Update dependencies

go.mod

@@ -14,7 +14,7 @@ require (
 	github.com/Masterminds/sprig/v3 v3.2.3
 	github.com/apparentlymart/go-cidr v1.1.0
 	github.com/aws/amazon-ec2-instance-selector/v2 v2.4.1
-	github.com/aws/aws-sdk-go v1.49.15
+	github.com/aws/aws-sdk-go v1.49.19
 	github.com/blang/semver/v4 v4.0.0
 	github.com/cert-manager/cert-manager v1.13.3
 	github.com/digitalocean/godo v1.107.0
@@ -48,13 +48,13 @@ require (
 	go.opentelemetry.io/otel/trace v1.21.0
 	go.opentelemetry.io/proto/otlp v1.0.0
 	go.uber.org/multierr v1.11.0
-	golang.org/x/crypto v0.17.0
+	golang.org/x/crypto v0.18.0
-	golang.org/x/exp v0.0.0-20240103183307-be819d1f06fc
+	golang.org/x/exp v0.0.0-20240110193028-0dcbfd608b1e
-	golang.org/x/net v0.19.0
+	golang.org/x/net v0.20.0
-	golang.org/x/oauth2 v0.15.0
+	golang.org/x/oauth2 v0.16.0
 	golang.org/x/sync v0.6.0
 	golang.org/x/sys v0.16.0
-	google.golang.org/api v0.155.0
+	google.golang.org/api v0.156.0
 	google.golang.org/grpc v1.60.1
 	google.golang.org/protobuf v1.32.0
 	gopkg.in/gcfg.v1 v1.2.3
@@ -68,8 +68,8 @@ require (
 	k8s.io/cloud-provider-aws v1.29.1
 	k8s.io/cloud-provider-gcp/providers v0.28.2
 	k8s.io/component-base v0.29.0
-	k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01
+	k8s.io/gengo v0.0.0-20240110203215-22eea95d1e7a
-	k8s.io/klog/v2 v2.110.1
+	k8s.io/klog/v2 v2.120.0
 	k8s.io/kubectl v0.29.0
 	k8s.io/kubelet v0.29.0
 	k8s.io/mount-utils v0.29.0
@@ -222,14 +222,14 @@ require (
 	go.opentelemetry.io/otel/metric v1.21.0 // indirect
 	go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect
 	golang.org/x/mod v0.14.0 // indirect
-	golang.org/x/term v0.15.0 // indirect
+	golang.org/x/term v0.16.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
 	golang.org/x/tools v0.16.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20231211222908-989df2bf70f3 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20231212172506-995d672761c0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20231212172506-995d672761c0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect

go.sum

@@ -78,8 +78,8 @@ github.com/atotto/clipboard v0.1.4 h1:EH0zSVneZPSuFR11BlR9YppQTVDbh5+16AmcJi4g1z
 github.com/atotto/clipboard v0.1.4/go.mod h1:ZY9tmq7sm5xIbd9bOK4onWV4S6X0u6GY7Vn0Yu86PYI=
 github.com/aws/amazon-ec2-instance-selector/v2 v2.4.1 h1:DmxtwV+pkakkVRhxKcAgnLbxCxvT7k8DBG271dfKPZ8=
 github.com/aws/amazon-ec2-instance-selector/v2 v2.4.1/go.mod h1:AEJrtkLkCkfIBIazidrVrgZqaXl+9dxI/wRgjdw+7G0=
-github.com/aws/aws-sdk-go v1.49.15 h1:aH9bSV4kL4ziH0AMtuYbukGIVebXddXBL0cKZ1zj15k=
+github.com/aws/aws-sdk-go v1.49.19 h1:oZryiqeQpeJsIcAmZlp86duMu/s/DJ43qyfwa51qmLg=
-github.com/aws/aws-sdk-go v1.49.15/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk=
+github.com/aws/aws-sdk-go v1.49.19/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
@@ -200,7 +200,6 @@ github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V
 github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
 github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=
 github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
@@ -651,11 +650,11 @@ golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
-golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
+golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc=
-golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
+golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20240103183307-be819d1f06fc h1:ao2WRsKSzW6KuUY9IWPwWahcHCgR0s52IfwutMfEbdM=
+golang.org/x/exp v0.0.0-20240110193028-0dcbfd608b1e h1:723BNChdd0c2Wk6WOE320qGBiPtYx0F0Bbm1kriShfE=
-golang.org/x/exp v0.0.0-20240103183307-be819d1f06fc/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI=
+golang.org/x/exp v0.0.0-20240110193028-0dcbfd608b1e/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
@@ -686,11 +685,11 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug
 golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c=
+golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo=
-golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U=
+golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.15.0 h1:s8pnnxNVzjWyrvYdFUQq5llS1PX2zhPXmccZv99h7uQ=
+golang.org/x/oauth2 v0.16.0 h1:aDkGMBSYxElaoP81NpoUoz2oo2R2wHdZpGToUxfyQrQ=
-golang.org/x/oauth2 v0.15.0/go.mod h1:q48ptWNTY5XWf+JNten23lcvHpLJ0ZSxF5ttTHKVCAM=
+golang.org/x/oauth2 v0.16.0/go.mod h1:hqZ+0LWXsiVoZpeld6jVt06P3adbS2Uu911W1SsJv2o=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -739,8 +738,8 @@ golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuX
 golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
-golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4=
+golang.org/x/term v0.16.0 h1:m+B6fahuftsE9qjo0VWp2FW0mB3MTJvR0BaMQrq0pmE=
-golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
+golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -772,8 +771,8 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw=
 gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
-google.golang.org/api v0.155.0 h1:vBmGhCYs0djJttDNynWo44zosHlPvHmA0XiN2zP2DtA=
+google.golang.org/api v0.156.0 h1:yloYcGbBtVYjLKQe4enCunxvwn3s2w/XPrrhVf6MsvQ=
-google.golang.org/api v0.155.0/go.mod h1:GI5qK5f40kCpHfPn6+YzGAByIKWv8ujFnmoWm7Igduk=
+google.golang.org/api v0.156.0/go.mod h1:bUSmn4KFO0Q+69zo9CNIDp4Psi6BqM0np0CbzKRSiSY=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM=
@@ -781,12 +780,12 @@ google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJ
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3 h1:1hfbdAfFbkmpg41000wDVqr7jUpK/Yo+LPnIxxGzmkg=
+google.golang.org/genproto v0.0.0-20231212172506-995d672761c0 h1:YJ5pD9rF8o9Qtta0Cmy9rdBwkSjrTCT6XTiUQVOtIos=
-google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3/go.mod h1:5RBcpGRxr25RbDzY5w+dmaqpSEvl8Gwl1x2CICf60ic=
+google.golang.org/genproto v0.0.0-20231212172506-995d672761c0/go.mod h1:l/k7rMz0vFTBPy+tFSGvXEd3z+BcoG1k7EHbqm+YBsY=
-google.golang.org/genproto/googleapis/api v0.0.0-20231211222908-989df2bf70f3 h1:EWIeHfGuUf00zrVZGEgYFxok7plSAXBGcH7NNdMAWvA=
+google.golang.org/genproto/googleapis/api v0.0.0-20231212172506-995d672761c0 h1:s1w3X6gQxwrLEpxnLd/qXTVLgQE2yXwaOaoa6IlY/+o=
-google.golang.org/genproto/googleapis/api v0.0.0-20231211222908-989df2bf70f3/go.mod h1:k2dtGpRrbsSyKcNPKKI5sstZkrNCZwpU/ns96JoHbGg=
+google.golang.org/genproto/googleapis/api v0.0.0-20231212172506-995d672761c0/go.mod h1:CAny0tYF+0/9rmDB9fahA9YLzX3+AEVl1qXbv5hhj6c=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20231212172506-995d672761c0 h1:/jFB8jK5R3Sq3i/lmeZO0cATSzFfZaJq1J2Euan3XKU=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917 h1:6G8oQ016D88m1xAKljMlBOOGWDZkes4kMhgGFlf8WcQ=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20231212172506-995d672761c0/go.mod h1:FUoWkonphQm3RhTS+kOEhF8h0iDpm4tdXolVCeZ9KKA=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917/go.mod h1:xtjpI3tXFPP051KaWnhvxkiubL/6dJ18vLVf7q2pTOU=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
@@ -861,14 +860,14 @@ k8s.io/component-helpers v0.29.0 h1:Y8W70NGeitKxWwhsPo/vEQbQx5VqJV+3xfLpP3V1VxU=
 k8s.io/component-helpers v0.29.0/go.mod h1:j2coxVfmzTOXWSE6sta0MTgNSr572Dcx68F6DD+8fWc=
 k8s.io/csi-translation-lib v0.29.0 h1:we4X1yUlDikvm5Rv0dwMuPHNw6KwjwsQiAuOPWXha8M=
 k8s.io/csi-translation-lib v0.29.0/go.mod h1:Cp6t3CNBSm1dXS17V8IImUjkqfIB6KCj8Fs8wf6uyTA=
-k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01 h1:pWEwq4Asjm4vjW7vcsmijwBhOr1/shsbSYiWXmNGlks=
+k8s.io/gengo v0.0.0-20240110203215-22eea95d1e7a h1:zCwpCC6Ghs+RstFfEJZ3arc7dLZ9z0tlmLHDXGCkINY=
-k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
+k8s.io/gengo v0.0.0-20240110203215-22eea95d1e7a/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
 k8s.io/klog v0.3.1/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
 k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
 k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I=
 k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
-k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0=
+k8s.io/klog/v2 v2.120.0 h1:z+q5mfovBj1fKFxiRzsa2DsJLPIVMk/KFL81LMOfK+8=
-k8s.io/klog/v2 v2.110.1/go.mod h1:YGtd1984u+GgbuZ7e08/yBuAfKLSO0+uR1Fhi6ExXjo=
+k8s.io/klog/v2 v2.120.0/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
 k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 h1:aVUu9fTY98ivBPKR9Y5w/AuzbMm96cd3YHRTU83I780=
 k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA=
 k8s.io/kubectl v0.29.0 h1:Oqi48gXjikDhrBF67AYuZRTcJV4lg2l42GmvsP7FmYI=

tests/e2e/go.mod

@@ -12,11 +12,11 @@ require (
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
 	github.com/octago/sflags v0.2.0
 	github.com/spf13/pflag v1.0.5
-	golang.org/x/exp v0.0.0-20240103183307-be819d1f06fc
+	golang.org/x/exp v0.0.0-20240110193028-0dcbfd608b1e
 	k8s.io/api v0.29.0
 	k8s.io/apimachinery v0.29.0
 	k8s.io/client-go v0.29.0
-	k8s.io/klog/v2 v2.110.1
+	k8s.io/klog/v2 v2.120.0
 	k8s.io/kops v1.28.2
 	k8s.io/release v0.16.4
 	sigs.k8s.io/boskos v0.0.0-20230524062849-a7ef97ee445d
@@ -25,7 +25,7 @@ require (
 )
 
 require (
-	cloud.google.com/go v0.110.10 // indirect
+	cloud.google.com/go v0.111.0 // indirect
 	cloud.google.com/go/compute v1.23.3 // indirect
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
 	cloud.google.com/go/iam v1.1.5 // indirect
@@ -65,7 +65,7 @@ require (
 	github.com/aliyun/credentials-go v1.2.3 // indirect
 	github.com/apparentlymart/go-cidr v1.1.0 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
-	github.com/aws/aws-sdk-go v1.49.15 // indirect
+	github.com/aws/aws-sdk-go v1.49.19 // indirect
 	github.com/aws/aws-sdk-go-v2 v1.18.1 // indirect
 	github.com/aws/aws-sdk-go-v2/config v1.18.27 // indirect
 	github.com/aws/aws-sdk-go-v2/credentials v1.13.26 // indirect
@@ -260,23 +260,22 @@ require (
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.24.0 // indirect
 	go4.org v0.0.0-20201209231011-d4a079459e60 // indirect
-	golang.org/x/crypto v0.17.0 // indirect
+	golang.org/x/crypto v0.18.0 // indirect
 	golang.org/x/mod v0.14.0 // indirect
-	golang.org/x/net v0.19.0 // indirect
+	golang.org/x/net v0.20.0 // indirect
-	golang.org/x/oauth2 v0.15.0 // indirect
+	golang.org/x/oauth2 v0.16.0 // indirect
 	golang.org/x/sync v0.6.0 // indirect
 	golang.org/x/sys v0.16.0 // indirect
-	golang.org/x/term v0.15.0 // indirect
+	golang.org/x/term v0.16.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
 	golang.org/x/tools v0.16.0 // indirect
 	golang.org/x/tools/go/vcs v0.1.0-deprecated // indirect
-	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
+	google.golang.org/api v0.156.0 // indirect
-	google.golang.org/api v0.155.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
-	google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3 // indirect
+	google.golang.org/genproto v0.0.0-20231212172506-995d672761c0 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20231211222908-989df2bf70f3 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20231212172506-995d672761c0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20231212172506-995d672761c0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917 // indirect
 	google.golang.org/grpc v1.60.1 // indirect
 	google.golang.org/protobuf v1.32.0 // indirect
 	gopkg.in/gcfg.v1 v1.2.3 // indirect

tests/e2e/go.sum

@@ -7,8 +7,8 @@ cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTj
 cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
 cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
 cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=
-cloud.google.com/go v0.110.10 h1:LXy9GEO+timppncPIAZoOj3l58LIU9k+kn48AN7IO3Y=
+cloud.google.com/go v0.111.0 h1:YHLKNupSD1KqjDbQ3+LVdQ81h/UJbJyZG203cEfnQgM=
-cloud.google.com/go v0.110.10/go.mod h1:v1OoFqYxiBkUrruItNM3eT4lLByNjxmJSV/xDKJNnic=
+cloud.google.com/go v0.111.0/go.mod h1:0mibmpKP1TyOOFYQY5izo0LnT+ecvOQ0Sg3OdmMiNRU=
 cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
 cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
 cloud.google.com/go/compute v1.23.3 h1:6sVlXXBmbd7jNX0Ipq0trII3e4n1/MsADLK6a+aiVlk=
@@ -167,8 +167,8 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkY
 github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
-github.com/aws/aws-sdk-go v1.49.15 h1:aH9bSV4kL4ziH0AMtuYbukGIVebXddXBL0cKZ1zj15k=
+github.com/aws/aws-sdk-go v1.49.19 h1:oZryiqeQpeJsIcAmZlp86duMu/s/DJ43qyfwa51qmLg=
-github.com/aws/aws-sdk-go v1.49.15/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk=
+github.com/aws/aws-sdk-go v1.49.19/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk=
 github.com/aws/aws-sdk-go-v2 v1.7.1/go.mod h1:L5LuPC1ZgDr2xQS7AmIec/Jlc7O/Y1u2KxJyNVab250=
 github.com/aws/aws-sdk-go-v2 v1.14.0/go.mod h1:ZA3Y8V0LrlWj63MQAnRHgKf/5QB//LSZCPNWlWrNGLU=
 github.com/aws/aws-sdk-go-v2 v1.18.1 h1:+tefE750oAb7ZQGzla6bLkOwfcQCEtC5y2RqoqCeqKo=
@@ -378,7 +378,6 @@ github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=
 github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
@@ -1098,8 +1097,8 @@ golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2Uz
 golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
 golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
-golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
+golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc=
-golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
+golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -1108,8 +1107,8 @@ golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE
 golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
-golang.org/x/exp v0.0.0-20240103183307-be819d1f06fc h1:ao2WRsKSzW6KuUY9IWPwWahcHCgR0s52IfwutMfEbdM=
+golang.org/x/exp v0.0.0-20240110193028-0dcbfd608b1e h1:723BNChdd0c2Wk6WOE320qGBiPtYx0F0Bbm1kriShfE=
-golang.org/x/exp v0.0.0-20240103183307-be819d1f06fc/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI=
+golang.org/x/exp v0.0.0-20240110193028-0dcbfd608b1e/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
@@ -1172,15 +1171,15 @@ golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
-golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c=
+golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo=
-golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U=
+golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.15.0 h1:s8pnnxNVzjWyrvYdFUQq5llS1PX2zhPXmccZv99h7uQ=
+golang.org/x/oauth2 v0.16.0 h1:aDkGMBSYxElaoP81NpoUoz2oo2R2wHdZpGToUxfyQrQ=
-golang.org/x/oauth2 v0.15.0/go.mod h1:q48ptWNTY5XWf+JNten23lcvHpLJ0ZSxF5ttTHKVCAM=
+golang.org/x/oauth2 v0.16.0/go.mod h1:hqZ+0LWXsiVoZpeld6jVt06P3adbS2Uu911W1SsJv2o=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -1259,8 +1258,8 @@ golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
 golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
 golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
-golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4=
+golang.org/x/term v0.16.0 h1:m+B6fahuftsE9qjo0VWp2FW0mB3MTJvR0BaMQrq0pmE=
-golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
+golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1339,8 +1338,8 @@ google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsb
 google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
 google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
 google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.155.0 h1:vBmGhCYs0djJttDNynWo44zosHlPvHmA0XiN2zP2DtA=
+google.golang.org/api v0.156.0 h1:yloYcGbBtVYjLKQe4enCunxvwn3s2w/XPrrhVf6MsvQ=
-google.golang.org/api v0.155.0/go.mod h1:GI5qK5f40kCpHfPn6+YzGAByIKWv8ujFnmoWm7Igduk=
+google.golang.org/api v0.156.0/go.mod h1:bUSmn4KFO0Q+69zo9CNIDp4Psi6BqM0np0CbzKRSiSY=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
@@ -1362,12 +1361,12 @@ google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvx
 google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
 google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3 h1:1hfbdAfFbkmpg41000wDVqr7jUpK/Yo+LPnIxxGzmkg=
+google.golang.org/genproto v0.0.0-20231212172506-995d672761c0 h1:YJ5pD9rF8o9Qtta0Cmy9rdBwkSjrTCT6XTiUQVOtIos=
-google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3/go.mod h1:5RBcpGRxr25RbDzY5w+dmaqpSEvl8Gwl1x2CICf60ic=
+google.golang.org/genproto v0.0.0-20231212172506-995d672761c0/go.mod h1:l/k7rMz0vFTBPy+tFSGvXEd3z+BcoG1k7EHbqm+YBsY=
-google.golang.org/genproto/googleapis/api v0.0.0-20231211222908-989df2bf70f3 h1:EWIeHfGuUf00zrVZGEgYFxok7plSAXBGcH7NNdMAWvA=
+google.golang.org/genproto/googleapis/api v0.0.0-20231212172506-995d672761c0 h1:s1w3X6gQxwrLEpxnLd/qXTVLgQE2yXwaOaoa6IlY/+o=
-google.golang.org/genproto/googleapis/api v0.0.0-20231211222908-989df2bf70f3/go.mod h1:k2dtGpRrbsSyKcNPKKI5sstZkrNCZwpU/ns96JoHbGg=
+google.golang.org/genproto/googleapis/api v0.0.0-20231212172506-995d672761c0/go.mod h1:CAny0tYF+0/9rmDB9fahA9YLzX3+AEVl1qXbv5hhj6c=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20231212172506-995d672761c0 h1:/jFB8jK5R3Sq3i/lmeZO0cATSzFfZaJq1J2Euan3XKU=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917 h1:6G8oQ016D88m1xAKljMlBOOGWDZkes4kMhgGFlf8WcQ=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20231212172506-995d672761c0/go.mod h1:FUoWkonphQm3RhTS+kOEhF8h0iDpm4tdXolVCeZ9KKA=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917/go.mod h1:xtjpI3tXFPP051KaWnhvxkiubL/6dJ18vLVf7q2pTOU=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
@@ -1454,8 +1453,8 @@ k8s.io/cloud-provider-gcp/providers v0.28.2 h1:I65pFTLNMQSj7YuW3Mg3pZIXmw0naCmF6
 k8s.io/cloud-provider-gcp/providers v0.28.2/go.mod h1:P8dxRvvLtX7xUwVUzA/QOqv8taCzBaVsVMnjnpjmYXE=
 k8s.io/component-base v0.29.0 h1:T7rjd5wvLnPBV1vC4zWd/iWRbV8Mdxs+nGaoaFzGw3s=
 k8s.io/component-base v0.29.0/go.mod h1:sADonFTQ9Zc9yFLghpDpmNXEdHyQmFIGbiuZbqAXQ1M=
-k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0=
+k8s.io/klog/v2 v2.120.0 h1:z+q5mfovBj1fKFxiRzsa2DsJLPIVMk/KFL81LMOfK+8=
-k8s.io/klog/v2 v2.110.1/go.mod h1:YGtd1984u+GgbuZ7e08/yBuAfKLSO0+uR1Fhi6ExXjo=
+k8s.io/klog/v2 v2.120.0/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
 k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 h1:aVUu9fTY98ivBPKR9Y5w/AuzbMm96cd3YHRTU83I780=
 k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA=
 k8s.io/release v0.16.4 h1:IKcLV5Ag4jz52jv+pVdNKRE/4Q6TtRceMbRiDJkWAQc=

vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/token_provider.go

@@ -2,6 +2,7 @@ package ec2metadata
 
 import (
 	"fmt"
+	"github.com/aws/aws-sdk-go/aws"
 	"net/http"
 	"sync/atomic"
 	"time"
@@ -65,7 +66,9 @@ func (t *tokenProvider) fetchTokenHandler(r *request.Request) {
 			switch requestFailureError.StatusCode() {
 			case http.StatusForbidden, http.StatusNotFound, http.StatusMethodNotAllowed:
 				atomic.StoreUint32(&t.disabled, 1)
-				t.client.Config.Logger.Log(fmt.Sprintf("WARN: failed to get session token, falling back to IMDSv1: %v", requestFailureError))
+				if t.client.Config.LogLevel.Matches(aws.LogDebugWithDeprecated) {
+					t.client.Config.Logger.Log(fmt.Sprintf("WARN: failed to get session token, falling back to IMDSv1: %v", requestFailureError))
+				}
 			case http.StatusBadRequest:
 				r.Error = requestFailureError
 			}

vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go

@@ -27584,21 +27584,81 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "eu-west-3",
 				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "securitylake-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "securitylake-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "securitylake-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "securitylake-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
 				endpointKey{
 					Region: "sa-east-1",
 				}: endpoint{},
 				endpointKey{
 					Region: "us-east-1",
 				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "securitylake-fips.us-east-1.amazonaws.com",
+				},
 				endpointKey{
 					Region: "us-east-2",
 				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "securitylake-fips.us-east-2.amazonaws.com",
+				},
 				endpointKey{
 					Region: "us-west-1",
 				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "securitylake-fips.us-west-1.amazonaws.com",
+				},
 				endpointKey{
 					Region: "us-west-2",
 				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "securitylake-fips.us-west-2.amazonaws.com",
+				},
 			},
 		},
 		"serverlessrepo": service{
@@ -43638,6 +43698,19 @@ var awsisoPartition = partition{
 				}: endpoint{},
 			},
 		},
+		"guardduty": service{
+			IsRegionalized: boxedTrue,
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+			},
+		},
 		"health": service{
 			Endpoints: serviceEndpoints{
 				endpointKey{

vendor/github.com/aws/aws-sdk-go/aws/version.go

@@ -5,4 +5,4 @@ package aws
 const SDKName = "aws-sdk-go"
 
 // SDKVersion is the version of this SDK
-const SDKVersion = "1.49.15"
+const SDKVersion = "1.49.19"

vendor/github.com/aws/aws-sdk-go/service/ec2/api.go

@@ -35610,6 +35610,10 @@ func (c *EC2) DetachVolumeRequest(input *DetachVolumeInput) (req *request.Reques
 // When a volume with an Amazon Web Services Marketplace product code is detached
 // from an instance, the product code is no longer associated with the instance.
 //
+// You can't detach or force detach volumes that are attached to Amazon ECS
+// or Fargate tasks. Attempting to do this results in the UnsupportedOperationException
+// exception with the Unable to detach volume attached to ECS tasks error message.
+//
 // For more information, see Detach an Amazon EBS volume (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-detaching-volume.html)
 // in the Amazon Elastic Compute Cloud User Guide.
 //
@@ -91802,10 +91806,9 @@ type DescribeCapacityBlockOfferingsInput struct {
 	// InstanceType is a required field
 	InstanceType *string `type:"string" required:"true"`
 
-	// The maximum number of results to return for the request in a single page.
+	// The maximum number of items to return for this request. To get the next page
-	// The remaining results can be seen by sending another request with the returned
+	// of items, make another request with the token returned in the output. For
-	// nextToken value. This value can be between 5 and 500. If maxResults is given
+	// more information, see Pagination (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination).
-	// a larger value than 500, you receive an error.
 	MaxResults *int64 `min:"1" type:"integer"`
 
 	// The token to use to retrieve the next page of results.
@@ -91970,10 +91973,9 @@ type DescribeCapacityReservationFleetsInput struct {
 	//    prioritized is supported.
 	Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"`
 
-	// The maximum number of results to return for the request in a single page.
+	// The maximum number of items to return for this request. To get the next page
-	// The remaining results can be seen by sending another request with the returned
+	// of items, make another request with the token returned in the output. For
-	// nextToken value. This value can be between 5 and 500. If maxResults is given
+	// more information, see Pagination (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination).
-	// a larger value than 500, you receive an error.
 	MaxResults *int64 `min:"1" type:"integer"`
 
 	// The token to use to retrieve the next page of results.
@@ -92157,10 +92159,9 @@ type DescribeCapacityReservationsInput struct {
 	//    the Capacity Reservation was created.
 	Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"`
 
-	// The maximum number of results to return for the request in a single page.
+	// The maximum number of items to return for this request. To get the next page
-	// The remaining results can be seen by sending another request with the returned
+	// of items, make another request with the token returned in the output. For
-	// nextToken value. This value can be between 5 and 500. If maxResults is given
+	// more information, see Pagination (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination).
-	// a larger value than 500, you receive an error.
 	MaxResults *int64 `min:"1" type:"integer"`
 
 	// The token to use to retrieve the next page of results.
@@ -117035,6 +117036,9 @@ func (s *EbsInfo) SetNvmeSupport(v string) *EbsInfo {
 type EbsInstanceBlockDevice struct {
 	_ struct{} `type:"structure"`
 
+	// The ARN of the Amazon ECS or Fargate task to which the volume is attached.
+	AssociatedResource *string `locationName:"associatedResource" type:"string"`
+
 	// The time stamp when the attachment initiated.
 	AttachTime *time.Time `locationName:"attachTime" type:"timestamp"`
 
@@ -117046,6 +117050,12 @@ type EbsInstanceBlockDevice struct {
 
 	// The ID of the EBS volume.
 	VolumeId *string `locationName:"volumeId" type:"string"`
+
+	// The ID of the Amazon Web Services account that owns the volume.
+	//
+	// This parameter is returned only for volumes that are attached to Fargate
+	// tasks.
+	VolumeOwnerId *string `locationName:"volumeOwnerId" type:"string"`
 }
 
 // String returns the string representation.
@@ -117066,6 +117076,12 @@ func (s EbsInstanceBlockDevice) GoString() string {
 	return s.String()
 }
 
+// SetAssociatedResource sets the AssociatedResource field's value.
+func (s *EbsInstanceBlockDevice) SetAssociatedResource(v string) *EbsInstanceBlockDevice {
+	s.AssociatedResource = &v
+	return s
+}
+
 // SetAttachTime sets the AttachTime field's value.
 func (s *EbsInstanceBlockDevice) SetAttachTime(v time.Time) *EbsInstanceBlockDevice {
 	s.AttachTime = &v
@@ -117090,6 +117106,12 @@ func (s *EbsInstanceBlockDevice) SetVolumeId(v string) *EbsInstanceBlockDevice {
 	return s
 }
 
+// SetVolumeOwnerId sets the VolumeOwnerId field's value.
+func (s *EbsInstanceBlockDevice) SetVolumeOwnerId(v string) *EbsInstanceBlockDevice {
+	s.VolumeOwnerId = &v
+	return s
+}
+
 // Describes information used to set up an EBS volume specified in a block device
 // mapping.
 type EbsInstanceBlockDeviceSpecification struct {
@@ -119410,6 +119432,8 @@ type EnableSnapshotBlockPublicAccessInput struct {
 	//    public sharing. However, snapshots that are already publicly shared, remain
 	//    publicly available.
 	//
+	// unblocked is not a valid value for EnableSnapshotBlockPublicAccess.
+	//
 	// State is a required field
 	State *string `type:"string" required:"true" enum:"SnapshotBlockPublicAccessState"`
 }
@@ -124312,12 +124336,9 @@ type GetCapacityReservationUsageInput struct {
 	// it is UnauthorizedOperation.
 	DryRun *bool `type:"boolean"`
 
-	// The maximum number of results to return for the request in a single page.
+	// The maximum number of items to return for this request. To get the next page
-	// The remaining results can be seen by sending another request with the returned
+	// of items, make another request with the token returned in the output. For
-	// nextToken value. This value can be between 5 and 500. If maxResults is given
+	// more information, see Pagination (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination).
-	// a larger value than 500, you receive an error.
-	//
-	// Valid range: Minimum value of 1. Maximum value of 1000.
 	MaxResults *int64 `min:"1" type:"integer"`
 
 	// The token to use to retrieve the next page of results.
@@ -125239,10 +125260,9 @@ type GetGroupsForCapacityReservationInput struct {
 	// it is UnauthorizedOperation.
 	DryRun *bool `type:"boolean"`
 
-	// The maximum number of results to return for the request in a single page.
+	// The maximum number of items to return for this request. To get the next page
-	// The remaining results can be seen by sending another request with the returned
+	// of items, make another request with the token returned in the output. For
-	// nextToken value. This value can be between 5 and 500. If maxResults is given
+	// more information, see Pagination (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination).
-	// a larger value than 500, you receive an error.
 	MaxResults *int64 `min:"1" type:"integer"`
 
 	// The token to use to retrieve the next page of results.
@@ -128047,8 +128067,6 @@ type GetSpotPlacementScoresInput struct {
 	TargetCapacity *int64 `min:"1" type:"integer" required:"true"`
 
 	// The unit for the target capacity.
-	//
-	// Default: units (translates to number of instances)
 	TargetCapacityUnitType *string `type:"string" enum:"TargetCapacityUnitType"`
 }
 
@@ -135206,22 +135224,21 @@ type InstanceMetadataOptionsRequest struct {
 	// Possible values: Integers from 1 to 64
 	HttpPutResponseHopLimit *int64 `type:"integer"`
 
-	// IMDSv2 uses token-backed sessions. Set the use of HTTP tokens to optional
+	// Indicates whether IMDSv2 is required.
-	// (in other words, set the use of IMDSv2 to optional) or required (in other
-	// words, set the use of IMDSv2 to required).
 	//
-	//    * optional - When IMDSv2 is optional, you can choose to retrieve instance
+	//    * optional - IMDSv2 is optional. You can choose whether to send a session
-	//    metadata with or without a session token in your request. If you retrieve
+	//    token in your instance metadata retrieval requests. If you retrieve IAM
-	//    the IAM role credentials without a token, the IMDSv1 role credentials
+	//    role credentials without a session token, you receive the IMDSv1 role
-	//    are returned. If you retrieve the IAM role credentials using a valid session
+	//    credentials. If you retrieve IAM role credentials using a valid session
-	//    token, the IMDSv2 role credentials are returned.
+	//    token, you receive the IMDSv2 role credentials.
 	//
-	//    * required - When IMDSv2 is required, you must send a session token with
+	//    * required - IMDSv2 is required. You must send a session token in your
-	//    any instance metadata retrieval requests. In this state, retrieving the
+	//    instance metadata retrieval requests. With this option, retrieving the
 	//    IAM role credentials always returns IMDSv2 credentials; IMDSv1 credentials
 	//    are not available.
 	//
-	// Default: optional
+	// Default: If the value of ImdsSupport for the Amazon Machine Image (AMI) for
+	// your instance is v2.0, the default is required.
 	HttpTokens *string `type:"string" enum:"HttpTokensState"`
 
 	// Set to enabled to allow access to instance tags from the instance metadata.
@@ -135303,22 +135320,18 @@ type InstanceMetadataOptionsResponse struct {
 	// Possible values: Integers from 1 to 64
 	HttpPutResponseHopLimit *int64 `locationName:"httpPutResponseHopLimit" type:"integer"`
 
-	// IMDSv2 uses token-backed sessions. Indicates whether the use of HTTP tokens
+	// Indicates whether IMDSv2 is required.
-	// is optional (in other words, indicates whether the use of IMDSv2 is optional)
-	// or required (in other words, indicates whether the use of IMDSv2 is required).
 	//
-	//    * optional - When IMDSv2 is optional, you can choose to retrieve instance
+	//    * optional - IMDSv2 is optional. You can choose whether to send a session
-	//    metadata with or without a session token in your request. If you retrieve
+	//    token in your instance metadata retrieval requests. If you retrieve IAM
-	//    the IAM role credentials without a token, the IMDSv1 role credentials
+	//    role credentials without a session token, you receive the IMDSv1 role
-	//    are returned. If you retrieve the IAM role credentials using a valid session
+	//    credentials. If you retrieve IAM role credentials using a valid session
-	//    token, the IMDSv2 role credentials are returned.
+	//    token, you receive the IMDSv2 role credentials.
 	//
-	//    * required - When IMDSv2 is required, you must send a session token with
+	//    * required - IMDSv2 is required. You must send a session token in your
-	//    any instance metadata retrieval requests. In this state, retrieving the
+	//    instance metadata retrieval requests. With this option, retrieving the
 	//    IAM role credentials always returns IMDSv2 credentials; IMDSv1 credentials
 	//    are not available.
-	//
-	// Default: optional
 	HttpTokens *string `locationName:"httpTokens" type:"string" enum:"HttpTokensState"`
 
 	// Indicates whether access to instance tags from the instance metadata is enabled
@@ -148257,7 +148270,8 @@ type ModifyInstanceAttributeInput struct {
 	// Modifies the DeleteOnTermination attribute for volumes that are currently
 	// attached. The volume must be owned by the caller. If no value is specified
 	// for DeleteOnTermination, the default is true and the volume is deleted when
-	// the instance is terminated.
+	// the instance is terminated. You can't modify the DeleteOnTermination attribute
+	// for volumes that are attached to Fargate tasks.
 	//
 	// To add instance store volumes to an Amazon EBS-backed instance, you must
 	// add them when you launch the instance. For more information, see Update the
@@ -149117,22 +149131,21 @@ type ModifyInstanceMetadataOptionsInput struct {
 	// Possible values: Integers from 1 to 64
 	HttpPutResponseHopLimit *int64 `type:"integer"`
 
-	// IMDSv2 uses token-backed sessions. Set the use of HTTP tokens to optional
+	// Indicates whether IMDSv2 is required.
-	// (in other words, set the use of IMDSv2 to optional) or required (in other
-	// words, set the use of IMDSv2 to required).
 	//
-	//    * optional - When IMDSv2 is optional, you can choose to retrieve instance
+	//    * optional - IMDSv2 is optional. You can choose whether to send a session
-	//    metadata with or without a session token in your request. If you retrieve
+	//    token in your instance metadata retrieval requests. If you retrieve IAM
-	//    the IAM role credentials without a token, the IMDSv1 role credentials
+	//    role credentials without a session token, you receive the IMDSv1 role
-	//    are returned. If you retrieve the IAM role credentials using a valid session
+	//    credentials. If you retrieve IAM role credentials using a valid session
-	//    token, the IMDSv2 role credentials are returned.
+	//    token, you receive the IMDSv2 role credentials.
 	//
-	//    * required - When IMDSv2 is required, you must send a session token with
+	//    * required - IMDSv2 is required. You must send a session token in your
-	//    any instance metadata retrieval requests. In this state, retrieving the
+	//    instance metadata retrieval requests. With this option, retrieving the
 	//    IAM role credentials always returns IMDSv2 credentials; IMDSv1 credentials
 	//    are not available.
 	//
-	// Default: optional
+	// Default: If the value of ImdsSupport for the Amazon Machine Image (AMI) for
+	// your instance is v2.0, the default is required.
 	HttpTokens *string `type:"string" enum:"HttpTokensState"`
 
 	// The ID of the instance.
@@ -172348,6 +172361,11 @@ type ScheduledInstancesNetworkInterface struct {
 	// for eth0, and can only be assigned to a new network interface, not an existing
 	// one. You cannot specify more than one network interface in the request. If
 	// launching into a default subnet, the default value is true.
+	//
+	// Starting on February 1, 2024, Amazon Web Services will charge for all public
+	// IPv4 addresses, including public IPv4 addresses associated with running instances
+	// and Elastic IP addresses. For more information, see the Public IPv4 Address
+	// tab on the Amazon VPC pricing page (http://aws.amazon.com/vpc/pricing/).
 	AssociatePublicIpAddress *bool `type:"boolean"`
 
 	// Indicates whether to delete the interface when the instance is terminated.
@@ -175740,10 +175758,10 @@ type SpotFleetRequestConfigData struct {
 	// TargetCapacity is a required field
 	TargetCapacity *int64 `locationName:"targetCapacity" type:"integer" required:"true"`
 
-	// The unit for the target capacity. TargetCapacityUnitType can only be specified
+	// The unit for the target capacity. You can specify this parameter only when
-	// when InstanceRequirements is specified.
+	// using attribute-based instance type selection.
 	//
-	// Default: units (translates to number of instances)
+	// Default: units (the number of instances)
 	TargetCapacityUnitType *string `locationName:"targetCapacityUnitType" type:"string" enum:"TargetCapacityUnitType"`
 
 	// Indicates whether running Spot Instances are terminated when the Spot Fleet
@@ -177618,8 +177636,8 @@ type StateReason struct {
 	//    the Spot price exceeded available capacity or because of an increase in
 	//    the Spot price.
 	//
-	//    * Client.InstanceInitiatedShutdown: The instance was shut down using the
+	//    * Client.InstanceInitiatedShutdown: The instance was shut down from the
-	//    shutdown -h command from the instance.
+	//    operating system of the instance.
 	//
 	//    * Client.InstanceTerminated: The instance was terminated or rebooted during
 	//    AMI creation.
@@ -178755,7 +178773,7 @@ func (s *TagSpecification) SetTags(v []*Tag) *TagSpecification {
 type TargetCapacitySpecification struct {
 	_ struct{} `type:"structure"`
 
-	// The default TotalTargetCapacity, which is either Spot or On-Demand.
+	// The default target capacity type.
 	DefaultTargetCapacityType *string `locationName:"defaultTargetCapacityType" type:"string" enum:"DefaultTargetCapacityType"`
 
 	// The number of On-Demand units to request. If you specify a target capacity
@@ -178766,13 +178784,10 @@ type TargetCapacitySpecification struct {
 	// for On-Demand units, you cannot specify a target capacity for Spot units.
 	SpotTargetCapacity *int64 `locationName:"spotTargetCapacity" type:"integer"`
 
-	// The unit for the target capacity. TargetCapacityUnitType can only be specified
+	// The unit for the target capacity.
-	// when InstanceRequirements is specified.
-	//
-	// Default: units (translates to number of instances)
 	TargetCapacityUnitType *string `locationName:"targetCapacityUnitType" type:"string" enum:"TargetCapacityUnitType"`
 
-	// The number of units to request, filled using DefaultTargetCapacityType.
+	// The number of units to request, filled the default target capacity type.
 	TotalTargetCapacity *int64 `locationName:"totalTargetCapacity" type:"integer"`
 }
 
@@ -178836,13 +178851,13 @@ func (s *TargetCapacitySpecification) SetTotalTargetCapacity(v int64) *TargetCap
 // On-Demand Instances and Spot Instances in your request, EC2 Fleet will launch
 // instances until it reaches the maximum amount that you're willing to pay.
 // When the maximum amount you're willing to pay is reached, the fleet stops
-// launching instances even if it hasn’t met the target capacity. The MaxTotalPrice
+// launching instances even if it hasn't met the target capacity. The MaxTotalPrice
 // parameters are located in OnDemandOptionsRequest (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_OnDemandOptionsRequest)
 // and SpotOptionsRequest (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_SpotOptionsRequest).
 type TargetCapacitySpecificationRequest struct {
 	_ struct{} `type:"structure"`
 
-	// The default TotalTargetCapacity, which is either Spot or On-Demand.
+	// The default target capacity type.
 	DefaultTargetCapacityType *string `type:"string" enum:"DefaultTargetCapacityType"`
 
 	// The number of On-Demand units to request.
@@ -178851,13 +178866,14 @@ type TargetCapacitySpecificationRequest struct {
 	// The number of Spot units to request.
 	SpotTargetCapacity *int64 `type:"integer"`
 
-	// The unit for the target capacity. TargetCapacityUnitType can only be specified
+	// The unit for the target capacity. You can specify this parameter only when
-	// when InstanceRequirements is specified.
+	// using attributed-based instance type selection.
 	//
-	// Default: units (translates to number of instances)
+	// Default: units (the number of instances)
 	TargetCapacityUnitType *string `type:"string" enum:"TargetCapacityUnitType"`
 
-	// The number of units to request, filled using DefaultTargetCapacityType.
+	// The number of units to request, filled using the default target capacity
+	// type.
 	//
 	// TotalTargetCapacity is a required field
 	TotalTargetCapacity *int64 `type:"integer" required:"true"`
@@ -186470,6 +186486,9 @@ func (s *Volume) SetVolumeType(v string) *Volume {
 type VolumeAttachment struct {
 	_ struct{} `type:"structure"`
 
+	// The ARN of the Amazon ECS or Fargate task to which the volume is attached.
+	AssociatedResource *string `locationName:"associatedResource" type:"string"`
+
 	// The time stamp when the attachment initiated.
 	AttachTime *time.Time `locationName:"attachTime" type:"timestamp"`
 
@@ -186477,11 +186496,22 @@ type VolumeAttachment struct {
 	DeleteOnTermination *bool `locationName:"deleteOnTermination" type:"boolean"`
 
 	// The device name.
+	//
+	// If the volume is attached to a Fargate task, this parameter returns null.
 	Device *string `locationName:"device" type:"string"`
 
 	// The ID of the instance.
+	//
+	// If the volume is attached to a Fargate task, this parameter returns null.
 	InstanceId *string `locationName:"instanceId" type:"string"`
 
+	// The service principal of Amazon Web Services service that owns the underlying
+	// instance to which the volume is attached.
+	//
+	// This parameter is returned only for volumes that are attached to Fargate
+	// tasks.
+	InstanceOwningService *string `locationName:"instanceOwningService" type:"string"`
+
 	// The attachment state of the volume.
 	State *string `locationName:"status" type:"string" enum:"VolumeAttachmentState"`
 
@@ -186507,6 +186537,12 @@ func (s VolumeAttachment) GoString() string {
 	return s.String()
 }
 
+// SetAssociatedResource sets the AssociatedResource field's value.
+func (s *VolumeAttachment) SetAssociatedResource(v string) *VolumeAttachment {
+	s.AssociatedResource = &v
+	return s
+}
+
 // SetAttachTime sets the AttachTime field's value.
 func (s *VolumeAttachment) SetAttachTime(v time.Time) *VolumeAttachment {
 	s.AttachTime = &v
@@ -186531,6 +186567,12 @@ func (s *VolumeAttachment) SetInstanceId(v string) *VolumeAttachment {
 	return s
 }
 
+// SetInstanceOwningService sets the InstanceOwningService field's value.
+func (s *VolumeAttachment) SetInstanceOwningService(v string) *VolumeAttachment {
+	s.InstanceOwningService = &v
+	return s
+}
+
 // SetState sets the State field's value.
 func (s *VolumeAttachment) SetState(v string) *VolumeAttachment {
 	s.State = &v
@@ -194445,6 +194487,12 @@ const (
 
 	// InstanceTypeR7iMetal48xl is a InstanceType enum value
 	InstanceTypeR7iMetal48xl = "r7i.metal-48xl"
+
+	// InstanceTypeR7izMetal16xl is a InstanceType enum value
+	InstanceTypeR7izMetal16xl = "r7iz.metal-16xl"
+
+	// InstanceTypeR7izMetal32xl is a InstanceType enum value
+	InstanceTypeR7izMetal32xl = "r7iz.metal-32xl"
 )
 
 // InstanceType_Values returns all elements of the InstanceType enum
@@ -195231,6 +195279,8 @@ func InstanceType_Values() []string {
 		InstanceTypeM7iMetal48xl,
 		InstanceTypeR7iMetal24xl,
 		InstanceTypeR7iMetal48xl,
+		InstanceTypeR7izMetal16xl,
+		InstanceTypeR7izMetal32xl,
 	}
 }
 

vendor/github.com/aws/aws-sdk-go/service/eventbridge/api.go

@@ -5425,6 +5425,60 @@ func (s *ApiDestination) SetName(v string) *ApiDestination {
 	return s
 }
 
+// Contains the GraphQL operation to be parsed and executed, if the event target
+// is an AppSync API.
+type AppSyncParameters struct {
+	_ struct{} `type:"structure"`
+
+	// The GraphQL operation; that is, the query, mutation, or subscription to be
+	// parsed and executed by the GraphQL service.
+	//
+	// For more information, see Operations (https://docs.aws.amazon.com/appsync/latest/devguide/graphql-architecture.html#graphql-operations)
+	// in the AppSync User Guide.
+	//
+	// GraphQLOperation is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by AppSyncParameters's
+	// String and GoString methods.
+	GraphQLOperation *string `min:"1" type:"string" sensitive:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AppSyncParameters) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AppSyncParameters) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *AppSyncParameters) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "AppSyncParameters"}
+	if s.GraphQLOperation != nil && len(*s.GraphQLOperation) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("GraphQLOperation", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetGraphQLOperation sets the GraphQLOperation field's value.
+func (s *AppSyncParameters) SetGraphQLOperation(v string) *AppSyncParameters {
+	s.GraphQLOperation = &v
+	return s
+}
+
 // An Archive object that contains details about an archive.
 type Archive struct {
 	_ struct{} `type:"structure"`
@@ -14324,29 +14378,7 @@ type PutRuleInput struct {
 	// The scheduling expression. For example, "cron(0 20 * * ? *)" or "rate(5 minutes)".
 	ScheduleExpression *string `type:"string"`
 
-	// The state of the rule.
+	// Indicates whether the rule is enabled or disabled.
-	//
-	// Valid values include:
-	//
-	//    * DISABLED: The rule is disabled. EventBridge does not match any events
-	//    against the rule.
-	//
-	//    * ENABLED: The rule is enabled. EventBridge matches events against the
-	//    rule, except for Amazon Web Services management events delivered through
-	//    CloudTrail.
-	//
-	//    * ENABLED_WITH_ALL_CLOUDTRAIL_MANAGEMENT_EVENTS: The rule is enabled for
-	//    all events, including Amazon Web Services management events delivered
-	//    through CloudTrail. Management events provide visibility into management
-	//    operations that are performed on resources in your Amazon Web Services
-	//    account. These are also known as control plane operations. For more information,
-	//    see Logging management events (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html#logging-management-events)
-	//    in the CloudTrail User Guide, and Filtering management events from Amazon
-	//    Web Services services (https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-service-event.html#eb-service-event-cloudtrail)
-	//    in the Amazon EventBridge User Guide. This value is only valid for rules
-	//    on the default (https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-what-is-how-it-works-concepts.html#eb-bus-concepts-buses)
-	//    event bus or custom event buses (https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-create-event-bus.html).
-	//    It does not apply to partner event buses (https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-saas.html).
 	State *string `type:"string" enum:"RuleState"`
 
 	// The list of key-value pairs to associate with the rule.
@@ -15545,28 +15577,6 @@ type Rule struct {
 	ScheduleExpression *string `type:"string"`
 
 	// The state of the rule.
-	//
-	// Valid values include:
-	//
-	//    * DISABLED: The rule is disabled. EventBridge does not match any events
-	//    against the rule.
-	//
-	//    * ENABLED: The rule is enabled. EventBridge matches events against the
-	//    rule, except for Amazon Web Services management events delivered through
-	//    CloudTrail.
-	//
-	//    * ENABLED_WITH_ALL_CLOUDTRAIL_MANAGEMENT_EVENTS: The rule is enabled for
-	//    all events, including Amazon Web Services management events delivered
-	//    through CloudTrail. Management events provide visibility into management
-	//    operations that are performed on resources in your Amazon Web Services
-	//    account. These are also known as control plane operations. For more information,
-	//    see Logging management events (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html#logging-management-events)
-	//    in the CloudTrail User Guide, and Filtering management events from Amazon
-	//    Web Services services (https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-service-event.html#eb-service-event-cloudtrail)
-	//    in the Amazon EventBridge User Guide. This value is only valid for rules
-	//    on the default (https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-what-is-how-it-works-concepts.html#eb-bus-concepts-buses)
-	//    event bus or custom event buses (https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-create-event-bus.html).
-	//    It does not apply to partner event buses (https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-saas.html).
 	State *string `type:"string" enum:"RuleState"`
 }
 
@@ -16334,6 +16344,10 @@ func (s TagResourceOutput) GoString() string {
 type Target struct {
 	_ struct{} `type:"structure"`
 
+	// Contains the GraphQL operation to be parsed and executed, if the event target
+	// is an AppSync API.
+	AppSyncParameters *AppSyncParameters `type:"structure"`
+
 	// The Amazon Resource Name (ARN) of the target.
 	//
 	// Arn is a required field
@@ -16463,6 +16477,11 @@ func (s *Target) Validate() error {
 	if s.RoleArn != nil && len(*s.RoleArn) < 1 {
 		invalidParams.Add(request.NewErrParamMinLen("RoleArn", 1))
 	}
+	if s.AppSyncParameters != nil {
+		if err := s.AppSyncParameters.Validate(); err != nil {
+			invalidParams.AddNested("AppSyncParameters", err.(request.ErrInvalidParams))
+		}
+	}
 	if s.BatchParameters != nil {
 		if err := s.BatchParameters.Validate(); err != nil {
 			invalidParams.AddNested("BatchParameters", err.(request.ErrInvalidParams))
@@ -16515,6 +16534,12 @@ func (s *Target) Validate() error {
 	return nil
 }
 
+// SetAppSyncParameters sets the AppSyncParameters field's value.
+func (s *Target) SetAppSyncParameters(v *AppSyncParameters) *Target {
+	s.AppSyncParameters = v
+	return s
+}
+
 // SetArn sets the Arn field's value.
 func (s *Target) SetArn(v string) *Target {
 	s.Arn = &v

vendor/github.com/aws/aws-sdk-go/service/kms/api.go

@@ -762,15 +762,14 @@ func (c *KMS) CreateCustomKeyStoreRequest(input *CreateCustomKeyStoreInput) (req
 //
 //   - XksProxyUriInUseException
 //     The request was rejected because the concatenation of the XksProxyUriEndpoint
-//     and XksProxyUriPath is already associated with an external key store in the
+//     and XksProxyUriPath is already associated with another external key store
-//     Amazon Web Services account and Region. Each external key store in an account
+//     in this Amazon Web Services Region. Each external key store in a Region must
-//     and Region must use a unique external key store proxy API address.
+//     use a unique external key store proxy API address.
 //
 //   - XksProxyUriEndpointInUseException
-//     The request was rejected because the concatenation of the XksProxyUriEndpoint
+//     The request was rejected because the XksProxyUriEndpoint is already associated
-//     is already associated with an external key store in the Amazon Web Services
+//     with another external key store in this Amazon Web Services Region. To identify
-//     account and Region. Each external key store in an account and Region must
+//     the cause, see the error message that accompanies the exception.
-//     use a unique external key store proxy address.
 //
 //   - XksProxyUriUnreachableException
 //     KMS was unable to reach the specified XksProxyUriPath. The path must be reachable
@@ -789,9 +788,9 @@ func (c *KMS) CreateCustomKeyStoreRequest(input *CreateCustomKeyStoreInput) (req
 //
 //   - XksProxyVpcEndpointServiceInUseException
 //     The request was rejected because the specified Amazon VPC endpoint service
-//     is already associated with an external key store in the Amazon Web Services
+//     is already associated with another external key store in this Amazon Web
-//     account and Region. Each external key store in an Amazon Web Services account
+//     Services Region. Each external key store in a Region must use a different
-//     and Region must use a different Amazon VPC endpoint service.
+//     Amazon VPC endpoint service.
 //
 //   - XksProxyVpcEndpointServiceNotFoundException
 //     The request was rejected because KMS could not find the specified VPC endpoint
@@ -802,8 +801,9 @@ func (c *KMS) CreateCustomKeyStoreRequest(input *CreateCustomKeyStoreInput) (req
 //
 //   - XksProxyVpcEndpointServiceInvalidConfigurationException
 //     The request was rejected because the Amazon VPC endpoint service configuration
-//     does not fulfill the requirements for an external key store proxy. For details,
+//     does not fulfill the requirements for an external key store. To identify
-//     see the exception message and review the requirements (https://docs.aws.amazon.com/kms/latest/developerguide/vpc-connectivity.html#xks-vpc-requirements)
+//     the cause, see the error message that accompanies the exception and review
+//     the requirements (https://docs.aws.amazon.com/kms/latest/developerguide/vpc-connectivity.html#xks-vpc-requirements)
 //     for Amazon VPC endpoint service connectivity for an external key store.
 //
 //   - XksProxyInvalidResponseException
@@ -813,9 +813,9 @@ func (c *KMS) CreateCustomKeyStoreRequest(input *CreateCustomKeyStoreInput) (req
 //     to the proxy vendor.
 //
 //   - XksProxyInvalidConfigurationException
-//     The request was rejected because the Amazon VPC endpoint service configuration
+//     The request was rejected because the external key store proxy is not configured
-//     does not fulfill the requirements for an external key store proxy. For details,
+//     correctly. To identify the cause, see the error message that accompanies
-//     see the exception message.
+//     the exception.
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateCustomKeyStore
 func (c *KMS) CreateCustomKeyStore(input *CreateCustomKeyStoreInput) (*CreateCustomKeyStoreOutput, error) {
@@ -1347,8 +1347,8 @@ func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, out
 //
 //   - XksKeyAlreadyInUseException
 //     The request was rejected because the (XksKeyId) is already associated with
-//     a KMS key in this external key store. Each KMS key in an external key store
+//     another KMS key in this external key store. Each KMS key in an external key
-//     must be associated with a different external key.
+//     store must be associated with a different external key.
 //
 //   - XksKeyNotFoundException
 //     The request was rejected because the external key store proxy could not find
@@ -8495,15 +8495,14 @@ func (c *KMS) UpdateCustomKeyStoreRequest(input *UpdateCustomKeyStoreInput) (req
 //
 //   - XksProxyUriInUseException
 //     The request was rejected because the concatenation of the XksProxyUriEndpoint
-//     and XksProxyUriPath is already associated with an external key store in the
+//     and XksProxyUriPath is already associated with another external key store
-//     Amazon Web Services account and Region. Each external key store in an account
+//     in this Amazon Web Services Region. Each external key store in a Region must
-//     and Region must use a unique external key store proxy API address.
+//     use a unique external key store proxy API address.
 //
 //   - XksProxyUriEndpointInUseException
-//     The request was rejected because the concatenation of the XksProxyUriEndpoint
+//     The request was rejected because the XksProxyUriEndpoint is already associated
-//     is already associated with an external key store in the Amazon Web Services
+//     with another external key store in this Amazon Web Services Region. To identify
-//     account and Region. Each external key store in an account and Region must
+//     the cause, see the error message that accompanies the exception.
-//     use a unique external key store proxy address.
 //
 //   - XksProxyUriUnreachableException
 //     KMS was unable to reach the specified XksProxyUriPath. The path must be reachable
@@ -8522,9 +8521,9 @@ func (c *KMS) UpdateCustomKeyStoreRequest(input *UpdateCustomKeyStoreInput) (req
 //
 //   - XksProxyVpcEndpointServiceInUseException
 //     The request was rejected because the specified Amazon VPC endpoint service
-//     is already associated with an external key store in the Amazon Web Services
+//     is already associated with another external key store in this Amazon Web
-//     account and Region. Each external key store in an Amazon Web Services account
+//     Services Region. Each external key store in a Region must use a different
-//     and Region must use a different Amazon VPC endpoint service.
+//     Amazon VPC endpoint service.
 //
 //   - XksProxyVpcEndpointServiceNotFoundException
 //     The request was rejected because KMS could not find the specified VPC endpoint
@@ -8535,8 +8534,9 @@ func (c *KMS) UpdateCustomKeyStoreRequest(input *UpdateCustomKeyStoreInput) (req
 //
 //   - XksProxyVpcEndpointServiceInvalidConfigurationException
 //     The request was rejected because the Amazon VPC endpoint service configuration
-//     does not fulfill the requirements for an external key store proxy. For details,
+//     does not fulfill the requirements for an external key store. To identify
-//     see the exception message and review the requirements (https://docs.aws.amazon.com/kms/latest/developerguide/vpc-connectivity.html#xks-vpc-requirements)
+//     the cause, see the error message that accompanies the exception and review
+//     the requirements (https://docs.aws.amazon.com/kms/latest/developerguide/vpc-connectivity.html#xks-vpc-requirements)
 //     for Amazon VPC endpoint service connectivity for an external key store.
 //
 //   - XksProxyInvalidResponseException
@@ -8546,9 +8546,9 @@ func (c *KMS) UpdateCustomKeyStoreRequest(input *UpdateCustomKeyStoreInput) (req
 //     to the proxy vendor.
 //
 //   - XksProxyInvalidConfigurationException
-//     The request was rejected because the Amazon VPC endpoint service configuration
+//     The request was rejected because the external key store proxy is not configured
-//     does not fulfill the requirements for an external key store proxy. For details,
+//     correctly. To identify the cause, see the error message that accompanies
-//     see the exception message.
+//     the exception.
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateCustomKeyStore
 func (c *KMS) UpdateCustomKeyStore(input *UpdateCustomKeyStoreInput) (*UpdateCustomKeyStoreOutput, error) {
@@ -10143,7 +10143,7 @@ type CreateCustomKeyStoreInput struct {
 	//
 	//    * An external key store with PUBLIC_ENDPOINT connectivity cannot use the
 	//    same XksProxyUriEndpoint value as an external key store with VPC_ENDPOINT_SERVICE
-	//    connectivity in the same Amazon Web Services Region.
+	//    connectivity in this Amazon Web Services Region.
 	//
 	//    * Each external key store with VPC_ENDPOINT_SERVICE connectivity must
 	//    have its own private DNS name. The XksProxyUriEndpoint value for external
@@ -20820,8 +20820,8 @@ func (s *VerifyOutput) SetSigningAlgorithm(v string) *VerifyOutput {
 }
 
 // The request was rejected because the (XksKeyId) is already associated with
-// a KMS key in this external key store. Each KMS key in an external key store
+// another KMS key in this external key store. Each KMS key in an external key
-// must be associated with a different external key.
+// store must be associated with a different external key.
 type XksKeyAlreadyInUseException struct {
 	_            struct{}                  `type:"structure"`
 	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
@@ -21303,9 +21303,9 @@ func (s *XksProxyIncorrectAuthenticationCredentialException) RequestID() string
 	return s.RespMetadata.RequestID
 }
 
-// The request was rejected because the Amazon VPC endpoint service configuration
+// The request was rejected because the external key store proxy is not configured
-// does not fulfill the requirements for an external key store proxy. For details,
+// correctly. To identify the cause, see the error message that accompanies
-// see the exception message.
+// the exception.
 type XksProxyInvalidConfigurationException struct {
 	_            struct{}                  `type:"structure"`
 	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
@@ -21436,10 +21436,9 @@ func (s *XksProxyInvalidResponseException) RequestID() string {
 	return s.RespMetadata.RequestID
 }
 
-// The request was rejected because the concatenation of the XksProxyUriEndpoint
+// The request was rejected because the XksProxyUriEndpoint is already associated
-// is already associated with an external key store in the Amazon Web Services
+// with another external key store in this Amazon Web Services Region. To identify
-// account and Region. Each external key store in an account and Region must
+// the cause, see the error message that accompanies the exception.
-// use a unique external key store proxy address.
 type XksProxyUriEndpointInUseException struct {
 	_            struct{}                  `type:"structure"`
 	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
@@ -21504,9 +21503,9 @@ func (s *XksProxyUriEndpointInUseException) RequestID() string {
 }
 
 // The request was rejected because the concatenation of the XksProxyUriEndpoint
-// and XksProxyUriPath is already associated with an external key store in the
+// and XksProxyUriPath is already associated with another external key store
-// Amazon Web Services account and Region. Each external key store in an account
+// in this Amazon Web Services Region. Each external key store in a Region must
-// and Region must use a unique external key store proxy API address.
+// use a unique external key store proxy API address.
 type XksProxyUriInUseException struct {
 	_            struct{}                  `type:"structure"`
 	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
@@ -21640,9 +21639,9 @@ func (s *XksProxyUriUnreachableException) RequestID() string {
 }
 
 // The request was rejected because the specified Amazon VPC endpoint service
-// is already associated with an external key store in the Amazon Web Services
+// is already associated with another external key store in this Amazon Web
-// account and Region. Each external key store in an Amazon Web Services account
+// Services Region. Each external key store in a Region must use a different
-// and Region must use a different Amazon VPC endpoint service.
+// Amazon VPC endpoint service.
 type XksProxyVpcEndpointServiceInUseException struct {
 	_            struct{}                  `type:"structure"`
 	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
@@ -21707,8 +21706,9 @@ func (s *XksProxyVpcEndpointServiceInUseException) RequestID() string {
 }
 
 // The request was rejected because the Amazon VPC endpoint service configuration
-// does not fulfill the requirements for an external key store proxy. For details,
+// does not fulfill the requirements for an external key store. To identify
-// see the exception message and review the requirements (https://docs.aws.amazon.com/kms/latest/developerguide/vpc-connectivity.html#xks-vpc-requirements)
+// the cause, see the error message that accompanies the exception and review
+// the requirements (https://docs.aws.amazon.com/kms/latest/developerguide/vpc-connectivity.html#xks-vpc-requirements)
 // for Amazon VPC endpoint service connectivity for an external key store.
 type XksProxyVpcEndpointServiceInvalidConfigurationException struct {
 	_            struct{}                  `type:"structure"`

vendor/github.com/aws/aws-sdk-go/service/kms/errors.go

@@ -367,8 +367,8 @@ const (
 	// "XksKeyAlreadyInUseException".
 	//
 	// The request was rejected because the (XksKeyId) is already associated with
-	// a KMS key in this external key store. Each KMS key in an external key store
+	// another KMS key in this external key store. Each KMS key in an external key
-	// must be associated with a different external key.
+	// store must be associated with a different external key.
 	ErrCodeXksKeyAlreadyInUseException = "XksKeyAlreadyInUseException"
 
 	// ErrCodeXksKeyInvalidConfigurationException for service response error code
@@ -409,9 +409,9 @@ const (
 	// ErrCodeXksProxyInvalidConfigurationException for service response error code
 	// "XksProxyInvalidConfigurationException".
 	//
-	// The request was rejected because the Amazon VPC endpoint service configuration
+	// The request was rejected because the external key store proxy is not configured
-	// does not fulfill the requirements for an external key store proxy. For details,
+	// correctly. To identify the cause, see the error message that accompanies
-	// see the exception message.
+	// the exception.
 	ErrCodeXksProxyInvalidConfigurationException = "XksProxyInvalidConfigurationException"
 
 	// ErrCodeXksProxyInvalidResponseException for service response error code
@@ -426,19 +426,18 @@ const (
 	// ErrCodeXksProxyUriEndpointInUseException for service response error code
 	// "XksProxyUriEndpointInUseException".
 	//
-	// The request was rejected because the concatenation of the XksProxyUriEndpoint
+	// The request was rejected because the XksProxyUriEndpoint is already associated
-	// is already associated with an external key store in the Amazon Web Services
+	// with another external key store in this Amazon Web Services Region. To identify
-	// account and Region. Each external key store in an account and Region must
+	// the cause, see the error message that accompanies the exception.
-	// use a unique external key store proxy address.
 	ErrCodeXksProxyUriEndpointInUseException = "XksProxyUriEndpointInUseException"
 
 	// ErrCodeXksProxyUriInUseException for service response error code
 	// "XksProxyUriInUseException".
 	//
 	// The request was rejected because the concatenation of the XksProxyUriEndpoint
-	// and XksProxyUriPath is already associated with an external key store in the
+	// and XksProxyUriPath is already associated with another external key store
-	// Amazon Web Services account and Region. Each external key store in an account
+	// in this Amazon Web Services Region. Each external key store in a Region must
-	// and Region must use a unique external key store proxy API address.
+	// use a unique external key store proxy API address.
 	ErrCodeXksProxyUriInUseException = "XksProxyUriInUseException"
 
 	// ErrCodeXksProxyUriUnreachableException for service response error code
@@ -456,17 +455,18 @@ const (
 	// "XksProxyVpcEndpointServiceInUseException".
 	//
 	// The request was rejected because the specified Amazon VPC endpoint service
-	// is already associated with an external key store in the Amazon Web Services
+	// is already associated with another external key store in this Amazon Web
-	// account and Region. Each external key store in an Amazon Web Services account
+	// Services Region. Each external key store in a Region must use a different
-	// and Region must use a different Amazon VPC endpoint service.
+	// Amazon VPC endpoint service.
 	ErrCodeXksProxyVpcEndpointServiceInUseException = "XksProxyVpcEndpointServiceInUseException"
 
 	// ErrCodeXksProxyVpcEndpointServiceInvalidConfigurationException for service response error code
 	// "XksProxyVpcEndpointServiceInvalidConfigurationException".
 	//
 	// The request was rejected because the Amazon VPC endpoint service configuration
-	// does not fulfill the requirements for an external key store proxy. For details,
+	// does not fulfill the requirements for an external key store. To identify
-	// see the exception message and review the requirements (https://docs.aws.amazon.com/kms/latest/developerguide/vpc-connectivity.html#xks-vpc-requirements)
+	// the cause, see the error message that accompanies the exception and review
+	// the requirements (https://docs.aws.amazon.com/kms/latest/developerguide/vpc-connectivity.html#xks-vpc-requirements)
 	// for Amazon VPC endpoint service connectivity for an external key store.
 	ErrCodeXksProxyVpcEndpointServiceInvalidConfigurationException = "XksProxyVpcEndpointServiceInvalidConfigurationException"
 

vendor/github.com/aws/aws-sdk-go/service/route53/api.go

@@ -8086,7 +8086,7 @@ type AliasTarget struct {
 	// in. The environment must have a regionalized subdomain. For a list of regions
 	// and the corresponding hosted zone IDs, see Elastic Beanstalk endpoints and
 	// quotas (https://docs.aws.amazon.com/general/latest/gr/elasticbeanstalk.html)
-	// in the the Amazon Web Services General Reference.
+	// in the Amazon Web Services General Reference.
 	//
 	// ELB load balancer
 	//
@@ -9332,6 +9332,75 @@ func (s *CollectionSummary) SetVersion(v int64) *CollectionSummary {
 	return s
 }
 
+// A complex type that lists the coordinates for a geoproximity resource record.
+type Coordinates struct {
+	_ struct{} `type:"structure"`
+
+	// Specifies a coordinate of the north–south position of a geographic point
+	// on the surface of the Earth (-90 - 90).
+	//
+	// Latitude is a required field
+	Latitude *string `min:"1" type:"string" required:"true"`
+
+	// Specifies a coordinate of the east–west position of a geographic point
+	// on the surface of the Earth (-180 - 180).
+	//
+	// Longitude is a required field
+	Longitude *string `min:"1" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Coordinates) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Coordinates) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *Coordinates) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "Coordinates"}
+	if s.Latitude == nil {
+		invalidParams.Add(request.NewErrParamRequired("Latitude"))
+	}
+	if s.Latitude != nil && len(*s.Latitude) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Latitude", 1))
+	}
+	if s.Longitude == nil {
+		invalidParams.Add(request.NewErrParamRequired("Longitude"))
+	}
+	if s.Longitude != nil && len(*s.Longitude) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Longitude", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetLatitude sets the Latitude field's value.
+func (s *Coordinates) SetLatitude(v string) *Coordinates {
+	s.Latitude = &v
+	return s
+}
+
+// SetLongitude sets the Longitude field's value.
+func (s *Coordinates) SetLongitude(v string) *Coordinates {
+	s.Longitude = &v
+	return s
+}
+
 type CreateCidrCollectionInput struct {
 	_ struct{} `locationName:"CreateCidrCollectionRequest" type:"structure" xmlURI:"https://route53.amazonaws.com/doc/2013-04-01/"`
 
@@ -10738,7 +10807,7 @@ func (s *CreateVPCAssociationAuthorizationOutput) SetVPC(v *VPC) *CreateVPCAssoc
 	return s
 }
 
-// A string repesenting the status of DNSSEC signing.
+// A string representing the status of DNSSEC signing.
 type DNSSECStatus struct {
 	_ struct{} `type:"structure"`
 
@@ -12063,7 +12132,7 @@ type GeoLocation struct {
 	// Amazon Route 53 uses the two-letter country codes that are specified in ISO
 	// standard 3166-1 alpha-2 (https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2).
 	//
-	// Route 53 also supports the contry code UA forr Ukraine.
+	// Route 53 also supports the country code UA for Ukraine.
 	CountryCode *string `min:"1" type:"string"`
 
 	// For geolocation resource record sets, the two-letter code for a state of
@@ -12215,6 +12284,120 @@ func (s *GeoLocationDetails) SetSubdivisionName(v string) *GeoLocationDetails {
 	return s
 }
 
+// (Resource record sets only): A complex type that lets you control how Amazon
+// Route 53 responds to DNS queries based on the geographic origin of the query
+// and your resources. Only one of , LocalZoneGroup, Coordinates, or Amazon
+// Web ServicesRegion is allowed per request at a time.
+//
+// For more information about geoproximity routing, see Geoproximity routing
+// (https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy-geoproximity.html)
+// in the Amazon Route 53 Developer Guide.
+type GeoProximityLocation struct {
+	_ struct{} `type:"structure"`
+
+	// The Amazon Web Services Region the resource you are directing DNS traffic
+	// to, is in.
+	AWSRegion *string `min:"1" type:"string"`
+
+	// The bias increases or decreases the size of the geographic region from which
+	// Route 53 routes traffic to a resource.
+	//
+	// To use Bias to change the size of the geographic region, specify the applicable
+	// value for the bias:
+	//
+	//    * To expand the size of the geographic region from which Route 53 routes
+	//    traffic to a resource, specify a positive integer from 1 to 99 for the
+	//    bias. Route 53 shrinks the size of adjacent regions.
+	//
+	//    * To shrink the size of the geographic region from which Route 53 routes
+	//    traffic to a resource, specify a negative bias of -1 to -99. Route 53
+	//    expands the size of adjacent regions.
+	Bias *int64 `type:"integer"`
+
+	// Contains the longitude and latitude for a geographic region.
+	Coordinates *Coordinates `type:"structure"`
+
+	// Specifies an Amazon Web Services Local Zone Group.
+	//
+	// A local Zone Group is usually the Local Zone code without the ending character.
+	// For example, if the Local Zone is us-east-1-bue-1a the Local Zone Group is
+	// us-east-1-bue-1.
+	//
+	// You can identify the Local Zones Group for a specific Local Zone by using
+	// the describe-availability-zones (https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-availability-zones.html)
+	// CLI command:
+	//
+	// This command returns: "GroupName": "us-west-2-den-1", specifying that the
+	// Local Zone us-west-2-den-1a belongs to the Local Zone Group us-west-2-den-1.
+	LocalZoneGroup *string `min:"1" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GeoProximityLocation) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GeoProximityLocation) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GeoProximityLocation) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "GeoProximityLocation"}
+	if s.AWSRegion != nil && len(*s.AWSRegion) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("AWSRegion", 1))
+	}
+	if s.Bias != nil && *s.Bias < -99 {
+		invalidParams.Add(request.NewErrParamMinValue("Bias", -99))
+	}
+	if s.LocalZoneGroup != nil && len(*s.LocalZoneGroup) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("LocalZoneGroup", 1))
+	}
+	if s.Coordinates != nil {
+		if err := s.Coordinates.Validate(); err != nil {
+			invalidParams.AddNested("Coordinates", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetAWSRegion sets the AWSRegion field's value.
+func (s *GeoProximityLocation) SetAWSRegion(v string) *GeoProximityLocation {
+	s.AWSRegion = &v
+	return s
+}
+
+// SetBias sets the Bias field's value.
+func (s *GeoProximityLocation) SetBias(v int64) *GeoProximityLocation {
+	s.Bias = &v
+	return s
+}
+
+// SetCoordinates sets the Coordinates field's value.
+func (s *GeoProximityLocation) SetCoordinates(v *Coordinates) *GeoProximityLocation {
+	s.Coordinates = v
+	return s
+}
+
+// SetLocalZoneGroup sets the LocalZoneGroup field's value.
+func (s *GeoProximityLocation) SetLocalZoneGroup(v string) *GeoProximityLocation {
+	s.LocalZoneGroup = &v
+	return s
+}
+
 // A complex type that contains information about the request to create a hosted
 // zone.
 type GetAccountLimitInput struct {
@@ -12535,7 +12718,7 @@ type GetDNSSECOutput struct {
 	// KeySigningKeys is a required field
 	KeySigningKeys []*KeySigningKey `type:"list" required:"true"`
 
-	// A string repesenting the status of DNSSEC.
+	// A string representing the status of DNSSEC.
 	//
 	// Status is a required field
 	Status *DNSSECStatus `type:"structure" required:"true"`
@@ -12597,7 +12780,7 @@ type GetGeoLocationInput struct {
 	// Amazon Route 53 uses the two-letter country codes that are specified in ISO
 	// standard 3166-1 alpha-2 (https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2).
 	//
-	// Route 53 also supports the contry code UA forr Ukraine.
+	// Route 53 also supports the country code UA for Ukraine.
 	CountryCode *string `location:"querystring" locationName:"countrycode" min:"1" type:"string"`
 
 	// The code for the subdivision, such as a particular state within the United
@@ -14242,7 +14425,7 @@ type HealthCheckConfig struct {
 	//    checkers consider to be healthy and compares that number with the value
 	//    of HealthThreshold.
 	//
-	//    * RECOVERY_CONTROL: The health check is assocated with a Route53 Application
+	//    * RECOVERY_CONTROL: The health check is associated with a Route53 Application
 	//    Recovery Controller routing control. If the routing control state is ON,
 	//    the health check is considered healthy. If the state is OFF, the health
 	//    check is considered unhealthy.
@@ -18153,9 +18336,6 @@ type ResourceRecordSet struct {
 	// to a web server with an IP address of 192.0.2.111, create a resource record
 	// set with a Type of A and a ContinentCode of AF.
 	//
-	// Although creating geolocation and geolocation alias resource record sets
-	// in a private hosted zone is allowed, it's not supported.
-	//
 	// If you create separate resource record sets for overlapping geographic regions
 	// (for example, one resource record set for a continent and one for a country
 	// on the same continent), priority goes to the smallest geographic region.
@@ -18184,6 +18364,11 @@ type ResourceRecordSet struct {
 	// values for the Name and Type elements as geolocation resource record sets.
 	GeoLocation *GeoLocation `type:"structure"`
 
+	//  GeoproximityLocation resource record sets only: A complex type that lets
+	//  you control how Route 53 responds to DNS queries based on the geographic
+	//  origin of the query and your resources.
+	GeoProximityLocation *GeoProximityLocation `type:"structure"`
+
 	// If you want Amazon Route 53 to return this resource record set in response
 	// to a DNS query only when the status of a health check is healthy, include
 	// the HealthCheckId element and specify the ID of the applicable health check.
@@ -18561,6 +18746,11 @@ func (s *ResourceRecordSet) Validate() error {
 			invalidParams.AddNested("GeoLocation", err.(request.ErrInvalidParams))
 		}
 	}
+	if s.GeoProximityLocation != nil {
+		if err := s.GeoProximityLocation.Validate(); err != nil {
+			invalidParams.AddNested("GeoProximityLocation", err.(request.ErrInvalidParams))
+		}
+	}
 	if s.ResourceRecords != nil {
 		for i, v := range s.ResourceRecords {
 			if v == nil {
@@ -18602,6 +18792,12 @@ func (s *ResourceRecordSet) SetGeoLocation(v *GeoLocation) *ResourceRecordSet {
 	return s
 }
 
+// SetGeoProximityLocation sets the GeoProximityLocation field's value.
+func (s *ResourceRecordSet) SetGeoProximityLocation(v *GeoProximityLocation) *ResourceRecordSet {
+	s.GeoProximityLocation = v
+	return s
+}
+
 // SetHealthCheckId sets the HealthCheckId field's value.
 func (s *ResourceRecordSet) SetHealthCheckId(v string) *ResourceRecordSet {
 	s.HealthCheckId = &v
@@ -19512,6 +19708,10 @@ type UpdateHealthCheckInput struct {
 	// you specify in RequestInterval. Using an IPv4 address that is returned by
 	// DNS, Route 53 then checks the health of the endpoint.
 	//
+	// If you don't specify a value for IPAddress, you can’t update the health
+	// check to remove the FullyQualifiedDomainName; if you don’t specify a value
+	// for IPAddress on creation, a FullyQualifiedDomainName is required.
+	//
 	// If you don't specify a value for IPAddress, Route 53 uses only IPv4 to send
 	// health checks to the endpoint. If there's no resource record set with a type
 	// of A for the name that you specify for FullyQualifiedDomainName, the health

vendor/github.com/go-logr/logr/slogr/slogr.go

@@ -1,61 +0,0 @@
-//go:build go1.21
-// +build go1.21
-
-/*
-Copyright 2023 The logr Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Package slogr enables usage of a slog.Handler with logr.Logger as front-end
-// API and of a logr.LogSink through the slog.Handler and thus slog.Logger
-// APIs.
-//
-// See the README in the top-level [./logr] package for a discussion of
-// interoperability.
-//
-// Deprecated: use the main logr package instead.
-package slogr
-
-import (
-	"log/slog"
-
-	"github.com/go-logr/logr"
-)
-
-// NewLogr returns a logr.Logger which writes to the slog.Handler.
-//
-// Deprecated: use [logr.FromSlogHandler] instead.
-func NewLogr(handler slog.Handler) logr.Logger {
-	return logr.FromSlogHandler(handler)
-}
-
-// NewSlogHandler returns a slog.Handler which writes to the same sink as the logr.Logger.
-//
-// Deprecated: use [logr.ToSlogHandler] instead.
-func NewSlogHandler(logger logr.Logger) slog.Handler {
-	return logr.ToSlogHandler(logger)
-}
-
-// ToSlogHandler returns a slog.Handler which writes to the same sink as the logr.Logger.
-//
-// Deprecated: use [logr.ToSlogHandler] instead.
-func ToSlogHandler(logger logr.Logger) slog.Handler {
-	return logr.ToSlogHandler(logger)
-}
-
-// SlogSink is an optional interface that a LogSink can implement to support
-// logging through the slog.Logger or slog.Handler APIs better.
-//
-// Deprecated: use [logr.SlogSink] instead.
-type SlogSink = logr.SlogSink

vendor/golang.org/x/crypto/internal/poly1305/bits_compat.go

@@ -1,39 +0,0 @@
-// Copyright 2019 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build !go1.13
-
-package poly1305
-
-// Generic fallbacks for the math/bits intrinsics, copied from
-// src/math/bits/bits.go. They were added in Go 1.12, but Add64 and Sum64 had
-// variable time fallbacks until Go 1.13.
-
-func bitsAdd64(x, y, carry uint64) (sum, carryOut uint64) {
-	sum = x + y + carry
-	carryOut = ((x & y) | ((x | y) &^ sum)) >> 63
-	return
-}
-
-func bitsSub64(x, y, borrow uint64) (diff, borrowOut uint64) {
-	diff = x - y - borrow
-	borrowOut = ((^x & y) | (^(x ^ y) & diff)) >> 63
-	return
-}
-
-func bitsMul64(x, y uint64) (hi, lo uint64) {
-	const mask32 = 1<<32 - 1
-	x0 := x & mask32
-	x1 := x >> 32
-	y0 := y & mask32
-	y1 := y >> 32
-	w0 := x0 * y0
-	t := x1*y0 + w0>>32
-	w1 := t & mask32
-	w2 := t >> 32
-	w1 += x0 * y1
-	hi = x1*y1 + w2 + w1>>32
-	lo = x * y
-	return
-}

vendor/golang.org/x/crypto/internal/poly1305/bits_go1.13.go

@@ -1,21 +0,0 @@
-// Copyright 2019 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build go1.13
-
-package poly1305
-
-import "math/bits"
-
-func bitsAdd64(x, y, carry uint64) (sum, carryOut uint64) {
-	return bits.Add64(x, y, carry)
-}
-
-func bitsSub64(x, y, borrow uint64) (diff, borrowOut uint64) {
-	return bits.Sub64(x, y, borrow)
-}
-
-func bitsMul64(x, y uint64) (hi, lo uint64) {
-	return bits.Mul64(x, y)
-}

vendor/golang.org/x/crypto/internal/poly1305/sum_generic.go

@@ -7,7 +7,10 @@
 
 package poly1305
 
-import "encoding/binary"
+import (
+	"encoding/binary"
+	"math/bits"
+)
 
 // Poly1305 [RFC 7539] is a relatively simple algorithm: the authentication tag
 // for a 64 bytes message is approximately
@@ -114,13 +117,13 @@ type uint128 struct {
 }
 
 func mul64(a, b uint64) uint128 {
-	hi, lo := bitsMul64(a, b)
+	hi, lo := bits.Mul64(a, b)
 	return uint128{lo, hi}
 }
 
 func add128(a, b uint128) uint128 {
-	lo, c := bitsAdd64(a.lo, b.lo, 0)
+	lo, c := bits.Add64(a.lo, b.lo, 0)
-	hi, c := bitsAdd64(a.hi, b.hi, c)
+	hi, c := bits.Add64(a.hi, b.hi, c)
 	if c != 0 {
 		panic("poly1305: unexpected overflow")
 	}
@@ -155,8 +158,8 @@ func updateGeneric(state *macState, msg []byte) {
 		// hide leading zeroes. For full chunks, that's 1 << 128, so we can just
 		// add 1 to the most significant (2¹²⁸) limb, h2.
 		if len(msg) >= TagSize {
-			h0, c = bitsAdd64(h0, binary.LittleEndian.Uint64(msg[0:8]), 0)
+			h0, c = bits.Add64(h0, binary.LittleEndian.Uint64(msg[0:8]), 0)
-			h1, c = bitsAdd64(h1, binary.LittleEndian.Uint64(msg[8:16]), c)
+			h1, c = bits.Add64(h1, binary.LittleEndian.Uint64(msg[8:16]), c)
 			h2 += c + 1
 
 			msg = msg[TagSize:]
@@ -165,8 +168,8 @@ func updateGeneric(state *macState, msg []byte) {
 			copy(buf[:], msg)
 			buf[len(msg)] = 1
 
-			h0, c = bitsAdd64(h0, binary.LittleEndian.Uint64(buf[0:8]), 0)
+			h0, c = bits.Add64(h0, binary.LittleEndian.Uint64(buf[0:8]), 0)
-			h1, c = bitsAdd64(h1, binary.LittleEndian.Uint64(buf[8:16]), c)
+			h1, c = bits.Add64(h1, binary.LittleEndian.Uint64(buf[8:16]), c)
 			h2 += c
 
 			msg = nil
@@ -219,9 +222,9 @@ func updateGeneric(state *macState, msg []byte) {
 		m3 := h2r1
 
 		t0 := m0.lo
-		t1, c := bitsAdd64(m1.lo, m0.hi, 0)
+		t1, c := bits.Add64(m1.lo, m0.hi, 0)
-		t2, c := bitsAdd64(m2.lo, m1.hi, c)
+		t2, c := bits.Add64(m2.lo, m1.hi, c)
-		t3, _ := bitsAdd64(m3.lo, m2.hi, c)
+		t3, _ := bits.Add64(m3.lo, m2.hi, c)
 
 		// Now we have the result as 4 64-bit limbs, and we need to reduce it
 		// modulo 2¹³⁰ - 5. The special shape of this Crandall prime lets us do
@@ -243,14 +246,14 @@ func updateGeneric(state *macState, msg []byte) {
 
 		// To add c * 5 to h, we first add cc = c * 4, and then add (cc >> 2) = c.
 
-		h0, c = bitsAdd64(h0, cc.lo, 0)
+		h0, c = bits.Add64(h0, cc.lo, 0)
-		h1, c = bitsAdd64(h1, cc.hi, c)
+		h1, c = bits.Add64(h1, cc.hi, c)
 		h2 += c
 
 		cc = shiftRightBy2(cc)
 
-		h0, c = bitsAdd64(h0, cc.lo, 0)
+		h0, c = bits.Add64(h0, cc.lo, 0)
-		h1, c = bitsAdd64(h1, cc.hi, c)
+		h1, c = bits.Add64(h1, cc.hi, c)
 		h2 += c
 
 		// h2 is at most 3 + 1 + 1 = 5, making the whole of h at most
@@ -287,9 +290,9 @@ func finalize(out *[TagSize]byte, h *[3]uint64, s *[2]uint64) {
 	// in constant time, we compute t = h - (2¹³⁰ - 5), and select h as the
 	// result if the subtraction underflows, and t otherwise.
 
-	hMinusP0, b := bitsSub64(h0, p0, 0)
+	hMinusP0, b := bits.Sub64(h0, p0, 0)
-	hMinusP1, b := bitsSub64(h1, p1, b)
+	hMinusP1, b := bits.Sub64(h1, p1, b)
-	_, b = bitsSub64(h2, p2, b)
+	_, b = bits.Sub64(h2, p2, b)
 
 	// h = h if h < p else h - p
 	h0 = select64(b, h0, hMinusP0)
@@ -301,8 +304,8 @@ func finalize(out *[TagSize]byte, h *[3]uint64, s *[2]uint64) {
 	//
 	// by just doing a wide addition with the 128 low bits of h and discarding
 	// the overflow.
-	h0, c := bitsAdd64(h0, s[0], 0)
+	h0, c := bits.Add64(h0, s[0], 0)
-	h1, _ = bitsAdd64(h1, s[1], c)
+	h1, _ = bits.Add64(h1, s[1], c)
 
 	binary.LittleEndian.PutUint64(out[0:8], h0)
 	binary.LittleEndian.PutUint64(out[8:16], h1)

vendor/golang.org/x/oauth2/google/default.go

@@ -12,6 +12,7 @@ import (
 	"os"
 	"path/filepath"
 	"runtime"
+	"sync"
 	"time"
 
 	"cloud.google.com/go/compute/metadata"
@@ -41,12 +42,20 @@ type Credentials struct {
 	// running on Google Cloud Platform.
 	JSON []byte
 
+	udMu sync.Mutex // guards universeDomain
 	// universeDomain is the default service domain for a given Cloud universe.
 	universeDomain string
 }
 
 // UniverseDomain returns the default service domain for a given Cloud universe.
+//
 // The default value is "googleapis.com".
+//
+// Deprecated: Use instead (*Credentials).GetUniverseDomain(), which supports
+// obtaining the universe domain when authenticating via the GCE metadata server.
+// Unlike GetUniverseDomain, this method, UniverseDomain, will always return the
+// default value when authenticating via the GCE metadata server.
+// See also [The attached service account](https://cloud.google.com/docs/authentication/application-default-credentials#attached-sa).
 func (c *Credentials) UniverseDomain() string {
 	if c.universeDomain == "" {
 		return universeDomainDefault
@@ -54,6 +63,55 @@ func (c *Credentials) UniverseDomain() string {
 	return c.universeDomain
 }
 
+// GetUniverseDomain returns the default service domain for a given Cloud
+// universe.
+//
+// The default value is "googleapis.com".
+//
+// It obtains the universe domain from the attached service account on GCE when
+// authenticating via the GCE metadata server. See also [The attached service
+// account](https://cloud.google.com/docs/authentication/application-default-credentials#attached-sa).
+// If the GCE metadata server returns a 404 error, the default value is
+// returned. If the GCE metadata server returns an error other than 404, the
+// error is returned.
+func (c *Credentials) GetUniverseDomain() (string, error) {
+	c.udMu.Lock()
+	defer c.udMu.Unlock()
+	if c.universeDomain == "" && metadata.OnGCE() {
+		// If we're on Google Compute Engine, an App Engine standard second
+		// generation runtime, or App Engine flexible, use the metadata server.
+		err := c.computeUniverseDomain()
+		if err != nil {
+			return "", err
+		}
+	}
+	// If not on Google Compute Engine, or in case of any non-error path in
+	// computeUniverseDomain that did not set universeDomain, set the default
+	// universe domain.
+	if c.universeDomain == "" {
+		c.universeDomain = universeDomainDefault
+	}
+	return c.universeDomain, nil
+}
+
+// computeUniverseDomain fetches the default service domain for a given Cloud
+// universe from Google Compute Engine (GCE)'s metadata server. It's only valid
+// to use this method if your program is running on a GCE instance.
+func (c *Credentials) computeUniverseDomain() error {
+	var err error
+	c.universeDomain, err = metadata.Get("universe/universe_domain")
+	if err != nil {
+		if _, ok := err.(metadata.NotDefinedError); ok {
+			// http.StatusNotFound (404)
+			c.universeDomain = universeDomainDefault
+			return nil
+		} else {
+			return err
+		}
+	}
+	return nil
+}
+
 // DefaultCredentials is the old name of Credentials.
 //
 // Deprecated: use Credentials instead.
@@ -91,6 +149,12 @@ type CredentialsParams struct {
 	// Note: This option is currently only respected when using credentials
 	// fetched from the GCE metadata server.
 	EarlyTokenRefresh time.Duration
+
+	// UniverseDomain is the default service domain for a given Cloud universe.
+	// Only supported in authentication flows that support universe domains.
+	// This value takes precedence over a universe domain explicitly specified
+	// in a credentials config file or by the GCE metadata server. Optional.
+	UniverseDomain string
 }
 
 func (params CredentialsParams) deepCopy() CredentialsParams {
@@ -175,8 +239,9 @@ func FindDefaultCredentialsWithParams(ctx context.Context, params CredentialsPar
 	if metadata.OnGCE() {
 		id, _ := metadata.ProjectID()
 		return &Credentials{
-			ProjectID:   id,
+			ProjectID:      id,
-			TokenSource: computeTokenSource("", params.EarlyTokenRefresh, params.Scopes...),
+			TokenSource:    computeTokenSource("", params.EarlyTokenRefresh, params.Scopes...),
+			universeDomain: params.UniverseDomain,
 		}, nil
 	}
 
@@ -217,6 +282,9 @@ func CredentialsFromJSONWithParams(ctx context.Context, jsonData []byte, params
 	}
 
 	universeDomain := f.UniverseDomain
+	if params.UniverseDomain != "" {
+		universeDomain = params.UniverseDomain
+	}
 	// Authorized user credentials are only supported in the googleapis.com universe.
 	if f.Type == userCredentialsKey {
 		universeDomain = universeDomainDefault

vendor/google.golang.org/api/cloudresourcemanager/v1/cloudresourcemanager-gen.go

@@ -95,7 +95,9 @@ const apiId = "cloudresourcemanager:v1"
 const apiName = "cloudresourcemanager"
 const apiVersion = "v1"
 const basePath = "https://cloudresourcemanager.googleapis.com/"
+const basePathTemplate = "https://cloudresourcemanager.UNIVERSE_DOMAIN/"
 const mtlsBasePath = "https://cloudresourcemanager.mtls.googleapis.com/"
+const defaultUniverseDomain = "googleapis.com"
 
 // OAuth2 scopes used by this API.
 const (
@@ -117,7 +119,9 @@ func NewService(ctx context.Context, opts ...option.ClientOption) (*Service, err
 	// NOTE: prepend, so we don't override user-specified scopes.
 	opts = append([]option.ClientOption{scopesOption}, opts...)
 	opts = append(opts, internaloption.WithDefaultEndpoint(basePath))
+	opts = append(opts, internaloption.WithDefaultEndpointTemplate(basePathTemplate))
 	opts = append(opts, internaloption.WithDefaultMTLSEndpoint(mtlsBasePath))
+	opts = append(opts, internaloption.WithDefaultUniverseDomain(defaultUniverseDomain))
 	client, endpoint, err := htransport.NewClient(ctx, opts...)
 	if err != nil {
 		return nil, err

vendor/google.golang.org/api/compute/v0.alpha/compute-gen.go

@@ -95,7 +95,9 @@ const apiId = "compute:alpha"
 const apiName = "compute"
 const apiVersion = "alpha"
 const basePath = "https://compute.googleapis.com/compute/alpha/"
+const basePathTemplate = "https://compute.UNIVERSE_DOMAIN/compute/alpha/"
 const mtlsBasePath = "https://compute.mtls.googleapis.com/compute/alpha/"
+const defaultUniverseDomain = "googleapis.com"
 
 // OAuth2 scopes used by this API.
 const (
@@ -134,7 +136,9 @@ func NewService(ctx context.Context, opts ...option.ClientOption) (*Service, err
 	// NOTE: prepend, so we don't override user-specified scopes.
 	opts = append([]option.ClientOption{scopesOption}, opts...)
 	opts = append(opts, internaloption.WithDefaultEndpoint(basePath))
+	opts = append(opts, internaloption.WithDefaultEndpointTemplate(basePathTemplate))
 	opts = append(opts, internaloption.WithDefaultMTLSEndpoint(mtlsBasePath))
+	opts = append(opts, internaloption.WithDefaultUniverseDomain(defaultUniverseDomain))
 	client, endpoint, err := htransport.NewClient(ctx, opts...)
 	if err != nil {
 		return nil, err

vendor/google.golang.org/api/compute/v0.beta/compute-gen.go

@@ -95,7 +95,9 @@ const apiId = "compute:beta"
 const apiName = "compute"
 const apiVersion = "beta"
 const basePath = "https://compute.googleapis.com/compute/beta/"
+const basePathTemplate = "https://compute.UNIVERSE_DOMAIN/compute/beta/"
 const mtlsBasePath = "https://compute.mtls.googleapis.com/compute/beta/"
+const defaultUniverseDomain = "googleapis.com"
 
 // OAuth2 scopes used by this API.
 const (
@@ -134,7 +136,9 @@ func NewService(ctx context.Context, opts ...option.ClientOption) (*Service, err
 	// NOTE: prepend, so we don't override user-specified scopes.
 	opts = append([]option.ClientOption{scopesOption}, opts...)
 	opts = append(opts, internaloption.WithDefaultEndpoint(basePath))
+	opts = append(opts, internaloption.WithDefaultEndpointTemplate(basePathTemplate))
 	opts = append(opts, internaloption.WithDefaultMTLSEndpoint(mtlsBasePath))
+	opts = append(opts, internaloption.WithDefaultUniverseDomain(defaultUniverseDomain))
 	client, endpoint, err := htransport.NewClient(ctx, opts...)
 	if err != nil {
 		return nil, err

vendor/google.golang.org/api/compute/v1/compute-api.json

@@ -1367,7 +1367,7 @@
           ],
           "parameters": {
             "backendBucket": {
-              "description": "Name of the BackendService resource to which the security policy should be set. The name should conform to RFC1035.",
+              "description": "Name of the BackendBucket resource to which the security policy should be set. The name should conform to RFC1035.",
               "location": "path",
               "required": true,
               "type": "string"
@@ -10326,6 +10326,53 @@
             "https://www.googleapis.com/auth/compute.readonly"
           ]
         },
+        "performMaintenance": {
+          "description": "Perform a manual maintenance on the instance.",
+          "flatPath": "projects/{project}/zones/{zone}/instances/{instance}/performMaintenance",
+          "httpMethod": "POST",
+          "id": "compute.instances.performMaintenance",
+          "parameterOrder": [
+            "project",
+            "zone",
+            "instance"
+          ],
+          "parameters": {
+            "instance": {
+              "description": "Name of the instance scoping this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            },
+            "zone": {
+              "description": "The name of the zone for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/zones/{zone}/instances/{instance}/performMaintenance",
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
         "removeResourcePolicies": {
           "description": "Removes resource policies from an instance.",
           "flatPath": "projects/{project}/zones/{zone}/instances/{instance}/removeResourcePolicies",
@@ -11248,6 +11295,11 @@
               "location": "query",
               "type": "string"
             },
+            "withExtendedNotifications": {
+              "description": "Determines whether the customers receive notifications before migration. Only applicable to SF vms.",
+              "location": "query",
+              "type": "boolean"
+            },
             "zone": {
               "description": "The name of the zone for this request.",
               "location": "path",
@@ -35334,7 +35386,7 @@
       }
     }
   },
-  "revision": "20231128",
+  "revision": "20231231",
   "rootUrl": "https://compute.googleapis.com/",
   "schemas": {
     "AWSV4Signature": {
@@ -39784,7 +39836,7 @@
           "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
         },
         "members": {
-          "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.",
+          "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.",
           "items": {
             "type": "string"
           },
@@ -40031,6 +40083,13 @@
           "description": "[Output Only] Commitment end time in RFC3339 text format.",
           "type": "string"
         },
+        "existingReservations": {
+          "description": "Specifies the already existing reservations to attach to the Commitment. This field is optional, and it can be a full or partial URL. For example, the following are valid URLs to an reservation: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /reservations/reservation - projects/project/zones/zone/reservations/reservation ",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
         "id": {
           "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
           "format": "uint64",
@@ -40076,7 +40135,7 @@
           "type": "string"
         },
         "reservations": {
-          "description": "List of create-on-create reseravtions for this commitment.",
+          "description": "List of create-on-create reservations for this commitment.",
           "items": {
             "$ref": "Reservation"
           },
@@ -41043,6 +41102,11 @@
           "$ref": "DiskResourceStatus",
           "description": "[Output Only] Status information for the disk resource."
         },
+        "satisfiesPzi": {
+          "description": "Output only. Reserved for future use.",
+          "readOnly": true,
+          "type": "boolean"
+        },
         "satisfiesPzs": {
           "description": "[Output Only] Reserved for future use.",
           "type": "boolean"
@@ -44596,10 +44660,11 @@
       "id": "GuestOsFeature",
       "properties": {
         "type": {
-          "description": "The ID of a supported feature. To add multiple values, use commas to separate values. Set to one or more of the following values: - VIRTIO_SCSI_MULTIQUEUE - WINDOWS - MULTI_IP_SUBNET - UEFI_COMPATIBLE - GVNIC - SEV_CAPABLE - SUSPEND_RESUME_COMPATIBLE - SEV_LIVE_MIGRATABLE - SEV_SNP_CAPABLE For more information, see Enabling guest operating system features.",
+          "description": "The ID of a supported feature. To add multiple values, use commas to separate values. Set to one or more of the following values: - VIRTIO_SCSI_MULTIQUEUE - WINDOWS - MULTI_IP_SUBNET - UEFI_COMPATIBLE - GVNIC - SEV_CAPABLE - SUSPEND_RESUME_COMPATIBLE - SEV_LIVE_MIGRATABLE - SEV_SNP_CAPABLE - IDPF For more information, see Enabling guest operating system features.",
           "enum": [
             "FEATURE_TYPE_UNSPECIFIED",
             "GVNIC",
+            "IDPF",
             "MULTI_IP_SUBNET",
             "SECURE_BOOT",
             "SEV_CAPABLE",
@@ -44621,6 +44686,7 @@
             "",
             "",
             "",
+            "",
             ""
           ],
           "type": "string"
@@ -46675,6 +46741,11 @@
           },
           "type": "object"
         },
+        "satisfiesPzi": {
+          "description": "Output only. Reserved for future use.",
+          "readOnly": true,
+          "type": "boolean"
+        },
         "satisfiesPzs": {
           "description": "[Output Only] Reserved for future use.",
           "type": "boolean"
@@ -53536,6 +53607,11 @@
           "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
           "type": "string"
         },
+        "satisfiesPzi": {
+          "description": "Output only. Reserved for future use.",
+          "readOnly": true,
+          "type": "boolean"
+        },
         "satisfiesPzs": {
           "description": "[Output Only] Reserved for future use.",
           "type": "boolean"
@@ -59236,7 +59312,7 @@
       "type": "object"
     },
     "Operation": {
-      "description": "Represents an Operation resource. Google Compute Engine has three Operation resources: * [Global](/compute/docs/reference/rest/v1/globalOperations) * [Regional](/compute/docs/reference/rest/v1/regionOperations) * [Zonal](/compute/docs/reference/rest/v1/zoneOperations) You can use an operation resource to manage asynchronous API requests. For more information, read Handling API responses. Operations can be global, regional or zonal. - For global operations, use the `globalOperations` resource. - For regional operations, use the `regionOperations` resource. - For zonal operations, use the `zoneOperations` resource. For more information, read Global, Regional, and Zonal Resources.",
+      "description": "Represents an Operation resource. Google Compute Engine has three Operation resources: * [Global](/compute/docs/reference/rest/v1/globalOperations) * [Regional](/compute/docs/reference/rest/v1/regionOperations) * [Zonal](/compute/docs/reference/rest/v1/zoneOperations) You can use an operation resource to manage asynchronous API requests. For more information, read Handling API responses. Operations can be global, regional or zonal. - For global operations, use the `globalOperations` resource. - For regional operations, use the `regionOperations` resource. - For zonal operations, use the `zoneOperations` resource. For more information, read Global, Regional, and Zonal Resources. Note that completed Operation resources have a limited retention period.",
       "id": "Operation",
       "properties": {
         "clientOperationId": {
@@ -60333,14 +60409,14 @@
       "id": "PacketMirroringFilter",
       "properties": {
         "IPProtocols": {
-          "description": "Protocols that apply as filter on mirrored traffic. If no protocols are specified, all traffic that matches the specified CIDR ranges is mirrored. If neither cidrRanges nor IPProtocols is specified, all traffic is mirrored.",
+          "description": "Protocols that apply as filter on mirrored traffic. If no protocols are specified, all traffic that matches the specified CIDR ranges is mirrored. If neither cidrRanges nor IPProtocols is specified, all IPv4 traffic is mirrored.",
           "items": {
             "type": "string"
           },
           "type": "array"
         },
         "cidrRanges": {
-          "description": "IP CIDR ranges that apply as filter on the source (ingress) or destination (egress) IP in the IP header. Only IPv4 is supported. If no ranges are specified, all traffic that matches the specified IPProtocols is mirrored. If neither cidrRanges nor IPProtocols is specified, all traffic is mirrored.",
+          "description": "One or more IPv4 or IPv6 CIDR ranges that apply as filter on the source (ingress) or destination (egress) IP in the IP header. If no ranges are specified, all IPv4 traffic that matches the specified IPProtocols is mirrored. If neither cidrRanges nor IPProtocols is specified, all IPv4 traffic is mirrored. To mirror all IPv4 and IPv6 traffic, use \"0.0.0.0/0,::/0\". Note: Support for IPv6 traffic is in preview.",
           "items": {
             "type": "string"
           },
@@ -62090,6 +62166,7 @@
             "COMMITTED_N2_CPUS",
             "COMMITTED_NVIDIA_A100_80GB_GPUS",
             "COMMITTED_NVIDIA_A100_GPUS",
+            "COMMITTED_NVIDIA_H100_GPUS",
             "COMMITTED_NVIDIA_K80_GPUS",
             "COMMITTED_NVIDIA_L4_GPUS",
             "COMMITTED_NVIDIA_P100_GPUS",
@@ -62165,6 +62242,7 @@
             "PREEMPTIBLE_LOCAL_SSD_GB",
             "PREEMPTIBLE_NVIDIA_A100_80GB_GPUS",
             "PREEMPTIBLE_NVIDIA_A100_GPUS",
+            "PREEMPTIBLE_NVIDIA_H100_GPUS",
             "PREEMPTIBLE_NVIDIA_K80_GPUS",
             "PREEMPTIBLE_NVIDIA_L4_GPUS",
             "PREEMPTIBLE_NVIDIA_P100_GPUS",
@@ -62255,6 +62333,7 @@
             "",
             "",
             "",
+            "",
             "Guest CPUs",
             "",
             "",
@@ -62355,6 +62434,7 @@
             "",
             "",
             "",
+            "",
             "The total number of snapshots allowed for a single project.",
             "",
             "",
@@ -68607,7 +68687,7 @@
       "properties": {
         "recaptchaOptions": {
           "$ref": "SecurityPolicyRuleMatcherExprOptionsRecaptchaOptions",
-          "description": "reCAPTCHA configuration options to be applied for the rule. If the rule does not evaluate reCAPTCHA tokens, this field will have no effect."
+          "description": "reCAPTCHA configuration options to be applied for the rule. If the rule does not evaluate reCAPTCHA tokens, this field has no effect."
         }
       },
       "type": "object"
@@ -69977,6 +70057,11 @@
           "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
           "type": "string"
         },
+        "satisfiesPzi": {
+          "description": "Output only. Reserved for future use.",
+          "readOnly": true,
+          "type": "boolean"
+        },
         "satisfiesPzs": {
           "description": "[Output Only] Reserved for future use.",
           "type": "boolean"
@@ -71861,7 +71946,7 @@
           "type": "string"
         },
         "purpose": {
-          "description": "The purpose of the resource. This field can be either PRIVATE, REGIONAL_MANAGED_PROXY, PRIVATE_SERVICE_CONNECT, or INTERNAL_HTTPS_LOAD_BALANCER. PRIVATE is the default purpose for user-created subnets or subnets that are automatically created in auto mode networks. A subnet with purpose set to REGIONAL_MANAGED_PROXY is a user-created subnetwork that is reserved for regional Envoy-based load balancers. A subnet with purpose set to PRIVATE_SERVICE_CONNECT is used to publish services using Private Service Connect. A subnet with purpose set to INTERNAL_HTTPS_LOAD_BALANCER is a proxy-only subnet that can be used only by regional internal HTTP(S) load balancers. Note that REGIONAL_MANAGED_PROXY is the preferred setting for all regional Envoy load balancers. If unspecified, the subnet purpose defaults to PRIVATE. The enableFlowLogs field isn't supported if the subnet purpose field is set to REGIONAL_MANAGED_PROXY.",
+          "description": "The purpose of the resource. This field can be either PRIVATE, GLOBAL_MANAGED_PROXY, REGIONAL_MANAGED_PROXY, PRIVATE_SERVICE_CONNECT, or PRIVATE is the default purpose for user-created subnets or subnets that are automatically created in auto mode networks. Subnets with purpose set to GLOBAL_MANAGED_PROXY or REGIONAL_MANAGED_PROXY are user-created subnetworks that are reserved for Envoy-based load balancers. A subnet with purpose set to PRIVATE_SERVICE_CONNECT is used to publish services using Private Service Connect. If unspecified, the subnet purpose defaults to PRIVATE. The enableFlowLogs field isn't supported if the subnet purpose field is set to GLOBAL_MANAGED_PROXY or REGIONAL_MANAGED_PROXY.",
           "enum": [
             "GLOBAL_MANAGED_PROXY",
             "INTERNAL_HTTPS_LOAD_BALANCER",
@@ -71873,7 +71958,7 @@
           ],
           "enumDescriptions": [
             "Subnet reserved for Global Envoy-based Load Balancing.",
-            "Subnet reserved for Internal HTTP(S) Load Balancing.",
+            "Subnet reserved for Internal HTTP(S) Load Balancing. This is a legacy purpose, please use REGIONAL_MANAGED_PROXY instead.",
             "Regular user created or automatically created subnet.",
             "Subnetwork used as source range for Private NAT Gateways.",
             "Regular user created or automatically created subnet.",
@@ -71886,8 +71971,12 @@
           "description": "URL of the region where the Subnetwork resides. This field can be set only at resource creation time.",
           "type": "string"
         },
+        "reservedInternalRange": {
+          "description": "The URL of the reserved internal range.",
+          "type": "string"
+        },
         "role": {
-          "description": "The role of subnetwork. Currently, this field is only used when purpose = REGIONAL_MANAGED_PROXY. The value can be set to ACTIVE or BACKUP. An ACTIVE subnetwork is one that is currently being used for Envoy-based load balancers in a region. A BACKUP subnetwork is one that is ready to be promoted to ACTIVE or is currently draining. This field can be updated with a patch request.",
+          "description": "The role of subnetwork. Currently, this field is only used when purpose is set to GLOBAL_MANAGED_PROXY or REGIONAL_MANAGED_PROXY. The value can be set to ACTIVE or BACKUP. An ACTIVE subnetwork is one that is currently being used for Envoy-based load balancers in a region. A BACKUP subnetwork is one that is ready to be promoted to ACTIVE or is currently draining. This field can be updated with a patch request.",
           "enum": [
             "ACTIVE",
             "BACKUP"
@@ -72319,6 +72408,10 @@
         "rangeName": {
           "description": "The name associated with this subnetwork secondary range, used when adding an alias IP range to a VM instance. The name must be 1-63 characters long, and comply with RFC1035. The name must be unique within the subnetwork.",
           "type": "string"
+        },
+        "reservedInternalRange": {
+          "description": "The URL of the reserved internal range.",
+          "type": "string"
         }
       },
       "type": "object"
@@ -77026,7 +77119,7 @@
           "type": "string"
         },
         "purpose": {
-          "description": "The purpose of the resource. This field can be either PRIVATE, REGIONAL_MANAGED_PROXY, PRIVATE_SERVICE_CONNECT, or INTERNAL_HTTPS_LOAD_BALANCER. PRIVATE is the default purpose for user-created subnets or subnets that are automatically created in auto mode networks. A subnet with purpose set to REGIONAL_MANAGED_PROXY is a user-created subnetwork that is reserved for regional Envoy-based load balancers. A subnet with purpose set to PRIVATE_SERVICE_CONNECT is used to publish services using Private Service Connect. A subnet with purpose set to INTERNAL_HTTPS_LOAD_BALANCER is a proxy-only subnet that can be used only by regional internal HTTP(S) load balancers. Note that REGIONAL_MANAGED_PROXY is the preferred setting for all regional Envoy load balancers. If unspecified, the subnet purpose defaults to PRIVATE. The enableFlowLogs field isn't supported if the subnet purpose field is set to REGIONAL_MANAGED_PROXY.",
+          "description": "The purpose of the resource. This field can be either PRIVATE, GLOBAL_MANAGED_PROXY, REGIONAL_MANAGED_PROXY, PRIVATE_SERVICE_CONNECT, or PRIVATE is the default purpose for user-created subnets or subnets that are automatically created in auto mode networks. Subnets with purpose set to GLOBAL_MANAGED_PROXY or REGIONAL_MANAGED_PROXY are user-created subnetworks that are reserved for Envoy-based load balancers. A subnet with purpose set to PRIVATE_SERVICE_CONNECT is used to publish services using Private Service Connect. If unspecified, the subnet purpose defaults to PRIVATE. The enableFlowLogs field isn't supported if the subnet purpose field is set to GLOBAL_MANAGED_PROXY or REGIONAL_MANAGED_PROXY.",
           "enum": [
             "GLOBAL_MANAGED_PROXY",
             "INTERNAL_HTTPS_LOAD_BALANCER",
@@ -77038,7 +77131,7 @@
           ],
           "enumDescriptions": [
             "Subnet reserved for Global Envoy-based Load Balancing.",
-            "Subnet reserved for Internal HTTP(S) Load Balancing.",
+            "Subnet reserved for Internal HTTP(S) Load Balancing. This is a legacy purpose, please use REGIONAL_MANAGED_PROXY instead.",
             "Regular user created or automatically created subnet.",
             "Subnetwork used as source range for Private NAT Gateways.",
             "Regular user created or automatically created subnet.",
@@ -77048,7 +77141,7 @@
           "type": "string"
         },
         "role": {
-          "description": "The role of subnetwork. Currently, this field is only used when purpose = REGIONAL_MANAGED_PROXY. The value can be set to ACTIVE or BACKUP. An ACTIVE subnetwork is one that is currently being used for Envoy-based load balancers in a region. A BACKUP subnetwork is one that is ready to be promoted to ACTIVE or is currently draining. This field can be updated with a patch request.",
+          "description": "The role of subnetwork. Currently, this field is only used when purpose is set to GLOBAL_MANAGED_PROXY or REGIONAL_MANAGED_PROXY. The value can be set to ACTIVE or BACKUP. An ACTIVE subnetwork is one that is currently being used for Envoy-based load balancers in a region. A BACKUP subnetwork is one that is ready to be promoted to ACTIVE or is currently draining. This field can be updated with a patch request.",
           "enum": [
             "ACTIVE",
             "BACKUP"

vendor/google.golang.org/api/compute/v1/compute-gen.go

@@ -95,7 +95,9 @@ const apiId = "compute:v1"
 const apiName = "compute"
 const apiVersion = "v1"
 const basePath = "https://compute.googleapis.com/compute/v1/"
+const basePathTemplate = "https://compute.UNIVERSE_DOMAIN/compute/v1/"
 const mtlsBasePath = "https://compute.mtls.googleapis.com/compute/v1/"
+const defaultUniverseDomain = "googleapis.com"
 
 // OAuth2 scopes used by this API.
 const (
@@ -134,7 +136,9 @@ func NewService(ctx context.Context, opts ...option.ClientOption) (*Service, err
 	// NOTE: prepend, so we don't override user-specified scopes.
 	opts = append([]option.ClientOption{scopesOption}, opts...)
 	opts = append(opts, internaloption.WithDefaultEndpoint(basePath))
+	opts = append(opts, internaloption.WithDefaultEndpointTemplate(basePathTemplate))
 	opts = append(opts, internaloption.WithDefaultMTLSEndpoint(mtlsBasePath))
+	opts = append(opts, internaloption.WithDefaultUniverseDomain(defaultUniverseDomain))
 	client, endpoint, err := htransport.NewClient(ctx, opts...)
 	if err != nil {
 		return nil, err
@@ -7853,11 +7857,34 @@ type Binding struct {
 	// For example, `admins@example.com`. * `domain:{domain}`: The G Suite
 	// domain (primary) that represents all the users of that domain. For
 	// example, `google.com` or `example.com`. *
-	// `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus
+	// `principal://iam.googleapis.com/locations/global/workforcePools/{pool_
-	// unique identifier) representing a user that has been recently
+	// id}/subject/{subject_attribute_value}`: A single identity in a
-	// deleted. For example, `alice@example.com?uid=123456789012345678901`.
+	// workforce identity pool. *
-	// If the user is recovered, this value reverts to `user:{emailid}` and
+	// `principalSet://iam.googleapis.com/locations/global/workforcePools/{po
-	// the recovered user retains the role in the binding. *
+	// ol_id}/group/{group_id}`: All workforce identities in a group. *
+	// `principalSet://iam.googleapis.com/locations/global/workforcePools/{po
+	// ol_id}/attribute.{attribute_name}/{attribute_value}`: All workforce
+	// identities with a specific attribute value. *
+	// `principalSet://iam.googleapis.com/locations/global/workforcePools/{po
+	// ol_id}/*`: All identities in a workforce identity pool. *
+	// `principal://iam.googleapis.com/projects/{project_number}/locations/gl
+	// obal/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}
+	// `: A single identity in a workload identity pool. *
+	// `principalSet://iam.googleapis.com/projects/{project_number}/locations
+	// /global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload
+	// identity pool group. *
+	// `principalSet://iam.googleapis.com/projects/{project_number}/locations
+	// /global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{at
+	// tribute_value}`: All identities in a workload identity pool with a
+	// certain attribute. *
+	// `principalSet://iam.googleapis.com/projects/{project_number}/locations
+	// /global/workloadIdentityPools/{pool_id}/*`: All identities in a
+	// workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An
+	// email address (plus unique identifier) representing a user that has
+	// been recently deleted. For example,
+	// `alice@example.com?uid=123456789012345678901`. If the user is
+	// recovered, this value reverts to `user:{emailid}` and the recovered
+	// user retains the role in the binding. *
 	// `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address
 	// (plus unique identifier) representing a service account that has been
 	// recently deleted. For example,
@@ -7869,7 +7896,12 @@ type Binding struct {
 	// that has been recently deleted. For example,
 	// `admins@example.com?uid=123456789012345678901`. If the group is
 	// recovered, this value reverts to `group:{emailid}` and the recovered
-	// group retains the role in the binding.
+	// group retains the role in the binding. *
+	// `deleted:principal://iam.googleapis.com/locations/global/workforcePool
+	// s/{pool_id}/subject/{subject_attribute_value}`: Deleted single
+	// identity in a workforce identity pool. For example,
+	// `deleted:principal://iam.googleapis.com/locations/global/workforcePool
+	// s/my-pool-id/subject/my-subject-attribute-value`.
 	Members []string `json:"members,omitempty"`
 
 	// Role: Role that is assigned to the list of `members`, or principals.
@@ -8288,6 +8320,15 @@ type Commitment struct {
 	// format.
 	EndTimestamp string `json:"endTimestamp,omitempty"`
 
+	// ExistingReservations: Specifies the already existing reservations to
+	// attach to the Commitment. This field is optional, and it can be a
+	// full or partial URL. For example, the following are valid URLs to an
+	// reservation: -
+	// https://www.googleapis.com/compute/v1/projects/project/zones/zone
+	// /reservations/reservation -
+	// projects/project/zones/zone/reservations/reservation
+	ExistingReservations []string `json:"existingReservations,omitempty"`
+
 	// Id: [Output Only] The unique identifier for the resource. This
 	// identifier is defined by the server.
 	Id uint64 `json:"id,omitempty,string"`
@@ -8327,7 +8368,7 @@ type Commitment struct {
 	// used.
 	Region string `json:"region,omitempty"`
 
-	// Reservations: List of create-on-create reseravtions for this
+	// Reservations: List of create-on-create reservations for this
 	// commitment.
 	Reservations []*Reservation `json:"reservations,omitempty"`
 
@@ -9580,6 +9621,9 @@ type Disk struct {
 	// resource.
 	ResourceStatus *DiskResourceStatus `json:"resourceStatus,omitempty"`
 
+	// SatisfiesPzi: Output only. Reserved for future use.
+	SatisfiesPzi bool `json:"satisfiesPzi,omitempty"`
+
 	// SatisfiesPzs: [Output Only] Reserved for future use.
 	SatisfiesPzs bool `json:"satisfiesPzs,omitempty"`
 
@@ -14856,12 +14900,13 @@ type GuestOsFeature struct {
 	// commas to separate values. Set to one or more of the following
 	// values: - VIRTIO_SCSI_MULTIQUEUE - WINDOWS - MULTI_IP_SUBNET -
 	// UEFI_COMPATIBLE - GVNIC - SEV_CAPABLE - SUSPEND_RESUME_COMPATIBLE -
-	// SEV_LIVE_MIGRATABLE - SEV_SNP_CAPABLE For more information, see
+	// SEV_LIVE_MIGRATABLE - SEV_SNP_CAPABLE - IDPF For more information,
-	// Enabling guest operating system features.
+	// see Enabling guest operating system features.
 	//
 	// Possible values:
 	//   "FEATURE_TYPE_UNSPECIFIED"
 	//   "GVNIC"
+	//   "IDPF"
 	//   "MULTI_IP_SUBNET"
 	//   "SECURE_BOOT"
 	//   "SEV_CAPABLE"
@@ -17960,6 +18005,9 @@ type Image struct {
 	// RawDisk: The parameters of the raw disk image.
 	RawDisk *ImageRawDisk `json:"rawDisk,omitempty"`
 
+	// SatisfiesPzi: Output only. Reserved for future use.
+	SatisfiesPzi bool `json:"satisfiesPzi,omitempty"`
+
 	// SatisfiesPzs: [Output Only] Reserved for future use.
 	SatisfiesPzs bool `json:"satisfiesPzs,omitempty"`
 
@@ -27731,6 +27779,9 @@ type MachineImage struct {
 	// last character, which cannot be a dash.
 	Name string `json:"name,omitempty"`
 
+	// SatisfiesPzi: Output only. Reserved for future use.
+	SatisfiesPzi bool `json:"satisfiesPzi,omitempty"`
+
 	// SatisfiesPzs: [Output Only] Reserved for future use.
 	SatisfiesPzs bool `json:"satisfiesPzs,omitempty"`
 
@@ -35424,7 +35475,8 @@ func (s *NotificationEndpointListWarningData) MarshalJSON() ([]byte, error) {
 // `globalOperations` resource. - For regional operations, use the
 // `regionOperations` resource. - For zonal operations, use the
 // `zoneOperations` resource. For more information, read Global,
-// Regional, and Zonal Resources.
+// Regional, and Zonal Resources. Note that completed Operation
+// resources have a limited retention period.
 type Operation struct {
 	// ClientOperationId: [Output Only] The value of `requestId` if you
 	// provided it in the request. Not present otherwise.
@@ -36833,14 +36885,16 @@ type PacketMirroringFilter struct {
 	// IPProtocols: Protocols that apply as filter on mirrored traffic. If
 	// no protocols are specified, all traffic that matches the specified
 	// CIDR ranges is mirrored. If neither cidrRanges nor IPProtocols is
-	// specified, all traffic is mirrored.
+	// specified, all IPv4 traffic is mirrored.
 	IPProtocols []string `json:"IPProtocols,omitempty"`
 
-	// CidrRanges: IP CIDR ranges that apply as filter on the source
+	// CidrRanges: One or more IPv4 or IPv6 CIDR ranges that apply as filter
-	// (ingress) or destination (egress) IP in the IP header. Only IPv4 is
+	// on the source (ingress) or destination (egress) IP in the IP header.
-	// supported. If no ranges are specified, all traffic that matches the
+	// If no ranges are specified, all IPv4 traffic that matches the
 	// specified IPProtocols is mirrored. If neither cidrRanges nor
-	// IPProtocols is specified, all traffic is mirrored.
+	// IPProtocols is specified, all IPv4 traffic is mirrored. To mirror all
+	// IPv4 and IPv6 traffic, use "0.0.0.0/0,::/0". Note: Support for IPv6
+	// traffic is in preview.
 	CidrRanges []string `json:"cidrRanges,omitempty"`
 
 	// Direction: Direction of traffic to mirror, either INGRESS, EGRESS, or
@@ -39362,6 +39416,7 @@ type Quota struct {
 	//   "COMMITTED_N2_CPUS"
 	//   "COMMITTED_NVIDIA_A100_80GB_GPUS"
 	//   "COMMITTED_NVIDIA_A100_GPUS"
+	//   "COMMITTED_NVIDIA_H100_GPUS"
 	//   "COMMITTED_NVIDIA_K80_GPUS"
 	//   "COMMITTED_NVIDIA_L4_GPUS"
 	//   "COMMITTED_NVIDIA_P100_GPUS"
@@ -39437,6 +39492,7 @@ type Quota struct {
 	//   "PREEMPTIBLE_LOCAL_SSD_GB"
 	//   "PREEMPTIBLE_NVIDIA_A100_80GB_GPUS"
 	//   "PREEMPTIBLE_NVIDIA_A100_GPUS"
+	//   "PREEMPTIBLE_NVIDIA_H100_GPUS"
 	//   "PREEMPTIBLE_NVIDIA_K80_GPUS"
 	//   "PREEMPTIBLE_NVIDIA_L4_GPUS"
 	//   "PREEMPTIBLE_NVIDIA_P100_GPUS"
@@ -48204,7 +48260,7 @@ func (s *SecurityPolicyRuleMatcherConfig) MarshalJSON() ([]byte, error) {
 type SecurityPolicyRuleMatcherExprOptions struct {
 	// RecaptchaOptions: reCAPTCHA configuration options to be applied for
 	// the rule. If the rule does not evaluate reCAPTCHA tokens, this field
-	// will have no effect.
+	// has no effect.
 	RecaptchaOptions *SecurityPolicyRuleMatcherExprOptionsRecaptchaOptions `json:"recaptchaOptions,omitempty"`
 
 	// ForceSendFields is a list of field names (e.g. "RecaptchaOptions") to
@@ -50184,6 +50240,9 @@ type Snapshot struct {
 	// last character, which cannot be a dash.
 	Name string `json:"name,omitempty"`
 
+	// SatisfiesPzi: Output only. Reserved for future use.
+	SatisfiesPzi bool `json:"satisfiesPzi,omitempty"`
+
 	// SatisfiesPzs: [Output Only] Reserved for future use.
 	SatisfiesPzs bool `json:"satisfiesPzs,omitempty"`
 
@@ -52698,26 +52757,24 @@ type Subnetwork struct {
 	PrivateIpv6GoogleAccess string `json:"privateIpv6GoogleAccess,omitempty"`
 
 	// Purpose: The purpose of the resource. This field can be either
-	// PRIVATE, REGIONAL_MANAGED_PROXY, PRIVATE_SERVICE_CONNECT, or
+	// PRIVATE, GLOBAL_MANAGED_PROXY, REGIONAL_MANAGED_PROXY,
-	// INTERNAL_HTTPS_LOAD_BALANCER. PRIVATE is the default purpose for
+	// PRIVATE_SERVICE_CONNECT, or PRIVATE is the default purpose for
 	// user-created subnets or subnets that are automatically created in
-	// auto mode networks. A subnet with purpose set to
+	// auto mode networks. Subnets with purpose set to GLOBAL_MANAGED_PROXY
-	// REGIONAL_MANAGED_PROXY is a user-created subnetwork that is reserved
+	// or REGIONAL_MANAGED_PROXY are user-created subnetworks that are
-	// for regional Envoy-based load balancers. A subnet with purpose set to
+	// reserved for Envoy-based load balancers. A subnet with purpose set to
 	// PRIVATE_SERVICE_CONNECT is used to publish services using Private
-	// Service Connect. A subnet with purpose set to
+	// Service Connect. If unspecified, the subnet purpose defaults to
-	// INTERNAL_HTTPS_LOAD_BALANCER is a proxy-only subnet that can be used
-	// only by regional internal HTTP(S) load balancers. Note that
-	// REGIONAL_MANAGED_PROXY is the preferred setting for all regional
-	// Envoy load balancers. If unspecified, the subnet purpose defaults to
 	// PRIVATE. The enableFlowLogs field isn't supported if the subnet
-	// purpose field is set to REGIONAL_MANAGED_PROXY.
+	// purpose field is set to GLOBAL_MANAGED_PROXY or
+	// REGIONAL_MANAGED_PROXY.
 	//
 	// Possible values:
 	//   "GLOBAL_MANAGED_PROXY" - Subnet reserved for Global Envoy-based
 	// Load Balancing.
 	//   "INTERNAL_HTTPS_LOAD_BALANCER" - Subnet reserved for Internal
-	// HTTP(S) Load Balancing.
+	// HTTP(S) Load Balancing. This is a legacy purpose, please use
+	// REGIONAL_MANAGED_PROXY instead.
 	//   "PRIVATE" - Regular user created or automatically created subnet.
 	//   "PRIVATE_NAT" - Subnetwork used as source range for Private NAT
 	// Gateways.
@@ -52733,12 +52790,16 @@ type Subnetwork struct {
 	// can be set only at resource creation time.
 	Region string `json:"region,omitempty"`
 
+	// ReservedInternalRange: The URL of the reserved internal range.
+	ReservedInternalRange string `json:"reservedInternalRange,omitempty"`
+
 	// Role: The role of subnetwork. Currently, this field is only used when
-	// purpose = REGIONAL_MANAGED_PROXY. The value can be set to ACTIVE or
+	// purpose is set to GLOBAL_MANAGED_PROXY or REGIONAL_MANAGED_PROXY. The
-	// BACKUP. An ACTIVE subnetwork is one that is currently being used for
+	// value can be set to ACTIVE or BACKUP. An ACTIVE subnetwork is one
-	// Envoy-based load balancers in a region. A BACKUP subnetwork is one
+	// that is currently being used for Envoy-based load balancers in a
-	// that is ready to be promoted to ACTIVE or is currently draining. This
+	// region. A BACKUP subnetwork is one that is ready to be promoted to
-	// field can be updated with a patch request.
+	// ACTIVE or is currently draining. This field can be updated with a
+	// patch request.
 	//
 	// Possible values:
 	//   "ACTIVE" - The ACTIVE subnet that is currently used.
@@ -53304,6 +53365,9 @@ type SubnetworkSecondaryRange struct {
 	// unique within the subnetwork.
 	RangeName string `json:"rangeName,omitempty"`
 
+	// ReservedInternalRange: The URL of the reserved internal range.
+	ReservedInternalRange string `json:"reservedInternalRange,omitempty"`
+
 	// ForceSendFields is a list of field names (e.g. "IpCidrRange") to
 	// unconditionally include in API requests. By default, fields with
 	// empty or default values are omitted from API requests. However, any
@@ -59925,26 +59989,24 @@ type UsableSubnetwork struct {
 	Network string `json:"network,omitempty"`
 
 	// Purpose: The purpose of the resource. This field can be either
-	// PRIVATE, REGIONAL_MANAGED_PROXY, PRIVATE_SERVICE_CONNECT, or
+	// PRIVATE, GLOBAL_MANAGED_PROXY, REGIONAL_MANAGED_PROXY,
-	// INTERNAL_HTTPS_LOAD_BALANCER. PRIVATE is the default purpose for
+	// PRIVATE_SERVICE_CONNECT, or PRIVATE is the default purpose for
 	// user-created subnets or subnets that are automatically created in
-	// auto mode networks. A subnet with purpose set to
+	// auto mode networks. Subnets with purpose set to GLOBAL_MANAGED_PROXY
-	// REGIONAL_MANAGED_PROXY is a user-created subnetwork that is reserved
+	// or REGIONAL_MANAGED_PROXY are user-created subnetworks that are
-	// for regional Envoy-based load balancers. A subnet with purpose set to
+	// reserved for Envoy-based load balancers. A subnet with purpose set to
 	// PRIVATE_SERVICE_CONNECT is used to publish services using Private
-	// Service Connect. A subnet with purpose set to
+	// Service Connect. If unspecified, the subnet purpose defaults to
-	// INTERNAL_HTTPS_LOAD_BALANCER is a proxy-only subnet that can be used
-	// only by regional internal HTTP(S) load balancers. Note that
-	// REGIONAL_MANAGED_PROXY is the preferred setting for all regional
-	// Envoy load balancers. If unspecified, the subnet purpose defaults to
 	// PRIVATE. The enableFlowLogs field isn't supported if the subnet
-	// purpose field is set to REGIONAL_MANAGED_PROXY.
+	// purpose field is set to GLOBAL_MANAGED_PROXY or
+	// REGIONAL_MANAGED_PROXY.
 	//
 	// Possible values:
 	//   "GLOBAL_MANAGED_PROXY" - Subnet reserved for Global Envoy-based
 	// Load Balancing.
 	//   "INTERNAL_HTTPS_LOAD_BALANCER" - Subnet reserved for Internal
-	// HTTP(S) Load Balancing.
+	// HTTP(S) Load Balancing. This is a legacy purpose, please use
+	// REGIONAL_MANAGED_PROXY instead.
 	//   "PRIVATE" - Regular user created or automatically created subnet.
 	//   "PRIVATE_NAT" - Subnetwork used as source range for Private NAT
 	// Gateways.
@@ -59957,11 +60019,12 @@ type UsableSubnetwork struct {
 	Purpose string `json:"purpose,omitempty"`
 
 	// Role: The role of subnetwork. Currently, this field is only used when
-	// purpose = REGIONAL_MANAGED_PROXY. The value can be set to ACTIVE or
+	// purpose is set to GLOBAL_MANAGED_PROXY or REGIONAL_MANAGED_PROXY. The
-	// BACKUP. An ACTIVE subnetwork is one that is currently being used for
+	// value can be set to ACTIVE or BACKUP. An ACTIVE subnetwork is one
-	// Envoy-based load balancers in a region. A BACKUP subnetwork is one
+	// that is currently being used for Envoy-based load balancers in a
-	// that is ready to be promoted to ACTIVE or is currently draining. This
+	// region. A BACKUP subnetwork is one that is ready to be promoted to
-	// field can be updated with a patch request.
+	// ACTIVE or is currently draining. This field can be updated with a
+	// patch request.
 	//
 	// Possible values:
 	//   "ACTIVE" - The ACTIVE subnet that is currently used.
@@ -68256,7 +68319,7 @@ type BackendBucketsSetEdgeSecurityPolicyCall struct {
 // SetEdgeSecurityPolicy: Sets the edge security policy for the
 // specified backend bucket.
 //
-//   - backendBucket: Name of the BackendService resource to which the
+//   - backendBucket: Name of the BackendBucket resource to which the
 //     security policy should be set. The name should conform to RFC1035.
 //   - project: Project ID for this request.
 func (r *BackendBucketsService) SetEdgeSecurityPolicy(project string, backendBucket string, securitypolicyreference *SecurityPolicyReference) *BackendBucketsSetEdgeSecurityPolicyCall {
@@ -68385,7 +68448,7 @@ func (c *BackendBucketsSetEdgeSecurityPolicyCall) Do(opts ...googleapi.CallOptio
 	//   ],
 	//   "parameters": {
 	//     "backendBucket": {
-	//       "description": "Name of the BackendService resource to which the security policy should be set. The name should conform to RFC1035.",
+	//       "description": "Name of the BackendBucket resource to which the security policy should be set. The name should conform to RFC1035.",
 	//       "location": "path",
 	//       "required": true,
 	//       "type": "string"
@@ -107046,6 +107109,184 @@ func (c *InstancesListReferrersCall) Pages(ctx context.Context, f func(*Instance
 	}
 }
 
+// method id "compute.instances.performMaintenance":
+
+type InstancesPerformMaintenanceCall struct {
+	s          *Service
+	project    string
+	zone       string
+	instance   string
+	urlParams_ gensupport.URLParams
+	ctx_       context.Context
+	header_    http.Header
+}
+
+// PerformMaintenance: Perform a manual maintenance on the instance.
+//
+// - instance: Name of the instance scoping this request.
+// - project: Project ID for this request.
+// - zone: The name of the zone for this request.
+func (r *InstancesService) PerformMaintenance(project string, zone string, instance string) *InstancesPerformMaintenanceCall {
+	c := &InstancesPerformMaintenanceCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.zone = zone
+	c.instance = instance
+	return c
+}
+
+// RequestId sets the optional parameter "requestId": An optional
+// request ID to identify requests. Specify a unique request ID so that
+// if you must retry your request, the server will know to ignore the
+// request if it has already been completed. For example, consider a
+// situation where you make an initial request and the request times
+// out. If you make the request again with the same request ID, the
+// server can check if original operation with the same request ID was
+// received, and if so, will ignore the second request. This prevents
+// clients from accidentally creating duplicate commitments. The request
+// ID must be a valid UUID with the exception that zero UUID is not
+// supported ( 00000000-0000-0000-0000-000000000000).
+func (c *InstancesPerformMaintenanceCall) RequestId(requestId string) *InstancesPerformMaintenanceCall {
+	c.urlParams_.Set("requestId", requestId)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *InstancesPerformMaintenanceCall) Fields(s ...googleapi.Field) *InstancesPerformMaintenanceCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *InstancesPerformMaintenanceCall) Context(ctx context.Context) *InstancesPerformMaintenanceCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *InstancesPerformMaintenanceCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *InstancesPerformMaintenanceCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/instances/{instance}/performMaintenance")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("POST", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project":  c.project,
+		"zone":     c.zone,
+		"instance": c.instance,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.instances.performMaintenance" call.
+// Exactly one of *Operation or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *Operation.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *InstancesPerformMaintenanceCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Operation{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Perform a manual maintenance on the instance.",
+	//   "flatPath": "projects/{project}/zones/{zone}/instances/{instance}/performMaintenance",
+	//   "httpMethod": "POST",
+	//   "id": "compute.instances.performMaintenance",
+	//   "parameterOrder": [
+	//     "project",
+	//     "zone",
+	//     "instance"
+	//   ],
+	//   "parameters": {
+	//     "instance": {
+	//       "description": "Name of the instance scoping this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "requestId": {
+	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "zone": {
+	//       "description": "The name of the zone for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "required": true,
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/zones/{zone}/instances/{instance}/performMaintenance",
+	//   "response": {
+	//     "$ref": "Operation"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute"
+	//   ]
+	// }
+
+}
+
 // method id "compute.instances.removeResourcePolicies":
 
 type InstancesRemoveResourcePoliciesCall struct {
@@ -110412,6 +110653,14 @@ func (c *InstancesSimulateMaintenanceEventCall) RequestId(requestId string) *Ins
 	return c
 }
 
+// WithExtendedNotifications sets the optional parameter
+// "withExtendedNotifications": Determines whether the customers receive
+// notifications before migration. Only applicable to SF vms.
+func (c *InstancesSimulateMaintenanceEventCall) WithExtendedNotifications(withExtendedNotifications bool) *InstancesSimulateMaintenanceEventCall {
+	c.urlParams_.Set("withExtendedNotifications", fmt.Sprint(withExtendedNotifications))
+	return c
+}
+
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
@@ -110529,6 +110778,11 @@ func (c *InstancesSimulateMaintenanceEventCall) Do(opts ...googleapi.CallOption)
 	//       "location": "query",
 	//       "type": "string"
 	//     },
+	//     "withExtendedNotifications": {
+	//       "description": "Determines whether the customers receive notifications before migration. Only applicable to SF vms.",
+	//       "location": "query",
+	//       "type": "boolean"
+	//     },
 	//     "zone": {
 	//       "description": "The name of the zone for this request.",
 	//       "location": "path",

vendor/google.golang.org/api/container/v1/container-gen.go

@@ -90,7 +90,9 @@ const apiId = "container:v1"
 const apiName = "container"
 const apiVersion = "v1"
 const basePath = "https://container.googleapis.com/"
+const basePathTemplate = "https://container.UNIVERSE_DOMAIN/"
 const mtlsBasePath = "https://container.mtls.googleapis.com/"
+const defaultUniverseDomain = "googleapis.com"
 
 // OAuth2 scopes used by this API.
 const (
@@ -107,7 +109,9 @@ func NewService(ctx context.Context, opts ...option.ClientOption) (*Service, err
 	// NOTE: prepend, so we don't override user-specified scopes.
 	opts = append([]option.ClientOption{scopesOption}, opts...)
 	opts = append(opts, internaloption.WithDefaultEndpoint(basePath))
+	opts = append(opts, internaloption.WithDefaultEndpointTemplate(basePathTemplate))
 	opts = append(opts, internaloption.WithDefaultMTLSEndpoint(mtlsBasePath))
+	opts = append(opts, internaloption.WithDefaultUniverseDomain(defaultUniverseDomain))
 	client, endpoint, err := htransport.NewClient(ctx, opts...)
 	if err != nil {
 		return nil, err

vendor/google.golang.org/api/dns/v1/dns-gen.go

@@ -95,7 +95,9 @@ const apiId = "dns:v1"
 const apiName = "dns"
 const apiVersion = "v1"
 const basePath = "https://dns.googleapis.com/"
+const basePathTemplate = "https://dns.UNIVERSE_DOMAIN/"
 const mtlsBasePath = "https://dns.mtls.googleapis.com/"
+const defaultUniverseDomain = "googleapis.com"
 
 // OAuth2 scopes used by this API.
 const (
@@ -125,7 +127,9 @@ func NewService(ctx context.Context, opts ...option.ClientOption) (*Service, err
 	// NOTE: prepend, so we don't override user-specified scopes.
 	opts = append([]option.ClientOption{scopesOption}, opts...)
 	opts = append(opts, internaloption.WithDefaultEndpoint(basePath))
+	opts = append(opts, internaloption.WithDefaultEndpointTemplate(basePathTemplate))
 	opts = append(opts, internaloption.WithDefaultMTLSEndpoint(mtlsBasePath))
+	opts = append(opts, internaloption.WithDefaultUniverseDomain(defaultUniverseDomain))
 	client, endpoint, err := htransport.NewClient(ctx, opts...)
 	if err != nil {
 		return nil, err

vendor/google.golang.org/api/iam/v1/iam-gen.go

@@ -90,7 +90,9 @@ const apiId = "iam:v1"
 const apiName = "iam"
 const apiVersion = "v1"
 const basePath = "https://iam.googleapis.com/"
+const basePathTemplate = "https://iam.UNIVERSE_DOMAIN/"
 const mtlsBasePath = "https://iam.mtls.googleapis.com/"
+const defaultUniverseDomain = "googleapis.com"
 
 // OAuth2 scopes used by this API.
 const (
@@ -107,7 +109,9 @@ func NewService(ctx context.Context, opts ...option.ClientOption) (*Service, err
 	// NOTE: prepend, so we don't override user-specified scopes.
 	opts = append([]option.ClientOption{scopesOption}, opts...)
 	opts = append(opts, internaloption.WithDefaultEndpoint(basePath))
+	opts = append(opts, internaloption.WithDefaultEndpointTemplate(basePathTemplate))
 	opts = append(opts, internaloption.WithDefaultMTLSEndpoint(mtlsBasePath))
+	opts = append(opts, internaloption.WithDefaultUniverseDomain(defaultUniverseDomain))
 	client, endpoint, err := htransport.NewClient(ctx, opts...)
 	if err != nil {
 		return nil, err

vendor/google.golang.org/api/internal/version.go

@@ -5,4 +5,4 @@
 package internal
 
 // Version is the current tagged release of the library.
-const Version = "0.155.0"
+const Version = "0.156.0"

vendor/google.golang.org/api/networkservices/v1/networkservices-gen.go

@@ -90,7 +90,9 @@ const apiId = "networkservices:v1"
 const apiName = "networkservices"
 const apiVersion = "v1"
 const basePath = "https://networkservices.googleapis.com/"
+const basePathTemplate = "https://networkservices.UNIVERSE_DOMAIN/"
 const mtlsBasePath = "https://networkservices.mtls.googleapis.com/"
+const defaultUniverseDomain = "googleapis.com"
 
 // OAuth2 scopes used by this API.
 const (
@@ -107,7 +109,9 @@ func NewService(ctx context.Context, opts ...option.ClientOption) (*Service, err
 	// NOTE: prepend, so we don't override user-specified scopes.
 	opts = append([]option.ClientOption{scopesOption}, opts...)
 	opts = append(opts, internaloption.WithDefaultEndpoint(basePath))
+	opts = append(opts, internaloption.WithDefaultEndpointTemplate(basePathTemplate))
 	opts = append(opts, internaloption.WithDefaultMTLSEndpoint(mtlsBasePath))
+	opts = append(opts, internaloption.WithDefaultUniverseDomain(defaultUniverseDomain))
 	client, endpoint, err := htransport.NewClient(ctx, opts...)
 	if err != nil {
 		return nil, err

vendor/google.golang.org/api/networkservices/v1beta1/networkservices-gen.go

@@ -90,7 +90,9 @@ const apiId = "networkservices:v1beta1"
 const apiName = "networkservices"
 const apiVersion = "v1beta1"
 const basePath = "https://networkservices.googleapis.com/"
+const basePathTemplate = "https://networkservices.UNIVERSE_DOMAIN/"
 const mtlsBasePath = "https://networkservices.mtls.googleapis.com/"
+const defaultUniverseDomain = "googleapis.com"
 
 // OAuth2 scopes used by this API.
 const (
@@ -107,7 +109,9 @@ func NewService(ctx context.Context, opts ...option.ClientOption) (*Service, err
 	// NOTE: prepend, so we don't override user-specified scopes.
 	opts = append([]option.ClientOption{scopesOption}, opts...)
 	opts = append(opts, internaloption.WithDefaultEndpoint(basePath))
+	opts = append(opts, internaloption.WithDefaultEndpointTemplate(basePathTemplate))
 	opts = append(opts, internaloption.WithDefaultMTLSEndpoint(mtlsBasePath))
+	opts = append(opts, internaloption.WithDefaultUniverseDomain(defaultUniverseDomain))
 	client, endpoint, err := htransport.NewClient(ctx, opts...)
 	if err != nil {
 		return nil, err

vendor/google.golang.org/api/oauth2/v2/oauth2-gen.go

@@ -95,6 +95,8 @@ const apiId = "oauth2:v2"
 const apiName = "oauth2"
 const apiVersion = "v2"
 const basePath = "https://www.googleapis.com/"
+const basePathTemplate = "https://www.UNIVERSE_DOMAIN/"
+const defaultUniverseDomain = "googleapis.com"
 
 // OAuth2 scopes used by this API.
 const (
@@ -119,6 +121,8 @@ func NewService(ctx context.Context, opts ...option.ClientOption) (*Service, err
 	// NOTE: prepend, so we don't override user-specified scopes.
 	opts = append([]option.ClientOption{scopesOption}, opts...)
 	opts = append(opts, internaloption.WithDefaultEndpoint(basePath))
+	opts = append(opts, internaloption.WithDefaultEndpointTemplate(basePathTemplate))
+	opts = append(opts, internaloption.WithDefaultUniverseDomain(defaultUniverseDomain))
 	client, endpoint, err := htransport.NewClient(ctx, opts...)
 	if err != nil {
 		return nil, err

vendor/google.golang.org/api/storage/v1/storage-api.json

@@ -33,7 +33,7 @@
       "location": "me-central2"
     }
   ],
-  "etag": "\"3131373432363238303039393730353234383930\"",
+  "etag": "\"3136323232353032373039383637313835303036\"",
   "icons": {
     "x16": "https://www.google.com/images/icons/product/cloud_storage-16.png",
     "x32": "https://www.google.com/images/icons/product/cloud_storage-32.png"
@@ -99,7 +99,7 @@
   },
   "protocol": "rest",
   "resources": {
-    "anywhereCache": {
+    "anywhereCaches": {
       "methods": {
         "disable": {
           "description": "Disables an Anywhere Cache instance.",
@@ -117,7 +117,7 @@
               "type": "string"
             },
             "bucket": {
-              "description": "Name of the partent bucket",
+              "description": "Name of the parent bucket.",
               "location": "path",
               "required": true,
               "type": "string"
@@ -149,7 +149,7 @@
               "type": "string"
             },
             "bucket": {
-              "description": "Name of the partent bucket",
+              "description": "Name of the parent bucket.",
               "location": "path",
               "required": true,
               "type": "string"
@@ -176,7 +176,7 @@
           ],
           "parameters": {
             "bucket": {
-              "description": "Name of the partent bucket",
+              "description": "Name of the parent bucket.",
               "location": "path",
               "required": true,
               "type": "string"
@@ -204,13 +204,13 @@
           ],
           "parameters": {
             "bucket": {
-              "description": "Name of the partent bucket",
+              "description": "Name of the parent bucket.",
               "location": "path",
               "required": true,
               "type": "string"
             },
             "pageSize": {
-              "description": "Maximum number of items return in a single page of responses. Maximum 1000.",
+              "description": "Maximum number of items to return in a single page of responses. Maximum 1000.",
               "format": "int32",
               "location": "query",
               "minimum": "0",
@@ -250,7 +250,7 @@
               "type": "string"
             },
             "bucket": {
-              "description": "Name of the partent bucket",
+              "description": "Name of the parent bucket.",
               "location": "path",
               "required": true,
               "type": "string"
@@ -282,7 +282,7 @@
               "type": "string"
             },
             "bucket": {
-              "description": "Name of the partent bucket",
+              "description": "Name of the parent bucket.",
               "location": "path",
               "required": true,
               "type": "string"
@@ -314,7 +314,7 @@
               "type": "string"
             },
             "bucket": {
-              "description": "Name of the partent bucket",
+              "description": "Name of the parent bucket.",
               "location": "path",
               "required": true,
               "type": "string"
@@ -1387,6 +1387,240 @@
         }
       }
     },
+    "folders": {
+      "methods": {
+        "delete": {
+          "description": "Permanently deletes a folder. Only applicable to buckets with hierarchical namespace enabled.",
+          "httpMethod": "DELETE",
+          "id": "storage.folders.delete",
+          "parameterOrder": [
+            "bucket",
+            "folder"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "Name of the bucket in which the folder resides.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "folder": {
+              "description": "Name of a folder.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "ifMetagenerationMatch": {
+              "description": "If set, only deletes the folder if its metageneration matches this value.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "ifMetagenerationNotMatch": {
+              "description": "If set, only deletes the folder if its metageneration does not match this value.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "b/{bucket}/folders/{folder}",
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/devstorage.full_control",
+            "https://www.googleapis.com/auth/devstorage.read_write"
+          ]
+        },
+        "get": {
+          "description": "Returns metadata for the specified folder. Only applicable to buckets with hierarchical namespace enabled.",
+          "httpMethod": "GET",
+          "id": "storage.folders.get",
+          "parameterOrder": [
+            "bucket",
+            "folder"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "Name of the bucket in which the folder resides.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "folder": {
+              "description": "Name of a folder.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "ifMetagenerationMatch": {
+              "description": "Makes the return of the folder metadata conditional on whether the folder's current metageneration matches the given value.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "ifMetagenerationNotMatch": {
+              "description": "Makes the return of the folder metadata conditional on whether the folder's current metageneration does not match the given value.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "b/{bucket}/folders/{folder}",
+          "response": {
+            "$ref": "Folder"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/cloud-platform.read-only",
+            "https://www.googleapis.com/auth/devstorage.full_control",
+            "https://www.googleapis.com/auth/devstorage.read_only",
+            "https://www.googleapis.com/auth/devstorage.read_write"
+          ]
+        },
+        "insert": {
+          "description": "Creates a new folder. Only applicable to buckets with hierarchical namespace enabled.",
+          "httpMethod": "POST",
+          "id": "storage.folders.insert",
+          "parameterOrder": [
+            "bucket"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "Name of the bucket in which the folder resides.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "recursive": {
+              "description": "If true, any parent folder which doesn’t exist will be created automatically.",
+              "location": "query",
+              "type": "boolean"
+            }
+          },
+          "path": "b/{bucket}/folders",
+          "request": {
+            "$ref": "Folder"
+          },
+          "response": {
+            "$ref": "Folder"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/devstorage.full_control",
+            "https://www.googleapis.com/auth/devstorage.read_write"
+          ]
+        },
+        "list": {
+          "description": "Retrieves a list of folders matching the criteria. Only applicable to buckets with hierarchical namespace enabled.",
+          "httpMethod": "GET",
+          "id": "storage.folders.list",
+          "parameterOrder": [
+            "bucket"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "Name of the bucket in which to look for folders.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "delimiter": {
+              "description": "Returns results in a directory-like mode. The only supported value is '/'. If set, items will only contain folders that either exactly match the prefix, or are one level below the prefix.",
+              "location": "query",
+              "type": "string"
+            },
+            "endOffset": {
+              "description": "Filter results to folders whose names are lexicographically before endOffset. If startOffset is also set, the folders listed will have names between startOffset (inclusive) and endOffset (exclusive).",
+              "location": "query",
+              "type": "string"
+            },
+            "pageSize": {
+              "description": "Maximum number of items to return in a single page of responses.",
+              "format": "int32",
+              "location": "query",
+              "minimum": "0",
+              "type": "integer"
+            },
+            "pageToken": {
+              "description": "A previously-returned page token representing part of the larger set of results to view.",
+              "location": "query",
+              "type": "string"
+            },
+            "prefix": {
+              "description": "Filter results to folders whose paths begin with this prefix. If set, the value must either be an empty string or end with a '/'.",
+              "location": "query",
+              "type": "string"
+            },
+            "startOffset": {
+              "description": "Filter results to folders whose names are lexicographically equal to or after startOffset. If endOffset is also set, the folders listed will have names between startOffset (inclusive) and endOffset (exclusive).",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "b/{bucket}/folders",
+          "response": {
+            "$ref": "Folders"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/cloud-platform.read-only",
+            "https://www.googleapis.com/auth/devstorage.full_control",
+            "https://www.googleapis.com/auth/devstorage.read_only",
+            "https://www.googleapis.com/auth/devstorage.read_write"
+          ]
+        },
+        "rename": {
+          "description": "Renames a source folder to a destination folder. Only applicable to buckets with hierarchical namespace enabled.",
+          "httpMethod": "POST",
+          "id": "storage.folders.rename",
+          "parameterOrder": [
+            "bucket",
+            "sourceFolder",
+            "destinationFolder"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "Name of the bucket in which the folders are in.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "destinationFolder": {
+              "description": "Name of the destination folder.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "ifSourceMetagenerationMatch": {
+              "description": "Makes the operation conditional on whether the source object's current metageneration matches the given value.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "ifSourceMetagenerationNotMatch": {
+              "description": "Makes the operation conditional on whether the source object's current metageneration does not match the given value.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "sourceFolder": {
+              "description": "Name of the source folder.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "b/{bucket}/folders/{sourceFolder}/renameTo/folders/{destinationFolder}",
+          "response": {
+            "$ref": "GoogleLongrunningOperation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/devstorage.full_control",
+            "https://www.googleapis.com/auth/devstorage.read_write"
+          ]
+        }
+      }
+    },
     "managedFolders": {
       "methods": {
         "delete": {
@@ -1565,7 +1799,7 @@
               "type": "string"
             },
             "pageSize": {
-              "description": "Maximum number of items return in a single page of responses.",
+              "description": "Maximum number of items to return in a single page of responses.",
               "format": "int32",
               "location": "query",
               "minimum": "0",
@@ -3806,7 +4040,7 @@
       }
     }
   },
-  "revision": "20231202",
+  "revision": "20240105",
   "rootUrl": "https://storage.googleapis.com/",
   "schemas": {
     "AnywhereCache": {
@@ -3860,6 +4094,10 @@
           "description": "The modification time of the cache instance metadata in RFC 3339 format.",
           "format": "date-time",
           "type": "string"
+        },
+        "zone": {
+          "description": "The zone in which the cache instance is running. For example, us-central1-a.",
+          "type": "string"
         }
       },
       "type": "object"
@@ -4010,6 +4248,16 @@
           "description": "HTTP 1.1 Entity tag for the bucket.",
           "type": "string"
         },
+        "hierarchicalNamespace": {
+          "description": "The bucket's hierarchical namespace configuration.",
+          "properties": {
+            "enabled": {
+              "description": "When set to true, hierarchical namespace is enabled for this bucket.",
+              "type": "boolean"
+            }
+          },
+          "type": "object"
+        },
         "iamConfiguration": {
           "description": "The bucket's IAM configuration.",
           "properties": {
@@ -4597,6 +4845,90 @@
       },
       "type": "object"
     },
+    "Folder": {
+      "description": "A folder. Only available in buckets with hierarchical namespace enabled.",
+      "id": "Folder",
+      "properties": {
+        "bucket": {
+          "description": "The name of the bucket containing this folder.",
+          "type": "string"
+        },
+        "id": {
+          "description": "The ID of the folder, including the bucket name, folder name.",
+          "type": "string"
+        },
+        "kind": {
+          "default": "storage#folder",
+          "description": "The kind of item this is. For folders, this is always storage#folder.",
+          "type": "string"
+        },
+        "metadata": {
+          "additionalProperties": {
+            "description": "An individual metadata entry.",
+            "type": "string"
+          },
+          "description": "User-provided metadata, in key/value pairs.",
+          "type": "object"
+        },
+        "metageneration": {
+          "description": "The version of the metadata for this folder. Used for preconditions and for detecting changes in metadata.",
+          "format": "int64",
+          "type": "string"
+        },
+        "name": {
+          "description": "The name of the folder. Required if not specified by URL parameter.",
+          "type": "string"
+        },
+        "pendingRenameInfo": {
+          "description": "Only present if the folder is part of an ongoing rename folder operation. Contains information which can be used to query the operation status.",
+          "properties": {
+            "operationId": {
+              "description": "The ID of the rename folder operation.",
+              "type": "string"
+            }
+          },
+          "type": "object"
+        },
+        "selfLink": {
+          "description": "The link to this folder.",
+          "type": "string"
+        },
+        "timeCreated": {
+          "description": "The creation time of the folder in RFC 3339 format.",
+          "format": "date-time",
+          "type": "string"
+        },
+        "updated": {
+          "description": "The modification time of the folder metadata in RFC 3339 format.",
+          "format": "date-time",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "Folders": {
+      "description": "A list of folders.",
+      "id": "Folders",
+      "properties": {
+        "items": {
+          "description": "The list of items.",
+          "items": {
+            "$ref": "Folder"
+          },
+          "type": "array"
+        },
+        "kind": {
+          "default": "storage#folders",
+          "description": "The kind of item this is. For lists of folders, this is always storage#folders.",
+          "type": "string"
+        },
+        "nextPageToken": {
+          "description": "The continuation token, used to page through large result sets. Provide this value in a subsequent request to return the next page of results.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "GoogleLongrunningListOperationsResponse": {
       "description": "The response message for storage.buckets.operations.list.",
       "id": "GoogleLongrunningListOperationsResponse",

vendor/google.golang.org/api/tpu/v1/tpu-gen.go

@@ -90,7 +90,9 @@ const apiId = "tpu:v1"
 const apiName = "tpu"
 const apiVersion = "v1"
 const basePath = "https://tpu.googleapis.com/"
+const basePathTemplate = "https://tpu.UNIVERSE_DOMAIN/"
 const mtlsBasePath = "https://tpu.mtls.googleapis.com/"
+const defaultUniverseDomain = "googleapis.com"
 
 // OAuth2 scopes used by this API.
 const (
@@ -107,7 +109,9 @@ func NewService(ctx context.Context, opts ...option.ClientOption) (*Service, err
 	// NOTE: prepend, so we don't override user-specified scopes.
 	opts = append([]option.ClientOption{scopesOption}, opts...)
 	opts = append(opts, internaloption.WithDefaultEndpoint(basePath))
+	opts = append(opts, internaloption.WithDefaultEndpointTemplate(basePathTemplate))
 	opts = append(opts, internaloption.WithDefaultMTLSEndpoint(mtlsBasePath))
+	opts = append(opts, internaloption.WithDefaultUniverseDomain(defaultUniverseDomain))
 	client, endpoint, err := htransport.NewClient(ctx, opts...)
 	if err != nil {
 		return nil, err

vendor/k8s.io/klog/v2/OWNERS

@@ -1,14 +1,16 @@
 # See the OWNERS docs at https://go.k8s.io/owners
 reviewers:
   - harshanarayana
+  - mengjiao-liu
   - pohly
 approvers:
   - dims
+  - pohly
   - thockin
-  - serathius
 emeritus_approvers:
   - brancz
   - justinsb
   - lavalamp
   - piosz
+  - serathius
   - tallclair

vendor/k8s.io/klog/v2/contextual_slog.go

@@ -0,0 +1,31 @@
+//go:build go1.21
+// +build go1.21
+
+/*
+Copyright 2021 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package klog
+
+import (
+	"log/slog"
+
+	"github.com/go-logr/logr"
+)
+
+// SetSlogLogger reconfigures klog to log through the slog logger. The logger must not be nil.
+func SetSlogLogger(logger *slog.Logger) {
+	SetLoggerWithOptions(logr.FromSlogHandler(logger.Handler()), ContextualLogger(true))
+}

vendor/k8s.io/klog/v2/klog.go

@@ -14,9 +14,26 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-// Package klog implements logging analogous to the Google-internal C++ INFO/ERROR/V setup.
+// Package klog contains the following functionality:
-// It provides functions Info, Warning, Error, Fatal, plus formatting variants such as
+//
-// Infof. It also provides V-style logging controlled by the -v and -vmodule=file=2 flags.
+//   - output routing as defined via command line flags ([InitFlags])
+//   - log formatting as text, either with a single, unstructured string ([Info], [Infof], etc.)
+//     or as a structured log entry with message and key/value pairs ([InfoS], etc.)
+//   - management of a go-logr [Logger] ([SetLogger], [Background], [TODO])
+//   - helper functions for logging values ([Format]) and managing the state of klog ([CaptureState], [State.Restore])
+//   - wrappers for [logr] APIs for contextual logging where the wrappers can
+//     be turned into no-ops ([EnableContextualLogging], [NewContext], [FromContext],
+//     [LoggerWithValues], [LoggerWithName]); if the ability to turn off
+//     contextual logging is not needed, then go-logr can also be used directly
+//   - type aliases for go-logr types to simplify imports in code which uses both (e.g. [Logger])
+//   - [k8s.io/klog/v2/textlogger]: a logger which uses the same formatting as klog log with
+//     simpler output routing; beware that it comes with its own command line flags
+//     and does not use the ones from klog
+//   - [k8s.io/klog/v2/ktesting]: per-test output in Go unit tests
+//   - [k8s.io/klog/v2/klogr]: a deprecated, standalone [logr.Logger] on top of the main klog package;
+//     use [Background] instead if klog output routing is needed, [k8s.io/klog/v2/textlogger] if not
+//   - [k8s.io/klog/v2/examples]: demos of this functionality
+//   - [k8s.io/klog/v2/test]: reusable tests for [logr.Logger] implementations
 //
 // Basic examples:
 //

vendor/k8s.io/klog/v2/klogr_slog.go

@@ -25,7 +25,7 @@ import (
 	"strconv"
 	"time"
 
-	"github.com/go-logr/logr/slogr"
+	"github.com/go-logr/logr"
 
 	"k8s.io/klog/v2/internal/buffer"
 	"k8s.io/klog/v2/internal/serialize"
@@ -35,7 +35,7 @@ import (
 
 func (l *klogger) Handle(ctx context.Context, record slog.Record) error {
 	if logging.logger != nil {
-		if slogSink, ok := logging.logger.GetSink().(slogr.SlogSink); ok {
+		if slogSink, ok := logging.logger.GetSink().(logr.SlogSink); ok {
 			// Let that logger do the work.
 			return slogSink.Handle(ctx, record)
 		}
@@ -77,13 +77,13 @@ func slogOutput(file string, line int, now time.Time, err error, s severity.Seve
 	buffer.PutBuffer(b)
 }
 
-func (l *klogger) WithAttrs(attrs []slog.Attr) slogr.SlogSink {
+func (l *klogger) WithAttrs(attrs []slog.Attr) logr.SlogSink {
 	clone := *l
 	clone.values = serialize.WithValues(l.values, sloghandler.Attrs2KVList(l.groups, attrs))
 	return &clone
 }
 
-func (l *klogger) WithGroup(name string) slogr.SlogSink {
+func (l *klogger) WithGroup(name string) logr.SlogSink {
 	clone := *l
 	if clone.groups != "" {
 		clone.groups += "." + name
@@ -93,4 +93,4 @@ func (l *klogger) WithGroup(name string) slogr.SlogSink {
 	return &clone
 }
 
-var _ slogr.SlogSink = &klogger{}
+var _ logr.SlogSink = &klogger{}

vendor/k8s.io/klog/v2/safeptr.go

@@ -0,0 +1,34 @@
+//go:build go1.18
+// +build go1.18
+
+/*
+Copyright 2023 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package klog
+
+// SafePtr is a function that takes a pointer of any type (T) as an argument.
+// If the provided pointer is not nil, it returns the same pointer. If it is nil, it returns nil instead.
+//
+// This function is particularly useful to prevent nil pointer dereferencing when:
+//
+//   - The type implements interfaces that are called by the logger, such as `fmt.Stringer`.
+//   - And these interface implementations do not perform nil checks themselves.
+func SafePtr[T any](p *T) any {
+	if p == nil {
+		return nil
+	}
+	return p
+}

vendor/modules.txt

@@ -97,7 +97,7 @@ github.com/aws/amazon-ec2-instance-selector/v2/pkg/instancetypes
 github.com/aws/amazon-ec2-instance-selector/v2/pkg/selector
 github.com/aws/amazon-ec2-instance-selector/v2/pkg/selector/outputs
 github.com/aws/amazon-ec2-instance-selector/v2/pkg/sorter
-# github.com/aws/aws-sdk-go v1.49.15
+# github.com/aws/aws-sdk-go v1.49.19
 ## explicit; go 1.19
 github.com/aws/aws-sdk-go/aws
 github.com/aws/aws-sdk-go/aws/arn
@@ -344,7 +344,6 @@ github.com/go-ini/ini
 ## explicit; go 1.18
 github.com/go-logr/logr
 github.com/go-logr/logr/funcr
-github.com/go-logr/logr/slogr
 # github.com/go-logr/stdr v1.2.2
 ## explicit; go 1.16
 github.com/go-logr/stdr
@@ -982,7 +981,7 @@ go.starlark.net/syntax
 # go.uber.org/multierr v1.11.0
 ## explicit; go 1.19
 go.uber.org/multierr
-# golang.org/x/crypto v0.17.0
+# golang.org/x/crypto v0.18.0
 ## explicit; go 1.18
 golang.org/x/crypto/bcrypt
 golang.org/x/crypto/blake2b
@@ -1007,7 +1006,7 @@ golang.org/x/crypto/scrypt
 golang.org/x/crypto/ssh
 golang.org/x/crypto/ssh/agent
 golang.org/x/crypto/ssh/internal/bcrypt_pbkdf
-# golang.org/x/exp v0.0.0-20240103183307-be819d1f06fc
+# golang.org/x/exp v0.0.0-20240110193028-0dcbfd608b1e
 ## explicit; go 1.20
 golang.org/x/exp/constraints
 golang.org/x/exp/maps
@@ -1020,7 +1019,7 @@ golang.org/x/exp/slog/internal/buffer
 golang.org/x/mod/internal/lazyregexp
 golang.org/x/mod/module
 golang.org/x/mod/semver
-# golang.org/x/net v0.19.0
+# golang.org/x/net v0.20.0
 ## explicit; go 1.18
 golang.org/x/net/bpf
 golang.org/x/net/html
@@ -1038,7 +1037,7 @@ golang.org/x/net/ipv4
 golang.org/x/net/ipv6
 golang.org/x/net/proxy
 golang.org/x/net/trace
-# golang.org/x/oauth2 v0.15.0
+# golang.org/x/oauth2 v0.16.0
 ## explicit; go 1.18
 golang.org/x/oauth2
 golang.org/x/oauth2/authhandler
@@ -1062,7 +1061,7 @@ golang.org/x/sys/unix
 golang.org/x/sys/windows
 golang.org/x/sys/windows/registry
 golang.org/x/sys/windows/svc/eventlog
-# golang.org/x/term v0.15.0
+# golang.org/x/term v0.16.0
 ## explicit; go 1.18
 golang.org/x/term
 # golang.org/x/text v0.14.0
@@ -1106,7 +1105,7 @@ golang.org/x/tools/internal/versions
 # gomodules.xyz/jsonpatch/v2 v2.4.0
 ## explicit; go 1.20
 gomodules.xyz/jsonpatch/v2
-# google.golang.org/api v0.155.0
+# google.golang.org/api v0.156.0
 ## explicit; go 1.19
 google.golang.org/api/cloudresourcemanager/v1
 google.golang.org/api/compute/v0.alpha
@@ -1143,10 +1142,10 @@ google.golang.org/appengine/internal/modules
 google.golang.org/appengine/internal/remote_api
 google.golang.org/appengine/internal/urlfetch
 google.golang.org/appengine/urlfetch
-# google.golang.org/genproto/googleapis/api v0.0.0-20231211222908-989df2bf70f3
+# google.golang.org/genproto/googleapis/api v0.0.0-20231212172506-995d672761c0
 ## explicit; go 1.19
 google.golang.org/genproto/googleapis/api/httpbody
-# google.golang.org/genproto/googleapis/rpc v0.0.0-20231212172506-995d672761c0
+# google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917
 ## explicit; go 1.19
 google.golang.org/genproto/googleapis/rpc/code
 google.golang.org/genproto/googleapis/rpc/errdetails
@@ -1778,7 +1777,7 @@ k8s.io/component-helpers/node/util
 # k8s.io/csi-translation-lib v0.29.0
 ## explicit; go 1.21
 k8s.io/csi-translation-lib/plugins
-# k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01
+# k8s.io/gengo v0.0.0-20240110203215-22eea95d1e7a
 ## explicit; go 1.13
 k8s.io/gengo/args
 k8s.io/gengo/generator
@@ -1788,8 +1787,8 @@ k8s.io/gengo/types
 # k8s.io/klog v1.0.0
 ## explicit; go 1.12
 k8s.io/klog
-# k8s.io/klog/v2 v2.110.1
+# k8s.io/klog/v2 v2.120.0
-## explicit; go 1.13
+## explicit; go 1.18
 k8s.io/klog/v2
 k8s.io/klog/v2/internal/buffer
 k8s.io/klog/v2/internal/clock