Update dependencies

2023-05-26 06:08:35 +00:00 · 2023-05-26 06:08:35 +00:00 · fbcc63af2a
parent bf01e499d2
commit fbcc63af2a
43 changed files with 1103 additions and 673 deletions
--- a/go.mod
+++ b/go.mod
@ -14,9 +14,9 @@ require (
 	github.com/Masterminds/sprig/v3 v3.2.3
 	github.com/apparentlymart/go-cidr v1.1.0
 	github.com/aws/amazon-ec2-instance-selector/v2 v2.4.1
-	github.com/aws/aws-sdk-go v1.44.266
+	github.com/aws/aws-sdk-go v1.44.270
 	github.com/blang/semver/v4 v4.0.0
-	github.com/cert-manager/cert-manager v1.12.0
+	github.com/cert-manager/cert-manager v1.12.1
 	github.com/digitalocean/godo v1.99.0
 	github.com/go-ini/ini v1.67.0
 	github.com/go-logr/logr v1.2.4
@ -26,14 +26,14 @@ require (
 	github.com/google/go-tpm v0.3.3
 	github.com/google/go-tpm-tools v0.3.12
 	github.com/google/uuid v1.3.0
-	github.com/gophercloud/gophercloud v1.3.0
+	github.com/gophercloud/gophercloud v1.4.0
 	github.com/hetznercloud/hcloud-go v1.45.1
 	github.com/jacksontj/memberlistmesh v0.0.0-20190905163944-93462b9d2bb7
 	github.com/mitchellh/mapstructure v1.5.0
 	github.com/pelletier/go-toml v1.9.5
 	github.com/pkg/sftp v1.13.5
 	github.com/prometheus/client_golang v1.15.1
-	github.com/scaleway/scaleway-sdk-go v1.0.0-beta.16
+	github.com/scaleway/scaleway-sdk-go v1.0.0-beta.17
 	github.com/sergi/go-diff v1.3.1
 	github.com/spf13/cobra v1.7.0
 	github.com/spf13/pflag v1.0.5
@ -43,12 +43,12 @@ require (
 	github.com/weaveworks/mesh v0.0.0-20191105120815-58dbcc3e8e63
 	go.uber.org/multierr v1.11.0
 	golang.org/x/crypto v0.9.0
-	golang.org/x/exp v0.0.0-20230519143937-03e91628a987
+	golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1
 	golang.org/x/net v0.10.0
 	golang.org/x/oauth2 v0.8.0
 	golang.org/x/sync v0.2.0
 	golang.org/x/sys v0.8.0
-	google.golang.org/api v0.123.0
+	google.golang.org/api v0.124.0
 	google.golang.org/grpc v1.55.0
 	google.golang.org/protobuf v1.30.0
 	gopkg.in/gcfg.v1 v1.2.3
@ -68,7 +68,7 @@ require (
 	k8s.io/kubelet v0.27.2
 	k8s.io/mount-utils v0.27.2
 	k8s.io/utils v0.0.0-20230505201702-9f6742963106
-	sigs.k8s.io/controller-runtime v0.15.0-beta.0
+	sigs.k8s.io/controller-runtime v0.15.0
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.3
 	sigs.k8s.io/yaml v1.3.0
 )
@ -130,7 +130,7 @@ require (
 	github.com/google/go-sev-guest v0.6.1 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/logger v1.1.1 // indirect
-	github.com/google/s2a-go v0.1.3 // indirect
+	github.com/google/s2a-go v0.1.4 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect
 	github.com/googleapis/gax-go/v2 v2.8.0 // indirect
@ -212,7 +212,7 @@ require (
 	golang.org/x/text v0.9.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
 	golang.org/x/tools v0.9.1 // indirect
-	gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
+	gomodules.xyz/jsonpatch/v2 v2.3.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
@ -224,9 +224,9 @@ require (
 	k8s.io/component-helpers v0.27.2 // indirect
 	k8s.io/csi-translation-lib v0.27.0 // indirect
 	k8s.io/klog v1.0.0 // indirect
-	k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect
+	k8s.io/kube-openapi v0.0.0-20230515203736-54b630e78af5 // indirect
 	oras.land/oras-go v1.2.3 // indirect
-	sigs.k8s.io/gateway-api v0.6.2 // indirect
+	sigs.k8s.io/gateway-api v0.7.0 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/kustomize/api v0.13.2 // indirect
 	sigs.k8s.io/kustomize/kyaml v0.14.1 // indirect
--- a/go.sum
+++ b/go.sum
@ -125,8 +125,8 @@ github.com/atotto/clipboard v0.1.4 h1:EH0zSVneZPSuFR11BlR9YppQTVDbh5+16AmcJi4g1z
 github.com/atotto/clipboard v0.1.4/go.mod h1:ZY9tmq7sm5xIbd9bOK4onWV4S6X0u6GY7Vn0Yu86PYI=
 github.com/aws/amazon-ec2-instance-selector/v2 v2.4.1 h1:DmxtwV+pkakkVRhxKcAgnLbxCxvT7k8DBG271dfKPZ8=
 github.com/aws/amazon-ec2-instance-selector/v2 v2.4.1/go.mod h1:AEJrtkLkCkfIBIazidrVrgZqaXl+9dxI/wRgjdw+7G0=
-github.com/aws/aws-sdk-go v1.44.266 h1:MWd775dcYf7NrwgcHLtlsIbWoWkX8p4vomfNHr88zH0=
+github.com/aws/aws-sdk-go v1.44.270 h1:fRdrwRVO0PpRSks/bNFXSRexA7Zm+k6pvKRpnrpAmeg=
-github.com/aws/aws-sdk-go v1.44.266/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
+github.com/aws/aws-sdk-go v1.44.270/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
@ -140,8 +140,8 @@ github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd h1:rFt+Y/IK1aEZ
 github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b h1:otBG+dV+YK+Soembjv71DPz3uX/V/6MMlSyD9JBQ6kQ=
 github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0 h1:nvj0OLI3YqYXer/kZD8Ri1aaunCxIEsOst1BVJswV0o=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/cert-manager/cert-manager v1.12.0 h1:CWIZeWop7RwFCIKgSzsxFFGcI2nvudkOICBMDY7SKuI=
+github.com/cert-manager/cert-manager v1.12.1 h1:QA8/diGdInzBRhqiyTITPC+wI9FaXbgOAAT3Dwe9KZE=
-github.com/cert-manager/cert-manager v1.12.0/go.mod h1:vRRQLs67q9PN/3SILHpiLbzuG63c4I0+q6pbppEWChs=
+github.com/cert-manager/cert-manager v1.12.1/go.mod h1:ql0msU88JCcQSceN+PFjEY8U+AMe13y06vO2klJk8bs=
 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
@ -230,7 +230,6 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.m
 github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
 github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMikGIFbs31qQ=
 github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U=
 github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww=
@ -387,8 +386,8 @@ github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLe
 github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec=
 github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
-github.com/google/s2a-go v0.1.3 h1:FAgZmpLl/SXurPEZyCMPBIiiYeTbqfjlbdnCNTAkbGE=
+github.com/google/s2a-go v0.1.4 h1:1kZ/sQM3srePvKs3tXAvQzo66XfcReoqFpIpIccE7Oc=
-github.com/google/s2a-go v0.1.3/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A=
+github.com/google/s2a-go v0.1.4/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
 github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
@ -406,8 +405,8 @@ github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0
 github.com/googleapis/gax-go/v2 v2.8.0 h1:UBtEZqx1bjXtOQ5BVTkuYghXrr3N4V123VKJK67vJZc=
 github.com/googleapis/gax-go/v2 v2.8.0/go.mod h1:4orTrqY6hXxxaUL4LHIPl6lGo8vAE38/qKbhSAKP6QI=
 github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g=
-github.com/gophercloud/gophercloud v1.3.0 h1:RUKyCMiZoQR3VlVR5E3K7PK1AC3/qppsWYo6dtBiqs8=
+github.com/gophercloud/gophercloud v1.4.0 h1:RqEu43vaX0lb0LanZr5BylK5ICVxjpFFoc0sxivyuHU=
-github.com/gophercloud/gophercloud v1.3.0/go.mod h1:aAVqcocTSXh2vYFZ1JTvx4EQmfgzxRcNupUfxZbBNDM=
+github.com/gophercloud/gophercloud v1.4.0/go.mod h1:aAVqcocTSXh2vYFZ1JTvx4EQmfgzxRcNupUfxZbBNDM=
 github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4=
 github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
 github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
@ -574,7 +573,7 @@ github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn
 github.com/oliveagle/jsonpath v0.0.0-20180606110733-2e52cf6e6852 h1:Yl0tPBa8QPjGmesFh1D0rDy+q1Twx6FyU7VWHi8wZbI=
 github.com/oliveagle/jsonpath v0.0.0-20180606110733-2e52cf6e6852/go.mod h1:eqOVx5Vwu4gd2mmMZvVZsgIqNSaW3xxRThUJ0k/TPk4=
 github.com/onsi/ginkgo/v2 v2.9.5 h1:+6Hr4uxzP4XIUyAkg61dWBw8lb/gc4/X5luuxN/EC+Q=
-github.com/onsi/gomega v1.27.6 h1:ENqfyGeS5AX/rlXDd/ETokDz93u0YufY1Pgxuy/PvWE=
+github.com/onsi/gomega v1.27.7 h1:fVih9JD6ogIiHUN6ePK7HJidyEDpWGVB5mzM7cWNXoU=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.0-rc3 h1:fzg1mXZFj8YdPeNkRXMg+zb88BFV0Ys52cJydRwBkb8=
@ -649,8 +648,8 @@ github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQD
 github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/sahilm/fuzzy v0.1.0 h1:FzWGaw2Opqyu+794ZQ9SYifWv2EIXpwP4q8dY1kDAwI=
 github.com/sahilm/fuzzy v0.1.0/go.mod h1:VFvziUEIMCrT6A6tw2RFIXPXXmzXbOsSHF0DOI8ZK9Y=
-github.com/scaleway/scaleway-sdk-go v1.0.0-beta.16 h1:Ted1/3BGV1d0c7J+69N+brveAgJNWZlWnI8iYP3dZMs=
+github.com/scaleway/scaleway-sdk-go v1.0.0-beta.17 h1:1WuWJu7/e8SqK+uQl7lfk/N/oMZTL2NE/TJsNKRNMc4=
-github.com/scaleway/scaleway-sdk-go v1.0.0-beta.16/go.mod h1:fCa7OJZ/9DRTnOKmxvT6pn+LPWUptQAmHF/SBJUGEcg=
+github.com/scaleway/scaleway-sdk-go v1.0.0-beta.17/go.mod h1:fCa7OJZ/9DRTnOKmxvT6pn+LPWUptQAmHF/SBJUGEcg=
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 h1:nn5Wsu0esKSJiIVhscUtVbo7ada43DJhG55ua/hjS5I=
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
 github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8=
@ -790,8 +789,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0
 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
 golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
-golang.org/x/exp v0.0.0-20230519143937-03e91628a987 h1:3xJIFvzUFbu4ls0BTBYcgbCGhA63eAOEMxIHugyXJqA=
+golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 h1:k/i9J1pBpvlfR+9QsetwPyERsqu1GIbi967PQMq3Ivc=
-golang.org/x/exp v0.0.0-20230519143937-03e91628a987/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w=
+golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
@ -1075,8 +1074,8 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-gomodules.xyz/jsonpatch/v2 v2.2.0 h1:4pT439QV83L+G9FkcCriY6EkpcK6r6bK+A5FBUMI7qY=
+gomodules.xyz/jsonpatch/v2 v2.3.0 h1:8NFhfS6gzxNqjLIYnZxg319wZ5Qjnx4m/CcX+Klzazc=
-gomodules.xyz/jsonpatch/v2 v2.2.0/go.mod h1:WXp+iVDkoLQqPudfQ9GBlwB2eZ5DKOnjQZCYdOS8GPY=
+gomodules.xyz/jsonpatch/v2 v2.3.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
 google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
 google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
 google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
@ -1107,8 +1106,8 @@ google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqiv
 google.golang.org/api v0.56.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE=
 google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI=
 google.golang.org/api v0.60.0/go.mod h1:d7rl65NZAkEQ90JFzqBjcRq1TVeG5ZoGV3sSpEnnVb4=
-google.golang.org/api v0.123.0 h1:yHVU//vA+qkOhm4reEC9LtzHVUCN/IqqNRl1iQ9xE20=
+google.golang.org/api v0.124.0 h1:dP6Ef1VgOGqQ8eiv4GiY8RhmeyqzovcXBYPDUYG8Syo=
-google.golang.org/api v0.123.0/go.mod h1:gcitW0lvnyWjSp9nKxAbdHKIZ6vF4aajGueeslZOyms=
+google.golang.org/api v0.124.0/go.mod h1:xu2HQurE5gi/3t1aFCvhPD781p0a3p11sdunTJ2BlP4=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
@ -1297,8 +1296,8 @@ k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
 k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
 k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg=
 k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
-k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f h1:2kWPakN3i/k81b0gvD5C5FJ2kxm1WrQFanWchyKuqGg=
+k8s.io/kube-openapi v0.0.0-20230515203736-54b630e78af5 h1:azYPdzztXxPSa8wb+hksEKayiz0o+PPisO/d+QhWnoo=
-k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f/go.mod h1:byini6yhqGC14c3ebc/QwanvYwhuMWF6yz2F8uwW8eg=
+k8s.io/kube-openapi v0.0.0-20230515203736-54b630e78af5/go.mod h1:kzo02I3kQ4BTtEfVLaPbjvCkX97YqGve33wzlb3fofQ=
 k8s.io/kubectl v0.27.2 h1:sSBM2j94MHBFRWfHIWtEXWCicViQzZsb177rNsKBhZg=
 k8s.io/kubectl v0.27.2/go.mod h1:GCOODtxPcrjh+EC611MqREkU8RjYBh10ldQCQ6zpFKw=
 k8s.io/kubelet v0.27.2 h1:vpJnBkqQjxItEhehKG0toXoZ+G+tf4UXAOqtMJy6qgc=
@ -1312,10 +1311,10 @@ oras.land/oras-go v1.2.3/go.mod h1:M/uaPdYklze0Vf3AakfarnpoEckvw0ESbRdN8Z1vdJg=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
-sigs.k8s.io/controller-runtime v0.15.0-beta.0 h1:pkhYMops8jZrVuI0kBHeF6q9UVu1JljIGGG4Ox5ZJmk=
+sigs.k8s.io/controller-runtime v0.15.0 h1:ML+5Adt3qZnMSYxZ7gAverBLNPSMQEibtzAgp0UPojU=
-sigs.k8s.io/controller-runtime v0.15.0-beta.0/go.mod h1:YUTa+du31rqOu4mJaijiuhGFax9ecCJgO/v0/yW09gE=
+sigs.k8s.io/controller-runtime v0.15.0/go.mod h1:7ngYvp1MLT+9GeZ+6lH3LOlcHkp/+tzA/fmHa4iq9kk=
-sigs.k8s.io/gateway-api v0.6.2 h1:583XHiX2M2bKEA0SAdkoxL1nY73W1+/M+IAm8LJvbEA=
+sigs.k8s.io/gateway-api v0.7.0 h1:/mG8yyJNBifqvuVLW5gwlI4CQs0NR/5q4BKUlf1bVdY=
-sigs.k8s.io/gateway-api v0.6.2/go.mod h1:EYJT+jlPWTeNskjV0JTki/03WX1cyAnBhwBJfYHpV/0=
+sigs.k8s.io/gateway-api v0.7.0/go.mod h1:Xv0+ZMxX0lu1nSSDIIPEfbVztgNZ+3cfiYrJsa2Ooso=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
 sigs.k8s.io/kustomize/api v0.13.2 h1:kejWfLeJhUsTGioDoFNJET5LQe/ajzXhJGYoU+pJsiA=
--- a/tests/e2e/go.mod
+++ b/tests/e2e/go.mod
@ -35,7 +35,7 @@ require (
 	github.com/StackExchange/wmi v1.2.1 // indirect
 	github.com/acomagu/bufpipe v1.0.3 // indirect
 	github.com/apparentlymart/go-cidr v1.1.0 // indirect
-	github.com/aws/aws-sdk-go v1.44.266 // indirect
+	github.com/aws/aws-sdk-go v1.44.270 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
@ -69,11 +69,11 @@ require (
 	github.com/google/go-github/v33 v33.0.0 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/gofuzz v1.2.1-0.20210504230335-f78f29fc09ea // indirect
-	github.com/google/s2a-go v0.1.3 // indirect
+	github.com/google/s2a-go v0.1.4 // indirect
 	github.com/google/uuid v1.3.0 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect
 	github.com/googleapis/gax-go/v2 v2.8.0 // indirect
-	github.com/gophercloud/gophercloud v1.3.0 // indirect
+	github.com/gophercloud/gophercloud v1.4.0 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/imdario/mergo v0.3.15 // indirect
@ -113,7 +113,7 @@ require (
 	go.opencensus.io v0.24.0 // indirect
 	go4.org v0.0.0-20201209231011-d4a079459e60 // indirect
 	golang.org/x/crypto v0.9.0 // indirect
-	golang.org/x/exp v0.0.0-20230519143937-03e91628a987 // indirect
+	golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 // indirect
 	golang.org/x/mod v0.10.0 // indirect
 	golang.org/x/net v0.10.0 // indirect
 	golang.org/x/oauth2 v0.8.0 // indirect
@ -124,7 +124,7 @@ require (
 	golang.org/x/time v0.3.0 // indirect
 	golang.org/x/tools v0.9.1 // indirect
 	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
-	google.golang.org/api v0.123.0 // indirect
+	google.golang.org/api v0.124.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
 	google.golang.org/grpc v1.55.0 // indirect
@ -133,7 +133,7 @@ require (
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect
+	k8s.io/kube-openapi v0.0.0-20230515203736-54b630e78af5 // indirect
 	k8s.io/release v0.7.1-0.20210204090829-09fb5e3883b8 // indirect
 	k8s.io/test-infra v0.0.0-20210730160938-8ad9b8c53bd8 // indirect
 	k8s.io/utils v0.0.0-20230505201702-9f6742963106 // indirect
--- a/tests/e2e/go.sum
+++ b/tests/e2e/go.sum
@ -306,8 +306,8 @@ github.com/aws/aws-sdk-go v1.31.6/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU
 github.com/aws/aws-sdk-go v1.31.12/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0=
 github.com/aws/aws-sdk-go v1.34.28/go.mod h1:H7NKnBqNVzoTJpGfLrQkkD+ytBA93eiDYi/+8rV9s48=
 github.com/aws/aws-sdk-go v1.37.22/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
-github.com/aws/aws-sdk-go v1.44.266 h1:MWd775dcYf7NrwgcHLtlsIbWoWkX8p4vomfNHr88zH0=
+github.com/aws/aws-sdk-go v1.44.270 h1:fRdrwRVO0PpRSks/bNFXSRexA7Zm+k6pvKRpnrpAmeg=
-github.com/aws/aws-sdk-go v1.44.266/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
+github.com/aws/aws-sdk-go v1.44.270/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
 github.com/aybabtme/rgbterm v0.0.0-20170906152045-cc83f3b3ce59/go.mod h1:q/89r3U2H7sSsE2t6Kca0lfwTK8JdoNGS/yzM/4iH5I=
 github.com/bazelbuild/buildtools v0.0.0-20190917191645-69366ca98f89/go.mod h1:5JP0TXzWDHXv8qvxRC4InIazwdyDseBDbzESUMKk1yU=
 github.com/bazelbuild/buildtools v0.0.0-20200922170545-10384511ce98/go.mod h1:5JP0TXzWDHXv8qvxRC4InIazwdyDseBDbzESUMKk1yU=
@ -1071,8 +1071,8 @@ github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLe
 github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/rpmpack v0.0.0-20191226140753-aa36bfddb3a0/go.mod h1:RaTPr0KUf2K7fnZYLNDrr8rxAamWs3iNywJLtQ2AzBg=
-github.com/google/s2a-go v0.1.3 h1:FAgZmpLl/SXurPEZyCMPBIiiYeTbqfjlbdnCNTAkbGE=
+github.com/google/s2a-go v0.1.4 h1:1kZ/sQM3srePvKs3tXAvQzo66XfcReoqFpIpIccE7Oc=
-github.com/google/s2a-go v0.1.3/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A=
+github.com/google/s2a-go v0.1.4/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
 github.com/google/subcommands v1.0.1/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk=
@ -1104,8 +1104,8 @@ github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2c
 github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97DwqyJO1AENw9kA=
 github.com/gookit/color v1.2.4/go.mod h1:AhIE+pS6D4Ql0SQWbBeXPHw7gY0/sjHoA4s/n1KB7xg=
 github.com/gophercloud/gophercloud v0.1.0/go.mod h1:vxM41WHh5uqHVBMZHzuwNOHh8XEoIEcSTewFxm1c5g8=
-github.com/gophercloud/gophercloud v1.3.0 h1:RUKyCMiZoQR3VlVR5E3K7PK1AC3/qppsWYo6dtBiqs8=
+github.com/gophercloud/gophercloud v1.4.0 h1:RqEu43vaX0lb0LanZr5BylK5ICVxjpFFoc0sxivyuHU=
-github.com/gophercloud/gophercloud v1.3.0/go.mod h1:aAVqcocTSXh2vYFZ1JTvx4EQmfgzxRcNupUfxZbBNDM=
+github.com/gophercloud/gophercloud v1.4.0/go.mod h1:aAVqcocTSXh2vYFZ1JTvx4EQmfgzxRcNupUfxZbBNDM=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/goreleaser/goreleaser v0.136.0/go.mod h1:wiKrPUeSNh6Wu8nUHxZydSOVQ/OZvOaO7DTtFqie904=
 github.com/goreleaser/nfpm v1.2.1/go.mod h1:TtWrABZozuLOttX2uDlYyECfQX7x5XYkVxhjYcR6G9w=
@ -2094,8 +2094,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0
 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
 golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
-golang.org/x/exp v0.0.0-20230519143937-03e91628a987 h1:3xJIFvzUFbu4ls0BTBYcgbCGhA63eAOEMxIHugyXJqA=
+golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 h1:k/i9J1pBpvlfR+9QsetwPyERsqu1GIbi967PQMq3Ivc=
-golang.org/x/exp v0.0.0-20230519143937-03e91628a987/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w=
+golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
@ -2593,8 +2593,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR
 google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU=
 google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94=
 google.golang.org/api v0.44.0/go.mod h1:EBOGZqzyhtvMDoxwS97ctnh0zUmYY6CxqXsc1AvkYD8=
-google.golang.org/api v0.123.0 h1:yHVU//vA+qkOhm4reEC9LtzHVUCN/IqqNRl1iQ9xE20=
+google.golang.org/api v0.124.0 h1:dP6Ef1VgOGqQ8eiv4GiY8RhmeyqzovcXBYPDUYG8Syo=
-google.golang.org/api v0.123.0/go.mod h1:gcitW0lvnyWjSp9nKxAbdHKIZ6vF4aajGueeslZOyms=
+google.golang.org/api v0.124.0/go.mod h1:xu2HQurE5gi/3t1aFCvhPD781p0a3p11sdunTJ2BlP4=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
@ -2960,8 +2960,8 @@ k8s.io/kube-openapi v0.0.0-20210305001622-591a79e4bda7/go.mod h1:wXW5VT87nVfh/iL
 k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw=
 k8s.io/kube-openapi v0.0.0-20211109043538-20434351676c/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw=
 k8s.io/kube-openapi v0.0.0-20220328201542-3ee0da9b0b42/go.mod h1:Z/45zLw8lUo4wdiUkI+v/ImEGAvu3WatcZl3lPMR4Rk=
-k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f h1:2kWPakN3i/k81b0gvD5C5FJ2kxm1WrQFanWchyKuqGg=
+k8s.io/kube-openapi v0.0.0-20230515203736-54b630e78af5 h1:azYPdzztXxPSa8wb+hksEKayiz0o+PPisO/d+QhWnoo=
-k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f/go.mod h1:byini6yhqGC14c3ebc/QwanvYwhuMWF6yz2F8uwW8eg=
+k8s.io/kube-openapi v0.0.0-20230515203736-54b630e78af5/go.mod h1:kzo02I3kQ4BTtEfVLaPbjvCkX97YqGve33wzlb3fofQ=
 k8s.io/kubectl v0.17.2/go.mod h1:y4rfLV0n6aPmvbRCqZQjvOp3ezxsFgpqL+zF5jH/lxk=
 k8s.io/kubernetes v1.11.10/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk=
 k8s.io/kubernetes v1.13.0/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk=
--- a/vendor/github.com/aws/aws-sdk-go/aws/config.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/config.go
@ -252,8 +252,19 @@ type Config struct {
 	// and specify a Retryer instead.
 	SleepDelay func(time.Duration)
-	// Deprecated: This setting no longer has any effect.
+	// DisableRestProtocolURICleaning will not clean the URL path when making rest protocol requests.
-	// RESTful paths are no longer cleaned after request serialization.
+	// Will default to false. This would only be used for empty directory names in s3 requests.
 	//
 	// Example:
 	//    sess := session.Must(session.NewSession(&aws.Config{
 	//         DisableRestProtocolURICleaning: aws.Bool(true),
 	//    }))
 	//
 	//    svc := s3.New(sess)
 	//    out, err := svc.GetObject(&s3.GetObjectInput {
 	//    	Bucket: aws.String("bucketname"),
 	//    	Key: aws.String("//foo//bar//moo"),
 	//    })
 	DisableRestProtocolURICleaning *bool
 	// EnableEndpointDiscovery will allow for endpoint discovery on operations that
@ -486,8 +497,8 @@ func (c *Config) WithLowerCaseHeaderMaps(t bool) *Config {
 	return c
 }
-// Deprecated: This setting no longer has any effect.
+// WithDisableRestProtocolURICleaning sets a config DisableRestProtocolURICleaning value
-// RESTful paths are no longer cleaned after request serialization.
+// returning a Config pointer for chaining.
 func (c *Config) WithDisableRestProtocolURICleaning(t bool) *Config {
 	c.DisableRestProtocolURICleaning = &t
 	return c
--- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
@ -5286,6 +5286,9 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "ap-southeast-3",
 				}: endpoint{},
 				endpointKey{
 					Region: "ap-southeast-4",
 				}: endpoint{},
 				endpointKey{
 					Region: "ca-central-1",
 				}: endpoint{},
@ -6100,6 +6103,15 @@ var awsPartition = partition{
 					},
 					Deprecated: boxedTrue,
 				},
 				endpointKey{
 					Region: "fips-us-west-1",
 				}: endpoint{
 					Hostname: "cognito-identity-fips.us-west-1.amazonaws.com",
 					CredentialScope: credentialScope{
 						Region: "us-west-1",
 					},
 					Deprecated: boxedTrue,
 				},
 				endpointKey{
 					Region: "fips-us-west-2",
 				}: endpoint{
@ -6136,6 +6148,12 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "us-west-1",
 				}: endpoint{},
 				endpointKey{
 					Region:  "us-west-1",
 					Variant: fipsVariant,
 				}: endpoint{
 					Hostname: "cognito-identity-fips.us-west-1.amazonaws.com",
 				},
 				endpointKey{
 					Region: "us-west-2",
 				}: endpoint{},
@ -7589,6 +7607,9 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "ap-southeast-3",
 				}: endpoint{},
 				endpointKey{
 					Region: "ap-southeast-4",
 				}: endpoint{},
 				endpointKey{
 					Region: "ca-central-1",
 				}: endpoint{},
@ -11634,6 +11655,9 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "ap-southeast-3",
 				}: endpoint{},
 				endpointKey{
 					Region: "ap-southeast-4",
 				}: endpoint{},
 				endpointKey{
 					Region: "ca-central-1",
 				}: endpoint{},
@ -12139,6 +12163,9 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "ap-southeast-3",
 				}: endpoint{},
 				endpointKey{
 					Region: "ap-southeast-4",
 				}: endpoint{},
 				endpointKey{
 					Region: "ca-central-1",
 				}: endpoint{},
@ -13853,13 +13880,6 @@ var awsPartition = partition{
 			},
 		},
 		"iot": service{
 			Defaults: endpointDefaults{
 				defaultKey{}: endpoint{
 					CredentialScope: credentialScope{
 						Service: "execute-api",
 					},
 				},
 			},
 			Endpoints: serviceEndpoints{
 				endpointKey{
 					Region: "ap-east-1",
@ -13907,45 +13927,35 @@ var awsPartition = partition{
 					Region: "fips-ca-central-1",
 				}: endpoint{
 					Hostname: "iot-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
+
 						Service: "execute-api",
 					},
 					Deprecated: boxedTrue,
 				},
 				endpointKey{
 					Region: "fips-us-east-1",
 				}: endpoint{
 					Hostname: "iot-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
+
 						Service: "execute-api",
 					},
 					Deprecated: boxedTrue,
 				},
 				endpointKey{
 					Region: "fips-us-east-2",
 				}: endpoint{
 					Hostname: "iot-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
+
 						Service: "execute-api",
 					},
 					Deprecated: boxedTrue,
 				},
 				endpointKey{
 					Region: "fips-us-west-1",
 				}: endpoint{
 					Hostname: "iot-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
+
 						Service: "execute-api",
 					},
 					Deprecated: boxedTrue,
 				},
 				endpointKey{
 					Region: "fips-us-west-2",
 				}: endpoint{
 					Hostname: "iot-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
+
 						Service: "execute-api",
 					},
 					Deprecated: boxedTrue,
 				},
 				endpointKey{
@ -17797,6 +17807,55 @@ var awsPartition = partition{
 				}: endpoint{},
 			},
 		},
 		"mediapackagev2": service{
 			Endpoints: serviceEndpoints{
 				endpointKey{
 					Region: "ap-northeast-1",
 				}: endpoint{},
 				endpointKey{
 					Region: "ap-northeast-2",
 				}: endpoint{},
 				endpointKey{
 					Region: "ap-south-1",
 				}: endpoint{},
 				endpointKey{
 					Region: "ap-southeast-1",
 				}: endpoint{},
 				endpointKey{
 					Region: "ap-southeast-2",
 				}: endpoint{},
 				endpointKey{
 					Region: "eu-central-1",
 				}: endpoint{},
 				endpointKey{
 					Region: "eu-north-1",
 				}: endpoint{},
 				endpointKey{
 					Region: "eu-west-1",
 				}: endpoint{},
 				endpointKey{
 					Region: "eu-west-2",
 				}: endpoint{},
 				endpointKey{
 					Region: "eu-west-3",
 				}: endpoint{},
 				endpointKey{
 					Region: "sa-east-1",
 				}: endpoint{},
 				endpointKey{
 					Region: "us-east-1",
 				}: endpoint{},
 				endpointKey{
 					Region: "us-east-2",
 				}: endpoint{},
 				endpointKey{
 					Region: "us-west-1",
 				}: endpoint{},
 				endpointKey{
 					Region: "us-west-2",
 				}: endpoint{},
 			},
 		},
 		"mediastore": service{
 			Endpoints: serviceEndpoints{
 				endpointKey{
@ -22667,6 +22726,9 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "ap-southeast-3",
 				}: endpoint{},
 				endpointKey{
 					Region: "ap-southeast-4",
 				}: endpoint{},
 				endpointKey{
 					Region: "ca-central-1",
 				}: endpoint{},
@ -27946,12 +28008,21 @@ var awsPartition = partition{
 		},
 		"transcribestreaming": service{
 			Endpoints: serviceEndpoints{
 				endpointKey{
 					Region: "af-south-1",
 				}: endpoint{},
 				endpointKey{
 					Region: "ap-northeast-1",
 				}: endpoint{},
 				endpointKey{
 					Region: "ap-northeast-2",
 				}: endpoint{},
 				endpointKey{
 					Region: "ap-south-1",
 				}: endpoint{},
 				endpointKey{
 					Region: "ap-southeast-1",
 				}: endpoint{},
 				endpointKey{
 					Region: "ap-southeast-2",
 				}: endpoint{},
@ -31387,13 +31458,6 @@ var awscnPartition = partition{
 			},
 		},
 		"iot": service{
 			Defaults: endpointDefaults{
 				defaultKey{}: endpoint{
 					CredentialScope: credentialScope{
 						Service: "execute-api",
 					},
 				},
 			},
 			Endpoints: serviceEndpoints{
 				endpointKey{
 					Region: "cn-north-1",
@ -35300,30 +35364,19 @@ var awsusgovPartition = partition{
 			},
 		},
 		"iot": service{
 			Defaults: endpointDefaults{
 				defaultKey{}: endpoint{
 					CredentialScope: credentialScope{
 						Service: "execute-api",
 					},
 				},
 			},
 			Endpoints: serviceEndpoints{
 				endpointKey{
 					Region: "fips-us-gov-east-1",
 				}: endpoint{
 					Hostname: "iot-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
+
 						Service: "execute-api",
 					},
 					Deprecated: boxedTrue,
 				},
 				endpointKey{
 					Region: "fips-us-gov-west-1",
 				}: endpoint{
 					Hostname: "iot-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
+
 						Service: "execute-api",
 					},
 					Deprecated: boxedTrue,
 				},
 				endpointKey{
--- a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go
@ -3,7 +3,7 @@
 // Provides request signing for request that need to be signed with
 // AWS V4 Signatures.
 //
-// Standalone Signer
+// # Standalone Signer
 //
 // Generally using the signer outside of the SDK should not require any additional
 // logic when using Go v1.5 or higher. The signer does this by taking advantage
@ -14,10 +14,10 @@
 // The signer will first check the URL.Opaque field, and use its value if set.
 // The signer does require the URL.Opaque field to be set in the form of:
 //
-//     "//<hostname>/<path>"
+//	"//<hostname>/<path>"
 //
-//     // e.g.
+//	// e.g.
-//     "//example.com/some/path"
+//	"//example.com/some/path"
 //
 // The leading "//" and hostname are required or the URL.Opaque escaping will
 // not work correctly.
@ -695,7 +695,8 @@ func (ctx *signingCtx) buildBodyDigest() error {
 		includeSHA256Header := ctx.unsignedPayload ||
 			ctx.ServiceName == "s3" ||
 			ctx.ServiceName == "s3-object-lambda" ||
-			ctx.ServiceName == "glacier"
+			ctx.ServiceName == "glacier" ||
 			ctx.ServiceName == "s3-outposts"
 		s3Presign := ctx.isPresign &&
 			(ctx.ServiceName == "s3" ||
--- a/vendor/github.com/aws/aws-sdk-go/aws/version.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/version.go
@ -5,4 +5,4 @@ package aws
 const SDKName = "aws-sdk-go"
 // SDKVersion is the version of this SDK
-const SDKVersion = "1.44.266"
+const SDKVersion = "1.44.270"
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go
@ -9,6 +9,7 @@ import (
 	"math"
 	"net/http"
 	"net/url"
 	"path"
 	"reflect"
 	"strconv"
 	"strings"
@ -133,6 +134,9 @@ func buildLocationElements(r *request.Request, v reflect.Value, buildGETQuery bo
 	}
 	r.HTTPRequest.URL.RawQuery = query.Encode()
 	if !aws.BoolValue(r.Config.DisableRestProtocolURICleaning) {
 		cleanPath(r.HTTPRequest.URL)
 	}
 }
 func buildBody(r *request.Request, v reflect.Value) {
@ -240,6 +244,19 @@ func buildQueryString(query url.Values, v reflect.Value, name string, tag reflec
 	return nil
 }
 func cleanPath(u *url.URL) {
 	hasSlash := strings.HasSuffix(u.Path, "/")
 	// clean up path, removing duplicate `/`
 	u.Path = path.Clean(u.Path)
 	u.RawPath = path.Clean(u.RawPath)
 	if hasSlash && !strings.HasSuffix(u.Path, "/") {
 		u.Path += "/"
 		u.RawPath += "/"
 	}
 }
 // EscapePath escapes part of a URL path in Amazon style
 func EscapePath(path string, encodeSep bool) string {
 	var buf bytes.Buffer
--- a/vendor/github.com/cert-manager/cert-manager/LICENSES
+++ b/vendor/github.com/cert-manager/cert-manager/LICENSES
@ -41,7 +41,7 @@ github.com/go-asn1-ber/asn1-ber,https://github.com/go-asn1-ber/asn1-ber/blob/v1.
 github.com/go-ldap/ldap/v3,https://github.com/go-ldap/ldap/blob/v3.4.4/v3/LICENSE,MIT
 github.com/go-logr/logr,https://github.com/go-logr/logr/blob/v1.2.4/LICENSE,Apache-2.0
 github.com/go-logr/stdr,https://github.com/go-logr/stdr/blob/v1.2.2/LICENSE,Apache-2.0
-github.com/go-logr/zapr,https://github.com/go-logr/zapr/blob/v1.2.3/LICENSE,Apache-2.0
+github.com/go-logr/zapr,https://github.com/go-logr/zapr/blob/v1.2.4/LICENSE,Apache-2.0
 github.com/go-openapi/jsonpointer,https://github.com/go-openapi/jsonpointer/blob/v0.19.6/LICENSE,Apache-2.0
 github.com/go-openapi/jsonreference,https://github.com/go-openapi/jsonreference/blob/v0.20.1/LICENSE,Apache-2.0
 github.com/go-openapi/swag,https://github.com/go-openapi/swag/blob/v0.22.3/LICENSE,Apache-2.0
@ -86,8 +86,8 @@ github.com/moby/spdystream,https://github.com/moby/spdystream/blob/v0.2.0/LICENS
 github.com/modern-go/concurrent,https://github.com/modern-go/concurrent/blob/bacd9c7ef1dd/LICENSE,Apache-2.0
 github.com/modern-go/reflect2,https://github.com/modern-go/reflect2/blob/v1.0.2/LICENSE,Apache-2.0
 github.com/munnerz/goautoneg,https://github.com/munnerz/goautoneg/blob/a7dc8b61c822/LICENSE,BSD-3-Clause
-github.com/onsi/ginkgo/v2,https://github.com/onsi/ginkgo/blob/v2.9.4/LICENSE,MIT
+github.com/onsi/ginkgo/v2,https://github.com/onsi/ginkgo/blob/v2.9.5/LICENSE,MIT
-github.com/onsi/gomega,https://github.com/onsi/gomega/blob/v1.27.6/LICENSE,MIT
+github.com/onsi/gomega,https://github.com/onsi/gomega/blob/v1.27.7/LICENSE,MIT
 github.com/patrickmn/go-cache,https://github.com/patrickmn/go-cache/blob/v2.1.0/LICENSE,MIT
 github.com/pavlo-v-chernykh/keystore-go/v4,https://github.com/pavlo-v-chernykh/keystore-go/blob/v4.4.1/LICENSE,MIT
 github.com/pierrec/lz4,https://github.com/pierrec/lz4/blob/v2.5.2/LICENSE,BSD-3-Clause
@ -122,14 +122,14 @@ go.uber.org/atomic,https://github.com/uber-go/atomic/blob/v1.9.0/LICENSE.txt,MIT
 go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.6.0/LICENSE.txt,MIT
 go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.24.0/LICENSE.txt,MIT
 golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.6.0:LICENSE,BSD-3-Clause
-golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.9.0:LICENSE,BSD-3-Clause
+golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.10.0:LICENSE,BSD-3-Clause
 golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.5.0:LICENSE,BSD-3-Clause
-golang.org/x/sync,https://cs.opensource.google/go/x/sync/+/v0.1.0:LICENSE,BSD-3-Clause
+golang.org/x/sync,https://cs.opensource.google/go/x/sync/+/v0.2.0:LICENSE,BSD-3-Clause
 golang.org/x/sys,https://cs.opensource.google/go/x/sys/+/v0.8.0:LICENSE,BSD-3-Clause
-golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.7.0:LICENSE,BSD-3-Clause
+golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.8.0:LICENSE,BSD-3-Clause
 golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.9.0:LICENSE,BSD-3-Clause
 golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.3.0:LICENSE,BSD-3-Clause
-gomodules.xyz/jsonpatch/v2,https://github.com/gomodules/jsonpatch/blob/v2.2.0/v2/LICENSE,Apache-2.0
+gomodules.xyz/jsonpatch/v2,https://github.com/gomodules/jsonpatch/blob/v2.3.0/v2/LICENSE,Apache-2.0
 google.golang.org/api,https://github.com/googleapis/google-api-go-client/blob/v0.111.0/LICENSE,BSD-3-Clause
 google.golang.org/api/internal/third_party/uritemplates,https://github.com/googleapis/google-api-go-client/blob/v0.111.0/internal/third_party/uritemplates/LICENSE,BSD-3-Clause
 google.golang.org/genproto,https://github.com/googleapis/go-genproto/blob/7f2fa6fef1f4/LICENSE,Apache-2.0
@ -142,26 +142,26 @@ gopkg.in/square/go-jose.v2,https://github.com/square/go-jose/blob/v2.6.0/LICENSE
 gopkg.in/square/go-jose.v2/json,https://github.com/square/go-jose/blob/v2.6.0/json/LICENSE,BSD-3-Clause
 gopkg.in/yaml.v2,https://github.com/go-yaml/yaml/blob/v2.4.0/LICENSE,Apache-2.0
 gopkg.in/yaml.v3,https://github.com/go-yaml/yaml/blob/v3.0.1/LICENSE,MIT
-k8s.io/api,https://github.com/kubernetes/api/blob/v0.27.1/LICENSE,Apache-2.0
+k8s.io/api,https://github.com/kubernetes/api/blob/v0.27.2/LICENSE,Apache-2.0
-k8s.io/apiextensions-apiserver/pkg,https://github.com/kubernetes/apiextensions-apiserver/blob/v0.27.1/LICENSE,Apache-2.0
+k8s.io/apiextensions-apiserver/pkg,https://github.com/kubernetes/apiextensions-apiserver/blob/v0.27.2/LICENSE,Apache-2.0
-k8s.io/apimachinery/pkg,https://github.com/kubernetes/apimachinery/blob/v0.27.1/LICENSE,Apache-2.0
+k8s.io/apimachinery/pkg,https://github.com/kubernetes/apimachinery/blob/v0.27.2/LICENSE,Apache-2.0
-k8s.io/apimachinery/third_party/forked/golang,https://github.com/kubernetes/apimachinery/blob/v0.27.1/third_party/forked/golang/LICENSE,BSD-3-Clause
+k8s.io/apimachinery/third_party/forked/golang,https://github.com/kubernetes/apimachinery/blob/v0.27.2/third_party/forked/golang/LICENSE,BSD-3-Clause
-k8s.io/apiserver,https://github.com/kubernetes/apiserver/blob/v0.27.1/LICENSE,Apache-2.0
+k8s.io/apiserver,https://github.com/kubernetes/apiserver/blob/v0.27.2/LICENSE,Apache-2.0
-k8s.io/client-go,https://github.com/kubernetes/client-go/blob/v0.27.1/LICENSE,Apache-2.0
+k8s.io/client-go,https://github.com/kubernetes/client-go/blob/v0.27.2/LICENSE,Apache-2.0
-k8s.io/component-base,https://github.com/kubernetes/component-base/blob/v0.27.1/LICENSE,Apache-2.0
+k8s.io/component-base,https://github.com/kubernetes/component-base/blob/v0.27.2/LICENSE,Apache-2.0
-k8s.io/klog/v2,https://github.com/kubernetes/klog/blob/v2.90.1/LICENSE,Apache-2.0
+k8s.io/klog/v2,https://github.com/kubernetes/klog/blob/v2.100.1/LICENSE,Apache-2.0
-k8s.io/kms,https://github.com/kubernetes/kms/blob/v0.27.1/LICENSE,Apache-2.0
+k8s.io/kms,https://github.com/kubernetes/kms/blob/v0.27.2/LICENSE,Apache-2.0
-k8s.io/kube-aggregator/pkg/apis/apiregistration,https://github.com/kubernetes/kube-aggregator/blob/v0.27.1/LICENSE,Apache-2.0
+k8s.io/kube-aggregator/pkg/apis/apiregistration,https://github.com/kubernetes/kube-aggregator/blob/v0.27.2/LICENSE,Apache-2.0
-k8s.io/kube-openapi/pkg,https://github.com/kubernetes/kube-openapi/blob/15aac26d736a/LICENSE,Apache-2.0
+k8s.io/kube-openapi/pkg,https://github.com/kubernetes/kube-openapi/blob/54b630e78af5/LICENSE,Apache-2.0
-k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json,https://github.com/kubernetes/kube-openapi/blob/15aac26d736a/pkg/internal/third_party/go-json-experiment/json/LICENSE,BSD-3-Clause
+k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json,https://github.com/kubernetes/kube-openapi/blob/54b630e78af5/pkg/internal/third_party/go-json-experiment/json/LICENSE,BSD-3-Clause
-k8s.io/kube-openapi/pkg/validation/errors,https://github.com/kubernetes/kube-openapi/blob/15aac26d736a/pkg/validation/errors/LICENSE,Apache-2.0
+k8s.io/kube-openapi/pkg/validation/errors,https://github.com/kubernetes/kube-openapi/blob/54b630e78af5/pkg/validation/errors/LICENSE,Apache-2.0
-k8s.io/kube-openapi/pkg/validation/spec,https://github.com/kubernetes/kube-openapi/blob/15aac26d736a/pkg/validation/spec/LICENSE,Apache-2.0
+k8s.io/kube-openapi/pkg/validation/spec,https://github.com/kubernetes/kube-openapi/blob/54b630e78af5/pkg/validation/spec/LICENSE,Apache-2.0
-k8s.io/kube-openapi/pkg/validation/strfmt,https://github.com/kubernetes/kube-openapi/blob/15aac26d736a/pkg/validation/strfmt/LICENSE,Apache-2.0
+k8s.io/kube-openapi/pkg/validation/strfmt,https://github.com/kubernetes/kube-openapi/blob/54b630e78af5/pkg/validation/strfmt/LICENSE,Apache-2.0
-k8s.io/utils,https://github.com/kubernetes/utils/blob/d93618cff8a2/LICENSE,Apache-2.0
+k8s.io/utils,https://github.com/kubernetes/utils/blob/9f6742963106/LICENSE,Apache-2.0
-k8s.io/utils/internal/third_party/forked/golang,https://github.com/kubernetes/utils/blob/d93618cff8a2/internal/third_party/forked/golang/LICENSE,BSD-3-Clause
+k8s.io/utils/internal/third_party/forked/golang,https://github.com/kubernetes/utils/blob/9f6742963106/internal/third_party/forked/golang/LICENSE,BSD-3-Clause
-sigs.k8s.io/apiserver-network-proxy/konnectivity-client,https://github.com/kubernetes-sigs/apiserver-network-proxy/blob/konnectivity-client/v0.1.1/konnectivity-client/LICENSE,Apache-2.0
+sigs.k8s.io/apiserver-network-proxy/konnectivity-client,https://github.com/kubernetes-sigs/apiserver-network-proxy/blob/konnectivity-client/v0.1.2/konnectivity-client/LICENSE,Apache-2.0
-sigs.k8s.io/controller-runtime,https://github.com/kubernetes-sigs/controller-runtime/blob/c2e3d6d6350e/LICENSE,Apache-2.0
+sigs.k8s.io/controller-runtime,https://github.com/kubernetes-sigs/controller-runtime/blob/v0.15.0/LICENSE,Apache-2.0
-sigs.k8s.io/gateway-api,https://github.com/kubernetes-sigs/gateway-api/blob/v0.6.2/LICENSE,Apache-2.0
+sigs.k8s.io/gateway-api,https://github.com/kubernetes-sigs/gateway-api/blob/v0.7.0/LICENSE,Apache-2.0
 sigs.k8s.io/json,https://github.com/kubernetes-sigs/json/blob/bc3834ca7abd/LICENSE,Apache-2.0
 sigs.k8s.io/structured-merge-diff/v4,https://github.com/kubernetes-sigs/structured-merge-diff/blob/v4.2.3/LICENSE,Apache-2.0
 sigs.k8s.io/yaml,https://github.com/kubernetes-sigs/yaml/blob/v1.3.0/LICENSE,MIT
--- a/vendor/github.com/google/s2a-go/internal/handshaker/service/service.go
+++ b/vendor/github.com/google/s2a-go/internal/handshaker/service/service.go
@ -21,8 +21,9 @@ package service
 import (
 	"context"
 	"flag"
 	"net"
 	"os"
 	"strings"
 	"sync"
 	"time"
@ -32,10 +33,10 @@ import (
 	"google.golang.org/grpc/grpclog"
 )
 // An environment variable, if true, opportunistically use AppEngine-specific dialer to call S2A.
 const enableAppEngineDialerEnv = "S2A_ENABLE_APP_ENGINE_DIALER"
 var (
 	// enableAppEngineDialer indicates whether an AppEngine-specific dial option
 	// should be used.
 	enableAppEngineDialer bool
 	// appEngineDialerHook is an AppEngine-specific dial option that is set
 	// during init time. If nil, then the application is not running on Google
 	// AppEngine.
@ -50,7 +51,6 @@ var (
 )
 func init() {
 	flag.BoolVar(&enableAppEngineDialer, "s2a_enable_appengine_dialer", false, "If true, opportunistically use AppEngine-specific dialer to call S2A.")
 	if !appengine.IsAppEngine() && !appengine.IsDevAppServer() {
 		return
 	}
@ -75,7 +75,7 @@ func Dial(handshakerServiceAddress string) (*grpc.ClientConn, error) {
 		grpcOpts := []grpc.DialOption{
 			grpc.WithInsecure(),
 		}
-		if enableAppEngineDialer && appEngineDialerHook != nil {
+		if enableAppEngineDialer() && appEngineDialerHook != nil {
 			if grpclog.V(1) {
 				grpclog.Info("Using AppEngine-specific dialer to talk to S2A.")
 			}
@ -90,3 +90,10 @@ func Dial(handshakerServiceAddress string) (*grpc.ClientConn, error) {
 	}
 	return hsConn, nil
 }
 func enableAppEngineDialer() bool {
 	if strings.ToLower(os.Getenv(enableAppEngineDialerEnv)) == "true" {
 		return true
 	}
 	return false
 }
--- a/vendor/github.com/google/s2a-go/internal/proto/v2/s2a_go_proto/s2a.pb.go
+++ b/vendor/github.com/google/s2a-go/internal/proto/v2/s2a_go_proto/s2a.pb.go
@ -1727,6 +1727,8 @@ type ValidatePeerCertificateChainReq_ServerPeer struct {
 	CertificateChain [][]byte `protobuf:"bytes,1,rep,name=certificate_chain,json=certificateChain,proto3" json:"certificate_chain,omitempty"`
 	// The expected hostname of the server.
 	ServerHostname string `protobuf:"bytes,2,opt,name=server_hostname,json=serverHostname,proto3" json:"server_hostname,omitempty"`
 	// The UnrestrictedClientPolicy specified by the user.
 	SerializedUnrestrictedClientPolicy []byte `protobuf:"bytes,3,opt,name=serialized_unrestricted_client_policy,json=serializedUnrestrictedClientPolicy,proto3" json:"serialized_unrestricted_client_policy,omitempty"`
 }
 func (x *ValidatePeerCertificateChainReq_ServerPeer) Reset() {
@ -1775,6 +1777,13 @@ func (x *ValidatePeerCertificateChainReq_ServerPeer) GetServerHostname() string
 	return ""
 }
 func (x *ValidatePeerCertificateChainReq_ServerPeer) GetSerializedUnrestrictedClientPolicy() []byte {
 	if x != nil {
 		return x.SerializedUnrestrictedClientPolicy
 	}
 	return nil
 }
 var File_internal_proto_v2_s2a_s2a_proto protoreflect.FileDescriptor
 var file_internal_proto_v2_s2a_s2a_proto_rawDesc = []byte{
@ -1960,7 +1969,7 @@ var file_internal_proto_v2_s2a_s2a_proto_rawDesc = []byte{
 	0x61, 0x64, 0x52, 0x65, 0x73, 0x75, 0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x4f,
 	0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x12, 0x1b, 0x0a, 0x09,
 	0x6f, 0x75, 0x74, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52,
-	0x08, 0x6f, 0x75, 0x74, 0x42, 0x79, 0x74, 0x65, 0x73, 0x22, 0xa4, 0x04, 0x0a, 0x1f, 0x56, 0x61,
+	0x08, 0x6f, 0x75, 0x74, 0x42, 0x79, 0x74, 0x65, 0x73, 0x22, 0xf8, 0x04, 0x0a, 0x1f, 0x56, 0x61,
 	0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x50, 0x65, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66,
 	0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x52, 0x65, 0x71, 0x12, 0x52, 0x0a,
 	0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x3e, 0x2e, 0x73, 0x32,
@ -1983,151 +1992,156 @@ var file_internal_proto_v2_s2a_s2a_proto_rawDesc = []byte{
 	0x6c, 0x69, 0x65, 0x6e, 0x74, 0x50, 0x65, 0x65, 0x72, 0x12, 0x2b, 0x0a, 0x11, 0x63, 0x65, 0x72,
 	0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x18, 0x01,
 	0x20, 0x03, 0x28, 0x0c, 0x52, 0x10, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74,
-	0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x1a, 0x62, 0x0a, 0x0a, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72,
+	0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x1a, 0xb5, 0x01, 0x0a, 0x0a, 0x53, 0x65, 0x72, 0x76, 0x65,
-	0x50, 0x65, 0x65, 0x72, 0x12, 0x2b, 0x0a, 0x11, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
+	0x72, 0x50, 0x65, 0x65, 0x72, 0x12, 0x2b, 0x0a, 0x11, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
-	0x61, 0x74, 0x65, 0x5f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0c, 0x52,
+	0x63, 0x61, 0x74, 0x65, 0x5f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0c,
-	0x10, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x69,
+	0x52, 0x10, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61,
-	0x6e, 0x12, 0x27, 0x0a, 0x0f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x68, 0x6f, 0x73, 0x74,
+	0x69, 0x6e, 0x12, 0x27, 0x0a, 0x0f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x68, 0x6f, 0x73,
-	0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x73, 0x65, 0x72, 0x76,
+	0x74, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x73, 0x65, 0x72,
-	0x65, 0x72, 0x48, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0x46, 0x0a, 0x10, 0x56, 0x65,
+	0x76, 0x65, 0x72, 0x48, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x51, 0x0a, 0x25, 0x73,
-	0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x0f,
+	0x65, 0x72, 0x69, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x64, 0x5f, 0x75, 0x6e, 0x72, 0x65, 0x73, 0x74,
-	0x0a, 0x0b, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12,
+	0x72, 0x69, 0x63, 0x74, 0x65, 0x64, 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x70, 0x6f,
-	0x0a, 0x0a, 0x06, 0x53, 0x50, 0x49, 0x46, 0x46, 0x45, 0x10, 0x01, 0x12, 0x15, 0x0a, 0x11, 0x43,
+	0x6c, 0x69, 0x63, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x22, 0x73, 0x65, 0x72, 0x69,
-	0x4f, 0x4e, 0x4e, 0x45, 0x43, 0x54, 0x5f, 0x54, 0x4f, 0x5f, 0x47, 0x4f, 0x4f, 0x47, 0x4c, 0x45,
+	0x61, 0x6c, 0x69, 0x7a, 0x65, 0x64, 0x55, 0x6e, 0x72, 0x65, 0x73, 0x74, 0x72, 0x69, 0x63, 0x74,
-	0x10, 0x02, 0x42, 0x0c, 0x0a, 0x0a, 0x70, 0x65, 0x65, 0x72, 0x5f, 0x6f, 0x6e, 0x65, 0x6f, 0x66,
+	0x65, 0x64, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x22, 0x46,
-	0x22, 0xb2, 0x02, 0x0a, 0x20, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x50, 0x65, 0x65,
+	0x0a, 0x10, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x6f,
-	0x72, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x69,
+	0x64, 0x65, 0x12, 0x0f, 0x0a, 0x0b, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45,
-	0x6e, 0x52, 0x65, 0x73, 0x70, 0x12, 0x6c, 0x0a, 0x11, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74,
+	0x44, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x50, 0x49, 0x46, 0x46, 0x45, 0x10, 0x01, 0x12,
-	0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e,
+	0x15, 0x0a, 0x11, 0x43, 0x4f, 0x4e, 0x4e, 0x45, 0x43, 0x54, 0x5f, 0x54, 0x4f, 0x5f, 0x47, 0x4f,
-	0x32, 0x3f, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e,
+	0x4f, 0x47, 0x4c, 0x45, 0x10, 0x02, 0x42, 0x0c, 0x0a, 0x0a, 0x70, 0x65, 0x65, 0x72, 0x5f, 0x6f,
-	0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x50, 0x65, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74,
+	0x6e, 0x65, 0x6f, 0x66, 0x22, 0xb2, 0x02, 0x0a, 0x20, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74,
-	0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70,
+	0x65, 0x50, 0x65, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
-	0x2e, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x75, 0x6c,
+	0x43, 0x68, 0x61, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x12, 0x6c, 0x0a, 0x11, 0x76, 0x61, 0x6c,
-	0x74, 0x52, 0x10, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73,
+	0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x18, 0x01,
-	0x75, 0x6c, 0x74, 0x12, 0x2d, 0x0a, 0x12, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f,
+	0x20, 0x01, 0x28, 0x0e, 0x32, 0x3f, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
 	0x6e, 0x5f, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
 	0x11, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x44, 0x65, 0x74, 0x61, 0x69,
 	0x6c, 0x73, 0x12, 0x32, 0x0a, 0x07, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x18, 0x03, 0x20,
 	0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e,
 	0x76, 0x32, 0x2e, 0x53, 0x32, 0x41, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x52, 0x07, 0x63,
 	0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x22, 0x3d, 0x0a, 0x10, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61,
 	0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x12, 0x0f, 0x0a, 0x0b, 0x55, 0x4e,
 	0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x53,
 	0x55, 0x43, 0x43, 0x45, 0x53, 0x53, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x46, 0x41, 0x49, 0x4c,
 	0x55, 0x52, 0x45, 0x10, 0x02, 0x22, 0x97, 0x05, 0x0a, 0x0a, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f,
 	0x6e, 0x52, 0x65, 0x71, 0x12, 0x3a, 0x0a, 0x0e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x69, 0x64,
 	0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x73,
 	0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74,
 	0x79, 0x52, 0x0d, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79,
 	0x12, 0x62, 0x0a, 0x19, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69,
 	0x6f, 0x6e, 0x5f, 0x6d, 0x65, 0x63, 0x68, 0x61, 0x6e, 0x69, 0x73, 0x6d, 0x73, 0x18, 0x02, 0x20,
 	0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e,
 	0x76, 0x32, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f,
 	0x6e, 0x4d, 0x65, 0x63, 0x68, 0x61, 0x6e, 0x69, 0x73, 0x6d, 0x52, 0x18, 0x61, 0x75, 0x74, 0x68,
 	0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x63, 0x68, 0x61, 0x6e,
 	0x69, 0x73, 0x6d, 0x73, 0x12, 0x61, 0x0a, 0x19, 0x67, 0x65, 0x74, 0x5f, 0x74, 0x6c, 0x73, 0x5f,
 	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65,
 	0x71, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72,
 	0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x47, 0x65, 0x74, 0x54, 0x6c, 0x73, 0x43, 0x6f, 0x6e,
 	0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x48, 0x00, 0x52,
 	0x16, 0x67, 0x65, 0x74, 0x54, 0x6c, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61,
 	0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x12, 0x77, 0x0a, 0x21, 0x6f, 0x66, 0x66, 0x6c, 0x6f,
 	0x61, 0x64, 0x5f, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x6f,
 	0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x71, 0x18, 0x04, 0x20, 0x01,
 	0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76,
 	0x32, 0x2e, 0x4f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65,
 	0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x48,
 	0x00, 0x52, 0x1d, 0x6f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74,
 	0x65, 0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71,
 	0x12, 0x80, 0x01, 0x0a, 0x24, 0x6f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x72, 0x65, 0x73,
 	0x75, 0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x6f, 0x70, 0x65, 0x72,
 	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x71, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32,
 	0x2e, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x4f,
 	0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x52, 0x65, 0x73, 0x75, 0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e,
 	0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x48,
 	0x00, 0x52, 0x20, 0x6f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x52, 0x65, 0x73, 0x75, 0x6d, 0x70,
 	0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
 	0x52, 0x65, 0x71, 0x12, 0x7d, 0x0a, 0x23, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x5f,
 	0x70, 0x65, 0x65, 0x72, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
 	0x5f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x5f, 0x72, 0x65, 0x71, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b,
 	0x32, 0x2d, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e,
 	0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x50, 0x65, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74,
 	0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x52, 0x65, 0x71, 0x48,
 	0x00, 0x52, 0x1f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x50, 0x65, 0x65, 0x72, 0x43,
 	0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x52,
 	0x65, 0x71, 0x42, 0x0b, 0x0a, 0x09, 0x72, 0x65, 0x71, 0x5f, 0x6f, 0x6e, 0x65, 0x6f, 0x66, 0x22,
 	0xb4, 0x04, 0x0a, 0x0b, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x12,
 	0x2c, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32,
 	0x14, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x53,
 	0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x64, 0x0a,
 	0x1a, 0x67, 0x65, 0x74, 0x5f, 0x74, 0x6c, 0x73, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75,
 	0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x18, 0x02, 0x20, 0x01, 0x28,
 	0x0b, 0x32, 0x25, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32,
 	0x2e, 0x47, 0x65, 0x74, 0x54, 0x6c, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61,
 	0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x48, 0x00, 0x52, 0x17, 0x67, 0x65, 0x74, 0x54,
 	0x6c, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52,
 	0x65, 0x73, 0x70, 0x12, 0x7a, 0x0a, 0x22, 0x6f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x70,
 	0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61,
 	0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32,
 	0x2c, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x4f,
 	0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79,
 	0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x48, 0x00, 0x52,
 	0x1e, 0x6f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b,
 	0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x12,
 	0x83, 0x01, 0x0a, 0x25, 0x6f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x72, 0x65, 0x73, 0x75,
 	0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61,
 	0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32,
 	0x2f, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x4f,
 	0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x52, 0x65, 0x73, 0x75, 0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e,
 	0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70,
 	0x48, 0x00, 0x52, 0x21, 0x6f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x52, 0x65, 0x73, 0x75, 0x6d,
 	0x70, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f,
 	0x6e, 0x52, 0x65, 0x73, 0x70, 0x12, 0x80, 0x01, 0x0a, 0x24, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61,
 	0x74, 0x65, 0x5f, 0x70, 0x65, 0x65, 0x72, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
 	0x61, 0x74, 0x65, 0x5f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x18, 0x05,
 	0x20, 0x01, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
 	0x2e, 0x76, 0x32, 0x2e, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x50, 0x65, 0x65, 0x72,
 	0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e,
-	0x52, 0x65, 0x73, 0x70, 0x48, 0x00, 0x52, 0x20, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65,
+	0x52, 0x65, 0x73, 0x70, 0x2e, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52,
 	0x65, 0x73, 0x75, 0x6c, 0x74, 0x52, 0x10, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f,
 	0x6e, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x12, 0x2d, 0x0a, 0x12, 0x76, 0x61, 0x6c, 0x69, 0x64,
 	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x18, 0x02, 0x20,
 	0x01, 0x28, 0x09, 0x52, 0x11, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x44,
 	0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x12, 0x32, 0x0a, 0x07, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78,
 	0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72,
 	0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x53, 0x32, 0x41, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78,
 	0x74, 0x52, 0x07, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x22, 0x3d, 0x0a, 0x10, 0x56, 0x61,
 	0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x12, 0x0f,
 	0x0a, 0x0b, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12,
 	0x0b, 0x0a, 0x07, 0x53, 0x55, 0x43, 0x43, 0x45, 0x53, 0x53, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07,
 	0x46, 0x41, 0x49, 0x4c, 0x55, 0x52, 0x45, 0x10, 0x02, 0x22, 0x97, 0x05, 0x0a, 0x0a, 0x53, 0x65,
 	0x73, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x12, 0x3a, 0x0a, 0x0e, 0x6c, 0x6f, 0x63, 0x61,
 	0x6c, 0x5f, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b,
 	0x32, 0x13, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x49, 0x64, 0x65,
 	0x6e, 0x74, 0x69, 0x74, 0x79, 0x52, 0x0d, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x49, 0x64, 0x65, 0x6e,
 	0x74, 0x69, 0x74, 0x79, 0x12, 0x62, 0x0a, 0x19, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69,
 	0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6d, 0x65, 0x63, 0x68, 0x61, 0x6e, 0x69, 0x73, 0x6d,
 	0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72,
 	0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63,
 	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x63, 0x68, 0x61, 0x6e, 0x69, 0x73, 0x6d, 0x52, 0x18,
 	0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65,
 	0x63, 0x68, 0x61, 0x6e, 0x69, 0x73, 0x6d, 0x73, 0x12, 0x61, 0x0a, 0x19, 0x67, 0x65, 0x74, 0x5f,
 	0x74, 0x6c, 0x73, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f,
 	0x6e, 0x5f, 0x72, 0x65, 0x71, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x73, 0x32,
 	0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x47, 0x65, 0x74, 0x54, 0x6c,
 	0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65,
 	0x71, 0x48, 0x00, 0x52, 0x16, 0x67, 0x65, 0x74, 0x54, 0x6c, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69,
 	0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x12, 0x77, 0x0a, 0x21, 0x6f,
 	0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b,
 	0x65, 0x79, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x71,
 	0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f,
 	0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x4f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x50, 0x72, 0x69,
 	0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
 	0x52, 0x65, 0x71, 0x48, 0x00, 0x52, 0x1d, 0x6f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x50, 0x72,
 	0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f,
 	0x6e, 0x52, 0x65, 0x71, 0x12, 0x80, 0x01, 0x0a, 0x24, 0x6f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64,
 	0x5f, 0x72, 0x65, 0x73, 0x75, 0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6b, 0x65, 0x79, 0x5f,
 	0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x71, 0x18, 0x05, 0x20,
 	0x01, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e,
 	0x76, 0x32, 0x2e, 0x4f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x52, 0x65, 0x73, 0x75, 0x6d, 0x70,
 	0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
 	0x52, 0x65, 0x71, 0x48, 0x00, 0x52, 0x20, 0x6f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x52, 0x65,
 	0x73, 0x75, 0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61,
 	0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x12, 0x7d, 0x0a, 0x23, 0x76, 0x61, 0x6c, 0x69, 0x64,
 	0x61, 0x74, 0x65, 0x5f, 0x70, 0x65, 0x65, 0x72, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
 	0x63, 0x61, 0x74, 0x65, 0x5f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x5f, 0x72, 0x65, 0x71, 0x18, 0x06,
 	0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
 	0x2e, 0x76, 0x32, 0x2e, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x50, 0x65, 0x65, 0x72,
 	0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e,
 	0x52, 0x65, 0x71, 0x48, 0x00, 0x52, 0x1f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x50,
 	0x65, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68,
 	0x61, 0x69, 0x6e, 0x52, 0x65, 0x71, 0x42, 0x0b, 0x0a, 0x09, 0x72, 0x65, 0x71, 0x5f, 0x6f, 0x6e,
 	0x65, 0x6f, 0x66, 0x22, 0xb4, 0x04, 0x0a, 0x0b, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x52,
 	0x65, 0x73, 0x70, 0x12, 0x2c, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x01, 0x20,
 	0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e,
 	0x76, 0x32, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75,
 	0x73, 0x12, 0x64, 0x0a, 0x1a, 0x67, 0x65, 0x74, 0x5f, 0x74, 0x6c, 0x73, 0x5f, 0x63, 0x6f, 0x6e,
 	0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x18,
 	0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74,
 	0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x47, 0x65, 0x74, 0x54, 0x6c, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69,
 	0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x48, 0x00, 0x52, 0x17,
 	0x67, 0x65, 0x74, 0x54, 0x6c, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74,
 	0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x12, 0x7a, 0x0a, 0x22, 0x6f, 0x66, 0x66, 0x6c, 0x6f,
 	0x61, 0x64, 0x5f, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x6f,
 	0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x18, 0x03, 0x20,
 	0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e,
 	0x76, 0x32, 0x2e, 0x4f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74,
 	0x65, 0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73,
 	0x70, 0x48, 0x00, 0x52, 0x1e, 0x6f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x50, 0x72, 0x69, 0x76,
 	0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52,
 	0x65, 0x73, 0x70, 0x12, 0x83, 0x01, 0x0a, 0x25, 0x6f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x5f,
 	0x72, 0x65, 0x73, 0x75, 0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x6f,
 	0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x18, 0x04, 0x20,
 	0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e,
 	0x76, 0x32, 0x2e, 0x4f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x52, 0x65, 0x73, 0x75, 0x6d, 0x70,
 	0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
 	0x52, 0x65, 0x73, 0x70, 0x48, 0x00, 0x52, 0x21, 0x6f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x52,
 	0x65, 0x73, 0x75, 0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72,
 	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x12, 0x80, 0x01, 0x0a, 0x24, 0x76, 0x61,
 	0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x5f, 0x70, 0x65, 0x65, 0x72, 0x5f, 0x63, 0x65, 0x72, 0x74,
 	0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x5f, 0x72, 0x65,
 	0x73, 0x70, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70,
 	0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65,
 	0x50, 0x65, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43,
-	0x68, 0x61, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x42, 0x0c, 0x0a, 0x0a, 0x72, 0x65, 0x73, 0x70,
+	0x68, 0x61, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x48, 0x00, 0x52, 0x20, 0x76, 0x61, 0x6c, 0x69,
-	0x5f, 0x6f, 0x6e, 0x65, 0x6f, 0x66, 0x2a, 0xa2, 0x03, 0x0a, 0x12, 0x53, 0x69, 0x67, 0x6e, 0x61,
+	0x64, 0x61, 0x74, 0x65, 0x50, 0x65, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
-	0x74, 0x75, 0x72, 0x65, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x12, 0x1c, 0x0a,
+	0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x42, 0x0c, 0x0a, 0x0a,
-	0x18, 0x53, 0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x55, 0x4e,
+	0x72, 0x65, 0x73, 0x70, 0x5f, 0x6f, 0x6e, 0x65, 0x6f, 0x66, 0x2a, 0xa2, 0x03, 0x0a, 0x12, 0x53,
-	0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x21, 0x0a, 0x1d, 0x53,
+	0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68,
-	0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x52, 0x53, 0x41, 0x5f,
+	0x6d, 0x12, 0x1c, 0x0a, 0x18, 0x53, 0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c, 0x5f, 0x53, 0x49, 0x47,
-	0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x01, 0x12, 0x21,
+	0x4e, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12,
-	0x0a, 0x1d, 0x53, 0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x52,
+	0x21, 0x0a, 0x1d, 0x53, 0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f,
-	0x53, 0x41, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x53, 0x48, 0x41, 0x33, 0x38, 0x34, 0x10,
+	0x52, 0x53, 0x41, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36,
-	0x02, 0x12, 0x21, 0x0a, 0x1d, 0x53, 0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c, 0x5f, 0x53, 0x49, 0x47,
+	0x10, 0x01, 0x12, 0x21, 0x0a, 0x1d, 0x53, 0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c, 0x5f, 0x53, 0x49,
-	0x4e, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x53, 0x48, 0x41, 0x35,
+	0x47, 0x4e, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x53, 0x48, 0x41,
-	0x31, 0x32, 0x10, 0x03, 0x12, 0x27, 0x0a, 0x23, 0x53, 0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c, 0x5f,
+	0x33, 0x38, 0x34, 0x10, 0x02, 0x12, 0x21, 0x0a, 0x1d, 0x53, 0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c,
-	0x53, 0x49, 0x47, 0x4e, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x53, 0x45, 0x43, 0x50, 0x32,
+	0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f,
-	0x35, 0x36, 0x52, 0x31, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x04, 0x12, 0x27, 0x0a,
+	0x53, 0x48, 0x41, 0x35, 0x31, 0x32, 0x10, 0x03, 0x12, 0x27, 0x0a, 0x23, 0x53, 0x32, 0x41, 0x5f,
-	0x23, 0x53, 0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x45, 0x43,
+	0x53, 0x53, 0x4c, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x53,
-	0x44, 0x53, 0x41, 0x5f, 0x53, 0x45, 0x43, 0x50, 0x33, 0x38, 0x34, 0x52, 0x31, 0x5f, 0x53, 0x48,
+	0x45, 0x43, 0x50, 0x32, 0x35, 0x36, 0x52, 0x31, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10,
-	0x41, 0x33, 0x38, 0x34, 0x10, 0x05, 0x12, 0x27, 0x0a, 0x23, 0x53, 0x32, 0x41, 0x5f, 0x53, 0x53,
+	0x04, 0x12, 0x27, 0x0a, 0x23, 0x53, 0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c, 0x5f, 0x53, 0x49, 0x47,
-	0x4c, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x53, 0x45, 0x43,
+	0x4e, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x53, 0x45, 0x43, 0x50, 0x33, 0x38, 0x34, 0x52,
-	0x50, 0x35, 0x32, 0x31, 0x52, 0x31, 0x5f, 0x53, 0x48, 0x41, 0x35, 0x31, 0x32, 0x10, 0x06, 0x12,
+	0x31, 0x5f, 0x53, 0x48, 0x41, 0x33, 0x38, 0x34, 0x10, 0x05, 0x12, 0x27, 0x0a, 0x23, 0x53, 0x32,
 	0x41, 0x5f, 0x53, 0x53, 0x4c, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41,
 	0x5f, 0x53, 0x45, 0x43, 0x50, 0x35, 0x32, 0x31, 0x52, 0x31, 0x5f, 0x53, 0x48, 0x41, 0x35, 0x31,
 	0x32, 0x10, 0x06, 0x12, 0x24, 0x0a, 0x20, 0x53, 0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c, 0x5f, 0x53,
 	0x49, 0x47, 0x4e, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x53, 0x53, 0x5f, 0x52, 0x53, 0x41, 0x45,
 	0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x07, 0x12, 0x24, 0x0a, 0x20, 0x53, 0x32, 0x41,
 	0x5f, 0x53, 0x53, 0x4c, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x53,
 	0x53, 0x5f, 0x52, 0x53, 0x41, 0x45, 0x5f, 0x53, 0x48, 0x41, 0x33, 0x38, 0x34, 0x10, 0x08, 0x12,
 	0x24, 0x0a, 0x20, 0x53, 0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f,
 	0x52, 0x53, 0x41, 0x5f, 0x50, 0x53, 0x53, 0x5f, 0x52, 0x53, 0x41, 0x45, 0x5f, 0x53, 0x48, 0x41,
-	0x32, 0x35, 0x36, 0x10, 0x07, 0x12, 0x24, 0x0a, 0x20, 0x53, 0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c,
+	0x35, 0x31, 0x32, 0x10, 0x09, 0x12, 0x18, 0x0a, 0x14, 0x53, 0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c,
-	0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x53, 0x53, 0x5f, 0x52, 0x53,
+	0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, 0x10, 0x0a, 0x32,
-	0x41, 0x45, 0x5f, 0x53, 0x48, 0x41, 0x33, 0x38, 0x34, 0x10, 0x08, 0x12, 0x24, 0x0a, 0x20, 0x53,
+	0x57, 0x0a, 0x0a, 0x53, 0x32, 0x41, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x49, 0x0a,
-	0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x52, 0x53, 0x41, 0x5f,
+	0x0c, 0x53, 0x65, 0x74, 0x55, 0x70, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x18, 0x2e,
-	0x50, 0x53, 0x53, 0x5f, 0x52, 0x53, 0x41, 0x45, 0x5f, 0x53, 0x48, 0x41, 0x35, 0x31, 0x32, 0x10,
+	0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x53, 0x65, 0x73,
-	0x09, 0x12, 0x18, 0x0a, 0x14, 0x53, 0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c, 0x5f, 0x53, 0x49, 0x47,
+	0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x1a, 0x19, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72,
-	0x4e, 0x5f, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, 0x10, 0x0a, 0x32, 0x57, 0x0a, 0x0a, 0x53,
+	0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65,
-	0x32, 0x41, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x49, 0x0a, 0x0c, 0x53, 0x65, 0x74,
+	0x73, 0x70, 0x22, 0x00, 0x28, 0x01, 0x30, 0x01, 0x42, 0x36, 0x5a, 0x34, 0x67, 0x69, 0x74, 0x68,
-	0x55, 0x70, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x18, 0x2e, 0x73, 0x32, 0x61, 0x2e,
+	0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x73, 0x32,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e,
+	0x61, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x52, 0x65, 0x71, 0x1a, 0x19, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e,
+	0x2f, 0x76, 0x32, 0x2f, 0x73, 0x32, 0x61, 0x5f, 0x67, 0x6f, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x76, 0x32, 0x2e, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x22, 0x00,
+	0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 	0x28, 0x01, 0x30, 0x01, 0x42, 0x36, 0x5a, 0x34, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63,
 	0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x73, 0x32, 0x61, 0x2f, 0x69, 0x6e,
 	0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x76, 0x32, 0x2f,
 	0x73, 0x32, 0x61, 0x5f, 0x67, 0x6f, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72,
 	0x6f, 0x74, 0x6f, 0x33,
 }
 var (
--- a/vendor/github.com/google/s2a-go/internal/v2/certverifier/certverifier.go
+++ b/vendor/github.com/google/s2a-go/internal/v2/certverifier/certverifier.go
@ -23,6 +23,7 @@ import (
 	"crypto/x509"
 	"fmt"
 	"github.com/google/s2a-go/stream"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/grpclog"
@ -31,13 +32,13 @@ import (
 // VerifyClientCertificateChain builds a SessionReq, sends it to S2Av2 and
 // receives a SessionResp.
-func VerifyClientCertificateChain(verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, cstream s2av2pb.S2AService_SetUpSessionClient) func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
+func VerifyClientCertificateChain(verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, s2AStream stream.S2AStream) func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
 	return func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
 		// Offload verification to S2Av2.
 		if grpclog.V(1) {
 			grpclog.Infof("Sending request to S2Av2 for client peer cert chain validation.")
 		}
-		if err := cstream.Send(&s2av2pb.SessionReq{
+		if err := s2AStream.Send(&s2av2pb.SessionReq{
 			ReqOneof: &s2av2pb.SessionReq_ValidatePeerCertificateChainReq{
 				ValidatePeerCertificateChainReq: &s2av2pb.ValidatePeerCertificateChainReq{
 					Mode: verificationMode,
@ -54,7 +55,7 @@ func VerifyClientCertificateChain(verificationMode s2av2pb.ValidatePeerCertifica
 		}
 		// Get the response from S2Av2.
-		resp, err := cstream.Recv()
+		resp, err := s2AStream.Recv()
 		if err != nil {
 			grpclog.Infof("Failed to receive client peer cert chain validation response from S2Av2.")
 			return err
@ -76,20 +77,21 @@ func VerifyClientCertificateChain(verificationMode s2av2pb.ValidatePeerCertifica
 // VerifyServerCertificateChain builds a SessionReq, sends it to S2Av2 and
 // receives a SessionResp.
-func VerifyServerCertificateChain(hostname string, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, cstream s2av2pb.S2AService_SetUpSessionClient) func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
+func VerifyServerCertificateChain(hostname string, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, s2AStream stream.S2AStream, serverAuthorizationPolicy []byte) func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
 	return func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
 		// Offload verification to S2Av2.
 		if grpclog.V(1) {
 			grpclog.Infof("Sending request to S2Av2 for server peer cert chain validation.")
 		}
-		if err := cstream.Send(&s2av2pb.SessionReq{
+		if err := s2AStream.Send(&s2av2pb.SessionReq{
 			ReqOneof: &s2av2pb.SessionReq_ValidatePeerCertificateChainReq{
 				ValidatePeerCertificateChainReq: &s2av2pb.ValidatePeerCertificateChainReq{
 					Mode: verificationMode,
 					PeerOneof: &s2av2pb.ValidatePeerCertificateChainReq_ServerPeer_{
 						ServerPeer: &s2av2pb.ValidatePeerCertificateChainReq_ServerPeer{
-							CertificateChain: rawCerts,
+							CertificateChain:                   rawCerts,
-							ServerHostname:   hostname,
+							ServerHostname:                     hostname,
 							SerializedUnrestrictedClientPolicy: serverAuthorizationPolicy,
 						},
 					},
 				},
@ -100,7 +102,7 @@ func VerifyServerCertificateChain(hostname string, verificationMode s2av2pb.Vali
 		}
 		// Get the response from S2Av2.
-		resp, err := cstream.Recv()
+		resp, err := s2AStream.Recv()
 		if err != nil {
 			grpclog.Infof("Failed to receive server peer cert chain validation response from S2Av2.")
 			return err
--- a/vendor/github.com/google/s2a-go/internal/v2/remotesigner/remotesigner.go
+++ b/vendor/github.com/google/s2a-go/internal/v2/remotesigner/remotesigner.go
@ -26,6 +26,7 @@ import (
 	"fmt"
 	"io"
 	"github.com/google/s2a-go/stream"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/grpclog"
@ -34,14 +35,14 @@ import (
 // remoteSigner implementes the crypto.Signer interface.
 type remoteSigner struct {
-	leafCert *x509.Certificate
+	leafCert  *x509.Certificate
-	cstream  s2av2pb.S2AService_SetUpSessionClient
+	s2AStream stream.S2AStream
 }
 // New returns an instance of RemoteSigner, an implementation of the
 // crypto.Signer interface.
-func New(leafCert *x509.Certificate, cstream s2av2pb.S2AService_SetUpSessionClient) crypto.Signer {
+func New(leafCert *x509.Certificate, s2AStream stream.S2AStream) crypto.Signer {
-	return &remoteSigner{leafCert, cstream}
+	return &remoteSigner{leafCert, s2AStream}
 }
 func (s *remoteSigner) Public() crypto.PublicKey {
@ -61,7 +62,7 @@ func (s *remoteSigner) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpt
 	if grpclog.V(1) {
 		grpclog.Infof("Sending request to S2Av2 for signing operation.")
 	}
-	if err := s.cstream.Send(&s2av2pb.SessionReq{
+	if err := s.s2AStream.Send(&s2av2pb.SessionReq{
 		ReqOneof: &s2av2pb.SessionReq_OffloadPrivateKeyOperationReq{
 			OffloadPrivateKeyOperationReq: req,
 		},
@ -70,7 +71,7 @@ func (s *remoteSigner) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpt
 		return nil, err
 	}
-	resp, err := s.cstream.Recv()
+	resp, err := s.s2AStream.Recv()
 	if err != nil {
 		grpclog.Infof("Failed to receive signing operation response from S2Av2.")
 		return nil, err
@ -88,9 +89,9 @@ func (s *remoteSigner) getCert() *x509.Certificate {
 	return s.leafCert
 }
-// getStream returns the cstream field in s.
+// getStream returns the s2AStream field in s.
-func (s *remoteSigner) getStream() s2av2pb.S2AService_SetUpSessionClient {
+func (s *remoteSigner) getStream() stream.S2AStream {
-	return s.cstream
+	return s.s2AStream
 }
 func getSignReq(signatureAlgorithm s2av2pb.SignatureAlgorithm, digest []byte) (*s2av2pb.OffloadPrivateKeyOperationReq, error) {
--- a/vendor/github.com/google/s2a-go/internal/v2/s2av2.go
+++ b/vendor/github.com/google/s2a-go/internal/v2/s2av2.go
@ -24,8 +24,8 @@ import (
 	"context"
 	"crypto/tls"
 	"errors"
 	"flag"
 	"net"
 	"os"
 	"time"
 	"github.com/golang/protobuf/proto"
@ -33,6 +33,7 @@ import (
 	"github.com/google/s2a-go/internal/handshaker/service"
 	"github.com/google/s2a-go/internal/tokenmanager"
 	"github.com/google/s2a-go/internal/v2/tlsconfigstore"
 	"github.com/google/s2a-go/stream"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
 	"google.golang.org/grpc/grpclog"
@ -43,9 +44,11 @@ import (
 const (
 	s2aSecurityProtocol = "tls"
 	defaultS2ATimeout   = 3 * time.Second
 )
-var S2ATimeout = flag.Duration("s2a_timeout", 3*time.Second, "Timeout enforced on the connection to the S2A service for handshake.")
+// An environment variable, which sets the timeout enforced on the connection to the S2A service for handshake.
 const s2aTimeoutEnv = "S2A_TIMEOUT"
 type s2av2TransportCreds struct {
 	info         *credentials.ProtocolInfo
@ -56,14 +59,16 @@ type s2av2TransportCreds struct {
 	// localIdentity should only be used by the client.
 	localIdentity *commonpbv1.Identity
 	// localIdentities should only be used by the server.
-	localIdentities         []*commonpbv1.Identity
+	localIdentities           []*commonpbv1.Identity
-	verificationMode        s2av2pb.ValidatePeerCertificateChainReq_VerificationMode
+	verificationMode          s2av2pb.ValidatePeerCertificateChainReq_VerificationMode
-	fallbackClientHandshake fallback.ClientHandshake
+	fallbackClientHandshake   fallback.ClientHandshake
 	getS2AStream              func(ctx context.Context, s2av2Address string) (stream.S2AStream, error)
 	serverAuthorizationPolicy []byte
 }
 // NewClientCreds returns a client-side transport credentials object that uses
 // the S2Av2 to establish a secure connection with a server.
-func NewClientCreds(s2av2Address string, localIdentity *commonpbv1.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, fallbackClientHandshakeFunc fallback.ClientHandshake) (credentials.TransportCredentials, error) {
+func NewClientCreds(s2av2Address string, localIdentity *commonpbv1.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, fallbackClientHandshakeFunc fallback.ClientHandshake, getS2AStream func(ctx context.Context, s2av2Address string) (stream.S2AStream, error), serverAuthorizationPolicy []byte) (credentials.TransportCredentials, error) {
 	// Create an AccessTokenManager instance to use to authenticate to S2Av2.
 	accessTokenManager, err := tokenmanager.NewSingleTokenAccessTokenManager()
@ -71,12 +76,14 @@ func NewClientCreds(s2av2Address string, localIdentity *commonpbv1.Identity, ver
 		info: &credentials.ProtocolInfo{
 			SecurityProtocol: s2aSecurityProtocol,
 		},
-		isClient:                true,
+		isClient:                  true,
-		serverName:              "",
+		serverName:                "",
-		s2av2Address:            s2av2Address,
+		s2av2Address:              s2av2Address,
-		localIdentity:           localIdentity,
+		localIdentity:             localIdentity,
-		verificationMode:        verificationMode,
+		verificationMode:          verificationMode,
-		fallbackClientHandshake: fallbackClientHandshakeFunc,
+		fallbackClientHandshake:   fallbackClientHandshakeFunc,
 		getS2AStream:              getS2AStream,
 		serverAuthorizationPolicy: serverAuthorizationPolicy,
 	}
 	if err != nil {
 		creds.tokenManager = nil
@ -91,7 +98,7 @@ func NewClientCreds(s2av2Address string, localIdentity *commonpbv1.Identity, ver
 // NewServerCreds returns a server-side transport credentials object that uses
 // the S2Av2 to establish a secure connection with a client.
-func NewServerCreds(s2av2Address string, localIdentities []*commonpbv1.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode) (credentials.TransportCredentials, error) {
+func NewServerCreds(s2av2Address string, localIdentities []*commonpbv1.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, getS2AStream func(ctx context.Context, s2av2Address string) (stream.S2AStream, error)) (credentials.TransportCredentials, error) {
 	// Create an AccessTokenManager instance to use to authenticate to S2Av2.
 	accessTokenManager, err := tokenmanager.NewSingleTokenAccessTokenManager()
 	creds := &s2av2TransportCreds{
@ -102,6 +109,7 @@ func NewServerCreds(s2av2Address string, localIdentities []*commonpbv1.Identity,
 		s2av2Address:     s2av2Address,
 		localIdentities:  localIdentities,
 		verificationMode: verificationMode,
 		getS2AStream:     getS2AStream,
 	}
 	if err != nil {
 		creds.tokenManager = nil
@ -121,9 +129,9 @@ func (c *s2av2TransportCreds) ClientHandshake(ctx context.Context, serverAuthori
 	}
 	// Remove the port from serverAuthority.
 	serverName := removeServerNamePort(serverAuthority)
-	timeoutCtx, cancel := context.WithTimeout(ctx, *S2ATimeout)
+	timeoutCtx, cancel := context.WithTimeout(ctx, GetS2ATimeout())
 	defer cancel()
-	cstream, err := createStream(timeoutCtx, c.s2av2Address)
+	s2AStream, err := createStream(timeoutCtx, c.s2av2Address, c.getS2AStream)
 	if err != nil {
 		grpclog.Infof("Failed to connect to S2Av2: %v", err)
 		if c.fallbackClientHandshake != nil {
@ -131,7 +139,7 @@ func (c *s2av2TransportCreds) ClientHandshake(ctx context.Context, serverAuthori
 		}
 		return nil, nil, err
 	}
-	defer cstream.CloseSend()
+	defer s2AStream.CloseSend()
 	if grpclog.V(1) {
 		grpclog.Infof("Connected to S2Av2.")
 	}
@ -145,7 +153,7 @@ func (c *s2av2TransportCreds) ClientHandshake(ctx context.Context, serverAuthori
 	}
 	if c.serverName == "" {
-		config, err = tlsconfigstore.GetTLSConfigurationForClient(serverName, cstream, tokenManager, c.localIdentity, c.verificationMode)
+		config, err = tlsconfigstore.GetTLSConfigurationForClient(serverName, s2AStream, tokenManager, c.localIdentity, c.verificationMode, c.serverAuthorizationPolicy)
 		if err != nil {
 			grpclog.Info("Failed to get client TLS config from S2Av2: %v", err)
 			if c.fallbackClientHandshake != nil {
@ -154,7 +162,7 @@ func (c *s2av2TransportCreds) ClientHandshake(ctx context.Context, serverAuthori
 			return nil, nil, err
 		}
 	} else {
-		config, err = tlsconfigstore.GetTLSConfigurationForClient(c.serverName, cstream, tokenManager, c.localIdentity, c.verificationMode)
+		config, err = tlsconfigstore.GetTLSConfigurationForClient(c.serverName, s2AStream, tokenManager, c.localIdentity, c.verificationMode, c.serverAuthorizationPolicy)
 		if err != nil {
 			grpclog.Info("Failed to get client TLS config from S2Av2: %v", err)
 			if c.fallbackClientHandshake != nil {
@ -186,14 +194,14 @@ func (c *s2av2TransportCreds) ServerHandshake(rawConn net.Conn) (net.Conn, crede
 	if c.isClient {
 		return nil, nil, errors.New("server handshake called using client transport credentials")
 	}
-	ctx, cancel := context.WithTimeout(context.Background(), *S2ATimeout)
+	ctx, cancel := context.WithTimeout(context.Background(), GetS2ATimeout())
 	defer cancel()
-	cstream, err := createStream(ctx, c.s2av2Address)
+	s2AStream, err := createStream(ctx, c.s2av2Address, c.getS2AStream)
 	if err != nil {
 		grpclog.Infof("Failed to connect to S2Av2: %v", err)
 		return nil, nil, err
 	}
-	defer cstream.CloseSend()
+	defer s2AStream.CloseSend()
 	if grpclog.V(1) {
 		grpclog.Infof("Connected to S2Av2.")
 	}
@ -205,7 +213,7 @@ func (c *s2av2TransportCreds) ServerHandshake(rawConn net.Conn) (net.Conn, crede
 		tokenManager = *c.tokenManager
 	}
-	config, err := tlsconfigstore.GetTLSConfigurationForServer(cstream, tokenManager, c.localIdentities, c.verificationMode)
+	config, err := tlsconfigstore.GetTLSConfigurationForServer(s2AStream, tokenManager, c.localIdentities, c.verificationMode)
 	if err != nil {
 		grpclog.Infof("Failed to get server TLS config from S2Av2: %v", err)
 		return nil, nil, err
@ -272,14 +280,15 @@ func NewClientTLSConfig(
 	s2av2Address string,
 	tokenManager tokenmanager.AccessTokenManager,
 	verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode,
-	serverName string) (*tls.Config, error) {
+	serverName string,
-	cstream, err := createStream(ctx, s2av2Address)
+	serverAuthorizationPolicy []byte) (*tls.Config, error) {
 	s2AStream, err := createStream(ctx, s2av2Address, nil)
 	if err != nil {
 		grpclog.Infof("Failed to connect to S2Av2: %v", err)
 		return nil, err
 	}
-	return tlsconfigstore.GetTLSConfigurationForClient(removeServerNamePort(serverName), cstream, tokenManager, nil, verificationMode)
+	return tlsconfigstore.GetTLSConfigurationForClient(removeServerNamePort(serverName), s2AStream, tokenManager, nil, verificationMode, serverAuthorizationPolicy)
 }
 // OverrideServerName sets the ServerName in the s2av2TransportCreds protocol
@ -300,12 +309,46 @@ func removeServerNamePort(serverName string) string {
 	return name
 }
-func createStream(ctx context.Context, s2av2Address string) (s2av2pb.S2AService_SetUpSessionClient, error) {
+type s2AGrpcStream struct {
 	stream s2av2pb.S2AService_SetUpSessionClient
 }
 func (x s2AGrpcStream) Send(m *s2av2pb.SessionReq) error {
 	return x.stream.Send(m)
 }
 func (x s2AGrpcStream) Recv() (*s2av2pb.SessionResp, error) {
 	return x.stream.Recv()
 }
 func (x s2AGrpcStream) CloseSend() error {
 	return x.stream.CloseSend()
 }
 func createStream(ctx context.Context, s2av2Address string, getS2AStream func(ctx context.Context, s2av2Address string) (stream.S2AStream, error)) (stream.S2AStream, error) {
 	if getS2AStream != nil {
 		return getS2AStream(ctx, s2av2Address)
 	}
 	// TODO(rmehta19): Consider whether to close the connection to S2Av2.
 	conn, err := service.Dial(s2av2Address)
 	if err != nil {
 		return nil, err
 	}
 	client := s2av2pb.NewS2AServiceClient(conn)
-	return client.SetUpSession(ctx, []grpc.CallOption{}...)
+	gRPCStream, err := client.SetUpSession(ctx, []grpc.CallOption{}...)
 	if err != nil {
 		return nil, err
 	}
 	return &s2AGrpcStream{
 		stream: gRPCStream,
 	}, nil
 }
 // GetS2ATimeout returns the timeout enforced on the connection to the S2A service for handshake.
 func GetS2ATimeout() time.Duration {
 	timeout, err := time.ParseDuration(os.Getenv(s2aTimeoutEnv))
 	if err != nil {
 		return defaultS2ATimeout
 	}
 	return timeout
 }
--- a/vendor/github.com/google/s2a-go/internal/v2/tlsconfigstore/tlsconfigstore.go
+++ b/vendor/github.com/google/s2a-go/internal/v2/tlsconfigstore/tlsconfigstore.go
@ -29,6 +29,7 @@ import (
 	"github.com/google/s2a-go/internal/tokenmanager"
 	"github.com/google/s2a-go/internal/v2/certverifier"
 	"github.com/google/s2a-go/internal/v2/remotesigner"
 	"github.com/google/s2a-go/stream"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/grpclog"
@ -43,14 +44,14 @@ const (
 )
 // GetTLSConfigurationForClient returns a tls.Config instance for use by a client application.
-func GetTLSConfigurationForClient(serverHostname string, cstream s2av2pb.S2AService_SetUpSessionClient, tokenManager tokenmanager.AccessTokenManager, localIdentity *commonpbv1.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode) (*tls.Config, error) {
+func GetTLSConfigurationForClient(serverHostname string, s2AStream stream.S2AStream, tokenManager tokenmanager.AccessTokenManager, localIdentity *commonpbv1.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, serverAuthorizationPolicy []byte) (*tls.Config, error) {
 	authMechanisms := getAuthMechanisms(tokenManager, []*commonpbv1.Identity{localIdentity})
 	if grpclog.V(1) {
 		grpclog.Infof("Sending request to S2Av2 for client TLS config.")
 	}
 	// Send request to S2Av2 for config.
-	if err := cstream.Send(&s2av2pb.SessionReq{
+	if err := s2AStream.Send(&s2av2pb.SessionReq{
 		LocalIdentity:            localIdentity,
 		AuthenticationMechanisms: authMechanisms,
 		ReqOneof: &s2av2pb.SessionReq_GetTlsConfigurationReq{
@ -64,7 +65,7 @@ func GetTLSConfigurationForClient(serverHostname string, cstream s2av2pb.S2AServ
 	}
 	// Get the response containing config from S2Av2.
-	resp, err := cstream.Recv()
+	resp, err := s2AStream.Recv()
 	if err != nil {
 		grpclog.Infof("Failed to receive client TLS config response from S2Av2.")
 		return nil, err
@ -96,7 +97,7 @@ func GetTLSConfigurationForClient(serverHostname string, cstream s2av2pb.S2AServ
 	}
 	if len(tlsConfig.CertificateChain) > 0 {
-		cert.PrivateKey = remotesigner.New(cert.Leaf, cstream)
+		cert.PrivateKey = remotesigner.New(cert.Leaf, s2AStream)
 		if cert.PrivateKey == nil {
 			return nil, errors.New("failed to retrieve Private Key from Remote Signer Library")
 		}
@ -109,7 +110,7 @@ func GetTLSConfigurationForClient(serverHostname string, cstream s2av2pb.S2AServ
 	// Create mTLS credentials for client.
 	config := &tls.Config{
-		VerifyPeerCertificate:  certverifier.VerifyServerCertificateChain(serverHostname, verificationMode, cstream),
+		VerifyPeerCertificate:  certverifier.VerifyServerCertificateChain(serverHostname, verificationMode, s2AStream, serverAuthorizationPolicy),
 		ServerName:             serverHostname,
 		InsecureSkipVerify:     true, // NOLINT
 		ClientSessionCache:     nil,
@ -125,9 +126,9 @@ func GetTLSConfigurationForClient(serverHostname string, cstream s2av2pb.S2AServ
 }
 // GetTLSConfigurationForServer returns a tls.Config instance for use by a server application.
-func GetTLSConfigurationForServer(cstream s2av2pb.S2AService_SetUpSessionClient, tokenManager tokenmanager.AccessTokenManager, localIdentities []*commonpbv1.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode) (*tls.Config, error) {
+func GetTLSConfigurationForServer(s2AStream stream.S2AStream, tokenManager tokenmanager.AccessTokenManager, localIdentities []*commonpbv1.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode) (*tls.Config, error) {
 	return &tls.Config{
-		GetConfigForClient: ClientConfig(tokenManager, localIdentities, verificationMode, cstream),
+		GetConfigForClient: ClientConfig(tokenManager, localIdentities, verificationMode, s2AStream),
 	}, nil
 }
@ -135,9 +136,9 @@ func GetTLSConfigurationForServer(cstream s2av2pb.S2AService_SetUpSessionClient,
 // connection with a client, based on SNI communicated during ClientHello.
 // Ensures that server presents the correct certificate to establish a TLS
 // connection.
-func ClientConfig(tokenManager tokenmanager.AccessTokenManager, localIdentities []*commonpbv1.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, cstream s2av2pb.S2AService_SetUpSessionClient) func(chi *tls.ClientHelloInfo) (*tls.Config, error) {
+func ClientConfig(tokenManager tokenmanager.AccessTokenManager, localIdentities []*commonpbv1.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, s2AStream stream.S2AStream) func(chi *tls.ClientHelloInfo) (*tls.Config, error) {
 	return func(chi *tls.ClientHelloInfo) (*tls.Config, error) {
-		tlsConfig, err := getServerConfigFromS2Av2(tokenManager, localIdentities, chi.ServerName, cstream)
+		tlsConfig, err := getServerConfigFromS2Av2(tokenManager, localIdentities, chi.ServerName, s2AStream)
 		if err != nil {
 			return nil, err
 		}
@ -159,7 +160,7 @@ func ClientConfig(tokenManager tokenmanager.AccessTokenManager, localIdentities
 			}
 		}
-		cert.PrivateKey = remotesigner.New(cert.Leaf, cstream)
+		cert.PrivateKey = remotesigner.New(cert.Leaf, s2AStream)
 		if cert.PrivateKey == nil {
 			return nil, errors.New("failed to retrieve Private Key from Remote Signer Library")
 		}
@ -177,7 +178,7 @@ func ClientConfig(tokenManager tokenmanager.AccessTokenManager, localIdentities
 		// Create mTLS credentials for server.
 		return &tls.Config{
 			Certificates:           []tls.Certificate{cert},
-			VerifyPeerCertificate:  certverifier.VerifyClientCertificateChain(verificationMode, cstream),
+			VerifyPeerCertificate:  certverifier.VerifyClientCertificateChain(verificationMode, s2AStream),
 			ClientAuth:             clientAuth,
 			CipherSuites:           cipherSuites,
 			SessionTicketsDisabled: true,
@ -218,14 +219,14 @@ func getTLSCipherSuite(tlsCipherSuite commonpb.Ciphersuite) uint16 {
 	}
 }
-func getServerConfigFromS2Av2(tokenManager tokenmanager.AccessTokenManager, localIdentities []*commonpbv1.Identity, sni string, cstream s2av2pb.S2AService_SetUpSessionClient) (*s2av2pb.GetTlsConfigurationResp_ServerTlsConfiguration, error) {
+func getServerConfigFromS2Av2(tokenManager tokenmanager.AccessTokenManager, localIdentities []*commonpbv1.Identity, sni string, s2AStream stream.S2AStream) (*s2av2pb.GetTlsConfigurationResp_ServerTlsConfiguration, error) {
 	authMechanisms := getAuthMechanisms(tokenManager, localIdentities)
 	var locID *commonpbv1.Identity
 	if localIdentities != nil {
 		locID = localIdentities[0]
 	}
-	if err := cstream.Send(&s2av2pb.SessionReq{
+	if err := s2AStream.Send(&s2av2pb.SessionReq{
 		LocalIdentity:            locID,
 		AuthenticationMechanisms: authMechanisms,
 		ReqOneof: &s2av2pb.SessionReq_GetTlsConfigurationReq{
@ -238,7 +239,7 @@ func getServerConfigFromS2Av2(tokenManager tokenmanager.AccessTokenManager, loca
 		return nil, err
 	}
-	resp, err := cstream.Recv()
+	resp, err := s2AStream.Recv()
 	if err != nil {
 		return nil, err
 	}
--- a/vendor/github.com/google/s2a-go/s2a.go
+++ b/vendor/github.com/google/s2a-go/s2a.go
@ -111,7 +111,7 @@ func NewClientCreds(opts *ClientOptions) (credentials.TransportCredentials, erro
 	if opts.FallbackOpts != nil && opts.FallbackOpts.FallbackClientHandshakeFunc != nil {
 		fallbackFunc = opts.FallbackOpts.FallbackClientHandshakeFunc
 	}
-	return v2.NewClientCreds(opts.S2AAddress, localIdentity, verificationMode, fallbackFunc)
+	return v2.NewClientCreds(opts.S2AAddress, localIdentity, verificationMode, fallbackFunc, opts.getS2AStream, opts.serverAuthorizationPolicy)
 }
 // NewServerCreds returns a server-side transport credentials object that uses
@ -146,7 +146,7 @@ func NewServerCreds(opts *ServerOptions) (credentials.TransportCredentials, erro
 		}, nil
 	}
 	verificationMode := getVerificationMode(opts.VerificationMode)
-	return v2.NewServerCreds(opts.S2AAddress, localIdentities, verificationMode)
+	return v2.NewServerCreds(opts.S2AAddress, localIdentities, verificationMode, opts.getS2AStream)
 }
 // ClientHandshake initiates a client-side TLS handshake using the S2A.
@ -311,22 +311,25 @@ func NewTLSClientConfigFactory(opts *ClientOptions) (TLSClientConfigFactory, err
 		// which is okay in environments other than serverless.
 		grpclog.Infof("Access token manager not initialized: %v", err)
 		return &s2aTLSClientConfigFactory{
-			s2av2Address:     opts.S2AAddress,
+			s2av2Address:              opts.S2AAddress,
-			tokenManager:     nil,
+			tokenManager:              nil,
-			verificationMode: getVerificationMode(opts.VerificationMode),
+			verificationMode:          getVerificationMode(opts.VerificationMode),
 			serverAuthorizationPolicy: opts.serverAuthorizationPolicy,
 		}, nil
 	}
 	return &s2aTLSClientConfigFactory{
-		s2av2Address:     opts.S2AAddress,
+		s2av2Address:              opts.S2AAddress,
-		tokenManager:     tokenManager,
+		tokenManager:              tokenManager,
-		verificationMode: getVerificationMode(opts.VerificationMode),
+		verificationMode:          getVerificationMode(opts.VerificationMode),
 		serverAuthorizationPolicy: opts.serverAuthorizationPolicy,
 	}, nil
 }
 type s2aTLSClientConfigFactory struct {
-	s2av2Address     string
+	s2av2Address              string
-	tokenManager     tokenmanager.AccessTokenManager
+	tokenManager              tokenmanager.AccessTokenManager
-	verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode
+	verificationMode          s2av2pb.ValidatePeerCertificateChainReq_VerificationMode
 	serverAuthorizationPolicy []byte
 }
 func (f *s2aTLSClientConfigFactory) Build(
@ -335,7 +338,7 @@ func (f *s2aTLSClientConfigFactory) Build(
 	if opts != nil && opts.ServerName != "" {
 		serverName = opts.ServerName
 	}
-	return v2.NewClientTLSConfig(ctx, f.s2av2Address, f.tokenManager, f.verificationMode, serverName)
+	return v2.NewClientTLSConfig(ctx, f.s2av2Address, f.tokenManager, f.verificationMode, serverName, f.serverAuthorizationPolicy)
 }
 func getVerificationMode(verificationMode VerificationModeType) s2av2pb.ValidatePeerCertificateChainReq_VerificationMode {
@ -385,7 +388,7 @@ func NewS2ADialTLSContextFunc(opts *ClientOptions) func(ctx context.Context, net
 		if err != nil {
 			serverName = addr
 		}
-		timeoutCtx, cancel := context.WithTimeout(ctx, *v2.S2ATimeout)
+		timeoutCtx, cancel := context.WithTimeout(ctx, v2.GetS2ATimeout())
 		defer cancel()
 		s2aTLSConfig, err := factory.Build(timeoutCtx, &TLSClientConfigOptions{
 			ServerName: serverName,
--- a/vendor/github.com/google/s2a-go/s2a_options.go
+++ b/vendor/github.com/google/s2a-go/s2a_options.go
@ -19,11 +19,13 @@
 package s2a
 import (
 	"context"
 	"crypto/tls"
 	"errors"
 	"sync"
 	"github.com/google/s2a-go/fallback"
 	"github.com/google/s2a-go/stream"
 	s2apb "github.com/google/s2a-go/internal/proto/common_go_proto"
 )
@ -125,6 +127,12 @@ type ClientOptions struct {
 	// Optional fallback after dialing with S2A fails.
 	FallbackOpts *FallbackOptions
 	// Generates an S2AStream interface for talking to the S2A server.
 	getS2AStream func(ctx context.Context, s2av2Address string) (stream.S2AStream, error)
 	// Serialized user specified policy for server authorization.
 	serverAuthorizationPolicy []byte
 }
 // FallbackOptions prescribes the fallback logic that should be taken if the application fails to connect with S2A.
@ -170,6 +178,9 @@ type ServerOptions struct {
 	// VerificationMode specifies the mode that S2A must use to verify the
 	// peer certificate chain.
 	VerificationMode VerificationModeType
 	// Generates an S2AStream interface for talking to the S2A server.
 	getS2AStream func(ctx context.Context, s2av2Address string) (stream.S2AStream, error)
 }
 // DefaultServerOptions returns the default server options.
--- a/vendor/github.com/google/s2a-go/stream/s2a_stream.go
+++ b/vendor/github.com/google/s2a-go/stream/s2a_stream.go
@ -0,0 +1,34 @@
 /*
 *
 * Copyright 2023 Google LLC
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 */
 // Package stream provides an interface for bidirectional streaming to the S2A server.
 package stream
 import (
 	s2av2pb "github.com/google/s2a-go/internal/proto/v2/s2a_go_proto"
 )
 // S2AStream defines the operation for communicating with the S2A server over a bidirectional stream.
 type S2AStream interface {
 	// Send sends the message to the S2A server.
 	Send(*s2av2pb.SessionReq) error
 	// Recv receives the message from the S2A server.
 	Recv() (*s2av2pb.SessionResp, error)
 	// Closes the channel to the S2A server.
 	CloseSend() error
 }
--- a/vendor/github.com/gophercloud/gophercloud/CHANGELOG.md
+++ b/vendor/github.com/gophercloud/gophercloud/CHANGELOG.md
@ -1,3 +1,28 @@
 ## v1.4.0 (2023-05-25)
 New features and improvements:
 * [GH-2465](https://github.com/gophercloud/gophercloud/pull/2465) keystone: add v3 limits update operation
 * [GH-2596](https://github.com/gophercloud/gophercloud/pull/2596) keystone: add v3 limits get operation
 * [GH-2618](https://github.com/gophercloud/gophercloud/pull/2618) keystone: add v3 limits delete operation
 * [GH-2616](https://github.com/gophercloud/gophercloud/pull/2616) Add CRUD support for register limit APIs
 * [GH-2610](https://github.com/gophercloud/gophercloud/pull/2610) Add PUT/HEAD/DELETE for identity/v3/OS-INHERIT
 * [GH-2597](https://github.com/gophercloud/gophercloud/pull/2597) Add validation and optimise objects.BulkDelete
 * [GH-2602](https://github.com/gophercloud/gophercloud/pull/2602) [swift v1]: introduce a TempURLKey argument for objects.CreateTempURLOpts struct
 * [GH-2623](https://github.com/gophercloud/gophercloud/pull/2623) Add the ability to remove ingress/egress policies from fwaas_v2 groups
 * [GH-2625](https://github.com/gophercloud/gophercloud/pull/2625) neutron: Support trunk_details extension
 CI changes:
 * [GH-2608](https://github.com/gophercloud/gophercloud/pull/2608) Drop train and ussuri jobs
 * [GH-2589](https://github.com/gophercloud/gophercloud/pull/2589) Bump EmilienM/devstack-action from 0.10 to 0.11
 * [GH-2604](https://github.com/gophercloud/gophercloud/pull/2604) Bump mheap/github-action-required-labels from 3 to 4
 * [GH-2620](https://github.com/gophercloud/gophercloud/pull/2620) Pin goimport dep to a version that works with go 1.14
 * [GH-2619](https://github.com/gophercloud/gophercloud/pull/2619) Fix version comparison for acceptance tests
 * [GH-2627](https://github.com/gophercloud/gophercloud/pull/2627) Limits: Fix ToDo to create registered limit and use it
 * [GH-2629](https://github.com/gophercloud/gophercloud/pull/2629) [manila]: Add share from snapshot restore functional test
 ## v1.3.0 (2023-03-28)
 * [GH-2464](https://github.com/gophercloud/gophercloud/pull/2464) keystone: add v3 limits create operation
--- a/vendor/github.com/gophercloud/gophercloud/openstack/objectstorage/v1/objects/requests.go
+++ b/vendor/github.com/gophercloud/gophercloud/openstack/objectstorage/v1/objects/requests.go
@ -5,7 +5,10 @@ import (
 	"crypto/hmac"
 	"crypto/md5"
 	"crypto/sha1"
 	"crypto/sha256"
 	"crypto/sha512"
 	"fmt"
 	"hash"
 	"io"
 	"io/ioutil"
 	"strings"
@ -17,6 +20,25 @@ import (
 	"github.com/gophercloud/gophercloud/pagination"
 )
 // ErrTempURLKeyNotFound is an error indicating that the Temp URL key was
 // neigther set nor resolved from a container or account metadata.
 type ErrTempURLKeyNotFound struct{ gophercloud.ErrMissingInput }
 func (e ErrTempURLKeyNotFound) Error() string {
 	return "Unable to obtain the Temp URL key."
 }
 // ErrTempURLDigestNotValid is an error indicating that the requested
 // cryptographic hash function is not supported.
 type ErrTempURLDigestNotValid struct {
 	gophercloud.ErrMissingInput
 	Digest string
 }
 func (e ErrTempURLDigestNotValid) Error() string {
 	return fmt.Sprintf("The requested %q digest is not supported.", e.Digest)
 }
 // ListOptsBuilder allows extensions to add additional parameters to the List
 // request.
 type ListOptsBuilder interface {
@ -504,15 +526,20 @@ type HTTPMethod string
 var (
 	// GET represents an HTTP "GET" method.
 	GET HTTPMethod = "GET"
-
+	// HEAD represents an HTTP "HEAD" method.
 	HEAD HTTPMethod = "HEAD"
 	// PUT represents an HTTP "PUT" method.
 	PUT HTTPMethod = "PUT"
 	// POST represents an HTTP "POST" method.
 	POST HTTPMethod = "POST"
 	// DELETE represents an HTTP "DELETE" method.
 	DELETE HTTPMethod = "DELETE"
 )
 // CreateTempURLOpts are options for creating a temporary URL for an object.
 type CreateTempURLOpts struct {
 	// (REQUIRED) Method is the HTTP method to allow for users of the temp URL.
-	// Valid values are "GET" and "POST".
+	// Valid values are "GET", "HEAD", "PUT", "POST" and "DELETE".
 	Method HTTPMethod
 	// (REQUIRED) TTL is the number of seconds the temp URL should be active.
@ -523,8 +550,21 @@ type CreateTempURLOpts struct {
 	// empty, the default OpenStack URL split point will be used ("/v1/").
 	Split string
-	// Timestamp is a timestamp to calculate Temp URL signature. Optional.
+	// (Optional) Timestamp is the current timestamp used to calculate the Temp URL
 	// signature. If not specified, the current UNIX timestamp is used as the base
 	// timestamp.
 	Timestamp time.Time
 	// (Optional) TempURLKey overrides the Swift container or account Temp URL key.
 	// TempURLKey must correspond to a target container/account key, otherwise the
 	// generated link will be invalid. If not specified, the key is obtained from
 	// a Swift container or account.
 	TempURLKey string
 	// (Optional) Digest specifies the cryptographic hash function used to
 	// calculate the signature. Valid values include sha1, sha256, and
 	// sha512. If not specified, the default hash function is sha1.
 	Digest string
 }
 // CreateTempURL is a function for creating a temporary URL for an object. It
@ -541,50 +581,83 @@ func CreateTempURL(c *gophercloud.ServiceClient, containerName, objectName strin
 	}
 	// Initialize time if it was not passed as opts
-	var date time.Time
+	date := opts.Timestamp
-	if opts.Timestamp.IsZero() {
+	if date.IsZero() {
-		date = time.Now().UTC()
+		date = time.Now()
 	} else {
 		date = opts.Timestamp
 	}
 	duration := time.Duration(opts.TTL) * time.Second
 	// UNIX time is always UTC
 	expiry := date.Add(duration).Unix()
-	getHeader, err := containers.Get(c, containerName, nil).Extract()
+
-	if err != nil {
+	// Initialize the tempURLKey to calculate a signature
-		return "", err
+	tempURLKey := opts.TempURLKey
 	}
 	tempURLKey := getHeader.TempURLKey
 	if tempURLKey == "" {
-		// fallback to an account TempURL key
+		// fallback to a container TempURL key
-		getHeader, err := accounts.Get(c, nil).Extract()
+		getHeader, err := containers.Get(c, containerName, nil).Extract()
 		if err != nil {
 			return "", err
 		}
 		tempURLKey = getHeader.TempURLKey
 		if tempURLKey == "" {
 			// fallback to an account TempURL key
 			getHeader, err := accounts.Get(c, nil).Extract()
 			if err != nil {
 				return "", err
 			}
 			tempURLKey = getHeader.TempURLKey
 		}
 		if tempURLKey == "" {
 			return "", ErrTempURLKeyNotFound{}
 		}
 	}
 	secretKey := []byte(tempURLKey)
 	splitPath := strings.Split(url, opts.Split)
 	baseURL, objectPath := splitPath[0], splitPath[1]
 	objectPath = opts.Split + objectPath
 	body := fmt.Sprintf("%s\n%d\n%s", opts.Method, expiry, objectPath)
-	hash := hmac.New(sha1.New, secretKey)
+	var hash hash.Hash
 	switch opts.Digest {
 	case "", "sha1":
 		hash = hmac.New(sha1.New, secretKey)
 	case "sha256":
 		hash = hmac.New(sha256.New, secretKey)
 	case "sha512":
 		hash = hmac.New(sha512.New, secretKey)
 	default:
 		return "", ErrTempURLDigestNotValid{Digest: opts.Digest}
 	}
 	hash.Write([]byte(body))
 	hexsum := fmt.Sprintf("%x", hash.Sum(nil))
 	return fmt.Sprintf("%s%s?temp_url_sig=%s&temp_url_expires=%d", baseURL, objectPath, hexsum, expiry), nil
 }
 // BulkDelete is a function that bulk deletes objects.
 // In Swift, the maximum number of deletes per request is set by default to 10000.
 //
 // See:
 // * https://github.com/openstack/swift/blob/6d3d4197151f44bf28b51257c1a4c5d33411dcae/etc/proxy-server.conf-sample#L1029-L1034
 // * https://github.com/openstack/swift/blob/e8cecf7fcc1630ee83b08f9a73e1e59c07f8d372/swift/common/middleware/bulk.py#L309
 func BulkDelete(c *gophercloud.ServiceClient, container string, objects []string) (r BulkDeleteResult) {
-	// urlencode object names to be on the safe side
+	err := containers.CheckContainerName(container)
-	// https://github.com/openstack/swift/blob/stable/train/swift/common/middleware/bulk.py#L160
+	if err != nil {
-	// https://github.com/openstack/swift/blob/stable/train/swift/common/swob.py#L302
+		r.Err = err
-	encodedObjects := make([]string, len(objects))
+		return
 	for i, v := range objects {
 		encodedObjects[i] = strings.Join([]string{container, v}, "/")
 	}
-	b := strings.NewReader(strings.Join(encodedObjects, "\n") + "\n")
+
-	resp, err := c.Post(bulkDeleteURL(c), b, &r.Body, &gophercloud.RequestOpts{
+	var body bytes.Buffer
 	for i := range objects {
 		if objects[i] == "" {
 			r.Err = fmt.Errorf("object names must not be the empty string")
 			return
 		}
 		body.WriteString(container)
 		body.WriteRune('/')
 		body.WriteString(objects[i])
 		body.WriteRune('\n')
 	}
 	resp, err := c.Post(bulkDeleteURL(c), &body, &r.Body, &gophercloud.RequestOpts{
 		MoreHeaders: map[string]string{
 			"Accept":       "application/json",
 			"Content-Type": "text/plain",
--- a/vendor/github.com/gophercloud/gophercloud/provider_client.go
+++ b/vendor/github.com/gophercloud/gophercloud/provider_client.go
@ -14,7 +14,7 @@ import (
 // DefaultUserAgent is the default User-Agent string set in the request header.
 const (
-	DefaultUserAgent         = "gophercloud/v1.3.0"
+	DefaultUserAgent         = "gophercloud/v1.4.0"
 	DefaultMaxBackoffRetries = 60
 )
--- a/vendor/github.com/scaleway/scaleway-sdk-go/api/iam/v1alpha1/iam_sdk.go
+++ b/vendor/github.com/scaleway/scaleway-sdk-go/api/iam/v1alpha1/iam_sdk.go
@ -496,9 +496,9 @@ type APIKey struct {
 	UpdatedAt *time.Time `json:"updated_at"`
 	// ExpiresAt: date and time of API key expiration.
 	ExpiresAt *time.Time `json:"expires_at"`
-	// DefaultProjectID: the default Project ID specified for this API key.
+	// DefaultProjectID: default Project ID specified for this API key.
 	DefaultProjectID string `json:"default_project_id"`
-	// Editable: whether or not the API key is editable.
+	// Editable: defines whether or not the API key is editable.
 	Editable bool `json:"editable"`
 	// CreationIP: IP address of the device that created the API key.
 	CreationIP string `json:"creation_ip"`
@ -518,7 +518,7 @@ type Application struct {
 	UpdatedAt *time.Time `json:"updated_at"`
 	// OrganizationID: ID of the Organization.
 	OrganizationID string `json:"organization_id"`
-	// Editable: whether or not the application is editable.
+	// Editable: defines whether or not the application is editable.
 	Editable bool `json:"editable"`
 	// NbAPIKeys: number of API keys attributed to the application.
 	NbAPIKeys uint32 `json:"nb_api_keys"`
@ -671,7 +671,7 @@ type Policy struct {
 	CreatedAt *time.Time `json:"created_at"`
 	// UpdatedAt: date and time of last policy update.
 	UpdatedAt *time.Time `json:"updated_at"`
-	// Editable: whether or not a policy is editable.
+	// Editable: defines whether or not a policy is editable.
 	Editable bool `json:"editable"`
 	// NbRules: number of rules of the policy.
 	NbRules uint32 `json:"nb_rules"`
@ -688,7 +688,7 @@ type Policy struct {
 	// ApplicationID: ID of the application attributed to the policy.
 	// Precisely one of ApplicationID, GroupID, NoPrincipal, UserID must be set.
 	ApplicationID *string `json:"application_id,omitempty"`
-	// NoPrincipal: whether or not a policy is attributed to a principal.
+	// NoPrincipal: defines whether or not a policy is attributed to a principal.
 	// Precisely one of ApplicationID, GroupID, NoPrincipal, UserID must be set.
 	NoPrincipal *bool `json:"no_principal,omitempty"`
 }
@ -700,7 +700,7 @@ type Quotum struct {
 	// Limit: maximum limit of the quota.
 	// Precisely one of Limit, Unlimited must be set.
 	Limit *uint64 `json:"limit,omitempty"`
-	// Unlimited: whether or not the quota is unlimited.
+	// Unlimited: defines whether or not the quota is unlimited.
 	// Precisely one of Limit, Unlimited must be set.
 	Unlimited *bool `json:"unlimited,omitempty"`
 }
@ -789,8 +789,10 @@ type User struct {
 	// Status: status of user invitation.
 	// Default value: unknown_status
 	Status UserStatus `json:"status"`
-	// Mfa: whether MFA is enabled.
+	// Mfa: defines whether MFA is enabled.
 	Mfa bool `json:"mfa"`
 	// AccountRootUserID: ID of the account root user associated with the user.
 	AccountRootUserID string `json:"account_root_user_id"`
 }
 // Service API
@ -811,7 +813,7 @@ type ListSSHKeysRequest struct {
 	Name *string `json:"-"`
 	// ProjectID: filter by Project ID.
 	ProjectID *string `json:"-"`
-	// Disabled: whether to include disabled SSH keys or not.
+	// Disabled: defines whether to include disabled SSH keys or not.
 	Disabled *bool `json:"-"`
 }
@ -851,7 +853,7 @@ func (s *API) ListSSHKeys(req *ListSSHKeysRequest, opts ...scw.RequestOption) (*
 }
 type CreateSSHKeyRequest struct {
-	// Name: the name of the SSH key. Max length is 1000.
+	// Name: name of the SSH key. Max length is 1000.
 	Name string `json:"name"`
 	// PublicKey: SSH public key. Currently only the ssh-rsa, ssh-dss (DSA), ssh-ed25519 and ecdsa keys with NIST curves are supported. Max length is 65000.
 	PublicKey string `json:"public_key"`
@ -894,7 +896,7 @@ func (s *API) CreateSSHKey(req *CreateSSHKeyRequest, opts ...scw.RequestOption)
 }
 type GetSSHKeyRequest struct {
-	// SSHKeyID: the ID of the SSH key.
+	// SSHKeyID: ID of the SSH key.
 	SSHKeyID string `json:"-"`
 }
@ -1107,7 +1109,7 @@ type ListApplicationsRequest struct {
 	Name *string `json:"-"`
 	// OrganizationID: ID of the Organization to filter.
 	OrganizationID *string `json:"-"`
-	// Editable: whether to filter out editable applications or not.
+	// Editable: defines whether to filter out editable applications or not.
 	Editable *bool `json:"-"`
 	// ApplicationIDs: filter by list of IDs.
 	ApplicationIDs []string `json:"-"`
@ -1530,6 +1532,44 @@ func (s *API) AddGroupMember(req *AddGroupMemberRequest, opts ...scw.RequestOpti
 	return &resp, nil
 }
 type AddGroupMembersRequest struct {
 	// GroupID: ID of the group.
 	GroupID string `json:"-"`
 	// UserIDs: iDs of the users to add.
 	UserIDs []string `json:"user_ids"`
 	// ApplicationIDs: iDs of the applications to add.
 	ApplicationIDs []string `json:"application_ids"`
 }
 // AddGroupMembers: add multiple users and applications to a group.
 // Add multiple users and applications to a group in a single call. You can specify an array of `user_id`s and `application_id`s. Note that any existing users and applications in the group will remain. To add new users/applications and delete pre-existing ones, use the [Overwrite users and applications of a group](#path-groups-overwrite-users-and-applications-of-a-group) method.
 func (s *API) AddGroupMembers(req *AddGroupMembersRequest, opts ...scw.RequestOption) (*Group, error) {
 	var err error
 	if fmt.Sprint(req.GroupID) == "" {
 		return nil, errors.New("field GroupID cannot be empty in request")
 	}
 	scwReq := &scw.ScalewayRequest{
 		Method:  "POST",
 		Path:    "/iam/v1alpha1/groups/" + fmt.Sprint(req.GroupID) + "/add-members",
 		Headers: http.Header{},
 	}
 	err = scwReq.SetBody(req)
 	if err != nil {
 		return nil, err
 	}
 	var resp Group
 	err = s.client.Do(scwReq, &resp, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return &resp, nil
 }
 type RemoveGroupMemberRequest struct {
 	// GroupID: ID of the group.
 	GroupID string `json:"-"`
@ -1609,15 +1649,15 @@ type ListPoliciesRequest struct {
 	Page *int32 `json:"-"`
 	// OrganizationID: ID of the Organization to filter.
 	OrganizationID *string `json:"-"`
-	// Editable: whether or not filter out editable policies.
+	// Editable: defines whether or not filter out editable policies.
 	Editable *bool `json:"-"`
-	// UserIDs: whether or not to filter by list of user IDs.
+	// UserIDs: defines whether or not to filter by list of user IDs.
 	UserIDs []string `json:"-"`
-	// GroupIDs: whether or not to filter by list of group IDs.
+	// GroupIDs: defines whether or not to filter by list of group IDs.
 	GroupIDs []string `json:"-"`
 	// ApplicationIDs: filter by a list of application IDs.
 	ApplicationIDs []string `json:"-"`
-	// NoPrincipal: whether or not the policy is attributed to a principal.
+	// NoPrincipal: defines whether or not the policy is attributed to a principal.
 	NoPrincipal *bool `json:"-"`
 	// PolicyName: name of the policy to fetch.
 	PolicyName *string `json:"-"`
@ -1679,7 +1719,7 @@ type CreatePolicyRequest struct {
 	// ApplicationID: ID of application attributed to the policy.
 	// Precisely one of ApplicationID, GroupID, NoPrincipal, UserID must be set.
 	ApplicationID *string `json:"application_id,omitempty"`
-	// NoPrincipal: whether or not a policy is attributed to a principal.
+	// NoPrincipal: defines whether or not a policy is attributed to a principal.
 	// Precisely one of ApplicationID, GroupID, NoPrincipal, UserID must be set.
 	NoPrincipal *bool `json:"no_principal,omitempty"`
 }
@ -1763,7 +1803,7 @@ type UpdatePolicyRequest struct {
 	// ApplicationID: new ID of application attributed to the policy.
 	// Precisely one of ApplicationID, GroupID, NoPrincipal, UserID must be set.
 	ApplicationID *string `json:"application_id,omitempty"`
-	// NoPrincipal: whether or not the policy is attributed to a principal.
+	// NoPrincipal: defines whether or not the policy is attributed to a principal.
 	// Precisely one of ApplicationID, GroupID, NoPrincipal, UserID must be set.
 	NoPrincipal *bool `json:"no_principal,omitempty"`
 }
@ -1998,9 +2038,9 @@ type ListAPIKeysRequest struct {
 	ApplicationID *string `json:"-"`
 	// Deprecated: UserID: ID of user that bears the API key.
 	UserID *string `json:"-"`
-	// Editable: whether to filter out editable API keys or not.
+	// Editable: defines whether to filter out editable API keys or not.
 	Editable *bool `json:"-"`
-	// Expired: whether to filter out expired API keys or not.
+	// Expired: defines whether to filter out expired API keys or not.
 	Expired *bool `json:"-"`
 	// AccessKey: filter by access key.
 	AccessKey *string `json:"-"`
@ -2062,9 +2102,9 @@ type CreateAPIKeyRequest struct {
 	UserID *string `json:"user_id,omitempty"`
 	// ExpiresAt: expiration date of the API key.
 	ExpiresAt *time.Time `json:"expires_at"`
-	// DefaultProjectID: the default Project ID to use with Object Storage.
+	// DefaultProjectID: default Project ID to use with Object Storage.
 	DefaultProjectID *string `json:"default_project_id"`
-	// Description: the description of the API key (max length is 200 characters).
+	// Description: description of the API key (max length is 200 characters).
 	Description string `json:"description"`
 }
@ -2125,9 +2165,9 @@ func (s *API) GetAPIKey(req *GetAPIKeyRequest, opts ...scw.RequestOption) (*APIK
 type UpdateAPIKeyRequest struct {
 	// AccessKey: access key to update.
 	AccessKey string `json:"-"`
-	// DefaultProjectID: the new default Project ID to set.
+	// DefaultProjectID: new default Project ID to set.
 	DefaultProjectID *string `json:"default_project_id"`
-	// Description: the new description to update.
+	// Description: new description to update.
 	Description *string `json:"description"`
 }
--- a/vendor/github.com/scaleway/scaleway-sdk-go/api/instance/v1/instance_sdk.go
+++ b/vendor/github.com/scaleway/scaleway-sdk-go/api/instance/v1/instance_sdk.go
@ -1127,7 +1127,7 @@ type SecurityGroup struct {
 	Name string `json:"name"`
 	// Description: security group description.
 	Description string `json:"description"`
-	// EnableDefaultSecurity: true if SMTP is blocked on IPv4 and IPv6.
+	// EnableDefaultSecurity: true if SMTP is blocked on IPv4 and IPv6. This feature is read only, please open a support ticket if you need to make it configurable.
 	EnableDefaultSecurity bool `json:"enable_default_security"`
 	// InboundDefaultPolicy: default inbound policy.
 	// Default value: accept
@ -1777,7 +1777,7 @@ type ListVolumesTypesRequest struct {
 	Page *int32 `json:"-"`
 }
-// ListVolumesTypes: list volumes types.
+// ListVolumesTypes: list volume types.
 // List all volume types and their technical details.
 func (s *API) ListVolumesTypes(req *ListVolumesTypesRequest, opts ...scw.RequestOption) (*ListVolumesTypesResponse, error) {
 	var err error
@ -2309,7 +2309,7 @@ type ServerActionRequest struct {
 //
 // Keep in mind that terminating an Instance will result in the deletion of all attached volumes, including local and block storage.
 // If you want to preserve your local volumes, you should use the `archive` action instead of `terminate`. Similarly, if you want to keep your block storage volumes, you must first detach them before issuing the `terminate` command.
-// For more information, read the [Volumes](#volumes-7e8a39) documentation.
+// For more information, read the [Volumes](#path-volumes-list-volumes) documentation.
 func (s *API) ServerAction(req *ServerActionRequest, opts ...scw.RequestOption) (*ServerActionResponse, error) {
 	var err error
@ -3438,7 +3438,7 @@ type CreateSecurityGroupRequest struct {
 	// OutboundDefaultPolicy: default policy for outbound rules.
 	// Default value: accept
 	OutboundDefaultPolicy SecurityGroupPolicy `json:"outbound_default_policy"`
-	// EnableDefaultSecurity: true to block SMTP on IPv4 and IPv6.
+	// EnableDefaultSecurity: true to block SMTP on IPv4 and IPv6. This feature is read only, please open a support ticket if you need to make it configurable.
 	EnableDefaultSecurity *bool `json:"enable_default_security,omitempty"`
 }
@ -3583,7 +3583,7 @@ type setSecurityGroupRequest struct {
 	ModificationDate *time.Time `json:"modification_date"`
 	// Description: description of the security group.
 	Description string `json:"description"`
-	// EnableDefaultSecurity: true to block SMTP on IPv4 and IPv6.
+	// EnableDefaultSecurity: true to block SMTP on IPv4 and IPv6. This feature is read only, please open a support ticket if you need to make it configurable.
 	EnableDefaultSecurity bool `json:"enable_default_security"`
 	// InboundDefaultPolicy: default inbound policy.
 	// Default value: accept
--- a/vendor/github.com/scaleway/scaleway-sdk-go/api/lb/v1/lb_sdk.go
+++ b/vendor/github.com/scaleway/scaleway-sdk-go/api/lb/v1/lb_sdk.go
@ -963,10 +963,13 @@ type Backend struct {
 	// Deprecated: SendProxyV2: deprecated in favor of proxy_protocol field.
 	SendProxyV2 *bool `json:"send_proxy_v2,omitempty"`
 	// TimeoutServer: maximum allowed time for a backend server to process a request.
 	// Default value: 300000
 	TimeoutServer *time.Duration `json:"timeout_server"`
 	// TimeoutConnect: maximum allowed time for establishing a connection to a backend server.
 	// Default value: 5000
 	TimeoutConnect *time.Duration `json:"timeout_connect"`
 	// TimeoutTunnel: maximum allowed tunnel inactivity time after Websocket is established (takes precedence over client and server timeout).
 	// Default value: 900000
 	TimeoutTunnel *time.Duration `json:"timeout_tunnel"`
 	// OnMarkedDownAction: action to take when a backend server is marked as down.
 	// Default value: on_marked_down_action_none
@ -988,6 +991,10 @@ type Backend struct {
 	RedispatchAttemptCount *int32 `json:"redispatch_attempt_count"`
 	// MaxRetries: number of retries when a backend server connection failed.
 	MaxRetries *int32 `json:"max_retries"`
 	// MaxConnections: maximum number of connections allowed per backend server.
 	MaxConnections *int32 `json:"max_connections"`
 	// TimeoutQueue: maximum time for a request to be left pending in queue when `max_connections` is reached.
 	TimeoutQueue *scw.Duration `json:"timeout_queue"`
 }
 func (m *Backend) UnmarshalJSON(b []byte) error {
@ -1107,6 +1114,7 @@ type Frontend struct {
 	// LB: load Balancer object the frontend is attached to.
 	LB *LB `json:"lb"`
 	// TimeoutClient: maximum allowed inactivity time on the client side.
 	// Default value: 300000
 	TimeoutClient *time.Duration `json:"timeout_client"`
 	// Deprecated: Certificate: certificate, deprecated in favor of certificate_ids array.
 	Certificate *Certificate `json:"certificate,omitempty"`
@ -1157,8 +1165,10 @@ type HealthCheck struct {
 	// Port: port to use for the backend server health check.
 	Port int32 `json:"port"`
 	// CheckDelay: time to wait between two consecutive health checks.
 	// Default value: 3000
 	CheckDelay *time.Duration `json:"check_delay"`
 	// CheckTimeout: maximum time a backend server has to reply to the health check.
 	// Default value: 1000
 	CheckTimeout *time.Duration `json:"check_timeout"`
 	// CheckMaxRetries: number of consecutive unsuccessful health checks after which the server will be considered dead.
 	CheckMaxRetries int32 `json:"check_max_retries"`
@ -1186,6 +1196,7 @@ type HealthCheck struct {
 	// CheckSendProxy: defines whether proxy protocol should be activated for the health check.
 	CheckSendProxy bool `json:"check_send_proxy"`
 	// TransientCheckDelay: time to wait between two consecutive health checks when a backend server is in a transient state (going UP or DOWN).
 	// Default value: 0.5s
 	TransientCheckDelay *scw.Duration `json:"transient_check_delay"`
 }
@ -2226,10 +2237,13 @@ type ZonedAPICreateBackendRequest struct {
 	// Deprecated: SendProxyV2: deprecated in favor of proxy_protocol field.
 	SendProxyV2 *bool `json:"send_proxy_v2,omitempty"`
 	// TimeoutServer: maximum allowed time for a backend server to process a request.
 	// Default value: 300000
 	TimeoutServer *time.Duration `json:"timeout_server"`
 	// TimeoutConnect: maximum allowed time for establishing a connection to a backend server.
 	// Default value: 5000
 	TimeoutConnect *time.Duration `json:"timeout_connect"`
 	// TimeoutTunnel: maximum allowed tunnel inactivity time after Websocket is established (takes precedence over client and server timeout).
 	// Default value: 900000
 	TimeoutTunnel *time.Duration `json:"timeout_tunnel"`
 	// OnMarkedDownAction: action to take when a backend server is marked as down.
 	// Default value: on_marked_down_action_none
@ -2247,6 +2261,10 @@ type ZonedAPICreateBackendRequest struct {
 	RedispatchAttemptCount *int32 `json:"redispatch_attempt_count"`
 	// MaxRetries: number of retries when a backend server connection failed.
 	MaxRetries *int32 `json:"max_retries"`
 	// MaxConnections: maximum number of connections allowed per backend server.
 	MaxConnections *int32 `json:"max_connections"`
 	// TimeoutQueue: maximum time for a request to be left pending in queue when `max_connections` is reached.
 	TimeoutQueue *scw.Duration `json:"timeout_queue"`
 }
 func (m *ZonedAPICreateBackendRequest) UnmarshalJSON(b []byte) error {
@ -2394,10 +2412,13 @@ type ZonedAPIUpdateBackendRequest struct {
 	// Deprecated: SendProxyV2: deprecated in favor of proxy_protocol field.
 	SendProxyV2 *bool `json:"send_proxy_v2,omitempty"`
 	// TimeoutServer: maximum allowed time for a backend server to process a request.
 	// Default value: 300000
 	TimeoutServer *time.Duration `json:"timeout_server"`
 	// TimeoutConnect: maximum allowed time for establishing a connection to a backend server.
 	// Default value: 5000
 	TimeoutConnect *time.Duration `json:"timeout_connect"`
 	// TimeoutTunnel: maximum allowed tunnel inactivity time after Websocket is established (takes precedence over client and server timeout).
 	// Default value: 900000
 	TimeoutTunnel *time.Duration `json:"timeout_tunnel"`
 	// OnMarkedDownAction: action to take when a backend server is marked as down.
 	// Default value: on_marked_down_action_none
@ -2415,6 +2436,10 @@ type ZonedAPIUpdateBackendRequest struct {
 	RedispatchAttemptCount *int32 `json:"redispatch_attempt_count"`
 	// MaxRetries: number of retries when a backend server connection failed.
 	MaxRetries *int32 `json:"max_retries"`
 	// MaxConnections: maximum number of connections allowed per backend server.
 	MaxConnections *int32 `json:"max_connections"`
 	// TimeoutQueue: maximum time for a request to be left pending in queue when `max_connections` is reached.
 	TimeoutQueue *scw.Duration `json:"timeout_queue"`
 }
 func (m *ZonedAPIUpdateBackendRequest) UnmarshalJSON(b []byte) error {
@ -2711,6 +2736,7 @@ type ZonedAPIUpdateHealthCheckRequest struct {
 	// Precisely one of HTTPConfig, HTTPSConfig, LdapConfig, MysqlConfig, PgsqlConfig, RedisConfig, TCPConfig must be set.
 	HTTPSConfig *HealthCheckHTTPSConfig `json:"https_config,omitempty"`
 	// TransientCheckDelay: time to wait between two consecutive health checks when a backend server is in a transient state (going UP or DOWN).
 	// Default value: 0.5s
 	TransientCheckDelay *scw.Duration `json:"transient_check_delay"`
 }
@ -2861,6 +2887,7 @@ type ZonedAPICreateFrontendRequest struct {
 	// BackendID: backend ID (ID of the backend the frontend should pass traffic to).
 	BackendID string `json:"backend_id"`
 	// TimeoutClient: maximum allowed inactivity time on the client side.
 	// Default value: 300000
 	TimeoutClient *time.Duration `json:"timeout_client"`
 	// Deprecated: CertificateID: certificate ID, deprecated in favor of certificate_ids array.
 	CertificateID *string `json:"certificate_id,omitempty"`
@ -2996,6 +3023,7 @@ type ZonedAPIUpdateFrontendRequest struct {
 	// BackendID: backend ID (ID of the backend the frontend should pass traffic to).
 	BackendID string `json:"backend_id"`
 	// TimeoutClient: maximum allowed inactivity time on the client side.
 	// Default value: 300000
 	TimeoutClient *time.Duration `json:"timeout_client"`
 	// Deprecated: CertificateID: certificate ID, deprecated in favor of certificate_ids array.
 	CertificateID *string `json:"certificate_id,omitempty"`
@ -5173,10 +5201,13 @@ type CreateBackendRequest struct {
 	// Deprecated: SendProxyV2: deprecated in favor of proxy_protocol field.
 	SendProxyV2 *bool `json:"send_proxy_v2,omitempty"`
 	// TimeoutServer: maximum allowed time for a backend server to process a request.
 	// Default value: 300000
 	TimeoutServer *time.Duration `json:"timeout_server"`
 	// TimeoutConnect: maximum allowed time for establishing a connection to a backend server.
 	// Default value: 5000
 	TimeoutConnect *time.Duration `json:"timeout_connect"`
 	// TimeoutTunnel: maximum allowed tunnel inactivity time after Websocket is established (takes precedence over client and server timeout).
 	// Default value: 900000
 	TimeoutTunnel *time.Duration `json:"timeout_tunnel"`
 	// OnMarkedDownAction: action to take when a backend server is marked as down.
 	// Default value: on_marked_down_action_none
@ -5194,6 +5225,10 @@ type CreateBackendRequest struct {
 	RedispatchAttemptCount *int32 `json:"redispatch_attempt_count"`
 	// MaxRetries: number of retries when a backend server connection failed.
 	MaxRetries *int32 `json:"max_retries"`
 	// MaxConnections: maximum number of connections allowed per backend server.
 	MaxConnections *int32 `json:"max_connections"`
 	// TimeoutQueue: maximum time for a request to be left pending in queue when `max_connections` is reached.
 	TimeoutQueue *scw.Duration `json:"timeout_queue"`
 }
 func (m *CreateBackendRequest) UnmarshalJSON(b []byte) error {
@ -5339,10 +5374,13 @@ type UpdateBackendRequest struct {
 	// Deprecated: SendProxyV2: deprecated in favor of proxy_protocol field.
 	SendProxyV2 *bool `json:"send_proxy_v2,omitempty"`
 	// TimeoutServer: maximum allowed time for a backend server to process a request.
 	// Default value: 300000
 	TimeoutServer *time.Duration `json:"timeout_server"`
 	// TimeoutConnect: maximum allowed time for establishing a connection to a backend server.
 	// Default value: 5000
 	TimeoutConnect *time.Duration `json:"timeout_connect"`
 	// TimeoutTunnel: maximum allowed tunnel inactivity time after Websocket is established (takes precedence over client and server timeout).
 	// Default value: 900000
 	TimeoutTunnel *time.Duration `json:"timeout_tunnel"`
 	// OnMarkedDownAction: action to take when a backend server is marked as down.
 	// Default value: on_marked_down_action_none
@ -5360,6 +5398,10 @@ type UpdateBackendRequest struct {
 	RedispatchAttemptCount *int32 `json:"redispatch_attempt_count"`
 	// MaxRetries: number of retries when a backend server connection failed.
 	MaxRetries *int32 `json:"max_retries"`
 	// MaxConnections: maximum number of connections allowed per backend server.
 	MaxConnections *int32 `json:"max_connections"`
 	// TimeoutQueue: maximum time for a request to be left pending in queue when `max_connections` is reached.
 	TimeoutQueue *scw.Duration `json:"timeout_queue"`
 }
 func (m *UpdateBackendRequest) UnmarshalJSON(b []byte) error {
@ -5651,6 +5693,7 @@ type UpdateHealthCheckRequest struct {
 	// Precisely one of HTTPConfig, HTTPSConfig, LdapConfig, MysqlConfig, PgsqlConfig, RedisConfig, TCPConfig must be set.
 	HTTPSConfig *HealthCheckHTTPSConfig `json:"https_config,omitempty"`
 	// TransientCheckDelay: time to wait between two consecutive health checks when a backend server is in a transient state (going UP or DOWN).
 	// Default value: 0.5s
 	TransientCheckDelay *scw.Duration `json:"transient_check_delay"`
 }
@ -5799,6 +5842,7 @@ type CreateFrontendRequest struct {
 	// BackendID: backend ID (ID of the backend the frontend should pass traffic to).
 	BackendID string `json:"backend_id"`
 	// TimeoutClient: maximum allowed inactivity time on the client side.
 	// Default value: 300000
 	TimeoutClient *time.Duration `json:"timeout_client"`
 	// Deprecated: CertificateID: certificate ID, deprecated in favor of certificate_ids array.
 	CertificateID *string `json:"certificate_id,omitempty"`
@ -5932,6 +5976,7 @@ type UpdateFrontendRequest struct {
 	// BackendID: backend ID (ID of the backend the frontend should pass traffic to).
 	BackendID string `json:"backend_id"`
 	// TimeoutClient: maximum allowed inactivity time on the client side.
 	// Default value: 300000
 	TimeoutClient *time.Duration `json:"timeout_client"`
 	// Deprecated: CertificateID: certificate ID, deprecated in favor of certificate_ids array.
 	CertificateID *string `json:"certificate_id,omitempty"`
--- a/vendor/github.com/scaleway/scaleway-sdk-go/internal/auth/auth.go
+++ b/vendor/github.com/scaleway/scaleway-sdk-go/internal/auth/auth.go
@ -12,3 +12,18 @@ type Auth interface {
 	// This method could be use for logging purpose.
 	AnonymizedHeaders() http.Header
 }
 type headerAnonymizer func(header http.Header) http.Header
 var headerAnonymizers = []headerAnonymizer{
 	AnonymizeTokenHeaders,
 	AnonymizeJWTHeaders,
 }
 func AnonymizeHeaders(headers http.Header) http.Header {
 	for _, anonymizer := range headerAnonymizers {
 		headers = anonymizer(headers)
 	}
 	return headers
 }
--- a/vendor/github.com/scaleway/scaleway-sdk-go/internal/auth/jwt.go
+++ b/vendor/github.com/scaleway/scaleway-sdk-go/internal/auth/jwt.go
@ -0,0 +1,55 @@
 package auth
 import (
 	"net/http"
 	"strings"
 )
 // JWT is the session token used in browser.
 type JWT struct {
 	Token string
 }
 // XSessionTokenHeader is Scaleway auth header for browser
 const XSessionTokenHeader = "x-session-token" // #nosec G101
 // NewJWT create a token authentication from a jwt
 func NewJWT(token string) *JWT {
 	return &JWT{Token: token}
 }
 // Headers returns headers that must be added to the http request
 func (j *JWT) Headers() http.Header {
 	headers := http.Header{}
 	headers.Set(XSessionTokenHeader, j.Token)
 	return headers
 }
 func AnonymizeJWTHeaders(headers http.Header) http.Header {
 	token := headers.Get(XSessionTokenHeader)
 	if token != "" {
 		headers.Set(XSessionTokenHeader, HideJWT(token))
 	}
 	return headers
 }
 // AnonymizedHeaders returns an anonymized version of Headers()
 // This method could be used for logging purpose.
 func (j *JWT) AnonymizedHeaders() http.Header {
 	return AnonymizeJWTHeaders(j.Headers())
 }
 func HideJWT(token string) string {
 	if len(token) == 0 {
 		return ""
 	}
 	// token should be (header).(payload).(signature)
 	lastDot := strings.LastIndex(token, ".")
 	if lastDot != -1 {
 		token = token[:lastDot]
 	}
 	return token
 }
--- a/vendor/github.com/scaleway/scaleway-sdk-go/internal/generic/fields.go
+++ b/vendor/github.com/scaleway/scaleway-sdk-go/internal/generic/fields.go
@ -0,0 +1,17 @@
 package generic
 import "reflect"
 // HasField returns true if given struct has a field with given name
 // Also allow a slice, it will use the underlying type
 func HasField(i interface{}, fieldName string) bool {
 	value := reflect.Indirect(reflect.ValueOf(i))
 	typ := value.Type()
 	if value.Kind() == reflect.Slice {
 		typ = indirectType(typ.Elem())
 	}
 	_, fieldExists := typ.FieldByName(fieldName)
 	return fieldExists
 }
--- a/vendor/github.com/scaleway/scaleway-sdk-go/internal/generic/ptr.go
+++ b/vendor/github.com/scaleway/scaleway-sdk-go/internal/generic/ptr.go
@ -0,0 +1,11 @@
 package generic
 import "reflect"
 func indirectType(typ reflect.Type) reflect.Type {
 	if typ.Kind() == reflect.Ptr {
 		return typ.Elem()
 	}
 	return typ
 }
--- a/vendor/github.com/scaleway/scaleway-sdk-go/scw/client.go
+++ b/vendor/github.com/scaleway/scaleway-sdk-go/scw/client.go
@ -235,13 +235,12 @@ func (c *Client) do(req *ScalewayRequest, res interface{}) (sdkErr error) {
 	if res != nil {
 		contentType := httpResponse.Header.Get("Content-Type")
-		switch contentType {
+		if strings.HasPrefix(contentType, "application/json") {
 		case "application/json":
 			err = json.NewDecoder(httpResponse.Body).Decode(&res)
 			if err != nil {
 				return errors.Wrap(err, "could not parse %s response body", contentType)
 			}
-		default:
+		} else {
 			buffer, isBuffer := res.(io.Writer)
 			if !isBuffer {
 				return errors.Wrap(err, "could not handle %s response body with %T result type", contentType, buffer)
@ -473,6 +472,10 @@ func (c *Client) doListRegions(req *ScalewayRequest, res interface{}, regions []
 // sortSliceByZones sorts a slice of struct using a Zone field that should exist
 func sortSliceByZones(list interface{}, zones []Zone) {
 	if !generic.HasField(list, "Zone") {
 		return
 	}
 	zoneMap := map[Zone]int{}
 	for i, zone := range zones {
 		zoneMap[zone] = i
@ -484,6 +487,10 @@ func sortSliceByZones(list interface{}, zones []Zone) {
 // sortSliceByRegions sorts a slice of struct using a Region field that should exist
 func sortSliceByRegions(list interface{}, regions []Region) {
 	if !generic.HasField(list, "Region") {
 		return
 	}
 	regionMap := map[Region]int{}
 	for i, region := range regions {
 		regionMap[region] = i
--- a/vendor/github.com/scaleway/scaleway-sdk-go/scw/client_option.go
+++ b/vendor/github.com/scaleway/scaleway-sdk-go/scw/client_option.go
@ -38,6 +38,13 @@ func WithAuth(accessKey, secretKey string) ClientOption {
 	}
 }
 // WithJWT client option sets the client session token.
 func WithJWT(token string) ClientOption {
 	return func(s *settings) {
 		s.token = auth.NewJWT(token)
 	}
 }
 // WithAPIURL client option overrides the API URL of the Scaleway API to the given URL.
 func WithAPIURL(apiURL string) ClientOption {
 	return func(s *settings) {
--- a/vendor/github.com/scaleway/scaleway-sdk-go/scw/errors.go
+++ b/vendor/github.com/scaleway/scaleway-sdk-go/scw/errors.go
@ -102,7 +102,8 @@ func hasResponseError(res *http.Response) error {
 	newErr.RawBody = body
 	// The error content is not encoded in JSON, only returns HTTP data.
-	if res.Header.Get("Content-Type") != "application/json" {
+	contentType := res.Header.Get("Content-Type")
 	if !strings.HasPrefix(contentType, "application/json") {
 		newErr.Message = res.Status
 		return newErr
 	}
--- a/vendor/github.com/scaleway/scaleway-sdk-go/scw/transport.go
+++ b/vendor/github.com/scaleway/scaleway-sdk-go/scw/transport.go
@ -22,7 +22,7 @@ func (l *requestLoggerTransport) RoundTrip(request *http.Request) (*http.Respons
 	originalHeaders := request.Header
 	// Get anonymized headers
-	request.Header = auth.AnonymizeTokenHeaders(request.Header.Clone())
+	request.Header = auth.AnonymizeHeaders(request.Header.Clone())
 	dump, err := httputil.DumpRequestOut(request, true)
 	if err != nil {
--- a/vendor/gomodules.xyz/jsonpatch/v2/jsonpatch.go
+++ b/vendor/gomodules.xyz/jsonpatch/v2/jsonpatch.go
@ -1,7 +1,6 @@
 package jsonpatch
 import (
 	"bytes"
 	"encoding/json"
 	"fmt"
 	"reflect"
@ -24,21 +23,28 @@ func (j *Operation) Json() string {
 }
 func (j *Operation) MarshalJSON() ([]byte, error) {
-	var b bytes.Buffer
+	// Ensure for add and replace we emit `value: null`
-	b.WriteString("{")
+	if j.Value == nil && (j.Operation == "replace" || j.Operation == "add") {
-	b.WriteString(fmt.Sprintf(`"op":"%s"`, j.Operation))
+		return json.Marshal(struct {
-	b.WriteString(fmt.Sprintf(`,"path":"%s"`, j.Path))
+			Operation string      `json:"op"`
-	// Consider omitting Value for non-nullable operations.
+			Path      string      `json:"path"`
-	if j.Value != nil || j.Operation == "replace" || j.Operation == "add" {
+			Value     interface{} `json:"value"`
-		v, err := json.Marshal(j.Value)
+		}{
-		if err != nil {
+			Operation: j.Operation,
-			return nil, err
+			Path:      j.Path,
-		}
+		})
 		b.WriteString(`,"value":`)
 		b.Write(v)
 	}
-	b.WriteString("}")
+	// otherwise just marshal normally. We cannot literally do json.Marshal(j) as it would be recursively
-	return b.Bytes(), nil
+	// calling this function.
 	return json.Marshal(struct {
 		Operation string      `json:"op"`
 		Path      string      `json:"path"`
 		Value     interface{} `json:"value,omitempty"`
 	}{
 		Operation: j.Operation,
 		Path:      j.Path,
 		Value:     j.Value,
 	})
 }
 type ByPath []Operation
@ -149,9 +155,6 @@ func makePath(path string, newPart interface{}) string {
 	if path == "" {
 		return "/" + key
 	}
 	if strings.HasSuffix(path, "/") {
 		return path + key
 	}
 	return path + "/" + key
 }
@ -211,22 +214,18 @@ func handleValues(av, bv interface{}, p string, patch []Operation) ([]Operation,
 		}
 	case []interface{}:
 		bt := bv.([]interface{})
-		if isSimpleArray(at) && isSimpleArray(bt) {
+		n := min(len(at), len(bt))
-			patch = append(patch, compareEditDistance(at, bt, p)...)
+		for i := len(at) - 1; i >= n; i-- {
-		} else {
+			patch = append(patch, NewOperation("remove", makePath(p, i), nil))
-			n := min(len(at), len(bt))
+		}
-			for i := len(at) - 1; i >= n; i-- {
+		for i := n; i < len(bt); i++ {
-				patch = append(patch, NewOperation("remove", makePath(p, i), nil))
+			patch = append(patch, NewOperation("add", makePath(p, i), bt[i]))
-			}
+		}
-			for i := n; i < len(bt); i++ {
+		for i := 0; i < n; i++ {
-				patch = append(patch, NewOperation("add", makePath(p, i), bt[i]))
+			var err error
-			}
+			patch, err = handleValues(at[i], bt[i], makePath(p, i), patch)
-			for i := 0; i < n; i++ {
+			if err != nil {
-				var err error
+				return nil, err
 				patch, err = handleValues(at[i], bt[i], makePath(p, i), patch)
 				if err != nil {
 					return nil, err
 				}
 			}
 		}
 	default:
@ -235,100 +234,9 @@ func handleValues(av, bv interface{}, p string, patch []Operation) ([]Operation,
 	return patch, nil
 }
 func isBasicType(a interface{}) bool {
 	switch a.(type) {
 	case string, float64, bool:
 	default:
 		return false
 	}
 	return true
 }
 func isSimpleArray(a []interface{}) bool {
 	for i := range a {
 		switch a[i].(type) {
 		case string, float64, bool:
 		default:
 			val := reflect.ValueOf(a[i])
 			if val.Kind() == reflect.Map {
 				for _, k := range val.MapKeys() {
 					av := val.MapIndex(k)
 					if av.Kind() == reflect.Ptr || av.Kind() == reflect.Interface {
 						if av.IsNil() {
 							continue
 						}
 						av = av.Elem()
 					}
 					if av.Kind() != reflect.String && av.Kind() != reflect.Float64 && av.Kind() != reflect.Bool {
 						return false
 					}
 				}
 				return true
 			}
 			return false
 		}
 	}
 	return true
 }
 // https://en.wikipedia.org/wiki/Wagner%E2%80%93Fischer_algorithm
 // Adapted from https://github.com/texttheater/golang-levenshtein
 func compareEditDistance(s, t []interface{}, p string) []Operation {
 	m := len(s)
 	n := len(t)
 	d := make([][]int, m+1)
 	for i := 0; i <= m; i++ {
 		d[i] = make([]int, n+1)
 		d[i][0] = i
 	}
 	for j := 0; j <= n; j++ {
 		d[0][j] = j
 	}
 	for j := 1; j <= n; j++ {
 		for i := 1; i <= m; i++ {
 			if reflect.DeepEqual(s[i-1], t[j-1]) {
 				d[i][j] = d[i-1][j-1] // no op required
 			} else {
 				del := d[i-1][j] + 1
 				add := d[i][j-1] + 1
 				rep := d[i-1][j-1] + 1
 				d[i][j] = min(rep, min(add, del))
 			}
 		}
 	}
 	return backtrace(s, t, p, m, n, d)
 }
 func min(x int, y int) int {
 	if y < x {
 		return y
 	}
 	return x
 }
 func backtrace(s, t []interface{}, p string, i int, j int, matrix [][]int) []Operation {
 	if i > 0 && matrix[i-1][j]+1 == matrix[i][j] {
 		op := NewOperation("remove", makePath(p, i-1), nil)
 		return append([]Operation{op}, backtrace(s, t, p, i-1, j, matrix)...)
 	}
 	if j > 0 && matrix[i][j-1]+1 == matrix[i][j] {
 		op := NewOperation("add", makePath(p, i), t[j-1])
 		return append([]Operation{op}, backtrace(s, t, p, i, j-1, matrix)...)
 	}
 	if i > 0 && j > 0 && matrix[i-1][j-1]+1 == matrix[i][j] {
 		if isBasicType(s[0]) {
 			op := NewOperation("replace", makePath(p, i-1), t[j-1])
 			return append([]Operation{op}, backtrace(s, t, p, i-1, j-1, matrix)...)
 		}
 		p2, _ := handleValues(s[i-1], t[j-1], makePath(p, i-1), []Operation{})
 		return append(p2, backtrace(s, t, p, i-1, j-1, matrix)...)
 	}
 	if i > 0 && j > 0 && matrix[i-1][j-1] == matrix[i][j] {
 		return backtrace(s, t, p, i-1, j-1, matrix)
 	}
 	return []Operation{}
 }
--- a/vendor/google.golang.org/api/internal/version.go
+++ b/vendor/google.golang.org/api/internal/version.go
@ -5,4 +5,4 @@
 package internal
 // Version is the current tagged release of the library.
-const Version = "0.123.0"
+const Version = "0.124.0"
--- a/vendor/k8s.io/kube-openapi/pkg/cached/cache.go
+++ b/vendor/k8s.io/kube-openapi/pkg/cached/cache.go
@ -37,8 +37,11 @@ limitations under the License.
 // # Atomicity
 //
 // Most of the operations are not atomic/thread-safe, except for
-// [Replaceable.Replace] which can be performed while the objects
+// [Replaceable.Replace] which can be performed while the objects are
-// are being read.
+// being read. Specifically, `Get` methods are NOT thread-safe. Never
 // call `Get()` without a lock on a multi-threaded environment, since
 // it's usually performing updates to caches that will require write
 // operations.
 //
 // # Etags
 //
@ -97,6 +100,13 @@ func (r Result[T]) Get() Result[T] {
 type Data[T any] interface {
 	// Returns the cached data, as well as an "etag" to identify the
 	// version of the cache, or an error if something happened.
 	//
 	// # Important note
 	//
 	// This method is NEVER thread-safe, never assume it is OK to
 	// call `Get()` without holding a proper mutex in a
 	// multi-threaded environment, especially since `Get()` will
 	// usually update the cache and perform write operations.
 	Get() Result[T]
 }
@ -249,6 +259,13 @@ type Replaceable[T any] struct {
 // previously had returned a success, that success will be returned
 // instead. If the cache fails but we never returned a success, that
 // failure is returned.
 //
 // # Important note
 //
 // As all implementations of Get, this implementation is NOT
 // thread-safe. Please properly lock a mutex before calling this method
 // if you are in a multi-threaded environment, since this method will
 // update the cache and perform write operations.
 func (c *Replaceable[T]) Get() Result[T] {
 	result := (*c.cache.Load()).Get()
 	if result.Err != nil && c.result != nil && c.result.Err == nil {
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@ -94,7 +94,7 @@ github.com/aws/amazon-ec2-instance-selector/v2/pkg/instancetypes
 github.com/aws/amazon-ec2-instance-selector/v2/pkg/selector
 github.com/aws/amazon-ec2-instance-selector/v2/pkg/selector/outputs
 github.com/aws/amazon-ec2-instance-selector/v2/pkg/sorter
-# github.com/aws/aws-sdk-go v1.44.266
+# github.com/aws/aws-sdk-go v1.44.270
 ## explicit; go 1.11
 github.com/aws/aws-sdk-go/aws
 github.com/aws/aws-sdk-go/aws/arn
@ -173,7 +173,7 @@ github.com/beorn7/perks/quantile
 # github.com/blang/semver/v4 v4.0.0
 ## explicit; go 1.14
 github.com/blang/semver/v4
-# github.com/cert-manager/cert-manager v1.12.0
+# github.com/cert-manager/cert-manager v1.12.1
 ## explicit; go 1.20
 github.com/cert-manager/cert-manager/pkg/apis/acme
 github.com/cert-manager/cert-manager/pkg/apis/acme/v1
@ -447,7 +447,7 @@ github.com/google/gofuzz/bytesource
 # github.com/google/logger v1.1.1
 ## explicit; go 1.12
 github.com/google/logger
-# github.com/google/s2a-go v0.1.3
+# github.com/google/s2a-go v0.1.4
 ## explicit; go 1.16
 github.com/google/s2a-go
 github.com/google/s2a-go/fallback
@ -468,6 +468,7 @@ github.com/google/s2a-go/internal/v2
 github.com/google/s2a-go/internal/v2/certverifier
 github.com/google/s2a-go/internal/v2/remotesigner
 github.com/google/s2a-go/internal/v2/tlsconfigstore
 github.com/google/s2a-go/stream
 # github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
 ## explicit; go 1.13
 github.com/google/shlex
@ -484,7 +485,7 @@ github.com/googleapis/gax-go/v2
 github.com/googleapis/gax-go/v2/apierror
 github.com/googleapis/gax-go/v2/apierror/internal/proto
 github.com/googleapis/gax-go/v2/internal
-# github.com/gophercloud/gophercloud v1.3.0
+# github.com/gophercloud/gophercloud v1.4.0
 ## explicit; go 1.14
 github.com/gophercloud/gophercloud
 github.com/gophercloud/gophercloud/openstack
@ -764,7 +765,7 @@ github.com/russross/blackfriday/v2
 # github.com/sahilm/fuzzy v0.1.0
 ## explicit
 github.com/sahilm/fuzzy
-# github.com/scaleway/scaleway-sdk-go v1.0.0-beta.16
+# github.com/scaleway/scaleway-sdk-go v1.0.0-beta.17
 ## explicit; go 1.17
 github.com/scaleway/scaleway-sdk-go/api/iam/v1alpha1
 github.com/scaleway/scaleway-sdk-go/api/instance/v1
@ -930,7 +931,7 @@ golang.org/x/crypto/scrypt
 golang.org/x/crypto/ssh
 golang.org/x/crypto/ssh/agent
 golang.org/x/crypto/ssh/internal/bcrypt_pbkdf
-# golang.org/x/exp v0.0.0-20230519143937-03e91628a987
+# golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1
 ## explicit; go 1.20
 golang.org/x/exp/constraints
 # golang.org/x/mod v0.10.0
@ -1018,10 +1019,10 @@ golang.org/x/tools/internal/pkgbits
 golang.org/x/tools/internal/tokeninternal
 golang.org/x/tools/internal/typeparams
 golang.org/x/tools/internal/typesinternal
-# gomodules.xyz/jsonpatch/v2 v2.2.0
+# gomodules.xyz/jsonpatch/v2 v2.3.0
-## explicit; go 1.12
+## explicit; go 1.20
 gomodules.xyz/jsonpatch/v2
-# google.golang.org/api v0.123.0
+# google.golang.org/api v0.124.0
 ## explicit; go 1.19
 google.golang.org/api/cloudresourcemanager/v1
 google.golang.org/api/compute/v0.alpha
@ -1696,7 +1697,7 @@ k8s.io/klog/v2/internal/dbg
 k8s.io/klog/v2/internal/serialize
 k8s.io/klog/v2/internal/severity
 k8s.io/klog/v2/klogr
-# k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f
+# k8s.io/kube-openapi v0.0.0-20230515203736-54b630e78af5
 ## explicit; go 1.19
 k8s.io/kube-openapi/pkg/builder3/util
 k8s.io/kube-openapi/pkg/cached
@ -1761,7 +1762,7 @@ oras.land/oras-go/pkg/registry/remote/auth
 oras.land/oras-go/pkg/registry/remote/internal/errutil
 oras.land/oras-go/pkg/registry/remote/internal/syncutil
 oras.land/oras-go/pkg/target
-# sigs.k8s.io/controller-runtime v0.15.0-beta.0
+# sigs.k8s.io/controller-runtime v0.15.0
 ## explicit; go 1.20
 sigs.k8s.io/controller-runtime
 sigs.k8s.io/controller-runtime/pkg/builder
@ -1803,8 +1804,8 @@ sigs.k8s.io/controller-runtime/pkg/webhook
 sigs.k8s.io/controller-runtime/pkg/webhook/admission
 sigs.k8s.io/controller-runtime/pkg/webhook/conversion
 sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics
-# sigs.k8s.io/gateway-api v0.6.2
+# sigs.k8s.io/gateway-api v0.7.0
-## explicit; go 1.18
+## explicit; go 1.19
 sigs.k8s.io/gateway-api/apis/v1beta1
 # sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd
 ## explicit; go 1.18
--- a/vendor/sigs.k8s.io/controller-runtime/pkg/webhook/admission/http.go
+++ b/vendor/sigs.k8s.io/controller-runtime/pkg/webhook/admission/http.go
@ -93,7 +93,7 @@ func (wh *Webhook) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		wh.writeResponse(w, reviewResponse)
 		return
 	}
-	wh.getLogger(&req).V(1).Info("received request")
+	wh.getLogger(&req).V(4).Info("received request")
 	reviewResponse = wh.Handle(ctx, req)
 	wh.writeResponseTyped(w, reviewResponse, actualAdmRevGVK)
@ -136,11 +136,11 @@ func (wh *Webhook) writeAdmissionResponse(w io.Writer, ar v1.AdmissionReview) {
 		}
 	} else {
 		res := ar.Response
-		if log := wh.getLogger(nil); log.V(1).Enabled() {
+		if log := wh.getLogger(nil); log.V(4).Enabled() {
 			if res.Result != nil {
 				log = log.WithValues("code", res.Result.Code, "reason", res.Result.Reason, "message", res.Result.Message)
 			}
-			log.V(1).Info("wrote response", "requestID", res.UID, "allowed", res.Allowed)
+			log.V(4).Info("wrote response", "requestID", res.UID, "allowed", res.Allowed)
 		}
 	}
 }
--- a/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/gateway_types.go
+++ b/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/gateway_types.go
@ -41,7 +41,7 @@ type Gateway struct {
 	// Status defines the current state of Gateway.
 	//
-	// +kubebuilder:default={conditions: {{type: "Accepted", status: "Unknown", reason:"NotReconciled", message:"Waiting for controller", lastTransitionTime: "1970-01-01T00:00:00Z"}}}
+	// +kubebuilder:default={conditions: {{type: "Accepted", status: "Unknown", reason:"Pending", message:"Waiting for controller", lastTransitionTime: "1970-01-01T00:00:00Z"},{type: "Programmed", status: "Unknown", reason:"Pending", message:"Waiting for controller", lastTransitionTime: "1970-01-01T00:00:00Z"}}}
 	Status GatewayStatus `json:"status,omitempty"`
 }
@ -488,6 +488,7 @@ type GatewayStatus struct {
 	// Known condition types are:
 	//
 	// * "Accepted"
 	// * "Programmed"
 	// * "Ready"
 	//
 	// +optional
@ -535,6 +536,8 @@ const (
 	//
 	// * "Invalid"
 	// * "Pending"
 	// * "NoResources"
 	// * "AddressNotAssigned"
 	//
 	// Possible reasons for this condition to be Unknown are:
 	//
@ -549,9 +552,20 @@ const (
 	// true.
 	GatewayReasonProgrammed GatewayConditionReason = "Programmed"
-	// This reason is used with the "Programmed" condition when the Listener is
+	// This reason is used with the "Programmed" and "Accepted" conditions when the Gateway is
 	// syntactically or semantically invalid.
 	GatewayReasonInvalid GatewayConditionReason = "Invalid"
 	// This reason is used with the "Programmed" condition when the
 	// Gateway is not scheduled because insufficient infrastructure
 	// resources are available.
 	GatewayReasonNoResources GatewayConditionReason = "NoResources"
 	// This reason is used with the "Programmed" condition when none of the requested
 	// addresses have been assigned to the Gateway. This reason can be used to
 	// express a range of circumstances, including (but not limited to) IPAM
 	// address exhaustion, address not yet allocated, or a named address not being found.
 	GatewayReasonAddressNotAssigned GatewayConditionReason = "AddressNotAssigned"
 )
 const (
@ -563,11 +577,14 @@ const (
 	// Possible reasons for this condition to be True are:
 	//
 	// * "Accepted"
 	// * "ListenersNotValid"
 	//
 	// Possible reasons for this condition to be False are:
 	//
 	// * "Invalid"
 	// * "NotReconciled"
-	// * "NoResources"
+	// * "UnsupportedAddress"
 	// * "ListenersNotValid"
 	//
 	// Possible reasons for this condition to be Unknown are:
 	//
@ -578,76 +595,65 @@ const (
 	// interoperability.
 	GatewayConditionAccepted GatewayConditionType = "Accepted"
 	// Deprecated: use "Accepted" instead.
 	GatewayConditionScheduled GatewayConditionType = "Scheduled"
 	// This reason is used with the "Accepted" condition when the condition is
 	// True.
 	GatewayReasonAccepted GatewayConditionReason = "Accepted"
 	// This reason is used with the "Accepted" condition when one or
 	// more Listeners have an invalid or unsupported configuration
 	// and cannot be configured on the Gateway.
 	// This can be the reason when "Accepted" is "True" or "False", depending on whether
 	// the listener being invalid causes the entire Gateway to not be accepted.
 	GatewayReasonListenersNotValid GatewayConditionReason = "ListenersNotValid"
 	// This reason is used with the "Accepted" and "Programmed"
 	// conditions when the status is "Unknown" and no controller has reconciled
 	// the Gateway.
 	GatewayReasonPending GatewayConditionReason = "Pending"
 	// This reason is used with the "Accepted" condition when the Gateway could not be configured
 	// because the requested address is not supported. This reason could be used in a number of
 	// instances, including:
 	//
 	// * The address is already in use.
 	// * The type of address is not supported by the implementation.
 	GatewaReasonUnsupportedAddress GatewayConditionReason = "UnsupportedAddress"
 )
 const (
 	// Deprecated: use "Accepted" instead.
 	GatewayConditionScheduled GatewayConditionType = "Scheduled"
 	// This reason is used with the "Scheduled" condition when the condition is
 	// True.
 	//
 	// Deprecated: use the "Accepted" condition with reason "Accepted" instead.
 	GatewayReasonScheduled GatewayConditionReason = "Scheduled"
 	// This reason is used with the "Accepted", "Programmed" and "Ready"
 	// conditions when the status is "Unknown" and no controller has reconciled
 	// the Gateway.
 	GatewayReasonPending GatewayConditionReason = "Pending"
 	// Deprecated: Use "Pending" instead.
 	GatewayReasonNotReconciled GatewayConditionReason = "NotReconciled"
 	// This reason is used with the "Accepted" condition when the
 	// Gateway is not scheduled because insufficient infrastructure
 	// resources are available.
 	GatewayReasonNoResources GatewayConditionReason = "NoResources"
 )
 const (
-	// Ready is an optional Condition that has Extended support. When it's set,
+	// "Ready" is a condition type reserved for future use. It should not be used by implementations.
 	// the condition indicates whether the Gateway has been completely configured
 	// and traffic is ready to flow through the data plane immediately.
 	//
-	// If both the "ListenersNotValid" and "ListenersNotReady"
+	// If used in the future, "Ready" will represent the final state where all configuration is confirmed good
-	// reasons are true, the Gateway controller should prefer the
+	// _and has completely propagated to the data plane_. That is, it is a _guarantee_ that, as soon as something
-	// "ListenersNotValid" reason.
+	// sees the Condition as `true`, then connections will be correctly routed _immediately_.
 	//
-	// Possible reasons for this condition to be true are:
+	// This is a very strong guarantee, and to date no implementation has satisfied it enough to implement it.
 	// This reservation can be discussed in the future if necessary.
 	//
-	// * "Ready"
+	// Note: This condition is not really "deprecated", but rather "reserved"; however, deprecated triggers Go linters
-	//
+	// to alert about usage.
-	// Possible reasons for this condition to be False are:
+	// Deprecated: Ready is reserved for future use
 	//
 	// * "ListenersNotValid"
 	// * "ListenersNotReady"
 	// * "AddressNotAssigned"
 	//
 	// Controllers may raise this condition with other reasons,
 	// but should prefer to use the reasons listed above to improve
 	// interoperability.
 	GatewayConditionReady GatewayConditionType = "Ready"
-	// This reason is used with the "Ready" condition when the condition is
+	// Deprecated: Ready is reserved for future use
 	// true.
 	GatewayReasonReady GatewayConditionReason = "Ready"
-	// This reason is used with the "Ready" condition when one or
+	// Deprecated: Ready is reserved for future use
 	// more Listeners have an invalid or unsupported configuration
 	// and cannot be configured on the Gateway.
 	GatewayReasonListenersNotValid GatewayConditionReason = "ListenersNotValid"
 	// This reason is used with the "Ready" condition when one or
 	// more Listeners are not ready to serve traffic.
 	GatewayReasonListenersNotReady GatewayConditionReason = "ListenersNotReady"
 	// This reason is used with the "Ready" condition when none of the requested
 	// addresses have been assigned to the Gateway. This reason can be used to
 	// express a range of circumstances, including (but not limited to) IPAM
 	// address exhaustion, invalid or unsupported address requests, or a named
 	// address not being found.
 	GatewayReasonAddressNotAssigned GatewayConditionReason = "AddressNotAssigned"
 )
 // ListenerStatus is the status associated with a Listener.
@ -744,7 +750,6 @@ const (
 	//
 	// * "PortUnavailable"
 	// * "UnsupportedProtocol"
 	// * "UnsupportedAddress"
 	//
 	// Possible reasons for this condition to be Unknown are:
 	//
@ -780,14 +785,6 @@ const (
 	// Listener could not be attached to be Gateway because its
 	// protocol type is not supported.
 	ListenerReasonUnsupportedProtocol ListenerConditionReason = "UnsupportedProtocol"
 	// This reason is used with the "Accepted" condition when the Listener could
 	// not be attached to the Gateway because the requested address is not
 	// supported. This reason could be used in a number of instances, including:
 	//
 	// * The address is already in use.
 	// * The type of address is not supported by the implementation.
 	ListenerReasonUnsupportedAddress ListenerConditionReason = "UnsupportedAddress"
 )
 const (
@ -869,34 +866,6 @@ const (
 	// This reason is used with the "Programmed" condition when the condition is
 	// true.
 	ListenerReasonProgrammed ListenerConditionReason = "Programmed"
 )
 const (
 	// Ready is an optional Condition that has Extended support. When it's set,
 	// the condition indicates whether the Listener has been configured on the
 	// Gateway and traffic is ready to flow through the data plane immediately.
 	//
 	// Possible reasons for this condition to be True are:
 	//
 	// * "Ready"
 	//
 	// Possible reasons for this condition to be False are:
 	//
 	// * "Invalid"
 	// * "Pending"
 	//
 	// Possible reasons for this condition to be Unknown are:
 	//
 	// * "Pending"
 	//
 	// Controllers may raise this condition with other reasons,
 	// but should prefer to use the reasons listed above to improve
 	// interoperability.
 	ListenerConditionReady ListenerConditionType = "Ready"
 	// This reason is used with the "Ready" condition when the condition is
 	// true.
 	ListenerReasonReady ListenerConditionReason = "Ready"
 	// This reason is used with the "Ready" and "Programmed" conditions when the
 	// Listener is syntactically or semantically invalid.
@ -907,3 +876,22 @@ const (
 	// online and ready to accept client traffic.
 	ListenerReasonPending ListenerConditionReason = "Pending"
 )
 const (
 	// "Ready" is a condition type reserved for future use. It should not be used by implementations.
 	// Note: This condition is not really "deprecated", but rather "reserved"; however, deprecated triggers Go linters
 	// to alert about usage.
 	//
 	// If used in the future, "Ready" will represent the final state where all configuration is confirmed good
 	// _and has completely propagated to the data plane_. That is, it is a _guarantee_ that, as soon as something
 	// sees the Condition as `true`, then connections will be correctly routed _immediately_.
 	//
 	// This is a very strong guarantee, and to date no implementation has satisfied it enough to implement it.
 	// This reservation can be discussed in the future if necessary.
 	//
 	// Deprecated: Ready is reserved for future use
 	ListenerConditionReady ListenerConditionType = "Ready"
 	// Deprecated: Ready is reserved for future use
 	ListenerReasonReady ListenerConditionReason = "Ready"
 )
--- a/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/gatewayclass_types.go
+++ b/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/gatewayclass_types.go
@ -42,7 +42,7 @@ import (
 // If implementations choose to propagate GatewayClass changes to existing
 // Gateways, that MUST be clearly documented by the implementation.
 //
-// Whenever one or more Gateways are using a GatewayClass, implementations MUST
+// Whenever one or more Gateways are using a GatewayClass, implementations SHOULD
 // add the `gateway-exists-finalizer.gateway.networking.k8s.io` finalizer on the
 // associated GatewayClass. This ensures that a GatewayClass associated with a
 // Gateway is not deleted while in use.
--- a/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/httproute_types.go
+++ b/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/httproute_types.go
@ -156,10 +156,13 @@ type HTTPRouteRule struct {
 	// ties. Across all rules specified on applicable Routes, precedence must be
 	// given to the match with the largest number of:
 	//
-	// * Characters in a matching path.
+	// * Characters in a matching "Exact" path match
 	// * Characters in a matching "Prefix" path match
 	// * Header matches.
 	// * Query param matches.
 	//
 	// Note: The precedence of RegularExpression path matches are implementation-specific.
 	//
 	// If ties still exist across multiple Routes, matching precedence MUST be
 	// determined in order of the following criteria, continuing on ties:
 	//
@ -232,6 +235,8 @@ type HTTPRouteRule struct {
 	//
 	// Support: Core for Kubernetes Service
 	//
 	// Support: Extended for Kubernetes ServiceImport
 	//
 	// Support: Implementation-specific for any other resource
 	//
 	// Support for weight: Core
@ -343,12 +348,8 @@ const (
 //
 //   - ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
 //     headers are not currently supported by this type.
-//   - "/invalid" - "/" is an invalid character
+//   - "/invalid" - "/ " is an invalid character
-//
+type HTTPHeaderName HeaderName
 // +kubebuilder:validation:MinLength=1
 // +kubebuilder:validation:MaxLength=256
 // +kubebuilder:validation:Pattern=`^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$`
 type HTTPHeaderName string
 // HTTPHeaderMatch describes how to select a HTTP route by matching HTTP request
 // headers.
@ -449,10 +450,7 @@ type HTTPQueryParamMatch struct {
 	//
 	// Users SHOULD NOT route traffic based on repeated query params to guard
 	// themselves against potential differences in the implementations.
-	//
+	Name HTTPHeaderName `json:"name"`
 	// +kubebuilder:validation:MinLength=1
 	// +kubebuilder:validation:MaxLength=256
 	Name string `json:"name"`
 	// Value is the value of HTTP query param to be matched.
 	//
@ -587,8 +585,7 @@ type HTTPRouteFilter struct {
 	// Reason of `UnsupportedValue`.
 	//
 	// +unionDiscriminator
-	// +kubebuilder:validation:Enum=RequestHeaderModifier;RequestMirror;RequestRedirect;ExtensionRef
+	// +kubebuilder:validation:Enum=RequestHeaderModifier;ResponseHeaderModifier;RequestMirror;RequestRedirect;URLRewrite;ExtensionRef
 	// <gateway:experimental:validation:Enum=RequestHeaderModifier;ResponseHeaderModifier;RequestMirror;RequestRedirect;URLRewrite;ExtensionRef>
 	Type HTTPRouteFilterType `json:"type"`
 	// RequestHeaderModifier defines a schema for a filter that modifies request
@ -605,7 +602,6 @@ type HTTPRouteFilter struct {
 	// Support: Extended
 	//
 	// +optional
 	// <gateway:experimental>
 	ResponseHeaderModifier *HTTPHeaderFilter `json:"responseHeaderModifier,omitempty"`
 	// RequestMirror defines a schema for a filter that mirrors requests.
@ -629,7 +625,6 @@ type HTTPRouteFilter struct {
 	//
 	// Support: Extended
 	//
 	// <gateway:experimental>
 	// +optional
 	URLRewrite *HTTPURLRewriteFilter `json:"urlRewrite,omitempty"`
@ -662,7 +657,6 @@ const (
 	// Support in HTTPRouteRule: Extended
 	//
 	// Support in HTTPBackendRef: Extended
 	// <gateway:experimental>
 	HTTPRouteFilterResponseHeaderModifier HTTPRouteFilterType = "ResponseHeaderModifier"
 	// HTTPRouteFilterRequestRedirect can be used to redirect a request to
@ -683,8 +677,6 @@ const (
 	// Support in HTTPRouteRule: Extended
 	//
 	// Support in HTTPBackendRef: Extended
 	//
 	// <gateway:experimental>
 	HTTPRouteFilterURLRewrite HTTPRouteFilterType = "URLRewrite"
 	// HTTPRouteFilterRequestMirror can be used to mirror HTTP requests to a
@ -821,7 +813,6 @@ const (
 )
 // HTTPPathModifier defines configuration for path modifiers.
 // <gateway:experimental>
 type HTTPPathModifier struct {
 	// Type defines the type of path modifier. Additional types may be
 	// added in a future release of the API.
@ -833,14 +824,12 @@ type HTTPPathModifier struct {
 	// Accepted Condition for the Route to `status: False`, with a
 	// Reason of `UnsupportedValue`.
 	//
 	// <gateway:experimental>
 	// +kubebuilder:validation:Enum=ReplaceFullPath;ReplacePrefixMatch
 	Type HTTPPathModifierType `json:"type"`
 	// ReplaceFullPath specifies the value with which to replace the full path
 	// of a request during a rewrite or redirect.
 	//
 	// <gateway:experimental>
 	// +kubebuilder:validation:MaxLength=1024
 	// +optional
 	ReplaceFullPath *string `json:"replaceFullPath,omitempty"`
@ -855,7 +844,6 @@ type HTTPPathModifier struct {
 	// ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all
 	// match the prefix `/abc`, but the path `/abcd` would not.
 	//
 	// <gateway:experimental>
 	// +kubebuilder:validation:MaxLength=1024
 	// +optional
 	ReplacePrefixMatch *string `json:"replacePrefixMatch,omitempty"`
@ -867,6 +855,9 @@ type HTTPRequestRedirectFilter struct {
 	// Scheme is the scheme to be used in the value of the `Location` header in
 	// the response. When empty, the scheme of the request is used.
 	//
 	// Scheme redirects can affect the port of the redirect, for more information,
 	// refer to the documentation for the port field of this filter.
 	//
 	// Note that values may be added to this enum, implementations
 	// must ensure that unknown values will not cause a crash.
 	//
@ -882,7 +873,7 @@ type HTTPRequestRedirectFilter struct {
 	// Hostname is the hostname to be used in the value of the `Location`
 	// header in the response.
-	// When empty, the hostname of the request is used.
+	// When empty, the hostname in the `Host` header of the request is used.
 	//
 	// Support: Core
 	//
@ -895,13 +886,29 @@ type HTTPRequestRedirectFilter struct {
 	//
 	// Support: Extended
 	//
 	// <gateway:experimental>
 	// +optional
 	Path *HTTPPathModifier `json:"path,omitempty"`
 	// Port is the port to be used in the value of the `Location`
 	// header in the response.
-	// When empty, port (if specified) of the request is used.
+	//
 	// If no port is specified, the redirect port MUST be derived using the
 	// following rules:
 	//
 	// * If redirect scheme is not-empty, the redirect port MUST be the well-known
 	//   port associated with the redirect scheme. Specifically "http" to port 80
 	//   and "https" to port 443. If the redirect scheme does not have a
 	//   well-known port, the listener port of the Gateway SHOULD be used.
 	// * If redirect scheme is empty, the redirect port MUST be the Gateway
 	//   Listener port.
 	//
 	// Implementations SHOULD NOT add the port number in the 'Location'
 	// header in the following cases:
 	//
 	// * A Location header that will use HTTP (whether that is determined via
 	//   the Listener protocol or the Scheme field) _and_ use port 80.
 	// * A Location header that will use HTTPS (whether that is determined via
 	//   the Listener protocol or the Scheme field) _and_ use port 443.
 	//
 	// Support: Extended
 	//
@ -930,15 +937,12 @@ type HTTPRequestRedirectFilter struct {
 // MUST NOT be used on the same Route rule as a HTTPRequestRedirect filter.
 //
 // Support: Extended
 //
 // <gateway:experimental>
 type HTTPURLRewriteFilter struct {
 	// Hostname is the value to be used to replace the Host header value during
 	// forwarding.
 	//
 	// Support: Extended
 	//
 	// <gateway:experimental>
 	// +optional
 	Hostname *PreciseHostname `json:"hostname,omitempty"`
@ -946,7 +950,6 @@ type HTTPURLRewriteFilter struct {
 	//
 	// Support: Extended
 	//
 	// <gateway:experimental>
 	// +optional
 	Path *HTTPPathModifier `json:"path,omitempty"`
 }
--- a/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/object_reference_types.go
+++ b/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/object_reference_types.go
@ -53,7 +53,7 @@ type SecretObjectReference struct {
 	// +kubebuilder:default=""
 	Group *Group `json:"group"`
-	// Kind is kind of the referent. For example "HTTPRoute" or "Service".
+	// Kind is kind of the referent. For example "Secret".
 	//
 	// +optional
 	// +kubebuilder:default=Secret
@ -99,9 +99,21 @@ type BackendObjectReference struct {
 	// +kubebuilder:default=""
 	Group *Group `json:"group,omitempty"`
-	// Kind is kind of the referent. For example "HTTPRoute" or "Service".
+	// Kind is the Kubernetes resource kind of the referent. For example
 	// "Service".
 	//
 	// Defaults to "Service" when not specified.
 	//
 	// ExternalName services can refer to CNAME DNS records that may live
 	// outside of the cluster and as such are difficult to reason about in
 	// terms of conformance. They also may not be safe to forward to (see
 	// CVE-2021-25740 for more information). Implementations SHOULD NOT
 	// support ExternalName Services.
 	//
 	// Support: Core (Services with a type other than ExternalName)
 	//
 	// Support: Implementation-specific (Services with type ExternalName)
 	//
 	// +optional
 	// +kubebuilder:default=Service
 	Kind *Kind `json:"kind,omitempty"`
--- a/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/shared_types.go
+++ b/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/shared_types.go
@ -546,6 +546,14 @@ type AnnotationValue string
 // +kubebuilder:validation:Pattern=`^Hostname|IPAddress|NamedAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$`
 type AddressType string
 // HeaderName is the name of a header or query parameter.
 //
 // +kubebuilder:validation:MinLength=1
 // +kubebuilder:validation:MaxLength=256
 // +kubebuilder:validation:Pattern=`^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$`
 // +k8s:deepcopy-gen=false
 type HeaderName string
 const (
 	// A textual representation of a numeric IP address. IPv4
 	// addresses must be in dotted-decimal form. IPv6 addresses