Merge pull request #145 from ceph/devel

Sync downstream devel with upstream devel

build.env

@@ -35,7 +35,7 @@ SNAPSHOT_VERSION=v6.1.0
 #GO_COVER_DIR=_output/
 
 # helm chart generation, testing and publishing
-HELM_VERSION=v3.9.2
+HELM_VERSION=v3.10.1
 
 # minikube settings
 MINIKUBE_VERSION=v1.27.0
@@ -52,7 +52,7 @@ CSI_ATTACHER_VERSION=v4.0.0
 CSI_SNAPSHOTTER_VERSION=v6.1.0
 CSI_RESIZER_VERSION=v1.6.0
 CSI_PROVISIONER_VERSION=v3.3.0
-CSI_NODE_DRIVER_REGISTRAR_VERSION=v2.5.1
+CSI_NODE_DRIVER_REGISTRAR_VERSION=v2.6.0
 
 # e2e settings
 # - enable CEPH_CSI_RUN_ALL_TESTS when running tests with if it has root

charts/ceph-csi-cephfs/README.md

@@ -85,6 +85,7 @@ charts and their default values.
 | `serviceAccounts.provisioner.create`           | Specifies whether a provisioner ServiceAccount should be created                                                                                     | `true`                                             |
 | `serviceAccounts.provisioner.name`             | The name of the provisioner ServiceAccount of provisioner to use. If not set and create is true, a name is generated using the fullname              | ""                                                 |
 | `csiConfig`                                    | Configuration for the CSI to connect to the cluster                                                                                                  | []                                                 |
+| `commonLabels`                                 | Labels to apply to all resources                                                               | `{}`                                                  |
 | `logLevel`                                     | Set logging level for csi containers. Supported values from 0 to 5. 0 for general useful logs, 5 for trace level verbosity.                          | `5`                                                |
 | `sidecarLogLevel`                              | Set logging level for csi sidecar containers. Supported values from 0 to 5. 0 for general useful logs, 5 for trace level verbosity.                  | `1`                                                |
 | `nodeplugin.name`                              | Specifies the nodeplugin name                                                                                                                        | `nodeplugin`                                       |
@@ -92,7 +93,7 @@ charts and their default values.
 | `nodeplugin.priorityClassName`                 | Set user created priorityclassName for csi plugin pods. default is system-node-critical which is highest priority                                    | `system-node-critical`                             |
 | `nodeplugin.profiling.enabled`                 | Specifies whether profiling should be enabled                                                                                                        | `false`                                            |
 | `nodeplugin.registrar.image.repository`        | Node-Registrar image repository URL                                                                                                                  | `registry.k8s.io/sig-storage/csi-node-driver-registrar` |
-| `nodeplugin.registrar.image.tag`               | Image tag                                                                                                                                            | `v2.5.1`                                           |
+| `nodeplugin.registrar.image.tag`               | Image tag                                                                                                                                            | `v2.6.0`                                           |
 | `nodeplugin.registrar.image.pullPolicy`        | Image pull policy                                                                                                                                    | `IfNotPresent`                                     |
 | `nodeplugin.plugin.image.repository`           | Nodeplugin image repository URL                                                                                                                      | `quay.io/cephcsi/cephcsi`                          |
 | `nodeplugin.plugin.image.tag`                  | Image tag                                                                                                                                            | `canary`                                           |

charts/ceph-csi-cephfs/templates/ceph-conf.yaml

@@ -9,6 +9,7 @@ metadata:
     component: {{ .Values.nodeplugin.name }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
+    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
 data:
   ceph.conf: |
 {{ tpl .Values.cephconf . | indent 4 }}

charts/ceph-csi-cephfs/templates/csiplugin-configmap.yaml

@@ -10,6 +10,7 @@ metadata:
     component: {{ .Values.provisioner.name }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
+    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
 data:
   config.json: |-
 {{ toJson .Values.csiConfig | indent 4 -}}

charts/ceph-csi-cephfs/templates/nodeplugin-daemonset.yaml

@@ -9,6 +9,7 @@ metadata:
     component: {{ .Values.nodeplugin.name }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
+    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
 spec:
   selector:
     matchLabels:
@@ -25,6 +26,7 @@ spec:
         component: {{ .Values.nodeplugin.name }}
         release: {{ .Release.Name }}
         heritage: {{ .Release.Service }}
+        {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 8 }}{{- end }}
     spec:
       serviceAccountName: {{ include "ceph-csi-cephfs.serviceAccountName.nodeplugin" . }}
 {{- if .Values.nodeplugin.priorityClassName }}

charts/ceph-csi-cephfs/templates/nodeplugin-http-service.yaml

@@ -14,6 +14,7 @@ metadata:
     component: {{ .Values.nodeplugin.name }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
+    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
 spec:
 {{- if .Values.nodeplugin.httpMetrics.service.clusterIP }}
   clusterIP: "{{ .Values.nodeplugin.httpMetrics.service.clusterIP }}"

charts/ceph-csi-cephfs/templates/nodeplugin-serviceaccount.yaml

@@ -10,4 +10,5 @@ metadata:
     component: {{ .Values.nodeplugin.name }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
+    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
 {{- end -}}

charts/ceph-csi-cephfs/templates/provisioner-clusterrole.yaml

@@ -9,6 +9,7 @@ metadata:
     component: {{ .Values.provisioner.name }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
+    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
 rules:
   - apiGroups: [""]
     resources: ["secrets"]

charts/ceph-csi-cephfs/templates/provisioner-clusterrolebinding.yaml

@@ -9,6 +9,7 @@ metadata:
     component: {{ .Values.provisioner.name }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
+    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
 subjects:
   - kind: ServiceAccount
     name: {{ include "ceph-csi-cephfs.serviceAccountName.provisioner" . }}

charts/ceph-csi-cephfs/templates/provisioner-deployment.yaml

@@ -9,6 +9,7 @@ metadata:
     component: {{ .Values.provisioner.name }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
+    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
 spec:
   replicas: {{ .Values.provisioner.replicaCount }}
   strategy:
@@ -30,6 +31,7 @@ spec:
         component: {{ .Values.provisioner.name }}
         release: {{ .Release.Name }}
         heritage: {{ .Release.Service }}
+        {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 8 }}{{- end }}
     spec:
 {{- if gt (int .Values.provisioner.replicaCount) 1 }}
       affinity:

charts/ceph-csi-cephfs/templates/provisioner-http-service.yaml

@@ -14,6 +14,7 @@ metadata:
     component: {{ .Values.provisioner.name }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
+    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
 spec:
 {{- if .Values.provisioner.httpMetrics.service.clusterIP }}
   clusterIP: "{{ .Values.provisioner.httpMetrics.service.clusterIP }}"

charts/ceph-csi-cephfs/templates/provisioner-role.yaml

@@ -10,6 +10,7 @@ metadata:
     component: {{ .Values.provisioner.name }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
+    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
 rules:
   - apiGroups: [""]
     resources: ["configmaps"]

charts/ceph-csi-cephfs/templates/provisioner-rolebinding.yaml

@@ -10,6 +10,7 @@ metadata:
     component: {{ .Values.provisioner.name }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
+    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
 subjects:
   - kind: ServiceAccount
     name: {{ include "ceph-csi-cephfs.serviceAccountName.provisioner" . }}

charts/ceph-csi-cephfs/templates/provisioner-serviceaccount.yaml

@@ -10,4 +10,5 @@ metadata:
     component: {{ .Values.provisioner.name }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
+    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
 {{- end -}}

charts/ceph-csi-cephfs/templates/secret.yaml

@@ -9,6 +9,7 @@ metadata:
     chart: {{ include "ceph-csi-cephfs.chart" . }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
+    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
 stringData:
   adminID: {{ .Values.secret.adminID }}
   adminKey: {{ .Values.secret.adminKey }}

charts/ceph-csi-cephfs/templates/storageclass.yaml

@@ -12,6 +12,7 @@ metadata:
     chart: {{ include "ceph-csi-cephfs.chart" . }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
+    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
 provisioner: {{ .Values.driverName }}
 parameters:
   clusterID: {{ .Values.storageClass.clusterID }}

charts/ceph-csi-cephfs/values.yaml

@@ -30,6 +30,9 @@ serviceAccounts:
 #       netNamespaceFilePath: "{{ .kubeletDir }}/plugins/{{ .driverName }}/net"
 csiConfig: []
 
+# Labels to apply to all resources
+commonLabels: {}
+
 # Set logging level for csi containers.
 # Supported values from 0 to 5. 0 for general useful logs,
 # 5 for trace level verbosity.
@@ -84,7 +87,7 @@ nodeplugin:
   registrar:
     image:
       repository: registry.k8s.io/sig-storage/csi-node-driver-registrar
-      tag: v2.5.1
+      tag: v2.6.0
       pullPolicy: IfNotPresent
     resources: {}
 

charts/ceph-csi-rbd/README.md

@@ -87,6 +87,7 @@ charts and their default values.
 | `csiConfig`                                    | Configuration for the CSI to connect to the cluster                                                                                                  | []                                                 |
 | `csiMapping`                                   | Configuration details of clusterID,PoolID,FscID mapping                                                                                              | []                                                 |
 | `encryptionKMSConfig`                          | Configuration for the encryption KMS                                                                                                                 | `{}`                                               |
+| `commonLabels`                                 | Labels to apply to all resources                                                                  | `{}`                                                  |
 | `logLevel`                                     | Set logging level for csi containers. Supported values from 0 to 5. 0 for general useful logs, 5 for trace level verbosity.                          | `5`                                                |
 | `sidecarLogLevel`                              | Set logging level for csi sidecar containers. Supported values from 0 to 5. 0 for general useful logs, 5 for trace level verbosity.                  | `1`                                                |
 | `nodeplugin.name`                              | Specifies the nodeplugins name                                                                                                                       | `nodeplugin`                                       |
@@ -94,7 +95,7 @@ charts and their default values.
 | `nodeplugin.priorityClassName`                 | Set user created priorityclassName for csi plugin pods. default is system-node-critical which is highest priority                                    | `system-node-critical`                             |
 | `nodeplugin.profiling.enabled`                 | Specifies whether profiling should be enabled                                                                                                        | `false`                                            |
 | `nodeplugin.registrar.image.repository`        | Node Registrar image repository URL                                                                                                                  | `registry.k8s.io/sig-storage/csi-node-driver-registrar` |
-| `nodeplugin.registrar.image.tag`               | Image tag                                                                                                                                            | `v2.5.1`                                           |
+| `nodeplugin.registrar.image.tag`               | Image tag                                                                                                                                            | `v2.6.0`                                           |
 | `nodeplugin.registrar.image.pullPolicy`        | Image pull policy                                                                                                                                    | `IfNotPresent`                                     |
 | `nodeplugin.plugin.image.repository`           | Nodeplugin image repository URL                                                                                                                      | `quay.io/cephcsi/cephcsi`                          |
 | `nodeplugin.plugin.image.tag`                  | Image tag                                                                                                                                            | `canary`                                           |

charts/ceph-csi-rbd/templates/ceph-conf.yaml

@@ -9,6 +9,7 @@ metadata:
     component: {{ .Values.nodeplugin.name }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
+    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
 data:
   ceph.conf: |
 {{ tpl .Values.cephconf . | indent 4 }}

charts/ceph-csi-rbd/templates/csiplugin-configmap.yaml

@@ -10,6 +10,7 @@ metadata:
     component: {{ .Values.nodeplugin.name }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
+    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
 data:
   config.json: |-
 {{ toJson .Values.csiConfig | indent 4 }}

charts/ceph-csi-rbd/templates/encryptionkms-configmap.yaml

@@ -9,6 +9,7 @@ metadata:
     component: {{ .Values.nodeplugin.name }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
+    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
 data:
   config.json: |-
 {{ toJson .Values.encryptionKMSConfig | indent 4 -}}

charts/ceph-csi-rbd/templates/nodeplugin-clusterrole.yaml

@@ -9,6 +9,7 @@ metadata:
     component: {{ .Values.nodeplugin.name }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
+    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
 rules:
 {{- if .Values.topology.enabled }}
   - apiGroups: [""]

charts/ceph-csi-rbd/templates/nodeplugin-clusterrolebinding.yaml

@@ -9,6 +9,7 @@ metadata:
     component: {{ .Values.nodeplugin.name }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
+    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
 subjects:
   - kind: ServiceAccount
     name: {{ include "ceph-csi-rbd.serviceAccountName.nodeplugin" . }}

charts/ceph-csi-rbd/templates/nodeplugin-daemonset.yaml

@@ -9,6 +9,7 @@ metadata:
     component: {{ .Values.nodeplugin.name }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
+    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
 spec:
   selector:
     matchLabels:
@@ -25,6 +26,7 @@ spec:
         component: {{ .Values.nodeplugin.name }}
         release: {{ .Release.Name }}
         heritage: {{ .Release.Service }}
+        {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 8 }}{{- end }}
     spec:
       serviceAccountName: {{ include "ceph-csi-rbd.serviceAccountName.nodeplugin" . }}
       hostNetwork: true

charts/ceph-csi-rbd/templates/nodeplugin-http-service.yaml

@@ -14,6 +14,7 @@ metadata:
     component: {{ .Values.nodeplugin.name }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
+    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
 spec:
 {{- if .Values.nodeplugin.httpMetrics.service.clusterIP }}
   clusterIP: "{{ .Values.nodeplugin.httpMetrics.service.clusterIP }}"

charts/ceph-csi-rbd/templates/nodeplugin-serviceaccount.yaml

@@ -10,4 +10,5 @@ metadata:
     component: {{ .Values.nodeplugin.name }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
+    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
 {{- end -}}

charts/ceph-csi-rbd/templates/provisioner-clusterrole.yaml

@@ -9,6 +9,7 @@ metadata:
     component: {{ .Values.provisioner.name }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
+    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
 rules:
   - apiGroups: [""]
     resources: ["secrets"]

charts/ceph-csi-rbd/templates/provisioner-clusterrolebinding.yaml

@@ -9,6 +9,7 @@ metadata:
     component: {{ .Values.provisioner.name }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
+    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
 subjects:
   - kind: ServiceAccount
     name: {{ include "ceph-csi-rbd.serviceAccountName.provisioner" . }}

charts/ceph-csi-rbd/templates/provisioner-deployment.yaml

@@ -9,6 +9,7 @@ metadata:
     component: {{ .Values.provisioner.name }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
+    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
 spec:
   replicas: {{ .Values.provisioner.replicaCount }}
   strategy:
@@ -30,6 +31,7 @@ spec:
         component: {{ .Values.provisioner.name }}
         release: {{ .Release.Name }}
         heritage: {{ .Release.Service }}
+        {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 8 }}{{- end }}
     spec:
 {{- if gt (int .Values.provisioner.replicaCount) 1 }}
       affinity:

charts/ceph-csi-rbd/templates/provisioner-http-service.yaml

@@ -14,6 +14,7 @@ metadata:
     component: {{ .Values.provisioner.name }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
+    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
 spec:
 {{- if .Values.provisioner.httpMetrics.service.clusterIP }}
   clusterIP: "{{ .Values.provisioner.httpMetrics.service.clusterIP }}"

charts/ceph-csi-rbd/templates/provisioner-role.yaml

@@ -10,6 +10,7 @@ metadata:
     component: {{ .Values.provisioner.name }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
+    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
 rules:
   - apiGroups: [""]
     resources: ["configmaps"]

charts/ceph-csi-rbd/templates/provisioner-rolebinding.yaml

@@ -10,6 +10,7 @@ metadata:
     component: {{ .Values.provisioner.name }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
+    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
 subjects:
   - kind: ServiceAccount
     name: {{ include "ceph-csi-rbd.serviceAccountName.provisioner" . }}

charts/ceph-csi-rbd/templates/provisioner-serviceaccount.yaml

@@ -10,4 +10,5 @@ metadata:
     component: {{ .Values.provisioner.name }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
+    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
 {{- end -}}

charts/ceph-csi-rbd/templates/secret.yaml

@@ -9,6 +9,7 @@ metadata:
     chart: {{ include "ceph-csi-rbd.chart" . }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
+    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
 stringData:
   userID: {{ .Values.secret.userID }}
   userKey: {{ .Values.secret.userKey }}

charts/ceph-csi-rbd/templates/storageclass.yaml

@@ -12,6 +12,7 @@ metadata:
     chart: {{ include "ceph-csi-rbd.chart" . }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
+    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
 provisioner: {{ .Values.driverName }}
 parameters:
   clusterID: {{ .Values.storageClass.clusterID }}

charts/ceph-csi-rbd/values.yaml

@@ -53,6 +53,9 @@ csiMapping: []
 #     vaultCAVerify: "false"
 encryptionKMSConfig: {}
 
+# Labels to apply to all resources
+commonLabels: {}
+
 # Set logging level for csi containers.
 # Supported values from 0 to 5. 0 for general useful logs,
 # 5 for trace level verbosity.
@@ -107,7 +110,7 @@ nodeplugin:
   registrar:
     image:
       repository: registry.k8s.io/sig-storage/csi-node-driver-registrar
-      tag: v2.5.1
+      tag: v2.6.0
       pullPolicy: IfNotPresent
     resources: {}
 

deploy/cephfs/kubernetes/csi-cephfsplugin.yaml

@@ -27,7 +27,7 @@ spec:
           securityContext:
             privileged: true
             allowPrivilegeEscalation: true
-          image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.5.1
+          image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.6.0
           args:
             - "--v=1"
             - "--csi-address=/csi/csi.sock"

deploy/nfs/kubernetes/csi-nfsplugin.yaml

@@ -27,7 +27,7 @@ spec:
           securityContext:
             privileged: true
             allowPrivilegeEscalation: true
-          image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.5.1
+          image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.6.0
           args:
             - "--v=1"
             - "--csi-address=/csi/csi.sock"

deploy/rbd/kubernetes/csi-rbdplugin.yaml

@@ -29,7 +29,7 @@ spec:
           securityContext:
             privileged: true
             allowPrivilegeEscalation: true
-          image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.5.1
+          image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.6.0
           args:
             - "--v=1"
             - "--csi-address=/csi/csi.sock"

docs/deploy-cephfs.md

@@ -129,6 +129,12 @@ the Docker daemon of the cluster nodes must allow shared mounts.
 
 YAML manifests are located in `deploy/cephfs/kubernetes`.
 
+**Create CSIDriver object:**
+
+```bash
+kubectl create -f csidriver.yaml
+```
+
 **Deploy RBACs for sidecar containers and node plugins:**
 
 ```bash

docs/deploy-rbd.md

@@ -98,6 +98,12 @@ the Docker daemon of the cluster nodes must allow shared mounts.
 
 YAML manifests are located in `deploy/rbd/kubernetes`.
 
+**Create CSIDriver object:**
+
+```bash
+kubectl create -f csidriver.yaml
+```
+
 **Deploy RBACs for sidecar containers and node plugins:**
 
 ```bash

go.mod

@@ -4,44 +4,45 @@ go 1.17
 
 require (
 	github.com/IBM/keyprotect-go-client v0.8.1
-	github.com/aws/aws-sdk-go v1.44.122
+	github.com/aws/aws-sdk-go v1.44.127
 	github.com/aws/aws-sdk-go-v2/service/sts v1.17.1
 	github.com/ceph/ceph-csi/api v0.0.0-00010101000000-000000000000
 	// TODO: API for managing subvolume metadata and snapshot metadata requires `ceph_ci_untested` build-tag
 	github.com/ceph/go-ceph v0.17.0
 	github.com/container-storage-interface/spec v1.6.0
 	github.com/csi-addons/replication-lib-utils v0.2.0
-	github.com/csi-addons/spec v0.1.2-0.20220906123848-52ce69f90900
+	github.com/csi-addons/spec v0.1.2-0.20221101132540-98eff76b0ff8
 	github.com/gemalto/kmip-go v0.0.8
 	github.com/golang/protobuf v1.5.2
 	github.com/google/fscrypt v0.3.3
 	github.com/google/uuid v1.3.0
 	github.com/grpc-ecosystem/go-grpc-middleware v1.3.0
 	github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0
-	github.com/hashicorp/vault/api v1.8.1
+	github.com/hashicorp/vault/api v1.8.2
 	github.com/kubernetes-csi/csi-lib-utils v0.11.0
 	github.com/kubernetes-csi/external-snapshotter/client/v6 v6.0.1
 	github.com/libopenstorage/secrets v0.0.0-20210908194121-a1d19aa9713a
 	github.com/onsi/ginkgo/v2 v2.4.0
-	github.com/onsi/gomega v1.22.1
+	github.com/onsi/gomega v1.23.0
 	github.com/pkg/xattr v0.4.7
 	github.com/prometheus/client_golang v1.12.2
 	github.com/stretchr/testify v1.8.1
-	golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd
+	golang.org/x/crypto v0.1.0
 	golang.org/x/net v0.1.0
 	golang.org/x/sys v0.1.0
 	google.golang.org/grpc v1.49.0
 	google.golang.org/protobuf v1.28.0
-	k8s.io/api v0.25.0
+	k8s.io/api v0.25.3
-	k8s.io/apimachinery v0.25.0
+	k8s.io/apimachinery v0.25.3
 	k8s.io/client-go v12.0.0+incompatible
-	k8s.io/cloud-provider v0.25.0
+	k8s.io/cloud-provider v0.25.3
 	k8s.io/klog/v2 v2.80.1
 	//
 	// when updating k8s.io/kubernetes, make sure to update the replace section too
 	//
-	k8s.io/kubernetes v1.25.0
+	k8s.io/kubernetes v1.25.3
-	k8s.io/mount-utils v0.25.0
+	k8s.io/mount-utils v0.25.3
+	k8s.io/pod-security-admission v0.0.0
 	k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed
 	sigs.k8s.io/controller-runtime v0.11.0-beta.0.0.20211208212546-f236f0345ad2
 )
@@ -80,7 +81,7 @@ require (
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/snappy v0.0.4 // indirect
 	github.com/google/gnostic v0.5.7-v3refs // indirect
-	github.com/google/go-cmp v0.5.8 // indirect
+	github.com/google/go-cmp v0.5.9 // indirect
 	github.com/google/gofuzz v1.1.0 // indirect
 	github.com/grpc-ecosystem/grpc-gateway v1.16.0 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
@@ -88,7 +89,7 @@ require (
 	github.com/hashicorp/go-hclog v0.16.2 // indirect
 	github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
-	github.com/hashicorp/go-plugin v1.4.3 // indirect
+	github.com/hashicorp/go-plugin v1.4.5 // indirect
 	github.com/hashicorp/go-retryablehttp v0.7.0 // indirect
 	github.com/hashicorp/go-rootcerts v1.0.2 // indirect
 	github.com/hashicorp/go-secure-stdlib/mlock v0.1.1 // indirect
@@ -160,15 +161,14 @@ require (
 	gopkg.in/square/go-jose.v2 v2.5.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/apiextensions-apiserver v0.25.0 // indirect
+	k8s.io/apiextensions-apiserver v0.25.3 // indirect
-	k8s.io/apiserver v0.25.0 // indirect
+	k8s.io/apiserver v0.25.3 // indirect
-	k8s.io/component-base v0.25.0 // indirect
+	k8s.io/component-base v0.25.3 // indirect
-	k8s.io/component-helpers v0.25.0 // indirect
+	k8s.io/component-helpers v0.25.3 // indirect
 	k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 // indirect
 	k8s.io/kubectl v0.0.0 // indirect
 	k8s.io/kubelet v0.0.0 // indirect
-	k8s.io/pod-security-admission v0.0.0 // indirect
+	sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.33 // indirect
-	sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.32 // indirect
 	sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
 	sigs.k8s.io/yaml v1.3.0 // indirect
@@ -183,31 +183,31 @@ replace (
 	//
 	// k8s.io/kubernetes depends on these k8s.io packages, but unversioned
 	//
-	k8s.io/api => k8s.io/api v0.25.0
+	k8s.io/api => k8s.io/api v0.25.3
-	k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.25.0
+	k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.25.3
-	k8s.io/apimachinery => k8s.io/apimachinery v0.25.0
+	k8s.io/apimachinery => k8s.io/apimachinery v0.25.3
-	k8s.io/apiserver => k8s.io/apiserver v0.25.0
+	k8s.io/apiserver => k8s.io/apiserver v0.25.3
-	k8s.io/cli-runtime => k8s.io/cli-runtime v0.25.0
+	k8s.io/cli-runtime => k8s.io/cli-runtime v0.25.3
-	k8s.io/client-go => k8s.io/client-go v0.25.0
+	k8s.io/client-go => k8s.io/client-go v0.25.3
-	k8s.io/cloud-provider => k8s.io/cloud-provider v0.25.0
+	k8s.io/cloud-provider => k8s.io/cloud-provider v0.25.3
-	k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.25.0
+	k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.25.3
-	k8s.io/code-generator => k8s.io/code-generator v0.25.0
+	k8s.io/code-generator => k8s.io/code-generator v0.25.3
-	k8s.io/component-base => k8s.io/component-base v0.25.0
+	k8s.io/component-base => k8s.io/component-base v0.25.3
-	k8s.io/component-helpers => k8s.io/component-helpers v0.25.0
+	k8s.io/component-helpers => k8s.io/component-helpers v0.25.3
-	k8s.io/controller-manager => k8s.io/controller-manager v0.25.0
+	k8s.io/controller-manager => k8s.io/controller-manager v0.25.3
-	k8s.io/cri-api => k8s.io/cri-api v0.25.0
+	k8s.io/cri-api => k8s.io/cri-api v0.25.3
-	k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.25.0
+	k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.25.3
-	k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.25.0
+	k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.25.3
-	k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.25.0
+	k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.25.3
-	k8s.io/kube-proxy => k8s.io/kube-proxy v0.25.0
+	k8s.io/kube-proxy => k8s.io/kube-proxy v0.25.3
-	k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.25.0
+	k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.25.3
-	k8s.io/kubectl => k8s.io/kubectl v0.25.0
+	k8s.io/kubectl => k8s.io/kubectl v0.25.3
-	k8s.io/kubelet => k8s.io/kubelet v0.25.0
+	k8s.io/kubelet => k8s.io/kubelet v0.25.3
-	k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.25.0
+	k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.25.3
-	k8s.io/metrics => k8s.io/metrics v0.25.0
+	k8s.io/metrics => k8s.io/metrics v0.25.3
-	k8s.io/mount-utils => k8s.io/mount-utils v0.25.0-alpha.3.0.20220801203918-ff562e546084
+	k8s.io/mount-utils => k8s.io/mount-utils v0.25.3
-	k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.25.0
+	k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.25.3
-	k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.25.0
+	k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.25.3
 	// layeh.com seems to be misbehaving
 	layeh.com/radius => github.com/layeh/radius v0.0.0-20190322222518-890bc1058917
 )

go.sum

@@ -160,8 +160,8 @@ github.com/aws/aws-sdk-go v1.25.41/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpi
 github.com/aws/aws-sdk-go v1.35.24/go.mod h1:tlPOdRjfxPBpNIwqDj61rmsnA85v9jc0Ps9+muhnW+k=
 github.com/aws/aws-sdk-go v1.38.49/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
 github.com/aws/aws-sdk-go v1.44.67/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
-github.com/aws/aws-sdk-go v1.44.122 h1:p6mw01WBaNpbdP2xrisz5tIkcNwzj/HysobNoaAHjgo=
+github.com/aws/aws-sdk-go v1.44.127 h1:IoO2VfuIQg1aMXnl8l6OpNUKT4Qq5CnJMOyIWoTYXj0=
-github.com/aws/aws-sdk-go v1.44.122/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
+github.com/aws/aws-sdk-go v1.44.127/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
 github.com/aws/aws-sdk-go-v2 v1.17.1 h1:02c72fDJr87N8RAC2s3Qu0YuvMRZKNZJ9F+lAehCazk=
 github.com/aws/aws-sdk-go-v2 v1.17.1/go.mod h1:JLnGeGONAyi2lWXI1p0PCIOIy333JMVK1U7Hf0aRFLw=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.25 h1:nBO/RFxeq/IS5G9Of+ZrgucRciie2qpLy++3UGZ+q2E=
@@ -278,8 +278,8 @@ github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ
 github.com/csi-addons/replication-lib-utils v0.2.0 h1:tGs42wfjkObbBo/98a3uxTFWEJ1dq5PIMqPWtdLd040=
 github.com/csi-addons/replication-lib-utils v0.2.0/go.mod h1:ROQlEsc2EerVtc/K/C+6Hx8pqaQ9MVy9xFFpyKfI9lc=
 github.com/csi-addons/spec v0.1.0/go.mod h1:Mwq4iLiUV4s+K1bszcWU6aMsR5KPsbIYzzszJ6+56vI=
-github.com/csi-addons/spec v0.1.2-0.20220906123848-52ce69f90900 h1:zX0138DipZsZqxK1UwAmaRZmL89OuQMkwh7FtvTDgFw=
+github.com/csi-addons/spec v0.1.2-0.20221101132540-98eff76b0ff8 h1:fYkq+S2FCMM/yl2BjjSNpAZjKuyPCwtkV6F155u1jiE=
-github.com/csi-addons/spec v0.1.2-0.20220906123848-52ce69f90900/go.mod h1:Mwq4iLiUV4s+K1bszcWU6aMsR5KPsbIYzzszJ6+56vI=
+github.com/csi-addons/spec v0.1.2-0.20221101132540-98eff76b0ff8/go.mod h1:Mwq4iLiUV4s+K1bszcWU6aMsR5KPsbIYzzszJ6+56vI=
 github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
 github.com/dave/dst v0.26.2/go.mod h1:UMDJuIRPfyUCC78eFuB+SV/WI8oDeyFDvM/JR6NI3IU=
 github.com/dave/gopackages v0.0.0-20170318123100-46e7023ec56e/go.mod h1:i00+b/gKdIDIxuLDFob7ustLAVqhsZRk2qVZrArELGQ=
@@ -447,7 +447,6 @@ github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzw
 github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
 github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4=
 github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20180513044358-24b0969c4cb7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -484,7 +483,7 @@ github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Z
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA=
 github.com/google/cadvisor v0.45.0/go.mod h1:vsMT3Uv2XjQ8M7WUtKARV74mU/HN64C4XtM1bJhUKcU=
-github.com/google/cel-go v0.12.4/go.mod h1:Av7CU6r6X3YmcHR9GXqVDaEJYfEtSxl6wvIjUQTriCw=
+github.com/google/cel-go v0.12.5/go.mod h1:Jk7ljRzLBhkmiAwBoUxB1sZSCVBAzkqPF25olK/iRDw=
 github.com/google/fscrypt v0.3.3 h1:qwx9OCR/xZE68VGr/r0/yugFhlGpIOGsH9JHrttP7vc=
 github.com/google/fscrypt v0.3.3/go.mod h1:H1JHtH8BVe0dYNhzx1Ztkn3azQ0OBdoOmM828vEWAXc=
 github.com/google/gnostic v0.5.7-v3refs h1:FhTMOKj2VhjpouxvWJAV1TL304uMlb9zcDqkl6cEI54=
@@ -501,8 +500,9 @@ github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
 github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ=
 github.com/google/go-metrics-stackdriver v0.2.0/go.mod h1:KLcPyp3dWJAFD+yHisGlJSZktIsTjb50eB72U2YZ9K0=
 github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
@@ -620,8 +620,9 @@ github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+l
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
 github.com/hashicorp/go-plugin v1.0.0/go.mod h1:++UyYGoz3o5w9ZzAdZxtQKrWWP+iqPBn3cQptSMzBuY=
 github.com/hashicorp/go-plugin v1.0.1/go.mod h1:++UyYGoz3o5w9ZzAdZxtQKrWWP+iqPBn3cQptSMzBuY=
-github.com/hashicorp/go-plugin v1.4.3 h1:DXmvivbWD5qdiBts9TpBC7BYL1Aia5sxbRgQB+v6UZM=
 github.com/hashicorp/go-plugin v1.4.3/go.mod h1:5fGEH17QVwTTcR0zV7yhDPLLmFX9YSZ38b18Udy6vYQ=
+github.com/hashicorp/go-plugin v1.4.5 h1:oTE/oQR4eghggRg8VY7PAz3dr++VwDNBGCcOfIvHpBo=
+github.com/hashicorp/go-plugin v1.4.5/go.mod h1:viDMjcLJuDui6pXb8U4HVfb8AamCWhHGUjr2IrTF67s=
 github.com/hashicorp/go-raftchunking v0.6.3-0.20191002164813-7e9e8525653a h1:FmnBDwGwlTgugDGbVxwV8UavqSMACbGrUpfc98yFLR4=
 github.com/hashicorp/go-raftchunking v0.6.3-0.20191002164813-7e9e8525653a/go.mod h1:xbXnmKqX9/+RhPkJ4zrEx4738HacP72aaUPlT2RZ4sU=
 github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs=
@@ -710,8 +711,8 @@ github.com/hashicorp/vault/api v1.0.5-0.20191122173911-80fcc7907c78/go.mod h1:Uf
 github.com/hashicorp/vault/api v1.0.5-0.20200215224050-f6547fa8e820/go.mod h1:3f12BMfgDGjTsTtIUj+ZKZwSobQpZtYGFIEehOv5z1o=
 github.com/hashicorp/vault/api v1.0.5-0.20200317185738-82f498082f02/go.mod h1:3f12BMfgDGjTsTtIUj+ZKZwSobQpZtYGFIEehOv5z1o=
 github.com/hashicorp/vault/api v1.0.5-0.20200902155336-f9d5ce5a171a/go.mod h1:R3Umvhlxi2TN7Ex2hzOowyeNb+SfbVWI973N+ctaFMk=
-github.com/hashicorp/vault/api v1.8.1 h1:bMieWIe6dAlqAAPReZO/8zYtXaWUg/21umwqGZpEjCI=
+github.com/hashicorp/vault/api v1.8.2 h1:C7OL9YtOtwQbTKI9ogB0A1wffRbCN+rH/LLCHO3d8HM=
-github.com/hashicorp/vault/api v1.8.1/go.mod h1:uJrw6D3y9Rv7hhmS17JQC50jbPDAZdjZoTtrCCxxs7E=
+github.com/hashicorp/vault/api v1.8.2/go.mod h1:ML8aYzBIhY5m1MD1B2Q0JV89cC85YVH4t5kBaZiyVaE=
 github.com/hashicorp/vault/sdk v0.1.8/go.mod h1:tHZfc6St71twLizWNHvnnbiGFo1aq0eD2jGPLtP8kAU=
 github.com/hashicorp/vault/sdk v0.1.14-0.20190730042320-0dc007d98cc8/go.mod h1:B+hVj7TpuQY1Y/GPbCpffmgd+tSEwvhkWnjtSYCaS2M=
 github.com/hashicorp/vault/sdk v0.1.14-0.20191108161836-82f2b5571044/go.mod h1:PcekaFGiPJyHnFy+NZhP6ll650zEw51Ag7g/YEa+EOU=
@@ -953,8 +954,9 @@ github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAl
 github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro=
 github.com/onsi/gomega v1.20.1/go.mod h1:DtrZpjmvpn2mPm4YWQa0/ALMDj9v4YxLgojwPeREyVo=
 github.com/onsi/gomega v1.21.1/go.mod h1:iYAIXgPSaDHak0LCMA+AWBpIKBr8WZicMxnE8luStNc=
-github.com/onsi/gomega v1.22.1 h1:pY8O4lBfsHKZHM/6nrxkhVPUznOlIu3quZcKP/M20KI=
 github.com/onsi/gomega v1.22.1/go.mod h1:x6n7VNe4hw0vkyYUM4mjIXx3JbLiPaBPNgB7PRQ1tuM=
+github.com/onsi/gomega v1.23.0 h1:/oxKu9c2HVap+F3PfKort2Hw5DEU+HGlW8n+tguWsys=
+github.com/onsi/gomega v1.23.0/go.mod h1:Z/NWtiqwBrwUt4/2loMmHL63EDLnYHmVbuBpDr2vQAg=
 github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
@@ -1230,8 +1232,9 @@ go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0
 go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A=
 go.uber.org/goleak v1.1.11-0.20210813005559-691160354723/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
 go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
-go.uber.org/goleak v1.1.12 h1:gZAh5/EyT/HQwlpkCy6wTpqfH9H8Lz8zbm3dZh+OyzA=
 go.uber.org/goleak v1.1.12/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
+go.uber.org/goleak v1.2.0 h1:xqgm/S+aQvhWFTtR0XK3Jvg7z8kGV8P4X14IzwN3Eqk=
+go.uber.org/goleak v1.2.0/go.mod h1:XJYK+MuIchqpmGmUSAzotztawfKvYLUIgg7guXrwVUo=
 go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
 go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
 go.uber.org/multierr v1.7.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak=
@@ -1267,7 +1270,6 @@ golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220131195533-30dcbda58838/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd h1:XcWmESyNjXJMLahc3mqVQJcgSTDxFxhETVlfk9uGc38=
 golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU=
 golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
@@ -1542,6 +1544,7 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -1865,28 +1868,28 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.25.0 h1:H+Q4ma2U/ww0iGB78ijZx6DRByPz6/733jIuFpX70e0=
+k8s.io/api v0.25.3 h1:Q1v5UFfYe87vi5H7NU0p4RXC26PPMT8KOpr1TLQbCMQ=
-k8s.io/api v0.25.0/go.mod h1:ttceV1GyV1i1rnmvzT3BST08N6nGt+dudGrquzVQWPk=
+k8s.io/api v0.25.3/go.mod h1:o42gKscFrEVjHdQnyRenACrMtbuJsVdP+WVjqejfzmI=
-k8s.io/apiextensions-apiserver v0.25.0 h1:CJ9zlyXAbq0FIW8CD7HHyozCMBpDSiH7EdrSTCZcZFY=
+k8s.io/apiextensions-apiserver v0.25.3 h1:bfI4KS31w2f9WM1KLGwnwuVlW3RSRPuIsfNF/3HzR0k=
-k8s.io/apiextensions-apiserver v0.25.0/go.mod h1:3pAjZiN4zw7R8aZC5gR0y3/vCkGlAjCazcg1me8iB/E=
+k8s.io/apiextensions-apiserver v0.25.3/go.mod h1:ZJqwpCkxIx9itilmZek7JgfUAM0dnTsA48I4krPqRmo=
-k8s.io/apimachinery v0.25.0 h1:MlP0r6+3XbkUG2itd6vp3oxbtdQLQI94fD5gCS+gnoU=
+k8s.io/apimachinery v0.25.3 h1:7o9ium4uyUOM76t6aunP0nZuex7gDf8VGwkR5RcJnQc=
-k8s.io/apimachinery v0.25.0/go.mod h1:qMx9eAk0sZQGsXGu86fab8tZdffHbwUfsvzqKn4mfB0=
+k8s.io/apimachinery v0.25.3/go.mod h1:jaF9C/iPNM1FuLl7Zuy5b9v+n35HGSh6AQ4HYRkCqwo=
-k8s.io/apiserver v0.25.0 h1:8kl2ifbNffD440MyvHtPaIz1mw4mGKVgWqM0nL+oyu4=
+k8s.io/apiserver v0.25.3 h1:m7+xGuG5+KYAnEsqaFtDyWMkmMMEOFYlu+NlWv5qSBI=
-k8s.io/apiserver v0.25.0/go.mod h1:BKwsE+PTC+aZK+6OJQDPr0v6uS91/HWxX7evElAH6xo=
+k8s.io/apiserver v0.25.3/go.mod h1:9bT47iM2fzRuhICJpM/RcQR9sqDDfZ7Yw60h0p3JW08=
-k8s.io/cli-runtime v0.25.0/go.mod h1:bHOI5ZZInRHhbq12OdUiYZQN8ml8aKZLwQgt9QlLINw=
+k8s.io/cli-runtime v0.25.3/go.mod h1:InHHsjkyW5hQsILJGpGjeruiDZT/R0OkROQgD6GzxO4=
-k8s.io/client-go v0.25.0 h1:CVWIaCETLMBNiTUta3d5nzRbXvY5Hy9Dpl+VvREpu5E=
+k8s.io/client-go v0.25.3 h1:oB4Dyl8d6UbfDHD8Bv8evKylzs3BXzzufLiO27xuPs0=
-k8s.io/client-go v0.25.0/go.mod h1:lxykvypVfKilxhTklov0wz1FoaUZ8X4EwbhS6rpRfN8=
+k8s.io/client-go v0.25.3/go.mod h1:t39LPczAIMwycjcXkVc+CB+PZV69jQuNx4um5ORDjQA=
-k8s.io/cloud-provider v0.25.0 h1:ONX5BON6f1Mxa2GWvPyKn+QsZXaLauPUte7MZxfWUro=
+k8s.io/cloud-provider v0.25.3 h1:1X1BKXm0fp8/ZkaQKNDyWqgh6t7m9O5MDSbO9OA4muk=
-k8s.io/cloud-provider v0.25.0/go.mod h1:afVfVCIYOUER914WmSp0QpAtJn12gv4qu9NMT4XBxZo=
+k8s.io/cloud-provider v0.25.3/go.mod h1:P7TjzjbkqW3C0NAT1bNEZrZRifNNBVhrTb+iHRjfFz0=
-k8s.io/cluster-bootstrap v0.25.0/go.mod h1:x/TCtY3EiuR/rODkA3SvVQT3uSssQLf9cXcmSjdDTe0=
+k8s.io/cluster-bootstrap v0.25.3/go.mod h1:C5NZX+WE7v/hEyUfMj2sjQfKHsOVAYLrSFLtPspVljM=
-k8s.io/code-generator v0.25.0/go.mod h1:B6jZgI3DvDFAualltPitbYMQ74NjaCFxum3YeKZZ+3w=
+k8s.io/code-generator v0.25.3/go.mod h1:9F5fuVZOMWRme7MYj2YT3L9ropPWPokd9VRhVyD3+0w=
-k8s.io/component-base v0.25.0 h1:haVKlLkPCFZhkcqB6WCvpVxftrg6+FK5x1ZuaIDaQ5Y=
+k8s.io/component-base v0.25.3 h1:UrsxciGdrCY03ULT1h/S/gXFCOPnLhUVwSyx+hM/zq4=
-k8s.io/component-base v0.25.0/go.mod h1:F2Sumv9CnbBlqrpdf7rKZTmmd2meJq0HizeyY/yAFxk=
+k8s.io/component-base v0.25.3/go.mod h1:WYoS8L+IlTZgU7rhAl5Ctpw0WdMxDfCC5dkxcEFa/TI=
-k8s.io/component-helpers v0.25.0 h1:vNzYfqnVXj7f+CPksduKVv2Z9kC+IDsOs9yaOyxZrj0=
+k8s.io/component-helpers v0.25.3 h1:Ldwi2U50KohMVDKBcVT3zDpIOKFP4bPEy/4Dj4NsoYU=
-k8s.io/component-helpers v0.25.0/go.mod h1:auaFj2bvb5Zmy0mLk4WJNmwP0w4e7Zk+/Tu9FFBGA20=
+k8s.io/component-helpers v0.25.3/go.mod h1:yu9zgPm9pf5jpmUzOZA9PMHY16Eu8ymt8AnSL0Xwbgw=
-k8s.io/controller-manager v0.25.0/go.mod h1:QElCivPrZ64NP1Y976pkgyViZUqn6UcvjlXHiAAUGd0=
+k8s.io/controller-manager v0.25.3/go.mod h1:lWiZbjFw3joeiIVpscVfKywrAde4GE8Z84i5MIpEQMw=
-k8s.io/cri-api v0.25.0/go.mod h1:J1rAyQkSJ2Q6I+aBMOVgg2/cbbebso6FNa0UagiR0kc=
+k8s.io/cri-api v0.25.3/go.mod h1:riC/P0yOGUf2K1735wW+CXs1aY2ctBgePtnnoFLd0dU=
-k8s.io/csi-translation-lib v0.25.0/go.mod h1:Wb80CDywP4753F6wWkIyOuJIQtQAbhgw985veSgAn/4=
+k8s.io/csi-translation-lib v0.25.3/go.mod h1:hrosK8ufTX5fz1CJO79EfPPkuLZWvaxEb4tovbcv/AU=
 k8s.io/gengo v0.0.0-20201214224949-b6c5ce23f027/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
 k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
 k8s.io/gengo v0.0.0-20211129171323-c02415ce4185/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
@@ -1900,28 +1903,28 @@ k8s.io/klog/v2 v2.30.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/klog/v2 v2.70.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/klog/v2 v2.80.1 h1:atnLQ121W371wYYFawwYx1aEY2eUfs4l3J72wtgAwV4=
 k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
-k8s.io/kube-aggregator v0.25.0/go.mod h1:dfdl4aQkleiWK/U++UDLdDC8g2rsonhkB23zzUeBCgM=
+k8s.io/kube-aggregator v0.25.3/go.mod h1:w87nqmzJMf7S73FRYcnexqfYW0AFiLJiCkvVCwM3feE=
-k8s.io/kube-controller-manager v0.25.0/go.mod h1:SjL1hKSG2z9wajnvjRHZv1zOsdDHjmbZd1ykmaYO6J8=
+k8s.io/kube-controller-manager v0.25.3/go.mod h1:InfGO/O9vIPxpbgd0gUK22xVDsaGnJAUsATzwKk6BNg=
 k8s.io/kube-openapi v0.0.0-20180731170545-e3762e86a74c/go.mod h1:BXM9ceUBTj2QnfH2MK1odQs778ajze1RxcmP6S8RVVc=
 k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65/go.mod h1:sX9MT8g7NVZM5lVL/j8QyCCJe8YSMW30QvGZWaCIDIk=
 k8s.io/kube-openapi v0.0.0-20220401212409-b28bf2818661/go.mod h1:daOouuuwd9JXpv1L7Y34iV3yf6nxzipkKMWWlqlvK9M=
 k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 h1:MQ8BAZPZlWk3S9K4a9NCkIFQtZShWqoha7snGixVgEA=
 k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1/go.mod h1:C/N6wCaBHeBHkHUesQOQy2/MZqGgMAFPqGsGQLdbZBU=
-k8s.io/kube-proxy v0.25.0/go.mod h1:uHv1HwMVDYgl1pU2PTDKLRlxtNOf4z2M5YPYC6NP1CU=
+k8s.io/kube-proxy v0.25.3/go.mod h1:A/aOKVIY+tivIHk/i6hEF6IyLSDHKGooLnedg4dBJa8=
-k8s.io/kube-scheduler v0.25.0/go.mod h1:cwiyJeImgFbhmbnImzvuhbiJayNngRNEe3FJkZDPw9Y=
+k8s.io/kube-scheduler v0.25.3/go.mod h1:0EKmWTnwNaHnmWwan4bABGQm4XyYpc146XyFWX4ey5E=
-k8s.io/kubectl v0.25.0 h1:/Wn1cFqo8ik3iee1EvpxYre3bkWsGLXzLQI6uCCAkQc=
+k8s.io/kubectl v0.25.3 h1:HnWJziEtmsm4JaJiKT33kG0kadx68MXxUE8UEbXnN4U=
-k8s.io/kubectl v0.25.0/go.mod h1:n16ULWsOl2jmQpzt2o7Dud1t4o0+Y186ICb4O+GwKAU=
+k8s.io/kubectl v0.25.3/go.mod h1:glU7PiVj/R6Ud4A9FJdTcJjyzOtCJyc0eO7Mrbh3jlI=
-k8s.io/kubelet v0.25.0 h1:eTS5B1u1o63ndExAHKLJytzz/GBy86ROcxYtu0VK3RA=
+k8s.io/kubelet v0.25.3 h1:PjT3Xo0VL1BpRilBpZrRN8pSy6w5pGQ0YDQQeQWSHvQ=
-k8s.io/kubelet v0.25.0/go.mod h1:J6aQxrZdSsGPrskYrhZdEn6PCnGha+GNvF0g9aWfQnw=
+k8s.io/kubelet v0.25.3/go.mod h1:YopVc6vLhveZb22I7AzcoWPap+t3/KJKqRZDa2MZmyE=
-k8s.io/kubernetes v1.25.0 h1:NwTRyLrdXTORd5V7DLlUltxDbl/KZjYDiRgwI+pBYGE=
+k8s.io/kubernetes v1.25.3 h1:Ljx/Ew9+dt7rN9ob3V+N/aoDy7nDSbmr35IbYGRTyqE=
-k8s.io/kubernetes v1.25.0/go.mod h1:UdtILd5Zg1vGZvShiO1EYOqmjzM2kZOG1hzwQnM5JxY=
+k8s.io/kubernetes v1.25.3/go.mod h1:lvEY+3iJhh+sGIK1LorGkI56rW0eLGsfalnp68wQwYU=
-k8s.io/legacy-cloud-providers v0.25.0/go.mod h1:bnmUgHHeBmK3M9JgQzu+ne6UCUVURDzkpF0Y7VeypVE=
+k8s.io/legacy-cloud-providers v0.25.3/go.mod h1:0l3ulE+R3UXrVSfevmLvKSqJluRX/ABedGLGfpYf9t0=
-k8s.io/metrics v0.25.0/go.mod h1:HZZrbhuRX+fsDcRc3u59o2FbrKhqD67IGnoFECNmovc=
+k8s.io/metrics v0.25.3/go.mod h1:5j5FKJb8RHsb3Q2PLsD/p1mLiA1fTrl+a62Les+KDhc=
-k8s.io/mount-utils v0.25.0-alpha.3.0.20220801203918-ff562e546084 h1:MBVsRiLUuVn8PX7je4jjBfHfRs65QwEtgM//Te1mFpQ=
+k8s.io/mount-utils v0.25.3 h1:Eb4MDClmozX3Vrz4ZtoG0bQ/pGhT5gyo28p3f+0r9EE=
-k8s.io/mount-utils v0.25.0-alpha.3.0.20220801203918-ff562e546084/go.mod h1:dHX0bJ3b1Mvh/OHsBV9r559Mdrf5Lcjxyoc7FHUtnBg=
+k8s.io/mount-utils v0.25.3/go.mod h1:odpFnGwJfFjN3SRnjfGS0902ubcj/W6hDOrNDmSSINo=
-k8s.io/pod-security-admission v0.25.0 h1:Sceq45pO7E7RTaYAr3Br94ZMDISJIngvXXcAfcZJufk=
+k8s.io/pod-security-admission v0.25.3 h1:2HnXWKUIDSez2sWtvxeGgGVUFvYnJJHutL4AI1MIuwk=
-k8s.io/pod-security-admission v0.25.0/go.mod h1:b/UC586Th2LijoNV+ssyyAryUvmaTrEWms5ZzBEkVsA=
+k8s.io/pod-security-admission v0.25.3/go.mod h1:xSaLkcMPD6cGKrZ//ZUrCNs0BewZzQdOEcC9LuXBGR4=
-k8s.io/sample-apiserver v0.25.0/go.mod h1:Wyy/yKmXCrWLcc+082Vsn6fxAuwraRw5FQpekHg3go8=
+k8s.io/sample-apiserver v0.25.3/go.mod h1:olYnTnro/u7rnn7dlKEceKb9ivx05tfIubBKefSPeVw=
 k8s.io/system-validators v1.7.0/go.mod h1:gP1Ky+R9wtrSiFbrpEPwWMeYz9yqyy1S/KOh0Vci7WI=
 k8s.io/utils v0.0.0-20190506122338-8fab8cb257d5/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew=
 k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
@@ -1939,8 +1942,8 @@ rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8
 rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
-sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.32 h1:2WjukG7txtEsbXsSKWtTibCdsyYAhcu6KFnttyDdZOQ=
+sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.33 h1:LYqFq+6Cj2D0gFfrJvL7iElD4ET6ir3VDdhDdTK7rgc=
-sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.32/go.mod h1:fEO7lRTdivWO2qYVCVG7dEADOMo/MLDCVr8So2g88Uw=
+sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.33/go.mod h1:soWkSNf2tZC7aMibXEqVhCd73GOY5fJikn8qbdzemB0=
 sigs.k8s.io/controller-runtime v0.2.2/go.mod h1:9dyohw3ZtoXQuV1e766PHUn+cmrRCIcBh6XIMFNMZ+I=
 sigs.k8s.io/controller-runtime v0.11.0-beta.0.0.20211208212546-f236f0345ad2 h1:+ReKrjTrd57mtAU19BJkxSAaWRIQkFlaWcO6dGFVP1g=
 sigs.k8s.io/controller-runtime v0.11.0-beta.0.0.20211208212546-f236f0345ad2/go.mod h1:KKwLiTooNGu+JmLZGn9Sl3Gjmfj66eMbCQznLP5zcqA=

internal/rbd/errors.go

@@ -42,4 +42,7 @@ var (
 	ErrMissingImageNameInVolID = errors.New("rbd image name information can not be empty in volID")
 	// ErrDecodeClusterIDFromMonsInVolID is returned when mons hash decoding on migration volID.
 	ErrDecodeClusterIDFromMonsInVolID = errors.New("failed to get clusterID from monitors hash in volID")
+	// ErrLastSyncTimeNotFound is returned when last sync time is not found for
+	// the image.
+	ErrLastSyncTimeNotFound = errors.New("last sync time not found")
 )

internal/rbd/replicationcontrollerserver.go

@@ -767,6 +767,11 @@ func (rs *ReplicationServer) GetVolumeReplicationInfo(ctx context.Context,
 	description := remoteStatus.Description
 	lastSyncTime, err := getLastSyncTime(description)
 	if err != nil {
+		if errors.Is(err, ErrLastSyncTimeNotFound) {
+			return nil, status.Errorf(codes.NotFound, "failed to get last sync time: %v", err)
+		}
+		log.ErrorLog(ctx, err.Error())
+
 		return nil, status.Errorf(codes.Internal, "failed to get last sync time: %v", err)
 	}
 
@@ -804,13 +809,14 @@ func getLastSyncTime(description string) (*timestamppb.Timestamp, error) {
 	// description = "replaying,{"bytes_per_second":0.0,
 	// "bytes_per_snapshot":149504.0,"local_snapshot_timestamp":1662655501
 	// ,"remote_snapshot_timestamp":1662655501}"
-	// In case there is no local snapshot timestamp we can pass the default value
+	// In case there is no local snapshot timestamp return an error as the
+	// LastSyncTime is required.
 	if description == "" {
-		return nil, nil
+		return nil, fmt.Errorf("empty description: %w", ErrLastSyncTimeNotFound)
 	}
 	splittedString := strings.SplitN(description, ",", 2)
 	if len(splittedString) == 1 {
-		return nil, nil
+		return nil, fmt.Errorf("no local snapshot timestamp: %w", ErrLastSyncTimeNotFound)
 	}
 	type localStatus struct {
 		LocalSnapshotTime int64 `json:"local_snapshot_timestamp"`
@@ -822,6 +828,12 @@ func getLastSyncTime(description string) (*timestamppb.Timestamp, error) {
 		return nil, fmt.Errorf("failed to unmarshal description: %w", err)
 	}
 
+	// If the json unmarsal is successful but the local snapshot time is 0, we
+	// need to consider it as an error as the LastSyncTime is required.
+	if localSnapTime.LocalSnapshotTime == 0 {
+		return nil, fmt.Errorf("empty local snapshot timestamp: %w", ErrLastSyncTimeNotFound)
+	}
+
 	lastUpdateTime := time.Unix(localSnapTime.LocalSnapshotTime, 0)
 	lastSyncTime := timestamppb.New(lastUpdateTime)
 

internal/rbd/replicationcontrollerserver_test.go

@@ -455,7 +455,7 @@ func TestValidateLastSyncTime(t *testing.T) {
 			"empty description",
 			"",
 			nil,
-			"",
+			ErrLastSyncTimeNotFound.Error(),
 		},
 		{
 			"description without local_snapshot_timestamp",
@@ -467,13 +467,13 @@ func TestValidateLastSyncTime(t *testing.T) {
 			"description with invalid JSON",
 			`replaying,{"bytes_per_second":0.0,"bytes_per_snapshot":149504.0","remote_snapshot_timestamp":1662655501`,
 			nil,
-			"failed to unmarshal description",
+			"failed to unmarshal",
 		},
 		{
 			"description with no JSON",
 			`replaying`,
 			nil,
-			"",
+			ErrLastSyncTimeNotFound.Error(),
 		},
 	}
 	for _, tt := range tests {

scripts/install-helm.sh

@@ -169,7 +169,7 @@ install_cephcsi_helm_charts() {
     fi
     # install ceph-csi-cephfs and ceph-csi-rbd charts
     # shellcheck disable=SC2086
-    "${HELM}" install --namespace ${NAMESPACE} --set provisioner.fullnameOverride=csi-cephfsplugin-provisioner --set nodeplugin.fullnameOverride=csi-cephfsplugin --set configMapName=ceph-csi-config --set provisioner.replicaCount=1 ${SET_SC_TEMPLATE_VALUES} ${CEPHFS_SECRET_TEMPLATE_VALUES} ${CEPHFS_CHART_NAME} "${SCRIPT_DIR}"/../charts/ceph-csi-cephfs
+    "${HELM}" install --namespace ${NAMESPACE} --set provisioner.fullnameOverride=csi-cephfsplugin-provisioner --set nodeplugin.fullnameOverride=csi-cephfsplugin --set configMapName=ceph-csi-config --set provisioner.replicaCount=1 --set-json='commonLabels={"app.kubernetes.io/name": "ceph-csi-cephfs", "app.kubernetes.io/managed-by": "helm"}' ${SET_SC_TEMPLATE_VALUES} ${CEPHFS_SECRET_TEMPLATE_VALUES} ${CEPHFS_CHART_NAME} "${SCRIPT_DIR}"/../charts/ceph-csi-cephfs
     check_deployment_status app=ceph-csi-cephfs ${NAMESPACE}
     check_daemonset_status app=ceph-csi-cephfs ${NAMESPACE}
 
@@ -179,7 +179,7 @@ install_cephcsi_helm_charts() {
     kubectl_retry delete cm ceph-config --namespace ${NAMESPACE}
 
     # shellcheck disable=SC2086
-    "${HELM}" install --namespace ${NAMESPACE} --set provisioner.fullnameOverride=csi-rbdplugin-provisioner --set nodeplugin.fullnameOverride=csi-rbdplugin --set configMapName=ceph-csi-config --set provisioner.replicaCount=1 ${SET_SC_TEMPLATE_VALUES} ${RBD_SECRET_TEMPLATE_VALUES} ${RBD_CHART_NAME} "${SCRIPT_DIR}"/../charts/ceph-csi-rbd --set topology.enabled=true --set topology.domainLabels="{${NODE_LABEL_REGION},${NODE_LABEL_ZONE}}" --set provisioner.maxSnapshotsOnImage=3 --set provisioner.minSnapshotsOnImage=2
+    "${HELM}" install --namespace ${NAMESPACE} --set provisioner.fullnameOverride=csi-rbdplugin-provisioner --set nodeplugin.fullnameOverride=csi-rbdplugin --set configMapName=ceph-csi-config --set provisioner.replicaCount=1 --set-json='commonLabels={"app.kubernetes.io/name": "ceph-csi-rbd", "app.kubernetes.io/managed-by": "helm"}' ${SET_SC_TEMPLATE_VALUES} ${RBD_SECRET_TEMPLATE_VALUES} ${RBD_CHART_NAME} "${SCRIPT_DIR}"/../charts/ceph-csi-rbd --set topology.enabled=true --set topology.domainLabels="{${NODE_LABEL_REGION},${NODE_LABEL_ZONE}}" --set provisioner.maxSnapshotsOnImage=3 --set provisioner.minSnapshotsOnImage=2
 
     check_deployment_status app=ceph-csi-rbd ${NAMESPACE}
     check_daemonset_status app=ceph-csi-rbd ${NAMESPACE}

vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go

@@ -1593,6 +1593,14 @@ var awsPartition = partition{
 						Region: "ap-southeast-2",
 					},
 				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{
+					Hostname: "api.iotwireless.eu-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-central-1",
+					},
+				},
 				endpointKey{
 					Region: "eu-west-1",
 				}: endpoint{
@@ -1601,6 +1609,14 @@ var awsPartition = partition{
 						Region: "eu-west-1",
 					},
 				},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{
+					Hostname: "api.iotwireless.sa-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "sa-east-1",
+					},
+				},
 				endpointKey{
 					Region: "us-east-1",
 				}: endpoint{
@@ -3991,6 +4007,9 @@ var awsPartition = partition{
 					},
 					Deprecated: boxedTrue,
 				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
 				endpointKey{
 					Region: "me-south-1",
 				}: endpoint{},
@@ -6283,6 +6302,9 @@ var awsPartition = partition{
 					},
 					Deprecated: boxedTrue,
 				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
 				endpointKey{
 					Region: "me-south-1",
 				}: endpoint{},
@@ -10908,6 +10930,9 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "ap-southeast-2",
 				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
 				endpointKey{
 					Region: "ca-central-1",
 				}: endpoint{},
@@ -12419,6 +12444,9 @@ var awsPartition = partition{
 					},
 					Deprecated: boxedTrue,
 				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
 				endpointKey{
 					Region: "me-south-1",
 				}: endpoint{},
@@ -18015,6 +18043,9 @@ var awsPartition = partition{
 					},
 					Deprecated: boxedTrue,
 				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
 				endpointKey{
 					Region: "me-south-1",
 				}: endpoint{},
@@ -20655,6 +20686,9 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "ap-southeast-2",
 				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
 				endpointKey{
 					Region: "ca-central-1",
 				}: endpoint{},
@@ -25757,6 +25791,24 @@ var awsPartition = partition{
 
 					Deprecated: boxedTrue,
 				},
+				endpointKey{
+					Region: "ui-ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ui-ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ui-eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ui-eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ui-us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ui-us-west-2",
+				}: endpoint{},
 				endpointKey{
 					Region: "us-east-1",
 				}: endpoint{},
@@ -33259,6 +33311,9 @@ var awsisoPartition = partition{
 				endpointKey{
 					Region: "us-iso-east-1",
 				}: endpoint{},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{},
 			},
 		},
 		"dynamodb": service{

vendor/github.com/aws/aws-sdk-go/aws/version.go

@@ -5,4 +5,4 @@ package aws
 const SDKName = "aws-sdk-go"
 
 // SDKVersion is the version of this SDK
-const SDKVersion = "1.44.122"
+const SDKVersion = "1.44.127"

vendor/github.com/google/go-cmp/cmp/compare.go

@@ -13,21 +13,21 @@
 //
 // The primary features of cmp are:
 //
-// • When the default behavior of equality does not suit the needs of the test,
+//   - When the default behavior of equality does not suit the test's needs,
 //     custom equality functions can override the equality operation.
-// For example, an equality function may report floats as equal so long as they
+//     For example, an equality function may report floats as equal so long as
-// are within some tolerance of each other.
+//     they are within some tolerance of each other.
 //
-// • Types that have an Equal method may use that method to determine equality.
+//   - Types with an Equal method may use that method to determine equality.
-// This allows package authors to determine the equality operation for the types
+//     This allows package authors to determine the equality operation
-// that they define.
+//     for the types that they define.
 //
-// • If no custom equality functions are used and no Equal method is defined,
+//   - If no custom equality functions are used and no Equal method is defined,
-// equality is determined by recursively comparing the primitive kinds on both
+//     equality is determined by recursively comparing the primitive kinds on
-// values, much like reflect.DeepEqual. Unlike reflect.DeepEqual, unexported
+//     both values, much like reflect.DeepEqual. Unlike reflect.DeepEqual,
-// fields are not compared by default; they result in panics unless suppressed
+//     unexported fields are not compared by default; they result in panics
-// by using an Ignore option (see cmpopts.IgnoreUnexported) or explicitly
+//     unless suppressed by using an Ignore option (see cmpopts.IgnoreUnexported)
-// compared using the Exporter option.
+//     or explicitly compared using the Exporter option.
 package cmp
 
 import (
@@ -45,24 +45,24 @@ import (
 // Equal reports whether x and y are equal by recursively applying the
 // following rules in the given order to x and y and all of their sub-values:
 //
-// • Let S be the set of all Ignore, Transformer, and Comparer options that
+//   - Let S be the set of all Ignore, Transformer, and Comparer options that
 //     remain after applying all path filters, value filters, and type filters.
 //     If at least one Ignore exists in S, then the comparison is ignored.
-// If the number of Transformer and Comparer options in S is greater than one,
+//     If the number of Transformer and Comparer options in S is non-zero,
 //     then Equal panics because it is ambiguous which option to use.
-// If S contains a single Transformer, then use that to transform the current
+//     If S contains a single Transformer, then use that to transform
-// values and recursively call Equal on the output values.
+//     the current values and recursively call Equal on the output values.
 //     If S contains a single Comparer, then use that to compare the current values.
 //     Otherwise, evaluation proceeds to the next rule.
 //
-// • If the values have an Equal method of the form "(T) Equal(T) bool" or
+//   - If the values have an Equal method of the form "(T) Equal(T) bool" or
 //     "(T) Equal(I) bool" where T is assignable to I, then use the result of
 //     x.Equal(y) even if x or y is nil. Otherwise, no such method exists and
 //     evaluation proceeds to the next rule.
 //
-// • Lastly, try to compare x and y based on their basic kinds.
+//   - Lastly, try to compare x and y based on their basic kinds.
-// Simple kinds like booleans, integers, floats, complex numbers, strings, and
+//     Simple kinds like booleans, integers, floats, complex numbers, strings,
-// channels are compared using the equivalent of the == operator in Go.
+//     and channels are compared using the equivalent of the == operator in Go.
 //     Functions are only equal if they are both nil, otherwise they are unequal.
 //
 // Structs are equal if recursively calling Equal on all fields report equal.
@@ -144,7 +144,7 @@ func rootStep(x, y interface{}) PathStep {
 	// so that they have the same parent type.
 	var t reflect.Type
 	if !vx.IsValid() || !vy.IsValid() || vx.Type() != vy.Type() {
-		t = reflect.TypeOf((*interface{})(nil)).Elem()
+		t = anyType
 		if vx.IsValid() {
 			vvx := reflect.New(t).Elem()
 			vvx.Set(vx)
@@ -639,7 +639,9 @@ type dynChecker struct{ curr, next int }
 // Next increments the state and reports whether a check should be performed.
 //
 // Checks occur every Nth function call, where N is a triangular number:
+//
 //	0 1 3 6 10 15 21 28 36 45 55 66 78 91 105 120 136 153 171 190 ...
+//
 // See https://en.wikipedia.org/wiki/Triangular_number
 //
 // This sequence ensures that the cost of checks drops significantly as

vendor/github.com/google/go-cmp/cmp/internal/diff/diff.go

@@ -127,9 +127,9 @@ var randBool = rand.New(rand.NewSource(time.Now().Unix())).Intn(2) == 0
 // This function returns an edit-script, which is a sequence of operations
 // needed to convert one list into the other. The following invariants for
 // the edit-script are maintained:
-//	• eq == (es.Dist()==0)
+//   - eq == (es.Dist()==0)
-//	• nx == es.LenX()
+//   - nx == es.LenX()
-//	• ny == es.LenY()
+//   - ny == es.LenY()
 //
 // This algorithm is not guaranteed to be an optimal solution (i.e., one that
 // produces an edit-script with a minimal Levenshtein distance). This algorithm
@@ -169,12 +169,13 @@ func Difference(nx, ny int, f EqualFunc) (es EditScript) {
 	// A diagonal edge is equivalent to a matching symbol between both X and Y.
 
 	// Invariants:
-	//	• 0 ≤ fwdPath.X ≤ (fwdFrontier.X, revFrontier.X) ≤ revPath.X ≤ nx
+	//   - 0 ≤ fwdPath.X ≤ (fwdFrontier.X, revFrontier.X) ≤ revPath.X ≤ nx
-	//	• 0 ≤ fwdPath.Y ≤ (fwdFrontier.Y, revFrontier.Y) ≤ revPath.Y ≤ ny
+	//   - 0 ≤ fwdPath.Y ≤ (fwdFrontier.Y, revFrontier.Y) ≤ revPath.Y ≤ ny
 	//
 	// In general:
-	//	• fwdFrontier.X < revFrontier.X
+	//   - fwdFrontier.X < revFrontier.X
-	//	• fwdFrontier.Y < revFrontier.Y
+	//   - fwdFrontier.Y < revFrontier.Y
+	//
 	// Unless, it is time for the algorithm to terminate.
 	fwdPath := path{+1, point{0, 0}, make(EditScript, 0, (nx+ny)/2)}
 	revPath := path{-1, point{nx, ny}, make(EditScript, 0)}
@@ -195,18 +196,20 @@ func Difference(nx, ny int, f EqualFunc) (es EditScript) {
 	// computing sub-optimal edit-scripts between two lists.
 	//
 	// The algorithm is approximately as follows:
-	//	• Searching for differences switches back-and-forth between
+	//   - Searching for differences switches back-and-forth between
 	//     a search that starts at the beginning (the top-left corner), and
-	//	a search that starts at the end (the bottom-right corner). The goal of
+	//     a search that starts at the end (the bottom-right corner).
-	//	the search is connect with the search from the opposite corner.
+	//     The goal of the search is connect with the search
-	//	• As we search, we build a path in a greedy manner, where the first
+	//     from the opposite corner.
-	//	match seen is added to the path (this is sub-optimal, but provides a
+	//   - As we search, we build a path in a greedy manner,
-	//	decent result in practice). When matches are found, we try the next pair
+	//     where the first match seen is added to the path (this is sub-optimal,
-	//	of symbols in the lists and follow all matches as far as possible.
+	//     but provides a decent result in practice). When matches are found,
-	//	• When searching for matches, we search along a diagonal going through
+	//     we try the next pair of symbols in the lists and follow all matches
-	//	through the "frontier" point. If no matches are found, we advance the
+	//     as far as possible.
-	//	frontier towards the opposite corner.
+	//   - When searching for matches, we search along a diagonal going through
-	//	• This algorithm terminates when either the X coordinates or the
+	//     through the "frontier" point. If no matches are found,
+	//     we advance the frontier towards the opposite corner.
+	//   - This algorithm terminates when either the X coordinates or the
 	//     Y coordinates of the forward and reverse frontier points ever intersect.
 
 	// This algorithm is correct even if searching only in the forward direction
@@ -389,6 +392,7 @@ type point struct{ X, Y int }
 func (p *point) add(dx, dy int) { p.X += dx; p.Y += dy }
 
 // zigzag maps a consecutive sequence of integers to a zig-zag sequence.
+//
 //	[0 1 2 3 4 5 ...] => [0 -1 +1 -2 +2 ...]
 func zigzag(x int) int {
 	if x&1 != 0 {

vendor/github.com/google/go-cmp/cmp/internal/value/zero.go

@@ -1,48 +0,0 @@
-// Copyright 2017, The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package value
-
-import (
-	"math"
-	"reflect"
-)
-
-// IsZero reports whether v is the zero value.
-// This does not rely on Interface and so can be used on unexported fields.
-func IsZero(v reflect.Value) bool {
-	switch v.Kind() {
-	case reflect.Bool:
-		return v.Bool() == false
-	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
-		return v.Int() == 0
-	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
-		return v.Uint() == 0
-	case reflect.Float32, reflect.Float64:
-		return math.Float64bits(v.Float()) == 0
-	case reflect.Complex64, reflect.Complex128:
-		return math.Float64bits(real(v.Complex())) == 0 && math.Float64bits(imag(v.Complex())) == 0
-	case reflect.String:
-		return v.String() == ""
-	case reflect.UnsafePointer:
-		return v.Pointer() == 0
-	case reflect.Chan, reflect.Func, reflect.Interface, reflect.Ptr, reflect.Map, reflect.Slice:
-		return v.IsNil()
-	case reflect.Array:
-		for i := 0; i < v.Len(); i++ {
-			if !IsZero(v.Index(i)) {
-				return false
-			}
-		}
-		return true
-	case reflect.Struct:
-		for i := 0; i < v.NumField(); i++ {
-			if !IsZero(v.Field(i)) {
-				return false
-			}
-		}
-		return true
-	}
-	return false
-}

vendor/github.com/google/go-cmp/cmp/options.go

@@ -33,6 +33,7 @@ type Option interface {
 }
 
 // applicableOption represents the following types:
+//
 //	Fundamental: ignore | validator | *comparer | *transformer
 //	Grouping:    Options
 type applicableOption interface {
@@ -43,6 +44,7 @@ type applicableOption interface {
 }
 
 // coreOption represents the following types:
+//
 //	Fundamental: ignore | validator | *comparer | *transformer
 //	Filters:     *pathFilter | *valuesFilter
 type coreOption interface {
@@ -336,9 +338,9 @@ func (tr transformer) String() string {
 // both implement T.
 //
 // The equality function must be:
-//	• Symmetric: equal(x, y) == equal(y, x)
+//   - Symmetric: equal(x, y) == equal(y, x)
-//	• Deterministic: equal(x, y) == equal(x, y)
+//   - Deterministic: equal(x, y) == equal(x, y)
-//	• Pure: equal(x, y) does not modify x or y
+//   - Pure: equal(x, y) does not modify x or y
 func Comparer(f interface{}) Option {
 	v := reflect.ValueOf(f)
 	if !function.IsType(v.Type(), function.Equal) || v.IsNil() {
@@ -430,7 +432,7 @@ func AllowUnexported(types ...interface{}) Option {
 }
 
 // Result represents the comparison result for a single node and
-// is provided by cmp when calling Result (see Reporter).
+// is provided by cmp when calling Report (see Reporter).
 type Result struct {
 	_     [0]func() // Make Result incomparable
 	flags resultFlags

vendor/github.com/google/go-cmp/cmp/path.go

@@ -41,12 +41,12 @@ type PathStep interface {
 	// The type of each valid value is guaranteed to be identical to Type.
 	//
 	// In some cases, one or both may be invalid or have restrictions:
-	//	• For StructField, both are not interface-able if the current field
+	//   - For StructField, both are not interface-able if the current field
 	//     is unexported and the struct type is not explicitly permitted by
 	//     an Exporter to traverse unexported fields.
-	//	• For SliceIndex, one may be invalid if an element is missing from
+	//   - For SliceIndex, one may be invalid if an element is missing from
 	//     either the x or y slice.
-	//	• For MapIndex, one may be invalid if an entry is missing from
+	//   - For MapIndex, one may be invalid if an entry is missing from
 	//     either the x or y map.
 	//
 	// The provided values must not be mutated.
@@ -94,6 +94,7 @@ func (pa Path) Index(i int) PathStep {
 // The simplified path only contains struct field accesses.
 //
 // For example:
+//
 //	MyMap.MySlices.MyField
 func (pa Path) String() string {
 	var ss []string
@@ -108,6 +109,7 @@ func (pa Path) String() string {
 // GoString returns the path to a specific node using Go syntax.
 //
 // For example:
+//
 //	(*root.MyMap["key"].(*mypkg.MyStruct).MySlices)[2][3].MyField
 func (pa Path) GoString() string {
 	var ssPre, ssPost []string
@@ -159,7 +161,7 @@ func (ps pathStep) String() string {
 	if ps.typ == nil {
 		return "<nil>"
 	}
-	s := ps.typ.String()
+	s := value.TypeString(ps.typ, false)
 	if s == "" || strings.ContainsAny(s, "{}\n") {
 		return "root" // Type too simple or complex to print
 	}
@@ -282,7 +284,7 @@ type typeAssertion struct {
 
 func (ta TypeAssertion) Type() reflect.Type             { return ta.typ }
 func (ta TypeAssertion) Values() (vx, vy reflect.Value) { return ta.vx, ta.vy }
-func (ta TypeAssertion) String() string                 { return fmt.Sprintf(".(%v)", ta.typ) }
+func (ta TypeAssertion) String() string                 { return fmt.Sprintf(".(%v)", value.TypeString(ta.typ, false)) }
 
 // Transform is a transformation from the parent type to the current type.
 type Transform struct{ *transform }

vendor/github.com/google/go-cmp/cmp/report_compare.go

@@ -7,8 +7,6 @@ package cmp
 import (
 	"fmt"
 	"reflect"
-
-	"github.com/google/go-cmp/cmp/internal/value"
 )
 
 // numContextRecords is the number of surrounding equal records to print.
@@ -117,7 +115,7 @@ func (opts formatOptions) FormatDiff(v *valueNode, ptrs *pointerReferences) (out
 
 	// For leaf nodes, format the value based on the reflect.Values alone.
 	// As a special case, treat equal []byte as a leaf nodes.
-	isBytes := v.Type.Kind() == reflect.Slice && v.Type.Elem() == reflect.TypeOf(byte(0))
+	isBytes := v.Type.Kind() == reflect.Slice && v.Type.Elem() == byteType
 	isEqualBytes := isBytes && v.NumDiff+v.NumIgnored+v.NumTransformed == 0
 	if v.MaxDepth == 0 || isEqualBytes {
 		switch opts.DiffMode {
@@ -248,11 +246,11 @@ func (opts formatOptions) formatDiffList(recs []reportRecord, k reflect.Kind, pt
 				var isZero bool
 				switch opts.DiffMode {
 				case diffIdentical:
-					isZero = value.IsZero(r.Value.ValueX) || value.IsZero(r.Value.ValueY)
+					isZero = r.Value.ValueX.IsZero() || r.Value.ValueY.IsZero()
 				case diffRemoved:
-					isZero = value.IsZero(r.Value.ValueX)
+					isZero = r.Value.ValueX.IsZero()
 				case diffInserted:
-					isZero = value.IsZero(r.Value.ValueY)
+					isZero = r.Value.ValueY.IsZero()
 				}
 				if isZero {
 					continue

vendor/github.com/google/go-cmp/cmp/report_reflect.go

@@ -16,6 +16,13 @@ import (
 	"github.com/google/go-cmp/cmp/internal/value"
 )
 
+var (
+	anyType    = reflect.TypeOf((*interface{})(nil)).Elem()
+	stringType = reflect.TypeOf((*string)(nil)).Elem()
+	bytesType  = reflect.TypeOf((*[]byte)(nil)).Elem()
+	byteType   = reflect.TypeOf((*byte)(nil)).Elem()
+)
+
 type formatValueOptions struct {
 	// AvoidStringer controls whether to avoid calling custom stringer
 	// methods like error.Error or fmt.Stringer.String.
@@ -184,7 +191,7 @@ func (opts formatOptions) FormatValue(v reflect.Value, parentKind reflect.Kind,
 		}
 		for i := 0; i < v.NumField(); i++ {
 			vv := v.Field(i)
-			if value.IsZero(vv) {
+			if vv.IsZero() {
 				continue // Elide fields with zero values
 			}
 			if len(list) == maxLen {
@@ -205,7 +212,7 @@ func (opts formatOptions) FormatValue(v reflect.Value, parentKind reflect.Kind,
 		}
 
 		// Check whether this is a []byte of text data.
-		if t.Elem() == reflect.TypeOf(byte(0)) {
+		if t.Elem() == byteType {
 			b := v.Bytes()
 			isPrintSpace := func(r rune) bool { return unicode.IsPrint(r) || unicode.IsSpace(r) }
 			if len(b) > 0 && utf8.Valid(b) && len(bytes.TrimFunc(b, isPrintSpace)) == 0 {

vendor/github.com/google/go-cmp/cmp/report_slices.go

@@ -104,7 +104,7 @@ func (opts formatOptions) FormatDiffSlice(v *valueNode) textNode {
 	case t.Kind() == reflect.String:
 		sx, sy = vx.String(), vy.String()
 		isString = true
-	case t.Kind() == reflect.Slice && t.Elem() == reflect.TypeOf(byte(0)):
+	case t.Kind() == reflect.Slice && t.Elem() == byteType:
 		sx, sy = string(vx.Bytes()), string(vy.Bytes())
 		isString = true
 	case t.Kind() == reflect.Array:
@@ -147,7 +147,10 @@ func (opts formatOptions) FormatDiffSlice(v *valueNode) textNode {
 			})
 			efficiencyLines := float64(esLines.Dist()) / float64(len(esLines))
 			efficiencyBytes := float64(esBytes.Dist()) / float64(len(esBytes))
-			isPureLinedText = efficiencyLines < 4*efficiencyBytes
+			quotedLength := len(strconv.Quote(sx + sy))
+			unquotedLength := len(sx) + len(sy)
+			escapeExpansionRatio := float64(quotedLength) / float64(unquotedLength)
+			isPureLinedText = efficiencyLines < 4*efficiencyBytes || escapeExpansionRatio > 1.1
 		}
 	}
 
@@ -171,12 +174,13 @@ func (opts formatOptions) FormatDiffSlice(v *valueNode) textNode {
 		// differences in a string literal. This format is more readable,
 		// but has edge-cases where differences are visually indistinguishable.
 		// This format is avoided under the following conditions:
-		//	• A line starts with `"""`
+		//   - A line starts with `"""`
-		//	• A line starts with "..."
+		//   - A line starts with "..."
-		//	• A line contains non-printable characters
+		//   - A line contains non-printable characters
-		//	• Adjacent different lines differ only by whitespace
+		//   - Adjacent different lines differ only by whitespace
 		//
 		// For example:
+		//
 		//		"""
 		//		... // 3 identical lines
 		//		foo
@@ -231,7 +235,7 @@ func (opts formatOptions) FormatDiffSlice(v *valueNode) textNode {
 			var out textNode = &textWrap{Prefix: "(", Value: list2, Suffix: ")"}
 			switch t.Kind() {
 			case reflect.String:
-				if t != reflect.TypeOf(string("")) {
+				if t != stringType {
 					out = opts.FormatType(t, out)
 				}
 			case reflect.Slice:
@@ -326,12 +330,12 @@ func (opts formatOptions) FormatDiffSlice(v *valueNode) textNode {
 	switch t.Kind() {
 	case reflect.String:
 		out = &textWrap{Prefix: "strings.Join(", Value: out, Suffix: fmt.Sprintf(", %q)", delim)}
-		if t != reflect.TypeOf(string("")) {
+		if t != stringType {
 			out = opts.FormatType(t, out)
 		}
 	case reflect.Slice:
 		out = &textWrap{Prefix: "bytes.Join(", Value: out, Suffix: fmt.Sprintf(", %q)", delim)}
-		if t != reflect.TypeOf([]byte(nil)) {
+		if t != bytesType {
 			out = opts.FormatType(t, out)
 		}
 	}
@@ -446,7 +450,6 @@ func (opts formatOptions) formatDiffSlice(
 //		{NumIdentical: 3},
 //		{NumInserted: 1},
 //	]
-//
 func coalesceAdjacentEdits(name string, es diff.EditScript) (groups []diffStats) {
 	var prevMode byte
 	lastStats := func(mode byte) *diffStats {
@@ -503,7 +506,6 @@ func coalesceAdjacentEdits(name string, es diff.EditScript) (groups []diffStats)
 //		{NumIdentical: 8, NumRemoved: 12, NumInserted: 3},
 //		{NumIdentical: 63},
 //	]
-//
 func coalesceInterveningIdentical(groups []diffStats, windowSize int) []diffStats {
 	groups, groupsOrig := groups[:0], groups
 	for i, ds := range groupsOrig {
@@ -548,7 +550,6 @@ func coalesceInterveningIdentical(groups []diffStats, windowSize int) []diffStat
 //		{NumRemoved: 9},
 //		{NumIdentical: 64}, // incremented by 10
 //	]
-//
 func cleanupSurroundingIdentical(groups []diffStats, eq func(i, j int) bool) []diffStats {
 	var ix, iy int // indexes into sequence x and y
 	for i, ds := range groups {

vendor/github.com/google/go-cmp/cmp/report_text.go

@@ -393,6 +393,7 @@ func (s diffStats) Append(ds diffStats) diffStats {
 // String prints a humanly-readable summary of coalesced records.
 //
 // Example:
+//
 //	diffStats{Name: "Field", NumIgnored: 5}.String() => "5 ignored fields"
 func (s diffStats) String() string {
 	var ss []string

vendor/github.com/hashicorp/go-plugin/CHANGELOG.md

@@ -0,0 +1,19 @@
+## v1.4.5
+
+ENHANCEMENTS:
+
+* client: log warning when SecureConfig is nil [[GH-207](https://github.com/hashicorp/go-plugin/pull/207)]
+
+
+## v1.4.4
+
+ENHANCEMENTS:
+
+* client: increase level of plugin exit logs [[GH-195](https://github.com/hashicorp/go-plugin/pull/195)]
+
+BUG FIXES:
+
+* Bidirectional communication: fix bidirectional communication when AutoMTLS is enabled [[GH-193](https://github.com/hashicorp/go-plugin/pull/193)]
+* RPC: Trim a spurious log message for plugins using RPC [[GH-186](https://github.com/hashicorp/go-plugin/pull/186)]
+
+

vendor/github.com/hashicorp/go-plugin/README.md

@@ -3,8 +3,9 @@
 `go-plugin` is a Go (golang) plugin system over RPC. It is the plugin system
 that has been in use by HashiCorp tooling for over 4 years. While initially
 created for [Packer](https://www.packer.io), it is additionally in use by
-[Terraform](https://www.terraform.io), [Nomad](https://www.nomadproject.io), and
+[Terraform](https://www.terraform.io), [Nomad](https://www.nomadproject.io),
-[Vault](https://www.vaultproject.io).
+[Vault](https://www.vaultproject.io), and
+[Boundary](https://www.boundaryproject.io).
 
 While the plugin system is over RPC, it is currently only designed to work
 over a local [reliable] network. Plugins over a real network are not supported

vendor/github.com/hashicorp/go-plugin/client.go

@@ -547,7 +547,9 @@ func (c *Client) Start() (addr net.Addr, err error) {
 		return nil, err
 	}
 
-	if c.config.SecureConfig != nil {
+	if c.config.SecureConfig == nil {
+		c.logger.Warn("plugin configured with a nil SecureConfig")
+	} else {
 		if ok, err := c.config.SecureConfig.Check(cmd.Path); err != nil {
 			return nil, fmt.Errorf("error verifying checksum: %s", err)
 		} else if !ok {
@@ -574,6 +576,8 @@ func (c *Client) Start() (addr net.Addr, err error) {
 
 		c.config.TLSConfig = &tls.Config{
 			Certificates: []tls.Certificate{cert},
+			ClientAuth:   tls.RequireAndVerifyClientCert,
+			MinVersion:   tls.VersionTLS12,
 			ServerName:   "localhost",
 		}
 	}
@@ -629,17 +633,19 @@ func (c *Client) Start() (addr net.Addr, err error) {
 		// Wait for the command to end.
 		err := cmd.Wait()
 
-		debugMsgArgs := []interface{}{
+		msgArgs := []interface{}{
 			"path", path,
 			"pid", pid,
 		}
 		if err != nil {
-			debugMsgArgs = append(debugMsgArgs,
+			msgArgs = append(msgArgs,
 				[]interface{}{"error", err.Error()}...)
+			c.logger.Error("plugin process exited", msgArgs...)
+		} else {
+			// Log and make sure to flush the logs right away
+			c.logger.Info("plugin process exited", msgArgs...)
 		}
 
-		// Log and make sure to flush the logs write away
-		c.logger.Debug("plugin process exited", debugMsgArgs...)
 		os.Stderr.Sync()
 
 		// Set that we exited, which takes a lock
@@ -774,7 +780,7 @@ func (c *Client) Start() (addr net.Addr, err error) {
 }
 
 // loadServerCert is used by AutoMTLS to read an x.509 cert returned by the
-// server, and load it as the RootCA for the client TLSConfig.
+// server, and load it as the RootCA and ClientCA for the client TLSConfig.
 func (c *Client) loadServerCert(cert string) error {
 	certPool := x509.NewCertPool()
 
@@ -791,6 +797,7 @@ func (c *Client) loadServerCert(cert string) error {
 	certPool.AddCert(x509Cert)
 
 	c.config.TLSConfig.RootCAs = certPool
+	c.config.TLSConfig.ClientCAs = certPool
 	return nil
 }
 

vendor/github.com/hashicorp/go-plugin/process_posix.go

@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package plugin

vendor/github.com/hashicorp/go-plugin/rpc_server.go

@@ -45,7 +45,11 @@ func (s *RPCServer) Serve(lis net.Listener) {
 	for {
 		conn, err := lis.Accept()
 		if err != nil {
-			log.Printf("[ERR] plugin: plugin server: %s", err)
+			severity := "ERR"
+			if errors.Is(err, net.ErrClosed) {
+				severity = "DEBUG"
+			}
+			log.Printf("[%s] plugin: plugin server: %s", severity, err)
 			return
 		}
 

vendor/github.com/hashicorp/go-plugin/server.go

@@ -304,13 +304,13 @@ func Serve(opts *ServeConfig) {
 
 		certPEM, keyPEM, err := generateCert()
 		if err != nil {
-			logger.Error("failed to generate client certificate", "error", err)
+			logger.Error("failed to generate server certificate", "error", err)
 			panic(err)
 		}
 
 		cert, err := tls.X509KeyPair(certPEM, keyPEM)
 		if err != nil {
-			logger.Error("failed to parse client certificate", "error", err)
+			logger.Error("failed to parse server certificate", "error", err)
 			panic(err)
 		}
 
@@ -319,6 +319,8 @@ func Serve(opts *ServeConfig) {
 			ClientAuth:   tls.RequireAndVerifyClientCert,
 			ClientCAs:    clientCertPool,
 			MinVersion:   tls.VersionTLS12,
+			RootCAs:      clientCertPool,
+			ServerName:   "localhost",
 		}
 
 		// We send back the raw leaf cert data for the client rather than the

vendor/github.com/hashicorp/vault/api/LICENSE

@@ -1,3 +1,5 @@
+Copyright (c) 2015 HashiCorp, Inc.
+
 Mozilla Public License, version 2.0
 
 1. Definitions

vendor/github.com/hashicorp/vault/api/logical.go

@@ -65,23 +65,7 @@ func (c *Logical) ReadWithDataWithContext(ctx context.Context, path string, data
 	ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
 	defer cancelFunc()
 
-	r := c.c.NewRequest(http.MethodGet, "/v1/"+path)
+	resp, err := c.readRawWithDataWithContext(ctx, path, data)
-
-	var values url.Values
-	for k, v := range data {
-		if values == nil {
-			values = make(url.Values)
-		}
-		for _, val := range v {
-			values.Add(k, val)
-		}
-	}
-
-	if values != nil {
-		r.Params = values
-	}
-
-	resp, err := c.c.rawRequestWithContext(ctx, r)
 	if resp != nil {
 		defer resp.Body.Close()
 	}
@@ -106,6 +90,41 @@ func (c *Logical) ReadWithDataWithContext(ctx context.Context, path string, data
 	return ParseSecret(resp.Body)
 }
 
+func (c *Logical) ReadRaw(path string) (*Response, error) {
+	return c.ReadRawWithData(path, nil)
+}
+
+func (c *Logical) ReadRawWithData(path string, data map[string][]string) (*Response, error) {
+	return c.ReadRawWithDataWithContext(context.Background(), path, data)
+}
+
+func (c *Logical) ReadRawWithDataWithContext(ctx context.Context, path string, data map[string][]string) (*Response, error) {
+	ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
+	defer cancelFunc()
+
+	return c.readRawWithDataWithContext(ctx, path, data)
+}
+
+func (c *Logical) readRawWithDataWithContext(ctx context.Context, path string, data map[string][]string) (*Response, error) {
+	r := c.c.NewRequest(http.MethodGet, "/v1/"+path)
+
+	var values url.Values
+	for k, v := range data {
+		if values == nil {
+			values = make(url.Values)
+		}
+		for _, val := range v {
+			values.Add(k, val)
+		}
+	}
+
+	if values != nil {
+		r.Params = values
+	}
+
+	return c.c.RawRequestWithContext(ctx, r)
+}
+
 func (c *Logical) List(path string) (*Secret, error) {
 	return c.ListWithContext(context.Background(), path)
 }

vendor/github.com/onsi/gomega/.gitignore

@@ -3,3 +3,4 @@
 .
 .idea
 gomega.iml
+TODO.md

vendor/github.com/onsi/gomega/CHANGELOG.md

@@ -1,3 +1,23 @@
+## 1.23.0
+
+### Features
+- Custom formatting on a per-type basis can be provided using `format.RegisterCustomFormatter()` -- see the docs [here](https://onsi.github.io/gomega/#adjusting-output)
+
+- Substantial improvement have been made to `StopTrying()`:
+  - Users can now use `StopTrying().Wrap(err)` to wrap errors and `StopTrying().Attach(description, object)` to attach arbitrary objects to the `StopTrying()` error
+  - `StopTrying()` is now always interpreted as a failure.  If you are an early adopter of `StopTrying()` you may need to change your code as the prior version would match against the returned value even if `StopTrying()` was returned.  Going forward the `StopTrying()` api should remain stable.
+  - `StopTrying()` and `StopTrying().Now()` can both be used in matchers - not just polled functions.
+
+- `TryAgainAfter(duration)` is used like `StopTrying()` but instructs `Eventually` and `Consistently` that the poll should be tried again after the specified duration.  This allows you to dynamically adjust the polling duration.
+
+- `ctx` can now be passed-in as the first argument to `Eventually` and `Consistently`.
+
+## Maintenance
+
+- Bump github.com/onsi/ginkgo/v2 from 2.3.0 to 2.3.1 (#597) [afed901]
+- Bump nokogiri from 1.13.8 to 1.13.9 in /docs (#599) [7c691b3]
+- Bump github.com/google/go-cmp from 0.5.8 to 0.5.9 (#587) [ff22665]
+
 ## 1.22.1
 
 ## Fixes

vendor/github.com/onsi/gomega/format/format.go

@@ -65,6 +65,52 @@ type GomegaStringer interface {
 	GomegaString() string
 }
 
+/*
+CustomFormatters can be registered with Gomega via RegisterCustomFormatter()
+Any value to be rendered by Gomega is passed to each registered CustomFormatters.
+The CustomFormatter signals that it will handle formatting the value by returning (formatted-string, true)
+If the CustomFormatter does not want to handle the object it should return ("", false)
+
+Strings returned by CustomFormatters are not truncated
+*/
+type CustomFormatter func(value interface{}) (string, bool)
+type CustomFormatterKey uint
+
+var customFormatterKey CustomFormatterKey = 1
+
+type customFormatterKeyPair struct {
+	CustomFormatter
+	CustomFormatterKey
+}
+
+/*
+RegisterCustomFormatter registers a CustomFormatter and returns a CustomFormatterKey
+
+You can call UnregisterCustomFormatter with the returned key to unregister the associated CustomFormatter
+*/
+func RegisterCustomFormatter(customFormatter CustomFormatter) CustomFormatterKey {
+	key := customFormatterKey
+	customFormatterKey += 1
+	customFormatters = append(customFormatters, customFormatterKeyPair{customFormatter, key})
+	return key
+}
+
+/*
+UnregisterCustomFormatter unregisters a previously registered CustomFormatter.  You should pass in the key returned by RegisterCustomFormatter
+*/
+func UnregisterCustomFormatter(key CustomFormatterKey) {
+	formatters := []customFormatterKeyPair{}
+	for _, f := range customFormatters {
+		if f.CustomFormatterKey == key {
+			continue
+		}
+		formatters = append(formatters, f)
+	}
+	customFormatters = formatters
+}
+
+var customFormatters = []customFormatterKeyPair{}
+
 /*
 Generates a formatted matcher success/failure message of the form:
 
@@ -219,17 +265,24 @@ func Object(object interface{}, indentation uint) string {
 IndentString takes a string and indents each line by the specified amount.
 */
 func IndentString(s string, indentation uint) string {
+	return indentString(s, indentation, true)
+}
+
+func indentString(s string, indentation uint, indentFirstLine bool) string {
+	result := &strings.Builder{}
 	components := strings.Split(s, "\n")
-	result := ""
 	indent := strings.Repeat(Indent, int(indentation))
 	for i, component := range components {
-		result += indent + component
+		if i > 0 || indentFirstLine {
+			result.WriteString(indent)
+		}
+		result.WriteString(component)
 		if i < len(components)-1 {
-			result += "\n"
+			result.WriteString("\n")
 		}
 	}
 
-	return result
+	return result.String()
 }
 
 func formatType(v reflect.Value) string {
@@ -261,18 +314,27 @@ func formatValue(value reflect.Value, indentation uint) string {
 	if value.CanInterface() {
 		obj := value.Interface()
 
+		// if a CustomFormatter handles this values, we'll go with that
+		for _, customFormatter := range customFormatters {
+			formatted, handled := customFormatter.CustomFormatter(obj)
+			// do not truncate a user-provided CustomFormatter()
+			if handled {
+				return indentString(formatted, indentation+1, false)
+			}
+		}
+
 		// GomegaStringer will take precedence to other representations and disregards UseStringerRepresentation
 		if x, ok := obj.(GomegaStringer); ok {
-			// do not truncate a user-defined GoMegaString() value
+			// do not truncate a user-defined GomegaString() value
-			return x.GomegaString()
+			return indentString(x.GomegaString(), indentation+1, false)
 		}
 
 		if UseStringerRepresentation {
 			switch x := obj.(type) {
 			case fmt.GoStringer:
-				return truncateLongStrings(x.GoString())
+				return indentString(truncateLongStrings(x.GoString()), indentation+1, false)
 			case fmt.Stringer:
-				return truncateLongStrings(x.String())
+				return indentString(truncateLongStrings(x.String()), indentation+1, false)
 			}
 		}
 	}

vendor/github.com/onsi/gomega/gomega_dsl.go

@@ -22,7 +22,7 @@ import (
 	"github.com/onsi/gomega/types"
 )
 
-const GOMEGA_VERSION = "1.22.1"
+const GOMEGA_VERSION = "1.23.0"
 
 const nilGomegaPanic = `You are trying to make an assertion, but haven't registered Gomega's fail handler.
 If you're using Ginkgo then you probably forgot to put your assertion in an It().
@@ -171,6 +171,7 @@ func ensureDefaultGomegaIsConfigured() {
 }
 
 // Ω wraps an actual value allowing assertions to be made on it:
+//
 //	Ω("foo").Should(Equal("foo"))
 //
 // If Ω is passed more than one argument it will pass the *first* argument to the matcher.
@@ -180,10 +181,13 @@ func ensureDefaultGomegaIsConfigured() {
 // a value and an error - a common patter in Go.
 //
 // For example, given a function with signature:
+//
 //	func MyAmazingThing() (int, error)
 //
 // Then:
+//
 //	Ω(MyAmazingThing()).Should(Equal(3))
+//
 // Will succeed only if `MyAmazingThing()` returns `(3, nil)`
 //
 // Ω and Expect are identical
@@ -193,6 +197,7 @@ func Ω(actual interface{}, extra ...interface{}) Assertion {
 }
 
 // Expect wraps an actual value allowing assertions to be made on it:
+//
 //	Expect("foo").To(Equal("foo"))
 //
 // If Expect is passed more than one argument it will pass the *first* argument to the matcher.
@@ -202,10 +207,13 @@ func Ω(actual interface{}, extra ...interface{}) Assertion {
 // a value and an error - a common patter in Go.
 //
 // For example, given a function with signature:
+//
 //	func MyAmazingThing() (int, error)
 //
 // Then:
+//
 //	Expect(MyAmazingThing()).Should(Equal(3))
+//
 // Will succeed only if `MyAmazingThing()` returns `(3, nil)`
 //
 // Expect and Ω are identical
@@ -215,6 +223,7 @@ func Expect(actual interface{}, extra ...interface{}) Assertion {
 }
 
 // ExpectWithOffset wraps an actual value allowing assertions to be made on it:
+//
 //	ExpectWithOffset(1, "foo").To(Equal("foo"))
 //
 // Unlike `Expect` and `Ω`, `ExpectWithOffset` takes an additional integer argument
@@ -279,25 +288,29 @@ For example:
 If multiple values are returned by the function, Eventually will pass the first value to the matcher and require that all others are zero-valued.  This allows you to pass Eventually a function that returns a value and an error - a common pattern in Go.
 
 For example, consider a method that returns a value and an error:
+
 	func FetchFromDB() (string, error)
 
 Then
+
 	Eventually(FetchFromDB).Should(Equal("got it"))
 
 will pass only if and when the returned error is nil *and* the returned string satisfies the matcher.
 
 Eventually can also accept functions that take arguments, however you must provide those arguments using .WithArguments().  For example, consider a function that takes a user-id and makes a network request to fetch a full name:
+
 	func FetchFullName(userId int) (string, error)
 
 You can poll this function like so:
+
 	Eventually(FetchFullName).WithArguments(1138).Should(Equal("Wookie"))
 
 It is important to note that the function passed into Eventually is invoked *synchronously* when polled.  Eventually does not (in fact, it cannot) kill the function if it takes longer to return than Eventually's configured timeout.  A common practice here is to use a context.  Here's an example that combines Ginkgo's spec timeout support with Eventually:
 
 	It("fetches the correct count", func(ctx SpecContext) {
-		Eventually(func() int {
+		Eventually(ctx, func() int {
 			return client.FetchCount(ctx, "/users")
-		}, ctx).Should(BeNumerically(">=", 17))
+		}).Should(BeNumerically(">=", 17))
 	}, SpecTimeout(time.Second))
 
 you an also use Eventually().WithContext(ctx) to pass in the context.  Passed-in contexts play nicely with paseed-in arguments as long as the context appears first.  You can rewrite the above example as:
@@ -355,9 +368,9 @@ is equivalent to
 
 	Eventually(...).WithTimeout(time.Second).WithPolling(2*time.Second).WithContext(ctx).Should(...)
 */
-func Eventually(actual interface{}, args ...interface{}) AsyncAssertion {
+func Eventually(args ...interface{}) AsyncAssertion {
 	ensureDefaultGomegaIsConfigured()
-	return Default.Eventually(actual, args...)
+	return Default.Eventually(args...)
 }
 
 // EventuallyWithOffset operates like Eventually but takes an additional
@@ -369,9 +382,9 @@ func Eventually(actual interface{}, args ...interface{}) AsyncAssertion {
 // `EventuallyWithOffset` specifying a timeout interval (and an optional polling interval) are
 // the same as `Eventually(...).WithOffset(...).WithTimeout` or
 // `Eventually(...).WithOffset(...).WithTimeout(...).WithPolling`.
-func EventuallyWithOffset(offset int, actual interface{}, args ...interface{}) AsyncAssertion {
+func EventuallyWithOffset(offset int, args ...interface{}) AsyncAssertion {
 	ensureDefaultGomegaIsConfigured()
-	return Default.EventuallyWithOffset(offset, actual, args...)
+	return Default.EventuallyWithOffset(offset, args...)
 }
 
 /*
@@ -389,9 +402,9 @@ Consistently is useful in cases where you want to assert that something *does no
 
 This will block for 200 milliseconds and repeatedly check the channel and ensure nothing has been received.
 */
-func Consistently(actual interface{}, args ...interface{}) AsyncAssertion {
+func Consistently(args ...interface{}) AsyncAssertion {
 	ensureDefaultGomegaIsConfigured()
-	return Default.Consistently(actual, args...)
+	return Default.Consistently(args...)
 }
 
 // ConsistentlyWithOffset operates like Consistently but takes an additional
@@ -400,44 +413,54 @@ func Consistently(actual interface{}, args ...interface{}) AsyncAssertion {
 //
 // `ConsistentlyWithOffset` is the same as `Consistently(...).WithOffset` and
 // optional `WithTimeout` and `WithPolling`.
-func ConsistentlyWithOffset(offset int, actual interface{}, args ...interface{}) AsyncAssertion {
+func ConsistentlyWithOffset(offset int, args ...interface{}) AsyncAssertion {
 	ensureDefaultGomegaIsConfigured()
-	return Default.ConsistentlyWithOffset(offset, actual, args...)
+	return Default.ConsistentlyWithOffset(offset, args...)
 }
 
 /*
-StopTrying can be used to signal to Eventually and Consistently that the polled function will not change
+StopTrying can be used to signal to Eventually and Consistentlythat they should abort and stop trying.  This always results in a failure of the assertion - and the failure message is the content of the StopTrying signal.
-and that they should stop trying.  In the case of Eventually, if a match does not occur in this, final, iteration then a failure will result.  In the case of Consistently, as long as this last iteration satisfies the match, the assertion will be considered successful.
 
-You can send the StopTrying signal by either returning a StopTrying("message") messages as an error from your passed-in function  _or_ by calling StopTrying("message").Now() to trigger a panic and end execution.
+You can send the StopTrying signal by either returning StopTrying("message") as an error from your passed-in function _or_ by calling StopTrying("message").Now() to trigger a panic and end execution.
+
+You can also wrap StopTrying around an error with `StopTrying("message").Wrap(err)` and can attach additional objects via `StopTrying("message").Attach("description", object).  When rendered, the signal will include the wrapped error and any attached objects rendered using Gomega's default formatting.
 
 Here are a couple of examples.  This is how you might use StopTrying() as an error to signal that Eventually should stop:
 
 	playerIndex, numPlayers := 0, 11
 	Eventually(func() (string, error) {
+	    if playerIndex == numPlayers {
+	        return "", StopTrying("no more players left")
+	    }
 	    name := client.FetchPlayer(playerIndex)
 	    playerIndex += 1
-		if playerIndex == numPlayers {
-			return name, StopTrying("No more players left")
-		} else {
 	    return name, nil
-		}
 	}).Should(Equal("Patrick Mahomes"))
 
-note that the final `name` returned alongside `StopTrying()` will be processed.
-
 And here's an example where `StopTrying().Now()` is called to halt execution immediately:
 
 	Eventually(func() []string {
 		names, err := client.FetchAllPlayers()
 		if err == client.IRRECOVERABLE_ERROR {
-			StopTrying("Irrecoverable error occurred").Now()
+			StopTrying("Irrecoverable error occurred").Wrap(err).Now()
 		}
 		return names
 	}).Should(ContainElement("Patrick Mahomes"))
 */
 var StopTrying = internal.StopTrying
 
+/*
+TryAgainAfter(<duration>) allows you to adjust the polling interval for the _next_ iteration of `Eventually` or `Consistently`.  Like `StopTrying` you can either return `TryAgainAfter` as an error or trigger it immedieately with `.Now()`
+
+When `TryAgainAfter(<duration>` is triggered `Eventually` and `Consistently` will wait for that duration.  If a timeout occurs before the next poll is triggered both `Eventually` and `Consistently` will always fail with the content of the TryAgainAfter message.  As with StopTrying you can `.Wrap()` and error and `.Attach()` additional objects to `TryAgainAfter`.
+*/
+var TryAgainAfter = internal.TryAgainAfter
+
+/*
+PollingSignalError is the error returned by StopTrying() and TryAgainAfter()
+*/
+type PollingSignalError = internal.PollingSignalError
+
 // SetDefaultEventuallyTimeout sets the default timeout duration for Eventually. Eventually will repeatedly poll your condition until it succeeds, or until this timeout elapses.
 func SetDefaultEventuallyTimeout(t time.Duration) {
 	Default.SetDefaultEventuallyTimeout(t)

vendor/github.com/onsi/gomega/internal/assertion.go

@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"reflect"
 
+	"github.com/onsi/gomega/format"
 	"github.com/onsi/gomega/types"
 )
 
@@ -146,7 +147,12 @@ func vetActuals(actuals []interface{}, skipIndex int) (bool, string) {
 		if actual != nil {
 			zeroValue := reflect.Zero(reflect.TypeOf(actual)).Interface()
 			if !reflect.DeepEqual(zeroValue, actual) {
-				message := fmt.Sprintf("Unexpected non-nil/non-zero argument at index %d:\n\t<%T>: %#v", i, actual, actual)
+				var message string
+				if err, ok := actual.(error); ok {
+					message = fmt.Sprintf("Unexpected error: %s\n%s", err, format.Object(err, 1))
+				} else {
+					message = fmt.Sprintf("Unexpected non-nil/non-zero argument at index %d:\n\t<%T>: %#v", i, actual, actual)
+				}
 				return false, message
 			}
 		}

vendor/github.com/onsi/gomega/internal/async_assertion.go

@@ -2,58 +2,22 @@ package internal
 
 import (
 	"context"
-	"errors"
 	"fmt"
 	"reflect"
 	"runtime"
 	"sync"
 	"time"
 
+	"github.com/onsi/gomega/format"
 	"github.com/onsi/gomega/types"
 )
 
-type StopTryingError interface {
+var errInterface = reflect.TypeOf((*error)(nil)).Elem()
-	error
+var gomegaType = reflect.TypeOf((*types.Gomega)(nil)).Elem()
-	Now()
+var contextType = reflect.TypeOf(new(context.Context)).Elem()
-	wasViaPanic() bool
-}
 
-func asStopTryingError(actual interface{}) (StopTryingError, bool) {
+type contextWithAttachProgressReporter interface {
-	if actual == nil {
+	AttachProgressReporter(func() string) func()
-		return nil, false
-	}
-	if actualErr, ok := actual.(error); ok {
-		var target *stopTryingError
-		if errors.As(actualErr, &target) {
-			return target, true
-		} else {
-			return nil, false
-		}
-	}
-
-	return nil, false
-}
-
-type stopTryingError struct {
-	message  string
-	viaPanic bool
-}
-
-func (s *stopTryingError) Error() string {
-	return s.message
-}
-
-func (s *stopTryingError) Now() {
-	s.viaPanic = true
-	panic(s)
-}
-
-func (s *stopTryingError) wasViaPanic() bool {
-	return s.viaPanic
-}
-
-var StopTrying = func(message string) StopTryingError {
-	return &stopTryingError{message: message}
 }
 
 type AsyncAssertionType uint
@@ -164,39 +128,40 @@ func (assertion *AsyncAssertion) buildDescription(optionalDescription ...interfa
 	return fmt.Sprintf(optionalDescription[0].(string), optionalDescription[1:]...) + "\n"
 }
 
-func (assertion *AsyncAssertion) processReturnValues(values []reflect.Value) (interface{}, error, StopTryingError) {
+func (assertion *AsyncAssertion) processReturnValues(values []reflect.Value) (interface{}, error) {
-	var err error
-	var stopTrying StopTryingError
-
 	if len(values) == 0 {
-		return nil, fmt.Errorf("No values were returned by the function passed to Gomega"), stopTrying
+		return nil, fmt.Errorf("No values were returned by the function passed to Gomega")
 	}
+
 	actual := values[0].Interface()
-	if stopTryingErr, ok := asStopTryingError(actual); ok {
+	if _, ok := AsPollingSignalError(actual); ok {
-		stopTrying = stopTryingErr
+		return actual, actual.(error)
 	}
+
+	var err error
 	for i, extraValue := range values[1:] {
 		extra := extraValue.Interface()
 		if extra == nil {
 			continue
 		}
-		if stopTryingErr, ok := asStopTryingError(extra); ok {
+		if _, ok := AsPollingSignalError(extra); ok {
-			stopTrying = stopTryingErr
+			return actual, extra.(error)
-			continue
 		}
-		zero := reflect.Zero(reflect.TypeOf(extra)).Interface()
+		extraType := reflect.TypeOf(extra)
+		zero := reflect.Zero(extraType).Interface()
 		if reflect.DeepEqual(extra, zero) {
 			continue
 		}
+		if i == len(values)-2 && extraType.Implements(errInterface) {
+			err = fmt.Errorf("function returned error: %w", extra.(error))
+		}
 		if err == nil {
-			err = fmt.Errorf("Unexpected non-nil/non-zero argument at index %d:\n\t<%T>: %#v", i+1, extra, extra)
+			err = fmt.Errorf("Unexpected non-nil/non-zero return value at index %d:\n\t<%T>: %#v", i+1, extra, extra)
 		}
 	}
-	return actual, err, stopTrying
-}
 
-var gomegaType = reflect.TypeOf((*types.Gomega)(nil)).Elem()
+	return actual, err
-var contextType = reflect.TypeOf(new(context.Context)).Elem()
+}
 
 func (assertion *AsyncAssertion) invalidFunctionError(t reflect.Type) error {
 	return fmt.Errorf(`The function passed to %s had an invalid signature of %s.  Functions passed to %s must either:
@@ -226,9 +191,9 @@ You can learn more at https://onsi.github.io/gomega/#eventually
 `, assertion.asyncType, t, t.NumIn(), numProvided, have, assertion.asyncType)
 }
 
-func (assertion *AsyncAssertion) buildActualPoller() (func() (interface{}, error, StopTryingError), error) {
+func (assertion *AsyncAssertion) buildActualPoller() (func() (interface{}, error), error) {
 	if !assertion.actualIsFunc {
-		return func() (interface{}, error, StopTryingError) { return assertion.actual, nil, nil }, nil
+		return func() (interface{}, error) { return assertion.actual, nil }, nil
 	}
 	actualValue := reflect.ValueOf(assertion.actual)
 	actualType := reflect.TypeOf(assertion.actual)
@@ -236,23 +201,11 @@ func (assertion *AsyncAssertion) buildActualPoller() (func() (interface{}, error
 
 	if numIn == 0 && numOut == 0 {
 		return nil, assertion.invalidFunctionError(actualType)
-	} else if numIn == 0 {
-		return func() (actual interface{}, err error, stopTrying StopTryingError) {
-			defer func() {
-				if e := recover(); e != nil {
-					if stopTryingErr, ok := asStopTryingError(e); ok {
-						stopTrying = stopTryingErr
-					} else {
-						panic(e)
 	}
+	takesGomega, takesContext := false, false
+	if numIn > 0 {
+		takesGomega, takesContext = actualType.In(0).Implements(gomegaType), actualType.In(0).Implements(contextType)
 	}
-			}()
-
-			actual, err, stopTrying = assertion.processReturnValues(actualValue.Call([]reflect.Value{}))
-			return
-		}, nil
-	}
-	takesGomega, takesContext := actualType.In(0).Implements(gomegaType), actualType.In(0).Implements(contextType)
 	if takesGomega && numIn > 1 && actualType.In(1).Implements(contextType) {
 		takesContext = true
 	}
@@ -292,21 +245,22 @@ func (assertion *AsyncAssertion) buildActualPoller() (func() (interface{}, error
 		return nil, assertion.argumentMismatchError(actualType, len(inValues))
 	}
 
-	return func() (actual interface{}, err error, stopTrying StopTryingError) {
+	return func() (actual interface{}, err error) {
 		var values []reflect.Value
 		assertionFailure = nil
 		defer func() {
-			if numOut == 0 {
+			if numOut == 0 && takesGomega {
 				actual = assertionFailure
 			} else {
-				actual, err, stopTrying = assertion.processReturnValues(values)
+				actual, err = assertion.processReturnValues(values)
-				if assertionFailure != nil {
+				_, isAsyncError := AsPollingSignalError(err)
+				if assertionFailure != nil && !isAsyncError {
 					err = assertionFailure
 				}
 			}
 			if e := recover(); e != nil {
-				if stopTryingErr, ok := asStopTryingError(e); ok {
+				if _, isAsyncError := AsPollingSignalError(e); isAsyncError {
-					stopTrying = stopTryingErr
+					err = e.(error)
 				} else if assertionFailure == nil {
 					panic(e)
 				}
@@ -317,13 +271,6 @@ func (assertion *AsyncAssertion) buildActualPoller() (func() (interface{}, error
 	}, nil
 }
 
-func (assertion *AsyncAssertion) matcherSaysStopTrying(matcher types.GomegaMatcher, value interface{}) StopTryingError {
-	if assertion.actualIsFunc || types.MatchMayChangeInTheFuture(matcher, value) {
-		return nil
-	}
-	return StopTrying("No future change is possible.  Bailing out early")
-}
-
 func (assertion *AsyncAssertion) afterTimeout() <-chan time.Time {
 	if assertion.timeoutInterval >= 0 {
 		return time.After(assertion.timeoutInterval)
@@ -351,8 +298,27 @@ func (assertion *AsyncAssertion) afterPolling() <-chan time.Time {
 	}
 }
 
-type contextWithAttachProgressReporter interface {
+func (assertion *AsyncAssertion) matcherSaysStopTrying(matcher types.GomegaMatcher, value interface{}) bool {
-	AttachProgressReporter(func() string) func()
+	if assertion.actualIsFunc || types.MatchMayChangeInTheFuture(matcher, value) {
+		return false
+	}
+	return true
+}
+
+func (assertion *AsyncAssertion) pollMatcher(matcher types.GomegaMatcher, value interface{}) (matches bool, err error) {
+	defer func() {
+		if e := recover(); e != nil {
+			if _, isAsyncError := AsPollingSignalError(e); isAsyncError {
+				err = e.(error)
+			} else {
+				panic(e)
+			}
+		}
+	}()
+
+	matches, err = matcher.Match(value)
+
+	return
 }
 
 func (assertion *AsyncAssertion) match(matcher types.GomegaMatcher, desiredMatch bool, optionalDescription ...interface{}) bool {
@@ -362,6 +328,7 @@ func (assertion *AsyncAssertion) match(matcher types.GomegaMatcher, desiredMatch
 
 	var matches bool
 	var err error
+	var oracleMatcherSaysStop bool
 
 	assertion.g.THelper()
 
@@ -371,22 +338,27 @@ func (assertion *AsyncAssertion) match(matcher types.GomegaMatcher, desiredMatch
 		return false
 	}
 
-	value, err, stopTrying := pollActual()
+	value, err := pollActual()
 	if err == nil {
-		if stopTrying == nil {
+		oracleMatcherSaysStop = assertion.matcherSaysStopTrying(matcher, value)
-			stopTrying = assertion.matcherSaysStopTrying(matcher, value)
+		matches, err = assertion.pollMatcher(matcher, value)
-		}
-		matches, err = matcher.Match(value)
 	}
 
 	messageGenerator := func() string {
 		// can be called out of band by Ginkgo if the user requests a progress report
 		lock.Lock()
 		defer lock.Unlock()
-		errMsg := ""
 		message := ""
 		if err != nil {
-			errMsg = "Error: " + err.Error()
+			if pollingSignalErr, ok := AsPollingSignalError(err); ok && pollingSignalErr.IsStopTrying() {
+				message = err.Error()
+				for _, attachment := range pollingSignalErr.Attachments {
+					message += fmt.Sprintf("\n%s:\n", attachment.Description)
+					message += format.Object(attachment.Object, 1)
+				}
+			} else {
+				message = "Error: " + err.Error() + "\n" + format.Object(err, 1)
+			}
 		} else {
 			if desiredMatch {
 				message = matcher.FailureMessage(value)
@@ -395,7 +367,7 @@ func (assertion *AsyncAssertion) match(matcher types.GomegaMatcher, desiredMatch
 			}
 		}
 		description := assertion.buildDescription(optionalDescription...)
-		return fmt.Sprintf("%s%s%s", description, message, errMsg)
+		return fmt.Sprintf("%s%s", description, message)
 	}
 
 	fail := func(preamble string) {
@@ -412,84 +384,72 @@ func (assertion *AsyncAssertion) match(matcher types.GomegaMatcher, desiredMatch
 		}
 	}
 
-	if assertion.asyncType == AsyncAssertionTypeEventually {
 	for {
+		var nextPoll <-chan time.Time = nil
+		var isTryAgainAfterError = false
+
+		if pollingSignalErr, ok := AsPollingSignalError(err); ok {
+			if pollingSignalErr.IsStopTrying() {
+				fail("Told to stop trying")
+				return false
+			}
+			if pollingSignalErr.IsTryAgainAfter() {
+				nextPoll = time.After(pollingSignalErr.TryAgainDuration())
+				isTryAgainAfterError = true
+			}
+		}
+
 		if err == nil && matches == desiredMatch {
+			if assertion.asyncType == AsyncAssertionTypeEventually {
 				return true
 			}
-
+		} else if !isTryAgainAfterError {
-			if stopTrying != nil {
+			if assertion.asyncType == AsyncAssertionTypeConsistently {
-				fail(stopTrying.Error() + " -")
-				return false
-			}
-
-			select {
-			case <-assertion.afterPolling():
-				v, e, st := pollActual()
-				if st != nil && st.wasViaPanic() {
-					// we were told to stop trying via panic - which means we dont' have reasonable new values
-					// we should simply use the old values and exit now
-					fail(st.Error() + " -")
-					return false
-				}
-				lock.Lock()
-				value, err, stopTrying = v, e, st
-				lock.Unlock()
-				if err == nil {
-					if stopTrying == nil {
-						stopTrying = assertion.matcherSaysStopTrying(matcher, value)
-					}
-					matches, e = matcher.Match(value)
-					lock.Lock()
-					err = e
-					lock.Unlock()
-				}
-			case <-contextDone:
-				fail("Context was cancelled")
-				return false
-			case <-timeout:
-				fail("Timed out")
-				return false
-			}
-		}
-	} else if assertion.asyncType == AsyncAssertionTypeConsistently {
-		for {
-			if !(err == nil && matches == desiredMatch) {
 				fail("Failed")
 				return false
 			}
+		}
 
-			if stopTrying != nil {
+		if oracleMatcherSaysStop {
+			if assertion.asyncType == AsyncAssertionTypeEventually {
+				fail("No future change is possible.  Bailing out early")
+				return false
+			} else {
 				return true
 			}
+		}
+
+		if nextPoll == nil {
+			nextPoll = assertion.afterPolling()
+		}
 
 		select {
-			case <-assertion.afterPolling():
+		case <-nextPoll:
-				v, e, st := pollActual()
+			v, e := pollActual()
-				if st != nil && st.wasViaPanic() {
-					// we were told to stop trying via panic - which means we made it this far and should return successfully
-					return true
-				}
 			lock.Lock()
-				value, err, stopTrying = v, e, st
+			value, err = v, e
 			lock.Unlock()
 			if err == nil {
-					if stopTrying == nil {
+				oracleMatcherSaysStop = assertion.matcherSaysStopTrying(matcher, value)
-						stopTrying = assertion.matcherSaysStopTrying(matcher, value)
+				m, e := assertion.pollMatcher(matcher, value)
-					}
-					matches, e = matcher.Match(value)
 				lock.Lock()
-					err = e
+				matches, err = m, e
 				lock.Unlock()
 			}
 		case <-contextDone:
 			fail("Context was cancelled")
 			return false
 		case <-timeout:
+			if assertion.asyncType == AsyncAssertionTypeEventually {
+				fail("Timed out")
+				return false
+			} else {
+				if isTryAgainAfterError {
+					fail("Timed out while waiting on TryAgainAfter")
+					return false
+				}
 				return true
 			}
 		}
 	}
-
-	return false
 }

vendor/github.com/onsi/gomega/internal/duration_bundle.go

@@ -44,28 +44,28 @@ func durationFromEnv(key string, defaultDuration time.Duration) time.Duration {
 	return duration
 }
 
-func toDuration(input interface{}) time.Duration {
+func toDuration(input interface{}) (time.Duration, error) {
 	duration, ok := input.(time.Duration)
 	if ok {
-		return duration
+		return duration, nil
 	}
 
 	value := reflect.ValueOf(input)
 	kind := reflect.TypeOf(input).Kind()
 
 	if reflect.Int <= kind && kind <= reflect.Int64 {
-		return time.Duration(value.Int()) * time.Second
+		return time.Duration(value.Int()) * time.Second, nil
 	} else if reflect.Uint <= kind && kind <= reflect.Uint64 {
-		return time.Duration(value.Uint()) * time.Second
+		return time.Duration(value.Uint()) * time.Second, nil
 	} else if reflect.Float32 <= kind && kind <= reflect.Float64 {
-		return time.Duration(value.Float() * float64(time.Second))
+		return time.Duration(value.Float() * float64(time.Second)), nil
 	} else if reflect.String == kind {
 		duration, err := time.ParseDuration(value.String())
 		if err != nil {
-			panic(fmt.Sprintf("%#v is not a valid parsable duration string.", input))
+			return 0, fmt.Errorf("%#v is not a valid parsable duration string: %w", input, err)
 		}
-		return duration
+		return duration, nil
 	}
 
-	panic(fmt.Sprintf("%v is not a valid interval.  Must be time.Duration, parsable duration string or a number.", input))
+	return 0, fmt.Errorf("%#v is not a valid interval. Must be a time.Duration, a parsable duration string, or a number.", input)
 }

vendor/github.com/onsi/gomega/internal/gomega.go

@@ -2,6 +2,7 @@ package internal
 
 import (
 	"context"
+	"fmt"
 	"time"
 
 	"github.com/onsi/gomega/types"
@@ -52,16 +53,46 @@ func (g *Gomega) ExpectWithOffset(offset int, actual interface{}, extra ...inter
 	return NewAssertion(actual, g, offset, extra...)
 }
 
-func (g *Gomega) Eventually(actual interface{}, intervals ...interface{}) types.AsyncAssertion {
+func (g *Gomega) Eventually(args ...interface{}) types.AsyncAssertion {
-	return g.EventuallyWithOffset(0, actual, intervals...)
+	return g.makeAsyncAssertion(AsyncAssertionTypeEventually, 0, args...)
 }
 
-func (g *Gomega) EventuallyWithOffset(offset int, actual interface{}, args ...interface{}) types.AsyncAssertion {
+func (g *Gomega) EventuallyWithOffset(offset int, args ...interface{}) types.AsyncAssertion {
+	return g.makeAsyncAssertion(AsyncAssertionTypeEventually, offset, args...)
+}
+
+func (g *Gomega) Consistently(args ...interface{}) types.AsyncAssertion {
+	return g.makeAsyncAssertion(AsyncAssertionTypeConsistently, 0, args...)
+}
+
+func (g *Gomega) ConsistentlyWithOffset(offset int, args ...interface{}) types.AsyncAssertion {
+	return g.makeAsyncAssertion(AsyncAssertionTypeConsistently, offset, args...)
+}
+
+func (g *Gomega) makeAsyncAssertion(asyncAssertionType AsyncAssertionType, offset int, args ...interface{}) types.AsyncAssertion {
+	baseOffset := 3
 	timeoutInterval := -time.Duration(1)
 	pollingInterval := -time.Duration(1)
 	intervals := []interface{}{}
 	var ctx context.Context
-	for _, arg := range args {
+	if len(args) == 0 {
+		g.Fail(fmt.Sprintf("Call to %s is missing a value or function to poll", asyncAssertionType), offset+baseOffset)
+		return nil
+	}
+
+	actual := args[0]
+	startingIndex := 1
+	if _, isCtx := args[0].(context.Context); isCtx && len(args) > 1 {
+		// the first argument is a context, we should accept it as the context _only if_ it is **not** the only argumnent **and** the second argument is not a parseable duration
+		// this is due to an unfortunate ambiguity in early version of Gomega in which multi-type durations are allowed after the actual
+		if _, err := toDuration(args[1]); err != nil {
+			ctx = args[0].(context.Context)
+			actual = args[1]
+			startingIndex = 2
+		}
+	}
+
+	for _, arg := range args[startingIndex:] {
 		switch v := arg.(type) {
 		case context.Context:
 			ctx = v
@@ -69,41 +100,21 @@ func (g *Gomega) EventuallyWithOffset(offset int, actual interface{}, args ...in
 			intervals = append(intervals, arg)
 		}
 	}
+	var err error
 	if len(intervals) > 0 {
-		timeoutInterval = toDuration(intervals[0])
+		timeoutInterval, err = toDuration(intervals[0])
+		if err != nil {
+			g.Fail(err.Error(), offset+baseOffset)
+		}
 	}
 	if len(intervals) > 1 {
-		pollingInterval = toDuration(intervals[1])
+		pollingInterval, err = toDuration(intervals[1])
+		if err != nil {
+			g.Fail(err.Error(), offset+baseOffset)
+		}
 	}
 
-	return NewAsyncAssertion(AsyncAssertionTypeEventually, actual, g, timeoutInterval, pollingInterval, ctx, offset)
+	return NewAsyncAssertion(asyncAssertionType, actual, g, timeoutInterval, pollingInterval, ctx, offset)
-}
-
-func (g *Gomega) Consistently(actual interface{}, intervals ...interface{}) types.AsyncAssertion {
-	return g.ConsistentlyWithOffset(0, actual, intervals...)
-}
-
-func (g *Gomega) ConsistentlyWithOffset(offset int, actual interface{}, args ...interface{}) types.AsyncAssertion {
-	timeoutInterval := -time.Duration(1)
-	pollingInterval := -time.Duration(1)
-	intervals := []interface{}{}
-	var ctx context.Context
-	for _, arg := range args {
-		switch v := arg.(type) {
-		case context.Context:
-			ctx = v
-		default:
-			intervals = append(intervals, arg)
-		}
-	}
-	if len(intervals) > 0 {
-		timeoutInterval = toDuration(intervals[0])
-	}
-	if len(intervals) > 1 {
-		pollingInterval = toDuration(intervals[1])
-	}
-
-	return NewAsyncAssertion(AsyncAssertionTypeConsistently, actual, g, timeoutInterval, pollingInterval, ctx, offset)
 }
 
 func (g *Gomega) SetDefaultEventuallyTimeout(t time.Duration) {

vendor/github.com/onsi/gomega/internal/polling_signal_error.go

@@ -0,0 +1,106 @@
+package internal
+
+import (
+	"errors"
+	"fmt"
+	"time"
+)
+
+type PollingSignalErrorType int
+
+const (
+	PollingSignalErrorTypeStopTrying PollingSignalErrorType = iota
+	PollingSignalErrorTypeTryAgainAfter
+)
+
+type PollingSignalError interface {
+	error
+	Wrap(err error) PollingSignalError
+	Attach(description string, obj any) PollingSignalError
+	Now()
+}
+
+var StopTrying = func(message string) PollingSignalError {
+	return &PollingSignalErrorImpl{
+		message:                message,
+		pollingSignalErrorType: PollingSignalErrorTypeStopTrying,
+	}
+}
+
+var TryAgainAfter = func(duration time.Duration) PollingSignalError {
+	return &PollingSignalErrorImpl{
+		message:                fmt.Sprintf("told to try again after %s", duration),
+		duration:               duration,
+		pollingSignalErrorType: PollingSignalErrorTypeTryAgainAfter,
+	}
+}
+
+type PollingSignalErrorAttachment struct {
+	Description string
+	Object      any
+}
+
+type PollingSignalErrorImpl struct {
+	message                string
+	wrappedErr             error
+	pollingSignalErrorType PollingSignalErrorType
+	duration               time.Duration
+	Attachments            []PollingSignalErrorAttachment
+}
+
+func (s *PollingSignalErrorImpl) Wrap(err error) PollingSignalError {
+	s.wrappedErr = err
+	return s
+}
+
+func (s *PollingSignalErrorImpl) Attach(description string, obj any) PollingSignalError {
+	s.Attachments = append(s.Attachments, PollingSignalErrorAttachment{description, obj})
+	return s
+}
+
+func (s *PollingSignalErrorImpl) Error() string {
+	if s.wrappedErr == nil {
+		return s.message
+	} else {
+		return s.message + ": " + s.wrappedErr.Error()
+	}
+}
+
+func (s *PollingSignalErrorImpl) Unwrap() error {
+	if s == nil {
+		return nil
+	}
+	return s.wrappedErr
+}
+
+func (s *PollingSignalErrorImpl) Now() {
+	panic(s)
+}
+
+func (s *PollingSignalErrorImpl) IsStopTrying() bool {
+	return s.pollingSignalErrorType == PollingSignalErrorTypeStopTrying
+}
+
+func (s *PollingSignalErrorImpl) IsTryAgainAfter() bool {
+	return s.pollingSignalErrorType == PollingSignalErrorTypeTryAgainAfter
+}
+
+func (s *PollingSignalErrorImpl) TryAgainDuration() time.Duration {
+	return s.duration
+}
+
+func AsPollingSignalError(actual interface{}) (*PollingSignalErrorImpl, bool) {
+	if actual == nil {
+		return nil, false
+	}
+	if actualErr, ok := actual.(error); ok {
+		var target *PollingSignalErrorImpl
+		if errors.As(actualErr, &target) {
+			return target, true
+		} else {
+			return nil, false
+		}
+	}
+
+	return nil, false
+}

vendor/github.com/onsi/gomega/types/types.go

@@ -19,11 +19,11 @@ type Gomega interface {
 	Expect(actual interface{}, extra ...interface{}) Assertion
 	ExpectWithOffset(offset int, actual interface{}, extra ...interface{}) Assertion
 
-	Eventually(actual interface{}, intervals ...interface{}) AsyncAssertion
+	Eventually(args ...interface{}) AsyncAssertion
-	EventuallyWithOffset(offset int, actual interface{}, intervals ...interface{}) AsyncAssertion
+	EventuallyWithOffset(offset int, args ...interface{}) AsyncAssertion
 
-	Consistently(actual interface{}, intervals ...interface{}) AsyncAssertion
+	Consistently(args ...interface{}) AsyncAssertion
-	ConsistentlyWithOffset(offset int, actual interface{}, intervals ...interface{}) AsyncAssertion
+	ConsistentlyWithOffset(offset int, args ...interface{}) AsyncAssertion
 
 	SetDefaultEventuallyTimeout(time.Duration)
 	SetDefaultEventuallyPollingInterval(time.Duration)

vendor/golang.org/x/crypto/AUTHORS

@@ -1,3 +0,0 @@
-# This source code refers to The Go Authors for copyright purposes.
-# The master list of authors is in the main Go distribution,
-# visible at https://tip.golang.org/AUTHORS.

vendor/golang.org/x/crypto/CONTRIBUTORS

@@ -1,3 +0,0 @@
-# This source code was written by the Go contributors.
-# The master list of contributors is in the main Go distribution,
-# visible at https://tip.golang.org/CONTRIBUTORS.

vendor/golang.org/x/crypto/argon2/argon2.go

@@ -11,8 +11,7 @@
 // If you aren't sure which function you need, use Argon2id (IDKey) and
 // the parameter recommendations for your scenario.
 //
-//
+// # Argon2i
-// Argon2i
 //
 // Argon2i (implemented by Key) is the side-channel resistant version of Argon2.
 // It uses data-independent memory access, which is preferred for password
@@ -21,8 +20,7 @@
 // parameters (taken from [2]) for non-interactive operations are time=3 and to
 // use the maximum available memory.
 //
-//
+// # Argon2id
-// Argon2id
 //
 // Argon2id (implemented by IDKey) is a hybrid version of Argon2 combining
 // Argon2i and Argon2d. It uses data-independent memory access for the first

vendor/golang.org/x/crypto/chacha20/chacha_generic.go

@@ -12,7 +12,7 @@ import (
 	"errors"
 	"math/bits"
 
-	"golang.org/x/crypto/internal/subtle"
+	"golang.org/x/crypto/internal/alias"
 )
 
 const (
@@ -189,7 +189,7 @@ func (s *Cipher) XORKeyStream(dst, src []byte) {
 		panic("chacha20: output smaller than input")
 	}
 	dst = dst[:len(src)]
-	if subtle.InexactOverlap(dst, src) {
+	if alias.InexactOverlap(dst, src) {
 		panic("chacha20: invalid buffer overlap")
 	}
 

vendor/golang.org/x/crypto/chacha20/chacha_s390x.go

@@ -15,6 +15,7 @@ const bufSize = 256
 
 // xorKeyStreamVX is an assembly implementation of XORKeyStream. It must only
 // be called when the vector facility is available. Implementation in asm_s390x.s.
+//
 //go:noescape
 func xorKeyStreamVX(dst, src []byte, key *[8]uint32, nonce *[3]uint32, counter *uint32)
 

vendor/golang.org/x/crypto/cryptobyte/builder.go

@@ -95,6 +95,11 @@ func (b *Builder) AddUint32(v uint32) {
 	b.add(byte(v>>24), byte(v>>16), byte(v>>8), byte(v))
 }
 
+// AddUint64 appends a big-endian, 64-bit value to the byte string.
+func (b *Builder) AddUint64(v uint64) {
+	b.add(byte(v>>56), byte(v>>48), byte(v>>40), byte(v>>32), byte(v>>24), byte(v>>16), byte(v>>8), byte(v))
+}
+
 // AddBytes appends a sequence of bytes to the byte string.
 func (b *Builder) AddBytes(v []byte) {
 	b.add(v...)

vendor/golang.org/x/crypto/cryptobyte/string.go

@@ -81,6 +81,17 @@ func (s *String) ReadUint32(out *uint32) bool {
 	return true
 }
 
+// ReadUint64 decodes a big-endian, 64-bit value into out and advances over it.
+// It reports whether the read was successful.
+func (s *String) ReadUint64(out *uint64) bool {
+	v := s.read(8)
+	if v == nil {
+		return false
+	}
+	*out = uint64(v[0])<<56 | uint64(v[1])<<48 | uint64(v[2])<<40 | uint64(v[3])<<32 | uint64(v[4])<<24 | uint64(v[5])<<16 | uint64(v[6])<<8 | uint64(v[7])
+	return true
+}
+
 func (s *String) readUnsigned(out *uint32, length int) bool {
 	v := s.read(length)
 	if v == nil {

vendor/golang.org/x/crypto/curve25519/curve25519.go

@@ -9,7 +9,8 @@ package curve25519 // import "golang.org/x/crypto/curve25519"
 
 import (
 	"crypto/subtle"
-	"fmt"
+	"errors"
+	"strconv"
 
 	"golang.org/x/crypto/curve25519/internal/field"
 )
@@ -124,10 +125,10 @@ func X25519(scalar, point []byte) ([]byte, error) {
 func x25519(dst *[32]byte, scalar, point []byte) ([]byte, error) {
 	var in [32]byte
 	if l := len(scalar); l != 32 {
-		return nil, fmt.Errorf("bad scalar length: %d, expected %d", l, 32)
+		return nil, errors.New("bad scalar length: " + strconv.Itoa(l) + ", expected 32")
 	}
 	if l := len(point); l != 32 {
-		return nil, fmt.Errorf("bad point length: %d, expected %d", l, 32)
+		return nil, errors.New("bad point length: " + strconv.Itoa(l) + ", expected 32")
 	}
 	copy(in[:], scalar)
 	if &point[0] == &Basepoint[0] {
@@ -138,7 +139,7 @@ func x25519(dst *[32]byte, scalar, point []byte) ([]byte, error) {
 		copy(base[:], point)
 		ScalarMult(dst, &in, &base)
 		if subtle.ConstantTimeCompare(dst[:], zero[:]) == 1 {
-			return nil, fmt.Errorf("bad input point: low order point")
+			return nil, errors.New("bad input point: low order point")
 		}
 	}
 	return dst[:], nil

vendor/golang.org/x/crypto/curve25519/internal/field/fe_amd64.go

@@ -1,13 +1,16 @@
 // Code generated by command: go run fe_amd64_asm.go -out ../fe_amd64.s -stubs ../fe_amd64.go -pkg field. DO NOT EDIT.
 
+//go:build amd64 && gc && !purego
 // +build amd64,gc,!purego
 
 package field
 
 // feMul sets out = a * b. It works like feMulGeneric.
+//
 //go:noescape
 func feMul(out *Element, a *Element, b *Element)
 
 // feSquare sets out = a * a. It works like feSquareGeneric.
+//
 //go:noescape
 func feSquare(out *Element, a *Element)

vendor/golang.org/x/crypto/internal/alias/alias.go

@@ -5,9 +5,8 @@
 //go:build !purego
 // +build !purego
 
-// Package subtle implements functions that are often useful in cryptographic
+// Package alias implements memory aliasing tests.
-// code but require careful thought to use correctly.
+package alias
-package subtle // import "golang.org/x/crypto/internal/subtle"
 
 import "unsafe"
 

vendor/golang.org/x/crypto/internal/alias/alias_purego.go

@@ -5,9 +5,8 @@
 //go:build purego
 // +build purego
 
-// Package subtle implements functions that are often useful in cryptographic
+// Package alias implements memory aliasing tests.
-// code but require careful thought to use correctly.
+package alias
-package subtle // import "golang.org/x/crypto/internal/subtle"
 
 // This is the Google App Engine standard variant based on reflect
 // because the unsafe package and cgo are disallowed.

vendor/golang.org/x/crypto/internal/poly1305/sum_generic.go

@@ -279,7 +279,6 @@ const (
 // finalize completes the modular reduction of h and computes
 //
 //	out = h + s  mod  2¹²⁸
-//
 func finalize(out *[TagSize]byte, h *[3]uint64, s *[2]uint64) {
 	h0, h1, h2 := h[0], h[1], h[2]
 

vendor/golang.org/x/crypto/internal/poly1305/sum_s390x.go

@@ -14,6 +14,7 @@ import (
 // updateVX is an assembly implementation of Poly1305 that uses vector
 // instructions. It must only be called if the vector facility (vx) is
 // available.
+//
 //go:noescape
 func updateVX(state *macState, msg []byte)
 

vendor/golang.org/x/crypto/ssh/certs.go

@@ -251,7 +251,7 @@ type algorithmOpenSSHCertSigner struct {
 // private key is held by signer. It returns an error if the public key in cert
 // doesn't match the key used by signer.
 func NewCertSigner(cert *Certificate, signer Signer) (Signer, error) {
-	if bytes.Compare(cert.Key.Marshal(), signer.PublicKey().Marshal()) != 0 {
+	if !bytes.Equal(cert.Key.Marshal(), signer.PublicKey().Marshal()) {
 		return nil, errors.New("ssh: signer and cert have different public key")
 	}
 
@@ -460,6 +460,8 @@ func (c *Certificate) SignCert(rand io.Reader, authority Signer) error {
 
 // certKeyAlgoNames is a mapping from known certificate algorithm names to the
 // corresponding public key signature algorithm.
+//
+// This map must be kept in sync with the one in agent/client.go.
 var certKeyAlgoNames = map[string]string{
 	CertAlgoRSAv01:        KeyAlgoRSA,
 	CertAlgoRSASHA256v01:  KeyAlgoRSASHA256,

vendor/golang.org/x/crypto/ssh/cipher.go

@@ -15,7 +15,6 @@ import (
 	"fmt"
 	"hash"
 	"io"
-	"io/ioutil"
 
 	"golang.org/x/crypto/chacha20"
 	"golang.org/x/crypto/internal/poly1305"
@@ -97,13 +96,13 @@ func streamCipherMode(skip int, createFunc func(key, iv []byte) (cipher.Stream,
 // are not supported and will not be negotiated, even if explicitly requested in
 // ClientConfig.Crypto.Ciphers.
 var cipherModes = map[string]*cipherMode{
-	// Ciphers from RFC4344, which introduced many CTR-based ciphers. Algorithms
+	// Ciphers from RFC 4344, which introduced many CTR-based ciphers. Algorithms
 	// are defined in the order specified in the RFC.
 	"aes128-ctr": {16, aes.BlockSize, streamCipherMode(0, newAESCTR)},
 	"aes192-ctr": {24, aes.BlockSize, streamCipherMode(0, newAESCTR)},
 	"aes256-ctr": {32, aes.BlockSize, streamCipherMode(0, newAESCTR)},
 
-	// Ciphers from RFC4345, which introduces security-improved arcfour ciphers.
+	// Ciphers from RFC 4345, which introduces security-improved arcfour ciphers.
 	// They are defined in the order specified in the RFC.
 	"arcfour128": {16, 0, streamCipherMode(1536, newRC4)},
 	"arcfour256": {32, 0, streamCipherMode(1536, newRC4)},
@@ -111,7 +110,7 @@ var cipherModes = map[string]*cipherMode{
 	// Cipher defined in RFC 4253, which describes SSH Transport Layer Protocol.
 	// Note that this cipher is not safe, as stated in RFC 4253: "Arcfour (and
 	// RC4) has problems with weak keys, and should be used with caution."
-	// RFC4345 introduces improved versions of Arcfour.
+	// RFC 4345 introduces improved versions of Arcfour.
 	"arcfour": {16, 0, streamCipherMode(0, newRC4)},
 
 	// AEAD ciphers
@@ -497,7 +496,7 @@ func (c *cbcCipher) readCipherPacket(seqNum uint32, r io.Reader) ([]byte, error)
 			// data, to make distinguishing between
 			// failing MAC and failing length check more
 			// difficult.
-			io.CopyN(ioutil.Discard, r, int64(c.oracleCamouflage))
+			io.CopyN(io.Discard, r, int64(c.oracleCamouflage))
 		}
 	}
 	return p, err
@@ -642,7 +641,7 @@ const chacha20Poly1305ID = "chacha20-poly1305@openssh.com"
 //
 //	https://tools.ietf.org/html/draft-josefsson-ssh-chacha20-poly1305-openssh-00
 //
-// the methods here also implement padding, which RFC4253 Section 6
+// the methods here also implement padding, which RFC 4253 Section 6
 // also requires of stream ciphers.
 type chacha20Poly1305Cipher struct {
 	lengthKey  [32]byte

vendor/golang.org/x/crypto/ssh/common.go

@@ -149,7 +149,7 @@ type directionAlgorithms struct {
 
 // rekeyBytes returns a rekeying intervals in bytes.
 func (a *directionAlgorithms) rekeyBytes() int64 {
-	// According to RFC4344 block ciphers should rekey after
+	// According to RFC 4344 block ciphers should rekey after
 	// 2^(BLOCKSIZE/4) blocks. For all AES flavors BLOCKSIZE is
 	// 128.
 	switch a.Cipher {
@@ -158,7 +158,7 @@ func (a *directionAlgorithms) rekeyBytes() int64 {
 
 	}
 
-	// For others, stick with RFC4253 recommendation to rekey after 1 Gb of data.
+	// For others, stick with RFC 4253 recommendation to rekey after 1 Gb of data.
 	return 1 << 30
 }
 

vendor/golang.org/x/crypto/ssh/connection.go

@@ -52,7 +52,7 @@ type Conn interface {
 
 	// SendRequest sends a global request, and returns the
 	// reply. If wantReply is true, it returns the response status
-	// and payload. See also RFC4254, section 4.
+	// and payload. See also RFC 4254, section 4.
 	SendRequest(name string, wantReply bool, payload []byte) (bool, []byte, error)
 
 	// OpenChannel tries to open an channel. If the request is

vendor/golang.org/x/crypto/ssh/doc.go

@@ -12,6 +12,7 @@ the multiplexed nature of SSH is exposed to users that wish to support
 others.
 
 References:
+
 	[PROTOCOL.certkeys]: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.certkeys?rev=HEAD
 	[SSH-PARAMETERS]:    http://www.iana.org/assignments/ssh-parameters/ssh-parameters.xml#ssh-parameters-1
 

vendor/golang.org/x/crypto/ssh/handshake.go

@@ -479,11 +479,13 @@ func (t *handshakeTransport) sendKexInit() error {
 
 		// As a client we opt in to receiving SSH_MSG_EXT_INFO so we know what
 		// algorithms the server supports for public key authentication. See RFC
-		// 8303, Section 2.1.
+		// 8308, Section 2.1.
+		if firstKeyExchange := t.sessionID == nil; firstKeyExchange {
 			msg.KexAlgos = make([]string, 0, len(t.config.KeyExchanges)+1)
 			msg.KexAlgos = append(msg.KexAlgos, t.config.KeyExchanges...)
 			msg.KexAlgos = append(msg.KexAlgos, "ext-info-c")
 		}
+	}
 
 	packet := Marshal(msg)
 

vendor/golang.org/x/crypto/ssh/keys.go

@@ -184,7 +184,7 @@ func ParseKnownHosts(in []byte) (marker string, hosts []string, pubKey PublicKey
 	return "", nil, nil, "", nil, io.EOF
 }
 
-// ParseAuthorizedKeys parses a public key from an authorized_keys
+// ParseAuthorizedKey parses a public key from an authorized_keys
 // file used in OpenSSH according to the sshd(8) manual page.
 func ParseAuthorizedKey(in []byte) (out PublicKey, comment string, options []string, rest []byte, err error) {
 	for len(in) > 0 {

vendor/golang.org/x/crypto/ssh/server.go

@@ -68,8 +68,16 @@ type ServerConfig struct {
 
 	// NoClientAuth is true if clients are allowed to connect without
 	// authenticating.
+	// To determine NoClientAuth at runtime, set NoClientAuth to true
+	// and the optional NoClientAuthCallback to a non-nil value.
 	NoClientAuth bool
 
+	// NoClientAuthCallback, if non-nil, is called when a user
+	// attempts to authenticate with auth method "none".
+	// NoClientAuth must also be set to true for this be used, or
+	// this func is unused.
+	NoClientAuthCallback func(ConnMetadata) (*Permissions, error)
+
 	// MaxAuthTries specifies the maximum number of authentication attempts
 	// permitted per connection. If set to a negative number, the number of
 	// attempts are unlimited. If set to zero, the number of attempts are limited
@@ -455,8 +463,12 @@ userAuthLoop:
 		switch userAuthReq.Method {
 		case "none":
 			if config.NoClientAuth {
+				if config.NoClientAuthCallback != nil {
+					perms, authErr = config.NoClientAuthCallback(s)
+				} else {
 					authErr = nil
 				}
+			}
 
 			// allow initial attempt of 'none' without penalty
 			if authFailures == 0 {

vendor/golang.org/x/crypto/ssh/session.go

@@ -13,7 +13,6 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"sync"
 )
 
@@ -124,7 +123,7 @@ type Session struct {
 	// output and error.
 	//
 	// If either is nil, Run connects the corresponding file
-	// descriptor to an instance of ioutil.Discard. There is a
+	// descriptor to an instance of io.Discard. There is a
 	// fixed amount of buffering that is shared for the two streams.
 	// If either blocks it may eventually cause the remote
 	// command to block.
@@ -506,7 +505,7 @@ func (s *Session) stdout() {
 		return
 	}
 	if s.Stdout == nil {
-		s.Stdout = ioutil.Discard
+		s.Stdout = io.Discard
 	}
 	s.copyFuncs = append(s.copyFuncs, func() error {
 		_, err := io.Copy(s.Stdout, s.ch)
@@ -519,7 +518,7 @@ func (s *Session) stderr() {
 		return
 	}
 	if s.Stderr == nil {
-		s.Stderr = ioutil.Discard
+		s.Stderr = io.Discard
 	}
 	s.copyFuncs = append(s.copyFuncs, func() error {
 		_, err := io.Copy(s.Stderr, s.ch.Stderr())

vendor/k8s.io/client-go/plugin/pkg/client/auth/exec/exec.go

@@ -199,7 +199,6 @@ func newAuthenticator(c *cache, isTerminalFunc func(int) bool, config *api.ExecC
 		now:             time.Now,
 		environ:         os.Environ,
 
-		defaultDialer: defaultDialer,
 		connTracker: connTracker,
 	}
 
@@ -207,6 +206,11 @@ func newAuthenticator(c *cache, isTerminalFunc func(int) bool, config *api.ExecC
 		a.env = append(a.env, env.Name+"="+env.Value)
 	}
 
+	// these functions are made comparable and stored in the cache so that repeated clientset
+	// construction with the same rest.Config results in a single TLS cache and Authenticator
+	a.getCert = &transport.GetCertHolder{GetCert: a.cert}
+	a.dial = &transport.DialHolder{Dial: defaultDialer.DialContext}
+
 	return c.put(key, a), nil
 }
 
@@ -261,8 +265,6 @@ type Authenticator struct {
 	now             func() time.Time
 	environ         func() []string
 
-	// defaultDialer is used for clients which don't specify a custom dialer
-	defaultDialer *connrotation.Dialer
 	// connTracker tracks all connections opened that we need to close when rotating a client certificate
 	connTracker *connrotation.ConnectionTracker
 
@@ -273,6 +275,12 @@ type Authenticator struct {
 	mu          sync.Mutex
 	cachedCreds *credentials
 	exp         time.Time
+
+	// getCert makes Authenticator.cert comparable to support TLS config caching
+	getCert *transport.GetCertHolder
+	// dial is used for clients which do not specify a custom dialer
+	// it is comparable to support TLS config caching
+	dial *transport.DialHolder
 }
 
 type credentials struct {
@@ -300,17 +308,19 @@ func (a *Authenticator) UpdateTransportConfig(c *transport.Config) error {
 	if c.HasCertCallback() {
 		return errors.New("can't add TLS certificate callback: transport.Config.TLS.GetCert already set")
 	}
-	c.TLS.GetCert = a.cert
+	c.TLS.GetCert = a.getCert.GetCert
+	c.TLS.GetCertHolder = a.getCert // comparable for TLS config caching
 
-	var d *connrotation.Dialer
 	if c.Dial != nil {
 		// if c has a custom dialer, we have to wrap it
-		d = connrotation.NewDialerWithTracker(c.Dial, a.connTracker)
+		// TLS config caching is not supported for this config
-	} else {
+		d := connrotation.NewDialerWithTracker(c.Dial, a.connTracker)
-		d = a.defaultDialer
-	}
-
 		c.Dial = d.DialContext
+		c.DialHolder = nil
+	} else {
+		c.Dial = a.dial.Dial
+		c.DialHolder = a.dial // comparable for TLS config caching
+	}
 
 	return nil
 }