diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
index 9df7e2dfc06..d08e6a038ad 100644
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@@ -3,7 +3,7 @@
# Licensed under the MIT License. See https://go.microsoft.com/fwlink/?linkid=2090316 for license information.
#-------------------------------------------------------------------------------------------------------------
-FROM golang:1.21.9
+FROM golang:1.22.5
# Avoid warnings by switching to noninteractive
ENV DEBIAN_FRONTEND=noninteractive
@@ -16,8 +16,6 @@ ARG USERNAME=vscode
ARG USER_UID=1000
ARG USER_GID=$USER_UID
-ENV GO111MODULE=auto
-
# Configure apt, install packages and tools
RUN apt-get update \
&& apt-get -y install --no-install-recommends apt-utils dialog unzip 2>&1 \
@@ -25,32 +23,25 @@ RUN apt-get update \
# Verify git, process tools, lsb-release (common in install instructions for CLIs) installed
&& apt-get -y install git iproute2 procps lsb-release \
#
- # Install gocode-gomod
- && go get -x -d github.com/stamblerre/gocode 2>&1 \
- && go build -o gocode-gomod github.com/stamblerre/gocode \
- && mv gocode-gomod $GOPATH/bin/ \
- #
# Install Go tools
- && go get -u -v \
- github.com/mdempsky/gocode \
- github.com/uudashr/gopkgs/cmd/gopkgs \
- github.com/ramya-rao-a/go-outline \
- github.com/acroca/go-symbols \
- github.com/godoctor/godoctor \
- golang.org/x/tools/cmd/gorename \
- github.com/rogpeppe/godef \
- github.com/zmb3/gogetdoc \
- github.com/haya14busa/goplay/cmd/goplay \
- github.com/sqs/goreturns \
- github.com/josharian/impl \
- github.com/davidrjenni/reftools/cmd/fillstruct \
- github.com/fatih/gomodifytags \
- github.com/cweill/gotests/... \
- golang.org/x/tools/cmd/goimports \
- golang.org/x/lint/golint \
- github.com/alecthomas/gometalinter 2>&1 \
- github.com/mgechev/revive \
- github.com/derekparker/delve/cmd/dlv 2>&1 \
+ && go install github.com/uudashr/gopkgs/v2/cmd/gopkgs@latest \
+ && go install github.com/ramya-rao-a/go-outline@latest \
+ && go install github.com/acroca/go-symbols@latest \
+ && go install github.com/godoctor/godoctor@latest \
+ && go install golang.org/x/tools/cmd/gorename@latest \
+ && go install github.com/rogpeppe/godef@latest \
+ && go install github.com/zmb3/gogetdoc@latest \
+ && go install github.com/haya14busa/goplay/cmd/goplay@latest \
+ && go install github.com/sqs/goreturns@latest \
+ && go install github.com/josharian/impl@latest \
+ && go install github.com/davidrjenni/reftools/cmd/fillstruct@latest \
+ && go install github.com/fatih/gomodifytags@latest \
+ && go install github.com/cweill/gotests/...@latest \
+ && go install golang.org/x/tools/cmd/goimports@latest \
+ && go install golang.org/x/lint/golint@latest \
+ && go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest \
+ && go install github.com/mgechev/revive@latest \
+ && go install github.com/go-delve/delve/cmd/dlv@latest \
&& go install honnef.co/go/tools/cmd/staticcheck@latest \
&& go install golang.org/x/tools/gopls@latest \
# Protocol Buffer Compiler
@@ -61,8 +52,6 @@ RUN apt-get update \
&& mv $HOME/.local/bin/protoc /usr/local/bin/protoc \
&& mv $HOME/.local/include/ /usr/local/bin/include/ \
&& protoc --version \
- # Install golangci-lint
- && curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.55.2 \
#
# Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user.
&& groupadd --gid $USER_GID $USERNAME \
@@ -91,9 +80,6 @@ RUN apt-get update \
&& apt-get clean -y \
&& rm -rf /var/lib/apt/lists/*
-# Enable go modules
-ENV GO111MODULE=on
-
ENV OPERATOR_RELEASE_VERSION=v1.26.0
RUN ARCH=$(case $(uname -m) in x86_64) echo -n amd64 ;; aarch64) echo -n arm64 ;; *) echo -n $(uname -m) ;; esac) \
&& OS=$(uname | awk '{print tolower($0)}') \
diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml
index a7db0620dbd..7fd93ee6752 100644
--- a/.github/workflows/fossa.yml
+++ b/.github/workflows/fossa.yml
@@ -20,7 +20,7 @@ jobs:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5
with:
- go-version: "1.21"
+ go-version: "1.22"
- run: go version
- name: Get branch name
id: branch-name
diff --git a/.github/workflows/main-build.yml b/.github/workflows/main-build.yml
index 59e363dd4d1..39be7f802da 100644
--- a/.github/workflows/main-build.yml
+++ b/.github/workflows/main-build.yml
@@ -13,7 +13,7 @@ jobs:
id-token: write # needed for signing the images with GitHub OIDC Token **not production ready**
# keda-tools is built from github.com/test-tools/tools/Dockerfile
- container: ghcr.io/kedacore/keda-tools:1.21.9
+ container: ghcr.io/kedacore/keda-tools:1.22.5
steps:
- name: Check out code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
@@ -41,7 +41,7 @@ jobs:
key: ${{ runner.os }}-go-build-cache-${{ hashFiles('**/go.sum') }}
- name: Go modules sync
- run: go mod tidy -compat=1.21
+ run: go mod tidy -compat=1.22
- name: Test
run: make test
diff --git a/.github/workflows/pr-e2e.yml b/.github/workflows/pr-e2e.yml
index 7a0207a610a..19f9b18fde0 100644
--- a/.github/workflows/pr-e2e.yml
+++ b/.github/workflows/pr-e2e.yml
@@ -68,7 +68,7 @@ jobs:
needs: triage
runs-on: ubuntu-latest
name: Build images
- container: ghcr.io/kedacore/keda-tools:1.21.9
+ container: ghcr.io/kedacore/keda-tools:1.22.5
if: needs.triage.outputs.run-e2e == 'true'
steps:
- name: Set status in-progress
@@ -148,7 +148,7 @@ jobs:
needs: [triage, build-test-images]
runs-on: equinix-keda-runner
name: Execute e2e tests
- container: ghcr.io/kedacore/keda-tools:1.21.9
+ container: ghcr.io/kedacore/keda-tools:1.22.5
if: needs.triage.outputs.run-e2e == 'true'
steps:
- name: Set status in-progress
diff --git a/.github/workflows/pr-validation.yml b/.github/workflows/pr-validation.yml
index b664b7b8b9b..f0938c38e2e 100644
--- a/.github/workflows/pr-validation.yml
+++ b/.github/workflows/pr-validation.yml
@@ -10,7 +10,7 @@ jobs:
validate:
name: validate - ${{ matrix.name }}
runs-on: ${{ matrix.runner }}
- container: ghcr.io/kedacore/keda-tools:1.21.9
+ container: ghcr.io/kedacore/keda-tools:1.22.5
strategy:
matrix:
include:
@@ -54,7 +54,7 @@ jobs:
key: ${{ runner.os }}-go-build-cache-${{ hashFiles('**/go.sum') }}
- name: Go modules sync
- run: go mod tidy -compat=1.21
+ run: go mod tidy -compat=1.22
- name: Verify generated Clientset is up to date
run: make clientset-verify
@@ -77,9 +77,9 @@ jobs:
validate-dockerfiles:
name: validate-dockerfiles - ${{ matrix.name }}
runs-on: ${{ matrix.runner }}
- container: ghcr.io/kedacore/keda-tools:1.21.9
+ container: ghcr.io/kedacore/keda-tools:1.22.5
strategy:
- matrix:
+ matrix:
include:
- runner: ARM64
name: arm64
@@ -108,9 +108,9 @@ jobs:
validate-dev-container:
name: Validate dev-container - ${{ matrix.name }}
runs-on: ${{ matrix.runner }}
- container: ghcr.io/kedacore/keda-tools:1.21.9
+ container: ghcr.io/kedacore/keda-tools:1.22.5
strategy:
- matrix:
+ matrix:
include:
- runner: ARM64
name: arm64
@@ -143,7 +143,7 @@ jobs:
python-version: 3.x
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5
with:
- go-version: "1.21"
+ go-version: "1.22"
- name: Get golangci
run: curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.55.2
- uses: pre-commit/action@v3.0.0
diff --git a/.github/workflows/release-build.yml b/.github/workflows/release-build.yml
index 88ae5c858ed..0e4523c6979 100644
--- a/.github/workflows/release-build.yml
+++ b/.github/workflows/release-build.yml
@@ -13,7 +13,7 @@ jobs:
id-token: write # needed for signing the images with GitHub OIDC Token **not production ready**
# keda-tools is built from github.com/test-tools/tools/Dockerfile
- container: ghcr.io/kedacore/keda-tools:1.21.9
+ container: ghcr.io/kedacore/keda-tools:1.22.5
steps:
- name: Check out code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
@@ -41,7 +41,7 @@ jobs:
key: ${{ runner.os }}-go-build-cache-${{ hashFiles('**/go.sum') }}
- name: Go modules sync
- run: go mod tidy -compat=1.21
+ run: go mod tidy -compat=1.22
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
diff --git a/.github/workflows/static-analysis-codeql.yml b/.github/workflows/static-analysis-codeql.yml
index 9181358e172..076a7857ad3 100644
--- a/.github/workflows/static-analysis-codeql.yml
+++ b/.github/workflows/static-analysis-codeql.yml
@@ -13,7 +13,7 @@ jobs:
codeQl:
name: Analyze CodeQL Go
runs-on: ubuntu-latest
- container: ghcr.io/kedacore/keda-tools:1.21.9
+ container: ghcr.io/kedacore/keda-tools:1.22.5
if: (github.actor != 'dependabot[bot]')
steps:
- name: Checkout repository
diff --git a/.github/workflows/template-main-e2e-test.yml b/.github/workflows/template-main-e2e-test.yml
index de0e71159d0..e08a5b19c63 100644
--- a/.github/workflows/template-main-e2e-test.yml
+++ b/.github/workflows/template-main-e2e-test.yml
@@ -8,7 +8,7 @@ jobs:
name: Run e2e test
runs-on: ARM64
# keda-tools is built from github.com/test-tools/tools/Dockerfile
- container: ghcr.io/kedacore/keda-tools:1.21.9
+ container: ghcr.io/kedacore/keda-tools:1.22.5
concurrency: e2e-tests
steps:
- name: Check out code
diff --git a/.github/workflows/template-smoke-tests.yml b/.github/workflows/template-smoke-tests.yml
index 582d0a14f0d..fb4da3a8f68 100644
--- a/.github/workflows/template-smoke-tests.yml
+++ b/.github/workflows/template-smoke-tests.yml
@@ -20,7 +20,7 @@ jobs:
- name: Setup Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5
with:
- go-version: "1.21"
+ go-version: "1.22"
- name: Install prerequisites
run: |
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 675644eda99..659aeb4d8c6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -52,6 +52,10 @@ To learn more about active deprecations, we recommend checking [GitHub Discussio
## Unreleased
+- **General**: Fix CVE-2024-24790, CVE-2024-24789, and CVE-2024-24791 in stdlib.
+- **General**: Fix CVE-2024-35255 in github.com/Azure/azure-sdk-for-go/sdk/azidentity
+- **General**: Fix CVE-2024-6104 in github.com/hashicorp/go-retryablehttp
+
### Breaking Changes
- **Authentication:** AAD-Pod-Identity and AWS-KIAM auths have been removed ([#5035](https://github.com/kedacore/keda/issues/5035)|[#5085](https://github.com/kedacore/keda/issues/5085))
diff --git a/Dockerfile b/Dockerfile
index 07c0e63fb58..4835dc5c082 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
# Build the manager binary
-FROM --platform=$BUILDPLATFORM ghcr.io/kedacore/keda-tools:1.21.9 AS builder
+FROM --platform=$BUILDPLATFORM ghcr.io/kedacore/keda-tools:1.22.5 AS builder
ARG BUILD_VERSION=main
ARG GIT_COMMIT=HEAD
diff --git a/Dockerfile.adapter b/Dockerfile.adapter
index ba961577589..95279038e21 100644
--- a/Dockerfile.adapter
+++ b/Dockerfile.adapter
@@ -1,5 +1,5 @@
# Build the adapter binary
-FROM --platform=$BUILDPLATFORM ghcr.io/kedacore/keda-tools:1.21.9 AS builder
+FROM --platform=$BUILDPLATFORM ghcr.io/kedacore/keda-tools:1.22.5 AS builder
ARG BUILD_VERSION=main
ARG GIT_COMMIT=HEAD
diff --git a/Dockerfile.webhooks b/Dockerfile.webhooks
index c2a4c172ea0..5959c41afb0 100644
--- a/Dockerfile.webhooks
+++ b/Dockerfile.webhooks
@@ -1,5 +1,5 @@
# Build the manager binary
-FROM --platform=$BUILDPLATFORM ghcr.io/kedacore/keda-tools:1.21.9 AS builder
+FROM --platform=$BUILDPLATFORM ghcr.io/kedacore/keda-tools:1.22.5 AS builder
ARG BUILD_VERSION=main
ARG GIT_COMMIT=HEAD
diff --git a/go.mod b/go.mod
index bd0c6ebc1ec..6f0f5867438 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
module github.com/kedacore/keda/v2
-go 1.21
+go 1.22
require (
cloud.google.com/go/compute/metadata v0.3.0
@@ -11,10 +11,9 @@ require (
github.com/Azure/azure-amqp-common-go/v4 v4.2.0
github.com/Azure/azure-kusto-go v0.15.2
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1
- github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2
- github.com/Azure/azure-sdk-for-go/sdk/messaging/azeventgrid v0.5.0
+ github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0
github.com/Azure/azure-sdk-for-go/sdk/messaging/azeventhubs v1.2.1
- github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus v1.7.1
+ github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus v1.7.0
github.com/Azure/azure-sdk-for-go/sdk/monitor/azquery v1.1.0
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/eventhub/armeventhub v1.2.0
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.1.0
@@ -118,7 +117,10 @@ require (
sigs.k8s.io/kustomize/kustomize/v5 v5.4.1
)
-require filippo.io/edwards25519 v1.1.0 // indirect
+require (
+ filippo.io/edwards25519 v1.1.0 // indirect
+ github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 // indirect
+)
// Remove this when they merge the PR and cut a release https://github.com/open-policy-agent/cert-controller/pull/202
replace github.com/open-policy-agent/cert-controller => github.com/jorturfer/cert-controller v0.0.0-20240427003941-363ba56751d7
@@ -172,8 +174,8 @@ require (
cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect
cloud.google.com/go/iam v1.1.7 // indirect
code.cloudfoundry.org/clock v1.1.0 // indirect
- github.com/Azure/azure-sdk-for-go/sdk/internal v1.7.0 // indirect
- github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 // indirect
+ github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 // indirect
+ github.com/Azure/azure-sdk-for-go/sdk/messaging/azeventgrid v0.4.0
github.com/Azure/go-amqp v1.0.5 // indirect
github.com/Azure/go-autorest v14.2.0+incompatible // indirect
github.com/Azure/go-autorest/autorest/adal v0.9.23 // indirect
@@ -344,13 +346,13 @@ require (
go.uber.org/automaxprocs v1.5.3
go.uber.org/multierr v1.11.0 // indirect
go.uber.org/zap v1.27.0 // indirect
- golang.org/x/crypto v0.23.0
+ golang.org/x/crypto v0.24.0
golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f
golang.org/x/mod v0.17.0 // indirect
- golang.org/x/net v0.25.0 // indirect
- golang.org/x/sys v0.20.0 // indirect
+ golang.org/x/net v0.26.0 // indirect
+ golang.org/x/sys v0.21.0 // indirect
golang.org/x/term v0.19.0 // indirect
- golang.org/x/text v0.15.0 // indirect
+ golang.org/x/text v0.16.0 // indirect
golang.org/x/time v0.5.0 // indirect
golang.org/x/tools v0.20.0 // indirect
golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
diff --git a/go.sum b/go.sum
index 5b72c848fcc..b4733ecaa1f 100644
--- a/go.sum
+++ b/go.sum
@@ -1341,17 +1341,17 @@ github.com/Azure/azure-sdk-for-go/sdk/azcore v0.19.0/go.mod h1:h6H6c8enJmmocHUbL
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 h1:E+OJmp2tPvt1W+amx48v1eqbjDYsgN+RzP4q16yV5eM=
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1/go.mod h1:a6xsAQUZg+VsS3TJ05SRp524Hs4pZ/AeFSr5ENf0Yjo=
github.com/Azure/azure-sdk-for-go/sdk/azidentity v0.11.0/go.mod h1:HcM1YX14R7CJcghJGOYCgdezslRSVzqwLf/q+4Y2r/0=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 h1:FDif4R1+UUR+00q6wquyX90K7A8dN+R5E8GEadoP7sU=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2/go.mod h1:aiYBYui4BJ/BJCAIKs92XiPyQfTaBWqvHujDwKb6CBU=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 h1:tfLQ34V6F7tVSwoTf/4lH5sE0o6eCJuNDTmH09nDpbc=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg=
github.com/Azure/azure-sdk-for-go/sdk/internal v0.7.0/go.mod h1:yqy467j36fJxcRV2TzfVZ1pCb5vxm4BtZPUdYWe/Xo8=
-github.com/Azure/azure-sdk-for-go/sdk/internal v1.7.0 h1:rTfKOCZGy5ViVrlA74ZPE99a+SgoEE2K/yg3RyW9dFA=
-github.com/Azure/azure-sdk-for-go/sdk/internal v1.7.0/go.mod h1:4OG6tQ9EOP/MT0NMjDlRzWoVFxfu9rN9B2X+tlSVktg=
-github.com/Azure/azure-sdk-for-go/sdk/messaging/azeventgrid v0.5.0 h1:ANFaLubuHo9lLoee/1La180t1frTwd+0FcaQh2GTlg8=
-github.com/Azure/azure-sdk-for-go/sdk/messaging/azeventgrid v0.5.0/go.mod h1:x/yvhJANijv4JJOq6ql0QKMY2pP9zmjeWcSrZsRn9RY=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 h1:jBQA3cKT4L2rWMpgE7Yt3Hwh2aUj8KXjIGLxjHeYNNo=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0/go.mod h1:4OG6tQ9EOP/MT0NMjDlRzWoVFxfu9rN9B2X+tlSVktg=
+github.com/Azure/azure-sdk-for-go/sdk/messaging/azeventgrid v0.4.0 h1:d7S13DPk63SvBJfSUiMJJ26tRsvrBumkLPEfQEAarGk=
+github.com/Azure/azure-sdk-for-go/sdk/messaging/azeventgrid v0.4.0/go.mod h1:7e/gsXp4INB4k/vg0h3UOkYpDK6oZqctxr+L05FGybg=
github.com/Azure/azure-sdk-for-go/sdk/messaging/azeventhubs v1.2.1 h1:0f6XnzroY1yCQQwxGf/n/2xlaBF02Qhof2as99dGNsY=
github.com/Azure/azure-sdk-for-go/sdk/messaging/azeventhubs v1.2.1/go.mod h1:vMGz6NOUGJ9h5ONl2kkyaqq5E0g7s4CHNSrXN5fl8UY=
-github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus v1.7.1 h1:o/Ws6bEqMeKZUfj1RRm3mQ51O8JGU5w+Qdg2AhHib6A=
-github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus v1.7.1/go.mod h1:6QAMYBAbQeeKX+REFJMZ1nFWu9XLw/PPcjYpuc9RDFs=
+github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus v1.7.0 h1:QISzMrspEvZj4zrrN2wlNwfum5RmnKQhQNiSujwH7oU=
+github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus v1.7.0/go.mod h1:xNjFERdhyMqZncbNJSPBsTCddk5kwsUVUzELQPMj/LA=
github.com/Azure/azure-sdk-for-go/sdk/monitor/azquery v1.1.0 h1:l+LIDHsZkFBiipIKhOn3m5/2MX4bwNwHYWyNulPaTis=
github.com/Azure/azure-sdk-for-go/sdk/monitor/azquery v1.1.0/go.mod h1:BjVVBLUiZ/qR2a4PAhjs8uGXNfStD0tSxgxCMfcVRT8=
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/eventhub/armeventhub v1.2.0 h1:+dggnR89/BIIlRlQ6d19dkhhdd/mQUiQbXhyHUFiB4w=
@@ -2665,8 +2665,8 @@ golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y=
-golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
+golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q=
golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk=
golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/.gitignore b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/.gitignore
new file mode 100644
index 00000000000..8cdb9103650
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/.gitignore
@@ -0,0 +1,4 @@
+# live test artifacts
+Dockerfile
+k8s.yaml
+sshkey*
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/CHANGELOG.md b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/CHANGELOG.md
index f6749c03059..a8c2feb6d47 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/CHANGELOG.md
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/CHANGELOG.md
@@ -1,5 +1,59 @@
# Release History
+## 1.7.0 (2024-06-20)
+
+### Features Added
+* `AzurePipelinesCredential` authenticates an Azure Pipelines service connection with
+ workload identity federation
+
+### Breaking Changes
+> These changes affect only code written against a beta version such as v1.7.0-beta.1
+* Removed the persistent token caching API. It will return in v1.8.0-beta.1
+
+## 1.7.0-beta.1 (2024-06-10)
+
+### Features Added
+* Restored `AzurePipelinesCredential` and persistent token caching API
+
+## Breaking Changes
+> These changes affect only code written against a beta version such as v1.6.0-beta.4
+* Values which `NewAzurePipelinesCredential` read from environment variables in
+ prior versions are now parameters
+* Renamed `AzurePipelinesServiceConnectionCredentialOptions` to `AzurePipelinesCredentialOptions`
+
+### Bugs Fixed
+* Managed identity bug fixes
+
+## 1.6.0 (2024-06-10)
+
+### Features Added
+* `NewOnBehalfOfCredentialWithClientAssertions` creates an on-behalf-of credential
+ that authenticates with client assertions such as federated credentials
+
+### Breaking Changes
+> These changes affect only code written against a beta version such as v1.6.0-beta.4
+* Removed `AzurePipelinesCredential` and the persistent token caching API.
+ They will return in v1.7.0-beta.1
+
+### Bugs Fixed
+* Managed identity bug fixes
+
+## 1.6.0-beta.4 (2024-05-14)
+
+### Features Added
+* `AzurePipelinesCredential` authenticates an Azure Pipeline service connection with
+ workload identity federation
+
+## 1.6.0-beta.3 (2024-04-09)
+
+### Breaking Changes
+* `DefaultAzureCredential` now sends a probe request with no retries for IMDS managed identity
+ environments to avoid excessive retry delays when the IMDS endpoint is not available. This
+ should improve credential chain resolution for local development scenarios.
+
+### Bugs Fixed
+* `ManagedIdentityCredential` now specifies resource IDs correctly for Azure Container Instances
+
## 1.5.2 (2024-04-09)
### Bugs Fixed
@@ -9,6 +63,28 @@
* Restored v1.4.0 error behavior for empty tenant IDs
* Upgraded dependencies
+## 1.6.0-beta.2 (2024-02-06)
+
+### Breaking Changes
+> These changes affect only code written against a beta version such as v1.6.0-beta.1
+* Replaced `ErrAuthenticationRequired` with `AuthenticationRequiredError`, a struct
+ type that carries the `TokenRequestOptions` passed to the `GetToken` call which
+ returned the error.
+
+### Bugs Fixed
+* Fixed more cases in which credential chains like `DefaultAzureCredential`
+ should try their next credential after attempting managed identity
+ authentication in a Docker Desktop container
+
+### Other Changes
+* `AzureCLICredential` uses the CLI's `expires_on` value for token expiration
+
+## 1.6.0-beta.1 (2024-01-17)
+
+### Features Added
+* Restored persistent token caching API first added in v1.5.0-beta.1
+* Added `AzureCLICredentialOptions.Subscription`
+
## 1.5.1 (2024-01-17)
### Bugs Fixed
@@ -135,7 +211,7 @@
### Features Added
* By default, credentials set client capability "CP1" to enable support for
- [Continuous Access Evaluation (CAE)](https://docs.microsoft.com/azure/active-directory/develop/app-resilience-continuous-access-evaluation).
+ [Continuous Access Evaluation (CAE)](https://learn.microsoft.com/entra/identity-platform/app-resilience-continuous-access-evaluation).
This indicates to Microsoft Entra ID that your application can handle CAE claims challenges.
You can disable this behavior by setting the environment variable "AZURE_IDENTITY_DISABLE_CP1" to "true".
* `InteractiveBrowserCredentialOptions.LoginHint` enables pre-populating the login
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/MIGRATION.md b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/MIGRATION.md
index 1a649202303..4404be82449 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/MIGRATION.md
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/MIGRATION.md
@@ -1,6 +1,6 @@
# Migrating from autorest/adal to azidentity
-`azidentity` provides Microsoft Entra ID ([formerly Azure Active Directory](https://learn.microsoft.com/azure/active-directory/fundamentals/new-name)) authentication for the newest Azure SDK modules (`github.com/azure-sdk-for-go/sdk/...`). Older Azure SDK packages (`github.com/azure-sdk-for-go/services/...`) use types from `github.com/go-autorest/autorest/adal` instead.
+`azidentity` provides Microsoft Entra ID ([formerly Azure Active Directory](https://learn.microsoft.com/entra/fundamentals/new-name)) authentication for the newest Azure SDK modules (`github.com/azure-sdk-for-go/sdk/...`). Older Azure SDK packages (`github.com/azure-sdk-for-go/services/...`) use types from `github.com/go-autorest/autorest/adal` instead.
This guide shows common authentication code using `autorest/adal` and its equivalent using `azidentity`.
@@ -284,7 +284,7 @@ if err == nil {
}
```
-Note that `azidentity` credentials use the Microsoft Entra endpoint, which requires OAuth 2 scopes instead of the resource identifiers `autorest/adal` expects. For more information, see [Microsoft Entra ID documentation](https://learn.microsoft.com/azure/active-directory/develop/permissions-consent-overview).
+Note that `azidentity` credentials use the Microsoft Entra endpoint, which requires OAuth 2 scopes instead of the resource identifiers `autorest/adal` expects. For more information, see [Microsoft Entra ID documentation](https://learn.microsoft.com/entra/identity-platform/permissions-consent-overview).
## Use azidentity credentials with older packages
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/README.md b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/README.md
index b6ad2d39f84..7e201ea2fdb 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/README.md
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/README.md
@@ -1,9 +1,9 @@
# Azure Identity Client Module for Go
-The Azure Identity module provides Microsoft Entra ID ([formerly Azure Active Directory](https://learn.microsoft.com/azure/active-directory/fundamentals/new-name)) token authentication support across the Azure SDK. It includes a set of `TokenCredential` implementations, which can be used with Azure SDK clients supporting token authentication.
+The Azure Identity module provides Microsoft Entra ID ([formerly Azure Active Directory](https://learn.microsoft.com/entra/fundamentals/new-name)) token authentication support across the Azure SDK. It includes a set of `TokenCredential` implementations, which can be used with Azure SDK clients supporting token authentication.
[](https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity)
-| [Microsoft Entra ID documentation](https://learn.microsoft.com/azure/active-directory/)
+| [Microsoft Entra ID documentation](https://learn.microsoft.com/entra/identity/)
| [Source code](https://github.com/Azure/azure-sdk-for-go/tree/main/sdk/azidentity)
# Getting started
@@ -30,7 +30,7 @@ When debugging and executing code locally, developers typically use their own ac
#### Authenticating via the Azure CLI
`DefaultAzureCredential` and `AzureCLICredential` can authenticate as the user
-signed in to the [Azure CLI](https://docs.microsoft.com/cli/azure). To sign in to the Azure CLI, run `az login`. On a system with a default web browser, the Azure CLI will launch the browser to authenticate a user.
+signed in to the [Azure CLI](https://learn.microsoft.com/cli/azure). To sign in to the Azure CLI, run `az login`. On a system with a default web browser, the Azure CLI will launch the browser to authenticate a user.
When no default browser is available, `az login` will use the device code
authentication flow. This can also be selected manually by running `az login --use-device-code`.
@@ -69,14 +69,14 @@ The `azidentity` module focuses on OAuth authentication with Microsoft Entra ID.
## Managed Identity
`DefaultAzureCredential` and `ManagedIdentityCredential` support
-[managed identity authentication](https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/overview)
+[managed identity authentication](https://learn.microsoft.com/entra/identity/managed-identities-azure-resources/overview)
in any hosting environment which supports managed identities, such as (this list is not exhaustive):
-* [Azure App Service](https://docs.microsoft.com/azure/app-service/overview-managed-identity)
-* [Azure Arc](https://docs.microsoft.com/azure/azure-arc/servers/managed-identity-authentication)
-* [Azure Cloud Shell](https://docs.microsoft.com/azure/cloud-shell/msi-authorization)
-* [Azure Kubernetes Service](https://docs.microsoft.com/azure/aks/use-managed-identity)
-* [Azure Service Fabric](https://docs.microsoft.com/azure/service-fabric/concepts-managed-identity)
-* [Azure Virtual Machines](https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/how-to-use-vm-token)
+* [Azure App Service](https://learn.microsoft.com/azure/app-service/overview-managed-identity)
+* [Azure Arc](https://learn.microsoft.com/azure/azure-arc/servers/managed-identity-authentication)
+* [Azure Cloud Shell](https://learn.microsoft.com/azure/cloud-shell/msi-authorization)
+* [Azure Kubernetes Service](https://learn.microsoft.com/azure/aks/use-managed-identity)
+* [Azure Service Fabric](https://learn.microsoft.com/azure/service-fabric/concepts-managed-identity)
+* [Azure Virtual Machines](https://learn.microsoft.com/entra/identity/managed-identities-azure-resources/how-to-use-vm-token)
## Examples
@@ -140,6 +140,7 @@ client := armresources.NewResourceGroupsClient("subscription ID", chain, nil)
|Credential|Usage
|-|-
+|[AzurePipelinesCredential](https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#AzurePipelinesCredential)|Authenticate an Azure Pipelines [service connection](https://learn.microsoft.com/azure/devops/pipelines/library/service-endpoints?view=azure-devops&tabs=yaml)
|[ClientAssertionCredential](https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#ClientAssertionCredential)|Authenticate a service principal with a signed client assertion
|[ClientCertificateCredential](https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#ClientCertificateCredential)|Authenticate a service principal with a certificate
|[ClientSecretCredential](https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#ClientSecretCredential)|Authenticate a service principal with a secret
@@ -207,7 +208,7 @@ For more details, see the [token caching documentation](https://aka.ms/azsdk/go/
Credentials return an `error` when they fail to authenticate or lack data they require to authenticate. For guidance on resolving errors from specific credential types, see the [troubleshooting guide](https://aka.ms/azsdk/go/identity/troubleshoot).
-For more details on handling specific Microsoft Entra errors, see the Microsoft Entra [error code documentation](https://learn.microsoft.com/azure/active-directory/develop/reference-error-codes).
+For more details on handling specific Microsoft Entra errors, see the Microsoft Entra [error code documentation](https://learn.microsoft.com/entra/identity-platform/reference-error-codes).
### Logging
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/TOKEN_CACHING.MD b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/TOKEN_CACHING.MD
index c0d6601469c..fbaa2922048 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/TOKEN_CACHING.MD
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/TOKEN_CACHING.MD
@@ -45,7 +45,7 @@ With persistent disk token caching enabled, the library first determines if a va
#### Example code
-See the [package documentation](https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity@v1.5.0-beta.1#pkg-overview) for code examples demonstrating how to configure persistent caching and access cached data.
+See the [package documentation](https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity@v1.6.0-beta.2#pkg-overview) for example code demonstrating how to configure persistent caching and access cached data.
### Credentials supporting token caching
@@ -57,6 +57,7 @@ The following table indicates the state of in-memory and persistent caching in e
|--------------------------------|---------------------------------------------------------------------|--------------------------|
| `AzureCLICredential` | Not Supported | Not Supported |
| `AzureDeveloperCLICredential` | Not Supported | Not Supported |
+| `AzurePipelinesCredential` | Supported | Supported |
| `ClientAssertionCredential` | Supported | Supported |
| `ClientCertificateCredential` | Supported | Supported |
| `ClientSecretCredential` | Supported | Supported |
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/TROUBLESHOOTING.md b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/TROUBLESHOOTING.md
index 832c599eb90..54016a07098 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/TROUBLESHOOTING.md
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/TROUBLESHOOTING.md
@@ -10,6 +10,7 @@ This troubleshooting guide covers failure investigation techniques, common error
- [Enable and configure logging](#enable-and-configure-logging)
- [Troubleshoot AzureCLICredential authentication issues](#troubleshoot-azureclicredential-authentication-issues)
- [Troubleshoot AzureDeveloperCLICredential authentication issues](#troubleshoot-azuredeveloperclicredential-authentication-issues)
+- [Troubleshoot AzurePipelinesCredential authentication issues](#troubleshoot-azurepipelinescredential-authentication-issues)
- [Troubleshoot ClientCertificateCredential authentication issues](#troubleshoot-clientcertificatecredential-authentication-issues)
- [Troubleshoot ClientSecretCredential authentication issues](#troubleshoot-clientsecretcredential-authentication-issues)
- [Troubleshoot DefaultAzureCredential authentication issues](#troubleshoot-defaultazurecredential-authentication-issues)
@@ -58,7 +59,7 @@ This error contains several pieces of information:
- __Failing Credential Type__: The type of credential that failed to authenticate. This can be helpful when diagnosing issues with chained credential types such as `DefaultAzureCredential` or `ChainedTokenCredential`.
-- __Microsoft Entra ID Error Code and Message__: The error code and message returned by Microsoft Entra ID. This can give insight into the specific reason the request failed. For instance, in this case authentication failed because the provided client secret is incorrect. [Microsoft Entra ID documentation](https://learn.microsoft.com/azure/active-directory/develop/reference-error-codes#aadsts-error-codes) has more information on AADSTS error codes.
+- __Microsoft Entra ID Error Code and Message__: The error code and message returned by Microsoft Entra ID. This can give insight into the specific reason the request failed. For instance, in this case authentication failed because the provided client secret is incorrect. [Microsoft Entra ID documentation](https://learn.microsoft.com/entra/identity-platform/reference-error-codes#aadsts-error-codes) has more information on AADSTS error codes.
- __Correlation ID and Timestamp__: The correlation ID and timestamp identify the request in server-side logs. This information can be useful to support engineers diagnosing unexpected Microsoft Entra failures.
@@ -97,17 +98,17 @@ azlog.SetEvents(azidentity.EventAuthentication)
| Error Code | Issue | Mitigation |
|---|---|---|
-|AADSTS7000215|An invalid client secret was provided.|Ensure the secret provided to the credential constructor is valid. If unsure, create a new client secret using the Azure portal. Details on creating a new client secret are in [Microsoft Entra ID documentation](https://learn.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal#option-2-create-a-new-application-secret).|
-|AADSTS7000222|An expired client secret was provided.|Create a new client secret using the Azure portal. Details on creating a new client secret are in [Microsoft Entra ID documentation](https://learn.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal#option-2-create-a-new-application-secret).|
-|AADSTS700016|The specified application wasn't found in the specified tenant.|Ensure the client and tenant IDs provided to the credential constructor are correct for your application registration. For multi-tenant apps, ensure the application has been added to the desired tenant by a tenant admin. To add a new application in the desired tenant, follow the [Microsoft Entra ID instructions](https://learn.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal).|
+|AADSTS7000215|An invalid client secret was provided.|Ensure the secret provided to the credential constructor is valid. If unsure, create a new client secret using the Azure portal. Details on creating a new client secret are in [Microsoft Entra ID documentation](https://learn.microsoft.com/entra/identity-platform/howto-create-service-principal-portal#option-2-create-a-new-application-secret).|
+|AADSTS7000222|An expired client secret was provided.|Create a new client secret using the Azure portal. Details on creating a new client secret are in [Microsoft Entra ID documentation](https://learn.microsoft.com/entra/identity-platform/howto-create-service-principal-portal#option-2-create-a-new-application-secret).|
+|AADSTS700016|The specified application wasn't found in the specified tenant.|Ensure the client and tenant IDs provided to the credential constructor are correct for your application registration. For multi-tenant apps, ensure the application has been added to the desired tenant by a tenant admin. To add a new application in the desired tenant, follow the [Microsoft Entra ID instructions](https://learn.microsoft.com/entra/identity-platform/howto-create-service-principal-portal).|
## Troubleshoot ClientCertificateCredential authentication issues
| Error Code | Description | Mitigation |
|---|---|---|
-|AADSTS700027|Client assertion contains an invalid signature.|Ensure the specified certificate has been uploaded to the application registration as described in [Microsoft Entra ID documentation](https://learn.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal#option-1-upload-a-certificate).|
-|AADSTS700016|The specified application wasn't found in the specified tenant.|Ensure the client and tenant IDs provided to the credential constructor are correct for your application registration. For multi-tenant apps, ensure the application has been added to the desired tenant by a tenant admin. To add a new application in the desired tenant, follow the [Microsoft Entra ID instructions](https://learn.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal).|
+|AADSTS700027|Client assertion contains an invalid signature.|Ensure the specified certificate has been uploaded to the application registration as described in [Microsoft Entra ID documentation](https://learn.microsoft.com/entra/identity-platform/howto-create-service-principal-portal#option-1-upload-a-certificate).|
+|AADSTS700016|The specified application wasn't found in the specified tenant.|Ensure the client and tenant IDs provided to the credential constructor are correct for your application registration. For multi-tenant apps, ensure the application has been added to the desired tenant by a tenant admin. To add a new application in the desired tenant, follow the [Microsoft Entra ID instructions](https://learn.microsoft.com/entra/identity-platform/howto-create-service-principal-portal).|
## Troubleshoot UsernamePasswordCredential authentication issues
@@ -123,20 +124,20 @@ azlog.SetEvents(azidentity.EventAuthentication)
|Host Environment| | |
|---|---|---|
-|Azure Virtual Machines and Scale Sets|[Configuration](https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm)|[Troubleshooting](#azure-virtual-machine-managed-identity)|
-|Azure App Service and Azure Functions|[Configuration](https://docs.microsoft.com/azure/app-service/overview-managed-identity)|[Troubleshooting](#azure-app-service-and-azure-functions-managed-identity)|
+|Azure Virtual Machines and Scale Sets|[Configuration](https://learn.microsoft.com/entra/identity/managed-identities-azure-resources/qs-configure-portal-windows-vm)|[Troubleshooting](#azure-virtual-machine-managed-identity)|
+|Azure App Service and Azure Functions|[Configuration](https://learn.microsoft.com/azure/app-service/overview-managed-identity)|[Troubleshooting](#azure-app-service-and-azure-functions-managed-identity)|
|Azure Kubernetes Service|[Configuration](https://azure.github.io/aad-pod-identity/docs/)|[Troubleshooting](#azure-kubernetes-service-managed-identity)|
-|Azure Arc|[Configuration](https://docs.microsoft.com/azure/azure-arc/servers/managed-identity-authentication)||
-|Azure Service Fabric|[Configuration](https://docs.microsoft.com/azure/service-fabric/concepts-managed-identity)||
+|Azure Arc|[Configuration](https://learn.microsoft.com/azure/azure-arc/servers/managed-identity-authentication)||
+|Azure Service Fabric|[Configuration](https://learn.microsoft.com/azure/service-fabric/concepts-managed-identity)||
### Azure Virtual Machine managed identity
| Error Message |Description| Mitigation |
|---|---|---|
-|The requested identity hasn’t been assigned to this resource.|The IMDS endpoint responded with a status code of 400, indicating the requested identity isn’t assigned to the VM.|If using a user assigned identity, ensure the specified ID is correct.If using a system assigned identity, make sure it has been enabled as described in [managed identity documentation](https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm#enable-system-assigned-managed-identity-on-an-existing-vm).|
+|The requested identity hasn’t been assigned to this resource.|The IMDS endpoint responded with a status code of 400, indicating the requested identity isn’t assigned to the VM.|If using a user assigned identity, ensure the specified ID is correct.If using a system assigned identity, make sure it has been enabled as described in [managed identity documentation](https://learn.microsoft.com/entra/identity/managed-identities-azure-resources/qs-configure-portal-windows-vm#enable-system-assigned-managed-identity-on-an-existing-vm).|
|The request failed due to a gateway error.|The request to the IMDS endpoint failed due to a gateway error, 502 or 504 status code.|IMDS doesn't support requests via proxy or gateway. Disable proxies or gateways running on the VM for requests to the IMDS endpoint `http://169.254.169.254`|
-|No response received from the managed identity endpoint.|No response was received for the request to IMDS or the request timed out.|- Ensure the VM is configured for managed identity as described in [managed identity documentation](https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm).
- Verify the IMDS endpoint is reachable on the VM. See [below](#verify-imds-is-available-on-the-vm) for instructions.
|
-|Multiple attempts failed to obtain a token from the managed identity endpoint.|The credential has exhausted its retries for a token request.|- Refer to the error message for more details on specific failures.
- Ensure the VM is configured for managed identity as described in [managed identity documentation](https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm).
- Verify the IMDS endpoint is reachable on the VM. See [below](#verify-imds-is-available-on-the-vm) for instructions.
|
+|No response received from the managed identity endpoint.|No response was received for the request to IMDS or the request timed out.|- Ensure the VM is configured for managed identity as described in [managed identity documentation](https://learn.microsoft.com/entra/identity/managed-identities-azure-resources/qs-configure-portal-windows-vm).
- Verify the IMDS endpoint is reachable on the VM. See [below](#verify-imds-is-available-on-the-vm) for instructions.
|
+|Multiple attempts failed to obtain a token from the managed identity endpoint.|The credential has exhausted its retries for a token request.|- Refer to the error message for more details on specific failures.
- Ensure the VM is configured for managed identity as described in [managed identity documentation](https://learn.microsoft.com/entra/identity/managed-identities-azure-resources/qs-configure-portal-windows-vm).
- Verify the IMDS endpoint is reachable on the VM. See [below](#verify-imds-is-available-on-the-vm) for instructions.
|
#### Verify IMDS is available on the VM
@@ -152,7 +153,7 @@ curl 'http://169.254.169.254/metadata/identity/oauth2/token?resource=https://man
| Error Message |Description| Mitigation |
|---|---|---|
-|Get "`http://169.254.169.254/...`" i/o timeout|The App Service host hasn't set environment variables for managed identity configuration.|- Ensure the App Service is configured for managed identity as described in [App Service documentation](https://docs.microsoft.com/azure/app-service/overview-managed-identity).
- Verify the App Service environment is properly configured and the managed identity endpoint is available. See [below](#verify-the-app-service-managed-identity-endpoint-is-available) for instructions.
|
+|Get "`http://169.254.169.254/...`" i/o timeout|The App Service host hasn't set environment variables for managed identity configuration.|- Ensure the App Service is configured for managed identity as described in [App Service documentation](https://learn.microsoft.com/azure/app-service/overview-managed-identity).
- Verify the App Service environment is properly configured and the managed identity endpoint is available. See [below](#verify-the-app-service-managed-identity-endpoint-is-available) for instructions.
|
#### Verify the App Service managed identity endpoint is available
@@ -177,8 +178,8 @@ curl "$IDENTITY_ENDPOINT?resource=https://management.core.windows.net&api-versio
| Error Message |Description| Mitigation |
|---|---|---|
-|Azure CLI not found on path|The Azure CLI isn’t installed or isn't on the application's path.|- Ensure the Azure CLI is installed as described in [Azure CLI documentation](https://docs.microsoft.com/cli/azure/install-azure-cli).
- Validate the installation location is in the application's `PATH` environment variable.
|
-|Please run 'az login' to set up account|No account is currently logged into the Azure CLI, or the login has expired.|- Run `az login` to log into the Azure CLI. More information about Azure CLI authentication is available in the [Azure CLI documentation](https://docs.microsoft.com/cli/azure/authenticate-azure-cli).
- Verify that the Azure CLI can obtain tokens. See [below](#verify-the-azure-cli-can-obtain-tokens) for instructions.
|
+|Azure CLI not found on path|The Azure CLI isn’t installed or isn't on the application's path.|- Ensure the Azure CLI is installed as described in [Azure CLI documentation](https://learn.microsoft.com/cli/azure/install-azure-cli).
- Validate the installation location is in the application's `PATH` environment variable.
|
+|Please run 'az login' to set up account|No account is currently logged into the Azure CLI, or the login has expired.|- Run `az login` to log into the Azure CLI. More information about Azure CLI authentication is available in the [Azure CLI documentation](https://learn.microsoft.com/cli/azure/authenticate-azure-cli).
- Verify that the Azure CLI can obtain tokens. See [below](#verify-the-azure-cli-can-obtain-tokens) for instructions.
|
#### Verify the Azure CLI can obtain tokens
@@ -226,6 +227,15 @@ azd auth token --output json --scope https://management.core.windows.net/.defaul
|---|---|---|
|no client ID/tenant ID/token file specified|Incomplete configuration|In most cases these values are provided via environment variables set by Azure Workload Identity.- If your application runs on Azure Kubernetes Servide (AKS) or a cluster that has deployed the Azure Workload Identity admission webhook, check pod labels and service account configuration. See the [AKS documentation](https://learn.microsoft.com/azure/aks/workload-identity-deploy-cluster#disable-workload-identity) and [Azure Workload Identity troubleshooting guide](https://azure.github.io/azure-workload-identity/docs/troubleshooting.html) for more details.
- If your application isn't running on AKS or your cluster hasn't deployed the Workload Identity admission webhook, set these values in `WorkloadIdentityCredentialOptions`
+
+## Troubleshoot AzurePipelinesCredential authentication issues
+
+| Error Message |Description| Mitigation |
+|---|---|---|
+| AADSTS900023: Specified tenant identifier 'some tenant ID' is neither a valid DNS name, nor a valid external domain.|The `tenantID` argument to `NewAzurePipelinesCredential` is incorrect| Verify the tenant ID. It must identify the tenant of the user-assigned managed identity or service principal configured for the service connection.|
+| No service connection found with identifier |The `serviceConnectionID` argument to `NewAzurePipelinesCredential` is incorrect| Verify the service connection ID. This parameter refers to the `resourceId` of the Azure Service Connection. It can also be found in the query string of the service connection's configuration in Azure DevOps. [Azure Pipelines documentation](https://learn.microsoft.com/azure/devops/pipelines/library/service-endpoints?view=azure-devops&tabs=yaml) has more information about service connections.|
+|302 (Found) response from OIDC endpoint|The `systemAccessToken` argument to `NewAzurePipelinesCredential` is incorrect|Check pipeline configuration. This value comes from the predefined variable `System.AccessToken` [as described in Azure Pipelines documentation](https://learn.microsoft.com/azure/devops/pipelines/build/variables?view=azure-devops&tabs=yaml#systemaccesstoken).|
+
## Get additional help
Additional information on ways to reach out for support can be found in [SUPPORT.md](https://github.com/Azure/azure-sdk-for-go/blob/main/SUPPORT.md).
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/assets.json b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/assets.json
index 1be55a4bdd3..bff0c44dac4 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/assets.json
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/assets.json
@@ -2,5 +2,5 @@
"AssetsRepo": "Azure/azure-sdk-assets",
"AssetsRepoPrefixPath": "go",
"TagPrefix": "go/azidentity",
- "Tag": "go/azidentity_98074050dc"
+ "Tag": "go/azidentity_087379b475"
}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/azure_cli_credential.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/azure_cli_credential.go
index 43577ab3c5f..b9976f5fede 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/azure_cli_credential.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/azure_cli_credential.go
@@ -35,9 +35,9 @@ type AzureCLICredentialOptions struct {
// logged in account can access.
AdditionallyAllowedTenants []string
- // subscription is the name or ID of a subscription. Set this to acquire tokens for an account other
+ // Subscription is the name or ID of a subscription. Set this to acquire tokens for an account other
// than the Azure CLI's current account.
- subscription string
+ Subscription string
// TenantID identifies the tenant the credential should authenticate in.
// Defaults to the CLI's default tenant, which is typically the home tenant of the logged in user.
@@ -68,9 +68,9 @@ func NewAzureCLICredential(options *AzureCLICredentialOptions) (*AzureCLICredent
if options != nil {
cp = *options
}
- for _, r := range cp.subscription {
+ for _, r := range cp.Subscription {
if !(alphanumeric(r) || r == '-' || r == '_' || r == ' ' || r == '.') {
- return nil, fmt.Errorf("%s: invalid Subscription %q", credNameAzureCLI, cp.subscription)
+ return nil, fmt.Errorf("%s: invalid Subscription %q", credNameAzureCLI, cp.Subscription)
}
}
if cp.TenantID != "" && !validTenantID(cp.TenantID) {
@@ -97,7 +97,7 @@ func (c *AzureCLICredential) GetToken(ctx context.Context, opts policy.TokenRequ
}
c.mu.Lock()
defer c.mu.Unlock()
- b, err := c.opts.tokenProvider(ctx, opts.Scopes, tenant, c.opts.subscription)
+ b, err := c.opts.tokenProvider(ctx, opts.Scopes, tenant, c.opts.Subscription)
if err == nil {
at, err = c.createAccessToken(b)
}
@@ -163,26 +163,21 @@ var defaultAzTokenProvider azTokenProvider = func(ctx context.Context, scopes []
func (c *AzureCLICredential) createAccessToken(tk []byte) (azcore.AccessToken, error) {
t := struct {
- AccessToken string `json:"accessToken"`
- Authority string `json:"_authority"`
- ClientID string `json:"_clientId"`
- ExpiresOn string `json:"expiresOn"`
- IdentityProvider string `json:"identityProvider"`
- IsMRRT bool `json:"isMRRT"`
- RefreshToken string `json:"refreshToken"`
- Resource string `json:"resource"`
- TokenType string `json:"tokenType"`
- UserID string `json:"userId"`
+ AccessToken string `json:"accessToken"`
+ Expires_On int64 `json:"expires_on"`
+ ExpiresOn string `json:"expiresOn"`
}{}
err := json.Unmarshal(tk, &t)
if err != nil {
return azcore.AccessToken{}, err
}
- // the Azure CLI's "expiresOn" is local time
- exp, err := time.ParseInLocation("2006-01-02 15:04:05.999999", t.ExpiresOn, time.Local)
- if err != nil {
- return azcore.AccessToken{}, fmt.Errorf("Error parsing token expiration time %q: %v", t.ExpiresOn, err)
+ exp := time.Unix(t.Expires_On, 0)
+ if t.Expires_On == 0 {
+ exp, err = time.ParseInLocation("2006-01-02 15:04:05.999999", t.ExpiresOn, time.Local)
+ if err != nil {
+ return azcore.AccessToken{}, fmt.Errorf("%s: error parsing token expiration time %q: %v", credNameAzureCLI, t.ExpiresOn, err)
+ }
}
converted := azcore.AccessToken{
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/azure_pipelines_credential.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/azure_pipelines_credential.go
new file mode 100644
index 00000000000..80c1806bb18
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/azure_pipelines_credential.go
@@ -0,0 +1,140 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package azidentity
+
+import (
+ "context"
+ "encoding/json"
+ "errors"
+ "fmt"
+ "net/http"
+ "os"
+
+ "github.com/Azure/azure-sdk-for-go/sdk/azcore"
+ "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
+ "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime"
+)
+
+const (
+ credNameAzurePipelines = "AzurePipelinesCredential"
+ oidcAPIVersion = "7.1"
+ systemOIDCRequestURI = "SYSTEM_OIDCREQUESTURI"
+)
+
+// AzurePipelinesCredential authenticates with workload identity federation in an Azure Pipeline. See
+// [Azure Pipelines documentation] for more information.
+//
+// [Azure Pipelines documentation]: https://learn.microsoft.com/azure/devops/pipelines/library/connect-to-azure?view=azure-devops#create-an-azure-resource-manager-service-connection-that-uses-workload-identity-federation
+type AzurePipelinesCredential struct {
+ connectionID, oidcURI, systemAccessToken string
+ cred *ClientAssertionCredential
+}
+
+// AzurePipelinesCredentialOptions contains optional parameters for AzurePipelinesCredential.
+type AzurePipelinesCredentialOptions struct {
+ azcore.ClientOptions
+
+ // AdditionallyAllowedTenants specifies additional tenants for which the credential may acquire tokens.
+ // Add the wildcard value "*" to allow the credential to acquire tokens for any tenant in which the
+ // application is registered.
+ AdditionallyAllowedTenants []string
+
+ // DisableInstanceDiscovery should be set true only by applications authenticating in disconnected clouds, or
+ // private clouds such as Azure Stack. It determines whether the credential requests Microsoft Entra instance metadata
+ // from https://login.microsoft.com before authenticating. Setting this to true will skip this request, making
+ // the application responsible for ensuring the configured authority is valid and trustworthy.
+ DisableInstanceDiscovery bool
+}
+
+// NewAzurePipelinesCredential is the constructor for AzurePipelinesCredential.
+//
+// - tenantID: tenant ID of the service principal federated with the service connection
+// - clientID: client ID of that service principal
+// - serviceConnectionID: ID of the service connection to authenticate
+// - systemAccessToken: security token for the running build. See [Azure Pipelines documentation] for
+// an example showing how to get this value.
+//
+// [Azure Pipelines documentation]: https://learn.microsoft.com/azure/devops/pipelines/build/variables?view=azure-devops&tabs=yaml#systemaccesstoken
+func NewAzurePipelinesCredential(tenantID, clientID, serviceConnectionID, systemAccessToken string, options *AzurePipelinesCredentialOptions) (*AzurePipelinesCredential, error) {
+ if !validTenantID(tenantID) {
+ return nil, errInvalidTenantID
+ }
+ if clientID == "" {
+ return nil, errors.New("no client ID specified")
+ }
+ if serviceConnectionID == "" {
+ return nil, errors.New("no service connection ID specified")
+ }
+ if systemAccessToken == "" {
+ return nil, errors.New("no system access token specified")
+ }
+ u := os.Getenv(systemOIDCRequestURI)
+ if u == "" {
+ return nil, fmt.Errorf("no value for environment variable %s. This should be set by Azure Pipelines", systemOIDCRequestURI)
+ }
+ a := AzurePipelinesCredential{
+ connectionID: serviceConnectionID,
+ oidcURI: u,
+ systemAccessToken: systemAccessToken,
+ }
+ if options == nil {
+ options = &AzurePipelinesCredentialOptions{}
+ }
+ caco := ClientAssertionCredentialOptions{
+ AdditionallyAllowedTenants: options.AdditionallyAllowedTenants,
+ ClientOptions: options.ClientOptions,
+ DisableInstanceDiscovery: options.DisableInstanceDiscovery,
+ }
+ cred, err := NewClientAssertionCredential(tenantID, clientID, a.getAssertion, &caco)
+ if err != nil {
+ return nil, err
+ }
+ cred.client.name = credNameAzurePipelines
+ a.cred = cred
+ return &a, nil
+}
+
+// GetToken requests an access token from Microsoft Entra ID. Azure SDK clients call this method automatically.
+func (a *AzurePipelinesCredential) GetToken(ctx context.Context, opts policy.TokenRequestOptions) (azcore.AccessToken, error) {
+ var err error
+ ctx, endSpan := runtime.StartSpan(ctx, credNameAzurePipelines+"."+traceOpGetToken, a.cred.client.azClient.Tracer(), nil)
+ defer func() { endSpan(err) }()
+ tk, err := a.cred.GetToken(ctx, opts)
+ return tk, err
+}
+
+func (a *AzurePipelinesCredential) getAssertion(ctx context.Context) (string, error) {
+ url := a.oidcURI + "?api-version=" + oidcAPIVersion + "&serviceConnectionId=" + a.connectionID
+ url, err := runtime.EncodeQueryParams(url)
+ if err != nil {
+ return "", newAuthenticationFailedError(credNameAzurePipelines, "couldn't encode OIDC URL: "+err.Error(), nil, nil)
+ }
+ req, err := http.NewRequestWithContext(ctx, http.MethodPost, url, nil)
+ if err != nil {
+ return "", newAuthenticationFailedError(credNameAzurePipelines, "couldn't create OIDC token request: "+err.Error(), nil, nil)
+ }
+ req.Header.Set("Authorization", "Bearer "+a.systemAccessToken)
+ res, err := doForClient(a.cred.client.azClient, req)
+ if err != nil {
+ return "", newAuthenticationFailedError(credNameAzurePipelines, "couldn't send OIDC token request: "+err.Error(), nil, nil)
+ }
+ if res.StatusCode != http.StatusOK {
+ msg := res.Status + " response from the OIDC endpoint. Check service connection ID and Pipeline configuration"
+ // include the response because its body, if any, probably contains an error message.
+ // OK responses aren't included with errors because they probably contain secrets
+ return "", newAuthenticationFailedError(credNameAzurePipelines, msg, res, nil)
+ }
+ b, err := runtime.Payload(res)
+ if err != nil {
+ return "", newAuthenticationFailedError(credNameAzurePipelines, "couldn't read OIDC response content: "+err.Error(), nil, nil)
+ }
+ var r struct {
+ OIDCToken string `json:"oidcToken"`
+ }
+ err = json.Unmarshal(b, &r)
+ if err != nil {
+ return "", newAuthenticationFailedError(credNameAzurePipelines, "unexpected response from OIDC endpoint", nil, nil)
+ }
+ return r.OIDCToken, nil
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/chained_token_credential.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/chained_token_credential.go
index dc855edf786..6c35a941b97 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/chained_token_credential.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/chained_token_credential.go
@@ -86,7 +86,7 @@ func (c *ChainedTokenCredential) GetToken(ctx context.Context, opts policy.Token
errs []error
successfulCredential azcore.TokenCredential
token azcore.AccessToken
- unavailableErr *credentialUnavailableError
+ unavailableErr credentialUnavailable
)
for _, cred := range c.sources {
token, err = cred.GetToken(ctx, opts)
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/ci.yml b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/ci.yml
index d077682c5c2..4cd8c514473 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/ci.yml
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/ci.yml
@@ -8,7 +8,7 @@ trigger:
- release/*
paths:
include:
- - sdk/azidentity/
+ - sdk/azidentity/
pr:
branches:
@@ -19,17 +19,28 @@ pr:
- release/*
paths:
include:
- - sdk/azidentity/
+ - sdk/azidentity/
-stages:
-- template: /eng/pipelines/templates/jobs/archetype-sdk-client.yml
- parameters:
- RunLiveTests: true
- UsePipelineProxy: false
- ServiceDirectory: 'azidentity'
- CloudConfig:
- Public:
- SubscriptionConfigurations:
- - $(sub-config-azure-cloud-test-resources)
- # Contains alternate tenant, AAD app and cert info for testing
- - $(sub-config-identity-test-resources)
+extends:
+ template: /eng/pipelines/templates/jobs/archetype-sdk-client.yml
+ parameters:
+ CloudConfig:
+ Public:
+ SubscriptionConfigurations:
+ - $(sub-config-azure-cloud-test-resources)
+ - $(sub-config-identity-test-resources)
+ EnvVars:
+ SYSTEM_ACCESSTOKEN: $(System.AccessToken)
+ RunLiveTests: true
+ ServiceDirectory: azidentity
+ UsePipelineProxy: false
+
+ ${{ if endsWith(variables['Build.DefinitionName'], 'weekly') }}:
+ MatrixConfigs:
+ - Name: managed_identity_matrix
+ GenerateVMJobs: true
+ Path: sdk/azidentity/managed-identity-matrix.json
+ Selection: sparse
+ MatrixReplace:
+ - Pool=.*LINUXPOOL.*/azsdk-pool-mms-ubuntu-2204-identitymsi
+ - OSVmImage=.*LINUXNEXTVMIMAGE.*/azsdk-pool-mms-ubuntu-2204-1espt
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_assertion_credential.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_assertion_credential.go
index fc3df68eb19..b588750ef33 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_assertion_credential.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_assertion_credential.go
@@ -23,7 +23,7 @@ const credNameAssertion = "ClientAssertionCredential"
// the most common assertion scenario, authenticating a service principal with a certificate. See
// [Microsoft Entra ID documentation] for details of the assertion format.
//
-// [Microsoft Entra ID documentation]: https://learn.microsoft.com/azure/active-directory/develop/active-directory-certificate-credentials#assertion-format
+// [Microsoft Entra ID documentation]: https://learn.microsoft.com/entra/identity-platform/certificate-credentials#assertion-format
type ClientAssertionCredential struct {
client *confidentialClient
}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_certificate_credential.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_certificate_credential.go
index 607533f486e..80cd96b560f 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_certificate_credential.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_certificate_credential.go
@@ -51,7 +51,8 @@ type ClientCertificateCredential struct {
client *confidentialClient
}
-// NewClientCertificateCredential constructs a ClientCertificateCredential. Pass nil for options to accept defaults.
+// NewClientCertificateCredential constructs a ClientCertificateCredential. Pass nil for options to accept defaults. See
+// [ParseCertificates] for help loading a certificate.
func NewClientCertificateCredential(tenantID string, clientID string, certs []*x509.Certificate, key crypto.PrivateKey, options *ClientCertificateCredentialOptions) (*ClientCertificateCredential, error) {
if len(certs) == 0 {
return nil, errors.New("at least one certificate is required")
@@ -86,8 +87,10 @@ func (c *ClientCertificateCredential) GetToken(ctx context.Context, opts policy.
return tk, err
}
-// ParseCertificates loads certificates and a private key, in PEM or PKCS12 format, for use with NewClientCertificateCredential.
-// Pass nil for password if the private key isn't encrypted. This function can't decrypt keys in PEM format.
+// ParseCertificates loads certificates and a private key, in PEM or PKCS#12 format, for use with [NewClientCertificateCredential].
+// Pass nil for password if the private key isn't encrypted. This function has limitations, for example it can't decrypt keys in
+// PEM format or PKCS#12 certificates that use SHA256 for message authentication. If you encounter such limitations, consider
+// using another module to load the certificate and private key.
func ParseCertificates(certData []byte, password []byte) ([]*x509.Certificate, crypto.PrivateKey, error) {
var blocks []*pem.Block
var err error
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/confidential_client.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/confidential_client.go
index 854267bdbfd..3bd08c685fb 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/confidential_client.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/confidential_client.go
@@ -91,7 +91,7 @@ func (c *confidentialClient) GetToken(ctx context.Context, tro policy.TokenReque
}
tro.TenantID = tenant
}
- client, mu, err := c.client(ctx, tro)
+ client, mu, err := c.client(tro)
if err != nil {
return azcore.AccessToken{}, err
}
@@ -109,7 +109,7 @@ func (c *confidentialClient) GetToken(ctx context.Context, tro policy.TokenReque
if err != nil {
// We could get a credentialUnavailableError from managed identity authentication because in that case the error comes from our code.
// We return it directly because it affects the behavior of credential chains. Otherwise, we return AuthenticationFailedError.
- var unavailableErr *credentialUnavailableError
+ var unavailableErr credentialUnavailable
if !errors.As(err, &unavailableErr) {
res := getResponseFromError(err)
err = newAuthenticationFailedError(c.name, err.Error(), res, err)
@@ -121,7 +121,7 @@ func (c *confidentialClient) GetToken(ctx context.Context, tro policy.TokenReque
return azcore.AccessToken{Token: ar.AccessToken, ExpiresOn: ar.ExpiresOn.UTC()}, err
}
-func (c *confidentialClient) client(ctx context.Context, tro policy.TokenRequestOptions) (msalConfidentialClient, *sync.Mutex, error) {
+func (c *confidentialClient) client(tro policy.TokenRequestOptions) (msalConfidentialClient, *sync.Mutex, error) {
c.clientMu.Lock()
defer c.clientMu.Unlock()
if tro.EnableCAE {
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/default_azure_credential.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/default_azure_credential.go
index 35aeef86747..551d3199462 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/default_azure_credential.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/default_azure_credential.go
@@ -8,10 +8,8 @@ package azidentity
import (
"context"
- "errors"
"os"
"strings"
- "time"
"github.com/Azure/azure-sdk-for-go/sdk/azcore"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
@@ -98,13 +96,13 @@ func NewDefaultAzureCredential(options *DefaultAzureCredentialOptions) (*Default
creds = append(creds, &defaultCredentialErrorReporter{credType: credNameWorkloadIdentity, err: err})
}
- o := &ManagedIdentityCredentialOptions{ClientOptions: options.ClientOptions}
+ o := &ManagedIdentityCredentialOptions{ClientOptions: options.ClientOptions, dac: true}
if ID, ok := os.LookupEnv(azureClientID); ok {
o.ID = ClientID(ID)
}
miCred, err := NewManagedIdentityCredential(o)
if err == nil {
- creds = append(creds, &timeoutWrapper{mic: miCred, timeout: time.Second})
+ creds = append(creds, miCred)
} else {
errorMessages = append(errorMessages, credNameManagedIdentity+": "+err.Error())
creds = append(creds, &defaultCredentialErrorReporter{credType: credNameManagedIdentity, err: err})
@@ -158,51 +156,10 @@ type defaultCredentialErrorReporter struct {
}
func (d *defaultCredentialErrorReporter) GetToken(ctx context.Context, opts policy.TokenRequestOptions) (azcore.AccessToken, error) {
- if _, ok := d.err.(*credentialUnavailableError); ok {
+ if _, ok := d.err.(credentialUnavailable); ok {
return azcore.AccessToken{}, d.err
}
return azcore.AccessToken{}, newCredentialUnavailableError(d.credType, d.err.Error())
}
var _ azcore.TokenCredential = (*defaultCredentialErrorReporter)(nil)
-
-// timeoutWrapper prevents a potentially very long timeout when managed identity isn't available
-type timeoutWrapper struct {
- mic *ManagedIdentityCredential
- // timeout applies to all auth attempts until one doesn't time out
- timeout time.Duration
-}
-
-// GetToken wraps DefaultAzureCredential's initial managed identity auth attempt with a short timeout
-// because managed identity may not be available and connecting to IMDS can take several minutes to time out.
-func (w *timeoutWrapper) GetToken(ctx context.Context, opts policy.TokenRequestOptions) (azcore.AccessToken, error) {
- var tk azcore.AccessToken
- var err error
- // no need to synchronize around this value because it's written only within ChainedTokenCredential's critical section
- if w.timeout > 0 {
- c, cancel := context.WithTimeout(ctx, w.timeout)
- defer cancel()
- tk, err = w.mic.GetToken(c, opts)
- if isAuthFailedDueToContext(err) {
- err = newCredentialUnavailableError(credNameManagedIdentity, "managed identity timed out. See https://aka.ms/azsdk/go/identity/troubleshoot#dac for more information")
- } else {
- // some managed identity implementation is available, so don't apply the timeout to future calls
- w.timeout = 0
- }
- } else {
- tk, err = w.mic.GetToken(ctx, opts)
- }
- return tk, err
-}
-
-// unwraps nested AuthenticationFailedErrors to get the root error
-func isAuthFailedDueToContext(err error) bool {
- for {
- var authFailedErr *AuthenticationFailedError
- if !errors.As(err, &authFailedErr) {
- break
- }
- err = authFailedErr.err
- }
- return errors.Is(err, context.Canceled) || errors.Is(err, context.DeadlineExceeded)
-}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/developer_credential_util.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/developer_credential_util.go
index d8b952f532e..be963d3a2af 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/developer_credential_util.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/developer_credential_util.go
@@ -19,7 +19,7 @@ const cliTimeout = 10 * time.Second
// the next credential in its chain (another developer credential).
func unavailableIfInChain(err error, inDefaultChain bool) error {
if err != nil && inDefaultChain {
- var unavailableErr *credentialUnavailableError
+ var unavailableErr credentialUnavailable
if !errors.As(err, &unavailableErr) {
err = newCredentialUnavailableError(credNameAzureDeveloperCLI, err.Error())
}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/device_code_credential.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/device_code_credential.go
index 1b7a283703a..cd30bedd5e9 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/device_code_credential.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/device_code_credential.go
@@ -34,8 +34,8 @@ type DeviceCodeCredentialOptions struct {
ClientID string
// disableAutomaticAuthentication prevents the credential from automatically prompting the user to authenticate.
- // When this option is true, [DeviceCodeCredential.GetToken] will return [ErrAuthenticationRequired] when user
- // interaction is necessary to acquire a token.
+ // When this option is true, GetToken will return authenticationRequiredError when user interaction is necessary
+ // to acquire a token.
disableAutomaticAuthentication bool
// DisableInstanceDiscovery should be set true only by applications authenticating in disconnected clouds, or
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/environment_credential.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/environment_credential.go
index 42f84875e23..b30f5474f55 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/environment_credential.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/environment_credential.go
@@ -57,6 +57,9 @@ type EnvironmentCredentialOptions struct {
//
// AZURE_CLIENT_CERTIFICATE_PASSWORD: (optional) password for the certificate file.
//
+// Note that this credential uses [ParseCertificates] to load the certificate and key from the file. If this
+// function isn't able to parse your certificate, use [ClientCertificateCredential] instead.
+//
// # User with username and password
//
// AZURE_TENANT_ID: (optional) tenant to authenticate in. Defaults to "organizations".
@@ -121,7 +124,7 @@ func NewEnvironmentCredential(options *EnvironmentCredentialOptions) (*Environme
}
certs, key, err := ParseCertificates(certData, password)
if err != nil {
- return nil, fmt.Errorf(`failed to load certificate from "%s": %v`, certPath, err)
+ return nil, fmt.Errorf("failed to parse %q due to error %q. This may be due to a limitation of this module's certificate loader. Consider calling NewClientCertificateCredential instead", certPath, err.Error())
}
o := &ClientCertificateCredentialOptions{
AdditionallyAllowedTenants: additionalTenants,
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/errors.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/errors.go
index 335d2b7dcf2..35fa01d136e 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/errors.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/errors.go
@@ -13,15 +13,12 @@ import (
"fmt"
"net/http"
+ "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime"
"github.com/Azure/azure-sdk-for-go/sdk/internal/errorinfo"
msal "github.com/AzureAD/microsoft-authentication-library-for-go/apps/errors"
)
-// errAuthenticationRequired indicates a credential's Authenticate method must be called to acquire a token
-// because user interaction is required and the credential is configured not to automatically prompt the user.
-var errAuthenticationRequired error = &credentialUnavailableError{"can't acquire a token without user interaction. Call Authenticate to interactively authenticate a user"}
-
// getResponseFromError retrieves the response carried by
// an AuthenticationFailedError or MSAL CallErr, if any
func getResponseFromError(err error) *http.Response {
@@ -56,7 +53,7 @@ func (e *AuthenticationFailedError) Error() string {
return e.credType + ": " + e.message
}
msg := &bytes.Buffer{}
- fmt.Fprintf(msg, e.credType+" authentication failed\n")
+ fmt.Fprintf(msg, "%s authentication failed. %s\n", e.credType, e.message)
if e.RawResponse.Request != nil {
fmt.Fprintf(msg, "%s %s://%s%s\n", e.RawResponse.Request.Method, e.RawResponse.Request.URL.Scheme, e.RawResponse.Request.URL.Host, e.RawResponse.Request.URL.Path)
} else {
@@ -86,6 +83,8 @@ func (e *AuthenticationFailedError) Error() string {
anchor = "azure-cli"
case credNameAzureDeveloperCLI:
anchor = "azd"
+ case credNameAzurePipelines:
+ anchor = "apc"
case credNameCert:
anchor = "client-cert"
case credNameSecret:
@@ -110,8 +109,34 @@ func (*AuthenticationFailedError) NonRetriable() {
var _ errorinfo.NonRetriable = (*AuthenticationFailedError)(nil)
-// credentialUnavailableError indicates a credential can't attempt authentication because it lacks required
-// data or state
+// authenticationRequiredError indicates a credential's Authenticate method must be called to acquire a token
+// because the credential requires user interaction and is configured not to request it automatically.
+type authenticationRequiredError struct {
+ credentialUnavailableError
+
+ // TokenRequestOptions for the required token. Pass this to the credential's Authenticate method.
+ TokenRequestOptions policy.TokenRequestOptions
+}
+
+func newauthenticationRequiredError(credType string, tro policy.TokenRequestOptions) error {
+ return &authenticationRequiredError{
+ credentialUnavailableError: credentialUnavailableError{
+ credType + " can't acquire a token without user interaction. Call Authenticate to authenticate a user interactively",
+ },
+ TokenRequestOptions: tro,
+ }
+}
+
+var (
+ _ credentialUnavailable = (*authenticationRequiredError)(nil)
+ _ errorinfo.NonRetriable = (*authenticationRequiredError)(nil)
+)
+
+type credentialUnavailable interface {
+ error
+ credentialUnavailable()
+}
+
type credentialUnavailableError struct {
message string
}
@@ -135,6 +160,11 @@ func (e *credentialUnavailableError) Error() string {
}
// NonRetriable is a marker method indicating this error should not be retried. It has no implementation.
-func (e *credentialUnavailableError) NonRetriable() {}
+func (*credentialUnavailableError) NonRetriable() {}
+
+func (*credentialUnavailableError) credentialUnavailable() {}
-var _ errorinfo.NonRetriable = (*credentialUnavailableError)(nil)
+var (
+ _ credentialUnavailable = (*credentialUnavailableError)(nil)
+ _ errorinfo.NonRetriable = (*credentialUnavailableError)(nil)
+)
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/go.work.sum b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/go.work.sum
index 65bcba7dfea..c592f283b6b 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/go.work.sum
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/go.work.sum
@@ -3,12 +3,20 @@ github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.0-beta.1/go.mod h1:3Ug6Qzto9an
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.0 h1:fb8kj/Dh4CSwgsOzHeZY4Xh68cFVbzXx+ONXGMY//4w=
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.0/go.mod h1:uReU2sSxZExRPBAg3qKzmAucSi51+SP1OhohieR821Q=
github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0/go.mod h1:okt5dMMTOFjX/aovMlrjvvXoPMBVSPzk9185BT0+eZM=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2/go.mod h1:yInRyqWXAuaPrgI7p70+lDDgh3mlBohis29jGMISnmc=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI=
github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/keybase/dbus v0.0.0-20220506165403-5aa21ea2c23a/go.mod h1:YPNKjjE7Ubp9dTbnWvsP3HT+hYnY6TfXzubYTBeUxc8=
github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
github.com/montanaflynn/stats v0.7.0/go.mod h1:etXPPgVO6n31NxCd9KQUMvCM+ve0ruNzt6R8Bnaayow=
+github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
+github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
@@ -16,14 +24,19 @@ github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
+golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
+golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8=
+golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -35,7 +48,13 @@ golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
+golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk=
+golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
+golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0=
golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
+golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/interactive_browser_credential.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/interactive_browser_credential.go
index bd829698375..056785a8a33 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/interactive_browser_credential.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/interactive_browser_credential.go
@@ -33,8 +33,8 @@ type InteractiveBrowserCredentialOptions struct {
ClientID string
// disableAutomaticAuthentication prevents the credential from automatically prompting the user to authenticate.
- // When this option is true, [InteractiveBrowserCredential.GetToken] will return [ErrAuthenticationRequired] when
- // user interaction is necessary to acquire a token.
+ // When this option is true, GetToken will return authenticationRequiredError when user interaction is necessary
+ // to acquire a token.
disableAutomaticAuthentication bool
// DisableInstanceDiscovery should be set true only by applications authenticating in disconnected clouds, or
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/managed-identity-matrix.json b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/managed-identity-matrix.json
new file mode 100644
index 00000000000..1c3791777a1
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/managed-identity-matrix.json
@@ -0,0 +1,17 @@
+{
+ "include": [
+ {
+ "Agent": {
+ "msi_image": {
+ "ArmTemplateParameters": "@{deployResources = $true}",
+ "OSVmImage": "env:LINUXNEXTVMIMAGE",
+ "Pool": "env:LINUXPOOL"
+ }
+ },
+ "GoVersion": [
+ "1.22.1"
+ ],
+ "IDENTITY_IMDS_AVAILABLE": "1"
+ }
+ ]
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/managed_identity_client.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/managed_identity_client.go
index d129a1e91c2..6122cc70050 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/managed_identity_client.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/managed_identity_client.go
@@ -14,13 +14,15 @@ import (
"net/http"
"net/url"
"os"
+ "path/filepath"
+ "runtime"
"strconv"
"strings"
"time"
"github.com/Azure/azure-sdk-for-go/sdk/azcore"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
- "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime"
+ azruntime "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/streaming"
"github.com/Azure/azure-sdk-for-go/sdk/internal/log"
"github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential"
@@ -44,6 +46,8 @@ const (
serviceFabricAPIVersion = "2019-07-01-preview"
)
+var imdsProbeTimeout = time.Second
+
type msiType int
const (
@@ -55,13 +59,28 @@ const (
msiTypeServiceFabric
)
-// managedIdentityClient provides the base for authenticating in managed identity environments
-// This type includes an runtime.Pipeline and TokenCredentialOptions.
type managedIdentityClient struct {
- azClient *azcore.Client
- msiType msiType
- endpoint string
- id ManagedIDKind
+ azClient *azcore.Client
+ endpoint string
+ id ManagedIDKind
+ msiType msiType
+ probeIMDS bool
+}
+
+// arcKeyDirectory returns the directory expected to contain Azure Arc keys
+var arcKeyDirectory = func() (string, error) {
+ switch runtime.GOOS {
+ case "linux":
+ return "/var/opt/azcmagent/tokens", nil
+ case "windows":
+ pd := os.Getenv("ProgramData")
+ if pd == "" {
+ return "", errors.New("environment variable ProgramData has no value")
+ }
+ return filepath.Join(pd, "AzureConnectedMachineAgent", "Tokens"), nil
+ default:
+ return "", fmt.Errorf("unsupported OS %q", runtime.GOOS)
+ }
}
type wrappedNumber json.Number
@@ -88,7 +107,7 @@ func setIMDSRetryOptionDefaults(o *policy.RetryOptions) {
if o.StatusCodes == nil {
o.StatusCodes = []int{
// IMDS docs recommend retrying 404, 410, 429 and 5xx
- // https://learn.microsoft.com/azure/active-directory/managed-identities-azure-resources/how-to-use-vm-token#error-handling
+ // https://learn.microsoft.com/entra/identity/managed-identities-azure-resources/how-to-use-vm-token#error-handling
http.StatusNotFound, // 404
http.StatusGone, // 410
http.StatusTooManyRequests, // 429
@@ -147,11 +166,12 @@ func newManagedIdentityClient(options *ManagedIdentityCredentialOptions) (*manag
c.msiType = msiTypeCloudShell
}
} else {
+ c.probeIMDS = options.dac
setIMDSRetryOptionDefaults(&cp.Retry)
}
- client, err := azcore.NewClient(module, version, runtime.PipelineOptions{
- Tracing: runtime.TracingOptions{
+ client, err := azcore.NewClient(module, version, azruntime.PipelineOptions{
+ Tracing: azruntime.TracingOptions{
Namespace: traceNamespace,
},
}, &cp)
@@ -180,6 +200,27 @@ func (c *managedIdentityClient) provideToken(ctx context.Context, params confide
// authenticate acquires an access token
func (c *managedIdentityClient) authenticate(ctx context.Context, id ManagedIDKind, scopes []string) (azcore.AccessToken, error) {
+ // no need to synchronize around this value because it's true only when DefaultAzureCredential constructed the client,
+ // and in that case ChainedTokenCredential.GetToken synchronizes goroutines that would execute this block
+ if c.probeIMDS {
+ cx, cancel := context.WithTimeout(ctx, imdsProbeTimeout)
+ defer cancel()
+ cx = policy.WithRetryOptions(cx, policy.RetryOptions{MaxRetries: -1})
+ req, err := azruntime.NewRequest(cx, http.MethodGet, c.endpoint)
+ if err == nil {
+ _, err = c.azClient.Pipeline().Do(req)
+ }
+ if err != nil {
+ msg := err.Error()
+ if errors.Is(err, context.Canceled) || errors.Is(err, context.DeadlineExceeded) {
+ msg = "managed identity timed out. See https://aka.ms/azsdk/go/identity/troubleshoot#dac for more information"
+ }
+ return azcore.AccessToken{}, newCredentialUnavailableError(credNameManagedIdentity, msg)
+ }
+ // send normal token requests from now on because something responded
+ c.probeIMDS = false
+ }
+
msg, err := c.createAuthRequest(ctx, id, scopes)
if err != nil {
return azcore.AccessToken{}, err
@@ -190,7 +231,7 @@ func (c *managedIdentityClient) authenticate(ctx context.Context, id ManagedIDKi
return azcore.AccessToken{}, newAuthenticationFailedError(credNameManagedIdentity, err.Error(), nil, err)
}
- if runtime.HasStatusCode(resp, http.StatusOK, http.StatusCreated) {
+ if azruntime.HasStatusCode(resp, http.StatusOK, http.StatusCreated) {
return c.createAccessToken(resp)
}
@@ -201,15 +242,15 @@ func (c *managedIdentityClient) authenticate(ctx context.Context, id ManagedIDKi
return azcore.AccessToken{}, newAuthenticationFailedError(credNameManagedIdentity, "the requested identity isn't assigned to this resource", resp, nil)
}
msg := "failed to authenticate a system assigned identity"
- if body, err := runtime.Payload(resp); err == nil && len(body) > 0 {
+ if body, err := azruntime.Payload(resp); err == nil && len(body) > 0 {
msg += fmt.Sprintf(". The endpoint responded with %s", body)
}
return azcore.AccessToken{}, newCredentialUnavailableError(credNameManagedIdentity, msg)
case http.StatusForbidden:
// Docker Desktop runs a proxy that responds 403 to IMDS token requests. If we get that response,
// we return credentialUnavailableError so credential chains continue to their next credential
- body, err := runtime.Payload(resp)
- if err == nil && strings.Contains(string(body), "A socket operation was attempted to an unreachable network") {
+ body, err := azruntime.Payload(resp)
+ if err == nil && strings.Contains(string(body), "unreachable") {
return azcore.AccessToken{}, newCredentialUnavailableError(credNameManagedIdentity, fmt.Sprintf("unexpected response %q", string(body)))
}
}
@@ -226,7 +267,7 @@ func (c *managedIdentityClient) createAccessToken(res *http.Response) (azcore.Ac
ExpiresIn wrappedNumber `json:"expires_in,omitempty"` // this field should always return the number of seconds for which a token is valid
ExpiresOn interface{} `json:"expires_on,omitempty"` // the value returned in this field varies between a number and a date string
}{}
- if err := runtime.UnmarshalAsJSON(res, &value); err != nil {
+ if err := azruntime.UnmarshalAsJSON(res, &value); err != nil {
return azcore.AccessToken{}, fmt.Errorf("internal AccessToken: %v", err)
}
if value.ExpiresIn != "" {
@@ -276,7 +317,7 @@ func (c *managedIdentityClient) createAuthRequest(ctx context.Context, id Manage
}
func (c *managedIdentityClient) createIMDSAuthRequest(ctx context.Context, id ManagedIDKind, scopes []string) (*policy.Request, error) {
- request, err := runtime.NewRequest(ctx, http.MethodGet, c.endpoint)
+ request, err := azruntime.NewRequest(ctx, http.MethodGet, c.endpoint)
if err != nil {
return nil, err
}
@@ -296,7 +337,7 @@ func (c *managedIdentityClient) createIMDSAuthRequest(ctx context.Context, id Ma
}
func (c *managedIdentityClient) createAppServiceAuthRequest(ctx context.Context, id ManagedIDKind, scopes []string) (*policy.Request, error) {
- request, err := runtime.NewRequest(ctx, http.MethodGet, c.endpoint)
+ request, err := azruntime.NewRequest(ctx, http.MethodGet, c.endpoint)
if err != nil {
return nil, err
}
@@ -316,7 +357,7 @@ func (c *managedIdentityClient) createAppServiceAuthRequest(ctx context.Context,
}
func (c *managedIdentityClient) createAzureMLAuthRequest(ctx context.Context, id ManagedIDKind, scopes []string) (*policy.Request, error) {
- request, err := runtime.NewRequest(ctx, http.MethodGet, c.endpoint)
+ request, err := azruntime.NewRequest(ctx, http.MethodGet, c.endpoint)
if err != nil {
return nil, err
}
@@ -339,7 +380,7 @@ func (c *managedIdentityClient) createAzureMLAuthRequest(ctx context.Context, id
}
func (c *managedIdentityClient) createServiceFabricAuthRequest(ctx context.Context, id ManagedIDKind, scopes []string) (*policy.Request, error) {
- request, err := runtime.NewRequest(ctx, http.MethodGet, c.endpoint)
+ request, err := azruntime.NewRequest(ctx, http.MethodGet, c.endpoint)
if err != nil {
return nil, err
}
@@ -362,7 +403,7 @@ func (c *managedIdentityClient) createServiceFabricAuthRequest(ctx context.Conte
func (c *managedIdentityClient) getAzureArcSecretKey(ctx context.Context, resources []string) (string, error) {
// create the request to retreive the secret key challenge provided by the HIMDS service
- request, err := runtime.NewRequest(ctx, http.MethodGet, c.endpoint)
+ request, err := azruntime.NewRequest(ctx, http.MethodGet, c.endpoint)
if err != nil {
return "", err
}
@@ -384,22 +425,36 @@ func (c *managedIdentityClient) getAzureArcSecretKey(ctx context.Context, resour
}
header := response.Header.Get("WWW-Authenticate")
if len(header) == 0 {
- return "", errors.New("did not receive a value from WWW-Authenticate header")
+ return "", newAuthenticationFailedError(credNameManagedIdentity, "HIMDS response has no WWW-Authenticate header", nil, nil)
}
// the WWW-Authenticate header is expected in the following format: Basic realm=/some/file/path.key
- pos := strings.LastIndex(header, "=")
- if pos == -1 {
- return "", fmt.Errorf("did not receive a correct value from WWW-Authenticate header: %s", header)
+ _, p, found := strings.Cut(header, "=")
+ if !found {
+ return "", newAuthenticationFailedError(credNameManagedIdentity, "unexpected WWW-Authenticate header from HIMDS: "+header, nil, nil)
+ }
+ expected, err := arcKeyDirectory()
+ if err != nil {
+ return "", err
+ }
+ if filepath.Dir(p) != expected || !strings.HasSuffix(p, ".key") {
+ return "", newAuthenticationFailedError(credNameManagedIdentity, "unexpected file path from HIMDS service: "+p, nil, nil)
+ }
+ f, err := os.Stat(p)
+ if err != nil {
+ return "", newAuthenticationFailedError(credNameManagedIdentity, fmt.Sprintf("could not stat %q: %v", p, err), nil, nil)
+ }
+ if s := f.Size(); s > 4096 {
+ return "", newAuthenticationFailedError(credNameManagedIdentity, fmt.Sprintf("key is too large (%d bytes)", s), nil, nil)
}
- key, err := os.ReadFile(header[pos+1:])
+ key, err := os.ReadFile(p)
if err != nil {
- return "", fmt.Errorf("could not read file (%s) contents: %v", header[pos+1:], err)
+ return "", newAuthenticationFailedError(credNameManagedIdentity, fmt.Sprintf("could not read %q: %v", p, err), nil, nil)
}
return string(key), nil
}
func (c *managedIdentityClient) createAzureArcAuthRequest(ctx context.Context, id ManagedIDKind, resources []string, key string) (*policy.Request, error) {
- request, err := runtime.NewRequest(ctx, http.MethodGet, c.endpoint)
+ request, err := azruntime.NewRequest(ctx, http.MethodGet, c.endpoint)
if err != nil {
return nil, err
}
@@ -421,7 +476,7 @@ func (c *managedIdentityClient) createAzureArcAuthRequest(ctx context.Context, i
}
func (c *managedIdentityClient) createCloudShellAuthRequest(ctx context.Context, id ManagedIDKind, scopes []string) (*policy.Request, error) {
- request, err := runtime.NewRequest(ctx, http.MethodPost, c.endpoint)
+ request, err := azruntime.NewRequest(ctx, http.MethodPost, c.endpoint)
if err != nil {
return nil, err
}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/managed_identity_credential.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/managed_identity_credential.go
index dcd278befa1..13c043d8e0c 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/managed_identity_credential.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/managed_identity_credential.go
@@ -64,12 +64,19 @@ type ManagedIdentityCredentialOptions struct {
// instead of the hosting environment's default. The value may be the identity's client ID or resource ID, but note that
// some platforms don't accept resource IDs.
ID ManagedIDKind
+
+ // dac indicates whether the credential is part of DefaultAzureCredential. When true, and the environment doesn't have
+ // configuration for a specific managed identity API, the credential tries to determine whether IMDS is available before
+ // sending its first token request. It does this by sending a malformed request with a short timeout. Any response to that
+ // request is taken to mean IMDS is available, in which case the credential will send ordinary token requests thereafter
+ // with no special timeout. The purpose of this behavior is to prevent a very long timeout when IMDS isn't available.
+ dac bool
}
// ManagedIdentityCredential authenticates an Azure managed identity in any hosting environment supporting managed identities.
// This credential authenticates a system-assigned identity by default. Use ManagedIdentityCredentialOptions.ID to specify a
// user-assigned identity. See Microsoft Entra ID documentation for more information about managed identities:
-// https://learn.microsoft.com/azure/active-directory/managed-identities-azure-resources/overview
+// https://learn.microsoft.com/entra/identity/managed-identities-azure-resources/overview
type ManagedIdentityCredential struct {
client *confidentialClient
mic *managedIdentityClient
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/on_behalf_of_credential.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/on_behalf_of_credential.go
index 5e67cf02145..9dcc82f013b 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/on_behalf_of_credential.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/on_behalf_of_credential.go
@@ -10,6 +10,7 @@ import (
"context"
"crypto"
"crypto/x509"
+ "errors"
"github.com/Azure/azure-sdk-for-go/sdk/azcore"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
@@ -24,7 +25,7 @@ const credNameOBO = "OnBehalfOfCredential"
// is not an interactive authentication flow, an application using it must have admin consent for any delegated
// permissions before requesting tokens for them. See [Microsoft Entra ID documentation] for more details.
//
-// [Microsoft Entra ID documentation]: https://learn.microsoft.com/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow
+// [Microsoft Entra ID documentation]: https://learn.microsoft.com/entra/identity-platform/v2-oauth2-on-behalf-of-flow
type OnBehalfOfCredential struct {
client *confidentialClient
}
@@ -60,6 +61,19 @@ func NewOnBehalfOfCredentialWithCertificate(tenantID, clientID, userAssertion st
return newOnBehalfOfCredential(tenantID, clientID, userAssertion, cred, options)
}
+// NewOnBehalfOfCredentialWithClientAssertions constructs an OnBehalfOfCredential that authenticates with client assertions.
+// userAssertion is the user's access token for the application. The getAssertion function should return client assertions
+// that authenticate the application to Microsoft Entra ID, such as federated credentials.
+func NewOnBehalfOfCredentialWithClientAssertions(tenantID, clientID, userAssertion string, getAssertion func(context.Context) (string, error), options *OnBehalfOfCredentialOptions) (*OnBehalfOfCredential, error) {
+ if getAssertion == nil {
+ return nil, errors.New("getAssertion can't be nil. It must be a function that returns client assertions")
+ }
+ cred := confidential.NewCredFromAssertionCallback(func(ctx context.Context, _ confidential.AssertionRequestOptions) (string, error) {
+ return getAssertion(ctx)
+ })
+ return newOnBehalfOfCredential(tenantID, clientID, userAssertion, cred, options)
+}
+
// NewOnBehalfOfCredentialWithSecret constructs an OnBehalfOfCredential that authenticates with a client secret.
func NewOnBehalfOfCredentialWithSecret(tenantID, clientID, userAssertion, clientSecret string, options *OnBehalfOfCredentialOptions) (*OnBehalfOfCredential, error) {
cred, err := confidential.NewCredFromSecret(clientSecret)
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/public_client.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/public_client.go
index 63c31190d18..b3d22dbf3ce 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/public_client.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/public_client.go
@@ -152,7 +152,7 @@ func (p *publicClient) GetToken(ctx context.Context, tro policy.TokenRequestOpti
return p.token(ar, err)
}
if p.opts.DisableAutomaticAuthentication {
- return azcore.AccessToken{}, errAuthenticationRequired
+ return azcore.AccessToken{}, newauthenticationRequiredError(p.name, tro)
}
at, err := p.reqToken(ctx, client, tro)
if err == nil {
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/test-resources-post.ps1 b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/test-resources-post.ps1
new file mode 100644
index 00000000000..a69bbce34c4
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/test-resources-post.ps1
@@ -0,0 +1,112 @@
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License.
+
+# IMPORTANT: Do not invoke this file directly. Please instead run eng/common/TestResources/New-TestResources.ps1 from the repository root.
+
+param (
+ [hashtable] $AdditionalParameters = @{},
+ [hashtable] $DeploymentOutputs
+)
+
+$ErrorActionPreference = 'Stop'
+$PSNativeCommandUseErrorActionPreference = $true
+
+if ($CI) {
+ if (!$AdditionalParameters['deployResources']) {
+ Write-Host "Skipping post-provisioning script because resources weren't deployed"
+ return
+ }
+ az login --service-principal -u $DeploymentOutputs['AZIDENTITY_CLIENT_ID'] -p $DeploymentOutputs['AZIDENTITY_CLIENT_SECRET'] --tenant $DeploymentOutputs['AZIDENTITY_TENANT_ID']
+ az account set --subscription $DeploymentOutputs['AZIDENTITY_SUBSCRIPTION_ID']
+}
+
+Write-Host "Building container"
+$image = "$($DeploymentOutputs['AZIDENTITY_ACR_LOGIN_SERVER'])/azidentity-managed-id-test"
+Set-Content -Path "$PSScriptRoot/Dockerfile" -Value @"
+FROM mcr.microsoft.com/oss/go/microsoft/golang:latest as builder
+ENV GOARCH=amd64 GOWORK=off
+COPY . /azidentity
+WORKDIR /azidentity/testdata/managed-id-test
+RUN go mod tidy
+RUN go build -o /build/managed-id-test .
+RUN GOOS=windows go build -o /build/managed-id-test.exe .
+
+FROM mcr.microsoft.com/mirror/docker/library/alpine:3.16
+RUN apk add gcompat
+COPY --from=builder /build/* .
+RUN chmod +x managed-id-test
+CMD ["./managed-id-test"]
+"@
+# build from sdk/azidentity because we need that dir in the context (because the test app uses local azidentity)
+docker build -t $image "$PSScriptRoot"
+az acr login -n $DeploymentOutputs['AZIDENTITY_ACR_NAME']
+docker push $image
+
+$rg = $DeploymentOutputs['AZIDENTITY_RESOURCE_GROUP']
+
+# ACI is easier to provision here than in the bicep file because the image isn't available before now
+Write-Host "Deploying Azure Container Instance"
+$aciName = "azidentity-test"
+az container create -g $rg -n $aciName --image $image `
+ --acr-identity $($DeploymentOutputs['AZIDENTITY_USER_ASSIGNED_IDENTITY']) `
+ --assign-identity [system] $($DeploymentOutputs['AZIDENTITY_USER_ASSIGNED_IDENTITY']) `
+ --role "Storage Blob Data Reader" `
+ --scope $($DeploymentOutputs['AZIDENTITY_STORAGE_ID']) `
+ -e AZIDENTITY_STORAGE_NAME=$($DeploymentOutputs['AZIDENTITY_STORAGE_NAME']) `
+ AZIDENTITY_STORAGE_NAME_USER_ASSIGNED=$($DeploymentOutputs['AZIDENTITY_STORAGE_NAME_USER_ASSIGNED']) `
+ AZIDENTITY_USER_ASSIGNED_IDENTITY=$($DeploymentOutputs['AZIDENTITY_USER_ASSIGNED_IDENTITY']) `
+ FUNCTIONS_CUSTOMHANDLER_PORT=80
+Write-Host "##vso[task.setvariable variable=AZIDENTITY_ACI_NAME;]$aciName"
+
+# Azure Functions deployment: copy the Windows binary from the Docker image, deploy it in a zip
+Write-Host "Deploying to Azure Functions"
+$container = docker create $image
+docker cp ${container}:managed-id-test.exe "$PSScriptRoot/testdata/managed-id-test/"
+docker rm -v $container
+Compress-Archive -Path "$PSScriptRoot/testdata/managed-id-test/*" -DestinationPath func.zip -Force
+az functionapp deploy -g $rg -n $DeploymentOutputs['AZIDENTITY_FUNCTION_NAME'] --src-path func.zip --type zip
+
+Write-Host "Creating federated identity"
+$aksName = $DeploymentOutputs['AZIDENTITY_AKS_NAME']
+$idName = $DeploymentOutputs['AZIDENTITY_USER_ASSIGNED_IDENTITY_NAME']
+$issuer = az aks show -g $rg -n $aksName --query "oidcIssuerProfile.issuerUrl" -otsv
+$podName = "azidentity-test"
+$serviceAccountName = "workload-identity-sa"
+az identity federated-credential create -g $rg --identity-name $idName --issuer $issuer --name $idName --subject system:serviceaccount:default:$serviceAccountName
+Write-Host "Deploying to AKS"
+az aks get-credentials -g $rg -n $aksName
+az aks update --attach-acr $DeploymentOutputs['AZIDENTITY_ACR_NAME'] -g $rg -n $aksName
+Set-Content -Path "$PSScriptRoot/k8s.yaml" -Value @"
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ annotations:
+ azure.workload.identity/client-id: $($DeploymentOutputs['AZIDENTITY_USER_ASSIGNED_IDENTITY_CLIENT_ID'])
+ name: $serviceAccountName
+ namespace: default
+---
+apiVersion: v1
+kind: Pod
+metadata:
+ name: $podName
+ namespace: default
+ labels:
+ app: $podName
+ azure.workload.identity/use: "true"
+spec:
+ serviceAccountName: $serviceAccountName
+ containers:
+ - name: $podName
+ image: $image
+ env:
+ - name: AZIDENTITY_STORAGE_NAME
+ value: $($DeploymentOutputs['AZIDENTITY_STORAGE_NAME_USER_ASSIGNED'])
+ - name: AZIDENTITY_USE_WORKLOAD_IDENTITY
+ value: "true"
+ - name: FUNCTIONS_CUSTOMHANDLER_PORT
+ value: "80"
+ nodeSelector:
+ kubernetes.io/os: linux
+"@
+kubectl apply -f "$PSScriptRoot/k8s.yaml"
+Write-Host "##vso[task.setvariable variable=AZIDENTITY_POD_NAME;]$podName"
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/test-resources-pre.ps1 b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/test-resources-pre.ps1
index fe0183addeb..58766d0a022 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/test-resources-pre.ps1
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/test-resources-pre.ps1
@@ -1,36 +1,44 @@
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License.
+
+# IMPORTANT: Do not invoke this file directly. Please instead run eng/common/TestResources/New-TestResources.ps1 from the repository root.
+
[CmdletBinding(SupportsShouldProcess = $true, ConfirmImpact = 'Medium')]
param (
+ [hashtable] $AdditionalParameters = @{},
+
# Captures any arguments from eng/New-TestResources.ps1 not declared here (no parameter errors).
[Parameter(ValueFromRemainingArguments = $true)]
$RemainingArguments
)
+if (-not (Test-Path "$PSScriptRoot/sshkey.pub")) {
+ ssh-keygen -t rsa -b 4096 -f "$PSScriptRoot/sshkey" -N '' -C ''
+}
+$templateFileParameters['sshPubKey'] = Get-Content "$PSScriptRoot/sshkey.pub"
+
if (!$CI) {
# TODO: Remove this once auto-cloud config downloads are supported locally
Write-Host "Skipping cert setup in local testing mode"
return
}
-if ($EnvironmentVariables -eq $null -or $EnvironmentVariables.Count -eq 0) {
+if ($null -eq $EnvironmentVariables -or $EnvironmentVariables.Count -eq 0) {
throw "EnvironmentVariables must be set in the calling script New-TestResources.ps1"
}
$tmp = $env:TEMP ? $env:TEMP : [System.IO.Path]::GetTempPath()
$pfxPath = Join-Path $tmp "test.pfx"
$pemPath = Join-Path $tmp "test.pem"
-$sniPath = Join-Path $tmp "testsni.pfx"
-Write-Host "Creating identity test files: $pfxPath $pemPath $sniPath"
+Write-Host "Creating identity test files: $pfxPath $pemPath"
[System.Convert]::FromBase64String($EnvironmentVariables['PFX_CONTENTS']) | Set-Content -Path $pfxPath -AsByteStream
Set-Content -Path $pemPath -Value $EnvironmentVariables['PEM_CONTENTS']
-[System.Convert]::FromBase64String($EnvironmentVariables['SNI_CONTENTS']) | Set-Content -Path $sniPath -AsByteStream
# Set for pipeline
Write-Host "##vso[task.setvariable variable=IDENTITY_SP_CERT_PFX;]$pfxPath"
Write-Host "##vso[task.setvariable variable=IDENTITY_SP_CERT_PEM;]$pemPath"
-Write-Host "##vso[task.setvariable variable=IDENTITY_SP_CERT_SNI;]$sniPath"
# Set for local
$env:IDENTITY_SP_CERT_PFX = $pfxPath
$env:IDENTITY_SP_CERT_PEM = $pemPath
-$env:IDENTITY_SP_CERT_SNI = $sniPath
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/test-resources.bicep b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/test-resources.bicep
index b3490d3b50a..2a216529309 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/test-resources.bicep
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/test-resources.bicep
@@ -1 +1,219 @@
-param baseName string
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+@description('Kubernetes cluster admin user name.')
+param adminUser string = 'azureuser'
+
+@minLength(6)
+@maxLength(23)
+@description('The base resource name.')
+param baseName string = resourceGroup().name
+
+@description('Whether to deploy resources. When set to false, this file deploys nothing.')
+param deployResources bool = false
+
+param sshPubKey string = ''
+
+@description('The location of the resource. By default, this is the same as the resource group.')
+param location string = resourceGroup().location
+
+// https://learn.microsoft.com/azure/role-based-access-control/built-in-roles
+var acrPull = subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7f951dda-4ed3-4680-a7ca-43fe172d538d')
+var blobReader = subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '2a2b9908-6ea1-4ae2-8e65-a410df84e7d1')
+
+resource sa 'Microsoft.Storage/storageAccounts@2021-08-01' = if (deployResources) {
+ kind: 'StorageV2'
+ location: location
+ name: 'sa${uniqueString(baseName)}'
+ properties: {
+ accessTier: 'Hot'
+ }
+ sku: {
+ name: 'Standard_LRS'
+ }
+}
+
+resource saUserAssigned 'Microsoft.Storage/storageAccounts@2021-08-01' = if (deployResources) {
+ kind: 'StorageV2'
+ location: location
+ name: 'sa2${uniqueString(baseName)}'
+ properties: {
+ accessTier: 'Hot'
+ }
+ sku: {
+ name: 'Standard_LRS'
+ }
+}
+
+resource usermgdid 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = if (deployResources) {
+ location: location
+ name: baseName
+}
+
+resource acrPullContainerInstance 'Microsoft.Authorization/roleAssignments@2022-04-01' = if (deployResources) {
+ name: guid(resourceGroup().id, acrPull, 'containerInstance')
+ properties: {
+ principalId: deployResources ? usermgdid.properties.principalId : ''
+ principalType: 'ServicePrincipal'
+ roleDefinitionId: acrPull
+ }
+ scope: containerRegistry
+}
+
+resource blobRoleUserAssigned 'Microsoft.Authorization/roleAssignments@2022-04-01' = if (deployResources) {
+ scope: saUserAssigned
+ name: guid(resourceGroup().id, blobReader, usermgdid.id)
+ properties: {
+ principalId: deployResources ? usermgdid.properties.principalId : ''
+ principalType: 'ServicePrincipal'
+ roleDefinitionId: blobReader
+ }
+}
+
+resource blobRoleFunc 'Microsoft.Authorization/roleAssignments@2022-04-01' = if (deployResources) {
+ name: guid(resourceGroup().id, blobReader, 'azfunc')
+ properties: {
+ principalId: deployResources ? azfunc.identity.principalId : ''
+ roleDefinitionId: blobReader
+ principalType: 'ServicePrincipal'
+ }
+ scope: sa
+}
+
+resource containerRegistry 'Microsoft.ContainerRegistry/registries@2023-01-01-preview' = if (deployResources) {
+ location: location
+ name: uniqueString(resourceGroup().id)
+ properties: {
+ adminUserEnabled: true
+ }
+ sku: {
+ name: 'Basic'
+ }
+}
+
+resource farm 'Microsoft.Web/serverfarms@2021-03-01' = if (deployResources) {
+ kind: 'app'
+ location: location
+ name: '${baseName}_asp'
+ properties: {}
+ sku: {
+ capacity: 1
+ family: 'B'
+ name: 'B1'
+ size: 'B1'
+ tier: 'Basic'
+ }
+}
+
+resource azfunc 'Microsoft.Web/sites@2021-03-01' = if (deployResources) {
+ identity: {
+ type: 'SystemAssigned, UserAssigned'
+ userAssignedIdentities: {
+ '${deployResources ? usermgdid.id : ''}': {}
+ }
+ }
+ kind: 'functionapp'
+ location: location
+ name: '${baseName}func'
+ properties: {
+ enabled: true
+ httpsOnly: true
+ keyVaultReferenceIdentity: 'SystemAssigned'
+ serverFarmId: farm.id
+ siteConfig: {
+ alwaysOn: true
+ appSettings: [
+ {
+ name: 'AZIDENTITY_STORAGE_NAME'
+ value: deployResources ? sa.name : null
+ }
+ {
+ name: 'AZIDENTITY_STORAGE_NAME_USER_ASSIGNED'
+ value: deployResources ? saUserAssigned.name : null
+ }
+ {
+ name: 'AZIDENTITY_USER_ASSIGNED_IDENTITY'
+ value: deployResources ? usermgdid.id : null
+ }
+ {
+ name: 'AzureWebJobsStorage'
+ value: 'DefaultEndpointsProtocol=https;AccountName=${deployResources ? sa.name : ''};EndpointSuffix=${deployResources ? environment().suffixes.storage : ''};AccountKey=${deployResources ? sa.listKeys().keys[0].value : ''}'
+ }
+ {
+ name: 'FUNCTIONS_EXTENSION_VERSION'
+ value: '~4'
+ }
+ {
+ name: 'FUNCTIONS_WORKER_RUNTIME'
+ value: 'custom'
+ }
+ {
+ name: 'WEBSITE_CONTENTAZUREFILECONNECTIONSTRING'
+ value: 'DefaultEndpointsProtocol=https;AccountName=${deployResources ? sa.name : ''};EndpointSuffix=${deployResources ? environment().suffixes.storage : ''};AccountKey=${deployResources ? sa.listKeys().keys[0].value : ''}'
+ }
+ {
+ name: 'WEBSITE_CONTENTSHARE'
+ value: toLower('${baseName}-func')
+ }
+ ]
+ http20Enabled: true
+ minTlsVersion: '1.2'
+ }
+ }
+}
+
+resource aks 'Microsoft.ContainerService/managedClusters@2023-06-01' = if (deployResources) {
+ name: baseName
+ location: location
+ identity: {
+ type: 'SystemAssigned'
+ }
+ properties: {
+ agentPoolProfiles: [
+ {
+ count: 1
+ enableAutoScaling: false
+ kubeletDiskType: 'OS'
+ mode: 'System'
+ name: 'agentpool'
+ osDiskSizeGB: 128
+ osDiskType: 'Managed'
+ osSKU: 'Ubuntu'
+ osType: 'Linux'
+ type: 'VirtualMachineScaleSets'
+ vmSize: 'Standard_D2s_v3'
+ }
+ ]
+ dnsPrefix: 'identitytest'
+ enableRBAC: true
+ linuxProfile: {
+ adminUsername: adminUser
+ ssh: {
+ publicKeys: [
+ {
+ keyData: sshPubKey
+ }
+ ]
+ }
+ }
+ oidcIssuerProfile: {
+ enabled: true
+ }
+ securityProfile: {
+ workloadIdentity: {
+ enabled: true
+ }
+ }
+ }
+}
+
+output AZIDENTITY_ACR_LOGIN_SERVER string = deployResources ? containerRegistry.properties.loginServer : ''
+output AZIDENTITY_ACR_NAME string = deployResources ? containerRegistry.name : ''
+output AZIDENTITY_AKS_NAME string = deployResources ? aks.name : ''
+output AZIDENTITY_FUNCTION_NAME string = deployResources ? azfunc.name : ''
+output AZIDENTITY_STORAGE_ID string = deployResources ? sa.id : ''
+output AZIDENTITY_STORAGE_NAME string = deployResources ? sa.name : ''
+output AZIDENTITY_STORAGE_NAME_USER_ASSIGNED string = deployResources ? saUserAssigned.name : ''
+output AZIDENTITY_USER_ASSIGNED_IDENTITY string = deployResources ? usermgdid.id : ''
+output AZIDENTITY_USER_ASSIGNED_IDENTITY_CLIENT_ID string = deployResources ? usermgdid.properties.clientId : ''
+output AZIDENTITY_USER_ASSIGNED_IDENTITY_NAME string = deployResources ? usermgdid.name : ''
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/version.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/version.go
index 9b9d7ae0d20..4305b5d3d80 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/version.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/version.go
@@ -14,5 +14,5 @@ const (
module = "github.com/Azure/azure-sdk-for-go/sdk/" + component
// Version is the semantic version (see http://semver.org) of this module.
- version = "v1.5.2"
+ version = "v1.7.0"
)
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azeventgrid/internal/version.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azeventgrid/internal/version.go
index fd89cab620c..08e8f005d2a 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azeventgrid/internal/version.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azeventgrid/internal/version.go
@@ -14,5 +14,5 @@ const (
ModuleName = "azeventgrid"
// ModuleVersion is the semantic version (see http://semver.org) of this module.
- ModuleVersion = "v0.5.0"
+ ModuleVersion = "v0.4.0"
)
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azeventgrid/publisher/README.md b/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azeventgrid/publisher/README.md
index fc77f82e2d0..873680e7be8 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azeventgrid/publisher/README.md
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azeventgrid/publisher/README.md
@@ -1,7 +1,5 @@
# Azure Event Grid Publisher Client Module for Go
-**Please note this package has been moved to: [azeventgrid](https://github.com/Azure/azure-sdk-for-go/blob/main/sdk/messaging/eventgrid/azeventgrid).**
-
[Azure Event Grid](https://learn.microsoft.com/azure/event-grid/overview) is a highly scalable, fully managed Pub Sub message distribution service that offers flexible message consumption patterns. For more information about Event Grid see: [link](https://learn.microsoft.com/azure/event-grid/overview).
The client in this package can publish events to [Event Grid topics](https://learn.microsoft.com/azure/event-grid/concepts).
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus/CHANGELOG.md b/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus/CHANGELOG.md
index 988db23a29c..796215fa484 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus/CHANGELOG.md
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus/CHANGELOG.md
@@ -1,11 +1,5 @@
# Release History
-## 1.7.1 (2024-05-20)
-
-### Bugs Fixed
-
-- Emulator strings should allow for hosts other than localhost (PR#22898)
-
## 1.7.0 (2024-04-02)
### Features Added
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus/internal/conn/conn.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus/internal/conn/conn.go
index 4d11f9f1882..ce0e2610dfc 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus/internal/conn/conn.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus/internal/conn/conn.go
@@ -100,13 +100,14 @@ func ParseConnectionString(connStr string) (ConnectionStringProperties, error) {
}
if csp.Emulator {
+ // check that they're only connecting to localhost
endpointParts := strings.SplitN(csp.Endpoint, ":", 3) // allow for a port, if it exists.
- if len(endpointParts) < 2 || endpointParts[0] != "sb" {
- // there should always be at least two parts "sb:" and "//"
+ if len(endpointParts) < 2 || endpointParts[0] != "sb" || endpointParts[1] != "//localhost" {
+ // there should always be at least two parts "sb:" and "//localhost"
// with an optional 3rd piece that's the port "1111".
// (we don't need to validate it's a valid host since it's been through url.Parse() above)
- return ConnectionStringProperties{}, fmt.Errorf("UseDevelopmentEmulator=true can only be used with sb:// or sb://:, not %s", csp.Endpoint)
+ return ConnectionStringProperties{}, fmt.Errorf("UseDevelopmentEmulator=true can only be used with sb://localhost or sb://localhost:, not %s", csp.Endpoint)
}
}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus/internal/constants.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus/internal/constants.go
index f3079017326..a2402e48ac3 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus/internal/constants.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus/internal/constants.go
@@ -4,4 +4,4 @@
package internal
// Version is the semantic version number
-const Version = "v1.7.1"
+const Version = "v1.7.0"
diff --git a/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/client_intermediate_cert.der b/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/client_intermediate_cert.der
deleted file mode 100644
index 958f3cfaddf..00000000000
Binary files a/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/client_intermediate_cert.der and /dev/null differ
diff --git a/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/client_leaf_cert.der b/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/client_leaf_cert.der
deleted file mode 100644
index d2817641baf..00000000000
Binary files a/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/client_leaf_cert.der and /dev/null differ
diff --git a/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/client_root_cert.der b/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/client_root_cert.der
deleted file mode 100644
index d8c3710c85f..00000000000
Binary files a/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/client_root_cert.der and /dev/null differ
diff --git a/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/server_intermediate_cert.der b/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/server_intermediate_cert.der
deleted file mode 100644
index dae619c0975..00000000000
Binary files a/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/server_intermediate_cert.der and /dev/null differ
diff --git a/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/server_leaf_cert.der b/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/server_leaf_cert.der
deleted file mode 100644
index ce7f8d31d68..00000000000
Binary files a/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/server_leaf_cert.der and /dev/null differ
diff --git a/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/server_root_cert.der b/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/server_root_cert.der
deleted file mode 100644
index 04b0d73600b..00000000000
Binary files a/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/server_root_cert.der and /dev/null differ
diff --git a/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/client_cert.der b/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/client_cert.der
deleted file mode 100644
index d8c3710c85f..00000000000
Binary files a/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/client_cert.der and /dev/null differ
diff --git a/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/client_cert.pem b/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/client_cert.pem
deleted file mode 100644
index 493a5a26481..00000000000
--- a/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/client_cert.pem
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID8TCCAtmgAwIBAgIUKXNlBRVe6UepjQUijIFPZBd/4qYwDQYJKoZIhvcNAQEL
-BQAwgYcxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTESMBAGA1UEBwwJU3Vubnl2
-YWxlMRAwDgYDVQQKDAdDb21wYW55MREwDwYDVQQLDAhEaXZpc2lvbjEWMBQGA1UE
-AwwNczJhX3Rlc3RfY2VydDEaMBgGCSqGSIb3DQEJARYLeHl6QHh5ei5jb20wHhcN
-MjIwNTMxMjAwMzE1WhcNNDIwNTI2MjAwMzE1WjCBhzELMAkGA1UEBhMCVVMxCzAJ
-BgNVBAgMAkNBMRIwEAYDVQQHDAlTdW5ueXZhbGUxEDAOBgNVBAoMB0NvbXBhbnkx
-ETAPBgNVBAsMCERpdmlzaW9uMRYwFAYDVQQDDA1zMmFfdGVzdF9jZXJ0MRowGAYJ
-KoZIhvcNAQkBFgt4eXpAeHl6LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-AQoCggEBAOOFuIucH7XXfohGxKd3uR/ihUA/LdduR9I8kfpUEbq5BOt8xZe5/Yn9
-a1ozEHVW6cOAbHbnwAR8tkSgZ/t42QIA2k77HWU1Jh2xiEIsJivo3imm4/kZWuR0
-OqPh7MhzxpR/hvNwpI5mJsAVBWFMa5KtecFZLnyZtwHylrRN1QXzuLrOxuKFufK3
-RKbTABScn5RbZL976H/jgfSeXrbt242NrIoBnVe6fRbekbq2DQ6zFArbQMUgHjHK
-P0UqBgdr1QmHfi9KytFyx9BTP3gXWnWIu+bY7/v7qKJMHFwGETo+dCLWYevJL316
-HnLfhApDMfP8U+Yv/y1N/YvgaSOSlEcCAwEAAaNTMFEwHQYDVR0OBBYEFKhAU4nu
-0h/lrnggbIGvx4ej0WklMB8GA1UdIwQYMBaAFKhAU4nu0h/lrnggbIGvx4ej0Wkl
-MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAE/6NghzQ5fu6yR6
-EHKbj/YMrFdT7aGn5n2sAf7wJ33LIhiFHkpWBsVlm7rDtZtwhe891ZK/P60anlg9
-/P0Ua53tSRVRmCvTnEbXWOVMN4is6MsR7BlmzUxl4AtIn7jbeifEwRL7B4xDYmdA
-QrQnsqoz45dLgS5xK4WDqXATP09Q91xQDuhud/b+A4jrvgwFASmL7rMIZbp4f1JQ
-nlnl/9VoTBQBvJiWkDUtQDMpRLtauddEkv4AGz75p5IspXWD6cOemuh2iQec11xD
-X20rs2WZbAcAiUa3nmy8OKYw435vmpj8gp39WYbX/Yx9TymrFFbVY92wYn+quTco
-pKklVz0=
------END CERTIFICATE-----
diff --git a/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/client_key.pem b/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/client_key.pem
deleted file mode 100644
index 55a7f10c742..00000000000
--- a/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/client_key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEA44W4i5wftdd+iEbEp3e5H+KFQD8t125H0jyR+lQRurkE63zF
-l7n9if1rWjMQdVbpw4BsdufABHy2RKBn+3jZAgDaTvsdZTUmHbGIQiwmK+jeKabj
-+Rla5HQ6o+HsyHPGlH+G83CkjmYmwBUFYUxrkq15wVkufJm3AfKWtE3VBfO4us7G
-4oW58rdEptMAFJyflFtkv3vof+OB9J5etu3bjY2sigGdV7p9Ft6RurYNDrMUCttA
-xSAeMco/RSoGB2vVCYd+L0rK0XLH0FM/eBdadYi75tjv+/uookwcXAYROj50ItZh
-68kvfXoect+ECkMx8/xT5i//LU39i+BpI5KURwIDAQABAoIBABgyjo/6iLzUMFbZ
-/+w3pW6orrdIgN2akvTfED9pVYFgUA+jc3hRhY95bkNnjuaL2cy7Cc4Tk65mfRQL
-Y0OxdJLr+EvSFSxAXM9npDA1ddHRsF8JqtFBSxNk8R+g1Yf0GDiO35Fgd3/ViWWA
-VtQkRoSRApP3oiQKTRZd8H04keFR+PvmDk/Lq11l3Kc24A1PevKIPX1oI990ggw9
-9i4uSV+cnuMxmcI9xxJtgwdDFdjr39l2arLOHr4s6LGoV2IOdXHNlv5xRqWUZ0FH
-MDHowkLgwDrdSTnNeaVNkce14Gqx+bd4hNaLCdKXMpedBTEmrut3f3hdV1kKjaKt
-aqRYr8ECgYEA/YDGZY2jvFoHHBywlqmEMFrrCvQGH51m5R1Ntpkzr+Rh3YCmrpvq
-xgwJXING0PUw3dz+xrH5lJICrfNE5Kt3fPu1rAEy+13mYsNowghtUq2Rtu0Hsjjx
-2E3Bf8vEB6RNBMmGkUpTTIAroGF5tpJoRvfnWax+k4pFdrKYFtyZdNcCgYEA5cNv
-EPltvOobjTXlUmtVP3n27KZN2aXexTcagLzRxE9CV4cYySENl3KuOMmccaZpIl6z
-aHk6BT4X+M0LqElNUczrInfVqI+SGAFLGy7W6CJaqSr6cpyFUP/fosKpm6wKGgLq
-udHfpvz5rckhKd8kJxFLvhGOK9yN5qpzih0gfhECgYAJfwRvk3G5wYmYpP58dlcs
-VIuPenqsPoI3PPTHTU/hW+XKnWIhElgmGRdUrto9Q6IT/Y5RtSMLTLjq+Tzwb/fm
-56rziYv2XJsfwgAvnI8z1Kqrto9ePsHYf3krJ1/thVsZPc9bq/QY3ohD1sLvcuaT
-GgBBnLOVJU3a12/ZE2RwOwKBgF0csWMAoj8/5IB6if+3ral2xOGsl7oPZVMo/J2V
-Z7EVqb4M6rd/pKFugTpUQgkwtkSOekhpcGD1hAN5HTNK2YG/+L5UMAsKe9sskwJm
-HgOfAHy0BSDzW3ey6i9skg2bT9Cww+0gJ3Hl7U1HSCBO5LjMYpSZSrNtwzfqdb5Q
-BX3xAoGARZdR28Ej3+/+0+fz47Yu2h4z0EI/EbrudLOWY936jIeAVwHckI3+BuqH
-qR4poj1gfbnMxNuI9UzIXzjEmGewx9kDZ7IYnvloZKqoVQODO5GlKF2ja6IcMNlh
-GCNdD6PSAS6HcmalmWo9sj+1YMkrl+GJikKZqVBHrHNwMGAG67w=
------END RSA PRIVATE KEY-----
diff --git a/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/server_cert.der b/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/server_cert.der
deleted file mode 100644
index 04b0d73600b..00000000000
Binary files a/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/server_cert.der and /dev/null differ
diff --git a/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/server_cert.pem b/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/server_cert.pem
deleted file mode 100644
index 0f98322c724..00000000000
--- a/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/server_cert.pem
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID8TCCAtmgAwIBAgIUKCoDuLtiZXvhsBY2RoDm0ugizJ8wDQYJKoZIhvcNAQEL
-BQAwgYcxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTESMBAGA1UEBwwJU3Vubnl2
-YWxlMRAwDgYDVQQKDAdDb21wYW55MREwDwYDVQQLDAhEaXZpc2lvbjEWMBQGA1UE
-AwwNczJhX3Rlc3RfY2VydDEaMBgGCSqGSIb3DQEJARYLeHl6QHh5ei5jb20wHhcN
-MjIwNTMxMjAwODI1WhcNNDIwNTI2MjAwODI1WjCBhzELMAkGA1UEBhMCVVMxCzAJ
-BgNVBAgMAkNBMRIwEAYDVQQHDAlTdW5ueXZhbGUxEDAOBgNVBAoMB0NvbXBhbnkx
-ETAPBgNVBAsMCERpdmlzaW9uMRYwFAYDVQQDDA1zMmFfdGVzdF9jZXJ0MRowGAYJ
-KoZIhvcNAQkBFgt4eXpAeHl6LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-AQoCggEBAKK1++PXQ+M3hjYH/v0K4UEYl5ljzpNM1i52eQM+gFooojT87PDSaphT
-fs0PXy/PTAjHBEvPhWpOpmQXfJNYzjwcCvg66hbqkv++/VTZiFLAsHagzkEz+FRJ
-qT5Eq7G5FLyw1izX1uxyPN7tAEWEEg7eqsiaXD3Cq8+TYN9cjirPeF7RZF8yFCYE
-xqvbo+Yc6RL6xw19iXVTfctRgQe581KQuIY5/LXo3dWDEilFdsADAe8XAEcO64es
-Ow0g1UvXLnpXSE151kXBFb3sKH/ZjCecDYMCIMEb4sWLSblkSxJ5sNSmXIG4wtr2
-Qnii7CXZgnVYraQE/Jyh+NMQANuoSdMCAwEAAaNTMFEwHQYDVR0OBBYEFAyQQQuM
-ab+YUQqjK8dVVOoHVFmXMB8GA1UdIwQYMBaAFAyQQQuMab+YUQqjK8dVVOoHVFmX
-MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBADj0vQ6ykWhicoqR
-e6VZMwlEJV7/DSvWWKBd9MUjfKye0A4565ya5lmnzP3DiD3nqGe3miqmLsXKDs+X
-POqlPXTWIamP7D4MJ32XtSLwZB4ru+I+Ao/P/VngPepoRPQoBnzHe7jww0rokqxl
-AZERjlbTUwUAy/BPWPSzSJZ2j0tcs6ZLDNyYzpK4ao8R9/1VmQ92Tcp3feJs1QTg
-odRQc3om/AkWOwsll+oyX0UbJeHkFHiLanUPXbdh+/BkSvZJ8ynL+feSDdaurPe+
-PSfnqLtQft9/neecGRdEaQzzzSFVQUVQzTdK1Q7hA7b55b2HvIa3ktDiks+sJsYN
-Dhm6uZM=
------END CERTIFICATE-----
diff --git a/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/server_key.pem b/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/server_key.pem
deleted file mode 100644
index 81afea783df..00000000000
--- a/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/server_key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAorX749dD4zeGNgf+/QrhQRiXmWPOk0zWLnZ5Az6AWiiiNPzs
-8NJqmFN+zQ9fL89MCMcES8+Fak6mZBd8k1jOPBwK+DrqFuqS/779VNmIUsCwdqDO
-QTP4VEmpPkSrsbkUvLDWLNfW7HI83u0ARYQSDt6qyJpcPcKrz5Ng31yOKs94XtFk
-XzIUJgTGq9uj5hzpEvrHDX2JdVN9y1GBB7nzUpC4hjn8tejd1YMSKUV2wAMB7xcA
-Rw7rh6w7DSDVS9cueldITXnWRcEVvewof9mMJ5wNgwIgwRvixYtJuWRLEnmw1KZc
-gbjC2vZCeKLsJdmCdVitpAT8nKH40xAA26hJ0wIDAQABAoIBACaNR+lsD8G+XiZf
-LqN1+HkcAo9tfnyYMAdCOtnx7SdviT9Uzi8hK/B7mAeuJLeHPlS2EuaDfPD7QaFl
-jza6S+MiIdc+3kgfvESsVAnOoOY6kZUJ9NSuI6CU82y1iJjLaYZrv9NQMLRFPPb0
-4KOX709mosB1EnXvshW0rbc+jtDFhrm1SxMt+k9TuzmMxjbOeW4LOLXPgU8X1T3Q
-Xy0hMZZtcgBs9wFIo8yCtmOixax9pnFE8rRltgDxTodn9LLdz1FieyntNgDksZ0P
-nt4kV7Mqly7ELaea+Foaj244mKsesic2e3GhAlMRLun/VSunSf7mOCxfpITB8dp1
-drDhOYECgYEA19151dVxRcviuovN6Dar+QszMTnU8pDJ8BjLFjXjP/hNBBwMTHDE
-duMuWk2qnwZqMooI/shxrF/ufmTgS0CFrh2+ANBZu27vWConJNXcyNtdigI4wt50
-L0Y2qcZn2mg67qFXHwoR3QNwrwnPwEjRXA09at9CSRZzcwDQ0ETXhYsCgYEAwPaG
-06QdK8Zyly7TTzZJwxzv9uGiqzodmGtX6NEKjgij2JaCxHpukqZBJoqa0jKeK1cm
-eNVkOvT5ff9TMzarSHQLr3pZen2/oVLb5gaFkbcJt/klv9Fd+ZRilHY3i6QwS6pD
-uMiPOWS4DrLHDRVoVlAZTDjT1RVwwTs+P2NhJdkCgYEAsriXysbxBYyMp05gqEW7
-lHIFbFgpSrs9th+Q5U6wW6JEgYaHWDJ1NslY80MiZI93FWjbkbZ7BvBWESeL3EIL
-a+EMErht0pVCbIhZ6FF4foPAqia0wAJVx14mm+G80kNBp5jE/NnleEsE3KcO7nBb
-hg8gLn+x7bk81JZ0TDrzBYkCgYEAuQKluv47SeF3tSScTfKLPpvcKCWmxe1uutkQ
-7JShPhVioyOMNb39jnYBOWbjkm4d4QgqRuiytSR0oi3QI+Ziy5EYMyNn713qAk9j
-r2TJZDDPDKnBW+zt4YI4EohWMXk3JRUW4XDKggjjwJQA7bZ812TtHHvP/xoThfG7
-eSNb3eECgYBw6ssgCtMrdvQiEmjKVX/9yI38mvC2kSGyzbrQnGUfgqRGomRpeZuD
-B5E3kysA4td5pT5lvcLgSW0TbOz+YbiriXjwOihPIelCvc9gE2eOUI71/byUWPFz
-7u5F/xQ4NaGr5suLF+lBC6h7pSbM4El9lIHQAQadpuEdzHqrw+hs3g==
------END RSA PRIVATE KEY-----
diff --git a/vendor/github.com/google/s2a-go/internal/v2/testdata/client_cert.pem b/vendor/github.com/google/s2a-go/internal/v2/testdata/client_cert.pem
deleted file mode 100644
index 493a5a26481..00000000000
--- a/vendor/github.com/google/s2a-go/internal/v2/testdata/client_cert.pem
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID8TCCAtmgAwIBAgIUKXNlBRVe6UepjQUijIFPZBd/4qYwDQYJKoZIhvcNAQEL
-BQAwgYcxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTESMBAGA1UEBwwJU3Vubnl2
-YWxlMRAwDgYDVQQKDAdDb21wYW55MREwDwYDVQQLDAhEaXZpc2lvbjEWMBQGA1UE
-AwwNczJhX3Rlc3RfY2VydDEaMBgGCSqGSIb3DQEJARYLeHl6QHh5ei5jb20wHhcN
-MjIwNTMxMjAwMzE1WhcNNDIwNTI2MjAwMzE1WjCBhzELMAkGA1UEBhMCVVMxCzAJ
-BgNVBAgMAkNBMRIwEAYDVQQHDAlTdW5ueXZhbGUxEDAOBgNVBAoMB0NvbXBhbnkx
-ETAPBgNVBAsMCERpdmlzaW9uMRYwFAYDVQQDDA1zMmFfdGVzdF9jZXJ0MRowGAYJ
-KoZIhvcNAQkBFgt4eXpAeHl6LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-AQoCggEBAOOFuIucH7XXfohGxKd3uR/ihUA/LdduR9I8kfpUEbq5BOt8xZe5/Yn9
-a1ozEHVW6cOAbHbnwAR8tkSgZ/t42QIA2k77HWU1Jh2xiEIsJivo3imm4/kZWuR0
-OqPh7MhzxpR/hvNwpI5mJsAVBWFMa5KtecFZLnyZtwHylrRN1QXzuLrOxuKFufK3
-RKbTABScn5RbZL976H/jgfSeXrbt242NrIoBnVe6fRbekbq2DQ6zFArbQMUgHjHK
-P0UqBgdr1QmHfi9KytFyx9BTP3gXWnWIu+bY7/v7qKJMHFwGETo+dCLWYevJL316
-HnLfhApDMfP8U+Yv/y1N/YvgaSOSlEcCAwEAAaNTMFEwHQYDVR0OBBYEFKhAU4nu
-0h/lrnggbIGvx4ej0WklMB8GA1UdIwQYMBaAFKhAU4nu0h/lrnggbIGvx4ej0Wkl
-MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAE/6NghzQ5fu6yR6
-EHKbj/YMrFdT7aGn5n2sAf7wJ33LIhiFHkpWBsVlm7rDtZtwhe891ZK/P60anlg9
-/P0Ua53tSRVRmCvTnEbXWOVMN4is6MsR7BlmzUxl4AtIn7jbeifEwRL7B4xDYmdA
-QrQnsqoz45dLgS5xK4WDqXATP09Q91xQDuhud/b+A4jrvgwFASmL7rMIZbp4f1JQ
-nlnl/9VoTBQBvJiWkDUtQDMpRLtauddEkv4AGz75p5IspXWD6cOemuh2iQec11xD
-X20rs2WZbAcAiUa3nmy8OKYw435vmpj8gp39WYbX/Yx9TymrFFbVY92wYn+quTco
-pKklVz0=
------END CERTIFICATE-----
diff --git a/vendor/github.com/google/s2a-go/internal/v2/testdata/client_key.pem b/vendor/github.com/google/s2a-go/internal/v2/testdata/client_key.pem
deleted file mode 100644
index 55a7f10c742..00000000000
--- a/vendor/github.com/google/s2a-go/internal/v2/testdata/client_key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEA44W4i5wftdd+iEbEp3e5H+KFQD8t125H0jyR+lQRurkE63zF
-l7n9if1rWjMQdVbpw4BsdufABHy2RKBn+3jZAgDaTvsdZTUmHbGIQiwmK+jeKabj
-+Rla5HQ6o+HsyHPGlH+G83CkjmYmwBUFYUxrkq15wVkufJm3AfKWtE3VBfO4us7G
-4oW58rdEptMAFJyflFtkv3vof+OB9J5etu3bjY2sigGdV7p9Ft6RurYNDrMUCttA
-xSAeMco/RSoGB2vVCYd+L0rK0XLH0FM/eBdadYi75tjv+/uookwcXAYROj50ItZh
-68kvfXoect+ECkMx8/xT5i//LU39i+BpI5KURwIDAQABAoIBABgyjo/6iLzUMFbZ
-/+w3pW6orrdIgN2akvTfED9pVYFgUA+jc3hRhY95bkNnjuaL2cy7Cc4Tk65mfRQL
-Y0OxdJLr+EvSFSxAXM9npDA1ddHRsF8JqtFBSxNk8R+g1Yf0GDiO35Fgd3/ViWWA
-VtQkRoSRApP3oiQKTRZd8H04keFR+PvmDk/Lq11l3Kc24A1PevKIPX1oI990ggw9
-9i4uSV+cnuMxmcI9xxJtgwdDFdjr39l2arLOHr4s6LGoV2IOdXHNlv5xRqWUZ0FH
-MDHowkLgwDrdSTnNeaVNkce14Gqx+bd4hNaLCdKXMpedBTEmrut3f3hdV1kKjaKt
-aqRYr8ECgYEA/YDGZY2jvFoHHBywlqmEMFrrCvQGH51m5R1Ntpkzr+Rh3YCmrpvq
-xgwJXING0PUw3dz+xrH5lJICrfNE5Kt3fPu1rAEy+13mYsNowghtUq2Rtu0Hsjjx
-2E3Bf8vEB6RNBMmGkUpTTIAroGF5tpJoRvfnWax+k4pFdrKYFtyZdNcCgYEA5cNv
-EPltvOobjTXlUmtVP3n27KZN2aXexTcagLzRxE9CV4cYySENl3KuOMmccaZpIl6z
-aHk6BT4X+M0LqElNUczrInfVqI+SGAFLGy7W6CJaqSr6cpyFUP/fosKpm6wKGgLq
-udHfpvz5rckhKd8kJxFLvhGOK9yN5qpzih0gfhECgYAJfwRvk3G5wYmYpP58dlcs
-VIuPenqsPoI3PPTHTU/hW+XKnWIhElgmGRdUrto9Q6IT/Y5RtSMLTLjq+Tzwb/fm
-56rziYv2XJsfwgAvnI8z1Kqrto9ePsHYf3krJ1/thVsZPc9bq/QY3ohD1sLvcuaT
-GgBBnLOVJU3a12/ZE2RwOwKBgF0csWMAoj8/5IB6if+3ral2xOGsl7oPZVMo/J2V
-Z7EVqb4M6rd/pKFugTpUQgkwtkSOekhpcGD1hAN5HTNK2YG/+L5UMAsKe9sskwJm
-HgOfAHy0BSDzW3ey6i9skg2bT9Cww+0gJ3Hl7U1HSCBO5LjMYpSZSrNtwzfqdb5Q
-BX3xAoGARZdR28Ej3+/+0+fz47Yu2h4z0EI/EbrudLOWY936jIeAVwHckI3+BuqH
-qR4poj1gfbnMxNuI9UzIXzjEmGewx9kDZ7IYnvloZKqoVQODO5GlKF2ja6IcMNlh
-GCNdD6PSAS6HcmalmWo9sj+1YMkrl+GJikKZqVBHrHNwMGAG67w=
------END RSA PRIVATE KEY-----
diff --git a/vendor/github.com/google/s2a-go/internal/v2/testdata/server_cert.pem b/vendor/github.com/google/s2a-go/internal/v2/testdata/server_cert.pem
deleted file mode 100644
index 0f98322c724..00000000000
--- a/vendor/github.com/google/s2a-go/internal/v2/testdata/server_cert.pem
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID8TCCAtmgAwIBAgIUKCoDuLtiZXvhsBY2RoDm0ugizJ8wDQYJKoZIhvcNAQEL
-BQAwgYcxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTESMBAGA1UEBwwJU3Vubnl2
-YWxlMRAwDgYDVQQKDAdDb21wYW55MREwDwYDVQQLDAhEaXZpc2lvbjEWMBQGA1UE
-AwwNczJhX3Rlc3RfY2VydDEaMBgGCSqGSIb3DQEJARYLeHl6QHh5ei5jb20wHhcN
-MjIwNTMxMjAwODI1WhcNNDIwNTI2MjAwODI1WjCBhzELMAkGA1UEBhMCVVMxCzAJ
-BgNVBAgMAkNBMRIwEAYDVQQHDAlTdW5ueXZhbGUxEDAOBgNVBAoMB0NvbXBhbnkx
-ETAPBgNVBAsMCERpdmlzaW9uMRYwFAYDVQQDDA1zMmFfdGVzdF9jZXJ0MRowGAYJ
-KoZIhvcNAQkBFgt4eXpAeHl6LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-AQoCggEBAKK1++PXQ+M3hjYH/v0K4UEYl5ljzpNM1i52eQM+gFooojT87PDSaphT
-fs0PXy/PTAjHBEvPhWpOpmQXfJNYzjwcCvg66hbqkv++/VTZiFLAsHagzkEz+FRJ
-qT5Eq7G5FLyw1izX1uxyPN7tAEWEEg7eqsiaXD3Cq8+TYN9cjirPeF7RZF8yFCYE
-xqvbo+Yc6RL6xw19iXVTfctRgQe581KQuIY5/LXo3dWDEilFdsADAe8XAEcO64es
-Ow0g1UvXLnpXSE151kXBFb3sKH/ZjCecDYMCIMEb4sWLSblkSxJ5sNSmXIG4wtr2
-Qnii7CXZgnVYraQE/Jyh+NMQANuoSdMCAwEAAaNTMFEwHQYDVR0OBBYEFAyQQQuM
-ab+YUQqjK8dVVOoHVFmXMB8GA1UdIwQYMBaAFAyQQQuMab+YUQqjK8dVVOoHVFmX
-MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBADj0vQ6ykWhicoqR
-e6VZMwlEJV7/DSvWWKBd9MUjfKye0A4565ya5lmnzP3DiD3nqGe3miqmLsXKDs+X
-POqlPXTWIamP7D4MJ32XtSLwZB4ru+I+Ao/P/VngPepoRPQoBnzHe7jww0rokqxl
-AZERjlbTUwUAy/BPWPSzSJZ2j0tcs6ZLDNyYzpK4ao8R9/1VmQ92Tcp3feJs1QTg
-odRQc3om/AkWOwsll+oyX0UbJeHkFHiLanUPXbdh+/BkSvZJ8ynL+feSDdaurPe+
-PSfnqLtQft9/neecGRdEaQzzzSFVQUVQzTdK1Q7hA7b55b2HvIa3ktDiks+sJsYN
-Dhm6uZM=
------END CERTIFICATE-----
diff --git a/vendor/github.com/google/s2a-go/internal/v2/testdata/server_key.pem b/vendor/github.com/google/s2a-go/internal/v2/testdata/server_key.pem
deleted file mode 100644
index 81afea783df..00000000000
--- a/vendor/github.com/google/s2a-go/internal/v2/testdata/server_key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAorX749dD4zeGNgf+/QrhQRiXmWPOk0zWLnZ5Az6AWiiiNPzs
-8NJqmFN+zQ9fL89MCMcES8+Fak6mZBd8k1jOPBwK+DrqFuqS/779VNmIUsCwdqDO
-QTP4VEmpPkSrsbkUvLDWLNfW7HI83u0ARYQSDt6qyJpcPcKrz5Ng31yOKs94XtFk
-XzIUJgTGq9uj5hzpEvrHDX2JdVN9y1GBB7nzUpC4hjn8tejd1YMSKUV2wAMB7xcA
-Rw7rh6w7DSDVS9cueldITXnWRcEVvewof9mMJ5wNgwIgwRvixYtJuWRLEnmw1KZc
-gbjC2vZCeKLsJdmCdVitpAT8nKH40xAA26hJ0wIDAQABAoIBACaNR+lsD8G+XiZf
-LqN1+HkcAo9tfnyYMAdCOtnx7SdviT9Uzi8hK/B7mAeuJLeHPlS2EuaDfPD7QaFl
-jza6S+MiIdc+3kgfvESsVAnOoOY6kZUJ9NSuI6CU82y1iJjLaYZrv9NQMLRFPPb0
-4KOX709mosB1EnXvshW0rbc+jtDFhrm1SxMt+k9TuzmMxjbOeW4LOLXPgU8X1T3Q
-Xy0hMZZtcgBs9wFIo8yCtmOixax9pnFE8rRltgDxTodn9LLdz1FieyntNgDksZ0P
-nt4kV7Mqly7ELaea+Foaj244mKsesic2e3GhAlMRLun/VSunSf7mOCxfpITB8dp1
-drDhOYECgYEA19151dVxRcviuovN6Dar+QszMTnU8pDJ8BjLFjXjP/hNBBwMTHDE
-duMuWk2qnwZqMooI/shxrF/ufmTgS0CFrh2+ANBZu27vWConJNXcyNtdigI4wt50
-L0Y2qcZn2mg67qFXHwoR3QNwrwnPwEjRXA09at9CSRZzcwDQ0ETXhYsCgYEAwPaG
-06QdK8Zyly7TTzZJwxzv9uGiqzodmGtX6NEKjgij2JaCxHpukqZBJoqa0jKeK1cm
-eNVkOvT5ff9TMzarSHQLr3pZen2/oVLb5gaFkbcJt/klv9Fd+ZRilHY3i6QwS6pD
-uMiPOWS4DrLHDRVoVlAZTDjT1RVwwTs+P2NhJdkCgYEAsriXysbxBYyMp05gqEW7
-lHIFbFgpSrs9th+Q5U6wW6JEgYaHWDJ1NslY80MiZI93FWjbkbZ7BvBWESeL3EIL
-a+EMErht0pVCbIhZ6FF4foPAqia0wAJVx14mm+G80kNBp5jE/NnleEsE3KcO7nBb
-hg8gLn+x7bk81JZ0TDrzBYkCgYEAuQKluv47SeF3tSScTfKLPpvcKCWmxe1uutkQ
-7JShPhVioyOMNb39jnYBOWbjkm4d4QgqRuiytSR0oi3QI+Ziy5EYMyNn713qAk9j
-r2TJZDDPDKnBW+zt4YI4EohWMXk3JRUW4XDKggjjwJQA7bZ812TtHHvP/xoThfG7
-eSNb3eECgYBw6ssgCtMrdvQiEmjKVX/9yI38mvC2kSGyzbrQnGUfgqRGomRpeZuD
-B5E3kysA4td5pT5lvcLgSW0TbOz+YbiriXjwOihPIelCvc9gE2eOUI71/byUWPFz
-7u5F/xQ4NaGr5suLF+lBC6h7pSbM4El9lIHQAQadpuEdzHqrw+hs3g==
------END RSA PRIVATE KEY-----
diff --git a/vendor/github.com/google/s2a-go/internal/v2/tlsconfigstore/testdata/client_cert.pem b/vendor/github.com/google/s2a-go/internal/v2/tlsconfigstore/testdata/client_cert.pem
deleted file mode 100644
index 493a5a26481..00000000000
--- a/vendor/github.com/google/s2a-go/internal/v2/tlsconfigstore/testdata/client_cert.pem
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID8TCCAtmgAwIBAgIUKXNlBRVe6UepjQUijIFPZBd/4qYwDQYJKoZIhvcNAQEL
-BQAwgYcxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTESMBAGA1UEBwwJU3Vubnl2
-YWxlMRAwDgYDVQQKDAdDb21wYW55MREwDwYDVQQLDAhEaXZpc2lvbjEWMBQGA1UE
-AwwNczJhX3Rlc3RfY2VydDEaMBgGCSqGSIb3DQEJARYLeHl6QHh5ei5jb20wHhcN
-MjIwNTMxMjAwMzE1WhcNNDIwNTI2MjAwMzE1WjCBhzELMAkGA1UEBhMCVVMxCzAJ
-BgNVBAgMAkNBMRIwEAYDVQQHDAlTdW5ueXZhbGUxEDAOBgNVBAoMB0NvbXBhbnkx
-ETAPBgNVBAsMCERpdmlzaW9uMRYwFAYDVQQDDA1zMmFfdGVzdF9jZXJ0MRowGAYJ
-KoZIhvcNAQkBFgt4eXpAeHl6LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-AQoCggEBAOOFuIucH7XXfohGxKd3uR/ihUA/LdduR9I8kfpUEbq5BOt8xZe5/Yn9
-a1ozEHVW6cOAbHbnwAR8tkSgZ/t42QIA2k77HWU1Jh2xiEIsJivo3imm4/kZWuR0
-OqPh7MhzxpR/hvNwpI5mJsAVBWFMa5KtecFZLnyZtwHylrRN1QXzuLrOxuKFufK3
-RKbTABScn5RbZL976H/jgfSeXrbt242NrIoBnVe6fRbekbq2DQ6zFArbQMUgHjHK
-P0UqBgdr1QmHfi9KytFyx9BTP3gXWnWIu+bY7/v7qKJMHFwGETo+dCLWYevJL316
-HnLfhApDMfP8U+Yv/y1N/YvgaSOSlEcCAwEAAaNTMFEwHQYDVR0OBBYEFKhAU4nu
-0h/lrnggbIGvx4ej0WklMB8GA1UdIwQYMBaAFKhAU4nu0h/lrnggbIGvx4ej0Wkl
-MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAE/6NghzQ5fu6yR6
-EHKbj/YMrFdT7aGn5n2sAf7wJ33LIhiFHkpWBsVlm7rDtZtwhe891ZK/P60anlg9
-/P0Ua53tSRVRmCvTnEbXWOVMN4is6MsR7BlmzUxl4AtIn7jbeifEwRL7B4xDYmdA
-QrQnsqoz45dLgS5xK4WDqXATP09Q91xQDuhud/b+A4jrvgwFASmL7rMIZbp4f1JQ
-nlnl/9VoTBQBvJiWkDUtQDMpRLtauddEkv4AGz75p5IspXWD6cOemuh2iQec11xD
-X20rs2WZbAcAiUa3nmy8OKYw435vmpj8gp39WYbX/Yx9TymrFFbVY92wYn+quTco
-pKklVz0=
------END CERTIFICATE-----
diff --git a/vendor/github.com/google/s2a-go/internal/v2/tlsconfigstore/testdata/client_key.pem b/vendor/github.com/google/s2a-go/internal/v2/tlsconfigstore/testdata/client_key.pem
deleted file mode 100644
index 55a7f10c742..00000000000
--- a/vendor/github.com/google/s2a-go/internal/v2/tlsconfigstore/testdata/client_key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEA44W4i5wftdd+iEbEp3e5H+KFQD8t125H0jyR+lQRurkE63zF
-l7n9if1rWjMQdVbpw4BsdufABHy2RKBn+3jZAgDaTvsdZTUmHbGIQiwmK+jeKabj
-+Rla5HQ6o+HsyHPGlH+G83CkjmYmwBUFYUxrkq15wVkufJm3AfKWtE3VBfO4us7G
-4oW58rdEptMAFJyflFtkv3vof+OB9J5etu3bjY2sigGdV7p9Ft6RurYNDrMUCttA
-xSAeMco/RSoGB2vVCYd+L0rK0XLH0FM/eBdadYi75tjv+/uookwcXAYROj50ItZh
-68kvfXoect+ECkMx8/xT5i//LU39i+BpI5KURwIDAQABAoIBABgyjo/6iLzUMFbZ
-/+w3pW6orrdIgN2akvTfED9pVYFgUA+jc3hRhY95bkNnjuaL2cy7Cc4Tk65mfRQL
-Y0OxdJLr+EvSFSxAXM9npDA1ddHRsF8JqtFBSxNk8R+g1Yf0GDiO35Fgd3/ViWWA
-VtQkRoSRApP3oiQKTRZd8H04keFR+PvmDk/Lq11l3Kc24A1PevKIPX1oI990ggw9
-9i4uSV+cnuMxmcI9xxJtgwdDFdjr39l2arLOHr4s6LGoV2IOdXHNlv5xRqWUZ0FH
-MDHowkLgwDrdSTnNeaVNkce14Gqx+bd4hNaLCdKXMpedBTEmrut3f3hdV1kKjaKt
-aqRYr8ECgYEA/YDGZY2jvFoHHBywlqmEMFrrCvQGH51m5R1Ntpkzr+Rh3YCmrpvq
-xgwJXING0PUw3dz+xrH5lJICrfNE5Kt3fPu1rAEy+13mYsNowghtUq2Rtu0Hsjjx
-2E3Bf8vEB6RNBMmGkUpTTIAroGF5tpJoRvfnWax+k4pFdrKYFtyZdNcCgYEA5cNv
-EPltvOobjTXlUmtVP3n27KZN2aXexTcagLzRxE9CV4cYySENl3KuOMmccaZpIl6z
-aHk6BT4X+M0LqElNUczrInfVqI+SGAFLGy7W6CJaqSr6cpyFUP/fosKpm6wKGgLq
-udHfpvz5rckhKd8kJxFLvhGOK9yN5qpzih0gfhECgYAJfwRvk3G5wYmYpP58dlcs
-VIuPenqsPoI3PPTHTU/hW+XKnWIhElgmGRdUrto9Q6IT/Y5RtSMLTLjq+Tzwb/fm
-56rziYv2XJsfwgAvnI8z1Kqrto9ePsHYf3krJ1/thVsZPc9bq/QY3ohD1sLvcuaT
-GgBBnLOVJU3a12/ZE2RwOwKBgF0csWMAoj8/5IB6if+3ral2xOGsl7oPZVMo/J2V
-Z7EVqb4M6rd/pKFugTpUQgkwtkSOekhpcGD1hAN5HTNK2YG/+L5UMAsKe9sskwJm
-HgOfAHy0BSDzW3ey6i9skg2bT9Cww+0gJ3Hl7U1HSCBO5LjMYpSZSrNtwzfqdb5Q
-BX3xAoGARZdR28Ej3+/+0+fz47Yu2h4z0EI/EbrudLOWY936jIeAVwHckI3+BuqH
-qR4poj1gfbnMxNuI9UzIXzjEmGewx9kDZ7IYnvloZKqoVQODO5GlKF2ja6IcMNlh
-GCNdD6PSAS6HcmalmWo9sj+1YMkrl+GJikKZqVBHrHNwMGAG67w=
------END RSA PRIVATE KEY-----
diff --git a/vendor/github.com/google/s2a-go/internal/v2/tlsconfigstore/testdata/server_cert.pem b/vendor/github.com/google/s2a-go/internal/v2/tlsconfigstore/testdata/server_cert.pem
deleted file mode 100644
index 0f98322c724..00000000000
--- a/vendor/github.com/google/s2a-go/internal/v2/tlsconfigstore/testdata/server_cert.pem
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID8TCCAtmgAwIBAgIUKCoDuLtiZXvhsBY2RoDm0ugizJ8wDQYJKoZIhvcNAQEL
-BQAwgYcxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTESMBAGA1UEBwwJU3Vubnl2
-YWxlMRAwDgYDVQQKDAdDb21wYW55MREwDwYDVQQLDAhEaXZpc2lvbjEWMBQGA1UE
-AwwNczJhX3Rlc3RfY2VydDEaMBgGCSqGSIb3DQEJARYLeHl6QHh5ei5jb20wHhcN
-MjIwNTMxMjAwODI1WhcNNDIwNTI2MjAwODI1WjCBhzELMAkGA1UEBhMCVVMxCzAJ
-BgNVBAgMAkNBMRIwEAYDVQQHDAlTdW5ueXZhbGUxEDAOBgNVBAoMB0NvbXBhbnkx
-ETAPBgNVBAsMCERpdmlzaW9uMRYwFAYDVQQDDA1zMmFfdGVzdF9jZXJ0MRowGAYJ
-KoZIhvcNAQkBFgt4eXpAeHl6LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-AQoCggEBAKK1++PXQ+M3hjYH/v0K4UEYl5ljzpNM1i52eQM+gFooojT87PDSaphT
-fs0PXy/PTAjHBEvPhWpOpmQXfJNYzjwcCvg66hbqkv++/VTZiFLAsHagzkEz+FRJ
-qT5Eq7G5FLyw1izX1uxyPN7tAEWEEg7eqsiaXD3Cq8+TYN9cjirPeF7RZF8yFCYE
-xqvbo+Yc6RL6xw19iXVTfctRgQe581KQuIY5/LXo3dWDEilFdsADAe8XAEcO64es
-Ow0g1UvXLnpXSE151kXBFb3sKH/ZjCecDYMCIMEb4sWLSblkSxJ5sNSmXIG4wtr2
-Qnii7CXZgnVYraQE/Jyh+NMQANuoSdMCAwEAAaNTMFEwHQYDVR0OBBYEFAyQQQuM
-ab+YUQqjK8dVVOoHVFmXMB8GA1UdIwQYMBaAFAyQQQuMab+YUQqjK8dVVOoHVFmX
-MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBADj0vQ6ykWhicoqR
-e6VZMwlEJV7/DSvWWKBd9MUjfKye0A4565ya5lmnzP3DiD3nqGe3miqmLsXKDs+X
-POqlPXTWIamP7D4MJ32XtSLwZB4ru+I+Ao/P/VngPepoRPQoBnzHe7jww0rokqxl
-AZERjlbTUwUAy/BPWPSzSJZ2j0tcs6ZLDNyYzpK4ao8R9/1VmQ92Tcp3feJs1QTg
-odRQc3om/AkWOwsll+oyX0UbJeHkFHiLanUPXbdh+/BkSvZJ8ynL+feSDdaurPe+
-PSfnqLtQft9/neecGRdEaQzzzSFVQUVQzTdK1Q7hA7b55b2HvIa3ktDiks+sJsYN
-Dhm6uZM=
------END CERTIFICATE-----
diff --git a/vendor/github.com/google/s2a-go/internal/v2/tlsconfigstore/testdata/server_key.pem b/vendor/github.com/google/s2a-go/internal/v2/tlsconfigstore/testdata/server_key.pem
deleted file mode 100644
index 81afea783df..00000000000
--- a/vendor/github.com/google/s2a-go/internal/v2/tlsconfigstore/testdata/server_key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAorX749dD4zeGNgf+/QrhQRiXmWPOk0zWLnZ5Az6AWiiiNPzs
-8NJqmFN+zQ9fL89MCMcES8+Fak6mZBd8k1jOPBwK+DrqFuqS/779VNmIUsCwdqDO
-QTP4VEmpPkSrsbkUvLDWLNfW7HI83u0ARYQSDt6qyJpcPcKrz5Ng31yOKs94XtFk
-XzIUJgTGq9uj5hzpEvrHDX2JdVN9y1GBB7nzUpC4hjn8tejd1YMSKUV2wAMB7xcA
-Rw7rh6w7DSDVS9cueldITXnWRcEVvewof9mMJ5wNgwIgwRvixYtJuWRLEnmw1KZc
-gbjC2vZCeKLsJdmCdVitpAT8nKH40xAA26hJ0wIDAQABAoIBACaNR+lsD8G+XiZf
-LqN1+HkcAo9tfnyYMAdCOtnx7SdviT9Uzi8hK/B7mAeuJLeHPlS2EuaDfPD7QaFl
-jza6S+MiIdc+3kgfvESsVAnOoOY6kZUJ9NSuI6CU82y1iJjLaYZrv9NQMLRFPPb0
-4KOX709mosB1EnXvshW0rbc+jtDFhrm1SxMt+k9TuzmMxjbOeW4LOLXPgU8X1T3Q
-Xy0hMZZtcgBs9wFIo8yCtmOixax9pnFE8rRltgDxTodn9LLdz1FieyntNgDksZ0P
-nt4kV7Mqly7ELaea+Foaj244mKsesic2e3GhAlMRLun/VSunSf7mOCxfpITB8dp1
-drDhOYECgYEA19151dVxRcviuovN6Dar+QszMTnU8pDJ8BjLFjXjP/hNBBwMTHDE
-duMuWk2qnwZqMooI/shxrF/ufmTgS0CFrh2+ANBZu27vWConJNXcyNtdigI4wt50
-L0Y2qcZn2mg67qFXHwoR3QNwrwnPwEjRXA09at9CSRZzcwDQ0ETXhYsCgYEAwPaG
-06QdK8Zyly7TTzZJwxzv9uGiqzodmGtX6NEKjgij2JaCxHpukqZBJoqa0jKeK1cm
-eNVkOvT5ff9TMzarSHQLr3pZen2/oVLb5gaFkbcJt/klv9Fd+ZRilHY3i6QwS6pD
-uMiPOWS4DrLHDRVoVlAZTDjT1RVwwTs+P2NhJdkCgYEAsriXysbxBYyMp05gqEW7
-lHIFbFgpSrs9th+Q5U6wW6JEgYaHWDJ1NslY80MiZI93FWjbkbZ7BvBWESeL3EIL
-a+EMErht0pVCbIhZ6FF4foPAqia0wAJVx14mm+G80kNBp5jE/NnleEsE3KcO7nBb
-hg8gLn+x7bk81JZ0TDrzBYkCgYEAuQKluv47SeF3tSScTfKLPpvcKCWmxe1uutkQ
-7JShPhVioyOMNb39jnYBOWbjkm4d4QgqRuiytSR0oi3QI+Ziy5EYMyNn713qAk9j
-r2TJZDDPDKnBW+zt4YI4EohWMXk3JRUW4XDKggjjwJQA7bZ812TtHHvP/xoThfG7
-eSNb3eECgYBw6ssgCtMrdvQiEmjKVX/9yI38mvC2kSGyzbrQnGUfgqRGomRpeZuD
-B5E3kysA4td5pT5lvcLgSW0TbOz+YbiriXjwOihPIelCvc9gE2eOUI71/byUWPFz
-7u5F/xQ4NaGr5suLF+lBC6h7pSbM4El9lIHQAQadpuEdzHqrw+hs3g==
------END RSA PRIVATE KEY-----
diff --git a/vendor/github.com/google/s2a-go/testdata/client_cert.pem b/vendor/github.com/google/s2a-go/testdata/client_cert.pem
deleted file mode 100644
index 493a5a26481..00000000000
--- a/vendor/github.com/google/s2a-go/testdata/client_cert.pem
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID8TCCAtmgAwIBAgIUKXNlBRVe6UepjQUijIFPZBd/4qYwDQYJKoZIhvcNAQEL
-BQAwgYcxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTESMBAGA1UEBwwJU3Vubnl2
-YWxlMRAwDgYDVQQKDAdDb21wYW55MREwDwYDVQQLDAhEaXZpc2lvbjEWMBQGA1UE
-AwwNczJhX3Rlc3RfY2VydDEaMBgGCSqGSIb3DQEJARYLeHl6QHh5ei5jb20wHhcN
-MjIwNTMxMjAwMzE1WhcNNDIwNTI2MjAwMzE1WjCBhzELMAkGA1UEBhMCVVMxCzAJ
-BgNVBAgMAkNBMRIwEAYDVQQHDAlTdW5ueXZhbGUxEDAOBgNVBAoMB0NvbXBhbnkx
-ETAPBgNVBAsMCERpdmlzaW9uMRYwFAYDVQQDDA1zMmFfdGVzdF9jZXJ0MRowGAYJ
-KoZIhvcNAQkBFgt4eXpAeHl6LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-AQoCggEBAOOFuIucH7XXfohGxKd3uR/ihUA/LdduR9I8kfpUEbq5BOt8xZe5/Yn9
-a1ozEHVW6cOAbHbnwAR8tkSgZ/t42QIA2k77HWU1Jh2xiEIsJivo3imm4/kZWuR0
-OqPh7MhzxpR/hvNwpI5mJsAVBWFMa5KtecFZLnyZtwHylrRN1QXzuLrOxuKFufK3
-RKbTABScn5RbZL976H/jgfSeXrbt242NrIoBnVe6fRbekbq2DQ6zFArbQMUgHjHK
-P0UqBgdr1QmHfi9KytFyx9BTP3gXWnWIu+bY7/v7qKJMHFwGETo+dCLWYevJL316
-HnLfhApDMfP8U+Yv/y1N/YvgaSOSlEcCAwEAAaNTMFEwHQYDVR0OBBYEFKhAU4nu
-0h/lrnggbIGvx4ej0WklMB8GA1UdIwQYMBaAFKhAU4nu0h/lrnggbIGvx4ej0Wkl
-MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAE/6NghzQ5fu6yR6
-EHKbj/YMrFdT7aGn5n2sAf7wJ33LIhiFHkpWBsVlm7rDtZtwhe891ZK/P60anlg9
-/P0Ua53tSRVRmCvTnEbXWOVMN4is6MsR7BlmzUxl4AtIn7jbeifEwRL7B4xDYmdA
-QrQnsqoz45dLgS5xK4WDqXATP09Q91xQDuhud/b+A4jrvgwFASmL7rMIZbp4f1JQ
-nlnl/9VoTBQBvJiWkDUtQDMpRLtauddEkv4AGz75p5IspXWD6cOemuh2iQec11xD
-X20rs2WZbAcAiUa3nmy8OKYw435vmpj8gp39WYbX/Yx9TymrFFbVY92wYn+quTco
-pKklVz0=
------END CERTIFICATE-----
diff --git a/vendor/github.com/google/s2a-go/testdata/client_key.pem b/vendor/github.com/google/s2a-go/testdata/client_key.pem
deleted file mode 100644
index 55a7f10c742..00000000000
--- a/vendor/github.com/google/s2a-go/testdata/client_key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEA44W4i5wftdd+iEbEp3e5H+KFQD8t125H0jyR+lQRurkE63zF
-l7n9if1rWjMQdVbpw4BsdufABHy2RKBn+3jZAgDaTvsdZTUmHbGIQiwmK+jeKabj
-+Rla5HQ6o+HsyHPGlH+G83CkjmYmwBUFYUxrkq15wVkufJm3AfKWtE3VBfO4us7G
-4oW58rdEptMAFJyflFtkv3vof+OB9J5etu3bjY2sigGdV7p9Ft6RurYNDrMUCttA
-xSAeMco/RSoGB2vVCYd+L0rK0XLH0FM/eBdadYi75tjv+/uookwcXAYROj50ItZh
-68kvfXoect+ECkMx8/xT5i//LU39i+BpI5KURwIDAQABAoIBABgyjo/6iLzUMFbZ
-/+w3pW6orrdIgN2akvTfED9pVYFgUA+jc3hRhY95bkNnjuaL2cy7Cc4Tk65mfRQL
-Y0OxdJLr+EvSFSxAXM9npDA1ddHRsF8JqtFBSxNk8R+g1Yf0GDiO35Fgd3/ViWWA
-VtQkRoSRApP3oiQKTRZd8H04keFR+PvmDk/Lq11l3Kc24A1PevKIPX1oI990ggw9
-9i4uSV+cnuMxmcI9xxJtgwdDFdjr39l2arLOHr4s6LGoV2IOdXHNlv5xRqWUZ0FH
-MDHowkLgwDrdSTnNeaVNkce14Gqx+bd4hNaLCdKXMpedBTEmrut3f3hdV1kKjaKt
-aqRYr8ECgYEA/YDGZY2jvFoHHBywlqmEMFrrCvQGH51m5R1Ntpkzr+Rh3YCmrpvq
-xgwJXING0PUw3dz+xrH5lJICrfNE5Kt3fPu1rAEy+13mYsNowghtUq2Rtu0Hsjjx
-2E3Bf8vEB6RNBMmGkUpTTIAroGF5tpJoRvfnWax+k4pFdrKYFtyZdNcCgYEA5cNv
-EPltvOobjTXlUmtVP3n27KZN2aXexTcagLzRxE9CV4cYySENl3KuOMmccaZpIl6z
-aHk6BT4X+M0LqElNUczrInfVqI+SGAFLGy7W6CJaqSr6cpyFUP/fosKpm6wKGgLq
-udHfpvz5rckhKd8kJxFLvhGOK9yN5qpzih0gfhECgYAJfwRvk3G5wYmYpP58dlcs
-VIuPenqsPoI3PPTHTU/hW+XKnWIhElgmGRdUrto9Q6IT/Y5RtSMLTLjq+Tzwb/fm
-56rziYv2XJsfwgAvnI8z1Kqrto9ePsHYf3krJ1/thVsZPc9bq/QY3ohD1sLvcuaT
-GgBBnLOVJU3a12/ZE2RwOwKBgF0csWMAoj8/5IB6if+3ral2xOGsl7oPZVMo/J2V
-Z7EVqb4M6rd/pKFugTpUQgkwtkSOekhpcGD1hAN5HTNK2YG/+L5UMAsKe9sskwJm
-HgOfAHy0BSDzW3ey6i9skg2bT9Cww+0gJ3Hl7U1HSCBO5LjMYpSZSrNtwzfqdb5Q
-BX3xAoGARZdR28Ej3+/+0+fz47Yu2h4z0EI/EbrudLOWY936jIeAVwHckI3+BuqH
-qR4poj1gfbnMxNuI9UzIXzjEmGewx9kDZ7IYnvloZKqoVQODO5GlKF2ja6IcMNlh
-GCNdD6PSAS6HcmalmWo9sj+1YMkrl+GJikKZqVBHrHNwMGAG67w=
------END RSA PRIVATE KEY-----
diff --git a/vendor/github.com/google/s2a-go/testdata/mds_client_cert.pem b/vendor/github.com/google/s2a-go/testdata/mds_client_cert.pem
deleted file mode 100644
index 60c4cf06915..00000000000
--- a/vendor/github.com/google/s2a-go/testdata/mds_client_cert.pem
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDCDCCAfACFFlYsYCFit01ZpYmfjxpo7/6wMEbMA0GCSqGSIb3DQEBCwUAMEgx
-CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEPMA0GA1UECgwGR29vZ2xlMRswGQYD
-VQQDDBJ0ZXN0LXMyYS1tdGxzLXJvb3QwHhcNMjMwODIyMTY0NTE4WhcNNDMwODIy
-MTY0NTE4WjA5MQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExHTAbBgNVBAMMFHRl
-c3QtczJhLW10bHMtY2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
-AQEAqrQQMyxNtmdCB+uY3szgRsfPrKC+TV9Fusnd8PfaCVuGTGcSBKM018nV2TDn
-3IYFQ1HgLpGwGwOFDBb3y0o9i2/l2VJySriX1GSNX6nDmVasQlO1wuOLCP7/LRmO
-7b6Kise5W0IFhYaptKyWnekn2pS0tAjimqpfn2w0U6FDGtQUqg/trQQmGtTSJHjb
-A+OFd0EFC18KGP8Q+jOMaMkJRmpeEiAPyHPDoMhqQNT26RApv9j2Uzo4SuXzHH6T
-cAdm1+zG+EXY/UZKX9oDkSbwIJvN+gCmNyORLalJ12gsGYOCjMd8K0mlXBqrmmbO
-VHVbUm9062lhE7x59AA8DK4DoQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCPOvtL
-dq2hxFHlIy0YUK8jp/DtwJZPwzx1id5FtWwd0CxBS1StIgmkHMxtkJGz1iyQLplI
-je+Msd4sTsb5zZi/8kGKehi8Wj4lghp4oP30cpob41OvM68M9RC/wSOVk9igSww+
-l3zof6wKRIswsi5VHrL16ruIVVoDlyFbKr8yk+cp9OPOV8hNNN7ewY9xC8OgnTt8
-YtdaLe6uTplKBLW+j3GtshigRhyfkGJyPFYL4LAeDJCHlC1qmBnkyP0ijMp6vneM
-E8TLavnMTMcpihWTWpyKeRkO6HDRsP4AofQAp7VAiAdSOplga+w2qgrVICV+m8MK
-BTq2PBvc59T6OFLq
------END CERTIFICATE-----
diff --git a/vendor/github.com/google/s2a-go/testdata/mds_client_key.pem b/vendor/github.com/google/s2a-go/testdata/mds_client_key.pem
deleted file mode 100644
index 9d112d1e9ff..00000000000
--- a/vendor/github.com/google/s2a-go/testdata/mds_client_key.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCqtBAzLE22Z0IH
-65jezOBGx8+soL5NX0W6yd3w99oJW4ZMZxIEozTXydXZMOfchgVDUeAukbAbA4UM
-FvfLSj2Lb+XZUnJKuJfUZI1fqcOZVqxCU7XC44sI/v8tGY7tvoqKx7lbQgWFhqm0
-rJad6SfalLS0COKaql+fbDRToUMa1BSqD+2tBCYa1NIkeNsD44V3QQULXwoY/xD6
-M4xoyQlGal4SIA/Ic8OgyGpA1PbpECm/2PZTOjhK5fMcfpNwB2bX7Mb4Rdj9Rkpf
-2gORJvAgm836AKY3I5EtqUnXaCwZg4KMx3wrSaVcGquaZs5UdVtSb3TraWETvHn0
-ADwMrgOhAgMBAAECggEAUccupZ1ZY4OHTi0PkNk8rpwFwTFGyeFVEf2ofkr24RnA
-NnUAXEllxOUUNlcoFOz9s3kTeavg3qgqgpa0QmdAIb9LMXg+ec6CKkW7trMpGho8
-LxBUWNfSoU4sKEqAvyPT0lWJVo9D/up6/avbAi6TIbOw+Djzel4ZrlHTpabxc3WT
-EilXzn4q54b3MzxCQeQjcnzTieW4Q5semG2kLiXFToHIY2di01P/O8awUjgrD+uW
-/Cb6H49MnHm9VPkqea1iwZeMQd6Gh5FrC7RezsBjdB1JBcfsv6PFt2ySInjB8SF+
-XR5Gr3Cc5sh9s0LfprZ9Dq0rlSWmwasPMI1COK6SswKBgQDczgeWd3erQ1JX9LEI
-wollawqC9y7uJhEsw1hrPqA3uqZYiLUc7Nmi4laZ12mcGoXNDS3R3XmD58qGmGaU
-lxEVTb8KDVWBgw450VoBKzSMQnCP6zn4nZxTYxeqMKjDGf6TRB6TZc843qsG3eRC
-k91yxrCQ/0HV6PT48C+lieDzLwKBgQDF6aNKiyrswr457undBnM1H8q/Y6xC5ZlK
-UtiQdhuyBnicvz0U8WPxBY/8gha0OXWuSnBqq/z77iFVNv/zT6p9K7kM7nBGd8cB
-8KO6FNbyaHWFrhCI5zNzRTH4oha0hfvUOoti09vqavCtWD4L+D/63ba1wNLKPO9o
-4gWbCnUCLwKBgQC/vus372csgrnvR761LLrEJ8BpGt7WUJh5luoht7DKtHvgRleB
-Vu1oVcV+s2Iy/ZVUDC3OIdZ0hcWKPK5YOxfKuEk+IXYvke+4peTTPwHTC59UW6Fs
-FPK8N0FFuhvT0a8RlAY5WiAp8rPysp6WcnHMSl7qi8BQUozp4Sp/RsziYQKBgBXv
-r4mzoy5a53rEYGd/L4XT4EUWZyGDEVqLlDVu4eL5lKTLDZokp08vrqXuRVX0iHap
-CYzJQ2EpI8iuL/BoBB2bmwcz5n3pCMXORld5t9lmeqA2it6hwbIlGUTVsm6P6zm6
-w3hQwy9YaxTLkxUAjxbfPEEo/jQsTNzzMGve3NlBAoGAbgJExpDyMDnaD2Vi5eyr
-63b54BsqeLHqxJmADifyRCj7G1SJMm3zMKkNNOS0vsXgoiId973STFf1XQiojiv8
-Slbxyv5rczcY0n3LOuQYcM5OzsjzpNFZsT2dDnMfNRUF3rx3Geu/FuJ9scF1b00r
-fVMrcL3jSf/W1Xh4TgtyoU8=
------END PRIVATE KEY-----
diff --git a/vendor/github.com/google/s2a-go/testdata/mds_root_cert.pem b/vendor/github.com/google/s2a-go/testdata/mds_root_cert.pem
deleted file mode 100644
index 44e436f6ec7..00000000000
--- a/vendor/github.com/google/s2a-go/testdata/mds_root_cert.pem
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDcTCCAlmgAwIBAgIUDUkgI+2FZtuUHyUUi0ZBH7JvN00wDQYJKoZIhvcNAQEL
-BQAwSDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQ8wDQYDVQQKDAZHb29nbGUx
-GzAZBgNVBAMMEnRlc3QtczJhLW10bHMtcm9vdDAeFw0yMzA4MjEyMTI5MTVaFw00
-MzA4MjEyMTI5MTVaMEgxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEPMA0GA1UE
-CgwGR29vZ2xlMRswGQYDVQQDDBJ0ZXN0LXMyYS1tdGxzLXJvb3QwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbFEQfpvla27bATedrN4BAWsI9GSwSnJLW
-QWzXcnAk6cKxQBAhnaKHRxHY8ttLhNTtxQeub894CLzJvHE/0xDhuMzjtCCCZ7i2
-r08tKZ1KcEzPJCPNlxlzAXPA45XU3LRlbGvju/PBPhm6n1hCEKTNI/KETJ5DEaYg
-Cf2LcXVsl/zW20MwDZ+e2w/9a2a6n6DdpW1ekOR550hXAUOIxvmXRBeYeGLFvp1n
-rQgZBhRaxP03UB+PQD2oMi/4mfsS96uGCXdzzX8qV46O8m132HUbnA/wagIwboEe
-d7Bx237dERDyHw5GFnll7orgA0FOtoEufXdeQxWVvTjO0+PVPgsvAgMBAAGjUzBR
-MB0GA1UdDgQWBBRyMtg/yutV8hw8vOq0i8x0eBQi7DAfBgNVHSMEGDAWgBRyMtg/
-yutV8hw8vOq0i8x0eBQi7DAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUA
-A4IBAQArN/gdqWMxd5Rvq2eJMTp6I4RepJOT7Go4sMsRsy1caJqqcoS2EvREDZMN
-XNEBcyQBB5kYd6TCcZGoLnEtWYXQ4jjEiXG1g7/+rWxyqw0ZYuP7FWzuHg3Uor/x
-fApbEKwptP5ywVc+33h4qreGcqXkVCCn+sAcstGgrqubdGZW2T5gazUMyammOOuN
-9IWL1PbvXmgEKD+80NUIrk09zanYyrElGdU/zw/kUbZ3Jf6WUBtJGhTzRQ1qZeKa
-VnpCbLoG3vObEB8mxDUAlIzwAtfvw4U32BVIZA8xrocz6OOoAnSW1bTlo3EOIo/G
-MTV7jmY9TBPtfhRuO/cG650+F+cw
------END CERTIFICATE-----
diff --git a/vendor/github.com/google/s2a-go/testdata/mds_server_cert.pem b/vendor/github.com/google/s2a-go/testdata/mds_server_cert.pem
deleted file mode 100644
index 68c60613458..00000000000
--- a/vendor/github.com/google/s2a-go/testdata/mds_server_cert.pem
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDbjCCAlagAwIBAgIUbexZ5sZl86Al9dsI2PkOgtqKnkgwDQYJKoZIhvcNAQEL
-BQAwSDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQ8wDQYDVQQKDAZHb29nbGUx
-GzAZBgNVBAMMEnRlc3QtczJhLW10bHMtcm9vdDAeFw0yMzA4MjIwMDMyMDRaFw00
-MzA4MjIwMDMyMDRaMDkxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEdMBsGA1UE
-AwwUdGVzdC1zMmEtbXRscy1zZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQCMEzybsGPqfh92GLwy43mt8kQDF3ztr8y06RwU1hVnY7QqYK4obpvh
-HkJVnTz9gwNBF3n5nUalqRzactlf2PCydN9oSYNCO8svVmo7vw1CleKAKFAiV5Qn
-H76QlqD15oJreh7nSM8R4qj5KukIHvt0cN0gD6CJQzIURDtsKJwkW3yQjYyT/FAK
-GYtFrB6buDn3Eg3Hsw6z7uj7CzLBsSl7BIGrQILbpbI9nFNT3rUTUhXZKY/3UtJA
-Ob66AjTmMbD16RGYZR4JsPx6CstheifJ6YSI79r5KgD37zX0jMXFWimvb2SmZmFe
-LoohtC8K7uTyjm/dROx6nHXdDt5TQYXHAgMBAAGjXzBdMBsGA1UdEQQUMBKHEAAA
-AAAAAAAAAAAAAAAAAAAwHQYDVR0OBBYEFI3i2+tIk6YYn0MIxC0q93jk1VsUMB8G
-A1UdIwQYMBaAFHIy2D/K61XyHDy86rSLzHR4FCLsMA0GCSqGSIb3DQEBCwUAA4IB
-AQAUhk+s/lrIAULBbU7E22C8f93AzTxE1mhyHGNlfPPJP3t1Dl+h4X4WkFpkz5gT
-EcNXB//Vvoq99HbEK5/92sxsIPexKdJBdcggeHXIgLDkOrEZEb0Nnh9eaAuU2QDn
-JW44hMB+aF6mEaJvOHE6DRkQw3hwFYFisFKKHtlQ3TyOhw5CHGzSExPZusdSFNIe
-2E7V/0QzGPJEFnEFUNe9N8nTH2P385Paoi+5+Iizlp/nztVXfzv0Cj/i+qGgtDUs
-HB+gBU2wxMw8eYyuNzACH70wqGR1Parj8/JoyYhx0S4+Gjzy3JH3CcAMaxyfH/dI
-4Wcvfz/isxgmH1UqIt3oc6ad
------END CERTIFICATE-----
diff --git a/vendor/github.com/google/s2a-go/testdata/mds_server_key.pem b/vendor/github.com/google/s2a-go/testdata/mds_server_key.pem
deleted file mode 100644
index b14ad0f724e..00000000000
--- a/vendor/github.com/google/s2a-go/testdata/mds_server_key.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCMEzybsGPqfh92
-GLwy43mt8kQDF3ztr8y06RwU1hVnY7QqYK4obpvhHkJVnTz9gwNBF3n5nUalqRza
-ctlf2PCydN9oSYNCO8svVmo7vw1CleKAKFAiV5QnH76QlqD15oJreh7nSM8R4qj5
-KukIHvt0cN0gD6CJQzIURDtsKJwkW3yQjYyT/FAKGYtFrB6buDn3Eg3Hsw6z7uj7
-CzLBsSl7BIGrQILbpbI9nFNT3rUTUhXZKY/3UtJAOb66AjTmMbD16RGYZR4JsPx6
-CstheifJ6YSI79r5KgD37zX0jMXFWimvb2SmZmFeLoohtC8K7uTyjm/dROx6nHXd
-Dt5TQYXHAgMBAAECggEAIB5zGdIG/yh/Z1GBqfuOFaxFGx5iJ5BVlLAVH9P9IXFz
-yPnVRXEjbinFlSMSbqEBeIX9EpcVMXxHIPIP1RIGEy2IYr3kiqXyT771ahDDZh6/
-Spqz0UQatSPqyvW3H9uE0Uc12dvQm23JSCUmPRX5m7gbhDQBIChXzdzdcU4Yi59V
-4xmJUvbsAcLw5CBM6kwV+1NGVH9+3mUdhrr9M6B6+sVB/xnaqMGEDfQGiwL8U7EY
-QOuc46KXu3Pd/qCdVLn60IrdjSzDJKeC5UZZ+ejNAo+DfbtOovBj3qu3OCUg4XVy
-0CDBJ1sTdLvUfF4Gb+crjPsd+qBbXcjVfqdadwhsoQKBgQDBF1Pys/NitW8okJwp
-2fiDIASP3TiI+MthWHGyuoZGPvmXQ3H6iuLSm8c/iYI2WPTf53Xff1VcFm1GmQms
-GCsYM8Ax94zCeO6Ei1sYYxwcBloEZfOeV37MPA4pjJF4Lt+n5nveNxP+lrsjksJz
-wToSEgWPDT1b/xcdt4/5j9J85wKBgQC5tiLx+33mwH4DoaFRmSl0+VuSNYFw6DTQ
-SQ+kWqWGH4NENc9wf4Dj2VUZQhpXNhXVSxj+aP2d/ck1NrTJAWqYEXCDtFQOGSa2
-cGPRr+Fhy5NIEaEvR7IXcMBZzx3koYmWVBHricyrXs5FvHrT3N14mGDUG8n24U3f
-R799bau0IQKBgQC97UM+lHCPJCWNggiJRgSifcje9VtZp1btjoBvq/bNe74nYkjn
-htsrC91Fiu1Qpdlfr50K1IXSyaB886VG6JLjAGxI+dUzqJ38M9LLvxj0G+9JKjsi
-AbAQFfZcOg8QZxLJZPVsE0MQhZTXndC06VhEVAOxvPUg214Sde8hK61/+wKBgCRw
-O10VhnePT2pw/VEgZ0T/ZFtEylgYB7zSiRIrgwzVBBGPKVueePC8BPmGwdpYz2Hh
-cU8B1Ll6QU+Co2hJMdwSl+wPpup5PuJPHRbYlrV0lzpt0x2OyL/WrLcyb2Ab3f40
-EqwPhqwdVwXR3JvTW1U9OMqFhVQ+kuP7lPQMX8NhAoGBAJOgZ7Tokipc4Mi68Olw
-SCaOPvjjy4sW2rTRuKyjc1wTAzy7SJ3vXHfGkkN99nTLJFwAyJhWUpnRdwAXGi+x
-gyOa95ImsEfRSwEjbluWfF8/P0IU8GR+ZTqT4NnNCOsi8T/xst4Szd1ECJNnnZDe
-1ChfPP1AH+/75MJCvu6wQBQv
------END PRIVATE KEY-----
diff --git a/vendor/github.com/google/s2a-go/testdata/self_signed_cert.pem b/vendor/github.com/google/s2a-go/testdata/self_signed_cert.pem
deleted file mode 100644
index ad1bad59845..00000000000
--- a/vendor/github.com/google/s2a-go/testdata/self_signed_cert.pem
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDITCCAgkCFBS8mLoytMpMWBwpAtnRaq3eIKnsMA0GCSqGSIb3DQEBCwUAME0x
-CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTENMAsGA1UECgwEVGVzdDEiMCAGA1UE
-AwwZdGVzdC1zMmEtbXRscy1zZWxmLXNpZ25lZDAeFw0yMzA4MjIyMTE2MDFaFw00
-MzA4MjIyMTE2MDFaME0xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTENMAsGA1UE
-CgwEVGVzdDEiMCAGA1UEAwwZdGVzdC1zMmEtbXRscy1zZWxmLXNpZ25lZDCCASIw
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKFFPsYasKZeCFLEXl3RpE/ZOXFe
-2lhutIalSpZvCmso+mQGoZ4cHK7At+kDjBi5CrnXkYcw7quQAhHgU0frhWdj7tsW
-HUUtq7T8eaGWKBnVD9fl+MjtAl1BmhXwV9qRBbj4EesSKGDSGpKf66dOtzw83JbB
-cU7XlPAH1c1zo2GXC1himcZ+SVGHVrOjn4NmeFs8g94/Dke8dWkHwv5YTMVugFK4
-5KxKgSOKkr4ka7PCBzgxCnW4wYSZNRHcxrqkiArO2HAQq0ACr7u+fVDYH//9mP2Z
-ADo/zch7O5yhkiNbjXJIRrptDWEuVYMRloYDhT773h7bV/Q0Wo0NQGtasJ8CAwEA
-ATANBgkqhkiG9w0BAQsFAAOCAQEAPjbH0TMyegF/MDvglkc0sXr6DqlmTxDCZZmG
-lYPZ5Xy062+rxIHghMARbvO4BxepiG37KsP2agvOldm4TtU8nQ8LyswmSIFm4BQ+
-XQWwdsWyYyd8l0d5sXAdaN6AXwy50fvqCepmEqyreMY6dtLzlwo9gVCBFB7QuAPt
-Nc14phpEUZt/KPNuY6cUlB7bz3tmnFbwxUrWj1p0KBEYsr7+KEVZxR+z0wtlU7S9
-ZBrmUvx0fq5Ef7JWtHW0w4ofg1op742sdYl+53C26GZ76ts4MmqVz2/94DScgRaU
-gT0GLVuuCZXRDVeTXqTb4mditRCfzFPe9cCegYhGhSqBs8yh5A==
------END CERTIFICATE-----
diff --git a/vendor/github.com/google/s2a-go/testdata/self_signed_key.pem b/vendor/github.com/google/s2a-go/testdata/self_signed_key.pem
deleted file mode 100644
index bcf08e4f12f..00000000000
--- a/vendor/github.com/google/s2a-go/testdata/self_signed_key.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQChRT7GGrCmXghS
-xF5d0aRP2TlxXtpYbrSGpUqWbwprKPpkBqGeHByuwLfpA4wYuQq515GHMO6rkAIR
-4FNH64VnY+7bFh1FLau0/HmhligZ1Q/X5fjI7QJdQZoV8FfakQW4+BHrEihg0hqS
-n+unTrc8PNyWwXFO15TwB9XNc6NhlwtYYpnGfklRh1azo5+DZnhbPIPePw5HvHVp
-B8L+WEzFboBSuOSsSoEjipK+JGuzwgc4MQp1uMGEmTUR3Ma6pIgKzthwEKtAAq+7
-vn1Q2B///Zj9mQA6P83IezucoZIjW41ySEa6bQ1hLlWDEZaGA4U++94e21f0NFqN
-DUBrWrCfAgMBAAECggEAR8e8YwyqJ8KezcgdgIC5M9kp2i4v3UCZFX0or8CI0J2S
-pUbWVLuKgLXCpfIwPyjNf15Vpei/spkMcsx4BQDthdFTFSzIpmvni0z9DlD5VFYj
-ESOJElV7wepbHPy2/c+izmuL/ic81aturGiFyRgeMq+cN3WuaztFTXkPTrzzsZGF
-p/Mx3gqm7Hoc3d2xlv+8L5GjCtEJPlQgZJV+s3ennBjOAd8CC7d9qJetE3Er46pn
-r5jedV3bQRZYBzmooYNHjbAs26++wYac/jTE0/U6nKS17eWq4BQZUtlMXUw5N81B
-7LKn7C03rj2KCn+Nf5uin9ALmoy888LXCDdvL/NZkQKBgQDduv1Heu+tOZuNYUdQ
-Hswmd8sVNAAWGZxdxixHMv58zrgbLFXSX6K89X2l5Sj9XON8TH46MuSFdjSwwWw5
-fBrhVEhA5srcqpvVWIBE05yqPpt0s1NQktMWJKELWlG8jOhVKwM5OYDpdxtwehpz
-1g70XJz+nF/LTV8RdTK+OWDDpQKBgQC6MhdbGHUz/56dY3gZpE5TXnN2hkNbZCgk
-emr6z85VHhQflZbedhCzB9PUnZnCKWOGQHQdxRTtRfd46LVboZqCdYO1ZNQv6toP
-ysS7dTpZZFy7CpQaW0Y6/jS65jW6xIDKR1W40vgltZ3sfpG37JaowpzWdw2WuOnw
-Bg0rcJAf8wKBgQCqE+p/z97UwuF8eufWnyj9QNo382E1koOMspv4KTdnyLETtthF
-vDH6O1wbykG8xmmASLRyM+NyNA+KnXNETNvZh2q8zctBpGRQK8iIAsGjHM7ln0AD
-B/x+ea5GJQuZU4RK/+lDFca6TjBwAFkWDVX/PqL18kDQkxKfM4SuwRhmOQKBgDGh
-eoJIsa0LnP787Z2AI3Srf4F/ZmLs/ppCm1OBotEjdF+64v0nYWonUvqgi8SqfaHi
-elEZIGvis4ViGj1zhRjzNAlc+AZRxpBhDzGcnNIJI4Kj3jhsTfsZmXqcNIQ1LtM8
-Uogyi/yZPaA1WKg7Aym2vlGYaGHdplXZdxc2KOSrAoGABRkD9l2OVcwK7RyNgFxo
-mjxx0tfUdDBhHIi2igih1FiHpeP9E+4/kE/K7PnU9DoDrL1jW1MTpXaYV4seOylk
-k9z/9QfcRa9ePD2N4FqbHWSYp5n3aLoIcGq/9jyjTwayZbbIhWO+vNuHE9wIvecZ
-8x3gNkxJRb4NaLIoNzAhCoo=
------END PRIVATE KEY-----
diff --git a/vendor/github.com/google/s2a-go/testdata/server_cert.pem b/vendor/github.com/google/s2a-go/testdata/server_cert.pem
deleted file mode 100644
index 0f98322c724..00000000000
--- a/vendor/github.com/google/s2a-go/testdata/server_cert.pem
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID8TCCAtmgAwIBAgIUKCoDuLtiZXvhsBY2RoDm0ugizJ8wDQYJKoZIhvcNAQEL
-BQAwgYcxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTESMBAGA1UEBwwJU3Vubnl2
-YWxlMRAwDgYDVQQKDAdDb21wYW55MREwDwYDVQQLDAhEaXZpc2lvbjEWMBQGA1UE
-AwwNczJhX3Rlc3RfY2VydDEaMBgGCSqGSIb3DQEJARYLeHl6QHh5ei5jb20wHhcN
-MjIwNTMxMjAwODI1WhcNNDIwNTI2MjAwODI1WjCBhzELMAkGA1UEBhMCVVMxCzAJ
-BgNVBAgMAkNBMRIwEAYDVQQHDAlTdW5ueXZhbGUxEDAOBgNVBAoMB0NvbXBhbnkx
-ETAPBgNVBAsMCERpdmlzaW9uMRYwFAYDVQQDDA1zMmFfdGVzdF9jZXJ0MRowGAYJ
-KoZIhvcNAQkBFgt4eXpAeHl6LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-AQoCggEBAKK1++PXQ+M3hjYH/v0K4UEYl5ljzpNM1i52eQM+gFooojT87PDSaphT
-fs0PXy/PTAjHBEvPhWpOpmQXfJNYzjwcCvg66hbqkv++/VTZiFLAsHagzkEz+FRJ
-qT5Eq7G5FLyw1izX1uxyPN7tAEWEEg7eqsiaXD3Cq8+TYN9cjirPeF7RZF8yFCYE
-xqvbo+Yc6RL6xw19iXVTfctRgQe581KQuIY5/LXo3dWDEilFdsADAe8XAEcO64es
-Ow0g1UvXLnpXSE151kXBFb3sKH/ZjCecDYMCIMEb4sWLSblkSxJ5sNSmXIG4wtr2
-Qnii7CXZgnVYraQE/Jyh+NMQANuoSdMCAwEAAaNTMFEwHQYDVR0OBBYEFAyQQQuM
-ab+YUQqjK8dVVOoHVFmXMB8GA1UdIwQYMBaAFAyQQQuMab+YUQqjK8dVVOoHVFmX
-MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBADj0vQ6ykWhicoqR
-e6VZMwlEJV7/DSvWWKBd9MUjfKye0A4565ya5lmnzP3DiD3nqGe3miqmLsXKDs+X
-POqlPXTWIamP7D4MJ32XtSLwZB4ru+I+Ao/P/VngPepoRPQoBnzHe7jww0rokqxl
-AZERjlbTUwUAy/BPWPSzSJZ2j0tcs6ZLDNyYzpK4ao8R9/1VmQ92Tcp3feJs1QTg
-odRQc3om/AkWOwsll+oyX0UbJeHkFHiLanUPXbdh+/BkSvZJ8ynL+feSDdaurPe+
-PSfnqLtQft9/neecGRdEaQzzzSFVQUVQzTdK1Q7hA7b55b2HvIa3ktDiks+sJsYN
-Dhm6uZM=
------END CERTIFICATE-----
diff --git a/vendor/github.com/google/s2a-go/testdata/server_key.pem b/vendor/github.com/google/s2a-go/testdata/server_key.pem
deleted file mode 100644
index 81afea783df..00000000000
--- a/vendor/github.com/google/s2a-go/testdata/server_key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAorX749dD4zeGNgf+/QrhQRiXmWPOk0zWLnZ5Az6AWiiiNPzs
-8NJqmFN+zQ9fL89MCMcES8+Fak6mZBd8k1jOPBwK+DrqFuqS/779VNmIUsCwdqDO
-QTP4VEmpPkSrsbkUvLDWLNfW7HI83u0ARYQSDt6qyJpcPcKrz5Ng31yOKs94XtFk
-XzIUJgTGq9uj5hzpEvrHDX2JdVN9y1GBB7nzUpC4hjn8tejd1YMSKUV2wAMB7xcA
-Rw7rh6w7DSDVS9cueldITXnWRcEVvewof9mMJ5wNgwIgwRvixYtJuWRLEnmw1KZc
-gbjC2vZCeKLsJdmCdVitpAT8nKH40xAA26hJ0wIDAQABAoIBACaNR+lsD8G+XiZf
-LqN1+HkcAo9tfnyYMAdCOtnx7SdviT9Uzi8hK/B7mAeuJLeHPlS2EuaDfPD7QaFl
-jza6S+MiIdc+3kgfvESsVAnOoOY6kZUJ9NSuI6CU82y1iJjLaYZrv9NQMLRFPPb0
-4KOX709mosB1EnXvshW0rbc+jtDFhrm1SxMt+k9TuzmMxjbOeW4LOLXPgU8X1T3Q
-Xy0hMZZtcgBs9wFIo8yCtmOixax9pnFE8rRltgDxTodn9LLdz1FieyntNgDksZ0P
-nt4kV7Mqly7ELaea+Foaj244mKsesic2e3GhAlMRLun/VSunSf7mOCxfpITB8dp1
-drDhOYECgYEA19151dVxRcviuovN6Dar+QszMTnU8pDJ8BjLFjXjP/hNBBwMTHDE
-duMuWk2qnwZqMooI/shxrF/ufmTgS0CFrh2+ANBZu27vWConJNXcyNtdigI4wt50
-L0Y2qcZn2mg67qFXHwoR3QNwrwnPwEjRXA09at9CSRZzcwDQ0ETXhYsCgYEAwPaG
-06QdK8Zyly7TTzZJwxzv9uGiqzodmGtX6NEKjgij2JaCxHpukqZBJoqa0jKeK1cm
-eNVkOvT5ff9TMzarSHQLr3pZen2/oVLb5gaFkbcJt/klv9Fd+ZRilHY3i6QwS6pD
-uMiPOWS4DrLHDRVoVlAZTDjT1RVwwTs+P2NhJdkCgYEAsriXysbxBYyMp05gqEW7
-lHIFbFgpSrs9th+Q5U6wW6JEgYaHWDJ1NslY80MiZI93FWjbkbZ7BvBWESeL3EIL
-a+EMErht0pVCbIhZ6FF4foPAqia0wAJVx14mm+G80kNBp5jE/NnleEsE3KcO7nBb
-hg8gLn+x7bk81JZ0TDrzBYkCgYEAuQKluv47SeF3tSScTfKLPpvcKCWmxe1uutkQ
-7JShPhVioyOMNb39jnYBOWbjkm4d4QgqRuiytSR0oi3QI+Ziy5EYMyNn713qAk9j
-r2TJZDDPDKnBW+zt4YI4EohWMXk3JRUW4XDKggjjwJQA7bZ812TtHHvP/xoThfG7
-eSNb3eECgYBw6ssgCtMrdvQiEmjKVX/9yI38mvC2kSGyzbrQnGUfgqRGomRpeZuD
-B5E3kysA4td5pT5lvcLgSW0TbOz+YbiriXjwOihPIelCvc9gE2eOUI71/byUWPFz
-7u5F/xQ4NaGr5suLF+lBC6h7pSbM4El9lIHQAQadpuEdzHqrw+hs3g==
------END RSA PRIVATE KEY-----
diff --git a/vendor/github.com/valyala/fasthttp/examples/README.md b/vendor/github.com/valyala/fasthttp/examples/README.md
deleted file mode 100644
index b0535a7504e..00000000000
--- a/vendor/github.com/valyala/fasthttp/examples/README.md
+++ /dev/null
@@ -1,4 +0,0 @@
-# Code examples
-
-* [HelloWorld server](helloworldserver)
-* [Static file server](fileserver)
diff --git a/vendor/github.com/valyala/fasthttp/examples/client/Makefile b/vendor/github.com/valyala/fasthttp/examples/client/Makefile
deleted file mode 100644
index d2844fb6e0d..00000000000
--- a/vendor/github.com/valyala/fasthttp/examples/client/Makefile
+++ /dev/null
@@ -1,6 +0,0 @@
-client: clean
- go get -u github.com/valyala/fasthttp
- go build
-
-clean:
- rm -f client
diff --git a/vendor/github.com/valyala/fasthttp/examples/client/README.md b/vendor/github.com/valyala/fasthttp/examples/client/README.md
deleted file mode 100644
index cef2d353611..00000000000
--- a/vendor/github.com/valyala/fasthttp/examples/client/README.md
+++ /dev/null
@@ -1,21 +0,0 @@
-# Client Example
-
-The Client is useful when working with multiple hostnames.
-
-See the simplest `sendGetRequest()` for GET and more advanced `sendPostRequest()` for a POST request.
-
-The `sendPostRequest()` also shows:
-* Per-request timeout with `DoTimeout()`
-* Send a body as bytes slice with `SetBodyRaw()`. This is useful if you generated a request body. Otherwise, prefer `SetBody()` which copies it.
-* Parse JSON from response
-* Gracefully show error messages i.e. timeouts as warnings and other errors as a failures with detailed error messages.
-
-## How to build and run
-Start a web server on localhost:8080 then execute:
-
- make
- ./client
-
-## Client vs HostClient
-Internally the Client creates a dedicated HostClient for each domain/IP address and cleans unused after period of time.
-So if you have a single heavily loaded API endpoint it's better to use HostClient. See an example in the [examples/host_client](../host_client/)
diff --git a/vendor/github.com/valyala/fasthttp/examples/client/client.go b/vendor/github.com/valyala/fasthttp/examples/client/client.go
deleted file mode 100644
index 617fd125d1a..00000000000
--- a/vendor/github.com/valyala/fasthttp/examples/client/client.go
+++ /dev/null
@@ -1,132 +0,0 @@
-package main
-
-import (
- "encoding/json"
- "errors"
- "fmt"
- "io"
- "net/http"
- "os"
- "reflect"
- "time"
-
- "github.com/valyala/fasthttp"
-)
-
-var headerContentTypeJson = []byte("application/json")
-
-var client *fasthttp.Client
-
-type Entity struct {
- Id int
- Name string
-}
-
-func main() {
- // You may read the timeouts from some config
- readTimeout, _ := time.ParseDuration("500ms")
- writeTimeout, _ := time.ParseDuration("500ms")
- maxIdleConnDuration, _ := time.ParseDuration("1h")
- client = &fasthttp.Client{
- ReadTimeout: readTimeout,
- WriteTimeout: writeTimeout,
- MaxIdleConnDuration: maxIdleConnDuration,
- NoDefaultUserAgentHeader: true, // Don't send: User-Agent: fasthttp
- DisableHeaderNamesNormalizing: true, // If you set the case on your headers correctly you can enable this
- DisablePathNormalizing: true,
- // increase DNS cache time to an hour instead of default minute
- Dial: (&fasthttp.TCPDialer{
- Concurrency: 4096,
- DNSCacheDuration: time.Hour,
- }).Dial,
- }
- sendGetRequest()
- sendPostRequest()
-}
-
-func sendGetRequest() {
- req := fasthttp.AcquireRequest()
- req.SetRequestURI("http://localhost:8080/")
- req.Header.SetMethod(fasthttp.MethodGet)
- resp := fasthttp.AcquireResponse()
- err := client.Do(req, resp)
- fasthttp.ReleaseRequest(req)
- if err == nil {
- fmt.Printf("DEBUG Response: %s\n", resp.Body())
- } else {
- fmt.Fprintf(os.Stderr, "ERR Connection error: %v\n", err)
- }
- fasthttp.ReleaseResponse(resp)
-}
-
-func sendPostRequest() {
- // per-request timeout
- reqTimeout := time.Duration(100) * time.Millisecond
-
- reqEntity := &Entity{
- Name: "New entity",
- }
- reqEntityBytes, _ := json.Marshal(reqEntity)
-
- req := fasthttp.AcquireRequest()
- req.SetRequestURI("http://localhost:8080/")
- req.Header.SetMethod(fasthttp.MethodPost)
- req.Header.SetContentTypeBytes(headerContentTypeJson)
- req.SetBodyRaw(reqEntityBytes)
-
- resp := fasthttp.AcquireResponse()
- err := client.DoTimeout(req, resp, reqTimeout)
- fasthttp.ReleaseRequest(req)
- defer fasthttp.ReleaseResponse(resp)
-
- if err != nil {
- errName, known := httpConnError(err)
- if known {
- fmt.Fprintf(os.Stderr, "WARN conn error: %v\n", errName)
- } else {
- fmt.Fprintf(os.Stderr, "ERR conn failure: %v %v\n", errName, err)
- }
-
- return
- }
-
- statusCode := resp.StatusCode()
- respBody := resp.Body()
- fmt.Printf("DEBUG Response: %s\n", respBody)
-
- if statusCode != http.StatusOK {
- fmt.Fprintf(os.Stderr, "ERR invalid HTTP response code: %d\n", statusCode)
-
- return
- }
-
- respEntity := &Entity{}
- err = json.Unmarshal(respBody, respEntity)
- if err == nil || errors.Is(err, io.EOF) {
- fmt.Printf("DEBUG Parsed Response: %v\n", respEntity)
- } else {
- fmt.Fprintf(os.Stderr, "ERR failed to parse response: %v\n", err)
- }
-}
-
-func httpConnError(err error) (string, bool) {
- var (
- errName string
- known = true
- )
-
- switch {
- case errors.Is(err, fasthttp.ErrTimeout):
- errName = "timeout"
- case errors.Is(err, fasthttp.ErrNoFreeConns):
- errName = "conn_limit"
- case errors.Is(err, fasthttp.ErrConnectionClosed):
- errName = "conn_close"
- case reflect.TypeOf(err).String() == "*net.OpError":
- errName = "timeout"
- default:
- known = false
- }
-
- return errName, known
-}
diff --git a/vendor/github.com/valyala/fasthttp/examples/fileserver/Makefile b/vendor/github.com/valyala/fasthttp/examples/fileserver/Makefile
deleted file mode 100644
index 0c000b3c1b4..00000000000
--- a/vendor/github.com/valyala/fasthttp/examples/fileserver/Makefile
+++ /dev/null
@@ -1,7 +0,0 @@
-fileserver: clean
- go get -u github.com/valyala/fasthttp
- go get -u github.com/valyala/fasthttp/expvarhandler
- go build
-
-clean:
- rm -f fileserver
diff --git a/vendor/github.com/valyala/fasthttp/examples/fileserver/README.md b/vendor/github.com/valyala/fasthttp/examples/fileserver/README.md
deleted file mode 100644
index e23f831f376..00000000000
--- a/vendor/github.com/valyala/fasthttp/examples/fileserver/README.md
+++ /dev/null
@@ -1,84 +0,0 @@
-# Static file server example
-
-* Serves files from the given directory.
-* Supports transparent response compression.
-* Supports byte range responses.
-* Generates directory index pages.
-* Supports TLS (aka SSL or HTTPS).
-* Supports virtual hosts.
-* Exports various stats on /stats path.
-
-# How to build
-
-```
-make
-```
-
-# How to run
-
-```
-./fileserver -h
-./fileserver -addr=tcp.addr.to.listen:to -dir=/path/to/directory/to/serve
-```
-
-# fileserver vs nginx performance comparison
-
-Serving default nginx path (`/usr/share/nginx/html` on ubuntu).
-
-* nginx
-
-```
-$ ./wrk -t 4 -c 16 -d 10 http://localhost:80
-Running 10s test @ http://localhost:80
- 4 threads and 16 connections
- Thread Stats Avg Stdev Max +/- Stdev
- Latency 397.76us 1.08ms 20.23ms 95.19%
- Req/Sec 21.20k 2.49k 31.34k 79.65%
- 850220 requests in 10.10s, 695.65MB read
-Requests/sec: 84182.71
-Transfer/sec: 68.88MB
-```
-
-* fileserver
-
-```
-$ ./wrk -t 4 -c 16 -d 10 http://localhost:8080
-Running 10s test @ http://localhost:8080
- 4 threads and 16 connections
- Thread Stats Avg Stdev Max +/- Stdev
- Latency 447.99us 1.59ms 27.20ms 94.79%
- Req/Sec 37.13k 3.99k 47.86k 76.00%
- 1478457 requests in 10.02s, 1.03GB read
-Requests/sec: 147597.06
-Transfer/sec: 105.15MB
-```
-
-8 pipelined requests
-
-* nginx
-
-```
-$ ./wrk -s pipeline.lua -t 4 -c 16 -d 10 http://localhost:80 -- 8
-Running 10s test @ http://localhost:80
- 4 threads and 16 connections
- Thread Stats Avg Stdev Max +/- Stdev
- Latency 1.34ms 2.15ms 30.91ms 92.16%
- Req/Sec 33.54k 7.36k 108.12k 76.81%
- 1339908 requests in 10.10s, 1.07GB read
-Requests/sec: 132705.81
-Transfer/sec: 108.58MB
-```
-
-* fileserver
-
-```
-$ ./wrk -s pipeline.lua -t 4 -c 16 -d 10 http://localhost:8080 -- 8
-Running 10s test @ http://localhost:8080
- 4 threads and 16 connections
- Thread Stats Avg Stdev Max +/- Stdev
- Latency 2.08ms 6.33ms 88.26ms 92.83%
- Req/Sec 116.54k 14.66k 167.98k 69.00%
- 4642226 requests in 10.03s, 3.23GB read
-Requests/sec: 462769.41
-Transfer/sec: 329.67MB
-```
diff --git a/vendor/github.com/valyala/fasthttp/examples/fileserver/fileserver.go b/vendor/github.com/valyala/fasthttp/examples/fileserver/fileserver.go
deleted file mode 100644
index 2a915bea5a5..00000000000
--- a/vendor/github.com/valyala/fasthttp/examples/fileserver/fileserver.go
+++ /dev/null
@@ -1,120 +0,0 @@
-// Example static file server.
-//
-// Serves static files from the given directory.
-// Exports various stats at /stats .
-package main
-
-import (
- "expvar"
- "flag"
- "log"
-
- "github.com/valyala/fasthttp"
- "github.com/valyala/fasthttp/expvarhandler"
-)
-
-var (
- addr = flag.String("addr", "localhost:8080", "TCP address to listen to")
- addrTLS = flag.String("addrTLS", "", "TCP address to listen to TLS (aka SSL or HTTPS) requests. Leave empty for disabling TLS")
- byteRange = flag.Bool("byteRange", false, "Enables byte range requests if set to true")
- certFile = flag.String("certFile", "./ssl-cert.pem", "Path to TLS certificate file")
- compress = flag.Bool("compress", false, "Enables transparent response compression if set to true")
- dir = flag.String("dir", "/usr/share/nginx/html", "Directory to serve static files from")
- generateIndexPages = flag.Bool("generateIndexPages", true, "Whether to generate directory index pages")
- keyFile = flag.String("keyFile", "./ssl-cert.key", "Path to TLS key file")
- vhost = flag.Bool("vhost", false, "Enables virtual hosting by prepending the requested path with the requested hostname")
-)
-
-func main() {
- // Parse command-line flags.
- flag.Parse()
-
- // Setup FS handler
- fs := &fasthttp.FS{
- Root: *dir,
- IndexNames: []string{"index.html"},
- GenerateIndexPages: *generateIndexPages,
- Compress: *compress,
- AcceptByteRange: *byteRange,
- }
- if *vhost {
- fs.PathRewrite = fasthttp.NewVHostPathRewriter(0)
- }
- fsHandler := fs.NewRequestHandler()
-
- // Create RequestHandler serving server stats on /stats and files
- // on other requested paths.
- // /stats output may be filtered using regexps. For example:
- //
- // * /stats?r=fs will show only stats (expvars) containing 'fs'
- // in their names.
- requestHandler := func(ctx *fasthttp.RequestCtx) {
- switch string(ctx.Path()) {
- case "/stats":
- expvarhandler.ExpvarHandler(ctx)
- default:
- fsHandler(ctx)
- updateFSCounters(ctx)
- }
- }
-
- // Start HTTP server.
- if len(*addr) > 0 {
- log.Printf("Starting HTTP server on %q", *addr)
- go func() {
- if err := fasthttp.ListenAndServe(*addr, requestHandler); err != nil {
- log.Fatalf("error in ListenAndServe: %v", err)
- }
- }()
- }
-
- // Start HTTPS server.
- if len(*addrTLS) > 0 {
- log.Printf("Starting HTTPS server on %q", *addrTLS)
- go func() {
- if err := fasthttp.ListenAndServeTLS(*addrTLS, *certFile, *keyFile, requestHandler); err != nil {
- log.Fatalf("error in ListenAndServeTLS: %v", err)
- }
- }()
- }
-
- log.Printf("Serving files from directory %q", *dir)
- log.Printf("See stats at http://%s/stats", *addr)
-
- // Wait forever.
- select {}
-}
-
-func updateFSCounters(ctx *fasthttp.RequestCtx) {
- // Increment the number of fsHandler calls.
- fsCalls.Add(1)
-
- // Update other stats counters
- resp := &ctx.Response
- switch resp.StatusCode() {
- case fasthttp.StatusOK:
- fsOKResponses.Add(1)
- fsResponseBodyBytes.Add(int64(resp.Header.ContentLength()))
- case fasthttp.StatusNotModified:
- fsNotModifiedResponses.Add(1)
- case fasthttp.StatusNotFound:
- fsNotFoundResponses.Add(1)
- default:
- fsOtherResponses.Add(1)
- }
-}
-
-// Various counters - see https://pkg.go.dev/expvar for details.
-var (
- // Counter for total number of fs calls
- fsCalls = expvar.NewInt("fsCalls")
-
- // Counters for various response status codes
- fsOKResponses = expvar.NewInt("fsOKResponses")
- fsNotModifiedResponses = expvar.NewInt("fsNotModifiedResponses")
- fsNotFoundResponses = expvar.NewInt("fsNotFoundResponses")
- fsOtherResponses = expvar.NewInt("fsOtherResponses")
-
- // Total size in bytes for OK response bodies served.
- fsResponseBodyBytes = expvar.NewInt("fsResponseBodyBytes")
-)
diff --git a/vendor/github.com/valyala/fasthttp/examples/fileserver/ssl-cert-snakeoil.pem b/vendor/github.com/valyala/fasthttp/examples/fileserver/ssl-cert-snakeoil.pem
deleted file mode 100644
index 93e77cd9569..00000000000
--- a/vendor/github.com/valyala/fasthttp/examples/fileserver/ssl-cert-snakeoil.pem
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICujCCAaKgAwIBAgIJAMbXnKZ/cikUMA0GCSqGSIb3DQEBCwUAMBUxEzARBgNV
-BAMTCnVidW50dS5uYW4wHhcNMTUwMjA0MDgwMTM5WhcNMjUwMjAxMDgwMTM5WjAV
-MRMwEQYDVQQDEwp1YnVudHUubmFuMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-CgKCAQEA+CELrALPDyXZxt5lEbfwF7YAvnHqizmrSePSSRNVT05DAMvqBNX9V75D
-K2LB6pg3+hllc4FV68i+FMKtv5yUpuenXYTeeZyPKEjd3bcsFAfP0oXpRDe955Te
-+z3g/bZejZLD8Fmiq6satBZWm0T2UkAn5oGW4Q1fEmvJnwpBVNBtJYrepCxnHgij
-L5lvvQc+3m7GJlXZlTMZnyCUrRQ+OJVhU3VHOuViEihHVthC3FHn29Mzi8PtDwm1
-xRiR+ceZLZLFvPgQZNh5IBnkES/6jwnHLYW0nDtFYDY98yd2WS9Dm0gwG7zQxvOY
-6HjYwzauQ0/wQGdGzkmxBbIfn/QQMwIDAQABow0wCzAJBgNVHRMEAjAAMA0GCSqG
-SIb3DQEBCwUAA4IBAQBQjKm/4KN/iTgXbLTL3i7zaxYXFLXsnT1tF+ay4VA8aj98
-L3JwRTciZ3A5iy/W4VSCt3eASwOaPWHKqDBB5RTtL73LoAqsWmO3APOGQAbixcQ2
-45GXi05OKeyiYRi1Nvq7Unv9jUkRDHUYVPZVSAjCpsXzPhFkmZoTRxmx5l0ZF7Li
-K91lI5h+eFq0dwZwrmlPambyh1vQUi70VHv8DNToVU29kel7YLbxGbuqETfhrcy6
-X+Mha6RYITkAn5FqsZcKMsc9eYGEF4l3XV+oS7q6xfTxktYJMFTI18J0lQ2Lv/CI
-whdMnYGntDQBE/iFCrJEGNsKGc38796GBOb5j+zd
------END CERTIFICATE-----
diff --git a/vendor/github.com/valyala/fasthttp/examples/helloworldserver/Makefile b/vendor/github.com/valyala/fasthttp/examples/helloworldserver/Makefile
deleted file mode 100644
index ce30ae9fa57..00000000000
--- a/vendor/github.com/valyala/fasthttp/examples/helloworldserver/Makefile
+++ /dev/null
@@ -1,6 +0,0 @@
-helloworldserver: clean
- go get -u github.com/valyala/fasthttp
- go build
-
-clean:
- rm -f helloworldserver
diff --git a/vendor/github.com/valyala/fasthttp/examples/helloworldserver/README.md b/vendor/github.com/valyala/fasthttp/examples/helloworldserver/README.md
deleted file mode 100644
index 80e801ecf46..00000000000
--- a/vendor/github.com/valyala/fasthttp/examples/helloworldserver/README.md
+++ /dev/null
@@ -1,17 +0,0 @@
-# HelloWorld server example
-
-* Displays various request info.
-* Sets response headers and cookies.
-* Supports transparent compression.
-
-# How to build
-
-```
-make
-```
-
-# How to run
-
-```
-./helloworldserver -addr=tcp.addr.to.listen:to
-```
diff --git a/vendor/github.com/valyala/fasthttp/examples/helloworldserver/helloworldserver.go b/vendor/github.com/valyala/fasthttp/examples/helloworldserver/helloworldserver.go
deleted file mode 100644
index a22e0b78b57..00000000000
--- a/vendor/github.com/valyala/fasthttp/examples/helloworldserver/helloworldserver.go
+++ /dev/null
@@ -1,55 +0,0 @@
-package main
-
-import (
- "flag"
- "fmt"
- "log"
-
- "github.com/valyala/fasthttp"
-)
-
-var (
- addr = flag.String("addr", ":8080", "TCP address to listen to")
- compress = flag.Bool("compress", false, "Whether to enable transparent response compression")
-)
-
-func main() {
- flag.Parse()
-
- h := requestHandler
- if *compress {
- h = fasthttp.CompressHandler(h)
- }
-
- if err := fasthttp.ListenAndServe(*addr, h); err != nil {
- log.Fatalf("Error in ListenAndServe: %v", err)
- }
-}
-
-func requestHandler(ctx *fasthttp.RequestCtx) {
- fmt.Fprintf(ctx, "Hello, world!\n\n")
-
- fmt.Fprintf(ctx, "Request method is %q\n", ctx.Method())
- fmt.Fprintf(ctx, "RequestURI is %q\n", ctx.RequestURI())
- fmt.Fprintf(ctx, "Requested path is %q\n", ctx.Path())
- fmt.Fprintf(ctx, "Host is %q\n", ctx.Host())
- fmt.Fprintf(ctx, "Query string is %q\n", ctx.QueryArgs())
- fmt.Fprintf(ctx, "User-Agent is %q\n", ctx.UserAgent())
- fmt.Fprintf(ctx, "Connection has been established at %s\n", ctx.ConnTime())
- fmt.Fprintf(ctx, "Request has been started at %s\n", ctx.Time())
- fmt.Fprintf(ctx, "Serial request number for the current connection is %d\n", ctx.ConnRequestNum())
- fmt.Fprintf(ctx, "Your ip is %q\n\n", ctx.RemoteIP())
-
- fmt.Fprintf(ctx, "Raw request is:\n---CUT---\n%s\n---CUT---", &ctx.Request)
-
- ctx.SetContentType("text/plain; charset=utf8")
-
- // Set arbitrary headers
- ctx.Response.Header.Set("X-My-Header", "my-header-value")
-
- // Set cookies
- var c fasthttp.Cookie
- c.SetKey("cookie-name")
- c.SetValue("cookie-value")
- ctx.Response.Header.SetCookie(&c)
-}
diff --git a/vendor/github.com/valyala/fasthttp/examples/host_client/Makefile b/vendor/github.com/valyala/fasthttp/examples/host_client/Makefile
deleted file mode 100644
index 161ab4454a0..00000000000
--- a/vendor/github.com/valyala/fasthttp/examples/host_client/Makefile
+++ /dev/null
@@ -1,6 +0,0 @@
-host_client: clean
- go get -u github.com/valyala/fasthttp
- go build
-
-clean:
- rm -f host_client
diff --git a/vendor/github.com/valyala/fasthttp/examples/host_client/README.md b/vendor/github.com/valyala/fasthttp/examples/host_client/README.md
deleted file mode 100644
index e40b3976ea5..00000000000
--- a/vendor/github.com/valyala/fasthttp/examples/host_client/README.md
+++ /dev/null
@@ -1,13 +0,0 @@
-# Host Client Example
-
-The HostClient is useful when calling an API from a single host.
-The example also shows how to use URI.
-You may create the parsed URI once and reuse it in many requests.
-The URI has a username and password for Basic Auth but you may also set other parts i.e. `SetPath()`, `SetQueryString()`.
-
-# How to build and run
-Start a web server on localhost:8080 then execute:
-
- make
- ./host_client
-
diff --git a/vendor/github.com/valyala/fasthttp/examples/host_client/hostclient.go b/vendor/github.com/valyala/fasthttp/examples/host_client/hostclient.go
deleted file mode 100644
index 997abd4c96a..00000000000
--- a/vendor/github.com/valyala/fasthttp/examples/host_client/hostclient.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package main
-
-import (
- "fmt"
- "os"
-
- "github.com/valyala/fasthttp"
-)
-
-func main() {
- // Get URI from a pool
- url := fasthttp.AcquireURI()
- url.Parse(nil, []byte("http://localhost:8080/"))
- url.SetUsername("Aladdin")
- url.SetPassword("Open Sesame")
-
- hc := &fasthttp.HostClient{
- Addr: "localhost:8080", // The host address and port must be set explicitly
- }
-
- req := fasthttp.AcquireRequest()
- req.SetURI(url) // copy url into request
- fasthttp.ReleaseURI(url) // now you may release the URI
-
- req.Header.SetMethod(fasthttp.MethodGet)
- resp := fasthttp.AcquireResponse()
- err := hc.Do(req, resp)
- fasthttp.ReleaseRequest(req)
- if err == nil {
- fmt.Printf("Response: %s\n", resp.Body())
- } else {
- fmt.Fprintf(os.Stderr, "Connection error: %v\n", err)
- }
- fasthttp.ReleaseResponse(resp)
-}
diff --git a/vendor/github.com/valyala/fasthttp/examples/letsencrypt/letsencryptserver.go b/vendor/github.com/valyala/fasthttp/examples/letsencrypt/letsencryptserver.go
deleted file mode 100644
index d08716871aa..00000000000
--- a/vendor/github.com/valyala/fasthttp/examples/letsencrypt/letsencryptserver.go
+++ /dev/null
@@ -1,41 +0,0 @@
-package main
-
-import (
- "crypto/tls"
- "net"
-
- "github.com/valyala/fasthttp"
- "golang.org/x/crypto/acme"
- "golang.org/x/crypto/acme/autocert"
-)
-
-func requestHandler(ctx *fasthttp.RequestCtx) {
- ctx.SetBodyString("hello from https!")
-}
-
-func main() {
- m := &autocert.Manager{
- Prompt: autocert.AcceptTOS,
- HostPolicy: autocert.HostWhitelist("example.com"), // Replace with your domain.
- Cache: autocert.DirCache("./certs"),
- }
-
- cfg := &tls.Config{
- GetCertificate: m.GetCertificate,
- NextProtos: []string{
- "http/1.1", acme.ALPNProto,
- },
- }
-
- // Let's Encrypt tls-alpn-01 only works on port 443.
- ln, err := net.Listen("tcp4", "0.0.0.0:443") /* #nosec G102 */
- if err != nil {
- panic(err)
- }
-
- lnTls := tls.NewListener(ln, cfg)
-
- if err := fasthttp.Serve(lnTls, requestHandler); err != nil {
- panic(err)
- }
-}
diff --git a/vendor/github.com/valyala/fasthttp/examples/multidomain/Makefile b/vendor/github.com/valyala/fasthttp/examples/multidomain/Makefile
deleted file mode 100644
index 0787e5050f0..00000000000
--- a/vendor/github.com/valyala/fasthttp/examples/multidomain/Makefile
+++ /dev/null
@@ -1,6 +0,0 @@
-writer: clean
- go get -u github.com/valyala/fasthttp
- go build
-
-clean:
- rm -f multidomain
diff --git a/vendor/github.com/valyala/fasthttp/examples/multidomain/README.md b/vendor/github.com/valyala/fasthttp/examples/multidomain/README.md
deleted file mode 100644
index 12c09ecadbe..00000000000
--- a/vendor/github.com/valyala/fasthttp/examples/multidomain/README.md
+++ /dev/null
@@ -1,15 +0,0 @@
-# Multidomain using SSL certs example
-
-* Prints two messages depending on visited host.
-
-# How to build
-
-```
-make
-```
-
-# How to run
-
-```
-./multidomain
-```
diff --git a/vendor/github.com/valyala/fasthttp/examples/multidomain/multidomain.go b/vendor/github.com/valyala/fasthttp/examples/multidomain/multidomain.go
deleted file mode 100644
index 9b5ca15debe..00000000000
--- a/vendor/github.com/valyala/fasthttp/examples/multidomain/multidomain.go
+++ /dev/null
@@ -1,63 +0,0 @@
-package main
-
-import (
- "fmt"
-
- "github.com/valyala/fasthttp"
-)
-
-var domains = make(map[string]fasthttp.RequestHandler)
-
-func main() {
- server := &fasthttp.Server{
- // You can check the access using openssl command:
- // $ openssl s_client -connect localhost:8080 << EOF
- // > GET /
- // > Host: localhost
- // > EOF
- //
- // $ openssl s_client -connect localhost:8080 << EOF
- // > GET /
- // > Host: 127.0.0.1:8080
- // > EOF
- //
- Handler: func(ctx *fasthttp.RequestCtx) {
- h, ok := domains[string(ctx.Host())]
- if !ok {
- ctx.NotFound()
- return
- }
- h(ctx)
- },
- }
-
- // preparing first host
- cert, priv, err := fasthttp.GenerateTestCertificate("localhost:8080")
- if err != nil {
- panic(err)
- }
- domains["localhost:8080"] = func(ctx *fasthttp.RequestCtx) {
- ctx.WriteString("You are accessing to localhost:8080\n")
- }
-
- err = server.AppendCertEmbed(cert, priv)
- if err != nil {
- panic(err)
- }
-
- // preparing second host
- cert, priv, err = fasthttp.GenerateTestCertificate("127.0.0.1")
- if err != nil {
- panic(err)
- }
- domains["127.0.0.1:8080"] = func(ctx *fasthttp.RequestCtx) {
- ctx.WriteString("You are accessing to 127.0.0.1:8080\n")
- }
-
- err = server.AppendCertEmbed(cert, priv)
- if err != nil {
- panic(err)
- }
-
- fmt.Println(server.ListenAndServeTLS(":8080", "", ""))
-}
diff --git a/vendor/github.com/valyala/fasthttp/fasthttputil/inmemory_listener_test.go b/vendor/github.com/valyala/fasthttp/fasthttputil/inmemory_listener_test.go
deleted file mode 100644
index 698285d756b..00000000000
--- a/vendor/github.com/valyala/fasthttp/fasthttputil/inmemory_listener_test.go
+++ /dev/null
@@ -1,273 +0,0 @@
-package fasthttputil
-
-import (
- "bytes"
- "context"
- "fmt"
- "io"
- "net"
- "net/http"
- "sync"
- "testing"
- "time"
-)
-
-func TestInmemoryListener(t *testing.T) {
- ln := NewInmemoryListener()
-
- ch := make(chan struct{})
- for i := 0; i < 10; i++ {
- go func(n int) {
- conn, err := ln.Dial()
- if err != nil {
- t.Errorf("unexpected error: %v", err)
- }
- defer conn.Close()
- req := fmt.Sprintf("request_%d", n)
- nn, err := conn.Write([]byte(req))
- if err != nil {
- t.Errorf("unexpected error: %v", err)
- }
- if nn != len(req) {
- t.Errorf("unexpected number of bytes written: %d. Expecting %d", nn, len(req))
- }
- buf := make([]byte, 30)
- nn, err = conn.Read(buf)
- if err != nil {
- t.Errorf("unexpected error: %v", err)
- }
- buf = buf[:nn]
- resp := fmt.Sprintf("response_%d", n)
- if nn != len(resp) {
- t.Errorf("unexpected number of bytes read: %d. Expecting %d", nn, len(resp))
- }
- if string(buf) != resp {
- t.Errorf("unexpected response %q. Expecting %q", buf, resp)
- }
- ch <- struct{}{}
- }(i)
- }
-
- serverCh := make(chan struct{})
- go func() {
- for {
- conn, err := ln.Accept()
- if err != nil {
- close(serverCh)
- return
- }
- defer conn.Close()
- buf := make([]byte, 30)
- n, err := conn.Read(buf)
- if err != nil {
- t.Errorf("unexpected error: %v", err)
- }
- buf = buf[:n]
- if !bytes.HasPrefix(buf, []byte("request_")) {
- t.Errorf("unexpected request prefix %q. Expecting %q", buf, "request_")
- }
- resp := fmt.Sprintf("response_%s", buf[len("request_"):])
- n, err = conn.Write([]byte(resp))
- if err != nil {
- t.Errorf("unexpected error: %v", err)
- }
- if n != len(resp) {
- t.Errorf("unexpected number of bytes written: %d. Expecting %d", n, len(resp))
- }
- }
- }()
-
- for i := 0; i < 10; i++ {
- select {
- case <-ch:
- case <-time.After(time.Second):
- t.Fatalf("timeout")
- }
- }
-
- if err := ln.Close(); err != nil {
- t.Fatalf("unexpected error: %v", err)
- }
-
- select {
- case <-serverCh:
- case <-time.After(time.Second):
- t.Fatalf("timeout")
- }
-}
-
-// echoServerHandler implements http.Handler.
-type echoServerHandler struct {
- t *testing.T
-}
-
-func (s *echoServerHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
- w.WriteHeader(200)
- time.Sleep(time.Millisecond * 100)
- if _, err := io.Copy(w, r.Body); err != nil {
- s.t.Fatalf("unexpected error: %v", err)
- }
-}
-
-func testInmemoryListenerHTTP(t *testing.T, f func(t *testing.T, client *http.Client)) {
- ln := NewInmemoryListener()
- defer ln.Close()
-
- client := &http.Client{
- Transport: &http.Transport{
- DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
- return ln.Dial()
- },
- },
- Timeout: time.Second,
- }
-
- server := &http.Server{
- Handler: &echoServerHandler{t},
- }
-
- go func() {
- if err := server.Serve(ln); err != nil && err != http.ErrServerClosed {
- t.Errorf("unexpected error: %v", err)
- }
- }()
-
- f(t, client)
-
- ctx, cancel := context.WithTimeout(context.Background(), time.Millisecond*100)
- defer cancel()
- server.Shutdown(ctx) //nolint:errcheck
-}
-
-func testInmemoryListenerHTTPSingle(t *testing.T, client *http.Client, content string) {
- res, err := client.Post("http://...", "text/plain", bytes.NewBufferString(content))
- if err != nil {
- t.Fatalf("unexpected error: %v", err)
- }
- defer func() { _ = res.Body.Close() }()
- b, err := io.ReadAll(res.Body)
- if err != nil {
- t.Fatalf("unexpected error: %v", err)
- }
- s := string(b)
- if string(b) != content {
- t.Fatalf("unexpected response %q, expecting %q", s, content)
- }
-}
-
-func TestInmemoryListenerHTTPSingle(t *testing.T) {
- testInmemoryListenerHTTP(t, func(t *testing.T, client *http.Client) {
- testInmemoryListenerHTTPSingle(t, client, "request")
- })
-}
-
-func TestInmemoryListenerHTTPSerial(t *testing.T) {
- testInmemoryListenerHTTP(t, func(t *testing.T, client *http.Client) {
- for i := 0; i < 10; i++ {
- testInmemoryListenerHTTPSingle(t, client, fmt.Sprintf("request_%d", i))
- }
- })
-}
-
-func TestInmemoryListenerHTTPConcurrent(t *testing.T) {
- testInmemoryListenerHTTP(t, func(t *testing.T, client *http.Client) {
- var wg sync.WaitGroup
- for i := 0; i < 10; i++ {
- wg.Add(1)
- go func(i int) {
- defer wg.Done()
- testInmemoryListenerHTTPSingle(t, client, fmt.Sprintf("request_%d", i))
- }(i)
- }
- wg.Wait()
- })
-}
-
-func acceptLoop(ln net.Listener) {
- for {
- conn, err := ln.Accept()
- if err != nil {
- panic(err)
- }
-
- conn.Close()
- }
-}
-
-func TestInmemoryListenerAddrDefault(t *testing.T) {
- ln := NewInmemoryListener()
-
- verifyAddr(t, ln.Addr(), inmemoryAddr(0))
-
- go func() {
- c, err := ln.Dial()
- if err != nil {
- panic(err)
- }
-
- c.Close()
- }()
-
- lc, err := ln.Accept()
- if err != nil {
- t.Fatalf("unexpected error: %v", err)
- }
-
- verifyAddr(t, lc.LocalAddr(), inmemoryAddr(0))
- verifyAddr(t, lc.RemoteAddr(), pipeAddr(0))
-
- go acceptLoop(ln)
-
- c, err := ln.Dial()
- if err != nil {
- t.Fatalf("unexpected error: %v", err)
- }
-
- verifyAddr(t, c.LocalAddr(), pipeAddr(0))
- verifyAddr(t, c.RemoteAddr(), inmemoryAddr(0))
-}
-
-func verifyAddr(t *testing.T, got, expected net.Addr) {
- if got != expected {
- t.Fatalf("unexpected addr: %v. Expecting %v", got, expected)
- }
-}
-
-func TestInmemoryListenerAddrCustom(t *testing.T) {
- ln := NewInmemoryListener()
-
- listenerAddr := &net.TCPAddr{IP: net.IPv4(127, 0, 0, 1), Port: 12345}
-
- ln.SetLocalAddr(listenerAddr)
-
- verifyAddr(t, ln.Addr(), listenerAddr)
-
- go func() {
- c, err := ln.Dial()
- if err != nil {
- panic(err)
- }
-
- c.Close()
- }()
-
- lc, err := ln.Accept()
- if err != nil {
- t.Fatalf("unexpected error: %v", err)
- }
-
- verifyAddr(t, lc.LocalAddr(), listenerAddr)
- verifyAddr(t, lc.RemoteAddr(), pipeAddr(0))
-
- go acceptLoop(ln)
-
- clientAddr := &net.TCPAddr{IP: net.IPv4(127, 0, 0, 2), Port: 65432}
-
- c, err := ln.DialWithLocalAddr(clientAddr)
- if err != nil {
- t.Fatalf("unexpected error: %v", err)
- }
-
- verifyAddr(t, c.LocalAddr(), clientAddr)
- verifyAddr(t, c.RemoteAddr(), listenerAddr)
-}
diff --git a/vendor/github.com/valyala/fasthttp/fasthttputil/inmemory_listener_timing_test.go b/vendor/github.com/valyala/fasthttp/fasthttputil/inmemory_listener_timing_test.go
deleted file mode 100644
index ee398009ac2..00000000000
--- a/vendor/github.com/valyala/fasthttp/fasthttputil/inmemory_listener_timing_test.go
+++ /dev/null
@@ -1,155 +0,0 @@
-package fasthttputil_test
-
-import (
- "crypto/tls"
- "net"
- "testing"
-
- "github.com/valyala/fasthttp"
- "github.com/valyala/fasthttp/fasthttputil"
-)
-
-var (
- certblock = []byte(`-----BEGIN CERTIFICATE-----
-MIICujCCAaKgAwIBAgIJAMbXnKZ/cikUMA0GCSqGSIb3DQEBCwUAMBUxEzARBgNV
-BAMTCnVidW50dS5uYW4wHhcNMTUwMjA0MDgwMTM5WhcNMjUwMjAxMDgwMTM5WjAV
-MRMwEQYDVQQDEwp1YnVudHUubmFuMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-CgKCAQEA+CELrALPDyXZxt5lEbfwF7YAvnHqizmrSePSSRNVT05DAMvqBNX9V75D
-K2LB6pg3+hllc4FV68i+FMKtv5yUpuenXYTeeZyPKEjd3bcsFAfP0oXpRDe955Te
-+z3g/bZejZLD8Fmiq6satBZWm0T2UkAn5oGW4Q1fEmvJnwpBVNBtJYrepCxnHgij
-L5lvvQc+3m7GJlXZlTMZnyCUrRQ+OJVhU3VHOuViEihHVthC3FHn29Mzi8PtDwm1
-xRiR+ceZLZLFvPgQZNh5IBnkES/6jwnHLYW0nDtFYDY98yd2WS9Dm0gwG7zQxvOY
-6HjYwzauQ0/wQGdGzkmxBbIfn/QQMwIDAQABow0wCzAJBgNVHRMEAjAAMA0GCSqG
-SIb3DQEBCwUAA4IBAQBQjKm/4KN/iTgXbLTL3i7zaxYXFLXsnT1tF+ay4VA8aj98
-L3JwRTciZ3A5iy/W4VSCt3eASwOaPWHKqDBB5RTtL73LoAqsWmO3APOGQAbixcQ2
-45GXi05OKeyiYRi1Nvq7Unv9jUkRDHUYVPZVSAjCpsXzPhFkmZoTRxmx5l0ZF7Li
-K91lI5h+eFq0dwZwrmlPambyh1vQUi70VHv8DNToVU29kel7YLbxGbuqETfhrcy6
-X+Mha6RYITkAn5FqsZcKMsc9eYGEF4l3XV+oS7q6xfTxktYJMFTI18J0lQ2Lv/CI
-whdMnYGntDQBE/iFCrJEGNsKGc38796GBOb5j+zd
------END CERTIFICATE-----
-`)
- keyblock = []byte(`-----BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQD4IQusAs8PJdnG
-3mURt/AXtgC+ceqLOatJ49JJE1VPTkMAy+oE1f1XvkMrYsHqmDf6GWVzgVXryL4U
-wq2/nJSm56ddhN55nI8oSN3dtywUB8/ShelEN73nlN77PeD9tl6NksPwWaKrqxq0
-FlabRPZSQCfmgZbhDV8Sa8mfCkFU0G0lit6kLGceCKMvmW+9Bz7ebsYmVdmVMxmf
-IJStFD44lWFTdUc65WISKEdW2ELcUefb0zOLw+0PCbXFGJH5x5ktksW8+BBk2Hkg
-GeQRL/qPCccthbScO0VgNj3zJ3ZZL0ObSDAbvNDG85joeNjDNq5DT/BAZ0bOSbEF
-sh+f9BAzAgMBAAECggEBAJWv2cq7Jw6MVwSRxYca38xuD6TUNBopgBvjREixURW2
-sNUaLuMb9Omp7fuOaE2N5rcJ+xnjPGIxh/oeN5MQctz9gwn3zf6vY+15h97pUb4D
-uGvYPRDaT8YVGS+X9NMZ4ZCmqW2lpWzKnCFoGHcy8yZLbcaxBsRdvKzwOYGoPiFb
-K2QuhXZ/1UPmqK9i2DFKtj40X6vBszTNboFxOVpXrPu0FJwLVSDf2hSZ4fMM0DH3
-YqwKcYf5te+hxGKgrqRA3tn0NCWii0in6QIwXMC+kMw1ebg/tZKqyDLMNptAK8J+
-DVw9m5X1seUHS5ehU/g2jrQrtK5WYn7MrFK4lBzlRwECgYEA/d1TeANYECDWRRDk
-B0aaRZs87Rwl/J9PsvbsKvtU/bX+OfSOUjOa9iQBqn0LmU8GqusEET/QVUfocVwV
-Bggf/5qDLxz100Rj0ags/yE/kNr0Bb31kkkKHFMnCT06YasR7qKllwrAlPJvQv9x
-IzBKq+T/Dx08Wep9bCRSFhzRCnsCgYEA+jdeZXTDr/Vz+D2B3nAw1frqYFfGnEVY
-wqmoK3VXMDkGuxsloO2rN+SyiUo3JNiQNPDub/t7175GH5pmKtZOlftePANsUjBj
-wZ1D0rI5Bxu/71ibIUYIRVmXsTEQkh/ozoh3jXCZ9+bLgYiYx7789IUZZSokFQ3D
-FICUT9KJ36kCgYAGoq9Y1rWJjmIrYfqj2guUQC+CfxbbGIrrwZqAsRsSmpwvhZ3m
-tiSZxG0quKQB+NfSxdvQW5ulbwC7Xc3K35F+i9pb8+TVBdeaFkw+yu6vaZmxQLrX
-fQM/pEjD7A7HmMIaO7QaU5SfEAsqdCTP56Y8AftMuNXn/8IRfo2KuGwaWwKBgFpU
-ILzJoVdlad9E/Rw7LjYhZfkv1uBVXIyxyKcfrkEXZSmozDXDdxsvcZCEfVHM6Ipk
-K/+7LuMcqp4AFEAEq8wTOdq6daFaHLkpt/FZK6M4TlruhtpFOPkoNc3e45eM83OT
-6mziKINJC1CQ6m65sQHpBtjxlKMRG8rL/D6wx9s5AoGBAMRlqNPMwglT3hvDmsAt
-9Lf9pdmhERUlHhD8bj8mDaBj2Aqv7f6VRJaYZqP403pKKQexuqcn80mtjkSAPFkN
-Cj7BVt/RXm5uoxDTnfi26RF9F6yNDEJ7UU9+peBr99aazF/fTgW/1GcMkQnum8uV
-c257YgaWmjK9uB0Y2r2VxS0G
------END PRIVATE KEY-----`)
-)
-
-// BenchmarkPlainStreaming measures end-to-end plaintext streaming performance
-// for fasthttp client and server.
-//
-// It issues http requests over a small number of keep-alive connections.
-func BenchmarkPlainStreaming(b *testing.B) {
- benchmark(b, streamingHandler, false)
-}
-
-// BenchmarkPlainHandshake measures end-to-end plaintext handshake performance
-// for fasthttp client and server.
-//
-// It re-establishes new connection per each http request.
-func BenchmarkPlainHandshake(b *testing.B) {
- benchmark(b, handshakeHandler, false)
-}
-
-// BenchmarkTLSStreaming measures end-to-end TLS streaming performance
-// for fasthttp client and server.
-//
-// It issues http requests over a small number of TLS keep-alive connections.
-func BenchmarkTLSStreaming(b *testing.B) {
- benchmark(b, streamingHandler, true)
-}
-
-func benchmark(b *testing.B, h fasthttp.RequestHandler, isTLS bool) {
- var serverTLSConfig, clientTLSConfig *tls.Config
- if isTLS {
- cert, err := tls.X509KeyPair(certblock, keyblock)
- if err != nil {
- b.Fatalf("cannot load TLS certificate: %v", err)
- }
- serverTLSConfig = &tls.Config{
- Certificates: []tls.Certificate{cert},
- PreferServerCipherSuites: true,
- }
- serverTLSConfig.CurvePreferences = []tls.CurveID{}
- clientTLSConfig = &tls.Config{
- InsecureSkipVerify: true,
- }
- }
- ln := fasthttputil.NewInmemoryListener()
- serverStopCh := make(chan struct{})
- go func() {
- serverLn := net.Listener(ln)
- if serverTLSConfig != nil {
- serverLn = tls.NewListener(serverLn, serverTLSConfig)
- }
- if err := fasthttp.Serve(serverLn, h); err != nil {
- b.Errorf("unexpected error in server: %v", err)
- }
- close(serverStopCh)
- }()
- c := &fasthttp.HostClient{
- Dial: func(addr string) (net.Conn, error) {
- return ln.Dial()
- },
- IsTLS: isTLS,
- TLSConfig: clientTLSConfig,
- }
-
- b.RunParallel(func(pb *testing.PB) {
- runRequests(b, pb, c, isTLS)
- })
- ln.Close()
- <-serverStopCh
-}
-
-func streamingHandler(ctx *fasthttp.RequestCtx) {
- ctx.WriteString("foobar") //nolint:errcheck
-}
-
-func handshakeHandler(ctx *fasthttp.RequestCtx) {
- streamingHandler(ctx)
-
- // Explicitly close connection after each response.
- ctx.SetConnectionClose()
-}
-
-func runRequests(b *testing.B, pb *testing.PB, c *fasthttp.HostClient, isTLS bool) {
- var req fasthttp.Request
- if isTLS {
- req.SetRequestURI("https://foo.bar/baz")
- } else {
- req.SetRequestURI("http://foo.bar/baz")
- }
- var resp fasthttp.Response
- for pb.Next() {
- if err := c.Do(&req, &resp); err != nil {
- b.Fatalf("unexpected error: %v", err)
- }
- if resp.StatusCode() != fasthttp.StatusOK {
- b.Fatalf("unexpected status code: %d. Expecting %d", resp.StatusCode(), fasthttp.StatusOK)
- }
- }
-}
diff --git a/vendor/github.com/valyala/fasthttp/fasthttputil/pipeconns_test.go b/vendor/github.com/valyala/fasthttp/fasthttputil/pipeconns_test.go
deleted file mode 100644
index 9ac7ee14c73..00000000000
--- a/vendor/github.com/valyala/fasthttp/fasthttputil/pipeconns_test.go
+++ /dev/null
@@ -1,407 +0,0 @@
-package fasthttputil
-
-import (
- "bytes"
- "fmt"
- "io"
- "net"
- "testing"
- "time"
-)
-
-func TestPipeConnsWriteTimeout(t *testing.T) {
- t.Parallel()
-
- pc := NewPipeConns()
- c1 := pc.Conn1()
-
- deadline := time.Now().Add(time.Millisecond)
- if err := c1.SetWriteDeadline(deadline); err != nil {
- t.Fatalf("unexpected error: %v", err)
- }
-
- data := []byte("foobar")
- for {
- _, err := c1.Write(data)
- if err != nil {
- if err == ErrTimeout {
- break
- }
- t.Fatalf("unexpected error: %v", err)
- }
- }
-
- for i := 0; i < 10; i++ {
- _, err := c1.Write(data)
- if err == nil {
- t.Fatalf("expecting error")
- }
- if err != ErrTimeout {
- t.Fatalf("unexpected error: %v. Expecting %v", err, ErrTimeout)
- }
- }
-
- // read the written data
- c2 := pc.Conn2()
- if err := c2.SetReadDeadline(time.Now().Add(10 * time.Millisecond)); err != nil {
- t.Fatalf("unexpected error: %v", err)
- }
- for {
- _, err := c2.Read(data)
- if err != nil {
- if err == ErrTimeout {
- break
- }
- t.Fatalf("unexpected error: %v", err)
- }
- }
-
- for i := 0; i < 10; i++ {
- _, err := c2.Read(data)
- if err == nil {
- t.Fatalf("expecting error")
- }
- if err != ErrTimeout {
- t.Fatalf("unexpected error: %v. Expecting %v", err, ErrTimeout)
- }
- }
-}
-
-func TestPipeConnsPositiveReadTimeout(t *testing.T) {
- t.Parallel()
-
- testPipeConnsReadTimeout(t, time.Millisecond)
-}
-
-func TestPipeConnsNegativeReadTimeout(t *testing.T) {
- t.Parallel()
-
- testPipeConnsReadTimeout(t, -time.Second)
-}
-
-var zeroTime time.Time
-
-func testPipeConnsReadTimeout(t *testing.T, timeout time.Duration) {
- pc := NewPipeConns()
- c1 := pc.Conn1()
-
- deadline := time.Now().Add(timeout)
- if err := c1.SetReadDeadline(deadline); err != nil {
- t.Fatalf("unexpected error: %v", err)
- }
-
- var buf [1]byte
- for i := 0; i < 10; i++ {
- _, err := c1.Read(buf[:])
- if err == nil {
- t.Fatalf("expecting error on iteration %d", i)
- }
- if err != ErrTimeout {
- t.Fatalf("unexpected error on iteration %d: %v. Expecting %v", i, err, ErrTimeout)
- }
- }
-
- // disable deadline and send data from c2 to c1
- if err := c1.SetReadDeadline(zeroTime); err != nil {
- t.Fatalf("unexpected error: %v", err)
- }
-
- data := []byte("foobar")
- c2 := pc.Conn2()
- if _, err := c2.Write(data); err != nil {
- t.Fatalf("unexpected error: %v", err)
- }
- dataBuf := make([]byte, len(data))
- if _, err := io.ReadFull(c1, dataBuf); err != nil {
- t.Fatalf("unexpected error: %v", err)
- }
- if !bytes.Equal(data, dataBuf) {
- t.Fatalf("unexpected data received: %q. Expecting %q", dataBuf, data)
- }
-}
-
-func TestPipeConnsCloseWhileReadWriteConcurrent(t *testing.T) {
- t.Parallel()
-
- concurrency := 4
- ch := make(chan struct{}, concurrency)
- for i := 0; i < concurrency; i++ {
- go func() {
- testPipeConnsCloseWhileReadWriteSerial(t)
- ch <- struct{}{}
- }()
- }
-
- for i := 0; i < concurrency; i++ {
- select {
- case <-ch:
- case <-time.After(5 * time.Second):
- t.Fatalf("timeout")
- }
- }
-}
-
-func TestPipeConnsCloseWhileReadWriteSerial(t *testing.T) {
- t.Parallel()
-
- testPipeConnsCloseWhileReadWriteSerial(t)
-}
-
-func testPipeConnsCloseWhileReadWriteSerial(t *testing.T) {
- for i := 0; i < 10; i++ {
- testPipeConnsCloseWhileReadWrite(t)
- }
-}
-
-func testPipeConnsCloseWhileReadWrite(t *testing.T) {
- pc := NewPipeConns()
- c1 := pc.Conn1()
- c2 := pc.Conn2()
-
- readCh := make(chan error)
- go func() {
- var err error
- if _, err = io.Copy(io.Discard, c1); err != nil {
- if err != errConnectionClosed {
- err = fmt.Errorf("unexpected error: %w", err)
- } else {
- err = nil
- }
- }
- readCh <- err
- }()
-
- writeCh := make(chan error)
- go func() {
- var err error
- for {
- if _, err = c2.Write([]byte("foobar")); err != nil {
- if err != errConnectionClosed {
- err = fmt.Errorf("unexpected error: %w", err)
- } else {
- err = nil
- }
- break
- }
- }
- writeCh <- err
- }()
-
- time.Sleep(10 * time.Millisecond)
- if err := c1.Close(); err != nil {
- t.Fatalf("unexpected error: %v", err)
- }
- if err := c2.Close(); err != nil {
- t.Fatalf("unexpected error: %v", err)
- }
-
- select {
- case err := <-readCh:
- if err != nil {
- t.Fatalf("unexpected error in reader: %v", err)
- }
- case <-time.After(time.Second):
- t.Fatalf("timeout")
- }
- select {
- case err := <-writeCh:
- if err != nil {
- t.Fatalf("unexpected error in writer: %v", err)
- }
- case <-time.After(time.Second):
- t.Fatalf("timeout")
- }
-}
-
-func TestPipeConnsReadWriteSerial(t *testing.T) {
- t.Parallel()
-
- testPipeConnsReadWriteSerial(t)
-}
-
-func TestPipeConnsReadWriteConcurrent(t *testing.T) {
- t.Parallel()
-
- testConcurrency(t, 10, testPipeConnsReadWriteSerial)
-}
-
-func testPipeConnsReadWriteSerial(t *testing.T) {
- pc := NewPipeConns()
- testPipeConnsReadWrite(t, pc.Conn1(), pc.Conn2())
-
- pc = NewPipeConns()
- testPipeConnsReadWrite(t, pc.Conn2(), pc.Conn1())
-}
-
-func testPipeConnsReadWrite(t *testing.T, c1, c2 net.Conn) {
- defer c1.Close()
- defer c2.Close()
-
- var buf [32]byte
- for i := 0; i < 10; i++ {
- // The first write
- s1 := fmt.Sprintf("foo_%d", i)
- n, err := c1.Write([]byte(s1))
- if err != nil {
- t.Fatalf("unexpected error: %v", err)
- }
- if n != len(s1) {
- t.Fatalf("unexpected number of bytes written: %d. Expecting %d", n, len(s1))
- }
-
- // The second write
- s2 := fmt.Sprintf("bar_%d", i)
- n, err = c1.Write([]byte(s2))
- if err != nil {
- t.Fatalf("unexpected error: %v", err)
- }
- if n != len(s2) {
- t.Fatalf("unexpected number of bytes written: %d. Expecting %d", n, len(s2))
- }
-
- // Read data written above in two writes
- s := s1 + s2
- n, err = c2.Read(buf[:])
- if err != nil {
- t.Fatalf("unexpected error: %v", err)
- }
- if n != len(s) {
- t.Fatalf("unexpected number of bytes read: %d. Expecting %d", n, len(s))
- }
- if string(buf[:n]) != s {
- t.Fatalf("unexpected string read: %q. Expecting %q", buf[:n], s)
- }
- }
-}
-
-func TestPipeConnsCloseSerial(t *testing.T) {
- t.Parallel()
-
- testPipeConnsCloseSerial(t)
-}
-
-func TestPipeConnsCloseConcurrent(t *testing.T) {
- t.Parallel()
-
- testConcurrency(t, 10, testPipeConnsCloseSerial)
-}
-
-func testPipeConnsCloseSerial(t *testing.T) {
- pc := NewPipeConns()
- testPipeConnsClose(t, pc.Conn1(), pc.Conn2())
-
- pc = NewPipeConns()
- testPipeConnsClose(t, pc.Conn2(), pc.Conn1())
-}
-
-func testPipeConnsClose(t *testing.T, c1, c2 net.Conn) {
- if err := c1.Close(); err != nil {
- t.Fatalf("unexpected error: %v", err)
- }
- var buf [10]byte
-
- // attempt writing to closed conn
- for i := 0; i < 10; i++ {
- n, err := c1.Write(buf[:])
- if err == nil {
- t.Fatalf("expecting error")
- }
- if n != 0 {
- t.Fatalf("unexpected number of bytes written: %d. Expecting 0", n)
- }
- }
-
- // attempt reading from closed conn
- for i := 0; i < 10; i++ {
- n, err := c2.Read(buf[:])
- if err == nil {
- t.Fatalf("expecting error")
- }
- if err != io.EOF {
- t.Fatalf("unexpected error: %v. Expecting %v", err, io.EOF)
- }
- if n != 0 {
- t.Fatalf("unexpected number of bytes read: %d. Expecting 0", n)
- }
- }
-
- if err := c2.Close(); err != nil {
- t.Fatalf("unexpected error: %v", err)
- }
-
- // attempt closing already closed conns
- for i := 0; i < 10; i++ {
- if err := c1.Close(); err != nil {
- t.Fatalf("unexpected error: %v", err)
- }
- if err := c2.Close(); err != nil {
- t.Fatalf("unexpected error: %v", err)
- }
- }
-}
-
-func testConcurrency(t *testing.T, concurrency int, f func(*testing.T)) {
- ch := make(chan struct{}, concurrency)
- for i := 0; i < concurrency; i++ {
- go func() {
- f(t)
- ch <- struct{}{}
- }()
- }
-
- for i := 0; i < concurrency; i++ {
- select {
- case <-ch:
- case <-time.After(time.Second):
- t.Fatalf("timeout")
- }
- }
-}
-
-func TestPipeConnsAddrDefault(t *testing.T) {
- t.Parallel()
-
- pc := NewPipeConns()
- c1 := pc.Conn1()
-
- if c1.LocalAddr() != pipeAddr(0) {
- t.Fatalf("unexpected local address: %v", c1.LocalAddr())
- }
-
- if c1.RemoteAddr() != pipeAddr(0) {
- t.Fatalf("unexpected remote address: %v", c1.RemoteAddr())
- }
-}
-
-func TestPipeConnsAddrCustom(t *testing.T) {
- t.Parallel()
-
- pc := NewPipeConns()
-
- addr1 := &net.TCPAddr{IP: net.IPv4(1, 2, 3, 4), Port: 1234}
- addr2 := &net.TCPAddr{IP: net.IPv4(5, 6, 7, 8), Port: 5678}
- addr3 := &net.TCPAddr{IP: net.IPv4(9, 10, 11, 12), Port: 9012}
- addr4 := &net.TCPAddr{IP: net.IPv4(13, 14, 15, 16), Port: 3456}
-
- pc.SetAddresses(addr1, addr2, addr3, addr4)
-
- c1 := pc.Conn1()
-
- if c1.LocalAddr() != addr1 {
- t.Fatalf("unexpected local address: %v", c1.LocalAddr())
- }
-
- if c1.RemoteAddr() != addr2 {
- t.Fatalf("unexpected remote address: %v", c1.RemoteAddr())
- }
-
- c2 := pc.Conn1()
-
- if c2.LocalAddr() != addr1 {
- t.Fatalf("unexpected local address: %v", c2.LocalAddr())
- }
-
- if c2.RemoteAddr() != addr2 {
- t.Fatalf("unexpected remote address: %v", c2.RemoteAddr())
- }
-}
diff --git a/vendor/github.com/valyala/fasthttp/testdata/test.png b/vendor/github.com/valyala/fasthttp/testdata/test.png
deleted file mode 100644
index 8b137891791..00000000000
--- a/vendor/github.com/valyala/fasthttp/testdata/test.png
+++ /dev/null
@@ -1 +0,0 @@
-
diff --git a/vendor/golang.org/x/sys/unix/mkerrors.sh b/vendor/golang.org/x/sys/unix/mkerrors.sh
index fdcaa974d23..4ed2e488b61 100644
--- a/vendor/golang.org/x/sys/unix/mkerrors.sh
+++ b/vendor/golang.org/x/sys/unix/mkerrors.sh
@@ -263,6 +263,7 @@ struct ltchars {
#include
#include
#include
+#include
#include
#include
#include
@@ -549,6 +550,7 @@ ccflags="$@"
$2 !~ "NLA_TYPE_MASK" &&
$2 !~ /^RTC_VL_(ACCURACY|BACKUP|DATA)/ &&
$2 ~ /^(NETLINK|NLM|NLMSG|NLA|IFA|IFAN|RT|RTC|RTCF|RTN|RTPROT|RTNH|ARPHRD|ETH_P|NETNSA)_/ ||
+ $2 ~ /^SOCK_|SK_DIAG_|SKNLGRP_$/ ||
$2 ~ /^FIORDCHK$/ ||
$2 ~ /^SIOC/ ||
$2 ~ /^TIOC/ ||
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go
index 93a38a97d9c..877a62b479a 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go
@@ -502,6 +502,7 @@ const (
BPF_IMM = 0x0
BPF_IND = 0x40
BPF_JA = 0x0
+ BPF_JCOND = 0xe0
BPF_JEQ = 0x10
BPF_JGE = 0x30
BPF_JGT = 0x20
@@ -657,6 +658,9 @@ const (
CAN_NPROTO = 0x8
CAN_RAW = 0x1
CAN_RAW_FILTER_MAX = 0x200
+ CAN_RAW_XL_VCID_RX_FILTER = 0x4
+ CAN_RAW_XL_VCID_TX_PASS = 0x2
+ CAN_RAW_XL_VCID_TX_SET = 0x1
CAN_RTR_FLAG = 0x40000000
CAN_SFF_ID_BITS = 0xb
CAN_SFF_MASK = 0x7ff
@@ -1339,6 +1343,7 @@ const (
F_OFD_SETLK = 0x25
F_OFD_SETLKW = 0x26
F_OK = 0x0
+ F_SEAL_EXEC = 0x20
F_SEAL_FUTURE_WRITE = 0x10
F_SEAL_GROW = 0x4
F_SEAL_SEAL = 0x1
@@ -1627,6 +1632,7 @@ const (
IP_FREEBIND = 0xf
IP_HDRINCL = 0x3
IP_IPSEC_POLICY = 0x10
+ IP_LOCAL_PORT_RANGE = 0x33
IP_MAXPACKET = 0xffff
IP_MAX_MEMBERSHIPS = 0x14
IP_MF = 0x2000
@@ -1653,6 +1659,7 @@ const (
IP_PMTUDISC_OMIT = 0x5
IP_PMTUDISC_PROBE = 0x3
IP_PMTUDISC_WANT = 0x1
+ IP_PROTOCOL = 0x34
IP_RECVERR = 0xb
IP_RECVERR_RFC4884 = 0x1a
IP_RECVFRAGSIZE = 0x19
@@ -2169,7 +2176,7 @@ const (
NFT_SECMARK_CTX_MAXLEN = 0x100
NFT_SET_MAXNAMELEN = 0x100
NFT_SOCKET_MAX = 0x3
- NFT_TABLE_F_MASK = 0x3
+ NFT_TABLE_F_MASK = 0x7
NFT_TABLE_MAXNAMELEN = 0x100
NFT_TRACETYPE_MAX = 0x3
NFT_TUNNEL_F_MASK = 0x7
@@ -2403,6 +2410,7 @@ const (
PERF_RECORD_MISC_USER = 0x2
PERF_SAMPLE_BRANCH_PLM_ALL = 0x7
PERF_SAMPLE_WEIGHT_TYPE = 0x1004000
+ PID_FS_MAGIC = 0x50494446
PIPEFS_MAGIC = 0x50495045
PPPIOCGNPMODE = 0xc008744c
PPPIOCNEWUNIT = 0xc004743e
@@ -2896,8 +2904,9 @@ const (
RWF_APPEND = 0x10
RWF_DSYNC = 0x2
RWF_HIPRI = 0x1
+ RWF_NOAPPEND = 0x20
RWF_NOWAIT = 0x8
- RWF_SUPPORTED = 0x1f
+ RWF_SUPPORTED = 0x3f
RWF_SYNC = 0x4
RWF_WRITE_LIFE_NOT_SET = 0x0
SCHED_BATCH = 0x3
@@ -2918,7 +2927,9 @@ const (
SCHED_RESET_ON_FORK = 0x40000000
SCHED_RR = 0x2
SCM_CREDENTIALS = 0x2
+ SCM_PIDFD = 0x4
SCM_RIGHTS = 0x1
+ SCM_SECURITY = 0x3
SCM_TIMESTAMP = 0x1d
SC_LOG_FLUSH = 0x100000
SECCOMP_ADDFD_FLAG_SEND = 0x2
@@ -3051,6 +3062,8 @@ const (
SIOCSMIIREG = 0x8949
SIOCSRARP = 0x8962
SIOCWANDEV = 0x894a
+ SK_DIAG_BPF_STORAGE_MAX = 0x3
+ SK_DIAG_BPF_STORAGE_REQ_MAX = 0x1
SMACK_MAGIC = 0x43415d53
SMART_AUTOSAVE = 0xd2
SMART_AUTO_OFFLINE = 0xdb
@@ -3071,6 +3084,8 @@ const (
SOCKFS_MAGIC = 0x534f434b
SOCK_BUF_LOCK_MASK = 0x3
SOCK_DCCP = 0x6
+ SOCK_DESTROY = 0x15
+ SOCK_DIAG_BY_FAMILY = 0x14
SOCK_IOC_TYPE = 0x89
SOCK_PACKET = 0xa
SOCK_RAW = 0x3
@@ -3260,6 +3275,7 @@ const (
TCP_MAX_WINSHIFT = 0xe
TCP_MD5SIG = 0xe
TCP_MD5SIG_EXT = 0x20
+ TCP_MD5SIG_FLAG_IFINDEX = 0x2
TCP_MD5SIG_FLAG_PREFIX = 0x1
TCP_MD5SIG_MAXKEYLEN = 0x50
TCP_MSS = 0x200
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
index 42ff8c3c1b0..e4bc0bd57c7 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
@@ -118,6 +118,7 @@ const (
IXOFF = 0x1000
IXON = 0x400
MAP_32BIT = 0x40
+ MAP_ABOVE4G = 0x80
MAP_ANON = 0x20
MAP_ANONYMOUS = 0x20
MAP_DENYWRITE = 0x800
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
index dca436004fa..689317afdbf 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
@@ -118,6 +118,7 @@ const (
IXOFF = 0x1000
IXON = 0x400
MAP_32BIT = 0x40
+ MAP_ABOVE4G = 0x80
MAP_ANON = 0x20
MAP_ANONYMOUS = 0x20
MAP_DENYWRITE = 0x800
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
index d8cae6d1534..14270508b04 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
@@ -87,6 +87,7 @@ const (
FICLONE = 0x40049409
FICLONERANGE = 0x4020940d
FLUSHO = 0x1000
+ FPMR_MAGIC = 0x46504d52
FPSIMD_MAGIC = 0x46508001
FS_IOC_ENABLE_VERITY = 0x40806685
FS_IOC_GETFLAGS = 0x80086601
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go
index 0036746ea19..4740b834854 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go
@@ -4605,7 +4605,7 @@ const (
NL80211_ATTR_MAC_HINT = 0xc8
NL80211_ATTR_MAC_MASK = 0xd7
NL80211_ATTR_MAX_AP_ASSOC_STA = 0xca
- NL80211_ATTR_MAX = 0x149
+ NL80211_ATTR_MAX = 0x14a
NL80211_ATTR_MAX_CRIT_PROT_DURATION = 0xb4
NL80211_ATTR_MAX_CSA_COUNTERS = 0xce
NL80211_ATTR_MAX_MATCH_SETS = 0x85
@@ -5209,7 +5209,7 @@ const (
NL80211_FREQUENCY_ATTR_GO_CONCURRENT = 0xf
NL80211_FREQUENCY_ATTR_INDOOR_ONLY = 0xe
NL80211_FREQUENCY_ATTR_IR_CONCURRENT = 0xf
- NL80211_FREQUENCY_ATTR_MAX = 0x1f
+ NL80211_FREQUENCY_ATTR_MAX = 0x20
NL80211_FREQUENCY_ATTR_MAX_TX_POWER = 0x6
NL80211_FREQUENCY_ATTR_NO_10MHZ = 0x11
NL80211_FREQUENCY_ATTR_NO_160MHZ = 0xc
@@ -5703,7 +5703,7 @@ const (
NL80211_STA_FLAG_ASSOCIATED = 0x7
NL80211_STA_FLAG_AUTHENTICATED = 0x5
NL80211_STA_FLAG_AUTHORIZED = 0x1
- NL80211_STA_FLAG_MAX = 0x7
+ NL80211_STA_FLAG_MAX = 0x8
NL80211_STA_FLAG_MAX_OLD_API = 0x6
NL80211_STA_FLAG_MFP = 0x4
NL80211_STA_FLAG_SHORT_PREAMBLE = 0x2
@@ -6001,3 +6001,34 @@ type CachestatRange struct {
Off uint64
Len uint64
}
+
+const (
+ SK_MEMINFO_RMEM_ALLOC = 0x0
+ SK_MEMINFO_RCVBUF = 0x1
+ SK_MEMINFO_WMEM_ALLOC = 0x2
+ SK_MEMINFO_SNDBUF = 0x3
+ SK_MEMINFO_FWD_ALLOC = 0x4
+ SK_MEMINFO_WMEM_QUEUED = 0x5
+ SK_MEMINFO_OPTMEM = 0x6
+ SK_MEMINFO_BACKLOG = 0x7
+ SK_MEMINFO_DROPS = 0x8
+ SK_MEMINFO_VARS = 0x9
+ SKNLGRP_NONE = 0x0
+ SKNLGRP_INET_TCP_DESTROY = 0x1
+ SKNLGRP_INET_UDP_DESTROY = 0x2
+ SKNLGRP_INET6_TCP_DESTROY = 0x3
+ SKNLGRP_INET6_UDP_DESTROY = 0x4
+ SK_DIAG_BPF_STORAGE_REQ_NONE = 0x0
+ SK_DIAG_BPF_STORAGE_REQ_MAP_FD = 0x1
+ SK_DIAG_BPF_STORAGE_REP_NONE = 0x0
+ SK_DIAG_BPF_STORAGE = 0x1
+ SK_DIAG_BPF_STORAGE_NONE = 0x0
+ SK_DIAG_BPF_STORAGE_PAD = 0x1
+ SK_DIAG_BPF_STORAGE_MAP_ID = 0x2
+ SK_DIAG_BPF_STORAGE_MAP_VALUE = 0x3
+)
+
+type SockDiagReq struct {
+ Family uint8
+ Protocol uint8
+}
diff --git a/vendor/golang.org/x/sys/windows/security_windows.go b/vendor/golang.org/x/sys/windows/security_windows.go
index 26be94a8a7b..6f7d2ac70a9 100644
--- a/vendor/golang.org/x/sys/windows/security_windows.go
+++ b/vendor/golang.org/x/sys/windows/security_windows.go
@@ -68,6 +68,7 @@ type UserInfo10 struct {
//sys NetUserGetInfo(serverName *uint16, userName *uint16, level uint32, buf **byte) (neterr error) = netapi32.NetUserGetInfo
//sys NetGetJoinInformation(server *uint16, name **uint16, bufType *uint32) (neterr error) = netapi32.NetGetJoinInformation
//sys NetApiBufferFree(buf *byte) (neterr error) = netapi32.NetApiBufferFree
+//sys NetUserEnum(serverName *uint16, level uint32, filter uint32, buf **byte, prefMaxLen uint32, entriesRead *uint32, totalEntries *uint32, resumeHandle *uint32) (neterr error) = netapi32.NetUserEnum
const (
// do not reorder
diff --git a/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/zsyscall_windows.go
index 5c6035ddfa9..9f73df75b5f 100644
--- a/vendor/golang.org/x/sys/windows/zsyscall_windows.go
+++ b/vendor/golang.org/x/sys/windows/zsyscall_windows.go
@@ -401,6 +401,7 @@ var (
procTransmitFile = modmswsock.NewProc("TransmitFile")
procNetApiBufferFree = modnetapi32.NewProc("NetApiBufferFree")
procNetGetJoinInformation = modnetapi32.NewProc("NetGetJoinInformation")
+ procNetUserEnum = modnetapi32.NewProc("NetUserEnum")
procNetUserGetInfo = modnetapi32.NewProc("NetUserGetInfo")
procNtCreateFile = modntdll.NewProc("NtCreateFile")
procNtCreateNamedPipeFile = modntdll.NewProc("NtCreateNamedPipeFile")
@@ -3486,6 +3487,14 @@ func NetGetJoinInformation(server *uint16, name **uint16, bufType *uint32) (nete
return
}
+func NetUserEnum(serverName *uint16, level uint32, filter uint32, buf **byte, prefMaxLen uint32, entriesRead *uint32, totalEntries *uint32, resumeHandle *uint32) (neterr error) {
+ r0, _, _ := syscall.Syscall9(procNetUserEnum.Addr(), 8, uintptr(unsafe.Pointer(serverName)), uintptr(level), uintptr(filter), uintptr(unsafe.Pointer(buf)), uintptr(prefMaxLen), uintptr(unsafe.Pointer(entriesRead)), uintptr(unsafe.Pointer(totalEntries)), uintptr(unsafe.Pointer(resumeHandle)), 0)
+ if r0 != 0 {
+ neterr = syscall.Errno(r0)
+ }
+ return
+}
+
func NetUserGetInfo(serverName *uint16, userName *uint16, level uint32, buf **byte) (neterr error) {
r0, _, _ := syscall.Syscall6(procNetUserGetInfo.Addr(), 4, uintptr(unsafe.Pointer(serverName)), uintptr(unsafe.Pointer(userName)), uintptr(level), uintptr(unsafe.Pointer(buf)), 0, 0)
if r0 != 0 {
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 365f558be99..be5698960af 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -102,11 +102,11 @@ github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime
github.com/Azure/azure-sdk-for-go/sdk/azcore/streaming
github.com/Azure/azure-sdk-for-go/sdk/azcore/to
github.com/Azure/azure-sdk-for-go/sdk/azcore/tracing
-# github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2
+# github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0
## explicit; go 1.18
github.com/Azure/azure-sdk-for-go/sdk/azidentity
github.com/Azure/azure-sdk-for-go/sdk/azidentity/internal
-# github.com/Azure/azure-sdk-for-go/sdk/internal v1.7.0
+# github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0
## explicit; go 1.18
github.com/Azure/azure-sdk-for-go/sdk/internal/diag
github.com/Azure/azure-sdk-for-go/sdk/internal/errorinfo
@@ -116,7 +116,7 @@ github.com/Azure/azure-sdk-for-go/sdk/internal/poller
github.com/Azure/azure-sdk-for-go/sdk/internal/telemetry
github.com/Azure/azure-sdk-for-go/sdk/internal/temporal
github.com/Azure/azure-sdk-for-go/sdk/internal/uuid
-# github.com/Azure/azure-sdk-for-go/sdk/messaging/azeventgrid v0.5.0
+# github.com/Azure/azure-sdk-for-go/sdk/messaging/azeventgrid v0.4.0
## explicit; go 1.18
github.com/Azure/azure-sdk-for-go/sdk/messaging/azeventgrid/internal
github.com/Azure/azure-sdk-for-go/sdk/messaging/azeventgrid/publisher
@@ -131,7 +131,7 @@ github.com/Azure/azure-sdk-for-go/sdk/messaging/azeventhubs/internal/exported
github.com/Azure/azure-sdk-for-go/sdk/messaging/azeventhubs/internal/sas
github.com/Azure/azure-sdk-for-go/sdk/messaging/azeventhubs/internal/sbauth
github.com/Azure/azure-sdk-for-go/sdk/messaging/azeventhubs/internal/utils
-# github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus v1.7.1
+# github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus v1.7.0
## explicit; go 1.18
github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus
github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus/admin
@@ -1595,7 +1595,7 @@ go.uber.org/zap/internal/pool
go.uber.org/zap/internal/stacktrace
go.uber.org/zap/zapcore
go.uber.org/zap/zapgrpc
-# golang.org/x/crypto v0.23.0 => golang.org/x/crypto v0.22.0
+# golang.org/x/crypto v0.24.0 => golang.org/x/crypto v0.22.0
## explicit; go 1.18
golang.org/x/crypto/argon2
golang.org/x/crypto/blake2b
@@ -1627,7 +1627,7 @@ golang.org/x/mod/internal/lazyregexp
golang.org/x/mod/modfile
golang.org/x/mod/module
golang.org/x/mod/semver
-# golang.org/x/net v0.25.0 => golang.org/x/net v0.24.0
+# golang.org/x/net v0.26.0 => golang.org/x/net v0.24.0
## explicit; go 1.18
golang.org/x/net/context
golang.org/x/net/html
@@ -1662,7 +1662,7 @@ golang.org/x/oauth2/jwt
golang.org/x/sync/errgroup
golang.org/x/sync/semaphore
golang.org/x/sync/singleflight
-# golang.org/x/sys v0.20.0
+# golang.org/x/sys v0.21.0
## explicit; go 1.18
golang.org/x/sys/cpu
golang.org/x/sys/plan9
@@ -1672,7 +1672,7 @@ golang.org/x/sys/windows/registry
# golang.org/x/term v0.19.0
## explicit; go 1.18
golang.org/x/term
-# golang.org/x/text v0.15.0 => golang.org/x/text v0.14.0
+# golang.org/x/text v0.16.0 => golang.org/x/text v0.14.0
## explicit; go 1.18
golang.org/x/text/cases
golang.org/x/text/encoding