STAC-21045 Added support to Authorization token schema

extension/ingestionapikeyauthextension/config.go

@@ -18,6 +18,7 @@ type CacheSettings struct {
 type Config struct {
 	Endpoint *EndpointSettings `mapstructure:"endpoint,omitempty"`
 	Cache    *CacheSettings    `mapstructure:"cache,omitempty"`
+	Schema   string            `mapstructure:"schema"`
 }
 
 func (cfg *Config) Validate() error {
@@ -40,5 +41,9 @@ func (cfg *Config) Validate() error {
 	if cfg.Cache.InvalidSize <= 0 {
 		return fmt.Errorf("paramater cache.invalid_size must be a postive value")
 	}
+
+	if len(cfg.Schema) == 0 {
+		return fmt.Errorf("required schema paramater")
+	}
 	return nil
 }

extension/ingestionapikeyauthextension/config_test.go

@@ -39,6 +39,7 @@ func TestLoadConfig(t *testing.T) {
 					ValidTtl:    5 * time.Minute,
 					InvalidSize: 100,
 				},
+				Schema: "StackState",
 			},
 		},
 		{
@@ -52,6 +53,7 @@ func TestLoadConfig(t *testing.T) {
 					ValidTtl:    5 * time.Minute,
 					InvalidSize: 100,
 				},
+				Schema: "StackState",
 			},
 		},
 		{
@@ -65,6 +67,7 @@ func TestLoadConfig(t *testing.T) {
 					ValidTtl:    20 * time.Second,
 					InvalidSize: 30,
 				},
+				Schema: "StackStack2",
 			},
 		},
 	}

extension/ingestionapikeyauthextension/extension.go

@@ -11,6 +11,7 @@ import (
 	"go.opentelemetry.io/collector/extension/auth"
 	"log"
 	"net/http"
+	"regexp"
 	"time"
 )
 
@@ -19,6 +20,8 @@ var (
 	errInternal              = errors.New("internal error")
 	errAuthServerUnavailable = errors.New("auth server unavailable")
 	errForbidden             = errors.New("forbidden")
+
+	tokenRegex = regexp.MustCompile(`(\w+) (.*)$`)
 )
 
 type extensionContext struct {
@@ -63,7 +66,16 @@ func (exCtx *extensionContext) authenticate(ctx context.Context, headers map[str
 		return ctx, errNoAuth
 	}
 
-	err := checkAuthorizationHeaderUseCache(authorizationHeader, exCtx)
+	// checks schema
+	matches := tokenRegex.FindStringSubmatch(authorizationHeader)
+	if len(matches) != 3 {
+		return ctx, errForbidden
+	}
+	if matches[1] != exCtx.config.Schema {
+		return ctx, errForbidden
+	}
+
+	err := checkAuthorizationHeaderUseCache(matches[2], exCtx)
 	if err != nil {
 		return ctx, err
 	}

extension/ingestionapikeyauthextension/extension_test.go

@@ -2,6 +2,7 @@ package ingestionapikeyauthextension
 
 import (
 	"context"
+	"encoding/json"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"go.opentelemetry.io/collector/component/componenttest"
@@ -21,6 +22,7 @@ func TestExtension_NoHeader(t *testing.T) {
 			ValidTtl:    30 * time.Second,
 			InvalidSize: 3,
 		},
+		Schema: "StackState",
 	})
 	require.NoError(t, err)
 	require.NoError(t, ext.Start(context.Background(), componenttest.NewNopHost()))
@@ -38,16 +40,21 @@ func TestExtension_AuthServerUnavailable(t *testing.T) {
 			ValidTtl:    30 * time.Second,
 			InvalidSize: 3,
 		},
+		Schema: "StackState",
 	})
 	require.NoError(t, err)
 	require.NoError(t, ext.Start(context.Background(), componenttest.NewNopHost()))
-	_, err = ext.Authenticate(context.Background(), map[string][]string{"authorization": {"key"}})
+	_, err = ext.Authenticate(context.Background(), map[string][]string{"authorization": {"StackState key"}})
 	assert.Equal(t, errAuthServerUnavailable, err)
 }
 
 func TestExtension_InvalidKey(t *testing.T) {
 	testServer := httptest.NewServer(http.HandlerFunc(func(res http.ResponseWriter, req *http.Request) {
-		res.WriteHeader(403)
+		var payload AuthorizeRequestBody
+		err := json.NewDecoder(req.Body).Decode(&payload)
+		if err == nil && payload.ApiKey == "key" {
+			res.WriteHeader(403)
+		}
 	}))
 
 	ext, err := newServerAuthExtension(&Config{
@@ -59,16 +66,21 @@ func TestExtension_InvalidKey(t *testing.T) {
 			ValidTtl:    30 * time.Second,
 			InvalidSize: 3,
 		},
+		Schema: "StackState",
 	})
 	require.NoError(t, err)
 	require.NoError(t, ext.Start(context.Background(), componenttest.NewNopHost()))
-	_, err = ext.Authenticate(context.Background(), map[string][]string{"authorization": {"key"}})
+	_, err = ext.Authenticate(context.Background(), map[string][]string{"authorization": {"StackState key"}})
 	assert.Equal(t, errForbidden, err)
 }
 
 func TestExtension_Authorized(t *testing.T) {
 	testServer := httptest.NewServer(http.HandlerFunc(func(res http.ResponseWriter, req *http.Request) {
-		res.WriteHeader(204)
+		var payload AuthorizeRequestBody
+		err := json.NewDecoder(req.Body).Decode(&payload)
+		if err == nil && payload.ApiKey == "key" {
+			res.WriteHeader(204)
+		}
 	}))
 
 	ext, err := newServerAuthExtension(&Config{
@@ -80,16 +92,53 @@ func TestExtension_Authorized(t *testing.T) {
 			ValidTtl:    30 * time.Second,
 			InvalidSize: 3,
 		},
+		Schema: "StackState",
 	})
 	require.NoError(t, err)
 	require.NoError(t, ext.Start(context.Background(), componenttest.NewNopHost()))
-	_, err = ext.Authenticate(context.Background(), map[string][]string{"authorization": {"key"}})
+	_, err = ext.Authenticate(context.Background(), map[string][]string{"authorization": {"StackState key"}})
+	require.NoError(t, err)
+}
+
+func TestExtension_WrongSchema(t *testing.T) {
+	testServer := httptest.NewServer(http.HandlerFunc(func(res http.ResponseWriter, req *http.Request) {
+		var payload AuthorizeRequestBody
+		err := json.NewDecoder(req.Body).Decode(&payload)
+		if err == nil && payload.ApiKey == "key" {
+			res.WriteHeader(204)
+		}
+	}))
+
+	ext, err := newServerAuthExtension(&Config{
+		Endpoint: &EndpointSettings{
+			Url: testServer.URL,
+		},
+		Cache: &CacheSettings{
+			ValidSize:   2,
+			ValidTtl:    30 * time.Second,
+			InvalidSize: 3,
+		},
+		Schema: "StackState",
+	})
 	require.NoError(t, err)
+	require.NoError(t, ext.Start(context.Background(), componenttest.NewNopHost()))
+	_, err = ext.Authenticate(context.Background(), map[string][]string{"authorization": {"StackState_wrong key"}})
+	assert.Equal(t, errForbidden, err)
+
+	_, err = ext.Authenticate(context.Background(), map[string][]string{"authorization": {"key"}})
+	assert.Equal(t, errForbidden, err)
+
+	_, err = ext.Authenticate(context.Background(), map[string][]string{"authorization": {"StackState"}})
+	assert.Equal(t, errForbidden, err)
 }
 
 func TestExtension_AuthorizedWithCamelcaseHeader(t *testing.T) {
 	testServer := httptest.NewServer(http.HandlerFunc(func(res http.ResponseWriter, req *http.Request) {
-		res.WriteHeader(204)
+		var payload AuthorizeRequestBody
+		err := json.NewDecoder(req.Body).Decode(&payload)
+		if err == nil && payload.ApiKey == "key" {
+			res.WriteHeader(204)
+		}
 	}))
 
 	ext, err := newServerAuthExtension(&Config{
@@ -101,10 +150,11 @@ func TestExtension_AuthorizedWithCamelcaseHeader(t *testing.T) {
 			ValidTtl:    30 * time.Second,
 			InvalidSize: 3,
 		},
+		Schema: "StackState",
 	})
 	require.NoError(t, err)
 	require.NoError(t, ext.Start(context.Background(), componenttest.NewNopHost()))
-	_, err = ext.Authenticate(context.Background(), map[string][]string{"Authorization": {"key"}})
+	_, err = ext.Authenticate(context.Background(), map[string][]string{"Authorization": {"StackState key"}})
 	require.NoError(t, err)
 }
 
@@ -131,16 +181,17 @@ func TestExtension_ValidKeysShouldBeCached(t *testing.T) {
 			ValidTtl:    30 * time.Second,
 			InvalidSize: 3,
 		},
+		Schema: "StackState",
 	})
 	require.NoError(t, err)
 	require.NoError(t, ext.Start(context.Background(), componenttest.NewNopHost()))
-	_, err = ext.Authenticate(context.Background(), map[string][]string{"Authorization": {"key"}})
+	_, err = ext.Authenticate(context.Background(), map[string][]string{"Authorization": {"StackState key"}})
 	require.NoError(t, err)
 	//it should be loaded from the cache, it is the same cache as in the previous request
-	_, err = ext.Authenticate(context.Background(), map[string][]string{"Authorization": {"key"}})
+	_, err = ext.Authenticate(context.Background(), map[string][]string{"Authorization": {"StackState key"}})
 	require.NoError(t, err)
 	//send one more request, but with a different key, it shouldn't hit the cache
-	_, err = ext.Authenticate(context.Background(), map[string][]string{"authorization": {"key_new"}})
+	_, err = ext.Authenticate(context.Background(), map[string][]string{"authorization": {"StackState key_new"}})
 	assert.Equal(t, errForbidden, err)
 }
 
@@ -167,16 +218,17 @@ func TestExtension_InvalidKeyShouldBeCached(t *testing.T) {
 			ValidTtl:    30 * time.Second,
 			InvalidSize: 1,
 		},
+		Schema: "StackState",
 	})
 	require.NoError(t, err)
 	require.NoError(t, ext.Start(context.Background(), componenttest.NewNopHost()))
 	//server is broken and returns 503, it shouldn't be cached
-	_, err = ext.Authenticate(context.Background(), map[string][]string{"Authorization": {"invalid_key"}})
+	_, err = ext.Authenticate(context.Background(), map[string][]string{"Authorization": {"StackState invalid_key"}})
 	assert.Equal(t, errInternal, err)
 	//The server is fixed so teh response should be cached
-	_, err = ext.Authenticate(context.Background(), map[string][]string{"Authorization": {"invalid_key"}})
+	_, err = ext.Authenticate(context.Background(), map[string][]string{"Authorization": {"StackState invalid_key"}})
 	assert.Equal(t, errForbidden, err)
 	//the previous request is cached so it shouldn't hit the server
-	_, err = ext.Authenticate(context.Background(), map[string][]string{"authorization": {"invalid_key"}})
+	_, err = ext.Authenticate(context.Background(), map[string][]string{"authorization": {"StackState invalid_key"}})
 	assert.Equal(t, errForbidden, err)
 }

extension/ingestionapikeyauthextension/factory.go

@@ -28,6 +28,7 @@ func createDefaultConfig() component.Config {
 			ValidTtl:    5 * time.Minute,
 			InvalidSize: 100,
 		},
+		Schema: "StackState",
 	}
 }
 

extension/ingestionapikeyauthextension/factory_test.go

@@ -17,6 +17,7 @@ func TestCreateDefaultConfig(t *testing.T) {
 			ValidTtl:    5 * time.Minute,
 			InvalidSize: 100,
 		},
+		Schema: "StackState",
 	}
 	actual := createDefaultConfig()
 	assert.Equal(t, expected, createDefaultConfig())
@@ -33,6 +34,7 @@ func TestCreateExtension_ValidConfig(t *testing.T) {
 			ValidTtl:    30,
 			InvalidSize: 3,
 		},
+		Schema: "StackState",
 	}
 
 	ext, err := createExtension(context.Background(), extensiontest.NewNopCreateSettings(), cfg)

extension/ingestionapikeyauthextension/testdata/config.yaml

@@ -22,4 +22,6 @@ ingestion_api_key_auth/valid:
   cache:
     valid_size: 10
     valid_ttl: 20s
-    invalid_size: 30
+    invalid_size: 30
+  schema:
+    StackStack2

go.work.sum

@@ -327,6 +327,7 @@ github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migc
 github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
 github.com/Microsoft/hcsshim v0.11.1 h1:hJ3s7GbWlGK4YVV92sO88BQSyF4ZLVy7/awqOlPxFbA=
 github.com/Microsoft/hcsshim v0.11.1/go.mod h1:nFJmaO4Zr5Y7eADdFOpYswDDlNVbvcIJJNJLECr5JQg=
+github.com/Microsoft/hcsshim v0.11.4 h1:68vKo2VN8DE9AdN4tnkWnmdhqdbpUFM8OF3Airm7fz8=
 github.com/Microsoft/hcsshim v0.11.4/go.mod h1:smjE4dvqPX9Zldna+t5FG3rnoHhaB7QYxPRqGcpAD9w=
 github.com/alecthomas/kingpin/v2 v2.4.0 h1:f48lwail6p8zpO1bC4TxtqACaGqHYA22qkHjHpqDjYY=
 github.com/alecthomas/kingpin/v2 v2.4.0/go.mod h1:0gyi0zQnjuFk8xrkNKamJoyUo382HRL7ATRpFZCw6tE=
@@ -370,24 +371,29 @@ github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa h1:jQCWAUqqlij9Pgj2i/P
 github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa/go.mod h1:x/1Gn8zydmfq8dk6e9PdstVsDgu9RuyIIJqAaF//0IM=
 github.com/containerd/containerd v1.7.7 h1:QOC2K4A42RQpcrZyptP6z9EJZnlHfHJUfZrAAHe15q4=
 github.com/containerd/containerd v1.7.7/go.mod h1:3c4XZv6VeT9qgf9GMTxNTMFxGJrGpI2vz1yk4ye+YY8=
+github.com/containerd/containerd v1.7.12 h1:+KQsnv4VnzyxWcfO9mlxxELaoztsDEjOuCMPAuPqgU0=
 github.com/containerd/containerd v1.7.12/go.mod h1:/5OMpE1p0ylxtEUGY8kuCYkDRzJm9NO1TFMWjUpdevk=
 github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
 github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
 github.com/cpuguy83/dockercfg v0.3.1 h1:/FpZ+JaygUR/lZP2NlFI2DVfrOEMAIKP5wWEJdoYe9E=
 github.com/cpuguy83/dockercfg v0.3.1/go.mod h1:sugsbF4//dDlL/i+S+rtpIWp+5h0BHJHfjj5/jFyUJc=
 github.com/creack/pty v1.1.9 h1:uDmaGzcdjhF4i/plgjmEsriH11Y0o7RKapEf/LDaM3w=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK2OFGvA0=
 github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
 github.com/dmarkham/enumer v1.5.8 h1:fIF11F9l5jyD++YYvxcSH5WgHfeaSGPaN/T4kOQ4qEM=
 github.com/dmarkham/enumer v1.5.8/go.mod h1:d10o8R3t/gROm2p3BXqTkMt2+HMuxEmWCXzorAruYak=
+github.com/dmarkham/enumer v1.5.9 h1:NM/1ma/AUNieHZg74w67GkHFBNB15muOt3sj486QVZk=
 github.com/dmarkham/enumer v1.5.9/go.mod h1:e4VILe2b1nYK3JKJpRmNdl5xbDQvELc6tQ8b+GsGk6E=
 github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8=
 github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/docker v24.0.7+incompatible h1:Wo6l37AuwP3JaMnZa226lzVXGA3F9Ig1seQen0cKYlM=
 github.com/docker/docker v24.0.7+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v25.0.3+incompatible h1:D5fy/lYmY7bvZa0XTZ5/UJPljor41F+vdyJG5luQLfQ=
 github.com/docker/docker v25.0.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
 github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
+github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c=
 github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc=
 github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
 github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
@@ -402,6 +408,7 @@ github.com/envoyproxy/protoc-gen-validate v1.0.2 h1:QkIBuU5k+x7/QXPvPPnWXWlCdaBF
 github.com/envoyproxy/protoc-gen-validate v1.0.2/go.mod h1:GpiZQP3dDbg4JouG/NNS7QWXpgx6x8QiMKdmN72jogE=
 github.com/envoyproxy/protoc-gen-validate v1.0.4 h1:gVPz/FMfvh57HdSJQyvBtF00j8JU4zdyUgIUNhlgg0A=
 github.com/envoyproxy/protoc-gen-validate v1.0.4/go.mod h1:qys6tmnRsYrQqIhm2bvKZH4Blx/1gTIZ2UKVY1M+Yew=
+github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk=
 github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
@@ -542,6 +549,7 @@ github.com/moby/patternmatcher v0.6.0 h1:GmP9lR19aU5GqSSFko+5pRqHi+Ohk1O69aFiKkV
 github.com/moby/patternmatcher v0.6.0/go.mod h1:hDPoyOpDY7OrrMDLaYoY3hf52gNCR/YOUYxkhApJIxc=
 github.com/moby/sys/sequential v0.5.0 h1:OPvI35Lzn9K04PBbCLW0g4LcFAJgHsvXsRyewg5lXtc=
 github.com/moby/sys/sequential v0.5.0/go.mod h1:tH2cOOs5V9MlPiXcQzRC+eEyab644PWKGRYaaV5ZZlo=
+github.com/moby/sys/user v0.1.0 h1:WmZ93f5Ux6het5iituh9x2zAG7NFY9Aqi49jjE1PaQg=
 github.com/moby/sys/user v0.1.0/go.mod h1:fKJhFOnsCN6xZ5gSfbM6zaHGgDJMrqt9/reuj4T7MmU=
 github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0=
 github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y=
@@ -629,6 +637,7 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stvp/go-udp-testing v0.0.0-20201019212854-469649b16807/go.mod h1:7jxmlfBCDBXRzr0eAQJ48XC1hBu1np4CS5+cHEYfwpc=
 github.com/testcontainers/testcontainers-go v0.26.0 h1:uqcYdoOHBy1ca7gKODfBd9uTHVK3a7UL848z09MVZ0c=
 github.com/testcontainers/testcontainers-go v0.26.0/go.mod h1:ICriE9bLX5CLxL9OFQ2N+2N+f+803LNJ1utJb1+Inx0=
+github.com/testcontainers/testcontainers-go v0.28.0 h1:1HLm9qm+J5VikzFDYhOd+Zw12NtOl+8drH2E8nTY1r8=
 github.com/testcontainers/testcontainers-go v0.28.0/go.mod h1:COlDpUXbwW3owtpMkEB1zo9gwb1CoKVKlyrVPejF4AU=
 github.com/tidwall/pretty v1.0.0 h1:HsD+QiTn7sK6flMKIvNmpqz1qrpP3Ps6jOKIKMooyg4=
 github.com/tklauser/go-sysconf v0.3.12 h1:0QaGUFOdQaIVdPgfITYzaTegZvdCjmYO52cSFAEVmqU=
@@ -675,6 +684,7 @@ go.opentelemetry.io/contrib/config v0.3.0 h1:nJxYSB7/8fckSya4EAFyFGxIytMvNlQInXS
 go.opentelemetry.io/contrib/config v0.3.0/go.mod h1:tQW0mY8be9/LGikwZNYno97PleUhF/lMal9xJ1TC2vo=
 go.opentelemetry.io/contrib/config v0.4.0 h1:Xb+ncYOqseLroMuBesGNRgVQolXcXOhMj7EhGwJCdHs=
 go.opentelemetry.io/contrib/config v0.4.0/go.mod h1:drNk2xRqLWW4/amk6Uh1S+sDAJTc7bcEEN1GfJzj418=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0 h1:x8Z78aZx8cOF0+Kkazoc7lwUNMGy0LrzEMxTm4BbTxg=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0/go.mod h1:62CPTSry9QZtOaSsE3tOzhx6LzDhHnXJ6xHeMNNiM6Q=
 go.opentelemetry.io/otel v1.19.0/go.mod h1:i0QyjOq3UPoTzff0PJB2N66fb4S0+rSbSB15/oyH9fY=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.23.0 h1:D/cXD+03/UOphyyT87NX6h+DlU+BnplN6/P6KJwsgGc=
@@ -715,6 +725,7 @@ golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc=
 golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
 golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo=
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
+golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
 golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4 h1:c2HOrn5iMezYjSlGPncknSEr/8x5LELb/ilJbXi9DEA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -752,6 +763,7 @@ golang.org/x/mod v0.11.0 h1:bUO06HqtnRcc/7l71XBe4WcqTZ+3AH1J59zWDDwLKgU=
 golang.org/x/mod v0.11.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc=
 golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.13.0 h1:I/DsJXRlw/8l/0c24sM9yb0T4z9liZTduXvdAWYiysY=
 golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -854,6 +866,7 @@ golang.org/x/term v0.16.0 h1:m+B6fahuftsE9qjo0VWp2FW0mB3MTJvR0BaMQrq0pmE=
 golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY=
 golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U=
 golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
+golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8=
 golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -903,6 +916,7 @@ golang.org/x/tools v0.10.0 h1:tvDr/iQoUqNdohiYm0LmmKcBk+q86lb9EprIUFhHHGg=
 golang.org/x/tools v0.10.0/go.mod h1:UJwyiVBsOA2uwvK/e5OY3GTpDUJriEd+/YlqAwLPmyM=
 golang.org/x/tools v0.13.0 h1:Iey4qkscZuv0VvIt8E0neZjtPVQFSc870HQ448QgEmQ=
 golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
+golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc=
 golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
 golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 h1:H2TDz8ibqkAF6YGhCdN3jS9O0/s90v0rJh3X/OLHEUk=