rebase: bump the github-dependencies group across 1 directory with 9 updates

Bumps the github-dependencies group with 8 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/IBM/keyprotect-go-client](https://github.com/IBM/keyprotect-go-client) | `0.12.2` | `0.14.1` | | [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) | `1.53.14` | `1.54.6` | | [github.com/aws/aws-sdk-go-v2/service/sts](https://github.com/aws/aws-sdk-go-v2) | `1.28.1` | `1.29.1` | | [github.com/hashicorp/vault/api](https://github.com/hashicorp/vault) | `1.12.0` | `1.14.0` | | [github.com/kubernetes-csi/csi-lib-utils](https://github.com/kubernetes-csi/csi-lib-utils) | `0.17.0` | `0.18.1` | | [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) | `2.17.1` | `2.19.0` | | [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) | `1.18.0` | `1.19.1` | | [github.com/Azure/azure-sdk-for-go/sdk/azidentity](https://github.com/Azure/azure-sdk-for-go) | `1.6.0` | `1.7.0` | Updates `github.com/IBM/keyprotect-go-client` from 0.12.2 to 0.14.1 - [Release notes](https://github.com/IBM/keyprotect-go-client/releases) - [Changelog](https://github.com/IBM/keyprotect-go-client/blob/master/CHANGELOG.md) - [Commits](https://github.com/IBM/keyprotect-go-client/compare/v0.12.2...v0.14.1) Updates `github.com/aws/aws-sdk-go` from 1.53.14 to 1.54.6 - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.53.14...v1.54.6) Updates `github.com/aws/aws-sdk-go-v2/service/sts` from 1.28.1 to 1.29.1 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/ecr/v1.28.1...service/s3/v1.29.1) Updates `github.com/hashicorp/vault/api` from 1.12.0 to 1.14.0 - [Release notes](https://github.com/hashicorp/vault/releases) - [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md) - [Commits](https://github.com/hashicorp/vault/compare/v1.12.0...v1.14.0) Updates `github.com/kubernetes-csi/csi-lib-utils` from 0.17.0 to 0.18.1 - [Release notes](https://github.com/kubernetes-csi/csi-lib-utils/releases) - [Commits](https://github.com/kubernetes-csi/csi-lib-utils/compare/v0.17.0...v0.18.1) Updates `github.com/onsi/ginkgo/v2` from 2.17.1 to 2.19.0 - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.17.1...v2.19.0) Updates `github.com/onsi/gomega` from 1.32.0 to 1.33.1 - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.32.0...v1.33.1) Updates `github.com/prometheus/client_golang` from 1.18.0 to 1.19.1 - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](https://github.com/prometheus/client_golang/compare/v1.18.0...v1.19.1) Updates `github.com/Azure/azure-sdk-for-go/sdk/azidentity` from 1.6.0 to 1.7.0 - [Release notes](https://github.com/Azure/azure-sdk-for-go/releases) - [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md) - [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/azcore/v1.6.0...sdk/azcore/v1.7.0) --- updated-dependencies: - dependency-name: github.com/IBM/keyprotect-go-client dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-dependencies - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-dependencies - dependency-name: github.com/aws/aws-sdk-go-v2/service/sts dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-dependencies - dependency-name: github.com/hashicorp/vault/api dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-dependencies - dependency-name: github.com/kubernetes-csi/csi-lib-utils dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-dependencies - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-dependencies - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-dependencies - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-dependencies - dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azidentity dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
2025-06-13 10:33:35 +00:00 · 2024-06-24 20:58:34 +00:00
parent 29dde7abc2
commit 171ba6a65d
193 changed files with 6071 additions and 2336 deletions
--- a/vendor/github.com/IBM/keyprotect-go-client/.travis.yml
+++ b/vendor/github.com/IBM/keyprotect-go-client/.travis.yml
@ -1,6 +1,6 @@
 language: go

-dist: bionic
+dist: jammy

 go:
 - 1.17.x
@ -13,7 +13,6 @@ env:

 before_install:
  - sudo apt-get update
-  - pyenv global 3.8

 before_script:
  - GO111MODULE=off go get -u github.com/haya14busa/goverage
@ -27,6 +26,9 @@ script:
  - $GOPATH/bin/goverage -v -race -coverprofile=cover.out $(go list ./... | grep -v '/vendor|/scripts')
  - go tool cover -func=cover.out
  - go tool cover -html=cover.out -o=cover.html
+ # these steps are to make sure that node will properly install for semantic release.
+  - nvm install node
+  - npm install -g npm

 # To enable semantic-release, uncomment these sections.
 before_deploy:
--- a/vendor/github.com/IBM/keyprotect-go-client/CONTRIBUTING.md
+++ b/vendor/github.com/IBM/keyprotect-go-client/CONTRIBUTING.md
@ -11,6 +11,10 @@ please open a [Github Issue](https://github.com/IBM/keyprotect-go-client/issues)

 For your pull request to be merged, it must meet the criteria of a "correct patch", and also
 be fully reviewed and approved by two Maintainer level contributors.
+The PR should be named with the proper prefix to satisfy the semantic release. 
+- `fix(build):` for patch version bump (0.0.x)
+- `feat(build):` for minor version bump (0.x.0)
+- `perf(build):` for major version bump (x.0.0)

 A correct patch is defined as the following:

--- a/vendor/github.com/IBM/keyprotect-go-client/instances.go
+++ b/vendor/github.com/IBM/keyprotect-go-client/instances.go
@ -61,14 +61,14 @@ type PolicyData struct {

 // Attributes contains the details of an instance policy
 type Attributes struct {
-	AllowedNetwork    *string     `json:"allowed_network,omitempty"`
-	AllowedIP         IPAddresses `json:"allowed_ip,omitempty"`
-	CreateRootKey     *bool       `json:"create_root_key,omitempty"`
-	CreateStandardKey *bool       `json:"create_standard_key,omitempty"`
-	ImportRootKey     *bool       `json:"import_root_key,omitempty"`
-	ImportStandardKey *bool       `json:"import_standard_key,omitempty"`
-	EnforceToken      *bool       `json:"enforce_token,omitempty"`
-	IntervalMonth     *int        `json:"interval_month,omitempty"`
+	AllowedNetwork    *string      `json:"allowed_network,omitempty"`
+	AllowedIP         *IPAddresses `json:"allowed_ip,omitempty"`
+	CreateRootKey     *bool        `json:"create_root_key,omitempty"`
+	CreateStandardKey *bool        `json:"create_standard_key,omitempty"`
+	ImportRootKey     *bool        `json:"import_root_key,omitempty"`
+	ImportStandardKey *bool        `json:"import_standard_key,omitempty"`
+	EnforceToken      *bool        `json:"enforce_token,omitempty"`
+	IntervalMonth     *int         `json:"interval_month,omitempty"`
 }

 // IPAddresses ...
@ -313,7 +313,8 @@ func (c *Client) SetAllowedIPInstancePolicy(ctx context.Context, enable bool, al
 	// The IP address validation is performed by the key protect service.
 	if enable && len(allowedIPs) != 0 {
 		policy.PolicyData.Attributes = &Attributes{}
-		policy.PolicyData.Attributes.AllowedIP = allowedIPs
+		ips := IPAddresses(allowedIPs)
+		policy.PolicyData.Attributes.AllowedIP = &ips
 	} else if enable && len(allowedIPs) == 0 {
 		return fmt.Errorf("Please provide at least 1 IP subnet specified with CIDR notation")
 	} else if !enable && len(allowedIPs) != 0 {
@ -445,17 +446,21 @@ type AllowedNetworkPolicyData struct {
 // AllowedIPPolicyData defines the attribute input for the Allowed IP instance policy
 type AllowedIPPolicyData struct {
 	Enabled     bool
-	IPAddresses IPAddresses
+	IPAddresses *IPAddresses
 }

 // KeyAccessInstancePolicyData defines the attribute input for the Key Create Import Access instance policy
 type KeyCreateImportAccessInstancePolicy struct {
-	Enabled           bool
-	CreateRootKey     bool
-	CreateStandardKey bool
-	ImportRootKey     bool
-	ImportStandardKey bool
-	EnforceToken      bool
+	Enabled    bool
+	Attributes *KeyCreateImportAccessInstancePolicyAttributes
+}
+
+type KeyCreateImportAccessInstancePolicyAttributes struct {
+	CreateRootKey     *bool
+	CreateStandardKey *bool
+	ImportRootKey     *bool
+	ImportStandardKey *bool
+	EnforceToken      *bool
 }

 type RotationPolicyData struct {
@ -492,6 +497,7 @@ func (c *Client) SetInstancePolicies(ctx context.Context, policies MultiplePolic
 			PolicyType: AllowedNetwork,
 			PolicyData: PolicyData{
 				Enabled: &(policies.AllowedNetwork.Enabled),
+				// due to legacy reasons, the allowed_network policy requires attribute to always be specified
 				Attributes: &Attributes{
 					AllowedNetwork: &(policies.AllowedNetwork.Network),
 				},
@ -527,16 +533,19 @@ func (c *Client) SetInstancePolicies(ctx context.Context, policies MultiplePolic
 		policy := InstancePolicy{
 			PolicyType: KeyCreateImportAccess,
 			PolicyData: PolicyData{
-				Enabled:    &(policies.KeyCreateImportAccess.Enabled),
-				Attributes: &Attributes{},
+				Enabled: &(policies.KeyCreateImportAccess.Enabled),
 			},
 		}

-		policy.PolicyData.Attributes.CreateRootKey = &policies.KeyCreateImportAccess.CreateRootKey
-		policy.PolicyData.Attributes.CreateStandardKey = &policies.KeyCreateImportAccess.CreateStandardKey
-		policy.PolicyData.Attributes.ImportRootKey = &policies.KeyCreateImportAccess.ImportRootKey
-		policy.PolicyData.Attributes.ImportStandardKey = &policies.KeyCreateImportAccess.ImportStandardKey
-		policy.PolicyData.Attributes.EnforceToken = &policies.KeyCreateImportAccess.EnforceToken
+		if attr := policies.KeyCreateImportAccess.Attributes; attr != nil {
+			policy.PolicyData.Attributes = &Attributes{
+				CreateRootKey:     attr.CreateRootKey,
+				CreateStandardKey: attr.CreateStandardKey,
+				ImportRootKey:     attr.ImportRootKey,
+				ImportStandardKey: attr.ImportStandardKey,
+				EnforceToken:      attr.EnforceToken,
+			}
+		}

 		resPolicies = append(resPolicies, policy)
 	}
--- a/vendor/github.com/IBM/keyprotect-go-client/key_rings.go
+++ b/vendor/github.com/IBM/keyprotect-go-client/key_rings.go
@ -9,7 +9,7 @@ import (
 )

 const (
-	path = "key_rings"
+	keyRingPath = "key_rings"
 )

 type KeyRing struct {
@ -28,7 +28,7 @@ type KeyRings struct {
 // https://cloud.ibm.com/docs/key-protect?topic=key-protect-managing-key-rings#create-key-ring-api
 func (c *Client) CreateKeyRing(ctx context.Context, id string) error {

-	req, err := c.newRequest("POST", fmt.Sprintf(path+"/%s", id), nil)
+	req, err := c.newRequest("POST", fmt.Sprintf(keyRingPath+"/%s", id), nil)
 	if err != nil {
 		return err
 	}
@ -46,7 +46,7 @@ func (c *Client) CreateKeyRing(ctx context.Context, id string) error {
 // https://cloud.ibm.com/docs/key-protect?topic=key-protect-managing-key-rings#list-key-ring-api
 func (c *Client) GetKeyRings(ctx context.Context) (*KeyRings, error) {
 	rings := KeyRings{}
-	req, err := c.newRequest("GET", path, nil)
+	req, err := c.newRequest("GET", keyRingPath, nil)
 	if err != nil {
 		return nil, err
 	}
@ -73,7 +73,7 @@ func WithForce(force bool) DeleteKeyRingQueryOption {
 // For information please refer to the link below:
 // https://cloud.ibm.com/docs/key-protect?topic=key-protect-managing-key-rings#delete-key-ring-api
 func (c *Client) DeleteKeyRing(ctx context.Context, id string, opts ...DeleteKeyRingQueryOption) error {
-	req, err := c.newRequest("DELETE", fmt.Sprintf(path+"/%s", id), nil)
+	req, err := c.newRequest("DELETE", fmt.Sprintf(keyRingPath+"/%s", id), nil)
 	for _, opt := range opts {
 		opt(req)
 	}
--- a/vendor/github.com/IBM/keyprotect-go-client/kmip_mgmt_adapters.go
+++ b/vendor/github.com/IBM/keyprotect-go-client/kmip_mgmt_adapters.go
@ -0,0 +1,164 @@
+package kp
+
+import (
+	"context"
+	"fmt"
+	"time"
+)
+
+const (
+	kmipAdapterPath = "kmip_adapters"
+	kmipAdapterType = "application/vnd.ibm.kms.kmip_adapter+json"
+)
+
+type KMIPAdapter struct {
+	ID          string            `json:"id,omitempty"`
+	Profile     string            `json:"profile,omitempty"`
+	ProfileData map[string]string `json:"profile_data,omitempty"`
+	Name        string            `json:"name,omitempty"`
+	Description string            `json:"description"`
+	CreatedBy   string            `json:"created_by,omitempty"`
+	CreatedAt   *time.Time        `json:"created_at,omitempty"`
+	UpdatedBy   string            `json:"updated_by,omitempty"`
+	UpdatedAt   *time.Time        `json:"updated_at,omitempty"`
+}
+
+type KMIPAdapters struct {
+	Metadata CollectionMetadata `json:"metadata"`
+	Adapters []KMIPAdapter      `json:"resources"`
+}
+
+const (
+	KMIP_Profile_Native = "native_1.0"
+)
+
+// CreateKMIPAdapter method creates a KMIP Adapter with the specified profile.
+func (c *Client) CreateKMIPAdapter(ctx context.Context, profileOpt CreateKMIPAdapterProfile, options ...CreateKMIPAdapterOption) (*KMIPAdapter, error) {
+	newAdapter := &KMIPAdapter{}
+	profileOpt(newAdapter)
+	for _, opt := range options {
+		opt(newAdapter)
+	}
+	req, err := c.newRequest("POST", kmipAdapterPath, wrapKMIPAdapter(*newAdapter))
+	if err != nil {
+		return nil, err
+	}
+
+	create_resp := &KMIPAdapters{}
+	_, err = c.do(ctx, req, create_resp)
+	if err != nil {
+		return nil, err
+	}
+	return unwrapKMIPAdapterResp(create_resp), nil
+}
+
+// Functions to be passed into the CreateKMIPAdapter() method to specify specific fields.
+type CreateKMIPAdapterOption func(*KMIPAdapter)
+type CreateKMIPAdapterProfile func(*KMIPAdapter)
+
+func WithKMIPAdapterName(name string) CreateKMIPAdapterOption {
+	return func(adapter *KMIPAdapter) {
+		adapter.Name = name
+	}
+}
+
+func WithKMIPAdapterDescription(description string) CreateKMIPAdapterOption {
+	return func(adapter *KMIPAdapter) {
+		adapter.Description = description
+	}
+}
+
+func WithNativeProfile(crkID string) CreateKMIPAdapterProfile {
+	return func(adapter *KMIPAdapter) {
+		adapter.Profile = KMIP_Profile_Native
+
+		adapter.ProfileData = map[string]string{
+			"crk_id": crkID,
+		}
+	}
+}
+
+type ListKmipAdaptersOptions struct {
+	Limit      *uint32
+	Offset     *uint32
+	TotalCount *bool
+	CrkID      *string
+}
+
+// GetKMIPAdapters method lists KMIP Adapters associated with a specific KP instance.
+func (c *Client) GetKMIPAdapters(ctx context.Context, listOpts *ListKmipAdaptersOptions) (*KMIPAdapters, error) {
+	adapters := KMIPAdapters{}
+	req, err := c.newRequest("GET", kmipAdapterPath, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	if listOpts != nil {
+		values := req.URL.Query()
+		if listOpts.Limit != nil {
+			values.Set("limit", fmt.Sprint(*listOpts.Limit))
+		}
+		if listOpts.Offset != nil {
+			values.Set("offset", fmt.Sprint(*listOpts.Offset))
+		}
+		if listOpts.TotalCount != nil {
+			values.Set("totalCount", fmt.Sprint(*listOpts.TotalCount))
+		}
+		if listOpts.CrkID != nil {
+			values.Set("crk_id", *listOpts.CrkID)
+		}
+		req.URL.RawQuery = values.Encode()
+	}
+
+	_, err = c.do(ctx, req, &adapters)
+	if err != nil {
+		return nil, err
+	}
+
+	return &adapters, nil
+}
+
+// GetKMIPAdapter method retrieves a single KMIP Adapter by name or ID.
+func (c *Client) GetKMIPAdapter(ctx context.Context, nameOrID string) (*KMIPAdapter, error) {
+	adapters := KMIPAdapters{}
+	req, err := c.newRequest("GET", fmt.Sprintf("%s/%s", kmipAdapterPath, nameOrID), nil)
+	if err != nil {
+		return nil, err
+	}
+
+	_, err = c.do(ctx, req, &adapters)
+	if err != nil {
+		return nil, err
+	}
+
+	return unwrapKMIPAdapterResp(&adapters), nil
+}
+
+// DeletesKMIPAdapter method deletes a single KMIP Adapter by name or ID.
+func (c *Client) DeleteKMIPAdapter(ctx context.Context, nameOrID string) error {
+	req, err := c.newRequest("DELETE", fmt.Sprintf("%s/%s", kmipAdapterPath, nameOrID), nil)
+	if err != nil {
+		return err
+	}
+
+	_, err = c.do(ctx, req, nil)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func wrapKMIPAdapter(adapter KMIPAdapter) KMIPAdapters {
+	return KMIPAdapters{
+		Metadata: CollectionMetadata{
+			CollectionType:  kmipAdapterType,
+			CollectionTotal: 1,
+		},
+		Adapters: []KMIPAdapter{adapter},
+	}
+}
+
+func unwrapKMIPAdapterResp(resp *KMIPAdapters) *KMIPAdapter {
+	return &resp.Adapters[0]
+}
--- a/vendor/github.com/IBM/keyprotect-go-client/kmip_mgmt_certs.go
+++ b/vendor/github.com/IBM/keyprotect-go-client/kmip_mgmt_certs.go
@ -0,0 +1,136 @@
+package kp
+
+import (
+	"context"
+	"fmt"
+	"time"
+)
+
+const (
+	kmipClientCertSubPath = "certificates"
+	kmipClientCertType    = "application/vnd.ibm.kms.kmip_client_certificate+json"
+)
+
+type KMIPClientCertificate struct {
+	ID          string     `json:"id,omitempty"`
+	Name        string     `json:"name,omitempty"`
+	Certificate string     `json:"certificate,omitempty"`
+	CreatedBy   string     `json:"created_by,omitempty"`
+	CreatedAt   *time.Time `json:"created_at,omitempty"`
+}
+
+type KMIPClientCertificates struct {
+	Metadata     CollectionMetadata      `json:"metadata"`
+	Certificates []KMIPClientCertificate `json:"resources"`
+}
+
+// CreateKMIPClientCertificate registers/creates a KMIP PEM format certificate
+// for use with a specific KMIP adapter.
+// cert_payload is the string representation of
+// the certificate to be associated with the KMIP Adapter in PEM format.
+// It should explicitly have the BEGIN CERTIFICATE and END CERTIFICATE tags.
+// Regex: ^\s*-----BEGIN CERTIFICATE-----[A-Za-z0-9+\/\=\r\n]+-----END CERTIFICATE-----\s*$
+func (c *Client) CreateKMIPClientCertificate(ctx context.Context, adapter_nameOrID, cert_payload string, opts ...CreateKMIPClientCertOption) (*KMIPClientCertificate, error) {
+	newCert := &KMIPClientCertificate{
+		Certificate: cert_payload,
+	}
+	for _, opt := range opts {
+		opt(newCert)
+	}
+	req, err := c.newRequest("POST", fmt.Sprintf("%s/%s/%s", kmipAdapterPath, adapter_nameOrID, kmipClientCertSubPath), wrapKMIPClientCert(*newCert))
+	if err != nil {
+		return nil, err
+	}
+	certResp := &KMIPClientCertificates{}
+	_, err = c.do(ctx, req, certResp)
+	if err != nil {
+		return nil, err
+	}
+
+	return unwrapKMIPClientCert(certResp), nil
+}
+
+type CreateKMIPClientCertOption func(*KMIPClientCertificate)
+
+func WithKMIPClientCertName(name string) CreateKMIPClientCertOption {
+	return func(cert *KMIPClientCertificate) {
+		cert.Name = name
+	}
+}
+
+// GetKMIPClientCertificates lists all certificates associated with a KMIP adapter
+func (c *Client) GetKMIPClientCertificates(ctx context.Context, adapter_nameOrID string, listOpts *ListOptions) (*KMIPClientCertificates, error) {
+	certs := KMIPClientCertificates{}
+	req, err := c.newRequest("GET", fmt.Sprintf("%s/%s/%s", kmipAdapterPath, adapter_nameOrID, kmipClientCertSubPath), nil)
+	if err != nil {
+		return nil, err
+	}
+
+	if listOpts != nil {
+		values := req.URL.Query()
+		if listOpts.Limit != nil {
+			values.Set("limit", fmt.Sprint(*listOpts.Limit))
+		}
+		if listOpts.Offset != nil {
+			values.Set("offset", fmt.Sprint(*listOpts.Offset))
+		}
+		if listOpts.TotalCount != nil {
+			values.Set("totalCount", fmt.Sprint(*listOpts.TotalCount))
+		}
+		req.URL.RawQuery = values.Encode()
+	}
+
+	_, err = c.do(ctx, req, &certs)
+	if err != nil {
+		return nil, err
+	}
+
+	return &certs, nil
+}
+
+// GetKMIPClientCertificate gets a single certificate associated with a KMIP adapter
+func (c *Client) GetKMIPClientCertificate(ctx context.Context, adapter_nameOrID, cert_nameOrID string) (*KMIPClientCertificate, error) {
+	certs := &KMIPClientCertificates{}
+	req, err := c.newRequest("GET", fmt.Sprintf("%s/%s/%s/%s",
+		kmipAdapterPath, adapter_nameOrID, kmipClientCertSubPath, cert_nameOrID), nil)
+	if err != nil {
+		return nil, err
+	}
+
+	_, err = c.do(ctx, req, certs)
+	if err != nil {
+		return nil, err
+	}
+
+	return unwrapKMIPClientCert(certs), nil
+}
+
+// DeleteKMIPClientCertificate deletes a single certificate
+func (c *Client) DeleteKMIPClientCertificate(ctx context.Context, adapter_nameOrID, cert_nameOrID string) error {
+	req, err := c.newRequest("DELETE", fmt.Sprintf("%s/%s/%s/%s",
+		kmipAdapterPath, adapter_nameOrID, kmipClientCertSubPath, cert_nameOrID), nil)
+	if err != nil {
+		return err
+	}
+
+	_, err = c.do(ctx, req, nil)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func wrapKMIPClientCert(cert KMIPClientCertificate) KMIPClientCertificates {
+	return KMIPClientCertificates{
+		Metadata: CollectionMetadata{
+			CollectionType:  kmipClientCertType,
+			CollectionTotal: 1,
+		},
+		Certificates: []KMIPClientCertificate{cert},
+	}
+}
+
+func unwrapKMIPClientCert(certs *KMIPClientCertificates) *KMIPClientCertificate {
+	return &certs.Certificates[0]
+}
--- a/vendor/github.com/IBM/keyprotect-go-client/kmip_mgmt_objects.go
+++ b/vendor/github.com/IBM/keyprotect-go-client/kmip_mgmt_objects.go
@ -0,0 +1,122 @@
+package kp
+
+import (
+	"context"
+	"fmt"
+	"strconv"
+	"strings"
+	"time"
+)
+
+const (
+	kmipObjectSubPath = "kmip_objects"
+	kmipObjectType    = "application/vnd.ibm.kms.kmip_object+json"
+)
+
+type KMIPObject struct {
+	ID                string     `json:"id,omitempty"`
+	KMIPObjectType    int        `json:"kmip_object_type,omitempty"`
+	ObjectState       int        `json:"state,omitempty"`
+	CreatedByCertID   string     `json:"created_by_kmip_client_cert_id,omitempty"`
+	CreatedBy         string     `json:"created_by,omitempty"`
+	CreatedAt         *time.Time `json:"created_at,omitempty"`
+	UpdatedByCertID   string     `json:"updated_by_kmip_client_cert_id,omitempty"`
+	UpdatedBy         string     `json:"updated_by,omitempty"`
+	UpdatedAt         *time.Time `json:"updated_at,omitempty"`
+	DestroyedByCertID string     `json:"destroyed_by_kmip_client_cert_id,omitempty"`
+	DestroyedBy       string     `json:"destroyed_by,omitempty"`
+	DestroyedAt       *time.Time `json:"destroyed_at,omitempty"`
+}
+
+type KMIPObjects struct {
+	Metadata CollectionMetadata `json:"metadata"`
+	Objects  []KMIPObject       `json:"resources"`
+}
+
+type ListKmipObjectsOptions struct {
+	Limit             *uint32
+	Offset            *uint32
+	TotalCount        *bool
+	ObjectStateFilter *[]int32
+}
+
+func (c *Client) GetKMIPObjects(ctx context.Context, adapter_id string, listOpts *ListKmipObjectsOptions) (*KMIPObjects, error) {
+	objects := KMIPObjects{}
+	req, err := c.newRequest("GET", fmt.Sprintf("%s/%s/%s", kmipAdapterPath, adapter_id, kmipObjectSubPath), nil)
+	if err != nil {
+		return nil, err
+	}
+
+	if listOpts != nil {
+		values := req.URL.Query()
+		if listOpts.Limit != nil {
+			values.Set("limit", fmt.Sprint(*listOpts.Limit))
+		}
+		if listOpts.Offset != nil {
+			values.Set("offset", fmt.Sprint(*listOpts.Offset))
+		}
+		if listOpts.TotalCount != nil {
+			values.Set("totalCount", fmt.Sprint(*listOpts.TotalCount))
+		}
+		if listOpts.ObjectStateFilter != nil {
+			var stateStrs []string
+			for _, i := range *listOpts.ObjectStateFilter {
+				stateStrs = append(stateStrs, strconv.FormatInt(int64(i), 10))
+			}
+			values.Set("state", strings.Join(stateStrs, ","))
+		}
+		req.URL.RawQuery = values.Encode()
+	}
+
+	_, err = c.do(ctx, req, &objects)
+	if err != nil {
+		return nil, err
+	}
+
+	return &objects, nil
+}
+
+func (c *Client) GetKMIPObject(ctx context.Context, adapter_id, object_id string) (*KMIPObject, error) {
+	objects := &KMIPObjects{}
+	req, err := c.newRequest("GET", fmt.Sprintf("%s/%s/%s/%s",
+		kmipAdapterPath, adapter_id, kmipObjectSubPath, object_id), nil)
+	if err != nil {
+		return nil, err
+	}
+
+	_, err = c.do(ctx, req, objects)
+	if err != nil {
+		return nil, err
+	}
+
+	return unwrapKMIPObject(objects), nil
+}
+
+func (c *Client) DeleteKMIPObject(ctx context.Context, adapter_id, object_id string) error {
+	req, err := c.newRequest("DELETE", fmt.Sprintf("%s/%s/%s/%s",
+		kmipAdapterPath, adapter_id, kmipObjectSubPath, object_id), nil)
+	if err != nil {
+		return err
+	}
+
+	_, err = c.do(ctx, req, nil)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func wrapKMIPObject(object KMIPObject) KMIPObjects {
+	return KMIPObjects{
+		Metadata: CollectionMetadata{
+			CollectionType:  kmipObjectType,
+			CollectionTotal: 1,
+		},
+		Objects: []KMIPObject{object},
+	}
+}
+
+func unwrapKMIPObject(objects *KMIPObjects) *KMIPObject {
+	return &objects.Objects[0]
+}
--- a/vendor/github.com/IBM/keyprotect-go-client/kp.go
+++ b/vendor/github.com/IBM/keyprotect-go-client/kp.go
@ -23,7 +23,6 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net/http"
 	"net/url"
 	"strings"
@ -276,7 +275,7 @@ func (c *Client) do(ctx context.Context, req *http.Request, res interface{}) (*h
 	}
 	defer response.Body.Close()

-	resBody, err := ioutil.ReadAll(response.Body)
+	resBody, err := io.ReadAll(response.Body)
 	redact := []string{c.Config.APIKey, req.Header.Get("authorization")}
 	c.Dump(req, response, []byte{}, resBody, c.Logger, redact)
 	if err != nil {
@ -515,3 +514,17 @@ func redact(s string, redactStrings []string) string {
 func noredact(s string, redactStrings []string) string {
 	return s
 }
+
+// Collection Metadata is generic and can be shared between multiple resource types
+type CollectionMetadata struct {
+	CollectionType  string `json:"collectionType"`
+	CollectionTotal int    `json:"collectionTotal"`
+	TotalCount      int    `json:"totalCount,omitempty"`
+}
+
+// ListsOptions struct to add the query parameters for list functions. Extensible.
+type ListOptions struct {
+	Limit      *uint32
+	Offset     *uint32
+	TotalCount *bool
+}