networking.k8s.io",
+  },
+
+  /**
+   * Represents a K8s RuntimeClass resource.
+   * RuntimeClass is a cluster-scoped resource that surfaces container runtime properties to the control plane.
+   * @see {@link https://kubernetes.io/docs/concepts/containers/runtime-class/}
+   */
+  V1RuntimeClass: {
+    kind: "RuntimeClass",
+    version: "v1",
+    group: "node.k8s.io",
+  },
+
+  /**
+   * Represents a K8s PodDisruptionBudget resource.
+   * PodDisruptionBudget is an API object that limits the number of pods of a replicated application that are down simultaneously.
+   * @see {@link https://kubernetes.io/docs/concepts/workloads/pods/disruptions/}
+   */
+  V1PodDisruptionBudget: {
+    kind: "PodDisruptionBudget",
+    version: "v1",
+    group: "policy",
+  },
+
+  /**
+   * Represents a K8s VolumeAttachment resource.
+   * VolumeAttachment captures the intent to attach or detach the specified volume to/from the specified node.
+   * @see {@link https://kubernetes.io/docs/concepts/storage/storage-classes/}
+   */
+  V1VolumeAttachment: {
+    kind: "VolumeAttachment",
+    version: "v1",
+    group: "storage.k8s.io",
+  },
+
+  /**
+   * Represents a K8s CSIDriver resource.
+   * CSIDriver captures information about a Container Storage Interface (CSI) volume driver.
+   * @see {@link https://kubernetes.io/docs/concepts/storage/volumes/}
+   */
+  V1CSIDriver: {
+    kind: "CSIDriver",
+    version: "v1",
+    group: "storage.k8s.io",
+  },
+
+  /**
+   * Represents a K8s CSIStorageCapacity resource.
+   * CSIStorageCapacity stores the reported storage capacity of a CSI node or storage class.
+   * @see {@link https://kubernetes.io/docs/concepts/storage/csi/}
+   */
+  V1CSIStorageCapacity: {
+    kind: "CSIStorageCapacity",
+    version: "v1",
+    group: "storage.k8s.io",
+  },
+
+  /**
+   * Represents a K8s StorageClass resource.
+   * StorageClass is a cluster-scoped resource that provides a way for administrators to describe the classes of storage they offer.
+   * @see {@link https://kubernetes.io/docs/concepts/storage/storage-classes/}
+   */
+  V1StorageClass: {
+    kind: "StorageClass",
+    version: "v1",
+    group: "storage.k8s.io",
+  },
+};
+
+export function modelToGroupVersionKind(key: string): GroupVersionKind {
+  return gvkMap[key];
+}

package/src/lib/k8s/stub-tls.ts

@@ -0,0 +1,88 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2023-Present The Pepr Authors
+
+// @todo: quick and dirty temp tls chain for testing, to be replaced at runtime
+// Don't freak out, this is a self-signed cert for testing purposes only.
+
+export function tlsCert() {
+  return Buffer.from(
+    `-----BEGIN CERTIFICATE-----
+  MIIDgzCCAmugAwIBAgIRALguxABI0Iy914FcdkM7B7EwDQYJKoZIhvcNAQELBQAw
+  NzEXMBUGA1UEChMOWmFyZiBDb21tdW5pdHkxHDAaBgNVBAMTE2NhLnByaXZhdGUu
+  emFyZi5kZXYwHhcNMjMwMzMxMjMyMTUxWhcNMjQwNDA5MjMyMTUxWjA8MRUwEwYD
+  VQQKEwxaYXJmIENsdXN0ZXIxIzAhBgNVBAMTGmNvbnRyb2xsZXIucGVwci1zeXN0
+  ZW0uc3ZjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt6s7JQyXdZrj
+  uobjqbZEdh2VRnWaVhdYnWGOB3jguWXrBTTRmPhPuKx9X+ORFrDftG5cGkDp3okC
+  YGimun932Vi/nmwIc2Q1EAvmaj7LbPDPR4J8RUAO3pqsJijUULmXhrkLgdUxAIY5
+  srFtuLdaEh0VSc8YUDtbBP3dagDIe+v9eHVS1/ayiv/Tfscm7Mk3NQzvmQfJ5Vt5
+  K9At+9k7gfV//vBd7SoTJ4uowL+XgyIgF0jIHjHRAX9eR3ew8yly9Sp1K6gEt/oQ
+  8pQ8wS37/Dhb3FOQQ5owB1hem1hvdK9qtbwClyzUU/o4RODPcrl/k4MADrGi3wcq
+  n+FpiwlLLQIDAQABo4GEMIGBMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggr
+  BgEFBQcDATAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFIARVhDhiMNYF+0KwIgA
+  AhO2gLlRMCsGA1UdEQQkMCKCGmNvbnRyb2xsZXIucGVwci1zeXN0ZW0uc3ZjhwR/
+  AAABMA0GCSqGSIb3DQEBCwUAA4IBAQBsJN3H67/YTl8jQHgsU5sY65u0KlDcxL/v
+  vDDx807P4ohTa6dLl/mXZD6swN7W0O1oDCgVtTWjAB10UrcLlvs6yos8V4ENzqhM
+  DaUMwsQSXKCIH/VKaJecpt23SCGYoPZuYBh4PkYwdzBYIQPykV5NdMf02t5DONN+
+  08Cj+sE8ESpM3SyTpAAqaJfI+CFzNho8yq3e/zjrswG0FbjZCmG6fitNCCj6G4p1
+  lOmt+yadVUqov483l09JKUHTut+UsIf91XLCEfon+ajU/IObWDk9sqW8tCFBxhiq
+  5Ub2jDZ/hw/3RQHZfP69c1rFRIHMy/ci8cfk6PMg+d4rsNll6kYI
+  -----END CERTIFICATE-----`
+  ).toString("base64");
+}
+
+export function tlsKey() {
+  return Buffer.from(
+    `-----BEGIN RSA PRIVATE KEY-----
+    MIIEpQIBAAKCAQEAt6s7JQyXdZrjuobjqbZEdh2VRnWaVhdYnWGOB3jguWXrBTTR
+    mPhPuKx9X+ORFrDftG5cGkDp3okCYGimun932Vi/nmwIc2Q1EAvmaj7LbPDPR4J8
+    RUAO3pqsJijUULmXhrkLgdUxAIY5srFtuLdaEh0VSc8YUDtbBP3dagDIe+v9eHVS
+    1/ayiv/Tfscm7Mk3NQzvmQfJ5Vt5K9At+9k7gfV//vBd7SoTJ4uowL+XgyIgF0jI
+    HjHRAX9eR3ew8yly9Sp1K6gEt/oQ8pQ8wS37/Dhb3FOQQ5owB1hem1hvdK9qtbwC
+    lyzUU/o4RODPcrl/k4MADrGi3wcqn+FpiwlLLQIDAQABAoIBAAxt3wPD1WAVCkIu
+    LKvodLuVhuuMu9QFom6MEoN476Q8PGpOx7xVWXfC3H0ntkLV112rdjokmG8B0JJb
+    oqTOSXsA4X7ECtJcPqcGVyJre3K03SIWt3gsPJVd3DZ83tlTpehtD1VK6xUBAFiS
+    Xz130vWU2EL1a8zKJ3+v+lLZGLgiA8smdUSa3eOCC6nNbPQb8v2d8qRy0f/VaQE8
+    PtjKaMRK+3pSz2wuWXnGC0rerjyANs1zpDP/ZbQ3gqZ/NGi91E5JueCyZeIA/Rw3
+    XtEwxoN66OFrdONortUvTgPvpITLKQiL/kK7BX5jX0xAQQtKyd6uL2fWMHcg/AQz
+    D7T4+dUCgYEA6FJfBPu1505UZxsOvgpCN8qCt+NKF8QW+m90Bvfx7NQcVH/8iYq9
+    7biR6fBTWWlNjwqlZ+jl1L50HP3gaZ95rjOfJYFQ47XESDVjOoVNfZWBx7c410or
+    kx9wOLUv21GGndxIlcsTUSJZ9S++rBjFZfPPSmfmMA/GTusTfkiJS1MCgYEAymNu
+    ibcSagKpgjesPosVRz+KQqeDt2cWnWgvlfTD8urRY/0eGObZ9Fy0iDamtaJRhMYT
+    UenvIHntBBnc1wBvzyOrveQpnCpkeaWrqt38VUm2RO4w0ANxXqF6LMEQBTDbsVUm
+    JTyzRc+e5RL3O63Gx0jEu5iAvOg4pznK+wQev38CgYEAvm9u9i3CsUVTCGV0kzDj
+    kMoOlt/YR1z0nPqpOGEcTU6dnmJ/RtuUzn1iFkpqeDtKWTuX1HJjmx03HuC4iLwx
+    ySsFhH/ZJ59CsxIYMcs9dvkLtgMps8hXqbS2j7Vt8jCE0XfVg/w/7FzlMoedm4J+
+    pRDS1aIPXUxA+UXW58hbyoMCgYEAv2BEfx7I38uCpCqmykFULpor0Bl82Kk3XkLN
+    dHwN6h8XPvhzRFLO2F3tLDyZaXmCog126WdPAiOo9s7J39h+4Z02YgplOlFvzwPU
+    j273k2JvY0DkkV4gDr6cu8MXtgDcTRRaTK3YS3QnKS/E7v7Ez17FASsU2QyxvZdN
+    lAzyUlsCgYEA6A3UAY/gdxtwGf0kAb/hsHPaZLE8dJk7V6k9AUpgiC+sXEr3hLOe
+    f5FVCDgseP0vWtRLytYbNZSNkW07RIpJV0tE98E7iUVt41NJD1QPRLOSZEAuwkDi
+    yfYC8xiJwEHBEDTCnKYEyvB6be3zXssGzhp1dbtYILkheEkaewfP5ks=
+    -----END RSA PRIVATE KEY-----`
+  ).toString("base64");
+}
+
+export function tlsCA() {
+  return Buffer.from(
+    `-----BEGIN CERTIFICATE-----
+    MIIDWTCCAkGgAwIBAgIQb32UoSCN8rk1nBF3YcWU6zANBgkqhkiG9w0BAQsFADA3
+    MRcwFQYDVQQKEw5aYXJmIENvbW11bml0eTEcMBoGA1UEAxMTY2EucHJpdmF0ZS56
+    YXJmLmRldjAeFw0yMzAzMzEyMzIxNTBaFw0yNDA0MDkyMzIxNTBaMDcxFzAVBgNV
+    BAoTDlphcmYgQ29tbXVuaXR5MRwwGgYDVQQDExNjYS5wcml2YXRlLnphcmYuZGV2
+    MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuBDS+q67EPRR0pGFNWxd
+    JaM2qFWlsjmS8RPiSGmLrRrtLkYDhOUK+PlZLT7Gww/kGPrC/Jq+NSbKt7gDdbrr
+    1dBo4tSMFNG0DpcR5JVLGayU1qOBCVoM0kGSJ2U4w9q475rbogb+k+/nnwHCjfTN
+    fN/78c4Tg6ZKGc0ChXbEPduVmku0qrFwV70Cx6rNjsGT7o5E84NJ/SEZEKsv9DXz
+    R6Padsnc7291XmyOqyoV4hOwbP6Xs2ZySefVkBm3JuT5brD6BXp/One9PjzeQHtP
+    Ito1dOnpiCXFS4GTkEJ3slTMFPpxnImgn3+rgr3a8Pq5ICqfheEtCUeLlayKohO2
+    uwIDAQABo2EwXzAOBgNVHQ8BAf8EBAMCAoQwHQYDVR0lBBYwFAYIKwYBBQUHAwEG
+    CCsGAQUFBwMCMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFIARVhDhiMNYF+0K
+    wIgAAhO2gLlRMA0GCSqGSIb3DQEBCwUAA4IBAQBCeISg2fAvgUm+LCxE0An5ZwUw
+    knO+vTjxeEQXxH4xQjz5Hpj3MQaXFvH2XAhbTAYQl8pKNWcN7vyl/5O8u+AjdDVD
+    3TQv5TxQK7gs8YmC1LMc66aFSYHruqCD14PiwaQqD8Rzz8/nGwqvCD3K6vDsyvC4
+    anUV/tzbMU/hwCn6uw+S/LgM4xQIllccGX1cJC7pSZJNiTzmhWEfKpOVrUoTEQqf
+    tyAwSSHdPz5EhuDybxhOhh00lQG5POY6UGYqKKR1uoXXniqGXXjIqUeiA6FjEMYC
+    4V//uhn+NeiPo1VtU7sCZfxT4x/qSy/bSSdB3qADqmgWhRHelJPe2TlBmCDx
+    -----END CERTIFICATE-----`
+  ).toString("base64");
+}