Remove in-tree credential plugins (again)

This change reverts three commits: 1. Revert "Revert "Remove gcp and azure auth plugins"" This reverts commit 651b4f5b647a205d12fad4d0edc489d97109cccc. 2. Revert "update-gofmt" This reverts commit 79c09f0b310b8b66f8f14ad254f268788c42e076. 3. Revert "Update removal warnings to 1.26" This reverts commit 68758fc5c5099c83104a637e6d6ad3f4534f0d08. Signed-off-by: Monis Khan <mok@microsoft.com> Kubernetes-commit: 09cde58bbc13ff1229f61146221f56af4ff675dc
2025-07-03 18:26:59 +00:00 · 2022-09-08 19:11:03 -04:00 · 2022-09-08 19:11:03 -04:00 · 7d208ba573
commit 7d208ba573
parent e003fa92aa
10 changed files with 77 additions and 2196 deletions
--- a/go.mod
+++ b/go.mod
@ -5,8 +5,6 @@ module k8s.io/client-go
 go 1.19
 require (
 	github.com/Azure/go-autorest/autorest v0.11.27
 	github.com/Azure/go-autorest/autorest/adal v0.9.20
 	github.com/davecgh/go-spew v1.1.1
 	github.com/evanphx/json-patch v4.12.0+incompatible
 	github.com/gogo/protobuf v1.3.2
@ -26,8 +24,8 @@ require (
 	golang.org/x/term v0.0.0-20210927222741-03fcf44c2211
 	golang.org/x/time v0.0.0-20220210224613-90d013bbcef8
 	google.golang.org/protobuf v1.28.1
-	k8s.io/api v0.0.0-20220908151745-929c3f077990
+	k8s.io/api v0.0.0
-	k8s.io/apimachinery v0.0.0-20220902183049-31bc292891b6
+	k8s.io/apimachinery v0.0.0
 	k8s.io/klog/v2 v2.80.0
 	k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1
 	k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed
@ -36,11 +34,6 @@ require (
 )
 require (
 	cloud.google.com/go v0.97.0 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
 	github.com/Azure/go-autorest/logger v0.2.1 // indirect
 	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
 	github.com/PuerkitoBio/purell v1.1.1 // indirect
 	github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
 	github.com/emicklei/go-restful/v3 v3.8.0 // indirect
@ -48,7 +41,6 @@ require (
 	github.com/go-openapi/jsonpointer v0.19.5 // indirect
 	github.com/go-openapi/jsonreference v0.19.5 // indirect
 	github.com/go-openapi/swag v0.19.14 // indirect
 	github.com/golang-jwt/jwt/v4 v4.2.0 // indirect
 	github.com/google/btree v1.0.1 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
@ -59,7 +51,6 @@ require (
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd // indirect
 	golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f // indirect
 	golang.org/x/text v0.3.7 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
@ -70,6 +61,7 @@ require (
 )
 replace (
-	k8s.io/api => k8s.io/api v0.0.0-20220908151745-929c3f077990
+	k8s.io/api => ../api
-	k8s.io/apimachinery => k8s.io/apimachinery v0.0.0-20220902183049-31bc292891b6
+	k8s.io/apimachinery => ../apimachinery
 	k8s.io/client-go => ../client-go
 )
--- a/go.sum
+++ b/go.sum
@ -13,19 +13,6 @@ cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKV
 cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
 cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
 cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
 cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI=
 cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk=
 cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg=
 cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8=
 cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0=
 cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY=
 cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM=
 cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY=
 cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ=
 cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI=
 cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4=
 cloud.google.com/go v0.97.0 h1:3DXvAyifywvq64LfkKaMOmkWPS1CikIQdMe2lY9vxU8=
 cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc=
 cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
 cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
 cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
@ -44,41 +31,19 @@ cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohl
 cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
 cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs=
 github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
 github.com/Azure/go-autorest/autorest v0.11.27 h1:F3R3q42aWytozkV8ihzcgMO4OA4cuqr3bNlsEuF6//A=
 github.com/Azure/go-autorest/autorest v0.11.27/go.mod h1:7l8ybrIdUmGqZMTD0sRtAr8NvbHjfofbf8RSP2q7w7U=
 github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ=
 github.com/Azure/go-autorest/autorest/adal v0.9.20 h1:gJ3E98kMpFB1MFqQCvA1yFab8vthOeD4VlFRQULxahg=
 github.com/Azure/go-autorest/autorest/adal v0.9.20/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ=
 github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw=
 github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74=
 github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
 github.com/Azure/go-autorest/autorest/mocks v0.4.2 h1:PGN4EDXnuQbojHbU0UWoNvmu9AGVwYHG9/fkDYhtAfw=
 github.com/Azure/go-autorest/autorest/mocks v0.4.2/go.mod h1:Vy7OitM9Kei0i1Oj+LvyAWMXJHeKH1MVlzFugfVrmyU=
 github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+ZtXWSmf4Tg=
 github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
 github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo=
 github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/PuerkitoBio/purell v1.1.1 h1:WEQqlqaGbrPkxLJWfBwQmfEAE1Z7ONdDLqrN38tNFfI=
 github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
 github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV/sSk/8dngufqelfh6jnri85riMAaF/M=
 github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
@ -90,14 +55,9 @@ github.com/emicklei/go-restful/v3 v3.8.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
 github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po=
 github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
 github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
 github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84=
 github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
@ -115,9 +75,6 @@ github.com/go-openapi/swag v0.19.14 h1:gm3vOOXfiuw5i9p5N9xJvfjvuofpyvLA9Wr6QfK5F
 github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
 github.com/golang-jwt/jwt/v4 v4.2.0 h1:besgBTC8w8HjP6NzQdxwKH9Z5oQMZ24ThTrHp3cZ8eU=
 github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@ -131,8 +88,6 @@ github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt
 github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
 github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
 github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
 github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8=
 github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
@ -146,12 +101,9 @@ github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:W
 github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
 github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
 github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM=
 github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4=
@ -165,11 +117,7 @@ github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
 github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
@ -177,8 +125,6 @@ github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g=
 github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
 github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
 github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
 github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk=
 github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
 github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
 github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
@ -186,27 +132,17 @@ github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hf
 github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/uuid v1.1.2 h1:EVhdT+1Kseyi1/pUmXKaFxYsDNy9RQYkMWRH68J/W7Y=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0=
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 h1:pdN6V1QBWetyv/0+wjACpqVH+eVULgEjkurDLq3goeM=
 github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
 github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28=
 github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
@ -247,9 +183,7 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
 github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
@ -265,24 +199,16 @@ github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
 go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
 go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd h1:XcWmESyNjXJMLahc3mqVQJcgSTDxFxhETVlfk9uGc38=
 golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@ -305,8 +231,6 @@ golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHl
 golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
 golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
 golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
 golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
@ -315,9 +239,6 @@ golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzB
 golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@ -346,15 +267,6 @@ golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81R
 golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b h1:PxfKdU9lEEDYjdIzOtC4qFWgkU2rGHdKlKowJSMN9h0=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
@ -363,16 +275,6 @@ golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4Iltr
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b h1:clP8eMhB30EHdc0bd2Twtq6kgU7yl5ub2cQLSdrv1Dg=
 golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@ -384,8 +286,6 @@ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@ -411,31 +311,11 @@ golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f h1:v4INt8xihDGvnrfjMDVXGxw9wrfxYyCjk0KbXjhR55s=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@ -443,9 +323,6 @@ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@ -494,18 +371,7 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY
 golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE=
 golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
 golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@ -526,18 +392,6 @@ google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0M
 google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
 google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
 google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
 google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg=
 google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE=
 google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8=
 google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU=
 google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94=
 google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo=
 google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4=
 google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw=
 google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU=
 google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k=
 google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE=
 google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
@ -569,39 +423,13 @@ google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfG
 google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
 google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
 google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A=
 google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A=
 google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
 google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
 google.golang.org/genproto v0.0.0-20210608205507-b6d2f5bf0d7d/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
 google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24=
 google.golang.org/genproto v0.0.0-20210713002101-d411969a0d9a/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k=
 google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k=
 google.golang.org/genproto v0.0.0-20210728212813-7823e685a01f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48=
 google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48=
 google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwySK631ADgubI+/XFU/xp8FD5KIVV4rj8UC5w=
 google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
 google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
 google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
 google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
 google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
@ -614,20 +442,6 @@ google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKa
 google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
 google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
 google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
 google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
 google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0=
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
 google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8=
 google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
 google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
 google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
 google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
 google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
 google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
 google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
 google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
 google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
 google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@ -640,7 +454,6 @@ google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGj
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w=
 google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@ -652,7 +465,6 @@ gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
@ -667,10 +479,6 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 k8s.io/api v0.0.0-20220908151745-929c3f077990 h1:i9qPcRqRAx+FjGDG24rliKydPgBQR2PlvOWOm8XhT0E=
 k8s.io/api v0.0.0-20220908151745-929c3f077990/go.mod h1:79dXRhEG/Q3WjCgZ7l8YtD1tVlH/shHuG6msPmRw/DQ=
 k8s.io/apimachinery v0.0.0-20220902183049-31bc292891b6 h1:BH5hWQ9ueHKgA42ApyJ9RXSibEUHvd9TDr1RBZ6e7lE=
 k8s.io/apimachinery v0.0.0-20220902183049-31bc292891b6/go.mod h1:L+XGzqdcOht8VoBmzPAoKcYLqUOWkB5nxGF/6z4/ubo=
 k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
 k8s.io/klog/v2 v2.80.0 h1:lyJt0TWMPaGoODa8B8bUuxgHS3W/m/bNr2cca3brA/g=
 k8s.io/klog/v2 v2.80.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
--- a/plugin/pkg/client/auth/azure/README.md
+++ b/plugin/pkg/client/auth/azure/README.md
@ -1,56 +0,0 @@
 # Azure Active Directory plugin for client authentication
 This plugin provides an integration with Azure Active Directory device flow. If no tokens are present in the kubectl configuration, it will prompt a device code which can be used to login in a browser. After login it will automatically fetch the tokens and store them in the kubectl configuration. In addition it will refresh and update the tokens in the configuration when expired.
 ## Usage
 1. Create an Azure Active Directory *Web App / API* application for `apiserver` following these [instructions](https://docs.microsoft.com/en-us/azure/active-directory/active-directory-app-registration). The callback URL does not matter (just cannot be empty).
 2. Create a second Azure Active Directory native application for `kubectl`. The callback URL does not matter (just cannot be empty).
 3. On `kubectl` application's configuration page in Azure portal grant permissions to `apiserver` application by clicking on *Required Permissions*, click the *Add* button and search for the apiserver application created in step 1. Select "Access apiserver" under the *DELEGATED PERMISSIONS*. Once added click the *Grant Permissions* button to apply the changes.
 4. Configure the `apiserver` to use the Azure Active Directory as an OIDC provider with following options
   ```
   --oidc-client-id="spn:APISERVER_APPLICATION_ID" \
   --oidc-issuer-url="https://sts.windows.net/TENANT_ID/"
   --oidc-username-claim="sub"
   ```
   * Replace the `APISERVER_APPLICATION_ID` with the application ID of `apiserver` application
   * Replace `TENANT_ID` with your tenant ID.
   * For a list of alternative username claims that are supported by the OIDC issuer check the JSON response at `https://sts.windows.net/TENANT_ID/.well-known/openid-configuration`.
 5. Configure `kubectl` to use the `azure` authentication provider
   ```
   kubectl config set-credentials "USER_NAME" --auth-provider=azure \
     --auth-provider-arg=environment=AzurePublicCloud \
     --auth-provider-arg=client-id=APPLICATION_ID \
     --auth-provider-arg=tenant-id=TENANT_ID \
     --auth-provider-arg=apiserver-id=APISERVER_APPLICATION_ID
   ```
   * Supported environments: `AzurePublicCloud`, `AzureUSGovernmentCloud`, `AzureChinaCloud`, `AzureGermanCloud`
   * Replace `USER_NAME` and `TENANT_ID` with your user name and tenant ID
   * Replace `APPLICATION_ID` with the application ID of your`kubectl` application ID
   * Replace `APISERVER_APPLICATION_ID` with the application ID of your `apiserver` application ID
   * Be sure to also (create and) select a context that uses above user
 6. (Optionally) the AAD token has `aud` claim with `spn:` prefix. To omit that, add following auth configuration:
   ```
     --auth-provider-arg=config-mode="1"
   ```
 7. The access token is acquired when first `kubectl` command is executed
   ```
   kubectl get pods
   To sign in, use a web browser to open the page https://aka.ms/devicelogin and enter the code DEC7D48GA to authenticate.
   ```
   * After signing in a web browser, the token is stored in the configuration, and it will be reused when executing further commands.
   * The resulting username in Kubernetes depends on your [configuration of the `--oidc-username-claim` and `--oidc-username-prefix` flags on the API server](https://kubernetes.io/docs/admin/authentication/#configuring-the-api-server). If you are using any authorization method you need to give permissions to that user, e.g. by binding the user to a role in the case of RBAC.
--- a/plugin/pkg/client/auth/azure/azure.go
+++ b/plugin/pkg/client/auth/azure/azure.go
@ -1,477 +0,0 @@
 /*
 Copyright 2017 The Kubernetes Authors.
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
    http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package azure
 import (
 	"encoding/json"
 	"errors"
 	"fmt"
 	"net/http"
 	"os"
 	"strconv"
 	"sync"
 	"github.com/Azure/go-autorest/autorest"
 	"github.com/Azure/go-autorest/autorest/adal"
 	"github.com/Azure/go-autorest/autorest/azure"
 	"k8s.io/klog/v2"
 	"k8s.io/apimachinery/pkg/util/net"
 	restclient "k8s.io/client-go/rest"
 )
 type configMode int
 const (
 	azureTokenKey = "azureTokenKey"
 	tokenType     = "Bearer"
 	authHeader    = "Authorization"
 	cfgClientID     = "client-id"
 	cfgTenantID     = "tenant-id"
 	cfgAccessToken  = "access-token"
 	cfgRefreshToken = "refresh-token"
 	cfgExpiresIn    = "expires-in"
 	cfgExpiresOn    = "expires-on"
 	cfgEnvironment  = "environment"
 	cfgApiserverID  = "apiserver-id"
 	cfgConfigMode   = "config-mode"
 	configModeDefault       configMode = 0
 	configModeOmitSPNPrefix configMode = 1
 )
 func init() {
 	if err := restclient.RegisterAuthProviderPlugin("azure", newAzureAuthProvider); err != nil {
 		klog.Fatalf("Failed to register azure auth plugin: %v", err)
 	}
 }
 var cache = newAzureTokenCache()
 type azureTokenCache struct {
 	lock  sync.Mutex
 	cache map[string]*azureToken
 }
 func newAzureTokenCache() *azureTokenCache {
 	return &azureTokenCache{cache: make(map[string]*azureToken)}
 }
 func (c *azureTokenCache) getToken(tokenKey string) *azureToken {
 	c.lock.Lock()
 	defer c.lock.Unlock()
 	return c.cache[tokenKey]
 }
 func (c *azureTokenCache) setToken(tokenKey string, token *azureToken) {
 	c.lock.Lock()
 	defer c.lock.Unlock()
 	c.cache[tokenKey] = token
 }
 var warnOnce sync.Once
 func newAzureAuthProvider(_ string, cfg map[string]string, persister restclient.AuthProviderConfigPersister) (restclient.AuthProvider, error) {
 	// deprecated in v1.22, remove in v1.25
 	warnOnce.Do(func() {
 		klog.Warningf(`WARNING: the azure auth plugin is deprecated in v1.22+, unavailable in v1.26+; use https://github.com/Azure/kubelogin instead.
 To learn more, consult https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins`)
 	})
 	var (
 		ts          tokenSource
 		environment azure.Environment
 		err         error
 		mode        configMode
 	)
 	environment, err = azure.EnvironmentFromName(cfg[cfgEnvironment])
 	if err != nil {
 		environment = azure.PublicCloud
 	}
 	mode = configModeDefault
 	if cfg[cfgConfigMode] != "" {
 		configModeInt, err := strconv.Atoi(cfg[cfgConfigMode])
 		if err != nil {
 			return nil, fmt.Errorf("failed to parse %s, error: %s", cfgConfigMode, err)
 		}
 		mode = configMode(configModeInt)
 		switch mode {
 		case configModeOmitSPNPrefix:
 		case configModeDefault:
 		default:
 			return nil, fmt.Errorf("%s:%s is not a valid mode", cfgConfigMode, cfg[cfgConfigMode])
 		}
 	}
 	ts, err = newAzureTokenSourceDeviceCode(environment, cfg[cfgClientID], cfg[cfgTenantID], cfg[cfgApiserverID], mode)
 	if err != nil {
 		return nil, fmt.Errorf("creating a new azure token source for device code authentication: %v", err)
 	}
 	cacheSource := newAzureTokenSource(ts, cache, cfg, mode, persister)
 	return &azureAuthProvider{
 		tokenSource: cacheSource,
 	}, nil
 }
 type azureAuthProvider struct {
 	tokenSource tokenSource
 }
 func (p *azureAuthProvider) Login() error {
 	return errors.New("not yet implemented")
 }
 func (p *azureAuthProvider) WrapTransport(rt http.RoundTripper) http.RoundTripper {
 	return &azureRoundTripper{
 		tokenSource:  p.tokenSource,
 		roundTripper: rt,
 	}
 }
 type azureRoundTripper struct {
 	tokenSource  tokenSource
 	roundTripper http.RoundTripper
 }
 var _ net.RoundTripperWrapper = &azureRoundTripper{}
 func (r *azureRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
 	if len(req.Header.Get(authHeader)) != 0 {
 		return r.roundTripper.RoundTrip(req)
 	}
 	token, err := r.tokenSource.Token()
 	if err != nil {
 		klog.Errorf("Failed to acquire a token: %v", err)
 		return nil, fmt.Errorf("acquiring a token for authorization header: %v", err)
 	}
 	// clone the request in order to avoid modifying the headers of the original request
 	req2 := new(http.Request)
 	*req2 = *req
 	req2.Header = make(http.Header, len(req.Header))
 	for k, s := range req.Header {
 		req2.Header[k] = append([]string(nil), s...)
 	}
 	req2.Header.Set(authHeader, fmt.Sprintf("%s %s", tokenType, token.token.AccessToken))
 	return r.roundTripper.RoundTrip(req2)
 }
 func (r *azureRoundTripper) WrappedRoundTripper() http.RoundTripper { return r.roundTripper }
 type azureToken struct {
 	token       adal.Token
 	environment string
 	clientID    string
 	tenantID    string
 	apiserverID string
 }
 type tokenSource interface {
 	Token() (*azureToken, error)
 	Refresh(*azureToken) (*azureToken, error)
 }
 type azureTokenSource struct {
 	source     tokenSource
 	cache      *azureTokenCache
 	lock       sync.Mutex
 	configMode configMode
 	cfg        map[string]string
 	persister  restclient.AuthProviderConfigPersister
 }
 func newAzureTokenSource(source tokenSource, cache *azureTokenCache, cfg map[string]string, configMode configMode, persister restclient.AuthProviderConfigPersister) tokenSource {
 	return &azureTokenSource{
 		source:     source,
 		cache:      cache,
 		cfg:        cfg,
 		persister:  persister,
 		configMode: configMode,
 	}
 }
 // Token fetches a token from the cache of configuration if present otherwise
 // acquires a new token from the configured source. Automatically refreshes
 // the token if expired.
 func (ts *azureTokenSource) Token() (*azureToken, error) {
 	ts.lock.Lock()
 	defer ts.lock.Unlock()
 	var err error
 	token := ts.cache.getToken(azureTokenKey)
 	if token != nil && !token.token.IsExpired() {
 		return token, nil
 	}
 	// retrieve from config if no cache
 	if token == nil {
 		tokenFromCfg, err := ts.retrieveTokenFromCfg()
 		if err == nil {
 			token = tokenFromCfg
 		}
 	}
 	if token != nil {
 		// cache and return if the token is as good
 		// avoids frequent persistor calls
 		if !token.token.IsExpired() {
 			ts.cache.setToken(azureTokenKey, token)
 			return token, nil
 		}
 		klog.V(4).Info("Refreshing token.")
 		tokenFromRefresh, err := ts.Refresh(token)
 		switch {
 		case err == nil:
 			token = tokenFromRefresh
 		case autorest.IsTokenRefreshError(err):
 			klog.V(4).Infof("Failed to refresh expired token, proceed to auth: %v", err)
 			// reset token to nil so that the token source will be used to acquire new
 			token = nil
 		default:
 			return nil, fmt.Errorf("unexpected error when refreshing token: %v", err)
 		}
 	}
 	if token == nil {
 		tokenFromSource, err := ts.source.Token()
 		if err != nil {
 			return nil, fmt.Errorf("failed acquiring new token: %v", err)
 		}
 		token = tokenFromSource
 	}
 	// sanity check
 	if token == nil {
 		return nil, fmt.Errorf("unable to acquire token")
 	}
 	// corner condition, newly got token is valid but expired
 	if token.token.IsExpired() {
 		return nil, fmt.Errorf("newly acquired token is expired")
 	}
 	err = ts.storeTokenInCfg(token)
 	if err != nil {
 		return nil, fmt.Errorf("storing the refreshed token in configuration: %v", err)
 	}
 	ts.cache.setToken(azureTokenKey, token)
 	return token, nil
 }
 func (ts *azureTokenSource) retrieveTokenFromCfg() (*azureToken, error) {
 	accessToken := ts.cfg[cfgAccessToken]
 	if accessToken == "" {
 		return nil, fmt.Errorf("no access token in cfg: %s", cfgAccessToken)
 	}
 	refreshToken := ts.cfg[cfgRefreshToken]
 	if refreshToken == "" {
 		return nil, fmt.Errorf("no refresh token in cfg: %s", cfgRefreshToken)
 	}
 	environment := ts.cfg[cfgEnvironment]
 	if environment == "" {
 		return nil, fmt.Errorf("no environment in cfg: %s", cfgEnvironment)
 	}
 	clientID := ts.cfg[cfgClientID]
 	if clientID == "" {
 		return nil, fmt.Errorf("no client ID in cfg: %s", cfgClientID)
 	}
 	tenantID := ts.cfg[cfgTenantID]
 	if tenantID == "" {
 		return nil, fmt.Errorf("no tenant ID in cfg: %s", cfgTenantID)
 	}
 	resourceID := ts.cfg[cfgApiserverID]
 	if resourceID == "" {
 		return nil, fmt.Errorf("no apiserver ID in cfg: %s", cfgApiserverID)
 	}
 	expiresIn := ts.cfg[cfgExpiresIn]
 	if expiresIn == "" {
 		return nil, fmt.Errorf("no expiresIn in cfg: %s", cfgExpiresIn)
 	}
 	expiresOn := ts.cfg[cfgExpiresOn]
 	if expiresOn == "" {
 		return nil, fmt.Errorf("no expiresOn in cfg: %s", cfgExpiresOn)
 	}
 	tokenAudience := resourceID
 	if ts.configMode == configModeDefault {
 		tokenAudience = fmt.Sprintf("spn:%s", resourceID)
 	}
 	return &azureToken{
 		token: adal.Token{
 			AccessToken:  accessToken,
 			RefreshToken: refreshToken,
 			ExpiresIn:    json.Number(expiresIn),
 			ExpiresOn:    json.Number(expiresOn),
 			NotBefore:    json.Number(expiresOn),
 			Resource:     tokenAudience,
 			Type:         tokenType,
 		},
 		environment: environment,
 		clientID:    clientID,
 		tenantID:    tenantID,
 		apiserverID: resourceID,
 	}, nil
 }
 func (ts *azureTokenSource) storeTokenInCfg(token *azureToken) error {
 	newCfg := make(map[string]string)
 	newCfg[cfgAccessToken] = token.token.AccessToken
 	newCfg[cfgRefreshToken] = token.token.RefreshToken
 	newCfg[cfgEnvironment] = token.environment
 	newCfg[cfgClientID] = token.clientID
 	newCfg[cfgTenantID] = token.tenantID
 	newCfg[cfgApiserverID] = token.apiserverID
 	newCfg[cfgExpiresIn] = string(token.token.ExpiresIn)
 	newCfg[cfgExpiresOn] = string(token.token.ExpiresOn)
 	newCfg[cfgConfigMode] = strconv.Itoa(int(ts.configMode))
 	err := ts.persister.Persist(newCfg)
 	if err != nil {
 		return fmt.Errorf("persisting the configuration: %v", err)
 	}
 	ts.cfg = newCfg
 	return nil
 }
 func (ts *azureTokenSource) Refresh(token *azureToken) (*azureToken, error) {
 	return ts.source.Refresh(token)
 }
 // refresh outdated token with adal.
 func (ts *azureTokenSourceDeviceCode) Refresh(token *azureToken) (*azureToken, error) {
 	env, err := azure.EnvironmentFromName(token.environment)
 	if err != nil {
 		return nil, err
 	}
 	var oauthConfig *adal.OAuthConfig
 	if ts.configMode == configModeOmitSPNPrefix {
 		oauthConfig, err = adal.NewOAuthConfigWithAPIVersion(env.ActiveDirectoryEndpoint, token.tenantID, nil)
 		if err != nil {
 			return nil, fmt.Errorf("building the OAuth configuration without api-version for token refresh: %v", err)
 		}
 	} else {
 		oauthConfig, err = adal.NewOAuthConfig(env.ActiveDirectoryEndpoint, token.tenantID)
 		if err != nil {
 			return nil, fmt.Errorf("building the OAuth configuration for token refresh: %v", err)
 		}
 	}
 	callback := func(t adal.Token) error {
 		return nil
 	}
 	spt, err := adal.NewServicePrincipalTokenFromManualToken(
 		*oauthConfig,
 		token.clientID,
 		token.apiserverID,
 		token.token,
 		callback)
 	if err != nil {
 		return nil, fmt.Errorf("creating new service principal for token refresh: %v", err)
 	}
 	if err := spt.Refresh(); err != nil {
 		// Caller expects IsTokenRefreshError(err) to trigger prompt.
 		return nil, fmt.Errorf("refreshing token: %w", err)
 	}
 	return &azureToken{
 		token:       spt.Token(),
 		environment: token.environment,
 		clientID:    token.clientID,
 		tenantID:    token.tenantID,
 		apiserverID: token.apiserverID,
 	}, nil
 }
 type azureTokenSourceDeviceCode struct {
 	environment azure.Environment
 	clientID    string
 	tenantID    string
 	apiserverID string
 	configMode  configMode
 }
 func newAzureTokenSourceDeviceCode(environment azure.Environment, clientID string, tenantID string, apiserverID string, configMode configMode) (tokenSource, error) {
 	if clientID == "" {
 		return nil, errors.New("client-id is empty")
 	}
 	if tenantID == "" {
 		return nil, errors.New("tenant-id is empty")
 	}
 	if apiserverID == "" {
 		return nil, errors.New("apiserver-id is empty")
 	}
 	return &azureTokenSourceDeviceCode{
 		environment: environment,
 		clientID:    clientID,
 		tenantID:    tenantID,
 		apiserverID: apiserverID,
 		configMode:  configMode,
 	}, nil
 }
 func (ts *azureTokenSourceDeviceCode) Token() (*azureToken, error) {
 	var (
 		oauthConfig *adal.OAuthConfig
 		err         error
 	)
 	if ts.configMode == configModeOmitSPNPrefix {
 		oauthConfig, err = adal.NewOAuthConfigWithAPIVersion(ts.environment.ActiveDirectoryEndpoint, ts.tenantID, nil)
 		if err != nil {
 			return nil, fmt.Errorf("building the OAuth configuration without api-version for device code authentication: %v", err)
 		}
 	} else {
 		oauthConfig, err = adal.NewOAuthConfig(ts.environment.ActiveDirectoryEndpoint, ts.tenantID)
 		if err != nil {
 			return nil, fmt.Errorf("building the OAuth configuration for device code authentication: %v", err)
 		}
 	}
 	client := &autorest.Client{}
 	deviceCode, err := adal.InitiateDeviceAuth(client, *oauthConfig, ts.clientID, ts.apiserverID)
 	if err != nil {
 		return nil, fmt.Errorf("initialing the device code authentication: %v", err)
 	}
 	_, err = fmt.Fprintln(os.Stderr, *deviceCode.Message)
 	if err != nil {
 		return nil, fmt.Errorf("prompting the device code message: %v", err)
 	}
 	token, err := adal.WaitForUserCompletion(client, deviceCode)
 	if err != nil {
 		return nil, fmt.Errorf("waiting for device code authentication to complete: %v", err)
 	}
 	return &azureToken{
 		token:       *token,
 		environment: ts.environment.Name,
 		clientID:    ts.clientID,
 		tenantID:    ts.tenantID,
 		apiserverID: ts.apiserverID,
 	}, nil
 }
--- a/plugin/pkg/client/auth/azure/azure_stub.go
+++ b/plugin/pkg/client/auth/azure/azure_stub.go
@ -0,0 +1,36 @@
 /*
 Copyright 2022 The Kubernetes Authors.
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
    http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package azure
 import (
 	"errors"
 	"k8s.io/client-go/rest"
 	"k8s.io/klog/v2"
 )
 func init() {
 	if err := rest.RegisterAuthProviderPlugin("azure", newAzureAuthProvider); err != nil {
 		klog.Fatalf("Failed to register azure auth plugin: %v", err)
 	}
 }
 func newAzureAuthProvider(_ string, _ map[string]string, _ rest.AuthProviderConfigPersister) (rest.AuthProvider, error) {
 	return nil, errors.New(`The azure auth plugin has been removed.
 Please use the https://github.com/Azure/kubelogin kubectl/client-go credential plugin instead.
 See https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins for further details`)
 }
--- a/plugin/pkg/client/auth/azure/azure_test.go
+++ b/plugin/pkg/client/auth/azure/azure_test.go
@ -1,534 +0,0 @@
 /*
 Copyright 2017 The Kubernetes Authors.
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
    http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package azure
 import (
 	"encoding/json"
 	"errors"
 	"fmt"
 	"net/http"
 	"strconv"
 	"strings"
 	"sync"
 	"testing"
 	"time"
 	"github.com/Azure/go-autorest/autorest/adal"
 	"github.com/Azure/go-autorest/autorest/azure"
 )
 func TestAzureAuthProvider(t *testing.T) {
 	t.Run("validate against invalid configurations", func(t *testing.T) {
 		vectors := []struct {
 			cfg           map[string]string
 			expectedError string
 		}{
 			{
 				cfg: map[string]string{
 					cfgClientID:    "foo",
 					cfgApiserverID: "foo",
 					cfgTenantID:    "foo",
 					cfgConfigMode:  "-1",
 				},
 				expectedError: "config-mode:-1 is not a valid mode",
 			},
 			{
 				cfg: map[string]string{
 					cfgClientID:    "foo",
 					cfgApiserverID: "foo",
 					cfgTenantID:    "foo",
 					cfgConfigMode:  "2",
 				},
 				expectedError: "config-mode:2 is not a valid mode",
 			},
 			{
 				cfg: map[string]string{
 					cfgClientID:    "foo",
 					cfgApiserverID: "foo",
 					cfgTenantID:    "foo",
 					cfgConfigMode:  "foo",
 				},
 				expectedError: "failed to parse config-mode, error: strconv.Atoi: parsing \"foo\": invalid syntax",
 			},
 		}
 		for _, v := range vectors {
 			persister := &fakePersister{}
 			_, err := newAzureAuthProvider("", v.cfg, persister)
 			if !strings.Contains(err.Error(), v.expectedError) {
 				t.Errorf("cfg %v should fail with message containing '%s'. actual: '%s'", v.cfg, v.expectedError, err)
 			}
 		}
 	})
 	t.Run("it should return non-nil provider in happy cases", func(t *testing.T) {
 		vectors := []struct {
 			cfg                map[string]string
 			expectedConfigMode configMode
 		}{
 			{
 				cfg: map[string]string{
 					cfgClientID:    "foo",
 					cfgApiserverID: "foo",
 					cfgTenantID:    "foo",
 				},
 				expectedConfigMode: configModeDefault,
 			},
 			{
 				cfg: map[string]string{
 					cfgClientID:    "foo",
 					cfgApiserverID: "foo",
 					cfgTenantID:    "foo",
 					cfgConfigMode:  "0",
 				},
 				expectedConfigMode: configModeDefault,
 			},
 			{
 				cfg: map[string]string{
 					cfgClientID:    "foo",
 					cfgApiserverID: "foo",
 					cfgTenantID:    "foo",
 					cfgConfigMode:  "1",
 				},
 				expectedConfigMode: configModeOmitSPNPrefix,
 			},
 		}
 		for _, v := range vectors {
 			persister := &fakePersister{}
 			provider, err := newAzureAuthProvider("", v.cfg, persister)
 			if err != nil {
 				t.Errorf("newAzureAuthProvider should not fail with '%s'", err)
 			}
 			if provider == nil {
 				t.Fatalf("newAzureAuthProvider should return non-nil provider")
 			}
 			azureProvider := provider.(*azureAuthProvider)
 			if azureProvider == nil {
 				t.Fatalf("newAzureAuthProvider should return an instance of type azureAuthProvider")
 			}
 			ts := azureProvider.tokenSource.(*azureTokenSource)
 			if ts == nil {
 				t.Fatalf("azureAuthProvider should be an instance of azureTokenSource")
 			}
 			if ts.configMode != v.expectedConfigMode {
 				t.Errorf("expected configMode: %d, actual: %d", v.expectedConfigMode, ts.configMode)
 			}
 		}
 	})
 }
 func TestTokenSourceDeviceCode(t *testing.T) {
 	var (
 		clientID    = "clientID"
 		tenantID    = "tenantID"
 		apiserverID = "apiserverID"
 		configMode  = configModeDefault
 		azureEnv    = azure.Environment{}
 	)
 	t.Run("validate to create azureTokenSourceDeviceCode", func(t *testing.T) {
 		if _, err := newAzureTokenSourceDeviceCode(azureEnv, clientID, tenantID, apiserverID, configModeDefault); err != nil {
 			t.Errorf("newAzureTokenSourceDeviceCode should not have failed. err: %s", err)
 		}
 		if _, err := newAzureTokenSourceDeviceCode(azureEnv, clientID, tenantID, apiserverID, configModeOmitSPNPrefix); err != nil {
 			t.Errorf("newAzureTokenSourceDeviceCode should not have failed. err: %s", err)
 		}
 		_, err := newAzureTokenSourceDeviceCode(azureEnv, "", tenantID, apiserverID, configMode)
 		actual := "client-id is empty"
 		if err.Error() != actual {
 			t.Errorf("newAzureTokenSourceDeviceCode should have failed. expected: %s, actual: %s", actual, err)
 		}
 		_, err = newAzureTokenSourceDeviceCode(azureEnv, clientID, "", apiserverID, configMode)
 		actual = "tenant-id is empty"
 		if err.Error() != actual {
 			t.Errorf("newAzureTokenSourceDeviceCode should have failed. expected: %s, actual: %s", actual, err)
 		}
 		_, err = newAzureTokenSourceDeviceCode(azureEnv, clientID, tenantID, "", configMode)
 		actual = "apiserver-id is empty"
 		if err.Error() != actual {
 			t.Errorf("newAzureTokenSourceDeviceCode should have failed. expected: %s, actual: %s", actual, err)
 		}
 	})
 }
 func TestAzureTokenSource(t *testing.T) {
 	configModes := []configMode{configModeOmitSPNPrefix, configModeDefault}
 	expectedConfigModes := []string{"1", "0"}
 	for i, configMode := range configModes {
 		t.Run(fmt.Sprintf("validate token from cfg with configMode %v", configMode), func(t *testing.T) {
 			const (
 				serverID     = "fakeServerID"
 				clientID     = "fakeClientID"
 				tenantID     = "fakeTenantID"
 				accessToken  = "fakeToken"
 				environment  = "fakeEnvironment"
 				refreshToken = "fakeToken"
 				expiresIn    = "foo"
 				expiresOn    = "foo"
 			)
 			cfg := map[string]string{
 				cfgConfigMode:   strconv.Itoa(int(configMode)),
 				cfgApiserverID:  serverID,
 				cfgClientID:     clientID,
 				cfgTenantID:     tenantID,
 				cfgEnvironment:  environment,
 				cfgAccessToken:  accessToken,
 				cfgRefreshToken: refreshToken,
 				cfgExpiresIn:    expiresIn,
 				cfgExpiresOn:    expiresOn,
 			}
 			fakeSource := fakeTokenSource{token: newFakeAzureToken("fakeToken", time.Now().Add(3600*time.Second))}
 			persiter := &fakePersister{cache: make(map[string]string)}
 			tokenCache := newAzureTokenCache()
 			tokenSource := newAzureTokenSource(&fakeSource, tokenCache, cfg, configMode, persiter)
 			azTokenSource := tokenSource.(*azureTokenSource)
 			token, err := azTokenSource.retrieveTokenFromCfg()
 			if err != nil {
 				t.Errorf("failed to retrieve the token form cfg: %s", err)
 			}
 			if token.apiserverID != serverID {
 				t.Errorf("expecting token.apiserverID: %s, actual: %s", serverID, token.apiserverID)
 			}
 			if token.clientID != clientID {
 				t.Errorf("expecting token.clientID: %s, actual: %s", clientID, token.clientID)
 			}
 			if token.tenantID != tenantID {
 				t.Errorf("expecting token.tenantID: %s, actual: %s", tenantID, token.tenantID)
 			}
 			expectedAudience := serverID
 			if configMode == configModeDefault {
 				expectedAudience = fmt.Sprintf("spn:%s", serverID)
 			}
 			if token.token.Resource != expectedAudience {
 				t.Errorf("expecting adal token.Resource: %s, actual: %s", expectedAudience, token.token.Resource)
 			}
 		})
 		t.Run("validate token against cache", func(t *testing.T) {
 			fakeAccessToken := "fake token 1"
 			fakeSource := fakeTokenSource{token: newFakeAzureToken(fakeAccessToken, time.Now().Add(3600*time.Second))}
 			cfg := make(map[string]string)
 			persiter := &fakePersister{cache: make(map[string]string)}
 			tokenCache := newAzureTokenCache()
 			tokenSource := newAzureTokenSource(&fakeSource, tokenCache, cfg, configMode, persiter)
 			token, err := tokenSource.Token()
 			if err != nil {
 				t.Errorf("failed to retrieve the token form cache: %v", err)
 			}
 			wantCacheLen := 1
 			if len(tokenCache.cache) != wantCacheLen {
 				t.Errorf("Token() cache length error: got %v, want %v", len(tokenCache.cache), wantCacheLen)
 			}
 			if token != tokenCache.cache[azureTokenKey] {
 				t.Error("Token() returned token != cached token")
 			}
 			wantCfg := token2Cfg(token)
 			wantCfg[cfgConfigMode] = expectedConfigModes[i]
 			persistedCfg := persiter.Cache()
 			wantCfgLen := len(wantCfg)
 			persistedCfgLen := len(persistedCfg)
 			if wantCfgLen != persistedCfgLen {
 				t.Errorf("wantCfgLen and persistedCfgLen do not match, wantCfgLen=%v, persistedCfgLen=%v", wantCfgLen, persistedCfgLen)
 			}
 			for k, v := range persistedCfg {
 				if strings.Compare(v, wantCfg[k]) != 0 {
 					t.Errorf("Token() persisted cfg %s: got %v, want %v", k, v, wantCfg[k])
 				}
 			}
 			fakeSource.token = newFakeAzureToken("fake token 2", time.Now().Add(3600*time.Second))
 			token, err = tokenSource.Token()
 			if err != nil {
 				t.Errorf("failed to retrieve the cached token: %v", err)
 			}
 			if token.token.AccessToken != fakeAccessToken {
 				t.Errorf("Token() didn't return the cached token")
 			}
 		})
 	}
 }
 func TestAzureTokenSourceScenarios(t *testing.T) {
 	expiredToken := newFakeAzureToken("expired token", time.Now().Add(-time.Second))
 	extendedToken := newFakeAzureToken("extend token", time.Now().Add(1000*time.Second))
 	fakeToken := newFakeAzureToken("fake token", time.Now().Add(1000*time.Second))
 	wrongToken := newFakeAzureToken("wrong token", time.Now().Add(1000*time.Second))
 	tests := []struct {
 		name         string
 		sourceToken  *azureToken
 		refreshToken *azureToken
 		cachedToken  *azureToken
 		configToken  *azureToken
 		expectToken  *azureToken
 		tokenErr     error
 		refreshErr   error
 		expectErr    string
 		tokenCalls   uint
 		refreshCalls uint
 		persistCalls uint
 	}{
 		{
 			name:         "new config",
 			sourceToken:  fakeToken,
 			expectToken:  fakeToken,
 			tokenCalls:   1,
 			persistCalls: 1,
 		},
 		{
 			name:        "load token from cache",
 			sourceToken: wrongToken,
 			cachedToken: fakeToken,
 			configToken: wrongToken,
 			expectToken: fakeToken,
 		},
 		{
 			name:        "load token from config",
 			sourceToken: wrongToken,
 			configToken: fakeToken,
 			expectToken: fakeToken,
 		},
 		{
 			name:         "cached token timeout, extend success, config token should never load",
 			cachedToken:  expiredToken,
 			refreshToken: extendedToken,
 			configToken:  wrongToken,
 			expectToken:  extendedToken,
 			refreshCalls: 1,
 			persistCalls: 1,
 		},
 		{
 			name:         "config token timeout, extend failure, acquire new token",
 			configToken:  expiredToken,
 			refreshErr:   fakeTokenRefreshError{message: "FakeError happened when refreshing"},
 			sourceToken:  fakeToken,
 			expectToken:  fakeToken,
 			refreshCalls: 1,
 			tokenCalls:   1,
 			persistCalls: 1,
 		},
 		{
 			name:         "extend failure with fmt.Errorf nested tokenRefreshError",
 			configToken:  expiredToken,
 			refreshErr:   fmt.Errorf("refreshing token: %w", fakeTokenRefreshError{message: "nested FakeError happened when refreshing"}),
 			sourceToken:  fakeToken,
 			expectToken:  fakeToken,
 			refreshCalls: 1,
 			tokenCalls:   1,
 			persistCalls: 1,
 		},
 		{
 			name:         "unexpected error when extend",
 			configToken:  expiredToken,
 			refreshErr:   errors.New("unexpected refresh error"),
 			sourceToken:  fakeToken,
 			expectErr:    "unexpected refresh error",
 			refreshCalls: 1,
 		},
 		{
 			name:       "token error",
 			tokenErr:   errors.New("tokenerr"),
 			expectErr:  "tokenerr",
 			tokenCalls: 1,
 		},
 		{
 			name:        "Token() got expired token",
 			sourceToken: expiredToken,
 			expectErr:   "newly acquired token is expired",
 			tokenCalls:  1,
 		},
 		{
 			name:        "Token() got nil but no error",
 			sourceToken: nil,
 			expectErr:   "unable to acquire token",
 			tokenCalls:  1,
 		},
 	}
 	for _, tc := range tests {
 		configModes := []configMode{configModeOmitSPNPrefix, configModeDefault}
 		for _, configMode := range configModes {
 			t.Run(fmt.Sprintf("%s with configMode: %v", tc.name, configMode), func(t *testing.T) {
 				persister := newFakePersister()
 				cfg := map[string]string{
 					cfgConfigMode: strconv.Itoa(int(configMode)),
 				}
 				if tc.configToken != nil {
 					cfg = token2Cfg(tc.configToken)
 				}
 				tokenCache := newAzureTokenCache()
 				if tc.cachedToken != nil {
 					tokenCache.setToken(azureTokenKey, tc.cachedToken)
 				}
 				fakeSource := fakeTokenSource{
 					token:        tc.sourceToken,
 					tokenErr:     tc.tokenErr,
 					refreshToken: tc.refreshToken,
 					refreshErr:   tc.refreshErr,
 				}
 				tokenSource := newAzureTokenSource(&fakeSource, tokenCache, cfg, configMode, &persister)
 				token, err := tokenSource.Token()
 				if token != nil && fakeSource.token != nil && token.apiserverID != fakeSource.token.apiserverID {
 					t.Errorf("expecting apiservierID: %s, got: %s", fakeSource.token.apiserverID, token.apiserverID)
 				}
 				if fakeSource.tokenCalls != tc.tokenCalls {
 					t.Errorf("expecting tokenCalls: %v, got: %v", tc.tokenCalls, fakeSource.tokenCalls)
 				}
 				if fakeSource.refreshCalls != tc.refreshCalls {
 					t.Errorf("expecting refreshCalls: %v, got: %v", tc.refreshCalls, fakeSource.refreshCalls)
 				}
 				if persister.calls != tc.persistCalls {
 					t.Errorf("expecting persister calls: %v, got: %v", tc.persistCalls, persister.calls)
 				}
 				if tc.expectErr != "" {
 					if !strings.Contains(err.Error(), tc.expectErr) {
 						t.Errorf("expecting error %v, got %v", tc.expectErr, err)
 					}
 					if token != nil {
 						t.Errorf("token should be nil in err situation, got %v", token)
 					}
 				} else {
 					if err != nil {
 						t.Fatalf("error should be nil, got %v", err)
 					}
 					if token.token.AccessToken != tc.expectToken.token.AccessToken {
 						t.Errorf("token should have accessToken %v, got %v", token.token.AccessToken, tc.expectToken.token.AccessToken)
 					}
 				}
 			})
 		}
 	}
 }
 type fakePersister struct {
 	lock  sync.Mutex
 	cache map[string]string
 	calls uint
 }
 func newFakePersister() fakePersister {
 	return fakePersister{cache: make(map[string]string), calls: 0}
 }
 func (p *fakePersister) Persist(cache map[string]string) error {
 	p.lock.Lock()
 	defer p.lock.Unlock()
 	p.calls++
 	p.cache = map[string]string{}
 	for k, v := range cache {
 		p.cache[k] = v
 	}
 	return nil
 }
 func (p *fakePersister) Cache() map[string]string {
 	ret := map[string]string{}
 	p.lock.Lock()
 	defer p.lock.Unlock()
 	for k, v := range p.cache {
 		ret[k] = v
 	}
 	return ret
 }
 // a simple token source simply always returns the token property
 type fakeTokenSource struct {
 	token        *azureToken
 	tokenCalls   uint
 	tokenErr     error
 	refreshToken *azureToken
 	refreshCalls uint
 	refreshErr   error
 }
 func (ts *fakeTokenSource) Token() (*azureToken, error) {
 	ts.tokenCalls++
 	return ts.token, ts.tokenErr
 }
 func (ts *fakeTokenSource) Refresh(*azureToken) (*azureToken, error) {
 	ts.refreshCalls++
 	return ts.refreshToken, ts.refreshErr
 }
 func token2Cfg(token *azureToken) map[string]string {
 	cfg := make(map[string]string)
 	cfg[cfgAccessToken] = token.token.AccessToken
 	cfg[cfgRefreshToken] = token.token.RefreshToken
 	cfg[cfgEnvironment] = token.environment
 	cfg[cfgClientID] = token.clientID
 	cfg[cfgTenantID] = token.tenantID
 	cfg[cfgApiserverID] = token.apiserverID
 	cfg[cfgExpiresIn] = string(token.token.ExpiresIn)
 	cfg[cfgExpiresOn] = string(token.token.ExpiresOn)
 	return cfg
 }
 func newFakeAzureToken(accessToken string, expiresOnTime time.Time) *azureToken {
 	return &azureToken{
 		token:       newFakeADALToken(accessToken, strconv.FormatInt(expiresOnTime.Unix(), 10)),
 		environment: "testenv",
 		clientID:    "fake",
 		tenantID:    "fake",
 		apiserverID: "fake",
 	}
 }
 func newFakeADALToken(accessToken string, expiresOn string) adal.Token {
 	return adal.Token{
 		AccessToken:  accessToken,
 		RefreshToken: "fake",
 		ExpiresIn:    "3600",
 		ExpiresOn:    json.Number(expiresOn),
 		NotBefore:    json.Number(expiresOn),
 		Resource:     "fake",
 		Type:         "fake",
 	}
 }
 // copied from go-autorest/adal
 type fakeTokenRefreshError struct {
 	message string
 	resp    *http.Response
 }
 // Error implements the error interface which is part of the TokenRefreshError interface.
 func (tre fakeTokenRefreshError) Error() string {
 	return tre.message
 }
 // Response implements the TokenRefreshError interface, it returns the raw HTTP response from the refresh operation.
 func (tre fakeTokenRefreshError) Response() *http.Response {
 	return tre.resp
 }
--- a/plugin/pkg/client/auth/gcp/OWNERS
+++ b/plugin/pkg/client/auth/gcp/OWNERS
@ -1,8 +0,0 @@
 # See the OWNERS docs at https://go.k8s.io/owners
 approvers:
  - cjcullen
 reviewers:
  - cjcullen
 emeritus_approvers:
  - jlowdermilk
--- a/plugin/pkg/client/auth/gcp/gcp.go
+++ b/plugin/pkg/client/auth/gcp/gcp.go
@ -1,389 +0,0 @@
 /*
 Copyright 2016 The Kubernetes Authors.
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
    http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package gcp
 import (
 	"bytes"
 	"context"
 	"encoding/json"
 	"fmt"
 	"net/http"
 	"os/exec"
 	"strings"
 	"sync"
 	"time"
 	"golang.org/x/oauth2"
 	"golang.org/x/oauth2/google"
 	"k8s.io/apimachinery/pkg/util/net"
 	"k8s.io/apimachinery/pkg/util/yaml"
 	restclient "k8s.io/client-go/rest"
 	"k8s.io/client-go/util/jsonpath"
 	"k8s.io/klog/v2"
 )
 func init() {
 	if err := restclient.RegisterAuthProviderPlugin("gcp", newGCPAuthProvider); err != nil {
 		klog.Fatalf("Failed to register gcp auth plugin: %v", err)
 	}
 }
 var (
 	// Stubbable for testing
 	execCommand = exec.Command
 	// defaultScopes:
 	// - cloud-platform is the base scope to authenticate to GCP.
 	// - userinfo.email is used to authenticate to GKE APIs with gserviceaccount
 	//   email instead of numeric uniqueID.
 	defaultScopes = []string{
 		"https://www.googleapis.com/auth/cloud-platform",
 		"https://www.googleapis.com/auth/userinfo.email"}
 )
 // gcpAuthProvider is an auth provider plugin that uses GCP credentials to provide
 // tokens for kubectl to authenticate itself to the apiserver. A sample json config
 // is provided below with all recognized options described.
 //
 //	{
 //	  'auth-provider': {
 //	    # Required
 //	    "name": "gcp",
 //
 //	    'config': {
 //	      # Authentication options
 //	      # These options are used while getting a token.
 //
 //	      # comma-separated list of GCP API scopes. default value of this field
 //	      # is "https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/userinfo.email".
 //			 # to override the API scopes, specify this field explicitly.
 //	      "scopes": "https://www.googleapis.com/auth/cloud-platform"
 //
 //	      # Caching options
 //
 //	      # Raw string data representing cached access token.
 //	      "access-token": "ya29.CjWdA4GiBPTt",
 //	      # RFC3339Nano expiration timestamp for cached access token.
 //	      "expiry": "2016-10-31 22:31:9.123",
 //
 //	      # Command execution options
 //	      # These options direct the plugin to execute a specified command and parse
 //	      # token and expiry time from the output of the command.
 //
 //	      # Command to execute for access token. Command output will be parsed as JSON.
 //	      # If "cmd-args" is not present, this value will be split on whitespace, with
 //	      # the first element interpreted as the command, remaining elements as args.
 //	      "cmd-path": "/usr/bin/gcloud",
 //
 //	      # Arguments to pass to command to execute for access token.
 //	      "cmd-args": "config config-helper --output=json"
 //
 //	      # JSONPath to the string field that represents the access token in
 //	      # command output. If omitted, defaults to "{.access_token}".
 //	      "token-key": "{.credential.access_token}",
 //
 //	      # JSONPath to the string field that represents expiration timestamp
 //	      # of the access token in the command output. If omitted, defaults to
 //	      # "{.token_expiry}"
 //	      "expiry-key": ""{.credential.token_expiry}",
 //
 //	      # golang reference time in the format that the expiration timestamp uses.
 //	      # If omitted, defaults to time.RFC3339Nano
 //	      "time-fmt": "2006-01-02 15:04:05.999999999"
 //	    }
 //	  }
 //	}
 type gcpAuthProvider struct {
 	tokenSource oauth2.TokenSource
 	persister   restclient.AuthProviderConfigPersister
 }
 var warnOnce sync.Once
 func newGCPAuthProvider(_ string, gcpConfig map[string]string, persister restclient.AuthProviderConfigPersister) (restclient.AuthProvider, error) {
 	warnOnce.Do(func() {
 		klog.Warningf(`WARNING: the gcp auth plugin is deprecated in v1.22+, unavailable in v1.26+; use gcloud instead.
 To learn more, consult https://cloud.google.com/blog/products/containers-kubernetes/kubectl-auth-changes-in-gke`)
 	})
 	ts, err := tokenSource(isCmdTokenSource(gcpConfig), gcpConfig)
 	if err != nil {
 		return nil, err
 	}
 	cts, err := newCachedTokenSource(gcpConfig["access-token"], gcpConfig["expiry"], persister, ts, gcpConfig)
 	if err != nil {
 		return nil, err
 	}
 	return &gcpAuthProvider{cts, persister}, nil
 }
 func isCmdTokenSource(gcpConfig map[string]string) bool {
 	_, ok := gcpConfig["cmd-path"]
 	return ok
 }
 func tokenSource(isCmd bool, gcpConfig map[string]string) (oauth2.TokenSource, error) {
 	// Command-based token source
 	if isCmd {
 		cmd := gcpConfig["cmd-path"]
 		if len(cmd) == 0 {
 			return nil, fmt.Errorf("missing access token cmd")
 		}
 		if gcpConfig["scopes"] != "" {
 			return nil, fmt.Errorf("scopes can only be used when kubectl is using a gcp service account key")
 		}
 		var args []string
 		if cmdArgs, ok := gcpConfig["cmd-args"]; ok {
 			args = strings.Fields(cmdArgs)
 		} else {
 			fields := strings.Fields(cmd)
 			cmd = fields[0]
 			args = fields[1:]
 		}
 		return newCmdTokenSource(cmd, args, gcpConfig["token-key"], gcpConfig["expiry-key"], gcpConfig["time-fmt"]), nil
 	}
 	// Google Application Credentials-based token source
 	scopes := parseScopes(gcpConfig)
 	ts, err := google.DefaultTokenSource(context.Background(), scopes...)
 	if err != nil {
 		return nil, fmt.Errorf("cannot construct google default token source: %v", err)
 	}
 	return ts, nil
 }
 // parseScopes constructs a list of scopes that should be included in token source
 // from the config map.
 func parseScopes(gcpConfig map[string]string) []string {
 	scopes, ok := gcpConfig["scopes"]
 	if !ok {
 		return defaultScopes
 	}
 	if scopes == "" {
 		return []string{}
 	}
 	return strings.Split(gcpConfig["scopes"], ",")
 }
 func (g *gcpAuthProvider) WrapTransport(rt http.RoundTripper) http.RoundTripper {
 	var resetCache map[string]string
 	if cts, ok := g.tokenSource.(*cachedTokenSource); ok {
 		resetCache = cts.baseCache()
 	} else {
 		resetCache = make(map[string]string)
 	}
 	return &conditionalTransport{&oauth2.Transport{Source: g.tokenSource, Base: rt}, g.persister, resetCache}
 }
 func (g *gcpAuthProvider) Login() error { return nil }
 type cachedTokenSource struct {
 	lk          sync.Mutex
 	source      oauth2.TokenSource
 	accessToken string `datapolicy:"token"`
 	expiry      time.Time
 	persister   restclient.AuthProviderConfigPersister
 	cache       map[string]string
 }
 func newCachedTokenSource(accessToken, expiry string, persister restclient.AuthProviderConfigPersister, ts oauth2.TokenSource, cache map[string]string) (*cachedTokenSource, error) {
 	var expiryTime time.Time
 	if parsedTime, err := time.Parse(time.RFC3339Nano, expiry); err == nil {
 		expiryTime = parsedTime
 	}
 	if cache == nil {
 		cache = make(map[string]string)
 	}
 	return &cachedTokenSource{
 		source:      ts,
 		accessToken: accessToken,
 		expiry:      expiryTime,
 		persister:   persister,
 		cache:       cache,
 	}, nil
 }
 func (t *cachedTokenSource) Token() (*oauth2.Token, error) {
 	tok := t.cachedToken()
 	if tok.Valid() && !tok.Expiry.IsZero() {
 		return tok, nil
 	}
 	tok, err := t.source.Token()
 	if err != nil {
 		return nil, err
 	}
 	cache := t.update(tok)
 	if t.persister != nil {
 		if err := t.persister.Persist(cache); err != nil {
 			klog.V(4).Infof("Failed to persist token: %v", err)
 		}
 	}
 	return tok, nil
 }
 func (t *cachedTokenSource) cachedToken() *oauth2.Token {
 	t.lk.Lock()
 	defer t.lk.Unlock()
 	return &oauth2.Token{
 		AccessToken: t.accessToken,
 		TokenType:   "Bearer",
 		Expiry:      t.expiry,
 	}
 }
 func (t *cachedTokenSource) update(tok *oauth2.Token) map[string]string {
 	t.lk.Lock()
 	defer t.lk.Unlock()
 	t.accessToken = tok.AccessToken
 	t.expiry = tok.Expiry
 	ret := map[string]string{}
 	for k, v := range t.cache {
 		ret[k] = v
 	}
 	ret["access-token"] = t.accessToken
 	ret["expiry"] = t.expiry.Format(time.RFC3339Nano)
 	return ret
 }
 // baseCache is the base configuration value for this TokenSource, without any cached ephemeral tokens.
 func (t *cachedTokenSource) baseCache() map[string]string {
 	t.lk.Lock()
 	defer t.lk.Unlock()
 	ret := map[string]string{}
 	for k, v := range t.cache {
 		ret[k] = v
 	}
 	delete(ret, "access-token")
 	delete(ret, "expiry")
 	return ret
 }
 type commandTokenSource struct {
 	cmd       string
 	args      []string
 	tokenKey  string `datapolicy:"token"`
 	expiryKey string `datapolicy:"secret-key"`
 	timeFmt   string
 }
 func newCmdTokenSource(cmd string, args []string, tokenKey, expiryKey, timeFmt string) *commandTokenSource {
 	if len(timeFmt) == 0 {
 		timeFmt = time.RFC3339Nano
 	}
 	if len(tokenKey) == 0 {
 		tokenKey = "{.access_token}"
 	}
 	if len(expiryKey) == 0 {
 		expiryKey = "{.token_expiry}"
 	}
 	return &commandTokenSource{
 		cmd:       cmd,
 		args:      args,
 		tokenKey:  tokenKey,
 		expiryKey: expiryKey,
 		timeFmt:   timeFmt,
 	}
 }
 func (c *commandTokenSource) Token() (*oauth2.Token, error) {
 	fullCmd := strings.Join(append([]string{c.cmd}, c.args...), " ")
 	cmd := execCommand(c.cmd, c.args...)
 	var stderr bytes.Buffer
 	cmd.Stderr = &stderr
 	output, err := cmd.Output()
 	if err != nil {
 		return nil, fmt.Errorf("error executing access token command %q: err=%v output=%s stderr=%s", fullCmd, err, output, string(stderr.Bytes()))
 	}
 	token, err := c.parseTokenCmdOutput(output)
 	if err != nil {
 		return nil, fmt.Errorf("error parsing output for access token command %q: %v", fullCmd, err)
 	}
 	return token, nil
 }
 func (c *commandTokenSource) parseTokenCmdOutput(output []byte) (*oauth2.Token, error) {
 	output, err := yaml.ToJSON(output)
 	if err != nil {
 		return nil, err
 	}
 	var data interface{}
 	if err := json.Unmarshal(output, &data); err != nil {
 		return nil, err
 	}
 	accessToken, err := parseJSONPath(data, "token-key", c.tokenKey)
 	if err != nil {
 		return nil, fmt.Errorf("error parsing token-key %q from %q: %v", c.tokenKey, string(output), err)
 	}
 	expiryStr, err := parseJSONPath(data, "expiry-key", c.expiryKey)
 	if err != nil {
 		return nil, fmt.Errorf("error parsing expiry-key %q from %q: %v", c.expiryKey, string(output), err)
 	}
 	var expiry time.Time
 	if t, err := time.Parse(c.timeFmt, expiryStr); err != nil {
 		klog.V(4).Infof("Failed to parse token expiry from %s (fmt=%s): %v", expiryStr, c.timeFmt, err)
 	} else {
 		expiry = t
 	}
 	return &oauth2.Token{
 		AccessToken: accessToken,
 		TokenType:   "Bearer",
 		Expiry:      expiry,
 	}, nil
 }
 func parseJSONPath(input interface{}, name, template string) (string, error) {
 	j := jsonpath.New(name)
 	buf := new(bytes.Buffer)
 	if err := j.Parse(template); err != nil {
 		return "", err
 	}
 	if err := j.Execute(buf, input); err != nil {
 		return "", err
 	}
 	return buf.String(), nil
 }
 type conditionalTransport struct {
 	oauthTransport *oauth2.Transport
 	persister      restclient.AuthProviderConfigPersister
 	resetCache     map[string]string
 }
 var _ net.RoundTripperWrapper = &conditionalTransport{}
 func (t *conditionalTransport) RoundTrip(req *http.Request) (*http.Response, error) {
 	if len(req.Header.Get("Authorization")) != 0 {
 		return t.oauthTransport.Base.RoundTrip(req)
 	}
 	res, err := t.oauthTransport.RoundTrip(req)
 	if err != nil {
 		return nil, err
 	}
 	if res.StatusCode == 401 {
 		klog.V(4).Infof("The credentials that were supplied are invalid for the target cluster")
 		t.persister.Persist(t.resetCache)
 	}
 	return res, nil
 }
 func (t *conditionalTransport) WrappedRoundTripper() http.RoundTripper { return t.oauthTransport.Base }
--- a/plugin/pkg/client/auth/gcp/gcp_stub.go
+++ b/plugin/pkg/client/auth/gcp/gcp_stub.go
@ -0,0 +1,36 @@
 /*
 Copyright 2022 The Kubernetes Authors.
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
    http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package gcp
 import (
 	"errors"
 	"k8s.io/client-go/rest"
 	"k8s.io/klog/v2"
 )
 func init() {
 	if err := rest.RegisterAuthProviderPlugin("gcp", newGCPAuthProvider); err != nil {
 		klog.Fatalf("Failed to register gcp auth plugin: %v", err)
 	}
 }
 func newGCPAuthProvider(_ string, _ map[string]string, _ rest.AuthProviderConfigPersister) (rest.AuthProvider, error) {
 	return nil, errors.New(`The gcp auth plugin has been removed.
 Please use the "gke-gcloud-auth-plugin" kubectl/client-go credential plugin instead.
 See https://cloud.google.com/blog/products/containers-kubernetes/kubectl-auth-changes-in-gke for further details`)
 }
--- a/plugin/pkg/client/auth/gcp/gcp_test.go
+++ b/plugin/pkg/client/auth/gcp/gcp_test.go
@ -1,527 +0,0 @@
 /*
 Copyright 2016 The Kubernetes Authors.
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
    http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package gcp
 import (
 	"fmt"
 	"io/ioutil"
 	"net/http"
 	"os"
 	"os/exec"
 	"reflect"
 	"strings"
 	"sync"
 	"testing"
 	"time"
 	"golang.org/x/oauth2"
 )
 type fakeOutput struct {
 	args   []string
 	output string
 }
 var (
 	wantCmd []string
 	// Output for fakeExec, keyed by command
 	execOutputs = map[string]fakeOutput{
 		"/default/no/args": {
 			args: []string{},
 			output: `{
  "access_token": "faketoken",
  "token_expiry": "2016-10-31T22:31:09.123000000Z"
 }`},
 		"/default/legacy/args": {
 			args: []string{"arg1", "arg2", "arg3"},
 			output: `{
  "access_token": "faketoken",
  "token_expiry": "2016-10-31T22:31:09.123000000Z"
 }`},
 		"/space in path/customkeys": {
 			args: []string{"can", "haz", "auth"},
 			output: `{
  "token": "faketoken",
  "token_expiry": {
    "datetime": "2016-10-31 22:31:09.123"
  }
 }`},
 		"missing/tokenkey/noargs": {
 			args: []string{},
 			output: `{
  "broken": "faketoken",
  "token_expiry": {
    "datetime": "2016-10-31 22:31:09.123000000Z"
  }
 }`},
 		"missing/expirykey/legacyargs": {
 			args: []string{"split", "on", "whitespace"},
 			output: `{
  "access_token": "faketoken",
  "expires": "2016-10-31T22:31:09.123000000Z"
 }`},
 		"invalid expiry/timestamp": {
 			args: []string{"foo", "--bar", "--baz=abc,def"},
 			output: `{
  "access_token": "faketoken",
  "token_expiry": "sometime soon, idk"
 }`},
 		"badjson": {
 			args: []string{},
 			output: `{
  "access_token": "faketoken",
  "token_expiry": "sometime soon, idk"
  ------
 `},
 	}
 )
 func fakeExec(command string, args ...string) *exec.Cmd {
 	cs := []string{"-test.run=TestHelperProcess", "--", command}
 	cs = append(cs, args...)
 	cmd := exec.Command(os.Args[0], cs...)
 	cmd.Env = []string{"GO_WANT_HELPER_PROCESS=1"}
 	return cmd
 }
 func TestHelperProcess(t *testing.T) {
 	if os.Getenv("GO_WANT_HELPER_PROCESS") != "1" {
 		return
 	}
 	// Strip out the leading args used to exec into this function.
 	gotCmd := os.Args[3]
 	gotArgs := os.Args[4:]
 	output, ok := execOutputs[gotCmd]
 	if !ok {
 		fmt.Fprintf(os.Stdout, "unexpected call cmd=%q args=%v\n", gotCmd, gotArgs)
 		os.Exit(1)
 	} else if !reflect.DeepEqual(output.args, gotArgs) {
 		fmt.Fprintf(os.Stdout, "call cmd=%q got args %v, want: %v\n", gotCmd, gotArgs, output.args)
 		os.Exit(1)
 	}
 	fmt.Fprintf(os.Stdout, output.output)
 	os.Exit(0)
 }
 func Test_isCmdTokenSource(t *testing.T) {
 	c1 := map[string]string{"cmd-path": "foo"}
 	if v := isCmdTokenSource(c1); !v {
 		t.Fatalf("cmd-path present in config (%+v), but got %v", c1, v)
 	}
 	c2 := map[string]string{"cmd-args": "foo bar"}
 	if v := isCmdTokenSource(c2); v {
 		t.Fatalf("cmd-path not present in config (%+v), but got %v", c2, v)
 	}
 }
 func Test_tokenSource_cmd(t *testing.T) {
 	if _, err := tokenSource(true, map[string]string{}); err == nil {
 		t.Fatalf("expected error, cmd-args not present in config")
 	}
 	c := map[string]string{
 		"cmd-path": "foo",
 		"cmd-args": "bar"}
 	ts, err := tokenSource(true, c)
 	if err != nil {
 		t.Fatalf("failed to return cmd token source: %+v", err)
 	}
 	if ts == nil {
 		t.Fatal("returned nil token source")
 	}
 	if _, ok := ts.(*commandTokenSource); !ok {
 		t.Fatalf("returned token source type:(%T) expected:(*commandTokenSource)", ts)
 	}
 }
 func Test_tokenSource_cmdCannotBeUsedWithScopes(t *testing.T) {
 	c := map[string]string{
 		"cmd-path": "foo",
 		"scopes":   "A,B"}
 	if _, err := tokenSource(true, c); err == nil {
 		t.Fatal("expected error when scopes is used with cmd-path")
 	}
 }
 func Test_tokenSource_applicationDefaultCredentials_fails(t *testing.T) {
 	// try to use empty ADC file
 	fakeTokenFile, err := ioutil.TempFile("", "adctoken")
 	if err != nil {
 		t.Fatalf("failed to create fake token file: +%v", err)
 	}
 	fakeTokenFile.Close()
 	defer os.Remove(fakeTokenFile.Name())
 	os.Setenv("GOOGLE_APPLICATION_CREDENTIALS", fakeTokenFile.Name())
 	defer os.Unsetenv("GOOGLE_APPLICATION_CREDENTIALS")
 	if _, err := tokenSource(false, map[string]string{}); err == nil {
 		t.Fatalf("expected error because specified ADC token file is not a JSON")
 	}
 }
 func Test_tokenSource_applicationDefaultCredentials(t *testing.T) {
 	fakeTokenFile, err := ioutil.TempFile("", "adctoken")
 	if err != nil {
 		t.Fatalf("failed to create fake token file: +%v", err)
 	}
 	fakeTokenFile.Close()
 	defer os.Remove(fakeTokenFile.Name())
 	if err := ioutil.WriteFile(fakeTokenFile.Name(), []byte(`{"type":"service_account"}`), 0600); err != nil {
 		t.Fatalf("failed to write to fake token file: %+v", err)
 	}
 	os.Setenv("GOOGLE_APPLICATION_CREDENTIALS", fakeTokenFile.Name())
 	defer os.Unsetenv("GOOGLE_APPLICATION_CREDENTIALS")
 	ts, err := tokenSource(false, map[string]string{})
 	if err != nil {
 		t.Fatalf("failed to get a token source: %+v", err)
 	}
 	if ts == nil {
 		t.Fatal("returned nil token source")
 	}
 }
 func Test_parseScopes(t *testing.T) {
 	cases := []struct {
 		in  map[string]string
 		out []string
 	}{
 		{
 			map[string]string{},
 			[]string{
 				"https://www.googleapis.com/auth/cloud-platform",
 				"https://www.googleapis.com/auth/userinfo.email"},
 		},
 		{
 			map[string]string{"scopes": ""},
 			[]string{},
 		},
 		{
 			map[string]string{"scopes": "A,B,C"},
 			[]string{"A", "B", "C"},
 		},
 	}
 	for _, c := range cases {
 		got := parseScopes(c.in)
 		if !reflect.DeepEqual(got, c.out) {
 			t.Errorf("expected=%v, got=%v", c.out, got)
 		}
 	}
 }
 func errEquiv(got, want error) bool {
 	if got == want {
 		return true
 	}
 	if got != nil && want != nil {
 		return strings.Contains(got.Error(), want.Error())
 	}
 	return false
 }
 func TestCmdTokenSource(t *testing.T) {
 	execCommand = fakeExec
 	fakeExpiry := time.Date(2016, 10, 31, 22, 31, 9, 123000000, time.UTC)
 	customFmt := "2006-01-02 15:04:05.999999999"
 	tests := []struct {
 		name             string
 		gcpConfig        map[string]string
 		tok              *oauth2.Token
 		newErr, tokenErr error
 	}{
 		{
 			"default",
 			map[string]string{
 				"cmd-path": "/default/no/args",
 			},
 			&oauth2.Token{
 				AccessToken: "faketoken",
 				TokenType:   "Bearer",
 				Expiry:      fakeExpiry,
 			},
 			nil,
 			nil,
 		},
 		{
 			"default legacy args",
 			map[string]string{
 				"cmd-path": "/default/legacy/args arg1 arg2 arg3",
 			},
 			&oauth2.Token{
 				AccessToken: "faketoken",
 				TokenType:   "Bearer",
 				Expiry:      fakeExpiry,
 			},
 			nil,
 			nil,
 		},
 		{
 			"custom keys",
 			map[string]string{
 				"cmd-path":   "/space in path/customkeys",
 				"cmd-args":   "can haz auth",
 				"token-key":  "{.token}",
 				"expiry-key": "{.token_expiry.datetime}",
 				"time-fmt":   customFmt,
 			},
 			&oauth2.Token{
 				AccessToken: "faketoken",
 				TokenType:   "Bearer",
 				Expiry:      fakeExpiry,
 			},
 			nil,
 			nil,
 		},
 		{
 			"missing cmd",
 			map[string]string{
 				"cmd-path": "",
 			},
 			nil,
 			fmt.Errorf("missing access token cmd"),
 			nil,
 		},
 		{
 			"missing token-key",
 			map[string]string{
 				"cmd-path":  "missing/tokenkey/noargs",
 				"token-key": "{.token}",
 			},
 			nil,
 			nil,
 			fmt.Errorf("error parsing token-key %q", "{.token}"),
 		},
 		{
 			"missing expiry-key",
 			map[string]string{
 				"cmd-path":   "missing/expirykey/legacyargs split on whitespace",
 				"expiry-key": "{.expiry}",
 			},
 			nil,
 			nil,
 			fmt.Errorf("error parsing expiry-key %q", "{.expiry}"),
 		},
 		{
 			"invalid expiry timestamp",
 			map[string]string{
 				"cmd-path": "invalid expiry/timestamp",
 				"cmd-args": "foo --bar --baz=abc,def",
 			},
 			&oauth2.Token{
 				AccessToken: "faketoken",
 				TokenType:   "Bearer",
 				Expiry:      time.Time{},
 			},
 			nil,
 			nil,
 		},
 		{
 			"bad JSON",
 			map[string]string{
 				"cmd-path": "badjson",
 			},
 			nil,
 			nil,
 			fmt.Errorf("invalid character '-' after object key:value pair"),
 		},
 	}
 	for _, tc := range tests {
 		provider, err := newGCPAuthProvider("", tc.gcpConfig, nil /* persister */)
 		if !errEquiv(err, tc.newErr) {
 			t.Errorf("%q newGCPAuthProvider error: got %v, want %v", tc.name, err, tc.newErr)
 			continue
 		}
 		if err != nil {
 			continue
 		}
 		ts := provider.(*gcpAuthProvider).tokenSource.(*cachedTokenSource).source.(*commandTokenSource)
 		wantCmd = append([]string{ts.cmd}, ts.args...)
 		tok, err := ts.Token()
 		if !errEquiv(err, tc.tokenErr) {
 			t.Errorf("%q Token() error: got %v, want %v", tc.name, err, tc.tokenErr)
 		}
 		if !reflect.DeepEqual(tok, tc.tok) {
 			t.Errorf("%q Token() got %v, want %v", tc.name, tok, tc.tok)
 		}
 	}
 }
 type fakePersister struct {
 	lk    sync.Mutex
 	cache map[string]string
 }
 func (f *fakePersister) Persist(cache map[string]string) error {
 	f.lk.Lock()
 	defer f.lk.Unlock()
 	f.cache = map[string]string{}
 	for k, v := range cache {
 		f.cache[k] = v
 	}
 	return nil
 }
 func (f *fakePersister) read() map[string]string {
 	ret := map[string]string{}
 	f.lk.Lock()
 	defer f.lk.Unlock()
 	for k, v := range f.cache {
 		ret[k] = v
 	}
 	return ret
 }
 type fakeTokenSource struct {
 	token *oauth2.Token
 	err   error
 }
 func (f *fakeTokenSource) Token() (*oauth2.Token, error) {
 	return f.token, f.err
 }
 func TestCachedTokenSource(t *testing.T) {
 	tok := &oauth2.Token{AccessToken: "fakeaccesstoken"}
 	persister := &fakePersister{}
 	source := &fakeTokenSource{
 		token: tok,
 		err:   nil,
 	}
 	cache := map[string]string{
 		"foo": "bar",
 		"baz": "bazinga",
 	}
 	ts, err := newCachedTokenSource("fakeaccesstoken", "", persister, source, cache)
 	if err != nil {
 		t.Fatal(err)
 	}
 	var wg sync.WaitGroup
 	wg.Add(10)
 	for i := 0; i < 10; i++ {
 		go func() {
 			_, err := ts.Token()
 			if err != nil {
 				t.Errorf("unexpected error: %s", err)
 			}
 			wg.Done()
 		}()
 	}
 	wg.Wait()
 	cache["access-token"] = "fakeaccesstoken"
 	cache["expiry"] = tok.Expiry.Format(time.RFC3339Nano)
 	if got := persister.read(); !reflect.DeepEqual(got, cache) {
 		t.Errorf("got cache %v, want %v", got, cache)
 	}
 }
 type MockTransport struct {
 	res *http.Response
 }
 func (t *MockTransport) RoundTrip(req *http.Request) (*http.Response, error) {
 	return t.res, nil
 }
 func Test_cmdTokenSource_roundTrip(t *testing.T) {
 	accessToken := "fakeToken"
 	fakeExpiry := time.Now().Add(time.Hour)
 	fakeExpiryStr := fakeExpiry.Format(time.RFC3339Nano)
 	fs := &fakeTokenSource{
 		token: &oauth2.Token{
 			AccessToken: accessToken,
 			Expiry:      fakeExpiry,
 		},
 	}
 	cmdCache := map[string]string{
 		"cmd-path": "/path/to/tokensource/cmd",
 		"cmd-args": "--output=json",
 	}
 	cmdCacheUpdated := map[string]string{
 		"cmd-path":     "/path/to/tokensource/cmd",
 		"cmd-args":     "--output=json",
 		"access-token": accessToken,
 		"expiry":       fakeExpiryStr,
 	}
 	simpleCacheUpdated := map[string]string{
 		"access-token": accessToken,
 		"expiry":       fakeExpiryStr,
 	}
 	tests := []struct {
 		name                     string
 		res                      http.Response
 		baseCache, expectedCache map[string]string
 	}{
 		{
 			"Unauthorized",
 			http.Response{StatusCode: http.StatusUnauthorized},
 			make(map[string]string),
 			make(map[string]string),
 		},
 		{
 			"Unauthorized, nonempty defaultCache",
 			http.Response{StatusCode: http.StatusUnauthorized},
 			cmdCache,
 			cmdCache,
 		},
 		{
 			"Authorized",
 			http.Response{StatusCode: http.StatusOK},
 			make(map[string]string),
 			simpleCacheUpdated,
 		},
 		{
 			"Authorized, nonempty defaultCache",
 			http.Response{StatusCode: http.StatusOK},
 			cmdCache,
 			cmdCacheUpdated,
 		},
 	}
 	persister := &fakePersister{}
 	req := http.Request{Header: http.Header{}}
 	for _, tc := range tests {
 		cts, err := newCachedTokenSource(accessToken, fakeExpiry.String(), persister, fs, tc.baseCache)
 		if err != nil {
 			t.Fatalf("unexpected error from newCachedTokenSource: %v", err)
 		}
 		authProvider := gcpAuthProvider{cts, persister}
 		fakeTransport := MockTransport{&tc.res}
 		transport := (authProvider.WrapTransport(&fakeTransport))
 		// call Token to persist/update cache
 		if _, err := cts.Token(); err != nil {
 			t.Fatalf("unexpected error from cachedTokenSource.Token(): %v", err)
 		}
 		transport.RoundTrip(&req)
 		if got := persister.read(); !reflect.DeepEqual(got, tc.expectedCache) {
 			t.Errorf("got cache %v, want %v", got, tc.expectedCache)
 		}
 	}
 }