rebase: Azure key vault module dependency update

This commit adds the Azure SDK for Azure key vault KMS
integration to the Ceph CSI driver.

Signed-off-by: Praveen M <m.praveen@ibm.com>

vendor/github.com/Azure/azure-sdk-for-go/sdk/internal/LICENSE.txt

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) Microsoft Corporation.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE

vendor/github.com/Azure/azure-sdk-for-go/sdk/internal/diag/diag.go

@@ -0,0 +1,51 @@
+//go:build go1.18
+// +build go1.18
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package diag
+
+import (
+	"fmt"
+	"runtime"
+	"strings"
+)
+
+// Caller returns the file and line number of a frame on the caller's stack.
+// If the funtion fails an empty string is returned.
+// skipFrames - the number of frames to skip when determining the caller.
+// Passing a value of 0 will return the immediate caller of this function.
+func Caller(skipFrames int) string {
+	if pc, file, line, ok := runtime.Caller(skipFrames + 1); ok {
+		// the skipFrames + 1 is to skip ourselves
+		frame := runtime.FuncForPC(pc)
+		return fmt.Sprintf("%s()\n\t%s:%d", frame.Name(), file, line)
+	}
+	return ""
+}
+
+// StackTrace returns a formatted stack trace string.
+// If the funtion fails an empty string is returned.
+// skipFrames - the number of stack frames to skip before composing the trace string.
+// totalFrames - the maximum number of stack frames to include in the trace string.
+func StackTrace(skipFrames, totalFrames int) string {
+	pcCallers := make([]uintptr, totalFrames)
+	if frames := runtime.Callers(skipFrames, pcCallers); frames == 0 {
+		return ""
+	}
+	frames := runtime.CallersFrames(pcCallers)
+	sb := strings.Builder{}
+	for {
+		frame, more := frames.Next()
+		sb.WriteString(frame.Function)
+		sb.WriteString("()\n\t")
+		sb.WriteString(frame.File)
+		sb.WriteRune(':')
+		sb.WriteString(fmt.Sprintf("%d\n", frame.Line))
+		if !more {
+			break
+		}
+	}
+	return sb.String()
+}

vendor/github.com/Azure/azure-sdk-for-go/sdk/internal/diag/doc.go

@@ -0,0 +1,7 @@
+//go:build go1.18
+// +build go1.18
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package diag

vendor/github.com/Azure/azure-sdk-for-go/sdk/internal/errorinfo/doc.go

@@ -0,0 +1,7 @@
+//go:build go1.18
+// +build go1.18
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package errorinfo

vendor/github.com/Azure/azure-sdk-for-go/sdk/internal/errorinfo/errorinfo.go

@@ -0,0 +1,46 @@
+//go:build go1.18
+// +build go1.18
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package errorinfo
+
+// NonRetriable represents a non-transient error.  This works in
+// conjunction with the retry policy, indicating that the error condition
+// is idempotent, so no retries will be attempted.
+// Use errors.As() to access this interface in the error chain.
+type NonRetriable interface {
+	error
+	NonRetriable()
+}
+
+// NonRetriableError marks the specified error as non-retriable.
+// This function takes an error as input and returns a new error that is marked as non-retriable.
+func NonRetriableError(err error) error {
+	return &nonRetriableError{err}
+}
+
+// nonRetriableError is a struct that embeds the error interface.
+// It is used to represent errors that should not be retried.
+type nonRetriableError struct {
+	error
+}
+
+// Error method for nonRetriableError struct.
+// It returns the error message of the embedded error.
+func (p *nonRetriableError) Error() string {
+	return p.error.Error()
+}
+
+// NonRetriable is a marker method for nonRetriableError struct.
+// Non-functional and indicates that the error is non-retriable.
+func (*nonRetriableError) NonRetriable() {
+	// marker method
+}
+
+// Unwrap method for nonRetriableError struct.
+// It returns the original error that was marked as non-retriable.
+func (p *nonRetriableError) Unwrap() error {
+	return p.error
+}

vendor/github.com/Azure/azure-sdk-for-go/sdk/internal/exported/exported.go

@@ -0,0 +1,124 @@
+//go:build go1.18
+// +build go1.18
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package exported
+
+import (
+	"errors"
+	"io"
+	"net/http"
+)
+
+// HasStatusCode returns true if the Response's status code is one of the specified values.
+// Exported as runtime.HasStatusCode().
+func HasStatusCode(resp *http.Response, statusCodes ...int) bool {
+	if resp == nil {
+		return false
+	}
+	for _, sc := range statusCodes {
+		if resp.StatusCode == sc {
+			return true
+		}
+	}
+	return false
+}
+
+// PayloadOptions contains the optional values for the Payload func.
+// NOT exported but used by azcore.
+type PayloadOptions struct {
+	// BytesModifier receives the downloaded byte slice and returns an updated byte slice.
+	// Use this to modify the downloaded bytes in a payload (e.g. removing a BOM).
+	BytesModifier func([]byte) []byte
+}
+
+// Payload reads and returns the response body or an error.
+// On a successful read, the response body is cached.
+// Subsequent reads will access the cached value.
+// Exported as runtime.Payload() WITHOUT the opts parameter.
+func Payload(resp *http.Response, opts *PayloadOptions) ([]byte, error) {
+	modifyBytes := func(b []byte) []byte { return b }
+	if opts != nil && opts.BytesModifier != nil {
+		modifyBytes = opts.BytesModifier
+	}
+
+	// r.Body won't be a nopClosingBytesReader if downloading was skipped
+	if buf, ok := resp.Body.(*nopClosingBytesReader); ok {
+		bytesBody := modifyBytes(buf.Bytes())
+		buf.Set(bytesBody)
+		return bytesBody, nil
+	}
+
+	bytesBody, err := io.ReadAll(resp.Body)
+	resp.Body.Close()
+	if err != nil {
+		return nil, err
+	}
+
+	bytesBody = modifyBytes(bytesBody)
+	resp.Body = &nopClosingBytesReader{s: bytesBody}
+	return bytesBody, nil
+}
+
+// PayloadDownloaded returns true if the response body has already been downloaded.
+// This implies that the Payload() func above has been previously called.
+// NOT exported but used by azcore.
+func PayloadDownloaded(resp *http.Response) bool {
+	_, ok := resp.Body.(*nopClosingBytesReader)
+	return ok
+}
+
+// nopClosingBytesReader is an io.ReadSeekCloser around a byte slice.
+// It also provides direct access to the byte slice to avoid rereading.
+type nopClosingBytesReader struct {
+	s []byte
+	i int64
+}
+
+// Bytes returns the underlying byte slice.
+func (r *nopClosingBytesReader) Bytes() []byte {
+	return r.s
+}
+
+// Close implements the io.Closer interface.
+func (*nopClosingBytesReader) Close() error {
+	return nil
+}
+
+// Read implements the io.Reader interface.
+func (r *nopClosingBytesReader) Read(b []byte) (n int, err error) {
+	if r.i >= int64(len(r.s)) {
+		return 0, io.EOF
+	}
+	n = copy(b, r.s[r.i:])
+	r.i += int64(n)
+	return
+}
+
+// Set replaces the existing byte slice with the specified byte slice and resets the reader.
+func (r *nopClosingBytesReader) Set(b []byte) {
+	r.s = b
+	r.i = 0
+}
+
+// Seek implements the io.Seeker interface.
+func (r *nopClosingBytesReader) Seek(offset int64, whence int) (int64, error) {
+	var i int64
+	switch whence {
+	case io.SeekStart:
+		i = offset
+	case io.SeekCurrent:
+		i = r.i + offset
+	case io.SeekEnd:
+		i = int64(len(r.s)) + offset
+	default:
+		return 0, errors.New("nopClosingBytesReader: invalid whence")
+	}
+	if i < 0 {
+		return 0, errors.New("nopClosingBytesReader: negative position")
+	}
+	r.i = i
+	return i, nil
+}

vendor/github.com/Azure/azure-sdk-for-go/sdk/internal/log/doc.go

@@ -0,0 +1,7 @@
+//go:build go1.18
+// +build go1.18
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package log

vendor/github.com/Azure/azure-sdk-for-go/sdk/internal/log/log.go

@@ -0,0 +1,104 @@
+//go:build go1.18
+// +build go1.18
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package log
+
+import (
+	"fmt"
+	"os"
+	"time"
+)
+
+///////////////////////////////////////////////////////////////////////////////////////////////////
+// NOTE: The following are exported as public surface area from azcore.  DO NOT MODIFY
+///////////////////////////////////////////////////////////////////////////////////////////////////
+
+// Event is used to group entries.  Each group can be toggled on or off.
+type Event string
+
+// SetEvents is used to control which events are written to
+// the log.  By default all log events are writen.
+func SetEvents(cls ...Event) {
+	log.cls = cls
+}
+
+// SetListener will set the Logger to write to the specified listener.
+func SetListener(lst func(Event, string)) {
+	log.lst = lst
+}
+
+///////////////////////////////////////////////////////////////////////////////////////////////////
+// END PUBLIC SURFACE AREA
+///////////////////////////////////////////////////////////////////////////////////////////////////
+
+// Should returns true if the specified log event should be written to the log.
+// By default all log events will be logged.  Call SetEvents() to limit
+// the log events for logging.
+// If no listener has been set this will return false.
+// Calling this method is useful when the message to log is computationally expensive
+// and you want to avoid the overhead if its log event is not enabled.
+func Should(cls Event) bool {
+	if log.lst == nil {
+		return false
+	}
+	if log.cls == nil || len(log.cls) == 0 {
+		return true
+	}
+	for _, c := range log.cls {
+		if c == cls {
+			return true
+		}
+	}
+	return false
+}
+
+// Write invokes the underlying listener with the specified event and message.
+// If the event shouldn't be logged or there is no listener then Write does nothing.
+func Write(cls Event, message string) {
+	if !Should(cls) {
+		return
+	}
+	log.lst(cls, message)
+}
+
+// Writef invokes the underlying listener with the specified event and formatted message.
+// If the event shouldn't be logged or there is no listener then Writef does nothing.
+func Writef(cls Event, format string, a ...interface{}) {
+	if !Should(cls) {
+		return
+	}
+	log.lst(cls, fmt.Sprintf(format, a...))
+}
+
+// TestResetEvents is used for TESTING PURPOSES ONLY.
+func TestResetEvents() {
+	log.cls = nil
+}
+
+// logger controls which events to log and writing to the underlying log.
+type logger struct {
+	cls []Event
+	lst func(Event, string)
+}
+
+// the process-wide logger
+var log logger
+
+func init() {
+	initLogging()
+}
+
+// split out for testing purposes
+func initLogging() {
+	if cls := os.Getenv("AZURE_SDK_GO_LOGGING"); cls == "all" {
+		// cls could be enhanced to support a comma-delimited list of log events
+		log.lst = func(cls Event, msg string) {
+			// simple console logger, it writes to stderr in the following format:
+			// [time-stamp] Event: message
+			fmt.Fprintf(os.Stderr, "[%s] %s: %s\n", time.Now().Format(time.StampMicro), cls, msg)
+		}
+	}
+}

vendor/github.com/Azure/azure-sdk-for-go/sdk/internal/poller/util.go

@@ -0,0 +1,155 @@
+//go:build go1.18
+// +build go1.18
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package poller
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net/http"
+	"net/url"
+	"strings"
+
+	"github.com/Azure/azure-sdk-for-go/sdk/internal/exported"
+)
+
+// the well-known set of LRO status/provisioning state values.
+const (
+	StatusSucceeded  = "Succeeded"
+	StatusCanceled   = "Canceled"
+	StatusFailed     = "Failed"
+	StatusInProgress = "InProgress"
+)
+
+// these are non-conformant states that we've seen in the wild.
+// we support them for back-compat.
+const (
+	StatusCancelled = "Cancelled"
+	StatusCompleted = "Completed"
+)
+
+// IsTerminalState returns true if the LRO's state is terminal.
+func IsTerminalState(s string) bool {
+	return Failed(s) || Succeeded(s)
+}
+
+// Failed returns true if the LRO's state is terminal failure.
+func Failed(s string) bool {
+	return strings.EqualFold(s, StatusFailed) || strings.EqualFold(s, StatusCanceled) || strings.EqualFold(s, StatusCancelled)
+}
+
+// Succeeded returns true if the LRO's state is terminal success.
+func Succeeded(s string) bool {
+	return strings.EqualFold(s, StatusSucceeded) || strings.EqualFold(s, StatusCompleted)
+}
+
+// returns true if the LRO response contains a valid HTTP status code
+func StatusCodeValid(resp *http.Response) bool {
+	return exported.HasStatusCode(resp, http.StatusOK, http.StatusAccepted, http.StatusCreated, http.StatusNoContent)
+}
+
+// IsValidURL verifies that the URL is valid and absolute.
+func IsValidURL(s string) bool {
+	u, err := url.Parse(s)
+	return err == nil && u.IsAbs()
+}
+
+// ErrNoBody is returned if the response didn't contain a body.
+var ErrNoBody = errors.New("the response did not contain a body")
+
+// GetJSON reads the response body into a raw JSON object.
+// It returns ErrNoBody if there was no content.
+func GetJSON(resp *http.Response) (map[string]any, error) {
+	body, err := exported.Payload(resp, nil)
+	if err != nil {
+		return nil, err
+	}
+	if len(body) == 0 {
+		return nil, ErrNoBody
+	}
+	// unmarshall the body to get the value
+	var jsonBody map[string]any
+	if err = json.Unmarshal(body, &jsonBody); err != nil {
+		return nil, err
+	}
+	return jsonBody, nil
+}
+
+// provisioningState returns the provisioning state from the response or the empty string.
+func provisioningState(jsonBody map[string]any) string {
+	jsonProps, ok := jsonBody["properties"]
+	if !ok {
+		return ""
+	}
+	props, ok := jsonProps.(map[string]any)
+	if !ok {
+		return ""
+	}
+	rawPs, ok := props["provisioningState"]
+	if !ok {
+		return ""
+	}
+	ps, ok := rawPs.(string)
+	if !ok {
+		return ""
+	}
+	return ps
+}
+
+// status returns the status from the response or the empty string.
+func status(jsonBody map[string]any) string {
+	rawStatus, ok := jsonBody["status"]
+	if !ok {
+		return ""
+	}
+	status, ok := rawStatus.(string)
+	if !ok {
+		return ""
+	}
+	return status
+}
+
+// GetStatus returns the LRO's status from the response body.
+// Typically used for Azure-AsyncOperation flows.
+// If there is no status in the response body the empty string is returned.
+func GetStatus(resp *http.Response) (string, error) {
+	jsonBody, err := GetJSON(resp)
+	if err != nil {
+		return "", err
+	}
+	return status(jsonBody), nil
+}
+
+// GetProvisioningState returns the LRO's state from the response body.
+// If there is no state in the response body the empty string is returned.
+func GetProvisioningState(resp *http.Response) (string, error) {
+	jsonBody, err := GetJSON(resp)
+	if err != nil {
+		return "", err
+	}
+	return provisioningState(jsonBody), nil
+}
+
+// GetResourceLocation returns the LRO's resourceLocation value from the response body.
+// Typically used for Operation-Location flows.
+// If there is no resourceLocation in the response body the empty string is returned.
+func GetResourceLocation(resp *http.Response) (string, error) {
+	jsonBody, err := GetJSON(resp)
+	if err != nil {
+		return "", err
+	}
+	v, ok := jsonBody["resourceLocation"]
+	if !ok {
+		// it might be ok if the field doesn't exist, the caller must make that determination
+		return "", nil
+	}
+	vv, ok := v.(string)
+	if !ok {
+		return "", fmt.Errorf("the resourceLocation value %v was not in string format", v)
+	}
+	return vv, nil
+}

vendor/github.com/Azure/azure-sdk-for-go/sdk/internal/temporal/resource.go

@@ -0,0 +1,123 @@
+//go:build go1.18
+// +build go1.18
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package temporal
+
+import (
+	"sync"
+	"time"
+)
+
+// AcquireResource abstracts a method for refreshing a temporal resource.
+type AcquireResource[TResource, TState any] func(state TState) (newResource TResource, newExpiration time.Time, err error)
+
+// Resource is a temporal resource (usually a credential) that requires periodic refreshing.
+type Resource[TResource, TState any] struct {
+	// cond is used to synchronize access to the shared resource embodied by the remaining fields
+	cond *sync.Cond
+
+	// acquiring indicates that some thread/goroutine is in the process of acquiring/updating the resource
+	acquiring bool
+
+	// resource contains the value of the shared resource
+	resource TResource
+
+	// expiration indicates when the shared resource expires; it is 0 if the resource was never acquired
+	expiration time.Time
+
+	// lastAttempt indicates when a thread/goroutine last attempted to acquire/update the resource
+	lastAttempt time.Time
+
+	// acquireResource is the callback function that actually acquires the resource
+	acquireResource AcquireResource[TResource, TState]
+}
+
+// NewResource creates a new Resource that uses the specified AcquireResource for refreshing.
+func NewResource[TResource, TState any](ar AcquireResource[TResource, TState]) *Resource[TResource, TState] {
+	return &Resource[TResource, TState]{cond: sync.NewCond(&sync.Mutex{}), acquireResource: ar}
+}
+
+// Get returns the underlying resource.
+// If the resource is fresh, no refresh is performed.
+func (er *Resource[TResource, TState]) Get(state TState) (TResource, error) {
+	// If the resource is expiring within this time window, update it eagerly.
+	// This allows other threads/goroutines to keep running by using the not-yet-expired
+	// resource value while one thread/goroutine updates the resource.
+	const window = 5 * time.Minute   // This example updates the resource 5 minutes prior to expiration
+	const backoff = 30 * time.Second // Minimum wait time between eager update attempts
+
+	now, acquire, expired := time.Now(), false, false
+
+	// acquire exclusive lock
+	er.cond.L.Lock()
+	resource := er.resource
+
+	for {
+		expired = er.expiration.IsZero() || er.expiration.Before(now)
+		if expired {
+			// The resource was never acquired or has expired
+			if !er.acquiring {
+				// If another thread/goroutine is not acquiring/updating the resource, this thread/goroutine will do it
+				er.acquiring, acquire = true, true
+				break
+			}
+			// Getting here means that this thread/goroutine will wait for the updated resource
+		} else if er.expiration.Add(-window).Before(now) {
+			// The resource is valid but is expiring within the time window
+			if !er.acquiring && er.lastAttempt.Add(backoff).Before(now) {
+				// If another thread/goroutine is not acquiring/renewing the resource, and none has attempted
+				// to do so within the last 30 seconds, this thread/goroutine will do it
+				er.acquiring, acquire = true, true
+				break
+			}
+			// This thread/goroutine will use the existing resource value while another updates it
+			resource = er.resource
+			break
+		} else {
+			// The resource is not close to expiring, this thread/goroutine should use its current value
+			resource = er.resource
+			break
+		}
+		// If we get here, wait for the new resource value to be acquired/updated
+		er.cond.Wait()
+	}
+	er.cond.L.Unlock() // Release the lock so no threads/goroutines are blocked
+
+	var err error
+	if acquire {
+		// This thread/goroutine has been selected to acquire/update the resource
+		var expiration time.Time
+		var newValue TResource
+		er.lastAttempt = now
+		newValue, expiration, err = er.acquireResource(state)
+
+		// Atomically, update the shared resource's new value & expiration.
+		er.cond.L.Lock()
+		if err == nil {
+			// Update resource & expiration, return the new value
+			resource = newValue
+			er.resource, er.expiration = resource, expiration
+		} else if !expired {
+			// An eager update failed. Discard the error and return the current--still valid--resource value
+			err = nil
+		}
+		er.acquiring = false // Indicate that no thread/goroutine is currently acquiring the resource
+
+		// Wake up any waiting threads/goroutines since there is a resource they can ALL use
+		er.cond.L.Unlock()
+		er.cond.Broadcast()
+	}
+	return resource, err // Return the resource this thread/goroutine can use
+}
+
+// Expire marks the resource as expired, ensuring it's refreshed on the next call to Get().
+func (er *Resource[TResource, TState]) Expire() {
+	er.cond.L.Lock()
+	defer er.cond.L.Unlock()
+
+	// Reset the expiration as if we never got this resource to begin with
+	er.expiration = time.Time{}
+}

vendor/github.com/Azure/azure-sdk-for-go/sdk/internal/uuid/doc.go

@@ -0,0 +1,7 @@
+//go:build go1.18
+// +build go1.18
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package uuid

vendor/github.com/Azure/azure-sdk-for-go/sdk/internal/uuid/uuid.go

@@ -0,0 +1,76 @@
+//go:build go1.18
+// +build go1.18
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package uuid
+
+import (
+	"crypto/rand"
+	"errors"
+	"fmt"
+	"strconv"
+)
+
+// The UUID reserved variants.
+const (
+	reservedRFC4122 byte = 0x40
+)
+
+// A UUID representation compliant with specification in RFC4122 document.
+type UUID [16]byte
+
+// New returns a new UUID using the RFC4122 algorithm.
+func New() (UUID, error) {
+	u := UUID{}
+	// Set all bits to pseudo-random values.
+	// NOTE: this takes a process-wide lock
+	_, err := rand.Read(u[:])
+	if err != nil {
+		return u, err
+	}
+	u[8] = (u[8] | reservedRFC4122) & 0x7F // u.setVariant(ReservedRFC4122)
+
+	var version byte = 4
+	u[6] = (u[6] & 0xF) | (version << 4) // u.setVersion(4)
+	return u, nil
+}
+
+// String returns the UUID in "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" format.
+func (u UUID) String() string {
+	return fmt.Sprintf("%x-%x-%x-%x-%x", u[0:4], u[4:6], u[6:8], u[8:10], u[10:])
+}
+
+// Parse parses a string formatted as "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+// or "{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}" into a UUID.
+func Parse(s string) (UUID, error) {
+	var uuid UUID
+	// ensure format
+	switch len(s) {
+	case 36:
+		// xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+	case 38:
+		// {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}
+		s = s[1:37]
+	default:
+		return uuid, errors.New("invalid UUID format")
+	}
+	if s[8] != '-' || s[13] != '-' || s[18] != '-' || s[23] != '-' {
+		return uuid, errors.New("invalid UUID format")
+	}
+	// parse chunks
+	for i, x := range [16]int{
+		0, 2, 4, 6,
+		9, 11,
+		14, 16,
+		19, 21,
+		24, 26, 28, 30, 32, 34} {
+		b, err := strconv.ParseUint(s[x:x+2], 16, 8)
+		if err != nil {
+			return uuid, fmt.Errorf("invalid UUID format: %s", err)
+		}
+		uuid[i] = byte(b)
+	}
+	return uuid, nil
+}