rebase: bump the github-dependencies group with 5 updates

Bumps the github-dependencies group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) | `1.49.21` | `1.50.6` |
| [github.com/google/uuid](https://github.com/google/uuid) | `1.5.0` | `1.6.0` |
| [github.com/hashicorp/vault/api](https://github.com/hashicorp/vault) | `1.10.0` | `1.11.0` |
| [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) | `2.14.0` | `2.15.0` |
| [github.com/onsi/gomega](https://github.com/onsi/gomega) | `1.30.0` | `1.31.1` |


Updates `github.com/aws/aws-sdk-go` from 1.49.21 to 1.50.6
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.49.21...v1.50.6)

Updates `github.com/google/uuid` from 1.5.0 to 1.6.0
- [Release notes](https://github.com/google/uuid/releases)
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/uuid/compare/v1.5.0...v1.6.0)

Updates `github.com/hashicorp/vault/api` from 1.10.0 to 1.11.0
- [Release notes](https://github.com/hashicorp/vault/releases)
- [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md)
- [Commits](https://github.com/hashicorp/vault/compare/v1.10.0...v1.11.0)

Updates `github.com/onsi/ginkgo/v2` from 2.14.0 to 2.15.0
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v2.14.0...v2.15.0)

Updates `github.com/onsi/gomega` from 1.30.0 to 1.31.1
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.30.0...v1.31.1)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
- dependency-name: github.com/google/uuid
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
- dependency-name: github.com/hashicorp/vault/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

go.mod

@@ -6,7 +6,7 @@ toolchain go1.21.5
 
 require (
 	github.com/IBM/keyprotect-go-client v0.12.2
-	github.com/aws/aws-sdk-go v1.49.21
+	github.com/aws/aws-sdk-go v1.50.6
 	github.com/aws/aws-sdk-go-v2/service/sts v1.26.7
 	github.com/ceph/ceph-csi/api v0.0.0-00010101000000-000000000000
 	github.com/ceph/go-ceph v0.25.0
@@ -15,15 +15,15 @@ require (
 	github.com/gemalto/kmip-go v0.0.10
 	github.com/golang/protobuf v1.5.3
 	github.com/google/fscrypt v0.3.4
-	github.com/google/uuid v1.5.0
+	github.com/google/uuid v1.6.0
 	github.com/grpc-ecosystem/go-grpc-middleware v1.4.0
 	github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
-	github.com/hashicorp/vault/api v1.10.0
+	github.com/hashicorp/vault/api v1.11.0
 	github.com/kubernetes-csi/csi-lib-utils v0.17.0
 	github.com/kubernetes-csi/external-snapshotter/client/v6 v6.3.0
 	github.com/libopenstorage/secrets v0.0.0-20231011182615-5f4b25ceede1
-	github.com/onsi/ginkgo/v2 v2.14.0
+	github.com/onsi/ginkgo/v2 v2.15.0
-	github.com/onsi/gomega v1.30.0
+	github.com/onsi/gomega v1.31.1
 	github.com/pkg/xattr v0.4.9
 	github.com/prometheus/client_golang v1.18.0
 	github.com/stretchr/testify v1.8.4

go.sum

@@ -821,8 +821,8 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkY
 github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a h1:idn718Q4B6AGu/h5Sxe66HYVdqdGu2l9Iebqhi/AEoA=
 github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
 github.com/aws/aws-sdk-go v1.44.164/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
-github.com/aws/aws-sdk-go v1.49.21 h1:Rl8KW6HqkwzhATwvXhyr7vD4JFUMi7oXGAw9SrxxIFY=
+github.com/aws/aws-sdk-go v1.50.6 h1:FaXvNwHG3Ri1paUEW16Ahk9zLVqSAdqa1M3phjZR35Q=
-github.com/aws/aws-sdk-go v1.49.21/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk=
+github.com/aws/aws-sdk-go v1.50.6/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk=
 github.com/aws/aws-sdk-go-v2 v1.24.1 h1:xAojnj+ktS95YZlDf0zxWBkbFtymPeDP+rvUQIH3uAU=
 github.com/aws/aws-sdk-go-v2 v1.24.1/go.mod h1:LNh45Br1YAkEKaAqvmE1m8FUx6a5b/V0oAKV7of29b4=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 h1:vF+Zgd9s+H4vOXd5BMaPWykta2a6Ih0AKLq/X6NYKn4=
@@ -1161,8 +1161,8 @@ github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.5.0 h1:1p67kYwdtXjb0gL0BPiP1Av9wiZPo5A8z2cWkTZ+eyU=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
-github.com/google/uuid v1.5.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99a87aa/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8=
 github.com/googleapis/enterprise-certificate-proxy v0.1.0/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8=
 github.com/googleapis/enterprise-certificate-proxy v0.2.0/go.mod h1:8C0jb7/mgJe/9KK8Lm7X9ctZC2t60YyIpYEI16jx0Qg=
@@ -1252,8 +1252,9 @@ github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO
 github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ=
 github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
 github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
-github.com/hashicorp/vault/api v1.10.0 h1:/US7sIjWN6Imp4o/Rj1Ce2Nr5bki/AXi9vAW3p2tOJQ=
 github.com/hashicorp/vault/api v1.10.0/go.mod h1:jo5Y/ET+hNyz+JnKDt8XLAdKs+AM0G5W0Vp1IrFI8N8=
+github.com/hashicorp/vault/api v1.11.0 h1:AChWByeHf4/P9sX3Y1B7vFsQhZO2BgQiCMQ2SA1P1UY=
+github.com/hashicorp/vault/api v1.11.0/go.mod h1:si+lJCYO7oGkIoNPAN8j3azBLTn9SjMGS+jFaHd1Cck=
 github.com/hashicorp/vault/api/auth/approle v0.5.0 h1:a1TK6VGwYqSAfkmX4y4dJ4WBxMU5dStIZqScW4EPXR8=
 github.com/hashicorp/vault/api/auth/approle v0.5.0/go.mod h1:CHOQIA1AZACfjTzHggmyfiOZ+xCSKNRFqe48FTCzH0k=
 github.com/hashicorp/vault/api/auth/kubernetes v0.5.0 h1:CXO0fD7M3iCGovP/UApeHhPcH4paDFKcu7AjEXi94rI=
@@ -1424,8 +1425,8 @@ github.com/onsi/ginkgo/v2 v2.9.5/go.mod h1:tvAoo1QUJwNEU2ITftXTpR7R1RbCzoZUOs3Ro
 github.com/onsi/ginkgo/v2 v2.9.7/go.mod h1:cxrmXWykAwTwhQsJOPfdIDiJ+l2RYq7U8hFU+M/1uw0=
 github.com/onsi/ginkgo/v2 v2.11.0/go.mod h1:ZhrRA5XmEE3x3rhlzamx/JJvujdZoJ2uvgI7kR0iZvM=
 github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o=
-github.com/onsi/ginkgo/v2 v2.14.0 h1:vSmGj2Z5YPb9JwCWT6z6ihcUvDhuXLc3sJiqd3jMKAY=
+github.com/onsi/ginkgo/v2 v2.15.0 h1:79HwNRBAZHOEwrczrgSOPy+eFTTlIGELKy5as+ClttY=
-github.com/onsi/ginkgo/v2 v2.14.0/go.mod h1:JkUdW7JkN0V6rFvsHcJ478egV3XH9NxpD27Hal/PhZw=
+github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM=
 github.com/onsi/gomega v1.4.2/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
@@ -1445,8 +1446,8 @@ github.com/onsi/gomega v1.27.7/go.mod h1:1p8OOlwo2iUUDsHnOrjE5UKYJ+e3W8eQ3qSlRah
 github.com/onsi/gomega v1.27.8/go.mod h1:2J8vzI/s+2shY9XHRApDkdgPo1TKT7P2u6fXeJKFnNQ=
 github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M=
 github.com/onsi/gomega v1.29.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ=
-github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8=
+github.com/onsi/gomega v1.31.1 h1:KYppCUK+bUgAZwHOu7EXVBKyQA6ILvOESHkn/tgoqvo=
-github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ=
+github.com/onsi/gomega v1.31.1/go.mod h1:y40C95dwAD1Nz36SsEnxvfFe8FFfNxzI5eJ0EYGyAy0=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/selinux v1.11.0 h1:+5Zbo97w3Lbmb3PeqQtpmTkMwsW5nRI3YaLpt7tQ7oU=

vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go

@@ -3450,6 +3450,9 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "ap-southeast-3",
 				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
 				endpointKey{
 					Region: "ca-central-1",
 				}: endpoint{},
@@ -3477,6 +3480,9 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "eu-west-3",
 				}: endpoint{},
+				endpointKey{
+					Region: "il-central-1",
+				}: endpoint{},
 				endpointKey{
 					Region: "me-central-1",
 				}: endpoint{},
@@ -21758,6 +21764,14 @@ var awsPartition = partition{
 						Region: "il-central-1",
 					},
 				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{
+					Hostname: "oidc.me-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "me-central-1",
+					},
+				},
 				endpointKey{
 					Region: "me-south-1",
 				}: endpoint{
@@ -22893,6 +22907,14 @@ var awsPartition = partition{
 						Region: "il-central-1",
 					},
 				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{
+					Hostname: "portal.sso.me-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "me-central-1",
+					},
+				},
 				endpointKey{
 					Region: "me-south-1",
 				}: endpoint{
@@ -30358,6 +30380,9 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "il-central-1",
 				}: endpoint{},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
 				endpointKey{
 					Region: "me-south-1",
 				}: endpoint{},
@@ -33982,9 +34007,18 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "ap-northeast-1",
 				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
 				endpointKey{
 					Region: "ap-southeast-2",
 				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
 				endpointKey{
 					Region: "eu-central-1",
 				}: endpoint{},
@@ -34006,9 +34040,18 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "ui-ap-northeast-1",
 				}: endpoint{},
+				endpointKey{
+					Region: "ui-ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ui-ap-southeast-1",
+				}: endpoint{},
 				endpointKey{
 					Region: "ui-ap-southeast-2",
 				}: endpoint{},
+				endpointKey{
+					Region: "ui-ca-central-1",
+				}: endpoint{},
 				endpointKey{
 					Region: "ui-eu-central-1",
 				}: endpoint{},
@@ -35842,6 +35885,13 @@ var awscnPartition = partition{
 				},
 			},
 		},
+		"quicksight": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+			},
+		},
 		"ram": service{
 			Endpoints: serviceEndpoints{
 				endpointKey{
@@ -43385,6 +43435,15 @@ var awsisoPartition = partition{
 		},
 		"datasync": service{
 			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-iso-east-1",
+				}: endpoint{
+					Hostname: "datasync-fips.us-iso-east-1.c2s.ic.gov",
+					CredentialScope: credentialScope{
+						Region: "us-iso-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
 				endpointKey{
 					Region: "fips-us-iso-west-1",
 				}: endpoint{
@@ -43394,6 +43453,15 @@ var awsisoPartition = partition{
 					},
 					Deprecated: boxedTrue,
 				},
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-iso-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "datasync-fips.us-iso-east-1.c2s.ic.gov",
+				},
 				endpointKey{
 					Region: "us-iso-west-1",
 				}: endpoint{},

vendor/github.com/aws/aws-sdk-go/aws/version.go

@@ -5,4 +5,4 @@ package aws
 const SDKName = "aws-sdk-go"
 
 // SDKVersion is the version of this SDK
-const SDKVersion = "1.49.21"
+const SDKVersion = "1.50.6"

vendor/github.com/google/uuid/CHANGELOG.md

@@ -1,5 +1,18 @@
 # Changelog
 
+## [1.6.0](https://github.com/google/uuid/compare/v1.5.0...v1.6.0) (2024-01-16)
+
+
+### Features
+
+* add Max UUID constant ([#149](https://github.com/google/uuid/issues/149)) ([c58770e](https://github.com/google/uuid/commit/c58770eb495f55fe2ced6284f93c5158a62e53e3))
+
+
+### Bug Fixes
+
+* fix typo in version 7 uuid documentation ([#153](https://github.com/google/uuid/issues/153)) ([016b199](https://github.com/google/uuid/commit/016b199544692f745ffc8867b914129ecb47ef06))
+* Monotonicity in UUIDv7 ([#150](https://github.com/google/uuid/issues/150)) ([a2b2b32](https://github.com/google/uuid/commit/a2b2b32373ff0b1a312b7fdf6d38a977099698a6))
+
 ## [1.5.0](https://github.com/google/uuid/compare/v1.4.0...v1.5.0) (2023-12-12)
 
 

vendor/github.com/google/uuid/hash.go

@@ -17,6 +17,12 @@ var (
 	NameSpaceOID  = Must(Parse("6ba7b812-9dad-11d1-80b4-00c04fd430c8"))
 	NameSpaceX500 = Must(Parse("6ba7b814-9dad-11d1-80b4-00c04fd430c8"))
 	Nil           UUID // empty UUID, all zeros
+
+	// The Max UUID is special form of UUID that is specified to have all 128 bits set to 1.
+	Max = UUID{
+		0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+		0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+	}
 )
 
 // NewHash returns a new UUID derived from the hash of space concatenated with

vendor/github.com/google/uuid/version7.go

@@ -44,7 +44,7 @@ func NewV7FromReader(r io.Reader) (UUID, error) {
 
 // makeV7 fill 48 bits time (uuid[0] - uuid[5]), set version b0111 (uuid[6])
 // uuid[8] already has the right version number (Variant is 10)
-// see function  NewV7 and NewV7FromReader
+// see function NewV7 and NewV7FromReader
 func makeV7(uuid []byte) {
 	/*
 		 0                   1                   2                   3
@@ -52,7 +52,7 @@ func makeV7(uuid []byte) {
 		+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 		|                           unix_ts_ms                          |
 		+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-		|          unix_ts_ms           |  ver  |       rand_a          |
+		|          unix_ts_ms           |  ver  |  rand_a (12 bit seq)  |
 		+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 		|var|                        rand_b                             |
 		+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
@@ -61,7 +61,7 @@ func makeV7(uuid []byte) {
 	*/
 	_ = uuid[15] // bounds check
 
-	t := timeNow().UnixMilli()
+	t, s := getV7Time()
 
 	uuid[0] = byte(t >> 40)
 	uuid[1] = byte(t >> 32)
@@ -70,6 +70,35 @@ func makeV7(uuid []byte) {
 	uuid[4] = byte(t >> 8)
 	uuid[5] = byte(t)
 
-	uuid[6] = 0x70 | (uuid[6] & 0x0F)
+	uuid[6] = 0x70 | (0x0F & byte(s>>8))
-	// uuid[8] has already has right version
+	uuid[7] = byte(s)
+}
+
+// lastV7time is the last time we returned stored as:
+//
+//	52 bits of time in milliseconds since epoch
+//	12 bits of (fractional nanoseconds) >> 8
+var lastV7time int64
+
+const nanoPerMilli = 1000000
+
+// getV7Time returns the time in milliseconds and nanoseconds / 256.
+// The returned (milli << 12 + seq) is guarenteed to be greater than
+// (milli << 12 + seq) returned by any previous call to getV7Time.
+func getV7Time() (milli, seq int64) {
+	timeMu.Lock()
+	defer timeMu.Unlock()
+
+	nano := timeNow().UnixNano()
+	milli = nano / nanoPerMilli
+	// Sequence number is between 0 and 3906 (nanoPerMilli>>8)
+	seq = (nano - milli*nanoPerMilli) >> 8
+	now := milli<<12 + seq
+	if now <= lastV7time {
+		now = lastV7time + 1
+		milli = now >> 12
+		seq = now & 0xfff
+	}
+	lastV7time = now
+	return milli, seq
 }

vendor/github.com/hashicorp/vault/api/.copywrite.hcl

@@ -0,0 +1,8 @@
+schema_version = 1
+
+project {
+  license        = "MPL-2.0"
+  copyright_year = 2024
+
+  header_ignore = []
+}

vendor/github.com/hashicorp/vault/api/client.go

@@ -82,6 +82,8 @@ const (
 const (
 	EnvVaultAgentAddress = "VAULT_AGENT_ADDR"
 	EnvVaultInsecure     = "VAULT_SKIP_VERIFY"
+
+	DefaultAddress = "https://127.0.0.1:8200"
 )
 
 // WrappingLookupFunc is a function that, given an HTTP verb and a path,
@@ -248,7 +250,7 @@ type TLSConfig struct {
 // If an error is encountered, the Error field on the returned *Config will be populated with the specific error.
 func DefaultConfig() *Config {
 	config := &Config{
-		Address:      "https://127.0.0.1:8200",
+		Address:      DefaultAddress,
 		HttpClient:   cleanhttp.DefaultPooledClient(),
 		Timeout:      time.Second * 60,
 		MinRetryWait: time.Millisecond * 1000,
@@ -528,6 +530,7 @@ func (c *Config) ParseAddress(address string) (*url.URL, error) {
 		return nil, err
 	}
 
+	previousAddress := c.Address
 	c.Address = address
 
 	if strings.HasPrefix(address, "unix://") {
@@ -550,7 +553,7 @@ func (c *Config) ParseAddress(address string) (*url.URL, error) {
 		} else {
 			return nil, fmt.Errorf("attempting to specify unix:// address with non-transport transport")
 		}
-	} else if strings.HasPrefix(c.Address, "unix://") {
+	} else if strings.HasPrefix(previousAddress, "unix://") {
 		// When the address being set does not begin with unix:// but the previous
 		// address in the Config did, change the transport's DialContext back to
 		// use the default configuration that cleanhttp uses.
@@ -589,6 +592,7 @@ type Client struct {
 	requestCallbacks      []RequestCallback
 	responseCallbacks     []ResponseCallback
 	replicationStateStore *replicationStateStore
+	hcpCookie             *http.Cookie
 }
 
 // NewClient returns a new client for the given configuration.
@@ -1025,6 +1029,33 @@ func (c *Client) SetToken(v string) {
 	c.token = v
 }
 
+// HCPCookie returns the HCP cookie being used by this client. It will
+// return an empty cookie when no cookie is set.
+func (c *Client) HCPCookie() string {
+	c.modifyLock.RLock()
+	defer c.modifyLock.RUnlock()
+
+	if c.hcpCookie == nil {
+		return ""
+	}
+	return c.hcpCookie.String()
+}
+
+// SetHCPCookie sets the hcp cookie directly. This won't perform any auth
+// verification, it simply sets the token properly for future requests.
+func (c *Client) SetHCPCookie(v *http.Cookie) error {
+	c.modifyLock.Lock()
+	defer c.modifyLock.Unlock()
+
+	if err := v.Valid(); err != nil {
+		return err
+	}
+
+	c.hcpCookie = v
+
+	return nil
+}
+
 // ClearToken deletes the token if it is set or does nothing otherwise.
 func (c *Client) ClearToken() {
 	c.modifyLock.Lock()
@@ -1299,6 +1330,8 @@ func (c *Client) NewRequest(method, requestPath string) *Request {
 		Params:      make(map[string][]string),
 	}
 
+	req.HCPCookie = c.hcpCookie
+
 	var lookupPath string
 	switch {
 	case strings.HasPrefix(requestPath, "/v1/"):

vendor/github.com/hashicorp/vault/api/logical.go

@@ -212,6 +212,17 @@ func (c *Logical) WriteWithContext(ctx context.Context, path string, data map[st
 	return c.write(ctx, path, r)
 }
 
+func (c *Logical) WriteRaw(path string, data []byte) (*Response, error) {
+	return c.WriteRawWithContext(context.Background(), path, data)
+}
+
+func (c *Logical) WriteRawWithContext(ctx context.Context, path string, data []byte) (*Response, error) {
+	r := c.c.NewRequest(http.MethodPut, "/v1/"+path)
+	r.BodyBytes = data
+
+	return c.writeRaw(ctx, r)
+}
+
 func (c *Logical) JSONMergePatch(ctx context.Context, path string, data map[string]interface{}) (*Secret, error) {
 	r := c.c.NewRequest(http.MethodPatch, "/v1/"+path)
 	r.Headers.Set("Content-Type", "application/merge-patch+json")
@@ -261,6 +272,14 @@ func (c *Logical) write(ctx context.Context, path string, request *Request) (*Se
 	return ParseSecret(resp.Body)
 }
 
+func (c *Logical) writeRaw(ctx context.Context, request *Request) (*Response, error) {
+	ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
+	defer cancelFunc()
+
+	resp, err := c.c.rawRequestWithContext(ctx, request)
+	return resp, err
+}
+
 func (c *Logical) Delete(path string) (*Secret, error) {
 	return c.DeleteWithContext(context.Background(), path)
 }

vendor/github.com/hashicorp/vault/api/plugin_helpers.go

@@ -51,6 +51,7 @@ type PluginAPIClientMeta struct {
 	flagCAPath     string
 	flagClientCert string
 	flagClientKey  string
+	flagServerName string
 	flagInsecure   bool
 }
 
@@ -62,6 +63,7 @@ func (f *PluginAPIClientMeta) FlagSet() *flag.FlagSet {
 	fs.StringVar(&f.flagCAPath, "ca-path", "", "")
 	fs.StringVar(&f.flagClientCert, "client-cert", "", "")
 	fs.StringVar(&f.flagClientKey, "client-key", "", "")
+	fs.StringVar(&f.flagServerName, "tls-server-name", "", "")
 	fs.BoolVar(&f.flagInsecure, "tls-skip-verify", false, "")
 
 	return fs
@@ -70,13 +72,13 @@ func (f *PluginAPIClientMeta) FlagSet() *flag.FlagSet {
 // GetTLSConfig will return a TLSConfig based off the values from the flags
 func (f *PluginAPIClientMeta) GetTLSConfig() *TLSConfig {
 	// If we need custom TLS configuration, then set it
-	if f.flagCACert != "" || f.flagCAPath != "" || f.flagClientCert != "" || f.flagClientKey != "" || f.flagInsecure {
+	if f.flagCACert != "" || f.flagCAPath != "" || f.flagClientCert != "" || f.flagClientKey != "" || f.flagInsecure || f.flagServerName != "" {
 		t := &TLSConfig{
 			CACert:        f.flagCACert,
 			CAPath:        f.flagCAPath,
 			ClientCert:    f.flagClientCert,
 			ClientKey:     f.flagClientKey,
-			TLSServerName: "",
+			TLSServerName: f.flagServerName,
 			Insecure:      f.flagInsecure,
 		}
 

vendor/github.com/hashicorp/vault/api/plugin_types.go

@@ -7,7 +7,10 @@ package api
 // https://github.com/hashicorp/vault/blob/main/sdk/helper/consts/plugin_types.go
 // Any changes made should be made to both files at the same time.
 
-import "fmt"
+import (
+	"encoding/json"
+	"fmt"
+)
 
 var PluginTypes = []PluginType{
 	PluginTypeUnknown,
@@ -64,3 +67,34 @@ func ParsePluginType(pluginType string) (PluginType, error) {
 		return PluginTypeUnknown, fmt.Errorf("%q is not a supported plugin type", pluginType)
 	}
 }
+
+// UnmarshalJSON implements json.Unmarshaler. It supports unmarshaling either a
+// string or a uint32. All new serialization will be as a string, but we
+// previously serialized as a uint32 so we need to support that for backwards
+// compatibility.
+func (p *PluginType) UnmarshalJSON(data []byte) error {
+	var asString string
+	err := json.Unmarshal(data, &asString)
+	if err == nil {
+		*p, err = ParsePluginType(asString)
+		return err
+	}
+
+	var asUint32 uint32
+	err = json.Unmarshal(data, &asUint32)
+	if err != nil {
+		return err
+	}
+	*p = PluginType(asUint32)
+	switch *p {
+	case PluginTypeUnknown, PluginTypeCredential, PluginTypeDatabase, PluginTypeSecrets:
+		return nil
+	default:
+		return fmt.Errorf("%d is not a supported plugin type", asUint32)
+	}
+}
+
+// MarshalJSON implements json.Marshaler.
+func (p PluginType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(p.String())
+}

vendor/github.com/hashicorp/vault/api/replication_status.go

@@ -19,11 +19,13 @@ const (
 )
 
 type ClusterInfo struct {
-	APIAddr          string `json:"api_address,omitempty" mapstructure:"api_address"`
+	APIAddr                     string `json:"api_address,omitempty" mapstructure:"api_address"`
-	ClusterAddress   string `json:"cluster_address,omitempty" mapstructure:"cluster_address"`
+	ClusterAddress              string `json:"cluster_address,omitempty" mapstructure:"cluster_address"`
-	ConnectionStatus string `json:"connection_status,omitempty" mapstructure:"connection_status"`
+	ConnectionStatus            string `json:"connection_status,omitempty" mapstructure:"connection_status"`
-	LastHeartBeat    string `json:"last_heartbeat,omitempty" mapstructure:"last_heartbeat"`
+	LastHeartBeat               string `json:"last_heartbeat,omitempty" mapstructure:"last_heartbeat"`
-	NodeID           string `json:"node_id,omitempty" mapstructure:"node_id"`
+	LastHeartBeatDurationMillis string `json:"last_heartbeat_duration_ms,omitempty" mapstructure:"last_heartbeat_duration_ms"`
+	ClockSkewMillis             string `json:"clock_skew_ms,omitempty" mapstructure:"clock_skew_ms"`
+	NodeID                      string `json:"node_id,omitempty" mapstructure:"node_id"`
 }
 
 type ReplicationStatusGenericResponse struct {

vendor/github.com/hashicorp/vault/api/request.go

@@ -39,6 +39,9 @@ type Request struct {
 	// EGPs). If set, the override flag will take effect for all policies
 	// evaluated during the request.
 	PolicyOverride bool
+
+	// HCPCookie is used to set a http cookie when client is connected to HCP
+	HCPCookie *http.Cookie
 }
 
 // SetJSONBody is used to set a request body that is a JSON-encoded value.
@@ -145,5 +148,9 @@ func (r *Request) toRetryableHTTP() (*retryablehttp.Request, error) {
 		req.Header.Set("X-Vault-Policy-Override", "true")
 	}
 
+	if r.HCPCookie != nil {
+		req.AddCookie(r.HCPCookie)
+	}
+
 	return req, nil
 }

vendor/github.com/hashicorp/vault/api/secret.go

@@ -42,6 +42,10 @@ type Secret struct {
 	// cubbyhole of the given token (which has a TTL of the given number of
 	// seconds)
 	WrapInfo *SecretWrapInfo `json:"wrap_info,omitempty"`
+
+	// MountType, if non-empty, provides some information about what kind
+	// of mount this secret came from.
+	MountType string `json:"mount_type,omitempty"`
 }
 
 // TokenID returns the standardized token ID (token) for the given secret.

vendor/github.com/hashicorp/vault/api/sys_capabilities.go

@@ -78,3 +78,56 @@ func (c *Sys) CapabilitiesWithContext(ctx context.Context, token, path string) (
 
 	return res, nil
 }
+
+func (c *Sys) CapabilitiesAccessor(accessor, path string) ([]string, error) {
+	return c.CapabilitiesAccessorWithContext(context.Background(), accessor, path)
+}
+
+func (c *Sys) CapabilitiesAccessorWithContext(ctx context.Context, accessor, path string) ([]string, error) {
+	ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
+	defer cancelFunc()
+
+	body := map[string]string{
+		"accessor": accessor,
+		"path":     path,
+	}
+
+	reqPath := "/v1/sys/capabilities-accessor"
+
+	r := c.c.NewRequest(http.MethodPost, reqPath)
+	if err := r.SetJSONBody(body); err != nil {
+		return nil, err
+	}
+
+	resp, err := c.c.rawRequestWithContext(ctx, r)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	secret, err := ParseSecret(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+	if secret == nil || secret.Data == nil {
+		return nil, errors.New("data from server response is empty")
+	}
+
+	var res []string
+	err = mapstructure.Decode(secret.Data[path], &res)
+	if err != nil {
+		return nil, err
+	}
+
+	if len(res) == 0 {
+		_, ok := secret.Data["capabilities"]
+		if ok {
+			err = mapstructure.Decode(secret.Data["capabilities"], &res)
+			if err != nil {
+				return nil, err
+			}
+		}
+	}
+
+	return res, nil
+}

vendor/github.com/hashicorp/vault/api/sys_hastatus.go

@@ -35,12 +35,14 @@ type HAStatusResponse struct {
 }
 
 type HANode struct {
-	Hostname       string     `json:"hostname"`
+	Hostname           string     `json:"hostname"`
-	APIAddress     string     `json:"api_address"`
+	APIAddress         string     `json:"api_address"`
-	ClusterAddress string     `json:"cluster_address"`
+	ClusterAddress     string     `json:"cluster_address"`
-	ActiveNode     bool       `json:"active_node"`
+	ActiveNode         bool       `json:"active_node"`
-	LastEcho       *time.Time `json:"last_echo"`
+	LastEcho           *time.Time `json:"last_echo"`
-	Version        string     `json:"version"`
+	EchoDurationMillis int64      `json:"echo_duration_ms"`
-	UpgradeVersion string     `json:"upgrade_version,omitempty"`
+	ClockSkewMillis    int64      `json:"clock_skew_ms"`
-	RedundancyZone string     `json:"redundancy_zone,omitempty"`
+	Version            string     `json:"version"`
+	UpgradeVersion     string     `json:"upgrade_version,omitempty"`
+	RedundancyZone     string     `json:"redundancy_zone,omitempty"`
 }

vendor/github.com/hashicorp/vault/api/sys_health.go

@@ -49,4 +49,7 @@ type HealthResponse struct {
 	ClusterName                string `json:"cluster_name,omitempty"`
 	ClusterID                  string `json:"cluster_id,omitempty"`
 	LastWAL                    uint64 `json:"last_wal,omitempty"`
+	Enterprise                 bool   `json:"enterprise"`
+	EchoDurationMillis         int64  `json:"echo_duration_ms"`
+	ClockSkewMillis            int64  `json:"clock_skew_ms"`
 }

vendor/github.com/hashicorp/vault/api/sys_mounts.go

@@ -271,6 +271,9 @@ type MountConfigInput struct {
 	AllowedManagedKeys        []string                `json:"allowed_managed_keys,omitempty" mapstructure:"allowed_managed_keys"`
 	PluginVersion             string                  `json:"plugin_version,omitempty"`
 	UserLockoutConfig         *UserLockoutConfigInput `json:"user_lockout_config,omitempty"`
+	DelegatedAuthAccessors    []string                `json:"delegated_auth_accessors,omitempty" mapstructure:"delegated_auth_accessors"`
+	IdentityTokenKey          string                  `json:"identity_token_key,omitempty" mapstructure:"identity_token_key"`
+
 	// Deprecated: This field will always be blank for newer server responses.
 	PluginName string `json:"plugin_name,omitempty" mapstructure:"plugin_name"`
 }
@@ -303,6 +306,9 @@ type MountConfigOutput struct {
 	TokenType                 string                   `json:"token_type,omitempty" mapstructure:"token_type"`
 	AllowedManagedKeys        []string                 `json:"allowed_managed_keys,omitempty" mapstructure:"allowed_managed_keys"`
 	UserLockoutConfig         *UserLockoutConfigOutput `json:"user_lockout_config,omitempty"`
+	DelegatedAuthAccessors    []string                 `json:"delegated_auth_accessors,omitempty" mapstructure:"delegated_auth_accessors"`
+	IdentityTokenKey          string                   `json:"identity_token_key,omitempty" mapstructure:"identity_token_key"`
+
 	// Deprecated: This field will always be blank for newer server responses.
 	PluginName string `json:"plugin_name,omitempty" mapstructure:"plugin_name"`
 }

vendor/github.com/hashicorp/vault/api/sys_plugins.go

@@ -36,6 +36,8 @@ type ListPluginsResponse struct {
 type PluginDetails struct {
 	Type              string `json:"type"`
 	Name              string `json:"name"`
+	OCIImage          string `json:"oci_image,omitempty" mapstructure:"oci_image"`
+	Runtime           string `json:"runtime,omitempty"`
 	Version           string `json:"version,omitempty"`
 	Builtin           bool   `json:"builtin"`
 	DeprecationStatus string `json:"deprecation_status,omitempty" mapstructure:"deprecation_status"`
@@ -144,9 +146,10 @@ type GetPluginResponse struct {
 	Args              []string `json:"args"`
 	Builtin           bool     `json:"builtin"`
 	Command           string   `json:"command"`
-	OCIImage          string   `json:"oci_image"`
 	Name              string   `json:"name"`
 	SHA256            string   `json:"sha256"`
+	OCIImage          string   `json:"oci_image,omitempty"`
+	Runtime           string   `json:"runtime,omitempty"`
 	DeprecationStatus string   `json:"deprecation_status,omitempty"`
 	Version           string   `json:"version,omitempty"`
 }
@@ -206,6 +209,9 @@ type RegisterPluginInput struct {
 	// OCIImage specifies the container image to run as a plugin.
 	OCIImage string `json:"oci_image,omitempty"`
 
+	// Runtime is the Vault plugin runtime to use when running the plugin.
+	Runtime string `json:"runtime,omitempty"`
+
 	// Env specifies a list of key=value pairs to add to the plugin's environment
 	// variables.
 	Env []string `json:"env,omitempty"`
@@ -268,6 +274,22 @@ func (c *Sys) DeregisterPluginWithContext(ctx context.Context, i *DeregisterPlug
 	return err
 }
 
+// RootReloadPluginInput is used as input to the RootReloadPlugin function.
+type RootReloadPluginInput struct {
+	Plugin string     `json:"-"`               // Plugin name, as registered in the plugin catalog.
+	Type   PluginType `json:"-"`               // Plugin type: auth, secret, or database.
+	Scope  string     `json:"scope,omitempty"` // Empty to reload on current node, "global" for all nodes.
+}
+
+// RootReloadPlugin reloads plugins, possibly returning reloadID for a global
+// scoped reload. This is only available in the root namespace, and reloads
+// plugins across all namespaces, whereas ReloadPlugin is available in all
+// namespaces but only reloads plugins in use in the request's namespace.
+func (c *Sys) RootReloadPlugin(ctx context.Context, i *RootReloadPluginInput) (string, error) {
+	path := fmt.Sprintf("/v1/sys/plugins/reload/%s/%s", i.Type.String(), i.Plugin)
+	return c.reloadPluginInternal(ctx, path, i, i.Scope == "global")
+}
+
 // ReloadPluginInput is used as input to the ReloadPlugin function.
 type ReloadPluginInput struct {
 	// Plugin is the name of the plugin to reload, as registered in the plugin catalog
@@ -286,15 +308,20 @@ func (c *Sys) ReloadPlugin(i *ReloadPluginInput) (string, error) {
 }
 
 // ReloadPluginWithContext reloads mounted plugin backends, possibly returning
-// reloadId for a cluster scoped reload
+// reloadID for a cluster scoped reload. It is limited to reloading plugins that
+// are in use in the request's namespace. See RootReloadPlugin for an API that
+// can reload plugins across all namespaces.
 func (c *Sys) ReloadPluginWithContext(ctx context.Context, i *ReloadPluginInput) (string, error) {
+	return c.reloadPluginInternal(ctx, "/v1/sys/plugins/reload/backend", i, i.Scope == "global")
+}
+
+func (c *Sys) reloadPluginInternal(ctx context.Context, path string, body any, global bool) (string, error) {
 	ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
 	defer cancelFunc()
 
-	path := "/v1/sys/plugins/reload/backend"
 	req := c.c.NewRequest(http.MethodPut, path)
 
-	if err := req.SetJSONBody(i); err != nil {
+	if err := req.SetJSONBody(body); err != nil {
 		return "", err
 	}
 
@@ -304,7 +331,7 @@ func (c *Sys) ReloadPluginWithContext(ctx context.Context, i *ReloadPluginInput)
 	}
 	defer resp.Body.Close()
 
-	if i.Scope == "global" {
+	if global {
 		// Get the reload id
 		secret, parseErr := ParseSecret(resp.Body)
 		if parseErr != nil {

vendor/github.com/hashicorp/vault/api/sys_plugins_runtimes.go

@@ -64,8 +64,9 @@ type RegisterPluginRuntimeInput struct {
 
 	OCIRuntime   string `json:"oci_runtime,omitempty"`
 	CgroupParent string `json:"cgroup_parent,omitempty"`
-	CPU          int64  `json:"cpu,omitempty"`
+	CPU          int64  `json:"cpu_nanos,omitempty"`
-	Memory       int64  `json:"memory,omitempty"`
+	Memory       int64  `json:"memory_bytes,omitempty"`
+	Rootless     bool   `json:"rootless,omitempty"`
 }
 
 // RegisterPluginRuntime registers the plugin with the given information.

vendor/github.com/hashicorp/vault/api/sys_seal.go

@@ -109,6 +109,7 @@ type SealStatusResponse struct {
 	ClusterName       string   `json:"cluster_name,omitempty"`
 	ClusterID         string   `json:"cluster_id,omitempty"`
 	RecoverySeal      bool     `json:"recovery_seal"`
+	RecoverySealType  string   `json:"recovery_seal_type,omitempty"`
 	StorageType       string   `json:"storage_type,omitempty"`
 	HCPLinkStatus     string   `json:"hcp_link_status,omitempty"`
 	HCPLinkResourceID string   `json:"hcp_link_resource_ID,omitempty"`

vendor/github.com/hashicorp/vault/api/sys_ui_custom_message.go

@@ -0,0 +1,281 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package api
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net/http"
+	"strconv"
+)
+
+const (
+	// baseEndpoint is the common base URL path for all endpoints used in this
+	// module.
+	baseEndpoint string = "/v1/sys/config/ui/custom-messages"
+)
+
+// ListUICustomMessages calls ListUICustomMessagesWithContext using a background
+// Context.
+func (c *Sys) ListUICustomMessages(req UICustomMessageListRequest) (*Secret, error) {
+	return c.ListUICustomMessagesWithContext(context.Background(), req)
+}
+
+// ListUICustomMessagesWithContext sends a request to the List custom messages
+// endpoint using the provided Context and UICustomMessageListRequest value as
+// the inputs. It returns a pointer to a Secret if a response was obtained from
+// the server, including error responses; or an error if a response could not be
+// obtained due to an error.
+func (c *Sys) ListUICustomMessagesWithContext(ctx context.Context, req UICustomMessageListRequest) (*Secret, error) {
+	ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
+	defer cancelFunc()
+
+	r := c.c.NewRequest("LIST", fmt.Sprintf("%s/", baseEndpoint))
+	if req.Active != nil {
+		r.Params.Add("active", strconv.FormatBool(*req.Active))
+	}
+	if req.Authenticated != nil {
+		r.Params.Add("authenticated", strconv.FormatBool(*req.Authenticated))
+	}
+	if req.Type != nil {
+		r.Params.Add("type", *req.Type)
+	}
+
+	resp, err := c.c.rawRequestWithContext(ctx, r)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	secret, err := ParseSecret(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+	if secret == nil || secret.Data == nil {
+		return nil, errors.New("data from server response is empty")
+	}
+
+	return secret, nil
+}
+
+// CreateUICustomMessage calls CreateUICustomMessageWithContext using a
+// background Context.
+func (c *Sys) CreateUICustomMessage(req UICustomMessageRequest) (*Secret, error) {
+	return c.CreateUICustomMessageWithContext(context.Background(), req)
+}
+
+// CreateUICustomMessageWithContext sends a request to the Create custom
+// messages endpoint using the provided Context and UICustomMessageRequest
+// values as the inputs. It returns a pointer to a Secret if a response was
+// obtained from the server, including error responses; or an error if a
+// response could not be obtained due to an error.
+func (c *Sys) CreateUICustomMessageWithContext(ctx context.Context, req UICustomMessageRequest) (*Secret, error) {
+	ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
+	defer cancelFunc()
+
+	r := c.c.NewRequest(http.MethodPost, baseEndpoint)
+	if err := r.SetJSONBody(&req); err != nil {
+		return nil, fmt.Errorf("error encoding request body to json: %w", err)
+	}
+
+	resp, err := c.c.rawRequestWithContext(ctx, r)
+	if err != nil {
+		return nil, fmt.Errorf("error sending request to server: %w", err)
+	}
+	defer resp.Body.Close()
+
+	secret, err := ParseSecret(resp.Body)
+	if err != nil {
+		return nil, fmt.Errorf("could not parse secret from server response: %w", err)
+	}
+
+	if secret == nil || secret.Data == nil {
+		return nil, errors.New("data from server response is empty")
+	}
+
+	return secret, nil
+}
+
+// ReadUICustomMessage calls ReadUICustomMessageWithContext using a background
+// Context.
+func (c *Sys) ReadUICustomMessage(id string) (*Secret, error) {
+	return c.ReadUICustomMessageWithContext(context.Background(), id)
+}
+
+// ReadUICustomMessageWithContext sends a request to the Read custom message
+// endpoint using the provided Context and id values. It returns a pointer to a
+// Secret if a response was obtained from the server, including error responses;
+// or an error if a response could not be obtained due to an error.
+func (c *Sys) ReadUICustomMessageWithContext(ctx context.Context, id string) (*Secret, error) {
+	ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
+	defer cancelFunc()
+
+	r := c.c.NewRequest(http.MethodGet, fmt.Sprintf("%s/%s", baseEndpoint, id))
+
+	resp, err := c.c.rawRequestWithContext(ctx, r)
+	if err != nil {
+		return nil, fmt.Errorf("error sending request to server: %w", err)
+	}
+	defer resp.Body.Close()
+
+	secret, err := ParseSecret(resp.Body)
+	if err != nil {
+		return nil, fmt.Errorf("could not parse secret from server response: %w", err)
+	}
+
+	if secret == nil || secret.Data == nil {
+		return nil, errors.New("data from server response is empty")
+	}
+
+	return secret, nil
+}
+
+// UpdateUICustomMessage calls UpdateUICustomMessageWithContext using a
+// background Context.
+func (c *Sys) UpdateUICustomMessage(id string, req UICustomMessageRequest) error {
+	return c.UpdateUICustomMessageWithContext(context.Background(), id, req)
+}
+
+// UpdateUICustomMessageWithContext sends a request to the Update custom message
+// endpoint using the provided Context, id, and UICustomMessageRequest values.
+// It returns a pointer to a Secret if a response was obtained from the server,
+// including error responses; or an error if a response could not be obtained
+// due to an error.
+func (c *Sys) UpdateUICustomMessageWithContext(ctx context.Context, id string, req UICustomMessageRequest) error {
+	ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
+	defer cancelFunc()
+
+	r := c.c.NewRequest(http.MethodPost, fmt.Sprintf("%s/%s", baseEndpoint, id))
+	if err := r.SetJSONBody(&req); err != nil {
+		return fmt.Errorf("error encoding request body to json: %w", err)
+	}
+
+	resp, err := c.c.rawRequestWithContext(ctx, r)
+	if err != nil {
+		return fmt.Errorf("error sending request to server: %w", err)
+	}
+	defer resp.Body.Close()
+
+	return nil
+}
+
+// DeleteUICustomMessage calls DeleteUICustomMessageWithContext using a
+// background Context.
+func (c *Sys) DeleteUICustomMessage(id string) error {
+	return c.DeletePolicyWithContext(context.Background(), id)
+}
+
+// DeleteUICustomMessageWithContext sends a request to the Delete custom message
+// endpoint using the provided Context and id values. It returns a pointer to a
+// Secret if a response was obtained from the server, including error responses;
+// or an error if a response could not be obtained due to an error.
+func (c *Sys) DeleteUICustomMessageWithContext(ctx context.Context, id string) error {
+	ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
+	defer cancelFunc()
+
+	r := c.c.NewRequest(http.MethodDelete, fmt.Sprintf("%s/%s", baseEndpoint, id))
+
+	resp, err := c.c.rawRequestWithContext(ctx, r)
+	if err != nil {
+		return fmt.Errorf("error sending request to server: %w", err)
+	}
+	defer resp.Body.Close()
+
+	return nil
+}
+
+// UICustomMessageListRequest is a struct used to contain inputs for the List
+// custom messages request. Each field is optional, so their types are pointers.
+// The With... methods can be used to easily set the fields with pointers to
+// values.
+type UICustomMessageListRequest struct {
+	Authenticated *bool
+	Type          *string
+	Active        *bool
+}
+
+// WithAuthenticated sets the Authenticated field to a pointer referencing the
+// provided bool value.
+func (r *UICustomMessageListRequest) WithAuthenticated(value bool) *UICustomMessageListRequest {
+	r.Authenticated = &value
+
+	return r
+}
+
+// WithType sets the Type field to a pointer referencing the provided string
+// value.
+func (r *UICustomMessageListRequest) WithType(value string) *UICustomMessageListRequest {
+	r.Type = &value
+
+	return r
+}
+
+// WithActive sets the Active field to a pointer referencing the provided bool
+// value.
+func (r *UICustomMessageListRequest) WithActive(value bool) *UICustomMessageListRequest {
+	r.Active = &value
+
+	return r
+}
+
+// UICustomMessageRequest is a struct containing the properties of a custom
+// message. The Link field can be set using the WithLink method.
+type UICustomMessageRequest struct {
+	Title         string               `json:"title"`
+	Message       string               `json:"message"`
+	Authenticated bool                 `json:"authenticated"`
+	Type          string               `json:"type"`
+	StartTime     string               `json:"start_time"`
+	EndTime       string               `json:"end_time,omitempty"`
+	Link          *uiCustomMessageLink `json:"link,omitempty"`
+	Options       map[string]any       `json:"options,omitempty"`
+}
+
+// WithLink sets the Link field to the address of a new uiCustomMessageLink
+// struct constructed from the provided title and href values.
+func (r *UICustomMessageRequest) WithLink(title, href string) *UICustomMessageRequest {
+	r.Link = &uiCustomMessageLink{
+		Title: title,
+		Href:  href,
+	}
+
+	return r
+}
+
+// uiCustomMessageLink is a utility struct used to represent a link associated
+// with a custom message.
+type uiCustomMessageLink struct {
+	Title string
+	Href  string
+}
+
+// MarshalJSON encodes the state of the receiver uiCustomMessageLink as JSON and
+// returns those encoded bytes or an error.
+func (l uiCustomMessageLink) MarshalJSON() ([]byte, error) {
+	m := make(map[string]string)
+
+	m[l.Title] = l.Href
+
+	return json.Marshal(m)
+}
+
+// UnmarshalJSON updates the state of the receiver uiCustomMessageLink from the
+// provided JSON encoded bytes. It returns an error if there was a failure.
+func (l *uiCustomMessageLink) UnmarshalJSON(b []byte) error {
+	m := make(map[string]string)
+
+	if err := json.Unmarshal(b, &m); err != nil {
+		return err
+	}
+
+	for k, v := range m {
+		l.Title = k
+		l.Href = v
+		break
+	}
+
+	return nil
+}

vendor/github.com/onsi/ginkgo/v2/CHANGELOG.md

@@ -1,3 +1,21 @@
+## 2.15.0
+
+### Features
+
+- JUnit reports now interpret Label(owner:X) and set owner to X. [8f3bd70]
+- include cancellation reason when cancelling spec context [96e915c]
+
+### Fixes
+
+- emit output of failed go tool cover invocation so users can try to debug things for themselves [c245d09]
+- fix outline when using nodot in ginkgo v2 [dca77c8]
+- Document areas where GinkgoT() behaves differently from testing.T [dbaf18f]
+- bugfix(docs): use Unsetenv instead of Clearenv (#1337) [6f67a14]
+
+### Maintenance
+
+- Bump to go 1.20 [4fcd0b3]
+
 ## 2.14.0
 
 ### Features

vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/profiles_and_reports.go

@@ -144,7 +144,7 @@ func FinalizeProfilesAndReportsForSuites(suites TestSuites, cliConfig types.CLIC
 	return messages, nil
 }
 
-//loads each profile, combines them, deletes them, stores them in destination
+// loads each profile, combines them, deletes them, stores them in destination
 func MergeAndCleanupCoverProfiles(profiles []string, destination string) error {
 	combined := &bytes.Buffer{}
 	modeRegex := regexp.MustCompile(`^mode: .*\n`)
@@ -184,7 +184,7 @@ func GetCoverageFromCoverProfile(profile string) (float64, error) {
 	cmd := exec.Command("go", "tool", "cover", "-func", profile)
 	output, err := cmd.CombinedOutput()
 	if err != nil {
-		return 0, fmt.Errorf("Could not process Coverprofile %s: %s", profile, err.Error())
+		return 0, fmt.Errorf("Could not process Coverprofile %s: %s - %s", profile, err.Error(), string(output))
 	}
 	re := regexp.MustCompile(`total:\s*\(statements\)\s*(\d*\.\d*)\%`)
 	matches := re.FindStringSubmatch(string(output))

vendor/github.com/onsi/ginkgo/v2/ginkgo/outline/ginkgo.go

@@ -1,10 +1,11 @@
 package outline
 
 import (
-	"github.com/onsi/ginkgo/v2/types"
 	"go/ast"
 	"go/token"
 	"strconv"
+
+	"github.com/onsi/ginkgo/v2/types"
 )
 
 const (

vendor/github.com/onsi/ginkgo/v2/ginkgo/outline/import.go

@@ -28,14 +28,7 @@ func packageNameForImport(f *ast.File, path string) *string {
 	}
 	name := spec.Name.String()
 	if name == "<nil>" {
-		// If the package name is not explicitly specified,
+		name = "ginkgo"
-		// make an educated guess. This is not guaranteed to be correct.
-		lastSlash := strings.LastIndex(path, "/")
-		if lastSlash == -1 {
-			name = path
-		} else {
-			name = path[lastSlash+1:]
-		}
 	}
 	if name == "." {
 		name = ""

vendor/github.com/onsi/ginkgo/v2/ginkgo_t_dsl.go

@@ -15,6 +15,11 @@ GinkgoT() is analogous to *testing.T and implements the majority of *testing.T's
 GinkgoT() takes an optional offset argument that can be used to get the
 correct line number associated with the failure - though you do not need to use this if you call GinkgoHelper() or GinkgoT().Helper() appropriately
 
+GinkgoT() attempts to mimic the behavior of `testing.T` with the exception of the following:
+
+- Error/Errorf: failures in Ginkgo always immediately stop execution and there is no mechanism to log a failure without aborting the test.  As such Error/Errorf are equivalent to Fatal/Fatalf.
+- Parallel() is a no-op as Ginkgo's multi-process parallelism model is substantially different from go test's in-process model.
+
 You can learn more here: https://onsi.github.io/ginkgo/#using-third-party-libraries
 */
 func GinkgoT(optionalOffset ...int) FullGinkgoTInterface {

vendor/github.com/onsi/ginkgo/v2/internal/spec_context.go

@@ -17,7 +17,7 @@ type specContext struct {
 	context.Context
 	*ProgressReporterManager
 
-	cancel context.CancelFunc
+	cancel context.CancelCauseFunc
 
 	suite *Suite
 }
@@ -30,7 +30,7 @@ Note that while SpecContext is used to enforce deadlines by Ginkgo it is not con
 This is because Ginkgo needs finer control over when the context is canceled.  Specifically, Ginkgo needs to generate a ProgressReport before it cancels the context to ensure progress is captured where the spec is currently running.  The only way to avoid a race here is to manually control the cancellation.
 */
 func NewSpecContext(suite *Suite) *specContext {
-	ctx, cancel := context.WithCancel(context.Background())
+	ctx, cancel := context.WithCancelCause(context.Background())
 	sc := &specContext{
 		cancel:                  cancel,
 		suite:                   suite,

vendor/github.com/onsi/ginkgo/v2/internal/suite.go

@@ -858,7 +858,7 @@ func (suite *Suite) runNode(node Node, specDeadline time.Time, text string) (typ
 	}
 
 	sc := NewSpecContext(suite)
-	defer sc.cancel()
+	defer sc.cancel(fmt.Errorf("spec has finished"))
 
 	suite.selectiveLock.Lock()
 	suite.currentSpecContext = sc
@@ -958,7 +958,7 @@ func (suite *Suite) runNode(node Node, specDeadline time.Time, text string) (typ
 
 			// tell the spec to stop.  it's important we generate the progress report first to make sure we capture where
 			// the spec is actually stuck
-			sc.cancel()
+			sc.cancel(fmt.Errorf("%s timeout occurred", timeoutInPlay))
 			//and now we wait for the grace period
 			gracePeriodChannel = time.After(gracePeriod)
 		case <-interruptStatus.Channel:
@@ -985,7 +985,7 @@ func (suite *Suite) runNode(node Node, specDeadline time.Time, text string) (typ
 			}
 
 			progressReport = progressReport.WithoutOtherGoroutines()
-			sc.cancel()
+			sc.cancel(fmt.Errorf(interruptStatus.Message()))
 
 			if interruptStatus.Level == interrupt_handler.InterruptLevelBailOut {
 				if interruptStatus.ShouldIncludeProgressReport() {

vendor/github.com/onsi/ginkgo/v2/reporters/junit_report.go

@@ -15,6 +15,7 @@ import (
 	"fmt"
 	"os"
 	"path"
+	"regexp"
 	"strings"
 
 	"github.com/onsi/ginkgo/v2/config"
@@ -104,6 +105,8 @@ type JUnitProperty struct {
 	Value string `xml:"value,attr"`
 }
 
+var ownerRE = regexp.MustCompile(`(?i)^owner:(.*)$`)
+
 type JUnitTestCase struct {
 	// Name maps onto the full text of the spec - equivalent to "[SpecReport.LeafNodeType] SpecReport.FullText()"
 	Name string `xml:"name,attr"`
@@ -113,6 +116,8 @@ type JUnitTestCase struct {
 	Status string `xml:"status,attr"`
 	// Time is the time in seconds to execute the spec - maps onto SpecReport.RunTime
 	Time float64 `xml:"time,attr"`
+	// Owner is the owner the spec - is set if a label matching Label("owner:X") is provided.  The last matching label is used as the owner, thereby allowing specs to override owners specified in container nodes.
+	Owner string `xml:"owner,attr,omitempty"`
 	//Skipped is populated with a message if the test was skipped or pending
 	Skipped *JUnitSkipped `xml:"skipped,omitempty"`
 	//Error is populated if the test panicked or was interrupted
@@ -195,6 +200,12 @@ func GenerateJUnitReportWithConfig(report types.Report, dst string, config Junit
 		if len(labels) > 0 && !config.OmitSpecLabels {
 			name = name + " [" + strings.Join(labels, ", ") + "]"
 		}
+		owner := ""
+		for _, label := range labels {
+			if matches := ownerRE.FindStringSubmatch(label); len(matches) == 2 {
+				owner = matches[1]
+			}
+		}
 		name = strings.TrimSpace(name)
 
 		test := JUnitTestCase{
@@ -202,6 +213,7 @@ func GenerateJUnitReportWithConfig(report types.Report, dst string, config Junit
 			Classname: report.SuiteDescription,
 			Status:    spec.State.String(),
 			Time:      spec.RunTime.Seconds(),
+			Owner:     owner,
 		}
 		if !spec.State.Is(config.OmitTimelinesForSpecState) {
 			test.SystemErr = systemErrForUnstructuredReporters(spec)

vendor/github.com/onsi/ginkgo/v2/types/version.go

@@ -1,3 +1,3 @@
 package types
 
-const VERSION = "2.14.0"
+const VERSION = "2.15.0"

vendor/github.com/onsi/gomega/CHANGELOG.md

@@ -1,3 +1,28 @@
+## 1.31.1
+
+### Fixes
+- Inverted arguments order of FailureMessage of BeComparableToMatcher [e0dd999]
+- Update test in case keeping msg is desired [ad1a367]
+
+### Maintenance
+- Show how to import the format sub package [24e958d]
+- tidy up go.sum [26661b8]
+- bump dependencies [bde8f7a]
+
+## 1.31.0
+
+### Features
+- Async assertions include context cancellation cause if present [121c37f]
+
+### Maintenance
+- Bump minimum go version [dee1e3c]
+- docs: fix typo in example usage "occured" -> "occurred" [49005fe]
+- Bump actions/setup-go from 4 to 5 (#714) [f1c8757]
+- Bump github/codeql-action from 2 to 3 (#715) [9836e76]
+- Bump github.com/onsi/ginkgo/v2 from 2.13.0 to 2.13.2 (#713) [54726f0]
+- Bump golang.org/x/net from 0.17.0 to 0.19.0 (#711) [df97ecc]
+- docs: fix `HaveExactElement` typo (#712) [a672c86]
+
 ## 1.30.0
 
 ### Features

vendor/github.com/onsi/gomega/gomega_dsl.go

@@ -22,7 +22,7 @@ import (
 	"github.com/onsi/gomega/types"
 )
 
-const GOMEGA_VERSION = "1.30.0"
+const GOMEGA_VERSION = "1.31.1"
 
 const nilGomegaPanic = `You are trying to make an assertion, but haven't registered Gomega's fail handler.
 If you're using Ginkgo then you probably forgot to put your assertion in an It().

vendor/github.com/onsi/gomega/internal/async_assertion.go

@@ -553,7 +553,12 @@ func (assertion *AsyncAssertion) match(matcher types.GomegaMatcher, desiredMatch
 				lock.Unlock()
 			}
 		case <-contextDone:
-			fail("Context was cancelled")
+			err := context.Cause(assertion.ctx)
+			if err != nil && err != context.Canceled {
+				fail(fmt.Sprintf("Context was cancelled (cause: %s)", err))
+			} else {
+				fail("Context was cancelled")
+			}
 			return false
 		case <-timeout:
 			if assertion.asyncType == AsyncAssertionTypeEventually {

vendor/github.com/onsi/gomega/matchers.go

@@ -394,7 +394,7 @@ func ConsistOf(elements ...interface{}) types.GomegaMatcher {
 	}
 }
 
-// HaveExactElemets succeeds if actual contains elements that precisely match the elemets passed into the matcher. The ordering of the elements does matter.
+// HaveExactElements succeeds if actual contains elements that precisely match the elemets passed into the matcher. The ordering of the elements does matter.
 // By default HaveExactElements() uses Equal() to match the elements, however custom matchers can be passed in instead.  Here are some examples:
 //
 //	Expect([]string{"Foo", "FooBar"}).Should(HaveExactElements("Foo", "FooBar"))

vendor/github.com/onsi/gomega/matchers/be_comparable_to_matcher.go

@@ -41,9 +41,9 @@ func (matcher *BeComparableToMatcher) Match(actual interface{}) (success bool, m
 }
 
 func (matcher *BeComparableToMatcher) FailureMessage(actual interface{}) (message string) {
-	return cmp.Diff(matcher.Expected, actual, matcher.Options)
+	return fmt.Sprint("Expected object to be comparable, diff: ", cmp.Diff(actual, matcher.Expected, matcher.Options...))
 }
 
 func (matcher *BeComparableToMatcher) NegatedFailureMessage(actual interface{}) (message string) {
-	return format.Message(actual, "not to equal", matcher.Expected)
+	return format.Message(actual, "not to be comparable to", matcher.Expected)
 }

vendor/modules.txt

@@ -17,7 +17,7 @@ github.com/antlr/antlr4/runtime/Go/antlr/v4
 # github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a
 ## explicit
 github.com/asaskevich/govalidator
-# github.com/aws/aws-sdk-go v1.49.21
+# github.com/aws/aws-sdk-go v1.50.6
 ## explicit; go 1.19
 github.com/aws/aws-sdk-go/aws
 github.com/aws/aws-sdk-go/aws/auth/bearer
@@ -310,7 +310,7 @@ github.com/google/gofuzz/bytesource
 # github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1
 ## explicit; go 1.14
 github.com/google/pprof/profile
-# github.com/google/uuid v1.5.0
+# github.com/google/uuid v1.6.0
 ## explicit
 github.com/google/uuid
 # github.com/gorilla/websocket v1.5.0
@@ -364,7 +364,7 @@ github.com/hashicorp/hcl/hcl/token
 github.com/hashicorp/hcl/json/parser
 github.com/hashicorp/hcl/json/scanner
 github.com/hashicorp/hcl/json/token
-# github.com/hashicorp/vault/api v1.10.0
+# github.com/hashicorp/vault/api v1.11.0
 ## explicit; go 1.19
 github.com/hashicorp/vault/api
 # github.com/hashicorp/vault/api/auth/approle v0.5.0
@@ -447,8 +447,8 @@ github.com/munnerz/goautoneg
 # github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f
 ## explicit
 github.com/mxk/go-flowrate/flowrate
-# github.com/onsi/ginkgo/v2 v2.14.0
+# github.com/onsi/ginkgo/v2 v2.15.0
-## explicit; go 1.18
+## explicit; go 1.20
 github.com/onsi/ginkgo/v2
 github.com/onsi/ginkgo/v2/config
 github.com/onsi/ginkgo/v2/formatter
@@ -469,8 +469,8 @@ github.com/onsi/ginkgo/v2/internal/parallel_support
 github.com/onsi/ginkgo/v2/internal/testingtproxy
 github.com/onsi/ginkgo/v2/reporters
 github.com/onsi/ginkgo/v2/types
-# github.com/onsi/gomega v1.30.0
+# github.com/onsi/gomega v1.31.1
-## explicit; go 1.18
+## explicit; go 1.20
 github.com/onsi/gomega
 github.com/onsi/gomega/format
 github.com/onsi/gomega/gcustom