10000 Add separate parameter for kmip client key · percona/postgres@443d33c · GitHub
[go: up one dir, main page]
Skip to content

Commit 443d33c

Browse files
AndersAstranddutow
AndersAstrand
and
dutow
committed
Add separate parameter for kmip client key
Previously this was required to be in the same file as the client certificate. Co-authored-by: Zsolt Parragi <zsolt.parragi@cancellar.hu>
1 parent 77d4807 commit 443d33c

File tree

12 files changed

+67
-38
lines changed

12 files changed

+67
-38
lines changed

ci_scripts/setup-keyring-servers.sh

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,6 @@ cd /tmp
66

77
wget https://raw.githubusercontent.com/OpenKMIP/PyKMIP/refs/heads/master/bin/create_certificates.py
88
python3 create_certificates.py
9-
cat client_certificate_jane_doe.pem >> client_key_jane_doe.pem
109

1110
mkdir policies
1211
cd policies

contrib/pg_tde/documentation/docs/functions.md

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -106,15 +106,15 @@ The KMIP provider uses a remote KMIP server.
106106
Use these functions to add a KMIP provider:
107107

108108
```sql
109-
SELECT pg_tde_add_database_key_provider_kmip('provider-name','kmip-addr', `port`, '/path_to/server_certificate.pem', '/path_to/client_key.pem');
110-
SELECT pg_tde_add_global_key_provider_kmip('provider-name','kmip-addr', `port`, '/path_to/server_certificate.pem', '/path_to/client_key.pem');
109+
SELECT pg_tde_add_database_key_provider_kmip('provider-name','kmip-addr', `port`, '/path_to/server_certificate.pem', '/path_to/client_cert.pem', '/path_to/client_key.pem');
110+
SELECT pg_tde_add_global_key_provider_kmip('provider-name','kmip-addr', `port`, '/path_to/server_certificate.pem', '/path_to/client_cert.pem', '/path_to/client_key.pem');
111111
```
112112

113113
These functions change the KMIP provider:
114114

115115
```sql
116-
SELECT pg_tde_change_database_key_provider_kmip('provider-name','kmip-addr', `port`, '/path_to/server_certificate.pem', '/path_to/client_key.pem');
117-
SELECT pg_tde_change_global_key_provider_kmip('provider-name','kmip-addr', `port`, '/path_to/server_certificate.pem', '/path_to/client_key.pem');
116+
SELECT pg_tde_change_database_key_provider_kmip('provider-name','kmip-addr', `port`, '/path_to/server_certificate.pem', '/path_to/client_cert.pem', '/path_to/client_key.pem');
117+
SELECT pg_tde_change_global_key_provider_kmip('provider-name','kmip-addr', `port`, '/path_to/server_certificate.pem', '/path_to/client_cert.pem', '/path_to/client_key.pem');
118118
```
119119

120120
where:
@@ -124,7 +124,8 @@ where:
124124
* `port` is the port to communicate with the KMIP server.
125125
Most KMIP servers use port 5696.
126126
* `server-certificate` is the path to the certificate file for the KMIP server.
127-
* `client key` is the path to the client key.
127+
* `client-cert` is the path to the client certificate.
128+
* `client-key` is the path to the client key.
128129

129130
The specified access parameters require permission to read and write keys at the server.
130131

contrib/pg_tde/documentation/docs/how-to/multi-tenant-setup.md

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -61,7 +61,7 @@ You must do these steps for every database where you have created the extension.
6161
For testing purposes, you can use the PyKMIP server which enables you to set up required certificates. To use a real KMIP server, make sure to obtain the valid certificates issued by the key management appliance.
6262
6363
```sql
64-
SELECT pg_tde_add_database_key_provider_kmip('provider-name','kmip-addr', 5696, '/path_to/server_certificate.pem', '/path_to/client_key.pem');
64+
SELECT pg_tde_add_database_key_provider_kmip('provider-name','kmip-addr', 5696, '/path_to/server_certificate.pem', '/path_to/client_cert.pem', '/path_to/client_key.pem');
6565
```
6666
6767
where:
@@ -70,12 +70,13 @@ You must do these steps for every database where you have created the extension.
7070
* `kmip-addr` is the IP address of a domain name of the KMIP server
7171
* `port` is the port to communicate with the KMIP server. Typically used port is 5696.
7272
* `server-certificate` is the path to the certificate file for the KMIP server.
73-
* `client key` is the path to the client key.
73+
* `client-cert` is the path to the client certificate.
74+
* `client-key` is the path to the client key.
7475
7576
<i warning>:material-information: Warning:</i> This example is for testing purposes only:
7677
7778
```
78-
SELECT pg_tde_add_database_key_provider_kmip('kmip','127.0.0.1', 5696, '/tmp/server_certificate.pem', '/tmp/client_key_jane_doe.pem');
79+
SELECT pg_tde_add_database_key_provider_kmip('kmip','127.0.0.1', 5696, '/tmp/server_certificate.pem', '/tmp/client_cert_jane_doe.pem', '/tmp/client_key_jane_doe.pem');
7980
```
8081
8182
=== "With HashiCorp Vault"

contrib/pg_tde/documentation/docs/wal-encryption.md

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ Before turning WAL encryption on, you must follow the steps below to create your
1919
For testing purposes, you can use the PyKMIP server which enables you to set up required certificates. To use a real KMIP server, make sure to obtain the valid certificates issued by the key management appliance.
2020

2121
```sql
22-
SELECT pg_tde_add_global_key_provider_kmip('provider-name','kmip-addr', 5696, '/path_to/server_certificate.pem', '/path_to/client_key.pem');
22+
SELECT pg_tde_add_global_key_provider_kmip('provider-name','kmip-addr', 5696, '/path_to/server_certificate.pem', '/path_to/client_cert.pem', '/path_to/client_key.pem');
2323
```
2424

2525
where:
@@ -28,12 +28,13 @@ Before turning WAL encryption on, you must follow the steps below to create your
2828
* `kmip-addr` is the IP address of a domain name of the KMIP server
2929
* `port` is the port to communicate with the KMIP server. Typically used port is 5696.
3030
* `server-certificate` is the path to the certificate file for the KMIP server.
31-
* `client key` is the path to the client key.
31+
* `client-cert` is the path to the client certificate.
32+
* `client-key` is the path to the client key.
3233
3334
<i warning>:material-information: Warning:</i> This example is for testing purposes only:
3435
3536
```
36-
SELECT pg_tde_add_key_using_global_key_provider_kmip('kmip','127.0.0.1', 5696, '/tmp/server_certificate.pem', '/tmp/client_key_jane_doe.pem');
37+
SELECT pg_tde_add_key_using_global_key_provider_kmip('kmip','127.0.0.1', 5696, '/tmp/server_certificate.pem', '/tmp/client_cert_jane_doe.pem', '/tmp/client_key_jane_doe.pem');
3738
```
3839
3940
=== "With HashiCorp Vault"

contrib/pg_tde/expected/kmip_test.out

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
CREATE EXTENSION pg_tde;
2-
SELECT pg_tde_add_database_key_provider_kmip('kmip-prov','127.0.0.1', 5696, '/tmp/server_certificate.pem', '/tmp/client_key_jane_doe.pem');
2+
SELECT pg_tde_add_database_key_provider_kmip('kmip-prov','127.0.0.1', 5696, '/tmp/server_certificate.pem', '/tmp/client_certificate_jane_doe.pem', '/tmp/client_k 10670 ey_jane_doe.pem');
33
pg_tde_add_database_key_provider_kmip
44
---------------------------------------
55
1
@@ -35,6 +35,6 @@ SELECT pg_tde_verify_key();
3535

3636
DROP TABLE test_enc;
3737
-- Creating provider fails if we can't connect to kmip server
38-
SELECT pg_tde_add_database_key_provider_kmip('will-not-work','127.0.0.1', 61, '/tmp/server_certificate.pem', '/tmp/client_key_jane_doe.pem');
38+
SELECT pg_tde_add_database_key_provider_kmip('will-not-work','127.0.0.1', 61, '/tmp/server_certificate.pem', '/tmp/client_certificate_jane_doe.pem', '/tmp/client_key_jane_doe.pem');
3939
ERROR: SSL error: BIO_do_connect failed
4040
DROP EXTENSION pg_tde;

contrib/pg_tde/pg_tde--1.0-rc.sql

Lines changed: 32 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -67,7 +67,8 @@ CREATE FUNCTION pg_tde_add_database_key_provider_kmip(provider_name TEXT,
6767
kmip_host TEXT,
6868
kmip_port INT,
6969
kmip_ca_path TEXT,
70-
kmip_cert_path TEXT)
70+
kmip_cert_path TEXT,
71+
kmip_key_path TEXT)
7172
RETURNS INT
7273
LANGUAGE SQL
7374
BEGIN ATOMIC
@@ -77,14 +78,16 @@ BEGIN ATOMIC
7778
json_object('host' VALUE COALESCE(kmip_host, ''),
7879
'port' VALUE kmip_port,
7980
'caPath' VALUE COALESCE(kmip_ca_path, ''),
80-
'certPath' VALUE COALESCE(kmip_cert_path, '')));
81+
'certPath' VALUE COALESCE(kmip_cert_path, ''),
82+
'keyPath' VALUE COALESCE(kmip_key_path, '')));
8183
END;
8284

8385
CREATE FUNCTION pg_tde_add_database_key_provider_kmip(provider_name TEXT,
8486
kmip_host JSON,
8587
kmip_port JSON,
8688
kmip_ca_path JSON,
87-
kmip_cert_path JSON)
89+
kmip_cert_path JSON,
90+
kmip_key_path JSON)
8891
RETURNS INT
8992
LANGUAGE SQL
9093
BEGIN ATOMIC
@@ -94,7 +97,8 @@ BEGIN ATOMIC
9497
json_object('host' VALUE kmip_host,
9598
'port' VALUE kmip_port,
9699
'caPath' VALUE kmip_ca_path,
97-
'certPath' VALUE kmip_cert_path));
100+
'certPath' VALUE kmip_cert_path,
101+
'keyPath' VALUE kmip_key_path));
98102
END;
99103

100104
CREATE FUNCTION pg_tde_list_all_database_key_providers
@@ -179,7 +183,8 @@ CREATE FUNCTION pg_tde_add_global_key_provider_kmip(provider_name TEXT,
179183
kmip_host TEXT,
180184
kmip_port INT,
181185
kmip_ca_path TEXT,
182-
kmip_cert_path TEXT)
186+
kmip_cert_path TEXT,
187+
kmip_key_path TEXT DEFAULT '')
183188
RETURNS INT
184189
LANGUAGE SQL
185190
BEGIN ATOMIC
@@ -189,14 +194,16 @@ BEGIN ATOMIC
189194
json_object('host' VALUE COALESCE(kmip_host, ''),
190195
'port' VALUE kmip_port,
191196
'caPath' VALUE COALESCE(kmip_ca_path, ''),
192-
'certPath' VALUE COALESCE(kmip_cert_path, '')));
197+
'certPath' VALUE COALESCE(kmip_cert_path, ''),
198+
'keyPath' VALUE COALESCE(kmip_key_path, '')));
193199
END;
194200

195201
CREATE FUNCTION pg_tde_add_global_key_provider_kmip(provider_name TEXT,
196202
kmip_host JSON,
197203
kmip_port JSON,
198204
kmip_ca_path JSON,
199-
kmip_cert_path JSON)
205+
kmip_cert_path JSON,
206+
kmip_key_path JSON)
200207
RETURNS INT
201208
LANGUAGE SQL
202209
BEGIN ATOMIC
@@ -206,7 +213,8 @@ BEGIN ATOMIC
206213
json_object('host' VALUE kmip_host,
207214
'port' VALUE kmip_port,
208215
'caPath' VALUE kmip_ca_path,
209-
'certPath' VALUE kmip_cert_path));
216+
'certPath' VALUE kmip_cert_path,
217+
'keyPath' VALUE kmip_key_path));
210218
END;
211219

212220
-- Key Provider Management
@@ -273,7 +281,8 @@ CREATE FUNCTION pg_tde_change_database_key_provider_kmip(provider_name TEXT,
273281
kmip_host TEXT,
274282
kmip_port INT,
275283
kmip_ca_path TEXT,
276-
kmip_cert_path TEXT)
284+
kmip_cert_path TEXT,
285+
kmip_key_path TEXT)
277286
RETURNS INT
278287
LANGUAGE SQL
279288
BEGIN ATOMIC
@@ -283,14 +292,16 @@ BEGIN ATOMIC
283292
json_object('host' VALUE COALESCE(kmip_host, ''),
284293
'port' VALUE kmip_port,
285294
'caPath' VALUE COALESCE(kmip_ca_path, ''),
286-
'certPath' VALUE COALESCE(kmip_cert_path, '')));
295+
'certPath' VALUE COALESCE(kmip_cert_path, ''),
296+
'keyPath' VALUE COALESCE(kmip_key_path, '')));
287297
END;
288298

289299
CREATE FUNCTION pg_tde_change_database_key_provider_kmip(provider_name TEXT,
290300
kmip_host JSON,
291301
kmip_port JSON,
292302
kmip_ca_path JSON,
293-
kmip_cert_path JSON)
303+
kmip_cert_path JSON,
304+
kmip_key_path JSON)
294305
RETURNS INT
295306
LANGUAGE SQL
296307
BEGIN ATOMIC
@@ -300,7 +311,8 @@ BEGIN ATOMIC
300311
json_object('host' VALUE kmip_host,
301312
'port' VALUE kmip_port,
302313
'caPath' VALUE kmip_ca_path,
303-
'certPath' VALUE kmip_cert_path));
314+
'certPath' VALUE kmip_cert_path,
315+
'keyPath' VALUE kmip_key_path));
304316
END;
305317

306318
-- Global Tablespace Key Provider Management
@@ -367,7 +379,8 @@ CREATE FUNCTION pg_tde_change_global_key_provider_kmip(provider_name TEXT,
367379
kmip_host TEXT,
368380
kmip_port INT,
369381
kmip_ca_path TEXT,
370-
kmip_cert_path TEXT)
382+
kmip_cert_path TEXT,
383+
kmip_key_path TEXT)
371384
RETURNS INT
372385
LANGUAGE SQL
373386
BEGIN ATOMIC
@@ -377,14 +390,16 @@ BEGIN ATOMIC
377390
json_object('host' VALUE COALESCE(kmip_host, ''),
378391
'port' VALUE kmip_port,
379392
'caPath' VALUE COALESCE(kmip_ca_path, ''),
380-
'certPath' VALUE COALESCE(kmip_cert_path, '')));
393+
'certPath' VALUE COALESCE(kmip_cert_path, ''),
394+
'keyPath' VALUE COALESCE(kmip_key_path, '')));
381395
END;
382396

383397
CREATE FUNCTION pg_tde_change_global_key_provider_kmip(provider_name TEXT,
384398
kmip_host JSON,
385399
kmip_port JSON,
386400
kmip_ca_path JSON,
387-
kmip_cert_path JSON)
401+
kmip_cert_path JSON,
402+
kmip_key_path JSON)
388403
RETURNS INT
389404
LANGUAGE SQL
390405
BEGIN ATOMIC
@@ -394,7 +409,8 @@ BEGIN ATOMIC
394409
json_object('host' VALUE kmip_host,
395410
'port' VALUE kmip_port,
396411
'caPath' VALUE kmip_ca_path,
397-
'certPath' VALUE kmip_cert_path));
412+
'certPath' VALUE kmip_cert_path,
413+
'keyPath' VALUE kmip_key_path));
398414
END;
399415

400416
CREATE FUNCTION pg_tde_is_encrypted(relation REGCLASS)

contrib/pg_tde/sql/kmip_test.sql

Lines changed: 2 additions & 2 deletions
< F438 /table>

contrib/pg_tde/src/catalog/tde_keyring.c

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
CREATE EXTENSION pg_tde;
22

3-
SELECT pg_tde_add_database_key_provider_kmip('kmip-prov','127.0.0.1', 5696, '/tmp/server_certificate.pem', '/tmp/client_key_jane_doe.pem');
3+
SELECT pg_tde_add_database_key_provider_kmip('kmip-prov','127.0.0.1', 5696, '/tmp/server_certificate.pem', '/tmp/client_certificate_jane_doe.pem', '/tmp/client_key_jane_doe.pem');
44
SELECT pg_tde_set_key_using_database_key_provider('kmip-key','kmip-prov');
55

66
CREATE TABLE test_enc(
@@ -20,6 +20,6 @@ SELECT pg_tde_verify_key();
2020
DROP TABLE test_enc;
2121

2222
-- Creating provider fails if we can't connect to kmip server
23-
SELECT pg_tde_add_database_key_provider_kmip('will-not-work','127.0.0.1', 61, '/tmp/server_certificate.pem', '/tmp/client_key_jane_doe.pem');
23+
SELECT pg_tde_add_database_key_provider_kmip('will-not-work','127.0.0.1', 61, '/tmp/server_certificate.pem', '/tmp/client_certificate_jane_doe.pem', '/tmp/client_key_jane_doe.pem');
2424

2525
DROP EXTENSION pg_tde;
Original file line numberDiff line numberDiff line change
@@ -888,15 +888,17 @@ load_kmip_keyring_provider_options(char *keyring_options)
888888
if (kmip_keyring->kmip_host == NULL || kmip_keyring->kmip_host[0] == '\0' ||
889889
kmip_keyring->kmip_port == NULL || kmip_keyring->kmip_port[0] == '\0' ||
890890
kmip_keyring->kmip_ca_path == NULL || kmip_keyring->kmip_ca_path[0] == '\0' ||
891-
kmip_keyring->kmip_cert_path == NULL || kmip_keyring->kmip_cert_path[0] == '\0')
891+
kmip_keyring->kmip_cert_path == NULL || kmip_keyring->kmip_cert_path[0] == '\0' ||
892+
kmip_keyring->kmip_key_path == NULL || kmip_keyring->kmip_key_path[0] == '\0')
892893
{
893894
ereport(WARNING,
894895
errcode(ERRCODE_INVALID_PARAMETER_VALUE),
895-
errmsg("missing in the keyring options:%s%s%s%s",
896+
errmsg("missing in the keyring options:%s%s%s%s%s",
896897
(kmip_keyring->kmip_host != NULL && kmip_keyring->kmip_host[0] != '\0') ? "" : " host",
897898
(kmip_keyring->kmip_port != NULL && kmip_keyring->kmip_port[0] != '\0') ? "" : " port",
898899
(kmip_keyring->kmip_ca_path != NULL && kmip_keyring->kmip_ca_path[0] != '\0') ? "" : " caPath",
899-
(kmip_keyring->kmip_cert_path != NULL && kmip_keyring->kmip_cert_path[0] != '\0') ? "" : " certPath"));
900+
(kmip_keyring->kmip_cert_path != NULL && kmip_keyring->kmip_cert_path[0] != '\0') ? "" : " certPath",
901+
(kmip_keyring->kmip_key_path != NULL && kmip_keyring->kmip_key_path[0] != '\0') ? "" : " keyPath"));
900902
return NULL;
901903
}
902904

@@ -925,6 +927,7 @@ debug_print_kerying(GenericKeyring *keyring)
925927
elog(DEBUG2, "KMIP Keyring Port: %s", ((KmipKeyring *) keyring)->kmip_port);
926928
elog(DEBUG2, "KMIP Keyring CA Path: %s", ((KmipKeyring *) keyring)->kmip_ca_path);
927929
elog(DEBUG2, "KMIP Keyring Cert Path: %s", ((KmipKeyring *) keyring)->kmip_cert_path);
930+
elog(DEBUG2, "KMIP Keyring Key Path: %s", ((KmipKeyring *) keyring)->kmip_key_path);
928931
break;
929932
case UNKNOWN_KEY_PROVIDER:
930933
break;

contrib/pg_tde/src/catalog/tde_keyring_parse_opts.c

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -72,6 +72,7 @@ typedef enum JsonKeyringField
7272
JK_KMIP_PORT,
7373
JK_KMIP_CA_PATH,
7474
JK_KMIP_CERT_PATH,
75+
JK_KMIP_KEY_PATH,
7576

7677
/* must be the last */
7778
JK_FIELDS_TOTAL
@@ -100,6 +101,7 @@ static const char *JK_FIELD_NAMES[JK_FIELDS_TOTAL] = {
100101
[JK_KMIP_PORT] = "port",
101102
[JK_KMIP_CA_PATH] = "caPath",
102103
[JK_KMIP_CERT_PATH] = "certPath",
104+
[JK_KMIP_KEY_PATH] = "keyPath",
103105
};
104106

105107
typedef struct JsonKeyringState
@@ -387,6 +389,8 @@ json_kring_object_field_start(void *state, char *fname, bool isnull)
387389
parse->top_level_field = JK_KMIP_CA_PATH;
388390
else if (strcmp(fname, JK_FIELD_NAMES[JK_KMIP_CERT_PATH]) == 0)
389391
parse->top_level_field = JK_KMIP_CERT_PATH;
392+
else if (strcmp(fname, JK_FIELD_NAMES[JK_KMIP_KEY_PATH]) == 0)
393+
parse->top_level_field = JK_KMIP_KEY_PATH;
390394
else
391395
{
392396
parse->top_level_field = JK_FIELD_UNKNOWN;
@@ -518,6 +522,9 @@ json_kring_assign_scalar(JsonKeyringState *parse, JsonKeyringField field, char *
518522
case JK_KMIP_CERT_PATH:
519523
kmip->kmip_cert_path = value;
520524
break;
525+
case JK_KMIP_KEY_PATH:
526+
kmip->kmip_key_path = value;
527+
break;
521528

522529
default:
523530
elog(ERROR, "json keyring: unexpected scalar field %d", field);

contrib/pg_tde/src/include/keyring/keyring_api.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -86,6 +86,7 @@ typedef struct KmipKeyring
8686
char *kmip_port;
8787
char *kmip_ca_path;
8888
char *kmip_cert_path;
89+
char *kmip_key_path;
8990
} KmipKeyring;
9091

9192
extern void RegisterKeyProviderType(const TDEKeyringRoutine *routine, ProviderType type);

contrib/pg_tde/src/keyring/keyring_kmip.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -61,7 +61,7 @@ kmipSslConnect(KmipCtx *ctx, KmipKeyring *kmip_keyring, bool throw_error)
6161
return false;
6262
}
6363

64-
if (SSL_CTX_use_PrivateKey_file(ctx->ssl, kmip_keyring->kmip_cert_path, SSL_FILETYPE_PEM) != 1)
64+
if (SSL_CTX_use_PrivateKey_file(ctx->ssl, kmip_keyring->kmip_key_path, SSL_FILETYPE_PEM) != 1)
6565
{
6666
SSL_CTX_free(ctx->ssl);
6767
ereport(level, errmsg("SSL error: Loading the client key failed"));

contrib/pg_tde/src/pg_tde_change_key_provider.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -203,15 +203,15 @@ main(int argc, char *argv[])
203203
{
204204
provider_found = true;
205205

206-
if (argc - argstart != 7 && argc - argstart != 8)
206+
if (argc - argstart != 8 && argc - argstart != 9)
207207
{
208208
help();
209209
puts("\n");
210210
printf("Error: wrong number of arguments.\n");
211211
exit(1);
212212
}
213213

214-
if (!build_json(json, 5, "type", "kmip", "host", argv[4 + argstart], "port", argv[5 + argstart], "caPath", (argc - argstart > 7 ? argv[7 + argstart] : ""), "certPath", argv[6 + argstart]))
214+
if (!build_json(json, 6, "type", "kmip", "host", argv[4 + argstart], "port", argv[5 + argstart], "caPath", (argc - argstart > 8 ? argv[8 + argstart] : ""), "certPath", argv[6 + argstart], "keyPath", argv[7 + argstart]))
215215
{
216216
exit(1);
217217
}

0 commit comments

Comments
 (0)
0