mirrors/velero
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/velero.git synced 2026-01-07 13:55:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix CVE-2020-29652 and CVE-2020-26160 (#4274)

Browse Source 
Bump up restic to v0.12.1 to fix CVE-2020-26160.
Bump up module "github.com/vmware-tanzu/crash-diagnostics" to v0.3.7 to fix CVE-2020-29652.
The "github.com/vmware-tanzu/crash-diagnostics" updates client-go to v0.22.2 which introduces several break changes, this commit updates the related codes as well

Signed-off-by: Wenkai Yin(尹文开) <yinw@vmware.com>
This commit is contained in:
Wenkai Yin(尹文开)
2021-11-04 04:30:26 +08:00
committed by GitHub
parent 4a792c71ef
commit 9f0ea22c60
13 changed files with 766 additions and 325 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.github/workflows/e2e-test-kind.yaml vendored
View File

@@ -71,6 +71,11 @@ jobs:
- 1.22.0
fail-fast: false
steps:
- name: Set up Go
uses: actions/setup-go@v2
with:
go-version: 1.16
id: go
- name: Check out the code
uses: actions/checkout@v2
- name: Install MinIO

4
Makefile
View File

@@ -81,8 +81,8 @@ buildx not enabled, refusing to run this recipe
see: https://velero.io/docs/main/build-from-source/#making-images-and-updating-velero for more info
endef
# The version of restic binary to be downloaded for power architecture
RESTIC_VERSION ?= 0.12.0
# The version of restic binary to be downloaded
RESTIC_VERSION ?= 0.12.1
CLI_PLATFORMS ?= linux-amd64 linux-arm linux-arm64 darwin-amd64 windows-amd64 linux-ppc64le
BUILDX_PLATFORMS ?= $(subst -,/,$(ARCH))

1
changelogs/unreleased/4274-ywk253100 Normal file
View File

@@ -0,0 +1 @@
Fix CVE-2020-29652 and CVE-2020-26160

139
config/crd/v1/bases/velero.io_restores.yaml
View File

@@ -205,8 +205,10 @@ spec:
are expanded using the container''s environment.
If a variable cannot be resolved, the
reference in the input string will be
unchanged. The $(VAR_NAME) syntax can
be escaped with a double $$, ie: $$(VAR_NAME).
unchanged. Double $$ are reduced to a
single $, which allows for escaping the
$(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded,
regardless of whether the variable exists
or not. Cannot be updated. More info:
@@ -221,12 +223,14 @@ spec:
references $(VAR_NAME) are expanded using
the container''s environment. If a variable
cannot be resolved, the reference in the
input string will be unchanged. The $(VAR_NAME)
syntax can be escaped with a double $$,
ie: $$(VAR_NAME). Escaped references will
never be expanded, regardless of whether
the variable exists or not. Cannot be
updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
input string will be unchanged. Double
$$ are reduced to a single $, which allows
for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string
literal "$(VAR_NAME)". Escaped references
will never be expanded, regardless of
whether the variable exists or not. Cannot
be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
items:
type: string
type: array
@@ -244,17 +248,19 @@ spec:
value:
description: 'Variable references
$(VAR_NAME) are expanded using the
previous defined environment variables
previously defined environment variables
in the container and any service
environment variables. If a variable
cannot be resolved, the reference
in the input string will be unchanged.
The $(VAR_NAME) syntax can be escaped
with a double $$, ie: $$(VAR_NAME).
Escaped references will never be
expanded, regardless of whether
the variable exists or not. Defaults
to "".'
Double $$ are reduced to a single
$, which allows for escaping the
$(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
will produce the string literal
"$(VAR_NAME)". Escaped references
will never be expanded, regardless
of whether the variable exists or
not. Defaults to "".'
type: string
valueFrom:
description: Source for the environment
@@ -804,6 +810,30 @@ spec:
required:
- port
type: object
terminationGracePeriodSeconds:
description: Optional duration in seconds
the pod needs to terminate gracefully
upon probe failure. The grace period
is the duration in seconds after the
processes running in the pod are sent
a termination signal and the time
when the processes are forcibly halted
with a kill signal. Set this value
longer than the expected cleanup time
for your process. If this value is
nil, the pod's terminationGracePeriodSeconds
will be used. Otherwise, this value
overrides the value provided by the
pod spec. Value must be non-negative
integer. The value zero indicates
stop immediately via the kill signal
(no opportunity to shut down). This
is a beta field and requires enabling
ProbeTerminationGracePeriod feature
gate. Minimum value is 1. spec.terminationGracePeriodSeconds
is used if unset.
format: int64
type: integer
timeoutSeconds:
description: 'Number of seconds after
which the probe times out. Defaults
@@ -1006,6 +1036,30 @@ spec:
required:
- port
type: object
terminationGracePeriodSeconds:
description: Optional duration in seconds
the pod needs to terminate gracefully
upon probe failure. The grace period
is the duration in seconds after the
processes running in the pod are sent
a termination signal and the time
when the processes are forcibly halted
with a kill signal. Set this value
longer than the expected cleanup time
for your process. If this value is
nil, the pod's terminationGracePeriodSeconds
will be used. Otherwise, this value
overrides the value provided by the
pod spec. Value must be non-negative
integer. The value zero indicates
stop immediately via the kill signal
(no opportunity to shut down). This
is a beta field and requires enabling
ProbeTerminationGracePeriod feature
gate. Minimum value is 1. spec.terminationGracePeriodSeconds
is used if unset.
format: int64
type: integer
timeoutSeconds:
description: 'Number of seconds after
which the probe times out. Defaults
@@ -1017,7 +1071,7 @@ spec:
resources:
description: 'Compute Resources required
by this container. Cannot be updated.
More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
properties:
limits:
additionalProperties:
@@ -1028,7 +1082,7 @@ spec:
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum
amount of compute resources allowed.
More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
requests:
additionalProperties:
@@ -1043,12 +1097,14 @@ spec:
a container, it defaults to Limits
if that is explicitly specified, otherwise
to an implementation-defined value.
More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
securityContext:
description: 'Security options the pod should
run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/
description: 'SecurityContext defines the
security options the container should
be run with. If set, the fields of SecurityContext
override the equivalent fields of PodSecurityContext.
More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
properties:
allowPrivilegeEscalation:
@@ -1217,6 +1273,25 @@ spec:
is the name of the GMSA credential
spec to use.
type: string
hostProcess:
description: HostProcess determines
if a container should be run as
a 'Host Process' container. This
field is alpha-level and will
only be honored by components
that enable the WindowsHostProcessContainers
feature flag. Setting this field
without the feature flag will
result in errors when validating
the Pod. All of a Pod's containers
must have the same effective HostProcess
value (it is not allowed to have
a mix of HostProcess containers
and non-HostProcess containers). In
addition, if HostProcess is true
then HostNetwork must also be
set to true.
type: boolean
runAsUserName:
description: The UserName in Windows
to run the entrypoint of the container
@@ -1369,6 +1444,30 @@ spec:
required:
- port
type: object
terminationGracePeriodSeconds:
description: Optional duration in seconds
the pod needs to terminate gracefully
upon probe failure. The grace period
is the duration in seconds after the
processes running in the pod are sent
a termination signal and the time
when the processes are forcibly halted
with a kill signal. Set this value
longer than the expected cleanup time
for your process. If this value is
nil, the pod's terminationGracePeriodSeconds
will be used. Otherwise, this value
overrides the value provided by the
pod spec. Value must be non-negative
integer. The value zero indicates
stop immediately via the kill signal
(no opportunity to shut down). This
is a beta field and requires enabling
ProbeTerminationGracePeriod feature
gate. Minimum value is 1. spec.terminationGracePeriodSeconds
is used if unset.
format: int64
type: integer
timeoutSeconds:
description: 'Number of seconds after
which the probe times out. Defaults

2
config/crd/v1/crds/crds.go
View File

File diff suppressed because one or more lines are too long

151
config/crd/v1beta1/bases/velero.io_restores.yaml
View File

@@ -202,12 +202,14 @@ spec:
is not provided. Variable references $(VAR_NAME)
are expanded using the container''s environment.
If a variable cannot be resolved, the reference
in the input string will be unchanged. The
$(VAR_NAME) syntax can be escaped with a
double $$, ie: $$(VAR_NAME). Escaped references
will never be expanded, regardless of whether
the variable exists or not. Cannot be updated.
More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
in the input string will be unchanged. Double
$$ are reduced to a single $, which allows
for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal
"$(VAR_NAME)". Escaped references will never
be expanded, regardless of whether the variable
exists or not. Cannot be updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
items:
type: string
type: array
@@ -218,12 +220,14 @@ spec:
references $(VAR_NAME) are expanded using
the container''s environment. If a variable
cannot be resolved, the reference in the
input string will be unchanged. The $(VAR_NAME)
syntax can be escaped with a double $$,
ie: $$(VAR_NAME). Escaped references will
never be expanded, regardless of whether
the variable exists or not. Cannot be updated.
More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
input string will be unchanged. Double $$
are reduced to a single $, which allows
for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal
"$(VAR_NAME)". Escaped references will never
be expanded, regardless of whether the variable
exists or not. Cannot be updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
items:
type: string
type: array
@@ -240,17 +244,19 @@ spec:
type: string
value:
description: 'Variable references $(VAR_NAME)
are expanded using the previous defined
environment variables in the container
and any service environment variables.
If a variable cannot be resolved,
the reference in the input string
will be unchanged. The $(VAR_NAME)
syntax can be escaped with a double
$$, ie: $$(VAR_NAME). Escaped references
will never be expanded, regardless
of whether the variable exists or
not. Defaults to "".'
are expanded using the previously
defined environment variables in the
container and any service environment
variables. If a variable cannot be
resolved, the reference in the input
string will be unchanged. Double $$
are reduced to a single $, which allows
for escaping the $(VAR_NAME) syntax:
i.e. "$$(VAR_NAME)" will produce the
string literal "$(VAR_NAME)". Escaped
references will never be expanded,
regardless of whether the variable
exists or not. Defaults to "".'
type: string
valueFrom:
description: Source for the environment
@@ -792,6 +798,29 @@ spec:
required:
- port
type: object
terminationGracePeriodSeconds:
description: Optional duration in seconds
the pod needs to terminate gracefully
upon probe failure. The grace period
is the duration in seconds after the
processes running in the pod are sent
a termination signal and the time when
the processes are forcibly halted with
a kill signal. Set this value longer
than the expected cleanup time for your
process. If this value is nil, the pod's
terminationGracePeriodSeconds will be
used. Otherwise, this value overrides
the value provided by the pod spec.
Value must be non-negative integer.
The value zero indicates stop immediately
via the kill signal (no opportunity
to shut down). This is a beta field
and requires enabling ProbeTerminationGracePeriod
feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
is used if unset.
format: int64
type: integer
timeoutSeconds:
description: 'Number of seconds after
which the probe times out. Defaults
@@ -991,6 +1020,29 @@ spec:
required:
- port
type: object
terminationGracePeriodSeconds:
description: Optional duration in seconds
the pod needs to terminate gracefully
upon probe failure. The grace period
is the duration in seconds after the
processes running in the pod are sent
a termination signal and the time when
the processes are forcibly halted with
a kill signal. Set this value longer
than the expected cleanup time for your
process. If this value is nil, the pod's
terminationGracePeriodSeconds will be
used. Otherwise, this value overrides
the value provided by the pod spec.
Value must be non-negative integer.
The value zero indicates stop immediately
via the kill signal (no opportunity
to shut down). This is a beta field
and requires enabling ProbeTerminationGracePeriod
feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
is used if unset.
format: int64
type: integer
timeoutSeconds:
description: 'Number of seconds after
which the probe times out. Defaults
@@ -1002,7 +1054,7 @@ spec:
resources:
description: 'Compute Resources required by
this container. Cannot be updated. More
info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
properties:
limits:
additionalProperties:
@@ -1013,7 +1065,7 @@ spec:
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum
amount of compute resources allowed.
More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
requests:
additionalProperties:
@@ -1027,12 +1079,14 @@ spec:
If Requests is omitted for a container,
it defaults to Limits if that is explicitly
specified, otherwise to an implementation-defined
value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
securityContext:
description: 'Security options the pod should
run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/
description: 'SecurityContext defines the
security options the container should be
run with. If set, the fields of SecurityContext
override the equivalent fields of PodSecurityContext.
More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
properties:
allowPrivilegeEscalation:
@@ -1197,6 +1251,24 @@ spec:
is the name of the GMSA credential
spec to use.
type: string
hostProcess:
description: HostProcess determines
if a container should be run as
a 'Host Process' container. This
field is alpha-level and will only
be honored by components that enable
the WindowsHostProcessContainers
feature flag. Setting this field
without the feature flag will result
in errors when validating the Pod.
All of a Pod's containers must have
the same effective HostProcess value
(it is not allowed to have a mix
of HostProcess containers and non-HostProcess
containers). In addition, if HostProcess
is true then HostNetwork must also
be set to true.
type: boolean
runAsUserName:
description: The UserName in Windows
to run the entrypoint of the container
@@ -1346,6 +1418,29 @@ spec:
required:
- port
type: object
terminationGracePeriodSeconds:
description: Optional duration in seconds
the pod needs to terminate gracefully
upon probe failure. The grace period
is the duration in seconds after the
processes running in the pod are sent
a termination signal and the time when
the processes are forcibly halted with
a kill signal. Set this value longer
than the expected cleanup time for your
process. If this value is nil, the pod's
terminationGracePeriodSeconds will be
used. Otherwise, this value overrides
the value provided by the pod spec.
Value must be non-negative integer.
The value zero indicates stop immediately
via the kill signal (no opportunity
to shut down). This is a beta field
and requires enabling ProbeTerminationGracePeriod
feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
is used if unset.
format: int64
type: integer
timeoutSeconds:
description: 'Number of seconds after
which the probe times out. Defaults

2
config/crd/v1beta1/crds/crds.go
View File

File diff suppressed because one or more lines are too long

47
go.mod
View File

@@ -4,45 +4,44 @@ go 1.16
require (
github.com/Azure/azure-sdk-for-go v42.0.0+incompatible
github.com/Azure/go-autorest/autorest v0.11.1
github.com/Azure/go-autorest/autorest/azure/auth v0.4.2
github.com/Azure/go-autorest/autorest v0.11.21
github.com/Azure/go-autorest/autorest/azure/auth v0.5.8
github.com/Azure/go-autorest/autorest/to v0.3.0
github.com/Azure/go-autorest/autorest/validation v0.2.0 // indirect
github.com/aws/aws-sdk-go v1.28.2
github.com/docker/spdystream v0.0.0-20170912183627-bc6354cbbc29 // indirect
github.com/evanphx/json-patch v4.9.0+incompatible
github.com/fatih/color v1.10.0
github.com/evanphx/json-patch v4.11.0+incompatible
github.com/fatih/color v1.13.0
github.com/gobwas/glob v0.2.3
github.com/gofrs/uuid v3.2.0+incompatible
github.com/golang/protobuf v1.4.3
github.com/golang/protobuf v1.5.2
github.com/google/uuid v1.1.2
github.com/hashicorp/go-hclog v0.0.0-20180709165350-ff2cf002a8dd
github.com/hashicorp/go-hclog v0.12.0
github.com/hashicorp/go-plugin v0.0.0-20190610192547-a1bc61569a26
github.com/joho/godotenv v1.3.0
github.com/kubernetes-csi/external-snapshotter/client/v4 v4.0.0
github.com/onsi/ginkgo v1.16.4
github.com/onsi/gomega v1.10.2
github.com/onsi/gomega v1.16.0
github.com/pkg/errors v0.9.1
github.com/prometheus/client_golang v1.7.1
github.com/prometheus/client_golang v1.11.0
github.com/robfig/cron v1.1.0
github.com/sirupsen/logrus v1.7.0
github.com/spf13/afero v1.2.2
github.com/spf13/cobra v1.1.1
github.com/sirupsen/logrus v1.8.1
github.com/spf13/afero v1.6.0
github.com/spf13/cobra v1.2.1
github.com/spf13/pflag v1.0.5
github.com/stretchr/testify v1.6.1
github.com/vmware-tanzu/crash-diagnostics v0.3.4
golang.org/x/mod v0.3.0
golang.org/x/net v0.0.0-20201110031124-69a78807bb2b
google.golang.org/grpc v1.31.0
k8s.io/api v0.20.9
k8s.io/apiextensions-apiserver v0.19.12
k8s.io/apimachinery v0.20.9
k8s.io/cli-runtime v0.20.9
k8s.io/client-go v0.20.9
github.com/stretchr/testify v1.7.0
github.com/vmware-tanzu/crash-diagnostics v0.3.7
golang.org/x/mod v0.4.2
golang.org/x/net v0.0.0-20210520170846-37e1c6afe023
google.golang.org/grpc v1.40.0
k8s.io/api v0.22.2
k8s.io/apiextensions-apiserver v0.22.2
k8s.io/apimachinery v0.22.2
k8s.io/cli-runtime v0.22.2
k8s.io/client-go v0.22.2
k8s.io/klog v1.0.0
k8s.io/kube-aggregator v0.19.12
sigs.k8s.io/cluster-api v0.3.11-0.20210106212952-b6c1b5b3db3d
sigs.k8s.io/controller-runtime v0.7.1-0.20201215171748-096b2e07c091
sigs.k8s.io/cluster-api v1.0.0
sigs.k8s.io/controller-runtime v0.10.2
)
replace github.com/gogo/protobuf => github.com/gogo/protobuf v1.3.2

685
go.sum
View File

File diff suppressed because it is too large Load Diff

7
hack/test.sh
View File

@@ -38,5 +38,10 @@ if [[ -n "${GOFLAGS:-}" ]]; then
echo "GOFLAGS: ${GOFLAGS}"
fi
go test -installsuffix "static" -short -timeout 60s "${TARGETS[@]}"
# After bumping up "sigs.k8s.io/controller-runtime" to v0.10.2, get the error "panic: mkdir /.cache/kubebuilder-envtest: permission denied"
# when running this script with "make test" command. This is caused by that "make test" runs inside a container with user and group specified,
# but the user and group don't exist inside the container, when the code(https://github.com/kubernetes-sigs/controller-runtime/blob/v0.10.2/pkg/internal/testing/addr/manager.go#L44)
# tries to get the cache directory, it gets the directory "/" and then get the permission error when trying to create directory under "/".
# Specifying the cache directory by environment variable "XDG_CACHE_HOME" to workaround it
XDG_CACHE_HOME=/tmp/ go test -installsuffix "static" -short -timeout 60s "${TARGETS[@]}"
echo "Success!"

2
pkg/controller/backup_sync_controller.go
View File

@@ -312,7 +312,7 @@ func (c *backupSyncController) run() {
c.deleteOrphanedBackups(location.Name, backupStoreBackups, log)
// update the location's last-synced time field
statusPatch := client.MergeFrom(location.DeepCopyObject())
statusPatch := client.MergeFrom(location.DeepCopy())
location.Status.LastSyncedTime = &metav1.Time{Time: time.Now().UTC()}
if err := c.kbClient.Status().Patch(context.Background(), &location, statusPatch); err != nil {
log.WithError(errors.WithStack(err)).Error("Error patching backup location's last-synced time")

35
pkg/plugin/clientmgmt/logrus_adapter.go
View File

@@ -18,6 +18,7 @@ package clientmgmt
import (
"fmt"
"io"
"log"
hclog "github.com/hashicorp/go-hclog"
@@ -162,3 +163,37 @@ func (l *logrusAdapter) StandardLogger(opts *hclog.StandardLoggerOptions) *log.L
func (l *logrusAdapter) SetLevel(_ hclog.Level) {
return
}
// ImpliedArgs returns With key/value pairs
func (l *logrusAdapter) ImpliedArgs() []interface{} {
panic("not implemented")
}
// Args are alternating key, val pairs
// keys must be strings
// vals can be any type, but display is implementation specific
// Emit a message and key/value pairs at a provided log level
func (l *logrusAdapter) Log(level hclog.Level, msg string, args ...interface{}) {
switch level {
case hclog.Trace:
l.Trace(msg, args...)
case hclog.Debug:
l.Debug(msg, args...)
case hclog.Info:
l.Info(msg, args...)
case hclog.Warn:
l.Warn(msg, args...)
case hclog.Error:
l.Error(msg, args...)
}
}
// Returns the Name of the logger
func (l *logrusAdapter) Name() string {
return l.name
}
// Return a value that conforms to io.Writer, which can be passed into log.SetOutput()
func (l *logrusAdapter) StandardWriter(opts *hclog.StandardLoggerOptions) io.Writer {
panic("not implemented")
}

11
pkg/test/fake_namespace.go
View File

@@ -24,6 +24,7 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types"
"k8s.io/apimachinery/pkg/watch"
v1 "k8s.io/client-go/applyconfigurations/core/v1"
corev1 "k8s.io/client-go/kubernetes/typed/core/v1"
)
@@ -77,3 +78,13 @@ func (c *FakeNamespaceClient) UpdateStatus(ctx context.Context, namespace *corev
args := c.Called(namespace)
return args.Get(0).(*corev1api.Namespace), args.Error(1)
}
func (c *FakeNamespaceClient) Apply(ctx context.Context, namespace *v1.NamespaceApplyConfiguration, opts metav1.ApplyOptions) (result *corev1api.Namespace, err error) {
args := c.Called(namespace)
return args.Get(0).(*corev1api.Namespace), args.Error(1)
}
func (c *FakeNamespaceClient) ApplyStatus(ctx context.Context, namespace *v1.NamespaceApplyConfiguration, opts metav1.ApplyOptions) (result *corev1api.Namespace, err error) {
args := c.Called(namespace)
return args.Get(0).(*corev1api.Namespace), args.Error(1)
}